diff --git a/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp b/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp index 2a6d8987a1..f259335135 100644 --- a/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp +++ b/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp @@ -7,9 +7,12 @@ #include "barretenberg/common/net.hpp" const std::string protocol_name = "BARRETENBERG_GRUMPKIN_IPA_CRS"; -/* Generates a monomial basis Grumpkin SRS for testing purposes. - We only provide functionality create a single transcript file. - The SRS has the form [1]_1, [x]_1, [x^2]_1, ... where x = 2. */ +/** + * @brief Generates a monomial basis Grumpkin SRS. + * + * @details We only provide functionality create a single transcript file. + * + */ int main(int argc, char** argv) { std::vector args(argv, argv + argc); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 23779d1dcf..0ea4402823 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -153,7 +153,7 @@ StandardProver_ StandardHonkComposerHelper_::create_prover( return output_state; } + template class StandardHonkComposerHelper_; template class StandardHonkComposerHelper_; - } // namespace proof_system::honk \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index dd5b878bf0..ace2cac675 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -73,8 +73,10 @@ template class StandardHonkComposerHelper_ { commitment_key = std::make_shared(circuit_size, crs_factory_); }; }; + extern template class StandardHonkComposerHelper_; extern template class StandardHonkComposerHelper_; +// TODO(#532): this pattern is weird; is this not instantiating the templates? using StandardHonkComposerHelper = StandardHonkComposerHelper_; - +using StandardGrumpkinHonkComposerHelper = StandardHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 3bdf857cfa..2bd2d6cb42 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -149,7 +149,8 @@ void UltraHonkComposerHelper_::compute_witness(CircuitConstructor& circu template UltraProver_ UltraHonkComposerHelper_::create_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 00096d5222..3a6e670c36 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -36,6 +36,9 @@ template class UltraHonkComposerHelper_ { bool contains_recursive_proof = false; bool computed_witness = false; + UltraHonkComposerHelper_() + : crs_factory_(barretenberg::srs::get_crs_factory()){}; + explicit UltraHonkComposerHelper_(std::shared_ptr crs_factory) : crs_factory_(std::move(crs_factory)) {} @@ -51,8 +54,6 @@ template class UltraHonkComposerHelper_ { UltraHonkComposerHelper_& operator=(UltraHonkComposerHelper_ const& other) noexcept = default; ~UltraHonkComposerHelper_() = default; - void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; - std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); @@ -70,5 +71,7 @@ template class UltraHonkComposerHelper_ { }; extern template class UltraHonkComposerHelper_; extern template class UltraHonkComposerHelper_; +// TODO(#532): this pattern is weird; is this not instantiating the templates? using UltraHonkComposerHelper = UltraHonkComposerHelper_; +using UltraGrumpkinHonkComposerHelper = UltraHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 3a8c52927d..2ff404ead1 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -191,6 +191,8 @@ template class StandardHonkComposer_ { const std::string& err() const { return circuit_constructor.err(); }; void failure(std::string msg) { circuit_constructor.failure(msg); } }; + +// TODO(#532): These using declarations instantiate the templates? using StandardHonkComposer = StandardHonkComposer_; using StandardGrumpkinHonkComposer = StandardHonkComposer_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 7f6a8bdb1c..2d3c1e42d0 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -1,19 +1,18 @@ -#include "standard_honk_composer.hpp" -#include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" #include #include #include +#include + +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/prover.hpp" -#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" +#include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/honk/sumcheck/relations/permutation_relation.hpp" -#include "barretenberg/polynomials/polynomial.hpp" - -#pragma GCC diagnostic ignored "-Wunused-variable" +#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" #include "barretenberg/honk/utils/grand_product_delta.hpp" -#include - using namespace proof_system::honk; namespace test_standard_honk_composer { @@ -33,13 +32,13 @@ class StandardHonkComposerTests : public ::testing::Test { */ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) { - auto test_permutation = [](StandardHonkComposer& composer) { - auto proving_key = composer.compute_proving_key(); + auto test_permutation = [](StandardCircuitConstructor& circuit_constructor, StandardHonkComposerHelper& composer) { + auto proving_key = composer.compute_proving_key(circuit_constructor); const auto n = proving_key->circuit_size; - auto public_inputs = composer.circuit_constructor.get_public_inputs(); + auto public_inputs = circuit_constructor.get_public_inputs(); auto num_public_inputs = public_inputs.size(); - auto num_gates = composer.circuit_constructor.get_num_gates(); + auto num_gates = circuit_constructor.get_num_gates(); // Using the same random beta and gamma as in the permutation argument barretenberg::fr beta = barretenberg::fr::random_element(); @@ -73,12 +72,12 @@ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) right = barretenberg::fr::one(); // Now let's check that witness values correspond to the permutation - composer.compute_witness(); + composer.compute_witness(circuit_constructor); auto permutation_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); auto wire_polynomials = proving_key->get_wires(); - for (size_t j = 0; j < StandardHonkComposer::NUM_WIRES; ++j) { + for (size_t j = 0; j < StandardHonkComposerHelper::NUM_WIRES; ++j) { std::string index = std::to_string(j + 1); const auto& permutation_polynomial = permutation_polynomials[j]; const auto& witness_polynomial = wire_polynomials[j]; @@ -115,29 +114,30 @@ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) EXPECT_EQ(left, right); }; - StandardHonkComposer composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); fr d = a + c; - uint32_t d_idx = composer.add_public_variable(d); + uint32_t d_idx = circuit_constructor.add_public_variable(d); - uint32_t e_idx = composer.put_constant_variable(d); - composer.assert_equal(e_idx, d_idx, ""); + uint32_t e_idx = circuit_constructor.put_constant_variable(d); + circuit_constructor.assert_equal(e_idx, d_idx, ""); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); for (size_t i = 0; i < 30; ++i) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); } - test_permutation(composer); + auto composer = StandardHonkComposerHelper(); + test_permutation(circuit_constructor, composer); } /** @@ -146,22 +146,25 @@ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) */ TEST_F(StandardHonkComposerTests, LagrangeCorrectness) { - // Create a composer and a dummy circuit with a few gates - StandardHonkComposer composer = StandardHonkComposer(); + // Create a dummy circuit with a few gates + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } + // Generate proving key - auto proving_key = composer.compute_proving_key(); + auto composer = StandardHonkComposerHelper(); + auto proving_key = composer.compute_proving_key(circuit_constructor); // Generate a random polynomial barretenberg::polynomial random_polynomial = barretenberg::polynomial(proving_key->circuit_size); for (size_t i = 0; i < proving_key->circuit_size; i++) { @@ -200,17 +203,19 @@ TEST_F(StandardHonkComposerTests, AssertEquals) * @brief A function that creates a simple circuit with repeated gates, leading to large permutation cycles * */ - auto create_simple_circuit = [](auto& composer) { + auto create_simple_circuit = [](auto& circuit_constructor) { fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); for (size_t i = 0; i < 10; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); } return std::make_tuple(a_idx, b_idx); }; @@ -218,9 +223,9 @@ TEST_F(StandardHonkComposerTests, AssertEquals) * @brief A function that computes the largest cycle from the sigma permutation generated by the composer * */ - auto get_maximum_cycle = [](auto& composer) { + auto get_maximum_cycle = [](auto& circuit_constructor, auto& composer) { // Compute the proving key for sigma polynomials - auto proving_key = composer.compute_proving_key(); + auto proving_key = composer.compute_proving_key(circuit_constructor); auto permutation_length = composer.NUM_WIRES * proving_key->circuit_size; auto sigma_polynomials = proving_key->get_sigma_polynomials(); @@ -272,56 +277,63 @@ TEST_F(StandardHonkComposerTests, AssertEquals) }; // Get 2 circuits - StandardHonkComposer composer_no_assert_equal = StandardHonkComposer(); - StandardHonkComposer composer_with_assert_equal = StandardHonkComposer(); + auto circuit_constructor_no_assert_equal = StandardCircuitConstructor(); + auto circuit_constructor_with_assert_equal = StandardCircuitConstructor(); // Construct circuits - create_simple_circuit(composer_no_assert_equal); - auto assert_eq_params = create_simple_circuit(composer_with_assert_equal); + create_simple_circuit(circuit_constructor_no_assert_equal); + auto assert_eq_params = create_simple_circuit(circuit_constructor_with_assert_equal); // Use assert_equal on one of them - composer_with_assert_equal.assert_equal(std::get<0>(assert_eq_params), - std::get<1>(assert_eq_params), - "Equality asssertion in standard honk composer test"); + circuit_constructor_with_assert_equal.assert_equal(std::get<0>(assert_eq_params), + std::get<1>(assert_eq_params), + "Equality asssertion in standard honk composer test"); // Check that the maximum cycle in the one, where we used assert_equal, is twice as long - EXPECT_EQ(get_maximum_cycle(composer_with_assert_equal), get_maximum_cycle(composer_no_assert_equal) * 2); + auto composer_no_assert_equal = StandardHonkComposerHelper(); + auto composer_with_assert_equal = StandardHonkComposerHelper(); + EXPECT_EQ(get_maximum_cycle(circuit_constructor_with_assert_equal, composer_with_assert_equal), + get_maximum_cycle(circuit_constructor_no_assert_equal, composer_no_assert_equal) * 2); } TEST_F(StandardHonkComposerTests, VerificationKeyCreation) { // Create a composer and a dummy circuit with a few gates - StandardHonkComposer composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } - composer.create_prover(); - auto verification_key = composer.compute_verification_key(); + + auto composer = StandardHonkComposerHelper(); + composer.create_prover(circuit_constructor); + auto verification_key = composer.compute_verification_key(circuit_constructor); // There is nothing we can really check apart from the fact that constraint selectors and permutation selectors were // committed to, we simply check that the verification key now contains the appropriate number of constraint and // permutation selector commitments. This method should work with any future arithemtization. - EXPECT_EQ(verification_key->size(), composer.circuit_constructor.selectors.size() + composer.NUM_WIRES * 2 + 2); + EXPECT_EQ(verification_key->size(), circuit_constructor.selectors.size() + composer.NUM_WIRES * 2 + 2); } TEST_F(StandardHonkComposerTests, BaseCase) { - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = 1; - composer.circuit_constructor.add_variable(a); + circuit_constructor.add_variable(a); - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); ASSERT_TRUE(verified); } @@ -329,29 +341,29 @@ TEST_F(StandardHonkComposerTests, BaseCase) TEST_F(StandardHonkComposerTests, TwoGates) { auto run_test = [](bool expect_verified) { - auto composer = StandardHonkComposer(); - + auto circuit_constructor = StandardCircuitConstructor(); // 1 + 1 - 2 = 0 uint32_t w_l_1_idx; if (expect_verified) { - w_l_1_idx = composer.circuit_constructor.add_variable(1); + w_l_1_idx = circuit_constructor.add_variable(1); } else { - w_l_1_idx = composer.circuit_constructor.add_variable(0); + w_l_1_idx = circuit_constructor.add_variable(0); } - uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1); - uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2); - composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); + uint32_t w_r_1_idx = circuit_constructor.add_variable(1); + uint32_t w_o_1_idx = circuit_constructor.add_variable(2); + circuit_constructor.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); // 2 * 2 - 4 = 0 - uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4); - composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); + uint32_t w_l_2_idx = circuit_constructor.add_variable(2); + uint32_t w_r_2_idx = circuit_constructor.add_variable(2); + uint32_t w_o_2_idx = circuit_constructor.add_variable(4); + circuit_constructor.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expect_verified); }; @@ -363,10 +375,10 @@ TEST_F(StandardHonkComposerTests, TwoGates) TEST_F(StandardHonkComposerTests, SumcheckEvaluations) { auto run_test = [](bool expected_result) { - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); // Construct a small but non-trivial circuit - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; @@ -375,17 +387,20 @@ TEST_F(StandardHonkComposerTests, SumcheckEvaluations) d += 1; }; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } - auto prover = composer.create_prover(); - auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); + auto proof = prover.construct_proof(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); ASSERT_EQ(verified, expected_result); }; @@ -394,13 +409,14 @@ TEST_F(StandardHonkComposerTests, SumcheckEvaluations) } TEST(StandardGrumpkinHonkComposer, BaseCase) { - auto composer = StandardGrumpkinHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = 1; - composer.circuit_constructor.add_variable(a); + circuit_constructor.add_variable(a); - auto prover = composer.create_prover(); + auto composer = StandardGrumpkinHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); ASSERT_TRUE(verified); } diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index c37dc4da08..db214e0d1b 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -78,8 +78,6 @@ template class UltraHonkComposer_ { barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - void finalize_circuit() { circuit_constructor.finalize_circuit(); }; - UltraProver_ create_prover() { return composer_helper.create_prover(circuit_constructor); }; UltraVerifier_ create_verifier() { return composer_helper.create_verifier(circuit_constructor); }; diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index a0cb4d0c22..5daabab7aa 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,20 +1,21 @@ -#include "ultra_honk_composer.hpp" +#include +#include +#include +#include +#include + #include "barretenberg/common/log.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/ultra_prover.hpp" #include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" -#include -#include #include "barretenberg/honk/proof_system/prover.hpp" #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" #include "barretenberg/honk/sumcheck/relations/permutation_relation.hpp" #include "barretenberg/honk/utils/grand_product_delta.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" -#include -#include -#include - using namespace proof_system::honk; namespace test_ultra_honk_composer { @@ -23,30 +24,19 @@ namespace { auto& engine = numeric::random::get_debug_engine(); } -std::vector add_variables(auto& composer, std::vector variables) +std::vector add_variables(auto& circuit_constructor, std::vector variables) { std::vector res; for (size_t i = 0; i < variables.size(); i++) { - res.emplace_back(composer.add_variable(variables[i])); + res.emplace_back(circuit_constructor.add_variable(variables[i])); } return res; } -bool construct_and_verify_proof(auto& composer) +void prove_and_verify(auto& circuit_constructor, auto& composer, bool expected_result) { - auto prover = composer.create_prover(); - auto proof = prover.construct_proof(); - - auto verifier = composer.create_verifier(); - bool result = verifier.verify_proof(proof); - - return result; -} - -void prove_and_verify(auto& composer, bool expected_result) -{ - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); auto proof = prover.construct_proof(); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); @@ -75,10 +65,12 @@ class UltraHonkComposerTests : public ::testing::Test { */ TEST_F(UltraHonkComposerTests, ANonZeroPolynomialIsAGoodPolynomial) { - auto composer = UltraHonkComposer(); - // The composer should call add_gates_to_ensure_all_polys_are_non_zero by default + auto circuit_constructor = UltraCircuitConstructor(); + + circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); for (auto& poly : prover.key->get_selectors()) { @@ -96,7 +88,7 @@ TEST_F(UltraHonkComposerTests, ANonZeroPolynomialIsAGoodPolynomial) TEST_F(UltraHonkComposerTests, XorConstraint) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); uint32_t left_value = engine.get_random_uint32(); uint32_t right_value = engine.get_random_uint32(); @@ -104,8 +96,8 @@ TEST_F(UltraHonkComposerTests, XorConstraint) fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t xor_result_expected = left_value ^ right_value; @@ -115,28 +107,29 @@ TEST_F(UltraHonkComposerTests, XorConstraint) [0]; // The zeroth index in the 3rd column is the fully accumulated xor EXPECT_EQ(xor_result, xor_result_expected); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::UINT32_XOR, lookup_accumulators, left_witness_index, right_witness_index); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(barretenberg::srs::get_crs_factory()); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, create_gates_from_plookup_accumulators) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); barretenberg::fr input_value = fr::random_element(); const fr input_hi = uint256_t(input_value).slice(126, 256); const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = circuit_constructor.add_variable(input_hi); + const auto input_lo_index = circuit_constructor.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - const auto lookup_witnesses_hi = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_hi = circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_lo = circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); std::vector expected_x; @@ -184,27 +177,29 @@ TEST_F(UltraHonkComposerTests, create_gates_from_plookup_accumulators) } size_t hi_shift = 126; - const fr hi_cumulative = composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][0]); + const fr hi_cumulative = circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][0]); for (size_t i = 0; i < num_lookups_lo; ++i) { const fr hi_mult = fr(uint256_t(1) << hi_shift); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C1][i]) + (hi_cumulative * hi_mult), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C1][i]) + + (hi_cumulative * hi_mult), expected_scalars[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C2][i]), expected_x[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C3][i]), expected_y[i]); + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C2][i]), expected_x[i]); + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C3][i]), expected_y[i]); hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][i]), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][i]), expected_scalars[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C2][i]), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C2][i]), expected_x[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C3][i]), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C3][i]), expected_y[i + num_lookups_lo]); } - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); auto proof = prover.construct_proof(); bool result = verifier.verify_proof(proof); @@ -214,190 +209,202 @@ TEST_F(UltraHonkComposerTests, create_gates_from_plookup_accumulators) TEST_F(UltraHonkComposerTests, test_no_lookup_proof) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); for (size_t i = 0; i < 16; ++i) { for (size_t j = 0; j < 16; ++j) { uint64_t left = static_cast(j); uint64_t right = static_cast(i); - uint32_t left_idx = composer.add_variable(fr(left)); - uint32_t right_idx = composer.add_variable(fr(right)); - uint32_t result_idx = composer.add_variable(fr(left ^ right)); + uint32_t left_idx = circuit_constructor.add_variable(fr(left)); + uint32_t right_idx = circuit_constructor.add_variable(fr(right)); + uint32_t result_idx = circuit_constructor.add_variable(fr(left ^ right)); - uint32_t add_idx = composer.add_variable(fr(left) + fr(right) + composer.get_variable(result_idx)); - composer.create_big_add_gate( + uint32_t add_idx = + circuit_constructor.add_variable(fr(left) + fr(right) + circuit_constructor.get_variable(result_idx)); + circuit_constructor.create_big_add_gate( { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); } } - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, test_elliptic_gate) { typedef grumpkin::g1::affine_element affine_element; typedef grumpkin::g1::element element; - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; affine_element p3(element(p1) + element(p2)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = circuit_constructor.add_variable(p1.x); + uint32_t y1 = circuit_constructor.add_variable(p1.y); + uint32_t x2 = circuit_constructor.add_variable(p2.x); + uint32_t y2 = circuit_constructor.add_variable(p2.y); + uint32_t x3 = circuit_constructor.add_variable(p3.x); + uint32_t y3 = circuit_constructor.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); affine_element p2_endo = p2; p2_endo.x *= beta; p3 = affine_element(element(p1) + element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = circuit_constructor.add_variable(p3.x); + y3 = circuit_constructor.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); p2_endo.x *= beta; p3 = affine_element(element(p1) - element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = circuit_constructor.add_variable(p3.x); + y3 = circuit_constructor.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, non_trivial_tag_permutation) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(b); + auto d_idx = circuit_constructor.add_variable(a); - composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, d_idx, composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { a_idx, b_idx, circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { c_idx, d_idx, circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + circuit_constructor.create_tag(1, 2); + circuit_constructor.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + circuit_constructor.assign_tag(a_idx, 1); + circuit_constructor.assign_tag(b_idx, 1); + circuit_constructor.assign_tag(c_idx, 2); + circuit_constructor.assign_tag(d_idx, 2); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, non_trivial_tag_permutation_and_cycles) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr c = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(a); - composer.assert_equal(a_idx, b_idx); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(c); - composer.assert_equal(c_idx, d_idx); - auto e_idx = composer.add_variable(a); - auto f_idx = composer.add_variable(a); - composer.assert_equal(e_idx, f_idx); - auto g_idx = composer.add_variable(c); - auto h_idx = composer.add_variable(c); - composer.assert_equal(g_idx, h_idx); - - composer.create_tag(1, 2); - composer.create_tag(2, 1); - - composer.assign_tag(a_idx, 1); - composer.assign_tag(c_idx, 1); - composer.assign_tag(e_idx, 2); - composer.assign_tag(g_idx, 2); - - composer.create_add_gate( - { b_idx, a_idx, composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, g_idx, composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ e_idx, f_idx, composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - - prove_and_verify(composer, /*expected_result=*/true); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(a); + circuit_constructor.assert_equal(a_idx, b_idx); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(c); + circuit_constructor.assert_equal(c_idx, d_idx); + auto e_idx = circuit_constructor.add_variable(a); + auto f_idx = circuit_constructor.add_variable(a); + circuit_constructor.assert_equal(e_idx, f_idx); + auto g_idx = circuit_constructor.add_variable(c); + auto h_idx = circuit_constructor.add_variable(c); + circuit_constructor.assert_equal(g_idx, h_idx); + + circuit_constructor.create_tag(1, 2); + circuit_constructor.create_tag(2, 1); + + circuit_constructor.assign_tag(a_idx, 1); + circuit_constructor.assign_tag(c_idx, 1); + circuit_constructor.assign_tag(e_idx, 2); + circuit_constructor.assign_tag(g_idx, 2); + + circuit_constructor.create_add_gate( + { b_idx, a_idx, circuit_constructor.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { c_idx, g_idx, circuit_constructor.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { e_idx, f_idx, circuit_constructor.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, bad_tag_permutation) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(b); + auto d_idx = circuit_constructor.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.get_zero_idx(), 1, 1, 0, -1 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, 1, 1, 0, 0 }); + circuit_constructor.create_add_gate({ c_idx, d_idx, circuit_constructor.zero_idx, 1, 1, 0, -1 }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + circuit_constructor.create_tag(1, 2); + circuit_constructor.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + circuit_constructor.assign_tag(a_idx, 1); + circuit_constructor.assign_tag(b_idx, 1); + circuit_constructor.assign_tag(c_idx, 2); + circuit_constructor.assign_tag(d_idx, 2); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } // same as above but with turbocomposer to check reason of failue is really tag mismatch TEST_F(UltraHonkComposerTests, bad_tag_turbo_permutation) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(b); + auto d_idx = circuit_constructor.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.get_zero_idx(), 1, 1, 0, -1 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, 1, 1, 0, 0 }); + circuit_constructor.create_add_gate({ c_idx, d_idx, circuit_constructor.zero_idx, 1, 1, 0, -1 }); - // composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), - // fr::zero() }); composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), fr::neg_one(), - // fr::zero(), fr::zero() }); composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), - // fr::neg_one(), fr::zero(), fr::zero() }); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto composer = UltraHonkComposerHelper(); + // circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, fr::one(), fr::neg_one(), + // fr::zero(), fr::zero() }); circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, + // fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); circuit_constructor.create_add_gate({ a_idx, b_idx, + // circuit_constructor.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); - prove_and_verify(composer, /*expected_result=*/true); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, sort_widget) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(4); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, sort_with_edges_gate) @@ -413,241 +420,271 @@ TEST_F(UltraHonkComposerTests, sort_with_edges_gate) fr h = fr(8); { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); - - prove_and_verify(composer, /*expected_result=*/true); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); - - prove_and_verify(composer, /*expected_result=*/false); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - prove_and_verify(composer, /*expected_result=*/false); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - auto b2_idx = composer.add_variable(fr(15)); - composer.create_sort_constraint_with_edges({ a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - prove_and_verify(composer, /*expected_result=*/false); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + auto b2_idx = circuit_constructor.add_variable(fr(15)); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - composer.create_sort_constraint_with_edges(idx, 1, 45); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + circuit_constructor.create_sort_constraint_with_edges(idx, 1, 45); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - - composer.create_sort_constraint_with_edges(idx, 1, 29); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + circuit_constructor.create_sort_constraint_with_edges(idx, 1, 29); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } } TEST_F(UltraHonkComposerTests, range_constraint) { { - auto composer = UltraHonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + circuit_constructor.create_new_range_constraint(indices[i], 8); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_sort_constraint(indices); + circuit_constructor.create_sort_constraint(indices); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto indices = add_variables(composer, { 3 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, { 3 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 3); + circuit_constructor.create_new_range_constraint(indices[i], 3); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 8, 25 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 8, 25 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + circuit_constructor.create_new_range_constraint(indices[i], 8); } - composer.create_sort_constraint(indices); + circuit_constructor.create_sort_constraint(indices); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto indices = - add_variables(composer, { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, + { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 128); + circuit_constructor.create_new_range_constraint(indices[i], 128); } - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto indices = - add_variables(composer, { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, + { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + circuit_constructor.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto indices = - add_variables(composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, + { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + circuit_constructor.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } } TEST_F(UltraHonkComposerTests, range_with_gates) { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 8); + circuit_constructor.create_new_range_constraint(idx[i], 8); } - composer.create_add_gate({ idx[0], idx[1], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - - prove_and_verify(composer, /*expected_result=*/true); + circuit_constructor.create_add_gate( + { idx[0], idx[1], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + circuit_constructor.create_add_gate( + { idx[2], idx[3], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + circuit_constructor.create_add_gate( + { idx[4], idx[5], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + circuit_constructor.create_add_gate( + { idx[6], idx[7], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, range_with_gates_where_range_is_not_a_power_of_two) { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 12); + circuit_constructor.create_new_range_constraint(idx[i], 12); } - composer.create_add_gate({ idx[0], idx[1], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - - prove_and_verify(composer, /*expected_result=*/true); + circuit_constructor.create_add_gate( + { idx[0], idx[1], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + circuit_constructor.create_add_gate( + { idx[2], idx[3], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + circuit_constructor.create_add_gate( + { idx[4], idx[5], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + circuit_constructor.create_add_gate( + { idx[6], idx[7], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, sort_widget_complex) { { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); std::vector a = { 1, 3, 4, 7, 7, 8, 11, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); + ind.emplace_back(circuit_constructor.add_variable(a[i])); + circuit_constructor.create_sort_constraint(ind); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); + ind.emplace_back(circuit_constructor.add_variable(a[i])); + circuit_constructor.create_sort_constraint(ind); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } } TEST_F(UltraHonkComposerTests, sort_widget_neg) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(8); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } TEST_F(UltraHonkComposerTests, composed_range_constraint) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); auto c = fr::random_element(); auto d = uint256_t(c).slice(0, 133); auto e = fr(d); - auto a_idx = composer.add_variable(fr(e)); - composer.create_add_gate({ a_idx, composer.get_zero_idx(), composer.get_zero_idx(), 1, 0, 0, -fr(e) }); - composer.decompose_into_default_range(a_idx, 134); + auto a_idx = circuit_constructor.add_variable(fr(e)); + circuit_constructor.create_add_gate( + { a_idx, circuit_constructor.zero_idx, circuit_constructor.zero_idx, 1, 0, 0, -fr(e) }); + circuit_constructor.decompose_into_default_range(a_idx, 134); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, non_native_field_multiplication) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fq a = fq::random_element(); fq b = fq::random_element(); @@ -676,11 +713,11 @@ TEST_F(UltraHonkComposerTests, non_native_field_multiplication) const auto get_limb_witness_indices = [&](const std::array& limbs) { std::array limb_indices; - limb_indices[0] = composer.add_variable(limbs[0]); - limb_indices[1] = composer.add_variable(limbs[1]); - limb_indices[2] = composer.add_variable(limbs[2]); - limb_indices[3] = composer.add_variable(limbs[3]); - limb_indices[4] = composer.add_variable(limbs[4]); + limb_indices[0] = circuit_constructor.add_variable(limbs[0]); + limb_indices[1] = circuit_constructor.add_variable(limbs[1]); + limb_indices[2] = circuit_constructor.add_variable(limbs[2]); + limb_indices[3] = circuit_constructor.add_variable(limbs[3]); + limb_indices[4] = circuit_constructor.add_variable(limbs[4]); return limb_indices; }; const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); @@ -694,38 +731,40 @@ TEST_F(UltraHonkComposerTests, non_native_field_multiplication) proof_system::UltraCircuitConstructor::non_native_field_witnesses inputs{ a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), }; - const auto [lo_1_idx, hi_1_idx] = composer.evaluate_non_native_field_multiplication(inputs); - composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); + const auto [lo_1_idx, hi_1_idx] = circuit_constructor.evaluate_non_native_field_multiplication(inputs); + circuit_constructor.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, rom) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); uint32_t rom_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t rom_id = composer.create_ROM_array(8); + size_t rom_id = circuit_constructor.create_ROM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.set_ROM_element(rom_id, i, rom_values[i]); + circuit_constructor.set_ROM_element(rom_id, i, rom_values[i]); } - uint32_t a_idx = composer.read_ROM_array(rom_id, composer.add_variable(5)); + uint32_t a_idx = circuit_constructor.read_ROM_array(rom_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = composer.read_ROM_array(rom_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_ROM_array(rom_id, composer.add_variable(1)); + uint32_t b_idx = circuit_constructor.read_ROM_array(rom_id, circuit_constructor.add_variable(4)); + uint32_t c_idx = circuit_constructor.read_ROM_array(rom_id, circuit_constructor.add_variable(1)); - const auto d_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx); - uint32_t d_idx = composer.add_variable(d_value); + const auto d_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx); + uint32_t d_idx = circuit_constructor.add_variable(d_value); - composer.create_big_add_gate({ + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, @@ -737,43 +776,45 @@ TEST_F(UltraHonkComposerTests, rom) 0, }); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, ram) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = circuit_constructor.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + circuit_constructor.init_RAM_element(ram_id, i, ram_values[i]); } - uint32_t a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + uint32_t a_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - uint32_t b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + uint32_t b_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); + uint32_t c_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - uint32_t d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + circuit_constructor.write_RAM_array( + ram_id, circuit_constructor.add_variable(4), circuit_constructor.add_variable(500)); + uint32_t d_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(circuit_constructor.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - uint32_t e_idx = composer.add_variable(e_value); + const auto e_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx) + circuit_constructor.get_variable(d_idx); + uint32_t e_idx = circuit_constructor.add_variable(e_value); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate( { a_idx, b_idx, @@ -786,11 +827,11 @@ TEST_F(UltraHonkComposerTests, ram) 0, }, true); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate( { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, e_idx, 0, 0, @@ -800,12 +841,15 @@ TEST_F(UltraHonkComposerTests, ram) }, false); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST(UltraGrumpkinHonkComposer, XorConstraint) { - auto composer = UltraGrumpkinHonkComposer(); + // NOTE: as a WIP, this test may not actually use the Grumpkin SRS (just the IPA PCS). + + auto circuit_constructor = UltraCircuitConstructor(); uint32_t left_value = engine.get_random_uint32(); uint32_t right_value = engine.get_random_uint32(); @@ -813,8 +857,8 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t xor_result_expected = left_value ^ right_value; @@ -824,32 +868,34 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) [0]; // The zeroth index in the 3rd column is the fully accumulated xor EXPECT_EQ(xor_result, xor_result_expected); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::UINT32_XOR, lookup_accumulators, left_witness_index, right_witness_index); - prove_and_verify(composer, /*expected_result=*/true); + barretenberg::srs::init_crs_factory("../srs_db/ignition"); + auto composer = UltraGrumpkinHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } // TODO(#378)(luke): this is a recent update from Zac and fails; do we need a corresponding bug fix in ultra circuit // c_Fonstructor? TEST(UltraHonkComposerTests, range_checks_on_duplicates) // { -// auto composer = UltraHonkComposer(); +// auto composer = UltraHonkComposerHelper(); -// uint32_t a = composer.add_variable(100); -// uint32_t b = composer.add_variable(100); -// uint32_t c = composer.add_variable(100); -// uint32_t d = composer.add_variable(100); +// uint32_t a = circuit_constructor.add_variable(100); +// uint32_t b = circuit_constructor.add_variable(100); +// uint32_t c = circuit_constructor.add_variable(100); +// uint32_t d = circuit_constructor.add_variable(100); -// composer.assert_equal(a, b); -// composer.assert_equal(a, c); -// composer.assert_equal(a, d); +// circuit_constructor.assert_equal(a, b); +// circuit_constructor.assert_equal(a, c); +// circuit_constructor.assert_equal(a, d); -// composer.create_new_range_constraint(a, 1000); -// composer.create_new_range_constraint(b, 1001); -// composer.create_new_range_constraint(c, 999); -// composer.create_new_range_constraint(d, 1000); +// circuit_constructor.create_new_range_constraint(a, 1000); +// circuit_constructor.create_new_range_constraint(b, 1001); +// circuit_constructor.create_new_range_constraint(c, 999); +// circuit_constructor.create_new_range_constraint(d, 1000); -// composer.create_big_add_gate( +// circuit_constructor.create_big_add_gate( // { // a, // b, @@ -863,7 +909,7 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) // }, // false); -// prove_and_verify(composer, /*expected_result=*/true); +// prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); // } // TODO(#378)(luke): this is a new test from Zac; ultra circuit constructor does not yet have create_range_constraint @@ -874,22 +920,22 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) // // before range constraints are applied to it. // T_FEST(UltraHonkComposerTests, range_constraint_small_variable) // { -// auto composer = UltraHonkComposer(); +// auto composer = UltraHonkComposerHelper(); // uint16_t mask = (1 << 8) - 1; // int a = engine.get_random_uint16() & mask; -// uint32_t a_idx = composer.add_variable(fr(a)); -// uint32_t b_idx = composer.add_variable(fr(a)); +// uint32_t a_idx = circuit_constructor.add_variable(fr(a)); +// uint32_t b_idx = circuit_constructor.add_variable(fr(a)); // ASSERT_NE(a_idx, b_idx); -// uint32_t c_idx = composer.add_variable(fr(a)); +// uint32_t c_idx = circuit_constructor.add_variable(fr(a)); // ASSERT_NE(c_idx, b_idx); // composer.create_range_constraint(b_idx, 8, "bad range"); -// composer.assert_equal(a_idx, b_idx); +// circuit_constructor.assert_equal(a_idx, b_idx); // composer.create_range_constraint(c_idx, 8, "bad range"); -// composer.assert_equal(a_idx, c_idx); +// circuit_constructor.assert_equal(a_idx, c_idx); -// auto prover = composer.create_prover(); +// auto prover = composer.create_prover(circuit_constructor); // auto proof = prover.construct_proof(); -// auto verifier = composer.create_verifier(); +// auto verifier = composer.create_verifier(circuit_constructor); // bool result = verifier.verify_proof(proof); // EXPECT_EQ(result, true); // } diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 98fba9b942..b2616e1673 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -1,7 +1,7 @@ #include -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" @@ -82,22 +82,24 @@ TEST_F(RelationCorrectnessTests, StandardRelationCorrectness) // using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; // Create a composer and a dummy circuit with a few gates - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto circuit_size = prover.key->circuit_size; // Generate beta and gamma @@ -105,7 +107,7 @@ TEST_F(RelationCorrectnessTests, StandardRelationCorrectness) fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); @@ -173,55 +175,55 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) // Create a composer and then add an assortment of gates designed to ensure that the constraint(s) represented // by each relation are non-trivially exercised. - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); barretenberg::fr pedersen_input_value = fr::random_element(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly - // TODO(luke): add method "add_public_variable" to UH composer - // uint32_t a_idx = composer.add_public_variable(a); + // TODO(luke): add method "add_public_variable" to UH circuit_constructor + // uint32_t a_idx = circuit_constructor.add_public_variable(a); // Add some basic add gates - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); - composer.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); } // Add a big add gate with use of next row to test q_arith = 2 fr e = a + b + c + d; - uint32_t e_idx = composer.add_variable(e); + uint32_t e_idx = circuit_constructor.add_variable(e); - uint32_t zero_idx = composer.get_zero_idx(); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row - composer.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); + uint32_t zero_idx = circuit_constructor.zero_idx; + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row + circuit_constructor.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); // Add some lookup gates (related to pedersen hashing) const fr input_hi = uint256_t(pedersen_input_value).slice(126, 256); const fr input_lo = uint256_t(pedersen_input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = circuit_constructor.add_variable(input_hi); + const auto input_lo_index = circuit_constructor.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); // Add a sort gate (simply checks that consecutive inputs have a difference of < 4) - a_idx = composer.add_variable(FF(0)); - b_idx = composer.add_variable(FF(1)); - c_idx = composer.add_variable(FF(2)); - d_idx = composer.add_variable(FF(3)); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + a_idx = circuit_constructor.add_variable(FF(0)); + b_idx = circuit_constructor.add_variable(FF(1)); + c_idx = circuit_constructor.add_variable(FF(2)); + d_idx = circuit_constructor.add_variable(FF(3)); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); // Add an elliptic curve addition gate grumpkin::g1::affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; @@ -233,52 +235,53 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) grumpkin::g1::affine_element p3(grumpkin::g1::element(p1) - grumpkin::g1::element(p2_endo)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = circuit_constructor.add_variable(p1.x); + uint32_t y1 = circuit_constructor.add_variable(p1.y); + uint32_t x2 = circuit_constructor.add_variable(p2.x); + uint32_t y2 = circuit_constructor.add_variable(p2.y); + uint32_t x3 = circuit_constructor.add_variable(p3.x); + uint32_t y3 = circuit_constructor.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, beta_scalar, -1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); // Add some RAM gates uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = circuit_constructor.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + circuit_constructor.init_RAM_element(ram_id, i, ram_values[i]); } - a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + a_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + b_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); + c_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + circuit_constructor.write_RAM_array( + ram_id, circuit_constructor.add_variable(4), circuit_constructor.add_variable(500)); + d_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(circuit_constructor.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - e_idx = composer.add_variable(e_value); + const auto e_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx) + circuit_constructor.get_variable(d_idx); + e_idx = circuit_constructor.add_variable(e_value); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); + circuit_constructor.create_big_add_gate( { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, e_idx, 0, 0, @@ -289,7 +292,8 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) false); // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto circuit_size = prover.key->circuit_size; // Generate eta, beta and gamma @@ -298,7 +302,7 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); auto lookup_grand_product_delta = diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp index e0718b3394..f97ec72070 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp @@ -11,8 +11,8 @@ #include "barretenberg/ecc/curves/bn254/fr.hpp" #include #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/lookup_relation.hpp" #include "barretenberg/honk/sumcheck/relations/gen_perm_sort_relation.hpp" @@ -424,29 +424,31 @@ TEST_F(SumcheckTests, RealCircuitStandard) using ProverPolynomials = typename Flavor::ProverPolynomials; // Create a composer and a dummy circuit with a few gates - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); // Generate beta and gamma fr beta = fr::random_element(); fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); @@ -506,51 +508,51 @@ TEST_F(SumcheckTests, RealCircuitUltra) using ProverPolynomials = typename Flavor::ProverPolynomials; // Create a composer and a dummy circuit with a few gates - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::one(); // Add some basic add gates - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); - composer.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); } // Add a big add gate with use of next row to test q_arith = 2 fr e = a + b + c + d; - uint32_t e_idx = composer.add_variable(e); + uint32_t e_idx = circuit_constructor.add_variable(e); - uint32_t zero_idx = composer.get_zero_idx(); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row - composer.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); + uint32_t zero_idx = circuit_constructor.zero_idx; + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row + circuit_constructor.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); // Add some lookup gates (related to pedersen hashing) barretenberg::fr pedersen_input_value = fr::random_element(); const fr input_hi = uint256_t(pedersen_input_value).slice(126, 256); const fr input_lo = uint256_t(pedersen_input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = circuit_constructor.add_variable(input_hi); + const auto input_lo_index = circuit_constructor.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); // Add a sort gate (simply checks that consecutive inputs have a difference of < 4) - a_idx = composer.add_variable(FF(0)); - b_idx = composer.add_variable(FF(1)); - c_idx = composer.add_variable(FF(2)); - d_idx = composer.add_variable(FF(3)); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + a_idx = circuit_constructor.add_variable(FF(0)); + b_idx = circuit_constructor.add_variable(FF(1)); + c_idx = circuit_constructor.add_variable(FF(2)); + d_idx = circuit_constructor.add_variable(FF(3)); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); // Add an elliptic curve addition gate grumpkin::g1::affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; @@ -562,52 +564,53 @@ TEST_F(SumcheckTests, RealCircuitUltra) grumpkin::g1::affine_element p3(grumpkin::g1::element(p1) - grumpkin::g1::element(p2_endo)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = circuit_constructor.add_variable(p1.x); + uint32_t y1 = circuit_constructor.add_variable(p1.y); + uint32_t x2 = circuit_constructor.add_variable(p2.x); + uint32_t y2 = circuit_constructor.add_variable(p2.y); + uint32_t x3 = circuit_constructor.add_variable(p3.x); + uint32_t y3 = circuit_constructor.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, beta_scalar, -1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); // Add some RAM gates uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = circuit_constructor.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + circuit_constructor.init_RAM_element(ram_id, i, ram_values[i]); } - a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + a_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + b_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); + c_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + circuit_constructor.write_RAM_array( + ram_id, circuit_constructor.add_variable(4), circuit_constructor.add_variable(500)); + d_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(circuit_constructor.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - e_idx = composer.add_variable(e_value); + const auto e_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx) + circuit_constructor.get_variable(d_idx); + e_idx = circuit_constructor.add_variable(e_value); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); + circuit_constructor.create_big_add_gate( { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, e_idx, 0, 0, @@ -618,7 +621,8 @@ TEST_F(SumcheckTests, RealCircuitUltra) false); // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); // Generate eta, beta and gamma fr eta = fr::random_element(); @@ -626,7 +630,7 @@ TEST_F(SumcheckTests, RealCircuitUltra) fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); auto lookup_grand_product_delta = diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index 1e0ae9f38c..1475e49038 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -1,7 +1,7 @@ #include "transcript.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/honk/flavor/standard.hpp" @@ -122,13 +122,14 @@ TYPED_TEST(TranscriptTests, ProverManifestConsistency) { using Flavor = TypeParam; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = StandardHonkComposer_(); fr a = 1; - composer.circuit_constructor.add_variable(a); - composer.circuit_constructor.add_public_variable(a); + auto circuit_constructor = proof_system::StandardCircuitConstructor(); + circuit_constructor.add_variable(a); + circuit_constructor.add_public_variable(a); // Automatically generate a transcript manifest by constructing a proof - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper_(); + auto prover = composer.create_prover(circuit_constructor); plonk::proof proof = prover.construct_proof(); // Check that the prover generated manifest agrees with the manifest hard coded in this suite @@ -149,17 +150,18 @@ TYPED_TEST(TranscriptTests, VerifierManifestConsistency) { using Flavor = TypeParam; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = StandardHonkComposer_(); + auto circuit_constructor = proof_system::StandardCircuitConstructor(); fr a = 1; - composer.circuit_constructor.add_variable(a); - composer.circuit_constructor.add_public_variable(a); + circuit_constructor.add_variable(a); + circuit_constructor.add_public_variable(a); // Automatically generate a transcript manifest in the prover by constructing a proof - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper_(); + auto prover = composer.create_prover(circuit_constructor); plonk::proof proof = prover.construct_proof(); // Automatically generate a transcript manifest in the verifier by verifying a proof - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); verifier.verify_proof(proof); prover.transcript.print(); verifier.transcript.print(); @@ -285,19 +287,21 @@ TYPED_TEST(TranscriptTests, VerifierMistake) TYPED_TEST(TranscriptTests, UltraVerifierManifestConsistency) { // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = UltraHonkComposer(); + auto circuit_constructor = proof_system::UltraCircuitConstructor(); + // fr a = 2; - // composer.circuit_constructor.add_variable(a); - // composer.circuit_constructor.add_public_variable(a); + // circuit_constructor.add_variable(a); + // circuit_constructor.add_public_variable(a); - composer.add_gates_to_ensure_all_polys_are_non_zero(); + circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); // Automatically generate a transcript manifest in the prover by constructing a proof - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); plonk::proof proof = prover.construct_proof(); // Automatically generate a transcript manifest in the verifier by verifying a proof - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); verifier.verify_proof(proof); prover.transcript.print(); diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp index 580c67bf8a..97ee933c77 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp @@ -165,7 +165,7 @@ void UltraPlonkComposerHelper::compute_witness(CircuitConstructor& circuit_const UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); @@ -211,7 +211,7 @@ UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_ */ UltraToStandardProver UltraPlonkComposerHelper::create_ultra_to_standard_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); @@ -257,7 +257,7 @@ UltraToStandardProver UltraPlonkComposerHelper::create_ultra_to_standard_prover( */ UltraWithKeccakProver UltraPlonkComposerHelper::create_ultra_with_keccak_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp index bcd81480f4..8417a9f2e0 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp @@ -34,6 +34,12 @@ class UltraPlonkComposerHelper { // vanishing_polynomial cannot be trivially fetched here, I am directly setting this to 4 - 1 = 3. static constexpr size_t s_randomness = 3; + UltraPlonkComposerHelper() + : UltraPlonkComposerHelper("../srs_db/ignition"){}; + + UltraPlonkComposerHelper(std::string const& crs_path) + : UltraPlonkComposerHelper(std::make_unique(crs_path)){}; + explicit UltraPlonkComposerHelper(std::shared_ptr crs_factory) : crs_factory_(std::move(crs_factory)) {} @@ -70,8 +76,6 @@ class UltraPlonkComposerHelper { [[nodiscard]] size_t get_num_selectors() { return ultra_selector_properties().size(); } - void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; - std::shared_ptr compute_proving_key(CircuitConstructor& circuit_constructor); std::shared_ptr compute_verification_key(CircuitConstructor& circuit_constructor); diff --git a/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp index c1ffafe0cd..84bfdefc02 100644 --- a/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp @@ -1,11 +1,13 @@ -#include "standard_plonk_composer.hpp" #include #include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/crypto/generators/generator_data.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; namespace { auto& engine = numeric::random::get_debug_engine(); @@ -13,26 +15,28 @@ auto& engine = numeric::random::get_debug_engine(); TEST(standard_plonk_composer, base_case) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); - plonk::Prover prover = composer.create_prover(); - plonk::Verifier verifier = composer.create_verifier(); + builder.add_public_variable(a); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } TEST(standard_plonk_composer, composer_from_serialized_keys) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - auto pk_buf = to_buffer(*composer.compute_proving_key()); - auto vk_buf = to_buffer(*composer.compute_verification_key()); + auto pk_buf = to_buffer(*composer.compute_proving_key(builder)); + auto vk_buf = to_buffer(*composer.compute_verification_key(builder)); auto pk_data = from_buffer(pk_buf); auto vk_data = from_buffer(vk_buf); @@ -41,11 +45,12 @@ TEST(standard_plonk_composer, composer_from_serialized_keys) std::make_shared(std::move(pk_data), crs->get_prover_crs(pk_data.circuit_size + 1)); auto verification_key = std::make_shared(std::move(vk_data), crs->get_verifier_crs()); - plonk::StandardPlonkComposer composer2 = plonk::StandardPlonkComposer(proving_key, verification_key); - composer2.add_public_variable(a); + auto builder2 = StandardCircuitConstructor(); + auto composer2 = StandardPlonkComposerHelper(); + builder2.add_public_variable(a); - plonk::Prover prover = composer2.create_prover(); - plonk::Verifier verifier = composer2.create_verifier(); + auto prover = composer2.create_prover(builder2); + auto verifier = composer2.create_verifier(builder2); plonk::proof proof = prover.construct_proof(); @@ -55,66 +60,68 @@ TEST(standard_plonk_composer, composer_from_serialized_keys) TEST(standard_plonk_composer, test_add_gate_proofs) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = builder.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - plonk::Prover prover = composer.create_prover(); - - plonk::Verifier verifier = composer.create_verifier(); + // uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + auto prover = composer.create_prover(builder); + + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } TEST(standard_plonk_composer, test_mul_gate_proofs) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -126,64 +133,64 @@ TEST(standard_plonk_composer, test_mul_gate_proofs) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - plonk::Prover prover = composer.create_prover(); - - plonk::Verifier verifier = composer.create_verifier(); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + auto prover = composer.create_prover(builder); + + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -193,21 +200,22 @@ TEST(standard_plonk_composer, test_mul_gate_proofs) TEST(standard_plonk_composer, range_constraint) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = builder.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); + std::vector accumulators = builder.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); - fr source = composer.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); + fr source = builder.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } @@ -218,14 +226,14 @@ TEST(standard_plonk_composer, range_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -236,16 +244,17 @@ TEST(standard_plonk_composer, range_constraint) TEST(standard_plonk_composer, range_constraint_fail) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); uint64_t value = 0xffffff; - uint32_t witness_index = composer.add_variable(fr(value)); + uint32_t witness_index = builder.add_variable(fr(value)); - composer.decompose_into_base4_accumulators(witness_index, 23); + builder.decompose_into_base4_accumulators(witness_index, 23); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -256,38 +265,39 @@ TEST(standard_plonk_composer, range_constraint_fail) TEST(standard_plonk_composer, and_constraint) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value & right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); - // composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + // builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected & right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -309,14 +319,14 @@ TEST(standard_plonk_composer, and_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -327,37 +337,38 @@ TEST(standard_plonk_composer, and_constraint) TEST(standard_plonk_composer, xor_constraint) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value ^ right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected ^ right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -379,14 +390,14 @@ TEST(standard_plonk_composer, xor_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -397,21 +408,22 @@ TEST(standard_plonk_composer, xor_constraint) TEST(standard_plonk_composer, big_add_gate_with_bit_extract) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); - const auto generate_constraints = [&composer](uint32_t quad_value) { + const auto generate_constraints = [&](uint32_t quad_value) { uint32_t quad_accumulator_left = (engine.get_random_uint32() & 0x3fffffff) - quad_value; // make sure this won't overflow uint32_t quad_accumulator_right = (4 * quad_accumulator_left) + quad_value; - uint32_t left_idx = composer.add_variable(uint256_t(quad_accumulator_left)); - uint32_t right_idx = composer.add_variable(uint256_t(quad_accumulator_right)); + uint32_t left_idx = builder.add_variable(uint256_t(quad_accumulator_left)); + uint32_t right_idx = builder.add_variable(uint256_t(quad_accumulator_right)); uint32_t input = engine.get_random_uint32(); uint32_t output = input + (quad_value > 1 ? 1 : 0); - add_quad gate{ composer.add_variable(uint256_t(input)), - composer.add_variable(uint256_t(output)), + add_quad gate{ builder.add_variable(uint256_t(input)), + builder.add_variable(uint256_t(output)), right_idx, left_idx, fr(6), @@ -420,7 +432,7 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) fr::zero(), fr::zero() }; - composer.create_big_add_gate_with_bit_extraction(gate); + builder.create_big_add_gate_with_bit_extraction(gate); }; generate_constraints(0); @@ -428,9 +440,9 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) generate_constraints(2); generate_constraints(3); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -441,13 +453,14 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) TEST(standard_plonk_composer, test_range_constraint_fail) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); - uint32_t witness_index = composer.add_variable(fr::neg_one()); - composer.decompose_into_base4_accumulators(witness_index, 32); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); + uint32_t witness_index = builder.add_variable(fr::neg_one()); + builder.decompose_into_base4_accumulators(witness_index, 32); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -458,40 +471,42 @@ TEST(standard_plonk_composer, test_range_constraint_fail) TEST(standard_plonk_composer, test_check_circuit_correct) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = builder.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_plonk_composer, test_check_circuit_broken) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = builder.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c + 1; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, false); } diff --git a/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp index 780d2715d2..187ba10f86 100644 --- a/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp @@ -1,11 +1,14 @@ -#include "turbo_plonk_composer.hpp" +#include + #include "barretenberg/crypto/generators/generator_data.hpp" #include "barretenberg/crypto/generators/fixed_base_scalar_mul.hpp" -#include +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; using namespace crypto::generators; namespace proof_system::plonk::test_turbo_plonk_composer { @@ -15,12 +18,13 @@ auto& engine = numeric::random::get_debug_engine(); TEST(turbo_plonk_composer, base_case) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -30,12 +34,13 @@ TEST(turbo_plonk_composer, base_case) TEST(turbo_plonk_composer, composer_from_serialized_keys) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - auto pk_buf = to_buffer(*composer.compute_proving_key()); - auto vk_buf = to_buffer(*composer.compute_verification_key()); + auto pk_buf = to_buffer(*composer.compute_proving_key(builder)); + auto vk_buf = to_buffer(*composer.compute_verification_key(builder)); auto pk_data = from_buffer(pk_buf); auto vk_data = from_buffer(vk_buf); @@ -44,11 +49,12 @@ TEST(turbo_plonk_composer, composer_from_serialized_keys) std::make_shared(std::move(pk_data), crs->get_prover_crs(pk_data.circuit_size + 1)); auto verification_key = std::make_shared(std::move(vk_data), crs->get_verifier_crs()); - TurboPlonkComposer composer2 = TurboPlonkComposer(proving_key, verification_key); - composer2.add_public_variable(a); + auto builder2 = TurboCircuitConstructor(); + auto composer2 = TurboPlonkComposerHelper(proving_key, verification_key); + builder2.add_public_variable(a); - auto prover = composer2.create_prover(); - auto verifier = composer2.create_verifier(); + auto prover = composer2.create_prover(builder); + auto verifier = composer2.create_verifier(builder); proof proof = prover.construct_proof(); @@ -58,70 +64,72 @@ TEST(turbo_plonk_composer, composer_from_serialized_keys) TEST(turbo_plonk_composer, test_add_gate_proofs) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); // TODO: proof fails if one wire contains all zeros. Should we support this? - uint32_t zero_idx = composer.add_variable(fr::zero()); + uint32_t zero_idx = builder.add_variable(fr::zero()); - composer.create_big_add_gate( + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, a_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_mul_gate_proofs) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -133,71 +141,71 @@ TEST(turbo_plonk_composer, test_mul_gate_proofs) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_public_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t a_idx = builder.add_public_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - uint32_t e_idx = composer.add_variable(a - fr::one()); - composer.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); - auto prover = composer.create_prover(); + uint32_t e_idx = builder.add_variable(a - fr::one()); + builder.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -275,15 +283,16 @@ TEST(turbo_plonk_composer, small_scalar_multipliers) origin_points[0].y, (origin_points[0].y - origin_points[1].y) }; - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; - round_quad.d = composer.add_variable(accumulator_transcript[i]); - round_quad.a = composer.add_variable(multiplication_transcript[i].x); - round_quad.b = composer.add_variable(multiplication_transcript[i].y); - round_quad.c = composer.add_variable(x_alpha); + round_quad.d = builder.add_variable(accumulator_transcript[i]); + round_quad.a = builder.add_variable(multiplication_transcript[i].x); + round_quad.b = builder.add_variable(multiplication_transcript[i].y); + round_quad.c = builder.add_variable(x_alpha); if ((wnaf_entries[i + 1] & 0xffffffU) == 0) { x_alpha = ladder[i + 1].one.x; } else { @@ -295,22 +304,22 @@ TEST(turbo_plonk_composer, small_scalar_multipliers) round_quad.q_y_2 = ladder[i + 1].q_y_2; if (i > 0) { - composer.create_fixed_group_add_gate(round_quad); + builder.create_fixed_group_add_gate(round_quad); } else { - composer.create_fixed_group_add_gate_with_init(round_quad, init_quad); + builder.create_fixed_group_add_gate_with_init(round_quad, init_quad); } } - add_quad add_quad{ composer.add_variable(multiplication_transcript[num_quads].x), - composer.add_variable(multiplication_transcript[num_quads].y), - composer.add_variable(x_alpha), - composer.add_variable(accumulator_transcript[num_quads]), + add_quad add_quad{ builder.add_variable(multiplication_transcript[num_quads].x), + builder.add_variable(multiplication_transcript[num_quads].y), + builder.add_variable(x_alpha), + builder.add_variable(accumulator_transcript[num_quads]), fr::zero(), fr::zero(), fr::zero(), fr::zero(), fr::zero() }; - composer.create_big_add_gate(add_quad); + builder.create_big_add_gate(add_quad); grumpkin::g1::element expected_point = grumpkin::g1::element(generator * scalar_multiplier.to_montgomery_form()).normalize(); @@ -321,9 +330,9 @@ TEST(turbo_plonk_composer, small_scalar_multipliers) uint64_t expected_accumulator = scalar_multiplier.data[0]; EXPECT_EQ(result_accumulator, expected_accumulator); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -405,15 +414,16 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) origin_points[0].y, (origin_points[0].y - origin_points[1].y) }; - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; - round_quad.d = composer.add_variable(accumulator_transcript[i]); - round_quad.a = composer.add_variable(multiplication_transcript[i].x); - round_quad.b = composer.add_variable(multiplication_transcript[i].y); - round_quad.c = composer.add_variable(x_alpha); + round_quad.d = builder.add_variable(accumulator_transcript[i]); + round_quad.a = builder.add_variable(multiplication_transcript[i].x); + round_quad.b = builder.add_variable(multiplication_transcript[i].y); + round_quad.c = builder.add_variable(x_alpha); if ((wnaf_entries[i + 1] & 0xffffffU) == 0) { x_alpha = ladder[i + 1].one.x; } else { @@ -425,22 +435,22 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) round_quad.q_y_2 = ladder[i + 1].q_y_2; if (i > 0) { - composer.create_fixed_group_add_gate(round_quad); + builder.create_fixed_group_add_gate(round_quad); } else { - composer.create_fixed_group_add_gate_with_init(round_quad, init_quad); + builder.create_fixed_group_add_gate_with_init(round_quad, init_quad); } } - add_quad add_quad{ composer.add_variable(multiplication_transcript[num_quads].x), - composer.add_variable(multiplication_transcript[num_quads].y), - composer.add_variable(x_alpha), - composer.add_variable(accumulator_transcript[num_quads]), + add_quad add_quad{ builder.add_variable(multiplication_transcript[num_quads].x), + builder.add_variable(multiplication_transcript[num_quads].y), + builder.add_variable(x_alpha), + builder.add_variable(accumulator_transcript[num_quads]), fr::zero(), fr::zero(), fr::zero(), fr::zero(), fr::zero() }; - composer.create_big_add_gate(add_quad); + builder.create_big_add_gate(add_quad); grumpkin::g1::element expected_point = grumpkin::g1::element(generator * scalar_multiplier.to_montgomery_form()).normalize(); @@ -453,9 +463,9 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) .to_montgomery_form(); EXPECT_EQ((result_accumulator == expected_accumulator), true); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -469,22 +479,23 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) TEST(turbo_plonk_composer, range_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = builder.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators( + std::vector accumulators = builder.decompose_into_base4_accumulators( witness_index, 32 + extra_bits, "constraint in test range_constraint fails"); for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); - fr source = composer.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); + fr source = builder.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } @@ -495,14 +506,14 @@ TEST(turbo_plonk_composer, range_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -513,16 +524,17 @@ TEST(turbo_plonk_composer, range_constraint) TEST(turbo_plonk_composer, range_constraint_fail) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); uint64_t value = 0xffffff; - uint32_t witness_index = composer.add_variable(fr(value)); + uint32_t witness_index = builder.add_variable(fr(value)); - composer.decompose_into_base4_accumulators(witness_index, 23, "yay, range constraint fails"); + builder.decompose_into_base4_accumulators(witness_index, 23, "yay, range constraint fails"); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -537,29 +549,30 @@ TEST(turbo_plonk_composer, range_constraint_fail) */ TEST(turbo_plonk_composer, and_constraint_failure) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); uint32_t left_value = 4; fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = 5; fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); // 4 && 5 is 4, so 3 bits are needed, but we only constrain 2 - accumulator_triple accumulators = composer.create_and_constraint(left_witness_index, right_witness_index, 2); + accumulator_triple accumulators = builder.create_and_constraint(left_witness_index, right_witness_index, 2); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); bool result = verifier.verify_proof(proof); - if (composer.failed()) { - info("Composer failed; ", composer.err()); + if (builder.failed()) { + info("Circuit construction failed; ", builder.err()); } EXPECT_EQ(result, false); @@ -567,38 +580,39 @@ TEST(turbo_plonk_composer, and_constraint_failure) TEST(turbo_plonk_composer, and_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value & right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); - // composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + // builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected & right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -620,14 +634,14 @@ TEST(turbo_plonk_composer, and_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -642,29 +656,30 @@ TEST(turbo_plonk_composer, and_constraint) */ TEST(turbo_plonk_composer, xor_constraint_failure) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); uint32_t left_value = 4; fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = 1; fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); // 4 && 1 is 5, so 3 bits are needed, but we only constrain 2 - accumulator_triple accumulators = composer.create_and_constraint(left_witness_index, right_witness_index, 2); + accumulator_triple accumulators = builder.create_and_constraint(left_witness_index, right_witness_index, 2); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); bool result = verifier.verify_proof(proof); - if (composer.failed()) { - info("Composer failed; ", composer.err()); + if (builder.failed()) { + info("Circuit construction failed; ", builder.err()); } EXPECT_EQ(result, false); @@ -672,37 +687,38 @@ TEST(turbo_plonk_composer, xor_constraint_failure) TEST(turbo_plonk_composer, xor_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value ^ right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected ^ right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -724,14 +740,14 @@ TEST(turbo_plonk_composer, xor_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -742,21 +758,22 @@ TEST(turbo_plonk_composer, xor_constraint) TEST(turbo_plonk_composer, big_add_gate_with_bit_extract) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); - const auto generate_constraints = [&composer](uint32_t quad_value) { + const auto generate_constraints = [&](uint32_t quad_value) { uint32_t quad_accumulator_left = (engine.get_random_uint32() & 0x3fffffff) - quad_value; // make sure this won't overflow uint32_t quad_accumulator_right = (4 * quad_accumulator_left) + quad_value; - uint32_t left_idx = composer.add_variable(uint256_t(quad_accumulator_left)); - uint32_t right_idx = composer.add_variable(uint256_t(quad_accumulator_right)); + uint32_t left_idx = builder.add_variable(uint256_t(quad_accumulator_left)); + uint32_t right_idx = builder.add_variable(uint256_t(quad_accumulator_right)); uint32_t input = engine.get_random_uint32(); uint32_t output = input + (quad_value > 1 ? 1 : 0); - add_quad gate{ composer.add_variable(uint256_t(input)), - composer.add_variable(uint256_t(output)), + add_quad gate{ builder.add_variable(uint256_t(input)), + builder.add_variable(uint256_t(output)), right_idx, left_idx, fr(6), @@ -765,7 +782,7 @@ TEST(turbo_plonk_composer, big_add_gate_with_bit_extract) fr::zero(), fr::zero() }; - composer.create_big_add_gate_with_bit_extraction(gate); + builder.create_big_add_gate_with_bit_extraction(gate); }; generate_constraints(0); @@ -773,9 +790,9 @@ TEST(turbo_plonk_composer, big_add_gate_with_bit_extract) generate_constraints(2); generate_constraints(3); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -792,7 +809,8 @@ TEST(turbo_plonk_composer, validate_copy_constraints) if (m == 0 && (j > 0 || k > 0)) { continue; } - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); barretenberg::fr variables[4]{ barretenberg::fr::random_element(), @@ -802,14 +820,14 @@ TEST(turbo_plonk_composer, validate_copy_constraints) }; uint32_t indices[4]{ - composer.add_variable(variables[0]), - composer.add_variable(variables[1]), - composer.add_variable(variables[2]), - composer.add_variable(variables[3]), + builder.add_variable(variables[0]), + builder.add_variable(variables[1]), + builder.add_variable(variables[2]), + builder.add_variable(variables[3]), }; for (size_t i = 0; i < 4; ++i) { - composer.create_big_add_gate({ + builder.create_big_add_gate({ indices[0], indices[1], indices[2], @@ -821,7 +839,7 @@ TEST(turbo_plonk_composer, validate_copy_constraints) barretenberg::fr(0), }); - composer.create_big_add_gate({ + builder.create_big_add_gate({ indices[3], indices[2], indices[1], @@ -834,14 +852,14 @@ TEST(turbo_plonk_composer, validate_copy_constraints) }); } - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); if (m > 0) { prover.key->polynomial_store.get("w_" + std::to_string(k + 1) + "_lagrange")[j] = barretenberg::fr::random_element(); } - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -856,56 +874,59 @@ TEST(turbo_plonk_composer, validate_copy_constraints) TEST(turbo_plonk_composer, test_check_circuit_add_gate_proofs_correct) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); // TODO: proof fails if one wire contains all zeros. Should we support this? - uint32_t zero_idx = composer.add_variable(fr::zero()); + uint32_t zero_idx = builder.add_variable(fr::zero()); - composer.create_big_add_gate( + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, a_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_check_circuit_add_gate_proofs_broken) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c + 1); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c + 1); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); // TODO: proof fails if one wire contains all zeros. Should we support this? - uint32_t zero_idx = composer.add_variable(fr::zero()); + uint32_t zero_idx = builder.add_variable(fr::zero()); - composer.create_big_add_gate( + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, a_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, false); } TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_correct) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -917,30 +938,31 @@ TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_correct) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_public_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_public_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - uint32_t e_idx = composer.add_variable(a - fr::one()); - composer.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); + uint32_t e_idx = builder.add_variable(a - fr::one()); + builder.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_broken) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -952,23 +974,23 @@ TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_broken) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_public_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c + 1); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_public_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c + 1); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - uint32_t e_idx = composer.add_variable(a - fr::one()); - composer.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); + uint32_t e_idx = builder.add_variable(a - fr::one()); + builder.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, false); } @@ -1042,15 +1064,16 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) origin_points[0].y, (origin_points[0].y - origin_points[1].y) }; - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; - round_quad.d = composer.add_variable(accumulator_transcript[i]); - round_quad.a = composer.add_variable(multiplication_transcript[i].x); - round_quad.b = composer.add_variable(multiplication_transcript[i].y); - round_quad.c = composer.add_variable(x_alpha); + round_quad.d = builder.add_variable(accumulator_transcript[i]); + round_quad.a = builder.add_variable(multiplication_transcript[i].x); + round_quad.b = builder.add_variable(multiplication_transcript[i].y); + round_quad.c = builder.add_variable(x_alpha); if ((wnaf_entries[i + 1] & 0xffffffU) == 0) { x_alpha = ladder[i + 1].one.x; } else { @@ -1062,22 +1085,22 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) round_quad.q_y_2 = ladder[i + 1].q_y_2; if (i > 0) { - composer.create_fixed_group_add_gate(round_quad); + builder.create_fixed_group_add_gate(round_quad); } else { - composer.create_fixed_group_add_gate_with_init(round_quad, init_quad); + builder.create_fixed_group_add_gate_with_init(round_quad, init_quad); } } - add_quad add_quad{ composer.add_variable(multiplication_transcript[num_quads].x), - composer.add_variable(multiplication_transcript[num_quads].y), - composer.add_variable(x_alpha), - composer.add_variable(accumulator_transcript[num_quads]), + add_quad add_quad{ builder.add_variable(multiplication_transcript[num_quads].x), + builder.add_variable(multiplication_transcript[num_quads].y), + builder.add_variable(x_alpha), + builder.add_variable(accumulator_transcript[num_quads]), fr::zero(), fr::zero(), fr::zero(), fr::zero(), fr::zero() }; - composer.create_big_add_gate(add_quad); + builder.create_big_add_gate(add_quad); grumpkin::g1::element expected_point = grumpkin::g1::element(generator * scalar_multiplier.to_montgomery_form()).normalize(); @@ -1090,7 +1113,7 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) .to_montgomery_form(); EXPECT_EQ((result_accumulator == expected_accumulator), true); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); @@ -1100,57 +1123,59 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) TEST(turbo_plonk_composer, test_check_circuit_range_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = builder.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators( + std::vector accumulators = builder.decompose_into_base4_accumulators( witness_index, 32 + extra_bits, "range constraint fails in test_check_circuit_range_constraint"); } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_check_circuit_xor) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } diff --git a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp index 878042a1be..4b86636e4e 100644 --- a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp @@ -182,7 +182,6 @@ class UltraPlonkComposer { barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } std::vector get_public_inputs() const { return circuit_constructor.get_public_inputs(); } - void finalize_circuit() { circuit_constructor.finalize_circuit(); }; void print_num_gates() { circuit_constructor.print_num_gates(); } diff --git a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp index a011d05cf4..6bc48885d4 100644 --- a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp @@ -1,14 +1,17 @@ -#include "barretenberg/stdlib/primitives/plookup/plookup.hpp" -#include "ultra_plonk_composer.hpp" -#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include + +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/numeric/uintx/uintx.hpp" -#include "../proof_system/widgets/random_widgets/plookup_widget.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/proof_system/plookup_tables/sha256.hpp" +#include "barretenberg/stdlib/primitives/plookup/plookup.hpp" using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; namespace proof_system::plonk::test_ultra_plonk_composer { @@ -19,28 +22,28 @@ auto& engine = numeric::random::get_debug_engine(); using plookup::ColumnIdx; using plookup::MultiTableId; -std::vector add_variables(UltraPlonkComposer& composer, std::vector variables) +std::vector add_variables(UltraCircuitConstructor& builder, std::vector variables) { std::vector res; for (size_t i = 0; i < variables.size(); i++) { - res.emplace_back(composer.add_variable(variables[i])); + res.emplace_back(builder.add_variable(variables[i])); } return res; } template class ultra_plonk_composer : public ::testing::Test { public: - void prove_and_verify(UltraPlonkComposer& composer, bool expected_result) + void prove_and_verify(UltraCircuitConstructor& builder, UltraPlonkComposerHelper& composer, bool expected_result) { if constexpr (T::use_keccak) { - auto prover = composer.create_ultra_with_keccak_prover(); - auto verifier = composer.create_ultra_with_keccak_verifier(); + auto prover = composer.create_ultra_with_keccak_prover(builder); + auto verifier = composer.create_ultra_with_keccak_verifier(builder); auto proof = prover.construct_proof(); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); } else { - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); auto proof = prover.construct_proof(); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); @@ -61,20 +64,21 @@ TYPED_TEST_SUITE(ultra_plonk_composer, BooleanTypes); TYPED_TEST(ultra_plonk_composer, create_gates_from_plookup_accumulators) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); barretenberg::fr input_value = fr::random_element(); const fr input_hi = uint256_t(input_value).slice(126, 256); const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = builder.add_variable(input_hi); + const auto input_lo_index = builder.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(MultiTableId::PEDERSEN_LEFT_LO, input_lo); - const auto lookup_witnesses_hi = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_hi = builder.create_gates_from_plookup_accumulators( MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_lo = builder.create_gates_from_plookup_accumulators( MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); std::vector expected_x; @@ -122,217 +126,224 @@ TYPED_TEST(ultra_plonk_composer, create_gates_from_plookup_accumulators) } size_t hi_shift = 126; - const fr hi_cumulative = composer.get_variable(lookup_witnesses_hi[ColumnIdx::C1][0]); + const fr hi_cumulative = builder.get_variable(lookup_witnesses_hi[ColumnIdx::C1][0]); for (size_t i = 0; i < num_lookups_lo; ++i) { const fr hi_mult = fr(uint256_t(1) << hi_shift); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C1][i]) + (hi_cumulative * hi_mult), + EXPECT_EQ(builder.get_variable(lookup_witnesses_lo[ColumnIdx::C1][i]) + (hi_cumulative * hi_mult), expected_scalars[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]); hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[ColumnIdx::C1][i]), expected_scalars[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[ColumnIdx::C2][i]), expected_x[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[ColumnIdx::C3][i]), expected_y[i + num_lookups_lo]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_hi[ColumnIdx::C1][i]), expected_scalars[i + num_lookups_lo]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_hi[ColumnIdx::C2][i]), expected_x[i + num_lookups_lo]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_hi[ColumnIdx::C3][i]), expected_y[i + num_lookups_lo]); } - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, test_no_lookup_proof) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); for (size_t i = 0; i < 16; ++i) { for (size_t j = 0; j < 16; ++j) { uint64_t left = static_cast(j); uint64_t right = static_cast(i); - uint32_t left_idx = composer.add_variable(fr(left)); - uint32_t right_idx = composer.add_variable(fr(right)); - uint32_t result_idx = composer.add_variable(fr(left ^ right)); + uint32_t left_idx = builder.add_variable(fr(left)); + uint32_t right_idx = builder.add_variable(fr(right)); + uint32_t result_idx = builder.add_variable(fr(left ^ right)); - uint32_t add_idx = composer.add_variable(fr(left) + fr(right) + composer.get_variable(result_idx)); - composer.create_big_add_gate( + uint32_t add_idx = builder.add_variable(fr(left) + fr(right) + builder.get_variable(result_idx)); + builder.create_big_add_gate( { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); } } - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, test_elliptic_gate) { typedef grumpkin::g1::affine_element affine_element; typedef grumpkin::g1::element element; - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; affine_element p3(element(p1) + element(p2)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = builder.add_variable(p1.x); + uint32_t y1 = builder.add_variable(p1.y); + uint32_t x2 = builder.add_variable(p2.x); + uint32_t y2 = builder.add_variable(p2.y); + uint32_t x3 = builder.add_variable(p3.x); + uint32_t y3 = builder.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - composer.create_ecc_add_gate(gate); + builder.create_ecc_add_gate(gate); grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); affine_element p2_endo = p2; p2_endo.x *= beta; p3 = affine_element(element(p1) + element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = builder.add_variable(p3.x); + y3 = builder.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - composer.create_ecc_add_gate(gate); + builder.create_ecc_add_gate(gate); p2_endo.x *= beta; p3 = affine_element(element(p1) - element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = builder.add_variable(p3.x); + y3 = builder.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - composer.create_ecc_add_gate(gate); + builder.create_ecc_add_gate(gate); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, non_trivial_tag_permutation) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(b); + auto d_idx = builder.add_variable(a); - composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, d_idx, composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ c_idx, d_idx, builder.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + builder.create_tag(1, 2); + builder.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + builder.assign_tag(a_idx, 1); + builder.assign_tag(b_idx, 1); + builder.assign_tag(c_idx, 2); + builder.assign_tag(d_idx, 2); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, non_trivial_tag_permutation_and_cycles) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr c = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(a); - composer.assert_equal(a_idx, b_idx); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(c); - composer.assert_equal(c_idx, d_idx); - auto e_idx = composer.add_variable(a); - auto f_idx = composer.add_variable(a); - composer.assert_equal(e_idx, f_idx); - auto g_idx = composer.add_variable(c); - auto h_idx = composer.add_variable(c); - composer.assert_equal(g_idx, h_idx); - - composer.create_tag(1, 2); - composer.create_tag(2, 1); - - composer.assign_tag(a_idx, 1); - composer.assign_tag(c_idx, 1); - composer.assign_tag(e_idx, 2); - composer.assign_tag(g_idx, 2); - - composer.create_add_gate({ b_idx, a_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, g_idx, composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ e_idx, f_idx, composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(a); + builder.assert_equal(a_idx, b_idx); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(c); + builder.assert_equal(c_idx, d_idx); + auto e_idx = builder.add_variable(a); + auto f_idx = builder.add_variable(a); + builder.assert_equal(e_idx, f_idx); + auto g_idx = builder.add_variable(c); + auto h_idx = builder.add_variable(c); + builder.assert_equal(g_idx, h_idx); + + builder.create_tag(1, 2); + builder.create_tag(2, 1); + + builder.assign_tag(a_idx, 1); + builder.assign_tag(c_idx, 1); + builder.assign_tag(e_idx, 2); + builder.assign_tag(g_idx, 2); + + builder.create_add_gate({ b_idx, a_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ c_idx, g_idx, builder.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ e_idx, f_idx, builder.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, bad_tag_permutation) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(b); + auto d_idx = builder.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.zero_idx, 1, 1, 0, -1 }); + builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, 1, 1, 0, 0 }); + builder.create_add_gate({ c_idx, d_idx, builder.zero_idx, 1, 1, 0, -1 }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + builder.create_tag(1, 2); + builder.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + builder.assign_tag(a_idx, 1); + builder.assign_tag(b_idx, 1); + builder.assign_tag(c_idx, 2); + builder.assign_tag(d_idx, 2); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } // same as above but with turbocomposer to check reason of failue is really tag mismatch TYPED_TEST(ultra_plonk_composer, bad_tag_turbo_permutation) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(b); + auto d_idx = builder.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.zero_idx, 1, 1, 0, -1 }); + builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, 1, 1, 0, 0 }); + builder.create_add_gate({ c_idx, d_idx, builder.zero_idx, 1, 1, 0, -1 }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, sort_widget) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(4); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + builder.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, sort_with_edges_gate) @@ -348,98 +359,105 @@ TYPED_TEST(ultra_plonk_composer, sort_with_edges_gate) fr h = fr(8); { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); - - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + builder.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + builder.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + builder.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - auto b2_idx = composer.add_variable(fr(15)); - composer.create_sort_constraint_with_edges({ a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + auto b2_idx = builder.add_variable(fr(15)); + builder.create_sort_constraint_with_edges({ a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - composer.create_sort_constraint_with_edges(idx, 1, 45); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + builder.create_sort_constraint_with_edges(idx, 1, 45); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - composer.create_sort_constraint_with_edges(idx, 1, 29); + builder.create_sort_constraint_with_edges(idx, 1, 29); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } } TYPED_TEST(ultra_plonk_composer, range_constraint) { { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto indices = add_variables(builder, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + builder.create_new_range_constraint(indices[i], 8); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_sort_constraint(indices); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + builder.create_sort_constraint(indices); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -447,47 +465,51 @@ TYPED_TEST(ultra_plonk_composer, range_constraint) EXPECT_EQ(result, true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto indices = add_variables(composer, { 3 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto indices = add_variables(builder, { 3 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 3); + builder.create_new_range_constraint(indices[i], 3); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_dummy_constraints(indices); + builder.create_dummy_constraints(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 8, 25 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto indices = add_variables(builder, { 1, 2, 3, 4, 5, 6, 8, 25 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + builder.create_new_range_constraint(indices[i], 8); } - composer.create_sort_constraint(indices); + builder.create_sort_constraint(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto indices = - add_variables(composer, { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); + add_variables(builder, { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 128); + builder.create_new_range_constraint(indices[i], 128); } - composer.create_dummy_constraints(indices); + builder.create_dummy_constraints(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto indices = - add_variables(composer, { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + add_variables(builder, { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + builder.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + builder.create_dummy_constraints(indices); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -495,114 +517,122 @@ TYPED_TEST(ultra_plonk_composer, range_constraint) EXPECT_EQ(result, false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto indices = - add_variables(composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + add_variables(builder, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + builder.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); + builder.create_dummy_constraints(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } } TYPED_TEST(ultra_plonk_composer, range_with_gates) { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 8); + builder.create_new_range_constraint(idx[i], 8); } - composer.create_add_gate({ idx[0], idx[1], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + builder.create_add_gate({ idx[0], idx[1], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + builder.create_add_gate({ idx[2], idx[3], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + builder.create_add_gate({ idx[4], idx[5], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + builder.create_add_gate({ idx[6], idx[7], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, range_with_gates_where_range_is_not_a_power_of_two) { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 12); + builder.create_new_range_constraint(idx[i], 12); } - composer.create_add_gate({ idx[0], idx[1], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + builder.create_add_gate({ idx[0], idx[1], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + builder.create_add_gate({ idx[2], idx[3], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + builder.create_add_gate({ idx[4], idx[5], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + builder.create_add_gate({ idx[6], idx[7], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, sort_widget_complex) { { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); std::vector a = { 1, 3, 4, 7, 7, 8, 11, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + ind.emplace_back(builder.add_variable(a[i])); + builder.create_sort_constraint(ind); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); + ind.emplace_back(builder.add_variable(a[i])); + builder.create_sort_constraint(ind); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } } TYPED_TEST(ultra_plonk_composer, sort_widget_neg) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(8); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + builder.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } TYPED_TEST(ultra_plonk_composer, composed_range_constraint) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto c = fr::random_element(); auto d = uint256_t(c).slice(0, 133); auto e = fr(d); - auto a_idx = composer.add_variable(fr(e)); - composer.create_add_gate({ a_idx, composer.zero_idx, composer.zero_idx, 1, 0, 0, -fr(e) }); - composer.decompose_into_default_range(a_idx, 134); + auto a_idx = builder.add_variable(fr(e)); + builder.create_add_gate({ a_idx, builder.zero_idx, builder.zero_idx, 1, 0, 0, -fr(e) }); + builder.decompose_into_default_range(a_idx, 134); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, non_native_field_multiplication) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fq a = fq::random_element(); fq b = fq::random_element(); @@ -631,11 +661,11 @@ TYPED_TEST(ultra_plonk_composer, non_native_field_multiplication) const auto get_limb_witness_indices = [&](const std::array& limbs) { std::array limb_indices; - limb_indices[0] = composer.add_variable(limbs[0]); - limb_indices[1] = composer.add_variable(limbs[1]); - limb_indices[2] = composer.add_variable(limbs[2]); - limb_indices[3] = composer.add_variable(limbs[3]); - limb_indices[4] = composer.add_variable(limbs[4]); + limb_indices[0] = builder.add_variable(limbs[0]); + limb_indices[1] = builder.add_variable(limbs[1]); + limb_indices[2] = builder.add_variable(limbs[2]); + limb_indices[3] = builder.add_variable(limbs[3]); + limb_indices[4] = builder.add_variable(limbs[4]); return limb_indices; }; const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); @@ -649,38 +679,39 @@ TYPED_TEST(ultra_plonk_composer, non_native_field_multiplication) proof_system::UltraCircuitConstructor::non_native_field_witnesses inputs{ a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), }; - const auto [lo_1_idx, hi_1_idx] = composer.evaluate_non_native_field_multiplication(inputs); - composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); + const auto [lo_1_idx, hi_1_idx] = builder.evaluate_non_native_field_multiplication(inputs); + builder.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, rom) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); uint32_t rom_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), }; - size_t rom_id = composer.create_ROM_array(8); + size_t rom_id = builder.create_ROM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.set_ROM_element(rom_id, i, rom_values[i]); + builder.set_ROM_element(rom_id, i, rom_values[i]); } - uint32_t a_idx = composer.read_ROM_array(rom_id, composer.add_variable(5)); + uint32_t a_idx = builder.read_ROM_array(rom_id, builder.add_variable(5)); EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = composer.read_ROM_array(rom_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_ROM_array(rom_id, composer.add_variable(1)); + uint32_t b_idx = builder.read_ROM_array(rom_id, builder.add_variable(4)); + uint32_t c_idx = builder.read_ROM_array(rom_id, builder.add_variable(1)); - const auto d_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx); - uint32_t d_idx = composer.add_variable(d_value); + const auto d_value = builder.get_variable(a_idx) + builder.get_variable(b_idx) + builder.get_variable(c_idx); + uint32_t d_idx = builder.add_variable(d_value); - composer.create_big_add_gate({ + builder.create_big_add_gate({ a_idx, b_idx, c_idx, @@ -692,43 +723,44 @@ TYPED_TEST(ultra_plonk_composer, rom) 0, }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, ram) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = builder.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + builder.init_RAM_element(ram_id, i, ram_values[i]); } - uint32_t a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + uint32_t a_idx = builder.read_RAM_array(ram_id, builder.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - uint32_t b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + uint32_t b_idx = builder.read_RAM_array(ram_id, builder.add_variable(4)); + uint32_t c_idx = builder.read_RAM_array(ram_id, builder.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - uint32_t d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + builder.write_RAM_array(ram_id, builder.add_variable(4), builder.add_variable(500)); + uint32_t d_idx = builder.read_RAM_array(ram_id, builder.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(builder.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - uint32_t e_idx = composer.add_variable(e_value); + const auto e_value = builder.get_variable(a_idx) + builder.get_variable(b_idx) + builder.get_variable(c_idx) + + builder.get_variable(d_idx); + uint32_t e_idx = builder.add_variable(e_value); - composer.create_big_add_gate( + builder.create_big_add_gate( { a_idx, b_idx, @@ -741,11 +773,11 @@ TYPED_TEST(ultra_plonk_composer, ram) 0, }, true); - composer.create_big_add_gate( + builder.create_big_add_gate( { - composer.zero_idx, - composer.zero_idx, - composer.zero_idx, + builder.zero_idx, + builder.zero_idx, + builder.zero_idx, e_idx, 0, 0, @@ -755,28 +787,29 @@ TYPED_TEST(ultra_plonk_composer, ram) }, false); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, range_checks_on_duplicates) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); - uint32_t a = composer.add_variable(100); - uint32_t b = composer.add_variable(100); - uint32_t c = composer.add_variable(100); - uint32_t d = composer.add_variable(100); + uint32_t a = builder.add_variable(100); + uint32_t b = builder.add_variable(100); + uint32_t c = builder.add_variable(100); + uint32_t d = builder.add_variable(100); - composer.assert_equal(a, b); - composer.assert_equal(a, c); - composer.assert_equal(a, d); + builder.assert_equal(a, b); + builder.assert_equal(a, c); + builder.assert_equal(a, d); - composer.create_new_range_constraint(a, 1000); - composer.create_new_range_constraint(b, 1001); - composer.create_new_range_constraint(c, 999); - composer.create_new_range_constraint(d, 1000); + builder.create_new_range_constraint(a, 1000); + builder.create_new_range_constraint(b, 1001); + builder.create_new_range_constraint(c, 999); + builder.create_new_range_constraint(d, 1000); - composer.create_big_add_gate( + builder.create_big_add_gate( { a, b, @@ -790,7 +823,7 @@ TYPED_TEST(ultra_plonk_composer, range_checks_on_duplicates) }, false); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } // Ensure copy constraints added on variables smaller than 2^14, which have been previously @@ -799,22 +832,23 @@ TYPED_TEST(ultra_plonk_composer, range_checks_on_duplicates) // before range constraints are applied to it. TEST(ultra_plonk_composer, range_constraint_small_variable) { - auto composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); uint16_t mask = (1 << 8) - 1; int a = engine.get_random_uint16() & mask; - uint32_t a_idx = composer.add_variable(fr(a)); - uint32_t b_idx = composer.add_variable(fr(a)); + uint32_t a_idx = builder.add_variable(fr(a)); + uint32_t b_idx = builder.add_variable(fr(a)); ASSERT_NE(a_idx, b_idx); - uint32_t c_idx = composer.add_variable(fr(a)); + uint32_t c_idx = builder.add_variable(fr(a)); ASSERT_NE(c_idx, b_idx); - composer.create_range_constraint(b_idx, 8, "bad range"); - composer.assert_equal(a_idx, b_idx); - composer.create_range_constraint(c_idx, 8, "bad range"); - composer.assert_equal(a_idx, c_idx); + builder.create_range_constraint(b_idx, 8, "bad range"); + builder.assert_equal(a_idx, b_idx); + builder.create_range_constraint(c_idx, 8, "bad range"); + builder.assert_equal(a_idx, c_idx); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } diff --git a/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp b/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp index a2152ac5ac..b425df16a2 100644 --- a/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp +++ b/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp @@ -2,8 +2,10 @@ #include "barretenberg/common/streams.hpp" #include "proving_key.hpp" #include "serialize.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #ifndef __wasm__ #include @@ -11,15 +13,17 @@ using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; // Test proving key serialization/deserialization to/from buffer TEST(proving_key, proving_key_from_serialized_key) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - plonk::proving_key& p_key = *composer.compute_proving_key(); + plonk::proving_key& p_key = *composer.compute_proving_key(builder); auto pk_buf = to_buffer(p_key); auto pk_data = from_buffer(pk_buf); auto crs = std::make_unique("../srs_db/ignition"); @@ -51,11 +55,12 @@ TEST(proving_key, proving_key_from_serialized_key) // Test proving key serialization/deserialization to/from buffer using UltraPlonkComposer TEST(proving_key, proving_key_from_serialized_key_ultra) { - plonk::UltraPlonkComposer composer = plonk::UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - plonk::proving_key& p_key = *composer.compute_proving_key(); + plonk::proving_key& p_key = *composer.compute_proving_key(builder); auto pk_buf = to_buffer(p_key); auto pk_data = from_buffer(pk_buf); auto crs = std::make_unique("../srs_db/ignition"); @@ -89,9 +94,8 @@ TEST(proving_key, proving_key_from_serialized_key_ultra) #ifndef __wasm__ TEST(proving_key, proving_key_from_mmaped_key) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); - fr a = fr::one(); - composer.add_public_variable(a); + builder coStandardCircuitConstructor = StandardPlonkComposerHelper();auto composer = +StandardPlonkComposerHelper(); fr a = fr::one(); builder.add_public_variable(a); // Write each precomputed polynomial in the proving key to // its own file using write_mmap @@ -116,7 +120,7 @@ TEST(proving_key, proving_key_from_mmaped_key) if (!os.good()) { std::cerr << "OS failed in composer_from_mmap_keys! \n"; } - plonk::proving_key& p_key = *composer.compute_proving_key(); + plonk::proving_key& p_key = *composer.compute_proving_key(builder); write_mmap(os, pk_dir, p_key); os.close(); diff --git a/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp b/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp index b26a26324f..0afbec658f 100644 --- a/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp +++ b/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp @@ -4,7 +4,7 @@ #include "../utils/permutation.hpp" #include "../widgets/transition_widgets/arithmetic_widget.hpp" #include "../../../transcript/transcript.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" #include "verifier.hpp" #include "barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp" #include @@ -58,7 +58,7 @@ plonk::Verifier generate_verifier(std::shared_ptr circuit_proving_k circuit_verification_key->commitments.insert({ "SIGMA_2", commitments[6] }); circuit_verification_key->commitments.insert({ "SIGMA_3", commitments[7] }); - Verifier verifier(circuit_verification_key, plonk::StandardPlonkComposer::create_manifest(0)); + Verifier verifier(circuit_verification_key, plonk::StandardPlonkComposerHelper::create_manifest(0)); std::unique_ptr> kate_commitment_scheme = std::make_unique>(); @@ -233,7 +233,7 @@ plonk::Prover generate_test_data(const size_t n) std::unique_ptr> kate_commitment_scheme = std::make_unique>(); - plonk::Prover state = plonk::Prover(std::move(key), plonk::StandardPlonkComposer::create_manifest(0)); + plonk::Prover state = plonk::Prover(std::move(key), plonk::StandardPlonkComposerHelper::create_manifest(0)); state.random_widgets.emplace_back(std::move(permutation_widget)); state.transition_widgets.emplace_back(std::move(widget)); state.commitment_scheme = std::move(kate_commitment_scheme); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp index 7023a87b58..ef1a44e908 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp @@ -14,70 +14,70 @@ namespace standard_circuit_constructor_tests { TEST(standard_circuit_constructor, base_case) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - composer.add_public_variable(a); + circuit_constructor.add_public_variable(a); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_add_gate) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - bool result = composer.check_circuit(); // instance, prover.reference_string.SRS_T2); + // uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + bool result = circuit_constructor.check_circuit(); // instance, prover.reference_string.SRS_T2); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_mul_gate_proofs) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -89,83 +89,84 @@ TEST(standard_circuit_constructor, test_mul_gate_proofs) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - bool result = composer.check_circuit(); + uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, range_constraint) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = circuit_constructor.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); + std::vector accumulators = + circuit_constructor.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); - fr source = composer.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); + fr source = circuit_constructor.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } @@ -176,64 +177,67 @@ TEST(standard_circuit_constructor, range_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = circuit_constructor.add_variable(fr::zero()); + uint32_t one_idx = circuit_constructor.add_variable(fr::one()); + circuit_constructor.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, range_constraint_fail) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); uint64_t value = 0xffffff; - uint32_t witness_index = composer.add_variable(fr(value)); + uint32_t witness_index = circuit_constructor.add_variable(fr(value)); - composer.decompose_into_base4_accumulators(witness_index, 23); + circuit_constructor.decompose_into_base4_accumulators(witness_index, 23); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, false); } TEST(standard_circuit_constructor, and_constraint) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t out_value = left_value & right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); - // composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + circuit_constructor.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + // circuit_constructor.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected & right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = + circuit_constructor.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = + circuit_constructor.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = + circuit_constructor.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -255,49 +259,52 @@ TEST(standard_circuit_constructor, and_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = circuit_constructor.add_variable(fr::zero()); + uint32_t one_idx = circuit_constructor.add_variable(fr::one()); + circuit_constructor.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, xor_constraint) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t out_value = left_value ^ right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + circuit_constructor.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected ^ right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = + circuit_constructor.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = + circuit_constructor.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = + circuit_constructor.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -319,33 +326,33 @@ TEST(standard_circuit_constructor, xor_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = circuit_constructor.add_variable(fr::zero()); + uint32_t one_idx = circuit_constructor.add_variable(fr::one()); + circuit_constructor.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, big_add_gate_with_bit_extract) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); - const auto generate_constraints = [&composer](uint32_t quad_value) { + const auto generate_constraints = [&circuit_constructor](uint32_t quad_value) { uint32_t quad_accumulator_left = (engine.get_random_uint32() & 0x3fffffff) - quad_value; // make sure this won't overflow uint32_t quad_accumulator_right = (4 * quad_accumulator_left) + quad_value; - uint32_t left_idx = composer.add_variable(uint256_t(quad_accumulator_left)); - uint32_t right_idx = composer.add_variable(uint256_t(quad_accumulator_right)); + uint32_t left_idx = circuit_constructor.add_variable(uint256_t(quad_accumulator_left)); + uint32_t right_idx = circuit_constructor.add_variable(uint256_t(quad_accumulator_right)); uint32_t input = engine.get_random_uint32(); uint32_t output = input + (quad_value > 1 ? 1 : 0); - add_quad gate{ composer.add_variable(uint256_t(input)), - composer.add_variable(uint256_t(output)), + add_quad gate{ circuit_constructor.add_variable(uint256_t(input)), + circuit_constructor.add_variable(uint256_t(output)), right_idx, left_idx, fr(6), @@ -354,7 +361,7 @@ TEST(standard_circuit_constructor, big_add_gate_with_bit_extract) fr::zero(), fr::zero() }; - composer.create_big_add_gate_with_bit_extraction(gate); + circuit_constructor.create_big_add_gate_with_bit_extraction(gate); }; generate_constraints(0); @@ -362,58 +369,58 @@ TEST(standard_circuit_constructor, big_add_gate_with_bit_extract) generate_constraints(2); generate_constraints(3); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_range_constraint_fail) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); - uint32_t witness_index = composer.add_variable(fr::neg_one()); - composer.decompose_into_base4_accumulators(witness_index, 32); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); + uint32_t witness_index = circuit_constructor.add_variable(fr::neg_one()); + circuit_constructor.decompose_into_base4_accumulators(witness_index, 32); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, false); } TEST(standard_circuit_constructor, test_check_circuit_correct) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_check_circuit_broken) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c + 1; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, false); } diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index 8edd5c7104..59c70bee9a 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -58,8 +58,7 @@ void UltraCircuitConstructor::finalize_circuit() */ // TODO(#423): This function adds valid (but arbitrary) gates to ensure that the circuit which includes // them will not result in any zero-polynomials. It also ensures that the first coefficient of the wire -// polynomials is zero, which is required for them to be shiftable. Its currently wildly inefficient -// (~16k gates) mostly due to the lookups it includes. +// polynomials is zero, which is required for them to be shiftable. // TODO(#423)(luke): Add 0 as a PI since PI always start at the 0th index of the wire polynomials? // TODO(luke): may need to reevaluate once aux relation is implemented void UltraCircuitConstructor::add_gates_to_ensure_all_polys_are_non_zero() diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index e5bcd0b5f4..43a7eb7976 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -1179,7 +1179,6 @@ class UltraCircuitConstructor : public CircuitConstructorBase struct aggregation_state { void assign_object_to_proof_outputs() { if (proof_witness_indices.size() == 0) { - std::cerr << "warning. calling `add_proof_outputs_as_public_inputs`, but aggregation object already has " + std::cerr << "warning. calling `assign_object_to_proof_outputs`, but aggregation object already has " "assigned proof outputs to public inputs."; return; } @@ -70,6 +70,8 @@ template struct aggregation_state { auto* context = P0.get_context(); + context->check_circuit(); + info("checked circuit before add_recursive_proof"); context->add_recursive_proof(proof_witness_indices); } }; diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp index 95c433dbfc..bffd6a114e 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp @@ -136,7 +136,7 @@ template class stdlib_verifier : public testing::Test { verification_key_pt::from_witness(&outer_composer, verification_key_native); info("Constructing the ultra (inner) proof ..."); - plonk::proof recursive_proof = prover.construct_proof(); + plonk::proof proof_to_recursively_verify = prover.construct_proof(); { // Native check is mainly for comparison vs circuit version of the verifier. @@ -150,7 +150,7 @@ template class stdlib_verifier : public testing::Test { } info("Verifying the ultra (inner) proof natively..."); - auto native_result = native_verifier.verify_proof(recursive_proof); + auto native_result = native_verifier.verify_proof(proof_to_recursively_verify); info("Native result: ", native_result); } @@ -160,7 +160,7 @@ template class stdlib_verifier : public testing::Test { info("Verifying the ultra (inner) proof with CIRCUIT TYPES (i.e. within a standard plonk arithmetic circuit):"); stdlib::recursion::aggregation_state output = stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof); + &outer_composer, verification_key, recursive_manifest, proof_to_recursively_verify); return { output, verification_key }; }; @@ -188,13 +188,13 @@ template class stdlib_verifier : public testing::Test { std::shared_ptr verification_key = verification_key_pt::from_witness(&outer_composer, verification_key_native); - plonk::proof recursive_proof_a = prover.construct_proof(); + plonk::proof proof_to_recursively_verify_a = prover.construct_proof(); transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover.key->num_public_inputs); stdlib::recursion::aggregation_state previous_output = stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof_a); + &outer_composer, verification_key, recursive_manifest, proof_to_recursively_verify_a); if constexpr (is_ultra_to_ultra) { prover = inner_composer_b.create_prover(); @@ -206,11 +206,14 @@ template class stdlib_verifier : public testing::Test { std::shared_ptr verification_key_b = verification_key_pt::from_witness(&outer_composer, verification_key_b_raw); - plonk::proof recursive_proof_b = prover.construct_proof(); + plonk::proof proof_to_recursively_verify_b = prover.construct_proof(); stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key_b, recursive_manifest, recursive_proof_b, previous_output); + stdlib::recursion::verify_proof(&outer_composer, + verification_key_b, + recursive_manifest, + proof_to_recursively_verify_b, + previous_output); verification_key_b->compress(); verification_key->compress();