feat: bump bignum (#12196)

@kashbrti I'm opening this against your branch so we can get extra test
coverage.

Author: TomAFrench

noir-projects/noir-protocol-circuits/crates/blob/Nargo.toml

@@ -5,5 +5,5 @@ authors = [""]
 compiler_version = ">=0.30.0"
 
 [dependencies]
-bigint = { tag = "v0.5.4", git = "https://github.com/noir-lang/noir-bignum" }
+bigint = { tag = "v0.6.0", git = "https://github.com/noir-lang/noir-bignum" }
 types = { path = "../types" }

noir-projects/noir-protocol-circuits/crates/blob/src/blob.nr

@@ -1,23 +1,20 @@
 use crate::{
     blob_public_inputs::{BlobCommitment, BlobPublicInputs, BlockBlobPublicInputs},
-    config::{D_INV, F, LOG_FIELDS_PER_BLOB, ROOTS},
+    config::{D_INV, LOG_FIELDS_PER_BLOB, ROOTS},
 };
 
-use bigint::{BigNum, BigNumTrait};
+use bigint::{BigNumTrait, BLS12_381_Fr as F};
 use std::ops::{Mul, Neg};
 use types::{
     abis::sponge_blob::SpongeBlob,
-    constants::{BLOBS_PER_BLOCK, FIELDS_PER_BLOB, TWO_POW_64},
+    constants::{BLOBS_PER_BLOCK, FIELDS_PER_BLOB},
     hash::poseidon2_hash_subarray,
     traits::Empty,
     utils::arrays::array_splice,
 };
 
-global LIMB_MAX: Field = 0x1000000000000000000000000000000; // 2^120
-global TWO_POW_56: u64 = 0x100000000000000; // u64 to aid integer only modulo in __field_to_bignum_limbs
-
 fn convert_blob_fields(blob_as_fields: [Field; FIELDS_PER_BLOB]) -> [F; FIELDS_PER_BLOB] {
-    let mut blob: [F; FIELDS_PER_BLOB] = [BigNum::zero(); FIELDS_PER_BLOB];
+    let mut blob: [F; FIELDS_PER_BLOB] = [F::zero(); FIELDS_PER_BLOB];
     for i in 0..FIELDS_PER_BLOB {
         blob[i] = F::from(blob_as_fields[i]);
     }
@@ -154,7 +151,7 @@ fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
         //                    i=0
 
         let NUM_PARTIAL_SUMS = FIELDS_PER_BLOB / 8;
-        // Safety: This sum is checked by the following `BigNum::evaluate_quadratic_expression` calls.
+        // Safety: This sum is checked by the following `F::evaluate_quadratic_expression` calls.
         let partial_sums: [F; FIELDS_PER_BLOB / 8] =
             unsafe { __compute_partial_sums(fracs, ROOTS) };
 
@@ -170,7 +167,7 @@ fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
             [fracs[0]], [fracs[1]], [fracs[2]], [fracs[3]], [fracs[4]], [fracs[5]], [fracs[6]],
             [fracs[7]],
         ];
-        BigNum::evaluate_quadratic_expression(
+        F::evaluate_quadratic_expression(
             lhs,
             [[false], [false], [false], [false], [false], [false], [false], [false]],
             rhs,
@@ -203,7 +200,7 @@ fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
             // => (lhs[8*i] * rhs[8*i] + ... + lhs[8*i + 7] * rhs[8*i + 7]) + partial_sums[i-1] - partial_sums[i] == 0
             let linear_terms = [partial_sums[i - 1], partial_sums[i]];
 
-            BigNum::evaluate_quadratic_expression(
+            F::evaluate_quadratic_expression(
                 /* lhs */ [
                     [ROOTS[i * 8 + 0]],
                     [ROOTS[i * 8 + 1]],
@@ -249,7 +246,7 @@ fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
 }
 
 unconstrained fn __compute_factor_helper(z_pow_d: F) -> F {
-    let one: F = BigNum::one();
+    let one: F = F::one();
     z_pow_d.__sub(one).__mul(D_INV)
 }
 
@@ -264,13 +261,13 @@ fn compute_factor(z: F) -> F {
     let z_pow_d = t;
 
     // Safety: We immediately check that this result is correct in the following
-    // `BigNum::evaluate_quadratic_expression` call.
+    // `F::evaluate_quadratic_expression` call.
     let factor = unsafe { __compute_factor_helper(z_pow_d) };
 
     // (z_pow_d - one) * (D_INV) - factor = 0
     // z_pow_d * D_INV - D_INV - factor = 0
     if !std::runtime::is_unconstrained() {
-        BigNum::evaluate_quadratic_expression(
+        F::evaluate_quadratic_expression(
             [[z_pow_d]],
             [[false]],
             [[D_INV]],
@@ -281,7 +278,7 @@ fn compute_factor(z: F) -> F {
     }
 
     // This version doesn't work:
-    // BigNum::evaluate_quadratic_expression(
+    // F::evaluate_quadratic_expression(
     //     [[z_pow_d, one]],
     //     [[false, true]],
     //     [[D_INV]],
@@ -298,7 +295,7 @@ unconstrained fn __compute_fracs(
     ys: [F; FIELDS_PER_BLOB],
     unconstrained_roots: [F; FIELDS_PER_BLOB],
 ) -> [F; FIELDS_PER_BLOB] {
-    let mut denoms = [BigNum::zero(); FIELDS_PER_BLOB];
+    let mut denoms = [F::zero(); FIELDS_PER_BLOB];
     for i in 0..FIELDS_PER_BLOB {
         denoms[i] = z.__sub(unconstrained_roots[i]); // (z - omega^i)
     }
@@ -316,14 +313,14 @@ unconstrained fn __compute_fracs(
 
 fn compute_fracs(z: F, ys: [F; FIELDS_PER_BLOB]) -> [F; FIELDS_PER_BLOB] {
     // Safety: We immediately constrain these `fracs` to be correct in the following call
-    // to `BigNum::evaluate_quadratic_expression`.
+    // to `F::evaluate_quadratic_expression`.
     let mut fracs: [F; FIELDS_PER_BLOB] = unsafe { __compute_fracs(z, ys, ROOTS) };
 
     if !std::runtime::is_unconstrained() {
         for i in 0..FIELDS_PER_BLOB {
             // frac <-- ys[i] / (z + neg_roots[i])
             // frac * (z + neg_roots[i]) - ys[i] = 0
-            BigNum::evaluate_quadratic_expression(
+            F::evaluate_quadratic_expression(
                 [[fracs[i]]],
                 [[false]],
                 [[z, ROOTS[i].neg()]],
@@ -352,7 +349,7 @@ unconstrained fn __compute_partial_sums(
     //                    k=i*8 + 0
 
     // Need to split off the first iteration.
-    let mut partial_sum: F = BigNum::zero();
+    let mut partial_sum: F = F::zero();
     for i in 0..8 {
         // y_k * ( omega^k / (z - omega^k) )
         let summand = unconstrained_roots[i].__mul(fracs[i]);
@@ -395,7 +392,7 @@ unconstrained fn __compute_sum(
     //                   /____       z - omega^i
     //                    i=0
 
-    let mut sum: F = BigNum::zero();
+    let mut sum: F = F::zero();
     for i in 0..FIELDS_PER_BLOB {
         // y_k * ( omega^k / (z - omega^k) )
         let summand = unconstrained_roots[i].__mul(fracs[i]);
@@ -413,11 +410,11 @@ mod tests {
             barycentric_evaluate_blob_at_z, check_block_blob_sponge, evaluate_blob, evaluate_blobs,
         },
         blob_public_inputs::BlobCommitment,
-        config::{D, D_INV, F, ROOTS},
+        config::{D, D_INV, ROOTS},
     };
     use super::{__compute_partial_sums, __compute_sum};
     use bigint::{
-        BigNum, bignum::BigNumTrait, fields::bls12_381Fr::BLS12_381_Fr_Params,
+        BigNumTrait, BLS12_381_Fr as F, fields::bls12_381Fr::BLS12_381_Fr_Params,
         params::BigNumParamsGetter,
     };
     use types::{
@@ -459,7 +456,7 @@ mod tests {
         //*                    d
         //
         let rhs = super::compute_factor(challenge_z);
-        let z_minus_1 = challenge_z.__sub(BigNum::one());
+        let z_minus_1 = challenge_z.__sub(F::one());
         let lhs = y.__mul(z_minus_1);
         assert_eq(lhs, rhs);
     }
@@ -517,7 +514,7 @@ mod tests {
         let output = evaluate_blob(blob, kzg_commitment_in, hashed_blob);
 
         // y is a BLS field with value 0x212c4f0c0ee5e7dd037110686a4639d191dde7b57ab99b51e4b06e7d827b6c4c
-        let expected_y: F = BigNum {
+        let expected_y: F = F {
             limbs: [0xdde7b57ab99b51e4b06e7d827b6c4c, 0x4f0c0ee5e7dd037110686a4639d191, 0x212c],
         };
         assert(expected_y == output.y);
@@ -547,7 +544,7 @@ mod tests {
         let output = evaluate_blobs(blob, [kzg_commitment_in; BLOBS_PER_BLOCK], sponge_blob);
 
         // y is a BLS field with value 0x52fd4e272015a79f3889cc9ab1d84bee4326de7d8ced52612ecc9ec137bd38ee
-        let expected_y: F = BigNum {
+        let expected_y: F = F {
             limbs: [0x26de7d8ced52612ecc9ec137bd38ee, 0x4e272015a79f3889cc9ab1d84bee43, 0x52fd],
         };
         for j in 0..BLOBS_PER_BLOCK {
@@ -598,19 +595,19 @@ mod tests {
 
     #[test]
     unconstrained fn test_barycentric() {
-        let z: F = BigNum { limbs: [2, 0, 0] };
+        let z: F = F { limbs: [2, 0, 0] };
 
         // many y's form a blob:
-        let mut ys: [F; FIELDS_PER_BLOB] = [BigNum::zero(); FIELDS_PER_BLOB];
+        let mut ys: [F; FIELDS_PER_BLOB] = [F::zero(); FIELDS_PER_BLOB];
 
-        ys[0] = BigNum { limbs: [0x1234, 0, 0] };
-        ys[1] = BigNum { limbs: [0xabcd, 0, 0] };
-        ys[2] = BigNum { limbs: [0x69, 0, 0] };
+        ys[0] = F { limbs: [0x1234, 0, 0] };
+        ys[1] = F { limbs: [0xabcd, 0, 0] };
+        ys[2] = F { limbs: [0x69, 0, 0] };
 
         // evaluate the blob at z = 2 to yield y:
         let y = barycentric_evaluate_blob_at_z(z, ys);
 
-        let mut expected_y: [Field; 3] = [0; 3];
+        let mut expected_y: [u128; 3] = [0; 3];
         if (FIELDS_PER_BLOB == 4096) {
             // Computed with the eth consensus specs py lib
             expected_y =
@@ -627,11 +624,11 @@ mod tests {
     }
 
     // Helper function used to populate the hard-coded double_modulus value in the bls12381Fr.nr file in the bignum library.
-    unconstrained fn compute_double_modulus() -> [Field; 3] {
+    unconstrained fn compute_double_modulus() -> [u128; 3] {
         let two_p = [0x7b4805fffcb7fdfffffffe00000002, 0x4ea6533afa906673b0101343b00aa7, 0x00e7db];
         let NUM_LIMBS = 3; // must be >= 3
-        let two_pow_120 = 2.pow_32(120);
-        let mut double_modulus: [Field; 3] = [0; 3];
+        let two_pow_120: u128 = 2.pow_32(120) as u128;
+        let mut double_modulus: [u128; 3] = [0; 3];
 
         double_modulus[0] = two_p[0] + two_pow_120;
         for i in 1..NUM_LIMBS - 1 {
@@ -655,7 +652,7 @@ mod tests {
 
     #[test]
     fn compute_sum_and_compute_partial_sums_agree() {
-        let mut fields = [BigNum::zero(); FIELDS_PER_BLOB];
+        let mut fields = [F::zero(); FIELDS_PER_BLOB];
         for i in 0..FIELDS_PER_BLOB {
             fields[i] = F::from(i as Field);
         }

noir-projects/noir-protocol-circuits/crates/blob/src/blob_public_inputs.nr

@@ -1,5 +1,4 @@
-use crate::config::F;
-use bigint::{BigNum, bignum::BigNumTrait};
+use bigint::{BigNum, bignum::BigNumTrait, BLS12_381_Fr as F};
 use std::ops::Add;
 use types::{
     constants::{BLOB_PUBLIC_INPUTS, BLOBS_PER_BLOCK},
@@ -58,9 +57,9 @@ impl Serialize<BLOB_PUBLIC_INPUTS> for BlobPublicInputs {
     fn serialize(self) -> [Field; BLOB_PUBLIC_INPUTS] {
         [
             self.z,
-            self.y.limbs[0],
-            self.y.limbs[1],
-            self.y.limbs[2],
+            self.y.limbs[0] as Field,
+            self.y.limbs[1] as Field,
+            self.y.limbs[2] as Field,
             self.kzg_commitment.inner[0],
             self.kzg_commitment.inner[1],
         ]
@@ -71,7 +70,7 @@ impl Deserialize<BLOB_PUBLIC_INPUTS> for BlobPublicInputs {
     fn deserialize(fields: [Field; BLOB_PUBLIC_INPUTS]) -> Self {
         Self {
             z: fields[0],
-            y: BigNum { limbs: [fields[1], fields[2], fields[3]] },
+            y: BigNum { limbs: [fields[1] as u128, fields[2] as u128, fields[3] as u128] },
             kzg_commitment: BlobCommitment { inner: [fields[4], fields[5]] },
         }
     }

noir-projects/noir-protocol-circuits/crates/blob/src/config.nr

@@ -1,8 +1,6 @@
-use bigint::{BigNum, fields::bls12_381Fr::BLS12_381_Fr_Params};
+use bigint::{BigNum, BLS12_381_Fr as F};
 use types::constants::FIELDS_PER_BLOB;
 
-pub type F = BigNum<3, 255, BLS12_381_Fr_Params>;
-
 // TODO(#9982): Delete unconstrained_config.nr and go back to using this file - calculating ROOTS in unconstrained is insecure.
 
 pub global LOG_FIELDS_PER_BLOB: u32 = 12;