diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp index 4dbdf3bc178..d1957a6d4ff 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp @@ -135,21 +135,20 @@ template class GoblinRecursiveVerifierTest : public testi InnerComposer inner_composer; auto instance = inner_composer.create_instance(inner_circuit); auto prover = inner_composer.create_prover(instance); // A prerequisite for computing VK - const auto native_verification_key = instance->compute_verification_key(); // Instantiate the recursive verification key from the native verification key OuterBuilder outer_circuit; - auto verification_key = std::make_shared(&outer_circuit, native_verification_key); + auto verification_key = std::make_shared(&outer_circuit, instance->verification_key); // Spot check some values in the recursive VK to ensure it was constructed correctly - EXPECT_EQ(verification_key->circuit_size, native_verification_key->circuit_size); - EXPECT_EQ(verification_key->log_circuit_size, native_verification_key->log_circuit_size); - EXPECT_EQ(verification_key->num_public_inputs, native_verification_key->num_public_inputs); - EXPECT_EQ(verification_key->q_m.get_value(), native_verification_key->q_m); - EXPECT_EQ(verification_key->q_r.get_value(), native_verification_key->q_r); - EXPECT_EQ(verification_key->sigma_1.get_value(), native_verification_key->sigma_1); - EXPECT_EQ(verification_key->id_3.get_value(), native_verification_key->id_3); - EXPECT_EQ(verification_key->lagrange_ecc_op.get_value(), native_verification_key->lagrange_ecc_op); + EXPECT_EQ(verification_key->circuit_size, instance->verification_key->circuit_size); + EXPECT_EQ(verification_key->log_circuit_size, instance->verification_key->log_circuit_size); + EXPECT_EQ(verification_key->num_public_inputs, instance->verification_key->num_public_inputs); + EXPECT_EQ(verification_key->q_m.get_value(), instance->verification_key->q_m); + EXPECT_EQ(verification_key->q_r.get_value(), instance->verification_key->q_r); + EXPECT_EQ(verification_key->sigma_1.get_value(), instance->verification_key->sigma_1); + EXPECT_EQ(verification_key->id_3.get_value(), instance->verification_key->id_3); + EXPECT_EQ(verification_key->lagrange_ecc_op.get_value(), instance->verification_key->lagrange_ecc_op); } /** @@ -166,11 +165,10 @@ template class GoblinRecursiveVerifierTest : public testi auto instance = inner_composer.create_instance(inner_circuit); auto inner_prover = inner_composer.create_prover(instance); auto inner_proof = inner_prover.construct_proof(); - const auto native_verification_key = instance->compute_verification_key(); // Create a recursive verification circuit for the proof of the inner circuit OuterBuilder outer_circuit; - auto verification_key = std::make_shared(&outer_circuit, native_verification_key); + auto verification_key = std::make_shared(&outer_circuit, instance->verification_key); RecursiveVerifier verifier(&outer_circuit, verification_key); auto pairing_points = verifier.verify_proof(inner_proof); @@ -213,7 +211,6 @@ template class GoblinRecursiveVerifierTest : public testi auto instance = inner_composer.create_instance(inner_circuit); auto inner_prover = inner_composer.create_prover(instance); auto inner_proof = inner_prover.construct_proof(); - const auto native_verification_key = instance->compute_verification_key(); // Arbitrarily tamper with the proof to be verified inner_prover.transcript.deserialize_full_transcript(); @@ -223,7 +220,7 @@ template class GoblinRecursiveVerifierTest : public testi // Create a recursive verification circuit for the proof of the inner circuit OuterBuilder outer_circuit; - auto verification_key = std::make_shared(&outer_circuit, native_verification_key); + auto verification_key = std::make_shared(&outer_circuit, instance->verification_key); RecursiveVerifier verifier(&outer_circuit, verification_key); verifier.verify_proof(inner_proof); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp index 29c5b9bd639..0852c45cc70 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp @@ -120,19 +120,18 @@ template class RecursiveVerifierTest : public testing::Te InnerComposer inner_composer; auto instance = inner_composer.create_instance(inner_circuit); auto prover = inner_composer.create_prover(instance); // A prerequisite for computing VK - const auto native_verification_key = instance->compute_verification_key(); // Instantiate the recursive verification key from the native verification key - auto verification_key = std::make_shared(&outer_circuit, native_verification_key); + auto verification_key = std::make_shared(&outer_circuit, instance->verification_key); // Spot check some values in the recursive VK to ensure it was constructed correctly - EXPECT_EQ(verification_key->circuit_size, native_verification_key->circuit_size); - EXPECT_EQ(verification_key->log_circuit_size, native_verification_key->log_circuit_size); - EXPECT_EQ(verification_key->num_public_inputs, native_verification_key->num_public_inputs); - EXPECT_EQ(verification_key->q_m.get_value(), native_verification_key->q_m); - EXPECT_EQ(verification_key->q_r.get_value(), native_verification_key->q_r); - EXPECT_EQ(verification_key->sigma_1.get_value(), native_verification_key->sigma_1); - EXPECT_EQ(verification_key->id_3.get_value(), native_verification_key->id_3); + EXPECT_EQ(verification_key->circuit_size, instance->verification_key->circuit_size); + EXPECT_EQ(verification_key->log_circuit_size, instance->verification_key->log_circuit_size); + EXPECT_EQ(verification_key->num_public_inputs, instance->verification_key->num_public_inputs); + EXPECT_EQ(verification_key->q_m.get_value(), instance->verification_key->q_m); + EXPECT_EQ(verification_key->q_r.get_value(), instance->verification_key->q_r); + EXPECT_EQ(verification_key->sigma_1.get_value(), instance->verification_key->sigma_1); + EXPECT_EQ(verification_key->id_3.get_value(), instance->verification_key->id_3); } /** @@ -150,11 +149,10 @@ template class RecursiveVerifierTest : public testing::Te auto instance = inner_composer.create_instance(inner_circuit); auto inner_prover = inner_composer.create_prover(instance); auto inner_proof = inner_prover.construct_proof(); - const auto native_verification_key = instance->compute_verification_key(); // Create a recursive verification circuit for the proof of the inner circuit OuterBuilder outer_circuit; - auto verification_key = std::make_shared(&outer_circuit, native_verification_key); + auto verification_key = std::make_shared(&outer_circuit, instance->verification_key); RecursiveVerifier verifier(&outer_circuit, verification_key); auto pairing_points = verifier.verify_proof(inner_proof); @@ -198,7 +196,6 @@ template class RecursiveVerifierTest : public testing::Te auto instance = inner_composer.create_instance(inner_circuit); auto inner_prover = inner_composer.create_prover(instance); auto inner_proof = inner_prover.construct_proof(); - const auto native_verification_key = instance->compute_verification_key(); // Arbitrarily tamper with the proof to be verified inner_prover.transcript.deserialize_full_transcript(); @@ -208,7 +205,7 @@ template class RecursiveVerifierTest : public testing::Te // Create a recursive verification circuit for the proof of the inner circuit OuterBuilder outer_circuit; - auto verification_key = std::make_shared(&outer_circuit, native_verification_key); + auto verification_key = std::make_shared(&outer_circuit, instance->verification_key); RecursiveVerifier verifier(&outer_circuit, verification_key); verifier.verify_proof(inner_proof); diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp index 2dc18bb594e..41924b71875 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp @@ -353,28 +353,6 @@ template void ProverInstance_::initialize_prover_polynomi } } -/** - * @brief Commit to the wire polynomials (part of the witness), with the exception of the fourth wire, which is - * only commited to after adding memory records. In the Goblin Flavor, we also commit to the ECC OP wires and the - * DataBus columns - */ -template void ProverInstance_::compute_wire_commitments() -{ - witness_commitments.w_l = commitment_key->commit(proving_key->w_l); - witness_commitments.w_r = commitment_key->commit(proving_key->w_r); - witness_commitments.w_o = commitment_key->commit(proving_key->w_o); - - if constexpr (IsGoblinFlavor) { - witness_commitments.ecc_op_wire_1 = commitment_key->commit(proving_key->ecc_op_wire_1); - witness_commitments.ecc_op_wire_2 = commitment_key->commit(proving_key->ecc_op_wire_2); - witness_commitments.ecc_op_wire_3 = commitment_key->commit(proving_key->ecc_op_wire_3); - witness_commitments.ecc_op_wire_4 = commitment_key->commit(proving_key->ecc_op_wire_4); - - witness_commitments.calldata = commitment_key->commit(proving_key->calldata); - witness_commitments.calldata_read_counts = commitment_key->commit(proving_key->calldata_read_counts); - } -} - template void ProverInstance_::compute_sorted_accumulator_polynomials(FF eta) { relation_parameters.eta = eta; @@ -383,14 +361,10 @@ template void ProverInstance_::compute_sorted_accumulator prover_polynomials.sorted_accum = proving_key->sorted_accum; prover_polynomials.sorted_accum_shift = proving_key->sorted_accum.shifted(); - witness_commitments.sorted_accum = commitment_key->commit(prover_polynomials.sorted_accum); - // Finalize fourth wire polynomial by adding lookup memory records add_plookup_memory_records_to_wire_4(eta); prover_polynomials.w_4 = proving_key->w_4; prover_polynomials.w_4_shift = proving_key->w_4.shifted(); - - witness_commitments.w_4 = commitment_key->commit(prover_polynomials.w_4); } /** @@ -479,8 +453,6 @@ void ProverInstance_::compute_logderivative_inverse(FF beta, FF gamma) // Compute permutation and lookup grand product polynomials lookup_library::compute_logderivative_inverse( prover_polynomials, relation_parameters, proving_key->circuit_size); - - witness_commitments.lookup_inverses = commitment_key->commit(prover_polynomials.lookup_inverses); } template void ProverInstance_::compute_grand_product_polynomials(FF beta, FF gamma) @@ -497,63 +469,6 @@ template void ProverInstance_::compute_grand_product_poly // Compute permutation and lookup grand product polynomials grand_product_library::compute_grand_products(proving_key, prover_polynomials, relation_parameters); - - witness_commitments.z_perm = commitment_key->commit(prover_polynomials.z_perm); - witness_commitments.z_lookup = commitment_key->commit(prover_polynomials.z_lookup); -} - -/** - * Compute verification key consisting of selector precommitments. - * - * @return Pointer to the resulting verification key of the Instance. - * */ -template -std::shared_ptr ProverInstance_::compute_verification_key() -{ - if (verification_key) { - return verification_key; - } - - verification_key = - std::make_shared(proving_key->circuit_size, proving_key->num_public_inputs); - - // Compute and store commitments to all precomputed polynomials - verification_key->q_m = commitment_key->commit(proving_key->q_m); - verification_key->q_l = commitment_key->commit(proving_key->q_l); - verification_key->q_r = commitment_key->commit(proving_key->q_r); - verification_key->q_o = commitment_key->commit(proving_key->q_o); - verification_key->q_c = commitment_key->commit(proving_key->q_c); - verification_key->sigma_1 = commitment_key->commit(proving_key->sigma_1); - verification_key->sigma_2 = commitment_key->commit(proving_key->sigma_2); - verification_key->sigma_3 = commitment_key->commit(proving_key->sigma_3); - verification_key->id_1 = commitment_key->commit(proving_key->id_1); - verification_key->id_2 = commitment_key->commit(proving_key->id_2); - verification_key->id_3 = commitment_key->commit(proving_key->id_3); - verification_key->lagrange_first = commitment_key->commit(proving_key->lagrange_first); - verification_key->lagrange_last = commitment_key->commit(proving_key->lagrange_last); - - verification_key->q_4 = commitment_key->commit(proving_key->q_4); - verification_key->q_arith = commitment_key->commit(proving_key->q_arith); - verification_key->q_sort = commitment_key->commit(proving_key->q_sort); - verification_key->q_elliptic = commitment_key->commit(proving_key->q_elliptic); - verification_key->q_aux = commitment_key->commit(proving_key->q_aux); - verification_key->q_lookup = commitment_key->commit(proving_key->q_lookup); - verification_key->sigma_4 = commitment_key->commit(proving_key->sigma_4); - verification_key->id_4 = commitment_key->commit(proving_key->id_4); - verification_key->table_1 = commitment_key->commit(proving_key->table_1); - verification_key->table_2 = commitment_key->commit(proving_key->table_2); - verification_key->table_3 = commitment_key->commit(proving_key->table_3); - verification_key->table_4 = commitment_key->commit(proving_key->table_4); - - // TODO(luke): Similar to the lagrange_first/last polynomials, we dont really need to commit to these polynomials - // due to their simple structure. - if constexpr (IsGoblinFlavor) { - verification_key->lagrange_ecc_op = commitment_key->commit(proving_key->lagrange_ecc_op); - verification_key->q_busread = commitment_key->commit(proving_key->q_busread); - verification_key->databus_id = commitment_key->commit(proving_key->databus_id); - } - - return verification_key; } template class ProverInstance_; diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp index 758ddcc085a..251448bd497 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp @@ -32,7 +32,6 @@ template class ProverInstance_ { public: std::shared_ptr proving_key; std::shared_ptr verification_key; - std::shared_ptr commitment_key; ProverPolynomials prover_polynomials; WitnessCommitments witness_commitments; @@ -68,8 +67,6 @@ template class ProverInstance_ { ProverInstance_() = default; ~ProverInstance_() = default; - std::shared_ptr compute_verification_key(); - void initialize_prover_polynomials(); void compute_wire_commitments(); diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp index 20c8fbd394e..6fb7eeab3ed 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp @@ -60,14 +60,7 @@ template class InstanceTests : public testing::Test { // Get random challenge eta auto eta = FF::random_element(); - // Construct mock sorted list polynomials. - std::vector sorted_lists; auto sorted_list_polynomials = instance.sorted_polynomials; - for (auto& sorted_list_poly : sorted_list_polynomials) { - Polynomial random_polynomial = get_random_polynomial(instance.proving_key->circuit_size); - sorted_lists.emplace_back(random_polynomial); - populate_span(sorted_list_poly, random_polynomial); - } // Method 1: computed sorted list accumulator polynomial using prover library method instance.compute_sorted_list_accumulator(eta); @@ -78,10 +71,11 @@ template class InstanceTests : public testing::Test { const FF eta_cube = eta_sqr * eta; // Compute s = s_1 + η*s_2 + η²*s_3 + η³*s_4 - Polynomial sorted_list_accumulator_expected{ sorted_lists[0] }; + Polynomial sorted_list_accumulator_expected{ sorted_list_polynomials[0] }; for (size_t i = 0; i < instance.proving_key->circuit_size; ++i) { - sorted_list_accumulator_expected[i] += - sorted_lists[1][i] * eta + sorted_lists[2][i] * eta_sqr + sorted_lists[3][i] * eta_cube; + sorted_list_accumulator_expected[i] += sorted_list_polynomials[1][i] * eta + + sorted_list_polynomials[2][i] * eta_sqr + + sorted_list_polynomials[3][i] * eta_cube; } EXPECT_EQ(sorted_list_accumulator, sorted_list_accumulator_expected); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp index ff8cf11b869..8bb986cce27 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp @@ -6,20 +6,81 @@ namespace proof_system::honk { +/** + * Compute verification key consisting of selector precommitments. + * + * @return Pointer to the resulting verification key of the Instance. + * */ +template +void UltraComposer_::compute_verification_key(std::shared_ptr> instance) +{ + if (instance->verification_key) { + return; + } + + auto& proving_key = instance->proving_key; + + auto verification_key = + std::make_shared(proving_key->circuit_size, proving_key->num_public_inputs); + + // Compute and store commitments to all precomputed polynomials + verification_key->q_m = commitment_key->commit(proving_key->q_m); + verification_key->q_l = commitment_key->commit(proving_key->q_l); + verification_key->q_r = commitment_key->commit(proving_key->q_r); + verification_key->q_o = commitment_key->commit(proving_key->q_o); + verification_key->q_c = commitment_key->commit(proving_key->q_c); + verification_key->sigma_1 = commitment_key->commit(proving_key->sigma_1); + verification_key->sigma_2 = commitment_key->commit(proving_key->sigma_2); + verification_key->sigma_3 = commitment_key->commit(proving_key->sigma_3); + verification_key->id_1 = commitment_key->commit(proving_key->id_1); + verification_key->id_2 = commitment_key->commit(proving_key->id_2); + verification_key->id_3 = commitment_key->commit(proving_key->id_3); + verification_key->lagrange_first = commitment_key->commit(proving_key->lagrange_first); + verification_key->lagrange_last = commitment_key->commit(proving_key->lagrange_last); + + verification_key->q_4 = commitment_key->commit(proving_key->q_4); + verification_key->q_arith = commitment_key->commit(proving_key->q_arith); + verification_key->q_sort = commitment_key->commit(proving_key->q_sort); + verification_key->q_elliptic = commitment_key->commit(proving_key->q_elliptic); + verification_key->q_aux = commitment_key->commit(proving_key->q_aux); + verification_key->q_lookup = commitment_key->commit(proving_key->q_lookup); + verification_key->sigma_4 = commitment_key->commit(proving_key->sigma_4); + verification_key->id_4 = commitment_key->commit(proving_key->id_4); + verification_key->table_1 = commitment_key->commit(proving_key->table_1); + verification_key->table_2 = commitment_key->commit(proving_key->table_2); + verification_key->table_3 = commitment_key->commit(proving_key->table_3); + verification_key->table_4 = commitment_key->commit(proving_key->table_4); + + // TODO(luke): Similar to the lagrange_first/last polynomials, we dont really need to commit to these polynomials + // due to their simple structure. + if constexpr (IsGoblinFlavor) { + verification_key->lagrange_ecc_op = commitment_key->commit(proving_key->lagrange_ecc_op); + verification_key->q_busread = commitment_key->commit(proving_key->q_busread); + verification_key->databus_id = commitment_key->commit(proving_key->databus_id); + } + + instance->verification_key = std::move(verification_key); +} + template std::shared_ptr> UltraComposer_::create_instance(CircuitBuilder& circuit) { circuit.add_gates_to_ensure_all_polys_are_non_zero(); circuit.finalize_circuit(); auto instance = std::make_shared(circuit); - instance->commitment_key = compute_commitment_key(instance->proving_key->circuit_size); + + if (!commitment_key) { + commitment_key = compute_commitment_key(instance->proving_key->circuit_size); + } + + compute_verification_key(instance); return instance; } template UltraProver_ UltraComposer_::create_prover(std::shared_ptr instance) { - UltraProver_ output_state(instance); + UltraProver_ output_state(instance, commitment_key); return output_state; } @@ -27,9 +88,9 @@ UltraProver_ UltraComposer_::create_prover(std::shared_ptr UltraVerifier_ UltraComposer_::create_verifier(std::shared_ptr instance) { - auto verification_key = instance->compute_verification_key(); - UltraVerifier_ output_state(verification_key); - auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); + UltraVerifier_ output_state(instance->verification_key); + auto pcs_verification_key = + std::make_unique(instance->verification_key->circuit_size, crs_factory_); output_state.pcs_verification_key = std::move(pcs_verification_key); return output_state; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index 3cd04b03ff1..33840e32bc7 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -29,8 +29,6 @@ template class UltraComposer_ { static constexpr size_t num_zero_rows = Flavor::has_zero_row ? 1 : 0; static constexpr std::string_view NAME_STRING = "UltraHonk"; static constexpr size_t NUM_WIRES = CircuitBuilder::NUM_WIRES; - std::shared_ptr proving_key; - std::shared_ptr verification_key; // The crs_factory holds the path to the srs and exposes methods to extract the srs elements std::shared_ptr> crs_factory_; @@ -43,11 +41,6 @@ template class UltraComposer_ { : crs_factory_(std::move(crs_factory)) {} - UltraComposer_(std::shared_ptr p_key, std::shared_ptr v_key) - : proving_key(std::move(p_key)) - , verification_key(std::move(v_key)) - {} - UltraComposer_(UltraComposer_&& other) noexcept = default; UltraComposer_(UltraComposer_ const& other) noexcept = default; UltraComposer_& operator=(UltraComposer_&& other) noexcept = default; @@ -104,13 +97,21 @@ template class UltraComposer_ { { std::vector> vks; for (const auto& inst : instances) { - vks.emplace_back(inst->compute_verification_key()); + vks.emplace_back(inst->verification_key); } VerifierInstances insts(vks); ProtoGalaxyVerifier_ output_state(insts); return output_state; }; + + private: + /** + * @brief Compute the verification key of an Instance, produced from a finalised circuit. + * + * @param inst + */ + void compute_verification_key(std::shared_ptr); }; extern template class UltraComposer_; extern template class UltraComposer_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index 5aa5f351cec..70d3e464566 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -12,9 +12,9 @@ namespace proof_system::honk { * @tparam a type of UltraFlavor * */ template -UltraProver_::UltraProver_(std::shared_ptr inst) +UltraProver_::UltraProver_(std::shared_ptr inst, std::shared_ptr commitment_key) : instance(std::move(inst)) - , commitment_key(instance->commitment_key) + , commitment_key(commitment_key) { instance->initialize_prover_polynomials(); } @@ -40,26 +40,43 @@ template void UltraProver_::execute_preamble_round( } /** - * @brief Compute commitments to the first three wire polynomials (and ECC op wires if using Goblin). - * + * @brief Commit to the wire polynomials (part of the witness), with the exception of the fourth wire, which is + * only commited to after adding memory records. In the Goblin Flavor, we also commit to the ECC OP wires and the + * DataBus columns. */ template void UltraProver_::execute_wire_commitments_round() { - instance->compute_wire_commitments(); + auto& witness_commitments = instance->witness_commitments; + auto& proving_key = instance->proving_key; + + // Commit to the first three wire polynomials + // We only commit to the fourth wire polynomial after adding memory recordss + witness_commitments.w_l = commitment_key->commit(proving_key->w_l); + witness_commitments.w_r = commitment_key->commit(proving_key->w_r); + witness_commitments.w_o = commitment_key->commit(proving_key->w_o); - auto wire_comms = instance->witness_commitments.get_wires(); + auto wire_comms = witness_commitments.get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < 3; ++idx) { transcript.send_to_verifier(labels[idx], wire_comms[idx]); } if constexpr (IsGoblinFlavor) { + // Commit to Goblin ECC op wires + witness_commitments.ecc_op_wire_1 = commitment_key->commit(proving_key->ecc_op_wire_1); + witness_commitments.ecc_op_wire_2 = commitment_key->commit(proving_key->ecc_op_wire_2); + witness_commitments.ecc_op_wire_3 = commitment_key->commit(proving_key->ecc_op_wire_3); + witness_commitments.ecc_op_wire_4 = commitment_key->commit(proving_key->ecc_op_wire_4); + auto op_wire_comms = instance->witness_commitments.get_ecc_op_wires(); auto labels = commitment_labels.get_ecc_op_wires(); for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { transcript.send_to_verifier(labels[idx], op_wire_comms[idx]); } + // Commit to DataBus columns + witness_commitments.calldata = commitment_key->commit(proving_key->calldata); + witness_commitments.calldata_read_counts = commitment_key->commit(proving_key->calldata_read_counts); transcript.send_to_verifier(commitment_labels.calldata, instance->witness_commitments.calldata); transcript.send_to_verifier(commitment_labels.calldata_read_counts, instance->witness_commitments.calldata_read_counts); @@ -76,6 +93,12 @@ template void UltraProver_::execute_sorted_list_acc instance->compute_sorted_accumulator_polynomials(eta); + auto& witness_commitments = instance->witness_commitments; + // Commit to the sorted withness-table accumulator and the finalized (i.e. with memory records) fourth wire + // polynomial + witness_commitments.sorted_accum = commitment_key->commit(instance->prover_polynomials.sorted_accum); + witness_commitments.w_4 = commitment_key->commit(instance->prover_polynomials.w_4); + transcript.send_to_verifier(commitment_labels.sorted_accum, instance->witness_commitments.sorted_accum); transcript.send_to_verifier(commitment_labels.w_4, instance->witness_commitments.w_4); } @@ -93,6 +116,8 @@ template void UltraProver_::execute_log_derivative_ if constexpr (IsGoblinFlavor) { instance->compute_logderivative_inverse(beta, gamma); + instance->witness_commitments.lookup_inverses = + commitment_key->commit(instance->prover_polynomials.lookup_inverses); transcript.send_to_verifier(commitment_labels.lookup_inverses, instance->witness_commitments.lookup_inverses); } } @@ -106,6 +131,9 @@ template void UltraProver_::execute_grand_product_c instance->compute_grand_product_polynomials(relation_parameters.beta, relation_parameters.gamma); + auto& witness_commitments = instance->witness_commitments; + witness_commitments.z_perm = commitment_key->commit(instance->prover_polynomials.z_perm); + witness_commitments.z_lookup = commitment_key->commit(instance->prover_polynomials.z_lookup); transcript.send_to_verifier(commitment_labels.z_perm, instance->witness_commitments.z_perm); transcript.send_to_verifier(commitment_labels.z_lookup, instance->witness_commitments.z_lookup); } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index fe50c8e0c80..9d660067229 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -23,7 +23,7 @@ template class UltraProver_ { using Transcript = typename Flavor::Transcript; public: - explicit UltraProver_(std::shared_ptr); + explicit UltraProver_(std::shared_ptr, std::shared_ptr); BBERG_PROFILE void execute_preamble_round(); BBERG_PROFILE void execute_wire_commitments_round(); BBERG_PROFILE void execute_sorted_list_accumulator_round();