diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/OPTIMIZED_HONK_VERIFIER_AUDIT_SCOPE.md b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/OPTIMIZED_HONK_VERIFIER_AUDIT_SCOPE.md new file mode 100644 index 000000000000..009d95009e0b --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/OPTIMIZED_HONK_VERIFIER_AUDIT_SCOPE.md @@ -0,0 +1,73 @@ +# Optimized Honk Verifier - Audit Scope + +**Primary file to audit**: `barretenberg/sol/src/honk/optimised/honk-optimized.sol.template` + +## Generation Pipeline + +The optimized verifier is a **circuit-agnostic** template. Blake is used only as the test circuit for Solidity test coverage. + +1. **honk-optimized.sol.template** + - Generic Honk verifier logic (sumcheck, shplemini, KZG) + - Contains Blake VK values as placeholders for testing + - Contract name: `BlakeOptHonkVerifier` (for Solidity tests) + +2. **sync_blake_opt_vk.sh** injects VK from `BlakeHonkVerificationKey.sol` + +3. **honk-optimized.sol** (testable contract) + - Used by Solidity tests (`blakeOpt.t.sol`) + - Has concrete Blake circuit VK values + +4. **copy_optimized_to_cpp.sh** replaces VK values + - Replaces hardcoded VK values with `{{ TEMPLATE }}` placeholders + - Renames contract to `HonkVerifier` + +5. **honk_optimized_contract.hpp** (C++ template) + - Contains `HONK_CONTRACT_OPT_SOURCE` with `{{ placeholders }}` + - `get_optimized_honk_solidity_verifier(vk)` injects any circuit's VK + +6. **bb CLI** with `--optimized` flag produces **HonkVerifier.sol** + - Circuit-specific VK values injected + - Ready for on-chain deployment + +## What It Does + +Gas-optimized Solidity assembly verifier for Honk proofs. Uses EVM precompiles: +- `ecAdd` (0x06), `ecMul` (0x07), `ecPairing` (0x08) + +## C++ Reference + +Must match: `UltraVerifier_` in `ultra_honk/ultra_verifier.*` + +## Verification Steps (Solidity ↔ C++) + +| Step | Solidity | C++ | +|------|----------|-----| +| VK Loading | `loadVk()` | `OinkVerifier::verify()` | +| Public Inputs | `computePublicInputDelta()` | `OinkVerifier::verify()` | +| Sumcheck | `verifySumcheck()` | `SumcheckVerifier::verify()` | +| Shplemini | `computeBatchOpeningClaim()` | `ShpleminiVerifier::compute_batch_opening_claim()` | +| KZG | `batchAccumulate()` + pairing | `KZG::reduce_verify_batch_opening_claim()` | + + +## Upcoming Change: Public Input Encoding + +**Current**: 4 limbs per Fq (16 Fr elements for pairing points) +**Planned**: 2 limbs per Fq (8 Fr elements for pairing points) + +Affects pairing point encoding in final verification step. + +## Testing + +```bash +cd barretenberg/sol + +# Primary test for optimized verifier +forge test --match-path test/honk/blakeOpt.t.sol + +# Regenerate after changes +./scripts/sync_blake_opt_vk.sh && ./scripts/copy_optimized_to_cpp.sh -f +``` + +**Primary test**: `blakeOpt.t.sol` - tests the optimized assembly verifier + +**Standard verifier tests** (different code path, for reference only): `Add2`, `Blake`, `ECDSA`, `Recursive` (+ ZK variants) diff --git a/barretenberg/sol/CLAUDE.md b/barretenberg/sol/CLAUDE.md index 4372a5f63629..8df817c4e1bc 100644 --- a/barretenberg/sol/CLAUDE.md +++ b/barretenberg/sol/CLAUDE.md @@ -29,8 +29,8 @@ Circuit-specific verification keys: ### Optimized Verifier (src/honk/optimised/) -- `blake-opt.sol` - Hand-optimized assembly verifier for Blake circuit -- `blake-opt.sol.template` - Template used to generate blake-opt.sol +- `honk-optimized.sol` - Hand-optimized assembly verifier (uses Blake circuit for testing) +- `honk-optimized.sol.template` - Template used to generate honk-optimized.sol - `generate_offsets.py` - Helper for memory layout ### C++ Contract Templates (cpp/src/barretenberg/dsl/acir_proofs/) @@ -48,10 +48,10 @@ These hpp files contain embedded Solidity code used by bb CLI to generate verifi # Regenerate honk_contract.hpp and honk_zk_contract.hpp from Solidity sources ./scripts/copy_to_cpp.sh -f -# Sync VK values from BlakeHonkVerificationKey.sol to blake-opt.sol +# Sync VK values from BlakeHonkVerificationKey.sol to honk-optimized.sol ./scripts/sync_blake_opt_vk.sh -# Copy blake-opt.sol to honk_optimized_contract.hpp +# Copy honk-optimized.sol to honk_optimized_contract.hpp ./scripts/copy_optimized_to_cpp.sh -f # Regenerate all VKs (requires rebuilt bb) @@ -138,7 +138,7 @@ When making changes to core Solidity files: 4. Run tests: `forge test` For optimized verifier changes: -1. Edit `blake-opt.sol.template` +1. Edit `honk-optimized.sol.template` 2. Run `./scripts/sync_blake_opt_vk.sh` to apply VK values 3. Run `./scripts/copy_optimized_to_cpp.sh -f` diff --git a/barretenberg/sol/scripts/copy_optimized_to_cpp.sh b/barretenberg/sol/scripts/copy_optimized_to_cpp.sh index 629638a4a9e1..09c71a8115e5 100755 --- a/barretenberg/sol/scripts/copy_optimized_to_cpp.sh +++ b/barretenberg/sol/scripts/copy_optimized_to_cpp.sh @@ -25,7 +25,7 @@ REPO_ROOT=$(git rev-parse --show-toplevel) # Define paths relative to the barretenberg directory BARRETENBERG_DIR="$REPO_ROOT/barretenberg" -SOL_SRC_FILE="$BARRETENBERG_DIR/sol/src/honk/optimised/blake-opt.sol" +SOL_SRC_FILE="$BARRETENBERG_DIR/sol/src/honk/optimised/honk-optimized.sol" CPP_FILE="$BARRETENBERG_DIR/cpp/src/barretenberg/dsl/acir_proofs/honk_optimized_contract.hpp" # Check if source file exists @@ -57,7 +57,7 @@ TEMP_PROCESSED=$(mktemp) FINAL_SOL=$(mktemp) trap "rm -f $TEMP_CPP $TEMP_SOL $TEMP_PROCESSED $FINAL_SOL" EXIT -# First, copy blake-opt.sol to a temp file for processing +# First, copy honk-optimized.sol to a temp file for processing cp "$SOL_SRC_FILE" "$TEMP_SOL" # Replace the hardcoded constants with template placeholders diff --git a/barretenberg/sol/scripts/init_honk.sh b/barretenberg/sol/scripts/init_honk.sh index 472f91089fa0..cf24ef092aba 100755 --- a/barretenberg/sol/scripts/init_honk.sh +++ b/barretenberg/sol/scripts/init_honk.sh @@ -13,7 +13,7 @@ mkdir -p './src/honk/keys' echo "" echo "✓ VK generation complete" -# Sync blake-opt.sol with generated Blake VK +# Sync honk-optimized.sol with generated Blake VK echo "" -echo "Syncing blake-opt.sol with generated Blake VK..." +echo "Syncing honk-optimized.sol with generated Blake VK..." ./scripts/sync_blake_opt_vk.sh diff --git a/barretenberg/sol/scripts/sync_blake_opt_vk.sh b/barretenberg/sol/scripts/sync_blake_opt_vk.sh index ae9fb3a3943d..c879445ab633 100755 --- a/barretenberg/sol/scripts/sync_blake_opt_vk.sh +++ b/barretenberg/sol/scripts/sync_blake_opt_vk.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Script to sync VK values from generated BlakeHonkVerificationKey.sol to blake-opt.sol -# This ensures blake-opt.sol stays in sync when VK structure changes +# Script to sync VK values from generated BlakeHonkVerificationKey.sol to honk-optimized.sol +# This ensures honk-optimized.sol stays in sync when VK structure changes # # This script is IDEMPOTENT - safe to run multiple times, will only update if values differ @@ -8,8 +8,8 @@ set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" VK_FILE="$SCRIPT_DIR/../src/honk/keys/BlakeHonkVerificationKey.sol" -OPT_FILE="$SCRIPT_DIR/../src/honk/optimised/blake-opt.sol" -TEMPLATE_FILE="$SCRIPT_DIR/../src/honk/optimised/blake-opt.sol.template" +OPT_FILE="$SCRIPT_DIR/../src/honk/optimised/honk-optimized.sol" +TEMPLATE_FILE="$SCRIPT_DIR/../src/honk/optimised/honk-optimized.sol.template" if [ ! -f "$VK_FILE" ]; then echo "Error: VK file not found at $VK_FILE" @@ -17,7 +17,7 @@ if [ ! -f "$VK_FILE" ]; then fi if [ ! -f "$TEMPLATE_FILE" ]; then - echo "Error: blake-opt.sol.template not found at $TEMPLATE_FILE" + echo "Error: honk-optimized.sol.template not found at $TEMPLATE_FILE" exit 1 fi @@ -37,11 +37,11 @@ VK_HASH=$(grep "uint256 constant VK_HASH" "$VK_FILE" | sed -E 's/.*= (0x[0-9a-fA CURRENT_VK_HASH=$(grep "uint256 constant VK_HASH" "$OPT_FILE" | sed -E 's/.*= (0x[0-9a-fA-F]+);/\1/') if [ "$VK_HASH" = "$CURRENT_VK_HASH" ]; then - echo "✓ blake-opt.sol already in sync with VK (VK_HASH: $VK_HASH)" + echo "✓ honk-optimized.sol already in sync with VK (VK_HASH: $VK_HASH)" exit 0 fi -echo "Syncing VK values from VK file to blake-opt.sol..." +echo "Syncing VK values from VK file to honk-optimized.sol..." echo " VK_HASH: $CURRENT_VK_HASH → $VK_HASH" # Extract circuit parameters @@ -65,7 +65,7 @@ read Q_NNF_X Q_NNF_Y <<< $(extract_coords "qNnf") read Q_POSEIDON_2_EXTERNAL_X Q_POSEIDON_2_EXTERNAL_Y <<< $(extract_coords "qPoseidon2External") read Q_POSEIDON_2_INTERNAL_X Q_POSEIDON_2_INTERNAL_Y <<< $(extract_coords "qPoseidon2Internal") -# Extract permutation polynomials (SIGMA in blake-opt.sol, s in VK) +# Extract permutation polynomials (SIGMA in honk-optimized.sol, s in VK) read SIGMA_1_X SIGMA_1_Y <<< $(extract_coords "s1") read SIGMA_2_X SIGMA_2_Y <<< $(extract_coords "s2") read SIGMA_3_X SIGMA_3_Y <<< $(extract_coords "s3") @@ -165,6 +165,6 @@ sed -i "s/mstore(LAGRANGE_FIRST_Y_LOC, 0x[0-9a-fA-F]\+)/mstore(LAGRANGE_FIRST_Y_ sed -i "s/mstore(LAGRANGE_LAST_X_LOC, 0x[0-9a-fA-F]\+)/mstore(LAGRANGE_LAST_X_LOC, $LAGRANGE_LAST_X)/" "$OPT_FILE" sed -i "s/mstore(LAGRANGE_LAST_Y_LOC, 0x[0-9a-fA-F]\+)/mstore(LAGRANGE_LAST_Y_LOC, $LAGRANGE_LAST_Y)/" "$OPT_FILE" -echo "✓ Successfully synced all VK values to blake-opt.sol" +echo "✓ Successfully synced all VK values to honk-optimized.sol" echo " Updated: VK_HASH, circuit params, and all selector commitments" echo " Backup saved at ${OPT_FILE}.bak" diff --git a/barretenberg/sol/src/honk/optimised/.gitignore b/barretenberg/sol/src/honk/optimised/.gitignore index f2cd1261578c..93d4e1a180f5 100644 --- a/barretenberg/sol/src/honk/optimised/.gitignore +++ b/barretenberg/sol/src/honk/optimised/.gitignore @@ -1,2 +1,2 @@ -blake-opt.sol -blake-opt.sol.bak +honk-optimized.sol +honk-optimized.sol.bak diff --git a/barretenberg/sol/src/honk/optimised/blake-opt.sol.template b/barretenberg/sol/src/honk/optimised/honk-optimized.sol.template similarity index 99% rename from barretenberg/sol/src/honk/optimised/blake-opt.sol.template rename to barretenberg/sol/src/honk/optimised/honk-optimized.sol.template index a2857144c82b..877f3d5b3959 100644 --- a/barretenberg/sol/src/honk/optimised/blake-opt.sol.template +++ b/barretenberg/sol/src/honk/optimised/honk-optimized.sol.template @@ -2841,7 +2841,7 @@ contract BlakeOptHonkVerifier is IVerifier { if iszero(sumcheck_valid) { mstore(0x00, SUMCHECK_FAILED_SELECTOR) - return(0x00, 0x20) + revert(0x00, 0x04) } } diff --git a/barretenberg/sol/test/honk/blakeOpt.t.sol b/barretenberg/sol/test/honk/blakeOpt.t.sol index 4c4374446709..4287923980fe 100644 --- a/barretenberg/sol/test/honk/blakeOpt.t.sol +++ b/barretenberg/sol/test/honk/blakeOpt.t.sol @@ -1,5 +1,5 @@ import {BlakeHonkVerifier} from "../../src/honk/instance/BlakeHonk.sol"; -import {BlakeOptHonkVerifier} from "../../src/honk/optimised/blake-opt.sol"; +import {BlakeOptHonkVerifier} from "../../src/honk/optimised/honk-optimized.sol"; import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; import {TestBaseHonk} from "./TestBaseHonk.sol"; import {IVerifier} from "../../src/interfaces/IVerifier.sol";