Barretenberg: src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Planned, auditors: [Sergei], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once

// This header hosts TWO implementations behind one facade:

//   * `bb::scalar_multiplication::legacy::*`  — the pre-rewrite Pippenger MSM, bodies

//     byte-identical to merge-train (only wrapped in the `legacy` sub-namespace).

//   * the round-parallel rewrite in scalar_multiplication_fast.hpp (`*_fast`, `MSM_fast`).

// The public facade (`pippenger`, `pippenger_unsafe`, `MSM`) at the bottom dispatches to

// the rewrite by default, or to `legacy::` when `use_legacy_msm()` (env BB_MSM_LEGACY).

// Remove the legacy half + the facade dispatch once the rewrite has soaked.

#include "./scalar_multiplication_fast.hpp"

#include "barretenberg/ecc/groups/precomputed_generators_bn254_impl.hpp"

#include "barretenberg/ecc/groups/precomputed_generators_grumpkin_impl.hpp"


#include "barretenberg/ecc/curves/bn254/bn254.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/polynomials/polynomial.hpp"


#include "./bitvector.hpp"

#include "./process_buckets.hpp"

namespace bb::scalar_multiplication::legacy {


template <typename Curve> class MSM {

  public:

    using Element = typename Curve::Element;

    using ScalarField = typename Curve::ScalarField;

    using BaseField = typename Curve::BaseField;

    using AffineElement = typename Curve::AffineElement;


    static constexpr size_t NUM_BITS_IN_FIELD = ScalarField::modulus.get_msb() + 1;


    // ======================= Algorithm Tuning Constants =======================

    //

    // These constants control the behavior of the Pippenger MSM algorithm.

    // They are empirically tuned for performance on typical hardware.


    // Below this threshold, use naive scalar multiplication instead of Pippenger

    static constexpr size_t PIPPENGER_THRESHOLD = 16;


    // Below this threshold, the affine batch inversion trick is not beneficial

    // (cost of inversions exceeds savings from cheaper affine additions)

    static constexpr size_t AFFINE_TRICK_THRESHOLD = 128;


    // Maximum bits per scalar slice (2^20 = 1M buckets, far beyond practical use)

    static constexpr size_t MAX_SLICE_BITS = 20;

    static_assert(MAX_SLICE_BITS < 64,

                  "get_scalar_slice uses 1ULL << lo_slice_bits where lo_slice_bits <= MAX_SLICE_BITS - 1; "

                  "shifting uint64_t by >= 64 is UB.");


    // Number of points to look ahead for memory prefetching

    static constexpr size_t PREFETCH_LOOKAHEAD = 32;


    // Prefetch every N iterations (must be power of 2); mask is N-1 for efficient modulo

    static constexpr size_t PREFETCH_INTERVAL = 16;

    static constexpr size_t PREFETCH_INTERVAL_MASK = PREFETCH_INTERVAL - 1;


    // ======================= Cost Model Constants =======================

    //

    // These constants define the relative costs of various operations,

    // used to decide between algorithm variants.


    // Cost of bucket accumulation relative to a single point addition

    // (2 Jacobian adds per bucket, each ~2.5x cost of affine add)

    static constexpr size_t BUCKET_ACCUMULATION_COST = 5;


    // Field multiplications saved per group operation when using affine trick

    static constexpr size_t AFFINE_TRICK_SAVINGS_PER_OP = 5;


    // Extra cost of Jacobian group operation when Z coordinate != 1

    static constexpr size_t JACOBIAN_Z_NOT_ONE_PENALTY = 5;


    // Cost of computing 4-bit lookup table for modular exponentiation (14 muls)

    static constexpr size_t INVERSION_TABLE_COST = 14;

    // ===========================================================================


    // Offset generator used in bucket reduction to probabilistically avoid incomplete-addition

    // edge cases in the accumulator. Derived from domain-separated precomputed generators.


    static const AffineElement& get_offset_generator() noexcept

    {

        static const AffineElement offset_generator = []() {

            if constexpr (std::same_as<typename Curve::Group, bb::g1>) {

                return get_precomputed_generators<typename Curve::Group, "ECCVM_OFFSET_GENERATOR", 1>()[0];

            } else {

                return get_precomputed_generators<typename Curve::Group, "DEFAULT_DOMAIN_SEPARATOR", 8>()[0];

            }

        }();

        return offset_generator;

    }


    struct MSMWorkUnit {

        size_t batch_msm_index = 0;

        size_t start_index = 0;

        size_t size = 0;

    };


    using ThreadWorkUnits = std::vector<MSMWorkUnit>;


    struct MSMData {

        std::span<const ScalarField> scalars;     // Scalars (non-Montgomery form)

        std::span<const AffineElement> points;    // Input points

        std::span<const uint32_t> scalar_indices; // Indices of nonzero scalars

        std::span<uint64_t> point_schedule;       // Scratch space for point scheduling


        static MSMData from_work_unit(std::span<std::span<ScalarField>> all_scalars,

                                      std::span<std::span<const AffineElement>> all_points,

                                      const std::vector<std::vector<uint32_t>>& all_indices,

                                      std::span<uint64_t> point_schedule_buffer,

                                      const MSMWorkUnit& work_unit) noexcept

        {

            const auto& indices = all_indices[work_unit.batch_msm_index];

            // Avoid indexing into an empty vector when all scalars are zero (work_unit.size == 0)

            std::span<const uint32_t> scalar_indices =

                work_unit.size > 0 ? std::span<const uint32_t>{ &indices[work_unit.start_index], work_unit.size }

                                   : std::span<const uint32_t>{};

            return MSMData{

                .scalars = all_scalars[work_unit.batch_msm_index],

                .points = all_points[work_unit.batch_msm_index],

                .scalar_indices = scalar_indices,

                .point_schedule = point_schedule_buffer,

            };

        }


    };


    struct BucketAccumulators {

        std::vector<AffineElement> buckets;

        BitVector bucket_exists;


        BucketAccumulators(size_t num_buckets) noexcept

            : buckets(num_buckets)

            , bucket_exists(num_buckets)

        {}


    };


    struct JacobianBucketAccumulators {

        std::vector<Element> buckets;

        BitVector bucket_exists;


        JacobianBucketAccumulators(size_t num_buckets) noexcept

            : buckets(num_buckets)

            , bucket_exists(num_buckets)

        {}


    };


    struct AffineAdditionData {

        static constexpr size_t BATCH_SIZE = 2048;

        // when adding affine points, we have an edge case where the number of points in the batch can overflow by 2

        static constexpr size_t BATCH_OVERFLOW_SIZE = 2;

        std::vector<AffineElement> points_to_add;

        std::vector<BaseField> inversion_scratch_space; // Used for Montgomery batch inversion denominators

        std::vector<uint32_t> addition_result_bucket_destinations;

        AffineElement null_location{}; // Dummy write target for branchless conditional moves


        AffineAdditionData() noexcept

            : points_to_add(BATCH_SIZE + BATCH_OVERFLOW_SIZE)

            , inversion_scratch_space(BATCH_SIZE + BATCH_OVERFLOW_SIZE)

            , addition_result_bucket_destinations(((BATCH_SIZE + BATCH_OVERFLOW_SIZE) / 2))

        {}


    };


    struct PointScheduleEntry {

        uint64_t data;


        [[nodiscard]] static constexpr PointScheduleEntry create(uint32_t point_index, uint32_t bucket_index) noexcept

        {

            return { (static_cast<uint64_t>(point_index) << 32) | bucket_index };

        }


        [[nodiscard]] constexpr uint32_t point_index() const noexcept { return static_cast<uint32_t>(data >> 32); }

        [[nodiscard]] constexpr uint32_t bucket_index() const noexcept { return static_cast<uint32_t>(data); }

    };


    // ======================= Public Methods =======================

    // See README.md for algorithm details and mathematical derivations.


    static AffineElement msm(std::span<const AffineElement> points,

                             PolynomialSpan<const ScalarField> scalars,

                             bool handle_edge_cases = false) noexcept;


    static std::vector<AffineElement> batch_multi_scalar_mul(std::span<std::span<const AffineElement>> points,

                                                             std::span<std::span<ScalarField>> scalars,

                                                             bool handle_edge_cases = true) noexcept;


    // ======================= Test-Visible Methods =======================

    // Exposed for unit testing; not part of the public API.


    static uint32_t get_num_rounds(size_t num_points) noexcept

    {

        const uint32_t bits_per_slice = get_optimal_log_num_buckets(num_points);

        return static_cast<uint32_t>((NUM_BITS_IN_FIELD + bits_per_slice - 1) / bits_per_slice);

    }


    static void add_affine_points(AffineElement* points,

                                  const size_t num_points,

                                  typename Curve::BaseField* scratch_space) noexcept;


    static uint32_t get_scalar_slice(const ScalarField& scalar, size_t round, size_t slice_size) noexcept;


    static uint32_t get_optimal_log_num_buckets(size_t num_points) noexcept;


    static std::vector<ThreadWorkUnits> partition_by_weight(std::span<const std::vector<uint16_t>> msm_scalar_weights,

                                                            size_t num_threads) noexcept;


    static void batch_accumulate_points_into_buckets(std::span<const uint64_t> point_schedule,

                                                     std::span<const AffineElement> points,

                                                     AffineAdditionData& affine_data,

                                                     BucketAccumulators& bucket_data) noexcept;


    template <typename BucketType> static Element accumulate_buckets(BucketType& bucket_accumulators) noexcept

    {

        auto& buckets = bucket_accumulators.buckets;

        BB_ASSERT_DEBUG(buckets.size() > static_cast<size_t>(0));

        int starting_index = static_cast<int>(buckets.size() - 1);

        Element running_sum;

        bool found_start = false;

        while (!found_start && starting_index > 0) {

            const size_t idx = static_cast<size_t>(starting_index);

            if (bucket_accumulators.bucket_exists.get(idx)) {


                running_sum = buckets[idx];

                found_start = true;

            } else {

                starting_index -= 1;

            }

        }

        if (!found_start) {

            return Curve::Group::point_at_infinity;

        }

        BB_ASSERT_DEBUG(starting_index > 0);

        const auto& offset_generator = get_offset_generator();

        Element sum = running_sum + offset_generator;

        for (int i = starting_index - 1; i > 0; --i) {

            size_t idx = static_cast<size_t>(i);

            BB_ASSERT_DEBUG(idx < bucket_accumulators.bucket_exists.size());

            if (bucket_accumulators.bucket_exists.get(idx)) {

                running_sum += buckets[idx];

            }

            sum += running_sum;

        }

        return sum - offset_generator;

    }


  private:

    // ======================= Private Implementation =======================


    static void transform_scalar_and_get_nonzero_scalar_indices(std::span<ScalarField> scalars,

                                                                std::vector<uint32_t>& nonzero_scalar_indices) noexcept;


    static void compute_scalar_slice_weights(std::span<const ScalarField> scalars,

                                             std::span<const uint32_t> nonzero_indices,

                                             uint32_t bits_per_slice,

                                             std::vector<uint16_t>& weights) noexcept;


    static std::vector<ThreadWorkUnits> get_work_units(std::span<std::span<ScalarField>> scalars,

                                                       std::vector<std::vector<uint32_t>>& msm_scalar_indices) noexcept;


    static bool use_affine_trick(size_t num_points, size_t num_buckets) noexcept;


    static Element jacobian_pippenger_with_transformed_scalars(MSMData& msm_data) noexcept;


    static Element affine_pippenger_with_transformed_scalars(MSMData& msm_data) noexcept;


    // Helpers for batch_accumulate_points_into_buckets. Inlined for performance.


    // Process single point: if bucket has accumulator, pair them for addition; else cache in bucket.

    __attribute__((always_inline)) static void process_single_point(size_t bucket,

                                                                    const AffineElement* point_source,

                                                                    AffineAdditionData& affine_data,

                                                                    BucketAccumulators& bucket_data,

                                                                    size_t& scratch_it,

                                                                    size_t& point_it) noexcept

    {

        bool has_accumulator = bucket_data.bucket_exists.get(bucket);


        if (has_accumulator) {

            affine_data.points_to_add[scratch_it] = *point_source;

            affine_data.points_to_add[scratch_it + 1] = bucket_data.buckets[bucket];

            bucket_data.bucket_exists.set(bucket, false);

            affine_data.addition_result_bucket_destinations[scratch_it >> 1] = static_cast<uint32_t>(bucket);

            scratch_it += 2;

        } else {


            bucket_data.buckets[bucket] = *point_source;

            bucket_data.bucket_exists.set(bucket, true);

        }

        point_it += 1;

    }


    // Branchless bucket pair processing. Updates point_it (by 2 if same bucket, else 1) and scratch_it.

    // See README.md "batch_accumulate_points_into_buckets Algorithm" for case analysis.

    __attribute__((always_inline)) static void process_bucket_pair(size_t lhs_bucket,

                                                                   size_t rhs_bucket,

                                                                   const AffineElement* lhs_source,

                                                                   const AffineElement* rhs_source_if_match,

                                                                   AffineAdditionData& affine_data,

                                                                   BucketAccumulators& bucket_data,

                                                                   size_t& scratch_it,

                                                                   size_t& point_it) noexcept

    {

        bool has_bucket_accumulator = bucket_data.bucket_exists.get(lhs_bucket);

        bool buckets_match = lhs_bucket == rhs_bucket;

        bool do_affine_add = buckets_match || has_bucket_accumulator;


        const AffineElement* rhs_source = buckets_match ? rhs_source_if_match : &bucket_data.buckets[lhs_bucket];


        AffineElement* lhs_destination =

            do_affine_add ? &affine_data.points_to_add[scratch_it] : &bucket_data.buckets[lhs_bucket];

        AffineElement* rhs_destination =

            do_affine_add ? &affine_data.points_to_add[scratch_it + 1] : &affine_data.null_location;


        uint32_t& dest_bucket = affine_data.addition_result_bucket_destinations[scratch_it >> 1];

        dest_bucket = do_affine_add ? static_cast<uint32_t>(lhs_bucket) : dest_bucket;


        *lhs_destination = *lhs_source;

        *rhs_destination = *rhs_source;


        bucket_data.bucket_exists.set(lhs_bucket, (has_bucket_accumulator && buckets_match) || !do_affine_add);

        scratch_it += do_affine_add ? 2 : 0;

        point_it += (do_affine_add && buckets_match) ? 2 : 1;

    }

};


template <typename Curve>

typename Curve::Element pippenger(PolynomialSpan<const typename Curve::ScalarField> scalars,

                                  std::span<const typename Curve::AffineElement> points,

                                  bool handle_edge_cases = true) noexcept;


template <typename Curve>

typename Curve::Element pippenger_unsafe(PolynomialSpan<const typename Curve::ScalarField> scalars,

                                         std::span<const typename Curve::AffineElement> points) noexcept;


extern template class MSM<curve::Grumpkin>;

extern template class MSM<curve::BN254>;


} // namespace bb::scalar_multiplication::legacy


// ===================================================================================

// Public MSM facade — the surface every caller uses. Dispatches to the `_fast` rewrite

// by default, or `legacy::` when use_legacy_msm() (env BB_MSM_LEGACY, read once).

// Signatures match the rewrite; the legacy branch adapts (legacy has no dedup pre-pass,

// and its batch entry takes per-MSM point spans).

// ===================================================================================

namespace bb::scalar_multiplication {


[[nodiscard]] bool use_legacy_msm() noexcept;


template <typename Curve>

typename Curve::Element pippenger(PolynomialSpan<const typename Curve::ScalarField> scalars,

                                  std::span<const typename Curve::AffineElement> points,

                                  bool handle_edge_cases = true,

                                  bool dedup_hint = false) noexcept;


template <typename Curve>

typename Curve::Element pippenger_unsafe(PolynomialSpan<const typename Curve::ScalarField> scalars,

                                         std::span<const typename Curve::AffineElement> points,

                                         bool dedup_hint = false) noexcept;


extern template curve::BN254::Element pippenger<curve::BN254>(PolynomialSpan<const curve::BN254::ScalarField> scalars,

                                                              std::span<const curve::BN254::AffineElement> points,

                                                              bool handle_edge_cases,

                                                              bool dedup_hint) noexcept;

extern template curve::Grumpkin::Element pippenger<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars,

    std::span<const curve::Grumpkin::AffineElement> points,

    bool handle_edge_cases,

    bool dedup_hint) noexcept;

extern template curve::BN254::Element pippenger_unsafe<curve::BN254>(

    PolynomialSpan<const curve::BN254::ScalarField> scalars,

    std::span<const curve::BN254::AffineElement> points,

    bool dedup_hint) noexcept;

extern template curve::Grumpkin::Element pippenger_unsafe<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars,

    std::span<const curve::Grumpkin::AffineElement> points,

    bool dedup_hint) noexcept;


template <typename Curve> class MSM {

  public:

    using Element = typename Curve::Element;

    using ScalarField = typename Curve::ScalarField;

    using AffineElement = typename Curve::AffineElement;


    static AffineElement msm(std::span<const AffineElement> points,

                             PolynomialSpan<const ScalarField> scalars,

                             bool handle_edge_cases = false,

                             bool dedup_hint = false) noexcept;


    static std::vector<AffineElement> batch_multi_scalar_mul(std::span<const AffineElement> points,

                                                             std::span<PolynomialSpan<ScalarField>> scalars,

                                                             bool handle_edge_cases = true,

                                                             std::span<const uint8_t> dedup_hints = {}) noexcept;

};


extern template class MSM<curve::BN254>;

extern template class MSM<curve::Grumpkin>;


} // namespace bb::scalar_multiplication

BB_ASSERT_DEBUG
#define BB_ASSERT_DEBUG(expression,...)
Definition assert.hpp:55

bitvector.hpp

BitVector
Custom class to handle packed vectors of bits.
Definition bitvector.hpp:23

bb::curve::BN254::Element
typename Group::element Element
Definition bn254.hpp:21

bb::curve::Grumpkin
Definition grumpkin.hpp:58

bb::curve::Grumpkin::Element
typename Group::element Element
Definition grumpkin.hpp:63

bb::curve::Grumpkin::Group
typename grumpkin::g1 Group
Definition grumpkin.hpp:62

bb::curve::Grumpkin::BaseField
bb::fr BaseField
Definition grumpkin.hpp:61

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:64

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:60

bb::scalar_multiplication::MSM
Definition scalar_multiplication.hpp:446

bb::scalar_multiplication::MSM::Element
typename Curve::Element Element
Definition scalar_multiplication.hpp:448

bb::scalar_multiplication::MSM::ScalarField
typename Curve::ScalarField ScalarField
Definition scalar_multiplication.hpp:449

bb::scalar_multiplication::MSM::AffineElement
typename Curve::AffineElement AffineElement
Definition scalar_multiplication.hpp:450

bb::scalar_multiplication::legacy::MSM
Definition scalar_multiplication.hpp:27

bb::scalar_multiplication::legacy::MSM::get_offset_generator
static const AffineElement & get_offset_generator() noexcept
Definition scalar_multiplication.hpp:82

bb::scalar_multiplication::legacy::MSM::BUCKET_ACCUMULATION_COST
static constexpr size_t BUCKET_ACCUMULATION_COST
Definition scalar_multiplication.hpp:68

bb::scalar_multiplication::legacy::MSM::dest_bucket
uint32_t & dest_bucket
Definition scalar_multiplication.hpp:379

bb::scalar_multiplication::legacy::MSM::transform_scalar_and_get_nonzero_scalar_indices
static void transform_scalar_and_get_nonzero_scalar_indices(std::span< ScalarField > scalars, std::vector< uint32_t > &nonzero_scalar_indices) noexcept
Convert scalars from Montgomery form and collect indices of nonzero scalars.
Definition scalar_multiplication.cpp:42

bb::scalar_multiplication::legacy::MSM::point_it
point_it
Definition scalar_multiplication.hpp:354

bb::scalar_multiplication::legacy::MSM::ThreadWorkUnits
std::vector< MSMWorkUnit > ThreadWorkUnits
Definition scalar_multiplication.hpp:107

bb::scalar_multiplication::legacy::MSM::INVERSION_TABLE_COST
static constexpr size_t INVERSION_TABLE_COST
Definition scalar_multiplication.hpp:77

bb::scalar_multiplication::legacy::MSM::__attribute__
__attribute__((always_inline)) static void process_single_point(size_t bucket

bb::scalar_multiplication::legacy::MSM::rhs_source_if_match
size_t const AffineElement const AffineElement * rhs_source_if_match
Definition scalar_multiplication.hpp:362

bb::scalar_multiplication::legacy::MSM::bucket_data
const AffineElement AffineAdditionData BucketAccumulators & bucket_data
Definition scalar_multiplication.hpp:339

bb::scalar_multiplication::legacy::MSM::rhs_bucket
size_t rhs_bucket
Definition scalar_multiplication.hpp:360

bb::scalar_multiplication::legacy::MSM::jacobian_pippenger_with_transformed_scalars
static Element jacobian_pippenger_with_transformed_scalars(MSMData &msm_data) noexcept
Pippenger using Jacobian buckets (handles edge cases: doubling, infinity)
Definition scalar_multiplication.cpp:312

bb::scalar_multiplication::legacy::MSM::AffineElement
typename Curve::AffineElement AffineElement
Definition scalar_multiplication.hpp:32

bb::scalar_multiplication::legacy::MSM::get_num_rounds
static uint32_t get_num_rounds(size_t num_points) noexcept
Definition scalar_multiplication.hpp:234

bb::scalar_multiplication::legacy::MSM::compute_scalar_slice_weights
static void compute_scalar_slice_weights(std::span< const ScalarField > scalars, std::span< const uint32_t > nonzero_indices, uint32_t bits_per_slice, std::vector< uint16_t > &weights) noexcept
Compute per-scalar slice-count weights ceil(bit_length / bits_per_slice).
Definition scalar_multiplication.cpp:89

bb::scalar_multiplication::legacy::MSM::JACOBIAN_Z_NOT_ONE_PENALTY
static constexpr size_t JACOBIAN_Z_NOT_ONE_PENALTY
Definition scalar_multiplication.hpp:74

bb::scalar_multiplication::legacy::MSM::PREFETCH_INTERVAL
static constexpr size_t PREFETCH_INTERVAL
Definition scalar_multiplication.hpp:58

bb::scalar_multiplication::legacy::MSM::rhs_source
const AffineElement * rhs_source
Definition scalar_multiplication.hpp:372

bb::scalar_multiplication::legacy::MSM::partition_by_weight
static std::vector< ThreadWorkUnits > partition_by_weight(std::span< const std::vector< uint16_t > > msm_scalar_weights, size_t num_threads) noexcept
Partition per-MSM scalar weights into num_threads work units of approximately equal cumulative weight...
Definition scalar_multiplication.cpp:121

bb::scalar_multiplication::legacy::MSM::do_affine_add
bool do_affine_add
Definition scalar_multiplication.hpp:370

bb::scalar_multiplication::legacy::MSM::get_optimal_log_num_buckets
static uint32_t get_optimal_log_num_buckets(size_t num_points) noexcept
Compute optimal bits per slice by minimizing cost over c in [1, MAX_SLICE_BITS)
Definition scalar_multiplication.cpp:253

bb::scalar_multiplication::legacy::MSM::PREFETCH_LOOKAHEAD
static constexpr size_t PREFETCH_LOOKAHEAD
Definition scalar_multiplication.hpp:55

bb::scalar_multiplication::legacy::MSM::AFFINE_TRICK_SAVINGS_PER_OP
static constexpr size_t AFFINE_TRICK_SAVINGS_PER_OP
Definition scalar_multiplication.hpp:71

bb::scalar_multiplication::legacy::MSM::add_affine_points
static void add_affine_points(AffineElement *points, const size_t num_points, typename Curve::BaseField *scratch_space) noexcept
Batch add n/2 independent point pairs using Montgomery's trick.
Definition scalar_multiplication.cpp:298

bb::scalar_multiplication::legacy::MSM::BaseField
typename Curve::BaseField BaseField
Definition scalar_multiplication.hpp:31

bb::scalar_multiplication::legacy::MSM::batch_multi_scalar_mul
static std::vector< AffineElement > batch_multi_scalar_mul(std::span< std::span< const AffineElement > > points, std::span< std::span< ScalarField > > scalars, bool handle_edge_cases=true) noexcept
Compute multiple MSMs in parallel with work balancing.
Definition scalar_multiplication.cpp:497

bb::scalar_multiplication::legacy::MSM::ScalarField
typename Curve::ScalarField ScalarField
Definition scalar_multiplication.hpp:30

bb::scalar_multiplication::legacy::MSM::msm
static AffineElement msm(std::span< const AffineElement > points, PolynomialSpan< const ScalarField > scalars, bool handle_edge_cases=false) noexcept
Main entry point for single MSM computation.
Definition scalar_multiplication.cpp:576

bb::scalar_multiplication::legacy::MSM::AFFINE_TRICK_THRESHOLD
static constexpr size_t AFFINE_TRICK_THRESHOLD
Definition scalar_multiplication.hpp:46

bb::scalar_multiplication::legacy::MSM::lhs_destination
AffineElement * lhs_destination
Definition scalar_multiplication.hpp:374

bb::scalar_multiplication::legacy::MSM::get_work_units
static std::vector< ThreadWorkUnits > get_work_units(std::span< std::span< ScalarField > > scalars, std::vector< std::vector< uint32_t > > &msm_scalar_indices) noexcept
Distribute multiple MSMs across threads with balanced bucket-accumulation work.
Definition scalar_multiplication.cpp:172

bb::scalar_multiplication::legacy::MSM::__attribute__
__attribute__((always_inline)) static void process_bucket_pair(size_t lhs_bucket

bb::scalar_multiplication::legacy::MSM::buckets_match
bool buckets_match
Definition scalar_multiplication.hpp:369

bb::scalar_multiplication::legacy::MSM::use_affine_trick
static bool use_affine_trick(size_t num_points, size_t num_buckets) noexcept
Decide if batch inversion saves work vs Jacobian additions.
Definition scalar_multiplication.cpp:274

bb::scalar_multiplication::legacy::MSM::affine_data
const AffineElement AffineAdditionData & affine_data
Definition scalar_multiplication.hpp:338

bb::scalar_multiplication::legacy::MSM::Element
typename Curve::Element Element
Definition scalar_multiplication.hpp:29

bb::scalar_multiplication::legacy::MSM::scratch_it
const AffineElement AffineAdditionData BucketAccumulators size_t & scratch_it
Definition scalar_multiplication.hpp:340

bb::scalar_multiplication::legacy::MSM::NUM_BITS_IN_FIELD
static constexpr size_t NUM_BITS_IN_FIELD
Definition scalar_multiplication.hpp:34

bb::scalar_multiplication::legacy::MSM::lhs_source
size_t const AffineElement * lhs_source
Definition scalar_multiplication.hpp:361

bb::scalar_multiplication::legacy::MSM::MAX_SLICE_BITS
static constexpr size_t MAX_SLICE_BITS
Definition scalar_multiplication.hpp:49

bb::scalar_multiplication::legacy::MSM::affine_pippenger_with_transformed_scalars
static Element affine_pippenger_with_transformed_scalars(MSMData &msm_data) noexcept
Pippenger using affine buckets with batch inversion (faster, no edge case handling)
Definition scalar_multiplication.cpp:352

bb::scalar_multiplication::legacy::MSM::rhs_destination
AffineElement * rhs_destination
Definition scalar_multiplication.hpp:376

bb::scalar_multiplication::legacy::MSM::get_scalar_slice
static uint32_t get_scalar_slice(const ScalarField &scalar, size_t round, size_t slice_size) noexcept
Extract c-bit slice from scalar for bucket index computation.
Definition scalar_multiplication.cpp:227

bb::scalar_multiplication::legacy::MSM::point_source
const AffineElement * point_source
Definition scalar_multiplication.hpp:337

bb::scalar_multiplication::legacy::MSM::PIPPENGER_THRESHOLD
static constexpr size_t PIPPENGER_THRESHOLD
Definition scalar_multiplication.hpp:42

bb::scalar_multiplication::legacy::MSM::accumulate_buckets
static Element accumulate_buckets(BucketType &bucket_accumulators) noexcept
Reduce buckets to single point using running (suffix) sum from high to low: R = sum(k * B_k)
Definition scalar_multiplication.hpp:266

bb::scalar_multiplication::legacy::MSM::PREFETCH_INTERVAL_MASK
static constexpr size_t PREFETCH_INTERVAL_MASK
Definition scalar_multiplication.hpp:59

bb::scalar_multiplication::legacy::MSM::noexcept
const AffineElement AffineAdditionData BucketAccumulators size_t size_t &point_it noexcept
Definition scalar_multiplication.hpp:342

bb::scalar_multiplication::legacy::MSM::batch_accumulate_points_into_buckets
static void batch_accumulate_points_into_buckets(std::span< const uint64_t > point_schedule, std::span< const AffineElement > points, AffineAdditionData &affine_data, BucketAccumulators &bucket_data) noexcept
Process sorted point schedule into bucket accumulators using batched affine additions.
Definition scalar_multiplication.cpp:407

bn254.hpp

grumpkin.hpp

bb::scalar_multiplication::legacy
Definition scalar_multiplication.cpp:23

bb::scalar_multiplication::legacy::pippenger< curve::BN254 >
template curve::BN254::Element pippenger< curve::BN254 >(PolynomialSpan< const curve::BN254::ScalarField > scalars, std::span< const curve::BN254::AffineElement > points, bool handle_edge_cases=true)

bb::scalar_multiplication::legacy::pippenger_unsafe
Curve::Element pippenger_unsafe(PolynomialSpan< const typename Curve::ScalarField > scalars, std::span< const typename Curve::AffineElement > points) noexcept
Fast MSM wrapper for linearly independent points (no edge case handling)
Definition scalar_multiplication.cpp:609

bb::scalar_multiplication::legacy::pippenger_unsafe< curve::Grumpkin >
template curve::Grumpkin::Element pippenger_unsafe< curve::Grumpkin >(PolynomialSpan< const curve::Grumpkin::ScalarField > scalars, std::span< const curve::Grumpkin::AffineElement > points)

bb::scalar_multiplication::legacy::pippenger
Curve::Element pippenger(PolynomialSpan< const typename Curve::ScalarField > scalars, std::span< const typename Curve::AffineElement > points, bool handle_edge_cases) noexcept
Safe MSM wrapper (defaults to handle_edge_cases=true)
Definition scalar_multiplication.cpp:601

bb::scalar_multiplication::legacy::pippenger< curve::Grumpkin >
template curve::Grumpkin::Element pippenger< curve::Grumpkin >(PolynomialSpan< const curve::Grumpkin::ScalarField > scalars, std::span< const curve::Grumpkin::AffineElement > points, bool handle_edge_cases=true) noexcept

bb::scalar_multiplication::legacy::pippenger_unsafe< curve::BN254 >
template curve::BN254::Element pippenger_unsafe< curve::BN254 >(PolynomialSpan< const curve::BN254::ScalarField > scalars, std::span< const curve::BN254::AffineElement > points)

bb::scalar_multiplication::use_legacy_msm
bool use_legacy_msm() noexcept
Definition scalar_multiplication.cpp:640

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::sum
Inner sum(Cont< Inner, Args... > const &in)
Definition container.hpp:70

bb::get_precomputed_generators
constexpr std::span< const typename Group::affine_element > get_precomputed_generators()
Definition precomputed_generators.hpp:51

bb::BN254
@ BN254
Definition types.hpp:10

std
STL namespace.

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomial.hpp

precomputed_generators_bn254_impl.hpp

precomputed_generators_grumpkin_impl.hpp

process_buckets.hpp

scalar_multiplication_fast.hpp

Element
Curve::Element Element
Definition small_msm_matrix.bench.cpp:40

bb::PolynomialSpan
Definition polynomial.hpp:27

bb::field< Bn254FrParams >

bb::scalar_multiplication::legacy::MSM::AffineAdditionData
Scratch space for batched affine point additions (one per thread)
Definition scalar_multiplication.hpp:179

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::inversion_scratch_space
std::vector< BaseField > inversion_scratch_space
Definition scalar_multiplication.hpp:184

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::BATCH_SIZE
static constexpr size_t BATCH_SIZE
Definition scalar_multiplication.hpp:180

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::points_to_add
std::vector< AffineElement > points_to_add
Definition scalar_multiplication.hpp:183

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::AffineAdditionData
AffineAdditionData() noexcept
Definition scalar_multiplication.hpp:188

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::null_location
AffineElement null_location
Definition scalar_multiplication.hpp:186

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::addition_result_bucket_destinations
std::vector< uint32_t > addition_result_bucket_destinations
Definition scalar_multiplication.hpp:185

bb::scalar_multiplication::legacy::MSM::AffineAdditionData::BATCH_OVERFLOW_SIZE
static constexpr size_t BATCH_OVERFLOW_SIZE
Definition scalar_multiplication.hpp:182

bb::scalar_multiplication::legacy::MSM::BucketAccumulators
Affine bucket accumulators for the fast affine-trick Pippenger variant.
Definition scalar_multiplication.hpp:150

bb::scalar_multiplication::legacy::MSM::BucketAccumulators::bucket_exists
BitVector bucket_exists
Definition scalar_multiplication.hpp:152

bb::scalar_multiplication::legacy::MSM::BucketAccumulators::BucketAccumulators
BucketAccumulators(size_t num_buckets) noexcept
Definition scalar_multiplication.hpp:154

bb::scalar_multiplication::legacy::MSM::BucketAccumulators::buckets
std::vector< AffineElement > buckets
Definition scalar_multiplication.hpp:151

bb::scalar_multiplication::legacy::MSM::JacobianBucketAccumulators
Jacobian bucket accumulators for the safe Pippenger variant.
Definition scalar_multiplication.hpp:167

bb::scalar_multiplication::legacy::MSM::JacobianBucketAccumulators::bucket_exists
BitVector bucket_exists
Definition scalar_multiplication.hpp:169

bb::scalar_multiplication::legacy::MSM::JacobianBucketAccumulators::buckets
std::vector< Element > buckets
Definition scalar_multiplication.hpp:168

bb::scalar_multiplication::legacy::MSM::JacobianBucketAccumulators::JacobianBucketAccumulators
JacobianBucketAccumulators(size_t num_buckets) noexcept
Definition scalar_multiplication.hpp:171

bb::scalar_multiplication::legacy::MSM::MSMData
Container for MSM input data passed between algorithm stages.
Definition scalar_multiplication.hpp:113

bb::scalar_multiplication::legacy::MSM::MSMData::point_schedule
std::span< uint64_t > point_schedule
Definition scalar_multiplication.hpp:117

bb::scalar_multiplication::legacy::MSM::MSMData::points
std::span< const AffineElement > points
Definition scalar_multiplication.hpp:115

bb::scalar_multiplication::legacy::MSM::MSMData::scalars
std::span< const ScalarField > scalars
Definition scalar_multiplication.hpp:114

bb::scalar_multiplication::legacy::MSM::MSMData::from_work_unit
static MSMData from_work_unit(std::span< std::span< ScalarField > > all_scalars, std::span< std::span< const AffineElement > > all_points, const std::vector< std::vector< uint32_t > > &all_indices, std::span< uint64_t > point_schedule_buffer, const MSMWorkUnit &work_unit) noexcept
Factory method to construct MSMData from a work unit.
Definition scalar_multiplication.hpp:123

bb::scalar_multiplication::legacy::MSM::MSMData::scalar_indices
std::span< const uint32_t > scalar_indices
Definition scalar_multiplication.hpp:116

bb::scalar_multiplication::legacy::MSM::MSMWorkUnit
MSMWorkUnit describes an MSM that may be part of a larger MSM.
Definition scalar_multiplication.hpp:102

bb::scalar_multiplication::legacy::MSM::MSMWorkUnit::start_index
size_t start_index
Definition scalar_multiplication.hpp:104

bb::scalar_multiplication::legacy::MSM::MSMWorkUnit::size
size_t size
Definition scalar_multiplication.hpp:105

bb::scalar_multiplication::legacy::MSM::MSMWorkUnit::batch_msm_index
size_t batch_msm_index
Definition scalar_multiplication.hpp:103

bb::scalar_multiplication::legacy::MSM::PointScheduleEntry
Packed point schedule entry: (point_index << 32) | bucket_index.
Definition scalar_multiplication.hpp:199

bb::scalar_multiplication::legacy::MSM::PointScheduleEntry::point_index
constexpr uint32_t point_index() const noexcept
Definition scalar_multiplication.hpp:206

bb::scalar_multiplication::legacy::MSM::PointScheduleEntry::data
uint64_t data
Definition scalar_multiplication.hpp:200

bb::scalar_multiplication::legacy::MSM::PointScheduleEntry::bucket_index
constexpr uint32_t bucket_index() const noexcept
Definition scalar_multiplication.hpp:207

bb::scalar_multiplication::legacy::MSM::PointScheduleEntry::create
static constexpr PointScheduleEntry create(uint32_t point_index, uint32_t bucket_index) noexcept
Definition scalar_multiplication.hpp:202