chore: biggroup audit of lookup and rom tables#16895
Merged
suyash67 merged 26 commits intomerge-train/barretenbergfrom Sep 25, 2025
Merged
chore: biggroup audit of lookup and rom tables#16895suyash67 merged 26 commits intomerge-train/barretenbergfrom
suyash67 merged 26 commits intomerge-train/barretenbergfrom
Conversation
suyash67
added
the
bberg-int-audit
suyash67
commented
Sep 12, 2025
| std::array<uint256_t, 8> limb_max; // tracks the maximum limb size represented in each element_table entry | ||
|
|
||
| // Each coordinate is an Fq element, which has 4 binary basis limbs and 1 prime basis limb | ||
| std::array<twin_rom_table<Builder>, Fq::NUM_LIMBS + 1> coordinates; |
Contributor
Author
There was a problem hiding this comment.
Using Fq::NUM_LIMBS instead of hard-coded constants
suyash67
commented
Sep 12, 2025
| bool use_endomorphism; | ||
| }; | ||
|
|
||
| static std::pair<four_bit_table_plookup, four_bit_table_plookup> create_endo_pair_four_bit_table_plookup( |
Contributor
Author
There was a problem hiding this comment.
Moved the implementation of this function to biggroup_tables.hpp
suyash67
commented
Sep 12, 2025
| * The table KEY is 3 1-bit NAF entries that correspond to scalar multipliers for | ||
| * base points A, B, C | ||
| **/ | ||
| template <size_t length> struct lookup_table_base { |
Contributor
Author
There was a problem hiding this comment.
lookup_table_base struct isn't used anywhere, its probably a remnant from the ultra-standard era.
suyash67
commented
Sep 12, 2025
| * Creates a pair of 5-bit lookup tables, the former corresponding to 5 input points, | ||
| * the latter corresponding to the endomorphism equivalent of the 5 input points (e.g. x -> \beta * x, y -> -y) | ||
| **/ | ||
| static std::pair<lookup_table_plookup<5>, lookup_table_plookup<5>> create_endo_pair_five_lookup_table( |
Contributor
Author
There was a problem hiding this comment.
create_endo_pair_five_lookup_table isn't being used anywhere, so deleted it.
suyash67
commented
Sep 12, 2025
| * Helper class to split a set of points into lookup table subsets | ||
| * | ||
| **/ | ||
| struct batch_lookup_table_base { |
Contributor
Author
There was a problem hiding this comment.
This struct batch_lookup_table_base also isn't being used anywhere. We now have lookup_table_plookup and batch_lookup_table_plookup which help track all ROM lookup tables used in scalar multiplication in biggroup.
suyash67
commented
Sep 12, 2025
| Fq neg_lambda = Fq::msub_div({ x }, { (two_x + x) }, (y + y), { a }); | ||
| Fq x_3 = neg_lambda.sqradd({ -(two_x) }); | ||
| Fq y_3 = neg_lambda.madd(x_3 - x, { -y }); | ||
| // TODO: do we handle the point at infinity case here? |
Contributor
Author
There was a problem hiding this comment.
This TODO will be addressed in upcoming PRs
Contributor
There was a problem hiding this comment.
Maybe it would be good practice for us to use // TODO() for these temporary TODOs that don't quite warrant an issue, just other people know who to talk to if they run into it
suyash67
commented
Sep 12, 2025
| element_table[29] = W5; | ||
| element_table[30] = W6; | ||
| element_table[31] = W7; | ||
| } else if constexpr (length == 7) { |
Contributor
Author
There was a problem hiding this comment.
Case length = 7 is never used, removing it.
suyash67
commented
Sep 12, 2025
| **/ | ||
| template <typename C, class Fq, class Fr, class G> | ||
| template <size_t length> | ||
| element<C, Fq, Fr, G>::lookup_table_base<length>::lookup_table_base(const std::array<element, length>& inputs) |
Contributor
Author
There was a problem hiding this comment.
remvoing lookup_table_base impl.
suyash67
commented
Sep 12, 2025
| ecc_generator_table<G1>::generator_endo_xhi_table[i] = std::make_pair<bb::fr, bb::fr>(endox2, endox3); | ||
| ecc_generator_table<G1>::generator_ylo_table[i] = std::make_pair<bb::fr, bb::fr>(y0, y1); | ||
| ecc_generator_table<G1>::generator_yhi_table[i] = std::make_pair<bb::fr, bb::fr>(y2, y3); | ||
| ecc_generator_table<G1>::generator_xyprime_table[i] = |
Contributor
Author
There was a problem hiding this comment.
Moved generator_xyprime_table and generator_endo_xyprime_table at the top, just to avoid recomputing x * beta (and makes things more cleaner)
suyash67
commented
Sep 12, 2025
| init = true; | ||
| } | ||
|
|
||
| // map 0 to 255 into 0 to 510 in steps of two |
ledwards2225
approved these changes
Sep 15, 2025
Contributor
ledwards2225
left a comment
ledwards2225
left a comment
There was a problem hiding this comment.
LG! couple of small questions/suggestions
barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp
Show resolved
Hide resolved
| size_t remaining_points = num_points - (num_fives * 5 + num_sixes * 6); | ||
|
|
||
| // Allocate one quad table if required (and update remaining points) | ||
| has_quad = (remaining_points >= 4) && (num_points >= 4); |
Contributor
There was a problem hiding this comment.
is (num_points >= 4) needed here? seems like it would be caught by the 1st condition but maybe I'm misinterpreting
| * Helper class to split a set of points into lookup table subsets | ||
| * | ||
| **/ | ||
| struct batch_lookup_table_base { |
| Fq neg_lambda = Fq::msub_div({ x }, { (two_x + x) }, (y + y), { a }); | ||
| Fq x_3 = neg_lambda.sqradd({ -(two_x) }); | ||
| Fq y_3 = neg_lambda.madd(x_3 - x, { -y }); | ||
| // TODO: do we handle the point at infinity case here? |
Contributor
There was a problem hiding this comment.
Maybe it would be good practice for us to use // TODO() for these temporary TODOs that don't quite warrant an issue, just other people know who to talk to if they run into it
| > Note: | ||
| > In the context of biggroup, we need variable-base lookup tables and fixed-base lookup tables. The variable-base lookup tables are used when the base point $P$ is not known at circuit synthesis time and is provided as a circuit witness. In this case, we need to generate the lookup tables on-the-fly based on the input base point $P$. On the other hand, fixed-base lookup tables are used when the base point $P$ is known at circuit synthesis time and can be hardcoded into the circuit (for example group generators). Fixed-base lookup tables are more efficient as they can be precomputed and do not require additional gates to enforce the correctness of the table entries. Variable-base lookup tables are realized using ROM tables (described below) while fixed-base lookup tables are realized using standard lookup tables in the circuit. | ||
|
|
||
| ### ROM Tables in Barretenberg |
Contributor
There was a problem hiding this comment.
This is a nice description - what do you think about moving the non-biggroup specific stuff to a readme on ROM tables?
Contributor
Author
There was a problem hiding this comment.
Right, moved this section to rom tables' README.
github-merge-queue bot
pushed a commit
that referenced
this pull request
Sep 26, 2025
BEGIN_COMMIT_OVERRIDE fix: secp256k1 ecdsa mul - fix handling of point at infinity (#16679) fix: secp256k1 ecdsa mul handling of stagger point additions (#16685) chore: biggroup audit of lookup and rom tables (#16895) fix(bb): oversight that disabled batch commits (#17278) docs(bb): add initial cli reference (#17244) chore!: cycle group #6 (#17174) fix: mac bb publish (#17276) END_COMMIT_OVERRIDE
mralj
pushed a commit
that referenced
this pull request
Oct 13, 2025
### 🧾 Audit Context Cleanup and audit of the lookup tables used in `biggroup` class. This PR does not change any logic, its mainly structural changes, cleanup and documentation. ### 🛠️ Changes Made - Added a README to explain how lookup tables are being used in biggroup, and a brief summary of how ROM tables work in barretenberg circuits. - Removed unused methods/structs like: `lookup_table_base`, `batch_lookup_table_base`, `create_endo_pair_five_lookup_table`. - Function comments + fix clang warnings + avoid hard-coded values. - No change to circuit, so no VK changes expected. ### ✅ Checklist - [x] Audited all methods of the relevant module/class - [x] Audited the interface of the module/class with other (relevant) components - [x] Documented existing functionality and any changes made (as per Doxygen requirements) - [x] Resolved and/or closed all issues/TODOs pertaining to the audited files - [x] Confirmed and documented any security or other issues found (if applicable) - [x] Verified that tests cover all critical paths (and added tests if necessary) - [ ] Updated audit tracking for the files audited (check the start of each file you audited) ### 📌 Notes for Reviewers NA
ludamad
pushed a commit
that referenced
this pull request
Dec 16, 2025
### 🧾 Audit Context Cleanup and audit of the lookup tables used in `biggroup` class. This PR does not change any logic, its mainly structural changes, cleanup and documentation. ### 🛠️ Changes Made - Added a README to explain how lookup tables are being used in biggroup, and a brief summary of how ROM tables work in barretenberg circuits. - Removed unused methods/structs like: `lookup_table_base`, `batch_lookup_table_base`, `create_endo_pair_five_lookup_table`. - Function comments + fix clang warnings + avoid hard-coded values. - No change to circuit, so no VK changes expected. ### ✅ Checklist - [x] Audited all methods of the relevant module/class - [x] Audited the interface of the module/class with other (relevant) components - [x] Documented existing functionality and any changes made (as per Doxygen requirements) - [x] Resolved and/or closed all issues/TODOs pertaining to the audited files - [x] Confirmed and documented any security or other issues found (if applicable) - [x] Verified that tests cover all critical paths (and added tests if necessary) - [ ] Updated audit tracking for the files audited (check the start of each file you audited) ### 📌 Notes for Reviewers NA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🧾 Audit Context
Cleanup and audit of the lookup tables used in
biggroupclass. This PR does not change any logic, its mainly structural changes, cleanup and documentation.🛠️ Changes Made
lookup_table_base,batch_lookup_table_base,create_endo_pair_five_lookup_table.✅ Checklist
📌 Notes for Reviewers
NA