diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index e495580dd97..a483d04889e 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -7,7 +7,7 @@ set -eu BIN=${BIN:-../cpp/build/bin/bb} FLOW=${FLOW:-prove_and_verify} CRS_PATH=~/.bb-crs -BRANCH=master +BRANCH=mv/recursion-script VERBOSE=${VERBOSE:-} NAMED_TEST=${1:-} diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp index 6a6c3876bb9..6f30db68835 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp @@ -8,7 +8,12 @@ #include "ecdsa_secp256k1.hpp" namespace acir_format::tests { -TEST(acir_format, test_a_single_constraint_no_pub_inputs) + +class AcirFormatTests : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; +TEST_F(AcirFormatTests, TestASingleConstraintNoPubInputs) { poly_triple constraint{ @@ -53,12 +58,12 @@ TEST(acir_format, test_a_single_constraint_no_pub_inputs) EXPECT_EQ(verifier.verify_proof(proof), false); } -TEST(acir_format, msgpack_logic_constraint) +TEST_F(AcirFormatTests, MsgpackLogicConstraint) { auto [actual, expected] = msgpack_roundtrip(LogicConstraint{}); EXPECT_EQ(actual, expected); } -TEST(acir_format, test_logic_gate_from_noir_circuit) +TEST_F(AcirFormatTests, TestLogicGateFromNoirCircuit) { /** * constraints produced by Noir program: @@ -167,7 +172,7 @@ TEST(acir_format, test_logic_gate_from_noir_circuit) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST(acir_format, test_schnorr_verify_pass) +TEST_F(AcirFormatTests, TestSchnorrVerifyPass) { std::vector range_constraints; for (uint32_t i = 0; i < 10; i++) { @@ -239,7 +244,7 @@ TEST(acir_format, test_schnorr_verify_pass) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST(acir_format, test_schnorr_verify_small_range) +TEST_F(AcirFormatTests, TestSchnorrVerifySmallRange) { std::vector range_constraints; for (uint32_t i = 0; i < 10; i++) { @@ -311,7 +316,7 @@ TEST(acir_format, test_schnorr_verify_small_range) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST(acir_format, test_var_keccak) +TEST_F(AcirFormatTests, TestVarKeccak) { HashInput input1; input1.witness = 1; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp index d24eaf63187..02e8a841911 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp @@ -7,6 +7,11 @@ #include namespace acir_format::tests { + +class UltraPlonkRAM : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; size_t generate_block_constraint(BlockConstraint& constraint, WitnessVector& witness_values) { size_t witness_len = 1; @@ -98,7 +103,7 @@ size_t generate_block_constraint(BlockConstraint& constraint, WitnessVector& wit return witness_len; } -TEST(up_ram, TestBlockConstraint) +TEST_F(UltraPlonkRAM, TestBlockConstraint) { BlockConstraint block; WitnessVector witness_values; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp index a26894dd0c7..4dfc0dad44f 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp @@ -10,6 +10,11 @@ namespace acir_format::tests { using curve_ct = proof_system::plonk::stdlib::secp256k1; +class ECDSASecp256k1 : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; + size_t generate_ecdsa_constraint(EcdsaSecp256k1Constraint& ecdsa_constraint, WitnessVector& witness_values) { std::string message_string = "Instructions unclear, ask again later."; @@ -77,7 +82,7 @@ size_t generate_ecdsa_constraint(EcdsaSecp256k1Constraint& ecdsa_constraint, Wit return offset; } -TEST(ECDSASecp256k1, TestECDSAConstraintSucceed) +TEST_F(ECDSASecp256k1, TestECDSAConstraintSucceed) { EcdsaSecp256k1Constraint ecdsa_k1_constraint; WitnessVector witness_values; @@ -117,7 +122,7 @@ TEST(ECDSASecp256k1, TestECDSAConstraintSucceed) // Test that the verifier can create an ECDSA circuit. // The ECDSA circuit requires that certain dummy data is valid // even though we are just building the circuit. -TEST(ECDSASecp256k1, TestECDSACompilesForVerifier) +TEST_F(ECDSASecp256k1, TestECDSACompilesForVerifier) { EcdsaSecp256k1Constraint ecdsa_k1_constraint; WitnessVector witness_values; @@ -145,7 +150,7 @@ TEST(ECDSASecp256k1, TestECDSACompilesForVerifier) auto builder = create_circuit(constraint_system); } -TEST(ECDSASecp256k1, TestECDSAConstraintFail) +TEST_F(ECDSASecp256k1, TestECDSAConstraintFail) { EcdsaSecp256k1Constraint ecdsa_k1_constraint; WitnessVector witness_values; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp index 8ea6c938f53..d83bac473d1 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp @@ -8,6 +8,10 @@ using namespace proof_system::plonk; +class AcirRecursionConstraint : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; namespace acir_format::test { Builder create_inner_circuit() { @@ -226,7 +230,7 @@ Builder create_outer_circuit(std::vector& inner_circuits) return outer_circuit; } -TEST(RecursionConstraint, TestBasicDoubleRecursionConstraints) +TEST_F(AcirRecursionConstraint, TestBasicDoubleRecursionConstraints) { std::vector layer_1_circuits; layer_1_circuits.push_back(create_inner_circuit()); @@ -245,7 +249,7 @@ TEST(RecursionConstraint, TestBasicDoubleRecursionConstraints) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST(RecursionConstraint, TestOneOuterRecursiveCircuit) +TEST_F(AcirRecursionConstraint, TestOneOuterRecursiveCircuit) { /** * We want to test the following: @@ -302,7 +306,7 @@ TEST(RecursionConstraint, TestOneOuterRecursiveCircuit) EXPECT_EQ(verifier.verify_proof(proof), true); } -TEST(RecursionConstraint, TestFullRecursiveComposition) +TEST_F(AcirRecursionConstraint, TestFullRecursiveComposition) { std::vector layer_b_1_circuits; layer_b_1_circuits.push_back(create_inner_circuit()); diff --git a/barretenberg/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp b/barretenberg/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp index 1377ebf1055..8b86c4d1641 100644 --- a/barretenberg/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp +++ b/barretenberg/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp @@ -43,6 +43,7 @@ class join_split_tests : public ::testing::Test { static constexpr size_t ACCOUNT_INDEX = 14; static void SetUpTestCase() { + barretenberg::srs::init_crs_factory("../srs_db/ignition"); auto null_crs_factory = std::make_shared>(); init_proving_key(null_crs_factory, false); auto crs_factory = @@ -709,7 +710,7 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change) constexpr uint32_t CIRCUIT_GATE_COUNT = 184517; constexpr uint32_t GATES_NEXT_POWER_OF_TWO = 524288; - const uint256_t VK_HASH("787c464414a2c2e3332314ff528bd236b13133c269c5704505a0f3a3ad56ad57"); + const uint256_t VK_HASH("2e1b6e64cd16912f2740d84a0e6c9e01784b35e09b303a026cc58ff5d6a5934d"); auto number_of_gates_js = result.number_of_gates; std::cout << get_verification_key()->sha256_hash() << std::endl; diff --git a/barretenberg/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.test.cpp b/barretenberg/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.test.cpp index 69609620954..dfdc491c981 100644 --- a/barretenberg/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.test.cpp +++ b/barretenberg/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.test.cpp @@ -9,7 +9,12 @@ namespace rollup { namespace proofs { namespace mock { -TEST(mock_circuit_tests, test_simple_circuit) +class MockCircuitTests : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; + +TEST_F(MockCircuitTests, test_simple_circuit) { // Dummy public inputs std::vector public_inputs; @@ -17,7 +22,7 @@ TEST(mock_circuit_tests, test_simple_circuit) public_inputs.push_back(fr::random_element()); } - Composer composer = Composer("../srs_db/ignition"); + Composer composer = Composer(); mock_circuit(composer, public_inputs); auto prover = composer.create_prover(); diff --git a/barretenberg/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp b/barretenberg/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp index c6daac18a42..ec813ad8dff 100644 --- a/barretenberg/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp +++ b/barretenberg/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp @@ -10,7 +10,13 @@ using namespace barretenberg; using namespace proof_system::plonk::stdlib; using namespace join_split_example::proofs::notes; using namespace join_split_example::proofs::notes::circuit::value; -TEST(value_note, commits) + +class ValueNote : public ::testing::Test { + protected: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; + +TEST_F(ValueNote, Commits) { auto user = join_split_example::fixtures::create_user_context(); auto builder = Builder(); @@ -35,7 +41,7 @@ TEST(value_note, commits) auto prover = composer.create_prover(builder); EXPECT_FALSE(builder.failed()); - printf("composer gates = %zu\n", builder.get_num_gates()); + info("composer gates = %zu\n", builder.get_num_gates()); auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -44,7 +50,7 @@ TEST(value_note, commits) EXPECT_EQ(proof_result, true); } -TEST(value_note, commits_with_0_value) +TEST_F(ValueNote, CommitsWith0Value) { auto builder = Builder(); @@ -72,7 +78,7 @@ TEST(value_note, commits_with_0_value) auto prover = composer.create_prover(builder); EXPECT_FALSE(builder.failed()); - printf("composer gates = %zu\n", builder.get_num_gates()); + info("composer gates = %zu\n", builder.get_num_gates()); auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -81,7 +87,7 @@ TEST(value_note, commits_with_0_value) EXPECT_EQ(proof_result, true); } -TEST(value_note, commit_with_oversized_asset_id_fails) +TEST_F(ValueNote, CommitWithOversizedAssetIdFails) { auto builder = Builder(); @@ -106,7 +112,7 @@ TEST(value_note, commit_with_oversized_asset_id_fails) auto prover = composer.create_prover(builder); EXPECT_TRUE(builder.failed()); - printf("composer gates = %zu\n", builder.get_num_gates()); + info("composer gates = %zu\n", builder.get_num_gates()); auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); diff --git a/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.hpp b/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.hpp index 3ae5a1fbccb..390bcc2f74f 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.hpp @@ -28,10 +28,7 @@ class StandardComposer { bool computed_witness = false; - StandardComposer() - : StandardComposer(std::shared_ptr>( - new barretenberg::srs::factories::FileCrsFactory("../srs_db/ignition"))) - {} + StandardComposer() { crs_factory_ = barretenberg::srs::get_crs_factory(); } StandardComposer(std::shared_ptr> crs_factory) : crs_factory_(std::move(crs_factory)) {} diff --git a/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp b/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp index e1f5613a9ae..6b745b34c23 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.test.cpp @@ -13,7 +13,12 @@ namespace { auto& engine = numeric::random::get_debug_engine(); } -TEST(standard_plonk_composer, base_case) +class StandardPlonkComposer : public ::testing::Test { + public: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } +}; + +TEST_F(StandardPlonkComposer, BaseCase) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -28,7 +33,7 @@ TEST(standard_plonk_composer, base_case) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, composer_from_serialized_keys) +TEST_F(StandardPlonkComposer, ComposerFromSerializedKeys) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -58,7 +63,7 @@ TEST(standard_plonk_composer, composer_from_serialized_keys) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, test_add_gate_proofs) +TEST_F(StandardPlonkComposer, TestAddGateProofs) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -118,13 +123,13 @@ TEST(standard_plonk_composer, test_add_gate_proofs) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, test_mul_gate_proofs) +TEST_F(StandardPlonkComposer, TestMulGateProofs) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); - fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), - fr::random_element(), fr::random_element(), fr::random_element() }; - fr q_inv[7]{ + std::array q{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), + fr::random_element(), fr::random_element(), fr::random_element() }; + std::array q_inv{ q[0].invert(), q[1].invert(), q[2].invert(), q[3].invert(), q[4].invert(), q[5].invert(), q[6].invert(), }; @@ -198,7 +203,7 @@ TEST(standard_plonk_composer, test_mul_gate_proofs) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, range_constraint) +TEST_F(StandardPlonkComposer, RangeConstraint) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -216,7 +221,7 @@ TEST(standard_plonk_composer, range_constraint) for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); fr source = builder.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t expected = static_cast(source.data[0]); + auto expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } for (uint32_t j = 1; j < 16; ++j) { @@ -242,7 +247,7 @@ TEST(standard_plonk_composer, range_constraint) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, range_constraint_fail) +TEST_F(StandardPlonkComposer, RangeConstraintFail) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -263,7 +268,7 @@ TEST(standard_plonk_composer, range_constraint_fail) EXPECT_EQ(result, false); } -TEST(standard_plonk_composer, and_constraint) +TEST_F(StandardPlonkComposer, AndConstraint) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -291,13 +296,13 @@ TEST(standard_plonk_composer, and_constraint) uint32_t out_expected = left_expected & right_expected; fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t left_result = static_cast(left_source.data[0]); + auto left_result = static_cast(left_source.data[0]); fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t right_result = static_cast(right_source.data[0]); + auto right_result = static_cast(right_source.data[0]); fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t out_result = static_cast(out_source.data[0]); + auto out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); EXPECT_EQ(right_result, right_expected); @@ -334,7 +339,7 @@ TEST(standard_plonk_composer, and_constraint) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, xor_constraint) +TEST_F(StandardPlonkComposer, XorConstraint) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -361,13 +366,13 @@ TEST(standard_plonk_composer, xor_constraint) uint32_t out_expected = left_expected ^ right_expected; fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t left_result = static_cast(left_source.data[0]); + auto left_result = static_cast(left_source.data[0]); fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t right_result = static_cast(right_source.data[0]); + auto right_result = static_cast(right_source.data[0]); fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); - uint32_t out_result = static_cast(out_source.data[0]); + auto out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); EXPECT_EQ(right_result, right_expected); @@ -404,7 +409,7 @@ TEST(standard_plonk_composer, xor_constraint) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, big_add_gate_with_bit_extract) +TEST_F(StandardPlonkComposer, BigAddGateWithBitExtract) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -447,7 +452,7 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, test_range_constraint_fail) +TEST_F(StandardPlonkComposer, TestRangeConstraintFail) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -465,7 +470,7 @@ TEST(standard_plonk_composer, test_range_constraint_fail) EXPECT_EQ(result, false); } -TEST(standard_plonk_composer, test_check_circuit_correct) +TEST_F(StandardPlonkComposer, TestCheckCircuitCorrect) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); @@ -486,7 +491,7 @@ TEST(standard_plonk_composer, test_check_circuit_correct) EXPECT_EQ(result, true); } -TEST(standard_plonk_composer, test_check_circuit_broken) +TEST_F(StandardPlonkComposer, TestCheckCircuitBroken) { auto builder = StandardCircuitBuilder(); auto composer = StandardComposer(); diff --git a/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp index 1f71e1e2e9b..fcea9028d83 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp @@ -37,11 +37,7 @@ class UltraComposer { // vanishing_polynomial cannot be trivially fetched here, I am directly setting this to 4 - 1 = 3. static constexpr size_t s_randomness = 3; - UltraComposer() - : UltraComposer("../srs_db/ignition"){}; - - UltraComposer(std::string const& crs_path) - : UltraComposer(std::make_unique>(crs_path)){}; + UltraComposer() { crs_factory_ = barretenberg::srs::get_crs_factory(); } explicit UltraComposer(std::shared_ptr> crs_factory) : crs_factory_(std::move(crs_factory)) diff --git a/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp b/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp index e1c932c6a92..970ae203cdd 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.test.cpp @@ -33,6 +33,8 @@ std::vector add_variables(UltraCircuitBuilder& builder, std::vector class ultra_plonk_composer : public ::testing::Test { public: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } + void prove_and_verify(UltraCircuitBuilder& builder, UltraComposer& composer, bool expected_result) { if constexpr (T::use_keccak) { diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/transition_widgets/elliptic_widget.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/transition_widgets/elliptic_widget.hpp index 162ef536b22..b5d36f1d81c 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/transition_widgets/elliptic_widget.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/widgets/transition_widgets/elliptic_widget.hpp @@ -78,8 +78,9 @@ template class EllipticKern inline static std::set const& get_required_polynomial_ids() { static const std::set required_polynomial_ids = { - PolynomialIndex::Q_1, PolynomialIndex::Q_3, PolynomialIndex::Q_4, PolynomialIndex::Q_ELLIPTIC, - PolynomialIndex::W_1, PolynomialIndex::W_2, PolynomialIndex::W_3, PolynomialIndex::W_4 + PolynomialIndex::Q_1, PolynomialIndex::Q_3, PolynomialIndex::Q_4, + PolynomialIndex::Q_M, PolynomialIndex::Q_ELLIPTIC, PolynomialIndex::W_1, + PolynomialIndex::W_2, PolynomialIndex::W_3, PolynomialIndex::W_4 }; return required_polynomial_ids; } @@ -106,45 +107,38 @@ template class EllipticKern const Field& x_3 = Getters::template get_value(polynomials, i); const Field& y_3 = Getters::template get_value(polynomials, i); - // Endomorphism coefficient for when we add and multiply by beta at the same time - const Field& q_beta = - Getters::template get_value(polynomials, i); - // Square of endomorphism coefficient - const Field& q_beta_sqr = - Getters::template get_value(polynomials, i); // sign const Field& q_sign = Getters::template get_value(polynomials, i); - // TODO: Can this be implemented more efficiently? - // It seems that Zac wanted to group the elements by selectors to use several linear terms initially, - // but in the end we are using one, so there is no reason why we can't optimize computation in another way - - Field beta_term = -x_2 * x_1 * (x_3 + x_3 + x_1); // -x_1 * x_2 * (2 * x_3 + x_1) - Field beta_sqr_term = x_2.sqr(); // x_2^2 - Field leftovers = beta_sqr_term; // x_2^2 - beta_sqr_term *= (x_3 - x_1); // x_2^2 * (x_3 - x_1) - Field sign_term = y_2 * y_1; // y_1 * y_2 - sign_term += sign_term; // 2 * y_1 * y_2 - beta_term *= q_beta; // -β * x_1 * x_2 * (2 * x_3 + x_1) - beta_sqr_term *= q_beta_sqr; // β^2 * x_2^2 * (x_3 - x_1) - sign_term *= q_sign; // 2 * y_1 * y_2 * sign - leftovers *= x_2; // x_2^3 - leftovers += x_1.sqr() * (x_3 + x_1); // x_2^3 + x_1 * (x_3 + x_1) - leftovers -= (y_2.sqr() + y_1.sqr()); // x_2^3 + x_1 * (x_3 + x_1) - y_2^2 - y_1^2 - - // Can be found in class description - Field x_identity = beta_term + beta_sqr_term + sign_term + leftovers; - x_identity *= challenges.alpha_powers[0]; - - beta_term = x_2 * (y_3 + y_1) * q_beta; // β * x_2 * (y_3 + y_1) - sign_term = -y_2 * (x_1 - x_3) * q_sign; // - signt * y_2 * (x_1 - x_3) - // TODO: remove extra additions if we decide to stay with this implementation - leftovers = -x_1 * (y_3 + y_1) + y_1 * (x_1 - x_3); // -x_1 * y_3 - x_1 * y_1 + y_1 * x_1 - y_1 * x_3 - - Field y_identity = beta_term + sign_term + leftovers; - y_identity *= challenges.alpha_powers[1]; - + // ecc add gate is active when q_elliptic = 1 and q_m = 0 + // ecc double gate is active when q_elliptic = 1 and q_m = 1 + const Field& q_is_double = + Getters::template get_value(polynomials, i); + + Field x_diff = x_2 - x_1; + Field y1_sqr = y_1.sqr(); + Field y2_sqr = y_2.sqr(); + Field y1y2 = y_1 * y_2 * q_sign; + Field x_identity_add = (x_3 + x_2 + x_1) * x_diff.sqr() - y1_sqr - y2_sqr + y1y2 + y1y2; + Field y_identity_add = (y_3 + y_1) * x_diff + (x_3 - x_1) * (y_2 * q_sign - y_1); + + // x-coordinate identity + // (x3 + 2x1)(4y^2) - (9x^4) = 0 + // This is degree 4...but + // we can use x^3 = y^2 - b + // (x3 + 2x1)(4y ^ 2) - (9x(y ^ 2 - b)) is degree 3 + const Field x_pow_4 = (y_1 * y_1 - grumpkin::g1::curve_b) * x_1; + Field x_identity_double = (x_3 + x_1 + x_1) * (y_1 + y_1) * (y_1 + y_1) - x_pow_4 * Field(9); + + // Y identity: (x1 - x3)(3x^2) - (2y1)(y1 + y3) = 0 + const Field x_pow_2 = (x_1 * x_1); + Field y_identity_double = x_pow_2 * (x_1 - x_3) * 3 - (y_1 + y_1) * (y_1 + y_3); + + auto x_identity = + (q_is_double * (x_identity_double - x_identity_add) + x_identity_add) * challenges.alpha_powers[0]; + auto y_identity = + (q_is_double * (y_identity_double - y_identity_add) + y_identity_add) * challenges.alpha_powers[1]; linear_terms[0] = x_identity + y_identity; } @@ -163,6 +157,7 @@ template class EllipticKern { const Field& q_elliptic = Getters::template get_value(polynomials, i); + return linear_terms[0] * q_elliptic; } diff --git a/barretenberg/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/barretenberg/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index 969aac893fc..671ab2e4304 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -125,7 +125,7 @@ template class Turbo : public Arithmetization class Ultra : public Arithmetization { +template class Ultra : public Arithmetization { public: using FF = _FF; struct Selectors : SelectorsBase { @@ -140,7 +140,6 @@ template class Ultra : public Arithmetization>& q_elliptic = std::get<8>(this->_data); std::vector>& q_aux = std::get<9>(this->_data); std::vector>& q_lookup_type = std::get<10>(this->_data); - std::vector>& q_elliptic_double = std::get<11>(this->_data); Selectors() : SelectorsBase(){}; Selectors(const Selectors& other) @@ -160,7 +159,6 @@ template class Ultra : public Arithmetizationq_elliptic = std::get<8>(this->_data); this->q_aux = std::get<9>(this->_data); this->q_lookup_type = std::get<10>(this->_data); - this->q_elliptic_double = std::get<11>(this->_data); }; Selectors& operator=(Selectors&& other) { diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.cpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.cpp index 990982aefce..76fdd6e87dd 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.cpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.cpp @@ -78,7 +78,6 @@ template void UltraCircuitBuilder_::add_gates_to_ensure_all_po q_lookup_type.emplace_back(0); q_elliptic.emplace_back(1); q_aux.emplace_back(1); - q_elliptic_double.emplace_back(1); ++this->num_gates; // Some relations depend on wire shifts so we add another gate with @@ -136,7 +135,6 @@ template void UltraCircuitBuilder_::create_add_gate(const add_ q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -167,7 +165,6 @@ void UltraCircuitBuilder_::create_big_add_gate(const add_quad_& in, cons q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -259,7 +256,6 @@ template void UltraCircuitBuilder_::create_big_mul_gate(const q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -284,7 +280,6 @@ template void UltraCircuitBuilder_::create_balanced_add_gate(c q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; // Why 3? TODO: return to this @@ -325,7 +320,6 @@ template void UltraCircuitBuilder_::create_mul_gate(const mul_ q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -353,7 +347,6 @@ template void UltraCircuitBuilder_::create_bool_gate(const uin q_4.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -383,7 +376,6 @@ template void UltraCircuitBuilder_::create_poly_gate(const pol q_4.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -417,12 +409,20 @@ template void UltraCircuitBuilder_::create_ecc_add_gate(const can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_4[this->num_gates - 1] == 0); can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_1[this->num_gates - 1] == 0); can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_arith[this->num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_m[this->num_gates - 1] == 0); + // TODO(@zac-williamson #2608 remove endomorphism coefficient) + bool endomorphism_present = in.endomorphism_coefficient != 1; if (can_fuse_into_previous_gate) { q_3[this->num_gates - 1] = in.endomorphism_coefficient; q_4[this->num_gates - 1] = in.endomorphism_coefficient.sqr(); q_1[this->num_gates - 1] = in.sign_coefficient; - q_elliptic[this->num_gates - 1] = 1; + + // TODO(@zac-williamson #2608) Change this back to 1 when pedersen refactor is complete. + // This is temporary stopgap. We can't support both a double gate and support the ecc enodmorphism + // without pushing the degree of the constraint above 5, which breaks ultraplonk. + // The pedersen refactor will remove all uses of the endomorphism + q_elliptic[this->num_gates - 1] = endomorphism_present ? 0 : 1; } else { w_l.emplace_back(this->zero_idx); w_r.emplace_back(in.x1); @@ -438,8 +438,12 @@ template void UltraCircuitBuilder_::create_ecc_add_gate(const q_c.emplace_back(0); q_sort.emplace_back(0); q_lookup_type.emplace_back(0); - q_elliptic.emplace_back(1); - q_elliptic_double.emplace_back(0); + + // TODO(@zac-williamson #2608) Change this back to 1 when pedersen refactor is complete. + // This is temporary stopgap. We can't support both a double gate and support the ecc enodmorphism + // without pushing the degree of the constraint above 5, which breaks ultraplonk. + // The pedersen refactor will remove all uses of the endomorphism + q_elliptic.emplace_back(endomorphism_present ? 0 : 1); q_aux.emplace_back(0); ++this->num_gates; } @@ -457,7 +461,6 @@ template void UltraCircuitBuilder_::create_ecc_add_gate(const q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -481,16 +484,20 @@ template void UltraCircuitBuilder_::create_ecc_dbl_gate(const bool can_fuse_into_previous_gate = true; can_fuse_into_previous_gate = can_fuse_into_previous_gate && (w_r[this->num_gates - 1] == in.x1); can_fuse_into_previous_gate = can_fuse_into_previous_gate && (w_o[this->num_gates - 1] == in.y1); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_arith[this->num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_lookup_type[this->num_gates - 1] == 0); + can_fuse_into_previous_gate = can_fuse_into_previous_gate && (q_aux[this->num_gates - 1] == 0); if (can_fuse_into_previous_gate) { - q_elliptic_double[this->num_gates - 1] = 1; + q_elliptic[this->num_gates - 1] = 1; + q_m[this->num_gates - 1] = 1; } else { w_r.emplace_back(in.x1); w_o.emplace_back(in.y1); w_l.emplace_back(this->zero_idx); w_4.emplace_back(this->zero_idx); - q_elliptic_double.emplace_back(1); - q_m.emplace_back(0); + q_elliptic.emplace_back(1); + q_m.emplace_back(1); q_1.emplace_back(0); q_2.emplace_back(0); q_3.emplace_back(0); @@ -499,7 +506,6 @@ template void UltraCircuitBuilder_::create_ecc_dbl_gate(const q_4.emplace_back(0); q_sort.emplace_back(0); q_lookup_type.emplace_back(0); - q_elliptic.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -508,7 +514,6 @@ template void UltraCircuitBuilder_::create_ecc_dbl_gate(const w_o.emplace_back(in.y3); w_l.emplace_back(this->zero_idx); w_4.emplace_back(this->zero_idx); - q_elliptic_double.emplace_back(0); q_m.emplace_back(0); q_1.emplace_back(0); q_2.emplace_back(0); @@ -547,7 +552,6 @@ template void UltraCircuitBuilder_::fix_witness(const uint32_t q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -620,7 +624,6 @@ plookup::ReadData UltraCircuitBuilder_::create_gates_from_plookup_ q_4.emplace_back(0); q_sort.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); ++this->num_gates; } @@ -930,7 +933,6 @@ void UltraCircuitBuilder_::create_sort_constraint(const std::vector::create_sort_constraint(const std::vector::create_dummy_constraints(const std::vector::create_sort_constraint_with_edges(const std::vect q_4.emplace_back(0); q_sort.emplace_back(1); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_lookup_type.emplace_back(0); q_aux.emplace_back(0); // enforce range check for middle rows @@ -1035,7 +1034,6 @@ void UltraCircuitBuilder_::create_sort_constraint_with_edges(const std::vect q_4.emplace_back(0); q_sort.emplace_back(1); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_lookup_type.emplace_back(0); q_aux.emplace_back(0); } @@ -1055,7 +1053,6 @@ void UltraCircuitBuilder_::create_sort_constraint_with_edges(const std::vect q_4.emplace_back(0); q_sort.emplace_back(1); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_lookup_type.emplace_back(0); q_aux.emplace_back(0); } @@ -1076,7 +1073,6 @@ void UltraCircuitBuilder_::create_sort_constraint_with_edges(const std::vect q_4.emplace_back(0); q_sort.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_lookup_type.emplace_back(0); q_aux.emplace_back(0); } @@ -1184,7 +1180,6 @@ template void UltraCircuitBuilder_::apply_aux_selectors(const q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); switch (type) { case AUX_SELECTORS::LIMB_ACCUMULATE_1: { q_1.emplace_back(0); @@ -1850,7 +1845,6 @@ std::array UltraCircuitBuilder_::evaluate_non_native_field_addi q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); } @@ -1972,7 +1966,6 @@ std::array UltraCircuitBuilder_::evaluate_non_native_field_subt q_sort.emplace_back(0); q_lookup_type.emplace_back(0); q_elliptic.emplace_back(0); - q_elliptic_double.emplace_back(0); q_aux.emplace_back(0); } @@ -2847,8 +2840,7 @@ inline FF UltraCircuitBuilder_::compute_genperm_sort_identity(FF q_sort_valu template inline FF UltraCircuitBuilder_::compute_elliptic_identity(FF q_elliptic_value, FF q_1_value, - FF q_3_value, - FF q_4_value, + FF q_m_value, FF w_2_value, FF w_3_value, FF w_1_shifted_value, @@ -2858,45 +2850,43 @@ inline FF UltraCircuitBuilder_::compute_elliptic_identity(FF q_elliptic_valu FF alpha_base, FF alpha) const { - // TODO(kesha): Can this be implemented more efficiently? - // It seems that Zac wanted to group the elements by selectors to use several linear terms initially, - // but in the end we are using one, so there is no reason why we can't optimize computation in another way const FF x_1 = w_2_value; const FF y_1 = w_3_value; const FF x_2 = w_1_shifted_value; const FF y_2 = w_4_shifted_value; const FF x_3 = w_2_shifted_value; const FF y_3 = w_3_shifted_value; - const FF q_beta = q_3_value; - const FF q_beta_sqr = q_4_value; const FF q_sign = q_1_value; + const FF q_is_double = q_m_value; + constexpr FF curve_b = CircuitBuilderBase>::EmbeddedCurve::Group::curve_b; + static_assert(CircuitBuilderBase>::EmbeddedCurve::Group::curve_a == 0); - FF beta_term = -x_2 * x_1 * (x_3 + x_3 + x_1); // -x_1 * x_2 * (2 * x_3 + x_1) - FF beta_sqr_term = x_2.sqr(); // x_2^2 - FF leftovers = beta_sqr_term; // x_2^2 - beta_sqr_term *= (x_3 - x_1); // x_2^2 * (x_3 - x_1) - FF sign_term = y_2 * y_1; // y_1 * y_2 - sign_term += sign_term; // 2 * y_1 * y_2 - beta_term *= q_beta; // -β * x_1 * x_2 * (2 * x_3 + x_1) - beta_sqr_term *= q_beta_sqr; // β^2 * x_2^2 * (x_3 - x_1) - sign_term *= q_sign; // 2 * y_1 * y_2 * sign - leftovers *= x_2; // x_2^3 - leftovers += x_1.sqr() * (x_3 + x_1); // x_2^3 + x_1 * (x_3 + x_1) - leftovers -= (y_2.sqr() + y_1.sqr()); // x_2^3 + x_1 * (x_3 + x_1) - y_2^2 - y_1^2 - - // Can be found in class description - FF x_identity = beta_term + beta_sqr_term + sign_term + leftovers; - x_identity *= alpha_base; - - beta_term = x_2 * (y_3 + y_1) * q_beta; // β * x_2 * (y_3 + y_1) - sign_term = -y_2 * (x_1 - x_3) * q_sign; // - signt * y_2 * (x_1 - x_3) - // TODO: remove extra additions if we decide to stay with this implementation - leftovers = -x_1 * (y_3 + y_1) + y_1 * (x_1 - x_3); // -x_1 * y_3 - x_1 * y_1 + y_1 * x_1 - y_1 * x_3 - - FF y_identity = beta_term + sign_term + leftovers; - y_identity *= alpha_base * alpha; - - return q_elliptic_value * (x_identity + y_identity); + FF x_diff = x_2 - x_1; + FF y1_sqr = y_1.sqr(); + FF y2_sqr = y_2.sqr(); + FF y1y2 = y_1 * y_2 * q_sign; + FF x_relation_add = (x_3 + x_2 + x_1) * x_diff.sqr() - y1_sqr - y2_sqr + y1y2 + y1y2; + FF y_relation_add = (y_3 + y_1) * x_diff + (x_3 - x_1) * (y_2 * q_sign - y_1); + + x_relation_add *= (-q_is_double + 1) * alpha_base * alpha; + y_relation_add *= (-q_is_double + 1) * alpha_base * alpha; + + // x-coordinate relation + // (x3 + 2x1)(4y^2) - (9x^4) = 0 + // This is degree 4...but + // we can use x^3 = y^2 - b + // (x3 + 2x1)(4y ^ 2) - (9x(y ^ 2 - b)) is degree 3 + const FF x_pow_4 = (y_1 * y_1 - curve_b) * x_1; + FF x_relation_double = (x_3 + x_1 + x_1) * (y_1 + y_1) * (y_1 + y_1) - x_pow_4 * FF(9); + + // Y relation: (x1 - x3)(3x^2) - (2y1)(y1 + y3) = 0 + const FF x_pow_2 = (x_1 * x_1); + FF y_relation_double = x_pow_2 * (x_1 - x_3) * 3 - (y_1 + y_1) * (y_1 + y_3); + + x_relation_double *= q_is_double * alpha_base; + y_relation_double *= q_is_double * alpha_base * alpha; + + return q_elliptic_value * (x_relation_add + y_relation_add + x_relation_double + y_relation_double); } /** @@ -3195,50 +3185,6 @@ inline FF UltraCircuitBuilder_::compute_auxilary_identity(FF q_aux_value, return auxiliary_identity; } -/** - * @brief Compute a single general permutation sorting identity - * - * @param w_1_value - * @param w_2_value - * @param w_3_value - * @param w_4_value - * @param w_1_shifted_value - * @param alpha_base - * @param alpha - * @return fr - */ -template -inline FF UltraCircuitBuilder_::compute_elliptic_double_identity(FF q_elliptic_double_value, - FF w_2_value, - FF w_3_value, - FF w_2_shifted_value, - FF w_3_shifted_value, - FF alpha_base, - FF alpha) const -{ - constexpr FF curve_b = CircuitBuilderBase>::EmbeddedCurve::Group::curve_b; - static_assert(CircuitBuilderBase>::EmbeddedCurve::Group::curve_a == 0); - const auto x1 = w_2_value; - const auto y1 = w_3_value; - const auto x3 = w_2_shifted_value; - const auto y3 = w_3_shifted_value; - - // x-coordinate relation - // (x3 + 2x1)(4y^2) - (9x^4) = 0 - // This is degree 4...but - // we can use x^3 = y^2 - b - // hon hon hon - // (x3 + 2x1)(4y^2) - (9x(y^2 - b)) is degree 3 - const FF x_pow_4 = (y1 * y1 - curve_b) * x1; - const FF x_relation = (x3 + x1 + x1) * (y1 + y1) * (y1 + y1) - x_pow_4 * FF(9); - - // Y relation: (x1 - x3)(3x^2) - (2y1)(y1 + y3) = 0 - const FF x_pow_2 = (x1 * x1); - const FF y_relation = x_pow_2 * (x1 - x3) * 3 - (y1 + y1) * (y1 + y3); - - return q_elliptic_double_value * alpha_base * (x_relation + y_relation * alpha); -} - /** * @brief Check that the circuit is correct in its current state * @@ -3261,7 +3207,6 @@ template bool UltraCircuitBuilder_::check_circuit() const FF elliptic_base = FF::random_element(); const FF genperm_sort_base = FF::random_element(); const FF auxillary_base = FF::random_element(); - const FF elliptic_double_base = FF::random_element(); const FF alpha = FF::random_element(); const FF eta = FF::random_element(); @@ -3342,7 +3287,6 @@ template bool UltraCircuitBuilder_::check_circuit() FF q_elliptic_value; FF q_sort_value; FF q_lookup_type_value; - FF q_elliptic_double_value; FF q_1_value; FF q_2_value; FF q_3_value; @@ -3360,7 +3304,6 @@ template bool UltraCircuitBuilder_::check_circuit() q_elliptic_value = q_elliptic[i]; q_sort_value = q_sort[i]; q_lookup_type_value = q_lookup_type[i]; - q_elliptic_double_value = q_elliptic_double[i]; q_1_value = q_1[i]; q_2_value = q_2[i]; q_3_value = q_3[i]; @@ -3460,8 +3403,7 @@ template bool UltraCircuitBuilder_::check_circuit() } if (!compute_elliptic_identity(q_elliptic_value, q_1_value, - q_3_value, - q_4_value, + q_m_value, w_2_value, w_3_value, w_1_shifted_value, @@ -3500,20 +3442,6 @@ template bool UltraCircuitBuilder_::check_circuit() break; } } - if (!compute_elliptic_double_identity(q_elliptic_double_value, - w_2_value, - w_3_value, - w_2_shifted_value, - w_3_shifted_value, - elliptic_double_base, - alpha) - .is_zero()) { -#ifndef FUZZING - info("Elliptic doubling identity fails at gate ", i); -#endif - result = false; - break; - } } if (left_tag_product != right_tag_product) { #ifndef FUZZING diff --git a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp index 0b6f64e3bf7..f97b281b6cc 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp @@ -214,10 +214,8 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBase ultra_selector_names() { - std::vector result{ - "q_m", "q_c", "q_1", "q_2", "q_3", "q_4", - "q_arith", "q_sort", "q_elliptic", "q_aux", "table_type", "q_elliptic_double" - }; + std::vector result{ "q_m", "q_c", "q_1", "q_2", "q_3", "q_4", + "q_arith", "q_sort", "q_elliptic", "q_aux", "table_type" }; return result; } struct non_native_field_multiplication_cross_terms { @@ -266,7 +264,6 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBase tau; @@ -319,7 +316,6 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBase class UltraCircuitBuilder_ : public CircuitBuilderBaseq_elliptic.resize(num_gates); builder->q_aux.resize(num_gates); builder->q_lookup_type.resize(num_gates); - builder->q_elliptic_double.resize(num_gates); } /** * @brief Checks that the circuit state is the same as the stored circuit's one @@ -496,9 +491,6 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBase class UltraCircuitBuilder_ : public CircuitBuilderBaseselectors.q_elliptic; SelectorVector& q_aux = this->selectors.q_aux; SelectorVector& q_lookup_type = this->selectors.q_lookup_type; - SelectorVector& q_elliptic_double = this->selectors.q_elliptic_double; // These are variables that we have used a gate on, to enforce that they are // equal to a defined value. @@ -1028,8 +1019,7 @@ template class UltraCircuitBuilder_ : public CircuitBuilderBase class UltraCircuitBuilder_ : public CircuitBuilderBase class ECCVMTranscriptRelationBase { const RelationParameters& /*unused*/, const FF& /*unused*/); - // TODO(@zac-williamson) find more generic way of doing this? + // TODO(@zac-williamson #2609 find more generic way of doing this) static constexpr FF get_curve_b() { if constexpr (FF::modulus == barretenberg::fq::modulus) { diff --git a/barretenberg/cpp/src/barretenberg/proof_system/relations/elliptic_relation.hpp b/barretenberg/cpp/src/barretenberg/proof_system/relations/elliptic_relation.hpp index 511f7f37a23..c7e9e9fc5c6 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/relations/elliptic_relation.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/relations/elliptic_relation.hpp @@ -1,4 +1,7 @@ #pragma once +#include "barretenberg/ecc/curves/bn254/bn254.hpp" +#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" + #include "relation_parameters.hpp" #include "relation_types.hpp" @@ -12,10 +15,22 @@ template class EllipticRelationImpl { static constexpr size_t RELATION_LENGTH = 6; // degree(q_elliptic * q_beta * x^3) = 5 static constexpr size_t LEN_1 = 6; // x-coordinate sub-relation - static constexpr size_t LEN_2 = 5; // y-coordinate sub-relation + static constexpr size_t LEN_2 = 6; // y-coordinate sub-relation template