bb::group_elements Namespace Reference

Namespaces
namespace	detail

Classes
class	affine_element
struct	curve_for_element
struct	curve_for_element< fq, fr, Bn254G1Params >
struct	curve_for_element< fr, fq, grumpkin::G1Params >
class	element
	element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l More...
class	TestElementPrivate

Concepts
concept	SupportsHashToCurve

Functions
template<typename B , typename Fq_ , typename Fr_ , typename Params >
void	read (B &it, group_elements::affine_element< Fq_, Fr_, Params > &element)
template<typename B , typename Fq_ , typename Fr_ , typename Params >
void	write (B &it, group_elements::affine_element< Fq_, Fr_, Params > const &element)
template<class Fq , class Fr , class Params >
std::ostream &	operator<< (std::ostream &os, element< Fq, Fr, Params > const &e)
template<typename AffineElement , typename Fq >
	__attribute__ ((always_inline)) inline void batch_affine_add_impl(const AffineElement *lhs
	Batch affine addition for parallel arrays: (lhs[i], rhs[i]) → rhs[i].
	for (size_t i=0;i< num_pairs;++i)
	if (batch_inversion_accumulator==Fq::zero())
template<typename AffineElement , typename Fq , typename T >
	__attribute__ ((always_inline)) inline void batch_affine_double_impl(AffineElement *points
	Batch affine point doubling using Montgomery's trick.
	for (size_t i_plus_1=num_points;i_plus_1 > 0;--i_plus_1)
	if (batch_inv_acc==Fq::zero())
	for (size_t k=num_pairs;k-- > 0;)

Variables
AffineElement *	rhs
AffineElement const size_t	num_pairs
AffineElement const size_t Fq *scratch_space	noexcept
	batch_inversion_accumulator = batch_inversion_accumulator.invert()
const size_t	num_points
Fq	temp_x
AffineElement *	accumulator
AffineElement const size_t Fq *	scratch_a
AffineElement const size_t Fq Fq *	scratch_b
	batch_inv_acc = batch_inv_acc.invert()
const std::pair< uint32_t, uint32_t > *	pairs
const uint32_t *	indices

Function Documentation

__attribute__() [1/2]

template<typename AffineElement , typename Fq >

bb::group_elements::__attribute__

(

(always_inline)

)

const

Batch affine addition for parallel arrays: (lhs[i], rhs[i]) → rhs[i].

Batch affine doubling for non-contiguous bucket positions: for each idx in indices, mutates buckets[idx] = 2 * buckets[idx] in place.

Batch affine addition for non-contiguous bucket positions: for each pair (dst_idx, src_idx), mutates buckets[dst_idx] += buckets[src_idx] in place.

Fused 2·P + Q for a parallel array of (P, Q) pairs.

Batch affine addition for interleaved arrays: pairs (points[2i], points[2i+1]) → points[num_points/2 + i].

Uses Montgomery's batch inversion trick. lhs and rhs are separate arrays so no aliasing issues.

Parameters

lhs	Input array of first summands (read-only)
rhs	Input array of second summands; results are written here (rhs[i] = lhs[i] + rhs[i])
num_pairs	Number of point pairs to add
scratch_space	Temporary storage for batch inversion, size >= num_pairs

Warning

ASSUMES NO EDGE CASES:

• All points must be valid (not point at infinity)
• lhs[i] != rhs[i] for all i (no point doubling cases)
• lhs[i] != -rhs[i] for all i (no point at infinity results)

Specialized for Pippenger's interleaved memory layout, where lhs and rhs live in the same contiguous array and results are written into the upper half.

Parameters

points	Interleaved array: [lhs0, rhs0, lhs1, rhs1, ...]. Results written to top half.
num_points	Total number of points (must be even). Number of pairs = num_points / 2.
scratch_space	Temporary storage for batch inversion, size >= num_points / 2.

Computes (P + Q) + P via the chord-only path: derive the slope for the second add directly from λ1 instead of materialising the intermediate y3. Concretely: λ1 = (y2 − y1) / (x2 − x1) x3 = λ1² − x1 − x2 λ2 = −λ1 − 2·y1 / (x3 − x1) x4 = λ2² − x1 − x3 y4 = λ2·(x1 − x4) − y1

Two Montgomery batch inversions are required (one per λ) — same as a separate batch_affine_double_impl + batch_affine_add_impl would do — but the per-pair field work shrinks by 1 mul (no y3) and 1 sqr (no doubling's 3·x² sqr) compared to dbl-then-add.

Parameters

to_add	Input (x2, y2) per pair. Read-only.
accumulator	Input (x1, y1) per pair; overwritten with (x4, y4).
num_pairs	Number of pairs.
scratch_a	Fq scratch ≥ num_pairs.
scratch_b	Fq scratch ≥ num_pairs.
scratch_c	Fq scratch ≥ num_pairs.

Warning

ASSUMES NO EDGE CASES (inherits batch_affine_add_impl's contract):

• x2 ≠ x1 for all pairs (Q ≠ ±P).
• x3 ≠ x1 for all pairs (P + Q ≠ ±P, i.e. 2·P + Q ≠ O).

Variant of batch_affine_add_impl that gathers operands by index from a shared bucket array. Used by the bucket-reduction path in round_parallel_msm.cpp, where the dst and src positions are scattered across a dense bucket array but the operation count is large enough to amortize one Montgomery batch inversion over the whole call.

One Fq inversion total, regardless of num_pairs. Each pair contributes ~6 muls + 1 sqr + a few adds + a small constant share of the inversion.

Parameters

buckets	base array of affine points (mutated in place at dst_idx positions).
pairs	array of (dst_idx, src_idx); after the call, buckets[dst_idx] = old buckets[dst_idx] + buckets[src_idx].
num_pairs	number of pairs.
scratch_space	Fq scratch of size ≥ num_pairs.

Warning

ASSUMES NO EDGE CASES:

• All referenced points must be valid (not point at infinity). Caller must filter identities.
• dst_idx != src_idx within a single call (no aliasing-as-doubling).
• For each pair, buckets[dst_idx] != ±buckets[src_idx]. The first triggers doubling (denominator zero); the second produces point-at-infinity (also denominator zero).
• Across pairs, no dst_idx equals any other pair's src_idx (no read-after-write aliasing).

Variant of batch_affine_double_impl that gathers operands by index. One Fq inversion across the whole call. See batch_affine_add_indexed_impl for the rationale.

Parameters

buckets	base array of affine points (mutated in place at indices positions).
indices	array of bucket indices to double.
num_points	number of points to double.
scratch_space	Fq scratch of size ≥ num_points.

Warning

ASSUMES NO EDGE CASES:

• All referenced points must be valid (not point at infinity, y != 0). Caller must filter identities.
• indices contains no duplicates (no aliasing).

__attribute__() [2/2]

template<typename AffineElement , typename Fq , typename T >

bb::group_elements::__attribute__

(

(always_inline)

)

Batch affine point doubling using Montgomery's trick.

Template Parameters

AffineElement	Affine point type
Fq	Base field type
T	Curve parameters type (for adding a in slope calculation)

Warning

ASSUMES NO EDGE CASES:

• All points must be valid (not point at infinity)
• points[i].y != 0 for all i (no vertical tangents)
• No points with order 2 (where 2P = point at infinity)

Note

This is the "unsafe" fast path. For general point doubling with edge case handling, use Jacobian arithmetic or check for edge cases before calling this function.

for() [1/3]

bb::group_elements::for

(

)

Definition at line 869 of file element_impl.hpp.

for() [2/3]

bb::group_elements::for	(	size_t	i_plus_1 = num_points; i_plus_1,
		0;--	i_plus_1
	)

Definition at line 989 of file element_impl.hpp.

for() [3/3]

bb::group_elements::for	(	size_t	k = num_pairs; k--,
		0;
	)

Definition at line 1053 of file element_impl.hpp.

if() [1/2]

bb::group_elements::if

(

batch_inv_acc

= = Fq::zero()

)

Definition at line 1049 of file element_impl.hpp.

if() [2/2]

bb::group_elements::if

(

batch_inversion_accumulator

= = Fq::zero()

)

Definition at line 877 of file element_impl.hpp.

operator<<()

template<class Fq , class Fr , class Params >

std::ostream & bb::group_elements::operator<<	(	std::ostream &	os,
		element< Fq, Fr, Params > const &	e
	)

Definition at line 172 of file element.hpp.

read()

template<typename B , typename Fq_ , typename Fr_ , typename Params >

void bb::group_elements::read ( B &  it, group_elements::affine_element< Fq_, Fr_, Params > &  element  )

inline

Definition at line 324 of file affine_element.hpp.

write()

template<typename B , typename Fq_ , typename Fr_ , typename Params >

void bb::group_elements::write ( B &  it, group_elements::affine_element< Fq_, Fr_, Params > const &  element  )

inline

Definition at line 334 of file affine_element.hpp.

Variable Documentation

accumulator

AffineElement* bb::group_elements::accumulator

Definition at line 1031 of file element_impl.hpp.

batch_inv_acc

bb::group_elements::batch_inv_acc = batch_inv_acc.invert()

Definition at line 1052 of file element_impl.hpp.

batch_inversion_accumulator

Fq bb::group_elements::batch_inversion_accumulator = batch_inversion_accumulator.invert()

Definition at line 880 of file element_impl.hpp.

indices

const uint32_t* bb::group_elements::indices

Definition at line 1200 of file element_impl.hpp.

noexcept

const uint32_t const size_t Fq *scratch_space bb::group_elements::noexcept

Initial value:

{
    Fq batch_inversion_accumulator = Fq::one()

Definition at line 864 of file element_impl.hpp.

num_pairs

const std::pair< uint32_t, uint32_t > const size_t bb::group_elements::num_pairs

Definition at line 863 of file element_impl.hpp.

num_points

const uint32_t const size_t bb::group_elements::num_points

Definition at line 908 of file element_impl.hpp.

pairs

const std::pair<uint32_t, uint32_t>* bb::group_elements::pairs

Definition at line 1123 of file element_impl.hpp.

rhs

AffineElement* bb::group_elements::rhs

Definition at line 862 of file element_impl.hpp.

scratch_a

AffineElement const size_t Fq* bb::group_elements::scratch_a

Definition at line 1033 of file element_impl.hpp.

scratch_b

AffineElement const size_t Fq Fq* bb::group_elements::scratch_b

Definition at line 1034 of file element_impl.hpp.

temp_x

Fq bb::group_elements::temp_x

Definition at line 988 of file element_impl.hpp.