WiP alternative constraints

AztecProtocol · Sep 1, 2023 · 3abe929 · 3abe929
1 parent ef00cfb
commit 3abe929
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/...uits/cpp/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp b/...uits/cpp/barretenberg/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_goblin.hpp
@@ -42,21 +42,24 @@ element<C, Fq, Fr, G> element<C, Fq, Fr, G>::goblin_batch_mul(const std::vector<
         // Populate the goblin-style ecc op gates for the given mul inputs
         auto op_tuple = builder->queue_ecc_mul_accum(point.get_value(), scalar.get_value());
 
-        // Adds constraints demonstrating proper decomposition of point coordinates.
+        // Adds constraints demonstrating that the EC point coordinates can be reconstructed from their decomposition.
         auto x_lo = Fr::from_witness_index(builder, op_tuple.x_lo);
         auto x_hi = Fr::from_witness_index(builder, op_tuple.x_hi);
         auto y_lo = Fr::from_witness_index(builder, op_tuple.y_lo);
         auto y_hi = Fr::from_witness_index(builder, op_tuple.y_hi);
         Fq point_x(x_lo, x_hi);
         Fq point_y(y_lo, y_hi);
-        // WORKTODO (discuss with Kesha): Kesha suggested that it may be necessary to do some assert_is_in_field here.
-        // All of the point coordinates being compared here have been constructed via bigfield(lo, hi) which appears to
-        // control number of bits but it's not clear whether it guarantees membership in Fq. Seems like it must,
-        // otherwise is eems we'd need to assert in field every time we construct a bigfield element from witness. Also,
-        // is assert_equal the right thing here? Any subtlety we should document?
         point.x.assert_equal(point_x);
         point.y.assert_equal(point_y);
 
+        // // ALTERNATIVELY: try this and compare gate counts
+        // point.x.assert_is_in_field()
+        // point.y.assert_is_in_field()
+        // x_lo.assert_equal(point.x.binary_basis_limbs[0] + shift_1 * point.x.binary_basis_limbs[1]);
+        // x_hi.assert_equal(point.x.binary_basis_limbs[2] + shift_1 * point.x.binary_basis_limbs[3]);
+        // y_lo.assert_equal(point.y.binary_basis_limbs[0] + shift_1 * point.y.binary_basis_limbs[1]);
+        // y_hi.assert_equal(point.y.binary_basis_limbs[2] + shift_1 * point.y.binary_basis_limbs[3]);
+
         // Add constraints demonstrating proper decomposition of scalar into endomorphism scalars
         auto z_1 = Fr::from_witness_index(builder, op_tuple.z_1);
         auto z_2 = Fr::from_witness_index(builder, op_tuple.z_2);