Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
translator_non_native_field_short_relation_impl.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8#include "barretenberg/relations/translator_vm/translator_non_native_field_short_relation.hpp"
9#include "barretenberg/translator_vm/translator_circuit_builder.hpp"
10
11namespace bb {
77template <typename FF>
78template <typename ContainerOverSubrelations, typename AllEntities, typename Parameters>
79void TranslatorNonNativeFieldShortRelationImpl<FF>::accumulate(ContainerOverSubrelations& accumulators,
80 const AllEntities& in,
81 const Parameters& params,
82 const FF& scaling_factor)
83{
84
85 using Accumulator = std::tuple_element_t<0, ContainerOverSubrelations>;
86 using View = TranslatorShortMonomialView<Accumulator>;
87
88 static constexpr size_t NUM_LIMB_BITS = 68;
89 static const FF shift = FF(uint256_t(1) << NUM_LIMB_BITS);
90 static const FF shiftx2 = FF(uint256_t(1) << (NUM_LIMB_BITS * 2));
91 static const FF shiftx3 = FF(uint256_t(1) << (NUM_LIMB_BITS * 3));
92 static const std::array<FF, 5> NEGATIVE_MODULUS_LIMBS =
93 TranslatorCircuitBuilder::compute_negative_modulus_limbs<FF>();
94
95 // Limbs of evaluation challenge x
96 const auto& evaluation_input_x_0 = params.evaluation_input_x[0];
97 const auto& evaluation_input_x_1 = params.evaluation_input_x[1];
98 const auto& evaluation_input_x_2 = params.evaluation_input_x[2];
99 const auto& evaluation_input_x_3 = params.evaluation_input_x[3];
100 const auto& evaluation_input_x_4 = params.evaluation_input_x[4];
101
102 // Limbs of batching challenge v
103 const auto& v_0 = params.batching_challenge_v[0][0];
104 const auto& v_1 = params.batching_challenge_v[0][1];
105 const auto& v_2 = params.batching_challenge_v[0][2];
106 const auto& v_3 = params.batching_challenge_v[0][3];
107 const auto& v_4 = params.batching_challenge_v[0][4];
108
109 // Limbs of batching challenge v²
110 const auto& v_sqr_0 = params.batching_challenge_v[1][0];
111 const auto& v_sqr_1 = params.batching_challenge_v[1][1];
112 const auto& v_sqr_2 = params.batching_challenge_v[1][2];
113 const auto& v_sqr_3 = params.batching_challenge_v[1][3];
114 const auto& v_sqr_4 = params.batching_challenge_v[1][4];
115
116 // Limbs of batching challenge v³
117 const auto& v_cube_0 = params.batching_challenge_v[2][0];
118 const auto& v_cube_1 = params.batching_challenge_v[2][1];
119 const auto& v_cube_2 = params.batching_challenge_v[2][2];
120 const auto& v_cube_3 = params.batching_challenge_v[2][3];
121 const auto& v_cube_4 = params.batching_challenge_v[2][4];
122
123 // Limbs of batching challenge v⁴
124 const auto& v_quad_0 = params.batching_challenge_v[3][0];
125 const auto& v_quad_1 = params.batching_challenge_v[3][1];
126 const auto& v_quad_2 = params.batching_challenge_v[3][2];
127 const auto& v_quad_3 = params.batching_challenge_v[3][3];
128 const auto& v_quad_4 = params.batching_challenge_v[3][4];
129
130 // Fetch witness values
131 // Pₓ = (Pₓ,₃ || Pₓ,₂ || Pₓ,₁ || Pₓ,₀)
132 // Pᵧ = (Pᵧ,₃ || Pᵧ,₂ || Pᵧ,₁ || Pᵧ,₀)
133 // z₁ = (z₁,₁ || z₁,₀)
134 // z₂ = (z₂,₁ || z₂,₀)
135 // Q = (q₃ || q₂ || q₁ || q₀)
136 const auto& op = View(in.op);
137 const auto& p_x_limb_0 = View(in.p_x_low_limbs);
138 const auto& p_y_limb_0 = View(in.p_y_low_limbs);
139 const auto& p_x_limb_2 = View(in.p_x_high_limbs);
140 const auto& p_y_limb_2 = View(in.p_y_high_limbs);
141 const auto& accumulators_binary_limbs_0 = View(in.accumulators_binary_limbs_0);
142 const auto& accumulators_binary_limbs_1 = View(in.accumulators_binary_limbs_1);
143 const auto& accumulators_binary_limbs_2 = View(in.accumulators_binary_limbs_2);
144 const auto& accumulators_binary_limbs_3 = View(in.accumulators_binary_limbs_3);
145 const auto& z_first_limb_0 = View(in.z_low_limbs);
146 const auto& z_first_limb_1 = View(in.z_high_limbs);
147 const auto& quotient_binary_limbs_0 = View(in.quotient_low_binary_limbs);
148 const auto& quotient_binary_limbs_1 = View(in.quotient_low_binary_limbs_shift);
149 const auto& p_x_limb_1 = View(in.p_x_low_limbs_shift);
150 const auto& p_y_limb_1 = View(in.p_y_low_limbs_shift);
151 const auto& p_x_limb_3 = View(in.p_x_high_limbs_shift);
152 const auto& p_y_limb_3 = View(in.p_y_high_limbs_shift);
153 const auto& prev_accumulators_binary_limbs_0 = View(in.accumulators_binary_limbs_0_shift);
154 const auto& prev_accumulators_binary_limbs_1 = View(in.accumulators_binary_limbs_1_shift);
155 const auto& prev_accumulators_binary_limbs_2 = View(in.accumulators_binary_limbs_2_shift);
156 const auto& prev_accumulators_binary_limbs_3 = View(in.accumulators_binary_limbs_3_shift);
157 const auto& z_second_limb_0 = View(in.z_low_limbs_shift);
158 const auto& z_second_limb_1 = View(in.z_high_limbs_shift);
159 const auto& quotient_binary_limbs_2 = View(in.quotient_high_binary_limbs);
160 const auto& quotient_binary_limbs_3 = View(in.quotient_high_binary_limbs_shift);
161 const auto& relation_wide_limbs_lo = View(in.relation_wide_limbs);
162 const auto& relation_wide_limbs_hi = View(in.relation_wide_limbs_shift);
163 const auto& lagrange_even_in_minicircuit = View(in.lagrange_even_in_minicircuit);
164 const auto even_op_selector_scaled = Accumulator(lagrange_even_in_minicircuit * (op * scaling_factor));
165
174 // clang-format off
175 // T₀: Limb 0 contribution (all products contributing at weight 2⁰)
176 auto tmp = prev_accumulators_binary_limbs_0 * evaluation_input_x_0
177 + op
178 + p_x_limb_0 * v_0
179 + p_y_limb_0 * v_sqr_0
180 + z_first_limb_0 * v_cube_0
181 + z_second_limb_0 * v_quad_0
182 + quotient_binary_limbs_0 * NEGATIVE_MODULUS_LIMBS[0]
183 - accumulators_binary_limbs_0;
184
185 // T₁: Limb 1 contribution (all cross-products contributing at weight 2⁶⁸)
186 tmp += (prev_accumulators_binary_limbs_1 * evaluation_input_x_0
187 + prev_accumulators_binary_limbs_0 * evaluation_input_x_1
188 + p_x_limb_0 * v_1
189 + p_x_limb_1 * v_0
190 + p_y_limb_0 * v_sqr_1
191 + p_y_limb_1 * v_sqr_0
192 + z_first_limb_0 * v_cube_1
193 + z_first_limb_1 * v_cube_0
194 + z_second_limb_0 * v_quad_1
195 + z_second_limb_1 * v_quad_0
196 + quotient_binary_limbs_0 * NEGATIVE_MODULUS_LIMBS[1]
197 + quotient_binary_limbs_1 * NEGATIVE_MODULUS_LIMBS[0]
198 - accumulators_binary_limbs_1)
199 * shift ;
200 // clang-format on
201 // Subtract 2¹³⁶·c_lo: if the result is zero, lower 136 bits are correct
202 tmp -= relation_wide_limbs_lo * shiftx2;
203 std::get<0>(accumulators) += Accumulator(tmp) * even_op_selector_scaled;
204
214 // clang-format off
215 // T₂: Limb 2 contribution (with carry from lower 136 bits)
216 tmp = relation_wide_limbs_lo
217 + prev_accumulators_binary_limbs_2 * evaluation_input_x_0
218 + prev_accumulators_binary_limbs_1 * evaluation_input_x_1
219 + prev_accumulators_binary_limbs_0 * evaluation_input_x_2
220 + p_x_limb_2 * v_0
221 + p_x_limb_1 * v_1
222 + p_x_limb_0 * v_2
223 + p_y_limb_2 * v_sqr_0
224 + p_y_limb_1 * v_sqr_1
225 + p_y_limb_0 * v_sqr_2
226 + z_first_limb_1 * v_cube_1
227 + z_first_limb_0 * v_cube_2
228 + z_second_limb_1 * v_quad_1
229 + z_second_limb_0 * v_quad_2
230 + quotient_binary_limbs_2 * NEGATIVE_MODULUS_LIMBS[0]
231 + quotient_binary_limbs_1 * NEGATIVE_MODULUS_LIMBS[1]
232 + quotient_binary_limbs_0 * NEGATIVE_MODULUS_LIMBS[2]
233 - accumulators_binary_limbs_2;
234
235 // T₃: Limb 3 contribution (all cross-products contributing at weight 2²⁰⁴)
236 tmp += (prev_accumulators_binary_limbs_3 * evaluation_input_x_0
237 + prev_accumulators_binary_limbs_2 * evaluation_input_x_1
238 + prev_accumulators_binary_limbs_1 * evaluation_input_x_2
239 + prev_accumulators_binary_limbs_0 * evaluation_input_x_3
240 + p_x_limb_3 * v_0
241 + p_x_limb_2 * v_1
242 + p_x_limb_1 * v_2
243 + p_x_limb_0 * v_3
244 + p_y_limb_3 * v_sqr_0
245 + p_y_limb_2 * v_sqr_1
246 + p_y_limb_1 * v_sqr_2
247 + p_y_limb_0 * v_sqr_3
248 + z_first_limb_1 * v_cube_2
249 + z_first_limb_0 * v_cube_3
250 + z_second_limb_1 * v_quad_2
251 + z_second_limb_0 * v_quad_3
252 + quotient_binary_limbs_3 * NEGATIVE_MODULUS_LIMBS[0]
253 + quotient_binary_limbs_2 * NEGATIVE_MODULUS_LIMBS[1]
254 + quotient_binary_limbs_1 * NEGATIVE_MODULUS_LIMBS[2]
255 + quotient_binary_limbs_0 * NEGATIVE_MODULUS_LIMBS[3]
256 - accumulators_binary_limbs_3)
257 * shift;
258 // clang-format on
259 // Subtract 2¹³⁶·c_hi: if the result is zero, higher 136 bits are correct
260 tmp -= relation_wide_limbs_hi * shiftx2;
261 std::get<1>(accumulators) += Accumulator(tmp) * even_op_selector_scaled;
262
263 // Helper functions to reconstruct field elements from limbs
264 const auto reconstruct_from_two = [](const auto& l0, const auto& l1) { return l0 + l1 * shift; };
265
266 const auto reconstruct_from_four = [](const auto& l0, const auto& l1, const auto& l2, const auto& l3) {
267 return l0 + l1 * shift + l2 * shiftx2 + l3 * shiftx3;
268 };
269
270 // Reconstruct native 𝔽ᵣ representations from binary limbs
271 auto reconstructed_p_x = reconstruct_from_four(p_x_limb_0, p_x_limb_1, p_x_limb_2, p_x_limb_3);
272 auto reconstructed_p_y = reconstruct_from_four(p_y_limb_0, p_y_limb_1, p_y_limb_2, p_y_limb_3);
273 auto reconstructed_previous_accumulator = reconstruct_from_four(prev_accumulators_binary_limbs_0,
274 prev_accumulators_binary_limbs_1,
275 prev_accumulators_binary_limbs_2,
276 prev_accumulators_binary_limbs_3);
277 auto reconstructed_current_accumulator = reconstruct_from_four(accumulators_binary_limbs_0,
278 accumulators_binary_limbs_1,
279 accumulators_binary_limbs_2,
280 accumulators_binary_limbs_3);
281 auto reconstructed_z1 = reconstruct_from_two(z_first_limb_0, z_first_limb_1);
282 auto reconstructed_z2 = reconstruct_from_two(z_second_limb_0, z_second_limb_1);
283 auto reconstructed_quotient = reconstruct_from_four(
284 quotient_binary_limbs_0, quotient_binary_limbs_1, quotient_binary_limbs_2, quotient_binary_limbs_3);
285
294 // clang-format off
295 // Compute accumulation formula using native 𝔽ᵣ arithmetic (limb index 4)
296 tmp = reconstructed_previous_accumulator * evaluation_input_x_4
297 + op
298 + reconstructed_p_x * v_4
299 + reconstructed_p_y * v_sqr_4
300 + reconstructed_z1 * v_cube_4
301 + reconstructed_z2 * v_quad_4
302 + reconstructed_quotient * NEGATIVE_MODULUS_LIMBS[4]
303 - reconstructed_current_accumulator;
304 // clang-format on
305 std::get<2>(accumulators) += Accumulator(tmp) * even_op_selector_scaled;
306};
307} // namespace bb
FF
bb::field< bb::Bn254FrParams > FF
Definition field.cpp:24
bb::TranslatorNonNativeFieldShortRelationImpl::accumulate
static void accumulate(ContainerOverSubrelations &accumulators, const AllEntities &in, const Parameters &params, const FF &scaling_factor)
Expression for the computation of Translator accumulator in integers through 68-bit limbs and native ...
Definition translator_non_native_field_short_relation_impl.hpp:79
bb::numeric::uint256_t
Definition uint256.hpp:32
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::TranslatorShortMonomialView
typename Accumulator::CoefficientAccumulator TranslatorShortMonomialView
Definition translator_short_monomial_relation_utils.hpp:11
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
translator_circuit_builder.hpp
translator_non_native_field_short_relation.hpp