Skip to content

Commit

Permalink
Ultraplonk check_circuit (AztecProtocol/barretenberg#366)
Browse files Browse the repository at this point in the history
* Add check_circuit with mid-construction introspection
  • Loading branch information
Rumata888 authored Apr 27, 2023
1 parent c5adf4b commit 113292d
Show file tree
Hide file tree
Showing 44 changed files with 2,366 additions and 246 deletions.
1 change: 1 addition & 0 deletions barretenberg/cpp/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ endif()
if(ENABLE_ASAN)
add_compile_options(-fsanitize=address)
add_link_options(-fsanitize=address)
set(DISABLE_ASM ON)
endif()

if(SERIALIZE_CANARY)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ void UltraHonkComposerHelper<CircuitConstructor>::compute_witness(CircuitConstru
const size_t filled_gates = circuit_constructor.num_gates + circuit_constructor.public_inputs.size();
const size_t total_num_gates = std::max(filled_gates, tables_size + lookups_size);

const size_t subgroup_size = circuit_constructor.get_circuit_subgroup_size(total_num_gates + NUM_RESERVED_GATES);
const size_t subgroup_size = circuit_constructor.get_circuit_subgroup_size(total_num_gates + NUM_RANDOMIZED_GATES);

// Pad the wires (pointers to `witness_indices` of the `variables` vector).
// Note: the remaining NUM_RESERVED_GATES indices are padded with zeros within `compute_witness_base` (called
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#pragma once
#include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp"
#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
#include "barretenberg/honk/proof_system/ultra_prover.hpp"
#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp"
#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp"
Expand Down Expand Up @@ -289,7 +289,7 @@ class UltraHonkComposer {
std::vector<uint32_t> decompose_into_default_range(
const uint32_t variable_index,
const uint64_t num_bits,
const uint64_t target_range_bitnum = DEFAULT_PLOOKUP_RANGE_BITNUM,
const uint64_t target_range_bitnum = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM,
std::string const& msg = "decompose_into_default_range")
{
return circuit_constructor.decompose_into_default_range(variable_index, num_bits, target_range_bitnum, msg);
Expand Down Expand Up @@ -348,17 +348,19 @@ class UltraHonkComposer {
// /**
// * Non Native Field Arithmetic
// **/
void range_constrain_two_limbs(const uint32_t lo_idx,
const uint32_t hi_idx,
const size_t lo_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
const size_t hi_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
void range_constrain_two_limbs(
const uint32_t lo_idx,
const uint32_t hi_idx,
const size_t lo_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
const size_t hi_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
{
circuit_constructor.range_constrain_two_limbs(lo_idx, hi_idx, lo_limb_bits, hi_limb_bits);
};
// std::array<uint32_t, 2> decompose_non_native_field_double_width_limb(
// const uint32_t limb_idx, const size_t num_limb_bits = (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS));
std::array<uint32_t, 2> queue_non_native_field_multiplication(
const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder = true)
const UltraCircuitConstructor::non_native_field_witnesses& input,
const bool range_constrain_quotient_and_remainder = true)
{
return circuit_constructor.queue_non_native_field_multiplication(input, range_constrain_quotient_and_remainder);
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -748,7 +748,7 @@ TEST(UltraHonkComposer, non_native_field_multiplication)
const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q)));
const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r)));

proof_system::non_native_field_witnesses inputs{
proof_system::UltraCircuitConstructor::non_native_field_witnesses inputs{
a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)),
};
const auto [lo_1_idx, hi_1_idx] = honk_composer.queue_non_native_field_multiplication(inputs);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ void UltraPlonkComposerHelper<CircuitConstructor>::compute_witness(CircuitConstr

// TODO(luke): subgroup size was already computed above but compute_witness_base computes it again. If we pass in
// NUM_RANDOMIZED_GATES (as in the other split composers) the resulting sizes can differ. Reconcile this.
auto wire_polynomial_evaluations = compute_witness_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES);
auto wire_polynomial_evaluations = compute_witness_base(circuit_constructor, total_num_gates, NUM_RESERVED_GATES);

for (size_t j = 0; j < program_width; ++j) {
std::string index = std::to_string(j + 1);
Expand Down Expand Up @@ -225,7 +225,7 @@ std::shared_ptr<proving_key> UltraPlonkComposerHelper<CircuitConstructor>::compu
}

const size_t minimum_circuit_size = tables_size + lookups_size;
const size_t num_randomized_gates = NUM_RANDOMIZED_GATES;
const size_t num_randomized_gates = NUM_RESERVED_GATES;
// Initialize circuit_proving_key
// TODO(#229)(Kesha): replace composer types.
circuit_proving_key = initialize_proving_key(
Expand Down Expand Up @@ -359,7 +359,7 @@ std::shared_ptr<plonk::verification_key> UltraPlonkComposerHelper<CircuitConstru
}
circuit_verification_key = compute_verification_key_common(circuit_proving_key, crs_factory_->get_verifier_crs());

circuit_verification_key->composer_type = type; // Invariably plookup for this class.
circuit_verification_key->composer_type = ComposerType::PLOOKUP; // Invariably plookup for this class.

// See `add_recusrive_proof()` for how this recursive data is assigned.
circuit_verification_key->recursive_proof_public_input_indices =
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ template <typename CircuitConstructor> class UltraPlonkComposerHelper {
// NUM_RESERVED_GATES). Therefore for consistency within this composer itself, and consistency with the original
// Ultra Composer, this value must match that of NUM_RESERVED_GATES. This issue needs to be reconciled
// simultaneously here and in the other split composers.
static constexpr size_t NUM_RANDOMIZED_GATES = 4; // equal to the number of multilinear evaluations leaked
static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of multilinear evaluations leaked
static constexpr size_t program_width = CircuitConstructor::program_width;
std::shared_ptr<plonk::proving_key> circuit_proving_key;
std::shared_ptr<plonk::verification_key> circuit_verification_key;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#pragma once
#include "barretenberg/plonk/composer/composer_base.hpp"
#include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp"
#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
#include "barretenberg/plonk/proof_system/prover/prover.hpp"
#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp"
#include "barretenberg/proof_system/types/merkle_hash_type.hpp"
Expand Down Expand Up @@ -311,7 +311,7 @@ class UltraPlonkComposer {
std::vector<uint32_t> decompose_into_default_range(
const uint32_t variable_index,
const uint64_t num_bits,
const uint64_t target_range_bitnum = DEFAULT_PLOOKUP_RANGE_BITNUM,
const uint64_t target_range_bitnum = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM,
std::string const& msg = "decompose_into_default_range")
{
return circuit_constructor.decompose_into_default_range(variable_index, num_bits, target_range_bitnum, msg);
Expand Down Expand Up @@ -370,17 +370,19 @@ class UltraPlonkComposer {
// /**
// * Non Native Field Arithmetic
// **/
void range_constrain_two_limbs(const uint32_t lo_idx,
const uint32_t hi_idx,
const size_t lo_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
const size_t hi_limb_bits = DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
void range_constrain_two_limbs(
const uint32_t lo_idx,
const uint32_t hi_idx,
const size_t lo_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS,
const size_t hi_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)
{
circuit_constructor.range_constrain_two_limbs(lo_idx, hi_idx, lo_limb_bits, hi_limb_bits);
};
// std::array<uint32_t, 2> decompose_non_native_field_double_width_limb(
// const uint32_t limb_idx, const size_t num_limb_bits = (2 * DEFAULT_NON_NATIVE_FIELD_LIMB_BITS));
std::array<uint32_t, 2> queue_non_native_field_multiplication(
const non_native_field_witnesses& input, const bool range_constrain_quotient_and_remainder = true)
const UltraCircuitConstructor::non_native_field_witnesses& input,
const bool range_constrain_quotient_and_remainder = true)
{
return circuit_constructor.queue_non_native_field_multiplication(input, range_constrain_quotient_and_remainder);
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -780,7 +780,7 @@ TEST(ultra_plonk_composer_splitting_tmp, non_native_field_multiplication)
const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q)));
const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r)));

non_native_field_witnesses inputs{
UltraCircuitConstructor::non_native_field_witnesses inputs{
a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)),
};
const auto [lo_1_idx, hi_1_idx] = composer.queue_non_native_field_multiplication(inputs);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
#include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp"
#include "barretenberg/srs/reference_string/file_reference_string.hpp"

#include "plookup_tables/types.hpp"
#include "plookup_tables/plookup_tables.hpp"
#include "plookup_tables/aes128.hpp"
#include "plookup_tables/sha256.hpp"
#include "barretenberg/proof_system/plookup_tables/types.hpp"
#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
#include "barretenberg/proof_system/plookup_tables/aes128.hpp"
#include "barretenberg/proof_system/plookup_tables/sha256.hpp"

#ifndef NO_TBB
#include <tbb/atomic.h>
Expand Down Expand Up @@ -1845,6 +1845,7 @@ std::array<uint32_t, 2> UltraComposer::decompose_non_native_field_double_width_l
const uint256_t value = get_variable(limb_idx);
const uint256_t low = value & LIMB_MASK;
const uint256_t hi = value >> DEFAULT_NON_NATIVE_FIELD_LIMB_BITS;
// WTF(kesha): What is this supposed to do? Unless uint256_t has failed, this should always work
ASSERT(low + (hi << DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) == value);

const uint32_t low_idx = add_variable(low);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
#include "composer_base.hpp"
#include "barretenberg/proof_system/types/merkle_hash_type.hpp"
#include "barretenberg/proof_system/types/pedersen_commitment_type.hpp"
#include "plookup_tables/plookup_tables.hpp"
#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp"
#include <optional>

namespace proof_system::plonk {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#include "barretenberg/numeric/bitop/get_msb.hpp"
#include "barretenberg/numeric/uintx/uintx.hpp"
#include "../proof_system/widgets/random_widgets/plookup_widget.hpp"
#include "./plookup_tables/sha256.hpp"
#include "barretenberg/proof_system/plookup_tables/sha256.hpp"

using namespace barretenberg;
using namespace proof_system;
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
barretenberg_module(proof_system polynomials crypto_generators)
barretenberg_module(proof_system polynomials crypto_generators crypto_pedersen_hash)
Loading

0 comments on commit 113292d

Please sign in to comment.