Trait halo2_gadgets::ecc::EccInstructions
source · [−]pub trait EccInstructions<C: CurveAffine>: Chip<C::Base> + UtilitiesInstructions<C::Base> + Clone + Debug + Eq {
type ScalarVar: Clone + Debug;
type ScalarFixed: Clone + Debug;
type ScalarFixedShort: Clone + Debug;
type Point: From<Self::NonIdentityPoint> + Clone + Debug;
type NonIdentityPoint: Clone + Debug;
type X: Clone + Debug;
type FixedPoints: FixedPoints<C>;
fn constrain_equal(
&self,
layouter: &mut impl Layouter<C::Base>,
a: &Self::Point,
b: &Self::Point
) -> Result<(), Error>;
fn witness_point(
&self,
layouter: &mut impl Layouter<C::Base>,
value: Option<C>
) -> Result<Self::Point, Error>;
fn witness_point_non_id(
&self,
layouter: &mut impl Layouter<C::Base>,
value: Option<C>
) -> Result<Self::NonIdentityPoint, Error>;
fn witness_scalar_var(
&self,
layouter: &mut impl Layouter<C::Base>,
value: Option<C::Scalar>
) -> Result<Self::ScalarVar, Error>;
fn extract_p<Point: Into<Self::Point> + Clone>(point: &Point) -> Self::X;
fn add_incomplete(
&self,
layouter: &mut impl Layouter<C::Base>,
a: &Self::NonIdentityPoint,
b: &Self::NonIdentityPoint
) -> Result<Self::NonIdentityPoint, Error>;
fn add<A: Into<Self::Point> + Clone, B: Into<Self::Point> + Clone>(
&self,
layouter: &mut impl Layouter<C::Base>,
a: &A,
b: &B
) -> Result<Self::Point, Error>;
fn mul(
&self,
layouter: &mut impl Layouter<C::Base>,
scalar: &Self::ScalarVar,
base: &Self::NonIdentityPoint
) -> Result<(Self::Point, Self::ScalarVar), Error>;
fn mul_fixed(
&self,
layouter: &mut impl Layouter<C::Base>,
scalar: Option<C::Scalar>,
base: &<Self::FixedPoints as FixedPoints<C>>::FullScalar
) -> Result<(Self::Point, Self::ScalarFixed), Error>;
fn mul_fixed_short(
&self,
layouter: &mut impl Layouter<C::Base>,
magnitude_sign: (Self::Var, Self::Var),
base: &<Self::FixedPoints as FixedPoints<C>>::ShortScalar
) -> Result<(Self::Point, Self::ScalarFixedShort), Error>;
fn mul_fixed_base_field_elem(
&self,
layouter: &mut impl Layouter<C::Base>,
base_field_elem: Self::Var,
base: &<Self::FixedPoints as FixedPoints<C>>::Base
) -> Result<Self::Point, Error>;
}
Expand description
The set of circuit instructions required to use the ECC gadgets.
Required Associated Types
Variable representing a scalar used in variable-base scalar mul.
This type is treated as a full-width scalar. However, if Self
implements
BaseFitsInScalarInstructions
then this may also be constructed from an element
of the base field.
type ScalarFixed: Clone + Debug
type ScalarFixed: Clone + Debug
Variable representing a full-width element of the elliptic curve’s scalar field, to be used for fixed-base scalar mul.
type ScalarFixedShort: Clone + Debug
type ScalarFixedShort: Clone + Debug
Variable representing a signed short element of the elliptic curve’s scalar field, to be used for fixed-base scalar mul.
A ScalarFixedShort
must be in the range [-(2^64 - 1), 2^64 - 1].
Variable representing an elliptic curve point.
type NonIdentityPoint: Clone + Debug
type NonIdentityPoint: Clone + Debug
Variable representing a non-identity elliptic curve point.
Variable representing the affine short Weierstrass x-coordinate of an elliptic curve point.
type FixedPoints: FixedPoints<C>
type FixedPoints: FixedPoints<C>
Enumeration of the set of fixed bases to be used in scalar mul.
TODO: When associated consts can be used as const generics, introduce
Self::NUM_WINDOWS
, Self::NUM_WINDOWS_BASE_FIELD
, Self::NUM_WINDOWS_SHORT
and use them to differentiate FixedPoints
types.
Required Methods
Constrains point a
to be equal in value to point b
.
Witnesses the given point as a private input to the circuit. This allows the point to be the identity, mapped to (0, 0) in affine coordinates.
fn witness_point_non_id(
&self,
layouter: &mut impl Layouter<C::Base>,
value: Option<C>
) -> Result<Self::NonIdentityPoint, Error>
fn witness_point_non_id(
&self,
layouter: &mut impl Layouter<C::Base>,
value: Option<C>
) -> Result<Self::NonIdentityPoint, Error>
Witnesses the given point as a private input to the circuit. This returns an error if the point is the identity.
Witnesses a full-width scalar to be used in variable-base multiplication.
Extracts the x-coordinate of a point.
fn add_incomplete(
&self,
layouter: &mut impl Layouter<C::Base>,
a: &Self::NonIdentityPoint,
b: &Self::NonIdentityPoint
) -> Result<Self::NonIdentityPoint, Error>
fn add_incomplete(
&self,
layouter: &mut impl Layouter<C::Base>,
a: &Self::NonIdentityPoint,
b: &Self::NonIdentityPoint
) -> Result<Self::NonIdentityPoint, Error>
Performs incomplete point addition, returning a + b
.
This returns an error in exceptional cases.
Performs complete point addition, returning a + b
.
Performs variable-base scalar multiplication, returning [scalar] base
.
fn mul_fixed(
&self,
layouter: &mut impl Layouter<C::Base>,
scalar: Option<C::Scalar>,
base: &<Self::FixedPoints as FixedPoints<C>>::FullScalar
) -> Result<(Self::Point, Self::ScalarFixed), Error>
fn mul_fixed(
&self,
layouter: &mut impl Layouter<C::Base>,
scalar: Option<C::Scalar>,
base: &<Self::FixedPoints as FixedPoints<C>>::FullScalar
) -> Result<(Self::Point, Self::ScalarFixed), Error>
Performs fixed-base scalar multiplication using a full-width scalar, returning [scalar] base
.
fn mul_fixed_short(
&self,
layouter: &mut impl Layouter<C::Base>,
magnitude_sign: (Self::Var, Self::Var),
base: &<Self::FixedPoints as FixedPoints<C>>::ShortScalar
) -> Result<(Self::Point, Self::ScalarFixedShort), Error>
fn mul_fixed_short(
&self,
layouter: &mut impl Layouter<C::Base>,
magnitude_sign: (Self::Var, Self::Var),
base: &<Self::FixedPoints as FixedPoints<C>>::ShortScalar
) -> Result<(Self::Point, Self::ScalarFixedShort), Error>
Performs fixed-base scalar multiplication using a short signed scalar, returning
[magnitude * sign] base
.
fn mul_fixed_base_field_elem(
&self,
layouter: &mut impl Layouter<C::Base>,
base_field_elem: Self::Var,
base: &<Self::FixedPoints as FixedPoints<C>>::Base
) -> Result<Self::Point, Error>
fn mul_fixed_base_field_elem(
&self,
layouter: &mut impl Layouter<C::Base>,
base_field_elem: Self::Var,
base: &<Self::FixedPoints as FixedPoints<C>>::Base
) -> Result<Self::Point, Error>
Performs fixed-base scalar multiplication using a base field element as the scalar. In the current implementation, this base field element must be output from another instruction.