From 4b2f1cd06770e33caa89139c6a86d1f0748e6837 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 8 Nov 2024 16:01:11 +0000 Subject: [PATCH 01/29] initial builder object --- .../plonk_honk_shared/types/aggregation_object_type.hpp | 5 ++++- .../stdlib_circuit_builders/circuit_builder_base.hpp | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 5f9bb79cda69..885f742c6de7 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -12,5 +12,8 @@ constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; using PairingPointAccumulatorIndices = std::array; // PairingPointAccumPubInputIndices represents an array of 16 public input indices pointing to the witness indices of // the nested aggregation object. -using PairingPointAccumPubInputIndices = std::array; + +using AggregationObjectPubInputIndices = std::array; + +using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index 3defafa72e9f..6b95acf2599b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -40,6 +40,10 @@ template class CircuitBuilderBase { PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; bool contains_pairing_point_accumulator = false; + // Public input indices which contain the output IPA opening claim + IPAClaimPubInputIndices ipa_claim_public_input_indices; + uint32_t ipa_verifier_count = 0; + // We know from the CLI arguments during proving whether a circuit should use a prover which produces // proofs that are friendly to verify in a circuit themselves. A verifier does not need a full circuit // description and should be able to verify a proof with just the verification key and the proof. From 3a6bdad8a33d437e990c0cd1ac9a9530b65326ca Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 19:00:25 +0000 Subject: [PATCH 02/29] rename --- .../src/barretenberg/dsl/acir_format/acir_format.cpp | 2 +- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 4 ++-- .../plonk/proof_system/proving_key/proving_key.hpp | 4 ++-- .../verification_key/verification_key.hpp | 4 ++-- .../types/aggregation_object_type.hpp | 7 +++---- .../eccvm_verifier/eccvm_recursive_verifier.cpp | 12 ++++++++---- .../eccvm_verifier/eccvm_recursive_verifier.hpp | 2 +- .../verification_key/verification_key.hpp | 4 ++-- .../stdlib_circuit_builders/circuit_builder_base.hpp | 2 +- .../stdlib_circuit_builders/circuit_simulator.hpp | 2 +- .../stdlib_circuit_builders/mega_flavor.hpp | 2 +- .../stdlib_circuit_builders/ultra_flavor.hpp | 2 +- 12 files changed, 25 insertions(+), 22 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index bd36912f2f18..55659d22ae11 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -298,7 +298,7 @@ void process_plonk_recursion_constraints(Builder& builder, // they want these constants set by keeping the nested aggregation object attached to // the proof as public inputs. As this is the only object that can prepended to the // proof if the proof is above the expected size (with public inputs stripped) - PairingPointAccumPubInputIndices nested_aggregation_object = {}; + PairingPointAccumulatorPubInputIndices nested_aggregation_object = {}; // If the proof has public inputs attached to it, we should handle setting the nested // aggregation object if (constraint.proof.size() > proof_size_no_pub_inputs) { diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 3b7fa66b826a..b4b08b4962f2 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -110,7 +110,7 @@ template class ProvingKey_ { public: size_t circuit_size; bool contains_pairing_point_accumulator; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bb::EvaluationDomain evaluation_domain; std::shared_ptr commitment_key; size_t num_public_inputs; @@ -152,7 +152,7 @@ class VerificationKey_ : public PrecomputedCommitments { using Commitment = typename VerifierCommitmentKey::Commitment; std::shared_ptr pcs_verification_key; bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices = {}; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices = {}; uint64_t pub_inputs_offset = 0; bool operator==(const VerificationKey_&) const = default; diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp index e0a2097adda0..eedd49442d0d 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp @@ -25,7 +25,7 @@ struct proving_key_data { uint32_t circuit_size; uint32_t num_public_inputs; bool contains_pairing_point_accumulator; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; std::vector memory_read_records; std::vector memory_write_records; #ifdef __wasm__ @@ -60,7 +60,7 @@ struct proving_key { size_t log_circuit_size; size_t num_public_inputs; bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; std::vector memory_read_records; // Used by UltraPlonkComposer only; for ROM, RAM reads. std::vector memory_write_records; // Used by UltraPlonkComposer only, for RAM writes. diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp index face2fba6370..f3b84e29fc95 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp @@ -18,7 +18,7 @@ struct verification_key_data { uint32_t num_public_inputs; std::map commitments; bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bool is_recursive_circuit = false; // for serialization: update with any new fields @@ -99,7 +99,7 @@ struct verification_key { bb::fr z_pow_n; // ʓ^n (ʓ being the 'evaluation challenge') bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bool is_recursive_circuit = false; diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 885f742c6de7..88b66b45b8bc 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -10,10 +10,9 @@ namespace bb { constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; // PairingPointAccumulatorIndices represents an array of 16 witness indices pointing to the nested aggregation object. using PairingPointAccumulatorIndices = std::array; -// PairingPointAccumPubInputIndices represents an array of 16 public input indices pointing to the witness indices of -// the nested aggregation object. - -using AggregationObjectPubInputIndices = std::array; +// PairingPointAccumulatorPubInputIndices represents an array of 16 public input indices pointing to the witness indices +// of the nested aggregation object. +using PairingPointAccumulatorPubInputIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index f2150c54e75c..c25d156dae18 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -15,8 +15,11 @@ ECCVMRecursiveVerifier_::ECCVMRecursiveVerifier_( /** * @brief This function verifies an ECCVM Honk proof for given program settings up to sumcheck. + * + * Returns a transcript where the IPA proof has not been verified yet. */ -template void ECCVMRecursiveVerifier_::verify_proof(const HonkProof& proof) +template +ECCVMRecursiveVerifier_::Transcript ECCVMRecursiveVerifier_::verify_proof(const HonkProof& proof) { using Curve = typename Flavor::Curve; using Shplemini = ShpleminiVerifier_; @@ -138,11 +141,12 @@ template void ECCVMRecursiveVerifier_::verify_proof(co const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. - const typename PCS::VerifierAccumulator batched_opening_accumulator = - PCS::reduce_verify(key->pcs_verification_key, batch_opening_claim, transcript); + // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. + // const typename PCS::VerifierAccumulator batched_opening_accumulator = + // PCS::reduce_verify(key->pcs_verification_key, batch_opening_claim, transcript); ASSERT(sumcheck_verified); + return transcript; } template class ECCVMRecursiveVerifier_>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp index 6a590ebba402..08ea0072ad78 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp @@ -21,7 +21,7 @@ template class ECCVMRecursiveVerifier_ { const std::shared_ptr& native_verifier_key); // TODO(https://github.com/AztecProtocol/barretenberg/issues/991): switch recursive verifiers to StdlibProof - void verify_proof(const HonkProof& proof); + Transcript verify_proof(const HonkProof& proof); std::shared_ptr key; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp b/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp index fc4f6ad39931..5fc139f72baf 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp @@ -240,7 +240,7 @@ template struct verification_key { Builder* ctx, const std::vector>& fields, bool inner_proof_contains_pairing_point_accumulator = false, - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices = {}) + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices = {}) { std::vector fields_raw; std::shared_ptr key = std::make_shared(); @@ -446,7 +446,7 @@ template struct verification_key { plonk::PolynomialManifest polynomial_manifest; // Used to check in the circuit if a proof contains any aggregated state. bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; size_t program_width = 4; Builder* context; }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index 6b95acf2599b..77ace653d9e4 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -37,7 +37,7 @@ template class CircuitBuilderBase { std::map tau; // Public input indices which contain recursive proof information - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bool contains_pairing_point_accumulator = false; // Public input indices which contain the output IPA opening claim diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp index f97c634c110e..cff49381a57d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp @@ -191,7 +191,7 @@ class CircuitSimulatorBN254 { [[nodiscard]] bool check_circuit() const { return !_failed; } // Public input indices which contain recursive proof information - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; }; class SimulatorCircuitChecker { diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index 13f6e3cbe85f..e00ddc79f12f 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -597,7 +597,7 @@ class MegaFlavor { const size_t num_public_inputs, const size_t pub_inputs_offset, const bool contains_pairing_point_accumulator, - const PairingPointAccumPubInputIndices& pairing_point_accumulator_public_input_indices, + const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, const DatabusPropagationData& databus_propagation_data, const Commitment& q_m, const Commitment& q_c, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 76b8e1ed56a8..05bfb4652aaf 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -455,7 +455,7 @@ class UltraFlavor { const uint64_t num_public_inputs, const uint64_t pub_inputs_offset, const bool contains_pairing_point_accumulator, - const PairingPointAccumPubInputIndices& pairing_point_accumulator_public_input_indices, + const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, const Commitment& q_m, const Commitment& q_c, const Commitment& q_l, From ed12d5b7d3da3fa49783b5f4fca694e2f807e700 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 19:17:44 +0000 Subject: [PATCH 03/29] return unfinished transcript --- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp | 4 +++- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index c25d156dae18..e5e6f9e28a2e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -19,7 +19,8 @@ ECCVMRecursiveVerifier_::ECCVMRecursiveVerifier_( * Returns a transcript where the IPA proof has not been verified yet. */ template -ECCVMRecursiveVerifier_::Transcript ECCVMRecursiveVerifier_::verify_proof(const HonkProof& proof) +std::shared_ptr::Transcript> ECCVMRecursiveVerifier_::verify_proof( + const HonkProof& proof) { using Curve = typename Flavor::Curve; using Shplemini = ShpleminiVerifier_; @@ -141,6 +142,7 @@ ECCVMRecursiveVerifier_::Transcript ECCVMRecursiveVerifier_::ver const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); + static_cast(batch_opening_claim); // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. // const typename PCS::VerifierAccumulator batched_opening_accumulator = // PCS::reduce_verify(key->pcs_verification_key, batch_opening_claim, transcript); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp index 08ea0072ad78..585a3a5a3749 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp @@ -21,7 +21,7 @@ template class ECCVMRecursiveVerifier_ { const std::shared_ptr& native_verifier_key); // TODO(https://github.com/AztecProtocol/barretenberg/issues/991): switch recursive verifiers to StdlibProof - Transcript verify_proof(const HonkProof& proof); + std::shared_ptr verify_proof(const HonkProof& proof); std::shared_ptr key; From b948683d305c42df35f606baf7e3f702e756b757 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 20:36:58 +0000 Subject: [PATCH 04/29] ipa claim indices --- .../plonk_honk_shared/types/aggregation_object_type.hpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 88b66b45b8bc..f8662b9821aa 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -14,5 +14,7 @@ using PairingPointAccumulatorIndices = std::array; -using IPAClaimPubInputIndices = std::array; +constexpr uint32_t IPA_CLAIM_SIZE = 6; +using IPAClaimIndices = std::array; +using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file From beb03a4167f9a5983aec76d2abda5c8da7a8ca60 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 22:37:50 +0000 Subject: [PATCH 05/29] add ipa claim to public inputs upon accumulation --- .../barretenberg/commitment_schemes/claim.hpp | 16 ++++++++++++ .../commitment_schemes/ipa/ipa.hpp | 4 +++ .../dsl/acir_format/acir_format.cpp | 9 +------ .../types/aggregation_object_type.hpp | 2 +- .../circuit_builder_base.hpp | 15 +++-------- .../circuit_builder_base_impl.hpp | 25 ++++++++++--------- 6 files changed, 39 insertions(+), 32 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 129cb4df521a..ef303c5728b2 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -1,7 +1,9 @@ #pragma once #include "barretenberg/commitment_schemes/commitment_key.hpp" +#include "barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp" namespace bb { /** @@ -51,6 +53,20 @@ template class OpeningClaim { // commitment to univariate polynomial p(X) Commitment commitment; + IPAClaimIndices get_witness_indices() + requires(std::is_same_v>) + { + return { opening_pair.challenge.binary_basis_limbs[0].element.normalize().witness_index, + opening_pair.challenge.binary_basis_limbs[1].element.normalize().witness_index, + opening_pair.challenge.binary_basis_limbs[2].element.normalize().witness_index, + opening_pair.challenge.binary_basis_limbs[3].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, + commitment.x, + commitment.y }; + } /** * @brief inefficiently check that the claim is correct by recomputing the commitment * and evaluating the polynomial in r. diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 1ebcb1aff1d3..86eb56eb4028 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -822,6 +822,10 @@ template class IPA { for (Fr u_inv_i : pair_2.u_challenges_inv) { native_u_challenges_inv_2.push_back(bb::fq(u_inv_i.get_value())); } + // Add IPA Claim to public inputs of circuit + Builder* builder = r.get_context(); + builder->add_ipa_claim(output_claim.get_witness_indices()); + return {output_claim, create_challenge_poly(uint32_t(pair_1.log_poly_length.get_value()), native_u_challenges_inv_1, uint32_t(pair_2.log_poly_length.get_value()), native_u_challenges_inv_2, fq(alpha.get_value()))}; } }; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 55659d22ae11..b97772b66578 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -342,16 +342,9 @@ void process_plonk_recursion_constraints(Builder& builder, // inputs. if (!constraint_system.recursion_constraints.empty()) { - // First add the output aggregation object as public inputs - // Set the indices as public inputs because they are no longer being - // created in ACIR - for (const auto& idx : current_output_aggregation_object) { - builder.set_public_input(idx); - } - // Make sure the verification key records the public input indices of the // final recursion output. - builder.set_pairing_point_accumulator(current_output_aggregation_object); + builder.add_pairing_point_accumulator(current_output_aggregation_object); } } diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index f8662b9821aa..49025ee77c67 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -14,7 +14,7 @@ using PairingPointAccumulatorIndices = std::array; -constexpr uint32_t IPA_CLAIM_SIZE = 6; +constexpr uint32_t IPA_CLAIM_SIZE = 10; using IPAClaimIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index 77ace653d9e4..12dbf713a419 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -42,6 +42,8 @@ template class CircuitBuilderBase { // Public input indices which contain the output IPA opening claim IPAClaimPubInputIndices ipa_claim_public_input_indices; + bool contains_ipa_claim = false; + uint32_t ipa_verifier_count = 0; // We know from the CLI arguments during proving whether a circuit should use a prover which produces @@ -210,18 +212,9 @@ template class CircuitBuilderBase { * @param proof_output_witness_indices Witness indices that need to become public and stored as recurisve proof * specific */ - void add_pairing_point_accumulator(const PairingPointAccumulatorIndices& proof_output_witness_indices); + void add_pairing_point_accumulator(const PairingPointAccumulatorIndices& pairing_point_accum_witness_indices); - /** - * TODO: We can remove this and use `add_pairing_point_accumulator` once my question has been addressed - * TODO: using `add_pairing_point_accumulator` also means that we will need to remove the cde which is - * TODO: adding the public_inputs - * @brief Update pairing_point_accumulator_public_input_indices with existing public inputs that represent a - * recursive proof - * - * @param proof_output_witness_indices - */ - void set_pairing_point_accumulator(const PairingPointAccumulatorIndices& proof_output_witness_indices); + void add_ipa_claim(const IPAClaimIndices& ipa_claim_witness_indices); bool failed() const; const std::string& err() const; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp index a192a8587b38..e3e4bbcfe9d6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp @@ -237,34 +237,35 @@ void CircuitBuilderBase::assert_valid_variables(const std::vector template void CircuitBuilderBase::add_pairing_point_accumulator( - const PairingPointAccumulatorIndices& proof_output_witness_indices) + const PairingPointAccumulatorIndices& pairing_point_accum_witness_indices) { if (contains_pairing_point_accumulator) { - failure("added recursive proof when one already exists"); + failure("added pairing point accumulator when one already exists"); ASSERT(0); } contains_pairing_point_accumulator = true; size_t i = 0; - for (const auto& idx : proof_output_witness_indices) { + for (const auto& idx : pairing_point_accum_witness_indices) { set_public_input(idx); pairing_point_accumulator_public_input_indices[i] = static_cast(public_inputs.size() - 1); ++i; } } -template -void CircuitBuilderBase::set_pairing_point_accumulator( - const PairingPointAccumulatorIndices& proof_output_witness_indices) +template void CircuitBuilderBase::add_ipa_claim(const IPAClaimIndices& ipa_claim_witness_indices) { - if (contains_pairing_point_accumulator) { - failure("added recursive proof when one already exists"); + if (contains_ipa_claim) { + failure("added IPA claim when one already exists"); ASSERT(0); } - contains_pairing_point_accumulator = true; - for (size_t i = 0; i < proof_output_witness_indices.size(); ++i) { - pairing_point_accumulator_public_input_indices[i] = - get_public_input_index(real_variable_index[proof_output_witness_indices[i]]); + contains_ipa_claim = true; + + size_t i = 0; + for (const auto& idx : ipa_claim_witness_indices) { + set_public_input(idx); + ipa_claim_public_input_indices[i] = static_cast(public_inputs.size() - 1); + ++i; } } From 20a69332d2fb8306d9b905229ab6aa8a1dd55dd5 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 22:42:55 +0000 Subject: [PATCH 06/29] fix build --- barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index ef303c5728b2..7676b2bd5695 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -53,7 +53,7 @@ template class OpeningClaim { // commitment to univariate polynomial p(X) Commitment commitment; - IPAClaimIndices get_witness_indices() + IPAClaimIndices get_witness_indices() const requires(std::is_same_v>) { return { opening_pair.challenge.binary_basis_limbs[0].element.normalize().witness_index, From b3ebdeb26074d6b43171861dbc66dce3824ed2c7 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Wed, 13 Nov 2024 19:53:13 +0000 Subject: [PATCH 07/29] adding ipa claim to proving/verification keys --- .../stdlib_circuit_builders/ultra_flavor.hpp | 9 ++++++++- .../src/barretenberg/ultra_honk/decider_proving_key.hpp | 6 +++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 05bfb4652aaf..9015c0483b92 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -272,7 +272,6 @@ class UltraFlavor { }; }; - public: /** * @brief A field element for each entity of the flavor. These entities represent the prover polynomials * evaluated at one point. @@ -341,6 +340,9 @@ class UltraFlavor { public: using Base = ProvingKey_; + bool contains_ipa_claim; + IPAClaimPubInputIndices ipa_claim_pub_input_indices; + ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, const size_t num_public_inputs, @@ -426,12 +428,17 @@ class UltraFlavor { */ class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: + bool contains_ipa_claim; + IPAClaimPubInputIndices ipa_claim_pub_input_indices; + bool operator==(const VerificationKey&) const = default; VerificationKey() = default; VerificationKey(const size_t circuit_size, const size_t num_public_inputs) : VerificationKey_(circuit_size, num_public_inputs) {} VerificationKey(ProvingKey& proving_key) + : contains_ipa_claim(proving_key.contains_ipa_claim) + , ipa_claim_pub_input_indices(proving_key.ipa_claim_pub_input_indices) { this->pcs_verification_key = std::make_shared(); this->circuit_size = proving_key.circuit_size; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 1de641beec9c..181c148521d3 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -288,7 +288,11 @@ template class DeciderProvingKey_ { proving_key.public_inputs.emplace_back(proving_key.polynomials.w_r[idx]); } - // Set the recursive proof indices + // Set the IPA claim indices + proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; + proving_key.contains_ipa_claim = circuit.contains_ipa_claim; + + // Set the pairing point accumulator indices proving_key.pairing_point_accumulator_public_input_indices = circuit.pairing_point_accumulator_public_input_indices; proving_key.contains_pairing_point_accumulator = circuit.contains_pairing_point_accumulator; From 98e8018964ea9d50160d0ca450bb493bf8043257 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 18:38:54 +0000 Subject: [PATCH 08/29] fix build --- .../cpp/src/barretenberg/commitment_schemes/claim.hpp | 4 ++-- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 3 +++ .../stdlib_circuit_builders/ultra_flavor.hpp | 6 +++--- .../barretenberg/ultra_honk/decider_proving_key.hpp | 10 +++++----- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 7676b2bd5695..9bf434955e2d 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -64,8 +64,8 @@ template class OpeningClaim { opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, - commitment.x, - commitment.y }; + commitment.x.normalize().witness_index, // no idea if we need these normalize() calls... + commitment.y.normalize().witness_index }; } /** * @brief inefficiently check that the claim is correct by recomputing the commitment diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 854b4c3ee15c..228dc5edcd6b 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -379,6 +379,9 @@ MegaZKRecursiveFlavor_>; template concept HasDataBus = IsGoblinFlavor; +template +concept DoesRecursiveIPA = IsAnyOf; + template concept IsRecursiveFlavor = IsAnyOf, UltraRecursiveFlavor_, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 9015c0483b92..6c7a8d191b1c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -341,7 +341,7 @@ class UltraFlavor { using Base = ProvingKey_; bool contains_ipa_claim; - IPAClaimPubInputIndices ipa_claim_pub_input_indices; + IPAClaimPubInputIndices ipa_claim_public_input_indices; ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, @@ -429,7 +429,7 @@ class UltraFlavor { class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: bool contains_ipa_claim; - IPAClaimPubInputIndices ipa_claim_pub_input_indices; + IPAClaimPubInputIndices ipa_claim_public_input_indices; bool operator==(const VerificationKey&) const = default; VerificationKey() = default; @@ -438,7 +438,7 @@ class UltraFlavor { {} VerificationKey(ProvingKey& proving_key) : contains_ipa_claim(proving_key.contains_ipa_claim) - , ipa_claim_pub_input_indices(proving_key.ipa_claim_pub_input_indices) + , ipa_claim_public_input_indices(proving_key.ipa_claim_public_input_indices) { this->pcs_verification_key = std::make_shared(); this->circuit_size = proving_key.circuit_size; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 181c148521d3..54b90461b661 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -288,16 +288,16 @@ template class DeciderProvingKey_ { proving_key.public_inputs.emplace_back(proving_key.polynomials.w_r[idx]); } - // Set the IPA claim indices - proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; - proving_key.contains_ipa_claim = circuit.contains_ipa_claim; - + if constexpr (DoesRecursiveIPA) { // Set the IPA claim indices + proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; + proving_key.contains_ipa_claim = circuit.contains_ipa_claim; + } // Set the pairing point accumulator indices proving_key.pairing_point_accumulator_public_input_indices = circuit.pairing_point_accumulator_public_input_indices; proving_key.contains_pairing_point_accumulator = circuit.contains_pairing_point_accumulator; - if constexpr (IsGoblinFlavor) { // Set databus commitment propagation data + if constexpr (HasDataBus) { // Set databus commitment propagation data proving_key.databus_propagation_data = circuit.databus_propagation_data; } auto end = std::chrono::steady_clock::now(); From f1a429d90eb2aa5ca4eda353c449d2f5c3bc65bf Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 18:56:18 +0000 Subject: [PATCH 09/29] fix some random tests with namespace ambiguity issues --- .../examples/join_split/join_split.test.cpp | 16 ++++---- .../eccvm_recursive_verifier.cpp | 1 - .../encryption/schnorr/schnorr.test.cpp | 41 +++++++++---------- 3 files changed, 28 insertions(+), 30 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp b/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp index f56dbf882e7c..677e30f198cb 100644 --- a/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp +++ b/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp @@ -33,8 +33,8 @@ using namespace bb::join_split_example::proofs::notes::native; using key_pair = join_split_example::fixtures::grumpkin_key_pair; auto create_account_leaf_data(fr const& account_alias_hash, - grumpkin::g1::affine_element const& owner_key, - grumpkin::g1::affine_element const& signing_key) + bb::grumpkin::g1::affine_element const& owner_key, + bb::grumpkin::g1::affine_element const& signing_key) { return notes::native::account::account_note{ account_alias_hash, owner_key, signing_key }.commit(); } @@ -869,7 +869,7 @@ TEST_P(test_allow_chain_to_other_users_fail, ) { join_split_tx tx = simple_setup(); tx.allow_chain = GetParam(); - tx.output_note[tx.allow_chain - 1].owner = grumpkin::g1::element::random_element(); // i.e. not owned by self. + tx.output_note[tx.allow_chain - 1].owner = bb::grumpkin::g1::element::random_element(); // i.e. not owned by self. auto result = sign_and_verify_logic(tx, user.owner); EXPECT_FALSE(result.valid); EXPECT_EQ(result.err, "inter-user chaining disallowed"); @@ -1028,7 +1028,7 @@ TEST_F(join_split_tests, test_total_output_value_larger_than_total_input_value_f TEST_F(join_split_tests, test_different_input_note_owners_fails) { join_split_tx tx = simple_setup({ 1, 2 }); - tx.input_note[0].owner = grumpkin::g1::affine_element::hash_to_curve({ 1 }); + tx.input_note[0].owner = bb::grumpkin::g1::affine_element::hash_to_curve({ 1 }); auto result = sign_and_verify_logic(tx, user.owner); EXPECT_FALSE(result.valid); @@ -1073,7 +1073,7 @@ TEST_F(join_split_tests, test_different_note_account_required_vs_account_require TEST_F(join_split_tests, test_wrong_input_note_owner_fails) { join_split_tx tx = simple_setup(); - tx.input_note[0].owner = grumpkin::g1::element::random_element(); + tx.input_note[0].owner = bb::grumpkin::g1::element::random_element(); tx.input_note[1].owner = tx.input_note[0].owner; auto result = sign_and_verify_logic(tx, user.owner); @@ -1084,8 +1084,8 @@ TEST_F(join_split_tests, test_wrong_input_note_owner_fails) TEST_F(join_split_tests, test_random_output_note_owners) { join_split_tx tx = simple_setup(); - tx.output_note[0].owner = grumpkin::g1::element::random_element(); - tx.output_note[1].owner = grumpkin::g1::element::random_element(); + tx.output_note[0].owner = bb::grumpkin::g1::element::random_element(); + tx.output_note[1].owner = bb::grumpkin::g1::element::random_element(); EXPECT_TRUE(sign_and_verify_logic(tx, user.owner).valid); } @@ -1097,7 +1097,7 @@ TEST_F(join_split_tests, test_random_output_note_owners) TEST_F(join_split_tests, test_wrong_account_private_key_fails) { join_split_tx tx = simple_setup(); - tx.account_private_key = grumpkin::fr::random_element(); + tx.account_private_key = bb::grumpkin::fr::random_element(); auto result = sign_and_verify_logic(tx, user.owner); EXPECT_FALSE(result.valid); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index c2e66d7cf07c..140052fcf4b4 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -149,7 +149,6 @@ template void ECCVMRecursiveVerifier_::verify_proof(co // PCS::reduce_verify(batch_opening_claim, ipa_transcript); ASSERT(sumcheck_verified); - return transcript; } template class ECCVMRecursiveVerifier_>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp index ea93c1c161da..a852624235a7 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp @@ -7,14 +7,13 @@ #include "schnorr.hpp" using namespace bb; -using namespace bb::stdlib; using namespace bb::crypto; using Builder = UltraCircuitBuilder; -using bool_ct = bool_t; -using byte_array_ct = byte_array; -using field_ct = field_t; -using witness_ct = witness_t; +using bool_ct = stdlib::bool_t; +using byte_array_ct = stdlib::byte_array; +using field_ct = stdlib::field_t; +using witness_ct = stdlib::witness_t; /** * @test Test circuit verifying a Schnorr signature generated by \see{crypto::schnorr_verify_signature}. @@ -42,10 +41,10 @@ TEST(stdlib_schnorr, schnorr_verify_signature) message_string, account.public_key, signature); EXPECT_EQ(first_result, true); - cycle_group pub_key{ witness_ct(&builder, account.public_key.x), - witness_ct(&builder, account.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key{ witness_ct(&builder, account.public_key.x), + witness_ct(&builder, account.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, message_string); schnorr_verify_signature(message, pub_key, sig); @@ -84,10 +83,10 @@ TEST(stdlib_schnorr, verify_signature_failure) EXPECT_EQ(native_result, false); // check stdlib verification with account 2 public key fails - cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), - witness_ct(&builder, account2.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), + witness_ct(&builder, account2.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, message_string); schnorr_verify_signature(message, pub_key2_ct, sig); @@ -118,10 +117,10 @@ TEST(stdlib_schnorr, schnorr_signature_verification_result) longer_string, account.public_key, signature); EXPECT_EQ(first_result, true); - cycle_group pub_key{ witness_ct(&builder, account.public_key.x), - witness_ct(&builder, account.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key{ witness_ct(&builder, account.public_key.x), + witness_ct(&builder, account.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, longer_string); bool_ct signature_result = schnorr_signature_verification_result(message, pub_key, sig); EXPECT_EQ(signature_result.witness_bool, true); @@ -161,10 +160,10 @@ TEST(stdlib_schnorr, signature_verification_result_failure) EXPECT_EQ(native_result, false); // check stdlib verification with account 2 public key fails - cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), - witness_ct(&builder, account2.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), + witness_ct(&builder, account2.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, message_string); bool_ct signature_result = schnorr_signature_verification_result(message, pub_key2_ct, sig); EXPECT_EQ(signature_result.witness_bool, false); From c86252b545e1328ca71cf4e29994f032ae732afc Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 20:16:50 +0000 Subject: [PATCH 10/29] fix serialization --- .../stdlib_circuit_builders/flavor_serialization.test.cpp | 6 ++++++ .../barretenberg/stdlib_circuit_builders/ultra_flavor.hpp | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp index 162385bdcbab..9be4c7308156 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp @@ -47,6 +47,12 @@ TYPED_TEST(FlavorSerializationTests, VerificationKeySerialization) // Set the pcs ptr to null since this will not be reconstructed correctly from buffer original_vkey.pcs_verification_key = nullptr; + // probably not needed + if constexpr (DoesRecursiveIPA) { + original_vkey.contains_ipa_claim = 0; + original_vkey.ipa_claim_public_input_indices = + std::array{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + } // Populate some non-zero values in the databus_propagation_data to ensure its being handled if constexpr (IsMegaBuilder) { original_vkey.databus_propagation_data.app_return_data_public_input_idx = 2; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 4a39bdbfba70..1fc4281c7936 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -476,6 +476,8 @@ class UltraFlavor { const uint64_t pub_inputs_offset, const bool contains_pairing_point_accumulator, const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, + const bool contains_ipa_claim, + const IPAClaimPubInputIndices& ipa_claim_public_input_indices, const Commitment& q_m, const Commitment& q_c, const Commitment& q_l, @@ -503,6 +505,8 @@ class UltraFlavor { const Commitment& table_4, const Commitment& lagrange_first, const Commitment& lagrange_last) + : contains_ipa_claim(contains_ipa_claim) + , ipa_claim_public_input_indices(ipa_claim_public_input_indices) { this->circuit_size = circuit_size; this->log_circuit_size = numeric::get_msb(this->circuit_size); @@ -546,6 +550,8 @@ class UltraFlavor { pub_inputs_offset, contains_pairing_point_accumulator, pairing_point_accumulator_public_input_indices, + contains_ipa_claim, + ipa_claim_public_input_indices, q_m, q_c, q_l, From cb40e082893aa137acd4a7934ca7036539fae3c1 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 23:06:54 +0000 Subject: [PATCH 11/29] fix test --- .../cpp/src/barretenberg/commitment_schemes/claim.hpp | 8 ++++---- .../plonk_honk_shared/types/aggregation_object_type.hpp | 2 +- .../stdlib_circuit_builders/flavor_serialization.test.cpp | 3 +-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 9bf434955e2d..8ae0917576ba 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -60,10 +60,10 @@ template class OpeningClaim { opening_pair.challenge.binary_basis_limbs[1].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[2].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[3].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, commitment.x.normalize().witness_index, // no idea if we need these normalize() calls... commitment.y.normalize().witness_index }; } diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 49025ee77c67..f8662b9821aa 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -14,7 +14,7 @@ using PairingPointAccumulatorIndices = std::array; -constexpr uint32_t IPA_CLAIM_SIZE = 10; +constexpr uint32_t IPA_CLAIM_SIZE = 6; using IPAClaimIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp index 9be4c7308156..2b5de9630ef8 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp @@ -50,8 +50,7 @@ TYPED_TEST(FlavorSerializationTests, VerificationKeySerialization) // probably not needed if constexpr (DoesRecursiveIPA) { original_vkey.contains_ipa_claim = 0; - original_vkey.ipa_claim_public_input_indices = - std::array{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + original_vkey.ipa_claim_public_input_indices = std::array{ 0, 0, 0, 0, 0, 0 }; } // Populate some non-zero values in the databus_propagation_data to ensure its being handled if constexpr (IsMegaBuilder) { From 68e8acb62c6c90ec364558f47e198d92dbf9ad29 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 15 Nov 2024 00:59:01 +0000 Subject: [PATCH 12/29] modify eccvm verify_proof --- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp | 6 ++++-- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp | 2 +- .../stdlib/goblin_verifier/goblin_recursive_verifier.cpp | 5 ++++- .../goblin_verifier/goblin_recursive_verifier.test.cpp | 6 ++++-- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index 140052fcf4b4..ec359be3589a 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -17,7 +17,9 @@ ECCVMRecursiveVerifier_::ECCVMRecursiveVerifier_( * @brief This function verifies an ECCVM Honk proof for given program settings up to sumcheck. * */ -template void ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) +template +std::pair, std::shared_ptr::Transcript>> +ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) { using Curve = typename Flavor::Curve; using Shplemini = ShpleminiVerifier_; @@ -143,12 +145,12 @@ template void ECCVMRecursiveVerifier_::verify_proof(co const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); - builder->add_ipa_claim(batch_opening_claim.get_witness_indices()); // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. // const typename PCS::VerifierAccumulator batched_opening_accumulator = // PCS::reduce_verify(batch_opening_claim, ipa_transcript); ASSERT(sumcheck_verified); + return { batch_opening_claim, ipa_transcript }; } template class ECCVMRecursiveVerifier_>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp index 58103e9644bc..729740aa7075 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp @@ -21,7 +21,7 @@ template class ECCVMRecursiveVerifier_ { const std::shared_ptr& native_verifier_key); // TODO(https://github.com/AztecProtocol/barretenberg/issues/991): switch recursive verifiers to StdlibProof - void verify_proof(const ECCVMProof& proof); + std::pair, std::shared_ptr> verify_proof(const ECCVMProof& proof); std::shared_ptr key; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp index 8a6980ff4b02..e2f802cf5e95 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp @@ -12,8 +12,11 @@ void GoblinRecursiveVerifier::verify(const GoblinProof& proof) { // Run the ECCVM recursive verifier ECCVMVerifier eccvm_verifier{ builder, verification_keys.eccvm_verification_key }; - eccvm_verifier.verify_proof(proof.eccvm_proof); + auto [opening_claim, ipa_transcript] = eccvm_verifier.verify_proof(proof.eccvm_proof); + // Assuming the GoblinRecursiveVerifier can only be called at most once per circuit, we can add the claim to the + // builder. + builder->add_ipa_claim(opening_claim.get_witness_indices()); // Run the Translator recursive verifier TranslatorVerifier translator_verifier{ builder, verification_keys.translator_verification_key, diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp index 80ee773f2df3..ff68204e443d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp @@ -113,7 +113,7 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) // Tamper with the ECCVM proof for (auto& val : proof.eccvm_proof.pre_ipa_proof) { - if (val > 0) { // tamper by finding the tenth non-zero value and incrementing it by 1 + if (val > 0) { // tamper by finding the first non-zero value and incrementing it by 1 // tamper by finding the first non-zero value // and incrementing it by 1 val += 1; @@ -123,8 +123,10 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) Builder builder; GoblinRecursiveVerifier verifier{ &builder, verifier_input }; + verifier.verify(proof); - EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == -opening_claim.commitment.get_value.*)"); + // EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == + // -opening_claim.commitment.get_value.*)"); } /** From 3c83148f715ec04bb35ca18cbe74bbedca148a8b Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 15 Nov 2024 01:16:42 +0000 Subject: [PATCH 13/29] make accumulate also generate the ipa proof --- .../commitment_schemes/ipa/ipa.hpp | 21 ++++++++++++++----- .../ipa_recursive.test.cpp | 10 +++------ 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 597b7c540719..933b7ca65539 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -749,8 +749,8 @@ template class IPA { } /** - * @brief Takes two IPA claims and accumulates them into 1 IPA claim. - * @details We create an IPA accumulator by running the IPA recursive verifier on each claim. Then, we generate challenges, and use these challenges to compute the new accumulator. We also create the accumulated polynomial. + * @brief Takes two IPA claims and accumulates them into 1 IPA claim. Also computes IPA proof for the claim. + * @details We create an IPA accumulator by running the IPA recursive verifier on each claim. Then, we generate challenges, and use these challenges to compute the new accumulator. We also create the accumulated polynomial, and generate the IPA proof for the accumulated claim. * More details are described here: https://hackmd.io/IXoLIPhVT_ej8yhZ_Ehvuw?both. * * @param verifier_ck @@ -758,11 +758,12 @@ template class IPA { * @param claim_1 * @param transcript_2 * @param claim_2 - * @return std::pair, Polynomial> + * @return std::pair, HonkProof> */ - static std::pair, Polynomial> accumulate(auto& transcript_1, OpeningClaim claim_1, auto& transcript_2, OpeningClaim claim_2) + static std::pair, HonkProof> accumulate(const std::shared_ptr>& ck, auto& transcript_1, OpeningClaim claim_1, auto& transcript_2, OpeningClaim claim_2) requires Curve::is_stdlib_type { + using NativeCurve = curve::Grumpkin; using Builder = typename Curve::Builder; // Step 1: Run the verifier for each IPA instance VerifierAccumulator pair_1 = reduce_verify(claim_1, transcript_1); @@ -797,7 +798,17 @@ template class IPA { Builder* builder = r.get_context(); builder->add_ipa_claim(output_claim.get_witness_indices()); - return {output_claim, create_challenge_poly(uint32_t(pair_1.log_poly_length.get_value()), native_u_challenges_inv_1, uint32_t(pair_2.log_poly_length.get_value()), native_u_challenges_inv_2, fq(alpha.get_value()))}; + // Compute proof for the claim + auto prover_transcript = std::make_shared(); + const OpeningPair opening_pair{ bb::fq(output_claim.opening_pair.challenge.get_value()), + bb::fq(output_claim.opening_pair.evaluation.get_value()) }; + Polynomial challenge_poly = create_challenge_poly(uint32_t(pair_1.log_poly_length.get_value()), native_u_challenges_inv_1, uint32_t(pair_2.log_poly_length.get_value()), native_u_challenges_inv_2, fq(alpha.get_value())); + + ASSERT(challenge_poly.evaluate(opening_pair.challenge) == opening_pair.evaluation && "Opening claim does not hold for challenge polynomial."); + + IPA::compute_opening_proof(ck, { challenge_poly, opening_pair }, prover_transcript); + + return {output_claim, prover_transcript->proof_data}; } }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp index 8b59b2b90b8e..31931b2e5fc8 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp @@ -158,25 +158,21 @@ class IPARecursiveTests : public CommitmentTest { // Creates two IPA accumulators and accumulators from the two claims. Also constructs the accumulated h // polynomial. - auto [output_claim, challenge_poly] = RecursiveIPA::accumulate(transcript_1, claim_1, transcript_2, claim_2); + auto [output_claim, ipa_proof] = + RecursiveIPA::accumulate(this->ck(), transcript_1, claim_1, transcript_2, claim_2); builder.finalize_circuit(/*ensure_nonzero=*/false); info("Circuit with 2 IPA Recursive Verifiers and IPA Accumulation num finalized gates = ", builder.get_num_finalized_gates()); EXPECT_TRUE(CircuitChecker::check(builder)); - // Run the IPA prover on this new accumulated claim. - auto prover_transcript = std::make_shared(); const OpeningPair opening_pair{ bb::fq(output_claim.opening_pair.challenge.get_value()), bb::fq(output_claim.opening_pair.evaluation.get_value()) }; Commitment native_comm = output_claim.commitment.get_value(); const OpeningClaim opening_claim{ opening_pair, native_comm }; - NativeIPA::compute_opening_proof(this->ck(), { challenge_poly, opening_pair }, prover_transcript); - - EXPECT_EQ(challenge_poly.evaluate(opening_pair.challenge), opening_pair.evaluation); // Natively verify this proof to check it. - auto verifier_transcript = std::make_shared(prover_transcript->proof_data); + auto verifier_transcript = std::make_shared(ipa_proof); auto result = NativeIPA::reduce_verify(this->vk(), opening_claim, verifier_transcript); EXPECT_TRUE(result); From ee9855107ce02d9c001238d46f539311622139f7 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 15 Nov 2024 22:56:45 +0000 Subject: [PATCH 14/29] add ipa claim/proof to tube --- barretenberg/cpp/CMakeLists.txt | 2 +- barretenberg/cpp/src/barretenberg/bb/main.cpp | 7 ++++++- .../cpp/src/barretenberg/client_ivc/client_ivc.cpp | 4 ++-- .../ipa_recursive.test.cpp | 4 ++-- .../commitment_schemes_recursion/shplemini.test.cpp | 2 +- .../commitment_schemes_recursion/zeromorph.test.cpp | 2 +- .../cpp/src/barretenberg/goblin/mock_circuits.hpp | 4 ++-- .../client_ivc_recursive_verifier.cpp | 7 +++++-- .../client_ivc_recursive_verifier.hpp | 4 +++- .../client_ivc_recursive_verifier.test.cpp | 12 +++++++++--- .../eccvm_verifier/eccvm_recursive_verifier.cpp | 4 ++-- .../eccvm_verifier/eccvm_recursive_verifier.test.cpp | 3 ++- .../goblin_verifier/goblin_recursive_verifier.cpp | 6 ++---- .../goblin_verifier/goblin_recursive_verifier.hpp | 12 +++++++++++- .../goblin_recursive_verifier.test.cpp | 3 ++- .../goblin_verifier/merge_recursive_verifier.cpp | 2 +- .../honk_verifier/decider_recursive_verifier.cpp | 2 +- .../honk_verifier/ultra_recursive_verifier.cpp | 2 +- .../protogalaxy_recursive_verifier.test.cpp | 12 ++++++++---- .../stdlib/transcript/transcript.test.cpp | 8 ++++---- .../translator_recursive_verifier.cpp | 2 +- .../translator_recursive_verifier.test.cpp | 2 +- .../ultra_circuit_builder.hpp | 2 ++ .../stdlib_circuit_builders/ultra_flavor.hpp | 1 + .../cpp/src/barretenberg/transcript/transcript.hpp | 11 ++++++++++- .../barretenberg/ultra_honk/decider_proving_key.hpp | 1 + .../vm/avm/generated/recursive_verifier.cpp | 2 +- 27 files changed, 83 insertions(+), 40 deletions(-) diff --git a/barretenberg/cpp/CMakeLists.txt b/barretenberg/cpp/CMakeLists.txt index 302e997f4340..d911924130a8 100644 --- a/barretenberg/cpp/CMakeLists.txt +++ b/barretenberg/cpp/CMakeLists.txt @@ -27,7 +27,7 @@ endif(DOXYGEN_FOUND) option(DISABLE_ASM "Disable custom assembly" OFF) option(DISABLE_ADX "Disable ADX assembly variant" OFF) -option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF) +option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON) option(MULTITHREADING "Enable multi-threading" ON) option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF) option(FUZZING "Build ONLY fuzzing harnesses" OFF) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 8daccc33257d..c8293ffb768c 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -596,7 +596,8 @@ void prove_tube(const std::string& output_path) } ClientIVC verifier{ builder, input }; - verifier.verify(proof); + stdlib::recursion::honk::ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput + client_ivc_rec_verifier_output = verifier.verify(proof); PairingPointAccumulatorIndices current_aggregation_object = stdlib::recursion::init_default_agg_obj_indices(*builder); @@ -605,6 +606,10 @@ void prove_tube(const std::string& output_path) // This is currently just setting the aggregation object to the default one. builder->add_pairing_point_accumulator(current_aggregation_object); + // The tube only calls an IPA recursive verifier once, so we can just add this IPA claim and proof + builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices()); + builder->ipa_proof = convert_stdlib_proof_to_native(client_ivc_rec_verifier_output.ipa_transcript->proof_data); + using Prover = UltraProver_; using Verifier = UltraVerifier_; Prover tube_prover{ *builder }; diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 9119e17f6ea3..ce873d3cafde 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -25,7 +25,7 @@ void ClientIVC::instantiate_stdlib_verification_queue( size_t key_idx = 0; for (auto& [proof, vkey, type] : verification_queue) { // Construct stdlib proof directly from the internal native queue data - auto stdlib_proof = bb::convert_proof_to_witness(&circuit, proof); + auto stdlib_proof = bb::convert_native_proof_to_stdlib(&circuit, proof); // Use the provided stdlib vkey if present, otherwise construct one from the internal native queue auto stdlib_vkey = @@ -261,7 +261,7 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() auto stdlib_decider_vk = std::make_shared(&builder, verification_queue[0].honk_verification_key); - auto stdlib_proof = bb::convert_proof_to_witness(&builder, fold_proof); + auto stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, fold_proof); // Perform recursive folding verification of the last folding proof FoldingRecursiveVerifier folding_verifier{ &builder, stdlib_verifier_accumulator, { stdlib_decider_vk } }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp index 31931b2e5fc8..fa55d812441a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp @@ -56,8 +56,8 @@ class IPARecursiveTests : public CommitmentTest { OpeningClaim stdlib_opening_claim{ { stdlib_x, stdlib_eval }, stdlib_comm }; // Construct stdlib verifier transcript - auto recursive_verifier_transcript = - std::make_shared(bb::convert_proof_to_witness(&builder, prover_transcript->proof_data)); + auto recursive_verifier_transcript = std::make_shared( + bb::convert_native_proof_to_stdlib(&builder, prover_transcript->proof_data)); return { recursive_verifier_transcript, stdlib_opening_claim }; } diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp index b94b0c950853..97051dc2b088 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp @@ -88,7 +88,7 @@ TEST(ShpleminiRecursionTest, ProveAndVerifySingle) N, RefVector(f_polynomials), RefVector(g_polynomials), u_challenge, commitment_key, prover_transcript); KZG::compute_opening_proof(commitment_key, prover_opening_claims, prover_transcript); Builder builder; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, prover_transcript->proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, prover_transcript->proof_data); auto stdlib_verifier_transcript = std::make_shared(stdlib_proof); stdlib_verifier_transcript->template receive_from_prover("Init"); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp index 5c6f22d6af4e..fb70282a51f7 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp @@ -95,7 +95,7 @@ TEST(ZeroMorphRecursionTest, ProveAndVerifySingle) prover_transcript); Builder builder; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, prover_transcript->proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, prover_transcript->proof_data); auto stdlib_verifier_transcript = std::make_shared(stdlib_proof); [[maybe_unused]] auto _ = stdlib_verifier_transcript->template receive_from_prover("Init"); diff --git a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp index 2ddcdfb20387..e8e5e51ff6bd 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp @@ -212,7 +212,7 @@ class GoblinMockCircuits { // Execute recursive aggregation of function proof auto verification_key = std::make_shared(&builder, function_accum.verification_key); - auto proof = bb::convert_proof_to_witness(&builder, function_accum.proof); + auto proof = bb::convert_native_proof_to_stdlib(&builder, function_accum.proof); RecursiveVerifier verifier1{ &builder, verification_key }; verifier1.verify_proof( proof, stdlib::recursion::init_default_aggregation_state(builder)); @@ -221,7 +221,7 @@ class GoblinMockCircuits { if (!prev_kernel_accum.proof.empty()) { auto verification_key = std::make_shared(&builder, prev_kernel_accum.verification_key); - auto proof = bb::convert_proof_to_witness(&builder, prev_kernel_accum.proof); + auto proof = bb::convert_native_proof_to_stdlib(&builder, prev_kernel_accum.proof); RecursiveVerifier verifier2{ &builder, verification_key }; verifier2.verify_proof( proof, stdlib::recursion::init_default_aggregation_state(builder)); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 15f7ce40f3de..08e171d1d542 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -8,7 +8,8 @@ namespace bb::stdlib::recursion::honk { * @todo (https://github.com/AztecProtocol/barretenberg/issues/934): Add logic for accumulating the pairing points * produced by the verifiers (and potentially IPA accumulators for ECCVM verifier) */ -void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) +ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput ClientIVCRecursiveVerifier::verify( + const ClientIVC::Proof& proof) { // Construct stdlib Mega verification key auto stdlib_mega_vk = @@ -24,7 +25,9 @@ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) // Perform Goblin recursive verification GoblinVerifier goblin_verifier{ builder.get(), verifier_input.goblin_input }; - goblin_verifier.verify(proof.goblin_proof); + GoblinRecursiveVerifierOutput output = goblin_verifier.verify(proof.goblin_proof); + + return output; } } // namespace bb::stdlib::recursion::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp index d6954bb05322..d38b89d62321 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp @@ -21,6 +21,8 @@ class ClientIVCRecursiveVerifier { using Proof = ClientIVC::Proof; using FoldVerifierInput = FoldingVerifier::VerifierInput; using GoblinVerifierInput = GoblinVerifier::VerifierInput; + using ClientIVCRecursiveVerifierOutput = GoblinRecursiveVerifierOutput; + struct VerifierInput { std::shared_ptr mega_verification_key; GoblinVerifierInput goblin_input; @@ -30,7 +32,7 @@ class ClientIVCRecursiveVerifier { : builder(builder) , verifier_input(verifier_input){}; - void verify(const ClientIVC::Proof&); + ClientIVCRecursiveVerifierOutput verify(const ClientIVC::Proof&); private: std::shared_ptr builder; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 3b2fa2923de5..4d5fefe1cd0e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -85,7 +85,7 @@ TEST_F(ClientIVCRecursionTests, Basic) ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit - verifier.verify(proof); + ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput output = verifier.verify(proof); EXPECT_EQ(builder->failed(), false) << builder->err(); @@ -107,10 +107,16 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) ClientIVCVerifier verifier{ tube_builder, verifier_input }; // Generate the recursive verification circuit - verifier.verify(proof); + ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput client_ivc_rec_verifier_output = + verifier.verify(proof); + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): fix this by taking it from the output instead of + // just using default. tube_builder->add_pairing_point_accumulator( stdlib::recursion::init_default_agg_obj_indices(*tube_builder)); + // The tube only calls an IPA recursive verifier once, so we can just add this IPA claim and proof + tube_builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices()); + tube_builder->ipa_proof = convert_stdlib_proof_to_native(client_ivc_rec_verifier_output.ipa_transcript->proof_data); info("ClientIVC Recursive Verifier: num prefinalized gates = ", tube_builder->num_gates); @@ -126,7 +132,7 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) Builder base_builder; auto native_vk = std::make_shared(proving_key->proving_key); auto vk = std::make_shared(&base_builder, native_vk); - auto tube_proof = bb::convert_proof_to_witness(&base_builder, native_tube_proof); + auto tube_proof = bb::convert_native_proof_to_stdlib(&base_builder, native_tube_proof); UltraRecursiveVerifier base_verifier{ &base_builder, vk }; base_verifier.verify_proof(tube_proof, stdlib::recursion::init_default_aggregation_state(base_builder)); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index ec359be3589a..9bd8ce5a3b2b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -28,8 +28,8 @@ ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) RelationParameters relation_parameters; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof.pre_ipa_proof); - StdlibProof stdlib_ipa_proof = bb::convert_proof_to_witness(builder, proof.ipa_proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof.pre_ipa_proof); + StdlibProof stdlib_ipa_proof = bb::convert_native_proof_to_stdlib(builder, proof.ipa_proof); transcript = std::make_shared(stdlib_proof); ipa_transcript = std::make_shared(stdlib_ipa_proof); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp index 0aae8567845b..8c5581e22b60 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp @@ -83,7 +83,8 @@ template class ECCVMRecursiveTests : public ::testing info("ECCVM Recursive Verifier"); OuterBuilder outer_circuit; RecursiveVerifier verifier{ &outer_circuit, verification_key }; - verifier.verify_proof(proof); + auto [opening_claim, ipa_transcript] = verifier.verify_proof(proof); + info("Recursive Verifier: num gates = ", outer_circuit.get_estimated_num_finalized_gates()); // Check for a failure flag in the recursive verifier circuit diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp index e2f802cf5e95..b9bf165bc966 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp @@ -8,15 +8,12 @@ namespace bb::stdlib::recursion::honk { * @todo https://github.com/AztecProtocol/barretenberg/issues/934: Add logic for accumulating the pairing points * produced by the translator and merge verifier (and potentially IPA accumulators for ECCVM verifier) */ -void GoblinRecursiveVerifier::verify(const GoblinProof& proof) +GoblinRecursiveVerifierOutput GoblinRecursiveVerifier::verify(const GoblinProof& proof) { // Run the ECCVM recursive verifier ECCVMVerifier eccvm_verifier{ builder, verification_keys.eccvm_verification_key }; auto [opening_claim, ipa_transcript] = eccvm_verifier.verify_proof(proof.eccvm_proof); - // Assuming the GoblinRecursiveVerifier can only be called at most once per circuit, we can add the claim to the - // builder. - builder->add_ipa_claim(opening_claim.get_witness_indices()); // Run the Translator recursive verifier TranslatorVerifier translator_verifier{ builder, verification_keys.translator_verification_key, @@ -39,5 +36,6 @@ void GoblinRecursiveVerifier::verify(const GoblinProof& proof) MergeVerifier merge_verifier{ builder }; merge_verifier.verify_proof(proof.merge_proof); + return { opening_claim, ipa_transcript }; } } // namespace bb::stdlib::recursion::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp index 92ae344af66a..a3c0828ce906 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp @@ -5,6 +5,16 @@ #include "barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.hpp" namespace bb::stdlib::recursion::honk { + +struct GoblinRecursiveVerifierOutput { + using Builder = UltraCircuitBuilder; + using ECCVMFlavor = ECCVMRecursiveFlavor_; + using Curve = grumpkin; + using Transcript = bb::BaseTranscript>; + OpeningClaim opening_claim; + std::shared_ptr ipa_transcript; +}; + class GoblinRecursiveVerifier { public: // Goblin Recursive Verifier circuit is using Ultra arithmetisation @@ -35,7 +45,7 @@ class GoblinRecursiveVerifier { * * @todo(https://github.com/AztecProtocol/barretenberg/issues/991): The GoblinProof should aleady be a stdlib proof */ - void verify(const GoblinProof&); + GoblinRecursiveVerifierOutput verify(const GoblinProof&); private: Builder* builder; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp index ff68204e443d..a668e00f82e1 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp @@ -123,8 +123,9 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) Builder builder; GoblinRecursiveVerifier verifier{ &builder, verifier_input }; - verifier.verify(proof); + GoblinRecursiveVerifierOutput goblin_rec_verifier_output = verifier.verify(proof); + static_cast(goblin_rec_verifier_output); // EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == // -opening_claim.commitment.get_value.*)"); } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp index 593564fe4eda..6f3ea52555cf 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp @@ -19,7 +19,7 @@ std::array::Element, 2> MergeRecursiveVerifier_ stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); transcript = std::make_shared(stdlib_proof); // Receive commitments [t_i^{shift}], [T_{i-1}], and [T_i] diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp index 3bbb2611cfbc..8e9a4cb4998b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp @@ -19,7 +19,7 @@ std::array DeciderRecursiveVerifier_:: using VerifierCommitments = typename Flavor::VerifierCommitments; using Transcript = typename Flavor::Transcript; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); transcript = std::make_shared(stdlib_proof); VerifierCommitments commitments{ accumulator->verification_key, accumulator->witness_commitments }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp index 26c2297b41d4..2bd074dfd974 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp @@ -27,7 +27,7 @@ template UltraRecursiveVerifier_::AggregationObject UltraRecursiveVerifier_::verify_proof( const HonkProof& proof, AggregationObject agg_obj) { - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); return verify_proof(stdlib_proof, agg_obj); } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp index 84a1b22d0364..81586173b6c5 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp @@ -203,7 +203,8 @@ template class ProtogalaxyRecursiveTests : public tes auto recursive_decider_vk_1 = std::make_shared(&folding_circuit, decider_vk_1); auto recursive_decider_vk_2 = std::make_shared(&folding_circuit, decider_vk_2->verification_key); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&folding_circuit, folding_proof.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&folding_circuit, folding_proof.proof); auto verifier = FoldingRecursiveVerifier{ &folding_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; @@ -292,7 +293,8 @@ template class ProtogalaxyRecursiveTests : public tes auto recursive_decider_vk_1 = std::make_shared(&folding_circuit, decider_vk_1); auto recursive_decider_vk_2 = std::make_shared(&folding_circuit, decider_vk_2->verification_key); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&folding_circuit, folding_proof.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&folding_circuit, folding_proof.proof); auto verifier = FoldingRecursiveVerifier{ &folding_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; @@ -398,7 +400,8 @@ template class ProtogalaxyRecursiveTests : public tes std::make_shared(&folding_circuit, verifier_accumulator); auto recursive_decider_vk_2 = std::make_shared(&folding_circuit, verifier_inst->verification_key); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&folding_circuit, folding_proof.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&folding_circuit, folding_proof.proof); auto verifier = FoldingRecursiveVerifier{ &folding_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; @@ -436,7 +439,8 @@ template class ProtogalaxyRecursiveTests : public tes auto recursive_decider_vk_1 = std::make_shared(&verifier_circuit, honk_vk_1); auto recursive_decider_vk_2 = std::make_shared(&verifier_circuit, honk_vk_2); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&verifier_circuit, fold_result.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&verifier_circuit, fold_result.proof); auto verifier = FoldingRecursiveVerifier{ &verifier_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp index 0344b1f88353..debefb03a5d6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp @@ -111,7 +111,7 @@ TEST(RecursiveHonkTranscript, InterfacesMatch) EXPECT_EQ(prover_transcript.get_manifest(), native_transcript.get_manifest()); // Instantiate a stdlib Transcript and perform the same operations - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript transcript{ stdlib_proof }; perform_mock_verifier_transcript_operations(transcript); @@ -164,7 +164,7 @@ TEST(RecursiveHonkTranscript, ReturnValuesMatch) auto [native_alpha, native_beta] = native_transcript.template get_challenges("alpha", "beta"); // Perform the same operations with the stdlib verifier transcript - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript stdlib_transcript{ stdlib_proof }; auto stdlib_scalar = stdlib_transcript.template receive_from_prover("scalar"); auto stdlib_commitment = stdlib_transcript.template receive_from_prover("commitment"); @@ -210,7 +210,7 @@ TEST(RecursiveTranscript, InfinityConsistencyGrumpkin) verifier_transcript.receive_from_prover("infinity"); auto verifier_challenge = verifier_transcript.get_challenge("challenge"); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript stdlib_transcript{ stdlib_proof }; auto stdlib_infinity = stdlib_transcript.receive_from_prover("infinity"); EXPECT_TRUE(stdlib_infinity.is_point_at_infinity().get_value()); @@ -248,7 +248,7 @@ TEST(RecursiveTranscript, InfinityConsistencyBN254) verifier_transcript.receive_from_prover("infinity"); auto verifier_challenge = verifier_transcript.get_challenge("challenge"); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript stdlib_transcript{ stdlib_proof }; auto stdlib_commitment = stdlib_transcript.receive_from_prover("infinity"); EXPECT_TRUE(stdlib_commitment.is_point_at_infinity().get_value()); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp index 2849fdd48b51..ce321b18ea89 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp @@ -66,7 +66,7 @@ std::array TranslatorRecursiveVerifier_ stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); transcript->load_proof(stdlib_proof); batching_challenge_v = transcript->template get_challenge("Translation:batching_challenge"); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp index 27de41a35d3a..1e2ab4beac0e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp @@ -75,7 +75,7 @@ template class TranslatorRecursiveTests : public ::te OuterBuilder outer_circuit; // Mock a previous verifier that would in reality be the ECCVM recursive verifier - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&outer_circuit, fake_inital_proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&outer_circuit, fake_inital_proof); auto transcript = std::make_shared(stdlib_proof); transcript->template receive_from_prover("init"); diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp index 821339329fcc..5e7db5a2f478 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp @@ -331,6 +331,8 @@ class UltraCircuitBuilder_ : public CircuitBuilderBase ipa_proof; + void process_non_native_field_multiplications(); UltraCircuitBuilder_(const size_t size_hint = 0) : CircuitBuilderBase(size_hint) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 1fc4281c7936..e524d22fb623 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -354,6 +354,7 @@ class UltraFlavor { bool contains_ipa_claim; IPAClaimPubInputIndices ipa_claim_public_input_indices; + HonkProof ipa_proof; ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index 06f69bdcb131..fa7853a3d962 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -441,7 +441,7 @@ template class BaseTranscript { }; template -static bb::StdlibProof convert_proof_to_witness(Builder* builder, const HonkProof& proof) +static bb::StdlibProof convert_native_proof_to_stdlib(Builder* builder, const HonkProof& proof) { bb::StdlibProof result; for (const auto& element : proof) { @@ -450,6 +450,15 @@ static bb::StdlibProof convert_proof_to_witness(Builder* builder, const return result; } +template static bb::HonkProof convert_stdlib_proof_to_native(const StdlibProof& proof) +{ + bb::HonkProof result; + for (const auto& element : proof) { + result.push_back(element.get_value()); + } + return result; +} + using NativeTranscript = BaseTranscript; /////////////////////////////////////////// diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 5c0e42ec9007..02101aae370e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -306,6 +306,7 @@ template class DeciderProvingKey_ { if constexpr (DoesRecursiveIPA) { // Set the IPA claim indices proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; proving_key.contains_ipa_claim = circuit.contains_ipa_claim; + proving_key.ipa_proof = circuit.ipa_proof; } // Set the pairing point accumulator indices proving_key.pairing_point_accumulator_public_input_indices = diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp index d61e6d7f0be2..71518f7b6cf5 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp @@ -48,7 +48,7 @@ template AvmRecursiveVerifier_::AggregationObject AvmRecursiveVerifier_::verify_proof( const HonkProof& proof, const std::vector>& public_inputs_vec_nt, AggregationObject agg_obj) { - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); std::vector> public_inputs_ct; public_inputs_ct.reserve(public_inputs_vec_nt.size()); From 36a7cf16db28ce0d0770eddf85f85bf43a02b0cd Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Sat, 16 Nov 2024 00:22:42 +0000 Subject: [PATCH 15/29] add ipa verification to native UltraVerifier --- .../commitment_schemes/ipa/ipa.hpp | 8 +++--- .../ultra_honk/ultra_verifier.cpp | 27 +++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 933b7ca65539..c3e5bae67052 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -794,9 +794,6 @@ template class IPA { for (Fr u_inv_i : pair_2.u_challenges_inv) { native_u_challenges_inv_2.push_back(bb::fq(u_inv_i.get_value())); } - // Add IPA Claim to public inputs of circuit - Builder* builder = r.get_context(); - builder->add_ipa_claim(output_claim.get_witness_indices()); // Compute proof for the claim auto prover_transcript = std::make_shared(); @@ -808,6 +805,11 @@ template class IPA { IPA::compute_opening_proof(ck, { challenge_poly, opening_pair }, prover_transcript); + // Since we know this circuit will not have any more IPA claims to accumulate, add IPA Claim to public inputs of circuit and add the proof to the builder. + Builder* builder = r.get_context(); + builder->add_ipa_claim(output_claim.get_witness_indices()); + builder->ipa_proof = prover_transcript->proof_data; + return {output_claim, prover_transcript->proof_data}; } }; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index d43f4cadb1c8..0579f783e91f 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -22,6 +22,33 @@ template bool UltraVerifier_::verify_proof(const HonkP transcript->template get_challenge("Sumcheck:gate_challenge_" + std::to_string(idx))); } + const auto recover_fq_from_public_inputs = [](std::array limbs) { + const uint256_t limb = uint256_t(limbs[0]) + + (uint256_t(limbs[1]) << stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION) + + (uint256_t(limbs[2]) << (stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION * 2)) + + (uint256_t(limbs[3]) << (stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION * 3)); + return fq(limb); + }; + + // Parse out the nested IPA claim using key->ipa_claim_public_input_indices + if constexpr (DoesRecursiveIPA) { + if (verification_key->verification_key->contains_ipa_claim) { + OpeningClaim ipa_claim; + std::array bigfield_limbs; + for (size_t k = 0; k < 4; k++) { + bigfield_limbs[k] = + verification_key + ->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[k]]; + } + ipa_claim.opening_pair.challenge = recover_fq_from_public_inputs(bigfield_limbs); + ipa_claim.opening_pair.evaluation = 0; + ipa_claim.commitment = { + verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[4]], + verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[5]] + }; + } + } + DeciderVerifier decider_verifier{ verification_key, transcript }; return decider_verifier.verify(); From d1cd1cd8b5d0f3af4c46177a03ad9ebb47bc8ace Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 17:49:20 +0000 Subject: [PATCH 16/29] add native verifier to client ivc recursive verifier test --- .../client_ivc_recursive_verifier.test.cpp | 7 ++++++- .../barretenberg/ultra_honk/ultra_verifier.cpp | 15 ++++++++++++++- .../barretenberg/ultra_honk/ultra_verifier.hpp | 3 +-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index a8a57db3722d..20f4bf6b78ca 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -126,8 +126,13 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) UltraProver tube_prover{ proving_key }; auto native_tube_proof = tube_prover.construct_proof(); - Builder base_builder; + // Natively verify the tube proof auto native_vk = std::make_shared(proving_key->proving_key); + UltraVerifier native_verifier(native_vk); + EXPECT_TRUE(native_verifier.verify_proof(native_tube_proof, tube_prover.proving_key->proving_key.ipa_proof)); + + // Construct a base rollup circuit that recursively verifies the tube proof. + Builder base_builder; auto vk = std::make_shared(&base_builder, native_vk); auto tube_proof = bb::convert_native_proof_to_stdlib(&base_builder, native_tube_proof); UltraRecursiveVerifier base_verifier{ &base_builder, vk }; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 0579f783e91f..a4c50f85b3bf 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -1,4 +1,5 @@ #include "./ultra_verifier.hpp" +#include "barretenberg/commitment_schemes/ipa/ipa.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/transcript/transcript.hpp" #include "barretenberg/ultra_honk/oink_verifier.hpp" @@ -9,7 +10,7 @@ namespace bb { * @brief This function verifies an Ultra Honk proof for a given Flavor. * */ -template bool UltraVerifier_::verify_proof(const HonkProof& proof) +template bool UltraVerifier_::verify_proof(const HonkProof& proof, const HonkProof& ipa_proof) { using FF = typename Flavor::FF; @@ -46,6 +47,18 @@ template bool UltraVerifier_::verify_proof(const HonkP verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[4]], verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[5]] }; + + // verify the ipa_proof with this claim + auto crs_factory = std::make_shared>( + "../srs_db/grumpkin", (1 << CONST_ECCVM_LOG_N)); + auto grumpkin_verifier_commitment_key = + std::make_shared>((1 << CONST_ECCVM_LOG_N), crs_factory); + auto ipa_transcript = std::make_shared(ipa_proof); + bool ipa_result = + IPA::reduce_verify(grumpkin_verifier_commitment_key, ipa_claim, ipa_transcript); + if (!ipa_result) { + return false; + } } } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index 7365303b6552..70a3f4155487 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -12,7 +12,6 @@ template class UltraVerifier_ { using FF = typename Flavor::FF; using Commitment = typename Flavor::Commitment; using VerificationKey = typename Flavor::VerificationKey; - using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Transcript = typename Flavor::Transcript; using DeciderVK = DeciderVerificationKey_; using DeciderVerifier = DeciderVerifier_; @@ -22,7 +21,7 @@ template class UltraVerifier_ { : verification_key(std::make_shared(verifier_key)) {} - bool verify_proof(const HonkProof& proof); + bool verify_proof(const HonkProof& proof, const HonkProof& ipa_proof = {}); std::shared_ptr transcript{ nullptr }; std::shared_ptr verification_key; From 9d34263422a75b14a3c99186249e3e20d561d47c Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 18:44:39 +0000 Subject: [PATCH 17/29] update some tests --- barretenberg/cpp/CMakeLists.txt | 2 +- .../src/barretenberg/commitment_schemes/claim.hpp | 10 ++++++++++ .../goblin_recursive_verifier.test.cpp | 13 ++++++++++--- .../flavor_serialization.test.cpp | 5 ----- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/barretenberg/cpp/CMakeLists.txt b/barretenberg/cpp/CMakeLists.txt index d911924130a8..302e997f4340 100644 --- a/barretenberg/cpp/CMakeLists.txt +++ b/barretenberg/cpp/CMakeLists.txt @@ -27,7 +27,7 @@ endif(DOXYGEN_FOUND) option(DISABLE_ASM "Disable custom assembly" OFF) option(DISABLE_ADX "Disable ADX assembly variant" OFF) -option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON) +option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF) option(MULTITHREADING "Enable multi-threading" ON) option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF) option(FUZZING "Build ONLY fuzzing harnesses" OFF) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 8ae0917576ba..f039e6a7f3b2 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -67,6 +67,16 @@ template class OpeningClaim { commitment.x.normalize().witness_index, // no idea if we need these normalize() calls... commitment.y.normalize().witness_index }; } + + auto get_native_opening_claim() const + requires(Curve::is_stdlib_type) + { + return OpeningClaim{ + { static_cast(opening_pair.challenge.get_value()), + static_cast(opening_pair.evaluation.get_value()) }, + commitment.get_value() + }; + } /** * @brief inefficiently check that the claim is correct by recomputing the commitment * and evaluating the polynomial in r. diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp index a668e00f82e1..a7f9512ec9bc 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp @@ -125,9 +125,16 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) GoblinRecursiveVerifier verifier{ &builder, verifier_input }; GoblinRecursiveVerifierOutput goblin_rec_verifier_output = verifier.verify(proof); - static_cast(goblin_rec_verifier_output); - // EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == - // -opening_claim.commitment.get_value.*)"); + auto crs_factory = + std::make_shared>("../srs_db/grumpkin", 1 << CONST_ECCVM_LOG_N); + auto grumpkin_verifier_commitment_key = + std::make_shared>(1 << CONST_ECCVM_LOG_N, crs_factory); + OpeningClaim native_claim = goblin_rec_verifier_output.opening_claim.get_native_opening_claim(); + auto native_ipa_transcript = std::make_shared( + convert_stdlib_proof_to_native(goblin_rec_verifier_output.ipa_transcript->proof_data)); + + EXPECT_FALSE( + IPA::reduce_verify(grumpkin_verifier_commitment_key, native_claim, native_ipa_transcript)); } /** diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp index 2b5de9630ef8..162385bdcbab 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp @@ -47,11 +47,6 @@ TYPED_TEST(FlavorSerializationTests, VerificationKeySerialization) // Set the pcs ptr to null since this will not be reconstructed correctly from buffer original_vkey.pcs_verification_key = nullptr; - // probably not needed - if constexpr (DoesRecursiveIPA) { - original_vkey.contains_ipa_claim = 0; - original_vkey.ipa_claim_public_input_indices = std::array{ 0, 0, 0, 0, 0, 0 }; - } // Populate some non-zero values in the databus_propagation_data to ensure its being handled if constexpr (IsMegaBuilder) { original_vkey.databus_propagation_data.app_return_data_public_input_idx = 2; From e260b878ef6ffd4cd0509cf0f8e13a2253242495 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 18:46:08 +0000 Subject: [PATCH 18/29] update avm file --- bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs b/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs index 3e7d779b5237..80e5538a7d12 100644 --- a/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs +++ b/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs @@ -48,7 +48,7 @@ template {{name}}RecursiveVerifier_::AggregationObject {{name}}RecursiveVerifier_::verify_proof( const HonkProof& proof, const std::vector>& public_inputs_vec_nt, AggregationObject agg_obj) { - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); std::vector> public_inputs_ct; public_inputs_ct.reserve(public_inputs_vec_nt.size()); From dfc0b8188730baffb8dfea0553e0648ff08cb145 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 21:53:00 +0000 Subject: [PATCH 19/29] Remove long client ivc rec verifier output name --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 3 +-- .../client_ivc_recursive_verifier.cpp | 3 +-- .../client_ivc_recursive_verifier.hpp | 4 ++-- .../client_ivc_recursive_verifier.test.cpp | 9 ++++++--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 311bf8feff71..462b8e960729 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -590,8 +590,7 @@ void prove_tube(const std::string& output_path) } ClientIVC verifier{ builder, input }; - stdlib::recursion::honk::ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput - client_ivc_rec_verifier_output = verifier.verify(proof); + ClientIVC::Output client_ivc_rec_verifier_output = verifier.verify(proof); PairingPointAccumulatorIndices current_aggregation_object = stdlib::recursion::init_default_agg_obj_indices(*builder); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 08e171d1d542..90a7df0e8941 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -8,8 +8,7 @@ namespace bb::stdlib::recursion::honk { * @todo (https://github.com/AztecProtocol/barretenberg/issues/934): Add logic for accumulating the pairing points * produced by the verifiers (and potentially IPA accumulators for ECCVM verifier) */ -ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput ClientIVCRecursiveVerifier::verify( - const ClientIVC::Proof& proof) +ClientIVCRecursiveVerifier::Output ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) { // Construct stdlib Mega verification key auto stdlib_mega_vk = diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp index d38b89d62321..4381b1f5fafe 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp @@ -21,7 +21,7 @@ class ClientIVCRecursiveVerifier { using Proof = ClientIVC::Proof; using FoldVerifierInput = FoldingVerifier::VerifierInput; using GoblinVerifierInput = GoblinVerifier::VerifierInput; - using ClientIVCRecursiveVerifierOutput = GoblinRecursiveVerifierOutput; + using Output = GoblinRecursiveVerifierOutput; struct VerifierInput { std::shared_ptr mega_verification_key; @@ -32,7 +32,7 @@ class ClientIVCRecursiveVerifier { : builder(builder) , verifier_input(verifier_input){}; - ClientIVCRecursiveVerifierOutput verify(const ClientIVC::Proof&); + Output verify(const ClientIVC::Proof&); private: std::shared_ptr builder; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 20f4bf6b78ca..9da1600ae8f5 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -74,6 +74,8 @@ TEST_F(ClientIVCRecursionTests, NativeVerification) */ TEST_F(ClientIVCRecursionTests, Basic) { + using CIVCRecVerifierOutput = ClientIVCRecursiveVerifier::Output; + // Generate a genuine ClientIVC prover output ClientIVC ivc{ {}, /*auto_verify_mode=*/true }; auto [proof, verifier_input] = construct_client_ivc_prover_output(ivc); @@ -83,7 +85,7 @@ TEST_F(ClientIVCRecursionTests, Basic) ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit - ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput output = verifier.verify(proof); + CIVCRecVerifierOutput output = verifier.verify(proof); EXPECT_EQ(builder->failed(), false) << builder->err(); @@ -95,6 +97,8 @@ TEST_F(ClientIVCRecursionTests, Basic) TEST_F(ClientIVCRecursionTests, ClientTubeBase) { + using CIVCRecVerifierOutput = ClientIVCRecursiveVerifier::Output; + // Generate a genuine ClientIVC prover output ClientIVC ivc{ {}, /*auto_verify_mode=*/true }; auto [proof, verifier_input] = construct_client_ivc_prover_output(ivc); @@ -104,8 +108,7 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) ClientIVCVerifier verifier{ tube_builder, verifier_input }; // Generate the recursive verification circuit - ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput client_ivc_rec_verifier_output = - verifier.verify(proof); + CIVCRecVerifierOutput client_ivc_rec_verifier_output = verifier.verify(proof); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): fix this by taking it from the output instead of // just using default. From ea3f929c4b44899f928c9b797f330c5a2c4429d2 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 22:27:46 +0000 Subject: [PATCH 20/29] add TODO --- barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index f039e6a7f3b2..27917a072faa 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -60,6 +60,8 @@ template class OpeningClaim { opening_pair.challenge.binary_basis_limbs[1].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[2].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[3].element.normalize().witness_index, + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1153): Uncomment this when we turn the + // eval into witnesses. // opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, // opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, // opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, From f8e919721a19a2787f287a964dad0608bb9e8b4e Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 22:27:57 +0000 Subject: [PATCH 21/29] rename concept --- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 2 +- .../cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp | 2 +- barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 9e2544e450b1..0ea704d2eda7 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -380,7 +380,7 @@ template concept HasDataBus = IsMegaFlavor; template -concept DoesRecursiveIPA = IsAnyOf; +concept HasIPAAccumulatorFlavor = IsAnyOf; template concept IsRecursiveFlavor = IsAnyOf, diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index a9c2d8ba92fd..e3f2c6a3a636 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -307,7 +307,7 @@ template class DeciderProvingKey_ { proving_key.public_inputs.emplace_back(proving_key.polynomials.w_r[idx]); } - if constexpr (DoesRecursiveIPA) { // Set the IPA claim indices + if constexpr (HasIPAAccumulatorFlavor) { // Set the IPA claim indices proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; proving_key.contains_ipa_claim = circuit.contains_ipa_claim; proving_key.ipa_proof = circuit.ipa_proof; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index a4c50f85b3bf..672d0a3f2fae 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -32,7 +32,7 @@ template bool UltraVerifier_::verify_proof(const HonkP }; // Parse out the nested IPA claim using key->ipa_claim_public_input_indices - if constexpr (DoesRecursiveIPA) { + if constexpr (HasIPAAccumulatorFlavor) { if (verification_key->verification_key->contains_ipa_claim) { OpeningClaim ipa_claim; std::array bigfield_limbs; From 2adab6177ba31d7ffa8c712fb354a678ae56a19a Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 22:47:03 +0000 Subject: [PATCH 22/29] addressed comments --- .../plonk_honk_shared/types/aggregation_object_type.hpp | 4 ++-- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp | 4 ---- .../stdlib_circuit_builders/circuit_builder_base.hpp | 2 -- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index f8662b9821aa..99608cc626ff 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -7,14 +7,14 @@ namespace bb { // An aggregation state is represented by two G1 affine elements. Each G1 point has // two field element coordinates (x, y). Thus, four base field elements // Four limbs are used when simulating a non-native field using the bigfield class, so 16 total field elements. -constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; +static constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; // PairingPointAccumulatorIndices represents an array of 16 witness indices pointing to the nested aggregation object. using PairingPointAccumulatorIndices = std::array; // PairingPointAccumulatorPubInputIndices represents an array of 16 public input indices pointing to the witness indices // of the nested aggregation object. using PairingPointAccumulatorPubInputIndices = std::array; -constexpr uint32_t IPA_CLAIM_SIZE = 6; +static constexpr uint32_t IPA_CLAIM_SIZE = 6; using IPAClaimIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index 9bd8ce5a3b2b..a94224828541 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -145,10 +145,6 @@ ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); - // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. - // const typename PCS::VerifierAccumulator batched_opening_accumulator = - // PCS::reduce_verify(batch_opening_claim, ipa_transcript); - ASSERT(sumcheck_verified); return { batch_opening_claim, ipa_transcript }; } diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index f1b85d97e1bf..28b2c9ad8f67 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -44,8 +44,6 @@ template class CircuitBuilderBase { IPAClaimPubInputIndices ipa_claim_public_input_indices; bool contains_ipa_claim = false; - uint32_t ipa_verifier_count = 0; - // We know from the CLI arguments during proving whether a circuit should use a prover which produces // proofs that are friendly to verify in a circuit themselves. A verifier does not need a full circuit // description and should be able to verify a proof with just the verification key and the proof. From b96488cb599ef5856455e16fdd5353f0dab54669 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 00:06:18 +0000 Subject: [PATCH 23/29] forgotten comment --- barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 672d0a3f2fae..d1358c436a2c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -31,7 +31,7 @@ template bool UltraVerifier_::verify_proof(const HonkP return fq(limb); }; - // Parse out the nested IPA claim using key->ipa_claim_public_input_indices + // Parse out the nested IPA claim using key->ipa_claim_public_input_indices and runs the native IPA verifier. if constexpr (HasIPAAccumulatorFlavor) { if (verification_key->verification_key->contains_ipa_claim) { OpeningClaim ipa_claim; From 0f35e51e3b089cb939727d155f6d3a86202868f5 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 00:32:22 +0000 Subject: [PATCH 24/29] try fixing verify_tube flow --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 7 ++++--- .../cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 7 +------ .../cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp | 6 +++++- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 462b8e960729..33b0fec30134 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -1136,14 +1136,15 @@ template bool verify_honk(const std::string& proof_path, { using VerificationKey = Flavor::VerificationKey; using Verifier = UltraVerifier_; - using VerifierCommitmentKey = bb::VerifierCommitmentKey; auto g2_data = get_bn254_g2_data(CRS_PATH); srs::init_crs_factory({}, g2_data); auto proof = from_buffer>(read_file(proof_path)); auto vk = std::make_shared(from_buffer(read_file(vk_path))); - vk->pcs_verification_key = std::make_shared(); - Verifier verifier{ vk }; + vk->pcs_verification_key = std::make_shared>(); + + auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); + Verifier verifier{ vk, ipa_verification_key }; bool verified = verifier.verify_proof(proof); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index d1358c436a2c..820aeee03a6a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -49,13 +49,8 @@ template bool UltraVerifier_::verify_proof(const HonkP }; // verify the ipa_proof with this claim - auto crs_factory = std::make_shared>( - "../srs_db/grumpkin", (1 << CONST_ECCVM_LOG_N)); - auto grumpkin_verifier_commitment_key = - std::make_shared>((1 << CONST_ECCVM_LOG_N), crs_factory); auto ipa_transcript = std::make_shared(ipa_proof); - bool ipa_result = - IPA::reduce_verify(grumpkin_verifier_commitment_key, ipa_claim, ipa_transcript); + bool ipa_result = IPA::reduce_verify(ipa_verification_key, ipa_claim, ipa_transcript); if (!ipa_result) { return false; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index 70a3f4155487..01b1ec5cc156 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -17,14 +17,18 @@ template class UltraVerifier_ { using DeciderVerifier = DeciderVerifier_; public: - explicit UltraVerifier_(const std::shared_ptr& verifier_key) + explicit UltraVerifier_( + const std::shared_ptr& verifier_key, + const std::shared_ptr>& ipa_verification_key = nullptr) : verification_key(std::make_shared(verifier_key)) + , ipa_verification_key(ipa_verification_key) {} bool verify_proof(const HonkProof& proof, const HonkProof& ipa_proof = {}); std::shared_ptr transcript{ nullptr }; std::shared_ptr verification_key; + std::shared_ptr> ipa_verification_key; }; using UltraVerifier = UltraVerifier_; From 790fa11456b3ee84a4f4e6f9c69d73123b70c166 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 02:27:38 +0000 Subject: [PATCH 25/29] fix tests --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 11 +++++++++-- .../client_ivc_recursive_verifier.test.cpp | 3 ++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 33b0fec30134..369c00b41732 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -626,8 +626,9 @@ void prove_tube(const std::string& output_path) write_file(tubeAsFieldsVkPath, { data.begin(), data.end() }); info("Native verification of the tube_proof"); - Verifier tube_verifier(tube_verification_key); - bool verified = tube_verifier.verify_proof(tube_proof); + auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); + Verifier tube_verifier(tube_verification_key, ipa_verification_key); + bool verified = tube_verifier.verify_proof(tube_proof, builder->ipa_proof); info("Tube proof verification: ", verified); } @@ -1146,6 +1147,11 @@ template bool verify_honk(const std::string& proof_path, auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); Verifier verifier{ vk, ipa_verification_key }; + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1154): Remove this and pass in the IPA proof to the + // verifier. + if constexpr (HasIPAAccumulatorFlavor) { + vk->contains_ipa_claim = false; + } bool verified = verifier.verify_proof(proof); vinfo("verified: ", verified); @@ -1492,6 +1498,7 @@ int main(int argc, char* argv[]) std::string output_path = get_option(args, "-o", "./target"); auto tube_proof_path = output_path + "/proof"; auto tube_vk_path = output_path + "/vk"; + init_grumpkin_crs(1 << 16); return verify_honk(tube_proof_path, tube_vk_path) ? 0 : 1; } else if (command == "gates") { gateCount(bytecode_path, recursive, honk_recursion); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 9da1600ae8f5..436e62b88a83 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -131,7 +131,8 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) // Natively verify the tube proof auto native_vk = std::make_shared(proving_key->proving_key); - UltraVerifier native_verifier(native_vk); + auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); + UltraVerifier native_verifier(native_vk, ipa_verification_key); EXPECT_TRUE(native_verifier.verify_proof(native_tube_proof, tube_prover.proving_key->proving_key.ipa_proof)); // Construct a base rollup circuit that recursively verifies the tube proof. From 13de7efbb7f955de559789872b2da903c296e26c Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 04:00:58 +0000 Subject: [PATCH 26/29] fix acir tests hopefully --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 369c00b41732..7648a9dbdbe0 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -1144,14 +1144,16 @@ template bool verify_honk(const std::string& proof_path, auto vk = std::make_shared(from_buffer(read_file(vk_path))); vk->pcs_verification_key = std::make_shared>(); - auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); - Verifier verifier{ vk, ipa_verification_key }; - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1154): Remove this and pass in the IPA proof to the // verifier. + std::shared_ptr> ipa_verification_key = nullptr; if constexpr (HasIPAAccumulatorFlavor) { + init_grumpkin_crs(1 << 16); vk->contains_ipa_claim = false; + ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); } + Verifier verifier{ vk, ipa_verification_key }; + bool verified = verifier.verify_proof(proof); vinfo("verified: ", verified); @@ -1498,7 +1500,6 @@ int main(int argc, char* argv[]) std::string output_path = get_option(args, "-o", "./target"); auto tube_proof_path = output_path + "/proof"; auto tube_vk_path = output_path + "/vk"; - init_grumpkin_crs(1 << 16); return verify_honk(tube_proof_path, tube_vk_path) ? 0 : 1; } else if (command == "gates") { gateCount(bytecode_path, recursive, honk_recursion); From 8db7bed775e3ac816d61475bfe00215f41ba4542 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 18:59:38 +0000 Subject: [PATCH 27/29] new flavor for rollup --- .../cpp/src/barretenberg/flavor/flavor.hpp | 3 +- .../ultra_rollup_flavor.hpp | 166 ++++++++++++++++++ 2 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 0ea704d2eda7..0ff47ff017e9 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -323,6 +323,7 @@ template constexpr auto create_tuple_of_arrays_of_values() namespace bb { class UltraFlavor; class UltraFlavorWithZK; +class UltraRollupFlavor; class ECCVMFlavor; class UltraKeccakFlavor; class MegaFlavor; @@ -380,7 +381,7 @@ template concept HasDataBus = IsMegaFlavor; template -concept HasIPAAccumulatorFlavor = IsAnyOf; +concept HasIPAAccumulatorFlavor = IsAnyOf; template concept IsRecursiveFlavor = IsAnyOf, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp new file mode 100644 index 000000000000..75a6821a67bc --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp @@ -0,0 +1,166 @@ +#pragma once +#include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" + +namespace bb { + +class UltraRollupFlavor : public bb::UltraFlavor { + public: + class ProvingKey : public UltraFlavor::ProvingKey { + public: + bool contains_ipa_claim; + IPAClaimPubInputIndices ipa_claim_public_input_indices; + HonkProof ipa_proof; + }; + + /** + * @brief The verification key is responsible for storing the commitments to the precomputed (non-witnessk) + * polynomials used by the verifier. + * + * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve + * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our + * circuits. + */ + class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { + public: + bool contains_ipa_claim; + IPAClaimPubInputIndices ipa_claim_public_input_indices; + + bool operator==(const VerificationKey&) const = default; + VerificationKey() = default; + VerificationKey(const size_t circuit_size, const size_t num_public_inputs) + : VerificationKey_(circuit_size, num_public_inputs) + {} + VerificationKey(ProvingKey& proving_key) + : contains_ipa_claim(proving_key.contains_ipa_claim) + , ipa_claim_public_input_indices(proving_key.ipa_claim_public_input_indices) + { + this->pcs_verification_key = std::make_shared(); + this->circuit_size = proving_key.circuit_size; + this->log_circuit_size = numeric::get_msb(this->circuit_size); + this->num_public_inputs = proving_key.num_public_inputs; + this->pub_inputs_offset = proving_key.pub_inputs_offset; + this->contains_pairing_point_accumulator = proving_key.contains_pairing_point_accumulator; + this->pairing_point_accumulator_public_input_indices = + proving_key.pairing_point_accumulator_public_input_indices; + + if (proving_key.commitment_key == nullptr) { + proving_key.commitment_key = std::make_shared(proving_key.circuit_size); + } + for (auto [polynomial, commitment] : zip_view(proving_key.polynomials.get_precomputed(), this->get_all())) { + commitment = proving_key.commitment_key->commit(polynomial); + } + } + // TODO(https://github.com/AztecProtocol/barretenberg/issues/964): Clean the boilerplate + // up. + VerificationKey(const uint64_t circuit_size, + const uint64_t num_public_inputs, + const uint64_t pub_inputs_offset, + const bool contains_pairing_point_accumulator, + const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, + const bool contains_ipa_claim, + const IPAClaimPubInputIndices& ipa_claim_public_input_indices, + const Commitment& q_m, + const Commitment& q_c, + const Commitment& q_l, + const Commitment& q_r, + const Commitment& q_o, + const Commitment& q_4, + const Commitment& q_arith, + const Commitment& q_delta_range, + const Commitment& q_elliptic, + const Commitment& q_aux, + const Commitment& q_lookup, + const Commitment& q_poseidon2_external, + const Commitment& q_poseidon2_internal, + const Commitment& sigma_1, + const Commitment& sigma_2, + const Commitment& sigma_3, + const Commitment& sigma_4, + const Commitment& id_1, + const Commitment& id_2, + const Commitment& id_3, + const Commitment& id_4, + const Commitment& table_1, + const Commitment& table_2, + const Commitment& table_3, + const Commitment& table_4, + const Commitment& lagrange_first, + const Commitment& lagrange_last) + : contains_ipa_claim(contains_ipa_claim) + , ipa_claim_public_input_indices(ipa_claim_public_input_indices) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(this->circuit_size); + this->num_public_inputs = num_public_inputs; + this->pub_inputs_offset = pub_inputs_offset; + this->contains_pairing_point_accumulator = contains_pairing_point_accumulator; + this->pairing_point_accumulator_public_input_indices = pairing_point_accumulator_public_input_indices; + this->q_m = q_m; + this->q_c = q_c; + this->q_l = q_l; + this->q_r = q_r; + this->q_o = q_o; + this->q_4 = q_4; + this->q_arith = q_arith; + this->q_delta_range = q_delta_range; + this->q_elliptic = q_elliptic; + this->q_aux = q_aux; + this->q_lookup = q_lookup; + this->q_poseidon2_external = q_poseidon2_external; + this->q_poseidon2_internal = q_poseidon2_internal; + this->sigma_1 = sigma_1; + this->sigma_2 = sigma_2; + this->sigma_3 = sigma_3; + this->sigma_4 = sigma_4; + this->id_1 = id_1; + this->id_2 = id_2; + this->id_3 = id_3; + this->id_4 = id_4; + this->table_1 = table_1; + this->table_2 = table_2; + this->table_3 = table_3; + this->table_4 = table_4; + this->lagrange_first = lagrange_first; + this->lagrange_last = lagrange_last; + } + + // For serialising and deserialising data + MSGPACK_FIELDS(circuit_size, + log_circuit_size, + num_public_inputs, + pub_inputs_offset, + contains_pairing_point_accumulator, + pairing_point_accumulator_public_input_indices, + contains_ipa_claim, + ipa_claim_public_input_indices, + q_m, + q_c, + q_l, + q_r, + q_o, + q_4, + q_arith, + q_delta_range, + q_elliptic, + q_aux, + q_lookup, + q_poseidon2_external, + q_poseidon2_internal, + sigma_1, + sigma_2, + sigma_3, + sigma_4, + id_1, + id_2, + id_3, + id_4, + table_1, + table_2, + table_3, + table_4, + lagrange_first, + lagrange_last); + }; +}; + +} // namespace bb From 7bdc4c95b6b95525b4e17bf14cb33f6d75d37418 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Wed, 20 Nov 2024 01:07:09 +0000 Subject: [PATCH 28/29] fix build after removing ipa stuff from UltraFlavor --- .../cpp/src/barretenberg/flavor/flavor.hpp | 5 +++-- .../client_ivc_recursive_verifier.test.cpp | 11 ++++++----- .../stdlib_circuit_builders/ultra_flavor.hpp | 15 --------------- .../ultra_rollup_flavor.hpp | 4 ++++ .../trace_to_polynomials/trace_to_polynomials.cpp | 2 ++ .../barretenberg/ultra_honk/decider_prover.cpp | 1 + .../barretenberg/ultra_honk/decider_prover.hpp | 1 + .../ultra_honk/decider_proving_key.cpp | 1 + .../ultra_honk/decider_proving_key.hpp | 1 + .../barretenberg/ultra_honk/decider_verifier.cpp | 1 + .../src/barretenberg/ultra_honk/oink_prover.cpp | 1 + .../src/barretenberg/ultra_honk/oink_verifier.cpp | 2 ++ .../src/barretenberg/ultra_honk/ultra_prover.cpp | 1 + .../src/barretenberg/ultra_honk/ultra_prover.hpp | 1 + .../barretenberg/ultra_honk/ultra_verifier.cpp | 1 + .../barretenberg/ultra_honk/ultra_verifier.hpp | 1 + 16 files changed, 27 insertions(+), 22 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index f660bd4195ce..b170033f7b22 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -358,10 +358,10 @@ template concept IsPlonkFlavor = IsAnyOf; template -concept IsUltraPlonkOrHonk = IsAnyOf; +concept IsUltraPlonkOrHonk = IsAnyOf; template -concept IsUltraFlavor = IsAnyOf; +concept IsUltraFlavor = IsAnyOf; template concept IsMegaFlavor = IsAnyOf concept IsECCVMRecursiveFlavor = IsAnyOf concept IsFoldingFlavor = IsAnyOf; - using NativeFlavor = Flavor::NativeFlavor; + using NativeFlavor = UltraRollupFlavor; using UltraRecursiveVerifier = UltraRecursiveVerifier_; static void SetUpTestSuite() @@ -125,18 +125,19 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) // EXPECT_TRUE(CircuitChecker::check(*tube_builder)); // Construct and verify a proof for the ClientIVC Recursive Verifier circuit - auto proving_key = std::make_shared>(*tube_builder); - UltraProver tube_prover{ proving_key }; + auto proving_key = std::make_shared>(*tube_builder); + UltraProver_ tube_prover{ proving_key }; auto native_tube_proof = tube_prover.construct_proof(); // Natively verify the tube proof - auto native_vk = std::make_shared(proving_key->proving_key); + auto native_vk_with_ipa = std::make_shared(proving_key->proving_key); auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); - UltraVerifier native_verifier(native_vk, ipa_verification_key); + UltraVerifier_ native_verifier(native_vk_with_ipa, ipa_verification_key); EXPECT_TRUE(native_verifier.verify_proof(native_tube_proof, tube_prover.proving_key->proving_key.ipa_proof)); // Construct a base rollup circuit that recursively verifies the tube proof. Builder base_builder; + auto native_vk = std::make_shared(proving_key->proving_key); auto vk = std::make_shared(&base_builder, native_vk); auto tube_proof = bb::convert_native_proof_to_stdlib(&base_builder, native_tube_proof); UltraRecursiveVerifier base_verifier{ &base_builder, vk }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index e524d22fb623..8d69028950ff 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -352,10 +352,6 @@ class UltraFlavor { public: using Base = ProvingKey_; - bool contains_ipa_claim; - IPAClaimPubInputIndices ipa_claim_public_input_indices; - HonkProof ipa_proof; - ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, const size_t num_public_inputs, @@ -442,17 +438,12 @@ class UltraFlavor { */ class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: - bool contains_ipa_claim; - IPAClaimPubInputIndices ipa_claim_public_input_indices; - bool operator==(const VerificationKey&) const = default; VerificationKey() = default; VerificationKey(const size_t circuit_size, const size_t num_public_inputs) : VerificationKey_(circuit_size, num_public_inputs) {} VerificationKey(ProvingKey& proving_key) - : contains_ipa_claim(proving_key.contains_ipa_claim) - , ipa_claim_public_input_indices(proving_key.ipa_claim_public_input_indices) { this->pcs_verification_key = std::make_shared(); this->circuit_size = proving_key.circuit_size; @@ -477,8 +468,6 @@ class UltraFlavor { const uint64_t pub_inputs_offset, const bool contains_pairing_point_accumulator, const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, - const bool contains_ipa_claim, - const IPAClaimPubInputIndices& ipa_claim_public_input_indices, const Commitment& q_m, const Commitment& q_c, const Commitment& q_l, @@ -506,8 +495,6 @@ class UltraFlavor { const Commitment& table_4, const Commitment& lagrange_first, const Commitment& lagrange_last) - : contains_ipa_claim(contains_ipa_claim) - , ipa_claim_public_input_indices(ipa_claim_public_input_indices) { this->circuit_size = circuit_size; this->log_circuit_size = numeric::get_msb(this->circuit_size); @@ -551,8 +538,6 @@ class UltraFlavor { pub_inputs_offset, contains_pairing_point_accumulator, pairing_point_accumulator_public_input_indices, - contains_ipa_claim, - ipa_claim_public_input_indices, q_m, q_c, q_l, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp index 75a6821a67bc..102b5ca6e633 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp @@ -5,8 +5,10 @@ namespace bb { class UltraRollupFlavor : public bb::UltraFlavor { public: + using UltraFlavor::UltraFlavor; class ProvingKey : public UltraFlavor::ProvingKey { public: + using UltraFlavor::ProvingKey::ProvingKey; bool contains_ipa_claim; IPAClaimPubInputIndices ipa_claim_public_input_indices; HonkProof ipa_proof; @@ -161,6 +163,8 @@ class UltraRollupFlavor : public bb::UltraFlavor { lagrange_first, lagrange_last); }; + + using VerifierCommitments = VerifierCommitments_; }; } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp b/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp index 0dc60e9438fb..f778a03c5033 100644 --- a/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp +++ b/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp @@ -4,6 +4,7 @@ #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" namespace bb { template void TraceToPolynomials::populate_public_inputs_block(Builder& builder) @@ -174,6 +175,7 @@ void TraceToPolynomials::add_ecc_op_wires_to_proving_key(Builder& builde template class TraceToPolynomials; template class TraceToPolynomials; +template class TraceToPolynomials; template class TraceToPolynomials; template class TraceToPolynomials; template class TraceToPolynomials; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp index bdee7b3d8cd4..60760a7c416d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp @@ -110,6 +110,7 @@ template HonkProof DeciderProver_::construct_proo } template class DeciderProver_; +template class DeciderProver_; template class DeciderProver_; template class DeciderProver_; template class DeciderProver_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp index b4f54e9cf968..1d8a7a854248 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp @@ -5,6 +5,7 @@ #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" #include "barretenberg/sumcheck/zk_sumcheck_data.hpp" #include "barretenberg/transcript/transcript.hpp" diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp index 93a00d5c37cf..e82b2ccacf9e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp @@ -189,6 +189,7 @@ void DeciderProvingKey_::move_structured_trace_overflow_to_overflow_bloc template class DeciderProvingKey_; template class DeciderProvingKey_; +template class DeciderProvingKey_; template class DeciderProvingKey_; template class DeciderProvingKey_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 77cabf182d95..442d4dcea534 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -8,6 +8,7 @@ #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" #include "barretenberg/trace_to_polynomials/trace_to_polynomials.hpp" namespace bb { diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp index 996df320f953..22e93f763600 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp @@ -89,6 +89,7 @@ template bool DeciderVerifier_::verify() template class DeciderVerifier_; template class DeciderVerifier_; +template class DeciderVerifier_; template class DeciderVerifier_; template class DeciderVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index cbea1470ab5e..1137e11addad 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -264,6 +264,7 @@ template typename Flavor::RelationSeparator OinkProver; template class OinkProver; +template class OinkProver; template class OinkProver; template class OinkProver; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index bd7aa34fb88f..8196f7f77e7a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -3,6 +3,7 @@ #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" namespace bb { @@ -160,6 +161,7 @@ template typename Flavor::RelationSeparator OinkVerifier< template class OinkVerifier; template class OinkVerifier; +template class OinkVerifier; template class OinkVerifier; template class OinkVerifier; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index b96d3d807488..152605af4b63 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -63,6 +63,7 @@ template HonkProof UltraProver_::construct_proof( template class UltraProver_; template class UltraProver_; +template class UltraProver_; template class UltraProver_; template class UltraProver_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index 1ad13e573747..11264c721622 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -3,6 +3,7 @@ #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" #include "barretenberg/transcript/transcript.hpp" #include "barretenberg/ultra_honk/decider_proving_key.hpp" diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 820aeee03a6a..ad8ed0139ee1 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -64,6 +64,7 @@ template bool UltraVerifier_::verify_proof(const HonkP template class UltraVerifier_; template class UltraVerifier_; +template class UltraVerifier_; template class UltraVerifier_; template class UltraVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index 01b1ec5cc156..effd6a3de947 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -32,6 +32,7 @@ template class UltraVerifier_ { }; using UltraVerifier = UltraVerifier_; +using UltraRollupVerifier = UltraVerifier_; using UltraKeccakVerifier = UltraVerifier_; using MegaVerifier = UltraVerifier_; using MegaZKVerifier = UltraVerifier_; From 9b718e644af8e09ed91ebe5b2c6ac5721eb22e95 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Wed, 20 Nov 2024 17:22:09 +0000 Subject: [PATCH 29/29] fix prover test --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 8 +++++--- .../bb-prover/src/prover/bb_private_kernel_prover.ts | 2 +- yarn-project/bb-prover/src/prover/bb_prover.ts | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 7648a9dbdbe0..593a38c55971 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -600,8 +600,10 @@ void prove_tube(const std::string& output_path) builder->add_pairing_point_accumulator(current_aggregation_object); // The tube only calls an IPA recursive verifier once, so we can just add this IPA claim and proof - builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices()); - builder->ipa_proof = convert_stdlib_proof_to_native(client_ivc_rec_verifier_output.ipa_transcript->proof_data); + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1154): We shouldn't add these to the public inputs for + // now since we don't handle them correctly. Uncomment when we start using UltraRollupHonk in the rollup. + // builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices()); + // builder->ipa_proof = convert_stdlib_proof_to_native(client_ivc_rec_verifier_output.ipa_transcript->proof_data); using Prover = UltraProver_; using Verifier = UltraVerifier_; @@ -1071,7 +1073,7 @@ UltraProver_ compute_valid_prover(const std::string& bytecodePath, using Prover = UltraProver_; bool honk_recursion = false; - if constexpr (IsAnyOf) { + if constexpr (IsAnyOf) { honk_recursion = true; } auto constraint_system = get_constraint_system(bytecodePath, honk_recursion); diff --git a/yarn-project/bb-prover/src/prover/bb_private_kernel_prover.ts b/yarn-project/bb-prover/src/prover/bb_private_kernel_prover.ts index 4de354a0b56d..7f16b0292fd9 100644 --- a/yarn-project/bb-prover/src/prover/bb_private_kernel_prover.ts +++ b/yarn-project/bb-prover/src/prover/bb_private_kernel_prover.ts @@ -338,7 +338,7 @@ export class BBNativePrivateKernelProver implements PrivateKernelProver { ); if (vkResult.status === BB_RESULT.FAILURE) { - this.log.error(`Failed to generate proof for ${circuitType}${dbgCircuitName}: ${vkResult.reason}`); + this.log.error(`Failed to generate verification key for ${circuitType}${dbgCircuitName}: ${vkResult.reason}`); throw new Error(vkResult.reason); } diff --git a/yarn-project/bb-prover/src/prover/bb_prover.ts b/yarn-project/bb-prover/src/prover/bb_prover.ts index a8475793cba8..07f206881c2a 100644 --- a/yarn-project/bb-prover/src/prover/bb_prover.ts +++ b/yarn-project/bb-prover/src/prover/bb_prover.ts @@ -554,7 +554,7 @@ export class BBNativeRollupProver implements ServerCircuitProver { const provingResult = await generateTubeProof(this.config.bbBinaryPath, bbWorkingDirectory, logger.verbose); if (provingResult.status === BB_RESULT.FAILURE) { - logger.error(`Failed to generate proof for tube proof: ${provingResult.reason}`); + logger.error(`Failed to generate proof for tube circuit: ${provingResult.reason}`); throw new Error(provingResult.reason); } return provingResult;