From 9e12eb46a9bb7389bde05d22076dd4622d65e594 Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Mon, 27 Jan 2025 18:23:23 +0000 Subject: [PATCH 01/15] measuring stuff --- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 7 +- .../src/barretenberg/eccvm/eccvm_prover.cpp | 79 +++++++++++++++++-- 2 files changed, 79 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index ee44fac3dcdb..093237a0f4ca 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -518,7 +518,8 @@ class ECCVMFlavor { const size_t num_rows = std::max({ point_table_rows.size(), msm_rows.size(), transcript_rows.size() }) + MASKING_OFFSET; const auto log_num_rows = static_cast(numeric::get_msb64(num_rows)); - const size_t dyadic_num_rows = 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1)); + const size_t dyadic_num_rows = + std::max(1UL << CONST_ECCVM_LOG_N, 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1))); for (auto& poly : get_to_be_shifted()) { poly = Polynomial{ /*memory size*/ dyadic_num_rows - 1, @@ -687,7 +688,9 @@ class ECCVMFlavor { ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover ProvingKey(const CircuitBuilder& builder) - : Base(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates()), 0) + : Base(std::max(1UL << CONST_ECCVM_LOG_N, + builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())), + 0) , polynomials(builder) {} }; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 1defb569f97c..05b71b7d7854 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -45,11 +45,24 @@ void ECCVMProver::execute_preamble_round() */ void ECCVMProver::execute_wire_commitments_round() { - auto wire_polys = key->polynomials.get_wires(); - auto labels = commitment_labels.get_wires(); - for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript->send_to_verifier(labels[idx], key->commitment_key->commit(wire_polys[idx])); + // 1. Record the start time + auto start_time = std::chrono::high_resolution_clock::now(); + + // 2. Execute operations + // auto wire_polys = key->polynomials.get_wires(); + // auto labels = commitment_labels.get_wires(); + for (const auto& [wire, label] : zip_view(key->polynomials.get_wires(), commitment_labels.get_wires())) { + transcript->send_to_verifier(label, key->commitment_key->commit_sparse(wire)); } + + // 3. Record the end time + auto end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on wire polynomial commitments: " + std::to_string(duration_ms) + " ms"); } /** @@ -58,6 +71,9 @@ void ECCVMProver::execute_wire_commitments_round() */ void ECCVMProver::execute_log_derivative_commitments_round() { + // 1. Record the start time + auto start_time = std::chrono::high_resolution_clock::now(); + // Compute and add beta to relation parameters auto [beta, gamma] = transcript->template get_challenges("beta", "gamma"); @@ -75,6 +91,15 @@ void ECCVMProver::execute_log_derivative_commitments_round() key->polynomials, relation_parameters, key->circuit_size); transcript->send_to_verifier(commitment_labels.lookup_inverses, key->commitment_key->commit(key->polynomials.lookup_inverses)); + + // 3. Record the end time + auto end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on log derivative: " + std::to_string(duration_ms) + " ms"); } /** @@ -83,10 +108,22 @@ void ECCVMProver::execute_log_derivative_commitments_round() */ void ECCVMProver::execute_grand_product_computation_round() { + // 1. Record the start time + auto start_time = std::chrono::high_resolution_clock::now(); + // Compute permutation grand product and their commitments compute_grand_products(key->polynomials, relation_parameters); transcript->send_to_verifier(commitment_labels.z_perm, key->commitment_key->commit(key->polynomials.z_perm)); + + // 3. Record the end time + auto end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on log z perm: " + std::to_string(duration_ms) + " ms"); } /** @@ -95,6 +132,9 @@ void ECCVMProver::execute_grand_product_computation_round() */ void ECCVMProver::execute_relation_check_rounds() { + // 1. Record the start time + auto start_time = std::chrono::high_resolution_clock::now(); + using Sumcheck = SumcheckProver; auto sumcheck = Sumcheck(key->circuit_size, transcript); @@ -107,6 +147,15 @@ void ECCVMProver::execute_relation_check_rounds() zk_sumcheck_data = ZKData(key->log_circuit_size, transcript, key->commitment_key); sumcheck_output = sumcheck.prove(key->polynomials, relation_parameters, alpha, gate_challenges, zk_sumcheck_data); + + // 3. Record the end time + auto end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on sumcheck: " + std::to_string(duration_ms) + " ms"); } /** @@ -116,7 +165,9 @@ void ECCVMProver::execute_relation_check_rounds() * */ void ECCVMProver::execute_pcs_rounds() -{ +{ // 1. Record the start time + auto start_time = std::chrono::high_resolution_clock::now(); + using Curve = typename Flavor::Curve; using Shplemini = ShpleminiProver_; using Shplonk = ShplonkProver_; @@ -140,6 +191,16 @@ void ECCVMProver::execute_pcs_rounds() sumcheck_output.round_univariates, sumcheck_output.round_univariate_evaluations); + // 3. Record the end time + auto end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on Shplemini: " + std::to_string(duration_ms) + " ms"); + + start_time = std::chrono::high_resolution_clock::now(); // Get the challenge at which we evaluate all transcript polynomials as univariates evaluation_challenge_x = transcript->template get_challenge("Translation:evaluation_challenge_x"); @@ -193,6 +254,14 @@ void ECCVMProver::execute_pcs_rounds() // Compute the opening proof for the batched opening claim with the univariate PCS PCS::compute_opening_proof(key->commitment_key, batch_opening_claim, ipa_transcript); + // 3. Record the end time + end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on Shplonk + IPA: " + std::to_string(duration_ms) + " ms"); // Produce another challenge passed as input to the translator verifier translation_batching_challenge_v = transcript->template get_challenge("Translation:batching_challenge"); From 0d7d3c26c4b8babd198773388eba3a5f63ea6dff Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Tue, 28 Jan 2025 14:53:28 +0000 Subject: [PATCH 02/15] wip --- .../commitment_schemes/commitment_key.hpp | 4 +-- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 2 ++ .../src/barretenberg/eccvm/eccvm_prover.cpp | 25 ++++++++++++++++--- .../src/barretenberg/sumcheck/sumcheck.hpp | 11 +++++++- 4 files changed, 36 insertions(+), 6 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp index 4108a072d72c..26c2139094bb 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp @@ -86,11 +86,11 @@ template class CommitmentKey { * @param polynomial a univariate polynomial p(X) = ∑ᵢ aᵢ⋅Xⁱ * @return Commitment computed as C = [p(x)] = ∑ᵢ aᵢ⋅Gᵢ */ - Commitment commit(PolynomialSpan polynomial) + Commitment commit(PolynomialSpan polynomial, const size_t real_size = 0) { PROFILE_THIS_NAME("commit"); // We must have a power-of-2 SRS points *after* subtracting by start_index. - size_t dyadic_poly_size = numeric::round_up_power_2(polynomial.size()); + size_t dyadic_poly_size = (real_size == 0) ? numeric::round_up_power_2(polynomial.size()) : real_size; ASSERT(dyadic_poly_size <= dyadic_size && "Polynomial size exceeds commitment key size."); // Because pippenger prefers a power-of-2 size, we must choose a starting index for the points so that we don't // exceed the dyadic_circuit_size. The actual start index of the points will be the smallest it can be so that diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 093237a0f4ca..8ac6d534f44c 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -684,6 +684,7 @@ class ECCVMFlavor { // Expose constructors on the base class using Base = ProvingKey_; using Base::Base; + size_t real_eccvm_circuit_size; ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover @@ -691,6 +692,7 @@ class ECCVMFlavor { : Base(std::max(1UL << CONST_ECCVM_LOG_N, builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())), 0) + , real_eccvm_circuit_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) , polynomials(builder) {} }; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 05b71b7d7854..9fbc1b865d9b 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -47,12 +47,31 @@ void ECCVMProver::execute_wire_commitments_round() { // 1. Record the start time auto start_time = std::chrono::high_resolution_clock::now(); - + info("real size? ", key->real_eccvm_circuit_size); // 2. Execute operations // auto wire_polys = key->polynomials.get_wires(); - // auto labels = commitment_labels.get_wires(); + // // auto labels = commitment_labels.get_wires(); + std::vector real_sizes; + real_sizes.reserve(key->polynomials.get_wires().size()); + size_t counter = 0; for (const auto& [wire, label] : zip_view(key->polynomials.get_wires(), commitment_labels.get_wires())) { - transcript->send_to_verifier(label, key->commitment_key->commit_sparse(wire)); + + // Initialize real_size to the full size of the wire + size_t real_size = wire.size(); + + // Traverse the wire from the end to find the first non-zero element + while (real_size > 0 && wire.at(real_size - 1) == FF(0)) { + real_size--; + } + info(counter, " ", real_size); + // Optionally store the real_size + real_sizes.push_back(real_size); + if ((counter == 62) || (counter == 63)) { + transcript->send_to_verifier(label, key->commitment_key->commit(wire)); + } else { + transcript->send_to_verifier(label, key->commitment_key->commit(wire, 4096)); + } + counter++; } // 3. Record the end time diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index dd12305bc436..9739bace1660 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -305,11 +305,20 @@ template class SumcheckProver { // Place the evaluations of the round univariate into transcript. transcript->send_to_verifier("Sumcheck:univariate_0", round_univariate); } else { - + // 1. Record the start time + auto start_time = std::chrono::high_resolution_clock::now(); // Compute monomial coefficients of the round univariate, commit to it, populate an auxiliary structure // needed in the PCS round commit_to_round_univariate( round_idx, round_univariate, eval_domain, transcript, ck, round_univariates, round_evaluations); + // 3. Record the end time + auto end_time = std::chrono::high_resolution_clock::now(); + + // 4. Compute the duration in milliseconds + auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + + // 5. Print/log the timing + info("Time spent on commit to round univariate sumcheck: " + std::to_string(duration_ms) + " ms"); } const FF round_challenge = transcript->template get_challenge("Sumcheck:u_0"); From 8c401eee7c49a6e1977de747248454b3d13013ec Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Wed, 29 Jan 2025 11:07:33 +0000 Subject: [PATCH 03/15] commit to chunks? --- .../commitment_schemes/commitment_key.hpp | 4 ++-- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 8 +++----- .../src/barretenberg/eccvm/eccvm_prover.cpp | 19 +++++-------------- .../barretenberg/polynomials/polynomial.hpp | 6 ++++-- 4 files changed, 14 insertions(+), 23 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp index 26c2139094bb..4108a072d72c 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp @@ -86,11 +86,11 @@ template class CommitmentKey { * @param polynomial a univariate polynomial p(X) = ∑ᵢ aᵢ⋅Xⁱ * @return Commitment computed as C = [p(x)] = ∑ᵢ aᵢ⋅Gᵢ */ - Commitment commit(PolynomialSpan polynomial, const size_t real_size = 0) + Commitment commit(PolynomialSpan polynomial) { PROFILE_THIS_NAME("commit"); // We must have a power-of-2 SRS points *after* subtracting by start_index. - size_t dyadic_poly_size = (real_size == 0) ? numeric::round_up_power_2(polynomial.size()) : real_size; + size_t dyadic_poly_size = numeric::round_up_power_2(polynomial.size()); ASSERT(dyadic_poly_size <= dyadic_size && "Polynomial size exceeds commitment key size."); // Because pippenger prefers a power-of-2 size, we must choose a starting index for the points so that we don't // exceed the dyadic_circuit_size. The actual start index of the points will be the smallest it can be so that diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 8ac6d534f44c..e40745826570 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -518,8 +518,7 @@ class ECCVMFlavor { const size_t num_rows = std::max({ point_table_rows.size(), msm_rows.size(), transcript_rows.size() }) + MASKING_OFFSET; const auto log_num_rows = static_cast(numeric::get_msb64(num_rows)); - const size_t dyadic_num_rows = - std::max(1UL << CONST_ECCVM_LOG_N, 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1))); + const size_t dyadic_num_rows = 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1)); for (auto& poly : get_to_be_shifted()) { poly = Polynomial{ /*memory size*/ dyadic_num_rows - 1, @@ -689,10 +688,9 @@ class ECCVMFlavor { ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover ProvingKey(const CircuitBuilder& builder) - : Base(std::max(1UL << CONST_ECCVM_LOG_N, - builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())), - 0) + : Base(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates()), 0) , real_eccvm_circuit_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) + , polynomials(builder) {} }; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 9fbc1b865d9b..22288f665891 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -47,29 +47,20 @@ void ECCVMProver::execute_wire_commitments_round() { // 1. Record the start time auto start_time = std::chrono::high_resolution_clock::now(); - info("real size? ", key->real_eccvm_circuit_size); - // 2. Execute operations - // auto wire_polys = key->polynomials.get_wires(); - // // auto labels = commitment_labels.get_wires(); + info("eccvm size?", key->real_eccvm_circuit_size); std::vector real_sizes; real_sizes.reserve(key->polynomials.get_wires().size()); size_t counter = 0; for (const auto& [wire, label] : zip_view(key->polynomials.get_wires(), commitment_labels.get_wires())) { - // Initialize real_size to the full size of the wire - size_t real_size = wire.size(); - - // Traverse the wire from the end to find the first non-zero element - while (real_size > 0 && wire.at(real_size - 1) == FF(0)) { - real_size--; - } - info(counter, " ", real_size); // Optionally store the real_size - real_sizes.push_back(real_size); if ((counter == 62) || (counter == 63)) { + transcript->send_to_verifier(label, key->commitment_key->commit(wire)); } else { - transcript->send_to_verifier(label, key->commitment_key->commit(wire, 4096)); + PolynomialSpan wire_span = wire; + transcript->send_to_verifier( + label, key->commitment_key->commit(wire_span.subspan(0, key->real_eccvm_circuit_size))); } counter++; } diff --git a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp index fdb196d06f82..345b97f56214 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp @@ -36,13 +36,15 @@ template struct PolynomialSpan { ASSERT(index >= start_index && index < end_index()); return span[index - start_index]; } - PolynomialSpan subspan(size_t offset) + PolynomialSpan subspan(size_t offset, size_t length) { if (offset > span.size()) { // Return a null span return { 0, span.subspan(span.size()) }; } - return { start_index + offset, span.subspan(offset) }; + size_t new_length = std::min(length, span.size() - offset); + return { start_index + offset, span.subspan(offset, new_length) }; } + operator PolynomialSpan() const { return PolynomialSpan(start_index, span); } }; /** From 5ad09c4faefdbc095ccbc4b334539def77102d4b Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Wed, 29 Jan 2025 11:41:16 +0000 Subject: [PATCH 04/15] somewhat amortized commitments cost --- barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp | 7 +++++-- barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp | 3 +-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index e40745826570..379385710fbf 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -518,7 +518,8 @@ class ECCVMFlavor { const size_t num_rows = std::max({ point_table_rows.size(), msm_rows.size(), transcript_rows.size() }) + MASKING_OFFSET; const auto log_num_rows = static_cast(numeric::get_msb64(num_rows)); - const size_t dyadic_num_rows = 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1)); + const size_t dyadic_num_rows = + std::max(1UL << CONST_ECCVM_LOG_N, 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1))); for (auto& poly : get_to_be_shifted()) { poly = Polynomial{ /*memory size*/ dyadic_num_rows - 1, @@ -688,7 +689,9 @@ class ECCVMFlavor { ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover ProvingKey(const CircuitBuilder& builder) - : Base(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates()), 0) + : Base(std::max(1UL << CONST_ECCVM_LOG_N, + builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())), + 0) , real_eccvm_circuit_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) , polynomials(builder) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 22288f665891..2e621d4faa70 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -48,8 +48,7 @@ void ECCVMProver::execute_wire_commitments_round() // 1. Record the start time auto start_time = std::chrono::high_resolution_clock::now(); info("eccvm size?", key->real_eccvm_circuit_size); - std::vector real_sizes; - real_sizes.reserve(key->polynomials.get_wires().size()); + size_t counter = 0; for (const auto& [wire, label] : zip_view(key->polynomials.get_wires(), commitment_labels.get_wires())) { From 0d38b3b7d4e00fd01a51052c009d60a5d981ebdb Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Thu, 30 Jan 2025 13:47:36 +0000 Subject: [PATCH 05/15] easy optimizations --- .../relations/ecc_vm/ecc_set_relation.hpp | 7 +++++++ .../translator_vm/translator_flavor.hpp | 2 +- .../translator_vm/translator_prover.cpp | 15 +++++++++++---- .../translator_vm/translator_prover.hpp | 2 +- .../translator_vm/translator_proving_key.hpp | 1 + 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp b/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp index d0e0ab35a23a..0bfb288e0b93 100644 --- a/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp +++ b/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp @@ -27,6 +27,13 @@ polynomials, 1 // left-shiftable polynomial sub-relation }; + template inline static bool skip(const AllEntities& in) + { + // If z_perm == z_perm_shift, this implies that none of the wire values for the present input are involved in + // non-trivial copy constraints. + return (in.z_perm - in.z_perm_shift).is_zero(); + } + // Max among {SUBRELATION_PARTIAL_LENGTH + SUBRELATION_WITNESS_DEGREE} static constexpr size_t ZK_RELATION_LENGTH = 43; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp index 2dd0f7a249f4..289d9519a24a 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp @@ -40,7 +40,7 @@ class TranslatorFlavor { // Indicates that this flavor runs with ZK Sumcheck. static constexpr bool HasZK = true; - static constexpr size_t MINIMUM_MINI_CIRCUIT_SIZE = 2048; + static constexpr size_t MINIMUM_MINI_CIRCUIT_SIZE = 8192; // The size of the circuit which is filled with non-zero values for most polynomials. Most relations (everything // except for Permutation and DeltaRangeConstraint) can be evaluated just on the first chunk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp index ee6be78d7325..d151284ddc89 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp @@ -46,10 +46,17 @@ void TranslatorProver::execute_preamble_round() void TranslatorProver::execute_wire_and_sorted_constraints_commitments_round() { // Commit to all wire polynomials and ordered range constraint polynomials - auto wire_polys = key->proving_key->polynomials.get_wires_and_ordered_range_constraints(); - auto labels = commitment_labels.get_wires_and_ordered_range_constraints(); - for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript->send_to_verifier(labels[idx], key->proving_key->commitment_key->commit(wire_polys[idx])); + + for (const auto& [wire, label] : + zip_view(key->proving_key->polynomials.get_wires(), commitment_labels.get_wires())) { + PolynomialSpan wire_span = wire; + transcript->send_to_verifier( + label, key->proving_key->commitment_key->commit(wire_span.subspan(0, Flavor::MINI_CIRCUIT_SIZE))); + } + + for (const auto& [ordered_range_constraint, label] : zip_view( + key->proving_key->polynomials.get_ordered_constraints(), commitment_labels.get_ordered_constraints())) { + transcript->send_to_verifier(label, key->proving_key->commitment_key->commit(ordered_range_constraint)); } } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.hpp index 2acd99027cfd..b6a1c7009e02 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.hpp @@ -24,7 +24,7 @@ class TranslatorProver { using PCS = typename Flavor::PCS; using Transcript = typename Flavor::Transcript; using ZKData = ZKSumcheckData; - static constexpr size_t MINIMUM_MINI_CIRCUIT_SIZE = 2048; + static constexpr size_t MINIMUM_MINI_CIRCUIT_SIZE = Flavor::MINIMUM_MINI_CIRCUIT_SIZE; size_t total_num_gates = 0; // num_gates (already include zero row offset) (used to compute dyadic size) size_t dyadic_circuit_size = 0; // final power-of-2 circuit size size_t mini_circuit_dyadic_size = 0; // The size of the small circuit that contains non-range constraint relations diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp index f0ba84f368e2..0a6cdbf37fd6 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp @@ -93,6 +93,7 @@ class TranslatorProvingKey { inline void compute_mini_circuit_dyadic_size(const Circuit& circuit) { const size_t total_num_gates = std::max(circuit.num_gates, Flavor::MINIMUM_MINI_CIRCUIT_SIZE); + info("translator, minicircuit size ", Flavor::MINIMUM_MINI_CIRCUIT_SIZE); // Next power of 2 mini_circuit_dyadic_size = circuit.get_circuit_subgroup_size(total_num_gates); } From 34383c798cac546bfda69be62f28e828d8f4966e Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Thu, 30 Jan 2025 14:36:09 +0000 Subject: [PATCH 06/15] removed noise --- .../cpp/src/barretenberg/sumcheck/sumcheck.hpp | 10 ---------- .../barretenberg/translator_vm/translator_flavor.hpp | 2 +- .../barretenberg/translator_vm/translator_prover.cpp | 7 ++++--- .../translator_vm/translator_proving_key.hpp | 4 +++- 4 files changed, 8 insertions(+), 15 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index 9739bace1660..6b847af13521 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -305,20 +305,10 @@ template class SumcheckProver { // Place the evaluations of the round univariate into transcript. transcript->send_to_verifier("Sumcheck:univariate_0", round_univariate); } else { - // 1. Record the start time - auto start_time = std::chrono::high_resolution_clock::now(); // Compute monomial coefficients of the round univariate, commit to it, populate an auxiliary structure // needed in the PCS round commit_to_round_univariate( round_idx, round_univariate, eval_domain, transcript, ck, round_univariates, round_evaluations); - // 3. Record the end time - auto end_time = std::chrono::high_resolution_clock::now(); - - // 4. Compute the duration in milliseconds - auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); - - // 5. Print/log the timing - info("Time spent on commit to round univariate sumcheck: " + std::to_string(duration_ms) + " ms"); } const FF round_challenge = transcript->template get_challenge("Sumcheck:u_0"); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp index 289d9519a24a..f4b2a9eb6d6c 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp @@ -22,7 +22,7 @@ namespace bb { class TranslatorFlavor { public: - static constexpr size_t mini_circuit_size = 2048; + static constexpr size_t mini_circuit_size = 8192; using CircuitBuilder = TranslatorCircuitBuilder; using Curve = curve::BN254; using PCS = KZG; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp index d151284ddc89..3e4a2ea3c047 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp @@ -45,15 +45,16 @@ void TranslatorProver::execute_preamble_round() */ void TranslatorProver::execute_wire_and_sorted_constraints_commitments_round() { - // Commit to all wire polynomials and ordered range constraint polynomials - + // Commit to all wire polynomials, note that the wire polynomials have at most `mini_circuit_dyadic_size` non-zero + // values. Therefore we could commit to a subspan of that size. for (const auto& [wire, label] : zip_view(key->proving_key->polynomials.get_wires(), commitment_labels.get_wires())) { PolynomialSpan wire_span = wire; transcript->send_to_verifier( - label, key->proving_key->commitment_key->commit(wire_span.subspan(0, Flavor::MINI_CIRCUIT_SIZE))); + label, key->proving_key->commitment_key->commit(wire_span.subspan(0, key->mini_circuit_dyadic_size))); } + // The ordered range constraints are of full circuit size. for (const auto& [ordered_range_constraint, label] : zip_view( key->proving_key->polynomials.get_ordered_constraints(), commitment_labels.get_ordered_constraints())) { transcript->send_to_verifier(label, key->proving_key->commitment_key->commit(ordered_range_constraint)); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp index 0a6cdbf37fd6..e03001b7bd42 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp @@ -92,8 +92,10 @@ class TranslatorProvingKey { inline void compute_mini_circuit_dyadic_size(const Circuit& circuit) { + // Check that the Translator Circuit does not exceed the fixed upper bound, the current value 8192 corresponds + // to 10 rounds of folding (i.e. 20 circuits) + ASSERT(circuit.num_gates < Flavor::MINIMUM_MINI_CIRCUIT_SIZE); const size_t total_num_gates = std::max(circuit.num_gates, Flavor::MINIMUM_MINI_CIRCUIT_SIZE); - info("translator, minicircuit size ", Flavor::MINIMUM_MINI_CIRCUIT_SIZE); // Next power of 2 mini_circuit_dyadic_size = circuit.get_circuit_subgroup_size(total_num_gates); } From 7a99d9767f40760a7fd4e831179a32b2492ac486 Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Thu, 6 Feb 2025 17:15:57 +0000 Subject: [PATCH 07/15] eccvm getters to isolate the long wires --- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 118 +++++++++++------- .../src/barretenberg/eccvm/eccvm_prover.cpp | 94 ++------------ .../eccvm/eccvm_transcript.test.cpp | 4 +- .../relations/ecc_vm/ecc_set_relation.hpp | 7 ++ 4 files changed, 95 insertions(+), 128 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 7142bbdc0d94..c9cdd6c23f0f 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -128,12 +128,7 @@ class ECCVMFlavor { z_perm, // column 0 lookup_inverses); // column 1 }; - - /** - * @brief Container for all witness polynomials used/constructed by the prover. - * @details Shifts are not included here since they do not occupy their own memory. - */ - template class WireEntities { + template class WireNonShiftedEntities { public: DEFINE_FLAVOR_MEMBERS(DataType, transcript_add, // column 0 @@ -195,45 +190,80 @@ class ECCVMFlavor { transcript_msm_infinity, // column 56 transcript_msm_x_inverse, // column 57 transcript_msm_count_zero_at_transition, // column 58 - transcript_msm_count_at_transition_inverse, // column 59 - transcript_mul, // column 60 - transcript_msm_count, // column 61 - transcript_accumulator_x, // column 62 - transcript_accumulator_y, // column 63 - precompute_scalar_sum, // column 64 - precompute_s1hi, // column 65 - precompute_dx, // column 66 - precompute_dy, // column 67 - precompute_tx, // column 68 - precompute_ty, // column 69 - msm_transition, // column 70 - msm_add, // column 71 - msm_double, // column 72 - msm_skew, // column 73 - msm_accumulator_x, // column 74 - msm_accumulator_y, // column 75 - msm_count, // column 76 - msm_round, // column 77 - msm_add1, // column 78 - msm_pc, // column 79 - precompute_pc, // column 80 - transcript_pc, // column 81 - precompute_round, // column 82 - transcript_accumulator_empty, // column 83 - precompute_select) // column 84 + transcript_msm_count_at_transition_inverse) // column 59 + }; + template class WireToBeShiftedAccumulatorEntities { + public: + DEFINE_FLAVOR_MEMBERS(DataType, + transcript_accumulator_x, // column 62 + transcript_accumulator_y) // column 63 }; - /** * @brief Container for all witness polynomials used/constructed by the prover. * @details Shifts are not included here since they do not occupy their own memory. */ + template class WireToBeShiftedWithoutAccumulatorsEntities { + public: + DEFINE_FLAVOR_MEMBERS(DataType, + transcript_mul, // column 60 + transcript_msm_count, // column 61 + precompute_scalar_sum, // column 64 + precompute_s1hi, // column 65 + precompute_dx, // column 66 + precompute_dy, // column 67 + precompute_tx, // column 68 + precompute_ty, // column 69 + msm_transition, // column 70 + msm_add, // column 71 + msm_double, // column 72 + msm_skew, // column 73 + msm_accumulator_x, // column 74 + msm_accumulator_y, // column 75 + msm_count, // column 76 + msm_round, // column 77 + msm_add1, // column 78 + msm_pc, // column 79 + precompute_pc, // column 80 + transcript_pc, // column 81 + precompute_round, // column 82 + transcript_accumulator_empty, // column 83 + precompute_select) // column 84 + }; template - class WitnessEntities : public WireEntities, public DerivedWitnessEntities { + class WireEntities : public WireNonShiftedEntities, + public WireToBeShiftedAccumulatorEntities, + public WireToBeShiftedWithoutAccumulatorsEntities { public: - DEFINE_COMPOUND_GET_ALL(WireEntities, DerivedWitnessEntities) - auto get_wires() { return WireEntities::get_all(); }; - // The sorted concatenations of table and witness data needed for plookup. - auto get_sorted_polynomials() { return RefArray{}; }; + DEFINE_COMPOUND_GET_ALL(WireNonShiftedEntities, + WireToBeShiftedAccumulatorEntities, + WireToBeShiftedWithoutAccumulatorsEntities); + }; + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory. + */ + template + class WitnessEntities : public WireNonShiftedEntities, + public WireToBeShiftedWithoutAccumulatorsEntities, + public WireToBeShiftedAccumulatorEntities, + public DerivedWitnessEntities { + public: + DEFINE_COMPOUND_GET_ALL(WireNonShiftedEntities, + WireToBeShiftedWithoutAccumulatorsEntities, + WireToBeShiftedAccumulatorEntities, + DerivedWitnessEntities) + auto get_wires() + { + return concatenate(WireNonShiftedEntities::get_all(), + WireToBeShiftedWithoutAccumulatorsEntities::get_all(), + WireToBeShiftedAccumulatorEntities::get_all()); + }; + auto get_accumulators() { return WireToBeShiftedAccumulatorEntities::get_all(); }; + auto get_wires_without_accumulators() + { + return concatenate(WireNonShiftedEntities::get_all(), + WireToBeShiftedWithoutAccumulatorsEntities::get_all()); + } }; /** @@ -244,8 +274,6 @@ class ECCVMFlavor { DEFINE_FLAVOR_MEMBERS(DataType, transcript_mul_shift, // column 0 transcript_msm_count_shift, // column 1 - transcript_accumulator_x_shift, // column 2 - transcript_accumulator_y_shift, // column 3 precompute_scalar_sum_shift, // column 4 precompute_s1hi_shift, // column 5 precompute_dx_shift, // column 6 @@ -267,6 +295,8 @@ class ECCVMFlavor { precompute_round_shift, // column 22 transcript_accumulator_empty_shift, // column 23 precompute_select_shift, // column 24 + transcript_accumulator_x_shift, // column 2 + transcript_accumulator_y_shift, // column 3 z_perm_shift); // column 25 }; @@ -276,8 +306,6 @@ class ECCVMFlavor { // NOTE: must match order of ShiftedEntities above! return RefArray{ entities.transcript_mul, // column 0 entities.transcript_msm_count, // column 1 - entities.transcript_accumulator_x, // column 2 - entities.transcript_accumulator_y, // column 3 entities.precompute_scalar_sum, // column 4 entities.precompute_s1hi, // column 5 entities.precompute_dx, // column 6 @@ -299,6 +327,8 @@ class ECCVMFlavor { entities.precompute_round, // column 22 entities.transcript_accumulator_empty, // column 23 entities.precompute_select, // column 24 + entities.transcript_accumulator_x, // column 2 + entities.transcript_accumulator_y, // column 3 entities.z_perm }; // column 25 } @@ -682,7 +712,7 @@ class ECCVMFlavor { // Expose constructors on the base class using Base = ProvingKey_; using Base::Base; - size_t real_eccvm_circuit_size; + size_t fixed_size; ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover @@ -690,7 +720,7 @@ class ECCVMFlavor { : Base(std::max(1UL << CONST_ECCVM_LOG_N, builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())), 0) - , real_eccvm_circuit_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) + , fixed_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) , polynomials(builder) {} diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 10bdcf400394..2c84d56462d3 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -45,33 +45,19 @@ void ECCVMProver::execute_preamble_round() */ void ECCVMProver::execute_wire_commitments_round() { - // 1. Record the start time - auto start_time = std::chrono::high_resolution_clock::now(); - info("eccvm size?", key->real_eccvm_circuit_size); - - size_t counter = 0; - for (const auto& [wire, label] : zip_view(key->polynomials.get_wires(), commitment_labels.get_wires())) { - - // Optionally store the real_size - if ((counter == 62) || (counter == 63)) { - - transcript->send_to_verifier(label, key->commitment_key->commit(wire)); - } else { - PolynomialSpan wire_span = wire; - transcript->send_to_verifier( - label, key->commitment_key->commit(wire_span.subspan(0, key->real_eccvm_circuit_size))); - } - counter++; - } - - // 3. Record the end time - auto end_time = std::chrono::high_resolution_clock::now(); + // Commit to wires whose length is bounded by the real size of the ECCVM + for (const auto& [wire, label] : zip_view(key->polynomials.get_wires_without_accumulators(), + commitment_labels.get_wires_without_accumulators())) { - // 4. Compute the duration in milliseconds - auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); + PolynomialSpan wire_span = wire; + transcript->send_to_verifier(label, key->commitment_key->commit(wire_span.subspan(0, key->fixed_size))); + } - // 5. Print/log the timing - info("Time spent on wire polynomial commitments: " + std::to_string(duration_ms) + " ms"); + // The accumulators are populated until the 2^{CONST_ECCVM_LOG_N}, therefore we commit to a full-sized polynomial + for (const auto& [wire, label] : + zip_view(key->polynomials.get_accumulators(), commitment_labels.get_accumulators())) { + transcript->send_to_verifier(label, key->commitment_key->commit(wire)); + } } /** @@ -80,8 +66,6 @@ void ECCVMProver::execute_wire_commitments_round() */ void ECCVMProver::execute_log_derivative_commitments_round() { - // 1. Record the start time - auto start_time = std::chrono::high_resolution_clock::now(); // Compute and add beta to relation parameters auto [beta, gamma] = transcript->template get_challenges("beta", "gamma"); @@ -100,15 +84,6 @@ void ECCVMProver::execute_log_derivative_commitments_round() key->polynomials, relation_parameters, key->circuit_size); transcript->send_to_verifier(commitment_labels.lookup_inverses, key->commitment_key->commit(key->polynomials.lookup_inverses)); - - // 3. Record the end time - auto end_time = std::chrono::high_resolution_clock::now(); - - // 4. Compute the duration in milliseconds - auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); - - // 5. Print/log the timing - info("Time spent on log derivative: " + std::to_string(duration_ms) + " ms"); } /** @@ -117,22 +92,10 @@ void ECCVMProver::execute_log_derivative_commitments_round() */ void ECCVMProver::execute_grand_product_computation_round() { - // 1. Record the start time - auto start_time = std::chrono::high_resolution_clock::now(); - // Compute permutation grand product and their commitments compute_grand_products(key->polynomials, relation_parameters); transcript->send_to_verifier(commitment_labels.z_perm, key->commitment_key->commit(key->polynomials.z_perm)); - - // 3. Record the end time - auto end_time = std::chrono::high_resolution_clock::now(); - - // 4. Compute the duration in milliseconds - auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); - - // 5. Print/log the timing - info("Time spent on log z perm: " + std::to_string(duration_ms) + " ms"); } /** @@ -141,8 +104,6 @@ void ECCVMProver::execute_grand_product_computation_round() */ void ECCVMProver::execute_relation_check_rounds() { - // 1. Record the start time - auto start_time = std::chrono::high_resolution_clock::now(); using Sumcheck = SumcheckProver; @@ -156,15 +117,6 @@ void ECCVMProver::execute_relation_check_rounds() zk_sumcheck_data = ZKData(key->log_circuit_size, transcript, key->commitment_key); sumcheck_output = sumcheck.prove(key->polynomials, relation_parameters, alpha, gate_challenges, zk_sumcheck_data); - - // 3. Record the end time - auto end_time = std::chrono::high_resolution_clock::now(); - - // 4. Compute the duration in milliseconds - auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); - - // 5. Print/log the timing - info("Time spent on sumcheck: " + std::to_string(duration_ms) + " ms"); } /** @@ -174,9 +126,7 @@ void ECCVMProver::execute_relation_check_rounds() * */ void ECCVMProver::execute_pcs_rounds() -{ // 1. Record the start time - auto start_time = std::chrono::high_resolution_clock::now(); - +{ using Curve = typename Flavor::Curve; using Shplemini = ShpleminiProver_; using Shplonk = ShplonkProver_; @@ -204,16 +154,6 @@ void ECCVMProver::execute_pcs_rounds() sumcheck_output.round_univariates, sumcheck_output.round_univariate_evaluations); - // 3. Record the end time - auto end_time = std::chrono::high_resolution_clock::now(); - - // 4. Compute the duration in milliseconds - auto duration_ms = std::chrono::duration_cast(end_time - start_time).count(); - - // 5. Print/log the timing - info("Time spent on Shplemini: " + std::to_string(duration_ms) + " ms"); - - start_time = std::chrono::high_resolution_clock::now(); // Get the challenge at which we evaluate all transcript polynomials as univariates evaluation_challenge_x = transcript->template get_challenge("Translation:evaluation_challenge_x"); @@ -267,18 +207,8 @@ void ECCVMProver::execute_pcs_rounds() // Compute the opening proof for the batched opening claim with the univariate PCS PCS::compute_opening_proof(key->commitment_key, batch_opening_claim, ipa_transcript); - // 3. Record the end time - end_time = std::chrono::high_resolution_clock::now(); - - // 4. Compute the duration in milliseconds - duration_ms = std::chrono::duration_cast(end_time - start_time).count(); - - // 5. Print/log the timing - info("Time spent on Shplonk + IPA: " + std::to_string(duration_ms) + " ms"); // Produce another challenge passed as input to the translator verifier translation_batching_challenge_v = transcript->template get_challenge("Translation:batching_challenge"); - - vinfo("computed opening proof"); } ECCVMProof ECCVMProver::export_proof() diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp index be64494b5720..eeaf1eb9d878 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp @@ -99,8 +99,6 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_AT_TRANSITION_INVERSE", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MUL", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_SCALAR_SUM", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_S1HI", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_DX", frs_per_G); @@ -122,6 +120,8 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "PRECOMPUTE_ROUND", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_EMPTY", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_SELECT", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G); manifest_expected.add_challenge(round, "beta", "gamma"); round++; diff --git a/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp b/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp index 1a5aff693691..0ba2af3c281f 100644 --- a/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp +++ b/barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_set_relation.hpp @@ -17,6 +17,13 @@ template class ECCVMSetRelationImpl { 3 // left-shiftable polynomial sub-relation }; + template inline static bool skip(const AllEntities& in) + { + // If z_perm == z_perm_shift, this implies that none of the wire values for the present input are involved in + // non-trivial copy constraints. + return (in.z_perm - in.z_perm_shift).is_zero(); + } + template static Accumulator convert_to_wnaf(const auto& s0, const auto& s1) { auto t = s0 + s0; From 1dea9ad6764fd72948db6b608f3a5d7a429e3102 Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Thu, 6 Feb 2025 18:17:12 +0000 Subject: [PATCH 08/15] added a mechanism to turn on fixed size in eccvm + tests --- .../eccvm/eccvm_composer.test.cpp | 25 +++++++++++++++++ .../src/barretenberg/eccvm/eccvm_flavor.hpp | 27 ++++++++++++------- .../src/barretenberg/eccvm/eccvm_prover.cpp | 6 +++-- .../src/barretenberg/eccvm/eccvm_prover.hpp | 3 +++ 4 files changed, 49 insertions(+), 12 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.test.cpp index 448b00941558..e00a97bb14cb 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.test.cpp @@ -98,6 +98,16 @@ TEST_F(ECCVMTests, BaseCase) ASSERT_TRUE(verified); } +TEST_F(ECCVMTests, BaseCaseFixedSize) +{ + ECCVMCircuitBuilder builder = generate_circuit(&engine); + ECCVMProver prover(builder, /*fixed_size = */ true); + ECCVMProof proof = prover.construct_proof(); + ECCVMVerifier verifier(prover.key); + bool verified = verifier.verify_proof(proof); + + ASSERT_TRUE(verified); +} TEST_F(ECCVMTests, EqFails) { @@ -114,6 +124,21 @@ TEST_F(ECCVMTests, EqFails) ASSERT_FALSE(verified); } +TEST_F(ECCVMTests, EqFailsFixedSize) +{ + auto builder = generate_circuit(&engine); + // Tamper with the eq op such that the expected value is incorect + builder.op_queue->add_erroneous_equality_op_for_testing(); + + builder.op_queue->num_transcript_rows++; + ECCVMProver prover(builder, /*fixed_size = */ true); + + ECCVMProof proof = prover.construct_proof(); + ECCVMVerifier verifier(prover.key); + bool verified = verifier.verify_proof(proof); + ASSERT_FALSE(verified); +} + TEST_F(ECCVMTests, CommittedSumcheck) { using Flavor = ECCVMFlavor; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index c9cdd6c23f0f..5836af9fc4eb 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -530,7 +530,7 @@ class ECCVMFlavor { table (reads come from msm_x/y3, msm_x/y4) * @return ProverPolynomials */ - ProverPolynomials(const CircuitBuilder& builder) + ProverPolynomials(const CircuitBuilder& builder, const bool fixed_size = false) { // compute rows for the three different sections of the ECCVM execution trace const auto transcript_rows = @@ -546,8 +546,12 @@ class ECCVMFlavor { const size_t num_rows = std::max({ point_table_rows.size(), msm_rows.size(), transcript_rows.size() }) + MASKING_OFFSET; const auto log_num_rows = static_cast(numeric::get_msb64(num_rows)); - const size_t dyadic_num_rows = - std::max(1UL << CONST_ECCVM_LOG_N, 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1))); + + ASSERT(1UL << CONST_ECCVM_LOG_N > 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1))); + + const size_t dyadic_num_rows = fixed_size + ? 1UL << CONST_ECCVM_LOG_N + : 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1)); for (auto& poly : get_to_be_shifted()) { poly = Polynomial{ /*memory size*/ dyadic_num_rows - 1, @@ -712,17 +716,20 @@ class ECCVMFlavor { // Expose constructors on the base class using Base = ProvingKey_; using Base::Base; - size_t fixed_size; + size_t real_size = 0; ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover - ProvingKey(const CircuitBuilder& builder) - : Base(std::max(1UL << CONST_ECCVM_LOG_N, - builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())), - 0) - , fixed_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) + ProvingKey(const CircuitBuilder& builder, const bool fixed_size = false) + : Base( + // If we want a fixed size, use 2^(CONST_ECCVM_LOG_N). + // Otherwise, compute the real circuit size from the builder. + fixed_size ? (1UL << CONST_ECCVM_LOG_N) + : builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates()), + 0) + , real_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) - , polynomials(builder) + , polynomials(builder, fixed_size) {} }; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 2c84d56462d3..c5e6cbaa417d 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -13,10 +13,12 @@ namespace bb { ECCVMProver::ECCVMProver(CircuitBuilder& builder, + const bool fixed_size, const std::shared_ptr& transcript, const std::shared_ptr& ipa_transcript) : transcript(transcript) , ipa_transcript(ipa_transcript) + , fixed_size(fixed_size) { PROFILE_THIS_NAME("ECCVMProver(CircuitBuilder&)"); @@ -24,7 +26,7 @@ ECCVMProver::ECCVMProver(CircuitBuilder& builder, // ProvingKey/ProverPolynomials and update the model to reflect what's done in all other proving systems. // Construct the proving key; populates all polynomials except for witness polys - key = std::make_shared(builder); + key = std::make_shared(builder, fixed_size); key->commitment_key = std::make_shared(key->circuit_size); } @@ -50,7 +52,7 @@ void ECCVMProver::execute_wire_commitments_round() commitment_labels.get_wires_without_accumulators())) { PolynomialSpan wire_span = wire; - transcript->send_to_verifier(label, key->commitment_key->commit(wire_span.subspan(0, key->fixed_size))); + transcript->send_to_verifier(label, key->commitment_key->commit(wire_span.subspan(0, key->real_size))); } // The accumulators are populated until the 2^{CONST_ECCVM_LOG_N}, therefore we commit to a full-sized polynomial diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 4217b3818622..6a8a2b4e1793 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -30,6 +30,7 @@ class ECCVMProver { using SmallSubgroupIPA = SmallSubgroupIPAProver; explicit ECCVMProver(CircuitBuilder& builder, + const bool fixed_size = false, const std::shared_ptr& transcript = std::make_shared(), const std::shared_ptr& ipa_transcript = std::make_shared()); @@ -47,6 +48,8 @@ class ECCVMProver { std::shared_ptr transcript; std::shared_ptr ipa_transcript; + bool fixed_size; + TranslationEvaluations translation_evaluations; std::vector public_inputs; From dd2f56a85eb631da81f7d5f9d631d40b3a4771cf Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Thu, 6 Feb 2025 19:22:56 +0000 Subject: [PATCH 09/15] comments --- barretenberg/cpp/src/barretenberg/goblin/goblin.hpp | 3 ++- .../cpp/src/barretenberg/translator_vm/translator_flavor.hpp | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp index be0fab4ad753..872b168f9605 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp @@ -176,7 +176,8 @@ class GoblinProver { PROFILE_THIS_NAME("Create ECCVMBuilder and ECCVMProver"); auto eccvm_builder = std::make_unique(op_queue); - eccvm_prover = std::make_unique(*eccvm_builder); + // As is it used in ClientIVC, we make it fixed size = 2^{CONST_ECCVM_LOG_N} + eccvm_prover = std::make_unique(*eccvm_builder, /*fixed_size =*/true); } { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp index 9b6468d4fbab..2f2fff063ecc 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp @@ -40,6 +40,7 @@ class TranslatorFlavor { // Indicates that this flavor runs with ZK Sumcheck. static constexpr bool HasZK = true; + // A minicircuit of such size allows for 10 rounds of folding (i.e. 20 circuits). static constexpr size_t MINIMUM_MINI_CIRCUIT_SIZE = 8192; // The size of the circuit which is filled with non-zero values for most polynomials. Most relations (everything From 5631090636f1523a1bbbe41f19bbb363733aa37c Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Fri, 7 Feb 2025 09:36:50 +0000 Subject: [PATCH 10/15] docs --- .../cpp/src/barretenberg/eccvm/eccvm_flavor.hpp | 15 ++++++++++++++- .../cpp/src/barretenberg/eccvm/eccvm_prover.cpp | 3 ++- .../cpp/src/barretenberg/sumcheck/sumcheck.hpp | 1 + .../translator_vm/translator_prover.cpp | 2 ++ .../barretenberg/ultra_honk/mega_honk.test.cpp | 6 ++++++ 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 5836af9fc4eb..33c48b27bc0b 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -192,6 +192,11 @@ class ECCVMFlavor { transcript_msm_count_zero_at_transition, // column 58 transcript_msm_count_at_transition_inverse) // column 59 }; + + /** + * @brief Containter for transcript accumulators, they stand out as the only to-be-shifted wires that are always + * populated until the dyadic size of the circuit. + */ template class WireToBeShiftedAccumulatorEntities { public: DEFINE_FLAVOR_MEMBERS(DataType, @@ -199,7 +204,8 @@ class ECCVMFlavor { transcript_accumulator_y) // column 63 }; /** - * @brief Container for all witness polynomials used/constructed by the prover. + * @brief Container for all to-be-shifted witness polynomials excluding the accumulators used/constructed by the + * prover. * @details Shifts are not included here since they do not occupy their own memory. */ template class WireToBeShiftedWithoutAccumulatorsEntities { @@ -229,6 +235,10 @@ class ECCVMFlavor { transcript_accumulator_empty, // column 83 precompute_select) // column 84 }; + /** + * @brief Container for all wire polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory. + */ template class WireEntities : public WireNonShiftedEntities, public WireToBeShiftedAccumulatorEntities, @@ -258,6 +268,8 @@ class ECCVMFlavor { WireToBeShiftedWithoutAccumulatorsEntities::get_all(), WireToBeShiftedAccumulatorEntities::get_all()); }; + + // Used to amortize the commitment time when the ECCVM size is fixed auto get_accumulators() { return WireToBeShiftedAccumulatorEntities::get_all(); }; auto get_wires_without_accumulators() { @@ -716,6 +728,7 @@ class ECCVMFlavor { // Expose constructors on the base class using Base = ProvingKey_; using Base::Base; + // Used to amortize the commitment time when `fixed_size` = true. size_t real_size = 0; ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index c5e6cbaa417d..df61574c7b72 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -50,7 +50,8 @@ void ECCVMProver::execute_wire_commitments_round() // Commit to wires whose length is bounded by the real size of the ECCVM for (const auto& [wire, label] : zip_view(key->polynomials.get_wires_without_accumulators(), commitment_labels.get_wires_without_accumulators())) { - + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1240) Structured Polynomials in + // ECCVM/Translator/MegaZK PolynomialSpan wire_span = wire; transcript->send_to_verifier(label, key->commitment_key->commit(wire_span.subspan(0, key->real_size))); } diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index 6b847af13521..dd12305bc436 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -305,6 +305,7 @@ template class SumcheckProver { // Place the evaluations of the round univariate into transcript. transcript->send_to_verifier("Sumcheck:univariate_0", round_univariate); } else { + // Compute monomial coefficients of the round univariate, commit to it, populate an auxiliary structure // needed in the PCS round commit_to_round_univariate( diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp index 10f337d3d7c2..72abe38015d2 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_prover.cpp @@ -49,6 +49,8 @@ void TranslatorProver::execute_wire_and_sorted_constraints_commitments_round() // values. Therefore we could commit to a subspan of that size. for (const auto& [wire, label] : zip_view(key->proving_key->polynomials.get_wires(), commitment_labels.get_wires())) { + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1240) Structured Polynomials in + // ECCVM/Translator/MegaZK PolynomialSpan wire_span = wire; transcript->send_to_verifier( label, key->proving_key->commitment_key->commit(wire_span.subspan(0, key->mini_circuit_dyadic_size))); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/mega_honk.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/mega_honk.test.cpp index eaa85b26ee38..ff8f002abc32 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/mega_honk.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/mega_honk.test.cpp @@ -116,6 +116,8 @@ TYPED_TEST(MegaHonkTests, BasicStructured) // In MegaZKFlavor, we mask witness polynomials by placing random values at the indices `dyadic_circuit_size`-i for // i=1,2,3. This mechanism does not work with structured polynomials yet. + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1240) Structured Polynomials in + // ECCVM/Translator/MegaZK if constexpr (std::is_same_v) { GTEST_SKIP() << "Skipping 'BasicStructured' test for MegaZKFlavor."; } @@ -152,6 +154,8 @@ TYPED_TEST(MegaHonkTests, DynamicVirtualSizeIncrease) // In MegaZKFlavor, we mask witness polynomials by placing random values at the indices `dyadic_circuit_size`-i for // i=1,2,3. This mechanism does not work with structured polynomials yet. + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1240) Structured Polynomials in + // ECCVM/Translator/MegaZK if constexpr (std::is_same_v) { GTEST_SKIP() << "Skipping 'DynamicVirtualSizeIncrease' test for MegaZKFlavor."; } @@ -396,6 +400,8 @@ TYPED_TEST(MegaHonkTests, PolySwap) using Flavor = TypeParam; // In MegaZKFlavor, we mask witness polynomials by placing random values at the indices `dyadic_circuit_size`-i, for // i=1,2,3. This mechanism does not work with structured polynomials yet. + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1240) Structured Polynomials in + // ECCVM/Translator/MegaZK if constexpr (std::is_same_v) { GTEST_SKIP() << "Skipping 'PolySwap' test for MegaZKFlavor."; } From c310c8a84bf24617572de8176ce7db3184f2a2a2 Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Fri, 7 Feb 2025 11:53:57 +0000 Subject: [PATCH 11/15] fix tests --- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 54 +++++++++---------- .../eccvm/eccvm_transcript.test.cpp | 2 +- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 33c48b27bc0b..3d7b06aac36d 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -200,8 +200,9 @@ class ECCVMFlavor { template class WireToBeShiftedAccumulatorEntities { public: DEFINE_FLAVOR_MEMBERS(DataType, - transcript_accumulator_x, // column 62 - transcript_accumulator_y) // column 63 + transcript_accumulator_empty, // column 83 + transcript_accumulator_x, // column 62 + transcript_accumulator_y) // column 63 }; /** * @brief Container for all to-be-shifted witness polynomials excluding the accumulators used/constructed by the @@ -211,29 +212,28 @@ class ECCVMFlavor { template class WireToBeShiftedWithoutAccumulatorsEntities { public: DEFINE_FLAVOR_MEMBERS(DataType, - transcript_mul, // column 60 - transcript_msm_count, // column 61 - precompute_scalar_sum, // column 64 - precompute_s1hi, // column 65 - precompute_dx, // column 66 - precompute_dy, // column 67 - precompute_tx, // column 68 - precompute_ty, // column 69 - msm_transition, // column 70 - msm_add, // column 71 - msm_double, // column 72 - msm_skew, // column 73 - msm_accumulator_x, // column 74 - msm_accumulator_y, // column 75 - msm_count, // column 76 - msm_round, // column 77 - msm_add1, // column 78 - msm_pc, // column 79 - precompute_pc, // column 80 - transcript_pc, // column 81 - precompute_round, // column 82 - transcript_accumulator_empty, // column 83 - precompute_select) // column 84 + transcript_mul, // column 60 + transcript_msm_count, // column 61 + precompute_scalar_sum, // column 64 + precompute_s1hi, // column 65 + precompute_dx, // column 66 + precompute_dy, // column 67 + precompute_tx, // column 68 + precompute_ty, // column 69 + msm_transition, // column 70 + msm_add, // column 71 + msm_double, // column 72 + msm_skew, // column 73 + msm_accumulator_x, // column 74 + msm_accumulator_y, // column 75 + msm_count, // column 76 + msm_round, // column 77 + msm_add1, // column 78 + msm_pc, // column 79 + precompute_pc, // column 80 + transcript_pc, // column 81 + precompute_round, // column 82 + precompute_select) // column 84 }; /** * @brief Container for all wire polynomials used/constructed by the prover. @@ -305,8 +305,8 @@ class ECCVMFlavor { precompute_pc_shift, // column 20 transcript_pc_shift, // column 21 precompute_round_shift, // column 22 - transcript_accumulator_empty_shift, // column 23 precompute_select_shift, // column 24 + transcript_accumulator_empty_shift, // column 23 transcript_accumulator_x_shift, // column 2 transcript_accumulator_y_shift, // column 3 z_perm_shift); // column 25 @@ -337,8 +337,8 @@ class ECCVMFlavor { entities.precompute_pc, // column 20 entities.transcript_pc, // column 21 entities.precompute_round, // column 22 - entities.transcript_accumulator_empty, // column 23 entities.precompute_select, // column 24 + entities.transcript_accumulator_empty, // column 23 entities.transcript_accumulator_x, // column 2 entities.transcript_accumulator_y, // column 3 entities.z_perm }; // column 25 diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp index eeaf1eb9d878..978c3b203e86 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp @@ -118,8 +118,8 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "PRECOMPUTE_PC", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_PC", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_ROUND", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_EMPTY", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_SELECT", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_EMPTY", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G); manifest_expected.add_challenge(round, "beta", "gamma"); From 69cf76b13c89b2238e9d857f8047f3a6877c08c1 Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Fri, 7 Feb 2025 17:48:43 +0000 Subject: [PATCH 12/15] test + resolved comments --- .../client_ivc/client_ivc.test.cpp | 42 ++++ .../src/barretenberg/eccvm/eccvm_flavor.hpp | 194 +++++++++--------- .../translator_vm/translator_proving_key.hpp | 5 +- 3 files changed, 139 insertions(+), 102 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index 7058100adb24..1b3657029b6c 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -337,6 +337,48 @@ TEST_F(ClientIVCTests, StructuredPrecomputedVKs) EXPECT_TRUE(ivc.prove_and_verify()); }; +/** + * @brief Perform accumulation with a structured trace and precomputed verification keys + * + */ +TEST_F(ClientIVCTests, VKsIndependenceTest) +{ + + const size_t MIN_NUM_CIRCUITS = 2; + // Folding more than 20 circuits requires to double the number of gates in Translator. + const size_t MAX_NUM_CIRCUITS = 20; + const size_t log2_num_gates = 5; // number of gates in baseline mocked circuit + + auto generate_vk = [&](size_t num_circuits) { + ClientIVC ivc{ { SMALL_TEST_STRUCTURE } }; + MockCircuitProducer circuit_producer; + for (size_t j = 0; j < num_circuits; ++j) { + auto circuit = circuit_producer.create_next_circuit(ivc, log2_num_gates); + ivc.accumulate(circuit); + } + ivc.prove(); + return ivc.get_vk(); + }; + + auto civc_vk_2 = generate_vk(MIN_NUM_CIRCUITS); + auto civc_vk_20 = generate_vk(MAX_NUM_CIRCUITS); + + auto compare_selectors = [&](const auto& selectors_1, const auto& selectors_2) { + for (auto [s1, s2] : zip_view(selectors_1, selectors_2)) { + EXPECT_EQ(s1, s2); + } + }; + + // Check that the Mega selectors are fixed. + compare_selectors(civc_vk_2.mega->get_selectors(), civc_vk_20.mega->get_selectors()); + + // Check that the ECCVM selectors are fixed. + compare_selectors(civc_vk_2.eccvm->get_all(), civc_vk_20.eccvm->get_all()); + + // Check that the Translator selectors are fixed. + compare_selectors(civc_vk_2.translator->get_all(), civc_vk_20.translator->get_all()); +}; + /** * @brief Run a test using functions shared with the ClientIVC benchmark. * @details We do have this in addition to the above tests anyway so we can believe that the benchmark is running on diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 3d7b06aac36d..2f95c404162b 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -45,6 +45,9 @@ class ECCVMFlavor { // Indicates that this flavor runs with ZK Sumcheck. static constexpr bool HasZK = true; + // Fixed size of the ECCVM circuits used in ClientIVC + static constexpr size_t ECCVM_FIXED_SIZE = 1UL << CONST_ECCVM_LOG_N; + static constexpr size_t NUM_WIRES = 85; // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often @@ -114,9 +117,6 @@ class ECCVMFlavor { lagrange_last); // column 2 DataType get_selectors() { return get_all(); }; - auto get_sigma_polynomials() { return RefArray{}; }; - auto get_id_polynomials() { return RefArray{}; }; - auto get_table_polynomials() { return RefArray{}; }; }; /** @@ -193,17 +193,6 @@ class ECCVMFlavor { transcript_msm_count_at_transition_inverse) // column 59 }; - /** - * @brief Containter for transcript accumulators, they stand out as the only to-be-shifted wires that are always - * populated until the dyadic size of the circuit. - */ - template class WireToBeShiftedAccumulatorEntities { - public: - DEFINE_FLAVOR_MEMBERS(DataType, - transcript_accumulator_empty, // column 83 - transcript_accumulator_x, // column 62 - transcript_accumulator_y) // column 63 - }; /** * @brief Container for all to-be-shifted witness polynomials excluding the accumulators used/constructed by the * prover. @@ -214,40 +203,40 @@ class ECCVMFlavor { DEFINE_FLAVOR_MEMBERS(DataType, transcript_mul, // column 60 transcript_msm_count, // column 61 - precompute_scalar_sum, // column 64 - precompute_s1hi, // column 65 - precompute_dx, // column 66 - precompute_dy, // column 67 - precompute_tx, // column 68 - precompute_ty, // column 69 - msm_transition, // column 70 - msm_add, // column 71 - msm_double, // column 72 - msm_skew, // column 73 - msm_accumulator_x, // column 74 - msm_accumulator_y, // column 75 - msm_count, // column 76 - msm_round, // column 77 - msm_add1, // column 78 - msm_pc, // column 79 - precompute_pc, // column 80 - transcript_pc, // column 81 - precompute_round, // column 82 - precompute_select) // column 84 + precompute_scalar_sum, // column 62 + precompute_s1hi, // column 63 + precompute_dx, // column 64 + precompute_dy, // column 65 + precompute_tx, // column 66 + precompute_ty, // column 67 + msm_transition, // column 68 + msm_add, // column 69 + msm_double, // column 70 + msm_skew, // column 71 + msm_accumulator_x, // column 72 + msm_accumulator_y, // column 73 + msm_count, // column 74 + msm_round, // column 75 + msm_add1, // column 76 + msm_pc, // column 77 + precompute_pc, // column 78 + transcript_pc, // column 79 + precompute_round, // column 80 + precompute_select) // column 81 }; + /** - * @brief Container for all wire polynomials used/constructed by the prover. - * @details Shifts are not included here since they do not occupy their own memory. + * @brief Containter for transcript accumulators, they stand out as the only to-be-shifted wires that are always + * populated until the dyadic size of the circuit. */ - template - class WireEntities : public WireNonShiftedEntities, - public WireToBeShiftedAccumulatorEntities, - public WireToBeShiftedWithoutAccumulatorsEntities { + template class WireToBeShiftedAccumulatorEntities { public: - DEFINE_COMPOUND_GET_ALL(WireNonShiftedEntities, - WireToBeShiftedAccumulatorEntities, - WireToBeShiftedWithoutAccumulatorsEntities); + DEFINE_FLAVOR_MEMBERS(DataType, + transcript_accumulator_empty, // column 82 + transcript_accumulator_x, // column 83 + transcript_accumulator_y) // column 84 }; + /** * @brief Container for all witness polynomials used/constructed by the prover. * @details Shifts are not included here since they do not occupy their own memory. @@ -286,29 +275,29 @@ class ECCVMFlavor { DEFINE_FLAVOR_MEMBERS(DataType, transcript_mul_shift, // column 0 transcript_msm_count_shift, // column 1 - precompute_scalar_sum_shift, // column 4 - precompute_s1hi_shift, // column 5 - precompute_dx_shift, // column 6 - precompute_dy_shift, // column 7 - precompute_tx_shift, // column 8 - precompute_ty_shift, // column 9 - msm_transition_shift, // column 10 - msm_add_shift, // column 11 - msm_double_shift, // column 12 - msm_skew_shift, // column 13 - msm_accumulator_x_shift, // column 14 - msm_accumulator_y_shift, // column 15 - msm_count_shift, // column 16 - msm_round_shift, // column 17 - msm_add1_shift, // column 18 - msm_pc_shift, // column 19 - precompute_pc_shift, // column 20 - transcript_pc_shift, // column 21 - precompute_round_shift, // column 22 - precompute_select_shift, // column 24 - transcript_accumulator_empty_shift, // column 23 - transcript_accumulator_x_shift, // column 2 - transcript_accumulator_y_shift, // column 3 + precompute_scalar_sum_shift, // column 2 + precompute_s1hi_shift, // column 3 + precompute_dx_shift, // column 4 + precompute_dy_shift, // column 5 + precompute_tx_shift, // column 6 + precompute_ty_shift, // column 7 + msm_transition_shift, // column 8 + msm_add_shift, // column 9 + msm_double_shift, // column 10 + msm_skew_shift, // column 11 + msm_accumulator_x_shift, // column 12 + msm_accumulator_y_shift, // column 13 + msm_count_shift, // column 14 + msm_round_shift, // column 15 + msm_add1_shift, // column 16 + msm_pc_shift, // column 17 + precompute_pc_shift, // column 18 + transcript_pc_shift, // column 19 + precompute_round_shift, // column 20 + precompute_select_shift, // column 21 + transcript_accumulator_empty_shift, // column 22 + transcript_accumulator_x_shift, // column 23 + transcript_accumulator_y_shift, // column 24 z_perm_shift); // column 25 }; @@ -318,29 +307,29 @@ class ECCVMFlavor { // NOTE: must match order of ShiftedEntities above! return RefArray{ entities.transcript_mul, // column 0 entities.transcript_msm_count, // column 1 - entities.precompute_scalar_sum, // column 4 - entities.precompute_s1hi, // column 5 - entities.precompute_dx, // column 6 - entities.precompute_dy, // column 7 - entities.precompute_tx, // column 8 - entities.precompute_ty, // column 9 - entities.msm_transition, // column 10 - entities.msm_add, // column 11 - entities.msm_double, // column 12 - entities.msm_skew, // column 13 - entities.msm_accumulator_x, // column 14 - entities.msm_accumulator_y, // column 15 - entities.msm_count, // column 16 - entities.msm_round, // column 17 - entities.msm_add1, // column 18 - entities.msm_pc, // column 19 - entities.precompute_pc, // column 20 - entities.transcript_pc, // column 21 - entities.precompute_round, // column 22 - entities.precompute_select, // column 24 - entities.transcript_accumulator_empty, // column 23 - entities.transcript_accumulator_x, // column 2 - entities.transcript_accumulator_y, // column 3 + entities.precompute_scalar_sum, // column 2 + entities.precompute_s1hi, // column 3 + entities.precompute_dx, // column 4 + entities.precompute_dy, // column 5 + entities.precompute_tx, // column 6 + entities.precompute_ty, // column 7 + entities.msm_transition, // column 8 + entities.msm_add, // column 9 + entities.msm_double, // column 10 + entities.msm_skew, // column 11 + entities.msm_accumulator_x, // column 12 + entities.msm_accumulator_y, // column 13 + entities.msm_count, // column 14 + entities.msm_round, // column 15 + entities.msm_add1, // column 16 + entities.msm_pc, // column 17 + entities.precompute_pc, // column 18 + entities.transcript_pc, // column 19 + entities.precompute_round, // column 20 + entities.precompute_select, // column 21 + entities.transcript_accumulator_empty, // column 22 + entities.transcript_accumulator_x, // column 23 + entities.transcript_accumulator_y, // column 24 entities.z_perm }; // column 25 } @@ -559,11 +548,14 @@ class ECCVMFlavor { std::max({ point_table_rows.size(), msm_rows.size(), transcript_rows.size() }) + MASKING_OFFSET; const auto log_num_rows = static_cast(numeric::get_msb64(num_rows)); - ASSERT(1UL << CONST_ECCVM_LOG_N > 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1))); + size_t dyadic_num_rows = 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1)); - const size_t dyadic_num_rows = fixed_size - ? 1UL << CONST_ECCVM_LOG_N - : 1UL << (log_num_rows + (1UL << log_num_rows == num_rows ? 0 : 1)); + if ((fixed_size) && (ECCVM_FIXED_SIZE < dyadic_num_rows)) { + info("The ECCVM circuit size has exceeded the fixed upper bound"); + ASSERT(false); + } + + dyadic_num_rows = fixed_size ? ECCVM_FIXED_SIZE : dyadic_num_rows; for (auto& poly : get_to_be_shifted()) { poly = Polynomial{ /*memory size*/ dyadic_num_rows - 1, @@ -734,16 +726,16 @@ class ECCVMFlavor { ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover ProvingKey(const CircuitBuilder& builder, const bool fixed_size = false) - : Base( - // If we want a fixed size, use 2^(CONST_ECCVM_LOG_N). - // Otherwise, compute the real circuit size from the builder. - fixed_size ? (1UL << CONST_ECCVM_LOG_N) - : builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates()), - 0) - , real_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) + : real_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) , polynomials(builder, fixed_size) - {} + { + if (fixed_size) { + Base(ECCVM_FIXED_SIZE, 0); + } else { + Base(real_size, 0); + } + } }; /** diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp index e03001b7bd42..2a91195e5501 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp @@ -94,7 +94,10 @@ class TranslatorProvingKey { { // Check that the Translator Circuit does not exceed the fixed upper bound, the current value 8192 corresponds // to 10 rounds of folding (i.e. 20 circuits) - ASSERT(circuit.num_gates < Flavor::MINIMUM_MINI_CIRCUIT_SIZE); + if (circuit.num_gates < Flavor::MINIMUM_MINI_CIRCUIT_SIZE) { + info("The Translator circuit size has exceeded the fixed upper bound"); + ASSERT(false); + } const size_t total_num_gates = std::max(circuit.num_gates, Flavor::MINIMUM_MINI_CIRCUIT_SIZE); // Next power of 2 mini_circuit_dyadic_size = circuit.get_circuit_subgroup_size(total_num_gates); From f47c3d43ea36d859cb6f1268fa35b6fa7e6a19fd Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Fri, 7 Feb 2025 19:22:35 +0000 Subject: [PATCH 13/15] tests fixed --- .../src/barretenberg/eccvm/eccvm_flavor.hpp | 20 ++++++++++--------- .../src/barretenberg/eccvm/eccvm_prover.cpp | 2 +- .../translator_vm/translator_proving_key.hpp | 2 +- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index 2f95c404162b..abfa36225051 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -725,17 +725,19 @@ class ECCVMFlavor { ProverPolynomials polynomials; // storage for all polynomials evaluated by the prover - ProvingKey(const CircuitBuilder& builder, const bool fixed_size = false) - : real_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) + // Constructor for dynamic size ProvingKey + ProvingKey(const CircuitBuilder& builder) + : Base(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates()), 0) + , real_size(this->circuit_size) + , polynomials(builder) + {} + // Constructor for fixed size ProvingKey + ProvingKey(const CircuitBuilder& builder, bool fixed_size) + : Base(ECCVM_FIXED_SIZE, 0) + , real_size(builder.get_circuit_subgroup_size(builder.get_estimated_num_finalized_gates())) , polynomials(builder, fixed_size) - { - if (fixed_size) { - Base(ECCVM_FIXED_SIZE, 0); - } else { - Base(real_size, 0); - } - } + {} }; /** diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index df61574c7b72..2de9bd40f492 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -26,7 +26,7 @@ ECCVMProver::ECCVMProver(CircuitBuilder& builder, // ProvingKey/ProverPolynomials and update the model to reflect what's done in all other proving systems. // Construct the proving key; populates all polynomials except for witness polys - key = std::make_shared(builder, fixed_size); + key = fixed_size ? std::make_shared(builder, fixed_size) : std::make_shared(builder); key->commitment_key = std::make_shared(key->circuit_size); } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp index 2a91195e5501..31fbf94dead8 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_proving_key.hpp @@ -94,7 +94,7 @@ class TranslatorProvingKey { { // Check that the Translator Circuit does not exceed the fixed upper bound, the current value 8192 corresponds // to 10 rounds of folding (i.e. 20 circuits) - if (circuit.num_gates < Flavor::MINIMUM_MINI_CIRCUIT_SIZE) { + if (circuit.num_gates > Flavor::MINIMUM_MINI_CIRCUIT_SIZE) { info("The Translator circuit size has exceeded the fixed upper bound"); ASSERT(false); } From 3ff127b66c37cc098b63b20d2cd65c5fad486a2d Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Tue, 11 Feb 2025 10:45:35 +0000 Subject: [PATCH 14/15] modified VKIndependenceTest --- .../client_ivc/client_ivc.test.cpp | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index 1b3657029b6c..be54f63e0e14 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -341,9 +341,8 @@ TEST_F(ClientIVCTests, StructuredPrecomputedVKs) * @brief Perform accumulation with a structured trace and precomputed verification keys * */ -TEST_F(ClientIVCTests, VKsIndependenceTest) +TEST_F(ClientIVCTests, VKIndependenceTest) { - const size_t MIN_NUM_CIRCUITS = 2; // Folding more than 20 circuits requires to double the number of gates in Translator. const size_t MAX_NUM_CIRCUITS = 20; @@ -357,26 +356,27 @@ TEST_F(ClientIVCTests, VKsIndependenceTest) ivc.accumulate(circuit); } ivc.prove(); - return ivc.get_vk(); + auto ivc_vk = ivc.get_vk(); + + // PCS verification keys will not match so set to null before comparing + ivc_vk.mega->pcs_verification_key = nullptr; + ivc_vk.eccvm->pcs_verification_key = nullptr; + ivc_vk.translator->pcs_verification_key = nullptr; + + return ivc_vk; }; auto civc_vk_2 = generate_vk(MIN_NUM_CIRCUITS); auto civc_vk_20 = generate_vk(MAX_NUM_CIRCUITS); - auto compare_selectors = [&](const auto& selectors_1, const auto& selectors_2) { - for (auto [s1, s2] : zip_view(selectors_1, selectors_2)) { - EXPECT_EQ(s1, s2); - } - }; - - // Check that the Mega selectors are fixed. - compare_selectors(civc_vk_2.mega->get_selectors(), civc_vk_20.mega->get_selectors()); + // Check the equality of the Mega components of the ClientIVC VKeys. + EXPECT_EQ(*civc_vk_2.mega.get(), *civc_vk_20.mega.get()); - // Check that the ECCVM selectors are fixed. - compare_selectors(civc_vk_2.eccvm->get_all(), civc_vk_20.eccvm->get_all()); + // Check the equality of the ECCVM components of the ClientIVC VKeys. + EXPECT_EQ(*civc_vk_2.eccvm.get(), *civc_vk_2.eccvm.get()); - // Check that the Translator selectors are fixed. - compare_selectors(civc_vk_2.translator->get_all(), civc_vk_20.translator->get_all()); + // Check the equality of the Translator components of the ClientIVC VKeys. + EXPECT_EQ(*civc_vk_2.translator.get(), *civc_vk_2.translator.get()); }; /** From 59abff06c4304ab5c884c4a7f0115b8bb8ed72c6 Mon Sep 17 00:00:00 2001 From: iakovenkos Date: Tue, 11 Feb 2025 15:22:09 +0000 Subject: [PATCH 15/15] test fix --- .../cpp/src/barretenberg/client_ivc/client_ivc.test.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index be54f63e0e14..d3be09ed1f29 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -373,10 +373,10 @@ TEST_F(ClientIVCTests, VKIndependenceTest) EXPECT_EQ(*civc_vk_2.mega.get(), *civc_vk_20.mega.get()); // Check the equality of the ECCVM components of the ClientIVC VKeys. - EXPECT_EQ(*civc_vk_2.eccvm.get(), *civc_vk_2.eccvm.get()); + EXPECT_EQ(*civc_vk_2.eccvm.get(), *civc_vk_20.eccvm.get()); // Check the equality of the Translator components of the ClientIVC VKeys. - EXPECT_EQ(*civc_vk_2.translator.get(), *civc_vk_2.translator.get()); + EXPECT_EQ(*civc_vk_2.translator.get(), *civc_vk_20.translator.get()); }; /**