1  
 2  //
 3  // for soundness testing we use the `r1cs-solver` testing framework, which 
 4  // currently uses the ambient prime 65537 (instead of BN254); with realistic
 5  // primes it would be too slow (needs fast square root for example) 
 6  //
 7  // thus, as the second best option, we want to test the soundness of the field 
 8  // emulation by testing it on the "tiny-goldilocks" prime `P = 2^8 - 2^4 + 1`
 9  //
10  // hence we try and make all this "parametric" over the Solinas primes `P(a,b) := 2^b - 2^a + 1`
11  //
12  // unfortunately, circom does not support global constants, so we need
13  // to do some hacking to hack around this limitation.
14  //
15  
16  
17  pragma circom 2.2.0;
18  
19  //------------------------------------------------------------------------------
20  
21  // function SolinasExpoBig()   { return 64; }
22  // function SolinasExpoSmall() { return 32; }
23  
24  function SolinasExpoBig()   { return 8; }
25  function SolinasExpoSmall() { return 4; }
26  
27  function FieldPrime()  { 
28    return (2**SolinasExpoBig() - 2**SolinasExpoSmall() + 1); 
29  }
30  
31  //------------------------------------------------------------------------------