refactor: the origins of the oink

barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp

@@ -45,11 +45,11 @@ BB_PROFILE static void test_round_inner(State& state, GoblinUltraProver& prover,
         }
     };
 
-    time_if_index(PREAMBLE, [&] { prover.execute_preamble_round(); });
-    time_if_index(WIRE_COMMITMENTS, [&] { prover.execute_wire_commitments_round(); });
-    time_if_index(SORTED_LIST_ACCUMULATOR, [&] { prover.execute_sorted_list_accumulator_round(); });
-    time_if_index(LOG_DERIVATIVE_INVERSE, [&] { prover.execute_log_derivative_inverse_round(); });
-    time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { prover.execute_grand_product_computation_round(); });
+    time_if_index(PREAMBLE, [&] { prover.oink_prover.execute_preamble_round(); });
+    time_if_index(WIRE_COMMITMENTS, [&] { prover.oink_prover.execute_wire_commitments_round(); });
+    time_if_index(SORTED_LIST_ACCUMULATOR, [&] { prover.oink_prover.execute_sorted_list_accumulator_round(); });
+    time_if_index(LOG_DERIVATIVE_INVERSE, [&] { prover.oink_prover.execute_log_derivative_inverse_round(); });
+    time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { prover.oink_prover.execute_grand_product_computation_round(); });
     time_if_index(RELATION_CHECK, [&] { prover.execute_relation_check_rounds(); });
     time_if_index(ZEROMORPH, [&] { prover.execute_zeromorph_rounds(); });
 }
@@ -62,7 +62,10 @@ BB_PROFILE static void test_round(State& state, size_t index) noexcept
     auto prover = bb::mock_proofs::get_prover<GoblinUltraProver>(
         &bb::mock_proofs::generate_basic_arithmetic_circuit<GoblinUltraCircuitBuilder>, log2_num_gates);
     for (auto _ : state) {
+        state.PauseTiming();
         test_round_inner(state, prover, index);
+        state.ResumeTiming();
+        // NOTE: google bench is very finnicky, must end in ResumeTiming() for correctness
     }
 }
 #define ROUND_BENCHMARK(round)                                                                                         \

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp

@@ -1,93 +1,26 @@
 #include "protogalaxy_prover.hpp"
 #include "barretenberg/flavor/flavor.hpp"
+#include "barretenberg/ultra_honk/oink_prover.hpp"
 namespace bb {
 template <class ProverInstances>
 void ProtoGalaxyProver_<ProverInstances>::finalise_and_send_instance(std::shared_ptr<Instance> instance,
                                                                      const std::string& domain_separator)
 {
-    instance->initialize_prover_polynomials();
+    OinkProver<Flavor> oink_prover(instance, instance->proving_key->commitment_key, transcript, domain_separator + '_');
+    // Add circuit size public input size and public inputs to transcript->
+    oink_prover.execute_preamble_round();
 
-    const auto instance_size = static_cast<uint32_t>(instance->proving_key->circuit_size);
-    const auto num_public_inputs = static_cast<uint32_t>(instance->proving_key->num_public_inputs);
-    transcript->send_to_verifier(domain_separator + "_instance_size", instance_size);
-    transcript->send_to_verifier(domain_separator + "_public_input_size", num_public_inputs);
+    // Compute first three wire commitments
+    oink_prover.execute_wire_commitments_round();
 
-    for (size_t i = 0; i < instance->proving_key->public_inputs.size(); ++i) {
-        auto public_input_i = instance->proving_key->public_inputs[i];
-        transcript->send_to_verifier(domain_separator + "_public_input_" + std::to_string(i), public_input_i);
-    }
-    transcript->send_to_verifier(domain_separator + "_pub_inputs_offset",
-                                 static_cast<uint32_t>(instance->proving_key->pub_inputs_offset));
-
-    auto& witness_commitments = instance->witness_commitments;
-
-    // Commit to the first three wire polynomials of the instance
-    // We only commit to the fourth wire polynomial after adding memory recordss
-    witness_commitments.w_l = commitment_key->commit(instance->proving_key->w_l);
-    witness_commitments.w_r = commitment_key->commit(instance->proving_key->w_r);
-    witness_commitments.w_o = commitment_key->commit(instance->proving_key->w_o);
-
-    auto wire_comms = witness_commitments.get_wires();
-    auto commitment_labels = instance->commitment_labels;
-    auto wire_labels = commitment_labels.get_wires();
-    for (size_t idx = 0; idx < 3; ++idx) {
-        transcript->send_to_verifier(domain_separator + "_" + wire_labels[idx], wire_comms[idx]);
-    }
-
-    if constexpr (IsGoblinFlavor<Flavor>) {
-        // Commit to Goblin ECC op wires
-        witness_commitments.ecc_op_wire_1 = commitment_key->commit(instance->proving_key->ecc_op_wire_1);
-        witness_commitments.ecc_op_wire_2 = commitment_key->commit(instance->proving_key->ecc_op_wire_2);
-        witness_commitments.ecc_op_wire_3 = commitment_key->commit(instance->proving_key->ecc_op_wire_3);
-        witness_commitments.ecc_op_wire_4 = commitment_key->commit(instance->proving_key->ecc_op_wire_4);
-
-        auto op_wire_comms = instance->witness_commitments.get_ecc_op_wires();
-        auto labels = commitment_labels.get_ecc_op_wires();
-        for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) {
-            transcript->send_to_verifier(domain_separator + "_" + labels[idx], op_wire_comms[idx]);
-        }
-        // Commit to DataBus columns
-        witness_commitments.calldata = commitment_key->commit(instance->proving_key->calldata);
-        witness_commitments.calldata_read_counts = commitment_key->commit(instance->proving_key->calldata_read_counts);
-        transcript->send_to_verifier(domain_separator + "_" + commitment_labels.calldata,
-                                     instance->witness_commitments.calldata);
-        transcript->send_to_verifier(domain_separator + "_" + commitment_labels.calldata_read_counts,
-                                     instance->witness_commitments.calldata_read_counts);
-    }
-
-    auto eta = transcript->template get_challenge<FF>(domain_separator + "_eta");
-    instance->compute_sorted_accumulator_polynomials(eta);
-
-    // Commit to the sorted witness-table accumulator and the finalized (i.e. with memory records) fourth wire
-    // polynomial
-    witness_commitments.sorted_accum = commitment_key->commit(instance->prover_polynomials.sorted_accum);
-    witness_commitments.w_4 = commitment_key->commit(instance->prover_polynomials.w_4);
-
-    transcript->send_to_verifier(domain_separator + "_" + commitment_labels.sorted_accum,
-                                 witness_commitments.sorted_accum);
-    transcript->send_to_verifier(domain_separator + "_" + commitment_labels.w_4, witness_commitments.w_4);
-
-    auto [beta, gamma] =
-        transcript->template get_challenges<FF>(domain_separator + "_beta", domain_separator + "_gamma");
-
-    if constexpr (IsGoblinFlavor<Flavor>) {
-        // Compute and commit to the logderivative inverse used in DataBus
-        instance->compute_logderivative_inverse(beta, gamma);
-        instance->witness_commitments.lookup_inverses =
-            commitment_key->commit(instance->prover_polynomials.lookup_inverses);
-        transcript->send_to_verifier(domain_separator + "_" + commitment_labels.lookup_inverses,
-                                     instance->witness_commitments.lookup_inverses);
-    }
-
-    instance->compute_grand_product_polynomials(beta, gamma);
+    // Compute sorted list accumulator and commitment
+    oink_prover.execute_sorted_list_accumulator_round();
 
-    witness_commitments.z_perm = commitment_key->commit(instance->prover_polynomials.z_perm);
-    witness_commitments.z_lookup = commitment_key->commit(instance->prover_polynomials.z_lookup);
+    // Fiat-Shamir: beta & gamma
+    oink_prover.execute_log_derivative_inverse_round();
 
-    transcript->send_to_verifier(domain_separator + "_" + commitment_labels.z_perm,
-                                 instance->witness_commitments.z_perm);
-    transcript->send_to_verifier(domain_separator + "_" + commitment_labels.z_lookup,
-                                 instance->witness_commitments.z_lookup);
+    // Compute grand product(s) and commitments.
+    oink_prover.execute_grand_product_computation_round();
     for (size_t idx = 0; idx < NUM_SUBRELATIONS - 1; idx++) {
         instance->alphas[idx] =
             transcript->template get_challenge<FF>(domain_separator + "_alpha_" + std::to_string(idx));

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp

@@ -8,21 +8,20 @@ void ProtoGalaxyVerifier_<VerifierInstances>::receive_and_finalise_instance(cons
 {
     // Get circuit parameters and the public inputs
     inst->verification_key->circuit_size =
-        transcript->template receive_from_prover<uint32_t>(domain_separator + "_instance_size");
+        transcript->template receive_from_prover<uint32_t>(domain_separator + "_circuit_size");
     inst->verification_key->log_circuit_size =
         static_cast<size_t>(numeric::get_msb(inst->verification_key->circuit_size));
     inst->verification_key->num_public_inputs =
         transcript->template receive_from_prover<uint32_t>(domain_separator + "_public_input_size");
+    inst->verification_key->pub_inputs_offset =
+        transcript->template receive_from_prover<uint32_t>(domain_separator + "_pub_inputs_offset");
     inst->verification_key->public_inputs.clear();
     for (size_t i = 0; i < inst->verification_key->num_public_inputs; ++i) {
         auto public_input_i =
             transcript->template receive_from_prover<FF>(domain_separator + "_public_input_" + std::to_string(i));
         inst->verification_key->public_inputs.emplace_back(public_input_i);
     }
 
-    inst->verification_key->pub_inputs_offset =
-        transcript->template receive_from_prover<uint32_t>(domain_separator + "_pub_inputs_offset");
-
     // Get commitments to first three wire polynomials
     auto labels = inst->commitment_labels;
     auto& witness_commitments = inst->witness_commitments;

barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/protogalaxy_recursive_verifier.cpp

@@ -9,23 +9,22 @@ void ProtoGalaxyRecursiveVerifier_<VerifierInstances>::receive_and_finalise_inst
     const std::shared_ptr<Instance>& inst, const std::string& domain_separator)
 {
     // Get circuit parameters and the public inputs
-    const auto instance_size = transcript->template receive_from_prover<FF>(domain_separator + "_instance_size");
+    const auto circuit_size = transcript->template receive_from_prover<FF>(domain_separator + "_circuit_size");
     const auto public_input_size =
         transcript->template receive_from_prover<FF>(domain_separator + "_public_input_size");
-    inst->verification_key->circuit_size = uint32_t(instance_size.get_value());
+    inst->verification_key->circuit_size = uint32_t(circuit_size.get_value());
     inst->verification_key->log_circuit_size =
         static_cast<size_t>(numeric::get_msb(inst->verification_key->circuit_size));
     inst->verification_key->num_public_inputs = uint32_t(public_input_size.get_value());
+    const auto pub_inputs_offset =
+        transcript->template receive_from_prover<FF>(domain_separator + "_pub_inputs_offset");
     inst->verification_key->public_inputs.clear();
     for (size_t i = 0; i < inst->verification_key->num_public_inputs; ++i) {
         auto public_input_i =
             transcript->template receive_from_prover<FF>(domain_separator + "_public_input_" + std::to_string(i));
         inst->verification_key->public_inputs.emplace_back(public_input_i);
     }
 
-    const auto pub_inputs_offset =
-        transcript->template receive_from_prover<FF>(domain_separator + "_pub_inputs_offset");
-
     inst->verification_key->pub_inputs_offset = uint32_t(pub_inputs_offset.get_value());
 
     // Get commitments to first three wire polynomials

barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp

@@ -34,8 +34,6 @@ template <class Flavor> class ProverInstance_ {
   public:
     std::shared_ptr<ProvingKey> proving_key;
     ProverPolynomials prover_polynomials;
-    WitnessCommitments witness_commitments;
-    CommitmentLabels commitment_labels;
 
     std::array<Polynomial, 4> sorted_polynomials;
 

barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp

@@ -0,0 +1,119 @@
+#include "barretenberg/ultra_honk/oink_prover.hpp"
+
+namespace bb {
+
+/**
+ * @brief Add circuit size, public input size, and public inputs to transcript
+ *
+ */
+template <IsUltraFlavor Flavor> void OinkProver<Flavor>::execute_preamble_round()
+{
+    const auto circuit_size = static_cast<uint32_t>(instance->proving_key->circuit_size);
+    const auto num_public_inputs = static_cast<uint32_t>(instance->proving_key->num_public_inputs);
+    transcript->send_to_verifier(domain_separator + "circuit_size", circuit_size);
+    transcript->send_to_verifier(domain_separator + "public_input_size", num_public_inputs);
+    transcript->send_to_verifier(domain_separator + "pub_inputs_offset",
+                                 static_cast<uint32_t>(instance->proving_key->pub_inputs_offset));
+
+    for (size_t i = 0; i < instance->proving_key->public_inputs.size(); ++i) {
+        auto public_input_i = instance->proving_key->public_inputs[i];
+        transcript->send_to_verifier(domain_separator + "public_input_" + std::to_string(i), public_input_i);
+    }
+}
+
+/**
+ * @brief Commit to the wire polynomials (part of the witness), with the exception of the fourth wire, which is
+ * only commited to after adding memory records. In the Goblin Flavor, we also commit to the ECC OP wires and the
+ * DataBus columns.
+ */
+template <IsUltraFlavor Flavor> void OinkProver<Flavor>::execute_wire_commitments_round()
+{
+    // Commit to the first three wire polynomials of the instance
+    // We only commit to the fourth wire polynomial after adding memory recordss
+    witness_commitments.w_l = commitment_key->commit(instance->proving_key->w_l);
+    witness_commitments.w_r = commitment_key->commit(instance->proving_key->w_r);
+    witness_commitments.w_o = commitment_key->commit(instance->proving_key->w_o);
+
+    auto wire_comms = witness_commitments.get_wires();
+    auto wire_labels = commitment_labels.get_wires();
+    for (size_t idx = 0; idx < 3; ++idx) {
+        transcript->send_to_verifier(domain_separator + wire_labels[idx], wire_comms[idx]);
+    }
+
+    if constexpr (IsGoblinFlavor<Flavor>) {
+        // Commit to Goblin ECC op wires
+        witness_commitments.ecc_op_wire_1 = commitment_key->commit(instance->proving_key->ecc_op_wire_1);
+        witness_commitments.ecc_op_wire_2 = commitment_key->commit(instance->proving_key->ecc_op_wire_2);
+        witness_commitments.ecc_op_wire_3 = commitment_key->commit(instance->proving_key->ecc_op_wire_3);
+        witness_commitments.ecc_op_wire_4 = commitment_key->commit(instance->proving_key->ecc_op_wire_4);
+
+        auto op_wire_comms = witness_commitments.get_ecc_op_wires();
+        auto labels = commitment_labels.get_ecc_op_wires();
+        for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) {
+            transcript->send_to_verifier(domain_separator + labels[idx], op_wire_comms[idx]);
+        }
+        // Commit to DataBus columns
+        witness_commitments.calldata = commitment_key->commit(instance->proving_key->calldata);
+        witness_commitments.calldata_read_counts = commitment_key->commit(instance->proving_key->calldata_read_counts);
+        transcript->send_to_verifier(domain_separator + commitment_labels.calldata, witness_commitments.calldata);
+        transcript->send_to_verifier(domain_separator + commitment_labels.calldata_read_counts,
+                                     witness_commitments.calldata_read_counts);
+    }
+}
+
+/**
+ * @brief Compute sorted witness-table accumulator and commit to the resulting polynomials.
+ *
+ */
+template <IsUltraFlavor Flavor> void OinkProver<Flavor>::execute_sorted_list_accumulator_round()
+{
+    auto eta = transcript->template get_challenge<FF>(domain_separator + "eta");
+    instance->compute_sorted_accumulator_polynomials(eta);
+
+    // Commit to the sorted witness-table accumulator and the finalized (i.e. with memory records) fourth wire
+    // polynomial
+    witness_commitments.sorted_accum = commitment_key->commit(instance->prover_polynomials.sorted_accum);
+    witness_commitments.w_4 = commitment_key->commit(instance->prover_polynomials.w_4);
+
+    transcript->send_to_verifier(domain_separator + commitment_labels.sorted_accum, witness_commitments.sorted_accum);
+    transcript->send_to_verifier(domain_separator + commitment_labels.w_4, witness_commitments.w_4);
+}
+
+/**
+ * @brief Compute log derivative inverse polynomial and its commitment, if required
+ *
+ */
+template <IsUltraFlavor Flavor> void OinkProver<Flavor>::execute_log_derivative_inverse_round()
+{
+    auto [beta, gamma] = transcript->template get_challenges<FF>(domain_separator + "beta", domain_separator + "gamma");
+    instance->relation_parameters.beta = beta;
+    instance->relation_parameters.gamma = gamma;
+    if constexpr (IsGoblinFlavor<Flavor>) {
+        // Compute and commit to the logderivative inverse used in DataBus
+        instance->compute_logderivative_inverse(beta, gamma);
+        witness_commitments.lookup_inverses = commitment_key->commit(instance->prover_polynomials.lookup_inverses);
+        transcript->send_to_verifier(domain_separator + commitment_labels.lookup_inverses,
+                                     witness_commitments.lookup_inverses);
+    }
+}
+
+/**
+ * @brief Compute permutation and lookup grand product polynomials and their commitments
+ *
+ */
+template <IsUltraFlavor Flavor> void OinkProver<Flavor>::execute_grand_product_computation_round()
+{
+    instance->compute_grand_product_polynomials(instance->relation_parameters.beta,
+                                                instance->relation_parameters.gamma);
+
+    witness_commitments.z_perm = commitment_key->commit(instance->prover_polynomials.z_perm);
+    witness_commitments.z_lookup = commitment_key->commit(instance->prover_polynomials.z_lookup);
+
+    transcript->send_to_verifier(domain_separator + commitment_labels.z_perm, witness_commitments.z_perm);
+    transcript->send_to_verifier(domain_separator + commitment_labels.z_lookup, witness_commitments.z_lookup);
+}
+
+template class OinkProver<UltraFlavor>;
+template class OinkProver<GoblinUltraFlavor>;
+
+} // namespace bb

barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp

@@ -0,0 +1,52 @@
+#pragma once
+#include <utility>
+
+#include "barretenberg/flavor/goblin_ultra.hpp"
+#include "barretenberg/flavor/ultra.hpp"
+#include "barretenberg/sumcheck/instance/prover_instance.hpp"
+#include "barretenberg/transcript/transcript.hpp"
+
+namespace bb {
+
+/**
+ * @brief Class for all the presumcheck rounds, which are shared between the folding prover and ultra prover.
+ * @details This class contains execute_preamble_round(), execute_wire_commitments_round(),
+ * execute_sorted_list_accumulator_round(), execute_log_derivative_inverse_round(), and
+ * execute_grand_product_computation_round().
+ *
+ * @tparam Flavor
+ */
+template <IsUltraFlavor Flavor> class OinkProver {
+    using CommitmentKey = typename Flavor::CommitmentKey;
+    using Instance = ProverInstance_<Flavor>;
+    using Transcript = typename Flavor::Transcript;
+    using FF = typename Flavor::FF;
+
+  public:
+    OinkProver(const std::shared_ptr<ProverInstance_<Flavor>>& inst,
+               const std::shared_ptr<typename Flavor::CommitmentKey>& commitment_key,
+               const std::shared_ptr<typename Flavor::Transcript>& transcript,
+               std::string domain_separator = "")
+        : instance(inst)
+        , transcript(transcript)
+        , commitment_key(commitment_key)
+        , domain_separator(std::move(domain_separator))
+        , commitment_labels()
+    {
+        instance->initialize_prover_polynomials();
+    }
+
+    void execute_preamble_round();
+    void execute_wire_commitments_round();
+    void execute_sorted_list_accumulator_round();
+    void execute_log_derivative_inverse_round();
+    void execute_grand_product_computation_round();
+
+    std::shared_ptr<Instance> instance;
+    std::shared_ptr<Transcript> transcript;
+    std::shared_ptr<CommitmentKey> commitment_key;
+    std::string domain_separator;
+    typename Flavor::WitnessCommitments witness_commitments;
+    typename Flavor::CommitmentLabels commitment_labels;
+};
+} // namespace bb