Longfellow ZK 0290cb32
Loading...
Searching...
No Matches
cbor_pluck.h
1// Copyright 2025 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_CBOR_PLUCK_H_
16#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_CBOR_PLUCK_H_
17#include <stddef.h>
18#include <stdint.h>
19
20#include <vector>
21
22#include "algebra/interpolation.h"
23#include "algebra/poly.h"
24#include "circuits/logic/bit_plucker_constants.h"
25#include "circuits/logic/polynomial.h"
26
27namespace proofs {
28// Special plucker that decodes into a pair (B, J) where B is one bit,
29// and J is an array of NJ bits at most one of which can be set.
30//
31// B can assume one of two distinct values, and J can assume NJ+1
32// distinct values. Thus there are N = 2*(NJ+1) evaluation points.
33// We encode J as the index IJ of which bit is set, or IJ=NJ if no bit
34// is set.
35template <class Logic, size_t NJ>
36class CborPlucker {
37 public:
38 using Field = typename Logic::Field;
39 using BitW = typename Logic::BitW;
40 using EltW = typename Logic::EltW;
41 using Elt = typename Field::Elt;
42 static constexpr size_t kN = 2 * (NJ + 1);
43 using PolyN = Poly<kN, Field>;
44 using InterpolationN = Interpolation<kN, Field>;
45 const Logic& l_;
46 PolyN pluckerb_;
47 std::vector<PolyN> pluckerj_;
48
49 explicit CborPlucker(const Logic& l) : l_(l), pluckerj_(NJ) {
50 const Field& F = l_.f_; // shorthand
51 // evaluation points
52 PolyN X;
53 for (size_t i = 0; i < kN; ++i) {
54 X[i] = bit_plucker_point<Field, kN>()(i, F);
55 }
56
57 // encode B in the low-order bit
58 PolyN Y;
59 for (size_t i = 0; i < kN; ++i) {
60 Y[i] = F.of_scalar(i & 1);
61 }
62 pluckerb_ = InterpolationN::monomial_of_lagrange(Y, X, F);
63
64 // encode J in the high-order bits
65 for (size_t j = 0; j < NJ; ++j) {
66 for (size_t i = 0; i < kN; ++i) {
67 Y[i] = F.of_scalar((i >> 1) == j);
68 }
69 pluckerj_[j] = InterpolationN::monomial_of_lagrange(Y, X, F);
70 }
71 }
72
73 BitW pluckb(const EltW& e) const {
74 const Logic& L = l_; // shorthand
75 const Polynomial<Logic> P(L);
76
77 EltW v = P.eval(pluckerb_, e);
78 L.assert_is_bit(v);
79 return BitW(v, L.f_);
80 }
81
82 typename Logic::template bitvec<NJ> pluckj(const EltW& e) const {
83 typename Logic::template bitvec<NJ> r;
84 const Logic& L = l_; // shorthand
85 const Polynomial<Logic> P(L);
86
87 for (size_t j = 0; j < NJ; ++j) {
88 EltW v = P.eval(pluckerj_[j], e);
89 L.assert_is_bit(v);
90 r[j] = BitW(v, L.f_);
91 }
92
93 return r;
94 }
95};
96
97template <class Field, size_t NJ>
98struct cbor_plucker_point {
99 using Elt = typename Field::Elt;
100 static constexpr size_t kN = 2 * (NJ + 1);
101
102 // packing of bits compatible with even_lagrange_basis():
103 Elt operator()(bool b, size_t j, const Field& F) const {
104 uint64_t bits = b + 2 * j;
105 return bit_plucker_point<Field, kN>()(bits, F);
106 }
107};
108} // namespace proofs
109
110#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_CBOR_PLUCK_H_
proofs::Interpolation
Definition interpolation.h:29
proofs::Logic
Definition logic.h:38
proofs::Poly
Definition poly.h:24
proofs::Polynomial
Definition polynomial.h:27
proofs::GF2_128::Elt
Definition gf2_128.h:63
proofs::Logic::BitW
Definition logic.h:130
proofs::bit_plucker_point
Definition bit_plucker_constants.h:25
proofs::cbor_plucker_point
Definition cbor_pluck.h:98
Generated by doxygen 1.15.0