From 1d9491f4cabb431bec02df96115716574fe681c7 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 23 Oct 2025 19:40:08 +0000 Subject: [PATCH 1/8] change coord naming --- .../graph_description_goblin.test.cpp | 8 +- ...cription_ultra_recursive_verifier.test.cpp | 8 +- .../stdlib/encryption/ecdsa/ecdsa_impl.hpp | 22 +- .../stdlib/primitives/biggroup/biggroup.hpp | 115 +++++------ .../primitives/biggroup/biggroup.test.cpp | 90 ++++----- .../primitives/biggroup/biggroup_goblin.hpp | 110 +++++----- .../biggroup/biggroup_goblin.test.cpp | 4 +- .../biggroup/biggroup_goblin_impl.hpp | 12 +- .../primitives/biggroup/biggroup_impl.hpp | 188 +++++++++--------- .../biggroup/biggroup_secp256k1.hpp | 2 +- .../biggroup/biggroup_secp256k1.test.cpp | 12 +- .../primitives/biggroup/biggroup_tables.hpp | 42 ++-- .../primitives/field/field_conversion.hpp | 14 +- .../translator_recursive_verifier.cpp | 8 +- 14 files changed, 323 insertions(+), 312 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp index 29d4c46f16ff..f2f0decb5dfb 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp @@ -99,10 +99,10 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic) ASSERT_TRUE(verified); } auto translator_pairing_points = output.points_accumulator; - translator_pairing_points.P0.x.fix_witness(); - translator_pairing_points.P0.y.fix_witness(); - translator_pairing_points.P1.x.fix_witness(); - translator_pairing_points.P1.y.fix_witness(); + translator_pairing_points.P0._x.fix_witness(); + translator_pairing_points.P0._y.fix_witness(); + translator_pairing_points.P1._x.fix_witness(); + translator_pairing_points.P1._y.fix_witness(); info("Recursive Verifier: num gates = ", builder.num_gates); auto graph = cdg::StaticAnalyzer(builder, false); auto variables_in_one_gate = graph.get_variables_in_one_gate(); diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp index ae3e90a06bb9..c58cfdbbb68c 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp @@ -121,10 +121,10 @@ template class BoomerangRecursiveVerifierTest : publi StdlibProof stdlib_inner_proof(outer_circuit, inner_proof); VerifierOutput output = verifier.template verify_proof>(stdlib_inner_proof); PairingObject pairing_points = output.points_accumulator; - pairing_points.P0.x.fix_witness(); - pairing_points.P0.y.fix_witness(); - pairing_points.P1.x.fix_witness(); - pairing_points.P1.y.fix_witness(); + pairing_points.P0._x.fix_witness(); + pairing_points.P0._y.fix_witness(); + pairing_points.P1._x.fix_witness(); + pairing_points.P1._y.fix_witness(); if constexpr (HasIPAAccumulator) { output.ipa_claim.set_public(); outer_circuit.ipa_proof = output.ipa_proof.get_value(); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index 03b09ee811d3..89489dabab3d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -90,9 +90,9 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed Fr z(hashed_message); // Step 1. - public_key.x.assert_is_in_field( + public_key._x.assert_is_in_field( "ECDSA input validation: the x coordinate of the public key is bigger than the base field modulus."); // x < q - public_key.y.assert_is_in_field( + public_key._y.assert_is_in_field( "ECDSA input validation: the y coordinate of the public key is bigger than the base field modulus."); // y < q // Step 2. @@ -137,21 +137,21 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed bool_t(false), "ECDSA validation: the result of the batch multiplication is the point at infinity."); // Step 8. - // We reduce result.x to 2^s, where s is the smallest s.t. 2^s > q. It is cheap in terms of constraints, and avoids + // We reduce result._x to 2^s, where s is the smallest s.t. 2^s > q. It is cheap in terms of constraints, and avoids // possible edge cases - result.x.self_reduce(); + result._x.self_reduce(); - // Transfer Fq value result.x to Fr (this is just moving from a C++ class to another) - Fr result_x_mod_r = Fr::unsafe_construct_from_limbs(result.x.binary_basis_limbs[0].element, - result.x.binary_basis_limbs[1].element, - result.x.binary_basis_limbs[2].element, - result.x.binary_basis_limbs[3].element); + // Transfer Fq value result._x to Fr (this is just moving from a C++ class to another) + Fr result_x_mod_r = Fr::unsafe_construct_from_limbs(result._x.binary_basis_limbs[0].element, + result._x.binary_basis_limbs[1].element, + result._x.binary_basis_limbs[2].element, + result._x.binary_basis_limbs[3].element); // Copy maximum limb values from Fq to Fr: this is needed by the subtraction happening in the == operator for (size_t idx = 0; idx < 4; idx++) { - result_x_mod_r.binary_basis_limbs[idx].maximum_value = result.x.binary_basis_limbs[idx].maximum_value; + result_x_mod_r.binary_basis_limbs[idx].maximum_value = result._x.binary_basis_limbs[idx].maximum_value; } - // Check result.x = r mod n + // Check result._x = r mod n bool_t is_signature_valid = result_x_mod_r == r; // Logging diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index e1772acdc6e4..24586c725b7e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -65,10 +65,10 @@ template class element { element val(native_val); size_t idx = 0; std::array limb_vals; - for (auto& limb : val.x.binary_basis_limbs) { + for (auto& limb : val._x.binary_basis_limbs) { limb_vals[idx++] = limb.element.get_value(); } - for (auto& limb : val.y.binary_basis_limbs) { + for (auto& limb : val._y.binary_basis_limbs) { limb_vals[idx++] = limb.element.get_value(); } BB_ASSERT_EQ(idx, PUBLIC_INPUTS_SIZE); @@ -82,8 +82,8 @@ template class element { */ uint32_t set_public() const { - const uint32_t start_idx = x.set_public(); - y.set_public(); + const uint32_t start_idx = _x.set_public(); + _y.set_public(); return start_idx; } @@ -117,13 +117,13 @@ template class element { if (input.is_point_at_infinity()) { Fq x = Fq::from_witness(ctx, NativeGroup::affine_one.x); Fq y = Fq::from_witness(ctx, NativeGroup::affine_one.y); - out.x = x; - out.y = y; + out._x = x; + out._y = y; } else { Fq x = Fq::from_witness(ctx, input.x); Fq y = Fq::from_witness(ctx, input.y); - out.x = x; - out.y = y; + out._x = x; + out._y = y; } out.set_point_at_infinity(witness_ct(ctx, input.is_point_at_infinity())); @@ -141,17 +141,20 @@ template class element { bool has_circuit_failed = get_context()->failed(); Fq b(get_context(), uint256_t(NativeGroup::curve_b)); - Fq _b = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), b); - Fq _x = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), x); - Fq _y = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), y); + Fq adjusted_b = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), b); + Fq adjusted_x = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), _x); + Fq adjusted_y = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), _y); if constexpr (!NativeGroup::has_a) { // we validate y^2 = x^3 + b by setting "fix_remainder_zero = true" when calling mult_madd - Fq::mult_madd({ _x.sqr(), _y }, { _x, -_y }, { _b }, true); + Fq::mult_madd({ adjusted_x.sqr(), adjusted_y }, { adjusted_x, -adjusted_y }, { adjusted_b }, true); } else { Fq a(get_context(), uint256_t(NativeGroup::curve_a)); - Fq _a = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), a); + Fq adjusted_a = Fq::conditional_assign(is_point_at_infinity(), Fq::zero(), a); // we validate y^2 = x^3 + ax + b by setting "fix_remainder_zero = true" when calling mult_madd - Fq::mult_madd({ _x.sqr(), _x, _y }, { _x, _a, -_y }, { _b }, true); + Fq::mult_madd({ adjusted_x.sqr(), adjusted_x, adjusted_y }, + { adjusted_x, adjusted_a, -adjusted_y }, + { adjusted_b }, + true); } if ((!has_circuit_failed) && (get_context()->failed())) { @@ -165,8 +168,8 @@ template class element { **/ void convert_constant_to_fixed_witness(Builder* builder) { - this->x.convert_constant_to_fixed_witness(builder); - this->y.convert_constant_to_fixed_witness(builder); + this->_x.convert_constant_to_fixed_witness(builder); + this->_y.convert_constant_to_fixed_witness(builder); // Origin tags should be unset after fixing the witness unset_free_witness_tag(); } @@ -177,8 +180,8 @@ template class element { void fix_witness() { // Origin tags should be updated within - this->x.fix_witness(); - this->y.fix_witness(); + this->_x.fix_witness(); + this->_y.fix_witness(); // This is now effectively a constant unset_free_witness_tag(); @@ -218,8 +221,8 @@ template class element { byte_array to_byte_array() const { byte_array result(get_context()); - result.write(y.to_byte_array()); - result.write(x.to_byte_array()); + result.write(_y.to_byte_array()); + result.write(_x.to_byte_array()); return result; } @@ -231,7 +234,7 @@ template class element { element operator-() const { element result(*this); - result.y = -result.y; + result._y = -result._y; return result; } element operator+=(const element& other) @@ -251,7 +254,7 @@ template class element { element conditional_negate(const bool_ct& predicate) const { element result(*this); - result.y = result.y.conditional_negate(predicate); + result._y = result._y.conditional_negate(predicate); return result; } @@ -277,8 +280,8 @@ template class element { BB_ASSERT_NEQ(ctx, nullptr, "biggroup::conditional_select must have a context"); element result(*this); - result.x = result.x.conditional_select(other.x, predicate); - result.y = result.y.conditional_select(other.y, predicate); + result._x = result._x.conditional_select(other._x, predicate); + result._y = result._y.conditional_select(other._y, predicate); result._is_infinity = bool_ct::conditional_assign(predicate, other.is_point_at_infinity(), result.is_point_at_infinity()); return result; @@ -298,15 +301,15 @@ template class element { const std::string msg = "biggroup::incomplete_assert_equal") const { is_point_at_infinity().assert_equal(other.is_point_at_infinity(), msg + " (infinity flag)"); - x.assert_equal(other.x, msg + " (x coordinate)"); - y.assert_equal(other.y, msg + " (y coordinate)"); + _x.assert_equal(other._x, msg + " (x coordinate)"); + _y.assert_equal(other._y, msg + " (y coordinate)"); } element normalize() const { element result(*this); - result.x.reduce_mod_target_modulus(); - result.y.reduce_mod_target_modulus(); + result._x.reduce_mod_target_modulus(); + result._y.reduce_mod_target_modulus(); return result; } element scalar_mul(const Fr& scalar, const size_t max_num_bits = 0) const; @@ -314,8 +317,8 @@ template class element { element reduce() const { element result(*this); - result.x.self_reduce(); - result.y.self_reduce(); + result._x.self_reduce(); + result._y.self_reduce(); return result; } @@ -334,8 +337,8 @@ template class element { chain_add_accumulator() = default; explicit chain_add_accumulator(const element& input) - : x3_prev(input.x) - , y3_prev(input.y) + : x3_prev(input._x) + , y3_prev(input._y) , is_element(true) {} chain_add_accumulator(const chain_add_accumulator& other) = default; @@ -358,8 +361,8 @@ template class element { typename NativeGroup::affine_element get_value() const { - uint512_t x_val = x.get_value() % Fq::modulus_u512; - uint512_t y_val = y.get_value() % Fq::modulus_u512; + uint512_t x_val = _x.get_value() % Fq::modulus_u512; + uint512_t y_val = _y.get_value() % Fq::modulus_u512; auto result = typename NativeGroup::affine_element(x_val.lo, y_val.lo); if (is_point_at_infinity().get_value()) { result.self_set_infinity(); @@ -388,28 +391,28 @@ template class element { Builder* get_context() const { - if (x.context != nullptr) { - return x.context; + if (_x.context != nullptr) { + return _x.context; } - if (y.context != nullptr) { - return y.context; + if (_y.context != nullptr) { + return _y.context; } return nullptr; } Builder* get_context(const element& other) const { - if (x.context != nullptr) { - return x.context; + if (_x.context != nullptr) { + return _x.context; } - if (y.context != nullptr) { - return y.context; + if (_y.context != nullptr) { + return _y.context; } - if (other.x.context != nullptr) { - return other.x.context; + if (other._x.context != nullptr) { + return other._x.context; } - if (other.y.context != nullptr) { - return other.y.context; + if (other._y.context != nullptr) { + return other._y.context; } return nullptr; } @@ -426,14 +429,14 @@ template class element { void set_origin_tag(OriginTag tag) const { - x.set_origin_tag(tag); - y.set_origin_tag(tag); + _x.set_origin_tag(tag); + _y.set_origin_tag(tag); _is_infinity.set_origin_tag(tag); } OriginTag get_origin_tag() const { - return OriginTag(x.get_origin_tag(), y.get_origin_tag(), _is_infinity.get_origin_tag()); + return OriginTag(_x.get_origin_tag(), _y.get_origin_tag(), _is_infinity.get_origin_tag()); } /** @@ -441,8 +444,8 @@ template class element { */ void unset_free_witness_tag() { - x.unset_free_witness_tag(); - y.unset_free_witness_tag(); + _x.unset_free_witness_tag(); + _y.unset_free_witness_tag(); _is_infinity.unset_free_witness_tag(); } @@ -451,13 +454,13 @@ template class element { */ void set_free_witness_tag() { - x.set_free_witness_tag(); - y.set_free_witness_tag(); + _x.set_free_witness_tag(); + _y.set_free_witness_tag(); _is_infinity.set_free_witness_tag(); } - Fq x; - Fq y; + Fq _x; + Fq _y; // For testing purposes only friend class element_test_accessor; @@ -968,7 +971,7 @@ class element_test_accessor { template inline std::ostream& operator<<(std::ostream& os, element const& v) { - return os << "{ " << v.x << " , " << v.y << " }"; + return os << "{ " << v._x << " , " << v._y << " }"; } } // namespace bb::stdlib::element_default diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index b89bb943d713..8fdb9f166e0c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -67,8 +67,8 @@ template class stdlib_biggroup : public testing::Test { // Tags from members are merged bool_ct pif = bool_ct(witness_ct(&builder, 0)); pif.set_origin_tag(next_challenge_tag); - a.x.set_origin_tag(submitted_value_origin_tag); - a.y.set_origin_tag(challenge_origin_tag); + a._x.set_origin_tag(submitted_value_origin_tag); + a._y.set_origin_tag(challenge_origin_tag); a.set_point_at_infinity(pif); EXPECT_EQ(a.get_origin_tag(), first_second_third_merged_tag); @@ -109,8 +109,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a) + element(input_b)); - uint256_t c_x_u256 = c.x.get_value().lo; - uint256_t c_y_u256 = c.y.get_value().lo; + uint256_t c_x_u256 = c._x.get_value().lo; + uint256_t c_y_u256 = c._y.get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -207,11 +207,11 @@ template class stdlib_biggroup : public testing::Test { EXPECT_EQ(standard_a.is_point_at_infinity().get_value(), true); EXPECT_EQ(standard_b.is_point_at_infinity().get_value(), true); - fq standard_a_x = standard_a.x.get_value().lo; - fq standard_a_y = standard_a.y.get_value().lo; + fq standard_a_x = standard_a._x.get_value().lo; + fq standard_a_y = standard_a._y.get_value().lo; - fq standard_b_x = standard_b.x.get_value().lo; - fq standard_b_y = standard_b.y.get_value().lo; + fq standard_b_x = standard_b._x.get_value().lo; + fq standard_b_y = standard_b._y.get_value().lo; EXPECT_EQ(standard_a_x, 0); EXPECT_EQ(standard_a_y, 0); @@ -243,8 +243,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a) - element(input_b)); - uint256_t c_x_u256 = c.x.get_value().lo; - uint256_t c_y_u256 = c.y.get_value().lo; + uint256_t c_x_u256 = c._x.get_value().lo; + uint256_t c_y_u256 = c._y.get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -330,8 +330,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a).dbl()); - uint256_t c_x_u256 = c.x.get_value().lo; - uint256_t c_y_u256 = c.y.get_value().lo; + uint256_t c_x_u256 = c._x.get_value().lo; + uint256_t c_y_u256 = c._y.get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -491,7 +491,7 @@ template class stdlib_biggroup : public testing::Test { b.set_origin_tag(challenge_origin_tag); // Make the x-coordinates equal, so we should get an error message about y-coordinates - b.x = a.x; + b._x = a._x; a.incomplete_assert_equal(b, "elements don't match"); // Circuit should fail @@ -569,8 +569,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a).dbl() + element(input_b)); - uint256_t c_x_u256 = c.x.get_value().lo; - uint256_t c_y_u256 = c.y.get_value().lo; + uint256_t c_x_u256 = c._x.get_value().lo; + uint256_t c_y_u256 = c._y.get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -606,8 +606,8 @@ template class stdlib_biggroup : public testing::Test { // Check the result of the multiplication has a tag that's the union of inputs' tags EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); EXPECT_EQ(c_y_result, c_expected.y); @@ -651,8 +651,8 @@ template class stdlib_biggroup : public testing::Test { // Check the result of the multiplication has a tag that's the union of inputs' tags EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); @@ -691,8 +691,8 @@ template class stdlib_biggroup : public testing::Test { // Check the result of the multiplication has a tag that's the union of inputs' tags EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); @@ -786,8 +786,8 @@ template class stdlib_biggroup : public testing::Test { element input_c = (element(input_a) * scalar_a); element input_d = (element(input_b) * scalar_b); affine_element expected(input_c + input_d); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -848,8 +848,8 @@ template class stdlib_biggroup : public testing::Test { element input_g = (element(input_c) * scalar_c); affine_element expected(input_e + input_f + input_g); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -924,8 +924,8 @@ template class stdlib_biggroup : public testing::Test { element input_h = (element(input_d) * scalar_d); affine_element expected(input_e + input_f + input_g + input_h); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -956,8 +956,8 @@ template class stdlib_biggroup : public testing::Test { // Check that the resulting tag is a union EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); affine_element expected(g1::one * scalar_a); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -1007,8 +1007,8 @@ template class stdlib_biggroup : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point.x.get_value().lo); - fq result_y(result_point.y.get_value().lo); + fq result_x(result_point._x.get_value().lo); + fq result_y(result_point._y.get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1057,8 +1057,8 @@ template class stdlib_biggroup : public testing::Test { expected_point = expected_point.normalize(); - fq result2_x(result_point2.x.get_value().lo); - fq result2_y(result_point2.y.get_value().lo); + fq result2_x(result_point2._x.get_value().lo); + fq result2_y(result_point2._y.get_value().lo); EXPECT_EQ(result2_x, expected_point.x); EXPECT_EQ(result2_y, expected_point.y); @@ -1111,8 +1111,8 @@ template class stdlib_biggroup : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point.x.get_value().lo); - fq result_y(result_point.y.get_value().lo); + fq result_x(result_point._x.get_value().lo); + fq result_y(result_point._y.get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1169,8 +1169,8 @@ template class stdlib_biggroup : public testing::Test { element expected_point = points[1]; expected_point = expected_point.normalize(); - fq result_x(result_point.x.get_value().lo); - fq result_y(result_point.y.get_value().lo); + fq result_x(result_point._x.get_value().lo); + fq result_y(result_point._y.get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1217,8 +1217,8 @@ template class stdlib_biggroup : public testing::Test { element expected_point = points[1]; expected_point = expected_point.normalize(); - fq result_x(result_point.x.get_value().lo); - fq result_y(result_point.y.get_value().lo); + fq result_x(result_point._x.get_value().lo); + fq result_y(result_point._y.get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1396,8 +1396,8 @@ template class stdlib_biggroup : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point.x.get_value().lo); - fq result_y(result_point.y.get_value().lo); + fq result_x(result_point._x.get_value().lo); + fq result_y(result_point._y.get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1477,8 +1477,8 @@ template class stdlib_biggroup : public testing::Test { out += (input4 * scalar4); affine_element c_expected(out); - fq c_x_result(c.x.get_value().lo); - fq c_y_result(c.y.get_value().lo); + fq c_x_result(c._x.get_value().lo); + fq c_y_result(c._y.get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); EXPECT_EQ(c_y_result, c_expected.y); @@ -1522,8 +1522,8 @@ template class stdlib_biggroup : public testing::Test { } expected = expected.normalize(); - fq result_x(double_opening_result.x.get_value().lo); - fq result_y(double_opening_result.y.get_value().lo); + fq result_x(double_opening_result._x.get_value().lo); + fq result_y(double_opening_result._y.get_value().lo); EXPECT_EQ(result_x, expected.x); EXPECT_EQ(result_y, expected.y); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp index 652162845f1c..10ca3af22275 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp @@ -47,18 +47,18 @@ template class goblin_el goblin_element() = default; goblin_element(const typename NativeGroup::affine_element& input) - : x(input.x) - , y(input.y) + : _x(input.x) + , _y(input.y) , _is_infinity(input.is_point_at_infinity()) {} goblin_element(const Fq& x, const Fq& y) - : x(x) - , y(y) + : _x(x) + , _y(y) , _is_infinity(false) {} goblin_element(const Fq& x, const Fq& y, const bool_ct is_infinity) - : x(x) - , y(y) + : _x(x) + , _y(y) , _is_infinity(is_infinity) {} goblin_element(const goblin_element& other) = default; @@ -81,8 +81,8 @@ template class goblin_el const std::string msg = "goblin_element::incomplete_assert_equal") const { is_point_at_infinity().assert_equal(other.is_point_at_infinity(), msg + " (infinity flag)"); - x.assert_equal(other.x, msg + " (x coordinate)"); - y.assert_equal(other.y, msg + " (y coordinate)"); + _x.assert_equal(other._x, msg + " (x coordinate)"); + _y.assert_equal(other._y, msg + " (y coordinate)"); } static goblin_element from_witness(Builder* ctx, const typename NativeGroup::affine_element& input) @@ -92,13 +92,13 @@ template class goblin_el if (input.is_point_at_infinity()) { Fq x = Fq::from_witness(ctx, bb::fq(0)); Fq y = Fq::from_witness(ctx, bb::fq(0)); - out.x = x; - out.y = y; + out._x = x; + out._y = y; } else { Fq x = Fq::from_witness(ctx, input.x); Fq y = Fq::from_witness(ctx, input.y); - out.x = x; - out.y = y; + out._x = x; + out._y = y; } out.set_point_at_infinity(witness_t(ctx, input.is_point_at_infinity())); out.set_free_witness_tag(); @@ -110,8 +110,8 @@ template class goblin_el **/ void convert_constant_to_fixed_witness(Builder* builder) { - this->x.convert_constant_to_fixed_witness(builder); - this->y.convert_constant_to_fixed_witness(builder); + this->_x.convert_constant_to_fixed_witness(builder); + this->_y.convert_constant_to_fixed_witness(builder); this->unset_free_witness_tag(); } @@ -121,8 +121,8 @@ template class goblin_el void fix_witness() { // Origin tags should be updated within - this->x.fix_witness(); - this->y.fix_witness(); + this->_x.fix_witness(); + this->_y.fix_witness(); // This is now effectively a constant unset_free_witness_tag(); @@ -184,10 +184,10 @@ template class goblin_el auto x_hi = Fr::from_witness_index(builder, op_tuple.x_hi); auto y_lo = Fr::from_witness_index(builder, op_tuple.y_lo); auto y_hi = Fr::from_witness_index(builder, op_tuple.y_hi); - x_lo.assert_equal(other.x.limbs[0]); - x_hi.assert_equal(other.x.limbs[1]); - y_lo.assert_equal(other.y.limbs[0]); - y_hi.assert_equal(other.y.limbs[1]); + x_lo.assert_equal(other._x.limbs[0]); + x_hi.assert_equal(other._x.limbs[1]); + y_lo.assert_equal(other._y.limbs[0]); + y_hi.assert_equal(other._y.limbs[1]); } // if function queue_ecc_add_accum is used, op_tuple creates as a result of construct_and_populate_ultra_ops // function. In case of queue_ecc_add_accum, scalar is zero, (z_1, z_2) = (scalar, 0) = (0, 0) and they just put @@ -220,10 +220,10 @@ template class goblin_el auto y_lo = Fr::from_witness_index(builder, op_tuple3.y_lo); auto y_hi = Fr::from_witness_index(builder, op_tuple3.y_hi); - x_lo.assert_equal(x.limbs[0]); - x_hi.assert_equal(x.limbs[1]); - y_lo.assert_equal(y.limbs[0]); - y_hi.assert_equal(y.limbs[1]); + x_lo.assert_equal(_x.limbs[0]); + x_hi.assert_equal(_x.limbs[1]); + y_lo.assert_equal(_y.limbs[0]); + y_hi.assert_equal(_y.limbs[1]); } // Set the tag of the result to the union of the tags of inputs @@ -254,7 +254,7 @@ template class goblin_el { goblin_element negated = -(*this); goblin_element result(*this); - result.y = Fq::conditional_assign(predicate, negated.y, result.y); + result._y = Fq::conditional_assign(predicate, negated._y, result._y); return result; } @@ -268,8 +268,8 @@ template class goblin_el goblin_element conditional_select(const goblin_element& other, const bool_ct& predicate) const { goblin_element result(*this); - result.x = Fq::conditional_assign(predicate, other.x, result.x); - result.y = Fq::conditional_assign(predicate, other.y, result.y); + result._x = Fq::conditional_assign(predicate, other._x, result._x); + result._y = Fq::conditional_assign(predicate, other._y, result._y); result._is_infinity = bool_ct::conditional_assign(predicate, other.is_point_at_infinity(), result.is_point_at_infinity()); return result; @@ -302,8 +302,8 @@ template class goblin_el typename NativeGroup::affine_element get_value() const { - bb::fq x_val = x.get_value().lo; - bb::fq y_val = y.get_value().lo; + bb::fq x_val = _x.get_value().lo; + bb::fq y_val = _y.get_value().lo; auto result = typename NativeGroup::affine_element(x_val, y_val); if (is_point_at_infinity().get_value()) { result.self_set_infinity(); @@ -313,28 +313,28 @@ template class goblin_el Builder* get_context() const { - if (x.get_context() != nullptr) { - return x.get_context(); + if (_x.get_context() != nullptr) { + return _x.get_context(); } - if (y.get_context() != nullptr) { - return y.get_context(); + if (_y.get_context() != nullptr) { + return _y.get_context(); } return nullptr; } Builder* get_context(const goblin_element& other) const { - if (x.get_context() != nullptr) { - return x.get_context(); + if (_x.get_context() != nullptr) { + return _x.get_context(); } - if (y.get_context() != nullptr) { - return y.get_context(); + if (_y.get_context() != nullptr) { + return _y.get_context(); } - if (other.x.get_context() != nullptr) { - return other.x.get_context(); + if (other._x.get_context() != nullptr) { + return other._x.get_context(); } - if (other.y.get_context() != nullptr) { - return other.y.get_context(); + if (other._y.get_context() != nullptr) { + return other._y.get_context(); } return nullptr; } @@ -353,20 +353,20 @@ template class goblin_el const bool_ct is_infinity = is_point_at_infinity(); goblin_element result(*this); const Fq zero = Fq::zero(); - result.x = Fq::conditional_assign(is_infinity, zero, result.x); - result.y = Fq::conditional_assign(is_infinity, zero, result.y); + result._x = Fq::conditional_assign(is_infinity, zero, result._x); + result._y = Fq::conditional_assign(is_infinity, zero, result._y); return result; } OriginTag get_origin_tag() const { - return OriginTag(x.get_origin_tag(), y.get_origin_tag(), _is_infinity.get_origin_tag()); + return OriginTag(_x.get_origin_tag(), _y.get_origin_tag(), _is_infinity.get_origin_tag()); } void set_origin_tag(const OriginTag& tag) const { - x.set_origin_tag(tag); - y.set_origin_tag(tag); + _x.set_origin_tag(tag); + _y.set_origin_tag(tag); _is_infinity.set_origin_tag(tag); } @@ -375,8 +375,8 @@ template class goblin_el */ void set_free_witness_tag() { - x.set_free_witness_tag(); - y.set_free_witness_tag(); + _x.set_free_witness_tag(); + _y.set_free_witness_tag(); _is_infinity.set_free_witness_tag(); } @@ -385,8 +385,8 @@ template class goblin_el */ void unset_free_witness_tag() { - x.unset_free_witness_tag(); - y.unset_free_witness_tag(); + _x.unset_free_witness_tag(); + _y.unset_free_witness_tag(); _is_infinity.unset_free_witness_tag(); } /** @@ -400,8 +400,8 @@ template class goblin_el */ uint32_t set_public() const { - const uint32_t start_idx = x.set_public(); - y.set_public(); + const uint32_t start_idx = _x.set_public(); + _y.set_public(); return start_idx; } @@ -423,8 +423,8 @@ template class goblin_el return { Fq::reconstruct_from_public(x_limbs), Fq::reconstruct_from_public(y_limbs) }; } - Fq x; - Fq y; + Fq _x; + Fq _y; private: bool_ct _is_infinity; @@ -438,7 +438,7 @@ using BiggroupGoblin = goblin_element inline std::ostream& operator<<(std::ostream& os, goblin_element const& v) { - return os << "{ " << v.x << " , " << v.y << " }"; + return os << "{ " << v._x << " , " << v._y << " }"; } } // namespace bb::stdlib::element_goblin diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp index 6fc3ec6cbea3..384b9dcf43f7 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp @@ -74,8 +74,8 @@ template class stdlib_biggroup_goblin : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point.x.get_value().lo); - fq result_y(result_point.y.get_value().lo); + fq result_x(result_point._x.get_value().lo); + fq result_y(result_point._y.get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin_impl.hpp index 18f515d1174a..c7fcdf938510 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin_impl.hpp @@ -75,12 +75,12 @@ goblin_element goblin_element::batch_mul(const std:: // Note: These constraints do not assume or enforce that the coordinates of the original point have been // asserted to be in the field, only that they are less than the smallest power of 2 greater than the field // modulus (a la the bigfield(lo, hi) constructor with can_overflow == false). - BB_ASSERT_LTE(uint1024_t(point.x.get_maximum_value()), Fq::DEFAULT_MAXIMUM_REMAINDER); - BB_ASSERT_LTE(uint1024_t(point.y.get_maximum_value()), Fq::DEFAULT_MAXIMUM_REMAINDER); - x_lo.assert_equal(point.x.limbs[0]); - x_hi.assert_equal(point.x.limbs[1]); - y_lo.assert_equal(point.y.limbs[0]); - y_hi.assert_equal(point.y.limbs[1]); + BB_ASSERT_LTE(uint1024_t(point._x.get_maximum_value()), Fq::DEFAULT_MAXIMUM_REMAINDER); + BB_ASSERT_LTE(uint1024_t(point._y.get_maximum_value()), Fq::DEFAULT_MAXIMUM_REMAINDER); + x_lo.assert_equal(point._x.limbs[0]); + x_hi.assert_equal(point._x.limbs[1]); + y_lo.assert_equal(point._y.limbs[0]); + y_hi.assert_equal(point._y.limbs[1]); // Add constraints demonstrating proper decomposition of scalar into endomorphism scalars if (!scalar_is_constant_equal_one) { diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp index 3ebe63734412..69ab2a0eedbc 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp @@ -17,43 +17,43 @@ namespace bb::stdlib::element_default { template element::element() - : x() - , y() + : _x() + , _y() , _is_infinity() {} template element::element(const typename G::affine_element& input) - : x(nullptr, input.x) - , y(nullptr, input.y) + : _x(nullptr, input.x) + , _y(nullptr, input.y) , _is_infinity(nullptr, input.is_point_at_infinity()) {} template element::element(const Fq& x_in, const Fq& y_in) - : x(x_in) - , y(y_in) - , _is_infinity(x.get_context() ? x.get_context() : y.get_context(), false) + : _x(x_in) + , _y(y_in) + , _is_infinity(_x.get_context() ? _x.get_context() : _y.get_context(), false) {} template element::element(const Fq& x_in, const Fq& y_in, const bool_ct& is_infinity) - : x(x_in) - , y(y_in) + : _x(x_in) + , _y(y_in) , _is_infinity(is_infinity) {} template element::element(const element& other) - : x(other.x) - , y(other.y) + : _x(other._x) + , _y(other._y) , _is_infinity(other.is_point_at_infinity()) {} template element::element(element&& other) noexcept - : x(other.x) - , y(other.y) + : _x(other._x) + , _y(other._y) , _is_infinity(other.is_point_at_infinity()) {} @@ -63,8 +63,8 @@ element& element::operator=(const element& other) if (&other == this) { return *this; } - x = other.x; - y = other.y; + _x = other._x; + _y = other._y; _is_infinity = other.is_point_at_infinity(); return *this; } @@ -75,8 +75,8 @@ element& element::operator=(element&& other) noexcep if (&other == this) { return *this; } - x = other.x; - y = other.y; + _x = other._x; + _y = other._y; _is_infinity = other.is_point_at_infinity(); return *this; } @@ -90,8 +90,8 @@ element element::operator+(const element& other) con // If (x_1, y_1), (x_2, y_2) have x_1 == x_2, and the generic formula for lambda has a division by 0. // Then y_1 == y_2 (i.e. we are doubling) or y_2 == y_1 (the sum is infinity). // The cases have a special addition formula. The following booleans allow us to handle these cases uniformly. - const bool_ct x_coordinates_match = other.x == x; - const bool_ct y_coordinates_match = (y == other.y); + const bool_ct x_coordinates_match = other._x == _x; + const bool_ct y_coordinates_match = (_y == other._y); const bool_ct infinity_predicate = (x_coordinates_match && !y_coordinates_match); const bool_ct double_predicate = (x_coordinates_match && y_coordinates_match); const bool_ct lhs_infinity = is_point_at_infinity(); @@ -99,13 +99,13 @@ element element::operator+(const element& other) con const bool_ct has_infinity_input = lhs_infinity || rhs_infinity; // Compute the gradient `lambda`. If we add, `lambda = (y2 - y1)/(x2 - x1)`, else `lambda = 3x1*x1/2y1 - const Fq add_lambda_numerator = other.y - y; - const Fq xx = x * x; + const Fq add_lambda_numerator = other._y - _y; + const Fq xx = _x * _x; const Fq dbl_lambda_numerator = xx + xx + xx; const Fq lambda_numerator = Fq::conditional_assign(double_predicate, dbl_lambda_numerator, add_lambda_numerator); - const Fq add_lambda_denominator = other.x - x; - const Fq dbl_lambda_denominator = y + y; + const Fq add_lambda_denominator = other._x - _x; + const Fq dbl_lambda_denominator = _y + _y; Fq lambda_denominator = Fq::conditional_assign(double_predicate, dbl_lambda_denominator, add_lambda_denominator); // If either inputs are points at infinity, we set lambda_denominator to be 1. This ensures we never trigger a // divide by zero error. @@ -115,16 +115,16 @@ element element::operator+(const element& other) con Fq::conditional_assign(has_infinity_input || infinity_predicate, safe_edgecase_denominator, lambda_denominator); const Fq lambda = Fq::div_without_denominator_check({ lambda_numerator }, lambda_denominator); - const Fq x3 = lambda.sqradd({ -other.x, -x }); - const Fq y3 = lambda.madd(x - x3, { -y }); + const Fq x3 = lambda.sqradd({ -other._x, -_x }); + const Fq y3 = lambda.madd(_x - x3, { -_y }); element result(x3, y3); // if lhs infinity, return rhs - result.x = Fq::conditional_assign(lhs_infinity, other.x, result.x); - result.y = Fq::conditional_assign(lhs_infinity, other.y, result.y); + result._x = Fq::conditional_assign(lhs_infinity, other._x, result._x); + result._y = Fq::conditional_assign(lhs_infinity, other._y, result._y); // if rhs infinity, return lhs - result.x = Fq::conditional_assign(rhs_infinity, x, result.x); - result.y = Fq::conditional_assign(rhs_infinity, y, result.y); + result._x = Fq::conditional_assign(rhs_infinity, _x, result._x); + result._y = Fq::conditional_assign(rhs_infinity, _y, result._y); // is result point at infinity? // yes = infinity_predicate && !lhs_infinity && !rhs_infinity @@ -151,8 +151,8 @@ element element::get_standard_form() const const bool_ct is_infinity = is_point_at_infinity(); element result(*this); const Fq zero = Fq::zero(); - result.x = Fq::conditional_assign(is_infinity, zero, this->x); - result.y = Fq::conditional_assign(is_infinity, zero, this->y); + result._x = Fq::conditional_assign(is_infinity, zero, this->_x); + result._y = Fq::conditional_assign(is_infinity, zero, this->_y); return result; } @@ -162,8 +162,8 @@ element element::operator-(const element& other) con // if x_coordinates match, lambda triggers a divide by zero error. // Adding in `x_coordinates_match` ensures that lambda will always be well-formed - const bool_ct x_coordinates_match = other.x == x; - const bool_ct y_coordinates_match = (y == other.y); + const bool_ct x_coordinates_match = other._x == _x; + const bool_ct y_coordinates_match = (_y == other._y); const bool_ct infinity_predicate = (x_coordinates_match && y_coordinates_match); const bool_ct double_predicate = (x_coordinates_match && !y_coordinates_match); const bool_ct lhs_infinity = is_point_at_infinity(); @@ -171,13 +171,13 @@ element element::operator-(const element& other) con const bool_ct has_infinity_input = lhs_infinity || rhs_infinity; // Compute the gradient `lambda`. If we add, `lambda = (y2 - y1)/(x2 - x1)`, else `lambda = 3x1*x1/2y1 - const Fq add_lambda_numerator = -other.y - y; - const Fq xx = x * x; + const Fq add_lambda_numerator = -other._y - _y; + const Fq xx = _x * _x; const Fq dbl_lambda_numerator = xx + xx + xx; const Fq lambda_numerator = Fq::conditional_assign(double_predicate, dbl_lambda_numerator, add_lambda_numerator); - const Fq add_lambda_denominator = other.x - x; - const Fq dbl_lambda_denominator = y + y; + const Fq add_lambda_denominator = other._x - _x; + const Fq dbl_lambda_denominator = _y + _y; Fq lambda_denominator = Fq::conditional_assign(double_predicate, dbl_lambda_denominator, add_lambda_denominator); // If either inputs are points at infinity, we set lambda_denominator to be 1. This ensures we never trigger // a divide by zero error. (if either inputs are points at infinity we will not use the result of this @@ -187,16 +187,16 @@ element element::operator-(const element& other) con Fq::conditional_assign(has_infinity_input || infinity_predicate, safe_edgecase_denominator, lambda_denominator); const Fq lambda = Fq::div_without_denominator_check({ lambda_numerator }, lambda_denominator); - const Fq x3 = lambda.sqradd({ -other.x, -x }); - const Fq y3 = lambda.madd(x - x3, { -y }); + const Fq x3 = lambda.sqradd({ -other._x, -_x }); + const Fq y3 = lambda.madd(_x - x3, { -_y }); element result(x3, y3); // if lhs infinity, return rhs - result.x = Fq::conditional_assign(lhs_infinity, other.x, result.x); - result.y = Fq::conditional_assign(lhs_infinity, -other.y, result.y); + result._x = Fq::conditional_assign(lhs_infinity, other._x, result._x); + result._y = Fq::conditional_assign(lhs_infinity, -other._y, result._y); // if rhs infinity, return lhs - result.x = Fq::conditional_assign(rhs_infinity, x, result.x); - result.y = Fq::conditional_assign(rhs_infinity, y, result.y); + result._x = Fq::conditional_assign(rhs_infinity, _x, result._x); + result._y = Fq::conditional_assign(rhs_infinity, _y, result._y); // is result point at infinity? // yes = infinity_predicate && !lhs_infinity && !rhs_infinity @@ -212,10 +212,10 @@ element element::operator-(const element& other) con template element element::checked_unconditional_add(const element& other) const { - other.x.assert_is_not_equal(x); - const Fq lambda = Fq::div_without_denominator_check({ other.y, -y }, (other.x - x)); - const Fq x3 = lambda.sqradd({ -other.x, -x }); - const Fq y3 = lambda.madd(x - x3, { -y }); + other._x.assert_is_not_equal(_x); + const Fq lambda = Fq::div_without_denominator_check({ other._y, -_y }, (other._x - _x)); + const Fq x3 = lambda.sqradd({ -other._x, -_x }); + const Fq y3 = lambda.madd(_x - x3, { -_y }); return element(x3, y3); } @@ -223,10 +223,10 @@ template element element::checked_unconditional_subtract(const element& other) const { - other.x.assert_is_not_equal(x); - const Fq lambda = Fq::div_without_denominator_check({ other.y, y }, (other.x - x)); - const Fq x_3 = lambda.sqradd({ -other.x, -x }); - const Fq y_3 = lambda.madd(x_3 - x, { -y }); + other._x.assert_is_not_equal(_x); + const Fq lambda = Fq::div_without_denominator_check({ other._y, _y }, (other._x - _x)); + const Fq x_3 = lambda.sqradd({ -other._x, -_x }); + const Fq y_3 = lambda.madd(x_3 - _x, { -_y }); return element(x_3, y_3); } @@ -252,17 +252,17 @@ std::array, 2> element::checked_unconditiona // TODO(https://github.com/AztecProtocol/barretenberg/issues/971): This will fail when the two elements are // the same even in the case of a valid circuit - other.x.assert_is_not_equal(x); + other._x.assert_is_not_equal(_x); - const Fq denominator = other.x - x; - const Fq x2x1 = -(other.x + x); + const Fq denominator = other._x - _x; + const Fq x2x1 = -(other._x + _x); - const Fq lambda1 = Fq::div_without_denominator_check({ other.y, -y }, denominator); + const Fq lambda1 = Fq::div_without_denominator_check({ other._y, -_y }, denominator); const Fq x_3 = lambda1.sqradd({ x2x1 }); - const Fq y_3 = lambda1.madd(x - x_3, { -y }); - const Fq lambda2 = Fq::div_without_denominator_check({ -other.y, -y }, denominator); + const Fq y_3 = lambda1.madd(_x - x_3, { -_y }); + const Fq lambda2 = Fq::div_without_denominator_check({ -other._y, -_y }, denominator); const Fq x_4 = lambda2.sqradd({ x2x1 }); - const Fq y_4 = lambda2.madd(x - x_4, { -y }); + const Fq y_4 = lambda2.madd(_x - x_4, { -_y }); return { element(x_3, y_3), element(x_4, y_4) }; } @@ -270,19 +270,19 @@ std::array, 2> element::checked_unconditiona template element element::dbl() const { - Fq two_x = x + x; + Fq two_x = _x + _x; if constexpr (G::has_a) { Fq a(get_context(), uint256_t(G::curve_a)); - Fq neg_lambda = Fq::msub_div({ x }, { (two_x + x) }, (y + y), { a }, /*enable_divisor_nz_check*/ false); + Fq neg_lambda = Fq::msub_div({ _x }, { (two_x + _x) }, (_y + _y), { a }, /*enable_divisor_nz_check*/ false); Fq x_3 = neg_lambda.sqradd({ -(two_x) }); - Fq y_3 = neg_lambda.madd(x_3 - x, { -y }); + Fq y_3 = neg_lambda.madd(x_3 - _x, { -_y }); // TODO(suyash): do we handle the point at infinity case here? return element(x_3, y_3); } // TODO(): handle y = 0 case. - Fq neg_lambda = Fq::msub_div({ x }, { (two_x + x) }, (y + y), {}, /*enable_divisor_nz_check*/ false); + Fq neg_lambda = Fq::msub_div({ _x }, { (two_x + _x) }, (_y + _y), {}, /*enable_divisor_nz_check*/ false); Fq x_3 = neg_lambda.sqradd({ -(two_x) }); - Fq y_3 = neg_lambda.madd(x_3 - x, { -y }); + Fq y_3 = neg_lambda.madd(x_3 - _x, { -_y }); element result = element(x_3, y_3); result.set_point_at_infinity(is_point_at_infinity()); return result; @@ -311,13 +311,13 @@ typename element::chain_add_accumulator element::cha const element& p2) { chain_add_accumulator output; - output.x1_prev = p1.x; - output.y1_prev = p1.y; + output.x1_prev = p1._x; + output.y1_prev = p1._y; - p1.x.assert_is_not_equal(p2.x); - const Fq lambda = Fq::div_without_denominator_check({ p2.y, -p1.y }, (p2.x - p1.x)); + p1._x.assert_is_not_equal(p2._x); + const Fq lambda = Fq::div_without_denominator_check({ p2._y, -p1._y }, (p2._x - p1._x)); - const Fq x3 = lambda.sqradd({ -p2.x, -p1.x }); + const Fq x3 = lambda.sqradd({ -p2._x, -p1._x }); output.x3_prev = x3; output.lambda_prev = lambda; return output; @@ -332,7 +332,7 @@ typename element::chain_add_accumulator element::cha return chain_add_start(p1, element(acc.x3_prev, acc.y3_prev)); } // validate we can use incomplete addition formulae - p1.x.assert_is_not_equal(acc.x3_prev); + p1._x.assert_is_not_equal(acc.x3_prev); // lambda = (y2 - y1) / (x2 - x1) // but we don't have y2! @@ -355,15 +355,15 @@ typename element::chain_add_accumulator element::cha const auto lambda = Fq::msub_div({ acc.lambda_prev }, { (x2 - acc.x1_prev) }, - (x2 - p1.x), - { acc.y1_prev, p1.y }, + (x2 - p1._x), + { acc.y1_prev, p1._y }, /*enable_divisor_nz_check*/ false); // divisor is non-zero as x2 != p1.x is enforced - const auto x3 = lambda.sqradd({ -x2, -p1.x }); + const auto x3 = lambda.sqradd({ -x2, -p1._x }); chain_add_accumulator output; output.x3_prev = x3; - output.x1_prev = p1.x; - output.y1_prev = p1.y; + output.x1_prev = p1._x; + output.y1_prev = p1._y; output.lambda_prev = lambda; return output; @@ -428,16 +428,16 @@ element element::chain_add_end(const chain_add_accum template element element::montgomery_ladder(const element& other) const { - other.x.assert_is_not_equal(x); - const Fq lambda_1 = Fq::div_without_denominator_check({ other.y - y }, (other.x - x)); + other._x.assert_is_not_equal(_x); + const Fq lambda_1 = Fq::div_without_denominator_check({ other._y - _y }, (other._x - _x)); - const Fq x_3 = lambda_1.sqradd({ -other.x, -x }); + const Fq x_3 = lambda_1.sqradd({ -other._x, -_x }); - const Fq minus_lambda_2 = lambda_1 + Fq::div_without_denominator_check({ y + y }, (x_3 - x)); + const Fq minus_lambda_2 = lambda_1 + Fq::div_without_denominator_check({ _y + _y }, (x_3 - _x)); - const Fq x_4 = minus_lambda_2.sqradd({ -x, -x_3 }); + const Fq x_4 = minus_lambda_2.sqradd({ -_x, -x_3 }); - const Fq y_4 = minus_lambda_2.madd(x_4 - x, { -y }); + const Fq y_4 = minus_lambda_2.madd(x_4 - _x, { -_y }); return element(x_4, y_4); } @@ -467,7 +467,7 @@ element element::montgomery_ladder(const chain_add_a if (to_add.is_element) { throw_or_abort("An accumulator expected"); } - x.assert_is_not_equal(to_add.x3_prev); + _x.assert_is_not_equal(to_add.x3_prev); // lambda = (y2 - y1) / (x2 - x1) // but we don't have y2! @@ -480,16 +480,16 @@ element element::montgomery_ladder(const chain_add_a auto& x2 = to_add.x3_prev; const auto lambda = Fq::msub_div({ to_add.lambda_prev }, { (x2 - to_add.x1_prev) }, - (x2 - x), - { to_add.y1_prev, y }, + (x2 - _x), + { to_add.y1_prev, _y }, /*enable_divisor_nz_check*/ false); // divisor is non-zero as x2 != x is enforced - const auto x3 = lambda.sqradd({ -x2, -x }); + const auto x3 = lambda.sqradd({ -x2, -_x }); - const Fq minus_lambda_2 = lambda + Fq::div_without_denominator_check({ y + y }, (x3 - x)); + const Fq minus_lambda_2 = lambda + Fq::div_without_denominator_check({ _y + _y }, (x3 - _x)); - const Fq x4 = minus_lambda_2.sqradd({ -x, -x3 }); + const Fq x4 = minus_lambda_2.sqradd({ -_x, -x3 }); - const Fq y4 = minus_lambda_2.madd(x4 - x, { -y }); + const Fq y4 = minus_lambda_2.madd(x4 - _x, { -_y }); return element(x4, y4); } @@ -523,7 +523,7 @@ element element::multiple_montgomery_ladder( bool is_negative = false; }; - Fq previous_x = x; + Fq previous_x = _x; composite_y previous_y{ std::vector(), std::vector(), std::vector(), false }; for (size_t i = 0; i < add.size(); ++i) { previous_x.assert_is_not_equal(add[i].x3_prev); @@ -535,7 +535,7 @@ element element::multiple_montgomery_ladder( std::vector lambda1_add; if (i == 0) { - lambda1_add.emplace_back(-y); + lambda1_add.emplace_back(-_y); } else { lambda1_left = previous_y.mul_left; lambda1_right = previous_y.mul_right; @@ -568,7 +568,7 @@ element element::multiple_montgomery_ladder( lambda1_add, /*enable_divisor_nz_check*/ false); // divisor is non-zero as previous_x != add[i].x3_prev is enforced } else { - lambda1 = Fq::div_without_denominator_check({ add[i].y3_prev - y }, (add[i].x3_prev - x)); + lambda1 = Fq::div_without_denominator_check({ add[i].y3_prev - _y }, (add[i].x3_prev - _x)); } Fq x_3 = lambda1.madd(lambda1, { -add[i].x3_prev, -previous_x }); @@ -580,7 +580,7 @@ element element::multiple_montgomery_ladder( // field multiplication Fq lambda2; if (i == 0) { - lambda2 = Fq::div_without_denominator_check({ y + y }, (previous_x - x_3)) - lambda1; + lambda2 = Fq::div_without_denominator_check({ _y + _y }, (previous_x - x_3)) - lambda1; } else { Fq l2_denominator = previous_y.is_negative ? previous_x - x_3 : x_3 - previous_x; // TODO(): analyse if l2_denominator can be zero. @@ -600,7 +600,7 @@ element element::multiple_montgomery_ladder( // Each iteration flips the sign of y_previous.is_negative. // i.e. whether we store y_4 or -y_4 depends on the number of points we have bool num_points_even = ((add.size() & 0x01UL) == 0); - y_4.add.emplace_back(num_points_even ? y : -y); + y_4.add.emplace_back(num_points_even ? _y : -_y); y_4.mul_left.emplace_back(lambda2); y_4.mul_right.emplace_back(num_points_even ? x_4 - previous_x : previous_x - x_4); y_4.is_negative = num_points_even; @@ -814,8 +814,8 @@ element element::scalar_mul(const Fr& scalar, const element result = element::batch_mul({ *this }, { scalar }, max_num_bits, /*with_edgecases=*/false); // Handle point at infinity - result.x = Fq::conditional_assign(is_point_at_infinity, x, result.x); - result.y = Fq::conditional_assign(is_point_at_infinity, y, result.y); + result._x = Fq::conditional_assign(is_point_at_infinity, _x, result._x); + result._y = Fq::conditional_assign(is_point_at_infinity, _y, result._y); result.set_point_at_infinity(is_point_at_infinity); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.hpp index 381aaa3e7c66..8126100137c4 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.hpp @@ -126,7 +126,7 @@ element element::secp256k1_ecdsa_mul(const element& const bool_ct& positive_skew, const bool_ct& negative_skew) { auto to_add = base_point; - to_add.y = to_add.y.conditional_negate(negative_skew); + to_add._y = to_add._y.conditional_negate(negative_skew); element result = accumulator + to_add; // when computing the wNAF we have already validated that positive_skew and negative_skew cannot both be true diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp index 9feef0809368..831b1be4e593 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp @@ -250,8 +250,8 @@ template class stdlibBiggroupSecp256k1 : public testing::Test { auto output = element_ct::secp256k1_ecdsa_mul(P_a, u1, u2); auto expected = affine_element(g1::one * (scalar_c * scalar_b) + g1::one * scalar_a); - EXPECT_EQ(output.x.get_value().lo, uint256_t(expected.x)); - EXPECT_EQ(output.y.get_value().lo, uint256_t(expected.y)); + EXPECT_EQ(output._x.get_value().lo, uint256_t(expected.x)); + EXPECT_EQ(output._y.get_value().lo, uint256_t(expected.y)); } EXPECT_CIRCUIT_CORRECTNESS(builder); @@ -278,13 +278,13 @@ template class stdlibBiggroupSecp256k1 : public testing::Test { // After adding the u2_low skew (i.e., its base point), we get the point at infinity. Then we handle the // u2 high skew as follows: // result = acc ± u1_high_base_point - // result.x = u2_high_skew ? result.x : acc.x; - // result.y = u2_high_skew ? result.y : acc.y; + // result._x = u2_high_skew ? result._x : acc._x; + // result._y = u2_high_skew ? result._y : acc._y; // // However, we did not set the flag _is_point_at_infinity for result. We must copy the flag from the // accumulator in this case, i.e., we must do: - // result.x = u2_high_skew ? result.x : acc.x; - // result.y = u2_high_skew ? result.y : acc.y; + // result._x = u2_high_skew ? result._x : acc._x; + // result._y = u2_high_skew ? result._y : acc._y; // result._is_point_at_infinity = u2_high_skew ? result._is_point_at_infinity : // acc._is_point_at_infinity; // diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_tables.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_tables.hpp index 978d468a601a..2e427042c0f0 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_tables.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_tables.hpp @@ -40,25 +40,25 @@ std::array, Fq::NUM_LIMBS + 1> element::create_g std::vector, 2>> prime_limbs; for (size_t i = 0; i < num_elements; ++i) { - limb_max[0] = std::max(limb_max[0], rom_data[i].x.binary_basis_limbs[0].maximum_value); - limb_max[1] = std::max(limb_max[1], rom_data[i].x.binary_basis_limbs[1].maximum_value); - limb_max[2] = std::max(limb_max[2], rom_data[i].x.binary_basis_limbs[2].maximum_value); - limb_max[3] = std::max(limb_max[3], rom_data[i].x.binary_basis_limbs[3].maximum_value); - limb_max[4] = std::max(limb_max[4], rom_data[i].y.binary_basis_limbs[0].maximum_value); - limb_max[5] = std::max(limb_max[5], rom_data[i].y.binary_basis_limbs[1].maximum_value); - limb_max[6] = std::max(limb_max[6], rom_data[i].y.binary_basis_limbs[2].maximum_value); - limb_max[7] = std::max(limb_max[7], rom_data[i].y.binary_basis_limbs[3].maximum_value); - - x_lo_limbs.emplace_back(std::array, 2>{ rom_data[i].x.binary_basis_limbs[0].element, - rom_data[i].x.binary_basis_limbs[1].element }); - x_hi_limbs.emplace_back(std::array, 2>{ rom_data[i].x.binary_basis_limbs[2].element, - rom_data[i].x.binary_basis_limbs[3].element }); - y_lo_limbs.emplace_back(std::array, 2>{ rom_data[i].y.binary_basis_limbs[0].element, - rom_data[i].y.binary_basis_limbs[1].element }); - y_hi_limbs.emplace_back(std::array, 2>{ rom_data[i].y.binary_basis_limbs[2].element, - rom_data[i].y.binary_basis_limbs[3].element }); + limb_max[0] = std::max(limb_max[0], rom_data[i]._x.binary_basis_limbs[0].maximum_value); + limb_max[1] = std::max(limb_max[1], rom_data[i]._x.binary_basis_limbs[1].maximum_value); + limb_max[2] = std::max(limb_max[2], rom_data[i]._x.binary_basis_limbs[2].maximum_value); + limb_max[3] = std::max(limb_max[3], rom_data[i]._x.binary_basis_limbs[3].maximum_value); + limb_max[4] = std::max(limb_max[4], rom_data[i]._y.binary_basis_limbs[0].maximum_value); + limb_max[5] = std::max(limb_max[5], rom_data[i]._y.binary_basis_limbs[1].maximum_value); + limb_max[6] = std::max(limb_max[6], rom_data[i]._y.binary_basis_limbs[2].maximum_value); + limb_max[7] = std::max(limb_max[7], rom_data[i]._y.binary_basis_limbs[3].maximum_value); + + x_lo_limbs.emplace_back(std::array, 2>{ rom_data[i]._x.binary_basis_limbs[0].element, + rom_data[i]._x.binary_basis_limbs[1].element }); + x_hi_limbs.emplace_back(std::array, 2>{ rom_data[i]._x.binary_basis_limbs[2].element, + rom_data[i]._x.binary_basis_limbs[3].element }); + y_lo_limbs.emplace_back(std::array, 2>{ rom_data[i]._y.binary_basis_limbs[0].element, + rom_data[i]._y.binary_basis_limbs[1].element }); + y_hi_limbs.emplace_back(std::array, 2>{ rom_data[i]._y.binary_basis_limbs[2].element, + rom_data[i]._y.binary_basis_limbs[3].element }); prime_limbs.emplace_back( - std::array, 2>{ rom_data[i].x.prime_basis_limb, rom_data[i].y.prime_basis_limb }); + std::array, 2>{ rom_data[i]._x.prime_basis_limb, rom_data[i]._y.prime_basis_limb }); } std::array, Fq::NUM_LIMBS + 1> output_tables; output_tables[0] = twin_rom_table(x_lo_limbs); @@ -387,13 +387,13 @@ element::create_endo_pair_four_bit_table_plookup(const element& in P1.element_table[i] = (-P1.element_table[15 - i]); } for (size_t i = 0; i < 16; ++i) { - endoP1.element_table[i].y = P1.element_table[15 - i].y; + endoP1.element_table[i]._y = P1.element_table[15 - i]._y; } uint256_t beta_val = bb::field::cube_root_of_unity(); Fq beta(bb::fr(beta_val.slice(0, 136)), bb::fr(beta_val.slice(136, 256))); for (size_t i = 0; i < 8; ++i) { - endoP1.element_table[i].x = P1.element_table[i].x * beta; - endoP1.element_table[15 - i].x = endoP1.element_table[i].x; + endoP1.element_table[i]._x = P1.element_table[i]._x * beta; + endoP1.element_table[15 - i]._x = endoP1.element_table[i]._x; } P1.coordinates = create_group_element_rom_tables<16>(P1.element_table, P1.limb_max); endoP1.coordinates = create_group_element_rom_tables<16>(endoP1.element_table, endoP1.limb_max); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp index eb5d3be5e0c2..418b358363b5 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp @@ -253,11 +253,19 @@ template class StdlibCodec { return convert_grumpkin_fr_to_bn254_frs(val); } else if constexpr (IsAnyOf>) { return convert_goblin_fr_to_bn254_frs(val); - } else if constexpr (IsAnyOf) { + } else if constexpr (IsAnyOf>) { + // For cycle_group (grumpkin_element), still uses .x and .y directly (not renamed yet) + std::vector fr_vec_x = serialize_to_fields(val.x); + std::vector fr_vec_y = serialize_to_fields(val.y); + std::vector fr_vec(fr_vec_x.begin(), fr_vec_x.end()); + fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end()); + return fr_vec; + } else if constexpr (IsAnyOf) { using BaseField = typename T::BaseField; - std::vector fr_vec_x = serialize_to_fields(val.x); - std::vector fr_vec_y = serialize_to_fields(val.y); + // For biggroup element (bn254), use _x and _y + std::vector fr_vec_x = serialize_to_fields(val._x); + std::vector fr_vec_y = serialize_to_fields(val._y); std::vector fr_vec(fr_vec_x.begin(), fr_vec_x.end()); fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end()); return fr_vec; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp index 817f39686a02..765e29f77e35 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp @@ -219,8 +219,8 @@ void TranslatorRecursiveVerifier::verify_consistency_with_final_merge( // These are witness commitments sent as part of the proof, so their coordinates are already in reduced form. // This approach is preferred over implementing assert_equal for biggroup, as it avoids the need to handle // constants within biggroup logic. - bool consistency_check_failed = (merge_commitment.y.get_value() != translator_commitment.y.get_value()) || - (merge_commitment.y.get_value() != translator_commitment.y.get_value()) || + bool consistency_check_failed = (merge_commitment._y.get_value() != translator_commitment._y.get_value()) || + (merge_commitment._y.get_value() != translator_commitment._y.get_value()) || (merge_commitment.is_point_at_infinity().get_value() != translator_commitment.is_point_at_infinity().get_value()); @@ -228,8 +228,8 @@ void TranslatorRecursiveVerifier::verify_consistency_with_final_merge( vinfo("translator commitments are inconsistent with the final merge commitments"); } - merge_commitment.x.assert_equal(translator_commitment.x); - merge_commitment.y.assert_equal(translator_commitment.y); + merge_commitment._x.assert_equal(translator_commitment._x); + merge_commitment._y.assert_equal(translator_commitment._y); merge_commitment.is_point_at_infinity().assert_equal(translator_commitment.is_point_at_infinity()); } } From 4aaa37312fa7a15c637f0213b3f8741cfe0d5ec0 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 23 Oct 2025 20:26:53 +0000 Subject: [PATCH 2/8] make private and add getters --- .../graph_description_goblin.test.cpp | 8 +- ...cription_ultra_recursive_verifier.test.cpp | 8 +- .../stdlib/encryption/ecdsa/ecdsa_impl.hpp | 26 +++--- .../stdlib/primitives/biggroup/biggroup.hpp | 12 ++- .../primitives/biggroup/biggroup.test.cpp | 90 +++++++++---------- .../primitives/biggroup/biggroup_goblin.hpp | 10 ++- .../biggroup/biggroup_goblin.test.cpp | 4 +- .../biggroup/biggroup_secp256k1.test.cpp | 12 +-- .../primitives/field/field_conversion.hpp | 6 +- .../translator_recursive_verifier.cpp | 8 +- 10 files changed, 98 insertions(+), 86 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp index f2f0decb5dfb..66a770392f94 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp @@ -99,10 +99,10 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic) ASSERT_TRUE(verified); } auto translator_pairing_points = output.points_accumulator; - translator_pairing_points.P0._x.fix_witness(); - translator_pairing_points.P0._y.fix_witness(); - translator_pairing_points.P1._x.fix_witness(); - translator_pairing_points.P1._y.fix_witness(); + translator_pairing_points.P0.x().fix_witness(); + translator_pairing_points.P0.y().fix_witness(); + translator_pairing_points.P1.x().fix_witness(); + translator_pairing_points.P1.y().fix_witness(); info("Recursive Verifier: num gates = ", builder.num_gates); auto graph = cdg::StaticAnalyzer(builder, false); auto variables_in_one_gate = graph.get_variables_in_one_gate(); diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp index c58cfdbbb68c..b1397c4ed019 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp @@ -121,10 +121,10 @@ template class BoomerangRecursiveVerifierTest : publi StdlibProof stdlib_inner_proof(outer_circuit, inner_proof); VerifierOutput output = verifier.template verify_proof>(stdlib_inner_proof); PairingObject pairing_points = output.points_accumulator; - pairing_points.P0._x.fix_witness(); - pairing_points.P0._y.fix_witness(); - pairing_points.P1._x.fix_witness(); - pairing_points.P1._y.fix_witness(); + pairing_points.P0.x().fix_witness(); + pairing_points.P0.y().fix_witness(); + pairing_points.P1.x().fix_witness(); + pairing_points.P1.y().fix_witness(); if constexpr (HasIPAAccumulator) { output.ipa_claim.set_public(); outer_circuit.ipa_proof = output.ipa_proof.get_value(); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index 89489dabab3d..0a25e4bdd3be 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -90,9 +90,9 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed Fr z(hashed_message); // Step 1. - public_key._x.assert_is_in_field( + public_key.x().assert_is_in_field( "ECDSA input validation: the x coordinate of the public key is bigger than the base field modulus."); // x < q - public_key._y.assert_is_in_field( + public_key.y().assert_is_in_field( "ECDSA input validation: the y coordinate of the public key is bigger than the base field modulus."); // y < q // Step 2. @@ -137,21 +137,21 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed bool_t(false), "ECDSA validation: the result of the batch multiplication is the point at infinity."); // Step 8. - // We reduce result._x to 2^s, where s is the smallest s.t. 2^s > q. It is cheap in terms of constraints, and avoids - // possible edge cases - result._x.self_reduce(); - - // Transfer Fq value result._x to Fr (this is just moving from a C++ class to another) - Fr result_x_mod_r = Fr::unsafe_construct_from_limbs(result._x.binary_basis_limbs[0].element, - result._x.binary_basis_limbs[1].element, - result._x.binary_basis_limbs[2].element, - result._x.binary_basis_limbs[3].element); + // We reduce result.x() to 2^s, where s is the smallest s.t. 2^s > q. It is cheap in terms of constraints, and + // avoids possible edge cases + result.x().self_reduce(); + + // Transfer Fq value result.x() to Fr (this is just moving from a C++ class to another) + Fr result_x_mod_r = Fr::unsafe_construct_from_limbs(result.x().binary_basis_limbs[0].element, + result.x().binary_basis_limbs[1].element, + result.x().binary_basis_limbs[2].element, + result.x().binary_basis_limbs[3].element); // Copy maximum limb values from Fq to Fr: this is needed by the subtraction happening in the == operator for (size_t idx = 0; idx < 4; idx++) { - result_x_mod_r.binary_basis_limbs[idx].maximum_value = result._x.binary_basis_limbs[idx].maximum_value; + result_x_mod_r.binary_basis_limbs[idx].maximum_value = result.x().binary_basis_limbs[idx].maximum_value; } - // Check result._x = r mod n + // Check result.x() = r mod n bool_t is_signature_valid = result_x_mod_r == r; // Logging diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index 24586c725b7e..265a3b269866 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -417,6 +417,13 @@ template class element { return nullptr; } + // Coordinate accessors (non-owning, const reference) + const Fq& x() const { return _x; } + const Fq& y() const { return _y; } + // Non-const accessors for internal use (e.g., fix_witness in tests) + Fq& x() { return _x; } + Fq& y() { return _y; } + bool_ct is_point_at_infinity() const { return _is_infinity; } void set_point_at_infinity(const bool_ct& is_infinity, const bool& add_to_used_witnesses = false) { @@ -459,13 +466,12 @@ template class element { _is_infinity.set_free_witness_tag(); } - Fq _x; - Fq _y; - // For testing purposes only friend class element_test_accessor; private: + Fq _x; + Fq _y; bool_ct _is_infinity; /** diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index 8fdb9f166e0c..3d8cc88aa1b1 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -67,8 +67,8 @@ template class stdlib_biggroup : public testing::Test { // Tags from members are merged bool_ct pif = bool_ct(witness_ct(&builder, 0)); pif.set_origin_tag(next_challenge_tag); - a._x.set_origin_tag(submitted_value_origin_tag); - a._y.set_origin_tag(challenge_origin_tag); + a.x().set_origin_tag(submitted_value_origin_tag); + a.y().set_origin_tag(challenge_origin_tag); a.set_point_at_infinity(pif); EXPECT_EQ(a.get_origin_tag(), first_second_third_merged_tag); @@ -109,8 +109,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a) + element(input_b)); - uint256_t c_x_u256 = c._x.get_value().lo; - uint256_t c_y_u256 = c._y.get_value().lo; + uint256_t c_x_u256 = c.x().get_value().lo; + uint256_t c_y_u256 = c.y().get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -207,11 +207,11 @@ template class stdlib_biggroup : public testing::Test { EXPECT_EQ(standard_a.is_point_at_infinity().get_value(), true); EXPECT_EQ(standard_b.is_point_at_infinity().get_value(), true); - fq standard_a_x = standard_a._x.get_value().lo; - fq standard_a_y = standard_a._y.get_value().lo; + fq standard_a_x = standard_a.x().get_value().lo; + fq standard_a_y = standard_a.y().get_value().lo; - fq standard_b_x = standard_b._x.get_value().lo; - fq standard_b_y = standard_b._y.get_value().lo; + fq standard_b_x = standard_b.x().get_value().lo; + fq standard_b_y = standard_b.y().get_value().lo; EXPECT_EQ(standard_a_x, 0); EXPECT_EQ(standard_a_y, 0); @@ -243,8 +243,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a) - element(input_b)); - uint256_t c_x_u256 = c._x.get_value().lo; - uint256_t c_y_u256 = c._y.get_value().lo; + uint256_t c_x_u256 = c.x().get_value().lo; + uint256_t c_y_u256 = c.y().get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -330,8 +330,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a).dbl()); - uint256_t c_x_u256 = c._x.get_value().lo; - uint256_t c_y_u256 = c._y.get_value().lo; + uint256_t c_x_u256 = c.x().get_value().lo; + uint256_t c_y_u256 = c.y().get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -491,7 +491,7 @@ template class stdlib_biggroup : public testing::Test { b.set_origin_tag(challenge_origin_tag); // Make the x-coordinates equal, so we should get an error message about y-coordinates - b._x = a._x; + b.x() = a.x(); a.incomplete_assert_equal(b, "elements don't match"); // Circuit should fail @@ -569,8 +569,8 @@ template class stdlib_biggroup : public testing::Test { affine_element c_expected(element(input_a).dbl() + element(input_b)); - uint256_t c_x_u256 = c._x.get_value().lo; - uint256_t c_y_u256 = c._y.get_value().lo; + uint256_t c_x_u256 = c.x().get_value().lo; + uint256_t c_y_u256 = c.y().get_value().lo; fq c_x_result(c_x_u256); fq c_y_result(c_y_u256); @@ -606,8 +606,8 @@ template class stdlib_biggroup : public testing::Test { // Check the result of the multiplication has a tag that's the union of inputs' tags EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); EXPECT_EQ(c_y_result, c_expected.y); @@ -651,8 +651,8 @@ template class stdlib_biggroup : public testing::Test { // Check the result of the multiplication has a tag that's the union of inputs' tags EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); @@ -691,8 +691,8 @@ template class stdlib_biggroup : public testing::Test { // Check the result of the multiplication has a tag that's the union of inputs' tags EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); @@ -786,8 +786,8 @@ template class stdlib_biggroup : public testing::Test { element input_c = (element(input_a) * scalar_a); element input_d = (element(input_b) * scalar_b); affine_element expected(input_c + input_d); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -848,8 +848,8 @@ template class stdlib_biggroup : public testing::Test { element input_g = (element(input_c) * scalar_c); affine_element expected(input_e + input_f + input_g); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -924,8 +924,8 @@ template class stdlib_biggroup : public testing::Test { element input_h = (element(input_d) * scalar_d); affine_element expected(input_e + input_f + input_g + input_h); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -956,8 +956,8 @@ template class stdlib_biggroup : public testing::Test { // Check that the resulting tag is a union EXPECT_EQ(c.get_origin_tag(), first_two_merged_tag); affine_element expected(g1::one * scalar_a); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, expected.x); EXPECT_EQ(c_y_result, expected.y); @@ -1007,8 +1007,8 @@ template class stdlib_biggroup : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point._x.get_value().lo); - fq result_y(result_point._y.get_value().lo); + fq result_x(result_point.x().get_value().lo); + fq result_y(result_point.y().get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1057,8 +1057,8 @@ template class stdlib_biggroup : public testing::Test { expected_point = expected_point.normalize(); - fq result2_x(result_point2._x.get_value().lo); - fq result2_y(result_point2._y.get_value().lo); + fq result2_x(result_point2.x().get_value().lo); + fq result2_y(result_point2.y().get_value().lo); EXPECT_EQ(result2_x, expected_point.x); EXPECT_EQ(result2_y, expected_point.y); @@ -1111,8 +1111,8 @@ template class stdlib_biggroup : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point._x.get_value().lo); - fq result_y(result_point._y.get_value().lo); + fq result_x(result_point.x().get_value().lo); + fq result_y(result_point.y().get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1169,8 +1169,8 @@ template class stdlib_biggroup : public testing::Test { element expected_point = points[1]; expected_point = expected_point.normalize(); - fq result_x(result_point._x.get_value().lo); - fq result_y(result_point._y.get_value().lo); + fq result_x(result_point.x().get_value().lo); + fq result_y(result_point.y().get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1217,8 +1217,8 @@ template class stdlib_biggroup : public testing::Test { element expected_point = points[1]; expected_point = expected_point.normalize(); - fq result_x(result_point._x.get_value().lo); - fq result_y(result_point._y.get_value().lo); + fq result_x(result_point.x().get_value().lo); + fq result_y(result_point.y().get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1396,8 +1396,8 @@ template class stdlib_biggroup : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point._x.get_value().lo); - fq result_y(result_point._y.get_value().lo); + fq result_x(result_point.x().get_value().lo); + fq result_y(result_point.y().get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); @@ -1477,8 +1477,8 @@ template class stdlib_biggroup : public testing::Test { out += (input4 * scalar4); affine_element c_expected(out); - fq c_x_result(c._x.get_value().lo); - fq c_y_result(c._y.get_value().lo); + fq c_x_result(c.x().get_value().lo); + fq c_y_result(c.y().get_value().lo); EXPECT_EQ(c_x_result, c_expected.x); EXPECT_EQ(c_y_result, c_expected.y); @@ -1522,8 +1522,8 @@ template class stdlib_biggroup : public testing::Test { } expected = expected.normalize(); - fq result_x(double_opening_result._x.get_value().lo); - fq result_y(double_opening_result._y.get_value().lo); + fq result_x(double_opening_result.x().get_value().lo); + fq result_y(double_opening_result.y().get_value().lo); EXPECT_EQ(result_x, expected.x); EXPECT_EQ(result_y, expected.y); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp index 10ca3af22275..7c49fbd35d22 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp @@ -406,6 +406,13 @@ template class goblin_el return start_idx; } + // Coordinate accessors (non-owning, const reference) + const Fq& x() const { return _x; } + const Fq& y() const { return _y; } + // Non-const accessors for internal use (e.g., fix_witness in tests) + Fq& x() { return _x; } + Fq& y() { return _y; } + /** * @brief Reconstruct a goblin element from its representation as limbs stored in the public inputs * @details For consistency with biggroup, a goblin element is represented in the public inputs using eight field @@ -423,10 +430,9 @@ template class goblin_el return { Fq::reconstruct_from_public(x_limbs), Fq::reconstruct_from_public(y_limbs) }; } + private: Fq _x; Fq _y; - - private: bool_ct _is_infinity; }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp index 384b9dcf43f7..865a90abd9ca 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.test.cpp @@ -74,8 +74,8 @@ template class stdlib_biggroup_goblin : public testing::Test { } expected_point = expected_point.normalize(); - fq result_x(result_point._x.get_value().lo); - fq result_y(result_point._y.get_value().lo); + fq result_x(result_point.x().get_value().lo); + fq result_y(result_point.y().get_value().lo); EXPECT_EQ(result_x, expected_point.x); EXPECT_EQ(result_y, expected_point.y); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp index 831b1be4e593..5fea2754c354 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_secp256k1.test.cpp @@ -250,8 +250,8 @@ template class stdlibBiggroupSecp256k1 : public testing::Test { auto output = element_ct::secp256k1_ecdsa_mul(P_a, u1, u2); auto expected = affine_element(g1::one * (scalar_c * scalar_b) + g1::one * scalar_a); - EXPECT_EQ(output._x.get_value().lo, uint256_t(expected.x)); - EXPECT_EQ(output._y.get_value().lo, uint256_t(expected.y)); + EXPECT_EQ(output.x().get_value().lo, uint256_t(expected.x)); + EXPECT_EQ(output.y().get_value().lo, uint256_t(expected.y)); } EXPECT_CIRCUIT_CORRECTNESS(builder); @@ -278,13 +278,13 @@ template class stdlibBiggroupSecp256k1 : public testing::Test { // After adding the u2_low skew (i.e., its base point), we get the point at infinity. Then we handle the // u2 high skew as follows: // result = acc ± u1_high_base_point - // result._x = u2_high_skew ? result._x : acc._x; - // result._y = u2_high_skew ? result._y : acc._y; + // result.x() = u2_high_skew ? result.x() : acc.x(); + // result.y() = u2_high_skew ? result.y() : acc.y(); // // However, we did not set the flag _is_point_at_infinity for result. We must copy the flag from the // accumulator in this case, i.e., we must do: - // result._x = u2_high_skew ? result._x : acc._x; - // result._y = u2_high_skew ? result._y : acc._y; + // result.x() = u2_high_skew ? result.x() : acc.x(); + // result.y() = u2_high_skew ? result.y() : acc.y(); // result._is_point_at_infinity = u2_high_skew ? result._is_point_at_infinity : // acc._is_point_at_infinity; // diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp index 418b358363b5..7eb561e94aaa 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/field/field_conversion.hpp @@ -263,9 +263,9 @@ template class StdlibCodec { } else if constexpr (IsAnyOf) { using BaseField = typename T::BaseField; - // For biggroup element (bn254), use _x and _y - std::vector fr_vec_x = serialize_to_fields(val._x); - std::vector fr_vec_y = serialize_to_fields(val._y); + // For biggroup element (bn254), use x() and y() accessors + std::vector fr_vec_x = serialize_to_fields(val.x()); + std::vector fr_vec_y = serialize_to_fields(val.y()); std::vector fr_vec(fr_vec_x.begin(), fr_vec_x.end()); fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end()); return fr_vec; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp index 765e29f77e35..834f8acf50b0 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp @@ -219,8 +219,8 @@ void TranslatorRecursiveVerifier::verify_consistency_with_final_merge( // These are witness commitments sent as part of the proof, so their coordinates are already in reduced form. // This approach is preferred over implementing assert_equal for biggroup, as it avoids the need to handle // constants within biggroup logic. - bool consistency_check_failed = (merge_commitment._y.get_value() != translator_commitment._y.get_value()) || - (merge_commitment._y.get_value() != translator_commitment._y.get_value()) || + bool consistency_check_failed = (merge_commitment.y().get_value() != translator_commitment.y().get_value()) || + (merge_commitment.y().get_value() != translator_commitment.y().get_value()) || (merge_commitment.is_point_at_infinity().get_value() != translator_commitment.is_point_at_infinity().get_value()); @@ -228,8 +228,8 @@ void TranslatorRecursiveVerifier::verify_consistency_with_final_merge( vinfo("translator commitments are inconsistent with the final merge commitments"); } - merge_commitment._x.assert_equal(translator_commitment._x); - merge_commitment._y.assert_equal(translator_commitment._y); + merge_commitment.x().assert_equal(translator_commitment.x()); + merge_commitment.y().assert_equal(translator_commitment.y()); merge_commitment.is_point_at_infinity().assert_equal(translator_commitment.is_point_at_infinity()); } } From c1850cf879f0e0e3d903cb032843aa93df4ff078 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 23 Oct 2025 21:08:18 +0000 Subject: [PATCH 3/8] mark all locations that require mutable accessor --- .../graph_description_goblin.test.cpp | 4 ++++ .../graph_description_ultra_recursive_verifier.test.cpp | 4 ++++ .../src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp | 3 +++ .../barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp | 3 +++ 4 files changed, 14 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp index 66a770392f94..2b5f75d7fa85 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp @@ -99,9 +99,13 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic) ASSERT_TRUE(verified); } auto translator_pairing_points = output.points_accumulator; + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() translator_pairing_points.P0.x().fix_witness(); + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() translator_pairing_points.P0.y().fix_witness(); + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() translator_pairing_points.P1.x().fix_witness(); + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() translator_pairing_points.P1.y().fix_witness(); info("Recursive Verifier: num gates = ", builder.num_gates); auto graph = cdg::StaticAnalyzer(builder, false); diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp index b1397c4ed019..344ad9767aff 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp @@ -121,9 +121,13 @@ template class BoomerangRecursiveVerifierTest : publi StdlibProof stdlib_inner_proof(outer_circuit, inner_proof); VerifierOutput output = verifier.template verify_proof>(stdlib_inner_proof); PairingObject pairing_points = output.points_accumulator; + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() pairing_points.P0.x().fix_witness(); + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() pairing_points.P0.y().fix_witness(); + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() pairing_points.P1.x().fix_witness(); + // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() pairing_points.P1.y().fix_witness(); if constexpr (HasIPAAccumulator) { output.ipa_claim.set_public(); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index 0a25e4bdd3be..e9969df24c1e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -90,8 +90,10 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed Fr z(hashed_message); // Step 1. + // BIGGROUP_AUDITTODO: mutable accessor needed for assert_is_in_field() public_key.x().assert_is_in_field( "ECDSA input validation: the x coordinate of the public key is bigger than the base field modulus."); // x < q + // BIGGROUP_AUDITTODO: mutable accessor needed for assert_is_in_field() public_key.y().assert_is_in_field( "ECDSA input validation: the y coordinate of the public key is bigger than the base field modulus."); // y < q @@ -139,6 +141,7 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed // Step 8. // We reduce result.x() to 2^s, where s is the smallest s.t. 2^s > q. It is cheap in terms of constraints, and // avoids possible edge cases + // BIGGROUP_AUDITTODO: mutable accessor needed for self_reduce() result.x().self_reduce(); // Transfer Fq value result.x() to Fr (this is just moving from a C++ class to another) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index 3d8cc88aa1b1..e8f4fe498e61 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -67,7 +67,9 @@ template class stdlib_biggroup : public testing::Test { // Tags from members are merged bool_ct pif = bool_ct(witness_ct(&builder, 0)); pif.set_origin_tag(next_challenge_tag); + // BIGGROUP_AUDITTODO: mutable accessor needed for set_origin_tag() a.x().set_origin_tag(submitted_value_origin_tag); + // BIGGROUP_AUDITTODO: mutable accessor needed for set_origin_tag() a.y().set_origin_tag(challenge_origin_tag); a.set_point_at_infinity(pif); EXPECT_EQ(a.get_origin_tag(), first_second_third_merged_tag); @@ -491,6 +493,7 @@ template class stdlib_biggroup : public testing::Test { b.set_origin_tag(challenge_origin_tag); // Make the x-coordinates equal, so we should get an error message about y-coordinates + // BIGGROUP_AUDITTODO: mutable accessor needed for assignment (test mutating internal state) b.x() = a.x(); a.incomplete_assert_equal(b, "elements don't match"); From 6aa4bc21bbb8b344a924b03b8e7d86d24f6b535f Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 24 Oct 2025 17:58:01 +0000 Subject: [PATCH 4/8] update some todos, resolve and remove others --- .../graph_description_goblin.test.cpp | 3 +- ...cription_ultra_recursive_verifier.test.cpp | 3 +- .../stdlib/encryption/ecdsa/ecdsa_impl.hpp | 7 +- .../stdlib/primitives/biggroup/biggroup.hpp | 6 + .../primitives/biggroup/biggroup.test.cpp | 107 ++++++++++++++++-- 5 files changed, 110 insertions(+), 16 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp index 60e082bc3136..2f6230c8c97d 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp @@ -99,7 +99,8 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic) ASSERT_TRUE(verified); } auto translator_pairing_points = output.points_accumulator; - // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() + // BIGGROUP_AUDITTODO: It seems suspicious that we have to fix these witnesses here to make this test pass. Seems to + // defeat the purpose of the test. translator_pairing_points.P0.x().fix_witness(); translator_pairing_points.P0.y().fix_witness(); translator_pairing_points.P1.x().fix_witness(); diff --git a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp index e75104295f80..1c1a014368df 100644 --- a/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_ultra_recursive_verifier.test.cpp @@ -121,7 +121,8 @@ template class BoomerangRecursiveVerifierTest : publi StdlibProof stdlib_inner_proof(outer_circuit, inner_proof); VerifierOutput output = verifier.template verify_proof>(stdlib_inner_proof); PairingObject pairing_points = output.points_accumulator; - // BIGGROUP_AUDITTODO: mutable accessor needed for fix_witness() + // BIGGROUP_AUDITTODO: It seems suspicious that we have to fix these witnesses here to make this test pass. + // Seems to defeat the purpose of the test. pairing_points.P0.x().fix_witness(); pairing_points.P0.y().fix_witness(); pairing_points.P1.x().fix_witness(); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index 893ad8cfe118..137f47660d7c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -90,11 +90,8 @@ bool_t ecdsa_verify_signature(const stdlib::byte_array& hashed Fr z(hashed_message); // Step 1. - // BIGGROUP_AUDITTODO: mutable accessor needed for assert_is_in_field() - public_key.x().assert_is_in_field( - "ECDSA input validation: the x coordinate of the public key is bigger than the base field modulus."); // x < q - public_key.y().assert_is_in_field( - "ECDSA input validation: the y coordinate of the public key is bigger than the base field modulus."); // y < q + public_key.assert_coordinates_in_field( + "ECDSA input validation: coordinate(s) of the public key bigger than the base field modulus."); // x < q, y < q // Step 2. public_key.validate_on_curve("ECDSA input validation: the public key is not a point on the elliptic curve."); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index 265a3b269866..3a456a21123b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -322,6 +322,12 @@ template class element { return result; } + void assert_coordinates_in_field(const std::string& msg = "biggroup::assert_coordinates_in_field") const + { + _x.assert_is_in_field(msg + " (x coordinate)"); + _y.assert_is_in_field(msg + " (y coordinate)"); + } + element dbl() const; // we use this data structure to add together a sequence of points. diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index 3f3045dff4ef..def64d7188b4 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -47,6 +47,7 @@ template class stdlib_biggroup : public testing::Test { using Builder = typename Curve::Builder; using witness_ct = stdlib::witness_t; using bool_ct = stdlib::bool_t; + using field_ct = stdlib::field_t; static constexpr auto EXPECT_CIRCUIT_CORRECTNESS = [](Builder& builder, bool expected_result = true) { info("num gates = ", builder.get_estimated_num_finalized_gates()); @@ -65,23 +66,105 @@ template class stdlib_biggroup : public testing::Test { EXPECT_EQ(a.get_origin_tag(), next_submitted_value_origin_tag); // Tags from members are merged - bool_ct pif = bool_ct(witness_ct(&builder, 0)); + // Create field elements with specific tags before constructing the biggroup element + affine_element input_c(element::random_element()); + auto x = element_ct::BaseField::from_witness(&builder, input_c.x); + auto y = element_ct::BaseField::from_witness(&builder, input_c.y); + auto pif = bool_ct(witness_ct(&builder, false)); + + // Set tags on the individual field elements + x.set_origin_tag(submitted_value_origin_tag); + y.set_origin_tag(challenge_origin_tag); pif.set_origin_tag(next_challenge_tag); - // BIGGROUP_AUDITTODO: mutable accessor needed for set_origin_tag() - a.x().set_origin_tag(submitted_value_origin_tag); - a.y().set_origin_tag(challenge_origin_tag); - a.set_point_at_infinity(pif); - EXPECT_EQ(a.get_origin_tag(), first_second_third_merged_tag); + + // Construct biggroup element from pre-tagged field elements + element_ct c(x, y, pif); + + // The tag of the biggroup element should be the union of all 3 member tags + EXPECT_EQ(c.get_origin_tag(), first_second_third_merged_tag); #ifndef NDEBUG + // Test that instant_death_tag on x coordinate propagates correctly affine_element input_b(element::random_element()); - // Working with instant death tagged element causes an exception - element_ct b = element_ct::from_witness(&builder, input_b); - b.set_origin_tag(instant_death_tag); + auto x_death = element_ct::BaseField::from_witness(&builder, input_b.x); + auto y_normal = element_ct::BaseField::from_witness(&builder, input_b.y); + auto pif_normal = bool_ct(witness_ct(&builder, false)); + x_death.set_origin_tag(instant_death_tag); + + element_ct b(x_death, y_normal, pif_normal); + // Working with instant death tagged element causes an exception EXPECT_THROW(b + b, std::runtime_error); #endif } + + static void test_assert_coordinates_in_field() + { + // Only test for non-goblin builders (goblin elements don't have assert_coordinates_in_field + // because coordinate checks are done in the ECCVM circuit) + if constexpr (!HasGoblinBuilder) { + // Test 1: Valid coordinates should pass + { + Builder builder; + + // Test multiple random points to ensure assert_coordinates_in_field works correctly + for (size_t i = 0; i < 3; ++i) { + affine_element valid_point(element::random_element()); + element_ct point = element_ct::from_witness(&builder, valid_point); + + // This should not fail - coordinates are in field + point.assert_coordinates_in_field(); + } + + // Verify the circuit is correct + EXPECT_CIRCUIT_CORRECTNESS(builder); + } + + // Test 2: Invalid x coordinate should cause circuit to fail + { + Builder builder; + affine_element valid_point(element::random_element()); + + // Create a bigfield element with x coordinate that will be out of range + // We do this by creating a valid witness but then manipulating the limb values + // to make them represent a value >= the modulus + auto x_coord = element_ct::BaseField::from_witness(&builder, valid_point.x); + auto y_coord = element_ct::BaseField::from_witness(&builder, valid_point.y); + + // Manipulate the limbs to create an invalid value + // Set the highest limb to a very large value that would make the total >= modulus + x_coord.binary_basis_limbs[3].element = field_ct::from_witness(&builder, fr(uint256_t(1) << 68)); + x_coord.binary_basis_limbs[3].maximum_value = uint256_t(1) << 68; + + element_ct point(x_coord, y_coord, bool_ct(witness_ct(&builder, false))); + point.assert_coordinates_in_field(); + + // Circuit should fail because x coordinate is out of field + EXPECT_CIRCUIT_CORRECTNESS(builder, false); + } + + // Test 3: Invalid y coordinate should cause circuit to fail + { + Builder builder; + affine_element valid_point(element::random_element()); + + auto x_coord = element_ct::BaseField::from_witness(&builder, valid_point.x); + auto y_coord = element_ct::BaseField::from_witness(&builder, valid_point.y); + + // Manipulate the limbs to create an invalid value + // Set the highest limb to a very large value that would make the total >= modulus + y_coord.binary_basis_limbs[3].element = field_ct::from_witness(&builder, fr(uint256_t(1) << 68)); + y_coord.binary_basis_limbs[3].maximum_value = uint256_t(1) << 68; + + element_ct point(x_coord, y_coord, bool_ct(witness_ct(&builder, false))); + point.assert_coordinates_in_field(); + + // Circuit should fail because y coordinate is out of field + EXPECT_CIRCUIT_CORRECTNESS(builder, false); + } + } + } + static void test_add() { Builder builder; @@ -1545,6 +1628,12 @@ TYPED_TEST(stdlib_biggroup, basic_tag_logic) { TestFixture::test_basic_tag_logic(); } + +TYPED_TEST(stdlib_biggroup, assert_coordinates_in_field) +{ + TestFixture::test_assert_coordinates_in_field(); +} + TYPED_TEST(stdlib_biggroup, add) { From 9ae4bbc55aec8f8ffecf564a3ffd83226c4fbaf3 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 24 Oct 2025 18:33:18 +0000 Subject: [PATCH 5/8] edit test to remove a mutable access --- .../stdlib/primitives/biggroup/biggroup.hpp | 3 ++- .../primitives/biggroup/biggroup.test.cpp | 25 +++++++++++-------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index 3a456a21123b..2211545d7e0d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -426,7 +426,8 @@ template class element { // Coordinate accessors (non-owning, const reference) const Fq& x() const { return _x; } const Fq& y() const { return _y; } - // Non-const accessors for internal use (e.g., fix_witness in tests) + // BIGGROUP_AUDITTODO: Remove these non-const accessors by adding explicit methods for mutation where absolutely + // needed. Fq& x() { return _x; } Fq& y() { return _y; } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index def64d7188b4..f36c1e1d1bd6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -562,24 +562,27 @@ template class stdlib_biggroup : public testing::Test { { Builder builder; affine_element input_a(element::random_element()); - affine_element input_b(element::random_element()); - // Ensure inputs are different - while (input_a == input_b) { - input_b = element::random_element(); - } - element_ct a = element_ct::from_witness(&builder, input_a); - element_ct b = element_ct::from_witness(&builder, input_b); + + // Create a point with the same x coordinate but different y + // For an elliptic curve y^2 = x^3 + ax + b, if (x, y) is on the curve, then (x, -y) is also on the curve + affine_element input_b = input_a; + input_b.y = -input_a.y; // Negate y to get a different point with same x + + // Construct the circuit elements with same x but different y + auto x_coord = element_ct::BaseField::from_witness(&builder, input_a.x); + auto y_coord_a = element_ct::BaseField::from_witness(&builder, input_a.y); + auto y_coord_b = element_ct::BaseField::from_witness(&builder, input_b.y); + + element_ct a(x_coord, y_coord_a, bool_ct(witness_ct(&builder, false))); + element_ct b(x_coord, y_coord_b, bool_ct(witness_ct(&builder, false))); // Set different tags in a and b a.set_origin_tag(submitted_value_origin_tag); b.set_origin_tag(challenge_origin_tag); - // Make the x-coordinates equal, so we should get an error message about y-coordinates - // BIGGROUP_AUDITTODO: mutable accessor needed for assignment (test mutating internal state) - b.x() = a.x(); a.incomplete_assert_equal(b, "elements don't match"); - // Circuit should fail + // Circuit should fail with y coordinate error EXPECT_EQ(builder.failed(), true); EXPECT_EQ(builder.err(), "elements don't match (y coordinate)"); } From 54b6984d0be2bf429364976a1b32bd39ebe8845e Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 24 Oct 2025 18:48:00 +0000 Subject: [PATCH 6/8] add todo for new instance of coordinate access --- .../cpp/src/barretenberg/dsl/acir_format/ecdsa_constraints.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_constraints.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_constraints.cpp index 11a6411295c9..d09dee880e56 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_constraints.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_constraints.cpp @@ -94,6 +94,9 @@ void create_ecdsa_verify_constraints(typename Curve::Builder& builder, // P is on the curve typename Curve::AffineElement default_point(Curve::g1::one + Curve::g1::one); + // BIGGROUP_AUDITTODO: mutable accessor needed for conditional_assign(). Could add a conditional_assign method + // to biggroup or could just perform these operations on the underlying fields prior to constructing the + // biggroup element. public_key.x() = Fq::conditional_assign(predicate, public_key.x(), default_point.x()); public_key.y() = Fq::conditional_assign(predicate, public_key.y(), default_point.y()); } else { From bf69adde3398fd4075dca64ab9a94a3bd65c8588 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 24 Oct 2025 19:27:33 +0000 Subject: [PATCH 7/8] fix ecdsa test error message --- .../barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp index 4f98f939739e..582065191e52 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp @@ -80,15 +80,15 @@ template class EcdsaTests : public ::testing::Test { case TamperingMode::XCoordinateOverflow: { // Invalidate the circuit by passing a public key with x >= q // Do nothing here, tampering happens in circuit - failure_msg = "ECDSA input validation: the x coordinate of the public key is bigger than the base field " - "modulus.: hi limb."; + failure_msg = "ECDSA input validation: coordinate(s) of the public key bigger than the base field modulus. " + "(x coordinate): hi limb."; break; } case TamperingMode::YCoordinateOverflow: { // Invalidate the circuit by passing a public key with y >= q // Do nothing here, tampering happens in circuit - failure_msg = "ECDSA input validation: the y coordinate of the public key is bigger than the base field " - "modulus.: hi limb."; + failure_msg = "ECDSA input validation: coordinate(s) of the public key bigger than the base field modulus. " + "(y coordinate): hi limb."; break; } case TamperingMode::InvalidR: { From fdb479887de5bfb6d2c7ce6bd61b4008023478e1 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 28 Oct 2025 21:23:58 +0000 Subject: [PATCH 8/8] comment --- .../src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index eaa822ee6f65..ffed47e71bc3 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -427,8 +427,7 @@ template class element { // Coordinate accessors (non-owning, const reference) const Fq& x() const { return _x; } const Fq& y() const { return _y; } - // BIGGROUP_AUDITTODO: Remove these non-const accessors by adding explicit methods for mutation where absolutely - // needed. + // BIGGROUP_AUDITTODO: Remove these non-const accessors by adding explicit methods for mutation where required. Fq& x() { return _x; } Fq& y() { return _y; }