Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Recursive folding verifier and decider as ultra circuits and circuit simulator #6150

Merged
merged 80 commits into from
May 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
80 commits
Select commit Hold shift + click to select a range
3497303
feat: barretenberg PR migrate tool
ludamad Jul 25, 2023
c4d7963
Simulator
codygunton Jul 26, 2023
42878d0
Reinstate asserts.
codygunton Jul 26, 2023
4ea80be
Give up and skip test.
codygunton Jul 26, 2023
5aa32cf
Manually pick non-B. changes.
codygunton Jul 26, 2023
0fcabd8
Add one high generator.
codygunton Jul 26, 2023
ca674c3
Merge branch 'master' into cg/simulate-spike-bb-subrepo
codygunton Jul 26, 2023
daa37eb
Reset files I didn't touch
codygunton Jul 26, 2023
d818dfd
fix: merge and ci workarounds
ludamad Jul 26, 2023
c0790fe
Merge branch 'master' into cg/simulate-spike-bb-subrepo
ludamad Jul 27, 2023
2cb9f9d
Merge branch 'master' into cg/simulate-spike-bb-subrepo
ludamad Jul 27, 2023
b707765
Compare Pedersen benchmarks.
codygunton Aug 7, 2023
378b899
blake3s
codygunton Aug 8, 2023
c42b000
Ecdsa / secp256k1
codygunton Aug 8, 2023
6a2c226
Biggroup batch_mul
codygunton Aug 8, 2023
65a3997
Speed up biggroup batch mul.
codygunton Aug 8, 2023
19ed7b5
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
codygunton Aug 8, 2023
dfe4af6
Changes missed in merge commit.
codygunton Aug 8, 2023
7c67671
Try to satisfy GCC
codygunton Aug 9, 2023
3f2862a
Tweak script output.
codygunton Aug 9, 2023
b963361
Speed up ECDSA simulation
codygunton Aug 9, 2023
6e0069b
Add missing brace
codygunton Aug 9, 2023
8744b27
Use derived context.
codygunton Aug 10, 2023
ec3346a
Set context so merkel test will run.
codygunton Aug 10, 2023
dfbf067
Fix script comments
codygunton Aug 15, 2023
1709038
TODO(https://github.com/AztecProtocol/barretenberg/issues/659)
codygunton Aug 15, 2023
05101f3
Cleanup and issue issues.
codygunton Aug 16, 2023
f4665e0
Remove unneeded function.
codygunton Aug 17, 2023
e81f015
Reinstate missing recursion check.
codygunton Aug 17, 2023
94d5afd
Clean up and add comments.
codygunton Aug 17, 2023
890c374
Intentionally do a bad merge.
ludamad Sep 6, 2023
5659262
fix e2e-escrow
ludamad Sep 6, 2023
39f6efe
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
ludamad0 Sep 6, 2023
9e2042f
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
ludamad0 Sep 6, 2023
586241e
chore: merge master into simulate feature branch (#1848)
ludamad Sep 14, 2023
fed8f7e
Merge
ludamad0 Sep 14, 2023
999451d
Rm bb
ludamad0 Sep 14, 2023
0a5f699
git mv bb
ludamad0 Sep 14, 2023
a168a6d
Rm bb/build-system
ludamad0 Sep 14, 2023
38882cf
Merge commit '404ec34d38e1a9c3fbe7a3cdb6e88c28f62f72e4' into cg/simul…
ludamad0 Sep 14, 2023
7c0f781
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
ludamad0 Sep 14, 2023
20dfb60
Fix merge markers
ludamad0 Sep 14, 2023
581fbb3
Format
ludamad0 Sep 14, 2023
15ed3a9
Reverts
ludamad0 Sep 14, 2023
f4a62bb
Merge branch 'master' into cg/simulate-spike-bb-subrepo
maramihali Apr 18, 2024
560f7bf
fine till here
maramihali Apr 25, 2024
05f9913
experiments with ultra verifier
maramihali Apr 26, 2024
75dd2dd
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
maramihali Apr 26, 2024
8df0c86
unify honk recursive verifiers
maramihali Apr 26, 2024
3132542
yay
maramihali Apr 29, 2024
2edbcf7
stuff
maramihali Apr 29, 2024
7462d38
add benchmark
maramihali Apr 29, 2024
60d7197
more cleanup
maramihali Apr 29, 2024
ebe0996
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
maramihali Apr 29, 2024
f7183b5
more cleanup
maramihali Apr 29, 2024
9bee66b
reenable check, more cleanup
maramihali Apr 29, 2024
1f4a260
cleanup benchmark
maramihali Apr 29, 2024
96eb8df
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
maramihali Apr 29, 2024
b429bef
fix gcc and test
maramihali Apr 29, 2024
80b06c6
more cleanup
maramihali Apr 29, 2024
6b5ae50
even more cleanup
maramihali Apr 29, 2024
3728048
delete some more unnecessary stuff
maramihali Apr 29, 2024
4a169b4
more cleanup
maramihali Apr 29, 2024
4d98946
revert some formatting
maramihali Apr 29, 2024
2d4355e
remove unnecessary fields in simulator
maramihali Apr 29, 2024
ca81f60
follup up after cody's comments
maramihali Apr 29, 2024
ff03998
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
maramihali Apr 29, 2024
424b670
Merge remote-tracking branch 'origin/master' into cg/simulate-spike-b…
maramihali Apr 30, 2024
0eb95a0
:(
maramihali May 1, 2024
d25e8a9
work around batch_mul edge case
maramihali May 2, 2024
d678aea
Merge remote-tracking branch 'origin/master' into mm/pg-simulator
maramihali May 2, 2024
c779b26
docs, issues, cleanup, fixes
maramihali May 2, 2024
5bac1f3
Merge branch 'master' into mm/pg-simulator
maramihali May 2, 2024
32496c5
Merge branch 'master' into mm/pg-simulator
maramihali May 2, 2024
2d5bcf5
stuff
maramihali May 2, 2024
72bbe35
fix typo, remove unneeded headers
maramihali May 2, 2024
9e86d6e
Merge remote-tracking branch 'origin/master' into mm/pg-simulator
maramihali May 2, 2024
afbbc61
clarify concepts
maramihali May 3, 2024
23feb8f
Merge remote-tracking branch 'origin/master' into mm/pg-simulator
maramihali May 3, 2024
9c8a82a
Merge branch 'master' into mm/pg-simulator
maramihali May 3, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ class CircuitChecker {
template <typename Builder> static bool check(const Builder& builder)
{
static_assert(IsCheckable<Builder>);

if constexpr (IsUltraBuilder<Builder>) {
if constexpr (IsUltraBuilder<Builder> || IsGoblinUltraBuilder<Builder>) {
return UltraCircuitChecker::check(builder);
} else if constexpr (IsStandardBuilder<Builder>) {
return StandardCircuitChecker::check(builder);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ bool UltraCircuitChecker::check_block(Builder& builder,
info("Failed Lookup check relation at row idx = ", idx);
return false;
}
if constexpr (IsGoblinBuilder<Builder>) {
if constexpr (IsGoblinUltraBuilder<Builder>) {
result = result && check_relation<PoseidonInternal>(values, params);
if (result == false) {
info("Failed PoseidonInternal relation at row idx = ", idx);
Expand Down Expand Up @@ -285,7 +285,7 @@ void UltraCircuitChecker::populate_values(
values.q_elliptic = block.q_elliptic()[idx];
values.q_aux = block.q_aux()[idx];
values.q_lookup = block.q_lookup_type()[idx];
if constexpr (IsGoblinBuilder<Builder>) {
if constexpr (IsGoblinUltraBuilder<Builder>) {
values.q_busread = block.q_busread()[idx];
values.q_poseidon2_internal = block.q_poseidon2_internal()[idx];
values.q_poseidon2_external = block.q_poseidon2_external()[idx];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,12 @@ TEST_F(MockKernelTest, PinFoldingKernelSizes)
ivc.initialize(circuit_1);
auto kernel_acc = std::make_shared<ClientIVC::VerifierInstance>(ivc.vks.first_func_vk);
kernel_acc->verification_key = ivc.vks.first_func_vk;
EXPECT_EQ(ivc.prover_instance->proving_key.log_circuit_size, 17);

GoblinUltraCircuitBuilder circuit_2{ ivc.goblin.op_queue };
GoblinMockCircuits::construct_mock_function_circuit(circuit_2);
auto func_fold_proof = ivc.accumulate(circuit_2);
EXPECT_EQ(ivc.prover_instance->proving_key.log_circuit_size, 17);

// Construct kernel circuit
GoblinUltraCircuitBuilder kernel_circuit{ ivc.goblin.op_queue };
Expand All @@ -42,6 +44,7 @@ TEST_F(MockKernelTest, PinFoldingKernelSizes)
GoblinUltraCircuitBuilder circuit_3{ ivc.goblin.op_queue };
GoblinMockCircuits::construct_mock_function_circuit(circuit_3);
func_fold_proof = ivc.accumulate(circuit_3);
EXPECT_EQ(ivc.prover_instance->proving_key.log_circuit_size, 17);

kernel_circuit = GoblinUltraCircuitBuilder{ ivc.goblin.op_queue };
kernel_acc = GoblinMockCircuits::construct_mock_folding_kernel(kernel_circuit,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ void build_constraints(Builder& builder, AcirFormat const& constraint_system, bo

// TODO(https://github.com/AztecProtocol/barretenberg/issues/817): disable these for UGH for now since we're not yet
// dealing with proper recursion
if constexpr (IsGoblinBuilder<Builder>) {
if constexpr (IsGoblinUltraBuilder<Builder>) {
if (!constraint_system.recursion_constraints.empty()) {
info("WARNING: this circuit contains recursion_constraints!");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ namespace bb::stdlib {
template <typename Params, typename Builder>
typename Poseidon2Permutation<Params, Builder>::State Poseidon2Permutation<Params, Builder>::permutation(
Builder* builder, const typename Poseidon2Permutation<Params, Builder>::State& input)
requires IsGoblinBuilder<Builder>
requires IsGoblinUltraBuilder<Builder>
{
// deep copy
State current_state(input);
Expand Down Expand Up @@ -120,7 +120,7 @@ typename Poseidon2Permutation<Params, Builder>::State Poseidon2Permutation<Param
template <typename Params, typename Builder>
typename Poseidon2Permutation<Params, Builder>::State Poseidon2Permutation<Params, Builder>::permutation(
Builder* builder, const typename Poseidon2Permutation<Params, Builder>::State& input)
requires IsNotGoblinBuilder<Builder>
requires IsNotGoblinUltraBuilder<Builder>
{
// deep copy
State current_state(input);
Expand Down Expand Up @@ -156,7 +156,7 @@ typename Poseidon2Permutation<Params, Builder>::State Poseidon2Permutation<Param
template <typename Params, typename Builder>
void Poseidon2Permutation<Params, Builder>::add_round_constants(
State& input, const typename Poseidon2Permutation<Params, Builder>::RoundConstants& rc)
requires IsNotGoblinBuilder<Builder>
requires IsNotGoblinUltraBuilder<Builder>

{
for (size_t i = 0; i < t; ++i) {
Expand All @@ -166,7 +166,7 @@ void Poseidon2Permutation<Params, Builder>::add_round_constants(

template <typename Params, typename Builder>
void Poseidon2Permutation<Params, Builder>::apply_sbox(State& input)
requires IsNotGoblinBuilder<Builder>
requires IsNotGoblinUltraBuilder<Builder>
{
for (auto& in : input) {
apply_single_sbox(in);
Expand All @@ -175,7 +175,7 @@ void Poseidon2Permutation<Params, Builder>::apply_sbox(State& input)

template <typename Params, typename Builder>
void Poseidon2Permutation<Params, Builder>::apply_single_sbox(field_t<Builder>& input)
requires IsNotGoblinBuilder<Builder>
requires IsNotGoblinUltraBuilder<Builder>
{
// hardcoded assumption that d = 5. should fix this or not make d configurable
auto xx = input.sqr();
Expand All @@ -185,7 +185,7 @@ void Poseidon2Permutation<Params, Builder>::apply_single_sbox(field_t<Builder>&

template <typename Params, typename Builder>
void Poseidon2Permutation<Params, Builder>::matrix_multiplication_internal(State& input)
requires IsNotGoblinBuilder<Builder>
requires IsNotGoblinUltraBuilder<Builder>
{
// for t = 4
auto sum = input[0];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,18 +46,18 @@ template <typename Params, typename Builder> class Poseidon2Permutation {
* @return State
*/
static State permutation(Builder* builder, const State& input)
requires IsGoblinBuilder<Builder>;
requires IsGoblinUltraBuilder<Builder>;
static State permutation(Builder* builder, const State& input)
requires IsNotGoblinBuilder<Builder>;
requires IsNotGoblinUltraBuilder<Builder>;

static void add_round_constants(State& input, const RoundConstants& rc)
requires IsNotGoblinBuilder<Builder>;
requires IsNotGoblinUltraBuilder<Builder>;
static void apply_sbox(State& input)
requires IsNotGoblinBuilder<Builder>;
requires IsNotGoblinUltraBuilder<Builder>;
static void apply_single_sbox(field_t<Builder>& input)
requires IsNotGoblinBuilder<Builder>;
requires IsNotGoblinUltraBuilder<Builder>;
static void matrix_multiplication_internal(State& input)
requires IsNotGoblinBuilder<Builder>;
requires IsNotGoblinUltraBuilder<Builder>;

/**
* @brief Separate function to do just the first linear layer (equivalent to external matrix mul).
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,8 @@ std::array<typename Flavor::GroupElement, 2> DeciderRecursiveVerifier_<Flavor>::

template class DeciderRecursiveVerifier_<bb::UltraRecursiveFlavor_<UltraCircuitBuilder>>;
template class DeciderRecursiveVerifier_<bb::GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>>;
template class DeciderRecursiveVerifier_<bb::UltraRecursiveFlavor_<GoblinUltraCircuitBuilder>>;
template class DeciderRecursiveVerifier_<bb::GoblinUltraRecursiveFlavor_<UltraCircuitBuilder>>;
template class DeciderRecursiveVerifier_<bb::UltraRecursiveFlavor_<CircuitSimulatorBN254>>;
template class DeciderRecursiveVerifier_<bb::GoblinUltraRecursiveFlavor_<CircuitSimulatorBN254>>;
} // namespace bb::stdlib::recursion::honk
Original file line number Diff line number Diff line change
Expand Up @@ -165,42 +165,17 @@ std::shared_ptr<typename VerifierInstances::Instance> ProtoGalaxyRecursiveVerifi
next_accumulator->verification_key->pcs_verification_key = accumulator->verification_key->pcs_verification_key;
next_accumulator->verification_key->pub_inputs_offset = accumulator->verification_key->pub_inputs_offset;
next_accumulator->public_inputs = accumulator->public_inputs;
size_t vk_idx = 0;
for (auto& expected_vk : next_accumulator->verification_key->get_all()) {
size_t inst = 0;
std::vector<FF> scalars;
std::vector<Commitment> commitments;
for (auto& instance : instances) {
scalars.emplace_back(lagranges[inst]);
commitments.emplace_back(instance->verification_key->get_all()[vk_idx]);
inst++;
}
expected_vk = Commitment::batch_mul(commitments, scalars);
vk_idx++;
}

next_accumulator->is_accumulator = true;

// Compute next folding parameters and verify against the ones received from the prover
// Compute next folding parameters
next_accumulator->target_sum =
perturbator_at_challenge * lagranges[0] + vanishing_polynomial_at_challenge * combiner_quotient_at_challenge;
next_accumulator->gate_challenges =
update_gate_challenges(perturbator_challenge, accumulator->gate_challenges, deltas);

// Compute ϕ and verify against the data received from the prover
auto& acc_witness_commitments = next_accumulator->witness_commitments;
size_t comm_idx = 0;
for (auto& comm : acc_witness_commitments.get_all()) {
std::vector<FF> scalars;
std::vector<Commitment> commitments;
size_t inst = 0;
for (auto& instance : instances) {
scalars.emplace_back(lagranges[inst]);
commitments.emplace_back(instance->witness_commitments.get_all()[comm_idx]);
inst++;
}
comm = Commitment::batch_mul(commitments, scalars);
comm_idx++;
}
// Compute ϕ
fold_commitments(lagranges, instances, next_accumulator);

next_accumulator->public_inputs =
std::vector<FF>(static_cast<size_t>(next_accumulator->verification_key->num_public_inputs), 0);
Expand Down Expand Up @@ -248,4 +223,12 @@ template class ProtoGalaxyRecursiveVerifier_<
RecursiveVerifierInstances_<UltraRecursiveFlavor_<UltraCircuitBuilder>, 2>>;
template class ProtoGalaxyRecursiveVerifier_<
RecursiveVerifierInstances_<GoblinUltraRecursiveFlavor_<GoblinUltraCircuitBuilder>, 2>>;
template class ProtoGalaxyRecursiveVerifier_<
RecursiveVerifierInstances_<UltraRecursiveFlavor_<GoblinUltraCircuitBuilder>, 2>>;
template class ProtoGalaxyRecursiveVerifier_<
RecursiveVerifierInstances_<GoblinUltraRecursiveFlavor_<UltraCircuitBuilder>, 2>>;
template class ProtoGalaxyRecursiveVerifier_<
RecursiveVerifierInstances_<UltraRecursiveFlavor_<CircuitSimulatorBN254>, 2>>;
template class ProtoGalaxyRecursiveVerifier_<
RecursiveVerifierInstances_<GoblinUltraRecursiveFlavor_<CircuitSimulatorBN254>, 2>>;
} // namespace bb::stdlib::recursion::honk
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,83 @@ template <class VerifierInstances> class ProtoGalaxyRecursiveVerifier_ {
}
return result;
};

/**
* @brief Hack method to fold the witness commitments and verification key without the batch_mul in the case where
* the recursive folding verifier is instantiated as a vanilla ultra circuit.
*
* @details In the folding recursive verifier we might hit the scenerio where we do a batch_mul(commitments,
* lagranges) where the commitments are equal. That is because when we add gates to ensure no zero commitments,
* these will be the same for all circuits, hitting an edge case in batch_mul that creates a failing constraint.
* Specifically, at some point in the algorithm we compute the difference between the points which, if they are
* equal, would be zero, case that is not supported. See https://github.com/AztecProtocol/barretenberg/issues/971.
*/
void fold_commitments(std::vector<FF> lagranges,
VerifierInstances& instances,
std::shared_ptr<Instance>& accumulator)
requires IsUltraBuilder<Builder>
{
using ElementNative = typename Flavor::Curve::ElementNative;
using AffineElementNative = typename Flavor::Curve::AffineElementNative;

auto offset_generator = Commitment::from_witness(builder, AffineElementNative(ElementNative::random_element()));

size_t vk_idx = 0;
for (auto& expected_vk : accumulator->verification_key->get_all()) {
expected_vk = offset_generator;
size_t inst = 0;
for (auto& instance : instances) {
expected_vk += instance->verification_key->get_all()[vk_idx] * lagranges[inst];
inst++;
}
expected_vk -= offset_generator;
vk_idx++;
}

size_t comm_idx = 0;
for (auto& comm : accumulator->witness_commitments.get_all()) {
comm = offset_generator;
size_t inst = 0;
for (auto& instance : instances) {
comm += instance->witness_commitments.get_all()[comm_idx] * lagranges[inst];
inst++;
}
comm -= offset_generator;
comm_idx++;
}
}

/**
* @brief Folds the witness commitments and verification key (part of ϕ) and stores the values in the accumulator.
*
*
*/

void fold_commitments(std::vector<FF> lagranges,
VerifierInstances& instances,
std::shared_ptr<Instance>& accumulator)
requires(!IsUltraBuilder<Builder>)
{
size_t vk_idx = 0;
for (auto& expected_vk : accumulator->verification_key->get_all()) {
std::vector<Commitment> commitments;
for (auto& instance : instances) {
commitments.emplace_back(instance->verification_key->get_all()[vk_idx]);
}
expected_vk = Commitment::batch_mul(commitments, lagranges);
vk_idx++;
}

size_t comm_idx = 0;
for (auto& comm : accumulator->witness_commitments.get_all()) {
std::vector<Commitment> commitments;
for (auto& instance : instances) {
commitments.emplace_back(instance->witness_commitments.get_all()[comm_idx]);
}
comm = Commitment::batch_mul(commitments, lagranges);
comm_idx++;
}
}
};

} // namespace bb::stdlib::recursion::honk
Loading
Loading