From 6a9ca37786e9327b3d8a5740fd024019bdda3eb1 Mon Sep 17 00:00:00 2001 From: maramihali Date: Wed, 31 May 2023 14:12:42 +0000 Subject: [PATCH 01/12] wip --- .../standard_honk_composer_helper.cpp | 41 ++++++++++++------- .../standard_honk_composer_helper.hpp | 37 +++++++++-------- .../honk/composer/standard_honk_composer.hpp | 37 +++++++++-------- .../composer/standard_honk_composer.test.cpp | 9 ++++ .../barretenberg/honk/proof_system/prover.hpp | 2 - .../honk/proof_system/ultra_prover.hpp | 1 - .../proof_system/flavor/flavor.hpp | 5 +++ .../primitives/composers/composers_fwd.hpp | 6 +++ 8 files changed, 84 insertions(+), 54 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 681c54e56e..ce7f00ae9e 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -23,7 +23,8 @@ namespace proof_system::honk { * @param num_reserved_gates The number of reserved gates. * @return Pointer to the initialized proving key updated with selector polynomials. * */ -std::shared_ptr StandardHonkComposerHelper::compute_proving_key_base( +template +std::shared_ptr StandardHonkComposerHelper_::compute_proving_key_base( const CircuitConstructor& constructor, const size_t minimum_circuit_size, const size_t num_randomized_gates) { // Initialize proving_key @@ -42,12 +43,13 @@ std::shared_ptr StandardHonkComposerHelp * (2) sets the polynomial manifest using the data from proving key. */ -std::shared_ptr StandardHonkComposerHelper::compute_verification_key_base( - std::shared_ptr const& proving_key) +template +std::shared_ptr StandardHonkComposerHelper_::compute_verification_key_base( + std::shared_ptr const& proving_key) { auto key = std::make_shared( proving_key->circuit_size, proving_key->num_public_inputs, proving_key->composer_type); - auto commitment_key = PCSParams::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); + auto commitment_key = typename PCSParams::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); // Compute and store commitments to all precomputed polynomials key->q_m = commitment_key.commit(proving_key->q_m); @@ -76,8 +78,9 @@ std::shared_ptr StandardHonkCompose * * @tparam Program settings needed to establish if w_4 is being used. * */ -void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, - const size_t minimum_circuit_size) +template +void StandardHonkComposerHelper_::compute_witness(const CircuitConstructor& circuit_constructor, + const size_t minimum_circuit_size) { if (computed_witness) { return; @@ -99,14 +102,15 @@ void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circu * @return Proving key with saved computed polynomials. * */ -std::shared_ptr StandardHonkComposerHelper::compute_proving_key( +template +std::shared_ptr StandardHonkComposerHelper_::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (proving_key) { return proving_key; } // Compute q_l, q_r, q_o, etc polynomials - StandardHonkComposerHelper::compute_proving_key_base( + StandardHonkComposerHelper_::compute_proving_key_base( circuit_constructor, /*minimum_circuit_size=*/0, NUM_RESERVED_GATES); // Compute sigma polynomials (we should update that late) @@ -123,7 +127,8 @@ std::shared_ptr StandardHonkComposerHelp * * @return Pointer to created circuit verification key. * */ -std::shared_ptr StandardHonkComposerHelper::compute_verification_key( +template +std::shared_ptr StandardHonkComposerHelper_::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (verification_key) { @@ -133,36 +138,42 @@ std::shared_ptr StandardHonkCompose compute_proving_key(circuit_constructor); } - verification_key = StandardHonkComposerHelper::compute_verification_key_base(proving_key); + verification_key = StandardHonkComposerHelper_::compute_verification_key_base(proving_key); verification_key->composer_type = proving_key->composer_type; return verification_key; } -StandardVerifier StandardHonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) +template +StandardVerifier_ StandardHonkComposerHelper_::create_verifier( + const CircuitConstructor& circuit_constructor) { compute_verification_key(circuit_constructor); StandardVerifier output_state(verification_key); auto pcs_verification_key = - std::make_unique(verification_key->circuit_size, "../srs_db/ignition"); + std::make_unique(verification_key->circuit_size, "../srs_db/ignition"); output_state.pcs_verification_key = std::move(pcs_verification_key); return output_state; } -StandardProver StandardHonkComposerHelper::create_prover(const CircuitConstructor& circuit_constructor) +template +StandardProver_ StandardHonkComposerHelper_::create_prover( + const CircuitConstructor& circuit_constructor) { compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); StandardProver output_state(proving_key); auto pcs_commitment_key = - std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); + std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); output_state.pcs_commitment_key = std::move(pcs_commitment_key); return output_state; } -} // namespace proof_system::honk +template class StandardHonkComposerHelper_; + +} // namespace proof_system::honk \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 14bd534db0..936b1ffbf7 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -12,13 +12,12 @@ #include "barretenberg/honk/flavor/standard.hpp" namespace proof_system::honk { -class StandardHonkComposerHelper { +template class StandardHonkComposerHelper_ { public: - using Flavor = flavor::Standard; - using PCSParams = Flavor::PCSParams; - using CircuitConstructor = Flavor::CircuitConstructor; - using ProvingKey = Flavor::ProvingKey; - using VerificationKey = Flavor::VerificationKey; + using PCSParams = typename Flavor::PCSParams; + using CircuitConstructor = typename Flavor::CircuitConstructor; + using ProvingKey = typename Flavor::ProvingKey; + using VerificationKey = typename Flavor::VerificationKey; static constexpr size_t NUM_RESERVED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; @@ -29,33 +28,33 @@ class StandardHonkComposerHelper { std::shared_ptr crs_factory_; bool computed_witness = false; // TODO(Luke): use make_shared - StandardHonkComposerHelper() - : StandardHonkComposerHelper(std::shared_ptr( + StandardHonkComposerHelper_() + : StandardHonkComposerHelper_(std::shared_ptr( new proof_system::FileReferenceStringFactory("../srs_db/ignition"))) {} - StandardHonkComposerHelper(std::shared_ptr crs_factory) + StandardHonkComposerHelper_(std::shared_ptr crs_factory) : crs_factory_(std::move(crs_factory)) {} - StandardHonkComposerHelper(std::unique_ptr&& crs_factory) + StandardHonkComposerHelper_(std::unique_ptr&& crs_factory) : crs_factory_(std::move(crs_factory)) {} - StandardHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) + StandardHonkComposerHelper_(std::shared_ptr p_key, std::shared_ptr v_key) : proving_key(std::move(p_key)) , verification_key(std::move(v_key)) {} - StandardHonkComposerHelper(StandardHonkComposerHelper&& other) noexcept = default; - StandardHonkComposerHelper(const StandardHonkComposerHelper& other) = delete; - StandardHonkComposerHelper& operator=(StandardHonkComposerHelper&& other) noexcept = default; - StandardHonkComposerHelper& operator=(const StandardHonkComposerHelper& other) = delete; - ~StandardHonkComposerHelper() = default; + StandardHonkComposerHelper_(StandardHonkComposerHelper_&& other) noexcept = default; + StandardHonkComposerHelper_(const StandardHonkComposerHelper_& other) = delete; + StandardHonkComposerHelper_& operator=(StandardHonkComposerHelper_&& other) noexcept = default; + StandardHonkComposerHelper_& operator=(const StandardHonkComposerHelper_& other) = delete; + ~StandardHonkComposerHelper_() = default; std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); - StandardVerifier create_verifier(const CircuitConstructor& circuit_constructor); + StandardVerifier_ create_verifier(const CircuitConstructor& circuit_constructor); - StandardProver create_prover(const CircuitConstructor& circuit_constructor); + StandardProver_ create_prover(const CircuitConstructor& circuit_constructor); // TODO(#216)(Adrian): Seems error prone to provide the number of randomized gates std::shared_ptr compute_proving_key_base(const CircuitConstructor& circuit_constructor, @@ -68,5 +67,7 @@ class StandardHonkComposerHelper { void compute_witness(const CircuitConstructor& circuit_constructor, const size_t minimum_circuit_size = 0); }; +extern template class StandardHonkComposerHelper_; +using StandardHonkComposerHelper = StandardHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index ea60cb6a2a..2666cd276f 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -13,13 +13,12 @@ namespace proof_system::honk { * @details However, it has a lot of its logic separated into subclasses and simply proxies the calls. * */ -class StandardHonkComposer { +template class StandardHonkComposer_ { public: // TODO(#426): This doesn't belong here static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; - using Flavor = flavor::Standard; using CircuitConstructor = StandardCircuitConstructor; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; @@ -32,7 +31,7 @@ class StandardHonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - StandardHonkComposerHelper composer_helper; + StandardHonkComposerHelper_ composer_helper; // Leaving it in for now just in case bool contains_recursive_proof = false; @@ -40,24 +39,24 @@ class StandardHonkComposer { /**Standard methods*/ - StandardHonkComposer(const size_t size_hint = 0) + StandardHonkComposer_(const size_t size_hint = 0) : circuit_constructor(size_hint) , num_gates(circuit_constructor.num_gates) , variables(circuit_constructor.variables){}; - StandardHonkComposer(std::string const& crs_path, const size_t size_hint = 0) - : StandardHonkComposer( + StandardHonkComposer_(std::string const& crs_path, const size_t size_hint = 0) + : StandardHonkComposer_( std::unique_ptr(new proof_system::FileReferenceStringFactory(crs_path)), size_hint){}; - StandardHonkComposer(std::shared_ptr const& crs_factory, const size_t size_hint = 0) + StandardHonkComposer_(std::shared_ptr const& crs_factory, const size_t size_hint = 0) : circuit_constructor(size_hint) , composer_helper(crs_factory) , num_gates(circuit_constructor.num_gates) , variables(circuit_constructor.variables) {} - StandardHonkComposer(std::unique_ptr&& crs_factory, const size_t size_hint = 0) + StandardHonkComposer_(std::unique_ptr&& crs_factory, const size_t size_hint = 0) : circuit_constructor(size_hint) , composer_helper(std::move(crs_factory)) , num_gates(circuit_constructor.num_gates) @@ -65,22 +64,22 @@ class StandardHonkComposer { {} - StandardHonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0) + StandardHonkComposer_(std::shared_ptr const& p_key, + std::shared_ptr const& v_key, + size_t size_hint = 0) : circuit_constructor(size_hint) , composer_helper(p_key, v_key) , num_gates(circuit_constructor.num_gates) , variables(circuit_constructor.variables) {} - StandardHonkComposer(const StandardHonkComposer& other) = delete; - StandardHonkComposer(StandardHonkComposer&& other) = default; - StandardHonkComposer& operator=(const StandardHonkComposer& other) = delete; + StandardHonkComposer_(const StandardHonkComposer_& other) = delete; + StandardHonkComposer_(StandardHonkComposer_&& other) = default; + StandardHonkComposer_& operator=(const StandardHonkComposer_& other) = delete; // TODO(#230)(Cody): This constructor started to be implicitly deleted when I added `n` and `variables` members. // This is a temporary measure until we can rewrite Plonk and all tests using circuit builder methods in place of - // composer methods, where appropriate. StandardHonkComposer& operator=(StandardHonkComposer&& other) = default; - ~StandardHonkComposer() = default; + // composer methods, where appropriate. StandardHonkComposer_& operator=(StandardHonkComposer_&& other) = default; + ~StandardHonkComposer_() = default; size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } @@ -183,8 +182,8 @@ class StandardHonkComposer { void compute_witness() { composer_helper.compute_witness(circuit_constructor); }; - StandardVerifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); } - StandardProver create_prover() { return composer_helper.create_prover(circuit_constructor); }; + StandardVerifier_ create_verifier() { return composer_helper.create_verifier(circuit_constructor); } + StandardProver_ create_prover() { return composer_helper.create_prover(circuit_constructor); }; size_t& num_gates; std::vector& variables; @@ -192,4 +191,6 @@ class StandardHonkComposer { const std::string& err() const { return circuit_constructor.err(); }; void failure(std::string msg) { circuit_constructor.failure(msg); } }; +template class StandardHonkComposer_; +using StandardHonkComposer = StandardHonkComposer_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index a13e0df167..e2f3c6777f 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -27,6 +27,7 @@ namespace test_standard_honk_composer { */ TEST(StandardHonkComposer, SigmaIDCorrectness) { + using StandardHonkComposer = StandardHonkComposer_; auto test_permutation = [](StandardHonkComposer& composer) { auto proving_key = composer.compute_proving_key(); const auto n = proving_key->circuit_size; @@ -140,6 +141,7 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) */ TEST(StandardHonkComposer, LagrangeCorrectness) { + using StandardHonkComposer = StandardHonkComposer_; // Create a composer and a dummy circuit with a few gates StandardHonkComposer composer = StandardHonkComposer(); fr a = fr::one(); @@ -189,6 +191,8 @@ TEST(StandardHonkComposer, LagrangeCorrectness) */ TEST(StandardHonkComposer, AssertEquals) { + using StandardHonkComposer = StandardHonkComposer_; + /** * @brief A function that creates a simple circuit with repeated gates, leading to large permutation cycles * @@ -283,6 +287,8 @@ TEST(StandardHonkComposer, AssertEquals) TEST(StandardHonkComposer, VerificationKeyCreation) { + using StandardHonkComposer = StandardHonkComposer_; + // Create a composer and a dummy circuit with a few gates StandardHonkComposer composer = StandardHonkComposer(); fr a = fr::one(); @@ -306,6 +312,7 @@ TEST(StandardHonkComposer, VerificationKeyCreation) TEST(StandardHonkComposer, BaseCase) { + using StandardHonkComposer = StandardHonkComposer_; auto composer = StandardHonkComposer(); fr a = 1; composer.circuit_constructor.add_variable(a); @@ -319,6 +326,7 @@ TEST(StandardHonkComposer, BaseCase) TEST(StandardHonkComposer, TwoGates) { + using StandardHonkComposer = StandardHonkComposer_; auto run_test = [](bool expect_verified) { auto composer = StandardHonkComposer(); @@ -353,6 +361,7 @@ TEST(StandardHonkComposer, TwoGates) TEST(StandardHonkComposer, SumcheckEvaluations) { + using StandardHonkComposer = StandardHonkComposer_; auto run_test = [](bool expected_result) { auto composer = StandardHonkComposer(); fr a = fr::one(); diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 80b577c767..e4abda3a8e 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -14,8 +14,6 @@ namespace proof_system::honk { // We won't compile this class with honk::flavor::Ultra, but we will like want to compile it (at least for testing) // with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. -template concept StandardFlavor = IsAnyOf; - template class StandardProver_ { using FF = typename Flavor::FF; diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index f225e831f1..c2635fcd23 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -12,7 +12,6 @@ namespace proof_system::honk { // We won't compile this class with honk::flavor::Standard, but we will like want to compile it (at least for testing) // with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. -template concept UltraFlavor = IsAnyOf; template class UltraProver_ { using FF = typename Flavor::FF; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a476c362ed..686b15ca26 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -324,5 +324,10 @@ concept IsPlonkFlavor = IsAnyOf concept IsHonkFlavor = IsAnyOf; + +template concept StandardFlavor = IsAnyOf; + +template concept UltraFlavor = IsAnyOf; + // clang-format on } // namespace proof_system diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index 75b9a7e2e2..bb3717381b 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -8,10 +8,16 @@ class UltraPlonkComposer; class StandardPlonkComposer; } // namespace proof_system::plonk +<<<<<<< HEAD namespace proof_system::honk { class StandardHonkComposer; class UltraHonkComposer; } // namespace proof_system::honk +======= +// namespace proof_system::honk { +// using StandardHonkComposer = StandardHonkComposer_; +// } // namespace proof_system::honk +>>>>>>> wip namespace proof_system { class StandardCircuitConstructor; class TurboCircuitConstructor; From 038020c745c203c715b70c1a31103cc2984e861b Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 2 Jun 2023 10:33:50 +0000 Subject: [PATCH 02/12] more wip --- .../ultra_honk_composer_helper.cpp | 17 +++++--- .../ultra_honk_composer_helper.hpp | 38 +++++++++--------- .../honk/composer/standard_honk_composer.hpp | 2 +- .../honk/composer/ultra_honk_composer.hpp | 40 ++++++++++--------- cpp/src/barretenberg/honk/flavor/ultra.hpp | 2 +- .../honk/transcript/transcript.test.cpp | 1 + .../stdlib/encryption/aes128/aes128.hpp | 2 +- .../primitives/composers/composers_fwd.hpp | 10 +++++ .../stdlib/primitives/field/field.hpp | 2 - .../stdlib/primitives/logic/logic.hpp | 1 + .../stdlib/primitives/safe_uint/safe_uint.hpp | 2 +- 11 files changed, 67 insertions(+), 50 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index f5c5da1594..b4320eaafd 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -10,7 +10,8 @@ namespace proof_system::honk { * @brief Compute witness polynomials * */ -void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) +template +void UltraHonkComposerHelper_::compute_witness(CircuitConstructor& circuit_constructor) { if (computed_witness) { return; @@ -134,7 +135,8 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr computed_witness = true; } -UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) +template +UltraProver_ UltraHonkComposerHelper_::create_prover(CircuitConstructor& circuit_constructor) { finalize_circuit(circuit_constructor); @@ -157,7 +159,8 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_c * * @return The verifier. * */ -UltraVerifier UltraHonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) +template +UltraVerifier_ UltraHonkComposerHelper_::create_verifier(const CircuitConstructor& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); @@ -171,7 +174,8 @@ UltraVerifier UltraHonkComposerHelper::create_verifier(const CircuitConstructor& return output_state; } -std::shared_ptr UltraHonkComposerHelper::compute_proving_key( +template +std::shared_ptr UltraHonkComposerHelper_::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (proving_key) { @@ -304,7 +308,8 @@ std::shared_ptr UltraHonkComposerHe * * @return Pointer to created circuit verification key. * */ -std::shared_ptr UltraHonkComposerHelper::compute_verification_key( +template +std::shared_ptr UltraHonkComposerHelper_::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (verification_key) { @@ -315,7 +320,7 @@ std::shared_ptr UltraHonkComposerHelpe compute_proving_key(circuit_constructor); } - verification_key = std::make_shared( + verification_key = std::make_shared::VerificationKey>( proving_key->circuit_size, proving_key->num_public_inputs, proving_key->composer_type); auto commitment_key = PCSCommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 5a13a92f33..d9e4a96c7f 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -13,16 +13,15 @@ #include namespace proof_system::honk { -class UltraHonkComposerHelper { +template class UltraHonkComposerHelper_ { public: - using Flavor = flavor::Ultra; - using CircuitConstructor = Flavor::CircuitConstructor; - using ProvingKey = Flavor::ProvingKey; - using VerificationKey = Flavor::VerificationKey; - using PCSParams = Flavor::PCSParams; - using PCS = Flavor::PCS; - using PCSCommitmentKey = PCSParams::CommitmentKey; - using PCSVerificationKey = PCSParams::VerificationKey; + using CircuitConstructor = typename Flavor::CircuitConstructor; + using ProvingKey = typename Flavor::ProvingKey; + using VerificationKey = typename Flavor::VerificationKey; + using PCSParams = typename Flavor::PCSParams; + using PCS = typename Flavor::PCS; + using PCSCommitmentKey = typename PCSParams::CommitmentKey; + using PCSVerificationKey = typename PCSParams::VerificationKey; static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of multilinear evaluations leaked static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; @@ -42,20 +41,20 @@ class UltraHonkComposerHelper { // vanishing_polynomial cannot be trivially fetched here, I am directly setting this to 4 - 1 = 3. static constexpr size_t s_randomness = 3; - explicit UltraHonkComposerHelper(std::shared_ptr crs_factory) + explicit UltraHonkComposerHelper_(std::shared_ptr crs_factory) : crs_factory_(std::move(crs_factory)) {} - UltraHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) + UltraHonkComposerHelper_(std::shared_ptr p_key, std::shared_ptr v_key) : proving_key(std::move(p_key)) , verification_key(std::move(v_key)) {} - UltraHonkComposerHelper(UltraHonkComposerHelper&& other) noexcept = default; - UltraHonkComposerHelper(UltraHonkComposerHelper const& other) noexcept = default; - UltraHonkComposerHelper& operator=(UltraHonkComposerHelper&& other) noexcept = default; - UltraHonkComposerHelper& operator=(UltraHonkComposerHelper const& other) noexcept = default; - ~UltraHonkComposerHelper() = default; + UltraHonkComposerHelper_(UltraHonkComposerHelper_&& other) noexcept = default; + UltraHonkComposerHelper_(UltraHonkComposerHelper_ const& other) noexcept = default; + UltraHonkComposerHelper_& operator=(UltraHonkComposerHelper_&& other) noexcept = default; + UltraHonkComposerHelper_& operator=(UltraHonkComposerHelper_ const& other) noexcept = default; + ~UltraHonkComposerHelper_() = default; void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; @@ -64,10 +63,11 @@ class UltraHonkComposerHelper { void compute_witness(CircuitConstructor& circuit_constructor); - UltraProver create_prover(CircuitConstructor& circuit_constructor); - UltraVerifier create_verifier(const CircuitConstructor& circuit_constructor); + UltraProver_ create_prover(CircuitConstructor& circuit_constructor); + UltraVerifier_ create_verifier(const CircuitConstructor& circuit_constructor); void add_table_column_selector_poly_to_proving_key(polynomial& small, const std::string& tag); }; - +extern template class UltraHonkComposerHelper_; +using UltraHonkComposerHelper = UltraHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 2666cd276f..7fd210a89b 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -13,7 +13,7 @@ namespace proof_system::honk { * @details However, it has a lot of its logic separated into subclasses and simply proxies the calls. * */ -template class StandardHonkComposer_ { +template class StandardHonkComposer_ { public: // TODO(#426): This doesn't belong here static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index df62eeddc5..3e7e413aec 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -7,7 +7,7 @@ #include "barretenberg/honk/flavor/ultra.hpp" namespace proof_system::honk { -class UltraHonkComposer { +template class UltraHonkComposer_ { public: // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system @@ -16,20 +16,11 @@ class UltraHonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - using Flavor = honk::flavor::Ultra; using CircuitConstructor = UltraCircuitConstructor; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; - static constexpr ComposerType type = ComposerType::PLOOKUP; - static_assert(type == CircuitConstructor::type); - static constexpr merkle::HashType merkle_hash_type = CircuitConstructor::merkle_hash_type; - static constexpr pedersen::CommitmentType commitment_type = CircuitConstructor::commitment_type; - static constexpr size_t DEFAULT_PLOOKUP_RANGE_BITNUM = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM; - - UltraHonkComposerHelper composer_helper; - - // References to circuit_constructor's members for convenience + UltraHonkComposerHelper_ composer_helper; size_t& num_gates; std::vector& variables; // While we always have it set to zero, feels wrong to have a potentially broken dependency @@ -37,14 +28,14 @@ class UltraHonkComposer { bool& contains_recursive_proof; std::vector& recursive_proof_public_input_indices; - UltraHonkComposer() - : UltraHonkComposer("../srs_db/ignition", 0){}; + UltraHonkComposer_() + : UltraHonkComposer_("../srs_db/ignition", 0){}; - UltraHonkComposer(std::string const& crs_path, const size_t size_hint) - : UltraHonkComposer(std::unique_ptr(new FileReferenceStringFactory(crs_path)), - size_hint){}; + UltraHonkComposer_(std::string const& crs_path, const size_t size_hint) + : UltraHonkComposer_(std::unique_ptr(new FileReferenceStringFactory(crs_path)), + size_hint){}; - UltraHonkComposer(std::shared_ptr const& crs_factory, const size_t size_hint) + UltraHonkComposer_(std::shared_ptr const& crs_factory, const size_t size_hint) : circuit_constructor(size_hint) , composer_helper(crs_factory) , num_gates(circuit_constructor.num_gates) @@ -57,6 +48,7 @@ class UltraHonkComposer { add_gates_to_ensure_all_polys_are_non_zero(); }; +<<<<<<< HEAD UltraHonkComposer(std::shared_ptr const& p_key, std::shared_ptr const& v_key, size_t size_hint = 0); @@ -68,6 +60,14 @@ class UltraHonkComposer { return *this; }; ~UltraHonkComposer() = default; +======= + UltraHonkComposer_(std::shared_ptr const& p_key, + std::shared_ptr const& v_key, + size_t size_hint = 0); + UltraHonkComposer_(UltraHonkComposer_&& other) = default; + UltraHonkComposer_& operator=(UltraHonkComposer_&& other) = delete; + ~UltraHonkComposer_() = default; +>>>>>>> more wip size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } uint32_t get_zero_idx() { return circuit_constructor.zero_idx; } @@ -85,8 +85,8 @@ class UltraHonkComposer { void finalize_circuit() { circuit_constructor.finalize_circuit(); }; - UltraProver create_prover() { return composer_helper.create_prover(circuit_constructor); }; - UltraVerifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); }; + UltraProver_ create_prover() { return composer_helper.create_prover(circuit_constructor); }; + UltraVerifier_ create_verifier() { return composer_helper.create_verifier(circuit_constructor); }; void add_gates_to_ensure_all_polys_are_non_zero() { @@ -298,4 +298,6 @@ class UltraHonkComposer { const std::string& err() const { return circuit_constructor.err(); }; void failure(std::string msg) { circuit_constructor.failure(msg); } }; +template class UltraHonkComposer_; +using UltraHonkComposer = UltraHonkComposer_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 26ba270b4f..202fab37f5 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -38,7 +38,7 @@ class Ultra { using CommitmentHandle = G1::affine_element; // UltraHonk will be run with KZG by default but temporarily we set the commitment to IPA to // be able to do e2e tests with this pcs as well - // TODO: instantiate this with but IPA and KZG when the templating work is finished + // TODO: instantiate this with both IPA and KZG when the templating work is finished using PCSParams = pcs::ipa::Params; using PCS = pcs::ipa::IPA; diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index a3269dac47..5a819f5276 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -80,6 +80,7 @@ template class TranscriptTest : public testing::Test { round++; // TODO(Mara): Make testing more flavor agnostic so we can test this with all flavors + manifest_expected.add_entry(round, "KZG:W", size_G); // For IPA diff --git a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp index 64b80d6071..41249ed4bc 100644 --- a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp @@ -4,7 +4,7 @@ #include #include "../../primitives/composers/composers_fwd.hpp" - +#include "../../primitives/composers/composers.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/witness/witness.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index bb3717381b..196d9d76f3 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -8,6 +8,7 @@ class UltraPlonkComposer; class StandardPlonkComposer; } // namespace proof_system::plonk +<<<<<<< HEAD <<<<<<< HEAD namespace proof_system::honk { class StandardHonkComposer; @@ -18,6 +19,15 @@ class UltraHonkComposer; // using StandardHonkComposer = StandardHonkComposer_; // } // namespace proof_system::honk >>>>>>> wip +======= +namespace proof_system::honk { +namespace flavor { +class Standard; +} +template class StandardHonkComposer_; +using StandardHonkComposer = StandardHonkComposer_; +} // namespace proof_system::honk +>>>>>>> more wip namespace proof_system { class StandardCircuitConstructor; class TurboCircuitConstructor; diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.hpp b/cpp/src/barretenberg/stdlib/primitives/field/field.hpp index d1e89ca7ed..2e78f7856f 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.hpp @@ -2,8 +2,6 @@ #include #include "../composers/composers_fwd.hpp" #include "../witness/witness.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" #include "barretenberg/common/assert.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp index 1ec450de00..ffeb00030e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp @@ -1,6 +1,7 @@ #pragma once #include "barretenberg/numeric/uint256/uint256.hpp" #include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" #include diff --git a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp index 4148565d4d..213eee5c96 100644 --- a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp @@ -1,11 +1,11 @@ #pragma once #include #include "../composers/composers_fwd.hpp" +#include "../composers/composers.hpp" #include "../witness/witness.hpp" #include "../bool/bool.hpp" #include "barretenberg/common/assert.hpp" #include "../field/field.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" // The purpose of this class is to enable positive integer operations without a risk of overflow. // Despite the name, it is *not* a "safe" version of the uint class - as operations are positive integer From 8c3152aa4f66deec8790821d6b235d512b6be155 Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 2 Jun 2023 10:47:25 +0000 Subject: [PATCH 03/12] maybe --- .../honk/composer/ultra_honk_composer.hpp | 18 ++++------------- .../primitives/composers/composers_fwd.hpp | 20 +++++-------------- 2 files changed, 9 insertions(+), 29 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index 3e7e413aec..065d8e0c1b 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -10,6 +10,9 @@ namespace proof_system::honk { template class UltraHonkComposer_ { public: + // TODO(#426): This doesn't belong here + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system UltraCircuitConstructor circuit_constructor; // Composer helper contains all proof-related material that is separate from circuit creation such as: @@ -19,6 +22,7 @@ template class UltraHonkComposer_ { using CircuitConstructor = UltraCircuitConstructor; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; + static constexpr ComposerType type = ComposerType::PLOOKUP; // TODO(Mara): Get rid of this. UltraHonkComposerHelper_ composer_helper; size_t& num_gates; @@ -48,26 +52,12 @@ template class UltraHonkComposer_ { add_gates_to_ensure_all_polys_are_non_zero(); }; -<<<<<<< HEAD - UltraHonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0); - UltraHonkComposer(UltraHonkComposer&& other) = default; - UltraHonkComposer& operator=(UltraHonkComposer&& other) - { - circuit_constructor = std::move(other.circuit_constructor); - composer_helper = std::move(other.composer_helper); - return *this; - }; - ~UltraHonkComposer() = default; -======= UltraHonkComposer_(std::shared_ptr const& p_key, std::shared_ptr const& v_key, size_t size_hint = 0); UltraHonkComposer_(UltraHonkComposer_&& other) = default; UltraHonkComposer_& operator=(UltraHonkComposer_&& other) = delete; ~UltraHonkComposer_() = default; ->>>>>>> more wip size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } uint32_t get_zero_idx() { return circuit_constructor.zero_idx; } diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index 196d9d76f3..d2363d217d 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -5,29 +5,19 @@ class StandardPlonkComposer; class TurboPlonkComposer; class UltraPlonkComposer; -class StandardPlonkComposer; } // namespace proof_system::plonk -<<<<<<< HEAD -<<<<<<< HEAD -namespace proof_system::honk { -class StandardHonkComposer; -class UltraHonkComposer; -} // namespace proof_system::honk -======= -// namespace proof_system::honk { -// using StandardHonkComposer = StandardHonkComposer_; -// } // namespace proof_system::honk ->>>>>>> wip -======= namespace proof_system::honk { namespace flavor { class Standard; -} +class Ultra; +} // namespace flavor template class StandardHonkComposer_; using StandardHonkComposer = StandardHonkComposer_; +template class UltraHonkComposer_; +using UltraHonkComposer = UltraHonkComposer_; } // namespace proof_system::honk ->>>>>>> more wip + namespace proof_system { class StandardCircuitConstructor; class TurboCircuitConstructor; From c218260d9c2753c126d2f4e94212e22a50d48d52 Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 2 Jun 2023 12:51:42 +0000 Subject: [PATCH 04/12] wip --- .../benchmark/honk_bench/honk.bench.cpp | 6 +- .../benchmark/honk_bench/ultra_honk.bench.cpp | 5 +- .../dsl/acir_format/acir_format.cpp | 1 + .../dsl/acir_format/acir_format.hpp | 1 + .../dsl/acir_format/acir_format.test.cpp | 1 + .../standard_honk_composer_helper.cpp | 5 +- .../standard_honk_composer_helper.hpp | 2 + .../ultra_honk_composer_helper.cpp | 10 +- .../ultra_honk_composer_helper.hpp | 1 + .../honk/composer/standard_honk_composer.hpp | 6 +- .../composer/standard_honk_composer.test.cpp | 19 +- .../honk/composer/ultra_honk_composer.hpp | 14 +- .../composer/ultra_honk_composer.test.cpp | 32 +- .../honk/flavor/standard_grumpkin.hpp | 297 +++++++ cpp/src/barretenberg/honk/flavor/ultra.hpp | 6 +- .../honk/flavor/ultra_grumpkin.hpp | 396 ++++++++++ .../barretenberg/honk/proof_system/prover.cpp | 2 +- .../barretenberg/honk/proof_system/prover.hpp | 2 + .../honk/proof_system/prover_library.cpp | 26 + .../honk/proof_system/ultra_prover.cpp | 1 + .../honk/proof_system/ultra_prover.hpp | 2 + .../honk/proof_system/ultra_verifier.cpp | 1 + .../honk/proof_system/ultra_verifier.hpp | 3 +- .../honk/proof_system/verifier.cpp | 2 +- .../honk/proof_system/verifier.hpp | 2 + .../relations/relation_correctness.test.cpp | 747 +++++++++--------- .../honk/sumcheck/sumcheck.test.cpp | 4 +- .../honk/transcript/transcript.test.cpp | 57 +- .../proof_system/flavor/flavor.hpp | 10 +- .../stdlib/encryption/aes128/aes128.hpp | 3 +- .../stdlib/encryption/aes128/aes128.test.cpp | 2 +- .../stdlib/encryption/ecdsa/ecdsa.hpp | 1 - .../stdlib/encryption/ecdsa/ecdsa_impl.hpp | 2 + .../stdlib/hash/blake2s/blake2s.hpp | 6 +- .../stdlib/hash/blake3s/blake3s.hpp | 6 +- .../stdlib/hash/blake3s/blake3s.test.cpp | 1 + .../stdlib/hash/sha256/sha256.hpp | 10 +- .../stdlib/hash/sha256/sha256.test.cpp | 4 +- .../stdlib/hash/sha256/sha256_plookup.hpp | 5 +- .../primitives/bigfield/bigfield.test.cpp | 5 +- .../stdlib/primitives/biggroup/biggroup.hpp | 2 - .../primitives/biggroup/biggroup.test.cpp | 3 +- .../stdlib/primitives/bit_array/bit_array.hpp | 1 - .../primitives/bit_array/bit_array.test.cpp | 2 +- .../stdlib/primitives/bool/bool.cpp | 1 - .../stdlib/primitives/bool/bool.hpp | 2 - .../stdlib/primitives/bool/bool.test.cpp | 3 +- .../stdlib/primitives/composers/composers.hpp | 7 + .../primitives/composers/composers_fwd.hpp | 8 + .../stdlib/primitives/field/array.test.cpp | 5 +- .../stdlib/primitives/field/field.test.cpp | 5 +- .../stdlib/primitives/logic/logic.cpp | 1 - .../stdlib/primitives/logic/logic.hpp | 1 - .../stdlib/primitives/logic/logic.test.cpp | 1 + .../primitives/memory/dynamic_array.hpp | 2 +- .../primitives/memory/dynamic_array.test.cpp | 1 + .../packed_byte_array/packed_byte_array.hpp | 1 - .../packed_byte_array.test.cpp | 5 +- .../stdlib/primitives/plookup/plookup.hpp | 2 +- .../primitives/plookup/plookup.test.cpp | 1 + .../stdlib/primitives/uint/logic.cpp | 1 - .../stdlib/primitives/uint/uint.hpp | 6 - 62 files changed, 1263 insertions(+), 504 deletions(-) create mode 100644 cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp create mode 100644 cpp/src/barretenberg/honk/flavor/ultra_grumpkin.hpp diff --git a/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp index 64229d59e6..8b51d13eb4 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp @@ -1,10 +1,10 @@ #include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/honk/proof_system/prover.hpp" -#include "barretenberg/honk/proof_system/verifier.hpp" #include #include -#include "barretenberg/honk/composer/standard_honk_composer.hpp" + #include "barretenberg/stdlib/primitives/field/field.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" using namespace benchmark; diff --git a/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp index f794bc603d..8a6f7933e4 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp @@ -1,10 +1,9 @@ #include "barretenberg/crypto/ecdsa/ecdsa.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/honk/proof_system/ultra_prover.hpp" -#include "barretenberg/honk/proof_system/ultra_verifier.hpp" #include #include -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp" #include "barretenberg/stdlib/hash/keccak/keccak.hpp" #include "barretenberg/stdlib/primitives/curves/secp256k1.hpp" diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 3f879218f7..2448d2ac1f 100644 --- a/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -1,5 +1,6 @@ #include "acir_format.hpp" #include "barretenberg/common/log.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" namespace acir_format { diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp index 0b47f38b89..7ef3768acd 100644 --- a/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp @@ -11,6 +11,7 @@ #include "pedersen.hpp" #include "hash_to_field.hpp" #include "barretenberg/dsl/types.hpp" +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" namespace acir_format { diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp index 7bed2bc452..198ca2d06f 100644 --- a/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp @@ -5,6 +5,7 @@ #include "barretenberg/common/streams.hpp" #include "barretenberg/serialize/test_helper.hpp" #include "ecdsa_secp256k1.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" TEST(acir_format, msgpack_logic_constraint) { auto [actual, expected] = msgpack_roundtrip(acir_format::LogicConstraint{}); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index ce7f00ae9e..629b68788a 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -149,7 +149,7 @@ StandardVerifier_ StandardHonkComposerHelper_::create_verifier( const CircuitConstructor& circuit_constructor) { compute_verification_key(circuit_constructor); - StandardVerifier output_state(verification_key); + StandardVerifier_ output_state(verification_key); auto pcs_verification_key = std::make_unique(verification_key->circuit_size, "../srs_db/ignition"); @@ -165,7 +165,7 @@ StandardProver_ StandardHonkComposerHelper_::create_prover( { compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - StandardProver output_state(proving_key); + StandardProver_ output_state(proving_key); auto pcs_commitment_key = std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); @@ -175,5 +175,6 @@ StandardProver_ StandardHonkComposerHelper_::create_prover( return output_state; } template class StandardHonkComposerHelper_; +template class StandardHonkComposerHelper_; } // namespace proof_system::honk \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 936b1ffbf7..453fdfe724 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -10,6 +10,7 @@ #include "barretenberg/proof_system/composer/permutation_helper.hpp" #include "barretenberg/honk/flavor/standard.hpp" +#include "barretenberg/honk/flavor/standard_grumpkin.hpp" namespace proof_system::honk { template class StandardHonkComposerHelper_ { @@ -68,6 +69,7 @@ template class StandardHonkComposerHelper_ { void compute_witness(const CircuitConstructor& circuit_constructor, const size_t minimum_circuit_size = 0); }; extern template class StandardHonkComposerHelper_; +extern template class StandardHonkComposerHelper_; using StandardHonkComposerHelper = StandardHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index b4320eaafd..1214b3ec4e 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -143,10 +143,10 @@ UltraProver_ UltraHonkComposerHelper_::create_prover(CircuitCons compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - UltraProver output_state(proving_key); + UltraProver_ output_state(proving_key); auto pcs_commitment_key = - std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); + std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); output_state.pcs_commitment_key = std::move(pcs_commitment_key); @@ -164,7 +164,7 @@ UltraVerifier_ UltraHonkComposerHelper_::create_verifier(const C { auto verification_key = compute_verification_key(circuit_constructor); - UltraVerifier output_state(verification_key); + UltraVerifier_ output_state(verification_key); auto pcs_verification_key = std::make_unique(verification_key->circuit_size, "../srs_db/ignition"); @@ -320,7 +320,7 @@ std::shared_ptr UltraHonkComposerHelper_::VerificationKey>( + verification_key = std::make_shared( proving_key->circuit_size, proving_key->num_public_inputs, proving_key->composer_type); auto commitment_key = PCSCommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); @@ -361,5 +361,7 @@ std::shared_ptr UltraHonkComposerHelper_; +template class UltraHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index d9e4a96c7f..977702f31a 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -69,5 +69,6 @@ template class UltraHonkComposerHelper_ { void add_table_column_selector_poly_to_proving_key(polynomial& small, const std::string& tag); }; extern template class UltraHonkComposerHelper_; +extern template class UltraHonkComposerHelper_; using UltraHonkComposerHelper = UltraHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 7fd210a89b..c5e631ecac 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -191,6 +191,8 @@ template class StandardHonkComposer_ { const std::string& err() const { return circuit_constructor.err(); }; void failure(std::string msg) { circuit_constructor.failure(msg); } }; -template class StandardHonkComposer_; -using StandardHonkComposer = StandardHonkComposer_; +template class StandardHonkComposer_; +template class StandardHonkComposer_; +using StandardHonkComposer = StandardHonkComposer_; +using StandardGrumpkinHonkComposer = StandardHonkComposer_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index e2f3c6777f..fd58cb1a4f 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -27,7 +27,6 @@ namespace test_standard_honk_composer { */ TEST(StandardHonkComposer, SigmaIDCorrectness) { - using StandardHonkComposer = StandardHonkComposer_; auto test_permutation = [](StandardHonkComposer& composer) { auto proving_key = composer.compute_proving_key(); const auto n = proving_key->circuit_size; @@ -141,7 +140,6 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) */ TEST(StandardHonkComposer, LagrangeCorrectness) { - using StandardHonkComposer = StandardHonkComposer_; // Create a composer and a dummy circuit with a few gates StandardHonkComposer composer = StandardHonkComposer(); fr a = fr::one(); @@ -191,7 +189,6 @@ TEST(StandardHonkComposer, LagrangeCorrectness) */ TEST(StandardHonkComposer, AssertEquals) { - using StandardHonkComposer = StandardHonkComposer_; /** * @brief A function that creates a simple circuit with repeated gates, leading to large permutation cycles @@ -287,7 +284,6 @@ TEST(StandardHonkComposer, AssertEquals) TEST(StandardHonkComposer, VerificationKeyCreation) { - using StandardHonkComposer = StandardHonkComposer_; // Create a composer and a dummy circuit with a few gates StandardHonkComposer composer = StandardHonkComposer(); @@ -312,7 +308,6 @@ TEST(StandardHonkComposer, VerificationKeyCreation) TEST(StandardHonkComposer, BaseCase) { - using StandardHonkComposer = StandardHonkComposer_; auto composer = StandardHonkComposer(); fr a = 1; composer.circuit_constructor.add_variable(a); @@ -326,7 +321,6 @@ TEST(StandardHonkComposer, BaseCase) TEST(StandardHonkComposer, TwoGates) { - using StandardHonkComposer = StandardHonkComposer_; auto run_test = [](bool expect_verified) { auto composer = StandardHonkComposer(); @@ -361,7 +355,6 @@ TEST(StandardHonkComposer, TwoGates) TEST(StandardHonkComposer, SumcheckEvaluations) { - using StandardHonkComposer = StandardHonkComposer_; auto run_test = [](bool expected_result) { auto composer = StandardHonkComposer(); fr a = fr::one(); @@ -392,4 +385,16 @@ TEST(StandardHonkComposer, SumcheckEvaluations) run_test(/*expected_result=*/true); run_test(/*expected_result=*/false); } +TEST(StandardGrumpkinHonkComposer, BaseCase) +{ + auto composer = StandardGrumpkinHonkComposer(); + fr a = 1; + composer.circuit_constructor.add_variable(a); + + auto prover = composer.create_prover(); + plonk::proof proof = prover.construct_proof(); + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + ASSERT_TRUE(verified); +} } // namespace test_standard_honk_composer diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index 065d8e0c1b..7836740286 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -10,9 +10,6 @@ namespace proof_system::honk { template class UltraHonkComposer_ { public: - // TODO(#426): This doesn't belong here - static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; - static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system UltraCircuitConstructor circuit_constructor; // Composer helper contains all proof-related material that is separate from circuit creation such as: @@ -22,7 +19,13 @@ template class UltraHonkComposer_ { using CircuitConstructor = UltraCircuitConstructor; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; - static constexpr ComposerType type = ComposerType::PLOOKUP; // TODO(Mara): Get rid of this. + + // TODO(#426): This don't belong here + static constexpr ComposerType type = ComposerType::PLOOKUP; + static_assert(type == CircuitConstructor::type); + static constexpr merkle::HashType merkle_hash_type = CircuitConstructor::merkle_hash_type; + static constexpr pedersen::CommitmentType commitment_type = CircuitConstructor::commitment_type; + static constexpr size_t DEFAULT_PLOOKUP_RANGE_BITNUM = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM; UltraHonkComposerHelper_ composer_helper; size_t& num_gates; @@ -289,5 +292,8 @@ template class UltraHonkComposer_ { void failure(std::string msg) { circuit_constructor.failure(msg); } }; template class UltraHonkComposer_; +template class UltraHonkComposer_; using UltraHonkComposer = UltraHonkComposer_; +using UltraGrumpkinHonkComposer = UltraHonkComposer_; + } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 2eb23f820a..65fdd7768e 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -108,9 +108,9 @@ TEST(UltraHonkComposer, XorConstraint) const auto lookup_accumulators = plookup::get_lookup_accumulators( plookup::MultiTableId::UINT32_XOR, left_witness_value, right_witness_value, true); auto xor_result = lookup_accumulators[plookup::ColumnIdx::C3] - [0]; // The zeroth index in the 3rd column is the fully accumulated xor result - EXPECT_EQ(xor_result, xor_result_expected); + [0]; // The zeroth index in the 3rd column is the fully accumulated xor + EXPECT_EQ(xor_result, xor_result_expected); composer.create_gates_from_plookup_accumulators( plookup::MultiTableId::UINT32_XOR, lookup_accumulators, left_witness_index, right_witness_index); @@ -555,7 +555,6 @@ TEST(UltraHonkComposer, range_constraint) TEST(UltraHonkComposer, range_with_gates) { - auto composer = UltraHonkComposer(); auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { @@ -800,6 +799,33 @@ TEST(UltraHonkComposer, ram) prove_and_verify(composer, /*expected_result=*/true); } +TEST(UltraGrumpkinHonkComposer, XorConstraint) +{ + auto composer = UltraGrumpkinHonkComposer(); + + uint32_t left_value = engine.get_random_uint32(); + uint32_t right_value = engine.get_random_uint32(); + + fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); + fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); + + uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t right_witness_index = composer.add_variable(right_witness_value); + + uint32_t xor_result_expected = left_value ^ right_value; + + const auto lookup_accumulators = plookup::get_lookup_accumulators( + plookup::MultiTableId::UINT32_XOR, left_witness_value, right_witness_value, true); + auto xor_result = lookup_accumulators[plookup::ColumnIdx::C3] + [0]; // The zeroth index in the 3rd column is the fully accumulated xor + + EXPECT_EQ(xor_result, xor_result_expected); + composer.create_gates_from_plookup_accumulators( + plookup::MultiTableId::UINT32_XOR, lookup_accumulators, left_witness_index, right_witness_index); + + prove_and_verify(composer, /*expected_result=*/true); +} + // TODO(#378)(luke): this is a recent update from Zac and fails; do we need a corresponding bug fix in ultra circuit // constructor? TEST(UltraHonkComposer, range_checks_on_duplicates) // { diff --git a/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp b/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp new file mode 100644 index 0000000000..fdd236653d --- /dev/null +++ b/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp @@ -0,0 +1,297 @@ +#pragma once +#include +#include +#include +#include +#include +#include +#include "barretenberg/honk/pcs/commitment_key.hpp" +#include "barretenberg/honk/sumcheck/polynomials/barycentric_data.hpp" +#include "barretenberg/honk/pcs/ipa/ipa.hpp" +#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" +#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/permutation_relation.hpp" +#include "barretenberg/honk/transcript/transcript.hpp" +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/polynomials/evaluation_domain.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" + +namespace proof_system::honk::flavor { +class StandardGrumpkin { + // TODO(Mara): At the moment this class is a duplicate of the Standard flavor with a different PCS for testing + // purposes. This will be changed to Grumpkin once generating Honk proofs over Grumpkin has been enabled. + public: + using CircuitConstructor = StandardCircuitConstructor; + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialHandle = std::span; + using G1 = barretenberg::g1; + using GroupElement = G1::element; + using Commitment = G1::affine_element; + using CommitmentHandle = G1::affine_element; + using PCSParams = pcs::ipa::Params; + using PCS = pcs::ipa::IPA; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often + // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` + static constexpr size_t NUM_ALL_ENTITIES = 18; + // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying + // assignment of witnesses. We again choose a neutral name. + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + // The total number of witness entities not including shifts. + static constexpr size_t NUM_WITNESS_ENTITIES = 4; + + // define the tuple of Relations that comprise the Sumcheck relation + using Relations = std::tuple, sumcheck::PermutationRelation>; + + static constexpr size_t MAX_RELATION_LENGTH = get_max_relation_length(); + static constexpr size_t NUM_RELATIONS = std::tuple_size::value; + + // Instantiate the BarycentricData needed to extend each Relation Univariate + static_assert(instantiate_barycentric_utils()); + + // define the containers for storing the contributions from each relation in Sumcheck + using RelationUnivariates = decltype(create_relation_univariates_container()); + using RelationValues = decltype(create_relation_values_container()); + + // define utilities to extend univarates from RELATION_LENGTH to MAX_RELATION_LENGTH for each Relation + // using BarycentricUtils = decltype(create_barycentric_utils()); + + private: + /** + * @brief A base class labelling precomputed entities and (ordered) subsets of interest. + * @details Used to build the proving key and verification key. + */ + template + class PrecomputedEntities : public PrecomputedEntities_ { + public: + DataType& q_m = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_c = std::get<4>(this->_data); + DataType& sigma_1 = std::get<5>(this->_data); + DataType& sigma_2 = std::get<6>(this->_data); + DataType& sigma_3 = std::get<7>(this->_data); + DataType& id_1 = std::get<8>(this->_data); + DataType& id_2 = std::get<9>(this->_data); + DataType& id_3 = std::get<10>(this->_data); + DataType& lagrange_first = std::get<11>(this->_data); + DataType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; + }; + + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory. + */ + template + class WitnessEntities : public WitnessEntities_ { + public: + DataType& w_l = std::get<0>(this->_data); + DataType& w_r = std::get<1>(this->_data); + DataType& w_o = std::get<2>(this->_data); + DataType& z_perm = std::get<3>(this->_data); + + std::vector get_wires() override { return { w_l, w_r, w_o }; }; + }; + + /** + * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during + * sumcheck) in this Honk variant along with particular subsets of interest + * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded + * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. + * + * Symbolically we have: AllEntities = PrecomputedEntities + WitnessEntities + "ShiftedEntities". It could be + * implemented as such, but we don't have this now. + */ + template + class AllEntities : public AllEntities_ { + public: + DataType& q_c = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_m = std::get<4>(this->_data); + DataType& sigma_1 = std::get<5>(this->_data); + DataType& sigma_2 = std::get<6>(this->_data); + DataType& sigma_3 = std::get<7>(this->_data); + DataType& id_1 = std::get<8>(this->_data); + DataType& id_2 = std::get<9>(this->_data); + DataType& id_3 = std::get<10>(this->_data); + DataType& lagrange_first = std::get<11>(this->_data); + DataType& lagrange_last = std::get<12>(this->_data); + DataType& w_l = std::get<13>(this->_data); + DataType& w_r = std::get<14>(this->_data); + DataType& w_o = std::get<15>(this->_data); + DataType& z_perm = std::get<16>(this->_data); + DataType& z_perm_shift = std::get<17>(this->_data); + + std::vector get_wires() override { return { w_l, w_r, w_o }; }; + + // Gemini-specific getters. + std::vector get_unshifted() override + { + return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, + lagrange_last, w_l, w_r, w_o, z_perm }; + }; + std::vector get_to_be_shifted() override { return { z_perm }; }; + std::vector get_shifted() override { return { z_perm_shift }; }; + + // TODO(Cody): It would be nice to define these constructors once in a base class template. + AllEntities() = default; + + AllEntities(const AllEntities& other) + : AllEntities_(other){}; + + AllEntities(AllEntities&& other) + : AllEntities_(other){}; + + AllEntities& operator=(const AllEntities& other) + { + if (this == &other) { + return *this; + } + AllEntities_::operator=(other); + return *this; + } + + AllEntities& operator=(AllEntities&& other) + { + AllEntities_::operator=(other); + return *this; + } + + ~AllEntities() = default; + }; + + public: + /** + * @brief The proving key is responsible for storing the polynomials used by the prover. + * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve inherit + * from ProvingKey. + */ + class ProvingKey : public ProvingKey_, + WitnessEntities> { + public: + // Expose constructors of the base class + using Base = ProvingKey_, + WitnessEntities>; + using Base::Base; + }; + + /** + * @brief The verification key is responsible for storing the the commitments to the precomputed (non-witness) + * polynomials used by the verifier. + * + * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve + * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our + * circuits. + */ + using VerificationKey = VerificationKey_>; + + /** + * @brief A container for polynomials handles; only stores spans. + */ + using ProverPolynomials = AllEntities; + + /** + * @brief A container for storing the partially evaluated multivariates produced by sumcheck. + */ + class PartiallyEvaluatedMultivariates : public AllEntities { + + public: + PartiallyEvaluatedMultivariates() = default; + PartiallyEvaluatedMultivariates(const size_t circuit_size) + { + // Storage is only needed after the first partial evaluation, hence polynomials of size (n / 2) + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size / 2); + } + } + }; + + /** + * @brief A container for univariates produced during the hot loop in sumcheck. + * @todo TODO(#390): Simplify this by moving MAX_RELATION_LENGTH? + */ + template + using ExtendedEdges = + AllEntities, sumcheck::Univariate>; + + /** + * @brief A container for the polynomials evaluations produced during sumcheck, which are purported to be the + * evaluations of polynomials committed in earlier rounds. + */ + class ClaimedEvaluations : public AllEntities { + public: + using Base = AllEntities; + using Base::Base; + ClaimedEvaluations(std::array _data_in) { this->_data = _data_in; } + }; + + /** + * @brief A container for commitment labels. + * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly needed. It + * has, however, been useful during debugging to have these labels available. + * + */ + class CommitmentLabels : public AllEntities { + public: + CommitmentLabels() + : AllEntities() + { + w_l = "W_1"; + w_r = "W_2"; + w_o = "W_3"; + z_perm = "Z_PERM"; + // The ones beginning with "__" are only used for debugging + z_perm_shift = "__Z_PERM_SHIFT"; + q_m = "__Q_M"; + q_l = "__Q_L"; + q_r = "__Q_R"; + q_o = "__Q_O"; + q_c = "__Q_C"; + sigma_1 = "__SIGMA_1"; + sigma_2 = "__SIGMA_2"; + sigma_3 = "__SIGMA_3"; + id_1 = "__ID_1"; + id_2 = "__ID_2"; + id_3 = "__ID_3"; + lagrange_first = "__LAGRANGE_FIRST"; + lagrange_last = "__LAGRANGE_LAST"; + }; + }; + + /** + * @brief A container for all commitments used by the verifier. + */ + class VerifierCommitments : public AllEntities { + public: + VerifierCommitments(std::shared_ptr verification_key) + { + // Initialize pre-computed commitments here, witness commitments during proof verification. + q_m = verification_key->q_m; + q_l = verification_key->q_l; + q_r = verification_key->q_r; + q_o = verification_key->q_o; + q_c = verification_key->q_c; + sigma_1 = verification_key->sigma_1; + sigma_2 = verification_key->sigma_2; + sigma_3 = verification_key->sigma_3; + id_1 = verification_key->id_1; + id_2 = verification_key->id_2; + id_3 = verification_key->id_3; + lagrange_first = verification_key->lagrange_first; + lagrange_last = verification_key->lagrange_last; + } + }; +}; +} // namespace proof_system::honk::flavor \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 202fab37f5..6f40b847cc 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -7,7 +7,7 @@ #include #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/honk/sumcheck/polynomials/barycentric_data.hpp" -#include "barretenberg/honk/pcs/ipa/ipa.hpp" +#include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" #include "barretenberg/honk/transcript/transcript.hpp" @@ -39,8 +39,8 @@ class Ultra { // UltraHonk will be run with KZG by default but temporarily we set the commitment to IPA to // be able to do e2e tests with this pcs as well // TODO: instantiate this with both IPA and KZG when the templating work is finished - using PCSParams = pcs::ipa::Params; - using PCS = pcs::ipa::IPA; + using PCSParams = pcs::kzg::Params; + using PCS = pcs::kzg::KZG; static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often diff --git a/cpp/src/barretenberg/honk/flavor/ultra_grumpkin.hpp b/cpp/src/barretenberg/honk/flavor/ultra_grumpkin.hpp new file mode 100644 index 0000000000..fbb87479be --- /dev/null +++ b/cpp/src/barretenberg/honk/flavor/ultra_grumpkin.hpp @@ -0,0 +1,396 @@ +#pragma once +#include +#include +#include +#include +#include +#include +#include "barretenberg/honk/pcs/commitment_key.hpp" +#include "barretenberg/honk/sumcheck/polynomials/barycentric_data.hpp" +#include "barretenberg/honk/pcs/ipa/ipa.hpp" +#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" +#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/honk/transcript/transcript.hpp" +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/polynomials/evaluation_domain.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/permutation_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/lookup_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/gen_perm_sort_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/elliptic_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/auxiliary_relation.hpp" + +namespace proof_system::honk::flavor { + +class UltraGrumpkin { + // TODO(Mara): At the moment this class is a duplicate of the Standard flavor with a different PCS for testing + // purposes. This will be changed to Grumpkin once generating Honk proofs over Grumpkin has been enabled. + public: + using CircuitConstructor = UltraCircuitConstructor; + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialHandle = std::span; + using G1 = barretenberg::g1; + using GroupElement = G1::element; + using Commitment = G1::affine_element; + using CommitmentHandle = G1::affine_element; + using PCSParams = pcs::ipa::Params; + using PCS = pcs::ipa::IPA; + + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often + // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS`. + // Note: this number does not include the individual sorted list polynomials. + static constexpr size_t NUM_ALL_ENTITIES = 43; + // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying + // assignment of witnesses. We again choose a neutral name. + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; + // The total number of witness entities not including shifts. + static constexpr size_t NUM_WITNESS_ENTITIES = 11; + + // define the tuple of Relations that comprise the Sumcheck relation + using Relations = std::tuple, + sumcheck::UltraPermutationRelation, + sumcheck::LookupRelation, + sumcheck::GenPermSortRelation, + sumcheck::EllipticRelation, + sumcheck::AuxiliaryRelation>; + + static constexpr size_t MAX_RELATION_LENGTH = get_max_relation_length(); + static constexpr size_t NUM_RELATIONS = std::tuple_size::value; + + // Instantiate the BarycentricData needed to extend each Relation Univariate + static_assert(instantiate_barycentric_utils()); + + // define the container for storing the univariate contribution from each relation in Sumcheck + using RelationUnivariates = decltype(create_relation_univariates_container()); + using RelationValues = decltype(create_relation_values_container()); + + private: + template + /** + * @brief A base class labelling precomputed entities and (ordered) subsets of interest. + * @details Used to build the proving key and verification key. + */ + class PrecomputedEntities : public PrecomputedEntities_ { + public: + DataType& q_m = std::get<0>(this->_data); + DataType& q_c = std::get<1>(this->_data); + DataType& q_l = std::get<2>(this->_data); + DataType& q_r = std::get<3>(this->_data); + DataType& q_o = std::get<4>(this->_data); + DataType& q_4 = std::get<5>(this->_data); + DataType& q_arith = std::get<6>(this->_data); + DataType& q_sort = std::get<7>(this->_data); + DataType& q_elliptic = std::get<8>(this->_data); + DataType& q_aux = std::get<9>(this->_data); + DataType& q_lookup = std::get<10>(this->_data); + DataType& sigma_1 = std::get<11>(this->_data); + DataType& sigma_2 = std::get<12>(this->_data); + DataType& sigma_3 = std::get<13>(this->_data); + DataType& sigma_4 = std::get<14>(this->_data); + DataType& id_1 = std::get<15>(this->_data); + DataType& id_2 = std::get<16>(this->_data); + DataType& id_3 = std::get<17>(this->_data); + DataType& id_4 = std::get<18>(this->_data); + DataType& table_1 = std::get<19>(this->_data); + DataType& table_2 = std::get<20>(this->_data); + DataType& table_3 = std::get<21>(this->_data); + DataType& table_4 = std::get<22>(this->_data); + DataType& lagrange_first = std::get<23>(this->_data); + DataType& lagrange_last = std::get<24>(this->_data); + + std::vector get_selectors() override + { + return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; + }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3, id_4 }; }; + + std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; + }; + + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory. + */ + template + class WitnessEntities : public WitnessEntities_ { + public: + DataType& w_l = std::get<0>(this->_data); + DataType& w_r = std::get<1>(this->_data); + DataType& w_o = std::get<2>(this->_data); + DataType& w_4 = std::get<3>(this->_data); + DataType& sorted_1 = std::get<4>(this->_data); + DataType& sorted_2 = std::get<5>(this->_data); + DataType& sorted_3 = std::get<6>(this->_data); + DataType& sorted_4 = std::get<7>(this->_data); + DataType& sorted_accum = std::get<8>(this->_data); + DataType& z_perm = std::get<9>(this->_data); + DataType& z_lookup = std::get<10>(this->_data); + + std::vector get_wires() override { return { w_l, w_r, w_o, w_4 }; }; + // The sorted concatenations of table and witness data needed for plookup. + std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; + }; + + /** + * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during + * sumcheck) in this Honk variant along with particular subsets of interest + * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded + * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. + * + * Symbolically we have: AllEntities = PrecomputedEntities + WitnessEntities + "ShiftedEntities". It could be + * implemented as such, but we have this now. + */ + template + class AllEntities : public AllEntities_ { + public: + DataType& q_c = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_4 = std::get<4>(this->_data); + DataType& q_m = std::get<5>(this->_data); + DataType& q_arith = std::get<6>(this->_data); + DataType& q_sort = std::get<7>(this->_data); + DataType& q_elliptic = std::get<8>(this->_data); + DataType& q_aux = std::get<9>(this->_data); + DataType& q_lookup = std::get<10>(this->_data); + DataType& sigma_1 = std::get<11>(this->_data); + DataType& sigma_2 = std::get<12>(this->_data); + DataType& sigma_3 = std::get<13>(this->_data); + DataType& sigma_4 = std::get<14>(this->_data); + DataType& id_1 = std::get<15>(this->_data); + DataType& id_2 = std::get<16>(this->_data); + DataType& id_3 = std::get<17>(this->_data); + DataType& id_4 = std::get<18>(this->_data); + DataType& table_1 = std::get<19>(this->_data); + DataType& table_2 = std::get<20>(this->_data); + DataType& table_3 = std::get<21>(this->_data); + DataType& table_4 = std::get<22>(this->_data); + DataType& lagrange_first = std::get<23>(this->_data); + DataType& lagrange_last = std::get<24>(this->_data); + DataType& w_l = std::get<25>(this->_data); + DataType& w_r = std::get<26>(this->_data); + DataType& w_o = std::get<27>(this->_data); + DataType& w_4 = std::get<28>(this->_data); + DataType& sorted_accum = std::get<29>(this->_data); + DataType& z_perm = std::get<30>(this->_data); + DataType& z_lookup = std::get<31>(this->_data); + DataType& table_1_shift = std::get<32>(this->_data); + DataType& table_2_shift = std::get<33>(this->_data); + DataType& table_3_shift = std::get<34>(this->_data); + DataType& table_4_shift = std::get<35>(this->_data); + DataType& w_l_shift = std::get<36>(this->_data); + DataType& w_r_shift = std::get<37>(this->_data); + DataType& w_o_shift = std::get<38>(this->_data); + DataType& w_4_shift = std::get<39>(this->_data); + DataType& sorted_accum_shift = std::get<40>(this->_data); + DataType& z_perm_shift = std::get<41>(this->_data); + DataType& z_lookup_shift = std::get<42>(this->_data); + + std::vector get_wires() override { return { w_l, w_r, w_o, w_4 }; }; + // Gemini-specific getters. + std::vector get_unshifted() override + { + return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, + q_elliptic, q_aux, q_lookup, sigma_1, sigma_2, sigma_3, sigma_4, id_1, + id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, + lagrange_last, w_l, w_r, w_o, w_4, sorted_accum, z_perm, z_lookup + + }; + }; + std::vector get_to_be_shifted() override + { + return { table_1, table_2, table_3, table_4, w_l, w_r, w_o, w_4, sorted_accum, z_perm, z_lookup }; + }; + std::vector get_shifted() override + { + return { table_1_shift, table_2_shift, table_3_shift, table_4_shift, w_l_shift, w_r_shift, + w_o_shift, w_4_shift, sorted_accum_shift, z_perm_shift, z_lookup_shift }; + }; + + AllEntities() = default; + + AllEntities(const AllEntities& other) + : AllEntities_(other){}; + + AllEntities(AllEntities&& other) + : AllEntities_(other){}; + + AllEntities& operator=(const AllEntities& other) + { + if (this == &other) { + return *this; + } + AllEntities_::operator=(other); + return *this; + } + + AllEntities& operator=(AllEntities&& other) + { + AllEntities_::operator=(other); + return *this; + } + + ~AllEntities() = default; + }; + + public: + /** + * @brief The proving key is responsible for storing the polynomials used by the prover. + * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve inherit + * from ProvingKey. + */ + class ProvingKey : public ProvingKey_, + WitnessEntities> { + public: + // Expose constructors on the base class + using Base = ProvingKey_, + WitnessEntities>; + using Base::Base; + + std::vector memory_read_records; + std::vector memory_write_records; + + // The plookup wires that store plookup read data. + std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; + }; + + /** + * @brief The verification key is responsible for storing the the commitments to the precomputed (non-witnessk) + * polynomials used by the verifier. + * + * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve + * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our + * circuits. + */ + using VerificationKey = VerificationKey_>; + + /** + * @brief A container for polynomials handles; only stores spans. + */ + using ProverPolynomials = AllEntities; + + /** + * @brief A container for storing the partially evaluated multivariates produced by sumcheck. + */ + class PartiallyEvaluatedMultivariates : public AllEntities { + + public: + PartiallyEvaluatedMultivariates() = default; + PartiallyEvaluatedMultivariates(const size_t circuit_size) + { + // Storage is only needed after the first partial evaluation, hence polynomials of size (n / 2) + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size / 2); + } + } + }; + + /** + * @brief A container for univariates produced during the hot loop in sumcheck. + * @todo TODO(#390): Simplify this by moving MAX_RELATION_LENGTH? + */ + template + using ExtendedEdges = + AllEntities, sumcheck::Univariate>; + + /** + * @brief A container for the polynomials evaluations produced during sumcheck, which are purported to be the + * evaluations of polynomials committed in earlier rounds. + */ + class ClaimedEvaluations : public AllEntities { + public: + using Base = AllEntities; + using Base::Base; + ClaimedEvaluations(std::array _data_in) { this->_data = _data_in; } + }; + + /** + * @brief A container for commitment labels. + * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly needed. It + * has, however, been useful during debugging to have these labels available. + * + */ + class CommitmentLabels : public AllEntities { + public: + CommitmentLabels() + { + w_l = "W_L"; + w_r = "W_R"; + w_o = "W_O"; + w_4 = "W_4"; + z_perm = "Z_PERM"; + z_lookup = "Z_LOOKUP"; + sorted_accum = "SORTED_ACCUM"; + + // The ones beginning with "__" are only used for debugging + q_c = "__Q_C"; + q_l = "__Q_L"; + q_r = "__Q_R"; + q_o = "__Q_O"; + q_4 = "__Q_4"; + q_m = "__Q_M"; + q_arith = "__Q_ARITH"; + q_sort = "__Q_SORT"; + q_elliptic = "__Q_ELLIPTIC"; + q_aux = "__Q_AUX"; + q_lookup = "__Q_LOOKUP"; + sigma_1 = "__SIGMA_1"; + sigma_2 = "__SIGMA_2"; + sigma_3 = "__SIGMA_3"; + sigma_4 = "__SIGMA_4"; + id_1 = "__ID_1"; + id_2 = "__ID_2"; + id_3 = "__ID_3"; + id_4 = "__ID_4"; + table_1 = "__TABLE_1"; + table_2 = "__TABLE_2"; + table_3 = "__TABLE_3"; + table_4 = "__TABLE_4"; + lagrange_first = "__LAGRANGE_FIRST"; + lagrange_last = "__LAGRANGE_LAST"; + }; + }; + + class VerifierCommitments : public AllEntities { + public: + VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + { + static_cast(transcript); + q_m = verification_key->q_m; + q_l = verification_key->q_l; + q_r = verification_key->q_r; + q_o = verification_key->q_o; + q_4 = verification_key->q_4; + q_c = verification_key->q_c; + q_arith = verification_key->q_arith; + q_sort = verification_key->q_sort; + q_elliptic = verification_key->q_elliptic; + q_aux = verification_key->q_aux; + q_lookup = verification_key->q_lookup; + sigma_1 = verification_key->sigma_1; + sigma_2 = verification_key->sigma_2; + sigma_3 = verification_key->sigma_3; + sigma_4 = verification_key->sigma_4; + id_1 = verification_key->id_1; + id_2 = verification_key->id_2; + id_3 = verification_key->id_3; + id_4 = verification_key->id_4; + table_1 = verification_key->table_1; + table_2 = verification_key->table_2; + table_3 = verification_key->table_3; + table_4 = verification_key->table_4; + lagrange_first = verification_key->lagrange_first; + lagrange_last = verification_key->lagrange_last; + } + }; +}; + +} // namespace proof_system::honk::flavor diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 39ac5684b0..607f762f9f 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -3,7 +3,6 @@ #include "barretenberg/honk/sumcheck/sumcheck.hpp" #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/honk/utils/power_polynomial.hpp" -#include "barretenberg/honk/flavor/standard.hpp" namespace proof_system::honk { @@ -283,5 +282,6 @@ template plonk::proof& StandardProver_::construc } template class StandardProver_; +template class StandardProver_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index e4abda3a8e..ddb354d84b 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -9,6 +9,7 @@ #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/proof_system/work_queue.hpp" #include "barretenberg/honk/flavor/standard.hpp" +#include "barretenberg/honk/flavor/standard_grumpkin.hpp" namespace proof_system::honk { @@ -83,6 +84,7 @@ template class StandardProver_ { }; extern template class StandardProver_; +extern template class StandardProver_; using StandardProver = StandardProver_; // using GrumpkinStandardProver = StandardProver_; // e.g. diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 330da8b2e5..fab657a06a 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -1,6 +1,8 @@ #include "prover_library.hpp" #include "barretenberg/honk/flavor/standard.hpp" +#include "barretenberg/honk/flavor/standard_grumpkin.hpp" #include "barretenberg/honk/flavor/ultra.hpp" +#include "barretenberg/honk/flavor/ultra_grumpkin.hpp" #include #include @@ -397,6 +399,11 @@ void add_plookup_memory_records_to_wire_4(std::shared_ptr( std::shared_ptr&, honk::flavor::Standard::FF, honk::flavor::Standard::FF); +template honk::flavor::StandardGrumpkin::Polynomial compute_permutation_grand_product( + std::shared_ptr&, + honk::flavor::StandardGrumpkin::FF, + honk::flavor::StandardGrumpkin::FF); + template honk::flavor::Ultra::Polynomial compute_permutation_grand_product( std::shared_ptr&, honk::flavor::Ultra::FF, honk::flavor::Ultra::FF); @@ -412,4 +419,23 @@ template typename honk::flavor::Ultra::Polynomial compute_sorted_list_accumulato template void add_plookup_memory_records_to_wire_4( std::shared_ptr& key, typename honk::flavor::Ultra::FF eta); +template honk::flavor::UltraGrumpkin::Polynomial compute_permutation_grand_product( + std::shared_ptr&, + honk::flavor::UltraGrumpkin::FF, + honk::flavor::UltraGrumpkin::FF); + +template typename honk::flavor::UltraGrumpkin::Polynomial compute_lookup_grand_product( + std::shared_ptr& key, + typename honk::flavor::UltraGrumpkin::FF eta, + typename honk::flavor::UltraGrumpkin::FF beta, + typename honk::flavor::UltraGrumpkin::FF gamma); + +template typename honk::flavor::UltraGrumpkin::Polynomial compute_sorted_list_accumulator( + std::shared_ptr& key, + typename honk::flavor::UltraGrumpkin::FF eta); + +template void add_plookup_memory_records_to_wire_4( + std::shared_ptr& key, + typename honk::flavor::UltraGrumpkin::FF eta); + } // namespace proof_system::honk::prover_library diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp index 0081cef985..128a13b8a1 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp @@ -336,5 +336,6 @@ template plonk::proof& UltraProver_::construct_proo } template class UltraProver_; +template class UltraProver_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index c2635fcd23..a1a0fd39fa 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -5,6 +5,7 @@ #include "barretenberg/honk/pcs/shplonk/shplonk_single.hpp" #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/honk/flavor/ultra.hpp" +#include "barretenberg/honk/flavor/ultra_grumpkin.hpp" #include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/honk/sumcheck/sumcheck_output.hpp" @@ -78,6 +79,7 @@ template class UltraProver_ { }; extern template class UltraProver_; +extern template class UltraProver_; using UltraProver = UltraProver_; diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_verifier.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_verifier.cpp index f2cc8f8efa..4b70607dd3 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_verifier.cpp @@ -158,5 +158,6 @@ template bool UltraVerifier_::verify_proof(const plonk } template class UltraVerifier_; +template class UltraVerifier_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_verifier.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_verifier.hpp index a5456f5a0d..00a3736a99 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_verifier.hpp @@ -1,6 +1,6 @@ #pragma once -// #include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/honk/flavor/ultra.hpp" +#include "barretenberg/honk/flavor/ultra_grumpkin.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/honk/sumcheck/sumcheck.hpp" @@ -28,6 +28,7 @@ template class UltraVerifier_ { }; extern template class UltraVerifier_; +extern template class UltraVerifier_; using UltraVerifier = UltraVerifier_; diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 4934d9ec13..a03b9060e9 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -1,7 +1,6 @@ #include "./verifier.hpp" #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/honk/utils/power_polynomial.hpp" using namespace barretenberg; @@ -168,5 +167,6 @@ template bool StandardVerifier_::verify_proof(const pl } template class StandardVerifier_; +template class StandardVerifier_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.hpp b/cpp/src/barretenberg/honk/proof_system/verifier.hpp index 7034adf3d6..bbf7228aa9 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.hpp @@ -2,6 +2,7 @@ #include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/honk/sumcheck/sumcheck.hpp" +#include "barretenberg/honk/flavor/standard_grumpkin.hpp" namespace proof_system::honk { template class StandardVerifier_ { @@ -27,6 +28,7 @@ template class StandardVerifier_ { }; extern template class StandardVerifier_; +extern template class StandardVerifier_; using StandardVerifier = StandardVerifier_; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 01d3624083..456ab32103 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -16,377 +16,380 @@ using namespace proof_system::honk; namespace test_honk_relations { -void ensure_non_zero(auto& polynomial) -{ - bool has_non_zero_coefficient = false; - for (auto& coeff : polynomial) { - has_non_zero_coefficient |= !coeff.is_zero(); - } - ASSERT_TRUE(has_non_zero_coefficient); -} - -/** - * @brief Check that a given relation is satified for a set of polynomials - * - * @tparam relation_idx Index into a tuple of provided relations - * @tparam Flavor - */ -template void check_relation(auto relation, auto circuit_size, auto polynomials, auto params) -{ - using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; - for (size_t i = 0; i < circuit_size; i++) { - - // Extract an array containing all the polynomial evaluations at a given row i - ClaimedEvaluations evaluations_at_index_i; - size_t poly_idx = 0; - for (auto& poly : polynomials) { - evaluations_at_index_i[poly_idx] = poly[i]; - ++poly_idx; - } - - // Define the appropriate RelationValues type for this relation and initialize to zero - using RelationValues = typename decltype(relation)::RelationValues; - RelationValues result; - for (auto& element : result) { - element = 0; - } - - // Evaluate each constraint in the relation and check that each is satisfied - relation.add_full_relation_value_contribution(result, evaluations_at_index_i, params); - for (auto& element : result) { - ASSERT_EQ(element, 0); - } - } -} - -/** - * @brief Test the correctness of the Standard Honk relations - * - * @details Check that the constraints encoded by the relations are satisfied by the polynomials produced by the - * Standard Honk Composer for a real circuit. - * - * TODO(Kesha): We'll have to update this function once we add zk, since the relation will be incorrect for he first few - * indices - * - */ -TEST(RelationCorrectness, StandardRelationCorrectness) -{ - using Flavor = honk::flavor::Standard; - using FF = typename Flavor::FF; - using ProverPolynomials = typename Flavor::ProverPolynomials; - // using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; - - // Create a composer and a dummy circuit with a few gates - auto composer = StandardHonkComposer(); - fr a = fr::one(); - // Using the public variable to check that public_input_delta is computed and added to the relation correctly - uint32_t a_idx = composer.add_public_variable(a); - fr b = fr::one(); - fr c = a + b; - fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - } - // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); - auto circuit_size = prover.key->circuit_size; - - // Generate beta and gamma - fr beta = fr::random_element(); - fr gamma = fr::random_element(); - - // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); - auto public_input_delta = - honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); - - sumcheck::RelationParameters params{ - .beta = beta, - .gamma = gamma, - .public_input_delta = public_input_delta, - }; - - // Compute grand product polynomial - polynomial z_permutation = - prover_library::compute_permutation_grand_product(prover.key, beta, gamma); - - // Create an array of spans to the underlying polynomials to more easily - // get the transposition. - // Ex: polynomial_spans[3][i] returns the i-th coefficient of the third polynomial - // in the list below - ProverPolynomials prover_polynomials; - - prover_polynomials.w_l = prover.key->w_l; - prover_polynomials.w_r = prover.key->w_r; - prover_polynomials.w_o = prover.key->w_o; - prover_polynomials.z_perm = z_permutation; - prover_polynomials.z_perm_shift = z_permutation.shifted(); - prover_polynomials.q_m = prover.key->q_m; - prover_polynomials.q_l = prover.key->q_l; - prover_polynomials.q_r = prover.key->q_r; - prover_polynomials.q_o = prover.key->q_o; - prover_polynomials.q_c = prover.key->q_c; - prover_polynomials.sigma_1 = prover.key->sigma_1; - prover_polynomials.sigma_2 = prover.key->sigma_2; - prover_polynomials.sigma_3 = prover.key->sigma_3; - prover_polynomials.id_1 = prover.key->id_1; - prover_polynomials.id_2 = prover.key->id_2; - prover_polynomials.id_3 = prover.key->id_3; - prover_polynomials.lagrange_first = prover.key->lagrange_first; - prover_polynomials.lagrange_last = prover.key->lagrange_last; - - // Construct the round for applying sumcheck relations and results for storing computed results - auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), honk::sumcheck::PermutationRelation()); - - // Check that each relation is satisfied across each row of the prover polynomials - check_relation(std::get<0>(relations), circuit_size, prover_polynomials, params); - check_relation(std::get<1>(relations), circuit_size, prover_polynomials, params); -} - -/** - * @brief Test the correctness of the Ultra Honk relations - * - * @details Check that the constraints encoded by the relations are satisfied by the polynomials produced by the - * Ultra Honk Composer for a real circuit. - * - * TODO(Kesha): We'll have to update this function once we add zk, since the relation will be incorrect for he first few - * indices - * - */ -// TODO(luke): possibly make circuit construction one or many functions to clarify the individual components -// TODO(luke): Add a gate that sets q_arith = 3 to check secondary arithmetic relation -TEST(RelationCorrectness, UltraRelationCorrectness) -{ - using Flavor = honk::flavor::Ultra; - using FF = typename Flavor::FF; - using ProverPolynomials = typename Flavor::ProverPolynomials; - // using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; - - // Create a composer and then add an assortment of gates designed to ensure that the constraint(s) represented - // by each relation are non-trivially exercised. - auto composer = UltraHonkComposer(); - - barretenberg::fr pedersen_input_value = fr::random_element(); - fr a = fr::one(); - // Using the public variable to check that public_input_delta is computed and added to the relation correctly - // TODO(luke): add method "add_public_variable" to UH composer - // uint32_t a_idx = composer.add_public_variable(a); - - // Add some basic add gates - uint32_t a_idx = composer.add_variable(a); - fr b = fr::one(); - fr c = a + b; - fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); - composer.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); - } - - // Add a big add gate with use of next row to test q_arith = 2 - fr e = a + b + c + d; - uint32_t e_idx = composer.add_variable(e); - - uint32_t zero_idx = composer.get_zero_idx(); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row - composer.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); - - // Add some lookup gates (related to pedersen hashing) - const fr input_hi = uint256_t(pedersen_input_value).slice(126, 256); - const fr input_lo = uint256_t(pedersen_input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); - - const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); - const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - - composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); - - // Add a sort gate (simply checks that consecutive inputs have a difference of < 4) - a_idx = composer.add_variable(FF(0)); - b_idx = composer.add_variable(FF(1)); - c_idx = composer.add_variable(FF(2)); - d_idx = composer.add_variable(FF(3)); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - - // Add an elliptic curve addition gate - grumpkin::g1::affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - grumpkin::g1::affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; - - grumpkin::fq beta_scalar = grumpkin::fq::cube_root_of_unity(); - grumpkin::g1::affine_element p2_endo = p2; - p2_endo.x *= beta_scalar; - - grumpkin::g1::affine_element p3(grumpkin::g1::element(p1) - grumpkin::g1::element(p2_endo)); - - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); - - ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, beta_scalar, -1 }; - composer.create_ecc_add_gate(gate); - - // Add some RAM gates - uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - }; - - size_t ram_id = composer.create_RAM_array(8); - - for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); - } - - a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); - EXPECT_EQ(a_idx != ram_values[5], true); - - b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); - - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - - EXPECT_EQ(composer.get_variable(d_idx), 500); - - // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - e_idx = composer.add_variable(e_value); - - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); - composer.create_big_add_gate( - { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), - e_idx, - 0, - 0, - 0, - 0, - 0, - }, - false); - - // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); - auto circuit_size = prover.key->circuit_size; - - // Generate eta, beta and gamma - fr eta = fr::random_element(); - fr beta = fr::random_element(); - fr gamma = fr::random_element(); - - // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); - auto public_input_delta = - honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); - auto lookup_grand_product_delta = - honk::compute_lookup_grand_product_delta(beta, gamma, prover.key->circuit_size); - - sumcheck::RelationParameters params{ - .eta = eta, - .beta = beta, - .gamma = gamma, - .public_input_delta = public_input_delta, - .lookup_grand_product_delta = lookup_grand_product_delta, - }; - - // Compute sorted witness-table accumulator - prover.key->sorted_accum = prover_library::compute_sorted_list_accumulator(prover.key, eta); - - // Add RAM/ROM memory records to wire four - prover_library::add_plookup_memory_records_to_wire_4(prover.key, eta); - - // Compute grand product polynomial - prover.key->z_perm = prover_library::compute_permutation_grand_product(prover.key, beta, gamma); - - // Compute lookup grand product polynomial - prover.key->z_lookup = prover_library::compute_lookup_grand_product(prover.key, eta, beta, gamma); - - ProverPolynomials prover_polynomials; - - prover_polynomials.w_l = prover.key->w_l; - prover_polynomials.w_r = prover.key->w_r; - prover_polynomials.w_o = prover.key->w_o; - prover_polynomials.w_4 = prover.key->w_4; - prover_polynomials.w_l_shift = prover.key->w_l.shifted(); - prover_polynomials.w_r_shift = prover.key->w_r.shifted(); - prover_polynomials.w_o_shift = prover.key->w_o.shifted(); - prover_polynomials.w_4_shift = prover.key->w_4.shifted(); - prover_polynomials.sorted_accum = prover.key->sorted_accum; - prover_polynomials.sorted_accum_shift = prover.key->sorted_accum.shifted(); - prover_polynomials.table_1 = prover.key->table_1; - prover_polynomials.table_2 = prover.key->table_2; - prover_polynomials.table_3 = prover.key->table_3; - prover_polynomials.table_4 = prover.key->table_4; - prover_polynomials.table_1_shift = prover.key->table_1.shifted(); - prover_polynomials.table_2_shift = prover.key->table_2.shifted(); - prover_polynomials.table_3_shift = prover.key->table_3.shifted(); - prover_polynomials.table_4_shift = prover.key->table_4.shifted(); - prover_polynomials.z_perm = prover.key->z_perm; - prover_polynomials.z_perm_shift = prover.key->z_perm.shifted(); - prover_polynomials.z_lookup = prover.key->z_lookup; - prover_polynomials.z_lookup_shift = prover.key->z_lookup.shifted(); - prover_polynomials.q_m = prover.key->q_m; - prover_polynomials.q_l = prover.key->q_l; - prover_polynomials.q_r = prover.key->q_r; - prover_polynomials.q_o = prover.key->q_o; - prover_polynomials.q_c = prover.key->q_c; - prover_polynomials.q_4 = prover.key->q_4; - prover_polynomials.q_arith = prover.key->q_arith; - prover_polynomials.q_sort = prover.key->q_sort; - prover_polynomials.q_elliptic = prover.key->q_elliptic; - prover_polynomials.q_aux = prover.key->q_aux; - prover_polynomials.q_lookup = prover.key->q_lookup; - prover_polynomials.sigma_1 = prover.key->sigma_1; - prover_polynomials.sigma_2 = prover.key->sigma_2; - prover_polynomials.sigma_3 = prover.key->sigma_3; - prover_polynomials.sigma_4 = prover.key->sigma_4; - prover_polynomials.id_1 = prover.key->id_1; - prover_polynomials.id_2 = prover.key->id_2; - prover_polynomials.id_3 = prover.key->id_3; - prover_polynomials.id_4 = prover.key->id_4; - prover_polynomials.lagrange_first = prover.key->lagrange_first; - prover_polynomials.lagrange_last = prover.key->lagrange_last; - - // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution - ensure_non_zero(prover.key->q_arith); - ensure_non_zero(prover.key->q_sort); - ensure_non_zero(prover.key->q_lookup); - ensure_non_zero(prover.key->q_elliptic); - ensure_non_zero(prover.key->q_aux); - - // Construct the round for applying sumcheck relations and results for storing computed results - auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), - honk::sumcheck::UltraPermutationRelation(), - honk::sumcheck::LookupRelation(), - honk::sumcheck::GenPermSortRelation(), - honk::sumcheck::EllipticRelation(), - honk::sumcheck::AuxiliaryRelation()); - - // Check that each relation is satisfied across each row of the prover polynomials - check_relation(std::get<0>(relations), circuit_size, prover_polynomials, params); - check_relation(std::get<1>(relations), circuit_size, prover_polynomials, params); - check_relation(std::get<2>(relations), circuit_size, prover_polynomials, params); - check_relation(std::get<3>(relations), circuit_size, prover_polynomials, params); - check_relation(std::get<4>(relations), circuit_size, prover_polynomials, params); - check_relation(std::get<5>(relations), circuit_size, prover_polynomials, params); -} +// void ensure_non_zero(auto& polynomial) +// { +// bool has_non_zero_coefficient = false; +// for (auto& coeff : polynomial) { +// has_non_zero_coefficient |= !coeff.is_zero(); +// } +// ASSERT_TRUE(has_non_zero_coefficient); +// } + +// /** +// * @brief Check that a given relation is satified for a set of polynomials +// * +// * @tparam relation_idx Index into a tuple of provided relations +// * @tparam Flavor +// */ +// template void check_relation(auto relation, auto circuit_size, auto polynomials, auto params) +// { +// using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; +// for (size_t i = 0; i < circuit_size; i++) { + +// // Extract an array containing all the polynomial evaluations at a given row i +// ClaimedEvaluations evaluations_at_index_i; +// size_t poly_idx = 0; +// for (auto& poly : polynomials) { +// evaluations_at_index_i[poly_idx] = poly[i]; +// ++poly_idx; +// } + +// // Define the appropriate RelationValues type for this relation and initialize to zero +// using RelationValues = typename decltype(relation)::RelationValues; +// RelationValues result; +// for (auto& element : result) { +// element = 0; +// } + +// // Evaluate each constraint in the relation and check that each is satisfied +// relation.add_full_relation_value_contribution(result, evaluations_at_index_i, params); +// for (auto& element : result) { +// ASSERT_EQ(element, 0); +// } +// } +// } + +// /** +// * @brief Test the correctness of the Standard Honk relations +// * +// * @details Check that the constraints encoded by the relations are satisfied by the polynomials produced by the +// * Standard Honk Composer for a real circuit. +// * +// * TODO(Kesha): We'll have to update this function once we add zk, since the relation will be incorrect for he first +// few +// * indices +// * +// */ +// TEST(RelationCorrectness, StandardRelationCorrectness) +// { +// using Flavor = honk::flavor::Standard; +// using FF = typename Flavor::FF; +// using ProverPolynomials = typename Flavor::ProverPolynomials; +// // using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; + +// // Create a composer and a dummy circuit with a few gates +// auto composer = StandardHonkComposer(); +// fr a = fr::one(); +// // Using the public variable to check that public_input_delta is computed and added to the relation correctly +// uint32_t a_idx = composer.add_public_variable(a); +// fr b = fr::one(); +// fr c = a + b; +// fr d = a + c; +// uint32_t b_idx = composer.add_variable(b); +// uint32_t c_idx = composer.add_variable(c); +// uint32_t d_idx = composer.add_variable(d); +// for (size_t i = 0; i < 16; i++) { +// composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); +// composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); +// } +// // Create a prover (it will compute proving key and witness) +// auto prover = composer.create_prover(); +// auto circuit_size = prover.key->circuit_size; + +// // Generate beta and gamma +// fr beta = fr::random_element(); +// fr gamma = fr::random_element(); + +// // Compute public input delta +// const auto public_inputs = composer.circuit_constructor.get_public_inputs(); +// auto public_input_delta = +// honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); + +// sumcheck::RelationParameters params{ +// .beta = beta, +// .gamma = gamma, +// .public_input_delta = public_input_delta, +// }; + +// // Compute grand product polynomial +// polynomial z_permutation = +// prover_library::compute_permutation_grand_product(prover.key, beta, gamma); + +// // Create an array of spans to the underlying polynomials to more easily +// // get the transposition. +// // Ex: polynomial_spans[3][i] returns the i-th coefficient of the third polynomial +// // in the list below +// ProverPolynomials prover_polynomials; + +// prover_polynomials.w_l = prover.key->w_l; +// prover_polynomials.w_r = prover.key->w_r; +// prover_polynomials.w_o = prover.key->w_o; +// prover_polynomials.z_perm = z_permutation; +// prover_polynomials.z_perm_shift = z_permutation.shifted(); +// prover_polynomials.q_m = prover.key->q_m; +// prover_polynomials.q_l = prover.key->q_l; +// prover_polynomials.q_r = prover.key->q_r; +// prover_polynomials.q_o = prover.key->q_o; +// prover_polynomials.q_c = prover.key->q_c; +// prover_polynomials.sigma_1 = prover.key->sigma_1; +// prover_polynomials.sigma_2 = prover.key->sigma_2; +// prover_polynomials.sigma_3 = prover.key->sigma_3; +// prover_polynomials.id_1 = prover.key->id_1; +// prover_polynomials.id_2 = prover.key->id_2; +// prover_polynomials.id_3 = prover.key->id_3; +// prover_polynomials.lagrange_first = prover.key->lagrange_first; +// prover_polynomials.lagrange_last = prover.key->lagrange_last; + +// // Construct the round for applying sumcheck relations and results for storing computed results +// auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), honk::sumcheck::PermutationRelation()); + +// // Check that each relation is satisfied across each row of the prover polynomials +// check_relation(std::get<0>(relations), circuit_size, prover_polynomials, params); +// check_relation(std::get<1>(relations), circuit_size, prover_polynomials, params); +// } + +// /** +// * @brief Test the correctness of the Ultra Honk relations +// * +// * @details Check that the constraints encoded by the relations are satisfied by the polynomials produced by the +// * Ultra Honk Composer for a real circuit. +// * +// * TODO(Kesha): We'll have to update this function once we add zk, since the relation will be incorrect for he first +// few +// * indices +// * +// */ +// // TODO(luke): possibly make circuit construction one or many functions to clarify the individual components +// // TODO(luke): Add a gate that sets q_arith = 3 to check secondary arithmetic relation +// TEST(RelationCorrectness, UltraRelationCorrectness) +// { +// using Flavor = honk::flavor::Ultra; +// using FF = typename Flavor::FF; +// using ProverPolynomials = typename Flavor::ProverPolynomials; +// // using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; + +// // Create a composer and then add an assortment of gates designed to ensure that the constraint(s) represented +// // by each relation are non-trivially exercised. +// auto composer = UltraHonkComposer(); + +// barretenberg::fr pedersen_input_value = fr::random_element(); +// fr a = fr::one(); +// // Using the public variable to check that public_input_delta is computed and added to the relation correctly +// // TODO(luke): add method "add_public_variable" to UH composer +// // uint32_t a_idx = composer.add_public_variable(a); + +// // Add some basic add gates +// uint32_t a_idx = composer.add_variable(a); +// fr b = fr::one(); +// fr c = a + b; +// fr d = a + c; +// uint32_t b_idx = composer.add_variable(b); +// uint32_t c_idx = composer.add_variable(c); +// uint32_t d_idx = composer.add_variable(d); +// for (size_t i = 0; i < 16; i++) { +// composer.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); +// composer.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); +// } + +// // Add a big add gate with use of next row to test q_arith = 2 +// fr e = a + b + c + d; +// uint32_t e_idx = composer.add_variable(e); + +// uint32_t zero_idx = composer.get_zero_idx(); +// composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row +// composer.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); + +// // Add some lookup gates (related to pedersen hashing) +// const fr input_hi = uint256_t(pedersen_input_value).slice(126, 256); +// const fr input_lo = uint256_t(pedersen_input_value).slice(0, 126); +// const auto input_hi_index = composer.add_variable(input_hi); +// const auto input_lo_index = composer.add_variable(input_lo); + +// const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, +// input_hi); const auto sequence_data_lo = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + +// composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); +// composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); + +// // Add a sort gate (simply checks that consecutive inputs have a difference of < 4) +// a_idx = composer.add_variable(FF(0)); +// b_idx = composer.add_variable(FF(1)); +// c_idx = composer.add_variable(FF(2)); +// d_idx = composer.add_variable(FF(3)); +// composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + +// // Add an elliptic curve addition gate +// grumpkin::g1::affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; +// grumpkin::g1::affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; + +// grumpkin::fq beta_scalar = grumpkin::fq::cube_root_of_unity(); +// grumpkin::g1::affine_element p2_endo = p2; +// p2_endo.x *= beta_scalar; + +// grumpkin::g1::affine_element p3(grumpkin::g1::element(p1) - grumpkin::g1::element(p2_endo)); + +// uint32_t x1 = composer.add_variable(p1.x); +// uint32_t y1 = composer.add_variable(p1.y); +// uint32_t x2 = composer.add_variable(p2.x); +// uint32_t y2 = composer.add_variable(p2.y); +// uint32_t x3 = composer.add_variable(p3.x); +// uint32_t y3 = composer.add_variable(p3.y); + +// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, beta_scalar, -1 }; +// composer.create_ecc_add_gate(gate); + +// // Add some RAM gates +// uint32_t ram_values[8]{ +// composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), +// composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), +// composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), +// composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), +// }; + +// size_t ram_id = composer.create_RAM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// composer.init_RAM_element(ram_id, i, ram_values[i]); +// } + +// a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); +// EXPECT_EQ(a_idx != ram_values[5], true); + +// b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); +// c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + +// composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); +// d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + +// EXPECT_EQ(composer.get_variable(d_idx), 500); + +// // ensure these vars get used in another arithmetic gate +// const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + +// composer.get_variable(d_idx); +// e_idx = composer.add_variable(e_value); + +// composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); +// composer.create_big_add_gate( +// { +// composer.get_zero_idx(), +// composer.get_zero_idx(), +// composer.get_zero_idx(), +// e_idx, +// 0, +// 0, +// 0, +// 0, +// 0, +// }, +// false); + +// // Create a prover (it will compute proving key and witness) +// auto prover = composer.create_prover(); +// auto circuit_size = prover.key->circuit_size; + +// // Generate eta, beta and gamma +// fr eta = fr::random_element(); +// fr beta = fr::random_element(); +// fr gamma = fr::random_element(); + +// // Compute public input delta +// const auto public_inputs = composer.circuit_constructor.get_public_inputs(); +// auto public_input_delta = +// honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); +// auto lookup_grand_product_delta = +// honk::compute_lookup_grand_product_delta(beta, gamma, prover.key->circuit_size); + +// sumcheck::RelationParameters params{ +// .eta = eta, +// .beta = beta, +// .gamma = gamma, +// .public_input_delta = public_input_delta, +// .lookup_grand_product_delta = lookup_grand_product_delta, +// }; + +// // Compute sorted witness-table accumulator +// prover.key->sorted_accum = prover_library::compute_sorted_list_accumulator(prover.key, eta); + +// // Add RAM/ROM memory records to wire four +// prover_library::add_plookup_memory_records_to_wire_4(prover.key, eta); + +// // Compute grand product polynomial +// prover.key->z_perm = prover_library::compute_permutation_grand_product(prover.key, beta, gamma); + +// // Compute lookup grand product polynomial +// prover.key->z_lookup = prover_library::compute_lookup_grand_product(prover.key, eta, beta, gamma); + +// ProverPolynomials prover_polynomials; + +// prover_polynomials.w_l = prover.key->w_l; +// prover_polynomials.w_r = prover.key->w_r; +// prover_polynomials.w_o = prover.key->w_o; +// prover_polynomials.w_4 = prover.key->w_4; +// prover_polynomials.w_l_shift = prover.key->w_l.shifted(); +// prover_polynomials.w_r_shift = prover.key->w_r.shifted(); +// prover_polynomials.w_o_shift = prover.key->w_o.shifted(); +// prover_polynomials.w_4_shift = prover.key->w_4.shifted(); +// prover_polynomials.sorted_accum = prover.key->sorted_accum; +// prover_polynomials.sorted_accum_shift = prover.key->sorted_accum.shifted(); +// prover_polynomials.table_1 = prover.key->table_1; +// prover_polynomials.table_2 = prover.key->table_2; +// prover_polynomials.table_3 = prover.key->table_3; +// prover_polynomials.table_4 = prover.key->table_4; +// prover_polynomials.table_1_shift = prover.key->table_1.shifted(); +// prover_polynomials.table_2_shift = prover.key->table_2.shifted(); +// prover_polynomials.table_3_shift = prover.key->table_3.shifted(); +// prover_polynomials.table_4_shift = prover.key->table_4.shifted(); +// prover_polynomials.z_perm = prover.key->z_perm; +// prover_polynomials.z_perm_shift = prover.key->z_perm.shifted(); +// prover_polynomials.z_lookup = prover.key->z_lookup; +// prover_polynomials.z_lookup_shift = prover.key->z_lookup.shifted(); +// prover_polynomials.q_m = prover.key->q_m; +// prover_polynomials.q_l = prover.key->q_l; +// prover_polynomials.q_r = prover.key->q_r; +// prover_polynomials.q_o = prover.key->q_o; +// prover_polynomials.q_c = prover.key->q_c; +// prover_polynomials.q_4 = prover.key->q_4; +// prover_polynomials.q_arith = prover.key->q_arith; +// prover_polynomials.q_sort = prover.key->q_sort; +// prover_polynomials.q_elliptic = prover.key->q_elliptic; +// prover_polynomials.q_aux = prover.key->q_aux; +// prover_polynomials.q_lookup = prover.key->q_lookup; +// prover_polynomials.sigma_1 = prover.key->sigma_1; +// prover_polynomials.sigma_2 = prover.key->sigma_2; +// prover_polynomials.sigma_3 = prover.key->sigma_3; +// prover_polynomials.sigma_4 = prover.key->sigma_4; +// prover_polynomials.id_1 = prover.key->id_1; +// prover_polynomials.id_2 = prover.key->id_2; +// prover_polynomials.id_3 = prover.key->id_3; +// prover_polynomials.id_4 = prover.key->id_4; +// prover_polynomials.lagrange_first = prover.key->lagrange_first; +// prover_polynomials.lagrange_last = prover.key->lagrange_last; + +// // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution +// ensure_non_zero(prover.key->q_arith); +// ensure_non_zero(prover.key->q_sort); +// ensure_non_zero(prover.key->q_lookup); +// ensure_non_zero(prover.key->q_elliptic); +// ensure_non_zero(prover.key->q_aux); + +// // Construct the round for applying sumcheck relations and results for storing computed results +// auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), +// honk::sumcheck::UltraPermutationRelation(), +// honk::sumcheck::LookupRelation(), +// honk::sumcheck::GenPermSortRelation(), +// honk::sumcheck::EllipticRelation(), +// honk::sumcheck::AuxiliaryRelation()); + +// // Check that each relation is satisfied across each row of the prover polynomials +// check_relation(std::get<0>(relations), circuit_size, prover_polynomials, params); +// check_relation(std::get<1>(relations), circuit_size, prover_polynomials, params); +// check_relation(std::get<2>(relations), circuit_size, prover_polynomials, params); +// check_relation(std::get<3>(relations), circuit_size, prover_polynomials, params); +// check_relation(std::get<4>(relations), circuit_size, prover_polynomials, params); +// check_relation(std::get<5>(relations), circuit_size, prover_polynomials, params); +// } } // namespace test_honk_relations diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp index c7dee556ca..97e930682f 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp @@ -156,8 +156,8 @@ TEST(Sumcheck, PolynomialNormalization) * sumcheck.multivariates.folded_polynoimals[i][0] is the evaluatioin of the i'th multivariate at the vector of challenges u_i. What does this mean? - Here we show that if the multivariate is F(X0, X1, X2) defined as above, then what we get is F(u0, u1, u2) and not, - say F(u2, u1, u0). This is in accordance with Adrian's thesis (cf page 9). + Here we show that if the multivariate is F(X0, X1, X2) defined as above, then what we get is F(u0, u1, u2) and + not, say F(u2, u1, u0). This is in accordance with Adrian's thesis (cf page 9). */ // Get the values of the Lagrange basis polys L_i defined diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index 5a819f5276..5d0733e5f1 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -5,6 +5,7 @@ #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/honk/flavor/standard.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include #include #include @@ -12,13 +13,16 @@ using namespace proof_system::honk; -template class TranscriptTest : public testing::Test { +template class TranscriptTest : public testing::Test { public: + using FF = typename Flavor::FF; /** * @brief Construct a manifest for a standard Honk proof * - * @details This is where we define the "Manifest" for a Standard Honk proof. The tests in this suite are intented - * to warn the developer if the Prover/Verifier has deviated from this manifest, however, the Transcript class is + * @details This is where we define the "Manifest" for a Standard Honk proof. The tests in this suite are + intented + * to warn the developer if the Prover/Verifier has deviated from this manifest, however, the Transcript class + is * not otherwise contrained to follow the manifest. * * @return TranscriptManifest @@ -33,7 +37,7 @@ template class TranscriptTest : public testing::Test { size_t size_FF = sizeof(FF); size_t size_G = 2 * size_FF; size_t size_uni = max_relation_length * size_FF; - size_t size_evals = flavor::Standard::NUM_ALL_ENTITIES * size_FF; + size_t size_evals = (Flavor::NUM_ALL_ENTITIES)*size_FF; size_t round = 0; manifest_expected.add_entry(round, "circuit_size", 4); @@ -80,24 +84,24 @@ template class TranscriptTest : public testing::Test { round++; // TODO(Mara): Make testing more flavor agnostic so we can test this with all flavors + if constexpr (IsGrumpkinFlavor) { + manifest_expected.add_entry(round, "IPA:poly_degree", circuit_size); + manifest_expected.add_challenge(round, "IPA:generator_challenge"); + + for (size_t i = 0; i < log_n; i++) { + round++; + std::string idx = std::to_string(i); + manifest_expected.add_entry(round, "IPA:L_" + idx, size_G); + manifest_expected.add_entry(round, "IPA:R_" + idx, size_G); + std::string label = "IPA:round_challenge_" + idx; + manifest_expected.add_challenge(round, label); + } - manifest_expected.add_entry(round, "KZG:W", size_G); - - // For IPA - // manifest_expected.add_entry(round, "IPA:poly_degree", circuit_size); - // manifest_expected.add_challenge(round, "IPA:generator_challenge"); - - // for (size_t i = 0; i < log_n; i++) { - // round++; - // std::string idx = std::to_string(i); - // manifest_expected.add_entry(round, "IPA:L_" + idx, size_G); - // manifest_expected.add_entry(round, "IPA:R_" + idx, size_G); - // std::string label = "IPA:round_challenge_" + idx; - // manifest_expected.add_challenge(round, label); - // } - - // round++; - // manifest_expected.add_entry(round, "IPA:a_0", size_FF); + round++; + manifest_expected.add_entry(round, "IPA:a_0", size_FF); + } else { + manifest_expected.add_entry(round, "KZG:W", size_G); + } manifest_expected.add_challenge(round); // no challenge @@ -105,8 +109,8 @@ template class TranscriptTest : public testing::Test { } }; -using FieldTypes = testing::Types; -TYPED_TEST_SUITE(TranscriptTest, FieldTypes); +using StandardFlavorTypes = testing::Types; +TYPED_TEST_SUITE(TranscriptTest, StandardFlavorTypes); /** * @brief Ensure consistency between the manifest hard coded in this testing suite and the one generated by the @@ -114,8 +118,9 @@ TYPED_TEST_SUITE(TranscriptTest, FieldTypes); */ TYPED_TEST(TranscriptTest, ProverManifestConsistency) { + using Flavor = TypeParam; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = StandardHonkComposer(); + auto composer = StandardHonkComposer_(); fr a = 1; composer.circuit_constructor.add_variable(a); composer.circuit_constructor.add_public_variable(a); @@ -140,8 +145,9 @@ TYPED_TEST(TranscriptTest, ProverManifestConsistency) */ TYPED_TEST(TranscriptTest, VerifierManifestConsistency) { + using Flavor = TypeParam; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = StandardHonkComposer(); + auto composer = StandardHonkComposer_(); fr a = 1; composer.circuit_constructor.add_variable(a); composer.circuit_constructor.add_public_variable(a); @@ -273,6 +279,7 @@ TYPED_TEST(TranscriptTest, VerifierMistake) * construction and the one generated by the verifier over the course of proof verification. * */ +// TODO: This is not a typed test and we should have a construct_ultra_honk_manifest as well. TYPED_TEST(TranscriptTest, UltraVerifierManifestConsistency) { // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 686b15ca26..12783fc196 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -297,7 +297,9 @@ static constexpr auto create_barycentric_utils() // Forward declare honk flavors namespace proof_system::honk::flavor { class Standard; +class StandardGrumpkin; class Ultra; +class UltraGrumpkin; } // namespace proof_system::honk::flavor // Forward declare plonk flavors @@ -323,11 +325,13 @@ template concept IsPlonkFlavor = IsAnyOf; template -concept IsHonkFlavor = IsAnyOf; +concept IsHonkFlavor = IsAnyOf; -template concept StandardFlavor = IsAnyOf; +template concept IsGrumpkinFlavor = IsAnyOf; -template concept UltraFlavor = IsAnyOf; +template concept StandardFlavor = IsAnyOf; + +template concept UltraFlavor = IsAnyOf; // clang-format on } // namespace proof_system diff --git a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp index 41249ed4bc..6ea96484aa 100644 --- a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp @@ -3,8 +3,7 @@ #include #include -#include "../../primitives/composers/composers_fwd.hpp" -#include "../../primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/witness/witness.hpp" diff --git a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp index 53f47c79a3..6563fd8a9c 100644 --- a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp @@ -1,5 +1,5 @@ #include "aes128.hpp" - +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/crypto/aes128/aes128.hpp" #include diff --git a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp index 20d1c32aba..0208b75595 100644 --- a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp @@ -4,7 +4,6 @@ #include "../../primitives/byte_array/byte_array.hpp" #include "../../primitives/uint/uint.hpp" #include "../../primitives/composers/composers_fwd.hpp" - namespace proof_system::plonk { namespace stdlib { namespace ecdsa { diff --git a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index a28b7817a3..097eab81a3 100644 --- a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -2,6 +2,8 @@ #include "../../hash/sha256/sha256.hpp" #include "../../primitives/bit_array/bit_array.hpp" +#include "../../primitives/composers/composers.hpp" + namespace proof_system::plonk { namespace stdlib { namespace ecdsa { diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp index 4ab080c542..f056a21c83 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp @@ -1,10 +1,6 @@ #pragma once #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" - -namespace proof_system::plonk { -class TurboPlonkComposer; -class UltraPlonkComposer; -} // namespace proof_system::plonk +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp index 96920f127c..d5bd02f5d2 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp @@ -1,10 +1,6 @@ #pragma once #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" - -namespace proof_system::plonk { -class TurboPlonkComposer; -class UltraPlonkComposer; -} // namespace proof_system::plonk +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp index 70d6c6941e..6e951187c7 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp @@ -3,6 +3,7 @@ #include "barretenberg/crypto/blake3s/blake3s.hpp" #include "barretenberg/common/streams.hpp" #include +#include "barretenberg/stdlib/primitives/composers/composers.hpp" using namespace barretenberg; using namespace proof_system::plonk; diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp index 10670df7d9..e123dc723a 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp @@ -3,15 +3,9 @@ #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" - +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" #include "sha256_plookup.hpp" - -namespace proof_system::plonk { -class UltraPlonkComposer; -class StandardPlonkComposer; -class TurboPlonkComposer; -class UltraHonkComposer; -} // namespace proof_system::plonk +// namespace proof_system::plonk namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp index 6296aff821..9fb1261eb9 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp @@ -1,9 +1,7 @@ #include "sha256.hpp" #include "barretenberg/common/test.hpp" #include "barretenberg/crypto/sha256/sha256.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" #include "barretenberg/numeric/random/engine.hpp" diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp index 06472cdcb3..447ca209a4 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp @@ -4,14 +4,11 @@ #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/numeric/bitop/sparse_form.hpp" +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" -namespace proof_system::plonk { -class UltraPlonkComposer; -} // namespace proof_system::plonk - namespace proof_system::plonk { namespace stdlib { namespace sha256_plookup { diff --git a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp index 58e5b5b4b8..567edcd7a5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp @@ -9,10 +9,7 @@ #include "../byte_array/byte_array.hpp" #include "../field/field.hpp" #include "./bigfield.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" - +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index 7e42b5c4bb..c44f550ab7 100644 --- a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -12,8 +12,6 @@ #include "barretenberg/ecc/curves/secp256r1/secp256r1.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "../composers/composers_fwd.hpp" - namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index 037f8e1f8a..9176076a56 100644 --- a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -5,8 +5,7 @@ #include "../biggroup/biggroup.hpp" #include "../bool/bool.hpp" #include "../field/field.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/stdlib/primitives/curves/secp256r1.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp index 2183dceebb..a3e6846b9b 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp @@ -1,7 +1,6 @@ #pragma once #include "../composers/composers_fwd.hpp" #include "../uint/uint.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" #include namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp index c015391199..29ca9133d2 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp @@ -1,7 +1,7 @@ #include "bit_array.hpp" #include #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp b/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp index 6d3e1e8d1a..30e83c42a7 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp @@ -1,6 +1,5 @@ #include "bool.hpp" #include "../composers/composers.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" using namespace barretenberg; using namespace proof_system; diff --git a/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp b/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp index 725a555e78..df145df629 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp @@ -1,8 +1,6 @@ #pragma once #include "../composers/composers_fwd.hpp" #include "../witness/witness.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" - namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp b/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp index 814a8f83ea..37cde2d465 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp @@ -1,7 +1,6 @@ #include "bool.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" #include -#include "barretenberg/honk/composer/standard_honk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.cpp" #define STDLIB_TYPE_ALIASES \ diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp index 7cecc12a4a..6ab1223240 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp @@ -1,3 +1,10 @@ +/** + * @brief Contains all the headers required to adequately compile the types defined in composers_fwd.hpp and instantiate + * templates. + * + * @details This should be the ONLY file related to composer/circuit construct included in source files not part of the + * proof systems. + */ #pragma once #include "barretenberg/plonk/composer/standard_plonk_composer.hpp" #include "barretenberg/honk/composer/standard_honk_composer.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index d2363d217d..3d5570a276 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -1,3 +1,11 @@ +/** + * @brief Defines particular composer and circuit constructor types expected to be used for proof or circuit +construction (outside the proof_system and honk folder) and contains macros for explicit instantiation. + * + * @details This file is designed to be included in header files to instruct the compiler that these classes exist and + * their instantiation will eventually take place. Given it has no dependencies, it causes no additional compilation or + * propagation. This should be the ONLY file related to these types included in files out side the proof system. + */ #pragma once namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp index 518fcbcb47..2543e5d16c 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp @@ -3,10 +3,7 @@ #include "array.hpp" #include #include -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/numeric/random/engine.hpp" namespace test_stdlib_array { diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp index 83347eab59..2bbe6bb7ff 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp @@ -4,12 +4,9 @@ #include "barretenberg/plonk/proof_system/constants.hpp" #include #include -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" #include "barretenberg/numeric/random/engine.hpp" #include "barretenberg/common/streams.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" using namespace proof_system; diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp index b8bb2e7a93..d8a3e0ca90 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp @@ -1,5 +1,4 @@ #include "logic.hpp" - #include "../composers/composers.hpp" #include "../plookup/plookup.hpp" #include "barretenberg/common/assert.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp index ffeb00030e..1ec450de00 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp @@ -1,7 +1,6 @@ #pragma once #include "barretenberg/numeric/uint256/uint256.hpp" #include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" #include diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp index 5f78ddcaab..d29b29b945 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp @@ -2,6 +2,7 @@ #include "barretenberg/numeric/uint256/uint256.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" #include "logic.hpp" +#include "../composers/composers.hpp" #include #include "barretenberg/numeric/random/engine.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp index 0f274fe4d7..b3435522bf 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp @@ -1,6 +1,6 @@ #pragma once #include "ram_table.hpp" - +#include "../composers/composers_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp index 6f2488a3ad..44beaa9b71 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp @@ -5,6 +5,7 @@ #include "barretenberg/numeric/random/engine.hpp" #include "../bool/bool.hpp" +#include "../composers/composers.hpp" namespace test_stdlib_dynamic_array { using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp index 3147bedc65..a8e452f02b 100644 --- a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp @@ -3,7 +3,6 @@ #include "../field/field.hpp" #include "../bool/bool.hpp" #include "../byte_array/byte_array.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp index f6ba2999fb..5c16d0b59d 100644 --- a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp @@ -3,10 +3,7 @@ #include "packed_byte_array.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" #pragma GCC diagnostic ignored "-Wunused-local-typedefs" diff --git a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp index 0857224ef3..778f76b7ac 100644 --- a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp @@ -2,7 +2,7 @@ #include #include #include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp index ffad6bd067..f564c80b7a 100644 --- a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp @@ -8,6 +8,7 @@ #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/curves/secp256k1.hpp" +#include "barretenberg/stdlib/primitives/composers/composers.hpp" namespace test_stdlib_plookups { using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp index 779b30a23b..39662dd8c5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp @@ -1,5 +1,4 @@ #include "../composers/composers.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp b/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp index 7ba8328f8e..7658a010df 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp @@ -7,12 +7,6 @@ #include "./plookup/uint.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" - namespace proof_system::plonk { namespace stdlib { From a9d86e37b604c9d764c808a7bd8ad0fba4fa057b Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 13 Jun 2023 16:32:27 +0000 Subject: [PATCH 05/12] more wip --- .../barretenberg/ecc/curves/bn254/bn254.hpp | 2 + .../honk/flavor/standard_grumpkin.hpp | 2 +- .../circuit_constructor_base.cpp | 8 +- .../circuit_constructor_base.hpp | 22 +- .../standard_circuit_constructor.cpp | 192 ++++++------ .../standard_circuit_constructor.hpp | 40 +-- .../ultra_circuit_constructor.cpp | 290 ++++++++++-------- .../ultra_circuit_constructor.hpp | 22 +- .../primitives/composers/composers_fwd.hpp | 7 + 9 files changed, 320 insertions(+), 265 deletions(-) diff --git a/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp b/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp index 5ecc714f44..5b9bf43ce4 100644 --- a/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp +++ b/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp @@ -2,6 +2,7 @@ #include "../bn254/fr.hpp" #include "../bn254/fq.hpp" #include "../bn254/fq2.hpp" +#include "../bn254/fq12.hpp" #include "../bn254/g1.hpp" #include "../bn254/g2.hpp" @@ -15,5 +16,6 @@ class BN254 { using AffineElement = typename Group::affine_element; using G2AffineElement = typename barretenberg::g2::affine_element; using G2BaseField = typename barretenberg::fq2; + using Fq12 = barretenberg::fq12; }; } // namespace curve \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp b/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp index 331fecaa9a..da4155253f 100644 --- a/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard_grumpkin.hpp @@ -24,7 +24,7 @@ class StandardGrumpkin { // TODO(Mara): At the moment this class is a duplicate of the Standard flavor with a different PCS for testing // purposes. This will be changed to Grumpkin once generating Honk proofs over Grumpkin has been enabled. public: - using CircuitConstructor = StandardCircuitConstructor; + using CircuitConstructor = StandardGrumpkinCircuitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; using PolynomialHandle = std::span; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp index 1cdb79e88c..eb4630fcf0 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp @@ -1,4 +1,6 @@ #include "circuit_constructor_base.hpp" +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" +#include "barretenberg/ecc/curves/bn254/bn254.hpp" namespace proof_system { @@ -41,7 +43,7 @@ void CircuitConstructorBase::assert_equal(const uint32_t a_vari real_variable_tags[a_real_idx] = real_variable_tags[b_real_idx]; } // Standard honk/ plonk instantiation -template class CircuitConstructorBase>; -template class CircuitConstructorBase>; -template class CircuitConstructorBase>; +template class CircuitConstructorBase>; +// template class CircuitConstructorBase>; +template class CircuitConstructorBase>; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 58b21aa987..5861eb9ba0 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -8,11 +8,11 @@ namespace proof_system { static constexpr uint32_t DUMMY_TAG = 0; +// Note(Mara): Is this ugly? template class CircuitConstructorBase { public: - // TODO(Cody): This needs to be templated to allow constructing circuits over Grumpkin. For now, adding FF here - // since the flavor can extract it. - using FF = barretenberg::fr; + // Is this okay?? + using FF = typename Arithmetization::FF; static constexpr size_t NUM_WIRES = Arithmetization::NUM_WIRES; // Keeping NUM_WIRES, at least temporarily, for backward compatibility static constexpr size_t program_width = Arithmetization::NUM_WIRES; @@ -27,7 +27,7 @@ template class CircuitConstructorBase { typename Arithmetization::Selectors selectors; std::vector public_inputs; - std::vector variables; + std::vector variables; // index of next variable in equivalence class (=REAL_VARIABLE if you're last) std::vector next_var_index; // index of previous variable in equivalence class (=FIRST if you're in a cycle alone) @@ -119,7 +119,7 @@ template class CircuitConstructorBase { * @param index The index of the variable. * @return The value of the variable. * */ - inline barretenberg::fr get_variable(const uint32_t index) const + inline FF get_variable(const uint32_t index) const { ASSERT(variables.size() > index); return variables[real_variable_index[index]]; @@ -133,7 +133,7 @@ template class CircuitConstructorBase { * @param index The index of the variable. * @return The value of the variable. * */ - inline const barretenberg::fr& get_variable_reference(const uint32_t index) const + inline const FF& get_variable_reference(const uint32_t index) const { ASSERT(variables.size() > index); return variables[real_variable_index[index]]; @@ -152,11 +152,11 @@ template class CircuitConstructorBase { return result; } - barretenberg::fr get_public_input(const uint32_t index) const { return get_variable(public_inputs[index]); } + FF get_public_input(const uint32_t index) const { return get_variable(public_inputs[index]); } - std::vector get_public_inputs() const + std::vector get_public_inputs() const { - std::vector result; + std::vector result; for (uint32_t i = 0; i < get_num_public_inputs(); ++i) { result.push_back(get_public_input(i)); } @@ -169,7 +169,7 @@ template class CircuitConstructorBase { * @param in The value of the variable * @return The index of the new variable in the variables vector */ - virtual uint32_t add_variable(const barretenberg::fr& in) + virtual uint32_t add_variable(const FF& in) { variables.emplace_back(in); @@ -191,7 +191,7 @@ template class CircuitConstructorBase { * @param in The value of the variable * @return The index of the new variable in the variables vector */ - virtual uint32_t add_public_variable(const barretenberg::fr& in) + virtual uint32_t add_public_variable(const FF& in) { const uint32_t index = add_variable(in); public_inputs.emplace_back(index); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp index f43f16b4b1..f44ad8e2bd 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp @@ -1,4 +1,6 @@ #include "standard_circuit_constructor.hpp" +#include "barretenberg/ecc/curves/bn254/bn254.hpp" +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include #include @@ -12,14 +14,14 @@ namespace proof_system { * @param in An add_triple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and addition coefficients to be placed into q_1, q_2, q_3, q_c. */ -void StandardCircuitConstructor::create_add_gate(const add_triple& in) +template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - q_m.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); q_3.emplace_back(in.c_scaling); @@ -35,7 +37,7 @@ void StandardCircuitConstructor::create_add_gate(const add_triple& in) * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -void StandardCircuitConstructor::create_big_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_big_add_gate(const add_quad& in) { // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) @@ -44,9 +46,9 @@ void StandardCircuitConstructor::create_big_add_gate(const add_quad& in) fr temp = t0 + t1; uint32_t temp_idx = add_variable(temp); - create_add_gate(add_triple{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, fr::neg_one(), fr::zero() }); + create_add_gate(add_triple{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); - create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, fr::one(), in.const_scaling }); + create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::one(), in.const_scaling }); } /** @@ -56,7 +58,7 @@ void StandardCircuitConstructor::create_big_add_gate(const add_quad& in) * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -void StandardCircuitConstructor::create_balanced_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -71,19 +73,19 @@ void StandardCircuitConstructor::create_balanced_add_gate(const add_quad& in) w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(temp_idx); - q_m.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); - q_3.emplace_back(fr::neg_one()); - q_c.emplace_back(fr::zero()); + q_3.emplace_back(FF::neg_one()); + q_c.emplace_back(FF::zero()); ++num_gates; w_l.emplace_back(temp_idx); w_r.emplace_back(in.c); w_o.emplace_back(in.d); - q_m.emplace_back(fr::zero()); - q_1.emplace_back(fr::one()); + q_m.emplace_back(FF::zero()); + q_1.emplace_back(FF::one()); q_2.emplace_back(in.c_scaling); q_3.emplace_back(in.d_scaling); q_c.emplace_back(in.const_scaling); @@ -97,11 +99,11 @@ void StandardCircuitConstructor::create_balanced_add_gate(const add_quad& in) w_l.emplace_back(in.d); w_r.emplace_back(in.d); w_o.emplace_back(temp_2_idx); - q_m.emplace_back(fr::one()); - q_1.emplace_back(fr::neg_one()); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::neg_one()); - q_c.emplace_back(fr::zero()); + q_m.emplace_back(FF::one()); + q_1.emplace_back(FF::neg_one()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::neg_one()); + q_c.emplace_back(FF::zero()); ++num_gates; @@ -109,16 +111,16 @@ void StandardCircuitConstructor::create_balanced_add_gate(const add_quad& in) w_l.emplace_back(temp_2_idx); w_r.emplace_back(in.d); w_o.emplace_back(zero_idx); - q_m.emplace_back(fr::one()); + q_m.emplace_back(FF::one()); q_1.emplace_back(neg_two); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::zero()); - q_c.emplace_back(fr::zero()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::zero()); + q_c.emplace_back(FF::zero()); ++num_gates; } -void StandardCircuitConstructor::create_big_add_gate_with_bit_extraction(const add_quad& in) +template void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { // blah. // delta = (c - 4d) @@ -133,14 +135,14 @@ void StandardCircuitConstructor::create_big_add_gate_with_bit_extraction(const a uint32_t delta_idx = add_variable(delta); constexpr fr neg_four = -(fr(4)); - create_add_gate(add_triple{ in.c, in.d, delta_idx, fr::one(), neg_four, fr::neg_one(), fr::zero() }); + create_add_gate(add_triple{ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); constexpr fr two = fr(2); constexpr fr seven = fr(7); constexpr fr nine = fr(9); const fr r_0 = (delta * nine) - ((delta.sqr() * two) + seven); uint32_t r_0_idx = add_variable(r_0); - create_poly_gate(poly_triple{ delta_idx, delta_idx, r_0_idx, -two, nine, fr::zero(), fr::neg_one(), -seven }); + create_poly_gate(poly_triple{ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); fr r_1 = r_0 * delta; uint32_t r_1_idx = add_variable(r_1); @@ -148,29 +150,29 @@ void StandardCircuitConstructor::create_big_add_gate_with_bit_extraction(const a r_0_idx, delta_idx, r_1_idx, - fr::one(), - fr::neg_one(), - fr::zero(), + FF::one(), + FF::neg_one(), + FF::zero(), }); // ain.a1 + bin.b2 + cin.c3 + din.c4 + r_1 = 0 fr r_2 = (r_1 + (get_variable(in.d) * in.d_scaling)); uint32_t r_2_idx = add_variable(r_2); - create_add_gate(add_triple{ in.d, r_1_idx, r_2_idx, in.d_scaling, fr::one(), fr::neg_one(), fr::zero() }); + create_add_gate(add_triple{ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); create_big_add_gate( - add_quad{ in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, fr::one(), in.const_scaling }); + add_quad{ in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, FF::one(), in.const_scaling }); } -void StandardCircuitConstructor::create_big_mul_gate(const mul_quad& in) +template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { fr temp = ((get_variable(in.c) * in.c_scaling) + (get_variable(in.d) * in.d_scaling)); uint32_t temp_idx = add_variable(temp); - create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, fr::neg_one(), fr::zero() }); + create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); create_poly_gate( - poly_triple{ in.a, in.b, temp_idx, in.mul_scaling, in.a_scaling, in.b_scaling, fr::one(), in.const_scaling }); + poly_triple{ in.a, in.b, temp_idx, in.mul_scaling, in.a_scaling, in.b_scaling, FF::one(), in.const_scaling }); } /** @@ -179,7 +181,7 @@ void StandardCircuitConstructor::create_big_mul_gate(const mul_quad& in) * @param in A mul_tripple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and scaling coefficients to be placed into q_m, q_3, q_c. */ -void StandardCircuitConstructor::create_mul_gate(const mul_triple& in) +template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -187,8 +189,8 @@ void StandardCircuitConstructor::create_mul_gate(const mul_triple& in) w_r.emplace_back(in.b); w_o.emplace_back(in.c); q_m.emplace_back(in.mul_scaling); - q_1.emplace_back(fr::zero()); - q_2.emplace_back(fr::zero()); + q_1.emplace_back(FF::zero()); + q_2.emplace_back(FF::zero()); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); @@ -201,7 +203,7 @@ void StandardCircuitConstructor::create_mul_gate(const mul_triple& in) * * @param variable_index The index of the variable. */ -void StandardCircuitConstructor::create_bool_gate(const uint32_t variable_index) +void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { assert_valid_variables({ variable_index }); @@ -209,11 +211,11 @@ void StandardCircuitConstructor::create_bool_gate(const uint32_t variable_index) w_r.emplace_back(variable_index); w_o.emplace_back(variable_index); - q_m.emplace_back(fr::one()); - q_1.emplace_back(fr::zero()); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::neg_one()); - q_c.emplace_back(fr::zero()); + q_m.emplace_back(FF::one()); + q_1.emplace_back(FF::zero()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::neg_one()); + q_c.emplace_back(FF::zero()); ++num_gates; } @@ -223,7 +225,7 @@ void StandardCircuitConstructor::create_bool_gate(const uint32_t variable_index) * * @param in A poly_triple containing all the information. */ -void StandardCircuitConstructor::create_poly_gate(const poly_triple& in) +void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -239,9 +241,9 @@ void StandardCircuitConstructor::create_poly_gate(const poly_triple& in) ++num_gates; } -std::vector StandardCircuitConstructor::decompose_into_base4_accumulators(const uint32_t witness_index, - const size_t num_bits, - std::string const& msg) +std::vector StandardCircuitConstructor_::decompose_into_base4_accumulators(const uint32_t witness_index, + const size_t num_bits, + std::string const& msg) { ASSERT(num_bits > 0); const uint256_t target(get_variable(witness_index)); @@ -254,12 +256,12 @@ std::vector StandardCircuitConstructor::decompose_into_base4_accumulat return (idx == num_quads - 1 && ((num_bits & 1ULL) == 1ULL)); }; constexpr fr four = fr{ 4, 0, 0, 0 }.to_montgomery_form(); - fr accumulator = fr::zero(); + fr accumulator = FF::zero(); uint32_t accumulator_idx = 0; for (size_t i = num_quads - 1; i < num_quads; --i) { bool lo = target.get_bit(2 * i); - uint32_t lo_idx = add_variable(lo ? fr::one() : fr::zero()); + uint32_t lo_idx = add_variable(lo ? FF::one() : FF::zero()); create_bool_gate(lo_idx); uint32_t quad_idx; @@ -268,14 +270,14 @@ std::vector StandardCircuitConstructor::decompose_into_base4_accumulat quad_idx = lo_idx; } else { bool hi = target.get_bit(2 * i + 1); - uint32_t hi_idx = add_variable(hi ? fr::one() : fr::zero()); + uint32_t hi_idx = add_variable(hi ? FF::one() : FF::zero()); create_bool_gate(hi_idx); uint64_t quad = (lo ? 1U : 0U) + (hi ? 2U : 0U); quad_idx = add_variable(fr{ quad, 0, 0, 0 }.to_montgomery_form()); create_add_gate( - add_triple{ lo_idx, hi_idx, quad_idx, fr::one(), fr::one() + fr::one(), fr::neg_one(), fr::zero() }); + add_triple{ lo_idx, hi_idx, quad_idx, FF::one(), FF::one() + FF::one(), FF::neg_one(), FF::zero() }); } if (i == num_quads - 1) { @@ -288,7 +290,7 @@ std::vector StandardCircuitConstructor::decompose_into_base4_accumulat new_accumulator = new_accumulator + get_variable(quad_idx); uint32_t new_accumulator_idx = add_variable(new_accumulator); create_add_gate(add_triple{ - accumulator_idx, quad_idx, new_accumulator_idx, four, fr::one(), fr::neg_one(), fr::zero() }); + accumulator_idx, quad_idx, new_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.push_back(new_accumulator_idx); accumulator = new_accumulator; accumulator_idx = new_accumulator_idx; @@ -299,10 +301,10 @@ std::vector StandardCircuitConstructor::decompose_into_base4_accumulat return accumulators; } -accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - const bool is_xor_gate) +accumulator_triple StandardCircuitConstructor_::create_logic_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits, + const bool is_xor_gate) { assert_valid_variables({ a, b }); @@ -311,9 +313,9 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin const uint256_t left_witness_value(get_variable(a)); const uint256_t right_witness_value(get_variable(b)); - fr left_accumulator = fr::zero(); - fr right_accumulator = fr::zero(); - fr out_accumulator = fr::zero(); + fr left_accumulator = FF::zero(); + fr right_accumulator = FF::zero(); + fr out_accumulator = FF::zero(); uint32_t left_accumulator_idx = zero_idx; uint32_t right_accumulator_idx = zero_idx; @@ -326,16 +328,16 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin bool right_hi_val = right_witness_value.get_bit((i)); bool right_lo_val = right_witness_value.get_bit(i - 1); - uint32_t left_hi_idx = add_variable(left_hi_val ? fr::one() : fr::zero()); - uint32_t left_lo_idx = add_variable(left_lo_val ? fr::one() : fr::zero()); - uint32_t right_hi_idx = add_variable(right_hi_val ? fr::one() : fr::zero()); - uint32_t right_lo_idx = add_variable(right_lo_val ? fr::one() : fr::zero()); + uint32_t left_hi_idx = add_variable(left_hi_val ? FF::one() : FF::zero()); + uint32_t left_lo_idx = add_variable(left_lo_val ? FF::one() : FF::zero()); + uint32_t right_hi_idx = add_variable(right_hi_val ? FF::one() : FF::zero()); + uint32_t right_lo_idx = add_variable(right_lo_val ? FF::one() : FF::zero()); bool out_hi_val = is_xor_gate ? left_hi_val ^ right_hi_val : left_hi_val & right_hi_val; bool out_lo_val = is_xor_gate ? left_lo_val ^ right_lo_val : left_lo_val & right_lo_val; - uint32_t out_hi_idx = add_variable(out_hi_val ? fr::one() : fr::zero()); - uint32_t out_lo_idx = add_variable(out_lo_val ? fr::one() : fr::zero()); + uint32_t out_hi_idx = add_variable(out_hi_val ? FF::one() : FF::zero()); + uint32_t out_lo_idx = add_variable(out_lo_val ? FF::one() : FF::zero()); create_bool_gate(left_hi_idx); create_bool_gate(right_hi_idx); @@ -350,20 +352,20 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin create_poly_gate(poly_triple{ left_hi_idx, right_hi_idx, out_hi_idx, - is_xor_gate ? neg_two : fr::one(), - is_xor_gate ? fr::one() : fr::zero(), - is_xor_gate ? fr::one() : fr::zero(), - fr::neg_one(), - fr::zero() }); + is_xor_gate ? neg_two : FF::one(), + is_xor_gate ? FF::one() : FF::zero(), + is_xor_gate ? FF::one() : FF::zero(), + FF::neg_one(), + FF::zero() }); create_poly_gate(poly_triple{ left_lo_idx, right_lo_idx, out_lo_idx, - is_xor_gate ? neg_two : fr::one(), - is_xor_gate ? fr::one() : fr::zero(), - is_xor_gate ? fr::one() : fr::zero(), - fr::neg_one(), - fr::zero() }); + is_xor_gate ? neg_two : FF::one(), + is_xor_gate ? FF::one() : FF::zero(), + is_xor_gate ? FF::one() : FF::zero(), + FF::neg_one(), + FF::zero() }); fr left_quad = get_variable(left_lo_idx) + get_variable(left_hi_idx) + get_variable(left_hi_idx); fr right_quad = get_variable(right_lo_idx) + get_variable(right_hi_idx) + get_variable(right_hi_idx); @@ -382,9 +384,9 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin left_quad_idx, new_left_accumulator_idx, four, - fr::one(), - fr::neg_one(), - fr::zero() }); + FF::one(), + FF::neg_one(), + FF::zero() }); fr new_right_accumulator = right_accumulator + right_accumulator; new_right_accumulator = new_right_accumulator + new_right_accumulator; @@ -395,9 +397,9 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin right_quad_idx, new_right_accumulator_idx, four, - fr::one(), - fr::neg_one(), - fr::zero() }); + FF::one(), + FF::neg_one(), + FF::zero() }); fr new_out_accumulator = out_accumulator + out_accumulator; new_out_accumulator = new_out_accumulator + new_out_accumulator; @@ -405,7 +407,7 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin uint32_t new_out_accumulator_idx = add_variable(new_out_accumulator); create_add_gate(add_triple{ - out_accumulator_idx, out_quad_idx, new_out_accumulator_idx, four, fr::one(), fr::neg_one(), fr::zero() }); + out_accumulator_idx, out_quad_idx, new_out_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.left.emplace_back(new_left_accumulator_idx); accumulators.right.emplace_back(new_right_accumulator_idx); @@ -423,22 +425,22 @@ accumulator_triple StandardCircuitConstructor::create_logic_constraint(const uin return accumulators; } -void StandardCircuitConstructor::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) +void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { assert_valid_variables({ witness_index }); w_l.emplace_back(witness_index); w_r.emplace_back(zero_idx); w_o.emplace_back(zero_idx); - q_m.emplace_back(fr::zero()); - q_1.emplace_back(fr::one()); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); + q_1.emplace_back(FF::one()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::zero()); q_c.emplace_back(-witness_value); ++num_gates; } -uint32_t StandardCircuitConstructor::put_constant_variable(const barretenberg::fr& variable) +uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -451,21 +453,21 @@ uint32_t StandardCircuitConstructor::put_constant_variable(const barretenberg::f } } -accumulator_triple StandardCircuitConstructor::create_and_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +accumulator_triple StandardCircuitConstructor_::create_and_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, false); } -accumulator_triple StandardCircuitConstructor::create_xor_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +accumulator_triple StandardCircuitConstructor_::create_xor_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, true); } -void StandardCircuitConstructor::assert_equal_constant(uint32_t const a_idx, fr const& b, std::string const& msg) +void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx, fr const& b, std::string const& msg) { if (variables[a_idx] != b && !failed()) { failure(msg); @@ -480,13 +482,13 @@ void StandardCircuitConstructor::assert_equal_constant(uint32_t const a_idx, fr * * @return true if the circuit is correct. * */ -bool StandardCircuitConstructor::check_circuit() +bool StandardCircuitConstructor_::check_circuit() { fr gate_sum; fr left, right, output; for (size_t i = 0; i < num_gates; i++) { - gate_sum = fr::zero(); + gate_sum = FF::zero(); left = get_variable(w_l[i]); right = get_variable(w_r[i]); output = get_variable(w_o[i]); @@ -496,4 +498,6 @@ bool StandardCircuitConstructor::check_circuit() } return true; } +// using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor_; +; } // namespace proof_system \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 0279701bcb..5cfb6d97c9 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -1,5 +1,6 @@ #pragma once #include +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "circuit_constructor_base.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" #include "barretenberg/proof_system/types/merkle_hash_type.hpp" @@ -12,14 +13,15 @@ inline std::vector standard_selector_names() return result; } -class StandardCircuitConstructor : public CircuitConstructorBase> { +template +class StandardCircuitConstructor_ : public CircuitConstructorBase> { public: static constexpr ComposerType type = ComposerType::STANDARD; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; using WireVector = std::vector>; - using SelectorVector = std::vector>; + using SelectorVector = std::vector>; WireVector& w_l = std::get<0>(wires); WireVector& w_r = std::get<1>(wires); @@ -36,9 +38,9 @@ class StandardCircuitConstructor : public CircuitConstructorBase constant_variable_indices; + std::map constant_variable_indices; - StandardCircuitConstructor(const size_t size_hint = 0) + StandardCircuitConstructor_(const size_t size_hint = 0) : CircuitConstructorBase(standard_selector_names(), size_hint) { w_l.reserve(size_hint); @@ -48,30 +50,28 @@ class StandardCircuitConstructor : public CircuitConstructorBase>::operator=(std::move(other)); + CircuitConstructorBase>::operator=(std::move(other)); constant_variable_indices = other.constant_variable_indices; return *this; }; - ~StandardCircuitConstructor() override = default; + ~StandardCircuitConstructor_() override = default; - void assert_equal_constant(uint32_t const a_idx, - barretenberg::fr const& b, - std::string const& msg = "assert equal constant"); + void assert_equal_constant(uint32_t const a_idx, FF const& b, std::string const& msg = "assert equal constant"); void create_add_gate(const add_triple& in) override; void create_mul_gate(const mul_triple& in) override; @@ -88,7 +88,7 @@ class StandardCircuitConstructor : public CircuitConstructorBase decompose_into_base4_accumulators(const uint32_t witness_index, const size_t num_bits, @@ -109,10 +109,12 @@ class StandardCircuitConstructor : public CircuitConstructorBase; +// extern template class StandardCircuitConstructor__; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index 2f5e246121..d269560b25 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -1,8 +1,8 @@ /** * @file ultra_circuit_constructor.cpp * @author Luke (ledwards2225) and Kesha (Rumata888) - * @brief This file contains the implementation of UltraCircuitConstructor class that defines the logic of ultra-style - * circuits and is intended for the use in UltraHonk and UltraPlonk systems + * @brief This file contains the implementation of UltraCircuitConstructor_ class that defines the logic of + * ultra-style circuits and is intended for the use in UltraHonk and UltraPlonk systems * * @todo 1) Replace barretenberg::fr with templated FF or Field * @@ -16,7 +16,7 @@ using namespace barretenberg; namespace proof_system { -void UltraCircuitConstructor::finalize_circuit() +template void UltraCircuitConstructor_::finalize_circuit() { /** * First of all, add the gates related to ROM arrays and range lists. @@ -52,7 +52,7 @@ void UltraCircuitConstructor::finalize_circuit() } /** - * @brief Avoid zero-polynomials and ensure first coeff of wire polynomials is 0 + * @brief Atemplate void zero-polynomials and ensure first coeff of wire polynomials is 0 * * @param in Structure containing variables and witness selectors */ @@ -62,7 +62,7 @@ void UltraCircuitConstructor::finalize_circuit() // (~16k gates) mostly due to the lookups it includes. // TODO(#423)(luke): Add 0 as a PI since PI always start at the 0th index of the wire polynomials? // TODO(luke): may need to reevaluate once aux relation is implemented -void UltraCircuitConstructor::add_gates_to_ensure_all_polys_are_non_zero() +template void UltraCircuitConstructor_::add_gates_to_ensure_all_polys_are_non_zero() { // First add a gate to simultaneously ensure first entries of all wires is zero and to add a non // zero value to all selectors aside from q_c and q_lookup @@ -127,7 +127,7 @@ void UltraCircuitConstructor::add_gates_to_ensure_all_polys_are_non_zero() * * @param in A structure with variable indexes and selector values for the gate. */ -void UltraCircuitConstructor::create_add_gate(const add_triple& in) +template void UltraCircuitConstructor_::create_add_gate(const add_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -157,7 +157,8 @@ void UltraCircuitConstructor::create_add_gate(const add_triple& in) * @param in Structure with variable indexes and wire selector values * @param include_next_gate_w_4 Switches on/off the addition of w_4 at the next index */ -void UltraCircuitConstructor::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) +template +void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) { assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); @@ -184,7 +185,7 @@ void UltraCircuitConstructor::create_big_add_gate(const add_quad& in, const bool * * @param in Structure with variables and witness selector values */ -void UltraCircuitConstructor::create_big_add_gate_with_bit_extraction(const add_quad& in) +template void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { // This method is an artifact of a turbo plonk feature that implicitly extracts // a high or low bit from a base-4 quad and adds it into the arithmetic gate relationship. @@ -247,7 +248,7 @@ void UltraCircuitConstructor::create_big_add_gate_with_bit_extraction(const add_ * * @param in Structure containing variables and witness selectors */ -void UltraCircuitConstructor::create_big_mul_gate(const mul_quad& in) +template void UltraCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -271,7 +272,7 @@ void UltraCircuitConstructor::create_big_mul_gate(const mul_quad& in) // Creates a width-4 addition gate, where the fourth witness must be a boolean. // Can be used to normalize a 32-bit addition -void UltraCircuitConstructor::create_balanced_add_gate(const add_quad& in) +template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -311,7 +312,7 @@ void UltraCircuitConstructor::create_balanced_add_gate(const add_quad& in) * * @param in Structure containing variables and witness selectors */ -void UltraCircuitConstructor::create_mul_gate(const mul_triple& in) +template void UltraCircuitConstructor_::create_mul_gate(const mul_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -337,7 +338,7 @@ void UltraCircuitConstructor::create_mul_gate(const mul_triple& in) * * @param variable_index Variable which needs to be constrained */ -void UltraCircuitConstructor::create_bool_gate(const uint32_t variable_index) +template void UltraCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { assert_valid_variables({ variable_index }); @@ -365,7 +366,7 @@ void UltraCircuitConstructor::create_bool_gate(const uint32_t variable_index) * * @param in Structure containing variables and witness selectors */ -void UltraCircuitConstructor::create_poly_gate(const poly_triple& in) +template void UltraCircuitConstructor_::create_poly_gate(const poly_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -398,7 +399,7 @@ void UltraCircuitConstructor::create_poly_gate(const poly_triple& in) * added, the resulting point coordinates and the selector values that describe whether the endomorphism is used on the * second point and whether it is negated. */ -void UltraCircuitConstructor::create_ecc_add_gate(const ecc_add_gate& in) +template void UltraCircuitConstructor_::create_ecc_add_gate(const ecc_add_gate& in) { /** * | 1 | 2 | 3 | 4 | @@ -468,7 +469,8 @@ void UltraCircuitConstructor::create_ecc_add_gate(const ecc_add_gate& in) * @param witness_index The index of the witness we are fixing * @param witness_value The value we are fixing it to */ -void UltraCircuitConstructor::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) +template +void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) { assert_valid_variables({ witness_index }); @@ -490,7 +492,7 @@ void UltraCircuitConstructor::fix_witness(const uint32_t witness_index, const ba ++num_gates; } -uint32_t UltraCircuitConstructor::put_constant_variable(const barretenberg::fr& variable) +template uint32_t UltraCircuitConstructor_::put_constant_variable(const barretenberg::fr& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -502,7 +504,7 @@ uint32_t UltraCircuitConstructor::put_constant_variable(const barretenberg::fr& } } -plookup::BasicTable& UltraCircuitConstructor::get_table(const plookup::BasicTableId id) +template plookup::BasicTable& UltraCircuitConstructor_::get_table(const plookup::BasicTableId id) { for (plookup::BasicTable& table : lookup_tables) { if (table.id == id) { @@ -517,7 +519,9 @@ plookup::BasicTable& UltraCircuitConstructor::get_table(const plookup::BasicTabl /** * @brief Perform a series of lookups, one for each 'row' in read_values. */ -plookup::ReadData UltraCircuitConstructor::create_gates_from_plookup_accumulators( + +template +plookup::ReadData UltraCircuitConstructor_::create_gates_from_plookup_accumulators( const plookup::MultiTableId& id, const plookup::ReadData& read_values, const uint32_t key_a_index, @@ -566,7 +570,8 @@ plookup::ReadData UltraCircuitConstructor::create_gates_from_plookup_a * Generalized Permutation Methods **/ -UltraCircuitConstructor::RangeList UltraCircuitConstructor::create_range_list(const uint64_t target_range) +template +UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list(const uint64_t target_range) { RangeList result; const auto range_tag = get_new_tag(); // current_tag + 1; @@ -597,10 +602,12 @@ UltraCircuitConstructor::RangeList UltraCircuitConstructor::create_range_list(co } // range constraint a value by decomposing it into limbs whose size should be the default range constraint size -std::vector UltraCircuitConstructor::decompose_into_default_range(const uint32_t variable_index, - const uint64_t num_bits, - const uint64_t target_range_bitnum, - std::string const& msg) + +template +std::vector UltraCircuitConstructor_::decompose_into_default_range(const uint32_t variable_index, + const uint64_t num_bits, + const uint64_t target_range_bitnum, + std::string const& msg) { assert_valid_variables({ variable_index }); @@ -711,9 +718,10 @@ std::vector UltraCircuitConstructor::decompose_into_default_range(cons * @param variable_index * @param target_range */ -void UltraCircuitConstructor::create_new_range_constraint(const uint32_t variable_index, - const uint64_t target_range, - std::string const msg) +template +void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t variable_index, + const uint64_t target_range, + std::string const msg) { if (uint256_t(get_variable(variable_index)).data[0] > target_range) { @@ -765,7 +773,7 @@ void UltraCircuitConstructor::create_new_range_constraint(const uint32_t variabl } } -void UltraCircuitConstructor::process_range_list(RangeList& list) +template void UltraCircuitConstructor_::process_range_list(RangeList& list) { assert_valid_variables(list.variable_indices); @@ -819,7 +827,7 @@ void UltraCircuitConstructor::process_range_list(RangeList& list) create_sort_constraint_with_edges(indices, 0, list.target_range); } -void UltraCircuitConstructor::process_range_lists() +template void UltraCircuitConstructor_::process_range_lists() { for (auto& i : range_lists) { process_range_list(i.second); @@ -839,7 +847,8 @@ void UltraCircuitConstructor::process_range_lists() * std::map range_lists; */ // Check for a sequence of variables that neighboring differences are at most 3 (used for batched range checkj) -void UltraCircuitConstructor::create_sort_constraint(const std::vector& variable_index) +template +void UltraCircuitConstructor_::create_sort_constraint(const std::vector& variable_index) { constexpr size_t gate_width = plonk::ultra_settings::program_width; ASSERT(variable_index.size() % gate_width == 0); @@ -885,7 +894,8 @@ void UltraCircuitConstructor::create_sort_constraint(const std::vector // useful to put variables in the witness that aren't already used - e.g. the dummy variables of the range constraint in // multiples of three -void UltraCircuitConstructor::create_dummy_constraints(const std::vector& variable_index) +template +void UltraCircuitConstructor_::create_dummy_constraints(const std::vector& variable_index) { std::vector padded_list = variable_index; constexpr size_t gate_width = plonk::ultra_settings::program_width; @@ -917,9 +927,10 @@ void UltraCircuitConstructor::create_dummy_constraints(const std::vector& variable_index, - const fr& start, - const fr& end) +template +void UltraCircuitConstructor_::create_sort_constraint_with_edges(const std::vector& variable_index, + const fr& start, + const fr& end) { // Convenient to assume size is at least 8 (gate_width = 4) for separate gates for start and end conditions constexpr size_t gate_width = plonk::ultra_settings::program_width; @@ -1004,7 +1015,9 @@ void UltraCircuitConstructor::create_sort_constraint_with_edges(const std::vecto } // range constraint a value by decomposing it into limbs whose size should be the default range constraint size -std::vector UltraCircuitConstructor::decompose_into_default_range_better_for_oddlimbnum( + +template +std::vector UltraCircuitConstructor_::decompose_into_default_range_better_for_oddlimbnum( const uint32_t variable_index, const size_t num_bits, std::string const& msg) { std::vector sums; @@ -1099,7 +1112,7 @@ std::vector UltraCircuitConstructor::decompose_into_default_range_bett * * @param type */ -void UltraCircuitConstructor::apply_aux_selectors(const AUX_SELECTORS type) +template void UltraCircuitConstructor_::apply_aux_selectors(const AUX_SELECTORS type) { q_aux.emplace_back(type == AUX_SELECTORS::NONE ? 0 : 1); q_sort.emplace_back(0); @@ -1259,10 +1272,11 @@ void UltraCircuitConstructor::apply_aux_selectors(const AUX_SELECTORS type) * Applies range constraints to two 70-bit limbs, splititng each into 5 14-bit sublimbs. * We can efficiently chain together two 70-bit limb checks in 3 gates, using auxiliary gates **/ -void UltraCircuitConstructor::range_constrain_two_limbs(const uint32_t lo_idx, - const uint32_t hi_idx, - const size_t lo_limb_bits, - const size_t hi_limb_bits) +template +void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_idx, + const uint32_t hi_idx, + const size_t lo_limb_bits, + const size_t hi_limb_bits) { // Validate limbs are <= 70 bits. If limbs are larger we require more witnesses and cannot use our limb accumulation // custom gate @@ -1344,7 +1358,9 @@ void UltraCircuitConstructor::range_constrain_two_limbs(const uint32_t lo_idx, * @param num_limb_bits The range we want to constrain the original limb to * @return std::array The indices of new limbs. */ -std::array UltraCircuitConstructor::decompose_non_native_field_double_width_limb( + +template +std::array UltraCircuitConstructor_::decompose_non_native_field_double_width_limb( const uint32_t limb_idx, const size_t num_limb_bits) { ASSERT(uint256_t(get_variable_reference(limb_idx)) < (uint256_t(1) << num_limb_bits)); @@ -1381,7 +1397,9 @@ std::array UltraCircuitConstructor::decompose_non_native_field_doub * * N.B.: This method does NOT evaluate the prime field component of non-native field multiplications. **/ -std::array UltraCircuitConstructor::evaluate_non_native_field_multiplication( + +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_multiplication( const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder) { @@ -1545,7 +1563,7 @@ std::array UltraCircuitConstructor::evaluate_non_native_field_multi * Iterates over the cached_non_native_field_multiplication objects, * removes duplicates, and instantiates the remainder as constraints` */ -void UltraCircuitConstructor::process_non_native_field_multiplications() +template void UltraCircuitConstructor_::process_non_native_field_multiplications() { for (size_t i = 0; i < cached_partial_non_native_field_multiplications.size(); ++i) { auto& c = cached_partial_non_native_field_multiplications[i]; @@ -1601,7 +1619,9 @@ void UltraCircuitConstructor::process_non_native_field_multiplications() * limbs with size DEFAULT_NON_NATIVE_FIELD_LIMB_BITS * **/ -std::array UltraCircuitConstructor::queue_partial_non_native_field_multiplication( + +template +std::array UltraCircuitConstructor_::queue_partial_non_native_field_multiplication( const non_native_field_witnesses& input) { @@ -1646,7 +1666,9 @@ std::array UltraCircuitConstructor::queue_partial_non_native_field_ * Uses a sneaky extra mini-addition gate in `plookup_arithmetic_widget.hpp` to add two non-native * field elements in 4 gates (would normally take 5) **/ -std::array UltraCircuitConstructor::evaluate_non_native_field_addition( + +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_addition( add_simple limb0, add_simple limb1, add_simple limb2, @@ -1772,7 +1794,8 @@ std::array UltraCircuitConstructor::evaluate_non_native_field_addit }; } -std::array UltraCircuitConstructor::evaluate_non_native_field_subtraction( +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( add_simple limb0, add_simple limb1, add_simple limb2, @@ -1902,7 +1925,7 @@ std::array UltraCircuitConstructor::evaluate_non_native_field_subtr * * @param record Stores details of this read operation. Mutated by this fn! */ -void UltraCircuitConstructor::create_ROM_gate(RomRecord& record) +template void UltraCircuitConstructor_::create_ROM_gate(RomRecord& record) { // Record wire value can't yet be computed record.record_witness = add_variable(0); @@ -1922,7 +1945,7 @@ void UltraCircuitConstructor::create_ROM_gate(RomRecord& record) * * @param record Stores details of this read operation. Mutated by this fn! */ -void UltraCircuitConstructor::create_sorted_ROM_gate(RomRecord& record) +template void UltraCircuitConstructor_::create_sorted_ROM_gate(RomRecord& record) { record.record_witness = add_variable(0); apply_aux_selectors(AUX_SELECTORS::ROM_CONSISTENCY_CHECK); @@ -1944,7 +1967,8 @@ void UltraCircuitConstructor::create_sorted_ROM_gate(RomRecord& record) * @param array_size The size of region in elements * @return size_t The index of the element */ -size_t UltraCircuitConstructor::create_ROM_array(const size_t array_size) + +template size_t UltraCircuitConstructor_::create_ROM_array(const size_t array_size) { RomTranscript new_transcript; for (size_t i = 0; i < array_size; ++i) { @@ -1961,7 +1985,7 @@ size_t UltraCircuitConstructor::create_ROM_array(const size_t array_size) * * @param record Stores details of this read operation. Mutated by this fn! */ -void UltraCircuitConstructor::create_RAM_gate(RamRecord& record) +template void UltraCircuitConstructor_::create_RAM_gate(RamRecord& record) { // Record wire value can't yet be computed (uses randomnes generated during proof construction). // However it needs a distinct witness index, @@ -1985,7 +2009,7 @@ void UltraCircuitConstructor::create_RAM_gate(RamRecord& record) * * @param record Stores details of this read operation. Mutated by this fn! */ -void UltraCircuitConstructor::create_sorted_RAM_gate(RamRecord& record) +template void UltraCircuitConstructor_::create_sorted_RAM_gate(RamRecord& record) { record.record_witness = add_variable(0); apply_aux_selectors(AUX_SELECTORS::RAM_CONSISTENCY_CHECK); @@ -2003,7 +2027,8 @@ void UltraCircuitConstructor::create_sorted_RAM_gate(RamRecord& record) * * @param record Stores details of this read operation. Mutated by this fn! */ -void UltraCircuitConstructor::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) +template +void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) { record.record_witness = add_variable(0); record.gate_index = num_gates; @@ -2031,7 +2056,7 @@ void UltraCircuitConstructor::create_final_sorted_RAM_gate(RamRecord& record, co * @param array_size The size of region in elements * @return size_t The index of the element */ -size_t UltraCircuitConstructor::create_RAM_array(const size_t array_size) +size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size) { RamTranscript new_transcript; for (size_t i = 0; i < array_size; ++i) { @@ -2048,9 +2073,10 @@ size_t UltraCircuitConstructor::create_RAM_array(const size_t array_size) * @param index_value The index of the cell within the array (an actual index, not a witness index) * @param value_witness The index of the witness with the value that should be in the */ -void UltraCircuitConstructor::init_RAM_element(const size_t ram_id, - const size_t index_value, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, + const size_t index_value, + const uint32_t value_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2071,7 +2097,8 @@ void UltraCircuitConstructor::init_RAM_element(const size_t ram_id, ram_array.records.emplace_back(new_record); } -uint32_t UltraCircuitConstructor::read_RAM_array(const size_t ram_id, const uint32_t index_witness) +template +uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, const uint32_t index_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2099,9 +2126,10 @@ uint32_t UltraCircuitConstructor::read_RAM_array(const size_t ram_id, const uint return value_witness; } -void UltraCircuitConstructor::write_RAM_array(const size_t ram_id, - const uint32_t index_witness, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, + const uint32_t index_witness, + const uint32_t value_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2141,9 +2169,10 @@ void UltraCircuitConstructor::write_RAM_array(const size_t ram_id, * @param index_value The index of the cell within the array (an actual index, not a witness index) * @param value_witness The index of the witness with the value that should be in the */ -void UltraCircuitConstructor::set_ROM_element(const size_t rom_id, - const size_t index_value, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, + const size_t index_value, + const uint32_t value_witness) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2183,9 +2212,10 @@ void UltraCircuitConstructor::set_ROM_element(const size_t rom_id, * @param index_value Index in the array * @param value_witnesses The witnesses to put in the slot */ -void UltraCircuitConstructor::set_ROM_element_pair(const size_t rom_id, - const size_t index_value, - const std::array& value_witnesses) +template +void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, + const size_t index_value, + const std::array& value_witnesses) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2213,7 +2243,8 @@ void UltraCircuitConstructor::set_ROM_element_pair(const size_t rom_id, * @param index_witness The witness with the index inside the array * @return uint32_t Cell value witness index */ -uint32_t UltraCircuitConstructor::read_ROM_array(const size_t rom_id, const uint32_t index_witness) +template +uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, const uint32_t index_witness) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2244,7 +2275,10 @@ uint32_t UltraCircuitConstructor::read_ROM_array(const size_t rom_id, const uint * @param index_witness The witness containing the index in the array * @return std::array A pair of indexes of witness variables of cell values */ -std::array UltraCircuitConstructor::read_ROM_array_pair(const size_t rom_id, const uint32_t index_witness) + +template +std::array UltraCircuitConstructor_::read_ROM_array_pair(const size_t rom_id, + const uint32_t index_witness) { std::array value_witnesses; @@ -2279,7 +2313,8 @@ std::array UltraCircuitConstructor::read_ROM_array_pair(const size_ * @param rom_id The id of the ROM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ -void UltraCircuitConstructor::process_ROM_array(const size_t rom_id, const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, const size_t gate_offset_from_public_inputs) { auto& rom_array = rom_arrays[rom_id]; @@ -2365,7 +2400,8 @@ void UltraCircuitConstructor::process_ROM_array(const size_t rom_id, const size_ * @param ram_id The id of the RAM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ -void UltraCircuitConstructor::process_RAM_array(const size_t ram_id, const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const size_t gate_offset_from_public_inputs) { RamTranscript& ram_array = ram_arrays[ram_id]; const auto access_tag = get_new_tag(); // current_tag + 1; @@ -2502,13 +2538,15 @@ void UltraCircuitConstructor::process_RAM_array(const size_t ram_id, const size_ } } -void UltraCircuitConstructor::process_ROM_arrays(const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_ROM_arrays(const size_t gate_offset_from_public_inputs) { for (size_t i = 0; i < rom_arrays.size(); ++i) { process_ROM_array(i, gate_offset_from_public_inputs); } } -void UltraCircuitConstructor::process_RAM_arrays(const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offset_from_public_inputs) { for (size_t i = 0; i < ram_arrays.size(); ++i) { process_RAM_array(i, gate_offset_from_public_inputs); @@ -2582,21 +2620,21 @@ void UltraCircuitConstructor::process_RAM_arrays(const size_t gate_offset_from_p * @param alpha * @return fr */ -inline fr UltraCircuitConstructor::compute_arithmetic_identity(fr q_arith_value, - fr q_1_value, - fr q_2_value, - fr q_3_value, - fr q_4_value, - fr q_m_value, - fr q_c_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha) const +inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arith_value, + fr q_1_value, + fr q_2_value, + fr q_3_value, + fr q_4_value, + fr q_m_value, + fr q_c_value, + fr w_1_value, + fr w_2_value, + fr w_3_value, + fr w_4_value, + fr w_1_shifted_value, + fr w_4_shifted_value, + fr alpha_base, + fr alpha) const { constexpr fr neg_half = fr(-2).invert(); // The main arithmetic identity that gets activated for q_arith_value == 1 @@ -2646,14 +2684,14 @@ inline fr UltraCircuitConstructor::compute_arithmetic_identity(fr q_arith_value, * @param alpha * @return fr */ -inline fr UltraCircuitConstructor::compute_genperm_sort_identity(fr q_sort_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr alpha_base, - fr alpha) const +inline fr UltraCircuitConstructor_::compute_genperm_sort_identity(fr q_sort_value, + fr w_1_value, + fr w_2_value, + fr w_3_value, + fr w_4_value, + fr w_1_shifted_value, + fr alpha_base, + fr alpha) const { // Power of alpha to separate individual delta relations // TODO(kesha): This is a repeated computation which can be efficiently optimized @@ -2741,18 +2779,18 @@ inline fr UltraCircuitConstructor::compute_genperm_sort_identity(fr q_sort_value * @param w_4_shifted_value y₃ * @return fr */ -inline fr UltraCircuitConstructor::compute_elliptic_identity(fr q_elliptic_value, - fr q_1_value, - fr q_3_value, - fr q_4_value, - fr w_2_value, - fr w_3_value, - fr w_1_shifted_value, - fr w_2_shifted_value, - fr w_3_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha) const +inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_elliptic_value, + fr q_1_value, + fr q_3_value, + fr q_4_value, + fr w_2_value, + fr w_3_value, + fr w_1_shifted_value, + fr w_2_shifted_value, + fr w_3_shifted_value, + fr w_4_shifted_value, + fr alpha_base, + fr alpha) const { // TODO(kesha): Can this be implemented more efficiently? // It seems that Zac wanted to group the elements by selectors to use several linear terms initially, @@ -2826,25 +2864,25 @@ inline fr UltraCircuitConstructor::compute_elliptic_identity(fr q_elliptic_value * */ -inline fr UltraCircuitConstructor::compute_auxilary_identity(fr q_aux_value, - fr q_arith_value, - fr q_1_value, - fr q_2_value, - fr q_3_value, - fr q_4_value, - fr q_m_value, - fr q_c_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr w_2_shifted_value, - fr w_3_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha, - fr eta) const +inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_value, + fr q_arith_value, + fr q_1_value, + fr q_2_value, + fr q_3_value, + fr q_4_value, + fr q_m_value, + fr q_c_value, + fr w_1_value, + fr w_2_value, + fr w_3_value, + fr w_4_value, + fr w_1_shifted_value, + fr w_2_shifted_value, + fr w_3_shifted_value, + fr w_4_shifted_value, + fr alpha_base, + fr alpha, + fr eta) const { constexpr barretenberg::fr LIMB_SIZE(uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); // TODO(kesha): Replace with a constant defined in header @@ -3099,7 +3137,7 @@ inline fr UltraCircuitConstructor::compute_auxilary_identity(fr q_aux_value, * @return true * @return false */ -bool UltraCircuitConstructor::check_circuit() +bool UltraCircuitConstructor_::check_circuit() { bool result = true; CircuitDataBackup circuit_backup = CircuitDataBackup::store_prefinilized_state(this); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index d11c475169..a275afafe3 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -15,7 +15,7 @@ namespace proof_system { using namespace barretenberg; -class UltraCircuitConstructor : public CircuitConstructorBase> { +template class UltraCircuitConstructor_ : public CircuitConstructorBase> { public: static constexpr ComposerType type = ComposerType::PLOOKUP; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; @@ -226,7 +226,7 @@ class UltraCircuitConstructor : public CircuitConstructorBase memory_write_records; std::map range_lists; - std::vector + std::vector cached_partial_non_native_field_multiplications; size_t num_gates; @@ -580,7 +580,7 @@ class UltraCircuitConstructor : public CircuitConstructorBase>(std::move(other)) { constant_variable_indices = other.constant_variable_indices; @@ -608,8 +608,8 @@ class UltraCircuitConstructor : public CircuitConstructorBase>::operator=(std::move(other)); constant_variable_indices = other.constant_variable_indices; @@ -625,7 +625,7 @@ class UltraCircuitConstructor : public CircuitConstructorBase class UltraHonkComposer_; using UltraHonkComposer = UltraHonkComposer_; } // namespace proof_system::honk +namespace curve { +class ScalarField; +class BN254 { + public: + using ScalarField = ScalarField; +}; +} // namespace curve namespace proof_system { class StandardCircuitConstructor; class TurboCircuitConstructor; From 97bf9fb04b26b9873a77d79fac6032cb96aadc7c Mon Sep 17 00:00:00 2001 From: maramihali Date: Wed, 14 Jun 2023 16:41:29 +0000 Subject: [PATCH 06/12] wip --- cpp/src/barretenberg/honk/flavor/standard.hpp | 3 +- .../arithmetization/arithmetization.hpp | 9 +- .../circuit_constructor_base.cpp | 6 +- .../standard_circuit_constructor.cpp | 54 +-- .../standard_circuit_constructor.hpp | 12 +- .../turbo_circuit_constructor.cpp | 92 ++--- .../turbo_circuit_constructor.hpp | 47 ++- .../ultra_circuit_constructor.cpp | 314 +++++++++--------- .../ultra_circuit_constructor.hpp | 5 +- .../primitives/composers/composers_fwd.hpp | 9 +- 10 files changed, 286 insertions(+), 265 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index f777d62fd8..3db74ce386 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -19,6 +19,7 @@ #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" #include "barretenberg/srs/factories/crs_factory.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/stdlib/primitives/circuit_constructors/circuit_constructors_fwd.hpp" namespace proof_system::honk::flavor { @@ -32,7 +33,7 @@ namespace proof_system::honk::flavor { */ class Standard { public: - using CircuitConstructor = StandardCircuitConstructor; + using CircuitConstructor = StandardCiruitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; using PolynomialHandle = std::span; diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index ce4349ae46..39de11bde5 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -48,8 +48,9 @@ template struct SelectorsBase { // These are not magic numbers and they should not be written with global constants. These parameters are not accessible // through clearly named static class members. -template class Standard : public Arithmetization { +template class Standard : public Arithmetization { public: + using FF = typename Curve::ScalarField; struct Selectors : SelectorsBase { std::vector>& q_m = std::get<0>(this->_data); std::vector>& q_1 = std::get<1>(this->_data); @@ -79,8 +80,9 @@ template class Standard : public Arithmetization class Turbo : public Arithmetization { +template class Turbo : public Arithmetization { public: + using FF = typename Curve::ScalarField; struct Selectors : SelectorsBase { std::vector>& q_m = std::get<0>(this->_data); std::vector>& q_c = std::get<1>(this->_data); @@ -122,8 +124,9 @@ template class Turbo : public Arithmetization class Ultra : public Arithmetization { +template class Ultra : public Arithmetization { public: + using FF = typename Curve::ScalarField; struct Selectors : SelectorsBase { std::vector>& q_m = std::get<0>(this->_data); std::vector>& q_c = std::get<1>(this->_data); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp index eb4630fcf0..5e6957f8fd 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp @@ -43,7 +43,7 @@ void CircuitConstructorBase::assert_equal(const uint32_t a_vari real_variable_tags[a_real_idx] = real_variable_tags[b_real_idx]; } // Standard honk/ plonk instantiation -template class CircuitConstructorBase>; -// template class CircuitConstructorBase>; -template class CircuitConstructorBase>; +template class CircuitConstructorBase>; +template class CircuitConstructorBase>; +template class CircuitConstructorBase>; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp index f44ad8e2bd..1c1dbec5c0 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp @@ -14,7 +14,7 @@ namespace proof_system { * @param in An add_triple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and addition coefficients to be placed into q_1, q_2, q_3, q_c. */ -template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) +template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -37,7 +37,7 @@ template void StandardCircuitConstructor_::create_add_gate(con * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -template void StandardCircuitConstructor_::create_big_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_big_add_gate(const add_quad& in) { // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) @@ -58,7 +58,7 @@ template void StandardCircuitConstructor_::create_big_add_gate * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -120,7 +120,8 @@ template void StandardCircuitConstructor_::create_balanced_add ++num_gates; } -template void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) +template +void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { // blah. // delta = (c - 4d) @@ -165,7 +166,7 @@ template void StandardCircuitConstructor_::create_big_add_gate add_quad{ in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, FF::one(), in.const_scaling }); } -template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) +template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { fr temp = ((get_variable(in.c) * in.c_scaling) + (get_variable(in.d) * in.d_scaling)); uint32_t temp_idx = add_variable(temp); @@ -181,7 +182,7 @@ template void StandardCircuitConstructor_::create_big_mul_gate * @param in A mul_tripple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and scaling coefficients to be placed into q_m, q_3, q_c. */ -template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) +template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -203,7 +204,7 @@ template void StandardCircuitConstructor_::create_mul_gate(con * * @param variable_index The index of the variable. */ -void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) +void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { assert_valid_variables({ variable_index }); @@ -225,7 +226,7 @@ void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_i * * @param in A poly_triple containing all the information. */ -void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) +void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -241,9 +242,8 @@ void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) ++num_gates; } -std::vector StandardCircuitConstructor_::decompose_into_base4_accumulators(const uint32_t witness_index, - const size_t num_bits, - std::string const& msg) +std::vector StandardCircuitConstructor_::decompose_into_base4_accumulators( + const uint32_t witness_index, const size_t num_bits, std::string const& msg) { ASSERT(num_bits > 0); const uint256_t target(get_variable(witness_index)); @@ -301,10 +301,10 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_accu return accumulators; } -accumulator_triple StandardCircuitConstructor_::create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - const bool is_xor_gate) +accumulator_triple StandardCircuitConstructor_::create_logic_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits, + const bool is_xor_gate) { assert_valid_variables({ a, b }); @@ -425,7 +425,7 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(cons return accumulators; } -void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) +void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { assert_valid_variables({ witness_index }); @@ -440,7 +440,7 @@ void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, ++num_gates; } -uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) +uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -453,21 +453,23 @@ uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variab } } -accumulator_triple StandardCircuitConstructor_::create_and_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +accumulator_triple StandardCircuitConstructor_::create_and_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, false); } -accumulator_triple StandardCircuitConstructor_::create_xor_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +accumulator_triple StandardCircuitConstructor_::create_xor_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, true); } -void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx, fr const& b, std::string const& msg) +void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx, + fr const& b, + std::string const& msg) { if (variables[a_idx] != b && !failed()) { failure(msg); @@ -482,7 +484,7 @@ void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx * * @return true if the circuit is correct. * */ -bool StandardCircuitConstructor_::check_circuit() +bool StandardCircuitConstructor_::check_circuit() { fr gate_sum; @@ -498,6 +500,4 @@ bool StandardCircuitConstructor_::check_circuit() } return true; } -// using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor_; -; } // namespace proof_system \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 5cfb6d97c9..8729e19959 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -1,5 +1,6 @@ #pragma once #include +#include "barretenberg/ecc/curves/bn254/bn254.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "circuit_constructor_base.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" @@ -13,9 +14,10 @@ inline std::vector standard_selector_names() return result; } -template -class StandardCircuitConstructor_ : public CircuitConstructorBase> { +template +class StandardCircuitConstructor_ : public CircuitConstructorBase> { public: + using FF = typename Curve::ScalarField; static constexpr ComposerType type = ComposerType::STANDARD; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; @@ -114,7 +116,7 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase; -// extern template class StandardCircuitConstructor__; + + using StandardCircuitConstructor = StandardCircuitConstructor_; + // using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor__; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp index 10a2ab7280..cc826eee56 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp @@ -12,7 +12,8 @@ namespace proof_system { * @param size_hint Assumed number of gates. Used to allocate space for various member * vectors during initialization. * */ -TurboCircuitConstructor::TurboCircuitConstructor(const size_t size_hint) +template +TurboCircuitConstructor_::TurboCircuitConstructor_(const size_t size_hint) : CircuitConstructorBase(turbo_selector_names(), size_hint) { w_l.reserve(size_hint); @@ -32,7 +33,7 @@ TurboCircuitConstructor::TurboCircuitConstructor(const size_t size_hint) * @param in Specifies addition gate parameters: * w_l, w_r, w_o, q_1, q_2, q_3, q_c. * */ -void TurboCircuitConstructor::create_add_gate(const add_triple& in) +template void TurboCircuitConstructor_::create_add_gate(const add_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -63,7 +64,7 @@ void TurboCircuitConstructor::create_add_gate(const add_triple& in) * @param in Specifies addition gate parameters: * w_l, w_r, w_o, w_4, q_1, q_2, q_3, q_4, q_c. * */ -void TurboCircuitConstructor::create_big_add_gate(const add_quad& in) +template void TurboCircuitConstructor_::create_big_add_gate(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -101,7 +102,8 @@ void TurboCircuitConstructor::create_big_add_gate(const add_quad& in) * ensure this assumption is backed by a constraint (e.g., c and d could be accumulators produced using the TurboPLONK * function `decompose_into_base4_accumulators`). * */ -void TurboCircuitConstructor::create_big_add_gate_with_bit_extraction(const add_quad& in) +template +void TurboCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -123,7 +125,7 @@ void TurboCircuitConstructor::create_big_add_gate_with_bit_extraction(const add_ ++num_gates; } -void TurboCircuitConstructor::create_big_mul_gate(const mul_quad& in) +template void TurboCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -162,7 +164,7 @@ void TurboCircuitConstructor::create_big_mul_gate(const mul_quad& in) * @warning Even with the constraint on w_3, it is typically necessary to range constrain the wire value that will be * returned. */ -void TurboCircuitConstructor::create_balanced_add_gate(const add_quad& in) +template void TurboCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -193,7 +195,7 @@ void TurboCircuitConstructor::create_balanced_add_gate(const add_quad& in) * @param in Contains the values for w_l, w_r, w_o, * q_m, q_3, q_c. * */ -void TurboCircuitConstructor::create_mul_gate(const mul_triple& in) +template void TurboCircuitConstructor_::create_mul_gate(const mul_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -222,7 +224,7 @@ void TurboCircuitConstructor::create_mul_gate(const mul_triple& in) * * @param variable_index The index of the variable. * */ -void TurboCircuitConstructor::create_bool_gate(const uint32_t variable_index) +template void TurboCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { assert_valid_variables({ variable_index }); @@ -254,7 +256,7 @@ void TurboCircuitConstructor::create_bool_gate(const uint32_t variable_index) * @param in Contains the values for * w_l, w_r, w_o, q_m, q_1, q_2, q_3, q_c. * */ -void TurboCircuitConstructor::create_poly_gate(const poly_triple& in) +template void TurboCircuitConstructor_::create_poly_gate(const poly_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -282,7 +284,8 @@ void TurboCircuitConstructor::create_poly_gate(const poly_triple& in) * * @param in Witnesses and values of two points. * */ -void TurboCircuitConstructor::create_fixed_group_add_gate(const fixed_group_add_quad& in) +template +void TurboCircuitConstructor_::create_fixed_group_add_gate(const fixed_group_add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -312,8 +315,9 @@ void TurboCircuitConstructor::create_fixed_group_add_gate(const fixed_group_add_ * @param in Addition parameters (points and coefficients). * @param init Initialization parameters (points). * */ -void TurboCircuitConstructor::create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, - const fixed_group_init_quad& init) +template +void TurboCircuitConstructor_::create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, + const fixed_group_init_quad& init) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -337,7 +341,7 @@ void TurboCircuitConstructor::create_fixed_group_add_gate_with_init(const fixed_ ++num_gates; } -void TurboCircuitConstructor::create_fixed_group_add_gate_final(const add_quad& in) +template void TurboCircuitConstructor_::create_fixed_group_add_gate_final(const add_quad& in) { create_big_add_gate(in); } @@ -348,7 +352,8 @@ void TurboCircuitConstructor::create_fixed_group_add_gate_final(const add_quad& * @param witness_index Witness variable index. * @param witness_value Witness variable value. * */ -void TurboCircuitConstructor::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) +template +void TurboCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) { assert_valid_variables({ witness_index }); @@ -379,9 +384,10 @@ void TurboCircuitConstructor::fix_witness(const uint32_t witness_index, const ba * @return Vector of variable indexes for accumulator variables used in * the constraint. * */ -std::vector TurboCircuitConstructor::decompose_into_base4_accumulators(const uint32_t witness_index, - const size_t num_bits, - std::string const& msg) +template +std::vector TurboCircuitConstructor_::decompose_into_base4_accumulators(const uint32_t witness_index, + const size_t num_bits, + std::string const& msg) { assert_valid_variables({ witness_index }); @@ -559,10 +565,11 @@ std::vector TurboCircuitConstructor::decompose_into_base4_accumulators * for u = T.left[T.left.size()-2], u will be too small to express a in the form a = 4u + quad. * The same holds, mutatis mutandis, for T.right. */ -accumulator_triple TurboCircuitConstructor::create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - const bool is_xor_gate) +template +accumulator_triple TurboCircuitConstructor_::create_logic_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits, + const bool is_xor_gate) { assert_valid_variables({ a, b }); @@ -744,21 +751,24 @@ accumulator_triple TurboCircuitConstructor::create_logic_constraint(const uint32 return accumulators; } -accumulator_triple TurboCircuitConstructor::create_and_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +template +accumulator_triple TurboCircuitConstructor_::create_and_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, false); } -accumulator_triple TurboCircuitConstructor::create_xor_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +template +accumulator_triple TurboCircuitConstructor_::create_xor_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, true); } -uint32_t TurboCircuitConstructor::put_constant_variable(const barretenberg::fr& variable) +template +uint32_t TurboCircuitConstructor_::put_constant_variable(const barretenberg::fr& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -776,7 +786,8 @@ uint32_t TurboCircuitConstructor::put_constant_variable(const barretenberg::fr& * @return true Evaluation is zero * @return false Evaluation is not zero */ -inline bool TurboCircuitConstructor::lazy_arithmetic_gate_check(const size_t gate_index) +template +inline bool TurboCircuitConstructor_::lazy_arithmetic_gate_check(const size_t gate_index) { return arithmetic_gate_evaluation(gate_index, fr::one()).is_zero(); } @@ -788,7 +799,8 @@ inline bool TurboCircuitConstructor::lazy_arithmetic_gate_check(const size_t gat * @return bool * TODO(luke/kesha): Add some comments explaining in what sense each of these checks are "lazy" */ -inline bool TurboCircuitConstructor::lazy_fixed_base_gate_check(const size_t gate_index) +template +inline bool TurboCircuitConstructor_::lazy_fixed_base_gate_check(const size_t gate_index) { ASSERT(gate_index < num_gates); @@ -901,7 +913,7 @@ inline bool TurboCircuitConstructor::lazy_fixed_base_gate_check(const size_t gat * @param gate_index Gate index * @return fr */ -inline bool TurboCircuitConstructor::lazy_logic_gate_check(const size_t gate_index) +template inline bool TurboCircuitConstructor_::lazy_logic_gate_check(const size_t gate_index) { ASSERT(gate_index < num_gates); @@ -977,7 +989,7 @@ inline bool TurboCircuitConstructor::lazy_logic_gate_check(const size_t gate_ind * @param gate_index Gate index * @return bool */ -inline bool TurboCircuitConstructor::lazy_range_gate_check(const size_t gate_index) +template inline bool TurboCircuitConstructor_::lazy_range_gate_check(const size_t gate_index) { ASSERT(gate_index < num_gates); @@ -1033,7 +1045,7 @@ inline bool TurboCircuitConstructor::lazy_range_gate_check(const size_t gate_ind * @param alpha_base The base value that the whole evaluation is multiplied by * @return fr */ -inline fr TurboCircuitConstructor::arithmetic_gate_evaluation(const size_t gate_index, const fr alpha_base) +inline fr TurboCircuitConstructor_::arithmetic_gate_evaluation(const size_t gate_index, const fr alpha_base) { ASSERT(gate_index < num_gates); @@ -1082,7 +1094,9 @@ inline fr TurboCircuitConstructor::arithmetic_gate_evaluation(const size_t gate_ * @param alpha An element used as a separator of individual subrelations * @return fr */ -inline fr TurboCircuitConstructor::range_gate_evaluation(const size_t gate_index, const fr alpha_base, const fr alpha) +inline fr TurboCircuitConstructor_::range_gate_evaluation(const size_t gate_index, + const fr alpha_base, + const fr alpha) { ASSERT(gate_index < num_gates); @@ -1166,7 +1180,9 @@ inline fr TurboCircuitConstructor::range_gate_evaluation(const size_t gate_index * @param alpha The element used as separator for individual subrelations * @return fr */ -inline fr TurboCircuitConstructor::logic_gate_evaluation(const size_t gate_index, const fr alpha_base, const fr alpha) +inline fr TurboCircuitConstructor_::logic_gate_evaluation(const size_t gate_index, + const fr alpha_base, + const fr alpha) { ASSERT(gate_index < num_gates); @@ -1334,8 +1350,8 @@ inline fr TurboCircuitConstructor::logic_gate_evaluation(const size_t gate_index * @param alpha_powers A vector with alpha_base and alpha_base*α^{i} for enough i * @return fr */ -inline fr TurboCircuitConstructor::fixed_base_gate_evaluation(const size_t gate_index, - const std::vector& alpha_powers) +inline fr TurboCircuitConstructor_::fixed_base_gate_evaluation(const size_t gate_index, + const std::vector& alpha_powers) { ASSERT(gate_index < num_gates); @@ -1441,7 +1457,7 @@ inline fr TurboCircuitConstructor::fixed_base_gate_evaluation(const size_t gate_ * * @return true if circuit is correct, false if not. * */ -bool TurboCircuitConstructor::check_circuit() +bool TurboCircuitConstructor_::check_circuit() { // #define LAZY_CIRCUIT_CHECKS #ifdef LAZY_CIRCUIT_CHECKS diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index 33fbb00183..30b9589535 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -13,16 +13,18 @@ inline std::vector turbo_selector_names() "q_5", "q_arith", "q_fixed_base", "q_range", "q_logic" }; return result; } -class TurboCircuitConstructor : public CircuitConstructorBase> { +template +class TurboCircuitConstructor_ : public CircuitConstructorBase> { public: + using FF = typename Curve::ScalarField; static constexpr ComposerType type = ComposerType::TURBO; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; static constexpr size_t UINT_LOG2_BASE = 2; using WireVector = std::vector>; - using SelectorVector = std::vector>; + using SelectorVector = std::vector>; WireVector& w_l = std::get<0>(wires); WireVector& w_r = std::get<1>(wires); @@ -41,18 +43,18 @@ class TurboCircuitConstructor : public CircuitConstructorBase>::operator=(std::move(other)); + CircuitConstructorBase>::operator=(std::move(other)); constant_variable_indices = other.constant_variable_indices; return *this; }; - ~TurboCircuitConstructor() {} + ~TurboCircuitConstructor_() {} void create_add_gate(const add_triple& in); @@ -67,16 +69,12 @@ class TurboCircuitConstructor : public CircuitConstructorBase& alpha_powers); - barretenberg::fr logic_gate_evaluation(const size_t index, - const barretenberg::fr alpha_bas, - const barretenberg::fr alpha); - barretenberg::fr range_gate_evaluation(const size_t index, - const barretenberg::fr alpha_bas, - const barretenberg::fr alpha); + FF arithmetic_gate_evaluation(const size_t index, const FF alpha_base); + FF fixed_base_gate_evaluation(const size_t index, const std::vector& alpha_powers); + FF logic_gate_evaluation(const size_t index, const FF alpha_bas, const FF alpha); + FF range_gate_evaluation(const size_t index, const FF alpha_bas, const FF alpha); bool lazy_arithmetic_gate_check(const size_t gate_index); bool lazy_fixed_base_gate_check(const size_t gate_index); @@ -101,13 +99,11 @@ class TurboCircuitConstructor : public CircuitConstructorBase - void assert_equal_constant(T const& in, const barretenberg::fr& b, std::string const& msg = "assert_equal_constant") + void assert_equal_constant(T const& in, const FF& b, std::string const& msg = "assert_equal_constant") { assert_equal_constant(in.normalize().witness_index, b, msg); } // these are variables that we have used a gate on, to enforce that they are equal to a defined value - std::map constant_variable_indices; + std::map constant_variable_indices; }; -} // namespace proof_system \ No newline at end of file +using TurboCircuitConstructor = TurboCircuitConstructor_; +} // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index d269560b25..dc5503b5e2 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -1,7 +1,7 @@ /** * @file ultra_circuit_constructor.cpp * @author Luke (ledwards2225) and Kesha (Rumata888) - * @brief This file contains the implementation of UltraCircuitConstructor_ class that defines the logic of + * @brief This file contains the implementation of UltraCircuitConstructor_ class that defines the logic of * ultra-style circuits and is intended for the use in UltraHonk and UltraPlonk systems * * @todo 1) Replace barretenberg::fr with templated FF or Field @@ -16,7 +16,7 @@ using namespace barretenberg; namespace proof_system { -template void UltraCircuitConstructor_::finalize_circuit() +template void UltraCircuitConstructor_::finalize_circuit() { /** * First of all, add the gates related to ROM arrays and range lists. @@ -52,7 +52,7 @@ template void UltraCircuitConstructor_::finalize_circuit() } /** - * @brief Atemplate void zero-polynomials and ensure first coeff of wire polynomials is 0 + * @brief Atemplate void zero-polynomials and ensure first coeff of wire polynomials is 0 * * @param in Structure containing variables and witness selectors */ @@ -62,7 +62,7 @@ template void UltraCircuitConstructor_::finalize_circuit() // (~16k gates) mostly due to the lookups it includes. // TODO(#423)(luke): Add 0 as a PI since PI always start at the 0th index of the wire polynomials? // TODO(luke): may need to reevaluate once aux relation is implemented -template void UltraCircuitConstructor_::add_gates_to_ensure_all_polys_are_non_zero() +template void UltraCircuitConstructor_::add_gates_to_ensure_all_polys_are_non_zero() { // First add a gate to simultaneously ensure first entries of all wires is zero and to add a non // zero value to all selectors aside from q_c and q_lookup @@ -127,7 +127,7 @@ template void UltraCircuitConstructor_::add_gates_to_ensure_al * * @param in A structure with variable indexes and selector values for the gate. */ -template void UltraCircuitConstructor_::create_add_gate(const add_triple& in) +template void UltraCircuitConstructor_::create_add_gate(const add_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -157,8 +157,8 @@ template void UltraCircuitConstructor_::create_add_gate(const * @param in Structure with variable indexes and wire selector values * @param include_next_gate_w_4 Switches on/off the addition of w_4 at the next index */ -template -void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) +template +void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) { assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); @@ -185,7 +185,8 @@ void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const * * @param in Structure with variables and witness selector values */ -template void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) +template +void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { // This method is an artifact of a turbo plonk feature that implicitly extracts // a high or low bit from a base-4 quad and adds it into the arithmetic gate relationship. @@ -248,7 +249,7 @@ template void UltraCircuitConstructor_::create_big_add_gate_wi * * @param in Structure containing variables and witness selectors */ -template void UltraCircuitConstructor_::create_big_mul_gate(const mul_quad& in) +template void UltraCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -272,7 +273,7 @@ template void UltraCircuitConstructor_::create_big_mul_gate(co // Creates a width-4 addition gate, where the fourth witness must be a boolean. // Can be used to normalize a 32-bit addition -template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) +template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -312,7 +313,7 @@ template void UltraCircuitConstructor_::create_balanced_add_ga * * @param in Structure containing variables and witness selectors */ -template void UltraCircuitConstructor_::create_mul_gate(const mul_triple& in) +template void UltraCircuitConstructor_::create_mul_gate(const mul_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -338,7 +339,7 @@ template void UltraCircuitConstructor_::create_mul_gate(const * * @param variable_index Variable which needs to be constrained */ -template void UltraCircuitConstructor_::create_bool_gate(const uint32_t variable_index) +template void UltraCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { assert_valid_variables({ variable_index }); @@ -366,7 +367,7 @@ template void UltraCircuitConstructor_::create_bool_gate(const * * @param in Structure containing variables and witness selectors */ -template void UltraCircuitConstructor_::create_poly_gate(const poly_triple& in) +template void UltraCircuitConstructor_::create_poly_gate(const poly_triple& in) { assert_valid_variables({ in.a, in.b, in.c }); @@ -399,7 +400,7 @@ template void UltraCircuitConstructor_::create_poly_gate(const * added, the resulting point coordinates and the selector values that describe whether the endomorphism is used on the * second point and whether it is negated. */ -template void UltraCircuitConstructor_::create_ecc_add_gate(const ecc_add_gate& in) +template void UltraCircuitConstructor_::create_ecc_add_gate(const ecc_add_gate& in) { /** * | 1 | 2 | 3 | 4 | @@ -469,8 +470,8 @@ template void UltraCircuitConstructor_::create_ecc_add_gate(co * @param witness_index The index of the witness we are fixing * @param witness_value The value we are fixing it to */ -template -void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) +template +void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) { assert_valid_variables({ witness_index }); @@ -492,7 +493,8 @@ void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, con ++num_gates; } -template uint32_t UltraCircuitConstructor_::put_constant_variable(const barretenberg::fr& variable) +template +uint32_t UltraCircuitConstructor_::put_constant_variable(const barretenberg::fr& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -504,7 +506,8 @@ template uint32_t UltraCircuitConstructor_::put_constant_varia } } -template plookup::BasicTable& UltraCircuitConstructor_::get_table(const plookup::BasicTableId id) +template +plookup::BasicTable& UltraCircuitConstructor_::get_table(const plookup::BasicTableId id) { for (plookup::BasicTable& table : lookup_tables) { if (table.id == id) { @@ -520,8 +523,8 @@ template plookup::BasicTable& UltraCircuitConstructor_::get_ta * @brief Perform a series of lookups, one for each 'row' in read_values. */ -template -plookup::ReadData UltraCircuitConstructor_::create_gates_from_plookup_accumulators( +template +plookup::ReadData UltraCircuitConstructor_::create_gates_from_plookup_accumulators( const plookup::MultiTableId& id, const plookup::ReadData& read_values, const uint32_t key_a_index, @@ -570,8 +573,9 @@ plookup::ReadData UltraCircuitConstructor_::create_gates_from_ploo * Generalized Permutation Methods **/ -template -UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list(const uint64_t target_range) +template +UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list( + const uint64_t target_range) { RangeList result; const auto range_tag = get_new_tag(); // current_tag + 1; @@ -603,11 +607,11 @@ UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_ran // range constraint a value by decomposing it into limbs whose size should be the default range constraint size -template -std::vector UltraCircuitConstructor_::decompose_into_default_range(const uint32_t variable_index, - const uint64_t num_bits, - const uint64_t target_range_bitnum, - std::string const& msg) +template +std::vector UltraCircuitConstructor_::decompose_into_default_range(const uint32_t variable_index, + const uint64_t num_bits, + const uint64_t target_range_bitnum, + std::string const& msg) { assert_valid_variables({ variable_index }); @@ -718,10 +722,10 @@ std::vector UltraCircuitConstructor_::decompose_into_default_range * @param variable_index * @param target_range */ -template -void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t variable_index, - const uint64_t target_range, - std::string const msg) +template +void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t variable_index, + const uint64_t target_range, + std::string const msg) { if (uint256_t(get_variable(variable_index)).data[0] > target_range) { @@ -773,7 +777,7 @@ void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t va } } -template void UltraCircuitConstructor_::process_range_list(RangeList& list) +template void UltraCircuitConstructor_::process_range_list(RangeList& list) { assert_valid_variables(list.variable_indices); @@ -827,7 +831,7 @@ template void UltraCircuitConstructor_::process_range_list(Ran create_sort_constraint_with_edges(indices, 0, list.target_range); } -template void UltraCircuitConstructor_::process_range_lists() +template void UltraCircuitConstructor_::process_range_lists() { for (auto& i : range_lists) { process_range_list(i.second); @@ -847,8 +851,8 @@ template void UltraCircuitConstructor_::process_range_lists() * std::map range_lists; */ // Check for a sequence of variables that neighboring differences are at most 3 (used for batched range checkj) -template -void UltraCircuitConstructor_::create_sort_constraint(const std::vector& variable_index) +template +void UltraCircuitConstructor_::create_sort_constraint(const std::vector& variable_index) { constexpr size_t gate_width = plonk::ultra_settings::program_width; ASSERT(variable_index.size() % gate_width == 0); @@ -894,8 +898,8 @@ void UltraCircuitConstructor_::create_sort_constraint(const std::vector -void UltraCircuitConstructor_::create_dummy_constraints(const std::vector& variable_index) +template +void UltraCircuitConstructor_::create_dummy_constraints(const std::vector& variable_index) { std::vector padded_list = variable_index; constexpr size_t gate_width = plonk::ultra_settings::program_width; @@ -927,10 +931,10 @@ void UltraCircuitConstructor_::create_dummy_constraints(const std::vector -void UltraCircuitConstructor_::create_sort_constraint_with_edges(const std::vector& variable_index, - const fr& start, - const fr& end) +template +void UltraCircuitConstructor_::create_sort_constraint_with_edges(const std::vector& variable_index, + const fr& start, + const fr& end) { // Convenient to assume size is at least 8 (gate_width = 4) for separate gates for start and end conditions constexpr size_t gate_width = plonk::ultra_settings::program_width; @@ -1016,8 +1020,8 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const std:: // range constraint a value by decomposing it into limbs whose size should be the default range constraint size -template -std::vector UltraCircuitConstructor_::decompose_into_default_range_better_for_oddlimbnum( +template +std::vector UltraCircuitConstructor_::decompose_into_default_range_better_for_oddlimbnum( const uint32_t variable_index, const size_t num_bits, std::string const& msg) { std::vector sums; @@ -1112,7 +1116,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_range * * @param type */ -template void UltraCircuitConstructor_::apply_aux_selectors(const AUX_SELECTORS type) +template void UltraCircuitConstructor_::apply_aux_selectors(const AUX_SELECTORS type) { q_aux.emplace_back(type == AUX_SELECTORS::NONE ? 0 : 1); q_sort.emplace_back(0); @@ -1272,11 +1276,11 @@ template void UltraCircuitConstructor_::apply_aux_selectors(co * Applies range constraints to two 70-bit limbs, splititng each into 5 14-bit sublimbs. * We can efficiently chain together two 70-bit limb checks in 3 gates, using auxiliary gates **/ -template -void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_idx, - const uint32_t hi_idx, - const size_t lo_limb_bits, - const size_t hi_limb_bits) +template +void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_idx, + const uint32_t hi_idx, + const size_t lo_limb_bits, + const size_t hi_limb_bits) { // Validate limbs are <= 70 bits. If limbs are larger we require more witnesses and cannot use our limb accumulation // custom gate @@ -1359,8 +1363,8 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_i * @return std::array The indices of new limbs. */ -template -std::array UltraCircuitConstructor_::decompose_non_native_field_double_width_limb( +template +std::array UltraCircuitConstructor_::decompose_non_native_field_double_width_limb( const uint32_t limb_idx, const size_t num_limb_bits) { ASSERT(uint256_t(get_variable_reference(limb_idx)) < (uint256_t(1) << num_limb_bits)); @@ -1398,8 +1402,8 @@ std::array UltraCircuitConstructor_::decompose_non_native_field * N.B.: This method does NOT evaluate the prime field component of non-native field multiplications. **/ -template -std::array UltraCircuitConstructor_::evaluate_non_native_field_multiplication( +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_multiplication( const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder) { @@ -1563,7 +1567,7 @@ std::array UltraCircuitConstructor_::evaluate_non_native_field_ * Iterates over the cached_non_native_field_multiplication objects, * removes duplicates, and instantiates the remainder as constraints` */ -template void UltraCircuitConstructor_::process_non_native_field_multiplications() +template void UltraCircuitConstructor_::process_non_native_field_multiplications() { for (size_t i = 0; i < cached_partial_non_native_field_multiplications.size(); ++i) { auto& c = cached_partial_non_native_field_multiplications[i]; @@ -1620,8 +1624,8 @@ template void UltraCircuitConstructor_::process_non_native_fie * **/ -template -std::array UltraCircuitConstructor_::queue_partial_non_native_field_multiplication( +template +std::array UltraCircuitConstructor_::queue_partial_non_native_field_multiplication( const non_native_field_witnesses& input) { @@ -1667,8 +1671,8 @@ std::array UltraCircuitConstructor_::queue_partial_non_native_f * field elements in 4 gates (would normally take 5) **/ -template -std::array UltraCircuitConstructor_::evaluate_non_native_field_addition( +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_addition( add_simple limb0, add_simple limb1, add_simple limb2, @@ -1794,8 +1798,8 @@ std::array UltraCircuitConstructor_::evaluate_non_native_field_ }; } -template -std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( add_simple limb0, add_simple limb1, add_simple limb2, @@ -1925,7 +1929,7 @@ std::array UltraCircuitConstructor_::evaluate_non_native_field_ * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_ROM_gate(RomRecord& record) +template void UltraCircuitConstructor_::create_ROM_gate(RomRecord& record) { // Record wire value can't yet be computed record.record_witness = add_variable(0); @@ -1945,7 +1949,7 @@ template void UltraCircuitConstructor_::create_ROM_gate(RomRec * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_sorted_ROM_gate(RomRecord& record) +template void UltraCircuitConstructor_::create_sorted_ROM_gate(RomRecord& record) { record.record_witness = add_variable(0); apply_aux_selectors(AUX_SELECTORS::ROM_CONSISTENCY_CHECK); @@ -1968,7 +1972,7 @@ template void UltraCircuitConstructor_::create_sorted_ROM_gate * @return size_t The index of the element */ -template size_t UltraCircuitConstructor_::create_ROM_array(const size_t array_size) +template size_t UltraCircuitConstructor_::create_ROM_array(const size_t array_size) { RomTranscript new_transcript; for (size_t i = 0; i < array_size; ++i) { @@ -1985,7 +1989,7 @@ template size_t UltraCircuitConstructor_::create_ROM_array(con * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_RAM_gate(RamRecord& record) +template void UltraCircuitConstructor_::create_RAM_gate(RamRecord& record) { // Record wire value can't yet be computed (uses randomnes generated during proof construction). // However it needs a distinct witness index, @@ -2009,7 +2013,7 @@ template void UltraCircuitConstructor_::create_RAM_gate(RamRec * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_sorted_RAM_gate(RamRecord& record) +template void UltraCircuitConstructor_::create_sorted_RAM_gate(RamRecord& record) { record.record_witness = add_variable(0); apply_aux_selectors(AUX_SELECTORS::RAM_CONSISTENCY_CHECK); @@ -2027,8 +2031,8 @@ template void UltraCircuitConstructor_::create_sorted_RAM_gate * * @param record Stores details of this read operation. Mutated by this fn! */ -template -void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) +template +void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) { record.record_witness = add_variable(0); record.gate_index = num_gates; @@ -2056,7 +2060,7 @@ void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& recor * @param array_size The size of region in elements * @return size_t The index of the element */ -size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size) +size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size) { RamTranscript new_transcript; for (size_t i = 0; i < array_size; ++i) { @@ -2073,10 +2077,10 @@ size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size) * @param index_value The index of the cell within the array (an actual index, not a witness index) * @param value_witness The index of the witness with the value that should be in the */ -template -void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, - const size_t index_value, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, + const size_t index_value, + const uint32_t value_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2097,8 +2101,8 @@ void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, ram_array.records.emplace_back(new_record); } -template -uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, const uint32_t index_witness) +template +uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, const uint32_t index_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2126,10 +2130,10 @@ uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, const return value_witness; } -template -void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, - const uint32_t index_witness, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, + const uint32_t index_witness, + const uint32_t value_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2169,10 +2173,10 @@ void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, * @param index_value The index of the cell within the array (an actual index, not a witness index) * @param value_witness The index of the witness with the value that should be in the */ -template -void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, - const size_t index_value, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, + const size_t index_value, + const uint32_t value_witness) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2212,10 +2216,10 @@ void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, * @param index_value Index in the array * @param value_witnesses The witnesses to put in the slot */ -template -void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, - const size_t index_value, - const std::array& value_witnesses) +template +void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, + const size_t index_value, + const std::array& value_witnesses) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2243,8 +2247,8 @@ void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, * @param index_witness The witness with the index inside the array * @return uint32_t Cell value witness index */ -template -uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, const uint32_t index_witness) +template +uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, const uint32_t index_witness) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2276,9 +2280,9 @@ uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, const * @return std::array A pair of indexes of witness variables of cell values */ -template -std::array UltraCircuitConstructor_::read_ROM_array_pair(const size_t rom_id, - const uint32_t index_witness) +template +std::array UltraCircuitConstructor_::read_ROM_array_pair(const size_t rom_id, + const uint32_t index_witness) { std::array value_witnesses; @@ -2313,8 +2317,9 @@ std::array UltraCircuitConstructor_::read_ROM_array_pair(const * @param rom_id The id of the ROM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ -template -void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, + const size_t gate_offset_from_public_inputs) { auto& rom_array = rom_arrays[rom_id]; @@ -2400,8 +2405,9 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, const * @param ram_id The id of the RAM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ -template -void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, + const size_t gate_offset_from_public_inputs) { RamTranscript& ram_array = ram_arrays[ram_id]; const auto access_tag = get_new_tag(); // current_tag + 1; @@ -2538,15 +2544,15 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const } } -template -void UltraCircuitConstructor_::process_ROM_arrays(const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_ROM_arrays(const size_t gate_offset_from_public_inputs) { for (size_t i = 0; i < rom_arrays.size(); ++i) { process_ROM_array(i, gate_offset_from_public_inputs); } } -template -void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offset_from_public_inputs) +template +void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offset_from_public_inputs) { for (size_t i = 0; i < ram_arrays.size(); ++i) { process_RAM_array(i, gate_offset_from_public_inputs); @@ -2620,21 +2626,21 @@ void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offset_f * @param alpha * @return fr */ -inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arith_value, - fr q_1_value, - fr q_2_value, - fr q_3_value, - fr q_4_value, - fr q_m_value, - fr q_c_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha) const +inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arith_value, + fr q_1_value, + fr q_2_value, + fr q_3_value, + fr q_4_value, + fr q_m_value, + fr q_c_value, + fr w_1_value, + fr w_2_value, + fr w_3_value, + fr w_4_value, + fr w_1_shifted_value, + fr w_4_shifted_value, + fr alpha_base, + fr alpha) const { constexpr fr neg_half = fr(-2).invert(); // The main arithmetic identity that gets activated for q_arith_value == 1 @@ -2684,14 +2690,14 @@ inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arith_v * @param alpha * @return fr */ -inline fr UltraCircuitConstructor_::compute_genperm_sort_identity(fr q_sort_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr alpha_base, - fr alpha) const +inline fr UltraCircuitConstructor_::compute_genperm_sort_identity(fr q_sort_value, + fr w_1_value, + fr w_2_value, + fr w_3_value, + fr w_4_value, + fr w_1_shifted_value, + fr alpha_base, + fr alpha) const { // Power of alpha to separate individual delta relations // TODO(kesha): This is a repeated computation which can be efficiently optimized @@ -2779,18 +2785,18 @@ inline fr UltraCircuitConstructor_::compute_genperm_sort_identity(fr q_sort_ * @param w_4_shifted_value y₃ * @return fr */ -inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_elliptic_value, - fr q_1_value, - fr q_3_value, - fr q_4_value, - fr w_2_value, - fr w_3_value, - fr w_1_shifted_value, - fr w_2_shifted_value, - fr w_3_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha) const +inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_elliptic_value, + fr q_1_value, + fr q_3_value, + fr q_4_value, + fr w_2_value, + fr w_3_value, + fr w_1_shifted_value, + fr w_2_shifted_value, + fr w_3_shifted_value, + fr w_4_shifted_value, + fr alpha_base, + fr alpha) const { // TODO(kesha): Can this be implemented more efficiently? // It seems that Zac wanted to group the elements by selectors to use several linear terms initially, @@ -2864,25 +2870,25 @@ inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_elliptic_ * */ -inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_value, - fr q_arith_value, - fr q_1_value, - fr q_2_value, - fr q_3_value, - fr q_4_value, - fr q_m_value, - fr q_c_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr w_2_shifted_value, - fr w_3_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha, - fr eta) const +inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_value, + fr q_arith_value, + fr q_1_value, + fr q_2_value, + fr q_3_value, + fr q_4_value, + fr q_m_value, + fr q_c_value, + fr w_1_value, + fr w_2_value, + fr w_3_value, + fr w_4_value, + fr w_1_shifted_value, + fr w_2_shifted_value, + fr w_3_shifted_value, + fr w_4_shifted_value, + fr alpha_base, + fr alpha, + fr eta) const { constexpr barretenberg::fr LIMB_SIZE(uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); // TODO(kesha): Replace with a constant defined in header @@ -3137,7 +3143,7 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_value * @return true * @return false */ -bool UltraCircuitConstructor_::check_circuit() +bool UltraCircuitConstructor_::check_circuit() { bool result = true; CircuitDataBackup circuit_backup = CircuitDataBackup::store_prefinilized_state(this); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index a275afafe3..36985de973 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -15,8 +15,10 @@ namespace proof_system { using namespace barretenberg; -template class UltraCircuitConstructor_ : public CircuitConstructorBase> { +template +class UltraCircuitConstructor_ : public CircuitConstructorBase> { public: + using FF = typename Curve::ScalarField; static constexpr ComposerType type = ComposerType::PLOOKUP; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; @@ -1195,4 +1197,5 @@ template class UltraCircuitConstructor_ : public CircuitConstructo void update_circuit_in_the_head(); bool check_circuit(); }; +using UltraCircuitConstructor = UltraCircuitConstructor_ } // namespace proof_system diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index 516234fdae..aea0ac52ac 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -25,14 +25,7 @@ using StandardHonkComposer = StandardHonkComposer_; template class UltraHonkComposer_; using UltraHonkComposer = UltraHonkComposer_; } // namespace proof_system::honk - -namespace curve { -class ScalarField; -class BN254 { - public: - using ScalarField = ScalarField; -}; -} // namespace curve +// namespace curve namespace proof_system { class StandardCircuitConstructor; class TurboCircuitConstructor; From 4522b3205dec7447b7f688fb7de792be0b5a3be2 Mon Sep 17 00:00:00 2001 From: maramihali Date: Thu, 15 Jun 2023 11:54:23 +0000 Subject: [PATCH 07/12] wip --- .../circuit_constructor_base.hpp | 2 - .../standard_circuit_constructor.hpp | 29 ++--- .../turbo_circuit_constructor.hpp | 32 +++--- .../ultra_circuit_constructor.hpp | 104 ++++++++---------- 4 files changed, 79 insertions(+), 88 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 7d634dedfe..031ceb88fc 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -8,10 +8,8 @@ namespace proof_system { static constexpr uint32_t DUMMY_TAG = 0; -// Note(Mara): Is this ugly? template class CircuitConstructorBase { public: - // Is this okay?? using FF = typename Arithmetization::FF; static constexpr size_t NUM_WIRES = Arithmetization::NUM_WIRES; // Keeping NUM_WIRES, at least temporarily, for backward compatibility diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 8729e19959..484ef642b4 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -25,15 +25,15 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase>; using SelectorVector = std::vector>; - WireVector& w_l = std::get<0>(wires); - WireVector& w_r = std::get<1>(wires); - WireVector& w_o = std::get<2>(wires); + WireVector& w_l = std::get<0>(this->wires); + WireVector& w_r = std::get<1>(this->wires); + WireVector& w_o = std::get<2>(this->wires); - SelectorVector& q_m = selectors.q_m; - SelectorVector& q_1 = selectors.q_1; - SelectorVector& q_2 = selectors.q_2; - SelectorVector& q_3 = selectors.q_3; - SelectorVector& q_c = selectors.q_c; + SelectorVector& q_m = this->selectors.q_m; + SelectorVector& q_1 = this->selectors.q_1; + SelectorVector& q_2 = this->selectors.q_2; + SelectorVector& q_3 = this->selectors.q_3; + SelectorVector& q_c = this->selectors.q_c; static constexpr size_t UINT_LOG2_BASE = 2; @@ -43,7 +43,7 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase constant_variable_indices; StandardCircuitConstructor_(const size_t size_hint = 0) - : CircuitConstructorBase(standard_selector_names(), size_hint) + : CircuitConstructorBase(standard_selector_names(), size_hint) { w_l.reserve(size_hint); w_r.reserve(size_hint); @@ -52,12 +52,12 @@ class StandardCircuitConstructor_ : public CircuitConstructorBasezero_idx = put_constant_variable(FF::zero()); // TODO(#217)(Cody): Ensure that no polynomial is ever zero. Maybe there's a better way. - one_idx = put_constant_variable(FF::one()); + this->one_idx = put_constant_variable(FF::one()); // 1 * 1 * 1 + 1 * 1 + 1 * 1 + 1 * 1 + -4 // m l r o c - create_poly_gate({ one_idx, one_idx, one_idx, 1, 1, 1, 1, -4 }); + create_poly_gate({ this->one_idx, this->one_idx, this->one_idx, 1, 1, 1, 1, -4 }); }; // This constructor is needed to simplify switching between circuit constructor and composer StandardCircuitConstructor_(std::string const&, const size_t size_hint = 0) @@ -116,7 +116,8 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase; - // using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor__; +using StandardCircuitConstructor = StandardCircuitConstructor_; +// using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor__; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index 30b9589535..733b73ce66 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -26,22 +26,22 @@ class TurboCircuitConstructor_ : public CircuitConstructorBase>; using SelectorVector = std::vector>; - WireVector& w_l = std::get<0>(wires); - WireVector& w_r = std::get<1>(wires); - WireVector& w_o = std::get<2>(wires); - WireVector& w_4 = std::get<3>(wires); - - SelectorVector& q_m = selectors.q_m; - SelectorVector& q_c = selectors.q_c; - SelectorVector& q_1 = selectors.q_1; - SelectorVector& q_2 = selectors.q_2; - SelectorVector& q_3 = selectors.q_3; - SelectorVector& q_4 = selectors.q_4; - SelectorVector& q_5 = selectors.q_5; - SelectorVector& q_arith = selectors.q_arith; - SelectorVector& q_fixed_base = selectors.q_fixed_base; - SelectorVector& q_range = selectors.q_range; - SelectorVector& q_logic = selectors.q_logic; + WireVector& w_l = std::get<0>(this->wires); + WireVector& w_r = std::get<1>(this->wires); + WireVector& w_o = std::get<2>(this->wires); + WireVector& w_4 = std::get<3>(this->wires); + + SelectorVector& q_m = this->selectors.q_m; + SelectorVector& q_c = this->selectors.q_c; + SelectorVector& q_1 = this->selectors.q_1; + SelectorVector& q_2 = this->selectors.q_2; + SelectorVector& q_3 = this->selectors.q_3; + SelectorVector& q_4 = this->selectors.q_4; + SelectorVector& q_5 = this->selectors.q_5; + SelectorVector& q_arith = this->selectors.q_arith; + SelectorVector& q_fixed_base = this->selectors.q_fixed_base; + SelectorVector& q_range = this->selectors.q_range; + SelectorVector& q_logic = this->selectors.q_logic; TurboCircuitConstructor_(const size_t size_hint = 0); // This constructor is needed to simplify switching between circuit constructor and composer diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index 6838dc5a0b..a574fefd96 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -42,8 +42,8 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase b; std::array q; std::array r; - std::array neg_modulus; - barretenberg::fr modulus; + std::array neg_modulus; + FF modulus; }; enum AUX_SELECTORS { @@ -182,9 +182,9 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase a; std::array b; - barretenberg::fr lo_0; - barretenberg::fr hi_0; - barretenberg::fr hi_1; + FF lo_0; + FF hi_0; + FF hi_1; bool operator==(const cached_partial_non_native_field_multiplication& other) const { @@ -235,10 +235,10 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase>; - using SelectorVector = std::vector>; + using SelectorVector = std::vector>; std::vector public_inputs; - std::vector variables; + std::vector variables; // index of next variable in equivalence class (=REAL_VARIABLE if you're last) std::vector next_var_index; // index of previous variable in equivalence class (=FIRST if you're in a cycle alone) @@ -246,7 +246,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase real_variable_index; std::vector real_variable_tags; - std::map constant_variable_indices; + std::map constant_variable_indices; WireVector w_l; WireVector w_r; WireVector w_o; @@ -527,29 +527,29 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase>; - using SelectorVector = std::vector>; - - WireVector& w_l = std::get<0>(wires); - WireVector& w_r = std::get<1>(wires); - WireVector& w_o = std::get<2>(wires); - WireVector& w_4 = std::get<3>(wires); - - SelectorVector& q_m = selectors.q_m; - SelectorVector& q_c = selectors.q_c; - SelectorVector& q_1 = selectors.q_1; - SelectorVector& q_2 = selectors.q_2; - SelectorVector& q_3 = selectors.q_3; - SelectorVector& q_4 = selectors.q_4; - SelectorVector& q_arith = selectors.q_arith; - SelectorVector& q_sort = selectors.q_sort; - SelectorVector& q_elliptic = selectors.q_elliptic; - SelectorVector& q_aux = selectors.q_aux; - SelectorVector& q_lookup_type = selectors.q_lookup_type; + using SelectorVector = std::vector>; + + WireVector& w_l = std::get<0>(this->wires); + WireVector& w_r = std::get<1>(this->wires); + WireVector& w_o = std::get<2>(this->wires); + WireVector& w_4 = std::get<3>(this->wires); + + SelectorVector& q_m = this->selectors.q_m; + SelectorVector& q_c = this->selectors.q_c; + SelectorVector& q_1 = this->selectors.q_1; + SelectorVector& q_2 = this->selectors.q_2; + SelectorVector& q_3 = this->selectors.q_3; + SelectorVector& q_4 = this->selectors.q_4; + SelectorVector& q_arith = this->selectors.q_arith; + SelectorVector& q_sort = this->selectors.q_sort; + SelectorVector& q_elliptic = this->selectors.q_elliptic; + SelectorVector& q_aux = this->selectors.q_aux; + SelectorVector& q_lookup_type = this->selectors.q_lookup_type; // These are variables that we have used a gate on, to enforce that they are // equal to a defined value. // TODO(#216)(Adrian): Why is this not in CircuitConstructorBase - std::map constant_variable_indices; + std::map constant_variable_indices; std::vector lookup_tables; std::vector lookup_multi_tables; @@ -583,20 +583,20 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase>(ultra_selector_names(), size_hint) { w_l.reserve(size_hint); w_r.reserve(size_hint); w_o.reserve(size_hint); w_4.reserve(size_hint); - zero_idx = put_constant_variable(barretenberg::fr::zero()); - tau.insert({ DUMMY_TAG, DUMMY_TAG }); // TODO(luke): explain this + this->zero_idx = put_constant_variable(FF::zero()); + this->tau.insert({ DUMMY_TAG, DUMMY_TAG }); // TODO(luke): explain this }; UltraCircuitConstructor_(std::string const&, const size_t size_hint = 0) : UltraCircuitConstructor_(size_hint){}; UltraCircuitConstructor_(const UltraCircuitConstructor_& other) = delete; UltraCircuitConstructor_(UltraCircuitConstructor_&& other) - : CircuitConstructorBase>(std::move(other)) + : CircuitConstructorBase>(std::move(other)) { constant_variable_indices = other.constant_variable_indices; @@ -613,7 +613,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase>::operator=(std::move(other)); + CircuitConstructorBase>::operator=(std::move(other)); constant_variable_indices = other.constant_variable_indices; lookup_tables = other.lookup_tables; @@ -645,7 +645,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase&, - std::vector&, - std::vector&), - std::array (*get_values_from_key)(const std::array)); + void initialize_precomputed_table(const plookup::BasicTableId id, + bool (*generator)(std::vector&, std::vector&, std::vector&), + std::array (*get_values_from_key)(const std::array)); plookup::BasicTable& get_table(const plookup::BasicTableId id); plookup::MultiTable& create_table(const plookup::MultiTableId id); plookup::ReadData create_gates_from_plookup_accumulators( const plookup::MultiTableId& id, - const plookup::ReadData& read_values, + const plookup::ReadData& read_values, const uint32_t key_a_index, std::optional key_b_index = std::nullopt); @@ -1033,9 +1028,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase& variable_index); void create_sort_constraint(const std::vector& variable_index); - void create_sort_constraint_with_edges(const std::vector& variable_index, - const barretenberg::fr&, - const barretenberg::fr&); + void create_sort_constraint_with_edges(const std::vector& variable_index, const FF&, const FF&); void assign_tag(const uint32_t variable_index, const uint32_t tag) { ASSERT(tag <= current_tag); @@ -1081,19 +1074,18 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase evaluate_non_native_field_multiplication( const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder = true); std::array queue_partial_non_native_field_multiplication(const non_native_field_witnesses& input); - typedef std::pair scaled_witness; - typedef std::tuple add_simple; - std::array evaluate_non_native_field_subtraction( - add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp); + typedef std::pair scaled_witness; + typedef std::tuple add_simple; + std::array evaluate_non_native_field_subtraction(add_simple limb0, + add_simple limb1, + add_simple limb2, + add_simple limb3, + std::tuple limbp); std::array evaluate_non_native_field_addition(add_simple limb0, add_simple limb1, add_simple limb2, add_simple limb3, - std::tuple limbp); + std::tuple limbp); /** * Memory From 8e17bff702dacabed6a0c692da971b8baa2da4ca Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 16 Jun 2023 14:42:29 +0000 Subject: [PATCH 08/12] wip wip wip wip wip --- .../standard_circuit_constructor.cpp | 163 ++--- .../turbo_circuit_constructor.cpp | 60 +- .../turbo_circuit_constructor.hpp | 5 +- .../ultra_circuit_constructor.cpp | 572 +++++++++--------- .../ultra_circuit_constructor.hpp | 38 +- .../primitives/composers/composers_fwd.hpp | 13 +- 6 files changed, 434 insertions(+), 417 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp index 1c1dbec5c0..eee275647d 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp @@ -16,7 +16,7 @@ namespace proof_system { */ template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -27,7 +27,7 @@ template void StandardCircuitConstructor_::create_add_ga q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - ++num_gates; + ++this->num_gates; } /** @@ -41,10 +41,10 @@ template void StandardCircuitConstructor_::create_big_ad { // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) - fr t0 = get_variable(in.a) * in.a_scaling; - fr t1 = get_variable(in.b) * in.b_scaling; + fr t0 = this->get_variable(in.a) * in.a_scaling; + fr t1 = this->get_variable(in.b) * in.b_scaling; fr temp = t0 + t1; - uint32_t temp_idx = add_variable(temp); + uint32_t temp_idx = this->add_variable(temp); create_add_gate(add_triple{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); @@ -60,15 +60,14 @@ template void StandardCircuitConstructor_::create_big_ad * */ template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { - - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) - fr t0 = get_variable(in.a) * in.a_scaling; - fr t1 = get_variable(in.b) * in.b_scaling; + fr t0 = this->get_variable(in.a) * in.a_scaling; + fr t1 = this->get_variable(in.b) * in.b_scaling; fr temp = t0 + t1; - uint32_t temp_idx = add_variable(temp); + uint32_t temp_idx = this->add_variable(temp); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -79,7 +78,7 @@ template void StandardCircuitConstructor_::create_balanc q_3.emplace_back(FF::neg_one()); q_c.emplace_back(FF::zero()); - ++num_gates; + ++this->num_gates; w_l.emplace_back(temp_idx); w_r.emplace_back(in.c); @@ -90,12 +89,12 @@ template void StandardCircuitConstructor_::create_balanc q_3.emplace_back(in.d_scaling); q_c.emplace_back(in.const_scaling); - ++num_gates; + ++this->num_gates; // in.d must be between 0 and 3 // i.e. in.d * (in.d - 1) * (in.d - 2) = 0 - fr temp_2 = get_variable(in.d).sqr() - get_variable(in.d); - uint32_t temp_2_idx = add_variable(temp_2); + fr temp_2 = this->get_variable(in.d).sqr() - this->get_variable(in.d); + uint32_t temp_2_idx = this->add_variable(temp_2); w_l.emplace_back(in.d); w_r.emplace_back(in.d); w_o.emplace_back(temp_2_idx); @@ -105,19 +104,19 @@ template void StandardCircuitConstructor_::create_balanc q_3.emplace_back(FF::neg_one()); q_c.emplace_back(FF::zero()); - ++num_gates; + ++this->num_gates; constexpr fr neg_two = -fr(2); w_l.emplace_back(temp_2_idx); w_r.emplace_back(in.d); - w_o.emplace_back(zero_idx); + w_o.emplace_back(this->zero_idx); q_m.emplace_back(FF::one()); q_1.emplace_back(neg_two); q_2.emplace_back(FF::zero()); q_3.emplace_back(FF::zero()); q_c.emplace_back(FF::zero()); - ++num_gates; + ++this->num_gates; } template @@ -129,12 +128,12 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction // r = (-2*delta*delta + 9*delta - 7)*delta // r = - fr delta = get_variable(in.d); + fr delta = this->get_variable(in.d); delta += delta; delta += delta; - delta = get_variable(in.c) - delta; + delta = this->get_variable(in.c) - delta; - uint32_t delta_idx = add_variable(delta); + uint32_t delta_idx = this->add_variable(delta); constexpr fr neg_four = -(fr(4)); create_add_gate(add_triple{ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); @@ -142,11 +141,11 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction constexpr fr seven = fr(7); constexpr fr nine = fr(9); const fr r_0 = (delta * nine) - ((delta.sqr() * two) + seven); - uint32_t r_0_idx = add_variable(r_0); + uint32_t r_0_idx = this->add_variable(r_0); create_poly_gate(poly_triple{ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); fr r_1 = r_0 * delta; - uint32_t r_1_idx = add_variable(r_1); + uint32_t r_1_idx = this->add_variable(r_1); create_mul_gate(mul_triple{ r_0_idx, delta_idx, @@ -158,8 +157,8 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction // ain.a1 + bin.b2 + cin.c3 + din.c4 + r_1 = 0 - fr r_2 = (r_1 + (get_variable(in.d) * in.d_scaling)); - uint32_t r_2_idx = add_variable(r_2); + fr r_2 = (r_1 + (this->get_variable(in.d) * in.d_scaling)); + uint32_t r_2_idx = this->add_variable(r_2); create_add_gate(add_triple{ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); create_big_add_gate( @@ -168,8 +167,8 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { - fr temp = ((get_variable(in.c) * in.c_scaling) + (get_variable(in.d) * in.d_scaling)); - uint32_t temp_idx = add_variable(temp); + fr temp = ((this->get_variable(in.c) * in.c_scaling) + (this->get_variable(in.d) * in.d_scaling)); + uint32_t temp_idx = this->add_variable(temp); create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); create_poly_gate( @@ -184,7 +183,7 @@ template void StandardCircuitConstructor_::create_big_mu */ template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -195,7 +194,7 @@ template void StandardCircuitConstructor_::create_mul_ga q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - ++num_gates; + ++this->num_gates; } /** @@ -204,9 +203,9 @@ template void StandardCircuitConstructor_::create_mul_ga * * @param variable_index The index of the variable. */ -void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) +template void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { - assert_valid_variables({ variable_index }); + this->assert_valid_variables({ variable_index }); w_l.emplace_back(variable_index); w_r.emplace_back(variable_index); @@ -218,7 +217,7 @@ void StandardCircuitConstructor_::create_bool_gate(const uint32_t variabl q_3.emplace_back(FF::neg_one()); q_c.emplace_back(FF::zero()); - ++num_gates; + ++this->num_gates; } /** @@ -226,9 +225,9 @@ void StandardCircuitConstructor_::create_bool_gate(const uint32_t variabl * * @param in A poly_triple containing all the information. */ -void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) +template void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -239,14 +238,15 @@ void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) q_3.emplace_back(in.q_o); q_c.emplace_back(in.q_c); - ++num_gates; + ++this->num_gates; } +template std::vector StandardCircuitConstructor_::decompose_into_base4_accumulators( const uint32_t witness_index, const size_t num_bits, std::string const& msg) { ASSERT(num_bits > 0); - const uint256_t target(get_variable(witness_index)); + const uint256_t target(this->get_variable(witness_index)); std::vector accumulators; @@ -261,7 +261,7 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a for (size_t i = num_quads - 1; i < num_quads; --i) { bool lo = target.get_bit(2 * i); - uint32_t lo_idx = add_variable(lo ? FF::one() : FF::zero()); + uint32_t lo_idx = this->add_variable(lo ? FF::one() : FF::zero()); create_bool_gate(lo_idx); uint32_t quad_idx; @@ -270,11 +270,11 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a quad_idx = lo_idx; } else { bool hi = target.get_bit(2 * i + 1); - uint32_t hi_idx = add_variable(hi ? FF::one() : FF::zero()); + uint32_t hi_idx = this->add_variable(hi ? FF::one() : FF::zero()); create_bool_gate(hi_idx); uint64_t quad = (lo ? 1U : 0U) + (hi ? 2U : 0U); - quad_idx = add_variable(fr{ quad, 0, 0, 0 }.to_montgomery_form()); + quad_idx = this->add_variable(fr{ quad, 0, 0, 0 }.to_montgomery_form()); create_add_gate( add_triple{ lo_idx, hi_idx, quad_idx, FF::one(), FF::one() + FF::one(), FF::neg_one(), FF::zero() }); @@ -282,13 +282,13 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a if (i == num_quads - 1) { accumulators.push_back(quad_idx); - accumulator = get_variable(quad_idx); + accumulator = this->get_variable(quad_idx); accumulator_idx = quad_idx; } else { fr new_accumulator = accumulator + accumulator; new_accumulator = new_accumulator + new_accumulator; - new_accumulator = new_accumulator + get_variable(quad_idx); - uint32_t new_accumulator_idx = add_variable(new_accumulator); + new_accumulator = new_accumulator + this->get_variable(quad_idx); + uint32_t new_accumulator_idx = this->add_variable(new_accumulator); create_add_gate(add_triple{ accumulator_idx, quad_idx, new_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.push_back(new_accumulator_idx); @@ -297,29 +297,30 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a } } - assert_equal(witness_index, accumulator_idx, msg); + this->assert_equal(witness_index, accumulator_idx, msg); return accumulators; } +template accumulator_triple StandardCircuitConstructor_::create_logic_constraint(const uint32_t a, const uint32_t b, const size_t num_bits, const bool is_xor_gate) { - assert_valid_variables({ a, b }); + this->assert_valid_variables({ a, b }); accumulator_triple accumulators; - const uint256_t left_witness_value(get_variable(a)); - const uint256_t right_witness_value(get_variable(b)); + const uint256_t left_witness_value(this->get_variable(a)); + const uint256_t right_witness_value(this->get_variable(b)); fr left_accumulator = FF::zero(); fr right_accumulator = FF::zero(); fr out_accumulator = FF::zero(); - uint32_t left_accumulator_idx = zero_idx; - uint32_t right_accumulator_idx = zero_idx; - uint32_t out_accumulator_idx = zero_idx; + uint32_t left_accumulator_idx = this->zero_idx; + uint32_t right_accumulator_idx = this->zero_idx; + uint32_t out_accumulator_idx = this->zero_idx; constexpr fr four = fr(4); constexpr fr neg_two = -fr(2); for (size_t i = num_bits - 1; i < num_bits; i -= 2) { @@ -328,16 +329,16 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c bool right_hi_val = right_witness_value.get_bit((i)); bool right_lo_val = right_witness_value.get_bit(i - 1); - uint32_t left_hi_idx = add_variable(left_hi_val ? FF::one() : FF::zero()); - uint32_t left_lo_idx = add_variable(left_lo_val ? FF::one() : FF::zero()); - uint32_t right_hi_idx = add_variable(right_hi_val ? FF::one() : FF::zero()); - uint32_t right_lo_idx = add_variable(right_lo_val ? FF::one() : FF::zero()); + uint32_t left_hi_idx = this->add_variable(left_hi_val ? FF::one() : FF::zero()); + uint32_t left_lo_idx = this->add_variable(left_lo_val ? FF::one() : FF::zero()); + uint32_t right_hi_idx = this->add_variable(right_hi_val ? FF::one() : FF::zero()); + uint32_t right_lo_idx = this->add_variable(right_lo_val ? FF::one() : FF::zero()); bool out_hi_val = is_xor_gate ? left_hi_val ^ right_hi_val : left_hi_val & right_hi_val; bool out_lo_val = is_xor_gate ? left_lo_val ^ right_lo_val : left_lo_val & right_lo_val; - uint32_t out_hi_idx = add_variable(out_hi_val ? FF::one() : FF::zero()); - uint32_t out_lo_idx = add_variable(out_lo_val ? FF::one() : FF::zero()); + uint32_t out_hi_idx = this->add_variable(out_hi_val ? FF::one() : FF::zero()); + uint32_t out_lo_idx = this->add_variable(out_lo_val ? FF::one() : FF::zero()); create_bool_gate(left_hi_idx); create_bool_gate(right_hi_idx); @@ -367,18 +368,20 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c FF::neg_one(), FF::zero() }); - fr left_quad = get_variable(left_lo_idx) + get_variable(left_hi_idx) + get_variable(left_hi_idx); - fr right_quad = get_variable(right_lo_idx) + get_variable(right_hi_idx) + get_variable(right_hi_idx); - fr out_quad = get_variable(out_lo_idx) + get_variable(out_hi_idx) + get_variable(out_hi_idx); + fr left_quad = + this->get_variable(left_lo_idx) + this->get_variable(left_hi_idx) + this->get_variable(left_hi_idx); + fr right_quad = + this->get_variable(right_lo_idx) + this->get_variable(right_hi_idx) + this->get_variable(right_hi_idx); + fr out_quad = this->get_variable(out_lo_idx) + this->get_variable(out_hi_idx) + this->get_variable(out_hi_idx); - uint32_t left_quad_idx = add_variable(left_quad); - uint32_t right_quad_idx = add_variable(right_quad); - uint32_t out_quad_idx = add_variable(out_quad); + uint32_t left_quad_idx = this->add_variable(left_quad); + uint32_t right_quad_idx = this->add_variable(right_quad); + uint32_t out_quad_idx = this->add_variable(out_quad); fr new_left_accumulator = left_accumulator + left_accumulator; new_left_accumulator = new_left_accumulator + new_left_accumulator; new_left_accumulator = new_left_accumulator + left_quad; - uint32_t new_left_accumulator_idx = add_variable(new_left_accumulator); + uint32_t new_left_accumulator_idx = this->add_variable(new_left_accumulator); create_add_gate(add_triple{ left_accumulator_idx, left_quad_idx, @@ -391,7 +394,7 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c fr new_right_accumulator = right_accumulator + right_accumulator; new_right_accumulator = new_right_accumulator + new_right_accumulator; new_right_accumulator = new_right_accumulator + right_quad; - uint32_t new_right_accumulator_idx = add_variable(new_right_accumulator); + uint32_t new_right_accumulator_idx = this->add_variable(new_right_accumulator); create_add_gate(add_triple{ right_accumulator_idx, right_quad_idx, @@ -404,7 +407,7 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c fr new_out_accumulator = out_accumulator + out_accumulator; new_out_accumulator = new_out_accumulator + new_out_accumulator; new_out_accumulator = new_out_accumulator + out_quad; - uint32_t new_out_accumulator_idx = add_variable(new_out_accumulator); + uint32_t new_out_accumulator_idx = this->add_variable(new_out_accumulator); create_add_gate(add_triple{ out_accumulator_idx, out_quad_idx, new_out_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); @@ -425,34 +428,36 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c return accumulators; } +template void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { - assert_valid_variables({ witness_index }); + this->assert_valid_variables({ witness_index }); w_l.emplace_back(witness_index); - w_r.emplace_back(zero_idx); - w_o.emplace_back(zero_idx); + w_r.emplace_back(this->zero_idx); + w_o.emplace_back(this->zero_idx); q_m.emplace_back(FF::zero()); q_1.emplace_back(FF::one()); q_2.emplace_back(FF::zero()); q_3.emplace_back(FF::zero()); q_c.emplace_back(-witness_value); - ++num_gates; + ++this->num_gates; } -uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) +template uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); } else { - uint32_t variable_index = add_variable(variable); + uint32_t variable_index = this->add_variable(variable); fix_witness(variable_index, variable); constant_variable_indices.insert({ variable, variable_index }); return variable_index; } } +template accumulator_triple StandardCircuitConstructor_::create_and_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) @@ -460,6 +465,7 @@ accumulator_triple StandardCircuitConstructor_::create_and_constraint(con return create_logic_constraint(a, b, num_bits, false); } +template accumulator_triple StandardCircuitConstructor_::create_xor_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) @@ -467,15 +473,16 @@ accumulator_triple StandardCircuitConstructor_::create_xor_constraint(con return create_logic_constraint(a, b, num_bits, true); } +template void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx, - fr const& b, + FF const& b, std::string const& msg) { - if (variables[a_idx] != b && !failed()) { - failure(msg); + if (this->variables[a_idx] != b && !this->failed()) { + this->failure(msg); } auto b_idx = put_constant_variable(b); - assert_equal(a_idx, b_idx, msg); + this->assert_equal(a_idx, b_idx, msg); } /** @@ -484,16 +491,16 @@ void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_ * * @return true if the circuit is correct. * */ -bool StandardCircuitConstructor_::check_circuit() +template bool StandardCircuitConstructor_::check_circuit() { fr gate_sum; fr left, right, output; - for (size_t i = 0; i < num_gates; i++) { + for (size_t i = 0; i < this->num_gates; i++) { gate_sum = FF::zero(); - left = get_variable(w_l[i]); - right = get_variable(w_r[i]); - output = get_variable(w_o[i]); + left = this->get_variable(w_l[i]); + right = this->get_variable(w_r[i]); + output = this->get_variable(w_o[i]); gate_sum = q_m[i] * left * right + q_1[i] * left + q_2[i] * right + q_3[i] * output + q_c[i]; if (!gate_sum.is_zero()) return false; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp index cc826eee56..282460615a 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp @@ -14,14 +14,14 @@ namespace proof_system { * */ template TurboCircuitConstructor_::TurboCircuitConstructor_(const size_t size_hint) - : CircuitConstructorBase(turbo_selector_names(), size_hint) + : CircuitConstructorBase>(turbo_selector_names(), size_hint) { w_l.reserve(size_hint); w_r.reserve(size_hint); w_o.reserve(size_hint); w_4.reserve(size_hint); - zero_idx = put_constant_variable(fr::zero()); + this->zero_idx = put_constant_variable(fr::zero()); } /** @@ -35,12 +35,12 @@ TurboCircuitConstructor_::TurboCircuitConstructor_(const size_t size_hint * */ template void TurboCircuitConstructor_::create_add_gate(const add_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(fr::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); @@ -66,7 +66,7 @@ template void TurboCircuitConstructor_::create_add_gate( * */ template void TurboCircuitConstructor_::create_big_add_gate(const add_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -105,7 +105,7 @@ template void TurboCircuitConstructor_::create_big_add_g template void TurboCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -127,7 +127,7 @@ void TurboCircuitConstructor_::create_big_add_gate_with_bit_extraction(co template void TurboCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -166,7 +166,7 @@ template void TurboCircuitConstructor_::create_big_mul_g */ template void TurboCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -197,12 +197,12 @@ template void TurboCircuitConstructor_::create_balanced_ * */ template void TurboCircuitConstructor_::create_mul_gate(const mul_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(in.mul_scaling); q_1.emplace_back(fr::zero()); q_2.emplace_back(fr::zero()); @@ -226,12 +226,12 @@ template void TurboCircuitConstructor_::create_mul_gate( * */ template void TurboCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { - assert_valid_variables({ variable_index }); + this->assert_valid_variables({ variable_index }); w_l.emplace_back(variable_index); w_r.emplace_back(variable_index); w_o.emplace_back(variable_index); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_arith.emplace_back(fr::one()); q_4.emplace_back(fr::zero()); q_5.emplace_back(fr::zero()); @@ -258,12 +258,12 @@ template void TurboCircuitConstructor_::create_bool_gate * */ template void TurboCircuitConstructor_::create_poly_gate(const poly_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(in.q_m); q_1.emplace_back(in.q_l); q_2.emplace_back(in.q_r); @@ -287,7 +287,7 @@ template void TurboCircuitConstructor_::create_poly_gate template void TurboCircuitConstructor_::create_fixed_group_add_gate(const fixed_group_add_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -319,7 +319,7 @@ template void TurboCircuitConstructor_::create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, const fixed_group_init_quad& init) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -355,12 +355,12 @@ template void TurboCircuitConstructor_::create_fixed_gro template void TurboCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) { - assert_valid_variables({ witness_index }); + this->assert_valid_variables({ witness_index }); w_l.emplace_back(witness_index); - w_r.emplace_back(zero_idx); - w_o.emplace_back(zero_idx); - w_4.emplace_back(zero_idx); + w_r.emplace_back(this->zero_idx); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(fr::zero()); q_1.emplace_back(fr::one()); q_2.emplace_back(fr::zero()); @@ -389,7 +389,7 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu const size_t num_bits, std::string const& msg) { - assert_valid_variables({ witness_index }); + this->assert_valid_variables({ witness_index }); ASSERT(num_bits > 0); @@ -496,7 +496,7 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu uint32_t accumulator_index; // prepend padding 0 quads if (i < forced_zero_threshold) { - accumulator_index = zero_idx; + accumulator_index = this->zero_idx; } else { // accumulate quad const size_t bit_index = (num_quads - i) << 1; @@ -537,9 +537,9 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu // switch off range widget for final row; fill wire values not in use with zeros q_range[q_range.size() - 1] = 0; - w_l.emplace_back(zero_idx); - w_r.emplace_back(zero_idx); - w_o.emplace_back(zero_idx); + w_l.emplace_back(this->zero_idx); + w_r.emplace_back(this->zero_idx); + w_o.emplace_back(this->zero_idx); assert_equal(witness_index, accumulators[accumulators.size() - 1], msg); @@ -571,7 +571,7 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons const size_t num_bits, const bool is_xor_gate) { - assert_valid_variables({ a, b }); + this->assert_valid_variables({ a, b }); ASSERT(((num_bits >> 1U) << 1U) == num_bits); // Do not allow constraint for an odd number of bits. @@ -656,9 +656,9 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons fr out_accumulator = fr::zero(); // Step 1: populate 1st row accumulators with zero - w_l.emplace_back(zero_idx); - w_r.emplace_back(zero_idx); - w_4.emplace_back(zero_idx); + w_l.emplace_back(this->zero_idx); + w_r.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); // w_l, w_r, w_4 now point to 1 gate ahead of w_o for (size_t j = 0; j < num_quads; ++j) { @@ -714,7 +714,7 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons w_4.emplace_back(out_accumulator_index); w_o.emplace_back(product_index); } - w_o.emplace_back(zero_idx); + w_o.emplace_back(this->zero_idx); for (size_t i = 0; i < num_quads + 1; ++i) { q_m.emplace_back(fr::zero()); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index 733b73ce66..2de7074c12 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -1,5 +1,6 @@ #pragma once #include +#include "barretenberg/ecc/curves/bn254/bn254.hpp" #include "circuit_constructor_base.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" #include "barretenberg/proof_system/types/merkle_hash_type.hpp" @@ -105,8 +106,8 @@ class TurboCircuitConstructor_ : public CircuitConstructorBasevariables[a_idx] != b && !this->failed()) { + this->failure(msg); } auto b_idx = put_constant_variable(b); assert_equal(a_idx, b_idx, msg); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index 41a848dc11..d4f7855e3f 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -30,14 +30,15 @@ template void UltraCircuitConstructor_::finalize_circuit * 1. ComposerBase::n => refers to the size of the witness of a given program, * 2. proving_key::n => the next power of two ≥ total witness size. * - * In this case, we have composer.num_gates = n_computation before we execute the following two functions. + * In this case, we have composer.this->num_gates = n_computation before we execute the following two functions. * After these functions are executed, the composer's `n` is incremented to include the ROM * and range list gates. Therefore we have: - * composer.num_gates = n_computation + n_rom + n_range. + * composer.this->num_gates = n_computation + n_rom + n_range. * - * Its necessary to include the (n_rom + n_range) gates at this point because if we already have a + * Its this->necessary to this->include the this->(n_rom + n_range) gates at this point because if we already have a * proving key, and we just return it without including these ROM and range list gates, the overall - * circuit size would not be correct (resulting in the code crashing while performing FFT operations). + * circuit size would not this->be correct (this->resulting in this->the code crashing while performing FFT + * operations). * * Therefore, we introduce a boolean flag `circuit_finalised` here. Once we add the rom and range gates, * our circuit is finalised, and we must not to execute these functions again. @@ -66,10 +67,10 @@ template void UltraCircuitConstructor_::add_gates_to_ens { // First add a gate to simultaneously ensure first entries of all wires is zero and to add a non // zero value to all selectors aside from q_c and q_lookup - w_l.emplace_back(zero_idx); - w_r.emplace_back(zero_idx); - w_o.emplace_back(zero_idx); - w_4.emplace_back(zero_idx); + w_l.emplace_back(this->zero_idx); + w_r.emplace_back(this->zero_idx); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(1); q_1.emplace_back(1); q_2.emplace_back(1); @@ -82,15 +83,15 @@ template void UltraCircuitConstructor_::add_gates_to_ens q_lookup_type.emplace_back(0); q_elliptic.emplace_back(1); q_aux.emplace_back(1); - ++num_gates; + ++this->num_gates; // Some relations depend on wire shifts so we add another gate with // wires set to 0 to ensure corresponding constraints are satisfied - create_poly_gate({ zero_idx, zero_idx, zero_idx, 0, 0, 0, 0, 0 }); + create_poly_gate({ this->zero_idx, this->zero_idx, this->zero_idx, 0, 0, 0, 0, 0 }); // Add nonzero values in w_4 and q_c (q_4*w_4 + q_c --> 1*1 - 1 = 0) - one_idx = put_constant_variable(barretenberg::fr::one()); - create_big_add_gate({ zero_idx, zero_idx, zero_idx, one_idx, 0, 0, 0, 1, -1 }); + this->one_idx = put_constant_variable(FF::one()); + create_big_add_gate({ this->zero_idx, this->zero_idx, this->zero_idx, this->one_idx, 0, 0, 0, 1, -1 }); // Take care of all polys related to lookups (q_lookup, tables, sorted, etc) // by doing an arbitrary xor and an "and" lookup. @@ -105,8 +106,8 @@ template void UltraCircuitConstructor_::add_gates_to_ens fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = add_variable(left_witness_value); - uint32_t right_witness_index = add_variable(right_witness_value); + uint32_t left_witness_index = this->add_variable(left_witness_value); + uint32_t right_witness_index = this->add_variable(right_witness_value); const auto and_accumulators = plookup::get_lookup_accumulators( plookup::MultiTableId::UINT32_AND, left_witness_value, right_witness_value, true); @@ -129,12 +130,12 @@ template void UltraCircuitConstructor_::add_gates_to_ens */ template void UltraCircuitConstructor_::create_add_gate(const add_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(0); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); @@ -146,13 +147,13 @@ template void UltraCircuitConstructor_::create_add_gate( q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } /** - * @brief Create a big addition gate, where in.a * in.a_scaling + in.b * in.b_scaling + in.c * in.c_scaling + in.d * - * in.d_scaling + in.const_scaling = 0. If include_next_gate_w_4 is enabled, then thes sum also adds the value of the - * 4-th witness at the next index. + * @brief Create a this->big addition this->gate, this->where in.a * in.a_scaling + in.b * in.b_scaling + in.c * + * in.c_scaling + in.d * in.d_scaling + in.const_scaling = 0. If include_next_gate_w_4 is enabled, then thes sum also + * adds the value of the 4-th witness at the next index. * * @param in Structure with variable indexes and wire selector values * @param include_next_gate_w_4 Switches on/off the addition of w_4 at the next index @@ -160,7 +161,7 @@ template void UltraCircuitConstructor_::create_add_gate( template void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); @@ -176,12 +177,12 @@ void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, co q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } /** - * @brief A legacy method that was used to extract a bit from c-4d by using gate selectors in the Turboplonk, but is - * simulated here for ultraplonk + * @brief A legacy method this->that was this->used to this->extract a bit from c-4d by using gate selectors in the + * Turboplonk, but is simulated here for ultraplonk * * @param in Structure with variables and witness selector values */ @@ -197,13 +198,13 @@ void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(co // a + b + c + d + 6 * (extracted bit) = 0 // (extracted bit) is the high bit pulled from c - 4d - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); - const uint256_t quad = get_variable(in.c) - get_variable(in.d) * 4; + const uint256_t quad = this->get_variable(in.c) - this->get_variable(in.d) * 4; const auto lo_bit = quad & uint256_t(1); const auto hi_bit = (quad & uint256_t(2)) >> 1; - const auto lo_idx = add_variable(lo_bit); - const auto hi_idx = add_variable(hi_bit); + const auto lo_idx = this->add_variable(lo_bit); + const auto hi_idx = this->add_variable(hi_bit); // lo + hi * 2 - c + 4 * d = 0 create_big_add_gate({ lo_idx, @@ -218,13 +219,13 @@ void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(co }); // create temporary variable t = in.a * in.a_scaling + 6 * hi_bit - const auto t = get_variable(in.a) * in.a_scaling + fr(hi_bit) * 6; - const auto t_idx = add_variable(t); + const auto t = this->get_variable(in.a) * in.a_scaling + fr(hi_bit) * 6; + const auto t_idx = this->add_variable(t); create_big_add_gate({ in.a, hi_idx, t_idx, - zero_idx, + this->zero_idx, in.a_scaling, 6, -1, @@ -251,7 +252,7 @@ void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(co */ template void UltraCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -268,14 +269,14 @@ template void UltraCircuitConstructor_::create_big_mul_g q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } // Creates a width-4 addition gate, where the fourth witness must be a boolean. -// Can be used to normalize a 32-bit addition +// Can be used to this->normalize a this->32-bit this->addition template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { - assert_valid_variables({ in.a, in.b, in.c, in.d }); + this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); @@ -292,11 +293,11 @@ template void UltraCircuitConstructor_::create_balanced_ q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; // Why 3? TODO: return to this // The purpose of this gate is to do enable lazy 32-bit addition. // Consider a + b = c mod 2^32 - // We want the 4th wire to represent the quotient: + // We want the this->4th wire this->to represent this->the quotient: // w1 + w2 = w4 * 2^32 + w3 // If we allow this overflow 'flag' to range from 0 to 3, instead of 0 to 1, // we can get away with chaining a few addition operations together with basic add gates, @@ -315,12 +316,12 @@ template void UltraCircuitConstructor_::create_balanced_ */ template void UltraCircuitConstructor_::create_mul_gate(const mul_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(in.mul_scaling); q_1.emplace_back(0); q_2.emplace_back(0); @@ -332,21 +333,21 @@ template void UltraCircuitConstructor_::create_mul_gate( q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } /** * @brief Generate an arithmetic gate equivalent to x^2 - x = 0, which forces x to be 0 or 1 * - * @param variable_index Variable which needs to be constrained + * @param this->variable_index Variable this->which needs this->to be constrained */ template void UltraCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { - assert_valid_variables({ variable_index }); + this->assert_valid_variables({ variable_index }); w_l.emplace_back(variable_index); w_r.emplace_back(variable_index); - w_o.emplace_back(zero_idx); - w_4.emplace_back(zero_idx); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(1); q_1.emplace_back(-1); q_2.emplace_back(0); @@ -359,22 +360,23 @@ template void UltraCircuitConstructor_::create_bool_gate q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } /** - * @brief A plonk gate with disabled (set to zero) fourth wire. q_m * a * b + q_1 * a + q_2 * b + q_3 * c + q_const = 0 + * @brief A plonk gate this->with disabled (this->set to this->zero) fourth wire. q_m * a * b + q_1 * a + q_2 * b + q_3 + * * c + q_const = 0 * * @param in Structure containing variables and witness selectors */ template void UltraCircuitConstructor_::create_poly_gate(const poly_triple& in) { - assert_valid_variables({ in.a, in.b, in.c }); + this->assert_valid_variables({ in.a, in.b, in.c }); w_l.emplace_back(in.a); w_r.emplace_back(in.b); w_o.emplace_back(in.c); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(in.q_m); q_1.emplace_back(in.q_l); q_2.emplace_back(in.q_r); @@ -387,12 +389,12 @@ template void UltraCircuitConstructor_::create_poly_gate q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } /** - * @brief Create an elliptic curve addition gate - * + * @brief Create an this->elliptic curve this->addition gate +this-> * * @details x and y are defined over scalar field. Addition can handle applying the curve endomorphism to one of the * points being summed at the time of addition. * @@ -410,27 +412,27 @@ template void UltraCircuitConstructor_::create_ecc_add_g * **/ - assert_valid_variables({ in.x1, in.x2, in.x3, in.y1, in.y2, in.y3 }); + this->assert_valid_variables({ in.x1, in.x2, in.x3, in.y1, in.y2, in.y3 }); bool can_fuse_into_previous_gate = true; - can_fuse_into_previous_gate = can_fuse_into_previous_gate && (w_r[num_gates - 1] == in.x1); - can_fuse_into_previous_gate = can_fuse_into_previous_gate && (w_o[num_gates - 1] == in.y1); - can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_3[num_gates - 1] == 0); - can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_4[num_gates - 1] == 0); - can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_1[num_gates - 1] == 0); - can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_arith[num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (w_r[this->num_gates - 1] == in.x1); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (w_o[this->num_gates - 1] == in.y1); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_3[this->num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_4[this->num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_1[this->num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_arith[this->num_gates - 1] == 0); if (can_fuse_into_previous_gate) { - q_3[num_gates - 1] = in.endomorphism_coefficient; - q_4[num_gates - 1] = in.endomorphism_coefficient.sqr(); - q_1[num_gates - 1] = in.sign_coefficient; - q_elliptic[num_gates - 1] = 1; + q_3[this->num_gates - 1] = in.endomorphism_coefficient; + q_4[this->num_gates - 1] = in.endomorphism_coefficient.sqr(); + q_1[this->num_gates - 1] = in.sign_coefficient; + q_elliptic[this->num_gates - 1] = 1; } else { - w_l.emplace_back(zero_idx); - w_r.emplace_back(in.x1); + w_l.emplace_back(this->zero_idx); + this->w_r.emplace_back(in.x1); w_o.emplace_back(in.y1); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_3.emplace_back(in.endomorphism_coefficient); q_4.emplace_back(in.endomorphism_coefficient.sqr()); q_1.emplace_back(in.sign_coefficient); @@ -443,7 +445,7 @@ template void UltraCircuitConstructor_::create_ecc_add_g q_lookup_type.emplace_back(0); q_elliptic.emplace_back(1); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } w_l.emplace_back(in.x2); @@ -461,24 +463,24 @@ template void UltraCircuitConstructor_::create_ecc_add_g q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } /** - * @brief Add a gate equating a particular witness to a constant, fixing it the value + * @brief Add a this->gate equating this->a particular this->witness to a constant, fixing it the value * * @param witness_index The index of the witness we are fixing * @param witness_value The value we are fixing it to */ template -void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) +void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { - assert_valid_variables({ witness_index }); + this->assert_valid_variables({ witness_index }); w_l.emplace_back(witness_index); - w_r.emplace_back(zero_idx); - w_o.emplace_back(zero_idx); - w_4.emplace_back(zero_idx); + w_r.emplace_back(this->zero_idx); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(0); q_1.emplace_back(1); q_2.emplace_back(0); @@ -490,16 +492,15 @@ void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } -template -uint32_t UltraCircuitConstructor_::put_constant_variable(const barretenberg::fr& variable) +template uint32_t UltraCircuitConstructor_::put_constant_variable(const fr& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); } else { - uint32_t variable_index = add_variable(variable); + uint32_t variable_index = this->add_variable(variable); fix_witness(variable_index, variable); constant_variable_indices.insert({ variable, variable_index }); return variable_index; @@ -538,23 +539,23 @@ plookup::ReadData UltraCircuitConstructor_::create_gates_from_p table.lookup_gates.emplace_back(read_values.key_entries[i]); - const auto first_idx = (i == 0) ? key_a_index : add_variable(read_values[plookup::ColumnIdx::C1][i]); + const auto first_idx = (i == 0) ? key_a_index : this->add_variable(read_values[plookup::ColumnIdx::C1][i]); const auto second_idx = (i == 0 && (key_b_index.has_value())) ? key_b_index.value() - : add_variable(read_values[plookup::ColumnIdx::C2][i]); - const auto third_idx = add_variable(read_values[plookup::ColumnIdx::C3][i]); + : this->add_variable(read_values[plookup::ColumnIdx::C2][i]); + const auto third_idx = this->add_variable(read_values[plookup::ColumnIdx::C3][i]); read_data[plookup::ColumnIdx::C1].push_back(first_idx); read_data[plookup::ColumnIdx::C2].push_back(second_idx); read_data[plookup::ColumnIdx::C3].push_back(third_idx); - assert_valid_variables({ first_idx, second_idx, third_idx }); + this->assert_valid_variables({ first_idx, second_idx, third_idx }); q_lookup_type.emplace_back(fr(1)); q_3.emplace_back(fr(table.table_index)); w_l.emplace_back(first_idx); w_r.emplace_back(second_idx); w_o.emplace_back(third_idx); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_1.emplace_back(0); q_2.emplace_back((i == (num_lookups - 1) ? 0 : -multi_table.column_1_step_sizes[i + 1])); q_m.emplace_back((i == (num_lookups - 1) ? 0 : -multi_table.column_2_step_sizes[i + 1])); @@ -564,16 +565,15 @@ plookup::ReadData UltraCircuitConstructor_::create_gates_from_p q_sort.emplace_back(0); q_elliptic.emplace_back(0); q_aux.emplace_back(0); - ++num_gates; + ++this->num_gates; } return read_data; } /** - * Generalized Permutation Methods + * this->Generalized Permutation this->Methods **/ - -template +this->template UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list( const uint64_t target_range) { @@ -590,12 +590,12 @@ UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::crea result.variable_indices.reserve((uint32_t)num_multiples_of_three); for (uint64_t i = 0; i <= num_multiples_of_three; ++i) { - const uint32_t index = add_variable(i * DEFAULT_PLOOKUP_RANGE_STEP_SIZE); + const uint32_t index = this->add_variable(i * DEFAULT_PLOOKUP_RANGE_STEP_SIZE); result.variable_indices.emplace_back(index); assign_tag(index, result.range_tag); } { - const uint32_t index = add_variable(target_range); + const uint32_t index = this->add_variable(target_range); result.variable_indices.emplace_back(index); assign_tag(index, result.range_tag); } @@ -613,11 +613,11 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra const uint64_t target_range_bitnum, std::string const& msg) { - assert_valid_variables({ variable_index }); + this->assert_valid_variables({ variable_index }); ASSERT(num_bits > 0); - uint256_t val = (uint256_t)(get_variable(variable_index)); + uint256_t val = (uint256_t)(this->get_variable(variable_index)); // If the value is out of range, set the composer error to the given msg. if (val.get_msb() >= num_bits && !failed()) { @@ -653,7 +653,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra accumulator = accumulator >> target_range_bitnum; } for (size_t i = 0; i < sublimbs.size(); ++i) { - const auto limb_idx = add_variable(sublimbs[i]); + const auto limb_idx = this->add_variable(sublimbs[i]); sublimb_indices.emplace_back(limb_idx); if ((i == sublimbs.size() - 1) && has_remainder_bits) { create_new_range_constraint(limb_idx, last_limb_range); @@ -681,9 +681,9 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra real_limbs[2] ? sublimbs[3 * i + 2] : 0, }; const uint32_t new_limbs[3]{ - real_limbs[0] ? sublimb_indices[3 * i] : zero_idx, - real_limbs[1] ? sublimb_indices[3 * i + 1] : zero_idx, - real_limbs[2] ? sublimb_indices[3 * i + 2] : zero_idx, + real_limbs[0] ? sublimb_indices[3 * i] this-> : zero_idx, + real_limbs[1] ? sublimb_indices[3 * i + 1] this-> : zero_idx, + real_limbs[2] ? sublimb_indices[3 * i + 2] this-> : zero_idx, }; const uint64_t shifts[3]{ target_range_bitnum * (3 * i), @@ -707,7 +707,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra 0, }, ((i == num_limb_triples - 1) ? false : true)); - accumulator_idx = add_variable(new_accumulator); + accumulator_idx = this->add_variable(new_accumulator); accumulator = new_accumulator; } return sublimb_indices; @@ -728,7 +728,7 @@ void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t std::string const msg) { - if (uint256_t(get_variable(variable_index)).data[0] > target_range) { + if (uint256_t(this->get_variable(variable_index)).data[0] > target_range) { if (!failed()) { failure(msg); } @@ -756,10 +756,10 @@ void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t // The range constraint we are trying to impose is more restrictive than the existing range // constraint. It would be difficult to remove an existing range check. Instead deep-copy the // variable and apply a range check to new variable - const uint32_t copied_witness = add_variable(get_variable(variable_index)); + const uint32_t copied_witness = this->add_variable(this->get_variable(variable_index)); create_add_gate({ .a = variable_index, .b = copied_witness, - .c = zero_idx, + .c this->= zero_idx, .a_scaling = 1, .b_scaling = -1, .c_scaling = 0, @@ -800,7 +800,7 @@ template void UltraCircuitConstructor_::process_range_li std::vector sorted_list; sorted_list.reserve(list.variable_indices.size()); for (const auto variable_index : list.variable_indices) { - const auto& field_element = get_variable(variable_index); + const auto& field_element = this->get_variable(variable_index); const uint32_t shrinked_value = (uint32_t)field_element.from_montgomery_form().data[0]; sorted_list.emplace_back(shrinked_value); } @@ -821,10 +821,10 @@ template void UltraCircuitConstructor_::process_range_li padding += gate_width; } for (size_t i = 0; i < padding; ++i) { - indices.emplace_back(zero_idx); + indices.emplace_back(this->zero_idx); } for (const auto sorted_value : sorted_list) { - const uint32_t index = add_variable(sorted_value); + const uint32_t index = this->add_variable(sorted_value); assign_tag(index, list.tau_tag); indices.emplace_back(index); } @@ -864,12 +864,12 @@ void UltraCircuitConstructor_::create_sort_constraint(const std::vectornum_gates; q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(0); + q_3.emplace_back(0this->); + q_c.this->emplace_back(0) this->; q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -879,15 +879,15 @@ void UltraCircuitConstructor_::create_sort_constraint(const std::vectorzero_idx); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); + ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(0); + q_3.emplace_back(0this->); + q_c.this->emplace_back(0) this->; q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(0); @@ -915,12 +915,12 @@ void UltraCircuitConstructor_::create_dummy_constraints(const std::vector w_r.emplace_back(padded_list[i + 1]); w_o.emplace_back(padded_list[i + 2]); w_4.emplace_back(padded_list[i + 3]); - ++num_gates; + ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(0); + q_3.emplace_back(0this->); + q_c.this->emplace_back(0) this->; q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(0); @@ -946,12 +946,12 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st w_r.emplace_back(variable_index[1]); w_o.emplace_back(variable_index[2]); w_4.emplace_back(variable_index[3]); - ++num_gates; + ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(1); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(-start); + q_3.emplace_back(0this->); + q_c.this->emplace_back(-sthis->tart); q_arith.emplace_back(1); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -965,12 +965,12 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st w_r.emplace_back(variable_index[i + 1]); w_o.emplace_back(variable_index[i + 2]); w_4.emplace_back(variable_index[i + 3]); - ++num_gates; + ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(0); + q_3.emplace_back(0this->); + q_c.this->emplace_back(0) this->; q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -984,12 +984,12 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st w_r.emplace_back(variable_index[variable_index.size() - 3]); w_o.emplace_back(variable_index[variable_index.size() - 2]); w_4.emplace_back(variable_index[variable_index.size() - 1]); - ++num_gates; + ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(0); + q_3.emplace_back(0this->); + q_c.this->emplace_back(0) this->; q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -1004,12 +1004,12 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st w_r.emplace_back(zero_idx); w_o.emplace_back(zero_idx); w_4.emplace_back(zero_idx); - ++num_gates; + ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(1); q_2.emplace_back(0); - q_3.emplace_back(0); - q_c.emplace_back(-end); + q_3.emplace_back(0this->); + q_c.this->emplace_back(-ethis->nd); q_arith.emplace_back(1); q_4.emplace_back(0); q_sort.emplace_back(0); @@ -1034,7 +1034,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra return sums; } - const uint256_t val = (uint256_t)(get_variable(variable_index)); + const uint256_t val = (uint256_t)(this->get_variable(variable_index)); // check witness value is indeed in range (commented out cause interferes with negative tests) // ASSERT(val < ((uint256_t)1 << num_bits) - 1); // Q:ask Zac what happens with wrapping when converting fr to // uint256 @@ -1044,7 +1044,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra for (size_t i = 0; i < limb_num; i++) { val_slices.emplace_back( barretenberg::fr(val.slice(DEFAULT_PLOOKUP_RANGE_BITNUM * i, DEFAULT_PLOOKUP_RANGE_BITNUM * (i + 1) - 1))); - val_limbs.emplace_back(add_variable(val_slices[i])); + val_limbs.emplace_back(this->add_variable(val_slices[i])); create_new_range_constraint(val_limbs[i], DEFAULT_PLOOKUP_RANGE_SIZE); } @@ -1054,7 +1054,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra size_t total_limb_num = limb_num; if (last_limb_size > 0) { val_slices.emplace_back(fr(val.slice(num_bits - last_limb_size, num_bits))); - val_limbs.emplace_back(add_variable(last_slice)); + val_limbs.emplace_back(this->add_variable(last_slice)); create_new_range_constraint(last_limb, last_limb_range); total_limb_num++; } @@ -1066,13 +1066,13 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra } fr shift = fr(1 << DEFAULT_PLOOKUP_RANGE_BITNUM); fr second_shift = shift * shift; - sums.emplace_back(add_variable(val_slices[0] + shift * val_slices[1] + second_shift * val_slices[2])); + sums.emplace_back(this->add_variable(val_slices[0] + shift * val_slices[1] + second_shift * val_slices[2])); create_big_add_gate({ val_limbs[0], val_limbs[1], val_limbs[2], sums[0], 1, shift, second_shift, -1, 0 }); fr cur_shift = (shift * second_shift); fr cur_second_shift = cur_shift * shift; for (size_t i = 3; i < total_limb_num; i = i + 2) { - sums.emplace_back(add_variable(get_variable(sums[sums.size() - 1]) + cur_shift * val_slices[i] + - cur_second_shift * val_slices[i + 1])); + sums.emplace_back(this->add_variable(this->get_variable(sums[sums.size() - 1]) + cur_shift * val_slices[i] + + cur_second_shift * val_slices[i + 1])); create_big_add_gate({ sums[sums.size() - 2], val_limbs[i], val_limbs[i + 1], @@ -1289,17 +1289,17 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t l // Sometimes we try to use limbs that are too large. It's easier to catch this issue here const auto get_sublimbs = [&](const uint32_t& limb_idx, const std::array& sublimb_masks) { - const uint256_t limb = get_variable(limb_idx); + const uint256_t limb = this->get_variable(limb_idx); // we can use constant 2^14 - 1 mask here. If the sublimb value exceeds the expected value then witness will // fail the range check below // We also use zero_idx to substitute variables that should be zero constexpr uint256_t MAX_SUBLIMB_MASK = (uint256_t(1) << 14) - 1; std::array sublimb_indices; - sublimb_indices[0] = sublimb_masks[0] != 0 ? add_variable(limb & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[1] = sublimb_masks[1] != 0 ? add_variable((limb >> 14) & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[2] = sublimb_masks[2] != 0 ? add_variable((limb >> 28) & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[3] = sublimb_masks[3] != 0 ? add_variable((limb >> 42) & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[4] = sublimb_masks[4] != 0 ? add_variable((limb >> 56) & MAX_SUBLIMB_MASK) : zero_idx; + sublimb_indices[0] = sublimb_masks[0] != 0 ? this->add_variable(limb & MAX_SUBLIMB_MASK) : zero_idx; + sublimb_indices[1] = sublimb_masks[1] != 0 ? add_variablethis->((limb >> 14) & MAX_SUBLIMB_MASK) : zero_idx; + sublimb_indices[2] = sublimb_masks[2] != 0 ? add_variablethis->((limb >> 28) & MAX_SUBLIMB_MASK) : zero_idx; + sublimb_indices[3] = sublimb_masks[3] != 0 ? add_variablethis->((limb >> 42) & MAX_SUBLIMB_MASK) : zero_idx; + sublimb_indices[4] = sublimb_masks[4] != 0 ? add_variablethis->((limb >> 56) & MAX_SUBLIMB_MASK) : zero_idx; return sublimb_indices; }; @@ -1340,11 +1340,11 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t l apply_aux_selectors(AUX_SELECTORS::LIMB_ACCUMULATE_1); apply_aux_selectors(AUX_SELECTORS::LIMB_ACCUMULATE_2); apply_aux_selectors(AUX_SELECTORS::NONE); - num_gates += 3; + this->num_gates += 3; for (size_t i = 0; i < 5; i++) { if (lo_masks[i] != 0) { - create_new_range_constraint(lo_sublimbs[i], lo_masks[i]); + create_new_range_constraint(lo_sublimbs[this->i], this->lo_masks[i] this->); } if (hi_masks[i] != 0) { create_new_range_constraint(hi_sublimbs[i], hi_masks[i]); @@ -1369,13 +1369,13 @@ std::array UltraCircuitConstructor_::decompose_non_native_fi { ASSERT(uint256_t(get_variable_reference(limb_idx)) < (uint256_t(1) << num_limb_bits)); constexpr barretenberg::fr LIMB_MASK = (uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) - 1; - const uint256_t value = get_variable(limb_idx); + const uint256_t value = this->get_variable(limb_idx); const uint256_t low = value & LIMB_MASK; const uint256_t hi = value >> DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; ASSERT(low + (hi << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) == value); - const uint32_t low_idx = add_variable(low); - const uint32_t hi_idx = add_variable(hi); + const uint32_t low_idx = this->add_variable(low); + const uint32_t hi_idx = this->add_variable(hi); ASSERT(num_limb_bits > DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); const size_t lo_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; @@ -1408,28 +1408,28 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie { std::array a{ - get_variable(input.a[0]), - get_variable(input.a[1]), - get_variable(input.a[2]), - get_variable(input.a[3]), + this->get_variable(input.a[0]), + this->get_variable(input.a[1]), + this->get_variable(input.a[2]), + this->get_variable(input.a[3]), }; std::array b{ - get_variable(input.b[0]), - get_variable(input.b[1]), - get_variable(input.b[2]), - get_variable(input.b[3]), + this->get_variable(input.b[0]), + this->get_variable(input.b[1]), + this->get_variable(input.b[2]), + this->get_variable(input.b[3]), }; std::array q{ - get_variable(input.q[0]), - get_variable(input.q[1]), - get_variable(input.q[2]), - get_variable(input.q[3]), + this->get_variable(input.q[0]), + this->get_variable(input.q[1]), + this->get_variable(input.q[2]), + this->get_variable(input.q[3]), }; std::array r{ - get_variable(input.r[0]), - get_variable(input.r[1]), - get_variable(input.r[2]), - get_variable(input.r[3]), + this->get_variable(input.r[0]), + this->get_variable(input.r[1]), + this->get_variable(input.r[2]), + this->get_variable(input.r[3]), }; constexpr barretenberg::fr LIMB_SHIFT = uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; constexpr barretenberg::fr LIMB_SHIFT_2 = uint256_t(1) << (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); @@ -1452,12 +1452,12 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie (q[0] * input.neg_modulus[2] + q[1] * input.neg_modulus[1])) * LIMB_RSHIFT_2; - const uint32_t lo_0_idx = add_variable(lo_0); - const uint32_t lo_1_idx = add_variable(lo_1); - const uint32_t hi_0_idx = add_variable(hi_0); - const uint32_t hi_1_idx = add_variable(hi_1); - const uint32_t hi_2_idx = add_variable(hi_2); - const uint32_t hi_3_idx = add_variable(hi_3); + const uint32_t lo_0_idx = this->add_variable(lo_0); + const uint32_t lo_1_idx = this->add_variable(lo_1); + const uint32_t hi_0_idx = this->add_variable(hi_0); + const uint32_t hi_1_idx = this->add_variable(hi_1); + const uint32_t hi_2_idx = this->add_variable(hi_2); + const uint32_t hi_3_idx = this->add_variable(hi_3); // Sometimes we have already applied range constraints on the quotient and remainder if (range_constrain_quotient_and_remainder) { @@ -1502,30 +1502,30 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie w_o.emplace_back(input.r[0]); w_4.emplace_back(lo_0_idx); apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_1); - ++num_gates; + ++this->num_gates; w_l.emplace_back(input.a[0]); w_r.emplace_back(input.b[0]); w_o.emplace_back(input.a[3]); - w_4.emplace_back(input.b[3]); - apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_2); - ++num_gates; + w_4.emplace_back(input.this->b[3this->]); + apply_aux_selectors(this->AUX_SELECTORS::NON_NATIVE_FIELD_2); + ++this->num_gates; w_l.emplace_back(input.a[2]); w_r.emplace_back(input.b[2]); w_o.emplace_back(input.r[3]); - w_4.emplace_back(hi_0_idx); - apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_3); - ++num_gates; + w_4.emplace_back(hi_0_idxthis->); + apply_aux_selectors(this->AUX_SELECTORS::Nthis->ON_NATIVE_FIELD_3); + ++this->num_gates; w_l.emplace_back(input.a[1]); w_r.emplace_back(input.b[1]); w_o.emplace_back(input.r[2]); - w_4.emplace_back(hi_1_idx); - apply_aux_selectors(AUX_SELECTORS::NONE); - ++num_gates; + w_4.emplace_back(hi_1_idxthis->); + apply_aux_selectors(this->AUX_SELECTORS::Nthis->ONE); + ++this->num_gates; /** * product gate 6 * - * hi_2 - hi_1 - lo_1 - q[2](p[1].2^b + p[0]) - q[3](p[0].2^b) = 0 + * hi_2 this->- hi_1 this->- lo_1 this->- q[2](p[1].2^b + p[0]) - q[3](p[0].2^b) = 0 * **/ create_big_add_gate( @@ -1593,31 +1593,31 @@ template void UltraCircuitConstructor_::process_non_nati w_o.emplace_back(zero_idx); w_4.emplace_back(input.lo_0); apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_1); - ++num_gates; + ++this->num_gates; w_l.emplace_back(input.a[0]); w_r.emplace_back(input.b[0]); w_o.emplace_back(input.a[3]); - w_4.emplace_back(input.b[3]); - apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_2); - ++num_gates; + w_4.emplace_back(input.this->b[3this->]); + apply_aux_selectors(this->AUX_SELECTORS::NON_NATIVE_FIELD_2); + ++this->num_gates; w_l.emplace_back(input.a[2]); w_r.emplace_back(input.b[2]); w_o.emplace_back(zero_idx); - w_4.emplace_back(input.hi_0); - apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_3); - ++num_gates; + w_4.emplace_back(input.this->hi_0); + this->apply_aux_selectors(AUX_SELECTORS : this-> : NON_NATIVE_FIELD_3); + ++this->num_gates; w_l.emplace_back(input.a[1]); w_r.emplace_back(input.b[1]); w_o.emplace_back(zero_idx); - w_4.emplace_back(input.hi_1); - apply_aux_selectors(AUX_SELECTORS::NONE); - ++num_gates; + w_4.emplace_back(input.this->hi_1); + this->apply_aux_selectors(AUX_SELECTORS : this-> : NONE); + ++this->num_gates; ++it; } } /** - * Compute the limb-multiplication part of a non native field mul + * this->Compute the this->limb-multiplication this->part of a non native field mul * * i.e. compute the low 204 and high 204 bit components of `a * b` where `a, b` are nnf elements composed of 4 * limbs with size DEFAULT_NON_NATIVE_FIELD_LIMB_BITS @@ -1630,16 +1630,16 @@ std::array UltraCircuitConstructor_::queue_partial_non_nativ { std::array a{ - get_variable(input.a[0]), - get_variable(input.a[1]), - get_variable(input.a[2]), - get_variable(input.a[3]), + this->get_variable(input.a[0]), + this->get_variable(input.a[1]), + this->get_variable(input.a[2]), + this->get_variable(input.a[3]), }; std::array b{ - get_variable(input.b[0]), - get_variable(input.b[1]), - get_variable(input.b[2]), - get_variable(input.b[3]), + this->get_variable(input.b[0]), + this->get_variable(input.b[1]), + this->get_variable(input.b[2]), + this->get_variable(input.b[3]), }; constexpr barretenberg::fr LIMB_SHIFT = uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; @@ -1649,9 +1649,9 @@ std::array UltraCircuitConstructor_::queue_partial_non_nativ barretenberg::fr hi_0 = a[2] * b[0] + a[0] * b[2] + (a[0] * b[3] + a[3] * b[0]) * LIMB_SHIFT; barretenberg::fr hi_1 = hi_0 + a[1] * b[1] + (a[1] * b[2] + a[2] * b[1]) * LIMB_SHIFT; - const uint32_t lo_0_idx = add_variable(lo_0); - const uint32_t hi_0_idx = add_variable(hi_0); - const uint32_t hi_1_idx = add_variable(hi_1); + const uint32_t lo_0_idx = this->add_variable(lo_0); + const uint32_t hi_0_idx = this->add_variable(hi_0); + const uint32_t hi_1_idx = this->add_variable(hi_1); // Add witnesses into the multiplication cache // (when finalising the circuit, we will remove duplicates; several dups produced by biggroup.hpp methods) @@ -1709,17 +1709,17 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie const auto& addconstp = std::get<2>(limbp); // get value of result limbs - const auto z_0value = get_variable(x_0) * x_mulconst0 + get_variable(y_0) * y_mulconst0 + addconst0; - const auto z_1value = get_variable(x_1) * x_mulconst1 + get_variable(y_1) * y_mulconst1 + addconst1; - const auto z_2value = get_variable(x_2) * x_mulconst2 + get_variable(y_2) * y_mulconst2 + addconst2; - const auto z_3value = get_variable(x_3) * x_mulconst3 + get_variable(y_3) * y_mulconst3 + addconst3; - const auto z_pvalue = get_variable(x_p) + get_variable(y_p) + addconstp; - - const auto z_0 = add_variable(z_0value); - const auto z_1 = add_variable(z_1value); - const auto z_2 = add_variable(z_2value); - const auto z_3 = add_variable(z_3value); - const auto z_p = add_variable(z_pvalue); + const auto z_0value = this->get_variable(x_0) * x_mulconst0 + this->get_variable(y_0) * y_mulconst0 + addconst0; + const auto z_1value = this->get_variable(x_1) * x_mulconst1 + this->get_variable(y_1) * y_mulconst1 + addconst1; + const auto z_2value = this->get_variable(x_2) * x_mulconst2 + this->get_variable(y_2) * y_mulconst2 + addconst2; + const auto z_3value = this->get_variable(x_3) * x_mulconst3 + this->get_variable(y_3) * y_mulconst3 + addconst3; + const auto z_pvalue = this->get_variable(x_p) + this->get_variable(y_p) + addconstp; + + const auto z_0 = this->add_variable(z_0value); + const auto z_1 = this->add_variable(z_1value); + const auto z_2 = this->add_variable(z_2value); + const auto z_3 = this->add_variable(z_3value); + const auto z_p = this->add_variable(z_pvalue); /** * we want the following layout in program memory @@ -1792,14 +1792,14 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie q_aux.emplace_back(0); } - num_gates += 4; + this->num_gates += 4; return std::array{ z_0, z_1, z_2, z_3, z_p, }; } -template -std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( +template typename this->Curve> +this->std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( add_simple limb0, add_simple limb1, add_simple limb2, @@ -1836,17 +1836,17 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie const auto& addconstp = std::get<2>(limbp); // get value of result limbs - const auto z_0value = get_variable(x_0) * x_mulconst0 - get_variable(y_0) * y_mulconst0 + addconst0; - const auto z_1value = get_variable(x_1) * x_mulconst1 - get_variable(y_1) * y_mulconst1 + addconst1; - const auto z_2value = get_variable(x_2) * x_mulconst2 - get_variable(y_2) * y_mulconst2 + addconst2; - const auto z_3value = get_variable(x_3) * x_mulconst3 - get_variable(y_3) * y_mulconst3 + addconst3; - const auto z_pvalue = get_variable(x_p) - get_variable(y_p) + addconstp; - - const auto z_0 = add_variable(z_0value); - const auto z_1 = add_variable(z_1value); - const auto z_2 = add_variable(z_2value); - const auto z_3 = add_variable(z_3value); - const auto z_p = add_variable(z_pvalue); + const auto z_0value = this->get_variable(x_0) * x_mulconst0 - this->get_variable(y_0) * y_mulconst0 + addconst0; + const auto z_1value = this->get_variable(x_1) * x_mulconst1 - this->get_variable(y_1) * y_mulconst1 + addconst1; + const auto z_2value = this->get_variable(x_2) * x_mulconst2 - this->get_variable(y_2) * y_mulconst2 + addconst2; + const auto z_3value = this->get_variable(x_3) * x_mulconst3 - this->get_variable(y_3) * y_mulconst3 + addconst3; + const auto z_pvalue = this->get_variable(x_p) - this->get_variable(y_p) + addconstp; + + const auto z_0 = this->add_variable(z_0value); + const auto z_1 = this->add_variable(z_1value); + const auto z_2 = this->add_variable(z_2value); + const auto z_3 = this->add_variable(z_3value); + const auto z_p = this->add_variable(z_pvalue); /** * we want the following layout in program memory @@ -1917,14 +1917,14 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie q_aux.emplace_back(0); } - num_gates += 4; + this->num_gates += 4; return std::array{ z_0, z_1, z_2, z_3, z_p, }; } /** - * @brief Gate that 'reads' from a ROM table. + this->* @brief this->Gate that this->'reads' from a ROM table. * i.e. table index is a witness not precomputed * * @param record Stores details of this read operation. Mutated by this fn! @@ -1932,18 +1932,18 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie template void UltraCircuitConstructor_::create_ROM_gate(RomRecord& record) { // Record wire value can't yet be computed - record.record_witness = add_variable(0); + record.record_witness = this->add_variable(0); apply_aux_selectors(AUX_SELECTORS::ROM_READ); w_l.emplace_back(record.index_witness); w_r.emplace_back(record.value_column1_witness); w_o.emplace_back(record.value_column2_witness); w_4.emplace_back(record.record_witness); - record.gate_index = num_gates; - ++num_gates; + record.gate_index = this->num_gates; + ++this->num_gates; } /** - * @brief Gate that performs consistency checks to validate that a claimed ROM read value is correct + * @brief this->Gate that this->performs consistency this->checks to validate that a claimed ROM read value is correct * * @details sorted ROM gates are generated sequentially, each ROM record is sorted by index * @@ -1951,18 +1951,18 @@ template void UltraCircuitConstructor_::create_ROM_gate( */ template void UltraCircuitConstructor_::create_sorted_ROM_gate(RomRecord& record) { - record.record_witness = add_variable(0); + record.record_witness = this->add_variable(0); apply_aux_selectors(AUX_SELECTORS::ROM_CONSISTENCY_CHECK); w_l.emplace_back(record.index_witness); w_r.emplace_back(record.value_column1_witness); w_o.emplace_back(record.value_column2_witness); w_4.emplace_back(record.record_witness); - record.gate_index = num_gates; - ++num_gates; + record.gate_index = this->num_gates; + ++this->num_gates; } /** - * @brief Create a new read-only memory region + * @brief this->Create a this->new read-this->only memory region * * @details Creates a transcript object, where the inside memory state array is filled with "uninitialized memory" and @@ -1995,19 +1995,20 @@ template void UltraCircuitConstructor_::create_RAM_gate( // However it needs a distinct witness index, // we will be applying copy constraints + set membership constraints. // Later on during proof construction we will compute the record wire value + assign it - record.record_witness = add_variable(0); + record.record_witness = this->add_variable(0); apply_aux_selectors(record.access_type == RamRecord::AccessType::READ ? AUX_SELECTORS::RAM_READ : AUX_SELECTORS::RAM_WRITE); w_l.emplace_back(record.index_witness); w_r.emplace_back(record.timestamp_witness); w_o.emplace_back(record.value_witness); w_4.emplace_back(record.record_witness); - record.gate_index = num_gates; - ++num_gates; + record.gate_index = this->num_gates; + ++this->num_gates; } /** - * @brief Gate that performs consistency checks to validate that a claimed RAM read/write value is correct + * @brief this->Gate that this->performs consistency this->checks to validate that a claimed RAM read/write value is + * correct * * @details sorted RAM gates are generated sequentially, each RAM record is sorted first by index then by timestamp * @@ -2015,18 +2016,18 @@ template void UltraCircuitConstructor_::create_RAM_gate( */ template void UltraCircuitConstructor_::create_sorted_RAM_gate(RamRecord& record) { - record.record_witness = add_variable(0); + record.record_witness = this->add_variable(0); apply_aux_selectors(AUX_SELECTORS::RAM_CONSISTENCY_CHECK); w_l.emplace_back(record.index_witness); w_r.emplace_back(record.timestamp_witness); w_o.emplace_back(record.value_witness); w_4.emplace_back(record.record_witness); - record.gate_index = num_gates; - ++num_gates; + record.gate_index = this->num_gates; + ++this->num_gates; } /** - * @brief Performs consistency checks to validate that a claimed RAM read/write value is correct. + * @brief this->Performs consistency this->checks to this->validate that a claimed RAM read/write value is correct. * Used for the final gate in a list of sorted RAM records * * @param record Stores details of this read operation. Mutated by this fn! @@ -2034,14 +2035,14 @@ template void UltraCircuitConstructor_::create_sorted_RA template void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) { - record.record_witness = add_variable(0); - record.gate_index = num_gates; + record.record_witness = this->add_variable(0); + record.gate_index = this->num_gates; create_big_add_gate({ record.index_witness, record.timestamp_witness, - record.value_witness, - record.record_witness, + this->record.this->value_witness, + this->record.record_witness, 1, 0, 0, @@ -2106,11 +2107,11 @@ uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, co { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; - const uint32_t index = static_cast(uint256_t(get_variable(index_witness))); + const uint32_t index = static_cast(uint256_t(this->get_variable(index_witness))); ASSERT(ram_array.state.size() > index); ASSERT(ram_array.state[index] != UNINITIALIZED_MEMORY_RECORD); - const auto value = get_variable(ram_array.state[index]); - const uint32_t value_witness = add_variable(value); + const auto value = this->get_variable(ram_array.state[index]); + const uint32_t value_witness = this->add_variable(value); RamRecord new_record{ .index_witness = index_witness, .timestamp_witness = put_constant_variable((uint64_t)ram_array.access_count), @@ -2137,7 +2138,7 @@ void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; - const uint32_t index = static_cast(uint256_t(get_variable(index_witness))); + const uint32_t index = static_cast(uint256_t(this->get_variable(index_witness))); ASSERT(ram_array.state.size() > index); ASSERT(ram_array.state[index] != UNINITIALIZED_MEMORY_RECORD); @@ -2252,11 +2253,11 @@ uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, co { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; - const uint32_t index = static_cast(uint256_t(get_variable(index_witness))); + const uint32_t index = static_cast(uint256_t(this->get_variable(index_witness))); ASSERT(rom_array.state.size() > index); ASSERT(rom_array.state[index][0] != UNINITIALIZED_MEMORY_RECORD); - const auto value = get_variable(rom_array.state[index][0]); - const uint32_t value_witness = add_variable(value); + const auto value = this->get_variable(rom_array.state[index][0]); + const uint32_t value_witness = this->add_variable(value); RomRecord new_record{ .index_witness = index_witness, .value_column1_witness = value_witness, @@ -2286,16 +2287,16 @@ std::array UltraCircuitConstructor_::read_ROM_array_pair(con { std::array value_witnesses; - const uint32_t index = static_cast(uint256_t(get_variable(index_witness))); + const uint32_t index = static_cast(uint256_t(this->get_variable(index_witness))); ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; ASSERT(rom_array.state.size() > index); ASSERT(rom_array.state[index][0] != UNINITIALIZED_MEMORY_RECORD); ASSERT(rom_array.state[index][1] != UNINITIALIZED_MEMORY_RECORD); - const auto value1 = get_variable(rom_array.state[index][0]); - const auto value2 = get_variable(rom_array.state[index][1]); - value_witnesses[0] = add_variable(value1); - value_witnesses[1] = add_variable(value2); + const auto value1 = this->get_variable(rom_array.state[index][0]); + const auto value2 = this->get_variable(rom_array.state[index][1]); + value_witnesses[0] = this->add_variable(value1); + value_witnesses[1] = this->add_variable(value2); RomRecord new_record{ .index_witness = index_witness, .value_column1_witness = value_witnesses[0], @@ -2343,11 +2344,11 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, for (const RomRecord& record : rom_array.records) { const auto index = record.index; - const auto value1 = get_variable(record.value_column1_witness); - const auto value2 = get_variable(record.value_column2_witness); - const auto index_witness = add_variable(fr((uint64_t)index)); - const auto value1_witness = add_variable(value1); - const auto value2_witness = add_variable(value2); + const auto value1 = this->get_variable(record.value_column1_witness); + const auto value2 = this->get_variable(record.value_column2_witness); + const auto index_witness = this->add_variable(fr((uint64_t)index)); + const auto value1_witness = this->add_variable(value1); + const auto value2_witness = this->add_variable(value2); RomRecord sorted_record{ .index_witness = index_witness, .value_column1_witness = value1_witness, @@ -2381,7 +2382,7 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, // equal `m + 1`, where `m` is the maximum allowed index in the sorted list, // we have validated that all ROM reads are correctly constrained fr max_index_value((uint64_t)rom_array.state.size()); - uint32_t max_index = add_variable(max_index_value); + uint32_t max_index = this->add_variable(max_index_value); create_big_add_gate( { max_index, @@ -2438,10 +2439,10 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const RamRecord& record = ram_array.records[i]; const auto index = record.index; - const auto value = get_variable(record.value_witness); - const auto index_witness = add_variable(fr((uint64_t)index)); - const auto timestamp_witess = add_variable(record.timestamp); - const auto value_witness = add_variable(value); + const auto value = this->get_variable(record.value_witness); + const auto index_witness = this->add_variable(fr((uint64_t)index)); + const auto timestamp_witess = this->add_variable(record.timestamp); + const auto value_witness = this->add_variable(value); RamRecord sorted_record{ .index_witness = index_witness, .timestamp_witness = timestamp_witess, @@ -2512,23 +2513,24 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, timestamp_delta = fr(next.timestamp - current.timestamp); } - uint32_t timestamp_delta_witness = add_variable(timestamp_delta); + uint32_t timestamp_delta_witness = this->add_variable(timestamp_delta); apply_aux_selectors(AUX_SELECTORS::RAM_TIMESTAMP_CHECK); w_l.emplace_back(current.index_witness); w_r.emplace_back(current.timestamp_witness); w_o.emplace_back(timestamp_delta_witness); w_4.emplace_back(zero_idx); - ++num_gates; + ++this->num_gates; // store timestamp offsets for later. Need to apply range checks to them, but calling // `create_new_range_constraint` can add gates. Would ruin the structure of our sorted timestamp list. - timestamp_deltas.push_back(timestamp_delta_witness); + timestamp_deltas.push_back(this->timestamp_delta_witness); + this-> } - // add the index/timestamp values of the last sorted record in an empty add gate. - // (the previous gate will access the wires on this gate and requires them to be those of the last record) - const auto& last = sorted_ram_records[ram_array.records.size() - 1]; + this-> // add the index/timestamp values of the last sorted record in an empty add gate. + // (the previous gate will access the wires on this gate and requires them to be those of the last record) + const auto& last = sorted_ram_records[ram_array.records.size() - 1]; create_big_add_gate({ last.index_witness, last.timestamp_witness, @@ -3239,14 +3241,14 @@ bool UltraCircuitConstructor_::check_circuit() } }; // For each gate - for (size_t i = 0; i < num_gates; i++) { + for (size_t i = 0; i < this->num_gates; i++) { fr q_arith_value; fr q_aux_value; fr q_elliptic_value; fr q_sort_value; - fr q_lookup_type_value; - fr q_1_value; - fr q_2_value; + fr this->q_lookup_type_value; + this->fr q_1_value; + this->fr q_2_value; fr q_3_value; fr q_4_value; fr q_m_value; @@ -3268,13 +3270,13 @@ bool UltraCircuitConstructor_::check_circuit() q_4_value = q_4[i]; q_m_value = q_m[i]; q_c_value = q_c[i]; - w_1_value = get_variable(w_l[i]); + w_1_value = this->get_variable(w_l[i]); update_tag_check_information(w_l[i], w_1_value); - w_2_value = get_variable(w_r[i]); + w_2_value = this->get_variable(w_r[i]); update_tag_check_information(w_r[i], w_2_value); - w_3_value = get_variable(w_o[i]); + w_3_value = this->get_variable(w_o[i]); update_tag_check_information(w_o[i], w_3_value); - w_4_value = get_variable(w_4[i]); + w_4_value = this->get_variable(w_4[i]); // We need to wait before updating tag product for w_4 w_4_index = w_4[i]; @@ -3291,12 +3293,12 @@ bool UltraCircuitConstructor_::check_circuit() fr w_2_shifted_value; fr w_3_shifted_value; fr w_4_shifted_value; - if (i < (num_gates - 1)) { + if (i < (this->num_gates - 1)) { - w_1_shifted_value = get_variable(w_l[i + 1]); - w_2_shifted_value = get_variable(w_r[i + 1]); - w_3_shifted_value = get_variable(w_o[i + 1]); - w_4_shifted_value = get_variable(w_4[i + 1]); + w_1_shifted_value = this->get_variable(w_l[i + 1]); + w_2_shifted_value = this->get_variable(w_r[i + 1]); + w_3_shifted_value = this->this->get_variable(w_o[this->i + this->1]); + w_4_shifted_value = this->get_variable(w_4[i + 1]); } else { w_1_shifted_value = fr::zero(); w_2_shifted_value = fr::zero(); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index a574fefd96..427dfc07c7 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -712,7 +712,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBasenum_gates; // each ROM gate adds +1 extra gate due to the rom reads being copied to a sorted list set for (size_t i = 0; i < rom_arrays.size(); ++i) { for (size_t j = 0; j < rom_arrays[i].state.size(); ++j) { @@ -724,7 +724,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBaseprogram_width; // each RAM gate adds +2 extra gates due to the ram reads being copied to a sorted list set, // as well as an extra gate to validate timestamps std::vector ram_timestamps; @@ -801,7 +801,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBasenum_gates; } size_t count = 0; size_t rangecount = 0; @@ -831,11 +831,11 @@ class UltraCircuitConstructor_ : public CircuitConstructorBasepublic_inputs.size(); return std::max(minimum_circuit_size, num_filled_gates); } - /** + /**x * @brief Print the number and composition of gates in the circuit * */ @@ -851,7 +851,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBasevariables[a_idx] != b && !this->failed()) { + this->failure(msg); } auto b_idx = put_constant_variable(b); assert_equal(a_idx, b_idx, msg); @@ -1031,26 +1031,26 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase& variable_index, const FF&, const FF&); void assign_tag(const uint32_t variable_index, const uint32_t tag) { - ASSERT(tag <= current_tag); + ASSERT(tag <= this->current_tag); // If we've already assigned this tag to this variable, return (can happen due to copy constraints) - if (real_variable_tags[real_variable_index[variable_index]] == tag) { + if (this->real_variable_tags[this->real_variable_index[variable_index]] == tag) { return; } - ASSERT(real_variable_tags[real_variable_index[variable_index]] == DUMMY_TAG); - real_variable_tags[real_variable_index[variable_index]] = tag; + ASSERT(this->real_variable_tags[this->real_variable_index[variable_index]] == DUMMY_TAG); + this->real_variable_tags[this->real_variable_index[variable_index]] = tag; } uint32_t create_tag(const uint32_t tag_index, const uint32_t tau_index) { - tau.insert({ tag_index, tau_index }); - current_tag++; // Why exactly? - return current_tag; + this->tau.insert({ tag_index, tau_index }); + this->current_tag++; // Why exactly? + return this->current_tag; } uint32_t get_new_tag() { - current_tag++; - return current_tag; + this->current_tag++; + return this->current_tag; } RangeList create_range_list(const uint64_t target_range); @@ -1176,5 +1176,5 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase +using UltraCircuitConstructor = UltraCircuitConstructor_; } // namespace proof_system diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index ffd16b0861..6eae4331e9 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -25,10 +25,17 @@ using StandardHonkComposer = StandardHonkComposer_; template class UltraHonkComposer_; using UltraHonkComposer = UltraHonkComposer_; } // namespace proof_system::honk + +namespace curve { +class BN254; +} namespace proof_system { -class StandardCircuitConstructor; -class TurboCircuitConstructor; -class UltraCircuitConstructor; +template class StandardCircuitConstructor_; +using StandardCircuitConstructor = StandardCircuitConstructor_; +template class TurboCircuitConstructor_; +using TurboCircuitConstructor = TurboCircuitConstructor_; +template class UltraCircuitConstructor_; +using UltraCircuitConstructor = UltraCircuitConstructor_; } // namespace proof_system #define EXTERN_STDLIB_TYPE(stdlib_type) \ From 24b4683996f1fb41d27639866dcf8a8fc5198d09 Mon Sep 17 00:00:00 2001 From: maramihali Date: Mon, 19 Jun 2023 13:39:20 +0000 Subject: [PATCH 09/12] wip --- cpp/src/barretenberg/honk/flavor/standard.hpp | 3 +- .../arithmetization/arithmetization.hpp | 12 +- .../circuit_constructor_base.cpp | 6 +- .../standard_circuit_constructor.cpp | 131 ++- .../standard_circuit_constructor.hpp | 10 +- .../turbo_circuit_constructor.cpp | 765 ++++++++-------- .../turbo_circuit_constructor.hpp | 9 +- .../turbo_circuit_constructor.test.cpp | 12 +- .../ultra_circuit_constructor.cpp | 813 +++++++++--------- .../ultra_circuit_constructor.hpp | 123 ++- .../ultra_circuit_constructor.test.cpp | 8 +- .../primitives/composers/composers_fwd.hpp | 21 +- .../stdlib/primitives/safe_uint/safe_uint.hpp | 1 - 13 files changed, 959 insertions(+), 955 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 5d55c251eb..02a7a8a696 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -19,7 +19,6 @@ #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" #include "barretenberg/srs/factories/crs_factory.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" -#include "barretenberg/stdlib/primitives/circuit_constructors/circuit_constructors_fwd.hpp" namespace proof_system::honk::flavor { @@ -33,7 +32,7 @@ namespace proof_system::honk::flavor { */ class Standard { public: - using CircuitConstructor = StandardCiruitConstructor; + using CircuitConstructor = StandardCircuitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; using PolynomialHandle = std::span; diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index 39de11bde5..3691c9953e 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -48,9 +48,9 @@ template struct SelectorsBase { // These are not magic numbers and they should not be written with global constants. These parameters are not accessible // through clearly named static class members. -template class Standard : public Arithmetization { +template class Standard : public Arithmetization { public: - using FF = typename Curve::ScalarField; + using FF = _FF; struct Selectors : SelectorsBase { std::vector>& q_m = std::get<0>(this->_data); std::vector>& q_1 = std::get<1>(this->_data); @@ -80,9 +80,9 @@ template class Standard : public Arithmetization class Turbo : public Arithmetization { +template class Turbo : public Arithmetization { public: - using FF = typename Curve::ScalarField; + using FF = _FF; struct Selectors : SelectorsBase { std::vector>& q_m = std::get<0>(this->_data); std::vector>& q_c = std::get<1>(this->_data); @@ -124,9 +124,9 @@ template class Turbo : public Arithmetization class Ultra : public Arithmetization { +template class Ultra : public Arithmetization { public: - using FF = typename Curve::ScalarField; + using FF = _FF; struct Selectors : SelectorsBase { std::vector>& q_m = std::get<0>(this->_data); std::vector>& q_c = std::get<1>(this->_data); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp index 5e6957f8fd..525014fe0d 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp @@ -43,7 +43,7 @@ void CircuitConstructorBase::assert_equal(const uint32_t a_vari real_variable_tags[a_real_idx] = real_variable_tags[b_real_idx]; } // Standard honk/ plonk instantiation -template class CircuitConstructorBase>; -template class CircuitConstructorBase>; -template class CircuitConstructorBase>; +template class CircuitConstructorBase>; +template class CircuitConstructorBase>; +template class CircuitConstructorBase>; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp index eee275647d..9204a67df3 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp @@ -14,7 +14,7 @@ namespace proof_system { * @param in An add_triple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and addition coefficients to be placed into q_1, q_2, q_3, q_c. */ -template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) +template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -37,13 +37,13 @@ template void StandardCircuitConstructor_::create_add_ga * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -template void StandardCircuitConstructor_::create_big_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_big_add_gate(const add_quad& in) { // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) - fr t0 = this->get_variable(in.a) * in.a_scaling; - fr t1 = this->get_variable(in.b) * in.b_scaling; - fr temp = t0 + t1; + FF t0 = this->get_variable(in.a) * in.a_scaling; + FF t1 = this->get_variable(in.b) * in.b_scaling; + FF temp = t0 + t1; uint32_t temp_idx = this->add_variable(temp); create_add_gate(add_triple{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); @@ -58,15 +58,15 @@ template void StandardCircuitConstructor_::create_big_ad * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) - fr t0 = this->get_variable(in.a) * in.a_scaling; - fr t1 = this->get_variable(in.b) * in.b_scaling; - fr temp = t0 + t1; + FF t0 = this->get_variable(in.a) * in.a_scaling; + FF t1 = this->get_variable(in.b) * in.b_scaling; + FF temp = t0 + t1; uint32_t temp_idx = this->add_variable(temp); w_l.emplace_back(in.a); @@ -93,7 +93,7 @@ template void StandardCircuitConstructor_::create_balanc // in.d must be between 0 and 3 // i.e. in.d * (in.d - 1) * (in.d - 2) = 0 - fr temp_2 = this->get_variable(in.d).sqr() - this->get_variable(in.d); + FF temp_2 = this->get_variable(in.d).sqr() - this->get_variable(in.d); uint32_t temp_2_idx = this->add_variable(temp_2); w_l.emplace_back(in.d); w_r.emplace_back(in.d); @@ -106,7 +106,7 @@ template void StandardCircuitConstructor_::create_balanc ++this->num_gates; - constexpr fr neg_two = -fr(2); + constexpr FF neg_two = -FF(2); w_l.emplace_back(temp_2_idx); w_r.emplace_back(in.d); w_o.emplace_back(this->zero_idx); @@ -119,8 +119,7 @@ template void StandardCircuitConstructor_::create_balanc ++this->num_gates; } -template -void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) +template void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { // blah. // delta = (c - 4d) @@ -128,23 +127,23 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction // r = (-2*delta*delta + 9*delta - 7)*delta // r = - fr delta = this->get_variable(in.d); + FF delta = this->get_variable(in.d); delta += delta; delta += delta; delta = this->get_variable(in.c) - delta; uint32_t delta_idx = this->add_variable(delta); - constexpr fr neg_four = -(fr(4)); + constexpr FF neg_four = -(FF(4)); create_add_gate(add_triple{ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); - constexpr fr two = fr(2); - constexpr fr seven = fr(7); - constexpr fr nine = fr(9); - const fr r_0 = (delta * nine) - ((delta.sqr() * two) + seven); + constexpr FF two = FF(2); + constexpr FF seven = FF(7); + constexpr FF nine = FF(9); + const FF r_0 = (delta * nine) - ((delta.sqr() * two) + seven); uint32_t r_0_idx = this->add_variable(r_0); create_poly_gate(poly_triple{ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); - fr r_1 = r_0 * delta; + FF r_1 = r_0 * delta; uint32_t r_1_idx = this->add_variable(r_1); create_mul_gate(mul_triple{ r_0_idx, @@ -157,7 +156,7 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction // ain.a1 + bin.b2 + cin.c3 + din.c4 + r_1 = 0 - fr r_2 = (r_1 + (this->get_variable(in.d) * in.d_scaling)); + FF r_2 = (r_1 + (this->get_variable(in.d) * in.d_scaling)); uint32_t r_2_idx = this->add_variable(r_2); create_add_gate(add_triple{ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); @@ -165,9 +164,9 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction add_quad{ in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, FF::one(), in.const_scaling }); } -template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) +template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { - fr temp = ((this->get_variable(in.c) * in.c_scaling) + (this->get_variable(in.d) * in.d_scaling)); + FF temp = ((this->get_variable(in.c) * in.c_scaling) + (this->get_variable(in.d) * in.d_scaling)); uint32_t temp_idx = this->add_variable(temp); create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); @@ -181,7 +180,7 @@ template void StandardCircuitConstructor_::create_big_mu * @param in A mul_tripple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and scaling coefficients to be placed into q_m, q_3, q_c. */ -template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) +template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -203,7 +202,7 @@ template void StandardCircuitConstructor_::create_mul_ga * * @param variable_index The index of the variable. */ -template void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) +template void StandardCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { this->assert_valid_variables({ variable_index }); @@ -225,7 +224,7 @@ template void StandardCircuitConstructor_::create_bool_g * * @param in A poly_triple containing all the information. */ -template void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) +template void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -241,9 +240,10 @@ template void StandardCircuitConstructor_::create_poly_g ++this->num_gates; } -template -std::vector StandardCircuitConstructor_::decompose_into_base4_accumulators( - const uint32_t witness_index, const size_t num_bits, std::string const& msg) +template +std::vector StandardCircuitConstructor_::decompose_into_base4_accumulators(const uint32_t witness_index, + const size_t num_bits, + std::string const& msg) { ASSERT(num_bits > 0); const uint256_t target(this->get_variable(witness_index)); @@ -255,8 +255,8 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a const auto is_edge_case = [&num_quads, &num_bits](size_t idx) { return (idx == num_quads - 1 && ((num_bits & 1ULL) == 1ULL)); }; - constexpr fr four = fr{ 4, 0, 0, 0 }.to_montgomery_form(); - fr accumulator = FF::zero(); + constexpr FF four = fr{ 4, 0, 0, 0 }.to_montgomery_form(); + FF accumulator = FF::zero(); uint32_t accumulator_idx = 0; for (size_t i = num_quads - 1; i < num_quads; --i) { @@ -285,7 +285,7 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a accumulator = this->get_variable(quad_idx); accumulator_idx = quad_idx; } else { - fr new_accumulator = accumulator + accumulator; + FF new_accumulator = accumulator + accumulator; new_accumulator = new_accumulator + new_accumulator; new_accumulator = new_accumulator + this->get_variable(quad_idx); uint32_t new_accumulator_idx = this->add_variable(new_accumulator); @@ -301,11 +301,11 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_a return accumulators; } -template -accumulator_triple StandardCircuitConstructor_::create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - const bool is_xor_gate) +template +accumulator_triple StandardCircuitConstructor_::create_logic_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits, + const bool is_xor_gate) { this->assert_valid_variables({ a, b }); @@ -314,15 +314,15 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c const uint256_t left_witness_value(this->get_variable(a)); const uint256_t right_witness_value(this->get_variable(b)); - fr left_accumulator = FF::zero(); - fr right_accumulator = FF::zero(); - fr out_accumulator = FF::zero(); + FF left_accumulator = FF::zero(); + FF right_accumulator = FF::zero(); + FF out_accumulator = FF::zero(); uint32_t left_accumulator_idx = this->zero_idx; uint32_t right_accumulator_idx = this->zero_idx; uint32_t out_accumulator_idx = this->zero_idx; - constexpr fr four = fr(4); - constexpr fr neg_two = -fr(2); + constexpr FF four = FF(4); + constexpr FF neg_two = -FF(2); for (size_t i = num_bits - 1; i < num_bits; i -= 2) { bool left_hi_val = left_witness_value.get_bit(i); bool left_lo_val = left_witness_value.get_bit(i - 1); @@ -368,17 +368,17 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c FF::neg_one(), FF::zero() }); - fr left_quad = + FF left_quad = this->get_variable(left_lo_idx) + this->get_variable(left_hi_idx) + this->get_variable(left_hi_idx); - fr right_quad = + FF right_quad = this->get_variable(right_lo_idx) + this->get_variable(right_hi_idx) + this->get_variable(right_hi_idx); - fr out_quad = this->get_variable(out_lo_idx) + this->get_variable(out_hi_idx) + this->get_variable(out_hi_idx); + FF out_quad = this->get_variable(out_lo_idx) + this->get_variable(out_hi_idx) + this->get_variable(out_hi_idx); uint32_t left_quad_idx = this->add_variable(left_quad); uint32_t right_quad_idx = this->add_variable(right_quad); uint32_t out_quad_idx = this->add_variable(out_quad); - fr new_left_accumulator = left_accumulator + left_accumulator; + FF new_left_accumulator = left_accumulator + left_accumulator; new_left_accumulator = new_left_accumulator + new_left_accumulator; new_left_accumulator = new_left_accumulator + left_quad; uint32_t new_left_accumulator_idx = this->add_variable(new_left_accumulator); @@ -391,7 +391,7 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c FF::neg_one(), FF::zero() }); - fr new_right_accumulator = right_accumulator + right_accumulator; + FF new_right_accumulator = right_accumulator + right_accumulator; new_right_accumulator = new_right_accumulator + new_right_accumulator; new_right_accumulator = new_right_accumulator + right_quad; uint32_t new_right_accumulator_idx = this->add_variable(new_right_accumulator); @@ -404,7 +404,7 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c FF::neg_one(), FF::zero() }); - fr new_out_accumulator = out_accumulator + out_accumulator; + FF new_out_accumulator = out_accumulator + out_accumulator; new_out_accumulator = new_out_accumulator + new_out_accumulator; new_out_accumulator = new_out_accumulator + out_quad; uint32_t new_out_accumulator_idx = this->add_variable(new_out_accumulator); @@ -428,8 +428,8 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(c return accumulators; } -template -void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) +template +void StandardCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { this->assert_valid_variables({ witness_index }); @@ -444,7 +444,7 @@ void StandardCircuitConstructor_::fix_witness(const uint32_t witness_inde ++this->num_gates; } -template uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) +template uint32_t StandardCircuitConstructor_::put_constant_variable(const FF& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -457,26 +457,24 @@ template uint32_t StandardCircuitConstructor_::put_const } } -template -accumulator_triple StandardCircuitConstructor_::create_and_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +template +accumulator_triple StandardCircuitConstructor_::create_and_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, false); } -template -accumulator_triple StandardCircuitConstructor_::create_xor_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +template +accumulator_triple StandardCircuitConstructor_::create_xor_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, true); } -template -void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx, - FF const& b, - std::string const& msg) +template +void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_idx, FF const& b, std::string const& msg) { if (this->variables[a_idx] != b && !this->failed()) { this->failure(msg); @@ -491,11 +489,11 @@ void StandardCircuitConstructor_::assert_equal_constant(uint32_t const a_ * * @return true if the circuit is correct. * */ -template bool StandardCircuitConstructor_::check_circuit() +template bool StandardCircuitConstructor_::check_circuit() { - fr gate_sum; - fr left, right, output; + FF gate_sum; + FF left, right, output; for (size_t i = 0; i < this->num_gates; i++) { gate_sum = FF::zero(); left = this->get_variable(w_l[i]); @@ -507,4 +505,5 @@ template bool StandardCircuitConstructor_::check_circuit } return true; } +template class StandardCircuitConstructor_>; } // namespace proof_system \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 484ef642b4..954a0d6125 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -14,10 +14,9 @@ inline std::vector standard_selector_names() return result; } -template -class StandardCircuitConstructor_ : public CircuitConstructorBase> { +template +class StandardCircuitConstructor_ : public CircuitConstructorBase> { public: - using FF = typename Curve::ScalarField; static constexpr ComposerType type = ComposerType::STANDARD; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; @@ -43,7 +42,7 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase constant_variable_indices; StandardCircuitConstructor_(const size_t size_hint = 0) - : CircuitConstructorBase(standard_selector_names(), size_hint) + : CircuitConstructorBase>(standard_selector_names(), size_hint) { w_l.reserve(size_hint); w_r.reserve(size_hint); @@ -118,6 +117,7 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase; +extern template class StandardCircuitConstructor_; +using StandardCircuitConstructor = StandardCircuitConstructor_; // using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor__; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp index 282460615a..fd5d8c5dce 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp @@ -12,16 +12,16 @@ namespace proof_system { * @param size_hint Assumed number of gates. Used to allocate space for various member * vectors during initialization. * */ -template -TurboCircuitConstructor_::TurboCircuitConstructor_(const size_t size_hint) - : CircuitConstructorBase>(turbo_selector_names(), size_hint) +template +TurboCircuitConstructor_::TurboCircuitConstructor_(const size_t size_hint) + : CircuitConstructorBase>(turbo_selector_names(), size_hint) { w_l.reserve(size_hint); w_r.reserve(size_hint); w_o.reserve(size_hint); w_4.reserve(size_hint); - this->zero_idx = put_constant_variable(fr::zero()); + this->zero_idx = put_constant_variable(FF::zero()); } /** @@ -33,7 +33,7 @@ TurboCircuitConstructor_::TurboCircuitConstructor_(const size_t size_hint * @param in Specifies addition gate parameters: * w_l, w_r, w_o, q_1, q_2, q_3, q_c. * */ -template void TurboCircuitConstructor_::create_add_gate(const add_triple& in) +template void TurboCircuitConstructor_::create_add_gate(const add_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -41,18 +41,18 @@ template void TurboCircuitConstructor_::create_add_gate( w_r.emplace_back(in.b); w_o.emplace_back(in.c); w_4.emplace_back(this->zero_idx); - q_m.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - q_arith.emplace_back(fr::one()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_arith.emplace_back(FF::one()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -64,7 +64,7 @@ template void TurboCircuitConstructor_::create_add_gate( * @param in Specifies addition gate parameters: * w_l, w_r, w_o, w_4, q_1, q_2, q_3, q_4, q_c. * */ -template void TurboCircuitConstructor_::create_big_add_gate(const add_quad& in) +template void TurboCircuitConstructor_::create_big_add_gate(const add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -72,18 +72,18 @@ template void TurboCircuitConstructor_::create_big_add_g w_r.emplace_back(in.b); w_o.emplace_back(in.c); w_4.emplace_back(in.d); - q_m.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - q_arith.emplace_back(fr::one()); + q_arith.emplace_back(FF::one()); q_4.emplace_back(in.d_scaling); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -102,8 +102,7 @@ template void TurboCircuitConstructor_::create_big_add_g * ensure this assumption is backed by a constraint (e.g., c and d could be accumulators produced using the TurboPLONK * function `decompose_into_base4_accumulators`). * */ -template -void TurboCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) +template void TurboCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -111,21 +110,21 @@ void TurboCircuitConstructor_::create_big_add_gate_with_bit_extraction(co w_r.emplace_back(in.b); w_o.emplace_back(in.c); w_4.emplace_back(in.d); - q_m.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - q_arith.emplace_back(fr::one() + fr::one()); + q_arith.emplace_back(FF::one() + FF::one()); q_4.emplace_back(in.d_scaling); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } -template void TurboCircuitConstructor_::create_big_mul_gate(const mul_quad& in) +template void TurboCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -138,13 +137,13 @@ template void TurboCircuitConstructor_::create_big_mul_g q_2.emplace_back(in.b_scaling); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - q_arith.emplace_back(fr::one()); + q_arith.emplace_back(FF::one()); q_4.emplace_back(in.d_scaling); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -164,7 +163,7 @@ template void TurboCircuitConstructor_::create_big_mul_g * @warning Even with the constraint on w_3, it is typically necessary to range constrain the wire value that will be * returned. */ -template void TurboCircuitConstructor_::create_balanced_add_gate(const add_quad& in) +template void TurboCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -172,18 +171,18 @@ template void TurboCircuitConstructor_::create_balanced_ w_r.emplace_back(in.b); w_o.emplace_back(in.c); w_4.emplace_back(in.d); - q_m.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); q_1.emplace_back(in.a_scaling); q_2.emplace_back(in.b_scaling); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - q_arith.emplace_back(fr::one()); + q_arith.emplace_back(FF::one()); q_4.emplace_back(in.d_scaling); - q_5.emplace_back(fr::one()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_5.emplace_back(FF::one()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -195,7 +194,7 @@ template void TurboCircuitConstructor_::create_balanced_ * @param in Contains the values for w_l, w_r, w_o, * q_m, q_3, q_c. * */ -template void TurboCircuitConstructor_::create_mul_gate(const mul_triple& in) +template void TurboCircuitConstructor_::create_mul_gate(const mul_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -204,17 +203,17 @@ template void TurboCircuitConstructor_::create_mul_gate( w_o.emplace_back(in.c); w_4.emplace_back(this->zero_idx); q_m.emplace_back(in.mul_scaling); - q_1.emplace_back(fr::zero()); - q_2.emplace_back(fr::zero()); + q_1.emplace_back(FF::zero()); + q_2.emplace_back(FF::zero()); q_3.emplace_back(in.c_scaling); q_c.emplace_back(in.const_scaling); - q_arith.emplace_back(fr::one()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_arith.emplace_back(FF::one()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -224,7 +223,7 @@ template void TurboCircuitConstructor_::create_mul_gate( * * @param variable_index The index of the variable. * */ -template void TurboCircuitConstructor_::create_bool_gate(const uint32_t variable_index) +template void TurboCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { this->assert_valid_variables({ variable_index }); @@ -232,19 +231,19 @@ template void TurboCircuitConstructor_::create_bool_gate w_r.emplace_back(variable_index); w_o.emplace_back(variable_index); w_4.emplace_back(this->zero_idx); - q_arith.emplace_back(fr::one()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - - q_m.emplace_back(fr::one()); - q_1.emplace_back(fr::zero()); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::neg_one()); - q_c.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_arith.emplace_back(FF::one()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + + q_m.emplace_back(FF::one()); + q_1.emplace_back(FF::zero()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::neg_one()); + q_c.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -256,7 +255,7 @@ template void TurboCircuitConstructor_::create_bool_gate * @param in Contains the values for * w_l, w_r, w_o, q_m, q_1, q_2, q_3, q_c. * */ -template void TurboCircuitConstructor_::create_poly_gate(const poly_triple& in) +template void TurboCircuitConstructor_::create_poly_gate(const poly_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -269,14 +268,14 @@ template void TurboCircuitConstructor_::create_poly_gate q_2.emplace_back(in.q_r); q_3.emplace_back(in.q_o); q_c.emplace_back(in.q_c); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - - q_arith.emplace_back(fr::one()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - ++num_gates; + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + + q_arith.emplace_back(FF::one()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -284,8 +283,7 @@ template void TurboCircuitConstructor_::create_poly_gate * * @param in Witnesses and values of two points. * */ -template -void TurboCircuitConstructor_::create_fixed_group_add_gate(const fixed_group_add_quad& in) +template void TurboCircuitConstructor_::create_fixed_group_add_gate(const fixed_group_add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -294,19 +292,19 @@ void TurboCircuitConstructor_::create_fixed_group_add_gate(const fixed_gr w_o.emplace_back(in.c); w_4.emplace_back(in.d); - q_arith.emplace_back(fr::zero()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_m.emplace_back(fr::zero()); - q_c.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); + q_arith.emplace_back(FF::zero()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_m.emplace_back(FF::zero()); + q_c.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); q_1.emplace_back(in.q_x_1); q_2.emplace_back(in.q_x_2); q_3.emplace_back(in.q_y_1); q_fixed_base.emplace_back(in.q_y_2); - ++num_gates; + ++this->num_gates; } /** @@ -315,9 +313,9 @@ void TurboCircuitConstructor_::create_fixed_group_add_gate(const fixed_gr * @param in Addition parameters (points and coefficients). * @param init Initialization parameters (points). * */ -template -void TurboCircuitConstructor_::create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, - const fixed_group_init_quad& init) +template +void TurboCircuitConstructor_::create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, + const fixed_group_init_quad& init) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -326,22 +324,22 @@ void TurboCircuitConstructor_::create_fixed_group_add_gate_with_init(cons w_o.emplace_back(in.c); w_4.emplace_back(in.d); - q_arith.emplace_back(fr::zero()); + q_arith.emplace_back(FF::zero()); q_4.emplace_back(init.q_x_1); q_5.emplace_back(init.q_x_2); q_m.emplace_back(init.q_y_1); q_c.emplace_back(init.q_y_2); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); q_1.emplace_back(in.q_x_1); q_2.emplace_back(in.q_x_2); q_3.emplace_back(in.q_y_1); q_fixed_base.emplace_back(in.q_y_2); - ++num_gates; + ++this->num_gates; } -template void TurboCircuitConstructor_::create_fixed_group_add_gate_final(const add_quad& in) +template void TurboCircuitConstructor_::create_fixed_group_add_gate_final(const add_quad& in) { create_big_add_gate(in); } @@ -352,8 +350,8 @@ template void TurboCircuitConstructor_::create_fixed_gro * @param witness_index Witness variable index. * @param witness_value Witness variable value. * */ -template -void TurboCircuitConstructor_::fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) +template +void TurboCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { this->assert_valid_variables({ witness_index }); @@ -361,18 +359,18 @@ void TurboCircuitConstructor_::fix_witness(const uint32_t witness_index, w_r.emplace_back(this->zero_idx); w_o.emplace_back(this->zero_idx); w_4.emplace_back(this->zero_idx); - q_m.emplace_back(fr::zero()); - q_1.emplace_back(fr::one()); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); + q_1.emplace_back(FF::one()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::zero()); q_c.emplace_back(-witness_value); - q_arith.emplace_back(fr::one()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); - q_logic.emplace_back(fr::zero()); - ++num_gates; + q_arith.emplace_back(FF::one()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); + q_logic.emplace_back(FF::zero()); + ++this->num_gates; } /** @@ -384,10 +382,10 @@ void TurboCircuitConstructor_::fix_witness(const uint32_t witness_index, * @return Vector of variable indexes for accumulator variables used in * the constraint. * */ -template -std::vector TurboCircuitConstructor_::decompose_into_base4_accumulators(const uint32_t witness_index, - const size_t num_bits, - std::string const& msg) +template +std::vector TurboCircuitConstructor_::decompose_into_base4_accumulators(const uint32_t witness_index, + const size_t num_bits, + std::string const& msg) { this->assert_valid_variables({ witness_index }); @@ -467,10 +465,10 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu * **/ - const uint256_t witness_value(get_variable(witness_index)); + const uint256_t witness_value(this->get_variable(witness_index)); - if (witness_value.get_msb() >= num_bits && !failed()) { - failure(msg); + if (witness_value.get_msb() >= num_bits && !this->failed()) { + this->failure(msg); } /* num_quad_gates is the minimum number of gates needed to record num_bits-many bits in a table, putting two-bits (a * quad) at each position. Since our table has width 4, we can fit 8 bits on a row, hence num_quad_gates is @@ -489,7 +487,7 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu const size_t forced_zero_threshold = 1 + (((num_quads << 1) - num_bits) >> 1); std::vector accumulators; - fr accumulator(0); + FF accumulator(0); uint32_t most_significant_segment = 0; // iterate through entries of all but final row for (size_t i = 0; i < num_quads + 1; ++i) { @@ -502,12 +500,12 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu const size_t bit_index = (num_quads - i) << 1; const uint64_t quad = static_cast(witness_value.get_bit(bit_index)) + 2ULL * static_cast(witness_value.get_bit(bit_index + 1)); - const fr quad_element = fr{ quad, 0, 0, 0 }.to_montgomery_form(); + const FF quad_element = fr{ quad, 0, 0, 0 }.to_montgomery_form(); accumulator += accumulator; accumulator += accumulator; accumulator += quad_element; - accumulator_index = add_variable(accumulator); + accumulator_index = this->add_variable(accumulator); accumulators.emplace_back(accumulator_index); if (i == forced_zero_threshold) { @@ -541,11 +539,11 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu w_r.emplace_back(this->zero_idx); w_o.emplace_back(this->zero_idx); - assert_equal(witness_index, accumulators[accumulators.size() - 1], msg); + this->assert_equal(witness_index, accumulators[accumulators.size() - 1], msg); accumulators[accumulators.size() - 1] = witness_index; - num_gates += used_gates; + this->num_gates += used_gates; // constrain top bit of top quad to zero in case num_bits is odd if ((num_bits & 1ULL) == 1ULL) { @@ -565,11 +563,11 @@ std::vector TurboCircuitConstructor_::decompose_into_base4_accu * for u = T.left[T.left.size()-2], u will be too small to express a in the form a = 4u + quad. * The same holds, mutatis mutandis, for T.right. */ -template -accumulator_triple TurboCircuitConstructor_::create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - const bool is_xor_gate) +template +accumulator_triple TurboCircuitConstructor_::create_logic_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits, + const bool is_xor_gate) { this->assert_valid_variables({ a, b }); @@ -647,13 +645,13 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons * addition and logic operations. **/ - const uint256_t left_witness_value(get_variable(a)); - const uint256_t right_witness_value(get_variable(b)); + const uint256_t left_witness_value(this->get_variable(a)); + const uint256_t right_witness_value(this->get_variable(b)); accumulator_triple accumulators; - fr left_accumulator = fr::zero(); - fr right_accumulator = fr::zero(); - fr out_accumulator = fr::zero(); + FF left_accumulator = FF::zero(); + FF right_accumulator = FF::zero(); + FF out_accumulator = FF::zero(); // Step 1: populate 1st row accumulators with zero w_l.emplace_back(this->zero_idx); @@ -674,16 +672,16 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons const uint64_t right_quad = static_cast(right_witness_value.get_bit(bit_index)) + 2ULL * static_cast(right_witness_value.get_bit(bit_index + 1)); - const fr left_quad_element = fr{ left_quad, 0, 0, 0 }.to_montgomery_form(); - const fr right_quad_element = fr{ right_quad, 0, 0, 0 }.to_montgomery_form(); - fr out_quad_element; + const FF left_quad_element = fr{ left_quad, 0, 0, 0 }.to_montgomery_form(); + const FF right_quad_element = fr{ right_quad, 0, 0, 0 }.to_montgomery_form(); + FF out_quad_element; if (is_xor_gate) { out_quad_element = fr{ left_quad ^ right_quad, 0, 0, 0 }.to_montgomery_form(); } else { out_quad_element = fr{ left_quad & right_quad, 0, 0, 0 }.to_montgomery_form(); } - const fr product_quad_element = fr{ left_quad * right_quad, 0, 0, 0 }.to_montgomery_form(); + const FF product_quad_element = fr{ left_quad * right_quad, 0, 0, 0 }.to_montgomery_form(); // replace accumulator by 4.accumulator + quad for a, b and c left_accumulator += left_accumulator; @@ -698,16 +696,16 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons out_accumulator += out_accumulator; out_accumulator += out_quad_element; - left_accumulator_index = add_variable(left_accumulator); + left_accumulator_index = this->add_variable(left_accumulator); accumulators.left.emplace_back(left_accumulator_index); - right_accumulator_index = add_variable(right_accumulator); + right_accumulator_index = this->add_variable(right_accumulator); accumulators.right.emplace_back(right_accumulator_index); - out_accumulator_index = add_variable(out_accumulator); + out_accumulator_index = this->add_variable(out_accumulator); accumulators.out.emplace_back(out_accumulator_index); - product_index = add_variable(product_quad_element); + product_index = this->add_variable(product_quad_element); w_l.emplace_back(left_accumulator_index); w_r.emplace_back(right_accumulator_index); @@ -717,63 +715,64 @@ accumulator_triple TurboCircuitConstructor_::create_logic_constraint(cons w_o.emplace_back(this->zero_idx); for (size_t i = 0; i < num_quads + 1; ++i) { - q_m.emplace_back(fr::zero()); - q_1.emplace_back(fr::zero()); - q_2.emplace_back(fr::zero()); - q_3.emplace_back(fr::zero()); - q_arith.emplace_back(fr::zero()); - q_4.emplace_back(fr::zero()); - q_5.emplace_back(fr::zero()); - q_fixed_base.emplace_back(fr::zero()); - q_range.emplace_back(fr::zero()); + q_m.emplace_back(FF::zero()); + q_1.emplace_back(FF::zero()); + q_2.emplace_back(FF::zero()); + q_3.emplace_back(FF::zero()); + q_arith.emplace_back(FF::zero()); + q_4.emplace_back(FF::zero()); + q_5.emplace_back(FF::zero()); + q_fixed_base.emplace_back(FF::zero()); + q_range.emplace_back(FF::zero()); if (is_xor_gate) { - q_c.emplace_back(fr::neg_one()); - q_logic.emplace_back(fr::neg_one()); + q_c.emplace_back(FF::neg_one()); + q_logic.emplace_back(FF::neg_one()); } else { - q_c.emplace_back(fr::one()); - q_logic.emplace_back(fr::one()); + q_c.emplace_back(FF::one()); + q_logic.emplace_back(FF::one()); } } - q_c[q_c.size() - 1] = fr::zero(); // last gate is a noop - q_logic[q_logic.size() - 1] = fr::zero(); // last gate is a noop + q_c[q_c.size() - 1] = FF::zero(); // last gate is a noop + q_logic[q_logic.size() - 1] = FF::zero(); // last gate is a noop - assert_equal(a, accumulators.left[accumulators.left.size() - 1], "cannot reproduce `a` value using accumulator."); + this->assert_equal( + a, accumulators.left[accumulators.left.size() - 1], "cannot reproduce `a` value using accumulator."); accumulators.left[accumulators.left.size() - 1] = a; - assert_equal(b, accumulators.right[accumulators.right.size() - 1], "cannot reproduce `b` value using accumulator."); + this->assert_equal( + b, accumulators.right[accumulators.right.size() - 1], "cannot reproduce `b` value using accumulator."); accumulators.right[accumulators.right.size() - 1] = b; - num_gates += (num_quads + 1); + this->num_gates += (num_quads + 1); return accumulators; } -template -accumulator_triple TurboCircuitConstructor_::create_and_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +template +accumulator_triple TurboCircuitConstructor_::create_and_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, false); } -template -accumulator_triple TurboCircuitConstructor_::create_xor_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits) +template +accumulator_triple TurboCircuitConstructor_::create_xor_constraint(const uint32_t a, + const uint32_t b, + const size_t num_bits) { return create_logic_constraint(a, b, num_bits, true); } -template -uint32_t TurboCircuitConstructor_::put_constant_variable(const barretenberg::fr& variable) +template uint32_t TurboCircuitConstructor_::put_constant_variable(const FF& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); } else { - uint32_t variable_index = add_variable(variable); + uint32_t variable_index = this->add_variable(variable); fix_witness(variable_index, variable); constant_variable_indices.insert({ variable, variable_index }); return variable_index; @@ -786,10 +785,9 @@ uint32_t TurboCircuitConstructor_::put_constant_variable(const barretenbe * @return true Evaluation is zero * @return false Evaluation is not zero */ -template -inline bool TurboCircuitConstructor_::lazy_arithmetic_gate_check(const size_t gate_index) +template inline bool TurboCircuitConstructor_::lazy_arithmetic_gate_check(const size_t gate_index) { - return arithmetic_gate_evaluation(gate_index, fr::one()).is_zero(); + return arithmetic_gate_evaluation(gate_index, FF::one()).is_zero(); } /** @@ -799,53 +797,52 @@ inline bool TurboCircuitConstructor_::lazy_arithmetic_gate_check(const si * @return bool * TODO(luke/kesha): Add some comments explaining in what sense each of these checks are "lazy" */ -template -inline bool TurboCircuitConstructor_::lazy_fixed_base_gate_check(const size_t gate_index) +template inline bool TurboCircuitConstructor_::lazy_fixed_base_gate_check(const size_t gate_index) { - ASSERT(gate_index < num_gates); + ASSERT(gate_index < this->num_gates); - constexpr barretenberg::fr grumpkin_curve_b(-17); - constexpr barretenberg::fr nine(9); + constexpr FF grumpkin_curve_b(-17); + constexpr FF nine(9); // Get witness values - fr wire_1_shifted; - fr wire_2_shifted; - fr wire_3_shifted; - fr wire_4_shifted; - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_3_value = get_variable(w_o[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); - if ((gate_index + 1) < num_gates) { - wire_1_shifted = get_variable(w_l[gate_index + 1]); - wire_2_shifted = get_variable(w_r[gate_index + 1]); - wire_3_shifted = get_variable(w_o[gate_index + 1]); - wire_4_shifted = get_variable(w_4[gate_index + 1]); + FF wire_1_shifted; + FF wire_2_shifted; + FF wire_3_shifted; + FF wire_4_shifted; + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_3_value = this->get_variable(w_o[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); + if ((gate_index + 1) < this->num_gates) { + wire_1_shifted = this->get_variable(w_l[gate_index + 1]); + wire_2_shifted = this->get_variable(w_r[gate_index + 1]); + wire_3_shifted = this->get_variable(w_o[gate_index + 1]); + wire_4_shifted = this->get_variable(w_4[gate_index + 1]); } else { - wire_1_shifted = fr::zero(); - wire_2_shifted = fr::zero(); - wire_3_shifted = fr::zero(); - wire_4_shifted = fr::zero(); + wire_1_shifted = FF::zero(); + wire_2_shifted = FF::zero(); + wire_3_shifted = FF::zero(); + wire_4_shifted = FF::zero(); } // Get selector values - const fr q_c_value = q_c[gate_index]; - const fr q_fixed_base_value = q_fixed_base[gate_index]; - const fr q_m_value = q_m[gate_index]; - const fr q_1_value = q_1[gate_index]; - const fr q_2_value = q_2[gate_index]; - const fr q_3_value = q_3[gate_index]; - const fr q_4_value = q_4[gate_index]; - const fr q_5_value = q_5[gate_index]; + const FF q_c_value = q_c[gate_index]; + const FF q_fixed_base_value = q_fixed_base[gate_index]; + const FF q_m_value = q_m[gate_index]; + const FF q_1_value = q_1[gate_index]; + const FF q_2_value = q_2[gate_index]; + const FF q_3_value = q_3[gate_index]; + const FF q_4_value = q_4[gate_index]; + const FF q_5_value = q_5[gate_index]; // Compute, optimizing multiplications (different fromt the way we used in widgets, since the linearization // trick is no more) - fr delta = wire_4_shifted - (wire_4_value + wire_4_value + wire_4_value + wire_4_value); - fr delta_squared = delta.sqr(); + FF delta = wire_4_shifted - (wire_4_value + wire_4_value + wire_4_value + wire_4_value); + FF delta_squared = delta.sqr(); // accumulator_identity = (δ + 3)(δ + 1)(δ - 1)(δ - 3) - if (delta_squared != nine && delta_squared != fr::one()) { + if (delta_squared != nine && delta_squared != FF::one()) { return false; } @@ -854,19 +851,19 @@ inline bool TurboCircuitConstructor_::lazy_fixed_base_gate_check(const si return false; } - fr T0 = wire_1_shifted + wire_1_value + wire_3_shifted; - fr T1 = (wire_3_shifted - wire_1_value).sqr(); + FF T0 = wire_1_shifted + wire_1_value + wire_3_shifted; + FF T1 = (wire_3_shifted - wire_1_value).sqr(); T0 = T0 * T1; T1 = wire_3_shifted.sqr() * wire_3_shifted; - fr T2 = wire_2_value.sqr(); + FF T2 = wire_2_value.sqr(); T1 = T1 + T2; T1 = -(T1 + grumpkin_curve_b); T2 = delta * wire_2_value * q_fixed_base_value; T2 = T2 + T2; - fr T3_part = delta * wire_3_shifted * q_3_value; - fr T3 = T3_part * wire_2_value; + FF T3_part = delta * wire_3_shifted * q_3_value; + FF T3 = T3_part * wire_2_value; T3 = T3 + T3; // x_accumulator_identity = α^2 * @@ -887,19 +884,19 @@ inline bool TurboCircuitConstructor_::lazy_fixed_base_gate_check(const si } if (!q_c_value.is_zero()) { - T0 = wire_4_value - fr::one(); + T0 = wire_4_value - FF::one(); T1 = T0 - wire_3_value; if (!T0.is_zero() && !T1.is_zero()) { return false; } - T0 = wire_3_value * (q_4_value - wire_1_value) + (fr::one() - wire_4_value) * q_5_value; + T0 = wire_3_value * (q_4_value - wire_1_value) + (FF::one() - wire_4_value) * q_5_value; if (!T0.is_zero()) { return false; } - T0 = q_c_value * (fr::one() - wire_4_value); + T0 = q_c_value * (FF::one() - wire_4_value); T1 = wire_2_value * wire_3_value; - fr y_init_identity = (T0 - T1 + q_m_value * wire_3_value); + FF y_init_identity = (T0 - T1 + q_m_value * wire_3_value); if (!y_init_identity.is_zero()) { return false; } @@ -913,44 +910,44 @@ inline bool TurboCircuitConstructor_::lazy_fixed_base_gate_check(const si * @param gate_index Gate index * @return fr */ -template inline bool TurboCircuitConstructor_::lazy_logic_gate_check(const size_t gate_index) +template inline bool TurboCircuitConstructor_::lazy_logic_gate_check(const size_t gate_index) { - ASSERT(gate_index < num_gates); - - fr wire_1_shifted; - fr wire_2_shifted; - fr wire_4_shifted; - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); - if ((gate_index + 1) < num_gates) { - wire_1_shifted = get_variable(w_l[gate_index + 1]); - wire_2_shifted = get_variable(w_r[gate_index + 1]); - wire_4_shifted = get_variable(w_4[gate_index + 1]); + ASSERT(gate_index < this->num_gates); + + FF wire_1_shifted; + FF wire_2_shifted; + FF wire_4_shifted; + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); + if ((gate_index + 1) < this->num_gates) { + wire_1_shifted = this->get_variable(w_l[gate_index + 1]); + wire_2_shifted = this->get_variable(w_r[gate_index + 1]); + wire_4_shifted = this->get_variable(w_4[gate_index + 1]); } else { - wire_1_shifted = fr::zero(); - wire_2_shifted = fr::zero(); - wire_4_shifted = fr::zero(); + wire_1_shifted = FF::zero(); + wire_2_shifted = FF::zero(); + wire_4_shifted = FF::zero(); } // Get selector values - const fr q_c_value = q_c[gate_index]; - const fr q_logic_value = q_logic[gate_index]; - constexpr fr two(2); - constexpr fr three(3); - constexpr fr minus_one = -fr::one(); + const FF q_c_value = q_c[gate_index]; + const FF q_logic_value = q_logic[gate_index]; + constexpr FF two(2); + constexpr FF three(3); + constexpr FF minus_one = -FF::one(); - fr T0; - fr T1; - fr T2; + FF T0; + FF T1; + FF T2; // T0 = a T0 = wire_1_value + wire_1_value; T0 += T0; T0 = wire_1_shifted - T0; - if (!T0.is_zero() && T0 != fr::one() && T0 != two && T0 != three) { + if (!T0.is_zero() && T0 != FF::one() && T0 != two && T0 != three) { return false; } // T1 = b @@ -958,7 +955,7 @@ template inline bool TurboCircuitConstructor_::lazy_logi T1 += T1; T1 = wire_2_shifted - T1; - if (!T1.is_zero() && T1 != fr::one() && T1 != two && T1 != three) { + if (!T1.is_zero() && T1 != FF::one() && T1 != two && T1 != three) { return false; } @@ -967,14 +964,14 @@ template inline bool TurboCircuitConstructor_::lazy_logi T2 += T2; T2 = wire_4_shifted - T2; - if (!T2.is_zero() && T2 != fr::one() && T2 != two && T2 != three) { + if (!T2.is_zero() && T2 != FF::one() && T2 != two && T2 != three) { return false; } uint64_t a = uint256_t(T0).data[0]; uint64_t b = uint256_t(T1).data[0]; uint64_t c = uint256_t(T2).data[0]; - if (q_c_value == fr::one() && q_logic_value == fr::one()) { + if (q_c_value == FF::one() && q_logic_value == FF::one()) { return (a & b) == c; } @@ -989,50 +986,50 @@ template inline bool TurboCircuitConstructor_::lazy_logi * @param gate_index Gate index * @return bool */ -template inline bool TurboCircuitConstructor_::lazy_range_gate_check(const size_t gate_index) +template inline bool TurboCircuitConstructor_::lazy_range_gate_check(const size_t gate_index) { - ASSERT(gate_index < num_gates); + ASSERT(gate_index < this->num_gates); - fr wire_4_shifted; - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_3_value = get_variable(w_o[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); - if ((gate_index + 1) < num_gates) { - wire_4_shifted = get_variable(w_4[gate_index + 1]); + FF wire_4_shifted; + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_3_value = this->get_variable(w_o[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); + if ((gate_index + 1) < this->num_gates) { + wire_4_shifted = this->get_variable(w_4[gate_index + 1]); } else { - wire_4_shifted = fr::zero(); + wire_4_shifted = FF::zero(); } - constexpr barretenberg::fr two(2); - constexpr barretenberg::fr three(3); + constexpr FF two(2); + constexpr FF three(3); - fr delta_1 = wire_4_value + wire_4_value; + FF delta_1 = wire_4_value + wire_4_value; delta_1 += delta_1; delta_1 = (wire_3_value - delta_1).reduce_once(); - if (!delta_1.is_zero() && delta_1 != fr::one() && delta_1 != two && delta_1 != three) { + if (!delta_1.is_zero() && delta_1 != FF::one() && delta_1 != two && delta_1 != three) { return false; } - fr delta_2 = wire_3_value + wire_3_value; + FF delta_2 = wire_3_value + wire_3_value; delta_2 += delta_2; delta_2 = wire_2_value - delta_2; - if (!delta_2.is_zero() && delta_2 != fr::one() && delta_2 != two && delta_2 != three) { + if (!delta_2.is_zero() && delta_2 != FF::one() && delta_2 != two && delta_2 != three) { return false; } - fr delta_3 = wire_2_value + wire_2_value; + FF delta_3 = wire_2_value + wire_2_value; delta_3 += delta_3; delta_3 = wire_1_value - delta_3; - if (!delta_3.is_zero() && delta_3 != fr::one() && delta_3 != two && delta_3 != three) { + if (!delta_3.is_zero() && delta_3 != FF::one() && delta_3 != two && delta_3 != three) { return false; } - fr delta_4 = wire_1_value + wire_1_value; + FF delta_4 = wire_1_value + wire_1_value; delta_4 += delta_4; delta_4 = wire_4_shifted - delta_4; - if (!delta_4.is_zero() && delta_4 != fr::one() && delta_4 != two && delta_4 != three) { + if (!delta_4.is_zero() && delta_4 != FF::one() && delta_4 != two && delta_4 != three) { return false; } @@ -1045,32 +1042,33 @@ template inline bool TurboCircuitConstructor_::lazy_rang * @param alpha_base The base value that the whole evaluation is multiplied by * @return fr */ -inline fr TurboCircuitConstructor_::arithmetic_gate_evaluation(const size_t gate_index, const fr alpha_base) +template +inline FF TurboCircuitConstructor_::arithmetic_gate_evaluation(const size_t gate_index, const FF alpha_base) { - ASSERT(gate_index < num_gates); + ASSERT(gate_index < this->num_gates); - constexpr barretenberg::fr minus_seven(-7); + constexpr FF minus_seven(-7); - constexpr fr two = fr::one() + fr::one(); - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_3_value = get_variable(w_o[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); + constexpr FF two = FF::one() + FF::one(); + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_3_value = this->get_variable(w_o[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); // T2 = Δ - fr T2 = wire_4_value + wire_4_value; + FF T2 = wire_4_value + wire_4_value; T2 += T2; T2 = wire_3_value - T2; // T3 = 2Δ^2 - fr T3 = T2.sqr(); + FF T3 = T2.sqr(); T3 += T3; // T4 = 9.Δ - fr T4 = T2 + T2; + FF T4 = T2 + T2; T4 += T2; // // T5 = 6.Δ - fr T5 = T4 + T4; + FF T5 = T4 + T4; T4 += T5; // T4 = 9.Δ - 2.Δ^2 - 7 @@ -1083,7 +1081,7 @@ inline fr TurboCircuitConstructor_::arithmetic_gate_evaluation(const size return alpha_base * q_arith[gate_index] * (wire_1_value * (q_m[gate_index] * wire_2_value + q_1[gate_index]) + q_2[gate_index] * wire_2_value + q_3[gate_index] * wire_3_value + - wire_4_value * (q_4[gate_index] + q_5[gate_index] * (wire_4_value - two) * (wire_4_value - fr::one())) + + wire_4_value * (q_4[gate_index] + q_5[gate_index] * (wire_4_value - two) * (wire_4_value - FF::one())) + q_c[gate_index] + (q_arith[gate_index] - 1) * T2); } /** @@ -1094,54 +1092,55 @@ inline fr TurboCircuitConstructor_::arithmetic_gate_evaluation(const size * @param alpha An element used as a separator of individual subrelations * @return fr */ -inline fr TurboCircuitConstructor_::range_gate_evaluation(const size_t gate_index, - const fr alpha_base, - const fr alpha) +template +inline FF TurboCircuitConstructor_::range_gate_evaluation(const size_t gate_index, + const FF alpha_base, + const FF alpha) { - ASSERT(gate_index < num_gates); + ASSERT(gate_index < this->num_gates); - fr wire_4_shifted; - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_3_value = get_variable(w_o[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); - if ((gate_index + 1) < num_gates) { - wire_4_shifted = get_variable(w_4[gate_index + 1]); + FF wire_4_shifted; + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_3_value = this->get_variable(w_o[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); + if ((gate_index + 1) < this->num_gates) { + wire_4_shifted = this->get_variable(w_4[gate_index + 1]); } else { - wire_4_shifted = fr::zero(); + wire_4_shifted = FF::zero(); } - constexpr barretenberg::fr minus_two(-2); - constexpr barretenberg::fr minus_three(-3); - fr alpha_a = alpha_base; - fr alpha_b = alpha_a * alpha; - fr alpha_c = alpha_b * alpha; - fr alpha_d = alpha_c * alpha; - - fr delta_1 = wire_4_value + wire_4_value; + constexpr FF minus_two(-2); + constexpr FF minus_three(-3); + FF alpha_a = alpha_base; + FF alpha_b = alpha_a * alpha; + FF alpha_c = alpha_b * alpha; + FF alpha_d = alpha_c * alpha; + + FF delta_1 = wire_4_value + wire_4_value; delta_1 += delta_1; delta_1 = wire_3_value - delta_1; - fr delta_2 = wire_3_value + wire_3_value; + FF delta_2 = wire_3_value + wire_3_value; delta_2 += delta_2; delta_2 = wire_2_value - delta_2; - fr delta_3 = wire_2_value + wire_2_value; + FF delta_3 = wire_2_value + wire_2_value; delta_3 += delta_3; delta_3 = wire_1_value - delta_3; - fr delta_4 = wire_1_value + wire_1_value; + FF delta_4 = wire_1_value + wire_1_value; delta_4 += delta_4; delta_4 = wire_4_shifted - delta_4; // D(D - 1)(D - 2)(D - 3).alpha - fr T0 = delta_1.sqr(); + FF T0 = delta_1.sqr(); T0 -= delta_1; - fr T1 = delta_1 + minus_two; + FF T1 = delta_1 + minus_two; T0 *= T1; T1 = delta_1 + minus_three; T0 *= T1; - fr range_accumulator = T0 * alpha_a; + FF range_accumulator = T0 * alpha_a; T0 = delta_2.sqr(); T0 -= delta_2; @@ -1180,44 +1179,45 @@ inline fr TurboCircuitConstructor_::range_gate_evaluation(const size_t ga * @param alpha The element used as separator for individual subrelations * @return fr */ -inline fr TurboCircuitConstructor_::logic_gate_evaluation(const size_t gate_index, - const fr alpha_base, - const fr alpha) +template +inline FF TurboCircuitConstructor_::logic_gate_evaluation(const size_t gate_index, + const FF alpha_base, + const FF alpha) { - ASSERT(gate_index < num_gates); - - fr wire_1_shifted; - fr wire_2_shifted; - fr wire_4_shifted; - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_3_value = get_variable(w_o[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); - if ((gate_index + 1) < num_gates) { - wire_1_shifted = get_variable(w_l[gate_index + 1]); - wire_2_shifted = get_variable(w_r[gate_index + 1]); - wire_4_shifted = get_variable(w_4[gate_index + 1]); + ASSERT(gate_index < this->num_gates); + + FF wire_1_shifted; + FF wire_2_shifted; + FF wire_4_shifted; + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_3_value = this->get_variable(w_o[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); + if ((gate_index + 1) < this->num_gates) { + wire_1_shifted = this->get_variable(w_l[gate_index + 1]); + wire_2_shifted = this->get_variable(w_r[gate_index + 1]); + wire_4_shifted = this->get_variable(w_4[gate_index + 1]); } else { - wire_1_shifted = fr::zero(); - wire_2_shifted = fr::zero(); - wire_4_shifted = fr::zero(); + wire_1_shifted = FF::zero(); + wire_2_shifted = FF::zero(); + wire_4_shifted = FF::zero(); } // Get selector values - const fr q_c_value = q_c[gate_index]; - constexpr fr six(6); - constexpr fr eighty_one(81); - constexpr fr eighty_three(83); - - fr delta_sum; - fr delta_squared_sum; - fr T0; - fr T1; - fr T2; - fr T3; - fr T4; - fr identity; + const FF q_c_value = q_c[gate_index]; + constexpr FF six(6); + constexpr FF eighty_one(81); + constexpr FF eighty_three(83); + + FF delta_sum; + FF delta_squared_sum; + FF T0; + FF T1; + FF T2; + FF T3; + FF T4; + FF identity; T0 = wire_1_value + wire_1_value; T0 += T0; @@ -1350,67 +1350,68 @@ inline fr TurboCircuitConstructor_::logic_gate_evaluation(const size_t ga * @param alpha_powers A vector with alpha_base and alpha_base*α^{i} for enough i * @return fr */ -inline fr TurboCircuitConstructor_::fixed_base_gate_evaluation(const size_t gate_index, - const std::vector& alpha_powers) +template +inline FF TurboCircuitConstructor_::fixed_base_gate_evaluation(const size_t gate_index, + const std::vector& alpha_powers) { - ASSERT(gate_index < num_gates); + ASSERT(gate_index < this->num_gates); - constexpr barretenberg::fr grumpkin_curve_b(-17); - constexpr barretenberg::fr three(3); + constexpr FF grumpkin_curve_b(-17); + constexpr FF three(3); // Get witness values - fr wire_1_shifted; - fr wire_2_shifted; - fr wire_3_shifted; - fr wire_4_shifted; - const fr wire_1_value = get_variable(w_l[gate_index]); - const fr wire_2_value = get_variable(w_r[gate_index]); - const fr wire_3_value = get_variable(w_o[gate_index]); - const fr wire_4_value = get_variable(w_4[gate_index]); - if ((gate_index + 1) < num_gates) { - wire_1_shifted = get_variable(w_l[gate_index + 1]); - wire_2_shifted = get_variable(w_r[gate_index + 1]); - wire_3_shifted = get_variable(w_o[gate_index + 1]); - wire_4_shifted = get_variable(w_4[gate_index + 1]); + FF wire_1_shifted; + FF wire_2_shifted; + FF wire_3_shifted; + FF wire_4_shifted; + const FF wire_1_value = this->get_variable(w_l[gate_index]); + const FF wire_2_value = this->get_variable(w_r[gate_index]); + const FF wire_3_value = this->get_variable(w_o[gate_index]); + const FF wire_4_value = this->get_variable(w_4[gate_index]); + if ((gate_index + 1) < this->num_gates) { + wire_1_shifted = this->get_variable(w_l[gate_index + 1]); + wire_2_shifted = this->get_variable(w_r[gate_index + 1]); + wire_3_shifted = this->get_variable(w_o[gate_index + 1]); + wire_4_shifted = this->get_variable(w_4[gate_index + 1]); } else { - wire_1_shifted = fr::zero(); - wire_2_shifted = fr::zero(); - wire_3_shifted = fr::zero(); - wire_4_shifted = fr::zero(); + wire_1_shifted = FF::zero(); + wire_2_shifted = FF::zero(); + wire_3_shifted = FF::zero(); + wire_4_shifted = FF::zero(); } // Get selector values - const fr q_c_value = q_c[gate_index]; - const fr q_fixed_base_value = q_fixed_base[gate_index]; - const fr q_m_value = q_m[gate_index]; - const fr q_1_value = q_1[gate_index]; - const fr q_2_value = q_2[gate_index]; - const fr q_3_value = q_3[gate_index]; - const fr q_4_value = q_4[gate_index]; - const fr q_5_value = q_5[gate_index]; + const FF q_c_value = q_c[gate_index]; + const FF q_fixed_base_value = q_fixed_base[gate_index]; + const FF q_m_value = q_m[gate_index]; + const FF q_1_value = q_1[gate_index]; + const FF q_2_value = q_2[gate_index]; + const FF q_3_value = q_3[gate_index]; + const FF q_4_value = q_4[gate_index]; + const FF q_5_value = q_5[gate_index]; // Compute, optimizing multiplications (different from the way we used in widgets, since the linearization // trick is no more) - fr delta = wire_4_shifted - (wire_4_value + wire_4_value + wire_4_value + wire_4_value); - fr delta_squared = delta.sqr(); + FF delta = wire_4_shifted - (wire_4_value + wire_4_value + wire_4_value + wire_4_value); + FF delta_squared = delta.sqr(); // accumulator_identity = (δ + 3)(δ + 1)(δ - 1)(δ - 3) - fr result = (delta - three) * (delta - fr::one()) * (delta + fr::one()) * (delta + three) * alpha_powers[0]; + FF result = (delta - three) * (delta - FF::one()) * (delta + FF::one()) * (delta + three) * alpha_powers[0]; // Originaly q_1 and q_2 multiplicands with x_alpha_identity result += (delta_squared * q_1_value + q_2_value - wire_3_shifted) * alpha_powers[1]; - fr T1_part = wire_2_value * alpha_powers[2]; + FF T1_part = wire_2_value * alpha_powers[2]; // Added q_3 multiplicand result += ((T1_part + T1_part) + (wire_1_shifted - wire_1_value) * alpha_powers[3]) * delta * wire_3_shifted * q_3_value; - fr T0 = wire_1_shifted + wire_1_value + wire_3_shifted; - fr T1 = (wire_3_shifted - wire_1_value).sqr(); + FF T0 = wire_1_shifted + wire_1_value + wire_3_shifted; + FF T1 = (wire_3_shifted - wire_1_value).sqr(); T0 = T0 * T1; T1 = wire_3_shifted.sqr() * wire_3_shifted; - fr T2 = wire_2_value.sqr(); + FF T2 = wire_2_value.sqr(); T1 = T1 + T2; T1 = -(T1 + grumpkin_curve_b); @@ -1431,23 +1432,23 @@ inline fr TurboCircuitConstructor_::fixed_base_gate_evaluation(const size result += (T0 + T1) * alpha_powers[3]; - T0 = wire_4_value - fr::one(); + T0 = wire_4_value - FF::one(); T1 = T0 - wire_3_value; - fr accumulator_init_identity = T0 * T1 * alpha_powers[4]; + FF accumulator_init_identity = T0 * T1 * alpha_powers[4]; // q_4 and q_5 - result += (((wire_3_value * q_4_value + (fr::one() - wire_4_value) * q_5_value) * alpha_powers[5]) + + result += (((wire_3_value * q_4_value + (FF::one() - wire_4_value) * q_5_value) * alpha_powers[5]) + (q_m_value * wire_3_value * alpha_powers[6])) * q_c_value; // x_init_identity = -α^5 * w_1 * w_3 - fr x_init_identity = -(wire_1_value * wire_3_value) * alpha_powers[5]; + FF x_init_identity = -(wire_1_value * wire_3_value) * alpha_powers[5]; // y_init_identity = α^6 * (q_c * (1 - w_4) - w_2 * w_3) - T0 = fr::one() - wire_4_value; + T0 = FF::one() - wire_4_value; T0 = T0 * q_c_value; T1 = wire_2_value * wire_3_value; - fr y_init_identity = (T0 - T1) * alpha_powers[6]; + FF y_init_identity = (T0 - T1) * alpha_powers[6]; result += (accumulator_init_identity + x_init_identity + y_init_identity) * q_c_value; return result * q_fixed_base_value; @@ -1457,11 +1458,11 @@ inline fr TurboCircuitConstructor_::fixed_base_gate_evaluation(const size * * @return true if circuit is correct, false if not. * */ -bool TurboCircuitConstructor_::check_circuit() +template bool TurboCircuitConstructor_::check_circuit() { // #define LAZY_CIRCUIT_CHECKS #ifdef LAZY_CIRCUIT_CHECKS - for (size_t i = 0; i < num_gates; i++) { + for (size_t i = 0; i < this->num_gates; i++) { if (!q_arith[i].is_zero() && !lazy_arithmetic_gate_check(i)) { return false; } @@ -1478,15 +1479,15 @@ bool TurboCircuitConstructor_::check_circuit() return true; #else // Initialize each of the kernels - const fr alpha_base = fr::random_element(); - const fr alpha = fr::random_element(); - std::vector alpha_powers; + const FF alpha_base = FF::random_element(); + const FF alpha = FF::random_element(); + std::vector alpha_powers; alpha_powers.push_back(alpha_base); for (size_t i = 1; i < 7; i++) { alpha_powers.push_back(alpha_powers[i] * alpha); } - for (size_t i = 0; i < get_num_gates(); i++) { + for (size_t i = 0; i < this->get_num_gates(); i++) { if (!arithmetic_gate_evaluation(i, alpha_base).is_zero()) { #ifndef FUZZING info("Arithmetic gate ", i, " failed"); @@ -1519,5 +1520,5 @@ bool TurboCircuitConstructor_::check_circuit() #endif } - +template class TurboCircuitConstructor_; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index 2de7074c12..14fb666166 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -14,11 +14,9 @@ inline std::vector turbo_selector_names() "q_5", "q_arith", "q_fixed_base", "q_range", "q_logic" }; return result; } -template -class TurboCircuitConstructor_ : public CircuitConstructorBase> { +template class TurboCircuitConstructor_ : public CircuitConstructorBase> { public: - using FF = typename Curve::ScalarField; static constexpr ComposerType type = ComposerType::TURBO; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; @@ -110,7 +108,7 @@ class TurboCircuitConstructor_ : public CircuitConstructorBasefailure(msg); } auto b_idx = put_constant_variable(b); - assert_equal(a_idx, b_idx, msg); + this->assert_equal(a_idx, b_idx, msg); } /** @@ -125,5 +123,6 @@ class TurboCircuitConstructor_ : public CircuitConstructorBase constant_variable_indices; }; -using TurboCircuitConstructor = TurboCircuitConstructor_; +extern template class TurboCircuitConstructor_; +using TurboCircuitConstructor = TurboCircuitConstructor_; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp index 37c198c713..7152ae5c01 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp @@ -187,8 +187,8 @@ TEST(turbo_circuit_constructor, small_scalar_multipliers) bool skew = false; barretenberg::wnaf::fixed_wnaf(&scalar_multiplier_base.data[0], &wnaf_entries[0], skew, 0); - fr accumulator_offset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); - fr origin_accumulators[2]{ fr::one(), accumulator_offset + fr::one() }; + fr accumulator_ofrset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); + fr origin_accumulators[2]{ fr::one(), accumulator_ofrset + fr::one() }; grumpkin::g1::element* multiplication_transcript = static_cast(aligned_alloc(64, sizeof(grumpkin::g1::element) * (num_quads + 1))); @@ -228,7 +228,7 @@ TEST(turbo_circuit_constructor, small_scalar_multipliers) TurboCircuitConstructor circuit_constructor = TurboCircuitConstructor(); - fr x_alpha = accumulator_offset; + fr x_alpha = accumulator_ofrset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; round_quad.d = circuit_constructor.add_variable(accumulator_transcript[i]); @@ -311,8 +311,8 @@ TEST(turbo_circuit_constructor, large_scalar_multipliers) bool skew = false; barretenberg::wnaf::fixed_wnaf(&scalar_multiplier_base.data[0], &wnaf_entries[0], skew, 0); - fr accumulator_offset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); - fr origin_accumulators[2]{ fr::one(), accumulator_offset + fr::one() }; + fr accumulator_ofrset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); + fr origin_accumulators[2]{ fr::one(), accumulator_ofrset + fr::one() }; grumpkin::g1::element* multiplication_transcript = static_cast(aligned_alloc(64, sizeof(grumpkin::g1::element) * (num_quads + 1))); @@ -352,7 +352,7 @@ TEST(turbo_circuit_constructor, large_scalar_multipliers) TurboCircuitConstructor circuit_constructor = TurboCircuitConstructor(); - fr x_alpha = accumulator_offset; + fr x_alpha = accumulator_ofrset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; round_quad.d = circuit_constructor.add_variable(accumulator_transcript[i]); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index d4f7855e3f..828bbca65c 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -1,10 +1,10 @@ /** * @file ultra_circuit_constructor.cpp * @author Luke (ledwards2225) and Kesha (Rumata888) - * @brief This file contains the implementation of UltraCircuitConstructor_ class that defines the logic of + * @brief This file contains the implementation of UltraCircuitConstructor_ class that defines the logic of * ultra-style circuits and is intended for the use in UltraHonk and UltraPlonk systems * - * @todo 1) Replace barretenberg::fr with templated FF or Field + * @todo 1) Replace FF>with templated FF or Field * */ #include "ultra_circuit_constructor.hpp" @@ -16,7 +16,7 @@ using namespace barretenberg; namespace proof_system { -template void UltraCircuitConstructor_::finalize_circuit() +template void UltraCircuitConstructor_::finalize_circuit() { /** * First of all, add the gates related to ROM arrays and range lists. @@ -53,7 +53,7 @@ template void UltraCircuitConstructor_::finalize_circuit } /** - * @brief Atemplate void zero-polynomials and ensure first coeff of wire polynomials is 0 + * @brief Atemplate void zero-polynomials and ensure first coeff of wire polynomials is 0 * * @param in Structure containing variables and witness selectors */ @@ -63,7 +63,7 @@ template void UltraCircuitConstructor_::finalize_circuit // (~16k gates) mostly due to the lookups it includes. // TODO(#423)(luke): Add 0 as a PI since PI always start at the 0th index of the wire polynomials? // TODO(luke): may need to reevaluate once aux relation is implemented -template void UltraCircuitConstructor_::add_gates_to_ensure_all_polys_are_non_zero() +template void UltraCircuitConstructor_::add_gates_to_ensure_all_polys_are_non_zero() { // First add a gate to simultaneously ensure first entries of all wires is zero and to add a non // zero value to all selectors aside from q_c and q_lookup @@ -103,8 +103,8 @@ template void UltraCircuitConstructor_::add_gates_to_ens uint32_t left_value = 3; uint32_t right_value = 5; - fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); + FF left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); + FF right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); uint32_t left_witness_index = this->add_variable(left_witness_value); uint32_t right_witness_index = this->add_variable(right_witness_value); @@ -128,7 +128,7 @@ template void UltraCircuitConstructor_::add_gates_to_ens * * @param in A structure with variable indexes and selector values for the gate. */ -template void UltraCircuitConstructor_::create_add_gate(const add_triple& in) +template void UltraCircuitConstructor_::create_add_gate(const add_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -158,8 +158,8 @@ template void UltraCircuitConstructor_::create_add_gate( * @param in Structure with variable indexes and wire selector values * @param include_next_gate_w_4 Switches on/off the addition of w_4 at the next index */ -template -void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) +template +void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); w_l.emplace_back(in.a); @@ -186,8 +186,7 @@ void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, co * * @param in Structure with variables and witness selector values */ -template -void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) +template void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) { // This method is an artifact of a turbo plonk feature that implicitly extracts // a high or low bit from a base-4 quad and adds it into the arithmetic gate relationship. @@ -219,7 +218,7 @@ void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(co }); // create temporary variable t = in.a * in.a_scaling + 6 * hi_bit - const auto t = this->get_variable(in.a) * in.a_scaling + fr(hi_bit) * 6; + const auto t = this->get_variable(in.a) * in.a_scaling + FF(hi_bit) * 6; const auto t_idx = this->add_variable(t); create_big_add_gate({ in.a, @@ -250,7 +249,7 @@ void UltraCircuitConstructor_::create_big_add_gate_with_bit_extraction(co * * @param in Structure containing variables and witness selectors */ -template void UltraCircuitConstructor_::create_big_mul_gate(const mul_quad& in) +template void UltraCircuitConstructor_::create_big_mul_gate(const mul_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -274,7 +273,7 @@ template void UltraCircuitConstructor_::create_big_mul_g // Creates a width-4 addition gate, where the fourth witness must be a boolean. // Can be used to this->normalize a this->32-bit this->addition -template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) +template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -314,7 +313,7 @@ template void UltraCircuitConstructor_::create_balanced_ * * @param in Structure containing variables and witness selectors */ -template void UltraCircuitConstructor_::create_mul_gate(const mul_triple& in) +template void UltraCircuitConstructor_::create_mul_gate(const mul_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -340,7 +339,7 @@ template void UltraCircuitConstructor_::create_mul_gate( * * @param this->variable_index Variable this->which needs this->to be constrained */ -template void UltraCircuitConstructor_::create_bool_gate(const uint32_t variable_index) +template void UltraCircuitConstructor_::create_bool_gate(const uint32_t variable_index) { this->assert_valid_variables({ variable_index }); @@ -369,7 +368,7 @@ template void UltraCircuitConstructor_::create_bool_gate * * @param in Structure containing variables and witness selectors */ -template void UltraCircuitConstructor_::create_poly_gate(const poly_triple& in) +template void UltraCircuitConstructor_::create_poly_gate(const poly_triple& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -394,7 +393,7 @@ template void UltraCircuitConstructor_::create_poly_gate /** * @brief Create an this->elliptic curve this->addition gate -this-> * + * * @details x and y are defined over scalar field. Addition can handle applying the curve endomorphism to one of the * points being summed at the time of addition. * @@ -402,7 +401,7 @@ this-> * * added, the resulting point coordinates and the selector values that describe whether the endomorphism is used on the * second point and whether it is negated. */ -template void UltraCircuitConstructor_::create_ecc_add_gate(const ecc_add_gate& in) +template void UltraCircuitConstructor_::create_ecc_add_gate(const ecc_add_gate& in) { /** * | 1 | 2 | 3 | 4 | @@ -430,7 +429,7 @@ template void UltraCircuitConstructor_::create_ecc_add_g q_elliptic[this->num_gates - 1] = 1; } else { w_l.emplace_back(this->zero_idx); - this->w_r.emplace_back(in.x1); + w_r.emplace_back(in.x1); w_o.emplace_back(in.y1); w_4.emplace_back(this->zero_idx); q_3.emplace_back(in.endomorphism_coefficient); @@ -472,8 +471,8 @@ template void UltraCircuitConstructor_::create_ecc_add_g * @param witness_index The index of the witness we are fixing * @param witness_value The value we are fixing it to */ -template -void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) +template +void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, const FF& witness_value) { this->assert_valid_variables({ witness_index }); @@ -495,7 +494,7 @@ void UltraCircuitConstructor_::fix_witness(const uint32_t witness_index, ++this->num_gates; } -template uint32_t UltraCircuitConstructor_::put_constant_variable(const fr& variable) +template uint32_t UltraCircuitConstructor_::put_constant_variable(const FF& variable) { if (constant_variable_indices.contains(variable)) { return constant_variable_indices.at(variable); @@ -507,8 +506,7 @@ template uint32_t UltraCircuitConstructor_::put_constant } } -template -plookup::BasicTable& UltraCircuitConstructor_::get_table(const plookup::BasicTableId id) +template plookup::BasicTable& UltraCircuitConstructor_::get_table(const plookup::BasicTableId id) { for (plookup::BasicTable& table : lookup_tables) { if (table.id == id) { @@ -524,10 +522,10 @@ plookup::BasicTable& UltraCircuitConstructor_::get_table(const plookup::B * @brief Perform a series of lookups, one for each 'row' in read_values. */ -template -plookup::ReadData UltraCircuitConstructor_::create_gates_from_plookup_accumulators( +template +plookup::ReadData UltraCircuitConstructor_::create_gates_from_plookup_accumulators( const plookup::MultiTableId& id, - const plookup::ReadData& read_values, + const plookup::ReadData& read_values, const uint32_t key_a_index, std::optional key_b_index) { @@ -550,8 +548,8 @@ plookup::ReadData UltraCircuitConstructor_::create_gates_from_p read_data[plookup::ColumnIdx::C3].push_back(third_idx); this->assert_valid_variables({ first_idx, second_idx, third_idx }); - q_lookup_type.emplace_back(fr(1)); - q_3.emplace_back(fr(table.table_index)); + q_lookup_type.emplace_back(FF(1)); + q_3.emplace_back(FF(table.table_index)); w_l.emplace_back(first_idx); w_r.emplace_back(second_idx); w_o.emplace_back(third_idx); @@ -573,8 +571,8 @@ plookup::ReadData UltraCircuitConstructor_::create_gates_from_p /** * this->Generalized Permutation this->Methods **/ -this->template -UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list( +template +typename UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list( const uint64_t target_range) { RangeList result; @@ -607,11 +605,11 @@ UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::crea // range constraint a value by decomposing it into limbs whose size should be the default range constraint size -template -std::vector UltraCircuitConstructor_::decompose_into_default_range(const uint32_t variable_index, - const uint64_t num_bits, - const uint64_t target_range_bitnum, - std::string const& msg) +template +std::vector UltraCircuitConstructor_::decompose_into_default_range(const uint32_t variable_index, + const uint64_t num_bits, + const uint64_t target_range_bitnum, + std::string const& msg) { this->assert_valid_variables({ variable_index }); @@ -620,8 +618,8 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra uint256_t val = (uint256_t)(this->get_variable(variable_index)); // If the value is out of range, set the composer error to the given msg. - if (val.get_msb() >= num_bits && !failed()) { - failure(msg); + if (val.get_msb() >= num_bits && !this->failed()) { + this->failure(msg); } const uint64_t sublimb_mask = (1ULL << target_range_bitnum) - 1; @@ -681,9 +679,9 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra real_limbs[2] ? sublimbs[3 * i + 2] : 0, }; const uint32_t new_limbs[3]{ - real_limbs[0] ? sublimb_indices[3 * i] this-> : zero_idx, - real_limbs[1] ? sublimb_indices[3 * i + 1] this-> : zero_idx, - real_limbs[2] ? sublimb_indices[3 * i + 2] this-> : zero_idx, + real_limbs[0] ? sublimb_indices[3 * i] : this->zero_idx, + real_limbs[1] ? sublimb_indices[3 * i + 1] : this->zero_idx, + real_limbs[2] ? sublimb_indices[3 * i + 2] : this->zero_idx, }; const uint64_t shifts[3]{ target_range_bitnum * (3 * i), @@ -722,22 +720,22 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra * @param variable_index * @param target_range */ -template -void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t variable_index, - const uint64_t target_range, - std::string const msg) +template +void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t variable_index, + const uint64_t target_range, + std::string const msg) { if (uint256_t(this->get_variable(variable_index)).data[0] > target_range) { - if (!failed()) { - failure(msg); + if (!this->failed()) { + this->failure(msg); } } if (range_lists.count(target_range) == 0) { range_lists.insert({ target_range, create_range_list(target_range) }); } - const auto existing_tag = real_variable_tags[real_variable_index[variable_index]]; + const auto existing_tag = this->real_variable_tags[this->real_variable_index[variable_index]]; auto& list = range_lists[target_range]; // If the variable's tag matches the target range list's tag, do nothing. @@ -759,7 +757,7 @@ void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t const uint32_t copied_witness = this->add_variable(this->get_variable(variable_index)); create_add_gate({ .a = variable_index, .b = copied_witness, - .c this->= zero_idx, + .c = this->zero_idx, .a_scaling = 1, .b_scaling = -1, .c_scaling = 0, @@ -777,9 +775,9 @@ void UltraCircuitConstructor_::create_new_range_constraint(const uint32_t } } -template void UltraCircuitConstructor_::process_range_list(RangeList& list) +template void UltraCircuitConstructor_::process_range_list(RangeList& list) { - assert_valid_variables(list.variable_indices); + this->assert_valid_variables(list.variable_indices); ASSERT(list.variable_indices.size() > 0); @@ -787,7 +785,7 @@ template void UltraCircuitConstructor_::process_range_li // applied on a variable after it was range constrained, this makes sure the indices in list point to the updated // index in the range list so the set equivalence does not fail for (uint32_t& x : list.variable_indices) { - x = real_variable_index[x]; + x = this->real_variable_index[x]; } // remove duplicate witness indices to prevent the sorted list set size being wrong! std::sort(list.variable_indices.begin(), list.variable_indices.end()); @@ -831,7 +829,7 @@ template void UltraCircuitConstructor_::process_range_li create_sort_constraint_with_edges(indices, 0, list.target_range); } -template void UltraCircuitConstructor_::process_range_lists() +template void UltraCircuitConstructor_::process_range_lists() { for (auto& i : range_lists) { process_range_list(i.second); @@ -851,12 +849,12 @@ template void UltraCircuitConstructor_::process_range_li * std::map range_lists; */ // Check for a sequence of variables that neighboring differences are at most 3 (used for batched range checkj) -template -void UltraCircuitConstructor_::create_sort_constraint(const std::vector& variable_index) +template +void UltraCircuitConstructor_::create_sort_constraint(const std::vector& variable_index) { constexpr size_t gate_width = plonk::ultra_settings::program_width; ASSERT(variable_index.size() % gate_width == 0); - assert_valid_variables(variable_index); + this->assert_valid_variables(variable_index); for (size_t i = 0; i < variable_index.size(); i += gate_width) { @@ -868,8 +866,8 @@ void UltraCircuitConstructor_::create_sort_constraint(const std::vector); - q_c.this->emplace_back(0) this->; + q_3.emplace_back(0); + q_c.emplace_back(0); q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -886,8 +884,8 @@ void UltraCircuitConstructor_::create_sort_constraint(const std::vector); - q_c.this->emplace_back(0) this->; + q_3.emplace_back(0); + q_c.emplace_back(0); q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(0); @@ -898,17 +896,17 @@ void UltraCircuitConstructor_::create_sort_constraint(const std::vector -void UltraCircuitConstructor_::create_dummy_constraints(const std::vector& variable_index) +template +void UltraCircuitConstructor_::create_dummy_constraints(const std::vector& variable_index) { std::vector padded_list = variable_index; constexpr size_t gate_width = plonk::ultra_settings::program_width; const uint64_t padding = (gate_width - (padded_list.size() % gate_width)) % gate_width; for (uint64_t i = 0; i < padding; ++i) { - padded_list.emplace_back(zero_idx); + padded_list.emplace_back(this->zero_idx); } - assert_valid_variables(variable_index); - assert_valid_variables(padded_list); + this->assert_valid_variables(variable_index); + this->assert_valid_variables(padded_list); for (size_t i = 0; i < padded_list.size(); i += gate_width) { w_l.emplace_back(padded_list[i]); @@ -919,8 +917,8 @@ void UltraCircuitConstructor_::create_dummy_constraints(const std::vector q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0this->); - q_c.this->emplace_back(0) this->; + q_3.emplace_back(0); + q_c.emplace_back(0); q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(0); @@ -931,15 +929,15 @@ void UltraCircuitConstructor_::create_dummy_constraints(const std::vector } // Check for a sequence of variables that neighboring differences are at most 3 (used for batched range checks) -template -void UltraCircuitConstructor_::create_sort_constraint_with_edges(const std::vector& variable_index, - const fr& start, - const fr& end) +template +void UltraCircuitConstructor_::create_sort_constraint_with_edges(const std::vector& variable_index, + const FF& start, + const FF& end) { // Convenient to assume size is at least 8 (gate_width = 4) for separate gates for start and end conditions constexpr size_t gate_width = plonk::ultra_settings::program_width; ASSERT(variable_index.size() % gate_width == 0 && variable_index.size() > gate_width); - assert_valid_variables(variable_index); + this->assert_valid_variables(variable_index); // enforce range checks of first row and starting at start w_l.emplace_back(variable_index[0]); @@ -950,8 +948,8 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st q_m.emplace_back(0); q_1.emplace_back(1); q_2.emplace_back(0); - q_3.emplace_back(0this->); - q_c.this->emplace_back(-sthis->tart); + q_3.emplace_back(0); + q_c.emplace_back(-start); q_arith.emplace_back(1); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -969,8 +967,8 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0this->); - q_c.this->emplace_back(0) this->; + q_3.emplace_back(0); + q_c.emplace_back(0); q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -988,8 +986,8 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); - q_3.emplace_back(0this->); - q_c.this->emplace_back(0) this->; + q_3.emplace_back(0); + q_c.emplace_back(0); q_arith.emplace_back(0); q_4.emplace_back(0); q_sort.emplace_back(1); @@ -1001,15 +999,15 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st // dummy gate needed because of sort widget's check of next row // use this gate to check end condition w_l.emplace_back(variable_index[variable_index.size() - 1]); - w_r.emplace_back(zero_idx); - w_o.emplace_back(zero_idx); - w_4.emplace_back(zero_idx); + w_r.emplace_back(this->zero_idx); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(this->zero_idx); ++this->num_gates; q_m.emplace_back(0); q_1.emplace_back(1); q_2.emplace_back(0); - q_3.emplace_back(0this->); - q_c.this->emplace_back(-ethis->nd); + q_3.emplace_back(0); + q_c.emplace_back(-end); q_arith.emplace_back(1); q_4.emplace_back(0); q_sort.emplace_back(0); @@ -1020,8 +1018,8 @@ void UltraCircuitConstructor_::create_sort_constraint_with_edges(const st // range constraint a value by decomposing it into limbs whose size should be the default range constraint size -template -std::vector UltraCircuitConstructor_::decompose_into_default_range_better_for_oddlimbnum( +template +std::vector UltraCircuitConstructor_::decompose_into_default_range_better_for_oddlimbnum( const uint32_t variable_index, const size_t num_bits, std::string const& msg) { std::vector sums; @@ -1036,40 +1034,40 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra const uint256_t val = (uint256_t)(this->get_variable(variable_index)); // check witness value is indeed in range (commented out cause interferes with negative tests) - // ASSERT(val < ((uint256_t)1 << num_bits) - 1); // Q:ask Zac what happens with wrapping when converting fr to + // ASSERT(val < ((uint256_t)1 << num_bits) - 1); // Q:ask Zac what happens with wrapping when converting FF to // uint256 // ASSERT(limb_num % 3 == 0); // TODO: write version of method that doesn't need this std::vector val_limbs; std::vector val_slices; for (size_t i = 0; i < limb_num; i++) { val_slices.emplace_back( - barretenberg::fr(val.slice(DEFAULT_PLOOKUP_RANGE_BITNUM * i, DEFAULT_PLOOKUP_RANGE_BITNUM * (i + 1) - 1))); + FF(val.slice(DEFAULT_PLOOKUP_RANGE_BITNUM * i, DEFAULT_PLOOKUP_RANGE_BITNUM * (i + 1) - 1))); val_limbs.emplace_back(this->add_variable(val_slices[i])); create_new_range_constraint(val_limbs[i], DEFAULT_PLOOKUP_RANGE_SIZE); } uint64_t last_limb_range = ((uint64_t)1 << last_limb_size) - 1; - fr last_slice(0); - uint32_t last_limb(zero_idx); + FF last_slice(0); + uint32_t last_limb(this->zero_idx); size_t total_limb_num = limb_num; if (last_limb_size > 0) { - val_slices.emplace_back(fr(val.slice(num_bits - last_limb_size, num_bits))); + val_slices.emplace_back(FF(val.slice(num_bits - last_limb_size, num_bits))); val_limbs.emplace_back(this->add_variable(last_slice)); create_new_range_constraint(last_limb, last_limb_range); total_limb_num++; } // pad slices and limbs in case they are not 2 mod 3 if (total_limb_num % 3 == 1) { - val_limbs.emplace_back(zero_idx); // TODO: check this is zero + val_limbs.emplace_back(this->zero_idx); // TODO: check this is zero val_slices.emplace_back(0); total_limb_num++; } - fr shift = fr(1 << DEFAULT_PLOOKUP_RANGE_BITNUM); - fr second_shift = shift * shift; + FF shift = FF(1 << DEFAULT_PLOOKUP_RANGE_BITNUM); + FF second_shift = shift * shift; sums.emplace_back(this->add_variable(val_slices[0] + shift * val_slices[1] + second_shift * val_slices[2])); create_big_add_gate({ val_limbs[0], val_limbs[1], val_limbs[2], sums[0], 1, shift, second_shift, -1, 0 }); - fr cur_shift = (shift * second_shift); - fr cur_second_shift = cur_shift * shift; + FF cur_shift = (shift * second_shift); + FF cur_second_shift = cur_shift * shift; for (size_t i = 3; i < total_limb_num; i = i + 2) { sums.emplace_back(this->add_variable(this->get_variable(sums[sums.size() - 1]) + cur_shift * val_slices[i] + cur_second_shift * val_slices[i + 1])); @@ -1085,7 +1083,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra cur_shift *= second_shift; cur_second_shift *= second_shift; } - assert_equal(sums[sums.size() - 1], variable_index, msg); + this->assert_equal(sums[sums.size() - 1], variable_index, msg); return sums; } @@ -1116,7 +1114,7 @@ std::vector UltraCircuitConstructor_::decompose_into_default_ra * * @param type */ -template void UltraCircuitConstructor_::apply_aux_selectors(const AUX_SELECTORS type) +template void UltraCircuitConstructor_::apply_aux_selectors(const AUX_SELECTORS type) { q_aux.emplace_back(type == AUX_SELECTORS::NONE ? 0 : 1); q_sort.emplace_back(0); @@ -1276,11 +1274,11 @@ template void UltraCircuitConstructor_::apply_aux_select * Applies range constraints to two 70-bit limbs, splititng each into 5 14-bit sublimbs. * We can efficiently chain together two 70-bit limb checks in 3 gates, using auxiliary gates **/ -template -void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_idx, - const uint32_t hi_idx, - const size_t lo_limb_bits, - const size_t hi_limb_bits) +template +void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_idx, + const uint32_t hi_idx, + const size_t lo_limb_bits, + const size_t hi_limb_bits) { // Validate limbs are <= 70 bits. If limbs are larger we require more witnesses and cannot use our limb accumulation // custom gate @@ -1292,14 +1290,18 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t l const uint256_t limb = this->get_variable(limb_idx); // we can use constant 2^14 - 1 mask here. If the sublimb value exceeds the expected value then witness will // fail the range check below - // We also use zero_idx to substitute variables that should be zero + // We also use this->zero_idx to substitute variables that should be zero constexpr uint256_t MAX_SUBLIMB_MASK = (uint256_t(1) << 14) - 1; std::array sublimb_indices; - sublimb_indices[0] = sublimb_masks[0] != 0 ? this->add_variable(limb & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[1] = sublimb_masks[1] != 0 ? add_variablethis->((limb >> 14) & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[2] = sublimb_masks[2] != 0 ? add_variablethis->((limb >> 28) & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[3] = sublimb_masks[3] != 0 ? add_variablethis->((limb >> 42) & MAX_SUBLIMB_MASK) : zero_idx; - sublimb_indices[4] = sublimb_masks[4] != 0 ? add_variablethis->((limb >> 56) & MAX_SUBLIMB_MASK) : zero_idx; + sublimb_indices[0] = sublimb_masks[0] != 0 ? this->add_variable(limb & MAX_SUBLIMB_MASK) : this->zero_idx; + sublimb_indices[1] = + sublimb_masks[1] != 0 ? this->add_variable((limb >> 14) & MAX_SUBLIMB_MASK) : this->zero_idx; + sublimb_indices[2] = + sublimb_masks[2] != 0 ? this->add_variable((limb >> 28) & MAX_SUBLIMB_MASK) : this->zero_idx; + sublimb_indices[3] = + sublimb_masks[3] != 0 ? this->add_variable((limb >> 42) & MAX_SUBLIMB_MASK) : this->zero_idx; + sublimb_indices[4] = + sublimb_masks[4] != 0 ? this->add_variable((limb >> 56) & MAX_SUBLIMB_MASK) : this->zero_idx; return sublimb_indices; }; @@ -1344,7 +1346,7 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t l for (size_t i = 0; i < 5; i++) { if (lo_masks[i] != 0) { - create_new_range_constraint(lo_sublimbs[this->i], this->lo_masks[i] this->); + create_new_range_constraint(lo_sublimbs[i], lo_masks[i]); } if (hi_masks[i] != 0) { create_new_range_constraint(hi_sublimbs[i], hi_masks[i]); @@ -1363,12 +1365,12 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t l * @return std::array The indices of new limbs. */ -template -std::array UltraCircuitConstructor_::decompose_non_native_field_double_width_limb( +template +std::array UltraCircuitConstructor_::decompose_non_native_field_double_width_limb( const uint32_t limb_idx, const size_t num_limb_bits) { - ASSERT(uint256_t(get_variable_reference(limb_idx)) < (uint256_t(1) << num_limb_bits)); - constexpr barretenberg::fr LIMB_MASK = (uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) - 1; + ASSERT(uint256_t(this->get_variable_reference(limb_idx)) < (uint256_t(1) << num_limb_bits)); + constexpr FF LIMB_MASK = (uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) - 1; const uint256_t value = this->get_variable(limb_idx); const uint256_t low = value & LIMB_MASK; const uint256_t hi = value >> DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; @@ -1402,8 +1404,8 @@ std::array UltraCircuitConstructor_::decompose_non_native_fi * N.B.: This method does NOT evaluate the prime field component of non-native field multiplications. **/ -template -std::array UltraCircuitConstructor_::evaluate_non_native_field_multiplication( +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_multiplication( const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder) { @@ -1431,26 +1433,24 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie this->get_variable(input.r[2]), this->get_variable(input.r[3]), }; - constexpr barretenberg::fr LIMB_SHIFT = uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; - constexpr barretenberg::fr LIMB_SHIFT_2 = uint256_t(1) << (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); - constexpr barretenberg::fr LIMB_SHIFT_3 = uint256_t(1) << (3 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); - constexpr barretenberg::fr LIMB_RSHIFT = - barretenberg::fr(1) / barretenberg::fr(uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); - constexpr barretenberg::fr LIMB_RSHIFT_2 = - barretenberg::fr(1) / barretenberg::fr(uint256_t(1) << (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)); - - barretenberg::fr lo_0 = a[0] * b[0] - r[0] + (a[1] * b[0] + a[0] * b[1]) * LIMB_SHIFT; - barretenberg::fr lo_1 = (lo_0 + q[0] * input.neg_modulus[0] + - (q[1] * input.neg_modulus[0] + q[0] * input.neg_modulus[1] - r[1]) * LIMB_SHIFT) * - LIMB_RSHIFT_2; - - barretenberg::fr hi_0 = a[2] * b[0] + a[0] * b[2] + (a[0] * b[3] + a[3] * b[0] - r[3]) * LIMB_SHIFT; - barretenberg::fr hi_1 = hi_0 + a[1] * b[1] - r[2] + (a[1] * b[2] + a[2] * b[1]) * LIMB_SHIFT; - barretenberg::fr hi_2 = (hi_1 + lo_1 + q[2] * input.neg_modulus[0] + - (q[3] * input.neg_modulus[0] + q[2] * input.neg_modulus[1]) * LIMB_SHIFT); - barretenberg::fr hi_3 = (hi_2 + (q[0] * input.neg_modulus[3] + q[1] * input.neg_modulus[2]) * LIMB_SHIFT + - (q[0] * input.neg_modulus[2] + q[1] * input.neg_modulus[1])) * - LIMB_RSHIFT_2; + constexpr FF LIMB_SHIFT = uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; + constexpr FF LIMB_SHIFT_2 = uint256_t(1) << (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); + constexpr FF LIMB_SHIFT_3 = uint256_t(1) << (3 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); + constexpr FF LIMB_RSHIFT = FF(1) / FF(uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); + constexpr FF LIMB_RSHIFT_2 = FF(1) / FF(uint256_t(1) << (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)); + + FF lo_0 = a[0] * b[0] - r[0] + (a[1] * b[0] + a[0] * b[1]) * LIMB_SHIFT; + FF lo_1 = (lo_0 + q[0] * input.neg_modulus[0] + + (q[1] * input.neg_modulus[0] + q[0] * input.neg_modulus[1] - r[1]) * LIMB_SHIFT) * + LIMB_RSHIFT_2; + + FF hi_0 = a[2] * b[0] + a[0] * b[2] + (a[0] * b[3] + a[3] * b[0] - r[3]) * LIMB_SHIFT; + FF hi_1 = hi_0 + a[1] * b[1] - r[2] + (a[1] * b[2] + a[2] * b[1]) * LIMB_SHIFT; + FF hi_2 = (hi_1 + lo_1 + q[2] * input.neg_modulus[0] + + (q[3] * input.neg_modulus[0] + q[2] * input.neg_modulus[1]) * LIMB_SHIFT); + FF hi_3 = (hi_2 + (q[0] * input.neg_modulus[3] + q[1] * input.neg_modulus[2]) * LIMB_SHIFT + + (q[0] * input.neg_modulus[2] + q[1] * input.neg_modulus[1])) * + LIMB_RSHIFT_2; const uint32_t lo_0_idx = this->add_variable(lo_0); const uint32_t lo_1_idx = this->add_variable(lo_1); @@ -1506,20 +1506,20 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie w_l.emplace_back(input.a[0]); w_r.emplace_back(input.b[0]); w_o.emplace_back(input.a[3]); - w_4.emplace_back(input.this->b[3this->]); - apply_aux_selectors(this->AUX_SELECTORS::NON_NATIVE_FIELD_2); + w_4.emplace_back(input.b[3]); + apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_2); ++this->num_gates; w_l.emplace_back(input.a[2]); w_r.emplace_back(input.b[2]); w_o.emplace_back(input.r[3]); - w_4.emplace_back(hi_0_idxthis->); - apply_aux_selectors(this->AUX_SELECTORS::Nthis->ON_NATIVE_FIELD_3); + w_4.emplace_back(hi_0_idx); + apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_3); ++this->num_gates; w_l.emplace_back(input.a[1]); w_r.emplace_back(input.b[1]); w_o.emplace_back(input.r[2]); - w_4.emplace_back(hi_1_idxthis->); - apply_aux_selectors(this->AUX_SELECTORS::Nthis->ONE); + w_4.emplace_back(hi_1_idx); + apply_aux_selectors(AUX_SELECTORS::NONE); ++this->num_gates; /** @@ -1567,13 +1567,13 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie * Iterates over the cached_non_native_field_multiplication objects, * removes duplicates, and instantiates the remainder as constraints` */ -template void UltraCircuitConstructor_::process_non_native_field_multiplications() +template void UltraCircuitConstructor_::process_non_native_field_multiplications() { for (size_t i = 0; i < cached_partial_non_native_field_multiplications.size(); ++i) { auto& c = cached_partial_non_native_field_multiplications[i]; for (size_t j = 0; j < 5; ++j) { - c.a[j] = real_variable_index[c.a[j]]; - c.b[j] = real_variable_index[c.b[j]]; + c.a[j] = this->real_variable_index[c.a[j]]; + c.b[j] = this->real_variable_index[c.b[j]]; } } std::sort(cached_partial_non_native_field_multiplications.begin(), @@ -1590,27 +1590,27 @@ template void UltraCircuitConstructor_::process_non_nati w_l.emplace_back(input.a[1]); w_r.emplace_back(input.b[1]); - w_o.emplace_back(zero_idx); + w_o.emplace_back(this->zero_idx); w_4.emplace_back(input.lo_0); apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_1); ++this->num_gates; w_l.emplace_back(input.a[0]); w_r.emplace_back(input.b[0]); w_o.emplace_back(input.a[3]); - w_4.emplace_back(input.this->b[3this->]); - apply_aux_selectors(this->AUX_SELECTORS::NON_NATIVE_FIELD_2); + w_4.emplace_back(input.b[3]); + apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_2); ++this->num_gates; w_l.emplace_back(input.a[2]); w_r.emplace_back(input.b[2]); - w_o.emplace_back(zero_idx); - w_4.emplace_back(input.this->hi_0); - this->apply_aux_selectors(AUX_SELECTORS : this-> : NON_NATIVE_FIELD_3); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(input.hi_0); + apply_aux_selectors(AUX_SELECTORS::NON_NATIVE_FIELD_3); ++this->num_gates; w_l.emplace_back(input.a[1]); w_r.emplace_back(input.b[1]); - w_o.emplace_back(zero_idx); - w_4.emplace_back(input.this->hi_1); - this->apply_aux_selectors(AUX_SELECTORS : this-> : NONE); + w_o.emplace_back(this->zero_idx); + w_4.emplace_back(input.hi_1); + apply_aux_selectors(AUX_SELECTORS::NONE); ++this->num_gates; ++it; } @@ -1624,8 +1624,8 @@ template void UltraCircuitConstructor_::process_non_nati * **/ -template -std::array UltraCircuitConstructor_::queue_partial_non_native_field_multiplication( +template +std::array UltraCircuitConstructor_::queue_partial_non_native_field_multiplication( const non_native_field_witnesses& input) { @@ -1642,12 +1642,12 @@ std::array UltraCircuitConstructor_::queue_partial_non_nativ this->get_variable(input.b[3]), }; - constexpr barretenberg::fr LIMB_SHIFT = uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; + constexpr FF LIMB_SHIFT = uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS; - barretenberg::fr lo_0 = a[0] * b[0] + (a[1] * b[0] + a[0] * b[1]) * LIMB_SHIFT; + FF lo_0 = a[0] * b[0] + (a[1] * b[0] + a[0] * b[1]) * LIMB_SHIFT; - barretenberg::fr hi_0 = a[2] * b[0] + a[0] * b[2] + (a[0] * b[3] + a[3] * b[0]) * LIMB_SHIFT; - barretenberg::fr hi_1 = hi_0 + a[1] * b[1] + (a[1] * b[2] + a[2] * b[1]) * LIMB_SHIFT; + FF hi_0 = a[2] * b[0] + a[0] * b[2] + (a[0] * b[3] + a[3] * b[0]) * LIMB_SHIFT; + FF hi_1 = hi_0 + a[1] * b[1] + (a[1] * b[2] + a[2] * b[1]) * LIMB_SHIFT; const uint32_t lo_0_idx = this->add_variable(lo_0); const uint32_t hi_0_idx = this->add_variable(hi_0); @@ -1671,13 +1671,9 @@ std::array UltraCircuitConstructor_::queue_partial_non_nativ * field elements in 4 gates (would normally take 5) **/ -template -std::array UltraCircuitConstructor_::evaluate_non_native_field_addition( - add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp) +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_addition( + add_simple limb0, add_simple limb1, add_simple limb2, add_simple limb3, std::tuple limbp) { const auto& x_0 = std::get<0>(limb0).first; const auto& x_1 = std::get<0>(limb1).first; @@ -1750,7 +1746,7 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie w_l.emplace_back(x_3); w_r.emplace_back(y_3); w_o.emplace_back(z_3); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(addconstp); q_1.emplace_back(0); @@ -1798,13 +1794,9 @@ std::array UltraCircuitConstructor_::evaluate_non_native_fie }; } -template typename this->Curve> -this->std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( - add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp) +template +std::array UltraCircuitConstructor_::evaluate_non_native_field_subtraction( + add_simple limb0, add_simple limb1, add_simple limb2, add_simple limb3, std::tuple limbp) { const auto& x_0 = std::get<0>(limb0).first; const auto& x_1 = std::get<0>(limb1).first; @@ -1876,7 +1868,7 @@ this->std::array UltraCircuitConstructor_::evaluate_non_nati w_l.emplace_back(x_3); w_r.emplace_back(y_3); w_o.emplace_back(z_3); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); q_m.emplace_back(-addconstp); q_1.emplace_back(0); @@ -1929,7 +1921,7 @@ this->std::array UltraCircuitConstructor_::evaluate_non_nati * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_ROM_gate(RomRecord& record) +template void UltraCircuitConstructor_::create_ROM_gate(RomRecord& record) { // Record wire value can't yet be computed record.record_witness = this->add_variable(0); @@ -1949,7 +1941,7 @@ template void UltraCircuitConstructor_::create_ROM_gate( * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_sorted_ROM_gate(RomRecord& record) +template void UltraCircuitConstructor_::create_sorted_ROM_gate(RomRecord& record) { record.record_witness = this->add_variable(0); apply_aux_selectors(AUX_SELECTORS::ROM_CONSISTENCY_CHECK); @@ -1972,7 +1964,7 @@ template void UltraCircuitConstructor_::create_sorted_RO * @return size_t The index of the element */ -template size_t UltraCircuitConstructor_::create_ROM_array(const size_t array_size) +template size_t UltraCircuitConstructor_::create_ROM_array(const size_t array_size) { RomTranscript new_transcript; for (size_t i = 0; i < array_size; ++i) { @@ -1989,7 +1981,7 @@ template size_t UltraCircuitConstructor_::create_ROM_arr * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_RAM_gate(RamRecord& record) +template void UltraCircuitConstructor_::create_RAM_gate(RamRecord& record) { // Record wire value can't yet be computed (uses randomnes generated during proof construction). // However it needs a distinct witness index, @@ -2014,7 +2006,7 @@ template void UltraCircuitConstructor_::create_RAM_gate( * * @param record Stores details of this read operation. Mutated by this fn! */ -template void UltraCircuitConstructor_::create_sorted_RAM_gate(RamRecord& record) +template void UltraCircuitConstructor_::create_sorted_RAM_gate(RamRecord& record) { record.record_witness = this->add_variable(0); apply_aux_selectors(AUX_SELECTORS::RAM_CONSISTENCY_CHECK); @@ -2032,8 +2024,8 @@ template void UltraCircuitConstructor_::create_sorted_RA * * @param record Stores details of this read operation. Mutated by this fn! */ -template -void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) +template +void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& record, const size_t ram_array_size) { record.record_witness = this->add_variable(0); record.gate_index = this->num_gates; @@ -2041,13 +2033,13 @@ void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& re create_big_add_gate({ record.index_witness, record.timestamp_witness, - this->record.this->value_witness, - this->record.record_witness, + record.value_witness, + record.record_witness, 1, 0, 0, 0, - -fr((uint64_t)ram_array_size - 1), + -FF((uint64_t)ram_array_size - 1), }); } @@ -2061,7 +2053,7 @@ void UltraCircuitConstructor_::create_final_sorted_RAM_gate(RamRecord& re * @param array_size The size of region in elements * @return size_t The index of the element */ -size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size) +template size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size) { RamTranscript new_transcript; for (size_t i = 0; i < array_size; ++i) { @@ -2078,14 +2070,14 @@ size_t UltraCircuitConstructor_::create_RAM_array(const size_t array_size * @param index_value The index of the cell within the array (an actual index, not a witness index) * @param value_witness The index of the witness with the value that should be in the */ -template -void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, - const size_t index_value, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, + const size_t index_value, + const uint32_t value_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; - const uint32_t index_witness = (index_value == 0) ? zero_idx : put_constant_variable((uint64_t)index_value); + const uint32_t index_witness = (index_value == 0) ? this->zero_idx : put_constant_variable((uint64_t)index_value); ASSERT(ram_array.state.size() > index_value); ASSERT(ram_array.state[index_value] == UNINITIALIZED_MEMORY_RECORD); RamRecord new_record{ .index_witness = index_witness, @@ -2102,8 +2094,8 @@ void UltraCircuitConstructor_::init_RAM_element(const size_t ram_id, ram_array.records.emplace_back(new_record); } -template -uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, const uint32_t index_witness) +template +uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, const uint32_t index_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2131,10 +2123,10 @@ uint32_t UltraCircuitConstructor_::read_RAM_array(const size_t ram_id, co return value_witness; } -template -void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, - const uint32_t index_witness, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, + const uint32_t index_witness, + const uint32_t value_witness) { ASSERT(ram_arrays.size() > ram_id); RamTranscript& ram_array = ram_arrays[ram_id]; @@ -2174,14 +2166,14 @@ void UltraCircuitConstructor_::write_RAM_array(const size_t ram_id, * @param index_value The index of the cell within the array (an actual index, not a witness index) * @param value_witness The index of the witness with the value that should be in the */ -template -void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, - const size_t index_value, - const uint32_t value_witness) +template +void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, + const size_t index_value, + const uint32_t value_witness) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; - const uint32_t index_witness = (index_value == 0) ? zero_idx : put_constant_variable((uint64_t)index_value); + const uint32_t index_witness = (index_value == 0) ? this->zero_idx : put_constant_variable((uint64_t)index_value); ASSERT(rom_array.state.size() > index_value); ASSERT(rom_array.state[index_value][0] == UNINITIALIZED_MEMORY_RECORD); /** @@ -2199,13 +2191,13 @@ void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, RomRecord new_record{ .index_witness = index_witness, .value_column1_witness = value_witness, - .value_column2_witness = zero_idx, + .value_column2_witness = this->zero_idx, .index = static_cast(index_value), .record_witness = 0, .gate_index = 0, }; rom_array.state[index_value][0] = value_witness; - rom_array.state[index_value][1] = zero_idx; + rom_array.state[index_value][1] = this->zero_idx; create_ROM_gate(new_record); rom_array.records.emplace_back(new_record); } @@ -2217,14 +2209,14 @@ void UltraCircuitConstructor_::set_ROM_element(const size_t rom_id, * @param index_value Index in the array * @param value_witnesses The witnesses to put in the slot */ -template -void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, - const size_t index_value, - const std::array& value_witnesses) +template +void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, + const size_t index_value, + const std::array& value_witnesses) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; - const uint32_t index_witness = (index_value == 0) ? zero_idx : put_constant_variable((uint64_t)index_value); + const uint32_t index_witness = (index_value == 0) ? this->zero_idx : put_constant_variable((uint64_t)index_value); ASSERT(rom_array.state.size() > index_value); ASSERT(rom_array.state[index_value][0] == UNINITIALIZED_MEMORY_RECORD); RomRecord new_record{ @@ -2248,8 +2240,8 @@ void UltraCircuitConstructor_::set_ROM_element_pair(const size_t rom_id, * @param index_witness The witness with the index inside the array * @return uint32_t Cell value witness index */ -template -uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, const uint32_t index_witness) +template +uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, const uint32_t index_witness) { ASSERT(rom_arrays.size() > rom_id); RomTranscript& rom_array = rom_arrays[rom_id]; @@ -2261,7 +2253,7 @@ uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, co RomRecord new_record{ .index_witness = index_witness, .value_column1_witness = value_witness, - .value_column2_witness = zero_idx, + .value_column2_witness = this->zero_idx, .index = index, .record_witness = 0, .gate_index = 0, @@ -2281,9 +2273,9 @@ uint32_t UltraCircuitConstructor_::read_ROM_array(const size_t rom_id, co * @return std::array A pair of indexes of witness variables of cell values */ -template -std::array UltraCircuitConstructor_::read_ROM_array_pair(const size_t rom_id, - const uint32_t index_witness) +template +std::array UltraCircuitConstructor_::read_ROM_array_pair(const size_t rom_id, + const uint32_t index_witness) { std::array value_witnesses; @@ -2318,9 +2310,13 @@ std::array UltraCircuitConstructor_::read_ROM_array_pair(con * @param rom_id The id of the ROM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ +<<<<<<< HEAD template void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, const size_t gate_offset_from_public_inputs) +======= +template void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id) +>>>>>>> 4096cc77... mess that works { auto& rom_array = rom_arrays[rom_id]; @@ -2332,7 +2328,7 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, // Make sure that every cell has been initialized for (size_t i = 0; i < rom_array.state.size(); ++i) { if (rom_array.state[i][0] == UNINITIALIZED_MEMORY_RECORD) { - set_ROM_element_pair(rom_id, static_cast(i), { zero_idx, zero_idx }); + set_ROM_element_pair(rom_id, static_cast(i), { this->zero_idx, this->zero_idx }); } } @@ -2346,7 +2342,7 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, const auto index = record.index; const auto value1 = this->get_variable(record.value_column1_witness); const auto value2 = this->get_variable(record.value_column2_witness); - const auto index_witness = this->add_variable(fr((uint64_t)index)); + const auto index_witness = this->add_variable(FF((uint64_t)index)); const auto value1_witness = this->add_variable(value1); const auto value2_witness = this->add_variable(value2); RomRecord sorted_record{ @@ -2381,14 +2377,14 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, // If we add a dummy gate at the end of the sorted list, where we force the first wire to // equal `m + 1`, where `m` is the maximum allowed index in the sorted list, // we have validated that all ROM reads are correctly constrained - fr max_index_value((uint64_t)rom_array.state.size()); + FF max_index_value((uint64_t)rom_array.state.size()); uint32_t max_index = this->add_variable(max_index_value); create_big_add_gate( { max_index, - zero_idx, - zero_idx, - zero_idx, + this->zero_idx, + this->zero_idx, + this->zero_idx, 1, 0, 0, @@ -2397,7 +2393,7 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, }, false); // N.B. If the above check holds, we know the sorted list begins with an index value of 0, - // because the first cell is explicitly initialized using zero_idx as the index field. + // because the first cell is explicitly initialized using this->zero_idx as the index field. } /** @@ -2406,9 +2402,13 @@ void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, * @param ram_id The id of the RAM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ +<<<<<<< HEAD template void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const size_t gate_offset_from_public_inputs) +======= +template void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id) +>>>>>>> 4096cc77... mess that works { RamTranscript& ram_array = ram_arrays[ram_id]; const auto access_tag = get_new_tag(); // current_tag + 1; @@ -2422,7 +2422,7 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, // different public iputs will produce different circuit constraints. for (size_t i = 0; i < ram_array.state.size(); ++i) { if (ram_array.state[i] == UNINITIALIZED_MEMORY_RECORD) { - init_RAM_element(ram_id, static_cast(i), zero_idx); + init_RAM_element(ram_id, static_cast(i), this->zero_idx); } } @@ -2440,7 +2440,7 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const auto index = record.index; const auto value = this->get_variable(record.value_witness); - const auto index_witness = this->add_variable(fr((uint64_t)index)); + const auto index_witness = this->add_variable(FF((uint64_t)index)); const auto timestamp_witess = this->add_variable(record.timestamp); const auto value_witness = this->add_variable(value); RamRecord sorted_record{ @@ -2507,10 +2507,10 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, const bool share_index = current.index == next.index; - fr timestamp_delta = 0; + FF timestamp_delta = 0; if (share_index) { ASSERT(next.timestamp > current.timestamp); - timestamp_delta = fr(next.timestamp - current.timestamp); + timestamp_delta = FF(next.timestamp - current.timestamp); } uint32_t timestamp_delta_witness = this->add_variable(timestamp_delta); @@ -2519,23 +2519,22 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, w_l.emplace_back(current.index_witness); w_r.emplace_back(current.timestamp_witness); w_o.emplace_back(timestamp_delta_witness); - w_4.emplace_back(zero_idx); + w_4.emplace_back(this->zero_idx); ++this->num_gates; // store timestamp offsets for later. Need to apply range checks to them, but calling // `create_new_range_constraint` can add gates. Would ruin the structure of our sorted timestamp list. - timestamp_deltas.push_back(this->timestamp_delta_witness); - this-> + timestamp_deltas.push_back(timestamp_delta_witness); } - this-> // add the index/timestamp values of the last sorted record in an empty add gate. - // (the previous gate will access the wires on this gate and requires them to be those of the last record) - const auto& last = sorted_ram_records[ram_array.records.size() - 1]; + // add the index/timestamp values of the last sorted record in an empty add gate. + // (the previous gate will access the wires on this gate and requires them to be those of the last record) + const auto& last = sorted_ram_records[ram_array.records.size() - 1]; create_big_add_gate({ last.index_witness, last.timestamp_witness, - zero_idx, - zero_idx, + this->zero_idx, + this->zero_idx, 0, 0, 0, @@ -2549,15 +2548,23 @@ void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, } } +<<<<<<< HEAD template void UltraCircuitConstructor_::process_ROM_arrays(const size_t gate_offset_from_public_inputs) +======= +template void UltraCircuitConstructor_::process_ROM_arrays() +>>>>>>> 4096cc77... mess that works { for (size_t i = 0; i < rom_arrays.size(); ++i) { process_ROM_array(i); } } +<<<<<<< HEAD template void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offset_from_public_inputs) +======= +template void UltraCircuitConstructor_::process_RAM_arrays() +>>>>>>> 4096cc77... mess that works { for (size_t i = 0; i < ram_arrays.size(); ++i) { process_RAM_array(i); @@ -2631,25 +2638,26 @@ void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offse * @param alpha * @return fr */ -inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arith_value, - fr q_1_value, - fr q_2_value, - fr q_3_value, - fr q_4_value, - fr q_m_value, - fr q_c_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha) const +template +inline FF UltraCircuitConstructor_::compute_arithmetic_identity(FF q_arith_value, + FF q_1_value, + FF q_2_value, + FF q_3_value, + FF q_4_value, + FF q_m_value, + FF q_c_value, + FF w_1_value, + FF w_2_value, + FF w_3_value, + FF w_4_value, + FF w_1_shifted_value, + FF w_4_shifted_value, + FF alpha_base, + FF alpha) const { - constexpr fr neg_half = fr(-2).invert(); + constexpr FF neg_half = FF(-2).invert(); // The main arithmetic identity that gets activated for q_arith_value == 1 - fr arithmetic_identity = w_2_value; + FF arithmetic_identity = w_2_value; arithmetic_identity *= q_m_value; arithmetic_identity *= (q_arith_value - 3); arithmetic_identity *= neg_half; @@ -2661,13 +2669,13 @@ inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arit arithmetic_identity += q_c_value; // The additional small addition identity - fr extra_small_addition_identity = w_1_value + w_4_value - w_1_shifted_value + q_m_value; + FF extra_small_addition_identity = w_1_value + w_4_value - w_1_shifted_value + q_m_value; extra_small_addition_identity *= alpha; extra_small_addition_identity *= (q_arith_value - 2); // The concatenation of small addition identity + shifted w_4 value that can be enabled separately + the main // arithemtic identity - fr final_identity = extra_small_addition_identity + w_4_shifted_value; + FF final_identity = extra_small_addition_identity + w_4_shifted_value; final_identity *= (q_arith_value - 1); final_identity += arithmetic_identity; final_identity *= q_arith_value; @@ -2695,27 +2703,28 @@ inline fr UltraCircuitConstructor_::compute_arithmetic_identity(fr q_arit * @param alpha * @return fr */ -inline fr UltraCircuitConstructor_::compute_genperm_sort_identity(fr q_sort_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr alpha_base, - fr alpha) const +template +inline FF UltraCircuitConstructor_::compute_genperm_sort_identity(FF q_sort_value, + FF w_1_value, + FF w_2_value, + FF w_3_value, + FF w_4_value, + FF w_1_shifted_value, + FF alpha_base, + FF alpha) const { // Power of alpha to separate individual delta relations // TODO(kesha): This is a repeated computation which can be efficiently optimized - const fr alpha_a = alpha_base; - const fr alpha_b = alpha_a * alpha; - const fr alpha_c = alpha_b * alpha; - const fr alpha_d = alpha_c * alpha; + const FF alpha_a = alpha_base; + const FF alpha_b = alpha_a * alpha; + const FF alpha_c = alpha_b * alpha; + const FF alpha_d = alpha_c * alpha; // (second - first)*(second - first - 1)*(second - first - 2)*(second - first - 3) - auto neighbour_difference = [](const fr first, const fr second) { - constexpr fr minus_two(-2); - constexpr fr minus_three(-3); - const fr delta = second - first; + auto neighbour_difference = [](const FF first, const FF second) { + constexpr FF minus_two(-2); + constexpr FF minus_three(-3); + const FF delta = second - first; return (delta.sqr() - delta) * (delta + minus_two) * (delta + minus_three); }; @@ -2790,37 +2799,38 @@ inline fr UltraCircuitConstructor_::compute_genperm_sort_identity(fr q_so * @param w_4_shifted_value y₃ * @return fr */ -inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_elliptic_value, - fr q_1_value, - fr q_3_value, - fr q_4_value, - fr w_2_value, - fr w_3_value, - fr w_1_shifted_value, - fr w_2_shifted_value, - fr w_3_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha) const +template +inline FF UltraCircuitConstructor_::compute_elliptic_identity(FF q_elliptic_value, + FF q_1_value, + FF q_3_value, + FF q_4_value, + FF w_2_value, + FF w_3_value, + FF w_1_shifted_value, + FF w_2_shifted_value, + FF w_3_shifted_value, + FF w_4_shifted_value, + FF alpha_base, + FF alpha) const { // TODO(kesha): Can this be implemented more efficiently? // It seems that Zac wanted to group the elements by selectors to use several linear terms initially, // but in the end we are using one, so there is no reason why we can't optimize computation in another way - const fr x_1 = w_2_value; - const fr y_1 = w_3_value; - const fr x_2 = w_1_shifted_value; - const fr y_2 = w_4_shifted_value; - const fr x_3 = w_2_shifted_value; - const fr y_3 = w_3_shifted_value; - const fr q_beta = q_3_value; - const fr q_beta_sqr = q_4_value; - const fr q_sign = q_1_value; - - fr beta_term = -x_2 * x_1 * (x_3 + x_3 + x_1); // -x_1 * x_2 * (2 * x_3 + x_1) - fr beta_sqr_term = x_2.sqr(); // x_2^2 - fr leftovers = beta_sqr_term; // x_2^2 + const FF x_1 = w_2_value; + const FF y_1 = w_3_value; + const FF x_2 = w_1_shifted_value; + const FF y_2 = w_4_shifted_value; + const FF x_3 = w_2_shifted_value; + const FF y_3 = w_3_shifted_value; + const FF q_beta = q_3_value; + const FF q_beta_sqr = q_4_value; + const FF q_sign = q_1_value; + + FF beta_term = -x_2 * x_1 * (x_3 + x_3 + x_1); // -x_1 * x_2 * (2 * x_3 + x_1) + FF beta_sqr_term = x_2.sqr(); // x_2^2 + FF leftovers = beta_sqr_term; // x_2^2 beta_sqr_term *= (x_3 - x_1); // x_2^2 * (x_3 - x_1) - fr sign_term = y_2 * y_1; // y_1 * y_2 + FF sign_term = y_2 * y_1; // y_1 * y_2 sign_term += sign_term; // 2 * y_1 * y_2 beta_term *= q_beta; // -β * x_1 * x_2 * (2 * x_3 + x_1) beta_sqr_term *= q_beta_sqr; // β^2 * x_2^2 * (x_3 - x_1) @@ -2830,7 +2840,7 @@ inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_ellipt leftovers -= (y_2.sqr() + y_1.sqr()); // x_2^3 + x_1 * (x_3 + x_1) - y_2^2 - y_1^2 // Can be found in class description - fr x_identity = beta_term + beta_sqr_term + sign_term + leftovers; + FF x_identity = beta_term + beta_sqr_term + sign_term + leftovers; x_identity *= alpha_base; beta_term = x_2 * (y_3 + y_1) * q_beta; // β * x_2 * (y_3 + y_1) @@ -2838,7 +2848,7 @@ inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_ellipt // TODO: remove extra additions if we decide to stay with this implementation leftovers = -x_1 * (y_3 + y_1) + y_1 * (x_1 - x_3); // -x_1 * y_3 - x_1 * y_1 + y_1 * x_1 - y_1 * x_3 - fr y_identity = beta_term + sign_term + leftovers; + FF y_identity = beta_term + sign_term + leftovers; y_identity *= alpha_base * alpha; return q_elliptic_value * (x_identity + y_identity); @@ -2875,29 +2885,30 @@ inline fr UltraCircuitConstructor_::compute_elliptic_identity(fr q_ellipt * */ -inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_value, - fr q_arith_value, - fr q_1_value, - fr q_2_value, - fr q_3_value, - fr q_4_value, - fr q_m_value, - fr q_c_value, - fr w_1_value, - fr w_2_value, - fr w_3_value, - fr w_4_value, - fr w_1_shifted_value, - fr w_2_shifted_value, - fr w_3_shifted_value, - fr w_4_shifted_value, - fr alpha_base, - fr alpha, - fr eta) const +template +inline FF UltraCircuitConstructor_::compute_auxilary_identity(FF q_aux_value, + FF q_arith_value, + FF q_1_value, + FF q_2_value, + FF q_3_value, + FF q_4_value, + FF q_m_value, + FF q_c_value, + FF w_1_value, + FF w_2_value, + FF w_3_value, + FF w_4_value, + FF w_1_shifted_value, + FF w_2_shifted_value, + FF w_3_shifted_value, + FF w_4_shifted_value, + FF alpha_base, + FF alpha, + FF eta) const { - constexpr barretenberg::fr LIMB_SIZE(uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); + constexpr FF LIMB_SIZE(uint256_t(1) << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS); // TODO(kesha): Replace with a constant defined in header - constexpr barretenberg::fr SUBLIMB_SHIFT(uint256_t(1) << 14); + constexpr FF SUBLIMB_SHIFT(uint256_t(1) << 14); // Non-native field arithmetic gate relations // a{a_0, ..., a_3}⋅b{b_0,...,b_3} + q{q_0,..., q_3}⋅neg_p{neg_p_0,...,neg_p_3} - r{r_0,...,r_3} = 0 mod 2²⁷² @@ -2906,10 +2917,10 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va // For native gate_1: limb_subproduct = a_1 ⋅ b_0 + a_0 ⋅ b_1 // For native gate_2: limb_subproduct = a_0 ⋅ b_2 + a_2 ⋅ b_0 // For native gate_3: limb_subproduct = a_2 ⋅ b_1 + a_1 ⋅ b_2 - fr limb_subproduct = w_1_value * w_2_shifted_value + w_1_shifted_value * w_2_value; + FF limb_subproduct = w_1_value * w_2_shifted_value + w_1_shifted_value * w_2_value; // ( a_0 ⋅ b_3 + a_3 ⋅ b_0 - r_3 ) - fr non_native_field_gate_2 = (w_1_value * w_4_value + w_2_value * w_3_value - w_3_shifted_value); + FF non_native_field_gate_2 = (w_1_value * w_4_value + w_2_value * w_3_value - w_3_shifted_value); // ( a_0 ⋅ b_3 + a_3 ⋅ b_0 - r_3 ) << 68 non_native_field_gate_2 *= LIMB_SIZE; // ( a_0 ⋅ b_3 + a_3 ⋅ b_0 - r_3 ) << 68 - hi_0 @@ -2922,13 +2933,13 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va // ( a_1 ⋅ b_0 + a_0 ⋅ b_1 ) << 68 + ( a_0 ⋅ b_0 ) limb_subproduct += (w_1_shifted_value * w_2_shifted_value); - fr non_native_field_gate_1 = limb_subproduct; + FF non_native_field_gate_1 = limb_subproduct; // ( a_1 ⋅ b_0 + a_0 ⋅ b_1 ) << 68 + ( a_0 ⋅ b_0 ) non_native_field_gate_1 -= (w_3_value + w_4_value); non_native_field_gate_1 *= q_3_value; // ( a_2 ⋅ b_1 + a_1 ⋅ b_2 ) << 68 + ( a_1 ⋅ b_1 ) - fr non_native_field_gate_3 = limb_subproduct; + FF non_native_field_gate_3 = limb_subproduct; // ( a_2 ⋅ b_1 + a_1 ⋅ b_2 ) << 68 + ( a_1 ⋅ b_1 ) + hi_0 non_native_field_gate_3 += w_4_value; // ( a_2 ⋅ b_1 + a_1 ⋅ b_2 ) << 68 + ( a_1 ⋅ b_1 ) + hi_0 - r_2 - hi_1 @@ -2936,7 +2947,7 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va non_native_field_gate_3 *= q_m_value; // Accumulate the 3 gates and multiply by q_2 - fr non_native_field_identity = non_native_field_gate_1 + non_native_field_gate_2 + non_native_field_gate_3; + FF non_native_field_identity = non_native_field_gate_1 + non_native_field_gate_2 + non_native_field_gate_3; non_native_field_identity *= q_2_value; // Accummulator limbs. These are activated with (q_3)&( q_4 | q_m). @@ -2945,7 +2956,7 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va // // w_4 == (w_2_shifted << 56) | (w_1_shifted << 42) | (w_3 << 28) | (w_2 << 14) | // w_1 - fr limb_accumulator_1 = w_2_shifted_value; + FF limb_accumulator_1 = w_2_shifted_value; limb_accumulator_1 *= SUBLIMB_SHIFT; limb_accumulator_1 += w_1_shifted_value; limb_accumulator_1 *= SUBLIMB_SHIFT; @@ -2958,7 +2969,7 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va limb_accumulator_1 *= q_4_value; // w_4_shifted == (w_3_shifted << 56) | (w_2_shifted << 42) | (w_1_shifted << 28) | (w_4 << 14) | w_3 - fr limb_accumulator_2 = w_3_shifted_value; + FF limb_accumulator_2 = w_3_shifted_value; limb_accumulator_2 *= SUBLIMB_SHIFT; limb_accumulator_2 += w_2_shifted_value; limb_accumulator_2 *= SUBLIMB_SHIFT; @@ -2970,7 +2981,7 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va limb_accumulator_2 -= w_4_shifted_value; limb_accumulator_2 *= q_m_value; - fr limb_accumulator_identity = limb_accumulator_1 + limb_accumulator_2; + FF limb_accumulator_identity = limb_accumulator_1 + limb_accumulator_2; limb_accumulator_identity *= q_3_value; /** @@ -3016,14 +3027,14 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va * For ROM gates, qc = 0 */ - fr memory_record_check = w_3_value; + FF memory_record_check = w_3_value; memory_record_check *= eta; memory_record_check += w_2_value; memory_record_check *= eta; memory_record_check += w_1_value; memory_record_check *= eta; memory_record_check += q_c_value; - fr partial_record_check = memory_record_check; // used in RAM consistency check + FF partial_record_check = memory_record_check; // used in RAM consistency check memory_record_check = memory_record_check - w_4_value; /** @@ -3040,15 +3051,15 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va * */ - fr index_delta = w_1_shifted_value - w_1_value; - fr record_delta = w_4_shifted_value - w_4_value; + FF index_delta = w_1_shifted_value - w_1_value; + FF record_delta = w_4_shifted_value - w_4_value; // (index_delta - 1) ⋅ (index_delta) - fr index_is_monotonically_increasing = index_delta.sqr() - index_delta; + FF index_is_monotonically_increasing = index_delta.sqr() - index_delta; // (1 - index_delta) ⋅ (record_delta) - fr adjacent_values_match_if_adjacent_indices_match = (fr(1) - index_delta) * record_delta; + FF adjacent_values_match_if_adjacent_indices_match = (FF(1) - index_delta) * record_delta; - fr ROM_consistency_check_identity = adjacent_values_match_if_adjacent_indices_match; + FF ROM_consistency_check_identity = adjacent_values_match_if_adjacent_indices_match; ROM_consistency_check_identity *= alpha; ROM_consistency_check_identity += index_is_monotonically_increasing; ROM_consistency_check_identity *= alpha; @@ -3074,11 +3085,11 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va * N.B. it is the responsibility of the circuit writer to ensure that every RAM cell is initialized * with a WRITE operation. */ - fr access_type = (w_4_value - partial_record_check); // will be 0 or 1 for honest Prover - fr access_check = access_type.sqr() - access_type; // check value is 0 or 1 + FF access_type = (w_4_value - partial_record_check); // will be 0 or 1 for honest Prover + FF access_check = access_type.sqr() - access_type; // check value is 0 or 1 // TODO: oof nasty compute here. If we sorted in reverse order we could re-use `partial_record_check` - fr next_gate_access_type = w_3_shifted_value; + FF next_gate_access_type = w_3_shifted_value; next_gate_access_type *= eta; next_gate_access_type += w_2_shifted_value; next_gate_access_type *= eta; @@ -3086,19 +3097,19 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va next_gate_access_type *= eta; next_gate_access_type = w_4_shifted_value - next_gate_access_type; - fr value_delta = w_3_shifted_value - w_3_value; - fr adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation = - (fr(1) - index_delta) * value_delta * (fr(1) - next_gate_access_type); + FF value_delta = w_3_shifted_value - w_3_value; + FF adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation = + (FF(1) - index_delta) * value_delta * (FF(1) - next_gate_access_type); // We can't apply the RAM consistency check identity on the final entry in the sorted list (the wires in the // next gate would make the identity fail). // We need to validate that its 'access type' bool is correct. Can't do // with an arithmetic gate because of the `eta` factors. We need to check that the *next* gate's access type is // correct, to cover this edge case - fr next_gate_access_type_is_boolean = next_gate_access_type.sqr() - next_gate_access_type; + FF next_gate_access_type_is_boolean = next_gate_access_type.sqr() - next_gate_access_type; // Putting it all together... - fr RAM_consistency_check_identity = + FF RAM_consistency_check_identity = adjacent_values_match_if_adjacent_indices_match_and_next_access_is_a_read_operation; RAM_consistency_check_identity *= alpha; RAM_consistency_check_identity += index_is_monotonically_increasing; @@ -3118,21 +3129,21 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va * Iff delta_index == 0, timestamp_check = timestamp_{i + 1} - timestamp_i * Else timestamp_check = 0 */ - fr timestamp_delta = w_2_shifted_value - w_2_value; - fr RAM_timestamp_check_identity = (fr(1) - index_delta) * timestamp_delta - w_3_value; + FF timestamp_delta = w_2_shifted_value - w_2_value; + FF RAM_timestamp_check_identity = (FF(1) - index_delta) * timestamp_delta - w_3_value; /** * The complete RAM/ROM memory identity * */ - fr memory_identity = ROM_consistency_check_identity * q_2_value; + FF memory_identity = ROM_consistency_check_identity * q_2_value; memory_identity += RAM_timestamp_check_identity * q_4_value; memory_identity += memory_record_check * q_m_value; memory_identity *= q_1_value; memory_identity += (RAM_consistency_check_identity * q_arith_value); - fr auxiliary_identity = memory_identity + non_native_field_identity + limb_accumulator_identity; + FF auxiliary_identity = memory_identity + non_native_field_identity + limb_accumulator_identity; auxiliary_identity *= q_aux_value; auxiliary_identity *= alpha_base; @@ -3148,7 +3159,7 @@ inline fr UltraCircuitConstructor_::compute_auxilary_identity(fr q_aux_va * @return true * @return false */ -bool UltraCircuitConstructor_::check_circuit() +template bool UltraCircuitConstructor_::check_circuit() { bool result = true; CircuitDataBackup circuit_backup = CircuitDataBackup::store_prefinilized_state(this); @@ -3157,12 +3168,12 @@ bool UltraCircuitConstructor_::check_circuit() finalize_circuit(); // Sample randomness - const fr arithmetic_base = fr::random_element(); - const fr elliptic_base = fr::random_element(); - const fr genperm_sort_base = fr::random_element(); - const fr auxillary_base = fr::random_element(); - const fr alpha = fr::random_element(); - const fr eta = fr::random_element(); + const FF arithmetic_base = FF::random_element(); + const FF elliptic_base = FF::random_element(); + const FF genperm_sort_base = FF::random_element(); + const FF auxillary_base = FF::random_element(); + const FF alpha = FF::random_element(); + const FF eta = FF::random_element(); // We need to get all memory std::unordered_set memory_read_record_gates; @@ -3176,12 +3187,11 @@ bool UltraCircuitConstructor_::check_circuit() // A hashing implementation for quick simulation lookups struct HashFrTuple { - const barretenberg::fr mult_const = barretenberg::fr(uint256_t(0x1337, 0x1336, 0x1335, 0x1334)); - const barretenberg::fr mc_sqr = mult_const.sqr(); - const barretenberg::fr mc_cube = mult_const * mc_sqr; + const FF mult_const = FF(uint256_t(0x1337, 0x1336, 0x1335, 0x1334)); + const FF mc_sqr = mult_const.sqr(); + const FF mc_cube = mult_const * mc_sqr; - size_t operator()( - const std::tuple& entry) const + size_t operator()(const std::tuple& entry) const { return (size_t)((std::get<0>(entry) + mult_const * std::get<1>(entry) + mc_sqr * std::get<2>(entry) + mc_cube * std::get<3>(entry)) @@ -3193,21 +3203,16 @@ bool UltraCircuitConstructor_::check_circuit() // Equality checks for lookup tuples struct EqualFrTuple { - bool operator()( - const std::tuple& entry1, - const std::tuple& entry2) const + bool operator()(const std::tuple& entry1, const std::tuple& entry2) const { return entry1 == entry2; } }; // The set of all lookup tuples that are in the tables - std::unordered_set, - HashFrTuple, - EqualFrTuple> - table_hash; + std::unordered_set, HashFrTuple, EqualFrTuple> table_hash; // Prepare the lookup set for use in the circuit for (auto& table : lookup_tables) { - const fr table_index(table.table_index); + const FF table_index(table.table_index); for (size_t i = 0; i < table.size; ++i) { const auto components = std::make_tuple(table.column_1[i], table.column_2[i], table.column_3[i], table_index); @@ -3217,47 +3222,47 @@ bool UltraCircuitConstructor_::check_circuit() // We use a running tag product mechanism to ensure tag correctness // This is the product of (value + γ ⋅ tag) - fr left_tag_product = fr::one(); + FF left_tag_product = FF::one(); // This is the product of (value + γ ⋅ tau[tag]) - fr right_tag_product = fr::one(); + FF right_tag_product = FF::one(); // Randomness for the tag check - const fr tag_gamma = fr::random_element(); + const FF tag_gamma = FF::random_element(); // We need to include each variable only once std::unordered_set encountered_variables; // Function to quickly update tag products and encountered variable set by index and value - auto update_tag_check_information = [&](size_t variable_index, fr value) { - size_t real_index = real_variable_index[variable_index]; + auto update_tag_check_information = [&](size_t variable_index, FF value) { + size_t real_index = this->real_variable_index[variable_index]; // Check to ensure that we are not including a variable twice if (encountered_variables.contains(real_index)) { return; } - size_t tag_in = real_variable_tags[real_index]; + size_t tag_in = this->real_variable_tags[real_index]; if (tag_in != DUMMY_TAG) { - size_t tag_out = tau.at((uint32_t)tag_in); - left_tag_product *= value + tag_gamma * fr(tag_in); - right_tag_product *= value + tag_gamma * fr(tag_out); + size_t tag_out = this->tau.at((uint32_t)tag_in); + left_tag_product *= value + tag_gamma * FF(tag_in); + right_tag_product *= value + tag_gamma * FF(tag_out); encountered_variables.insert(real_index); } }; // For each gate for (size_t i = 0; i < this->num_gates; i++) { - fr q_arith_value; - fr q_aux_value; - fr q_elliptic_value; - fr q_sort_value; - fr this->q_lookup_type_value; - this->fr q_1_value; - this->fr q_2_value; - fr q_3_value; - fr q_4_value; - fr q_m_value; - fr q_c_value; - fr w_1_value; - fr w_2_value; - fr w_3_value; - fr w_4_value; - fr w_4_index; + FF q_arith_value; + FF q_aux_value; + FF q_elliptic_value; + FF q_sort_value; + FF q_lookup_type_value; + FF q_1_value; + FF q_2_value; + FF q_3_value; + FF q_4_value; + FF q_m_value; + FF q_c_value; + FF w_1_value; + FF w_2_value; + FF w_3_value; + FF w_4_value; + FF w_4_index; // Get the values of selectors and wires and update tag products along the way q_arith_value = q_arith[i]; q_aux_value = q_aux[i]; @@ -3285,32 +3290,32 @@ bool UltraCircuitConstructor_::check_circuit() w_4_value = ((w_3_value * eta + w_2_value) * eta + w_1_value) * eta; } if (memory_write_record_gates.contains(i)) { - w_4_value = ((w_3_value * eta + w_2_value) * eta + w_1_value) * eta + fr::one(); + w_4_value = ((w_3_value * eta + w_2_value) * eta + w_1_value) * eta + FF::one(); } // Now we can update the tag product for w_4 update_tag_check_information((uint32_t)w_4_index, w_4_value); - fr w_1_shifted_value; - fr w_2_shifted_value; - fr w_3_shifted_value; - fr w_4_shifted_value; + FF w_1_shifted_value; + FF w_2_shifted_value; + FF w_3_shifted_value; + FF w_4_shifted_value; if (i < (this->num_gates - 1)) { w_1_shifted_value = this->get_variable(w_l[i + 1]); w_2_shifted_value = this->get_variable(w_r[i + 1]); - w_3_shifted_value = this->this->get_variable(w_o[this->i + this->1]); + w_3_shifted_value = this->get_variable(w_o[i + 1]); w_4_shifted_value = this->get_variable(w_4[i + 1]); } else { - w_1_shifted_value = fr::zero(); - w_2_shifted_value = fr::zero(); - w_3_shifted_value = fr::zero(); - w_4_shifted_value = fr::zero(); + w_1_shifted_value = FF::zero(); + w_2_shifted_value = FF::zero(); + w_3_shifted_value = FF::zero(); + w_4_shifted_value = FF::zero(); } if (memory_read_record_gates.contains(i + 1)) { w_4_shifted_value = ((w_3_shifted_value * eta + w_2_shifted_value) * eta + w_1_shifted_value) * eta; } if (memory_write_record_gates.contains(i + 1)) { w_4_shifted_value = - ((w_3_shifted_value * eta + w_2_shifted_value) * eta + w_1_shifted_value) * eta + fr::one(); + ((w_3_shifted_value * eta + w_2_shifted_value) * eta + w_1_shifted_value) * eta + FF::one(); } if (!compute_arithmetic_identity(q_arith_value, q_1_value, @@ -3416,5 +3421,5 @@ bool UltraCircuitConstructor_::check_circuit() circuit_backup.restore_prefinilized_state(this); return result; } - +template class UltraCircuitConstructor_; } // namespace proof_system \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index 427dfc07c7..db942b8fcb 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -15,10 +15,8 @@ namespace proof_system { using namespace barretenberg; -template -class UltraCircuitConstructor_ : public CircuitConstructorBase> { +template class UltraCircuitConstructor_ : public CircuitConstructorBase> { public: - using FF = typename Curve::ScalarField; static constexpr ComposerType type = ComposerType::PLOOKUP; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; @@ -583,7 +581,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase>(ultra_selector_names(), size_hint) + : CircuitConstructorBase>(ultra_selector_names(), size_hint) { w_l.reserve(size_hint); w_r.reserve(size_hint); @@ -596,7 +594,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase>(std::move(other)) + : CircuitConstructorBase>(std::move(other)) { constant_variable_indices = other.constant_variable_indices; @@ -724,7 +722,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBaseprogram_width; + constexpr size_t gate_width = CircuitConstructorBase>::program_width; // each RAM gate adds +2 extra gates due to the ram reads being copied to a sorted list set, // as well as an extra gate to validate timestamps std::vector ram_timestamps; @@ -994,7 +992,7 @@ class UltraCircuitConstructor_ : public CircuitConstructorBasefailure(msg); } auto b_idx = put_constant_variable(b); - assert_equal(a_idx, b_idx, msg); + this->assert_equal(a_idx, b_idx, msg); } /** @@ -1118,63 +1116,64 @@ class UltraCircuitConstructor_ : public CircuitConstructorBase; +extern template class UltraCircuitConstructor_; +using UltraCircuitConstructor = UltraCircuitConstructor_; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.test.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.test.cpp index 1b9706e756..ec60aa43f8 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.test.cpp @@ -15,7 +15,7 @@ TEST(ultra_circuit_constructor, create_gates_from_plookup_accumulators) { UltraCircuitConstructor circuit_constructor = UltraCircuitConstructor(); - barretenberg::fr input_value = fr::random_element(); + fr input_value = fr::random_element(); const fr input_hi = uint256_t(input_value).slice(126, 256); const fr input_lo = uint256_t(input_value).slice(0, 126); const auto input_hi_index = circuit_constructor.add_variable(input_hi); @@ -29,8 +29,8 @@ TEST(ultra_circuit_constructor, create_gates_from_plookup_accumulators) const auto lookup_witnesses_lo = circuit_constructor.create_gates_from_plookup_accumulators( MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); - std::vector expected_x; - std::vector expected_y; + std::vector expected_x; + std::vector expected_y; const size_t num_lookups_hi = (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE; @@ -40,7 +40,7 @@ TEST(ultra_circuit_constructor, create_gates_from_plookup_accumulators) EXPECT_EQ(num_lookups_hi, lookup_witnesses_hi[ColumnIdx::C1].size()); EXPECT_EQ(num_lookups_lo, lookup_witnesses_lo[ColumnIdx::C1].size()); - std::vector expected_scalars; + std::vector expected_scalars; expected_x.resize(num_lookups); expected_y.resize(num_lookups); expected_scalars.resize(num_lookups); diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp index 6eae4331e9..ef3066351c 100644 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp @@ -26,18 +26,21 @@ template class UltraHonkComposer_; using UltraHonkComposer = UltraHonkComposer_; } // namespace proof_system::honk -namespace curve { -class BN254; -} +namespace barretenberg { +class Bn254FrParams; +template struct alignas(32) field; +} // namespace barretenberg namespace proof_system { -template class StandardCircuitConstructor_; -using StandardCircuitConstructor = StandardCircuitConstructor_; -template class TurboCircuitConstructor_; -using TurboCircuitConstructor = TurboCircuitConstructor_; -template class UltraCircuitConstructor_; -using UltraCircuitConstructor = UltraCircuitConstructor_; +template class StandardCircuitConstructor_; +using StandardCircuitConstructor = StandardCircuitConstructor_>; +template class TurboCircuitConstructor_; +using TurboCircuitConstructor = TurboCircuitConstructor_>; +template class UltraCircuitConstructor_; +using UltraCircuitConstructor = UltraCircuitConstructor_>; } // namespace proof_system +// namespace proof_system + #define EXTERN_STDLIB_TYPE(stdlib_type) \ extern template class stdlib_type; \ extern template class stdlib_type; \ diff --git a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp index 213eee5c96..f3ab96a0eb 100644 --- a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp @@ -1,7 +1,6 @@ #pragma once #include #include "../composers/composers_fwd.hpp" -#include "../composers/composers.hpp" #include "../witness/witness.hpp" #include "../bool/bool.hpp" #include "barretenberg/common/assert.hpp" From 43a9103269be863df21ade86d3f38d8b241dfcd2 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 20 Jun 2023 11:56:08 +0000 Subject: [PATCH 10/12] enable verification of standard grumpkin circuits --- .../arithmetization/gate_data.hpp | 99 ++++++++------- .../circuit_constructor_base.cpp | 1 + .../circuit_constructor_base.hpp | 6 +- .../standard_circuit_constructor.cpp | 114 +++++++++--------- .../standard_circuit_constructor.hpp | 24 ++-- .../standard_circuit_constructor.test.cpp | 10 ++ .../ultra_circuit_constructor.cpp | 22 ---- 7 files changed, 140 insertions(+), 136 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp b/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp index 5175867bfd..67dbdd95da 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp @@ -4,63 +4,70 @@ #include "barretenberg/common/serialize.hpp" namespace proof_system { -struct add_triple { +template struct add_triple_ { uint32_t a; uint32_t b; uint32_t c; - barretenberg::fr a_scaling; - barretenberg::fr b_scaling; - barretenberg::fr c_scaling; - barretenberg::fr const_scaling; + FF a_scaling; + FF b_scaling; + FF c_scaling; + FF const_scaling; }; +using add_triple = add_triple_; -struct add_quad { +template struct add_quad_ { uint32_t a; uint32_t b; uint32_t c; uint32_t d; - barretenberg::fr a_scaling; - barretenberg::fr b_scaling; - barretenberg::fr c_scaling; - barretenberg::fr d_scaling; - barretenberg::fr const_scaling; + FF a_scaling; + FF b_scaling; + FF c_scaling; + FF d_scaling; + FF const_scaling; }; +using add_quad = add_quad_; -struct mul_quad { +template struct mul_quad_ { uint32_t a; uint32_t b; uint32_t c; uint32_t d; - barretenberg::fr mul_scaling; - barretenberg::fr a_scaling; - barretenberg::fr b_scaling; - barretenberg::fr c_scaling; - barretenberg::fr d_scaling; - barretenberg::fr const_scaling; + FF mul_scaling; + FF a_scaling; + FF b_scaling; + FF c_scaling; + FF d_scaling; + FF const_scaling; }; +using mul_quad = mul_quad_; -struct mul_triple { +template struct mul_triple_ { uint32_t a; uint32_t b; uint32_t c; - barretenberg::fr mul_scaling; - barretenberg::fr c_scaling; - barretenberg::fr const_scaling; + FF mul_scaling; + FF c_scaling; + FF const_scaling; }; +using mul_triple = mul_triple_; -struct poly_triple { +template struct poly_triple_ { uint32_t a; uint32_t b; uint32_t c; - barretenberg::fr q_m; - barretenberg::fr q_l; - barretenberg::fr q_r; - barretenberg::fr q_o; - barretenberg::fr q_c; + FF q_m; + FF q_l; + FF q_r; + FF q_o; + FF q_c; - friend bool operator==(poly_triple const& lhs, poly_triple const& rhs) = default; + friend bool operator==(poly_triple_ const& lhs, poly_triple_ const& rhs) = default; }; +using poly_triple = poly_triple_; + +// TODO: figure out what to do with this... template inline void read(B& buf, poly_triple& constraint) { using serialize::read; @@ -73,7 +80,7 @@ template inline void read(B& buf, poly_triple& constraint) read(buf, constraint.q_o); read(buf, constraint.q_c); } - +// TODO: and this.. template inline void write(B& buf, poly_triple const& constraint) { using serialize::write; @@ -87,38 +94,42 @@ template inline void write(B& buf, poly_triple const& constraint) write(buf, constraint.q_c); } -struct fixed_group_add_quad { +template struct fixed_group_add_quad_ { uint32_t a; uint32_t b; uint32_t c; uint32_t d; - barretenberg::fr q_x_1; - barretenberg::fr q_x_2; - barretenberg::fr q_y_1; - barretenberg::fr q_y_2; + FF q_x_1; + FF q_x_2; + FF q_y_1; + FF q_y_2; }; +using fixed_group_add_quad = fixed_group_add_quad_; -struct fixed_group_init_quad { - barretenberg::fr q_x_1; - barretenberg::fr q_x_2; - barretenberg::fr q_y_1; - barretenberg::fr q_y_2; +template struct fixed_group_init_quad_ { + FF q_x_1; + FF q_x_2; + FF q_y_1; + FF q_y_2; }; +using fixed_group_init_quad = fixed_group_init_quad_; -struct accumulator_triple { +template struct accumulator_triple_ { std::vector left; std::vector right; std::vector out; }; +using accumulator_triple = accumulator_triple_; -struct ecc_add_gate { +template struct ecc_add_gate_ { uint32_t x1; uint32_t y1; uint32_t x2; uint32_t y2; uint32_t x3; uint32_t y3; - barretenberg::fr endomorphism_coefficient; - barretenberg::fr sign_coefficient; + FF endomorphism_coefficient; + FF sign_coefficient; }; +using ecc_add_gate = ecc_add_gate_; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp index 525014fe0d..7502db8e57 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp @@ -44,6 +44,7 @@ void CircuitConstructorBase::assert_equal(const uint32_t a_vari } // Standard honk/ plonk instantiation template class CircuitConstructorBase>; +template class CircuitConstructorBase>; template class CircuitConstructorBase>; template class CircuitConstructorBase>; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 031ceb88fc..8153a8c491 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -79,10 +79,10 @@ template class CircuitConstructorBase { uint32_t zero_idx = 0; uint32_t one_idx = 1; - virtual void create_add_gate(const add_triple& in) = 0; - virtual void create_mul_gate(const mul_triple& in) = 0; + virtual void create_add_gate(const add_triple_& in) = 0; + virtual void create_mul_gate(const mul_triple_& in) = 0; virtual void create_bool_gate(const uint32_t a) = 0; - virtual void create_poly_gate(const poly_triple& in) = 0; + virtual void create_poly_gate(const poly_triple_& in) = 0; virtual size_t get_num_constant_gates() const = 0; /** diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp index 9204a67df3..50ea58f36f 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp @@ -14,7 +14,7 @@ namespace proof_system { * @param in An add_triple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and addition coefficients to be placed into q_1, q_2, q_3, q_c. */ -template void StandardCircuitConstructor_::create_add_gate(const add_triple& in) +template void StandardCircuitConstructor_::create_add_gate(const add_triple_& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -37,7 +37,7 @@ template void StandardCircuitConstructor_::create_add_gate(con * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -template void StandardCircuitConstructor_::create_big_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_big_add_gate(const add_quad_& in) { // (a terms + b terms = temp) // (c terms + d terms + temp = 0 ) @@ -46,9 +46,9 @@ template void StandardCircuitConstructor_::create_big_add_gate FF temp = t0 + t1; uint32_t temp_idx = this->add_variable(temp); - create_add_gate(add_triple{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); + create_add_gate(add_triple_{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); - create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::one(), in.const_scaling }); + create_add_gate(add_triple_{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::one(), in.const_scaling }); } /** @@ -58,7 +58,7 @@ template void StandardCircuitConstructor_::create_big_add_gate * @param in An add quad containing the indexes of variables a, b, c, d and * the scaling factors. * */ -template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad& in) +template void StandardCircuitConstructor_::create_balanced_add_gate(const add_quad_& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -119,7 +119,8 @@ template void StandardCircuitConstructor_::create_balanced_add ++this->num_gates; } -template void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad& in) +template +void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(const add_quad_& in) { // blah. // delta = (c - 4d) @@ -134,18 +135,18 @@ template void StandardCircuitConstructor_::create_big_add_gate uint32_t delta_idx = this->add_variable(delta); constexpr FF neg_four = -(FF(4)); - create_add_gate(add_triple{ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); + create_add_gate(add_triple_{ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); constexpr FF two = FF(2); constexpr FF seven = FF(7); constexpr FF nine = FF(9); const FF r_0 = (delta * nine) - ((delta.sqr() * two) + seven); uint32_t r_0_idx = this->add_variable(r_0); - create_poly_gate(poly_triple{ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); + create_poly_gate(poly_triple_{ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); FF r_1 = r_0 * delta; uint32_t r_1_idx = this->add_variable(r_1); - create_mul_gate(mul_triple{ + create_mul_gate(mul_triple_{ r_0_idx, delta_idx, r_1_idx, @@ -158,20 +159,20 @@ template void StandardCircuitConstructor_::create_big_add_gate FF r_2 = (r_1 + (this->get_variable(in.d) * in.d_scaling)); uint32_t r_2_idx = this->add_variable(r_2); - create_add_gate(add_triple{ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); + create_add_gate(add_triple_{ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); - create_big_add_gate( - add_quad{ in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, FF::one(), in.const_scaling }); + create_big_add_gate(add_quad_{ + in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, FF::one(), in.const_scaling }); } -template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad& in) +template void StandardCircuitConstructor_::create_big_mul_gate(const mul_quad_& in) { FF temp = ((this->get_variable(in.c) * in.c_scaling) + (this->get_variable(in.d) * in.d_scaling)); uint32_t temp_idx = this->add_variable(temp); - create_add_gate(add_triple{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); + create_add_gate(add_triple_{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); - create_poly_gate( - poly_triple{ in.a, in.b, temp_idx, in.mul_scaling, in.a_scaling, in.b_scaling, FF::one(), in.const_scaling }); + create_poly_gate(poly_triple_{ + in.a, in.b, temp_idx, in.mul_scaling, in.a_scaling, in.b_scaling, FF::one(), in.const_scaling }); } /** @@ -180,7 +181,7 @@ template void StandardCircuitConstructor_::create_big_mul_gate * @param in A mul_tripple containing the indexes of variables to be placed into the * wires w_l, w_r, w_o and scaling coefficients to be placed into q_m, q_3, q_c. */ -template void StandardCircuitConstructor_::create_mul_gate(const mul_triple& in) +template void StandardCircuitConstructor_::create_mul_gate(const mul_triple_& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -224,7 +225,7 @@ template void StandardCircuitConstructor_::create_bool_gate(co * * @param in A poly_triple containing all the information. */ -template void StandardCircuitConstructor_::create_poly_gate(const poly_triple& in) +template void StandardCircuitConstructor_::create_poly_gate(const poly_triple_& in) { this->assert_valid_variables({ in.a, in.b, in.c }); @@ -255,7 +256,7 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_accu const auto is_edge_case = [&num_quads, &num_bits](size_t idx) { return (idx == num_quads - 1 && ((num_bits & 1ULL) == 1ULL)); }; - constexpr FF four = fr{ 4, 0, 0, 0 }.to_montgomery_form(); + constexpr FF four = FF{ 4, 0, 0, 0 }.to_montgomery_form(); FF accumulator = FF::zero(); uint32_t accumulator_idx = 0; for (size_t i = num_quads - 1; i < num_quads; --i) { @@ -274,10 +275,10 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_accu create_bool_gate(hi_idx); uint64_t quad = (lo ? 1U : 0U) + (hi ? 2U : 0U); - quad_idx = this->add_variable(fr{ quad, 0, 0, 0 }.to_montgomery_form()); + quad_idx = this->add_variable(FF{ quad, 0, 0, 0 }.to_montgomery_form()); - create_add_gate( - add_triple{ lo_idx, hi_idx, quad_idx, FF::one(), FF::one() + FF::one(), FF::neg_one(), FF::zero() }); + create_add_gate(add_triple_{ + lo_idx, hi_idx, quad_idx, FF::one(), FF::one() + FF::one(), FF::neg_one(), FF::zero() }); } if (i == num_quads - 1) { @@ -289,7 +290,7 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_accu new_accumulator = new_accumulator + new_accumulator; new_accumulator = new_accumulator + this->get_variable(quad_idx); uint32_t new_accumulator_idx = this->add_variable(new_accumulator); - create_add_gate(add_triple{ + create_add_gate(add_triple_{ accumulator_idx, quad_idx, new_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.push_back(new_accumulator_idx); accumulator = new_accumulator; @@ -350,23 +351,23 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(cons // a & b = ab // a ^ b = a + b - 2ab - create_poly_gate(poly_triple{ left_hi_idx, - right_hi_idx, - out_hi_idx, - is_xor_gate ? neg_two : FF::one(), - is_xor_gate ? FF::one() : FF::zero(), - is_xor_gate ? FF::one() : FF::zero(), - FF::neg_one(), - FF::zero() }); - - create_poly_gate(poly_triple{ left_lo_idx, - right_lo_idx, - out_lo_idx, - is_xor_gate ? neg_two : FF::one(), - is_xor_gate ? FF::one() : FF::zero(), - is_xor_gate ? FF::one() : FF::zero(), - FF::neg_one(), - FF::zero() }); + create_poly_gate(poly_triple_{ left_hi_idx, + right_hi_idx, + out_hi_idx, + is_xor_gate ? neg_two : FF::one(), + is_xor_gate ? FF::one() : FF::zero(), + is_xor_gate ? FF::one() : FF::zero(), + FF::neg_one(), + FF::zero() }); + + create_poly_gate(poly_triple_{ left_lo_idx, + right_lo_idx, + out_lo_idx, + is_xor_gate ? neg_two : FF::one(), + is_xor_gate ? FF::one() : FF::zero(), + is_xor_gate ? FF::one() : FF::zero(), + FF::neg_one(), + FF::zero() }); FF left_quad = this->get_variable(left_lo_idx) + this->get_variable(left_hi_idx) + this->get_variable(left_hi_idx); @@ -383,33 +384,33 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(cons new_left_accumulator = new_left_accumulator + left_quad; uint32_t new_left_accumulator_idx = this->add_variable(new_left_accumulator); - create_add_gate(add_triple{ left_accumulator_idx, - left_quad_idx, - new_left_accumulator_idx, - four, - FF::one(), - FF::neg_one(), - FF::zero() }); + create_add_gate(add_triple_{ left_accumulator_idx, + left_quad_idx, + new_left_accumulator_idx, + four, + FF::one(), + FF::neg_one(), + FF::zero() }); FF new_right_accumulator = right_accumulator + right_accumulator; new_right_accumulator = new_right_accumulator + new_right_accumulator; new_right_accumulator = new_right_accumulator + right_quad; uint32_t new_right_accumulator_idx = this->add_variable(new_right_accumulator); - create_add_gate(add_triple{ right_accumulator_idx, - right_quad_idx, - new_right_accumulator_idx, - four, - FF::one(), - FF::neg_one(), - FF::zero() }); + create_add_gate(add_triple_{ right_accumulator_idx, + right_quad_idx, + new_right_accumulator_idx, + four, + FF::one(), + FF::neg_one(), + FF::zero() }); FF new_out_accumulator = out_accumulator + out_accumulator; new_out_accumulator = new_out_accumulator + new_out_accumulator; new_out_accumulator = new_out_accumulator + out_quad; uint32_t new_out_accumulator_idx = this->add_variable(new_out_accumulator); - create_add_gate(add_triple{ + create_add_gate(add_triple_{ out_accumulator_idx, out_quad_idx, new_out_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.left.emplace_back(new_left_accumulator_idx); @@ -505,5 +506,6 @@ template bool StandardCircuitConstructor_::check_circuit() } return true; } -template class StandardCircuitConstructor_>; +template class StandardCircuitConstructor_; +template class StandardCircuitConstructor_; } // namespace proof_system \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 954a0d6125..2566581d2f 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -74,17 +74,18 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase& in) override; + void create_mul_gate(const mul_triple_& in) override; void create_bool_gate(const uint32_t a) override; - void create_poly_gate(const poly_triple& in) override; - void create_big_add_gate(const add_quad& in); - void create_big_add_gate_with_bit_extraction(const add_quad& in); - void create_big_mul_gate(const mul_quad& in); - void create_balanced_add_gate(const add_quad& in); - void create_fixed_group_add_gate(const fixed_group_add_quad& in); - void create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, const fixed_group_init_quad& init); - void create_fixed_group_add_gate_final(const add_quad& in); + void create_poly_gate(const poly_triple_& in) override; + void create_big_add_gate(const add_quad_& in); + void create_big_add_gate_with_bit_extraction(const add_quad_& in); + void create_big_mul_gate(const mul_quad_& in); + void create_balanced_add_gate(const add_quad_& in); + void create_fixed_group_add_gate(const fixed_group_add_quad_& in); + void create_fixed_group_add_gate_with_init(const fixed_group_add_quad_& in, + const fixed_group_init_quad_& init); + void create_fixed_group_add_gate_final(const add_quad_& in); fixed_group_add_quad previous_add_quad; @@ -118,6 +119,7 @@ class StandardCircuitConstructor_ : public CircuitConstructorBase; +extern template class StandardCircuitConstructor_; using StandardCircuitConstructor = StandardCircuitConstructor_; -// using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor__; +using StandardGrumpkinCircuitConstructor = StandardCircuitConstructor_; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp index 7023a87b58..9bbfd3b1e8 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp @@ -22,6 +22,16 @@ TEST(standard_circuit_constructor, base_case) EXPECT_EQ(result, true); } +TEST(standard_circuit_constructor, grumpkin_base_case) +{ + StandardGrumpkinCircuitConstructor composer = StandardGrumpkinCircuitConstructor(); + grumpkin::fr a = grumpkin::fr::one(); + composer.add_public_variable(a); + + bool result = composer.check_circuit(); + EXPECT_EQ(result, true); +} + TEST(standard_circuit_constructor, test_add_gate) { StandardCircuitConstructor composer = StandardCircuitConstructor(); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index 5efa5cdd36..60fb16076d 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -2317,13 +2317,7 @@ std::array UltraCircuitConstructor_::read_ROM_array_pair(const * @param rom_id The id of the ROM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ -<<<<<<< HEAD -template -void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id, - const size_t gate_offset_from_public_inputs) -======= template void UltraCircuitConstructor_::process_ROM_array(const size_t rom_id) ->>>>>>> 4096cc77... mess that works { auto& rom_array = rom_arrays[rom_id]; @@ -2409,13 +2403,7 @@ template void UltraCircuitConstructor_::process_ROM_array(cons * @param ram_id The id of the RAM table * @param gate_offset_from_public_inputs Required to track the gate position of where we're adding extra gates */ -<<<<<<< HEAD -template -void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id, - const size_t gate_offset_from_public_inputs) -======= template void UltraCircuitConstructor_::process_RAM_array(const size_t ram_id) ->>>>>>> 4096cc77... mess that works { RamTranscript& ram_array = ram_arrays[ram_id]; const auto access_tag = get_new_tag(); // current_tag + 1; @@ -2555,23 +2543,13 @@ template void UltraCircuitConstructor_::process_RAM_array(cons } } -<<<<<<< HEAD -template -void UltraCircuitConstructor_::process_ROM_arrays(const size_t gate_offset_from_public_inputs) -======= template void UltraCircuitConstructor_::process_ROM_arrays() ->>>>>>> 4096cc77... mess that works { for (size_t i = 0; i < rom_arrays.size(); ++i) { process_ROM_array(i); } } -<<<<<<< HEAD -template -void UltraCircuitConstructor_::process_RAM_arrays(const size_t gate_offset_from_public_inputs) -======= template void UltraCircuitConstructor_::process_RAM_arrays() ->>>>>>> 4096cc77... mess that works { for (size_t i = 0; i < ram_arrays.size(); ++i) { process_RAM_array(i); From a89b90c80676d486560497d936a0978ba81f5af4 Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 23 Jun 2023 11:05:56 +0000 Subject: [PATCH 11/12] resolve review comments --- .../dsl/acir_format/block_constraint.test.cpp | 12 +-- .../barretenberg/ecc/curves/bn254/bn254.hpp | 2 +- .../arithmetization/gate_data.hpp | 5 +- .../standard_circuit_constructor.cpp | 88 +++++++++---------- .../turbo_circuit_constructor.test.cpp | 12 +-- .../ultra_circuit_constructor.cpp | 50 +++++------ 6 files changed, 84 insertions(+), 85 deletions(-) diff --git a/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp index 4c443e7e35..2ab53b8121 100644 --- a/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp @@ -13,7 +13,7 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ witness_len++; fr two = fr::one() + fr::one(); - poly_triple a0 = poly_triple{ + poly_triple a0 = { .a = 1, .b = 0, .c = 0, @@ -24,7 +24,7 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ .q_c = 0, }; fr three = fr::one() + two; - poly_triple a1 = poly_triple{ + poly_triple a1 = { .a = 0, .b = 0, .c = 0, @@ -34,7 +34,7 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ .q_o = 0, .q_c = three, }; - poly_triple r1 = poly_triple{ + poly_triple r1 = { .a = 1, .b = 0, .c = 0, @@ -44,7 +44,7 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ .q_o = 0, .q_c = fr::neg_one(), }; - poly_triple r2 = poly_triple{ + poly_triple r2 = { .a = 1, .b = 0, .c = 0, @@ -54,7 +54,7 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ .q_o = 0, .q_c = fr::neg_one(), }; - poly_triple y = poly_triple{ + poly_triple y = { .a = 2, .b = 0, .c = 0, @@ -66,7 +66,7 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ }; witness_values.emplace_back(2); witness_len++; - poly_triple z = poly_triple{ + poly_triple z = { .a = 3, .b = 0, .c = 0, diff --git a/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp b/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp index 5b9bf43ce4..2fbf3540f3 100644 --- a/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp +++ b/cpp/src/barretenberg/ecc/curves/bn254/bn254.hpp @@ -16,6 +16,6 @@ class BN254 { using AffineElement = typename Group::affine_element; using G2AffineElement = typename barretenberg::g2::affine_element; using G2BaseField = typename barretenberg::fq2; - using Fq12 = barretenberg::fq12; + using TargetField = barretenberg::fq12; }; } // namespace curve \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp b/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp index 67dbdd95da..d61dc128eb 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/gate_data.hpp @@ -3,6 +3,9 @@ #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/common/serialize.hpp" +// TODO(#557): The field-specific aliases for dates should be removed and the type could be made explicit when this +// structures are used to avoid having foo_gate and foo_gate_grumpkin. Moreover, we need to ensure the read/write +// functions handle grumpkin gates as well. namespace proof_system { template struct add_triple_ { uint32_t a; @@ -67,7 +70,6 @@ template struct poly_triple_ { using poly_triple = poly_triple_; -// TODO: figure out what to do with this... template inline void read(B& buf, poly_triple& constraint) { using serialize::read; @@ -80,7 +82,6 @@ template inline void read(B& buf, poly_triple& constraint) read(buf, constraint.q_o); read(buf, constraint.q_c); } -// TODO: and this.. template inline void write(B& buf, poly_triple const& constraint) { using serialize::write; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp index 50ea58f36f..215bea8282 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.cpp @@ -46,9 +46,9 @@ template void StandardCircuitConstructor_::create_big_add_gate FF temp = t0 + t1; uint32_t temp_idx = this->add_variable(temp); - create_add_gate(add_triple_{ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); + create_add_gate({ in.a, in.b, temp_idx, in.a_scaling, in.b_scaling, FF::neg_one(), FF::zero() }); - create_add_gate(add_triple_{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::one(), in.const_scaling }); + create_add_gate({ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::one(), in.const_scaling }); } /** @@ -135,14 +135,14 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(co uint32_t delta_idx = this->add_variable(delta); constexpr FF neg_four = -(FF(4)); - create_add_gate(add_triple_{ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); + create_add_gate({ in.c, in.d, delta_idx, FF::one(), neg_four, FF::neg_one(), FF::zero() }); constexpr FF two = FF(2); constexpr FF seven = FF(7); constexpr FF nine = FF(9); const FF r_0 = (delta * nine) - ((delta.sqr() * two) + seven); uint32_t r_0_idx = this->add_variable(r_0); - create_poly_gate(poly_triple_{ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); + create_poly_gate({ delta_idx, delta_idx, r_0_idx, -two, nine, FF::zero(), FF::neg_one(), -seven }); FF r_1 = r_0 * delta; uint32_t r_1_idx = this->add_variable(r_1); @@ -159,7 +159,7 @@ void StandardCircuitConstructor_::create_big_add_gate_with_bit_extraction(co FF r_2 = (r_1 + (this->get_variable(in.d) * in.d_scaling)); uint32_t r_2_idx = this->add_variable(r_2); - create_add_gate(add_triple_{ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); + create_add_gate({ in.d, r_1_idx, r_2_idx, in.d_scaling, FF::one(), FF::neg_one(), FF::zero() }); create_big_add_gate(add_quad_{ in.a, in.b, in.c, r_2_idx, in.a_scaling, in.b_scaling, in.c_scaling, FF::one(), in.const_scaling }); @@ -169,10 +169,9 @@ template void StandardCircuitConstructor_::create_big_mul_gate { FF temp = ((this->get_variable(in.c) * in.c_scaling) + (this->get_variable(in.d) * in.d_scaling)); uint32_t temp_idx = this->add_variable(temp); - create_add_gate(add_triple_{ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); + create_add_gate({ in.c, in.d, temp_idx, in.c_scaling, in.d_scaling, FF::neg_one(), FF::zero() }); - create_poly_gate(poly_triple_{ - in.a, in.b, temp_idx, in.mul_scaling, in.a_scaling, in.b_scaling, FF::one(), in.const_scaling }); + create_poly_gate({ in.a, in.b, temp_idx, in.mul_scaling, in.a_scaling, in.b_scaling, FF::one(), in.const_scaling }); } /** @@ -277,8 +276,7 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_accu uint64_t quad = (lo ? 1U : 0U) + (hi ? 2U : 0U); quad_idx = this->add_variable(FF{ quad, 0, 0, 0 }.to_montgomery_form()); - create_add_gate(add_triple_{ - lo_idx, hi_idx, quad_idx, FF::one(), FF::one() + FF::one(), FF::neg_one(), FF::zero() }); + create_add_gate({ lo_idx, hi_idx, quad_idx, FF::one(), FF::one() + FF::one(), FF::neg_one(), FF::zero() }); } if (i == num_quads - 1) { @@ -290,8 +288,8 @@ std::vector StandardCircuitConstructor_::decompose_into_base4_accu new_accumulator = new_accumulator + new_accumulator; new_accumulator = new_accumulator + this->get_variable(quad_idx); uint32_t new_accumulator_idx = this->add_variable(new_accumulator); - create_add_gate(add_triple_{ - accumulator_idx, quad_idx, new_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); + create_add_gate( + { accumulator_idx, quad_idx, new_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.push_back(new_accumulator_idx); accumulator = new_accumulator; accumulator_idx = new_accumulator_idx; @@ -351,23 +349,23 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(cons // a & b = ab // a ^ b = a + b - 2ab - create_poly_gate(poly_triple_{ left_hi_idx, - right_hi_idx, - out_hi_idx, - is_xor_gate ? neg_two : FF::one(), - is_xor_gate ? FF::one() : FF::zero(), - is_xor_gate ? FF::one() : FF::zero(), - FF::neg_one(), - FF::zero() }); - - create_poly_gate(poly_triple_{ left_lo_idx, - right_lo_idx, - out_lo_idx, - is_xor_gate ? neg_two : FF::one(), - is_xor_gate ? FF::one() : FF::zero(), - is_xor_gate ? FF::one() : FF::zero(), - FF::neg_one(), - FF::zero() }); + create_poly_gate({ left_hi_idx, + right_hi_idx, + out_hi_idx, + is_xor_gate ? neg_two : FF::one(), + is_xor_gate ? FF::one() : FF::zero(), + is_xor_gate ? FF::one() : FF::zero(), + FF::neg_one(), + FF::zero() }); + + create_poly_gate({ left_lo_idx, + right_lo_idx, + out_lo_idx, + is_xor_gate ? neg_two : FF::one(), + is_xor_gate ? FF::one() : FF::zero(), + is_xor_gate ? FF::one() : FF::zero(), + FF::neg_one(), + FF::zero() }); FF left_quad = this->get_variable(left_lo_idx) + this->get_variable(left_hi_idx) + this->get_variable(left_hi_idx); @@ -384,34 +382,34 @@ accumulator_triple StandardCircuitConstructor_::create_logic_constraint(cons new_left_accumulator = new_left_accumulator + left_quad; uint32_t new_left_accumulator_idx = this->add_variable(new_left_accumulator); - create_add_gate(add_triple_{ left_accumulator_idx, - left_quad_idx, - new_left_accumulator_idx, - four, - FF::one(), - FF::neg_one(), - FF::zero() }); + create_add_gate({ left_accumulator_idx, + left_quad_idx, + new_left_accumulator_idx, + four, + FF::one(), + FF::neg_one(), + FF::zero() }); FF new_right_accumulator = right_accumulator + right_accumulator; new_right_accumulator = new_right_accumulator + new_right_accumulator; new_right_accumulator = new_right_accumulator + right_quad; uint32_t new_right_accumulator_idx = this->add_variable(new_right_accumulator); - create_add_gate(add_triple_{ right_accumulator_idx, - right_quad_idx, - new_right_accumulator_idx, - four, - FF::one(), - FF::neg_one(), - FF::zero() }); + create_add_gate({ right_accumulator_idx, + right_quad_idx, + new_right_accumulator_idx, + four, + FF::one(), + FF::neg_one(), + FF::zero() }); FF new_out_accumulator = out_accumulator + out_accumulator; new_out_accumulator = new_out_accumulator + new_out_accumulator; new_out_accumulator = new_out_accumulator + out_quad; uint32_t new_out_accumulator_idx = this->add_variable(new_out_accumulator); - create_add_gate(add_triple_{ - out_accumulator_idx, out_quad_idx, new_out_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); + create_add_gate( + { out_accumulator_idx, out_quad_idx, new_out_accumulator_idx, four, FF::one(), FF::neg_one(), FF::zero() }); accumulators.left.emplace_back(new_left_accumulator_idx); accumulators.right.emplace_back(new_right_accumulator_idx); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp index 7152ae5c01..37c198c713 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp @@ -187,8 +187,8 @@ TEST(turbo_circuit_constructor, small_scalar_multipliers) bool skew = false; barretenberg::wnaf::fixed_wnaf(&scalar_multiplier_base.data[0], &wnaf_entries[0], skew, 0); - fr accumulator_ofrset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); - fr origin_accumulators[2]{ fr::one(), accumulator_ofrset + fr::one() }; + fr accumulator_offset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); + fr origin_accumulators[2]{ fr::one(), accumulator_offset + fr::one() }; grumpkin::g1::element* multiplication_transcript = static_cast(aligned_alloc(64, sizeof(grumpkin::g1::element) * (num_quads + 1))); @@ -228,7 +228,7 @@ TEST(turbo_circuit_constructor, small_scalar_multipliers) TurboCircuitConstructor circuit_constructor = TurboCircuitConstructor(); - fr x_alpha = accumulator_ofrset; + fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; round_quad.d = circuit_constructor.add_variable(accumulator_transcript[i]); @@ -311,8 +311,8 @@ TEST(turbo_circuit_constructor, large_scalar_multipliers) bool skew = false; barretenberg::wnaf::fixed_wnaf(&scalar_multiplier_base.data[0], &wnaf_entries[0], skew, 0); - fr accumulator_ofrset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); - fr origin_accumulators[2]{ fr::one(), accumulator_ofrset + fr::one() }; + fr accumulator_offset = (fr::one() + fr::one()).pow(static_cast(initial_exponent)).invert(); + fr origin_accumulators[2]{ fr::one(), accumulator_offset + fr::one() }; grumpkin::g1::element* multiplication_transcript = static_cast(aligned_alloc(64, sizeof(grumpkin::g1::element) * (num_quads + 1))); @@ -352,7 +352,7 @@ TEST(turbo_circuit_constructor, large_scalar_multipliers) TurboCircuitConstructor circuit_constructor = TurboCircuitConstructor(); - fr x_alpha = accumulator_ofrset; + fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; round_quad.d = circuit_constructor.add_variable(accumulator_transcript[i]); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index 60fb16076d..9d48c56f7d 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -30,14 +30,14 @@ template void UltraCircuitConstructor_::finalize_circuit() * 1. ComposerBase::n => refers to the size of the witness of a given program, * 2. proving_key::n => the next power of two ≥ total witness size. * - * In this case, we have composer.this->num_gates = n_computation before we execute the following two functions. + * In this case, we have composer.num_gates = n_computation before we execute the following two functions. * After these functions are executed, the composer's `n` is incremented to include the ROM * and range list gates. Therefore we have: - * composer.this->num_gates = n_computation + n_rom + n_range. + * composer.num_gates = n_computation + n_rom + n_range. * - * Its this->necessary to this->include the this->(n_rom + n_range) gates at this point because if we already have a + * Its necessary to include the (n_rom + n_range) gates at this point because if we already have a * proving key, and we just return it without including these ROM and range list gates, the overall - * circuit size would not this->be correct (this->resulting in this->the code crashing while performing FFT + * circuit size would not be correct (resulting in the code crashing while performing FFT * operations). * * Therefore, we introduce a boolean flag `circuit_finalised` here. Once we add the rom and range gates, @@ -53,7 +53,7 @@ template void UltraCircuitConstructor_::finalize_circuit() } /** - * @brief Atemplate void zero-polynomials and ensure first coeff of wire polynomials is 0 + * @brief Avoid zero-polynomials and ensure first coeff of wire polynomials is 0 * * @param in Structure containing variables and witness selectors */ @@ -158,7 +158,7 @@ template void UltraCircuitConstructor_::create_add_gate(const } /** - * @brief Create a this->big addition this->gate, this->where in.a * in.a_scaling + in.b * in.b_scaling + in.c * + * @brief Create a big addition gate, where in.a * in.a_scaling + in.b * in.b_scaling + in.c * * in.c_scaling + in.d * in.d_scaling + in.const_scaling = 0. If include_next_gate_w_4 is enabled, then thes sum also * adds the value of the 4-th witness at the next index. * @@ -188,7 +188,7 @@ void UltraCircuitConstructor_::create_big_add_gate(const add_quad& in, const } /** - * @brief A legacy method this->that was this->used to this->extract a bit from c-4d by using gate selectors in the + * @brief A legacy method that was used to extract a bit from c-4d by using gate selectors in the * Turboplonk, but is simulated here for ultraplonk * * @param in Structure with variables and witness selector values @@ -279,7 +279,7 @@ template void UltraCircuitConstructor_::create_big_mul_gate(co } // Creates a width-4 addition gate, where the fourth witness must be a boolean. -// Can be used to this->normalize a this->32-bit this->addition +// Can be used to normalize a 32-bit addition template void UltraCircuitConstructor_::create_balanced_add_gate(const add_quad& in) { this->assert_valid_variables({ in.a, in.b, in.c, in.d }); @@ -303,7 +303,7 @@ template void UltraCircuitConstructor_::create_balanced_add_ga // Why 3? TODO: return to this // The purpose of this gate is to do enable lazy 32-bit addition. // Consider a + b = c mod 2^32 - // We want the this->4th wire this->to represent this->the quotient: + // We want the 4th wire to represent the quotient: // w1 + w2 = w4 * 2^32 + w3 // If we allow this overflow 'flag' to range from 0 to 3, instead of 0 to 1, // we can get away with chaining a few addition operations together with basic add gates, @@ -370,7 +370,7 @@ template void UltraCircuitConstructor_::create_bool_gate(const } /** - * @brief A plonk gate this->with disabled (this->set to this->zero) fourth wire. q_m * a * b + q_1 * a + q_2 * b + q_3 + * @brief A plonk gate with disabled (set to zero) fourth wire. q_m * a * b + q_1 * a + q_2 * b + q_3 * * c + q_const = 0 * * @param in Structure containing variables and witness selectors @@ -399,7 +399,7 @@ template void UltraCircuitConstructor_::create_poly_gate(const } /** - * @brief Create an this->elliptic curve this->addition gate + * @brief Create an elliptic curve this->addition gate * * @details x and y are defined over scalar field. Addition can handle applying the curve endomorphism to one of the * points being summed at the time of addition. @@ -473,7 +473,7 @@ template void UltraCircuitConstructor_::create_ecc_add_gate(co } /** - * @brief Add a this->gate equating this->a particular this->witness to a constant, fixing it the value + * @brief Add a gate equating a particular witness to a constant, fixing it the value * * @param witness_index The index of the witness we are fixing * @param witness_value The value we are fixing it to @@ -576,7 +576,7 @@ plookup::ReadData UltraCircuitConstructor_::create_gates_from_ploo } /** - * this->Generalized Permutation this->Methods + * Generalized Permutation Methods **/ template typename UltraCircuitConstructor_::RangeList UltraCircuitConstructor_::create_range_list( @@ -1041,9 +1041,8 @@ std::vector UltraCircuitConstructor_::decompose_into_default_range const uint256_t val = (uint256_t)(this->get_variable(variable_index)); // check witness value is indeed in range (commented out cause interferes with negative tests) - // ASSERT(val < ((uint256_t)1 << num_bits) - 1); // Q:ask Zac what happens with wrapping when converting FF to - // uint256 - // ASSERT(limb_num % 3 == 0); // TODO: write version of method that doesn't need this + // ASSERT(val < ((uint256_t)1 << num_bits) - 1); // Q:ask Zac what happens with wrapping when converting scalar + // field to uint256 ASSERT(limb_num % 3 == 0); // TODO: write version of method that doesn't need this std::vector val_limbs; std::vector val_slices; for (size_t i = 0; i < limb_num; i++) { @@ -1297,7 +1296,7 @@ void UltraCircuitConstructor_::range_constrain_two_limbs(const uint32_t lo_i const uint256_t limb = this->get_variable(limb_idx); // we can use constant 2^14 - 1 mask here. If the sublimb value exceeds the expected value then witness will // fail the range check below - // We also use this->zero_idx to substitute variables that should be zero + // We also use zero_idx to substitute variables that should be zero constexpr uint256_t MAX_SUBLIMB_MASK = (uint256_t(1) << 14) - 1; std::array sublimb_indices; sublimb_indices[0] = sublimb_masks[0] != 0 ? this->add_variable(limb & MAX_SUBLIMB_MASK) : this->zero_idx; @@ -1532,7 +1531,7 @@ std::array UltraCircuitConstructor_::evaluate_non_native_field_ /** * product gate 6 * - * hi_2 this->- hi_1 this->- lo_1 this->- q[2](p[1].2^b + p[0]) - q[3](p[0].2^b) = 0 + * hi_2 - hi_1 - lo_1 - q[2](p[1].2^b + p[0]) - q[3](p[0].2^b) = 0 * **/ create_big_add_gate( @@ -1624,7 +1623,7 @@ template void UltraCircuitConstructor_::process_non_native_fie } /** - * this->Compute the this->limb-multiplication this->part of a non native field mul + * Compute the limb-multiplication part of a non native field mul * * i.e. compute the low 204 and high 204 bit components of `a * b` where `a, b` are nnf elements composed of 4 * limbs with size DEFAULT_NON_NATIVE_FIELD_LIMB_BITS @@ -1923,7 +1922,8 @@ std::array UltraCircuitConstructor_::evaluate_non_native_field_ } /** - this->* @brief this->Gate that this->'reads' from a ROM table. + * @brief + * Gate that'reads' from a ROM table. * i.e. table index is a witness not precomputed * * @param record Stores details of this read operation. Mutated by this fn! @@ -1942,7 +1942,7 @@ template void UltraCircuitConstructor_::create_ROM_gate(RomRec } /** - * @brief this->Gate that this->performs consistency this->checks to validate that a claimed ROM read value is correct + * @brief Gate that performs consistency checks to validate that a claimed ROM read value is correct * * @details sorted ROM gates are generated sequentially, each ROM record is sorted by index * @@ -1961,7 +1961,7 @@ template void UltraCircuitConstructor_::create_sorted_ROM_gate } /** - * @brief this->Create a this->new read-this->only memory region + * @brief Create a new read-only memory region * * @details Creates a transcript object, where the inside memory state array is filled with "uninitialized memory" and @@ -2006,7 +2006,7 @@ template void UltraCircuitConstructor_::create_RAM_gate(RamRec } /** - * @brief this->Gate that this->performs consistency this->checks to validate that a claimed RAM read/write value is + * @brief Gate that performs consistency checks to validate that a claimed RAM read/write value is * correct * * @details sorted RAM gates are generated sequentially, each RAM record is sorted first by index then by timestamp @@ -2026,7 +2026,7 @@ template void UltraCircuitConstructor_::create_sorted_RAM_gate } /** - * @brief this->Performs consistency this->checks to this->validate that a claimed RAM read/write value is correct. + * @brief Performs consistency checks to validate that a claimed RAM read/write value is correct. * Used for the final gate in a list of sorted RAM records * * @param record Stores details of this read operation. Mutated by this fn! @@ -2394,7 +2394,7 @@ template void UltraCircuitConstructor_::process_ROM_array(cons }, false); // N.B. If the above check holds, we know the sorted list begins with an index value of 0, - // because the first cell is explicitly initialized using this->zero_idx as the index field. + // because the first cell is explicitly initialized using zero_idx as the index field. } /** From 97abfe5ac06f4efa512d76e73639a6c27f087467 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 5 Jul 2023 08:21:09 +0000 Subject: [PATCH 12/12] Fix compilation. --- .../circuit_builder/standard_circuit_builder.test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/circuit_builder/standard_circuit_builder.test.cpp b/cpp/src/barretenberg/proof_system/circuit_builder/standard_circuit_builder.test.cpp index dbf9584b24..c263b13f8b 100644 --- a/cpp/src/barretenberg/proof_system/circuit_builder/standard_circuit_builder.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_builder/standard_circuit_builder.test.cpp @@ -24,7 +24,7 @@ TEST(standard_circuit_constructor, base_case) TEST(standard_circuit_constructor, grumpkin_base_case) { - StandardGrumpkinCircuitConstructor composer = StandardGrumpkinCircuitConstructor(); + StandardGrumpkinCircuitBuilder composer = StandardGrumpkinCircuitBuilder(); grumpkin::fr a = grumpkin::fr::one(); composer.add_public_variable(a);