From 990d978ff4a16e11873592f1090967d9258f8eac Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 10 Jan 2025 00:16:49 +0000 Subject: [PATCH 01/18] move witness computation into class plus some other cleanup --- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 2 - .../barretenberg/polynomials/polynomial.hpp | 4 - .../protogalaxy/protogalaxy.test.cpp | 15 ++- .../stdlib_circuit_builders/mega_flavor.hpp | 83 ------------- .../stdlib_circuit_builders/ultra_flavor.hpp | 67 ---------- .../translator_vm/translator_flavor.hpp | 2 - .../barretenberg/ultra_honk/oink_prover.cpp | 10 +- .../ultra_honk/relation_correctness.test.cpp | 29 +++-- .../barretenberg/ultra_honk/sumcheck.test.cpp | 15 ++- .../ultra_honk/witness_computation.cpp | 115 ++++++++++++++++++ .../ultra_honk/witness_computation.hpp | 32 +++++ 11 files changed, 188 insertions(+), 186 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp create mode 100644 barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 7afbebf92d63..70bbdf02b3b8 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -343,8 +343,6 @@ class ECCVMFlavor { { return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_all()); }; - // this getter is necessary for a universal ZK Sumcheck - auto get_non_witnesses() { return PrecomputedEntities::get_all(); }; }; public: diff --git a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp index 79ee95fe7ef7..fdb196d06f82 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp @@ -388,10 +388,6 @@ template class Polynomial { // safety check for in place operations bool in_place_operation_viable(size_t domain_size) { return (size() >= domain_size); } - // When a polynomial is instantiated from a size alone, the memory allocated corresponds to - // input size + MAXIMUM_COEFFICIENT_SHIFT to support 'shifted' coefficients efficiently. - const static size_t MAXIMUM_COEFFICIENT_SHIFT = 1; - // The underlying memory, with a bespoke (but minimal) shared array struct that fits our needs. // Namely, it supports polynomial shifts and 'virtual' zeroes past a size up until a 'virtual' size. SharedShiftedVirtualZeroesArray coefficients_; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp index e53e2bef64be..d79f81183a51 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp @@ -8,6 +8,7 @@ #include "barretenberg/stdlib_circuit_builders/mock_circuits.hpp" #include "barretenberg/ultra_honk/decider_prover.hpp" #include "barretenberg/ultra_honk/decider_verifier.hpp" +#include "barretenberg/ultra_honk/witness_computation.hpp" #include @@ -122,12 +123,14 @@ template class ProtogalaxyTests : public testing::Test { decider_pk->relation_parameters.beta = FF::random_element(); decider_pk->relation_parameters.gamma = FF::random_element(); - decider_pk->proving_key.add_ram_rom_memory_records_to_wire_4(decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - decider_pk->proving_key.compute_logderivative_inverses(decider_pk->relation_parameters); - decider_pk->proving_key.compute_grand_product_polynomial(decider_pk->relation_parameters, - decider_pk->final_active_wire_idx + 1); + WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, + decider_pk->relation_parameters.eta, + decider_pk->relation_parameters.eta_two, + decider_pk->relation_parameters.eta_three); + WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, + decider_pk->relation_parameters); + WitnessComputation::compute_grand_product_polynomial( + decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); for (auto& alpha : decider_pk->alphas) { alpha = FF::random_element(); diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index 8bfa78ca4aab..212c7f16c30d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -284,8 +284,6 @@ class MegaFlavor { w_o_shift, // column 2 w_4_shift, // column 3 z_perm_shift) // column 4 - - auto get_shifted() { return RefArray{ w_l_shift, w_r_shift, w_o_shift, w_4_shift, z_perm_shift }; }; }; public: @@ -325,8 +323,6 @@ class MegaFlavor { { return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_all()); }; - // getter for the complement of all witnesses inside all entities - auto get_non_witnesses() { return PrecomputedEntities::get_all(); }; }; /** @@ -434,85 +430,6 @@ class MegaFlavor { // Data pertaining to transfer of databus return data via public inputs DatabusPropagationData databus_propagation_data; - /** - * @brief Add plookup memory records to the fourth wire polynomial - * - * @details This operation must be performed after the first three wires have been committed to, hence the - * dependence on the `eta` challenge. - * - * @tparam Flavor - * @param eta challenge produced after commitment to first three wire polynomials - */ - void add_ram_rom_memory_records_to_wire_4(const FF& eta, const FF& eta_two, const FF& eta_three) - { - // The plookup memory record values are computed at the indicated indices as - // w4 = w3 * eta^3 + w2 * eta^2 + w1 * eta + read_write_flag; - // (See plookup_auxiliary_widget.hpp for details) - auto wires = polynomials.get_wires(); - - // Compute read record values - for (const auto& gate_idx : memory_read_records) { - wires[3].at(gate_idx) += wires[2][gate_idx] * eta_three; - wires[3].at(gate_idx) += wires[1][gate_idx] * eta_two; - wires[3].at(gate_idx) += wires[0][gate_idx] * eta; - } - - // Compute write record values - for (const auto& gate_idx : memory_write_records) { - wires[3].at(gate_idx) += wires[2][gate_idx] * eta_three; - wires[3].at(gate_idx) += wires[1][gate_idx] * eta_two; - wires[3].at(gate_idx) += wires[0][gate_idx] * eta; - wires[3].at(gate_idx) += 1; - } - } - - /** - * @brief Compute the inverse polynomials used in the log derivative lookup relations - * - * @tparam Flavor - * @param beta - * @param gamma - */ - void compute_logderivative_inverses(const RelationParameters& relation_parameters) - { - PROFILE_THIS_NAME("compute_logderivative_inverses"); - - // Compute inverses for conventional lookups - LogDerivLookupRelation::compute_logderivative_inverse( - this->polynomials, relation_parameters, this->circuit_size); - - // Compute inverses for calldata reads - DatabusLookupRelation::compute_logderivative_inverse( - this->polynomials, relation_parameters, this->circuit_size); - - // Compute inverses for secondary_calldata reads - DatabusLookupRelation::compute_logderivative_inverse( - this->polynomials, relation_parameters, this->circuit_size); - - // Compute inverses for return data reads - DatabusLookupRelation::compute_logderivative_inverse( - this->polynomials, relation_parameters, this->circuit_size); - } - - /** - * @brief Computes public_input_delta and the permutation grand product polynomial - * - * @param relation_parameters - * @param size_override override the size of the domain over which to compute the grand product - */ - void compute_grand_product_polynomial(RelationParameters& relation_parameters, size_t size_override = 0) - { - relation_parameters.public_input_delta = compute_public_input_delta(this->public_inputs, - relation_parameters.beta, - relation_parameters.gamma, - this->circuit_size, - this->pub_inputs_offset); - - // Compute permutation grand product polynomial - compute_grand_product>( - this->polynomials, relation_parameters, size_override, this->active_region_data); - } - uint64_t estimate_memory() { vinfo("++Estimating proving key memory++"); diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 040769441f75..9529da635422 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -255,8 +255,6 @@ class UltraFlavor { { return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_shifted()); }; - // getter for the complement of all witnesses inside all entities - auto get_non_witnesses() { return PrecomputedEntities::get_all(); }; }; /** @@ -358,71 +356,6 @@ class UltraFlavor { std::vector memory_read_records; std::vector memory_write_records; ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover - - /** - * @brief Add RAM/ROM memory records to the fourth wire polynomial - * - * @details This operation must be performed after the first three wires have been - * committed to, hence the dependence on the `eta` challenge. - * - * @tparam Flavor - * @param eta challenge produced after commitment to first three wire polynomials - */ - void add_ram_rom_memory_records_to_wire_4(const FF& eta, const FF& eta_two, const FF& eta_three) - { - // The memory record values are computed at the indicated indices as - // w4 = w3 * eta^3 + w2 * eta^2 + w1 * eta + read_write_flag; - // (See the Auxiliary relation for details) - auto wires = polynomials.get_wires(); - - // Compute read record values - for (const auto& gate_idx : memory_read_records) { - wires[3].at(gate_idx) += wires[2][gate_idx] * eta_three; - wires[3].at(gate_idx) += wires[1][gate_idx] * eta_two; - wires[3].at(gate_idx) += wires[0][gate_idx] * eta; - } - - // Compute write record values - for (const auto& gate_idx : memory_write_records) { - wires[3].at(gate_idx) += wires[2][gate_idx] * eta_three; - wires[3].at(gate_idx) += wires[1][gate_idx] * eta_two; - wires[3].at(gate_idx) += wires[0][gate_idx] * eta; - wires[3].at(gate_idx) += 1; - } - } - - /** - * @brief Compute the inverse polynomial used in the log derivative lookup argument - * - * @tparam Flavor - * @param beta - * @param gamma - */ - void compute_logderivative_inverses(const RelationParameters& relation_parameters) - { - // Compute inverses for conventional lookups - compute_logderivative_inverse>( - this->polynomials, relation_parameters, this->circuit_size); - } - - /** - * @brief Computes public_input_delta and the permutation grand product polynomial - * - * @param relation_parameters - * @param size_override override the size of the domain over which to compute the grand product - */ - void compute_grand_product_polynomial(RelationParameters& relation_parameters, size_t size_override = 0) - { - relation_parameters.public_input_delta = compute_public_input_delta(this->public_inputs, - relation_parameters.beta, - relation_parameters.gamma, - this->circuit_size, - this->pub_inputs_offset); - - // Compute permutation grand product polynomial - compute_grand_product>( - this->polynomials, relation_parameters, size_override); - } }; /** diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp index 904c65f5acc0..0af5fc52905f 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp @@ -592,8 +592,6 @@ class TranslatorFlavor { { return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_all()); }; - // Get all non-witness polynomials. In this case, contains only PrecomputedEntities. - auto get_non_witnesses() { return PrecomputedEntities::get_all(); }; friend std::ostream& operator<<(std::ostream& os, const AllEntities& a) { diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index 0bdb08edacff..9d0c068e5b99 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -2,6 +2,7 @@ #include "barretenberg/common/op_count.hpp" #include "barretenberg/plonk_honk_shared/proving_key_inspector.hpp" #include "barretenberg/relations/logderiv_lookup_relation.hpp" +#include "barretenberg/ultra_honk/witness_computation.hpp" namespace bb { @@ -162,7 +163,7 @@ template void OinkProver::execute_sorted_list_acc proving_key->relation_parameters.eta_two = eta_two; proving_key->relation_parameters.eta_three = eta_three; - proving_key->proving_key.add_ram_rom_memory_records_to_wire_4(eta, eta_two, eta_three); + WitnessComputation::add_ram_rom_memory_records_to_wire_4(proving_key->proving_key, eta, eta_two, eta_three); // Commit to lookup argument polynomials and the finalized (i.e. with memory records) fourth wire polynomial { @@ -202,7 +203,8 @@ template void OinkProver::execute_log_derivative_ proving_key->relation_parameters.gamma = gamma; // Compute the inverses used in log-derivative lookup relations - proving_key->proving_key.compute_logderivative_inverses(proving_key->relation_parameters); + WitnessComputation::compute_logderivative_inverses(proving_key->proving_key, + proving_key->relation_parameters); { PROFILE_THIS_NAME("COMMIT::lookup_inverses"); @@ -236,8 +238,8 @@ template void OinkProver::execute_grand_product_c PROFILE_THIS_NAME("OinkProver::execute_grand_product_computation_round"); // Compute the permutation grand product polynomial - proving_key->proving_key.compute_grand_product_polynomial(proving_key->relation_parameters, - proving_key->final_active_wire_idx + 1); + WitnessComputation::compute_grand_product_polynomial( + proving_key->proving_key, proving_key->relation_parameters, proving_key->final_active_wire_idx + 1); { PROFILE_THIS_NAME("COMMIT::z_perm"); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp index 23c90a2bea86..3f418b1da6c2 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp @@ -11,6 +11,7 @@ #include "barretenberg/stdlib_circuit_builders/plookup_tables/fixed_base/fixed_base.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" #include "barretenberg/ultra_honk/decider_proving_key.hpp" +#include "barretenberg/ultra_honk/witness_computation.hpp" #include using namespace bb; @@ -271,12 +272,14 @@ TEST_F(UltraRelationCorrectnessTests, Ultra) decider_pk->relation_parameters.beta = FF::random_element(); decider_pk->relation_parameters.gamma = FF::random_element(); - decider_pk->proving_key.add_ram_rom_memory_records_to_wire_4(decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - decider_pk->proving_key.compute_logderivative_inverses(decider_pk->relation_parameters); - decider_pk->proving_key.compute_grand_product_polynomial(decider_pk->relation_parameters, - decider_pk->final_active_wire_idx + 1); + WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, + decider_pk->relation_parameters.eta, + decider_pk->relation_parameters.eta_two, + decider_pk->relation_parameters.eta_three); + WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, + decider_pk->relation_parameters); + WitnessComputation::compute_grand_product_polynomial( + decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution ensure_non_zero(proving_key.polynomials.q_arith); @@ -325,12 +328,14 @@ TEST_F(UltraRelationCorrectnessTests, Mega) decider_pk->relation_parameters.beta = FF::random_element(); decider_pk->relation_parameters.gamma = FF::random_element(); - decider_pk->proving_key.add_ram_rom_memory_records_to_wire_4(decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - decider_pk->proving_key.compute_logderivative_inverses(decider_pk->relation_parameters); - decider_pk->proving_key.compute_grand_product_polynomial(decider_pk->relation_parameters, - decider_pk->final_active_wire_idx + 1); + WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, + decider_pk->relation_parameters.eta, + decider_pk->relation_parameters.eta_two, + decider_pk->relation_parameters.eta_three); + WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, + decider_pk->relation_parameters); + WitnessComputation::compute_grand_product_polynomial( + decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution ensure_non_zero(proving_key.polynomials.q_arith); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp index 8595d8f17aed..c387e90f6354 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp @@ -9,6 +9,7 @@ #include "barretenberg/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/stdlib_circuit_builders/plookup_tables/fixed_base/fixed_base.hpp" #include "barretenberg/transcript/transcript.hpp" +#include "barretenberg/ultra_honk/witness_computation.hpp" #include @@ -156,12 +157,14 @@ TEST_F(SumcheckTestsRealCircuit, Ultra) decider_pk->relation_parameters.beta = FF::random_element(); decider_pk->relation_parameters.gamma = FF::random_element(); - decider_pk->proving_key.add_ram_rom_memory_records_to_wire_4(decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - decider_pk->proving_key.compute_logderivative_inverses(decider_pk->relation_parameters); - decider_pk->proving_key.compute_grand_product_polynomial(decider_pk->relation_parameters, - decider_pk->final_active_wire_idx + 1); + WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, + decider_pk->relation_parameters.eta, + decider_pk->relation_parameters.eta_two, + decider_pk->relation_parameters.eta_three); + WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, + decider_pk->relation_parameters); + WitnessComputation::compute_grand_product_polynomial( + decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); auto prover_transcript = Transcript::prover_init_empty(); auto circuit_size = decider_pk->proving_key.circuit_size; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp new file mode 100644 index 000000000000..13dd266b6fd9 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp @@ -0,0 +1,115 @@ +#include "barretenberg/ultra_honk/witness_computation.hpp" +#include "barretenberg/common/op_count.hpp" +#include "barretenberg/plonk_honk_shared/library/grand_product_delta.hpp" +#include "barretenberg/plonk_honk_shared/library/grand_product_library.hpp" +#include "barretenberg/plonk_honk_shared/proving_key_inspector.hpp" +#include "barretenberg/relations/databus_lookup_relation.hpp" +#include "barretenberg/relations/logderiv_lookup_relation.hpp" +#include "barretenberg/relations/permutation_relation.hpp" +#include "barretenberg/stdlib_circuit_builders/mega_zk_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_keccak_zk_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_rollup_flavor.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_zk_flavor.hpp" + +namespace bb { + +/** + * @brief Add RAM/ROM memory records to the fourth wire polynomial + * + * @details This operation must be performed after the first three wires have been + * committed to, hence the dependence on the `eta` challenge. + * + * @tparam Flavor + * @param eta challenge produced after commitment to first three wire polynomials + */ +template +void WitnessComputation::add_ram_rom_memory_records_to_wire_4(typename Flavor::ProvingKey& proving_key, + const typename Flavor::FF& eta, + const typename Flavor::FF& eta_two, + const typename Flavor::FF& eta_three) +{ + // The memory record values are computed at the indicated indices as + // w4 = w3 * eta^3 + w2 * eta^2 + w1 * eta + read_write_flag; + // (See the Auxiliary relation for details) + auto wires = proving_key.polynomials.get_wires(); + + // Compute read record values + for (const auto& gate_idx : proving_key.memory_read_records) { + wires[3].at(gate_idx) += wires[2][gate_idx] * eta_three; + wires[3].at(gate_idx) += wires[1][gate_idx] * eta_two; + wires[3].at(gate_idx) += wires[0][gate_idx] * eta; + } + + // Compute write record values + for (const auto& gate_idx : proving_key.memory_write_records) { + wires[3].at(gate_idx) += wires[2][gate_idx] * eta_three; + wires[3].at(gate_idx) += wires[1][gate_idx] * eta_two; + wires[3].at(gate_idx) += wires[0][gate_idx] * eta; + wires[3].at(gate_idx) += 1; + } +} + +/** + * @brief Compute the inverse polynomials used in the log derivative lookup relations + * + * @tparam Flavor + * @param beta + * @param gamma + */ +template +void WitnessComputation::compute_logderivative_inverses(Flavor::ProvingKey& proving_key, + RelationParameters& relation_parameters) +{ + PROFILE_THIS_NAME("compute_logderivative_inverses"); + + // Compute inverses for conventional lookups + LogDerivLookupRelation::compute_logderivative_inverse( + proving_key.polynomials, relation_parameters, proving_key.circuit_size); + + if constexpr (HasDataBus) { + // Compute inverses for calldata reads + DatabusLookupRelation::template compute_logderivative_inverse( + proving_key.polynomials, relation_parameters, proving_key.circuit_size); + + // Compute inverses for secondary_calldata reads + DatabusLookupRelation::template compute_logderivative_inverse( + proving_key.polynomials, relation_parameters, proving_key.circuit_size); + + // Compute inverses for return data reads + DatabusLookupRelation::template compute_logderivative_inverse( + proving_key.polynomials, relation_parameters, proving_key.circuit_size); + } +} + +/** + * @brief Computes public_input_delta and the permutation grand product polynomial + * + * @param relation_parameters + * @param size_override override the size of the domain over which to compute the grand product + */ +template +void WitnessComputation::compute_grand_product_polynomial(Flavor::ProvingKey& proving_key, + RelationParameters& relation_parameters, + size_t size_override) +{ + relation_parameters.public_input_delta = compute_public_input_delta(proving_key.public_inputs, + relation_parameters.beta, + relation_parameters.gamma, + proving_key.circuit_size, + proving_key.pub_inputs_offset); + + // Compute permutation grand product polynomial + compute_grand_product>( + proving_key.polynomials, relation_parameters, size_override, proving_key.active_region_data); +} + +template class WitnessComputation; +template class WitnessComputation; +template class WitnessComputation; +template class WitnessComputation; +template class WitnessComputation; +template class WitnessComputation; +template class WitnessComputation; + +} // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp new file mode 100644 index 000000000000..df1ad25cf995 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp @@ -0,0 +1,32 @@ +#pragma once + +#include "barretenberg/flavor/flavor.hpp" +#include "barretenberg/relations/relation_parameters.hpp" +#include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" +namespace bb { +/** + * @brief Class for all the oink rounds, which are shared between the folding prover and ultra prover. + * @details This class contains execute_preamble_round(), execute_wire_commitments_round(), + * execute_sorted_list_accumulator_round(), execute_log_derivative_inverse_round(), and + * execute_grand_product_computation_round(). + * + * @tparam Flavor + */ +template class WitnessComputation { + using FF = typename Flavor::FF; + + public: + static void add_ram_rom_memory_records_to_wire_4(Flavor::ProvingKey& proving_key, + const FF& eta, + const FF& eta_two, + const FF& eta_three); + + static void compute_logderivative_inverses(Flavor::ProvingKey& proving_key, + RelationParameters& relation_parameters); + + static void compute_grand_product_polynomial(Flavor::ProvingKey& proving_key, + RelationParameters& relation_parameters, + size_t size_override = 0); +}; + +} // namespace bb \ No newline at end of file From 4175a70c37a60558a4dbbe924797941106d11579 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 10 Jan 2025 14:54:14 +0000 Subject: [PATCH 02/18] complete proving key for test method --- .../protogalaxy/protogalaxy.test.cpp | 15 +-------- .../ultra_honk/relation_correctness.test.cpp | 32 ++----------------- .../barretenberg/ultra_honk/sumcheck.test.cpp | 17 +--------- .../ultra_honk/witness_computation.cpp | 29 +++++++++++++++++ .../ultra_honk/witness_computation.hpp | 3 ++ 5 files changed, 36 insertions(+), 60 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp index d79f81183a51..ef8927b97020 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp @@ -117,20 +117,7 @@ template class ProtogalaxyTests : public testing::Test { auto decider_pk = std::make_shared(builder); - decider_pk->relation_parameters.eta = FF::random_element(); - decider_pk->relation_parameters.eta_two = FF::random_element(); - decider_pk->relation_parameters.eta_three = FF::random_element(); - decider_pk->relation_parameters.beta = FF::random_element(); - decider_pk->relation_parameters.gamma = FF::random_element(); - - WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, - decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, - decider_pk->relation_parameters); - WitnessComputation::compute_grand_product_polynomial( - decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); + WitnessComputation::complete_proving_key_for_test(decider_pk); for (auto& alpha : decider_pk->alphas) { alpha = FF::random_element(); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp index 3f418b1da6c2..cf58de7cf06d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp @@ -265,21 +265,7 @@ TEST_F(UltraRelationCorrectnessTests, Ultra) auto& proving_key = decider_pk->proving_key; auto circuit_size = proving_key.circuit_size; - // Generate eta, beta and gamma - decider_pk->relation_parameters.eta = FF::random_element(); - decider_pk->relation_parameters.eta_two = FF::random_element(); - decider_pk->relation_parameters.eta_three = FF::random_element(); - decider_pk->relation_parameters.beta = FF::random_element(); - decider_pk->relation_parameters.gamma = FF::random_element(); - - WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, - decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, - decider_pk->relation_parameters); - WitnessComputation::compute_grand_product_polynomial( - decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); + WitnessComputation::complete_proving_key_for_test(decider_pk); // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution ensure_non_zero(proving_key.polynomials.q_arith); @@ -321,21 +307,7 @@ TEST_F(UltraRelationCorrectnessTests, Mega) auto& proving_key = decider_pk->proving_key; auto circuit_size = proving_key.circuit_size; - // Generate eta, beta and gamma - decider_pk->relation_parameters.eta = FF::random_element(); - decider_pk->relation_parameters.eta_two = FF::random_element(); - decider_pk->relation_parameters.eta_three = FF::random_element(); - decider_pk->relation_parameters.beta = FF::random_element(); - decider_pk->relation_parameters.gamma = FF::random_element(); - - WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, - decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, - decider_pk->relation_parameters); - WitnessComputation::compute_grand_product_polynomial( - decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); + WitnessComputation::complete_proving_key_for_test(decider_pk); // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution ensure_non_zero(proving_key.polynomials.q_arith); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp index c387e90f6354..5a84fb27069a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp @@ -149,22 +149,7 @@ TEST_F(SumcheckTestsRealCircuit, Ultra) // Create a prover (it will compute proving key and witness) auto decider_pk = std::make_shared>(builder); - // Generate eta, beta and gamma - decider_pk->relation_parameters.eta = FF::random_element(); - decider_pk->relation_parameters.eta = FF::random_element(); - decider_pk->relation_parameters.eta_two = FF::random_element(); - decider_pk->relation_parameters.eta_three = FF::random_element(); - decider_pk->relation_parameters.beta = FF::random_element(); - decider_pk->relation_parameters.gamma = FF::random_element(); - - WitnessComputation::add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, - decider_pk->relation_parameters.eta, - decider_pk->relation_parameters.eta_two, - decider_pk->relation_parameters.eta_three); - WitnessComputation::compute_logderivative_inverses(decider_pk->proving_key, - decider_pk->relation_parameters); - WitnessComputation::compute_grand_product_polynomial( - decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); + WitnessComputation::complete_proving_key_for_test(decider_pk); auto prover_transcript = Transcript::prover_init_empty(); auto circuit_size = decider_pk->proving_key.circuit_size; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp index 13dd266b6fd9..29bbfe450ad1 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.cpp @@ -104,6 +104,35 @@ void WitnessComputation::compute_grand_product_polynomial(Flavor::Provin proving_key.polynomials, relation_parameters, size_override, proving_key.active_region_data); } +/** + * @brief TEST only method for completing computation of the prover polynomials using random challenges + * + * @tparam Flavor + * @param decider_pk + */ +template +void WitnessComputation::complete_proving_key_for_test( + const std::shared_ptr>& decider_pk) +{ + // Generate random eta, beta and gamma + decider_pk->relation_parameters.eta = FF::random_element(); + decider_pk->relation_parameters.eta = FF::random_element(); + decider_pk->relation_parameters.eta_two = FF::random_element(); + decider_pk->relation_parameters.eta_three = FF::random_element(); + decider_pk->relation_parameters.beta = FF::random_element(); + decider_pk->relation_parameters.gamma = FF::random_element(); + + add_ram_rom_memory_records_to_wire_4(decider_pk->proving_key, + decider_pk->relation_parameters.eta, + decider_pk->relation_parameters.eta_two, + decider_pk->relation_parameters.eta_three); + + compute_logderivative_inverses(decider_pk->proving_key, decider_pk->relation_parameters); + + compute_grand_product_polynomial( + decider_pk->proving_key, decider_pk->relation_parameters, decider_pk->final_active_wire_idx + 1); +} + template class WitnessComputation; template class WitnessComputation; template class WitnessComputation; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp index df1ad25cf995..090266779c47 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp @@ -3,6 +3,7 @@ #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" +#include "barretenberg/ultra_honk/decider_proving_key.hpp" namespace bb { /** * @brief Class for all the oink rounds, which are shared between the folding prover and ultra prover. @@ -27,6 +28,8 @@ template class WitnessComputation { static void compute_grand_product_polynomial(Flavor::ProvingKey& proving_key, RelationParameters& relation_parameters, size_t size_override = 0); + + static void complete_proving_key_for_test(const std::shared_ptr>& decider_pk); }; } // namespace bb \ No newline at end of file From abf2fc1849ab54f29bb77f59fd063b2cadeb733f Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 10 Jan 2025 16:25:06 +0000 Subject: [PATCH 03/18] move mega mem estimation into class --- .../mega_memory_bench/mega_memory.bench.cpp | 5 +- .../mega_memory_bench/memory_estimator.hpp | 77 +++++++++++++++++++ .../mega_circuit_builder.hpp | 38 --------- .../stdlib_circuit_builders/mega_flavor.hpp | 18 ----- 4 files changed, 80 insertions(+), 58 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/memory_estimator.hpp diff --git a/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/mega_memory.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/mega_memory.bench.cpp index e180ea2963c2..c5497d01b97a 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/mega_memory.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/mega_memory.bench.cpp @@ -1,3 +1,4 @@ +#include "barretenberg/benchmark/mega_memory_bench/memory_estimator.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/plookup/plookup.hpp" #include "barretenberg/stdlib_circuit_builders/plookup_tables/fixed_base/fixed_base.hpp" @@ -312,10 +313,10 @@ void fill_trace(State& state, TraceSettings settings) } builder.finalize_circuit(/* ensure_nonzero */ true); - uint64_t builder_estimate = builder.estimate_memory(); + uint64_t builder_estimate = MegaMemoryEstimator::estimate_builder_memory(builder); for (auto _ : state) { DeciderProvingKey proving_key(builder, settings); - uint64_t memory_estimate = proving_key.proving_key.estimate_memory(); + uint64_t memory_estimate = MegaMemoryEstimator::estimate_proving_key_memory(proving_key.proving_key); state.counters["poly_mem_est"] = static_cast(memory_estimate); state.counters["builder_mem_est"] = static_cast(builder_estimate); benchmark::DoNotOptimize(proving_key); diff --git a/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/memory_estimator.hpp b/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/memory_estimator.hpp new file mode 100644 index 000000000000..610ebc9c92b9 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/benchmark/mega_memory_bench/memory_estimator.hpp @@ -0,0 +1,77 @@ +#pragma once + +#include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp" +#include + +namespace bb { + +/** + * @brief Methods for estimating memory in key components of MegaHonk + * + */ +class MegaMemoryEstimator { + using FF = MegaFlavor::FF; + + public: + static uint64_t estimate_proving_key_memory(MegaFlavor::ProvingKey& proving_key) + { + vinfo("++Estimating proving key memory++"); + + auto& polynomials = proving_key.polynomials; + + for (auto [polynomial, label] : zip_view(polynomials.get_all(), polynomials.get_labels())) { + uint64_t size = polynomial.size(); + vinfo(label, " num: ", size, " size: ", (size * sizeof(FF)) >> 10, " KiB"); + } + + uint64_t result(0); + for (auto& polynomial : polynomials.get_unshifted()) { + result += polynomial.size() * sizeof(FF); + } + + result += proving_key.public_inputs.capacity() * sizeof(FF); + + return result; + } + + static uint64_t estimate_builder_memory(MegaFlavor::CircuitBuilder& builder) + { + vinfo("++Estimating builder memory++"); + uint64_t result{ 0 }; + + // gates: + for (auto [block, label] : zip_view(builder.blocks.get(), builder.blocks.get_labels())) { + uint64_t size{ 0 }; + for (const auto& wire : block.wires) { + size += wire.capacity() * sizeof(uint32_t); + } + for (const auto& selector : block.selectors) { + size += selector.capacity() * sizeof(FF); + } + vinfo(label, " size ", size >> 10, " KiB"); + result += size; + } + + // variables + size_t to_add{ builder.variables.capacity() * sizeof(FF) }; + result += to_add; + vinfo("variables: ", to_add); + + // public inputs + to_add = builder.public_inputs.capacity() * sizeof(uint32_t); + result += to_add; + vinfo("public inputs: ", to_add); + + // other variable indices + to_add = builder.next_var_index.capacity() * sizeof(uint32_t); + to_add += builder.prev_var_index.capacity() * sizeof(uint32_t); + to_add += builder.real_variable_index.capacity() * sizeof(uint32_t); + to_add += builder.real_variable_tags.capacity() * sizeof(uint32_t); + result += to_add; + vinfo("variable indices: ", to_add); + + return result; + } +}; + +} // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp index af513c5509bc..d796755d46a8 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp @@ -237,44 +237,6 @@ template class MegaCircuitBuilder_ : public UltraCircuitBuilder_(BusId::CALLDATA)]; } const BusVector& get_secondary_calldata() const { return databus[static_cast(BusId::SECONDARY_CALLDATA)]; } const BusVector& get_return_data() const { return databus[static_cast(BusId::RETURNDATA)]; } - uint64_t estimate_memory() const - { - vinfo("++Estimating builder memory++"); - uint64_t result{ 0 }; - - // gates: - for (auto [block, label] : zip_view(this->blocks.get(), this->blocks.get_labels())) { - uint64_t size{ 0 }; - for (const auto& wire : block.wires) { - size += wire.capacity() * sizeof(uint32_t); - } - for (const auto& selector : block.selectors) { - size += selector.capacity() * sizeof(FF); - } - vinfo(label, " size ", size >> 10, " KiB"); - result += size; - } - - // variables - size_t to_add{ this->variables.capacity() * sizeof(FF) }; - result += to_add; - vinfo("variables: ", to_add); - - // public inputs - to_add = this->public_inputs.capacity() * sizeof(uint32_t); - result += to_add; - vinfo("public inputs: ", to_add); - - // other variable indices - to_add = this->next_var_index.capacity() * sizeof(uint32_t); - to_add += this->prev_var_index.capacity() * sizeof(uint32_t); - to_add += this->real_variable_index.capacity() * sizeof(uint32_t); - to_add += this->real_variable_tags.capacity() * sizeof(uint32_t); - result += to_add; - vinfo("variable indices: ", to_add); - - return result; - } }; using MegaCircuitBuilder = MegaCircuitBuilder_; } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index 212c7f16c30d..f66787bd3c73 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -429,24 +429,6 @@ class MegaFlavor { // Data pertaining to transfer of databus return data via public inputs DatabusPropagationData databus_propagation_data; - - uint64_t estimate_memory() - { - vinfo("++Estimating proving key memory++"); - for (auto [polynomial, label] : zip_view(polynomials.get_all(), polynomials.get_labels())) { - uint64_t size = polynomial.size(); - vinfo(label, " num: ", size, " size: ", (size * sizeof(FF)) >> 10, " KiB"); - } - - uint64_t result(0); - for (auto& polynomial : polynomials.get_unshifted()) { - result += polynomial.size() * sizeof(FF); - } - - result += public_inputs.capacity() * sizeof(FF); - - return result; - } }; /** From b3ffdc28b21894bdf840b08e5e29ab755c11c8ad Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 10 Jan 2025 17:22:29 +0000 Subject: [PATCH 04/18] more cleanup --- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 5 ----- .../stdlib_circuit_builders/mega_flavor.hpp | 19 +++++-------------- .../stdlib_circuit_builders/ultra_flavor.hpp | 6 ------ .../translator_vm/translator_flavor.hpp | 6 ------ .../ultra_honk/witness_computation.hpp | 6 +----- 5 files changed, 6 insertions(+), 36 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 70bbdf02b3b8..37c0e0d7003a 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -338,11 +338,6 @@ class ECCVMFlavor { // this getter is necessary for more uniform zk verifiers auto get_shifted_witnesses() { return ShiftedEntities::get_all(); }; auto get_precomputed() { return PrecomputedEntities::get_all(); }; - // the getter for all witnesses including derived and shifted ones - auto get_all_witnesses() - { - return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_all()); - }; }; public: diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index f66787bd3c73..1bf82af322af 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -5,9 +5,6 @@ #include "barretenberg/flavor/flavor_macros.hpp" #include "barretenberg/flavor/relation_definitions.hpp" #include "barretenberg/flavor/repeated_commitments_data.hpp" -#include "barretenberg/honk/proof_system/types/proof.hpp" -#include "barretenberg/plonk_honk_shared/library/grand_product_delta.hpp" -#include "barretenberg/plonk_honk_shared/library/grand_product_library.hpp" #include "barretenberg/polynomials/univariate.hpp" #include "barretenberg/relations/auxiliary_relation.hpp" #include "barretenberg/relations/databus_lookup_relation.hpp" @@ -18,7 +15,6 @@ #include "barretenberg/relations/permutation_relation.hpp" #include "barretenberg/relations/poseidon2_external_relation.hpp" #include "barretenberg/relations/poseidon2_internal_relation.hpp" -#include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp" #include "barretenberg/transcript/transcript.hpp" @@ -86,8 +82,8 @@ class MegaFlavor { static constexpr size_t NUM_ALL_WITNESS_ENTITIES = NUM_WITNESS_ENTITIES + NUM_SHIFTED_WITNESSES; // For instances of this flavour, used in folding, we need a unique sumcheck batching challenges for each - // subrelation. This - // is because using powers of alpha would increase the degree of Protogalaxy polynomial $G$ (the combiner) too much. + // subrelation. This is because using powers of alpha would increase the degree of Protogalaxy polynomial $G$ (the + // combiner) too much. static constexpr size_t NUM_SUBRELATIONS = compute_number_of_subrelations(); using RelationSeparator = std::array; @@ -172,7 +168,7 @@ class MegaFlavor { // Mega needs to expose more public classes than most flavors due to MegaRecursive reuse, but these // are internal: - public: + // WireEntities for basic witness entities template class WireEntities { public: @@ -318,11 +314,6 @@ class MegaFlavor { auto get_witness() { return WitnessEntities::get_all(); }; auto get_to_be_shifted() { return WitnessEntities::get_to_be_shifted(); }; auto get_shifted() { return ShiftedEntities::get_all(); }; - // this getter is used in ZK Sumcheck, where all witness evaluations (including shifts) have to be masked - auto get_all_witnesses() - { - return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_all()); - }; }; /** @@ -432,7 +423,7 @@ class MegaFlavor { }; /** - * @brief The verification key is responsible for storing the commitments to the precomputed (non-witnessk) + * @brief The verification key is responsible for storing the commitments to the precomputed (non-witness) * polynomials used by the verifier. * * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve @@ -440,7 +431,6 @@ class MegaFlavor { * circuits. * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/876) */ - // using VerificationKey = VerificationKey_, VerifierCommitmentKey>; class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: // Data pertaining to transfer of databus return data via public inputs of the proof being recursively verified @@ -513,6 +503,7 @@ class MegaFlavor { } // TODO(https://github.com/AztecProtocol/barretenberg/issues/964): Clean the boilerplate up. + // Explicit constructor for msgpack serialization VerificationKey(const size_t circuit_size, const size_t num_public_inputs, const size_t pub_inputs_offset, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 9529da635422..2ed5aa7003a0 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -249,12 +249,6 @@ class UltraFlavor { auto get_precomputed() { return PrecomputedEntities::get_all(); } auto get_witness() { return WitnessEntities::get_all(); }; auto get_to_be_shifted() { return WitnessEntities::get_to_be_shifted(); }; - - // getter for all witnesses including shifted ones - auto get_all_witnesses() - { - return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_shifted()); - }; }; /** diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp index 0af5fc52905f..2dd0f7a249f4 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp @@ -587,12 +587,6 @@ class TranslatorFlavor { return WitnessEntities::get_wires_and_ordered_range_constraints(); }; - // Get witness polynomials including shifts. This getter is required by ZK-Sumcheck. - auto get_all_witnesses() - { - return concatenate(WitnessEntities::get_all(), ShiftedEntities::get_all()); - }; - friend std::ostream& operator<<(std::ostream& os, const AllEntities& a) { os << "{ "; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp index 090266779c47..cd842dec3754 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/witness_computation.hpp @@ -2,14 +2,10 @@ #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/relations/relation_parameters.hpp" -#include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" #include "barretenberg/ultra_honk/decider_proving_key.hpp" namespace bb { /** - * @brief Class for all the oink rounds, which are shared between the folding prover and ultra prover. - * @details This class contains execute_preamble_round(), execute_wire_commitments_round(), - * execute_sorted_list_accumulator_round(), execute_log_derivative_inverse_round(), and - * execute_grand_product_computation_round(). + * @brief Methods for computing derived witness polynomials such as the permutation grand product * * @tparam Flavor */ From 3cce40e1661e2fb2f1c04ea5f526439050b5c962 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 14 Jan 2025 22:23:05 +0000 Subject: [PATCH 05/18] bare bones PolyBatch class --- .../commitment_schemes/gemini/gemini.hpp | 30 +++++++++++++++++++ .../commitment_schemes/gemini/gemini_impl.hpp | 20 ++++++++++--- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 4516778659b7..b8907daeb9cd 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -99,6 +99,36 @@ template class GeminiProver_ { using Polynomial = bb::Polynomial; using Claim = ProverOpeningClaim; + struct PolynomialBatch { + RefSpan polynomials; + Polynomial batched; + std::function get_form_to_open; + + PolynomialBatch( + RefSpan polynomials, + std::function func = [](const Polynomial& poly) { return poly; }) + : polynomials(polynomials) + , get_form_to_open(func) + {} + + void initialize_batched() + { + auto poly = polynomials[0]; + batched = Polynomial(poly.size(), poly.virtual_size(), poly.start_index()); + } + + Polynomial get_batched_to_open() { return get_form_to_open(batched); } + + void compute_batched(const Fr& challenge, Fr& running_scalar) + { + initialize_batched(); + for (auto poly : polynomials) { + batched.add_scaled(poly, running_scalar); + running_scalar *= challenge; + } + } + }; + public: static std::vector compute_fold_polynomials(const size_t log_N, std::span multilinear_challenge, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 3828a009b6b2..54a2b7e8bd5d 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -53,6 +53,9 @@ std::vector::Claim> GeminiProver_::prove( bool has_zk) { + PolynomialBatch unshifted_polys(f_polynomials); + PolynomialBatch to_be_shifted_polys(g_polynomials, &Polynomial::shifted); + size_t log_n = numeric::get_msb(static_cast(circuit_size)); size_t n = 1 << log_n; @@ -70,6 +73,7 @@ std::vector::Claim> GeminiProver_::prove( multilinear_challenge_resized.resize(log_n); transcript->send_to_verifier("Gemini:masking_poly_eval", batched_unshifted.evaluate_mle(multilinear_challenge_resized)); + info("In here!"); } // Get the batching challenge @@ -80,10 +84,14 @@ std::vector::Claim> GeminiProver_::prove( // ρ⁰ is used to batch the hiding polynomial rho_challenge *= rho; } - for (size_t i = 0; i < f_polynomials.size(); i++) { - batched_unshifted.add_scaled(f_polynomials[i], rho_challenge); - rho_challenge *= rho; - } + // WORKTODO: potentially do this in PolyBatch class + + unshifted_polys.compute_batched(rho, rho_challenge); + batched_unshifted += unshifted_polys.batched; + // for (size_t i = 0; i < f_polynomials.size(); i++) { + // batched_unshifted.add_scaled(f_polynomials[i], rho_challenge); + // rho_challenge *= rho; + // } for (size_t i = 0; i < g_polynomials.size(); i++) { batched_to_be_shifted.add_scaled(g_polynomials[i], rho_challenge); rho_challenge *= rho; @@ -107,6 +115,8 @@ std::vector::Claim> GeminiProver_::prove( rho_challenge *= rho; } + // WORKTODO: construct A_0 here, pass const& to below, return fold polys + auto fold_polynomials = compute_fold_polynomials(log_n, multilinear_challenge, std::move(batched_unshifted), @@ -133,6 +143,8 @@ std::vector::Claim> GeminiProver_::prove( throw_or_abort("Gemini evaluation challenge is in the SmallSubgroup."); } + // WORKTODO: reuse A_0 + std::vector claims = compute_fold_polynomial_evaluations(log_n, std::move(fold_polynomials), r_challenge, std::move(batched_group)); From e5e468e3925ff644f9fc838ed13dea671cb2c4c9 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 15 Jan 2025 21:20:10 +0000 Subject: [PATCH 06/18] update methods to perform specific task --- .../commitment_schemes/gemini/gemini.hpp | 17 ++- .../commitment_schemes/gemini/gemini_impl.hpp | 123 ++++++++++-------- 2 files changed, 81 insertions(+), 59 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index b8907daeb9cd..47fe3d6f36c8 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -132,15 +132,20 @@ template class GeminiProver_ { public: static std::vector compute_fold_polynomials(const size_t log_N, std::span multilinear_challenge, - Polynomial&& batched_unshifted, - Polynomial&& batched_to_be_shifted, - Polynomial&& batched_concatenated = {}); + const Polynomial& A_0); - static std::vector compute_fold_polynomial_evaluations( + static std::vector compute_partially_evaluated_batch_polynomials( const size_t log_N, - std::vector&& fold_polynomials, + Polynomial&& batched_F, + Polynomial&& batched_G, const Fr& r_challenge, - std::vector&& batched_groups_to_be_concatenated = {}); + std::vector batched_groups_to_be_concatenated = {}); + + static std::vector construct_univariate_opening_claims( + const size_t log_N, + std::vector&& partially_evaluated_batch_polynomials, + std::vector&& fold_polynomials, + const Fr& r_challenge); template static std::vector prove(const Fr circuit_size, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 54a2b7e8bd5d..665422c85de4 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -65,6 +65,7 @@ std::vector::Claim> GeminiProver_::prove( // To achieve ZK, we mask the batched polynomial by a random polynomial of the same size if (has_zk) { + // WORKTODO:: us A_0 here instead of batched_unshifted? batched_unshifted = Polynomial::random(n); transcript->send_to_verifier("Gemini:masking_poly_comm", commitment_key->commit(batched_unshifted)); // In the provers, the size of multilinear_challenge is CONST_PROOF_SIZE_LOG_N, but we need to evaluate the @@ -115,19 +116,18 @@ std::vector::Claim> GeminiProver_::prove( rho_challenge *= rho; } - // WORKTODO: construct A_0 here, pass const& to below, return fold polys + // If proving the opening for translator, add a non-zero contribution of the batched concatenation polynomials + Polynomial A_0 = batched_unshifted; + A_0 += batched_concatenated; + A_0 += batched_to_be_shifted.shifted(); - auto fold_polynomials = compute_fold_polynomials(log_n, - multilinear_challenge, - std::move(batched_unshifted), - std::move(batched_to_be_shifted), - std::move(batched_concatenated)); + auto fold_polynomials = compute_fold_polynomials(log_n, multilinear_challenge, A_0); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1159): Decouple constants from primitives. for (size_t l = 0; l < CONST_PROOF_SIZE_LOG_N - 1; l++) { if (l < log_n - 1) { transcript->send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), - commitment_key->commit(fold_polynomials[l + 2])); + commitment_key->commit(fold_polynomials[l])); } else { transcript->send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), Commitment::one()); } @@ -143,10 +143,13 @@ std::vector::Claim> GeminiProver_::prove( throw_or_abort("Gemini evaluation challenge is in the SmallSubgroup."); } - // WORKTODO: reuse A_0 + // WORKTODO: reuse A_0 for scratch space + + std::vector partially_evaluated_batch_polynomials = compute_partially_evaluated_batch_polynomials( + log_n, std::move(batched_unshifted), std::move(batched_to_be_shifted), r_challenge, batched_group); - std::vector claims = - compute_fold_polynomial_evaluations(log_n, std::move(fold_polynomials), r_challenge, std::move(batched_group)); + std::vector claims = construct_univariate_opening_claims( + log_n, std::move(partially_evaluated_batch_polynomials), std::move(fold_polynomials), r_challenge); for (size_t l = 1; l <= CONST_PROOF_SIZE_LOG_N; l++) { if (l <= log_n) { @@ -170,11 +173,7 @@ std::vector::Claim> GeminiProver_::prove( */ template std::vector::Polynomial> GeminiProver_::compute_fold_polynomials( - const size_t num_variables, - std::span mle_opening_point, - Polynomial&& batched_unshifted, - Polynomial&& batched_to_be_shifted, - Polynomial&& batched_concatenated) + const size_t num_variables, std::span mle_opening_point, const Polynomial& A_0) { const size_t num_threads = get_num_cpus_pow2(); constexpr size_t efficient_operations_per_thread = 64; // A guess of the number of operation for which there @@ -186,19 +185,7 @@ std::vector::Polynomial> GeminiProver_::com // They will eventually contain the full batched polynomial A₀ partially evaluated at the challenges r,-r. // This function populates the other m-1 polynomials with the foldings of A₀. std::vector fold_polynomials; - fold_polynomials.reserve(num_variables + 1); - - // F(X) = ∑ⱼ ρʲ fⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) - Polynomial& batched_F = fold_polynomials.emplace_back(std::move(batched_unshifted)); - Polynomial& batched_G = fold_polynomials.emplace_back(std::move(batched_to_be_shifted)); - constexpr size_t offset_to_folded = 2; // Offset because of F an G - // A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X. - Polynomial A_0 = batched_F; - - // If proving the opening for translator, add a non-zero contribution of the batched concatenation polynomials - A_0 += batched_concatenated; - - A_0 += batched_G.shifted(); + fold_polynomials.reserve(num_variables - 1); // Allocate everything before parallel computation for (size_t l = 0; l < num_variables - 1; ++l) { @@ -228,7 +215,7 @@ std::vector::Polynomial> GeminiProver_::com const Fr u_l = mle_opening_point[l]; // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) - auto A_l_fold = fold_polynomials[l + offset_to_folded].data(); + auto A_l_fold = fold_polynomials[l].data(); parallel_for(num_used_threads, [&](size_t i) { size_t current_chunk_size = (i == (num_used_threads - 1)) ? last_chunk_size : chunk_size; @@ -263,34 +250,27 @@ std::vector::Polynomial> GeminiProver_::com * @param r_challenge univariate opening challenge */ template -std::vector::Claim> GeminiProver_::compute_fold_polynomial_evaluations( - const size_t num_variables, - std::vector&& fold_polynomials, - const Fr& r_challenge, - std::vector&& batched_groups_to_be_concatenated) +std::vector::Polynomial> GeminiProver_< + Curve>::compute_partially_evaluated_batch_polynomials(const size_t num_variables, + Polynomial&& batched_F, + Polynomial&& batched_G, + const Fr& r_challenge, + std::vector batched_groups_to_be_concatenated) { - - Polynomial& batched_F = fold_polynomials[0]; // F(X) = ∑ⱼ ρʲ fⱼ(X) - - Polynomial& batched_G = fold_polynomials[1]; // G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) - - // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1 - std::vector r_squares = gemini::powers_of_evaluation_challenge(r_challenge, num_variables); - // Compute G/r Fr r_inv = r_challenge.invert(); batched_G *= r_inv; // Construct A₀₊ = F + G/r and A₀₋ = F - G/r in place in fold_polynomials Polynomial tmp = batched_F; - Polynomial& A_0_pos = fold_polynomials[0]; + Polynomial& A_0_pos = batched_F; // A₀₊(X) = F(X) + G(X)/r, s.t. A₀₊(r) = A₀(r) A_0_pos += batched_G; // Perform a swap so that tmp = G(X)/r and A_0_neg = F(X) std::swap(tmp, batched_G); - Polynomial& A_0_neg = fold_polynomials[1]; + Polynomial& A_0_neg = batched_G; // A₀₋(X) = F(X) - G(X)/r, s.t. A₀₋(-r) = A₀(-r) A_0_neg -= tmp; @@ -322,18 +302,55 @@ std::vector::Claim> GeminiProver_::compute_ } } - std::vector opening_claims; - opening_claims.reserve(num_variables + 1); + std::vector partially_evaluated_batch_polynomials; + partially_evaluated_batch_polynomials.emplace_back(std::move(A_0_pos)); + partially_evaluated_batch_polynomials.emplace_back(std::move(A_0_neg)); + + return partially_evaluated_batch_polynomials; +}; + +/** + * @brief Computes/aggragates d+1 Fold polynomials and their opening pairs (challenge, evaluation) + * + * @details This function assumes that, upon input, last d-1 entries in fold_polynomials are Fold_i. + * The first two entries are assumed to be, respectively, the batched unshifted and batched to-be-shifted + * polynomials F(X) = ∑ⱼ ρʲfⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X). This function completes the computation + * of the first two Fold polynomials as F + G/r and F - G/r. It then evaluates each of the d+1 + * fold polynomials at, respectively, the points r, rₗ = r^{2ˡ} for l = 0, 1, ..., d-1. + * + * @param mle_opening_point u = (u₀,...,uₘ₋₁) is the MLE opening point + * @param fold_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X) + * and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X), and the next d-1 elements are Fold_i, i = 1, ..., d-1. + * @param r_challenge univariate opening challenge + */ +template +std::vector::Claim> GeminiProver_::construct_univariate_opening_claims( + const size_t log_n, + std::vector&& partially_evaluated_batch_polynomials, + std::vector&& fold_polynomials, + const Fr& r_challenge) +{ + std::vector claims; + + // Compute opening pair {r, A₀₊(r)} + auto& A_0_pos = partially_evaluated_batch_polynomials[0]; + auto& A_0_neg = partially_evaluated_batch_polynomials[1]; + Fr a_0_pos = A_0_pos.evaluate(r_challenge); + claims.emplace_back(Claim{ A_0_pos, { r_challenge, a_0_pos } }); + // Compute opening pair {-r, A₀₋(-r)} + Fr a_0_neg = A_0_neg.evaluate(-r_challenge); + claims.emplace_back(Claim{ A_0_neg, { -r_challenge, a_0_neg } }); + + // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1 + std::vector r_squares = gemini::powers_of_evaluation_challenge(r_challenge, log_n); - // Compute first opening pair {r, A₀(r)} - Fr evaluation = fold_polynomials[0].evaluate(r_challenge); - opening_claims.emplace_back(Claim{ fold_polynomials[0], { r_challenge, evaluation } }); // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 0, ..., m-1. - for (size_t l = 0; l < num_variables; ++l) { - evaluation = fold_polynomials[l + 1].evaluate(-r_squares[l]); - opening_claims.emplace_back(Claim{ fold_polynomials[l + 1], { -r_squares[l], evaluation } }); + for (size_t l = 0; l < log_n - 1; ++l) { + Fr evaluation = fold_polynomials[l].evaluate(-r_squares[l + 1]); + claims.emplace_back(Claim{ fold_polynomials[l], { -r_squares[l + 1], evaluation } }); } - return opening_claims; + return claims; }; + } // namespace bb From abc703b97bcd41ff0387445e3f0386e14032b9bf Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 16 Jan 2025 20:38:06 +0000 Subject: [PATCH 07/18] cleanup and naming consistency --- .../commitment_schemes/gemini/gemini.hpp | 6 +-- .../commitment_schemes/gemini/gemini_impl.hpp | 46 ++++++++----------- 2 files changed, 22 insertions(+), 30 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 47fe3d6f36c8..0c22462d4972 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -130,19 +130,19 @@ template class GeminiProver_ { }; public: - static std::vector compute_fold_polynomials(const size_t log_N, + static std::vector compute_fold_polynomials(const size_t log_n, std::span multilinear_challenge, const Polynomial& A_0); static std::vector compute_partially_evaluated_batch_polynomials( - const size_t log_N, + const size_t log_n, Polynomial&& batched_F, Polynomial&& batched_G, const Fr& r_challenge, std::vector batched_groups_to_be_concatenated = {}); static std::vector construct_univariate_opening_claims( - const size_t log_N, + const size_t log_n, std::vector&& partially_evaluated_batch_polynomials, std::vector&& fold_polynomials, const Fr& r_challenge); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 665422c85de4..ccbfcf22f8d0 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -121,15 +121,15 @@ std::vector::Claim> GeminiProver_::prove( A_0 += batched_concatenated; A_0 += batched_to_be_shifted.shifted(); - auto fold_polynomials = compute_fold_polynomials(log_n, multilinear_challenge, A_0); + std::vector fold_polynomials = compute_fold_polynomials(log_n, multilinear_challenge, A_0); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1159): Decouple constants from primitives. for (size_t l = 0; l < CONST_PROOF_SIZE_LOG_N - 1; l++) { + std::string label = "Gemini:FOLD_" + std::to_string(l + 1); if (l < log_n - 1) { - transcript->send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), - commitment_key->commit(fold_polynomials[l])); + transcript->send_to_verifier(label, commitment_key->commit(fold_polynomials[l])); } else { - transcript->send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), Commitment::one()); + transcript->send_to_verifier(label, Commitment::one()); } } const Fr r_challenge = transcript->template get_challenge("Gemini:r"); @@ -152,10 +152,11 @@ std::vector::Claim> GeminiProver_::prove( log_n, std::move(partially_evaluated_batch_polynomials), std::move(fold_polynomials), r_challenge); for (size_t l = 1; l <= CONST_PROOF_SIZE_LOG_N; l++) { + std::string label = "Gemini:a_" + std::to_string(l); if (l <= log_n) { - transcript->send_to_verifier("Gemini:a_" + std::to_string(l), claims[l].opening_pair.evaluation); + transcript->send_to_verifier(label, claims[l].opening_pair.evaluation); } else { - transcript->send_to_verifier("Gemini:a_" + std::to_string(l), Fr::zero()); + transcript->send_to_verifier(label, Fr::zero()); } } @@ -166,31 +167,26 @@ std::vector::Claim> GeminiProver_::prove( * @brief Computes d-1 fold polynomials Fold_i, i = 1, ..., d-1 * * @param mle_opening_point multilinear opening point 'u' - * @param batched_unshifted F(X) = ∑ⱼ ρʲ fⱼ(X) . - * @param batched_to_be_shifted G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) + * @param A_0 = ∑ⱼ ρʲ fⱼ(X) + ∑ⱼ ρᵏ⁺ʲ gⱼ(X) * @param batched_concatenated The sum of batched concatenated polynomial, * @return std::vector */ template std::vector::Polynomial> GeminiProver_::compute_fold_polynomials( - const size_t num_variables, std::span mle_opening_point, const Polynomial& A_0) + const size_t log_n, std::span mle_opening_point, const Polynomial& A_0) { const size_t num_threads = get_num_cpus_pow2(); constexpr size_t efficient_operations_per_thread = 64; // A guess of the number of operation for which there // would be a point in sending them to a separate thread - // Allocate space for m+1 Fold polynomials - // - // The first two are populated here with the batched unshifted and to-be-shifted polynomial respectively. - // They will eventually contain the full batched polynomial A₀ partially evaluated at the challenges r,-r. - // This function populates the other m-1 polynomials with the foldings of A₀. + // Reserve space for m-1 Fold polynomials, the foldings of the full batched polynomial A₀ std::vector fold_polynomials; - fold_polynomials.reserve(num_variables - 1); + fold_polynomials.reserve(log_n - 1); // Allocate everything before parallel computation - for (size_t l = 0; l < num_variables - 1; ++l) { + for (size_t l = 0; l < log_n - 1; ++l) { // size of the previous polynomial/2 - const size_t n_l = 1 << (num_variables - l - 1); + const size_t n_l = 1 << (log_n - l - 1); // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) fold_polynomials.emplace_back(Polynomial(n_l)); @@ -200,9 +196,9 @@ std::vector::Polynomial> GeminiProver_::com // in the first iteration, we take the batched polynomial // in the next iteration, it is the previously folded one auto A_l = A_0.data(); - for (size_t l = 0; l < num_variables - 1; ++l) { + for (size_t l = 0; l < log_n - 1; ++l) { // size of the previous polynomial/2 - const size_t n_l = 1 << (num_variables - l - 1); + const size_t n_l = 1 << (log_n - l - 1); // Use as many threads as it is useful so that 1 thread doesn't process 1 element, but make sure that there is // at least 1 @@ -211,7 +207,7 @@ std::vector::Polynomial> GeminiProver_::com size_t chunk_size = n_l / num_used_threads; size_t last_chunk_size = (n_l % chunk_size) ? (n_l % num_used_threads) : chunk_size; - // Openning point is the same for all + // Opening point is the same for all const Fr u_l = mle_opening_point[l]; // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) @@ -251,7 +247,7 @@ std::vector::Polynomial> GeminiProver_::com */ template std::vector::Polynomial> GeminiProver_< - Curve>::compute_partially_evaluated_batch_polynomials(const size_t num_variables, + Curve>::compute_partially_evaluated_batch_polynomials(const size_t log_n, Polynomial&& batched_F, Polynomial&& batched_G, const Fr& r_challenge, @@ -286,7 +282,7 @@ std::vector::Polynomial> GeminiProver_< // P if (!batched_groups_to_be_concatenated.empty()) { // The "real" size of polynomials in concatenation groups (i.e. the number of non-zero values) - const size_t mini_circuit_size = (1 << num_variables) / batched_groups_to_be_concatenated.size(); + const size_t mini_circuit_size = (1 << log_n) / batched_groups_to_be_concatenated.size(); Fr current_r_shift_pos = Fr(1); Fr current_r_shift_neg = Fr(1); @@ -302,11 +298,7 @@ std::vector::Polynomial> GeminiProver_< } } - std::vector partially_evaluated_batch_polynomials; - partially_evaluated_batch_polynomials.emplace_back(std::move(A_0_pos)); - partially_evaluated_batch_polynomials.emplace_back(std::move(A_0_neg)); - - return partially_evaluated_batch_polynomials; + return { std::move(A_0_pos), std::move(A_0_neg) }; }; /** From 9b5d4ecc20dcc0d607a154deb6fc1a296c7aef7f Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 16 Jan 2025 21:49:30 +0000 Subject: [PATCH 08/18] cleanup and comments --- .../commitment_schemes/gemini/gemini.hpp | 12 +- .../commitment_schemes/gemini/gemini_impl.hpp | 119 +++++++++--------- 2 files changed, 63 insertions(+), 68 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 0c22462d4972..17f3f67a431a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -134,18 +134,18 @@ template class GeminiProver_ { std::span multilinear_challenge, const Polynomial& A_0); - static std::vector compute_partially_evaluated_batch_polynomials( + static std::pair compute_partially_evaluated_batch_polynomials( const size_t log_n, Polynomial&& batched_F, Polynomial&& batched_G, const Fr& r_challenge, std::vector batched_groups_to_be_concatenated = {}); - static std::vector construct_univariate_opening_claims( - const size_t log_n, - std::vector&& partially_evaluated_batch_polynomials, - std::vector&& fold_polynomials, - const Fr& r_challenge); + static std::vector construct_univariate_opening_claims(const size_t log_n, + Polynomial&& A_0_pos, + Polynomial&& A_0_neg, + std::vector&& fold_polynomials, + const Fr& r_challenge); template static std::vector prove(const Fr circuit_size, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index ccbfcf22f8d0..b36f6069e207 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -51,21 +51,18 @@ std::vector::Claim> GeminiProver_::prove( RefSpan concatenated_polynomials, const std::vector>& groups_to_be_concatenated, bool has_zk) - { - PolynomialBatch unshifted_polys(f_polynomials); - PolynomialBatch to_be_shifted_polys(g_polynomials, &Polynomial::shifted); - size_t log_n = numeric::get_msb(static_cast(circuit_size)); size_t n = 1 << log_n; + const bool has_concatenations = concatenated_polynomials.size() > 0; + // Compute batched polynomials Polynomial batched_unshifted(n); Polynomial batched_to_be_shifted = Polynomial::shiftable(n); // To achieve ZK, we mask the batched polynomial by a random polynomial of the same size if (has_zk) { - // WORKTODO:: us A_0 here instead of batched_unshifted? batched_unshifted = Polynomial::random(n); transcript->send_to_verifier("Gemini:masking_poly_comm", commitment_key->commit(batched_unshifted)); // In the provers, the size of multilinear_challenge is CONST_PROOF_SIZE_LOG_N, but we need to evaluate the @@ -74,7 +71,6 @@ std::vector::Claim> GeminiProver_::prove( multilinear_challenge_resized.resize(log_n); transcript->send_to_verifier("Gemini:masking_poly_eval", batched_unshifted.evaluate_mle(multilinear_challenge_resized)); - info("In here!"); } // Get the batching challenge @@ -85,14 +81,11 @@ std::vector::Claim> GeminiProver_::prove( // ρ⁰ is used to batch the hiding polynomial rho_challenge *= rho; } - // WORKTODO: potentially do this in PolyBatch class - - unshifted_polys.compute_batched(rho, rho_challenge); - batched_unshifted += unshifted_polys.batched; - // for (size_t i = 0; i < f_polynomials.size(); i++) { - // batched_unshifted.add_scaled(f_polynomials[i], rho_challenge); - // rho_challenge *= rho; - // } + + for (size_t i = 0; i < f_polynomials.size(); i++) { + batched_unshifted.add_scaled(f_polynomials[i], rho_challenge); + rho_challenge *= rho; + } for (size_t i = 0; i < g_polynomials.size(); i++) { batched_to_be_shifted.add_scaled(g_polynomials[i], rho_challenge); rho_challenge *= rho; @@ -101,26 +94,32 @@ std::vector::Claim> GeminiProver_::prove( size_t num_groups = groups_to_be_concatenated.size(); size_t num_chunks_per_group = groups_to_be_concatenated.empty() ? 0 : groups_to_be_concatenated[0].size(); - // Allocate space for the groups to be concatenated and for the concatenated polynomials - Polynomial batched_concatenated(n); + // If needed, allocate space for the groups to be concatenated and for the concatenated polynomials + Polynomial batched_concatenated; std::vector batched_group; - for (size_t i = 0; i < num_chunks_per_group; ++i) { - batched_group.push_back(Polynomial(n)); - } + if (has_concatenations) { + batched_concatenated = Polynomial(n); + for (size_t i = 0; i < num_chunks_per_group; ++i) { + batched_group.push_back(Polynomial(n)); + } - for (size_t i = 0; i < num_groups; ++i) { - batched_concatenated.add_scaled(concatenated_polynomials[i], rho_challenge); - for (size_t j = 0; j < num_chunks_per_group; ++j) { - batched_group[j].add_scaled(groups_to_be_concatenated[i][j], rho_challenge); + for (size_t i = 0; i < num_groups; ++i) { + batched_concatenated.add_scaled(concatenated_polynomials[i], rho_challenge); + for (size_t j = 0; j < num_chunks_per_group; ++j) { + batched_group[j].add_scaled(groups_to_be_concatenated[i][j], rho_challenge); + } + rho_challenge *= rho; } - rho_challenge *= rho; } - // If proving the opening for translator, add a non-zero contribution of the batched concatenation polynomials + // Construct the batched polynomial A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X Polynomial A_0 = batched_unshifted; - A_0 += batched_concatenated; A_0 += batched_to_be_shifted.shifted(); + if (has_concatenations) { // If proving for translator, add contribution of the batched concatenation polynomials + A_0 += batched_concatenated; + } + // Construct the d-1 Gemini foldings of A₀(X) std::vector fold_polynomials = compute_fold_polynomials(log_n, multilinear_challenge, A_0); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1159): Decouple constants from primitives. @@ -143,13 +142,11 @@ std::vector::Claim> GeminiProver_::prove( throw_or_abort("Gemini evaluation challenge is in the SmallSubgroup."); } - // WORKTODO: reuse A_0 for scratch space - - std::vector partially_evaluated_batch_polynomials = compute_partially_evaluated_batch_polynomials( + auto [A_0_pos, A_0_neg] = compute_partially_evaluated_batch_polynomials( log_n, std::move(batched_unshifted), std::move(batched_to_be_shifted), r_challenge, batched_group); std::vector claims = construct_univariate_opening_claims( - log_n, std::move(partially_evaluated_batch_polynomials), std::move(fold_polynomials), r_challenge); + log_n, std::move(A_0_pos), std::move(A_0_neg), std::move(fold_polynomials), r_challenge); for (size_t l = 1; l <= CONST_PROOF_SIZE_LOG_N; l++) { std::string label = "Gemini:a_" + std::to_string(l); @@ -166,24 +163,21 @@ std::vector::Claim> GeminiProver_::prove( /** * @brief Computes d-1 fold polynomials Fold_i, i = 1, ..., d-1 * - * @param mle_opening_point multilinear opening point 'u' + * @param multilinear_challenge multilinear opening point 'u' * @param A_0 = ∑ⱼ ρʲ fⱼ(X) + ∑ⱼ ρᵏ⁺ʲ gⱼ(X) - * @param batched_concatenated The sum of batched concatenated polynomial, * @return std::vector */ template std::vector::Polynomial> GeminiProver_::compute_fold_polynomials( - const size_t log_n, std::span mle_opening_point, const Polynomial& A_0) + const size_t log_n, std::span multilinear_challenge, const Polynomial& A_0) { const size_t num_threads = get_num_cpus_pow2(); constexpr size_t efficient_operations_per_thread = 64; // A guess of the number of operation for which there // would be a point in sending them to a separate thread - // Reserve space for m-1 Fold polynomials, the foldings of the full batched polynomial A₀ + // Reserve and allocate space for m-1 Fold polynomials, the foldings of the full batched polynomial A₀ std::vector fold_polynomials; fold_polynomials.reserve(log_n - 1); - - // Allocate everything before parallel computation for (size_t l = 0; l < log_n - 1; ++l) { // size of the previous polynomial/2 const size_t n_l = 1 << (log_n - l - 1); @@ -208,7 +202,7 @@ std::vector::Polynomial> GeminiProver_::com size_t last_chunk_size = (n_l % chunk_size) ? (n_l % num_used_threads) : chunk_size; // Opening point is the same for all - const Fr u_l = mle_opening_point[l]; + const Fr u_l = multilinear_challenge[l]; // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) auto A_l_fold = fold_polynomials[l].data(); @@ -232,21 +226,16 @@ std::vector::Polynomial> GeminiProver_::com }; /** - * @brief Computes/aggragates d+1 Fold polynomials and their opening pairs (challenge, evaluation) + * @brief Computes partially evaluated batched polynomials A₀₊(X) = F(X) + G(X)/r and A₀₋(X) = F(X) - G(X)/r * - * @details This function assumes that, upon input, last d-1 entries in fold_polynomials are Fold_i. - * The first two entries are assumed to be, respectively, the batched unshifted and batched to-be-shifted - * polynomials F(X) = ∑ⱼ ρʲfⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X). This function completes the computation - * of the first two Fold polynomials as F + G/r and F - G/r. It then evaluates each of the d+1 - * fold polynomials at, respectively, the points r, rₗ = r^{2ˡ} for l = 0, 1, ..., d-1. - * - * @param mle_opening_point u = (u₀,...,uₘ₋₁) is the MLE opening point - * @param fold_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X) - * and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X), and the next d-1 elements are Fold_i, i = 1, ..., d-1. - * @param r_challenge univariate opening challenge + * @param batched_F F(X) = ∑ⱼ ρʲfⱼ(X) + * @param batched_G G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) + * @param r_challenge + * @param batched_groups_to_be_concatenated + * @return {A₀₊(X), A₀₋(X)} */ template -std::vector::Polynomial> GeminiProver_< +std::pair::Polynomial, typename GeminiProver_::Polynomial> GeminiProver_< Curve>::compute_partially_evaluated_batch_polynomials(const size_t log_n, Polynomial&& batched_F, Polynomial&& batched_G, @@ -302,41 +291,47 @@ std::vector::Polynomial> GeminiProver_< }; /** - * @brief Computes/aggragates d+1 Fold polynomials and their opening pairs (challenge, evaluation) - * - * @details This function assumes that, upon input, last d-1 entries in fold_polynomials are Fold_i. - * The first two entries are assumed to be, respectively, the batched unshifted and batched to-be-shifted - * polynomials F(X) = ∑ⱼ ρʲfⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X). This function completes the computation - * of the first two Fold polynomials as F + G/r and F - G/r. It then evaluates each of the d+1 - * fold polynomials at, respectively, the points r, rₗ = r^{2ˡ} for l = 0, 1, ..., d-1. + * * @param mle_opening_point u = (u₀,...,uₘ₋₁) is the MLE opening point * @param fold_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X) * and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X), and the next d-1 elements are Fold_i, i = 1, ..., d-1. * @param r_challenge univariate opening challenge */ + +/** + * @brief Computes/aggragates d+1 univariate polynomial opening claims of the form {polynomial, (challenge, evaluation)} + * + * @details The d+1 evaluations are A₀₊(r), A₀₋(-r), and Aₗ(−r^{2ˡ}) for l = 1, ..., d-1, where the Aₗ are the fold + * polynomials. + * + * @param A_0_pos A₀₊ + * @param A_0_neg A₀₋ + * @param fold_polynomials Aₗ, l = 1, ..., d-1 + * @param r_challenge + * @return std::vector::Claim> d+1 univariate opening claims + */ template std::vector::Claim> GeminiProver_::construct_univariate_opening_claims( const size_t log_n, - std::vector&& partially_evaluated_batch_polynomials, + Polynomial&& A_0_pos, + Polynomial&& A_0_neg, std::vector&& fold_polynomials, const Fr& r_challenge) { std::vector claims; - // Compute opening pair {r, A₀₊(r)} - auto& A_0_pos = partially_evaluated_batch_polynomials[0]; - auto& A_0_neg = partially_evaluated_batch_polynomials[1]; + // Compute evaluation of partially evaluated batch polynomial (positive) A₀₊(r) Fr a_0_pos = A_0_pos.evaluate(r_challenge); claims.emplace_back(Claim{ A_0_pos, { r_challenge, a_0_pos } }); - // Compute opening pair {-r, A₀₋(-r)} + // Compute evaluation of partially evaluated batch polynomial (negative) A₀₋(-r) Fr a_0_neg = A_0_neg.evaluate(-r_challenge); claims.emplace_back(Claim{ A_0_neg, { -r_challenge, a_0_neg } }); // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1 std::vector r_squares = gemini::powers_of_evaluation_challenge(r_challenge, log_n); - // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 0, ..., m-1. + // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 1, ..., m-1. for (size_t l = 0; l < log_n - 1; ++l) { Fr evaluation = fold_polynomials[l].evaluate(-r_squares[l + 1]); claims.emplace_back(Claim{ fold_polynomials[l], { -r_squares[l + 1], evaluation } }); From b50cf3b471f728214917d4cb7b813a88447430ad Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 17 Jan 2025 00:08:08 +0000 Subject: [PATCH 09/18] make test conform to changes --- .../commitment_schemes/gemini/gemini_impl.hpp | 2 +- .../shplonk/shplemini.test.cpp | 17 +++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index b36f6069e207..d3d11ef7fdaa 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -164,7 +164,7 @@ std::vector::Claim> GeminiProver_::prove( * @brief Computes d-1 fold polynomials Fold_i, i = 1, ..., d-1 * * @param multilinear_challenge multilinear opening point 'u' - * @param A_0 = ∑ⱼ ρʲ fⱼ(X) + ∑ⱼ ρᵏ⁺ʲ gⱼ(X) + * @param A_0 = F(X) + G↺(X) = F(X) + G(X)/X * @return std::vector */ template diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp index 2bcc54538b24..78de7b2ed2ad 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp @@ -163,24 +163,29 @@ TYPED_TEST(ShpleminiTest, CorrectnessOfGeminiClaimBatching) } for (auto& poly : pcs_instance_witness.to_be_shifted_polynomials) { - batched_unshifted.add_scaled(poly, rhos[idx]); + batched_to_be_shifted.add_scaled(poly, rhos[idx]); idx++; } + Polynomial batched = batched_unshifted; + batched += batched_to_be_shifted; + // Compute: // - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1 // - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1 - auto fold_polynomials = GeminiProver::compute_fold_polynomials( - this->log_n, mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted)); + auto fold_polynomials = GeminiProver::compute_fold_polynomials(this->log_n, mle_opening_point, batched); std::vector prover_commitments; for (size_t l = 0; l < this->log_n - 1; ++l) { - auto commitment = ck->commit(fold_polynomials[l + 2]); + auto commitment = ck->commit(fold_polynomials[l]); prover_commitments.emplace_back(commitment); } - const auto opening_claims = GeminiProver::compute_fold_polynomial_evaluations( - this->log_n, std::move(fold_polynomials), gemini_eval_challenge); + auto [A_0_pos, A_0_neg] = GeminiProver::compute_partially_evaluated_batch_polynomials( + this->log_n, std::move(batched_unshifted), std::move(batched_to_be_shifted), gemini_eval_challenge); + + const auto opening_claims = GeminiProver::construct_univariate_opening_claims( + this->log_n, std::move(A_0_pos), std::move(A_0_neg), std::move(fold_polynomials), gemini_eval_challenge); std::vector prover_evaluations; for (size_t l = 0; l < this->log_n; ++l) { From c46f49ff95a7311870fdf044701f0396485f1a37 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 17 Jan 2025 18:48:44 +0000 Subject: [PATCH 10/18] comments --- .../src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 8ce34f330de4..43f8bf00dea4 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -140,9 +140,11 @@ std::vector::Claim> GeminiProver_::prove( throw_or_abort("Gemini evaluation challenge is in the SmallSubgroup."); } + // Compute polynomials A₀₊(X) = F(X) + G(X)/r and A₀₋(X) = F(X) - G(X)/r auto [A_0_pos, A_0_neg] = compute_partially_evaluated_batch_polynomials( log_n, std::move(batched_unshifted), std::move(batched_to_be_shifted), r_challenge, batched_group); + // Construct claims for the d + 1 univariate evaluations A₀₊(r), A₀₋(-r), and Foldₗ(−r^{2ˡ}), l = 1, ..., d-1 std::vector claims = construct_univariate_opening_claims( log_n, std::move(A_0_pos), std::move(A_0_neg), std::move(fold_polynomials), r_challenge); From 183fa49b2afba586e5bcb472484b86ca17fdde4d Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 21 Jan 2025 19:07:16 +0000 Subject: [PATCH 11/18] simplify construction of partially evaluated polys --- .../commitment_schemes/gemini/gemini_impl.hpp | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 43f8bf00dea4..58abae094848 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -242,23 +242,15 @@ std::pair::Polynomial, typename GeminiProver_ batched_groups_to_be_concatenated) { + Polynomial& A_0_pos = batched_F; // A₀₊ = F + Polynomial A_0_neg = batched_F; // A₀₋ = F + // Compute G/r Fr r_inv = r_challenge.invert(); batched_G *= r_inv; - // Construct A₀₊ = F + G/r and A₀₋ = F - G/r in place in fold_polynomials - Polynomial tmp = batched_F; - Polynomial& A_0_pos = batched_F; - - // A₀₊(X) = F(X) + G(X)/r, s.t. A₀₊(r) = A₀(r) - A_0_pos += batched_G; - - // Perform a swap so that tmp = G(X)/r and A_0_neg = F(X) - std::swap(tmp, batched_G); - Polynomial& A_0_neg = batched_G; - - // A₀₋(X) = F(X) - G(X)/r, s.t. A₀₋(-r) = A₀(-r) - A_0_neg -= tmp; + A_0_pos += batched_G; // A₀₊ = F + G/r + A_0_neg -= batched_G; // A₀₋ = F - G/r // Reconstruct the batched concatenated polynomial from the batched groups, partially evaluated at r and -r and add // the result to A₀₊(X) and A₀₋(X). Explanation (for simplification assume a single concatenated polynomial): From a5ce95addfd273dc8676859a3384d815d331eadd Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 21 Jan 2025 19:43:04 +0000 Subject: [PATCH 12/18] delete unused class --- .../commitment_schemes/gemini/gemini.hpp | 30 ------------------- 1 file changed, 30 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 17f3f67a431a..9f852181e860 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -99,36 +99,6 @@ template class GeminiProver_ { using Polynomial = bb::Polynomial; using Claim = ProverOpeningClaim; - struct PolynomialBatch { - RefSpan polynomials; - Polynomial batched; - std::function get_form_to_open; - - PolynomialBatch( - RefSpan polynomials, - std::function func = [](const Polynomial& poly) { return poly; }) - : polynomials(polynomials) - , get_form_to_open(func) - {} - - void initialize_batched() - { - auto poly = polynomials[0]; - batched = Polynomial(poly.size(), poly.virtual_size(), poly.start_index()); - } - - Polynomial get_batched_to_open() { return get_form_to_open(batched); } - - void compute_batched(const Fr& challenge, Fr& running_scalar) - { - initialize_batched(); - for (auto poly : polynomials) { - batched.add_scaled(poly, running_scalar); - running_scalar *= challenge; - } - } - }; - public: static std::vector compute_fold_polynomials(const size_t log_n, std::span multilinear_challenge, From 0433d5e3c4881a285ffba8a8a1aa7a553da365d3 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 21 Jan 2025 20:04:11 +0000 Subject: [PATCH 13/18] add back in unused class for testing --- .../commitment_schemes/gemini/gemini.hpp | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 9f852181e860..17f3f67a431a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -99,6 +99,36 @@ template class GeminiProver_ { using Polynomial = bb::Polynomial; using Claim = ProverOpeningClaim; + struct PolynomialBatch { + RefSpan polynomials; + Polynomial batched; + std::function get_form_to_open; + + PolynomialBatch( + RefSpan polynomials, + std::function func = [](const Polynomial& poly) { return poly; }) + : polynomials(polynomials) + , get_form_to_open(func) + {} + + void initialize_batched() + { + auto poly = polynomials[0]; + batched = Polynomial(poly.size(), poly.virtual_size(), poly.start_index()); + } + + Polynomial get_batched_to_open() { return get_form_to_open(batched); } + + void compute_batched(const Fr& challenge, Fr& running_scalar) + { + initialize_batched(); + for (auto poly : polynomials) { + batched.add_scaled(poly, running_scalar); + running_scalar *= challenge; + } + } + }; + public: static std::vector compute_fold_polynomials(const size_t log_n, std::span multilinear_challenge, From 07ae83eb7ecfcbbc20979ce65595862fb7e199d4 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 21 Jan 2025 22:03:39 +0000 Subject: [PATCH 14/18] arbitrary comment change --- .../commitment_schemes/gemini/gemini.hpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 17f3f67a431a..02f3941374fe 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -119,14 +119,14 @@ template class GeminiProver_ { Polynomial get_batched_to_open() { return get_form_to_open(batched); } - void compute_batched(const Fr& challenge, Fr& running_scalar) - { - initialize_batched(); - for (auto poly : polynomials) { - batched.add_scaled(poly, running_scalar); - running_scalar *= challenge; - } - } + // void compute_batched(const Fr& challenge, Fr& running_scalar) + // { + // initialize_batched(); + // for (auto poly : polynomials) { + // batched.add_scaled(poly, running_scalar); + // running_scalar *= challenge; + // } + // } }; public: From 4b9b68e5c0829bcf68db53a82f3e106ee480f990 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 21 Jan 2025 22:26:49 +0000 Subject: [PATCH 15/18] comment out unused class --- .../commitment_schemes/gemini/gemini.hpp | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 02f3941374fe..d02066eb9e1c 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -99,35 +99,35 @@ template class GeminiProver_ { using Polynomial = bb::Polynomial; using Claim = ProverOpeningClaim; - struct PolynomialBatch { - RefSpan polynomials; - Polynomial batched; - std::function get_form_to_open; - - PolynomialBatch( - RefSpan polynomials, - std::function func = [](const Polynomial& poly) { return poly; }) - : polynomials(polynomials) - , get_form_to_open(func) - {} - - void initialize_batched() - { - auto poly = polynomials[0]; - batched = Polynomial(poly.size(), poly.virtual_size(), poly.start_index()); - } - - Polynomial get_batched_to_open() { return get_form_to_open(batched); } - - // void compute_batched(const Fr& challenge, Fr& running_scalar) - // { - // initialize_batched(); - // for (auto poly : polynomials) { - // batched.add_scaled(poly, running_scalar); - // running_scalar *= challenge; - // } - // } - }; + // struct PolynomialBatch { + // RefSpan polynomials; + // Polynomial batched; + // std::function get_form_to_open; + + // PolynomialBatch( + // RefSpan polynomials, + // std::function func = [](const Polynomial& poly) { return poly; }) + // : polynomials(polynomials) + // , get_form_to_open(func) + // {} + + // void initialize_batched() + // { + // auto poly = polynomials[0]; + // batched = Polynomial(poly.size(), poly.virtual_size(), poly.start_index()); + // } + + // Polynomial get_batched_to_open() { return get_form_to_open(batched); } + + // // void compute_batched(const Fr& challenge, Fr& running_scalar) + // // { + // // initialize_batched(); + // // for (auto poly : polynomials) { + // // batched.add_scaled(poly, running_scalar); + // // running_scalar *= challenge; + // // } + // // } + // }; public: static std::vector compute_fold_polynomials(const size_t log_n, From 921b857008aa54cd3e4b7d354261feb1f384e139 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 21 Jan 2025 23:11:14 +0000 Subject: [PATCH 16/18] delete the unused class --- .../commitment_schemes/gemini/gemini.hpp | 30 ------------------- 1 file changed, 30 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index d02066eb9e1c..9f852181e860 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -99,36 +99,6 @@ template class GeminiProver_ { using Polynomial = bb::Polynomial; using Claim = ProverOpeningClaim; - // struct PolynomialBatch { - // RefSpan polynomials; - // Polynomial batched; - // std::function get_form_to_open; - - // PolynomialBatch( - // RefSpan polynomials, - // std::function func = [](const Polynomial& poly) { return poly; }) - // : polynomials(polynomials) - // , get_form_to_open(func) - // {} - - // void initialize_batched() - // { - // auto poly = polynomials[0]; - // batched = Polynomial(poly.size(), poly.virtual_size(), poly.start_index()); - // } - - // Polynomial get_batched_to_open() { return get_form_to_open(batched); } - - // // void compute_batched(const Fr& challenge, Fr& running_scalar) - // // { - // // initialize_batched(); - // // for (auto poly : polynomials) { - // // batched.add_scaled(poly, running_scalar); - // // running_scalar *= challenge; - // // } - // // } - // }; - public: static std::vector compute_fold_polynomials(const size_t log_n, std::span multilinear_challenge, From 0b606d80106a448b6923deb4e3a70223afa277e0 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 22 Jan 2025 04:13:23 +0000 Subject: [PATCH 17/18] bring back missing move --- .../src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 58abae094848..9492fc908bd1 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -326,7 +326,7 @@ std::vector::Claim> GeminiProver_::construc // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 1, ..., m-1. for (size_t l = 0; l < log_n - 1; ++l) { Fr evaluation = fold_polynomials[l].evaluate(-r_squares[l + 1]); - claims.emplace_back(Claim{ fold_polynomials[l], { -r_squares[l + 1], evaluation } }); + claims.emplace_back(Claim{ std::move(fold_polynomials[l]), { -r_squares[l + 1], evaluation } }); } return claims; From 3fe068748e2740831de48f151fee7ebe892a6403 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 22 Jan 2025 14:48:12 +0000 Subject: [PATCH 18/18] type and move updates in response to comments --- .../commitment_schemes/gemini/gemini.hpp | 2 +- .../commitment_schemes/gemini/gemini_impl.hpp | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index 9f852181e860..f0be1533a5c3 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -109,7 +109,7 @@ template class GeminiProver_ { Polynomial&& batched_F, Polynomial&& batched_G, const Fr& r_challenge, - std::vector batched_groups_to_be_concatenated = {}); + const std::vector& batched_groups_to_be_concatenated = {}); static std::vector construct_univariate_opening_claims(const size_t log_n, Polynomial&& A_0_pos, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp index 9492fc908bd1..f863a17e6c21 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp @@ -235,12 +235,12 @@ std::vector::Polynomial> GeminiProver_::com * @return {A₀₊(X), A₀₋(X)} */ template -std::pair::Polynomial, typename GeminiProver_::Polynomial> GeminiProver_< - Curve>::compute_partially_evaluated_batch_polynomials(const size_t log_n, - Polynomial&& batched_F, - Polynomial&& batched_G, - const Fr& r_challenge, - std::vector batched_groups_to_be_concatenated) +std::pair::Polynomial, typename GeminiProver_::Polynomial> GeminiProver_:: + compute_partially_evaluated_batch_polynomials(const size_t log_n, + Polynomial&& batched_F, + Polynomial&& batched_G, + const Fr& r_challenge, + const std::vector& batched_groups_to_be_concatenated) { Polynomial& A_0_pos = batched_F; // A₀₊ = F Polynomial A_0_neg = batched_F; // A₀₋ = F @@ -315,10 +315,10 @@ std::vector::Claim> GeminiProver_::construc // Compute evaluation of partially evaluated batch polynomial (positive) A₀₊(r) Fr a_0_pos = A_0_pos.evaluate(r_challenge); - claims.emplace_back(Claim{ A_0_pos, { r_challenge, a_0_pos } }); + claims.emplace_back(Claim{ std::move(A_0_pos), { r_challenge, a_0_pos } }); // Compute evaluation of partially evaluated batch polynomial (negative) A₀₋(-r) Fr a_0_neg = A_0_neg.evaluate(-r_challenge); - claims.emplace_back(Claim{ A_0_neg, { -r_challenge, a_0_neg } }); + claims.emplace_back(Claim{ std::move(A_0_neg), { -r_challenge, a_0_neg } }); // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1 std::vector r_squares = gemini::powers_of_evaluation_challenge(r_challenge, log_n);