Barretenberg: src/barretenberg/ecc/groups/group.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Planned, auditors: [], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "../../common/assert.hpp"

#include "./affine_element.hpp"

#include "./element.hpp"

#include "./wnaf.hpp"

#include "barretenberg/common/constexpr_utils.hpp"

#include "barretenberg/crypto/blake3s/blake3s.hpp"

#include <array>

#include <cinttypes>

#include <cstdint>

#include <cstdio>

#include <cstdlib>


namespace bb {


template <typename Fq_, typename Fr_, typename Params> class group {

  public:

    // Allow using group::Fq and group::Fr

    using Fq = Fq_;

    using Fr = Fr_;

    using element = group_elements::element<Fq, Fr, Params>;

    using affine_element = group_elements::affine_element<Fq, Fr, Params>;

    static constexpr bool USE_ENDOMORPHISM = Params::USE_ENDOMORPHISM;

    static constexpr bool has_a = Params::has_a;


    static constexpr element one{ Params::one_x, Params::one_y, Fq::one() };

    static constexpr element point_at_infinity = one.set_infinity();

    static constexpr affine_element affine_one{ Params::one_x, Params::one_y };

    static constexpr affine_element affine_point_at_infinity = affine_one.set_infinity();

    static constexpr Fq curve_a = Params::a;

    static constexpr Fq curve_b = Params::b;


    inline static std::vector<affine_element> derive_generators(const std::vector<uint8_t>& domain_separator_bytes,

                                                                const size_t num_generators,

                                                                const size_t starting_index = 0)

    {

        // Safety: domain_separator_bytes is indexed via &domain_separator_bytes[0] below.

        // An empty domain separator would be UB and also defeats domain separation.

        BB_ASSERT(!domain_separator_bytes.empty(), "derive_generators: domain_separator_bytes must be non-empty");


        // We serialize the generator index into 4 bytes (uint32_t). Ensure we never silently truncate.

        if (num_generators > 0) {

            BB_ASSERT(starting_index <= static_cast<size_t>(UINT32_MAX),

                      "derive_generators: starting_index exceeds uint32 range");

            BB_ASSERT(num_generators - 1 <= static_cast<size_t>(UINT32_MAX) - starting_index,

                      "derive_generators: starting_index + num_generators exceeds uint32 range");

        }


        std::vector<affine_element> result;

        const auto domain_hash = blake3::blake3s_constexpr(&domain_separator_bytes[0], domain_separator_bytes.size());

        std::vector<uint8_t> generator_preimage;

        generator_preimage.reserve(64);

        std::copy(domain_hash.begin(), domain_hash.end(), std::back_inserter(generator_preimage));

        for (size_t i = 0; i < 32; ++i) {

            generator_preimage.emplace_back(0);

        }

        for (size_t i = starting_index; i < starting_index + num_generators; ++i) {

            auto generator_index = static_cast<uint32_t>(i);

            uint32_t mask = 0xff;

            generator_preimage[32] = static_cast<uint8_t>(generator_index >> 24);

            generator_preimage[33] = static_cast<uint8_t>((generator_index >> 16) & mask);

            generator_preimage[34] = static_cast<uint8_t>((generator_index >> 8) & mask);

            generator_preimage[35] = static_cast<uint8_t>(generator_index & mask);

            result.push_back(affine_element::hash_to_curve(generator_preimage));

        }

        return result;

    }


    inline static std::vector<affine_element> derive_generators(const std::string_view& domain_separator,

                                                                const size_t num_generators,

                                                                const size_t starting_index = 0)

    {

        std::vector<uint8_t> domain_bytes;

        for (char i : domain_separator) {

            domain_bytes.emplace_back(static_cast<unsigned char>(i));

        }

        return derive_generators(domain_bytes, num_generators, starting_index);

    }


    BB_INLINE static void conditional_negate_affine(const affine_element* src,

                                                    affine_element* dest,

                                                    uint64_t predicate);

};


} // namespace bb


#ifdef DISABLE_ASM

#include "group_impl_int128.tcc"

#else

#include "group_impl_asm.tcc"

#endif

affine_element.hpp

BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70

bb::group_elements::affine_element
Definition affine_element.hpp:22

bb::group_elements::affine_element::hash_to_curve
static constexpr affine_element hash_to_curve(const std::vector< uint8_t > &seed, uint8_t attempt_count=0) noexcept
Hash a seed buffer into a point.
Definition affine_element_impl.hpp:237

bb::group_elements::affine_element::set_infinity
constexpr affine_element set_infinity() const noexcept
Definition affine_element_impl.hpp:103

bb::group_elements::element
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic....
Definition element.hpp:33

bb::group_elements::element::set_infinity
BB_INLINE constexpr element set_infinity() const noexcept
Definition element_impl.hpp:504

bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:36

bb::group::one
static constexpr element one
Definition group.hpp:46

bb::group::affine_one
static constexpr affine_element affine_one
Definition group.hpp:48

bb::group::point_at_infinity
static constexpr element point_at_infinity
Definition group.hpp:47

bb::group::Fq
Fq_ Fq
Definition group.hpp:39

bb::group::curve_b
static constexpr Fq curve_b
Definition group.hpp:51

bb::group::Fr
Fr_ Fr
Definition group.hpp:40

bb::group::derive_generators
static std::vector< affine_element > derive_generators(const std::string_view &domain_separator, const size_t num_generators, const size_t starting_index=0)
Definition group.hpp:123

bb::group::USE_ENDOMORPHISM
static constexpr bool USE_ENDOMORPHISM
Definition group.hpp:43

bb::group::curve_a
static constexpr Fq curve_a
Definition group.hpp:50

bb::group::has_a
static constexpr bool has_a
Definition group.hpp:44

bb::group::affine_point_at_infinity
static constexpr affine_element affine_point_at_infinity
Definition group.hpp:49

bb::group::derive_generators
static std::vector< affine_element > derive_generators(const std::vector< uint8_t > &domain_separator_bytes, const size_t num_generators, const size_t starting_index=0)
Derives generator points via hash-to-curve.
Definition group.hpp:87

bb::group::conditional_negate_affine
static BB_INLINE void conditional_negate_affine(const affine_element *src, affine_element *dest, uint64_t predicate)

BB_INLINE
#define BB_INLINE
Definition compiler_hints.hpp:6

constexpr_utils.hpp

blake3s.hpp

element.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

blake3::blake3s_constexpr
constexpr std::array< uint8_t, BLAKE3_OUT_LEN > blake3s_constexpr(const uint8_t *input, size_t input_size)

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bb::field< Bn254FqParams >::one
static constexpr field one()
Definition field_declarations.hpp:244

wnaf.hpp