more interface

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/composer/ultra_composer.cpp

@@ -7,31 +7,24 @@ namespace proof_system::honk {
 
 template <UltraFlavor Flavor> Instance_<Flavor> UltraComposer_<Flavor>::create_instance(CircuitBuilder& circuit)
 {
-    // this could be either here or in the Instance idk
     circuit.add_gates_to_ensure_all_polys_are_non_zero();
     circuit.finalize_circuit();
     Instance instance = Instance(circuit);
+    instance.commitment_key = compute_commitment_key(instance.proving_key->circuit_size);
     return instance;
 }
 
 template <UltraFlavor Flavor> UltraProver_<Flavor> UltraComposer_<Flavor>::create_prover(Instance& instance)
 {
-    compute_commitment_key(instance.proving_key->circuit_size);
-    UltraProver_<Flavor> output_state(instance, commitment_key);
+    UltraProver_<Flavor> output_state(instance);
 
     return output_state;
 }
 
-/**
- * Create verifier: compute verification key,
- * initialize verifier with it and an initial manifest and initialize commitment_scheme.
- *
- * @return The verifier.
- * */
 template <UltraFlavor Flavor> UltraVerifier_<Flavor> UltraComposer_<Flavor>::create_verifier(Instance& instance)
 {
     // for the folding composer we compute the commitment keys here!
-    auto verification_key = instance.compute_verification_key(commitment_key);
+    auto verification_key = instance.compute_verification_key();
     // change this it's clunky and inconsistent
     UltraVerifier_<Flavor> output_state(verification_key);
     auto pcs_verification_key = std::make_unique<VerifierCommitmentKey>(verification_key->circuit_size, crs_factory_);
@@ -40,6 +33,17 @@ template <UltraFlavor Flavor> UltraVerifier_<Flavor> UltraComposer_<Flavor>::cre
     return output_state;
 }
 
+template <UltraFlavor Flavor>
+ProtoGalaxyProver_<Flavor> UltraComposer_<Flavor>::create_folding_prover(std::vector<Instance> instances)
+{
+    for (size_t i = 0; i < instances.size(); i++) {
+        instances[i].index = i;
+    }
+    ProtoGalaxyProver_<Flavor> output_state(instances);
+
+    return output_state;
+}
+
 template class UltraComposer_<honk::flavor::Ultra>;
 template class UltraComposer_<honk::flavor::UltraGrumpkin>;
 template class UltraComposer_<honk::flavor::GoblinUltra>;

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/composer/ultra_composer.hpp

@@ -1,8 +1,8 @@
 #pragma once
 
 #include "barretenberg/honk/instance/instance.hpp"
-#include "barretenberg/honk/proof_system/folding_prover.hpp"
-#include "barretenberg/honk/proof_system/folding_verifier.hpp"
+#include "barretenberg/honk/proof_system/protogalaxy_prover.hpp"
+#include "barretenberg/honk/proof_system/protogalaxy_verifier.hpp"
 #include "barretenberg/honk/proof_system/ultra_prover.hpp"
 #include "barretenberg/honk/proof_system/ultra_verifier.hpp"
 #include "barretenberg/proof_system/composer/composer_lib.hpp"
@@ -19,6 +19,7 @@ template <UltraFlavor Flavor> class UltraComposer_ {
   public:
     using CircuitBuilder = typename Flavor::CircuitBuilder;
     using ProvingKey = typename Flavor::ProvingKey;
+    using ProverPolynomials = typename Flavor::ProverPolynomials;
     using VerificationKey = typename Flavor::VerificationKey;
     using PCS = typename Flavor::PCS;
     using CommitmentKey = typename Flavor::CommitmentKey;
@@ -57,21 +58,25 @@ template <UltraFlavor Flavor> class UltraComposer_ {
     UltraComposer_& operator=(UltraComposer_ const& other) noexcept = default;
     ~UltraComposer_() = default;
 
-    // TODO: can instances share commitment key?
-    void compute_commitment_key(size_t circuit_size)
+    std::shared_ptr<CommitmentKey> compute_commitment_key(size_t circuit_size)
     {
+        if (commitment_key) {
+            return commitment_key;
+        }
+
         commitment_key = std::make_shared<CommitmentKey>(circuit_size, crs_factory_);
+        return commitment_key;
     };
 
     Instance create_instance(CircuitBuilder& circuit);
+    // this needs to change
     Instance create_instance(std::shared_ptr<ProvingKey> p_key, std::shared_ptr<VerificationKey> v_key);
 
-    UltraProver_<Flavor> create_prover(Instance& instance);
-    UltraVerifier_<Flavor> create_verifier(Instance& instance);
+    UltraProver_<Flavor> create_prover(Instance&);
+    UltraVerifier_<Flavor> create_verifier(Instance&);
 
-    // underlying assumption that the first instance should be the one we fold on?
-    // FoldingProver_<Flavor> create_folding_prover(std::vector<Instance<Flavor>&> instances);
-    // FoldingVerifier_<Flavor> create_folding_verifier(std::vector<Instance<Flavor>&> instances);
+    ProtoGalaxyProver_<Flavor> create_folding_prover(std::vector<Instance&>);
+    ProtoGalaxyVerifier_<Flavor> create_folding_verifier(std::vector<Instance&>);
 };
 extern template class UltraComposer_<honk::flavor::Ultra>;
 // TODO: the UltraGrumpkin flavor still works on BN254 because plookup needs to be templated to be able to construct

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/instance/instance.cpp

@@ -294,14 +294,14 @@ template <UltraFlavor Flavor> void Instance_<Flavor>::initialise_prover_polynomi
         prover_polynomials.lagrange_ecc_op = proving_key->lagrange_ecc_op;
     }
 
-    // Add public inputs to transcript from the second wire polynomial; This requires determination of the offset at
-    // which the PI have been written into the wires relative to the 0th index.
+    // Determine public input offsets in the circuit relative to the 0th index
     std::span<FF> public_wires_source = prover_polynomials.w_r;
     pub_inputs_offset = Flavor::has_zero_row ? 1 : 0;
     if constexpr (IsGoblinFlavor<Flavor>) {
         pub_inputs_offset += proving_key->num_ecc_op_gates;
     }
 
+    // Construct the public inputs array
     for (size_t i = 0; i < proving_key->num_public_inputs; ++i) {
         size_t idx = i + pub_inputs_offset;
         public_inputs.emplace_back(public_wires_source[idx]);
@@ -311,11 +311,10 @@ template <UltraFlavor Flavor> void Instance_<Flavor>::initialise_prover_polynomi
 template <UltraFlavor Flavor> void Instance_<Flavor>::compute_sorted_accumulator_polynomials(FF eta)
 {
     relation_parameters.eta = eta;
-    // Compute sorted witness-table accumulator and its commitment
-    // work only ftom instance
+    // Compute sorted witness-table accumulator
     proving_key->sorted_accum = prover_library::compute_sorted_list_accumulator<Flavor>(proving_key, eta);
 
-    // Finalize fourth wire polynomial by adding lookup memory records, then commit
+    // Finalize fourth wire polynomial by adding lookup memory records
     prover_library::add_plookup_memory_records_to_wire_4<Flavor>(proving_key, eta);
 
     prover_polynomials.sorted_accum_shift = proving_key->sorted_accum.shifted();
@@ -324,7 +323,6 @@ template <UltraFlavor Flavor> void Instance_<Flavor>::compute_sorted_accumulator
     prover_polynomials.w_4_shift = proving_key->w_4.shifted();
 }
 
-// get rid of the libraries in the end
 template <UltraFlavor Flavor> void Instance_<Flavor>::compute_grand_product_polynomials(FF beta, FF gamma)
 {
     auto public_input_delta =
@@ -336,28 +334,22 @@ template <UltraFlavor Flavor> void Instance_<Flavor>::compute_grand_product_poly
     relation_parameters.public_input_delta = public_input_delta;
     relation_parameters.lookup_grand_product_delta = lookup_grand_product_delta;
 
-    // Compute permutation + lookup grand product and their commitments
+    // Compute permutation and lookup grand product polynomials
     grand_product_library::compute_grand_products<Flavor>(proving_key, prover_polynomials, relation_parameters);
 }
 
 /**
  * Compute verification key consisting of selector precommitments.
  *
- * @return Pointer to created circuit verification key.
+ * @return Pointer to the resulting verification key of the Instance.
  * */
 template <UltraFlavor Flavor>
-std::shared_ptr<typename Flavor::VerificationKey> Instance_<Flavor>::compute_verification_key(
-    std::shared_ptr<CommitmentKey> commitment_key)
+std::shared_ptr<typename Flavor::VerificationKey> Instance_<Flavor>::compute_verification_key()
 {
     if (verification_key) {
         return verification_key;
     }
 
-    // To have an instance_ you have to have a proving key so this can go away
-    // if (!proving_key) {
-    //     compute_proving_key(circuit);
-    // }
-
     verification_key =
         std::make_shared<typename Flavor::VerificationKey>(proving_key->circuit_size, proving_key->num_public_inputs);
 

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/instance/instance.hpp

@@ -12,7 +12,7 @@
 #include <utility>
 #include <vector>
 namespace proof_system::honk {
-
+// Need verifier instance as well
 // An Instance is created from a Circuit and we initialise all the data structure that rely on information from a
 // circuit Then a Prover and a Verifier is created from an Instance or several instances and each manages their own
 // polynomials
@@ -23,7 +23,7 @@ template <UltraFlavor Flavor> class Instance_ {
     using ProvingKey = typename Flavor::ProvingKey;
     using VerificationKey = typename Flavor::VerificationKey;
     using CommitmentKey = typename Flavor::CommitmentKey;
-    using FF = typename Flavor::Curve::ScalarField;
+    using FF = typename Flavor::FF;
     using FoldingParameters = typename Flavor::FoldingParameters;
     using ProverPolynomials = typename Flavor::ProverPolynomials;
 
@@ -34,8 +34,8 @@ template <UltraFlavor Flavor> class Instance_ {
     static constexpr size_t NUM_WIRES = Circuit::NUM_WIRES;
     std::shared_ptr<ProvingKey> proving_key;
     std::shared_ptr<VerificationKey> verification_key;
+    std::shared_ptr<CommitmentKey> commitment_key;
 
-    // TODO: should this be a shared_ptr?
     ProverPolynomials prover_polynomials;
     std::vector<FF> public_inputs;
     size_t pub_inputs_offset;
@@ -54,7 +54,7 @@ template <UltraFlavor Flavor> class Instance_ {
 
     FoldingParameters folding_params;
     // Used by the prover for domain separation in the transcript
-    uint32_t instance_index;
+    uint32_t index;
 
     Instance_(Circuit& circuit)
     {
@@ -63,9 +63,10 @@ template <UltraFlavor Flavor> class Instance_ {
         compute_witness(circuit);
     }
 
-    explicit Instance_(std::shared_ptr<ProvingKey> p_key, std::shared_ptr<VerificationKey> v_key)
-        : proving_key(std::move(p_key))
-        , verification_key(std::move(v_key))
+    Instance_(ProverPolynomials polys, std::vector<FF> public_inputs, std::shared_ptr<VerificationKey> vk)
+        : verification_key(std::move(vk))
+        , prover_polynomials(polys)
+        , public_inputs(public_inputs)
     {}
 
     Instance_(Instance_&& other) noexcept = default;
@@ -75,7 +76,7 @@ template <UltraFlavor Flavor> class Instance_ {
     ~Instance_() = default;
 
     std::shared_ptr<ProvingKey> compute_proving_key(Circuit&);
-    std::shared_ptr<VerificationKey> compute_verification_key(std::shared_ptr<CommitmentKey> commitment_key);
+    std::shared_ptr<VerificationKey> compute_verification_key();
 
     void compute_circuit_size_parameters(Circuit&);
 

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/instance/verifier_instance.hpp

@@ -0,0 +1,15 @@
+#include "barretenberg/proof_system/flavor/flavor.hpp"
+namespace proof_system::honk {
+template <UltraFlavor Flavor> class VerifierInstance_ {
+    using FF = typename Flavor::FF;
+    using VerificationKey = typename Flavor::VerificationKey;
+    using FoldingParameters = typename Flavor::FoldingParameters;
+
+    std::shared_ptr<VerificationKey> verification_key;
+    std::vector<FF> public_inputs;
+    size_t pub_inputs_offset;
+    size_t circuit_size;
+    FoldingParameters folding_params;
+    size_t index;
+};
+} // namespace proof_system::honk

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/pcs/gemini/gemini.cpp

@@ -54,9 +54,9 @@ namespace proof_system::honk::pcs::gemini {
  */
 template <typename Curve>
 std::vector<typename barretenberg::Polynomial<typename Curve::ScalarField>> GeminiProver_<
-    Curve>::compute_fold_polynomials(std::span<const Fr> mle_opening_point,
-                                     Polynomial&& batched_unshifted,
-                                     Polynomial&& batched_to_be_shifted)
+    Curve>::compute_gemini_polynomials(std::span<const Fr> mle_opening_point,
+                                       Polynomial&& batched_unshifted,
+                                       Polynomial&& batched_to_be_shifted)
 {
     const size_t num_variables = mle_opening_point.size(); // m
 
@@ -69,12 +69,12 @@ std::vector<typename barretenberg::Polynomial<typename Curve::ScalarField>> Gemi
     // The first two are populated here with the batched unshifted and to-be-shifted polynomial respectively.
     // They will eventually contain the full batched polynomial A₀ partially evaluated at the challenges r,-r.
     // This function populates the other m-1 polynomials with the foldings of A₀.
-    std::vector<Polynomial> fold_polynomials;
-    fold_polynomials.reserve(num_variables + 1);
+    std::vector<Polynomial> gemini_polynomials;
+    gemini_polynomials.reserve(num_variables + 1);
 
     // F(X) = ∑ⱼ ρʲ fⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X)
-    Polynomial& batched_F = fold_polynomials.emplace_back(std::move(batched_unshifted));
-    Polynomial& batched_G = fold_polynomials.emplace_back(std::move(batched_to_be_shifted));
+    Polynomial& batched_F = gemini_polynomials.emplace_back(std::move(batched_unshifted));
+    Polynomial& batched_G = gemini_polynomials.emplace_back(std::move(batched_to_be_shifted));
     constexpr size_t offset_to_folded = 2; // Offset because of F an G
     // A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X.
     Polynomial A_0(batched_F);
@@ -86,7 +86,7 @@ std::vector<typename barretenberg::Polynomial<typename Curve::ScalarField>> Gemi
         const size_t n_l = 1 << (num_variables - l - 1);
 
         // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X)
-        fold_polynomials.emplace_back(Polynomial(n_l));
+        gemini_polynomials.emplace_back(Polynomial(n_l));
     }
 
     // A_l = Aₗ(X) is the polynomial being folded
@@ -108,7 +108,7 @@ std::vector<typename barretenberg::Polynomial<typename Curve::ScalarField>> Gemi
         const Fr u_l = mle_opening_point[l];
 
         // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X)
-        auto A_l_fold = fold_polynomials[l + offset_to_folded].data();
+        auto A_l_fold = gemini_polynomials[l + offset_to_folded].data();
 
         parallel_for(num_used_threads, [&](size_t i) {
             size_t current_chunk_size = (i == (num_used_threads - 1)) ? last_chunk_size : chunk_size;
@@ -125,31 +125,31 @@ std::vector<typename barretenberg::Polynomial<typename Curve::ScalarField>> Gemi
         A_l = A_l_fold;
     }
 
-    return fold_polynomials;
+    return gemini_polynomials;
 };
 
 /**
  * @brief Computes/aggragates d+1 Fold polynomials and their opening pairs (challenge, evaluation)
  *
- * @details This function assumes that, upon input, last d-1 entries in fold_polynomials are Fold_i.
+ * @details This function assumes that, upon input, last d-1 entries in gemini_polynomials are Fold_i.
  * The first two entries are assumed to be, respectively, the batched unshifted and batched to-be-shifted
  * polynomials F(X) = ∑ⱼ ρʲfⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X). This function completes the computation
  * of the first two Fold polynomials as F + G/r and F - G/r. It then evaluates each of the d+1
  * fold polynomials at, respectively, the points r, rₗ = r^{2ˡ} for l = 0, 1, ..., d-1.
  *
  * @param mle_opening_point u = (u₀,...,uₘ₋₁) is the MLE opening point
- * @param fold_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X)
+ * @param gemini_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X)
  * and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X), and the next d-1 elements are Fold_i, i = 1, ..., d-1.
  * @param r_challenge univariate opening challenge
  */
 template <typename Curve>
 ProverOutput<Curve> GeminiProver_<Curve>::compute_fold_polynomial_evaluations(
-    std::span<const Fr> mle_opening_point, std::vector<Polynomial>&& fold_polynomials, const Fr& r_challenge)
+    std::span<const Fr> mle_opening_point, std::vector<Polynomial>&& gemini_polynomials, const Fr& r_challenge)
 {
     const size_t num_variables = mle_opening_point.size(); // m
 
-    Polynomial& batched_F = fold_polynomials[0]; // F(X) = ∑ⱼ ρʲ   fⱼ(X)
-    Polynomial& batched_G = fold_polynomials[1]; // G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X)
+    Polynomial& batched_F = gemini_polynomials[0]; // F(X) = ∑ⱼ ρʲ   fⱼ(X)
+    Polynomial& batched_G = gemini_polynomials[1]; // G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X)
 
     // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1
     std::vector<Fr> r_squares = squares_of_r(r_challenge, num_variables);
@@ -158,16 +158,16 @@ ProverOutput<Curve> GeminiProver_<Curve>::compute_fold_polynomial_evaluations(
     Fr r_inv = r_challenge.invert();
     batched_G *= r_inv;
 
-    // Construct A₀₊ = F + G/r and A₀₋ = F - G/r in place in fold_polynomials
+    // Construct A₀₊ = F + G/r and A₀₋ = F - G/r in place in gemini_polynomials
     Polynomial tmp = batched_F;
-    Polynomial& A_0_pos = fold_polynomials[0];
+    Polynomial& A_0_pos = gemini_polynomials[0];
 
     // A₀₊(X) = F(X) + G(X)/r, s.t. A₀₊(r) = A₀(r)
     A_0_pos += batched_G;
 
     // Perform a swap so that tmp = G(X)/r and A_0_neg = F(X)
     std::swap(tmp, batched_G);
-    Polynomial& A_0_neg = fold_polynomials[1];
+    Polynomial& A_0_neg = gemini_polynomials[1];
 
     // A₀₋(X) = F(X) - G(X)/r, s.t. A₀₋(-r) = A₀(-r)
     A_0_neg -= tmp;
@@ -176,15 +176,16 @@ ProverOutput<Curve> GeminiProver_<Curve>::compute_fold_polynomial_evaluations(
     fold_poly_opening_pairs.reserve(num_variables + 1);
 
     // Compute first opening pair {r, A₀(r)}
-    fold_poly_opening_pairs.emplace_back(OpeningPair<Curve>{ r_challenge, fold_polynomials[0].evaluate(r_challenge) });
+    fold_poly_opening_pairs.emplace_back(
+        OpeningPair<Curve>{ r_challenge, gemini_polynomials[0].evaluate(r_challenge) });
 
     // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 0, ..., m-1.
     for (size_t l = 0; l < num_variables; ++l) {
         fold_poly_opening_pairs.emplace_back(
-            OpeningPair<Curve>{ -r_squares[l], fold_polynomials[l + 1].evaluate(-r_squares[l]) });
+            OpeningPair<Curve>{ -r_squares[l], gemini_polynomials[l + 1].evaluate(-r_squares[l]) });
     }
 
-    return { fold_poly_opening_pairs, std::move(fold_polynomials) };
+    return { fold_poly_opening_pairs, std::move(gemini_polynomials) };
 };
 
 template class GeminiProver_<curve::BN254>;

circuits/cpp/barretenberg/cpp/src/barretenberg/honk/pcs/gemini/gemini.hpp

@@ -102,12 +102,12 @@ template <typename Curve> class GeminiProver_ {
     using Polynomial = barretenberg::Polynomial<Fr>;
 
   public:
-    static std::vector<Polynomial> compute_fold_polynomials(std::span<const Fr> mle_opening_point,
-                                                            Polynomial&& batched_unshifted,
-                                                            Polynomial&& batched_to_be_shifted);
+    static std::vector<Polynomial> compute_gemini_polynomials(std::span<const Fr> mle_opening_point,
+                                                              Polynomial&& batched_unshifted,
+                                                              Polynomial&& batched_to_be_shifted);
 
     static ProverOutput<Curve> compute_fold_polynomial_evaluations(std::span<const Fr> mle_opening_point,
-                                                                   std::vector<Polynomial>&& fold_polynomials,
+                                                                   std::vector<Polynomial>&& gemini_polynomials,
                                                                    const Fr& r_challenge);
 }; // namespace proof_system::honk::pcs::gemini