kimchi::circuits::polynomials::endosclmul

Function gen_witness

pub fn gen_witness<F: Field + Display>(
    w: &mut [Vec<F>; 15],
    row0: usize,
    endo: F,
    base: (F, F),
    bits: &[bool],
    acc0: (F, F),
) -> EndoMulResult<F>

Expand description

Generates the witness values for a series of EndoMul gates.

This function computes the witness for endomorphism-optimized scalar multiplication. It processes 4 bits of the scalar per row, computing the intermediate curve points and slopes needed for the constraints.

§Arguments

w - The witness array to populate (15 columns x num_rows)
row0 - The starting row index
endo - The endomorphism coefficient (cube root of unity in base field)
base - The base point T = (x_T, y_T) being multiplied
bits - Scalar bits in MSB-first order. Length must be a multiple of 4.
acc0 - Initial accumulator point. Typically set to 2*(T + phi(T)) to avoid edge cases with the point at infinity.

§Returns

The final accumulated point and scalar after processing all bits.

§Wire Layout (per row)

Col	0	1	4	5	6	7	8	9	10	11	12	13	14
	x_T	y_T	x_P	y_P	n	x_R	y_R	s1	s3	b1	b2	b3	b4

§Panics

Will panic if bits length is not a multiple of 4.

gen_witness

Function gen_witness Copy item path

§Arguments

§Returns

§Wire Layout (per row)

§Panics

Function gen_witness