feat: add generic lt that checks if the field is bn254

noir-lang · Jan 15, 2024 · f1005fd · f1005fd
1 parent 9c1d610
commit f1005fd
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 7 deletions.
diff --git a/noir_stdlib/src/eddsa.nr b/noir_stdlib/src/eddsa.nr
@@ -1,7 +1,6 @@
 use crate::hash::poseidon;
 use crate::ec::consts::te::baby_jubjub;
 use crate::ec::tecurve::affine::Point as TEPoint;
-use crate::field::bn254::lt as field_lt;
 
 // Returns true if signature is valid
 pub fn eddsa_poseidon_verify(
@@ -22,7 +21,7 @@ pub fn eddsa_poseidon_verify(
     let signature_r8 = TEPoint::new(signature_r8_x, signature_r8_y);
     assert(bjj.curve.contains(signature_r8));
     // Ensure S < Subgroup Order
-    assert(field_lt(signature_s, bjj.suborder));
+    assert(signature_s.lt(bjj.suborder));
     // Calculate the h = H(R, A, msg)
     let hash: Field = poseidon::bn254::hash_5([signature_r8_x, signature_r8_y, pub_key_x, pub_key_y, message]);
     // Calculate second part of the right side:  right2 = h*8*A

diff --git a/noir_stdlib/src/field.nr b/noir_stdlib/src/field.nr
@@ -1,4 +1,5 @@
 mod bn254;
+use bn254::lt as bn254_lt;
 
 impl Field {
     pub fn to_le_bits(self: Self, bit_size: u32) -> [u1] {
@@ -76,6 +77,15 @@ impl Field {
     pub fn sgn0(self) -> u1 {
         self as u1
     }
+
+    pub fn lt(self, another: Field) -> bool {
+        if crate::compat::is_bn254() {
+            bn254_lt(self, another)
+        } else {
+            lt_fallback(self, another)
+        }
+    }
+
 }
 
 #[builtin(modulus_num_bits)]
@@ -107,3 +117,24 @@ pub fn bytes32_to_field(bytes32: [u8; 32]) -> Field {
     // Abuse that a % p + b % p = (a + b) % p and that low < p
     low + high * v
 }
+
+fn lt_fallback(x: Field, y: Field) -> bool {
+    let num_bytes = (modulus_num_bits() as u32 + 7) / 8;
+    let x_bytes = x.to_le_bytes(num_bytes);
+    let y_bytes = y.to_le_bytes(num_bytes);
+    let mut x_is_lt = false;
+    let mut done = false;
+    for i in 0..num_bytes {
+        if (!done) {
+            let x_byte = x_bytes[num_bytes - 1 - i] as u8;
+            let y_byte = y_bytes[num_bytes - 1 - i] as u8;
+            let bytes_match = x_byte == y_byte;
+            if !bytes_match {
+                x_is_lt = x_byte < y_byte;
+                done = true;
+            }
+        }
+    }
+    x_is_lt
+}
+
diff --git a/noir_stdlib/src/field/bn254.nr b/noir_stdlib/src/field/bn254.nr
@@ -18,7 +18,6 @@ unconstrained fn decompose_unsafe(x: Field) -> (Field, Field) {
     (low, high)
 }
 
-#[field(bn254)]
 pub fn decompose(x: Field) -> (Field, Field) {
     let (xlo, xhi) = decompose_unsafe(x);
     let borrow = lt_unsafe(PLO, xlo, 16);
@@ -59,7 +58,6 @@ unconstrained fn lte_unsafe(x: Field, y: Field, num_bytes: u32) -> bool {
     lt_unsafe(x, y, num_bytes) | (x == y)
 }
 
-#[field(bn254)]
 pub fn assert_gt(a: Field, b: Field) {
     let (alo, ahi) = decompose(a);
     let (blo, bhi) = decompose(b);
@@ -73,12 +71,10 @@ pub fn assert_gt(a: Field, b: Field) {
     rhi.assert_max_bit_size(128);
 }
 
-#[field(bn254)]
 pub fn assert_lt(a: Field, b: Field) {
     assert_gt(b, a);
 }
 
-#[field(bn254)]
 pub fn gt(a: Field, b: Field) -> bool {
     if a == b {
         false
@@ -91,7 +87,6 @@ pub fn gt(a: Field, b: Field) -> bool {
     }
 }
 
-#[field(bn254)]
 pub fn lt(a: Field, b: Field) -> bool {
     gt(b, a)
 }