diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp index 89f299762786..c203e6036b7e 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp @@ -3,12 +3,12 @@ #include "barretenberg/goblin/goblin.hpp" #include "barretenberg/goblin/mock_circuits.hpp" #include "barretenberg/plonk_honk_shared/arithmetization/max_block_size_tracker.hpp" -#include "barretenberg/protogalaxy/decider_verifier.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover.hpp" #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp" #include "barretenberg/stdlib/primitives/databus/databus.hpp" #include "barretenberg/sumcheck/instance/instances.hpp" #include "barretenberg/ultra_honk/decider_prover.hpp" +#include "barretenberg/ultra_honk/decider_verifier.hpp" #include namespace bb { diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index dfa059586efd..5f10e6aead45 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -3,11 +3,11 @@ #include "barretenberg/goblin/goblin.hpp" #include "barretenberg/goblin/mock_circuits.hpp" #include "barretenberg/plonk_honk_shared/arithmetization/max_block_size_tracker.hpp" -#include "barretenberg/protogalaxy/decider_verifier.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover.hpp" #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp" #include "barretenberg/sumcheck/instance/instances.hpp" #include "barretenberg/ultra_honk/decider_prover.hpp" +#include "barretenberg/ultra_honk/decider_verifier.hpp" #include namespace bb { diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp index 14aac0b0ea33..a7634062f206 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp @@ -1,10 +1,10 @@ #include "barretenberg/goblin/mock_circuits.hpp" #include "barretenberg/polynomials/pow.hpp" -#include "barretenberg/protogalaxy/decider_verifier.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover.hpp" #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp" #include "barretenberg/stdlib_circuit_builders/mock_circuits.hpp" #include "barretenberg/ultra_honk/decider_prover.hpp" +#include "barretenberg/ultra_honk/decider_verifier.hpp" #include diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.test.cpp index efcb123dcdf1..6939434b6422 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.test.cpp @@ -234,8 +234,8 @@ template class RecursiveVerifierTest : public testing auto pcs_verification_key = std::make_shared(); bool result = pcs_verification_key->pairing_check(pairing_points.P0.get_value(), pairing_points.P1.get_value()); info("input pairing points result: ", result); - auto recursive_result = native_verifier.key->pcs_verification_key->pairing_check(pairing_points.P0.get_value(), - pairing_points.P1.get_value()); + auto recursive_result = native_verifier.instance->verification_key->pcs_verification_key->pairing_check( + pairing_points.P0.get_value(), pairing_points.P1.get_value()); EXPECT_EQ(recursive_result, native_result); // Check 2: Ensure that the underlying native and recursive verification algorithms agree by ensuring diff --git a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp index 3ac38a01115e..f64f0580f407 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp @@ -1,7 +1,6 @@ #include "barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp" #include "barretenberg/circuit_checker/circuit_checker.hpp" #include "barretenberg/common/test.hpp" -#include "barretenberg/protogalaxy/decider_verifier.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover.hpp" #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp" #include "barretenberg/stdlib/hash/blake3s/blake3s.hpp" @@ -11,6 +10,7 @@ #include "barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp" #include "barretenberg/sumcheck/instance/instances.hpp" #include "barretenberg/ultra_honk/decider_prover.hpp" +#include "barretenberg/ultra_honk/decider_verifier.hpp" #include "barretenberg/ultra_honk/ultra_prover.hpp" #include "barretenberg/ultra_honk/ultra_verifier.hpp" diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp index ba4eb7bc4b29..7f34faf93854 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp @@ -28,7 +28,7 @@ template class VerifierInstance_ { // The folding parameters (\vec{β}, e) which are set for accumulators (i.e. relaxed instances). std::vector gate_challenges; - FF target_sum; + FF target_sum{ 0 }; WitnessCommitments witness_commitments; CommitmentLabels commitment_labels; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp similarity index 81% rename from barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp rename to barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp index 080a4f322f0d..2f7f22628bbe 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp @@ -15,25 +15,33 @@ DeciderVerifier_::DeciderVerifier_(const std::shared_ptr -DeciderVerifier_::DeciderVerifier_() - : pcs_verification_key(std::make_unique()) - , transcript(std::make_shared()) +DeciderVerifier_::DeciderVerifier_(const std::shared_ptr& accumulator) + : accumulator(accumulator) + , pcs_verification_key(accumulator->verification_key->pcs_verification_key) {} /** - * @brief This function verifies an Ultra Honk proof for a given Flavor, produced for a relaxed instance (ϕ, \vec{β*}, + * @brief This function verifies a decider proof for a given Flavor, produced for a relaxed instance (ϕ, \vec{β*}, * e*). * */ -template bool DeciderVerifier_::verify_proof(const HonkProof& proof) +template bool DeciderVerifier_::verify_proof(const DeciderProof& proof) +{ + transcript = std::make_shared(proof); + return verify(); +} + +/** + * @brief Verify a decider proof that is assumed to be contained in the transcript + * + */ +template bool DeciderVerifier_::verify() { using PCS = typename Flavor::PCS; using Curve = typename Flavor::Curve; using ZeroMorph = ZeroMorphVerifier_; using VerifierCommitments = typename Flavor::VerifierCommitments; - transcript = std::make_shared(proof); - VerifierCommitments commitments{ accumulator->verification_key, accumulator->witness_commitments }; auto sumcheck = SumcheckVerifier( @@ -66,6 +74,7 @@ template bool DeciderVerifier_::verify_proof(const Hon } template class DeciderVerifier_; +template class DeciderVerifier_; template class DeciderVerifier_; } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.hpp similarity index 64% rename from barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.hpp rename to barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.hpp index 55ca8618d02f..1ef0884834f0 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.hpp @@ -14,14 +14,26 @@ template class DeciderVerifier_ { using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Transcript = typename Flavor::Transcript; using VerifierInstance = VerifierInstance_; + using DeciderProof = std::vector; public: explicit DeciderVerifier_(); + /** + * @brief Constructor from prover instance and a transcript assumed to be initialized with a full honk proof + * @details Used in the case where an external transcript already exists and has been initialized with a proof, e.g. + * when the decider is being used in the context of the larger honk protocol. + * + */ explicit DeciderVerifier_(const std::shared_ptr& accumulator, - const std::shared_ptr& transcript = std::make_shared()); - - bool verify_proof(const HonkProof& proof); + const std::shared_ptr& transcript); + /** + * @brief Constructor from prover instance + * + */ + explicit DeciderVerifier_(const std::shared_ptr& accumulator); + bool verify_proof(const DeciderProof&); // used when a decider proof is known explicitly + bool verify(); // used when transcript that has been initialized with a proof std::shared_ptr key; std::map commitments; std::shared_ptr accumulator; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 239f2bc66dde..54ca67d58d24 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -5,35 +5,6 @@ #include "barretenberg/ultra_honk/oink_verifier.hpp" namespace bb { -template -UltraVerifier_::UltraVerifier_(const std::shared_ptr& transcript, - const std::shared_ptr& verifier_key) - : key(verifier_key) - , transcript(transcript) -{} - -/** - * @brief Construct an UltraVerifier directly from a verification key - * - * @tparam Flavor - * @param verifier_key - */ -template -UltraVerifier_::UltraVerifier_(const std::shared_ptr& verifier_key) - : key(verifier_key) - , transcript(std::make_shared()) -{} - -template -UltraVerifier_::UltraVerifier_(UltraVerifier_&& other) - : key(std::move(other.key)) -{} - -template UltraVerifier_& UltraVerifier_::operator=(UltraVerifier_&& other) -{ - key = other.key; - return *this; -} /** * @brief This function verifies an Ultra Honk proof for a given Flavor. @@ -42,51 +13,22 @@ template UltraVerifier_& UltraVerifier_::opera template bool UltraVerifier_::verify_proof(const HonkProof& proof) { using FF = typename Flavor::FF; - using PCS = typename Flavor::PCS; - using Curve = typename Flavor::Curve; - using ZeroMorph = ZeroMorphVerifier_; - using VerifierCommitments = typename Flavor::VerifierCommitments; transcript = std::make_shared(proof); - VerifierCommitments commitments{ key }; - OinkVerifier oink_verifier{ key, transcript }; + OinkVerifier oink_verifier{ instance->verification_key, transcript }; auto [relation_parameters, witness_commitments, public_inputs, alphas] = oink_verifier.verify(); + instance->relation_parameters = std::move(relation_parameters); + instance->witness_commitments = std::move(witness_commitments); + instance->alphas = std::move(alphas); - // Copy the witness_commitments over to the VerifierCommitments - for (auto [wit_comm_1, wit_comm_2] : zip_view(commitments.get_witness(), witness_commitments.get_all())) { - wit_comm_1 = wit_comm_2; - } - - // Execute Sumcheck Verifier - const size_t log_circuit_size = static_cast(numeric::get_msb(key->circuit_size)); - auto sumcheck = SumcheckVerifier(log_circuit_size, transcript); - - auto gate_challenges = std::vector(CONST_PROOF_SIZE_LOG_N); - for (size_t idx = 0; idx < gate_challenges.size(); idx++) { - gate_challenges[idx] = transcript->template get_challenge("Sumcheck:gate_challenge_" + std::to_string(idx)); + for (size_t idx = 0; idx < CONST_PROOF_SIZE_LOG_N; idx++) { + instance->gate_challenges.emplace_back( + transcript->template get_challenge("Sumcheck:gate_challenge_" + std::to_string(idx))); } - auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = - sumcheck.verify(relation_parameters, alphas, gate_challenges); - // If Sumcheck did not verify, return false - if (sumcheck_verified.has_value() && !sumcheck_verified.value()) { - info("Ultra Verifier: Sumcheck verification failed."); - return false; - } + DeciderVerifier decider_verifier{ instance, transcript }; - // Execute ZeroMorph rounds to produce an opening claim and verify it with a univariate PCS. See - // https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the unrolled protocol. - auto opening_claim = ZeroMorph::verify(key->circuit_size, - commitments.get_unshifted(), - commitments.get_to_be_shifted(), - claimed_evaluations.get_unshifted(), - claimed_evaluations.get_shifted(), - multivariate_challenge, - Commitment::one(), - transcript); - auto pairing_points = PCS::reduce_verify(opening_claim, transcript); - auto pcs_verified = key->pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]); - return sumcheck_verified.value() && pcs_verified; + return decider_verifier.verify(); } template class UltraVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index 727b30482fd4..668d98aeb16f 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -3,7 +3,9 @@ #include "barretenberg/srs/global_crs.hpp" #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp" +#include "barretenberg/sumcheck/instance//verifier_instance.hpp" #include "barretenberg/sumcheck/sumcheck.hpp" +#include "barretenberg/ultra_honk/decider_verifier.hpp" namespace bb { template class UltraVerifier_ { @@ -12,21 +14,18 @@ template class UltraVerifier_ { using VerificationKey = typename Flavor::VerificationKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Transcript = typename Flavor::Transcript; + using Instance = VerifierInstance_; + using DeciderVerifier = DeciderVerifier_; public: - explicit UltraVerifier_(const std::shared_ptr& transcript, - const std::shared_ptr& verifier_key = nullptr); - - explicit UltraVerifier_(const std::shared_ptr& verifier_key); - UltraVerifier_(UltraVerifier_&& other); - - UltraVerifier_& operator=(const UltraVerifier_& other) = delete; - UltraVerifier_& operator=(UltraVerifier_&& other); + explicit UltraVerifier_(const std::shared_ptr& verifier_key) + : instance(std::make_shared(verifier_key)) + {} bool verify_proof(const HonkProof& proof); - std::shared_ptr key; - std::shared_ptr transcript; + std::shared_ptr transcript{ nullptr }; + std::shared_ptr instance; }; using UltraVerifier = UltraVerifier_;