feat: Circuit simulator

cpp/src/barretenberg/crypto/generators/generator_data.cpp

@@ -282,15 +282,15 @@ generator_data const& get_generator_data(generator_index_t index)
     size_t global_index_offset = 0;
     if (0 < index.index && index.index <= LOW.num_indices) {
         // Calculate the global index of the generator for the LOW hash index
-        ASSERT(index.sub_index < LOW.num_generators_per_index);
+        // ASSERT(index.sub_index < LOW.num_generators_per_index);
         const size_t local_index_offset = 0;
         const size_t generator_count_offset = 0;
         global_index_offset =
             generator_count_offset + (index.index - local_index_offset - 1) * LOW.num_generators_per_index;
 
     } else if (index.index <= (LOW.num_indices + MID.num_indices)) {
         // Calculate the global index of the generator for the MID hash index
-        ASSERT(index.sub_index < MID.num_generators_per_index);
+        // ASSERT(index.sub_index < MID.num_generators_per_index);
         const size_t local_index_offset = LOW.num_indices;
         const size_t generator_count_offset = LOW.total_generators();
         global_index_offset =
@@ -300,7 +300,7 @@ generator_data const& get_generator_data(generator_index_t index)
         // Calculate the global index of the generator for the HIGH hash index
         const size_t local_index_offset = LOW.num_indices + MID.num_indices;
         const size_t generator_count_offset = LOW.total_generators() + MID.total_generators();
-        ASSERT(index.sub_index < HIGH.num_generators_per_index);
+        // ASSERT(index.sub_index < HIGH.num_generators_per_index);
         global_index_offset =
             generator_count_offset + (index.index - local_index_offset - 1) * HIGH.num_generators_per_index;
 

cpp/src/barretenberg/crypto/schnorr/schnorr.hpp

@@ -34,10 +34,10 @@ struct signature {
 };
 
 template <typename Hash, typename Fq, typename Fr, typename G1>
-bool verify_signature(const std::string& message, const typename G1::affine_element& public_key, const signature& sig);
+bool verify_signature(const auto& message, const typename G1::affine_element& public_key, const signature& sig);
 
 template <typename Hash, typename Fq, typename Fr, typename G1>
-signature construct_signature(const std::string& message, const key_pair<Fr, G1>& account);
+signature construct_signature(const auto& message, const key_pair<Fr, G1>& account);
 
 inline bool operator==(signature const& lhs, signature const& rhs)
 {

cpp/src/barretenberg/crypto/schnorr/schnorr.tcc

@@ -24,7 +24,7 @@ namespace schnorr {
  *
  * @tparam Hash the hash-function used as random-oracle
  * @tparam G1 Group over which the signature is produced
- * @param message what are we signing over?
+ * @param message what are we signing over? // WORKTODO: this was only audited for std::string.
  * @param pubkey the pubkey of the signer
  * @param R the nonce
  * @return e = H(pedersen(R.x || pubkey.x || pubkey.y), message) as a 256-bit integer,
@@ -37,7 +37,7 @@ namespace schnorr {
  * are always private inputs to circuits) then nothing would be revealed anyway.
  */
 template <typename Hash, typename G1>
-static auto generate_schnorr_challenge(const std::string& message,
+static auto generate_schnorr_challenge(const auto& message,
                                        const typename G1::affine_element& pubkey,
                                        const typename G1::affine_element& R)
 {
@@ -114,9 +114,10 @@ signature construct_signature(const std::string& message, const key_pair<Fr, G1>
 
 /**
  * @brief Verify a Schnorr signature of the sort produced by construct_signature.
+ * // WORKTODO: this was only audited for std::string input.
  */
 template <typename Hash, typename Fq, typename Fr, typename G1>
-bool verify_signature(const std::string& message, const typename G1::affine_element& public_key, const signature& sig)
+bool verify_signature(const auto& message, const typename G1::affine_element& public_key, const signature& sig)
 {
     using affine_element = typename G1::affine_element;
     using element = typename G1::element;

cpp/src/barretenberg/plonk/flavor/flavor.hpp

@@ -1,5 +1,6 @@
 #pragma once
 #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp"
+#include "barretenberg/proof_system/circuit_builder/circuit_simulator.hpp"
 #include "barretenberg/proof_system/circuit_builder/standard_circuit_builder.hpp"
 #include "barretenberg/proof_system/circuit_builder/turbo_circuit_builder.hpp"
 #include "barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp"
@@ -154,4 +155,14 @@ class Ultra {
         return output;
     }
 };
+
+class SimulatorBN254 {
+  public:
+    using CircuitBuilder = proof_system::CircuitSimulatorBN254;
+    static transcript::Manifest create_manifest(const size_t num_public_inputs)
+    {
+        return Ultra::create_manifest(num_public_inputs);
+    }
+};
+
 } // namespace proof_system::plonk::flavor

cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.cpp

@@ -76,12 +76,13 @@ barretenberg::fr verification_key_data::compress_native(const size_t hash_index)
     write(preimage_data, eval_domain.root);
 
     barretenberg::fr compressed_key;
-    if (proof_system::CircuitType(circuit_type) == proof_system::CircuitType::ULTRA) {
-        compressed_key = from_buffer<barretenberg::fr>(
-            crypto::pedersen_commitment::lookup::compress_native(preimage_data, hash_index));
-    } else {
-        compressed_key = crypto::pedersen_commitment::compress_native(preimage_data, hash_index);
-    }
+    // WORKTODO
+    // if (proof_system::CircuitType(circuit_type) == proof_system::CircuitType::ULTRA) {
+    //     compressed_key = from_buffer<barretenberg::fr>(
+    //         crypto::pedersen_commitment::lookup::compress_native(preimage_data, hash_index));
+    // } else {
+    compressed_key = crypto::pedersen_commitment::compress_native(preimage_data, hash_index);
+    // }
     return compressed_key;
 }
 

cpp/src/barretenberg/proof_system/circuit_builder/circuit_simulator.hpp

@@ -0,0 +1,176 @@
+#pragma once
+#include "barretenberg/ecc/curves/bn254/fr.hpp"
+#include "barretenberg/proof_system/arithmetization/gate_data.hpp"
+#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
+#include "barretenberg/proof_system/plookup_tables/types.hpp"
+#include "barretenberg/proof_system/types/circuit_type.hpp"
+#include "barretenberg/proof_system/types/merkle_hash_type.hpp"
+#include "barretenberg/proof_system/types/pedersen_commitment_type.hpp"
+#include <cstdint>
+
+namespace proof_system {
+
+class CircuitSimulatorBN254 {
+  public:
+    using FF = barretenberg::fr;                                                 // IOU templating
+    static constexpr merkle::HashType merkle_hash_type = merkle::HashType::NONE; // UGH
+    static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::NONE;
+    static constexpr CircuitType CIRCUIT_TYPE = CircuitType::ULTRA;
+    static constexpr std::string_view NAME_STRING = "SIMULATOR";
+    bool contains_recursive_proof = false;
+    static constexpr size_t UINT_LOG2_BASE = 2; // WORKTODO: 6 for Ultra
+    static constexpr size_t DEFAULT_PLOOKUP_RANGE_BITNUM = 1028;
+
+    static constexpr size_t num_gates = 0;
+    static constexpr uint32_t zero_idx = 0;
+    std::vector<FF> public_inputs;
+
+    // uint32_t add_variable([[maybe_unused]]const FF& in){
+    //   return 0; // WORKTODO: return part of `in` for debugging purposes?
+    // }
+
+    void add_recursive_proof(const std::vector<uint32_t>& proof_output_witness_indices)
+    {
+
+        if (contains_recursive_proof) {
+            failure("added recursive proof when one already exists");
+        }
+        contains_recursive_proof = true;
+
+        for (uint32_t idx = 0; idx < proof_output_witness_indices.size(); idx++) {
+            recursive_proof_public_input_indices.push_back(idx);
+        }
+    }
+
+    inline uint32_t add_variable([[maybe_unused]] const barretenberg::fr index) const { return 1028; }
+    inline barretenberg::fr get_variable([[maybe_unused]] const uint32_t index) const { return 1028; }
+
+    uint32_t put_constant_variable([[maybe_unused]] const barretenberg::fr& variable) { return 1028; }
+    void set_public_input([[maybe_unused]] const uint32_t witness_index)
+    {
+        // WORKTODO Public input logic?
+    }
+
+    void set_public_input([[maybe_unused]] const barretenberg::fr value) { public_inputs.emplace_back(value); }
+
+    void fix_witness([[maybe_unused]] const uint32_t witness_index,
+                     [[maybe_unused]] const barretenberg::fr& witness_value){
+        // WORKTODO: logic?
+    };
+
+    [[nodiscard]] size_t get_num_gates() const { return 0; }
+
+    void create_add_gate([[maybe_unused]] const add_triple& in){};
+    void create_mul_gate([[maybe_unused]] const mul_triple& in){};
+    void create_bool_gate([[maybe_unused]] const uint32_t a){};
+    void create_poly_gate([[maybe_unused]] const poly_triple& in){};
+    void create_big_add_gate([[maybe_unused]] const add_quad& in){};
+    void create_big_add_gate_with_bit_extraction([[maybe_unused]] const add_quad& in){};
+    void create_big_mul_gate([[maybe_unused]] const mul_quad& in){};
+    void create_balanced_add_gate([[maybe_unused]] const add_quad& in){};
+    void create_fixed_group_add_gate([[maybe_unused]] const fixed_group_add_quad& in){};
+    void create_fixed_group_add_gate_with_init([[maybe_unused]] const fixed_group_add_quad& in,
+                                               [[maybe_unused]] const fixed_group_init_quad& init){};
+    void create_fixed_group_add_gate_final([[maybe_unused]] const add_quad& in){};
+    void create_ecc_add_gate([[maybe_unused]] const ecc_add_gate& in){};
+
+    plookup::ReadData<uint32_t> create_gates_from_plookup_accumulators(
+        [[maybe_unused]] const plookup::MultiTableId& id,
+        [[maybe_unused]] const plookup::ReadData<FF>& read_values,
+        [[maybe_unused]] const uint32_t key_a_index,
+        [[maybe_unused]] std::optional<uint32_t> key_b_index = std::nullopt)
+    {
+        return {};
+    };
+
+    std::vector<uint32_t> decompose_into_default_range(
+        [[maybe_unused]] const uint32_t variable_index,
+        [[maybe_unused]] const uint64_t num_bits,
+        [[maybe_unused]] const uint64_t target_range_bitnum = 1028,
+        [[maybe_unused]] std::string const& msg = "decompose_into_default_range")
+    {
+        return {};
+    };
+
+    std::vector<uint32_t> decompose_into_default_range_better_for_oddlimbnum(
+        [[maybe_unused]] const uint32_t variable_index,
+        [[maybe_unused]] const size_t num_bits,
+        [[maybe_unused]] std::string const& msg = "decompose_into_default_range_better_for_oddlimbnum")
+    {
+        return {};
+    };
+    void create_dummy_constraints([[maybe_unused]] const std::vector<uint32_t>& variable_index){};
+    void create_sort_constraint([[maybe_unused]] const std::vector<uint32_t>& variable_index){};
+    void create_sort_constraint_with_edges([[maybe_unused]] const std::vector<uint32_t>& variable_index,
+                                           [[maybe_unused]] const FF&,
+                                           [[maybe_unused]] const FF&){};
+    void assign_tag([[maybe_unused]] const uint32_t variable_index, [[maybe_unused]] const uint32_t tag){};
+
+    accumulator_triple create_and_constraint([[maybe_unused]] const uint32_t a,
+                                             [[maybe_unused]] const uint32_t b,
+                                             [[maybe_unused]] const size_t num_bits)
+    {
+        return { { 1028 }, { 1028 }, { 1028 } };
+    };
+    accumulator_triple create_xor_constraint([[maybe_unused]] const uint32_t a,
+                                             [[maybe_unused]] const uint32_t b,
+                                             [[maybe_unused]] const size_t num_bits)
+    {
+        return { { 1028 }, { 1028 }, { 1028 } };
+    };
+
+    size_t get_num_constant_gates() { return 1028; };
+    // maybe this shouldn't be implemented?
+
+    bool create_range_constraint(FF const& elt,
+                                 size_t const& num_bits,
+                                 std::string const& msg = "create_range_constraint")
+    {
+        const bool constraint_holds = static_cast<uint256_t>(elt).get_msb() < num_bits;
+        if (!constraint_holds) {
+            failure(msg);
+        }
+        return constraint_holds;
+    }
+
+    std::vector<uint32_t> decompose_into_base4_accumulators(
+        [[maybe_unused]] const uint32_t witness_index,
+        [[maybe_unused]] const size_t num_bits,
+        [[maybe_unused]] std::string const& msg = "create_range_constraint")
+    {
+        return { 1028 };
+    };
+
+    void create_new_range_constraint([[maybe_unused]] const uint32_t variable_index,
+                                     [[maybe_unused]] const uint64_t target_range,
+                                     [[maybe_unused]] std::string const msg = "create_new_range_constraint"){};
+
+    void assert_equal(FF left, FF right, std::string const& msg)
+    {
+        if (left != right) {
+            failure(msg);
+        }
+    }
+
+    void assert_equal_constant(FF left, FF right, std::string const& msg) { assert_equal(left, right, msg); }
+
+    bool _failed = false;
+    std::string _err;
+
+    [[maybe_unused]] bool failed() const { return _failed; };
+    [[nodiscard]] const std::string& err() const { return _err; };
+
+    void set_err(std::string msg) { _err = std::move(msg); }
+    void failure(std::string msg)
+    {
+        _failed = true;
+        set_err(std::move(msg));
+    }
+
+    [[nodiscard]] bool check_circuit() const { return !_failed; }
+
+    // Public input indices which contain recursive proof information
+    std::vector<uint32_t> recursive_proof_public_input_indices;
+};
+
+} // namespace proof_system

cpp/src/barretenberg/proof_system/circuit_builder/circuit_simulator.test.cpp

@@ -0,0 +1,19 @@
+#include "circuit_simulator.hpp"
+#include <gtest/gtest.h>
+
+namespace {
+auto& engine = numeric::random::get_debug_engine();
+}
+
+namespace proof_system::circuit_simulator_tests {
+
+class CircuitSimulatorBN254Test : public ::testing::Test {};
+
+TEST(CircuitSimulatorBN254Test, Base)
+{
+    CircuitSimulatorBN254 circuit;
+}
+
+// TODO: Add more tests.
+
+} // namespace proof_system::circuit_simulator_tests

cpp/src/barretenberg/proof_system/circuit_builder/turbo_circuit_builder.hpp

@@ -19,7 +19,7 @@ template <typename FF> class TurboCircuitBuilder_ : public CircuitBuilderBase<ar
   public:
     static constexpr std::string_view NAME_STRING = "TurboArithmetization";
     static constexpr CircuitType CIRCUIT_TYPE = CircuitType::TURBO;
-    // TODO(#563): make issue; these belong in plonk::flavor::Turbo.
+    // TODO(#563)
     static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN;
     static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN;
     static constexpr size_t UINT_LOG2_BASE = 2;

cpp/src/barretenberg/proof_system/flavor/flavor.hpp

@@ -67,6 +67,7 @@
 #include "barretenberg/honk/sumcheck/polynomials/barycentric_data.hpp"
 #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp"
 #include "barretenberg/polynomials/evaluation_domain.hpp"
+#include "barretenberg/proof_system/circuit_builder/circuit_simulator.hpp"
 #include "barretenberg/proof_system/types/circuit_type.hpp"
 #include <array>
 #include <concepts>
@@ -299,6 +300,10 @@ concept IsPlonkFlavor = IsAnyOf<T, plonk::flavor::Standard, plonk::flavor::Turbo
 template <typename T> 
 concept IsHonkFlavor = IsAnyOf<T, honk::flavor::Standard, honk::flavor::Ultra, honk::flavor::StandardGrumpkin, honk::flavor::UltraGrumpkin>;
 
+// WORKTODO: move? smart way of not referring to instances?
+template <typename T> 
+concept IsSimulator = IsAnyOf<T, proof_system::CircuitSimulatorBN254>; // WORKTODO: move this
+
 template <typename T> concept IsGrumpkinFlavor = IsAnyOf<T, honk::flavor::StandardGrumpkin, honk::flavor::UltraGrumpkin>;
 
 template <typename T> concept StandardFlavor = IsAnyOf<T, honk::flavor::Standard,  honk::flavor::StandardGrumpkin>;

cpp/src/barretenberg/proof_system/polynomial_store/polynomial_store_cache.hpp

@@ -10,7 +10,7 @@ namespace proof_system {
  * A cache that wraps an underlying external store. It favours holding the largest polynomials in it's cache up
  * to max_cache_size_ polynomials. This saves on many expensive copies of large amounts of memory to the external
  * store. Smaller polynomials get swapped out, but they're also much cheaper to read/write.
- * The default ctor sets the cache size to 70.
+ * The default ctor sets the cache size to 40.
  * In combination with the slab allocator, this brings us to about 4GB mem usage for 512k circuits.
  * In tests using just the external store increased proof time from by about 50%.
  * This pretty much recoups all losses.

cpp/src/barretenberg/proof_system/types/merkle_hash_type.hpp

@@ -2,5 +2,5 @@
 
 namespace proof_system::merkle {
 // TODO(Cody) Get rid of this?
-enum HashType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN };
+enum HashType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN, NONE };
 } // namespace proof_system::merkle

cpp/src/barretenberg/proof_system/types/pedersen_commitment_type.hpp

@@ -2,5 +2,5 @@
 
 namespace proof_system::pedersen {
 // TODO(Cody) Get rid of this?
-enum CommitmentType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN };
+enum CommitmentType { FIXED_BASE_PEDERSEN, LOOKUP_PEDERSEN, NONE };
 } // namespace proof_system::pedersen