field-cat

Finite field algebra shared across the *-cat proof-system ecosystem.

field-cat owns the [Field] trait, the [FieldBytes] serialization trait, and a small library of concrete finite fields used by plonkish-cat, proof-cat, and stark-cat.

Why a separate crate

The Field trait was previously defined in plonkish-cat. That coupling forces any downstream proof system (modern STARK, FRI, plain polynomial commitment schemes) to depend on the entire plonkish-cat constraint vocabulary (ConstraintSet, Expression, Wire, CopyConstraint) just to use field arithmetic. Lifting the trait into its own crate lets each downstream pick exactly the layer it needs.

Provided fields

Field	Modulus	Width	Typical use
[`F101`]	`101`	7-bit	toy field for tests and small inspectable examples
[`BabyBear`]	`2^31 - 1` (Mersenne prime)	31-bit	Plonky3, SP1, modern STARK frontends
[`BFieldElement`]	`2^64 - 2^32 + 1` (Goldilocks prime)	64-bit	Triton VM, Plonky3 (when wider field needed), Risc0 base

Adding a new field is a matter of defining a newtype, implementing the std::ops arithmetic, implementing [Field] (zero / one / inv), and implementing [FieldBytes] if the element will be absorbed into a Fiat-Shamir transcript.

Quick start

use field_cat::{BabyBear, BFieldElement, Field};

let a = BabyBear::new(7);
let b = BabyBear::new(11);
assert_eq!((a * b).value(), 77);

let g = BFieldElement::new(42);
let g_inv = g.inv()?;
assert_eq!(g * g_inv, BFieldElement::one());
# Ok::<(), field_cat::Error>(())

Building

cargo build
cargo test
RUSTFLAGS="-D warnings" cargo clippy
cargo doc --no-deps --open

Conventions

See CLAUDE.md: functional, type-driven, hand-rolled error enum, no unwrap, no as casts, no mut, no dyn, no loop/for. Linter is run with RUSTFLAGS="-D warnings".

License

MIT