Module risc0_zkp::field::goldilocks
source · Expand description
The field extension whose subfield is order 2^64 - 2^32 + 1;
this field choice allows for fast reduction
Goldilocks field.
Support for the base finite field modulo 2^64 - 2^32 + 1
.
Structs
The Goldilocks class is an element of the finite field F_p, where P is the
prime number 2^64 - 2^32 + 1. Here we implement integer
arithmetic modulo P for both Goldilocks and for a field extension of
Goldilocks.
Instances of
ExtElem
are elements of a finite field F_p^2
. They are
represented as elements of F_p[X] / (X^2 - 11)
. This large
finite field (about 2^128
elements) is used when the security of
operations depends on the size of the field. The field extension ExtElem
has Elem
as a subfield, so operations on elements of each are compatible.
The irreducible polynomial x^2 - 11
was chosen because 11
is
the simplest choice of BETA
for x^2 - BETA
that makes this polynomial
irreducible.