Install instructions for apt on ubuntu (#312)

Rebase fixes.

Change js vk hash and size with ultra.

README.md

@@ -11,17 +11,32 @@
 - libomp (if multithreading is required. Multithreading can be disabled using the compiler flag `-DMULTITHREADING 0`)
 - wasm-opt (part of the [Binaryen](https://github.com/WebAssembly/binaryen) toolkit)
 
+To install on Ubuntu, run:
+```
+sudo apt-get install cmake clang clang-format ninja-build binaryen
+```
+
 ### Installing openMP (Linux)
 
+Install from source:
+
 ```
-RUN git clone -b release/10.x --depth 1 https://github.com/llvm/llvm-project.git \
+git clone -b release/10.x --depth 1 https://github.com/llvm/llvm-project.git \
   && cd llvm-project && mkdir build-openmp && cd build-openmp \
   && cmake ../openmp -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DLIBOMP_ENABLE_SHARED=OFF \
   && cmake --build . --parallel \
   && cmake --build . --parallel --target install \
   && cd ../.. && rm -rf llvm-project
 ```
 
+Or install from a package manager, on Ubuntu:
+
+```
+sudo apt-get install libomp-dev
+```
+
+> Note: on a fresh Ubuntu Kinetic installation, installing OpenMP from source yields a `Could NOT find OpenMP_C (missing: OpenMP_omp_LIBRARY) (found version "5.0")` error when trying to build Barretenberg. Installing from apt worked fine.
+
 ### Getting started
 
 Run the bootstrap script. (The bootstrap script will build both the native and wasm versions of barretenberg)

cpp/src/CMakeLists.txt

@@ -95,7 +95,6 @@ if(WASM)
         $<TARGET_OBJECTS:stdlib_merkle_tree_objects>
         $<TARGET_OBJECTS:acir_format_objects>
         $<TARGET_OBJECTS:acir_proofs_objects>
-        $<TARGET_OBJECTS:turbo_proofs_objects>
         $<TARGET_OBJECTS:stdlib_sha256_objects>
         $<TARGET_OBJECTS:stdlib_aes128_objects>
         $<TARGET_OBJECTS:stdlib_merkle_tree_objects>

cpp/src/barretenberg/dsl/acir_format/CMakeLists.txt

@@ -4,7 +4,7 @@ barretenberg_module(
     stdlib_primitives
     stdlib_sha256
     stdlib_blake2s
-    stdlib_pedersen
+    stdlib_pedersen_commitment
     stdlib_merkle_tree
     stdlib_schnorr
     crypto_sha256

cpp/src/barretenberg/dsl/acir_format/pedersen.cpp

@@ -16,6 +16,7 @@ void create_pedersen_constraint(Composer& composer, const PedersenConstraint& in
 #ifdef USE_TURBO
     auto point = pedersen_commitment::commit(scalars);
 #else
+    // TODO: Does Noir need additive homomorphic Pedersen hash? If so, using plookup version won't help.
     auto point = stdlib::pedersen_plookup_commitment<Composer>::commit(scalars);
 #endif
 

cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp

@@ -806,9 +806,9 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change)
     constexpr uint32_t GATES_NEXT_POWER_OF_TWO = 65536;
     const uint256_t VK_HASH("095cbe8f1b09690713d5161708b5ea77119575884e3cfab14f7364b9f1ba7faa");
 #else
-    constexpr uint32_t CIRCUIT_GATE_COUNT = 522850;
+    constexpr uint32_t CIRCUIT_GATE_COUNT = 185573;
     constexpr uint32_t GATES_NEXT_POWER_OF_TWO = 524288;
-    const uint256_t VK_HASH("012959f86e485f3a8f0b06c900082fca1c34b535cdf4f1088f03154ea655b401");
+    const uint256_t VK_HASH("21389d5392ee23ffc96984689150b63d62113678b1ba127346a0ec72df842354");
 
 #endif
     auto number_of_gates_js = result.number_of_gates;

cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp

@@ -13,7 +13,7 @@ template <typename CircuitConstructor> class TurboPlonkComposerHelper {
     static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked
     static constexpr size_t program_width = CircuitConstructor::program_width;
     static constexpr ComposerType type = ComposerType::TURBO;
-    static constexpr MerkleHashType merkle_hash_type = MerkleHashType::FIXED_BASE_PEDERSEN;
+    static constexpr merkle::HashType merkle_hash_type = merkle::HashType::FIXED_BASE_PEDERSEN;
     static constexpr size_t UINT_LOG2_BASE = 2;
     std::shared_ptr<plonk::proving_key> circuit_proving_key;
     std::shared_ptr<plonk::verification_key> circuit_verification_key;

cpp/src/barretenberg/plonk/composer/splitting_tmp/turbo_plonk_composer.test.cpp

@@ -1,11 +1,12 @@
 #include "turbo_plonk_composer.hpp"
-#include "barretenberg/crypto/pedersen/pedersen.hpp"
+#include "barretenberg/crypto/generators/generator_data.hpp"
+#include "barretenberg/crypto/generators/fixed_base_scalar_mul.hpp"
 #include <gtest/gtest.h>
 #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp"
 
 using namespace barretenberg;
 using namespace proof_system;
-using namespace crypto::pedersen;
+using namespace crypto::generators;
 
 namespace proof_system::plonk::test_turbo_plonk_composer {
 namespace {
@@ -213,8 +214,8 @@ TEST(turbo_plonk_composer_splitting_tmp, small_scalar_multipliers)
     constexpr size_t num_wnaf_bits = (num_quads << 1) + 1;
     constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits;
     constexpr uint64_t bit_mask = (1ULL << num_bits) - 1UL;
-    auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1);
-    const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
+    auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1);
+    const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
     grumpkin::g1::affine_element generator = gen_data.generator;
 
     grumpkin::g1::element origin_points[2];
@@ -253,7 +254,7 @@ TEST(turbo_plonk_composer_splitting_tmp, small_scalar_multipliers)
     fr one = fr::one();
     fr three = ((one + one) + one);
     for (size_t i = 0; i < num_quads; ++i) {
-        uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK;
+        uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK;
         fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i];
         prev_accumulator = prev_accumulator + prev_accumulator;
 
@@ -342,8 +343,8 @@ TEST(turbo_plonk_composer_splitting_tmp, large_scalar_multipliers)
     constexpr size_t num_wnaf_bits = (num_quads << 1) + 1;
 
     constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits;
-    auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1);
-    const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
+    auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1);
+    const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
     grumpkin::g1::affine_element generator = gen_data.generator;
 
     grumpkin::g1::element origin_points[2];
@@ -383,7 +384,7 @@ TEST(turbo_plonk_composer_splitting_tmp, large_scalar_multipliers)
     fr one = fr::one();
     fr three = ((one + one) + one);
     for (size_t i = 0; i < num_quads; ++i) {
-        uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK;
+        uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK;
         fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i];
         prev_accumulator = prev_accumulator + prev_accumulator;
 
@@ -979,8 +980,8 @@ TEST(turbo_plonk_composer_splitting_tmp, test_check_circuit_fixed_group)
     constexpr size_t num_wnaf_bits = (num_quads << 1) + 1;
 
     constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits;
-    auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1);
-    const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
+    auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1);
+    const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
     grumpkin::g1::affine_element generator = gen_data.generator;
 
     grumpkin::g1::element origin_points[2];

cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp

@@ -15,8 +15,6 @@ class UltraPlonkComposer {
     static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN;
     static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN;
 
-    static constexpr size_t UINT_LOG2_BASE = 2;
-
     // An instantiation of the circuit constructor that only depends on arithmetization, not  on the proof system
     UltraCircuitConstructor circuit_constructor;
     // Composer helper contains all proof-related material that is separate from circuit creation such as:

cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.test.cpp

@@ -1,6 +1,7 @@
 #include "barretenberg/common/log.hpp"
 #include "ultra_plonk_composer.hpp"
-#include "barretenberg/crypto/pedersen/pedersen.hpp"
+#include "barretenberg/crypto/generators/generator_data.hpp"
+#include "barretenberg/crypto/pedersen_hash/pedersen_lookup.hpp"
 #include "barretenberg/plonk/composer/ultra_composer.hpp" // temporary
 #include <cstddef>
 #include <gtest/gtest.h>
@@ -111,8 +112,8 @@ TEST(ultra_plonk_composer_splitting_tmp, create_gates_from_plookup_accumulators)
     std::vector<barretenberg::fr> expected_y;
 
     const size_t num_lookups_hi =
-        (128 + crypto::pedersen::lookup::BITS_PER_TABLE) / crypto::pedersen::lookup::BITS_PER_TABLE;
-    const size_t num_lookups_lo = 126 / crypto::pedersen::lookup::BITS_PER_TABLE;
+        (128 + crypto::pedersen_hash::lookup::BITS_PER_TABLE) / crypto::pedersen_hash::lookup::BITS_PER_TABLE;
+    const size_t num_lookups_lo = 126 / crypto::pedersen_hash::lookup::BITS_PER_TABLE;
     const size_t num_lookups = num_lookups_hi + num_lookups_lo;
 
     EXPECT_EQ(num_lookups_hi, lookup_witnesses_hi[ColumnIdx::C1].size());
@@ -127,10 +128,10 @@ TEST(ultra_plonk_composer_splitting_tmp, create_gates_from_plookup_accumulators)
         const size_t num_rounds = (num_lookups + 1) / 2;
         uint256_t bits(input_value);
 
-        const auto mask = crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE - 1;
+        const auto mask = crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE - 1;
 
         for (size_t i = 0; i < num_rounds; ++i) {
-            const auto& table = crypto::pedersen::lookup::get_table(i);
+            const auto& table = crypto::pedersen_hash::lookup::get_table(i);
             const size_t index = i * 2;
 
             uint64_t slice_a = ((bits >> (index * 9)) & mask).data[0];
@@ -148,7 +149,7 @@ TEST(ultra_plonk_composer_splitting_tmp, create_gates_from_plookup_accumulators)
     }
 
     for (size_t i = num_lookups - 2; i < num_lookups; --i) {
-        expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen::lookup::PEDERSEN_TABLE_SIZE);
+        expected_scalars[i] += (expected_scalars[i + 1] * crypto::pedersen_hash::lookup::PEDERSEN_TABLE_SIZE);
     }
 
     size_t hi_shift = 126;
@@ -159,7 +160,7 @@ TEST(ultra_plonk_composer_splitting_tmp, create_gates_from_plookup_accumulators)
                   expected_scalars[i]);
         EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C2][i]), expected_x[i]);
         EXPECT_EQ(composer.get_variable(lookup_witnesses_lo[ColumnIdx::C3][i]), expected_y[i]);
-        hi_shift -= crypto::pedersen::lookup::BITS_PER_TABLE;
+        hi_shift -= crypto::pedersen_hash::lookup::BITS_PER_TABLE;
     }
 
     for (size_t i = 0; i < num_lookups_hi; ++i) {
@@ -212,9 +213,9 @@ TEST(ultra_plonk_composer_splitting_tmp, test_elliptic_gate)
     typedef grumpkin::g1::element element;
     auto composer = UltraPlonkComposer();
 
-    affine_element p1 = crypto::pedersen::get_generator_data({ 0, 0 }).generator;
+    affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator;
 
-    affine_element p2 = crypto::pedersen::get_generator_data({ 0, 1 }).generator;
+    affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator;
     affine_element p3(element(p1) + element(p2));
 
     uint32_t x1 = composer.add_variable(p1.x);

cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.test.cpp

@@ -1,9 +1,10 @@
 #include "turbo_circuit_constructor.hpp"
-#include "barretenberg/crypto/pedersen/pedersen.hpp"
+#include "barretenberg/crypto/generators/generator_data.hpp"
+#include "barretenberg/crypto/generators/fixed_base_scalar_mul.hpp"
 #include <gtest/gtest.h>
 
 using namespace barretenberg;
-using namespace crypto::pedersen;
+using namespace crypto::generators;
 
 namespace {
 auto& engine = numeric::random::get_debug_engine();
@@ -164,8 +165,8 @@ TEST(turbo_circuit_constructor, small_scalar_multipliers)
     constexpr size_t num_wnaf_bits = (num_quads << 1) + 1;
     constexpr size_t initial_exponent = ((num_bits & 1) == 1) ? num_bits - 1 : num_bits;
     constexpr uint64_t bit_mask = (1ULL << num_bits) - 1UL;
-    auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1);
-    const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
+    auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1);
+    const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
     grumpkin::g1::affine_element generator = gen_data.generator;
 
     grumpkin::g1::element origin_points[2];
@@ -204,7 +205,7 @@ TEST(turbo_circuit_constructor, small_scalar_multipliers)
     fr one = fr::one();
     fr three = ((one + one) + one);
     for (size_t i = 0; i < num_quads; ++i) {
-        uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK;
+        uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK;
         fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i];
         prev_accumulator = prev_accumulator + prev_accumulator;
 
@@ -287,8 +288,8 @@ TEST(turbo_circuit_constructor, large_scalar_multipliers)
     constexpr size_t num_wnaf_bits = (num_quads << 1) + 1;
 
     constexpr size_t initial_exponent = num_bits; // ((num_bits & 1) == 1) ? num_bits - 1 : num_bits;
-    auto gen_data = crypto::pedersen::get_generator_data(DEFAULT_GEN_1);
-    const crypto::pedersen::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
+    auto gen_data = crypto::generators::get_generator_data(DEFAULT_GEN_1);
+    const crypto::generators::fixed_base_ladder* ladder = gen_data.get_ladder(num_bits);
     grumpkin::g1::affine_element generator = gen_data.generator;
 
     grumpkin::g1::element origin_points[2];
@@ -328,7 +329,7 @@ TEST(turbo_circuit_constructor, large_scalar_multipliers)
     fr one = fr::one();
     fr three = ((one + one) + one);
     for (size_t i = 0; i < num_quads; ++i) {
-        uint64_t entry = wnaf_entries[i + 1] & crypto::pedersen::WNAF_MASK;
+        uint64_t entry = wnaf_entries[i + 1] & crypto::generators::WNAF_MASK;
         fr prev_accumulator = accumulator_transcript[i] + accumulator_transcript[i];
         prev_accumulator = prev_accumulator + prev_accumulator;
 

cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp

@@ -13,7 +13,7 @@
 namespace proof_system {
 
 static constexpr ComposerType type = ComposerType::PLOOKUP;
-static constexpr plonk::MerkleHashType merkle_hash_type = plonk::MerkleHashType::LOOKUP_PEDERSEN;
+static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN;
 static constexpr size_t NUM_RESERVED_GATES = 4; // This must be >= num_roots_cut_out_of_vanishing_polynomial
                                                 // See the comment in plonk/proof_system/prover/prover.cpp
                                                 // ProverBase::compute_quotient_commitments() for why 4 exactly.