refactor: share decider with ultra_prover

barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp

@@ -3,6 +3,7 @@
 #include "barretenberg/benchmark/ultra_bench/mock_circuits.hpp"
 #include "barretenberg/common/op_count_google_bench.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_prover.hpp"
 
 using namespace benchmark;
@@ -49,11 +50,16 @@ BB_PROFILE static void test_round_inner(State& state, GoblinUltraProver& prover,
     time_if_index(SORTED_LIST_ACCUMULATOR, [&] { prover.oink_prover.execute_sorted_list_accumulator_round(); });
     time_if_index(LOG_DERIVATIVE_INVERSE, [&] { prover.oink_prover.execute_log_derivative_inverse_round(); });
     time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { prover.oink_prover.execute_grand_product_computation_round(); });
+    prover.instance->alphas = prover.oink_prover.generate_alphas();
     // we need to get the relation_parameters and prover_polynomials from the oink_prover
     prover.instance->relation_parameters = prover.oink_prover.relation_parameters;
     prover.instance->prover_polynomials = GoblinUltraFlavor::ProverPolynomials(prover.instance->proving_key);
-    time_if_index(RELATION_CHECK, [&] { prover.execute_relation_check_rounds(); });
-    time_if_index(ZEROMORPH, [&] { prover.execute_zeromorph_rounds(); });
+
+    prover.generate_gate_challenges();
+
+    DeciderProver_<GoblinUltraFlavor> decider_prover(prover.instance, prover.transcript);
+    time_if_index(RELATION_CHECK, [&] { decider_prover.execute_relation_check_rounds(); });
+    time_if_index(ZEROMORPH, [&] { decider_prover.execute_zeromorph_rounds(); });
 }
 BB_PROFILE static void test_round(State& state, size_t index) noexcept
 {

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp

@@ -2,11 +2,11 @@
 
 #include "barretenberg/goblin/goblin.hpp"
 #include "barretenberg/goblin/mock_circuits.hpp"
-#include "barretenberg/protogalaxy/decider_prover.hpp"
 #include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 
 namespace bb {
 

barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp

@@ -194,13 +194,13 @@ template <IsECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_transcript_co
     translation_batching_challenge_v = transcript->template get_challenge<FF>("Translation:batching_challenge");
 }
 
-template <IsECCVMFlavor Flavor> HonkProof& ECCVMProver_<Flavor>::export_proof()
+template <IsECCVMFlavor Flavor> HonkProof ECCVMProver_<Flavor>::export_proof()
 {
     proof = transcript->export_proof();
     return proof;
 }
 
-template <IsECCVMFlavor Flavor> HonkProof& ECCVMProver_<Flavor>::construct_proof()
+template <IsECCVMFlavor Flavor> HonkProof ECCVMProver_<Flavor>::construct_proof()
 {
     BB_OP_COUNT_TIME_NAME("ECCVMProver::construct_proof");
 

barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp

@@ -38,8 +38,8 @@ template <IsECCVMFlavor Flavor> class ECCVMProver_ {
     BB_PROFILE void execute_zeromorph_rounds();
     BB_PROFILE void execute_transcript_consistency_univariate_opening_round();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Transcript> transcript;
 

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp

@@ -1,9 +1,9 @@
 #include "barretenberg/goblin/mock_circuits.hpp"
 #include "barretenberg/polynomials/pow.hpp"
-#include "barretenberg/protogalaxy/decider_prover.hpp"
 #include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 
 #include <gtest/gtest.h>
 

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp

@@ -8,15 +8,10 @@ void ProtoGalaxyProver_<ProverInstances>::finalise_and_send_instance(std::shared
 {
     OinkProver<Flavor> oink_prover(instance->proving_key, commitment_key, transcript, domain_separator + '_');
 
-    auto [relation_params] = oink_prover.prove();
+    auto [relation_params, alphas] = oink_prover.prove();
     instance->relation_parameters = std::move(relation_params);
     instance->prover_polynomials = ProverPolynomials(instance->proving_key);
-
-    // Generate relation separators alphas for sumcheck
-    for (size_t idx = 0; idx < NUM_SUBRELATIONS - 1; idx++) {
-        instance->alphas[idx] =
-            transcript->template get_challenge<FF>(domain_separator + "_alpha_" + std::to_string(idx));
-    }
+    instance->alphas = std::move(alphas);
 }
 
 template <class ProverInstances> void ProtoGalaxyProver_<ProverInstances>::prepare_for_folding()

barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.test.cpp

@@ -1,7 +1,6 @@
 #include "barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.hpp"
 #include "barretenberg/circuit_checker/circuit_checker.hpp"
 #include "barretenberg/common/test.hpp"
-#include "barretenberg/protogalaxy/decider_prover.hpp"
 #include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
@@ -11,6 +10,7 @@
 #include "barretenberg/stdlib/primitives/curves/bn254.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_verifier.hpp"
 

barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp

@@ -332,13 +332,13 @@ void GoblinTranslatorProver::execute_zeromorph_rounds()
                      prover_polynomials.get_concatenation_groups());
 }
 
-HonkProof& GoblinTranslatorProver::export_proof()
+HonkProof GoblinTranslatorProver::export_proof()
 {
     proof = transcript->export_proof();
     return proof;
 }
 
-HonkProof& GoblinTranslatorProver::construct_proof()
+HonkProof GoblinTranslatorProver::construct_proof()
 {
     BB_OP_COUNT_TIME_NAME("GoblinTranslatorProver::construct_proof");
 

barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp

@@ -42,8 +42,8 @@ class GoblinTranslatorProver {
     BB_PROFILE void execute_grand_product_computation_round();
     BB_PROFILE void execute_relation_check_rounds();
     BB_PROFILE void execute_zeromorph_rounds();
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Transcript> transcript = std::make_shared<Transcript>();
 

barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp → barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp

@@ -17,7 +17,7 @@ DeciderProver_<Flavor>::DeciderProver_(const std::shared_ptr<Instance>& inst,
                                        const std::shared_ptr<Transcript>& transcript)
     : accumulator(std::move(inst))
     , transcript(transcript)
-    , commitment_key(inst->proving_key->commitment_key)
+    , commitment_key(accumulator->proving_key->commitment_key)
 {}
 
 /**
@@ -49,13 +49,13 @@ template <IsUltraFlavor Flavor> void DeciderProver_<Flavor>::execute_zeromorph_r
                      transcript);
 }
 
-template <IsUltraFlavor Flavor> HonkProof& DeciderProver_<Flavor>::export_proof()
+template <IsUltraFlavor Flavor> HonkProof DeciderProver_<Flavor>::export_proof()
 {
     proof = transcript->proof_data;
     return proof;
 }
 
-template <IsUltraFlavor Flavor> HonkProof& DeciderProver_<Flavor>::construct_proof()
+template <IsUltraFlavor Flavor> HonkProof DeciderProver_<Flavor>::construct_proof()
 {
     BB_OP_COUNT_TIME_NAME("Decider::construct_proof");
 

barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp → barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp

@@ -30,8 +30,8 @@ template <IsUltraFlavor Flavor> class DeciderProver_ {
     BB_PROFILE void execute_relation_check_rounds();
     BB_PROFILE void execute_zeromorph_rounds();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Instance> accumulator;
 

barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp

@@ -17,7 +17,7 @@ MergeVerifier_<Flavor>::MergeVerifier_()
  * Schwartz-Zippel check. Evaluations are checked via batched KZG.
  *
  * @tparam Flavor
- * @return HonkProof&
+ * @return bool
  */
 template <typename Flavor> bool MergeVerifier_<Flavor>::verify_proof(const HonkProof& proof)
 {

barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp

@@ -25,8 +25,12 @@ template <IsUltraFlavor Flavor> OinkProverOutput<Flavor> OinkProver<Flavor>::pro
     // Compute grand product(s) and commitments.
     execute_grand_product_computation_round();
 
+    // Generate relation separators alphas for sumcheck
+    RelationSeparator alphas = generate_alphas();
+
     return OinkProverOutput<Flavor>{
         .relation_parameters = std::move(relation_parameters),
+        .alphas = std::move(alphas),
     };
 }
 
@@ -149,6 +153,14 @@ template <IsUltraFlavor Flavor> void OinkProver<Flavor>::execute_grand_product_c
     transcript->send_to_verifier(domain_separator + commitment_labels.z_lookup, witness_commitments.z_lookup);
 }
 
+template <IsUltraFlavor Flavor> typename Flavor::RelationSeparator OinkProver<Flavor>::generate_alphas()
+{
+    RelationSeparator alphas;
+    for (size_t idx = 0; idx < alphas.size(); idx++) {
+        alphas[idx] = transcript->template get_challenge<FF>("Sumcheck:alpha_" + std::to_string(idx));
+    }
+    return alphas;
+}
 template class OinkProver<UltraFlavor>;
 template class OinkProver<GoblinUltraFlavor>;
 

barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp

@@ -26,6 +26,7 @@
 namespace bb {
 template <IsUltraFlavor Flavor> struct OinkProverOutput {
     bb::RelationParameters<typename Flavor::FF> relation_parameters;
+    typename Flavor::RelationSeparator alphas;
 };
 
 /**
@@ -49,6 +50,7 @@ template <IsUltraFlavor Flavor> class OinkProver {
     std::string domain_separator;
     typename Flavor::WitnessCommitments witness_commitments;
     typename Flavor::CommitmentLabels commitment_labels;
+    using RelationSeparator = typename Flavor::RelationSeparator;
 
     bb::RelationParameters<typename Flavor::FF> relation_parameters;
 
@@ -68,5 +70,6 @@ template <IsUltraFlavor Flavor> class OinkProver {
     void execute_sorted_list_accumulator_round();
     void execute_log_derivative_inverse_round();
     void execute_grand_product_computation_round();
+    RelationSeparator generate_alphas();
 };
 } // namespace bb

barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp

@@ -1,5 +1,6 @@
 #include "ultra_prover.hpp"
 #include "barretenberg/sumcheck/sumcheck.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 
 namespace bb {
 
@@ -15,7 +16,7 @@ UltraProver_<Flavor>::UltraProver_(const std::shared_ptr<Instance>& inst, const
     : instance(std::move(inst))
     , transcript(transcript)
     , commitment_key(instance->proving_key->commitment_key)
-    , oink_prover(inst->proving_key, commitment_key, transcript, "")
+    , oink_prover(instance->proving_key, commitment_key, transcript, "")
 {}
 
 /**
@@ -33,65 +34,31 @@ UltraProver_<Flavor>::UltraProver_(Builder& circuit)
     , oink_prover(instance->proving_key, commitment_key, transcript, "")
 {}
 
-/**
- * @brief Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all evaluations at u being calculated.
- *
- */
-template <IsUltraFlavor Flavor> void UltraProver_<Flavor>::execute_relation_check_rounds()
+template <IsUltraFlavor Flavor> HonkProof UltraProver_<Flavor>::export_proof()
 {
-    using Sumcheck = SumcheckProver<Flavor>;
-    auto circuit_size = instance->proving_key->circuit_size;
-    auto sumcheck = Sumcheck(circuit_size, transcript);
-    RelationSeparator alphas;
-    for (size_t idx = 0; idx < alphas.size(); idx++) {
-        alphas[idx] = transcript->template get_challenge<FF>("Sumcheck:alpha_" + std::to_string(idx));
-    }
-    instance->alphas = alphas;
-    std::vector<FF> gate_challenges(numeric::get_msb(circuit_size));
+    proof = transcript->proof_data;
+    return proof;
+}
+template <IsUltraFlavor Flavor> void UltraProver_<Flavor>::generate_gate_challenges()
+{
+    std::vector<FF> gate_challenges(numeric::get_msb(instance->proving_key->circuit_size));
     for (size_t idx = 0; idx < gate_challenges.size(); idx++) {
         gate_challenges[idx] = transcript->template get_challenge<FF>("Sumcheck:gate_challenge_" + std::to_string(idx));
     }
     instance->gate_challenges = gate_challenges;
-    sumcheck_output = sumcheck.prove(instance);
-}
-
-/**
- * @brief Execute the ZeroMorph protocol to prove the multilinear evaluations produced by Sumcheck
- * @details See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the unrolled protocol.
- *
- * */
-template <IsUltraFlavor Flavor> void UltraProver_<Flavor>::execute_zeromorph_rounds()
-{
-    ZeroMorph::prove(instance->prover_polynomials.get_unshifted(),
-                     instance->prover_polynomials.get_to_be_shifted(),
-                     sumcheck_output.claimed_evaluations.get_unshifted(),
-                     sumcheck_output.claimed_evaluations.get_shifted(),
-                     sumcheck_output.challenge,
-                     commitment_key,
-                     transcript);
 }
 
-template <IsUltraFlavor Flavor> HonkProof& UltraProver_<Flavor>::export_proof()
+template <IsUltraFlavor Flavor> HonkProof UltraProver_<Flavor>::construct_proof()
 {
-    proof = transcript->proof_data;
-    return proof;
-}
-
-template <IsUltraFlavor Flavor> HonkProof& UltraProver_<Flavor>::construct_proof()
-{
-    auto [relation_params] = oink_prover.prove();
+    auto [relation_params, alphas] = oink_prover.prove();
     instance->relation_parameters = std::move(relation_params);
+    instance->alphas = alphas;
     instance->prover_polynomials = ProverPolynomials(instance->proving_key);
 
-    // Fiat-Shamir: alpha
-    // Run sumcheck subprotocol.
-    execute_relation_check_rounds();
-
-    // Fiat-Shamir: rho, y, x, z
-    // Execute Zeromorph multilinear PCS
-    execute_zeromorph_rounds();
+    generate_gate_challenges();
 
-    return export_proof();
+    DeciderProver_<Flavor> decider_prover(instance, transcript);
+    return decider_prover.construct_proof();
 }
 
 template class UltraProver_<UltraFlavor>;

barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp

@@ -25,7 +25,6 @@ template <IsUltraFlavor Flavor_> class UltraProver_ {
     using ProverInstance = ProverInstance_<Flavor>;
     using Instance = ProverInstance;
     using Transcript = typename Flavor::Transcript;
-    using RelationSeparator = typename Flavor::RelationSeparator;
     using ZeroMorph = ZeroMorphProver_<PCS>;
 
     std::shared_ptr<Instance> instance;
@@ -47,16 +46,10 @@ template <IsUltraFlavor Flavor_> class UltraProver_ {
 
     explicit UltraProver_(Builder&);
 
-    BB_PROFILE void execute_preamble_round();
-    BB_PROFILE void execute_wire_commitments_round();
-    BB_PROFILE void execute_sorted_list_accumulator_round();
-    BB_PROFILE void execute_log_derivative_inverse_round();
-    BB_PROFILE void execute_grand_product_computation_round();
-    BB_PROFILE void execute_relation_check_rounds();
-    BB_PROFILE void execute_zeromorph_rounds();
+    BB_PROFILE void generate_gate_challenges();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
   private:
     HonkProof proof;

barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp

@@ -98,13 +98,13 @@ void AvmProver::execute_zeromorph_rounds()
                      transcript);
 }
 
-HonkProof& AvmProver::export_proof()
+HonkProof AvmProver::export_proof()
 {
     proof = transcript->proof_data;
     return proof;
 }
 
-HonkProof& AvmProver::construct_proof()
+HonkProof AvmProver::construct_proof()
 {
     // Add circuit size public input size and public inputs to transcript.
     execute_preamble_round();

barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp

@@ -31,8 +31,8 @@ class AvmProver {
     void execute_relation_check_rounds();
     void execute_zeromorph_rounds();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Transcript> transcript = std::make_shared<Transcript>();