diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp index 203ebb523e2..602cfe2fa78 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp @@ -25,7 +25,7 @@ template class GeminiTest : public CommitmentTest { std::vector multilinear_commitments, std::vector multilinear_commitments_to_be_shifted) { - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); const Fr rho = Fr::random_element(); @@ -79,7 +79,7 @@ template class GeminiTest : public CommitmentTest { // Check that the Fold polynomials have been evaluated correctly in the prover this->verify_batch_opening_pair(prover_output.opening_pairs, prover_output.witnesses); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Compute: // - Single opening pair: {r, \hat{a}_0} diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 7a46a3eb71e..758d21d805b 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -35,7 +35,7 @@ template class IPA { static void compute_opening_proof(std::shared_ptr ck, const OpeningPair& opening_pair, const Polynomial& polynomial, - BaseTranscript& transcript) + BaseTranscript& transcript) { ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero"); auto poly_degree = static_cast(polynomial.size()); @@ -134,7 +134,7 @@ template class IPA { * * @return true/false depending on if the proof verifies */ - static bool verify(std::shared_ptr vk, const OpeningClaim& opening_claim, BaseTranscript& transcript) + static bool verify(std::shared_ptr vk, const OpeningClaim& opening_claim, BaseTranscript& transcript) { auto poly_degree = static_cast(transcript.template receive_from_prover("IPA:poly_degree")); Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge"); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp index 7527aa2a1eb..315374defab 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp @@ -70,11 +70,11 @@ TEST_F(IPATest, Open) const OpeningClaim opening_claim{ opening_pair, commitment }; // initialize empty prover transcript - BaseTranscript prover_transcript; + BaseTranscript prover_transcript; IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript); // initialize verifier transcript from proof data - BaseTranscript verifier_transcript{ prover_transcript.proof_data }; + BaseTranscript verifier_transcript{ prover_transcript.proof_data }; auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript); EXPECT_TRUE(result); @@ -129,7 +129,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift) batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1]; batched_commitment_to_be_shifted = commitment2 * rhos[2]; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); auto gemini_polynomials = GeminiProver::compute_gemini_polynomials( mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted)); @@ -162,7 +162,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift) IPA::compute_opening_proof(this->ck(), shplonk_opening_pair, shplonk_witness, prover_transcript); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); auto gemini_verifier_claim = GeminiVerifier::reduce_verification(mle_opening_point, batched_evaluation, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp index f56018b2963..ca024515717 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp @@ -31,7 +31,7 @@ template class KZG { static void compute_opening_proof(std::shared_ptr ck, const OpeningPair& opening_pair, const Polynomial& polynomial, - BaseTranscript& prover_trancript) + BaseTranscript& prover_trancript) { Polynomial quotient(polynomial); quotient[0] -= opening_pair.evaluation; @@ -53,9 +53,7 @@ template class KZG { * - P₀ = C − v⋅[1]₁ + r⋅[x]₁ * - P₁ = [Q(x)]₁ */ - static bool verify(std::shared_ptr vk, - const OpeningClaim& claim, - BaseTranscript& verifier_transcript) + static bool verify(std::shared_ptr vk, const OpeningClaim& claim, BaseTranscript& verifier_transcript) { auto quotient_commitment = verifier_transcript.template receive_from_prover("KZG:W"); auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) + diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp index 9334ddaf482..f2f9f569b06 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp @@ -39,11 +39,11 @@ TYPED_TEST(KZGTest, single) auto opening_pair = OpeningPair{ challenge, evaluation }; auto opening_claim = OpeningClaim{ opening_pair, commitment }; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); KZG::compute_opening_proof(this->ck(), opening_pair, witness, prover_transcript); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); bool verified = KZG::verify(this->vk(), opening_claim, verifier_transcript); EXPECT_EQ(verified, true); @@ -109,7 +109,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift) batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1]; batched_commitment_to_be_shifted = commitment2 * rhos[2]; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); // Run the full prover PCS protocol: @@ -154,7 +154,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift) // Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation) - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Gemini verifier output: // - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1 diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp index 74cd152c21a..15cb7605b35 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp @@ -28,7 +28,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple) const size_t n = 16; - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); // Generate two random (unrelated) polynomials of two different sizes, as well as their evaluations at a (single but // different) random point and their commitments. @@ -64,7 +64,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple) opening_claims.emplace_back(OpeningClaim{ opening_pairs[0], commitment1 }); opening_claims.emplace_back(OpeningClaim{ opening_pairs[1], commitment2 }); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Execute the shplonk verifier functionality const auto verifier_claim = ShplonkVerifier::reduce_verification(this->vk(), opening_claims, verifier_transcript); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp index d90f94f96a9..1817a578440 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp @@ -2,6 +2,8 @@ #include "barretenberg/common/ref_vector.hpp" #include "barretenberg/common/zip_view.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/transcript/transcript.hpp" + namespace proof_system::honk::pcs::zeromorph { /** @@ -396,7 +398,7 @@ template class ZeroMorphProver_ { } // Get challenge y - auto y_challenge = transcript.get_challenge("ZM:y"); + FF y_challenge = transcript.get_challenge("ZM:y"); // Compute the batched, lifted-degree quotient \hat{q} auto batched_quotient = compute_batched_lifted_degree_quotient(quotients, y_challenge, N); @@ -406,7 +408,7 @@ template class ZeroMorphProver_ { transcript.send_to_verifier("ZM:C_q", q_commitment); // Get challenges x and z - auto [x_challenge, z_challenge] = transcript.get_challenges("ZM:x", "ZM:z"); + auto [x_challenge, z_challenge] = challenges_to_field_elements(transcript.get_challenges("ZM:x", "ZM:z")); // Compute degree check polynomial \zeta partially evaluated at x auto zeta_x = @@ -669,13 +671,13 @@ template class ZeroMorphVerifier_ { } // Challenge y - auto y_challenge = transcript.get_challenge("ZM:y"); + FF y_challenge = transcript.get_challenge("ZM:y"); // Receive commitment C_{q} auto C_q = transcript.template receive_from_prover("ZM:C_q"); // Challenges x, z - auto [x_challenge, z_challenge] = transcript.get_challenges("ZM:x", "ZM:z"); + auto [x_challenge, z_challenge] = challenges_to_field_elements(transcript.get_challenges("ZM:x", "ZM:z")); // Compute commitment C_{\zeta_x} auto C_zeta_x = compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp index 47fb203c64f..d884e1b046d 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp @@ -77,7 +77,7 @@ template class ZeroMorphTest : public CommitmentTest { } // Initialize an empty BaseTranscript - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); // Execute Prover protocol ZeroMorphProver::prove(f_polynomials, @@ -88,7 +88,7 @@ template class ZeroMorphTest : public CommitmentTest { this->commitment_key, prover_transcript); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Execute Verifier protocol auto pairing_points = ZeroMorphVerifier::verify( @@ -223,7 +223,7 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT } // Initialize an empty BaseTranscript - auto prover_transcript = BaseTranscript::prover_init_empty(); + auto prover_transcript = BaseTranscript::prover_init_empty(); std::vector> concatenated_polynomials_views; for (auto& poly : concatenated_polynomials) { @@ -248,7 +248,7 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT c_evaluations, to_vector_of_ref_vectors(concatenation_groups_views)); - auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); + auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript); // Execute Verifier protocol auto pairing_points = ZeroMorphVerifier::verify(f_commitments, // unshifted diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index f06aea8497b..fff8ec8c0fd 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -168,7 +168,8 @@ template void ECCVMProver_::execute_wire_commitment template void ECCVMProver_::execute_log_derivative_commitments_round() { // Compute and add beta to relation parameters - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); + // TODO(#583)(@zac-williamson): fix Transcript to be able to generate more than 2 challenges per round! oof. auto beta_sqr = beta * beta; relation_parameters.gamma = gamma; @@ -206,7 +207,7 @@ template void ECCVMProver_::execute_relation_check_ using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(key->circuit_size, transcript); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp index 8af4c20cca0..c0964b3be39 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp @@ -304,10 +304,11 @@ TYPED_TEST(ECCVMTranscriptTests, ChallengeGenerationTest) constexpr uint32_t random_val{ 17 }; // arbitrary transcript.send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = transcript.get_challenges("a", "b", "c"); + auto [a, b, c] = challenges_to_field_elements(transcript.get_challenges("a", "b", "c")); + ASSERT_NE(a, 0) << "Challenge a is 0"; - ASSERT_NE(b, 0) << "Challenge a is 0"; - ASSERT_NE(b, 0) << "Challenge a is 0"; + ASSERT_NE(b, 0) << "Challenge b is 0"; + ASSERT_NE(c, 0) << "Challenge c is 0"; } TYPED_TEST(ECCVMTranscriptTests, StructureTest) @@ -333,7 +334,7 @@ TYPED_TEST(ECCVMTranscriptTests, StructureTest) EXPECT_TRUE(verifier.verify_proof(prover.export_proof())); // we have changed nothing so proof is still valid typename Flavor::Commitment one_group_val = Flavor::Commitment::one(); - typename Flavor::FF rand_val = Flavor::FF::random_element(); + auto rand_val = Flavor::FF::random_element(); prover.transcript.transcript_Px_comm = one_group_val * rand_val; // choose random object to modify EXPECT_TRUE(verifier.verify_proof( prover.export_proof())); // we have not serialized it back to the proof so it should still be fine diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp index 01aea6e673a..3f61f75d571 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp @@ -142,7 +142,8 @@ template bool ECCVMVerifier_::verify_proof(const plonk commitments.lookup_read_counts_1 = receive_commitment(commitment_labels.lookup_read_counts_1); // Get challenge for sorted list batching and wire four memory records - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); + relation_parameters.gamma = gamma; auto beta_sqr = beta * beta; relation_parameters.beta = beta; @@ -158,7 +159,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); auto [multivariate_challenge, purported_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp b/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp index 0b938556ae5..a055891e8bd 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ecc_vm.hpp @@ -529,7 +529,7 @@ template class ECCVMBa public: VerifierCommitments(const std::shared_ptr& verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const BaseTranscript& transcript) { static_cast(transcript); Base::lagrange_first = verification_key->lagrange_first; @@ -542,7 +542,7 @@ template class ECCVMBa * @brief Derived class that defines proof structure for ECCVM proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: uint32_t circuit_size; Commitment transcript_add_comm; @@ -636,201 +636,200 @@ template class ECCVMBa Transcript() = default; Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; - circuit_size = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + circuit_size = + BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - transcript_add_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_mul_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_eq_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_collision_check_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_transition_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_pc_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_count_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_Px_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_Py_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z1zero_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_z2zero_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_op_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_x_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_msm_y_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_pc_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_point_transition_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_round_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_scalar_sum_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s1hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s1lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s2hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s2lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s3hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s3lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s4hi_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_s4lo_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_skew_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_dx_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_dy_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_tx_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_ty_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_transition_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_double_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_skew_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_pc_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_size_of_msm_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_count_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_round_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_add4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_x4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_y4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_collision_x4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_lambda4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice2_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice3_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - msm_slice4_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_accumulator_empty_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - transcript_reset_accumulator_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - precompute_select_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - lookup_read_counts_0_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - lookup_read_counts_1_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - lookup_inverses_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + transcript_add_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_mul_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_eq_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_collision_check_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_transition_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_pc_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_count_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_Px_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_Py_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z1_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z2_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z1zero_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_z2zero_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_op_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_x_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_msm_y_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_pc_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_point_transition_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_round_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_scalar_sum_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s1hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s1lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s2hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s2lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s3hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s3lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s4hi_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_s4lo_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_skew_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_dx_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_dy_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_tx_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_ty_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_transition_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_add_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_double_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_skew_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_accumulator_x_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_accumulator_y_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_pc_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_size_of_msm_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_count_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_round_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_add4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_x4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_y4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_collision_x1_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_collision_x2_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_collision_x3_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_collision_x4_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + msm_lambda1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_lambda2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_lambda3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_lambda4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice1_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice2_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice3_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + msm_slice4_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); + transcript_accumulator_empty_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + transcript_reset_accumulator_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + precompute_select_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + lookup_read_counts_0_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + lookup_read_counts_1_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + lookup_inverses_comm = BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read); + z_perm_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); for (size_t i = 0; i < log_n; ++i) { - sumcheck_univariates.emplace_back(BaseTranscript::template deserialize_from_buffer< + sumcheck_univariates.emplace_back(BaseTranscript::template deserialize_from_buffer< barretenberg::Univariate>( - BaseTranscript::proof_data, num_bytes_read)); + BaseTranscript::proof_data, num_bytes_read)); } - sumcheck_evaluations = - BaseTranscript::template deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read); + sumcheck_evaluations = BaseTranscript::template deserialize_from_buffer>( + BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n - 1; ++i) { - gemini_univariate_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); + gemini_univariate_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read)); } for (size_t i = 0; i < log_n; ++i) { - gemini_a_evals.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); + gemini_a_evals.emplace_back( + BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - shplonk_q_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + shplonk_q_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); if (std::is_same>::value) { - kzg_w_comm = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + kzg_w_comm = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); } else if (std::is_same>::value) { - ipa_poly_degree = BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read); + ipa_poly_degree = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, + num_bytes_read); auto log_poly_degree = static_cast(numeric::get_msb(ipa_poly_degree)); for (size_t i = 0; i < log_poly_degree; ++i) { - ipa_l_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); - ipa_r_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( - BaseTranscript::proof_data, num_bytes_read)); + ipa_l_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read)); + ipa_r_comms.emplace_back(BaseTranscript::template deserialize_from_buffer( + BaseTranscript::proof_data, num_bytes_read)); } - ipa_a_0_eval = BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, - num_bytes_read); + ipa_a_0_eval = + BaseTranscript::template deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); } else { throw_or_abort("Unsupported PCS"); } @@ -838,121 +837,111 @@ template class ECCVMBa void serialize_full_transcript() { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); + size_t old_proof_length = BaseTranscript::proof_data.size(); + BaseTranscript::proof_data.clear(); size_t log_n = numeric::get_msb(circuit_size); - BaseTranscript::template serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_add_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_mul_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_eq_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_collision_check_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_transition_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_pc_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_count_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_Px_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_Py_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z1zero_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_z2zero_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_op_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_accumulator_x_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_accumulator_y_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_x_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_msm_y_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_pc_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_point_transition_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_round_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_scalar_sum_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s1hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s1lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s2hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s2lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s3hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s3lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s4hi_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_s4lo_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_skew_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_dx_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_dy_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_tx_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_ty_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_transition_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_double_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_skew_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_accumulator_x_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_accumulator_y_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_pc_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_size_of_msm_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_count_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_round_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_add4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_x4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_y4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_collision_x4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_lambda4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice2_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice3_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(msm_slice4_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_accumulator_empty_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(transcript_reset_accumulator_comm, - BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(precompute_select_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(lookup_read_counts_0_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(lookup_read_counts_1_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(circuit_size, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_add_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_mul_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_eq_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_collision_check_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_transition_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_pc_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_count_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_Px_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_Py_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z1zero_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_z2zero_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_op_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_accumulator_x_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_accumulator_y_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_x_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_msm_y_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_pc_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_point_transition_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_round_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_scalar_sum_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s1hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s1lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s2hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s2lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s3hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s3lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s4hi_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_s4lo_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_skew_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_dx_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_dy_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_tx_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_ty_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_transition_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_double_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_skew_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_accumulator_x_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_accumulator_y_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_pc_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_size_of_msm_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_count_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_round_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_add4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_x4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_y4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_collision_x4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_lambda4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice2_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice3_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(msm_slice4_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_accumulator_empty_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(transcript_reset_accumulator_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(precompute_select_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(lookup_read_counts_0_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(lookup_read_counts_1_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - BaseTranscript::template serialize_to_buffer(sumcheck_univariates[i], - BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); } - BaseTranscript::template serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); for (size_t i = 0; i < log_n - 1; ++i) { - BaseTranscript::template serialize_to_buffer(gemini_univariate_comms[i], - BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(gemini_univariate_comms[i], BaseTranscript::proof_data); } for (size_t i = 0; i < log_n; ++i) { - BaseTranscript::template serialize_to_buffer(gemini_a_evals[i], BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(gemini_a_evals[i], BaseTranscript::proof_data); } - BaseTranscript::template serialize_to_buffer(shplonk_q_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(shplonk_q_comm, BaseTranscript::proof_data); if (std::is_same>::value) { - BaseTranscript::template serialize_to_buffer(kzg_w_comm, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(kzg_w_comm, BaseTranscript::proof_data); } else if (std::is_same>::value) { - BaseTranscript::template serialize_to_buffer(ipa_poly_degree, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_poly_degree, BaseTranscript::proof_data); auto log_poly_degree = static_cast(numeric::get_msb(ipa_poly_degree)); for (size_t i = 0; i < log_poly_degree; ++i) { - BaseTranscript::template serialize_to_buffer(ipa_l_comms[i], BaseTranscript::proof_data); - BaseTranscript::template serialize_to_buffer(ipa_r_comms[i], BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_l_comms[i], BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_r_comms[i], BaseTranscript::proof_data); } - BaseTranscript::template serialize_to_buffer(ipa_a_0_eval, BaseTranscript::proof_data); + BaseTranscript::template serialize_to_buffer(ipa_a_0_eval, BaseTranscript::proof_data); } - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); + ASSERT(BaseTranscript::proof_data.size() == old_proof_length); } }; }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp index d649a88f392..4290dffe497 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_translator.hpp @@ -1212,7 +1212,7 @@ class GoblinTranslator { class VerifierCommitments : public AllEntities { public: VerifierCommitments([[maybe_unused]] std::shared_ptr verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const BaseTranscript& transcript) { this->lagrange_first = verification_key->lagrange_first; this->lagrange_last = verification_key->lagrange_last; @@ -1225,7 +1225,7 @@ class GoblinTranslator { } }; - using Transcript = BaseTranscript; + using Transcript = BaseTranscript; }; } // namespace proof_system::honk::flavor diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp index 96cf254eb1d..aba9d98ce95 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp @@ -435,7 +435,7 @@ class GoblinUltra { class VerifierCommitments : public AllEntities { public: VerifierCommitments(std::shared_ptr verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const BaseTranscript& transcript) { static_cast(transcript); q_m = verification_key->q_m; @@ -479,7 +479,7 @@ class GoblinUltra { * @brief Derived class that defines proof structure for GoblinUltra proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: uint32_t circuit_size; uint32_t public_input_size; @@ -508,7 +508,7 @@ class GoblinUltra { Transcript() = default; Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} void deserialize_full_transcript() override diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp index 691e99fdda3..f3ce7853066 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp @@ -465,7 +465,7 @@ template class GoblinUltraRecursive_ { * functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: uint32_t circuit_size; uint32_t public_input_size; @@ -494,7 +494,7 @@ template class GoblinUltraRecursive_ { Transcript() = default; Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} /** * @brief Takes a FULL GoblinUltraRecursive proof and deserializes it into the public member @@ -506,42 +506,40 @@ template class GoblinUltraRecursive_ { { // take current proof and put them into the struct size_t num_bytes_read = 0; - circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_1_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_2_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_3_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - ecc_op_wire_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - calldata_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - calldata_read_counts_comm = - deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - lookup_inverses_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_1_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_2_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_3_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + ecc_op_wire_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + calldata_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + calldata_read_counts_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + lookup_inverses_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { sumcheck_univariates.push_back( deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read)); + BaseTranscript::proof_data, num_bytes_read)); } - sumcheck_evaluations = deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read); + sumcheck_evaluations = + deserialize_from_buffer>(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { - zm_cq_comms.push_back( - deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + zm_cq_comms.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); } /** @@ -552,41 +550,41 @@ template class GoblinUltraRecursive_ { */ void serialize_full_transcript() { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); + size_t old_proof_length = BaseTranscript::proof_data.size(); + BaseTranscript::proof_data.clear(); size_t log_n = numeric::get_msb(circuit_size); - serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - serialize_to_buffer(public_input_size, BaseTranscript::proof_data); - serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); + serialize_to_buffer(circuit_size, BaseTranscript::proof_data); + serialize_to_buffer(public_input_size, BaseTranscript::proof_data); + serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); + serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); } - serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_1_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_2_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_3_comm, BaseTranscript::proof_data); - serialize_to_buffer(ecc_op_wire_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(calldata_comm, BaseTranscript::proof_data); - serialize_to_buffer(calldata_read_counts_comm, BaseTranscript::proof_data); - serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); - serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_1_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_2_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_3_comm, BaseTranscript::proof_data); + serialize_to_buffer(ecc_op_wire_4_comm, BaseTranscript::proof_data); + serialize_to_buffer(calldata_comm, BaseTranscript::proof_data); + serialize_to_buffer(calldata_read_counts_comm, BaseTranscript::proof_data); + serialize_to_buffer(lookup_inverses_comm, BaseTranscript::proof_data); + serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); } - serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); } - serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); - serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); // sanity check to make sure we generate the same length of proof as before. - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); + ASSERT(BaseTranscript::proof_data.size() == old_proof_length); } }; }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp index 93a716820cd..1e987fe09c5 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp @@ -356,7 +356,7 @@ class Ultra { class VerifierCommitments : public AllEntities { public: VerifierCommitments(std::shared_ptr verification_key, - [[maybe_unused]] const BaseTranscript& transcript) + [[maybe_unused]] const BaseTranscript& transcript) { static_cast(transcript); q_m = verification_key->q_m; @@ -397,7 +397,7 @@ class Ultra { * @brief Derived class that defines proof structure for Ultra proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: // Transcript objects defined as public member variables for easy access and modification uint32_t circuit_size; @@ -421,7 +421,7 @@ class Ultra { // Used by verifier to initialize the transcript Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} static Transcript prover_init_empty() diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp index def614604f9..c89a2254d3d 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp @@ -381,7 +381,7 @@ template class UltraRecursive_ { * @brief Derived class that defines proof structure for UltraRecursive proofs, as well as supporting functions. * */ - class Transcript : public BaseTranscript { + class Transcript : public BaseTranscript { public: // Transcript objects defined as public member variables for easy access and modification uint32_t circuit_size; @@ -405,7 +405,7 @@ template class UltraRecursive_ { // Used by verifier to initialize the transcript Transcript(const std::vector& proof) - : BaseTranscript(proof) + : BaseTranscript(proof) {} static Transcript prover_init_empty() @@ -432,34 +432,33 @@ template class UltraRecursive_ { { // take current proof and put them into the struct size_t num_bytes_read = 0; - circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { sumcheck_univariates.push_back( deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read)); + BaseTranscript::proof_data, num_bytes_read)); } - sumcheck_evaluations = deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read); + sumcheck_evaluations = + deserialize_from_buffer>(BaseTranscript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { - zm_cq_comms.push_back( - deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); + zm_cq_comms.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); } - zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); } /** * @brief Serializes the structure variables into a FULL UltraRecursive proof. Should be called only if @@ -468,34 +467,34 @@ template class UltraRecursive_ { */ void serialize_full_transcript() { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); // clear proof_data so the rest of the function can replace it + size_t old_proof_length = BaseTranscript::proof_data.size(); + BaseTranscript::proof_data.clear(); // clear proof_data so the rest of the function can replace it size_t log_n = numeric::get_msb(circuit_size); - serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - serialize_to_buffer(public_input_size, BaseTranscript::proof_data); - serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); + serialize_to_buffer(circuit_size, BaseTranscript::proof_data); + serialize_to_buffer(public_input_size, BaseTranscript::proof_data); + serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); + serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); } - serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); - serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); + serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); + serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); + serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); } - serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); } - serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); - serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); + serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); // sanity check to make sure we generate the same length of proof as before. - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); + ASSERT(BaseTranscript::proof_data.size() == old_proof_length); } }; }; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp index d52af9f2a84..e332819a036 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp @@ -23,8 +23,9 @@ template void ProtoGalaxyProver_::prepa transcript.send_to_verifier(domain_separator + "_public_input_" + std::to_string(i), public_input_i); } - auto [eta, beta, gamma] = transcript.get_challenges( - domain_separator + "_eta", domain_separator + "_beta", domain_separator + "_gamma"); + auto [eta, beta, gamma] = challenges_to_field_elements(transcript.get_challenges( + domain_separator + "_eta", domain_separator + "_beta", domain_separator + "_gamma")); + instance->compute_sorted_accumulator_polynomials(eta); instance->compute_grand_product_polynomials(beta, gamma); instance->alpha = transcript.get_challenge(domain_separator + "_alpha"); @@ -42,7 +43,7 @@ ProverFoldingResult ProtoGalaxyProver_prover_polynomials.get_polynomial_size(); const auto log_instance_size = static_cast(numeric::get_msb(instance_size)); @@ -53,7 +54,7 @@ ProverFoldingResult ProtoGalaxyProver_ betas_star(log_instance_size); betas_star[0] = 1; @@ -69,7 +70,7 @@ ProverFoldingResult ProtoGalaxyProver_ class ProtoGalaxyProver_ { using RelationEvaluations = typename Flavor::TupleOfArraysOfValues; ProverInstances instances; - BaseTranscript transcript; + BaseTranscript transcript; ProtoGalaxyProver_() = default; ProtoGalaxyProver_(ProverInstances insts) diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index ed6441dae39..360ef286887 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -5,7 +5,7 @@ namespace proof_system::honk { template void ProtoGalaxyVerifier_::prepare_for_folding(std::vector fold_data) { - transcript = BaseTranscript{ fold_data }; + transcript = BaseTranscript{ fold_data }; auto index = 0; for (auto it = verifier_instances.begin(); it != verifier_instances.end(); it++, index++) { auto inst = *it; @@ -21,8 +21,9 @@ void ProtoGalaxyVerifier_::prepare_for_folding(std::vector(domain_separator + "_public_input_" + std::to_string(i)); inst->public_inputs.emplace_back(public_input_i); } - auto [eta, beta, gamma] = transcript.get_challenges( - domain_separator + "_eta", domain_separator + "_beta", domain_separator + "_gamma"); + auto [eta, beta, gamma] = challenges_to_field_elements(transcript.get_challenges( + domain_separator + "_eta", domain_separator + "_beta", domain_separator + "_gamma")); + const FF public_input_delta = compute_public_input_delta( inst->public_inputs, beta, gamma, inst->instance_size, inst->pub_inputs_offset); const FF lookup_grand_product_delta = compute_lookup_grand_product_delta(beta, gamma, inst->instance_size); @@ -39,7 +40,7 @@ VerifierFoldingResult ProtoGalaxyVerifier_< using Flavor = typename VerifierInstances::Flavor; prepare_for_folding(fold_data); - auto delta = transcript.get_challenge("delta"); + FF delta = transcript.get_challenge("delta"); auto accumulator = get_accumulator(); auto log_instance_size = static_cast(numeric::get_msb(accumulator->instance_size)); auto deltas = compute_round_challenge_pows(log_instance_size, delta); @@ -48,7 +49,7 @@ VerifierFoldingResult ProtoGalaxyVerifier_< perturbator_coeffs[idx] = transcript.template receive_from_prover("perturbator_" + std::to_string(idx)); } auto perturbator = Polynomial(perturbator_coeffs); - auto perturbator_challenge = transcript.get_challenge("perturbator_challenge"); + FF perturbator_challenge = transcript.get_challenge("perturbator_challenge"); auto perturbator_at_challenge = perturbator.evaluate(perturbator_challenge); // Thed degree of K(X) is dk - k - 1 = k(d - 1) - 1. Hence we need k(d - 1) evaluations to represent it. @@ -59,7 +60,7 @@ VerifierFoldingResult ProtoGalaxyVerifier_< } Univariate combiner_quotient( combiner_quotient_evals); - auto combiner_challenge = transcript.get_challenge("combiner_quotient_challenge"); + FF combiner_challenge = transcript.get_challenge("combiner_quotient_challenge"); auto combiner_quotient_at_challenge = combiner_quotient.evaluate(combiner_challenge); auto vanishing_polynomial_at_challenge = combiner_challenge * (combiner_challenge - FF(1)); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp index e8f7032cb30..028710983dd 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp @@ -14,7 +14,7 @@ template class ProtoGalaxyVerifier_ { using Instance = typename VerifierInstances::Instance; using VerificationKey = typename Flavor::VerificationKey; VerifierInstances verifier_instances; - BaseTranscript transcript; + BaseTranscript transcript; ProtoGalaxyVerifier_(VerifierInstances insts) : verifier_instances(insts){}; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp index 49fcdd6bf92..e9943fa2a13 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.hpp @@ -18,7 +18,7 @@ template class Transcript { public: using field_ct = field_t; using FF = barretenberg::fr; - using BaseTranscript = proof_system::honk::BaseTranscript; + using BaseTranscript = proof_system::honk::BaseTranscript; using StdlibTypes = utility::StdlibTypesUtility; static constexpr size_t HASH_OUTPUT_SIZE = BaseTranscript::HASH_OUTPUT_SIZE; @@ -49,7 +49,7 @@ template class Transcript { { // Compute the indicated challenges from the native transcript constexpr size_t num_challenges = sizeof...(Strings); - std::array native_challenges{}; + std::array native_challenges{}; native_challenges = native_transcript.get_challenges(labels...); /* @@ -60,7 +60,7 @@ template class Transcript { */ std::array challenges; for (size_t i = 0; i < num_challenges; ++i) { - challenges[i] = field_ct::from_witness(builder, native_challenges[i]); + challenges[i] = field_ct::from_witness(builder, static_cast(native_challenges[i])); } return challenges; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp index bed3ccee7cb..2bea11a75da 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/transcript/transcript.test.cpp @@ -14,7 +14,7 @@ using Builder = UltraCircuitBuilder; using UltraFlavor = ::proof_system::honk::flavor::Ultra; using UltraRecursiveFlavor = ::proof_system::honk::flavor::UltraRecursive_; using FF = barretenberg::fr; -using BaseTranscript = ::proof_system::honk::BaseTranscript; +using BaseTranscript = ::proof_system::honk::BaseTranscript; /** * @brief Create some mock data; add it to the provided prover transcript in various mock rounds @@ -172,7 +172,8 @@ TEST(RecursiveHonkTranscript, ReturnValuesMatch) for (size_t i = 0; i < LENGTH; ++i) { EXPECT_EQ(native_evaluations[i], stdlib_evaluations[i].get_value()); } - EXPECT_EQ(native_alpha, stdlib_alpha.get_value()); - EXPECT_EQ(native_beta, stdlib_beta.get_value()); + + EXPECT_EQ(static_cast(native_alpha), stdlib_alpha.get_value()); + EXPECT_EQ(static_cast(native_beta), stdlib_beta.get_value()); } } // namespace proof_system::plonk::stdlib::recursion::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index 980afc3490b..ed0b2f52fd1 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -73,7 +73,7 @@ template class SumcheckProver { const proof_system::RelationParameters& relation_parameters, FF alpha) // pass by value, not by reference { - auto zeta = transcript.get_challenge("Sumcheck:zeta"); + FF zeta = transcript.get_challenge("Sumcheck:zeta"); barretenberg::PowUnivariate pow_univariate(zeta); @@ -203,7 +203,7 @@ template class SumcheckVerifier { { bool verified(true); - auto zeta = transcript.get_challenge("Sumcheck:zeta"); + FF zeta = transcript.get_challenge("Sumcheck:zeta"); barretenberg::PowUnivariate pow_univariate(zeta); // All but final round. diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp index 33864bb8442..04e7f864fff 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp @@ -107,7 +107,7 @@ TEST_F(SumcheckTests, PolynomialNormalization) Flavor::Transcript transcript = Flavor::Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); auto output = sumcheck.prove(full_polynomials, {}, alpha); FF u_0 = output.challenge[0]; @@ -176,7 +176,7 @@ TEST_F(SumcheckTests, Prover) auto sumcheck = SumcheckProver(multivariate_n, transcript); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); auto output = sumcheck.prove(full_polynomials, {}, alpha); FF u_0 = output.challenge[0]; FF u_1 = output.challenge[1]; @@ -251,13 +251,13 @@ TEST_F(SumcheckTests, ProverAndVerifierSimple) Flavor::Transcript prover_transcript = Flavor::Transcript::prover_init_empty(); auto sumcheck_prover = SumcheckProver(multivariate_n, prover_transcript); - auto prover_alpha = prover_transcript.get_challenge("alpha"); + FF prover_alpha = prover_transcript.get_challenge("alpha"); auto output = sumcheck_prover.prove(full_polynomials, {}, prover_alpha); Flavor::Transcript verifier_transcript = Flavor::Transcript::verifier_init_empty(prover_transcript); auto sumcheck_verifier = SumcheckVerifier(multivariate_n); - auto verifier_alpha = verifier_transcript.get_challenge("alpha"); + FF verifier_alpha = verifier_transcript.get_challenge("alpha"); auto verifier_output = sumcheck_verifier.verify(relation_parameters, verifier_alpha, verifier_transcript); auto verified = verifier_output.verified.value(); diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index afdd70f3808..4b32e4295c3 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -50,10 +50,8 @@ class TranscriptManifest { /** * @brief Common transcript class for both parties. Stores the data for the current round, as well as the * manifest. - * - * @tparam FF Field from which we sample challenges. */ -template class BaseTranscript { +class BaseTranscript { public: BaseTranscript() = default; @@ -67,11 +65,13 @@ template class BaseTranscript { {} static constexpr size_t HASH_OUTPUT_SIZE = 32; + std::ptrdiff_t proof_start = 0; + size_t num_bytes_written = 0; // the number of bytes written to proof_data by the prover or the verifier + size_t num_bytes_read = 0; // the number of bytes read from proof_data by the verifier + size_t round_number = 0; // current round for manifest + private: static constexpr size_t MIN_BYTES_PER_CHALLENGE = 128 / 8; // 128 bit challenges - - size_t num_bytes_read = 0; // keeps track of number of bytes read from proof_data by the verifier - size_t round_number = 0; // current round for manifest bool is_first_challenge = true; // indicates if this is the first challenge this transcript is generating std::array previous_challenge_buffer{}; // default-initialized to zeros std::vector current_round_data; @@ -141,6 +141,8 @@ template class BaseTranscript { manifest.add_entry(round_number, label, element_bytes.size()); current_round_data.insert(current_round_data.end(), element_bytes.begin(), element_bytes.end()); + + num_bytes_written += element_bytes.size(); } /** @@ -181,6 +183,20 @@ template class BaseTranscript { public: // Contains the raw data sent by the prover. std::vector proof_data; + + /** + * @brief Return the proof data starting at proof_start + * @details This is useful for when two different provers share a transcript. + */ + std::vector export_proof() + { + std::vector result(num_bytes_written); + std::copy_n(proof_data.begin() + proof_start, num_bytes_written, result.begin()); + proof_start += static_cast(num_bytes_written); + num_bytes_written = 0; + return result; + }; + /** * @brief After all the prover messages have been sent, finalize the round by hashing all the data and then create * the number of requested challenges. @@ -190,9 +206,9 @@ template class BaseTranscript { * multiple challenges. * * @param labels human-readable names for the challenges for the manifest - * @return std::array challenges for this round. + * @return std::array challenges for this round. */ - template std::array get_challenges(const Strings&... labels) + template std::array get_challenges(const Strings&... labels) { constexpr size_t num_challenges = sizeof...(Strings); @@ -202,19 +218,19 @@ template class BaseTranscript { // Compute the new challenge buffer from which we derive the challenges. // Create challenges from bytes. - std::array challenges{}; + std::array challenges{}; // Generate the challenges by iteratively hashing over the previous challenge. for (size_t i = 0; i < num_challenges; i++) { auto next_challenge_buffer = get_next_challenge_buffer(); // get next challenge buffer - std::array field_element_buffer{}; + std::array field_element_buffer{}; // copy half of the hash to lower 128 bits of challenge // Note: because of how read() from buffers to fields works (in field_declarations.hpp), // we use the later half of the buffer std::copy_n(next_challenge_buffer.begin(), HASH_OUTPUT_SIZE / 2, field_element_buffer.begin() + HASH_OUTPUT_SIZE / 2); - challenges[i] = from_buffer(field_element_buffer); + challenges[i] = from_buffer(field_element_buffer); } // Prepare for next round. @@ -245,7 +261,7 @@ template class BaseTranscript { auto element_bytes = to_buffer(element); proof_data.insert(proof_data.end(), element_bytes.begin(), element_bytes.end()); - BaseTranscript::consume_prover_element_bytes(label, element_bytes); + BaseTranscript::consume_prover_element_bytes(label, element_bytes); } /** @@ -262,7 +278,7 @@ template class BaseTranscript { auto element_bytes = std::span{ proof_data }.subspan(num_bytes_read, element_size); num_bytes_read += element_size; - BaseTranscript::consume_prover_element_bytes(label, element_bytes); + BaseTranscript::consume_prover_element_bytes(label, element_bytes); T element = from_buffer(element_bytes); @@ -275,9 +291,9 @@ template class BaseTranscript { * * @return BaseTranscript */ - static BaseTranscript prover_init_empty() + static BaseTranscript prover_init_empty() { - BaseTranscript transcript; + BaseTranscript transcript; constexpr uint32_t init{ 42 }; // arbitrary transcript.send_to_verifier("Init", init); return transcript; @@ -290,14 +306,14 @@ template class BaseTranscript { * @param transcript * @return BaseTranscript */ - static BaseTranscript verifier_init_empty(const BaseTranscript& transcript) + static BaseTranscript verifier_init_empty(const BaseTranscript& transcript) { - BaseTranscript verifier_transcript{ transcript.proof_data }; + BaseTranscript verifier_transcript{ transcript.proof_data }; [[maybe_unused]] auto _ = verifier_transcript.template receive_from_prover("Init"); return verifier_transcript; }; - FF get_challenge(const std::string& label) { return get_challenges(label)[0]; } + uint256_t get_challenge(const std::string& label) { return get_challenges(label)[0]; } [[nodiscard]] TranscriptManifest get_manifest() const { return manifest; }; @@ -317,4 +333,16 @@ template class BaseTranscript { */ virtual void serialize_full_transcript() { throw_or_abort("Cannot serialize transcript"); } }; + +/** + * @brief Convert an array of uint256_t's to an array of field elements + * @details The syntax `std::array [a, b] = transcript.get_challenges("a", "b")` is unfortunately not allowed + * (structured bindings must be defined with auto return type), so we need a workaround. + */ +template std::array challenges_to_field_elements(std::array&& arr) +{ + std::array result; + std::move(arr.begin(), arr.end(), result.begin()); + return result; +} } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp index 437b31b90c5..820d0d56eb7 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.test.cpp @@ -1,18 +1,50 @@ #include "barretenberg/transcript/transcript.hpp" -#include "barretenberg/ecc/curves/bn254/fr.hpp" #include namespace barretenberg::honk_transcript_tests { using FF = barretenberg::fr; -using Transcript = proof_system::honk::BaseTranscript; +using Fr = barretenberg::fr; +using Fq = barretenberg::fq; +using Transcript = proof_system::honk::BaseTranscript; -TEST(BaseTranscript, Basic) +/** + * @brief Test sending, receiving, and exporting proofs + * + */ +TEST(BaseTranscript, TwoProversTwoFields) { - Transcript transcript; - FF elt = 561; - transcript.send_to_verifier("something", elt); - auto received = transcript.template receive_from_prover("something"); - EXPECT_EQ(received, elt); + const auto EXPECT_STATE = [](const Transcript& transcript, size_t start, size_t written, size_t read) { + EXPECT_EQ(transcript.proof_start, static_cast(start)); + EXPECT_EQ(transcript.num_bytes_written, written); + EXPECT_EQ(transcript.num_bytes_read, read); + }; + + Transcript prover_transcript; + // state initializes to zero + EXPECT_STATE(prover_transcript, /*start*/ 0, /*written*/ 0, /*read*/ 0); + Fr elt_a = 1377; + prover_transcript.send_to_verifier("a", elt_a); + EXPECT_STATE(prover_transcript, /*start*/ 0, /*written*/ 32, /*read*/ 0); + Transcript verifier_transcript_1{ prover_transcript.export_proof() }; + // export resets read/write state and sets start in prep for next export + EXPECT_STATE(prover_transcript, /*start*/ 32, /*written*/ 0, /*read*/ 0); + // state initializes to zero + EXPECT_STATE(verifier_transcript_1, /*start*/ 0, /*written*/ 0, /*read*/ 0); + Fr received_a = verifier_transcript_1.receive_from_prover("a"); + // receiving is reading bytes input and writing them to an internal proof_data buffer + EXPECT_STATE(verifier_transcript_1, /*start*/ 0, /*written*/ 32, /*read*/ 32); + EXPECT_EQ(received_a, elt_a); + + Fq elt_b = 773; + prover_transcript.send_to_verifier("b", elt_b); + EXPECT_STATE(prover_transcript, /*start*/ 32, /*written*/ 32, /*read*/ 0); + Transcript verifier_transcript_2{ prover_transcript.export_proof() }; + EXPECT_STATE(prover_transcript, /*start*/ 64, /*written*/ 0, /*read*/ 0); + EXPECT_STATE(verifier_transcript_2, /*start*/ 0, /*written*/ 0, /*read*/ 0); + Fq received_b = verifier_transcript_2.receive_from_prover("b"); + EXPECT_STATE(verifier_transcript_2, 0, 32, 32); + EXPECT_EQ(received_b, elt_b); } + } // namespace barretenberg::honk_transcript_tests diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 5ad81ecb1cb..98e29dc0113 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -276,7 +276,7 @@ void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_rou void GoblinTranslatorProver::execute_grand_product_computation_round() { // Compute and store parameters required by relations in Sumcheck - auto [gamma] = transcript.get_challenges("gamma"); + FF gamma = transcript.get_challenge("gamma"); const size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; relation_parameters.beta = 0; relation_parameters.gamma = gamma; @@ -329,7 +329,7 @@ void GoblinTranslatorProver::execute_relation_check_rounds() auto sumcheck = Sumcheck(key->circuit_size, transcript); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index 47772d1ca7b..8ac45653953 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -35,7 +35,7 @@ class GoblinTranslatorProver { plonk::proof& export_proof(); plonk::proof& construct_proof(); - BaseTranscript transcript; + BaseTranscript transcript; proof_system::RelationParameters relation_parameters; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index e16a91f1b5b..5c95bd8b75e 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -65,7 +65,7 @@ void GoblinTranslatorVerifier::put_translation_data_in_relation_parameters(const */ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) { - transcript = BaseTranscript{ proof.proof_data }; + transcript = BaseTranscript{ proof.proof_data }; Flavor::VerifierCommitments commitments{ key, transcript }; Flavor::CommitmentLabels commitment_labels; @@ -230,7 +230,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) commitments.ordered_range_constraints_4 = receive_commitment(commitment_labels.ordered_range_constraints_4); // Get permutation challenges - auto [gamma] = transcript.get_challenges("gamma"); + FF gamma = transcript.get_challenge("gamma"); relation_parameters.beta = 0; relation_parameters.gamma = gamma; @@ -243,7 +243,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index ff49cd546ce..0b16855a0b5 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -20,7 +20,7 @@ class GoblinTranslatorVerifier { std::map commitments; std::map pcs_fr_elements; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + BaseTranscript transcript; RelationParameters relation_parameters; explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp index 1b9ae31459d..355bf5c6c65 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp @@ -200,10 +200,10 @@ TEST_F(GoblinUltraTranscriptTests, ChallengeGenerationTest) constexpr uint32_t random_val{ 17 }; // arbitrary transcript.send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = transcript.get_challenges("a", "b", "c"); + auto [a, b, c] = challenges_to_field_elements(transcript.get_challenges("a", "b", "c")); ASSERT_NE(a, 0) << "Challenge a is 0"; - ASSERT_NE(b, 0) << "Challenge a is 0"; - ASSERT_NE(b, 0) << "Challenge a is 0"; + ASSERT_NE(b, 0) << "Challenge b is 0"; + ASSERT_NE(c, 0) << "Challenge c is 0"; } TEST_F(GoblinUltraTranscriptTests, StructureTest) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp index ba5ed3909a7..24b614f4ea8 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp @@ -64,7 +64,7 @@ template plonk::proof& MergeProver_::construct_proof() // Compute evaluations T_i(\kappa), T_{i-1}(\kappa), t_i^{shift}(\kappa), add to transcript. For each polynomial // we add a univariate opening claim {p(X), (\kappa, p(\kappa))} to the set of claims to be checked via batched KZG. - auto kappa = transcript.get_challenge("kappa"); + FF kappa = transcript.get_challenge("kappa"); // Add univariate opening claims for each polynomial. std::vector opening_claims; @@ -89,7 +89,7 @@ template plonk::proof& MergeProver_::construct_proof() opening_claims.emplace_back(OpeningClaim{ polynomial, { kappa, evaluation } }); } - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); // Constuct batched polynomial to opened via KZG auto batched_polynomial = Polynomial(N); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp index a6d31866b41..426caafc521 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp @@ -25,7 +25,7 @@ template class MergeProver_ { using OpeningPair = typename pcs::OpeningPair; public: - BaseTranscript transcript; + BaseTranscript transcript; std::shared_ptr op_queue; std::shared_ptr pcs_commitment_key; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp index bfac4182d6d..3e76c0f3214 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp @@ -19,7 +19,7 @@ MergeVerifier_::MergeVerifier_(std::unique_ptr ve */ template bool MergeVerifier_::verify_proof(const plonk::proof& proof) { - transcript = BaseTranscript{ proof.proof_data }; + transcript = BaseTranscript{ proof.proof_data }; // Receive commitments [t_i^{shift}], [T_{i-1}], and [T_i] std::array C_T_prev; @@ -57,7 +57,7 @@ template bool MergeVerifier_::verify_proof(const plonk identity_checked = identity_checked && (T_current_evals[idx] == T_prev_evals[idx] + t_shift_evals[idx]); } - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); // Constuct batched commitment and evaluation from constituents auto batched_commitment = opening_claims[0].commitment; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp index d1da2f786ab..a4005f8a4f7 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp @@ -26,7 +26,7 @@ template class MergeVerifier_ { using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; public: - BaseTranscript transcript; + BaseTranscript transcript; std::shared_ptr op_queue; std::shared_ptr pcs_verification_key; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp index 8a7f1269e3d..3ed21abdd39 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp @@ -169,7 +169,7 @@ TEST_F(SumcheckTestsRealCircuit, Ultra) Flavor::Transcript verifier_transcript = Flavor::Transcript::verifier_init_empty(prover_transcript); auto sumcheck_verifier = SumcheckVerifier(circuit_size); - auto alpha = verifier_transcript.get_challenge("alpha"); + FF alpha = verifier_transcript.get_challenge("alpha"); auto verifier_output = sumcheck_verifier.verify(instance->relation_parameters, alpha, verifier_transcript); auto verified = verifier_output.verified.value(); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index 0dcdb608e2b..40ef84501b6 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -74,7 +74,7 @@ template void UltraProver_::execute_wire_commitment */ template void UltraProver_::execute_sorted_list_accumulator_round() { - auto eta = transcript.get_challenge("eta"); + FF eta = transcript.get_challenge("eta"); instance->compute_sorted_accumulator_polynomials(eta); @@ -93,7 +93,7 @@ template void UltraProver_::execute_sorted_list_acc template void UltraProver_::execute_log_derivative_inverse_round() { // Compute and store challenges beta and gamma - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); relation_parameters.beta = beta; relation_parameters.gamma = gamma; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index cd6cdf1b40d..1d4e16edd70 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -186,10 +186,10 @@ TEST_F(UltraTranscriptTests, ChallengeGenerationTest) constexpr uint32_t random_val{ 17 }; // arbitrary transcript.send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = transcript.get_challenges("a", "b", "c"); + auto [a, b, c] = challenges_to_field_elements(transcript.get_challenges("a", "b", "c")); ASSERT_NE(a, 0) << "Challenge a is 0"; - ASSERT_NE(b, 0) << "Challenge a is 0"; - ASSERT_NE(b, 0) << "Challenge a is 0"; + ASSERT_NE(b, 0) << "Challenge b is 0"; + ASSERT_NE(c, 0) << "Challenge c is 0"; } TEST_F(UltraTranscriptTests, StructureTest) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 35e9539be19..1198bf981ec 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -42,7 +42,7 @@ template bool UltraVerifier_::verify_proof(const plonk proof_system::RelationParameters relation_parameters; - transcript = BaseTranscript{ proof.proof_data }; + transcript = BaseTranscript{ proof.proof_data }; auto commitments = VerifierCommitments(key, transcript); auto commitment_labels = CommitmentLabels(); @@ -86,7 +86,7 @@ template bool UltraVerifier_::verify_proof(const plonk } // Get challenge for sorted list batching and wire four memory records - auto eta = transcript.get_challenge("eta"); + FF eta = transcript.get_challenge("eta"); relation_parameters.eta = eta; // Get commitments to sorted list accumulator and fourth wire @@ -94,7 +94,7 @@ template bool UltraVerifier_::verify_proof(const plonk commitments.w_4 = transcript.template receive_from_prover(commitment_labels.w_4); // Get permutation challenges - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); // If Goblin (i.e. using DataBus) receive commitments to log-deriv inverses polynomial if constexpr (IsGoblinFlavor) { @@ -117,7 +117,7 @@ template bool UltraVerifier_::verify_proof(const plonk // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + FF alpha = transcript.get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index ecf6541d0c8..b449f76db4b 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -23,7 +23,7 @@ template class UltraVerifier_ { std::shared_ptr key; std::map commitments; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + BaseTranscript transcript; }; extern template class UltraVerifier_;