From c73ca9f89711b97c7b2b9382fd22bb8615c8b302 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 7 Jan 2025 10:10:15 +0000 Subject: [PATCH 1/6] create ultra zk and ultra keccak with zk flavor and cleanup the transcript structures --- .../cpp/src/barretenberg/flavor/flavor.hpp | 10 +- .../mega_zk_flavor.hpp | 11 +- .../stdlib_circuit_builders/ultra_flavor.hpp | 98 ++++++----- .../ultra_keccak_flavor.hpp | 127 +------------- .../ultra_keccak_zk_flavor.hpp | 160 ++++++++++++++++++ .../ultra_zk_flavor.hpp | 146 +++++++++++++++- .../trace_to_polynomials.cpp | 4 +- .../ultra_honk/decider_prover.cpp | 2 + .../ultra_honk/decider_proving_key.cpp | 3 +- .../ultra_honk/decider_proving_key.hpp | 1 + .../ultra_honk/decider_verifier.cpp | 2 + .../barretenberg/ultra_honk/oink_prover.cpp | 2 + .../barretenberg/ultra_honk/oink_verifier.cpp | 4 + .../ultra_honk/ultra_honk.test.cpp | 2 +- .../barretenberg/ultra_honk/ultra_prover.cpp | 2 + .../ultra_honk/ultra_transcript.test.cpp | 94 +++++----- .../ultra_honk/ultra_verifier.cpp | 2 + .../sol/src/honk/BaseHonkVerifier.sol | 5 + 18 files changed, 443 insertions(+), 232 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index eb3fa6a59948..0021ba9c4c1c 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -322,10 +322,11 @@ template constexpr auto create_tuple_of_arrays_of_values() // Forward declare honk flavors namespace bb { class UltraFlavor; -class UltraFlavorWithZK; +class UltraZKFlavor; class UltraRollupFlavor; class ECCVMFlavor; class UltraKeccakFlavor; +class UltraKeccakZKFlavor; class MegaFlavor; class MegaZKFlavor; class TranslatorFlavor; @@ -361,10 +362,10 @@ template concept IsPlonkFlavor = IsAnyOf; template -concept IsUltraPlonkOrHonk = IsAnyOf; +concept IsUltraPlonkOrHonk = IsAnyOf; template -concept IsUltraFlavor = IsAnyOf; +concept IsUltraFlavor = IsAnyOf; template concept IsMegaFlavor = IsAnyOf concept IsECCVMRecursiveFlavor = IsAnyOf concept IsFoldingFlavor = IsAnyOf, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp index 9c9c396cceb8..92fe94b03fed 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp @@ -124,8 +124,7 @@ class MegaZKFlavor : public bb::MegaFlavor { lookup_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); z_perm_comm = deserialize_from_buffer(proof_data, num_frs_read); libra_concatenation_commitment = deserialize_from_buffer(proof_data, num_frs_read); - libra_sum = - NativeTranscript::template deserialize_from_buffer(NativeTranscript::proof_data, num_frs_read); + libra_sum = deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { sumcheck_univariates.push_back( @@ -137,7 +136,7 @@ class MegaZKFlavor : public bb::MegaFlavor { libra_big_sum_commitment = deserialize_from_buffer(proof_data, num_frs_read); libra_quotient_commitment = deserialize_from_buffer(proof_data, num_frs_read); hiding_polynomial_commitment = deserialize_from_buffer(proof_data, num_frs_read); - hiding_polynomial_eval = deserialize_from_buffer(NativeTranscript::proof_data, num_frs_read); + hiding_polynomial_eval = deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { gemini_fold_comms.push_back(deserialize_from_buffer(proof_data, num_frs_read)); } @@ -189,7 +188,7 @@ class MegaZKFlavor : public bb::MegaFlavor { serialize_to_buffer(z_perm_comm, proof_data); serialize_to_buffer(libra_concatenation_commitment, proof_data); - NativeTranscript::template serialize_to_buffer(libra_sum, NativeTranscript::proof_data); + serialize_to_buffer(libra_sum, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { serialize_to_buffer(sumcheck_univariates[i], proof_data); @@ -199,8 +198,8 @@ class MegaZKFlavor : public bb::MegaFlavor { serialize_to_buffer(sumcheck_evaluations, proof_data); serialize_to_buffer(libra_big_sum_commitment, proof_data); serialize_to_buffer(libra_quotient_commitment, proof_data); - serialize_to_buffer(hiding_polynomial_commitment, NativeTranscript::proof_data); - serialize_to_buffer(hiding_polynomial_eval, NativeTranscript::proof_data); + serialize_to_buffer(hiding_polynomial_commitment, proof_data); + serialize_to_buffer(hiding_polynomial_eval, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { serialize_to_buffer(gemini_fold_comms[i], proof_data); } diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 1155e1b5d8e9..204dc177391f 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -698,8 +698,10 @@ class UltraFlavor { * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. * */ - class Transcript : public NativeTranscript { + template class Transcript_ : public BaseTranscript { public: + using Base = BaseTranscript; + // Transcript objects defined as public member variables for easy access and modification uint32_t circuit_size; uint32_t public_input_size; @@ -719,24 +721,24 @@ class UltraFlavor { std::vector gemini_fold_evals; Commitment shplonk_q_comm; Commitment kzg_w_comm; - Transcript() = default; + Transcript_() = default; // Used by verifier to initialize the transcript - Transcript(const std::vector& proof) - : NativeTranscript(proof) + Transcript_(const std::vector& proof) + : Base(proof) {} - static std::shared_ptr prover_init_empty() + static std::shared_ptr prover_init_empty() { - auto transcript = std::make_shared(); + auto transcript = std::make_shared(); constexpr uint32_t init{ 42 }; // arbitrary transcript->send_to_verifier("Init", init); return transcript; }; - static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) { - auto verifier_transcript = std::make_shared(transcript->proof_data); + auto verifier_transcript = std::make_shared(transcript->proof_data); [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); return verifier_transcript; }; @@ -750,37 +752,40 @@ class UltraFlavor { void deserialize_full_transcript() { // take current proof and put them into the struct + auto& proof_data = this->proof_data; size_t num_frs_read = 0; - circuit_size = deserialize_from_buffer(proof_data, num_frs_read); + circuit_size = Base::template deserialize_from_buffer(proof_data, num_frs_read); - public_input_size = deserialize_from_buffer(proof_data, num_frs_read); - pub_inputs_offset = deserialize_from_buffer(proof_data, num_frs_read); + public_input_size = Base::template deserialize_from_buffer(proof_data, num_frs_read); + pub_inputs_offset = Base::template deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(proof_data, num_frs_read)); + public_inputs.push_back(Base::template deserialize_from_buffer(proof_data, num_frs_read)); } - w_l_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_r_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_o_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_4_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); - z_perm_comm = deserialize_from_buffer(proof_data, num_frs_read); + w_l_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + w_r_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + w_o_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + lookup_read_counts_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + lookup_read_tags_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + w_4_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + lookup_inverses_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + z_perm_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { sumcheck_univariates.push_back( - deserialize_from_buffer>(proof_data, - num_frs_read)); + Base::template deserialize_from_buffer>( + proof_data, num_frs_read)); } - sumcheck_evaluations = deserialize_from_buffer>(proof_data, num_frs_read); + sumcheck_evaluations = + Base::template deserialize_from_buffer>(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { - gemini_fold_comms.push_back(deserialize_from_buffer(proof_data, num_frs_read)); + gemini_fold_comms.push_back( + Base::template deserialize_from_buffer(proof_data, num_frs_read)); } for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - gemini_fold_evals.push_back(deserialize_from_buffer(proof_data, num_frs_read)); + gemini_fold_evals.push_back(Base::template deserialize_from_buffer(proof_data, num_frs_read)); } - shplonk_q_comm = deserialize_from_buffer(proof_data, num_frs_read); + shplonk_q_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); - kzg_w_comm = deserialize_from_buffer(proof_data, num_frs_read); + kzg_w_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); } /** @@ -791,39 +796,42 @@ class UltraFlavor { */ void serialize_full_transcript() { + auto& proof_data = this->proof_data; size_t old_proof_length = proof_data.size(); proof_data.clear(); // clear proof_data so the rest of the function can replace it - serialize_to_buffer(circuit_size, proof_data); - serialize_to_buffer(public_input_size, proof_data); - serialize_to_buffer(pub_inputs_offset, proof_data); + Base::template serialize_to_buffer(circuit_size, proof_data); + Base::template serialize_to_buffer(public_input_size, proof_data); + Base::template serialize_to_buffer(pub_inputs_offset, proof_data); for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], proof_data); + Base::template serialize_to_buffer(public_inputs[i], proof_data); } - serialize_to_buffer(w_l_comm, proof_data); - serialize_to_buffer(w_r_comm, proof_data); - serialize_to_buffer(w_o_comm, proof_data); - serialize_to_buffer(lookup_read_counts_comm, proof_data); - serialize_to_buffer(lookup_read_tags_comm, proof_data); - serialize_to_buffer(w_4_comm, proof_data); - serialize_to_buffer(lookup_inverses_comm, proof_data); - serialize_to_buffer(z_perm_comm, proof_data); + Base::template serialize_to_buffer(w_l_comm, proof_data); + Base::template serialize_to_buffer(w_r_comm, proof_data); + Base::template serialize_to_buffer(w_o_comm, proof_data); + Base::template serialize_to_buffer(lookup_read_counts_comm, proof_data); + Base::template serialize_to_buffer(lookup_read_tags_comm, proof_data); + Base::template serialize_to_buffer(w_4_comm, proof_data); + Base::template serialize_to_buffer(lookup_inverses_comm, proof_data); + Base::template serialize_to_buffer(z_perm_comm, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - serialize_to_buffer(sumcheck_univariates[i], proof_data); + Base::template serialize_to_buffer(sumcheck_univariates[i], proof_data); } - serialize_to_buffer(sumcheck_evaluations, proof_data); + Base::template serialize_to_buffer(sumcheck_evaluations, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { - serialize_to_buffer(gemini_fold_comms[i], proof_data); + Base::template serialize_to_buffer(gemini_fold_comms[i], proof_data); } for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - serialize_to_buffer(gemini_fold_evals[i], proof_data); + Base::template serialize_to_buffer(gemini_fold_evals[i], proof_data); } - serialize_to_buffer(shplonk_q_comm, proof_data); - serialize_to_buffer(kzg_w_comm, proof_data); + Base::template serialize_to_buffer(shplonk_q_comm, proof_data); + Base::template serialize_to_buffer(kzg_w_comm, proof_data); // sanity check to make sure we generate the same length of proof as before. ASSERT(proof_data.size() == old_proof_length); } }; + + using Transcript = Transcript_; }; } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp index e7b47f9235af..65f9b029e84d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp @@ -34,7 +34,8 @@ class UltraKeccakFlavor : public bb::UltraFlavor { * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our * circuits. */ - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1094): Add aggregation + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1094): Add aggregation to the verifier contract so the + // VerificationKey from UltraFlavor can be used class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: VerificationKey() = default; @@ -159,129 +160,7 @@ class UltraKeccakFlavor : public bb::UltraFlavor { // Specialize for Ultra (general case used in UltraRecursive). using VerifierCommitments = VerifierCommitments_; - /** - * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. - * - */ - class Transcript : public KeccakTranscript { - public: - // Transcript objects defined as public member variables for easy access and modification - uint32_t circuit_size; - uint32_t public_input_size; - uint32_t pub_inputs_offset; - std::vector public_inputs; - Commitment w_l_comm; - Commitment w_r_comm; - Commitment w_o_comm; - Commitment lookup_read_counts_comm; - Commitment lookup_read_tags_comm; - Commitment w_4_comm; - Commitment z_perm_comm; - Commitment lookup_inverses_comm; - std::vector> sumcheck_univariates; - std::array sumcheck_evaluations; - std::vector zm_cq_comms; - Commitment zm_cq_comm; - Commitment kzg_w_comm; - - Transcript() = default; - - // Used by verifier to initialize the transcript - Transcript(const std::vector& proof) - : KeccakTranscript(proof) - {} - - static std::shared_ptr prover_init_empty() - { - auto transcript = std::make_shared(); - constexpr uint32_t init{ 42 }; // arbitrary - transcript->send_to_verifier("Init", init); - return transcript; - }; - - static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) - { - auto verifier_transcript = std::make_shared(transcript->proof_data); - [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); - return verifier_transcript; - }; - - /** - * @brief Takes a FULL Ultra proof and deserializes it into the public member variables - * that compose the structure. Must be called in order to access the structure of the - * proof. - * - */ - void deserialize_full_transcript() - { - // take current proof and put them into the struct - size_t num_frs_read = 0; - circuit_size = deserialize_from_buffer(proof_data, num_frs_read); - - public_input_size = deserialize_from_buffer(proof_data, num_frs_read); - pub_inputs_offset = deserialize_from_buffer(proof_data, num_frs_read); - for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(proof_data, num_frs_read)); - } - w_l_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_r_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_o_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_4_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); - z_perm_comm = deserialize_from_buffer(proof_data, num_frs_read); - for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - sumcheck_univariates.push_back( - deserialize_from_buffer>(proof_data, - num_frs_read)); - } - sumcheck_evaluations = deserialize_from_buffer>(proof_data, num_frs_read); - for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - zm_cq_comms.push_back(deserialize_from_buffer(proof_data, num_frs_read)); - } - zm_cq_comm = deserialize_from_buffer(proof_data, num_frs_read); - kzg_w_comm = deserialize_from_buffer(proof_data, num_frs_read); - } - - /** - * @brief Serializes the structure variables into a FULL Ultra proof. Should be called - * only if deserialize_full_transcript() was called and some transcript variable was - * modified. - * - */ - void serialize_full_transcript() - { - size_t old_proof_length = proof_data.size(); - proof_data.clear(); // clear proof_data so the rest of the function can replace it - serialize_to_buffer(circuit_size, proof_data); - serialize_to_buffer(public_input_size, proof_data); - serialize_to_buffer(pub_inputs_offset, proof_data); - for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], proof_data); - } - serialize_to_buffer(w_l_comm, proof_data); - serialize_to_buffer(w_r_comm, proof_data); - serialize_to_buffer(w_o_comm, proof_data); - serialize_to_buffer(lookup_read_counts_comm, proof_data); - serialize_to_buffer(lookup_read_tags_comm, proof_data); - serialize_to_buffer(w_4_comm, proof_data); - serialize_to_buffer(lookup_inverses_comm, proof_data); - serialize_to_buffer(z_perm_comm, proof_data); - for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - serialize_to_buffer(sumcheck_univariates[i], proof_data); - } - serialize_to_buffer(sumcheck_evaluations, proof_data); - for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - serialize_to_buffer(zm_cq_comms[i], proof_data); - } - serialize_to_buffer(zm_cq_comm, proof_data); - serialize_to_buffer(kzg_w_comm, proof_data); - - // sanity check to make sure we generate the same length of proof as before. - ASSERT(proof_data.size() == old_proof_length); - } - }; + using Transcript = UltraKeccakFlavor::Transcript_; }; } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp new file mode 100644 index 000000000000..54fff17a5950 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp @@ -0,0 +1,160 @@ +#pragma once + +#include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" + +namespace bb { + +/*! +\brief Child class of UltraFlavor that runs with ZK Sumcheck. +\details +Most of the properties of UltraFlavor are +inherited without any changes, except for the MAX_PARTIAL_RELATION_LENGTH which is now computed as a maximum of +SUBRELATION_PARTIAL_LENGTHS incremented by the corresponding SUBRELATION_WITNESS_DEGREES over all relations included in +UltraFlavor, which also affects the size of ExtendedEdges univariate containers. +Moreover, the container SumcheckTupleOfTuplesOfUnivariates is resized to reflect that masked +witness polynomials are of degree at most \f$2\f$ in each variable, and hence, for any subrelation, the corresponding +univariate accumuluator size has to be increased by the subrelation's witness degree. See more in +\ref docs/src/sumcheck-outline.md "Sumcheck Outline". +*/ +class UltraKeccakZKFlavor : public UltraKeccakFlavor { + public: + // This flavor runs with ZK Sumcheck + static constexpr bool HasZK = true; + // Determine the number of evaluations of Prover and Libra Polynomials that the Prover sends to the Verifier in + // the rounds of ZK Sumcheck. + static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = UltraKeccakFlavor::BATCHED_RELATION_PARTIAL_LENGTH + 1; + /** + * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. + * + */ + class Transcript : public UltraKeccakFlavor::Transcript { + public: + using Base = UltraKeccakFlavor::Transcript::Base; + std::vector> sumcheck_univariates; + Commitment libra_concatenation_commitment; + FF libra_sum; + FF libra_claimed_evaluation; + Commitment libra_big_sum_commitment; + Commitment libra_quotient_commitment; + FF libra_concatenation_eval; + FF libra_shifted_big_sum_eval; + FF libra_big_sum_eval; + FF libra_quotient_eval; + Commitment hiding_polynomial_commitment; + FF hiding_polynomial_eval; + + /** + * @brief Takes a FULL Ultra proof and deserializes it into the public member variables + * that compose the structure. Must be called in order to access the structure of the + * proof. + * + */ + void deserialize_full_transcript() + { + // take current proof and put them into the struct + size_t num_frs_read = 0; + auto& proof_data = this->proof_data; + this->circuit_size = Base::template deserialize_from_buffer(proof_data, num_frs_read); + + this->public_input_size = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->pub_inputs_offset = Base::template deserialize_from_buffer(proof_data, num_frs_read); + for (size_t i = 0; i < this->public_input_size; ++i) { + this->public_inputs.push_back(Base::template deserialize_from_buffer(proof_data, num_frs_read)); + } + this->w_l_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->w_r_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->w_o_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_read_counts_comm = + Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_read_tags_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->w_4_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_inverses_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->z_perm_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_concatenation_commitment = + Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_sum = Base::template deserialize_from_buffer(proof_data, num_frs_read); + + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + sumcheck_univariates.push_back( + Base::template deserialize_from_buffer>( + proof_data, num_frs_read)); + } + libra_claimed_evaluation = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->sumcheck_evaluations = + Base::template deserialize_from_buffer>(proof_data, num_frs_read); + libra_big_sum_commitment = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_quotient_commitment = Base::template deserialize_from_buffer(proof_data, num_frs_read); + hiding_polynomial_commitment = Base::template deserialize_from_buffer(proof_data, num_frs_read); + hiding_polynomial_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + this->gemini_fold_comms.push_back( + Base::template deserialize_from_buffer(proof_data, num_frs_read)); + } + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + this->gemini_fold_evals.push_back(Base::template deserialize_from_buffer(proof_data, num_frs_read)); + } + libra_concatenation_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_shifted_big_sum_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_big_sum_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_quotient_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->shplonk_q_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + + this->kzg_w_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + } + + /** + * @brief Serializes the structure variables into a FULL Ultra proof. Should be called + * only if deserialize_full_transcript() was called and some transcript variable was + * modified. + * + */ + void serialize_full_transcript() + { + auto& proof_data = this->proof_data; + size_t old_proof_length = proof_data.size(); + proof_data.clear(); // clear proof_data so the rest of the function can replace it + Base::template serialize_to_buffer(this->circuit_size, proof_data); + Base::template serialize_to_buffer(this->public_input_size, proof_data); + Base::template serialize_to_buffer(this->pub_inputs_offset, proof_data); + for (size_t i = 0; i < this->public_input_size; ++i) { + Base::template serialize_to_buffer(this->public_inputs[i], proof_data); + } + Base::template serialize_to_buffer(this->w_l_comm, proof_data); + Base::template serialize_to_buffer(this->w_r_comm, proof_data); + Base::template serialize_to_buffer(this->w_o_comm, proof_data); + Base::template serialize_to_buffer(this->lookup_read_counts_comm, proof_data); + Base::template serialize_to_buffer(this->lookup_read_tags_comm, proof_data); + Base::template serialize_to_buffer(this->w_4_comm, proof_data); + Base::template serialize_to_buffer(this->lookup_inverses_comm, proof_data); + Base::template serialize_to_buffer(this->z_perm_comm, proof_data); + Base::template serialize_to_buffer(libra_concatenation_commitment, proof_data); + Base::template serialize_to_buffer(libra_sum, proof_data); + + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Base::template serialize_to_buffer(sumcheck_univariates[i], proof_data); + } + Base::template serialize_to_buffer(libra_claimed_evaluation, proof_data); + + Base::template serialize_to_buffer(this->sumcheck_evaluations, proof_data); + Base::template serialize_to_buffer(libra_big_sum_commitment, proof_data); + Base::template serialize_to_buffer(libra_quotient_commitment, proof_data); + Base::template serialize_to_buffer(hiding_polynomial_commitment, proof_data); + Base::template serialize_to_buffer(hiding_polynomial_eval, proof_data); + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + Base::template serialize_to_buffer(this->gemini_fold_comms[i], proof_data); + } + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Base::template serialize_to_buffer(this->gemini_fold_evals[i], proof_data); + } + Base::template serialize_to_buffer(libra_concatenation_eval, proof_data); + Base::template serialize_to_buffer(libra_shifted_big_sum_eval, proof_data); + Base::template serialize_to_buffer(libra_big_sum_eval, proof_data); + Base::template serialize_to_buffer(libra_quotient_eval, proof_data); + Base::template serialize_to_buffer(this->shplonk_q_comm, proof_data); + Base::template serialize_to_buffer(this->kzg_w_comm, proof_data); + + ASSERT(proof_data.size() == old_proof_length); + } + }; +}; +} // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp index c6ddab34dbe7..07dce9623b18 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp @@ -16,15 +16,153 @@ witness polynomials are of degree at most \f$2\f$ in each variable, and hence, f univariate accumuluator size has to be increased by the subrelation's witness degree. See more in \ref docs/src/sumcheck-outline.md "Sumcheck Outline". */ -class UltraFlavorWithZK : public bb::UltraFlavor { +class UltraZKFlavor : public UltraFlavor { public: // This flavor runs with ZK Sumcheck static constexpr bool HasZK = true; // Determine the number of evaluations of Prover and Libra Polynomials that the Prover sends to the Verifier in // the rounds of ZK Sumcheck. static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = UltraFlavor::BATCHED_RELATION_PARTIAL_LENGTH + 1; - // Construct the container for the subrelations' contributions - using SumcheckTupleOfTuplesOfUnivariates = decltype(create_sumcheck_tuple_of_tuples_of_univariates()); -}; + /** + * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. + * + */ + template class Transcript_ : public UltraFlavor::Transcript_ { + public: + using Base = UltraFlavor::Transcript_::Base; + std::vector> sumcheck_univariates; + Commitment libra_concatenation_commitment; + FF libra_sum; + FF libra_claimed_evaluation; + Commitment libra_big_sum_commitment; + Commitment libra_quotient_commitment; + FF libra_concatenation_eval; + FF libra_shifted_big_sum_eval; + FF libra_big_sum_eval; + FF libra_quotient_eval; + Commitment hiding_polynomial_commitment; + FF hiding_polynomial_eval; + + Transcript_() = default; + + // Used by verifier to initialize the transcript + Transcript_(const std::vector& proof) + : UltraFlavor::Transcript_(proof) + {} + + /** + * @brief Takes a FULL Ultra proof and deserializes it into the public member variables + * that compose the structure. Must be called in order to access the structure of the + * proof. + * + */ + void deserialize_full_transcript() + { + // take current proof and put them into the struct + size_t num_frs_read = 0; + auto& proof_data = this->proof_data; + this->circuit_size = Base::template deserialize_from_buffer(proof_data, num_frs_read); + + this->public_input_size = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->pub_inputs_offset = Base::template deserialize_from_buffer(proof_data, num_frs_read); + for (size_t i = 0; i < this->public_input_size; ++i) { + this->public_inputs.push_back(Base::template deserialize_from_buffer(proof_data, num_frs_read)); + } + this->w_l_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->w_r_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->w_o_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_read_counts_comm = + Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_read_tags_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->w_4_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_inverses_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->z_perm_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_concatenation_commitment = + Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_sum = Base::template deserialize_from_buffer(proof_data, num_frs_read); + + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + sumcheck_univariates.push_back( + Base::template deserialize_from_buffer>( + proof_data, num_frs_read)); + } + libra_claimed_evaluation = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->sumcheck_evaluations = + Base::template deserialize_from_buffer>(proof_data, num_frs_read); + libra_big_sum_commitment = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_quotient_commitment = Base::template deserialize_from_buffer(proof_data, num_frs_read); + hiding_polynomial_commitment = Base::template deserialize_from_buffer(proof_data, num_frs_read); + hiding_polynomial_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + this->gemini_fold_comms.push_back( + Base::template deserialize_from_buffer(proof_data, num_frs_read)); + } + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + this->gemini_fold_evals.push_back(Base::template deserialize_from_buffer(proof_data, num_frs_read)); + } + libra_concatenation_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_shifted_big_sum_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_big_sum_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + libra_quotient_eval = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->shplonk_q_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + this->kzg_w_comm = Base::template deserialize_from_buffer(proof_data, num_frs_read); + } + + /** + * @brief Serializes the structure variables into a FULL Ultra proof. Should be called + * only if deserialize_full_transcript() was called and some transcript variable was + * modified. + * + */ + void serialize_full_transcript() + { + auto& proof_data = this->proof_data; + size_t old_proof_length = proof_data.size(); + proof_data.clear(); // clear proof_data so the rest of the function can replace it + Base::template serialize_to_buffer(this->circuit_size, proof_data); + Base::template serialize_to_buffer(this->public_input_size, proof_data); + Base::template serialize_to_buffer(this->pub_inputs_offset, proof_data); + for (size_t i = 0; i < this->public_input_size; ++i) { + Base::template serialize_to_buffer(this->public_inputs[i], proof_data); + } + Base::template serialize_to_buffer(this->w_l_comm, proof_data); + Base::template serialize_to_buffer(this->w_r_comm, proof_data); + Base::template serialize_to_buffer(this->w_o_comm, proof_data); + Base::template serialize_to_buffer(this->lookup_read_counts_comm, proof_data); + Base::template serialize_to_buffer(this->lookup_read_tags_comm, proof_data); + Base::template serialize_to_buffer(this->w_4_comm, proof_data); + Base::template serialize_to_buffer(this->lookup_inverses_comm, proof_data); + Base::template serialize_to_buffer(this->z_perm_comm, proof_data); + Base::template serialize_to_buffer(libra_concatenation_commitment, proof_data); + Base::template serialize_to_buffer(libra_sum, proof_data); + + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Base::template serialize_to_buffer(sumcheck_univariates[i], proof_data); + } + Base::template serialize_to_buffer(libra_claimed_evaluation, proof_data); + + Base::template serialize_to_buffer(this->sumcheck_evaluations, proof_data); + Base::template serialize_to_buffer(libra_big_sum_commitment, proof_data); + Base::template serialize_to_buffer(libra_quotient_commitment, proof_data); + Base::template serialize_to_buffer(hiding_polynomial_commitment, proof_data); + Base::template serialize_to_buffer(hiding_polynomial_eval, proof_data); + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + Base::template serialize_to_buffer(this->gemini_fold_comms[i], proof_data); + } + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Base::template serialize_to_buffer(this->gemini_fold_evals[i], proof_data); + } + Base::template serialize_to_buffer(libra_concatenation_eval, proof_data); + Base::template serialize_to_buffer(libra_shifted_big_sum_eval, proof_data); + Base::template serialize_to_buffer(libra_big_sum_eval, proof_data); + Base::template serialize_to_buffer(libra_quotient_eval, proof_data); + Base::template serialize_to_buffer(this->shplonk_q_comm, proof_data); + Base::template serialize_to_buffer(this->kzg_w_comm, proof_data); + + ASSERT(proof_data.size() == old_proof_length); + } + }; + using Transcript = Transcript_; +}; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp b/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp index f9d3405d2f8f..b1aaccb49d1c 100644 --- a/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp +++ b/barretenberg/cpp/src/barretenberg/trace_to_polynomials/trace_to_polynomials.cpp @@ -3,6 +3,7 @@ #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp" namespace bb { @@ -175,8 +176,9 @@ void TraceToPolynomials::add_ecc_op_wires_to_proving_key(Builder& builde } template class TraceToPolynomials; -template class TraceToPolynomials; +template class TraceToPolynomials; template class TraceToPolynomials; +template class TraceToPolynomials; template class TraceToPolynomials; template class TraceToPolynomials; template class TraceToPolynomials; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp index 9317545152b1..531009c69898 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp @@ -115,8 +115,10 @@ template HonkProof DeciderProver_::construct_proo } template class DeciderProver_; +template class DeciderProver_; template class DeciderProver_; template class DeciderProver_; +template class DeciderProver_; template class DeciderProver_; template class DeciderProver_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp index bcef1fe9343b..0b9bf8a7d842 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp @@ -328,8 +328,9 @@ void DeciderProvingKey_::move_structured_trace_overflow_to_overflow_bloc } template class DeciderProvingKey_; -template class DeciderProvingKey_; +template class DeciderProvingKey_; template class DeciderProvingKey_; +template class DeciderProvingKey_; template class DeciderProvingKey_; template class DeciderProvingKey_; template class DeciderProvingKey_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 5da7c7917088..8bd0c1cc1b01 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -7,6 +7,7 @@ #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp" #include "barretenberg/trace_to_polynomials/trace_to_polynomials.hpp" diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp index 96d69a3ed305..87891d71e9d7 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp @@ -87,7 +87,9 @@ template bool DeciderVerifier_::verify() } template class DeciderVerifier_; +template class DeciderVerifier_; template class DeciderVerifier_; +template class DeciderVerifier_; template class DeciderVerifier_; template class DeciderVerifier_; template class DeciderVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index 7377c7b31c72..6012c9551f09 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -268,7 +268,9 @@ template typename Flavor::RelationSeparator OinkProver; +template class OinkProver; template class OinkProver; +template class OinkProver; template class OinkProver; template class OinkProver; template class OinkProver; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index 8196f7f77e7a..1ec1d01cbc4a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -3,7 +3,9 @@ #include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp" namespace bb { @@ -160,7 +162,9 @@ template typename Flavor::RelationSeparator OinkVerifier< } template class OinkVerifier; +template class OinkVerifier; template class OinkVerifier; +template class OinkVerifier; template class OinkVerifier; template class OinkVerifier; template class OinkVerifier; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_honk.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_honk.test.cpp index 3f7ffe9defe9..82c868b1a416 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_honk.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_honk.test.cpp @@ -47,7 +47,7 @@ template class UltraHonkTests : public ::testing::Test { static void SetUpTestSuite() { bb::srs::init_crs_factory(bb::srs::get_ignition_crs_path()); } }; -using FlavorTypes = testing::Types; +using FlavorTypes = testing::Types; TYPED_TEST_SUITE(UltraHonkTests, FlavorTypes); /** diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index 68b9fe85363b..3597b3797a7a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -77,7 +77,9 @@ template HonkProof UltraProver_::construct_proof( } template class UltraProver_; +template class UltraProver_; template class UltraProver_; +template class UltraProver_; template class UltraProver_; template class UltraProver_; template class UltraProver_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 6428b92bf0a6..6fc3cd3b1df1 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -14,6 +14,9 @@ using namespace bb; +using FlavorTypes = ::testing::Types; + +// WORKTODO: Should also be UltraZK, UltraKeccak, UltraKeccakWithZK template class UltraTranscriptTests : public ::testing::Test { public: static void SetUpTestSuite() @@ -22,11 +25,13 @@ template class UltraTranscriptTests : public ::testing::Test { bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin"); } + using VerificationKey = Flavor::VerificationKey; + using FF = Flavor::FF; + using Commitment = Flavor::Commitment; + using DeciderProvingKey = DeciderProvingKey_; + using Builder = Flavor::CircuitBuilder; using Prover = UltraProver_; using Verifier = UltraVerifier_; - using VerificationKey = typename Flavor::VerificationKey; - using FF = typename Flavor::FF; - using DeciderProvingKey = DeciderProvingKey_; /** * @brief Construct a manifest for a Ultra Honk proof @@ -47,7 +52,7 @@ template class UltraTranscriptTests : public ::testing::Test { size_t NUM_SUBRELATIONS = Flavor::NUM_SUBRELATIONS; // Size of types is number of bb::frs needed to represent the types size_t frs_per_Fr = bb::field_conversion::calc_num_bn254_frs(); - size_t frs_per_G = bb::field_conversion::calc_num_bn254_frs(); + size_t frs_per_G = bb::field_conversion::calc_num_bn254_frs(); size_t frs_per_uni = MAX_PARTIAL_RELATION_LENGTH * frs_per_Fr; size_t frs_per_evals = (Flavor::NUM_ALL_ENTITIES)*frs_per_Fr; size_t frs_per_uint32 = bb::field_conversion::calc_num_bn254_frs(); @@ -92,6 +97,13 @@ template class UltraTranscriptTests : public ::testing::Test { round++; } + if constexpr (Flavor::HasZK) { + manifest_expected.add_entry(round, "Libra:concatenation_commitment", frs_per_G); + manifest_expected.add_entry(round, "Libra:Sum", frs_per_Fr); + manifest_expected.add_challenge(round, "Libra:Challenge"); + round++; + } + for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { std::string idx = std::to_string(i); manifest_expected.add_entry(round, "Sumcheck:univariate_" + idx, frs_per_uni); @@ -100,7 +112,19 @@ template class UltraTranscriptTests : public ::testing::Test { round++; } + if constexpr (Flavor::HasZK) { + manifest_expected.add_entry(round, "Libra:claimed_evaluation", frs_per_Fr); + } + manifest_expected.add_entry(round, "Sumcheck:evaluations", frs_per_evals); + + if constexpr (Flavor::HasZK) { + manifest_expected.add_entry(round, "Libra:big_sum_commitment", frs_per_G); + manifest_expected.add_entry(round, "Libra:quotient_commitment", frs_per_G); + manifest_expected.add_entry(round, "Gemini:masking_poly_comm", frs_per_G); + manifest_expected.add_entry(round, "Gemini:masking_poly_eval", frs_per_Fr); + } + manifest_expected.add_challenge(round, "rho"); round++; @@ -115,6 +139,13 @@ template class UltraTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "Gemini:a_" + idx, frs_per_Fr); } + if constexpr (Flavor::HasZK) { + manifest_expected.add_entry(round, "Libra:concatenation_eval", frs_per_Fr); + manifest_expected.add_entry(round, "Libra:shifted_big_sum_eval", frs_per_Fr); + manifest_expected.add_entry(round, "Libra:big_sum_eval", frs_per_Fr); + manifest_expected.add_entry(round, "Libra:quotient_eval", frs_per_Fr); + } + manifest_expected.add_challenge(round, "Shplonk:nu"); round++; manifest_expected.add_entry(round, "Shplonk:Q", frs_per_G); @@ -158,7 +189,6 @@ template class UltraTranscriptTests : public ::testing::Test { } }; -using FlavorTypes = testing::Types; TYPED_TEST_SUITE(UltraTranscriptTests, FlavorTypes); /** @@ -168,7 +198,7 @@ TYPED_TEST_SUITE(UltraTranscriptTests, FlavorTypes); TYPED_TEST(UltraTranscriptTests, ProverManifestConsistency) { // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto builder = typename TypeParam::CircuitBuilder(); + auto builder = typename TestFixture::Builder(); TestFixture::generate_test_circuit(builder); // Automatically generate a transcript manifest by constructing a proof @@ -196,7 +226,7 @@ TYPED_TEST(UltraTranscriptTests, VerifierManifestConsistency) { // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto builder = typename TypeParam::CircuitBuilder(); + auto builder = typename TestFixture::Builder(); TestFixture::generate_test_circuit(builder); // Automatically generate a transcript manifest in the prover by constructing a proof @@ -207,25 +237,7 @@ TYPED_TEST(UltraTranscriptTests, VerifierManifestConsistency) // Automatically generate a transcript manifest in the verifier by verifying a proof auto verification_key = std::make_shared(proving_key->proving_key); typename TestFixture::Verifier verifier(verification_key); - HonkProof honk_proof; - HonkProof ipa_proof; - if constexpr (HasIPAAccumulator) { - verifier.ipa_verification_key = - std::make_shared>(1 << CONST_ECCVM_LOG_N); - const size_t HONK_PROOF_LENGTH = TypeParam::PROOF_LENGTH_WITHOUT_PUB_INPUTS - IPA_PROOF_LENGTH; - const size_t num_public_inputs = static_cast(proof[1]); - // The extra calculation is for the IPA proof length. - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1182): Handle in ProofSurgeon. - ASSERT(proof.size() == HONK_PROOF_LENGTH + IPA_PROOF_LENGTH + num_public_inputs); - // split out the ipa proof - const std::ptrdiff_t honk_proof_with_pub_inputs_length = - static_cast(HONK_PROOF_LENGTH + num_public_inputs); - ipa_proof = HonkProof(proof.begin() + honk_proof_with_pub_inputs_length, proof.end()); - honk_proof = HonkProof(proof.begin(), proof.end() + honk_proof_with_pub_inputs_length); - } else { - honk_proof = proof; - } - verifier.verify_proof(honk_proof, ipa_proof); + verifier.verify_proof(proof); // Check consistency between the manifests generated by the prover and verifier auto prover_manifest = prover.transcript->get_manifest(); @@ -245,6 +257,8 @@ TYPED_TEST(UltraTranscriptTests, VerifierManifestConsistency) */ TYPED_TEST(UltraTranscriptTests, ChallengeGenerationTest) { + using Flavor = TypeParam; + using FF = Flavor::FF; // initialized with random value sent to verifier auto transcript = TypeParam::Transcript::prover_init_empty(); // test a bunch of challenges @@ -264,11 +278,11 @@ TYPED_TEST(UltraTranscriptTests, ChallengeGenerationTest) TYPED_TEST(UltraTranscriptTests, StructureTest) { - if constexpr (IsAnyOf) { - GTEST_SKIP() << "Not built for this parameter"; - } + using Flavor = TypeParam; + using FF = Flavor::FF; + using Commitment = Flavor::Commitment; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto builder = typename TypeParam::CircuitBuilder(); + auto builder = typename TestFixture::Builder(); TestFixture::generate_test_circuit(builder); // Automatically generate a transcript manifest by constructing a proof @@ -284,8 +298,9 @@ TYPED_TEST(UltraTranscriptTests, StructureTest) prover.transcript->serialize_full_transcript(); EXPECT_TRUE(verifier.verify_proof(prover.export_proof())); // we have changed nothing so proof is still valid - auto one_group_val = TypeParam::Commitment::one(); - auto rand_val = TestFixture::FF::random_element(); + Commitment one_group_val = Commitment::one(); + FF rand_val = FF::random_element(); + info(prover.transcript->z_perm_comm); prover.transcript->z_perm_comm = one_group_val * rand_val; // choose random object to modify EXPECT_TRUE(verifier.verify_proof( prover.export_proof())); // we have not serialized it back to the proof so it should still be fine @@ -294,18 +309,5 @@ TYPED_TEST(UltraTranscriptTests, StructureTest) EXPECT_FALSE(verifier.verify_proof(prover.export_proof())); // the proof is now wrong after serializing it prover.transcript->deserialize_full_transcript(); - EXPECT_EQ(static_cast(prover.transcript->z_perm_comm), one_group_val * rand_val); -} - -TYPED_TEST(UltraTranscriptTests, ProofLengthTest) -{ - // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto builder = typename TypeParam::CircuitBuilder(); - TestFixture::generate_test_circuit(builder); - - // Automatically generate a transcript manifest by constructing a proof - auto proving_key = std::make_shared(builder); - typename TestFixture::Prover prover(proving_key); - auto proof = prover.construct_proof(); - EXPECT_EQ(proof.size(), TypeParam::PROOF_LENGTH_WITHOUT_PUB_INPUTS + builder.public_inputs.size()); + EXPECT_EQ(static_cast(prover.transcript->z_perm_comm), one_group_val * rand_val); } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 3c4278c7439c..692ac54397f2 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -72,7 +72,9 @@ template bool UltraVerifier_::verify_proof(const HonkP } template class UltraVerifier_; +template class UltraVerifier_; template class UltraVerifier_; +template class UltraVerifier_; template class UltraVerifier_; template class UltraVerifier_; template class UltraVerifier_; diff --git a/barretenberg/sol/src/honk/BaseHonkVerifier.sol b/barretenberg/sol/src/honk/BaseHonkVerifier.sol index 5c38218a041d..2a4697590785 100644 --- a/barretenberg/sol/src/honk/BaseHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseHonkVerifier.sol @@ -24,6 +24,11 @@ import {Transcript, TranscriptLib} from "./Transcript.sol"; import {RelationsLib} from "./Relations.sol"; abstract contract BaseHonkVerifier is IVerifier { + // Errors + error PublicInputsLengthWrong(); + error SumcheckFailed(); + error ShpleminiFailed(); + using FrLib for Fr; uint256 immutable N; From a45d0c5bb9f59a33b2e15e8915748cd321f06784 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 7 Jan 2025 10:51:08 +0000 Subject: [PATCH 2/6] Merge branch 'mm/contract-cleanup' into mm/zk-contracts --- .../ultra_honk/ultra_transcript.test.cpp | 51 ++++++++++++++++--- .../sol/src/honk/BaseHonkVerifier.sol | 5 -- 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 6fc3cd3b1df1..8eaccfef852d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -14,9 +14,8 @@ using namespace bb; -using FlavorTypes = ::testing::Types; - -// WORKTODO: Should also be UltraZK, UltraKeccak, UltraKeccakWithZK +using FlavorTypes = + ::testing::Types; template class UltraTranscriptTests : public ::testing::Test { public: static void SetUpTestSuite() @@ -237,7 +236,25 @@ TYPED_TEST(UltraTranscriptTests, VerifierManifestConsistency) // Automatically generate a transcript manifest in the verifier by verifying a proof auto verification_key = std::make_shared(proving_key->proving_key); typename TestFixture::Verifier verifier(verification_key); - verifier.verify_proof(proof); + HonkProof honk_proof; + HonkProof ipa_proof; + if constexpr (HasIPAAccumulator) { + verifier.ipa_verification_key = + std::make_shared>(1 << CONST_ECCVM_LOG_N); + const size_t HONK_PROOF_LENGTH = TypeParam::PROOF_LENGTH_WITHOUT_PUB_INPUTS - IPA_PROOF_LENGTH; + const size_t num_public_inputs = static_cast(proof[1]); + // The extra calculation is for the IPA proof length. + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1182): Handle in ProofSurgeon. + ASSERT(proof.size() == HONK_PROOF_LENGTH + IPA_PROOF_LENGTH + num_public_inputs); + // split out the ipa proof + const std::ptrdiff_t honk_proof_with_pub_inputs_length = + static_cast(HONK_PROOF_LENGTH + num_public_inputs); + ipa_proof = HonkProof(proof.begin() + honk_proof_with_pub_inputs_length, proof.end()); + honk_proof = HonkProof(proof.begin(), proof.end() + honk_proof_with_pub_inputs_length); + } else { + honk_proof = proof; + } + verifier.verify_proof(honk_proof, ipa_proof); // Check consistency between the manifests generated by the prover and verifier auto prover_manifest = prover.transcript->get_manifest(); @@ -262,7 +279,7 @@ TYPED_TEST(UltraTranscriptTests, ChallengeGenerationTest) // initialized with random value sent to verifier auto transcript = TypeParam::Transcript::prover_init_empty(); // test a bunch of challenges - auto challenges = transcript->template get_challenges("a", "b", "c", "d", "e", "f"); + auto challenges = transcript->template get_challenges("a", "b", "c", "d", "e", "f"); // check they are not 0 for (size_t i = 0; i < challenges.size(); ++i) { ASSERT_NE(challenges[i], 0) << "Challenge " << i << " is 0"; @@ -270,7 +287,7 @@ TYPED_TEST(UltraTranscriptTests, ChallengeGenerationTest) constexpr uint32_t random_val{ 17 }; // arbitrary transcript->send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = transcript->template get_challenges("a", "b", "c"); + auto [a, b, c] = transcript->template get_challenges("a", "b", "c"); ASSERT_NE(a, 0) << "Challenge a is 0"; ASSERT_NE(b, 0) << "Challenge b is 0"; ASSERT_NE(c, 0) << "Challenge c is 0"; @@ -283,6 +300,10 @@ TYPED_TEST(UltraTranscriptTests, StructureTest) using Commitment = Flavor::Commitment; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) auto builder = typename TestFixture::Builder(); + if constexpr (IsAnyOf) { + GTEST_SKIP() << "Not built for this parameter"; + } + // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) TestFixture::generate_test_circuit(builder); // Automatically generate a transcript manifest by constructing a proof @@ -300,7 +321,6 @@ TYPED_TEST(UltraTranscriptTests, StructureTest) Commitment one_group_val = Commitment::one(); FF rand_val = FF::random_element(); - info(prover.transcript->z_perm_comm); prover.transcript->z_perm_comm = one_group_val * rand_val; // choose random object to modify EXPECT_TRUE(verifier.verify_proof( prover.export_proof())); // we have not serialized it back to the proof so it should still be fine @@ -311,3 +331,20 @@ TYPED_TEST(UltraTranscriptTests, StructureTest) prover.transcript->deserialize_full_transcript(); EXPECT_EQ(static_cast(prover.transcript->z_perm_comm), one_group_val * rand_val); } + +TYPED_TEST(UltraTranscriptTests, ProofLengthTest) +{ + if constexpr (!IsAnyOf) { + GTEST_SKIP() << "Not built for this parameter"; + } else { + // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) + auto builder = typename TypeParam::CircuitBuilder(); + TestFixture::generate_test_circuit(builder); + + // Automatically generate a transcript manifest by constructing a proof + auto proving_key = std::make_shared(builder); + typename TestFixture::Prover prover(proving_key); + auto proof = prover.construct_proof(); + EXPECT_EQ(proof.size(), TypeParam::PROOF_LENGTH_WITHOUT_PUB_INPUTS + builder.public_inputs.size()); + } +} diff --git a/barretenberg/sol/src/honk/BaseHonkVerifier.sol b/barretenberg/sol/src/honk/BaseHonkVerifier.sol index 2a4697590785..5c38218a041d 100644 --- a/barretenberg/sol/src/honk/BaseHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseHonkVerifier.sol @@ -24,11 +24,6 @@ import {Transcript, TranscriptLib} from "./Transcript.sol"; import {RelationsLib} from "./Relations.sol"; abstract contract BaseHonkVerifier is IVerifier { - // Errors - error PublicInputsLengthWrong(); - error SumcheckFailed(); - error ShpleminiFailed(); - using FrLib for Fr; uint256 immutable N; From 97417848a202116b2f45001bbe9008758fa7669e Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 7 Jan 2025 13:21:14 +0000 Subject: [PATCH 3/6] mega flavors --- .../stdlib_circuit_builders/mega_flavor.hpp | 16 +- .../mega_zk_flavor.hpp | 191 ++++++++---------- .../ultra_keccak_zk_flavor.hpp | 7 +- .../ultra_zk_flavor.hpp | 7 +- .../ultra_honk/ultra_transcript.test.cpp | 4 +- 5 files changed, 96 insertions(+), 129 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index 062929736f9a..926aec49abce 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -850,7 +850,7 @@ class MegaFlavor { * Note: Made generic for use in MegaRecursive. * TODO(https://github.com/AztecProtocol/barretenberg/issues/877): Remove this Commitment template parameter */ - template class Transcript_ : public NativeTranscript { + class Transcript : public NativeTranscript { public: uint32_t circuit_size; uint32_t public_input_size; @@ -887,23 +887,23 @@ class MegaFlavor { Commitment shplonk_q_comm; Commitment kzg_w_comm; - Transcript_() = default; + Transcript() = default; - Transcript_(const HonkProof& proof) + Transcript(const HonkProof& proof) : NativeTranscript(proof) {} - static std::shared_ptr prover_init_empty() + static std::shared_ptr prover_init_empty() { - auto transcript = std::make_shared(); + auto transcript = std::make_shared(); constexpr uint32_t init{ 42 }; // arbitrary transcript->send_to_verifier("Init", init); return transcript; }; - static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) { - auto verifier_transcript = std::make_shared(transcript->proof_data); + auto verifier_transcript = std::make_shared(transcript->proof_data); [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); return verifier_transcript; }; @@ -1010,8 +1010,6 @@ class MegaFlavor { ASSERT(proof_data.size() == old_proof_length); } }; - // Specialize for Mega (general case used in MegaRecursive). - using Transcript = Transcript_; }; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp index 92fe94b03fed..7c1a6afac2cc 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp @@ -19,71 +19,39 @@ class MegaZKFlavor : public bb::MegaFlavor { * Note: Made generic for use in MegaRecursive. * TODO(https://github.com/AztecProtocol/barretenberg/issues/877): Remove this Commitment template parameter */ - template class Transcript_ : public NativeTranscript { + class Transcript : public MegaFlavor::Transcript { public: - uint32_t circuit_size; - uint32_t public_input_size; - uint32_t pub_inputs_offset; - std::vector public_inputs; - Commitment w_l_comm; - Commitment w_r_comm; - Commitment w_o_comm; - Commitment ecc_op_wire_1_comm; - Commitment ecc_op_wire_2_comm; - Commitment ecc_op_wire_3_comm; - Commitment ecc_op_wire_4_comm; - Commitment calldata_comm; - Commitment calldata_read_counts_comm; - Commitment calldata_read_tags_comm; - Commitment calldata_inverses_comm; - Commitment secondary_calldata_comm; - Commitment secondary_calldata_read_counts_comm; - Commitment secondary_calldata_read_tags_comm; - Commitment secondary_calldata_inverses_comm; - Commitment return_data_comm; - Commitment return_data_read_counts_comm; - Commitment return_data_read_tags_comm; - Commitment return_data_inverses_comm; - Commitment w_4_comm; - Commitment z_perm_comm; - Commitment lookup_inverses_comm; - Commitment lookup_read_counts_comm; - Commitment lookup_read_tags_comm; + // Note: we have a different vector of univariates because the degree for ZK flavors differs + std::vector> zk_sumcheck_univariates; Commitment libra_concatenation_commitment; FF libra_sum; - std::vector> sumcheck_univariates; FF libra_claimed_evaluation; Commitment libra_big_sum_commitment; Commitment libra_quotient_commitment; - std::array sumcheck_evaluations; FF libra_concatenation_eval; FF libra_shifted_big_sum_eval; FF libra_big_sum_eval; FF libra_quotient_eval; Commitment hiding_polynomial_commitment; FF hiding_polynomial_eval; - std::vector gemini_fold_comms; - std::vector gemini_fold_evals; - Commitment shplonk_q_comm; - Commitment kzg_w_comm; - Transcript_() = default; + Transcript() = default; - Transcript_(const HonkProof& proof) - : NativeTranscript(proof) + Transcript(const HonkProof& proof) + : MegaFlavor::Transcript(proof) {} - static std::shared_ptr prover_init_empty() + static std::shared_ptr prover_init_empty() { - auto transcript = std::make_shared(); + auto transcript = std::make_shared(); constexpr uint32_t init{ 42 }; // arbitrary transcript->send_to_verifier("Init", init); return transcript; }; - static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) { - auto verifier_transcript = std::make_shared(transcript->proof_data); + auto verifier_transcript = std::make_shared(transcript->proof_data); [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); return verifier_transcript; }; @@ -92,132 +60,131 @@ class MegaZKFlavor : public bb::MegaFlavor { { // take current proof and put them into the struct size_t num_frs_read = 0; - circuit_size = deserialize_from_buffer(proof_data, num_frs_read); + this->circuit_size = deserialize_from_buffer(proof_data, num_frs_read); - public_input_size = deserialize_from_buffer(proof_data, num_frs_read); - pub_inputs_offset = deserialize_from_buffer(proof_data, num_frs_read); + this->public_input_size = deserialize_from_buffer(proof_data, num_frs_read); + this->pub_inputs_offset = deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(proof_data, num_frs_read)); + this->public_inputs.push_back(deserialize_from_buffer(proof_data, num_frs_read)); } - w_l_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_r_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_o_comm = deserialize_from_buffer(proof_data, num_frs_read); - ecc_op_wire_1_comm = deserialize_from_buffer(proof_data, num_frs_read); - ecc_op_wire_2_comm = deserialize_from_buffer(proof_data, num_frs_read); - ecc_op_wire_3_comm = deserialize_from_buffer(proof_data, num_frs_read); - ecc_op_wire_4_comm = deserialize_from_buffer(proof_data, num_frs_read); - calldata_comm = deserialize_from_buffer(proof_data, num_frs_read); - calldata_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); - calldata_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); - calldata_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); - secondary_calldata_comm = deserialize_from_buffer(proof_data, num_frs_read); - secondary_calldata_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); - secondary_calldata_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); - secondary_calldata_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); - return_data_comm = deserialize_from_buffer(proof_data, num_frs_read); - return_data_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); - return_data_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); - return_data_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); - w_4_comm = deserialize_from_buffer(proof_data, num_frs_read); - lookup_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); - z_perm_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->w_l_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->w_r_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->w_o_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->ecc_op_wire_1_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->ecc_op_wire_2_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->ecc_op_wire_3_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->ecc_op_wire_4_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->calldata_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->calldata_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->calldata_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->calldata_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->secondary_calldata_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->secondary_calldata_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->secondary_calldata_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->secondary_calldata_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->return_data_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->return_data_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->return_data_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->return_data_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_read_counts_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_read_tags_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->w_4_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->lookup_inverses_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->z_perm_comm = deserialize_from_buffer(proof_data, num_frs_read); libra_concatenation_commitment = deserialize_from_buffer(proof_data, num_frs_read); libra_sum = deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - sumcheck_univariates.push_back( + zk_sumcheck_univariates.push_back( deserialize_from_buffer>(proof_data, num_frs_read)); } libra_claimed_evaluation = deserialize_from_buffer(proof_data, num_frs_read); - sumcheck_evaluations = deserialize_from_buffer>(proof_data, num_frs_read); + this->sumcheck_evaluations = + deserialize_from_buffer>(proof_data, num_frs_read); libra_big_sum_commitment = deserialize_from_buffer(proof_data, num_frs_read); libra_quotient_commitment = deserialize_from_buffer(proof_data, num_frs_read); hiding_polynomial_commitment = deserialize_from_buffer(proof_data, num_frs_read); hiding_polynomial_eval = deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { - gemini_fold_comms.push_back(deserialize_from_buffer(proof_data, num_frs_read)); + this->gemini_fold_comms.push_back(deserialize_from_buffer(proof_data, num_frs_read)); } for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - gemini_fold_evals.push_back(deserialize_from_buffer(proof_data, num_frs_read)); + this->gemini_fold_evals.push_back(deserialize_from_buffer(proof_data, num_frs_read)); } libra_concatenation_eval = deserialize_from_buffer(proof_data, num_frs_read); libra_shifted_big_sum_eval = deserialize_from_buffer(proof_data, num_frs_read); libra_big_sum_eval = deserialize_from_buffer(proof_data, num_frs_read); libra_quotient_eval = deserialize_from_buffer(proof_data, num_frs_read); - shplonk_q_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->shplonk_q_comm = deserialize_from_buffer(proof_data, num_frs_read); - kzg_w_comm = deserialize_from_buffer(proof_data, num_frs_read); + this->kzg_w_comm = deserialize_from_buffer(proof_data, num_frs_read); } void serialize_full_transcript() { size_t old_proof_length = proof_data.size(); proof_data.clear(); - serialize_to_buffer(circuit_size, proof_data); - serialize_to_buffer(public_input_size, proof_data); - serialize_to_buffer(pub_inputs_offset, proof_data); + serialize_to_buffer(this->circuit_size, proof_data); + serialize_to_buffer(this->public_input_size, proof_data); + serialize_to_buffer(this->pub_inputs_offset, proof_data); for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], proof_data); + serialize_to_buffer(this->public_inputs[i], proof_data); } - serialize_to_buffer(w_l_comm, proof_data); - serialize_to_buffer(w_r_comm, proof_data); - serialize_to_buffer(w_o_comm, proof_data); - serialize_to_buffer(ecc_op_wire_1_comm, proof_data); - serialize_to_buffer(ecc_op_wire_2_comm, proof_data); - serialize_to_buffer(ecc_op_wire_3_comm, proof_data); - serialize_to_buffer(ecc_op_wire_4_comm, proof_data); - serialize_to_buffer(calldata_comm, proof_data); - serialize_to_buffer(calldata_read_counts_comm, proof_data); - serialize_to_buffer(calldata_read_tags_comm, proof_data); - serialize_to_buffer(calldata_inverses_comm, proof_data); - serialize_to_buffer(secondary_calldata_comm, proof_data); - serialize_to_buffer(secondary_calldata_read_counts_comm, proof_data); - serialize_to_buffer(secondary_calldata_read_tags_comm, proof_data); - serialize_to_buffer(secondary_calldata_inverses_comm, proof_data); - serialize_to_buffer(return_data_comm, proof_data); - serialize_to_buffer(return_data_read_counts_comm, proof_data); - serialize_to_buffer(return_data_read_tags_comm, proof_data); - serialize_to_buffer(return_data_inverses_comm, proof_data); - serialize_to_buffer(lookup_read_counts_comm, proof_data); - serialize_to_buffer(lookup_read_tags_comm, proof_data); - serialize_to_buffer(w_4_comm, proof_data); - serialize_to_buffer(lookup_inverses_comm, proof_data); - serialize_to_buffer(z_perm_comm, proof_data); + serialize_to_buffer(this->w_l_comm, proof_data); + serialize_to_buffer(this->w_r_comm, proof_data); + serialize_to_buffer(this->w_o_comm, proof_data); + serialize_to_buffer(this->ecc_op_wire_1_comm, proof_data); + serialize_to_buffer(this->ecc_op_wire_2_comm, proof_data); + serialize_to_buffer(this->ecc_op_wire_3_comm, proof_data); + serialize_to_buffer(this->ecc_op_wire_4_comm, proof_data); + serialize_to_buffer(this->calldata_comm, proof_data); + serialize_to_buffer(this->calldata_read_counts_comm, proof_data); + serialize_to_buffer(this->calldata_read_tags_comm, proof_data); + serialize_to_buffer(this->calldata_inverses_comm, proof_data); + serialize_to_buffer(this->secondary_calldata_comm, proof_data); + serialize_to_buffer(this->secondary_calldata_read_counts_comm, proof_data); + serialize_to_buffer(this->secondary_calldata_read_tags_comm, proof_data); + serialize_to_buffer(this->secondary_calldata_inverses_comm, proof_data); + serialize_to_buffer(this->return_data_comm, proof_data); + serialize_to_buffer(this->return_data_read_counts_comm, proof_data); + serialize_to_buffer(this->return_data_read_tags_comm, proof_data); + serialize_to_buffer(this->return_data_inverses_comm, proof_data); + serialize_to_buffer(this->lookup_read_counts_comm, proof_data); + serialize_to_buffer(this->lookup_read_tags_comm, proof_data); + serialize_to_buffer(this->w_4_comm, proof_data); + serialize_to_buffer(this->lookup_inverses_comm, proof_data); + serialize_to_buffer(this->z_perm_comm, proof_data); serialize_to_buffer(libra_concatenation_commitment, proof_data); serialize_to_buffer(libra_sum, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - serialize_to_buffer(sumcheck_univariates[i], proof_data); + serialize_to_buffer(zk_sumcheck_univariates[i], proof_data); } serialize_to_buffer(libra_claimed_evaluation, proof_data); - serialize_to_buffer(sumcheck_evaluations, proof_data); + serialize_to_buffer(this->sumcheck_evaluations, proof_data); serialize_to_buffer(libra_big_sum_commitment, proof_data); serialize_to_buffer(libra_quotient_commitment, proof_data); serialize_to_buffer(hiding_polynomial_commitment, proof_data); serialize_to_buffer(hiding_polynomial_eval, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { - serialize_to_buffer(gemini_fold_comms[i], proof_data); + serialize_to_buffer(this->gemini_fold_comms[i], proof_data); } for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - serialize_to_buffer(gemini_fold_evals[i], proof_data); + serialize_to_buffer(this->gemini_fold_evals[i], proof_data); } serialize_to_buffer(libra_concatenation_eval, proof_data); serialize_to_buffer(libra_shifted_big_sum_eval, proof_data); serialize_to_buffer(libra_big_sum_eval, proof_data); serialize_to_buffer(libra_quotient_eval, proof_data); - serialize_to_buffer(shplonk_q_comm, proof_data); - serialize_to_buffer(kzg_w_comm, proof_data); + serialize_to_buffer(this->shplonk_q_comm, proof_data); + serialize_to_buffer(this->kzg_w_comm, proof_data); ASSERT(proof_data.size() == old_proof_length); } }; - // Specialize for Mega (general case used in MegaRecursive). - using Transcript = Transcript_; }; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp index 54fff17a5950..523aa6c6bad6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp @@ -30,7 +30,8 @@ class UltraKeccakZKFlavor : public UltraKeccakFlavor { class Transcript : public UltraKeccakFlavor::Transcript { public: using Base = UltraKeccakFlavor::Transcript::Base; - std::vector> sumcheck_univariates; + // Note: we have a different vector of univariates because the degree for ZK flavors differs + std::vector> zk_sumcheck_univariates; Commitment libra_concatenation_commitment; FF libra_sum; FF libra_claimed_evaluation; @@ -75,7 +76,7 @@ class UltraKeccakZKFlavor : public UltraKeccakFlavor { libra_sum = Base::template deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - sumcheck_univariates.push_back( + zk_sumcheck_univariates.push_back( Base::template deserialize_from_buffer>( proof_data, num_frs_read)); } @@ -131,7 +132,7 @@ class UltraKeccakZKFlavor : public UltraKeccakFlavor { Base::template serialize_to_buffer(libra_sum, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - Base::template serialize_to_buffer(sumcheck_univariates[i], proof_data); + Base::template serialize_to_buffer(zk_sumcheck_univariates[i], proof_data); } Base::template serialize_to_buffer(libra_claimed_evaluation, proof_data); diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp index 07dce9623b18..3c09f82df2dc 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp @@ -30,7 +30,8 @@ class UltraZKFlavor : public UltraFlavor { template class Transcript_ : public UltraFlavor::Transcript_ { public: using Base = UltraFlavor::Transcript_::Base; - std::vector> sumcheck_univariates; + // Note: we have a different vector of univariates because the degree for ZK flavors differs + std::vector> zk_sumcheck_univariates; Commitment libra_concatenation_commitment; FF libra_sum; FF libra_claimed_evaluation; @@ -82,7 +83,7 @@ class UltraZKFlavor : public UltraFlavor { libra_sum = Base::template deserialize_from_buffer(proof_data, num_frs_read); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - sumcheck_univariates.push_back( + zk_sumcheck_univariates.push_back( Base::template deserialize_from_buffer>( proof_data, num_frs_read)); } @@ -138,7 +139,7 @@ class UltraZKFlavor : public UltraFlavor { Base::template serialize_to_buffer(libra_sum, proof_data); for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { - Base::template serialize_to_buffer(sumcheck_univariates[i], proof_data); + Base::template serialize_to_buffer(zk_sumcheck_univariates[i], proof_data); } Base::template serialize_to_buffer(libra_claimed_evaluation, proof_data); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 8eaccfef852d..f313ea074b7e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -14,8 +14,6 @@ using namespace bb; -using FlavorTypes = - ::testing::Types; template class UltraTranscriptTests : public ::testing::Test { public: static void SetUpTestSuite() @@ -188,6 +186,8 @@ template class UltraTranscriptTests : public ::testing::Test { } }; +using FlavorTypes = + ::testing::Types; TYPED_TEST_SUITE(UltraTranscriptTests, FlavorTypes); /** From 89e2040e5ad0423edcd92c9e292495f9039ea4f8 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 7 Jan 2025 13:24:15 +0000 Subject: [PATCH 4/6] cleanup --- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 1 - .../barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 0021ba9c4c1c..adcdc18a52be 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -404,7 +404,6 @@ template concept IsECCVMRecursiveFlavor = IsAnyOf concept IsFoldingFlavor = IsAnyOf class Transcript_ : public UltraFlavor::Transcript_ { From 9a6c2080c8f41ea313d4bf20e5af3295c7ce5412 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 7 Jan 2025 14:56:45 +0000 Subject: [PATCH 5/6] fix compilation --- .../cpp/src/barretenberg/flavor/flavor.hpp | 1 + .../mega_zk_flavor.hpp | 2 +- .../ultra_keccak_zk_flavor.hpp | 25 ++++++++++++++++++- .../ultra_zk_flavor.hpp | 15 +++++++++++ .../barretenberg/sumcheck/sumcheck.test.cpp | 2 +- 5 files changed, 42 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index adcdc18a52be..9e6b652d0dc0 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -404,6 +404,7 @@ template concept IsECCVMRecursiveFlavor = IsAnyOf concept IsFoldingFlavor = IsAnyOf verifier_init_empty(const std::shared_ptr& transcript) { auto verifier_transcript = std::make_shared(transcript->proof_data); - [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); + verifier_transcript->template receive_from_prover("Init"); return verifier_transcript; }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp index 523aa6c6bad6..b461e64698c9 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp @@ -24,7 +24,8 @@ class UltraKeccakZKFlavor : public UltraKeccakFlavor { // the rounds of ZK Sumcheck. static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = UltraKeccakFlavor::BATCHED_RELATION_PARTIAL_LENGTH + 1; /** - * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. + * @brief Derived class that defines proof structure for Ultra zero knowledge proofs, as well as supporting + * functions. * */ class Transcript : public UltraKeccakFlavor::Transcript { @@ -44,6 +45,28 @@ class UltraKeccakZKFlavor : public UltraKeccakFlavor { Commitment hiding_polynomial_commitment; FF hiding_polynomial_eval; + Transcript() = default; + + // Used by verifier to initialize the transcript + Transcript(const std::vector& proof) + : UltraKeccakFlavor::Transcript(proof) + {} + + static std::shared_ptr prover_init_empty() + { + auto transcript = std::make_shared(); + constexpr uint32_t init{ 42 }; // arbitrary + transcript->send_to_verifier("Init", init); + return transcript; + }; + + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) + { + auto verifier_transcript = std::make_shared(transcript->proof_data); + verifier_transcript->template receive_from_prover("Init"); + return verifier_transcript; + }; + /** * @brief Takes a FULL Ultra proof and deserializes it into the public member variables * that compose the structure. Must be called in order to access the structure of the diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp index e3dec8368ba8..31e3c8305780 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp @@ -52,6 +52,21 @@ class UltraZKFlavor : public UltraFlavor { : UltraFlavor::Transcript_(proof) {} + static std::shared_ptr prover_init_empty() + { + auto transcript = std::make_shared(); + constexpr uint32_t init{ 42 }; // arbitrary + transcript->send_to_verifier("Init", init); + return transcript; + }; + + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) + { + auto verifier_transcript = std::make_shared(transcript->proof_data); + verifier_transcript->template receive_from_prover("Init"); + return verifier_transcript; + }; + /** * @brief Takes a FULL Ultra proof and deserializes it into the public member variables * that compose the structure. Must be called in order to access the structure of the diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp index 1f384dae67d2..8bfa8485a942 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp @@ -374,7 +374,7 @@ template class SumcheckTests : public ::testing::Test { }; // Define the FlavorTypes -using FlavorTypes = testing::Types; +using FlavorTypes = testing::Types; TYPED_TEST_SUITE(SumcheckTests, FlavorTypes); From 380891299ecff89f477eb95ba86f8a89ab1866b7 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 7 Jan 2025 15:00:37 +0000 Subject: [PATCH 6/6] instantiate sumcheck tests on all flavors --- barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp index 8bfa8485a942..0cf586f47eb6 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp @@ -374,7 +374,8 @@ template class SumcheckTests : public ::testing::Test { }; // Define the FlavorTypes -using FlavorTypes = testing::Types; +using FlavorTypes = + testing::Types; TYPED_TEST_SUITE(SumcheckTests, FlavorTypes);