From ba583ff00509f636feae7b78304b115e34fc2357 Mon Sep 17 00:00:00 2001 From: Cody Gunton Date: Tue, 20 Jun 2023 12:10:51 -0400 Subject: [PATCH 1/5] feat: Split plonk and honk tests (#529) Co-authored-by: Rumata888 --- .../grumpkin_srs_gen/grumpkin_srs_gen.cpp | 9 +- .../standard_honk_composer_helper.cpp | 2 +- .../standard_honk_composer_helper.hpp | 4 +- .../ultra_honk_composer_helper.cpp | 3 +- .../ultra_honk_composer_helper.hpp | 7 +- .../honk/composer/standard_honk_composer.hpp | 2 + .../composer/standard_honk_composer.test.cpp | 206 ++--- .../honk/composer/ultra_honk_composer.hpp | 2 - .../composer/ultra_honk_composer.test.cpp | 738 ++++++++++-------- .../relations/relation_correctness.test.cpp | 128 +-- .../honk/sumcheck/sumcheck.test.cpp | 124 +-- .../honk/transcript/transcript.test.cpp | 38 +- .../ultra_plonk_composer_helper.cpp | 6 +- .../ultra_plonk_composer_helper.hpp | 8 +- .../composer/standard_plonk_composer.test.cpp | 397 +++++----- .../composer/turbo_plonk_composer.test.cpp | 619 ++++++++------- .../plonk/composer/ultra_plonk_composer.hpp | 1 - .../composer/ultra_plonk_composer.test.cpp | 686 ++++++++-------- .../proving_key/proving_key.test.cpp | 28 +- .../proof_system/verifier/verifier.test.cpp | 6 +- .../standard_circuit_constructor.test.cpp | 345 ++++---- .../ultra_circuit_constructor.cpp | 3 +- .../ultra_circuit_constructor.hpp | 1 - .../aggregation_state/aggregation_state.hpp | 4 +- .../recursion/verifier/verifier.test.cpp | 19 +- 25 files changed, 1780 insertions(+), 1606 deletions(-) diff --git a/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp b/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp index 2a6d8987a1..f259335135 100644 --- a/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp +++ b/cpp/src/barretenberg/grumpkin_srs_gen/grumpkin_srs_gen.cpp @@ -7,9 +7,12 @@ #include "barretenberg/common/net.hpp" const std::string protocol_name = "BARRETENBERG_GRUMPKIN_IPA_CRS"; -/* Generates a monomial basis Grumpkin SRS for testing purposes. - We only provide functionality create a single transcript file. - The SRS has the form [1]_1, [x]_1, [x^2]_1, ... where x = 2. */ +/** + * @brief Generates a monomial basis Grumpkin SRS. + * + * @details We only provide functionality create a single transcript file. + * + */ int main(int argc, char** argv) { std::vector args(argv, argv + argc); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 23779d1dcf..0ea4402823 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -153,7 +153,7 @@ StandardProver_ StandardHonkComposerHelper_::create_prover( return output_state; } + template class StandardHonkComposerHelper_; template class StandardHonkComposerHelper_; - } // namespace proof_system::honk \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index dd5b878bf0..ace2cac675 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -73,8 +73,10 @@ template class StandardHonkComposerHelper_ { commitment_key = std::make_shared(circuit_size, crs_factory_); }; }; + extern template class StandardHonkComposerHelper_; extern template class StandardHonkComposerHelper_; +// TODO(#532): this pattern is weird; is this not instantiating the templates? using StandardHonkComposerHelper = StandardHonkComposerHelper_; - +using StandardGrumpkinHonkComposerHelper = StandardHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 3bdf857cfa..2bd2d6cb42 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -149,7 +149,8 @@ void UltraHonkComposerHelper_::compute_witness(CircuitConstructor& circu template UltraProver_ UltraHonkComposerHelper_::create_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 00096d5222..3a6e670c36 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -36,6 +36,9 @@ template class UltraHonkComposerHelper_ { bool contains_recursive_proof = false; bool computed_witness = false; + UltraHonkComposerHelper_() + : crs_factory_(barretenberg::srs::get_crs_factory()){}; + explicit UltraHonkComposerHelper_(std::shared_ptr crs_factory) : crs_factory_(std::move(crs_factory)) {} @@ -51,8 +54,6 @@ template class UltraHonkComposerHelper_ { UltraHonkComposerHelper_& operator=(UltraHonkComposerHelper_ const& other) noexcept = default; ~UltraHonkComposerHelper_() = default; - void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; - std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); @@ -70,5 +71,7 @@ template class UltraHonkComposerHelper_ { }; extern template class UltraHonkComposerHelper_; extern template class UltraHonkComposerHelper_; +// TODO(#532): this pattern is weird; is this not instantiating the templates? using UltraHonkComposerHelper = UltraHonkComposerHelper_; +using UltraGrumpkinHonkComposerHelper = UltraHonkComposerHelper_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 3a8c52927d..2ff404ead1 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -191,6 +191,8 @@ template class StandardHonkComposer_ { const std::string& err() const { return circuit_constructor.err(); }; void failure(std::string msg) { circuit_constructor.failure(msg); } }; + +// TODO(#532): These using declarations instantiate the templates? using StandardHonkComposer = StandardHonkComposer_; using StandardGrumpkinHonkComposer = StandardHonkComposer_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 7f6a8bdb1c..2d3c1e42d0 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -1,19 +1,18 @@ -#include "standard_honk_composer.hpp" -#include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" #include #include #include +#include + +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/prover.hpp" -#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" +#include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/honk/sumcheck/relations/permutation_relation.hpp" -#include "barretenberg/polynomials/polynomial.hpp" - -#pragma GCC diagnostic ignored "-Wunused-variable" +#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" #include "barretenberg/honk/utils/grand_product_delta.hpp" -#include - using namespace proof_system::honk; namespace test_standard_honk_composer { @@ -33,13 +32,13 @@ class StandardHonkComposerTests : public ::testing::Test { */ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) { - auto test_permutation = [](StandardHonkComposer& composer) { - auto proving_key = composer.compute_proving_key(); + auto test_permutation = [](StandardCircuitConstructor& circuit_constructor, StandardHonkComposerHelper& composer) { + auto proving_key = composer.compute_proving_key(circuit_constructor); const auto n = proving_key->circuit_size; - auto public_inputs = composer.circuit_constructor.get_public_inputs(); + auto public_inputs = circuit_constructor.get_public_inputs(); auto num_public_inputs = public_inputs.size(); - auto num_gates = composer.circuit_constructor.get_num_gates(); + auto num_gates = circuit_constructor.get_num_gates(); // Using the same random beta and gamma as in the permutation argument barretenberg::fr beta = barretenberg::fr::random_element(); @@ -73,12 +72,12 @@ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) right = barretenberg::fr::one(); // Now let's check that witness values correspond to the permutation - composer.compute_witness(); + composer.compute_witness(circuit_constructor); auto permutation_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); auto wire_polynomials = proving_key->get_wires(); - for (size_t j = 0; j < StandardHonkComposer::NUM_WIRES; ++j) { + for (size_t j = 0; j < StandardHonkComposerHelper::NUM_WIRES; ++j) { std::string index = std::to_string(j + 1); const auto& permutation_polynomial = permutation_polynomials[j]; const auto& witness_polynomial = wire_polynomials[j]; @@ -115,29 +114,30 @@ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) EXPECT_EQ(left, right); }; - StandardHonkComposer composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); fr d = a + c; - uint32_t d_idx = composer.add_public_variable(d); + uint32_t d_idx = circuit_constructor.add_public_variable(d); - uint32_t e_idx = composer.put_constant_variable(d); - composer.assert_equal(e_idx, d_idx, ""); + uint32_t e_idx = circuit_constructor.put_constant_variable(d); + circuit_constructor.assert_equal(e_idx, d_idx, ""); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); for (size_t i = 0; i < 30; ++i) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); } - test_permutation(composer); + auto composer = StandardHonkComposerHelper(); + test_permutation(circuit_constructor, composer); } /** @@ -146,22 +146,25 @@ TEST_F(StandardHonkComposerTests, SigmaIDCorrectness) */ TEST_F(StandardHonkComposerTests, LagrangeCorrectness) { - // Create a composer and a dummy circuit with a few gates - StandardHonkComposer composer = StandardHonkComposer(); + // Create a dummy circuit with a few gates + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } + // Generate proving key - auto proving_key = composer.compute_proving_key(); + auto composer = StandardHonkComposerHelper(); + auto proving_key = composer.compute_proving_key(circuit_constructor); // Generate a random polynomial barretenberg::polynomial random_polynomial = barretenberg::polynomial(proving_key->circuit_size); for (size_t i = 0; i < proving_key->circuit_size; i++) { @@ -200,17 +203,19 @@ TEST_F(StandardHonkComposerTests, AssertEquals) * @brief A function that creates a simple circuit with repeated gates, leading to large permutation cycles * */ - auto create_simple_circuit = [](auto& composer) { + auto create_simple_circuit = [](auto& circuit_constructor) { fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); for (size_t i = 0; i < 10; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); } return std::make_tuple(a_idx, b_idx); }; @@ -218,9 +223,9 @@ TEST_F(StandardHonkComposerTests, AssertEquals) * @brief A function that computes the largest cycle from the sigma permutation generated by the composer * */ - auto get_maximum_cycle = [](auto& composer) { + auto get_maximum_cycle = [](auto& circuit_constructor, auto& composer) { // Compute the proving key for sigma polynomials - auto proving_key = composer.compute_proving_key(); + auto proving_key = composer.compute_proving_key(circuit_constructor); auto permutation_length = composer.NUM_WIRES * proving_key->circuit_size; auto sigma_polynomials = proving_key->get_sigma_polynomials(); @@ -272,56 +277,63 @@ TEST_F(StandardHonkComposerTests, AssertEquals) }; // Get 2 circuits - StandardHonkComposer composer_no_assert_equal = StandardHonkComposer(); - StandardHonkComposer composer_with_assert_equal = StandardHonkComposer(); + auto circuit_constructor_no_assert_equal = StandardCircuitConstructor(); + auto circuit_constructor_with_assert_equal = StandardCircuitConstructor(); // Construct circuits - create_simple_circuit(composer_no_assert_equal); - auto assert_eq_params = create_simple_circuit(composer_with_assert_equal); + create_simple_circuit(circuit_constructor_no_assert_equal); + auto assert_eq_params = create_simple_circuit(circuit_constructor_with_assert_equal); // Use assert_equal on one of them - composer_with_assert_equal.assert_equal(std::get<0>(assert_eq_params), - std::get<1>(assert_eq_params), - "Equality asssertion in standard honk composer test"); + circuit_constructor_with_assert_equal.assert_equal(std::get<0>(assert_eq_params), + std::get<1>(assert_eq_params), + "Equality asssertion in standard honk composer test"); // Check that the maximum cycle in the one, where we used assert_equal, is twice as long - EXPECT_EQ(get_maximum_cycle(composer_with_assert_equal), get_maximum_cycle(composer_no_assert_equal) * 2); + auto composer_no_assert_equal = StandardHonkComposerHelper(); + auto composer_with_assert_equal = StandardHonkComposerHelper(); + EXPECT_EQ(get_maximum_cycle(circuit_constructor_with_assert_equal, composer_with_assert_equal), + get_maximum_cycle(circuit_constructor_no_assert_equal, composer_no_assert_equal) * 2); } TEST_F(StandardHonkComposerTests, VerificationKeyCreation) { // Create a composer and a dummy circuit with a few gates - StandardHonkComposer composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } - composer.create_prover(); - auto verification_key = composer.compute_verification_key(); + + auto composer = StandardHonkComposerHelper(); + composer.create_prover(circuit_constructor); + auto verification_key = composer.compute_verification_key(circuit_constructor); // There is nothing we can really check apart from the fact that constraint selectors and permutation selectors were // committed to, we simply check that the verification key now contains the appropriate number of constraint and // permutation selector commitments. This method should work with any future arithemtization. - EXPECT_EQ(verification_key->size(), composer.circuit_constructor.selectors.size() + composer.NUM_WIRES * 2 + 2); + EXPECT_EQ(verification_key->size(), circuit_constructor.selectors.size() + composer.NUM_WIRES * 2 + 2); } TEST_F(StandardHonkComposerTests, BaseCase) { - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = 1; - composer.circuit_constructor.add_variable(a); + circuit_constructor.add_variable(a); - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); ASSERT_TRUE(verified); } @@ -329,29 +341,29 @@ TEST_F(StandardHonkComposerTests, BaseCase) TEST_F(StandardHonkComposerTests, TwoGates) { auto run_test = [](bool expect_verified) { - auto composer = StandardHonkComposer(); - + auto circuit_constructor = StandardCircuitConstructor(); // 1 + 1 - 2 = 0 uint32_t w_l_1_idx; if (expect_verified) { - w_l_1_idx = composer.circuit_constructor.add_variable(1); + w_l_1_idx = circuit_constructor.add_variable(1); } else { - w_l_1_idx = composer.circuit_constructor.add_variable(0); + w_l_1_idx = circuit_constructor.add_variable(0); } - uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1); - uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2); - composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); + uint32_t w_r_1_idx = circuit_constructor.add_variable(1); + uint32_t w_o_1_idx = circuit_constructor.add_variable(2); + circuit_constructor.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); // 2 * 2 - 4 = 0 - uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4); - composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); + uint32_t w_l_2_idx = circuit_constructor.add_variable(2); + uint32_t w_r_2_idx = circuit_constructor.add_variable(2); + uint32_t w_o_2_idx = circuit_constructor.add_variable(4); + circuit_constructor.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expect_verified); }; @@ -363,10 +375,10 @@ TEST_F(StandardHonkComposerTests, TwoGates) TEST_F(StandardHonkComposerTests, SumcheckEvaluations) { auto run_test = [](bool expected_result) { - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); // Construct a small but non-trivial circuit - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; @@ -375,17 +387,20 @@ TEST_F(StandardHonkComposerTests, SumcheckEvaluations) d += 1; }; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } - auto prover = composer.create_prover(); - auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); + auto proof = prover.construct_proof(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); ASSERT_EQ(verified, expected_result); }; @@ -394,13 +409,14 @@ TEST_F(StandardHonkComposerTests, SumcheckEvaluations) } TEST(StandardGrumpkinHonkComposer, BaseCase) { - auto composer = StandardGrumpkinHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = 1; - composer.circuit_constructor.add_variable(a); + circuit_constructor.add_variable(a); - auto prover = composer.create_prover(); + auto composer = StandardGrumpkinHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); ASSERT_TRUE(verified); } diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index c37dc4da08..db214e0d1b 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -78,8 +78,6 @@ template class UltraHonkComposer_ { barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - void finalize_circuit() { circuit_constructor.finalize_circuit(); }; - UltraProver_ create_prover() { return composer_helper.create_prover(circuit_constructor); }; UltraVerifier_ create_verifier() { return composer_helper.create_verifier(circuit_constructor); }; diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index a0cb4d0c22..5daabab7aa 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,20 +1,21 @@ -#include "ultra_honk_composer.hpp" +#include +#include +#include +#include +#include + #include "barretenberg/common/log.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/ultra_prover.hpp" #include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" -#include -#include #include "barretenberg/honk/proof_system/prover.hpp" #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" #include "barretenberg/honk/sumcheck/relations/permutation_relation.hpp" #include "barretenberg/honk/utils/grand_product_delta.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" -#include -#include -#include - using namespace proof_system::honk; namespace test_ultra_honk_composer { @@ -23,30 +24,19 @@ namespace { auto& engine = numeric::random::get_debug_engine(); } -std::vector add_variables(auto& composer, std::vector variables) +std::vector add_variables(auto& circuit_constructor, std::vector variables) { std::vector res; for (size_t i = 0; i < variables.size(); i++) { - res.emplace_back(composer.add_variable(variables[i])); + res.emplace_back(circuit_constructor.add_variable(variables[i])); } return res; } -bool construct_and_verify_proof(auto& composer) +void prove_and_verify(auto& circuit_constructor, auto& composer, bool expected_result) { - auto prover = composer.create_prover(); - auto proof = prover.construct_proof(); - - auto verifier = composer.create_verifier(); - bool result = verifier.verify_proof(proof); - - return result; -} - -void prove_and_verify(auto& composer, bool expected_result) -{ - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); auto proof = prover.construct_proof(); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); @@ -75,10 +65,12 @@ class UltraHonkComposerTests : public ::testing::Test { */ TEST_F(UltraHonkComposerTests, ANonZeroPolynomialIsAGoodPolynomial) { - auto composer = UltraHonkComposer(); - // The composer should call add_gates_to_ensure_all_polys_are_non_zero by default + auto circuit_constructor = UltraCircuitConstructor(); + + circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto proof = prover.construct_proof(); for (auto& poly : prover.key->get_selectors()) { @@ -96,7 +88,7 @@ TEST_F(UltraHonkComposerTests, ANonZeroPolynomialIsAGoodPolynomial) TEST_F(UltraHonkComposerTests, XorConstraint) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); uint32_t left_value = engine.get_random_uint32(); uint32_t right_value = engine.get_random_uint32(); @@ -104,8 +96,8 @@ TEST_F(UltraHonkComposerTests, XorConstraint) fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t xor_result_expected = left_value ^ right_value; @@ -115,28 +107,29 @@ TEST_F(UltraHonkComposerTests, XorConstraint) [0]; // The zeroth index in the 3rd column is the fully accumulated xor EXPECT_EQ(xor_result, xor_result_expected); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::UINT32_XOR, lookup_accumulators, left_witness_index, right_witness_index); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(barretenberg::srs::get_crs_factory()); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, create_gates_from_plookup_accumulators) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); barretenberg::fr input_value = fr::random_element(); const fr input_hi = uint256_t(input_value).slice(126, 256); const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = circuit_constructor.add_variable(input_hi); + const auto input_lo_index = circuit_constructor.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - const auto lookup_witnesses_hi = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_hi = circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_lo = circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); std::vector expected_x; @@ -184,27 +177,29 @@ TEST_F(UltraHonkComposerTests, create_gates_from_plookup_accumulators) } size_t hi_shift = 126; - const fr hi_cumulative = composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][0]); + const fr hi_cumulative = circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][0]); for (size_t i = 0; i < num_lookups_lo; ++i) { const fr hi_mult = fr(uint256_t(1) << hi_shift); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C1][i]) + (hi_cumulative * hi_mult), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C1][i]) + + (hi_cumulative * hi_mult), expected_scalars[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C2][i]), expected_x[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C3][i]), expected_y[i]); + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C2][i]), expected_x[i]); + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_lo[plookup::ColumnIdx::C3][i]), expected_y[i]); hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][i]), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C1][i]), expected_scalars[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C2][i]), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C2][i]), expected_x[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C3][i]), + EXPECT_EQ(circuit_constructor.get_variable(lookup_witnesses_hi[plookup::ColumnIdx::C3][i]), expected_y[i + num_lookups_lo]); } - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); auto proof = prover.construct_proof(); bool result = verifier.verify_proof(proof); @@ -214,190 +209,202 @@ TEST_F(UltraHonkComposerTests, create_gates_from_plookup_accumulators) TEST_F(UltraHonkComposerTests, test_no_lookup_proof) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); for (size_t i = 0; i < 16; ++i) { for (size_t j = 0; j < 16; ++j) { uint64_t left = static_cast(j); uint64_t right = static_cast(i); - uint32_t left_idx = composer.add_variable(fr(left)); - uint32_t right_idx = composer.add_variable(fr(right)); - uint32_t result_idx = composer.add_variable(fr(left ^ right)); + uint32_t left_idx = circuit_constructor.add_variable(fr(left)); + uint32_t right_idx = circuit_constructor.add_variable(fr(right)); + uint32_t result_idx = circuit_constructor.add_variable(fr(left ^ right)); - uint32_t add_idx = composer.add_variable(fr(left) + fr(right) + composer.get_variable(result_idx)); - composer.create_big_add_gate( + uint32_t add_idx = + circuit_constructor.add_variable(fr(left) + fr(right) + circuit_constructor.get_variable(result_idx)); + circuit_constructor.create_big_add_gate( { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); } } - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, test_elliptic_gate) { typedef grumpkin::g1::affine_element affine_element; typedef grumpkin::g1::element element; - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; affine_element p3(element(p1) + element(p2)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = circuit_constructor.add_variable(p1.x); + uint32_t y1 = circuit_constructor.add_variable(p1.y); + uint32_t x2 = circuit_constructor.add_variable(p2.x); + uint32_t y2 = circuit_constructor.add_variable(p2.y); + uint32_t x3 = circuit_constructor.add_variable(p3.x); + uint32_t y3 = circuit_constructor.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); affine_element p2_endo = p2; p2_endo.x *= beta; p3 = affine_element(element(p1) + element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = circuit_constructor.add_variable(p3.x); + y3 = circuit_constructor.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); p2_endo.x *= beta; p3 = affine_element(element(p1) - element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = circuit_constructor.add_variable(p3.x); + y3 = circuit_constructor.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, non_trivial_tag_permutation) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(b); + auto d_idx = circuit_constructor.add_variable(a); - composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, d_idx, composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { a_idx, b_idx, circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { c_idx, d_idx, circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + circuit_constructor.create_tag(1, 2); + circuit_constructor.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + circuit_constructor.assign_tag(a_idx, 1); + circuit_constructor.assign_tag(b_idx, 1); + circuit_constructor.assign_tag(c_idx, 2); + circuit_constructor.assign_tag(d_idx, 2); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, non_trivial_tag_permutation_and_cycles) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr c = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(a); - composer.assert_equal(a_idx, b_idx); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(c); - composer.assert_equal(c_idx, d_idx); - auto e_idx = composer.add_variable(a); - auto f_idx = composer.add_variable(a); - composer.assert_equal(e_idx, f_idx); - auto g_idx = composer.add_variable(c); - auto h_idx = composer.add_variable(c); - composer.assert_equal(g_idx, h_idx); - - composer.create_tag(1, 2); - composer.create_tag(2, 1); - - composer.assign_tag(a_idx, 1); - composer.assign_tag(c_idx, 1); - composer.assign_tag(e_idx, 2); - composer.assign_tag(g_idx, 2); - - composer.create_add_gate( - { b_idx, a_idx, composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, g_idx, composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ e_idx, f_idx, composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - - prove_and_verify(composer, /*expected_result=*/true); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(a); + circuit_constructor.assert_equal(a_idx, b_idx); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(c); + circuit_constructor.assert_equal(c_idx, d_idx); + auto e_idx = circuit_constructor.add_variable(a); + auto f_idx = circuit_constructor.add_variable(a); + circuit_constructor.assert_equal(e_idx, f_idx); + auto g_idx = circuit_constructor.add_variable(c); + auto h_idx = circuit_constructor.add_variable(c); + circuit_constructor.assert_equal(g_idx, h_idx); + + circuit_constructor.create_tag(1, 2); + circuit_constructor.create_tag(2, 1); + + circuit_constructor.assign_tag(a_idx, 1); + circuit_constructor.assign_tag(c_idx, 1); + circuit_constructor.assign_tag(e_idx, 2); + circuit_constructor.assign_tag(g_idx, 2); + + circuit_constructor.create_add_gate( + { b_idx, a_idx, circuit_constructor.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { c_idx, g_idx, circuit_constructor.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + circuit_constructor.create_add_gate( + { e_idx, f_idx, circuit_constructor.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, bad_tag_permutation) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(b); + auto d_idx = circuit_constructor.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.get_zero_idx(), 1, 1, 0, -1 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, 1, 1, 0, 0 }); + circuit_constructor.create_add_gate({ c_idx, d_idx, circuit_constructor.zero_idx, 1, 1, 0, -1 }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + circuit_constructor.create_tag(1, 2); + circuit_constructor.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + circuit_constructor.assign_tag(a_idx, 1); + circuit_constructor.assign_tag(b_idx, 1); + circuit_constructor.assign_tag(c_idx, 2); + circuit_constructor.assign_tag(d_idx, 2); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } // same as above but with turbocomposer to check reason of failue is really tag mismatch TEST_F(UltraHonkComposerTests, bad_tag_turbo_permutation) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(b); + auto d_idx = circuit_constructor.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.get_zero_idx(), 1, 1, 0, -1 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, 1, 1, 0, 0 }); + circuit_constructor.create_add_gate({ c_idx, d_idx, circuit_constructor.zero_idx, 1, 1, 0, -1 }); - // composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), - // fr::zero() }); composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), fr::neg_one(), - // fr::zero(), fr::zero() }); composer.create_add_gate({ a_idx, b_idx, composer.get_zero_idx(), fr::one(), - // fr::neg_one(), fr::zero(), fr::zero() }); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto composer = UltraHonkComposerHelper(); + // circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, fr::one(), fr::neg_one(), + // fr::zero(), fr::zero() }); circuit_constructor.create_add_gate({ a_idx, b_idx, circuit_constructor.zero_idx, + // fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); circuit_constructor.create_add_gate({ a_idx, b_idx, + // circuit_constructor.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + auto prover = composer.create_prover(circuit_constructor); + auto verifier = composer.create_verifier(circuit_constructor); - prove_and_verify(composer, /*expected_result=*/true); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, sort_widget) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(4); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, sort_with_edges_gate) @@ -413,241 +420,271 @@ TEST_F(UltraHonkComposerTests, sort_with_edges_gate) fr h = fr(8); { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); - - prove_and_verify(composer, /*expected_result=*/true); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); - - prove_and_verify(composer, /*expected_result=*/false); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - prove_and_verify(composer, /*expected_result=*/false); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto a_idx = composer.add_variable(a); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - auto b2_idx = composer.add_variable(fr(15)); - composer.create_sort_constraint_with_edges({ a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - prove_and_verify(composer, /*expected_result=*/false); + auto circuit_constructor = UltraCircuitConstructor(); + auto a_idx = circuit_constructor.add_variable(a); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + auto e_idx = circuit_constructor.add_variable(e); + auto f_idx = circuit_constructor.add_variable(f); + auto g_idx = circuit_constructor.add_variable(g); + auto h_idx = circuit_constructor.add_variable(h); + auto b2_idx = circuit_constructor.add_variable(fr(15)); + circuit_constructor.create_sort_constraint_with_edges( + { a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - composer.create_sort_constraint_with_edges(idx, 1, 45); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + circuit_constructor.create_sort_constraint_with_edges(idx, 1, 45); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - - composer.create_sort_constraint_with_edges(idx, 1, 29); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + circuit_constructor.create_sort_constraint_with_edges(idx, 1, 29); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } } TEST_F(UltraHonkComposerTests, range_constraint) { { - auto composer = UltraHonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + circuit_constructor.create_new_range_constraint(indices[i], 8); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_sort_constraint(indices); + circuit_constructor.create_sort_constraint(indices); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto indices = add_variables(composer, { 3 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, { 3 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 3); + circuit_constructor.create_new_range_constraint(indices[i], 3); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 8, 25 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 8, 25 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + circuit_constructor.create_new_range_constraint(indices[i], 8); } - composer.create_sort_constraint(indices); + circuit_constructor.create_sort_constraint(indices); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto indices = - add_variables(composer, { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, + { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 128); + circuit_constructor.create_new_range_constraint(indices[i], 128); } - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); - auto indices = - add_variables(composer, { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, + { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + circuit_constructor.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } { - auto composer = UltraHonkComposer(); - auto indices = - add_variables(composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto indices = add_variables(circuit_constructor, + { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + circuit_constructor.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); + circuit_constructor.create_dummy_constraints(indices); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } } TEST_F(UltraHonkComposerTests, range_with_gates) { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 8); + circuit_constructor.create_new_range_constraint(idx[i], 8); } - composer.create_add_gate({ idx[0], idx[1], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - - prove_and_verify(composer, /*expected_result=*/true); + circuit_constructor.create_add_gate( + { idx[0], idx[1], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + circuit_constructor.create_add_gate( + { idx[2], idx[3], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + circuit_constructor.create_add_gate( + { idx[4], idx[5], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + circuit_constructor.create_add_gate( + { idx[6], idx[7], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, range_with_gates_where_range_is_not_a_power_of_two) { - auto composer = UltraHonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto circuit_constructor = UltraCircuitConstructor(); + auto idx = add_variables(circuit_constructor, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 12); + circuit_constructor.create_new_range_constraint(idx[i], 12); } - composer.create_add_gate({ idx[0], idx[1], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - - prove_and_verify(composer, /*expected_result=*/true); + circuit_constructor.create_add_gate( + { idx[0], idx[1], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + circuit_constructor.create_add_gate( + { idx[2], idx[3], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + circuit_constructor.create_add_gate( + { idx[4], idx[5], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + circuit_constructor.create_add_gate( + { idx[6], idx[7], circuit_constructor.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, sort_widget_complex) { { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); std::vector a = { 1, 3, 4, 7, 7, 8, 11, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); + ind.emplace_back(circuit_constructor.add_variable(a[i])); + circuit_constructor.create_sort_constraint(ind); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); + ind.emplace_back(circuit_constructor.add_variable(a[i])); + circuit_constructor.create_sort_constraint(ind); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } } TEST_F(UltraHonkComposerTests, sort_widget_neg) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(8); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = circuit_constructor.add_variable(a); + auto b_idx = circuit_constructor.add_variable(b); + auto c_idx = circuit_constructor.add_variable(c); + auto d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - prove_and_verify(composer, /*expected_result=*/false); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/false); } TEST_F(UltraHonkComposerTests, composed_range_constraint) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); auto c = fr::random_element(); auto d = uint256_t(c).slice(0, 133); auto e = fr(d); - auto a_idx = composer.add_variable(fr(e)); - composer.create_add_gate({ a_idx, composer.get_zero_idx(), composer.get_zero_idx(), 1, 0, 0, -fr(e) }); - composer.decompose_into_default_range(a_idx, 134); + auto a_idx = circuit_constructor.add_variable(fr(e)); + circuit_constructor.create_add_gate( + { a_idx, circuit_constructor.zero_idx, circuit_constructor.zero_idx, 1, 0, 0, -fr(e) }); + circuit_constructor.decompose_into_default_range(a_idx, 134); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, non_native_field_multiplication) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fq a = fq::random_element(); fq b = fq::random_element(); @@ -676,11 +713,11 @@ TEST_F(UltraHonkComposerTests, non_native_field_multiplication) const auto get_limb_witness_indices = [&](const std::array& limbs) { std::array limb_indices; - limb_indices[0] = composer.add_variable(limbs[0]); - limb_indices[1] = composer.add_variable(limbs[1]); - limb_indices[2] = composer.add_variable(limbs[2]); - limb_indices[3] = composer.add_variable(limbs[3]); - limb_indices[4] = composer.add_variable(limbs[4]); + limb_indices[0] = circuit_constructor.add_variable(limbs[0]); + limb_indices[1] = circuit_constructor.add_variable(limbs[1]); + limb_indices[2] = circuit_constructor.add_variable(limbs[2]); + limb_indices[3] = circuit_constructor.add_variable(limbs[3]); + limb_indices[4] = circuit_constructor.add_variable(limbs[4]); return limb_indices; }; const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); @@ -694,38 +731,40 @@ TEST_F(UltraHonkComposerTests, non_native_field_multiplication) proof_system::UltraCircuitConstructor::non_native_field_witnesses inputs{ a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), }; - const auto [lo_1_idx, hi_1_idx] = composer.evaluate_non_native_field_multiplication(inputs); - composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); + const auto [lo_1_idx, hi_1_idx] = circuit_constructor.evaluate_non_native_field_multiplication(inputs); + circuit_constructor.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, rom) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); uint32_t rom_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t rom_id = composer.create_ROM_array(8); + size_t rom_id = circuit_constructor.create_ROM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.set_ROM_element(rom_id, i, rom_values[i]); + circuit_constructor.set_ROM_element(rom_id, i, rom_values[i]); } - uint32_t a_idx = composer.read_ROM_array(rom_id, composer.add_variable(5)); + uint32_t a_idx = circuit_constructor.read_ROM_array(rom_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = composer.read_ROM_array(rom_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_ROM_array(rom_id, composer.add_variable(1)); + uint32_t b_idx = circuit_constructor.read_ROM_array(rom_id, circuit_constructor.add_variable(4)); + uint32_t c_idx = circuit_constructor.read_ROM_array(rom_id, circuit_constructor.add_variable(1)); - const auto d_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx); - uint32_t d_idx = composer.add_variable(d_value); + const auto d_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx); + uint32_t d_idx = circuit_constructor.add_variable(d_value); - composer.create_big_add_gate({ + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, @@ -737,43 +776,45 @@ TEST_F(UltraHonkComposerTests, rom) 0, }); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST_F(UltraHonkComposerTests, ram) { - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = circuit_constructor.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + circuit_constructor.init_RAM_element(ram_id, i, ram_values[i]); } - uint32_t a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + uint32_t a_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - uint32_t b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + uint32_t b_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); + uint32_t c_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - uint32_t d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + circuit_constructor.write_RAM_array( + ram_id, circuit_constructor.add_variable(4), circuit_constructor.add_variable(500)); + uint32_t d_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(circuit_constructor.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - uint32_t e_idx = composer.add_variable(e_value); + const auto e_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx) + circuit_constructor.get_variable(d_idx); + uint32_t e_idx = circuit_constructor.add_variable(e_value); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate( { a_idx, b_idx, @@ -786,11 +827,11 @@ TEST_F(UltraHonkComposerTests, ram) 0, }, true); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate( { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, e_idx, 0, 0, @@ -800,12 +841,15 @@ TEST_F(UltraHonkComposerTests, ram) }, false); - prove_and_verify(composer, /*expected_result=*/true); + auto composer = UltraHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } TEST(UltraGrumpkinHonkComposer, XorConstraint) { - auto composer = UltraGrumpkinHonkComposer(); + // NOTE: as a WIP, this test may not actually use the Grumpkin SRS (just the IPA PCS). + + auto circuit_constructor = UltraCircuitConstructor(); uint32_t left_value = engine.get_random_uint32(); uint32_t right_value = engine.get_random_uint32(); @@ -813,8 +857,8 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t xor_result_expected = left_value ^ right_value; @@ -824,32 +868,34 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) [0]; // The zeroth index in the 3rd column is the fully accumulated xor EXPECT_EQ(xor_result, xor_result_expected); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::UINT32_XOR, lookup_accumulators, left_witness_index, right_witness_index); - prove_and_verify(composer, /*expected_result=*/true); + barretenberg::srs::init_crs_factory("../srs_db/ignition"); + auto composer = UltraGrumpkinHonkComposerHelper(); + prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); } // TODO(#378)(luke): this is a recent update from Zac and fails; do we need a corresponding bug fix in ultra circuit // c_Fonstructor? TEST(UltraHonkComposerTests, range_checks_on_duplicates) // { -// auto composer = UltraHonkComposer(); +// auto composer = UltraHonkComposerHelper(); -// uint32_t a = composer.add_variable(100); -// uint32_t b = composer.add_variable(100); -// uint32_t c = composer.add_variable(100); -// uint32_t d = composer.add_variable(100); +// uint32_t a = circuit_constructor.add_variable(100); +// uint32_t b = circuit_constructor.add_variable(100); +// uint32_t c = circuit_constructor.add_variable(100); +// uint32_t d = circuit_constructor.add_variable(100); -// composer.assert_equal(a, b); -// composer.assert_equal(a, c); -// composer.assert_equal(a, d); +// circuit_constructor.assert_equal(a, b); +// circuit_constructor.assert_equal(a, c); +// circuit_constructor.assert_equal(a, d); -// composer.create_new_range_constraint(a, 1000); -// composer.create_new_range_constraint(b, 1001); -// composer.create_new_range_constraint(c, 999); -// composer.create_new_range_constraint(d, 1000); +// circuit_constructor.create_new_range_constraint(a, 1000); +// circuit_constructor.create_new_range_constraint(b, 1001); +// circuit_constructor.create_new_range_constraint(c, 999); +// circuit_constructor.create_new_range_constraint(d, 1000); -// composer.create_big_add_gate( +// circuit_constructor.create_big_add_gate( // { // a, // b, @@ -863,7 +909,7 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) // }, // false); -// prove_and_verify(composer, /*expected_result=*/true); +// prove_and_verify(circuit_constructor, composer, /*expected_result=*/true); // } // TODO(#378)(luke): this is a new test from Zac; ultra circuit constructor does not yet have create_range_constraint @@ -874,22 +920,22 @@ TEST(UltraGrumpkinHonkComposer, XorConstraint) // // before range constraints are applied to it. // T_FEST(UltraHonkComposerTests, range_constraint_small_variable) // { -// auto composer = UltraHonkComposer(); +// auto composer = UltraHonkComposerHelper(); // uint16_t mask = (1 << 8) - 1; // int a = engine.get_random_uint16() & mask; -// uint32_t a_idx = composer.add_variable(fr(a)); -// uint32_t b_idx = composer.add_variable(fr(a)); +// uint32_t a_idx = circuit_constructor.add_variable(fr(a)); +// uint32_t b_idx = circuit_constructor.add_variable(fr(a)); // ASSERT_NE(a_idx, b_idx); -// uint32_t c_idx = composer.add_variable(fr(a)); +// uint32_t c_idx = circuit_constructor.add_variable(fr(a)); // ASSERT_NE(c_idx, b_idx); // composer.create_range_constraint(b_idx, 8, "bad range"); -// composer.assert_equal(a_idx, b_idx); +// circuit_constructor.assert_equal(a_idx, b_idx); // composer.create_range_constraint(c_idx, 8, "bad range"); -// composer.assert_equal(a_idx, c_idx); +// circuit_constructor.assert_equal(a_idx, c_idx); -// auto prover = composer.create_prover(); +// auto prover = composer.create_prover(circuit_constructor); // auto proof = prover.construct_proof(); -// auto verifier = composer.create_verifier(); +// auto verifier = composer.create_verifier(circuit_constructor); // bool result = verifier.verify_proof(proof); // EXPECT_EQ(result, true); // } diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 98fba9b942..b2616e1673 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -1,7 +1,7 @@ #include -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/sumcheck/relations/relation_parameters.hpp" #include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" @@ -82,22 +82,24 @@ TEST_F(RelationCorrectnessTests, StandardRelationCorrectness) // using ClaimedEvaluations = typename Flavor::ClaimedEvaluations; // Create a composer and a dummy circuit with a few gates - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto circuit_size = prover.key->circuit_size; // Generate beta and gamma @@ -105,7 +107,7 @@ TEST_F(RelationCorrectnessTests, StandardRelationCorrectness) fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); @@ -173,55 +175,55 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) // Create a composer and then add an assortment of gates designed to ensure that the constraint(s) represented // by each relation are non-trivially exercised. - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); barretenberg::fr pedersen_input_value = fr::random_element(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly - // TODO(luke): add method "add_public_variable" to UH composer - // uint32_t a_idx = composer.add_public_variable(a); + // TODO(luke): add method "add_public_variable" to UH circuit_constructor + // uint32_t a_idx = circuit_constructor.add_public_variable(a); // Add some basic add gates - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); - composer.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); } // Add a big add gate with use of next row to test q_arith = 2 fr e = a + b + c + d; - uint32_t e_idx = composer.add_variable(e); + uint32_t e_idx = circuit_constructor.add_variable(e); - uint32_t zero_idx = composer.get_zero_idx(); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row - composer.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); + uint32_t zero_idx = circuit_constructor.zero_idx; + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row + circuit_constructor.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); // Add some lookup gates (related to pedersen hashing) const fr input_hi = uint256_t(pedersen_input_value).slice(126, 256); const fr input_lo = uint256_t(pedersen_input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = circuit_constructor.add_variable(input_hi); + const auto input_lo_index = circuit_constructor.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); // Add a sort gate (simply checks that consecutive inputs have a difference of < 4) - a_idx = composer.add_variable(FF(0)); - b_idx = composer.add_variable(FF(1)); - c_idx = composer.add_variable(FF(2)); - d_idx = composer.add_variable(FF(3)); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + a_idx = circuit_constructor.add_variable(FF(0)); + b_idx = circuit_constructor.add_variable(FF(1)); + c_idx = circuit_constructor.add_variable(FF(2)); + d_idx = circuit_constructor.add_variable(FF(3)); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); // Add an elliptic curve addition gate grumpkin::g1::affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; @@ -233,52 +235,53 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) grumpkin::g1::affine_element p3(grumpkin::g1::element(p1) - grumpkin::g1::element(p2_endo)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = circuit_constructor.add_variable(p1.x); + uint32_t y1 = circuit_constructor.add_variable(p1.y); + uint32_t x2 = circuit_constructor.add_variable(p2.x); + uint32_t y2 = circuit_constructor.add_variable(p2.y); + uint32_t x3 = circuit_constructor.add_variable(p3.x); + uint32_t y3 = circuit_constructor.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, beta_scalar, -1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); // Add some RAM gates uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = circuit_constructor.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + circuit_constructor.init_RAM_element(ram_id, i, ram_values[i]); } - a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + a_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + b_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); + c_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + circuit_constructor.write_RAM_array( + ram_id, circuit_constructor.add_variable(4), circuit_constructor.add_variable(500)); + d_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(circuit_constructor.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - e_idx = composer.add_variable(e_value); + const auto e_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx) + circuit_constructor.get_variable(d_idx); + e_idx = circuit_constructor.add_variable(e_value); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); + circuit_constructor.create_big_add_gate( { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, e_idx, 0, 0, @@ -289,7 +292,8 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) false); // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); auto circuit_size = prover.key->circuit_size; // Generate eta, beta and gamma @@ -298,7 +302,7 @@ TEST_F(RelationCorrectnessTests, UltraRelationCorrectness) fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); auto lookup_grand_product_delta = diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp index e0718b3394..f97ec72070 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp @@ -11,8 +11,8 @@ #include "barretenberg/ecc/curves/bn254/fr.hpp" #include #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/lookup_relation.hpp" #include "barretenberg/honk/sumcheck/relations/gen_perm_sort_relation.hpp" @@ -424,29 +424,31 @@ TEST_F(SumcheckTests, RealCircuitStandard) using ProverPolynomials = typename Flavor::ProverPolynomials; // Create a composer and a dummy circuit with a few gates - auto composer = StandardHonkComposer(); + auto circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate( + { d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); } // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); // Generate beta and gamma fr beta = fr::random_element(); fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); @@ -506,51 +508,51 @@ TEST_F(SumcheckTests, RealCircuitUltra) using ProverPolynomials = typename Flavor::ProverPolynomials; // Create a composer and a dummy circuit with a few gates - auto composer = UltraHonkComposer(); + auto circuit_constructor = UltraCircuitConstructor(); fr a = fr::one(); // Add some basic add gates - uint32_t a_idx = composer.add_variable(a); + uint32_t a_idx = circuit_constructor.add_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); - composer.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, 1, 1, -1, 0 }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, 1, -1, -1, 0 }); } // Add a big add gate with use of next row to test q_arith = 2 fr e = a + b + c + d; - uint32_t e_idx = composer.add_variable(e); + uint32_t e_idx = circuit_constructor.add_variable(e); - uint32_t zero_idx = composer.get_zero_idx(); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row - composer.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); + uint32_t zero_idx = circuit_constructor.zero_idx; + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); // use next row + circuit_constructor.create_big_add_gate({ zero_idx, zero_idx, zero_idx, e_idx, 0, 0, 0, 0, 0 }, false); // Add some lookup gates (related to pedersen hashing) barretenberg::fr pedersen_input_value = fr::random_element(); const fr input_hi = uint256_t(pedersen_input_value).slice(126, 256); const fr input_lo = uint256_t(pedersen_input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = circuit_constructor.add_variable(input_hi); + const auto input_lo_index = circuit_constructor.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - composer.create_gates_from_plookup_accumulators( + circuit_constructor.create_gates_from_plookup_accumulators( plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); // Add a sort gate (simply checks that consecutive inputs have a difference of < 4) - a_idx = composer.add_variable(FF(0)); - b_idx = composer.add_variable(FF(1)); - c_idx = composer.add_variable(FF(2)); - d_idx = composer.add_variable(FF(3)); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + a_idx = circuit_constructor.add_variable(FF(0)); + b_idx = circuit_constructor.add_variable(FF(1)); + c_idx = circuit_constructor.add_variable(FF(2)); + d_idx = circuit_constructor.add_variable(FF(3)); + circuit_constructor.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); // Add an elliptic curve addition gate grumpkin::g1::affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; @@ -562,52 +564,53 @@ TEST_F(SumcheckTests, RealCircuitUltra) grumpkin::g1::affine_element p3(grumpkin::g1::element(p1) - grumpkin::g1::element(p2_endo)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = circuit_constructor.add_variable(p1.x); + uint32_t y1 = circuit_constructor.add_variable(p1.y); + uint32_t x2 = circuit_constructor.add_variable(p2.x); + uint32_t y2 = circuit_constructor.add_variable(p2.y); + uint32_t x3 = circuit_constructor.add_variable(p3.x); + uint32_t y3 = circuit_constructor.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, beta_scalar, -1 }; - composer.create_ecc_add_gate(gate); + circuit_constructor.create_ecc_add_gate(gate); // Add some RAM gates uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), + circuit_constructor.add_variable(fr::random_element()), circuit_constructor.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = circuit_constructor.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + circuit_constructor.init_RAM_element(ram_id, i, ram_values[i]); } - a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + a_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + b_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); + c_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + circuit_constructor.write_RAM_array( + ram_id, circuit_constructor.add_variable(4), circuit_constructor.add_variable(500)); + d_idx = circuit_constructor.read_RAM_array(ram_id, circuit_constructor.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(circuit_constructor.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - e_idx = composer.add_variable(e_value); + const auto e_value = circuit_constructor.get_variable(a_idx) + circuit_constructor.get_variable(b_idx) + + circuit_constructor.get_variable(c_idx) + circuit_constructor.get_variable(d_idx); + e_idx = circuit_constructor.add_variable(e_value); - composer.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); - composer.create_big_add_gate( + circuit_constructor.create_big_add_gate({ a_idx, b_idx, c_idx, d_idx, -1, -1, -1, -1, 0 }, true); + circuit_constructor.create_big_add_gate( { - composer.get_zero_idx(), - composer.get_zero_idx(), - composer.get_zero_idx(), + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, + circuit_constructor.zero_idx, e_idx, 0, 0, @@ -618,7 +621,8 @@ TEST_F(SumcheckTests, RealCircuitUltra) false); // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); // Generate eta, beta and gamma fr eta = fr::random_element(); @@ -626,7 +630,7 @@ TEST_F(SumcheckTests, RealCircuitUltra) fr gamma = fr::random_element(); // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + const auto public_inputs = circuit_constructor.get_public_inputs(); auto public_input_delta = honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); auto lookup_grand_product_delta = diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index 1e0ae9f38c..1475e49038 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -1,7 +1,7 @@ #include "transcript.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/honk/flavor/standard.hpp" @@ -122,13 +122,14 @@ TYPED_TEST(TranscriptTests, ProverManifestConsistency) { using Flavor = TypeParam; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = StandardHonkComposer_(); fr a = 1; - composer.circuit_constructor.add_variable(a); - composer.circuit_constructor.add_public_variable(a); + auto circuit_constructor = proof_system::StandardCircuitConstructor(); + circuit_constructor.add_variable(a); + circuit_constructor.add_public_variable(a); // Automatically generate a transcript manifest by constructing a proof - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper_(); + auto prover = composer.create_prover(circuit_constructor); plonk::proof proof = prover.construct_proof(); // Check that the prover generated manifest agrees with the manifest hard coded in this suite @@ -149,17 +150,18 @@ TYPED_TEST(TranscriptTests, VerifierManifestConsistency) { using Flavor = TypeParam; // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = StandardHonkComposer_(); + auto circuit_constructor = proof_system::StandardCircuitConstructor(); fr a = 1; - composer.circuit_constructor.add_variable(a); - composer.circuit_constructor.add_public_variable(a); + circuit_constructor.add_variable(a); + circuit_constructor.add_public_variable(a); // Automatically generate a transcript manifest in the prover by constructing a proof - auto prover = composer.create_prover(); + auto composer = StandardHonkComposerHelper_(); + auto prover = composer.create_prover(circuit_constructor); plonk::proof proof = prover.construct_proof(); // Automatically generate a transcript manifest in the verifier by verifying a proof - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); verifier.verify_proof(proof); prover.transcript.print(); verifier.transcript.print(); @@ -285,19 +287,21 @@ TYPED_TEST(TranscriptTests, VerifierMistake) TYPED_TEST(TranscriptTests, UltraVerifierManifestConsistency) { // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size) - auto composer = UltraHonkComposer(); + auto circuit_constructor = proof_system::UltraCircuitConstructor(); + // fr a = 2; - // composer.circuit_constructor.add_variable(a); - // composer.circuit_constructor.add_public_variable(a); + // circuit_constructor.add_variable(a); + // circuit_constructor.add_public_variable(a); - composer.add_gates_to_ensure_all_polys_are_non_zero(); + circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); // Automatically generate a transcript manifest in the prover by constructing a proof - auto prover = composer.create_prover(); + auto composer = UltraHonkComposerHelper(); + auto prover = composer.create_prover(circuit_constructor); plonk::proof proof = prover.construct_proof(); // Automatically generate a transcript manifest in the verifier by verifying a proof - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(circuit_constructor); verifier.verify_proof(proof); prover.transcript.print(); diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp index 580c67bf8a..97ee933c77 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.cpp @@ -165,7 +165,7 @@ void UltraPlonkComposerHelper::compute_witness(CircuitConstructor& circuit_const UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); @@ -211,7 +211,7 @@ UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_ */ UltraToStandardProver UltraPlonkComposerHelper::create_ultra_to_standard_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); @@ -257,7 +257,7 @@ UltraToStandardProver UltraPlonkComposerHelper::create_ultra_to_standard_prover( */ UltraWithKeccakProver UltraPlonkComposerHelper::create_ultra_with_keccak_prover(CircuitConstructor& circuit_constructor) { - finalize_circuit(circuit_constructor); + circuit_constructor.finalize_circuit(); compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp index bcd81480f4..8417a9f2e0 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp @@ -34,6 +34,12 @@ class UltraPlonkComposerHelper { // vanishing_polynomial cannot be trivially fetched here, I am directly setting this to 4 - 1 = 3. static constexpr size_t s_randomness = 3; + UltraPlonkComposerHelper() + : UltraPlonkComposerHelper("../srs_db/ignition"){}; + + UltraPlonkComposerHelper(std::string const& crs_path) + : UltraPlonkComposerHelper(std::make_unique(crs_path)){}; + explicit UltraPlonkComposerHelper(std::shared_ptr crs_factory) : crs_factory_(std::move(crs_factory)) {} @@ -70,8 +76,6 @@ class UltraPlonkComposerHelper { [[nodiscard]] size_t get_num_selectors() { return ultra_selector_properties().size(); } - void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; - std::shared_ptr compute_proving_key(CircuitConstructor& circuit_constructor); std::shared_ptr compute_verification_key(CircuitConstructor& circuit_constructor); diff --git a/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp index c1ffafe0cd..84bfdefc02 100644 --- a/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.test.cpp @@ -1,11 +1,13 @@ -#include "standard_plonk_composer.hpp" #include #include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/crypto/generators/generator_data.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; namespace { auto& engine = numeric::random::get_debug_engine(); @@ -13,26 +15,28 @@ auto& engine = numeric::random::get_debug_engine(); TEST(standard_plonk_composer, base_case) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); - plonk::Prover prover = composer.create_prover(); - plonk::Verifier verifier = composer.create_verifier(); + builder.add_public_variable(a); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } TEST(standard_plonk_composer, composer_from_serialized_keys) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - auto pk_buf = to_buffer(*composer.compute_proving_key()); - auto vk_buf = to_buffer(*composer.compute_verification_key()); + auto pk_buf = to_buffer(*composer.compute_proving_key(builder)); + auto vk_buf = to_buffer(*composer.compute_verification_key(builder)); auto pk_data = from_buffer(pk_buf); auto vk_data = from_buffer(vk_buf); @@ -41,11 +45,12 @@ TEST(standard_plonk_composer, composer_from_serialized_keys) std::make_shared(std::move(pk_data), crs->get_prover_crs(pk_data.circuit_size + 1)); auto verification_key = std::make_shared(std::move(vk_data), crs->get_verifier_crs()); - plonk::StandardPlonkComposer composer2 = plonk::StandardPlonkComposer(proving_key, verification_key); - composer2.add_public_variable(a); + auto builder2 = StandardCircuitConstructor(); + auto composer2 = StandardPlonkComposerHelper(); + builder2.add_public_variable(a); - plonk::Prover prover = composer2.create_prover(); - plonk::Verifier verifier = composer2.create_verifier(); + auto prover = composer2.create_prover(builder2); + auto verifier = composer2.create_verifier(builder2); plonk::proof proof = prover.construct_proof(); @@ -55,66 +60,68 @@ TEST(standard_plonk_composer, composer_from_serialized_keys) TEST(standard_plonk_composer, test_add_gate_proofs) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = builder.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - plonk::Prover prover = composer.create_prover(); - - plonk::Verifier verifier = composer.create_verifier(); + // uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + auto prover = composer.create_prover(builder); + + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } TEST(standard_plonk_composer, test_mul_gate_proofs) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -126,64 +133,64 @@ TEST(standard_plonk_composer, test_mul_gate_proofs) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - plonk::Prover prover = composer.create_prover(); - - plonk::Verifier verifier = composer.create_verifier(); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + auto prover = composer.create_prover(builder); + + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -193,21 +200,22 @@ TEST(standard_plonk_composer, test_mul_gate_proofs) TEST(standard_plonk_composer, range_constraint) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = builder.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); + std::vector accumulators = builder.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); - fr source = composer.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); + fr source = builder.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } @@ -218,14 +226,14 @@ TEST(standard_plonk_composer, range_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -236,16 +244,17 @@ TEST(standard_plonk_composer, range_constraint) TEST(standard_plonk_composer, range_constraint_fail) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); uint64_t value = 0xffffff; - uint32_t witness_index = composer.add_variable(fr(value)); + uint32_t witness_index = builder.add_variable(fr(value)); - composer.decompose_into_base4_accumulators(witness_index, 23); + builder.decompose_into_base4_accumulators(witness_index, 23); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -256,38 +265,39 @@ TEST(standard_plonk_composer, range_constraint_fail) TEST(standard_plonk_composer, and_constraint) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value & right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); - // composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + // builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected & right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -309,14 +319,14 @@ TEST(standard_plonk_composer, and_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -327,37 +337,38 @@ TEST(standard_plonk_composer, and_constraint) TEST(standard_plonk_composer, xor_constraint) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value ^ right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected ^ right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -379,14 +390,14 @@ TEST(standard_plonk_composer, xor_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -397,21 +408,22 @@ TEST(standard_plonk_composer, xor_constraint) TEST(standard_plonk_composer, big_add_gate_with_bit_extract) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); - const auto generate_constraints = [&composer](uint32_t quad_value) { + const auto generate_constraints = [&](uint32_t quad_value) { uint32_t quad_accumulator_left = (engine.get_random_uint32() & 0x3fffffff) - quad_value; // make sure this won't overflow uint32_t quad_accumulator_right = (4 * quad_accumulator_left) + quad_value; - uint32_t left_idx = composer.add_variable(uint256_t(quad_accumulator_left)); - uint32_t right_idx = composer.add_variable(uint256_t(quad_accumulator_right)); + uint32_t left_idx = builder.add_variable(uint256_t(quad_accumulator_left)); + uint32_t right_idx = builder.add_variable(uint256_t(quad_accumulator_right)); uint32_t input = engine.get_random_uint32(); uint32_t output = input + (quad_value > 1 ? 1 : 0); - add_quad gate{ composer.add_variable(uint256_t(input)), - composer.add_variable(uint256_t(output)), + add_quad gate{ builder.add_variable(uint256_t(input)), + builder.add_variable(uint256_t(output)), right_idx, left_idx, fr(6), @@ -420,7 +432,7 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) fr::zero(), fr::zero() }; - composer.create_big_add_gate_with_bit_extraction(gate); + builder.create_big_add_gate_with_bit_extraction(gate); }; generate_constraints(0); @@ -428,9 +440,9 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) generate_constraints(2); generate_constraints(3); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -441,13 +453,14 @@ TEST(standard_plonk_composer, big_add_gate_with_bit_extract) TEST(standard_plonk_composer, test_range_constraint_fail) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); - uint32_t witness_index = composer.add_variable(fr::neg_one()); - composer.decompose_into_base4_accumulators(witness_index, 32); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); + uint32_t witness_index = builder.add_variable(fr::neg_one()); + builder.decompose_into_base4_accumulators(witness_index, 32); - plonk::Prover prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - plonk::Verifier verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -458,40 +471,42 @@ TEST(standard_plonk_composer, test_range_constraint_fail) TEST(standard_plonk_composer, test_check_circuit_correct) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = builder.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_plonk_composer, test_check_circuit_broken) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = builder.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c + 1; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, false); } diff --git a/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp index 780d2715d2..187ba10f86 100644 --- a/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.test.cpp @@ -1,11 +1,14 @@ -#include "turbo_plonk_composer.hpp" +#include + #include "barretenberg/crypto/generators/generator_data.hpp" #include "barretenberg/crypto/generators/fixed_base_scalar_mul.hpp" -#include +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; using namespace crypto::generators; namespace proof_system::plonk::test_turbo_plonk_composer { @@ -15,12 +18,13 @@ auto& engine = numeric::random::get_debug_engine(); TEST(turbo_plonk_composer, base_case) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -30,12 +34,13 @@ TEST(turbo_plonk_composer, base_case) TEST(turbo_plonk_composer, composer_from_serialized_keys) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - auto pk_buf = to_buffer(*composer.compute_proving_key()); - auto vk_buf = to_buffer(*composer.compute_verification_key()); + auto pk_buf = to_buffer(*composer.compute_proving_key(builder)); + auto vk_buf = to_buffer(*composer.compute_verification_key(builder)); auto pk_data = from_buffer(pk_buf); auto vk_data = from_buffer(vk_buf); @@ -44,11 +49,12 @@ TEST(turbo_plonk_composer, composer_from_serialized_keys) std::make_shared(std::move(pk_data), crs->get_prover_crs(pk_data.circuit_size + 1)); auto verification_key = std::make_shared(std::move(vk_data), crs->get_verifier_crs()); - TurboPlonkComposer composer2 = TurboPlonkComposer(proving_key, verification_key); - composer2.add_public_variable(a); + auto builder2 = TurboCircuitConstructor(); + auto composer2 = TurboPlonkComposerHelper(proving_key, verification_key); + builder2.add_public_variable(a); - auto prover = composer2.create_prover(); - auto verifier = composer2.create_verifier(); + auto prover = composer2.create_prover(builder); + auto verifier = composer2.create_verifier(builder); proof proof = prover.construct_proof(); @@ -58,70 +64,72 @@ TEST(turbo_plonk_composer, composer_from_serialized_keys) TEST(turbo_plonk_composer, test_add_gate_proofs) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); // TODO: proof fails if one wire contains all zeros. Should we support this? - uint32_t zero_idx = composer.add_variable(fr::zero()); + uint32_t zero_idx = builder.add_variable(fr::zero()); - composer.create_big_add_gate( + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, a_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_mul_gate_proofs) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -133,71 +141,71 @@ TEST(turbo_plonk_composer, test_mul_gate_proofs) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_public_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t a_idx = builder.add_public_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - uint32_t e_idx = composer.add_variable(a - fr::one()); - composer.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); - auto prover = composer.create_prover(); + uint32_t e_idx = builder.add_variable(a - fr::one()); + builder.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -275,15 +283,16 @@ TEST(turbo_plonk_composer, small_scalar_multipliers) origin_points[0].y, (origin_points[0].y - origin_points[1].y) }; - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; - round_quad.d = composer.add_variable(accumulator_transcript[i]); - round_quad.a = composer.add_variable(multiplication_transcript[i].x); - round_quad.b = composer.add_variable(multiplication_transcript[i].y); - round_quad.c = composer.add_variable(x_alpha); + round_quad.d = builder.add_variable(accumulator_transcript[i]); + round_quad.a = builder.add_variable(multiplication_transcript[i].x); + round_quad.b = builder.add_variable(multiplication_transcript[i].y); + round_quad.c = builder.add_variable(x_alpha); if ((wnaf_entries[i + 1] & 0xffffffU) == 0) { x_alpha = ladder[i + 1].one.x; } else { @@ -295,22 +304,22 @@ TEST(turbo_plonk_composer, small_scalar_multipliers) round_quad.q_y_2 = ladder[i + 1].q_y_2; if (i > 0) { - composer.create_fixed_group_add_gate(round_quad); + builder.create_fixed_group_add_gate(round_quad); } else { - composer.create_fixed_group_add_gate_with_init(round_quad, init_quad); + builder.create_fixed_group_add_gate_with_init(round_quad, init_quad); } } - add_quad add_quad{ composer.add_variable(multiplication_transcript[num_quads].x), - composer.add_variable(multiplication_transcript[num_quads].y), - composer.add_variable(x_alpha), - composer.add_variable(accumulator_transcript[num_quads]), + add_quad add_quad{ builder.add_variable(multiplication_transcript[num_quads].x), + builder.add_variable(multiplication_transcript[num_quads].y), + builder.add_variable(x_alpha), + builder.add_variable(accumulator_transcript[num_quads]), fr::zero(), fr::zero(), fr::zero(), fr::zero(), fr::zero() }; - composer.create_big_add_gate(add_quad); + builder.create_big_add_gate(add_quad); grumpkin::g1::element expected_point = grumpkin::g1::element(generator * scalar_multiplier.to_montgomery_form()).normalize(); @@ -321,9 +330,9 @@ TEST(turbo_plonk_composer, small_scalar_multipliers) uint64_t expected_accumulator = scalar_multiplier.data[0]; EXPECT_EQ(result_accumulator, expected_accumulator); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -405,15 +414,16 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) origin_points[0].y, (origin_points[0].y - origin_points[1].y) }; - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; - round_quad.d = composer.add_variable(accumulator_transcript[i]); - round_quad.a = composer.add_variable(multiplication_transcript[i].x); - round_quad.b = composer.add_variable(multiplication_transcript[i].y); - round_quad.c = composer.add_variable(x_alpha); + round_quad.d = builder.add_variable(accumulator_transcript[i]); + round_quad.a = builder.add_variable(multiplication_transcript[i].x); + round_quad.b = builder.add_variable(multiplication_transcript[i].y); + round_quad.c = builder.add_variable(x_alpha); if ((wnaf_entries[i + 1] & 0xffffffU) == 0) { x_alpha = ladder[i + 1].one.x; } else { @@ -425,22 +435,22 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) round_quad.q_y_2 = ladder[i + 1].q_y_2; if (i > 0) { - composer.create_fixed_group_add_gate(round_quad); + builder.create_fixed_group_add_gate(round_quad); } else { - composer.create_fixed_group_add_gate_with_init(round_quad, init_quad); + builder.create_fixed_group_add_gate_with_init(round_quad, init_quad); } } - add_quad add_quad{ composer.add_variable(multiplication_transcript[num_quads].x), - composer.add_variable(multiplication_transcript[num_quads].y), - composer.add_variable(x_alpha), - composer.add_variable(accumulator_transcript[num_quads]), + add_quad add_quad{ builder.add_variable(multiplication_transcript[num_quads].x), + builder.add_variable(multiplication_transcript[num_quads].y), + builder.add_variable(x_alpha), + builder.add_variable(accumulator_transcript[num_quads]), fr::zero(), fr::zero(), fr::zero(), fr::zero(), fr::zero() }; - composer.create_big_add_gate(add_quad); + builder.create_big_add_gate(add_quad); grumpkin::g1::element expected_point = grumpkin::g1::element(generator * scalar_multiplier.to_montgomery_form()).normalize(); @@ -453,9 +463,9 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) .to_montgomery_form(); EXPECT_EQ((result_accumulator == expected_accumulator), true); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -469,22 +479,23 @@ TEST(turbo_plonk_composer, large_scalar_multipliers) TEST(turbo_plonk_composer, range_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = builder.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators( + std::vector accumulators = builder.decompose_into_base4_accumulators( witness_index, 32 + extra_bits, "constraint in test range_constraint fails"); for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); - fr source = composer.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); + fr source = builder.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } @@ -495,14 +506,14 @@ TEST(turbo_plonk_composer, range_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -513,16 +524,17 @@ TEST(turbo_plonk_composer, range_constraint) TEST(turbo_plonk_composer, range_constraint_fail) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); uint64_t value = 0xffffff; - uint32_t witness_index = composer.add_variable(fr(value)); + uint32_t witness_index = builder.add_variable(fr(value)); - composer.decompose_into_base4_accumulators(witness_index, 23, "yay, range constraint fails"); + builder.decompose_into_base4_accumulators(witness_index, 23, "yay, range constraint fails"); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -537,29 +549,30 @@ TEST(turbo_plonk_composer, range_constraint_fail) */ TEST(turbo_plonk_composer, and_constraint_failure) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); uint32_t left_value = 4; fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = 5; fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); // 4 && 5 is 4, so 3 bits are needed, but we only constrain 2 - accumulator_triple accumulators = composer.create_and_constraint(left_witness_index, right_witness_index, 2); + accumulator_triple accumulators = builder.create_and_constraint(left_witness_index, right_witness_index, 2); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); bool result = verifier.verify_proof(proof); - if (composer.failed()) { - info("Composer failed; ", composer.err()); + if (builder.failed()) { + info("Circuit construction failed; ", builder.err()); } EXPECT_EQ(result, false); @@ -567,38 +580,39 @@ TEST(turbo_plonk_composer, and_constraint_failure) TEST(turbo_plonk_composer, and_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value & right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); - // composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + // builder.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected & right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -620,14 +634,14 @@ TEST(turbo_plonk_composer, and_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -642,29 +656,30 @@ TEST(turbo_plonk_composer, and_constraint) */ TEST(turbo_plonk_composer, xor_constraint_failure) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); uint32_t left_value = 4; fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = 1; fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); // 4 && 1 is 5, so 3 bits are needed, but we only constrain 2 - accumulator_triple accumulators = composer.create_and_constraint(left_witness_index, right_witness_index, 2); + accumulator_triple accumulators = builder.create_and_constraint(left_witness_index, right_witness_index, 2); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); bool result = verifier.verify_proof(proof); - if (composer.failed()) { - info("Composer failed; ", composer.err()); + if (builder.failed()) { + info("Circuit construction failed; ", builder.err()); } EXPECT_EQ(result, false); @@ -672,37 +687,38 @@ TEST(turbo_plonk_composer, xor_constraint_failure) TEST(turbo_plonk_composer, xor_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); uint32_t out_value = left_value ^ right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected ^ right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = builder.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = builder.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = builder.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -724,14 +740,14 @@ TEST(turbo_plonk_composer, xor_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -742,21 +758,22 @@ TEST(turbo_plonk_composer, xor_constraint) TEST(turbo_plonk_composer, big_add_gate_with_bit_extract) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); - const auto generate_constraints = [&composer](uint32_t quad_value) { + const auto generate_constraints = [&](uint32_t quad_value) { uint32_t quad_accumulator_left = (engine.get_random_uint32() & 0x3fffffff) - quad_value; // make sure this won't overflow uint32_t quad_accumulator_right = (4 * quad_accumulator_left) + quad_value; - uint32_t left_idx = composer.add_variable(uint256_t(quad_accumulator_left)); - uint32_t right_idx = composer.add_variable(uint256_t(quad_accumulator_right)); + uint32_t left_idx = builder.add_variable(uint256_t(quad_accumulator_left)); + uint32_t right_idx = builder.add_variable(uint256_t(quad_accumulator_right)); uint32_t input = engine.get_random_uint32(); uint32_t output = input + (quad_value > 1 ? 1 : 0); - add_quad gate{ composer.add_variable(uint256_t(input)), - composer.add_variable(uint256_t(output)), + add_quad gate{ builder.add_variable(uint256_t(input)), + builder.add_variable(uint256_t(output)), right_idx, left_idx, fr(6), @@ -765,7 +782,7 @@ TEST(turbo_plonk_composer, big_add_gate_with_bit_extract) fr::zero(), fr::zero() }; - composer.create_big_add_gate_with_bit_extraction(gate); + builder.create_big_add_gate_with_bit_extraction(gate); }; generate_constraints(0); @@ -773,9 +790,9 @@ TEST(turbo_plonk_composer, big_add_gate_with_bit_extract) generate_constraints(2); generate_constraints(3); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -792,7 +809,8 @@ TEST(turbo_plonk_composer, validate_copy_constraints) if (m == 0 && (j > 0 || k > 0)) { continue; } - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); barretenberg::fr variables[4]{ barretenberg::fr::random_element(), @@ -802,14 +820,14 @@ TEST(turbo_plonk_composer, validate_copy_constraints) }; uint32_t indices[4]{ - composer.add_variable(variables[0]), - composer.add_variable(variables[1]), - composer.add_variable(variables[2]), - composer.add_variable(variables[3]), + builder.add_variable(variables[0]), + builder.add_variable(variables[1]), + builder.add_variable(variables[2]), + builder.add_variable(variables[3]), }; for (size_t i = 0; i < 4; ++i) { - composer.create_big_add_gate({ + builder.create_big_add_gate({ indices[0], indices[1], indices[2], @@ -821,7 +839,7 @@ TEST(turbo_plonk_composer, validate_copy_constraints) barretenberg::fr(0), }); - composer.create_big_add_gate({ + builder.create_big_add_gate({ indices[3], indices[2], indices[1], @@ -834,14 +852,14 @@ TEST(turbo_plonk_composer, validate_copy_constraints) }); } - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); if (m > 0) { prover.key->polynomial_store.get("w_" + std::to_string(k + 1) + "_lagrange")[j] = barretenberg::fr::random_element(); } - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -856,56 +874,59 @@ TEST(turbo_plonk_composer, validate_copy_constraints) TEST(turbo_plonk_composer, test_check_circuit_add_gate_proofs_correct) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); // TODO: proof fails if one wire contains all zeros. Should we support this? - uint32_t zero_idx = composer.add_variable(fr::zero()); + uint32_t zero_idx = builder.add_variable(fr::zero()); - composer.create_big_add_gate( + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, a_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_check_circuit_add_gate_proofs_broken) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr a = fr::one(); fr b = fr::one(); fr c = a + b; fr d = a + c; - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c + 1); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c + 1); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + builder.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); // TODO: proof fails if one wire contains all zeros. Should we support this? - uint32_t zero_idx = composer.add_variable(fr::zero()); + uint32_t zero_idx = builder.add_variable(fr::zero()); - composer.create_big_add_gate( + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, a_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, false); } TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_correct) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -917,30 +938,31 @@ TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_correct) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_public_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_public_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - uint32_t e_idx = composer.add_variable(a - fr::one()); - composer.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); + uint32_t e_idx = builder.add_variable(a - fr::one()); + builder.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_broken) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -952,23 +974,23 @@ TEST(turbo_plonk_composer, test_check_circuit_mul_gate_proofs_broken) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_public_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c + 1); - uint32_t d_idx = composer.add_variable(d); + uint32_t a_idx = builder.add_public_variable(a); + uint32_t b_idx = builder.add_variable(b); + uint32_t c_idx = builder.add_variable(c + 1); + uint32_t d_idx = builder.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + builder.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + builder.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - uint32_t e_idx = composer.add_variable(a - fr::one()); - composer.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); + uint32_t e_idx = builder.add_variable(a - fr::one()); + builder.create_add_gate({ e_idx, b_idx, c_idx, q[0], q[1], q[2], (q[3] + q[0]) }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, false); } @@ -1042,15 +1064,16 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) origin_points[0].y, (origin_points[0].y - origin_points[1].y) }; - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); fr x_alpha = accumulator_offset; for (size_t i = 0; i < num_quads; ++i) { fixed_group_add_quad round_quad; - round_quad.d = composer.add_variable(accumulator_transcript[i]); - round_quad.a = composer.add_variable(multiplication_transcript[i].x); - round_quad.b = composer.add_variable(multiplication_transcript[i].y); - round_quad.c = composer.add_variable(x_alpha); + round_quad.d = builder.add_variable(accumulator_transcript[i]); + round_quad.a = builder.add_variable(multiplication_transcript[i].x); + round_quad.b = builder.add_variable(multiplication_transcript[i].y); + round_quad.c = builder.add_variable(x_alpha); if ((wnaf_entries[i + 1] & 0xffffffU) == 0) { x_alpha = ladder[i + 1].one.x; } else { @@ -1062,22 +1085,22 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) round_quad.q_y_2 = ladder[i + 1].q_y_2; if (i > 0) { - composer.create_fixed_group_add_gate(round_quad); + builder.create_fixed_group_add_gate(round_quad); } else { - composer.create_fixed_group_add_gate_with_init(round_quad, init_quad); + builder.create_fixed_group_add_gate_with_init(round_quad, init_quad); } } - add_quad add_quad{ composer.add_variable(multiplication_transcript[num_quads].x), - composer.add_variable(multiplication_transcript[num_quads].y), - composer.add_variable(x_alpha), - composer.add_variable(accumulator_transcript[num_quads]), + add_quad add_quad{ builder.add_variable(multiplication_transcript[num_quads].x), + builder.add_variable(multiplication_transcript[num_quads].y), + builder.add_variable(x_alpha), + builder.add_variable(accumulator_transcript[num_quads]), fr::zero(), fr::zero(), fr::zero(), fr::zero(), fr::zero() }; - composer.create_big_add_gate(add_quad); + builder.create_big_add_gate(add_quad); grumpkin::g1::element expected_point = grumpkin::g1::element(generator * scalar_multiplier.to_montgomery_form()).normalize(); @@ -1090,7 +1113,7 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) .to_montgomery_form(); EXPECT_EQ((result_accumulator == expected_accumulator), true); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); @@ -1100,57 +1123,59 @@ TEST(turbo_plonk_composer, test_check_circuit_fixed_group) TEST(turbo_plonk_composer, test_check_circuit_range_constraint) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = builder.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators( + std::vector accumulators = builder.decompose_into_base4_accumulators( witness_index, 32 + extra_bits, "range constraint fails in test_check_circuit_range_constraint"); } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } TEST(turbo_plonk_composer, test_check_circuit_xor) { - TurboPlonkComposer composer = TurboPlonkComposer(); + auto builder = TurboCircuitConstructor(); + auto composer = TurboPlonkComposerHelper(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = builder.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = builder.add_variable(right_witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + builder.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = builder.add_variable(fr::zero()); + uint32_t one_idx = builder.add_variable(fr::one()); + builder.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); } diff --git a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp index 878042a1be..4b86636e4e 100644 --- a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp @@ -182,7 +182,6 @@ class UltraPlonkComposer { barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } std::vector get_public_inputs() const { return circuit_constructor.get_public_inputs(); } - void finalize_circuit() { circuit_constructor.finalize_circuit(); }; void print_num_gates() { circuit_constructor.print_num_gates(); } diff --git a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp index a011d05cf4..6bc48885d4 100644 --- a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.test.cpp @@ -1,14 +1,17 @@ -#include "barretenberg/stdlib/primitives/plookup/plookup.hpp" -#include "ultra_plonk_composer.hpp" -#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include + +#include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/numeric/uintx/uintx.hpp" -#include "../proof_system/widgets/random_widgets/plookup_widget.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/proof_system/plookup_tables/sha256.hpp" +#include "barretenberg/stdlib/primitives/plookup/plookup.hpp" using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; namespace proof_system::plonk::test_ultra_plonk_composer { @@ -19,28 +22,28 @@ auto& engine = numeric::random::get_debug_engine(); using plookup::ColumnIdx; using plookup::MultiTableId; -std::vector add_variables(UltraPlonkComposer& composer, std::vector variables) +std::vector add_variables(UltraCircuitConstructor& builder, std::vector variables) { std::vector res; for (size_t i = 0; i < variables.size(); i++) { - res.emplace_back(composer.add_variable(variables[i])); + res.emplace_back(builder.add_variable(variables[i])); } return res; } template class ultra_plonk_composer : public ::testing::Test { public: - void prove_and_verify(UltraPlonkComposer& composer, bool expected_result) + void prove_and_verify(UltraCircuitConstructor& builder, UltraPlonkComposerHelper& composer, bool expected_result) { if constexpr (T::use_keccak) { - auto prover = composer.create_ultra_with_keccak_prover(); - auto verifier = composer.create_ultra_with_keccak_verifier(); + auto prover = composer.create_ultra_with_keccak_prover(builder); + auto verifier = composer.create_ultra_with_keccak_verifier(builder); auto proof = prover.construct_proof(); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); } else { - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); auto proof = prover.construct_proof(); bool verified = verifier.verify_proof(proof); EXPECT_EQ(verified, expected_result); @@ -61,20 +64,21 @@ TYPED_TEST_SUITE(ultra_plonk_composer, BooleanTypes); TYPED_TEST(ultra_plonk_composer, create_gates_from_plookup_accumulators) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); barretenberg::fr input_value = fr::random_element(); const fr input_hi = uint256_t(input_value).slice(126, 256); const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = composer.add_variable(input_hi); - const auto input_lo_index = composer.add_variable(input_lo); + const auto input_hi_index = builder.add_variable(input_hi); + const auto input_lo_index = builder.add_variable(input_lo); const auto sequence_data_hi = plookup::get_lookup_accumulators(MultiTableId::PEDERSEN_LEFT_HI, input_hi); const auto sequence_data_lo = plookup::get_lookup_accumulators(MultiTableId::PEDERSEN_LEFT_LO, input_lo); - const auto lookup_witnesses_hi = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_hi = builder.create_gates_from_plookup_accumulators( MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = composer.create_gates_from_plookup_accumulators( + const auto lookup_witnesses_lo = builder.create_gates_from_plookup_accumulators( MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); std::vector expected_x; @@ -122,217 +126,224 @@ TYPED_TEST(ultra_plonk_composer, create_gates_from_plookup_accumulators) } size_t hi_shift = 126; - const fr hi_cumulative = composer.get_variable(lookup_witnesses_hi[ColumnIdx::C1][0]); + const fr hi_cumulative = builder.get_variable(lookup_witnesses_hi[ColumnIdx::C1][0]); for (size_t i = 0; i < num_lookups_lo; ++i) { const fr hi_mult = fr(uint256_t(1) << hi_shift); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C1][i]) + (hi_cumulative * hi_mult), + EXPECT_EQ(builder.get_variable(lookup_witnesses_lo[ColumnIdx::C1][i]) + (hi_cumulative * hi_mult), expected_scalars[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]); hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE; } for (size_t i = 0; i < num_lookups_hi; ++i) { - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[ColumnIdx::C1][i]), expected_scalars[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[ColumnIdx::C2][i]), expected_x[i + num_lookups_lo]); - EXPECT_EQ(composer.get_variable(lookup_witnesses_hi[ColumnIdx::C3][i]), expected_y[i + num_lookups_lo]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_hi[ColumnIdx::C1][i]), expected_scalars[i + num_lookups_lo]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_hi[ColumnIdx::C2][i]), expected_x[i + num_lookups_lo]); + EXPECT_EQ(builder.get_variable(lookup_witnesses_hi[ColumnIdx::C3][i]), expected_y[i + num_lookups_lo]); } - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, test_no_lookup_proof) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); for (size_t i = 0; i < 16; ++i) { for (size_t j = 0; j < 16; ++j) { uint64_t left = static_cast(j); uint64_t right = static_cast(i); - uint32_t left_idx = composer.add_variable(fr(left)); - uint32_t right_idx = composer.add_variable(fr(right)); - uint32_t result_idx = composer.add_variable(fr(left ^ right)); + uint32_t left_idx = builder.add_variable(fr(left)); + uint32_t right_idx = builder.add_variable(fr(right)); + uint32_t result_idx = builder.add_variable(fr(left ^ right)); - uint32_t add_idx = composer.add_variable(fr(left) + fr(right) + composer.get_variable(result_idx)); - composer.create_big_add_gate( + uint32_t add_idx = builder.add_variable(fr(left) + fr(right) + builder.get_variable(result_idx)); + builder.create_big_add_gate( { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); } } - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, test_elliptic_gate) { typedef grumpkin::g1::affine_element affine_element; typedef grumpkin::g1::element element; - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; affine_element p3(element(p1) + element(p2)); - uint32_t x1 = composer.add_variable(p1.x); - uint32_t y1 = composer.add_variable(p1.y); - uint32_t x2 = composer.add_variable(p2.x); - uint32_t y2 = composer.add_variable(p2.y); - uint32_t x3 = composer.add_variable(p3.x); - uint32_t y3 = composer.add_variable(p3.y); + uint32_t x1 = builder.add_variable(p1.x); + uint32_t y1 = builder.add_variable(p1.y); + uint32_t x2 = builder.add_variable(p2.x); + uint32_t y2 = builder.add_variable(p2.y); + uint32_t x3 = builder.add_variable(p3.x); + uint32_t y3 = builder.add_variable(p3.y); ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - composer.create_ecc_add_gate(gate); + builder.create_ecc_add_gate(gate); grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); affine_element p2_endo = p2; p2_endo.x *= beta; p3 = affine_element(element(p1) + element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = builder.add_variable(p3.x); + y3 = builder.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - composer.create_ecc_add_gate(gate); + builder.create_ecc_add_gate(gate); p2_endo.x *= beta; p3 = affine_element(element(p1) - element(p2_endo)); - x3 = composer.add_variable(p3.x); - y3 = composer.add_variable(p3.y); + x3 = builder.add_variable(p3.x); + y3 = builder.add_variable(p3.y); gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - composer.create_ecc_add_gate(gate); + builder.create_ecc_add_gate(gate); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, non_trivial_tag_permutation) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(b); + auto d_idx = builder.add_variable(a); - composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, d_idx, composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ c_idx, d_idx, builder.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + builder.create_tag(1, 2); + builder.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + builder.assign_tag(a_idx, 1); + builder.assign_tag(b_idx, 1); + builder.assign_tag(c_idx, 2); + builder.assign_tag(d_idx, 2); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, non_trivial_tag_permutation_and_cycles) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr c = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(a); - composer.assert_equal(a_idx, b_idx); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(c); - composer.assert_equal(c_idx, d_idx); - auto e_idx = composer.add_variable(a); - auto f_idx = composer.add_variable(a); - composer.assert_equal(e_idx, f_idx); - auto g_idx = composer.add_variable(c); - auto h_idx = composer.add_variable(c); - composer.assert_equal(g_idx, h_idx); - - composer.create_tag(1, 2); - composer.create_tag(2, 1); - - composer.assign_tag(a_idx, 1); - composer.assign_tag(c_idx, 1); - composer.assign_tag(e_idx, 2); - composer.assign_tag(g_idx, 2); - - composer.create_add_gate({ b_idx, a_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ c_idx, g_idx, composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - composer.create_add_gate({ e_idx, f_idx, composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(a); + builder.assert_equal(a_idx, b_idx); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(c); + builder.assert_equal(c_idx, d_idx); + auto e_idx = builder.add_variable(a); + auto f_idx = builder.add_variable(a); + builder.assert_equal(e_idx, f_idx); + auto g_idx = builder.add_variable(c); + auto h_idx = builder.add_variable(c); + builder.assert_equal(g_idx, h_idx); + + builder.create_tag(1, 2); + builder.create_tag(2, 1); + + builder.assign_tag(a_idx, 1); + builder.assign_tag(c_idx, 1); + builder.assign_tag(e_idx, 2); + builder.assign_tag(g_idx, 2); + + builder.create_add_gate({ b_idx, a_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ c_idx, g_idx, builder.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + builder.create_add_gate({ e_idx, f_idx, builder.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, bad_tag_permutation) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(b); + auto d_idx = builder.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.zero_idx, 1, 1, 0, -1 }); + builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, 1, 1, 0, 0 }); + builder.create_add_gate({ c_idx, d_idx, builder.zero_idx, 1, 1, 0, -1 }); - composer.create_tag(1, 2); - composer.create_tag(2, 1); + builder.create_tag(1, 2); + builder.create_tag(2, 1); - composer.assign_tag(a_idx, 1); - composer.assign_tag(b_idx, 1); - composer.assign_tag(c_idx, 2); - composer.assign_tag(d_idx, 2); + builder.assign_tag(a_idx, 1); + builder.assign_tag(b_idx, 1); + builder.assign_tag(c_idx, 2); + builder.assign_tag(d_idx, 2); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } // same as above but with turbocomposer to check reason of failue is really tag mismatch TYPED_TEST(ultra_plonk_composer, bad_tag_turbo_permutation) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::random_element(); fr b = -a; - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(b); - auto d_idx = composer.add_variable(a + 1); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(b); + auto d_idx = builder.add_variable(a + 1); - composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, 1, 1, 0, 0 }); - composer.create_add_gate({ c_idx, d_idx, composer.zero_idx, 1, 1, 0, -1 }); + builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, 1, 1, 0, 0 }); + builder.create_add_gate({ c_idx, d_idx, builder.zero_idx, 1, 1, 0, -1 }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - // composer.create_add_gate({ a_idx, b_idx, composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + // builder.create_add_gate({ a_idx, b_idx, builder.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, sort_widget) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(4); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + builder.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, sort_with_edges_gate) @@ -348,98 +359,105 @@ TYPED_TEST(ultra_plonk_composer, sort_with_edges_gate) fr h = fr(8); { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); - - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + builder.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, h); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + builder.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, a, g); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - composer.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + builder.create_sort_constraint_with_edges({ a_idx, b_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto a_idx = composer.add_variable(a); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - auto e_idx = composer.add_variable(e); - auto f_idx = composer.add_variable(f); - auto g_idx = composer.add_variable(g); - auto h_idx = composer.add_variable(h); - auto b2_idx = composer.add_variable(fr(15)); - composer.create_sort_constraint_with_edges({ a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); - - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto a_idx = builder.add_variable(a); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + auto e_idx = builder.add_variable(e); + auto f_idx = builder.add_variable(f); + auto g_idx = builder.add_variable(g); + auto h_idx = builder.add_variable(h); + auto b2_idx = builder.add_variable(fr(15)); + builder.create_sort_constraint_with_edges({ a_idx, b2_idx, c_idx, d_idx, e_idx, f_idx, g_idx, h_idx }, b, h); + + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - composer.create_sort_constraint_with_edges(idx, 1, 45); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + builder.create_sort_constraint_with_edges(idx, 1, 45); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - composer.create_sort_constraint_with_edges(idx, 1, 29); + builder.create_sort_constraint_with_edges(idx, 1, 29); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } } TYPED_TEST(ultra_plonk_composer, range_constraint) { { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto indices = add_variables(builder, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + builder.create_new_range_constraint(indices[i], 8); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_sort_constraint(indices); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + builder.create_sort_constraint(indices); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -447,47 +465,51 @@ TYPED_TEST(ultra_plonk_composer, range_constraint) EXPECT_EQ(result, true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto indices = add_variables(composer, { 3 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto indices = add_variables(builder, { 3 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 3); + builder.create_new_range_constraint(indices[i], 3); } // auto ind = {a_idx,b_idx,c_idx,d_idx,e_idx,f_idx,g_idx,h_idx}; - composer.create_dummy_constraints(indices); + builder.create_dummy_constraints(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto indices = add_variables(composer, { 1, 2, 3, 4, 5, 6, 8, 25 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto indices = add_variables(builder, { 1, 2, 3, 4, 5, 6, 8, 25 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 8); + builder.create_new_range_constraint(indices[i], 8); } - composer.create_sort_constraint(indices); + builder.create_sort_constraint(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto indices = - add_variables(composer, { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); + add_variables(builder, { 1, 2, 3, 4, 5, 6, 10, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 19, 51 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 128); + builder.create_new_range_constraint(indices[i], 128); } - composer.create_dummy_constraints(indices); + builder.create_dummy_constraints(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto indices = - add_variables(composer, { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + add_variables(builder, { 1, 2, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + builder.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + builder.create_dummy_constraints(indices); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); @@ -495,114 +517,122 @@ TYPED_TEST(ultra_plonk_composer, range_constraint) EXPECT_EQ(result, false); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto indices = - add_variables(composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + add_variables(builder, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); for (size_t i = 0; i < indices.size(); i++) { - composer.create_new_range_constraint(indices[i], 79); + builder.create_new_range_constraint(indices[i], 79); } - composer.create_dummy_constraints(indices); + builder.create_dummy_constraints(indices); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } } TYPED_TEST(ultra_plonk_composer, range_with_gates) { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 8); + builder.create_new_range_constraint(idx[i], 8); } - composer.create_add_gate({ idx[0], idx[1], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + builder.create_add_gate({ idx[0], idx[1], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + builder.create_add_gate({ idx[2], idx[3], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + builder.create_add_gate({ idx[4], idx[5], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + builder.create_add_gate({ idx[6], idx[7], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, range_with_gates_where_range_is_not_a_power_of_two) { - UltraPlonkComposer composer = UltraPlonkComposer(); - auto idx = add_variables(composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); + auto idx = add_variables(builder, { 1, 2, 3, 4, 5, 6, 7, 8 }); for (size_t i = 0; i < idx.size(); i++) { - composer.create_new_range_constraint(idx[i], 12); + builder.create_new_range_constraint(idx[i], 12); } - composer.create_add_gate({ idx[0], idx[1], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - composer.create_add_gate({ idx[2], idx[3], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - composer.create_add_gate({ idx[4], idx[5], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - composer.create_add_gate({ idx[6], idx[7], composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + builder.create_add_gate({ idx[0], idx[1], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + builder.create_add_gate({ idx[2], idx[3], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + builder.create_add_gate({ idx[4], idx[5], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + builder.create_add_gate({ idx[6], idx[7], builder.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, sort_widget_complex) { { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); std::vector a = { 1, 3, 4, 7, 7, 8, 11, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); - auto prover = composer.create_prover(); - auto verifier = composer.create_verifier(); + ind.emplace_back(builder.add_variable(a[i])); + builder.create_sort_constraint(ind); + auto prover = composer.create_prover(builder); + auto verifier = composer.create_verifier(builder); proof proof = prover.construct_proof(); - bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2); + bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; std::vector ind; for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(composer.add_variable(a[i])); - composer.create_sort_constraint(ind); + ind.emplace_back(builder.add_variable(a[i])); + builder.create_sort_constraint(ind); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } } TYPED_TEST(ultra_plonk_composer, sort_widget_neg) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::one(); fr b = fr(2); fr c = fr(3); fr d = fr(8); - auto a_idx = composer.add_variable(a); - auto b_idx = composer.add_variable(b); - auto c_idx = composer.add_variable(c); - auto d_idx = composer.add_variable(d); - composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + auto a_idx = builder.add_variable(a); + auto b_idx = builder.add_variable(b); + auto c_idx = builder.add_variable(c); + auto d_idx = builder.add_variable(d); + builder.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - TestFixture::prove_and_verify(composer, /*expected_result=*/false); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/false); } TYPED_TEST(ultra_plonk_composer, composed_range_constraint) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); auto c = fr::random_element(); auto d = uint256_t(c).slice(0, 133); auto e = fr(d); - auto a_idx = composer.add_variable(fr(e)); - composer.create_add_gate({ a_idx, composer.zero_idx, composer.zero_idx, 1, 0, 0, -fr(e) }); - composer.decompose_into_default_range(a_idx, 134); + auto a_idx = builder.add_variable(fr(e)); + builder.create_add_gate({ a_idx, builder.zero_idx, builder.zero_idx, 1, 0, 0, -fr(e) }); + builder.decompose_into_default_range(a_idx, 134); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, non_native_field_multiplication) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fq a = fq::random_element(); fq b = fq::random_element(); @@ -631,11 +661,11 @@ TYPED_TEST(ultra_plonk_composer, non_native_field_multiplication) const auto get_limb_witness_indices = [&](const std::array& limbs) { std::array limb_indices; - limb_indices[0] = composer.add_variable(limbs[0]); - limb_indices[1] = composer.add_variable(limbs[1]); - limb_indices[2] = composer.add_variable(limbs[2]); - limb_indices[3] = composer.add_variable(limbs[3]); - limb_indices[4] = composer.add_variable(limbs[4]); + limb_indices[0] = builder.add_variable(limbs[0]); + limb_indices[1] = builder.add_variable(limbs[1]); + limb_indices[2] = builder.add_variable(limbs[2]); + limb_indices[3] = builder.add_variable(limbs[3]); + limb_indices[4] = builder.add_variable(limbs[4]); return limb_indices; }; const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); @@ -649,38 +679,39 @@ TYPED_TEST(ultra_plonk_composer, non_native_field_multiplication) proof_system::UltraCircuitConstructor::non_native_field_witnesses inputs{ a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), }; - const auto [lo_1_idx, hi_1_idx] = composer.evaluate_non_native_field_multiplication(inputs); - composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); + const auto [lo_1_idx, hi_1_idx] = builder.evaluate_non_native_field_multiplication(inputs); + builder.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, rom) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); uint32_t rom_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), }; - size_t rom_id = composer.create_ROM_array(8); + size_t rom_id = builder.create_ROM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.set_ROM_element(rom_id, i, rom_values[i]); + builder.set_ROM_element(rom_id, i, rom_values[i]); } - uint32_t a_idx = composer.read_ROM_array(rom_id, composer.add_variable(5)); + uint32_t a_idx = builder.read_ROM_array(rom_id, builder.add_variable(5)); EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = composer.read_ROM_array(rom_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_ROM_array(rom_id, composer.add_variable(1)); + uint32_t b_idx = builder.read_ROM_array(rom_id, builder.add_variable(4)); + uint32_t c_idx = builder.read_ROM_array(rom_id, builder.add_variable(1)); - const auto d_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx); - uint32_t d_idx = composer.add_variable(d_value); + const auto d_value = builder.get_variable(a_idx) + builder.get_variable(b_idx) + builder.get_variable(c_idx); + uint32_t d_idx = builder.add_variable(d_value); - composer.create_big_add_gate({ + builder.create_big_add_gate({ a_idx, b_idx, c_idx, @@ -692,43 +723,44 @@ TYPED_TEST(ultra_plonk_composer, rom) 0, }); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, ram) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); uint32_t ram_values[8]{ - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), - composer.add_variable(fr::random_element()), composer.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), + builder.add_variable(fr::random_element()), builder.add_variable(fr::random_element()), }; - size_t ram_id = composer.create_RAM_array(8); + size_t ram_id = builder.create_RAM_array(8); for (size_t i = 0; i < 8; ++i) { - composer.init_RAM_element(ram_id, i, ram_values[i]); + builder.init_RAM_element(ram_id, i, ram_values[i]); } - uint32_t a_idx = composer.read_RAM_array(ram_id, composer.add_variable(5)); + uint32_t a_idx = builder.read_RAM_array(ram_id, builder.add_variable(5)); EXPECT_EQ(a_idx != ram_values[5], true); - uint32_t b_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); - uint32_t c_idx = composer.read_RAM_array(ram_id, composer.add_variable(1)); + uint32_t b_idx = builder.read_RAM_array(ram_id, builder.add_variable(4)); + uint32_t c_idx = builder.read_RAM_array(ram_id, builder.add_variable(1)); - composer.write_RAM_array(ram_id, composer.add_variable(4), composer.add_variable(500)); - uint32_t d_idx = composer.read_RAM_array(ram_id, composer.add_variable(4)); + builder.write_RAM_array(ram_id, builder.add_variable(4), builder.add_variable(500)); + uint32_t d_idx = builder.read_RAM_array(ram_id, builder.add_variable(4)); - EXPECT_EQ(composer.get_variable(d_idx), 500); + EXPECT_EQ(builder.get_variable(d_idx), 500); // ensure these vars get used in another arithmetic gate - const auto e_value = composer.get_variable(a_idx) + composer.get_variable(b_idx) + composer.get_variable(c_idx) + - composer.get_variable(d_idx); - uint32_t e_idx = composer.add_variable(e_value); + const auto e_value = builder.get_variable(a_idx) + builder.get_variable(b_idx) + builder.get_variable(c_idx) + + builder.get_variable(d_idx); + uint32_t e_idx = builder.add_variable(e_value); - composer.create_big_add_gate( + builder.create_big_add_gate( { a_idx, b_idx, @@ -741,11 +773,11 @@ TYPED_TEST(ultra_plonk_composer, ram) 0, }, true); - composer.create_big_add_gate( + builder.create_big_add_gate( { - composer.zero_idx, - composer.zero_idx, - composer.zero_idx, + builder.zero_idx, + builder.zero_idx, + builder.zero_idx, e_idx, 0, 0, @@ -755,28 +787,29 @@ TYPED_TEST(ultra_plonk_composer, ram) }, false); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } TYPED_TEST(ultra_plonk_composer, range_checks_on_duplicates) { - UltraPlonkComposer composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); - uint32_t a = composer.add_variable(100); - uint32_t b = composer.add_variable(100); - uint32_t c = composer.add_variable(100); - uint32_t d = composer.add_variable(100); + uint32_t a = builder.add_variable(100); + uint32_t b = builder.add_variable(100); + uint32_t c = builder.add_variable(100); + uint32_t d = builder.add_variable(100); - composer.assert_equal(a, b); - composer.assert_equal(a, c); - composer.assert_equal(a, d); + builder.assert_equal(a, b); + builder.assert_equal(a, c); + builder.assert_equal(a, d); - composer.create_new_range_constraint(a, 1000); - composer.create_new_range_constraint(b, 1001); - composer.create_new_range_constraint(c, 999); - composer.create_new_range_constraint(d, 1000); + builder.create_new_range_constraint(a, 1000); + builder.create_new_range_constraint(b, 1001); + builder.create_new_range_constraint(c, 999); + builder.create_new_range_constraint(d, 1000); - composer.create_big_add_gate( + builder.create_big_add_gate( { a, b, @@ -790,7 +823,7 @@ TYPED_TEST(ultra_plonk_composer, range_checks_on_duplicates) }, false); - TestFixture::prove_and_verify(composer, /*expected_result=*/true); + TestFixture::prove_and_verify(builder, composer, /*expected_result=*/true); } // Ensure copy constraints added on variables smaller than 2^14, which have been previously @@ -799,22 +832,23 @@ TYPED_TEST(ultra_plonk_composer, range_checks_on_duplicates) // before range constraints are applied to it. TEST(ultra_plonk_composer, range_constraint_small_variable) { - auto composer = UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); uint16_t mask = (1 << 8) - 1; int a = engine.get_random_uint16() & mask; - uint32_t a_idx = composer.add_variable(fr(a)); - uint32_t b_idx = composer.add_variable(fr(a)); + uint32_t a_idx = builder.add_variable(fr(a)); + uint32_t b_idx = builder.add_variable(fr(a)); ASSERT_NE(a_idx, b_idx); - uint32_t c_idx = composer.add_variable(fr(a)); + uint32_t c_idx = builder.add_variable(fr(a)); ASSERT_NE(c_idx, b_idx); - composer.create_range_constraint(b_idx, 8, "bad range"); - composer.assert_equal(a_idx, b_idx); - composer.create_range_constraint(c_idx, 8, "bad range"); - composer.assert_equal(a_idx, c_idx); + builder.create_range_constraint(b_idx, 8, "bad range"); + builder.assert_equal(a_idx, b_idx); + builder.create_range_constraint(c_idx, 8, "bad range"); + builder.assert_equal(a_idx, c_idx); - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); bool result = verifier.verify_proof(proof); EXPECT_EQ(result, true); } diff --git a/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp b/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp index a2152ac5ac..b425df16a2 100644 --- a/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp +++ b/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.test.cpp @@ -2,8 +2,10 @@ #include "barretenberg/common/streams.hpp" #include "proving_key.hpp" #include "serialize.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #ifndef __wasm__ #include @@ -11,15 +13,17 @@ using namespace barretenberg; using namespace proof_system; +using namespace proof_system::plonk; // Test proving key serialization/deserialization to/from buffer TEST(proving_key, proving_key_from_serialized_key) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); + auto builder = StandardCircuitConstructor(); + auto composer = StandardPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - plonk::proving_key& p_key = *composer.compute_proving_key(); + plonk::proving_key& p_key = *composer.compute_proving_key(builder); auto pk_buf = to_buffer(p_key); auto pk_data = from_buffer(pk_buf); auto crs = std::make_unique("../srs_db/ignition"); @@ -51,11 +55,12 @@ TEST(proving_key, proving_key_from_serialized_key) // Test proving key serialization/deserialization to/from buffer using UltraPlonkComposer TEST(proving_key, proving_key_from_serialized_key_ultra) { - plonk::UltraPlonkComposer composer = plonk::UltraPlonkComposer(); + auto builder = UltraCircuitConstructor(); + auto composer = UltraPlonkComposerHelper(); fr a = fr::one(); - composer.add_public_variable(a); + builder.add_public_variable(a); - plonk::proving_key& p_key = *composer.compute_proving_key(); + plonk::proving_key& p_key = *composer.compute_proving_key(builder); auto pk_buf = to_buffer(p_key); auto pk_data = from_buffer(pk_buf); auto crs = std::make_unique("../srs_db/ignition"); @@ -89,9 +94,8 @@ TEST(proving_key, proving_key_from_serialized_key_ultra) #ifndef __wasm__ TEST(proving_key, proving_key_from_mmaped_key) { - plonk::StandardPlonkComposer composer = plonk::StandardPlonkComposer(); - fr a = fr::one(); - composer.add_public_variable(a); + builder coStandardCircuitConstructor = StandardPlonkComposerHelper();auto composer = +StandardPlonkComposerHelper(); fr a = fr::one(); builder.add_public_variable(a); // Write each precomputed polynomial in the proving key to // its own file using write_mmap @@ -116,7 +120,7 @@ TEST(proving_key, proving_key_from_mmaped_key) if (!os.good()) { std::cerr << "OS failed in composer_from_mmap_keys! \n"; } - plonk::proving_key& p_key = *composer.compute_proving_key(); + plonk::proving_key& p_key = *composer.compute_proving_key(builder); write_mmap(os, pk_dir, p_key); os.close(); diff --git a/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp b/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp index b26a26324f..0afbec658f 100644 --- a/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp +++ b/cpp/src/barretenberg/plonk/proof_system/verifier/verifier.test.cpp @@ -4,7 +4,7 @@ #include "../utils/permutation.hpp" #include "../widgets/transition_widgets/arithmetic_widget.hpp" #include "../../../transcript/transcript.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" #include "verifier.hpp" #include "barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp" #include @@ -58,7 +58,7 @@ plonk::Verifier generate_verifier(std::shared_ptr circuit_proving_k circuit_verification_key->commitments.insert({ "SIGMA_2", commitments[6] }); circuit_verification_key->commitments.insert({ "SIGMA_3", commitments[7] }); - Verifier verifier(circuit_verification_key, plonk::StandardPlonkComposer::create_manifest(0)); + Verifier verifier(circuit_verification_key, plonk::StandardPlonkComposerHelper::create_manifest(0)); std::unique_ptr> kate_commitment_scheme = std::make_unique>(); @@ -233,7 +233,7 @@ plonk::Prover generate_test_data(const size_t n) std::unique_ptr> kate_commitment_scheme = std::make_unique>(); - plonk::Prover state = plonk::Prover(std::move(key), plonk::StandardPlonkComposer::create_manifest(0)); + plonk::Prover state = plonk::Prover(std::move(key), plonk::StandardPlonkComposerHelper::create_manifest(0)); state.random_widgets.emplace_back(std::move(permutation_widget)); state.transition_widgets.emplace_back(std::move(widget)); state.commitment_scheme = std::move(kate_commitment_scheme); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp index 7023a87b58..ef1a44e908 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.test.cpp @@ -14,70 +14,70 @@ namespace standard_circuit_constructor_tests { TEST(standard_circuit_constructor, base_case) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - composer.add_public_variable(a); + circuit_constructor.add_public_variable(a); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_add_gate) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - - bool result = composer.check_circuit(); // instance, prover.reference_string.SRS_T2); + // uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ b_idx, a_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + + bool result = circuit_constructor.check_circuit(); // instance, prover.reference_string.SRS_T2); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_mul_gate_proofs) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr q[7]{ fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element(), fr::random_element() }; fr q_inv[7]{ @@ -89,83 +89,84 @@ TEST(standard_circuit_constructor, test_mul_gate_proofs) fr c = -((((q[0] * a) + (q[1] * b)) + q[3]) * q_inv[2]); fr d = -((((q[4] * (a * b)) + q[6]) * q_inv[5])); - uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - composer.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); - composer.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); - - bool result = composer.check_circuit(); + uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, q[0], q[1], q[2], q[3] }); + circuit_constructor.create_mul_gate({ a_idx, b_idx, d_idx, q[4], q[5], q[6] }); + + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, range_constraint) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); for (size_t i = 0; i < 10; ++i) { uint32_t value = engine.get_random_uint32(); fr witness_value = fr{ value, 0, 0, 0 }.to_montgomery_form(); - uint32_t witness_index = composer.add_variable(witness_value); + uint32_t witness_index = circuit_constructor.add_variable(witness_value); // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); - std::vector accumulators = composer.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); + std::vector accumulators = + circuit_constructor.decompose_into_base4_accumulators(witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t result = (value >> (30U - (2 * j))); - fr source = composer.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); + fr source = circuit_constructor.get_variable(accumulators[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t expected = static_cast(source.data[0]); EXPECT_EQ(result, expected); } @@ -176,64 +177,67 @@ TEST(standard_circuit_constructor, range_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = circuit_constructor.add_variable(fr::zero()); + uint32_t one_idx = circuit_constructor.add_variable(fr::one()); + circuit_constructor.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, range_constraint_fail) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); uint64_t value = 0xffffff; - uint32_t witness_index = composer.add_variable(fr(value)); + uint32_t witness_index = circuit_constructor.add_variable(fr(value)); - composer.decompose_into_base4_accumulators(witness_index, 23); + circuit_constructor.decompose_into_base4_accumulators(witness_index, 23); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, false); } TEST(standard_circuit_constructor, and_constraint) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t out_value = left_value & right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); - // composer.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + circuit_constructor.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + // circuit_constructor.create_and_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected & right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = + circuit_constructor.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = + circuit_constructor.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = + circuit_constructor.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -255,49 +259,52 @@ TEST(standard_circuit_constructor, and_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = circuit_constructor.add_variable(fr::zero()); + uint32_t one_idx = circuit_constructor.add_variable(fr::one()); + circuit_constructor.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, xor_constraint) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); for (size_t i = 0; i < /*10*/ 1; ++i) { uint32_t left_value = engine.get_random_uint32(); fr left_witness_value = fr{ left_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t left_witness_index = composer.add_variable(left_witness_value); + uint32_t left_witness_index = circuit_constructor.add_variable(left_witness_value); uint32_t right_value = engine.get_random_uint32(); fr right_witness_value = fr{ right_value, 0, 0, 0 }.to_montgomery_form(); - uint32_t right_witness_index = composer.add_variable(right_witness_value); + uint32_t right_witness_index = circuit_constructor.add_variable(right_witness_value); uint32_t out_value = left_value ^ right_value; // include non-nice numbers of bits, that will bleed over gate boundaries size_t extra_bits = 2 * (i % 4); accumulator_triple accumulators = - composer.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); + circuit_constructor.create_xor_constraint(left_witness_index, right_witness_index, 32 + extra_bits); for (uint32_t j = 0; j < 16; ++j) { uint32_t left_expected = (left_value >> (30U - (2 * j))); uint32_t right_expected = (right_value >> (30U - (2 * j))); uint32_t out_expected = left_expected ^ right_expected; - fr left_source = composer.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); + fr left_source = + circuit_constructor.get_variable(accumulators.left[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t left_result = static_cast(left_source.data[0]); - fr right_source = composer.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); + fr right_source = + circuit_constructor.get_variable(accumulators.right[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t right_result = static_cast(right_source.data[0]); - fr out_source = composer.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); + fr out_source = + circuit_constructor.get_variable(accumulators.out[j + (extra_bits >> 1)]).from_montgomery_form(); uint32_t out_result = static_cast(out_source.data[0]); EXPECT_EQ(left_result, left_expected); @@ -319,33 +326,33 @@ TEST(standard_circuit_constructor, xor_constraint) } } - uint32_t zero_idx = composer.add_variable(fr::zero()); - uint32_t one_idx = composer.add_variable(fr::one()); - composer.create_big_add_gate( + uint32_t zero_idx = circuit_constructor.add_variable(fr::zero()); + uint32_t one_idx = circuit_constructor.add_variable(fr::one()); + circuit_constructor.create_big_add_gate( { zero_idx, zero_idx, zero_idx, one_idx, fr::one(), fr::one(), fr::one(), fr::one(), fr::neg_one() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, big_add_gate_with_bit_extract) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); - const auto generate_constraints = [&composer](uint32_t quad_value) { + const auto generate_constraints = [&circuit_constructor](uint32_t quad_value) { uint32_t quad_accumulator_left = (engine.get_random_uint32() & 0x3fffffff) - quad_value; // make sure this won't overflow uint32_t quad_accumulator_right = (4 * quad_accumulator_left) + quad_value; - uint32_t left_idx = composer.add_variable(uint256_t(quad_accumulator_left)); - uint32_t right_idx = composer.add_variable(uint256_t(quad_accumulator_right)); + uint32_t left_idx = circuit_constructor.add_variable(uint256_t(quad_accumulator_left)); + uint32_t right_idx = circuit_constructor.add_variable(uint256_t(quad_accumulator_right)); uint32_t input = engine.get_random_uint32(); uint32_t output = input + (quad_value > 1 ? 1 : 0); - add_quad gate{ composer.add_variable(uint256_t(input)), - composer.add_variable(uint256_t(output)), + add_quad gate{ circuit_constructor.add_variable(uint256_t(input)), + circuit_constructor.add_variable(uint256_t(output)), right_idx, left_idx, fr(6), @@ -354,7 +361,7 @@ TEST(standard_circuit_constructor, big_add_gate_with_bit_extract) fr::zero(), fr::zero() }; - composer.create_big_add_gate_with_bit_extraction(gate); + circuit_constructor.create_big_add_gate_with_bit_extraction(gate); }; generate_constraints(0); @@ -362,58 +369,58 @@ TEST(standard_circuit_constructor, big_add_gate_with_bit_extract) generate_constraints(2); generate_constraints(3); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_range_constraint_fail) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); - uint32_t witness_index = composer.add_variable(fr::neg_one()); - composer.decompose_into_base4_accumulators(witness_index, 32); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); + uint32_t witness_index = circuit_constructor.add_variable(fr::neg_one()); + circuit_constructor.decompose_into_base4_accumulators(witness_index, 32); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, false); } TEST(standard_circuit_constructor, test_check_circuit_correct) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, true); } TEST(standard_circuit_constructor, test_check_circuit_broken) { - StandardCircuitConstructor composer = StandardCircuitConstructor(); + StandardCircuitConstructor circuit_constructor = StandardCircuitConstructor(); fr a = fr::one(); - uint32_t a_idx = composer.add_public_variable(a); + uint32_t a_idx = circuit_constructor.add_public_variable(a); fr b = fr::one(); fr c = a + b; fr d = a + c + 1; - // uint32_t a_idx = composer.add_variable(a); - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + // uint32_t a_idx = circuit_constructor.add_variable(a); + uint32_t b_idx = circuit_constructor.add_variable(b); + uint32_t c_idx = circuit_constructor.add_variable(c); + uint32_t d_idx = circuit_constructor.add_variable(d); + circuit_constructor.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + circuit_constructor.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - bool result = composer.check_circuit(); + bool result = circuit_constructor.check_circuit(); EXPECT_EQ(result, false); } diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp index 8edd5c7104..59c70bee9a 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.cpp @@ -58,8 +58,7 @@ void UltraCircuitConstructor::finalize_circuit() */ // TODO(#423): This function adds valid (but arbitrary) gates to ensure that the circuit which includes // them will not result in any zero-polynomials. It also ensures that the first coefficient of the wire -// polynomials is zero, which is required for them to be shiftable. Its currently wildly inefficient -// (~16k gates) mostly due to the lookups it includes. +// polynomials is zero, which is required for them to be shiftable. // TODO(#423)(luke): Add 0 as a PI since PI always start at the 0th index of the wire polynomials? // TODO(luke): may need to reevaluate once aux relation is implemented void UltraCircuitConstructor::add_gates_to_ensure_all_polys_are_non_zero() diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index e5bcd0b5f4..43a7eb7976 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -1179,7 +1179,6 @@ class UltraCircuitConstructor : public CircuitConstructorBase struct aggregation_state { void assign_object_to_proof_outputs() { if (proof_witness_indices.size() == 0) { - std::cerr << "warning. calling `add_proof_outputs_as_public_inputs`, but aggregation object already has " + std::cerr << "warning. calling `assign_object_to_proof_outputs`, but aggregation object already has " "assigned proof outputs to public inputs."; return; } @@ -70,6 +70,8 @@ template struct aggregation_state { auto* context = P0.get_context(); + context->check_circuit(); + info("checked circuit before add_recursive_proof"); context->add_recursive_proof(proof_witness_indices); } }; diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp index 95c433dbfc..bffd6a114e 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp @@ -136,7 +136,7 @@ template class stdlib_verifier : public testing::Test { verification_key_pt::from_witness(&outer_composer, verification_key_native); info("Constructing the ultra (inner) proof ..."); - plonk::proof recursive_proof = prover.construct_proof(); + plonk::proof proof_to_recursively_verify = prover.construct_proof(); { // Native check is mainly for comparison vs circuit version of the verifier. @@ -150,7 +150,7 @@ template class stdlib_verifier : public testing::Test { } info("Verifying the ultra (inner) proof natively..."); - auto native_result = native_verifier.verify_proof(recursive_proof); + auto native_result = native_verifier.verify_proof(proof_to_recursively_verify); info("Native result: ", native_result); } @@ -160,7 +160,7 @@ template class stdlib_verifier : public testing::Test { info("Verifying the ultra (inner) proof with CIRCUIT TYPES (i.e. within a standard plonk arithmetic circuit):"); stdlib::recursion::aggregation_state output = stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof); + &outer_composer, verification_key, recursive_manifest, proof_to_recursively_verify); return { output, verification_key }; }; @@ -188,13 +188,13 @@ template class stdlib_verifier : public testing::Test { std::shared_ptr verification_key = verification_key_pt::from_witness(&outer_composer, verification_key_native); - plonk::proof recursive_proof_a = prover.construct_proof(); + plonk::proof proof_to_recursively_verify_a = prover.construct_proof(); transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover.key->num_public_inputs); stdlib::recursion::aggregation_state previous_output = stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof_a); + &outer_composer, verification_key, recursive_manifest, proof_to_recursively_verify_a); if constexpr (is_ultra_to_ultra) { prover = inner_composer_b.create_prover(); @@ -206,11 +206,14 @@ template class stdlib_verifier : public testing::Test { std::shared_ptr verification_key_b = verification_key_pt::from_witness(&outer_composer, verification_key_b_raw); - plonk::proof recursive_proof_b = prover.construct_proof(); + plonk::proof proof_to_recursively_verify_b = prover.construct_proof(); stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key_b, recursive_manifest, recursive_proof_b, previous_output); + stdlib::recursion::verify_proof(&outer_composer, + verification_key_b, + recursive_manifest, + proof_to_recursively_verify_b, + previous_output); verification_key_b->compress(); verification_key->compress(); From 4b156a3648e6da9dfe292e354da9a27185d2aa9d Mon Sep 17 00:00:00 2001 From: Innokentii Sennovskii Date: Tue, 20 Jun 2023 18:37:52 +0100 Subject: [PATCH 2/5] fix: check_circuit bug fix (#510) --- .../turbo_circuit_constructor.cpp | 2 +- .../srs/scalar_multiplication.test.cpp | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp index 10a2ab7280..8399e7e2c8 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.cpp @@ -1467,7 +1467,7 @@ bool TurboCircuitConstructor::check_circuit() std::vector alpha_powers; alpha_powers.push_back(alpha_base); for (size_t i = 1; i < 7; i++) { - alpha_powers.push_back(alpha_powers[i] * alpha); + alpha_powers.push_back(alpha_powers[i - 1] * alpha); } for (size_t i = 0; i < get_num_gates(); i++) { diff --git a/cpp/src/barretenberg/srs/scalar_multiplication.test.cpp b/cpp/src/barretenberg/srs/scalar_multiplication.test.cpp index 73f810aa39..1ee5d0600d 100644 --- a/cpp/src/barretenberg/srs/scalar_multiplication.test.cpp +++ b/cpp/src/barretenberg/srs/scalar_multiplication.test.cpp @@ -720,7 +720,7 @@ TYPED_TEST(ScalarMultiplicationTests, UndersizedInputs) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr) * num_points); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * num_points * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (num_points * 2 + 1)); for (size_t i = 0; i < num_points; ++i) { scalars[i] = Fr::random_element(); @@ -758,7 +758,7 @@ TYPED_TEST(ScalarMultiplicationTests, PippengerSmall) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr) * num_points); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * num_points * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (num_points * 2 + 1)); for (size_t i = 0; i < num_points; ++i) { scalars[i] = Fr::random_element(); @@ -795,7 +795,7 @@ TYPED_TEST(ScalarMultiplicationTests, PippengerEdgeCaseDbl) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr) * num_points); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * num_points * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (num_points * 2 + 1)); AffineElement point = AffineElement(Element::random_element()); for (size_t i = 0; i < num_points; ++i) { @@ -928,7 +928,7 @@ TYPED_TEST(ScalarMultiplicationTests, PippengerUnsafeShortInputs) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr) * num_points); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * num_points * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (num_points * 2 + 1)); for (size_t i = 0; i < num_points; ++i) { points[i] = AffineElement(Element::random_element()); @@ -986,7 +986,7 @@ TYPED_TEST(ScalarMultiplicationTests, PippengerOne) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr) * 1); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * num_points * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (num_points * 2 + 1)); for (size_t i = 0; i < num_points; ++i) { scalars[i] = Fr::random_element(); @@ -1021,7 +1021,7 @@ TYPED_TEST(ScalarMultiplicationTests, PippengerZeroPoints) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr)); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (2 + 1)); barretenberg::scalar_multiplication::pippenger_runtime_state state(0); Element result = barretenberg::scalar_multiplication::pippenger(scalars, points, 0, state); @@ -1042,7 +1042,7 @@ TYPED_TEST(ScalarMultiplicationTests, PippengerMulByZero) Fr* scalars = (Fr*)aligned_alloc(32, sizeof(Fr)); - AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * 2 + 1); + AffineElement* points = (AffineElement*)aligned_alloc(32, sizeof(AffineElement) * (2 + 1)); scalars[0] = Fr::zero(); points[0] = Group::affine_one; From 709a29c89a305be017270361780995353188035a Mon Sep 17 00:00:00 2001 From: Cody Gunton Date: Wed, 21 Jun 2023 17:55:56 -0400 Subject: [PATCH 3/5] refactor!: Use circuit builders (#501) Gets rid of the composers class that wrapped a circuit constructor and a composer helper. This entailed various improvements such as a refactor of the stdlib verifier tests. Cleanup such a renaming of classes and moving of files will come in another PR. Corresponding PR in the core circuits library is https://github.com/AztecProtocol/aztec-packages/pull/895. --- .circleci/config.yml | 13 + cpp/.aztec-packages-commit | 2 +- cpp/.clangd | 2 - cpp/src/barretenberg/barretenberg.hpp | 4 +- .../honk_bench/benchmark_utilities.hpp | 94 +-- .../benchmark/honk_bench/honk.bench.cpp | 47 +- .../honk_bench/standard_honk.bench.cpp | 13 +- .../honk_bench/standard_plonk.bench.cpp | 13 +- .../benchmark/honk_bench/ultra_honk.bench.cpp | 20 +- .../honk_bench/ultra_plonk.bench.cpp | 17 +- .../benchmark/plonk_bench/plonk.bench.cpp | 48 +- cpp/src/barretenberg/common/log.hpp | 22 +- .../dsl/acir_format/acir_format.cpp | 110 ++- .../dsl/acir_format/acir_format.hpp | 21 +- .../dsl/acir_format/acir_format.test.cpp | 86 +- .../dsl/acir_format/blake2s_constraint.cpp | 10 +- .../dsl/acir_format/blake2s_constraint.hpp | 2 +- .../dsl/acir_format/block_constraint.cpp | 18 +- .../dsl/acir_format/block_constraint.hpp | 3 +- .../dsl/acir_format/block_constraint.test.cpp | 25 +- .../dsl/acir_format/ecdsa_secp256k1.cpp | 68 +- .../dsl/acir_format/ecdsa_secp256k1.hpp | 4 +- .../dsl/acir_format/ecdsa_secp256k1.test.cpp | 50 +- .../dsl/acir_format/fixed_base_scalar_mul.cpp | 8 +- .../dsl/acir_format/fixed_base_scalar_mul.hpp | 2 +- .../dsl/acir_format/hash_to_field.cpp | 10 +- .../dsl/acir_format/hash_to_field.hpp | 2 +- .../dsl/acir_format/keccak_constraint.cpp | 22 +- .../dsl/acir_format/keccak_constraint.hpp | 4 +- .../dsl/acir_format/logic_constraint.cpp | 10 +- .../dsl/acir_format/logic_constraint.hpp | 6 +- .../barretenberg/dsl/acir_format/pedersen.cpp | 10 +- .../barretenberg/dsl/acir_format/pedersen.hpp | 2 +- .../dsl/acir_format/recursion_constraint.cpp | 42 +- .../dsl/acir_format/recursion_constraint.hpp | 2 +- .../acir_format/recursion_constraint.test.cpp | 164 ++-- .../dsl/acir_format/schnorr_verify.cpp | 34 +- .../dsl/acir_format/schnorr_verify.hpp | 2 +- .../dsl/acir_format/sha256_constraint.cpp | 10 +- .../dsl/acir_format/sha256_constraint.hpp | 2 +- .../dsl/acir_proofs/acir_composer.cpp | 53 +- .../dsl/acir_proofs/acir_composer.hpp | 1 + .../barretenberg/dsl/acir_proofs/c_bind.cpp | 2 +- cpp/src/barretenberg/dsl/types.hpp | 63 +- cpp/src/barretenberg/examples/c_bind.cpp | 8 +- .../barretenberg/examples/simple/simple.cpp | 43 +- .../barretenberg/examples/simple/simple.hpp | 14 +- .../examples/simple/simple.test.cpp | 8 +- cpp/src/barretenberg/honk/CMakeLists.txt | 1 - .../standard_honk_composer_helper.hpp | 2 + .../ultra_honk_composer_helper.hpp | 2 + .../honk/composer/standard_honk_composer.hpp | 198 ----- .../composer/standard_honk_composer.test.cpp | 3 +- .../honk/composer/ultra_honk_composer.hpp | 297 ------- .../composer/ultra_honk_composer.test.cpp | 1 - .../proofs/compute_circuit_data.hpp | 98 ++- .../join_split/compute_circuit_data.cpp | 4 +- .../proofs/join_split/create_proof.hpp | 11 +- .../proofs/join_split/join_split.cpp | 36 +- .../proofs/join_split/join_split.test.cpp | 114 +-- .../proofs/join_split/join_split_circuit.cpp | 52 +- .../proofs/join_split/join_split_circuit.hpp | 2 +- .../proofs/mock/mock_circuit.hpp | 8 +- .../proofs/notes/circuit/bridge_call_data.hpp | 32 +- .../notes/circuit/claim/witness_data.hpp | 4 +- .../circuit/value/compute_nullifier.test.cpp | 6 +- .../notes/circuit/value/value_note.test.cpp | 42 +- .../notes/circuit/value/witness_data.hpp | 18 +- .../join_split_example/proofs/verify.hpp | 90 +-- .../barretenberg/join_split_example/types.hpp | 49 +- .../standard_plonk_composer_helper.hpp | 2 + .../turbo_plonk_composer_helper.hpp | 2 + .../ultra_plonk_composer_helper.hpp | 114 +-- .../composer/standard_plonk_composer.hpp | 253 ------ .../plonk/composer/turbo_plonk_composer.hpp | 259 ------- .../plonk/composer/ultra_plonk_composer.hpp | 389 ---------- cpp/src/barretenberg/plonk/flavor/flavor.hpp | 122 +++ .../types/polynomial_manifest.hpp | 2 +- .../proof_system/utils/kate_verification.hpp | 1 + .../verification_key/verification_key.cpp | 2 +- .../standard_circuit_constructor.hpp | 1 + .../turbo_circuit_constructor.hpp | 2 +- .../ultra_circuit_constructor.hpp | 1 + .../circuits/add_2_circuit.hpp | 21 +- .../circuits/blake_circuit.hpp | 20 +- .../circuits/recursive_circuit.hpp | 44 +- .../barretenberg/solidity_helpers/key_gen.cpp | 23 +- .../solidity_helpers/proof_gen.cpp | 21 +- .../commitment/pedersen/pedersen.bench.cpp | 47 +- .../stdlib/commitment/pedersen/pedersen.cpp | 16 +- .../stdlib/commitment/pedersen/pedersen.hpp | 2 +- .../commitment/pedersen/pedersen.test.cpp | 4 +- .../commitment/pedersen/pedersen_plookup.cpp | 1 - .../commitment/pedersen/pedersen_plookup.hpp | 2 +- .../stdlib/encryption/aes128/aes128.cpp | 2 +- .../stdlib/encryption/aes128/aes128.hpp | 2 +- .../stdlib/encryption/aes128/aes128.test.cpp | 4 +- .../stdlib/encryption/ecdsa/ecdsa.hpp | 2 +- .../stdlib/encryption/ecdsa/ecdsa.test.cpp | 22 +- .../stdlib/encryption/ecdsa/ecdsa_impl.hpp | 5 +- .../stdlib/encryption/schnorr/schnorr.cpp | 2 - .../encryption/schnorr/schnorr.test.cpp | 8 +- .../benchmarks/external/external.bench.cpp | 39 +- .../hash/benchmarks/sha256/sha256.bench.cpp | 26 +- .../stdlib/hash/blake2s/blake2s.cpp | 3 +- .../stdlib/hash/blake2s/blake2s.hpp | 2 +- .../stdlib/hash/blake2s/blake2s.test.cpp | 46 +- .../stdlib/hash/blake2s/blake2s_plookup.cpp | 1 - .../stdlib/hash/blake2s/blake2s_plookup.hpp | 2 +- .../stdlib/hash/blake2s/blake_util.hpp | 2 - .../stdlib/hash/blake3s/blake3s.cpp | 3 +- .../stdlib/hash/blake3s/blake3s.hpp | 2 +- .../stdlib/hash/blake3s/blake3s.test.cpp | 1 - .../stdlib/hash/blake3s/blake3s_plookup.cpp | 1 - .../stdlib/hash/blake3s/blake3s_plookup.hpp | 2 +- .../stdlib/hash/keccak/keccak.cpp | 1 - .../stdlib/hash/pedersen/pedersen.cpp | 14 +- .../stdlib/hash/pedersen/pedersen.hpp | 2 +- .../stdlib/hash/pedersen/pedersen_gates.hpp | 2 +- .../stdlib/hash/pedersen/pedersen_plookup.cpp | 1 - .../stdlib/hash/pedersen/pedersen_plookup.hpp | 2 +- .../stdlib/hash/sha256/sha256.cpp | 4 +- .../stdlib/hash/sha256/sha256.hpp | 2 +- .../stdlib/hash/sha256/sha256.test.cpp | 78 +- .../stdlib/hash/sha256/sha256_plookup.cpp | 1 - .../stdlib/hash/sha256/sha256_plookup.hpp | 2 +- .../stdlib/merkle_tree/hash.test.cpp | 6 +- .../stdlib/merkle_tree/hash_path.hpp | 4 +- .../stdlib/merkle_tree/membership.test.cpp | 7 +- .../stdlib/merkle_tree/merkle_tree.test.cpp | 2 +- .../stdlib/primitives/bigfield/bigfield.hpp | 2 +- .../primitives/bigfield/bigfield.test.cpp | 13 +- .../primitives/bigfield/bigfield_impl.hpp | 28 +- .../stdlib/primitives/biggroup/biggroup.hpp | 41 +- .../primitives/biggroup/biggroup.test.cpp | 20 +- .../primitives/biggroup/biggroup_impl.hpp | 2 +- .../primitives/biggroup/biggroup_nafs.hpp | 10 +- .../stdlib/primitives/bit_array/bit_array.cpp | 2 +- .../stdlib/primitives/bit_array/bit_array.hpp | 2 +- .../primitives/bit_array/bit_array.test.cpp | 2 +- .../stdlib/primitives/bool/bool.cpp | 2 +- .../stdlib/primitives/bool/bool.hpp | 2 +- .../stdlib/primitives/bool/bool.test.cpp | 2 +- .../primitives/byte_array/byte_array.cpp | 4 +- .../primitives/byte_array/byte_array.hpp | 2 +- .../primitives/byte_array/byte_array.test.cpp | 15 +- .../circuit_builders/circuit_builders.hpp | 38 + .../circuit_builders/circuit_builders_fwd.hpp | 52 ++ .../stdlib/primitives/composers/composers.hpp | 73 -- .../primitives/composers/composers_fwd.hpp | 89 --- .../stdlib/primitives/curves/bn254.hpp | 35 +- .../stdlib/primitives/field/array.test.cpp | 2 +- .../stdlib/primitives/field/field.cpp | 6 +- .../stdlib/primitives/field/field.hpp | 2 +- .../stdlib/primitives/field/field.test.cpp | 2 +- .../stdlib/primitives/group/group.test.cpp | 3 +- .../stdlib/primitives/logic/logic.cpp | 4 +- .../stdlib/primitives/logic/logic.hpp | 2 +- .../stdlib/primitives/logic/logic.test.cpp | 11 +- .../primitives/memory/dynamic_array.cpp | 4 +- .../primitives/memory/dynamic_array.hpp | 2 +- .../primitives/memory/dynamic_array.test.cpp | 2 +- .../stdlib/primitives/memory/ram_table.cpp | 6 +- .../stdlib/primitives/memory/ram_table.hpp | 2 +- .../primitives/memory/ram_table.test.cpp | 18 +- .../stdlib/primitives/memory/rom_table.cpp | 4 +- .../stdlib/primitives/memory/rom_table.hpp | 2 +- .../primitives/memory/rom_table.test.cpp | 9 +- .../primitives/memory/twin_rom_table.cpp | 4 +- .../primitives/memory/twin_rom_table.hpp | 2 +- .../packed_byte_array/packed_byte_array.cpp | 2 +- .../packed_byte_array/packed_byte_array.hpp | 2 +- .../packed_byte_array.test.cpp | 2 +- .../stdlib/primitives/plookup/plookup.cpp | 2 +- .../stdlib/primitives/plookup/plookup.hpp | 2 +- .../primitives/plookup/plookup.test.cpp | 2 +- .../stdlib/primitives/safe_uint/safe_uint.cpp | 2 +- .../stdlib/primitives/safe_uint/safe_uint.hpp | 4 +- .../primitives/safe_uint/safe_uint.test.cpp | 3 +- .../stdlib/primitives/uint/arithmetic.cpp | 2 +- .../stdlib/primitives/uint/comparison.cpp | 2 +- .../stdlib/primitives/uint/logic.cpp | 2 +- .../primitives/uint/plookup/arithmetic.cpp | 2 +- .../primitives/uint/plookup/comparison.cpp | 2 +- .../stdlib/primitives/uint/plookup/logic.cpp | 2 +- .../stdlib/primitives/uint/plookup/uint.cpp | 2 +- .../stdlib/primitives/uint/plookup/uint.hpp | 2 +- .../stdlib/primitives/uint/uint.cpp | 6 +- .../stdlib/primitives/uint/uint.hpp | 10 +- .../stdlib/primitives/uint/uint.test.cpp | 10 +- .../recursion/transcript/transcript.hpp | 17 +- .../recursion/transcript/transcript.test.cpp | 80 +- .../verification_key/verification_key.hpp | 8 +- .../verification_key.test.cpp | 34 +- .../stdlib/recursion/verifier/verifier.hpp | 91 ++- .../recursion/verifier/verifier.test.cpp | 732 ++++++++---------- .../verifier/verifier_turbo.test.cpp | 730 +++++++++-------- cpp/src/barretenberg/stdlib/types/turbo.hpp | 54 +- cpp/src/barretenberg/stdlib/types/ultra.hpp | 58 +- 199 files changed, 2291 insertions(+), 4041 deletions(-) delete mode 100644 cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp delete mode 100644 cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp delete mode 100644 cpp/src/barretenberg/plonk/composer/standard_plonk_composer.hpp delete mode 100644 cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.hpp delete mode 100644 cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp create mode 100644 cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp create mode 100644 cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp delete mode 100644 cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp delete mode 100644 cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp diff --git a/.circleci/config.yml b/.circleci/config.yml index fb7648019e..cc2d7acff6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -182,6 +182,18 @@ jobs: command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib-tests - *save_logs + acir-format-tests: + docker: + - image: aztecprotocol/alpine-build-image + resource_class: small + steps: + - *checkout + - *setup_env + - run: + name: "Test" + command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 acir_format_tests + - *save_logs + barretenberg-tests: docker: - image: aztecprotocol/alpine-build-image @@ -375,6 +387,7 @@ workflows: - wasm-linux-clang: *defaults - proof-system-tests: *bb_test - honk-tests: *bb_test + - acir-format-tests: *bb_test - barretenberg-tests: *bb_test - stdlib-tests: *bb_test - stdlib-recursion-turbo-tests: *bb_test diff --git a/cpp/.aztec-packages-commit b/cpp/.aztec-packages-commit index 8b25206ff9..9192448651 100644 --- a/cpp/.aztec-packages-commit +++ b/cpp/.aztec-packages-commit @@ -1 +1 @@ -master \ No newline at end of file +64c8ba700b75df07a8452a6f2eae3d23cf7625a6 \ No newline at end of file diff --git a/cpp/.clangd b/cpp/.clangd index 599f23163a..06f5d0d059 100644 --- a/cpp/.clangd +++ b/cpp/.clangd @@ -59,8 +59,6 @@ Diagnostics: - readability-function-cognitive-complexity # It is often nicer to not be explicit - google-explicit-constructor - CheckOptions: - - cppcoreguidelines-special-member-functions.AllowSoleDefaultDtor: True --- # this divider is necessary # Disable some checks for Google Test/Bench diff --git a/cpp/src/barretenberg/barretenberg.hpp b/cpp/src/barretenberg/barretenberg.hpp index 726da83500..fc5a162068 100644 --- a/cpp/src/barretenberg/barretenberg.hpp +++ b/cpp/src/barretenberg/barretenberg.hpp @@ -21,8 +21,8 @@ #include "ecc/curves/grumpkin/grumpkin.hpp" #include "numeric/random/engine.hpp" #include "numeric/uint256/uint256.hpp" -#include "plonk/composer/turbo_plonk_composer.hpp" -#include "plonk/composer/ultra_plonk_composer.hpp" +#include "proof_system/circuit_constructors/turbo_circuit_constructor.hpp" +#include "proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "plonk/proof_system/types/proof.hpp" #include "plonk/proof_system/verification_key/verification_key.hpp" #include "proof_system/types/composer_type.hpp" diff --git a/cpp/src/barretenberg/benchmark/honk_bench/benchmark_utilities.hpp b/cpp/src/barretenberg/benchmark/honk_bench/benchmark_utilities.hpp index 81a12b129e..2508b5130e 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/benchmark_utilities.hpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/benchmark_utilities.hpp @@ -1,11 +1,5 @@ -#include "barretenberg/crypto/ecdsa/ecdsa.hpp" -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/honk/proof_system/ultra_prover.hpp" -#include "barretenberg/honk/proof_system/ultra_verifier.hpp" #include -#include -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" + #include "barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp" #include "barretenberg/stdlib/hash/keccak/keccak.hpp" #include "barretenberg/stdlib/primitives/curves/secp256k1.hpp" @@ -41,11 +35,13 @@ struct BenchParams { * @param composer * @param num_iterations */ -template void generate_basic_arithmetic_circuit(Composer& composer, size_t num_gates) +template void generate_basic_arithmetic_circuit(Builder& builder, size_t num_gates) { - plonk::stdlib::field_t a(plonk::stdlib::witness_t(&composer, barretenberg::fr::random_element())); - plonk::stdlib::field_t b(plonk::stdlib::witness_t(&composer, barretenberg::fr::random_element())); - plonk::stdlib::field_t c(&composer); + proof_system::plonk::stdlib::field_t a( + proof_system::plonk::stdlib::witness_t(&builder, barretenberg::fr::random_element())); + proof_system::plonk::stdlib::field_t b( + proof_system::plonk::stdlib::witness_t(&builder, barretenberg::fr::random_element())); + proof_system::plonk::stdlib::field_t c(&builder); for (size_t i = 0; i < (num_gates / 4) - 4; ++i) { c = a + b; c = a * c; @@ -57,47 +53,47 @@ template void generate_basic_arithmetic_circuit(Composer& co /** * @brief Generate test circuit with specified number of sha256 hashes * - * @param composer + * @param builder * @param num_iterations */ -template void generate_sha256_test_circuit(Composer& composer, size_t num_iterations) +template void generate_sha256_test_circuit(Builder& builder, size_t num_iterations) { std::string in; in.resize(32); for (size_t i = 0; i < 32; ++i) { in[i] = 0; } - proof_system::plonk::stdlib::packed_byte_array input(&composer, in); + proof_system::plonk::stdlib::packed_byte_array input(&builder, in); for (size_t i = 0; i < num_iterations; i++) { - input = proof_system::plonk::stdlib::sha256(input); + input = proof_system::plonk::stdlib::sha256(input); } } /** * @brief Generate test circuit with specified number of keccak hashes * - * @param composer + * @param builder * @param num_iterations */ -template void generate_keccak_test_circuit(Composer& composer, size_t num_iterations) +template void generate_keccak_test_circuit(Builder& builder, size_t num_iterations) { std::string in = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01"; - proof_system::plonk::stdlib::byte_array input(&composer, in); + proof_system::plonk::stdlib::byte_array input(&builder, in); for (size_t i = 0; i < num_iterations; i++) { - input = proof_system::plonk::stdlib::keccak::hash(input); + input = proof_system::plonk::stdlib::keccak::hash(input); } } /** * @brief Generate test circuit with specified number of ecdsa verifications * - * @param composer + * @param builder * @param num_iterations */ -template void generate_ecdsa_verification_test_circuit(Composer& composer, size_t num_iterations) +template void generate_ecdsa_verification_test_circuit(Builder& builder, size_t num_iterations) { - using curve = proof_system::plonk::stdlib::secp256k1; + using curve = proof_system::plonk::stdlib::secp256k1; using fr = typename curve::fr; using fq = typename curve::fq; using g1 = typename curve::g1; @@ -115,22 +111,23 @@ template void generate_ecdsa_verification_test_circuit(Compo bool first_result = crypto::ecdsa::verify_signature(message_string, account.public_key, signature); + static_cast(first_result); // TODO(Cody): This is not used anywhere. std::vector rr(signature.r.begin(), signature.r.end()); std::vector ss(signature.s.begin(), signature.s.end()); uint8_t vv = signature.v; - typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&composer, account.public_key); + typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key); - proof_system::plonk::stdlib::ecdsa::signature sig{ typename curve::byte_array_ct(&composer, rr), - typename curve::byte_array_ct(&composer, ss), - proof_system::plonk::stdlib::uint8( - &composer, vv) }; + proof_system::plonk::stdlib::ecdsa::signature sig{ typename curve::byte_array_ct(&builder, rr), + typename curve::byte_array_ct(&builder, ss), + proof_system::plonk::stdlib::uint8( + &builder, vv) }; - typename curve::byte_array_ct message(&composer, message_string); + typename curve::byte_array_ct message(&builder, message_string); // Verify ecdsa signature - proof_system::plonk::stdlib::ecdsa::verify_signature void generate_ecdsa_verification_test_circuit(Compo /** * @brief Generate test circuit with specified number of merkle membership checks * - * @param composer + * @param builder * @param num_iterations */ -template void generate_merkle_membership_test_circuit(Composer& composer, size_t num_iterations) +template void generate_merkle_membership_test_circuit(Builder& builder, size_t num_iterations) { using namespace proof_system::plonk::stdlib; - using field_ct = field_t; - using witness_ct = witness_t; - using witness_ct = witness_t; + using field_ct = field_t; + using witness_ct = witness_t; + using witness_ct = witness_t; using MemStore = merkle_tree::MemoryStore; using MerkleTree_ct = merkle_tree::MerkleTree; @@ -163,12 +160,12 @@ template void generate_merkle_membership_test_circuit(Compos size_t value = i * 2; merkle_tree.update_element(idx, value); - field_ct root_ct = witness_ct(&composer, merkle_tree.root()); - auto idx_ct = field_ct(witness_ct(&composer, fr(idx))).decompose_into_bits(); + field_ct root_ct = witness_ct(&builder, merkle_tree.root()); + auto idx_ct = field_ct(witness_ct(&builder, fr(idx))).decompose_into_bits(); auto value_ct = field_ct(value); merkle_tree::check_membership( - root_ct, merkle_tree::create_witness_hash_path(composer, merkle_tree.get_hash_path(idx)), value_ct, idx_ct); + root_ct, merkle_tree::create_witness_hash_path(builder, merkle_tree.get_hash_path(idx)), value_ct, idx_ct); } } @@ -177,21 +174,25 @@ template void generate_merkle_membership_test_circuit(Compos * * @details This function assumes state.range refers to num_gates which is the size of the underlying circuit * - * @tparam Composer + * @tparam Builder * @param state * @param test_circuit_function */ template -void construct_proof_with_specified_num_gates(State& state, void (*test_circuit_function)(Composer&, size_t)) noexcept +void construct_proof_with_specified_num_gates(State& state, + void (*test_circuit_function)(typename Composer::CircuitConstructor&, + size_t)) noexcept { barretenberg::srs::init_crs_factory("../srs_db/ignition"); auto num_gates = static_cast(1 << (size_t)state.range(0)); for (auto _ : state) { // Constuct circuit and prover; don't include this part in measurement state.PauseTiming(); + auto builder = typename Composer::CircuitConstructor(); + test_circuit_function(builder, num_gates); + auto composer = Composer(); - test_circuit_function(composer, num_gates); - auto ext_prover = composer.create_prover(); + auto ext_prover = composer.create_prover(builder); state.ResumeTiming(); // Construct proof @@ -205,22 +206,25 @@ void construct_proof_with_specified_num_gates(State& state, void (*test_circuit_ * @details This function assumes state.range refers to num_iterations which is the number of times to perform a given * basic operation in the circuit, e.g. number of hashes * - * @tparam Composer + * @tparam Builder * @param state * @param test_circuit_function */ template void construct_proof_with_specified_num_iterations(State& state, - void (*test_circuit_function)(Composer&, size_t)) noexcept + void (*test_circuit_function)(typename Composer::CircuitConstructor&, + size_t)) noexcept { barretenberg::srs::init_crs_factory("../srs_db/ignition"); auto num_iterations = static_cast(state.range(0)); for (auto _ : state) { // Constuct circuit and prover; don't include this part in measurement state.PauseTiming(); + auto builder = typename Composer::CircuitConstructor(); + test_circuit_function(builder, num_iterations); + auto composer = Composer(); - test_circuit_function(composer, num_iterations); - auto ext_prover = composer.create_prover(); + auto ext_prover = composer.create_prover(builder); state.ResumeTiming(); // Construct proof diff --git a/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp index 831b7c16c1..ce798db110 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/honk.bench.cpp @@ -1,7 +1,6 @@ -#include "barretenberg/ecc/curves/bn254/fr.hpp" #include #include -#include "barretenberg/honk/composer/standard_honk_composer.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" @@ -10,18 +9,20 @@ using namespace proof_system::plonk::stdlib; namespace standard_honk_bench { -using Composer = proof_system::honk::StandardHonkComposer; +using Builder = proof_system::StandardCircuitConstructor; +using Composer = proof_system::honk::StandardHonkComposerHelper; constexpr size_t MIN_LOG_NUM_GATES = 16; constexpr size_t MAX_LOG_NUM_GATES = 16; // To get good statistics, number of Repetitions must be sufficient. ~30 Repetitions gives good results. constexpr size_t NUM_REPETITIONS = 5; -void generate_test_circuit(auto& composer, size_t num_gates) +void generate_test_circuit(auto& builder, size_t num_gates) { - field_t a(witness_t(&composer, barretenberg::fr::random_element())); - field_t b(witness_t(&composer, barretenberg::fr::random_element())); - field_t c(&composer); + barretenberg::srs::init_crs_factory("../srs_db/ignition"); + field_t a(witness_t(&builder, barretenberg::fr::random_element())); + field_t b(witness_t(&builder, barretenberg::fr::random_element())); + field_t c(&builder); for (size_t i = 0; i < (num_gates / 4) - 4; ++i) { c = a + b; c = a * c; @@ -38,11 +39,12 @@ void create_prover_standard(State& state) noexcept for (auto _ : state) { state.PauseTiming(); auto num_gates = 1 << (size_t)state.range(0); - auto composer = Composer(static_cast(num_gates)); - generate_test_circuit(composer, static_cast(num_gates)); + auto builder = Builder(static_cast(num_gates)); + generate_test_circuit(builder, static_cast(num_gates)); state.ResumeTiming(); - composer.create_prover(); + auto composer = Composer(); + composer.create_prover(builder); } } BENCHMARK(create_prover_standard)->DenseRange(MIN_LOG_NUM_GATES, MAX_LOG_NUM_GATES, 1)->Repetitions(NUM_REPETITIONS); @@ -55,9 +57,11 @@ void construct_proof_standard(State& state) noexcept auto num_gates = 1 << (size_t)state.range(0); for (auto _ : state) { state.PauseTiming(); - auto composer = Composer(static_cast(num_gates)); - generate_test_circuit(composer, static_cast(num_gates)); - auto ext_prover = composer.create_prover(); + auto builder = Builder(static_cast(num_gates)); + generate_test_circuit(builder, static_cast(num_gates)); + + auto composer = Composer(); + auto ext_prover = composer.create_prover(builder); state.ResumeTiming(); auto proof = ext_prover.construct_proof(); @@ -77,11 +81,12 @@ void create_verifier_standard(State& state) noexcept for (auto _ : state) { state.PauseTiming(); auto num_gates = 1 << (size_t)state.range(0); - auto composer = Composer(static_cast(num_gates)); - generate_test_circuit(composer, static_cast(num_gates)); + auto builder = Builder(static_cast(num_gates)); + generate_test_circuit(builder, static_cast(num_gates)); state.ResumeTiming(); - composer.create_verifier(); + auto composer = Composer(); + composer.create_verifier(builder); } } // BENCHMARK(create_verifier_standard)->DenseRange(MIN_LOG_NUM_GATES, MAX_LOG_NUM_GATES, @@ -95,11 +100,13 @@ void verify_proof_standard(State& state) noexcept for (auto _ : state) { state.PauseTiming(); auto num_gates = (size_t)state.range(0); - auto composer = Composer(static_cast(num_gates)); - generate_test_circuit(composer, static_cast(num_gates)); - auto prover = composer.create_prover(); + auto builder = Builder(static_cast(num_gates)); + generate_test_circuit(builder, static_cast(num_gates)); + + auto composer = Composer(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); state.ResumeTiming(); verifier.verify_proof(proof); diff --git a/cpp/src/barretenberg/benchmark/honk_bench/standard_honk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/standard_honk.bench.cpp index c88d80292d..dd965342c1 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/standard_honk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/standard_honk.bench.cpp @@ -1,10 +1,13 @@ #include "barretenberg/benchmark/honk_bench/benchmark_utilities.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp" using namespace benchmark; namespace standard_honk_bench { -using StandardHonk = proof_system::honk::StandardHonkComposer; +using StandardBuilder = proof_system::StandardCircuitConstructor; +using StandardHonk = proof_system::honk::StandardHonkComposerHelper; // Log number of gates for test circuit constexpr size_t MIN_LOG_NUM_GATES = bench_utils::BenchParams::MIN_LOG_NUM_GATES; @@ -15,12 +18,14 @@ constexpr size_t NUM_REPETITIONS = bench_utils::BenchParams::NUM_REPETITIONS; /** * @brief Benchmark: Construction of a Standard proof for a circuit determined by the provided circuit function */ -void construct_proof_standard(State& state, void (*test_circuit_function)(StandardHonk&, size_t)) noexcept +void construct_proof_standard(State& state, void (*test_circuit_function)(StandardBuilder&, size_t)) noexcept { - bench_utils::construct_proof_with_specified_num_gates(state, test_circuit_function); + bench_utils::construct_proof_with_specified_num_gates(state, test_circuit_function); } -BENCHMARK_CAPTURE(construct_proof_standard, arithmetic, &bench_utils::generate_basic_arithmetic_circuit) +BENCHMARK_CAPTURE(construct_proof_standard, + arithmetic, + &bench_utils::generate_basic_arithmetic_circuit) ->DenseRange(MIN_LOG_NUM_GATES, MAX_LOG_NUM_GATES) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); diff --git a/cpp/src/barretenberg/benchmark/honk_bench/standard_plonk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/standard_plonk.bench.cpp index 106fd00f19..f41e4bd500 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/standard_plonk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/standard_plonk.bench.cpp @@ -1,10 +1,13 @@ #include "barretenberg/benchmark/honk_bench/benchmark_utilities.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" using namespace benchmark; namespace standard_plonk_bench { -using StandardPlonk = proof_system::plonk::StandardPlonkComposer; +using StandardBuilder = proof_system::StandardCircuitConstructor; +using StandardPlonk = proof_system::plonk::StandardPlonkComposerHelper; // Log number of gates for test circuit constexpr size_t MIN_LOG_NUM_GATES = bench_utils::BenchParams::MIN_LOG_NUM_GATES; @@ -15,12 +18,14 @@ constexpr size_t NUM_REPETITIONS = bench_utils::BenchParams::NUM_REPETITIONS; /** * @brief Benchmark: Construction of a Standard proof for a circuit determined by the provided circuit function */ -void construct_proof_standard(State& state, void (*test_circuit_function)(StandardPlonk&, size_t)) noexcept +void construct_proof_standard(State& state, void (*test_circuit_function)(StandardBuilder&, size_t)) noexcept { - bench_utils::construct_proof_with_specified_num_gates(state, test_circuit_function); + bench_utils::construct_proof_with_specified_num_gates(state, test_circuit_function); } -BENCHMARK_CAPTURE(construct_proof_standard, arithmetic, &bench_utils::generate_basic_arithmetic_circuit) +BENCHMARK_CAPTURE(construct_proof_standard, + arithmetic, + &bench_utils::generate_basic_arithmetic_circuit) ->DenseRange(MIN_LOG_NUM_GATES, MAX_LOG_NUM_GATES) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); diff --git a/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp index e834d83ff9..db26e29e73 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/ultra_honk.bench.cpp @@ -1,10 +1,16 @@ +#include + +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/benchmark/honk_bench/benchmark_utilities.hpp" using namespace benchmark; +using namespace proof_system::plonk; namespace ultra_honk_bench { -using UltraHonk = proof_system::honk::UltraHonkComposer; +using UltraBuilder = proof_system::UltraCircuitConstructor; +using UltraHonk = proof_system::honk::UltraHonkComposerHelper; // Number of times to perform operation of interest in the benchmark circuits, e.g. # of hashes to perform constexpr size_t MIN_NUM_ITERATIONS = bench_utils::BenchParams::MIN_NUM_ITERATIONS; @@ -15,29 +21,29 @@ constexpr size_t NUM_REPETITIONS = bench_utils::BenchParams::NUM_REPETITIONS; /** * @brief Benchmark: Construction of a Ultra Honk proof for a circuit determined by the provided circuit function */ -void construct_proof_ultra(State& state, void (*test_circuit_function)(UltraHonk&, size_t)) noexcept +void construct_proof_ultra(State& state, void (*test_circuit_function)(UltraBuilder&, size_t)) noexcept { - bench_utils::construct_proof_with_specified_num_iterations(state, test_circuit_function); + bench_utils::construct_proof_with_specified_num_iterations(state, test_circuit_function); } // Define benchmarks -BENCHMARK_CAPTURE(construct_proof_ultra, sha256, &bench_utils::generate_sha256_test_circuit) +BENCHMARK_CAPTURE(construct_proof_ultra, sha256, &bench_utils::generate_sha256_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); -BENCHMARK_CAPTURE(construct_proof_ultra, keccak, &bench_utils::generate_keccak_test_circuit) +BENCHMARK_CAPTURE(construct_proof_ultra, keccak, &bench_utils::generate_keccak_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); BENCHMARK_CAPTURE(construct_proof_ultra, ecdsa_verification, - &bench_utils::generate_ecdsa_verification_test_circuit) + &bench_utils::generate_ecdsa_verification_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); BENCHMARK_CAPTURE(construct_proof_ultra, merkle_membership, - &bench_utils::generate_merkle_membership_test_circuit) + &bench_utils::generate_merkle_membership_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); diff --git a/cpp/src/barretenberg/benchmark/honk_bench/ultra_plonk.bench.cpp b/cpp/src/barretenberg/benchmark/honk_bench/ultra_plonk.bench.cpp index 064d5ef204..6554cbb338 100644 --- a/cpp/src/barretenberg/benchmark/honk_bench/ultra_plonk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/honk_bench/ultra_plonk.bench.cpp @@ -1,10 +1,13 @@ #include "barretenberg/benchmark/honk_bench/benchmark_utilities.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" using namespace benchmark; namespace ultra_plonk_bench { -using UltraPlonk = proof_system::plonk::UltraPlonkComposer; +using UltraBuilder = proof_system::UltraCircuitConstructor; +using UltraPlonk = proof_system::plonk::UltraPlonkComposerHelper; // Number of times to perform operation of interest in the benchmark circuits, e.g. # of hashes to perform constexpr size_t MIN_NUM_ITERATIONS = bench_utils::BenchParams::MIN_NUM_ITERATIONS; @@ -15,28 +18,28 @@ constexpr size_t NUM_REPETITIONS = bench_utils::BenchParams::NUM_REPETITIONS; /** * @brief Benchmark: Construction of a Ultra Honk proof for a circuit determined by the provided circuit function */ -void construct_proof_ultra(State& state, void (*test_circuit_function)(UltraPlonk&, size_t)) noexcept +void construct_proof_ultra(State& state, void (*test_circuit_function)(UltraBuilder&, size_t)) noexcept { - bench_utils::construct_proof_with_specified_num_iterations(state, test_circuit_function); + bench_utils::construct_proof_with_specified_num_iterations(state, test_circuit_function); } -BENCHMARK_CAPTURE(construct_proof_ultra, sha256, &bench_utils::generate_sha256_test_circuit) +BENCHMARK_CAPTURE(construct_proof_ultra, sha256, &bench_utils::generate_sha256_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); -BENCHMARK_CAPTURE(construct_proof_ultra, keccak, &bench_utils::generate_keccak_test_circuit) +BENCHMARK_CAPTURE(construct_proof_ultra, keccak, &bench_utils::generate_keccak_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); BENCHMARK_CAPTURE(construct_proof_ultra, ecdsa_verification, - &bench_utils::generate_ecdsa_verification_test_circuit) + &bench_utils::generate_ecdsa_verification_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); BENCHMARK_CAPTURE(construct_proof_ultra, merkle_membership, - &bench_utils::generate_merkle_membership_test_circuit) + &bench_utils::generate_merkle_membership_test_circuit) ->DenseRange(MIN_NUM_ITERATIONS, MAX_NUM_ITERATIONS) ->Repetitions(NUM_REPETITIONS) ->Unit(::benchmark::kSecond); diff --git a/cpp/src/barretenberg/benchmark/plonk_bench/plonk.bench.cpp b/cpp/src/barretenberg/benchmark/plonk_bench/plonk.bench.cpp index ae56f38de6..a0c41dff1e 100644 --- a/cpp/src/barretenberg/benchmark/plonk_bench/plonk.bench.cpp +++ b/cpp/src/barretenberg/benchmark/plonk_bench/plonk.bench.cpp @@ -1,9 +1,6 @@ #include -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/proof_system/prover/prover.hpp" -#include "barretenberg/plonk/proof_system/verifier/verifier.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" using namespace benchmark; @@ -15,11 +12,14 @@ constexpr size_t START = (MAX_GATES) >> (NUM_CIRCUITS - 1); // constexpr size_t MAX_HASH_ROUNDS = 8192; // constexpr size_t START_HASH_ROUNDS = 64; -void generate_test_plonk_circuit(plonk::StandardPlonkComposer& composer, size_t num_gates) +using Builder = proof_system::StandardCircuitConstructor; +using Composer = proof_system::plonk::StandardPlonkComposerHelper; + +void generate_test_plonk_circuit(Builder& builder, size_t num_gates) { - plonk::stdlib::field_t a(plonk::stdlib::witness_t(&composer, barretenberg::fr::random_element())); - plonk::stdlib::field_t b(plonk::stdlib::witness_t(&composer, barretenberg::fr::random_element())); - plonk::stdlib::field_t c(&composer); + plonk::stdlib::field_t a(plonk::stdlib::witness_t(&builder, barretenberg::fr::random_element())); + plonk::stdlib::field_t b(plonk::stdlib::witness_t(&builder, barretenberg::fr::random_element())); + plonk::stdlib::field_t c(&builder); for (size_t i = 0; i < (num_gates / 4) - 4; ++i) { c = a + b; c = a * c; @@ -36,13 +36,13 @@ void construct_witnesses_bench(State& state) noexcept { for (auto _ : state) { state.PauseTiming(); - plonk::StandardPlonkComposer composer = - proof_system::plonk::StandardPlonkComposer(static_cast(state.range(0))); - generate_test_plonk_circuit(composer, static_cast(state.range(0))); - composer.compute_proving_key(); + auto builder = Builder(static_cast(state.range(0))); + generate_test_plonk_circuit(builder, static_cast(state.range(0))); + auto composer = Composer(); + composer.compute_proving_key(builder); state.ResumeTiming(); - composer.compute_witness(); + composer.compute_witness(builder); } } BENCHMARK(construct_witnesses_bench)->RangeMultiplier(2)->Range(START, MAX_GATES); @@ -50,14 +50,14 @@ BENCHMARK(construct_witnesses_bench)->RangeMultiplier(2)->Range(START, MAX_GATES void construct_proving_keys_bench(State& state) noexcept { for (auto _ : state) { - plonk::StandardPlonkComposer composer = - proof_system::plonk::StandardPlonkComposer(static_cast(state.range(0))); - generate_test_plonk_circuit(composer, static_cast(state.range(0))); + auto builder = Builder(static_cast(state.range(0))); + generate_test_plonk_circuit(builder, static_cast(state.range(0))); size_t idx = static_cast(numeric::get_msb((uint64_t)state.range(0))) - static_cast(numeric::get_msb(START)); - composer.compute_proving_key(); + auto composer = Composer(); + composer.compute_proving_key(builder); state.PauseTiming(); - provers[idx] = composer.create_prover(); + provers[idx] = composer.create_prover(builder); state.ResumeTiming(); } } @@ -67,14 +67,14 @@ void construct_instances_bench(State& state) noexcept { for (auto _ : state) { state.PauseTiming(); - plonk::StandardPlonkComposer composer = - proof_system::plonk::StandardPlonkComposer(static_cast(state.range(0))); - generate_test_plonk_circuit(composer, static_cast(state.range(0))); + auto builder = Builder(static_cast(state.range(0))); + generate_test_plonk_circuit(builder, static_cast(state.range(0))); size_t idx = static_cast(numeric::get_msb((uint64_t)state.range(0))) - static_cast(numeric::get_msb(START)); - composer.create_prover(); + auto composer = Composer(); + composer.create_prover(builder); state.ResumeTiming(); - verifiers[idx] = composer.create_verifier(); + verifiers[idx] = composer.create_verifier(builder); } } BENCHMARK(construct_instances_bench)->RangeMultiplier(2)->Range(START, MAX_GATES); diff --git a/cpp/src/barretenberg/common/log.hpp b/cpp/src/barretenberg/common/log.hpp index a347f0bd5f..cbbeac735b 100644 --- a/cpp/src/barretenberg/common/log.hpp +++ b/cpp/src/barretenberg/common/log.hpp @@ -1,34 +1,16 @@ #pragma once -#include #include #include #include #include +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" +#include "barretenberg/env/logstr.hpp" #define BENCHMARK_INFO_PREFIX "##BENCHMARK_INFO_PREFIX##" #define BENCHMARK_INFO_SEPARATOR "#" #define BENCHMARK_INFO_SUFFIX "##BENCHMARK_INFO_SUFFIX##" -#define GET_COMPOSER_NAME_STRING(composer) \ - (typeid(composer) == typeid(plonk::StandardPlonkComposer) \ - ? "StandardPlonk" \ - : typeid(composer) == typeid(plonk::TurboPlonkComposer) \ - ? "TurboPlonk" \ - : typeid(composer) == typeid(plonk::UltraPlonkComposer) \ - ? "UltraPlonk" \ - : typeid(composer) == typeid(honk::StandardHonkComposer) \ - ? "StandardHonk" \ - : typeid(composer) == typeid(honk::UltraHonkComposer) \ - ? "UltraHonk" \ - : typeid(composer) == typeid(proof_system::StandardCircuitConstructor) \ - ? "StandardArithemtization" \ - : typeid(composer) == typeid(proof_system::TurboCircuitConstructor) \ - ? "TurboArithemtization" \ - : typeid(composer) == typeid(proof_system::UltraCircuitConstructor) \ - ? "UltraArithmetization" \ - : "NullPlonk") namespace { - template std::string format(Args... args) { std::ostringstream os; diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 9a7ca42767..0f136e572a 100644 --- a/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -3,15 +3,15 @@ namespace acir_format { -void read_witness(Composer& composer, WitnessVector const& witness) +void read_witness(Builder& builder, WitnessVector const& witness) { - composer.variables[0] = 0; + builder.variables[0] = 0; for (size_t i = 0; i < witness.size(); ++i) { - composer.variables[i + 1] = witness[i]; + builder.variables[i + 1] = witness[i]; } } -void create_circuit(Composer& composer, acir_format const& constraint_system) +void create_circuit(Builder& builder, acir_format const& constraint_system) { if (constraint_system.public_inputs.size() > constraint_system.varnum) { info("create_circuit: too many public inputs!"); @@ -22,80 +22,80 @@ void create_circuit(Composer& composer, acir_format const& constraint_system) if (std::find(constraint_system.public_inputs.begin(), constraint_system.public_inputs.end(), i) != constraint_system.public_inputs.end()) { - composer.add_public_variable(0); + builder.add_public_variable(0); } else { - composer.add_variable(0); + builder.add_variable(0); } } // Add arithmetic gates for (const auto& constraint : constraint_system.constraints) { - composer.create_poly_gate(constraint); + builder.create_poly_gate(constraint); } // Add and constraint for (const auto& constraint : constraint_system.logic_constraints) { create_logic_gate( - composer, constraint.a, constraint.b, constraint.result, constraint.num_bits, constraint.is_xor_gate); + builder, constraint.a, constraint.b, constraint.result, constraint.num_bits, constraint.is_xor_gate); } // Add range constraint for (const auto& constraint : constraint_system.range_constraints) { - composer.create_range_constraint(constraint.witness, constraint.num_bits, ""); + builder.create_range_constraint(constraint.witness, constraint.num_bits, ""); } // Add sha256 constraints for (const auto& constraint : constraint_system.sha256_constraints) { - create_sha256_constraints(composer, constraint); + create_sha256_constraints(builder, constraint); } // Add schnorr constraints for (const auto& constraint : constraint_system.schnorr_constraints) { - create_schnorr_verify_constraints(composer, constraint); + create_schnorr_verify_constraints(builder, constraint); } // Add ECDSA constraints for (const auto& constraint : constraint_system.ecdsa_constraints) { - create_ecdsa_verify_constraints(composer, constraint, false); + create_ecdsa_verify_constraints(builder, constraint, false); } // Add blake2s constraints for (const auto& constraint : constraint_system.blake2s_constraints) { - create_blake2s_constraints(composer, constraint); + create_blake2s_constraints(builder, constraint); } // Add keccak constraints for (const auto& constraint : constraint_system.keccak_constraints) { - create_keccak_constraints(composer, constraint); + create_keccak_constraints(builder, constraint); } for (const auto& constraint : constraint_system.keccak_var_constraints) { - create_keccak_var_constraints(composer, constraint); + create_keccak_var_constraints(builder, constraint); } // Add pedersen constraints for (const auto& constraint : constraint_system.pedersen_constraints) { - create_pedersen_constraint(composer, constraint); + create_pedersen_constraint(builder, constraint); } // Add fixed base scalar mul constraints for (const auto& constraint : constraint_system.fixed_base_scalar_mul_constraints) { - create_fixed_base_constraint(composer, constraint); + create_fixed_base_constraint(builder, constraint); } // Add hash to field constraints for (const auto& constraint : constraint_system.hash_to_field_constraints) { - create_hash_to_field_constraints(composer, constraint); + create_hash_to_field_constraints(builder, constraint); } // Add block constraints for (const auto& constraint : constraint_system.block_constraints) { - create_block_constraints(composer, constraint, false); + create_block_constraints(builder, constraint, false); } // Add recursion constraints for (size_t i = 0; i < constraint_system.recursion_constraints.size(); ++i) { auto& constraint = constraint_system.recursion_constraints[i]; - create_recursion_constraints(composer, constraint); + create_recursion_constraints(builder, constraint); // make sure the verification key records the public input indices of the final recursion output // (N.B. up to the ACIR description to make sure that the final output aggregation object wires are public @@ -103,38 +103,28 @@ void create_circuit(Composer& composer, acir_format const& constraint_system) if (i == constraint_system.recursion_constraints.size() - 1) { std::vector proof_output_witness_indices(constraint.output_aggregation_object.begin(), constraint.output_aggregation_object.end()); - composer.circuit_constructor.set_recursive_proof(proof_output_witness_indices); + builder.set_recursive_proof(proof_output_witness_indices); } } } -Composer create_circuit(const acir_format& constraint_system, - std::shared_ptr const& crs_factory, - size_t size_hint) +Builder create_circuit(const acir_format& constraint_system, size_t size_hint) { - Composer composer(crs_factory, size_hint); - create_circuit(composer, constraint_system); - return composer; + Builder builder(size_hint); + create_circuit(builder, constraint_system); + return builder; } -Composer create_circuit_with_witness(acir_format const& constraint_system, - WitnessVector const& witness, - std::shared_ptr const& crs_factory, - size_t size_hint) +Builder create_circuit_with_witness(acir_format const& constraint_system, + WitnessVector const& witness, + size_t size_hint) { - Composer composer(crs_factory, size_hint); - create_circuit_with_witness(composer, constraint_system, witness); - return composer; + Builder builder(size_hint); + create_circuit_with_witness(builder, constraint_system, witness); + return builder; } -Composer create_circuit_with_witness(const acir_format& constraint_system, WitnessVector const& witness) -{ - auto composer = Composer(); - create_circuit_with_witness(composer, constraint_system, witness); - return composer; -} - -void create_circuit_with_witness(Composer& composer, acir_format const& constraint_system, WitnessVector const& witness) +void create_circuit_with_witness(Builder& builder, acir_format const& constraint_system, WitnessVector const& witness) { if (constraint_system.public_inputs.size() > constraint_system.varnum) { info("create_circuit_with_witness: too many public inputs!"); @@ -146,83 +136,83 @@ void create_circuit_with_witness(Composer& composer, acir_format const& constrai if (std::find(constraint_system.public_inputs.begin(), constraint_system.public_inputs.end(), i) != constraint_system.public_inputs.end()) { - composer.add_public_variable(0); + builder.add_public_variable(0); } else { - composer.add_variable(0); + builder.add_variable(0); } } - read_witness(composer, witness); + read_witness(builder, witness); // Add arithmetic gates for (const auto& constraint : constraint_system.constraints) { - composer.create_poly_gate(constraint); + builder.create_poly_gate(constraint); } // Add logic constraint for (const auto& constraint : constraint_system.logic_constraints) { create_logic_gate( - composer, constraint.a, constraint.b, constraint.result, constraint.num_bits, constraint.is_xor_gate); + builder, constraint.a, constraint.b, constraint.result, constraint.num_bits, constraint.is_xor_gate); } // Add range constraint for (const auto& constraint : constraint_system.range_constraints) { - composer.create_range_constraint(constraint.witness, constraint.num_bits, ""); + builder.create_range_constraint(constraint.witness, constraint.num_bits, ""); } // Add sha256 constraints for (const auto& constraint : constraint_system.sha256_constraints) { - create_sha256_constraints(composer, constraint); + create_sha256_constraints(builder, constraint); } // Add schnorr constraints for (const auto& constraint : constraint_system.schnorr_constraints) { - create_schnorr_verify_constraints(composer, constraint); + create_schnorr_verify_constraints(builder, constraint); } // Add ECDSA constraints for (const auto& constraint : constraint_system.ecdsa_constraints) { - create_ecdsa_verify_constraints(composer, constraint); + create_ecdsa_verify_constraints(builder, constraint); } // Add blake2s constraints for (const auto& constraint : constraint_system.blake2s_constraints) { - create_blake2s_constraints(composer, constraint); + create_blake2s_constraints(builder, constraint); } // Add keccak constraints for (const auto& constraint : constraint_system.keccak_constraints) { - create_keccak_constraints(composer, constraint); + create_keccak_constraints(builder, constraint); } for (const auto& constraint : constraint_system.keccak_var_constraints) { - create_keccak_var_constraints(composer, constraint); + create_keccak_var_constraints(builder, constraint); } // Add pedersen constraints for (const auto& constraint : constraint_system.pedersen_constraints) { - create_pedersen_constraint(composer, constraint); + create_pedersen_constraint(builder, constraint); } // Add fixed base scalar mul constraints for (const auto& constraint : constraint_system.fixed_base_scalar_mul_constraints) { - create_fixed_base_constraint(composer, constraint); + create_fixed_base_constraint(builder, constraint); } // Add hash to field constraints for (const auto& constraint : constraint_system.hash_to_field_constraints) { - create_hash_to_field_constraints(composer, constraint); + create_hash_to_field_constraints(builder, constraint); } // Add block constraints for (const auto& constraint : constraint_system.block_constraints) { - create_block_constraints(composer, constraint); + create_block_constraints(builder, constraint); } // Add recursion constraints for (size_t i = 0; i < constraint_system.recursion_constraints.size(); ++i) { auto& constraint = constraint_system.recursion_constraints[i]; - create_recursion_constraints(composer, constraint, true); + create_recursion_constraints(builder, constraint, true); // make sure the verification key records the public input indices of the final recursion output // (N.B. up to the ACIR description to make sure that the final output aggregation object wires are public @@ -230,7 +220,7 @@ void create_circuit_with_witness(Composer& composer, acir_format const& constrai if (i == constraint_system.recursion_constraints.size() - 1) { std::vector proof_output_witness_indices(constraint.output_aggregation_object.begin(), constraint.output_aggregation_object.end()); - composer.circuit_constructor.set_recursive_proof(proof_output_witness_indices); + builder.set_recursive_proof(proof_output_witness_indices); } } } diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp index 6e6857d83a..cf8068bbb8 100644 --- a/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp @@ -45,24 +45,17 @@ struct acir_format { using WitnessVector = std::vector>; -void read_witness(Composer& composer, std::vector const& witness); +void read_witness(Builder& builder, std::vector const& witness); -void create_circuit(Composer& composer, const acir_format& constraint_system); +void create_circuit(Builder& builder, const acir_format& constraint_system); -Composer create_circuit(const acir_format& constraint_system, - std::shared_ptr const& crs_factory, - size_t size_hint = 0); +Builder create_circuit(const acir_format& constraint_system, size_t size_hint = 0); -Composer create_circuit_with_witness(const acir_format& constraint_system, - WitnessVector const& witness, - std::shared_ptr const& crs_factory, - size_t size_hint = 0); +Builder create_circuit_with_witness(const acir_format& constraint_system, + WitnessVector const& witness, + size_t size_hint = 0); -Composer create_circuit_with_witness(const acir_format& constraint_system, WitnessVector const& witness); - -void create_circuit_with_witness(Composer& composer, - const acir_format& constraint_system, - WitnessVector const& witness); +void create_circuit_with_witness(Builder& builder, const acir_format& constraint_system, WitnessVector const& witness); // Serialisation template inline void read(B& buf, acir_format& data) diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp index 545cab88b5..8da37992f5 100644 --- a/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp @@ -1,11 +1,14 @@ +#include +#include + #include "acir_format.hpp" +#include "ecdsa_secp256k1.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" -#include -#include #include "barretenberg/common/streams.hpp" #include "barretenberg/serialize/test_helper.hpp" #include "ecdsa_secp256k1.hpp" +namespace acir_format::tests { TEST(acir_format, test_a_single_constraint_no_pub_inputs) { @@ -20,7 +23,7 @@ TEST(acir_format, test_a_single_constraint_no_pub_inputs) .q_c = 0, }; - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = 4, .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -39,19 +42,20 @@ TEST(acir_format, test_a_single_constraint_no_pub_inputs) .constraints = { constraint }, }; - auto composer = acir_format::create_circuit_with_witness(constraint_system, { 0, 0, 1 }); + auto builder = create_circuit_with_witness(constraint_system, { 0, 0, 1 }); - auto prover = composer.create_ultra_with_keccak_prover(); + auto composer = Composer(); + auto prover = composer.create_ultra_with_keccak_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_ultra_with_keccak_verifier(); + auto verifier = composer.create_ultra_with_keccak_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), false); } TEST(acir_format, msgpack_logic_constraint) { - auto [actual, expected] = msgpack_roundtrip(acir_format::LogicConstraint{}); + auto [actual, expected] = msgpack_roundtrip(LogicConstraint{}); EXPECT_EQ(actual, expected); } TEST(acir_format, test_logic_gate_from_noir_circuit) @@ -64,16 +68,16 @@ TEST(acir_format, test_logic_gate_from_noir_circuit) * constrain z != 10; * } **/ - acir_format::RangeConstraint range_a{ + RangeConstraint range_a{ .witness = 1, .num_bits = 32, }; - acir_format::RangeConstraint range_b{ + RangeConstraint range_b{ .witness = 2, .num_bits = 32, }; - acir_format::LogicConstraint logic_constraint{ + LogicConstraint logic_constraint{ .a = 1, .b = 2, .result = 3, @@ -125,7 +129,7 @@ TEST(acir_format, test_logic_gate_from_noir_circuit) // EXPR [ (1, _4, _6) (-1, _4) 0 ] // EXPR [ (-1, _6) 1 ] - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = 7, .public_inputs = { 2 }, .fixed_base_scalar_mul_constraints = {}, @@ -145,29 +149,30 @@ TEST(acir_format, test_logic_gate_from_noir_circuit) }; uint256_t inverse_of_five = fr(5).invert(); - auto composer = acir_format::create_circuit_with_witness(constraint_system, - { - 5, - 10, - 15, - 5, - inverse_of_five, - 1, - }); + auto builder = create_circuit_with_witness(constraint_system, + { + 5, + 10, + 15, + 5, + inverse_of_five, + 1, + }); - auto prover = composer.create_ultra_with_keccak_prover(); + auto composer = Composer(); + auto prover = composer.create_ultra_with_keccak_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_ultra_with_keccak_verifier(); + auto verifier = composer.create_ultra_with_keccak_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } TEST(acir_format, test_schnorr_verify_pass) { - std::vector range_constraints; + std::vector range_constraints; for (uint32_t i = 0; i < 10; i++) { - range_constraints.push_back(acir_format::RangeConstraint{ + range_constraints.push_back(RangeConstraint{ .witness = i + 1, .num_bits = 15, }); @@ -176,13 +181,13 @@ TEST(acir_format, test_schnorr_verify_pass) std::vector signature(64); for (uint32_t i = 0, value = 13; i < 64; i++, value++) { signature[i] = value; - range_constraints.push_back(acir_format::RangeConstraint{ + range_constraints.push_back(RangeConstraint{ .witness = value, .num_bits = 15, }); } - acir_format::SchnorrConstraint schnorr_constraint{ + SchnorrConstraint schnorr_constraint{ .message = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }, .public_key_x = 11, .public_key_y = 12, @@ -190,7 +195,7 @@ TEST(acir_format, test_schnorr_verify_pass) .signature = signature, }; - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = 82, .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -220,26 +225,27 @@ TEST(acir_format, test_schnorr_verify_pass) uint256_t pub_x = uint256_t("17cbd3ed3151ccfd170efe1d54280a6a4822640bf5c369908ad74ea21518a9c5"); uint256_t pub_y = uint256_t("0e0456e3795c1a31f20035b741cd6158929eeccd320d299cfcac962865a6bc74"); - auto composer = acir_format::create_circuit_with_witness( + auto builder = create_circuit_with_witness( constraint_system, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, pub_x, pub_y, 5, 202, 31, 146, 81, 242, 246, 69, 43, 107, 249, 153, 198, 44, 14, 111, 191, 121, 137, 166, 160, 103, 18, 181, 243, 233, 226, 95, 67, 16, 37, 128, 85, 76, 19, 253, 30, 77, 192, 53, 138, 205, 69, 33, 236, 163, 83, 194, 84, 137, 184, 221, 176, 121, 179, 27, 63, 70, 54, 16, 176, 250, 39, 239, 1, 0, 0, 0 }); - auto prover = composer.create_ultra_with_keccak_prover(); + auto composer = Composer(); + auto prover = composer.create_ultra_with_keccak_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_ultra_with_keccak_verifier(); + auto verifier = composer.create_ultra_with_keccak_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } TEST(acir_format, test_schnorr_verify_small_range) { - std::vector range_constraints; + std::vector range_constraints; for (uint32_t i = 0; i < 10; i++) { - range_constraints.push_back(acir_format::RangeConstraint{ + range_constraints.push_back(RangeConstraint{ .witness = i + 1, .num_bits = 8, }); @@ -248,13 +254,13 @@ TEST(acir_format, test_schnorr_verify_small_range) std::vector signature(64); for (uint32_t i = 0, value = 13; i < 64; i++, value++) { signature[i] = value; - range_constraints.push_back(acir_format::RangeConstraint{ + range_constraints.push_back(RangeConstraint{ .witness = value, .num_bits = 8, }); } - acir_format::SchnorrConstraint schnorr_constraint{ + SchnorrConstraint schnorr_constraint{ .message = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }, .public_key_x = 11, .public_key_y = 12, @@ -262,7 +268,7 @@ TEST(acir_format, test_schnorr_verify_small_range) .signature = signature, }; - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = 82, .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -292,17 +298,17 @@ TEST(acir_format, test_schnorr_verify_small_range) uint256_t pub_x = uint256_t("17cbd3ed3151ccfd170efe1d54280a6a4822640bf5c369908ad74ea21518a9c5"); uint256_t pub_y = uint256_t("0e0456e3795c1a31f20035b741cd6158929eeccd320d299cfcac962865a6bc74"); - auto composer = acir_format::create_circuit_with_witness( + auto builder = create_circuit_with_witness( constraint_system, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, pub_x, pub_y, 5, 202, 31, 146, 81, 242, 246, 69, 43, 107, 249, 153, 198, 44, 14, 111, 191, 121, 137, 166, 160, 103, 18, 181, 243, 233, 226, 95, 67, 16, 37, 128, 85, 76, 19, 253, 30, 77, 192, 53, 138, 205, 69, 33, 236, 163, 83, 194, 84, 137, 184, 221, 176, 121, 179, 27, 63, 70, 54, 16, 176, 250, 39, 239, 1, 0, 0, 0 }); - auto prover = composer.create_ultra_with_keccak_prover(); + auto composer = Composer(); + auto prover = composer.create_ultra_with_keccak_prover(builder); auto proof = prover.construct_proof(); - - auto verifier = composer.create_ultra_with_keccak_verifier(); - + auto verifier = composer.create_ultra_with_keccak_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } +} // namespace acir_format::tests \ No newline at end of file diff --git a/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.cpp b/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.cpp index 8cd00269af..e5fc04696a 100644 --- a/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.cpp @@ -3,11 +3,11 @@ namespace acir_format { -void create_blake2s_constraints(Composer& composer, const Blake2sConstraint& constraint) +void create_blake2s_constraints(Builder& builder, const Blake2sConstraint& constraint) { // Create byte array struct - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array @@ -18,19 +18,19 @@ void create_blake2s_constraints(Composer& composer, const Blake2sConstraint& con // XXX: The implementation requires us to truncate the element to the nearest byte and not bit auto num_bytes = round_to_nearest_byte(num_bits); - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); byte_array_ct element_bytes(element, num_bytes); arr.write(element_bytes); } - byte_array_ct output_bytes = proof_system::plonk::stdlib::blake2s(arr); + byte_array_ct output_bytes = proof_system::plonk::stdlib::blake2s(arr); // Convert byte array to vector of field_t auto bytes = output_bytes.bytes(); for (size_t i = 0; i < bytes.size(); ++i) { - composer.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); + builder.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); } } diff --git a/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.hpp b/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.hpp index f68bf2019a..f78dd46ac5 100644 --- a/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/blake2s_constraint.hpp @@ -19,7 +19,7 @@ struct Blake2sConstraint { friend bool operator==(Blake2sConstraint const& lhs, Blake2sConstraint const& rhs) = default; }; -void create_blake2s_constraints(Composer& composer, const Blake2sConstraint& constraint); +void create_blake2s_constraints(Builder& builder, const Blake2sConstraint& constraint); template inline void read(B& buf, Blake2sInput& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/block_constraint.cpp b/cpp/src/barretenberg/dsl/acir_format/block_constraint.cpp index 1d76f7ea58..811421aa9b 100644 --- a/cpp/src/barretenberg/dsl/acir_format/block_constraint.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/block_constraint.cpp @@ -5,7 +5,7 @@ using namespace proof_system::plonk; namespace acir_format { -field_ct poly_to_field_ct(const poly_triple poly, Composer& composer) +field_ct poly_to_field_ct(const poly_triple poly, Builder& builder) { ASSERT(poly.q_m == 0); ASSERT(poly.q_r == 0); @@ -13,17 +13,17 @@ field_ct poly_to_field_ct(const poly_triple poly, Composer& composer) if (poly.q_l == 0) { return field_ct(poly.q_c); } - field_ct x = field_ct::from_witness_index(&composer, poly.a); + field_ct x = field_ct::from_witness_index(&builder, poly.a); x.additive_constant = poly.q_c; x.multiplicative_constant = poly.q_l; return x; } -void create_block_constraints(Composer& composer, const BlockConstraint constraint, bool has_valid_witness_assignments) +void create_block_constraints(Builder& builder, const BlockConstraint constraint, bool has_valid_witness_assignments) { std::vector init; for (auto i : constraint.init) { - field_ct value = poly_to_field_ct(i, composer); + field_ct value = poly_to_field_ct(i, builder); init.push_back(value); } @@ -32,8 +32,8 @@ void create_block_constraints(Composer& composer, const BlockConstraint constrai rom_table_ct table(init); for (auto& op : constraint.trace) { ASSERT(op.access_type == 0); - field_ct value = poly_to_field_ct(op.value, composer); - field_ct index = poly_to_field_ct(op.index, composer); + field_ct value = poly_to_field_ct(op.value, builder); + field_ct index = poly_to_field_ct(op.index, builder); // For a ROM table, constant read should be optimised out: // The rom_table won't work with a constant read because the table may not be initialised ASSERT(op.index.q_l != 0); @@ -44,7 +44,7 @@ void create_block_constraints(Composer& composer, const BlockConstraint constrai // If witness are assigned, we use the correct value for w w_value = index.get_value(); } - field_ct w = field_ct::from_witness(&composer, w_value); + field_ct w = field_ct::from_witness(&builder, w_value); value.assert_equal(table[w]); w.assert_equal(index); } @@ -52,8 +52,8 @@ void create_block_constraints(Composer& composer, const BlockConstraint constrai case BlockType::RAM: { ram_table_ct table(init); for (auto& op : constraint.trace) { - field_ct value = poly_to_field_ct(op.value, composer); - field_ct index = poly_to_field_ct(op.index, composer); + field_ct value = poly_to_field_ct(op.value, builder); + field_ct index = poly_to_field_ct(op.index, builder); if (has_valid_witness_assignments == false) { index = field_ct(0); } diff --git a/cpp/src/barretenberg/dsl/acir_format/block_constraint.hpp b/cpp/src/barretenberg/dsl/acir_format/block_constraint.hpp index 7c1418ccf8..a3b04d93bb 100644 --- a/cpp/src/barretenberg/dsl/acir_format/block_constraint.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/block_constraint.hpp @@ -1,7 +1,6 @@ #pragma once #include #include -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/dsl/types.hpp" @@ -24,7 +23,7 @@ struct BlockConstraint { BlockType type; }; -void create_block_constraints(Composer& composer, +void create_block_constraints(Builder& builder, const BlockConstraint constraint, bool has_valid_witness_assignments = true); diff --git a/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp index 4c443e7e35..a8c14e2455 100644 --- a/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp @@ -6,7 +6,8 @@ #include #include -size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_format::WitnessVector& witness_values) +namespace acir_format::tests { +size_t generate_block_constraint(BlockConstraint& constraint, WitnessVector& witness_values) { size_t witness_len = 1; witness_values.emplace_back(1); @@ -78,20 +79,20 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ }; witness_values.emplace_back(3); witness_len++; - acir_format::MemOp op1 = acir_format::MemOp{ + MemOp op1 = MemOp{ .access_type = 0, .index = r1, .value = y, }; - acir_format::MemOp op2 = acir_format::MemOp{ + MemOp op2 = MemOp{ .access_type = 0, .index = r2, .value = z, }; - constraint = acir_format::BlockConstraint{ + constraint = BlockConstraint{ .init = { a0, a1 }, .trace = { op1, op2 }, - .type = acir_format::BlockType::ROM, + .type = BlockType::ROM, }; return witness_len; @@ -99,10 +100,10 @@ size_t generate_block_constraint(acir_format::BlockConstraint& constraint, acir_ TEST(up_ram, TestBlockConstraint) { - acir_format::BlockConstraint block; - acir_format::WitnessVector witness_values; + BlockConstraint block; + WitnessVector witness_values; size_t num_variables = generate_block_constraint(block, witness_values); - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = static_cast(num_variables), .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -121,11 +122,13 @@ TEST(up_ram, TestBlockConstraint) .constraints = {}, }; - auto composer = acir_format::create_circuit_with_witness(constraint_system, witness_values); + auto builder = create_circuit_with_witness(constraint_system, witness_values); - auto prover = composer.create_prover(); + auto composer = Composer(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } +} // namespace acir_format::tests \ No newline at end of file diff --git a/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.cpp b/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.cpp index 31cddb3e2f..0bfe09ada2 100644 --- a/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.cpp @@ -6,7 +6,7 @@ namespace acir_format { using namespace proof_system::plonk; -crypto::ecdsa::signature ecdsa_convert_signature(Composer& composer, std::vector signature) +crypto::ecdsa::signature ecdsa_convert_signature(Builder& builder, std::vector signature) { crypto::ecdsa::signature signature_cr; @@ -19,7 +19,7 @@ crypto::ecdsa::signature ecdsa_convert_signature(Composer& composer, std::vector std::vector fr_bytes(sizeof(fr)); - fr value = composer.get_variable(witness_index); + fr value = builder.get_variable(witness_index); fr::serialize_to_buffer(value, &fr_bytes[0]); @@ -31,7 +31,7 @@ crypto::ecdsa::signature ecdsa_convert_signature(Composer& composer, std::vector std::vector fr_bytes(sizeof(fr)); - fr value = composer.get_variable(witness_index); + fr value = builder.get_variable(witness_index); fr::serialize_to_buffer(value, &fr_bytes[0]); @@ -43,7 +43,7 @@ crypto::ecdsa::signature ecdsa_convert_signature(Composer& composer, std::vector return signature_cr; } -secp256k1_ct::g1_ct ecdsa_convert_inputs(Composer* ctx, const secp256k1::g1::affine_element& input) +secp256k1_ct::g1_ct ecdsa_convert_inputs(Builder* ctx, const secp256k1::g1::affine_element& input) { uint256_t x_u256(input.x); uint256_t y_u256(input.y); @@ -62,15 +62,15 @@ secp256k1_ct::g1_ct ecdsa_convert_inputs(Composer* ctx, const secp256k1::g1::aff // vector of bytes here, assumes that the witness indices point to a field element which can be represented // with just a byte. // notice that this function truncates each field_element to a byte -byte_array_ct ecdsa_vector_of_bytes_to_byte_array(Composer& composer, std::vector vector_of_bytes) +byte_array_ct ecdsa_vector_of_bytes_to_byte_array(Builder& builder, std::vector vector_of_bytes) { - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array for (const auto& witness_index : vector_of_bytes) { - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); size_t num_bytes = 1; byte_array_ct element_bytes(element, num_bytes); @@ -78,26 +78,26 @@ byte_array_ct ecdsa_vector_of_bytes_to_byte_array(Composer& composer, std::vecto } return arr; } -witness_ct ecdsa_index_to_witness(Composer& composer, uint32_t index) +witness_ct ecdsa_index_to_witness(Builder& builder, uint32_t index) { - fr value = composer.get_variable(index); - return { &composer, value }; + fr value = builder.get_variable(index); + return { &builder, value }; } -void create_ecdsa_verify_constraints(Composer& composer, +void create_ecdsa_verify_constraints(Builder& builder, const EcdsaSecp256k1Constraint& input, bool has_valid_witness_assignments) { if (has_valid_witness_assignments == false) { - dummy_ecdsa_constraint(composer, input); + dummy_ecdsa_constraint(builder, input); } - auto new_sig = ecdsa_convert_signature(composer, input.signature); + auto new_sig = ecdsa_convert_signature(builder, input.signature); - auto message = ecdsa_vector_of_bytes_to_byte_array(composer, input.hashed_message); - auto pub_key_x_byte_arr = ecdsa_vector_of_bytes_to_byte_array(composer, input.pub_x_indices); - auto pub_key_y_byte_arr = ecdsa_vector_of_bytes_to_byte_array(composer, input.pub_y_indices); + auto message = ecdsa_vector_of_bytes_to_byte_array(builder, input.hashed_message); + auto pub_key_x_byte_arr = ecdsa_vector_of_bytes_to_byte_array(builder, input.pub_x_indices); + auto pub_key_y_byte_arr = ecdsa_vector_of_bytes_to_byte_array(builder, input.pub_y_indices); auto pub_key_x_fq = secp256k1_ct::fq_ct(pub_key_x_byte_arr); auto pub_key_y_fq = secp256k1_ct::fq_ct(pub_key_y_byte_arr); @@ -106,31 +106,31 @@ void create_ecdsa_verify_constraints(Composer& composer, std::vector ss(new_sig.s.begin(), new_sig.s.end()); uint8_t vv = new_sig.v; - stdlib::ecdsa::signature sig{ stdlib::byte_array(&composer, rr), - stdlib::byte_array(&composer, ss), - stdlib::uint8(&composer, vv) }; + stdlib::ecdsa::signature sig{ stdlib::byte_array(&builder, rr), + stdlib::byte_array(&builder, ss), + stdlib::uint8(&builder, vv) }; pub_key_x_fq.assert_is_in_field(); pub_key_y_fq.assert_is_in_field(); secp256k1_ct::g1_bigfr_ct public_key = secp256k1_ct::g1_bigfr_ct(pub_key_x_fq, pub_key_y_fq); for (size_t i = 0; i < 32; ++i) { - sig.r[i].assert_equal(field_ct::from_witness_index(&composer, input.signature[i])); - sig.s[i].assert_equal(field_ct::from_witness_index(&composer, input.signature[i + 32])); - pub_key_x_byte_arr[i].assert_equal(field_ct::from_witness_index(&composer, input.pub_x_indices[i])); - pub_key_y_byte_arr[i].assert_equal(field_ct::from_witness_index(&composer, input.pub_y_indices[i])); + sig.r[i].assert_equal(field_ct::from_witness_index(&builder, input.signature[i])); + sig.s[i].assert_equal(field_ct::from_witness_index(&builder, input.signature[i + 32])); + pub_key_x_byte_arr[i].assert_equal(field_ct::from_witness_index(&builder, input.pub_x_indices[i])); + pub_key_y_byte_arr[i].assert_equal(field_ct::from_witness_index(&builder, input.pub_y_indices[i])); } for (size_t i = 0; i < input.hashed_message.size(); ++i) { - message[i].assert_equal(field_ct::from_witness_index(&composer, input.hashed_message[i])); + message[i].assert_equal(field_ct::from_witness_index(&builder, input.hashed_message[i])); } bool_ct signature_result = - stdlib::ecdsa::verify_signature_prehashed_message_noassert(message, public_key, sig); bool_ct signature_result_normalized = signature_result.normalize(); - composer.assert_equal(signature_result_normalized.witness_index, input.result); + builder.assert_equal(signature_result_normalized.witness_index, input.result); } // Add dummy constraints for ECDSA because when the verifier creates the @@ -138,7 +138,7 @@ void create_ecdsa_verify_constraints(Composer& composer, // // This does not work for ECDSA as the signature, r, s and public key need // to be valid. -void dummy_ecdsa_constraint(Composer& composer, EcdsaSecp256k1Constraint const& input) +void dummy_ecdsa_constraint(Builder& builder, EcdsaSecp256k1Constraint const& input) { std::vector pub_x_indices_; @@ -161,10 +161,10 @@ void dummy_ecdsa_constraint(Composer& composer, EcdsaSecp256k1Constraint const& // We don't use them in a gate, so when we call assert_equal, they will be // replaced as if they never existed. for (size_t i = 0; i < 32; ++i) { - uint32_t x_wit = composer.add_variable(pub_x_value.slice(248 - i * 8, 256 - i * 8)); - uint32_t y_wit = composer.add_variable(pub_y_value.slice(248 - i * 8, 256 - i * 8)); - uint32_t r_wit = composer.add_variable(signature.r[i]); - uint32_t s_wit = composer.add_variable(signature.s[i]); + uint32_t x_wit = builder.add_variable(pub_x_value.slice(248 - i * 8, 256 - i * 8)); + uint32_t y_wit = builder.add_variable(pub_y_value.slice(248 - i * 8, 256 - i * 8)); + uint32_t r_wit = builder.add_variable(signature.r[i]); + uint32_t s_wit = builder.add_variable(signature.s[i]); pub_x_indices_.emplace_back(x_wit); pub_y_indices_.emplace_back(y_wit); signature_[i] = r_wit; @@ -173,13 +173,13 @@ void dummy_ecdsa_constraint(Composer& composer, EcdsaSecp256k1Constraint const& // Call assert_equal(from, to) to replace the value in `to` by the value in `from` for (size_t i = 0; i < input.pub_x_indices.size(); ++i) { - composer.assert_equal(pub_x_indices_[i], input.pub_x_indices[i]); + builder.assert_equal(pub_x_indices_[i], input.pub_x_indices[i]); } for (size_t i = 0; i < input.pub_y_indices.size(); ++i) { - composer.assert_equal(pub_y_indices_[i], input.pub_y_indices[i]); + builder.assert_equal(pub_y_indices_[i], input.pub_y_indices[i]); } for (size_t i = 0; i < input.signature.size(); ++i) { - composer.assert_equal(signature_[i], input.signature[i]); + builder.assert_equal(signature_[i], input.signature[i]); } } diff --git a/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.hpp b/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.hpp index 59d1fe48e0..75ff0bd42c 100644 --- a/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.hpp @@ -26,11 +26,11 @@ struct EcdsaSecp256k1Constraint { friend bool operator==(EcdsaSecp256k1Constraint const& lhs, EcdsaSecp256k1Constraint const& rhs) = default; }; -void create_ecdsa_verify_constraints(Composer& composer, +void create_ecdsa_verify_constraints(Builder& builder, const EcdsaSecp256k1Constraint& input, bool has_valid_witness_assignments = true); -void dummy_ecdsa_constraint(Composer& composer, EcdsaSecp256k1Constraint const& input); +void dummy_ecdsa_constraint(Builder& builder, EcdsaSecp256k1Constraint const& input); template inline void read(B& buf, EcdsaSecp256k1Constraint& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp b/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp index 95a2551511..21de8fcc2f 100644 --- a/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.test.cpp @@ -7,10 +7,10 @@ #include #include -using curve_ct = proof_system::plonk::stdlib::secp256k1; +namespace acir_format::tests { +using curve_ct = proof_system::plonk::stdlib::secp256k1; -size_t generate_ecdsa_constraint(acir_format::EcdsaSecp256k1Constraint& ecdsa_constraint, - acir_format::WitnessVector& witness_values) +size_t generate_ecdsa_constraint(EcdsaSecp256k1Constraint& ecdsa_constraint, WitnessVector& witness_values) { std::string message_string = "Instructions unclear, ask again later."; @@ -69,7 +69,7 @@ size_t generate_ecdsa_constraint(acir_format::EcdsaSecp256k1Constraint& ecdsa_co offset += 1; witness_values.emplace_back(1); - ecdsa_constraint = acir_format::EcdsaSecp256k1Constraint{ + ecdsa_constraint = EcdsaSecp256k1Constraint{ .hashed_message = message_in, .pub_x_indices = pub_x_indices_in, .pub_y_indices = pub_y_indices_in, @@ -81,10 +81,10 @@ size_t generate_ecdsa_constraint(acir_format::EcdsaSecp256k1Constraint& ecdsa_co TEST(ECDSASecp256k1, TestECDSAConstraintSucceed) { - acir_format::EcdsaSecp256k1Constraint ecdsa_constraint; - acir_format::WitnessVector witness_values; + EcdsaSecp256k1Constraint ecdsa_constraint; + WitnessVector witness_values; size_t num_variables = generate_ecdsa_constraint(ecdsa_constraint, witness_values); - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = static_cast(num_variables), .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -103,13 +103,15 @@ TEST(ECDSASecp256k1, TestECDSAConstraintSucceed) .constraints = {}, }; - auto composer = acir_format::create_circuit_with_witness(constraint_system, witness_values); + auto builder = create_circuit_with_witness(constraint_system, witness_values); - EXPECT_EQ(composer.get_variable(ecdsa_constraint.result), 1); - auto prover = composer.create_prover(); + EXPECT_EQ(builder.get_variable(ecdsa_constraint.result), 1); + + auto composer = Composer(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } @@ -118,10 +120,10 @@ TEST(ECDSASecp256k1, TestECDSAConstraintSucceed) // even though we are just building the circuit. TEST(ECDSASecp256k1, TestECDSACompilesForVerifier) { - acir_format::EcdsaSecp256k1Constraint ecdsa_constraint; - acir_format::WitnessVector witness_values; + EcdsaSecp256k1Constraint ecdsa_constraint; + WitnessVector witness_values; size_t num_variables = generate_ecdsa_constraint(ecdsa_constraint, witness_values); - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = static_cast(num_variables), .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -139,14 +141,13 @@ TEST(ECDSASecp256k1, TestECDSACompilesForVerifier) .recursion_constraints = {}, .constraints = {}, }; - auto crs_factory = std::make_unique(); - auto composer = create_circuit(constraint_system, std::move(crs_factory)); + auto builder = create_circuit(constraint_system); } TEST(ECDSASecp256k1, TestECDSAConstraintFail) { - acir_format::EcdsaSecp256k1Constraint ecdsa_constraint; - acir_format::WitnessVector witness_values; + EcdsaSecp256k1Constraint ecdsa_constraint; + WitnessVector witness_values; size_t num_variables = generate_ecdsa_constraint(ecdsa_constraint, witness_values); // set result value to be false @@ -155,7 +156,7 @@ TEST(ECDSASecp256k1, TestECDSAConstraintFail) // tamper with signature witness_values[witness_values.size() - 20] += 1; - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = static_cast(num_variables), .public_inputs = {}, .fixed_base_scalar_mul_constraints = {}, @@ -174,12 +175,13 @@ TEST(ECDSASecp256k1, TestECDSAConstraintFail) .constraints = {}, }; - auto composer = acir_format::create_circuit_with_witness(constraint_system, witness_values); - - EXPECT_EQ(composer.get_variable(ecdsa_constraint.result), 0); - auto prover = composer.create_prover(); + auto builder = create_circuit_with_witness(constraint_system, witness_values); + EXPECT_EQ(builder.get_variable(ecdsa_constraint.result), 0); + auto composer = Composer(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); EXPECT_EQ(verifier.verify_proof(proof), true); } +} // namespace acir_format::tests \ No newline at end of file diff --git a/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp b/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp index 453ab56f47..18f1b59f4c 100644 --- a/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.cpp @@ -2,14 +2,14 @@ namespace acir_format { -void create_fixed_base_constraint(Composer& composer, const FixedBaseScalarMul& input) +void create_fixed_base_constraint(Builder& builder, const FixedBaseScalarMul& input) { - field_ct scalar_as_field = field_ct::from_witness_index(&composer, input.scalar); + field_ct scalar_as_field = field_ct::from_witness_index(&builder, input.scalar); auto public_key = group_ct::fixed_base_scalar_mul_g1<254>(scalar_as_field); - composer.assert_equal(public_key.x.witness_index, input.pub_key_x); - composer.assert_equal(public_key.y.witness_index, input.pub_key_y); + builder.assert_equal(public_key.x.witness_index, input.pub_key_x); + builder.assert_equal(public_key.y.witness_index, input.pub_key_y); } } // namespace acir_format diff --git a/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp b/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp index 80e52e03db..a96c743e69 100644 --- a/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/fixed_base_scalar_mul.hpp @@ -12,7 +12,7 @@ struct FixedBaseScalarMul { friend bool operator==(FixedBaseScalarMul const& lhs, FixedBaseScalarMul const& rhs) = default; }; -void create_fixed_base_constraint(Composer& composer, const FixedBaseScalarMul& input); +void create_fixed_base_constraint(Builder& builder, const FixedBaseScalarMul& input); template inline void read(B& buf, FixedBaseScalarMul& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/hash_to_field.cpp b/cpp/src/barretenberg/dsl/acir_format/hash_to_field.cpp index afc3e2cf9f..ec29a2cec6 100644 --- a/cpp/src/barretenberg/dsl/acir_format/hash_to_field.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/hash_to_field.cpp @@ -5,11 +5,11 @@ namespace acir_format { using namespace proof_system::plonk; -void create_hash_to_field_constraints(Composer& composer, const HashToFieldConstraint constraint) +void create_hash_to_field_constraints(Builder& builder, const HashToFieldConstraint constraint) { // Create byte array struct - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array @@ -20,7 +20,7 @@ void create_hash_to_field_constraints(Composer& composer, const HashToFieldConst // XXX: The implementation requires us to truncate the element to the nearest byte and not bit auto num_bytes = round_to_nearest_byte(num_bits); - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); byte_array_ct element_bytes(element, num_bytes); byte_array_ct reversed_bytes = element_bytes.reverse(); @@ -30,12 +30,12 @@ void create_hash_to_field_constraints(Composer& composer, const HashToFieldConst // Hash To Field using blake2s. // Note: It does not need to be blake2s in the future - byte_array_ct out_bytes = stdlib::blake2s(arr); + byte_array_ct out_bytes = stdlib::blake2s(arr); field_ct out(out_bytes); field_ct normalised_out = out.normalize(); - composer.assert_equal(normalised_out.witness_index, constraint.result); + builder.assert_equal(normalised_out.witness_index, constraint.result); } } // namespace acir_format diff --git a/cpp/src/barretenberg/dsl/acir_format/hash_to_field.hpp b/cpp/src/barretenberg/dsl/acir_format/hash_to_field.hpp index 504493ce3e..d08c399c23 100644 --- a/cpp/src/barretenberg/dsl/acir_format/hash_to_field.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/hash_to_field.hpp @@ -19,7 +19,7 @@ struct HashToFieldConstraint { friend bool operator==(HashToFieldConstraint const& lhs, HashToFieldConstraint const& rhs) = default; }; -void create_hash_to_field_constraints(Composer& composer, HashToFieldConstraint constraint); +void create_hash_to_field_constraints(Builder& builder, HashToFieldConstraint constraint); template inline void read(B& buf, HashToFieldInput& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp b/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp index b573e57153..048bcf9c22 100644 --- a/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.cpp @@ -4,11 +4,11 @@ namespace acir_format { -void create_keccak_constraints(Composer& composer, const KeccakConstraint& constraint) +void create_keccak_constraints(Builder& builder, const KeccakConstraint& constraint) { // Create byte array struct - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array @@ -19,27 +19,27 @@ void create_keccak_constraints(Composer& composer, const KeccakConstraint& const // XXX: The implementation requires us to truncate the element to the nearest byte and not bit auto num_bytes = round_to_nearest_byte(num_bits); - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); byte_array_ct element_bytes(element, num_bytes); arr.write(element_bytes); } - byte_array_ct output_bytes = proof_system::plonk::stdlib::keccak::hash(arr); + byte_array_ct output_bytes = proof_system::plonk::stdlib::keccak::hash(arr); // Convert byte array to vector of field_t auto bytes = output_bytes.bytes(); for (size_t i = 0; i < bytes.size(); ++i) { - composer.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); + builder.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); } } -void create_keccak_var_constraints(Composer& composer, const KeccakVarConstraint& constraint) +void create_keccak_var_constraints(Builder& builder, const KeccakVarConstraint& constraint) { // Create byte array struct - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array @@ -50,21 +50,21 @@ void create_keccak_var_constraints(Composer& composer, const KeccakVarConstraint // XXX: The implementation requires us to truncate the element to the nearest byte and not bit auto num_bytes = round_to_nearest_byte(num_bits); - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); byte_array_ct element_bytes(element, num_bytes); arr.write(element_bytes); } - uint32_ct length = field_ct::from_witness_index(&composer, constraint.var_message_size); + uint32_ct length = field_ct::from_witness_index(&builder, constraint.var_message_size); - byte_array_ct output_bytes = proof_system::plonk::stdlib::keccak::hash(arr, length); + byte_array_ct output_bytes = proof_system::plonk::stdlib::keccak::hash(arr, length); // Convert byte array to vector of field_t auto bytes = output_bytes.bytes(); for (size_t i = 0; i < bytes.size(); ++i) { - composer.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); + builder.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); } } diff --git a/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp b/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp index 95fabe00d5..8f97fbe5f5 100644 --- a/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/keccak_constraint.hpp @@ -27,8 +27,8 @@ struct KeccakVarConstraint { friend bool operator==(KeccakVarConstraint const& lhs, KeccakVarConstraint const& rhs) = default; }; -void create_keccak_constraints(Composer& composer, const KeccakConstraint& constraint); -void create_keccak_var_constraints(Composer& composer, const KeccakVarConstraint& constraint); +void create_keccak_constraints(Builder& builder, const KeccakConstraint& constraint); +void create_keccak_var_constraints(Builder& builder, const KeccakVarConstraint& constraint); template inline void read(B& buf, HashInput& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/logic_constraint.cpp b/cpp/src/barretenberg/dsl/acir_format/logic_constraint.cpp index 09990fe04b..9b77101b89 100644 --- a/cpp/src/barretenberg/dsl/acir_format/logic_constraint.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/logic_constraint.cpp @@ -5,7 +5,7 @@ namespace acir_format { using namespace proof_system::plonk; -void create_logic_gate(Composer& composer, +void create_logic_gate(Builder& builder, const uint32_t a, const uint32_t b, const uint32_t result, @@ -13,11 +13,11 @@ void create_logic_gate(Composer& composer, const bool is_xor_gate) { - field_ct left = field_ct::from_witness_index(&composer, a); - field_ct right = field_ct::from_witness_index(&composer, b); + field_ct left = field_ct::from_witness_index(&builder, a); + field_ct right = field_ct::from_witness_index(&builder, b); - field_ct res = stdlib::logic::create_logic_constraint(left, right, num_bits, is_xor_gate); - field_ct our_res = field_ct::from_witness_index(&composer, result); + field_ct res = stdlib::logic::create_logic_constraint(left, right, num_bits, is_xor_gate); + field_ct our_res = field_ct::from_witness_index(&builder, result); res.assert_equal(our_res); } diff --git a/cpp/src/barretenberg/dsl/acir_format/logic_constraint.hpp b/cpp/src/barretenberg/dsl/acir_format/logic_constraint.hpp index d2ed943398..c74817e4c7 100644 --- a/cpp/src/barretenberg/dsl/acir_format/logic_constraint.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/logic_constraint.hpp @@ -17,11 +17,11 @@ struct LogicConstraint { MSGPACK_FIELDS(a, b, result, num_bits, is_xor_gate); }; -void create_logic_gate(Composer& composer, uint32_t a, uint32_t b, uint32_t result, size_t num_bits, bool is_xor_gate); +void create_logic_gate(Builder& builder, uint32_t a, uint32_t b, uint32_t result, size_t num_bits, bool is_xor_gate); -void xor_gate(Composer& composer, uint32_t a, uint32_t b, uint32_t result); +void xor_gate(Builder& builder, uint32_t a, uint32_t b, uint32_t result); -void and_gate(Composer& composer, uint32_t a, uint32_t b, uint32_t result); +void and_gate(Builder& builder, uint32_t a, uint32_t b, uint32_t result); template inline void read(B& buf, LogicConstraint& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/pedersen.cpp b/cpp/src/barretenberg/dsl/acir_format/pedersen.cpp index f31b7b1a4d..b6ff3ddd52 100644 --- a/cpp/src/barretenberg/dsl/acir_format/pedersen.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/pedersen.cpp @@ -4,21 +4,21 @@ namespace acir_format { using namespace proof_system::plonk; -void create_pedersen_constraint(Composer& composer, const PedersenConstraint& input) +void create_pedersen_constraint(Builder& builder, const PedersenConstraint& input) { std::vector scalars; for (const auto& scalar : input.scalars) { // convert input indices to field_ct - field_ct scalar_as_field = field_ct::from_witness_index(&composer, scalar); + field_ct scalar_as_field = field_ct::from_witness_index(&builder, scalar); scalars.push_back(scalar_as_field); } // TODO: Does Noir need additive homomorphic Pedersen hash? If so, using plookup version won't help. - auto point = stdlib::pedersen_plookup_commitment::commit(scalars, input.hash_index); + auto point = stdlib::pedersen_plookup_commitment::commit(scalars, input.hash_index); - composer.assert_equal(point.x.witness_index, input.result_x); - composer.assert_equal(point.y.witness_index, input.result_y); + builder.assert_equal(point.x.witness_index, input.result_x); + builder.assert_equal(point.y.witness_index, input.result_y); } } // namespace acir_format diff --git a/cpp/src/barretenberg/dsl/acir_format/pedersen.hpp b/cpp/src/barretenberg/dsl/acir_format/pedersen.hpp index e966f0a20b..52815fcdb5 100644 --- a/cpp/src/barretenberg/dsl/acir_format/pedersen.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/pedersen.hpp @@ -15,7 +15,7 @@ struct PedersenConstraint { friend bool operator==(PedersenConstraint const& lhs, PedersenConstraint const& rhs) = default; }; -void create_pedersen_constraint(Composer& composer, const PedersenConstraint& input); +void create_pedersen_constraint(Builder& builder, const PedersenConstraint& input); template inline void read(B& buf, PedersenConstraint& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.cpp b/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.cpp index f368df89a8..236ee1480c 100644 --- a/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.cpp @@ -18,7 +18,7 @@ void generate_dummy_proof() {} /** * @brief Add constraints required to recursively verify an UltraPlonk proof * - * @param composer + * @param builder * @param input * @tparam has_valid_witness_assignment. Do we have witnesses or are we just generating keys? * @tparam inner_proof_contains_recursive_proof. Do we expect the inner proof to also have performed recursive @@ -28,7 +28,7 @@ void generate_dummy_proof() {} * We would either need a separate ACIR opcode where inner_proof_contains_recursive_proof = true, * or we need non-witness data to be provided as metadata in the ACIR opcode */ -void create_recursion_constraints(Composer& composer, +void create_recursion_constraints(Builder& builder, const RecursionConstraint& input, bool has_valid_witness_assignments) { @@ -43,7 +43,7 @@ void create_recursion_constraints(Composer& composer, // on-curve errors and inverting-zero errors { // get a fake key/proof that satisfies on-curve + inversion-zero checks - const std::vector dummy_key = export_dummy_key_in_recursion_format(PolynomialManifest(Composer::type), + const std::vector dummy_key = export_dummy_key_in_recursion_format(PolynomialManifest(Builder::type), inner_proof_contains_recursive_proof); const auto manifest = Composer::create_manifest(input.public_inputs.size()); const std::vector dummy_proof = @@ -51,22 +51,22 @@ void create_recursion_constraints(Composer& composer, for (size_t i = 0; i < input.proof.size(); ++i) { const auto proof_field_idx = input.proof[i]; // if we do NOT have a witness assignment (i.e. are just building the proving/verification keys), - // we add our dummy proof values as Composer variables. + // we add our dummy proof values as Builder variables. // if we DO have a valid witness assignment, we use the real witness assignment barretenberg::fr dummy_field = - has_valid_witness_assignments ? composer.get_variable(proof_field_idx) : dummy_proof[i]; + has_valid_witness_assignments ? builder.get_variable(proof_field_idx) : dummy_proof[i]; // Create a copy constraint between our dummy field and the witness index provided by RecursionConstraint. // This will make the RecursionConstraint idx equal to `dummy_field`. // In the case of a valid witness assignment, this does nothing (as dummy_field = real value) // In the case of no valid witness assignment, this makes sure that the RecursionConstraint witness indices // will not trigger basic errors (check inputs are on-curve, check we are not inverting 0) - composer.assert_equal(composer.add_variable(dummy_field), proof_field_idx); + builder.assert_equal(builder.add_variable(dummy_field), proof_field_idx); } for (size_t i = 0; i < input.key.size(); ++i) { const auto key_field_idx = input.key[i]; barretenberg::fr dummy_field = - has_valid_witness_assignments ? composer.get_variable(key_field_idx) : dummy_key[i]; - composer.assert_equal(composer.add_variable(dummy_field), key_field_idx); + has_valid_witness_assignments ? builder.get_variable(key_field_idx) : dummy_key[i]; + builder.assert_equal(builder.add_variable(dummy_field), key_field_idx); } } @@ -87,10 +87,10 @@ void create_recursion_constraints(Composer& composer, std::array aggregation_elements; for (size_t i = 0; i < 4; ++i) { aggregation_elements[i] = - bn254::fq_ct(field_ct::from_witness_index(&composer, aggregation_input[4 * i]), - field_ct::from_witness_index(&composer, aggregation_input[4 * i + 1]), - field_ct::from_witness_index(&composer, aggregation_input[4 * i + 2]), - field_ct::from_witness_index(&composer, aggregation_input[4 * i + 3])); + bn254::fq_ct(field_ct::from_witness_index(&builder, aggregation_input[4 * i]), + field_ct::from_witness_index(&builder, aggregation_input[4 * i + 1]), + field_ct::from_witness_index(&builder, aggregation_input[4 * i + 2]), + field_ct::from_witness_index(&builder, aggregation_input[4 * i + 3])); aggregation_elements[i].assert_is_in_field(); } // If we have a previous aggregation object, assign it to `previous_aggregation` so that it is included @@ -107,39 +107,39 @@ void create_recursion_constraints(Composer& composer, std::vector key_fields; key_fields.reserve(input.key.size()); for (const auto& idx : input.key) { - auto field = field_ct::from_witness_index(&composer, idx); + auto field = field_ct::from_witness_index(&builder, idx); key_fields.emplace_back(field); } std::vector proof_fields; proof_fields.reserve(input.proof.size()); for (const auto& idx : input.proof) { - auto field = field_ct::from_witness_index(&composer, idx); + auto field = field_ct::from_witness_index(&builder, idx); proof_fields.emplace_back(field); } // recursively verify the proof std::shared_ptr vkey = verification_key_ct::from_field_elements( - &composer, key_fields, inner_proof_contains_recursive_proof, nested_aggregation_indices); + &builder, key_fields, inner_proof_contains_recursive_proof, nested_aggregation_indices); vkey->program_width = noir_recursive_settings::program_width; - Transcript_ct transcript(&composer, manifest, proof_fields, input.public_inputs.size()); + Transcript_ct transcript(&builder, manifest, proof_fields, input.public_inputs.size()); aggregation_state_ct result = proof_system::plonk::stdlib::recursion::verify_proof_( - &composer, vkey, transcript, previous_aggregation); + &builder, vkey, transcript, previous_aggregation); // Assign correct witness value to the verification key hash - vkey->compress().assert_equal(field_ct::from_witness_index(&composer, input.key_hash)); + vkey->compress().assert_equal(field_ct::from_witness_index(&builder, input.key_hash)); ASSERT(result.public_inputs.size() == input.public_inputs.size()); // Assign the `public_input` field to the public input of the inner proof for (size_t i = 0; i < input.public_inputs.size(); ++i) { - result.public_inputs[i].assert_equal(field_ct::from_witness_index(&composer, input.public_inputs[i])); + result.public_inputs[i].assert_equal(field_ct::from_witness_index(&builder, input.public_inputs[i])); } // Assign the recursive proof outputs to `output_aggregation_object` for (size_t i = 0; i < result.proof_witness_indices.size(); ++i) { - const auto lhs = field_ct::from_witness_index(&composer, result.proof_witness_indices[i]); - const auto rhs = field_ct::from_witness_index(&composer, input.output_aggregation_object[i]); + const auto lhs = field_ct::from_witness_index(&builder, result.proof_witness_indices[i]); + const auto rhs = field_ct::from_witness_index(&builder, input.output_aggregation_object[i]); lhs.assert_equal(rhs); } } diff --git a/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.hpp b/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.hpp index f99dc21230..d1a20a4855 100644 --- a/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.hpp @@ -60,7 +60,7 @@ struct RecursionConstraint { friend bool operator==(RecursionConstraint const& lhs, RecursionConstraint const& rhs) = default; }; -void create_recursion_constraints(Composer& composer, +void create_recursion_constraints(Builder& builder, const RecursionConstraint& input, bool has_valid_witness_assignments = false); diff --git a/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp b/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp index 992a0c8f7b..6c947a1851 100644 --- a/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/recursion_constraint.test.cpp @@ -8,7 +8,8 @@ using namespace proof_system::plonk; -acir_format::Composer create_inner_circuit() +namespace acir_format::test { +Builder create_inner_circuit() { /** * constraints produced by Noir program: @@ -18,16 +19,16 @@ acir_format::Composer create_inner_circuit() * constrain z != 10; * } **/ - acir_format::RangeConstraint range_a{ + RangeConstraint range_a{ .witness = 1, .num_bits = 32, }; - acir_format::RangeConstraint range_b{ + RangeConstraint range_b{ .witness = 2, .num_bits = 32, }; - acir_format::LogicConstraint logic_constraint{ + LogicConstraint logic_constraint{ .a = 1, .b = 2, .result = 3, @@ -76,7 +77,7 @@ acir_format::Composer create_inner_circuit() .q_c = 1, }; - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = 7, .public_inputs = { 2, 3 }, .fixed_base_scalar_mul_constraints = {}, @@ -96,54 +97,53 @@ acir_format::Composer create_inner_circuit() }; uint256_t inverse_of_five = fr(5).invert(); - auto composer = acir_format::create_circuit_with_witness(constraint_system, - { - 5, - 10, - 15, - 5, - inverse_of_five, - 1, - }); - - return composer; + auto builder = create_circuit_with_witness(constraint_system, + { + 5, + 10, + 15, + 5, + inverse_of_five, + 1, + }); + + return builder; } /** * @brief Create a circuit that recursively verifies one or more inner circuits * - * @param inner_composers - * @return acir_format::Composer + * @param inner_circuits + * @return Composer */ -acir_format::Composer create_outer_circuit(std::vector& inner_composers) +Builder create_outer_circuit(std::vector& inner_circuits) { - std::vector recursion_constraints; + std::vector recursion_constraints; // witness count starts at 1 (Composer reserves 1st witness to be the zero-valued zero_idx) size_t witness_offset = 1; - std::array output_aggregation_object; + std::array output_aggregation_object; std::vector> witness; - for (size_t i = 0; i < inner_composers.size(); ++i) { - const bool has_input_aggregation_object = i > 0; + size_t circuit_idx = 0; + for (auto& inner_circuit : inner_circuits) { + const bool has_input_aggregation_object = circuit_idx > 0; - auto& inner_composer = inner_composers[i]; - auto inner_prover = inner_composer.create_prover(); + auto inner_composer = Composer(); + auto inner_prover = inner_composer.create_prover(inner_circuit); auto inner_proof = inner_prover.construct_proof(); - auto inner_verifier = inner_composer.create_verifier(); + auto inner_verifier = inner_composer.create_verifier(inner_circuit); const bool has_nested_proof = inner_verifier.key->contains_recursive_proof; - const size_t num_inner_public_inputs = inner_composer.get_public_inputs().size(); + const size_t num_inner_public_inputs = inner_circuit.get_public_inputs().size(); transcript::StandardTranscript transcript(inner_proof.proof_data, - acir_format::Composer::create_manifest(num_inner_public_inputs), + Composer::create_manifest(num_inner_public_inputs), transcript::HashType::PlookupPedersenBlake3s, 16); - const std::vector proof_witnesses = - acir_format::export_transcript_in_recursion_format(transcript); - const std::vector key_witnesses = - acir_format::export_key_in_recursion_format(inner_verifier.key); + const std::vector proof_witnesses = export_transcript_in_recursion_format(transcript); + const std::vector key_witnesses = export_key_in_recursion_format(inner_verifier.key); const uint32_t key_hash_start_idx = static_cast(witness_offset); const uint32_t public_input_start_idx = key_hash_start_idx + 1; @@ -155,8 +155,8 @@ acir_format::Composer create_outer_circuit(std::vector& i std::vector proof_indices; std::vector key_indices; std::vector inner_public_inputs; - std::array input_aggregation_object = {}; - std::array nested_aggregation_object = {}; + std::array input_aggregation_object = {}; + std::array nested_aggregation_object = {}; if (has_input_aggregation_object) { input_aggregation_object = output_aggregation_object; } @@ -165,7 +165,7 @@ acir_format::Composer create_outer_circuit(std::vector& i } if (has_nested_proof) { for (size_t i = 0; i < 16; ++i) { - nested_aggregation_object[i] = inner_composer.recursive_proof_public_input_indices[i]; + nested_aggregation_object[i] = inner_circuit.recursive_proof_public_input_indices[i]; } } for (size_t i = 0; i < proof_witnesses.size(); ++i) { @@ -179,7 +179,7 @@ acir_format::Composer create_outer_circuit(std::vector& i inner_public_inputs.push_back(static_cast(i + public_input_start_idx)); } - acir_format::RecursionConstraint recursion_constraint{ + RecursionConstraint recursion_constraint{ .key = key_indices, .proof = proof_indices, .public_inputs = inner_public_inputs, @@ -199,11 +199,12 @@ acir_format::Composer create_outer_circuit(std::vector& i witness.emplace_back(wit); } witness_offset = key_indices_start_idx + key_witnesses.size(); + circuit_idx++; } std::vector public_inputs(output_aggregation_object.begin(), output_aggregation_object.end()); - acir_format::acir_format constraint_system{ + acir_format constraint_system{ .varnum = static_cast(witness.size() + 1), .public_inputs = public_inputs, .fixed_base_scalar_mul_constraints = {}, @@ -222,25 +223,27 @@ acir_format::Composer create_outer_circuit(std::vector& i .constraints = {}, }; - auto composer = acir_format::create_circuit_with_witness(constraint_system, witness); + auto outer_circuit = create_circuit_with_witness(constraint_system, witness); - return composer; + return outer_circuit; } TEST(RecursionConstraint, TestBasicDoubleRecursionConstraints) { - std::vector layer_1_composers; - layer_1_composers.push_back(create_inner_circuit()); + std::vector layer_1_circuits; + layer_1_circuits.push_back(create_inner_circuit()); - layer_1_composers.push_back(create_inner_circuit()); + layer_1_circuits.push_back(create_inner_circuit()); - auto layer_2_composer = create_outer_circuit(layer_1_composers); + auto layer_2_circuit = create_outer_circuit(layer_1_circuits); - std::cout << "composer gates = " << layer_2_composer.get_num_gates() << std::endl; - auto prover = layer_2_composer.create_ultra_with_keccak_prover(); - std::cout << "prover gates = " << prover.circuit_size << std::endl; + info("circuit gates = ", layer_2_circuit.get_num_gates()); + + auto layer_2_composer = Composer(); + auto prover = layer_2_composer.create_ultra_with_keccak_prover(layer_2_circuit); + info("prover gates = ", prover.circuit_size); auto proof = prover.construct_proof(); - auto verifier = layer_2_composer.create_ultra_with_keccak_verifier(); + auto verifier = layer_2_composer.create_ultra_with_keccak_verifier(layer_2_circuit); EXPECT_EQ(verifier.verify_proof(proof), true); } @@ -278,52 +281,55 @@ TEST(RecursionConstraint, TestOneOuterRecursiveCircuit) * * Final aggregation object contains aggregated proofs for 2 instances of A and 1 instance of B */ - std::vector layer_1_composers; - layer_1_composers.push_back(create_inner_circuit()); - std::cout << "created first inner circuit\n"; - std::vector layer_2_composers; + std::vector layer_1_circuits; + layer_1_circuits.push_back(create_inner_circuit()); + info("created first inner circuit"); - layer_2_composers.push_back(create_inner_circuit()); - std::cout << "created second inner circuit\n"; + std::vector layer_2_circuits; + layer_2_circuits.push_back(create_inner_circuit()); + info("created second inner circuit"); - layer_2_composers.push_back(create_outer_circuit(layer_1_composers)); - std::cout << "created first outer circuit\n"; + layer_2_circuits.push_back(create_outer_circuit(layer_1_circuits)); + info("created first outer circuit"); - auto layer_3_composer = create_outer_circuit(layer_2_composers); - std::cout << "created second outer circuit\n"; + auto layer_3_circuit = create_outer_circuit(layer_2_circuits); + info("created second outer circuit"); + info("number of gates in layer 3 = ", layer_3_circuit.get_num_gates()); - std::cout << "composer gates = " << layer_3_composer.get_num_gates() << std::endl; - auto prover = layer_3_composer.create_ultra_with_keccak_prover(); - std::cout << "prover gates = " << prover.circuit_size << std::endl; + auto layer_3_composer = Composer(); + auto prover = layer_3_composer.create_ultra_with_keccak_prover(layer_3_circuit); + info("prover gates = ", prover.circuit_size); auto proof = prover.construct_proof(); - auto verifier = layer_3_composer.create_ultra_with_keccak_verifier(); + auto verifier = layer_3_composer.create_ultra_with_keccak_verifier(layer_3_circuit); EXPECT_EQ(verifier.verify_proof(proof), true); } TEST(RecursionConstraint, TestFullRecursiveComposition) { - std::vector layer_b_1_composers; - layer_b_1_composers.push_back(create_inner_circuit()); - std::cout << "created first inner circuit\n"; + std::vector layer_b_1_circuits; + layer_b_1_circuits.push_back(create_inner_circuit()); + info("created first inner circuit"); - std::vector layer_b_2_composers; - layer_b_2_composers.push_back(create_inner_circuit()); - std::cout << "created second inner circuit\n"; + std::vector layer_b_2_circuits; + layer_b_2_circuits.push_back(create_inner_circuit()); + info("created second inner circuit"); - std::vector layer_2_composers; - layer_2_composers.push_back(create_outer_circuit(layer_b_1_composers)); - std::cout << "created first outer circuit\n"; + std::vector layer_2_circuits; + layer_2_circuits.push_back(create_outer_circuit(layer_b_1_circuits)); + info("created first outer circuit"); - layer_2_composers.push_back(create_outer_circuit(layer_b_2_composers)); - std::cout << "created second outer circuit\n"; + layer_2_circuits.push_back(create_outer_circuit(layer_b_2_circuits)); + info("created second outer circuit"); - auto layer_3_composer = create_outer_circuit(layer_2_composers); - std::cout << "created third outer circuit\n"; + auto layer_3_circuit = create_outer_circuit(layer_2_circuits); + info("created third outer circuit"); + info("number of gates in layer 3 circuit = ", layer_3_circuit.get_num_gates()); - std::cout << "composer gates = " << layer_3_composer.get_num_gates() << std::endl; - auto prover = layer_3_composer.create_ultra_with_keccak_prover(); - std::cout << "prover gates = " << prover.circuit_size << std::endl; + auto layer_3_composer = Composer(); + auto prover = layer_3_composer.create_ultra_with_keccak_prover(layer_3_circuit); + info("prover gates = ", prover.circuit_size); auto proof = prover.construct_proof(); - auto verifier = layer_3_composer.create_ultra_with_keccak_verifier(); + auto verifier = layer_3_composer.create_ultra_with_keccak_verifier(layer_3_circuit); EXPECT_EQ(verifier.verify_proof(proof), true); -} \ No newline at end of file +} +} // namespace acir_format::test \ No newline at end of file diff --git a/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp b/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp index cb717ed99a..d520dc32be 100644 --- a/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.cpp @@ -6,7 +6,7 @@ namespace acir_format { using namespace proof_system::plonk::stdlib; -crypto::schnorr::signature convert_signature(Composer& composer, std::vector signature) +crypto::schnorr::signature convert_signature(Builder& builder, std::vector signature) { crypto::schnorr::signature signature_cr; @@ -19,7 +19,7 @@ crypto::schnorr::signature convert_signature(Composer& composer, std::vector fr_bytes(sizeof(fr)); - fr value = composer.get_variable(witness_index); + fr value = builder.get_variable(witness_index); fr::serialize_to_buffer(value, &fr_bytes[0]); @@ -31,7 +31,7 @@ crypto::schnorr::signature convert_signature(Composer& composer, std::vector fr_bytes(sizeof(fr)); - fr value = composer.get_variable(witness_index); + fr value = builder.get_variable(witness_index); fr::serialize_to_buffer(value, &fr_bytes[0]); @@ -43,15 +43,15 @@ crypto::schnorr::signature convert_signature(Composer& composer, std::vector vector_of_bytes) +byte_array_ct vector_of_bytes_to_byte_array(Builder& builder, std::vector vector_of_bytes) { - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array for (const auto& witness_index : vector_of_bytes) { - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); size_t num_bytes = 1; byte_array_ct element_bytes(element, num_bytes); @@ -59,16 +59,16 @@ byte_array_ct vector_of_bytes_to_byte_array(Composer& composer, std::vector BitArray // This may not be the most efficient way to do it. It is being used as it is known to work, // optimisations are welcome! @@ -76,20 +76,20 @@ void create_schnorr_verify_constraints(Composer& composer, const SchnorrConstrai // First convert the message of u8 witnesses into a byte_array // Do this by taking each element as a u8 and writing it to the byte array - auto message = vector_of_bytes_to_byte_array(composer, input.message); + auto message = vector_of_bytes_to_byte_array(builder, input.message); - fr pubkey_value_x = composer.get_variable(input.public_key_x); - fr pubkey_value_y = composer.get_variable(input.public_key_y); + fr pubkey_value_x = builder.get_variable(input.public_key_x); + fr pubkey_value_y = builder.get_variable(input.public_key_y); - point_ct pub_key{ witness_ct(&composer, pubkey_value_x), witness_ct(&composer, pubkey_value_y) }; + point_ct pub_key{ witness_ct(&builder, pubkey_value_x), witness_ct(&builder, pubkey_value_y) }; - schnorr_signature_bits_ct sig = schnorr::convert_signature(&composer, new_sig); + schnorr_signature_bits_ct sig = schnorr::convert_signature(&builder, new_sig); bool_ct signature_result = schnorr::signature_verification_result(message, pub_key, sig); bool_ct signature_result_normalized = signature_result.normalize(); - composer.assert_equal(signature_result_normalized.witness_index, input.result); + builder.assert_equal(signature_result_normalized.witness_index, input.result); } } // namespace acir_format diff --git a/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp b/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp index 7b6b984294..d610f89b86 100644 --- a/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/schnorr_verify.hpp @@ -25,7 +25,7 @@ struct SchnorrConstraint { friend bool operator==(SchnorrConstraint const& lhs, SchnorrConstraint const& rhs) = default; }; -void create_schnorr_verify_constraints(Composer& composer, const SchnorrConstraint& input); +void create_schnorr_verify_constraints(Builder& builder, const SchnorrConstraint& input); template inline void read(B& buf, SchnorrConstraint& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.cpp b/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.cpp index 07c8166bd1..ed4fe5d807 100644 --- a/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.cpp +++ b/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.cpp @@ -7,11 +7,11 @@ namespace acir_format { // This function does not work (properly) because the stdlib:sha256 function is not working correctly for 512 bits // pair -void create_sha256_constraints(Composer& composer, const Sha256Constraint& constraint) +void create_sha256_constraints(Builder& builder, const Sha256Constraint& constraint) { // Create byte array struct - byte_array_ct arr(&composer); + byte_array_ct arr(&builder); // Get the witness assignment for each witness index // Write the witness assignment to the byte_array @@ -22,20 +22,20 @@ void create_sha256_constraints(Composer& composer, const Sha256Constraint& const // XXX: The implementation requires us to truncate the element to the nearest byte and not bit auto num_bytes = round_to_nearest_byte(num_bits); - field_ct element = field_ct::from_witness_index(&composer, witness_index); + field_ct element = field_ct::from_witness_index(&builder, witness_index); byte_array_ct element_bytes(element, num_bytes); arr.write(element_bytes); } // Compute sha256 - byte_array_ct output_bytes = proof_system::plonk::stdlib::sha256(arr); + byte_array_ct output_bytes = proof_system::plonk::stdlib::sha256(arr); // Convert byte array to vector of field_t auto bytes = output_bytes.bytes(); for (size_t i = 0; i < bytes.size(); ++i) { - composer.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); + builder.assert_equal(bytes[i].normalize().witness_index, constraint.result[i]); } } diff --git a/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.hpp b/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.hpp index 3c434bae26..a88612f3e4 100644 --- a/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.hpp +++ b/cpp/src/barretenberg/dsl/acir_format/sha256_constraint.hpp @@ -25,7 +25,7 @@ struct Sha256Constraint { // This function does not work (properly) because the stdlib:sha256 function is not working correctly for 512 bits // pair -void create_sha256_constraints(Composer& composer, const Sha256Constraint& constraint); +void create_sha256_constraints(Builder& builder, const Sha256Constraint& constraint); template inline void read(B& buf, Sha256Input& constraint) { diff --git a/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp b/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp index cbc5f6233f..b2e8458045 100644 --- a/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp +++ b/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.cpp @@ -13,21 +13,21 @@ namespace acir_proofs { AcirComposer::AcirComposer(size_t size_hint) - : composer_(0, 0, 0) + : composer_(/*p_key=*/0, /*v_key=*/0) , size_hint_(size_hint) {} void AcirComposer::create_circuit(acir_format::acir_format& constraint_system) { - composer_ = acir_format::create_circuit(constraint_system, nullptr, size_hint_); + builder_ = acir_format::create_circuit(constraint_system, size_hint_); // We are done with the constraint system at this point, and we need the memory slab back. constraint_system.constraints.clear(); constraint_system.constraints.shrink_to_fit(); - exact_circuit_size_ = composer_.get_num_gates(); - total_circuit_size_ = composer_.get_total_circuit_size(); - circuit_subgroup_size_ = composer_.get_circuit_subgroup_size(total_circuit_size_); + exact_circuit_size_ = builder_.get_num_gates(); + total_circuit_size_ = builder_.get_total_circuit_size(); + circuit_subgroup_size_ = builder_.get_circuit_subgroup_size(total_circuit_size_); size_hint_ = circuit_subgroup_size_; } @@ -35,19 +35,20 @@ void AcirComposer::init_proving_key(std::shared_ptr AcirComposer::create_proof( @@ -57,24 +58,24 @@ std::vector AcirComposer::create_proof( bool is_recursive) { // Release prior memory first. - composer_ = acir_format::Composer(0, 0, 0); + composer_ = acir_format::Composer(/*p_key=*/0, /*v_key=*/0); info("building circuit..."); + create_circuit_with_witness(builder_, constraint_system, witness); + composer_ = [&]() { if (proving_key_) { - auto composer = acir_format::Composer(proving_key_, verification_key_, size_hint_); + auto composer = acir_format::Composer(proving_key_, verification_key_); // You can't produce the verification key unless you manually set the crs. Which seems like a bug. - composer_.composer_helper.crs_factory_ = crs_factory; + composer_.crs_factory_ = crs_factory; return composer; } else { - return acir_format::Composer(crs_factory, size_hint_); + return acir_format::Composer(crs_factory); } }(); - create_circuit_with_witness(composer_, constraint_system, witness); - if (!proving_key_) { info("computing proving key..."); - proving_key_ = composer_.compute_proving_key(); + proving_key_ = composer_.compute_proving_key(builder_); } // We are done with the constraint system at this point, and we need the memory slab back. @@ -86,10 +87,10 @@ std::vector AcirComposer::create_proof( info("creating proof..."); std::vector proof; if (is_recursive) { - auto prover = composer_.create_prover(); + auto prover = composer_.create_prover(builder_); proof = prover.construct_proof().proof_data; } else { - auto prover = composer_.create_ultra_with_keccak_prover(); + auto prover = composer_.create_ultra_with_keccak_prover(builder_); proof = prover.construct_proof().proof_data; } info("done."); @@ -98,7 +99,7 @@ std::vector AcirComposer::create_proof( std::shared_ptr AcirComposer::init_verification_key() { - return verification_key_ = composer_.compute_verification_key(); + return verification_key_ = composer_.compute_verification_key(builder_); } void AcirComposer::load_verification_key(std::shared_ptr const& crs_factory, @@ -106,24 +107,24 @@ void AcirComposer::load_verification_key(std::shared_ptr(std::move(data), crs_factory->get_verifier_crs()); - composer_ = acir_format::Composer(proving_key_, verification_key_, circuit_subgroup_size_); + composer_ = acir_format::Composer(proving_key_, verification_key_); } bool AcirComposer::verify_proof(std::vector const& proof, bool is_recursive) { if (!verification_key_) { info("computing verification key..."); - verification_key_ = composer_.compute_verification_key(); + verification_key_ = composer_.compute_verification_key(builder_); } // Hack. Shouldn't need to do this. 2144 is size with no public inputs. - composer_.circuit_constructor.public_inputs.resize((proof.size() - 2144) / 32); + builder_.public_inputs.resize((proof.size() - 2144) / 32); if (is_recursive) { - auto verifier = composer_.create_verifier(); + auto verifier = composer_.create_verifier(builder_); return verifier.verify_proof({ proof }); } else { - auto verifier = composer_.create_ultra_with_keccak_verifier(); + auto verifier = composer_.create_ultra_with_keccak_verifier(builder_); return verifier.verify_proof({ proof }); } } diff --git a/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp b/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp index 86d765b796..186aa95175 100644 --- a/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp +++ b/cpp/src/barretenberg/dsl/acir_proofs/acir_composer.hpp @@ -38,6 +38,7 @@ class AcirComposer { std::vector serialize_verification_key_into_fields(); private: + acir_format::Builder builder_; acir_format::Composer composer_; size_t size_hint_; size_t exact_circuit_size_; diff --git a/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp b/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp index 78bc41434e..e04b96e056 100644 --- a/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp +++ b/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp @@ -17,7 +17,7 @@ WASM_EXPORT void acir_get_circuit_sizes(uint8_t const* constraint_system_buf, { auto constraint_system = from_buffer(constraint_system_buf); free_mem_slab_raw((void*)constraint_system_buf); - auto composer = acir_format::create_circuit(constraint_system, nullptr, 1 << 19); + auto composer = acir_format::create_circuit(constraint_system, 1 << 19); *exact = htonl((uint32_t)composer.get_num_gates()); *total = htonl((uint32_t)composer.get_total_circuit_size()); *subgroup = htonl((uint32_t)composer.get_circuit_subgroup_size(composer.get_total_circuit_size())); diff --git a/cpp/src/barretenberg/dsl/types.hpp b/cpp/src/barretenberg/dsl/types.hpp index b2050ce403..b431b0cde5 100644 --- a/cpp/src/barretenberg/dsl/types.hpp +++ b/cpp/src/barretenberg/dsl/types.hpp @@ -1,6 +1,8 @@ #pragma once -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" #include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp" @@ -26,51 +28,52 @@ namespace acir_format { -using Composer = plonk::UltraPlonkComposer; +using Builder = proof_system::UltraCircuitConstructor; +using Composer = plonk::UltraPlonkComposerHelper; using Prover = std::conditional_t< - std::same_as, + std::same_as, plonk::UltraWithKeccakProver, - std::conditional_t, plonk::TurboProver, plonk::Prover>>; + std::conditional_t, plonk::TurboProver, plonk::Prover>>; using Verifier = std::conditional_t< - std::same_as, + std::same_as, plonk::UltraWithKeccakVerifier, - std::conditional_t, plonk::TurboVerifier, plonk::Verifier>>; + std::conditional_t, plonk::TurboVerifier, plonk::Verifier>>; using RecursiveProver = plonk::UltraProver; -using witness_ct = proof_system::plonk::stdlib::witness_t; -using public_witness_ct = proof_system::plonk::stdlib::public_witness_t; -using bool_ct = proof_system::plonk::stdlib::bool_t; -using byte_array_ct = proof_system::plonk::stdlib::byte_array; -using packed_byte_array_ct = proof_system::plonk::stdlib::packed_byte_array; -using field_ct = proof_system::plonk::stdlib::field_t; -using suint_ct = proof_system::plonk::stdlib::safe_uint_t; -using uint8_ct = proof_system::plonk::stdlib::uint8; -using uint16_ct = proof_system::plonk::stdlib::uint16; -using uint32_ct = proof_system::plonk::stdlib::uint32; -using uint64_ct = proof_system::plonk::stdlib::uint64; -using bit_array_ct = proof_system::plonk::stdlib::bit_array; -using fq_ct = proof_system::plonk::stdlib::bigfield; -using biggroup_ct = proof_system::plonk::stdlib::element; -using point_ct = proof_system::plonk::stdlib::point; -using pedersen_commitment = proof_system::plonk::stdlib::pedersen_commitment; -using group_ct = proof_system::plonk::stdlib::group; -using bn254 = proof_system::plonk::stdlib::bn254; -using secp256k1_ct = proof_system::plonk::stdlib::secp256k1; +using witness_ct = proof_system::plonk::stdlib::witness_t; +using public_witness_ct = proof_system::plonk::stdlib::public_witness_t; +using bool_ct = proof_system::plonk::stdlib::bool_t; +using byte_array_ct = proof_system::plonk::stdlib::byte_array; +using packed_byte_array_ct = proof_system::plonk::stdlib::packed_byte_array; +using field_ct = proof_system::plonk::stdlib::field_t; +using suint_ct = proof_system::plonk::stdlib::safe_uint_t; +using uint8_ct = proof_system::plonk::stdlib::uint8; +using uint16_ct = proof_system::plonk::stdlib::uint16; +using uint32_ct = proof_system::plonk::stdlib::uint32; +using uint64_ct = proof_system::plonk::stdlib::uint64; +using bit_array_ct = proof_system::plonk::stdlib::bit_array; +using fq_ct = proof_system::plonk::stdlib::bigfield; +using biggroup_ct = proof_system::plonk::stdlib::element; +using point_ct = proof_system::plonk::stdlib::point; +using pedersen_commitment = proof_system::plonk::stdlib::pedersen_commitment; +using group_ct = proof_system::plonk::stdlib::group; +using bn254 = proof_system::plonk::stdlib::bn254; +using secp256k1_ct = proof_system::plonk::stdlib::secp256k1; -using hash_path_ct = proof_system::plonk::stdlib::merkle_tree::hash_path; +using hash_path_ct = proof_system::plonk::stdlib::merkle_tree::hash_path; -using schnorr_signature_bits_ct = proof_system::plonk::stdlib::schnorr::signature_bits; +using schnorr_signature_bits_ct = proof_system::plonk::stdlib::schnorr::signature_bits; // Ultra-composer specific typesv -using rom_table_ct = proof_system::plonk::stdlib::rom_table; -using ram_table_ct = proof_system::plonk::stdlib::ram_table; +using rom_table_ct = proof_system::plonk::stdlib::rom_table; +using ram_table_ct = proof_system::plonk::stdlib::ram_table; using verification_key_ct = proof_system::plonk::stdlib::recursion::verification_key; using aggregation_state_ct = proof_system::plonk::stdlib::recursion::aggregation_state; using noir_recursive_settings = proof_system::plonk::stdlib::recursion::recursive_ultra_verifier_settings; -using Transcript_ct = proof_system::plonk::stdlib::recursion::Transcript; +using Transcript_ct = proof_system::plonk::stdlib::recursion::Transcript; } // namespace acir_format diff --git a/cpp/src/barretenberg/examples/c_bind.cpp b/cpp/src/barretenberg/examples/c_bind.cpp index cdc25c6b77..8ae3229f91 100644 --- a/cpp/src/barretenberg/examples/c_bind.cpp +++ b/cpp/src/barretenberg/examples/c_bind.cpp @@ -6,8 +6,8 @@ using namespace proof_system::plonk::stdlib::types; WASM_EXPORT void examples_simple_create_and_verify_proof(bool* valid) { - auto* composer_ptr = examples::simple::create_composer(barretenberg::srs::get_crs_factory()); - auto proof = examples::simple::create_proof(composer_ptr); - *valid = examples::simple::verify_proof(composer_ptr, proof); - examples::simple::delete_composer(composer_ptr); + auto ptrs = examples::simple::create_builder_and_composer(barretenberg::srs::get_crs_factory()); + auto proof = examples::simple::create_proof(ptrs); + *valid = examples::simple::verify_proof(ptrs, proof); + examples::simple::delete_builder_and_composer(ptrs); } diff --git a/cpp/src/barretenberg/examples/simple/simple.cpp b/cpp/src/barretenberg/examples/simple/simple.cpp index 28af842502..9ca8733899 100644 --- a/cpp/src/barretenberg/examples/simple/simple.cpp +++ b/cpp/src/barretenberg/examples/simple/simple.cpp @@ -11,58 +11,61 @@ using namespace stdlib::types; const size_t CIRCUIT_SIZE = 1 << 19; -void build_circuit(Composer& composer) +void build_circuit(Builder& builder) { - while (composer.get_num_gates() <= CIRCUIT_SIZE / 2) { - plonk::stdlib::pedersen_commitment::compress(field_ct(witness_ct(&composer, 1)), - field_ct(witness_ct(&composer, 1))); + while (builder.get_num_gates() <= CIRCUIT_SIZE / 2) { + plonk::stdlib::pedersen_commitment::compress(field_ct(witness_ct(&builder, 1)), + field_ct(witness_ct(&builder, 1))); } } -Composer* create_composer(std::shared_ptr const& crs_factory) +BuilderComposerPtrs create_builder_and_composer( + std::shared_ptr const& crs_factory) { // WARNING: Size hint is essential to perform 512k circuits! - auto composer = std::make_unique(crs_factory, CIRCUIT_SIZE); + auto builder = std::make_unique(CIRCUIT_SIZE); info("building circuit..."); - build_circuit(*composer); + build_circuit(*builder); - if (composer->failed()) { - std::string error = format("composer logic failed: ", composer->err()); + if (builder->failed()) { + std::string error = format("builder logic failed: ", builder->err()); throw_or_abort(error); } - info("public inputs: ", composer->get_public_inputs().size()); - info("composer gates: ", composer->get_num_gates()); + info("public inputs: ", builder->get_public_inputs().size()); + info("composer gates: ", builder->get_num_gates()); info("computing proving key..."); - auto pk = composer->compute_proving_key(); + auto composer = std::make_unique(crs_factory); + auto pk = composer->compute_proving_key(*builder); - return composer.release(); + return { builder.release(), composer.release() }; } -proof create_proof(Composer* composer) +proof create_proof(BuilderComposerPtrs pair) { Timer timer; info("computing proof..."); - auto prover = composer->create_ultra_with_keccak_prover(); + auto prover = pair.composer->create_ultra_with_keccak_prover(*pair.builder); auto proof = prover.construct_proof(); info("proof construction took ", timer.seconds(), "s"); return proof; } -bool verify_proof(Composer* composer, proof_system::plonk::proof const& proof) +bool verify_proof(BuilderComposerPtrs pair, proof_system::plonk::proof const& proof) { info("computing verification key..."); - composer->compute_verification_key(); - auto verifier = composer->create_ultra_with_keccak_verifier(); + pair.composer->compute_verification_key(*pair.builder); + auto verifier = pair.composer->create_ultra_with_keccak_verifier(*pair.builder); auto valid = verifier.verify_proof(proof); info("proof validity: ", valid); return valid; } -void delete_composer(Composer* composer) +void delete_builder_and_composer(BuilderComposerPtrs pair) { - delete composer; + delete pair.builder; + delete pair.composer; } } // namespace examples::simple diff --git a/cpp/src/barretenberg/examples/simple/simple.hpp b/cpp/src/barretenberg/examples/simple/simple.hpp index a3695899f8..8915a3f828 100644 --- a/cpp/src/barretenberg/examples/simple/simple.hpp +++ b/cpp/src/barretenberg/examples/simple/simple.hpp @@ -7,12 +7,18 @@ namespace examples::simple { using namespace proof_system::plonk; using namespace stdlib::types; -Composer* create_composer(std::shared_ptr const& crs_factory); +struct BuilderComposerPtrs { + Builder* builder; + Composer* composer; +}; -proof create_proof(Composer* composer); +BuilderComposerPtrs create_builder_and_composer( + std::shared_ptr const& crs_factory); -bool verify_proof(Composer* composer, proof_system::plonk::proof const& proof); +proof create_proof(BuilderComposerPtrs pair); -void delete_composer(Composer* composer); +bool verify_proof(BuilderComposerPtrs pair, proof_system::plonk::proof const& proof); + +void delete_builder_and_composer(BuilderComposerPtrs pair); } // namespace examples::simple diff --git a/cpp/src/barretenberg/examples/simple/simple.test.cpp b/cpp/src/barretenberg/examples/simple/simple.test.cpp index 95fb679b2e..3faa4090dd 100644 --- a/cpp/src/barretenberg/examples/simple/simple.test.cpp +++ b/cpp/src/barretenberg/examples/simple/simple.test.cpp @@ -9,10 +9,10 @@ TEST(examples_simple, create_proof) { auto srs_path = std::filesystem::absolute("../srs_db/ignition"); auto crs_factory = std::make_shared(srs_path); - auto* composer = create_composer(crs_factory); - auto proof = create_proof(composer); - bool valid = verify_proof(composer, proof); - delete_composer(composer); + auto ptrs = create_builder_and_composer(crs_factory); + auto proof = create_proof(ptrs); + bool valid = verify_proof(ptrs, proof); + delete_builder_and_composer(ptrs); EXPECT_TRUE(valid); } diff --git a/cpp/src/barretenberg/honk/CMakeLists.txt b/cpp/src/barretenberg/honk/CMakeLists.txt index 1e687ab04b..ac0dc30fd0 100644 --- a/cpp/src/barretenberg/honk/CMakeLists.txt +++ b/cpp/src/barretenberg/honk/CMakeLists.txt @@ -1,4 +1,3 @@ -# TODO(Cody): Remove plonk dependency barretenberg_module(honk numeric ecc srs proof_system transcript) if(TESTING) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index ace2cac675..7b21f549d5 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -20,6 +20,8 @@ template class StandardHonkComposerHelper_ { using VerificationKey = typename Flavor::VerificationKey; using PCSCommitmentKey = typename PCSParams::CommitmentKey; + static constexpr std::string_view NAME_STRING = "StandardHonk"; + static constexpr ComposerType type = ComposerType::STANDARD_HONK; // TODO(Cody): Get rid of this. static constexpr size_t NUM_RESERVED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; std::shared_ptr proving_key; diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 3a6e670c36..caa32331ef 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -21,6 +21,8 @@ template class UltraHonkComposerHelper_ { using PCSCommitmentKey = typename PCSParams::CommitmentKey; using PCSVerificationKey = typename PCSParams::VerificationKey; + static constexpr std::string_view NAME_STRING = "UltraHonk"; + static constexpr ComposerType type = ComposerType::PLOOKUP; static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of multilinear evaluations leaked static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; std::shared_ptr proving_key; diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp deleted file mode 100644 index 2ff404ead1..0000000000 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ /dev/null @@ -1,198 +0,0 @@ -#pragma once - -#include "composer_helper/standard_honk_composer_helper.hpp" -#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" -#include "barretenberg/srs/factories/file_crs_factory.hpp" -#include "barretenberg/proof_system/types/merkle_hash_type.hpp" -#include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" - -namespace proof_system::honk { -/** - * @brief Standard Honk Composer has everything required to construct a prover and verifier, just as the legacy classes. - * - * @details However, it has a lot of its logic separated into subclasses and simply proxies the calls. - * - */ -template class StandardHonkComposer_ { - public: - // TODO(#426): This doesn't belong here - static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; - static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; - - using CircuitConstructor = StandardCircuitConstructor; - using ProvingKey = typename Flavor::ProvingKey; - using VerificationKey = typename Flavor::VerificationKey; - static constexpr ComposerType type = ComposerType::STANDARD_HONK; // TODO(Cody): Get rid of this. - - static constexpr size_t UINT_LOG2_BASE = 2; - // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system - CircuitConstructor circuit_constructor; - // Composer helper contains all proof-related material that is separate from circuit creation such as: - // 1) Proving and verification keys - // 2) CRS - // 3) Converting variables to witness vectors/polynomials - StandardHonkComposerHelper_ composer_helper; - - // Leaving it in for now just in case - bool contains_recursive_proof = false; - static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; - - /**Standard methods*/ - - StandardHonkComposer_(const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables){}; - - StandardHonkComposer_(std::string const& crs_path, const size_t size_hint = 0) - : StandardHonkComposer_(barretenberg::srs::get_crs_factory(), size_hint){}; - - StandardHonkComposer_(std::shared_ptr const& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , composer_helper(crs_factory) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - - {} - StandardHonkComposer_(std::unique_ptr&& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , composer_helper(std::move(crs_factory)) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - - {} - - StandardHonkComposer_(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0) - : circuit_constructor(size_hint) - , composer_helper(p_key, v_key) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - {} - - StandardHonkComposer_(const StandardHonkComposer_& other) = delete; - StandardHonkComposer_(StandardHonkComposer_&& other) = default; - StandardHonkComposer_& operator=(const StandardHonkComposer_& other) = delete; - // TODO(#230)(Cody): This constructor started to be implicitly deleted when I added `n` and `variables` members. - // This is a temporary measure until we can rewrite Plonk and all tests using circuit builder methods in place of - // composer methods, where appropriate. StandardHonkComposer_& operator=(StandardHonkComposer_&& other) = default; - ~StandardHonkComposer_() = default; - - size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } - - /**Methods related to circuit construction - * They simply get proxied to the circuit constructor - */ - void assert_equal(const uint32_t a_variable_idx, const uint32_t b_variable_idx, std::string const& msg) - { - circuit_constructor.assert_equal(a_variable_idx, b_variable_idx, msg); - } - void assert_equal_constant(uint32_t const a_idx, - barretenberg::fr const& b, - std::string const& msg = "assert equal constant") - { - circuit_constructor.assert_equal_constant(a_idx, b, msg); - } - - void create_add_gate(const add_triple& in) { circuit_constructor.create_add_gate(in); } - void create_mul_gate(const mul_triple& in) { circuit_constructor.create_mul_gate(in); } - void create_bool_gate(const uint32_t a) { circuit_constructor.create_bool_gate(a); } - void create_poly_gate(const poly_triple& in) { circuit_constructor.create_poly_gate(in); } - void create_big_add_gate(const add_quad& in) { circuit_constructor.create_big_add_gate(in); } - void create_big_add_gate_with_bit_extraction(const add_quad& in) - { - circuit_constructor.create_big_add_gate_with_bit_extraction(in); - } - void create_big_mul_gate(const mul_quad& in) { circuit_constructor.create_big_mul_gate(in); } - void create_balanced_add_gate(const add_quad& in) { circuit_constructor.create_balanced_add_gate(in); } - - void fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) - { - circuit_constructor.fix_witness(witness_index, witness_value); - } - - std::vector decompose_into_base4_accumulators(const uint32_t witness_index, - - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - return circuit_constructor.decompose_into_base4_accumulators(witness_index, num_bits, msg); - } - - void create_range_constraint(const uint32_t variable_index, - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - circuit_constructor.create_range_constraint(variable_index, num_bits, msg); - } - - accumulator_triple create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - bool is_xor_gate) - { - return circuit_constructor.create_logic_constraint(a, b, num_bits, is_xor_gate); - } - - accumulator_triple create_and_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_and_constraint(a, b, num_bits); - } - - accumulator_triple create_xor_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_xor_constraint(a, b, num_bits); - } - uint32_t add_variable(const barretenberg::fr& in) { return circuit_constructor.add_variable(in); } - - uint32_t add_public_variable(const barretenberg::fr& in) { return circuit_constructor.add_public_variable(in); } - - virtual void set_public_input(const uint32_t witness_index) - { - return circuit_constructor.set_public_input(witness_index); - } - - uint32_t put_constant_variable(const barretenberg::fr& variable) - { - return circuit_constructor.put_constant_variable(variable); - } - - size_t get_num_constant_gates() const { return circuit_constructor.get_num_constant_gates(); } - - bool check_circuit() { return circuit_constructor.check_circuit(); } - - barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - - /**Proof and verification-related methods*/ - - std::shared_ptr compute_proving_key() - { - return composer_helper.compute_proving_key(circuit_constructor); - } - - std::shared_ptr compute_verification_key() - { - return composer_helper.compute_verification_key(circuit_constructor); - } - - uint32_t zero_idx = 0; - - void compute_witness() { composer_helper.compute_witness(circuit_constructor); }; - - StandardVerifier_ create_verifier() { return composer_helper.create_verifier(circuit_constructor); } - StandardProver_ create_prover() { return composer_helper.create_prover(circuit_constructor); }; - - size_t& num_gates; - std::vector& variables; - bool failed() const { return circuit_constructor.failed(); }; - const std::string& err() const { return circuit_constructor.err(); }; - void failure(std::string msg) { circuit_constructor.failure(msg); } -}; - -// TODO(#532): These using declarations instantiate the templates? -using StandardHonkComposer = StandardHonkComposer_; -using StandardGrumpkinHonkComposer = StandardHonkComposer_; -} // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 2d3c1e42d0..04ada2ef9b 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -361,10 +361,11 @@ TEST_F(StandardHonkComposerTests, TwoGates) auto composer = StandardHonkComposerHelper(); auto prover = composer.create_prover(circuit_constructor); - auto proof = prover.construct_proof(); + auto verifier = composer.create_verifier(circuit_constructor); bool verified = verifier.verify_proof(proof); + EXPECT_EQ(verified, expect_verified); }; diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp deleted file mode 100644 index db214e0d1b..0000000000 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ /dev/null @@ -1,297 +0,0 @@ -#pragma once -#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" -#include "barretenberg/honk/proof_system/ultra_prover.hpp" -#include "barretenberg/honk/proof_system/ultra_verifier.hpp" -#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" -#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" -#include "barretenberg/honk/flavor/ultra.hpp" -namespace proof_system::honk { - -template class UltraHonkComposer_ { - - public: - // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system - UltraCircuitConstructor circuit_constructor; - // Composer helper contains all proof-related material that is separate from circuit creation such as: - // 1) Proving and verification keys - // 2) CRS - // 3) Converting variables to witness vectors/polynomials - using CircuitConstructor = UltraCircuitConstructor; - using ProvingKey = typename Flavor::ProvingKey; - using VerificationKey = typename Flavor::VerificationKey; - - // TODO(#426): This don't belong here - static constexpr ComposerType type = ComposerType::PLOOKUP; - static_assert(type == CircuitConstructor::type); - static constexpr merkle::HashType merkle_hash_type = CircuitConstructor::merkle_hash_type; - static constexpr pedersen::CommitmentType commitment_type = CircuitConstructor::commitment_type; - static constexpr size_t DEFAULT_PLOOKUP_RANGE_BITNUM = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM; - - UltraHonkComposerHelper_ composer_helper; - size_t& num_gates; - std::vector& variables; - // While we always have it set to zero, feels wrong to have a potentially broken dependency - uint32_t& zero_idx; - bool& contains_recursive_proof; - std::vector& recursive_proof_public_input_indices; - - UltraHonkComposer_() - : UltraHonkComposer_(barretenberg::srs::get_crs_factory(), 0){}; - - UltraHonkComposer_(std::string const& crs_path, const size_t size_hint) - : UltraHonkComposer_(std::unique_ptr( - new barretenberg::srs::factories::FileCrsFactory(crs_path)), - size_hint){}; - - UltraHonkComposer_(std::shared_ptr const& crs_factory, - const size_t size_hint) - : circuit_constructor(size_hint) - , composer_helper(crs_factory) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices) - { - // TODO(#217/#423): Related to issue of ensuring no identically 0 polynomials - add_gates_to_ensure_all_polys_are_non_zero(); - }; - - UltraHonkComposer_(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0); - UltraHonkComposer_(UltraHonkComposer_&& other) = default; - UltraHonkComposer_& operator=(UltraHonkComposer_&& other) = delete; - ~UltraHonkComposer_() = default; - - size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } - uint32_t get_zero_idx() { return circuit_constructor.zero_idx; } - - bool check_circuit() { return circuit_constructor.check_circuit(); } - - uint32_t add_variable(const barretenberg::fr& in) { return circuit_constructor.add_variable(in); } - - virtual void set_public_input(const uint32_t witness_index) - { - return circuit_constructor.set_public_input(witness_index); - } - - barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - - UltraProver_ create_prover() { return composer_helper.create_prover(circuit_constructor); }; - UltraVerifier_ create_verifier() { return composer_helper.create_verifier(circuit_constructor); }; - - void add_gates_to_ensure_all_polys_are_non_zero() - { - circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); - } - - void create_add_gate(const add_triple& in) { circuit_constructor.create_add_gate(in); } - - void create_big_add_gate(const add_quad& in, const bool use_next_gate_w_4 = false) - { - circuit_constructor.create_big_add_gate(in, use_next_gate_w_4); - }; - - void create_mul_gate(const mul_triple& in) { circuit_constructor.create_mul_gate(in); } - - void create_bool_gate(const uint32_t a) { circuit_constructor.create_bool_gate(a); } - - void create_poly_gate(const poly_triple& in) { circuit_constructor.create_poly_gate(in); } - - void create_big_mul_gate(const mul_quad& in) { circuit_constructor.create_big_mul_gate(in); } - - void create_balanced_add_gate(const add_quad& in) { circuit_constructor.create_balanced_add_gate(in); } - - void create_ecc_add_gate(const ecc_add_gate& in) { circuit_constructor.create_ecc_add_gate(in); }; - - void fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) - { - circuit_constructor.fix_witness(witness_index, witness_value); - } - - void create_new_range_constraint(const uint32_t variable_index, - const uint64_t target_range, - std::string const msg = "create_new_range_constraint") - { - circuit_constructor.create_new_range_constraint(variable_index, target_range, msg); - }; - - uint32_t put_constant_variable(const barretenberg::fr& variable) - { - return circuit_constructor.put_constant_variable(variable); - }; - - void assert_equal(const uint32_t a_variable_idx, - const uint32_t b_variable_idx, - std::string const& msg = "assert_equal") - { - circuit_constructor.assert_equal(a_variable_idx, b_variable_idx, msg); - } - - void assert_equal_constant(uint32_t const a_idx, - barretenberg::fr const& b, - std::string const& msg = "assert equal constant") - { - circuit_constructor.assert_equal_constant(a_idx, b, msg); - } - - plookup::ReadData create_gates_from_plookup_accumulators( - const plookup::MultiTableId& id, - const plookup::ReadData& read_values, - const uint32_t key_a_index, - std::optional key_b_index = std::nullopt) - { - return circuit_constructor.create_gates_from_plookup_accumulators(id, read_values, key_a_index, key_b_index); - }; - - // /** - // * Generalized Permutation Methods - // **/ - std::vector decompose_into_default_range( - const uint32_t variable_index, - const uint64_t num_bits, - const uint64_t target_range_bitnum = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM, - std::string const& msg = "decompose_into_default_range") - { - return circuit_constructor.decompose_into_default_range(variable_index, num_bits, target_range_bitnum, msg); - }; - - void create_dummy_constraints(const std::vector& variable_index) - { - circuit_constructor.create_dummy_constraints(variable_index); - }; - void create_sort_constraint(const std::vector& variable_index) - { - circuit_constructor.create_sort_constraint(variable_index); - }; - void create_sort_constraint_with_edges(const std::vector& variable_index, - const barretenberg::fr& start, - const barretenberg::fr& end) - { - circuit_constructor.create_sort_constraint_with_edges(variable_index, start, end); - }; - - void assign_tag(const uint32_t variable_index, const uint32_t tag) - { - circuit_constructor.assign_tag(variable_index, tag); - } - - // void assign_tag(const uint32_t variable_index, const uint32_t tag) - // { - // ASSERT(tag <= current_tag); - // ASSERT(real_variable_tags[real_variable_index[variable_index]] == DUMMY_TAG); - // real_variable_tags[real_variable_index[variable_index]] = tag; - // } - - uint32_t create_tag(const uint32_t tag_index, const uint32_t tau_index) - { - return circuit_constructor.create_tag(tag_index, tau_index); - } - - // /** - // * Non Native Field Arithmetic - // **/ - void range_constrain_two_limbs( - const uint32_t lo_idx, - const uint32_t hi_idx, - const size_t lo_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS, - const size_t hi_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) - { - circuit_constructor.range_constrain_two_limbs(lo_idx, hi_idx, lo_limb_bits, hi_limb_bits); - }; - std::array evaluate_non_native_field_multiplication( - const UltraCircuitConstructor::non_native_field_witnesses& input, - const bool range_constrain_quotient_and_remainder = true) - { - return circuit_constructor.evaluate_non_native_field_multiplication(input, - range_constrain_quotient_and_remainder); - }; - - // /** - // * Memory - // **/ - - size_t create_RAM_array(const size_t array_size) { return circuit_constructor.create_RAM_array(array_size); }; - size_t create_ROM_array(const size_t array_size) { return circuit_constructor.create_ROM_array(array_size); }; - - void set_ROM_element(const size_t rom_id, const size_t index_value, const uint32_t value_witness) - { - circuit_constructor.set_ROM_element(rom_id, index_value, value_witness); - }; - void set_ROM_element_pair(const size_t rom_id, - const size_t index_value, - const std::array& value_witnesses) - { - circuit_constructor.set_ROM_element_pair(rom_id, index_value, value_witnesses); - } - - uint32_t read_ROM_array(const size_t rom_id, const uint32_t index_witness) - { - return circuit_constructor.read_ROM_array(rom_id, index_witness); - }; - std::array read_ROM_array_pair(const size_t rom_id, const uint32_t index_witness) - { - return circuit_constructor.read_ROM_array_pair(rom_id, index_witness); - } - - void init_RAM_element(const size_t ram_id, const size_t index_value, const uint32_t value_witness) - { - circuit_constructor.init_RAM_element(ram_id, index_value, value_witness); - }; - uint32_t read_RAM_array(const size_t ram_id, const uint32_t index_witness) - { - return circuit_constructor.read_RAM_array(ram_id, index_witness); - }; - void write_RAM_array(const size_t ram_id, const uint32_t index_witness, const uint32_t value_witness) - { - circuit_constructor.write_RAM_array(ram_id, index_witness, value_witness); - }; - - void create_range_constraint(const uint32_t variable_index, - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - circuit_constructor.create_range_constraint(variable_index, num_bits, msg); - } - - std::array decompose_non_native_field_double_width_limb( - const uint32_t limb_idx, - const size_t num_limb_bits = (2 * UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)) - { - return circuit_constructor.decompose_non_native_field_double_width_limb(limb_idx, num_limb_bits); - } - - using add_simple = proof_system::UltraCircuitConstructor::add_simple; - std::array evaluate_non_native_field_subtraction( - add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp) - { - return circuit_constructor.evaluate_non_native_field_subtraction(limb0, limb1, limb2, limb3, limbp); - } - std::array evaluate_non_native_field_addition(add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp) - { - return circuit_constructor.evaluate_non_native_field_addition(limb0, limb1, limb2, limb3, limbp); - }; - - std::array queue_partial_non_native_field_multiplication( - const proof_system::UltraCircuitConstructor::non_native_field_witnesses& input) - { - return circuit_constructor.queue_partial_non_native_field_multiplication(input); - } - - bool failed() const { return circuit_constructor.failed(); }; - const std::string& err() const { return circuit_constructor.err(); }; - void failure(std::string msg) { circuit_constructor.failure(msg); } -}; -using UltraHonkComposer = UltraHonkComposer_; -using UltraGrumpkinHonkComposer = UltraHonkComposer_; - -} // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 5daabab7aa..392d4a821b 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -66,7 +66,6 @@ class UltraHonkComposerTests : public ::testing::Test { TEST_F(UltraHonkComposerTests, ANonZeroPolynomialIsAGoodPolynomial) { auto circuit_constructor = UltraCircuitConstructor(); - circuit_constructor.add_gates_to_ensure_all_polys_are_non_zero(); auto composer = UltraHonkComposerHelper(); diff --git a/cpp/src/barretenberg/join_split_example/proofs/compute_circuit_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/compute_circuit_data.hpp index 2a55efb057..42d9b01f58 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/compute_circuit_data.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/compute_circuit_data.hpp @@ -1,10 +1,12 @@ #pragma once -#include "join_split/join_split.hpp" -#include "mock/mock_circuit.hpp" -#include "../constants.hpp" #include #include + +#include "mock/mock_circuit.hpp" +#include "../constants.hpp" +#include "join_split/join_split.hpp" #include "barretenberg/common/timer.hpp" +#include "barretenberg/common/log.hpp" #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" #ifndef __wasm__ @@ -35,7 +37,7 @@ inline bool exists(std::string const& path) } } // namespace -template +template circuit_data get_circuit_data(std::string const& name, std::string const& path_name, std::shared_ptr const& srs, @@ -46,15 +48,18 @@ circuit_data get_circuit_data(std::string const& name, bool pk, bool vk, bool padding, - bool mock, + bool mock, // TODO(#541) F const& build_circuit, std::string const name_suffix_for_benchmarks = "") { + using Builder = typename Composer::CircuitConstructor; circuit_data data; data.srs = srs; data.mock = mock; - ComposerType composer(srs); - ComposerType mock_proof_composer(srs); + Composer composer(srs); + Builder builder; + Composer mock_proof_composer(srs); + Builder mock_builder; BenchmarkInfoCollator benchmark_collator; auto circuit_key_path = key_path + "/" + path_name; @@ -68,29 +73,23 @@ circuit_data get_circuit_data(std::string const& name, (compute && !load)) { info(name, ": Building circuit..."); Timer timer; - build_circuit(composer); + build_circuit(builder); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), - "Core", - name + name_suffix_for_benchmarks, - "Build time", - timer.toString()); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), - "Core", - name + name_suffix_for_benchmarks, - "Gates", - composer.get_num_gates()); + benchmark_collator.benchmark_info_deferred( + Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Build time", timer.toString()); + benchmark_collator.benchmark_info_deferred( + Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Gates", builder.get_num_gates()); info(name, ": Circuit built in: ", timer.toString(), "s"); - info(name, ": Circuit size: ", composer.get_num_gates()); + info(name, ": Circuit size: ", builder.get_num_gates()); if (mock) { - auto public_inputs = composer.get_public_inputs(); - ::join_split_example::proofs::mock::mock_circuit(mock_proof_composer, public_inputs); - info(name, ": Mock circuit size: ", mock_proof_composer.get_num_gates()); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + auto public_inputs = builder.get_public_inputs(); + ::join_split_example::proofs::mock::mock_circuit(mock_builder, public_inputs); + info(name, ": Mock circuit size: ", mock_builder.get_num_gates()); + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Mock Gates", - composer.get_num_gates()); + builder.get_num_gates()); } } @@ -113,30 +112,26 @@ circuit_data get_circuit_data(std::string const& name, std::make_shared(std::move(pk_data), srs->get_prover_crs(pk_data.circuit_size + 1)); data.num_gates = pk_data.circuit_size; info(name, ": Circuit size 2^n: ", data.num_gates); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), - "Core", - name + name_suffix_for_benchmarks, - "Gates 2^n", - data.num_gates); + benchmark_collator.benchmark_info_deferred( + Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Gates 2^n", data.num_gates); } else if (compute) { Timer timer; info(name, ": Computing proving key..."); if (!mock) { - data.num_gates = composer.get_num_gates(); - data.proving_key = composer.compute_proving_key(); + data.num_gates = builder.get_num_gates(); + data.proving_key = composer.compute_proving_key(builder); info(name, ": Circuit size 2^n: ", data.proving_key->circuit_size); - - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Gates 2^n", data.proving_key->circuit_size); } else { - data.num_gates = mock_proof_composer.get_num_gates(); - data.proving_key = mock_proof_composer.compute_proving_key(); + data.num_gates = mock_builder.get_num_gates(); + data.proving_key = mock_proof_composer.compute_proving_key(mock_builder); info(name, ": Mock circuit size 2^n: ", data.proving_key->circuit_size); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Mock Gates 2^n", @@ -144,8 +139,7 @@ circuit_data get_circuit_data(std::string const& name, } info(name, ": Proving key computed in ", timer.toString(), "s"); - - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Proving key computed in", @@ -175,7 +169,7 @@ circuit_data get_circuit_data(std::string const& name, data.verification_key = std::make_shared(std::move(vk_data), data.srs->get_verifier_crs()); info(name, ": Verification key hash: ", data.verification_key->sha256_hash()); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Verification key hash", @@ -185,19 +179,19 @@ circuit_data get_circuit_data(std::string const& name, Timer timer; if (!mock) { - data.verification_key = composer.compute_verification_key(); + data.verification_key = composer.compute_verification_key(builder); } else { - data.verification_key = mock_proof_composer.compute_verification_key(); + data.verification_key = mock_proof_composer.compute_verification_key(mock_builder); } info(name, ": Computed verification key in ", timer.toString(), "s"); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Verification key computed in", timer.toString()); info(name, ": Verification key hash: ", data.verification_key->sha256_hash()); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Verification key hash", @@ -222,31 +216,31 @@ circuit_data get_circuit_data(std::string const& name, } else if (data.proving_key) { info(name, ": Computing padding proof..."); - if (composer.failed()) { - info(name, ": Composer logic failed: ", composer.err()); + if (builder.failed()) { + info(name, ": Composer logic failed: ", builder.err()); info(name, ": Warning, padding proof can only be used to aid upstream pk construction!"); } Timer timer; if (!mock) { - auto prover = composer.create_prover(); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); data.padding_proof = proof.proof_data; - data.num_gates = composer.get_num_gates(); + data.num_gates = builder.get_num_gates(); info(name, ": Circuit size: ", data.num_gates); - auto verifier = composer.create_verifier(); + auto verifier = composer.create_verifier(builder); info(name, ": Padding verified: ", verifier.verify_proof(proof)); } else { - auto prover = mock_proof_composer.create_prover(); + auto prover = mock_proof_composer.create_prover(mock_builder); auto proof = prover.construct_proof(); data.padding_proof = proof.proof_data; - data.num_gates = mock_proof_composer.get_num_gates(); + data.num_gates = mock_builder.get_num_gates(); info(name, ": Mock circuit size: ", data.num_gates); - auto verifier = mock_proof_composer.create_verifier(); + auto verifier = mock_proof_composer.create_verifier(mock_builder); info(name, ": Padding verified: ", verifier.verify_proof(proof)); } info(name, ": Padding proof computed in ", timer.toString(), "s"); - benchmark_collator.benchmark_info_deferred(GET_COMPOSER_NAME_STRING(proof_system::ComposerType), + benchmark_collator.benchmark_info_deferred(Composer::NAME_STRING, "Core", name + name_suffix_for_benchmarks, "Padding proof computed in", diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_circuit_data.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_circuit_data.cpp index 402ac96af5..b92bf13c73 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_circuit_data.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/compute_circuit_data.cpp @@ -63,9 +63,9 @@ circuit_data get_circuit_data(std::shared_ptr( diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/create_proof.hpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/create_proof.hpp index 03539185f6..dddc0b91d6 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/create_proof.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/create_proof.hpp @@ -10,14 +10,15 @@ namespace join_split { inline std::vector create_proof(join_split_tx const& tx, circuit_data const& cd) { - Composer composer = Composer(cd.proving_key, cd.verification_key, cd.num_gates); - join_split_circuit(composer, tx); + Builder builder(cd.num_gates); + join_split_circuit(builder, tx); - if (composer.failed()) { - info("Join-split circuit logic failed: ", composer.err()); + if (builder.failed()) { + info("Join-split circuit logic failed: ", builder.err()); } - auto prover = composer.create_prover(); + Composer composer = Composer(cd.proving_key, cd.verification_key); + auto prover = composer.create_prover(builder); auto proof = prover.construct_proof(); return proof.proof_data; diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.cpp index 96e504c9f6..c6e7789c11 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.cpp @@ -24,15 +24,16 @@ void init_proving_key(std::shared_ptr join_split_tx tx = noop_tx(); if (!mock) { + Builder builder; + join_split_circuit(builder, tx); Composer composer(crs_factory); - join_split_circuit(composer, tx); - proving_key = composer.compute_proving_key(); + proving_key = composer.compute_proving_key(builder); } else { - Composer composer; - join_split_circuit(composer, tx); - Composer mock_proof_composer(crs_factory); - join_split_example::proofs::mock::mock_circuit(mock_proof_composer, composer.get_public_inputs()); - proving_key = mock_proof_composer.compute_proving_key(); + Builder builder; + join_split_circuit(builder, tx); + Composer composer(crs_factory); + join_split_example::proofs::mock::mock_circuit(builder, builder.get_public_inputs()); + proving_key = composer.compute_proving_key(builder); } } @@ -55,24 +56,25 @@ void init_verification_key(std::shared_ptr class join_split : public testing::Test { - - protected: - join_split_example::fixtures::user_context user; - std::unique_ptr store; - std::unique_ptr> tree; - - virtual void SetUp() - { - store = std::make_unique(); - tree = std::make_unique>(*store, 32); - user = join_split_example::fixtures::create_user_context(); - } - - public: - /** - * Return a join split tx with 0-valued input notes. - */ - join_split_tx zero_input_setup() - { - using namespace join_split_example::proofs::notes::native; - - value::value_note input_note1 = { - 0, 0, false, user.owner.public_key, user.note_secret, 0, fr::random_element() - }; - value::value_note input_note2 = { - 0, 0, false, user.owner.public_key, user.note_secret, 0, fr::random_element() - }; - auto input_nullifier1 = compute_nullifier(input_note1.commit(), user.owner.private_key, false); - auto input_nullifier2 = compute_nullifier(input_note2.commit(), user.owner.private_key, false); - value::value_note output_note1 = { 0, 0, false, user.owner.public_key, user.note_secret, 0, input_nullifier1 }; - value::value_note output_note2 = { 0, 0, false, user.owner.public_key, user.note_secret, 0, input_nullifier2 }; - - join_split_tx tx; - tx.proof_id = ProofIds::SEND; - tx.public_value = 0; - tx.public_owner = 0; - tx.asset_id = 0; - tx.num_input_notes = 0; - tx.input_index = { 0, 1 }; - tx.old_data_root = tree->root(); - tx.input_path = { tree->get_hash_path(0), tree->get_hash_path(1) }; - tx.input_note = { input_note1, input_note2 }; - tx.output_note = { output_note1, output_note2 }; - tx.partial_claim_note.input_nullifier = 0; - tx.account_private_key = user.owner.private_key; - tx.alias_hash = join_split_example::fixtures::generate_alias_hash("penguin"); - tx.account_required = false; - tx.account_note_index = 0; - tx.account_note_path = tree->get_hash_path(0); - tx.signing_pub_key = user.signing_keys[0].public_key; - tx.backward_link = 0; - tx.allow_chain = 0; - return tx; - } -}; - -using ComposerTypes = testing::Types; - -TYPED_TEST_SUITE(join_split, ComposerTypes); - -// This is derived from the Aztec Connect test -// join_split_tests.test_deposit_construct_proof -TYPED_TEST(join_split, deposit) -{ - join_split_tx tx = TestFixture::zero_input_setup(); - tx.proof_id = ProofIds::DEPOSIT; - tx.public_value = 10; - tx.public_owner = fr::random_element(); - tx.output_note[0].value = 7; - - /** - * DEPOSIT tx represents: - * - public_value = 10 - * - out1 = 7 - * - fee = 3 - */ - - // sign_and_create_proof - tx.signature = sign_join_split_tx(tx, TestFixture::user.owner); - - auto composer = Composer(); - join_split_circuit(composer, tx); - - BenchmarkInfoCollator benchmark_collator; - Timer timer; - auto prover = composer.create_prover(); - auto build_time = timer.toString(); - benchmark_collator.benchmark_info_deferred( - GET_COMPOSER_NAME_STRING(Composer::type), "Core", "join split", "Build time", build_time); - - auto proof = prover.construct_proof(); - - auto verifier = composer.create_verifier(); - bool verified = verifier.verify_proof(proof); - - ASSERT_TRUE(verified); -} - /* Old join-split tests below. The value of having all of these logic tests is unclear, but we'll leave them around, at least for a while. */ @@ -388,12 +286,12 @@ class join_split_tests : public ::testing::Test { verify_result verify_logic(join_split_tx& tx) { - Composer composer(get_proving_key(), nullptr); - join_split_circuit(composer, tx); - if (composer.failed()) { - std::cout << "Logic failed: " << composer.err() << std::endl; + Builder builder; + join_split_circuit(builder, tx); + if (builder.failed()) { + std::cout << "Logic failed: " << builder.err() << std::endl; } - return { !composer.failed(), composer.err(), composer.get_public_inputs(), composer.get_num_gates() }; + return { !builder.failed(), builder.err(), builder.get_public_inputs(), builder.get_num_gates() }; } verify_result sign_and_verify_logic(join_split_tx& tx, key_pair const& signing_key) @@ -825,7 +723,7 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change) // For the next power of two limit, we need to consider that we reserve four gates for adding // randomness/zero-knowledge - EXPECT_LE(number_of_gates_js, GATES_NEXT_POWER_OF_TWO - Composer::ComposerHelper::NUM_RESERVED_GATES) + EXPECT_LE(number_of_gates_js, GATES_NEXT_POWER_OF_TWO - Composer::NUM_RESERVED_GATES) << "You have exceeded the next power of two limit for the join_split circuit."; } diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.cpp index c93f887947..4efa78f2d5 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.cpp @@ -269,39 +269,39 @@ join_split_outputs join_split_circuit_component(join_split_inputs const& inputs) public_asset_id, tx_fee, bridge_call_data, defi_deposit_value }; } -void join_split_circuit(Composer& composer, join_split_tx const& tx) +void join_split_circuit(Builder& builder, join_split_tx const& tx) { join_split_inputs inputs = { - .proof_id = witness_ct(&composer, tx.proof_id), - .public_value = suint_ct(witness_ct(&composer, tx.public_value), NOTE_VALUE_BIT_LENGTH, "public_value"), - .public_owner = witness_ct(&composer, tx.public_owner), - .asset_id = suint_ct(witness_ct(&composer, tx.asset_id), ASSET_ID_BIT_LENGTH, "asset_id"), - .num_input_notes = witness_ct(&composer, tx.num_input_notes), - .input_note1_index = suint_ct(witness_ct(&composer, tx.input_index[0]), DATA_TREE_DEPTH, "input_index0"), - .input_note2_index = suint_ct(witness_ct(&composer, tx.input_index[1]), DATA_TREE_DEPTH, "input_index1"), - .input_note1 = value::witness_data(composer, tx.input_note[0]), - .input_note2 = value::witness_data(composer, tx.input_note[1]), - .output_note1 = value::witness_data(composer, tx.output_note[0]), - .output_note2 = value::witness_data(composer, tx.output_note[1]), + .proof_id = witness_ct(&builder, tx.proof_id), + .public_value = suint_ct(witness_ct(&builder, tx.public_value), NOTE_VALUE_BIT_LENGTH, "public_value"), + .public_owner = witness_ct(&builder, tx.public_owner), + .asset_id = suint_ct(witness_ct(&builder, tx.asset_id), ASSET_ID_BIT_LENGTH, "asset_id"), + .num_input_notes = witness_ct(&builder, tx.num_input_notes), + .input_note1_index = suint_ct(witness_ct(&builder, tx.input_index[0]), DATA_TREE_DEPTH, "input_index0"), + .input_note2_index = suint_ct(witness_ct(&builder, tx.input_index[1]), DATA_TREE_DEPTH, "input_index1"), + .input_note1 = value::witness_data(builder, tx.input_note[0]), + .input_note2 = value::witness_data(builder, tx.input_note[1]), + .output_note1 = value::witness_data(builder, tx.output_note[0]), + .output_note2 = value::witness_data(builder, tx.output_note[1]), // Construction of partial_claim_note_witness_data includes construction of bridge_call_data, which contains // many constraints on the bridge_call_data's format and the bit_config's format: - .partial_claim_note = claim::partial_claim_note_witness_data(composer, tx.partial_claim_note), - .signing_pub_key = stdlib::create_point_witness(composer, tx.signing_pub_key), - .signature = stdlib::schnorr::convert_signature(&composer, tx.signature), - .merkle_root = witness_ct(&composer, tx.old_data_root), - .input_path1 = stdlib::merkle_tree::create_witness_hash_path(composer, tx.input_path[0]), - .input_path2 = stdlib::merkle_tree::create_witness_hash_path(composer, tx.input_path[1]), + .partial_claim_note = claim::partial_claim_note_witness_data(builder, tx.partial_claim_note), + .signing_pub_key = stdlib::create_point_witness(builder, tx.signing_pub_key), + .signature = stdlib::schnorr::convert_signature(&builder, tx.signature), + .merkle_root = witness_ct(&builder, tx.old_data_root), + .input_path1 = stdlib::merkle_tree::create_witness_hash_path(builder, tx.input_path[0]), + .input_path2 = stdlib::merkle_tree::create_witness_hash_path(builder, tx.input_path[1]), .account_note_index = - suint_ct(witness_ct(&composer, tx.account_note_index), DATA_TREE_DEPTH, "account_note_index"), - .account_note_path = merkle_tree::create_witness_hash_path(composer, tx.account_note_path), - .account_private_key = witness_ct(&composer, static_cast(tx.account_private_key)), - .alias_hash = suint_ct(witness_ct(&composer, tx.alias_hash), ALIAS_HASH_BIT_LENGTH, "alias_hash"), - .account_required = bool_ct(witness_ct(&composer, tx.account_required)), - .backward_link = witness_ct(&composer, tx.backward_link), - .allow_chain = witness_ct(&composer, tx.allow_chain), + suint_ct(witness_ct(&builder, tx.account_note_index), DATA_TREE_DEPTH, "account_note_index"), + .account_note_path = merkle_tree::create_witness_hash_path(builder, tx.account_note_path), + .account_private_key = witness_ct(&builder, static_cast(tx.account_private_key)), + .alias_hash = suint_ct(witness_ct(&builder, tx.alias_hash), ALIAS_HASH_BIT_LENGTH, "alias_hash"), + .account_required = bool_ct(witness_ct(&builder, tx.account_required)), + .backward_link = witness_ct(&builder, tx.backward_link), + .allow_chain = witness_ct(&builder, tx.allow_chain), }; auto outputs = join_split_circuit_component(inputs); - const field_ct defi_root = witness_ct(&composer, 0); + const field_ct defi_root = witness_ct(&builder, 0); defi_root.assert_is_zero(); // The following make up the public inputs to the circuit. diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.hpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.hpp index bde45a710c..5ae3e23ed6 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split_circuit.hpp @@ -50,7 +50,7 @@ struct join_split_outputs { join_split_outputs join_split_circuit_component(join_split_inputs const& inputs); -void join_split_circuit(Composer& composer, join_split_tx const& tx); +void join_split_circuit(Builder& builder, join_split_tx const& tx); } // namespace join_split } // namespace proofs diff --git a/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp b/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp index 05e99f612a..ba299de9ca 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.hpp @@ -8,14 +8,14 @@ namespace mock { using namespace proof_system::plonk::stdlib; -template void mock_circuit(Composer& composer, std::vector const& public_inputs_) +template void mock_circuit(Builder& builder, std::vector const& public_inputs_) { - const auto public_inputs = map(public_inputs_, [&](auto& i) { return field_t(witness_t(&composer, i)); }); + const auto public_inputs = map(public_inputs_, [&](auto& i) { return field_t(witness_t(&builder, i)); }); for (auto& p : public_inputs) { p.set_public(); } - plonk::stdlib::pedersen_commitment::compress(field_t(witness_t(&composer, 1)), - field_t(witness_t(&composer, 1))); + plonk::stdlib::pedersen_commitment::compress(field_t(witness_t(&builder, 1)), + field_t(witness_t(&builder, 1))); } } // namespace mock diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/bridge_call_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/bridge_call_data.hpp index f8ea941167..c1f49ad7a0 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/bridge_call_data.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/bridge_call_data.hpp @@ -37,14 +37,14 @@ struct bridge_call_data { bool_ct second_output_in_use; bit_config(){}; - bit_config(Composer* composer, uint256_t const& bridge_call_data) + bit_config(Builder* builder, uint256_t const& bridge_call_data) { - ASSERT(composer != nullptr); + ASSERT(builder != nullptr); constexpr auto bitconfig_mask = (1ULL << DEFI_BRIDGE_BITCONFIG_LEN) - 1; uint32_t config_u32 = uint32_t((bridge_call_data >> bitconfig_shift) & bitconfig_mask); - second_input_in_use = witness_ct(composer, config_u32 & 1ULL); - second_output_in_use = witness_ct(composer, (config_u32 >> 1) & 1ULL); + second_input_in_use = witness_ct(builder, config_u32 & 1ULL); + second_output_in_use = witness_ct(builder, (config_u32 >> 1) & 1ULL); } suint_ct to_suint() const @@ -88,11 +88,11 @@ struct bridge_call_data { suint_ct aux_data = 0; bridge_call_data(){}; - bridge_call_data(Composer* composer, const native::bridge_call_data& native_id) - : bridge_call_data(composer, native_id.to_uint256_t()) + bridge_call_data(Builder* builder, const native::bridge_call_data& native_id) + : bridge_call_data(builder, native_id.to_uint256_t()) {} - bridge_call_data(Composer* composer, uint256_t const& bridge_call_data) + bridge_call_data(Builder* builder, uint256_t const& bridge_call_data) { // constants constexpr auto one = uint256_t(1); @@ -109,18 +109,18 @@ struct bridge_call_data { auto aux_data_value = (bridge_call_data >> aux_data_shift) & uint256_t((one << DEFI_BRIDGE_AUX_DATA) - 1); bridge_address_id = - suint_ct(witness_ct(composer, bridge_address_id_value), DEFI_BRIDGE_ADDRESS_ID_LEN, "bridge_address"); - input_asset_id_a = suint_ct( - witness_ct(composer, input_asset_id_a_value), DEFI_BRIDGE_INPUT_A_ASSET_ID_LEN, "input_asset_id_a"); - input_asset_id_b = suint_ct( - witness_ct(composer, input_asset_id_b_value), DEFI_BRIDGE_INPUT_B_ASSET_ID_LEN, "input_asset_id_b"); + suint_ct(witness_ct(builder, bridge_address_id_value), DEFI_BRIDGE_ADDRESS_ID_LEN, "bridge_address"); + input_asset_id_a = + suint_ct(witness_ct(builder, input_asset_id_a_value), DEFI_BRIDGE_INPUT_A_ASSET_ID_LEN, "input_asset_id_a"); + input_asset_id_b = + suint_ct(witness_ct(builder, input_asset_id_b_value), DEFI_BRIDGE_INPUT_B_ASSET_ID_LEN, "input_asset_id_b"); output_asset_id_a = suint_ct( - witness_ct(composer, output_asset_id_a_value), DEFI_BRIDGE_OUTPUT_A_ASSET_ID_LEN, "output_asset_id_a"); + witness_ct(builder, output_asset_id_a_value), DEFI_BRIDGE_OUTPUT_A_ASSET_ID_LEN, "output_asset_id_a"); output_asset_id_b = suint_ct( - witness_ct(composer, output_asset_id_b_value), DEFI_BRIDGE_OUTPUT_B_ASSET_ID_LEN, "output_asset_id_b"); - aux_data = suint_ct(witness_ct(composer, aux_data_value), DEFI_BRIDGE_AUX_DATA, "aux_data"); + witness_ct(builder, output_asset_id_b_value), DEFI_BRIDGE_OUTPUT_B_ASSET_ID_LEN, "output_asset_id_b"); + aux_data = suint_ct(witness_ct(builder, aux_data_value), DEFI_BRIDGE_AUX_DATA, "aux_data"); - config = bit_config(composer, bridge_call_data); + config = bit_config(builder, bridge_call_data); validate_bit_config(); } diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/witness_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/witness_data.hpp index e5fc35fb39..e1bebb5e6d 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/witness_data.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/claim/witness_data.hpp @@ -26,7 +26,7 @@ struct claim_note_witness_data { field_ct value_note_partial_commitment; field_ct input_nullifier; - claim_note_witness_data(Composer& composer, native::claim::claim_note const& note_data) + claim_note_witness_data(Builder& composer, native::claim::claim_note const& note_data) { deposit_value = suint_ct(witness_ct(&composer, note_data.deposit_value), DEFI_DEPOSIT_VALUE_BIT_LENGTH, "deposit_value"); @@ -51,7 +51,7 @@ struct partial_claim_note_witness_data { field_ct input_nullifier; partial_claim_note_witness_data(){}; - partial_claim_note_witness_data(Composer& composer, native::claim::partial_claim_note_data const& note_data) + partial_claim_note_witness_data(Builder& composer, native::claim::partial_claim_note_data const& note_data) { deposit_value = suint_ct(witness_ct(&composer, note_data.deposit_value), DEFI_DEPOSIT_VALUE_BIT_LENGTH, "deposit_value"); diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.test.cpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.test.cpp index 88198aa7c5..906a12bd99 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.test.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/compute_nullifier.test.cpp @@ -18,11 +18,11 @@ TEST(compute_nullifier_circuit, native_consistency) native::value::value_note{ 100, 0, 0, user.owner.public_key, user.note_secret, 0, fr::random_element() }; auto native_commitment = native_input_note.commit(); auto native_nullifier = native::compute_nullifier(native_commitment, priv_key, true); - Composer composer; - auto circuit_witness_data = circuit::value::witness_data(composer, native_input_note); + Builder builder; + auto circuit_witness_data = circuit::value::witness_data(builder, native_input_note); auto circuit_input_note = circuit::value::value_note(circuit_witness_data); auto circuit_nullifier = circuit::compute_nullifier( - circuit_input_note.commitment, field_ct(witness_ct(&composer, priv_key)), bool_ct(witness_ct(&composer, true))); + circuit_input_note.commitment, field_ct(witness_ct(&builder, priv_key)), bool_ct(witness_ct(&builder, true))); EXPECT_EQ(circuit_nullifier.get_value(), native_nullifier); } diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp index 55b65c9949..92ada18413 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp @@ -13,7 +13,7 @@ using namespace join_split_example::proofs::notes::circuit::value; TEST(value_note, commits) { auto user = join_split_example::fixtures::create_user_context(); - Composer composer = Composer(); + auto builder = Builder(); fr note_value = fr::random_element(); note_value.data[3] = note_value.data[3] & 0x0FFFFFFFFFFFFFFFULL; @@ -26,16 +26,17 @@ TEST(value_note, commits) note_value, asset_id_value, account_required, user.owner.public_key, user.note_secret, 0, fr::random_element() }; auto expected = note.commit(); - auto circuit_note = circuit::value::value_note(witness_data(composer, note)); + auto circuit_note = circuit::value::value_note(witness_data(builder, note)); auto result = circuit_note.commitment; result.assert_equal(expected); - auto prover = composer.create_prover(); + auto composer = Composer(); + auto prover = composer.create_prover(builder); - EXPECT_FALSE(composer.failed()); - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); + EXPECT_FALSE(builder.failed()); + printf("composer gates = %zu\n", builder.get_num_gates()); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -45,8 +46,9 @@ TEST(value_note, commits) TEST(value_note, commits_with_0_value) { + auto builder = Builder(); + auto user = join_split_example::fixtures::create_user_context(); - Composer composer = Composer(); uint32_t asset_id_value = 0x2abbccddULL; // needs to be less than 30 bits @@ -60,16 +62,18 @@ TEST(value_note, commits_with_0_value) .input_nullifier = fr::random_element(), }; auto expected = note.commit(); - auto circuit_note = circuit::value::value_note(witness_data(composer, note)); + auto circuit_note = circuit::value::value_note(witness_data(builder, note)); auto result = circuit_note.commitment; result.assert_equal(expected); - auto prover = composer.create_prover(); + Composer composer = Composer(); + + auto prover = composer.create_prover(builder); - EXPECT_FALSE(composer.failed()); - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); + EXPECT_FALSE(builder.failed()); + printf("composer gates = %zu\n", builder.get_num_gates()); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); @@ -79,8 +83,9 @@ TEST(value_note, commits_with_0_value) TEST(value_note, commit_with_oversized_asset_id_fails) { + auto builder = Builder(); + auto user = join_split_example::fixtures::create_user_context(); - Composer composer = Composer(); native::value::value_note note = { .value = 0, @@ -92,16 +97,17 @@ TEST(value_note, commit_with_oversized_asset_id_fails) .input_nullifier = fr::random_element(), }; auto expected = note.commit(); - auto circuit_note = circuit::value::value_note(witness_data(composer, note)); + auto circuit_note = circuit::value::value_note(witness_data(builder, note)); auto result = circuit_note.commitment; result.assert_equal(expected); - auto prover = composer.create_prover(); + Composer composer = Composer(); + auto prover = composer.create_prover(builder); - EXPECT_TRUE(composer.failed()); - printf("composer gates = %zu\n", composer.get_num_gates()); - auto verifier = composer.create_verifier(); + EXPECT_TRUE(builder.failed()); + printf("composer gates = %zu\n", builder.get_num_gates()); + auto verifier = composer.create_verifier(builder); plonk::proof proof = prover.construct_proof(); diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/witness_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/witness_data.hpp index 367f0e704e..80e47ebf63 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/witness_data.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/witness_data.hpp @@ -19,16 +19,16 @@ struct witness_data { field_ct creator_pubkey; field_ct input_nullifier; - witness_data(Composer& composer, native::value::value_note const& note) + witness_data(Builder& builder, native::value::value_note const& note) { - secret = witness_ct(&composer, note.secret); - owner.x = witness_ct(&composer, note.owner.x); - owner.y = witness_ct(&composer, note.owner.y); - value = suint_ct(witness_ct(&composer, note.value), NOTE_VALUE_BIT_LENGTH, "note_value"); - asset_id = suint_ct(witness_ct(&composer, note.asset_id), ASSET_ID_BIT_LENGTH, "asset_id"); - account_required = bool_ct(witness_ct(&composer, note.account_required)); - creator_pubkey = witness_ct(&composer, note.creator_pubkey); - input_nullifier = witness_ct(&composer, note.input_nullifier); + secret = witness_ct(&builder, note.secret); + owner.x = witness_ct(&builder, note.owner.x); + owner.y = witness_ct(&builder, note.owner.y); + value = suint_ct(witness_ct(&builder, note.value), NOTE_VALUE_BIT_LENGTH, "note_value"); + asset_id = suint_ct(witness_ct(&builder, note.asset_id), ASSET_ID_BIT_LENGTH, "asset_id"); + account_required = bool_ct(witness_ct(&builder, note.account_required)); + creator_pubkey = witness_ct(&builder, note.creator_pubkey); + input_nullifier = witness_ct(&builder, note.input_nullifier); } }; diff --git a/cpp/src/barretenberg/join_split_example/proofs/verify.hpp b/cpp/src/barretenberg/join_split_example/proofs/verify.hpp index d01b409edd..2506e740cb 100644 --- a/cpp/src/barretenberg/join_split_example/proofs/verify.hpp +++ b/cpp/src/barretenberg/join_split_example/proofs/verify.hpp @@ -39,17 +39,17 @@ inline bool pairing_check(plonk::stdlib::recursion::aggregation_state -auto verify_logic_internal(Composer& composer, Tx& tx, CircuitData const& cd, char const* name, F const& build_circuit) +template +auto verify_logic_internal(Builder& builder, Tx& tx, CircuitData const& cd, char const* name, F const& build_circuit) { info(name, ": Building circuit..."); Timer timer; - auto result = build_circuit(composer, tx, cd); + auto result = build_circuit(builder, tx, cd); info(name, ": Circuit built in ", timer.toString(), "s"); - if (composer.failed()) { - info(name, ": Circuit logic failed: " + composer.err()); - result.err = composer.err(); + if (builder.failed()) { + info(name, ": Circuit logic failed: " + builder.err()); + result.err = builder.err(); return result; } @@ -63,86 +63,12 @@ auto verify_logic_internal(Composer& composer, Tx& tx, CircuitData const& cd, ch return result; } - result.public_inputs = composer.get_public_inputs(); + result.public_inputs = builder.get_public_inputs(); result.logic_verified = true; - result.number_of_gates = composer.get_num_gates(); + result.number_of_gates = builder.get_num_gates(); return result; } -template -auto verify_internal(Composer& composer, Tx& tx, CircuitData const& cd, char const* name, F const& build_circuit) -{ - Timer timer; - auto result = verify_logic_internal(composer, tx, cd, name, build_circuit); - - if (!result.logic_verified) { - return result; - } - - Timer proof_timer; - info(name, ": Creating proof..."); - - if (!cd.mock) { - if constexpr (std::is_same::value) { - if (std::string(name) == "root rollup") { - auto prover = composer.create_ultra_to_standard_prover(); - auto proof = prover.construct_proof(); - result.proof_data = proof.proof_data; - } else { - auto prover = composer.create_prover(); - auto proof = prover.construct_proof(); - result.proof_data = proof.proof_data; - } - } else { - auto prover = composer.create_prover(); - auto proof = prover.construct_proof(); - result.proof_data = proof.proof_data; - } - } else { - Composer mock_proof_composer = Composer(cd.proving_key, cd.verification_key, cd.num_gates); - ::join_split_example::proofs::mock::mock_circuit(mock_proof_composer, composer.get_public_inputs()); - if constexpr (std::is_same::value) { - if (std::string(name) == "root rollup") { - auto prover = mock_proof_composer.create_ultra_to_standard_prover(); - auto proof = prover.construct_proof(); - result.proof_data = proof.proof_data; - } else { - auto prover = mock_proof_composer.create_prover(); - auto proof = prover.construct_proof(); - result.proof_data = proof.proof_data; - } - } else { - auto prover = mock_proof_composer.create_prover(); - auto proof = prover.construct_proof(); - result.proof_data = proof.proof_data; - } - } - - info(name, ": Proof created in ", proof_timer.toString(), "s"); - info(name, ": Total time taken: ", timer.toString(), "s"); - if constexpr (std::is_same::value) { - if (std::string(name) == "root rollup") { - auto verifier = composer.create_ultra_to_standard_verifier(); - result.verified = verifier.verify_proof({ result.proof_data }); - } else { - auto verifier = composer.create_verifier(); - result.verified = verifier.verify_proof({ result.proof_data }); - } - } else { - auto verifier = composer.create_verifier(); - result.verified = verifier.verify_proof({ result.proof_data }); - } - - if (!result.verified) { - info(name, ": Proof validation failed."); - return result; - } else { - info(name, ": Verified successfully."); - } - result.verification_key = composer.circuit_verification_key; - return result; -} - } // namespace proofs } // namespace join_split_example diff --git a/cpp/src/barretenberg/join_split_example/types.hpp b/cpp/src/barretenberg/join_split_example/types.hpp index 3ff15138e5..945aded7e9 100644 --- a/cpp/src/barretenberg/join_split_example/types.hpp +++ b/cpp/src/barretenberg/join_split_example/types.hpp @@ -1,9 +1,9 @@ #pragma once -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/stdlib/primitives/bool/bool.hpp" @@ -18,34 +18,35 @@ namespace join_split_example { -using Composer = plonk::UltraPlonkComposer; +using Builder = proof_system::UltraCircuitConstructor; +using Composer = plonk::UltraPlonkComposerHelper; using Prover = std::conditional_t< - std::same_as, + std::same_as, plonk::UltraProver, - std::conditional_t, plonk::TurboProver, plonk::Prover>>; + std::conditional_t, plonk::TurboProver, plonk::Prover>>; using Verifier = std::conditional_t< - std::same_as, + std::same_as, plonk::UltraVerifier, - std::conditional_t, plonk::TurboVerifier, plonk::Verifier>>; - -using witness_ct = proof_system::plonk::stdlib::witness_t; -using public_witness_ct = proof_system::plonk::stdlib::public_witness_t; -using bool_ct = proof_system::plonk::stdlib::bool_t; -using byte_array_ct = proof_system::plonk::stdlib::byte_array; -using field_ct = proof_system::plonk::stdlib::field_t; -using suint_ct = proof_system::plonk::stdlib::safe_uint_t; -using uint32_ct = proof_system::plonk::stdlib::uint32; -using point_ct = proof_system::plonk::stdlib::point; -using pedersen_commitment = proof_system::plonk::stdlib::pedersen_commitment; -using group_ct = proof_system::plonk::stdlib::group; -using bn254 = proof_system::plonk::stdlib::bn254; - -using hash_path_ct = proof_system::plonk::stdlib::merkle_tree::hash_path; + std::conditional_t, plonk::TurboVerifier, plonk::Verifier>>; + +using witness_ct = proof_system::plonk::stdlib::witness_t; +using public_witness_ct = proof_system::plonk::stdlib::public_witness_t; +using bool_ct = proof_system::plonk::stdlib::bool_t; +using byte_array_ct = proof_system::plonk::stdlib::byte_array; +using field_ct = proof_system::plonk::stdlib::field_t; +using suint_ct = proof_system::plonk::stdlib::safe_uint_t; +using uint32_ct = proof_system::plonk::stdlib::uint32; +using point_ct = proof_system::plonk::stdlib::point; +using pedersen_commitment = proof_system::plonk::stdlib::pedersen_commitment; +using group_ct = proof_system::plonk::stdlib::group; +using bn254 = proof_system::plonk::stdlib::bn254; + +using hash_path_ct = proof_system::plonk::stdlib::merkle_tree::hash_path; namespace schnorr { -using signature_bits = proof_system::plonk::stdlib::schnorr::signature_bits; +using signature_bits = proof_system::plonk::stdlib::schnorr::signature_bits; } // namespace schnorr } // namespace join_split_example \ No newline at end of file diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp index 82273ebda0..ec93293e94 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp @@ -17,6 +17,8 @@ class StandardPlonkComposerHelper { public: using Flavor = plonk::flavor::Standard; using CircuitConstructor = StandardCircuitConstructor; + + static constexpr std::string_view NAME_STRING = "StandardPlonk"; static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of evaluations leaked static constexpr size_t program_width = CircuitConstructor::program_width; std::shared_ptr circuit_proving_key; diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp index 79bd7015e8..123271db73 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp @@ -14,6 +14,7 @@ class TurboPlonkComposerHelper { using Flavor = plonk::flavor::Turbo; using CircuitConstructor = TurboCircuitConstructor; + static constexpr std::string_view NAME_STRING = "TurboPlonk"; static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of evaluations leaked static constexpr size_t program_width = CircuitConstructor::program_width; @@ -58,6 +59,7 @@ class TurboPlonkComposerHelper { }; return result; } + static transcript::Manifest create_manifest(const size_t num_public_inputs) { // add public inputs.... diff --git a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp index 8417a9f2e0..170a151aab 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp @@ -18,6 +18,8 @@ class UltraPlonkComposerHelper { using Flavor = flavor::Ultra; using CircuitConstructor = UltraCircuitConstructor; + static constexpr std::string_view NAME_STRING = "UltraPlonk"; + static constexpr ComposerType type = ComposerType::PLOOKUP; static constexpr size_t NUM_RESERVED_GATES = 4; // equal to the number of multilinear evaluations leaked static constexpr size_t program_width = CircuitConstructor::NUM_WIRES; std::shared_ptr circuit_proving_key; @@ -101,117 +103,7 @@ class UltraPlonkComposerHelper { */ static transcript::Manifest create_manifest(const size_t num_public_inputs) { - // add public inputs.... - constexpr size_t g1_size = 64; - constexpr size_t fr_size = 32; - const size_t public_input_size = fr_size * num_public_inputs; - transcript::Manifest output = transcript::Manifest( - - { transcript::Manifest::RoundManifest( - { // { name, num_bytes, derived_by_verifier } - { "circuit_size", 4, true }, - { "public_input_size", 4, true } }, - "init", // challenge_name - 1 // num_challenges_in - ), - - transcript::Manifest::RoundManifest( - { // { name, num_bytes, derived_by_verifier } - { "public_inputs", public_input_size, false }, - { "W_1", g1_size, false }, - { "W_2", g1_size, false }, - { "W_3", g1_size, false } }, - "eta", // challenge_name - 1 // num_challenges_in - ), - - transcript::Manifest::RoundManifest( - { // { name, num_bytes, derived_by_verifier } - { "W_4", g1_size, false }, - { "S", g1_size, false } }, - "beta", // challenge_name - 2 // num_challenges_in - ), - - transcript::Manifest::RoundManifest( - { // { name, num_bytes, derived_by_verifier } - { "Z_PERM", g1_size, false }, - { "Z_LOOKUP", g1_size, false } }, - "alpha", // challenge_name - 1 // num_challenges_in - ), - - transcript::Manifest::RoundManifest( - { // { name, num_bytes, derived_by_verifier } - { "T_1", g1_size, false }, - { "T_2", g1_size, false }, - { "T_3", g1_size, false }, - { "T_4", g1_size, false } }, - "z", // challenge_name - 1 // num_challenges_in - ), - - // N.B. THE SHFITED EVALS (_omega) MUST HAVE THE SAME CHALLENGE INDEX AS THE NON SHIFTED VALUES - transcript::Manifest::RoundManifest( - { - // { name, num_bytes, derived_by_verifier, challenge_map_index } - { "t", fr_size, true, -1 }, // * - { "w_1", fr_size, false, 0 }, - { "w_2", fr_size, false, 1 }, - { "w_3", fr_size, false, 2 }, - { "w_4", fr_size, false, 3 }, - { "s", fr_size, false, 4 }, - { "z_perm", fr_size, false, 5 }, // * - { "z_lookup", fr_size, false, 6 }, - { "q_1", fr_size, false, 7 }, - { "q_2", fr_size, false, 8 }, - { "q_3", fr_size, false, 9 }, - { "q_4", fr_size, false, 10 }, - { "q_m", fr_size, false, 11 }, - { "q_c", fr_size, false, 12 }, - { "q_arith", fr_size, false, 13 }, - { "q_sort", fr_size, false, 14 }, // * - { "q_elliptic", fr_size, false, 15 }, // * - { "q_aux", fr_size, false, 16 }, - { "sigma_1", fr_size, false, 17 }, - { "sigma_2", fr_size, false, 18 }, - { "sigma_3", fr_size, false, 19 }, - { "sigma_4", fr_size, false, 20 }, - { "table_value_1", fr_size, false, 21 }, - { "table_value_2", fr_size, false, 22 }, - { "table_value_3", fr_size, false, 23 }, - { "table_value_4", fr_size, false, 24 }, - { "table_type", fr_size, false, 25 }, - { "id_1", fr_size, false, 26 }, - { "id_2", fr_size, false, 27 }, - { "id_3", fr_size, false, 28 }, - { "id_4", fr_size, false, 29 }, - { "w_1_omega", fr_size, false, 0 }, - { "w_2_omega", fr_size, false, 1 }, - { "w_3_omega", fr_size, false, 2 }, - { "w_4_omega", fr_size, false, 3 }, - { "s_omega", fr_size, false, 4 }, - { "z_perm_omega", fr_size, false, 5 }, - { "z_lookup_omega", fr_size, false, 6 }, - { "table_value_1_omega", fr_size, false, 21 }, - { "table_value_2_omega", fr_size, false, 22 }, - { "table_value_3_omega", fr_size, false, 23 }, - { "table_value_4_omega", fr_size, false, 24 }, - }, - "nu", // challenge_name - ULTRA_MANIFEST_SIZE, // num_challenges_in - true // map_challenges_in - ), - - transcript::Manifest::RoundManifest( - { // { name, num_bytes, derived_by_verifier, challenge_map_index } - { "PI_Z", g1_size, false }, - { "PI_Z_OMEGA", g1_size, false } }, - "separator", // challenge_name - 3 // num_challenges_in - ) }); - - return output; + return Flavor::create_manifest(num_public_inputs); } }; diff --git a/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.hpp deleted file mode 100644 index fcb2dfaf83..0000000000 --- a/cpp/src/barretenberg/plonk/composer/standard_plonk_composer.hpp +++ /dev/null @@ -1,253 +0,0 @@ -#pragma once - -#include "composer_helper/standard_plonk_composer_helper.hpp" -#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" -#include "barretenberg/srs/factories/file_crs_factory.hpp" -#include "barretenberg/transcript/manifest.hpp" -#include "barretenberg/proof_system/types/merkle_hash_type.hpp" -#include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" - -namespace proof_system::plonk { -/** - * @brief Standard Plonk Composer has everything required to construct a prover and verifier, just as the legacy - * classes. - * - * @details However, it has a lot of its logic separated into subclasses and simply proxies the calls. - * - */ -class StandardPlonkComposer { - public: - using ComposerHelper = StandardPlonkComposerHelper; - using CircuitConstructor = StandardCircuitConstructor; - - static constexpr ComposerType type = ComposerType::STANDARD; - static_assert(type == CircuitConstructor::type); - static constexpr merkle::HashType merkle_hash_type = CircuitConstructor::merkle_hash_type; - static constexpr pedersen::CommitmentType commitment_type = CircuitConstructor::commitment_type; - - static constexpr size_t UINT_LOG2_BASE = 2; - // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system - StandardCircuitConstructor circuit_constructor; - - // References to circuit contructor's members for convenience - size_t& num_gates; - std::vector& variables; - // While we always have it set to zero, feels wrong to have a potentially broken dependency - uint32_t& zero_idx; - - // Composer helper contains all proof-related material that is separate from circuit creation such as: - // 1) Proving and verification keys - // 2) CRS - // 3) Converting variables to witness vectors/polynomials - StandardPlonkComposerHelper composer_helper; - - // References to composer helper's members for convenience - bool& contains_recursive_proof; - std::vector& recursive_proof_public_input_indices; - - static constexpr size_t program_width = StandardCircuitConstructor::program_width; - - /**Standard methods*/ - - StandardPlonkComposer(const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - StandardPlonkComposer(std::string const& crs_path, const size_t size_hint = 0) - : StandardPlonkComposer(std::unique_ptr( - new barretenberg::srs::factories::FileCrsFactory(crs_path)), - size_hint){}; - - StandardPlonkComposer(std::shared_ptr const& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(crs_factory) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices) - - {} - StandardPlonkComposer(std::unique_ptr&& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(std::move(crs_factory)) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices) - - {} - - StandardPlonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(p_key, v_key) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices) - {} - - StandardPlonkComposer(const StandardPlonkComposer& other) = delete; - StandardPlonkComposer(StandardPlonkComposer&& other) - : circuit_constructor(std::move(other.circuit_constructor)) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(std::move(other.composer_helper)) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - StandardPlonkComposer& operator=(StandardPlonkComposer&& other) - { - circuit_constructor = std::move(other.circuit_constructor); - composer_helper = std::move(other.composer_helper); - num_gates = circuit_constructor.num_gates; - variables = circuit_constructor.variables; - zero_idx = circuit_constructor.zero_idx; - contains_recursive_proof = circuit_constructor.contains_recursive_proof; - recursive_proof_public_input_indices = circuit_constructor.recursive_proof_public_input_indices; - return *this; - }; - // TODO(#230)(Cody): This constructor started to be implicitly deleted when I added `n` and `variables` members. - // This is a temporary measure until we can rewrite Plonk and all tests using circuit builder methods in place of - // composer methods, where appropriate. StandardPlonkComposer& operator=(StandardPlonkComposer&& other) = default; - ~StandardPlonkComposer() = default; - - size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } - - /**Methods related to circuit construction - * They simply get proxied to the circuit constructor - */ - void assert_equal(const uint32_t a_variable_idx, const uint32_t b_variable_idx, std::string const& msg) - { - circuit_constructor.assert_equal(a_variable_idx, b_variable_idx, msg); - } - void assert_equal_constant(uint32_t const a_idx, - barretenberg::fr const& b, - std::string const& msg = "assert equal constant") - { - circuit_constructor.assert_equal_constant(a_idx, b, msg); - } - - void create_add_gate(const add_triple& in) { circuit_constructor.create_add_gate(in); } - void create_mul_gate(const mul_triple& in) { circuit_constructor.create_mul_gate(in); } - void create_bool_gate(const uint32_t a) { circuit_constructor.create_bool_gate(a); } - void create_poly_gate(const poly_triple& in) { circuit_constructor.create_poly_gate(in); } - void create_big_add_gate(const add_quad& in) { circuit_constructor.create_big_add_gate(in); } - void create_big_add_gate_with_bit_extraction(const add_quad& in) - { - circuit_constructor.create_big_add_gate_with_bit_extraction(in); - } - void create_big_mul_gate(const mul_quad& in) { circuit_constructor.create_big_mul_gate(in); } - void create_balanced_add_gate(const add_quad& in) { circuit_constructor.create_balanced_add_gate(in); } - - void fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) - { - circuit_constructor.fix_witness(witness_index, witness_value); - } - - std::vector decompose_into_base4_accumulators(const uint32_t witness_index, - - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - return circuit_constructor.decompose_into_base4_accumulators(witness_index, num_bits, msg); - } - - void create_range_constraint(const uint32_t variable_index, - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - circuit_constructor.create_range_constraint(variable_index, num_bits, msg); - } - - accumulator_triple create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - bool is_xor_gate) - { - return circuit_constructor.create_logic_constraint(a, b, num_bits, is_xor_gate); - } - - accumulator_triple create_and_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_and_constraint(a, b, num_bits); - } - - accumulator_triple create_xor_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_xor_constraint(a, b, num_bits); - } - uint32_t add_variable(const barretenberg::fr& in) { return circuit_constructor.add_variable(in); } - - uint32_t add_public_variable(const barretenberg::fr& in) { return circuit_constructor.add_public_variable(in); } - - virtual void set_public_input(const uint32_t witness_index) - { - return circuit_constructor.set_public_input(witness_index); - } - - uint32_t put_constant_variable(const barretenberg::fr& variable) - { - return circuit_constructor.put_constant_variable(variable); - } - - size_t get_num_constant_gates() const { return circuit_constructor.get_num_constant_gates(); } - - bool check_circuit() { return circuit_constructor.check_circuit(); } - - barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - - std::vector get_public_inputs() const { return circuit_constructor.get_public_inputs(); } - - /**Proof and verification-related methods*/ - - std::shared_ptr compute_proving_key() - { - return composer_helper.compute_proving_key(circuit_constructor); - } - - std::shared_ptr compute_verification_key() - { - return composer_helper.compute_verification_key(circuit_constructor); - } - - void compute_witness() { composer_helper.compute_witness(circuit_constructor); }; - // TODO(#230)(Cody): This will not be needed, but maybe something is required for ComposerHelper to be generic? - plonk::Verifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); } - /** - * Preprocess the circuit. Delegates to create_prover. - * - * @return A new initialized prover. - */ - /** - * Preprocess the circuit. Delegates to create_unrolled_prover. - * - * @return A new initialized prover. - */ - plonk::Prover create_prover() { return composer_helper.create_prover(circuit_constructor); }; - - static transcript::Manifest create_manifest(const size_t num_public_inputs) - { - return StandardPlonkComposerHelper::create_manifest(num_public_inputs); - } - - void add_recursive_proof(const std::vector& proof_output_witness_indices) - { - circuit_constructor.add_recursive_proof(proof_output_witness_indices); - } - bool failed() const { return circuit_constructor.failed(); }; - const std::string& err() const { return circuit_constructor.err(); }; - void failure(std::string msg) { circuit_constructor.failure(msg); } -}; -} // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.hpp deleted file mode 100644 index 21a650ecdc..0000000000 --- a/cpp/src/barretenberg/plonk/composer/turbo_plonk_composer.hpp +++ /dev/null @@ -1,259 +0,0 @@ -#pragma once -#include "composer_helper/turbo_plonk_composer_helper.hpp" -#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" -#include "barretenberg/proof_system/types/merkle_hash_type.hpp" -#include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" - -namespace proof_system::plonk { -/** - * @brief Standard Plonk Composer has everything required to construct a prover and verifier, just as the legacy - * classes. - * - * @details However, it has a lot of its logic separated into subclasses and simply proxies the calls. - * - */ -class TurboPlonkComposer { - public: - using ComposerHelper = TurboPlonkComposerHelper; - using CircuitConstructor = TurboCircuitConstructor; - static constexpr ComposerType type = ComposerType::TURBO; - static_assert(type == CircuitConstructor::type); - static constexpr merkle::HashType merkle_hash_type = CircuitConstructor::merkle_hash_type; - static constexpr pedersen::CommitmentType commitment_type = CircuitConstructor::commitment_type; - - static constexpr size_t UINT_LOG2_BASE = 2; - - // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system - TurboCircuitConstructor circuit_constructor; - - // References to circuit constructor's members for convenience - size_t& num_gates; - std::vector& variables; - - // While we always have it set to zero, feels wrong to have a potentially broken dependency - uint32_t& zero_idx; - // Composer helper contains all proof-related material that is separate from circuit creation such as: - // 1) Proving and verification keys - // 2) CRS - // 3) Converting variables to witness vectors/polynomials - TurboPlonkComposerHelper composer_helper; - - // References to composer helper's members for convenience - bool& contains_recursive_proof; - std::vector& recursive_proof_public_input_indices; - - static constexpr size_t program_width = TurboCircuitConstructor::program_width; - - /**Standard methods*/ - - TurboPlonkComposer(const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - TurboPlonkComposer(std::string const& crs_path, const size_t size_hint = 0) - : TurboPlonkComposer(std::unique_ptr( - new barretenberg::srs::factories::FileCrsFactory(crs_path)), - size_hint){}; - - TurboPlonkComposer(std::shared_ptr const& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(crs_factory) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - TurboPlonkComposer(std::unique_ptr&& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(std::move(crs_factory)) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - TurboPlonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(p_key, v_key) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - TurboPlonkComposer(const TurboPlonkComposer& other) = delete; - - TurboPlonkComposer(TurboPlonkComposer&& other) - : circuit_constructor(std::move(other.circuit_constructor)) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(std::move(other.composer_helper)) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - TurboPlonkComposer& operator=(TurboPlonkComposer&& other) - { - circuit_constructor = std::move(other.circuit_constructor); - composer_helper = std::move(other.composer_helper); - num_gates = circuit_constructor.num_gates; - variables = circuit_constructor.variables; - zero_idx = circuit_constructor.zero_idx; - contains_recursive_proof = circuit_constructor.contains_recursive_proof; - recursive_proof_public_input_indices = circuit_constructor.recursive_proof_public_input_indices; - return *this; - }; - // TODO(#230)(Cody): This constructor started to be implicitly deleted when I added `n` and `variables` members. - // This is a temporary measure until we can rewrite Plonk and all tests using circuit builder methods in place of - // composer methods, where appropriate. TurboPlonkComposer& operator=(TurboPlonkComposer&& other) = default; - ~TurboPlonkComposer() = default; - - /**Methods related to circuit construction - * They simply get proxied to the circuit constructor - */ - - size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } - - void assert_equal(const uint32_t a_variable_idx, const uint32_t b_variable_idx, std::string const& msg) - { - circuit_constructor.assert_equal(a_variable_idx, b_variable_idx, msg); - } - void assert_equal_constant(uint32_t const a_idx, - barretenberg::fr const& b, - std::string const& msg = "assert equal constant") - { - circuit_constructor.assert_equal_constant(a_idx, b, msg); - } - - void create_add_gate(const add_triple& in) { circuit_constructor.create_add_gate(in); } - void create_mul_gate(const mul_triple& in) { circuit_constructor.create_mul_gate(in); } - void create_bool_gate(const uint32_t a) { circuit_constructor.create_bool_gate(a); } - void create_poly_gate(const poly_triple& in) { circuit_constructor.create_poly_gate(in); } - void create_fixed_group_add_gate(const fixed_group_add_quad& in) - { - circuit_constructor.create_fixed_group_add_gate(in); - } - void create_fixed_group_add_gate_with_init(const fixed_group_add_quad& in, const fixed_group_init_quad& init) - { - circuit_constructor.create_fixed_group_add_gate_with_init(in, init); - } - void create_fixed_group_add_gate_final(const add_quad& in) - { - circuit_constructor.create_fixed_group_add_gate_final(in); - } - void create_big_add_gate(const add_quad& in) { circuit_constructor.create_big_add_gate(in); } - void create_big_add_gate_with_bit_extraction(const add_quad& in) - { - circuit_constructor.create_big_add_gate_with_bit_extraction(in); - } - void create_big_mul_gate(const mul_quad& in) { circuit_constructor.create_big_mul_gate(in); } - void create_balanced_add_gate(const add_quad& in) { circuit_constructor.create_balanced_add_gate(in); } - - void fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) - { - circuit_constructor.fix_witness(witness_index, witness_value); - } - - std::vector decompose_into_base4_accumulators(const uint32_t witness_index, - - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - return circuit_constructor.decompose_into_base4_accumulators(witness_index, num_bits, msg); - } - - void create_range_constraint(const uint32_t variable_index, - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - circuit_constructor.create_range_constraint(variable_index, num_bits, msg); - } - - accumulator_triple create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - bool is_xor_gate) - { - return circuit_constructor.create_logic_constraint(a, b, num_bits, is_xor_gate); - } - - accumulator_triple create_and_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_and_constraint(a, b, num_bits); - } - - accumulator_triple create_xor_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_xor_constraint(a, b, num_bits); - } - uint32_t add_variable(const barretenberg::fr& in) { return circuit_constructor.add_variable(in); } - - uint32_t add_public_variable(const barretenberg::fr& in) { return circuit_constructor.add_public_variable(in); } - - virtual void set_public_input(const uint32_t witness_index) - { - return circuit_constructor.set_public_input(witness_index); - } - - uint32_t put_constant_variable(const barretenberg::fr& variable) - { - return circuit_constructor.put_constant_variable(variable); - } - - size_t get_num_constant_gates() const { return circuit_constructor.get_num_constant_gates(); } - - bool check_circuit() { return circuit_constructor.check_circuit(); } - - barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - std::vector get_public_inputs() const { return circuit_constructor.get_public_inputs(); } - - /**Proof and verification-related methods*/ - - std::shared_ptr compute_proving_key() - { - return composer_helper.compute_proving_key(circuit_constructor); - } - - std::shared_ptr compute_verification_key() - { - return composer_helper.compute_verification_key(circuit_constructor); - } - - void compute_witness() { composer_helper.compute_witness(circuit_constructor); }; - // TODO(#230)(Cody): This will not be needed, but maybe something is required for ComposerHelper to be generic? - plonk::TurboVerifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); } - /** - * Preprocess the circuit. Delegates to create_prover. - * - * @return A new initialized prover. - */ - /** - * Preprocess the circuit. Delegates to create_unrolled_prover. - * - * @return A new initialized prover. - */ - plonk::TurboProver create_prover() { return composer_helper.create_prover(circuit_constructor); }; - - static transcript::Manifest create_manifest(const size_t num_public_inputs) - { - return TurboPlonkComposerHelper::create_manifest(num_public_inputs); - } - - void add_recursive_proof(const std::vector& proof_output_witness_indices) - { - circuit_constructor.add_recursive_proof(proof_output_witness_indices); - } - bool failed() const { return circuit_constructor.failed(); }; - const std::string& err() const { return circuit_constructor.err(); }; - void failure(std::string msg) { circuit_constructor.failure(msg); } -}; -} // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp deleted file mode 100644 index 4b86636e4e..0000000000 --- a/cpp/src/barretenberg/plonk/composer/ultra_plonk_composer.hpp +++ /dev/null @@ -1,389 +0,0 @@ -#pragma once -#include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" -#include "barretenberg/plonk/proof_system/prover/prover.hpp" -#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" -#include "barretenberg/proof_system/types/merkle_hash_type.hpp" -#include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" -#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" -#include "barretenberg/srs/factories/crs_factory.hpp" -#include "barretenberg/srs/factories/file_crs_factory.hpp" -#include - -namespace proof_system::plonk { - -class UltraPlonkComposer { - - public: - using ComposerHelper = UltraPlonkComposerHelper; - using CircuitConstructor = UltraCircuitConstructor; - - static constexpr ComposerType type = ComposerType::PLOOKUP; - static_assert(type == CircuitConstructor::type); - static constexpr merkle::HashType merkle_hash_type = CircuitConstructor::merkle_hash_type; - static constexpr pedersen::CommitmentType commitment_type = CircuitConstructor::commitment_type; - static constexpr size_t DEFAULT_PLOOKUP_RANGE_BITNUM = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM; - // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system - UltraCircuitConstructor circuit_constructor; - - // References to circuit_constructor's members for convenience - size_t& num_gates; - std::vector& variables; - // While we always have it set to zero, feels wrong to have a potentially broken dependency - uint32_t& zero_idx; - - // Composer helper contains all proof-related material that is separate from circuit creation such as: - // 1) Proving and verification keys - // 2) CRS - // 3) Converting variables to witness vectors/polynomials - UltraPlonkComposerHelper composer_helper; - - // References to composer helper's members for convenience - bool& contains_recursive_proof; - std::vector& recursive_proof_public_input_indices; - - UltraPlonkComposer() - : UltraPlonkComposer("../srs_db/ignition", 0){}; - - UltraPlonkComposer(std::string const& crs_path, const size_t size_hint = 0) - : UltraPlonkComposer(std::make_unique(crs_path), size_hint){}; - - UltraPlonkComposer(std::shared_ptr const& crs_factory, - const size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(crs_factory) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - UltraPlonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, - size_t size_hint = 0) - : circuit_constructor(size_hint) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(p_key, v_key) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - - UltraPlonkComposer(UltraPlonkComposer&& other) - : circuit_constructor(std::move(other.circuit_constructor)) - , num_gates(circuit_constructor.num_gates) - , variables(circuit_constructor.variables) - , zero_idx(circuit_constructor.zero_idx) - , composer_helper(std::move(other.composer_helper)) - , contains_recursive_proof(circuit_constructor.contains_recursive_proof) - , recursive_proof_public_input_indices(circuit_constructor.recursive_proof_public_input_indices){}; - UltraPlonkComposer& operator=(UltraPlonkComposer&& other) - { - circuit_constructor = std::move(other.circuit_constructor); - composer_helper = std::move(other.composer_helper); - num_gates = circuit_constructor.num_gates; - variables = circuit_constructor.variables; - zero_idx = circuit_constructor.zero_idx; - contains_recursive_proof = circuit_constructor.contains_recursive_proof; - recursive_proof_public_input_indices = circuit_constructor.recursive_proof_public_input_indices; - return *this; - }; - ~UltraPlonkComposer() = default; - - /**Methods related to circuit construction - * They simply get proxied to the circuit constructor - */ - void assert_equal(const uint32_t a_variable_idx, - const uint32_t b_variable_idx, - std::string const& msg = "assert equal") - { - circuit_constructor.assert_equal(a_variable_idx, b_variable_idx, msg); - } - void assert_equal_constant(uint32_t const a_idx, - barretenberg::fr const& b, - std::string const& msg = "assert equal constant") - { - circuit_constructor.assert_equal_constant(a_idx, b, msg); - } - - void create_add_gate(const add_triple& in) { circuit_constructor.create_add_gate(in); } - void create_mul_gate(const mul_triple& in) { circuit_constructor.create_mul_gate(in); } - void create_bool_gate(const uint32_t a) { circuit_constructor.create_bool_gate(a); } - void create_poly_gate(const poly_triple& in) { circuit_constructor.create_poly_gate(in); } - void create_big_add_gate(const add_quad& in, const bool include_next_gate_w_4 = false) - { - circuit_constructor.create_big_add_gate(in, include_next_gate_w_4); - } - void create_big_add_gate_with_bit_extraction(const add_quad& in) - { - circuit_constructor.create_big_add_gate_with_bit_extraction(in); - } - void create_big_mul_gate(const mul_quad& in) { circuit_constructor.create_big_mul_gate(in); } - void create_balanced_add_gate(const add_quad& in) { circuit_constructor.create_balanced_add_gate(in); } - void create_ecc_add_gate(const ecc_add_gate& in) { circuit_constructor.create_ecc_add_gate(in); } - - void fix_witness(const uint32_t witness_index, const barretenberg::fr& witness_value) - { - circuit_constructor.fix_witness(witness_index, witness_value); - } - - void create_range_constraint(const uint32_t variable_index, - const size_t num_bits, - std::string const& msg = "create_range_constraint") - { - circuit_constructor.create_range_constraint(variable_index, num_bits, msg); - } - accumulator_triple create_logic_constraint(const uint32_t a, - const uint32_t b, - const size_t num_bits, - bool is_xor_gate) - { - return circuit_constructor.create_logic_constraint(a, b, num_bits, is_xor_gate); - } - - accumulator_triple create_and_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_and_constraint(a, b, num_bits); - } - - accumulator_triple create_xor_constraint(const uint32_t a, const uint32_t b, const size_t num_bits) - { - return circuit_constructor.create_xor_constraint(a, b, num_bits); - } - size_t get_num_gates() const { return circuit_constructor.get_num_gates(); } - uint32_t get_zero_idx() { return circuit_constructor.zero_idx; } - - uint32_t add_variable(const barretenberg::fr& in) { return circuit_constructor.add_variable(in); } - - uint32_t add_public_variable(const barretenberg::fr& in) { return circuit_constructor.add_public_variable(in); } - - void set_public_input(const uint32_t witness_index) { return circuit_constructor.set_public_input(witness_index); } - - uint32_t get_public_input_index(const uint32_t witness_index) const - { - return circuit_constructor.get_public_input_index(witness_index); - } - - uint32_t put_constant_variable(const barretenberg::fr& variable) - { - return circuit_constructor.put_constant_variable(variable); - } - - size_t get_num_constant_gates() const { return circuit_constructor.get_num_constant_gates(); } - - size_t get_total_circuit_size() const { return circuit_constructor.get_total_circuit_size(); } - - size_t get_circuit_subgroup_size(size_t gates) const - { - return circuit_constructor.get_circuit_subgroup_size(gates); - } - - bool check_circuit() { return circuit_constructor.check_circuit(); } - - barretenberg::fr get_variable(const uint32_t index) const { return circuit_constructor.get_variable(index); } - - std::vector get_public_inputs() const { return circuit_constructor.get_public_inputs(); } - - void print_num_gates() { circuit_constructor.print_num_gates(); } - - /**Proof and verification-related methods*/ - - std::shared_ptr compute_proving_key() - { - return composer_helper.compute_proving_key(circuit_constructor); - } - - std::shared_ptr compute_verification_key() - { - return composer_helper.compute_verification_key(circuit_constructor); - } - - UltraProver create_prover() { return composer_helper.create_prover(circuit_constructor); }; - UltraVerifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); }; - - UltraToStandardProver create_ultra_to_standard_prover() - { - return composer_helper.create_ultra_to_standard_prover(circuit_constructor); - }; - - UltraToStandardVerifier create_ultra_to_standard_verifier() - { - return composer_helper.create_ultra_to_standard_verifier(circuit_constructor); - }; - - UltraWithKeccakProver create_ultra_with_keccak_prover() - { - return composer_helper.create_ultra_with_keccak_prover(circuit_constructor); - }; - UltraWithKeccakVerifier create_ultra_with_keccak_verifier() - { - - return composer_helper.create_ultra_with_keccak_verifier(circuit_constructor); - }; - - static transcript::Manifest create_manifest(const size_t num_public_inputs) - { - return UltraPlonkComposerHelper::create_manifest(num_public_inputs); - } - void add_recursive_proof(const std::vector& proof_output_witness_indices) - { - circuit_constructor.add_recursive_proof(proof_output_witness_indices); - } - - void set_recursive_proof(const std::vector& proof_output_witness_indices) - { - circuit_constructor.set_recursive_proof(proof_output_witness_indices); - } - - void create_new_range_constraint(const uint32_t variable_index, - const uint64_t target_range, - std::string const msg = "create_new_range_constraint") - { - circuit_constructor.create_new_range_constraint(variable_index, target_range, msg); - }; - - // /** - // * Plookup Methods - // **/ - - plookup::ReadData create_gates_from_plookup_accumulators( - const plookup::MultiTableId& id, - const plookup::ReadData& read_values, - const uint32_t key_a_index, - std::optional key_b_index = std::nullopt) - { - return circuit_constructor.create_gates_from_plookup_accumulators(id, read_values, key_a_index, key_b_index); - }; - - // /** - // * Generalized Permutation Methods - // **/ - std::vector decompose_into_default_range( - const uint32_t variable_index, - const uint64_t num_bits, - const uint64_t target_range_bitnum = UltraCircuitConstructor::DEFAULT_PLOOKUP_RANGE_BITNUM, - std::string const& msg = "decompose_into_default_range") - { - return circuit_constructor.decompose_into_default_range(variable_index, num_bits, target_range_bitnum, msg); - }; - // std::vector decompose_into_default_range_better_for_oddlimbnum( - // const uint32_t variable_index, - // const size_t num_bits, - // std::string const& msg = "decompose_into_default_range_better_for_oddlimbnum"); - void create_dummy_constraints(const std::vector& variable_index) - { - circuit_constructor.create_dummy_constraints(variable_index); - }; - void create_sort_constraint(const std::vector& variable_index) - { - circuit_constructor.create_sort_constraint(variable_index); - }; - void create_sort_constraint_with_edges(const std::vector& variable_index, - const barretenberg::fr& start, - const barretenberg::fr& end) - { - circuit_constructor.create_sort_constraint_with_edges(variable_index, start, end); - }; - - void assign_tag(const uint32_t variable_index, const uint32_t tag) - { - circuit_constructor.assign_tag(variable_index, tag); - } - - uint32_t create_tag(const uint32_t tag_index, const uint32_t tau_index) - { - return circuit_constructor.create_tag(tag_index, tau_index); - } - - // /** - // * Non Native Field Arithmetic - // **/ - void range_constrain_two_limbs( - const uint32_t lo_idx, - const uint32_t hi_idx, - const size_t lo_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS, - const size_t hi_limb_bits = UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS) - { - circuit_constructor.range_constrain_two_limbs(lo_idx, hi_idx, lo_limb_bits, hi_limb_bits); - }; - std::array decompose_non_native_field_double_width_limb( - const uint32_t limb_idx, - const size_t num_limb_bits = (2 * UltraCircuitConstructor::DEFAULT_NON_NATIVE_FIELD_LIMB_BITS)) - { - return circuit_constructor.decompose_non_native_field_double_width_limb(limb_idx, num_limb_bits); - } - std::array evaluate_non_native_field_multiplication( - const UltraCircuitConstructor::non_native_field_witnesses& input, - const bool range_constrain_quotient_and_remainder = true) - { - return circuit_constructor.evaluate_non_native_field_multiplication(input, - range_constrain_quotient_and_remainder); - }; - - std::array queue_partial_non_native_field_multiplication( - const proof_system::UltraCircuitConstructor::non_native_field_witnesses& input) - { - return circuit_constructor.queue_partial_non_native_field_multiplication(input); - } - using add_simple = proof_system::UltraCircuitConstructor::add_simple; - std::array evaluate_non_native_field_subtraction( - add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp) - { - return circuit_constructor.evaluate_non_native_field_subtraction(limb0, limb1, limb2, limb3, limbp); - } - std::array evaluate_non_native_field_addition(add_simple limb0, - add_simple limb1, - add_simple limb2, - add_simple limb3, - std::tuple limbp) - { - return circuit_constructor.evaluate_non_native_field_addition(limb0, limb1, limb2, limb3, limbp); - }; - - // /** - // * Memory - // **/ - - size_t create_RAM_array(const size_t array_size) { return circuit_constructor.create_RAM_array(array_size); }; - size_t create_ROM_array(const size_t array_size) { return circuit_constructor.create_ROM_array(array_size); }; - - void set_ROM_element(const size_t rom_id, const size_t index_value, const uint32_t value_witness) - { - circuit_constructor.set_ROM_element(rom_id, index_value, value_witness); - }; - void set_ROM_element_pair(const size_t rom_id, - const size_t index_value, - const std::array& value_witnesses) - { - circuit_constructor.set_ROM_element_pair(rom_id, index_value, value_witnesses); - } - uint32_t read_ROM_array(const size_t rom_id, const uint32_t index_witness) - { - return circuit_constructor.read_ROM_array(rom_id, index_witness); - }; - std::array read_ROM_array_pair(const size_t rom_id, const uint32_t index_witness) - { - return circuit_constructor.read_ROM_array_pair(rom_id, index_witness); - } - - void init_RAM_element(const size_t ram_id, const size_t index_value, const uint32_t value_witness) - { - circuit_constructor.init_RAM_element(ram_id, index_value, value_witness); - }; - uint32_t read_RAM_array(const size_t ram_id, const uint32_t index_witness) - { - return circuit_constructor.read_RAM_array(ram_id, index_witness); - }; - void write_RAM_array(const size_t ram_id, const uint32_t index_witness, const uint32_t value_witness) - { - circuit_constructor.write_RAM_array(ram_id, index_witness, value_witness); - }; - - bool failed() const { return circuit_constructor.failed(); }; - const std::string& err() const { return circuit_constructor.err(); }; - void failure(std::string msg) { circuit_constructor.failure(msg); } -}; -} // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/plonk/flavor/flavor.hpp b/cpp/src/barretenberg/plonk/flavor/flavor.hpp index b9bfa7b0a4..463b33bd51 100644 --- a/cpp/src/barretenberg/plonk/flavor/flavor.hpp +++ b/cpp/src/barretenberg/plonk/flavor/flavor.hpp @@ -25,5 +25,127 @@ class Ultra { using CircuitConstructor = proof_system::UltraCircuitConstructor; using ProvingKey = plonk::proving_key; static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; + + /** + * @brief Create a manifest object + * + * @note UltraPlonk manifest does not use linearisation trick + * @param num_public_inputs + * @return transcript::Manifest + */ + static transcript::Manifest create_manifest(const size_t num_public_inputs) + { + // add public inputs.... + constexpr size_t g1_size = 64; + constexpr size_t fr_size = 32; + const size_t public_input_size = fr_size * num_public_inputs; + transcript::Manifest output = transcript::Manifest( + + { transcript::Manifest::RoundManifest( + { // { name, num_bytes, derived_by_verifier } + { "circuit_size", 4, true }, + { "public_input_size", 4, true } }, + "init", // challenge_name + 1 // num_challenges_in + ), + + transcript::Manifest::RoundManifest( + { // { name, num_bytes, derived_by_verifier } + { "public_inputs", public_input_size, false }, + { "W_1", g1_size, false }, + { "W_2", g1_size, false }, + { "W_3", g1_size, false } }, + "eta", // challenge_name + 1 // num_challenges_in + ), + + transcript::Manifest::RoundManifest( + { // { name, num_bytes, derived_by_verifier } + { "W_4", g1_size, false }, + { "S", g1_size, false } }, + "beta", // challenge_name + 2 // num_challenges_in + ), + + transcript::Manifest::RoundManifest( + { // { name, num_bytes, derived_by_verifier } + { "Z_PERM", g1_size, false }, + { "Z_LOOKUP", g1_size, false } }, + "alpha", // challenge_name + 1 // num_challenges_in + ), + + transcript::Manifest::RoundManifest( + { // { name, num_bytes, derived_by_verifier } + { "T_1", g1_size, false }, + { "T_2", g1_size, false }, + { "T_3", g1_size, false }, + { "T_4", g1_size, false } }, + "z", // challenge_name + 1 // num_challenges_in + ), + + // N.B. THE SHFITED EVALS (_omega) MUST HAVE THE SAME CHALLENGE INDEX AS THE NON SHIFTED VALUES + transcript::Manifest::RoundManifest( + { + // { name, num_bytes, derived_by_verifier, challenge_map_index } + { "t", fr_size, true, -1 }, // * + { "w_1", fr_size, false, 0 }, + { "w_2", fr_size, false, 1 }, + { "w_3", fr_size, false, 2 }, + { "w_4", fr_size, false, 3 }, + { "s", fr_size, false, 4 }, + { "z_perm", fr_size, false, 5 }, // * + { "z_lookup", fr_size, false, 6 }, + { "q_1", fr_size, false, 7 }, + { "q_2", fr_size, false, 8 }, + { "q_3", fr_size, false, 9 }, + { "q_4", fr_size, false, 10 }, + { "q_m", fr_size, false, 11 }, + { "q_c", fr_size, false, 12 }, + { "q_arith", fr_size, false, 13 }, + { "q_sort", fr_size, false, 14 }, // * + { "q_elliptic", fr_size, false, 15 }, // * + { "q_aux", fr_size, false, 16 }, + { "sigma_1", fr_size, false, 17 }, + { "sigma_2", fr_size, false, 18 }, + { "sigma_3", fr_size, false, 19 }, + { "sigma_4", fr_size, false, 20 }, + { "table_value_1", fr_size, false, 21 }, + { "table_value_2", fr_size, false, 22 }, + { "table_value_3", fr_size, false, 23 }, + { "table_value_4", fr_size, false, 24 }, + { "table_type", fr_size, false, 25 }, + { "id_1", fr_size, false, 26 }, + { "id_2", fr_size, false, 27 }, + { "id_3", fr_size, false, 28 }, + { "id_4", fr_size, false, 29 }, + { "w_1_omega", fr_size, false, 0 }, + { "w_2_omega", fr_size, false, 1 }, + { "w_3_omega", fr_size, false, 2 }, + { "w_4_omega", fr_size, false, 3 }, + { "s_omega", fr_size, false, 4 }, + { "z_perm_omega", fr_size, false, 5 }, + { "z_lookup_omega", fr_size, false, 6 }, + { "table_value_1_omega", fr_size, false, 21 }, + { "table_value_2_omega", fr_size, false, 22 }, + { "table_value_3_omega", fr_size, false, 23 }, + { "table_value_4_omega", fr_size, false, 24 }, + }, + "nu", // challenge_name + ULTRA_MANIFEST_SIZE, // num_challenges_in + true // map_challenges_in + ), + + transcript::Manifest::RoundManifest( + { // { name, num_bytes, derived_by_verifier, challenge_map_index } + { "PI_Z", g1_size, false }, + { "PI_Z_OMEGA", g1_size, false } }, + "separator", // challenge_name + 3 // num_challenges_in + ) }); + + return output; + } }; } // namespace proof_system::plonk::flavor \ No newline at end of file diff --git a/cpp/src/barretenberg/plonk/proof_system/types/polynomial_manifest.hpp b/cpp/src/barretenberg/plonk/proof_system/types/polynomial_manifest.hpp index e2b4cc6e10..085d1c7288 100644 --- a/cpp/src/barretenberg/plonk/proof_system/types/polynomial_manifest.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/types/polynomial_manifest.hpp @@ -235,7 +235,7 @@ class PrecomputedPolyList { precomputed_poly_ids.emplace_back(label); precomputed_poly_ids.emplace_back(label + "_fft"); // Store all lagrange forms of selector polynomials for ultra - if (composer_type == ComposerType::PLOOKUP) { + if (composer_type == proof_system::ComposerType::PLOOKUP) { precomputed_poly_ids.emplace_back(label + "_lagrange"); } break; diff --git a/cpp/src/barretenberg/plonk/proof_system/utils/kate_verification.hpp b/cpp/src/barretenberg/plonk/proof_system/utils/kate_verification.hpp index 5fa5eeda39..2f4a9bb47a 100644 --- a/cpp/src/barretenberg/plonk/proof_system/utils/kate_verification.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/utils/kate_verification.hpp @@ -1,6 +1,7 @@ #pragma once #include +#include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.cpp b/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.cpp index e60160615a..c0799b420d 100644 --- a/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.cpp +++ b/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.cpp @@ -76,7 +76,7 @@ barretenberg::fr verification_key_data::compress_native(const size_t hash_index) write(preimage_data, eval_domain.root); barretenberg::fr compressed_key; - if (proof_system::ComposerType(composer_type) == ComposerType::PLOOKUP) { + if (proof_system::ComposerType(composer_type) == proof_system::ComposerType::PLOOKUP) { compressed_key = from_buffer( crypto::pedersen_commitment::lookup::compress_native(preimage_data, hash_index)); } else { diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 0279701bcb..41c9c7ec97 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -14,6 +14,7 @@ inline std::vector standard_selector_names() class StandardCircuitConstructor : public CircuitConstructorBase> { public: + static constexpr std::string_view NAME_STRING = "StandardArithmetization"; static constexpr ComposerType type = ComposerType::STANDARD; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index 33fbb00183..5c1f44598f 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -14,8 +14,8 @@ inline std::vector turbo_selector_names() return result; } class TurboCircuitConstructor : public CircuitConstructorBase> { - public: + static constexpr std::string_view NAME_STRING = "TurboArithmetization"; static constexpr ComposerType type = ComposerType::TURBO; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index 43a7eb7976..ca5c28d99d 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -17,6 +17,7 @@ using namespace barretenberg; class UltraCircuitConstructor : public CircuitConstructorBase> { public: + static constexpr std::string_view NAME_STRING = "UltraArithmetization"; static constexpr ComposerType type = ComposerType::PLOOKUP; static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; diff --git a/cpp/src/barretenberg/solidity_helpers/circuits/add_2_circuit.hpp b/cpp/src/barretenberg/solidity_helpers/circuits/add_2_circuit.hpp index 99f443faf4..8dbeec2e26 100644 --- a/cpp/src/barretenberg/solidity_helpers/circuits/add_2_circuit.hpp +++ b/cpp/src/barretenberg/solidity_helpers/circuits/add_2_circuit.hpp @@ -1,25 +1,22 @@ #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" -#include "barretenberg/stdlib/primitives/uint/uint.hpp" -#include "barretenberg/stdlib/primitives/bool/bool.hpp" -template class Add2Circuit { +template class Add2Circuit { public: - typedef stdlib::field_t field_ct; - typedef stdlib::witness_t witness_ct; - typedef stdlib::public_witness_t public_witness_ct; + typedef proof_system::plonk::stdlib::public_witness_t public_witness_ct; + typedef proof_system::plonk::stdlib::field_t field_ct; // Three public inputs - static Composer generate(std::string srs_path, uint256_t inputs[]) + static Builder generate(uint256_t inputs[]) { - Composer composer(srs_path); + Builder builder; - field_ct a(public_witness_ct(&composer, inputs[0])); - field_ct b(public_witness_ct(&composer, inputs[1])); - field_ct c(public_witness_ct(&composer, inputs[2])); + field_ct a(public_witness_ct(&builder, inputs[0])); + field_ct b(public_witness_ct(&builder, inputs[1])); + field_ct c(public_witness_ct(&builder, inputs[2])); c.assert_equal(a + b); - return composer; + return builder; } }; \ No newline at end of file diff --git a/cpp/src/barretenberg/solidity_helpers/circuits/blake_circuit.hpp b/cpp/src/barretenberg/solidity_helpers/circuits/blake_circuit.hpp index 1b19bd8b3b..1d28415857 100644 --- a/cpp/src/barretenberg/solidity_helpers/circuits/blake_circuit.hpp +++ b/cpp/src/barretenberg/solidity_helpers/circuits/blake_circuit.hpp @@ -7,25 +7,25 @@ using namespace proof_system::plonk::stdlib; using numeric::uint256_t; -template class BlakeCircuit { +template class BlakeCircuit { public: - typedef stdlib::field_t field_ct; - typedef stdlib::public_witness_t public_witness_ct; - typedef stdlib::byte_array byte_array_ct; + typedef stdlib::field_t field_ct; + typedef stdlib::public_witness_t public_witness_ct; + typedef stdlib::byte_array byte_array_ct; static constexpr size_t NUM_PUBLIC_INPUTS = 4; - static Composer generate(std::string srs_path, uint256_t public_inputs[]) + static Builder generate(uint256_t public_inputs[]) { - Composer composer(srs_path); + Builder builder; - byte_array_ct input_buffer(&composer); + byte_array_ct input_buffer(&builder); for (size_t i = 0; i < NUM_PUBLIC_INPUTS; ++i) { - input_buffer.write(byte_array_ct(field_ct(public_witness_ct(&composer, public_inputs[i])))); + input_buffer.write(byte_array_ct(field_ct(public_witness_ct(&builder, public_inputs[i])))); } - stdlib::blake2s(input_buffer); + stdlib::blake2s(input_buffer); - return composer; + return builder; } }; \ No newline at end of file diff --git a/cpp/src/barretenberg/solidity_helpers/circuits/recursive_circuit.hpp b/cpp/src/barretenberg/solidity_helpers/circuits/recursive_circuit.hpp index 58e72e8fa6..62f2e731cb 100644 --- a/cpp/src/barretenberg/solidity_helpers/circuits/recursive_circuit.hpp +++ b/cpp/src/barretenberg/solidity_helpers/circuits/recursive_circuit.hpp @@ -11,10 +11,11 @@ using namespace proof_system::plonk; using numeric::uint256_t; template class RecursiveCircuit { - using InnerComposer = UltraPlonkComposer; + using InnerComposer = UltraPlonkComposerHelper; + using InnerBuilder = typename InnerComposer::CircuitConstructor; - typedef stdlib::field_t field_ct; - typedef stdlib::bn254 inner_curve; + typedef stdlib::field_t field_ct; + typedef stdlib::bn254 inner_curve; typedef stdlib::bn254 outer_curve; typedef stdlib::recursion::verification_key verification_key_pt; typedef stdlib::recursion::recursive_ultra_verifier_settings recursive_settings; @@ -29,11 +30,11 @@ template class RecursiveCircuit { std::shared_ptr verification_key; }; - static void create_inner_circuit_no_tables(InnerComposer& composer, uint256_t inputs[]) + static void create_inner_circuit_no_tables(InnerBuilder& builder, uint256_t inputs[]) { - field_ct a(public_witness_ct(&composer, inputs[0])); - field_ct b(public_witness_ct(&composer, inputs[1])); - field_ct c(public_witness_ct(&composer, inputs[2])); + field_ct a(public_witness_ct(&builder, inputs[0])); + field_ct b(public_witness_ct(&builder, inputs[1])); + field_ct c(public_witness_ct(&builder, inputs[2])); // @note For some reason, if we don't have this line, the circuit fails to verify. auto c_sq = c * c; @@ -42,7 +43,7 @@ template class RecursiveCircuit { c_sq.assert_equal(c * c); }; - static circuit_outputs create_outer_circuit(InnerComposer& inner_composer, OuterComposer& outer_composer) + static circuit_outputs create_outer_circuit(InnerBuilder& inner_circuit, OuterComposer& outer_composer) { // These constexpr definitions are to allow for the following: // An Ultra Pedersen hash evaluates to a different value from the Turbo/Standard versions of the Pedersen hash. @@ -51,9 +52,9 @@ template class RecursiveCircuit { // circuit which uses non-ultra-pedersen challenges. We need the prover and verifier hashes to be the same. The // solution is to select the relevant prover and verifier types (whose settings use the same hash for // fiat-shamir), depending on the Inner-Outer combo. It's a bit clunky, but the alternative is to have a - // template argument for the hashtype, and that would pervade the entire UltraPlonkComposer, which would be - // horrendous. - constexpr bool is_ultra_to_ultra = std::is_same::value; + // template argument for the hashtype, and that would pervade the entire UltraPlonkComposerHelper, which would + // be horrendous. + constexpr bool is_ultra_to_ultra = std::is_same::value; typedef typename std::conditional::type ProverOfInnerCircuit; typedef typename std::conditional::type @@ -62,14 +63,15 @@ template class RecursiveCircuit { typename std::conditional::type RecursiveSettings; + InnerComposer inner_composer; ProverOfInnerCircuit prover; if constexpr (is_ultra_to_ultra) { - prover = inner_composer.create_prover(); + prover = inner_composer.create_prover(inner_circuit); } else { - prover = inner_composer.create_ultra_to_standard_prover(); + prover = inner_composer.create_ultra_to_standard_prover(inner_circuit); } - const auto verification_key_native = inner_composer.compute_verification_key(); + const auto verification_key_native = inner_composer.compute_verification_key(inner_circuit); // Convert the verification key's elements into _circuit_ types, using the OUTER composer. std::shared_ptr verification_key = @@ -82,9 +84,9 @@ template class RecursiveCircuit { VerifierOfInnerProof native_verifier; if constexpr (is_ultra_to_ultra) { - native_verifier = inner_composer.create_verifier(); + native_verifier = inner_composer.create_verifier(inner_circuit); } else { - native_verifier = inner_composer.create_ultra_to_standard_verifier(); + native_verifier = inner_composer.create_ultra_to_standard_verifier(inner_circuit); } auto native_result = native_verifier.verify_proof(recursive_proof); if (native_result == false) { @@ -104,14 +106,14 @@ template class RecursiveCircuit { }; public: - static OuterComposer generate(std::string srs_path, uint256_t inputs[]) + static OuterComposer generate(uint256_t inputs[]) { - InnerComposer inner_composer = InnerComposer(srs_path); - OuterComposer outer_composer = OuterComposer(srs_path); + InnerBuilder inner_circuit; + OuterComposer outer_composer; - create_inner_circuit_no_tables(inner_composer, inputs); + create_inner_circuit_no_tables(inner_circuit, inputs); - auto circuit_output = create_outer_circuit(inner_composer, outer_composer); + auto circuit_output = create_outer_circuit(inner_circuit, outer_composer); g1::affine_element P[2]; P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); diff --git a/cpp/src/barretenberg/solidity_helpers/key_gen.cpp b/cpp/src/barretenberg/solidity_helpers/key_gen.cpp index e1ce7ef223..b9d85c2c52 100644 --- a/cpp/src/barretenberg/solidity_helpers/key_gen.cpp +++ b/cpp/src/barretenberg/solidity_helpers/key_gen.cpp @@ -1,7 +1,7 @@ #include -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/verification_key/sol_gen.hpp" #include "circuits/blake_circuit.hpp" @@ -11,13 +11,14 @@ #include "utils/utils.hpp" #include "utils/instance_sol_gen.hpp" -template -void generate_keys(std::string output_path, std::string srs_path, std::string flavour_prefix, std::string circuit_name) +template typename Circuit> +void generate_keys(std::string output_path, std::string flavour_prefix, std::string circuit_name) { uint256_t public_inputs[4] = { 0, 0, 0, 0 }; - Composer composer = Circuit::generate(srs_path, public_inputs); + auto circuit = Circuit::generate(public_inputs); - std::shared_ptr vkey = composer.compute_verification_key(); + Composer composer; + std::shared_ptr vkey = composer.compute_verification_key(circuit); // Make verification key file upper case circuit_name.at(0) = static_cast(std::toupper(static_cast(circuit_name.at(0)))); @@ -62,6 +63,7 @@ int main(int argc, char** argv) const std::string output_path = args[3]; const std::string srs_path = args[4]; + barretenberg::srs::init_crs_factory(srs_path); // @todo - Add support for unrolled standard verifier. Needs a new solidity verifier contract. if (plonk_flavour != "ultra") { @@ -71,14 +73,11 @@ int main(int argc, char** argv) info("Generating ultra plonk keys for ", circuit_flavour, " circuit"); if (circuit_flavour == "blake") { - generate_keys>( - output_path, srs_path, plonk_flavour, circuit_flavour); + generate_keys(output_path, plonk_flavour, circuit_flavour); } else if (circuit_flavour == "add2") { - generate_keys>( - output_path, srs_path, plonk_flavour, circuit_flavour); + generate_keys(output_path, plonk_flavour, circuit_flavour); } else if (circuit_flavour == "recursive") { - generate_keys>( - output_path, srs_path, plonk_flavour, circuit_flavour); + generate_keys(output_path, plonk_flavour, circuit_flavour); } else { info("Only blake, add2 and recursive circuits are supported at the moment"); return 1; diff --git a/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp b/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp index c4d07c7e03..508b56cf35 100644 --- a/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp +++ b/cpp/src/barretenberg/solidity_helpers/proof_gen.cpp @@ -2,8 +2,8 @@ #include #include -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" #include "circuits/blake_circuit.hpp" #include "circuits/add_2_circuit.hpp" @@ -13,15 +13,16 @@ using namespace numeric; using numeric::uint256_t; -template void generate_proof(std::string srs_path, uint256_t inputs[]) +template typename Circuit> void generate_proof(uint256_t inputs[]) { - Composer composer = Circuit::generate(srs_path, inputs); + auto builder = Circuit::generate(inputs); + Composer composer; // @todo this only works for ultra! Why is ultra part of function name on ultra composer? - auto prover = composer.create_ultra_with_keccak_prover(); + auto prover = composer.create_ultra_with_keccak_prover(builder); auto proof = prover.construct_proof(); { - auto verifier = composer.create_ultra_with_keccak_verifier(); + auto verifier = composer.create_ultra_with_keccak_verifier(builder); if (!verifier.verify_proof(proof)) { throw_or_abort("Verification failed"); @@ -60,6 +61,8 @@ int main(int argc, char** argv) const std::string srs_path = args[3]; const std::string string_input = args[4]; + barretenberg::srs::init_crs_factory(srs_path); + // @todo dynamically allocate this uint256_t inputs[] = { 0, 0, 0, 0, 0 }; @@ -80,11 +83,11 @@ int main(int argc, char** argv) return 1; } else { if (circuit_flavour == "blake") { - generate_proof>(srs_path, inputs); + generate_proof(inputs); } else if (circuit_flavour == "add2") { - generate_proof>(srs_path, inputs); + generate_proof(inputs); } else if (circuit_flavour == "recursive") { - generate_proof>(srs_path, inputs); + generate_proof(inputs); } else { info("Invalid circuit flavour: " + circuit_flavour); return 1; diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp index ad5a6be80d..e3b4d0eea8 100644 --- a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.bench.cpp @@ -3,7 +3,7 @@ #include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" #include "barretenberg/srs/factories/file_crs_factory.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" @@ -12,6 +12,9 @@ using namespace benchmark; using namespace proof_system::plonk; +using Builder = proof_system::TurboCircuitConstructor; +using Composer = proof_system::plonk::TurboPlonkComposerHelper; + constexpr size_t NUM_CIRCUITS = 10; constexpr size_t get_circuit_size(const size_t target_count_base) @@ -36,15 +39,13 @@ constexpr size_t get_index(const size_t target_count_base) } return 0; } -void generate_test_pedersen_circuit(plonk::TurboPlonkComposer& turbo_plonk_composer, size_t num_repetitions) +void generate_test_pedersen_circuit(Builder& builder, size_t num_repetitions) { - plonk::stdlib::field_t left( - plonk::stdlib::witness_t(&turbo_plonk_composer, barretenberg::fr::random_element())); - plonk::stdlib::field_t out( - plonk::stdlib::witness_t(&turbo_plonk_composer, barretenberg::fr::random_element())); + plonk::stdlib::field_t left(plonk::stdlib::witness_t(&builder, barretenberg::fr::random_element())); + plonk::stdlib::field_t out(plonk::stdlib::witness_t(&builder, barretenberg::fr::random_element())); for (size_t i = 0; i < num_repetitions; ++i) { - out = proof_system::plonk::stdlib::pedersen_commitment::compress(left, out); + out = proof_system::plonk::stdlib::pedersen_commitment::compress(left, out); } } @@ -95,11 +96,12 @@ BENCHMARK(native_pedersen_eight_hash_bench)->MinTime(3); void construct_pedersen_witnesses_bench(State& state) noexcept { for (auto _ : state) { - plonk::TurboPlonkComposer composer = - plonk::TurboPlonkComposer(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); - generate_test_pedersen_circuit(composer, static_cast(state.range(0))); - std::cout << "composer gates = " << composer.get_num_gates() << std::endl; - composer.compute_witness(); + auto builder = Builder(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); + generate_test_pedersen_circuit(builder, static_cast(state.range(0))); + std::cout << "builder gates = " << builder.get_num_gates() << std::endl; + + auto composer = Composer(); + composer.compute_witness(builder); } } BENCHMARK(construct_pedersen_witnesses_bench) @@ -117,13 +119,14 @@ BENCHMARK(construct_pedersen_witnesses_bench) void construct_pedersen_proving_keys_bench(State& state) noexcept { for (auto _ : state) { - plonk::TurboPlonkComposer composer = - plonk::TurboPlonkComposer(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); - generate_test_pedersen_circuit(composer, static_cast(state.range(0))); + Builder builder = Builder(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); + generate_test_pedersen_circuit(builder, static_cast(state.range(0))); size_t idx = get_index(static_cast(state.range(0))); - composer.compute_proving_key(); + + auto composer = Composer(); + composer.compute_proving_key(builder); state.PauseTiming(); - pedersen_provers[idx] = composer.create_prover(); + pedersen_provers[idx] = composer.create_prover(builder); state.ResumeTiming(); } } @@ -143,13 +146,13 @@ void construct_pedersen_instances_bench(State& state) noexcept { for (auto _ : state) { state.PauseTiming(); - plonk::TurboPlonkComposer composer = - plonk::TurboPlonkComposer(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); - generate_test_pedersen_circuit(composer, static_cast(state.range(0))); + auto builder = Builder(BARRETENBERG_SRS_PATH, static_cast(state.range(0))); + generate_test_pedersen_circuit(builder, static_cast(state.range(0))); size_t idx = get_index(static_cast(state.range(0))); - composer.create_prover(); + auto composer = Composer(); + composer.create_prover(builder); state.ResumeTiming(); - pedersen_verifiers[idx] = composer.create_verifier(); + pedersen_verifiers[idx] = composer.create_verifier(builder); } } BENCHMARK(construct_pedersen_instances_bench) diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp index c6212093c2..2f96ba337e 100644 --- a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.cpp @@ -3,7 +3,6 @@ #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "../../hash/pedersen/pedersen.hpp" -#include "../../primitives/composers/composers.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" namespace proof_system::plonk { @@ -16,7 +15,8 @@ using namespace crypto::pedersen_commitment; template point pedersen_commitment::commit(const std::vector& inputs, const size_t hash_index) { - if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { return pedersen_plookup_commitment::commit(inputs, hash_index); } @@ -36,7 +36,8 @@ point pedersen_commitment::commit(const std::vector& inputs, throw_or_abort("Vector size mismatch."); } - if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { return pedersen_plookup_commitment::commit(inputs, hash_generator_indices); } @@ -51,7 +52,8 @@ point pedersen_commitment::commit(const std::vector& inputs, template point pedersen_commitment::commit(const std::vector>& input_pairs) { - if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { return pedersen_plookup_commitment::commit(input_pairs); } @@ -75,7 +77,8 @@ field_t pedersen_commitment::compress_unsafe(const field_t& in_left, const size_t hash_index, const bool validate_input_is_in_field) { - if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { return pedersen_plookup_commitment::compress({ in_left, in_right }); } @@ -93,7 +96,8 @@ field_t pedersen_commitment::compress_unsafe(const field_t& in_left, template field_t pedersen_commitment::compress(const std::vector& inputs, const size_t hash_index) { - if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { return pedersen_plookup_commitment::compress(inputs, hash_index); } diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp index b33b6a2217..fa7761ea83 100644 --- a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" #include "../../primitives/byte_array/byte_array.hpp" diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp index 7ef6aad953..3225ca09f6 100644 --- a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen.test.cpp @@ -350,7 +350,7 @@ template class stdlib_pedersen : public testing::Test { std::vector inputs; inputs.reserve(8); - std::vector> witness_inputs; + std::vector> witness_inputs; for (size_t i = 0; i < 8; ++i) { inputs.emplace_back(barretenberg::fr::random_element()); @@ -369,7 +369,7 @@ template class stdlib_pedersen : public testing::Test { Composer composer = Composer("../srs_db/ignition/"); std::vector inputs; - std::vector> witness_inputs; + std::vector> witness_inputs; for (size_t i = 0; i < 8; ++i) { inputs.push_back(barretenberg::fr::random_element()); diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp index 12d2ad96e9..c10d78450b 100644 --- a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.cpp @@ -4,7 +4,6 @@ #include "../../hash/pedersen/pedersen_plookup.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" -#include "../../primitives/composers/composers.hpp" #include "../../primitives/plookup/plookup.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp index 1df188768d..e29be90285 100644 --- a/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/commitment/pedersen/pedersen_plookup.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" diff --git a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.cpp b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.cpp index 83a82faa1d..d553b59674 100644 --- a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.cpp @@ -5,7 +5,7 @@ #include "barretenberg/crypto/aes128/aes128.hpp" #include "barretenberg/stdlib/primitives/plookup/plookup.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" using namespace crypto::aes128; using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp index 6ea96484aa..77c5026ddf 100644 --- a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.hpp @@ -3,7 +3,7 @@ #include #include -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/witness/witness.hpp" diff --git a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp index 6563fd8a9c..d346ec8ce5 100644 --- a/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/aes128/aes128.test.cpp @@ -1,5 +1,5 @@ #include "aes128.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/crypto/aes128/aes128.hpp" #include @@ -32,7 +32,7 @@ TEST(stdlib_aes128, encrypt_64_bytes) return converted; }; - proof_system::UltraCircuitConstructor composer = UltraCircuitConstructor(); + auto composer = proof_system::UltraCircuitConstructor(); std::vector in_field{ witness_pt(&composer, fr(convert_bytes(in))), diff --git a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp index 0208b75595..83bb092a9d 100644 --- a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.hpp @@ -3,7 +3,7 @@ #include "barretenberg/crypto/ecdsa/ecdsa.hpp" #include "../../primitives/byte_array/byte_array.hpp" #include "../../primitives/uint/uint.hpp" -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" namespace proof_system::plonk { namespace stdlib { namespace ecdsa { diff --git a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp index 28ef8726fd..ddbc3cea41 100644 --- a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa.test.cpp @@ -2,7 +2,6 @@ #include "../../primitives/biggroup/biggroup.hpp" #include "../../primitives/curves/secp256k1.hpp" #include "ecdsa.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/crypto/ecdsa/ecdsa.hpp" #include "barretenberg/common/test.hpp" @@ -50,11 +49,8 @@ TEST(stdlib_ecdsa, verify_signature) EXPECT_EQ(signature_result.get_value(), true); std::cerr << "composer gates = " << composer.get_num_gates() << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), - "ECDSA", - "Signature Verification Test", - "Gate Count", - composer.get_num_gates()); + benchmark_info( + Composer::NAME_STRING, "ECDSA", "Signature Verification Test", "Gate Count", composer.get_num_gates()); bool proof_result = composer.check_circuit(); EXPECT_EQ(proof_result, true); } @@ -98,11 +94,8 @@ TEST(stdlib_ecdsa, verify_signature_noassert_succeed) EXPECT_EQ(signature_result.get_value(), true); std::cerr << "composer gates = " << composer.get_num_gates() << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), - "ECDSA", - "Signature Verification Test", - "Gate Count", - composer.get_num_gates()); + benchmark_info( + Composer::NAME_STRING, "ECDSA", "Signature Verification Test", "Gate Count", composer.get_num_gates()); bool proof_result = composer.check_circuit(); EXPECT_EQ(proof_result, true); } @@ -146,11 +139,8 @@ TEST(stdlib_ecdsa, verify_signature_noassert_fail) EXPECT_EQ(signature_result.get_value(), false); std::cerr << "composer gates = " << composer.get_num_gates() << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), - "ECDSA", - "Signature Verification Test", - "Gate Count", - composer.get_num_gates()); + benchmark_info( + Composer::NAME_STRING, "ECDSA", "Signature Verification Test", "Gate Count", composer.get_num_gates()); bool proof_result = composer.check_circuit(); EXPECT_EQ(proof_result, true); } diff --git a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp index 097eab81a3..96e07e4d9c 100644 --- a/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp +++ b/cpp/src/barretenberg/stdlib/encryption/ecdsa/ecdsa_impl.hpp @@ -2,7 +2,6 @@ #include "../../hash/sha256/sha256.hpp" #include "../../primitives/bit_array/bit_array.hpp" -#include "../../primitives/composers/composers.hpp" namespace proof_system::plonk { namespace stdlib { @@ -79,7 +78,7 @@ bool_t verify_signature(const stdlib::byte_array& message, Fr u2 = r / s; G1 result; - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { ASSERT(Curve::type == proof_system::CurveType::SECP256K1); public_key.validate_on_curve(); result = G1::secp256k1_ecdsa_mul(public_key, u1, u2); @@ -148,7 +147,7 @@ bool_t verify_signature_prehashed_message_noassert(const stdlib::byte_ Fr u2 = r / s; G1 result; - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { ASSERT(Curve::type == proof_system::CurveType::SECP256K1); public_key.validate_on_curve(); result = G1::secp256k1_ecdsa_mul(public_key, u1, u2); diff --git a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp index ba90731c8c..3d7303af65 100644 --- a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.cpp @@ -5,8 +5,6 @@ #include "barretenberg/stdlib/hash/blake2s/blake2s.hpp" #include "barretenberg/stdlib/commitment/pedersen/pedersen.hpp" -#include "../../primitives/composers/composers.hpp" - namespace proof_system::plonk { namespace stdlib { namespace schnorr { diff --git a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp index 78b3d1290d..21747581be 100644 --- a/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp +++ b/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp @@ -1,12 +1,10 @@ +#include + #include "schnorr.hpp" #include "barretenberg/crypto/pedersen_commitment/pedersen.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/stdlib/primitives/field/field.hpp" -#include "barretenberg/stdlib/primitives/bool/bool.hpp" -#include "barretenberg/stdlib/primitives/witness/witness.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/stdlib/primitives/point/point.hpp" -#include namespace proof_system::test_stdlib_schnorr { diff --git a/cpp/src/barretenberg/stdlib/hash/benchmarks/external/external.bench.cpp b/cpp/src/barretenberg/stdlib/hash/benchmarks/external/external.bench.cpp index 9273000b44..9b6b8d526b 100644 --- a/cpp/src/barretenberg/stdlib/hash/benchmarks/external/external.bench.cpp +++ b/cpp/src/barretenberg/stdlib/hash/benchmarks/external/external.bench.cpp @@ -4,17 +4,17 @@ * @brief Benchmarks for external benchmarking projects (e.g. delendum-xyz) * */ -#include "../../sha256/sha256.hpp" -#include "../../blake3s/blake3s.hpp" #include -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/plonk/proof_system/prover/prover.hpp" -#include "barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp" + +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/stdlib/hash/sha256/sha256.hpp" +#include "barretenberg/stdlib/hash/blake3s/blake3s.hpp" using namespace benchmark; -using Composer = proof_system::plonk::UltraPlonkComposer; +using Builder = proof_system::UltraCircuitConstructor; +using Composer = proof_system::plonk::UltraPlonkComposerHelper; + using Prover = proof_system::plonk::UltraProver; using Verifier = proof_system::plonk::UltraVerifier; @@ -28,19 +28,20 @@ constexpr size_t NUM_PROOFS = 3; * @param composer * @param num_iterations */ -void generate_test_sha256_plonk_circuit(Composer& composer, size_t num_iterations) +void generate_test_sha256_plonk_circuit(Builder& builder, size_t num_iterations) { std::string in; in.resize(32); for (size_t i = 0; i < 32; ++i) { in[i] = 0; } - proof_system::plonk::stdlib::packed_byte_array input(&composer, in); + proof_system::plonk::stdlib::packed_byte_array input(&builder, in); for (size_t i = 0; i < num_iterations; i++) { - input = proof_system::plonk::stdlib::sha256(input); + input = proof_system::plonk::stdlib::sha256(input); } } +Builder external_builders[NUM_PROOFS]; Composer external_composers[NUM_PROOFS]; Prover external_provers[NUM_PROOFS]; Verifier external_verifiers[NUM_PROOFS]; @@ -61,8 +62,8 @@ void generate_sha256_proof_bench(State& state) noexcept num_iterations *= PROOF_COUNT_LOG; } external_composers[idx] = Composer(); - generate_test_sha256_plonk_circuit(external_composers[idx], num_iterations); - external_provers[idx] = external_composers[idx].create_prover(); + generate_test_sha256_plonk_circuit(external_builders[idx], num_iterations); + external_provers[idx] = external_composers[idx].create_prover(external_builders[idx]); external_proofs[idx] = external_provers[idx].construct_proof(); // info("Proof Size for SHA256 hash count ", num_iterations, ": ", external_proofs[idx].proof_data.size()); } @@ -84,7 +85,7 @@ static void generate_sha256_verifier(const State& state) { size_t idx = static_cast(state.range(0)); - external_verifiers[idx] = external_composers[idx].create_verifier(); + external_verifiers[idx] = external_composers[idx].create_verifier(external_builders[idx]); } /** * @brief Benchmark sha256 verification @@ -108,16 +109,16 @@ BENCHMARK(verify_sha256_proof_bench)->DenseRange(0, 2)->Setup(generate_sha256_ve * @param composer * @param num_iterations */ -void generate_test_blake3s_plonk_circuit(Composer& composer, size_t num_iterations) +void generate_test_blake3s_plonk_circuit(Builder& builder, size_t num_iterations) { std::string in; in.resize(32); for (size_t i = 0; i < 32; ++i) { in[i] = 0; } - proof_system::plonk::stdlib::packed_byte_array input(&composer, in); + proof_system::plonk::stdlib::packed_byte_array input(&builder, in); for (size_t i = 0; i < num_iterations; i++) { - input = proof_system::plonk::stdlib::blake3s(input); + input = proof_system::plonk::stdlib::blake3s(input); } } @@ -136,8 +137,8 @@ void generate_blake3s_proof_bench(State& state) noexcept num_iterations *= PROOF_COUNT_LOG; } external_composers[idx] = Composer(); - generate_test_blake3s_plonk_circuit(external_composers[idx], num_iterations); - external_provers[idx] = external_composers[idx].create_prover(); + generate_test_blake3s_plonk_circuit(external_builders[idx], num_iterations); + external_provers[idx] = external_composers[idx].create_prover(external_builders[idx]); external_proofs[idx] = external_provers[idx].construct_proof(); // Proof size with no public inputs is always 2144 // info("Proof Size for Blake3s hash count ", num_iterations, ": ", external_proofs[idx].proof_data.size()); @@ -157,7 +158,7 @@ static void generate_blake3s_verifier(const State& state) { size_t idx = static_cast(state.range(0)); - external_verifiers[idx] = external_composers[idx].create_verifier(); + external_verifiers[idx] = external_composers[idx].create_verifier(external_builders[idx]); } /** diff --git a/cpp/src/barretenberg/stdlib/hash/benchmarks/sha256/sha256.bench.cpp b/cpp/src/barretenberg/stdlib/hash/benchmarks/sha256/sha256.bench.cpp index ef3bbd255f..069dad1a2b 100644 --- a/cpp/src/barretenberg/stdlib/hash/benchmarks/sha256/sha256.bench.cpp +++ b/cpp/src/barretenberg/stdlib/hash/benchmarks/sha256/sha256.bench.cpp @@ -1,13 +1,11 @@ -#include "../../sha256/sha256.hpp" #include -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/plonk/proof_system/prover/prover.hpp" -#include "barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/stdlib/hash/sha256/sha256.hpp" using namespace benchmark; -using Composer = proof_system::plonk::UltraPlonkComposer; +using Builder = proof_system::UltraCircuitConstructor; +using Composer = proof_system::plonk::UltraPlonkComposerHelper; using Prover = proof_system::plonk::UltraProver; using Verifier = proof_system::plonk::UltraVerifier; @@ -21,17 +19,18 @@ char get_random_char() return static_cast(barretenberg::fr::random_element().data[0] % 8); } -void generate_test_plonk_circuit(Composer& composer, size_t num_bytes) +void generate_test_plonk_circuit(Builder& builder, size_t num_bytes) { std::string in; in.resize(num_bytes); for (size_t i = 0; i < num_bytes; ++i) { in[i] = get_random_char(); } - proof_system::plonk::stdlib::packed_byte_array input(&composer, in); - proof_system::plonk::stdlib::sha256(input); + proof_system::plonk::stdlib::packed_byte_array input(&builder, in); + proof_system::plonk::stdlib::sha256(input); } +Builder builders[NUM_HASHES]; Composer composers[NUM_HASHES]; Prover provers[NUM_HASHES]; Verifier verifiers[NUM_HASHES]; @@ -41,8 +40,8 @@ void construct_witnesses_bench(State& state) noexcept { for (auto _ : state) { size_t idx = (static_cast((state.range(0))) - START_BYTES) / BYTES_PER_CHUNK; - composers[idx] = Composer(); - generate_test_plonk_circuit(composers[idx], static_cast(state.range(0))); + builders[idx] = Builder(); + generate_test_plonk_circuit(builders[idx], static_cast(state.range(0))); } } BENCHMARK(construct_witnesses_bench)->DenseRange(START_BYTES, MAX_BYTES, BYTES_PER_CHUNK); @@ -51,7 +50,8 @@ void preprocess_witnesses_bench(State& state) noexcept { for (auto _ : state) { size_t idx = (static_cast((state.range(0))) - START_BYTES) / BYTES_PER_CHUNK; - provers[idx] = composers[idx].create_prover(); + composers[idx] = Composer(); + provers[idx] = composers[idx].create_prover(builders[idx]); std::cout << "prover subgroup size = " << provers[idx].key->small_domain.size << std::endl; // printf("num bytes = %" PRIx64 ", num gates = %zu\n", state.range(0), composers[idx].get_num_gates()); } @@ -62,7 +62,7 @@ void construct_instances_bench(State& state) noexcept { for (auto _ : state) { size_t idx = (static_cast((state.range(0))) - START_BYTES) / BYTES_PER_CHUNK; - verifiers[idx] = composers[idx].create_verifier(); + verifiers[idx] = composers[idx].create_verifier(builders[idx]); } } BENCHMARK(construct_instances_bench)->DenseRange(START_BYTES, MAX_BYTES, BYTES_PER_CHUNK); diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.cpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.cpp index 6c581623fc..754850b0f1 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.cpp @@ -2,7 +2,6 @@ #include "blake2s_plookup.hpp" #include "blake_util.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" namespace proof_system::plonk { namespace stdlib { @@ -117,7 +116,7 @@ template void blake2s(blake2s_state& S, byte_array template byte_array blake2s(const byte_array& input) { - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { return blake2s_plookup::blake2s(input); } diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp index f056a21c83..fc4e21d4e4 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.test.cpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.test.cpp index 97cd53f2dd..ab0afa7f3e 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.test.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s.test.cpp @@ -2,29 +2,27 @@ #include "blake2s_plookup.hpp" #include #include "barretenberg/crypto/blake2s/blake2s.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" using namespace barretenberg; -using namespace proof_system::plonk; +using namespace proof_system::plonk::stdlib; -using namespace plonk::stdlib; +using Builder = proof_system::UltraCircuitConstructor; -using Composer = proof_system::UltraCircuitConstructor; - -using field_ct = field_t; -using witness_ct = witness_t; -using byte_array_ct = stdlib::byte_array; -using byte_array_plookup = stdlib::byte_array; -using public_witness_t = stdlib::public_witness_t; -using public_witness_t_plookup = stdlib::public_witness_t; +using field_ct = field_t; +using witness_ct = witness_t; +using byte_array_ct = byte_array; +using byte_array_plookup = byte_array; +using public_witness_t = public_witness_t; // TEST(stdlib_blake2s, test_single_block) // { -// auto composer = Composer(); +// auto composer = Builder(); // std::string input = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01"; // std::vector input_v(input.begin(), input.end()); // byte_array_ct input_arr(&composer, input_v); -// byte_array_ct output = stdlib::blake2s(input_arr); +// byte_array_ct output = blake2s(input_arr); // std::vector expected = blake2::blake2s(input_v); @@ -38,31 +36,31 @@ using public_witness_t_plookup = stdlib::public_witness_t; TEST(stdlib_blake2s, test_single_block_plookup) { - proof_system::UltraCircuitConstructor composer = UltraCircuitConstructor(); + Builder builder; std::string input = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01"; std::vector input_v(input.begin(), input.end()); - byte_array_plookup input_arr(&composer, input_v); - byte_array_plookup output = stdlib::blake2s(input_arr); + byte_array_plookup input_arr(&builder, input_v); + byte_array_plookup output = blake2s(input_arr); auto expected = blake2::blake2s(input_v); EXPECT_EQ(output.get_value(), std::vector(expected.begin(), expected.end())); - info("composer gates = ", composer.get_num_gates()); + info("builder gates = ", builder.get_num_gates()); - bool proof_result = composer.check_circuit(); + bool proof_result = builder.check_circuit(); EXPECT_EQ(proof_result, true); } // TEST(stdlib_blake2s, test_double_block) // { -// auto composer = Composer(); +// auto composer = Builder(); // std::string input = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789"; // std::vector input_v(input.begin(), input.end()); // byte_array_ct input_arr(&composer, input_v); -// byte_array_ct output = stdlib::blake2s(input_arr); +// byte_array_ct output = blake2s(input_arr); // std::vector expected = blake2::blake2s(input_v); @@ -76,19 +74,19 @@ TEST(stdlib_blake2s, test_single_block_plookup) TEST(stdlib_blake2s, test_double_block_plookup) { - proof_system::UltraCircuitConstructor composer = UltraCircuitConstructor(); + Builder builder; std::string input = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789"; std::vector input_v(input.begin(), input.end()); - byte_array_plookup input_arr(&composer, input_v); - byte_array_plookup output = stdlib::blake2s(input_arr); + byte_array_plookup input_arr(&builder, input_v); + byte_array_plookup output = blake2s(input_arr); auto expected = blake2::blake2s(input_v); EXPECT_EQ(output.get_value(), std::vector(expected.begin(), expected.end())); - info("composer gates = ", composer.get_num_gates()); + info("builder gates = ", builder.get_num_gates()); - bool proof_result = composer.check_circuit(); + bool proof_result = builder.check_circuit(); EXPECT_EQ(proof_result, true); } diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.cpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.cpp index 47416a8592..7062169830 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.cpp @@ -7,7 +7,6 @@ #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/plookup/plookup.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" /** * Optimizations: diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.hpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.hpp index 2340cf3305..8c34f95a39 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake2s_plookup.hpp @@ -6,7 +6,7 @@ #include "barretenberg/numeric/bitop/sparse_form.hpp" #include "../../primitives/field/field.hpp" -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/hash/blake2s/blake_util.hpp b/cpp/src/barretenberg/stdlib/hash/blake2s/blake_util.hpp index a31de38dc0..3cc506ed62 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake2s/blake_util.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake2s/blake_util.hpp @@ -1,6 +1,4 @@ #pragma once -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" #include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.cpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.cpp index 09d1c5b8dd..78681009a9 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.cpp @@ -2,7 +2,6 @@ #include "blake3s_plookup.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "../blake2s/blake_util.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" namespace proof_system::plonk { namespace stdlib { @@ -245,7 +244,7 @@ using namespace blake3_internal; template byte_array blake3s(const byte_array& input) { - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { return blake3s_plookup::blake3s(input); } diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp index d5bd02f5d2..78d895f6b1 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp index 6e951187c7..70d6c6941e 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s.test.cpp @@ -3,7 +3,6 @@ #include "barretenberg/crypto/blake3s/blake3s.hpp" #include "barretenberg/common/streams.hpp" #include -#include "barretenberg/stdlib/primitives/composers/composers.hpp" using namespace barretenberg; using namespace proof_system::plonk; diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.cpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.cpp index 69849c7d71..252c5306f6 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.cpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.cpp @@ -6,7 +6,6 @@ #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/plookup/plookup.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.hpp b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.hpp index 8cccabb3c4..fc9d5f9923 100644 --- a/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/hash/blake3s/blake3s_plookup.hpp @@ -6,7 +6,7 @@ #include "barretenberg/numeric/bitop/sparse_form.hpp" #include "../../primitives/field/field.hpp" -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/hash/keccak/keccak.cpp b/cpp/src/barretenberg/stdlib/hash/keccak/keccak.cpp index 2d4cd026f2..7946f8b862 100644 --- a/cpp/src/barretenberg/stdlib/hash/keccak/keccak.cpp +++ b/cpp/src/barretenberg/stdlib/hash/keccak/keccak.cpp @@ -2,7 +2,6 @@ #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/common/constexpr_utils.hpp" #include "barretenberg/numeric/bitop/sparse_form.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp index 71534c1f33..be86192db6 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.cpp @@ -1,7 +1,6 @@ #include "pedersen.hpp" #include "pedersen_plookup.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" -#include "../../primitives/composers/composers.hpp" #include "pedersen_gates.hpp" namespace proof_system::plonk { @@ -206,7 +205,7 @@ point pedersen_hash::hash_single_internal(const field_t& in, if (i > 0) { gates.create_fixed_group_add_gate(round_quad); } else { - if constexpr (C::type == ComposerType::PLOOKUP && + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && (C::merkle_hash_type == merkle::HashType::FIXED_BASE_PEDERSEN || C::commitment_type == pedersen::CommitmentType::FIXED_BASE_PEDERSEN)) { /* In TurboPlonkComposer, the selector q_5 is used to show that w_1 and w_2 are properly initialized to @@ -283,7 +282,8 @@ point pedersen_hash::hash_single(const field_t& in, const generator_index_t hash_index, const bool validate_input_is_in_field) { - if constexpr (C::type == ComposerType::PLOOKUP && C::merkle_hash_type == merkle::HashType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::merkle_hash_type == merkle::HashType::LOOKUP_PEDERSEN) { return pedersen_plookup_hash::hash_single(in, hash_index.index == 0); } @@ -300,7 +300,8 @@ point pedersen_hash::commit_single(const field_t& in, const generator_index_t hash_index, const bool validate_input_is_in_field) { - if constexpr (C::type == ComposerType::PLOOKUP && C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::commitment_type == pedersen::CommitmentType::LOOKUP_PEDERSEN) { return pedersen_plookup_hash::hash_single(in, hash_index.index == 0); } @@ -479,7 +480,7 @@ template void pedersen_hash::validate_wnaf_is_in_field(C* ctx, c field_t y_lo = (-reconstructed_input).add_two(high_limb_with_skew * shift + (r_lo + shift), is_even); field_t y_overlap; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { // carve out the 2 high bits from y_lo and instantiate as y_overlap const uint256_t y_lo_value = y_lo.get_value(); const uint256_t y_overlap_value = y_lo_value >> 126; @@ -549,7 +550,8 @@ field_t pedersen_hash::hash_multiple(const std::vector& inputs, const size_t hash_index, const bool validate_inputs_in_field) { - if constexpr (C::type == ComposerType::PLOOKUP && C::merkle_hash_type == merkle::HashType::LOOKUP_PEDERSEN) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP && + C::merkle_hash_type == merkle::HashType::LOOKUP_PEDERSEN) { return pedersen_plookup_hash::hash_multiple(inputs, hash_index); } diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp index 460443078b..649e6616ad 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/crypto/pedersen_hash/pedersen.hpp" -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_gates.hpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_gates.hpp index 211b01e3fd..4d1049166a 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_gates.hpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_gates.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/proof_system/arithmetization/gate_data.hpp" -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" #include "../../primitives/byte_array/byte_array.hpp" diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp index e610def777..9f27d3d701 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.cpp @@ -3,7 +3,6 @@ #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" -#include "../../primitives/composers/composers.hpp" #include "../../primitives/plookup/plookup.hpp" using namespace proof_system; diff --git a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp index dd1c087bc3..7377b27286 100644 --- a/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/hash/pedersen/pedersen_plookup.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../../primitives/composers/composers_fwd.hpp" +#include "../../primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/point/point.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.cpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.cpp index 406873b73d..188c4f6925 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.cpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.cpp @@ -1,7 +1,7 @@ #include "sha256.hpp" #include "sha256_plookup.hpp" #include "barretenberg/stdlib/primitives/bit_array/bit_array.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" namespace proof_system::plonk { namespace stdlib { @@ -137,7 +137,7 @@ template byte_array sha256_block(const byte_array< template packed_byte_array sha256(const packed_byte_array& input) { - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { return sha256_plookup::sha256(input); } typedef field_t field_pt; diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp index e123dc723a..5636d34b40 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.hpp @@ -3,7 +3,7 @@ #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" #include "sha256_plookup.hpp" // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp index 9fb1261eb9..21564d3257 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256.test.cpp @@ -1,8 +1,9 @@ #include "sha256.hpp" #include "barretenberg/common/test.hpp" #include "barretenberg/crypto/sha256/sha256.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" #include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/numeric/random/engine.hpp" #include "barretenberg/numeric/bitop/rotate.hpp" @@ -113,52 +114,24 @@ std::array inner_block(std::array& w) return output; } -TEST(stdlib_sha256, test_duplicate_proving_key) -{ - - auto first_composer = plonk::StandardPlonkComposer(); - plonk::stdlib::packed_byte_array input( - &first_composer, "An 8 character password? Snow White and the 7 Dwarves.."); - plonk::stdlib::sha256(input); - auto prover = first_composer.create_prover(); - auto verifier = first_composer.create_verifier(); - plonk::proof proof_one = prover.construct_proof(); - bool proof_result_one = verifier.verify_proof(proof_one); - EXPECT_EQ(proof_result_one, true); - auto proving_key = prover.key; - auto verification_key = verifier.key; - auto circuit_size = prover.circuit_size; - - // Test a second time with same keys and different input. - auto second_composer = plonk::StandardPlonkComposer(proving_key, verification_key, circuit_size); - plonk::stdlib::packed_byte_array input2( - &second_composer, "An 8 character password? Snow White and the 9 Dwarves.."); - plonk::stdlib::sha256(input2); - auto second_prover = second_composer.create_prover(); - auto second_verifier = second_composer.create_verifier(); - plonk::proof proof_two = second_prover.construct_proof(); - bool proof_result_two = second_verifier.verify_proof(proof_two); - EXPECT_EQ(proof_result_two, true); -} - // TEST(stdlib_sha256_plookup, test_round) // { // auto composer = UltraPlonkComposer(); // std::array w_inputs; -// std::array, 64> w_elements; +// std::array, 64> w_elements; // for (size_t i = 0; i < 64; ++i) { // w_inputs[i] = engine.get_random_uint32(); -// w_elements[i] = plonk::stdlib::witness_t(&composer, +// w_elements[i] = proof_system::plonk::stdlib::witness_t(&composer, // barretenberg::fr(w_inputs[i])); // } // const auto expected = inner_block(w_inputs); -// const std::array, 8> result = -// plonk::stdlib::sha256_inner_block(w_elements); +// const std::array, 8> result = +// proof_system::plonk::stdlib::sha256_inner_block(w_elements); // for (size_t i = 0; i < 8; ++i) { // EXPECT_EQ(uint256_t(result[i].get_value()).data[0] & 0xffffffffUL, // uint256_t(expected[i]).data[0] & 0xffffffffUL); @@ -168,22 +141,22 @@ TEST(stdlib_sha256, test_duplicate_proving_key) // auto prover = composer.create_prover(); // auto verifier = composer.create_verifier(); -// plonk::proof proof = prover.construct_proof(); +// proof_system::plonk::proof proof = prover.construct_proof(); // bool proof_result = composer.check_circuit(); // EXPECT_EQ(proof_result, true); // } TEST(stdlib_sha256, test_plookup_55_bytes) { - typedef plonk::stdlib::field_t field_pt; - typedef plonk::stdlib::packed_byte_array packed_byte_array_pt; + typedef proof_system::plonk::stdlib::field_t field_pt; + typedef proof_system::plonk::stdlib::packed_byte_array packed_byte_array_pt; // 55 bytes is the largest number of bytes that can be hashed in a single block, // accounting for the single padding bit, and the 64 size bits required by the SHA-256 standard. auto composer = proof_system::UltraCircuitConstructor(); packed_byte_array_pt input(&composer, "An 8 character password? Snow White and the 7 Dwarves.."); - packed_byte_array_pt output_bits = plonk::stdlib::sha256(input); + packed_byte_array_pt output_bits = proof_system::plonk::stdlib::sha256(input); std::vector output = output_bits.to_unverified_byte_slices(4); @@ -208,7 +181,7 @@ TEST(stdlib_sha256, test_55_bytes) auto composer = Composer(); packed_byte_array_ct input(&composer, "An 8 character password? Snow White and the 7 Dwarves.."); - packed_byte_array_ct output_bits = plonk::stdlib::sha256(input); + packed_byte_array_ct output_bits = proof_system::plonk::stdlib::sha256(input); std::vector output = output_bits.to_unverified_byte_slices(4); @@ -228,13 +201,13 @@ TEST(stdlib_sha256, test_55_bytes) TEST(stdlib_sha256, test_NIST_vector_one_packed_byte_array) { - typedef plonk::stdlib::field_t field_pt; - typedef plonk::stdlib::packed_byte_array packed_byte_array_pt; + typedef proof_system::plonk::stdlib::field_t field_pt; + typedef proof_system::plonk::stdlib::packed_byte_array packed_byte_array_pt; auto composer = proof_system::UltraCircuitConstructor(); packed_byte_array_pt input(&composer, "abc"); - packed_byte_array_pt output_bytes = plonk::stdlib::sha256(input); + packed_byte_array_pt output_bytes = proof_system::plonk::stdlib::sha256(input); std::vector output = output_bytes.to_unverified_byte_slices(4); EXPECT_EQ(uint256_t(output[0].get_value()).data[0], (uint64_t)0xBA7816BFU); EXPECT_EQ(uint256_t(output[1].get_value()).data[0], (uint64_t)0x8F01CFEAU); @@ -252,14 +225,14 @@ TEST(stdlib_sha256, test_NIST_vector_one_packed_byte_array) TEST(stdlib_sha256, test_NIST_vector_one) { - typedef plonk::stdlib::field_t field_pt; - typedef plonk::stdlib::packed_byte_array packed_byte_array_pt; + typedef proof_system::plonk::stdlib::field_t field_pt; + typedef proof_system::plonk::stdlib::packed_byte_array packed_byte_array_pt; auto composer = proof_system::UltraCircuitConstructor(); packed_byte_array_pt input(&composer, "abc"); - packed_byte_array_pt output_bits = plonk::stdlib::sha256(input); + packed_byte_array_pt output_bits = proof_system::plonk::stdlib::sha256(input); std::vector output = output_bits.to_unverified_byte_slices(4); @@ -283,7 +256,7 @@ TEST(stdlib_sha256, test_NIST_vector_two) byte_array_ct input(&composer, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"); - byte_array_ct output_bits = plonk::stdlib::sha256(input); + byte_array_ct output_bits = proof_system::plonk::stdlib::sha256(input); std::vector output = packed_byte_array_ct(output_bits).to_unverified_byte_slices(4); @@ -308,7 +281,7 @@ TEST(stdlib_sha256, test_NIST_vector_three) // one byte, 0xbd byte_array_ct input(&composer, std::vector{ 0xbd }); - byte_array_ct output_bits = plonk::stdlib::sha256(input); + byte_array_ct output_bits = proof_system::plonk::stdlib::sha256(input); std::vector output = packed_byte_array_ct(output_bits).to_unverified_byte_slices(4); @@ -333,7 +306,7 @@ TEST(stdlib_sha256, test_NIST_vector_four) // 4 bytes, 0xc98c8e55 byte_array_ct input(&composer, std::vector{ 0xc9, 0x8c, 0x8e, 0x55 }); - byte_array_ct output_bits = plonk::stdlib::sha256(input); + byte_array_ct output_bits = proof_system::plonk::stdlib::sha256(input); std::vector output = packed_byte_array_ct(output_bits).to_unverified_byte_slices(4); @@ -354,8 +327,8 @@ TEST(stdlib_sha256, test_NIST_vector_four) HEAVY_TEST(stdlib_sha256, test_NIST_vector_five) { - typedef plonk::stdlib::field_t field_pt; - typedef plonk::stdlib::packed_byte_array packed_byte_array_pt; + typedef proof_system::plonk::stdlib::field_t field_pt; + typedef proof_system::plonk::stdlib::packed_byte_array packed_byte_array_pt; auto composer = proof_system::UltraCircuitConstructor(); @@ -372,7 +345,8 @@ HEAVY_TEST(stdlib_sha256, test_NIST_vector_five) "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAA"); - packed_byte_array_pt output_bits = plonk::stdlib::sha256(input); + packed_byte_array_pt output_bits = + proof_system::plonk::stdlib::sha256(input); std::vector output = output_bits.to_unverified_byte_slices(4); @@ -401,7 +375,7 @@ TEST(stdlib_sha256, test_input_len_multiple) auto input_buf = std::vector(inp, 1); byte_array_ct input(&composer, input_buf); - byte_array_ct output_bits = plonk::stdlib::sha256(input); + byte_array_ct output_bits = proof_system::plonk::stdlib::sha256(input); auto circuit_output = output_bits.get_value(); @@ -445,7 +419,7 @@ TEST(stdlib_sha256, test_input_str_len_multiple) auto input_buf = std::vector(input_str.begin(), input_str.end()); byte_array_ct input(&composer, input_buf); - byte_array_ct output_bits = plonk::stdlib::sha256(input); + byte_array_ct output_bits = proof_system::plonk::stdlib::sha256(input); auto circuit_output = output_bits.get_value(); diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp index 459f5d6dbf..2995a81844 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp @@ -6,7 +6,6 @@ #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/plookup/plookup.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp b/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp index 447ca209a4..6b374c0735 100644 --- a/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp +++ b/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.hpp @@ -4,7 +4,7 @@ #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/numeric/bitop/sparse_form.hpp" -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" #include "../../primitives/field/field.hpp" #include "../../primitives/packed_byte_array/packed_byte_array.hpp" diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp b/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp index 1f19ded73c..1fce6924e2 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/hash.test.cpp @@ -2,15 +2,13 @@ #include "memory_tree.hpp" #include -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/stdlib/primitives/field/field.hpp" -#include "barretenberg/stdlib/primitives/witness/witness.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/stdlib/merkle_tree/membership.hpp" namespace proof_system::stdlib_merkle_tree_hash_test { using namespace barretenberg; -using namespace plonk::stdlib; +using namespace proof_system::plonk::stdlib; using Composer = proof_system::UltraCircuitConstructor; diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/hash_path.hpp b/cpp/src/barretenberg/stdlib/merkle_tree/hash_path.hpp index e6e5bfcdf6..1c52ffc961 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/hash_path.hpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/hash_path.hpp @@ -71,7 +71,7 @@ inline fr zero_hash_at_height(size_t height) // to achieve effective ADL. namespace std { template -inline std::ostream& operator<<(std::ostream& os, plonk::stdlib::merkle_tree::hash_path const& path) +inline std::ostream& operator<<(std::ostream& os, proof_system::plonk::stdlib::merkle_tree::hash_path const& path) { os << "[\n"; for (size_t i = 0; i < path.size(); ++i) { @@ -81,7 +81,7 @@ inline std::ostream& operator<<(std::ostream& os, plonk::stdlib::merkle_tree::ha return os; } -inline std::ostream& operator<<(std::ostream& os, plonk::stdlib::merkle_tree::fr_hash_path const& path) +inline std::ostream& operator<<(std::ostream& os, proof_system::plonk::stdlib::merkle_tree::fr_hash_path const& path) { os << "[\n"; for (size_t i = 0; i < path.size(); ++i) { diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/membership.test.cpp b/cpp/src/barretenberg/stdlib/merkle_tree/membership.test.cpp index 76251dc720..c5b2ec721a 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/membership.test.cpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/membership.test.cpp @@ -5,10 +5,7 @@ #include "memory_store.hpp" #include "memory_tree.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/stdlib/primitives/bool/bool.hpp" -#include "barretenberg/stdlib/primitives/field/field.hpp" -#include "barretenberg/stdlib/primitives/witness/witness.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" namespace { auto& engine = numeric::random::get_debug_engine(); @@ -18,7 +15,7 @@ namespace proof_system::stdlib_merkle_test { using namespace barretenberg; using namespace proof_system::plonk::stdlib::merkle_tree; -using namespace plonk::stdlib; +using namespace proof_system::plonk::stdlib; using Composer = proof_system::UltraCircuitConstructor; diff --git a/cpp/src/barretenberg/stdlib/merkle_tree/merkle_tree.test.cpp b/cpp/src/barretenberg/stdlib/merkle_tree/merkle_tree.test.cpp index 6f5bdf58d1..8b732e67a1 100644 --- a/cpp/src/barretenberg/stdlib/merkle_tree/merkle_tree.test.cpp +++ b/cpp/src/barretenberg/stdlib/merkle_tree/merkle_tree.test.cpp @@ -7,7 +7,7 @@ namespace proof_system::test_stdlib_merkle_tree { -using namespace plonk::stdlib; +using namespace proof_system::plonk::stdlib; using namespace proof_system::plonk::stdlib::merkle_tree; using Composer = proof_system::UltraCircuitConstructor; diff --git a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp index 3b3bd34f67..4b12a20eff 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.hpp @@ -9,7 +9,7 @@ #include "../byte_array/byte_array.hpp" #include "../field/field.hpp" -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp index 567edcd7a5..2ec05ce652 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield.test.cpp @@ -9,7 +9,7 @@ #include "../byte_array/byte_array.hpp" #include "../field/field.hpp" #include "./bigfield.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" #include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" @@ -107,7 +107,7 @@ template class stdlib_bigfield : public testing::Test { // Don't profile 1st repetition. It sets up a lookup table, cost is not representative of a typical mul if (i == num_repetitions - 2) { std::cerr << "num gates per mul = " << after - before << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), "Bigfield", "MUL", "Gate Count", after - before); + benchmark_info(Composer::NAME_STRING, "Bigfield", "MUL", "Gate Count", after - before); } // uint256_t modulus{ Bn254FqParams::modulus_0, // Bn254FqParams::modulus_1, @@ -145,7 +145,7 @@ template class stdlib_bigfield : public testing::Test { uint64_t after = composer.get_num_gates(); if (i == num_repetitions - 1) { std::cerr << "num gates per mul = " << after - before << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), "Bigfield", "SQR", "Gate Count", after - before); + benchmark_info(Composer::NAME_STRING, "Bigfield", "SQR", "Gate Count", after - before); } // uint256_t modulus{ Bn254FqParams::modulus_0, // Bn254FqParams::modulus_1, @@ -191,7 +191,7 @@ template class stdlib_bigfield : public testing::Test { uint64_t after = composer.get_num_gates(); if (i == num_repetitions - 1) { std::cerr << "num gates per mul = " << after - before << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), "Bigfield", "MADD", "Gate Count", after - before); + benchmark_info(Composer::NAME_STRING, "Bigfield", "MADD", "Gate Count", after - before); } // uint256_t modulus{ Bn254FqParams::modulus_0, // Bn254FqParams::modulus_1, @@ -251,8 +251,7 @@ template class stdlib_bigfield : public testing::Test { uint64_t after = composer.get_num_gates(); if (i == num_repetitions - 1) { std::cerr << "num gates with mult_madd = " << after - before << std::endl; - benchmark_info( - GET_COMPOSER_NAME_STRING(Composer), "Bigfield", "MULT_MADD", "Gate Count", after - before); + benchmark_info(Composer::NAME_STRING, "Bigfield", "MULT_MADD", "Gate Count", after - before); } /** before = composer.get_num_gates(); @@ -359,7 +358,7 @@ template class stdlib_bigfield : public testing::Test { uint64_t after = composer.get_num_gates(); if (i == num_repetitions - 1) { std::cout << "num gates per div = " << after - before << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), "Bigfield", "DIV", "Gate Count", after - before); + benchmark_info(Composer::NAME_STRING, "Bigfield", "DIV", "Gate Count", after - before); } // uint256_t modulus{ Bn254FqParams::modulus_0, // Bn254FqParams::modulus_1, diff --git a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_impl.hpp b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_impl.hpp index 1337117601..2a569e3d33 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_impl.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/bigfield/bigfield_impl.hpp @@ -4,7 +4,7 @@ #include "barretenberg/numeric/uintx/uintx.hpp" #include -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "../bit_array/bit_array.hpp" #include "../field/field.hpp" @@ -56,7 +56,7 @@ bigfield::bigfield(const field_t& low_bits_in, field_t limb_3(context); if (low_bits_in.witness_index != IS_CONSTANT) { std::vector low_accumulator; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { // MERGE NOTE: this was the if constexpr block introduced in ecebe7643 const auto limb_witnesses = context->decompose_non_native_field_double_width_limb(low_bits_in.normalize().witness_index); @@ -107,7 +107,7 @@ bigfield::bigfield(const field_t& low_bits_in, if (high_bits_in.witness_index != IS_CONSTANT) { std::vector high_accumulator; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { const auto limb_witnesses = context->decompose_non_native_field_double_width_limb( high_bits_in.normalize().witness_index, (size_t)num_high_limb_bits); limb_2.witness_index = limb_witnesses[0]; @@ -187,7 +187,7 @@ bigfield bigfield::create_from_u512_as_witness(C* ctx, limbs[2] = value.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3).lo; limbs[3] = value.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4).lo; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { field_t limb_0(ctx); field_t limb_1(ctx); field_t limb_2(ctx); @@ -384,7 +384,7 @@ template bigfield bigfield::operator+(const result.binary_basis_limbs[3].maximum_value = binary_basis_limbs[3].maximum_value + other.binary_basis_limbs[3].maximum_value; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { if (prime_basis_limb.multiplicative_constant == 1 && other.prime_basis_limb.multiplicative_constant == 1 && !is_constant() && !other.is_constant()) { bool limbconst = binary_basis_limbs[0].element.is_constant(); @@ -592,7 +592,7 @@ template bigfield bigfield::operator-(const result.binary_basis_limbs[2].element = binary_basis_limbs[2].element + barretenberg::fr(to_add_2); result.binary_basis_limbs[3].element = binary_basis_limbs[3].element + barretenberg::fr(to_add_3); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { if (prime_basis_limb.multiplicative_constant == 1 && other.prime_basis_limb.multiplicative_constant == 1 && !is_constant() && !other.is_constant()) { bool limbconst = result.binary_basis_limbs[0].element.is_constant(); @@ -1647,7 +1647,7 @@ template void bigfield::assert_is_in_field() cons r1 = r1.normalize(); r2 = r2.normalize(); r3 = r3.normalize(); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { context->decompose_into_default_range(r0.witness_index, static_cast(NUM_LIMB_BITS)); context->decompose_into_default_range(r1.witness_index, static_cast(NUM_LIMB_BITS)); context->decompose_into_default_range(r2.witness_index, static_cast(NUM_LIMB_BITS)); @@ -1780,7 +1780,7 @@ template void bigfield::self_reduce() const // TODO: implicit assumption here - NUM_LIMB_BITS large enough for all the quotient uint32_t quotient_limb_index = context->add_variable(barretenberg::fr(quotient_value.lo)); field_t quotient_limb = field_t::from_witness_index(context, quotient_limb_index); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { context->decompose_into_default_range(quotient_limb.witness_index, static_cast(maximum_quotient_bits)); } else { context->decompose_into_base4_accumulators(quotient_limb.witness_index, @@ -1882,7 +1882,7 @@ void bigfield::unsafe_evaluate_multiply_add(const bigfield& input_left, ++max_hi_bits; } - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { // The plookup custom bigfield gate requires inputs are witnesses. // If we're using constant values, instantiate them as circuit variables const auto convert_constant_to_fixed_witness = [ctx](const bigfield& input) { @@ -2240,7 +2240,7 @@ void bigfield::unsafe_evaluate_multiple_multiply_add(const std::vector::unsafe_evaluate_multiple_multiply_add(const std::vectordecompose_into_default_range(lo.normalize().witness_index, carry_lo_msb); } /* NOTE TO AUDITOR: An extraneous block - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { carry_lo = carry_lo.normalize(); carry_hi = carry_hi.normalize(); ctx->decompose_into_default_range(carry_lo.witness_index, static_cast(carry_lo_msb)); @@ -2606,7 +2606,7 @@ void bigfield::unsafe_evaluate_multiple_multiply_add(const std::vectordecompose_into_default_range(carry_lo.witness_index, static_cast(carry_lo_msb)); @@ -2645,7 +2645,7 @@ void bigfield::unsafe_evaluate_square_add(const bigfield& left, const bigfield& quotient, const bigfield& remainder) { - if (C::type == ComposerType::PLOOKUP) { + if (C::type == proof_system::ComposerType::PLOOKUP) { unsafe_evaluate_multiply_add(left, left, to_add, quotient, { remainder }); return; } @@ -2766,7 +2766,7 @@ void bigfield::unsafe_evaluate_square_add(const bigfield& left, const uint64_t carry_hi_msb = max_hi_bits - (2 * NUM_LIMB_BITS); const barretenberg::fr carry_lo_shift(uint256_t(uint256_t(1) << carry_lo_msb)); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { carry_lo = carry_lo.normalize(); carry_hi = carry_hi.normalize(); ctx->decompose_into_default_range(carry_lo.witness_index, static_cast(carry_lo_msb)); diff --git a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp index c44f550ab7..53d70fed2c 100644 --- a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.hpp @@ -5,7 +5,7 @@ #include "../field/field.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../memory/rom_table.hpp" #include "../memory/twin_rom_table.hpp" #include "barretenberg/ecc/curves/secp256k1/secp256k1.hpp" @@ -250,18 +250,20 @@ template class element { Fq y; private: - template > + template > static std::array, 5> create_group_element_rom_tables( const std::array& elements, std::array& limb_max); - template > + template > static element read_group_element_rom_tables(const std::array, 5>& tables, const field_t& index, const std::array& limb_max); static std::pair compute_offset_generators(const size_t num_rounds); - template > + template > struct four_bit_table_plookup { four_bit_table_plookup(){}; four_bit_table_plookup(const element& input); @@ -276,7 +278,7 @@ template class element { std::array limb_max; // tracks the maximum limb size represented in each element_table entry }; - template > + template > struct eight_bit_fixed_base_table { enum CurveType { BN254, SECP256K1, SECP256R1 }; eight_bit_fixed_base_table(const CurveType input_curve_type, bool use_endo) @@ -294,7 +296,7 @@ template class element { bool use_endomorphism; }; - template > + template > static std::pair, four_bit_table_plookup<>> create_endo_pair_four_bit_table_plookup( const element& input) { @@ -373,7 +375,7 @@ template class element { * * Uses ROM tables to efficiently access lookup table **/ - template > + template > struct lookup_table_plookup { static constexpr size_t table_size = (1ULL << (length)); lookup_table_plookup() {} @@ -390,14 +392,17 @@ template class element { std::array limb_max; }; - using twin_lookup_table = typename std:: - conditional, lookup_table_base<2>>::type; + using twin_lookup_table = typename std::conditional, + lookup_table_base<2>>::type; - using triple_lookup_table = typename std:: - conditional, lookup_table_base<3>>::type; + using triple_lookup_table = typename std::conditional, + lookup_table_base<3>>::type; - using quad_lookup_table = typename std:: - conditional, lookup_table_base<4>>::type; + using quad_lookup_table = typename std::conditional, + lookup_table_base<4>>::type; /** * Creates a pair of 4-bit lookup tables, the former corresponding to 4 input points, @@ -410,7 +415,7 @@ template class element { quad_lookup_table endo_table; uint256_t beta_val = barretenberg::field::cube_root_of_unity(); Fq beta(barretenberg::fr(beta_val.slice(0, 136)), barretenberg::fr(beta_val.slice(136, 256)), false); - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { for (size_t i = 0; i < 8; ++i) { endo_table.element_table[i + 8].x = base_table[7 - i].x * beta; endo_table.element_table[i + 8].y = base_table[7 - i].y; @@ -435,7 +440,7 @@ template class element { * Creates a pair of 5-bit lookup tables, the former corresponding to 5 input points, * the latter corresponding to the endomorphism equivalent of the 5 input points (e.g. x -> \beta * x, y -> -y) **/ - template > + template > static std::pair, lookup_table_plookup<5, X>> create_endo_pair_five_lookup_table( const std::array& inputs) { @@ -443,7 +448,7 @@ template class element { lookup_table_plookup<5> endo_table; uint256_t beta_val = barretenberg::field::cube_root_of_unity(); Fq beta(barretenberg::fr(beta_val.slice(0, 136)), barretenberg::fr(beta_val.slice(136, 256)), false); - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { for (size_t i = 0; i < 16; ++i) { endo_table.element_table[i + 16].x = base_table[15 - i].x * beta; endo_table.element_table[i + 16].y = base_table[15 - i].y; @@ -462,7 +467,7 @@ template class element { * * UltraPlonk version **/ - template > + template > struct batch_lookup_table_plookup { batch_lookup_table_plookup(const std::vector& points) { @@ -882,7 +887,7 @@ template class element { bool has_singleton; }; - using batch_lookup_table = typename std::conditional, batch_lookup_table_base>::type; }; diff --git a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp index 9176076a56..1c034e658e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup.test.cpp @@ -5,7 +5,7 @@ #include "../biggroup/biggroup.hpp" #include "../bool/bool.hpp" #include "../field/field.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" #include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/stdlib/primitives/curves/secp256r1.hpp" @@ -68,7 +68,7 @@ template class stdlib_biggroup : public testing::Test { uint64_t after = composer.get_num_gates(); if (i == num_repetitions - 1) { std::cout << "num gates per add = " << after - before << std::endl; - benchmark_info(GET_COMPOSER_NAME_STRING(Composer), "Biggroup", "ADD", "Gate Count", after - before); + benchmark_info(Composer::NAME_STRING, "Biggroup", "ADD", "Gate Count", after - before); } affine_element c_expected(element(input_a) + element(input_b)); @@ -882,7 +882,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, multiple_montgomery_ladder) HEAVY_TYPED_TEST(stdlib_biggroup, compute_naf) { // ULTRATODO: make this work for secp curves - if constexpr (TypeParam::Curve::type == CurveType::BN254) { + if constexpr (TypeParam::Curve::type == proof_system::CurveType::BN254) { size_t num_repetitions = 1; for (size_t i = 0; i < num_repetitions; i++) { TestFixture::test_compute_naf(); @@ -895,7 +895,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, compute_naf) /* These tests only work for Ultra Circuit Constructor */ HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_batch_mul) { - if constexpr (TypeParam::Curve::Composer::type == ComposerType::PLOOKUP) { + if constexpr (TypeParam::Curve::Composer::type == proof_system::ComposerType::PLOOKUP) { TestFixture::test_compute_wnaf(); } else { GTEST_SKIP(); @@ -906,7 +906,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_batch_mul) case where Fr is a bigfield. */ HEAVY_TYPED_TEST(stdlib_biggroup, compute_wnaf) { - if constexpr (TypeParam::Curve::Composer::type != ComposerType::PLOOKUP && TypeParam::use_bigfield) { + if constexpr (TypeParam::Curve::Composer::type != proof_system::ComposerType::PLOOKUP && TypeParam::use_bigfield) { GTEST_SKIP(); } else { TestFixture::test_compute_wnaf(); @@ -943,7 +943,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_batch_4) /* The following tests are specific to BN254 and don't work when Fr is a bigfield */ HEAVY_TYPED_TEST(stdlib_biggroup, bn254_endo_batch_mul) { - if constexpr (TypeParam::Curve::type == CurveType::BN254 && !TypeParam::use_bigfield) { + if constexpr (TypeParam::Curve::type == proof_system::CurveType::BN254 && !TypeParam::use_bigfield) { TestFixture::test_bn254_endo_batch_mul(); } else { GTEST_SKIP(); @@ -951,7 +951,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, bn254_endo_batch_mul) } HEAVY_TYPED_TEST(stdlib_biggroup, mixed_mul_bn254_endo) { - if constexpr (TypeParam::Curve::type == CurveType::BN254 && !TypeParam::use_bigfield) { + if constexpr (TypeParam::Curve::type == proof_system::CurveType::BN254 && !TypeParam::use_bigfield) { TestFixture::test_mixed_mul_bn254_endo(); } else { GTEST_SKIP(); @@ -961,7 +961,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, mixed_mul_bn254_endo) /* The following tests are specific to SECP256k1 */ HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_secp256k1) { - if constexpr (TypeParam::Curve::type == CurveType::SECP256K1) { + if constexpr (TypeParam::Curve::type == proof_system::CurveType::SECP256K1) { TestFixture::test_wnaf_secp256k1(); } else { GTEST_SKIP(); @@ -969,7 +969,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_secp256k1) } HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_8bit_secp256k1) { - if constexpr (TypeParam::Curve::type == CurveType::SECP256K1) { + if constexpr (TypeParam::Curve::type == proof_system::CurveType::SECP256K1) { TestFixture::test_wnaf_8bit_secp256k1(); } else { GTEST_SKIP(); @@ -977,7 +977,7 @@ HEAVY_TYPED_TEST(stdlib_biggroup, wnaf_8bit_secp256k1) } HEAVY_TYPED_TEST(stdlib_biggroup, ecdsa_mul_secp256k1) { - if constexpr (TypeParam::Curve::type == CurveType::SECP256K1) { + if constexpr (TypeParam::Curve::type == proof_system::CurveType::SECP256K1) { TestFixture::test_ecdsa_mul_secp256k1(); } else { GTEST_SKIP(); diff --git a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp index bff1805db3..c6749aea6b 100644 --- a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_impl.hpp @@ -4,7 +4,7 @@ #include "barretenberg/numeric/uintx/uintx.hpp" #include -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "../bit_array/bit_array.hpp" // #include "../field/field.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_nafs.hpp b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_nafs.hpp index a0fd3571c8..a603d5cb99 100644 --- a/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_nafs.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/biggroup/biggroup_nafs.hpp @@ -243,7 +243,7 @@ typename element::secp256k1_wnaf_pair element::compu // Compute and constrain skews field_t negative_skew = witness_t(ctx, is_negative ? 0 : skew); field_t positive_skew = witness_t(ctx, is_negative ? skew : 0); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { ctx->create_new_range_constraint(negative_skew.witness_index, 1, "biggroup_nafs"); ctx->create_new_range_constraint(positive_skew.witness_index, 1, "biggroup_nafs"); ctx->create_new_range_constraint((negative_skew + positive_skew).witness_index, 1, "biggroup_nafs"); @@ -384,7 +384,7 @@ std::vector> element::compute_wnaf(const Fr& scalar) offset_entry = (1ULL << (WNAF_SIZE - 1)) - 1 - (wnaf_values[i] & 0xffffff); } field_t entry(witness_t(ctx, offset_entry)); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { ctx->create_new_range_constraint(entry.witness_index, 1ULL << (WNAF_SIZE), "biggroup_nafs"); } else { ctx->create_range_constraint(entry.witness_index, WNAF_SIZE, "biggroup_nafs"); @@ -394,7 +394,7 @@ std::vector> element::compute_wnaf(const Fr& scalar) // add skew wnaf_entries.emplace_back(witness_t(ctx, skew)); - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { ctx->create_new_range_constraint(wnaf_entries[wnaf_entries.size() - 1].witness_index, 1, "biggroup_nafs"); } else { ctx->create_range_constraint(wnaf_entries[wnaf_entries.size() - 1].witness_index, 1, "biggroup_nafs"); @@ -507,7 +507,7 @@ std::vector> element::compute_naf(const Fr& scalar, cons bit.context = ctx; bit.witness_index = witness_t(ctx, true).witness_index; // flip sign bit.witness_bool = true; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { ctx->create_new_range_constraint( bit.witness_index, 1, "biggroup_nafs: compute_naf extracted too many bits in non-next_entry case"); } else { @@ -519,7 +519,7 @@ std::vector> element::compute_naf(const Fr& scalar, cons bool_t bit(ctx, false); bit.witness_index = witness_t(ctx, false).witness_index; // don't flip sign bit.witness_bool = false; - if constexpr (C::type == ComposerType::PLOOKUP) { + if constexpr (C::type == proof_system::ComposerType::PLOOKUP) { ctx->create_new_range_constraint( bit.witness_index, 1, "biggroup_nafs: compute_naf extracted too many bits in next_entry case"); } else { diff --git a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.cpp b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.cpp index b8f9dbc343..a6e3ee7e2d 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.cpp @@ -1,5 +1,5 @@ #include "bit_array.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include diff --git a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp index a3e6846b9b..40dbf04906 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../uint/uint.hpp" #include diff --git a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp index 29ca9133d2..f44ef48de7 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bit_array/bit_array.test.cpp @@ -1,7 +1,7 @@ #include "bit_array.hpp" #include #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp b/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp index 30e83c42a7..a106f811c5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bool/bool.cpp @@ -1,5 +1,5 @@ #include "bool.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" using namespace barretenberg; using namespace proof_system; diff --git a/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp b/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp index 86e98acf9e..4550342c21 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/bool/bool.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../witness/witness.hpp" namespace proof_system::plonk::stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp b/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp index 37cde2d465..bcfa48d78a 100644 --- a/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/bool/bool.test.cpp @@ -1,6 +1,6 @@ #include "bool.hpp" #include -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.cpp" #define STDLIB_TYPE_ALIASES \ diff --git a/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.cpp b/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.cpp index d63356bc19..82a642a985 100644 --- a/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.cpp @@ -2,7 +2,7 @@ #include -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" using namespace barretenberg; @@ -129,7 +129,7 @@ template byte_array::byte_array(const field_t y_lo = (-validator) + (s_lo + shift); field_t y_overlap; - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { // carve out the 2 high bits from (y_lo + shifted_high_limb) and instantiate as y_overlap const uint256_t y_lo_value = y_lo.get_value() + shifted_high_limb.get_value(); const uint256_t y_overlap_value = y_lo_value >> 128; diff --git a/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.hpp b/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.hpp index ccc992fa8b..e1414986da 100644 --- a/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.hpp @@ -1,6 +1,6 @@ #pragma once #include "../bool/bool.hpp" -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../field/field.hpp" #include "../safe_uint/safe_uint.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.test.cpp index 4e00a32f96..9c3faaf0fc 100644 --- a/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/byte_array/byte_array.test.cpp @@ -1,5 +1,6 @@ -#include "byte_array.hpp" #include + +#include "byte_array.hpp" #include "barretenberg/stdlib/primitives/bool/bool.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" @@ -8,18 +9,18 @@ namespace test_stdlib_byte_array { using namespace barretenberg; -using namespace plonk; +using namespace proof_system::plonk::stdlib; #define STDLIB_TYPE_ALIASES \ using Composer = TypeParam; \ - using witness_ct = stdlib::witness_t; \ - using byte_array_ct = stdlib::byte_array; \ - using field_ct = stdlib::field_t; \ - using bool_ct = stdlib::bool_t; + using witness_ct = witness_t; \ + using byte_array_ct = byte_array; \ + using field_ct = field_t; \ + using bool_ct = bool_t; template class ByteArrayTest : public ::testing::Test {}; -template using byte_array_ct = stdlib::byte_array; +template using byte_array_ct = byte_array; using ComposerTypes = ::testing::Types; \ + template class stdlib_type; \ + template class stdlib_type; + +#define INSTANTIATE_STDLIB_TYPE_VA(stdlib_type, ...) \ + template class stdlib_type; \ + template class stdlib_type; \ + template class stdlib_type; + +#define INSTANTIATE_STDLIB_BASIC_TYPE(stdlib_type) \ + template class stdlib_type; \ + template class stdlib_type; + +#define INSTANTIATE_STDLIB_BASIC_TYPE_VA(stdlib_type, ...) \ + template class stdlib_type; \ + template class stdlib_type; + +#define INSTANTIATE_STDLIB_ULTRA_METHOD(stdlib_method) template stdlib_method(proof_system::UltraCircuitConstructor); + +#define INSTANTIATE_STDLIB_ULTRA_TYPE(stdlib_type) template class stdlib_type; + +#define INSTANTIATE_STDLIB_ULTRA_TYPE_VA(stdlib_type, ...) \ + template class stdlib_type; diff --git a/cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp new file mode 100644 index 0000000000..53f8b43e7d --- /dev/null +++ b/cpp/src/barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp @@ -0,0 +1,52 @@ +/** + * @brief Defines particular composer and circuit constructor types expected to be used for proof or circuit +construction in stdlib and contains macros for explicit instantiation. + * + * @details This file is designed to be included in header files to instruct the compiler that these classes exist and + * their instantiation will eventually take place. Given it has no dependencies, it causes no additional compilation or + * propagation. + */ +#pragma once + +namespace proof_system::honk { +namespace flavor { +class Standard; +class Ultra; +} // namespace flavor +} // namespace proof_system::honk + +namespace proof_system { +class StandardCircuitConstructor; +class TurboCircuitConstructor; +class UltraCircuitConstructor; +} // namespace proof_system + +#define EXTERN_STDLIB_TYPE(stdlib_type) \ + extern template class stdlib_type; \ + extern template class stdlib_type; \ + extern template class stdlib_type; + +#define EXTERN_STDLIB_METHOD(stdlib_method) \ + extern template stdlib_method(proof_system::StandardCircuitConstructor); \ + extern template stdlib_method(proof_system::TurboCircuitConstructor); \ + extern template stdlib_method(proof_system::UltraCircuitConstructor); + +#define EXTERN_STDLIB_TYPE_VA(stdlib_type, ...) \ + extern template class stdlib_type; \ + extern template class stdlib_type; \ + extern template class stdlib_type; + +#define EXTERN_STDLIB_BASIC_TYPE(stdlib_type) \ + extern template class stdlib_type; \ + extern template class stdlib_type; + +#define EXTERN_STDLIB_BASIC_TYPE_VA(stdlib_type, ...) \ + extern template class stdlib_type; \ + extern template class stdlib_type; + +#define EXTERN_STDLIB_ULTRA_TYPE(stdlib_type) extern template class stdlib_type; + +#define EXTERN_STDLIB_ULTRA_TYPE_VA(stdlib_type, ...) \ + extern template class stdlib_type; + +#define EXTERN_STDLIB_ULTRA_METHOD(stdlib_method) extern template stdlib_method(proof_system::UltraCircuitConstructor); diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp deleted file mode 100644 index c1522e0ac8..0000000000 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers.hpp +++ /dev/null @@ -1,73 +0,0 @@ -/** - * @brief Contains all the headers required to adequately compile the types defined in composers_fwd.hpp and instantiate - * templates. - */ -#pragma once -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/honk/composer/standard_honk_composer.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "barretenberg/honk/composer/ultra_honk_composer.hpp" -#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" -#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" -#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" - -#define INSTANTIATE_STDLIB_METHOD(stdlib_method) \ - template stdlib_method(proof_system::StandardCircuitConstructor); \ - template stdlib_method(proof_system::TurboCircuitConstructor); \ - template stdlib_method(proof_system::UltraCircuitConstructor); \ - template stdlib_method(plonk::StandardPlonkComposer); \ - template stdlib_method(honk::StandardHonkComposer); \ - template stdlib_method(plonk::TurboPlonkComposer); \ - template stdlib_method(plonk::UltraPlonkComposer); \ - template stdlib_method(honk::UltraHonkComposer); - -#define INSTANTIATE_STDLIB_TYPE(stdlib_type) \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; - -#define INSTANTIATE_STDLIB_TYPE_VA(stdlib_type, ...) \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; - -#define INSTANTIATE_STDLIB_BASIC_TYPE(stdlib_type) \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; - -#define INSTANTIATE_STDLIB_BASIC_TYPE_VA(stdlib_type, ...) \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; - -#define INSTANTIATE_STDLIB_ULTRA_METHOD(stdlib_method) \ - template stdlib_method(proof_system::UltraCircuitConstructor); \ - template stdlib_method(plonk::UltraPlonkComposer); \ - template stdlib_method(honk::UltraHonkComposer); - -#define INSTANTIATE_STDLIB_ULTRA_TYPE(stdlib_type) \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; - -#define INSTANTIATE_STDLIB_ULTRA_TYPE_VA(stdlib_type, ...) \ - template class stdlib_type; \ - template class stdlib_type; \ - template class stdlib_type; diff --git a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp b/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp deleted file mode 100644 index 1fb6e8d389..0000000000 --- a/cpp/src/barretenberg/stdlib/primitives/composers/composers_fwd.hpp +++ /dev/null @@ -1,89 +0,0 @@ -/** - * @brief Defines particular composer and circuit constructor types expected to be used for proof or circuit -construction in stdlib and contains macros for explicit instantiation. - * - * @details This file is designed to be included in header files to instruct the compiler that these classes exist and - * their instantiation will eventually take place. Given it has no dependencies, it causes no additional compilation or - * propagation. - */ -#pragma once - -namespace proof_system::plonk { -class StandardPlonkComposer; -class TurboPlonkComposer; -class UltraPlonkComposer; - -} // namespace proof_system::plonk - -namespace proof_system::honk { -namespace flavor { -class Standard; -class Ultra; -} // namespace flavor -template class StandardHonkComposer_; -using StandardHonkComposer = StandardHonkComposer_; -template class UltraHonkComposer_; -using UltraHonkComposer = UltraHonkComposer_; -} // namespace proof_system::honk - -namespace proof_system { -class StandardCircuitConstructor; -class TurboCircuitConstructor; -class UltraCircuitConstructor; -} // namespace proof_system - -#define EXTERN_STDLIB_TYPE(stdlib_type) \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; - -#define EXTERN_STDLIB_METHOD(stdlib_method) \ - extern template stdlib_method(proof_system::StandardCircuitConstructor); \ - extern template stdlib_method(proof_system::TurboCircuitConstructor); \ - extern template stdlib_method(proof_system::UltraCircuitConstructor); \ - extern template stdlib_method(plonk::StandardPlonkComposer); \ - extern template stdlib_method(honk::StandardHonkComposer); \ - extern template stdlib_method(plonk::TurboPlonkComposer); \ - extern template stdlib_method(plonk::UltraPlonkComposer); \ - extern template stdlib_method(honk::UltraHonkComposer); - -#define EXTERN_STDLIB_TYPE_VA(stdlib_type, ...) \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; - -#define EXTERN_STDLIB_BASIC_TYPE(stdlib_type) \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; - -#define EXTERN_STDLIB_BASIC_TYPE_VA(stdlib_type, ...) \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; - -#define EXTERN_STDLIB_ULTRA_TYPE(stdlib_type) \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; - -#define EXTERN_STDLIB_ULTRA_TYPE_VA(stdlib_type, ...) \ - extern template class stdlib_type; \ - extern template class stdlib_type; \ - extern template class stdlib_type; - -#define EXTERN_STDLIB_ULTRA_METHOD(stdlib_method) \ - extern template stdlib_method(proof_system::UltraCircuitConstructor); \ - extern template stdlib_method(plonk::UltraPlonkComposer); \ - extern template stdlib_method(honk::UltraHonkComposer); diff --git a/cpp/src/barretenberg/stdlib/primitives/curves/bn254.hpp b/cpp/src/barretenberg/stdlib/primitives/curves/bn254.hpp index 4fc46e4e41..4919ff490f 100644 --- a/cpp/src/barretenberg/stdlib/primitives/curves/bn254.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/curves/bn254.hpp @@ -7,25 +7,30 @@ namespace proof_system::plonk { namespace stdlib { -template struct bn254 { +template struct bn254 { static constexpr proof_system::CurveType type = proof_system::CurveType::BN254; - typedef barretenberg::fq fq; - typedef barretenberg::fr fr; - typedef barretenberg::g1 g1; + // NOTE: Naming in flux here; maybe name should reflect "native" somehow? + using BaseField = curve::BN254::BaseField; + using fq = BaseField; + using ScalarField = curve::BN254::ScalarField; + using fr = ScalarField; + using Group = curve::BN254::Group; + using g1 = Group; - typedef ComposerType Composer; - typedef witness_t witness_ct; - typedef public_witness_t public_witness_ct; - typedef field_t fr_ct; - typedef byte_array byte_array_ct; - typedef bool_t bool_ct; - typedef stdlib::uint32 uint32_ct; + using Builder = CircuitBuilder; + using Composer = CircuitBuilder; + typedef witness_t witness_ct; + typedef public_witness_t public_witness_ct; + typedef field_t fr_ct; + typedef byte_array byte_array_ct; + typedef bool_t bool_ct; + typedef stdlib::uint32 uint32_ct; - typedef bigfield fq_ct; - typedef bigfield bigfr_ct; - typedef element g1_ct; - typedef element g1_bigfr_ct; + typedef bigfield fq_ct; + typedef bigfield bigfr_ct; + typedef element g1_ct; + typedef element g1_bigfr_ct; }; // namespace bn254 } // namespace stdlib diff --git a/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp index 2543e5d16c..7b1a91b534 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/array.test.cpp @@ -3,7 +3,7 @@ #include "array.hpp" #include #include -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" #include "barretenberg/numeric/random/engine.hpp" namespace test_stdlib_array { diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.cpp index 2f2bfd3efa..7455b7c9aa 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.cpp @@ -1,7 +1,7 @@ #include "field.hpp" #include #include "../bool/bool.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" using namespace proof_system; @@ -739,7 +739,7 @@ void field_t::create_range_constraint(const size_t num_bits, st if (is_constant()) { ASSERT(uint256_t(get_value()).get_msb() < num_bits); } else { - if constexpr (ComposerContext::type == ComposerType::PLOOKUP) { + if constexpr (ComposerContext::type == proof_system::ComposerType::PLOOKUP) { context->decompose_into_default_range( normalize().get_witness_index(), num_bits, @@ -984,7 +984,7 @@ field_t field_t::accumulate(const std::vector< * * If num elements is not a multiple of 3, the final gate will be padded with zero_idx wires **/ - if constexpr (ComposerContext::type == ComposerType::PLOOKUP) { + if constexpr (ComposerContext::type == proof_system::ComposerType::PLOOKUP) { ComposerContext* ctx = nullptr; std::vector accumulator; field_t constant_term = 0; diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.hpp b/cpp/src/barretenberg/stdlib/primitives/field/field.hpp index 2e78f7856f..fed2471ffc 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.hpp @@ -1,6 +1,6 @@ #pragma once #include -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../witness/witness.hpp" #include "barretenberg/common/assert.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp index 2bbe6bb7ff..078a2ff535 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp @@ -6,7 +6,7 @@ #include #include "barretenberg/numeric/random/engine.hpp" #include "barretenberg/common/streams.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" using namespace proof_system; diff --git a/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp b/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp index e30da4dc84..a47ca1aa9e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/group/group.test.cpp @@ -12,7 +12,8 @@ namespace stdlib_group_tests { using namespace barretenberg; -using namespace plonk; +using namespace proof_system::plonk; + namespace { auto& engine = numeric::random::get_debug_engine(); } diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp index d8a3e0ca90..0b700e8ba5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.cpp @@ -1,5 +1,5 @@ #include "logic.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "../plookup/plookup.hpp" #include "barretenberg/common/assert.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" @@ -52,7 +52,7 @@ field_t logic::create_logic_constraint( field_pt b_witness = field_pt::from_witness_index(ctx, ctx->put_constant_variable(b_native)); return create_logic_constraint(a, b_witness, num_bits, is_xor_gate, get_chunk); } - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { Composer* ctx = a.get_context(); const size_t num_chunks = (num_bits / 32) + ((num_bits % 32 == 0) ? 0 : 1); diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp index 1ec450de00..dc97d81f7e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" #include "barretenberg/stdlib/primitives/witness/witness.hpp" #include diff --git a/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp b/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp index d29b29b945..9130a4b973 100644 --- a/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/logic/logic.test.cpp @@ -1,10 +1,11 @@ +#include + #include "../bool/bool.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/proof_system/types/composer_type.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "logic.hpp" -#include "../composers/composers.hpp" -#include #include "barretenberg/numeric/random/engine.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include "barretenberg/proof_system/types/composer_type.hpp" #pragma GCC diagnostic ignored "-Wunused-local-typedefs" @@ -126,7 +127,7 @@ TYPED_TEST(LogicTest, DifferentWitnessSameResult) STDLIB_TYPE_ALIASES auto composer = Composer(); - if (Composer::type == ComposerType::PLOOKUP) { + if (Composer::type == proof_system::ComposerType::PLOOKUP) { uint256_t a = 3758096391; uint256_t b = 2147483649; field_ct x = witness_ct(&composer, uint256_t(a)); diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.cpp index 66937a23ba..7df6d11871 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.cpp @@ -1,6 +1,6 @@ #include "dynamic_array.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "../bool/bool.hpp" namespace proof_system::plonk { @@ -25,7 +25,7 @@ DynamicArray::DynamicArray(Composer* composer, const size_t maximum_si , _max_size(maximum_size) , _length(0) { - static_assert(Composer::type == ComposerType::PLOOKUP); + static_assert(Composer::type == proof_system::ComposerType::PLOOKUP); ASSERT(_context != nullptr); _inner_table = ram_table(_context, maximum_size); // Initialize the ram table with all zeroes diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp index b3435522bf..829142f6b5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.hpp @@ -1,6 +1,6 @@ #pragma once #include "ram_table.hpp" -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" namespace proof_system::plonk { namespace stdlib { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp index 44beaa9b71..92c95d818a 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/dynamic_array.test.cpp @@ -5,7 +5,7 @@ #include "barretenberg/numeric/random/engine.hpp" #include "../bool/bool.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" namespace test_stdlib_dynamic_array { using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.cpp index f68089e229..020b81cbd3 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.cpp @@ -1,6 +1,6 @@ #include "ram_table.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" namespace proof_system::plonk { namespace stdlib { @@ -13,7 +13,7 @@ namespace stdlib { */ template ram_table::ram_table(Composer* composer, const size_t table_size) { - static_assert(Composer::type == ComposerType::PLOOKUP); + static_assert(Composer::type == proof_system::ComposerType::PLOOKUP); _context = composer; _length = table_size; _index_initialized.resize(table_size); @@ -35,7 +35,7 @@ template ram_table::ram_table(Composer* composer, */ template ram_table::ram_table(const std::vector& table_entries) { - static_assert(Composer::type == ComposerType::PLOOKUP); + static_assert(Composer::type == proof_system::ComposerType::PLOOKUP); // get the composer _context for (const auto& entry : table_entries) { if (entry.get_context() != nullptr) { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.hpp b/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.hpp index b3526c452c..8bdc472a6c 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../field/field.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.test.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.test.cpp index a98c83a1b0..5af8a84c43 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/ram_table.test.cpp @@ -1,10 +1,8 @@ -#include "ram_table.hpp" - #include +#include "ram_table.hpp" #include "barretenberg/numeric/random/engine.hpp" - -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" namespace test_stdlib_ram_table { @@ -26,13 +24,13 @@ TEST(ram_table, ram_table_init_read_consistency) std::vector table_values; const size_t table_size = 10; for (size_t i = 0; i < table_size; ++i) { - table_values.emplace_back(witness_ct(&composer, fr::random_element())); + table_values.emplace_back(witness_ct(&composer, barretenberg::fr::random_element())); } ram_table_ct table(table_values); field_ct result(0); - fr expected(0); + barretenberg::fr expected(0); for (size_t i = 0; i < 10; ++i) { field_ct index(witness_ct(&composer, (uint64_t)i)); @@ -58,7 +56,7 @@ TEST(ram_table, ram_table_read_write_consistency) Composer composer; const size_t table_size = 10; - std::vector table_values(table_size); + std::vector table_values(table_size); ram_table_ct table(&composer, table_size); @@ -66,12 +64,12 @@ TEST(ram_table, ram_table_read_write_consistency) table.write(i, 0); } field_ct result(0); - fr expected(0); + barretenberg::fr expected(0); const auto update = [&]() { for (size_t i = 0; i < table_size / 2; ++i) { - table_values[2 * i] = fr::random_element(); - table_values[2 * i + 1] = fr::random_element(); + table_values[2 * i] = barretenberg::fr::random_element(); + table_values[2 * i + 1] = barretenberg::fr::random_element(); // init with both constant and variable values table.write(2 * i, table_values[2 * i]); diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.cpp index 53ed2a80f4..bd8f699ea5 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.cpp @@ -1,6 +1,6 @@ #include "rom_table.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" using namespace barretenberg; @@ -9,7 +9,7 @@ namespace stdlib { template rom_table::rom_table(const std::vector& table_entries) { - static_assert(Composer::type == ComposerType::PLOOKUP); + static_assert(Composer::type == proof_system::ComposerType::PLOOKUP); // get the composer context for (const auto& entry : table_entries) { if (entry.get_context() != nullptr) { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.hpp b/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.hpp index b539b0a750..56b953d68c 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../field/field.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.test.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.test.cpp index 88de9fcbb0..f697ede8d9 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/rom_table.test.cpp @@ -1,10 +1,9 @@ -#include "rom_table.hpp" #include +#include "rom_table.hpp" #include "barretenberg/numeric/random/engine.hpp" - -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" namespace test_stdlib_rom_array { using namespace barretenberg; @@ -27,13 +26,13 @@ TEST(rom_table, rom_table_read_write_consistency) std::vector table_values; const size_t table_size = 10; for (size_t i = 0; i < table_size; ++i) { - table_values.emplace_back(witness_ct(&composer, fr::random_element())); + table_values.emplace_back(witness_ct(&composer, barretenberg::fr::random_element())); } rom_table_ct table(table_values); field_ct result(0); - fr expected(0); + barretenberg::fr expected(0); for (size_t i = 0; i < 10; ++i) { field_ct index(witness_ct(&composer, (uint64_t)i)); diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.cpp b/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.cpp index e8aaff2af4..ad56a4f224 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.cpp @@ -1,6 +1,6 @@ #include "twin_rom_table.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" using namespace barretenberg; @@ -10,7 +10,7 @@ namespace stdlib { template twin_rom_table::twin_rom_table(const std::vector>& table_entries) { - static_assert(Composer::type == ComposerType::PLOOKUP); + static_assert(Composer::type == proof_system::ComposerType::PLOOKUP); // get the composer context for (const auto& entry : table_entries) { if (entry[0].get_context() != nullptr) { diff --git a/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.hpp b/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.hpp index c07e67dc42..ceb6399311 100644 --- a/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/memory/twin_rom_table.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../field/field.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.cpp b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.cpp index 62d0d1bb6b..da8e4acdc3 100644 --- a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.cpp @@ -1,6 +1,6 @@ #include "packed_byte_array.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp index a8e452f02b..d081d5af19 100644 --- a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.hpp @@ -1,5 +1,5 @@ #pragma once -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../field/field.hpp" #include "../bool/bool.hpp" #include "../byte_array/byte_array.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp index 5c16d0b59d..238a016ebc 100644 --- a/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/packed_byte_array/packed_byte_array.test.cpp @@ -3,7 +3,7 @@ #include "packed_byte_array.hpp" #include "barretenberg/stdlib/primitives/byte_array/byte_array.hpp" #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" #pragma GCC diagnostic ignored "-Wunused-local-typedefs" diff --git a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.cpp b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.cpp index 27761a2fd0..2816fde8d6 100644 --- a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.cpp @@ -1,7 +1,7 @@ #include "./plookup.hpp" #include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" namespace proof_system::plonk { class UltraPlonkComposer; diff --git a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp index 778f76b7ac..cc4633cbd2 100644 --- a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.hpp @@ -2,7 +2,7 @@ #include #include #include "barretenberg/proof_system/plookup_tables/plookup_tables.hpp" -#include "barretenberg/stdlib/primitives/composers/composers_fwd.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp" #include "barretenberg/proof_system/plookup_tables/types.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp index f564c80b7a..bbaad6cafb 100644 --- a/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/plookup/plookup.test.cpp @@ -8,7 +8,7 @@ #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" #include "barretenberg/stdlib/primitives/uint/uint.hpp" #include "barretenberg/stdlib/primitives/curves/secp256k1.hpp" -#include "barretenberg/stdlib/primitives/composers/composers.hpp" +#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp" namespace test_stdlib_plookups { using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.cpp b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.cpp index 344ffe3d02..ce07f16a27 100644 --- a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.cpp @@ -1,6 +1,6 @@ #include "safe_uint.hpp" #include "../bool/bool.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp" namespace proof_system::plonk { diff --git a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp index 213eee5c96..adc6685747 100644 --- a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.hpp @@ -1,7 +1,7 @@ #pragma once #include -#include "../composers/composers_fwd.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "../witness/witness.hpp" #include "../bool/bool.hpp" #include "barretenberg/common/assert.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.test.cpp b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.test.cpp index b237006da2..ad0da41a2a 100644 --- a/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/safe_uint/safe_uint.test.cpp @@ -24,7 +24,8 @@ auto& engine = numeric::random::get_debug_engine(); namespace test_stdlib_safe_uint { using namespace barretenberg; -using namespace plonk; +using namespace proof_system::plonk; + template void ignore_unused(T&) {} // use to ignore unused variables in lambdas template class SafeUintTest : public ::testing::Test {}; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/arithmetic.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/arithmetic.cpp index bcc347ad5b..26b10b520e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/arithmetic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/arithmetic.cpp @@ -1,4 +1,4 @@ -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/comparison.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/comparison.cpp index 374df85af5..ff6473d8eb 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/comparison.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/comparison.cpp @@ -1,4 +1,4 @@ -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp index 39662dd8c5..e9f3d8e6be 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/logic.cpp @@ -1,4 +1,4 @@ -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/arithmetic.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/arithmetic.cpp index 182492dbf0..befd21c392 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/arithmetic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/arithmetic.cpp @@ -1,4 +1,4 @@ -#include "../../composers/composers.hpp" +#include "../../circuit_builders/circuit_builders.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/comparison.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/comparison.cpp index 7e83eab603..14ec78a5e8 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/comparison.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/comparison.cpp @@ -1,4 +1,4 @@ -#include "../../composers/composers.hpp" +#include "../../circuit_builders/circuit_builders.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/logic.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/logic.cpp index 6dea194335..d2c89e3073 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/logic.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/logic.cpp @@ -1,4 +1,4 @@ -#include "../../composers/composers.hpp" +#include "../../circuit_builders/circuit_builders.hpp" #include "uint.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.cpp index e626d348f9..a60cc0393f 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.cpp @@ -1,5 +1,5 @@ #include "uint.hpp" -#include "../../composers/composers.hpp" +#include "../../circuit_builders/circuit_builders.hpp" using namespace barretenberg; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.hpp b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.hpp index 14eecbaf5e..6b41f6c4ce 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/plookup/uint.hpp @@ -1,7 +1,7 @@ #pragma once #include "../../bool/bool.hpp" #include "../../byte_array/byte_array.hpp" -#include "../../composers/composers_fwd.hpp" +#include "../../circuit_builders/circuit_builders_fwd.hpp" #include "../../field/field.hpp" #include "../../plookup/plookup.hpp" diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/uint.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/uint.cpp index 66866da1b7..f93d031c7f 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/uint.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/uint.cpp @@ -1,5 +1,5 @@ #include "uint.hpp" -#include "../composers/composers.hpp" +#include "../circuit_builders/circuit_builders.hpp" using namespace barretenberg; using namespace proof_system; @@ -16,7 +16,7 @@ std::vector uint::constrain_accumulators(Composer* c const size_t num_bits, std::string const& msg) const { - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { // TODO: manage higher bit ranges const auto sequence = plookup_read::get_lookup_accumulators( plookup::MultiTableId::UINT32_XOR, @@ -317,7 +317,7 @@ template bool_t uintget_variable(right_idx)) - uint256_t(context->get_variable(left_idx)) * uint256_t(4); - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { uint256_t lo_bit = quad & 1; uint256_t hi_bit = (quad & 2) >> 1; // difference in quads = 0, 1, 2, 3 = delta diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp b/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp index 7658a010df..2a9c690a95 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/uint.hpp @@ -1,7 +1,7 @@ #pragma once #include "../bool/bool.hpp" #include "../byte_array/byte_array.hpp" -#include "../composers/composers_fwd.hpp" +#include "../circuit_builders/circuit_builders_fwd.hpp" #include "../field/field.hpp" #include "../plookup/plookup.hpp" @@ -189,19 +189,19 @@ template inline std::ostream& operator<<(std::ostream& } template -using uint8 = typename std::conditional, uint>::type; template -using uint16 = typename std::conditional, uint>::type; template -using uint32 = typename std::conditional, uint>::type; template -using uint64 = typename std::conditional, uint>::type; diff --git a/cpp/src/barretenberg/stdlib/primitives/uint/uint.test.cpp b/cpp/src/barretenberg/stdlib/primitives/uint/uint.test.cpp index 6f1e3646b0..70d8398f9e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/uint/uint.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/uint/uint.test.cpp @@ -75,7 +75,7 @@ uint_native rotate(uint_native value, size_t rotation) : value; } template class stdlib_uint : public testing::Test { - typedef typename std::conditional, stdlib::uint>::type uint_ct; typedef stdlib::bool_t bool_ct; @@ -1923,10 +1923,10 @@ TYPED_TEST(stdlib_uint, test_at) // There was one plookup-specific test in the ./plookup/uint_plookup.test.cpp TEST(stdlib_uint32, test_accumulators_plookup_uint32) { - using uint32_ct = proof_system::plonk::stdlib::uint32; - using witness_ct = proof_system::plonk::stdlib::witness_t; + using uint32_ct = proof_system::plonk::stdlib::uint32; + using witness_ct = proof_system::plonk::stdlib::witness_t; - plonk::UltraPlonkComposer composer = proof_system::plonk::UltraPlonkComposer(); + proof_system::UltraCircuitConstructor composer; uint32_t a_val = engine.get_random_uint32(); uint32_t b_val = engine.get_random_uint32(); @@ -1943,7 +1943,7 @@ TEST(stdlib_uint32, test_accumulators_plookup_uint32) EXPECT_EQ(result, expected); } - printf("composer gates = %zu\n", composer.get_num_gates()); + info("composer gates = ", composer.get_num_gates()); bool proof_result = composer.check_circuit(); EXPECT_EQ(proof_result, true); diff --git a/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp b/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp index 87e55977d0..626e6c0b93 100644 --- a/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp +++ b/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.hpp @@ -16,17 +16,14 @@ #include "../../primitives/witness/witness.hpp" #include "../../primitives/bool/bool.hpp" -#include "../verification_key//verification_key.hpp" -namespace proof_system::plonk { -namespace stdlib { -namespace recursion { +namespace proof_system::plonk::stdlib::recursion { template class Transcript { public: using field_pt = field_t; using witness_pt = witness_t; using fq_pt = bigfield; using group_pt = element; - using Key = proof_system::plonk::stdlib::recursion::verification_key>; + using Key = verification_key>; Transcript(Composer* in_context, const transcript::Manifest input_manifest) : context(in_context) @@ -259,7 +256,7 @@ template class Transcript { field_pt borrow = field_pt::from_witness(context, need_borrow); // directly call `create_new_range_constraint` to avoid creating an arithmetic gate - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { context->create_new_range_constraint(borrow.get_witness_index(), 1, "borrow"); } else { context->create_range_constraint(borrow.get_witness_index(), 1, "borrow"); @@ -277,7 +274,7 @@ template class Transcript { }; field_pt base_hash; - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { base_hash = stdlib::pedersen_plookup_commitment::compress(std::vector{ T0 }, 0); } else { base_hash = stdlib::pedersen_commitment::compress(std::vector{ T0 }, 0); @@ -296,7 +293,7 @@ template class Transcript { for (size_t i = 2; i < num_challenges; i += 2) { // TODO(@zac-williamson) make this a Poseidon hash not a Pedersen hash field_pt hash_output; - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { hash_output = stdlib::pedersen_plookup_commitment::compress( std::vector{ (base_hash + field_pt(i / 2)).normalize() }, 0); } else { @@ -429,6 +426,4 @@ template class Transcript { size_t current_round = 0; }; -} // namespace recursion -} // namespace stdlib -} // namespace proof_system::plonk +} // namespace proof_system::plonk::stdlib::recursion diff --git a/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.test.cpp b/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.test.cpp index 6158a15859..48d15bb3f1 100644 --- a/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/transcript/transcript.test.cpp @@ -1,22 +1,23 @@ -#include "transcript.hpp" #include +#include "transcript.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" - #include "barretenberg/transcript/transcript.hpp" -using namespace proof_system::plonk; +namespace proof_system::plonk::stdlib::recursion { -// ULTRATODO: Add tests for other composers too (make tests modular?) +// TODO(Cody): Testing only one circuit type. +using Builder = StandardCircuitConstructor; -typedef stdlib::field_t field_t; -typedef stdlib::bool_t bool_t; -typedef stdlib::uint uint32; -typedef stdlib::witness_t witness_t; -typedef stdlib::byte_array byte_array; -typedef stdlib::bigfield fq_t; -typedef stdlib::element group_t; +using field_t = stdlib::field_t; +using bool_t = stdlib::bool_t; +using uint32 = stdlib::uint; +using witness_t = stdlib::witness_t; +using byte_array = stdlib::byte_array; +using fq_t = stdlib::bigfield; +using group_t = stdlib::element; +using transcript_ct = Transcript; namespace { transcript::Manifest create_manifest(const size_t num_public_inputs) @@ -127,11 +128,9 @@ transcript::Transcript get_test_base_transcript(const TestData& data) return transcript; } -plonk::stdlib::recursion::Transcript get_circuit_transcript( - plonk::TurboPlonkComposer* context, const TestData& data) +transcript_ct get_circuit_transcript(Builder* context, const TestData& data) { - plonk::stdlib::recursion::Transcript transcript(context, - create_manifest(data.num_public_inputs)); + transcript_ct transcript(context, create_manifest(data.num_public_inputs)); uint256_t circuit_size_value = uint256_t(4) + (uint256_t(3) << 8) + (uint256_t(2) << 16) + (uint256_t(1) << 24); field_t circuit_size(stdlib::witness_t(context, barretenberg::fr(circuit_size_value))); field_t public_input_size(stdlib::witness_t(context, barretenberg::fr(data.num_public_inputs))); @@ -145,33 +144,19 @@ plonk::stdlib::recursion::Transcript get_circuit_tran public_inputs.push_back(witness_t(context, data.public_input_elements[i])); } transcript.add_field_element_vector("public_inputs", public_inputs); - transcript.add_group_element( - "W_1", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[0])); - transcript.add_group_element( - "W_2", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[1])); - transcript.add_group_element( - "W_3", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[2])); + transcript.add_group_element("W_1", transcript_ct::convert_g1(context, data.g1_elements[0])); + transcript.add_group_element("W_2", transcript_ct::convert_g1(context, data.g1_elements[1])); + transcript.add_group_element("W_3", transcript_ct::convert_g1(context, data.g1_elements[2])); transcript.apply_fiat_shamir("beta"); - transcript.add_group_element( - "Z_PERM", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[3])); + transcript.add_group_element("Z_PERM", transcript_ct::convert_g1(context, data.g1_elements[3])); transcript.apply_fiat_shamir("alpha"); - transcript.add_group_element( - "T_1", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[4])); - transcript.add_group_element( - "T_2", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[5])); - transcript.add_group_element( - "T_3", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[6])); + transcript.add_group_element("T_1", transcript_ct::convert_g1(context, data.g1_elements[4])); + transcript.add_group_element("T_2", transcript_ct::convert_g1(context, data.g1_elements[5])); + transcript.add_group_element("T_3", transcript_ct::convert_g1(context, data.g1_elements[6])); transcript.apply_fiat_shamir("z"); @@ -187,12 +172,8 @@ plonk::stdlib::recursion::Transcript get_circuit_tran transcript.apply_fiat_shamir("nu"); - transcript.add_group_element( - "PI_Z", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[7])); - transcript.add_group_element( - "PI_Z_OMEGA", - plonk::stdlib::recursion::Transcript::convert_g1(context, data.g1_elements[8])); + transcript.add_group_element("PI_Z", transcript_ct::convert_g1(context, data.g1_elements[7])); + transcript.add_group_element("PI_Z_OMEGA", transcript_ct::convert_g1(context, data.g1_elements[8])); transcript.apply_fiat_shamir("separator"); return transcript; @@ -203,10 +184,9 @@ TEST(stdlib_transcript, validate_transcript) TestData data = get_test_data(); transcript::Transcript normal_transcript = get_test_base_transcript(data); - plonk::TurboPlonkComposer composer = proof_system::plonk::TurboPlonkComposer(); + Builder builder; - plonk::stdlib::recursion::Transcript recursive_transcript = - get_circuit_transcript(&composer, data); + transcript_ct recursive_transcript = get_circuit_transcript(&builder, data); const auto check_challenge = [&normal_transcript, &recursive_transcript](const std::string& challenge_name, const size_t challenge_idx = 0) { @@ -289,13 +269,9 @@ TEST(stdlib_transcript, validate_transcript) check_group_element("PI_Z"); check_group_element("PI_Z_OMEGA"); - printf("composer gates = %zu\n", composer.get_num_gates()); - auto prover = composer.create_prover(); - - auto verifier = composer.create_verifier(); - - plonk::proof proof = prover.construct_proof(); + info("builder gates = ", builder.get_num_gates()); - bool result = verifier.verify_proof(proof); + auto result = builder.check_circuit(); EXPECT_EQ(result, true); } +} // namespace proof_system::plonk::stdlib::recursion \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp b/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp index 3d05b572a6..154a51cb77 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp +++ b/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.hpp @@ -58,7 +58,7 @@ template struct PedersenPreimage } preimage_data.push_back(field_pt::accumulate(work_element)); } - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { return pedersen_plookup_commitment::compress_with_relaxed_range_constraints(preimage_data, hash_index); } else { @@ -145,7 +145,7 @@ template struct PedersenPreimage field_pt borrow = field_pt::from_witness(context, need_borrow); // directly call `create_new_range_constraint` to avoid creating an arithmetic gate - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { context->create_new_range_constraint(borrow.get_witness_index(), 1, "borrow"); } else { context->create_range_constraint(borrow.get_witness_index(), 1, "borrow"); @@ -334,7 +334,7 @@ template struct verification_key { const auto circuit_key_compressed = compress(); bool found = false; // if we're using Plookup, use a ROM table to index the keys - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { field_t key_index(witness_t(context, 0)); std::vector> compressed_keys; for (size_t i = 0; i < keys_in_set.size(); ++i) { @@ -422,7 +422,7 @@ template struct verification_key { write(preimage_data, key->domain.root); barretenberg::fr compressed_key; - if constexpr (Composer::type == ComposerType::PLOOKUP) { + if constexpr (Composer::type == proof_system::ComposerType::PLOOKUP) { compressed_key = from_buffer( crypto::pedersen_commitment::lookup::compress_native(preimage_data, hash_index)); } else { diff --git a/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.test.cpp index 5f7cb9a8bf..c02314925e 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verification_key/verification_key.test.cpp @@ -1,9 +1,11 @@ +#include "verification_key.hpp" + #include "barretenberg/common/test.hpp" #include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" -#include "barretenberg/plonk/composer/standard_plonk_composer.hpp" -#include "barretenberg/plonk/composer/turbo_plonk_composer.hpp" -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" -#include "verification_key.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/srs/factories/file_crs_factory.hpp" namespace { auto& engine = numeric::random::get_debug_engine(); @@ -19,17 +21,15 @@ using namespace proof_system::plonk; */ template class VerificationKeyFixture : public testing::Test { public: - using Curve = stdlib::bn254; - using RecursVk = plonk::stdlib::recursion::verification_key; + using Curve = proof_system::plonk::stdlib::bn254; + using RecursVk = proof_system::plonk::stdlib::recursion::verification_key; static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } - static Composer init_composer() { return Composer(barretenberg::srs::get_crs_factory()); } - /** * @brief generate a random vk data for use in tests * - * @return verification_key_data randomly generated + * @return verification_key_data randomly generatedv */ static verification_key_data rand_vk_data() { @@ -45,17 +45,15 @@ template class VerificationKeyFixture : public testing::Test } }; -// Each test will run for all composer types -using ComposerTypes = testing::Types; +using ComposerTypes = testing::Types; TYPED_TEST_SUITE(VerificationKeyFixture, ComposerTypes); TYPED_TEST(VerificationKeyFixture, vk_data_vs_recursion_compress_native) { using RecursVk = typename TestFixture::RecursVk; - auto composer = TestFixture::init_composer(); + TypeParam builder; verification_key_data vk_data = TestFixture::rand_vk_data(); verification_key_data vk_data_copy = vk_data; @@ -64,7 +62,7 @@ TYPED_TEST(VerificationKeyFixture, vk_data_vs_recursion_compress_native) auto file_verifier = file_crs->get_verifier_crs(); auto native_vk = std::make_shared(std::move(vk_data_copy), file_verifier); - auto recurs_vk = RecursVk::from_witness(&composer, native_vk); + auto recurs_vk = RecursVk::from_witness(&builder, native_vk); EXPECT_EQ(vk_data.compress_native(0), RecursVk::compress_native(native_vk, 0)); // EXPECT_EQ(vk_data.compress_native(15), RecursVk::compress_native(native_vk, 15)); @@ -76,7 +74,7 @@ TYPED_TEST(VerificationKeyFixture, vk_data_vs_recursion_compress_native) TYPED_TEST(VerificationKeyFixture, compress_vs_compress_native) { using RecursVk = typename TestFixture::RecursVk; - auto composer = TestFixture::init_composer(); + TypeParam builder; verification_key_data vk_data = TestFixture::rand_vk_data(); @@ -84,7 +82,7 @@ TYPED_TEST(VerificationKeyFixture, compress_vs_compress_native) auto file_verifier = file_crs->get_verifier_crs(); auto native_vk = std::make_shared(std::move(vk_data), file_verifier); - auto recurs_vk = RecursVk::from_witness(&composer, native_vk); + auto recurs_vk = RecursVk::from_witness(&builder, native_vk); EXPECT_EQ(recurs_vk->compress(0).get_value(), RecursVk::compress_native(native_vk, 0)); // EXPECT_EQ(recurs_vk->compress(15).get_value(), RecursVk::compress_native(native_vk, 15)); diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.hpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.hpp index 244aa0950c..dbe0fed979 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.hpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.hpp @@ -1,33 +1,31 @@ #pragma once -#include "../../primitives/bigfield/bigfield.hpp" -#include "../../primitives/biggroup/biggroup.hpp" -#include "../../primitives/bool/bool.hpp" -#include "../../primitives/field/field.hpp" - -#include "../transcript/transcript.hpp" -#include "../aggregation_state/aggregation_state.hpp" - -#include "barretenberg/plonk/proof_system/utils/kate_verification.hpp" -#include "barretenberg/plonk/proof_system/public_inputs/public_inputs.hpp" - -#include "barretenberg/polynomials/polynomial_arithmetic.hpp" - #include "barretenberg/ecc/curves/bn254/fq12.hpp" #include "barretenberg/ecc/curves/bn254/pairing.hpp" +#include "barretenberg/plonk/flavor/flavor.hpp" +#include "barretenberg/plonk/proof_system/types/proof.hpp" +#include "barretenberg/plonk/proof_system/utils/kate_verification.hpp" +#include "barretenberg/plonk/proof_system/public_inputs/public_inputs.hpp" +#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" +#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp" +#include "barretenberg/stdlib/primitives/bool/bool.hpp" +#include "barretenberg/stdlib/primitives/field/field.hpp" +#include "barretenberg/stdlib/recursion/transcript/transcript.hpp" +#include "barretenberg/stdlib/recursion/aggregation_state/aggregation_state.hpp" +#include "barretenberg/stdlib/recursion/verifier/program_settings.hpp" namespace proof_system::plonk { namespace stdlib { namespace recursion { -template struct lagrange_evaluations { - field_t l_start; - field_t l_end; - field_t vanishing_poly; +template struct lagrange_evaluations { + field_t l_start; + field_t l_end; + field_t vanishing_poly; }; template -void populate_kate_element_map(typename Curve::Composer* ctx, +void populate_kate_element_map(typename Curve::Builder* ctx, typename Transcript::Key* key, const Transcript& transcript, std::map& kate_g1_elements, @@ -112,9 +110,9 @@ void populate_kate_element_map(typename Curve::Composer* ctx, } template -lagrange_evaluations get_lagrange_evaluations( +lagrange_evaluations get_lagrange_evaluations( const typename Curve::fr_ct& z, - const evaluation_domain& domain, + const evaluation_domain& domain, const size_t num_roots_cut_out_of_vanishing_polynomial = 4) { // compute Z_H*(z), l_start(z), l_{end}(z) @@ -127,9 +125,9 @@ lagrange_evaluations get_lagrange_evaluations( // typedef typename Curve::fr_ct fr_ct; - typedef typename Curve::Composer Composer; + typedef typename Curve::Builder Builder; - fr_ct z_pow = z.pow(field_t(domain.size)); + fr_ct z_pow = z.pow(field_t(domain.size)); fr_ct numerator = z_pow - fr_ct(1); // compute modified vanishing polynomial Z_H*(z) @@ -138,7 +136,7 @@ lagrange_evaluations get_lagrange_evaluations( // (z - w^{n-1})(z - w^{n-2})...(z - w^{n - k}) // fr_ct denominators_vanishing_poly = fr_ct(1); - lagrange_evaluations result; + lagrange_evaluations result; fr_ct work_root = domain.root_inverse; for (size_t i = 0; i < num_roots_cut_out_of_vanishing_polynomial; ++i) { @@ -176,17 +174,17 @@ lagrange_evaluations get_lagrange_evaluations( * which includes detailed comments. */ template -aggregation_state verify_proof(typename Curve::Composer* context, +aggregation_state verify_proof(typename Curve::Builder* context, std::shared_ptr> key, const transcript::Manifest& manifest, const plonk::proof& proof, const aggregation_state previous_output = aggregation_state()) { - using Composer = typename Curve::Composer; + using Builder = typename Curve::Builder; key->program_width = program_settings::program_width; - Transcript transcript = Transcript(context, proof.proof_data, manifest); + Transcript transcript = Transcript(context, proof.proof_data, manifest); return verify_proof_(context, key, transcript, previous_output); } @@ -196,15 +194,15 @@ aggregation_state verify_proof(typename Curve::Composer* context, * which includes detailed comments. */ template -aggregation_state verify_proof_(typename Curve::Composer* context, +aggregation_state verify_proof_(typename Curve::Builder* context, std::shared_ptr> key, - Transcript& transcript, + Transcript& transcript, const aggregation_state previous_output = aggregation_state()) { using fr_ct = typename Curve::fr_ct; using fq_ct = typename Curve::fq_ct; using g1_ct = typename Curve::g1_ct; - using Composer = typename Curve::Composer; + using Builder = typename Curve::Builder; key->program_width = program_settings::program_width; @@ -233,7 +231,7 @@ aggregation_state verify_proof_(typename Curve::Composer* context, key->z_pow_n = zeta.pow(key->domain.domain); - lagrange_evaluations lagrange_evals = get_lagrange_evaluations(zeta, key->domain); + lagrange_evaluations lagrange_evals = get_lagrange_evaluations(zeta, key->domain); // reconstruct evaluation of quotient polynomial from prover messages @@ -250,14 +248,14 @@ aggregation_state verify_proof_(typename Curve::Composer* context, fr_ct batch_opening_scalar; - populate_kate_element_map, program_settings>(context, - key.get(), - transcript, - kate_g1_elements, - kate_fr_elements_at_zeta, - kate_fr_elements_at_zeta_large, - kate_fr_elements_at_zeta_omega, - batch_opening_scalar); + populate_kate_element_map, program_settings>(context, + key.get(), + transcript, + kate_g1_elements, + kate_fr_elements_at_zeta, + kate_fr_elements_at_zeta_large, + kate_fr_elements_at_zeta_omega, + batch_opening_scalar); std::vector double_opening_scalars; std::vector double_opening_elements; @@ -415,6 +413,23 @@ aggregation_state verify_proof_(typename Curve::Composer* context, return result; } +template +aggregation_state> verify_proof( + typename Flavor::CircuitConstructor* context, + std::shared_ptr>> key, + const plonk::proof& proof, + const aggregation_state> previous_output = + aggregation_state>()) +{ + // TODO(Cody): Be sure this is kosher + const auto manifest = + Flavor::create_manifest(static_cast(key->num_public_inputs.get_value().from_montgomery_form().data[0])); + return verify_proof< + bn254, + recursion::recursive_ultra_verifier_settings>>( + context, key, manifest, proof, previous_output); +} + } // namespace recursion } // namespace stdlib } // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp index bffd6a114e..d80af95e66 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier.test.cpp @@ -1,56 +1,88 @@ #include "verifier.hpp" +#include "program_settings.hpp" + #include "barretenberg/common/test.hpp" -#include "barretenberg/transcript/transcript.hpp" -#include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" -#include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/ecc/curves/bn254/fq12.hpp" #include "barretenberg/ecc/curves/bn254/pairing.hpp" -#include "../../hash/blake3s/blake3s.hpp" -#include "../../hash/pedersen/pedersen.hpp" -#include "program_settings.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" +#include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" +#include "barretenberg/stdlib/hash/blake3s/blake3s.hpp" +#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" +#include "barretenberg/stdlib/primitives/curves/bn254.hpp" +#include "barretenberg/transcript/transcript.hpp" -using namespace proof_system::plonk; +namespace proof_system::plonk::stdlib { template class stdlib_verifier : public testing::Test { - using InnerComposer = proof_system::plonk::UltraPlonkComposer; - - typedef stdlib::bn254 inner_curve; - typedef stdlib::bn254 outer_curve; - typedef proof_system::plonk::stdlib::recursion::verification_key verification_key_pt; - typedef proof_system::plonk::stdlib::recursion::recursive_ultra_verifier_settings recursive_settings; - typedef proof_system::plonk::stdlib::recursion::recursive_ultra_to_standard_verifier_settings - ultra_to_standard_recursive_settings; - typedef inner_curve::fr_ct fr_ct; - typedef inner_curve::public_witness_ct public_witness_ct; - typedef inner_curve::witness_ct witness_ct; + + using InnerComposer = proof_system::plonk::UltraPlonkComposerHelper; + using InnerBuilder = typename InnerComposer::CircuitConstructor; + + using OuterBuilder = typename OuterComposer::CircuitConstructor; + + using inner_curve = bn254; + using outer_curve = bn254; + + using verification_key_pt = recursion::verification_key; + using recursive_settings = recursion::recursive_ultra_verifier_settings; + using ultra_to_standard_recursive_settings = recursion::recursive_ultra_to_standard_verifier_settings; + + using inner_scalar_field_ct = inner_curve::fr_ct; + using inner_ground_field_ct = inner_curve::fq_ct; + using public_witness_ct = inner_curve::public_witness_ct; + using witness_ct = inner_curve::witness_ct; + using byte_array_ct = inner_curve::byte_array_ct; + + using inner_scalar_field = typename inner_curve::ScalarField; + using outer_scalar_field = typename outer_curve::BaseField; + using pairing_target_field = barretenberg::fq12; + + // These constexpr definitions are to allow for the following: An Ultra Pedersen hash evaluates to a + // different value from the Turbo/Standard versions of the Pedersen hash. Therefore, the fiat-shamir + // challenges generated by the prover and verifier _could_ accidentally be different if an ultra proof is + // generated using ultra-pedersen challenges, but is being verified within a non-ultra circuit which uses + // non-ultra-pedersen challenges. We need the prover and verifier hashes to be the same. The solution is to + // select the relevant prover and verifier types (whose settings use the same hash for fiat-shamir), + // depending on the Inner-Outer combo. It's a bit clunky, but the alternative is to have a template argument + // for the hashtype, and that would pervade the entire UltraPlonkComposer, which would be horrendous. + static constexpr bool is_ultra_to_ultra = + std::is_same_v; + using ProverOfInnerCircuit = + std::conditional_t; + using VerifierOfInnerProof = + std::conditional_t; + using RecursiveSettings = + std::conditional_t; struct circuit_outputs { - stdlib::recursion::aggregation_state aggregation_state; + recursion::aggregation_state aggregation_state; std::shared_ptr verification_key; }; - static void create_inner_circuit(InnerComposer& composer, const std::vector& public_inputs) + static void create_inner_circuit(InnerBuilder& builder, const std::vector& public_inputs) { - fr_ct a(public_witness_ct(&composer, public_inputs[0])); - fr_ct b(public_witness_ct(&composer, public_inputs[1])); - fr_ct c(public_witness_ct(&composer, public_inputs[2])); + inner_scalar_field_ct a(public_witness_ct(&builder, public_inputs[0])); + inner_scalar_field_ct b(public_witness_ct(&builder, public_inputs[1])); + inner_scalar_field_ct c(public_witness_ct(&builder, public_inputs[2])); for (size_t i = 0; i < 32; ++i) { a = (a * b) + b + a; a = a.madd(b, c); } - plonk::stdlib::pedersen_commitment::compress(a, b); - typename inner_curve::byte_array_ct to_hash(&composer, "nonsense test data"); - stdlib::blake3s(to_hash); + pedersen_commitment::compress(a, b); + byte_array_ct to_hash(&builder, "nonsense test data"); + blake3s(to_hash); - barretenberg::fr bigfield_data = fr::random_element(); - barretenberg::fr bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; - barretenberg::fr bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; + inner_scalar_field bigfield_data = fr::random_element(); + inner_scalar_field bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; + inner_scalar_field bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; - typename inner_curve::fq_ct big_a(fr_ct(witness_ct(&composer, bigfield_data_a.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); - typename inner_curve::fq_ct big_b(fr_ct(witness_ct(&composer, bigfield_data_b.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); + inner_ground_field_ct big_a(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_a.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); + inner_ground_field_ct big_b(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_b.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); big_a* big_b; }; @@ -58,13 +90,13 @@ template class stdlib_verifier : public testing::Test { /** * Test is included because UltraPlonkComposer used to fail for circuits which didn't lookup any tables. */ - static void create_inner_circuit_no_tables(InnerComposer& composer, - const std::vector& public_inputs) + static void create_inner_circuit_no_tables(InnerBuilder& builder, + const std::vector& public_inputs) { // A nice Pythagorean triples circuit example: "I know a & b s.t. a^2 + b^2 = c^2". - fr_ct a(witness_ct(&composer, public_inputs[0])); - fr_ct b(witness_ct(&composer, public_inputs[1])); - fr_ct c(witness_ct(&composer, public_inputs[2])); + inner_scalar_field_ct a(witness_ct(&builder, public_inputs[0])); + inner_scalar_field_ct b(witness_ct(&builder, public_inputs[1])); + inner_scalar_field_ct c(witness_ct(&builder, public_inputs[2])); auto a_sq = a * a; auto b_sq = b * b; @@ -75,65 +107,48 @@ template class stdlib_verifier : public testing::Test { c_sq.set_public(); }; - static void create_alternate_inner_circuit(InnerComposer& composer, - const std::vector& public_inputs) + static void create_alternate_inner_circuit(InnerBuilder& builder, + const std::vector& public_inputs) { - fr_ct a(public_witness_ct(&composer, public_inputs[0])); - fr_ct b(public_witness_ct(&composer, public_inputs[1])); - fr_ct c(public_witness_ct(&composer, public_inputs[2])); + inner_scalar_field_ct a(public_witness_ct(&builder, public_inputs[0])); + inner_scalar_field_ct b(public_witness_ct(&builder, public_inputs[1])); + inner_scalar_field_ct c(public_witness_ct(&builder, public_inputs[2])); for (size_t i = 0; i < 32; ++i) { a = (a * b) + b + a; a = c.madd(b, a); } - plonk::stdlib::pedersen_commitment::compress(a, a); - inner_curve::byte_array_ct to_hash(&composer, "different nonsense test data"); - stdlib::blake3s(to_hash); - - barretenberg::fr bigfield_data = fr::random_element(); - barretenberg::fr bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; - barretenberg::fr bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; - - inner_curve::bn254::fq_ct big_a(fr_ct(witness_ct(&composer, bigfield_data_a.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); - inner_curve::bn254::fq_ct big_b(fr_ct(witness_ct(&composer, bigfield_data_b.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); + pedersen_commitment::compress(a, a); + byte_array_ct to_hash(&builder, "different nonsense test data"); + blake3s(to_hash); + + inner_scalar_field bigfield_data = fr::random_element(); + inner_scalar_field bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; + inner_scalar_field bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; + + inner_ground_field_ct big_a(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_a.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); + inner_ground_field_ct big_b(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_b.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); ((big_a * big_b) + big_a) * big_b; } - static circuit_outputs create_outer_circuit(InnerComposer& inner_composer, OuterComposer& outer_composer) + static circuit_outputs create_outer_circuit(InnerBuilder& inner_circuit, OuterBuilder& outer_builder) { - // These constexpr definitions are to allow for the following: - // An Ultra Pedersen hash evaluates to a different value from the Turbo/Standard versions of the Pedersen hash. - // Therefore, the fiat-shamir challenges generated by the prover and verifier _could_ accidentally be different - // if an ultra proof is generated using ultra-pedersen challenges, but is being verified within a non-ultra - // circuit which uses non-ultra-pedersen challenges. We need the prover and verifier hashes to be the same. The - // solution is to select the relevant prover and verifier types (whose settings use the same hash for - // fiat-shamir), depending on the Inner-Outer combo. It's a bit clunky, but the alternative is to have a - // template argument for the hashtype, and that would pervade the entire UltraPlonkComposer, which would be - // horrendous. - constexpr bool is_ultra_to_ultra = std::is_same::value; - typedef typename std::conditional::type - ProverOfInnerCircuit; - typedef typename std::conditional::type - VerifierOfInnerProof; - typedef - typename std::conditional::type - RecursiveSettings; - info("Creating ultra (inner) prover..."); ProverOfInnerCircuit prover; + InnerComposer inner_composer; if constexpr (is_ultra_to_ultra) { - prover = inner_composer.create_prover(); + prover = inner_composer.create_prover(inner_circuit); } else { - prover = inner_composer.create_ultra_to_standard_prover(); + prover = inner_composer.create_ultra_to_standard_prover(inner_circuit); } info("Computing verification key..."); - const auto verification_key_native = inner_composer.compute_verification_key(); + const auto verification_key_native = inner_composer.compute_verification_key(inner_circuit); // Convert the verification key's elements into _circuit_ types, using the OUTER composer. std::shared_ptr verification_key = - verification_key_pt::from_witness(&outer_composer, verification_key_native); + verification_key_pt::from_witness(&outer_builder, verification_key_native); info("Constructing the ultra (inner) proof ..."); plonk::proof proof_to_recursively_verify = prover.construct_proof(); @@ -144,9 +159,9 @@ template class stdlib_verifier : public testing::Test { VerifierOfInnerProof native_verifier; if constexpr (is_ultra_to_ultra) { - native_verifier = inner_composer.create_verifier(); + native_verifier = inner_composer.create_verifier(inner_circuit); } else { - native_verifier = inner_composer.create_ultra_to_standard_verifier(); + native_verifier = inner_composer.create_ultra_to_standard_verifier(inner_circuit); } info("Verifying the ultra (inner) proof natively..."); @@ -157,63 +172,50 @@ template class stdlib_verifier : public testing::Test { transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover.key->num_public_inputs); - info("Verifying the ultra (inner) proof with CIRCUIT TYPES (i.e. within a standard plonk arithmetic circuit):"); - stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, proof_to_recursively_verify); + auto output = recursion::verify_proof( + &outer_builder, verification_key, recursive_manifest, proof_to_recursively_verify); return { output, verification_key }; }; - static circuit_outputs create_double_outer_circuit(InnerComposer& inner_composer_a, - InnerComposer& inner_composer_b, - OuterComposer& outer_composer) + static circuit_outputs create_double_outer_circuit(InnerBuilder& inner_circuit_a, + InnerBuilder& inner_circuit_b, + OuterBuilder& outer_circuit) { - // See create_outer_circuit for explanation of these constexpr definitions. - constexpr bool is_ultra_to_ultra = std::is_same::value; - typedef typename std::conditional::type - ProverOfInnerCircuit; - typedef - typename std::conditional::type - RecursiveSettings; - ProverOfInnerCircuit prover; + InnerComposer inner_composer_a; if constexpr (is_ultra_to_ultra) { - prover = inner_composer_a.create_prover(); + prover = inner_composer_a.create_prover(inner_circuit_a); } else { - prover = inner_composer_a.create_ultra_to_standard_prover(); + prover = inner_composer_a.create_ultra_to_standard_prover(inner_circuit_a); } - const auto verification_key_native = inner_composer_a.compute_verification_key(); + const auto verification_key_native = inner_composer_a.compute_verification_key(inner_circuit_a); std::shared_ptr verification_key = - verification_key_pt::from_witness(&outer_composer, verification_key_native); + verification_key_pt::from_witness(&outer_circuit, verification_key_native); plonk::proof proof_to_recursively_verify_a = prover.construct_proof(); transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover.key->num_public_inputs); - stdlib::recursion::aggregation_state previous_output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, proof_to_recursively_verify_a); + auto previous_output = recursion::verify_proof( + &outer_circuit, verification_key, recursive_manifest, proof_to_recursively_verify_a); + InnerComposer inner_composer_b; if constexpr (is_ultra_to_ultra) { - prover = inner_composer_b.create_prover(); + prover = inner_composer_b.create_prover(inner_circuit_b); } else { - prover = inner_composer_b.create_ultra_to_standard_prover(); + prover = inner_composer_b.create_ultra_to_standard_prover(inner_circuit_b); } - const auto verification_key_b_raw = inner_composer_b.compute_verification_key(); + const auto verification_key_b_raw = inner_composer_b.compute_verification_key(inner_circuit_b); std::shared_ptr verification_key_b = - verification_key_pt::from_witness(&outer_composer, verification_key_b_raw); + verification_key_pt::from_witness(&outer_circuit, verification_key_b_raw); plonk::proof proof_to_recursively_verify_b = prover.construct_proof(); - stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof(&outer_composer, - verification_key_b, - recursive_manifest, - proof_to_recursively_verify_b, - previous_output); + auto output = proof_system::plonk::stdlib::recursion::verify_proof( + &outer_circuit, verification_key_b, recursive_manifest, proof_to_recursively_verify_b, previous_output); verification_key_b->compress(); verification_key->compress(); @@ -221,43 +223,36 @@ template class stdlib_verifier : public testing::Test { } // creates a cicuit that verifies either a proof from composer a, or from composer b - static circuit_outputs create_outer_circuit_with_variable_inner_circuit(InnerComposer& inner_composer_a, - InnerComposer& inner_composer_b, - OuterComposer& outer_composer, + static circuit_outputs create_outer_circuit_with_variable_inner_circuit(InnerBuilder& inner_circuit_a, + InnerBuilder& inner_circuit_b, + OuterBuilder& outer_circuit, const bool proof_type, const bool create_failing_proof = false, const bool use_constant_key = false) { - // See create_outer_circuit for explanation of these constexpr definitions. - constexpr bool is_ultra_to_ultra = std::is_same::value; - typedef typename std::conditional::type - ProverOfInnerCircuit; - typedef - typename std::conditional::type - RecursiveSettings; - ProverOfInnerCircuit prover_a; ProverOfInnerCircuit prover_b; + InnerComposer inner_composer_a; + InnerComposer inner_composer_b; if constexpr (is_ultra_to_ultra) { - prover_a = inner_composer_a.create_prover(); - prover_b = inner_composer_b.create_prover(); + prover_a = inner_composer_a.create_prover(inner_circuit_a); + prover_b = inner_composer_b.create_prover(inner_circuit_b); } else { - prover_a = inner_composer_a.create_ultra_to_standard_prover(); - prover_b = inner_composer_b.create_ultra_to_standard_prover(); + prover_a = inner_composer_a.create_ultra_to_standard_prover(inner_circuit_a); + prover_b = inner_composer_b.create_ultra_to_standard_prover(inner_circuit_b); } - const auto verification_key_raw_a = inner_composer_a.compute_verification_key(); - const auto verification_key_raw_b = inner_composer_b.compute_verification_key(); + const auto verification_key_raw_a = inner_composer_a.compute_verification_key(inner_circuit_a); + const auto verification_key_raw_b = inner_composer_b.compute_verification_key(inner_circuit_b); std::shared_ptr verification_key; if (use_constant_key) { - verification_key = proof_type - ? verification_key_pt::from_constants(&outer_composer, verification_key_raw_a) - : verification_key_pt::from_constants(&outer_composer, verification_key_raw_b); + verification_key = proof_type ? verification_key_pt::from_constants(&outer_circuit, verification_key_raw_a) + : verification_key_pt::from_constants(&outer_circuit, verification_key_raw_b); } else { - verification_key = proof_type ? verification_key_pt::from_witness(&outer_composer, verification_key_raw_a) - : verification_key_pt::from_witness(&outer_composer, verification_key_raw_b); + verification_key = proof_type ? verification_key_pt::from_witness(&outer_circuit, verification_key_raw_a) + : verification_key_pt::from_witness(&outer_circuit, verification_key_raw_b); } if (!use_constant_key) { @@ -272,9 +267,9 @@ template class stdlib_verifier : public testing::Test { transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover_a.key->num_public_inputs); - stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof); + proof_system::plonk::stdlib::recursion::aggregation_state output = + proof_system::plonk::stdlib::recursion::verify_proof( + &outer_circuit, verification_key, recursive_manifest, recursive_proof); return { output, verification_key }; } @@ -283,159 +278,155 @@ template class stdlib_verifier : public testing::Test { * @brief Check the correctness of the recursive proof public inputs * * @details Circuit constructors have no notion of SRS and any proof-related stuff except for the existence of - * recursive proof-specific public inputs, so we can't check the recursive proof fully in check_circuit. So we use - * this additional function to check that the recursive proof points work. + * recursive proof-specific public inputs, so we can't check the recursive proof fully in check_circuit. So we + * use this additional function to check that the recursive proof points work. * * @return boolean result */ - static bool check_recursive_proof_public_inputs(OuterComposer& composer, + + static bool check_recursive_proof_public_inputs(OuterBuilder& builder, const barretenberg::pairing::miller_lines* lines) { - if (composer.contains_recursive_proof && composer.recursive_proof_public_input_indices.size() == 16) { - const auto& inputs = composer.circuit_constructor.public_inputs; + if (builder.contains_recursive_proof && builder.recursive_proof_public_input_indices.size() == 16) { + const auto& inputs = builder.public_inputs; const auto recover_fq_from_public_inputs = - [&inputs, &composer](const size_t idx0, const size_t idx1, const size_t idx2, const size_t idx3) { - const uint256_t l0 = composer.circuit_constructor.get_variable(inputs[idx0]); - const uint256_t l1 = composer.circuit_constructor.get_variable(inputs[idx1]); - const uint256_t l2 = composer.circuit_constructor.get_variable(inputs[idx2]); - const uint256_t l3 = composer.circuit_constructor.get_variable(inputs[idx3]); + [&inputs, &builder](const size_t idx0, const size_t idx1, const size_t idx2, const size_t idx3) { + const uint256_t l0 = builder.get_variable(inputs[idx0]); + const uint256_t l1 = builder.get_variable(inputs[idx1]); + const uint256_t l2 = builder.get_variable(inputs[idx2]); + const uint256_t l3 = builder.get_variable(inputs[idx3]); const uint256_t limb = l0 + (l1 << NUM_LIMB_BITS_IN_FIELD_SIMULATION) + (l2 << (NUM_LIMB_BITS_IN_FIELD_SIMULATION * 2)) + (l3 << (NUM_LIMB_BITS_IN_FIELD_SIMULATION * 3)); - return barretenberg::fq(limb); + return outer_scalar_field(limb); }; - const auto x0 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[0], - composer.recursive_proof_public_input_indices[1], - composer.recursive_proof_public_input_indices[2], - composer.recursive_proof_public_input_indices[3]); - const auto y0 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[4], - composer.recursive_proof_public_input_indices[5], - composer.recursive_proof_public_input_indices[6], - composer.recursive_proof_public_input_indices[7]); - const auto x1 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[8], - composer.recursive_proof_public_input_indices[9], - composer.recursive_proof_public_input_indices[10], - composer.recursive_proof_public_input_indices[11]); - const auto y1 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[12], - composer.recursive_proof_public_input_indices[13], - composer.recursive_proof_public_input_indices[14], - composer.recursive_proof_public_input_indices[15]); + const auto x0 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[0], + builder.recursive_proof_public_input_indices[1], + builder.recursive_proof_public_input_indices[2], + builder.recursive_proof_public_input_indices[3]); + const auto y0 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[4], + builder.recursive_proof_public_input_indices[5], + builder.recursive_proof_public_input_indices[6], + builder.recursive_proof_public_input_indices[7]); + const auto x1 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[8], + builder.recursive_proof_public_input_indices[9], + builder.recursive_proof_public_input_indices[10], + builder.recursive_proof_public_input_indices[11]); + const auto y1 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[12], + builder.recursive_proof_public_input_indices[13], + builder.recursive_proof_public_input_indices[14], + builder.recursive_proof_public_input_indices[15]); g1::affine_element P_affine[2]{ { x0, y0 }, { x1, y1 }, }; - barretenberg::fq12 result = + pairing_target_field result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed(P_affine, lines, 2); - return (result == barretenberg::fq12::one()); + return (result == pairing_target_field::one()); } return true; } - public: - static void test_recursive_proof_composition() + static void check_pairing(const circuit_outputs& circuit_output) { - InnerComposer inner_composer = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - create_inner_circuit(inner_composer, inner_inputs); - - auto circuit_output = create_outer_circuit(inner_composer, outer_composer); - + auto g2_lines = barretenberg::srs::get_crs_factory()->get_verifier_crs()->get_precomputed_g2_lines(); g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); - - EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs[0]); - EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs[1]); + P[0].x = outer_scalar_field(circuit_output.aggregation_state.P0.x.get_value().lo); + P[0].y = outer_scalar_field(circuit_output.aggregation_state.P0.y.get_value().lo); + P[1].x = outer_scalar_field(circuit_output.aggregation_state.P1.x.get_value().lo); + P[1].y = outer_scalar_field(circuit_output.aggregation_state.P1.y.get_value().lo); + pairing_target_field inner_proof_result = + barretenberg::pairing::reduced_ate_pairing_batch_precomputed(P, g2_lines, 2); + EXPECT_EQ(inner_proof_result, pairing_target_field::one()); + } - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); + static void check_recursive_verification_circuit(OuterBuilder& outer_circuit, bool expected_result) + { + info("number of gates in recursive verification circuit = ", outer_circuit.get_num_gates()); + bool result = outer_circuit.check_circuit(); + EXPECT_EQ(result, expected_result); + auto g2_lines = barretenberg::srs::get_crs_factory()->get_verifier_crs()->get_precomputed_g2_lines(); + EXPECT_EQ(check_recursive_proof_public_inputs(outer_circuit, g2_lines), true); + } - circuit_output.aggregation_state.assign_object_to_proof_outputs(); + public: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } - EXPECT_EQ(outer_composer.failed(), false); + static void test_inner_circuit() + { + InnerBuilder builder; + std::vector inputs{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - bool result = outer_composer.check_circuit(); + create_inner_circuit(builder, inputs); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); - - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); } - static void test_recursive_proof_composition_ultra_no_tables() + static void test_recursive_proof_composition() { - InnerComposer inner_composer = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - - std::vector inner_inputs{ 3, 4, 5 }; + InnerBuilder inner_circuit; + OuterBuilder outer_circuit; - create_inner_circuit_no_tables(inner_composer, inner_inputs); + std::vector inner_public_inputs{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = create_outer_circuit(inner_composer, outer_composer); + create_inner_circuit(inner_circuit, inner_public_inputs); - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); + auto circuit_output = create_outer_circuit(inner_circuit, outer_circuit); + EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_public_inputs[0]); + EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_public_inputs[1]); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + circuit_output.aggregation_state.assign_object_to_proof_outputs(); + EXPECT_EQ(outer_circuit.failed(), false); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); + } - circuit_output.aggregation_state.assign_object_to_proof_outputs(); + static void test_recursive_proof_composition_ultra_no_tables() + { + InnerBuilder inner_circuit; + OuterBuilder outer_circuit; - EXPECT_EQ(outer_composer.failed(), false); + std::vector inner_public_inputs{ 3, 4, 5 }; - info("composer gates = ", outer_composer.get_num_gates()); + create_inner_circuit_no_tables(inner_circuit, inner_public_inputs); - bool result = outer_composer.check_circuit(); + auto circuit_output = create_outer_circuit(inner_circuit, outer_circuit); - EXPECT_EQ(result, true); + circuit_output.aggregation_state.assign_object_to_proof_outputs(); + EXPECT_EQ(outer_circuit.failed(), false); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } static void test_double_verification() { - if constexpr (std::is_same::value) - return; // We only care about running this test for turbo and ultra outer circuits, since in practice the - // only circuits which verify >1 proof are ultra or turbo circuits. Standard uses so many gates - // (16m) that it's a waste of time testing it. - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; - OuterComposer mid_composer_a = OuterComposer("../srs_db/ignition"); - OuterComposer mid_composer_b = OuterComposer("../srs_db/ignition"); + OuterBuilder mid_circuit_a; + OuterBuilder mid_circuit_b; - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); + OuterBuilder outer_circuit; - std::vector inner_inputs{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + std::vector inner_inputs{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - create_inner_circuit(inner_composer_a, inner_inputs); - create_inner_circuit(inner_composer_b, inner_inputs); + create_inner_circuit(inner_circuit_a, inner_inputs); + create_inner_circuit(inner_circuit_b, inner_inputs); - auto circuit_output_a = create_outer_circuit(inner_composer_a, mid_composer_a); + auto circuit_output_a = create_outer_circuit(inner_circuit_a, mid_circuit_a); uint256_t a0 = circuit_output_a.aggregation_state.P0.x.binary_basis_limbs[1].element.get_value(); uint256_t a1 = circuit_output_a.aggregation_state.P0.y.binary_basis_limbs[1].element.get_value(); @@ -449,246 +440,143 @@ template class stdlib_verifier : public testing::Test { circuit_output_a.aggregation_state.assign_object_to_proof_outputs(); - auto circuit_output_b = create_outer_circuit(inner_composer_b, mid_composer_b); + auto circuit_output_b = create_outer_circuit(inner_circuit_b, mid_circuit_b); circuit_output_b.aggregation_state.assign_object_to_proof_outputs(); - auto circuit_output = create_double_outer_circuit(mid_composer_a, mid_composer_b, outer_composer); - + auto circuit_output = create_double_outer_circuit(mid_circuit_a, mid_circuit_b, outer_circuit); circuit_output.aggregation_state.assign_object_to_proof_outputs(); - - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); - EXPECT_EQ(circuit_output_a.aggregation_state.public_inputs[0].get_value(), inner_inputs[0]); EXPECT_EQ(circuit_output_a.aggregation_state.public_inputs[1].get_value(), inner_inputs[1]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } - // verifies a proof of a circuit that verifies one of two proofs. Test 'a' uses a proof over the first of the two - // variable circuits + // verifies a proof of a circuit that verifies one of two proofs. Test 'a' uses a proof over the first of the + // two variable circuits static void test_recursive_proof_composition_with_variable_verification_key_a() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = - create_outer_circuit_with_variable_inner_circuit(inner_composer_a, inner_composer_b, outer_composer, true); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + auto circuit_output = + create_outer_circuit_with_variable_inner_circuit(inner_circuit_a, inner_circuit_b, outer_circuit, true); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_a[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_a[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_a[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } - // verifies a proof of a circuit that verifies one of two proofs. Test 'b' uses a proof over the second of the two - // variable circuits + // verifies a proof of a circuit that verifies one of two proofs. Test 'b' uses a proof over the second of the + // two variable circuits static void test_recursive_proof_composition_with_variable_verification_key_b() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); - auto circuit_output = - create_outer_circuit_with_variable_inner_circuit(inner_composer_a, inner_composer_b, outer_composer, false); - g1::affine_element P[2]; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + + auto circuit_output = + create_outer_circuit_with_variable_inner_circuit(inner_circuit_a, inner_circuit_b, outer_circuit, false); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_b[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_b[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_b[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } static void test_recursive_proof_composition_with_variable_verification_key_failure_case() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = create_outer_circuit_with_variable_inner_circuit( - inner_composer_a, inner_composer_b, outer_composer, true, true); - - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + auto circuit_output = create_outer_circuit_with_variable_inner_circuit( + inner_circuit_a, inner_circuit_b, outer_circuit, true, true); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_a[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_a[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_a[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, false); - - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, false); } static void test_recursive_proof_composition_with_constant_verification_key() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = create_outer_circuit_with_variable_inner_circuit( - inner_composer_a, inner_composer_b, outer_composer, true, false, true); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + auto circuit_output = create_outer_circuit_with_variable_inner_circuit( + inner_circuit_a, inner_circuit_b, outer_circuit, true, false, true); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_a[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_a[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_a[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); - } - - static void test_inner_circuit() - { - if constexpr (!std::is_same::value) - return; // We only want to run this test once (since it's not actually dependent on the typed test - // parameter; which is the outer composer). We've only made it a typed test so that it can be - // included in this test suite. So to avoid running this test identically 3 times, we escape all but - // 1 permutation. - - InnerComposer inner_composer = InnerComposer("../srs_db/ignition"); - std::vector inner_inputs{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - create_inner_circuit(inner_composer, inner_inputs); - - auto prover = inner_composer.create_prover(); - auto verifier = inner_composer.create_verifier(); - auto proof = prover.construct_proof(); - auto verified = verifier.verify_proof(proof); - EXPECT_EQ(verified, true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } }; -typedef testing::Types - OuterComposerTypes; +typedef testing:: + Types + OuterComposerTypes; TYPED_TEST_SUITE(stdlib_verifier, OuterComposerTypes); +HEAVY_TYPED_TEST(stdlib_verifier, test_inner_circuit) +{ + TestFixture::test_inner_circuit(); +} + HEAVY_TYPED_TEST(stdlib_verifier, recursive_proof_composition) { TestFixture::test_recursive_proof_composition(); @@ -696,20 +584,19 @@ HEAVY_TYPED_TEST(stdlib_verifier, recursive_proof_composition) HEAVY_TYPED_TEST(stdlib_verifier, recursive_proof_composition_ultra_no_tables) { - if constexpr (TypeParam::type == ComposerType::PLOOKUP) { + if constexpr (std::same_as) { TestFixture::test_recursive_proof_composition_ultra_no_tables(); } else { - // no point running this if we're not in UltraPlonk GTEST_SKIP(); } }; HEAVY_TYPED_TEST(stdlib_verifier, double_verification) { - if constexpr (TypeParam::type == ComposerType::PLOOKUP) { + if constexpr (std::same_as) { TestFixture::test_double_verification(); } else { - // CircleCI can't cope with non-ultraplonk version. + // Test doesn't compile-. GTEST_SKIP(); } }; @@ -734,7 +621,4 @@ HEAVY_TYPED_TEST(stdlib_verifier, recursive_proof_composition_const_verif_key) TestFixture::test_recursive_proof_composition_with_constant_verification_key(); } -HEAVY_TYPED_TEST(stdlib_verifier, test_inner_circuit) -{ - TestFixture::test_inner_circuit(); -} +} // namespace proof_system::plonk::stdlib \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp index e8349f8eb9..3a92aa233f 100644 --- a/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp +++ b/cpp/src/barretenberg/stdlib/recursion/verifier/verifier_turbo.test.cpp @@ -1,207 +1,202 @@ #include "verifier.hpp" +#include "program_settings.hpp" + #include "barretenberg/common/test.hpp" -#include "barretenberg/transcript/transcript.hpp" -#include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" -#include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/ecc/curves/bn254/fq12.hpp" #include "barretenberg/ecc/curves/bn254/pairing.hpp" -#include "../../hash/blake3s/blake3s.hpp" -#include "../../hash/pedersen/pedersen.hpp" -#include "program_settings.hpp" +#include "barretenberg/plonk/composer/composer_helper/standard_plonk_composer_helper.hpp" +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" +#include "barretenberg/plonk/proof_system/proving_key/serialize.hpp" +#include "barretenberg/stdlib/hash/blake3s/blake3s.hpp" +#include "barretenberg/stdlib/hash/pedersen/pedersen.hpp" +#include "barretenberg/stdlib/primitives/curves/bn254.hpp" +#include "barretenberg/transcript/transcript.hpp" -using namespace proof_system::plonk; +namespace proof_system::plonk::stdlib { template class stdlib_verifier_turbo : public testing::Test { - using InnerComposer = proof_system::plonk::TurboPlonkComposer; - typedef stdlib::bn254 inner_curve; - typedef stdlib::bn254 outer_curve; - typedef proof_system::plonk::stdlib::recursion::verification_key verification_key_pt; - typedef proof_system::plonk::stdlib::recursion::recursive_turbo_verifier_settings recursive_settings; - typedef inner_curve::fr_ct fr_ct; - typedef inner_curve::public_witness_ct public_witness_ct; - typedef inner_curve::witness_ct witness_ct; + using InnerComposer = proof_system::plonk::TurboPlonkComposerHelper; + using InnerBuilder = typename InnerComposer::CircuitConstructor; + + using OuterBuilder = typename OuterComposer::CircuitConstructor; + + using inner_curve = bn254; + using outer_curve = bn254; + + using verification_key_pt = recursion::verification_key; + using recursive_settings = recursion::recursive_turbo_verifier_settings; + + using inner_scalar_field_ct = inner_curve::fr_ct; + using inner_ground_field_ct = inner_curve::fq_ct; + using public_witness_ct = inner_curve::public_witness_ct; + using witness_ct = inner_curve::witness_ct; + using byte_array_ct = inner_curve::byte_array_ct; + + using inner_scalar_field = typename inner_curve::ScalarField; + using outer_scalar_field = typename outer_curve::BaseField; + using pairing_target_field = barretenberg::fq12; + + using ProverOfInnerCircuit = plonk::TurboProver; + using VerifierOfInnerProof = plonk::TurboVerifier; + using RecursiveSettings = recursive_settings; struct circuit_outputs { - stdlib::recursion::aggregation_state aggregation_state; + recursion::aggregation_state aggregation_state; std::shared_ptr verification_key; }; - /** - * @brief Check the correctness of the recursive proof public inputs - * - * @details Circuit constructors have no notion of SRS and any proof-related stuff except for the existence of - * recursive proof-specific public inputs, so we can't check the recursive proof fully in check_circuit. So we use - * this additional function to check that the recursive proof points work. - * - * @return true - * @return false - */ - static bool check_recursive_proof_public_inputs(OuterComposer& composer, - const barretenberg::pairing::miller_lines* lines) + + static void create_inner_circuit(InnerBuilder& builder, const std::vector& public_inputs) { - if (composer.contains_recursive_proof && composer.recursive_proof_public_input_indices.size() == 16) { - const auto& inputs = composer.circuit_constructor.public_inputs; - const auto recover_fq_from_public_inputs = - [&inputs, &composer](const size_t idx0, const size_t idx1, const size_t idx2, const size_t idx3) { - const uint256_t l0 = composer.circuit_constructor.get_variable(inputs[idx0]); - const uint256_t l1 = composer.circuit_constructor.get_variable(inputs[idx1]); - const uint256_t l2 = composer.circuit_constructor.get_variable(inputs[idx2]); - const uint256_t l3 = composer.circuit_constructor.get_variable(inputs[idx3]); + inner_scalar_field_ct a(public_witness_ct(&builder, public_inputs[0])); + inner_scalar_field_ct b(public_witness_ct(&builder, public_inputs[1])); + inner_scalar_field_ct c(public_witness_ct(&builder, public_inputs[2])); - const uint256_t limb = l0 + (l1 << NUM_LIMB_BITS_IN_FIELD_SIMULATION) + - (l2 << (NUM_LIMB_BITS_IN_FIELD_SIMULATION * 2)) + - (l3 << (NUM_LIMB_BITS_IN_FIELD_SIMULATION * 3)); - return barretenberg::fq(limb); - }; + for (size_t i = 0; i < 32; ++i) { + a = (a * b) + b + a; + a = a.madd(b, c); + } + pedersen_commitment::compress(a, b); + byte_array_ct to_hash(&builder, "nonsense test data"); + blake3s(to_hash); - const auto x0 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[0], - composer.recursive_proof_public_input_indices[1], - composer.recursive_proof_public_input_indices[2], - composer.recursive_proof_public_input_indices[3]); - const auto y0 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[4], - composer.recursive_proof_public_input_indices[5], - composer.recursive_proof_public_input_indices[6], - composer.recursive_proof_public_input_indices[7]); - const auto x1 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[8], - composer.recursive_proof_public_input_indices[9], - composer.recursive_proof_public_input_indices[10], - composer.recursive_proof_public_input_indices[11]); - const auto y1 = recover_fq_from_public_inputs(composer.recursive_proof_public_input_indices[12], - composer.recursive_proof_public_input_indices[13], - composer.recursive_proof_public_input_indices[14], - composer.recursive_proof_public_input_indices[15]); - g1::affine_element P_affine[2]{ - { x0, y0 }, - { x1, y1 }, - }; + inner_scalar_field bigfield_data = fr::random_element(); + inner_scalar_field bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; + inner_scalar_field bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; - barretenberg::fq12 result = - barretenberg::pairing::reduced_ate_pairing_batch_precomputed(P_affine, lines, 2); + inner_ground_field_ct big_a(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_a.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); + inner_ground_field_ct big_b(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_b.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); - return (result == barretenberg::fq12::one()); - } - return true; - } - static void create_inner_circuit(InnerComposer& composer, const std::vector& public_inputs) + big_a* big_b; + }; + static void create_alternate_inner_circuit(InnerBuilder& builder, + const std::vector& public_inputs) { - fr_ct a(public_witness_ct(&composer, public_inputs[0])); - fr_ct b(public_witness_ct(&composer, public_inputs[1])); - fr_ct c(public_witness_ct(&composer, public_inputs[2])); + inner_scalar_field_ct a(public_witness_ct(&builder, public_inputs[0])); + inner_scalar_field_ct b(public_witness_ct(&builder, public_inputs[1])); + inner_scalar_field_ct c(public_witness_ct(&builder, public_inputs[2])); for (size_t i = 0; i < 32; ++i) { a = (a * b) + b + a; - a = a.madd(b, c); + a = c.madd(b, a); } - plonk::stdlib::pedersen_commitment::compress(a, b); - typename inner_curve::byte_array_ct to_hash(&composer, "nonsense test data"); - stdlib::blake3s(to_hash); - - barretenberg::fr bigfield_data = fr::random_element(); - barretenberg::fr bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; - barretenberg::fr bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; - - typename inner_curve::fq_ct big_a(fr_ct(witness_ct(&composer, bigfield_data_a.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); - typename inner_curve::fq_ct big_b(fr_ct(witness_ct(&composer, bigfield_data_b.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); - big_a* big_b; - }; + pedersen_commitment::compress(a, a); + byte_array_ct to_hash(&builder, "different nonsense test data"); + blake3s(to_hash); + + inner_scalar_field bigfield_data = fr::random_element(); + inner_scalar_field bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; + inner_scalar_field bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; + + inner_ground_field_ct big_a(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_a.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); + inner_ground_field_ct big_b(inner_scalar_field_ct(witness_ct(&builder, bigfield_data_b.to_montgomery_form())), + inner_scalar_field_ct(witness_ct(&builder, 0))); + ((big_a * big_b) + big_a) * big_b; + } - static circuit_outputs create_outer_circuit(InnerComposer& inner_composer, OuterComposer& outer_composer) + static circuit_outputs create_outer_circuit(InnerBuilder& inner_circuit, OuterBuilder& outer_builder) { - auto prover = inner_composer.create_prover(); - const auto verification_key_raw = inner_composer.compute_verification_key(); + info("Creating turbo (inner) prover..."); + ProverOfInnerCircuit prover; + InnerComposer inner_composer; + prover = inner_composer.create_prover(inner_circuit); + + info("Computing verification key..."); + const auto verification_key_native = inner_composer.compute_verification_key(inner_circuit); + // Convert the verification key's elements into _circuit_ types, using the OUTER composer. std::shared_ptr verification_key = - verification_key_pt::from_witness(&outer_composer, verification_key_raw); - plonk::proof recursive_proof = prover.construct_proof(); + verification_key_pt::from_witness(&outer_builder, verification_key_native); + + info("Constructing the turbo (inner) proof ..."); + plonk::proof proof_to_recursively_verify = prover.construct_proof(); + + { + // Native check is mainly for comparison vs circuit version of the verifier. + info("Creating a native turbo (inner) verifier..."); + VerifierOfInnerProof native_verifier; + native_verifier = inner_composer.create_verifier(inner_circuit); + + info("Verifying the turbo (inner) proof natively..."); + auto native_result = native_verifier.verify_proof(proof_to_recursively_verify); + + info("Native result: ", native_result); + } + transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover.key->num_public_inputs); - stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof); + + auto output = recursion::verify_proof( + &outer_builder, verification_key, recursive_manifest, proof_to_recursively_verify); + return { output, verification_key }; }; - static circuit_outputs create_double_outer_circuit(InnerComposer& inner_composer_a, - InnerComposer& inner_composer_b, - OuterComposer& outer_composer) + static circuit_outputs create_double_outer_circuit(InnerBuilder& inner_circuit_a, + InnerBuilder& inner_circuit_b, + OuterBuilder& outer_circuit) { + ProverOfInnerCircuit prover; + InnerComposer inner_composer_a; + prover = inner_composer_a.create_prover(inner_circuit_a); - auto prover = inner_composer_a.create_prover(); - - const auto verification_key_raw = inner_composer_a.compute_verification_key(); + const auto verification_key_native = inner_composer_a.compute_verification_key(inner_circuit_a); std::shared_ptr verification_key = - verification_key_pt::from_witness(&outer_composer, verification_key_raw); - plonk::proof recursive_proof_a = prover.construct_proof(); + verification_key_pt::from_witness(&outer_circuit, verification_key_native); + + plonk::proof proof_to_recursively_verify_a = prover.construct_proof(); transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover.key->num_public_inputs); - stdlib::recursion::aggregation_state previous_output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof_a); + auto previous_output = recursion::verify_proof( + &outer_circuit, verification_key, recursive_manifest, proof_to_recursively_verify_a); - auto prover_b = inner_composer_b.create_prover(); + InnerComposer inner_composer_b; + prover = inner_composer_b.create_prover(inner_circuit_b); - const auto verification_key_b_raw = inner_composer_b.compute_verification_key(); + const auto verification_key_b_raw = inner_composer_b.compute_verification_key(inner_circuit_b); std::shared_ptr verification_key_b = - verification_key_pt::from_witness(&outer_composer, verification_key_b_raw); - plonk::proof recursive_proof_b = prover_b.construct_proof(); + verification_key_pt::from_witness(&outer_circuit, verification_key_b_raw); - stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key_b, recursive_manifest, recursive_proof_b, previous_output); + plonk::proof proof_to_recursively_verify_b = prover.construct_proof(); - return { output, verification_key }; - } - - static void create_alternate_inner_circuit(InnerComposer& composer, - const std::vector& public_inputs) - { - fr_ct a(public_witness_ct(&composer, public_inputs[0])); - fr_ct b(public_witness_ct(&composer, public_inputs[1])); - fr_ct c(public_witness_ct(&composer, public_inputs[2])); + auto output = proof_system::plonk::stdlib::recursion::verify_proof( + &outer_circuit, verification_key_b, recursive_manifest, proof_to_recursively_verify_b, previous_output); - for (size_t i = 0; i < 32; ++i) { - a = (a * b) + b + a; - a = c.madd(b, a); - } - plonk::stdlib::pedersen_commitment::compress(a, a); - inner_curve::byte_array_ct to_hash(&composer, "different nonsense test data"); - stdlib::blake3s(to_hash); - - barretenberg::fr bigfield_data = fr::random_element(); - barretenberg::fr bigfield_data_a{ bigfield_data.data[0], bigfield_data.data[1], 0, 0 }; - barretenberg::fr bigfield_data_b{ bigfield_data.data[2], bigfield_data.data[3], 0, 0 }; - - inner_curve::bn254::fq_ct big_a(fr_ct(witness_ct(&composer, bigfield_data_a.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); - inner_curve::bn254::fq_ct big_b(fr_ct(witness_ct(&composer, bigfield_data_b.to_montgomery_form())), - fr_ct(witness_ct(&composer, 0))); - ((big_a * big_b) + big_a) * big_b; + verification_key_b->compress(); + verification_key->compress(); + return { output, verification_key }; } // creates a cicuit that verifies either a proof from composer a, or from composer b - static circuit_outputs create_outer_circuit_with_variable_inner_circuit(InnerComposer& inner_composer_a, - InnerComposer& inner_composer_b, - OuterComposer& outer_composer, + static circuit_outputs create_outer_circuit_with_variable_inner_circuit(InnerBuilder& inner_circuit_a, + InnerBuilder& inner_circuit_b, + OuterBuilder& outer_circuit, const bool proof_type, const bool create_failing_proof = false, const bool use_constant_key = false) { - auto prover_a = inner_composer_a.create_prover(); - auto prover_b = inner_composer_b.create_prover(); - const auto verification_key_raw_a = inner_composer_a.compute_verification_key(); - const auto verification_key_raw_b = inner_composer_b.compute_verification_key(); + ProverOfInnerCircuit prover_a; + ProverOfInnerCircuit prover_b; + InnerComposer inner_composer_a; + InnerComposer inner_composer_b; + prover_a = inner_composer_a.create_prover(inner_circuit_a); + prover_b = inner_composer_b.create_prover(inner_circuit_b); + + const auto verification_key_raw_a = inner_composer_a.compute_verification_key(inner_circuit_a); + const auto verification_key_raw_b = inner_composer_b.compute_verification_key(inner_circuit_b); std::shared_ptr verification_key; if (use_constant_key) { - verification_key = proof_type - ? verification_key_pt::from_constants(&outer_composer, verification_key_raw_a) - : verification_key_pt::from_constants(&outer_composer, verification_key_raw_b); + verification_key = proof_type ? verification_key_pt::from_constants(&outer_circuit, verification_key_raw_a) + : verification_key_pt::from_constants(&outer_circuit, verification_key_raw_b); } else { - verification_key = proof_type ? verification_key_pt::from_witness(&outer_composer, verification_key_raw_a) - : verification_key_pt::from_witness(&outer_composer, verification_key_raw_b); + verification_key = proof_type ? verification_key_pt::from_witness(&outer_circuit, verification_key_raw_a) + : verification_key_pt::from_witness(&outer_circuit, verification_key_raw_b); } + if (!use_constant_key) { if (create_failing_proof) { verification_key->validate_key_is_in_set({ verification_key_raw_b, verification_key_raw_b }); @@ -209,300 +204,301 @@ template class stdlib_verifier_turbo : public testing:: verification_key->validate_key_is_in_set({ verification_key_raw_a, verification_key_raw_b }); } } + plonk::proof recursive_proof = proof_type ? prover_a.construct_proof() : prover_b.construct_proof(); + transcript::Manifest recursive_manifest = InnerComposer::create_manifest(prover_a.key->num_public_inputs); - stdlib::recursion::aggregation_state output = - stdlib::recursion::verify_proof( - &outer_composer, verification_key, recursive_manifest, recursive_proof); + + proof_system::plonk::stdlib::recursion::aggregation_state output = + proof_system::plonk::stdlib::recursion::verify_proof( + &outer_circuit, verification_key, recursive_manifest, recursive_proof); + return { output, verification_key }; } - public: - static void test_recursive_proof_composition() + // /** + // * @brief Check the correctness of the recursive proof public inputs + // * + // * @details Circuit constructors have no notion of SRS and any proof-related stuff except for the existence of + // * recursive proof-specific public inputs, so we can't check the recursive proof fully in check_circuit. So we + // * use this additional function to check that the recursive proof points work. + // * + // * @return boolean result + // */ + + static bool check_recursive_proof_public_inputs(OuterBuilder& builder, + const barretenberg::pairing::miller_lines* lines) { - InnerComposer inner_composer = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + if (builder.contains_recursive_proof && builder.recursive_proof_public_input_indices.size() == 16) { + const auto& inputs = builder.public_inputs; + const auto recover_fq_from_public_inputs = + [&inputs, &builder](const size_t idx0, const size_t idx1, const size_t idx2, const size_t idx3) { + const uint256_t l0 = builder.get_variable(inputs[idx0]); + const uint256_t l1 = builder.get_variable(inputs[idx1]); + const uint256_t l2 = builder.get_variable(inputs[idx2]); + const uint256_t l3 = builder.get_variable(inputs[idx3]); + + const uint256_t limb = l0 + (l1 << NUM_LIMB_BITS_IN_FIELD_SIMULATION) + + (l2 << (NUM_LIMB_BITS_IN_FIELD_SIMULATION * 2)) + + (l3 << (NUM_LIMB_BITS_IN_FIELD_SIMULATION * 3)); + return outer_scalar_field(limb); + }; - create_inner_circuit(inner_composer, inner_inputs); + const auto x0 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[0], + builder.recursive_proof_public_input_indices[1], + builder.recursive_proof_public_input_indices[2], + builder.recursive_proof_public_input_indices[3]); + const auto y0 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[4], + builder.recursive_proof_public_input_indices[5], + builder.recursive_proof_public_input_indices[6], + builder.recursive_proof_public_input_indices[7]); + const auto x1 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[8], + builder.recursive_proof_public_input_indices[9], + builder.recursive_proof_public_input_indices[10], + builder.recursive_proof_public_input_indices[11]); + const auto y1 = recover_fq_from_public_inputs(builder.recursive_proof_public_input_indices[12], + builder.recursive_proof_public_input_indices[13], + builder.recursive_proof_public_input_indices[14], + builder.recursive_proof_public_input_indices[15]); + g1::affine_element P_affine[2]{ + { x0, y0 }, + { x1, y1 }, + }; - auto circuit_output = create_outer_circuit(inner_composer, outer_composer); + pairing_target_field result = + barretenberg::pairing::reduced_ate_pairing_batch_precomputed(P_affine, lines, 2); + return (result == pairing_target_field::one()); + } + return true; + } + + static void check_pairing(const circuit_outputs& circuit_output) + { + auto g2_lines = barretenberg::srs::get_crs_factory()->get_verifier_crs()->get_precomputed_g2_lines(); g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + P[0].x = outer_scalar_field(circuit_output.aggregation_state.P0.x.get_value().lo); + P[0].y = outer_scalar_field(circuit_output.aggregation_state.P0.y.get_value().lo); + P[1].x = outer_scalar_field(circuit_output.aggregation_state.P1.x.get_value().lo); + P[1].y = outer_scalar_field(circuit_output.aggregation_state.P1.y.get_value().lo); + pairing_target_field inner_proof_result = + barretenberg::pairing::reduced_ate_pairing_batch_precomputed(P, g2_lines, 2); + EXPECT_EQ(inner_proof_result, pairing_target_field::one()); + } - EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs[0]); - EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs[1]); + static void check_recursive_verification_circuit(OuterBuilder& outer_circuit, bool expected_result) + { + info("number of gates in recursive verification circuit = ", outer_circuit.get_num_gates()); + bool result = outer_circuit.check_circuit(); + EXPECT_EQ(result, expected_result); + auto g2_lines = barretenberg::srs::get_crs_factory()->get_verifier_crs()->get_precomputed_g2_lines(); + EXPECT_EQ(check_recursive_proof_public_inputs(outer_circuit, g2_lines), true); + } - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); + public: + static void SetUpTestSuite() { barretenberg::srs::init_crs_factory("../srs_db/ignition"); } - circuit_output.aggregation_state.assign_object_to_proof_outputs(); + static void test_inner_circuit() + { + InnerBuilder builder; + std::vector inputs{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - EXPECT_EQ(outer_composer.failed(), false); + create_inner_circuit(builder, inputs); - bool result = outer_composer.check_circuit(); + bool result = builder.check_circuit(); EXPECT_EQ(result, true); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + } + + static void test_recursive_proof_composition() + { + InnerBuilder inner_circuit; + OuterBuilder outer_circuit; + + std::vector inner_public_inputs{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; + + create_inner_circuit(inner_circuit, inner_public_inputs); + + auto circuit_output = create_outer_circuit(inner_circuit, outer_circuit); + EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_public_inputs[0]); + EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_public_inputs[1]); + + circuit_output.aggregation_state.assign_object_to_proof_outputs(); + EXPECT_EQ(outer_circuit.failed(), false); + + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } static void test_double_verification() { - if constexpr (!(std::is_same::value || - std::is_same::value)) - return; // We only care about running this test for turbo and ultra outer circuits, since in practice the - // only circuits which verify >1 proof are ultra or turbo circuits. Standard uses so many gates - // (16m) that it's a waste of time testing it. + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); + OuterBuilder mid_circuit_a; + OuterBuilder mid_circuit_b; - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); + OuterBuilder outer_circuit; - std::vector inner_inputs{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + std::vector inner_inputs{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - create_inner_circuit(inner_composer_a, inner_inputs); - create_inner_circuit(inner_composer_b, inner_inputs); + create_inner_circuit(inner_circuit_a, inner_inputs); + create_inner_circuit(inner_circuit_b, inner_inputs); - auto circuit_output = create_double_outer_circuit(inner_composer_a, inner_composer_b, outer_composer); + auto circuit_output_a = create_outer_circuit(inner_circuit_a, mid_circuit_a); - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + uint256_t a0 = circuit_output_a.aggregation_state.P0.x.binary_basis_limbs[1].element.get_value(); + uint256_t a1 = circuit_output_a.aggregation_state.P0.y.binary_basis_limbs[1].element.get_value(); + uint256_t a2 = circuit_output_a.aggregation_state.P1.x.binary_basis_limbs[1].element.get_value(); + uint256_t a3 = circuit_output_a.aggregation_state.P1.y.binary_basis_limbs[1].element.get_value(); - EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs[0]); - EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs[1]); + ASSERT(a0.get_msb() <= 68); + ASSERT(a1.get_msb() <= 68); + ASSERT(a2.get_msb() <= 68); + ASSERT(a3.get_msb() <= 68); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); + circuit_output_a.aggregation_state.assign_object_to_proof_outputs(); - printf("composer gates = %zu\n", outer_composer.get_num_gates()); + auto circuit_output_b = create_outer_circuit(inner_circuit_b, mid_circuit_b); - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + circuit_output_b.aggregation_state.assign_object_to_proof_outputs(); + + auto circuit_output = create_double_outer_circuit(mid_circuit_a, mid_circuit_b, outer_circuit); + circuit_output.aggregation_state.assign_object_to_proof_outputs(); + EXPECT_EQ(circuit_output_a.aggregation_state.public_inputs[0].get_value(), inner_inputs[0]); + EXPECT_EQ(circuit_output_a.aggregation_state.public_inputs[1].get_value(), inner_inputs[1]); + + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } - // verifies a proof of a circuit that verifies one of two proofs. Test 'a' uses a proof over the first of the two - // variable circuits + // verifies a proof of a circuit that verifies one of two proofs. Test 'a' uses a proof over the first of the + // two variable circuits static void test_recursive_proof_composition_with_variable_verification_key_a() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = - create_outer_circuit_with_variable_inner_circuit(inner_composer_a, inner_composer_b, outer_composer, true); - - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + auto circuit_output = + create_outer_circuit_with_variable_inner_circuit(inner_circuit_a, inner_circuit_b, outer_circuit, true); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_a[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_a[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_a[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } - // verifies a proof of a circuit that verifies one of two proofs. Test 'b' uses a proof over the second of the two - // variable circuits + // verifies a proof of a circuit that verifies one of two proofs. Test 'b' uses a proof over the second of the + // two variable circuits static void test_recursive_proof_composition_with_variable_verification_key_b() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); - auto circuit_output = - create_outer_circuit_with_variable_inner_circuit(inner_composer_a, inner_composer_b, outer_composer, false); - g1::affine_element P[2]; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + + auto circuit_output = + create_outer_circuit_with_variable_inner_circuit(inner_circuit_a, inner_circuit_b, outer_circuit, false); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_b[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_b[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_b[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } static void test_recursive_proof_composition_with_variable_verification_key_failure_case() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = create_outer_circuit_with_variable_inner_circuit( - inner_composer_a, inner_composer_b, outer_composer, true, true); - - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + auto circuit_output = create_outer_circuit_with_variable_inner_circuit( + inner_circuit_a, inner_circuit_b, outer_circuit, true, true); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_a[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_a[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_a[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, false); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, false); } static void test_recursive_proof_composition_with_constant_verification_key() { - InnerComposer inner_composer_a = InnerComposer("../srs_db/ignition"); - InnerComposer inner_composer_b = InnerComposer("../srs_db/ignition"); - OuterComposer outer_composer = OuterComposer("../srs_db/ignition"); - std::vector inner_inputs_a{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - std::vector inner_inputs_b{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; + InnerBuilder inner_circuit_a; + InnerBuilder inner_circuit_b; + OuterBuilder outer_circuit; - create_inner_circuit(inner_composer_a, inner_inputs_a); - create_alternate_inner_circuit(inner_composer_b, inner_inputs_b); + std::vector inner_inputs_a{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - auto circuit_output = create_outer_circuit_with_variable_inner_circuit( - inner_composer_a, inner_composer_b, outer_composer, true, false, true); + std::vector inner_inputs_b{ inner_scalar_field::random_element(), + inner_scalar_field::random_element(), + inner_scalar_field::random_element() }; - g1::affine_element P[2]; - P[0].x = barretenberg::fq(circuit_output.aggregation_state.P0.x.get_value().lo); - P[0].y = barretenberg::fq(circuit_output.aggregation_state.P0.y.get_value().lo); - P[1].x = barretenberg::fq(circuit_output.aggregation_state.P1.x.get_value().lo); - P[1].y = barretenberg::fq(circuit_output.aggregation_state.P1.y.get_value().lo); - barretenberg::fq12 inner_proof_result = barretenberg::pairing::reduced_ate_pairing_batch_precomputed( - P, circuit_output.verification_key->reference_string->get_precomputed_g2_lines(), 2); + create_inner_circuit(inner_circuit_a, inner_inputs_a); + create_alternate_inner_circuit(inner_circuit_b, inner_inputs_b); + auto circuit_output = create_outer_circuit_with_variable_inner_circuit( + inner_circuit_a, inner_circuit_b, outer_circuit, true, false, true); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[0].get_value(), inner_inputs_a[0]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[1].get_value(), inner_inputs_a[1]); EXPECT_EQ(circuit_output.aggregation_state.public_inputs[2].get_value(), inner_inputs_a[2]); - EXPECT_EQ(inner_proof_result, barretenberg::fq12::one()); - - printf("composer gates = %zu\n", outer_composer.get_num_gates()); - - bool result = outer_composer.check_circuit(); - EXPECT_EQ(result, true); - EXPECT_EQ(check_recursive_proof_public_inputs( - outer_composer, - outer_composer.composer_helper.crs_factory_->get_verifier_crs()->get_precomputed_g2_lines()), - true); - } - - static void test_inner_circuit() - { - if constexpr (!std::is_same::value) - return; // We only want to run this test once (since it's not actually dependent on the typed test - // parameter; which is the outer composer). We've only made it a typed test so that it can be - // included in this test suite. So to avoid running this test identically 3 times, we escape all but - // 1 permutation. - - InnerComposer inner_composer = InnerComposer("../srs_db/ignition"); - std::vector inner_inputs{ barretenberg::fr::random_element(), - barretenberg::fr::random_element(), - barretenberg::fr::random_element() }; - - create_inner_circuit(inner_composer, inner_inputs); - - auto prover = inner_composer.create_prover(); - auto verifier = inner_composer.create_verifier(); - auto proof = prover.construct_proof(); - auto verified = verifier.verify_proof(proof); - EXPECT_EQ(verified, true); + check_pairing(circuit_output); + check_recursive_verification_circuit(outer_circuit, true); } }; -typedef testing::Types OuterComposerTypes; +typedef testing::Types OuterComposerTypes; TYPED_TEST_SUITE(stdlib_verifier_turbo, OuterComposerTypes); +HEAVY_TYPED_TEST(stdlib_verifier_turbo, test_inner_circuit) +{ + TestFixture::test_inner_circuit(); +} + HEAVY_TYPED_TEST(stdlib_verifier_turbo, recursive_proof_composition) { TestFixture::test_recursive_proof_composition(); @@ -510,7 +506,12 @@ HEAVY_TYPED_TEST(stdlib_verifier_turbo, recursive_proof_composition) HEAVY_TYPED_TEST(stdlib_verifier_turbo, double_verification) { - TestFixture::test_double_verification(); + if constexpr (std::same_as) { + TestFixture::test_double_verification(); + } else { + // Test doesn't compile. + GTEST_SKIP(); + } }; HEAVY_TYPED_TEST(stdlib_verifier_turbo, recursive_proof_composition_with_variable_verification_key_a) @@ -533,7 +534,4 @@ HEAVY_TYPED_TEST(stdlib_verifier_turbo, recursive_proof_composition_const_verif_ TestFixture::test_recursive_proof_composition_with_constant_verification_key(); } -HEAVY_TYPED_TEST(stdlib_verifier_turbo, test_inner_circuit) -{ - TestFixture::test_inner_circuit(); -} +} // namespace proof_system::plonk::stdlib \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/types/turbo.hpp b/cpp/src/barretenberg/stdlib/types/turbo.hpp index 8f9af0ee65..de5124f1a9 100644 --- a/cpp/src/barretenberg/stdlib/types/turbo.hpp +++ b/cpp/src/barretenberg/stdlib/types/turbo.hpp @@ -1,5 +1,5 @@ #pragma once -#include "barretenberg/plonk/composer/turbo_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/turbo_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/plonk/proof_system/types/prover_settings.hpp" #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" @@ -22,45 +22,47 @@ namespace proof_system::plonk::stdlib::types { using namespace proof_system::plonk; -typedef plonk::TurboComposer Composer; +using Builder = proof_system::TurboCircuitConstructor; -typedef plonk::TurboProver Prover; +using Composer = plonk::TurboPlonkComposerHelper; -typedef plonk::TurboVerifier Verifier; +using Prover = plonk::TurboProver; + +using Verifier = plonk::TurboVerifier; using settings = plonk::turbo_settings; using kate_commitment_scheme = plonk::KateCommitmentScheme; -typedef stdlib::witness_t witness_ct; -typedef stdlib::public_witness_t public_witness_ct; -typedef stdlib::bool_t bool_ct; -typedef stdlib::byte_array byte_array_ct; -typedef stdlib::packed_byte_array packed_byte_array_ct; -typedef stdlib::field_t field_ct; -typedef stdlib::safe_uint_t suint_ct; -typedef stdlib::uint8 uint8_ct; -typedef stdlib::uint16 uint16_ct; -typedef stdlib::uint32 uint32_ct; -typedef stdlib::uint64 uint64_ct; -typedef stdlib::bit_array bit_array_ct; -typedef stdlib::bigfield fq_ct; -typedef stdlib::element biggroup_ct; -typedef stdlib::point point_ct; -typedef stdlib::pedersen_commitment pedersen_commitment; -typedef stdlib::group group_ct; -typedef stdlib::bn254 bn254; -typedef stdlib::secp256k1 secp256k1_ct; +using witness_ct = stdlib::witness_t; +using public_witness_ct = stdlib::public_witness_t; +using bool_ct = stdlib::bool_t; +using byte_array_ct = stdlib::byte_array; +using packed_byte_array_ct = stdlib::packed_byte_array; +using field_ct = stdlib::field_t; +using suint_ct = stdlib::safe_uint_t; +using uint8_ct = stdlib::uint8; +using uint16_ct = stdlib::uint16; +using uint32_ct = stdlib::uint32; +using uint64_ct = stdlib::uint64; +using bit_array_ct = stdlib::bit_array; +using fq_ct = stdlib::bigfield; +using biggroup_ct = stdlib::element; +using point_ct = stdlib::point; +using pedersen_commitment = stdlib::pedersen_commitment; +using group_ct = stdlib::group; +using bn254 = stdlib::bn254; +using secp256k1_ct = stdlib::secp256k1; namespace merkle_tree { using namespace stdlib::merkle_tree; -typedef stdlib::merkle_tree::hash_path hash_path; +using hash_path = stdlib::merkle_tree::hash_path; } // namespace merkle_tree namespace schnorr { -typedef stdlib::schnorr::signature_bits signature_bits; +using signature_bits = stdlib::schnorr::signature_bits; } // namespace schnorr -typedef recursion::recursive_turbo_verifier_settings recursive_inner_verifier_settings; +using recursive_inner_verifier_settings = recursion::recursive_turbo_verifier_settings; } // namespace proof_system::plonk::stdlib::types diff --git a/cpp/src/barretenberg/stdlib/types/ultra.hpp b/cpp/src/barretenberg/stdlib/types/ultra.hpp index 848050278f..611581ec90 100644 --- a/cpp/src/barretenberg/stdlib/types/ultra.hpp +++ b/cpp/src/barretenberg/stdlib/types/ultra.hpp @@ -1,5 +1,5 @@ #pragma once -#include "barretenberg/plonk/composer/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/composer/composer_helper/ultra_plonk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/plonk/proof_system/types/prover_settings.hpp" #include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp" @@ -23,48 +23,48 @@ namespace proof_system::plonk::stdlib::types { using namespace proof_system::plonk; -typedef plonk::UltraPlonkComposer Composer; +using Builder = proof_system::UltraCircuitConstructor; +using Composer = plonk::UltraPlonkComposerHelper; -typedef plonk::UltraProver Prover; - -typedef plonk::UltraVerifier Verifier; +// TODO(Cody): These might be wrong depending on desired F-S hash. +using Prover = plonk::UltraProver; +using Verifier = plonk::UltraVerifier; using settings = plonk::ultra_settings; using kate_commitment_scheme = plonk::KateCommitmentScheme; - -typedef stdlib::witness_t witness_ct; -typedef stdlib::public_witness_t public_witness_ct; -typedef stdlib::bool_t bool_ct; -typedef stdlib::byte_array byte_array_ct; -typedef stdlib::packed_byte_array packed_byte_array_ct; -typedef stdlib::field_t field_ct; -typedef stdlib::safe_uint_t suint_ct; -typedef stdlib::uint8 uint8_ct; -typedef stdlib::uint16 uint16_ct; -typedef stdlib::uint32 uint32_ct; -typedef stdlib::uint64 uint64_ct; -typedef stdlib::bit_array bit_array_ct; -typedef stdlib::bigfield fq_ct; -typedef stdlib::element biggroup_ct; -typedef stdlib::point point_ct; -typedef stdlib::pedersen_commitment pedersen_commitment; -typedef stdlib::group group_ct; -typedef stdlib::bn254 bn254; -typedef stdlib::secp256k1 secp256k1_ct; +using witness_ct = stdlib::witness_t; +using public_witness_ct = stdlib::public_witness_t; +using bool_ct = stdlib::bool_t; +using byte_array_ct = stdlib::byte_array; +using packed_byte_array_ct = stdlib::packed_byte_array; +using field_ct = stdlib::field_t; +using suint_ct = stdlib::safe_uint_t; +using uint8_ct = stdlib::uint8; +using uint16_ct = stdlib::uint16; +using uint32_ct = stdlib::uint32; +using uint64_ct = stdlib::uint64; +using bit_array_ct = stdlib::bit_array; +using fq_ct = stdlib::bigfield; +using biggroup_ct = stdlib::element; +using point_ct = stdlib::point; +using pedersen_commitment = stdlib::pedersen_commitment; +using group_ct = stdlib::group; +using bn254 = stdlib::bn254; +using secp256k1_ct = stdlib::secp256k1; namespace merkle_tree { using namespace stdlib::merkle_tree; -typedef stdlib::merkle_tree::hash_path hash_path; +using hash_path = stdlib::merkle_tree::hash_path; } // namespace merkle_tree namespace schnorr { -typedef stdlib::schnorr::signature_bits signature_bits; +using signature_bits = stdlib::schnorr::signature_bits; } // namespace schnorr // Ultra-composer specific types -typedef stdlib::rom_table rom_table_ct; +using rom_table_ct = stdlib::rom_table; -typedef recursion::recursive_ultra_verifier_settings recursive_inner_verifier_settings; +using recursive_inner_verifier_settings = recursion::recursive_ultra_verifier_settings; } // namespace proof_system::plonk::stdlib::types From 1b3ff93e7ed8873583cdade95a860adb8823f1cd Mon Sep 17 00:00:00 2001 From: kevaundray Date: Thu, 22 Jun 2023 00:27:02 +0100 Subject: [PATCH 4/5] fix: Update versioning in nix files when a release is made (#549) --- .github/workflows/release-please.yml | 2 ++ barretenberg-wasm.nix | 2 +- barretenberg.nix | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index c3a3f3c5ca..60bee547a7 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -24,3 +24,5 @@ jobs: extra-files: | cpp/CMakeLists.txt VERSION + barretenberg.nix + barretenberg-wasm.nix diff --git a/barretenberg-wasm.nix b/barretenberg-wasm.nix index 5c176576e3..941bea758a 100644 --- a/barretenberg-wasm.nix +++ b/barretenberg-wasm.nix @@ -6,7 +6,7 @@ in stdenv.mkDerivation { pname = "barretenberg.wasm"; - version = "0.1.0"; + version = "0.1.0"; # x-release-please-version src = ./cpp; diff --git a/barretenberg.nix b/barretenberg.nix index a617053582..2f31907688 100644 --- a/barretenberg.nix +++ b/barretenberg.nix @@ -14,7 +14,7 @@ in buildEnv.mkDerivation { pname = "libbarretenberg"; - version = "0.1.0"; + version = "0.1.0"; # x-release-please-version src = ./cpp; From 3b962d372491430871443fd1b95fd9e049e233c8 Mon Sep 17 00:00:00 2001 From: Innokentii Sennovskii Date: Thu, 22 Jun 2023 17:39:38 +0100 Subject: [PATCH 5/5] feat: Parallelised folding in Gemini (#550) --- .../barretenberg/honk/pcs/gemini/gemini.cpp | 365 ++++++++++++++++++ .../barretenberg/honk/pcs/gemini/gemini.hpp | 265 +------------ 2 files changed, 375 insertions(+), 255 deletions(-) create mode 100644 cpp/src/barretenberg/honk/pcs/gemini/gemini.cpp diff --git a/cpp/src/barretenberg/honk/pcs/gemini/gemini.cpp b/cpp/src/barretenberg/honk/pcs/gemini/gemini.cpp new file mode 100644 index 0000000000..27135537ff --- /dev/null +++ b/cpp/src/barretenberg/honk/pcs/gemini/gemini.cpp @@ -0,0 +1,365 @@ + +#include "gemini.hpp" +#include "barretenberg/common/thread.hpp" + +#include +#include +#include + +/** + * @brief Protocol for opening several multi-linear polynomials at the same point. + * + * + * m = number of variables + * n = 2ᵐ + * u = (u₀,...,uₘ₋₁) + * f₀, …, fₖ₋₁ = multilinear polynomials, + * g₀, …, gₕ₋₁ = shifted multilinear polynomial, + * Each gⱼ is the left-shift of some f↺ᵢ, and gⱼ points to the same memory location as fᵢ. + * v₀, …, vₖ₋₁, v↺₀, …, v↺ₕ₋₁ = multilinear evalutions s.t. fⱼ(u) = vⱼ, and gⱼ(u) = f↺ⱼ(u) = v↺ⱼ + * + * We use a challenge ρ to create a random linear combination of all fⱼ, + * and actually define A₀ = F + G↺, where + * F = ∑ⱼ ρʲ fⱼ + * G = ∑ⱼ ρᵏ⁺ʲ gⱼ, + * G↺ = is the shift of G + * where fⱼ is normal, and gⱼ is shifted. + * The evaluations are also batched, and + * v = ∑ ρʲ⋅vⱼ + ∑ ρᵏ⁺ʲ⋅v↺ⱼ = F(u) + G↺(u) + * + * The prover then creates the folded polynomials A₀, ..., Aₘ₋₁, + * and opens them at different points, as univariates. + * + * We open A₀ as univariate at r and -r. + * Since A₀ = F + G↺, but the verifier only has commitments to the gⱼs, + * we need to partially evaluate A₀ at both evaluation points. + * As univariate, we have + * A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X + * So we define + * - A₀₊(X) = F(X) + G(X)/r + * - A₀₋(X) = F(X) − G(X)/r + * So that A₀₊(r) = A₀(r) and A₀₋(-r) = A₀(-r). + * The verifier is able to computed the simulated commitments to A₀₊(X) and A₀₋(X) + * since they are linear-combinations of the commitments [fⱼ] and [gⱼ]. + */ +namespace proof_system::honk::pcs::gemini { + +/** + * @brief Computes d-1 fold polynomials Fold_i, i = 1, ..., d-1 + * + * @param mle_opening_point multilinear opening point 'u' + * @param batched_unshifted F(X) = ∑ⱼ ρʲ fⱼ(X) + * @param batched_to_be_shifted G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) + * @return std::vector + */ +template +std::vector> MultilinearReductionScheme< + Params>::compute_fold_polynomials(std::span mle_opening_point, + Polynomial&& batched_unshifted, + Polynomial&& batched_to_be_shifted) +{ + + using Fr = typename Params::Fr; + using Polynomial = barretenberg::Polynomial; + + const size_t num_variables = mle_opening_point.size(); // m + + const size_t num_threads = get_num_cpus_pow2(); + constexpr size_t efficient_operations_per_thread = 64; // A guess of the number of operation for which there + // would be a point in sending them to a separate thread + + // Allocate space for m+1 Fold polynomials + // + // The first two are populated here with the batched unshifted and to-be-shifted polynomial respectively. + // They will eventually contain the full batched polynomial A₀ partially evaluated at the challenges r,-r. + // This function populates the other m-1 polynomials with the foldings of A₀. + std::vector fold_polynomials; + fold_polynomials.reserve(num_variables + 1); + + // F(X) = ∑ⱼ ρʲ fⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) + Polynomial& batched_F = fold_polynomials.emplace_back(std::move(batched_unshifted)); + Polynomial& batched_G = fold_polynomials.emplace_back(std::move(batched_to_be_shifted)); + constexpr size_t offset_to_folded = 2; // Offset because of F an G + // A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X. + Polynomial A_0(batched_F); + A_0 += batched_G.shifted(); + + // Allocate everything before parallel computation + for (size_t l = 0; l < num_variables - 1; ++l) { + // size of the previous polynomial/2 + const size_t n_l = 1 << (num_variables - l - 1); + + // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) + fold_polynomials.emplace_back(Polynomial(n_l)); + } + + // A_l = Aₗ(X) is the polynomial being folded + // in the first iteration, we take the batched polynomial + // in the next iteration, it is the previously folded one + auto A_l = A_0.data(); + for (size_t l = 0; l < num_variables - 1; ++l) { + // size of the previous polynomial/2 + const size_t n_l = 1 << (num_variables - l - 1); + + // Use as many threads as it is useful so that 1 thread doesn't process 1 element, but make sure that there is + // at least 1 + size_t num_used_threads = std::min(n_l / efficient_operations_per_thread, num_threads); + num_used_threads = num_used_threads ? num_used_threads : 1; + size_t chunk_size = n_l / num_used_threads; + size_t last_chunk_size = (n_l % chunk_size) ? (n_l % num_used_threads) : chunk_size; + + // Openning point is the same for all + const Fr u_l = mle_opening_point[l]; + + // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) + auto A_l_fold = fold_polynomials[l + offset_to_folded].data(); + + parallel_for(num_used_threads, [&](size_t i) { + size_t current_chunk_size = (i == (num_used_threads - 1)) ? last_chunk_size : chunk_size; + for (std::ptrdiff_t j = (std::ptrdiff_t)(i * chunk_size); + j < (std::ptrdiff_t)((i * chunk_size) + current_chunk_size); + j++) { + // fold(Aₗ)[j] = (1-uₗ)⋅even(Aₗ)[j] + uₗ⋅odd(Aₗ)[j] + // = (1-uₗ)⋅Aₗ[2j] + uₗ⋅Aₗ[2j+1] + // = Aₗ₊₁[j] + A_l_fold[j] = A_l[j << 1] + u_l * (A_l[(j << 1) + 1] - A_l[j << 1]); + } + }); + // set Aₗ₊₁ = Aₗ for the next iteration + A_l = A_l_fold; + } + + return fold_polynomials; +}; + +/** + * @brief Computes/aggragates d+1 Fold polynomials and their opening pairs (challenge, evaluation) + * + * @details This function assumes that, upon input, last d-1 entries in fold_polynomials are Fold_i. + * The first two entries are assumed to be, respectively, the batched unshifted and batched to-be-shifted + * polynomials F(X) = ∑ⱼ ρʲfⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X). This function completes the computation + * of the first two Fold polynomials as F + G/r and F - G/r. It then evaluates each of the d+1 + * fold polynomials at, respectively, the points r, rₗ = r^{2ˡ} for l = 0, 1, ..., d-1. + * + * @param mle_opening_point u = (u₀,...,uₘ₋₁) is the MLE opening point + * @param fold_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X) + * and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X), and the next d-1 elements are Fold_i, i = 1, ..., d-1. + * @param r_challenge univariate opening challenge + */ +template +ProverOutput MultilinearReductionScheme::compute_fold_polynomial_evaluations( + std::span mle_opening_point, std::vector&& fold_polynomials, const Fr& r_challenge) +{ + + using Fr = typename Params::Fr; + using Polynomial = barretenberg::Polynomial; + + const size_t num_variables = mle_opening_point.size(); // m + + Polynomial& batched_F = fold_polynomials[0]; // F(X) = ∑ⱼ ρʲ fⱼ(X) + Polynomial& batched_G = fold_polynomials[1]; // G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) + + // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1 + std::vector r_squares = squares_of_r(r_challenge, num_variables); + + // Compute G/r + Fr r_inv = r_challenge.invert(); + batched_G *= r_inv; + + // Construct A₀₊ = F + G/r and A₀₋ = F - G/r in place in fold_polynomials + Polynomial tmp = batched_F; + Polynomial& A_0_pos = fold_polynomials[0]; + + // A₀₊(X) = F(X) + G(X)/r, s.t. A₀₊(r) = A₀(r) + A_0_pos += batched_G; + + // Perform a swap so that tmp = G(X)/r and A_0_neg = F(X) + std::swap(tmp, batched_G); + Polynomial& A_0_neg = fold_polynomials[1]; + + // A₀₋(X) = F(X) - G(X)/r, s.t. A₀₋(-r) = A₀(-r) + A_0_neg -= tmp; + + std::vector> fold_poly_opening_pairs; + fold_poly_opening_pairs.reserve(num_variables + 1); + + // Compute first opening pair {r, A₀(r)} + fold_poly_opening_pairs.emplace_back(OpeningPair{ r_challenge, fold_polynomials[0].evaluate(r_challenge) }); + + // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 0, ..., m-1. + for (size_t l = 0; l < num_variables; ++l) { + fold_poly_opening_pairs.emplace_back( + OpeningPair{ -r_squares[l], fold_polynomials[l + 1].evaluate(-r_squares[l]) }); + } + + return { fold_poly_opening_pairs, std::move(fold_polynomials) }; +}; + +/** + * @brief Checks that all MLE evaluations vⱼ contained in the list of m MLE opening claims + * is correct, and returns univariate polynomial opening claims to be checked later + * + * @param mle_opening_point the MLE evaluation point u + * @param batched_evaluation batched evaluation from multivariate evals at the point u + * @param batched_f batched commitment to unshifted polynomials + * @param batched_g batched commitment to to-be-shifted polynomials + * @param proof commitments to the m-1 folded polynomials, and alleged evaluations. + * @param transcript + * @return Fold polynomial opening claims: (r, A₀(r), C₀₊), (-r, A₀(-r), C₀₋), and + * (Cⱼ, Aⱼ(-r^{2ʲ}), -r^{2}), j = [1, ..., m-1] + */ + +template +std::vector> MultilinearReductionScheme::reduce_verify( + std::span mle_opening_point, /* u */ + const Fr batched_evaluation, /* all */ + GroupElement& batched_f, /* unshifted */ + GroupElement& batched_g, /* to-be-shifted */ + VerifierTranscript& transcript) +{ + + using Fr = typename Params::Fr; + using Commitment = typename Params::Commitment; + const size_t num_variables = mle_opening_point.size(); + + // Get polynomials Fold_i, i = 1,...,m-1 from transcript + std::vector commitments; + commitments.reserve(num_variables - 1); + for (size_t i = 0; i < num_variables - 1; ++i) { + auto commitment = transcript.template receive_from_prover("Gemini:FOLD_" + std::to_string(i + 1)); + commitments.emplace_back(commitment); + } + + // compute vector of powers of random evaluation point r + const Fr r = transcript.get_challenge("Gemini:r"); + std::vector r_squares = squares_of_r(r, num_variables); + + // Get evaluations a_i, i = 0,...,m-1 from transcript + std::vector evaluations; + evaluations.reserve(num_variables); + for (size_t i = 0; i < num_variables; ++i) { + auto eval = transcript.template receive_from_prover("Gemini:a_" + std::to_string(i)); + evaluations.emplace_back(eval); + } + + // Compute evaluation A₀(r) + auto a_0_pos = compute_eval_pos(batched_evaluation, mle_opening_point, r_squares, evaluations); + + // C₀_r_pos = ∑ⱼ ρʲ⋅[fⱼ] + r⁻¹⋅∑ⱼ ρᵏ⁺ʲ [gⱼ] + // C₀_r_pos = ∑ⱼ ρʲ⋅[fⱼ] - r⁻¹⋅∑ⱼ ρᵏ⁺ʲ [gⱼ] + auto [c0_r_pos, c0_r_neg] = compute_simulated_commitments(batched_f, batched_g, r); + + std::vector> fold_polynomial_opening_claims; + fold_polynomial_opening_claims.reserve(num_variables + 1); + + // ( [A₀₊], r, A₀(r) ) + fold_polynomial_opening_claims.emplace_back(OpeningClaim{ { r, a_0_pos }, c0_r_pos }); + // ( [A₀₋], -r, A₀(-r) ) + fold_polynomial_opening_claims.emplace_back(OpeningClaim{ { -r, evaluations[0] }, c0_r_neg }); + for (size_t l = 0; l < num_variables - 1; ++l) { + // ([A₀₋], −r^{2ˡ}, Aₗ(−r^{2ˡ}) ) + fold_polynomial_opening_claims.emplace_back( + OpeningClaim{ { -r_squares[l + 1], evaluations[l + 1] }, commitments[l] }); + } + + return fold_polynomial_opening_claims; +}; + +template +std::vector MultilinearReductionScheme::powers_of_rho(const Fr rho, + const size_t num_powers) +{ + + using Fr = typename Params::Fr; + std::vector rhos = { Fr(1), rho }; + rhos.reserve(num_powers); + for (size_t j = 2; j < num_powers; j++) { + rhos.emplace_back(rhos[j - 1] * rho); + } + return rhos; +}; +/** + * @brief Compute the expected evaluation of the univariate commitment to the batched polynomial. + * + * @param batched_mle_eval The evaluation of the folded polynomials + * @param mle_vars MLE opening point u + * @param r_squares squares of r, r², ..., r^{2ᵐ⁻¹} + * @param fold_polynomial_evals series of Aᵢ₋₁(−r^{2ⁱ⁻¹}) + * @return evaluation A₀(r) + */ +template +typename Params::Fr MultilinearReductionScheme::compute_eval_pos(const Fr batched_mle_eval, + std::span mle_vars, + std::span r_squares, + std::span fold_polynomial_evals) +{ + using Fr = typename Params::Fr; + const size_t num_variables = mle_vars.size(); + + const auto& evals = fold_polynomial_evals; + + // Initialize eval_pos with batched MLE eval v = ∑ⱼ ρʲ vⱼ + ∑ⱼ ρᵏ⁺ʲ v↺ⱼ + Fr eval_pos = batched_mle_eval; + for (size_t l = num_variables; l != 0; --l) { + const Fr r = r_squares[l - 1]; // = rₗ₋₁ = r^{2ˡ⁻¹} + const Fr eval_neg = evals[l - 1]; // = Aₗ₋₁(−r^{2ˡ⁻¹}) + const Fr u = mle_vars[l - 1]; // = uₗ₋₁ + + // The folding property ensures that + // Aₗ₋₁(r^{2ˡ⁻¹}) + Aₗ₋₁(−r^{2ˡ⁻¹}) Aₗ₋₁(r^{2ˡ⁻¹}) - Aₗ₋₁(−r^{2ˡ⁻¹}) + // Aₗ(r^{2ˡ}) = (1-uₗ₋₁) ----------------------------- + uₗ₋₁ ----------------------------- + // 2 2r^{2ˡ⁻¹} + // We solve the above equation in Aₗ₋₁(r^{2ˡ⁻¹}), using the previously computed Aₗ(r^{2ˡ}) in eval_pos + // and using Aₗ₋₁(−r^{2ˡ⁻¹}) sent by the prover in the proof. + eval_pos = ((r * eval_pos * 2) - eval_neg * (r * (Fr(1) - u) - u)) / (r * (Fr(1) - u) + u); + } + + return eval_pos; // return A₀(r) +}; + +/** + * @brief Compute squares of folding challenge r + * + * @tparam Params + * @param r + * @param num_squares The number of foldings + * @return std::vector + */ +template +std::vector MultilinearReductionScheme::squares_of_r(const Fr r, const size_t num_squares) +{ + std::vector squares = { r }; + squares.reserve(num_squares); + for (size_t j = 1; j < num_squares; j++) { + squares.emplace_back(squares[j - 1].sqr()); + } + return squares; +}; + +/** + * @brief Computes two commitments to A₀ partially evaluated in r and -r. + * + * @param batched_f batched commitment to non-shifted polynomials + * @param batched_g batched commitment to to-be-shifted polynomials + * @param r evaluation point at which we have partially evaluated A₀ at r and -r. + * @return std::pair c0_r_pos, c0_r_neg + */ +template +std::pair MultilinearReductionScheme< + Params>::compute_simulated_commitments(GroupElement& batched_f, GroupElement& batched_g, Fr r) +{ + // C₀ᵣ₊ = [F] + r⁻¹⋅[G] + GroupElement C0_r_pos = batched_f; + // C₀ᵣ₋ = [F] - r⁻¹⋅[G] + GroupElement C0_r_neg = batched_f; + Fr r_inv = r.invert(); + if (!batched_g.is_point_at_infinity()) { + batched_g *= r_inv; + C0_r_pos += batched_g; + C0_r_neg -= batched_g; + } + return { C0_r_pos, C0_r_neg }; +}; +template class MultilinearReductionScheme; +template class MultilinearReductionScheme; +}; // namespace proof_system::honk::pcs::gemini diff --git a/cpp/src/barretenberg/honk/pcs/gemini/gemini.hpp b/cpp/src/barretenberg/honk/pcs/gemini/gemini.hpp index d3e8112735..4f19c365d8 100644 --- a/cpp/src/barretenberg/honk/pcs/gemini/gemini.hpp +++ b/cpp/src/barretenberg/honk/pcs/gemini/gemini.hpp @@ -1,14 +1,10 @@ #pragma once #include "../claim.hpp" -#include "barretenberg/common/log.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/common/assert.hpp" -#include -#include #include /** @@ -76,275 +72,34 @@ template class MultilinearReductionScheme { using Polynomial = barretenberg::Polynomial; public: - /** - * @brief Computes d-1 fold polynomials Fold_i, i = 1, ..., d-1 - * - * @param mle_opening_point multilinear opening point 'u' - * @param batched_unshifted F(X) = ∑ⱼ ρʲ fⱼ(X) - * @param batched_to_be_shifted G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) - * @return std::vector - */ static std::vector compute_fold_polynomials(std::span mle_opening_point, Polynomial&& batched_unshifted, - Polynomial&& batched_to_be_shifted) - { - const size_t num_variables = mle_opening_point.size(); // m + Polynomial&& batched_to_be_shifted); - // Allocate space for m+1 Fold polynomials - // - // The first two are populated here with the batched unshifted and to-be-shifted polynomial respectively. - // They will eventually contain the full batched polynomial A₀ partially evaluated at the challenges r,-r. - // This function populates the other m-1 polynomials with the foldings of A₀. - std::vector fold_polynomials; - fold_polynomials.reserve(num_variables + 1); - - // F(X) = ∑ⱼ ρʲ fⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) - Polynomial& batched_F = fold_polynomials.emplace_back(std::move(batched_unshifted)); - Polynomial& batched_G = fold_polynomials.emplace_back(std::move(batched_to_be_shifted)); - - // A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X. - Polynomial A_0(batched_F); - A_0 += batched_G.shifted(); - - // Create the folded polynomials A₁(X),…,Aₘ₋₁(X) - // - // A_l = Aₗ(X) is the polynomial being folded - // in the first iteration, we take the batched polynomial - // in the next iteration, it is the previously folded one - auto A_l = A_0.data(); - for (size_t l = 0; l < num_variables - 1; ++l) { - const Fr u_l = mle_opening_point[l]; - - // size of the previous polynomial/2 - const size_t n_l = 1 << (num_variables - l - 1); - - // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X) - auto A_l_fold = fold_polynomials.emplace_back(Polynomial(n_l)).data(); - - // fold the previous polynomial with odd and even parts - for (std::ptrdiff_t i = 0; i < (std::ptrdiff_t)n_l; ++i) { - // TODO(#219)(Adrian) parallelize - - // fold(Aₗ)[i] = (1-uₗ)⋅even(Aₗ)[i] + uₗ⋅odd(Aₗ)[i] - // = (1-uₗ)⋅Aₗ[2i] + uₗ⋅Aₗ[2i+1] - // = Aₗ₊₁[i] - A_l_fold[i] = A_l[i << 1] + u_l * (A_l[(i << 1) + 1] - A_l[i << 1]); - } - - // set Aₗ₊₁ = Aₗ for the next iteration - A_l = A_l_fold; - } - - return fold_polynomials; - }; - - /** - * @brief Computes/aggragates d+1 Fold polynomials and their opening pairs (challenge, evaluation) - * - * @details This function assumes that, upon input, last d-1 entries in fold_polynomials are Fold_i. - * The first two entries are assumed to be, respectively, the batched unshifted and batched to-be-shifted - * polynomials F(X) = ∑ⱼ ρʲfⱼ(X) and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X). This function completes the computation - * of the first two Fold polynomials as F + G/r and F - G/r. It then evaluates each of the d+1 - * fold polynomials at, respectively, the points r, rₗ = r^{2ˡ} for l = 0, 1, ..., d-1. - * - * @param mle_opening_point u = (u₀,...,uₘ₋₁) is the MLE opening point - * @param fold_polynomials vector of polynomials whose first two elements are F(X) = ∑ⱼ ρʲfⱼ(X) - * and G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X), and the next d-1 elements are Fold_i, i = 1, ..., d-1. - * @param r_challenge univariate opening challenge - */ static ProverOutput compute_fold_polynomial_evaluations(std::span mle_opening_point, std::vector&& fold_polynomials, - const Fr& r_challenge) - { - const size_t num_variables = mle_opening_point.size(); // m - - Polynomial& batched_F = fold_polynomials[0]; // F(X) = ∑ⱼ ρʲ fⱼ(X) - Polynomial& batched_G = fold_polynomials[1]; // G(X) = ∑ⱼ ρᵏ⁺ʲ gⱼ(X) - - // Compute univariate opening queries rₗ = r^{2ˡ} for l = 0, 1, ..., m-1 - std::vector r_squares = squares_of_r(r_challenge, num_variables); - - // Compute G/r - Fr r_inv = r_challenge.invert(); - batched_G *= r_inv; - - // Construct A₀₊ = F + G/r and A₀₋ = F - G/r in place in fold_polynomials - Polynomial tmp = batched_F; - Polynomial& A_0_pos = fold_polynomials[0]; - - // A₀₊(X) = F(X) + G(X)/r, s.t. A₀₊(r) = A₀(r) - A_0_pos += batched_G; - - // Perform a swap so that tmp = G(X)/r and A_0_neg = F(X) - std::swap(tmp, batched_G); - Polynomial& A_0_neg = fold_polynomials[1]; - - // A₀₋(X) = F(X) - G(X)/r, s.t. A₀₋(-r) = A₀(-r) - A_0_neg -= tmp; + const Fr& r_challenge); - std::vector> fold_poly_opening_pairs; - fold_poly_opening_pairs.reserve(num_variables + 1); - - // Compute first opening pair {r, A₀(r)} - fold_poly_opening_pairs.emplace_back( - OpeningPair{ r_challenge, fold_polynomials[0].evaluate(r_challenge) }); - - // Compute the remaining m opening pairs {−r^{2ˡ}, Aₗ(−r^{2ˡ})}, l = 0, ..., m-1. - for (size_t l = 0; l < num_variables; ++l) { - fold_poly_opening_pairs.emplace_back( - OpeningPair{ -r_squares[l], fold_polynomials[l + 1].evaluate(-r_squares[l]) }); - } - - return { fold_poly_opening_pairs, std::move(fold_polynomials) }; - }; - - /** - * @brief Checks that all MLE evaluations vⱼ contained in the list of m MLE opening claims - * is correct, and returns univariate polynomial opening claims to be checked later - * - * @param mle_opening_point the MLE evaluation point u - * @param batched_evaluation batched evaluation from multivariate evals at the point u - * @param batched_f batched commitment to unshifted polynomials - * @param batched_g batched commitment to to-be-shifted polynomials - * @param proof commitments to the m-1 folded polynomials, and alleged evaluations. - * @param transcript - * @return Fold polynomial opening claims: (r, A₀(r), C₀₊), (-r, A₀(-r), C₀₋), and - * (Cⱼ, Aⱼ(-r^{2ʲ}), -r^{2}), j = [1, ..., m-1] - */ static std::vector> reduce_verify(std::span mle_opening_point, /* u */ const Fr batched_evaluation, /* all */ GroupElement& batched_f, /* unshifted */ GroupElement& batched_g, /* to-be-shifted */ - VerifierTranscript& transcript) - { - const size_t num_variables = mle_opening_point.size(); - - // Get polynomials Fold_i, i = 1,...,m-1 from transcript - std::vector commitments; - commitments.reserve(num_variables - 1); - for (size_t i = 0; i < num_variables - 1; ++i) { - auto commitment = - transcript.template receive_from_prover("Gemini:FOLD_" + std::to_string(i + 1)); - commitments.emplace_back(commitment); - } - - // compute vector of powers of random evaluation point r - const Fr r = transcript.get_challenge("Gemini:r"); - std::vector r_squares = squares_of_r(r, num_variables); - - // Get evaluations a_i, i = 0,...,m-1 from transcript - std::vector evaluations; - evaluations.reserve(num_variables); - for (size_t i = 0; i < num_variables; ++i) { - auto eval = transcript.template receive_from_prover("Gemini:a_" + std::to_string(i)); - evaluations.emplace_back(eval); - } - - // Compute evaluation A₀(r) - auto a_0_pos = compute_eval_pos(batched_evaluation, mle_opening_point, r_squares, evaluations); - - // C₀_r_pos = ∑ⱼ ρʲ⋅[fⱼ] + r⁻¹⋅∑ⱼ ρᵏ⁺ʲ [gⱼ] - // C₀_r_pos = ∑ⱼ ρʲ⋅[fⱼ] - r⁻¹⋅∑ⱼ ρᵏ⁺ʲ [gⱼ] - auto [c0_r_pos, c0_r_neg] = compute_simulated_commitments(batched_f, batched_g, r); + VerifierTranscript& transcript); - std::vector> fold_polynomial_opening_claims; - fold_polynomial_opening_claims.reserve(num_variables + 1); - - // ( [A₀₊], r, A₀(r) ) - fold_polynomial_opening_claims.emplace_back(OpeningClaim{ { r, a_0_pos }, c0_r_pos }); - // ( [A₀₋], -r, A₀(-r) ) - fold_polynomial_opening_claims.emplace_back(OpeningClaim{ { -r, evaluations[0] }, c0_r_neg }); - for (size_t l = 0; l < num_variables - 1; ++l) { - // ([A₀₋], −r^{2ˡ}, Aₗ(−r^{2ˡ}) ) - fold_polynomial_opening_claims.emplace_back( - OpeningClaim{ { -r_squares[l + 1], evaluations[l + 1] }, commitments[l] }); - } - - return fold_polynomial_opening_claims; - }; - - static std::vector powers_of_rho(const Fr rho, const size_t num_powers) - { - std::vector rhos = { Fr(1), rho }; - rhos.reserve(num_powers); - for (size_t j = 2; j < num_powers; j++) { - rhos.emplace_back(rhos[j - 1] * rho); - } - return rhos; - }; + static std::vector powers_of_rho(const Fr rho, const size_t num_powers); private: - /** - * @brief computes the output pair given the transcript. - * This method is common for both prover and verifier. - * - * @param evaluations evaluations of each multivariate - * @param mle_vars MLE opening point u - * @param rhos powers of the initial batching challenge ρ - * @param r_squares squares of r, r², ..., r^{2ᵐ⁻¹} - * @return evaluation A₀(r) - */ static Fr compute_eval_pos(const Fr batched_mle_eval, std::span mle_vars, std::span r_squares, - std::span fold_polynomial_evals) - { - const size_t num_variables = mle_vars.size(); - - const auto& evals = fold_polynomial_evals; + std::span fold_polynomial_evals); - // Initialize eval_pos with batched MLE eval v = ∑ⱼ ρʲ vⱼ + ∑ⱼ ρᵏ⁺ʲ v↺ⱼ - Fr eval_pos = batched_mle_eval; - for (size_t l = num_variables; l != 0; --l) { - const Fr r = r_squares[l - 1]; // = rₗ₋₁ = r^{2ˡ⁻¹} - const Fr eval_neg = evals[l - 1]; // = Aₗ₋₁(−r^{2ˡ⁻¹}) - const Fr u = mle_vars[l - 1]; // = uₗ₋₁ + static std::vector squares_of_r(const Fr r, const size_t num_squares); - // The folding property ensures that - // Aₗ₋₁(r^{2ˡ⁻¹}) + Aₗ₋₁(−r^{2ˡ⁻¹}) Aₗ₋₁(r^{2ˡ⁻¹}) - Aₗ₋₁(−r^{2ˡ⁻¹}) - // Aₗ(r^{2ˡ}) = (1-uₗ₋₁) ----------------------------- + uₗ₋₁ ----------------------------- - // 2 2r^{2ˡ⁻¹} - // We solve the above equation in Aₗ₋₁(r^{2ˡ⁻¹}), using the previously computed Aₗ(r^{2ˡ}) in eval_pos - // and using Aₗ₋₁(−r^{2ˡ⁻¹}) sent by the prover in the proof. - eval_pos = ((r * eval_pos * 2) - eval_neg * (r * (Fr(1) - u) - u)) / (r * (Fr(1) - u) + u); - } - - return eval_pos; // return A₀(r) - }; - - static std::vector squares_of_r(const Fr r, const size_t num_squares) - { - std::vector squares = { r }; - squares.reserve(num_squares); - for (size_t j = 1; j < num_squares; j++) { - squares.emplace_back(squares[j - 1].sqr()); - } - return squares; - }; - - /** - * @brief Computes two commitments to A₀ partially evaluated in r and -r. - * - * @param batched_f batched commitment to non-shifted polynomials - * @param batched_g batched commitment to to-be-shifted polynomials - * @param r evaluation point at which we have partially evaluated A₀ at r and -r. - * @return std::pair c0_r_pos, c0_r_neg - */ static std::pair compute_simulated_commitments(GroupElement& batched_f, GroupElement& batched_g, - Fr r) - { - // C₀ᵣ₊ = [F] + r⁻¹⋅[G] - GroupElement C0_r_pos = batched_f; - // C₀ᵣ₋ = [F] - r⁻¹⋅[G] - GroupElement C0_r_neg = batched_f; - Fr r_inv = r.invert(); - if (!batched_g.is_point_at_infinity()) { - batched_g *= r_inv; - C0_r_pos += batched_g; - C0_r_neg -= batched_g; - } - return { C0_r_pos, C0_r_neg }; - }; -}; + Fr r); +}; // namespace proof_system::honk::pcs::gemini +extern template class MultilinearReductionScheme; +extern template class MultilinearReductionScheme; } // namespace proof_system::honk::pcs::gemini