get rid of a separate flavor, will just delete zm from the contract, …

…something still makes proof not verify
AztecProtocol · Sep 20, 2024 · a40cba3 · a40cba3
1 parent 8024311
commit a40cba3
Show file tree

Hide file tree

Showing 28 changed files with 63 additions and 116 deletions.
diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp
@@ -213,7 +213,7 @@ template <typename Curve> class GeminiVerifier_ {
     {
         std::vector<Fr> gemini_evaluations;
         gemini_evaluations.reserve(log_circuit_size);
-        for (size_t i = 0; i < log_circuit_size; ++i) {
+        for (size_t i = 1; i <= log_circuit_size; ++i) {
             const Fr evaluation = transcript->template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
             gemini_evaluations.emplace_back(evaluation);
         }

diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp
@@ -336,7 +336,7 @@ TEST_F(IPATest, ShpleminiIPAWithShift)
 
     auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);
 
-    const auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(log_n,
+    const auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(n,
                                                                                     RefVector(unshifted_commitments),
                                                                                     RefVector(shifted_commitments),
                                                                                     RefVector(multilinear_evaluations),

diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp
@@ -193,14 +193,14 @@ TYPED_TEST(KZGTest, ShpleminiKzgWithShift)
 
     // Gemini verifier output:
     // - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1
-    const auto batch_opening_claim = ShpleminiVerifier::verify(log_n,
-                                                               RefVector(unshifted_commitments),
-                                                               RefVector(shifted_commitments),
-                                                               RefVector(multilinear_evaluations),
-                                                               mle_opening_point,
-                                                               this->vk()->get_g1_identity(),
-                                                               verifier_transcript);
-    const auto pairing_points = KZG::reduce_verify(batch_opening_claim, verifier_transcript);
+    const auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(n,
+                                                                                    RefVector(unshifted_commitments),
+                                                                                    RefVector(shifted_commitments),
+                                                                                    RefVector(multilinear_evaluations),
+                                                                                    mle_opening_point,
+                                                                                    this->vk()->get_g1_identity(),
+                                                                                    verifier_transcript);
+    const auto pairing_points = KZG::reduce_verify_batch_opening_claim(batch_opening_claim, verifier_transcript);
     // Final pairing check: e([Q] - [Q_z] + z[W], [1]_2) = e([W], [x]_2)
 
     EXPECT_EQ(this->vk()->pairing_check(pairing_points[0], pairing_points[1]), true);

diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp
@@ -104,52 +104,24 @@ template <typename Curve> class ShpleminiVerifier_ {
 
   public:
     template <typename Transcript>
-    static OpeningClaim<Curve> verify(const Fr circuit_size,
-                                      RefSpan<Commitment> unshifted_commitments,
-                                      RefSpan<Commitment> shifted_commitments,
-                                      RefSpan<Fr> claimed_evaluations,
-                                      const std::vector<Fr>& multivariate_challenge,
-                                      const Commitment& g1_identity,
-                                      std::shared_ptr<Transcript>& transcript)
-    {
-        Fr log_N = numeric::get_msb(static_cast<uint32_t>(circuit_size));
-
-        BatchOpeningClaim<Curve> batch_opening_claim = compute_batch_opening_claim(log_N,
-                                                                                   unshifted_commitments,
-                                                                                   shifted_commitments,
-                                                                                   claimed_evaluations,
-                                                                                   multivariate_challenge,
-                                                                                   g1_identity,
-                                                                                   transcript);
-
-        GroupElement commitment;
-        if constexpr (Curve::is_stdlib_type) {
-            commitment = GroupElement::batch_mul(batch_opening_claim.commitments,
-                                                 batch_opening_claim.scalars,
-                                                 /*max_num_bits=*/0,
-                                                 /*with_edgecases=*/true);
-        } else {
-            commitment = batch_mul_native(batch_opening_claim.commitments, batch_opening_claim.scalars);
-        }
-
-        return { { batch_opening_claim.evaluation_point, Fr(0) }, commitment };
-    }
-    template <typename Transcript>
-    static BatchOpeningClaim<Curve> compute_batch_opening_claim(const Fr log_N,
+    static BatchOpeningClaim<Curve> compute_batch_opening_claim(const Fr N,
                                                                 RefSpan<Commitment> unshifted_commitments,
                                                                 RefSpan<Commitment> shifted_commitments,
                                                                 RefSpan<Fr> claimed_evaluations,
                                                                 const std::vector<Fr>& multivariate_challenge,
                                                                 const Commitment& g1_identity,
                                                                 std::shared_ptr<Transcript>& transcript)
     {
+
         // Extract log_circuit_size
         size_t log_circuit_size{ 0 };
+        info(N);
         if constexpr (Curve::is_stdlib_type) {
-            log_circuit_size = static_cast<uint32_t>(log_N.get_value());
+            log_circuit_size = numeric::get_msb(static_cast<uint32_t>(N.get_value()));
         } else {
-            log_circuit_size = static_cast<uint32_t>(log_N);
+            log_circuit_size = numeric::get_msb(static_cast<uint32_t>(N));
         }
+        info(log_circuit_size);
 
         // Get the challenge ρ to batch commitments to multilinear polynomials and their shifts
         const Fr multivariate_batching_challenge = transcript->template get_challenge<Fr>("rho");
@@ -381,11 +353,4 @@ template <typename Curve> class ShpleminiVerifier_ {
     }
 };
 
-// TODO: temporary hack
-template <typename Curve> class Shplemini_ {
-  public:
-    using Prover = ShpleminiProver_<Curve>;
-    using Verifier = ShpleminiVerifier_<Curve>;
-};
-
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp
@@ -165,16 +165,16 @@ TYPED_TEST(ShpleminiTest, CorrectnessOfGeminiClaimBatching)
     // - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1
     // - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1
     auto fold_polynomials = GeminiProver::compute_fold_polynomials(
-        mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted));
+        log_n, mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted));
 
     std::vector<Commitment> prover_commitments;
     for (size_t l = 0; l < log_n - 1; ++l) {
         auto commitment = this->ck()->commit(fold_polynomials[l + 2]);
         prover_commitments.emplace_back(commitment);
     }
 
-    const auto opening_claims = GeminiProver::compute_fold_polynomial_evaluations(
-        mle_opening_point, std::move(fold_polynomials), gemini_eval_challenge);
+    const auto opening_claims =
+        GeminiProver::compute_fold_polynomial_evaluations(log_n, std::move(fold_polynomials), gemini_eval_challenge);
 
     std::vector<Fr> prover_evaluations;
     for (size_t l = 0; l < log_n; ++l) {

diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp
@@ -805,11 +805,4 @@ template <typename Curve> class ZeroMorphVerifier_ {
     }
 };
 
-// This is temporary
-template <typename Curve> class ZeroMorph_ {
-  public:
-    using Prover = ZeroMorphProver_<Curve>;
-    using Verifier = ZeroMorphVerifier_<Curve>;
-};
-
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp
@@ -128,7 +128,7 @@ TEST(ShpleminiRecursionTest, ProveAndVerifySingle)
     std::vector<Fr> u_challenge_in_circuit = elements_to_witness(u_challenge);
 
     [[maybe_unused]] auto opening_claim =
-        ShpleminiVerifier::compute_batch_opening_claim(Fr::from_witness(&builder, log_circuit_size),
+        ShpleminiVerifier::compute_batch_opening_claim(Fr::from_witness(&builder, circuit_size),
                                                        RefVector(stdlib_f_commitments),
                                                        RefVector(stdlib_g_commitments),
                                                        RefVector(stdlib_claimed_evaluations),

diff --git a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.cpp b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.cpp
@@ -4,7 +4,6 @@
 #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp"
-#include "barretenberg/stdlib_circuit_builders/ultra_keccak_with_gemini_flavor.hpp"
 namespace bb {
 
 template <class Flavor>
@@ -150,7 +149,6 @@ void ExecutionTrace_<Flavor>::add_ecc_op_wires_to_proving_key(Builder& builder,
 
 template class ExecutionTrace_<UltraFlavor>;
 template class ExecutionTrace_<UltraKeccakFlavor>;
-template class ExecutionTrace_<UltraKeccakWithGeminiFlavor>;
 template class ExecutionTrace_<MegaFlavor>;
 template class ExecutionTrace_<plonk::flavor::Standard>;
 template class ExecutionTrace_<plonk::flavor::Ultra>;

diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp
@@ -328,7 +328,6 @@ class UltraFlavor;
 class UltraFlavorWithZK;
 class ECCVMFlavor;
 class UltraKeccakFlavor;
-class UltraKeccakWithGeminiFlavor;
 class MegaFlavor;
 class TranslatorFlavor;
 class AvmFlavor;
@@ -359,16 +358,16 @@ template <typename T>
 concept IsPlonkFlavor = IsAnyOf<T, plonk::flavor::Standard, plonk::flavor::Ultra>;
 
 template <typename T>
-concept IsUltraPlonkFlavor = IsAnyOf<T, plonk::flavor::Ultra, UltraKeccakFlavor, UltraKeccakWithGeminiFlavor>;
+concept IsUltraPlonkFlavor = IsAnyOf<T, plonk::flavor::Ultra, UltraKeccakFlavor>;
 
 template <typename T>
-concept IsUltraPlonkOrHonk = IsAnyOf<T, plonk::flavor::Ultra, UltraFlavor, UltraKeccakFlavor, UltraKeccakWithGeminiFlavor, UltraFlavorWithZK, MegaFlavor>;
+concept IsUltraPlonkOrHonk = IsAnyOf<T, plonk::flavor::Ultra, UltraFlavor, UltraKeccakFlavor, UltraFlavorWithZK, MegaFlavor>;
 
 template <typename T>
-concept IsHonkFlavor = IsAnyOf<T, UltraFlavor, UltraKeccakFlavor,UltraKeccakWithGeminiFlavor, UltraFlavorWithZK, MegaFlavor>;
+concept IsHonkFlavor = IsAnyOf<T, UltraFlavor, UltraKeccakFlavor, UltraFlavorWithZK, MegaFlavor>;
 
 template <typename T>
-concept IsUltraFlavor = IsAnyOf<T, UltraFlavor, UltraKeccakFlavor, UltraFlavorWithZK, UltraKeccakWithGeminiFlavor,MegaFlavor>;
+concept IsUltraFlavor = IsAnyOf<T, UltraFlavor, UltraKeccakFlavor, UltraFlavorWithZK,MegaFlavor>;
 
 template <typename T>
 concept IsGoblinFlavor = IsAnyOf<T, MegaFlavor,
@@ -396,7 +395,6 @@ template <typename T> concept IsGrumpkinFlavor = IsAnyOf<T, ECCVMFlavor>;
 template <typename T> concept IsFoldingFlavor = IsAnyOf<T, UltraFlavor,
                                                            // Note(md): must be here to use oink prover
                                                            UltraKeccakFlavor,
-UltraKeccakWithGeminiFlavor,
                                                            UltraFlavorWithZK,
                                                            MegaFlavor,
                                                            UltraRecursiveFlavor_<UltraCircuitBuilder>,

diff --git a/...etenberg/cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp b/...etenberg/cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp
@@ -13,7 +13,6 @@ namespace bb {
 class StandardFlavor;
 class UltraFlavor;
 class UltraKeccakFlavor;
-class UltraKeccakWithGeminiFlavor;
 
 class Bn254FrParams;
 class Bn254FqParams;

diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp
@@ -32,7 +32,6 @@ class MegaFlavor {
     using FF = Curve::ScalarField;
     using GroupElement = Curve::Element;
     using Commitment = Curve::AffineElement;
-    using BatchedMultilinearEvaluationScheme = ZeroMorph_<Curve>;
     using PCS = KZG<Curve>;
     using Polynomial = bb::Polynomial<FF>;
     using CommitmentKey = bb::CommitmentKey<Curve>;

diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp
@@ -31,7 +31,6 @@ class UltraFlavor {
     using FF = Curve::ScalarField;
     using GroupElement = Curve::Element;
     using Commitment = Curve::AffineElement;
-    using BatchedMultilinearEvaluationScheme = ZeroMorph_<Curve>;
     using PCS = KZG<Curve>;
     using Polynomial = bb::Polynomial<FF>;
     using CommitmentKey = bb::CommitmentKey<Curve>;

diff --git a/...etenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_with_gemini_flavor.hpp b/...etenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak_with_gemini_flavor.hpp
diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp
@@ -1,6 +1,6 @@
 #pragma once
 // #define LOG_CHALLENGES
-// #define LOG_INTERACTIONS
+#define LOG_INTERACTIONS
 
 #include "barretenberg/common/debug_log.hpp"
 #include "barretenberg/ecc/curves/bn254/fr.hpp"

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp
@@ -47,14 +47,16 @@ template <IsUltraFlavor Flavor> void DeciderProver_<Flavor>::execute_relation_ch
  * */
 template <IsUltraFlavor Flavor> void DeciderProver_<Flavor>::execute_pcs_rounds()
 {
-    using Prover = Flavor::BatchedMultilinearEvaluationScheme::Prover;
-    auto prover_opening_claim = Prover::prove(proving_key->proving_key.circuit_size,
-                                              proving_key->proving_key.polynomials.get_unshifted(),
-                                              proving_key->proving_key.polynomials.get_to_be_shifted(),
-                                              sumcheck_output.claimed_evaluations.get_all(),
-                                              sumcheck_output.challenge,
-                                              commitment_key,
-                                              transcript);
+    using BatchedMultivariateOpeningScheme =
+        std::conditional_t<IsAnyOf<Flavor, UltraKeccakFlavor>, ShpleminiProver_<Curve>, ZeroMorphProver_<Curve>>;
+    auto prover_opening_claim =
+        BatchedMultivariateOpeningScheme::prove(proving_key->proving_key.circuit_size,
+                                                proving_key->proving_key.polynomials.get_unshifted(),
+                                                proving_key->proving_key.polynomials.get_to_be_shifted(),
+                                                sumcheck_output.claimed_evaluations.get_all(),
+                                                sumcheck_output.challenge,
+                                                commitment_key,
+                                                transcript);
     PCS::compute_opening_proof(commitment_key, prover_opening_claim, transcript);
 }
 
@@ -80,7 +82,6 @@ template <IsUltraFlavor Flavor> HonkProof DeciderProver_<Flavor>::construct_proo
 
 template class DeciderProver_<UltraFlavor>;
 template class DeciderProver_<UltraKeccakFlavor>;
-template class DeciderProver_<UltraKeccakWithGeminiFlavor>;
 template class DeciderProver_<MegaFlavor>;
 
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp
@@ -1,10 +1,10 @@
 #pragma once
+#include "barretenberg/commitment_schemes/shplonk/shplemini.hpp"
 #include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp"
 #include "barretenberg/honk/proof_system/types/proof.hpp"
 #include "barretenberg/relations/relation_parameters.hpp"
 #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp"
-#include "barretenberg/stdlib_circuit_builders/ultra_keccak_with_gemini_flavor.hpp"
 #include "barretenberg/sumcheck/sumcheck_output.hpp"
 #include "barretenberg/transcript/transcript.hpp"
 #include "barretenberg/ultra_honk/decider_proving_key.hpp"

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.cpp
@@ -82,7 +82,6 @@ void DeciderProvingKey_<Flavor>::construct_databus_polynomials(Circuit& circuit)
 
 template class DeciderProvingKey_<UltraFlavor>;
 template class DeciderProvingKey_<UltraKeccakFlavor>;
-template class DeciderProvingKey_<UltraKeccakWithGeminiFlavor>;
 template class DeciderProvingKey_<MegaFlavor>;
 
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp
@@ -9,7 +9,6 @@
 #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_keccak_flavor.hpp"
-#include "barretenberg/stdlib_circuit_builders/ultra_keccak_with_gemini_flavor.hpp"
 
 namespace bb {
 /**

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp
@@ -36,8 +36,10 @@ template <typename Flavor> bool DeciderVerifier_<Flavor>::verify_proof(const Dec
 template <typename Flavor> bool DeciderVerifier_<Flavor>::verify()
 {
     using PCS = typename Flavor::PCS;
-    // using Curve = typename Flavor::Curve;
-    using Verifier = Flavor::BatchedMultilinearEvaluationScheme::Verifier;
+    using Curve = typename Flavor::Curve;
+    using GroupElement = typename Curve::Element;
+    using ZeroMorph = ZeroMorphVerifier_<Curve>;
+    using Shplemini = ShpleminiVerifier_<Curve>;
     using VerifierCommitments = typename Flavor::VerifierCommitments;
 
     VerifierCommitments commitments{ accumulator->verification_key, accumulator->witness_commitments };
@@ -54,16 +56,29 @@ template <typename Flavor> bool DeciderVerifier_<Flavor>::verify()
         return false;
     }
 
+    std::array<GroupElement, 2> pairing_points;
+    if constexpr (bb::IsAnyOf<Flavor, UltraKeccakFlavor>) {
+        auto opening_claim = Shplemini::compute_batch_opening_claim(accumulator->verification_key->circuit_size,
+                                                                    commitments.get_unshifted(),
+                                                                    commitments.get_shifted(),
+                                                                    claimed_evaluations.get_all(),
+                                                                    multivariate_challenge,
+                                                                    Commitment::one(),
+                                                                    transcript);
+        pairing_points = PCS::reduce_verify_batch_opening_claim(opening_claim, transcript);
+
+    } else {
+        auto opening_claim = ZeroMorph::verify(accumulator->verification_key->circuit_size,
+                                               commitments.get_unshifted(),
+                                               commitments.get_to_be_shifted(),
+                                               claimed_evaluations.get_all(),
+                                               multivariate_challenge,
+                                               Commitment::one(),
+                                               transcript);
+        pairing_points = PCS::reduce_verify(opening_claim, transcript);
+    }
     // Execute ZeroMorph rounds. See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the
     // unrolled protocol.
-    auto opening_claim = Verifier::verify(accumulator->verification_key->circuit_size,
-                                          commitments.get_unshifted(),
-                                          commitments.get_to_be_shifted(),
-                                          claimed_evaluations.get_all(),
-                                          multivariate_challenge,
-                                          Commitment::one(),
-                                          transcript);
-    auto pairing_points = PCS::reduce_verify(opening_claim, transcript);
 
     auto verified = pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]);
 
@@ -72,7 +87,6 @@ template <typename Flavor> bool DeciderVerifier_<Flavor>::verify()
 
 template class DeciderVerifier_<UltraFlavor>;
 template class DeciderVerifier_<UltraKeccakFlavor>;
-template class DeciderVerifier_<UltraKeccakWithGeminiFlavor>;
 template class DeciderVerifier_<MegaFlavor>;
 
 } // namespace bb