From 2d8fbd61ff43763ac4ee8be2ea1a7ed9c065c942 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 27 Nov 2023 23:16:20 +0000 Subject: [PATCH] Carryover --- .../commitment_schemes/gemini/gemini.hpp | 6 +- .../commitment_schemes/gemini/gemini.test.cpp | 4 +- .../commitment_schemes/ipa/ipa.hpp | 30 +- .../commitment_schemes/ipa/ipa.test.cpp | 8 +- .../commitment_schemes/kzg/kzg.hpp | 10 +- .../commitment_schemes/kzg/kzg.test.cpp | 8 +- .../commitment_schemes/shplonk/shplonk.hpp | 6 +- .../shplonk/shplonk.test.cpp | 4 +- .../zeromorph/zeromorph.hpp | 27 +- .../zeromorph/zeromorph.test.cpp | 8 +- .../src/barretenberg/eccvm/eccvm_composer.cpp | 5 +- .../src/barretenberg/eccvm/eccvm_composer.hpp | 4 +- .../src/barretenberg/eccvm/eccvm_prover.cpp | 180 +++++- .../src/barretenberg/eccvm/eccvm_prover.hpp | 8 +- .../src/barretenberg/eccvm/eccvm_verifier.cpp | 30 +- .../src/barretenberg/eccvm/eccvm_verifier.hpp | 4 +- .../cpp/src/barretenberg/flavor/ecc_vm.hpp | 549 +++++++++--------- .../barretenberg/flavor/goblin_translator.hpp | 4 +- .../src/barretenberg/flavor/goblin_ultra.hpp | 10 +- .../flavor/goblin_ultra_recursive.hpp | 110 ++-- .../cpp/src/barretenberg/flavor/ultra.hpp | 10 +- .../barretenberg/flavor/ultra_recursive.hpp | 81 ++- .../cpp/src/barretenberg/goblin/goblin.hpp | 91 +++ .../protogalaxy/protogalaxy_prover.hpp | 2 +- .../protogalaxy/protogalaxy_verifier.cpp | 2 +- .../protogalaxy/protogalaxy_verifier.hpp | 2 +- .../recursion/honk/transcript/transcript.hpp | 2 +- .../honk/transcript/transcript.test.cpp | 2 +- .../src/barretenberg/sumcheck/sumcheck.hpp | 29 +- .../barretenberg/transcript/transcript.hpp | 54 +- .../transcript/transcript.test.cpp | 2 +- .../goblin_translator_composer.cpp | 6 +- .../goblin_translator_composer.hpp | 3 +- .../goblin_translator_prover.cpp | 250 +++++++- .../goblin_translator_prover.hpp | 7 +- .../goblin_translator_verifier.cpp | 16 +- .../goblin_translator_verifier.hpp | 2 +- .../barretenberg/ultra_honk/merge_prover.cpp | 36 +- .../barretenberg/ultra_honk/merge_prover.hpp | 4 +- .../ultra_honk/merge_verifier.cpp | 26 +- .../ultra_honk/merge_verifier.hpp | 5 +- .../ultra_honk/ultra_composer.cpp | 10 +- .../ultra_honk/ultra_composer.hpp | 15 +- .../barretenberg/ultra_honk/ultra_prover.cpp | 57 +- .../barretenberg/ultra_honk/ultra_prover.hpp | 10 +- .../ultra_honk/ultra_verifier.cpp | 49 +- .../ultra_honk/ultra_verifier.hpp | 5 +- 47 files changed, 1155 insertions(+), 638 deletions(-) create mode 100644 barretenberg/cpp/src/barretenberg/goblin/goblin.hpp diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index f9c370bf3e7f..de7a4d1eb755 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -142,19 +142,19 @@ template class GeminiVerifier_ { commitments.reserve(num_variables - 1); for (size_t i = 0; i < num_variables - 1; ++i) { auto commitment = - transcript.template receive_from_prover("Gemini:FOLD_" + std::to_string(i + 1)); + transcript->template receive_from_prover("Gemini:FOLD_" + std::to_string(i + 1)); commitments.emplace_back(commitment); } // compute vector of powers of random evaluation point r - const Fr r = transcript.get_challenge("Gemini:r"); + const Fr r = transcript->get_challenge("Gemini:r"); std::vector r_squares = squares_of_r(r, num_variables); // Get evaluations a_i, i = 0,...,m-1 from transcript std::vector evaluations; evaluations.reserve(num_variables); for (size_t i = 0; i < num_variables; ++i) { - auto eval = transcript.template receive_from_prover("Gemini:a_" + std::to_string(i)); + auto eval = transcript->template receive_from_prover("Gemini:a_" + std::to_string(i)); evaluations.emplace_back(eval); } diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp index 203ebb523e21..602cfe2fa786 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp @@ -25,7 +25,7 @@ template class GeminiTest : public CommitmentTest { std::vector multilinear_commitments, std::vector multilinear_commitments_to_be_shifted) { - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); const Fr rho = Fr::random_element(); @@ -79,7 +79,7 @@ template class GeminiTest : public CommitmentTest { // Check that the Fold polynomials have been evaluated correctly in the prover this->verify_batch_opening_pair(prover_output.opening_pairs, prover_output.witnesses); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Compute: // - Single opening pair: {r, \hat{a}_0} diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 7a46a3eb71e4..20f22650acf1 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -35,12 +35,12 @@ template class IPA { static void compute_opening_proof(std::shared_ptr ck, const OpeningPair& opening_pair, const Polynomial& polynomial, - BaseTranscript& transcript) + std::shared_ptr transcript) { ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero"); auto poly_degree = static_cast(polynomial.size()); - transcript.send_to_verifier("IPA:poly_degree", static_cast(poly_degree)); - Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge"); + transcript->send_to_verifier("IPA:poly_degree", static_cast(poly_degree)); + const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge"); auto aux_generator = Commitment::one() * generator_challenge; // Checks poly_degree is greater than zero and a power of two @@ -96,11 +96,11 @@ template class IPA { R_elements[i] += aux_generator * inner_prod_R; std::string index = std::to_string(i); - transcript.send_to_verifier("IPA:L_" + index, Commitment(L_elements[i])); - transcript.send_to_verifier("IPA:R_" + index, Commitment(R_elements[i])); + transcript->send_to_verifier("IPA:L_" + index, Commitment(L_elements[i])); + transcript->send_to_verifier("IPA:R_" + index, Commitment(R_elements[i])); // Generate the round challenge. - const Fr round_challenge = transcript.get_challenge("IPA:round_challenge_" + index); + const Fr round_challenge = transcript->get_challenge("IPA:round_challenge_" + index); const Fr round_challenge_inv = round_challenge.invert(); std::vector G_lo(G_vec_local.begin(), G_vec_local.begin() + static_cast(round_size)); @@ -122,7 +122,7 @@ template class IPA { } } - transcript.send_to_verifier("IPA:a_0", a_vec[0]); + transcript->send_to_verifier("IPA:a_0", a_vec[0]); } /** @@ -134,10 +134,12 @@ template class IPA { * * @return true/false depending on if the proof verifies */ - static bool verify(std::shared_ptr vk, const OpeningClaim& opening_claim, BaseTranscript& transcript) + static bool verify(std::shared_ptr vk, + const OpeningClaim& opening_claim, + std::shared_ptr transcript) { - auto poly_degree = static_cast(transcript.template receive_from_prover("IPA:poly_degree")); - Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge"); + auto poly_degree = static_cast(transcript->template receive_from_prover("IPA:poly_degree")); + const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge"); auto aux_generator = Commitment::one() * generator_challenge; auto log_poly_degree = static_cast(numeric::get_msb(poly_degree)); @@ -153,9 +155,9 @@ template class IPA { std::vector msm_scalars(pippenger_size); for (size_t i = 0; i < log_poly_degree; i++) { std::string index = std::to_string(i); - auto element_L = transcript.template receive_from_prover("IPA:L_" + index); - auto element_R = transcript.template receive_from_prover("IPA:R_" + index); - round_challenges[i] = transcript.get_challenge("IPA:round_challenge_" + index); + auto element_L = transcript->template receive_from_prover("IPA:L_" + index); + auto element_R = transcript->template receive_from_prover("IPA:R_" + index); + round_challenges[i] = transcript->get_challenge("IPA:round_challenge_" + index); round_challenges_inv[i] = round_challenges[i].invert(); msm_elements[2 * i] = element_L; @@ -211,7 +213,7 @@ template class IPA { auto G_zero = barretenberg::scalar_multiplication::pippenger_without_endomorphism_basis_points( &s_vec[0], &G_vec_local[0], poly_degree, vk->pippenger_runtime_state); - auto a_zero = transcript.template receive_from_prover("IPA:a_0"); + auto a_zero = transcript->template receive_from_prover("IPA:a_0"); GroupElement right_hand_side = G_zero * a_zero + aux_generator * a_zero * b_zero; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp index 7527aa2a1eb3..315374defabf 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp @@ -70,11 +70,11 @@ TEST_F(IPATest, Open) const OpeningClaim opening_claim{ opening_pair, commitment }; // initialize empty prover transcript - BaseTranscript prover_transcript; + BaseTranscript prover_transcript; IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript); // initialize verifier transcript from proof data - BaseTranscript verifier_transcript{ prover_transcript.proof_data }; + BaseTranscript verifier_transcript{ prover_transcript.proof_data }; auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript); EXPECT_TRUE(result); @@ -129,7 +129,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift) batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1]; batched_commitment_to_be_shifted = commitment2 * rhos[2]; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); auto gemini_polynomials = GeminiProver::compute_gemini_polynomials( mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted)); @@ -162,7 +162,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift) IPA::compute_opening_proof(this->ck(), shplonk_opening_pair, shplonk_witness, prover_transcript); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); auto gemini_verifier_claim = GeminiVerifier::reduce_verification(mle_opening_point, batched_evaluation, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp index f56018b2963e..42f44a089a1f 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp @@ -31,7 +31,7 @@ template class KZG { static void compute_opening_proof(std::shared_ptr ck, const OpeningPair& opening_pair, const Polynomial& polynomial, - BaseTranscript& prover_trancript) + BaseTranscript& prover_trancript) { Polynomial quotient(polynomial); quotient[0] -= opening_pair.evaluation; @@ -55,9 +55,9 @@ template class KZG { */ static bool verify(std::shared_ptr vk, const OpeningClaim& claim, - BaseTranscript& verifier_transcript) + std::shared_ptr verifier_transcript) { - auto quotient_commitment = verifier_transcript.template receive_from_prover("KZG:W"); + auto quotient_commitment = verifier_transcript->template receive_from_prover("KZG:W"); auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) + (quotient_commitment * claim.opening_pair.challenge); auto rhs = -quotient_commitment; @@ -78,13 +78,13 @@ template class KZG { static std::array compute_pairing_points(const OpeningClaim& claim, auto& verifier_transcript) { - auto quotient_commitment = verifier_transcript.template receive_from_prover("KZG:W"); + auto quotient_commitment = verifier_transcript->template receive_from_prover("KZG:W"); GroupElement P_0; // Note: In the recursive setting, we only add the contribution if it is not the point at infinity (i.e. if the // evaluation is not equal to zero). if constexpr (Curve::is_stdlib_type) { - auto builder = verifier_transcript.builder; + auto builder = verifier_transcript->builder; auto one = Fr(builder, 1); std::vector commitments = { claim.commitment, quotient_commitment }; std::vector scalars = { one, claim.opening_pair.challenge }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp index 9334ddaf4821..f2f9f569b06a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp @@ -39,11 +39,11 @@ TYPED_TEST(KZGTest, single) auto opening_pair = OpeningPair{ challenge, evaluation }; auto opening_claim = OpeningClaim{ opening_pair, commitment }; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); KZG::compute_opening_proof(this->ck(), opening_pair, witness, prover_transcript); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); bool verified = KZG::verify(this->vk(), opening_claim, verifier_transcript); EXPECT_EQ(verified, true); @@ -109,7 +109,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift) batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1]; batched_commitment_to_be_shifted = commitment2 * rhos[2]; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); // Run the full prover PCS protocol: @@ -154,7 +154,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift) // Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation) - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Gemini verifier output: // - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1 diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp index 06b258644ac1..e4cb18795a4c 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp @@ -168,11 +168,11 @@ template class ShplonkVerifier_ { const size_t num_claims = claims.size(); - const Fr nu = transcript.get_challenge("Shplonk:nu"); + const Fr nu = transcript->get_challenge("Shplonk:nu"); - auto Q_commitment = transcript.template receive_from_prover("Shplonk:Q"); + auto Q_commitment = transcript->template receive_from_prover("Shplonk:Q"); - const Fr z_challenge = transcript.get_challenge("Shplonk:z"); + const Fr z_challenge = transcript->get_challenge("Shplonk:z"); // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1] // = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )] diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp index 74cd152c21af..15cb7605b35a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp @@ -28,7 +28,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple) const size_t n = 16; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); // Generate two random (unrelated) polynomials of two different sizes, as well as their evaluations at a (single but // different) random point and their commitments. @@ -64,7 +64,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple) opening_claims.emplace_back(OpeningClaim{ opening_pairs[0], commitment1 }); opening_claims.emplace_back(OpeningClaim{ opening_pairs[1], commitment2 }); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Execute the shplonk verifier functionality const auto verifier_claim = ShplonkVerifier::reduce_verification(this->vk(), opening_claims, verifier_transcript); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp index 1cd359ebe69a..dea33318ca90 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp @@ -324,7 +324,7 @@ template class ZeroMorphProver_ { const std::vector>>& concatenation_groups = {}) { // Generate batching challenge \rho and powers 1,...,\rho^{m-1} - FF rho = transcript.get_challenge("rho"); + const FF rho = transcript->get_challenge("rho"); // Extract multilinear challenge u and claimed multilinear evaluations from Sumcheck output std::span u_challenge = multilinear_challenge; @@ -390,21 +390,21 @@ template class ZeroMorphProver_ { for (size_t idx = 0; idx < log_N; ++idx) { q_k_commitments[idx] = commitment_key->commit(quotients[idx]); std::string label = "ZM:C_q_" + std::to_string(idx); - transcript.send_to_verifier(label, q_k_commitments[idx]); + transcript->send_to_verifier(label, q_k_commitments[idx]); } // Get challenge y - auto y_challenge = transcript.get_challenge("ZM:y"); + FF y_challenge = transcript->get_challenge("ZM:y"); // Compute the batched, lifted-degree quotient \hat{q} auto batched_quotient = compute_batched_lifted_degree_quotient(quotients, y_challenge, N); // Compute and send the commitment C_q = [\hat{q}] auto q_commitment = commitment_key->commit(batched_quotient); - transcript.send_to_verifier("ZM:C_q", q_commitment); + transcript->send_to_verifier("ZM:C_q", q_commitment); // Get challenges x and z - auto [x_challenge, z_challenge] = transcript.get_challenges("ZM:x", "ZM:z"); + auto [x_challenge, z_challenge] = transcript->get_challenges("ZM:x", "ZM:z"); // Compute degree check polynomial \zeta partially evaluated at x auto zeta_x = @@ -425,7 +425,7 @@ template class ZeroMorphProver_ { // Compute and send proof commitment pi auto pi_commitment = commitment_key->commit(pi_polynomial); - transcript.send_to_verifier("ZM:PI", pi_commitment); + transcript->send_to_verifier("ZM:PI", pi_commitment); } }; @@ -641,7 +641,7 @@ template class ZeroMorphVerifier_ { const std::vector& concatenated_evaluations = {}) { size_t log_N = multivariate_challenge.size(); - FF rho = transcript.get_challenge("rho"); + FF rho = transcript->get_challenge("rho"); // Construct batched evaluation v = sum_{i=0}^{m-1}\rho^i*f_i(u) + sum_{i=0}^{l-1}\rho^{m+i}*h_i(u) FF batched_evaluation = FF(0); @@ -663,18 +663,19 @@ template class ZeroMorphVerifier_ { std::vector C_q_k; C_q_k.reserve(log_N); for (size_t i = 0; i < log_N; ++i) { - C_q_k.emplace_back(transcript.template receive_from_prover("ZM:C_q_" + std::to_string(i))); + C_q_k.emplace_back(transcript->template receive_from_prover("ZM:C_q_" + std::to_string(i))); } // Challenge y - auto y_challenge = transcript.get_challenge("ZM:y"); + FF y_challenge = transcript->get_challenge("ZM:y"); // Receive commitment C_{q} - auto C_q = transcript.template receive_from_prover("ZM:C_q"); + auto C_q = transcript->template receive_from_prover("ZM:C_q"); // Challenges x, z - auto [x_challenge, z_challenge] = transcript.get_challenges("ZM:x", "ZM:z"); - + auto challenges = transcript->get_challenges("ZM:x", "ZM:z"); + FF x_challenge = challenges[0]; + FF z_challenge = challenges[1]; // Compute commitment C_{\zeta_x} auto C_zeta_x = compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge); @@ -692,7 +693,7 @@ template class ZeroMorphVerifier_ { auto C_zeta_Z = C_zeta_x + C_Z_x * z_challenge; // Receive proof commitment \pi - auto C_pi = transcript.template receive_from_prover("ZM:PI"); + auto C_pi = transcript->template receive_from_prover("ZM:PI"); // Construct inputs and perform pairing check to verify claimed evaluation // Note: The pairing check (without the degree check component X^{N_max-N-1}) can be expressed naturally as diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp index 30876c73e506..70324b3303c7 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp @@ -77,7 +77,7 @@ template class ZeroMorphTest : public CommitmentTest { } // Initialize an empty BaseTranscript - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); // Execute Prover protocol ZeroMorphProver::prove(f_polynomials, @@ -88,7 +88,7 @@ template class ZeroMorphTest : public CommitmentTest { this->commitment_key, prover_transcript); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Execute Verifier protocol auto pairing_points = ZeroMorphVerifier::verify( @@ -223,7 +223,7 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT } // Initialize an empty BaseTranscript - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); std::vector> concatenated_polynomials_views; for (auto& poly : concatenated_polynomials) { @@ -248,7 +248,7 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT c_evaluations, concatenation_groups_views); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Execute Verifier protocol auto pairing_points = ZeroMorphVerifier::verify(f_commitments, // unshifted diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp index d79ce9f310e7..6dbd785584fc 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp @@ -27,13 +27,14 @@ template void ECCVMComposer_::compute_witness(Circu } template -ECCVMProver_ ECCVMComposer_::create_prover(CircuitConstructor& circuit_constructor) +ECCVMProver_ ECCVMComposer_::create_prover(CircuitConstructor& circuit_constructor, + std::shared_ptr transcript) { compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); compute_commitment_key(proving_key->circuit_size); - ECCVMProver_ output_state(proving_key, commitment_key); + ECCVMProver_ output_state(proving_key, commitment_key, transcript); return output_state; } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp index a92f06bef5c2..c575a5de50e2 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp @@ -10,6 +10,7 @@ namespace proof_system::honk { template class ECCVMComposer_ { public: + using FF = typename Flavor::FF; using CircuitConstructor = ECCVMCircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; @@ -59,7 +60,8 @@ template class ECCVMComposer_ { void compute_witness(CircuitConstructor& circuit_constructor); - ECCVMProver_ create_prover(CircuitConstructor& circuit_constructor); + ECCVMProver_ create_prover(CircuitConstructor& circuit_constructor, + std::shared_ptr transcript); ECCVMVerifier_ create_verifier(CircuitConstructor& circuit_constructor); void add_table_column_selector_poly_to_proving_key(barretenberg::polynomial& small, const std::string& tag); diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index d757c37c5eda..77610a09f0f9 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -23,7 +23,135 @@ namespace proof_system::honk { template ECCVMProver_::ECCVMProver_(std::shared_ptr input_key, std::shared_ptr commitment_key) - : key(input_key) + : transcript(std::make_shared()) + , key(input_key) + , commitment_key(commitment_key) +{ + + // TODO(@zac-williamson) Future work; is there a cleaner way of doing this? #2213 + prover_polynomials.transcript_add = key->transcript_add; + prover_polynomials.transcript_mul = key->transcript_mul; + prover_polynomials.transcript_eq = key->transcript_eq; + prover_polynomials.transcript_collision_check = key->transcript_collision_check; + prover_polynomials.transcript_msm_transition = key->transcript_msm_transition; + prover_polynomials.transcript_pc = key->transcript_pc; + prover_polynomials.transcript_msm_count = key->transcript_msm_count; + prover_polynomials.transcript_Px = key->transcript_Px; + prover_polynomials.transcript_Py = key->transcript_Py; + prover_polynomials.transcript_z1 = key->transcript_z1; + prover_polynomials.transcript_z2 = key->transcript_z2; + prover_polynomials.transcript_z1zero = key->transcript_z1zero; + prover_polynomials.transcript_z2zero = key->transcript_z2zero; + prover_polynomials.transcript_op = key->transcript_op; + prover_polynomials.transcript_accumulator_x = key->transcript_accumulator_x; + prover_polynomials.transcript_accumulator_y = key->transcript_accumulator_y; + prover_polynomials.transcript_msm_x = key->transcript_msm_x; + prover_polynomials.transcript_msm_y = key->transcript_msm_y; + prover_polynomials.precompute_pc = key->precompute_pc; + prover_polynomials.precompute_point_transition = key->precompute_point_transition; + prover_polynomials.precompute_round = key->precompute_round; + prover_polynomials.precompute_scalar_sum = key->precompute_scalar_sum; + prover_polynomials.precompute_s1hi = key->precompute_s1hi; + prover_polynomials.precompute_s1lo = key->precompute_s1lo; + prover_polynomials.precompute_s2hi = key->precompute_s2hi; + prover_polynomials.precompute_s2lo = key->precompute_s2lo; + prover_polynomials.precompute_s3hi = key->precompute_s3hi; + prover_polynomials.precompute_s3lo = key->precompute_s3lo; + prover_polynomials.precompute_s4hi = key->precompute_s4hi; + prover_polynomials.precompute_s4lo = key->precompute_s4lo; + prover_polynomials.precompute_skew = key->precompute_skew; + prover_polynomials.precompute_dx = key->precompute_dx; + prover_polynomials.precompute_dy = key->precompute_dy; + prover_polynomials.precompute_tx = key->precompute_tx; + prover_polynomials.precompute_ty = key->precompute_ty; + prover_polynomials.msm_transition = key->msm_transition; + prover_polynomials.msm_add = key->msm_add; + prover_polynomials.msm_double = key->msm_double; + prover_polynomials.msm_skew = key->msm_skew; + prover_polynomials.msm_accumulator_x = key->msm_accumulator_x; + prover_polynomials.msm_accumulator_y = key->msm_accumulator_y; + prover_polynomials.msm_pc = key->msm_pc; + prover_polynomials.msm_size_of_msm = key->msm_size_of_msm; + prover_polynomials.msm_count = key->msm_count; + prover_polynomials.msm_round = key->msm_round; + prover_polynomials.msm_add1 = key->msm_add1; + prover_polynomials.msm_add2 = key->msm_add2; + prover_polynomials.msm_add3 = key->msm_add3; + prover_polynomials.msm_add4 = key->msm_add4; + prover_polynomials.msm_x1 = key->msm_x1; + prover_polynomials.msm_y1 = key->msm_y1; + prover_polynomials.msm_x2 = key->msm_x2; + prover_polynomials.msm_y2 = key->msm_y2; + prover_polynomials.msm_x3 = key->msm_x3; + prover_polynomials.msm_y3 = key->msm_y3; + prover_polynomials.msm_x4 = key->msm_x4; + prover_polynomials.msm_y4 = key->msm_y4; + prover_polynomials.msm_collision_x1 = key->msm_collision_x1; + prover_polynomials.msm_collision_x2 = key->msm_collision_x2; + prover_polynomials.msm_collision_x3 = key->msm_collision_x3; + prover_polynomials.msm_collision_x4 = key->msm_collision_x4; + prover_polynomials.msm_lambda1 = key->msm_lambda1; + prover_polynomials.msm_lambda2 = key->msm_lambda2; + prover_polynomials.msm_lambda3 = key->msm_lambda3; + prover_polynomials.msm_lambda4 = key->msm_lambda4; + prover_polynomials.msm_slice1 = key->msm_slice1; + prover_polynomials.msm_slice2 = key->msm_slice2; + prover_polynomials.msm_slice3 = key->msm_slice3; + prover_polynomials.msm_slice4 = key->msm_slice4; + prover_polynomials.transcript_accumulator_empty = key->transcript_accumulator_empty; + prover_polynomials.transcript_reset_accumulator = key->transcript_reset_accumulator; + prover_polynomials.precompute_select = key->precompute_select; + prover_polynomials.lookup_read_counts_0 = key->lookup_read_counts_0; + prover_polynomials.lookup_read_counts_1 = key->lookup_read_counts_1; + prover_polynomials.transcript_mul_shift = key->transcript_mul.shifted(); + prover_polynomials.transcript_msm_count_shift = key->transcript_msm_count.shifted(); + prover_polynomials.transcript_accumulator_x_shift = key->transcript_accumulator_x.shifted(); + prover_polynomials.transcript_accumulator_y_shift = key->transcript_accumulator_y.shifted(); + prover_polynomials.precompute_scalar_sum_shift = key->precompute_scalar_sum.shifted(); + prover_polynomials.precompute_s1hi_shift = key->precompute_s1hi.shifted(); + prover_polynomials.precompute_dx_shift = key->precompute_dx.shifted(); + prover_polynomials.precompute_dy_shift = key->precompute_dy.shifted(); + prover_polynomials.precompute_tx_shift = key->precompute_tx.shifted(); + prover_polynomials.precompute_ty_shift = key->precompute_ty.shifted(); + prover_polynomials.msm_transition_shift = key->msm_transition.shifted(); + prover_polynomials.msm_add_shift = key->msm_add.shifted(); + prover_polynomials.msm_double_shift = key->msm_double.shifted(); + prover_polynomials.msm_skew_shift = key->msm_skew.shifted(); + prover_polynomials.msm_accumulator_x_shift = key->msm_accumulator_x.shifted(); + prover_polynomials.msm_accumulator_y_shift = key->msm_accumulator_y.shifted(); + prover_polynomials.msm_count_shift = key->msm_count.shifted(); + prover_polynomials.msm_round_shift = key->msm_round.shifted(); + prover_polynomials.msm_add1_shift = key->msm_add1.shifted(); + prover_polynomials.msm_pc_shift = key->msm_pc.shifted(); + prover_polynomials.precompute_pc_shift = key->precompute_pc.shifted(); + prover_polynomials.transcript_pc_shift = key->transcript_pc.shifted(); + prover_polynomials.precompute_round_shift = key->precompute_round.shifted(); + prover_polynomials.transcript_accumulator_empty_shift = key->transcript_accumulator_empty.shifted(); + prover_polynomials.precompute_select_shift = key->precompute_select.shifted(); + prover_polynomials.lagrange_first = key->lagrange_first; + prover_polynomials.lagrange_second = key->lagrange_second; + prover_polynomials.lagrange_last = key->lagrange_last; + + prover_polynomials.lookup_inverses = key->lookup_inverses; + key->z_perm = Polynomial(key->circuit_size); + prover_polynomials.z_perm = key->z_perm; + prover_polynomials.z_perm_shift = key->z_perm; // this will be initialized properly later +} + +/** + * Create ECCVMProver_ from proving key, witness and manifest. + * + * @param input_key Proving key. + * @param input_manifest Input manifest + * + * @tparam settings Settings class. + * */ +template +ECCVMProver_::ECCVMProver_(std::shared_ptr input_key, + std::shared_ptr commitment_key, + std::shared_ptr transcript) + : transcript(transcript) + , key(input_key) , commitment_key(commitment_key) { @@ -145,7 +273,7 @@ template void ECCVMProver_::execute_preamble_round( { const auto circuit_size = static_cast(key->circuit_size); - transcript.send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("circuit_size", circuit_size); } /** @@ -157,7 +285,7 @@ template void ECCVMProver_::execute_wire_commitment auto wire_polys = key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } } @@ -168,7 +296,9 @@ template void ECCVMProver_::execute_wire_commitment template void ECCVMProver_::execute_log_derivative_commitments_round() { // Compute and add beta to relation parameters - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto challenges = transcript->get_challenges("beta", "gamma"); + FF beta = challenges[0]; + FF gamma = challenges[1]; // TODO(#583)(@zac-williamson): fix Transcript to be able to generate more than 2 challenges per round! oof. auto beta_sqr = beta * beta; relation_parameters.gamma = gamma; @@ -181,7 +311,7 @@ template void ECCVMProver_::execute_log_derivative_ // Compute inverse polynomial for our logarithmic-derivative lookup method lookup_library::compute_logderivative_inverse( prover_polynomials, relation_parameters, key->circuit_size); - transcript.send_to_verifier(commitment_labels.lookup_inverses, commitment_key->commit(key->lookup_inverses)); + transcript->send_to_verifier(commitment_labels.lookup_inverses, commitment_key->commit(key->lookup_inverses)); prover_polynomials.lookup_inverses = key->lookup_inverses; } @@ -194,7 +324,7 @@ template void ECCVMProver_::execute_grand_product_c // Compute permutation grand product and their commitments permutation_library::compute_permutation_grand_products(key, prover_polynomials, relation_parameters); - transcript.send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); + transcript->send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); } /** @@ -206,7 +336,7 @@ template void ECCVMProver_::execute_relation_check_ using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(key->circuit_size, transcript); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } @@ -220,7 +350,7 @@ template void ECCVMProver_::execute_univariatizatio const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ - FF rho = transcript.get_challenge("rho"); + FF rho = transcript->get_challenge("rho"); std::vector rhos = pcs::gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ @@ -243,8 +373,8 @@ template void ECCVMProver_::execute_univariatizatio // Compute and add to trasnscript the commitments [Fold^(i)], i = 1, ..., d-1 for (size_t l = 0; l < key->log_circuit_size - 1; ++l) { - transcript.send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), - commitment_key->commit(gemini_polynomials[l + 2])); + transcript->send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), + commitment_key->commit(gemini_polynomials[l + 2])); } } @@ -256,14 +386,14 @@ template void ECCVMProver_::execute_univariatizatio * */ template void ECCVMProver_::execute_pcs_evaluation_round() { - const FF r_challenge = transcript.get_challenge("Gemini:r"); + const FF r_challenge = transcript->get_challenge("Gemini:r"); gemini_output = Gemini::compute_fold_polynomial_evaluations( sumcheck_output.challenge, std::move(gemini_polynomials), r_challenge); for (size_t l = 0; l < key->log_circuit_size; ++l) { std::string label = "Gemini:a_" + std::to_string(l); const auto& evaluation = gemini_output.opening_pairs[l + 1].evaluation; - transcript.send_to_verifier(label, evaluation); + transcript->send_to_verifier(label, evaluation); } } @@ -273,13 +403,13 @@ template void ECCVMProver_::execute_pcs_evaluation_ * */ template void ECCVMProver_::execute_shplonk_batched_quotient_round() { - nu_challenge = transcript.get_challenge("Shplonk:nu"); + nu_challenge = transcript->get_challenge("Shplonk:nu"); batched_quotient_Q = Shplonk::compute_batched_quotient(gemini_output.opening_pairs, gemini_output.witnesses, nu_challenge); // commit to Q(X) and add [Q] to the transcript - transcript.send_to_verifier("Shplonk:Q", commitment_key->commit(batched_quotient_Q)); + transcript->send_to_verifier("Shplonk:Q", commitment_key->commit(batched_quotient_Q)); } /** @@ -288,7 +418,7 @@ template void ECCVMProver_::execute_shplonk_batched * */ template void ECCVMProver_::execute_shplonk_partial_evaluation_round() { - const FF z_challenge = transcript.get_challenge("Shplonk:z"); + const FF z_challenge = transcript->get_challenge("Shplonk:z"); shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient( gemini_output.opening_pairs, gemini_output.witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); @@ -317,10 +447,10 @@ template void ECCVMProver_::execute_transcript_cons for (size_t idx = 0; idx < key->circuit_size; idx++) { hack[idx] = 1; } - transcript.send_to_verifier("Translation:hack_commitment", commitment_key->commit(hack)); + transcript->send_to_verifier("Translation:hack_commitment", commitment_key->commit(hack)); // Get the challenge at which we evaluate the polynomials as univariates - evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); + evaluation_challenge_x = transcript->get_challenge("Translation:evaluation_challenge_x"); translation_evaluations.op = key->transcript_op.evaluate(evaluation_challenge_x); translation_evaluations.Px = key->transcript_Px.evaluate(evaluation_challenge_x); @@ -329,15 +459,15 @@ template void ECCVMProver_::execute_transcript_cons translation_evaluations.z2 = key->transcript_z2.evaluate(evaluation_challenge_x); // Add the univariate evaluations to the transcript - transcript.send_to_verifier("Translation:op", translation_evaluations.op); - transcript.send_to_verifier("Translation:Px", translation_evaluations.Px); - transcript.send_to_verifier("Translation:Py", translation_evaluations.Py); - transcript.send_to_verifier("Translation:z1", translation_evaluations.z1); - transcript.send_to_verifier("Translation:z2", translation_evaluations.z2); - transcript.send_to_verifier("Translation:hack_evaluation", hack.evaluate(evaluation_challenge_x)); + transcript->send_to_verifier("Translation:op", translation_evaluations.op); + transcript->send_to_verifier("Translation:Px", translation_evaluations.Px); + transcript->send_to_verifier("Translation:Py", translation_evaluations.Py); + transcript->send_to_verifier("Translation:z1", translation_evaluations.z1); + transcript->send_to_verifier("Translation:z2", translation_evaluations.z2); + transcript->send_to_verifier("Translation:hack_evaluation", hack.evaluate(evaluation_challenge_x)); // Get another challenge for batching the univariate claims - FF batching_challenge = transcript.get_challenge("Translation:batching_challenge"); + FF batching_challenge = transcript->get_challenge("Translation:batching_challenge"); // Collect the polynomials and evaluations to be batched const size_t NUM_UNIVARIATES = 6; // 5 transcript polynomials plus the constant hack poly @@ -363,7 +493,7 @@ template void ECCVMProver_::execute_transcript_cons template plonk::proof& ECCVMProver_::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 3cd07fb94142..54d4209e71cb 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -22,11 +22,15 @@ template class ECCVMProver_ { using ProverPolynomials = typename Flavor::ProverPolynomials; using CommitmentLabels = typename Flavor::CommitmentLabels; using Curve = typename Flavor::Curve; - using Transcript = typename Flavor::Transcript; + using Transcript = BaseTranscript; + // using Transcript = typename Flavor::Transcript; using TranslationEvaluations = barretenberg::TranslationEvaluations; public: explicit ECCVMProver_(std::shared_ptr input_key, std::shared_ptr commitment_key); + explicit ECCVMProver_(std::shared_ptr input_key, + std::shared_ptr commitment_key, + std::shared_ptr); void execute_preamble_round(); void execute_wire_commitments_round(); @@ -43,7 +47,7 @@ template class ECCVMProver_ { plonk::proof& export_proof(); plonk::proof& construct_proof(); - Transcript transcript; + std::shared_ptr transcript; TranslationEvaluations translation_evaluations; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp index 01aea6e673af..a179949a70de 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp @@ -49,12 +49,12 @@ template bool ECCVMVerifier_::verify_proof(const plonk RelationParameters relation_parameters; - transcript = Transcript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); auto commitments = VerifierCommitments(key, transcript); auto commitment_labels = CommitmentLabels(); - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); if (circuit_size != key->circuit_size) { return false; @@ -62,7 +62,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk // Utility for extracting commitments from transcript const auto receive_commitment = [&](const std::string& label) { - return transcript.template receive_from_prover(label); + return transcript->template receive_from_prover(label); }; // Get commitments to VM wires @@ -142,7 +142,9 @@ template bool ECCVMVerifier_::verify_proof(const plonk commitments.lookup_read_counts_1 = receive_commitment(commitment_labels.lookup_read_counts_1); // Get challenge for sorted list batching and wire four memory records - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto challenges = transcript->get_challenges("beta", "gamma"); + FF beta = challenges[0]; + FF gamma = challenges[1]; relation_parameters.gamma = gamma; auto beta_sqr = beta * beta; relation_parameters.beta = beta; @@ -158,7 +160,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, purported_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); @@ -176,7 +178,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk auto batched_commitment_to_be_shifted = GroupElement::zero(); const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; // Compute powers of batching challenge rho - FF rho = transcript.get_challenge("rho"); + FF rho = transcript->get_challenge("rho"); std::vector rhos = pcs::gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Compute batched multivariate evaluation @@ -235,7 +237,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk { auto hack_commitment = receive_commitment("Translation:hack_commitment"); - FF evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); + FF evaluation_challenge_x = transcript->get_challenge("Translation:evaluation_challenge_x"); // Construct arrays of commitments and evaluations to be batched const size_t NUM_UNIVARIATES = 6; @@ -244,15 +246,15 @@ template bool ECCVMVerifier_::verify_proof(const plonk commitments.transcript_z1, commitments.transcript_z2, hack_commitment }; std::array transcript_evaluations = { - transcript.template receive_from_prover("Translation:op"), - transcript.template receive_from_prover("Translation:Px"), - transcript.template receive_from_prover("Translation:Py"), - transcript.template receive_from_prover("Translation:z1"), - transcript.template receive_from_prover("Translation:z2"), - transcript.template receive_from_prover("Translation:hack_evaluation") + transcript->template receive_from_prover("Translation:op"), + transcript->template receive_from_prover("Translation:Px"), + transcript->template receive_from_prover("Translation:Py"), + transcript->template receive_from_prover("Translation:z1"), + transcript->template receive_from_prover("Translation:z2"), + transcript->template receive_from_prover("Translation:hack_evaluation") }; - FF batching_challenge = transcript.get_challenge("Translation:batching_challenge"); + FF batching_challenge = transcript->get_challenge("Translation:batching_challenge"); // Constuct batched commitment and batched evaluation auto batched_commitment = transcript_commitments[0]; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp index 4e8b32b84dab..0048fcf4511a 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp @@ -17,7 +17,7 @@ template class ECCVMVerifier_ { std::map commitments, std::map pcs_fr_elements, std::shared_ptr pcs_verification_key, - Transcript& transcript) + std::shared_ptr transcript) : key(std::move(key)) , commitments(std::move(commitments)) , pcs_fr_elements(std::move(pcs_fr_elements)) @@ -36,7 +36,7 @@ template class ECCVMVerifier_ { std::map commitments; std::map pcs_fr_elements; std::shared_ptr pcs_verification_key; - Transcript transcript; + std::shared_ptr transcript; }; extern template class ECCVMVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp b/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp index 0f1049f109fe..93df5c8d294d 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp @@ -1005,7 +1005,7 @@ template class ECCVMBa public: VerifierCommitments(const std::shared_ptr& verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const std::shared_ptr transcript) { static_cast(transcript); Base::lagrange_first = verification_key->lagrange_first; @@ -1018,7 +1018,7 @@ template class ECCVMBa * @brief Derived class that defines proof structure for ECCVM proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: uint32_t circuit_size; Commitment transcript_add_comm; @@ -1112,323 +1112,312 @@ template class ECCVMBa Transcript() = default; Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} - void deserialize_full_transcript() override + void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; - circuit_size = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + circuit_size = + BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - transcript_add_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_mul_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_eq_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_collision_check_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_transition_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_pc_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_count_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_Px_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_Py_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z1zero_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z2zero_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_op_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_x_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_y_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_pc_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_point_transition_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_round_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_scalar_sum_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s1hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s1lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s2hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s2lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s3hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s3lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s4hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s4lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_skew_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_dx_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_dy_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_tx_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_ty_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_transition_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_double_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_skew_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_pc_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_size_of_msm_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_count_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_round_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_accumulator_empty_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_reset_accumulator_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_select_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - lookup_read_counts_0_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - lookup_read_counts_1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - lookup_inverses_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + transcript_add_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_mul_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_eq_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_collision_check_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_transition_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_pc_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_count_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_Px_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_Py_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z1_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z2_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z1zero_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z2zero_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_op_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_x_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_y_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_pc_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_point_transition_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_round_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_scalar_sum_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s1hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s1lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s2hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s2lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s3hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s3lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s4hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s4lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_skew_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_dx_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_dy_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_tx_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_ty_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_transition_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_add_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_double_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_skew_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_pc_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_size_of_msm_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_count_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_round_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_collision_x1_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_collision_x2_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_collision_x3_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_collision_x4_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_lambda1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_lambda2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_lambda3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_lambda4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + transcript_accumulator_empty_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_reset_accumulator_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_select_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + lookup_read_counts_0_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + lookup_read_counts_1_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + lookup_inverses_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + z_perm_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); for (size_t i = 0; i < log_n; ++i) { - sumcheck_univariates.emplace_back(BaseTranscript::template deserialize_from_buffer< + sumcheck_univariates.emplace_back(BaseTranscript::template deserialize_from_buffer< barretenberg::Univariate>( - BaseTranscript::proof_data, num_bytes_read)); + BaseTranscript::proof_data, num_bytes_read)); } - sumcheck_evaluations = - BaseTranscript::template deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read); + sumcheck_evaluations = BaseTranscript::template deserialize_from_buffer>( + BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n - 1; ++i) { - gemini_univariate_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); + gemini_univariate_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read)); } for (size_t i = 0; i < log_n; ++i) { - gemini_a_evals.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); + gemini_a_evals.emplace_back( + BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - shplonk_q_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + shplonk_q_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); if (std::is_same>::value) { - kzg_w_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + kzg_w_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); } else if (std::is_same>::value) { - ipa_poly_degree = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + ipa_poly_degree = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); auto log_poly_degree = static_cast(numeric::get_msb(ipa_poly_degree)); for (size_t i = 0; i < log_poly_degree; ++i) { - ipa_l_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); - ipa_r_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); + ipa_l_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read)); + ipa_r_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read)); } - ipa_a_0_eval = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, - num_bytes_read); + ipa_a_0_eval = + BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); } else { throw_or_abort("Unsupported PCS"); } } - void serialize_full_transcript() override + void serialize_full_transcript() { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); + size_t old_proof_length = BaseTranscript::proof_data.size(); + BaseTranscript::proof_data.clear(); size_t log_n = numeric::get_msb(circuit_size); - BaseTranscript::template serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_add_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_mul_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_eq_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_collision_check_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_transition_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_pc_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_count_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_Px_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_Py_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z1zero_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z2zero_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_op_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_accumulator_x_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_accumulator_y_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_x_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_y_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_pc_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_point_transition_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_round_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_scalar_sum_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s1hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s1lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s2hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s2lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s3hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s3lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s4hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s4lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_skew_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_dx_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_dy_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_tx_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_ty_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_transition_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_double_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_skew_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_accumulator_x_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_accumulator_y_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_pc_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_size_of_msm_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_count_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_round_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_accumulator_empty_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_reset_accumulator_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_select_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(lookup_read_counts_0_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(lookup_read_counts_1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(circuit_size, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_add_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_mul_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_eq_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_collision_check_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_transition_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_pc_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_count_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_Px_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_Py_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z1zero_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z2zero_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_op_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_accumulator_x_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_accumulator_y_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_x_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_y_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_pc_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_point_transition_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_round_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_scalar_sum_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s1hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s1lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s2hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s2lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s3hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s3lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s4hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s4lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_skew_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_dx_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_dy_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_tx_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_ty_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_transition_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_double_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_skew_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_accumulator_x_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_accumulator_y_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_pc_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_size_of_msm_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_count_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_round_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_accumulator_empty_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_reset_accumulator_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_select_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(lookup_read_counts_0_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(lookup_read_counts_1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - BaseTranscript::template serialize_to_buffer(sumcheck_univariates[i], - BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); } - BaseTranscript::template serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); for (size_t i = 0; i < log_n - 1; ++i) { - BaseTranscript::template serialize_to_buffer(gemini_univariate_comms[i], - BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(gemini_univariate_comms[i], BaseTranscript::proof_data); } for (size_t i = 0; i < log_n; ++i) { - BaseTranscript::template serialize_to_buffer(gemini_a_evals[i], BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(gemini_a_evals[i], BaseTranscript::proof_data); } - BaseTranscript::template serialize_to_buffer(shplonk_q_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(shplonk_q_comm, BaseTranscript::proof_data); if (std::is_same>::value) { - BaseTranscript::template serialize_to_buffer(kzg_w_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(kzg_w_comm, BaseTranscript::proof_data); } else if (std::is_same>::value) { - BaseTranscript::template serialize_to_buffer(ipa_poly_degree, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_poly_degree, BaseTranscript::proof_data); auto log_poly_degree = static_cast(numeric::get_msb(ipa_poly_degree)); for (size_t i = 0; i < log_poly_degree; ++i) { - BaseTranscript::template serialize_to_buffer(ipa_l_comms[i], BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(ipa_r_comms[i], BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_l_comms[i], BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_r_comms[i], BaseTranscript::proof_data); } - BaseTranscript::template serialize_to_buffer(ipa_a_0_eval, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_a_0_eval, BaseTranscript::proof_data); } - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); + ASSERT(BaseTranscript::proof_data.size() == old_proof_length); } }; }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index 454bbf85b679..b48f514fc70a 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -1648,7 +1648,7 @@ class GoblinTranslator { class VerifierCommitments : public AllEntities { public: VerifierCommitments([[maybe_unused]] std::shared_ptr verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const std::shared_ptr transcript) { this->lagrange_first = verification_key->lagrange_first; this->lagrange_last = verification_key->lagrange_last; @@ -1661,7 +1661,7 @@ class GoblinTranslator { } }; - using Transcript = BaseTranscript; + using Transcript = BaseTranscript; }; } // namespace proof_system::honk::flavor diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp index 661275243280..d7f654f17448 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp @@ -541,7 +541,7 @@ class GoblinUltra { class VerifierCommitments : public AllEntities { public: VerifierCommitments(std::shared_ptr verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const std::shared_ptr transcript) { static_cast(transcript); q_m = verification_key->q_m; @@ -585,7 +585,7 @@ class GoblinUltra { * @brief Derived class that defines proof structure for GoblinUltra proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: uint32_t circuit_size; uint32_t public_input_size; @@ -614,10 +614,10 @@ class GoblinUltra { Transcript() = default; Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} - void deserialize_full_transcript() override + void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; @@ -657,7 +657,7 @@ class GoblinUltra { zm_pi_comm = deserialize_from_buffer(proof_data, num_bytes_read); } - void serialize_full_transcript() override + void serialize_full_transcript() { size_t old_proof_length = proof_data.size(); proof_data.clear(); diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp index f37d26b3adca..8cbdedca2084 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp @@ -567,7 +567,7 @@ template class GoblinUltraRecursive_ { * functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: uint32_t circuit_size; uint32_t public_input_size; @@ -596,53 +596,51 @@ template class GoblinUltraRecursive_ { Transcript() = default; Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} /** * @brief Takes a FULL GoblinUltraRecursive proof and deserializes it into the public member variables that * compose the structure. Must be called in order to access the structure of the proof. * */ - void deserialize_full_transcript() override + void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; - circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_1_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_2_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_3_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - calldata_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - calldata_read_counts_comm = - deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - lookup_inverses_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_1_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_2_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_3_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + calldata_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + calldata_read_counts_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + lookup_inverses_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { sumcheck_univariates.push_back( deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read)); + BaseTranscript::proof_data, num_bytes_read)); } - sumcheck_evaluations = deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read); + sumcheck_evaluations = + deserialize_from_buffer>(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { - zm_cq_comms.push_back( - deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + zm_cq_comms.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); } /** @@ -650,43 +648,43 @@ template class GoblinUltraRecursive_ { * deserialize_full_transcript() was called and some transcript variable was modified. * */ - void serialize_full_transcript() override + void serialize_full_transcript() { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); + size_t old_proof_length = BaseTranscript::proof_data.size(); + BaseTranscript::proof_data.clear(); size_t log_n = numeric::get_msb(circuit_size); - serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - serialize_to_buffer(public_input_size, BaseTranscript::proof_data); - serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); + serialize_to_buffer(circuit_size, BaseTranscript::proof_data); + serialize_to_buffer(public_input_size, BaseTranscript::proof_data); + serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); + serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); } - serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_1_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_2_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_3_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(calldata_comm, BaseTranscript::proof_data); - serialize_to_buffer(calldata_read_counts_comm, BaseTranscript::proof_data); - serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); - serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_1_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_2_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_3_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_4_comm, BaseTranscript::proof_data); + serialize_to_buffer(calldata_comm, BaseTranscript::proof_data); + serialize_to_buffer(calldata_read_counts_comm, BaseTranscript::proof_data); + serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); + serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); } - serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); } - serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); - serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); // sanity check to make sure we generate the same length of proof as before. - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); + ASSERT(BaseTranscript::proof_data.size() == old_proof_length); } }; }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp index da12a3994ef1..ac09c0daa4ef 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp @@ -442,7 +442,7 @@ class Ultra { class VerifierCommitments : public AllEntities { public: VerifierCommitments(std::shared_ptr verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const std::shared_ptr transcript) { static_cast(transcript); q_m = verification_key->q_m; @@ -483,7 +483,7 @@ class Ultra { * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: // Transcript objects defined as public member variables for easy access and modification uint32_t circuit_size; @@ -507,7 +507,7 @@ class Ultra { // Used by verifier to initialize the transcript Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} static Transcript prover_init_empty() @@ -530,7 +530,7 @@ class Ultra { * structure. Must be called in order to access the structure of the proof. * */ - void deserialize_full_transcript() override + void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; @@ -567,7 +567,7 @@ class Ultra { * deserialize_full_transcript() was called and some transcript variable was modified. * */ - void serialize_full_transcript() override + void serialize_full_transcript() { size_t old_proof_length = proof_data.size(); proof_data.clear(); // clear proof_data so the rest of the function can replace it diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp index e780007eb36b..d4b00639ef31 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp @@ -435,7 +435,7 @@ template class UltraRecursive_ { * @brief Derived class that defines proof structure for UltraRecursive proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: // Transcript objects defined as public member variables for easy access and modification uint32_t circuit_size; @@ -459,7 +459,7 @@ template class UltraRecursive_ { // Used by verifier to initialize the transcript Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} static Transcript prover_init_empty() @@ -482,74 +482,73 @@ template class UltraRecursive_ { * the structure. Must be called in order to access the structure of the proof. * */ - void deserialize_full_transcript() override + void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; - circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { sumcheck_univariates.push_back( deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read)); + BaseTranscript::proof_data, num_bytes_read)); } - sumcheck_evaluations = deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read); + sumcheck_evaluations = + deserialize_from_buffer>(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { - zm_cq_comms.push_back( - deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + zm_cq_comms.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); } /** * @brief Serializes the structure variables into a FULL UltraRecursive proof. Should be called only if * deserialize_full_transcript() was called and some transcript variable was modified. * */ - void serialize_full_transcript() override + void serialize_full_transcript() { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); // clear proof_data so the rest of the function can replace it + size_t old_proof_length = BaseTranscript::proof_data.size(); + BaseTranscript::proof_data.clear(); // clear proof_data so the rest of the function can replace it size_t log_n = numeric::get_msb(circuit_size); - serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - serialize_to_buffer(public_input_size, BaseTranscript::proof_data); - serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); + serialize_to_buffer(circuit_size, BaseTranscript::proof_data); + serialize_to_buffer(public_input_size, BaseTranscript::proof_data); + serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); + serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); } - serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); - serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); + serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); } - serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); } - serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); - serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); // sanity check to make sure we generate the same length of proof as before. - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); + ASSERT(BaseTranscript::proof_data.size() == old_proof_length); } }; }; diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp new file mode 100644 index 000000000000..b87d21121bdc --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp @@ -0,0 +1,91 @@ +#pragma once + +#include "barretenberg/eccvm/eccvm_composer.hpp" +#include "barretenberg/proof_system/circuit_builder/eccvm/eccvm_circuit_builder.hpp" +#include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" +#include "barretenberg/proof_system/circuit_builder/goblin_ultra_circuit_builder.hpp" +#include "barretenberg/translator_vm/goblin_translator_composer.hpp" +#include "barretenberg/ultra_honk/ultra_composer.hpp" + +namespace barretenberg { + +class Goblin { + public: + using PartialProof = bool; + // // WORKTODO + // struct PartialProof { + // proof_system::plonk::proof ultra_proof; + // proof_system::plonk::proof merge_proof; + // }; + + using Fr = barretenberg::fr; + using Fq = barretenberg::fq; + + using Transcript = proof_system::honk::BaseTranscript; + using GoblinUltraComposer = proof_system::honk::GoblinUltraComposer; + using GoblinUltraCircuitBuilder = proof_system::GoblinUltraCircuitBuilder; + using OpQueue = proof_system::ECCOpQueue; + using ECCVMFlavor = proof_system::honk::flavor::ECCVM; + using ECCVMBuilder = proof_system::ECCVMCircuitBuilder; + using ECCVMComposer = proof_system::honk::ECCVMComposer; + using TranslatorBuilder = proof_system::GoblinTranslatorCircuitBuilder; + using TranslatorComposer = proof_system::honk::GoblinTranslatorComposer; + using TranslatorConsistencyData = barretenberg::TranslationEvaluations; + + std::shared_ptr prover_transcript = std::make_shared(); + std::shared_ptr verifier_transcript = std::make_shared(); + std::shared_ptr op_queue = std::make_shared(); + bool verified{ true }; + + // GoblinUltraCircuitBuilder circuit_builder{op_queue}; // WORKTODO: need to remove reference-type data members + + void accumulate(GoblinUltraCircuitBuilder& circuit_builder) + { + GoblinUltraComposer composer; + auto instance = composer.create_instance(circuit_builder); + auto prover = composer.create_prover(instance, prover_transcript); + auto honk_proof = prover.construct_proof(); + auto verifier = composer.create_verifier(instance, verifier_transcript); + verified = verified && verifier.verify_proof(honk_proof); + + // Construct and verify op queue merge proof + auto merge_prover = composer.create_merge_prover(op_queue, prover_transcript); + auto merge_proof = merge_prover.construct_proof(); + auto merge_verifier = + composer.create_merge_verifier(/*srs_size=*/10, verifier_transcript); // WORKTODO set this srs size + verified = verified && merge_verifier.verify_proof(merge_proof); + + // circuit_builder = GoblinUltraCircuitBuilder(); // WORKTODO: need to remove reference-type data members + }; + + PartialProof prove() + { + // Execute the ECCVM + // TODO(https://github.com/AztecProtocol/barretenberg/issues/785) Properly initialize transcript + auto eccvm_builder = ECCVMBuilder(op_queue); + auto eccvm_composer = ECCVMComposer(); + auto eccvm_prover = eccvm_composer.create_prover(eccvm_builder, prover_transcript); + auto eccvm_verifier = eccvm_composer.create_verifier(eccvm_builder); + auto eccvm_proof = eccvm_prover.construct_proof(); + bool eccvm_verified = eccvm_verifier.verify_proof(eccvm_proof); + info("eccvm_verified: ", eccvm_verified); + + // Execute the Translator + // TODO(https://github.com/AztecProtocol/barretenberg/issues/786) Properly derive batching_challenge + auto batching_challenge = Fq::random_element(); + auto evaluation_input = eccvm_prover.evaluation_challenge_x; + auto translator_builder = TranslatorBuilder(batching_challenge, evaluation_input, op_queue); + auto translator_composer = TranslatorComposer(); + auto translator_prover = translator_composer.create_prover(translator_builder, prover_transcript); + auto translator_verifier = translator_composer.create_verifier(translator_builder); + auto translator_proof = translator_prover.construct_proof(); + bool accumulator_construction_verified = translator_verifier.verify_proof(translator_proof); + info("accumulator_construction_verified: ", accumulator_construction_verified); + + bool translation_verified = translator_verifier.verify_translation(eccvm_prover.translation_evaluations); + info("translation_verified: ", translation_verified); + + return eccvm_verified && accumulator_construction_verified && translation_verified; + }; +}; +} // namespace barretenberg \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp index 5429be9161f9..90bd0b10790b 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp @@ -41,7 +41,7 @@ template class ProtoGalaxyProver_ { using RelationEvaluations = typename Flavor::TupleOfArraysOfValues; ProverInstances instances; - BaseTranscript transcript; + BaseTranscript transcript; ProtoGalaxyProver_() = default; ProtoGalaxyProver_(ProverInstances insts) diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index ed6441dae39b..23609ed9ace6 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -5,7 +5,7 @@ namespace proof_system::honk { template void ProtoGalaxyVerifier_::prepare_for_folding(std::vector fold_data) { - transcript = BaseTranscript{ fold_data }; + transcript = BaseTranscript{ fold_data }; auto index = 0; for (auto it = verifier_instances.begin(); it != verifier_instances.end(); it++, index++) { auto inst = *it; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp index e8f7032cb306..028710983dd4 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp @@ -14,7 +14,7 @@ template class ProtoGalaxyVerifier_ { using Instance = typename VerifierInstances::Instance; using VerificationKey = typename Flavor::VerificationKey; VerifierInstances verifier_instances; - BaseTranscript transcript; + BaseTranscript transcript; ProtoGalaxyVerifier_(VerifierInstances insts) : verifier_instances(insts){}; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp index 49fcdd6bf92c..494214ef125a 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp @@ -18,7 +18,7 @@ template class Transcript { public: using field_ct = field_t; using FF = barretenberg::fr; - using BaseTranscript = proof_system::honk::BaseTranscript; + using BaseTranscript = proof_system::honk::BaseTranscript; using StdlibTypes = utility::StdlibTypesUtility; static constexpr size_t HASH_OUTPUT_SIZE = BaseTranscript::HASH_OUTPUT_SIZE; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp index bed3ccee7cb8..c139ef6468e6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp @@ -14,7 +14,7 @@ using Builder = UltraCircuitBuilder; using UltraFlavor = ::proof_system::honk::flavor::Ultra; using UltraRecursiveFlavor = ::proof_system::honk::flavor::UltraRecursive_; using FF = barretenberg::fr; -using BaseTranscript = ::proof_system::honk::BaseTranscript; +using BaseTranscript = ::proof_system::honk::BaseTranscript; /** * @brief Create some mock data; add it to the provided prover transcript in various mock rounds diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index eb98b7898a7e..bd194ad74f91 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -14,10 +14,11 @@ template class SumcheckProver { using ProverPolynomials = typename Flavor::ProverPolynomials; using PartiallyEvaluatedMultivariates = typename Flavor::PartiallyEvaluatedMultivariates; using ClaimedEvaluations = typename Flavor::AllValues; - using Transcript = typename Flavor::Transcript; + using Transcript = BaseTranscript; + // using Transcript = typename Flavor::Transcript; using Instance = ProverInstance_; - Transcript& transcript; + std::shared_ptr transcript; const size_t multivariate_n; const size_t multivariate_d; SumcheckProverRound round; @@ -56,7 +57,7 @@ template class SumcheckProver { PartiallyEvaluatedMultivariates partially_evaluated_polynomials; // prover instantiates sumcheck with circuit size and a prover transcript - SumcheckProver(size_t multivariate_n, Transcript& transcript) + SumcheckProver(size_t multivariate_n, std::shared_ptr transcript) : transcript(transcript) , multivariate_n(multivariate_n) , multivariate_d(numeric::get_msb(multivariate_n)) @@ -73,7 +74,7 @@ template class SumcheckProver { const proof_system::RelationParameters& relation_parameters, FF alpha) // pass by value, not by reference { - auto zeta = transcript.get_challenge("Sumcheck:zeta"); + auto zeta = transcript->get_challenge("Sumcheck:zeta"); barretenberg::PowUnivariate pow_univariate(zeta); @@ -83,8 +84,8 @@ template class SumcheckProver { // First round // This populates partially_evaluated_polynomials. auto round_univariate = round.compute_univariate(full_polynomials, relation_parameters, pow_univariate, alpha); - transcript.send_to_verifier("Sumcheck:univariate_0", round_univariate); - FF round_challenge = transcript.get_challenge("Sumcheck:u_0"); + transcript->send_to_verifier("Sumcheck:univariate_0", round_univariate); + FF round_challenge = transcript->get_challenge("Sumcheck:u_0"); multivariate_challenge.emplace_back(round_challenge); partially_evaluate(full_polynomials, multivariate_n, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -97,8 +98,8 @@ template class SumcheckProver { // Write the round univariate to the transcript round_univariate = round.compute_univariate(partially_evaluated_polynomials, relation_parameters, pow_univariate, alpha); - transcript.send_to_verifier("Sumcheck:univariate_" + std::to_string(round_idx), round_univariate); - FF round_challenge = transcript.get_challenge("Sumcheck:u_" + std::to_string(round_idx)); + transcript->send_to_verifier("Sumcheck:univariate_" + std::to_string(round_idx), round_univariate); + FF round_challenge = transcript->get_challenge("Sumcheck:u_" + std::to_string(round_idx)); multivariate_challenge.emplace_back(round_challenge); partially_evaluate(partially_evaluated_polynomials, round.round_size, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -111,7 +112,7 @@ template class SumcheckProver { zip_view(multivariate_evaluations.pointer_view(), partially_evaluated_polynomials.pointer_view())) { *eval = (*poly)[0]; } - transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); + transcript->send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); return { multivariate_challenge, multivariate_evaluations }; }; @@ -199,11 +200,11 @@ template class SumcheckVerifier { */ SumcheckOutput verify(const proof_system::RelationParameters& relation_parameters, FF alpha, - auto& transcript) + auto transcript) { bool verified(true); - auto zeta = transcript.get_challenge("Sumcheck:zeta"); + auto zeta = transcript->get_challenge("Sumcheck:zeta"); barretenberg::PowUnivariate pow_univariate(zeta); // All but final round. @@ -220,12 +221,12 @@ template class SumcheckVerifier { // Obtain the round univariate from the transcript std::string round_univariate_label = "Sumcheck:univariate_" + std::to_string(round_idx); auto round_univariate = - transcript.template receive_from_prover>( + transcript->template receive_from_prover>( round_univariate_label); bool checked = round.check_sum(round_univariate); verified = verified && checked; - FF round_challenge = transcript.get_challenge("Sumcheck:u_" + std::to_string(round_idx)); + FF round_challenge = transcript->get_challenge("Sumcheck:u_" + std::to_string(round_idx)); multivariate_challenge.emplace_back(round_challenge); round.compute_next_target_sum(round_univariate, round_challenge); @@ -235,7 +236,7 @@ template class SumcheckVerifier { // Final round ClaimedEvaluations purported_evaluations; auto transcript_evaluations = - transcript.template receive_from_prover>("Sumcheck:evaluations"); + transcript->template receive_from_prover>("Sumcheck:evaluations"); for (auto [eval_ptr, transcript_eval] : zip_view(purported_evaluations.pointer_view(), transcript_evaluations)) { *eval_ptr = transcript_eval; diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index afdd70f3808d..8048c26a1d3f 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -50,11 +50,10 @@ class TranscriptManifest { /** * @brief Common transcript class for both parties. Stores the data for the current round, as well as the * manifest. - * - * @tparam FF Field from which we sample challenges. */ -template class BaseTranscript { +class BaseTranscript { public: + using Proof = std::vector; BaseTranscript() = default; /** @@ -62,9 +61,11 @@ template class BaseTranscript { * * @param proof_data */ - explicit BaseTranscript(const std::vector& proof_data) + explicit BaseTranscript(const Proof& proof_data) : proof_data(proof_data.begin(), proof_data.end()) - {} + { + info("num_bytes_read: ", num_bytes_read); + } static constexpr size_t HASH_OUTPUT_SIZE = 32; private: @@ -151,7 +152,7 @@ template class BaseTranscript { * @param element * @param proof_data */ - template void serialize_to_buffer(const T& element, std::vector& proof_data) + template void serialize_to_buffer(const T& element, Proof& proof_data) { auto element_bytes = to_buffer(element); proof_data.insert(proof_data.end(), element_bytes.begin(), element_bytes.end()); @@ -165,7 +166,7 @@ template class BaseTranscript { * @param offset * @return T */ - template T deserialize_from_buffer(const std::vector& proof_data, size_t& offset) const + template T deserialize_from_buffer(const Proof& proof_data, size_t& offset) const { constexpr size_t element_size = sizeof(T); ASSERT(offset + element_size <= proof_data.size()); @@ -180,7 +181,7 @@ template class BaseTranscript { public: // Contains the raw data sent by the prover. - std::vector proof_data; + Proof proof_data; /** * @brief After all the prover messages have been sent, finalize the round by hashing all the data and then create * the number of requested challenges. @@ -190,9 +191,18 @@ template class BaseTranscript { * multiple challenges. * * @param labels human-readable names for the challenges for the manifest - * @return std::array challenges for this round. + * @return std::array challenges for this round. */ - template std::array get_challenges(const Strings&... labels) + void load_proof(const Proof& proof) + { + if (proof_data.empty()) { + proof_data = proof; // leftoffhere + } else { + std::copy(proof.begin(), proof.end(), std::back_inserter(proof_data)); + } + }; + + template std::array get_challenges(const Strings&... labels) { constexpr size_t num_challenges = sizeof...(Strings); @@ -202,19 +212,19 @@ template class BaseTranscript { // Compute the new challenge buffer from which we derive the challenges. // Create challenges from bytes. - std::array challenges{}; + std::array challenges{}; // Generate the challenges by iteratively hashing over the previous challenge. for (size_t i = 0; i < num_challenges; i++) { auto next_challenge_buffer = get_next_challenge_buffer(); // get next challenge buffer - std::array field_element_buffer{}; + std::array field_element_buffer{}; // copy half of the hash to lower 128 bits of challenge // Note: because of how read() from buffers to fields works (in field_declarations.hpp), // we use the later half of the buffer std::copy_n(next_challenge_buffer.begin(), HASH_OUTPUT_SIZE / 2, field_element_buffer.begin() + HASH_OUTPUT_SIZE / 2); - challenges[i] = from_buffer(field_element_buffer); + challenges[i] = from_buffer(field_element_buffer); } // Prepare for next round. @@ -245,7 +255,7 @@ template class BaseTranscript { auto element_bytes = to_buffer(element); proof_data.insert(proof_data.end(), element_bytes.begin(), element_bytes.end()); - BaseTranscript::consume_prover_element_bytes(label, element_bytes); + BaseTranscript::consume_prover_element_bytes(label, element_bytes); } /** @@ -262,7 +272,7 @@ template class BaseTranscript { auto element_bytes = std::span{ proof_data }.subspan(num_bytes_read, element_size); num_bytes_read += element_size; - BaseTranscript::consume_prover_element_bytes(label, element_bytes); + BaseTranscript::consume_prover_element_bytes(label, element_bytes); T element = from_buffer(element_bytes); @@ -275,9 +285,9 @@ template class BaseTranscript { * * @return BaseTranscript */ - static BaseTranscript prover_init_empty() + static BaseTranscript prover_init_empty() { - BaseTranscript transcript; + BaseTranscript transcript; constexpr uint32_t init{ 42 }; // arbitrary transcript.send_to_verifier("Init", init); return transcript; @@ -290,14 +300,14 @@ template class BaseTranscript { * @param transcript * @return BaseTranscript */ - static BaseTranscript verifier_init_empty(const BaseTranscript& transcript) + static BaseTranscript verifier_init_empty(const std::shared_ptr transcript) { - BaseTranscript verifier_transcript{ transcript.proof_data }; + BaseTranscript verifier_transcript{ transcript->proof_data }; [[maybe_unused]] auto _ = verifier_transcript.template receive_from_prover("Init"); return verifier_transcript; }; - FF get_challenge(const std::string& label) { return get_challenges(label)[0]; } + uint256_t get_challenge(const std::string& label) { return get_challenges(label)[0]; } [[nodiscard]] TranscriptManifest get_manifest() const { return manifest; }; @@ -308,13 +318,13 @@ template class BaseTranscript { * @details Not supported for base transcript class because it does not have a defined structure. The current * proof_data object must represent the whole proof and not a partial proof or it will throw an error. */ - virtual void deserialize_full_transcript() { throw_or_abort("Cannot deserialize transcript"); } + // virtual void deserialize_full_transcript() { throw_or_abort("Cannot deserialize transcript"); } /** * @brief Serializes the FULL transcript from the defined derived class back into proof_data. * @details Only works if the struct is populated (usually from a call to deserialize_full_transcript). Allows for * modified transcript objects to be updated in the actual proof for testing purposes. */ - virtual void serialize_full_transcript() { throw_or_abort("Cannot serialize transcript"); } + // virtual void serialize_full_transcript() { throw_or_abort("Cannot serialize transcript"); } }; } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp index 437b31b90c59..83e4f830b2fb 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp @@ -5,7 +5,7 @@ namespace barretenberg::honk_transcript_tests { using FF = barretenberg::fr; -using Transcript = proof_system::honk::BaseTranscript; +using Transcript = proof_system::honk::BaseTranscript; TEST(BaseTranscript, Basic) { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 7ecf87adaf56..cd1cf2f0d65c 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -14,6 +14,7 @@ namespace proof_system::honk { using Flavor = honk::flavor::GoblinTranslator; using Curve = typename Flavor::Curve; +using FF = typename Flavor::FF; using CircuitBuilder = typename Flavor::CircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; @@ -200,7 +201,8 @@ void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_builder) * @return GoblinTranslatorProver */ -GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder) +GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder, + std::shared_ptr transcript) { // Compute total number of gates, dyadic circuit size, etc. @@ -213,7 +215,7 @@ GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& c compute_commitment_key(proving_key->circuit_size); - GoblinTranslatorProver output_state(proving_key, commitment_key); + GoblinTranslatorProver output_state(proving_key, commitment_key, transcript); return output_state; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index 749151b3ebee..757fa7f7e5ee 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -19,6 +19,7 @@ class GoblinTranslatorComposer { using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Polynomial = typename Flavor::Polynomial; + using Transcript = BaseTranscript; static constexpr size_t MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; static constexpr std::string_view NAME_STRING = "GoblinTranslator"; @@ -52,7 +53,7 @@ class GoblinTranslatorComposer { void compute_witness(CircuitBuilder& circuit_builder); - GoblinTranslatorProver create_prover(CircuitBuilder& circuit_builder); + GoblinTranslatorProver create_prover(CircuitBuilder& circuit_builder, std::shared_ptr transcript); GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_builder); std::shared_ptr compute_commitment_key(size_t circuit_size) diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 5ad81ecb1cbb..72defbe27768 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -19,7 +19,237 @@ namespace proof_system::honk { GoblinTranslatorProver::GoblinTranslatorProver(std::shared_ptr input_key, std::shared_ptr commitment_key) - : key(input_key) + : transcript(std::make_shared()) + , key(input_key) + , commitment_key(commitment_key) +{ + // Copy all polynomials from the proving key + prover_polynomials.op = key->op; + prover_polynomials.x_lo_y_hi = key->x_lo_y_hi; + prover_polynomials.x_hi_z_1 = key->x_hi_z_1; + prover_polynomials.y_lo_z_2 = key->y_lo_z_2; + prover_polynomials.p_x_low_limbs = key->p_x_low_limbs; + prover_polynomials.p_x_low_limbs_range_constraint_0 = key->p_x_low_limbs_range_constraint_0; + prover_polynomials.p_x_low_limbs_range_constraint_1 = key->p_x_low_limbs_range_constraint_1; + prover_polynomials.p_x_low_limbs_range_constraint_2 = key->p_x_low_limbs_range_constraint_2; + prover_polynomials.p_x_low_limbs_range_constraint_3 = key->p_x_low_limbs_range_constraint_3; + prover_polynomials.p_x_low_limbs_range_constraint_4 = key->p_x_low_limbs_range_constraint_4; + prover_polynomials.p_x_low_limbs_range_constraint_tail = key->p_x_low_limbs_range_constraint_tail; + prover_polynomials.p_x_high_limbs = key->p_x_high_limbs; + prover_polynomials.p_x_high_limbs_range_constraint_0 = key->p_x_high_limbs_range_constraint_0; + prover_polynomials.p_x_high_limbs_range_constraint_1 = key->p_x_high_limbs_range_constraint_1; + prover_polynomials.p_x_high_limbs_range_constraint_2 = key->p_x_high_limbs_range_constraint_2; + prover_polynomials.p_x_high_limbs_range_constraint_3 = key->p_x_high_limbs_range_constraint_3; + prover_polynomials.p_x_high_limbs_range_constraint_4 = key->p_x_high_limbs_range_constraint_4; + prover_polynomials.p_x_high_limbs_range_constraint_tail = key->p_x_high_limbs_range_constraint_tail; + prover_polynomials.p_y_low_limbs = key->p_y_low_limbs; + prover_polynomials.p_y_low_limbs_range_constraint_0 = key->p_y_low_limbs_range_constraint_0; + prover_polynomials.p_y_low_limbs_range_constraint_1 = key->p_y_low_limbs_range_constraint_1; + prover_polynomials.p_y_low_limbs_range_constraint_2 = key->p_y_low_limbs_range_constraint_2; + prover_polynomials.p_y_low_limbs_range_constraint_3 = key->p_y_low_limbs_range_constraint_3; + prover_polynomials.p_y_low_limbs_range_constraint_4 = key->p_y_low_limbs_range_constraint_4; + prover_polynomials.p_y_low_limbs_range_constraint_tail = key->p_y_low_limbs_range_constraint_tail; + prover_polynomials.p_y_high_limbs = key->p_y_high_limbs; + prover_polynomials.p_y_high_limbs_range_constraint_0 = key->p_y_high_limbs_range_constraint_0; + prover_polynomials.p_y_high_limbs_range_constraint_1 = key->p_y_high_limbs_range_constraint_1; + prover_polynomials.p_y_high_limbs_range_constraint_2 = key->p_y_high_limbs_range_constraint_2; + prover_polynomials.p_y_high_limbs_range_constraint_3 = key->p_y_high_limbs_range_constraint_3; + prover_polynomials.p_y_high_limbs_range_constraint_4 = key->p_y_high_limbs_range_constraint_4; + prover_polynomials.p_y_high_limbs_range_constraint_tail = key->p_y_high_limbs_range_constraint_tail; + prover_polynomials.z_low_limbs = key->z_low_limbs; + prover_polynomials.z_low_limbs_range_constraint_0 = key->z_low_limbs_range_constraint_0; + prover_polynomials.z_low_limbs_range_constraint_1 = key->z_low_limbs_range_constraint_1; + prover_polynomials.z_low_limbs_range_constraint_2 = key->z_low_limbs_range_constraint_2; + prover_polynomials.z_low_limbs_range_constraint_3 = key->z_low_limbs_range_constraint_3; + prover_polynomials.z_low_limbs_range_constraint_4 = key->z_low_limbs_range_constraint_4; + prover_polynomials.z_low_limbs_range_constraint_tail = key->z_low_limbs_range_constraint_tail; + prover_polynomials.z_high_limbs = key->z_high_limbs; + prover_polynomials.z_high_limbs_range_constraint_0 = key->z_high_limbs_range_constraint_0; + prover_polynomials.z_high_limbs_range_constraint_1 = key->z_high_limbs_range_constraint_1; + prover_polynomials.z_high_limbs_range_constraint_2 = key->z_high_limbs_range_constraint_2; + prover_polynomials.z_high_limbs_range_constraint_3 = key->z_high_limbs_range_constraint_3; + prover_polynomials.z_high_limbs_range_constraint_4 = key->z_high_limbs_range_constraint_4; + prover_polynomials.z_high_limbs_range_constraint_tail = key->z_high_limbs_range_constraint_tail; + prover_polynomials.accumulators_binary_limbs_0 = key->accumulators_binary_limbs_0; + prover_polynomials.accumulators_binary_limbs_1 = key->accumulators_binary_limbs_1; + prover_polynomials.accumulators_binary_limbs_2 = key->accumulators_binary_limbs_2; + prover_polynomials.accumulators_binary_limbs_3 = key->accumulators_binary_limbs_3; + prover_polynomials.accumulator_low_limbs_range_constraint_0 = key->accumulator_low_limbs_range_constraint_0; + prover_polynomials.accumulator_low_limbs_range_constraint_1 = key->accumulator_low_limbs_range_constraint_1; + prover_polynomials.accumulator_low_limbs_range_constraint_2 = key->accumulator_low_limbs_range_constraint_2; + prover_polynomials.accumulator_low_limbs_range_constraint_3 = key->accumulator_low_limbs_range_constraint_3; + prover_polynomials.accumulator_low_limbs_range_constraint_4 = key->accumulator_low_limbs_range_constraint_4; + prover_polynomials.accumulator_low_limbs_range_constraint_tail = key->accumulator_low_limbs_range_constraint_tail; + prover_polynomials.accumulator_high_limbs_range_constraint_0 = key->accumulator_high_limbs_range_constraint_0; + prover_polynomials.accumulator_high_limbs_range_constraint_1 = key->accumulator_high_limbs_range_constraint_1; + prover_polynomials.accumulator_high_limbs_range_constraint_2 = key->accumulator_high_limbs_range_constraint_2; + prover_polynomials.accumulator_high_limbs_range_constraint_3 = key->accumulator_high_limbs_range_constraint_3; + prover_polynomials.accumulator_high_limbs_range_constraint_4 = key->accumulator_high_limbs_range_constraint_4; + prover_polynomials.accumulator_high_limbs_range_constraint_tail = key->accumulator_high_limbs_range_constraint_tail; + prover_polynomials.quotient_low_binary_limbs = key->quotient_low_binary_limbs; + prover_polynomials.quotient_high_binary_limbs = key->quotient_high_binary_limbs; + prover_polynomials.quotient_low_limbs_range_constraint_0 = key->quotient_low_limbs_range_constraint_0; + prover_polynomials.quotient_low_limbs_range_constraint_1 = key->quotient_low_limbs_range_constraint_1; + prover_polynomials.quotient_low_limbs_range_constraint_2 = key->quotient_low_limbs_range_constraint_2; + prover_polynomials.quotient_low_limbs_range_constraint_3 = key->quotient_low_limbs_range_constraint_3; + prover_polynomials.quotient_low_limbs_range_constraint_4 = key->quotient_low_limbs_range_constraint_4; + prover_polynomials.quotient_low_limbs_range_constraint_tail = key->quotient_low_limbs_range_constraint_tail; + prover_polynomials.quotient_high_limbs_range_constraint_0 = key->quotient_high_limbs_range_constraint_0; + prover_polynomials.quotient_high_limbs_range_constraint_1 = key->quotient_high_limbs_range_constraint_1; + prover_polynomials.quotient_high_limbs_range_constraint_2 = key->quotient_high_limbs_range_constraint_2; + prover_polynomials.quotient_high_limbs_range_constraint_3 = key->quotient_high_limbs_range_constraint_3; + prover_polynomials.quotient_high_limbs_range_constraint_4 = key->quotient_high_limbs_range_constraint_4; + prover_polynomials.quotient_high_limbs_range_constraint_tail = key->quotient_high_limbs_range_constraint_tail; + prover_polynomials.relation_wide_limbs = key->relation_wide_limbs; + prover_polynomials.relation_wide_limbs_range_constraint_0 = key->relation_wide_limbs_range_constraint_0; + prover_polynomials.relation_wide_limbs_range_constraint_1 = key->relation_wide_limbs_range_constraint_1; + prover_polynomials.relation_wide_limbs_range_constraint_2 = key->relation_wide_limbs_range_constraint_2; + prover_polynomials.relation_wide_limbs_range_constraint_3 = key->relation_wide_limbs_range_constraint_3; + prover_polynomials.concatenated_range_constraints_0 = key->concatenated_range_constraints_0; + prover_polynomials.concatenated_range_constraints_1 = key->concatenated_range_constraints_1; + prover_polynomials.concatenated_range_constraints_2 = key->concatenated_range_constraints_2; + prover_polynomials.concatenated_range_constraints_3 = key->concatenated_range_constraints_3; + prover_polynomials.ordered_range_constraints_0 = key->ordered_range_constraints_0; + prover_polynomials.ordered_range_constraints_1 = key->ordered_range_constraints_1; + prover_polynomials.ordered_range_constraints_2 = key->ordered_range_constraints_2; + prover_polynomials.ordered_range_constraints_3 = key->ordered_range_constraints_3; + prover_polynomials.ordered_range_constraints_4 = key->ordered_range_constraints_4; + prover_polynomials.x_lo_y_hi_shift = key->x_lo_y_hi.shifted(); + prover_polynomials.x_hi_z_1_shift = key->x_hi_z_1.shifted(); + prover_polynomials.y_lo_z_2_shift = key->y_lo_z_2.shifted(); + prover_polynomials.p_x_low_limbs_shift = key->p_x_low_limbs.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_0_shift = key->p_x_low_limbs_range_constraint_0.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_1_shift = key->p_x_low_limbs_range_constraint_1.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_2_shift = key->p_x_low_limbs_range_constraint_2.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_3_shift = key->p_x_low_limbs_range_constraint_3.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_4_shift = key->p_x_low_limbs_range_constraint_4.shifted(); + prover_polynomials.p_x_low_limbs_range_constraint_tail_shift = key->p_x_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.p_x_high_limbs_shift = key->p_x_high_limbs.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_0_shift = key->p_x_high_limbs_range_constraint_0.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_1_shift = key->p_x_high_limbs_range_constraint_1.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_2_shift = key->p_x_high_limbs_range_constraint_2.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_3_shift = key->p_x_high_limbs_range_constraint_3.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_4_shift = key->p_x_high_limbs_range_constraint_4.shifted(); + prover_polynomials.p_x_high_limbs_range_constraint_tail_shift = key->p_x_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.p_y_low_limbs_shift = key->p_y_low_limbs.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_0_shift = key->p_y_low_limbs_range_constraint_0.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_1_shift = key->p_y_low_limbs_range_constraint_1.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_2_shift = key->p_y_low_limbs_range_constraint_2.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_3_shift = key->p_y_low_limbs_range_constraint_3.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_4_shift = key->p_y_low_limbs_range_constraint_4.shifted(); + prover_polynomials.p_y_low_limbs_range_constraint_tail_shift = key->p_y_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.p_y_high_limbs_shift = key->p_y_high_limbs.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_0_shift = key->p_y_high_limbs_range_constraint_0.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_1_shift = key->p_y_high_limbs_range_constraint_1.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_2_shift = key->p_y_high_limbs_range_constraint_2.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_3_shift = key->p_y_high_limbs_range_constraint_3.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_4_shift = key->p_y_high_limbs_range_constraint_4.shifted(); + prover_polynomials.p_y_high_limbs_range_constraint_tail_shift = key->p_y_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.z_low_limbs_shift = key->z_low_limbs.shifted(); + prover_polynomials.z_low_limbs_range_constraint_0_shift = key->z_low_limbs_range_constraint_0.shifted(); + prover_polynomials.z_low_limbs_range_constraint_1_shift = key->z_low_limbs_range_constraint_1.shifted(); + prover_polynomials.z_low_limbs_range_constraint_2_shift = key->z_low_limbs_range_constraint_2.shifted(); + prover_polynomials.z_low_limbs_range_constraint_3_shift = key->z_low_limbs_range_constraint_3.shifted(); + prover_polynomials.z_low_limbs_range_constraint_4_shift = key->z_low_limbs_range_constraint_4.shifted(); + prover_polynomials.z_low_limbs_range_constraint_tail_shift = key->z_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.z_high_limbs_shift = key->z_high_limbs.shifted(); + prover_polynomials.z_high_limbs_range_constraint_0_shift = key->z_high_limbs_range_constraint_0.shifted(); + prover_polynomials.z_high_limbs_range_constraint_1_shift = key->z_high_limbs_range_constraint_1.shifted(); + prover_polynomials.z_high_limbs_range_constraint_2_shift = key->z_high_limbs_range_constraint_2.shifted(); + prover_polynomials.z_high_limbs_range_constraint_3_shift = key->z_high_limbs_range_constraint_3.shifted(); + prover_polynomials.z_high_limbs_range_constraint_4_shift = key->z_high_limbs_range_constraint_4.shifted(); + prover_polynomials.z_high_limbs_range_constraint_tail_shift = key->z_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.accumulators_binary_limbs_0_shift = key->accumulators_binary_limbs_0.shifted(); + prover_polynomials.accumulators_binary_limbs_1_shift = key->accumulators_binary_limbs_1.shifted(); + prover_polynomials.accumulators_binary_limbs_2_shift = key->accumulators_binary_limbs_2.shifted(); + prover_polynomials.accumulators_binary_limbs_3_shift = key->accumulators_binary_limbs_3.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_0_shift = + key->accumulator_low_limbs_range_constraint_0.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_1_shift = + key->accumulator_low_limbs_range_constraint_1.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_2_shift = + key->accumulator_low_limbs_range_constraint_2.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_3_shift = + key->accumulator_low_limbs_range_constraint_3.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_4_shift = + key->accumulator_low_limbs_range_constraint_4.shifted(); + prover_polynomials.accumulator_low_limbs_range_constraint_tail_shift = + key->accumulator_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_0_shift = + key->accumulator_high_limbs_range_constraint_0.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_1_shift = + key->accumulator_high_limbs_range_constraint_1.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_2_shift = + key->accumulator_high_limbs_range_constraint_2.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_3_shift = + key->accumulator_high_limbs_range_constraint_3.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_4_shift = + key->accumulator_high_limbs_range_constraint_4.shifted(); + prover_polynomials.accumulator_high_limbs_range_constraint_tail_shift = + key->accumulator_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.quotient_low_binary_limbs_shift = key->quotient_low_binary_limbs.shifted(); + prover_polynomials.quotient_high_binary_limbs_shift = key->quotient_high_binary_limbs.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_0_shift = + key->quotient_low_limbs_range_constraint_0.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_1_shift = + key->quotient_low_limbs_range_constraint_1.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_2_shift = + key->quotient_low_limbs_range_constraint_2.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_3_shift = + key->quotient_low_limbs_range_constraint_3.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_4_shift = + key->quotient_low_limbs_range_constraint_4.shifted(); + prover_polynomials.quotient_low_limbs_range_constraint_tail_shift = + key->quotient_low_limbs_range_constraint_tail.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_0_shift = + key->quotient_high_limbs_range_constraint_0.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_1_shift = + key->quotient_high_limbs_range_constraint_1.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_2_shift = + key->quotient_high_limbs_range_constraint_2.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_3_shift = + key->quotient_high_limbs_range_constraint_3.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_4_shift = + key->quotient_high_limbs_range_constraint_4.shifted(); + prover_polynomials.quotient_high_limbs_range_constraint_tail_shift = + key->quotient_high_limbs_range_constraint_tail.shifted(); + prover_polynomials.relation_wide_limbs_shift = key->relation_wide_limbs.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_0_shift = + key->relation_wide_limbs_range_constraint_0.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_1_shift = + key->relation_wide_limbs_range_constraint_1.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_2_shift = + key->relation_wide_limbs_range_constraint_2.shifted(); + prover_polynomials.relation_wide_limbs_range_constraint_3_shift = + key->relation_wide_limbs_range_constraint_3.shifted(); + prover_polynomials.ordered_range_constraints_0_shift = key->ordered_range_constraints_0.shifted(); + prover_polynomials.ordered_range_constraints_1_shift = key->ordered_range_constraints_1.shifted(); + prover_polynomials.ordered_range_constraints_2_shift = key->ordered_range_constraints_2.shifted(); + prover_polynomials.ordered_range_constraints_3_shift = key->ordered_range_constraints_3.shifted(); + prover_polynomials.ordered_range_constraints_4_shift = key->ordered_range_constraints_4.shifted(); + prover_polynomials.lagrange_first = key->lagrange_first; + prover_polynomials.lagrange_last = key->lagrange_last; + prover_polynomials.lagrange_odd_in_minicircuit = key->lagrange_odd_in_minicircuit; + prover_polynomials.lagrange_even_in_minicircuit = key->lagrange_even_in_minicircuit; + prover_polynomials.lagrange_second = key->lagrange_second; + prover_polynomials.lagrange_second_to_last_in_minicircuit = key->lagrange_second_to_last_in_minicircuit; + prover_polynomials.ordered_extra_range_constraints_numerator = key->ordered_extra_range_constraints_numerator; +} + +/** + * Create GoblinTranslatorProver from proving key, witness and manifest. + * + * @param input_key Proving key. + * @param input_manifest Input manifest + * + * @tparam settings Settings class. + * */ + +GoblinTranslatorProver::GoblinTranslatorProver(std::shared_ptr input_key, + std::shared_ptr commitment_key, + std::shared_ptr transcript) + : transcript(transcript) + , key(input_key) , commitment_key(commitment_key) { // Copy all polynomials from the proving key @@ -249,10 +479,10 @@ void GoblinTranslatorProver::execute_preamble_round() uint256_t(key->accumulators_binary_limbs_1[1]) * SHIFT + uint256_t(key->accumulators_binary_limbs_2[1]) * SHIFTx2 + uint256_t(key->accumulators_binary_limbs_3[1]) * SHIFTx3); - transcript.send_to_verifier("circuit_size", circuit_size); - transcript.send_to_verifier("evaluation_input_x", key->evaluation_input_x); - transcript.send_to_verifier("batching_challenge_v", key->batching_challenge_v); - transcript.send_to_verifier("accumulated_result", accumulated_result); + transcript->send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("evaluation_input_x", key->evaluation_input_x); + transcript->send_to_verifier("batching_challenge_v", key->batching_challenge_v); + transcript->send_to_verifier("accumulated_result", accumulated_result); } /** @@ -265,7 +495,7 @@ void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_rou auto wire_polys = key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } } @@ -276,7 +506,7 @@ void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_rou void GoblinTranslatorProver::execute_grand_product_computation_round() { // Compute and store parameters required by relations in Sumcheck - auto [gamma] = transcript.get_challenges("gamma"); + auto [gamma] = transcript->get_challenges("gamma"); const size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; relation_parameters.beta = 0; relation_parameters.gamma = gamma; @@ -316,7 +546,7 @@ void GoblinTranslatorProver::execute_grand_product_computation_round() // Compute constraint permutation grand product grand_product_library::compute_grand_products(key, prover_polynomials, relation_parameters); - transcript.send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); + transcript->send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); } /** @@ -329,7 +559,7 @@ void GoblinTranslatorProver::execute_relation_check_rounds() auto sumcheck = Sumcheck(key->circuit_size, transcript); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } @@ -355,7 +585,7 @@ void GoblinTranslatorProver::execute_zeromorph_rounds() plonk::proof& GoblinTranslatorProver::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index 47772d1ca7b8..1d46950c6a24 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -19,6 +19,7 @@ class GoblinTranslatorProver { using ProverPolynomials = typename Flavor::ProverPolynomials; using CommitmentLabels = typename Flavor::CommitmentLabels; using Curve = typename Flavor::Curve; + using Transcript = BaseTranscript; static size_t constexpr MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; static size_t constexpr FULL_CIRCUIT_SIZE = Flavor::FULL_CIRCUIT_SIZE; @@ -27,6 +28,10 @@ class GoblinTranslatorProver { explicit GoblinTranslatorProver(std::shared_ptr input_key, std::shared_ptr commitment_key); + explicit GoblinTranslatorProver(std::shared_ptr input_key, + std::shared_ptr commitment_key, + std::shared_ptr transcript); + void execute_preamble_round(); void execute_wire_and_sorted_constraints_commitments_round(); void execute_grand_product_computation_round(); @@ -35,7 +40,7 @@ class GoblinTranslatorProver { plonk::proof& export_proof(); plonk::proof& construct_proof(); - BaseTranscript transcript; + std::shared_ptr transcript; proof_system::RelationParameters relation_parameters; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index d280143e2f24..8cf1b8a557eb 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -70,17 +70,17 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) using VerifierCommitments = typename Flavor::VerifierCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; - transcript = BaseTranscript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); auto commitments = VerifierCommitments(key, transcript); auto commitment_labels = CommitmentLabels(); // TODO(Adrian): Change the initialization of the transcript to take the VK hash? - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); - evaluation_input_x = transcript.template receive_from_prover("evaluation_input_x"); - batching_challenge_v = transcript.template receive_from_prover("batching_challenge_v"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); + evaluation_input_x = transcript->template receive_from_prover("evaluation_input_x"); + batching_challenge_v = transcript->template receive_from_prover("batching_challenge_v"); - const BF accumulated_result = transcript.template receive_from_prover("accumulated_result"); + const BF accumulated_result = transcript->template receive_from_prover("accumulated_result"); put_translation_data_in_relation_parameters(evaluation_input_x, batching_challenge_v, accumulated_result); @@ -90,7 +90,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) // Get all the values of wires const auto receive_commitment = [&](const std::string& label) { - return transcript.template receive_from_prover(label); + return transcript->template receive_from_prover(label); }; commitments.op = receive_commitment(commitment_labels.op); @@ -235,7 +235,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) commitments.ordered_range_constraints_4 = receive_commitment(commitment_labels.ordered_range_constraints_4); // Get permutation challenges - auto [gamma] = transcript.get_challenges("gamma"); + auto [gamma] = transcript->get_challenges("gamma"); relation_parameters.beta = 0; relation_parameters.gamma = gamma; @@ -248,7 +248,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index ff49cd546ce1..8a8a93b331f9 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -20,7 +20,7 @@ class GoblinTranslatorVerifier { std::map commitments; std::map pcs_fr_elements; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + std::shared_ptr transcript; RelationParameters relation_parameters; explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp index ba5ed3909a70..baf33e0ab92f 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp @@ -8,7 +8,21 @@ namespace proof_system::honk { */ template MergeProver_::MergeProver_(std::shared_ptr commitment_key, std::shared_ptr op_queue) - : op_queue(op_queue) + : transcript(std::make_shared()) + , op_queue(op_queue) + , pcs_commitment_key(commitment_key) +{} + +/** + * Create MergeProver_ + * + */ +template +MergeProver_::MergeProver_(std::shared_ptr commitment_key, + std::shared_ptr op_queue, + std::shared_ptr transcript) + : transcript(transcript) + , op_queue(op_queue) , pcs_commitment_key(commitment_key) {} @@ -54,9 +68,9 @@ template plonk::proof& MergeProver_::construct_proof() C_T_current[idx] = C_T_prev + C_t_shift; std::string suffix = std::to_string(idx + 1); - transcript.send_to_verifier("T_PREV_" + suffix, C_T_prev); - transcript.send_to_verifier("t_SHIFT_" + suffix, C_t_shift); - transcript.send_to_verifier("T_CURRENT_" + suffix, C_T_current[idx]); + transcript->send_to_verifier("T_PREV_" + suffix, C_T_prev); + transcript->send_to_verifier("t_SHIFT_" + suffix, C_t_shift); + transcript->send_to_verifier("T_CURRENT_" + suffix, C_T_current[idx]); } // Store the commitments [T_{i}] (to be used later in subsequent iterations as [T_{i-1}]). @@ -64,7 +78,7 @@ template plonk::proof& MergeProver_::construct_proof() // Compute evaluations T_i(\kappa), T_{i-1}(\kappa), t_i^{shift}(\kappa), add to transcript. For each polynomial // we add a univariate opening claim {p(X), (\kappa, p(\kappa))} to the set of claims to be checked via batched KZG. - auto kappa = transcript.get_challenge("kappa"); + auto kappa = transcript->get_challenge("kappa"); // Add univariate opening claims for each polynomial. std::vector opening_claims; @@ -72,24 +86,24 @@ template plonk::proof& MergeProver_::construct_proof() for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { auto polynomial = Polynomial(T_prev[idx]); auto evaluation = polynomial.evaluate(kappa); - transcript.send_to_verifier("T_prev_eval_" + std::to_string(idx + 1), evaluation); + transcript->send_to_verifier("T_prev_eval_" + std::to_string(idx + 1), evaluation); opening_claims.emplace_back(OpeningClaim{ polynomial, { kappa, evaluation } }); } // Compute evaluation t_i^{shift}(\kappa) for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { auto evaluation = t_shift[idx].evaluate(kappa); - transcript.send_to_verifier("t_shift_eval_" + std::to_string(idx + 1), evaluation); + transcript->send_to_verifier("t_shift_eval_" + std::to_string(idx + 1), evaluation); opening_claims.emplace_back(OpeningClaim{ t_shift[idx], { kappa, evaluation } }); } // Compute evaluation T_i(\kappa) for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { auto polynomial = Polynomial(T_current[idx]); auto evaluation = polynomial.evaluate(kappa); - transcript.send_to_verifier("T_current_eval_" + std::to_string(idx + 1), evaluation); + transcript->send_to_verifier("T_current_eval_" + std::to_string(idx + 1), evaluation); opening_claims.emplace_back(OpeningClaim{ polynomial, { kappa, evaluation } }); } - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); // Constuct batched polynomial to opened via KZG auto batched_polynomial = Polynomial(N); @@ -107,9 +121,9 @@ template plonk::proof& MergeProver_::construct_proof() quotient.factor_roots(kappa); auto quotient_commitment = pcs_commitment_key->commit(quotient); - transcript.send_to_verifier("KZG:W", quotient_commitment); + transcript->send_to_verifier("KZG:W", quotient_commitment); - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp index a6d31866b41e..628bbe45260e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp @@ -23,13 +23,15 @@ template class MergeProver_ { using Curve = typename Flavor::Curve; using OpeningClaim = typename pcs::ProverOpeningClaim; using OpeningPair = typename pcs::OpeningPair; + using Transcript = BaseTranscript; public: - BaseTranscript transcript; + std::shared_ptr transcript; std::shared_ptr op_queue; std::shared_ptr pcs_commitment_key; explicit MergeProver_(std::shared_ptr, std::shared_ptr); + explicit MergeProver_(std::shared_ptr, std::shared_ptr, std::shared_ptr); plonk::proof& construct_proof(); private: diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp index bfac4182d6d9..2c218deb701d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp @@ -3,8 +3,10 @@ namespace proof_system::honk { template -MergeVerifier_::MergeVerifier_(std::unique_ptr verification_key) - : pcs_verification_key(std::move(verification_key)){}; +MergeVerifier_::MergeVerifier_(std::unique_ptr verification_key, + std::shared_ptr transcript) + : transcript(transcript) + , pcs_verification_key(std::move(verification_key)){}; /** * @brief Verify proper construction of the aggregate Goblin ECC op queue polynomials T_i^(j), j = 1,2,3,4. @@ -19,19 +21,19 @@ MergeVerifier_::MergeVerifier_(std::unique_ptr ve */ template bool MergeVerifier_::verify_proof(const plonk::proof& proof) { - transcript = BaseTranscript{ proof.proof_data }; + transcript->load_proof(proof.proof_data); // Receive commitments [t_i^{shift}], [T_{i-1}], and [T_i] std::array C_T_prev; std::array C_t_shift; std::array C_T_current; for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - C_T_prev[idx] = transcript.template receive_from_prover("T_PREV_" + std::to_string(idx + 1)); - C_t_shift[idx] = transcript.template receive_from_prover("t_SHIFT_" + std::to_string(idx + 1)); - C_T_current[idx] = transcript.template receive_from_prover("T_CURRENT_" + std::to_string(idx + 1)); + C_T_prev[idx] = transcript->template receive_from_prover("T_PREV_" + std::to_string(idx + 1)); + C_t_shift[idx] = transcript->template receive_from_prover("t_SHIFT_" + std::to_string(idx + 1)); + C_T_current[idx] = transcript->template receive_from_prover("T_CURRENT_" + std::to_string(idx + 1)); } - FF kappa = transcript.get_challenge("kappa"); + FF kappa = transcript->get_challenge("kappa"); // Receive transcript poly evaluations and add corresponding univariate opening claims {(\kappa, p(\kappa), [p(X)]} std::array T_prev_evals; @@ -39,15 +41,16 @@ template bool MergeVerifier_::verify_proof(const plonk std::array T_current_evals; std::vector opening_claims; for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - T_prev_evals[idx] = transcript.template receive_from_prover("T_prev_eval_" + std::to_string(idx + 1)); + T_prev_evals[idx] = transcript->template receive_from_prover("T_prev_eval_" + std::to_string(idx + 1)); opening_claims.emplace_back(pcs::OpeningClaim{ { kappa, T_prev_evals[idx] }, C_T_prev[idx] }); } for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - t_shift_evals[idx] = transcript.template receive_from_prover("t_shift_eval_" + std::to_string(idx + 1)); + t_shift_evals[idx] = transcript->template receive_from_prover("t_shift_eval_" + std::to_string(idx + 1)); opening_claims.emplace_back(pcs::OpeningClaim{ { kappa, t_shift_evals[idx] }, C_t_shift[idx] }); } for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - T_current_evals[idx] = transcript.template receive_from_prover("T_current_eval_" + std::to_string(idx + 1)); + T_current_evals[idx] = + transcript->template receive_from_prover("T_current_eval_" + std::to_string(idx + 1)); opening_claims.emplace_back(pcs::OpeningClaim{ { kappa, T_current_evals[idx] }, C_T_current[idx] }); } @@ -57,7 +60,7 @@ template bool MergeVerifier_::verify_proof(const plonk identity_checked = identity_checked && (T_current_evals[idx] == T_prev_evals[idx] + t_shift_evals[idx]); } - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); // Constuct batched commitment and evaluation from constituents auto batched_commitment = opening_claims[0].commitment; @@ -74,6 +77,7 @@ template bool MergeVerifier_::verify_proof(const plonk auto verified = PCS::verify(pcs_verification_key, batched_claim, transcript); + info("merge verified: ", verified); return identity_checked && verified; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp index d1da2f786ab2..3e1fcbd67619 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp @@ -26,11 +26,12 @@ template class MergeVerifier_ { using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; public: - BaseTranscript transcript; + std::shared_ptr transcript; std::shared_ptr op_queue; std::shared_ptr pcs_verification_key; - explicit MergeVerifier_(std::unique_ptr verification_key); + explicit MergeVerifier_(std::unique_ptr verification_key, + std::shared_ptr transcript); bool verify_proof(const plonk::proof& proof); }; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp index ff8cf11b8690..6513f9e651c2 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp @@ -17,18 +17,20 @@ std::shared_ptr> UltraComposer_::create_instance } template -UltraProver_ UltraComposer_::create_prover(std::shared_ptr instance) +UltraProver_ UltraComposer_::create_prover(std::shared_ptr instance, + std::shared_ptr transcript) { - UltraProver_ output_state(instance); + UltraProver_ output_state(instance, transcript); return output_state; } template -UltraVerifier_ UltraComposer_::create_verifier(std::shared_ptr instance) +UltraVerifier_ UltraComposer_::create_verifier(std::shared_ptr instance, + std::shared_ptr transcript) { auto verification_key = instance->compute_verification_key(); - UltraVerifier_ output_state(verification_key); + UltraVerifier_ output_state(transcript, verification_key); auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); output_state.pcs_verification_key = std::move(pcs_verification_key); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index 3cd04b03ff12..9e232015418b 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -20,6 +20,8 @@ template class UltraComposer_ { using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Instance = ProverInstance_; + using FF = typename Flavor::FF; + using Transcript = BaseTranscript; static constexpr size_t NUM_FOLDING = 2; using ProverInstances = ProverInstances_; @@ -62,8 +64,8 @@ template class UltraComposer_ { std::shared_ptr create_instance(CircuitBuilder& circuit); - UltraProver_ create_prover(std::shared_ptr); - UltraVerifier_ create_verifier(std::shared_ptr); + UltraProver_ create_prover(std::shared_ptr, std::shared_ptr transcript); + UltraVerifier_ create_verifier(std::shared_ptr, std::shared_ptr transcript); /** * @brief Create Prover for Goblin ECC op queue merge protocol @@ -71,14 +73,15 @@ template class UltraComposer_ { * @param op_queue * @return MergeProver_ */ - MergeProver_ create_merge_prover(std::shared_ptr op_queue) + MergeProver_ create_merge_prover(std::shared_ptr op_queue, + std::shared_ptr transcript) { // Store the previous aggregate op queue size and update the current one op_queue->set_size_data(); // Merge requires a commitment key with size equal to that of the current op queue transcript T_i since the // shift of the current contribution t_i will be of degree equal to deg(T_i) auto commitment_key = compute_commitment_key(op_queue->get_current_size()); - return MergeProver_(commitment_key, op_queue); + return MergeProver_(commitment_key, op_queue, transcript); } /** @@ -87,10 +90,10 @@ template class UltraComposer_ { * @param size Size of commitment key required to commit to shifted op queue contribution t_i * @return MergeVerifier_ */ - MergeVerifier_ create_merge_verifier(size_t srs_size) + MergeVerifier_ create_merge_verifier(size_t srs_size, std::shared_ptr transcript) { auto pcs_verification_key = std::make_unique(srs_size, crs_factory_); - return MergeVerifier_(std::move(pcs_verification_key)); + return MergeVerifier_(std::move(pcs_verification_key), transcript); } ProtoGalaxyProver_ create_folding_prover(std::vector> instances) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index 0dcdb608e2b7..c8034cc6280f 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -14,6 +14,23 @@ namespace proof_system::honk { template UltraProver_::UltraProver_(std::shared_ptr inst) : instance(std::move(inst)) + , transcript(std::make_shared()) + , commitment_key(instance->commitment_key) +{ + instance->initialize_prover_polynomials(); +} + +/** + * Create UltraProver_ from an instance. + * + * @param instance Instance whose proof we want to generate. + * + * @tparam a type of UltraFlavor + * */ +template +UltraProver_::UltraProver_(std::shared_ptr inst, std::shared_ptr transcript) + : instance(std::move(inst)) + , transcript(transcript) , commitment_key(instance->commitment_key) { instance->initialize_prover_polynomials(); @@ -29,13 +46,13 @@ template void UltraProver_::execute_preamble_round( const auto circuit_size = static_cast(proving_key->circuit_size); const auto num_public_inputs = static_cast(proving_key->num_public_inputs); - transcript.send_to_verifier("circuit_size", circuit_size); - transcript.send_to_verifier("public_input_size", num_public_inputs); - transcript.send_to_verifier("pub_inputs_offset", static_cast(instance->pub_inputs_offset)); + transcript->send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("public_input_size", num_public_inputs); + transcript->send_to_verifier("pub_inputs_offset", static_cast(instance->pub_inputs_offset)); for (size_t i = 0; i < proving_key->num_public_inputs; ++i) { auto public_input_i = instance->public_inputs[i]; - transcript.send_to_verifier("public_input_" + std::to_string(i), public_input_i); + transcript->send_to_verifier("public_input_" + std::to_string(i), public_input_i); } } @@ -50,7 +67,7 @@ template void UltraProver_::execute_wire_commitment auto wire_polys = instance->proving_key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < 3; ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } if constexpr (IsGoblinFlavor) { @@ -58,13 +75,13 @@ template void UltraProver_::execute_wire_commitment auto op_wire_polys = instance->proving_key->get_ecc_op_wires(); auto labels = commitment_labels.get_ecc_op_wires(); for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(op_wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(op_wire_polys[idx])); } // Commit to DataBus columns - transcript.send_to_verifier(commitment_labels.calldata, - commitment_key->commit(instance->proving_key->calldata)); - transcript.send_to_verifier(commitment_labels.calldata_read_counts, - commitment_key->commit(instance->proving_key->calldata_read_counts)); + transcript->send_to_verifier(commitment_labels.calldata, + commitment_key->commit(instance->proving_key->calldata)); + transcript->send_to_verifier(commitment_labels.calldata_read_counts, + commitment_key->commit(instance->proving_key->calldata_read_counts)); } } @@ -74,7 +91,7 @@ template void UltraProver_::execute_wire_commitment */ template void UltraProver_::execute_sorted_list_accumulator_round() { - auto eta = transcript.get_challenge("eta"); + auto eta = transcript->get_challenge("eta"); instance->compute_sorted_accumulator_polynomials(eta); @@ -82,8 +99,8 @@ template void UltraProver_::execute_sorted_list_acc // polynomial auto sorted_accum_commitment = commitment_key->commit(instance->proving_key->sorted_accum); auto w_4_commitment = commitment_key->commit(instance->proving_key->w_4); - transcript.send_to_verifier(commitment_labels.sorted_accum, sorted_accum_commitment); - transcript.send_to_verifier(commitment_labels.w_4, w_4_commitment); + transcript->send_to_verifier(commitment_labels.sorted_accum, sorted_accum_commitment); + transcript->send_to_verifier(commitment_labels.w_4, w_4_commitment); } /** @@ -93,7 +110,7 @@ template void UltraProver_::execute_sorted_list_acc template void UltraProver_::execute_log_derivative_inverse_round() { // Compute and store challenges beta and gamma - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = transcript->get_challenges("beta", "gamma"); relation_parameters.beta = beta; relation_parameters.gamma = gamma; @@ -101,7 +118,7 @@ template void UltraProver_::execute_log_derivative_ instance->compute_logderivative_inverse(beta, gamma); auto lookup_inverses_commitment = commitment_key->commit(instance->proving_key->lookup_inverses); - transcript.send_to_verifier(commitment_labels.lookup_inverses, lookup_inverses_commitment); + transcript->send_to_verifier(commitment_labels.lookup_inverses, lookup_inverses_commitment); } } @@ -116,8 +133,8 @@ template void UltraProver_::execute_grand_product_c auto z_perm_commitment = commitment_key->commit(instance->proving_key->z_perm); auto z_lookup_commitment = commitment_key->commit(instance->proving_key->z_lookup); - transcript.send_to_verifier(commitment_labels.z_perm, z_perm_commitment); - transcript.send_to_verifier(commitment_labels.z_lookup, z_lookup_commitment); + transcript->send_to_verifier(commitment_labels.z_perm, z_perm_commitment); + transcript->send_to_verifier(commitment_labels.z_lookup, z_lookup_commitment); } /** @@ -129,7 +146,7 @@ template void UltraProver_::execute_relation_check_ using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(instance->proving_key->circuit_size, transcript); - instance->alpha = transcript.get_challenge("alpha"); + instance->alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(instance); } @@ -151,13 +168,13 @@ template void UltraProver_::execute_zeromorph_round template plonk::proof& UltraProver_::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } template plonk::proof& UltraProver_::construct_proof() { - // Add circuit size public input size and public inputs to transcript. + // Add circuit size public input size and public inputs to transcript-> execute_preamble_round(); // Compute first three wire commitments diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index fe50c8e0c805..8a0ea58e875a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -20,10 +20,12 @@ template class UltraProver_ { using CommitmentLabels = typename Flavor::CommitmentLabels; using Curve = typename Flavor::Curve; using Instance = ProverInstance_; - using Transcript = typename Flavor::Transcript; + using Transcript = BaseTranscript; + // using Transcript = typename Flavor::Transcript; public: explicit UltraProver_(std::shared_ptr); + explicit UltraProver_(std::shared_ptr, std::shared_ptr); BBERG_PROFILE void execute_preamble_round(); BBERG_PROFILE void execute_wire_commitments_round(); BBERG_PROFILE void execute_sorted_list_accumulator_round(); @@ -35,7 +37,9 @@ template class UltraProver_ { plonk::proof& export_proof(); plonk::proof& construct_proof(); - Transcript transcript; + std::shared_ptr instance; + + std::shared_ptr transcript; std::vector public_inputs; size_t pub_inputs_offset; @@ -46,8 +50,6 @@ template class UltraProver_ { Polynomial quotient_W; - std::shared_ptr instance; - sumcheck::SumcheckOutput sumcheck_output; std::shared_ptr commitment_key; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 35e9539be197..a4e2d3dc0b2d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -9,8 +9,10 @@ using namespace proof_system::honk::sumcheck; namespace proof_system::honk { template -UltraVerifier_::UltraVerifier_(std::shared_ptr verifier_key) +UltraVerifier_::UltraVerifier_(std::shared_ptr transcript, + std::shared_ptr verifier_key) : key(verifier_key) + , transcript(transcript) {} template @@ -42,15 +44,15 @@ template bool UltraVerifier_::verify_proof(const plonk proof_system::RelationParameters relation_parameters; - transcript = BaseTranscript{ proof.proof_data }; + transcript->load_proof(proof.proof_data); auto commitments = VerifierCommitments(key, transcript); auto commitment_labels = CommitmentLabels(); // TODO(Adrian): Change the initialization of the transcript to take the VK hash? - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); - const auto public_input_size = transcript.template receive_from_prover("public_input_size"); - const auto pub_inputs_offset = transcript.template receive_from_prover("pub_inputs_offset"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); + const auto public_input_size = transcript->template receive_from_prover("public_input_size"); + const auto pub_inputs_offset = transcript->template receive_from_prover("pub_inputs_offset"); if (circuit_size != key->circuit_size) { return false; @@ -61,45 +63,45 @@ template bool UltraVerifier_::verify_proof(const plonk std::vector public_inputs; for (size_t i = 0; i < public_input_size; ++i) { - auto public_input_i = transcript.template receive_from_prover("public_input_" + std::to_string(i)); + auto public_input_i = transcript->template receive_from_prover("public_input_" + std::to_string(i)); public_inputs.emplace_back(public_input_i); } // Get commitments to first three wire polynomials - commitments.w_l = transcript.template receive_from_prover(commitment_labels.w_l); - commitments.w_r = transcript.template receive_from_prover(commitment_labels.w_r); - commitments.w_o = transcript.template receive_from_prover(commitment_labels.w_o); + commitments.w_l = transcript->template receive_from_prover(commitment_labels.w_l); + commitments.w_r = transcript->template receive_from_prover(commitment_labels.w_r); + commitments.w_o = transcript->template receive_from_prover(commitment_labels.w_o); // If Goblin, get commitments to ECC op wire polynomials and DataBus columns if constexpr (IsGoblinFlavor) { commitments.ecc_op_wire_1 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_1); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_1); commitments.ecc_op_wire_2 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_2); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_2); commitments.ecc_op_wire_3 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_3); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_3); commitments.ecc_op_wire_4 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_4); - commitments.calldata = transcript.template receive_from_prover(commitment_labels.calldata); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_4); + commitments.calldata = transcript->template receive_from_prover(commitment_labels.calldata); commitments.calldata_read_counts = - transcript.template receive_from_prover(commitment_labels.calldata_read_counts); + transcript->template receive_from_prover(commitment_labels.calldata_read_counts); } // Get challenge for sorted list batching and wire four memory records - auto eta = transcript.get_challenge("eta"); + auto eta = transcript->get_challenge("eta"); relation_parameters.eta = eta; // Get commitments to sorted list accumulator and fourth wire - commitments.sorted_accum = transcript.template receive_from_prover(commitment_labels.sorted_accum); - commitments.w_4 = transcript.template receive_from_prover(commitment_labels.w_4); + commitments.sorted_accum = transcript->template receive_from_prover(commitment_labels.sorted_accum); + commitments.w_4 = transcript->template receive_from_prover(commitment_labels.w_4); // Get permutation challenges - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = transcript->get_challenges("beta", "gamma"); // If Goblin (i.e. using DataBus) receive commitments to log-deriv inverses polynomial if constexpr (IsGoblinFlavor) { commitments.lookup_inverses = - transcript.template receive_from_prover(commitment_labels.lookup_inverses); + transcript->template receive_from_prover(commitment_labels.lookup_inverses); } const FF public_input_delta = @@ -112,12 +114,12 @@ template bool UltraVerifier_::verify_proof(const plonk relation_parameters.lookup_grand_product_delta = lookup_grand_product_delta; // Get commitment to permutation and lookup grand products - commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); - commitments.z_lookup = transcript.template receive_from_prover(commitment_labels.z_lookup); + commitments.z_perm = transcript->template receive_from_prover(commitment_labels.z_perm); + commitments.z_lookup = transcript->template receive_from_prover(commitment_labels.z_lookup); // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); @@ -137,6 +139,7 @@ template bool UltraVerifier_::verify_proof(const plonk auto verified = pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]); + info("ultra verified: ", verified); return sumcheck_verified.value() && verified; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index ecf6541d0c88..bf854a4fdb2f 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -12,7 +12,8 @@ template class UltraVerifier_ { using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; public: - explicit UltraVerifier_(std::shared_ptr verifier_key = nullptr); + explicit UltraVerifier_(std::shared_ptr transcript, + std::shared_ptr verifier_key = nullptr); UltraVerifier_(UltraVerifier_&& other); UltraVerifier_& operator=(const UltraVerifier_& other) = delete; @@ -23,7 +24,7 @@ template class UltraVerifier_ { std::shared_ptr key; std::map commitments; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + std::shared_ptr transcript; }; extern template class UltraVerifier_;