feat: Poseidon2 gates for Ultra arithmetisation

barretenberg/cpp/src/barretenberg/bb/main.cpp

@@ -576,10 +576,11 @@ void prove_tube(const std::string& output_path)
     ClientIVC verifier{ builder, input };
 
     verifier.verify(proof);
-    info("num gates in tube circuit: ", builder->get_num_gates());
     using Prover = UltraProver_<UltraFlavor>;
     using Verifier = UltraVerifier_<UltraFlavor>;
     Prover tube_prover{ *builder };
+    // Print the number of gates post finalisation for a precise result
+    info("num gates in tube circuit: ", builder->get_num_gates());
     auto tube_proof = tube_prover.construct_proof();
     std::string tubeProofPath = output_path + "/proof";
     write_file(tubeProofPath, to_buffer<true>(tube_proof));

barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/CMakeLists.txt

@@ -1 +1 @@
-barretenberg_module(commitment_schemes_recursion commitment_schemes stdlib_primitives)
+barretenberg_module(commitment_schemes_recursion commitment_schemes stdlib_poseidon2)

barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp

@@ -701,7 +701,7 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change)
     // The below part detects any changes in the join-split circuit
     constexpr size_t DYADIC_CIRCUIT_SIZE = 1 << 16;
 
-    constexpr uint256_t CIRCUIT_HASH("0x470358e4d91c4c5296ef788b1165b2c439cd498f49c3f99386b002753ca3d0ee");
+    constexpr uint256_t CIRCUIT_HASH("0x9170317e02f4131b84f6b4efdd3ac23e5f392d815df37750c8f05a94c64797b2");
 
     const uint256_t circuit_hash = circuit.hash_circuit();
     // circuit is finalized now

barretenberg/cpp/src/barretenberg/goblin/goblin_recursion.test.cpp

@@ -73,6 +73,8 @@ TEST_F(GoblinRecursionTests, Vanilla)
     auto translator_vkey = std::make_shared<TranslatorVerificationKey>(goblin.get_translator_proving_key());
     GoblinVerifier goblin_verifier{ eccvm_vkey, translator_vkey };
     bool verified = goblin_verifier.verify(proof);
+    info(ultra_verified);
+    info(verified);
     EXPECT_TRUE(ultra_verified && verified);
 }
 

barretenberg/cpp/src/barretenberg/plonk_honk_shared/arithmetization/arithmetization.hpp

@@ -77,10 +77,4 @@ template <typename FF, size_t NUM_WIRES, size_t NUM_SELECTORS> class ExecutionTr
     void set_fixed_size(uint32_t size_in) { fixed_size = size_in; }
 };
 
-class TranslatorArith {
-  public:
-    static constexpr size_t NUM_WIRES = 81;
-    static constexpr size_t NUM_SELECTORS = 0;
-};
-
 } // namespace bb

barretenberg/cpp/src/barretenberg/plonk_honk_shared/arithmetization/mega_arithmetization.hpp

@@ -137,25 +137,15 @@ template <typename FF_> class MegaArith {
          * conventional Ultra arithmetization
          *
          */
-        void pad_additional()
-        {
-            q_busread().emplace_back(0);
-            q_poseidon2_external().emplace_back(0);
-            q_poseidon2_internal().emplace_back(0);
-        };
+        void pad_additional() { q_busread().emplace_back(0); };
 
         /**
          * @brief Resizes all selectors which are not part of the conventional Ultra arithmetization
          * @details Facilitates reuse of Ultra gate construction functions in arithmetizations which extend the
          * conventional Ultra arithmetization
          * @param new_size
          */
-        void resize_additional(size_t new_size)
-        {
-            q_busread().resize(new_size);
-            q_poseidon2_external().resize(new_size);
-            q_poseidon2_internal().resize(new_size);
-        };
+        void resize_additional(size_t new_size) { q_busread().resize(new_size); };
     };
 
     struct TraceBlocks : public MegaTraceBlocks<MegaTraceBlock> {

barretenberg/cpp/src/barretenberg/plonk_honk_shared/arithmetization/ultra_arithmetization.hpp

@@ -21,8 +21,14 @@ template <typename FF_> class UltraArith {
         T elliptic;
         T aux;
         T lookup;
+        T poseidon_external;
+        T poseidon_internal;
 
-        auto get() { return RefArray{ pub_inputs, arithmetic, delta_range, elliptic, aux, lookup }; }
+        auto get()
+        {
+            return RefArray{ pub_inputs, arithmetic, delta_range,       elliptic,
+                             aux,        lookup,     poseidon_external, poseidon_internal };
+        }
 
         bool operator==(const UltraTraceBlocks& other) const = default;
     };
@@ -38,12 +44,14 @@ template <typename FF_> class UltraArith {
             this->elliptic = FIXED_SIZE;
             this->aux = FIXED_SIZE;
             this->lookup = FIXED_SIZE;
+            this->poseidon_external = FIXED_SIZE;
+            this->poseidon_internal = FIXED_SIZE;
         }
     };
 
   public:
     static constexpr size_t NUM_WIRES = 4;
-    static constexpr size_t NUM_SELECTORS = 11;
+    static constexpr size_t NUM_SELECTORS = 13;
     using FF = FF_;
 
     class UltraTraceBlock : public ExecutionTraceBlock<FF, NUM_WIRES, NUM_SELECTORS> {
@@ -75,6 +83,8 @@ template <typename FF_> class UltraArith {
         auto& q_elliptic() { return this->selectors[8]; };
         auto& q_aux() { return this->selectors[9]; };
         auto& q_lookup_type() { return this->selectors[10]; };
+        auto& q_poseidon2_external() { return this->selectors[11]; };
+        auto& q_poseidon2_internal() { return this->selectors[12]; };
     };
 
     struct TraceBlocks : public UltraTraceBlocks<UltraTraceBlock> {
@@ -107,8 +117,8 @@ template <typename FF_> class UltraArith {
 
         auto get()
         {
-            return RefArray{ this->pub_inputs, this->arithmetic, this->delta_range,
-                             this->elliptic,   this->aux,        this->lookup };
+            return RefArray{ this->pub_inputs, this->arithmetic, this->delta_range,       this->elliptic,
+                             this->aux,        this->lookup,     this->poseidon_external, this->poseidon_internal };
         }
 
         void summarize() const
@@ -120,6 +130,8 @@ template <typename FF_> class UltraArith {
             info("elliptic   :\t", this->elliptic.size());
             info("auxiliary  :\t", this->aux.size());
             info("lookups    :\t", this->lookup.size());
+            info("poseidon ext  :\t", this->poseidon_external.size());
+            info("poseidon int  :\t", this->poseidon_internal.size());
         }
 
         size_t get_total_structured_size()
@@ -151,9 +163,19 @@ template <typename FF_> class UltraArith {
     };
 
     // Note: These are needed for Plonk only (for poly storage in a std::map). Must be in same order as above struct.
-    inline static const std::vector<std::string> selector_names = { "q_m",        "q_c",   "q_1",       "q_2",
-                                                                    "q_3",        "q_4",   "q_arith",   "q_sort",
-                                                                    "q_elliptic", "q_aux", "table_type" };
+    inline static const std::vector<std::string> selector_names = { "q_m",
+                                                                    "q_c",
+                                                                    "q_1",
+                                                                    "q_2",
+                                                                    "q_3",
+                                                                    "q_4",
+                                                                    "q_arith",
+                                                                    "q_sort",
+                                                                    "q_elliptic",
+                                                                    "q_aux",
+                                                                    "table_type",
+                                                                    "q_poseidon2_external",
+                                                                    "q_poseidon2_internal" };
 };
 
 } // namespace bb

barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp

@@ -29,6 +29,8 @@ TEST(Protogalaxy, CombinerOn2Instances)
         std::fill(polys.q_aux.begin(), polys.q_aux.end(), 0);
         std::fill(polys.q_lookup.begin(), polys.q_lookup.end(), 0);
         std::fill(polys.q_4.begin(), polys.q_4.end(), 0);
+        std::fill(polys.q_poseidon2_external.begin(), polys.q_poseidon2_external.end(), 0);
+        std::fill(polys.q_poseidon2_internal.begin(), polys.q_poseidon2_internal.end(), 0);
         std::fill(polys.w_4.begin(), polys.w_4.end(), 0);
         std::fill(polys.w_4_shift.begin(), polys.w_4_shift.end(), 0);
     };
@@ -55,18 +57,18 @@ TEST(Protogalaxy, CombinerOn2Instances)
             auto pow_polynomial = PowPolynomial(std::vector<FF>{ 2 });
             auto result = prover.compute_combiner</*OptimisationEnabled=*/false>(instances, pow_polynomial);
             // The expected_result values are computed by running the python script combiner_example_gen.py
-            auto expected_result = Univariate<FF, 12>(std::array<FF, 12>{ 8600UL,
-                                                                          12679448UL,
-                                                                          73617560UL,
-                                                                          220571672UL,
-                                                                          491290520UL,
-                                                                          923522840UL,
-                                                                          1555017368UL,
-                                                                          2423522840UL,
-                                                                          3566787992UL,
-                                                                          5022561560UL,
-                                                                          6828592280UL,
-                                                                          9022628888UL });
+            auto expected_result = Univariate<FF, 12>(std::array<FF, 12>{ 9704UL,
+                                                                          13245288UL,
+                                                                          75534568UL,
+                                                                          224626280UL,
+                                                                          498269160UL,
+                                                                          934211944UL,
+                                                                          1570203368UL,
+                                                                          2443992168UL,
+                                                                          3593327080UL,
+                                                                          5055956840UL,
+                                                                          6869630184UL,
+                                                                          9072095848UL });
             EXPECT_EQ(result, expected_result);
         } else {
             std::vector<std::shared_ptr<ProverInstance>> instance_data(NUM_INSTANCES);

barretenberg/cpp/src/barretenberg/protogalaxy/combiner_example_gen.py

@@ -3,7 +3,7 @@
 
 # np.set_printoptions(formatter={'int': hex})
 
-EXTENDED_RELATION_LENGTH = 13
+EXTENDED_RELATION_LENGTH = 12
 
 class Row:
     # Construct a set of 'all' polynomials with a very simple structure
@@ -20,38 +20,40 @@ def __init__(self, base_poly):
         self.q_elliptic = base_poly + 2 * 8
         self.q_aux = base_poly + 2 * 9
         self.q_lookup = base_poly + 2 * 10
-        self.sigma_1 = base_poly + 2 * 11
-        self.sigma_2 = base_poly + 2 * 12
-        self.sigma_3 = base_poly + 2 * 13
-        self.sigma_4 = base_poly + 2 * 14
-        self.id_1 = base_poly + 2 * 15
-        self.id_2 = base_poly + 2 * 16
-        self.id_3 = base_poly + 2 * 17
-        self.id_4 = base_poly + 2 * 18
-        self.table_1 = base_poly + 2 * 19
-        self.table_2 = base_poly + 2 * 20
-        self.table_3 = base_poly + 2 * 21
-        self.table_4 = base_poly + 2 * 22
-        self.lagrange_first = base_poly + 2 * 23
-        self.lagrange_last = base_poly + 2 * 24
-        self.w_l = base_poly + 2 * 25
-        self.w_r = base_poly + 2 * 26
-        self.w_o = base_poly + 2 * 27
-        self.w_4 = base_poly + 2 * 28
-        self.sorted_accum = base_poly + 2 * 29
-        self.z_perm = base_poly + 2 * 30
-        self.z_lookup = base_poly + 2 * 31
-        self.table_1_shift = base_poly + 2 * 32
-        self.table_2_shift = base_poly + 2 * 33
-        self.table_3_shift = base_poly + 2 * 34
-        self.table_4_shift = base_poly + 2 * 35
-        self.w_l_shift = base_poly + 2 * 36
-        self.w_r_shift = base_poly + 2 * 37
-        self.w_o_shift = base_poly + 2 * 38
-        self.w_4_shift = base_poly + 2 * 39
-        self.sorted_accum_shift = base_poly + 2 * 40
-        self.z_perm_shift = base_poly + 2 * 41
-        self.z_lookup_shift = base_poly + 2 * 42
+        self.q_poseidon2_external_1 = base_poly + 2 * 11
+        self.q_poseidon2_external_2 = base_poly + 2 * 12
+        self.sigma_1 = base_poly + 2 * 13
+        self.sigma_2 = base_poly + 2 * 14
+        self.sigma_3 = base_poly + 2 * 15
+        self.sigma_4 = base_poly + 2 * 16
+        self.id_1 = base_poly + 2 * 17
+        self.id_2 = base_poly + 2 * 18
+        self.id_3 = base_poly + 2 * 19
+        self.id_4 = base_poly + 2 * 20
+        self.table_1 = base_poly + 2 * 21
+        self.table_2 = base_poly + 2 * 22
+        self.table_3 = base_poly + 2 * 23
+        self.table_4 = base_poly + 2 * 24
+        self.lagrange_first = base_poly + 2 * 25
+        self.lagrange_last = base_poly + 2 * 26
+        self.w_l = base_poly + 2 * 27
+        self.w_r = base_poly + 2 * 28
+        self.w_o = base_poly + 2 * 29
+        self.w_4 = base_poly + 2 * 30
+        self.sorted_accum = base_poly + 2 * 31
+        self.z_perm = base_poly + 2 * 32
+        self.z_lookup = base_poly + 2 * 33
+        self.table_1_shift = base_poly + 2 * 34
+        self.table_2_shift = base_poly + 2 * 35
+        self.table_3_shift = base_poly + 2 * 36
+        self.table_4_shift = base_poly + 2 * 37
+        self.w_l_shift = base_poly + 2 * 38
+        self.w_r_shift = base_poly + 2 * 39
+        self.w_o_shift = base_poly + 2 * 40
+        self.w_4_shift = base_poly + 2 * 41
+        self.sorted_accum_shift = base_poly + 2 * 42
+        self.z_perm_shift = base_poly + 2 * 43
+        self.z_lookup_shift = base_poly + 2 * 44
 
     def arith_relation(self):
         return self.q_m * self.w_l * self.w_r + self.q_l * self.w_l + self.q_r * self.w_r + self.q_o * self.w_o + self.q_c

barretenberg/cpp/src/barretenberg/stdlib/hash/poseidon2/poseidon2.cpp

@@ -40,5 +40,7 @@ template <typename C> field_t<C> poseidon2<C>::hash_buffer(C& builder, const std
     return hash(builder, elements);
 }
 template class poseidon2<bb::MegaCircuitBuilder>;
+template class poseidon2<bb::UltraCircuitBuilder>;
+template class poseidon2<bb::CircuitSimulatorBN254>;
 
 } // namespace bb::stdlib

barretenberg/cpp/src/barretenberg/stdlib/hash/poseidon2/poseidon2.test.cpp

@@ -147,7 +147,7 @@ template <typename Builder> class StdlibPoseidon2 : public testing::Test {
     }
 };
 
-using CircuitTypes = testing::Types<bb::MegaCircuitBuilder>;
+using CircuitTypes = testing::Types<bb::MegaCircuitBuilder, bb::UltraCircuitBuilder, bb::CircuitSimulatorBN254>;
 
 TYPED_TEST_SUITE(StdlibPoseidon2, CircuitTypes);
 

barretenberg/cpp/src/barretenberg/stdlib/hash/poseidon2/poseidon2_permutation.cpp

@@ -312,5 +312,6 @@ void Poseidon2Permutation<Params, Builder>::matrix_multiplication_external(
 
 template class Poseidon2Permutation<crypto::Poseidon2Bn254ScalarFieldParams, MegaCircuitBuilder>;
 template class Poseidon2Permutation<crypto::Poseidon2Bn254ScalarFieldParams, UltraCircuitBuilder>;
+template class Poseidon2Permutation<crypto::Poseidon2Bn254ScalarFieldParams, CircuitSimulatorBN254>;
 
 } // namespace bb::stdlib

barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/transcript/transcript.hpp

@@ -10,45 +10,34 @@ namespace bb::stdlib::recursion::honk {
 template <typename Builder> struct StdlibTranscriptParams {
     using Fr = stdlib::field_t<Builder>;
     using Proof = std::vector<Fr>;
+
     static inline Fr hash(const std::vector<Fr>& data)
     {
-        if constexpr (std::is_same_v<Builder, MegaCircuitBuilder>) {
-            ASSERT(!data.empty() && data[0].get_context() != nullptr);
-            Builder* builder = data[0].get_context();
-            return stdlib::poseidon2<Builder>::hash(*builder, data);
-        } else {
-            // TODO(https://github.com/AztecProtocol/barretenberg/issues/1035): Add constraints for hashing in Ultra
-            using NativeFr = bb::fr;
-            ASSERT(!data.empty() && data[0].get_context() != nullptr);
-            Builder* builder = data[0].get_context();
-
-            // call the native hash on the data
-            std::vector<NativeFr> native_data;
-            native_data.reserve(data.size());
-            for (const auto& fr : data) {
-                native_data.push_back(fr.get_value());
-            }
-            NativeFr hash_value = crypto::Poseidon2<crypto::Poseidon2Bn254ScalarFieldParams>::hash(native_data);
-
-            Fr hash_field_ct = Fr::from_witness(builder, hash_value);
-            return hash_field_ct;
-        }
+
+        ASSERT(!data.empty() && data[0].get_context() != nullptr);
+
+        Builder* builder = data[0].get_context();
+        return stdlib::poseidon2<Builder>::hash(*builder, data);
     }
+
     template <typename T> static inline T convert_challenge(const Fr& challenge)
     {
         Builder* builder = challenge.get_context();
         return bb::stdlib::field_conversion::convert_challenge<Builder, T>(*builder, challenge);
     }
+
     template <typename T> static constexpr size_t calc_num_bn254_frs()
     {
         return bb::stdlib::field_conversion::calc_num_bn254_frs<Builder, T>();
     }
+
     template <typename T> static inline T convert_from_bn254_frs(std::span<const Fr> frs)
     {
         ASSERT(!frs.empty() && frs[0].get_context() != nullptr);
         Builder* builder = frs[0].get_context();
         return bb::stdlib::field_conversion::convert_from_bn254_frs<Builder, T>(*builder, frs);
     }
+
     template <typename T> static inline std::vector<Fr> convert_to_bn254_frs(const T& element)
     {
         Builder* builder = element.get_context();

barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/client_ivc_recursive_verifier.test.cpp

@@ -88,11 +88,12 @@ TEST_F(ClientIVCRecursionTests, Basic)
     // Generate the recursive verification circuit
     verifier.verify(proof);
 
-    info("Recursive Verifier: num gates = ", builder->num_gates);
-
     EXPECT_EQ(builder->failed(), false) << builder->err();
 
     EXPECT_TRUE(CircuitChecker::check(*builder));
+
+    // Print the number of gates post finalisation
+    info("Recursive Verifier: num gates = ", builder->num_gates);
 }
 
 } // namespace bb::stdlib::recursion::honk

barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/ultra_recursive_verifier.cpp

@@ -129,16 +129,14 @@ std::array<typename Flavor::GroupElement, 2> UltraRecursiveVerifier_<Flavor>::ve
     // multivariate evaluations at u
     const size_t log_circuit_size = numeric::get_msb(static_cast<uint32_t>(key->circuit_size));
     auto sumcheck = Sumcheck(log_circuit_size, transcript);
+
     RelationSeparator alpha;
     for (size_t idx = 0; idx < alpha.size(); idx++) {
         alpha[idx] = transcript->template get_challenge<FF>("alpha_" + std::to_string(idx));
     }
 
-    // TODO(https://github.com/AztecProtocol/barretenberg/issues/1041): Once hashing produces constraints for Ultra in
-    // the transcript, a fixed number of gate_challenges must be generated by the prover/verifier in order to achieve a
-    // verification circuit that is independent of proof size.
-    auto gate_challenges = std::vector<FF>(log_circuit_size);
-    for (size_t idx = 0; idx < log_circuit_size; idx++) {
+    auto gate_challenges = std::vector<FF>(CONST_PROOF_SIZE_LOG_N);
+    for (size_t idx = 0; idx < CONST_PROOF_SIZE_LOG_N; idx++) {
         gate_challenges[idx] = transcript->template get_challenge<FF>("Sumcheck:gate_challenge_" + std::to_string(idx));
     }
     auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] =