Trait halo2_gadgets::ecc::EccInstructions

source · []
pub trait EccInstructions<C: CurveAffine>: Chip<C::Base> + UtilitiesInstructions<C::Base> + Clone + Debug + Eq {
    type ScalarVar: Clone + Debug;
    type ScalarFixed: Clone + Debug;
    type ScalarFixedShort: Clone + Debug;
    type Point: From<Self::NonIdentityPoint> + Clone + Debug;
    type NonIdentityPoint: Clone + Debug;
    type X: Clone + Debug;
    type FixedPoints: FixedPoints<C>;


Show 13 methods    fn constrain_equal(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        a: &Self::Point, 
        b: &Self::Point
    ) -> Result<(), Error>;
    fn witness_point(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        value: Value<C>
    ) -> Result<Self::Point, Error>;
    fn witness_point_non_id(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        value: Value<C>
    ) -> Result<Self::NonIdentityPoint, Error>;
    fn witness_scalar_var(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        value: Value<C::Scalar>
    ) -> Result<Self::ScalarVar, Error>;
    fn witness_scalar_fixed(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        value: Value<C::Scalar>
    ) -> Result<Self::ScalarFixed, Error>;
    fn scalar_fixed_from_signed_short(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        magnitude_sign: (Self::Var, Self::Var)
    ) -> Result<Self::ScalarFixedShort, Error>;
    fn extract_p<Point: Into<Self::Point> + Clone>(point: &Point) -> Self::X;
    fn add_incomplete(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        a: &Self::NonIdentityPoint, 
        b: &Self::NonIdentityPoint
    ) -> Result<Self::NonIdentityPoint, Error>;
    fn add<A: Into<Self::Point> + Clone, B: Into<Self::Point> + Clone>(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        a: &A, 
        b: &B
    ) -> Result<Self::Point, Error>;
    fn mul(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        scalar: &Self::ScalarVar, 
        base: &Self::NonIdentityPoint
    ) -> Result<(Self::Point, Self::ScalarVar), Error>;
    fn mul_fixed(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        scalar: &Self::ScalarFixed, 
        base: &<Self::FixedPoints as FixedPoints<C>>::FullScalar
    ) -> Result<(Self::Point, Self::ScalarFixed), Error>;
    fn mul_fixed_short(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        scalar: &Self::ScalarFixedShort, 
        base: &<Self::FixedPoints as FixedPoints<C>>::ShortScalar
    ) -> Result<(Self::Point, Self::ScalarFixedShort), Error>;
    fn mul_fixed_base_field_elem(
        &self, 
        layouter: &mut impl Layouter<C::Base>, 
        base_field_elem: Self::Var, 
        base: &<Self::FixedPoints as FixedPoints<C>>::Base
    ) -> Result<Self::Point, Error>;

}
Expand description

The set of circuit instructions required to use the ECC gadgets.

Required Associated Types

Variable representing a scalar used in variable-base scalar mul.

This type is treated as a full-width scalar. However, if Self implements BaseFitsInScalarInstructions then this may also be constructed from an element of the base field.

Variable representing a full-width element of the elliptic curve’s scalar field, to be used for fixed-base scalar mul.

Variable representing a signed short element of the elliptic curve’s scalar field, to be used for fixed-base scalar mul.

A ScalarFixedShort must be in the range [-(2^64 - 1), 2^64 - 1].

Variable representing an elliptic curve point.

Variable representing a non-identity elliptic curve point.

Variable representing the affine short Weierstrass x-coordinate of an elliptic curve point.

Enumeration of the set of fixed bases to be used in scalar mul. TODO: When associated consts can be used as const generics, introduce Self::NUM_WINDOWS, Self::NUM_WINDOWS_BASE_FIELD, Self::NUM_WINDOWS_SHORT and use them to differentiate FixedPoints types.

Required Methods

Constrains point a to be equal in value to point b.

Witnesses the given point as a private input to the circuit. This allows the point to be the identity, mapped to (0, 0) in affine coordinates.

Witnesses the given point as a private input to the circuit. This returns an error if the point is the identity.

Witnesses a full-width scalar to be used in variable-base multiplication.

Witnesses a full-width scalar to be used in fixed-base multiplication.

Converts a magnitude and sign that exists as variables in the circuit into a signed short scalar to be used in fixed-base scalar multiplication.

Extracts the x-coordinate of a point.

Performs incomplete point addition, returning a + b.

This returns an error in exceptional cases.

Performs complete point addition, returning a + b.

Performs variable-base scalar multiplication, returning [scalar] base.

Performs fixed-base scalar multiplication using a full-width scalar, returning [scalar] base.

Performs fixed-base scalar multiplication using a short signed scalar, returning [scalar] base.

Performs fixed-base scalar multiplication using a base field element as the scalar. In the current implementation, this base field element must be output from another instruction.

Implementors