From 2fc62de1e97f27c9b2c6636246ef6787a17c4e36 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 17 Nov 2023 21:04:30 +0000 Subject: [PATCH 01/39] Squash --- barretenberg/cpp/src/CMakeLists.txt | 1 + .../relations_bench/relations.bench.cpp | 89 ++-- .../commitment_schemes/ipa/ipa.hpp | 2 +- .../commitment_schemes/shplonk/shplonk.hpp | 13 +- .../cpp/src/barretenberg/common/benchmark.hpp | 2 + .../src/barretenberg/eccvm/eccvm_prover.hpp | 4 + .../src/barretenberg/eccvm/eccvm_verifier.cpp | 2 +- .../barretenberg/flavor/goblin_translator.hpp | 270 +----------- .../src/barretenberg/flavor/goblin_ultra.hpp | 4 +- .../cpp/src/barretenberg/flavor/ultra.hpp | 2 +- .../src/barretenberg/goblin/CMakeLists.txt | 2 +- .../cheat_translation_consistency_data.hpp | 11 + .../goblin/full_goblin_composer.test.cpp | 182 ++++---- .../honk/proof_system/permutation_library.hpp | 28 ++ .../barretenberg/polynomials/polynomial.hpp | 4 +- .../barretenberg/proof_system/CMakeLists.txt | 2 +- .../goblin_translator_circuit_builder.hpp | 2 +- .../src/barretenberg/relations/CMakeLists.txt | 2 +- .../relations/ecc_vm/ecc_lookup_relation.cpp | 1 - .../srs/factories/file_crs_factory.hpp | 2 +- .../barretenberg/transcript/transcript.hpp | 16 +- .../barretenberg/translator_vm/CMakeLists.txt | 1 + .../goblin_translator_composer.cpp | 323 ++++++++++++++ .../goblin_translator_composer.hpp | 75 ++++ .../goblin_translator_composer.test.cpp | 87 ++++ .../goblin_translator_prover.cpp | 393 ++++++++++++++++++ .../goblin_translator_prover.hpp | 63 +++ .../goblin_translator_verifier.cpp | 349 ++++++++++++++++ .../goblin_translator_verifier.hpp | 39 ++ .../ultra_honk/relation_correctness.test.cpp | 16 +- .../ultra_honk/ultra_composer.hpp | 9 +- 31 files changed, 1598 insertions(+), 398 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/goblin/cheat_translation_consistency_data.hpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/CMakeLists.txt create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp create mode 100644 barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp diff --git a/barretenberg/cpp/src/CMakeLists.txt b/barretenberg/cpp/src/CMakeLists.txt index 43e5b66200fd..b74bc2f99b59 100644 --- a/barretenberg/cpp/src/CMakeLists.txt +++ b/barretenberg/cpp/src/CMakeLists.txt @@ -74,6 +74,7 @@ add_subdirectory(barretenberg/srs) add_subdirectory(barretenberg/stdlib) add_subdirectory(barretenberg/sumcheck) add_subdirectory(barretenberg/transcript) +add_subdirectory(barretenberg/translator_vm) add_subdirectory(barretenberg/ultra_honk) add_subdirectory(barretenberg/wasi) diff --git a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp index 3300fb4bf8ef..d27dc35f9bc5 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp @@ -1,3 +1,4 @@ +#include "barretenberg/flavor/ecc_vm.hpp" #include "barretenberg/flavor/goblin_translator.hpp" #include "barretenberg/flavor/goblin_ultra.hpp" #include "barretenberg/flavor/ultra.hpp" @@ -7,12 +8,16 @@ namespace { auto& engine = numeric::random::get_debug_engine(); } +using namespace proof_system::honk::sumcheck; + namespace proof_system::benchmark::relations { -using FF = barretenberg::fr; +using Fr = barretenberg::fr; +using Fq = grumpkin::fr; template void execute_relation(::benchmark::State& state) { + using FF = typename Flavor::FF; using AllValues = typename Flavor::AllValues; using SumcheckArrayOfValuesOverSubrelations = typename Relation::SumcheckArrayOfValuesOverSubrelations; @@ -29,82 +34,118 @@ template void execute_relation(::benchmark: } } -void auxiliary_relation(::benchmark::State& state) noexcept +void ultra_auxiliary_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } -BENCHMARK(auxiliary_relation); +BENCHMARK(ultra_auxiliary_relation); -void elliptic_relation(::benchmark::State& state) noexcept +void ultra_elliptic_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } -BENCHMARK(elliptic_relation); +BENCHMARK(ultra_elliptic_relation); -void ecc_op_queue_relation(::benchmark::State& state) noexcept +void ultra_ecc_op_queue_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } -BENCHMARK(ecc_op_queue_relation); +BENCHMARK(ultra_ecc_op_queue_relation); -void gen_perm_sort_relation(::benchmark::State& state) noexcept +void ultra_gen_perm_sort_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } -BENCHMARK(gen_perm_sort_relation); +BENCHMARK(ultra_gen_perm_sort_relation); -void lookup_relation(::benchmark::State& state) noexcept +void ultralookup_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } -BENCHMARK(lookup_relation); +BENCHMARK(ultralookup_relation); void ultra_permutation_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(ultra_permutation_relation); void ultra_arithmetic_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(ultra_arithmetic_relation); void translator_decomposition_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(translator_decomposition_relation); void translator_opcode_constraint_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(translator_opcode_constraint_relation); void translator_accumulator_transfer_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(translator_accumulator_transfer_relation); void translator_gen_perm_sort_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(translator_gen_perm_sort_relation); void translator_non_native_field_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(translator_non_native_field_relation); void translator_permutation_relation(::benchmark::State& state) noexcept { - execute_relation>(state); + execute_relation>(state); } BENCHMARK(translator_permutation_relation); +void eccvm_lookup_relation(::benchmark::State& state) noexcept +{ + execute_relation>(state); +} +BENCHMARK(eccvm_lookup_relation); + +void eccvm_msm_relation(::benchmark::State& state) noexcept +{ + execute_relation>(state); +} +BENCHMARK(eccvm_msm_relation); + +void eccvm_point_table_relation(::benchmark::State& state) noexcept +{ + execute_relation>(state); +} +BENCHMARK(eccvm_point_table_relation); + +void eccvm_set_relation(::benchmark::State& state) noexcept +{ + execute_relation>(state); +} +BENCHMARK(eccvm_set_relation); + +void eccvm_transcript_relation(::benchmark::State& state) noexcept +{ + execute_relation>(state); +} +BENCHMARK(eccvm_transcript_relation); + +void eccvm_wnaf_relation(::benchmark::State& state) noexcept +{ + execute_relation>(state); +} +BENCHMARK(eccvm_wnaf_relation); + } // namespace proof_system::benchmark::relations diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 7a46a3eb71e4..df7246864366 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -202,7 +202,7 @@ template class IPA { // Copy the G_vector to local memory. std::vector G_vec_local(poly_degree); // The SRS stored in the commitment key is the result after applying the pippenger point table so the - // values at odd indices contain the point {srs[i-1].x * beta, srs[i-1].y}, where beta is the endomorphism + // values at odd indices contain the point {srs[i-1].x * g beta, srs[i-1].y}, where beta is the endomorphism // G_vec_local should use only the original SRS thus we extract only the even indices. for (size_t i = 0; i < poly_degree * 2; i += 2) { G_vec_local[i >> 1] = srs_elements[i]; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp index 06b258644ac1..d302295bda86 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp @@ -104,6 +104,7 @@ template class ShplonkProver_ { const Fr& nu_challenge, const Fr& z_challenge) { + const size_t num_opening_pairs = opening_pairs.size(); // {ẑⱼ(r)}ⱼ , where ẑⱼ(r) = 1/zⱼ(r) = 1/(r - xⱼ) @@ -163,16 +164,16 @@ template class ShplonkVerifier_ { */ static OpeningClaim reduce_verification(std::shared_ptr vk, std::span> claims, - auto& transcript) + auto& transcript, + const std::string& suffix = "") { const size_t num_claims = claims.size(); - const Fr nu = transcript.get_challenge("Shplonk:nu"); - - auto Q_commitment = transcript.template receive_from_prover("Shplonk:Q"); + const Fr nu = transcript.get_challenge("Shplonk" + suffix + ":nu"); + auto Q_commitment = transcript.template receive_from_prover("Shplonk" + suffix + ":Q"); - const Fr z_challenge = transcript.get_challenge("Shplonk:z"); + const Fr z_challenge = transcript.get_challenge("Shplonk" + suffix + ":z"); // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1] // = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )] @@ -205,7 +206,7 @@ template class ShplonkVerifier_ { std::vector inverse_vanishing_evals; inverse_vanishing_evals.reserve(num_claims); for (const auto& claim : claims) { - // Note: no need for batch inversion; emulated inversion is cheap. (just show known inverse is valid) + // Note: no need for batch inversion; emulated inverison is cheap. (just show known inverse is valid) inverse_vanishing_evals.emplace_back((z_challenge - claim.opening_pair.challenge).invert()); } diff --git a/barretenberg/cpp/src/barretenberg/common/benchmark.hpp b/barretenberg/cpp/src/barretenberg/common/benchmark.hpp index 5d3034bbe6fd..98715635c926 100644 --- a/barretenberg/cpp/src/barretenberg/common/benchmark.hpp +++ b/barretenberg/cpp/src/barretenberg/common/benchmark.hpp @@ -8,6 +8,8 @@ #include #include +#pragma GCC diagnostic ignored "-Wunused-result" // GCC13 hits this + namespace { /** * If user provides the env var BENCHMARK_FD write benchmarks to this fd, otherwise default to -1 (disable). diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 7bbf8f2de8a1..59d6f306560c 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -2,6 +2,7 @@ #include "barretenberg/commitment_schemes/gemini/gemini.hpp" #include "barretenberg/commitment_schemes/shplonk/shplonk.hpp" #include "barretenberg/flavor/ecc_vm.hpp" +#include "barretenberg/goblin/cheat_translation_consistency_data.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" @@ -22,6 +23,7 @@ template class ECCVMProver_ { using CommitmentLabels = typename Flavor::CommitmentLabels; using Curve = typename Flavor::Curve; using Transcript = typename Flavor::Transcript; + using CheatGoblinTranslationConsistencyData = barretenberg::CheatGoblinTranslationConsistencyData; public: explicit ECCVMProver_(std::shared_ptr input_key, std::shared_ptr commitment_key); @@ -43,6 +45,8 @@ template class ECCVMProver_ { Transcript transcript; + CheatGoblinTranslationConsistencyData cheat_translation_consistency_data; + std::vector public_inputs; proof_system::RelationParameters relation_parameters; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp index a1411db492fd..8c5301856e65 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp @@ -270,7 +270,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk univariate_opening_verified = PCS::verify(pcs_verification_key, batched_univariate_claim, transcript); } - return multivariate_opening_verified && univariate_opening_verified; + return sumcheck_verified.value() && multivariate_opening_verified && univariate_opening_verified; } template class ECCVMVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index 0bd927302ff6..4d9485becd59 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -13,245 +13,13 @@ #include "barretenberg/relations/translator_vm/translator_non_native_field_relation.hpp" #include "barretenberg/relations/translator_vm/translator_permutation_relation.hpp" #include "relation_definitions_fwd.hpp" -#include -#include -#include -#include -#include -#include namespace proof_system::honk::flavor { -template class GoblinTranslator_ { +class GoblinTranslator { public: - /** - * @brief Enum containing IDs of all the polynomials used in Goblin Translator - * - * @details We use the enum for easier updates of structure sizes and for cases where we need to get a particular - * polynomial programmatically - */ - enum ALL_ENTITIES_IDS : size_t { - /*The first 4 wires contain the standard values from the EccOpQueue*/ - OP, - X_LO_Y_HI, - X_HI_Z_1, - Y_LO_Z_2, - /*P.xₗₒ split into 2 NUM_LIMB_BITS bit limbs*/ - P_X_LOW_LIMBS, - /*Low limbs split further into smaller chunks for range constraints*/ - P_X_LOW_LIMBS_RANGE_CONSTRAINT_0, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_1, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_2, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_3, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_4, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - /*P.xₕᵢ split into 2 NUM_LIMB_BITS bit limbs*/ - P_X_HIGH_LIMBS, - /*High limbs split into chunks for range constraints*/ - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide limb - // range cosntraints - /*P.yₗₒ split into 2 NUM_LIMB_BITS bit limbs*/ - P_Y_LOW_LIMBS, - /*Low limbs split into chunks for range constraints*/ - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - /*P.yₕᵢ split into 2 NUM_LIMB_BITS bit limbs*/ - P_Y_HIGH_LIMBS, - /*High limbs split into chunks for range constraints*/ - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide limb - // range cosntraints - /*Low limbs of z_1 and z_2*/ - Z_LOW_LIMBS, - /*Range constraints for low limbs of z_1 and z_2*/ - Z_LOW_LIMBS_RANGE_CONSTRAINT_0, - Z_LOW_LIMBS_RANGE_CONSTRAINT_1, - Z_LOW_LIMBS_RANGE_CONSTRAINT_2, - Z_LOW_LIMBS_RANGE_CONSTRAINT_3, - Z_LOW_LIMBS_RANGE_CONSTRAINT_4, - Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - /*High Limbs of z_1 and z_2*/ - Z_HIGH_LIMBS, - /*Range constraints for high limbs of z_1 and z_2*/ - Z_HIGH_LIMBS_RANGE_CONSTRAINT_0, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_1, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_2, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_3, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_4, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, - /* Contain NUM_LIMB_BITS-bit limbs of current and previous accumulator (previous at higher indices because of - the nuances of KZG commitment) */ - ACCUMULATORS_BINARY_LIMBS_0, - ACCUMULATORS_BINARY_LIMBS_1, - ACCUMULATORS_BINARY_LIMBS_2, - ACCUMULATORS_BINARY_LIMBS_3, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0, // Range constraints for the current accumulator limbs (no need to - // redo previous accumulator) - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide - // limb range constraints - - /* Quotient limbs*/ - QUOTIENT_LOW_BINARY_LIMBS, - QUOTIENT_HIGH_BINARY_LIMBS, - /* Range constraints for quotient */ - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_0, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_1, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_2, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_3, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_4, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_0, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_1, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_2, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_3, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_4, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide - // limb range constraints - - /* Limbs for checking the correctness of mod 2²⁷² relations*/ - RELATION_WIDE_LIMBS, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3, - /*Concatenations of various range constraint wires*/ - CONCATENATED_RANGE_CONSTRAINTS_0, - CONCATENATED_RANGE_CONSTRAINTS_1, - CONCATENATED_RANGE_CONSTRAINTS_2, - CONCATENATED_RANGE_CONSTRAINTS_3, - /*Values from concatenated range constraints + some additional ones*/ - ORDERED_RANGE_CONSTRAINTS_0, - ORDERED_RANGE_CONSTRAINTS_1, - ORDERED_RANGE_CONSTRAINTS_2, - ORDERED_RANGE_CONSTRAINTS_3, - ORDERED_RANGE_CONSTRAINTS_4, - /*Grand Product Polynomial*/ - Z_PERM, - /*Shifted versions of polynomials*/ - X_LO_Y_HI_SHIFT, - X_HI_Z_1_SHIFT, - Y_LO_Z_2_SHIFT, - P_X_LOW_LIMBS_SHIFT, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - P_X_HIGH_LIMBS_SHIFT, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - P_Y_LOW_LIMBS_SHIFT, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - P_Y_HIGH_LIMBS_SHIFT, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - Z_LOW_LIMBS_SHIFT, - Z_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - Z_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - Z_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - Z_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - Z_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - Z_HIGH_LIMBS_SHIFT, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - ACCUMULATORS_BINARY_LIMBS_0_SHIFT, - ACCUMULATORS_BINARY_LIMBS_1_SHIFT, - ACCUMULATORS_BINARY_LIMBS_2_SHIFT, - ACCUMULATORS_BINARY_LIMBS_3_SHIFT, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - QUOTIENT_LOW_BINARY_LIMBS_SHIFT, - QUOTIENT_HIGH_BINARY_LIMBS_SHIFT, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, - QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, - RELATION_WIDE_LIMBS_SHIFT, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0_SHIFT, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1_SHIFT, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2_SHIFT, - RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3_SHIFT, - ORDERED_RANGE_CONSTRAINTS_0_SHIFT, - ORDERED_RANGE_CONSTRAINTS_1_SHIFT, - ORDERED_RANGE_CONSTRAINTS_2_SHIFT, - ORDERED_RANGE_CONSTRAINTS_3_SHIFT, - ORDERED_RANGE_CONSTRAINTS_4_SHIFT, - - Z_PERM_SHIFT, - /*All precomputed polynomials*/ - LAGRANGE_FIRST, - LAGRANGE_LAST, - LAGRANGE_ODD_IN_MINICIRCUIT, - LAGRANGE_EVEN_IN_MINICIRCUIT, - LAGRANGE_SECOND, - LAGRANGE_SECOND_TO_LAST_IN_MINICIRCUIT, - ORDERED_EXTRA_RANGE_CONSTRAINTS_NUMERATOR, - /*Utility value*/ - TOTAL_COUNT - - }; - + static constexpr size_t mini_circuit_size = 2048; using CircuitBuilder = GoblinTranslatorCircuitBuilder; using PCS = pcs::kzg::KZG; using Curve = curve::BN254; @@ -300,13 +68,12 @@ template class GoblinTranslator_ { // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS`. // Note: this number does not include the individual sorted list polynomials. - static constexpr size_t NUM_ALL_ENTITIES = ALL_ENTITIES_IDS::TOTAL_COUNT; + static constexpr size_t NUM_ALL_ENTITIES = 184; // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying // assignment of witnesses. We again choose a neutral name. - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = ALL_ENTITIES_IDS::TOTAL_COUNT - ALL_ENTITIES_IDS::Z_PERM_SHIFT; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 7; // The total number of witness entities not including shifts. - static constexpr size_t NUM_WITNESS_ENTITIES = - ALL_ENTITIES_IDS::TOTAL_COUNT - (ALL_ENTITIES_IDS::Z_PERM_SHIFT - ALL_ENTITIES_IDS::Z_PERM); + static constexpr size_t NUM_WITNESS_ENTITIES = 91; using GrandProductRelations = std::tuple>; // define the tuple of Relations that comprise the Sumcheck relation @@ -355,6 +122,7 @@ template class GoblinTranslator_ { &lagrange_second, &lagrange_second_to_last_in_minicircuit, &ordered_extra_range_constraints_numerator); + std::vector get_selectors() { return {}; }; std::vector get_sigma_polynomials() { return {}; }; std::vector get_id_polynomials() { return {}; }; @@ -550,7 +318,7 @@ template class GoblinTranslator_ { &ordered_range_constraints_2, &ordered_range_constraints_3, &ordered_range_constraints_4, - &z_perm, ) + &z_perm) std::vector get_wires() override { @@ -935,7 +703,6 @@ template class GoblinTranslator_ { DataType lagrange_second; // column 181 DataType lagrange_second_to_last_in_minicircuit; // column 182 DataType ordered_extra_range_constraints_numerator; // column 183 - // defines a method pointer_view that returns the following, with const and non-const variants DEFINE_POINTER_VIEW(NUM_ALL_ENTITIES, &op, @@ -1122,7 +889,6 @@ template class GoblinTranslator_ { &lagrange_second, &lagrange_second_to_last_in_minicircuit, &ordered_extra_range_constraints_numerator) - std::vector get_wires() override { @@ -1688,7 +1454,6 @@ template class GoblinTranslator_ { public: using Base = AllEntities; using Base::Base; - AllValues(std::array _data_in) { this->_data = _data_in; } }; /** * @brief A container for the prover polynomials handles; only stores spans. @@ -1728,13 +1493,11 @@ template class GoblinTranslator_ { */ class AllPolynomials : public AllEntities { public: - AllValues get_row(const size_t row_idx) const + [[nodiscard]] AllValues get_row(const size_t row_idx) const { AllValues result; - size_t column_idx = 0; // // TODO(https://github.com/AztecProtocol/barretenberg/issues/391) zip - for (auto& column : this->_data) { - result[column_idx] = column[row_idx]; - column_idx++; + for (auto [result_field, polynomial] : zip_view(result.pointer_view(), this->pointer_view())) { + *result_field = (*polynomial)[row_idx]; } return result; } @@ -1755,8 +1518,8 @@ template class GoblinTranslator_ { PartiallyEvaluatedMultivariates(const size_t circuit_size) { // Storage is only needed after the first partial evaluation, hence polynomials of size (n / 2) - for (auto& poly : this->_data) { - poly = Polynomial(circuit_size / 2); + for (auto* poly : this->pointer_view()) { + *poly = Polynomial(circuit_size / 2); } } }; @@ -1782,7 +1545,6 @@ template class GoblinTranslator_ { public: CommitmentLabels() { - this->op = "OP"; this->x_lo_y_hi = "X_LO_Y_HI"; this->x_hi_z_1 = "X_HI_Z_1"; @@ -1882,10 +1644,9 @@ template class GoblinTranslator_ { class VerifierCommitments : public AllEntities { public: - VerifierCommitments(std::shared_ptr verification_key, + VerifierCommitments([[maybe_unused]] std::shared_ptr verification_key, [[maybe_unused]] const BaseTranscript& transcript) { - static_cast(transcript); this->lagrange_first = verification_key->lagrange_first; this->lagrange_last = verification_key->lagrange_last; this->lagrange_odd_in_minicircuit = verification_key->lagrange_odd_in_minicircuit; @@ -1896,10 +1657,9 @@ template class GoblinTranslator_ { verification_key->ordered_extra_range_constraints_numerator; } }; -}; - -using GoblinTranslator = GoblinTranslator_<2048>; + using Transcript = BaseTranscript; // WORKTODO: leave IOU? +}; } // namespace proof_system::honk::flavor namespace proof_system { diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp index ad09352b9172..6c814f2a44cb 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp @@ -437,7 +437,7 @@ class GoblinUltra { PartiallyEvaluatedMultivariates(const size_t circuit_size) { // Storage is only needed after the first partial evaluation, hence polynomials of size (n / 2) - for (auto* poly : pointer_view()) { + for (auto* poly : this->pointer_view()) { *poly = Polynomial(circuit_size / 2); } } @@ -474,7 +474,7 @@ class GoblinUltra { [[nodiscard]] AllValues get_row(size_t row_idx) const { AllValues result; - for (auto [result_field, polynomial] : zip_view(result.pointer_view(), pointer_view())) { + for (auto [result_field, polynomial] : zip_view(result.pointer_view(), this->pointer_view())) { *result_field = (*polynomial)[row_idx]; } return result; diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp index d347c45cc836..363fecc94f17 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp @@ -373,7 +373,7 @@ class Ultra { PartiallyEvaluatedMultivariates(const size_t circuit_size) { // Storage is only needed after the first partial evaluation, hence polynomials of size (n / 2) - for (auto* poly : pointer_view()) { + for (auto* poly : this->pointer_view()) { *poly = Polynomial(circuit_size / 2); } } diff --git a/barretenberg/cpp/src/barretenberg/goblin/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/goblin/CMakeLists.txt index f0316f56dccf..248b05c02e67 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/CMakeLists.txt +++ b/barretenberg/cpp/src/barretenberg/goblin/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(goblin ultra_honk eccvm) \ No newline at end of file +barretenberg_module(goblin ultra_honk eccvm translator_vm) \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/goblin/cheat_translation_consistency_data.hpp b/barretenberg/cpp/src/barretenberg/goblin/cheat_translation_consistency_data.hpp new file mode 100644 index 000000000000..99b25262bf94 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/goblin/cheat_translation_consistency_data.hpp @@ -0,0 +1,11 @@ +#pragma once +#include "barretenberg/ecc/curves/bn254/fq.hpp" +#include "barretenberg/ecc/curves/bn254/fr.hpp" +#include + +namespace barretenberg { +struct CheatGoblinTranslationConsistencyData { + fq op, Px, Py, z1, z2; + void print() const { info("op: ", op, "\n", "Px: ", Px, "\n", "Py: ", Py, "\n", "z1: ", z1, "\n", "z2: ", z2); }; +}; +} // namespace barretenberg \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 0c675939b0c7..ec603f50eee8 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -1,20 +1,18 @@ -#include -#include -#include - -#include "barretenberg/common/log.hpp" #include "barretenberg/eccvm/eccvm_composer.hpp" +#include "barretenberg/goblin/cheat_translation_consistency_data.hpp" #include "barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp" #include "barretenberg/proof_system/circuit_builder/goblin_ultra_circuit_builder.hpp" #include "barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp" +#include "barretenberg/translator_vm/goblin_translator_composer.hpp" #include "barretenberg/ultra_honk/ultra_composer.hpp" -#include "barretenberg/ultra_honk/ultra_prover.hpp" -namespace test_full_goblin_composer { +#include -namespace { -auto& engine = numeric::random::get_debug_engine(); -} +#pragma GCC diagnostic ignored "-Wunused-variable" + +using namespace proof_system::honk; + +namespace test_full_goblin_composer { class FullGoblinComposerTests : public ::testing::Test { protected: @@ -26,31 +24,38 @@ class FullGoblinComposerTests : public ::testing::Test { using Curve = curve::BN254; using FF = Curve::ScalarField; + using Fbase = Curve::BaseField; using Point = Curve::AffineElement; - using CommitmentKey = proof_system::honk::pcs::CommitmentKey; + using CommitmentKey = pcs::CommitmentKey; + using OpQueue = proof_system::ECCOpQueue; using GoblinUltraBuilder = proof_system::GoblinUltraCircuitBuilder; - using GoblinUltraComposer = proof_system::honk::GoblinUltraComposer; - using ECCVMFlavor = proof_system::honk::flavor::ECCVM; + using ECCVMFlavor = flavor::ECCVM; using ECCVMBuilder = proof_system::ECCVMCircuitBuilder; - using ECCVMComposer = proof_system::honk::ECCVMComposer_; - using VMOp = proof_system_eccvm::VMOperation; - static constexpr size_t NUM_OP_QUEUE_COLUMNS = proof_system::honk::flavor::GoblinUltra::NUM_WIRES; + using ECCVMComposer = ECCVMComposer_; + using TranslatorFlavor = flavor::GoblinTranslator; + using TranslatorBuilder = proof_system::GoblinTranslatorCircuitBuilder; + using TranslatorComposer = GoblinTranslatorComposer_; + using TranslatorConsistencyData = barretenberg::CheatGoblinTranslationConsistencyData; + + static constexpr size_t NUM_OP_QUEUE_COLUMNS = flavor::GoblinUltra::NUM_WIRES; /** * @brief Generate a simple test circuit with some ECC op gates and conventional arithmetic gates - * + *g * @param builder */ - void generate_test_circuit(auto& builder) + static void generate_test_circuit(GoblinUltraBuilder& builder) { // Add some arbitrary ecc op gates + // ((a+ab) + c + cd) + e + ef for (size_t i = 0; i < 3; ++i) { auto point = Point::random_element(); auto scalar = FF::random_element(); builder.queue_ecc_add_accum(point); - builder.queue_ecc_mul_accum(point, scalar); + builder.queue_ecc_mul_accum(point, scalar); // WORKTODO: name this add_multiple or something } - builder.queue_ecc_eq(); + // queues the result of the preceding ECC + builder.queue_ecc_eq(); // should be eq and reset // Add some conventional gates that utilize public inputs for (size_t i = 0; i < 10; ++i) { @@ -75,6 +80,8 @@ class FullGoblinComposerTests : public ::testing::Test { * protocol can proceed nominally. The mock data is valid in the sense that it can be processed by all stages of * Goblin as if it came from a genuine circuit. * + * @todo WOKTODO: this is a zero commitments issue + * * @param op_queue */ static void perform_op_queue_interactions_for_mock_first_circuit( @@ -106,7 +113,7 @@ class FullGoblinComposerTests : public ::testing::Test { * @brief Construct and a verify a Honk proof * */ - bool construct_and_verify_honk_proof(auto& composer, auto& builder) + static bool construct_and_verify_honk_proof(GoblinUltraComposer& composer, GoblinUltraBuilder& builder) { auto instance = composer.create_instance(builder); auto prover = composer.create_prover(instance); @@ -121,29 +128,15 @@ class FullGoblinComposerTests : public ::testing::Test { * @brief Construct and verify a Goblin ECC op queue merge proof * */ - bool construct_and_verify_merge_proof(auto& composer, auto& op_queue) + static bool construct_and_verify_merge_proof(GoblinUltraComposer& composer, std::shared_ptr& op_queue) { auto merge_prover = composer.create_merge_prover(op_queue); - auto merge_verifier = composer.create_merge_verifier(10); + auto merge_verifier = composer.create_merge_verifier(10); // WORKTODO: What is this 10? auto merge_proof = merge_prover.construct_proof(); bool verified = merge_verifier.verify_proof(merge_proof); return verified; } - - /** - * @brief Construct and verify a Goblin ECC op queue merge proof - * - */ - bool construct_and_verify_eccvm_proof(auto& composer, auto& builder) - { - auto prover = composer.create_prover(builder); - auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(builder); - bool verified = verifier.verify_proof(proof); - - return verified; - } }; /** @@ -171,69 +164,80 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) auto composer = GoblinUltraComposer(); // Construct and verify Ultra Goblin Honk proof - auto honk_verified = construct_and_verify_honk_proof(composer, builder); + bool honk_verified = construct_and_verify_honk_proof(composer, builder); EXPECT_TRUE(honk_verified); // Construct and verify op queue merge proof - auto merge_verified = construct_and_verify_merge_proof(composer, op_queue); + bool merge_verified = construct_and_verify_merge_proof(composer, op_queue); EXPECT_TRUE(merge_verified); } - // Construct an ECCVM circuit then generate and verify its proof - { - // Instantiate an ECCVM builder with the vm ops stored in the op queue - auto builder = ECCVMBuilder(op_queue->raw_ops); - - // Construct and verify ECCVM proof - auto composer = ECCVMComposer(); - auto eccvm_verified = construct_and_verify_eccvm_proof(composer, builder); - EXPECT_TRUE(eccvm_verified); - } + // Execute the ECCVM + auto eccvm_builder = ECCVMBuilder(op_queue->raw_ops); + auto eccvm_composer = ECCVMComposer(); + auto eccvm_prover = eccvm_composer.create_prover(eccvm_builder); + auto eccvm_verifier = eccvm_composer.create_verifier(eccvm_builder); + auto eccvm_proof = eccvm_prover.construct_proof(); + bool eccvm_verified = eccvm_verifier.verify_proof(eccvm_proof); + EXPECT_TRUE(eccvm_verified); + + // Execute the Translator + auto batching_challenge = Fbase::random_element(); + auto evaluation_input = eccvm_prover.evaluation_challenge_x; + auto translator_builder = + TranslatorBuilder(batching_challenge, evaluation_input, *op_queue); // WORKTODO: take pointer or ref + auto translator_composer = TranslatorComposer(); + auto translator_prover = translator_composer.create_prover(translator_builder); + auto translator_verifier = translator_composer.create_verifier(translator_builder); + auto translator_proof = translator_prover.construct_proof(); + bool translator_verified = + translator_verifier.verify_proof(translator_proof, eccvm_prover.cheat_translation_consistency_data); + EXPECT_TRUE(translator_verified); } /** * @brief Check that ECCVM verification fails if ECC op queue operands are tampered with * */ -TEST_F(FullGoblinComposerTests, SimpleCircuitFailureCase) -{ - auto op_queue = std::make_shared(); - - // Add mock data to op queue to simulate interaction with a "first" circuit - perform_op_queue_interactions_for_mock_first_circuit(op_queue); - - // Construct a series of simple Goblin circuits; generate and verify their proofs - size_t NUM_CIRCUITS = 3; - for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) { - auto builder = GoblinUltraBuilder{ op_queue }; - - generate_test_circuit(builder); - - // The same composer is used to manage Honk and Merge prover/verifier - auto composer = GoblinUltraComposer(); - - // Construct and verify Ultra Goblin Honk proof - auto honk_verified = construct_and_verify_honk_proof(composer, builder); - EXPECT_TRUE(honk_verified); - - // Construct and verify op queue merge proof - auto merge_verified = construct_and_verify_merge_proof(composer, op_queue); - EXPECT_TRUE(merge_verified); - } - - // Construct an ECCVM circuit then generate and verify its proof - { - // Instantiate an ECCVM builder with the vm ops stored in the op queue - auto builder = ECCVMBuilder(op_queue->raw_ops); - - // Fiddle with one of the operands to trigger a failure - builder.vm_operations[0].z1 += 1; - - // Construct and verify ECCVM proof - auto composer = ECCVMComposer(); - auto eccvm_verified = construct_and_verify_eccvm_proof(composer, builder); - EXPECT_FALSE(eccvm_verified); - } -} +// TEST_F(FullGoblinComposerTests, SimpleCircuitFailureCase) +// { +// auto op_queue = std::make_shared(); + +// // Add mock data to op queue to simulate interaction with a "first" circuit +// perform_op_queue_interactions_for_mock_first_circuit(op_queue); + +// // Construct a series of simple Goblin circuits; generate and verify their proofs +// size_t NUM_CIRCUITS = 3; +// for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) { +// auto builder = GoblinUltraBuilder(op_queue); + +// generate_test_circuit(builder); + +// // The same composer is used to manage Honk and Merge prover/verifier +// auto composer = GoblinUltraComposer(); + +// // Construct and verify Ultra Goblin Honk proof +// auto honk_verified = construct_and_verify_honk_proof(composer, builder); +// EXPECT_TRUE(honk_verified); + +// // Construct and verify op queue merge proof +// auto merge_verified = construct_and_verify_merge_proof(composer, op_queue); +// EXPECT_TRUE(merge_verified); +// } + +// // Construct an ECCVM circuit then generate and verify its proof +// { +// // Instantiate an ECCVM builder with the vm ops stored in the op queue +// auto builder = ECCVMBuilder(op_queue->raw_ops); + +// // Fiddle with one of the operands to trigger a failure +// builder.vm_operations[0].z1 += 1; + +// // Construct and verify ECCVM proof +// auto composer = ECCVMComposer(); +// auto eccvm_verified = construct_and_verify_eccvm_proof(composer, builder); +// EXPECT_FALSE(eccvm_verified); +// } +// } } // namespace test_full_goblin_composer diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp index 0471f818ca6f..11dc3126699d 100644 --- a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp @@ -195,6 +195,7 @@ template void compute_concatenated_pol // A function that produces 1 concatenated polynomial // TODO(#756): This can be rewritten to use more cores. Currently uses at maximum the number of concatenated // polynomials (4 in Goblin Translator) + // WORKTODO: rewrite this... auto ordering_function = [&](size_t i) { auto my_group = concatenation_groups[i]; auto& current_target = targets[i]; @@ -401,4 +402,31 @@ template inline void compute_extra_range_constraint_numerator( parallel_for(num_concatenated_wires + 1, fill_with_shift); } +/** + * @brief Compute odd and even largrange polynomials (up to mini_circuit length) and put them in the polynomial cache + * + * @param key Proving key where we will save the polynomials + */ +template inline void compute_lagrange_polynomials_for_goblin_translator(auto proving_key) + +{ + const size_t n = proving_key->circuit_size; + typename Flavor::Polynomial lagrange_polynomial_odd_in_minicircuit(n); + typename Flavor::Polynomial lagrange_polynomial_even_in_minicircut(n); + typename Flavor::Polynomial lagrange_polynomial_second(n); + typename Flavor::Polynomial lagrange_polynomial_second_to_last_in_minicircuit(n); + + for (size_t i = 1; i < Flavor::MINI_CIRCUIT_SIZE - 1; i += 2) { + lagrange_polynomial_odd_in_minicircuit[i] = 1; + lagrange_polynomial_even_in_minicircut[i + 1] = 1; + } + proving_key->lagrange_odd_in_minicircuit = lagrange_polynomial_odd_in_minicircuit; + + proving_key->lagrange_even_in_minicircuit = lagrange_polynomial_even_in_minicircut; + lagrange_polynomial_second[1] = 1; + lagrange_polynomial_second_to_last_in_minicircuit[Flavor::MINI_CIRCUIT_SIZE - 2] = 1; + proving_key->lagrange_second_to_last_in_minicircuit = lagrange_polynomial_second_to_last_in_minicircuit; + proving_key->lagrange_second = lagrange_polynomial_second; +} + } // namespace proof_system::honk::permutation_library \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp index 63caded798a3..caf74ad39dcb 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp @@ -105,8 +105,8 @@ template class Polynomial { return coefficients_.get()[i]; }; - Fr evaluate(const Fr& z, const size_t target_size) const; - Fr evaluate(const Fr& z) const; + [[nodiscard]] Fr evaluate(const Fr& z, const size_t target_size) const; + [[nodiscard]] Fr evaluate(const Fr& z) const; Fr compute_barycentric_evaluation(const Fr& z, const EvaluationDomain& domain) requires polynomial_arithmetic::SupportsFFT; diff --git a/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt index 63d4af708eb5..b9452eee6f6b 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt +++ b/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(proof_system relations crypto_pedersen_commitment crypto_pedersen_hash) \ No newline at end of file +barretenberg_module(proof_system relations crypto_pedersen_commitment crypto_pedersen_hash) diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp index 2235a9343454..7c124f327010 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp @@ -94,7 +94,7 @@ class GoblinTranslatorCircuitBuilder : public CircuitBuilderBase::accumulate(ContainerOverSubrelations& accumula accumulator, in, params, scaling_factor); } -template class ECCVMLookupRelationImpl; template class ECCVMLookupRelationImpl; DEFINE_SUMCHECK_RELATION_CLASS(ECCVMLookupRelationImpl, flavor::ECCVM); diff --git a/barretenberg/cpp/src/barretenberg/srs/factories/file_crs_factory.hpp b/barretenberg/cpp/src/barretenberg/srs/factories/file_crs_factory.hpp index 3a925e2ccf94..e165c15c6716 100644 --- a/barretenberg/cpp/src/barretenberg/srs/factories/file_crs_factory.hpp +++ b/barretenberg/cpp/src/barretenberg/srs/factories/file_crs_factory.hpp @@ -42,7 +42,7 @@ template class FileProverCrs : public ProverCrs { typename Curve::AffineElement* get_monomial_points() { return monomials_.get(); } - size_t get_monomial_size() const { return num_points; } + [[nodiscard]] size_t get_monomial_size() const { return num_points; } private: size_t num_points; diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index afdd70f3808d..215d23b7c98b 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -3,6 +3,7 @@ #include "barretenberg/common/serialize.hpp" #include "barretenberg/crypto/blake3s/blake3s.hpp" #include "barretenberg/crypto/pedersen_hash/pedersen.hpp" +#include namespace proof_system::honk { @@ -219,6 +220,9 @@ template class BaseTranscript { // Prepare for next round. ++round_number; + // for (auto& challenge : challenges) { + // info(challenge); + // }; return challenges; } @@ -238,6 +242,12 @@ template class BaseTranscript { */ template void send_to_verifier(const std::string& label, const T& element) { + // info("TRANSCRIPT: ", label); + // if constexpr (std::same_as || std::same_as || + // std::same_as || std::same_as) { + // info("element: ", element); + // } + using serialize::write; // TODO(Adrian): Ensure that serialization of affine elements (including point at infinity) is consistent. // TODO(Adrian): Consider restricting serialization (via concepts) to types T for which sizeof(T) reliably @@ -265,7 +275,11 @@ template class BaseTranscript { BaseTranscript::consume_prover_element_bytes(label, element_bytes); T element = from_buffer(element_bytes); - + // info("TRANSCRIPT: ", label); + // if constexpr (std::same_as || std::same_as || + // std::same_as || std::same_as) { + // info("element: ", element); + // } return element; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/translator_vm/CMakeLists.txt new file mode 100644 index 000000000000..c5740c436fc9 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/CMakeLists.txt @@ -0,0 +1 @@ +barretenberg_module(translator_vm honk sumcheck) \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp new file mode 100644 index 000000000000..8d39f8060693 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -0,0 +1,323 @@ +/** + * @file goblin_translator_composer.cpp + * @brief Contains the logic for transfroming a Goblin Translator Circuit Builder object into a witness and methods to + * create prover and verifier objects + * @date 2023-10-05 + * + * + */ +#include "goblin_translator_composer.hpp" +#include "barretenberg/common/assert.hpp" +#include "barretenberg/common/thread.hpp" +#include "barretenberg/flavor/goblin_translator.hpp" +#include "barretenberg/honk/proof_system/permutation_library.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" +#include "barretenberg/proof_system/composer/composer_lib.hpp" +#include "barretenberg/proof_system/composer/permutation_lib.hpp" +#include "barretenberg/translator_vm/goblin_translator_prover.hpp" +#include +#include +#include +#include +#include + +namespace proof_system::honk { + +/** + * @brief Helper method to compute quantities like total number of gates and dyadic circuit size + * + * @tparam Flavor + * @param circuit_constructor + */ +template +void GoblinTranslatorComposer_::compute_circuit_size_parameters(CircuitBuilder& circuit_builder) +{ + const size_t num_gates = circuit_builder.num_gates; + + // number of populated rows in the execution trace + size_t num_rows_populated_in_execution_trace = num_gates; + + // Goblin translator circuits always have a predefined size and are structured as a VM (no concept of selectors) + ASSERT(MINI_CIRCUIT_SIZE >= num_rows_populated_in_execution_trace); + + total_num_gates = std::max(MINI_CIRCUIT_SIZE, num_rows_populated_in_execution_trace); + + // Next power of 2 + mini_circuit_dyadic_size = circuit_builder.get_circuit_subgroup_size(total_num_gates); + + // The actual circuit size is several times bigger than the trace in the builder, because we use concatenation to + // bring the degree of relations down, while extending the length. + dyadic_circuit_size = mini_circuit_dyadic_size * Flavor::CONCATENATION_INDEX; +} + +/** + * @brief Construct the witness polynomials from the witness vectors in the circuit constructor. + * + * @details In goblin translator wires come as is, since they have to reflect the structure of polynomials in the first + * 4 wires, which we've commited to + * + * @tparam Flavor provides the circuit constructor type and the number of wires. + * @param circuit_constructor + * @param dyadic_circuit_size Power of 2 circuit size + * + * @return std::vector + * */ +template +std::vector construct_wire_polynomials_base_goblin_translator( + const typename Flavor::CircuitBuilder& circuit_constructor, const size_t dyadic_circuit_size) +{ + const size_t num_gates = circuit_constructor.num_gates; + + std::vector wire_polynomials; + + // Populate the wire polynomials with values from conventional wires + for (size_t wire_idx = 0; wire_idx < Flavor::NUM_WIRES; ++wire_idx) { + + // Expect all values to be set to 0 initially + // TODO(kesha): fix for sparse polynomials; + typename Flavor::Polynomial w_lagrange(dyadic_circuit_size); + + // Insert conventional gate wire values into the wire polynomial + for (size_t i = 0; i < num_gates; ++i) { + auto& wire = circuit_constructor.wires[wire_idx]; + w_lagrange[i] = circuit_constructor.get_variable(wire[i]); + } + + wire_polynomials.push_back(std::move(w_lagrange)); + } + return wire_polynomials; +} + +/** + * @brief Compute witness polynomials + * + */ +template void GoblinTranslatorComposer_::compute_witness(CircuitBuilder& circuit_constructor) +{ + if (computed_witness) { + return; + } + + // Construct the conventional wire polynomials + auto wire_polynomials = + construct_wire_polynomials_base_goblin_translator(circuit_constructor, dyadic_circuit_size); + + // Most of the witness polynomials are the original wire polynomials + proving_key->op = wire_polynomials[0]; + proving_key->x_lo_y_hi = wire_polynomials[1]; + proving_key->x_hi_z_1 = wire_polynomials[2]; + proving_key->y_lo_z_2 = wire_polynomials[3]; + proving_key->p_x_low_limbs = wire_polynomials[4]; + proving_key->p_x_low_limbs_range_constraint_0 = wire_polynomials[5]; + proving_key->p_x_low_limbs_range_constraint_1 = wire_polynomials[6]; + proving_key->p_x_low_limbs_range_constraint_2 = wire_polynomials[7]; + proving_key->p_x_low_limbs_range_constraint_3 = wire_polynomials[8]; + proving_key->p_x_low_limbs_range_constraint_4 = wire_polynomials[9]; + proving_key->p_x_low_limbs_range_constraint_tail = wire_polynomials[10]; + proving_key->p_x_high_limbs = wire_polynomials[11]; + proving_key->p_x_high_limbs_range_constraint_0 = wire_polynomials[12]; + proving_key->p_x_high_limbs_range_constraint_1 = wire_polynomials[13]; + proving_key->p_x_high_limbs_range_constraint_2 = wire_polynomials[14]; + proving_key->p_x_high_limbs_range_constraint_3 = wire_polynomials[15]; + proving_key->p_x_high_limbs_range_constraint_4 = wire_polynomials[16]; + proving_key->p_x_high_limbs_range_constraint_tail = wire_polynomials[17]; + proving_key->p_y_low_limbs = wire_polynomials[18]; + proving_key->p_y_low_limbs_range_constraint_0 = wire_polynomials[19]; + proving_key->p_y_low_limbs_range_constraint_1 = wire_polynomials[20]; + proving_key->p_y_low_limbs_range_constraint_2 = wire_polynomials[21]; + proving_key->p_y_low_limbs_range_constraint_3 = wire_polynomials[22]; + proving_key->p_y_low_limbs_range_constraint_4 = wire_polynomials[23]; + proving_key->p_y_low_limbs_range_constraint_tail = wire_polynomials[24]; + proving_key->p_y_high_limbs = wire_polynomials[25]; + proving_key->p_y_high_limbs_range_constraint_0 = wire_polynomials[26]; + proving_key->p_y_high_limbs_range_constraint_1 = wire_polynomials[27]; + proving_key->p_y_high_limbs_range_constraint_2 = wire_polynomials[28]; + proving_key->p_y_high_limbs_range_constraint_3 = wire_polynomials[29]; + proving_key->p_y_high_limbs_range_constraint_4 = wire_polynomials[30]; + proving_key->p_y_high_limbs_range_constraint_tail = wire_polynomials[31]; + proving_key->z_low_limbs = wire_polynomials[32]; + proving_key->z_low_limbs_range_constraint_0 = wire_polynomials[33]; + proving_key->z_low_limbs_range_constraint_1 = wire_polynomials[34]; + proving_key->z_low_limbs_range_constraint_2 = wire_polynomials[35]; + proving_key->z_low_limbs_range_constraint_3 = wire_polynomials[36]; + proving_key->z_low_limbs_range_constraint_4 = wire_polynomials[37]; + proving_key->z_low_limbs_range_constraint_tail = wire_polynomials[38]; + proving_key->z_high_limbs = wire_polynomials[39]; + proving_key->z_high_limbs_range_constraint_0 = wire_polynomials[40]; + proving_key->z_high_limbs_range_constraint_1 = wire_polynomials[41]; + proving_key->z_high_limbs_range_constraint_2 = wire_polynomials[42]; + proving_key->z_high_limbs_range_constraint_3 = wire_polynomials[43]; + proving_key->z_high_limbs_range_constraint_4 = wire_polynomials[44]; + proving_key->z_high_limbs_range_constraint_tail = wire_polynomials[45]; + proving_key->accumulators_binary_limbs_0 = wire_polynomials[46]; + proving_key->accumulators_binary_limbs_1 = wire_polynomials[47]; + proving_key->accumulators_binary_limbs_2 = wire_polynomials[48]; + proving_key->accumulators_binary_limbs_3 = wire_polynomials[49]; + proving_key->accumulator_low_limbs_range_constraint_0 = wire_polynomials[50]; + proving_key->accumulator_low_limbs_range_constraint_1 = wire_polynomials[51]; + proving_key->accumulator_low_limbs_range_constraint_2 = wire_polynomials[52]; + proving_key->accumulator_low_limbs_range_constraint_3 = wire_polynomials[53]; + proving_key->accumulator_low_limbs_range_constraint_4 = wire_polynomials[54]; + proving_key->accumulator_low_limbs_range_constraint_tail = wire_polynomials[55]; + proving_key->accumulator_high_limbs_range_constraint_0 = wire_polynomials[56]; + proving_key->accumulator_high_limbs_range_constraint_1 = wire_polynomials[57]; + proving_key->accumulator_high_limbs_range_constraint_2 = wire_polynomials[58]; + proving_key->accumulator_high_limbs_range_constraint_3 = wire_polynomials[59]; + proving_key->accumulator_high_limbs_range_constraint_4 = wire_polynomials[60]; + proving_key->accumulator_high_limbs_range_constraint_tail = wire_polynomials[61]; + proving_key->quotient_low_binary_limbs = wire_polynomials[62]; + proving_key->quotient_high_binary_limbs = wire_polynomials[63]; + proving_key->quotient_low_limbs_range_constraint_0 = wire_polynomials[64]; + proving_key->quotient_low_limbs_range_constraint_1 = wire_polynomials[65]; + proving_key->quotient_low_limbs_range_constraint_2 = wire_polynomials[66]; + proving_key->quotient_low_limbs_range_constraint_3 = wire_polynomials[67]; + proving_key->quotient_low_limbs_range_constraint_4 = wire_polynomials[68]; + proving_key->quotient_low_limbs_range_constraint_tail = wire_polynomials[69]; + proving_key->quotient_high_limbs_range_constraint_0 = wire_polynomials[70]; + proving_key->quotient_high_limbs_range_constraint_1 = wire_polynomials[71]; + proving_key->quotient_high_limbs_range_constraint_2 = wire_polynomials[72]; + proving_key->quotient_high_limbs_range_constraint_3 = wire_polynomials[73]; + proving_key->quotient_high_limbs_range_constraint_4 = wire_polynomials[74]; + proving_key->quotient_high_limbs_range_constraint_tail = wire_polynomials[75]; + proving_key->relation_wide_limbs = wire_polynomials[76]; + proving_key->relation_wide_limbs_range_constraint_0 = wire_polynomials[77]; + proving_key->relation_wide_limbs_range_constraint_1 = wire_polynomials[78]; + proving_key->relation_wide_limbs_range_constraint_2 = wire_polynomials[79]; + proving_key->relation_wide_limbs_range_constraint_3 = wire_polynomials[80]; + + // We construct concatenated versions of range constraint polynomials, where several polynomials are concatenated + // into one. These polynomials are not commited to. + proof_system::honk::permutation_library::compute_concatenated_polynomials(proving_key.get()); + + // We also contruct ordered polynomials, which have the same values as concatenated ones + enough values to bridge + // the range from 0 to maximum range defined by the range constraint. + proof_system::honk::permutation_library::compute_goblin_translator_range_constraint_ordered_polynomials( + proving_key.get()); + + computed_witness = true; +} + +/** + * @brief Create a prover object (used to create the proof) + * + * @tparam Flavor + * @param circuit_builder + * @return GoblinTranslatorProver_ + */ +template +GoblinTranslatorProver_ GoblinTranslatorComposer_::create_prover(CircuitBuilder& circuit_builder) +{ + + // Compute total number of gates, dyadic circuit size, etc. + compute_circuit_size_parameters(circuit_builder); + + // Compute non-witness polynomials + compute_proving_key(circuit_builder); + + compute_witness(circuit_builder); + + compute_commitment_key(proving_key->circuit_size); + + GoblinTranslatorProver_ output_state(proving_key, commitment_key); + + return output_state; +} + +/** + * @brief Create verifier: compute verification key, + * initialize verifier with it and an initial manifest and initialize commitment_scheme. + * + * @tparam Flavor + * @param circuit_constructor + * @return GoblinTranslatorVerifier_ + */ +template +GoblinTranslatorVerifier_ GoblinTranslatorComposer_::create_verifier( + const CircuitBuilder& circuit_constructor) +{ + auto verification_key = compute_verification_key(circuit_constructor); + + GoblinTranslatorVerifier_ output_state(verification_key); + + auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); + output_state.pcs_verification_key = std::move(pcs_verification_key); + + return output_state; +} + +/** + * @brief Move goblin translator specific inputs from circuit builder and compute all the constant polynomials used by + * the prover + * + * @tparam Flavor + * @param circuit_builder + * @return std::shared_ptr + */ +template +std::shared_ptr GoblinTranslatorComposer_::compute_proving_key( + const CircuitBuilder& circuit_builder) +{ + if (proving_key) { + return proving_key; + } + + proving_key = std::make_shared(dyadic_circuit_size); + + // The input/challenge that we are evaluating all polynomials at + proving_key->evaluation_input_x = circuit_builder.evaluation_input_x; + + // The challenge for batching polynomials + proving_key->batching_challenge_v = circuit_builder.batching_challenge_v; + + // First and last lagrange polynomials (in the full circuit size) + compute_first_and_last_lagrange_polynomials(proving_key.get()); + + // Compute polynomials with odd and even indices set to 1 up to the minicircuit margin + lagrange polynomials at + // second and second to last indices in the minicircuit + proof_system::honk::permutation_library::compute_lagrange_polynomials_for_goblin_translator( + proving_key.get()); + + // Compute the numerator for the permutation argument with several repetitions of steps bridging 0 and maximum range + // constraint + proof_system::honk::permutation_library::compute_extra_range_constraint_numerator(proving_key.get()); + + return proving_key; +} + +/** + * Compute verification key consisting of non-changing polynomials' precommitments. + * + * @return Pointer to created circuit verification key. + * */ +template +std::shared_ptr GoblinTranslatorComposer_::compute_verification_key( + const CircuitBuilder& circuit_constructor) +{ + if (verification_key) { + return verification_key; + } + + if (!proving_key) { + compute_proving_key(circuit_constructor); + } + + verification_key = + std::make_shared(proving_key->circuit_size, proving_key->num_public_inputs); + + verification_key->lagrange_first = commitment_key->commit(proving_key->lagrange_first); + verification_key->lagrange_last = commitment_key->commit(proving_key->lagrange_last); + verification_key->lagrange_odd_in_minicircuit = commitment_key->commit(proving_key->lagrange_odd_in_minicircuit); + verification_key->lagrange_even_in_minicircuit = commitment_key->commit(proving_key->lagrange_even_in_minicircuit); + verification_key->lagrange_second = commitment_key->commit(proving_key->lagrange_second); + verification_key->lagrange_second_to_last_in_minicircuit = + commitment_key->commit(proving_key->lagrange_second_to_last_in_minicircuit); + verification_key->ordered_extra_range_constraints_numerator = + commitment_key->commit(proving_key->ordered_extra_range_constraints_numerator); + + return verification_key; +} +template class GoblinTranslatorComposer_; + +} // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp new file mode 100644 index 000000000000..de0d1f331935 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -0,0 +1,75 @@ +#pragma once + +#include "barretenberg/flavor/goblin_translator.hpp" +#include "barretenberg/proof_system/composer/composer_lib.hpp" +#include "barretenberg/srs/factories/file_crs_factory.hpp" +#include "barretenberg/srs/global_crs.hpp" +#include "barretenberg/translator_vm/goblin_translator_prover.hpp" +#include "barretenberg/translator_vm/goblin_translator_verifier.hpp" +#include + +namespace proof_system::honk { +using namespace barretenberg; +template class GoblinTranslatorComposer_ { + public: + using CircuitBuilder = typename Flavor::CircuitBuilder; + using ProvingKey = typename Flavor::ProvingKey; + using VerificationKey = typename Flavor::VerificationKey; + using PCS = typename Flavor::PCS; + using CommitmentKey = typename Flavor::CommitmentKey; + using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; + static constexpr size_t MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; + + static constexpr std::string_view NAME_STRING = "GoblinTranslator"; + static constexpr size_t NUM_WIRES = CircuitBuilder::NUM_WIRES; + std::shared_ptr proving_key; + std::shared_ptr verification_key; + + // The crs_factory holds the path to the srs and exposes methods to extract the srs elements + std::shared_ptr> crs_factory_; + + // The commitment key is passed to the prover but also used herein to compute the verfication key commitments + std::shared_ptr commitment_key; + + bool computed_witness = false; + size_t total_num_gates = 0; // num_gates (already include zero row offset) (used to compute dyadic size) + size_t dyadic_circuit_size = 0; // final power-of-2 circuit size + size_t mini_circuit_dyadic_size = 0; // The size of the small circuit that contains non-range constraint relations + + // We only need the standard crs factory. GoblinTranslator is not supposed to be used with Grumpkin + GoblinTranslatorComposer_() { crs_factory_ = srs::get_crs_factory(); } + + GoblinTranslatorComposer_(std::shared_ptr p_key, std::shared_ptr v_key) + : proving_key(std::move(p_key)) + , verification_key(std::move(v_key)) + {} + + GoblinTranslatorComposer_(GoblinTranslatorComposer_&& other) noexcept = default; + GoblinTranslatorComposer_(GoblinTranslatorComposer_ const& other) noexcept = default; + GoblinTranslatorComposer_& operator=(GoblinTranslatorComposer_&& other) noexcept = default; + GoblinTranslatorComposer_& operator=(GoblinTranslatorComposer_ const& other) noexcept = default; + ~GoblinTranslatorComposer_() = default; + + std::shared_ptr compute_proving_key(const CircuitBuilder& circuit_constructor); + std::shared_ptr compute_verification_key(const CircuitBuilder& circuit_constructor); + + void compute_circuit_size_parameters(CircuitBuilder& circuit_constructor); + + void compute_witness(CircuitBuilder& circuit_constructor); + + GoblinTranslatorProver_ create_prover(CircuitBuilder& circuit_constructor); + GoblinTranslatorVerifier_ create_verifier(const CircuitBuilder& circuit_constructor); + + std::shared_ptr compute_commitment_key(size_t circuit_size) + { + if (commitment_key) { + return commitment_key; + } + + commitment_key = std::make_shared(circuit_size, crs_factory_); + return commitment_key; + }; +}; +extern template class GoblinTranslatorComposer_; +using GoblinTranslatorComposer = GoblinTranslatorComposer_; +} // namespace proof_system::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp new file mode 100644 index 000000000000..1c128a342f07 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp @@ -0,0 +1,87 @@ +#include +#include +#include +#include +#include +#include +#include + +#include "barretenberg/common/log.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" +#include "barretenberg/relations/relation_parameters.hpp" +#include "barretenberg/sumcheck/sumcheck_round.hpp" +#include "barretenberg/translator_vm/goblin_translator_composer.hpp" +#include "barretenberg/translator_vm/goblin_translator_prover.hpp" + +using namespace proof_system::honk; + +namespace test_goblin_translator_composer { + +namespace { +auto& engine = numeric::random::get_debug_engine(); +} + +std::vector add_variables(auto& circuit_constructor, std::vector variables) +{ + std::vector res; + for (size_t i = 0; i < variables.size(); i++) { + res.emplace_back(circuit_constructor.add_variable(variables[i])); + } + return res; +} + +void prove_and_verify(auto& circuit_constructor, auto& composer, bool expected_result) +{ + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); + auto proof = prover.construct_proof(); + bool verified = verifier.verify_proof(proof, { /* WORKTODO: Move last piece of translation out. */ }); + EXPECT_EQ(verified, expected_result); +}; + +void ensure_non_zero(auto& polynomial) +{ + bool has_non_zero_coefficient = false; + for (auto& coeff : polynomial) { + has_non_zero_coefficient |= !coeff.is_zero(); + } + ASSERT_TRUE(has_non_zero_coefficient); +} + +class GoblinTranslatorComposerTests : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; + +/** + * @brief Test simple circuit with public inputs + * + */ +TEST_F(GoblinTranslatorComposerTests, Basic) +{ + using point = barretenberg::g1::affine_element; + using scalar = barretenberg::fr; + using Fq = barretenberg::fq; + + auto P1 = point::random_element(); + auto P2 = point::random_element(); + auto z = scalar::random_element(); + + // Add the same operations to the ECC op queue; the native computation is performed under the hood. + proof_system::ECCOpQueue op_queue; + for (size_t i = 0; i < 500; i++) { + op_queue.add_accumulate(P1); + op_queue.mul_accumulate(P2, z); + } + Fq batching_challenge = fq::random_element(); + Fq x = Fq::random_element(); + auto circuit_builder = proof_system::GoblinTranslatorCircuitBuilder(batching_challenge, x); + circuit_builder.feed_ecc_op_queue_into_circuit(op_queue); + EXPECT_TRUE(circuit_builder.check_circuit()); + + auto composer = GoblinTranslatorComposer(); + prove_and_verify(circuit_builder, composer, /*expected_result=*/true); +} + +} // namespace test_goblin_translator_composer diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp new file mode 100644 index 000000000000..688874d366fe --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -0,0 +1,393 @@ +#include "goblin_translator_prover.hpp" +#include "barretenberg/commitment_schemes/claim.hpp" +#include "barretenberg/commitment_schemes/commitment_key.hpp" +#include "barretenberg/ecc/curves/bn254/fr.hpp" +#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/honk/proof_system/power_polynomial.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/library/grand_product_library.hpp" +#include "barretenberg/sumcheck/sumcheck.hpp" +#include +#include +#include +#include +#include +#include +#include +#include + +namespace proof_system::honk { + +/** + * Create GoblinTranslatorProver_ from proving key, witness and manifest. + * + * @param input_key Proving key. + * @param input_manifest Input manifest + * + * @tparam settings Settings class. + * */ +template +GoblinTranslatorProver_::GoblinTranslatorProver_(std::shared_ptr input_key, + std::shared_ptr commitment_key) + : key(input_key) + , commitment_key(commitment_key) +{ + // Copy all polynomials from the proving key + prover_polynomials.op = key->op; + prover_polynomials.x_lo_y_hi = key->x_lo_y_hi; + prover_polynomials.x_hi_z_1 = key->x_hi_z_1; + prover_polynomials.y_lo_z_2 = key->y_lo_z_2; + prover_polynomials.p_x_low_limbs = key->p_x_low_limbs; + prover_polynomials.p_x_low_limbs_range_constraint_0 = key->p_x_low_limbs_range_constraint_0; + prover_polynomials.p_x_low_limbs_range_constraint_1 = key->p_x_low_limbs_range_constraint_1; + prover_polynomials.p_x_low_limbs_range_constraint_2 = key->p_x_low_limbs_range_constraint_2; + prover_polynomials.p_x_low_limbs_range_constraint_3 = key->p_x_low_limbs_range_constraint_3; + prover_polynomials.p_x_low_limbs_range_constraint_4 = key->p_x_low_limbs_range_constraint_4; + prover_polynomials.p_x_low_limbs_range_constraint_tail = key->p_x_low_limbs_range_constraint_tail; + prover_polynomials.p_x_high_limbs = key->p_x_high_limbs; + prover_polynomials.p_x_high_limbs_range_constraint_0 = key->p_x_high_limbs_range_constraint_0; + prover_polynomials.p_x_high_limbs_range_constraint_1 = key->p_x_high_limbs_range_constraint_1; + prover_polynomials.p_x_high_limbs_range_constraint_2 = key->p_x_high_limbs_range_constraint_2; + prover_polynomials.p_x_high_limbs_range_constraint_3 = key->p_x_high_limbs_range_constraint_3; + prover_polynomials.p_x_high_limbs_range_constraint_4 = key->p_x_high_limbs_range_constraint_4; + prover_polynomials.p_x_high_limbs_range_constraint_tail = key->p_x_high_limbs_range_constraint_tail; + prover_polynomials.p_y_low_limbs = key->p_y_low_limbs; + prover_polynomials.p_y_low_limbs_range_constraint_0 = key->p_y_low_limbs_range_constraint_0; + prover_polynomials.p_y_low_limbs_range_constraint_1 = key->p_y_low_limbs_range_constraint_1; + prover_polynomials.p_y_low_limbs_range_constraint_2 = key->p_y_low_limbs_range_constraint_2; + prover_polynomials.p_y_low_limbs_range_constraint_3 = key->p_y_low_limbs_range_constraint_3; + prover_polynomials.p_y_low_limbs_range_constraint_4 = key->p_y_low_limbs_range_constraint_4; + prover_polynomials.p_y_low_limbs_range_constraint_tail = key->p_y_low_limbs_range_constraint_tail; + prover_polynomials.p_y_high_limbs = key->p_y_high_limbs; + prover_polynomials.p_y_high_limbs_range_constraint_0 = key->p_y_high_limbs_range_constraint_0; + prover_polynomials.p_y_high_limbs_range_constraint_1 = key->p_y_high_limbs_range_constraint_1; + prover_polynomials.p_y_high_limbs_range_constraint_2 = key->p_y_high_limbs_range_constraint_2; + prover_polynomials.p_y_high_limbs_range_constraint_3 = key->p_y_high_limbs_range_constraint_3; + prover_polynomials.p_y_high_limbs_range_constraint_4 = key->p_y_high_limbs_range_constraint_4; + prover_polynomials.p_y_high_limbs_range_constraint_tail = key->p_y_high_limbs_range_constraint_tail; + prover_polynomials.z_low_limbs = key->z_low_limbs; + prover_polynomials.z_low_limbs_range_constraint_0 = key->z_low_limbs_range_constraint_0; + prover_polynomials.z_low_limbs_range_constraint_1 = key->z_low_limbs_range_constraint_1; + prover_polynomials.z_low_limbs_range_constraint_2 = key->z_low_limbs_range_constraint_2; + prover_polynomials.z_low_limbs_range_constraint_3 = key->z_low_limbs_range_constraint_3; + prover_polynomials.z_low_limbs_range_constraint_4 = key->z_low_limbs_range_constraint_4; + prover_polynomials.z_low_limbs_range_constraint_tail = key->z_low_limbs_range_constraint_tail; + prover_polynomials.z_high_limbs = key->z_high_limbs; + prover_polynomials.z_high_limbs_range_constraint_0 = key->z_high_limbs_range_constraint_0; + prover_polynomials.z_high_limbs_range_constraint_1 = key->z_high_limbs_range_constraint_1; + prover_polynomials.z_high_limbs_range_constraint_2 = key->z_high_limbs_range_constraint_2; + prover_polynomials.z_high_limbs_range_constraint_3 = key->z_high_limbs_range_constraint_3; + prover_polynomials.z_high_limbs_range_constraint_4 = key->z_high_limbs_range_constraint_4; + prover_polynomials.z_high_limbs_range_constraint_tail = key->z_high_limbs_range_constraint_tail; + prover_polynomials.accumulators_binary_limbs_0 = key->accumulators_binary_limbs_0; + prover_polynomials.accumulators_binary_limbs_1 = key->accumulators_binary_limbs_1; + prover_polynomials.accumulators_binary_limbs_2 = key->accumulators_binary_limbs_2; + prover_polynomials.accumulators_binary_limbs_3 = key->accumulators_binary_limbs_3; + prover_polynomials.accumulator_low_limbs_range_constraint_0 = key->accumulator_low_limbs_range_constraint_0; + prover_polynomials.accumulator_low_limbs_range_constraint_1 = key->accumulator_low_limbs_range_constraint_1; + prover_polynomials.accumulator_low_limbs_range_constraint_2 = key->accumulator_low_limbs_range_constraint_2; + prover_polynomials.accumulator_low_limbs_range_constraint_3 = key->accumulator_low_limbs_range_constraint_3; + prover_polynomials.accumulator_low_limbs_range_constraint_4 = key->accumulator_low_limbs_range_constraint_4; + prover_polynomials.accumulator_low_limbs_range_constraint_tail = key->accumulator_low_limbs_range_constraint_tail; + prover_polynomials.accumulator_high_limbs_range_constraint_0 = key->accumulator_high_limbs_range_constraint_0; + prover_polynomials.accumulator_high_limbs_range_constraint_1 = key->accumulator_high_limbs_range_constraint_1; + prover_polynomials.accumulator_high_limbs_range_constraint_2 = key->accumulator_high_limbs_range_constraint_2; + prover_polynomials.accumulator_high_limbs_range_constraint_3 = key->accumulator_high_limbs_range_constraint_3; + prover_polynomials.accumulator_high_limbs_range_constraint_4 = key->accumulator_high_limbs_range_constraint_4; + prover_polynomials.accumulator_high_limbs_range_constraint_tail = key->accumulator_high_limbs_range_constraint_tail; + prover_polynomials.quotient_low_binary_limbs = key->quotient_low_binary_limbs; + prover_polynomials.quotient_high_binary_limbs = key->quotient_high_binary_limbs; + prover_polynomials.quotient_low_limbs_range_constraint_0 = key->quotient_low_limbs_range_constraint_0; + prover_polynomials.quotient_low_limbs_range_constraint_1 = key->quotient_low_limbs_range_constraint_1; + prover_polynomials.quotient_low_limbs_range_constraint_2 = key->quotient_low_limbs_range_constraint_2; + prover_polynomials.quotient_low_limbs_range_constraint_3 = key->quotient_low_limbs_range_constraint_3; + prover_polynomials.quotient_low_limbs_range_constraint_4 = key->quotient_low_limbs_range_constraint_4; + prover_polynomials.quotient_low_limbs_range_constraint_tail = key->quotient_low_limbs_range_constraint_tail; + prover_polynomials.quotient_high_limbs_range_constraint_0 = key->quotient_high_limbs_range_constraint_0; + prover_polynomials.quotient_high_limbs_range_constraint_1 = key->quotient_high_limbs_range_constraint_1; + prover_polynomials.quotient_high_limbs_range_constraint_2 = key->quotient_high_limbs_range_constraint_2; + prover_polynomials.quotient_high_limbs_range_constraint_3 = key->quotient_high_limbs_range_constraint_3; + prover_polynomials.quotient_high_limbs_range_constraint_4 = key->quotient_high_limbs_range_constraint_4; + prover_polynomials.quotient_high_limbs_range_constraint_tail = key->quotient_high_limbs_range_constraint_tail; + prover_polynomials.relation_wide_limbs = key->relation_wide_limbs; + prover_polynomials.relation_wide_limbs_range_constraint_0 = key->relation_wide_limbs_range_constraint_0; + prover_polynomials.relation_wide_limbs_range_constraint_1 = key->relation_wide_limbs_range_constraint_1; + prover_polynomials.relation_wide_limbs_range_constraint_2 = key->relation_wide_limbs_range_constraint_2; + prover_polynomials.relation_wide_limbs_range_constraint_3 = key->relation_wide_limbs_range_constraint_3; + prover_polynomials.concatenated_range_constraints_0 = key->concatenated_range_constraints_0; + prover_polynomials.concatenated_range_constraints_1 = key->concatenated_range_constraints_1; + prover_polynomials.concatenated_range_constraints_2 = key->concatenated_range_constraints_2; + prover_polynomials.concatenated_range_constraints_3 = key->concatenated_range_constraints_3; + prover_polynomials.ordered_range_constraints_0 = key->ordered_range_constraints_0; + prover_polynomials.ordered_range_constraints_1 = key->ordered_range_constraints_1; + prover_polynomials.ordered_range_constraints_2 = key->ordered_range_constraints_2; + prover_polynomials.ordered_range_constraints_3 = key->ordered_range_constraints_3; + prover_polynomials.ordered_range_constraints_4 = key->ordered_range_constraints_4; + prover_polynomials.x_lo_y_hi_shift = key->x_lo_y_hi.shifted(); + prover_polynomials.x_hi_z_1_shift = key->x_hi_z_1.shifted(); + prover_polynomials.y_lo_z_2_shift = key->y_lo_z_2.shifted(); + prover_polynomials.p_x_low_limbs_shift = key->p_x_low_limbs.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_0_shift = key->p_x_low_limbs_range_constraint_0.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_1_shift = key->p_x_low_limbs_range_constraint_1.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_2_shift = key->p_x_low_limbs_range_constraint_2.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_3_shift = key->p_x_low_limbs_range_constraint_3.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_4_shift = key->p_x_low_limbs_range_constraint_4.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_tail_shift = key->p_x_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.p_x_high_limbs_shift = key->p_x_high_limbs.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_0_shift = key->p_x_high_limbs_range_constraint_0.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_1_shift = key->p_x_high_limbs_range_constraint_1.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_2_shift = key->p_x_high_limbs_range_constraint_2.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_3_shift = key->p_x_high_limbs_range_constraint_3.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_4_shift = key->p_x_high_limbs_range_constraint_4.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_tail_shift = key->p_x_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.p_y_low_limbs_shift = key->p_y_low_limbs.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_0_shift = key->p_y_low_limbs_range_constraint_0.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_1_shift = key->p_y_low_limbs_range_constraint_1.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_2_shift = key->p_y_low_limbs_range_constraint_2.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_3_shift = key->p_y_low_limbs_range_constraint_3.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_4_shift = key->p_y_low_limbs_range_constraint_4.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_tail_shift = key->p_y_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.p_y_high_limbs_shift = key->p_y_high_limbs.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_0_shift = key->p_y_high_limbs_range_constraint_0.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_1_shift = key->p_y_high_limbs_range_constraint_1.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_2_shift = key->p_y_high_limbs_range_constraint_2.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_3_shift = key->p_y_high_limbs_range_constraint_3.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_4_shift = key->p_y_high_limbs_range_constraint_4.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_tail_shift = key->p_y_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.z_low_limbs_shift = key->z_low_limbs.shifted(); + prover_polynomials.z_low_limbs_range_constraint_0_shift = key->z_low_limbs_range_constraint_0.shifted(); + prover_polynomials.z_low_limbs_range_constraint_1_shift = key->z_low_limbs_range_constraint_1.shifted(); + prover_polynomials.z_low_limbs_range_constraint_2_shift = key->z_low_limbs_range_constraint_2.shifted(); + prover_polynomials.z_low_limbs_range_constraint_3_shift = key->z_low_limbs_range_constraint_3.shifted(); + prover_polynomials.z_low_limbs_range_constraint_4_shift = key->z_low_limbs_range_constraint_4.shifted(); + prover_polynomials.z_low_limbs_range_constraint_tail_shift = key->z_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.z_high_limbs_shift = key->z_high_limbs.shifted(); + prover_polynomials.z_high_limbs_range_constraint_0_shift = key->z_high_limbs_range_constraint_0.shifted(); + prover_polynomials.z_high_limbs_range_constraint_1_shift = key->z_high_limbs_range_constraint_1.shifted(); + prover_polynomials.z_high_limbs_range_constraint_2_shift = key->z_high_limbs_range_constraint_2.shifted(); + prover_polynomials.z_high_limbs_range_constraint_3_shift = key->z_high_limbs_range_constraint_3.shifted(); + prover_polynomials.z_high_limbs_range_constraint_4_shift = key->z_high_limbs_range_constraint_4.shifted(); + prover_polynomials.z_high_limbs_range_constraint_tail_shift = key->z_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.accumulators_binary_limbs_0_shift = key->accumulators_binary_limbs_0.shifted(); + prover_polynomials.accumulators_binary_limbs_1_shift = key->accumulators_binary_limbs_1.shifted(); + prover_polynomials.accumulators_binary_limbs_2_shift = key->accumulators_binary_limbs_2.shifted(); + prover_polynomials.accumulators_binary_limbs_3_shift = key->accumulators_binary_limbs_3.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_0_shift = + key->accumulator_low_limbs_range_constraint_0.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_1_shift = + key->accumulator_low_limbs_range_constraint_1.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_2_shift = + key->accumulator_low_limbs_range_constraint_2.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_3_shift = + key->accumulator_low_limbs_range_constraint_3.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_4_shift = + key->accumulator_low_limbs_range_constraint_4.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_tail_shift = + key->accumulator_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_0_shift = + key->accumulator_high_limbs_range_constraint_0.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_1_shift = + key->accumulator_high_limbs_range_constraint_1.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_2_shift = + key->accumulator_high_limbs_range_constraint_2.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_3_shift = + key->accumulator_high_limbs_range_constraint_3.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_4_shift = + key->accumulator_high_limbs_range_constraint_4.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_tail_shift = + key->accumulator_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.quotient_low_binary_limbs_shift = key->quotient_low_binary_limbs.shifted(); + prover_polynomials.quotient_high_binary_limbs_shift = key->quotient_high_binary_limbs.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_0_shift = + key->quotient_low_limbs_range_constraint_0.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_1_shift = + key->quotient_low_limbs_range_constraint_1.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_2_shift = + key->quotient_low_limbs_range_constraint_2.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_3_shift = + key->quotient_low_limbs_range_constraint_3.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_4_shift = + key->quotient_low_limbs_range_constraint_4.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_tail_shift = + key->quotient_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_0_shift = + key->quotient_high_limbs_range_constraint_0.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_1_shift = + key->quotient_high_limbs_range_constraint_1.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_2_shift = + key->quotient_high_limbs_range_constraint_2.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_3_shift = + key->quotient_high_limbs_range_constraint_3.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_4_shift = + key->quotient_high_limbs_range_constraint_4.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_tail_shift = + key->quotient_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.relation_wide_limbs_shift = key->relation_wide_limbs.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_0_shift = + key->relation_wide_limbs_range_constraint_0.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_1_shift = + key->relation_wide_limbs_range_constraint_1.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_2_shift = + key->relation_wide_limbs_range_constraint_2.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_3_shift = + key->relation_wide_limbs_range_constraint_3.shifted(); + prover_polynomials.ordered_range_constraints_0_shift = key->ordered_range_constraints_0.shifted(); + prover_polynomials.ordered_range_constraints_1_shift = key->ordered_range_constraints_1.shifted(); + prover_polynomials.ordered_range_constraints_2_shift = key->ordered_range_constraints_2.shifted(); + prover_polynomials.ordered_range_constraints_3_shift = key->ordered_range_constraints_3.shifted(); + prover_polynomials.ordered_range_constraints_4_shift = key->ordered_range_constraints_4.shifted(); + prover_polynomials.lagrange_first = key->lagrange_first; + prover_polynomials.lagrange_last = key->lagrange_last; + prover_polynomials.lagrange_odd_in_minicircuit = key->lagrange_odd_in_minicircuit; + prover_polynomials.lagrange_even_in_minicircuit = key->lagrange_even_in_minicircuit; + prover_polynomials.lagrange_second = key->lagrange_second; + prover_polynomials.lagrange_second_to_last_in_minicircuit = key->lagrange_second_to_last_in_minicircuit; + prover_polynomials.ordered_extra_range_constraints_numerator = key->ordered_extra_range_constraints_numerator; +} + +/** + * @brief Add circuit size and values used in the relations to the transcript + * + */ +template void GoblinTranslatorProver_::execute_preamble_round() +{ + const auto circuit_size = static_cast(key->circuit_size); + const auto SHIFT = uint256_t(1) << Flavor::NUM_LIMB_BITS; + const auto SHIFTx2 = uint256_t(1) << (Flavor::NUM_LIMB_BITS * 2); + const auto SHIFTx3 = uint256_t(1) << (Flavor::NUM_LIMB_BITS * 3); + const auto accumulated_result = typename Flavor::BF(uint256_t(key->accumulators_binary_limbs_0[1]) + + uint256_t(key->accumulators_binary_limbs_1[1]) * SHIFT + + uint256_t(key->accumulators_binary_limbs_2[1]) * SHIFTx2 + + uint256_t(key->accumulators_binary_limbs_3[1]) * SHIFTx3); + transcript.send_to_verifier("circuit_size", circuit_size); + transcript.send_to_verifier("evaluation_input_x", key->evaluation_input_x); + transcript.send_to_verifier("batching_challenge_v", key->batching_challenge_v); + transcript.send_to_verifier("accumulated_result", accumulated_result); +} + +/** + * @brief Compute commitments to the first three wires + * + */ +template void GoblinTranslatorProver_::execute_wire_and_sorted_constraints_commitments_round() +{ + // Commit to all wire polynomials + auto wire_polys = key->get_wires(); + auto labels = commitment_labels.get_wires(); + for (size_t idx = 0; idx < wire_polys.size(); ++idx) { + transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + } +} + +/** + * @brief Compute permutation and lookup grand product polynomials and commitments + * + */ +template void GoblinTranslatorProver_::execute_grand_product_computation_round() +{ + // Compute and store parameters required by relations in Sumcheck + auto [gamma] = transcript.get_challenges("gamma"); + const size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; + relation_parameters.beta = 0; + relation_parameters.gamma = gamma; + relation_parameters.public_input_delta = 0; + relation_parameters.lookup_grand_product_delta = 0; + auto uint_evaluation_input = uint256_t(key->evaluation_input_x); + relation_parameters.evaluation_input_x = { uint_evaluation_input.slice(0, NUM_LIMB_BITS), + uint_evaluation_input.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + uint_evaluation_input.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + uint_evaluation_input.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + uint_evaluation_input }; + + relation_parameters.accumulated_result = { key->accumulators_binary_limbs_0[1], + key->accumulators_binary_limbs_1[1], + key->accumulators_binary_limbs_2[1], + key->accumulators_binary_limbs_3[1] }; + + std::vector uint_batching_challenge_powers; + auto batching_challenge_v = key->batching_challenge_v; + uint_batching_challenge_powers.emplace_back(batching_challenge_v); + auto running_power = batching_challenge_v * batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + running_power *= batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + running_power *= batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + + for (size_t i = 0; i < 4; i++) { + relation_parameters.batching_challenge_v[i] = { + uint_batching_challenge_powers[i].slice(0, NUM_LIMB_BITS), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + uint_batching_challenge_powers[i] + }; + } + // Compute constraint permutation grand product + grand_product_library::compute_grand_products(key, prover_polynomials, relation_parameters); + + transcript.send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); +} + +/** + * @brief Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all evaluations at u being calculated. + * + */ +template void GoblinTranslatorProver_::execute_relation_check_rounds() +{ + using Sumcheck = sumcheck::SumcheckProver; + + auto sumcheck = Sumcheck(key->circuit_size, transcript); + + sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters); +} + +/** + * @brief Execute the ZeroMorph protocol to prove the multilinear evaluations produced by Sumcheck + * @details See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the unrolled protocol. + * + * */ +template void GoblinTranslatorProver_::execute_zeromorph_rounds() +{ + ZeroMorph::prove(prover_polynomials.get_unshifted(), + prover_polynomials.get_to_be_shifted(), + sumcheck_output.claimed_evaluations, + sumcheck_output.challenge, + commitment_key, + transcript, + prover_polynomials.get_concatenated_constraints(), + prover_polynomials.get_concatenation_groups()); +} + +template plonk::proof& GoblinTranslatorProver_::export_proof() +{ + proof.proof_data = transcript.proof_data; + return proof; +} + +template plonk::proof& GoblinTranslatorProver_::construct_proof() +{ + // Add circuit size public input size and public inputs to transcript. + execute_preamble_round(); + + // Compute first three wire commitments + execute_wire_and_sorted_constraints_commitments_round(); + + // Fiat-Shamir: gamma + // Compute grand product(s) and commitments. + execute_grand_product_computation_round(); + + // Fiat-Shamir: alpha + // Run sumcheck subprotocol. + execute_relation_check_rounds(); + + // Fiat-Shamir: rho, y, x, z + // Execute Zeromorph multilinear PCS + execute_zeromorph_rounds(); + + return export_proof(); +} + +template class GoblinTranslatorProver_; +} // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp new file mode 100644 index 000000000000..9b21f2274127 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -0,0 +1,63 @@ +#pragma once +#include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp" +#include "barretenberg/flavor/goblin_translator.hpp" +#include "barretenberg/plonk/proof_system/types/proof.hpp" +#include "barretenberg/relations/relation_parameters.hpp" +#include "barretenberg/sumcheck/sumcheck_output.hpp" +#include "barretenberg/transcript/transcript.hpp" + +namespace proof_system::honk { + +// We won't compile this class with honk::flavor::Standard, but we will like want to compile it (at least for testing) +// with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. +template class GoblinTranslatorProver_ { + + using FF = typename Flavor::FF; + using Commitment = typename Flavor::Commitment; + using CommitmentKey = typename Flavor::CommitmentKey; + using ProvingKey = typename Flavor::ProvingKey; + using Polynomial = typename Flavor::Polynomial; + using ProverPolynomials = typename Flavor::ProverPolynomials; + using CommitmentLabels = typename Flavor::CommitmentLabels; + using Curve = typename Flavor::Curve; + + static size_t constexpr MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; + static size_t constexpr FULL_CIRCUIT_SIZE = Flavor::FULL_CIRCUIT_SIZE; + + public: + explicit GoblinTranslatorProver_(std::shared_ptr input_key, + std::shared_ptr commitment_key); + + void execute_preamble_round(); + void execute_wire_and_sorted_constraints_commitments_round(); + void execute_grand_product_computation_round(); + void execute_relation_check_rounds(); + void execute_zeromorph_rounds(); + plonk::proof& export_proof(); + plonk::proof& construct_proof(); + + BaseTranscript transcript; + + proof_system::RelationParameters relation_parameters; + + std::shared_ptr key; + + // Container for spans of all polynomials required by the prover (i.e. all multivariates evaluated by Sumcheck). + ProverPolynomials prover_polynomials; + + CommitmentLabels commitment_labels; + + std::shared_ptr commitment_key; + + sumcheck::SumcheckOutput sumcheck_output; + + using ZeroMorph = pcs::zeromorph::ZeroMorphProver_; + + private: + plonk::proof proof; +}; + +extern template class GoblinTranslatorProver_; +using GoblinTranslatorProver = GoblinTranslatorProver_; + +} // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp new file mode 100644 index 000000000000..640cc943d74a --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -0,0 +1,349 @@ +#include "./goblin_translator_verifier.hpp" +#include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp" +#include "barretenberg/flavor/goblin_translator.hpp" +#include "barretenberg/honk/proof_system/power_polynomial.hpp" +#include "barretenberg/numeric/bitop/get_msb.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/transcript/transcript.hpp" + +using namespace barretenberg; +using namespace proof_system::honk::sumcheck; + +#pragma GCC diagnostic ignored "-Wunused-parameter" + +namespace proof_system::honk { +template +GoblinTranslatorVerifier_::GoblinTranslatorVerifier_( + std::shared_ptr verifier_key) + : key(verifier_key) +{} + +template +GoblinTranslatorVerifier_::GoblinTranslatorVerifier_(GoblinTranslatorVerifier_&& other) noexcept + : key(std::move(other.key)) + , pcs_verification_key(std::move(other.pcs_verification_key)) +{} + +template +GoblinTranslatorVerifier_& GoblinTranslatorVerifier_::operator=( + GoblinTranslatorVerifier_&& other) noexcept +{ + key = other.key; + pcs_verification_key = (std::move(other.pcs_verification_key)); + commitments.clear(); + pcs_fr_elements.clear(); + return *this; +} + +/** + * @brief This function verifies an GoblinTranslator Honk proof for given program settings. + * + */ +template +bool GoblinTranslatorVerifier_::verify_proof( + const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data) +{ + + using FF = typename Flavor::FF; + using BF = typename Flavor::BF; + using Commitment = typename Flavor::Commitment; + using Curve = typename Flavor::Curve; + using ZeroMorph = pcs::zeromorph::ZeroMorphVerifier_; + using VerifierCommitments = typename Flavor::VerifierCommitments; + using CommitmentLabels = typename Flavor::CommitmentLabels; + + const size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; + RelationParameters relation_parameters; + + transcript = BaseTranscript{ proof.proof_data }; + + auto commitments = VerifierCommitments(key, transcript); + auto commitment_labels = CommitmentLabels(); + + // TODO(Adrian): Change the initialization of the transcript to take the VK hash? + const auto circuit_size = transcript.template receive_from_prover("circuit_size"); + evaluation_input_x = transcript.template receive_from_prover("evaluation_input_x"); + batching_challenge_v = transcript.template receive_from_prover("batching_challenge_v"); + const auto uint_accumulated_result = uint256_t(transcript.template receive_from_prover("accumulated_result")); + auto uint_evaluation_input = uint256_t(evaluation_input_x); + relation_parameters.evaluation_input_x = { uint_evaluation_input.slice(0, NUM_LIMB_BITS), + uint_evaluation_input.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + uint_evaluation_input.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + uint_evaluation_input.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + uint_evaluation_input }; + relation_parameters.accumulated_result = { + uint_accumulated_result.slice(0, NUM_LIMB_BITS), + uint_accumulated_result.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + uint_accumulated_result.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + uint_accumulated_result.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + }; + std::vector uint_batching_challenge_powers; + uint_batching_challenge_powers.emplace_back(batching_challenge_v); + auto running_power = batching_challenge_v * batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + running_power *= batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + running_power *= batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + + for (size_t i = 0; i < 4; i++) { + relation_parameters.batching_challenge_v[i] = { + uint_batching_challenge_powers[i].slice(0, NUM_LIMB_BITS), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + uint_batching_challenge_powers[i] + }; + } + if (circuit_size != key->circuit_size) { + return false; + } + + // Get commitments + + // Get all the values of wires + commitments.op = transcript.template receive_from_prover(commitment_labels.op); + commitments.x_lo_y_hi = transcript.template receive_from_prover(commitment_labels.x_lo_y_hi); + commitments.x_hi_z_1 = transcript.template receive_from_prover(commitment_labels.x_hi_z_1); + commitments.y_lo_z_2 = transcript.template receive_from_prover(commitment_labels.y_lo_z_2); + commitments.p_x_low_limbs = transcript.template receive_from_prover(commitment_labels.p_x_low_limbs); + commitments.p_x_low_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_0); + commitments.p_x_low_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_1); + commitments.p_x_low_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_2); + commitments.p_x_low_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_3); + commitments.p_x_low_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_4); + commitments.p_x_low_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_tail); + commitments.p_x_high_limbs = transcript.template receive_from_prover(commitment_labels.p_x_high_limbs); + commitments.p_x_high_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_0); + commitments.p_x_high_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_1); + commitments.p_x_high_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_2); + commitments.p_x_high_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_3); + commitments.p_x_high_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_4); + commitments.p_x_high_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_tail); + commitments.p_y_low_limbs = transcript.template receive_from_prover(commitment_labels.p_y_low_limbs); + commitments.p_y_low_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_0); + commitments.p_y_low_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_1); + commitments.p_y_low_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_2); + commitments.p_y_low_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_3); + commitments.p_y_low_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_4); + commitments.p_y_low_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_tail); + commitments.p_y_high_limbs = transcript.template receive_from_prover(commitment_labels.p_y_high_limbs); + commitments.p_y_high_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_0); + commitments.p_y_high_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_1); + commitments.p_y_high_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_2); + commitments.p_y_high_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_3); + commitments.p_y_high_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_4); + commitments.p_y_high_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_tail); + commitments.z_low_limbs = transcript.template receive_from_prover(commitment_labels.z_low_limbs); + commitments.z_low_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_0); + commitments.z_low_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_1); + commitments.z_low_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_2); + commitments.z_low_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_3); + commitments.z_low_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_4); + commitments.z_low_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_tail); + commitments.z_high_limbs = transcript.template receive_from_prover(commitment_labels.z_high_limbs); + commitments.z_high_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_0); + commitments.z_high_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_1); + commitments.z_high_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_2); + commitments.z_high_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_3); + commitments.z_high_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_4); + commitments.z_high_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_tail); + commitments.accumulators_binary_limbs_0 = + transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_0); + commitments.accumulators_binary_limbs_1 = + transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_1); + commitments.accumulators_binary_limbs_2 = + transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_2); + commitments.accumulators_binary_limbs_3 = + transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_3); + commitments.accumulator_low_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_0); + commitments.accumulator_low_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_1); + commitments.accumulator_low_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_2); + commitments.accumulator_low_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_3); + commitments.accumulator_low_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_4); + commitments.accumulator_low_limbs_range_constraint_tail = transcript.template receive_from_prover( + commitment_labels.accumulator_low_limbs_range_constraint_tail); + commitments.accumulator_high_limbs_range_constraint_0 = transcript.template receive_from_prover( + commitment_labels.accumulator_high_limbs_range_constraint_0); + commitments.accumulator_high_limbs_range_constraint_1 = transcript.template receive_from_prover( + commitment_labels.accumulator_high_limbs_range_constraint_1); + commitments.accumulator_high_limbs_range_constraint_2 = transcript.template receive_from_prover( + commitment_labels.accumulator_high_limbs_range_constraint_2); + commitments.accumulator_high_limbs_range_constraint_3 = transcript.template receive_from_prover( + commitment_labels.accumulator_high_limbs_range_constraint_3); + commitments.accumulator_high_limbs_range_constraint_4 = transcript.template receive_from_prover( + commitment_labels.accumulator_high_limbs_range_constraint_4); + commitments.accumulator_high_limbs_range_constraint_tail = transcript.template receive_from_prover( + commitment_labels.accumulator_high_limbs_range_constraint_tail); + commitments.quotient_low_binary_limbs = + transcript.template receive_from_prover(commitment_labels.quotient_low_binary_limbs); + commitments.quotient_high_binary_limbs = + transcript.template receive_from_prover(commitment_labels.quotient_high_binary_limbs); + commitments.quotient_low_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_0); + commitments.quotient_low_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_1); + commitments.quotient_low_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_2); + commitments.quotient_low_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_3); + commitments.quotient_low_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_4); + commitments.quotient_low_limbs_range_constraint_tail = + transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_tail); + commitments.quotient_high_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_0); + commitments.quotient_high_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_1); + commitments.quotient_high_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_2); + commitments.quotient_high_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_3); + commitments.quotient_high_limbs_range_constraint_4 = + transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_4); + commitments.quotient_high_limbs_range_constraint_tail = transcript.template receive_from_prover( + commitment_labels.quotient_high_limbs_range_constraint_tail); + commitments.relation_wide_limbs = + transcript.template receive_from_prover(commitment_labels.relation_wide_limbs); + commitments.relation_wide_limbs_range_constraint_0 = + transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_0); + commitments.relation_wide_limbs_range_constraint_1 = + transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_1); + commitments.relation_wide_limbs_range_constraint_2 = + transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_2); + commitments.relation_wide_limbs_range_constraint_3 = + transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_3); + commitments.ordered_range_constraints_0 = + transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_0); + commitments.ordered_range_constraints_1 = + transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_1); + commitments.ordered_range_constraints_2 = + transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_2); + commitments.ordered_range_constraints_3 = + transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_3); + commitments.ordered_range_constraints_4 = + transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_4); + + // Get permutation challenges + auto [gamma] = transcript.get_challenges("gamma"); + + relation_parameters.beta = 0; + relation_parameters.gamma = gamma; + relation_parameters.public_input_delta = 0; + relation_parameters.lookup_grand_product_delta = 0; + + // Get commitment to permutation and lookup grand products + commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); + + // Execute Sumcheck Verifier + auto sumcheck = SumcheckVerifier(circuit_size); + + auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = + sumcheck.verify(relation_parameters, transcript); + + // If Sumcheck did not verify, return false + if (sumcheck_verified.has_value() && !sumcheck_verified.value()) { + info("sumcheck failed"); + return false; + } + + // Execute ZeroMorph rounds. See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the + // unrolled protocol. + auto pairing_points = ZeroMorph::verify(commitments, claimed_evaluations, multivariate_challenge, transcript); + + auto verified = pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]); + + const auto reconstruct_from_array = [](const auto& arr) { + const BF elt_0 = (static_cast(arr[0])); + const BF elt_1 = (static_cast(arr[1]) << 68); + const BF elt_2 = (static_cast(arr[2]) << 136); + const BF elt_3 = (static_cast(arr[3]) << 204); + const BF reconstructed = elt_0 + elt_1 + elt_2 + elt_3; + return reconstructed; + }; + + // info("in the verifier"); + // cheat_translation_consistency_data.print(); + const auto& reconstruct_value_from_eccvm_evaluations = + [&](const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data, + auto& relation_parameters) { + const BF accumulated_result = reconstruct_from_array(relation_parameters.accumulated_result); + const BF x = reconstruct_from_array(relation_parameters.evaluation_input_x); + const BF v1 = reconstruct_from_array(relation_parameters.batching_challenge_v[0]); + const BF v2 = reconstruct_from_array(relation_parameters.batching_challenge_v[1]); + const BF v3 = reconstruct_from_array(relation_parameters.batching_challenge_v[2]); + const BF v4 = reconstruct_from_array(relation_parameters.batching_challenge_v[3]); + const BF& op = cheat_translation_consistency_data.op; + const BF& Px = cheat_translation_consistency_data.Px; + const BF& Py = cheat_translation_consistency_data.Py; + const BF& z1 = cheat_translation_consistency_data.z1; + const BF& z2 = cheat_translation_consistency_data.z2; + + // info("translator vm verifier x: ", x); + // info("circuit_size: ", circuit_size); + + // info("translator verifier cheat_translation_consistency_data.op: ", + // cheat_translation_consistency_data.op); info("translator verifier cheat_translation_consistency_data.Px: + // ", cheat_translation_consistency_data.Px); info("translator verifier + // cheat_translation_consistency_data.Py: ", cheat_translation_consistency_data.Py); info("translator + // verifier cheat_translation_consistency_data.z1: ", cheat_translation_consistency_data.z1); + // info("translator verifier cheat_translation_consistency_data.z2: ", + // cheat_translation_consistency_data.z2); + + const BF eccvm_opening = (op + (v1 * Px) + (v2 * Py) + (v3 * z1) + (v4 * z2)); + // multiply by x here to deal with shift + return x * accumulated_result == eccvm_opening; + }; + + bool value_reconstructed = + reconstruct_value_from_eccvm_evaluations(cheat_translation_consistency_data, relation_parameters); + + verified &= value_reconstructed; + + return verified; +} + +template class GoblinTranslatorVerifier_; + +} // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp new file mode 100644 index 000000000000..07957c1c0e22 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -0,0 +1,39 @@ +#pragma once +#include "barretenberg/flavor/goblin_translator.hpp" +#include "barretenberg/goblin/cheat_translation_consistency_data.hpp" +#include "barretenberg/plonk/proof_system/types/proof.hpp" +#include "barretenberg/sumcheck/sumcheck.hpp" + +namespace proof_system::honk { +template class GoblinTranslatorVerifier_ { + using FF = typename Flavor::FF; + using BF = typename Flavor::BF; + using Commitment = typename Flavor::Commitment; + using VerificationKey = typename Flavor::VerificationKey; + using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; + using CheatGoblinTranslationConsistencyData = barretenberg::CheatGoblinTranslationConsistencyData; + + public: + explicit GoblinTranslatorVerifier_(std::shared_ptr verifier_key = nullptr); + GoblinTranslatorVerifier_(GoblinTranslatorVerifier_&& other) noexcept; + GoblinTranslatorVerifier_(const GoblinTranslatorVerifier_& other) = delete; + GoblinTranslatorVerifier_& operator=(const GoblinTranslatorVerifier_& other) = delete; + GoblinTranslatorVerifier_& operator=(GoblinTranslatorVerifier_&& other) noexcept; + ~GoblinTranslatorVerifier_() = default; + + bool verify_proof(const plonk::proof& proof, + const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data); + BF evaluation_input_x = 0; + BF batching_challenge_v = 0; + std::shared_ptr key; + std::map commitments; + std::map pcs_fr_elements; + std::shared_ptr pcs_verification_key; + BaseTranscript transcript; +}; + +extern template class GoblinTranslatorVerifier_; + +using GoblinTranslatorVerifier = GoblinTranslatorVerifier_; + +} // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp index aac5c1242124..8e464abbd4c6 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp @@ -483,7 +483,8 @@ TEST_F(RelationCorrectnessTests, GoblinTranslatorPermutationRelationCorrectness) // Compute the grand product polynomial grand_product_library::compute_grand_product>( circuit_size, prover_polynomials, params); - prover_polynomials.z_perm_shift = polynomial_container[Flavor::ALL_ENTITIES_IDS::Z_PERM].shifted(); + prover_polynomials.z_perm_shift = + polynomial_container[90].shifted(); // WORKTODO: magic number; use an existing structure using Relations = typename Flavor::Relations; @@ -558,17 +559,20 @@ TEST_F(RelationCorrectnessTests, GoblinTranslatorGenPermSortRelationCorrectness) polynomial_pointers[i + 1]->begin()); }); + // WORKTODO: rewrite these tests using AllPolynomials + enum ORDERED_RANGE_CONSTRAINTS : size_t { C0 = 85, C1, C2, C3, C4 }; + // Get shifted polynomials prover_polynomials.ordered_range_constraints_0_shift = - polynomial_container[Flavor::ORDERED_RANGE_CONSTRAINTS_0].shifted(); + polynomial_container[ORDERED_RANGE_CONSTRAINTS::C0].shifted(); prover_polynomials.ordered_range_constraints_1_shift = - polynomial_container[Flavor::ORDERED_RANGE_CONSTRAINTS_1].shifted(); + polynomial_container[ORDERED_RANGE_CONSTRAINTS::C1].shifted(); prover_polynomials.ordered_range_constraints_2_shift = - polynomial_container[Flavor::ORDERED_RANGE_CONSTRAINTS_2].shifted(); + polynomial_container[ORDERED_RANGE_CONSTRAINTS::C2].shifted(); prover_polynomials.ordered_range_constraints_3_shift = - polynomial_container[Flavor::ORDERED_RANGE_CONSTRAINTS_3].shifted(); + polynomial_container[ORDERED_RANGE_CONSTRAINTS::C3].shifted(); prover_polynomials.ordered_range_constraints_4_shift = - polynomial_container[Flavor::ORDERED_RANGE_CONSTRAINTS_4].shifted(); + polynomial_container[ORDERED_RANGE_CONSTRAINTS::C4].shifted(); using Relations = typename Flavor::Relations; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index 3100efad8e9f..1bfe511be462 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -56,9 +56,10 @@ template class UltraComposer_ { std::shared_ptr compute_commitment_key(size_t circuit_size) { - if (commitment_key) { - return commitment_key; - } + // // WORKTODO: this is too small for the merge prover + // if (commitment_key) { + // return commitment_key; + // } commitment_key = std::make_shared(circuit_size, crs_factory_); return commitment_key; @@ -81,7 +82,7 @@ template class UltraComposer_ { op_queue->set_size_data(); // Merge requires a commitment key with size equal to that of the current op queue transcript T_i since the // shift of the current contribution t_i will be of degree equal to deg(T_i) - auto commitment_key = compute_commitment_key(op_queue->get_current_size()); + auto commitment_key = compute_commitment_key(op_queue->get_current_size()); // WORKTODO return MergeProver_(commitment_key, op_queue); } From 34c8dd1e5655ff48c06f6c3a38206337e9dc0153 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 17 Nov 2023 21:44:13 +0000 Subject: [PATCH 02/39] Everything builds --- .../cpp/src/barretenberg/eccvm/eccvm_prover.cpp | 2 +- .../cpp/src/barretenberg/eccvm/eccvm_prover.hpp | 2 ++ .../translator_vm/goblin_translator_prover.cpp | 4 +++- .../translator_vm/goblin_translator_verifier.cpp | 11 +++++++++-- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 01d994bed637..4cb12075235f 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -320,7 +320,7 @@ template void ECCVMProver_::execute_transcript_cons transcript.send_to_verifier("Translation:hack_commitment", commitment_key->commit(hack)); // Get the challenge at which we evaluate the polynomials as univariates - FF evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); + evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); // Collect the polynomials and evaluations to be batched const size_t NUM_UNIVARIATES = 6; // 5 transcript polynomials plus the constant hack poly diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 59d6f306560c..04aa53f50548 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -66,6 +66,8 @@ template class ECCVMProver_ { Polynomial quotient_W; + FF evaluation_challenge_x; + sumcheck::SumcheckOutput sumcheck_output; pcs::gemini::ProverOutput gemini_output; pcs::shplonk::ProverOutput shplonk_output; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 688874d366fe..c7a235339b63 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -352,11 +352,13 @@ template void GoblinTranslatorProver_::execute_zeromor { ZeroMorph::prove(prover_polynomials.get_unshifted(), prover_polynomials.get_to_be_shifted(), - sumcheck_output.claimed_evaluations, + sumcheck_output.claimed_evaluations.get_unshifted(), + sumcheck_output.claimed_evaluations.get_shifted(), sumcheck_output.challenge, commitment_key, transcript, prover_polynomials.get_concatenated_constraints(), + sumcheck_output.claimed_evaluations.get_concatenated_constraints(), prover_polynomials.get_concatenation_groups()); } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 640cc943d74a..8d5dcfb8cea9 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -288,9 +288,16 @@ bool GoblinTranslatorVerifier_::verify_proof( return false; } - // Execute ZeroMorph rounds. See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the + // Execute ZeroMorph rounds. See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description ofthe // unrolled protocol. - auto pairing_points = ZeroMorph::verify(commitments, claimed_evaluations, multivariate_challenge, transcript); + auto pairing_points = ZeroMorph::verify(commitments.get_unshifted(), + commitments.get_to_be_shifted(), + claimed_evaluations.get_unshifted(), + claimed_evaluations.get_shifted(), + multivariate_challenge, + transcript, + commitments.get_concatenation_groups(), + claimed_evaluations.get_concatenated_constraints()); auto verified = pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]); From 6669d2bbdba2903a52aa0ebb5b94d8bad6e7de11 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 17 Nov 2023 22:34:17 +0000 Subject: [PATCH 03/39] Fix test --- .../commitment_schemes/zeromorph/zeromorph.hpp | 4 ++-- .../zeromorph/zeromorph.test.cpp | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp index 93ec07ec533f..1cd359ebe69a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp @@ -319,9 +319,9 @@ template class ZeroMorphProver_ { auto& multilinear_challenge, auto& commitment_key, auto& transcript, - const std::vector& concatenated_polynomials = {}, + const std::vector>& concatenated_polynomials = {}, const std::vector& concatenated_evaluations = {}, - const std::vector>& concatenation_groups = {}) + const std::vector>>& concatenation_groups = {}) { // Generate batching challenge \rho and powers 1,...,\rho^{m-1} FF rho = transcript.get_challenge("rho"); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp index 270f236ad683..30876c73e506 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp @@ -225,6 +225,17 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT // Initialize an empty BaseTranscript auto prover_transcript = BaseTranscript::prover_init_empty(); + std::vector> concatenated_polynomials_views; + for (auto& poly : concatenated_polynomials) { + concatenated_polynomials_views.emplace_back(poly); + } + + std::vector>> concatenation_groups_views(concatenation_groups.size()); + for (auto [group_of_polys, group_of_views] : zip_view(concatenation_groups, concatenation_groups_views)) { + for (auto& poly : group_of_polys) { + group_of_views.emplace_back(poly); + } + } // Execute Prover protocol ZeroMorphProver::prove(f_polynomials, // unshifted g_polynomials, // to-be-shifted @@ -233,9 +244,9 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT u_challenge, this->commitment_key, prover_transcript, - concatenated_polynomials, + concatenated_polynomials_views, c_evaluations, - concatenation_groups); + concatenation_groups_views); auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); From c8c3794e77764db1d4d55357da7410d7d7180f6d Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 17 Nov 2023 23:46:42 +0000 Subject: [PATCH 04/39] Re-link univariate evaluations --- .../src/barretenberg/eccvm/eccvm_prover.cpp | 35 ++++++++++--------- .../goblin/full_goblin_composer.test.cpp | 2 +- .../barretenberg/transcript/transcript.hpp | 35 +++++++++++-------- .../goblin_translator_verifier.cpp | 1 - 4 files changed, 41 insertions(+), 32 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 4cb12075235f..252564bd00c4 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -322,33 +322,36 @@ template void ECCVMProver_::execute_transcript_cons // Get the challenge at which we evaluate the polynomials as univariates evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); - // Collect the polynomials and evaluations to be batched - const size_t NUM_UNIVARIATES = 6; // 5 transcript polynomials plus the constant hack poly - std::array univariate_polynomials = { key->transcript_op, key->transcript_Px, - key->transcript_Py, key->transcript_z1, - key->transcript_z2, hack }; - std::array univariate_evaluations; - for (auto [eval, polynomial] : zip_view(univariate_evaluations, univariate_polynomials)) { - eval = polynomial.evaluate(evaluation_challenge_x); - } + cheat_translation_consistency_data.op = key->transcript_op.evaluate(evaluation_challenge_x); + cheat_translation_consistency_data.Px = key->transcript_Px.evaluate(evaluation_challenge_x); + cheat_translation_consistency_data.Py = key->transcript_Py.evaluate(evaluation_challenge_x); + cheat_translation_consistency_data.z1 = key->transcript_z1.evaluate(evaluation_challenge_x); + cheat_translation_consistency_data.z2 = key->transcript_z2.evaluate(evaluation_challenge_x); // Add the univariate evaluations to the transcript - transcript.send_to_verifier("Translation:op", univariate_evaluations[0]); - transcript.send_to_verifier("Translation:Px", univariate_evaluations[1]); - transcript.send_to_verifier("Translation:Py", univariate_evaluations[2]); - transcript.send_to_verifier("Translation:z1", univariate_evaluations[3]); - transcript.send_to_verifier("Translation:z2", univariate_evaluations[4]); - transcript.send_to_verifier("Translation:hack_evaluation", univariate_evaluations[5]); + transcript.send_to_verifier("Translation:op", cheat_translation_consistency_data.op); + transcript.send_to_verifier("Translation:Px", cheat_translation_consistency_data.Px); + transcript.send_to_verifier("Translation:Py", cheat_translation_consistency_data.Py); + transcript.send_to_verifier("Translation:z1", cheat_translation_consistency_data.z1); + transcript.send_to_verifier("Translation:z2", cheat_translation_consistency_data.z2); + transcript.send_to_verifier("Translation:hack_evaluation", hack.evaluate(evaluation_challenge_x)); // Get another challenge for batching the univariate claims FF batching_challenge = transcript.get_challenge("Translation:batching_challenge"); + // Collect the polynomials and evaluations to be batched + const size_t NUM_UNIVARIATES = 6; // 5 transcript polynomials plus the constant hack poly + std::array univariate_polynomials = { &key->transcript_op, &key->transcript_Px, + &key->transcript_Py, &key->transcript_z1, + &key->transcript_z2, &hack }; + std::array univariate_evaluations; + // Constuct the batched polynomial and batched evaluation Polynomial batched_univariate{ key->circuit_size }; FF batched_evaluation{ 0 }; auto batching_scalar = FF(1); for (auto [eval, polynomial] : zip_view(univariate_evaluations, univariate_polynomials)) { - batched_univariate.add_scaled(polynomial, batching_scalar); + batched_univariate.add_scaled(*polynomial, batching_scalar); batched_evaluation += eval * batching_scalar; batching_scalar *= batching_challenge; } diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index ec603f50eee8..b35c699dbf80 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -182,7 +182,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) EXPECT_TRUE(eccvm_verified); // Execute the Translator - auto batching_challenge = Fbase::random_element(); + auto batching_challenge = Fbase::random_element(); // WORKTODO: where is this derived? auto evaluation_input = eccvm_prover.evaluation_challenge_x; auto translator_builder = TranslatorBuilder(batching_challenge, evaluation_input, *op_queue); // WORKTODO: take pointer or ref diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index 215d23b7c98b..dd56d7a218d1 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -5,6 +5,8 @@ #include "barretenberg/crypto/pedersen_hash/pedersen.hpp" #include +// #define DEBUG_TRANSCRIPT + namespace proof_system::honk { // class TranscriptManifest; @@ -220,9 +222,11 @@ template class BaseTranscript { // Prepare for next round. ++round_number; - // for (auto& challenge : challenges) { - // info(challenge); - // }; +#ifdef DEBUG_TRANSCRIPT + for (auto& challenge : challenges) { + info(challenge); + }; +#endif return challenges; } @@ -242,12 +246,13 @@ template class BaseTranscript { */ template void send_to_verifier(const std::string& label, const T& element) { - // info("TRANSCRIPT: ", label); - // if constexpr (std::same_as || std::same_as || - // std::same_as || std::same_as) { - // info("element: ", element); - // } - +#ifdef DEBUG_TRANSCRIPT + info("TRANSCRIPT: ", label); + if constexpr (std::same_as || std::same_as || + std::same_as || std::same_as) { + info("element: ", element); + } +#endif using serialize::write; // TODO(Adrian): Ensure that serialization of affine elements (including point at infinity) is consistent. // TODO(Adrian): Consider restricting serialization (via concepts) to types T for which sizeof(T) reliably @@ -275,11 +280,13 @@ template class BaseTranscript { BaseTranscript::consume_prover_element_bytes(label, element_bytes); T element = from_buffer(element_bytes); - // info("TRANSCRIPT: ", label); - // if constexpr (std::same_as || std::same_as || - // std::same_as || std::same_as) { - // info("element: ", element); - // } +#ifdef DEBUG_TRANSCRIPT + info("TRANSCRIPT: ", label); + if constexpr (std::same_as || std::same_as || + std::same_as || std::same_as) { + info("element: ", element); + } +#endif return element; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 8d5dcfb8cea9..0a4db4cabcfa 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -43,7 +43,6 @@ template bool GoblinTranslatorVerifier_::verify_proof( const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data) { - using FF = typename Flavor::FF; using BF = typename Flavor::BF; using Commitment = typename Flavor::Commitment; From 0c0ea53eb59f6fcb69af894b1096d799756560d9 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 17 Nov 2023 23:52:35 +0000 Subject: [PATCH 05/39] Rename struct --- .../src/barretenberg/eccvm/eccvm_prover.cpp | 20 +++++------ .../src/barretenberg/eccvm/eccvm_prover.hpp | 4 +-- .../goblin/full_goblin_composer.test.cpp | 5 ++- ...y_data.hpp => translation_evaluations.hpp} | 0 .../goblin_translator_verifier.cpp | 34 +++++++++---------- .../goblin_translator_verifier.hpp | 5 ++- 6 files changed, 32 insertions(+), 36 deletions(-) rename barretenberg/cpp/src/barretenberg/goblin/{cheat_translation_consistency_data.hpp => translation_evaluations.hpp} (100%) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 252564bd00c4..5f145f9d4683 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -322,18 +322,18 @@ template void ECCVMProver_::execute_transcript_cons // Get the challenge at which we evaluate the polynomials as univariates evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); - cheat_translation_consistency_data.op = key->transcript_op.evaluate(evaluation_challenge_x); - cheat_translation_consistency_data.Px = key->transcript_Px.evaluate(evaluation_challenge_x); - cheat_translation_consistency_data.Py = key->transcript_Py.evaluate(evaluation_challenge_x); - cheat_translation_consistency_data.z1 = key->transcript_z1.evaluate(evaluation_challenge_x); - cheat_translation_consistency_data.z2 = key->transcript_z2.evaluate(evaluation_challenge_x); + translation_evaluations.op = key->transcript_op.evaluate(evaluation_challenge_x); + translation_evaluations.Px = key->transcript_Px.evaluate(evaluation_challenge_x); + translation_evaluations.Py = key->transcript_Py.evaluate(evaluation_challenge_x); + translation_evaluations.z1 = key->transcript_z1.evaluate(evaluation_challenge_x); + translation_evaluations.z2 = key->transcript_z2.evaluate(evaluation_challenge_x); // Add the univariate evaluations to the transcript - transcript.send_to_verifier("Translation:op", cheat_translation_consistency_data.op); - transcript.send_to_verifier("Translation:Px", cheat_translation_consistency_data.Px); - transcript.send_to_verifier("Translation:Py", cheat_translation_consistency_data.Py); - transcript.send_to_verifier("Translation:z1", cheat_translation_consistency_data.z1); - transcript.send_to_verifier("Translation:z2", cheat_translation_consistency_data.z2); + transcript.send_to_verifier("Translation:op", translation_evaluations.op); + transcript.send_to_verifier("Translation:Px", translation_evaluations.Px); + transcript.send_to_verifier("Translation:Py", translation_evaluations.Py); + transcript.send_to_verifier("Translation:z1", translation_evaluations.z1); + transcript.send_to_verifier("Translation:z2", translation_evaluations.z2); transcript.send_to_verifier("Translation:hack_evaluation", hack.evaluate(evaluation_challenge_x)); // Get another challenge for batching the univariate claims diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 04aa53f50548..654cb8157f17 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -2,7 +2,7 @@ #include "barretenberg/commitment_schemes/gemini/gemini.hpp" #include "barretenberg/commitment_schemes/shplonk/shplonk.hpp" #include "barretenberg/flavor/ecc_vm.hpp" -#include "barretenberg/goblin/cheat_translation_consistency_data.hpp" +#include "barretenberg/goblin/translation_evaluations.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" @@ -45,7 +45,7 @@ template class ECCVMProver_ { Transcript transcript; - CheatGoblinTranslationConsistencyData cheat_translation_consistency_data; + CheatGoblinTranslationConsistencyData translation_evaluations; std::vector public_inputs; diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index b35c699dbf80..1b93e005a20e 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -1,5 +1,5 @@ #include "barretenberg/eccvm/eccvm_composer.hpp" -#include "barretenberg/goblin/cheat_translation_consistency_data.hpp" +#include "barretenberg/goblin/translation_evaluations.hpp" #include "barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp" #include "barretenberg/proof_system/circuit_builder/goblin_ultra_circuit_builder.hpp" #include "barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp" @@ -190,8 +190,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) auto translator_prover = translator_composer.create_prover(translator_builder); auto translator_verifier = translator_composer.create_verifier(translator_builder); auto translator_proof = translator_prover.construct_proof(); - bool translator_verified = - translator_verifier.verify_proof(translator_proof, eccvm_prover.cheat_translation_consistency_data); + bool translator_verified = translator_verifier.verify_proof(translator_proof, eccvm_prover.translation_evaluations); EXPECT_TRUE(translator_verified); } diff --git a/barretenberg/cpp/src/barretenberg/goblin/cheat_translation_consistency_data.hpp b/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp similarity index 100% rename from barretenberg/cpp/src/barretenberg/goblin/cheat_translation_consistency_data.hpp rename to barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 0a4db4cabcfa..2ddeb2d882dc 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -41,7 +41,7 @@ GoblinTranslatorVerifier_& GoblinTranslatorVerifier_::operator=( */ template bool GoblinTranslatorVerifier_::verify_proof( - const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data) + const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& translation_evaluations) { using FF = typename Flavor::FF; using BF = typename Flavor::BF; @@ -310,40 +310,38 @@ bool GoblinTranslatorVerifier_::verify_proof( }; // info("in the verifier"); - // cheat_translation_consistency_data.print(); + // translation_evaluations.print(); const auto& reconstruct_value_from_eccvm_evaluations = - [&](const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data, - auto& relation_parameters) { + [&](const CheatGoblinTranslationConsistencyData& translation_evaluations, auto& relation_parameters) { const BF accumulated_result = reconstruct_from_array(relation_parameters.accumulated_result); const BF x = reconstruct_from_array(relation_parameters.evaluation_input_x); const BF v1 = reconstruct_from_array(relation_parameters.batching_challenge_v[0]); const BF v2 = reconstruct_from_array(relation_parameters.batching_challenge_v[1]); const BF v3 = reconstruct_from_array(relation_parameters.batching_challenge_v[2]); const BF v4 = reconstruct_from_array(relation_parameters.batching_challenge_v[3]); - const BF& op = cheat_translation_consistency_data.op; - const BF& Px = cheat_translation_consistency_data.Px; - const BF& Py = cheat_translation_consistency_data.Py; - const BF& z1 = cheat_translation_consistency_data.z1; - const BF& z2 = cheat_translation_consistency_data.z2; + const BF& op = translation_evaluations.op; + const BF& Px = translation_evaluations.Px; + const BF& Py = translation_evaluations.Py; + const BF& z1 = translation_evaluations.z1; + const BF& z2 = translation_evaluations.z2; // info("translator vm verifier x: ", x); // info("circuit_size: ", circuit_size); - // info("translator verifier cheat_translation_consistency_data.op: ", - // cheat_translation_consistency_data.op); info("translator verifier cheat_translation_consistency_data.Px: - // ", cheat_translation_consistency_data.Px); info("translator verifier - // cheat_translation_consistency_data.Py: ", cheat_translation_consistency_data.Py); info("translator - // verifier cheat_translation_consistency_data.z1: ", cheat_translation_consistency_data.z1); - // info("translator verifier cheat_translation_consistency_data.z2: ", - // cheat_translation_consistency_data.z2); + // info("translator verifier translation_evaluations.op: ", + // translation_evaluations.op); info("translator verifier translation_evaluations.Px: + // ", translation_evaluations.Px); info("translator verifier + // translation_evaluations.Py: ", translation_evaluations.Py); info("translator + // verifier translation_evaluations.z1: ", translation_evaluations.z1); + // info("translator verifier translation_evaluations.z2: ", + // translation_evaluations.z2); const BF eccvm_opening = (op + (v1 * Px) + (v2 * Py) + (v3 * z1) + (v4 * z2)); // multiply by x here to deal with shift return x * accumulated_result == eccvm_opening; }; - bool value_reconstructed = - reconstruct_value_from_eccvm_evaluations(cheat_translation_consistency_data, relation_parameters); + bool value_reconstructed = reconstruct_value_from_eccvm_evaluations(translation_evaluations, relation_parameters); verified &= value_reconstructed; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index 07957c1c0e22..d05dd99b6744 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/flavor/goblin_translator.hpp" -#include "barretenberg/goblin/cheat_translation_consistency_data.hpp" +#include "barretenberg/goblin/translation_evaluations.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/sumcheck/sumcheck.hpp" @@ -21,8 +21,7 @@ template class GoblinTranslatorVerifier_ { GoblinTranslatorVerifier_& operator=(GoblinTranslatorVerifier_&& other) noexcept; ~GoblinTranslatorVerifier_() = default; - bool verify_proof(const plonk::proof& proof, - const CheatGoblinTranslationConsistencyData& cheat_translation_consistency_data); + bool verify_proof(const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& translation_evaluations); BF evaluation_input_x = 0; BF batching_challenge_v = 0; std::shared_ptr key; From 7c3d80f9106a613d9f868cb5476cf922bbc0a5e3 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 18 Nov 2023 02:56:18 +0000 Subject: [PATCH 06/39] Revert shplonk --- .../commitment_schemes/shplonk/shplonk.hpp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp index d302295bda86..06b258644ac1 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp @@ -104,7 +104,6 @@ template class ShplonkProver_ { const Fr& nu_challenge, const Fr& z_challenge) { - const size_t num_opening_pairs = opening_pairs.size(); // {ẑⱼ(r)}ⱼ , where ẑⱼ(r) = 1/zⱼ(r) = 1/(r - xⱼ) @@ -164,16 +163,16 @@ template class ShplonkVerifier_ { */ static OpeningClaim reduce_verification(std::shared_ptr vk, std::span> claims, - auto& transcript, - const std::string& suffix = "") + auto& transcript) { const size_t num_claims = claims.size(); - const Fr nu = transcript.get_challenge("Shplonk" + suffix + ":nu"); - auto Q_commitment = transcript.template receive_from_prover("Shplonk" + suffix + ":Q"); + const Fr nu = transcript.get_challenge("Shplonk:nu"); + + auto Q_commitment = transcript.template receive_from_prover("Shplonk:Q"); - const Fr z_challenge = transcript.get_challenge("Shplonk" + suffix + ":z"); + const Fr z_challenge = transcript.get_challenge("Shplonk:z"); // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1] // = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )] @@ -206,7 +205,7 @@ template class ShplonkVerifier_ { std::vector inverse_vanishing_evals; inverse_vanishing_evals.reserve(num_claims); for (const auto& claim : claims) { - // Note: no need for batch inversion; emulated inverison is cheap. (just show known inverse is valid) + // Note: no need for batch inversion; emulated inversion is cheap. (just show known inverse is valid) inverse_vanishing_evals.emplace_back((z_challenge - claim.opening_pair.challenge).invert()); } From 9dc88fbb4d2de6bfbc3edc10f5a64c83d442d814 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 18 Nov 2023 02:58:38 +0000 Subject: [PATCH 07/39] Cheat... ~> TranslationEvaluations --- .../commitment_schemes/ipa/ipa.hpp | 2 +- .../src/barretenberg/eccvm/eccvm_prover.hpp | 4 +- .../goblin/full_goblin_composer.test.cpp | 2 +- .../goblin/translation_evaluations.hpp | 2 +- .../goblin_translator_verifier.cpp | 56 +++++++++---------- .../goblin_translator_verifier.hpp | 4 +- 6 files changed, 35 insertions(+), 35 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index df7246864366..7a46a3eb71e4 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -202,7 +202,7 @@ template class IPA { // Copy the G_vector to local memory. std::vector G_vec_local(poly_degree); // The SRS stored in the commitment key is the result after applying the pippenger point table so the - // values at odd indices contain the point {srs[i-1].x * g beta, srs[i-1].y}, where beta is the endomorphism + // values at odd indices contain the point {srs[i-1].x * beta, srs[i-1].y}, where beta is the endomorphism // G_vec_local should use only the original SRS thus we extract only the even indices. for (size_t i = 0; i < poly_degree * 2; i += 2) { G_vec_local[i >> 1] = srs_elements[i]; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 654cb8157f17..3cd07fb94142 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -23,7 +23,7 @@ template class ECCVMProver_ { using CommitmentLabels = typename Flavor::CommitmentLabels; using Curve = typename Flavor::Curve; using Transcript = typename Flavor::Transcript; - using CheatGoblinTranslationConsistencyData = barretenberg::CheatGoblinTranslationConsistencyData; + using TranslationEvaluations = barretenberg::TranslationEvaluations; public: explicit ECCVMProver_(std::shared_ptr input_key, std::shared_ptr commitment_key); @@ -45,7 +45,7 @@ template class ECCVMProver_ { Transcript transcript; - CheatGoblinTranslationConsistencyData translation_evaluations; + TranslationEvaluations translation_evaluations; std::vector public_inputs; diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 1b93e005a20e..ee16df1b3c63 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -35,7 +35,7 @@ class FullGoblinComposerTests : public ::testing::Test { using TranslatorFlavor = flavor::GoblinTranslator; using TranslatorBuilder = proof_system::GoblinTranslatorCircuitBuilder; using TranslatorComposer = GoblinTranslatorComposer_; - using TranslatorConsistencyData = barretenberg::CheatGoblinTranslationConsistencyData; + using TranslatorConsistencyData = barretenberg::TranslationEvaluations; static constexpr size_t NUM_OP_QUEUE_COLUMNS = flavor::GoblinUltra::NUM_WIRES; diff --git a/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp b/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp index 99b25262bf94..4cead676cfae 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp @@ -4,7 +4,7 @@ #include namespace barretenberg { -struct CheatGoblinTranslationConsistencyData { +struct TranslationEvaluations { fq op, Px, Py, z1, z2; void print() const { info("op: ", op, "\n", "Px: ", Px, "\n", "Py: ", Py, "\n", "z1: ", z1, "\n", "z2: ", z2); }; }; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 2ddeb2d882dc..ff31954b3769 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -40,8 +40,8 @@ GoblinTranslatorVerifier_& GoblinTranslatorVerifier_::operator=( * */ template -bool GoblinTranslatorVerifier_::verify_proof( - const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& translation_evaluations) +bool GoblinTranslatorVerifier_::verify_proof(const plonk::proof& proof, + const TranslationEvaluations& translation_evaluations) { using FF = typename Flavor::FF; using BF = typename Flavor::BF; @@ -311,35 +311,35 @@ bool GoblinTranslatorVerifier_::verify_proof( // info("in the verifier"); // translation_evaluations.print(); - const auto& reconstruct_value_from_eccvm_evaluations = - [&](const CheatGoblinTranslationConsistencyData& translation_evaluations, auto& relation_parameters) { - const BF accumulated_result = reconstruct_from_array(relation_parameters.accumulated_result); - const BF x = reconstruct_from_array(relation_parameters.evaluation_input_x); - const BF v1 = reconstruct_from_array(relation_parameters.batching_challenge_v[0]); - const BF v2 = reconstruct_from_array(relation_parameters.batching_challenge_v[1]); - const BF v3 = reconstruct_from_array(relation_parameters.batching_challenge_v[2]); - const BF v4 = reconstruct_from_array(relation_parameters.batching_challenge_v[3]); - const BF& op = translation_evaluations.op; - const BF& Px = translation_evaluations.Px; - const BF& Py = translation_evaluations.Py; - const BF& z1 = translation_evaluations.z1; - const BF& z2 = translation_evaluations.z2; + const auto& reconstruct_value_from_eccvm_evaluations = [&](const TranslationEvaluations& translation_evaluations, + auto& relation_parameters) { + const BF accumulated_result = reconstruct_from_array(relation_parameters.accumulated_result); + const BF x = reconstruct_from_array(relation_parameters.evaluation_input_x); + const BF v1 = reconstruct_from_array(relation_parameters.batching_challenge_v[0]); + const BF v2 = reconstruct_from_array(relation_parameters.batching_challenge_v[1]); + const BF v3 = reconstruct_from_array(relation_parameters.batching_challenge_v[2]); + const BF v4 = reconstruct_from_array(relation_parameters.batching_challenge_v[3]); + const BF& op = translation_evaluations.op; + const BF& Px = translation_evaluations.Px; + const BF& Py = translation_evaluations.Py; + const BF& z1 = translation_evaluations.z1; + const BF& z2 = translation_evaluations.z2; - // info("translator vm verifier x: ", x); - // info("circuit_size: ", circuit_size); + // info("translator vm verifier x: ", x); + // info("circuit_size: ", circuit_size); - // info("translator verifier translation_evaluations.op: ", - // translation_evaluations.op); info("translator verifier translation_evaluations.Px: - // ", translation_evaluations.Px); info("translator verifier - // translation_evaluations.Py: ", translation_evaluations.Py); info("translator - // verifier translation_evaluations.z1: ", translation_evaluations.z1); - // info("translator verifier translation_evaluations.z2: ", - // translation_evaluations.z2); + // info("translator verifier translation_evaluations.op: ", + // translation_evaluations.op); info("translator verifier translation_evaluations.Px: + // ", translation_evaluations.Px); info("translator verifier + // translation_evaluations.Py: ", translation_evaluations.Py); info("translator + // verifier translation_evaluations.z1: ", translation_evaluations.z1); + // info("translator verifier translation_evaluations.z2: ", + // translation_evaluations.z2); - const BF eccvm_opening = (op + (v1 * Px) + (v2 * Py) + (v3 * z1) + (v4 * z2)); - // multiply by x here to deal with shift - return x * accumulated_result == eccvm_opening; - }; + const BF eccvm_opening = (op + (v1 * Px) + (v2 * Py) + (v3 * z1) + (v4 * z2)); + // multiply by x here to deal with shift + return x * accumulated_result == eccvm_opening; + }; bool value_reconstructed = reconstruct_value_from_eccvm_evaluations(translation_evaluations, relation_parameters); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index d05dd99b6744..cebc00696651 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -11,7 +11,7 @@ template class GoblinTranslatorVerifier_ { using Commitment = typename Flavor::Commitment; using VerificationKey = typename Flavor::VerificationKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; - using CheatGoblinTranslationConsistencyData = barretenberg::CheatGoblinTranslationConsistencyData; + using TranslationEvaluations = barretenberg::TranslationEvaluations; public: explicit GoblinTranslatorVerifier_(std::shared_ptr verifier_key = nullptr); @@ -21,7 +21,7 @@ template class GoblinTranslatorVerifier_ { GoblinTranslatorVerifier_& operator=(GoblinTranslatorVerifier_&& other) noexcept; ~GoblinTranslatorVerifier_() = default; - bool verify_proof(const plonk::proof& proof, const CheatGoblinTranslationConsistencyData& translation_evaluations); + bool verify_proof(const plonk::proof& proof, const TranslationEvaluations& translation_evaluations); BF evaluation_input_x = 0; BF batching_challenge_v = 0; std::shared_ptr key; From 1490b7d13d4c8be03a25958795bd85bcd2b3e43e Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 18 Nov 2023 03:01:15 +0000 Subject: [PATCH 08/39] Clean up --- .../cpp/src/barretenberg/goblin/translation_evaluations.hpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp b/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp index 4cead676cfae..4a0e6d5d8351 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp @@ -1,11 +1,8 @@ #pragma once #include "barretenberg/ecc/curves/bn254/fq.hpp" -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include namespace barretenberg { struct TranslationEvaluations { fq op, Px, Py, z1, z2; - void print() const { info("op: ", op, "\n", "Px: ", Px, "\n", "Py: ", Py, "\n", "z1: ", z1, "\n", "z2: ", z2); }; }; } // namespace barretenberg \ No newline at end of file From d9ebe64d7e6bbd93c7916744638ca152ee48d36b Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 18 Nov 2023 03:04:38 +0000 Subject: [PATCH 09/39] Scrap test for now --- .../goblin/full_goblin_composer.test.cpp | 49 ++----------------- 1 file changed, 3 insertions(+), 46 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index ee16df1b3c63..87b4c044679e 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -47,12 +47,11 @@ class FullGoblinComposerTests : public ::testing::Test { static void generate_test_circuit(GoblinUltraBuilder& builder) { // Add some arbitrary ecc op gates - // ((a+ab) + c + cd) + e + ef for (size_t i = 0; i < 3; ++i) { auto point = Point::random_element(); auto scalar = FF::random_element(); builder.queue_ecc_add_accum(point); - builder.queue_ecc_mul_accum(point, scalar); // WORKTODO: name this add_multiple or something + builder.queue_ecc_mul_accum(point, scalar); } // queues the result of the preceding ECC builder.queue_ecc_eq(); // should be eq and reset @@ -148,6 +147,7 @@ class FullGoblinComposerTests : public ::testing::Test { */ TEST_F(FullGoblinComposerTests, SimpleCircuit) { + // WORKTODO: put this in a class auto op_queue = std::make_shared(); // Add mock data to op queue to simulate interaction with a "first" circuit @@ -194,49 +194,6 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) EXPECT_TRUE(translator_verified); } -/** - * @brief Check that ECCVM verification fails if ECC op queue operands are tampered with - * - */ -// TEST_F(FullGoblinComposerTests, SimpleCircuitFailureCase) -// { -// auto op_queue = std::make_shared(); - -// // Add mock data to op queue to simulate interaction with a "first" circuit -// perform_op_queue_interactions_for_mock_first_circuit(op_queue); - -// // Construct a series of simple Goblin circuits; generate and verify their proofs -// size_t NUM_CIRCUITS = 3; -// for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) { -// auto builder = GoblinUltraBuilder(op_queue); - -// generate_test_circuit(builder); - -// // The same composer is used to manage Honk and Merge prover/verifier -// auto composer = GoblinUltraComposer(); - -// // Construct and verify Ultra Goblin Honk proof -// auto honk_verified = construct_and_verify_honk_proof(composer, builder); -// EXPECT_TRUE(honk_verified); - -// // Construct and verify op queue merge proof -// auto merge_verified = construct_and_verify_merge_proof(composer, op_queue); -// EXPECT_TRUE(merge_verified); -// } - -// // Construct an ECCVM circuit then generate and verify its proof -// { -// // Instantiate an ECCVM builder with the vm ops stored in the op queue -// auto builder = ECCVMBuilder(op_queue->raw_ops); - -// // Fiddle with one of the operands to trigger a failure -// builder.vm_operations[0].z1 += 1; - -// // Construct and verify ECCVM proof -// auto composer = ECCVMComposer(); -// auto eccvm_verified = construct_and_verify_eccvm_proof(composer, builder); -// EXPECT_FALSE(eccvm_verified); -// } -// } +// WORKTODO: write more tests } // namespace test_full_goblin_composer From fe01fd368dd589f5ee2764d729c893d412f3a29c Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 18 Nov 2023 23:33:51 +0000 Subject: [PATCH 10/39] cleanup --- .../goblin_translator_circuit_builder.hpp | 1 - .../barretenberg/transcript/transcript.hpp | 23 +------------------ .../goblin_translator_composer.cpp | 6 ----- .../goblin_translator_composer.hpp | 3 +-- 4 files changed, 2 insertions(+), 31 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp index 7c124f327010..ed750c7167a6 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp @@ -94,7 +94,6 @@ class GoblinTranslatorCircuitBuilder : public CircuitBuilderBase - -// #define DEBUG_TRANSCRIPT namespace proof_system::honk { @@ -222,11 +219,6 @@ template class BaseTranscript { // Prepare for next round. ++round_number; -#ifdef DEBUG_TRANSCRIPT - for (auto& challenge : challenges) { - info(challenge); - }; -#endif return challenges; } @@ -246,13 +238,6 @@ template class BaseTranscript { */ template void send_to_verifier(const std::string& label, const T& element) { -#ifdef DEBUG_TRANSCRIPT - info("TRANSCRIPT: ", label); - if constexpr (std::same_as || std::same_as || - std::same_as || std::same_as) { - info("element: ", element); - } -#endif using serialize::write; // TODO(Adrian): Ensure that serialization of affine elements (including point at infinity) is consistent. // TODO(Adrian): Consider restricting serialization (via concepts) to types T for which sizeof(T) reliably @@ -280,13 +265,7 @@ template class BaseTranscript { BaseTranscript::consume_prover_element_bytes(label, element_bytes); T element = from_buffer(element_bytes); -#ifdef DEBUG_TRANSCRIPT - info("TRANSCRIPT: ", label); - if constexpr (std::same_as || std::same_as || - std::same_as || std::same_as) { - info("element: ", element); - } -#endif + return element; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 8d39f8060693..375cdd1b3f44 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -16,12 +16,6 @@ #include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" #include "barretenberg/proof_system/composer/composer_lib.hpp" #include "barretenberg/proof_system/composer/permutation_lib.hpp" -#include "barretenberg/translator_vm/goblin_translator_prover.hpp" -#include -#include -#include -#include -#include namespace proof_system::honk { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index de0d1f331935..781931e536b3 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -6,11 +6,10 @@ #include "barretenberg/srs/global_crs.hpp" #include "barretenberg/translator_vm/goblin_translator_prover.hpp" #include "barretenberg/translator_vm/goblin_translator_verifier.hpp" -#include namespace proof_system::honk { using namespace barretenberg; -template class GoblinTranslatorComposer_ { +template class GoblinTranslatorComposer_ { // WORKTODO: untemplate public: using CircuitBuilder = typename Flavor::CircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; From ee565cf58cc3bb2414a542399d3c96bb248cd890 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 00:29:36 +0000 Subject: [PATCH 11/39] Untemplate composer --- .../goblin/full_goblin_composer.test.cpp | 2 +- .../goblin_translator_composer.cpp | 32 ++++++++----------- .../goblin_translator_composer.hpp | 20 ++++++------ .../goblin_translator_composer.test.cpp | 4 +-- 4 files changed, 26 insertions(+), 32 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 87b4c044679e..7dd531ed1530 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -34,7 +34,7 @@ class FullGoblinComposerTests : public ::testing::Test { using ECCVMComposer = ECCVMComposer_; using TranslatorFlavor = flavor::GoblinTranslator; using TranslatorBuilder = proof_system::GoblinTranslatorCircuitBuilder; - using TranslatorComposer = GoblinTranslatorComposer_; + using TranslatorComposer = GoblinTranslatorComposer; using TranslatorConsistencyData = barretenberg::TranslationEvaluations; static constexpr size_t NUM_OP_QUEUE_COLUMNS = flavor::GoblinUltra::NUM_WIRES; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 375cdd1b3f44..475337145319 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -18,15 +18,15 @@ #include "barretenberg/proof_system/composer/permutation_lib.hpp" namespace proof_system::honk { - +using Flavor = honk::flavor::GoblinTranslator; // WORKTODO remove /** * @brief Helper method to compute quantities like total number of gates and dyadic circuit size * * @tparam Flavor * @param circuit_constructor */ -template -void GoblinTranslatorComposer_::compute_circuit_size_parameters(CircuitBuilder& circuit_builder) + +void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& circuit_builder) { const size_t num_gates = circuit_builder.num_gates; @@ -58,7 +58,7 @@ void GoblinTranslatorComposer_::compute_circuit_size_parameters(CircuitB * * @return std::vector * */ -template + std::vector construct_wire_polynomials_base_goblin_translator( const typename Flavor::CircuitBuilder& circuit_constructor, const size_t dyadic_circuit_size) { @@ -88,15 +88,14 @@ std::vector construct_wire_polynomials_base_goblin_ * @brief Compute witness polynomials * */ -template void GoblinTranslatorComposer_::compute_witness(CircuitBuilder& circuit_constructor) +void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_constructor) { if (computed_witness) { return; } // Construct the conventional wire polynomials - auto wire_polynomials = - construct_wire_polynomials_base_goblin_translator(circuit_constructor, dyadic_circuit_size); + auto wire_polynomials = construct_wire_polynomials_base_goblin_translator(circuit_constructor, dyadic_circuit_size); // Most of the witness polynomials are the original wire polynomials proving_key->op = wire_polynomials[0]; @@ -200,8 +199,8 @@ template void GoblinTranslatorComposer_::compute_witne * @param circuit_builder * @return GoblinTranslatorProver_ */ -template -GoblinTranslatorProver_ GoblinTranslatorComposer_::create_prover(CircuitBuilder& circuit_builder) + +GoblinTranslatorProver_ GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder) { // Compute total number of gates, dyadic circuit size, etc. @@ -227,9 +226,8 @@ GoblinTranslatorProver_ GoblinTranslatorComposer_::create_prover * @param circuit_constructor * @return GoblinTranslatorVerifier_ */ -template -GoblinTranslatorVerifier_ GoblinTranslatorComposer_::create_verifier( - const CircuitBuilder& circuit_constructor) + +GoblinTranslatorVerifier_ GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); @@ -249,8 +247,8 @@ GoblinTranslatorVerifier_ GoblinTranslatorComposer_::create_veri * @param circuit_builder * @return std::shared_ptr */ -template -std::shared_ptr GoblinTranslatorComposer_::compute_proving_key( + +std::shared_ptr GoblinTranslatorComposer::compute_proving_key( const CircuitBuilder& circuit_builder) { if (proving_key) { @@ -285,8 +283,8 @@ std::shared_ptr GoblinTranslatorComposer_:: * * @return Pointer to created circuit verification key. * */ -template -std::shared_ptr GoblinTranslatorComposer_::compute_verification_key( + +std::shared_ptr GoblinTranslatorComposer::compute_verification_key( const CircuitBuilder& circuit_constructor) { if (verification_key) { @@ -312,6 +310,4 @@ std::shared_ptr GoblinTranslatorComposer_; - } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index 781931e536b3..b9fedac0ab24 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -8,9 +8,9 @@ #include "barretenberg/translator_vm/goblin_translator_verifier.hpp" namespace proof_system::honk { -using namespace barretenberg; -template class GoblinTranslatorComposer_ { // WORKTODO: untemplate +class GoblinTranslatorComposer { public: + using Flavor = honk::flavor::GoblinTranslator; using CircuitBuilder = typename Flavor::CircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; @@ -36,18 +36,18 @@ template class GoblinTranslatorComposer_ { // WORKTODO: untemp size_t mini_circuit_dyadic_size = 0; // The size of the small circuit that contains non-range constraint relations // We only need the standard crs factory. GoblinTranslator is not supposed to be used with Grumpkin - GoblinTranslatorComposer_() { crs_factory_ = srs::get_crs_factory(); } + GoblinTranslatorComposer() { crs_factory_ = srs::get_crs_factory(); } - GoblinTranslatorComposer_(std::shared_ptr p_key, std::shared_ptr v_key) + GoblinTranslatorComposer(std::shared_ptr p_key, std::shared_ptr v_key) : proving_key(std::move(p_key)) , verification_key(std::move(v_key)) {} - GoblinTranslatorComposer_(GoblinTranslatorComposer_&& other) noexcept = default; - GoblinTranslatorComposer_(GoblinTranslatorComposer_ const& other) noexcept = default; - GoblinTranslatorComposer_& operator=(GoblinTranslatorComposer_&& other) noexcept = default; - GoblinTranslatorComposer_& operator=(GoblinTranslatorComposer_ const& other) noexcept = default; - ~GoblinTranslatorComposer_() = default; + GoblinTranslatorComposer(GoblinTranslatorComposer&& other) noexcept = default; + GoblinTranslatorComposer(GoblinTranslatorComposer const& other) noexcept = default; + GoblinTranslatorComposer& operator=(GoblinTranslatorComposer&& other) noexcept = default; + GoblinTranslatorComposer& operator=(GoblinTranslatorComposer const& other) noexcept = default; + ~GoblinTranslatorComposer() = default; std::shared_ptr compute_proving_key(const CircuitBuilder& circuit_constructor); std::shared_ptr compute_verification_key(const CircuitBuilder& circuit_constructor); @@ -69,6 +69,4 @@ template class GoblinTranslatorComposer_ { // WORKTODO: untemp return commitment_key; }; }; -extern template class GoblinTranslatorComposer_; -using GoblinTranslatorComposer = GoblinTranslatorComposer_; } // namespace proof_system::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp index 1c128a342f07..d38e2e0b4e21 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp @@ -22,7 +22,7 @@ namespace { auto& engine = numeric::random::get_debug_engine(); } -std::vector add_variables(auto& circuit_constructor, std::vector variables) +std::vector add_variables(auto& circuit_constructor, std::vector variables) { std::vector res; for (size_t i = 0; i < variables.size(); i++) { @@ -74,7 +74,7 @@ TEST_F(GoblinTranslatorComposerTests, Basic) op_queue.add_accumulate(P1); op_queue.mul_accumulate(P2, z); } - Fq batching_challenge = fq::random_element(); + Fq batching_challenge = Fq::random_element(); Fq x = Fq::random_element(); auto circuit_builder = proof_system::GoblinTranslatorCircuitBuilder(batching_challenge, x); circuit_builder.feed_ecc_op_queue_into_circuit(op_queue); From 981b9f41b285115140bef094a00c5bf3241a3daf Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 00:37:24 +0000 Subject: [PATCH 12/39] Untemplate prover and verifier --- .../goblin_translator_composer.cpp | 12 +++++----- .../goblin_translator_composer.hpp | 4 ++-- .../goblin_translator_prover.cpp | 23 +++++++++---------- .../goblin_translator_prover.hpp | 10 ++++---- .../goblin_translator_verifier.cpp | 20 ++++++---------- .../goblin_translator_verifier.hpp | 20 +++++++--------- 6 files changed, 38 insertions(+), 51 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 475337145319..0c2c3e7af093 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -197,10 +197,10 @@ void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_construct * * @tparam Flavor * @param circuit_builder - * @return GoblinTranslatorProver_ + * @return GoblinTranslatorProver */ -GoblinTranslatorProver_ GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder) +GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder) { // Compute total number of gates, dyadic circuit size, etc. @@ -213,7 +213,7 @@ GoblinTranslatorProver_ GoblinTranslatorComposer::create_prover(CircuitB compute_commitment_key(proving_key->circuit_size); - GoblinTranslatorProver_ output_state(proving_key, commitment_key); + GoblinTranslatorProver output_state(proving_key, commitment_key); return output_state; } @@ -224,14 +224,14 @@ GoblinTranslatorProver_ GoblinTranslatorComposer::create_prover(CircuitB * * @tparam Flavor * @param circuit_constructor - * @return GoblinTranslatorVerifier_ + * @return GoblinTranslatorVerifier */ -GoblinTranslatorVerifier_ GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_constructor) +GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); - GoblinTranslatorVerifier_ output_state(verification_key); + GoblinTranslatorVerifier output_state(verification_key); auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); output_state.pcs_verification_key = std::move(pcs_verification_key); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index b9fedac0ab24..32a6e41de806 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -56,8 +56,8 @@ class GoblinTranslatorComposer { void compute_witness(CircuitBuilder& circuit_constructor); - GoblinTranslatorProver_ create_prover(CircuitBuilder& circuit_constructor); - GoblinTranslatorVerifier_ create_verifier(const CircuitBuilder& circuit_constructor); + GoblinTranslatorProver create_prover(CircuitBuilder& circuit_constructor); + GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_constructor); std::shared_ptr compute_commitment_key(size_t circuit_size) { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index c7a235339b63..c5a429647460 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -20,16 +20,16 @@ namespace proof_system::honk { /** - * Create GoblinTranslatorProver_ from proving key, witness and manifest. + * Create GoblinTranslatorProver from proving key, witness and manifest. * * @param input_key Proving key. * @param input_manifest Input manifest * * @tparam settings Settings class. * */ -template -GoblinTranslatorProver_::GoblinTranslatorProver_(std::shared_ptr input_key, - std::shared_ptr commitment_key) + +GoblinTranslatorProver::GoblinTranslatorProver(std::shared_ptr input_key, + std::shared_ptr commitment_key) : key(input_key) , commitment_key(commitment_key) { @@ -250,7 +250,7 @@ GoblinTranslatorProver_::GoblinTranslatorProver_(std::shared_ptr void GoblinTranslatorProver_::execute_preamble_round() +void GoblinTranslatorProver::execute_preamble_round() { const auto circuit_size = static_cast(key->circuit_size); const auto SHIFT = uint256_t(1) << Flavor::NUM_LIMB_BITS; @@ -270,7 +270,7 @@ template void GoblinTranslatorProver_::execute_preambl * @brief Compute commitments to the first three wires * */ -template void GoblinTranslatorProver_::execute_wire_and_sorted_constraints_commitments_round() +void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_round() { // Commit to all wire polynomials auto wire_polys = key->get_wires(); @@ -284,7 +284,7 @@ template void GoblinTranslatorProver_::execute_wire_an * @brief Compute permutation and lookup grand product polynomials and commitments * */ -template void GoblinTranslatorProver_::execute_grand_product_computation_round() +void GoblinTranslatorProver::execute_grand_product_computation_round() { // Compute and store parameters required by relations in Sumcheck auto [gamma] = transcript.get_challenges("gamma"); @@ -334,7 +334,7 @@ template void GoblinTranslatorProver_::execute_grand_p * @brief Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all evaluations at u being calculated. * */ -template void GoblinTranslatorProver_::execute_relation_check_rounds() +void GoblinTranslatorProver::execute_relation_check_rounds() { using Sumcheck = sumcheck::SumcheckProver; @@ -348,7 +348,7 @@ template void GoblinTranslatorProver_::execute_relatio * @details See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the unrolled protocol. * * */ -template void GoblinTranslatorProver_::execute_zeromorph_rounds() +void GoblinTranslatorProver::execute_zeromorph_rounds() { ZeroMorph::prove(prover_polynomials.get_unshifted(), prover_polynomials.get_to_be_shifted(), @@ -362,13 +362,13 @@ template void GoblinTranslatorProver_::execute_zeromor prover_polynomials.get_concatenation_groups()); } -template plonk::proof& GoblinTranslatorProver_::export_proof() +plonk::proof& GoblinTranslatorProver::export_proof() { proof.proof_data = transcript.proof_data; return proof; } -template plonk::proof& GoblinTranslatorProver_::construct_proof() +plonk::proof& GoblinTranslatorProver::construct_proof() { // Add circuit size public input size and public inputs to transcript. execute_preamble_round(); @@ -391,5 +391,4 @@ template plonk::proof& GoblinTranslatorProver_::constr return export_proof(); } -template class GoblinTranslatorProver_; } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index 9b21f2274127..857067874f99 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -10,8 +10,9 @@ namespace proof_system::honk { // We won't compile this class with honk::flavor::Standard, but we will like want to compile it (at least for testing) // with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. -template class GoblinTranslatorProver_ { +class GoblinTranslatorProver { + using Flavor = honk::flavor::GoblinTranslator; using FF = typename Flavor::FF; using Commitment = typename Flavor::Commitment; using CommitmentKey = typename Flavor::CommitmentKey; @@ -25,8 +26,8 @@ template class GoblinTranslatorProver_ { static size_t constexpr FULL_CIRCUIT_SIZE = Flavor::FULL_CIRCUIT_SIZE; public: - explicit GoblinTranslatorProver_(std::shared_ptr input_key, - std::shared_ptr commitment_key); + explicit GoblinTranslatorProver(std::shared_ptr input_key, + std::shared_ptr commitment_key); void execute_preamble_round(); void execute_wire_and_sorted_constraints_commitments_round(); @@ -57,7 +58,4 @@ template class GoblinTranslatorProver_ { plonk::proof proof; }; -extern template class GoblinTranslatorProver_; -using GoblinTranslatorProver = GoblinTranslatorProver_; - } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index ff31954b3769..035763506607 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -12,21 +12,17 @@ using namespace proof_system::honk::sumcheck; #pragma GCC diagnostic ignored "-Wunused-parameter" namespace proof_system::honk { -template -GoblinTranslatorVerifier_::GoblinTranslatorVerifier_( - std::shared_ptr verifier_key) + +GoblinTranslatorVerifier::GoblinTranslatorVerifier(std::shared_ptr verifier_key) : key(verifier_key) {} -template -GoblinTranslatorVerifier_::GoblinTranslatorVerifier_(GoblinTranslatorVerifier_&& other) noexcept +GoblinTranslatorVerifier::GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept : key(std::move(other.key)) , pcs_verification_key(std::move(other.pcs_verification_key)) {} -template -GoblinTranslatorVerifier_& GoblinTranslatorVerifier_::operator=( - GoblinTranslatorVerifier_&& other) noexcept +GoblinTranslatorVerifier& GoblinTranslatorVerifier::operator=(GoblinTranslatorVerifier&& other) noexcept { key = other.key; pcs_verification_key = (std::move(other.pcs_verification_key)); @@ -39,9 +35,9 @@ GoblinTranslatorVerifier_& GoblinTranslatorVerifier_::operator=( * @brief This function verifies an GoblinTranslator Honk proof for given program settings. * */ -template -bool GoblinTranslatorVerifier_::verify_proof(const plonk::proof& proof, - const TranslationEvaluations& translation_evaluations) + +bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, + const TranslationEvaluations& translation_evaluations) { using FF = typename Flavor::FF; using BF = typename Flavor::BF; @@ -348,6 +344,4 @@ bool GoblinTranslatorVerifier_::verify_proof(const plonk::proof& proof, return verified; } -template class GoblinTranslatorVerifier_; - } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index cebc00696651..39a5b10cbdf3 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -5,7 +5,8 @@ #include "barretenberg/sumcheck/sumcheck.hpp" namespace proof_system::honk { -template class GoblinTranslatorVerifier_ { +class GoblinTranslatorVerifier { + using Flavor = honk::flavor::GoblinTranslator; using FF = typename Flavor::FF; using BF = typename Flavor::BF; using Commitment = typename Flavor::Commitment; @@ -14,12 +15,12 @@ template class GoblinTranslatorVerifier_ { using TranslationEvaluations = barretenberg::TranslationEvaluations; public: - explicit GoblinTranslatorVerifier_(std::shared_ptr verifier_key = nullptr); - GoblinTranslatorVerifier_(GoblinTranslatorVerifier_&& other) noexcept; - GoblinTranslatorVerifier_(const GoblinTranslatorVerifier_& other) = delete; - GoblinTranslatorVerifier_& operator=(const GoblinTranslatorVerifier_& other) = delete; - GoblinTranslatorVerifier_& operator=(GoblinTranslatorVerifier_&& other) noexcept; - ~GoblinTranslatorVerifier_() = default; + explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); + GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept; + GoblinTranslatorVerifier(const GoblinTranslatorVerifier& other) = delete; + GoblinTranslatorVerifier& operator=(const GoblinTranslatorVerifier& other) = delete; + GoblinTranslatorVerifier& operator=(GoblinTranslatorVerifier&& other) noexcept; + ~GoblinTranslatorVerifier() = default; bool verify_proof(const plonk::proof& proof, const TranslationEvaluations& translation_evaluations); BF evaluation_input_x = 0; @@ -30,9 +31,4 @@ template class GoblinTranslatorVerifier_ { std::shared_ptr pcs_verification_key; BaseTranscript transcript; }; - -extern template class GoblinTranslatorVerifier_; - -using GoblinTranslatorVerifier = GoblinTranslatorVerifier_; - } // namespace proof_system::honk From b5340338ce6e706a06abbc7fe7ba90ad74b9ba42 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 00:44:26 +0000 Subject: [PATCH 13/39] Reintroduce warnings --- .../cpp/src/barretenberg/flavor/flavor.test.cpp | 4 ---- .../goblin/full_goblin_composer.test.cpp | 2 -- .../translator_vm/goblin_translator_verifier.cpp | 15 --------------- 3 files changed, 21 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.test.cpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.test.cpp index 92d5c2a980c8..8e99d56e3974 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.test.cpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.test.cpp @@ -4,9 +4,6 @@ #include #include -#pragma GCC diagnostic ignored "-Wunused-local-typedefs" -#pragma GCC diagnostic ignored "-Wunused-variable" - namespace proof_system::test_flavor { TEST(Flavor, Getters) { @@ -139,7 +136,6 @@ TEST(Flavor, GetRow) return std::vector({ FF::random_element(), FF::random_element() }); }); Flavor::ProverPolynomials prover_polynomials; - size_t poly_idx = 0; for (auto [poly, entry] : zip_view(prover_polynomials.pointer_view(), data)) { *poly = entry; } diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 7dd531ed1530..c8049409a108 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -8,8 +8,6 @@ #include -#pragma GCC diagnostic ignored "-Wunused-variable" - using namespace proof_system::honk; namespace test_full_goblin_composer { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 035763506607..7677804b8a80 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -9,8 +9,6 @@ using namespace barretenberg; using namespace proof_system::honk::sumcheck; -#pragma GCC diagnostic ignored "-Wunused-parameter" - namespace proof_system::honk { GoblinTranslatorVerifier::GoblinTranslatorVerifier(std::shared_ptr verifier_key) @@ -305,8 +303,6 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, return reconstructed; }; - // info("in the verifier"); - // translation_evaluations.print(); const auto& reconstruct_value_from_eccvm_evaluations = [&](const TranslationEvaluations& translation_evaluations, auto& relation_parameters) { const BF accumulated_result = reconstruct_from_array(relation_parameters.accumulated_result); @@ -321,17 +317,6 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, const BF& z1 = translation_evaluations.z1; const BF& z2 = translation_evaluations.z2; - // info("translator vm verifier x: ", x); - // info("circuit_size: ", circuit_size); - - // info("translator verifier translation_evaluations.op: ", - // translation_evaluations.op); info("translator verifier translation_evaluations.Px: - // ", translation_evaluations.Px); info("translator verifier - // translation_evaluations.Py: ", translation_evaluations.Py); info("translator - // verifier translation_evaluations.z1: ", translation_evaluations.z1); - // info("translator verifier translation_evaluations.z2: ", - // translation_evaluations.z2); - const BF eccvm_opening = (op + (v1 * Px) + (v2 * Py) + (v3 * z1) + (v4 * z2)); // multiply by x here to deal with shift return x * accumulated_result == eccvm_opening; From c55c8583c379e30a5f8f923c37c378aec5bfd0ba Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 01:12:08 +0000 Subject: [PATCH 14/39] Some composer cleanup --- .../barretenberg/flavor/goblin_translator.hpp | 3 - .../goblin_translator_composer.cpp | 62 ++++++++++--------- .../goblin_translator_composer.hpp | 22 +++---- 3 files changed, 41 insertions(+), 46 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index 4d9485becd59..e01ca8ee8467 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -1,10 +1,7 @@ #pragma once #include "barretenberg/commitment_schemes/commitment_key.hpp" #include "barretenberg/commitment_schemes/kzg/kzg.hpp" -#include "barretenberg/ecc/curves/bn254/bn254.hpp" #include "barretenberg/flavor/flavor.hpp" -#include "barretenberg/polynomials/univariate.hpp" -#include "barretenberg/proof_system/arithmetization/arithmetization.hpp" #include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/relations/translator_vm/translator_decomposition_relation.hpp" diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 0c2c3e7af093..c6424b202323 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -1,29 +1,32 @@ /** * @file goblin_translator_composer.cpp - * @brief Contains the logic for transfroming a Goblin Translator Circuit Builder object into a witness and methods to + * @brief Contains the logic for transfroming a Goblin Translator Circuit Builder object into a witness and methods to * create prover and verifier objects * @date 2023-10-05 - * - * */ #include "goblin_translator_composer.hpp" -#include "barretenberg/common/assert.hpp" -#include "barretenberg/common/thread.hpp" #include "barretenberg/flavor/goblin_translator.hpp" #include "barretenberg/honk/proof_system/permutation_library.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" #include "barretenberg/proof_system/composer/composer_lib.hpp" #include "barretenberg/proof_system/composer/permutation_lib.hpp" namespace proof_system::honk { -using Flavor = honk::flavor::GoblinTranslator; // WORKTODO remove +using Flavor = honk::flavor::GoblinTranslator; +using Curve = typename Flavor::Curve; +using CircuitBuilder = typename Flavor::CircuitBuilder; +using ProvingKey = typename Flavor::ProvingKey; +using VerificationKey = typename Flavor::VerificationKey; +using PCS = typename Flavor::PCS; +using CommitmentKey = typename Flavor::CommitmentKey; +using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; +using Polynomial = typename Flavor::Polynomial; + /** * @brief Helper method to compute quantities like total number of gates and dyadic circuit size * * @tparam Flavor - * @param circuit_constructor + * @param circuit_builder */ void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& circuit_builder) @@ -53,30 +56,30 @@ void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& c * 4 wires, which we've commited to * * @tparam Flavor provides the circuit constructor type and the number of wires. - * @param circuit_constructor + * @param circuit_builder * @param dyadic_circuit_size Power of 2 circuit size * - * @return std::vector + * @return std::vector * */ -std::vector construct_wire_polynomials_base_goblin_translator( - const typename Flavor::CircuitBuilder& circuit_constructor, const size_t dyadic_circuit_size) +std::vector construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder, + const size_t dyadic_circuit_size) { - const size_t num_gates = circuit_constructor.num_gates; + const size_t num_gates = circuit_builder.num_gates; - std::vector wire_polynomials; + std::vector wire_polynomials; // Populate the wire polynomials with values from conventional wires for (size_t wire_idx = 0; wire_idx < Flavor::NUM_WIRES; ++wire_idx) { // Expect all values to be set to 0 initially - // TODO(kesha): fix for sparse polynomials; - typename Flavor::Polynomial w_lagrange(dyadic_circuit_size); + // TODO(kesha): fix for sparse polynomials; WORKTODO: what's this? + Polynomial w_lagrange(dyadic_circuit_size); // Insert conventional gate wire values into the wire polynomial for (size_t i = 0; i < num_gates; ++i) { - auto& wire = circuit_constructor.wires[wire_idx]; - w_lagrange[i] = circuit_constructor.get_variable(wire[i]); + auto& wire = circuit_builder.wires[wire_idx]; + w_lagrange[i] = circuit_builder.get_variable(wire[i]); } wire_polynomials.push_back(std::move(w_lagrange)); @@ -88,14 +91,14 @@ std::vector construct_wire_polynomials_base_goblin_ * @brief Compute witness polynomials * */ -void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_constructor) +void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_builder) { if (computed_witness) { return; } // Construct the conventional wire polynomials - auto wire_polynomials = construct_wire_polynomials_base_goblin_translator(circuit_constructor, dyadic_circuit_size); + auto wire_polynomials = construct_wire_polynomials_base_goblin_translator(circuit_builder, dyadic_circuit_size); // Most of the witness polynomials are the original wire polynomials proving_key->op = wire_polynomials[0]; @@ -223,13 +226,13 @@ GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& c * initialize verifier with it and an initial manifest and initialize commitment_scheme. * * @tparam Flavor - * @param circuit_constructor + * @param circuit_builder * @return GoblinTranslatorVerifier */ -GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_constructor) +GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_builder) { - auto verification_key = compute_verification_key(circuit_constructor); + auto verification_key = compute_verification_key(circuit_builder); GoblinTranslatorVerifier output_state(verification_key); @@ -245,7 +248,7 @@ GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const Circuit * * @tparam Flavor * @param circuit_builder - * @return std::shared_ptr + * @return std::shared_ptr */ std::shared_ptr GoblinTranslatorComposer::compute_proving_key( @@ -284,19 +287,18 @@ std::shared_ptr GoblinTranslatorComposer::compute_p * @return Pointer to created circuit verification key. * */ -std::shared_ptr GoblinTranslatorComposer::compute_verification_key( - const CircuitBuilder& circuit_constructor) +std::shared_ptr GoblinTranslatorComposer::compute_verification_key( + const CircuitBuilder& circuit_builder) { if (verification_key) { return verification_key; } if (!proving_key) { - compute_proving_key(circuit_constructor); + compute_proving_key(circuit_builder); } - verification_key = - std::make_shared(proving_key->circuit_size, proving_key->num_public_inputs); + verification_key = std::make_shared(proving_key->circuit_size, proving_key->num_public_inputs); verification_key->lagrange_first = commitment_key->commit(proving_key->lagrange_first); verification_key->lagrange_last = commitment_key->commit(proving_key->lagrange_last); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index 32a6e41de806..e1bc06abb25e 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -11,12 +11,14 @@ namespace proof_system::honk { class GoblinTranslatorComposer { public: using Flavor = honk::flavor::GoblinTranslator; + using Curve = typename Flavor::Curve; using CircuitBuilder = typename Flavor::CircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; using PCS = typename Flavor::PCS; using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; + using Polynomial = typename Flavor::Polynomial; static constexpr size_t MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; static constexpr std::string_view NAME_STRING = "GoblinTranslator"; @@ -25,7 +27,7 @@ class GoblinTranslatorComposer { std::shared_ptr verification_key; // The crs_factory holds the path to the srs and exposes methods to extract the srs elements - std::shared_ptr> crs_factory_; + std::shared_ptr> crs_factory_; // The commitment key is passed to the prover but also used herein to compute the verfication key commitments std::shared_ptr commitment_key; @@ -43,21 +45,15 @@ class GoblinTranslatorComposer { , verification_key(std::move(v_key)) {} - GoblinTranslatorComposer(GoblinTranslatorComposer&& other) noexcept = default; - GoblinTranslatorComposer(GoblinTranslatorComposer const& other) noexcept = default; - GoblinTranslatorComposer& operator=(GoblinTranslatorComposer&& other) noexcept = default; - GoblinTranslatorComposer& operator=(GoblinTranslatorComposer const& other) noexcept = default; - ~GoblinTranslatorComposer() = default; + std::shared_ptr compute_proving_key(const CircuitBuilder& circuit_builder); + std::shared_ptr compute_verification_key(const CircuitBuilder& circuit_builder); - std::shared_ptr compute_proving_key(const CircuitBuilder& circuit_constructor); - std::shared_ptr compute_verification_key(const CircuitBuilder& circuit_constructor); + void compute_circuit_size_parameters(CircuitBuilder& circuit_builder); - void compute_circuit_size_parameters(CircuitBuilder& circuit_constructor); + void compute_witness(CircuitBuilder& circuit_builder); - void compute_witness(CircuitBuilder& circuit_constructor); - - GoblinTranslatorProver create_prover(CircuitBuilder& circuit_constructor); - GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_constructor); + GoblinTranslatorProver create_prover(CircuitBuilder& circuit_builder); + GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_builder); std::shared_ptr compute_commitment_key(size_t circuit_size) { From 835e77e47edf32f6e92eaae13cadbe4dc39ad583 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 01:45:10 +0000 Subject: [PATCH 15/39] Remove one unneeded layer of copying. --- .../goblin_translator_composer.cpp | 112 +----------------- .../goblin_translator_composer.hpp | 5 +- 2 files changed, 10 insertions(+), 107 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index c6424b202323..6dd48e4ab08b 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -62,126 +62,26 @@ void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& c * @return std::vector * */ -std::vector construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder, - const size_t dyadic_circuit_size) +void GoblinTranslatorComposer::construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder) { - const size_t num_gates = circuit_builder.num_gates; - - std::vector wire_polynomials; - // Populate the wire polynomials with values from conventional wires - for (size_t wire_idx = 0; wire_idx < Flavor::NUM_WIRES; ++wire_idx) { - - // Expect all values to be set to 0 initially - // TODO(kesha): fix for sparse polynomials; WORKTODO: what's this? - Polynomial w_lagrange(dyadic_circuit_size); - - // Insert conventional gate wire values into the wire polynomial - for (size_t i = 0; i < num_gates; ++i) { - auto& wire = circuit_builder.wires[wire_idx]; - w_lagrange[i] = circuit_builder.get_variable(wire[i]); - } - - wire_polynomials.push_back(std::move(w_lagrange)); + // WORKTODO: leave note on moving these vectors instead + for (auto [poly, wire] : zip_view(proving_key->get_wires(), circuit_builder.wires)) { + std::copy(wire.begin(), wire.end(), poly.begin()); } - return wire_polynomials; } /** * @brief Compute witness polynomials - * */ -void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_builder) +void GoblinTranslatorComposer::compute_witness(const CircuitBuilder& circuit_builder) { if (computed_witness) { return; } // Construct the conventional wire polynomials - auto wire_polynomials = construct_wire_polynomials_base_goblin_translator(circuit_builder, dyadic_circuit_size); - - // Most of the witness polynomials are the original wire polynomials - proving_key->op = wire_polynomials[0]; - proving_key->x_lo_y_hi = wire_polynomials[1]; - proving_key->x_hi_z_1 = wire_polynomials[2]; - proving_key->y_lo_z_2 = wire_polynomials[3]; - proving_key->p_x_low_limbs = wire_polynomials[4]; - proving_key->p_x_low_limbs_range_constraint_0 = wire_polynomials[5]; - proving_key->p_x_low_limbs_range_constraint_1 = wire_polynomials[6]; - proving_key->p_x_low_limbs_range_constraint_2 = wire_polynomials[7]; - proving_key->p_x_low_limbs_range_constraint_3 = wire_polynomials[8]; - proving_key->p_x_low_limbs_range_constraint_4 = wire_polynomials[9]; - proving_key->p_x_low_limbs_range_constraint_tail = wire_polynomials[10]; - proving_key->p_x_high_limbs = wire_polynomials[11]; - proving_key->p_x_high_limbs_range_constraint_0 = wire_polynomials[12]; - proving_key->p_x_high_limbs_range_constraint_1 = wire_polynomials[13]; - proving_key->p_x_high_limbs_range_constraint_2 = wire_polynomials[14]; - proving_key->p_x_high_limbs_range_constraint_3 = wire_polynomials[15]; - proving_key->p_x_high_limbs_range_constraint_4 = wire_polynomials[16]; - proving_key->p_x_high_limbs_range_constraint_tail = wire_polynomials[17]; - proving_key->p_y_low_limbs = wire_polynomials[18]; - proving_key->p_y_low_limbs_range_constraint_0 = wire_polynomials[19]; - proving_key->p_y_low_limbs_range_constraint_1 = wire_polynomials[20]; - proving_key->p_y_low_limbs_range_constraint_2 = wire_polynomials[21]; - proving_key->p_y_low_limbs_range_constraint_3 = wire_polynomials[22]; - proving_key->p_y_low_limbs_range_constraint_4 = wire_polynomials[23]; - proving_key->p_y_low_limbs_range_constraint_tail = wire_polynomials[24]; - proving_key->p_y_high_limbs = wire_polynomials[25]; - proving_key->p_y_high_limbs_range_constraint_0 = wire_polynomials[26]; - proving_key->p_y_high_limbs_range_constraint_1 = wire_polynomials[27]; - proving_key->p_y_high_limbs_range_constraint_2 = wire_polynomials[28]; - proving_key->p_y_high_limbs_range_constraint_3 = wire_polynomials[29]; - proving_key->p_y_high_limbs_range_constraint_4 = wire_polynomials[30]; - proving_key->p_y_high_limbs_range_constraint_tail = wire_polynomials[31]; - proving_key->z_low_limbs = wire_polynomials[32]; - proving_key->z_low_limbs_range_constraint_0 = wire_polynomials[33]; - proving_key->z_low_limbs_range_constraint_1 = wire_polynomials[34]; - proving_key->z_low_limbs_range_constraint_2 = wire_polynomials[35]; - proving_key->z_low_limbs_range_constraint_3 = wire_polynomials[36]; - proving_key->z_low_limbs_range_constraint_4 = wire_polynomials[37]; - proving_key->z_low_limbs_range_constraint_tail = wire_polynomials[38]; - proving_key->z_high_limbs = wire_polynomials[39]; - proving_key->z_high_limbs_range_constraint_0 = wire_polynomials[40]; - proving_key->z_high_limbs_range_constraint_1 = wire_polynomials[41]; - proving_key->z_high_limbs_range_constraint_2 = wire_polynomials[42]; - proving_key->z_high_limbs_range_constraint_3 = wire_polynomials[43]; - proving_key->z_high_limbs_range_constraint_4 = wire_polynomials[44]; - proving_key->z_high_limbs_range_constraint_tail = wire_polynomials[45]; - proving_key->accumulators_binary_limbs_0 = wire_polynomials[46]; - proving_key->accumulators_binary_limbs_1 = wire_polynomials[47]; - proving_key->accumulators_binary_limbs_2 = wire_polynomials[48]; - proving_key->accumulators_binary_limbs_3 = wire_polynomials[49]; - proving_key->accumulator_low_limbs_range_constraint_0 = wire_polynomials[50]; - proving_key->accumulator_low_limbs_range_constraint_1 = wire_polynomials[51]; - proving_key->accumulator_low_limbs_range_constraint_2 = wire_polynomials[52]; - proving_key->accumulator_low_limbs_range_constraint_3 = wire_polynomials[53]; - proving_key->accumulator_low_limbs_range_constraint_4 = wire_polynomials[54]; - proving_key->accumulator_low_limbs_range_constraint_tail = wire_polynomials[55]; - proving_key->accumulator_high_limbs_range_constraint_0 = wire_polynomials[56]; - proving_key->accumulator_high_limbs_range_constraint_1 = wire_polynomials[57]; - proving_key->accumulator_high_limbs_range_constraint_2 = wire_polynomials[58]; - proving_key->accumulator_high_limbs_range_constraint_3 = wire_polynomials[59]; - proving_key->accumulator_high_limbs_range_constraint_4 = wire_polynomials[60]; - proving_key->accumulator_high_limbs_range_constraint_tail = wire_polynomials[61]; - proving_key->quotient_low_binary_limbs = wire_polynomials[62]; - proving_key->quotient_high_binary_limbs = wire_polynomials[63]; - proving_key->quotient_low_limbs_range_constraint_0 = wire_polynomials[64]; - proving_key->quotient_low_limbs_range_constraint_1 = wire_polynomials[65]; - proving_key->quotient_low_limbs_range_constraint_2 = wire_polynomials[66]; - proving_key->quotient_low_limbs_range_constraint_3 = wire_polynomials[67]; - proving_key->quotient_low_limbs_range_constraint_4 = wire_polynomials[68]; - proving_key->quotient_low_limbs_range_constraint_tail = wire_polynomials[69]; - proving_key->quotient_high_limbs_range_constraint_0 = wire_polynomials[70]; - proving_key->quotient_high_limbs_range_constraint_1 = wire_polynomials[71]; - proving_key->quotient_high_limbs_range_constraint_2 = wire_polynomials[72]; - proving_key->quotient_high_limbs_range_constraint_3 = wire_polynomials[73]; - proving_key->quotient_high_limbs_range_constraint_4 = wire_polynomials[74]; - proving_key->quotient_high_limbs_range_constraint_tail = wire_polynomials[75]; - proving_key->relation_wide_limbs = wire_polynomials[76]; - proving_key->relation_wide_limbs_range_constraint_0 = wire_polynomials[77]; - proving_key->relation_wide_limbs_range_constraint_1 = wire_polynomials[78]; - proving_key->relation_wide_limbs_range_constraint_2 = wire_polynomials[79]; - proving_key->relation_wide_limbs_range_constraint_3 = wire_polynomials[80]; + construct_wire_polynomials_base_goblin_translator(circuit_builder); // We construct concatenated versions of range constraint polynomials, where several polynomials are concatenated // into one. These polynomials are not commited to. diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index e1bc06abb25e..37c2fcb379e8 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -50,7 +50,7 @@ class GoblinTranslatorComposer { void compute_circuit_size_parameters(CircuitBuilder& circuit_builder); - void compute_witness(CircuitBuilder& circuit_builder); + void compute_witness(const CircuitBuilder& circuit_builder); GoblinTranslatorProver create_prover(CircuitBuilder& circuit_builder); GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_builder); @@ -64,5 +64,8 @@ class GoblinTranslatorComposer { commitment_key = std::make_shared(circuit_size, crs_factory_); return commitment_key; }; + + private: + void construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder); }; } // namespace proof_system::honk \ No newline at end of file From 03fc165b974c83ba5185364a2af4ba641938a2fa Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 03:06:55 +0000 Subject: [PATCH 16/39] Use lambda --- .../goblin_translator_verifier.cpp | 218 ++++++++---------- 1 file changed, 99 insertions(+), 119 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 7677804b8a80..67cdf8606aa2 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -92,171 +92,151 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, return false; } - // Get commitments - // Get all the values of wires - commitments.op = transcript.template receive_from_prover(commitment_labels.op); - commitments.x_lo_y_hi = transcript.template receive_from_prover(commitment_labels.x_lo_y_hi); - commitments.x_hi_z_1 = transcript.template receive_from_prover(commitment_labels.x_hi_z_1); - commitments.y_lo_z_2 = transcript.template receive_from_prover(commitment_labels.y_lo_z_2); - commitments.p_x_low_limbs = transcript.template receive_from_prover(commitment_labels.p_x_low_limbs); + const auto receive_commitment = [&](const std::string& label) { + return transcript.template receive_from_prover(label); + }; + + commitments.op = receive_commitment(commitment_labels.op); + commitments.x_lo_y_hi = receive_commitment(commitment_labels.x_lo_y_hi); + commitments.x_hi_z_1 = receive_commitment(commitment_labels.x_hi_z_1); + commitments.y_lo_z_2 = receive_commitment(commitment_labels.y_lo_z_2); + commitments.p_x_low_limbs = receive_commitment(commitment_labels.p_x_low_limbs); commitments.p_x_low_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_0); + receive_commitment(commitment_labels.p_x_low_limbs_range_constraint_0); commitments.p_x_low_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_1); + receive_commitment(commitment_labels.p_x_low_limbs_range_constraint_1); commitments.p_x_low_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_2); + receive_commitment(commitment_labels.p_x_low_limbs_range_constraint_2); commitments.p_x_low_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_3); + receive_commitment(commitment_labels.p_x_low_limbs_range_constraint_3); commitments.p_x_low_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_4); + receive_commitment(commitment_labels.p_x_low_limbs_range_constraint_4); commitments.p_x_low_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.p_x_low_limbs_range_constraint_tail); - commitments.p_x_high_limbs = transcript.template receive_from_prover(commitment_labels.p_x_high_limbs); + receive_commitment(commitment_labels.p_x_low_limbs_range_constraint_tail); + commitments.p_x_high_limbs = receive_commitment(commitment_labels.p_x_high_limbs); commitments.p_x_high_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_0); + receive_commitment(commitment_labels.p_x_high_limbs_range_constraint_0); commitments.p_x_high_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_1); + receive_commitment(commitment_labels.p_x_high_limbs_range_constraint_1); commitments.p_x_high_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_2); + receive_commitment(commitment_labels.p_x_high_limbs_range_constraint_2); commitments.p_x_high_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_3); + receive_commitment(commitment_labels.p_x_high_limbs_range_constraint_3); commitments.p_x_high_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_4); + receive_commitment(commitment_labels.p_x_high_limbs_range_constraint_4); commitments.p_x_high_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.p_x_high_limbs_range_constraint_tail); - commitments.p_y_low_limbs = transcript.template receive_from_prover(commitment_labels.p_y_low_limbs); + receive_commitment(commitment_labels.p_x_high_limbs_range_constraint_tail); + commitments.p_y_low_limbs = receive_commitment(commitment_labels.p_y_low_limbs); commitments.p_y_low_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_0); + receive_commitment(commitment_labels.p_y_low_limbs_range_constraint_0); commitments.p_y_low_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_1); + receive_commitment(commitment_labels.p_y_low_limbs_range_constraint_1); commitments.p_y_low_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_2); + receive_commitment(commitment_labels.p_y_low_limbs_range_constraint_2); commitments.p_y_low_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_3); + receive_commitment(commitment_labels.p_y_low_limbs_range_constraint_3); commitments.p_y_low_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_4); + receive_commitment(commitment_labels.p_y_low_limbs_range_constraint_4); commitments.p_y_low_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.p_y_low_limbs_range_constraint_tail); - commitments.p_y_high_limbs = transcript.template receive_from_prover(commitment_labels.p_y_high_limbs); + receive_commitment(commitment_labels.p_y_low_limbs_range_constraint_tail); + commitments.p_y_high_limbs = receive_commitment(commitment_labels.p_y_high_limbs); commitments.p_y_high_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_0); + receive_commitment(commitment_labels.p_y_high_limbs_range_constraint_0); commitments.p_y_high_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_1); + receive_commitment(commitment_labels.p_y_high_limbs_range_constraint_1); commitments.p_y_high_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_2); + receive_commitment(commitment_labels.p_y_high_limbs_range_constraint_2); commitments.p_y_high_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_3); + receive_commitment(commitment_labels.p_y_high_limbs_range_constraint_3); commitments.p_y_high_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_4); + receive_commitment(commitment_labels.p_y_high_limbs_range_constraint_4); commitments.p_y_high_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.p_y_high_limbs_range_constraint_tail); - commitments.z_low_limbs = transcript.template receive_from_prover(commitment_labels.z_low_limbs); - commitments.z_low_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_0); - commitments.z_low_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_1); - commitments.z_low_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_2); - commitments.z_low_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_3); - commitments.z_low_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_4); + receive_commitment(commitment_labels.p_y_high_limbs_range_constraint_tail); + commitments.z_low_limbs = receive_commitment(commitment_labels.z_low_limbs); + commitments.z_low_limbs_range_constraint_0 = receive_commitment(commitment_labels.z_low_limbs_range_constraint_0); + commitments.z_low_limbs_range_constraint_1 = receive_commitment(commitment_labels.z_low_limbs_range_constraint_1); + commitments.z_low_limbs_range_constraint_2 = receive_commitment(commitment_labels.z_low_limbs_range_constraint_2); + commitments.z_low_limbs_range_constraint_3 = receive_commitment(commitment_labels.z_low_limbs_range_constraint_3); + commitments.z_low_limbs_range_constraint_4 = receive_commitment(commitment_labels.z_low_limbs_range_constraint_4); commitments.z_low_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.z_low_limbs_range_constraint_tail); - commitments.z_high_limbs = transcript.template receive_from_prover(commitment_labels.z_high_limbs); - commitments.z_high_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_0); - commitments.z_high_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_1); - commitments.z_high_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_2); - commitments.z_high_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_3); - commitments.z_high_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_4); + receive_commitment(commitment_labels.z_low_limbs_range_constraint_tail); + commitments.z_high_limbs = receive_commitment(commitment_labels.z_high_limbs); + commitments.z_high_limbs_range_constraint_0 = receive_commitment(commitment_labels.z_high_limbs_range_constraint_0); + commitments.z_high_limbs_range_constraint_1 = receive_commitment(commitment_labels.z_high_limbs_range_constraint_1); + commitments.z_high_limbs_range_constraint_2 = receive_commitment(commitment_labels.z_high_limbs_range_constraint_2); + commitments.z_high_limbs_range_constraint_3 = receive_commitment(commitment_labels.z_high_limbs_range_constraint_3); + commitments.z_high_limbs_range_constraint_4 = receive_commitment(commitment_labels.z_high_limbs_range_constraint_4); commitments.z_high_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.z_high_limbs_range_constraint_tail); - commitments.accumulators_binary_limbs_0 = - transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_0); - commitments.accumulators_binary_limbs_1 = - transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_1); - commitments.accumulators_binary_limbs_2 = - transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_2); - commitments.accumulators_binary_limbs_3 = - transcript.template receive_from_prover(commitment_labels.accumulators_binary_limbs_3); + receive_commitment(commitment_labels.z_high_limbs_range_constraint_tail); + commitments.accumulators_binary_limbs_0 = receive_commitment(commitment_labels.accumulators_binary_limbs_0); + commitments.accumulators_binary_limbs_1 = receive_commitment(commitment_labels.accumulators_binary_limbs_1); + commitments.accumulators_binary_limbs_2 = receive_commitment(commitment_labels.accumulators_binary_limbs_2); + commitments.accumulators_binary_limbs_3 = receive_commitment(commitment_labels.accumulators_binary_limbs_3); commitments.accumulator_low_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_0); + receive_commitment(commitment_labels.accumulator_low_limbs_range_constraint_0); commitments.accumulator_low_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_1); + receive_commitment(commitment_labels.accumulator_low_limbs_range_constraint_1); commitments.accumulator_low_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_2); + receive_commitment(commitment_labels.accumulator_low_limbs_range_constraint_2); commitments.accumulator_low_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_3); + receive_commitment(commitment_labels.accumulator_low_limbs_range_constraint_3); commitments.accumulator_low_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.accumulator_low_limbs_range_constraint_4); - commitments.accumulator_low_limbs_range_constraint_tail = transcript.template receive_from_prover( - commitment_labels.accumulator_low_limbs_range_constraint_tail); - commitments.accumulator_high_limbs_range_constraint_0 = transcript.template receive_from_prover( - commitment_labels.accumulator_high_limbs_range_constraint_0); - commitments.accumulator_high_limbs_range_constraint_1 = transcript.template receive_from_prover( - commitment_labels.accumulator_high_limbs_range_constraint_1); - commitments.accumulator_high_limbs_range_constraint_2 = transcript.template receive_from_prover( - commitment_labels.accumulator_high_limbs_range_constraint_2); - commitments.accumulator_high_limbs_range_constraint_3 = transcript.template receive_from_prover( - commitment_labels.accumulator_high_limbs_range_constraint_3); - commitments.accumulator_high_limbs_range_constraint_4 = transcript.template receive_from_prover( - commitment_labels.accumulator_high_limbs_range_constraint_4); - commitments.accumulator_high_limbs_range_constraint_tail = transcript.template receive_from_prover( - commitment_labels.accumulator_high_limbs_range_constraint_tail); - commitments.quotient_low_binary_limbs = - transcript.template receive_from_prover(commitment_labels.quotient_low_binary_limbs); - commitments.quotient_high_binary_limbs = - transcript.template receive_from_prover(commitment_labels.quotient_high_binary_limbs); + receive_commitment(commitment_labels.accumulator_low_limbs_range_constraint_4); + commitments.accumulator_low_limbs_range_constraint_tail = + receive_commitment(commitment_labels.accumulator_low_limbs_range_constraint_tail); + commitments.accumulator_high_limbs_range_constraint_0 = + receive_commitment(commitment_labels.accumulator_high_limbs_range_constraint_0); + commitments.accumulator_high_limbs_range_constraint_1 = + receive_commitment(commitment_labels.accumulator_high_limbs_range_constraint_1); + commitments.accumulator_high_limbs_range_constraint_2 = + receive_commitment(commitment_labels.accumulator_high_limbs_range_constraint_2); + commitments.accumulator_high_limbs_range_constraint_3 = + receive_commitment(commitment_labels.accumulator_high_limbs_range_constraint_3); + commitments.accumulator_high_limbs_range_constraint_4 = + receive_commitment(commitment_labels.accumulator_high_limbs_range_constraint_4); + commitments.accumulator_high_limbs_range_constraint_tail = + receive_commitment(commitment_labels.accumulator_high_limbs_range_constraint_tail); + commitments.quotient_low_binary_limbs = receive_commitment(commitment_labels.quotient_low_binary_limbs); + commitments.quotient_high_binary_limbs = receive_commitment(commitment_labels.quotient_high_binary_limbs); commitments.quotient_low_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_0); + receive_commitment(commitment_labels.quotient_low_limbs_range_constraint_0); commitments.quotient_low_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_1); + receive_commitment(commitment_labels.quotient_low_limbs_range_constraint_1); commitments.quotient_low_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_2); + receive_commitment(commitment_labels.quotient_low_limbs_range_constraint_2); commitments.quotient_low_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_3); + receive_commitment(commitment_labels.quotient_low_limbs_range_constraint_3); commitments.quotient_low_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_4); + receive_commitment(commitment_labels.quotient_low_limbs_range_constraint_4); commitments.quotient_low_limbs_range_constraint_tail = - transcript.template receive_from_prover(commitment_labels.quotient_low_limbs_range_constraint_tail); + receive_commitment(commitment_labels.quotient_low_limbs_range_constraint_tail); commitments.quotient_high_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_0); + receive_commitment(commitment_labels.quotient_high_limbs_range_constraint_0); commitments.quotient_high_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_1); + receive_commitment(commitment_labels.quotient_high_limbs_range_constraint_1); commitments.quotient_high_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_2); + receive_commitment(commitment_labels.quotient_high_limbs_range_constraint_2); commitments.quotient_high_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_3); + receive_commitment(commitment_labels.quotient_high_limbs_range_constraint_3); commitments.quotient_high_limbs_range_constraint_4 = - transcript.template receive_from_prover(commitment_labels.quotient_high_limbs_range_constraint_4); - commitments.quotient_high_limbs_range_constraint_tail = transcript.template receive_from_prover( - commitment_labels.quotient_high_limbs_range_constraint_tail); - commitments.relation_wide_limbs = - transcript.template receive_from_prover(commitment_labels.relation_wide_limbs); + receive_commitment(commitment_labels.quotient_high_limbs_range_constraint_4); + commitments.quotient_high_limbs_range_constraint_tail = + receive_commitment(commitment_labels.quotient_high_limbs_range_constraint_tail); + commitments.relation_wide_limbs = receive_commitment(commitment_labels.relation_wide_limbs); commitments.relation_wide_limbs_range_constraint_0 = - transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_0); + receive_commitment(commitment_labels.relation_wide_limbs_range_constraint_0); commitments.relation_wide_limbs_range_constraint_1 = - transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_1); + receive_commitment(commitment_labels.relation_wide_limbs_range_constraint_1); commitments.relation_wide_limbs_range_constraint_2 = - transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_2); + receive_commitment(commitment_labels.relation_wide_limbs_range_constraint_2); commitments.relation_wide_limbs_range_constraint_3 = - transcript.template receive_from_prover(commitment_labels.relation_wide_limbs_range_constraint_3); - commitments.ordered_range_constraints_0 = - transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_0); - commitments.ordered_range_constraints_1 = - transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_1); - commitments.ordered_range_constraints_2 = - transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_2); - commitments.ordered_range_constraints_3 = - transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_3); - commitments.ordered_range_constraints_4 = - transcript.template receive_from_prover(commitment_labels.ordered_range_constraints_4); + receive_commitment(commitment_labels.relation_wide_limbs_range_constraint_3); + commitments.ordered_range_constraints_0 = receive_commitment(commitment_labels.ordered_range_constraints_0); + commitments.ordered_range_constraints_1 = receive_commitment(commitment_labels.ordered_range_constraints_1); + commitments.ordered_range_constraints_2 = receive_commitment(commitment_labels.ordered_range_constraints_2); + commitments.ordered_range_constraints_3 = receive_commitment(commitment_labels.ordered_range_constraints_3); + commitments.ordered_range_constraints_4 = receive_commitment(commitment_labels.ordered_range_constraints_4); // Get permutation challenges auto [gamma] = transcript.get_challenges("gamma"); @@ -267,7 +247,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, relation_parameters.lookup_grand_product_delta = 0; // Get commitment to permutation and lookup grand products - commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); + commitments.z_perm = receive_commitment(commitment_labels.z_perm); // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); From 98272a1c5ec07adf671aa1f50ad64cb086cdc2f3 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 04:12:57 +0000 Subject: [PATCH 17/39] 1/3 reduction in compilation time. --- .../barretenberg/flavor/goblin_translator.hpp | 24 +++++++++++++++++-- .../honk/proof_system/permutation_library.hpp | 1 - .../src/barretenberg/sumcheck/sumcheck.hpp | 4 ---- .../barretenberg/sumcheck/sumcheck_round.hpp | 2 -- .../goblin_translator_composer.hpp | 4 ++-- .../goblin_translator_prover.cpp | 14 ++--------- .../goblin_translator_prover.hpp | 4 ---- .../goblin_translator_verifier.cpp | 4 +--- .../goblin_translator_verifier.hpp | 1 - 9 files changed, 27 insertions(+), 31 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index e01ca8ee8467..e746893d9364 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -18,8 +18,8 @@ class GoblinTranslator { public: static constexpr size_t mini_circuit_size = 2048; using CircuitBuilder = GoblinTranslatorCircuitBuilder; - using PCS = pcs::kzg::KZG; using Curve = curve::BN254; + using PCS = pcs::kzg::KZG; using GroupElement = Curve::Element; using Commitment = Curve::AffineElement; using CommitmentHandle = Curve::AffineElement; @@ -92,7 +92,27 @@ class GoblinTranslator { static constexpr size_t NUM_RELATIONS = std::tuple_size_v; // define the containers for storing the contributions from each relation in Sumcheck - using SumcheckTupleOfTuplesOfUnivariates = decltype(create_sumcheck_tuple_of_tuples_of_univariates()); + // using SumcheckTupleOfTuplesOfUnivariates = decltype(create_sumcheck_tuple_of_tuples_of_univariates()); + + // template static constexpr auto + // create_sumcheck_tuple_of_tuples_of_univariates() + // { + // if constexpr (Index >= std::tuple_size::value) { + // return std::tuple<>{}; // Return empty when reach end of the tuple + // } else { + // using UnivariateTuple = typename std::tuple_element_t::SumcheckTupleOfUnivariatesOverSubrelations; return std::tuple_cat(std::tuple{}, + // create_sumcheck_tuple_of_tuples_of_univariates()); + // } + // } + using SumcheckTupleOfTuplesOfUnivariates = + std::tuple::SumcheckTupleOfUnivariatesOverSubrelations, + typename GoblinTranslatorGenPermSortRelation::SumcheckTupleOfUnivariatesOverSubrelations, + typename GoblinTranslatorOpcodeConstraintRelation::SumcheckTupleOfUnivariatesOverSubrelations, + typename GoblinTranslatorAccumulatorTransferRelation::SumcheckTupleOfUnivariatesOverSubrelations, + typename GoblinTranslatorDecompositionRelation::SumcheckTupleOfUnivariatesOverSubrelations, + typename GoblinTranslatorNonNativeFieldRelation::SumcheckTupleOfUnivariatesOverSubrelations>; + // static_assert(std::same_as); using TupleOfArraysOfValues = decltype(create_tuple_of_arrays_of_values()); private: diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp index 11dc3126699d..7b4ffa12c277 100644 --- a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp @@ -1,7 +1,6 @@ #pragma once #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/sumcheck/sumcheck.hpp" #include namespace proof_system::honk::permutation_library { diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index 3d44d60b4db1..a752a20d9776 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -1,9 +1,5 @@ #pragma once -#include "barretenberg/common/serialize.hpp" -#include "barretenberg/common/throw_or_abort.hpp" -#include "barretenberg/polynomials/univariate.hpp" #include "barretenberg/proof_system/library/grand_product_delta.hpp" -#include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/sumcheck/instance/prover_instance.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" #include "barretenberg/transcript/transcript.hpp" diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp index 5aafd72a24c3..dbe2265a23bb 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp @@ -1,9 +1,7 @@ #pragma once -#include "barretenberg/common/log.hpp" #include "barretenberg/common/thread.hpp" #include "barretenberg/common/thread_utils.hpp" #include "barretenberg/flavor/flavor.hpp" -#include "barretenberg/polynomials/barycentric.hpp" #include "barretenberg/polynomials/pow.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/relations/relation_types.hpp" diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index 37c2fcb379e8..14452ad6ee7e 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -27,7 +27,7 @@ class GoblinTranslatorComposer { std::shared_ptr verification_key; // The crs_factory holds the path to the srs and exposes methods to extract the srs elements - std::shared_ptr> crs_factory_; + std::shared_ptr> crs_factory_; // The commitment key is passed to the prover but also used herein to compute the verfication key commitments std::shared_ptr commitment_key; @@ -38,7 +38,7 @@ class GoblinTranslatorComposer { size_t mini_circuit_dyadic_size = 0; // The size of the small circuit that contains non-range constraint relations // We only need the standard crs factory. GoblinTranslator is not supposed to be used with Grumpkin - GoblinTranslatorComposer() { crs_factory_ = srs::get_crs_factory(); } + GoblinTranslatorComposer() { crs_factory_ = barretenberg::srs::get_crs_factory(); } GoblinTranslatorComposer(std::shared_ptr p_key, std::shared_ptr v_key) : proving_key(std::move(p_key)) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index c5a429647460..252e0d3f9b59 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -1,21 +1,10 @@ #include "goblin_translator_prover.hpp" #include "barretenberg/commitment_schemes/claim.hpp" #include "barretenberg/commitment_schemes/commitment_key.hpp" -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp" #include "barretenberg/honk/proof_system/power_polynomial.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/proof_system/library/grand_product_library.hpp" #include "barretenberg/sumcheck/sumcheck.hpp" -#include -#include -#include -#include -#include -#include -#include -#include namespace proof_system::honk { @@ -350,6 +339,7 @@ void GoblinTranslatorProver::execute_relation_check_rounds() * */ void GoblinTranslatorProver::execute_zeromorph_rounds() { + using ZeroMorph = pcs::zeromorph::ZeroMorphProver_; ZeroMorph::prove(prover_polynomials.get_unshifted(), prover_polynomials.get_to_be_shifted(), sumcheck_output.claimed_evaluations.get_unshifted(), diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index 857067874f99..47772d1ca7b8 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -1,10 +1,8 @@ #pragma once -#include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp" #include "barretenberg/flavor/goblin_translator.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" -#include "barretenberg/transcript/transcript.hpp" namespace proof_system::honk { @@ -52,8 +50,6 @@ class GoblinTranslatorProver { sumcheck::SumcheckOutput sumcheck_output; - using ZeroMorph = pcs::zeromorph::ZeroMorphProver_; - private: plonk::proof proof; }; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 67cdf8606aa2..fbf2aed1de64 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -1,9 +1,7 @@ #include "./goblin_translator_verifier.hpp" #include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp" -#include "barretenberg/flavor/goblin_translator.hpp" #include "barretenberg/honk/proof_system/power_polynomial.hpp" -#include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/sumcheck/sumcheck.hpp" #include "barretenberg/transcript/transcript.hpp" using namespace barretenberg; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index 39a5b10cbdf3..0bbe9aec53b4 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -2,7 +2,6 @@ #include "barretenberg/flavor/goblin_translator.hpp" #include "barretenberg/goblin/translation_evaluations.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" -#include "barretenberg/sumcheck/sumcheck.hpp" namespace proof_system::honk { class GoblinTranslatorVerifier { From 87a4438d5e0658d17fc643cdb31929cf4786c0ea Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 04:33:40 +0000 Subject: [PATCH 18/39] Revert "Remove one unneeded layer of copying." This reverts commit 835e77e47edf32f6e92eaae13cadbe4dc39ad583. --- .../goblin_translator_composer.cpp | 112 +++++++++++++++++- .../goblin_translator_composer.hpp | 5 +- 2 files changed, 107 insertions(+), 10 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 6dd48e4ab08b..c6424b202323 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -62,26 +62,126 @@ void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& c * @return std::vector * */ -void GoblinTranslatorComposer::construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder) +std::vector construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder, + const size_t dyadic_circuit_size) { + const size_t num_gates = circuit_builder.num_gates; + + std::vector wire_polynomials; + // Populate the wire polynomials with values from conventional wires - // WORKTODO: leave note on moving these vectors instead - for (auto [poly, wire] : zip_view(proving_key->get_wires(), circuit_builder.wires)) { - std::copy(wire.begin(), wire.end(), poly.begin()); + for (size_t wire_idx = 0; wire_idx < Flavor::NUM_WIRES; ++wire_idx) { + + // Expect all values to be set to 0 initially + // TODO(kesha): fix for sparse polynomials; WORKTODO: what's this? + Polynomial w_lagrange(dyadic_circuit_size); + + // Insert conventional gate wire values into the wire polynomial + for (size_t i = 0; i < num_gates; ++i) { + auto& wire = circuit_builder.wires[wire_idx]; + w_lagrange[i] = circuit_builder.get_variable(wire[i]); + } + + wire_polynomials.push_back(std::move(w_lagrange)); } + return wire_polynomials; } /** * @brief Compute witness polynomials + * */ -void GoblinTranslatorComposer::compute_witness(const CircuitBuilder& circuit_builder) +void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_builder) { if (computed_witness) { return; } // Construct the conventional wire polynomials - construct_wire_polynomials_base_goblin_translator(circuit_builder); + auto wire_polynomials = construct_wire_polynomials_base_goblin_translator(circuit_builder, dyadic_circuit_size); + + // Most of the witness polynomials are the original wire polynomials + proving_key->op = wire_polynomials[0]; + proving_key->x_lo_y_hi = wire_polynomials[1]; + proving_key->x_hi_z_1 = wire_polynomials[2]; + proving_key->y_lo_z_2 = wire_polynomials[3]; + proving_key->p_x_low_limbs = wire_polynomials[4]; + proving_key->p_x_low_limbs_range_constraint_0 = wire_polynomials[5]; + proving_key->p_x_low_limbs_range_constraint_1 = wire_polynomials[6]; + proving_key->p_x_low_limbs_range_constraint_2 = wire_polynomials[7]; + proving_key->p_x_low_limbs_range_constraint_3 = wire_polynomials[8]; + proving_key->p_x_low_limbs_range_constraint_4 = wire_polynomials[9]; + proving_key->p_x_low_limbs_range_constraint_tail = wire_polynomials[10]; + proving_key->p_x_high_limbs = wire_polynomials[11]; + proving_key->p_x_high_limbs_range_constraint_0 = wire_polynomials[12]; + proving_key->p_x_high_limbs_range_constraint_1 = wire_polynomials[13]; + proving_key->p_x_high_limbs_range_constraint_2 = wire_polynomials[14]; + proving_key->p_x_high_limbs_range_constraint_3 = wire_polynomials[15]; + proving_key->p_x_high_limbs_range_constraint_4 = wire_polynomials[16]; + proving_key->p_x_high_limbs_range_constraint_tail = wire_polynomials[17]; + proving_key->p_y_low_limbs = wire_polynomials[18]; + proving_key->p_y_low_limbs_range_constraint_0 = wire_polynomials[19]; + proving_key->p_y_low_limbs_range_constraint_1 = wire_polynomials[20]; + proving_key->p_y_low_limbs_range_constraint_2 = wire_polynomials[21]; + proving_key->p_y_low_limbs_range_constraint_3 = wire_polynomials[22]; + proving_key->p_y_low_limbs_range_constraint_4 = wire_polynomials[23]; + proving_key->p_y_low_limbs_range_constraint_tail = wire_polynomials[24]; + proving_key->p_y_high_limbs = wire_polynomials[25]; + proving_key->p_y_high_limbs_range_constraint_0 = wire_polynomials[26]; + proving_key->p_y_high_limbs_range_constraint_1 = wire_polynomials[27]; + proving_key->p_y_high_limbs_range_constraint_2 = wire_polynomials[28]; + proving_key->p_y_high_limbs_range_constraint_3 = wire_polynomials[29]; + proving_key->p_y_high_limbs_range_constraint_4 = wire_polynomials[30]; + proving_key->p_y_high_limbs_range_constraint_tail = wire_polynomials[31]; + proving_key->z_low_limbs = wire_polynomials[32]; + proving_key->z_low_limbs_range_constraint_0 = wire_polynomials[33]; + proving_key->z_low_limbs_range_constraint_1 = wire_polynomials[34]; + proving_key->z_low_limbs_range_constraint_2 = wire_polynomials[35]; + proving_key->z_low_limbs_range_constraint_3 = wire_polynomials[36]; + proving_key->z_low_limbs_range_constraint_4 = wire_polynomials[37]; + proving_key->z_low_limbs_range_constraint_tail = wire_polynomials[38]; + proving_key->z_high_limbs = wire_polynomials[39]; + proving_key->z_high_limbs_range_constraint_0 = wire_polynomials[40]; + proving_key->z_high_limbs_range_constraint_1 = wire_polynomials[41]; + proving_key->z_high_limbs_range_constraint_2 = wire_polynomials[42]; + proving_key->z_high_limbs_range_constraint_3 = wire_polynomials[43]; + proving_key->z_high_limbs_range_constraint_4 = wire_polynomials[44]; + proving_key->z_high_limbs_range_constraint_tail = wire_polynomials[45]; + proving_key->accumulators_binary_limbs_0 = wire_polynomials[46]; + proving_key->accumulators_binary_limbs_1 = wire_polynomials[47]; + proving_key->accumulators_binary_limbs_2 = wire_polynomials[48]; + proving_key->accumulators_binary_limbs_3 = wire_polynomials[49]; + proving_key->accumulator_low_limbs_range_constraint_0 = wire_polynomials[50]; + proving_key->accumulator_low_limbs_range_constraint_1 = wire_polynomials[51]; + proving_key->accumulator_low_limbs_range_constraint_2 = wire_polynomials[52]; + proving_key->accumulator_low_limbs_range_constraint_3 = wire_polynomials[53]; + proving_key->accumulator_low_limbs_range_constraint_4 = wire_polynomials[54]; + proving_key->accumulator_low_limbs_range_constraint_tail = wire_polynomials[55]; + proving_key->accumulator_high_limbs_range_constraint_0 = wire_polynomials[56]; + proving_key->accumulator_high_limbs_range_constraint_1 = wire_polynomials[57]; + proving_key->accumulator_high_limbs_range_constraint_2 = wire_polynomials[58]; + proving_key->accumulator_high_limbs_range_constraint_3 = wire_polynomials[59]; + proving_key->accumulator_high_limbs_range_constraint_4 = wire_polynomials[60]; + proving_key->accumulator_high_limbs_range_constraint_tail = wire_polynomials[61]; + proving_key->quotient_low_binary_limbs = wire_polynomials[62]; + proving_key->quotient_high_binary_limbs = wire_polynomials[63]; + proving_key->quotient_low_limbs_range_constraint_0 = wire_polynomials[64]; + proving_key->quotient_low_limbs_range_constraint_1 = wire_polynomials[65]; + proving_key->quotient_low_limbs_range_constraint_2 = wire_polynomials[66]; + proving_key->quotient_low_limbs_range_constraint_3 = wire_polynomials[67]; + proving_key->quotient_low_limbs_range_constraint_4 = wire_polynomials[68]; + proving_key->quotient_low_limbs_range_constraint_tail = wire_polynomials[69]; + proving_key->quotient_high_limbs_range_constraint_0 = wire_polynomials[70]; + proving_key->quotient_high_limbs_range_constraint_1 = wire_polynomials[71]; + proving_key->quotient_high_limbs_range_constraint_2 = wire_polynomials[72]; + proving_key->quotient_high_limbs_range_constraint_3 = wire_polynomials[73]; + proving_key->quotient_high_limbs_range_constraint_4 = wire_polynomials[74]; + proving_key->quotient_high_limbs_range_constraint_tail = wire_polynomials[75]; + proving_key->relation_wide_limbs = wire_polynomials[76]; + proving_key->relation_wide_limbs_range_constraint_0 = wire_polynomials[77]; + proving_key->relation_wide_limbs_range_constraint_1 = wire_polynomials[78]; + proving_key->relation_wide_limbs_range_constraint_2 = wire_polynomials[79]; + proving_key->relation_wide_limbs_range_constraint_3 = wire_polynomials[80]; // We construct concatenated versions of range constraint polynomials, where several polynomials are concatenated // into one. These polynomials are not commited to. diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index 14452ad6ee7e..749151b3ebee 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -50,7 +50,7 @@ class GoblinTranslatorComposer { void compute_circuit_size_parameters(CircuitBuilder& circuit_builder); - void compute_witness(const CircuitBuilder& circuit_builder); + void compute_witness(CircuitBuilder& circuit_builder); GoblinTranslatorProver create_prover(CircuitBuilder& circuit_builder); GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_builder); @@ -64,8 +64,5 @@ class GoblinTranslatorComposer { commitment_key = std::make_shared(circuit_size, crs_factory_); return commitment_key; }; - - private: - void construct_wire_polynomials_base_goblin_translator(const CircuitBuilder& circuit_builder); }; } // namespace proof_system::honk \ No newline at end of file From 6e2edd34ba8faa23d72fe742ac8fd0a4a7d479a8 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 04:36:58 +0000 Subject: [PATCH 19/39] temp add -ftime-trace --- barretenberg/cpp/CMakePresets.json | 4 +++- .../barretenberg/translator_vm/goblin_translator_verifier.cpp | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/CMakePresets.json b/barretenberg/cpp/CMakePresets.json index b87e10709b63..8232c5202f22 100644 --- a/barretenberg/cpp/CMakePresets.json +++ b/barretenberg/cpp/CMakePresets.json @@ -38,7 +38,9 @@ "inherits": "default", "environment": { "CC": "clang-16", - "CXX": "clang++-16" + "CXX": "clang++-16", + "CXXFLAGS":"-ftime-trace" + } }, { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index fbf2aed1de64..51e982ea4d1a 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -95,6 +95,10 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, return transcript.template receive_from_prover(label); }; + // for (auto [commitment, label] : zip_view(commitments.pointer_view(), commitment_labels.pointer_view())){ + // *commitment = receive_commitment(*label); + // } + commitments.op = receive_commitment(commitment_labels.op); commitments.x_lo_y_hi = receive_commitment(commitment_labels.x_lo_y_hi); commitments.x_hi_z_1 = receive_commitment(commitment_labels.x_hi_z_1); From 32439fb396aa333c50969f94bc552efe920870ab Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 04:42:04 +0000 Subject: [PATCH 20/39] Make bb-tests run translator_vm_tests --- barretenberg/cpp/scripts/bb-tests.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/barretenberg/cpp/scripts/bb-tests.sh b/barretenberg/cpp/scripts/bb-tests.sh index d0ca404757e1..0c16f66e55b3 100755 --- a/barretenberg/cpp/scripts/bb-tests.sh +++ b/barretenberg/cpp/scripts/bb-tests.sh @@ -35,6 +35,7 @@ TESTS=( srs_tests sumcheck_tests transcript_tests + translator_vm_tests ultra_honk_tests ) TESTS_STR="${TESTS[@]}" From 2e5b73573a592c99fd946bd884858a8ac5c2a471 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sun, 19 Nov 2023 04:50:22 +0000 Subject: [PATCH 21/39] Leave note on reverted block --- .../barretenberg/translator_vm/goblin_translator_composer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index c6424b202323..880e5f91a29c 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -68,7 +68,7 @@ std::vector construct_wire_polynomials_base_goblin_translator(const const size_t num_gates = circuit_builder.num_gates; std::vector wire_polynomials; - + // WORKTODO: note double(?) inefficiency here // Populate the wire polynomials with values from conventional wires for (size_t wire_idx = 0; wire_idx < Flavor::NUM_WIRES; ++wire_idx) { From c37a199bd3aef7c3c95a7550a8ad5666fd014af4 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 15:35:58 +0000 Subject: [PATCH 22/39] Link TODO to issue --- .../cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp index ae9658779b81..18154ce5ec00 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp @@ -224,7 +224,8 @@ TYPED_TEST_SUITE(ECCVMTranscriptTests, FlavorTypes); */ TYPED_TEST(ECCVMTranscriptTests, ProverManifestConsistency) { - GTEST_SKIP() << "WORKTODO: update and reinstate after the protocol is finalized."; + GTEST_SKIP() << "TODO(https://github.com/AztecProtocol/barretenberg/issues/782): update and reinstate after the " + "protocol is finalized."; using Flavor = TypeParam; // Construct a simple circuit @@ -253,7 +254,8 @@ TYPED_TEST(ECCVMTranscriptTests, ProverManifestConsistency) */ TYPED_TEST(ECCVMTranscriptTests, VerifierManifestConsistency) { - GTEST_SKIP() << "WORKTODO: update and reinstate after the protocol is finalized."; + GTEST_SKIP() << "TODO(https://github.com/AztecProtocol/barretenberg/issues/782): update and reinstate after the " + "protocol is finalized."; using Flavor = TypeParam; @@ -307,7 +309,8 @@ TYPED_TEST(ECCVMTranscriptTests, ChallengeGenerationTest) TYPED_TEST(ECCVMTranscriptTests, StructureTest) { - GTEST_SKIP() << "WORKTODO: update and reinstate after the protocol is finalized."; + GTEST_SKIP() << "TODO(https://github.com/AztecProtocol/barretenberg/issues/782): update and reinstate after the " + "protocol is finalized."; using Flavor = TypeParam; From b242bc70a4ac68cbccb5c5b3fc6027e4194994da Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 16:42:50 +0000 Subject: [PATCH 23/39] Resolve some TODOs --- .../cpp/src/barretenberg/flavor/goblin_translator.hpp | 2 +- .../barretenberg/goblin/full_goblin_composer.test.cpp | 9 +++------ .../circuit_builder/eccvm/eccvm_circuit_builder.hpp | 1 + .../goblin_translator_circuit_builder.cpp | 10 +++++----- .../goblin_translator_circuit_builder.hpp | 6 ++++-- .../translator_vm/goblin_translator_composer.cpp | 5 +---- .../cpp/src/barretenberg/ultra_honk/ultra_composer.hpp | 4 ++-- 7 files changed, 17 insertions(+), 20 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index e746893d9364..5d018ef3f38e 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -1675,7 +1675,7 @@ class GoblinTranslator { } }; - using Transcript = BaseTranscript; // WORKTODO: leave IOU? + using Transcript = BaseTranscript; }; } // namespace proof_system::honk::flavor diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index c8049409a108..64ac6bbaf9ef 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -128,7 +128,7 @@ class FullGoblinComposerTests : public ::testing::Test { static bool construct_and_verify_merge_proof(GoblinUltraComposer& composer, std::shared_ptr& op_queue) { auto merge_prover = composer.create_merge_prover(op_queue); - auto merge_verifier = composer.create_merge_verifier(10); // WORKTODO: What is this 10? + auto merge_verifier = composer.create_merge_verifier(/*srs_size=*/10); auto merge_proof = merge_prover.construct_proof(); bool verified = merge_verifier.verify_proof(merge_proof); @@ -145,7 +145,6 @@ class FullGoblinComposerTests : public ::testing::Test { */ TEST_F(FullGoblinComposerTests, SimpleCircuit) { - // WORKTODO: put this in a class auto op_queue = std::make_shared(); // Add mock data to op queue to simulate interaction with a "first" circuit @@ -171,6 +170,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) } // Execute the ECCVM + // WORKTODO: feed BN254 commitments to ECCVM auto eccvm_builder = ECCVMBuilder(op_queue->raw_ops); auto eccvm_composer = ECCVMComposer(); auto eccvm_prover = eccvm_composer.create_prover(eccvm_builder); @@ -183,7 +183,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) auto batching_challenge = Fbase::random_element(); // WORKTODO: where is this derived? auto evaluation_input = eccvm_prover.evaluation_challenge_x; auto translator_builder = - TranslatorBuilder(batching_challenge, evaluation_input, *op_queue); // WORKTODO: take pointer or ref + TranslatorBuilder(batching_challenge, evaluation_input, op_queue); // WORKTODO: take pointer or ref auto translator_composer = TranslatorComposer(); auto translator_prover = translator_composer.create_prover(translator_builder); auto translator_verifier = translator_composer.create_verifier(translator_builder); @@ -191,7 +191,4 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) bool translator_verified = translator_verifier.verify_proof(translator_proof, eccvm_prover.translation_evaluations); EXPECT_TRUE(translator_verified); } - -// WORKTODO: write more tests - } // namespace test_full_goblin_composer diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp index 765d3f0841e4..2ec0800afaa4 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp @@ -42,6 +42,7 @@ template class ECCVMCircuitBuilder { ECCVMCircuitBuilder() = default; + // WORKTODO: are these not making it to the ECCVM? ECCVMCircuitBuilder(std::vector vm_operations) : vm_operations(vm_operations){}; diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.cpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.cpp index 9384ef1f86db..ee95fd30105b 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.cpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.cpp @@ -599,12 +599,12 @@ GoblinTranslatorCircuitBuilder::AccumulationInput compute_witness_values_for_one batching_challenge_v, evaluation_input_x); } -void GoblinTranslatorCircuitBuilder::feed_ecc_op_queue_into_circuit(ECCOpQueue& ecc_op_queue) +void GoblinTranslatorCircuitBuilder::feed_ecc_op_queue_into_circuit(std::shared_ptr ecc_op_queue) { using Fq = barretenberg::fq; std::vector accumulator_trace; Fq current_accumulator(0); - if (ecc_op_queue.raw_ops.empty()) { + if (ecc_op_queue->raw_ops.empty()) { return; } // Rename for ease of use @@ -613,8 +613,8 @@ void GoblinTranslatorCircuitBuilder::feed_ecc_op_queue_into_circuit(ECCOpQueue& // We need to precompute the accumulators at each step, because in the actual circuit we compute the values starting // from the later indices. We need to know the previous accumulator to create the gate - for (size_t i = 0; i < ecc_op_queue.raw_ops.size(); i++) { - auto& ecc_op = ecc_op_queue.raw_ops[ecc_op_queue.raw_ops.size() - 1 - i]; + for (size_t i = 0; i < ecc_op_queue->raw_ops.size(); i++) { + auto& ecc_op = ecc_op_queue->raw_ops[ecc_op_queue->raw_ops.size() - 1 - i]; current_accumulator *= x; current_accumulator += (Fq(ecc_op.get_opcode_value()) + @@ -625,7 +625,7 @@ void GoblinTranslatorCircuitBuilder::feed_ecc_op_queue_into_circuit(ECCOpQueue& // We don't care about the last value since we'll recompute it during witness generation anyway accumulator_trace.pop_back(); - for (auto& raw_op : ecc_op_queue.raw_ops) { + for (auto& raw_op : ecc_op_queue->raw_ops) { Fq previous_accumulator = 0; // Pop the last value from accumulator trace and use it as previous accumulator if (!accumulator_trace.empty()) { diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp index ed750c7167a6..92164873e442 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp @@ -359,7 +359,9 @@ class GoblinTranslatorCircuitBuilder : public CircuitBuilderBase op_queue) : GoblinTranslatorCircuitBuilder(batching_challenge_v_, evaluation_input_x_) { feed_ecc_op_queue_into_circuit(op_queue); @@ -446,7 +448,7 @@ class GoblinTranslatorCircuitBuilder : public CircuitBuilderBase ecc_op_queue); /** * @brief Check the witness satisifies the circuit diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 880e5f91a29c..fb013819e392 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -58,7 +58,7 @@ void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& c * @tparam Flavor provides the circuit constructor type and the number of wires. * @param circuit_builder * @param dyadic_circuit_size Power of 2 circuit size - * + * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/783) Optimize memory operatations. * @return std::vector * */ @@ -68,12 +68,9 @@ std::vector construct_wire_polynomials_base_goblin_translator(const const size_t num_gates = circuit_builder.num_gates; std::vector wire_polynomials; - // WORKTODO: note double(?) inefficiency here // Populate the wire polynomials with values from conventional wires for (size_t wire_idx = 0; wire_idx < Flavor::NUM_WIRES; ++wire_idx) { - // Expect all values to be set to 0 initially - // TODO(kesha): fix for sparse polynomials; WORKTODO: what's this? Polynomial w_lagrange(dyadic_circuit_size); // Insert conventional gate wire values into the wire polynomial diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index 1bfe511be462..46970f5730cc 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -92,9 +92,9 @@ template class UltraComposer_ { * @param size Size of commitment key required to commit to shifted op queue contribution t_i * @return MergeVerifier_ */ - MergeVerifier_ create_merge_verifier(size_t size) + MergeVerifier_ create_merge_verifier(size_t srs_size) { - auto pcs_verification_key = std::make_unique(size, crs_factory_); + auto pcs_verification_key = std::make_unique(srs_size, crs_factory_); return MergeVerifier_(std::move(pcs_verification_key)); } From 95cb5202ae86e10814d72c661d81e574810254eb Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 18:31:56 +0000 Subject: [PATCH 24/39] Separate translation check. --- .../goblin/full_goblin_composer.test.cpp | 5 +- .../goblin_translator_composer.test.cpp | 8 +-- .../goblin_translator_verifier.cpp | 59 +++++-------------- .../goblin_translator_verifier.hpp | 59 ++++++++++++++++--- 4 files changed, 71 insertions(+), 60 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 64ac6bbaf9ef..bc4901f57a08 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -188,7 +188,8 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) auto translator_prover = translator_composer.create_prover(translator_builder); auto translator_verifier = translator_composer.create_verifier(translator_builder); auto translator_proof = translator_prover.construct_proof(); - bool translator_verified = translator_verifier.verify_proof(translator_proof, eccvm_prover.translation_evaluations); - EXPECT_TRUE(translator_verified); + bool accumulator_construction_verified = translator_verifier.verify_proof(translator_proof); + bool translation_verified = translator_verifier.verify_translation(eccvm_prover.translation_evaluations); + EXPECT_TRUE(accumulator_construction_verified && translation_verified); } } // namespace test_full_goblin_composer diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp index d38e2e0b4e21..31b8950e0ba9 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp @@ -36,7 +36,7 @@ void prove_and_verify(auto& circuit_constructor, auto& composer, bool expected_r auto prover = composer.create_prover(circuit_constructor); auto verifier = composer.create_verifier(circuit_constructor); auto proof = prover.construct_proof(); - bool verified = verifier.verify_proof(proof, { /* WORKTODO: Move last piece of translation out. */ }); + bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); }; @@ -69,10 +69,10 @@ TEST_F(GoblinTranslatorComposerTests, Basic) auto z = scalar::random_element(); // Add the same operations to the ECC op queue; the native computation is performed under the hood. - proof_system::ECCOpQueue op_queue; + auto op_queue = std::make_shared(); for (size_t i = 0; i < 500; i++) { - op_queue.add_accumulate(P1); - op_queue.mul_accumulate(P2, z); + op_queue->add_accumulate(P1); + op_queue->mul_accumulate(P2, z); } Fq batching_challenge = Fq::random_element(); Fq x = Fq::random_element(); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 51e982ea4d1a..66bc89a8da6e 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -29,23 +29,14 @@ GoblinTranslatorVerifier& GoblinTranslatorVerifier::operator=(GoblinTranslatorVe /** * @brief This function verifies an GoblinTranslator Honk proof for given program settings. - * */ - -bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, - const TranslationEvaluations& translation_evaluations) +bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) { - using FF = typename Flavor::FF; - using BF = typename Flavor::BF; - using Commitment = typename Flavor::Commitment; using Curve = typename Flavor::Curve; using ZeroMorph = pcs::zeromorph::ZeroMorphVerifier_; using VerifierCommitments = typename Flavor::VerifierCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; - const size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; - RelationParameters relation_parameters; - transcript = BaseTranscript{ proof.proof_data }; auto commitments = VerifierCommitments(key, transcript); @@ -55,37 +46,12 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, const auto circuit_size = transcript.template receive_from_prover("circuit_size"); evaluation_input_x = transcript.template receive_from_prover("evaluation_input_x"); batching_challenge_v = transcript.template receive_from_prover("batching_challenge_v"); + const auto uint_accumulated_result = uint256_t(transcript.template receive_from_prover("accumulated_result")); - auto uint_evaluation_input = uint256_t(evaluation_input_x); - relation_parameters.evaluation_input_x = { uint_evaluation_input.slice(0, NUM_LIMB_BITS), - uint_evaluation_input.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), - uint_evaluation_input.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), - uint_evaluation_input.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), - uint_evaluation_input }; - relation_parameters.accumulated_result = { - uint_accumulated_result.slice(0, NUM_LIMB_BITS), - uint_accumulated_result.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), - uint_accumulated_result.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), - uint_accumulated_result.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), - }; - std::vector uint_batching_challenge_powers; - uint_batching_challenge_powers.emplace_back(batching_challenge_v); - auto running_power = batching_challenge_v * batching_challenge_v; - uint_batching_challenge_powers.emplace_back(running_power); - running_power *= batching_challenge_v; - uint_batching_challenge_powers.emplace_back(running_power); - running_power *= batching_challenge_v; - uint_batching_challenge_powers.emplace_back(running_power); + auto uint_evaluation_input = static_cast(evaluation_input_x); + + put_translation_data_in_relation_parameters(uint_evaluation_input, batching_challenge_v, uint_accumulated_result); - for (size_t i = 0; i < 4; i++) { - relation_parameters.batching_challenge_v[i] = { - uint_batching_challenge_powers[i].slice(0, NUM_LIMB_BITS), - uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), - uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), - uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), - uint_batching_challenge_powers[i] - }; - } if (circuit_size != key->circuit_size) { return false; } @@ -276,7 +242,12 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, auto verified = pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]); - const auto reconstruct_from_array = [](const auto& arr) { + return verified; +} + +bool GoblinTranslatorVerifier::verify_translation(const TranslationEvaluations& translation_evaluations) +{ + const auto reconstruct_from_array = [&](const auto& arr) { const BF elt_0 = (static_cast(arr[0])); const BF elt_1 = (static_cast(arr[1]) << 68); const BF elt_2 = (static_cast(arr[2]) << 136); @@ -304,11 +275,9 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof, return x * accumulated_result == eccvm_opening; }; - bool value_reconstructed = reconstruct_value_from_eccvm_evaluations(translation_evaluations, relation_parameters); - - verified &= value_reconstructed; - - return verified; + bool is_value_reconstructed = + reconstruct_value_from_eccvm_evaluations(translation_evaluations, relation_parameters); + return is_value_reconstructed; } } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index 0bbe9aec53b4..c1b05a10c00e 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -5,6 +5,7 @@ namespace proof_system::honk { class GoblinTranslatorVerifier { + public: using Flavor = honk::flavor::GoblinTranslator; using FF = typename Flavor::FF; using BF = typename Flavor::BF; @@ -13,15 +14,6 @@ class GoblinTranslatorVerifier { using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using TranslationEvaluations = barretenberg::TranslationEvaluations; - public: - explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); - GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept; - GoblinTranslatorVerifier(const GoblinTranslatorVerifier& other) = delete; - GoblinTranslatorVerifier& operator=(const GoblinTranslatorVerifier& other) = delete; - GoblinTranslatorVerifier& operator=(GoblinTranslatorVerifier&& other) noexcept; - ~GoblinTranslatorVerifier() = default; - - bool verify_proof(const plonk::proof& proof, const TranslationEvaluations& translation_evaluations); BF evaluation_input_x = 0; BF batching_challenge_v = 0; std::shared_ptr key; @@ -29,5 +21,54 @@ class GoblinTranslatorVerifier { std::map pcs_fr_elements; std::shared_ptr pcs_verification_key; BaseTranscript transcript; + RelationParameters relation_parameters; + + // WORKTODO: kill these + explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); + GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept; + GoblinTranslatorVerifier(const GoblinTranslatorVerifier& other) = delete; + GoblinTranslatorVerifier& operator=(const GoblinTranslatorVerifier& other) = delete; + GoblinTranslatorVerifier& operator=(GoblinTranslatorVerifier&& other) noexcept; + ~GoblinTranslatorVerifier() = default; + + void put_translation_data_in_relation_parameters(const uint256_t& evaluation_input_x, + const BF& batching_challenge_v, + const uint256_t& accumulated_result) + { + constexpr size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; + + relation_parameters.evaluation_input_x = { evaluation_input_x.slice(0, NUM_LIMB_BITS), + evaluation_input_x.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + evaluation_input_x.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + evaluation_input_x.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + evaluation_input_x }; + relation_parameters.accumulated_result = { + accumulated_result.slice(0, NUM_LIMB_BITS), + accumulated_result.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + accumulated_result.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + accumulated_result.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + }; + + std::vector uint_batching_challenge_powers; + uint_batching_challenge_powers.emplace_back(batching_challenge_v); + auto running_power = batching_challenge_v * batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + running_power *= batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + running_power *= batching_challenge_v; + uint_batching_challenge_powers.emplace_back(running_power); + + for (size_t i = 0; i < 4; i++) { + relation_parameters.batching_challenge_v[i] = { + uint_batching_challenge_powers[i].slice(0, NUM_LIMB_BITS), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + uint_batching_challenge_powers[i] + }; + } + }; + bool verify_proof(const plonk::proof& proof); + bool verify_translation(const TranslationEvaluations& translation_evaluations); }; } // namespace proof_system::honk From e83fa583ee362bb1400a4648566c7245c228bfcd Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 18:59:49 +0000 Subject: [PATCH 25/39] Refactor previous commit --- .../goblin_translator_verifier.cpp | 38 +++++++++++++++++-- .../goblin_translator_verifier.hpp | 37 +----------------- 2 files changed, 36 insertions(+), 39 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 66bc89a8da6e..a1944485cdc1 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -27,6 +27,39 @@ GoblinTranslatorVerifier& GoblinTranslatorVerifier::operator=(GoblinTranslatorVe return *this; } +void GoblinTranslatorVerifier::put_translation_data_in_relation_parameters(const uint256_t& evaluation_input_x, + const BF& batching_challenge_v, + const uint256_t& accumulated_result) +{ + + const auto compute_four_limbs = [](const auto& in) { + constexpr size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; + return std::array{ in.slice(0, NUM_LIMB_BITS), + in.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + in.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + in.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4) }; + }; + + const auto compute_five_limbs = [](const auto& in) { + constexpr size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; + return std::array{ in.slice(0, NUM_LIMB_BITS), + in.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), + in.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), + in.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), + in }; + }; + + relation_parameters.evaluation_input_x = compute_five_limbs(evaluation_input_x); + + uint256_t batching_challenge_v_power{ batching_challenge_v }; + for (size_t i = 0; i < 4; i++) { + relation_parameters.batching_challenge_v[i] = compute_five_limbs(batching_challenge_v_power); + batching_challenge_v_power = BF(batching_challenge_v_power) * batching_challenge_v; + } + + relation_parameters.accumulated_result = compute_four_limbs(accumulated_result); +}; + /** * @brief This function verifies an GoblinTranslator Honk proof for given program settings. */ @@ -47,10 +80,9 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) evaluation_input_x = transcript.template receive_from_prover("evaluation_input_x"); batching_challenge_v = transcript.template receive_from_prover("batching_challenge_v"); - const auto uint_accumulated_result = uint256_t(transcript.template receive_from_prover("accumulated_result")); - auto uint_evaluation_input = static_cast(evaluation_input_x); + const BF accumulated_result = transcript.template receive_from_prover("accumulated_result"); - put_translation_data_in_relation_parameters(uint_evaluation_input, batching_challenge_v, uint_accumulated_result); + put_translation_data_in_relation_parameters(evaluation_input_x, batching_challenge_v, accumulated_result); if (circuit_size != key->circuit_size) { return false; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index c1b05a10c00e..ff49cd546ce1 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -23,7 +23,6 @@ class GoblinTranslatorVerifier { BaseTranscript transcript; RelationParameters relation_parameters; - // WORKTODO: kill these explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept; GoblinTranslatorVerifier(const GoblinTranslatorVerifier& other) = delete; @@ -33,41 +32,7 @@ class GoblinTranslatorVerifier { void put_translation_data_in_relation_parameters(const uint256_t& evaluation_input_x, const BF& batching_challenge_v, - const uint256_t& accumulated_result) - { - constexpr size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; - - relation_parameters.evaluation_input_x = { evaluation_input_x.slice(0, NUM_LIMB_BITS), - evaluation_input_x.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), - evaluation_input_x.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), - evaluation_input_x.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), - evaluation_input_x }; - relation_parameters.accumulated_result = { - accumulated_result.slice(0, NUM_LIMB_BITS), - accumulated_result.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), - accumulated_result.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), - accumulated_result.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), - }; - - std::vector uint_batching_challenge_powers; - uint_batching_challenge_powers.emplace_back(batching_challenge_v); - auto running_power = batching_challenge_v * batching_challenge_v; - uint_batching_challenge_powers.emplace_back(running_power); - running_power *= batching_challenge_v; - uint_batching_challenge_powers.emplace_back(running_power); - running_power *= batching_challenge_v; - uint_batching_challenge_powers.emplace_back(running_power); - - for (size_t i = 0; i < 4; i++) { - relation_parameters.batching_challenge_v[i] = { - uint_batching_challenge_powers[i].slice(0, NUM_LIMB_BITS), - uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2), - uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3), - uint_batching_challenge_powers[i].slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4), - uint_batching_challenge_powers[i] - }; - } - }; + const uint256_t& accumulated_result); bool verify_proof(const plonk::proof& proof); bool verify_translation(const TranslationEvaluations& translation_evaluations); }; From f8ee99607da1fbd01c5845f850212d55c9e7d8e7 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 19:14:15 +0000 Subject: [PATCH 26/39] Wrap opqueue in shared_ptr --- .../goblin_translator_circuit_builder.test.cpp | 14 +++++++------- .../ultra_honk/relation_correctness.test.cpp | 10 +++++----- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.test.cpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.test.cpp index 6c3b10b33c46..cd0192840698 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.test.cpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.test.cpp @@ -87,9 +87,9 @@ TEST(GoblinTranslatorCircuitBuilder, SeveralOperationCorrectness) auto z = scalar::random_element(); // Add the same operations to the ECC op queue; the native computation is performed under the hood. - ECCOpQueue op_queue; - op_queue.add_accumulate(P1); - op_queue.mul_accumulate(P2, z); + auto op_queue = std::make_shared(); + op_queue->add_accumulate(P1); + op_queue->mul_accumulate(P2, z); Fq op_accumulator = 0; Fq p_x_accumulator = 0; Fq p_y_accumulator = 0; @@ -97,22 +97,22 @@ TEST(GoblinTranslatorCircuitBuilder, SeveralOperationCorrectness) Fq z_2_accumulator = 0; Fq batching_challenge = fq::random_element(); - op_queue.eq(); - op_queue.empty_row(); + op_queue->eq(); + op_queue->empty_row(); // Sample the evaluation input x Fq x = Fq::random_element(); // Get an inverse Fq x_inv = x.invert(); // Compute the batched evaluation of polynomials (multiplying by inverse to go from lower to higher) - for (auto& ecc_op : op_queue.raw_ops) { + for (auto& ecc_op : op_queue->raw_ops) { op_accumulator = op_accumulator * x_inv + ecc_op.get_opcode_value(); p_x_accumulator = p_x_accumulator * x_inv + ecc_op.base_point.x; p_y_accumulator = p_y_accumulator * x_inv + ecc_op.base_point.y; z_1_accumulator = z_1_accumulator * x_inv + ecc_op.z1; z_2_accumulator = z_2_accumulator * x_inv + ecc_op.z2; } - Fq x_pow = x.pow(op_queue.raw_ops.size() - 1); + Fq x_pow = x.pow(op_queue->raw_ops.size() - 1); // Multiply by an appropriate power of x to get rid of the inverses Fq result = ((((z_2_accumulator * batching_challenge + z_1_accumulator) * batching_challenge + p_y_accumulator) * diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp index 8e464abbd4c6..68a0461d7c8c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp @@ -1076,22 +1076,22 @@ TEST_F(RelationCorrectnessTests, GoblinTranslatorNonNativeRelationCorrectness) auto& engine = numeric::random::get_debug_engine(); - proof_system::ECCOpQueue op_queue; + auto op_queue = std::make_shared(); // Generate random EccOpQueue actions for (size_t i = 0; i < ((Flavor::MINI_CIRCUIT_SIZE >> 1) - 1); i++) { switch (engine.get_random_uint8() & 3) { case 0: - op_queue.empty_row(); + op_queue->empty_row(); break; case 1: - op_queue.eq(); + op_queue->eq(); break; case 2: - op_queue.add_accumulate(GroupElement::random_element(&engine)); + op_queue->add_accumulate(GroupElement::random_element(&engine)); break; case 3: - op_queue.mul_accumulate(GroupElement::random_element(&engine), FF::random_element(&engine)); + op_queue->mul_accumulate(GroupElement::random_element(&engine), FF::random_element(&engine)); break; } } From 7c5c08cc21edee2e721c64d170181e0b16aa7e42 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 19:21:01 +0000 Subject: [PATCH 27/39] Remove comments --- .../src/barretenberg/goblin/full_goblin_composer.test.cpp | 3 +-- .../cpp/src/barretenberg/ultra_honk/ultra_composer.hpp | 5 ----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index bc4901f57a08..9528b3d1f873 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -182,8 +182,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) // Execute the Translator auto batching_challenge = Fbase::random_element(); // WORKTODO: where is this derived? auto evaluation_input = eccvm_prover.evaluation_challenge_x; - auto translator_builder = - TranslatorBuilder(batching_challenge, evaluation_input, op_queue); // WORKTODO: take pointer or ref + auto translator_builder = TranslatorBuilder(batching_challenge, evaluation_input, op_queue); auto translator_composer = TranslatorComposer(); auto translator_prover = translator_composer.create_prover(translator_builder); auto translator_verifier = translator_composer.create_verifier(translator_builder); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index 46970f5730cc..d74c1f2cbcb8 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -56,11 +56,6 @@ template class UltraComposer_ { std::shared_ptr compute_commitment_key(size_t circuit_size) { - // // WORKTODO: this is too small for the merge prover - // if (commitment_key) { - // return commitment_key; - // } - commitment_key = std::make_shared(circuit_size, crs_factory_); return commitment_key; }; From 7700e9f93840e283c2113495f3eeafec888ca373 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 20:05:29 +0000 Subject: [PATCH 28/39] Pass Ops to ECCVM through OpQueue --- .../goblin/full_goblin_composer.test.cpp | 2 +- .../eccvm/eccvm_circuit_builder.hpp | 23 ++++++++++--------- .../ultra_honk/ultra_composer.hpp | 2 +- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 9528b3d1f873..37934eb7dc29 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -171,7 +171,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) // Execute the ECCVM // WORKTODO: feed BN254 commitments to ECCVM - auto eccvm_builder = ECCVMBuilder(op_queue->raw_ops); + auto eccvm_builder = ECCVMBuilder(op_queue); auto eccvm_composer = ECCVMComposer(); auto eccvm_prover = eccvm_composer.create_prover(eccvm_builder); auto eccvm_verifier = eccvm_composer.create_verifier(eccvm_builder); diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp index 2ec0800afaa4..a3abc3cc2e83 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp @@ -9,6 +9,7 @@ #include "barretenberg/flavor/ecc_vm.hpp" #include "barretenberg/honk/proof_system/lookup_library.hpp" #include "barretenberg/honk/proof_system/permutation_library.hpp" +#include "barretenberg/proof_system/op_queue/ecc_op_queue.hpp" #include "barretenberg/relations/relation_parameters.hpp" namespace proof_system { @@ -36,20 +37,20 @@ template class ECCVMCircuitBuilder { using MSM = proof_system_eccvm::MSM; using VMOperation = proof_system_eccvm::VMOperation; - std::vector vm_operations; + std::shared_ptr op_queue; using ScalarMul = proof_system_eccvm::ScalarMul; using AllPolynomials = typename Flavor::AllPolynomials; ECCVMCircuitBuilder() = default; // WORKTODO: are these not making it to the ECCVM? - ECCVMCircuitBuilder(std::vector vm_operations) - : vm_operations(vm_operations){}; + ECCVMCircuitBuilder(std::shared_ptr& op_queue) + : op_queue(op_queue){}; [[nodiscard]] uint32_t get_number_of_muls() const { uint32_t num_muls = 0; - for (auto& op : vm_operations) { + for (auto& op : op_queue->raw_ops) { if (op.mul) { if (op.z1 != 0) { num_muls++; @@ -145,7 +146,7 @@ template class ECCVMCircuitBuilder { } }; - for (auto& op : vm_operations) { + for (auto& op : op_queue->raw_ops) { if (op.mul) { process_mul(op.z1, op.base_point); process_mul(op.z2, AffineElement{ op.base_point.x * FF::cube_root_of_unity(), -op.base_point.y }); @@ -178,7 +179,7 @@ template class ECCVMCircuitBuilder { void add_accumulate(const AffineElement& to_add) { - vm_operations.emplace_back(VMOperation{ + op_queue->raw_ops.emplace_back(VMOperation{ .add = true, .mul = false, .eq = false, @@ -198,7 +199,7 @@ template class ECCVMCircuitBuilder { CycleScalar::split_into_endomorphism_scalars(converted, z1, z2); z1 = z1.to_montgomery_form(); z2 = z2.to_montgomery_form(); - vm_operations.emplace_back(VMOperation{ + op_queue->raw_ops.emplace_back(VMOperation{ .add = false, .mul = true, .eq = false, @@ -212,7 +213,7 @@ template class ECCVMCircuitBuilder { void eq_and_reset(const AffineElement& expected) { - vm_operations.emplace_back(VMOperation{ + op_queue->raw_ops.emplace_back(VMOperation{ .add = false, .mul = false, .eq = true, @@ -226,7 +227,7 @@ template class ECCVMCircuitBuilder { void empty_row() { - vm_operations.emplace_back(VMOperation{ + op_queue->raw_ops.emplace_back(VMOperation{ .add = false, .mul = false, .eq = false, @@ -323,7 +324,7 @@ template class ECCVMCircuitBuilder { std::array, 2> point_table_read_counts; const auto transcript_state = - ECCVMTranscriptBuilder::compute_transcript_state(vm_operations, get_number_of_muls()); + ECCVMTranscriptBuilder::compute_transcript_state(op_queue->raw_ops, get_number_of_muls()); const auto precompute_table_state = ECCVMPrecomputedTablesBuilder::compute_precompute_state(flattened_muls); const auto msm_state = @@ -576,7 +577,7 @@ template class ECCVMCircuitBuilder { std::array, 2> point_table_read_counts; const auto transcript_state = - ECCVMTranscriptBuilder::compute_transcript_state(vm_operations, get_number_of_muls()); + ECCVMTranscriptBuilder::compute_transcript_state(op_queue->raw_ops, get_number_of_muls()); const auto precompute_table_state = ECCVMPrecomputedTablesBuilder::compute_precompute_state(flattened_muls); const auto msm_state = diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index d74c1f2cbcb8..3cd04b03ff12 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -77,7 +77,7 @@ template class UltraComposer_ { op_queue->set_size_data(); // Merge requires a commitment key with size equal to that of the current op queue transcript T_i since the // shift of the current contribution t_i will be of degree equal to deg(T_i) - auto commitment_key = compute_commitment_key(op_queue->get_current_size()); // WORKTODO + auto commitment_key = compute_commitment_key(op_queue->get_current_size()); return MergeProver_(commitment_key, op_queue); } From f785cb15f794b1dfac59c888257dc825d50c53cb Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 20:23:24 +0000 Subject: [PATCH 29/39] Remove comment --- .../src/barretenberg/honk/proof_system/permutation_library.hpp | 1 - 1 file changed, 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp index 7b4ffa12c277..b4f4573c6f85 100644 --- a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp @@ -194,7 +194,6 @@ template void compute_concatenated_pol // A function that produces 1 concatenated polynomial // TODO(#756): This can be rewritten to use more cores. Currently uses at maximum the number of concatenated // polynomials (4 in Goblin Translator) - // WORKTODO: rewrite this... auto ordering_function = [&](size_t i) { auto my_group = concatenation_groups[i]; auto& current_target = targets[i]; From 3aafd143d1371230899edfa28ab9b1b4fe677da1 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 20:26:09 +0000 Subject: [PATCH 30/39] Reference issue --- .../src/barretenberg/ultra_honk/relation_correctness.test.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp index 68a0461d7c8c..063a18377304 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp @@ -484,7 +484,7 @@ TEST_F(RelationCorrectnessTests, GoblinTranslatorPermutationRelationCorrectness) grand_product_library::compute_grand_product>( circuit_size, prover_polynomials, params); prover_polynomials.z_perm_shift = - polynomial_container[90].shifted(); // WORKTODO: magic number; use an existing structure + polynomial_container[90].shifted(); // TODO(https://github.com/AztecProtocol/barretenberg/issues/784) using Relations = typename Flavor::Relations; @@ -559,7 +559,7 @@ TEST_F(RelationCorrectnessTests, GoblinTranslatorGenPermSortRelationCorrectness) polynomial_pointers[i + 1]->begin()); }); - // WORKTODO: rewrite these tests using AllPolynomials + // TODO(https://github.com/AztecProtocol/barretenberg/issues/784) enum ORDERED_RANGE_CONSTRAINTS : size_t { C0 = 85, C1, C2, C3, C4 }; // Get shifted polynomials From 64184aa39cc098b138f84466d6728bf0ae8bf5c9 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 20:44:06 +0000 Subject: [PATCH 31/39] Leave notes --- .../src/barretenberg/goblin/full_goblin_composer.test.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 37934eb7dc29..4eed344d7be0 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -170,7 +170,7 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) } // Execute the ECCVM - // WORKTODO: feed BN254 commitments to ECCVM + // TODO(https://github.com/AztecProtocol/barretenberg/issues/785) Properly initialize transcript auto eccvm_builder = ECCVMBuilder(op_queue); auto eccvm_composer = ECCVMComposer(); auto eccvm_prover = eccvm_composer.create_prover(eccvm_builder); @@ -180,7 +180,8 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) EXPECT_TRUE(eccvm_verified); // Execute the Translator - auto batching_challenge = Fbase::random_element(); // WORKTODO: where is this derived? + // TODO(https://github.com/AztecProtocol/barretenberg/issues/786) Properly derive batching_challenge + auto batching_challenge = Fbase::random_element(); auto evaluation_input = eccvm_prover.evaluation_challenge_x; auto translator_builder = TranslatorBuilder(batching_challenge, evaluation_input, op_queue); auto translator_composer = TranslatorComposer(); From 66f979bfe9133bb62f7d6099f29da457844c81e0 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 20:45:28 +0000 Subject: [PATCH 32/39] Remove compilation profiling --- barretenberg/cpp/CMakePresets.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/barretenberg/cpp/CMakePresets.json b/barretenberg/cpp/CMakePresets.json index 8232c5202f22..b87e10709b63 100644 --- a/barretenberg/cpp/CMakePresets.json +++ b/barretenberg/cpp/CMakePresets.json @@ -38,9 +38,7 @@ "inherits": "default", "environment": { "CC": "clang-16", - "CXX": "clang++-16", - "CXXFLAGS":"-ftime-trace" - + "CXX": "clang++-16" } }, { From 8f6b899da2ebfbd5c20a4dc5fcee0fa656862a20 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 20:52:41 +0000 Subject: [PATCH 33/39] some cleanup --- .../src/barretenberg/flavor/goblin_translator.hpp | 13 ------------- .../goblin/full_goblin_composer.test.cpp | 3 ++- .../src/barretenberg/proof_system/CMakeLists.txt | 2 +- .../cpp/src/barretenberg/relations/CMakeLists.txt | 2 +- 4 files changed, 4 insertions(+), 16 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index 5d018ef3f38e..9907ff3935f2 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -92,19 +92,6 @@ class GoblinTranslator { static constexpr size_t NUM_RELATIONS = std::tuple_size_v; // define the containers for storing the contributions from each relation in Sumcheck - // using SumcheckTupleOfTuplesOfUnivariates = decltype(create_sumcheck_tuple_of_tuples_of_univariates()); - - // template static constexpr auto - // create_sumcheck_tuple_of_tuples_of_univariates() - // { - // if constexpr (Index >= std::tuple_size::value) { - // return std::tuple<>{}; // Return empty when reach end of the tuple - // } else { - // using UnivariateTuple = typename std::tuple_element_t::SumcheckTupleOfUnivariatesOverSubrelations; return std::tuple_cat(std::tuple{}, - // create_sumcheck_tuple_of_tuples_of_univariates()); - // } - // } using SumcheckTupleOfTuplesOfUnivariates = std::tuple::SumcheckTupleOfUnivariatesOverSubrelations, typename GoblinTranslatorGenPermSortRelation::SumcheckTupleOfUnivariatesOverSubrelations, diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 4eed344d7be0..69629df5903c 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -39,7 +39,7 @@ class FullGoblinComposerTests : public ::testing::Test { /** * @brief Generate a simple test circuit with some ECC op gates and conventional arithmetic gates - *g + * * @param builder */ static void generate_test_circuit(GoblinUltraBuilder& builder) @@ -192,4 +192,5 @@ TEST_F(FullGoblinComposerTests, SimpleCircuit) bool translation_verified = translator_verifier.verify_translation(eccvm_prover.translation_evaluations); EXPECT_TRUE(accumulator_construction_verified && translation_verified); } +// TODO(https://github.com/AztecProtocol/barretenberg/issues/787) Expand these tests. } // namespace test_full_goblin_composer diff --git a/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt index b9452eee6f6b..63d4af708eb5 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt +++ b/barretenberg/cpp/src/barretenberg/proof_system/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(proof_system relations crypto_pedersen_commitment crypto_pedersen_hash) +barretenberg_module(proof_system relations crypto_pedersen_commitment crypto_pedersen_hash) \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/relations/CMakeLists.txt b/barretenberg/cpp/src/barretenberg/relations/CMakeLists.txt index 16452cdbddbe..5f3aaaaa660e 100644 --- a/barretenberg/cpp/src/barretenberg/relations/CMakeLists.txt +++ b/barretenberg/cpp/src/barretenberg/relations/CMakeLists.txt @@ -1 +1 @@ -barretenberg_module(relations polynomials) +barretenberg_module(relations polynomials) \ No newline at end of file From 2f80643d1cc1117c6edda64bcffdd58ab438cedc Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 20 Nov 2023 21:01:45 +0000 Subject: [PATCH 34/39] Cleanup --- .../circuit_builder/eccvm/eccvm_circuit_builder.hpp | 1 - .../goblin_translator_composer.test.cpp | 12 +++--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp index a3abc3cc2e83..113f064dbf89 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp @@ -43,7 +43,6 @@ template class ECCVMCircuitBuilder { ECCVMCircuitBuilder() = default; - // WORKTODO: are these not making it to the ECCVM? ECCVMCircuitBuilder(std::shared_ptr& op_queue) : op_queue(op_queue){}; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp index 31b8950e0ba9..ed7c1274d5eb 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.test.cpp @@ -1,19 +1,13 @@ -#include -#include -#include -#include -#include -#include -#include - +#include "barretenberg/translator_vm/goblin_translator_composer.hpp" #include "barretenberg/common/log.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" #include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/sumcheck/sumcheck_round.hpp" -#include "barretenberg/translator_vm/goblin_translator_composer.hpp" #include "barretenberg/translator_vm/goblin_translator_prover.hpp" +#include + using namespace proof_system::honk; namespace test_goblin_translator_composer { From 0d11faef2d4786ff9f8a240eb4f63ddf97272f69 Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 21 Nov 2023 17:16:23 +0000 Subject: [PATCH 35/39] Initialize op_queue --- .../circuit_builder/eccvm/eccvm_circuit_builder.hpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp index 113f064dbf89..6bee55c0d4c4 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp @@ -41,7 +41,8 @@ template class ECCVMCircuitBuilder { using ScalarMul = proof_system_eccvm::ScalarMul; using AllPolynomials = typename Flavor::AllPolynomials; - ECCVMCircuitBuilder() = default; + ECCVMCircuitBuilder() + : op_queue(std::make_shared()){}; ECCVMCircuitBuilder(std::shared_ptr& op_queue) : op_queue(op_queue){}; From 183fb56a614bf3da3d2856a07f77d41460e5651c Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 21 Nov 2023 19:18:47 +0000 Subject: [PATCH 36/39] Delete notes --- .../cpp/src/barretenberg/flavor/goblin_translator.hpp | 1 - .../barretenberg/translator_vm/goblin_translator_verifier.cpp | 4 ---- 2 files changed, 5 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index 9907ff3935f2..454bbf85b679 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -99,7 +99,6 @@ class GoblinTranslator { typename GoblinTranslatorAccumulatorTransferRelation::SumcheckTupleOfUnivariatesOverSubrelations, typename GoblinTranslatorDecompositionRelation::SumcheckTupleOfUnivariatesOverSubrelations, typename GoblinTranslatorNonNativeFieldRelation::SumcheckTupleOfUnivariatesOverSubrelations>; - // static_assert(std::same_as); using TupleOfArraysOfValues = decltype(create_tuple_of_arrays_of_values()); private: diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index a1944485cdc1..e9c5c6ce2775 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -93,10 +93,6 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) return transcript.template receive_from_prover(label); }; - // for (auto [commitment, label] : zip_view(commitments.pointer_view(), commitment_labels.pointer_view())){ - // *commitment = receive_commitment(*label); - // } - commitments.op = receive_commitment(commitment_labels.op); commitments.x_lo_y_hi = receive_commitment(commitment_labels.x_lo_y_hi); commitments.x_hi_z_1 = receive_commitment(commitment_labels.x_hi_z_1); From 4e9002fc72c1dfb223af47ee7aea94d7652cd7f8 Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 21 Nov 2023 19:47:57 +0000 Subject: [PATCH 37/39] Update sumcheck after rebase. --- .../barretenberg/translator_vm/goblin_translator_prover.cpp | 3 ++- .../barretenberg/translator_vm/goblin_translator_verifier.cpp | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 252e0d3f9b59..305fda3b1e0d 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -329,7 +329,8 @@ void GoblinTranslatorProver::execute_relation_check_rounds() auto sumcheck = Sumcheck(key->circuit_size, transcript); - sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters); + auto alpha = transcript.get_challenge("alpha"); + sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } /** diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index e9c5c6ce2775..d280143e2f24 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -248,8 +248,9 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); + auto alpha = transcript.get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = - sumcheck.verify(relation_parameters, transcript); + sumcheck.verify(relation_parameters, alpha, transcript); // If Sumcheck did not verify, return false if (sumcheck_verified.has_value() && !sumcheck_verified.value()) { From 058430eb2212df0e1d08788c2e2c1cc42a4e8902 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 22 Nov 2023 18:33:44 +0000 Subject: [PATCH 38/39] Fix typos --- .../barretenberg/translator_vm/goblin_translator_composer.cpp | 2 +- .../src/barretenberg/translator_vm/goblin_translator_prover.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index fb013819e392..7ecf87adaf56 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -58,7 +58,7 @@ void GoblinTranslatorComposer::compute_circuit_size_parameters(CircuitBuilder& c * @tparam Flavor provides the circuit constructor type and the number of wires. * @param circuit_builder * @param dyadic_circuit_size Power of 2 circuit size - * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/783) Optimize memory operatations. + * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/783) Optimize memory operations. * @return std::vector * */ diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 305fda3b1e0d..5ad81ecb1cbb 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -270,7 +270,7 @@ void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_rou } /** - * @brief Compute permutation and lookup grand product polynomials and commitments + * @brief Compute permutation product polynomial and commitments * */ void GoblinTranslatorProver::execute_grand_product_computation_round() From 075b0e4a8071ea2a26dc5f5560e483f105fd03b4 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 22 Nov 2023 18:37:17 +0000 Subject: [PATCH 39/39] Reintroduce engine --- .../cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp index 69629df5903c..e263cb329a46 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/full_goblin_composer.test.cpp @@ -12,6 +12,10 @@ using namespace proof_system::honk; namespace test_full_goblin_composer { +namespace { +auto& engine = numeric::random::get_debug_engine(); +} + class FullGoblinComposerTests : public ::testing::Test { protected: static void SetUpTestSuite()