nim-groth16/domain.nim


#
# power-of-two sized multiplicative FFT domains in the scalar field
#

import constantine/math/arithmetic   except Fp,Fr
import constantine/math/io/io_fields except Fp,Fr
#import constantine/math/io/io_bigints

import ./bn128
import ./misc

#-------------------------------------------------------------------------------

type 
  Domain* = object
    domainSize*    : int         # `N = 2^n`
    logDomainSize* : int         # `n = log2(N)`
    domainGen*     : Fr          # `g`
    invDomainGen*  : Fr          # `g^-1`
    invDomainSize* : Fr          # `1/n`

#-------------------------------------------------------------------------------

# the generator of the multiplicative subgroup with size `2^28`
const gen28 : Fr = fromHex( Fr, "0x2a3c09f0a58a7e8500e0a7eb8ef62abc402d111e41112ed49bd61b6e725b19f0" )

func createDomain*(size: int): Domain = 
  let log2 = ceilingLog2(size)
  assert( (1 shl log2) == size , "domain must have a power-of-two size" )

  let expo : uint = 1'u shl (28 - log2)
  let gen  : Fr   = smallPowFr(gen28, expo)

  let halfSize = size div 2
  let a : Fr = smallPowFr(gen, size    )
  let b : Fr = smallPowFr(gen, halfSize)
  assert(     bool(a == oneFr) , "domain generator sanity check /A" )
  assert( not bool(b == oneFr) , "domain generator sanity check /B" )

  return Domain( domainSize:    size
               , logDomainSize: log2
               , domainGen:     gen
               , invDomainGen:  invFr(gen)
               , invDomainSize: invFr(intToFr(size)) 
               )

#-------------------------------------------------------------------------------

func enumerateDomain*(D: Domain): seq[Fr] =
  var xs : seq[Fr] = newSeq[Fr](D.domainSize)
  var g  : Fr = oneFr
  for i in 0..<D.domainSize:
    xs[i] = g
    g *= D.domainGen
  return xs

#-------------------------------------------------------------------------------
polynomials and NTT 2023-11-10 10:12:39 +01:00
			`#`
			`# power-of-two sized multiplicative FFT domains in the scalar field`
			`#`

			`import constantine/math/arithmetic except Fp,Fr`
			`import constantine/math/io/io_fields except Fp,Fr`
proving and verifying _finally_ works 2023-11-11 13:35:13 +01:00			`#import constantine/math/io/io_bigints`
polynomials and NTT 2023-11-10 10:12:39 +01:00
			`import ./bn128`
			`import ./misc`

			`#-------------------------------------------------------------------------------`

			`type`
			`Domain* = object`
add "fake" trusted setup for testing purposes; implement both the paper version and snarkjs version of the prover 2023-11-13 19:40:15 +01:00			domainSize* : int # `N = 2^n`
			logDomainSize* : int # `n = log2(N)`
			domainGen* : Fr # `g`
			invDomainGen* : Fr # `g^-1`
			invDomainSize* : Fr # `1/n`
polynomials and NTT 2023-11-10 10:12:39 +01:00
			`#-------------------------------------------------------------------------------`

			# the generator of the multiplicative subgroup with size `2^28`
			`const gen28 : Fr = fromHex( Fr, "0x2a3c09f0a58a7e8500e0a7eb8ef62abc402d111e41112ed49bd61b6e725b19f0" )`

			`func createDomain*(size: int): Domain =`
			`let log2 = ceilingLog2(size)`
			`assert( (1 shl log2) == size , "domain must have a power-of-two size" )`

			`let expo : uint = 1'u shl (28 - log2)`
			`let gen : Fr = smallPowFr(gen28, expo)`

			`let halfSize = size div 2`
proving and verifying _finally_ works 2023-11-11 13:35:13 +01:00			`let a : Fr = smallPowFr(gen, size )`
			`let b : Fr = smallPowFr(gen, halfSize)`
polynomials and NTT 2023-11-10 10:12:39 +01:00			`assert( bool(a == oneFr) , "domain generator sanity check /A" )`
			`assert( not bool(b == oneFr) , "domain generator sanity check /B" )`

add "fake" trusted setup for testing purposes; implement both the paper version and snarkjs version of the prover 2023-11-13 19:40:15 +01:00			`return Domain( domainSize: size`
			`, logDomainSize: log2`
			`, domainGen: gen`
			`, invDomainGen: invFr(gen)`
			`, invDomainSize: invFr(intToFr(size))`
			`)`
polynomials and NTT 2023-11-10 10:12:39 +01:00
			`#-------------------------------------------------------------------------------`

			`func enumerateDomain*(D: Domain): seq[Fr] =`
			`var xs : seq[Fr] = newSeq[Fr](D.domainSize)`
			`var g : Fr = oneFr`
			`for i in 0..<D.domainSize:`
			`xs[i] = g`
			`g *= D.domainGen`
			`return xs`

			`#-------------------------------------------------------------------------------`
add "fake" trusted setup for testing purposes; implement both the paper version and snarkjs version of the prover 2023-11-13 19:40:15 +01:00