Trait halo2_gadgets::ecc::EccInstructions

pub trait EccInstructions<C: CurveAffine>: Chip<C::Base> + UtilitiesInstructions<C::Base> + Clone + Debug + Eq {
    type ScalarVar: Clone + Debug;
    type ScalarFixed: Clone + Debug;
    type ScalarFixedShort: Clone + Debug;
    type Point: From<Self::NonIdentityPoint> + Clone + Debug;
    type NonIdentityPoint: Clone + Debug;
    type X: Clone + Debug;
    type FixedPoints: FixedPoints<C>;

    // Required methods
    fn constrain_equal(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        a: &Self::Point,
        b: &Self::Point
    ) -> Result<(), Error>;
    fn witness_point(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        value: Value<C>
    ) -> Result<Self::Point, Error>;
    fn witness_point_non_id(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        value: Value<C>
    ) -> Result<Self::NonIdentityPoint, Error>;
    fn witness_scalar_var(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        value: Value<C::Scalar>
    ) -> Result<Self::ScalarVar, Error>;
    fn witness_scalar_fixed(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        value: Value<C::Scalar>
    ) -> Result<Self::ScalarFixed, Error>;
    fn scalar_fixed_from_signed_short(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        magnitude_sign: (Self::Var, Self::Var)
    ) -> Result<Self::ScalarFixedShort, Error>;
    fn extract_p<Point: Into<Self::Point> + Clone>(point: &Point) -> Self::X;
    fn add_incomplete(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        a: &Self::NonIdentityPoint,
        b: &Self::NonIdentityPoint
    ) -> Result<Self::NonIdentityPoint, Error>;
    fn add<A: Into<Self::Point> + Clone, B: Into<Self::Point> + Clone>(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        a: &A,
        b: &B
    ) -> Result<Self::Point, Error>;
    fn mul(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        scalar: &Self::ScalarVar,
        base: &Self::NonIdentityPoint
    ) -> Result<(Self::Point, Self::ScalarVar), Error>;
    fn mul_fixed(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        scalar: &Self::ScalarFixed,
        base: &<Self::FixedPoints as FixedPoints<C>>::FullScalar
    ) -> Result<(Self::Point, Self::ScalarFixed), Error>;
    fn mul_fixed_short(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        scalar: &Self::ScalarFixedShort,
        base: &<Self::FixedPoints as FixedPoints<C>>::ShortScalar
    ) -> Result<(Self::Point, Self::ScalarFixedShort), Error>;
    fn mul_fixed_base_field_elem(
        &self,
        layouter: &mut impl Layouter<C::Base>,
        base_field_elem: Self::Var,
        base: &<Self::FixedPoints as FixedPoints<C>>::Base
    ) -> Result<Self::Point, Error>;
}

The set of circuit instructions required to use the ECC gadgets.

Required Associated Types

type ScalarVar: Clone + Debug

Variable representing a scalar used in variable-base scalar mul.

This type is treated as a full-width scalar. However, if Self implements BaseFitsInScalarInstructions then this may also be constructed from an element of the base field.

type ScalarFixed: Clone + Debug

Variable representing a full-width element of the elliptic curve’s scalar field, to be used for fixed-base scalar mul.

type ScalarFixedShort: Clone + Debug

Variable representing a signed short element of the elliptic curve’s scalar field, to be used for fixed-base scalar mul.

A ScalarFixedShort must be in the range [-(2^64 - 1), 2^64 - 1].

type Point: From<Self::NonIdentityPoint> + Clone + Debug

Variable representing an elliptic curve point.

type NonIdentityPoint: Clone + Debug

Variable representing a non-identity elliptic curve point.

type X: Clone + Debug

Variable representing the affine short Weierstrass x-coordinate of an elliptic curve point.

type FixedPoints: FixedPoints<C>

Enumeration of the set of fixed bases to be used in scalar mul. TODO: When associated consts can be used as const generics, introduce Self::NUM_WINDOWS, Self::NUM_WINDOWS_BASE_FIELD, Self::NUM_WINDOWS_SHORT and use them to differentiate FixedPoints types.

Required Methods

fn constrain_equal( &self, layouter: &mut impl Layouter<C::Base>, a: &Self::Point, b: &Self::Point ) -> Result<(), Error>

Constrains point a to be equal in value to point b.

fn witness_point( &self, layouter: &mut impl Layouter<C::Base>, value: Value<C> ) -> Result<Self::Point, Error>

Witnesses the given point as a private input to the circuit. This allows the point to be the identity, mapped to (0, 0) in affine coordinates.

fn witness_point_non_id( &self, layouter: &mut impl Layouter<C::Base>, value: Value<C> ) -> Result<Self::NonIdentityPoint, Error>

Witnesses the given point as a private input to the circuit. This returns an error if the point is the identity.

fn witness_scalar_var( &self, layouter: &mut impl Layouter<C::Base>, value: Value<C::Scalar> ) -> Result<Self::ScalarVar, Error>

Witnesses a full-width scalar to be used in variable-base multiplication.

fn witness_scalar_fixed( &self, layouter: &mut impl Layouter<C::Base>, value: Value<C::Scalar> ) -> Result<Self::ScalarFixed, Error>

Witnesses a full-width scalar to be used in fixed-base multiplication.

fn scalar_fixed_from_signed_short( &self, layouter: &mut impl Layouter<C::Base>, magnitude_sign: (Self::Var, Self::Var) ) -> Result<Self::ScalarFixedShort, Error>

Converts a magnitude and sign that exists as variables in the circuit into a signed short scalar to be used in fixed-base scalar multiplication.

fn extract_p<Point: Into<Self::Point> + Clone>(point: &Point) -> Self::X

Extracts the x-coordinate of a point.

fn add_incomplete( &self, layouter: &mut impl Layouter<C::Base>, a: &Self::NonIdentityPoint, b: &Self::NonIdentityPoint ) -> Result<Self::NonIdentityPoint, Error>

Performs incomplete point addition, returning a + b.

This returns an error in exceptional cases.

fn add<A: Into<Self::Point> + Clone, B: Into<Self::Point> + Clone>( &self, layouter: &mut impl Layouter<C::Base>, a: &A, b: &B ) -> Result<Self::Point, Error>

Performs complete point addition, returning a + b.

fn mul( &self, layouter: &mut impl Layouter<C::Base>, scalar: &Self::ScalarVar, base: &Self::NonIdentityPoint ) -> Result<(Self::Point, Self::ScalarVar), Error>

Performs variable-base scalar multiplication, returning [scalar] base.

fn mul_fixed( &self, layouter: &mut impl Layouter<C::Base>, scalar: &Self::ScalarFixed, base: &<Self::FixedPoints as FixedPoints<C>>::FullScalar ) -> Result<(Self::Point, Self::ScalarFixed), Error>

Performs fixed-base scalar multiplication using a full-width scalar, returning [scalar] base.

fn mul_fixed_short( &self, layouter: &mut impl Layouter<C::Base>, scalar: &Self::ScalarFixedShort, base: &<Self::FixedPoints as FixedPoints<C>>::ShortScalar ) -> Result<(Self::Point, Self::ScalarFixedShort), Error>

Performs fixed-base scalar multiplication using a short signed scalar, returning [scalar] base.

fn mul_fixed_base_field_elem( &self, layouter: &mut impl Layouter<C::Base>, base_field_elem: Self::Var, base: &<Self::FixedPoints as FixedPoints<C>>::Base ) -> Result<Self::Point, Error>

Performs fixed-base scalar multiplication using a base field element as the scalar. In the current implementation, this base field element must be output from another instruction.

Implementors

impl<Fixed: FixedPoints<Affine>> EccInstructions<EpAffine> for EccChip<Fixed>where <Fixed as FixedPoints<Affine>>::Base: FixedPoint<Affine, FixedScalarKind = BaseFieldElem>, <Fixed as FixedPoints<Affine>>::FullScalar: FixedPoint<Affine, FixedScalarKind = FullScalar>, <Fixed as FixedPoints<Affine>>::ShortScalar: FixedPoint<Affine, FixedScalarKind = ShortScalar>,

type ScalarFixed = EccScalarFixed

type ScalarFixedShort = EccScalarFixedShort

type ScalarVar = ScalarVar

type Point = EccPoint

type NonIdentityPoint = NonIdentityEccPoint

type X = AssignedCell<Fp, Fp>

type FixedPoints = Fixed