feat: add sumcheck support for grumpkin curve (PROOF-913) (#249)

* sumcheck grumpkin support

* rework grumpkin field

* add field

* work on sumcheck grumpkin support

* work on grumpkin support

* grumpkin support

* test grumpkin

* support grumpkin

cbindings/blitzar_api.h

@@ -31,6 +31,7 @@ extern "C" {
 #define SXT_CURVE_GRUMPKIN 3
 
 #define SXT_FIELD_SCALAR255 0
+#define SXT_FIELD_GRUMPKIN 1
 
 /** config struct to hold the chosen backend */
 struct sxt_config {

sxt/cbindings/backend/cpu_backend.cc

@@ -76,28 +76,27 @@ void cpu_backend::prove_sumcheck(void* polynomials, void* evaluation_point, unsi
   auto num_variables = static_cast<size_t>(std::max(basn::ceil_log2(descriptor.n), 1));
   cbnb::switch_field_type(
       static_cast<cbnb::field_id_t>(field_id), [&]<class T>(std::type_identity<T>) noexcept {
-        static_assert(std::same_as<T, s25t::element>, "only support curve-255 right now");
         // transcript
         callback_sumcheck_transcript<T> transcript{
             reinterpret_cast<callback_sumcheck_transcript<T>::callback_t>(
                 const_cast<void*>(transcript_callback)),
             transcript_context};
 
         // prove
-        basct::span<s25t::element> polynomials_span{
-            static_cast<s25t::element*>(polynomials),
+        basct::span<T> polynomials_span{
+            static_cast<T*>(polynomials),
             (descriptor.round_degree + 1u) * num_variables,
         };
-        basct::span<s25t::element> evaluation_point_span{
-            static_cast<s25t::element*>(evaluation_point),
+        basct::span<T> evaluation_point_span{
+            static_cast<T*>(evaluation_point),
             num_variables,
         };
-        basct::cspan<s25t::element> mles_span{
-            static_cast<const s25t::element*>(descriptor.mles),
+        basct::cspan<T> mles_span{
+            static_cast<const T*>(descriptor.mles),
             descriptor.n * descriptor.num_mles,
         };
-        basct::cspan<std::pair<s25t::element, unsigned>> product_table_span{
-            static_cast<const std::pair<s25t::element, unsigned>*>(descriptor.product_table),
+        basct::cspan<std::pair<T, unsigned>> product_table_span{
+            static_cast<const std::pair<T, unsigned>*>(descriptor.product_table),
             descriptor.num_products,
         };
         basct::cspan<unsigned> product_terms_span{

sxt/cbindings/backend/gpu_backend.cc

@@ -109,28 +109,27 @@ void gpu_backend::prove_sumcheck(void* polynomials, void* evaluation_point, unsi
   auto num_variables = static_cast<size_t>(std::max(basn::ceil_log2(descriptor.n), 1));
   cbnb::switch_field_type(
       static_cast<cbnb::field_id_t>(field_id), [&]<class T>(std::type_identity<T>) noexcept {
-        static_assert(std::same_as<T, s25t::element>, "only support curve-255 right now");
         // transcript
         callback_sumcheck_transcript<T> transcript{
             reinterpret_cast<callback_sumcheck_transcript<T>::callback_t>(
                 const_cast<void*>(transcript_callback)),
             transcript_context};
 
         // prove
-        basct::span<s25t::element> polynomials_span{
-            static_cast<s25t::element*>(polynomials),
+        basct::span<T> polynomials_span{
+            static_cast<T*>(polynomials),
             (descriptor.round_degree + 1u) * num_variables,
         };
-        basct::span<s25t::element> evaluation_point_span{
-            static_cast<s25t::element*>(evaluation_point),
+        basct::span<T> evaluation_point_span{
+            static_cast<T*>(evaluation_point),
             num_variables,
         };
-        basct::cspan<s25t::element> mles_span{
-            static_cast<const s25t::element*>(descriptor.mles),
+        basct::cspan<T> mles_span{
+            static_cast<const T*>(descriptor.mles),
             descriptor.n * descriptor.num_mles,
         };
-        basct::cspan<std::pair<s25t::element, unsigned>> product_table_span{
-            static_cast<const std::pair<s25t::element, unsigned>*>(descriptor.product_table),
+        basct::cspan<std::pair<T, unsigned>> product_table_span{
+            static_cast<const std::pair<T, unsigned>*>(descriptor.product_table),
             descriptor.num_products,
         };
         basct::cspan<unsigned> product_terms_span{

sxt/cbindings/base/BUILD

@@ -57,6 +57,7 @@ sxt_cc_component(
     deps = [
         ":field_id",
         "//sxt/base/error:panic",
+        "//sxt/fieldgk/realization:field",
         "//sxt/scalar25/realization:field",
     ],
 )

sxt/cbindings/base/field_id.h

@@ -27,5 +27,6 @@ namespace sxt::cbnb {
  */
 enum class field_id_t : unsigned {
   scalar25519 = 0,
+  grumpkin = 1,
 };
 } // namespace sxt::cbnb

sxt/cbindings/base/field_id_utility.h

@@ -20,6 +20,7 @@
 
 #include "sxt/base/error/panic.h"
 #include "sxt/cbindings/base/field_id.h"
+#include "sxt/fieldgk/realization/field.h"
 #include "sxt/scalar25/realization/field.h"
 
 namespace sxt::cbnb {
@@ -31,6 +32,9 @@ template <class F> void switch_field_type(field_id_t id, F f) {
   case field_id_t::scalar25519:
     f(std::type_identity<s25t::element>{});
     break;
+  case field_id_t::grumpkin:
+    f(std::type_identity<fgkt::element>{});
+    break;
   default:
     baser::panic("unsupported field id {}", static_cast<unsigned>(id));
   }

sxt/fieldgk/operation/BUILD

@@ -83,6 +83,16 @@ sxt_cc_component(
     ],
 )
 
+sxt_cc_component(
+    name = "muladd",
+    with_test = False,
+    deps = [
+        ":add",
+        ":mul",
+        "//sxt/base/macro:cuda_callable",
+    ],
+)
+
 sxt_cc_component(
     name = "neg",
     test_deps = [

sxt/fieldgk/operation/muladd.cc

@@ -0,0 +1,17 @@
+/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU.
+ *
+ * Copyright 2025-present Space and Time Labs, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "sxt/fieldgk/operation/muladd.h"

sxt/fieldgk/operation/muladd.h

@@ -0,0 +1,33 @@
+/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU.
+ *
+ * Copyright 2025-present Space and Time Labs, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+#include "sxt/base/macro/cuda_callable.h"
+#include "sxt/fieldgk/operation/add.h"
+#include "sxt/fieldgk/operation/mul.h"
+
+namespace sxt::fgko {
+//--------------------------------------------------------------------------------------------------
+// muladd
+//--------------------------------------------------------------------------------------------------
+inline CUDA_CALLABLE void muladd(fgkt::element& s, const fgkt::element& a, const fgkt::element& b,
+                                 const fgkt::element& c) noexcept {
+  auto cp = c;
+  mul(s, a, b);
+  add(s, s, cp);
+}
+} // namespace sxt::fgko

sxt/fieldgk/realization/BUILD

@@ -0,0 +1,18 @@
+load(
+    "//bazel:sxt_build_system.bzl",
+    "sxt_cc_component",
+)
+
+sxt_cc_component(
+    name = "field",
+    with_test = False,
+    deps = [
+        "//sxt/base/field:element",
+        "//sxt/fieldgk/operation:add",
+        "//sxt/fieldgk/operation:mul",
+        "//sxt/fieldgk/operation:muladd",
+        "//sxt/fieldgk/operation:neg",
+        "//sxt/fieldgk/operation:sub",
+        "//sxt/fieldgk/type:element",
+    ],
+)

sxt/fieldgk/realization/field.cc

@@ -0,0 +1,17 @@
+/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU.
+ *
+ * Copyright 2025-present Space and Time Labs, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "sxt/fieldgk/realization/field.h"

sxt/fieldgk/realization/field.h

@@ -0,0 +1,27 @@
+/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU.
+ *
+ * Copyright 2025-present Space and Time Labs, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+#include "sxt/base/field/element.h"
+#include "sxt/fieldgk/operation/add.h"
+#include "sxt/fieldgk/operation/mul.h"
+#include "sxt/fieldgk/operation/muladd.h"
+#include "sxt/fieldgk/operation/neg.h"
+#include "sxt/fieldgk/operation/sub.h"
+#include "sxt/fieldgk/type/element.h"
+
+static_assert(sxt::basfld::element<sxt::fgkt::element>);

sxt/fieldgk/type/BUILD

@@ -3,6 +3,11 @@ load(
     "sxt_cc_component",
 )
 
+sxt_cc_component(
+    name = "operation_adl_stub",
+    with_test = False,
+)
+
 sxt_cc_component(
     name = "element",
     impl_deps = [
@@ -14,6 +19,10 @@ sxt_cc_component(
         "//sxt/base/test:unit_test",
         "//sxt/fieldgk/base:constants",
     ],
+    deps = [
+        ":operation_adl_stub",
+        "//sxt/fieldgk/base:constants",
+    ],
 )
 
 sxt_cc_component(

sxt/fieldgk/type/element.h

@@ -20,11 +20,14 @@
 #include <cstdint>
 #include <iosfwd>
 
+#include "sxt/fieldgk/base/constants.h"
+#include "sxt/fieldgk/type/operation_adl_stub.h"
+
 namespace sxt::fgkt {
 //--------------------------------------------------------------------------------------------------
 // element
 //--------------------------------------------------------------------------------------------------
-class element {
+class element : public fgko::operation_adl_stub {
 public:
   static constexpr size_t num_limbs_v = 4;
 
@@ -43,6 +46,12 @@ class element {
 
   constexpr uint64_t* data() noexcept { return data_; }
 
+  static constexpr element identity() noexcept { return {0, 0, 0, 0}; }
+
+  static constexpr element one() noexcept {
+    return {fgkb::r_v[0], fgkb::r_v[1], fgkb::r_v[2], fgkb::r_v[3]};
+  }
+
 private:
   uint64_t data_[num_limbs_v];
 };

sxt/fieldgk/type/operation_adl_stub.cc

@@ -0,0 +1,17 @@
+/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU.
+ *
+ * Copyright 2025-present Space and Time Labs, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "sxt/fieldgk/type/operation_adl_stub.h"

sxt/fieldgk/type/operation_adl_stub.h

@@ -0,0 +1,28 @@
+/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU.
+ *
+ * Copyright 2025-present Space and Time Labs, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+namespace sxt::fgko {
+//--------------------------------------------------------------------------------------------------
+// operation_adl_stub
+//--------------------------------------------------------------------------------------------------
+/**
+ * A stub class that can be inherited so that functions in the fgko namespace
+ * will participate in ADL.
+ */
+struct operation_adl_stub {};
+} // namespace sxt::fgko

sxt/proof/sumcheck/BUILD

@@ -240,6 +240,8 @@ sxt_cc_component(
         "//sxt/base/test:unit_test",
         "//sxt/execution/async:future",
         "//sxt/execution/schedule:scheduler",
+        "//sxt/fieldgk/realization:field",
+        "//sxt/fieldgk/type:literal",
         "//sxt/proof/transcript",
         "//sxt/scalar25/operation:overload",
         "//sxt/scalar25/realization:field",

sxt/proof/sumcheck/cpu_driver.h

@@ -62,7 +62,7 @@ template <basfld::element T> class cpu_driver final : public driver<T> {
     auto product_terms = work.product_terms;
 
     for (auto& val : polynomial) {
-      val = {};
+      val = T::identity();
     }
 
     // expand paired terms