From 27079cea23105aa4977dc774edd038f65adf762d Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 31 Mar 2023 17:21:45 +0000 Subject: [PATCH 001/119] Add flavor & shuffle; everything builds with clang --- .../composer/standard_honk_composer.test.cpp | 177 ++++++++++++++---- .../honk/proof_system/composer_helper.lib.hpp | 45 +++++ .../barretenberg/honk/proof_system/prover.cpp | 17 ++ .../proof_system/flavor/flavor.hpp | 125 +++++++++++++ .../proof_system/flavor/flavor.test.cpp | 100 +++++++--- 5 files changed, 403 insertions(+), 61 deletions(-) create mode 100644 cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 8ab126ba01..70292dda50 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -14,6 +14,53 @@ using namespace proof_system::honk; namespace test_standard_honk_composer { +TEST(StandardHonkComposer, BaseCase) +{ + auto composer = StandardHonkComposer(); + fr a = 1; + composer.circuit_constructor.add_variable(a); + + auto prover = composer.create_prover(); + plonk::proof proof = prover.construct_proof(); + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + ASSERT_TRUE(verified); +} + +TEST(StandardHonkComposer, TwoGates) +{ + auto run_test = [](bool expect_verified) { + auto composer = StandardHonkComposer(); + + // 1 + 1 - 2 = 0 + uint32_t w_l_1_idx; + if (expect_verified) { + w_l_1_idx = composer.circuit_constructor.add_variable(1); + } else { + w_l_1_idx = composer.circuit_constructor.add_variable(0); + } + uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1); + uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2); + composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); + + // 2 * 2 - 4 = 0 + uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2); + uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2); + uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4); + composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); + + auto prover = composer.create_prover(); + + plonk::proof proof = prover.construct_proof(); + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + EXPECT_EQ(verified, expect_verified); + }; + + run_test(/* expect_verified=*/true); + run_test(/* expect_verified=*/false); +} + /** * @brief The goal of this test is to check that the sigma permutation vectors for honk are generated correctly. * @@ -304,50 +351,106 @@ TEST(StandardHonkComposer, VerificationKeyCreation) composer.circuit_constructor.selectors.size() + composer.num_wires * 2 + 2); } -TEST(StandardHonkComposer, BaseCase) +/** + * @brief A test taking sumcheck relations and applying them to the witness and selector polynomials to ensure that the + * realtions are correct. + * + * TODO(Kesha): We'll have to update this function once we add zk, since the relation will be incorrect for he first few + * indices + * + */ +TEST(StandardHonkComposer, SumcheckRelationCorrectness) { - auto composer = StandardHonkComposer(); - fr a = 1; - composer.circuit_constructor.add_variable(a); - + // Create a composer and a dummy circuit with a few gates + StandardHonkComposer composer = StandardHonkComposer(); + static const size_t num_wires = StandardHonkComposer::num_wires; + fr a = fr::one(); + // Using the public variable to check that public_input_delta is computed and added to the relation correctly + uint32_t a_idx = composer.add_public_variable(a); + fr b = fr::one(); + fr c = a + b; + fr d = a + c; + uint32_t b_idx = composer.add_variable(b); + uint32_t c_idx = composer.add_variable(c); + uint32_t d_idx = composer.add_variable(d); + for (size_t i = 0; i < 16; i++) { + composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + } + // Create a prover (it will compute proving key and witness) auto prover = composer.create_prover(); - plonk::proof proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); - bool verified = verifier.verify_proof(proof); - ASSERT_TRUE(verified); -} -TEST(StandardHonkComposer, TwoGates) -{ - auto run_test = [](bool expect_verified) { - auto composer = StandardHonkComposer(); + // Generate beta and gamma + fr beta = fr::random_element(); + fr gamma = fr::random_element(); - // 1 + 1 - 2 = 0 - uint32_t w_l_1_idx; - if (expect_verified) { - w_l_1_idx = composer.circuit_constructor.add_variable(1); - } else { - w_l_1_idx = composer.circuit_constructor.add_variable(0); - } - uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1); - uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2); - composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); + // Compute public input delta + const auto public_inputs = composer.circuit_constructor.get_public_inputs(); + auto public_input_delta = + honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); - // 2 * 2 - 4 = 0 - uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4); - composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); + sumcheck::RelationParameters params{ + .beta = beta, + .gamma = gamma, + .public_input_delta = public_input_delta, + }; - auto prover = composer.create_prover(); + constexpr size_t num_polynomials = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; + // Compute grand product polynomial + polynomial z_perm_poly = + prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); + + // Create an array of spans to the underlying polynomials to more easily + // get the transposition. + // Ex: polynomial_spans[3][i] returns the i-th coefficient of the third polynomial + // in the list below + std::array, num_polynomials> evaluations_array; + + using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; + evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; + evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; + evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; + evaluations_array[POLYNOMIAL::Z_PERM] = z_perm_poly; + evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_poly.shifted(); + evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); + evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); + evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); + evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); + evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); + evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); + evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); + evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); + evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); + evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); + evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); + evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); + evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); + + // Construct the round for applying sumcheck relations and results for storing computed results + auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), + honk::sumcheck::GrandProductComputationRelation(), + honk::sumcheck::GrandProductInitializationRelation()); + + fr result = 0; + for (size_t i = 0; i < prover.key->circuit_size; i++) { + // Compute an array containing all the evaluations at a given row i + std::array evaluations_at_index_i; + for (size_t j = 0; j < num_polynomials; ++j) { + evaluations_at_index_i[j] = evaluations_array[j][i]; + } - plonk::proof proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); - bool verified = verifier.verify_proof(proof); - EXPECT_EQ(verified, expect_verified); - }; + // For each relation, call the `accumulate_relatiozn_evaluation` over all witness/selector values at the + // i-th row/vertex of the hypercube. + // We use ASSERT_EQ instead of EXPECT_EQ so that the tests stops at the first index at which the result is not + // 0, since result = 0 + C(transposed), which we expect will equal 0. + std::get<0>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + ASSERT_EQ(result, 0); - run_test(/* expect_verified=*/true); - run_test(/* expect_verified=*/false); + std::get<1>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + ASSERT_EQ(result, 0); + + std::get<2>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + ASSERT_EQ(result, 0); + } } } // namespace test_standard_honk_composer diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp new file mode 100644 index 0000000000..7ad9a88cab --- /dev/null +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -0,0 +1,45 @@ +// #pragma once +// #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +// #include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" + +// namespace proof_system::plonk { + +// /** +// * @brief Computes the verification key by computing the: +// * (1) commitments to the selector, permutation, and lagrange (first/last) polynomials, +// * (2) sets the polynomial manifest using the data from proving key. +// */ +// std::shared_ptr compute_verification_key_common( +// std::shared_ptr const& proving_key, std::shared_ptr const& vrs) +// { +// auto circuit_verification_key = std::make_shared( +// proving_key->circuit_size, proving_key->num_public_inputs, vrs, proving_key->composer_type); +// // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc +// auto commitment_key = proof_system::honk::pcs::kzg::CommitmentKey(proving_key->circuit_size, +// "../srs_db/ignition"); + +// for (size_t i = 0; i < proving_key->polynomial_manifest.size(); ++i) { +// const auto& poly_info = proving_key->polynomial_manifest[i]; + +// const std::string poly_label(poly_info.polynomial_label); +// const std::string selector_commitment_label(poly_info.commitment_label); + +// if (poly_info.source == PolynomialSource::SELECTOR || poly_info.source == PolynomialSource::PERMUTATION || +// poly_info.source == PolynomialSource::OTHER) { +// // Fetch the polynomial in its vector form. + +// // Commit to the constraint selector polynomial and insert the commitment in the verification key. + +// auto poly_commitment = commitment_key.commit(proving_key->polynomial_store.get(poly_label)); +// circuit_verification_key->commitments.insert({ selector_commitment_label, poly_commitment }); +// } +// } + +// // Set the polynomial manifest in verification key. +// circuit_verification_key->polynomial_manifest = +// proof_system::plonk::PolynomialManifest(proving_key->composer_type); + +// return circuit_verification_key; +// } + +// } // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index e728a40f75..d473de2c2f 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -38,6 +38,7 @@ using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; * * @tparam settings Settings class. * */ +// TODO(Cody): both input types are foo& in prototype template Prover::Prover(std::vector&& wire_polys, const std::shared_ptr input_key) @@ -47,6 +48,22 @@ Prover::Prover(std::vector&& wire_polys, { // Note(luke): This could be done programmatically with some hacks but this isnt too bad and its nice to see the // polys laid out explicitly. + // prover_polynomials.q_c = key->polynomial_store.get("q_c_lagrange"); + // prover_polynomials.q_l = key->polynomial_store.get("q_1_lagrange"); + // prover_polynomials.q_r = key->polynomial_store.get("q_2_lagrange"); + // prover_polynomials.q_o = key->polynomial_store.get("q_3_lagrange"); + // prover_polynomials.q_m = key->polynomial_store.get("q_m_lagrange"); + // prover_polynomials.sigma_1 = key->polynomial_store.get("sigma_1_lagrange"); + // prover_polynomials.sigma_2 = key->polynomial_store.get("sigma_2_lagrange"); + // prover_polynomials.sigma_3 = key->polynomial_store.get("sigma_3_lagrange"); + // prover_polynomials.id_1 = key->polynomial_store.get("id_1_lagrange"); + // prover_polynomials.id_2 = key->polynomial_store.get("id_2_lagrange"); + // prover_polynomials.id_3 = key->polynomial_store.get("id_3_lagrange"); + // prover_polynomials.lagrange_first = key->polynomial_store.get("L_first_lagrange"); + // prover_polynomials.lagrange_last = key->polynomial_store.get("L_last_lagrange"); + // prover_polynomials.w_l = wire_polynomials[0]; + // prover_polynomials.w_r = wire_polynomials[1]; + // prover_polynomials.w_o = wire_polynomials[2];template prover_polynomials[POLYNOMIAL::Q_C] = key->polynomial_store.get("q_c_lagrange"); prover_polynomials[POLYNOMIAL::Q_L] = key->polynomial_store.get("q_1_lagrange"); prover_polynomials[POLYNOMIAL::Q_R] = key->polynomial_store.get("q_2_lagrange"); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index e69de29bb2..8b4b98f5a6 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -0,0 +1,125 @@ +#pragma once +#include +#include +#include +#include +#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" +#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/polynomials/polynomial.hpp" + +// could be shared, but will it? +namespace proof_system::honk::flavor { +template class Data { + public: + using DataType = std::array; + DataType _data; + + // now it's safe to inherit from this... right? + virtual ~Data() = default; + + T& operator[](size_t idx) { return _data[idx]; }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::iterator end() { return _data.end(); }; + + consteval size_t size() { return _data.size(); }; +}; + +class Standard { + static constexpr size_t NUM_ALL_ENTITIES = 18; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + + public: + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialView = std::span; + using G1 = barretenberg::g1; + using Commitment = G1; + using CommitmentView = G1; // TODO(Cody): make a pointer? + + template class PrecomputedData : Data { + public: + T& q_m = std::get<0>(this->_data); + T& q_l = std::get<1>(this->_data); + T& q_r = std::get<2>(this->_data); + T& q_o = std::get<3>(this->_data); + T& q_c = std::get<4>(this->_data); + T& sigma_1 = std::get<5>(this->_data); + T& sigma_2 = std::get<6>(this->_data); + T& sigma_3 = std::get<7>(this->_data); + T& id_1 = std::get<8>(this->_data); + T& id_2 = std::get<9>(this->_data); + T& id_3 = std::get<10>(this->_data); + T& lagrange_first = std::get<11>(this->_data); + T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + }; + + // these can differ, but it's ideal to share co + using ProvingKey = PrecomputedData; + using VerificationKey = PrecomputedData; + + template struct AllData : Data { + public: + T& w_l = std::get<0>(this->_data); + T& w_r = std::get<1>(this->_data); + T& w_o = std::get<2>(this->_data); + T& z_perm = std::get<3>(this->_data); + T& z_perm_shift = std::get<4>(this->_data); + T& q_m = std::get<5>(this->_data); + T& q_l = std::get<6>(this->_data); + T& q_r = std::get<7>(this->_data); + T& q_o = std::get<8>(this->_data); + T& q_c = std::get<9>(this->_data); + T& sigma_1 = std::get<10>(this->_data); + T& sigma_2 = std::get<11>(this->_data); + T& sigma_3 = std::get<12>(this->_data); + T& id_1 = std::get<13>(this->_data); + T& id_2 = std::get<14>(this->_data); + T& id_3 = std::get<15>(this->_data); + T& lagrange_first = std::get<16>(this->_data); + T& lagrange_last = std::get<17>(this->_data); + + std::vector get_not_to_be_shifted() + { // ...z_perm_shift is in here? + return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, + id_1, id_2, id_3, lagrange_first, lagrange_last }; + }; + + std::vector get_to_be_shifted() { return { z_perm }; }; + + // TODO(Cody): Look for a better solution? + std::vector get_in_order() + { + std::vector result{ get_not_to_be_shifted() }; + std::vector to_be_shifted{ get_to_be_shifted() }; + result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); + return result; + }; + }; + // These are classes are views of data living in different entities. They + // provide the utility of grouping these and ranged `for` loops over subsets. + using ProverPolynomials = AllData; + using VerifierCommitments = AllData; + + // TODO: Handle univariates right + using ExtendedEdges = AllData>; + + using PurportedEvaluations = AllData; + + class CommitmentLabels : public AllData { + public: + // this does away with the ENUM_TO_COMM array while preserving the + // transcript interface, which takes a string + // + // note: we could consider "enriching" the transcript interface to not use + // strings in the future, but I leave it this way for simplicity + std::string w_l = "w_l"; + std::string w_r = "w_r"; + std::string w_o = "w_o"; + std::string p_0 = "p_0"; + std::string p_1 = "p_1"; + std::string q_0 = "q_0"; + std::string q_1 = "q_1"; + std::string s_0 = "s_0"; + }; +}; +} // namespace proof_system::honk::flavor diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 06accb9265..754f1a7cd6 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -1,30 +1,82 @@ -#include "flavor.hpp" - +#include "barretenberg/proof_system/flavor/flavor.hpp" +#include #include +#pragma GCC diagnostic ignored "-Wunused-local-typedefs" +#pragma GCC diagnostic ignored "-Wunused-variable" + namespace test_flavor { +TEST(Flavor, Standard) +{ + using Flavor = proof_system::honk::flavor::Standard; + using FF = Flavor::FF; + Flavor::ProvingKey proving_key; + Flavor::VerificationKey verification_key; + Flavor::ProverPolynomials prover_polynomials; + Flavor::VerifierCommitments verifier_commitments; + Flavor::ExtendedEdges edges; + Flavor::PurportedEvaluations evals; + Flavor::CommitmentLabels commitment_labels; + + EXPECT_EQ(prover_polynomials.size(), 18); + EXPECT_EQ(prover_polynomials.size(), prover_polynomials.get_in_order().size()); + EXPECT_EQ(commitment_labels.w_l, "w_l"); + + auto get_test_polynomial = [](size_t& idx) { + Flavor::Polynomial poly(4); + for (size_t i = 0; i < 4; i++) { + poly[i] = idx++; + }; + return poly; + }; + + size_t idx = 0; + auto w_l = get_test_polynomial(idx); + auto w_r = get_test_polynomial(idx); + auto w_o = get_test_polynomial(idx); + auto z_perm = get_test_polynomial(idx); + auto z_perm_shift = get_test_polynomial(idx); + auto q_m = get_test_polynomial(idx); + auto q_l = get_test_polynomial(idx); + auto q_r = get_test_polynomial(idx); + auto q_o = get_test_polynomial(idx); + auto q_c = get_test_polynomial(idx); + auto sigma_1 = get_test_polynomial(idx); + auto sigma_2 = get_test_polynomial(idx); + auto sigma_3 = get_test_polynomial(idx); + auto id_1 = get_test_polynomial(idx); + auto id_2 = get_test_polynomial(idx); + auto id_3 = get_test_polynomial(idx); + auto lagrange_first = get_test_polynomial(idx); + auto lagrange_last = get_test_polynomial(idx); + + prover_polynomials.w_l = w_l; + prover_polynomials.w_r = w_r; + prover_polynomials.w_o = w_o; + prover_polynomials.z_perm = z_perm; + prover_polynomials.z_perm_shift = z_perm_shift; + prover_polynomials.q_m = q_m; + prover_polynomials.q_l = q_l; + prover_polynomials.q_r = q_r; + prover_polynomials.q_o = q_o; + prover_polynomials.q_c = q_c; + prover_polynomials.sigma_1 = sigma_1; + prover_polynomials.sigma_2 = sigma_2; + prover_polynomials.sigma_3 = sigma_3; + prover_polynomials.id_1 = id_1; + prover_polynomials.id_2 = id_2; + prover_polynomials.id_3 = id_3; + prover_polynomials.lagrange_first = lagrange_first; + prover_polynomials.lagrange_last = lagrange_last; -// // TODO(Cody) This seems like a good idea, but I'm not sure why. -// TEST(Flavor, StandardArithmetization){ -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_L, 0); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_R, 1); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_O, 2); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Z_PERM, 3); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Z_PERM_SHIFT, 4); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_M, 5); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_L, 6); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_R, 7); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_O, 8); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_C, 9); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_1, 10); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_2, 11); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_3, 12); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_1, 13); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_2, 14); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_3, 15); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::LAGRANGE_FIRST, 16); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::COUNT, 17); - -// } + idx = 0; + for (auto& poly : prover_polynomials) { + EXPECT_EQ(poly[0], 4 * idx); + EXPECT_EQ(poly[1], 4 * idx + 1); + EXPECT_EQ(poly[2], 4 * idx + 2); + EXPECT_EQ(poly[3], 4 * idx + 3); + idx++; + }; +} } // namespace test_flavor From 6bc56b1566a655cdc1280d555381ec62708a5a38 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 6 Apr 2023 21:45:49 +0000 Subject: [PATCH 002/119] Template composer lib; split plonk tests pass. --- .../standard_honk_composer_helper.cpp | 15 +- .../standard_honk_composer_helper.hpp | 11 +- .../honk/composer/standard_honk_composer.hpp | 14 +- .../standard_plonk_composer_helper.cpp | 28 ++- .../standard_plonk_composer_helper.hpp | 5 +- .../turbo_plonk_composer_helper.cpp | 28 ++- .../turbo_plonk_composer_helper.hpp | 6 +- .../ultra_plonk_composer_helper.cpp | 34 ++-- .../ultra_plonk_composer_helper.hpp | 6 +- .../splitting_tmp/standard_plonk_composer.hpp | 4 +- .../splitting_tmp/turbo_plonk_composer.hpp | 4 +- .../splitting_tmp/ultra_plonk_composer.hpp | 3 +- .../standard_circuit_constructor.hpp | 1 - .../turbo_circuit_constructor.hpp | 1 - .../ultra_circuit_constructor.hpp | 1 - .../composer/composer_helper_lib.hpp | 126 +++++++------ .../composer/composer_helper_lib.test.cpp | 169 ++++++++++++++++++ .../proof_system/flavor/flavor.hpp | 70 +++++++- .../proof_system/flavor/flavor.test.cpp | 11 +- 19 files changed, 386 insertions(+), 151 deletions(-) create mode 100644 cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 6867d9af37..30f0f3c3f6 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -1,6 +1,7 @@ #include "standard_honk_composer_helper.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/honk/flavor/flavor.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" @@ -22,16 +23,15 @@ namespace proof_system::honk { * @param num_reserved_gates The number of reserved gates. * @return Pointer to the initialized proving key updated with selector polynomials. * */ -template -std::shared_ptr StandardHonkComposerHelper::compute_proving_key_base( +std::shared_ptr StandardHonkComposerHelper::compute_proving_key_base( const CircuitConstructor& constructor, const size_t minimum_circuit_size, const size_t num_randomized_gates) { // Initialize circuit_proving_key // TODO(#229)(Kesha): replace composer types. - circuit_proving_key = initialize_proving_key( + circuit_proving_key = initialize_proving_key( constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::STANDARD_HONK); // Compute lagrange selectors - construct_lagrange_selector_forms(constructor, circuit_proving_key.get()); + construct_selector_polynomials(constructor, circuit_proving_key.get()); return circuit_proving_key; } @@ -155,18 +155,17 @@ StandardVerifier StandardHonkComposerHelper::create_verifier return output_state; } -template +// template template // TODO(Cody): this file should be generic with regard to flavor/arithmetization/whatever. -StandardProver StandardHonkComposerHelper::create_prover( +StandardProver StandardHonkComposerHelper::create_prover( const CircuitConstructor& circuit_constructor) { compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); size_t num_sumcheck_rounds(circuit_proving_key->log_circuit_size); - // TODO(luke): what is this manifest? Remove? - auto manifest = Flavor::create_manifest(circuit_constructor.public_inputs.size(), num_sumcheck_rounds); + // auto manifest = Flavor::create_manifest(circuit_constructor.public_inputs.size(), num_sumcheck_rounds); StandardProver output_state(std::move(wire_polynomials), circuit_proving_key); return output_state; diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 5b033996d5..8ff6cc39a6 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -12,14 +12,15 @@ #include "barretenberg/proof_system/arithmetization/gate_data.hpp" #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/permutation_helper.hpp" - +#include "barretenberg/proof_system/flavor/flavor.hpp" #include namespace proof_system::honk { -// TODO(Kesha): change initializations to specify this parameter -// Cody: What does this mean? -template class StandardHonkComposerHelper { +class StandardHonkComposerHelper { public: + using Flavor = flavor::Standard; + using CircuitConstructor = typename Flavor::CircuitConstructor; + static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; std::shared_ptr circuit_proving_key; @@ -57,7 +58,7 @@ template class StandardHonkComposerHelper { StandardVerifier create_verifier(const CircuitConstructor& circuit_constructor); - template StandardProver create_prover(const CircuitConstructor& circuit_constructor); + StandardProver create_prover(const CircuitConstructor& circuit_constructor); // TODO(#216)(Adrian): Seems error prone to provide the number of randomized gates // Cody: Where should this go? In the flavor (or whatever that becomes)? diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index d99033e67d..0f15c44963 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -17,22 +17,22 @@ namespace proof_system::honk { */ class StandardHonkComposer { public: - static constexpr ComposerType type = ComposerType::STANDARD_HONK; - static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; - static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; + using Flavor = flavor::Standard; + using CircuitConstructor = StandardCircuitConstructor; + static constexpr ComposerType type = ComposerType::STANDARD_HONK; // TODO(Cody): Get rid of this. static constexpr size_t UINT_LOG2_BASE = 2; // An instantiation of the circuit constructor that only depends on arithmetization, not on the proof system - StandardCircuitConstructor circuit_constructor; + CircuitConstructor circuit_constructor; // Composer helper contains all proof-related material that is separate from circuit creation such as: // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - StandardHonkComposerHelper composer_helper; + StandardHonkComposerHelper composer_helper; // Leaving it in for now just in case bool contains_recursive_proof = false; - static constexpr size_t num_wires = StandardCircuitConstructor::num_wires; + static constexpr size_t num_wires = CircuitConstructor::num_wires; /**Standard methods*/ @@ -180,7 +180,7 @@ class StandardHonkComposer { void compute_witness() { composer_helper.compute_witness(circuit_constructor); }; StandardVerifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); } - StandardProver create_prover() { return composer_helper.create_prover(circuit_constructor); }; + StandardProver create_prover() { return composer_helper.create_prover(circuit_constructor); }; size_t& num_gates; std::vector& variables; diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp index 601de58dac..b8feab27d3 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp @@ -24,16 +24,15 @@ namespace proof_system::plonk { * * @tparam Program settings needed to establish if w_4 is being used. * */ -template -void StandardPlonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, - const size_t minimum_circuit_size) +void StandardPlonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, + const size_t minimum_circuit_size) { if (computed_witness) { return; } auto wire_polynomial_evaluations = - compute_witness_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); + construct_wire_polynomials_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); for (size_t j = 0; j < program_width; ++j) { std::string index = std::to_string(j + 1); @@ -54,8 +53,7 @@ void StandardPlonkComposerHelper::compute_witness(const Circ * * @return Pointer to the initialized proving key updated with selector polynomials. * */ -template -std::shared_ptr StandardPlonkComposerHelper::compute_proving_key( +std::shared_ptr StandardPlonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (circuit_proving_key) { @@ -65,12 +63,12 @@ std::shared_ptr StandardPlonkComposerHelper( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::STANDARD); // Compute lagrange selectors - construct_lagrange_selector_forms(circuit_constructor, circuit_proving_key.get()); + construct_selector_polynomials(circuit_constructor, circuit_proving_key.get()); // Make all selectors nonzero - enforce_nonzero_polynomial_selectors(circuit_constructor, circuit_proving_key.get()); + enforce_nonzero_selector_polynomials(circuit_constructor, circuit_proving_key.get()); // Compute selectors in monomial form compute_monomial_and_coset_selector_forms(circuit_proving_key.get(), standard_selector_properties()); @@ -90,8 +88,7 @@ std::shared_ptr StandardPlonkComposerHelper -std::shared_ptr StandardPlonkComposerHelper::compute_verification_key( +std::shared_ptr StandardPlonkComposerHelper::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (circuit_verification_key) { @@ -118,9 +115,7 @@ std::shared_ptr StandardPlonkComposerHelper -plonk::Verifier StandardPlonkComposerHelper::create_verifier( - const CircuitConstructor& circuit_constructor) +plonk::Verifier StandardPlonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); @@ -143,9 +138,7 @@ plonk::Verifier StandardPlonkComposerHelper::create_verifier * * @return Initialized prover. * */ -template -plonk::Prover StandardPlonkComposerHelper::create_prover( - const CircuitConstructor& circuit_constructor) +plonk::Prover StandardPlonkComposerHelper::create_prover(const CircuitConstructor& circuit_constructor) { // Compute q_l, etc. and sigma polynomials. compute_proving_key(circuit_constructor); @@ -172,5 +165,4 @@ plonk::Prover StandardPlonkComposerHelper::create_prover( return output_state; } -template class StandardPlonkComposerHelper; } // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp index 32085fcb57..f60a2c810b 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp @@ -1,5 +1,6 @@ #pragma once +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" @@ -14,8 +15,10 @@ namespace proof_system::plonk { // TODO(Kesha): change initializations to specify this parameter // Cody: What does this mean? -template class StandardPlonkComposerHelper { +class StandardPlonkComposerHelper { public: + using Flavor = plonk::flavor::Standard; + using CircuitConstructor = StandardCircuitConstructor; static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t program_width = CircuitConstructor::program_width; std::shared_ptr circuit_proving_key; diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp index c24524a928..5877225a38 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp @@ -29,8 +29,7 @@ namespace proof_system::plonk { * * @return Pointer to the initialized proving key updated with selector polynomials. * */ -template -std::shared_ptr TurboPlonkComposerHelper::compute_proving_key( +std::shared_ptr TurboPlonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (circuit_proving_key) { @@ -40,12 +39,12 @@ std::shared_ptr TurboPlonkComposerHelper const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key // TODO(#229)(Kesha): replace composer types. - circuit_proving_key = initialize_proving_key( + circuit_proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::TURBO); - construct_lagrange_selector_forms(circuit_constructor, circuit_proving_key.get()); + construct_selector_polynomials(circuit_constructor, circuit_proving_key.get()); - enforce_nonzero_polynomial_selectors(circuit_constructor, circuit_proving_key.get()); + enforce_nonzero_selector_polynomials(circuit_constructor, circuit_proving_key.get()); compute_monomial_and_coset_selector_forms(circuit_proving_key.get(), turbo_selector_properties()); @@ -63,8 +62,7 @@ std::shared_ptr TurboPlonkComposerHelper * * @return Pointer to created circuit verification key. * */ -template -std::shared_ptr TurboPlonkComposerHelper::compute_verification_key( +std::shared_ptr TurboPlonkComposerHelper::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (circuit_verification_key) { @@ -92,16 +90,15 @@ std::shared_ptr TurboPlonkComposerHelper -void TurboPlonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, - const size_t minimum_circuit_size) +void TurboPlonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, + const size_t minimum_circuit_size) { if (computed_witness) { return; } auto wire_polynomial_evaluations = - compute_witness_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); + construct_wire_polynomials_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); for (size_t j = 0; j < program_width; ++j) { std::string index = std::to_string(j + 1); @@ -119,9 +116,7 @@ void TurboPlonkComposerHelper::compute_witness(const Circuit * * @return Initialized prover. * */ -template -plonk::TurboProver TurboPlonkComposerHelper::create_prover( - const CircuitConstructor& circuit_constructor) +plonk::TurboProver TurboPlonkComposerHelper::create_prover(const CircuitConstructor& circuit_constructor) { // Compute q_l, etc. and sigma polynomials. compute_proving_key(circuit_constructor); @@ -160,9 +155,7 @@ plonk::TurboProver TurboPlonkComposerHelper::create_prover( * @return The verifier. * */ // TODO(Cody): This should go away altogether. -template -plonk::TurboVerifier TurboPlonkComposerHelper::create_verifier( - const CircuitConstructor& circuit_constructor) +plonk::TurboVerifier TurboPlonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); @@ -177,5 +170,4 @@ plonk::TurboVerifier TurboPlonkComposerHelper::create_verifi return output_state; } -template class TurboPlonkComposerHelper; } // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp index c18fff8d82..189ba02cbf 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp @@ -1,5 +1,6 @@ #pragma once +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" @@ -8,8 +9,11 @@ #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" namespace proof_system::plonk { -template class TurboPlonkComposerHelper { +class TurboPlonkComposerHelper { public: + using Flavor = plonk::flavor::Turbo; + using CircuitConstructor = TurboCircuitConstructor; + static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t program_width = CircuitConstructor::program_width; diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp index 26e7049443..ccf3d77351 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp @@ -19,8 +19,8 @@ namespace proof_system::plonk { * sorted `s` poly, lookup rows of the wire witnesses, the values of `z_lookup`, `z`. These are all calculated * elsewhere. */ -template -void UltraPlonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) + +void UltraPlonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) { if (computed_witness) { return; @@ -50,7 +50,8 @@ void UltraPlonkComposerHelper::compute_witness(CircuitConstr // TODO(luke): subgroup size was already computed above but compute_witness_base computes it again. If we pass in // NUM_RANDOMIZED_GATES (as in the other split composers) the resulting sizes can differ. Reconcile this. - auto wire_polynomial_evaluations = compute_witness_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES); + auto wire_polynomial_evaluations = + construct_wire_polynomials_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES); for (size_t j = 0; j < program_width; ++j) { std::string index = std::to_string(j + 1); @@ -141,8 +142,7 @@ void UltraPlonkComposerHelper::compute_witness(CircuitConstr computed_witness = true; } -template -UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) +UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) { finalize_circuit(circuit_constructor); @@ -192,9 +192,8 @@ UltraProver UltraPlonkComposerHelper::create_prover(CircuitC * @return The verifier. * */ // TODO(Cody): This should go away altogether. -template -plonk::UltraVerifier UltraPlonkComposerHelper::create_verifier( - const CircuitConstructor& circuit_constructor) + +plonk::UltraVerifier UltraPlonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); @@ -209,8 +208,7 @@ plonk::UltraVerifier UltraPlonkComposerHelper::create_verifi return output_state; } -template -std::shared_ptr UltraPlonkComposerHelper::compute_proving_key( +std::shared_ptr UltraPlonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (circuit_proving_key) { @@ -228,12 +226,12 @@ std::shared_ptr UltraPlonkComposerHelper::compu const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key // TODO(#229)(Kesha): replace composer types. - circuit_proving_key = initialize_proving_key( + circuit_proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::PLOOKUP); - construct_lagrange_selector_forms(circuit_constructor, circuit_proving_key.get()); + construct_selector_polynomials(circuit_constructor, circuit_proving_key.get()); - enforce_nonzero_polynomial_selectors(circuit_constructor, circuit_proving_key.get()); + enforce_nonzero_selector_polynomials(circuit_constructor, circuit_proving_key.get()); compute_monomial_and_coset_selector_forms(circuit_proving_key.get(), ultra_selector_properties()); @@ -346,8 +344,8 @@ std::shared_ptr UltraPlonkComposerHelper::compu * * @return Pointer to created circuit verification key. * */ -template -std::shared_ptr UltraPlonkComposerHelper::compute_verification_key( + +std::shared_ptr UltraPlonkComposerHelper::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (circuit_verification_key) { @@ -370,9 +368,8 @@ std::shared_ptr UltraPlonkComposerHelper -void UltraPlonkComposerHelper::add_table_column_selector_poly_to_proving_key( - polynomial& selector_poly_lagrange_form, const std::string& tag) +void UltraPlonkComposerHelper::add_table_column_selector_poly_to_proving_key(polynomial& selector_poly_lagrange_form, + const std::string& tag) { polynomial selector_poly_lagrange_form_copy(selector_poly_lagrange_form, circuit_proving_key->small_domain.size); @@ -387,5 +384,4 @@ void UltraPlonkComposerHelper::add_table_column_selector_pol circuit_proving_key->polynomial_store.put(tag + "_fft", std::move(selector_poly_coset_form)); } -template class UltraPlonkComposerHelper; } // namespace proof_system::plonk diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp index c66ce7eea0..b902d294e0 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp @@ -6,6 +6,7 @@ #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include #include @@ -13,8 +14,11 @@ namespace proof_system::plonk { // TODO(Kesha): change initializations to specify this parameter // Cody: What does this mean? -template class UltraPlonkComposerHelper { +class UltraPlonkComposerHelper { public: + using Flavor = plonk::flavor::Ultra; + using CircuitConstructor = UltraCircuitConstructor; + // TODO(luke): In the split composers, NUM_RANDOMIZED_GATES has replaced NUM_RESERVED_GATES (in some places) to // determine the next-power-of-2 circuit size. (There are some places in this composer that still use // NUM_RESERVED_GATES). Therefore for consistency within this composer itself, and consistency with the original diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp index 93524589c6..29d3bdff03 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp @@ -29,7 +29,7 @@ class StandardPlonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - StandardPlonkComposerHelper composer_helper; + StandardPlonkComposerHelper composer_helper; // Leaving it in for now just in case bool contains_recursive_proof = false; @@ -195,7 +195,7 @@ class StandardPlonkComposer { static transcript::Manifest create_manifest(const size_t num_public_inputs) { - return StandardPlonkComposerHelper::create_manifest(num_public_inputs); + return StandardPlonkComposerHelper::create_manifest(num_public_inputs); } size_t& num_gates; diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/turbo_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/turbo_plonk_composer.hpp index 1a9abf596f..950163dae1 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/turbo_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/turbo_plonk_composer.hpp @@ -26,7 +26,7 @@ class TurboPlonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - TurboPlonkComposerHelper composer_helper; + TurboPlonkComposerHelper composer_helper; size_t& num_gates; std::vector& variables; @@ -202,7 +202,7 @@ class TurboPlonkComposer { static transcript::Manifest create_manifest(const size_t num_public_inputs) { - return TurboPlonkComposerHelper::create_manifest(num_public_inputs); + return TurboPlonkComposerHelper::create_manifest(num_public_inputs); } bool failed() const { return circuit_constructor.failed(); }; diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp index ccc3ece628..6315d52b4d 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp @@ -1,4 +1,5 @@ #pragma once +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/plonk/composer/composer_base.hpp" #include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" @@ -23,7 +24,7 @@ class UltraPlonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - UltraPlonkComposerHelper composer_helper; + UltraPlonkComposerHelper composer_helper; size_t& num_gates; UltraPlonkComposer() diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index b627b17a9b..421d150e08 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -1,7 +1,6 @@ #pragma once #include #include "circuit_constructor_base.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" namespace proof_system { diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index 71dcca5c5e..d6a488a1c6 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -1,7 +1,6 @@ #pragma once #include #include "circuit_constructor_base.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" namespace proof_system { diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index 383dccb6f0..1895989b3b 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -3,7 +3,6 @@ #include "barretenberg/plonk/proof_system/types/polynomial_manifest.hpp" #include "circuit_constructor_base.hpp" #include "barretenberg/plonk/proof_system/constants.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/proof_system/types/merkle_hash_type.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/plonk/composer/plookup_tables/types.hpp" diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index c31dfe13b9..e3327cb4ee 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -1,6 +1,7 @@ #pragma once #include #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system { @@ -14,12 +15,13 @@ namespace proof_system { * @param composer_type The type of composer we are using * @return std::shared_ptr */ -template -std::shared_ptr initialize_proving_key(const CircuitConstructor& circuit_constructor, - ReferenceStringFactory* crs_factory, - const size_t minimum_circuit_size, - const size_t num_randomized_gates, - ComposerType composer_type) +template +std::shared_ptr initialize_proving_key( + const typename Flavor::CircuitConstructor& circuit_constructor, + ReferenceStringFactory* crs_factory, + const size_t minimum_circuit_size, + const size_t num_randomized_gates, + ComposerType composer_type) { const size_t num_gates = circuit_constructor.num_gates; std::span public_inputs = circuit_constructor.public_inputs; @@ -32,7 +34,7 @@ std::shared_ptr initialize_proving_key(const CircuitConstruc auto crs = crs_factory->get_prover_crs(subgroup_size + 1); - return std::make_shared(subgroup_size, num_public_inputs, crs, composer_type); + return std::make_shared(subgroup_size, num_public_inputs, crs, composer_type); } /** @@ -42,29 +44,29 @@ std::shared_ptr initialize_proving_key(const CircuitConstruc * @param circuit_constructor The object holding the circuit * @param key Pointer to the proving key */ -template -void construct_lagrange_selector_forms(const CircuitConstructor& circuit_constructor, - plonk::proving_key* circuit_proving_key) +template // TODO(Cody): Always Lagrange +void construct_selector_polynomials(const typename Flavor::CircuitConstructor& circuit_constructor, + typename Flavor::ProvingKey* proving_key) { const size_t num_public_inputs = circuit_constructor.public_inputs.size(); - for (size_t j = 0; j < circuit_constructor.num_selectors; ++j) { - std::span selector_values = circuit_constructor.selectors[j]; - ASSERT(circuit_proving_key->circuit_size >= selector_values.size()); + // TODO(Cody): Loose coupling here! Would rather build up pk from arithmetizaiton + size_t selector_idx = 0; + for (auto& selector_values : circuit_constructor.selectors) { + ASSERT(proving_key->circuit_size >= selector_values.size()); - // Compute selector vector, initialized to 0. // Copy the selector values for all gates, keeping the rows at which we store public inputs as 0. // Initializing the polynomials in this way automatically applies 0-padding to the selectors. - barretenberg::polynomial selector_poly_lagrange(circuit_proving_key->circuit_size); + barretenberg::polynomial selector_poly_lagrange(proving_key->circuit_size); for (size_t i = 0; i < selector_values.size(); ++i) { selector_poly_lagrange[num_public_inputs + i] = selector_values[i]; } - // TODO(#217)(Adrian): We may want to add a unique value (e.g. j+1) in the last position of each selector - // polynomial to guard against some edge cases that may occur during the MSM. If we do so, we should ensure that - // this does not clash with any other values we want to place at the end of of the witness vectors. In later - // iterations of the Sumcheck, we will be able to efficiently cancel out any checks in the last 2^k rows, so any - // randomness or unique values should be placed there. - circuit_proving_key->polynomial_store.put(circuit_constructor.selector_names_[j] + "_lagrange", - std::move(selector_poly_lagrange)); + if constexpr (IsHonkFlavor) { + proving_key->_data[selector_idx] = selector_poly_lagrange; + } else if constexpr (IsPlonkFlavor) { + proving_key->polynomial_store.put(circuit_constructor.selector_names_[selector_idx] + "_lagrange", + std::move(selector_poly_lagrange)); + } + selector_idx++; } } @@ -74,35 +76,47 @@ void construct_lagrange_selector_forms(const CircuitConstructor& circuit_constru * @tparam CircuitConstructor The class holding the circuit * @param circuit_constructor The object holding the circuit * @param key Pointer to the proving key + * + * @warning We should ensure that this does not clash with any other values we want to place at the end of of the + * witness vectors. In later iterations of the Sumcheck, we will be able to efficiently cancel out any checks in the + * last 2^k rows, so any randomness or unique values should be placed there. -@adr1anh */ -template -void enforce_nonzero_polynomial_selectors(const CircuitConstructor& circuit_constructor, - plonk::proving_key* circuit_proving_key) +template +void enforce_nonzero_selector_polynomials(const typename Flavor::CircuitConstructor& circuit_constructor, + typename Flavor::ProvingKey* proving_key) { - for (size_t j = 0; j < circuit_constructor.num_selectors; ++j) { - auto current_selector = - circuit_proving_key->polynomial_store.get(circuit_constructor.selector_names_[j] + "_lagrange"); - current_selector[current_selector.size() - 1] = j + 1; - circuit_proving_key->polynomial_store.put(circuit_constructor.selector_names_[j] + "_lagrange", - std::move(current_selector)); + if constexpr (IsHonkFlavor) { + size_t idx = 1; + for (auto selector : proving_key->get_selectors()) { + selector[selector.size() - 1] = idx; + idx++; + } + } else if constexpr (IsPlonkFlavor) { + for (size_t idx = 0; idx < circuit_constructor.num_selectors; ++idx) { + auto current_selector = + proving_key->polynomial_store.get(circuit_constructor.selector_names_[idx] + "_lagrange"); + current_selector[current_selector.size() - 1] = idx + 1; + proving_key->polynomial_store.put(circuit_constructor.selector_names_[idx] + "_lagrange", + std::move(current_selector)); + } } } /** - * Compute witness polynomials (w_1, w_2, w_3, w_4) and put them into polynomial cache + * @brief Construct the witness polynomials from the witness vectors in the circuit constructor. * - * @details Fills 3 or 4 witness polynomials w_1, w_2, w_3, w_4 with the values of in-circuit variables. The beginning - * of w_1, w_2 polynomials is filled with public_input values. - * @return Witness with computed witness polynomials. + * @details The first two witness polynomials bein with the public input values.of w_1, w_2 polynomials is filled with + * public_input values. + * @return A vector containing the computed witness polynomials. * - * @tparam Program settings needed to establish if w_4 is being used. + * @tparam Flavor provides the circuit constructor type and the number of wires. * */ -template -std::vector compute_witness_base(const CircuitConstructor& circuit_constructor, - const size_t minimum_circuit_size, - const size_t number_of_randomized_gates) +template +std::vector construct_wire_polynomials_base( + const typename Flavor::CircuitConstructor& circuit_constructor, + const size_t minimum_circuit_size, + const size_t number_of_randomized_gates) { - const size_t program_width = CircuitConstructor::program_width; const size_t num_gates = circuit_constructor.num_gates; std::span public_inputs = circuit_constructor.public_inputs; const size_t num_public_inputs = public_inputs.size(); @@ -117,36 +131,32 @@ std::vector compute_witness_base(const CircuitConstruc // construct a view over all the wire's variable indices // w[j][i] is the index of the variable in the j-th wire, at gate i // Each array should be of size `num_gates` - std::array, program_width> w; - w[0] = circuit_constructor.w_l; - w[1] = circuit_constructor.w_r; - w[2] = circuit_constructor.w_o; - if constexpr (program_width > 3) { - w[3] = circuit_constructor.w_4; - } - std::vector wires; + + std::vector wire_polynomials; // Note: randomness is added to 3 of the last 4 positions in plonk/proof_system/prover/prover.cpp // StandardProverBase::execute_preamble_round(). - for (size_t j = 0; j < program_width; ++j) { + size_t wire_idx = 0; + for (auto& wire : circuit_constructor.wires) { // Initialize the polynomial with all the actual copies variable values // Expect all values to be set to 0 initially barretenberg::polynomial w_lagrange(subgroup_size); - // Place all public inputs at the start of w_l and w_r. - // All selectors at these indices are set to 0 so these values are not constrained at all. - if ((j == 0) || (j == 1)) { + // Place all public inputs at the start of the first two wires. + // All selectors at these indices are set to 0, so these values are not constrained at all. + if (wire_idx < 2) { for (size_t i = 0; i < num_public_inputs; ++i) { w_lagrange[i] = circuit_constructor.get_variable(public_inputs[i]); } + wire_idx++; } - // Assign the variable values (which are pointed-to by the `w_` wires) to the wire witness polynomials - // `poly_w_`, shifted to make room for the public inputs at the beginning. + // Assign the variable values (which are pointed-to by the `w_` wire_polynomials) to the wire witness + // polynomials `poly_w_`, shifted to make room for the public inputs at the beginning. for (size_t i = 0; i < num_gates; ++i) { - w_lagrange[num_public_inputs + i] = circuit_constructor.get_variable(w[j][i]); + w_lagrange[num_public_inputs + i] = circuit_constructor.get_variable(wire[i]); } - wires.push_back(std::move(w_lagrange)); + wire_polynomials.push_back(std::move(w_lagrange)); } - return wires; + return wire_polynomials; } } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp new file mode 100644 index 0000000000..8449d99ed0 --- /dev/null +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp @@ -0,0 +1,169 @@ +#include +#include +#include "barretenberg/proof_system/flavor/flavor.hpp" // TODO: needed? +#include "barretenberg/proof_system/composer/composer_helper_lib.hpp" +#include "barretenberg/proof_system/types/composer_type.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" + +namespace proof_system::test_composer_lib { + +class ComposerLibTests : public ::testing::Test { + protected: + using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; + Flavor::CircuitConstructor circuit_constructor; + Flavor::ProvingKey proving_key = []() { + auto crs_factory = ReferenceStringFactory(); + auto crs = crs_factory.get_prover_crs(4); + return Flavor::ProvingKey(/*circuit_size=*/4, /*num_inputs=*/0, crs, ComposerType::STANDARD); + }(); +}; + +TEST_F(ComposerLibTests, InitializeProvingKey) +{ + static_assert(IsHonkFlavor); + + EXPECT_EQ(circuit_constructor.get_circuit_subgroup_size(7), 8); + + ReferenceStringFactory crs_factory; + + auto pk = initialize_proving_key(circuit_constructor, + &crs_factory, + /*minimum_circuit_size=*/2, + /*num_randomized_gates=*/2, + ComposerType::STANDARD); + EXPECT_EQ(pk->circuit_size, 8); + EXPECT_EQ(pk->num_inputs, 0); +} + +TEST_F(ComposerLibTests, ConstructSelectors) +{ + circuit_constructor.q_m = std::vector{ 1, 2, 3, 4 }; + circuit_constructor.q_1 = std::vector{ 5, 6, 7, 8 }; + circuit_constructor.q_2 = std::vector{ 9, 10, 11, 12 }; + circuit_constructor.q_3 = std::vector{ 13, 14, 15, 16 }; + circuit_constructor.q_c = std::vector{ 17, 18, 19, 20 }; + + construct_selector_polynomials(circuit_constructor, &proving_key); + + EXPECT_EQ(proving_key.q_m[0], 1); + EXPECT_EQ(proving_key.q_m[1], 2); + EXPECT_EQ(proving_key.q_m[2], 3); + EXPECT_EQ(proving_key.q_m[3], 4); + + EXPECT_EQ(proving_key.q_l[0], 5); + EXPECT_EQ(proving_key.q_l[1], 6); + EXPECT_EQ(proving_key.q_l[2], 7); + EXPECT_EQ(proving_key.q_l[3], 8); + + EXPECT_EQ(proving_key.q_r[0], 9); + EXPECT_EQ(proving_key.q_r[1], 10); + EXPECT_EQ(proving_key.q_r[2], 11); + EXPECT_EQ(proving_key.q_r[3], 12); + + EXPECT_EQ(proving_key.q_o[0], 13); + EXPECT_EQ(proving_key.q_o[1], 14); + EXPECT_EQ(proving_key.q_o[2], 15); + EXPECT_EQ(proving_key.q_o[3], 16); + + EXPECT_EQ(proving_key.q_c[0], 17); + EXPECT_EQ(proving_key.q_c[1], 18); + EXPECT_EQ(proving_key.q_c[2], 19); + EXPECT_EQ(proving_key.q_c[3], 20); +} + +TEST_F(ComposerLibTests, EnforceNonzeroSelectors) +{ + circuit_constructor.q_m = std::vector{ 0, 0, 0, 0 }; + circuit_constructor.q_1 = std::vector{ 0, 0, 0, 0 }; + circuit_constructor.q_2 = std::vector{ 0, 0, 0, 0 }; + circuit_constructor.q_3 = std::vector{ 0, 0, 0, 0 }; + circuit_constructor.q_c = std::vector{ 0, 0, 0, 0 }; + + construct_selector_polynomials(circuit_constructor, &proving_key); + enforce_nonzero_selector_polynomials(circuit_constructor, &proving_key); + + EXPECT_EQ(proving_key.q_m[3], 1); + EXPECT_EQ(proving_key.q_l[3], 2); + EXPECT_EQ(proving_key.q_r[3], 3); + EXPECT_EQ(proving_key.q_o[3], 4); + EXPECT_EQ(proving_key.q_c[3], 5); +} + +TEST_F(ComposerLibTests, ConstructWitnessPolynomialsBase) +{ + circuit_constructor.add_public_variable(1024); + circuit_constructor.add_public_variable(1025); + + uint32_t v_1 = circuit_constructor.add_variable(16 + 1); + uint32_t v_2 = circuit_constructor.add_variable(16 + 2); + uint32_t v_3 = circuit_constructor.add_variable(16 + 3); + uint32_t v_4 = circuit_constructor.add_variable(16 + 4); + uint32_t v_5 = circuit_constructor.add_variable(16 + 5); + uint32_t v_6 = circuit_constructor.add_variable(16 + 6); + uint32_t v_7 = circuit_constructor.add_variable(16 + 7); + uint32_t v_8 = circuit_constructor.add_variable(16 + 8); + uint32_t v_9 = circuit_constructor.add_variable(16 + 9); + uint32_t v_10 = circuit_constructor.add_variable(16 + 10); + uint32_t v_11 = circuit_constructor.add_variable(16 + 11); + uint32_t v_12 = circuit_constructor.add_variable(16 + 12); + + circuit_constructor.create_add_gate({ v_1, v_5, v_9, 0, 0, 0, 0 }); + circuit_constructor.create_add_gate({ v_2, v_6, v_10, 0, 0, 0, 0 }); + circuit_constructor.create_add_gate({ v_3, v_7, v_11, 0, 0, 0, 0 }); + circuit_constructor.create_add_gate({ v_4, v_8, v_12, 0, 0, 0, 0 }); + + /* Execution trace: + w_l w_r w_o + ------------------------------ + pub1_idx | pub1_idx | 0 <-- public inputs + pub2_idx | pub2_idx | 0 <-/ + zero_idx | zero_idx | zero_idx <-- fix witness for 0 + one_idx | zero_idx | zero_idx <-- fix witness for 1 + one_idx | one_idx | one_idx <-- ensure nonzero selectors... TODO(Cody): redundant now + v_1 | v_5 | v_9 + v_2 | v_6 | v_10 + v_3 | v_7 | v_11 + v_4 | v_8 | v_12 + + */ + + auto wires = construct_wire_polynomials_base(circuit_constructor, 1, 2); + auto& w_l = wires[0]; + auto& w_r = wires[1]; + auto& w_o = wires[2]; + auto& zero_idx = circuit_constructor.zero_idx; + auto& one_idx = circuit_constructor.one_idx; + + EXPECT_EQ(w_l[0], 1024); + EXPECT_EQ(w_l[1], 1025); + EXPECT_EQ(w_l[2], zero_idx); + EXPECT_EQ(w_l[3], one_idx); + EXPECT_EQ(w_l[4], one_idx); + EXPECT_EQ(w_l[5], 17); + EXPECT_EQ(w_l[6], 18); + EXPECT_EQ(w_l[7], 19); + EXPECT_EQ(w_l[8], 20); + + EXPECT_EQ(w_r[0], 1024); + EXPECT_EQ(w_r[1], 1025); + EXPECT_EQ(w_r[2], zero_idx); + EXPECT_EQ(w_r[3], zero_idx); + EXPECT_EQ(w_r[4], one_idx); + EXPECT_EQ(w_r[5], 21); + EXPECT_EQ(w_r[6], 22); + EXPECT_EQ(w_r[7], 23); + EXPECT_EQ(w_r[8], 24); + + EXPECT_EQ(w_o[0], 0); + EXPECT_EQ(w_o[1], 0); + EXPECT_EQ(w_o[2], zero_idx); + EXPECT_EQ(w_o[3], zero_idx); + EXPECT_EQ(w_o[4], one_idx); + EXPECT_EQ(w_o[5], 25); + EXPECT_EQ(w_o[6], 26); + EXPECT_EQ(w_o[7], 27); + EXPECT_EQ(w_o[8], 28); +} + +} // namespace proof_system::test_composer_lib diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 8b4b98f5a6..5583da4668 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -1,11 +1,17 @@ #pragma once #include +#include #include #include #include #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" // could be shared, but will it? namespace proof_system::honk::flavor { @@ -22,13 +28,21 @@ template class Data { typename DataType::iterator end() { return _data.end(); }; consteval size_t size() { return _data.size(); }; + + // Data(size_t initial_size) + // { + // for (auto& entity : _data) { + // entity = T(initial_size); + // }; + // } }; class Standard { + public: + using CircuitConstructor = proof_system::StandardCircuitConstructor; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - public: using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; @@ -36,7 +50,8 @@ class Standard { using Commitment = G1; using CommitmentView = G1; // TODO(Cody): make a pointer? - template class PrecomputedData : Data { + // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. + template class PrecomputedData : public Data { public: T& q_m = std::get<0>(this->_data); T& q_l = std::get<1>(this->_data); @@ -51,10 +66,28 @@ class Standard { T& id_3 = std::get<10>(this->_data); T& lagrange_first = std::get<11>(this->_data); T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; }; - // these can differ, but it's ideal to share co - using ProvingKey = PrecomputedData; + // TODO(Cody): Made this public derivation so that I could iterate through the selectors + + class ProvingKey : public PrecomputedData { + public: + const size_t circuit_size; + const size_t num_inputs; + std::shared_ptr crs; + const ComposerType type; // TODO(Cody): Get rid of this + + ProvingKey(const size_t circuit_size, + const size_t num_inputs, + std::shared_ptr const& crs, + ComposerType type) + : circuit_size(circuit_size) + , num_inputs(num_inputs) + , crs(crs) + , type(type){}; + }; using VerificationKey = PrecomputedData; template struct AllData : Data { @@ -123,3 +156,32 @@ class Standard { }; }; } // namespace proof_system::honk::flavor + +namespace proof_system::plonk::flavor { +struct Standard { + using CircuitConstructor = proof_system::StandardCircuitConstructor; + using ProvingKey = plonk::proving_key; +}; + +struct Turbo { + using CircuitConstructor = proof_system::TurboCircuitConstructor; + using ProvingKey = plonk::proving_key; +}; + +struct Ultra { + using CircuitConstructor = proof_system::UltraCircuitConstructor; + using ProvingKey = plonk::proving_key; +}; +} // namespace proof_system::plonk::flavor + +namespace proof_system { + +// Helper +template concept IsAnyOf = (std::same_as || ...); + +template +concept IsPlonkFlavor = IsAnyOf; + +template concept IsHonkFlavor = IsAnyOf; + +} // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 754f1a7cd6..bf2b678111 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -1,16 +1,21 @@ #include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" #include #include #pragma GCC diagnostic ignored "-Wunused-local-typedefs" #pragma GCC diagnostic ignored "-Wunused-variable" -namespace test_flavor { +namespace proof_system::test_flavor { TEST(Flavor, Standard) { using Flavor = proof_system::honk::flavor::Standard; using FF = Flavor::FF; - Flavor::ProvingKey proving_key; + Flavor::ProvingKey proving_key = []() { + auto crs_factory = ReferenceStringFactory(); + auto crs = crs_factory.get_prover_crs(4); + return Flavor::ProvingKey(/*circuit_size=*/4, /*num_inputs=*/0, crs, ComposerType::STANDARD); + }(); Flavor::VerificationKey verification_key; Flavor::ProverPolynomials prover_polynomials; Flavor::VerifierCommitments verifier_commitments; @@ -79,4 +84,4 @@ TEST(Flavor, Standard) }; } -} // namespace test_flavor +} // namespace proof_system::test_flavor From 7546bc37df1d404db4ed67fc15641f3b698e461b Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 11 Apr 2023 19:15:24 +0000 Subject: [PATCH 003/119] WIP on building Honk --- .../standard_honk_composer_helper.cpp | 85 ++-- .../standard_honk_composer_helper.hpp | 19 +- .../honk/composer/standard_honk_composer.hpp | 5 +- .../composer/standard_honk_composer.test.cpp | 25 +- .../honk/proof_system/verifier.test.cpp | 459 +++++++++--------- .../standard_plonk_composer_helper.cpp | 3 +- .../turbo_plonk_composer_helper.cpp | 3 +- .../ultra_plonk_composer_helper.cpp | 3 +- .../composer/composer_helper_lib.test.cpp | 4 +- .../composer/permutation_helper.hpp | 173 +++---- .../composer/permutation_helper.test.cpp | 83 ++++ .../proof_system/flavor/flavor.hpp | 29 +- 12 files changed, 498 insertions(+), 393 deletions(-) create mode 100644 cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 30f0f3c3f6..91e795e366 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -1,9 +1,11 @@ #include "standard_honk_composer_helper.hpp" +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" #include #include @@ -23,7 +25,7 @@ namespace proof_system::honk { * @param num_reserved_gates The number of reserved gates. * @return Pointer to the initialized proving key updated with selector polynomials. * */ -std::shared_ptr StandardHonkComposerHelper::compute_proving_key_base( +std::shared_ptr StandardHonkComposerHelper::compute_proving_key_base( const CircuitConstructor& constructor, const size_t minimum_circuit_size, const size_t num_randomized_gates) { // Initialize circuit_proving_key @@ -31,7 +33,7 @@ std::shared_ptr StandardHonkComposerHelper::compute_proving_ circuit_proving_key = initialize_proving_key( constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::STANDARD_HONK); // Compute lagrange selectors - construct_selector_polynomials(constructor, circuit_proving_key.get()); + construct_selector_polynomials(constructor, circuit_proving_key.get()); return circuit_proving_key; } @@ -42,29 +44,30 @@ std::shared_ptr StandardHonkComposerHelper::compute_proving_ * (2) sets the polynomial manifest using the data from proving key. */ -template -std::shared_ptr StandardHonkComposerHelper::compute_verification_key_base( - std::shared_ptr const& proving_key, std::shared_ptr const& vrs) +std::shared_ptr StandardHonkComposerHelper::compute_verification_key_base( + std::shared_ptr const& proving_key, + std::shared_ptr const& vrs) { auto key = std::make_shared( proving_key->circuit_size, proving_key->num_public_inputs, vrs, proving_key->composer_type); // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc auto commitment_key = pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); - // Compute and store commitments to all precomputed polynomials - key->commitments["Q_M"] = commitment_key.commit(proving_key->polynomial_store.get("q_m_lagrange")); - key->commitments["Q_1"] = commitment_key.commit(proving_key->polynomial_store.get("q_1_lagrange")); - key->commitments["Q_2"] = commitment_key.commit(proving_key->polynomial_store.get("q_2_lagrange")); - key->commitments["Q_3"] = commitment_key.commit(proving_key->polynomial_store.get("q_3_lagrange")); - key->commitments["Q_C"] = commitment_key.commit(proving_key->polynomial_store.get("q_c_lagrange")); - key->commitments["SIGMA_1"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_1_lagrange")); - key->commitments["SIGMA_2"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_2_lagrange")); - key->commitments["SIGMA_3"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_3_lagrange")); - key->commitments["ID_1"] = commitment_key.commit(proving_key->polynomial_store.get("id_1_lagrange")); - key->commitments["ID_2"] = commitment_key.commit(proving_key->polynomial_store.get("id_2_lagrange")); - key->commitments["ID_3"] = commitment_key.commit(proving_key->polynomial_store.get("id_3_lagrange")); - key->commitments["LAGRANGE_FIRST"] = commitment_key.commit(proving_key->polynomial_store.get("L_first_lagrange")); - key->commitments["LAGRANGE_LAST"] = commitment_key.commit(proving_key->polynomial_store.get("L_last_lagrange")); + // // Compute and store commitments to all precomputed polynomials + // key->commitments["Q_M"] = commitment_key.commit(proving_key->polynomial_store.get("q_m_lagrange")); + // key->commitments["Q_1"] = commitment_key.commit(proving_key->polynomial_store.get("q_1_lagrange")); + // key->commitments["Q_2"] = commitment_key.commit(proving_key->polynomial_store.get("q_2_lagrange")); + // key->commitments["Q_3"] = commitment_key.commit(proving_key->polynomial_store.get("q_3_lagrange")); + // key->commitments["Q_C"] = commitment_key.commit(proving_key->polynomial_store.get("q_c_lagrange")); + // key->commitments["SIGMA_1"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_1_lagrange")); + // key->commitments["SIGMA_2"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_2_lagrange")); + // key->commitments["SIGMA_3"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_3_lagrange")); + // key->commitments["ID_1"] = commitment_key.commit(proving_key->polynomial_store.get("id_1_lagrange")); + // key->commitments["ID_2"] = commitment_key.commit(proving_key->polynomial_store.get("id_2_lagrange")); + // key->commitments["ID_3"] = commitment_key.commit(proving_key->polynomial_store.get("id_3_lagrange")); + // key->commitments["LAGRANGE_FIRST"] = + // commitment_key.commit(proving_key->polynomial_store.get("L_first_lagrange")); key->commitments["LAGRANGE_LAST"] = + // commitment_key.commit(proving_key->polynomial_store.get("L_last_lagrange")); return key; } @@ -78,14 +81,14 @@ std::shared_ptr StandardHonkComposerHelper -void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, - const size_t minimum_circuit_size) +void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circuit_constructor, + const size_t minimum_circuit_size) { if (computed_witness) { return; } - wire_polynomials = compute_witness_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); + wire_polynomials = + construct_wire_polynomials_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); computed_witness = true; } @@ -97,20 +100,19 @@ void StandardHonkComposerHelper::compute_witness(const Circu * @return Proving key with saved computed polynomials. * */ -template -std::shared_ptr StandardHonkComposerHelper::compute_proving_key( +std::shared_ptr StandardHonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (circuit_proving_key) { return circuit_proving_key; } // Compute q_l, q_r, q_o, etc polynomials + // WORKTODO(Cody): meaningless constructor here StandardHonkComposerHelper::compute_proving_key_base(circuit_constructor, ComposerType::STANDARD_HONK); // Compute sigma polynomials (we should update that late) - compute_standard_honk_sigma_permutations(circuit_constructor, - circuit_proving_key.get()); - compute_standard_honk_id_polynomials(circuit_proving_key.get()); + compute_standard_honk_sigma_permutations(circuit_constructor, circuit_proving_key.get()); + compute_standard_honk_id_polynomials(circuit_proving_key.get()); compute_first_and_last_lagrange_polynomials(circuit_proving_key.get()); @@ -122,8 +124,7 @@ std::shared_ptr StandardHonkComposerHelper -std::shared_ptr StandardHonkComposerHelper::compute_verification_key( +std::shared_ptr StandardHonkComposerHelper::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (circuit_verification_key) { @@ -140,9 +141,7 @@ std::shared_ptr StandardHonkComposerHelper -StandardVerifier StandardHonkComposerHelper::create_verifier( - const CircuitConstructor& circuit_constructor) +StandardVerifier StandardHonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { compute_verification_key(circuit_constructor); StandardVerifier output_state(circuit_verification_key); @@ -155,22 +154,20 @@ StandardVerifier StandardHonkComposerHelper::create_verifier return output_state; } -// template -template -// TODO(Cody): this file should be generic with regard to flavor/arithmetization/whatever. -StandardProver StandardHonkComposerHelper::create_prover( - const CircuitConstructor& circuit_constructor) +StandardProver StandardHonkComposerHelper::create_prover(const CircuitConstructor& circuit_constructor) { compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - size_t num_sumcheck_rounds(circuit_proving_key->log_circuit_size); - // auto manifest = Flavor::create_manifest(circuit_constructor.public_inputs.size(), num_sumcheck_rounds); - StandardProver output_state(std::move(wire_polynomials), circuit_proving_key); + // size_t num_sumcheck_rounds(circuit_proving_key->log_circuit_size); + // StandardProver output_state(std::move(wire_polynomials), circuit_proving_key); + // WORKTODO + auto crs_factory = ReferenceStringFactory(); + auto crs = crs_factory.get_prover_crs(999); + auto pk_ptr = std::make_shared(12, 2, crs, ComposerType::STANDARD); + + StandardProver output_state(std::move(wire_polynomials), pk_ptr); return output_state; } -template class StandardHonkComposerHelper; -template StandardProver StandardHonkComposerHelper::create_prover( - const StandardCircuitConstructor& circuit_constructor); } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 8ff6cc39a6..f89847a6e3 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -19,11 +19,12 @@ namespace proof_system::honk { class StandardHonkComposerHelper { public: using Flavor = flavor::Standard; - using CircuitConstructor = typename Flavor::CircuitConstructor; + using CircuitConstructor = Flavor::CircuitConstructor; + using ProvingKey = Flavor::ProvingKey; // WORKTODO: undo this changed; not needed static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; - std::shared_ptr circuit_proving_key; + std::shared_ptr circuit_proving_key; std::vector wire_polynomials; std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs @@ -42,8 +43,7 @@ class StandardHonkComposerHelper { StandardHonkComposerHelper(std::unique_ptr&& crs_factory) : crs_factory_(std::move(crs_factory)) {} - StandardHonkComposerHelper(std::shared_ptr p_key, - std::shared_ptr v_key) + StandardHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) : circuit_proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} @@ -53,7 +53,7 @@ class StandardHonkComposerHelper { StandardHonkComposerHelper& operator=(const StandardHonkComposerHelper& other) = delete; ~StandardHonkComposerHelper() = default; - std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); + std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); StandardVerifier create_verifier(const CircuitConstructor& circuit_constructor); @@ -62,14 +62,13 @@ class StandardHonkComposerHelper { // TODO(#216)(Adrian): Seems error prone to provide the number of randomized gates // Cody: Where should this go? In the flavor (or whatever that becomes)? - std::shared_ptr compute_proving_key_base( - const CircuitConstructor& circuit_constructor, - const size_t minimum_ciricut_size = 0, - const size_t num_randomized_gates = NUM_RANDOMIZED_GATES); + std::shared_ptr compute_proving_key_base(const CircuitConstructor& circuit_constructor, + const size_t minimum_ciricut_size = 0, + const size_t num_randomized_gates = NUM_RANDOMIZED_GATES); // This needs to be static as it may be used only to compute the selector commitments. static std::shared_ptr compute_verification_key_base( - std::shared_ptr const& proving_key, std::shared_ptr const& vrs); + std::shared_ptr const& proving_key, std::shared_ptr const& vrs); void compute_witness(const CircuitConstructor& circuit_constructor, const size_t minimum_circuit_size = 0); }; diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 0f15c44963..b985666f23 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -19,6 +19,7 @@ class StandardHonkComposer { public: using Flavor = flavor::Standard; using CircuitConstructor = StandardCircuitConstructor; + using ProvingKey = typename Flavor::ProvingKey; static constexpr ComposerType type = ComposerType::STANDARD_HONK; // TODO(Cody): Get rid of this. static constexpr size_t UINT_LOG2_BASE = 2; @@ -61,7 +62,7 @@ class StandardHonkComposer { {} - StandardHonkComposer(std::shared_ptr const& p_key, + StandardHonkComposer(std::shared_ptr const& p_key, std::shared_ptr const& v_key, size_t size_hint = 0) : circuit_constructor(size_hint) @@ -165,7 +166,7 @@ class StandardHonkComposer { /**Proof and verification-related methods*/ - std::shared_ptr compute_proving_key() + std::shared_ptr compute_proving_key() { return composer_helper.compute_proving_key(circuit_constructor); } diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 70292dda50..16f2d3a7fa 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -8,6 +8,7 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/honk/utils/public_inputs.hpp" +#include "barretenberg/polynomials/polynomial.hpp" #include @@ -89,7 +90,9 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) // Let's check that indices are the same and nothing is lost, first for (size_t j = 0; j < composer.num_wires; ++j) { std::string index = std::to_string(j + 1); - const auto& sigma_j = proving_key->polynomial_store.get("sigma_" + index + "_lagrange"); + const auto& sigma_j = barretenberg::polynomial(); + // WORKTODO + // const auto& sigma_j = proving_key->polynomial_store.get("sigma_" + index + "_lagrange"); for (size_t i = 0; i < n; ++i) { left *= (gamma + j * n + i); right *= (gamma + sigma_j[i]); @@ -115,9 +118,13 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) for (size_t j = 0; j < composer.num_wires; ++j) { std::string index = std::to_string(j + 1); - const auto& permutation_polynomial = proving_key->polynomial_store.get("sigma_" + index + "_lagrange"); + const auto& permutation_polynomial = barretenberg::polynomial(10); + // WORKTODO + // const auto& permutation_polynomial = proving_key->polynomial_store.get("sigma_" + index + "_lagrange"); const auto& witness_polynomial = composer.composer_helper.wire_polynomials[j]; - const auto& id_polynomial = proving_key->polynomial_store.get("id_" + index + "_lagrange"); + const auto& id_polynomial = barretenberg::polynomial(10); + // WORKTODO + // const auto& id_polynomial = proving_key->polynomial_store.get("id_" + index + "_lagrange"); // left = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅ind(i,j) + γ) // right = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅σ(i,j) + γ) for (size_t i = 0; i < proving_key->circuit_size; ++i) { @@ -203,7 +210,10 @@ TEST(StandardHonkComposer, LagrangeCorrectness) random_polynomial[i] = barretenberg::fr::random_element(); } // Compute inner product of random polynomial and the first lagrange polynomial - barretenberg::polynomial first_lagrange_polynomial = proving_key->polynomial_store.get("L_first_lagrange"); + + auto first_lagrange_polynomial = barretenberg::polynomial(10); + // WORKTODO + // barretenberg::polynomial first_lagrange_polynomial = proving_key->polynomial_store.get("L_first_lagrange"); barretenberg::fr first_product(0); for (size_t i = 0; i < proving_key->circuit_size; i++) { first_product += random_polynomial[i] * first_lagrange_polynomial[i]; @@ -211,7 +221,9 @@ TEST(StandardHonkComposer, LagrangeCorrectness) EXPECT_EQ(first_product, random_polynomial[0]); // Compute inner product of random polynomial and the last lagrange polynomial - barretenberg::polynomial last_lagrange_polynomial = proving_key->polynomial_store.get("L_last_lagrange"); + auto last_lagrange_polynomial = barretenberg::polynomial(10); + // WORKTODO + // barretenberg::polynomial last_lagrange_polynomial = proving_key->polynomial_store.get("L_last_lagrange"); barretenberg::fr last_product(0); for (size_t i = 0; i < proving_key->circuit_size; i++) { last_product += random_polynomial[i] * last_lagrange_polynomial[i]; @@ -260,7 +272,8 @@ TEST(StandardHonkComposer, AssertEquals) // Put the sigma polynomials into a vector for easy access for (size_t i = 0; i < composer.num_wires; i++) { std::string index = std::to_string(i + 1); - sigma_polynomials.push_back(proving_key->polynomial_store.get("sigma_" + index + "_lagrange")); + // WORKTODO + // sigma_polynomials.push_back(proving_key->polynomial_store.get("sigma_" + index + "_lagrange")); } // Let's compute the maximum cycle diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp index 903ea36adb..53888fb83e 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp @@ -1,228 +1,231 @@ -#include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" -#include "prover.hpp" -#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" -#include "barretenberg/transcript/transcript.hpp" -#include "verifier.hpp" -#include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp" -#include -#include "barretenberg/srs/reference_string/file_reference_string.hpp" -#include "barretenberg/polynomials/polynomial_arithmetic.hpp" -#include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp" -#include "barretenberg/proof_system/composer/permutation_helper.hpp" -#include - -using namespace barretenberg; -using namespace proof_system::honk; - -namespace test_honk_verifier { - -template class VerifierTests : public testing::Test { - public: - static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds) - { - return honk::StandardHonk::create_manifest(num_public_inputs, num_sumcheck_rounds); - } - - static StandardVerifier generate_verifier(std::shared_ptr circuit_proving_key) - { - std::array poly_coefficients; - poly_coefficients[0] = circuit_proving_key->polynomial_store.get("q_1_lagrange").get_coefficients(); - poly_coefficients[1] = circuit_proving_key->polynomial_store.get("q_2_lagrange").get_coefficients(); - poly_coefficients[2] = circuit_proving_key->polynomial_store.get("q_3_lagrange").get_coefficients(); - poly_coefficients[3] = circuit_proving_key->polynomial_store.get("q_m_lagrange").get_coefficients(); - poly_coefficients[4] = circuit_proving_key->polynomial_store.get("q_c_lagrange").get_coefficients(); - poly_coefficients[5] = circuit_proving_key->polynomial_store.get("sigma_1_lagrange").get_coefficients(); - poly_coefficients[6] = circuit_proving_key->polynomial_store.get("sigma_2_lagrange").get_coefficients(); - poly_coefficients[7] = circuit_proving_key->polynomial_store.get("sigma_3_lagrange").get_coefficients(); - - std::vector commitments; - scalar_multiplication::pippenger_runtime_state prover(circuit_proving_key->circuit_size); - commitments.resize(8); - - for (size_t i = 0; i < 8; ++i) { - commitments[i] = g1::affine_element( - scalar_multiplication::pippenger(poly_coefficients[i], - circuit_proving_key->reference_string->get_monomial_points(), - circuit_proving_key->circuit_size, - prover)); - } - - auto crs = std::make_shared("../srs_db/ignition"); - auto circuit_verification_key = - std::make_shared(circuit_proving_key->circuit_size, - circuit_proving_key->num_public_inputs, - crs, - circuit_proving_key->composer_type); - - circuit_verification_key->commitments.insert({ "Q_1", commitments[0] }); - circuit_verification_key->commitments.insert({ "Q_2", commitments[1] }); - circuit_verification_key->commitments.insert({ "Q_3", commitments[2] }); - circuit_verification_key->commitments.insert({ "Q_M", commitments[3] }); - circuit_verification_key->commitments.insert({ "Q_C", commitments[4] }); - - circuit_verification_key->commitments.insert({ "SIGMA_1", commitments[5] }); - circuit_verification_key->commitments.insert({ "SIGMA_2", commitments[6] }); - circuit_verification_key->commitments.insert({ "SIGMA_3", commitments[7] }); - - StandardVerifier verifier(circuit_verification_key); - - // std::unique_ptr> kate_commitment_scheme = - // std::make_unique>(); - // verifier.commitment_scheme = std::move(kate_commitment_scheme); - - return verifier; - } - - // Note: this example is adapted from a corresponding PlonK verifier test. - static StandardProver generate_test_data(const size_t n) - { - // Create some constraints that satisfy our arithmetic circuit relation - // even indices = mul gates, odd incides = add gates - - auto crs = std::make_shared(n + 1, "../srs_db/ignition"); - std::shared_ptr proving_key = - std::make_shared(n, 0, crs, ComposerType::STANDARD_HONK); - - polynomial w_l(n); - polynomial w_r(n); - polynomial w_o(n); - polynomial q_l(n); - polynomial q_r(n); - polynomial q_o(n); - polynomial q_c(n); - polynomial q_m(n); - - fr T0; - for (size_t i = 0; i < n / 4; ++i) { - w_l.at(2 * i) = fr::random_element(); - w_r.at(2 * i) = fr::random_element(); - w_o.at(2 * i) = w_l.at(2 * i) * w_r.at(2 * i); - w_o[2 * i] = w_o[2 * i] + w_l[2 * i]; - w_o[2 * i] = w_o[2 * i] + w_r[2 * i]; - w_o[2 * i] = w_o[2 * i] + fr::one(); - q_l.at(2 * i) = fr::one(); - q_r.at(2 * i) = fr::one(); - q_o.at(2 * i) = fr::neg_one(); - q_c.at(2 * i) = fr::one(); - q_m.at(2 * i) = fr::one(); - - w_l.at(2 * i + 1) = fr::random_element(); - w_r.at(2 * i + 1) = fr::random_element(); - w_o.at(2 * i + 1) = fr::random_element(); - - T0 = w_l.at(2 * i + 1) + w_r.at(2 * i + 1); - q_c.at(2 * i + 1) = T0 + w_o.at(2 * i + 1); - q_c.at(2 * i + 1).self_neg(); - q_l.at(2 * i + 1) = fr::one(); - q_r.at(2 * i + 1) = fr::one(); - q_o.at(2 * i + 1) = fr::one(); - q_m.at(2 * i + 1) = fr::zero(); - } - size_t shift = n / 2; - polynomial_arithmetic::copy_polynomial(&w_l.at(0), &w_l.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&w_r.at(0), &w_r.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&w_o.at(0), &w_o.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&q_m.at(0), &q_m.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&q_l.at(0), &q_l.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&q_r.at(0), &q_r.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&q_o.at(0), &q_o.at(shift), shift, shift); - polynomial_arithmetic::copy_polynomial(&q_c.at(0), &q_c.at(shift), shift, shift); - - std::vector sigma_1_mapping; - std::vector sigma_2_mapping; - std::vector sigma_3_mapping; - // create basic permutation - second half of witness vector is a copy of the first half - sigma_1_mapping.resize(n); - sigma_2_mapping.resize(n); - sigma_3_mapping.resize(n); - - for (size_t i = 0; i < n / 2; ++i) { - sigma_1_mapping[shift + i] = (uint32_t)i; - sigma_2_mapping[shift + i] = (uint32_t)i + (1U << 30U); - sigma_3_mapping[shift + i] = (uint32_t)i + (1U << 31U); - sigma_1_mapping[i] = (uint32_t)(i + shift); - sigma_2_mapping[i] = (uint32_t)(i + shift) + (1U << 30U); - sigma_3_mapping[i] = (uint32_t)(i + shift) + (1U << 31U); - } - // make last permutation the same as identity permutation - // we are setting the permutation in the last 4 gates as identity permutation since - // we are cutting out 4 roots as of now. - size_t num_roots_cut_out_of_the_vanishing_polynomial = 4; - for (uint32_t j = 0; j < num_roots_cut_out_of_the_vanishing_polynomial; ++j) { - sigma_1_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j; - sigma_2_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j + (1U << 30U); - sigma_3_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j + (1U << 31U); - sigma_1_mapping[n - 1 - j] = (uint32_t)n - 1 - j; - sigma_2_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 30U); - sigma_3_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 31U); - } - - polynomial sigma_1(proving_key->circuit_size); - polynomial sigma_2(proving_key->circuit_size); - polynomial sigma_3(proving_key->circuit_size); - - // plonk::compute_permutation_lagrange_base_single(sigma_1, sigma_1_mapping, - // proving_key->small_domain); plonk::compute_permutation_lagrange_base_single(sigma_2, - // sigma_2_mapping, proving_key->small_domain); - // plonk::compute_permutation_lagrange_base_single(sigma_3, sigma_3_mapping, - // proving_key->small_domain); - - polynomial sigma_1_lagrange_base(sigma_1, proving_key->circuit_size); - polynomial sigma_2_lagrange_base(sigma_2, proving_key->circuit_size); - polynomial sigma_3_lagrange_base(sigma_3, proving_key->circuit_size); - - proving_key->polynomial_store.put("sigma_1_lagrange", std::move(sigma_1_lagrange_base)); - proving_key->polynomial_store.put("sigma_2_lagrange", std::move(sigma_2_lagrange_base)); - proving_key->polynomial_store.put("sigma_3_lagrange", std::move(sigma_3_lagrange_base)); - - compute_standard_honk_id_polynomials<3>(proving_key); - compute_first_and_last_lagrange_polynomials(proving_key); - - proving_key->polynomial_store.put("w_1_lagrange", std::move(w_l)); - proving_key->polynomial_store.put("w_2_lagrange", std::move(w_r)); - proving_key->polynomial_store.put("w_3_lagrange", std::move(w_o)); - - proving_key->polynomial_store.put("q_1_lagrange", std::move(q_l)); - proving_key->polynomial_store.put("q_2_lagrange", std::move(q_r)); - proving_key->polynomial_store.put("q_3_lagrange", std::move(q_o)); - proving_key->polynomial_store.put("q_m_lagrange", std::move(q_m)); - proving_key->polynomial_store.put("q_c_lagrange", std::move(q_c)); - - // TODO(#223)(Cody): This should be more generic - std::vector witness_polynomials; - auto prover = StandardProver(std::move(witness_polynomials), proving_key); - - std::unique_ptr kate_commitment_key = - std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); - - return prover; - } -}; - -using FieldTypes = testing::Types; -TYPED_TEST_SUITE(VerifierTests, FieldTypes); - -// This test is modeled after a corresponding test for the Plonk Verifier. As is the case there, this test relies on -// valid proof construction which makes the scope quite large. Not really a unit test but a nice test nonetheless. -// TODO(#223)(Luke/Cody): Make this a meaningful test (or remove altogether) -TYPED_TEST(VerifierTests, VerifyArithmeticProofSmall) -{ - GTEST_SKIP() << "It's good to have a standalone test, but for now we just rely on composer tests."; - size_t n = 8; - - StandardProver prover = TestFixture::generate_test_data(n); - - StandardVerifier verifier = TestFixture::generate_verifier(prover.key); - - // construct proof - plonk::proof proof = prover.construct_proof(); - - // verify proof - bool result = verifier.verify_proof(proof); - - EXPECT_EQ(result, true); -} - -} // namespace test_honk_verifier +// // WORKTODO +// #include "barretenberg/numeric/bitop/get_msb.hpp" +// #include "barretenberg/plonk/proof_system/constants.hpp" +// #include "barretenberg/polynomials/polynomial.hpp" +// #include "barretenberg/honk/flavor/flavor.hpp" +// #include "barretenberg/proof_system/flavor/flavor.hpp" +// #include "prover.hpp" +// #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +// #include "barretenberg/transcript/transcript.hpp" +// #include "verifier.hpp" +// #include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp" +// #include +// #include "barretenberg/srs/reference_string/file_reference_string.hpp" +// #include "barretenberg/polynomials/polynomial_arithmetic.hpp" +// #include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp" +// #include "barretenberg/proof_system/composer/permutation_helper.hpp" +// #include + +// using namespace barretenberg; +// using namespace proof_system::honk; + +// namespace test_honk_verifier { + +// template class VerifierTests : public testing::Test { +// public: +// static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds) +// { +// return honk::StandardHonk::create_manifest(num_public_inputs, num_sumcheck_rounds); +// } + +// static StandardVerifier generate_verifier(std::shared_ptr circuit_proving_key) +// { +// std::array poly_coefficients; +// poly_coefficients[0] = circuit_proving_key->polynomial_store.get("q_1_lagrange").get_coefficients(); +// poly_coefficients[1] = circuit_proving_key->polynomial_store.get("q_2_lagrange").get_coefficients(); +// poly_coefficients[2] = circuit_proving_key->polynomial_store.get("q_3_lagrange").get_coefficients(); +// poly_coefficients[3] = circuit_proving_key->polynomial_store.get("q_m_lagrange").get_coefficients(); +// poly_coefficients[4] = circuit_proving_key->polynomial_store.get("q_c_lagrange").get_coefficients(); +// poly_coefficients[5] = circuit_proving_key->polynomial_store.get("sigma_1_lagrange").get_coefficients(); +// poly_coefficients[6] = circuit_proving_key->polynomial_store.get("sigma_2_lagrange").get_coefficients(); +// poly_coefficients[7] = circuit_proving_key->polynomial_store.get("sigma_3_lagrange").get_coefficients(); + +// std::vector commitments; +// scalar_multiplication::pippenger_runtime_state prover(circuit_proving_key->circuit_size); +// commitments.resize(8); + +// for (size_t i = 0; i < 8; ++i) { +// commitments[i] = g1::affine_element( +// scalar_multiplication::pippenger(poly_coefficients[i], +// circuit_proving_key->reference_string->get_monomial_points(), +// circuit_proving_key->circuit_size, +// prover)); +// } + +// auto crs = std::make_shared("../srs_db/ignition"); +// auto circuit_verification_key = +// std::make_shared(circuit_proving_key->circuit_size, +// circuit_proving_key->num_public_inputs, +// crs, +// circuit_proving_key->composer_type); + +// circuit_verification_key->commitments.insert({ "Q_1", commitments[0] }); +// circuit_verification_key->commitments.insert({ "Q_2", commitments[1] }); +// circuit_verification_key->commitments.insert({ "Q_3", commitments[2] }); +// circuit_verification_key->commitments.insert({ "Q_M", commitments[3] }); +// circuit_verification_key->commitments.insert({ "Q_C", commitments[4] }); + +// circuit_verification_key->commitments.insert({ "SIGMA_1", commitments[5] }); +// circuit_verification_key->commitments.insert({ "SIGMA_2", commitments[6] }); +// circuit_verification_key->commitments.insert({ "SIGMA_3", commitments[7] }); + +// StandardVerifier verifier(circuit_verification_key); + +// // std::unique_ptr> kate_commitment_scheme = +// // std::make_unique>(); +// // verifier.commitment_scheme = std::move(kate_commitment_scheme); + +// return verifier; +// } + +// // Note: this example is adapted from a corresponding PlonK verifier test. +// static StandardProver generate_test_data(const size_t n) +// { +// // Create some constraints that satisfy our arithmetic circuit relation +// // even indices = mul gates, odd incides = add gates + +// auto crs = std::make_shared(n + 1, "../srs_db/ignition"); +// std::shared_ptr proving_key = +// std::make_shared(n, 0, crs, ComposerType::STANDARD_HONK); + +// polynomial w_l(n); +// polynomial w_r(n); +// polynomial w_o(n); +// polynomial q_l(n); +// polynomial q_r(n); +// polynomial q_o(n); +// polynomial q_c(n); +// polynomial q_m(n); + +// fr T0; +// for (size_t i = 0; i < n / 4; ++i) { +// w_l.at(2 * i) = fr::random_element(); +// w_r.at(2 * i) = fr::random_element(); +// w_o.at(2 * i) = w_l.at(2 * i) * w_r.at(2 * i); +// w_o[2 * i] = w_o[2 * i] + w_l[2 * i]; +// w_o[2 * i] = w_o[2 * i] + w_r[2 * i]; +// w_o[2 * i] = w_o[2 * i] + fr::one(); +// q_l.at(2 * i) = fr::one(); +// q_r.at(2 * i) = fr::one(); +// q_o.at(2 * i) = fr::neg_one(); +// q_c.at(2 * i) = fr::one(); +// q_m.at(2 * i) = fr::one(); + +// w_l.at(2 * i + 1) = fr::random_element(); +// w_r.at(2 * i + 1) = fr::random_element(); +// w_o.at(2 * i + 1) = fr::random_element(); + +// T0 = w_l.at(2 * i + 1) + w_r.at(2 * i + 1); +// q_c.at(2 * i + 1) = T0 + w_o.at(2 * i + 1); +// q_c.at(2 * i + 1).self_neg(); +// q_l.at(2 * i + 1) = fr::one(); +// q_r.at(2 * i + 1) = fr::one(); +// q_o.at(2 * i + 1) = fr::one(); +// q_m.at(2 * i + 1) = fr::zero(); +// } +// size_t shift = n / 2; +// polynomial_arithmetic::copy_polynomial(&w_l.at(0), &w_l.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&w_r.at(0), &w_r.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&w_o.at(0), &w_o.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&q_m.at(0), &q_m.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&q_l.at(0), &q_l.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&q_r.at(0), &q_r.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&q_o.at(0), &q_o.at(shift), shift, shift); +// polynomial_arithmetic::copy_polynomial(&q_c.at(0), &q_c.at(shift), shift, shift); + +// std::vector sigma_1_mapping; +// std::vector sigma_2_mapping; +// std::vector sigma_3_mapping; +// // create basic permutation - second half of witness vector is a copy of the first half +// sigma_1_mapping.resize(n); +// sigma_2_mapping.resize(n); +// sigma_3_mapping.resize(n); + +// for (size_t i = 0; i < n / 2; ++i) { +// sigma_1_mapping[shift + i] = (uint32_t)i; +// sigma_2_mapping[shift + i] = (uint32_t)i + (1U << 30U); +// sigma_3_mapping[shift + i] = (uint32_t)i + (1U << 31U); +// sigma_1_mapping[i] = (uint32_t)(i + shift); +// sigma_2_mapping[i] = (uint32_t)(i + shift) + (1U << 30U); +// sigma_3_mapping[i] = (uint32_t)(i + shift) + (1U << 31U); +// } +// // make last permutation the same as identity permutation +// // we are setting the permutation in the last 4 gates as identity permutation since +// // we are cutting out 4 roots as of now. +// size_t num_roots_cut_out_of_the_vanishing_polynomial = 4; +// for (uint32_t j = 0; j < num_roots_cut_out_of_the_vanishing_polynomial; ++j) { +// sigma_1_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j; +// sigma_2_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j + (1U << 30U); +// sigma_3_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j + (1U << 31U); +// sigma_1_mapping[n - 1 - j] = (uint32_t)n - 1 - j; +// sigma_2_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 30U); +// sigma_3_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 31U); +// } + +// polynomial sigma_1(proving_key->circuit_size); +// polynomial sigma_2(proving_key->circuit_size); +// polynomial sigma_3(proving_key->circuit_size); + +// // plonk::compute_permutation_lagrange_base_single(sigma_1, sigma_1_mapping, +// // proving_key->small_domain); plonk::compute_permutation_lagrange_base_single(sigma_2, +// // sigma_2_mapping, proving_key->small_domain); +// // plonk::compute_permutation_lagrange_base_single(sigma_3, sigma_3_mapping, +// // proving_key->small_domain); + +// polynomial sigma_1_lagrange_base(sigma_1, proving_key->circuit_size); +// polynomial sigma_2_lagrange_base(sigma_2, proving_key->circuit_size); +// polynomial sigma_3_lagrange_base(sigma_3, proving_key->circuit_size); + +// proving_key->polynomial_store.put("sigma_1_lagrange", std::move(sigma_1_lagrange_base)); +// proving_key->polynomial_store.put("sigma_2_lagrange", std::move(sigma_2_lagrange_base)); +// proving_key->polynomial_store.put("sigma_3_lagrange", std::move(sigma_3_lagrange_base)); + +// compute_standard_honk_id_polynomials(proving_key); +// compute_first_and_last_lagrange_polynomials(proving_key); + +// proving_key->polynomial_store.put("w_1_lagrange", std::move(w_l)); +// proving_key->polynomial_store.put("w_2_lagrange", std::move(w_r)); +// proving_key->polynomial_store.put("w_3_lagrange", std::move(w_o)); + +// proving_key->polynomial_store.put("q_1_lagrange", std::move(q_l)); +// proving_key->polynomial_store.put("q_2_lagrange", std::move(q_r)); +// proving_key->polynomial_store.put("q_3_lagrange", std::move(q_o)); +// proving_key->polynomial_store.put("q_m_lagrange", std::move(q_m)); +// proving_key->polynomial_store.put("q_c_lagrange", std::move(q_c)); + +// // TODO(#223)(Cody): This should be more generic +// std::vector witness_polynomials; +// auto prover = StandardProver(std::move(witness_polynomials), proving_key); + +// std::unique_ptr kate_commitment_key = +// std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); + +// return prover; +// } +// }; + +// using FieldTypes = testing::Types; +// TYPED_TEST_SUITE(VerifierTests, FieldTypes); + +// // This test is modeled after a corresponding test for the Plonk Verifier. As is the case there, this test relies on +// // valid proof construction which makes the scope quite large. Not really a unit test but a nice test nonetheless. +// // TODO(#223)(Luke/Cody): Make this a meaningful test (or remove altogether) +// TYPED_TEST(VerifierTests, VerifyArithmeticProofSmall) +// { +// GTEST_SKIP() << "It's good to have a standalone test, but for now we just rely on composer tests."; +// size_t n = 8; + +// StandardProver prover = TestFixture::generate_test_data(n); + +// StandardVerifier verifier = TestFixture::generate_verifier(prover.key); + +// // construct proof +// plonk::proof proof = prover.construct_proof(); + +// // verify proof +// bool result = verifier.verify_proof(proof); + +// EXPECT_EQ(result, true); +// } + +// } // namespace test_honk_verifier diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp index b8feab27d3..13575a3514 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp @@ -73,8 +73,7 @@ std::shared_ptr StandardPlonkComposerHelper::compute_proving compute_monomial_and_coset_selector_forms(circuit_proving_key.get(), standard_selector_properties()); // Compute sigma polynomials (we should update that late) - compute_standard_plonk_sigma_permutations(circuit_constructor, - circuit_proving_key.get()); + compute_standard_plonk_sigma_permutations(circuit_constructor, circuit_proving_key.get()); circuit_proving_key->recursive_proof_public_input_indices = std::vector(recursive_proof_public_input_indices.begin(), recursive_proof_public_input_indices.end()); diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp index 5877225a38..352931866c 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp @@ -49,8 +49,7 @@ std::shared_ptr TurboPlonkComposerHelper::compute_proving_ke compute_monomial_and_coset_selector_forms(circuit_proving_key.get(), turbo_selector_properties()); // Compute sigma polynomials (TODO(kesha): we should update that late) - compute_standard_plonk_sigma_permutations(circuit_constructor, - circuit_proving_key.get()); + compute_standard_plonk_sigma_permutations(circuit_constructor, circuit_proving_key.get()); circuit_proving_key->recursive_proof_public_input_indices = std::vector(recursive_proof_public_input_indices.begin(), recursive_proof_public_input_indices.end()); circuit_proving_key->contains_recursive_proof = contains_recursive_proof; diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp index ccf3d77351..5a9b9a7fc6 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp @@ -235,8 +235,7 @@ std::shared_ptr UltraPlonkComposerHelper::compute_proving_key( compute_monomial_and_coset_selector_forms(circuit_proving_key.get(), ultra_selector_properties()); - compute_plonk_generalized_sigma_permutations(circuit_constructor, - circuit_proving_key.get()); + compute_plonk_generalized_sigma_permutations(circuit_constructor, circuit_proving_key.get()); const size_t subgroup_size = circuit_proving_key->circuit_size; diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp index 8449d99ed0..0f0e6fc1e0 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp @@ -15,7 +15,7 @@ class ComposerLibTests : public ::testing::Test { Flavor::ProvingKey proving_key = []() { auto crs_factory = ReferenceStringFactory(); auto crs = crs_factory.get_prover_crs(4); - return Flavor::ProvingKey(/*circuit_size=*/4, /*num_inputs=*/0, crs, ComposerType::STANDARD); + return Flavor::ProvingKey(/*circuit_size=*/4, /*num_public_inputs=*/0, crs, ComposerType::STANDARD); }(); }; @@ -33,7 +33,7 @@ TEST_F(ComposerLibTests, InitializeProvingKey) /*num_randomized_gates=*/2, ComposerType::STANDARD); EXPECT_EQ(pk->circuit_size, 8); - EXPECT_EQ(pk->num_inputs, 0); + EXPECT_EQ(pk->num_public_inputs, 0); } TEST_F(ComposerLibTests, ConstructSelectors) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index ef70eb9a18..20ab2d4b66 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -5,12 +5,12 @@ * @details It is structured to reuse similar components in Honk and Plonk * */ - #pragma once #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/polynomials/iterate_over_domain.hpp" #include #include @@ -21,6 +21,8 @@ #include #include +// TODO(Cody): very little code is shared; should split this up into plonk/honk files. + namespace proof_system { /** @@ -48,8 +50,8 @@ struct permutation_subgroup_element { bool is_tag = false; }; -template struct PermutationMapping { - using Mapping = std::array, program_width>; +template struct PermutationMapping { + using Mapping = std::array, num_wires>; Mapping sigmas; Mapping ids; }; @@ -64,24 +66,14 @@ namespace { * * @tparam program_width Program width * */ -template -std::vector compute_wire_copy_cycles(const CircuitConstructor& circuit_constructor) +template +std::vector compute_wire_copy_cycles(const typename Flavor::CircuitConstructor& circuit_constructor) { // Reference circuit constructor members const size_t num_gates = circuit_constructor.num_gates; std::span public_inputs = circuit_constructor.public_inputs; const size_t num_public_inputs = public_inputs.size(); - // Get references to the wires containing the index of the value inside constructor.variables - // These wires only contain the "real" gate constraints, and are not padded. - std::array, program_width> wire_indices; - wire_indices[0] = circuit_constructor.w_l; - wire_indices[1] = circuit_constructor.w_r; - wire_indices[2] = circuit_constructor.w_o; - if constexpr (program_width > 3) { - wire_indices[3] = circuit_constructor.w_4; - } - // Each variable represents one cycle const size_t number_of_cycles = circuit_constructor.variables.size(); std::vector copy_cycles(number_of_cycles); @@ -110,14 +102,15 @@ std::vector compute_wire_copy_cycles(const CircuitConstructor } // Iterate over all variables of the "real" gates, and add a corresponding node to the cycle for that variable + // WORKTODO: ranged for loop for (size_t i = 0; i < num_gates; ++i) { - for (size_t j = 0; j < program_width; ++j) { + for (size_t j = 0; j < Flavor::num_wires; ++j) { // We are looking at the j-th wire in the i-th row. // The value in this position should be equal to the value of the element at index `var_index` // of the `constructor.variables` vector. // Therefore, we add (i,j) to the cycle at index `var_index` to indicate that w^j_i should have the values // constructor.variables[var_index]. - const uint32_t var_index = circuit_constructor.real_variable_index[wire_indices[j][i]]; + const uint32_t var_index = circuit_constructor.real_variable_index[circuit_constructor.wires[j][i]]; const auto wire_index = static_cast(j); const auto gate_index = static_cast(i + num_public_inputs); copy_cycles[var_index].emplace_back(cycle_node{ wire_index, gate_index }); @@ -139,28 +132,33 @@ std::vector compute_wire_copy_cycles(const CircuitConstructor * @param key Pointer to the proving key * @return PermutationMapping sigma mapping (and id mapping if generalized == true) */ -template -PermutationMapping compute_permutation_mapping(const CircuitConstructor& circuit_constructor, - plonk::proving_key* key) +template +PermutationMapping compute_permutation_mapping( + const typename Flavor::CircuitConstructor& circuit_constructor, typename Flavor::ProvingKey* proving_key) { // Compute wire copy cycles (cycles of permutations) - auto wire_copy_cycles = compute_wire_copy_cycles(circuit_constructor); + auto wire_copy_cycles = compute_wire_copy_cycles(circuit_constructor); - PermutationMapping mapping; + PermutationMapping mapping; // Initialize the table of permutations so that every element points to itself - for (size_t i = 0; i < program_width; ++i) { - mapping.sigmas[i].reserve(key->circuit_size); - if (generalized) { - mapping.ids[i].reserve(key->circuit_size); + // WORKTODO: ranged for loops depending on `generalized`? + for (size_t i = 0; i < Flavor::num_wires; ++i) { + mapping.sigmas[i].reserve(proving_key->circuit_size); + if constexpr (generalized) { + mapping.ids[i].reserve(proving_key->circuit_size); } - for (size_t j = 0; j < key->circuit_size; ++j) { - mapping.sigmas[i].emplace_back(permutation_subgroup_element{ - .row_index = (uint32_t)j, .column_index = (uint8_t)i, .is_public_input = false, .is_tag = false }); - if (generalized) { - mapping.ids[i].emplace_back(permutation_subgroup_element{ - .row_index = (uint32_t)j, .column_index = (uint8_t)i, .is_public_input = false, .is_tag = false }); + for (size_t j = 0; j < proving_key->circuit_size; ++j) { + mapping.sigmas[i].emplace_back(permutation_subgroup_element{ .row_index = static_cast(j), + .column_index = static_cast(i), + .is_public_input = false, + .is_tag = false }); + if constexpr (generalized) { + mapping.ids[i].emplace_back(permutation_subgroup_element{ .row_index = static_cast(j), + .column_index = static_cast(i), + .is_public_input = false, + .is_tag = false }); } } } @@ -187,7 +185,7 @@ PermutationMapping compute_permutation_mapping(const CircuitConst .row_index = next_row, .column_index = next_column, .is_public_input = false, .is_tag = false }; - if (generalized) { + if constexpr (generalized) { bool first_node = (node_idx == 0); bool last_node = (next_cycle_node_index == 0); @@ -231,21 +229,27 @@ PermutationMapping compute_permutation_mapping(const CircuitConst * @param permutation_mappings A table with information about permuting each element * @param key Pointer to the proving key */ -template -void compute_honk_style_permutation_lagrange_polynomials_from_mapping( - std::string label, - std::array, program_width>& permutation_mappings, - plonk::proving_key* key) +// MERGECONFLICT +// template +// void compute_honk_style_permutation_lagrange_polynomials_from_mapping( +// std::string label, +// std::array, program_width>& permutation_mappings, +// plonk::proving_key* key) +template +void compute_honk_style_sigma_lagrange_polynomials_from_mapping( + std::array, Flavor::num_wires>& sigma_mappings, + typename Flavor::ProvingKey* proving_key) { - const size_t num_gates = key->circuit_size; + const size_t num_gates = proving_key->circuit_size; - std::array permutation_poly; // sigma or ID poly + std::array permutation_poly; // sigma or ID poly - for (size_t wire_index = 0; wire_index < program_width; wire_index++) { - permutation_poly[wire_index] = barretenberg::polynomial(num_gates); - auto& current_permutation_poly = permutation_poly[wire_index]; - ITERATE_OVER_DOMAIN_START(key->small_domain) - const auto& current_mapping = permutation_mappings[wire_index][i]; + size_t wire_index = 0; + for (auto& sigma_polynomial : proving_key->get_sigma_polynomials()) { + auto new_poly = barretenberg::polynomial(num_gates); // WORKTODO + current_sigma_polynomial = new_poly; + ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); + const auto& current_mapping = sigma_mappings[wire_index][i]; if (current_mapping.is_public_input) { // We intentionally want to break the cycles of the public input variables. // During the witness generation, the left and right wire polynomials at index i contain the i-th public @@ -268,10 +272,12 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( } ITERATE_OVER_DOMAIN_END; } - // Save to polynomial cache - for (size_t j = 0; j < program_width; j++) { - std::string index = std::to_string(j + 1); - key->polynomial_store.put(label + "_" + index + "_lagrange", std::move(permutation_poly[j])); + // MERGECONFLICT + // // Save to polynomial cache + // for (size_t j = 0; j < program_width; j++) { + // std::string index = std::to_string(j + 1); + // key->polynomial_store.put(label + "_" + index + "_lagrange", std::move(permutation_poly[j])); + wire_index++; } } @@ -404,8 +410,6 @@ void compute_monomial_and_coset_fft_polynomials_from_lagrange(std::string label, } } -} // namespace - /** * @brief Compute standard honk id polynomials and put them into cache * @@ -415,19 +419,18 @@ void compute_monomial_and_coset_fft_polynomials_from_lagrange(std::string label, * @tparam program_width The number of witness polynomials * @param key Proving key where we will save the polynomials */ -template -void compute_standard_honk_id_polynomials(auto key) // proving_key* and shared_ptr +template +void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): proving_key* and shared_ptr { - const size_t n = key->circuit_size; // Fill id polynomials with default values - for (size_t j = 0; j < program_width; ++j) { - // Construct permutation polynomials in lagrange base - barretenberg::polynomial id_j(n); - for (size_t i = 0; i < key->circuit_size; ++i) { - id_j[i] = (j * n + i); + // WORKTODO: Allocate polynomial space in proving key constructor. + size_t coset_idx = 0; + for (auto& id_poly : proving_key->get_id_polynomials()) { + barretenberg::polynomial new_poly(proving_key->circuit_size); + for (size_t i = 0; i < proving_key->circuit_size; ++i) { + new_poly[i] = coset_idx * proving_key->circuit_size + i; } - std::string index = std::to_string(j + 1); - key->polynomial_store.put("id_" + index + "_lagrange", std::move(id_j)); + id_poly = new_poly; } } @@ -435,7 +438,8 @@ void compute_standard_honk_id_polynomials(auto key) // proving_key* and shared_p * @brief Compute sigma permutations for standard honk and put them into polynomial cache * * @details These permutations don't involve sets. We only care about equating one witness value to another. The - * sequences don't use cosets unlike FFT-based Plonk, because there is no need for them. We simply use indices based on + * sequences don't use cosets unlike FFT-based Plonk, because there is no need for them. We simply use indices based + on * the witness vector and index within the vector. These values are permuted to account for wire copy cycles * * @tparam program_width @@ -444,13 +448,14 @@ void compute_standard_honk_id_polynomials(auto key) // proving_key* and shared_p * @param key */ // TODO(#293): Update this (and all similar functions) to take a smart pointer. -template -void compute_standard_honk_sigma_permutations(CircuitConstructor& circuit_constructor, plonk::proving_key* key) +template +void compute_standard_honk_sigma_permutations(const typename Flavor::CircuitConstructor& circuit_constructor, + typename Flavor::ProvingKey* proving_key) { // Compute the permutation table specifying which element becomes which - auto mapping = compute_permutation_mapping(circuit_constructor, key); - // Compute Honk-style sigma polynomial fromt the permutation table - compute_honk_style_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, key); + auto mapping = compute_permutation_mapping(circuit_constructor, proving_key); + // Compute Honk-style sigma polynomial from the permutation table + compute_honk_style_permutation_lagrange_polynomials_from_mapping(mapping.sigmas, proving_key); } /** @@ -461,15 +466,16 @@ void compute_standard_honk_sigma_permutations(CircuitConstructor& circuit_constr * @param circuit_constructor An object holdingt he circuit * @param key Pointer to a proving key */ -template -void compute_standard_plonk_sigma_permutations(CircuitConstructor& circuit_constructor, plonk::proving_key* key) +template +void compute_standard_plonk_sigma_permutations(const typename Flavor::CircuitConstructor& circuit_constructor, + typename Flavor::ProvingKey* key) { // Compute the permutation table specifying which element becomes which - auto mapping = compute_permutation_mapping(circuit_constructor, key); + auto mapping = compute_permutation_mapping(circuit_constructor, key); // Compute Plonk-style sigma polynomials from the mapping compute_plonk_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, key); // Compute their monomial and coset versions - compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); + compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); } /** @@ -477,15 +483,17 @@ void compute_standard_plonk_sigma_permutations(CircuitConstructor& circuit_const * * @param key Proving key where we will save the polynomials */ -inline void compute_first_and_last_lagrange_polynomials(auto key) // proving_key* and share_ptr +inline void compute_first_and_last_lagrange_polynomials( + auto proving_key) // TODO(Cody) proving_key* and share_ptr { - const size_t n = key->circuit_size; - barretenberg::polynomial lagrange_polynomial_0(n); + const size_t n = proving_key->circuit_size; + barretenberg::polynomial lagrange_polynomial_0(n); // WORKTODO barretenberg::polynomial lagrange_polynomial_n_min_1(n); lagrange_polynomial_0[0] = 1; + proving_key->lagrange_first = lagrange_polynomial_0; + lagrange_polynomial_n_min_1[n - 1] = 1; - key->polynomial_store.put("L_first_lagrange", std::move(lagrange_polynomial_0)); - key->polynomial_store.put("L_last_lagrange", std::move(lagrange_polynomial_n_min_1)); + proving_key->lagrange_last = lagrange_polynomial_n_min_1; } /** @@ -497,20 +505,21 @@ inline void compute_first_and_last_lagrange_polynomials(auto key) // proving_key * @param key * @return std::array, program_width> */ -template -void compute_plonk_generalized_sigma_permutations(const CircuitConstructor& circuit_constructor, - plonk::proving_key* key) +template +void compute_plonk_generalized_sigma_permutations(const typename Flavor::CircuitConstructor& circuit_constructor, + typename Flavor::ProvingKey* key) { - auto mapping = compute_permutation_mapping(circuit_constructor, key); + auto mapping = compute_permutation_mapping(circuit_constructor, key); // Compute Plonk-style sigma and ID polynomials from the corresponding mappings compute_plonk_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, key); compute_plonk_permutation_lagrange_polynomials_from_mapping("id", mapping.ids, key); // Compute the monomial and coset-ffts for sigmas and IDs - compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); - compute_monomial_and_coset_fft_polynomials_from_lagrange("id", key); + compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); + compute_monomial_and_coset_fft_polynomials_from_lagrange("id", key); } +// MERGECONFLICT what is this? /** * @brief Compute generalized permutation sigmas and ids for ultra plonk * diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp new file mode 100644 index 0000000000..ea3d845d17 --- /dev/null +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -0,0 +1,83 @@ +#include +#include +#include "barretenberg/proof_system/flavor/flavor.hpp" // TODO: needed? +#include "barretenberg/proof_system/composer/composer_helper_lib.hpp" +#include "barretenberg/proof_system/composer/permutation_helper.hpp" +#include "barretenberg/proof_system/types/composer_type.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" + +namespace proof_system::test_composer_lib { + +class PermutationHelperTests : public ::testing::Test { + protected: + using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; + Flavor::CircuitConstructor circuit_constructor; + ReferenceStringFactory crs_factory = ReferenceStringFactory(); + std::shared_ptr proving_key = [&]() { + return initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); + }(); + + virtual void SetUp() + { + circuit_constructor.add_public_variable(1024); + circuit_constructor.add_public_variable(1025); + + uint32_t v_1 = circuit_constructor.add_variable(16 + 1); + uint32_t v_2 = circuit_constructor.add_variable(16 + 2); + uint32_t v_3 = circuit_constructor.add_variable(16 + 3); + uint32_t v_4 = circuit_constructor.add_variable(16 + 4); + uint32_t v_5 = circuit_constructor.add_variable(16 + 5); + uint32_t v_6 = circuit_constructor.add_variable(16 + 6); + uint32_t v_7 = circuit_constructor.add_variable(16 + 7); + uint32_t v_8 = circuit_constructor.add_variable(16 + 8); + uint32_t v_9 = circuit_constructor.add_variable(16 + 9); + uint32_t v_10 = circuit_constructor.add_variable(16 + 10); + uint32_t v_11 = circuit_constructor.add_variable(16 + 11); + uint32_t v_12 = circuit_constructor.add_variable(16 + 12); + + circuit_constructor.create_add_gate({ v_1, v_5, v_9, 0, 0, 0, 0 }); + circuit_constructor.create_add_gate({ v_2, v_6, v_10, 0, 0, 0, 0 }); + circuit_constructor.create_add_gate({ v_3, v_7, v_11, 0, 0, 0, 0 }); + circuit_constructor.create_add_gate({ v_4, v_8, v_12, 0, 0, 0, 0 }); + + /* Execution trace: + w_l w_r w_o + ------------------------------ + pub1_idx | pub1_idx | 0 <-- public inputs + pub2_idx | pub2_idx | 0 <-/ + zero_idx | zero_idx | zero_idx <-- fix witness for 0 + one_idx | zero_idx | zero_idx <-- fix witness for 1 + one_idx | one_idx | one_idx <-- ensure nonzero selectors... TODO(Cody): redundant now + v_1 | v_5 | v_9 + v_2 | v_6 | v_10 + v_3 | v_7 | v_11 + v_4 | v_8 | v_12 + + */} +}; + +TEST_F(PermutationHelperTests, ComputeWireCopyCycles) +{ + compute_wire_copy_cycles(circuit_constructor); +} + +TEST_F(PermutationHelperTests, ComputePermutationMapping) +{ + compute_permutation_mapping(circuit_constructor, proving_key.get()); +} + +TEST_F(PermutationHelperTests, ComputeHonkStyleSigmaLagrangePolynomialsFromMapping) +{ + auto mapping = compute_permutation_mapping(circuit_constructor, proving_key.get()); + compute_honk_style_sigma_lagrange_polynomials_from_mapping(mapping.sigmas, proving_key.get()); +} + +TEST_F(PermutationHelperTests, ComputeStandardAuxPolynomials) +{ + compute_standard_honk_id_polynomials(proving_key); + compute_standard_honk_sigma_permutations(circuit_constructor, proving_key.get()); + compute_first_and_last_lagrange_polynomials(proving_key); +} + +} // namespace proof_system::test_composer_lib diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 5583da4668..d83167a2ac 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -7,6 +7,7 @@ #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/polynomials/evaluation_domain.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" #include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" @@ -28,18 +29,12 @@ template class Data { typename DataType::iterator end() { return _data.end(); }; consteval size_t size() { return _data.size(); }; - - // Data(size_t initial_size) - // { - // for (auto& entity : _data) { - // entity = T(initial_size); - // }; - // } }; class Standard { public: using CircuitConstructor = proof_system::StandardCircuitConstructor; + static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; @@ -68,6 +63,8 @@ class Standard { T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; + std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; + std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; }; // TODO(Cody): Made this public derivation so that I could iterate through the selectors @@ -75,18 +72,21 @@ class Standard { class ProvingKey : public PrecomputedData { public: const size_t circuit_size; - const size_t num_inputs; + const size_t log_circuit_size = 0; // TODO(Cody) + const size_t num_public_inputs; std::shared_ptr crs; - const ComposerType type; // TODO(Cody): Get rid of this + EvaluationDomain evaluation_domain; + const ComposerType composer_type; // TODO(Cody): Get rid of this ProvingKey(const size_t circuit_size, - const size_t num_inputs, + const size_t num_public_inputs, std::shared_ptr const& crs, - ComposerType type) + ComposerType composer_type) : circuit_size(circuit_size) - , num_inputs(num_inputs) + , num_public_inputs(num_public_inputs) , crs(crs) - , type(type){}; + , evaluation_domain(circuit_size, circuit_size) + , composer_type(composer_type){}; }; using VerificationKey = PrecomputedData; @@ -161,16 +161,19 @@ namespace proof_system::plonk::flavor { struct Standard { using CircuitConstructor = proof_system::StandardCircuitConstructor; using ProvingKey = plonk::proving_key; + static constexpr size_t num_wires = CircuitConstructor::num_wires; }; struct Turbo { using CircuitConstructor = proof_system::TurboCircuitConstructor; using ProvingKey = plonk::proving_key; + static constexpr size_t num_wires = CircuitConstructor::num_wires; }; struct Ultra { using CircuitConstructor = proof_system::UltraCircuitConstructor; using ProvingKey = plonk::proving_key; + static constexpr size_t num_wires = CircuitConstructor::num_wires; }; } // namespace proof_system::plonk::flavor From 18a85ab4b1db0d5e946a20f48af2d10ee1aa0ed3 Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 11 Apr 2023 19:21:55 +0000 Subject: [PATCH 004/119] set log_circuit_size in pk --- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index d83167a2ac..a1a5de286d 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -72,7 +72,7 @@ class Standard { class ProvingKey : public PrecomputedData { public: const size_t circuit_size; - const size_t log_circuit_size = 0; // TODO(Cody) + const size_t log_circuit_size; // TODO(Cody) const size_t num_public_inputs; std::shared_ptr crs; EvaluationDomain evaluation_domain; @@ -83,6 +83,7 @@ class Standard { std::shared_ptr const& crs, ComposerType composer_type) : circuit_size(circuit_size) + , log_circuit_size(numeric::get_msb(circuit_size)) , num_public_inputs(num_public_inputs) , crs(crs) , evaluation_domain(circuit_size, circuit_size) From ebf82e829a464eaf4dc26a1abbed7d1da649097c Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 11 Apr 2023 21:25:56 +0000 Subject: [PATCH 005/119] "Everything builds" in clang! --- .../standard_honk_composer_helper.cpp | 39 ++-- .../standard_honk_composer_helper.hpp | 4 +- .../honk/composer/standard_honk_composer.hpp | 4 + .../composer/standard_honk_composer.test.cpp | 44 ++--- .../barretenberg/honk/proof_system/prover.cpp | 110 ++++++----- .../barretenberg/honk/proof_system/prover.hpp | 48 ++--- .../honk/proof_system/prover_library.cpp | 175 ++++++++++++------ .../honk/proof_system/prover_library.hpp | 35 ++-- .../honk/proof_system/prover_library.test.cpp | 62 ++++--- .../honk/proof_system/verifier.cpp | 6 +- .../honk/proof_system/work_queue.hpp | 11 +- .../proof_system/flavor/flavor.hpp | 39 ++++ 12 files changed, 332 insertions(+), 245 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 91e795e366..72a9e55b77 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -17,7 +17,7 @@ namespace proof_system::honk { * Compute proving key base. * * 1. Load crs. - * 2. Initialize this.circuit_proving_key. + * 2. Initialize this.proving_key. * 3. Create constraint selector polynomials from each of this composer's `selectors` vectors and add them to the * proving key. * @@ -28,14 +28,14 @@ namespace proof_system::honk { std::shared_ptr StandardHonkComposerHelper::compute_proving_key_base( const CircuitConstructor& constructor, const size_t minimum_circuit_size, const size_t num_randomized_gates) { - // Initialize circuit_proving_key + // Initialize proving_key // TODO(#229)(Kesha): replace composer types. - circuit_proving_key = initialize_proving_key( + proving_key = initialize_proving_key( constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::STANDARD_HONK); // Compute lagrange selectors - construct_selector_polynomials(constructor, circuit_proving_key.get()); + construct_selector_polynomials(constructor, proving_key.get()); - return circuit_proving_key; + return proving_key; } /** @@ -103,20 +103,20 @@ void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circu std::shared_ptr StandardHonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { - if (circuit_proving_key) { - return circuit_proving_key; + if (proving_key) { + return proving_key; } // Compute q_l, q_r, q_o, etc polynomials // WORKTODO(Cody): meaningless constructor here StandardHonkComposerHelper::compute_proving_key_base(circuit_constructor, ComposerType::STANDARD_HONK); // Compute sigma polynomials (we should update that late) - compute_standard_honk_sigma_permutations(circuit_constructor, circuit_proving_key.get()); - compute_standard_honk_id_polynomials(circuit_proving_key.get()); + compute_standard_honk_sigma_permutations(circuit_constructor, proving_key.get()); + compute_standard_honk_id_polynomials(proving_key.get()); - compute_first_and_last_lagrange_polynomials(circuit_proving_key.get()); + compute_first_and_last_lagrange_polynomials(proving_key.get()); - return circuit_proving_key; + return proving_key; } /** @@ -130,13 +130,13 @@ std::shared_ptr StandardHonkComposerHelper::compute_ver if (circuit_verification_key) { return circuit_verification_key; } - if (!circuit_proving_key) { + if (!proving_key) { compute_proving_key(circuit_constructor); } - circuit_verification_key = StandardHonkComposerHelper::compute_verification_key_base( - circuit_proving_key, crs_factory_->get_verifier_crs()); - circuit_verification_key->composer_type = circuit_proving_key->composer_type; + circuit_verification_key = + StandardHonkComposerHelper::compute_verification_key_base(proving_key, crs_factory_->get_verifier_crs()); + circuit_verification_key->composer_type = proving_key->composer_type; return circuit_verification_key; } @@ -159,14 +159,7 @@ StandardProver StandardHonkComposerHelper::create_prover(const CircuitConstructo compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - // size_t num_sumcheck_rounds(circuit_proving_key->log_circuit_size); - // StandardProver output_state(std::move(wire_polynomials), circuit_proving_key); - // WORKTODO - auto crs_factory = ReferenceStringFactory(); - auto crs = crs_factory.get_prover_crs(999); - auto pk_ptr = std::make_shared(12, 2, crs, ComposerType::STANDARD); - - StandardProver output_state(std::move(wire_polynomials), pk_ptr); + StandardProver output_state(std::move(wire_polynomials), proving_key); return output_state; } diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index f89847a6e3..59ac5bda68 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -24,7 +24,7 @@ class StandardHonkComposerHelper { static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; - std::shared_ptr circuit_proving_key; + std::shared_ptr proving_key; std::vector wire_polynomials; std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs @@ -44,7 +44,7 @@ class StandardHonkComposerHelper { : crs_factory_(std::move(crs_factory)) {} StandardHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) - : circuit_proving_key(std::move(p_key)) + : proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} StandardHonkComposerHelper(StandardHonkComposerHelper&& other) noexcept = default; diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index b985666f23..735905b359 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -17,6 +17,10 @@ namespace proof_system::honk { */ class StandardHonkComposer { public: + // TODO(Cody): This should go in flavor or something. + static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; + static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; + using Flavor = flavor::Standard; using CircuitConstructor = StandardCircuitConstructor; using ProvingKey = typename Flavor::ProvingKey; diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 16f2d3a7fa..d975428241 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -9,6 +9,7 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/honk/utils/public_inputs.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include @@ -376,7 +377,6 @@ TEST(StandardHonkComposer, SumcheckRelationCorrectness) { // Create a composer and a dummy circuit with a few gates StandardHonkComposer composer = StandardHonkComposer(); - static const size_t num_wires = StandardHonkComposer::num_wires; fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly uint32_t a_idx = composer.add_public_variable(a); @@ -410,8 +410,8 @@ TEST(StandardHonkComposer, SumcheckRelationCorrectness) constexpr size_t num_polynomials = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; // Compute grand product polynomial - polynomial z_perm_poly = - prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); + polynomial z_perm_poly = prover_library::compute_permutation_grand_product( + prover.key, prover.wire_polynomials, beta, gamma); // Create an array of spans to the underlying polynomials to more easily // get the transposition. @@ -419,25 +419,25 @@ TEST(StandardHonkComposer, SumcheckRelationCorrectness) // in the list below std::array, num_polynomials> evaluations_array; - using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; - evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; - evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; - evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; - evaluations_array[POLYNOMIAL::Z_PERM] = z_perm_poly; - evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_poly.shifted(); - evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); - evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); - evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); - evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); - evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); - evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); - evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); - evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); - evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); - evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); + // WORKTODO + // evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; + // evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; + // evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; + // evaluations_array[POLYNOMIAL::Z_PERM] = z_perm_poly; + // evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_poly.shifted(); + // evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); + // evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); + // evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); + // evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); + // evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); + // evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); + // evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); + // evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); + // evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); + // evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); + // evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); + // evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); + // evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); // Construct the round for applying sumcheck relations and results for storing computed results auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index d473de2c2f..ef4851774b 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -19,32 +19,27 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/honk/flavor/flavor.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/transcript/transcript_wrappers.hpp" #include #include "barretenberg/honk/pcs/claim.hpp" namespace proof_system::honk { -using Fr = barretenberg::fr; -using Commitment = barretenberg::g1::affine_element; -using Polynomial = barretenberg::Polynomial; -using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; - /** * Create Prover from proving key, witness and manifest. * * @param input_key Proving key. - * @param input_manifest Input manifest + * @param input_manifest Input manifestxo * * @tparam settings Settings class. * */ // TODO(Cody): both input types are foo& in prototype -template -Prover::Prover(std::vector&& wire_polys, - const std::shared_ptr input_key) +template +Prover::Prover(std::vector&& wire_polys, const std::shared_ptr input_key) : wire_polynomials(wire_polys) , key(input_key) - , queue(key, transcript) + , queue(input_key->circuit_size, transcript) { // Note(luke): This could be done programmatically with some hacks but this isnt too bad and its nice to see the // polys laid out explicitly. @@ -63,26 +58,28 @@ Prover::Prover(std::vector&& wire_polys, // prover_polynomials.lagrange_last = key->polynomial_store.get("L_last_lagrange"); // prover_polynomials.w_l = wire_polynomials[0]; // prover_polynomials.w_r = wire_polynomials[1]; - // prover_polynomials.w_o = wire_polynomials[2];template - prover_polynomials[POLYNOMIAL::Q_C] = key->polynomial_store.get("q_c_lagrange"); - prover_polynomials[POLYNOMIAL::Q_L] = key->polynomial_store.get("q_1_lagrange"); - prover_polynomials[POLYNOMIAL::Q_R] = key->polynomial_store.get("q_2_lagrange"); - prover_polynomials[POLYNOMIAL::Q_O] = key->polynomial_store.get("q_3_lagrange"); - prover_polynomials[POLYNOMIAL::Q_M] = key->polynomial_store.get("q_m_lagrange"); - prover_polynomials[POLYNOMIAL::SIGMA_1] = key->polynomial_store.get("sigma_1_lagrange"); - prover_polynomials[POLYNOMIAL::SIGMA_2] = key->polynomial_store.get("sigma_2_lagrange"); - prover_polynomials[POLYNOMIAL::SIGMA_3] = key->polynomial_store.get("sigma_3_lagrange"); - prover_polynomials[POLYNOMIAL::ID_1] = key->polynomial_store.get("id_1_lagrange"); - prover_polynomials[POLYNOMIAL::ID_2] = key->polynomial_store.get("id_2_lagrange"); - prover_polynomials[POLYNOMIAL::ID_3] = key->polynomial_store.get("id_3_lagrange"); - prover_polynomials[POLYNOMIAL::LAGRANGE_FIRST] = key->polynomial_store.get("L_first_lagrange"); - prover_polynomials[POLYNOMIAL::LAGRANGE_LAST] = key->polynomial_store.get("L_last_lagrange"); - prover_polynomials[POLYNOMIAL::W_L] = wire_polynomials[0]; - prover_polynomials[POLYNOMIAL::W_R] = wire_polynomials[1]; - prover_polynomials[POLYNOMIAL::W_O] = wire_polynomials[2]; + // prover_polynomials.w_o = wire_polynomials[2];template + + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_C] = key->polynomial_store.get("q_c_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_L] = key->polynomial_store.get("q_1_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_R] = key->polynomial_store.get("q_2_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_O] = key->polynomial_store.get("q_3_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_M] = key->polynomial_store.get("q_m_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::SIGMA_1] = key->polynomial_store.get("sigma_1_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::SIGMA_2] = key->polynomial_store.get("sigma_2_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::SIGMA_3] = key->polynomial_store.get("sigma_3_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::ID_1] = key->polynomial_store.get("id_1_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::ID_2] = key->polynomial_store.get("id_2_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::ID_3] = key->polynomial_store.get("id_3_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::LAGRANGE_FIRST] = + // key->polynomial_store.get("L_first_lagrange"); + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::LAGRANGE_LAST] = + // key->polynomial_store.get("L_last_lagrange"); prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_L] = + // wire_polynomials[0]; prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_R] = wire_polynomials[1]; + // prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_O] = wire_polynomials[2]; // Add public inputs to transcript from the second wire polynomial - std::span public_wires_source = prover_polynomials[POLYNOMIAL::W_R]; + std::span public_wires_source = prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_R]; for (size_t i = 0; i < key->num_public_inputs; ++i) { public_inputs.emplace_back(public_wires_source[i]); @@ -94,9 +91,10 @@ Prover::Prover(std::vector&& wire_polys, * - Add PI to transcript (I guess PI will stay in w_2 for now?) * * */ -template void Prover::compute_wire_commitments() +template void Prover::compute_wire_commitments() { - for (size_t i = 0; i < settings::Arithmetization::num_wires; ++i) { + for (size_t i = 0; i < Flavor::num_wires; ++i) { + // WORKTODO queue.add_commitment(wire_polynomials[i], "W_" + std::to_string(i + 1)); } } @@ -105,7 +103,7 @@ template void Prover::compute_wire_commitments() * - Add circuit size, public input size, and public inputs to transcript * * */ -template void Prover::execute_preamble_round() +template void Prover::execute_preamble_round() { const auto circuit_size = static_cast(key->circuit_size); const auto num_public_inputs = static_cast(key->num_public_inputs); @@ -122,7 +120,7 @@ template void Prover::execute_preamble_round() /** * - compute wire commitments * */ -template void Prover::execute_wire_commitments_round() +template void Prover::execute_wire_commitments_round() { compute_wire_commitments(); } @@ -130,7 +128,7 @@ template void Prover::execute_wire_commitments_rou /** * For Standard Honk, this is a non-op (just like for Standard/Turbo Plonk). * */ -template void Prover::execute_tables_round() +template void Prover::execute_tables_round() { // No operations are needed here for Standard Honk } @@ -139,26 +137,25 @@ template void Prover::execute_tables_round() * - Do Fiat-Shamir to get "beta" challenge (Note: gamma = beta^2) * - Compute grand product polynomial (permutation only) and commitment * */ -template void Prover::execute_grand_product_computation_round() +template void Prover::execute_grand_product_computation_round() { // Compute and store parameters required by relations in Sumcheck auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); - auto public_input_delta = compute_public_input_delta(public_inputs, beta, gamma, key->circuit_size); + auto public_input_delta = compute_public_input_delta(public_inputs, beta, gamma, key->circuit_size); - relation_parameters = sumcheck::RelationParameters{ + relation_parameters = sumcheck::RelationParameters{ .beta = beta, .gamma = gamma, .public_input_delta = public_input_delta, }; - z_permutation = - prover_library::compute_permutation_grand_product(key, wire_polynomials, beta, gamma); + z_permutation = prover_library::compute_permutation_grand_product(key, wire_polynomials, beta, gamma); queue.add_commitment(z_permutation, "Z_PERM"); - prover_polynomials[POLYNOMIAL::Z_PERM] = z_permutation; - prover_polynomials[POLYNOMIAL::Z_PERM_SHIFT] = z_permutation.shifted(); + prover_polynomials[honk::StandardHonk::MULTIVARIATE::Z_PERM] = z_permutation; + prover_polynomials[honk::StandardHonk::MULTIVARIATE::Z_PERM_SHIFT] = z_permutation.shifted(); } /** @@ -166,10 +163,10 @@ template void Prover::execute_grand_product_comput * - Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all * evaluations at u being calculated. * */ -template void Prover::execute_relation_check_rounds() +template void Prover::execute_relation_check_rounds() { - using Sumcheck = sumcheck::Sumcheck, + using Sumcheck = sumcheck::Sumcheck, sumcheck::ArithmeticRelation, sumcheck::GrandProductComputationRelation, sumcheck::GrandProductInitializationRelation>; @@ -184,14 +181,14 @@ template void Prover::execute_relation_check_round * - Compute d+1 Fold polynomials and their evaluations. * * */ -template void Prover::execute_univariatization_round() +template void Prover::execute_univariatization_round() { const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; const size_t NUM_UNSHIFTED_POLYS = proof_system::honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS; // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ - Fr rho = transcript.get_challenge("rho"); - std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); + FF rho = transcript.get_challenge("rho"); + std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ Polynomial batched_poly_unshifted(key->circuit_size); // batched unshifted polynomials @@ -199,7 +196,8 @@ template void Prover::execute_univariatization_rou batched_poly_unshifted.add_scaled(prover_polynomials[i], rhos[i]); } Polynomial batched_poly_to_be_shifted(key->circuit_size); // batched to-be-shifted polynomials - batched_poly_to_be_shifted.add_scaled(prover_polynomials[POLYNOMIAL::Z_PERM], rhos[NUM_UNSHIFTED_POLYS]); + batched_poly_to_be_shifted.add_scaled(prover_polynomials[honk::StandardHonk::MULTIVARIATE::Z_PERM], + rhos[NUM_UNSHIFTED_POLYS]); // Compute d-1 polynomials Fold^(i), i = 1, ..., d-1. fold_polynomials = Gemini::compute_fold_polynomials( @@ -217,9 +215,9 @@ template void Prover::execute_univariatization_rou * - Compute and aggregate opening pairs (challenge, evaluation) for each of d Fold polynomials. * - Add d-many Fold evaluations a_i, i = 0, ..., d-1 to the transcript, excluding eval of Fold_{r}^(0) * */ -template void Prover::execute_pcs_evaluation_round() +template void Prover::execute_pcs_evaluation_round() { - const Fr r_challenge = transcript.get_challenge("Gemini:r"); + const FF r_challenge = transcript.get_challenge("Gemini:r"); gemini_output = Gemini::compute_fold_polynomial_evaluations( sumcheck_output.challenge_point, std::move(fold_polynomials), r_challenge); @@ -235,7 +233,7 @@ template void Prover::execute_pcs_evaluation_round * - Do Fiat-Shamir to get "nu" challenge. * - Compute commitment [Q]_1 * */ -template void Prover::execute_shplonk_batched_quotient_round() +template void Prover::execute_shplonk_batched_quotient_round() { nu_challenge = transcript.get_challenge("Shplonk:nu"); @@ -250,9 +248,9 @@ template void Prover::execute_shplonk_batched_quot * - Do Fiat-Shamir to get "z" challenge. * - Compute polynomial Q(X) - Q_z(X) * */ -template void Prover::execute_shplonk_partial_evaluation_round() +template void Prover::execute_shplonk_partial_evaluation_round() { - const Fr z_challenge = transcript.get_challenge("Shplonk:z"); + const FF z_challenge = transcript.get_challenge("Shplonk:z"); shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient( gemini_output.opening_pairs, gemini_output.witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); } @@ -261,19 +259,19 @@ template void Prover::execute_shplonk_partial_eval * - Compute KZG quotient commitment [W]_1. * * */ -template void Prover::execute_kzg_round() +template void Prover::execute_kzg_round() { quotient_W = KZG::compute_opening_proof_polynomial(shplonk_output.opening_pair, shplonk_output.witness); queue.add_commitment(quotient_W, "KZG:W"); } -template plonk::proof& Prover::export_proof() +template plonk::proof& Prover::export_proof() { proof.proof_data = transcript.proof_data; return proof; } -template plonk::proof& Prover::construct_proof() +template plonk::proof& Prover::construct_proof() { // Add circuit size and public input size to transcript. execute_preamble_round(); @@ -323,6 +321,6 @@ template plonk::proof& Prover::construct_proof() return export_proof(); } -template class Prover; +template class Prover; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 2a0e4de314..97269516bc 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -25,16 +25,19 @@ #include "barretenberg/honk/pcs/claim.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/proof_system/work_queue.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk { -using Fr = barretenberg::fr; -using Polynomial = Polynomial; +template class Prover { -template class Prover { + using FF = typename Flavor::FF; + using PCSParams = typename Flavor::PCSParams; + using ProvingKey = typename Flavor::ProvingKey; + using Polynomial = typename Flavor::Polynomial; public: - Prover(std::vector&& wire_polys, std::shared_ptr input_key = nullptr); + Prover(std::vector&& wire_polys, std::shared_ptr input_key = nullptr); void execute_preamble_round(); void execute_wire_commitments_round(); @@ -54,47 +57,44 @@ template class Prover { plonk::proof& export_proof(); plonk::proof& construct_proof(); - ProverTranscript transcript; + ProverTranscript transcript; - std::vector public_inputs; + std::vector public_inputs; - sumcheck::RelationParameters relation_parameters; + sumcheck::RelationParameters relation_parameters; - std::vector wire_polynomials; - barretenberg::polynomial z_permutation; + std::vector wire_polynomials; + Polynomial z_permutation; - std::shared_ptr key; + std::shared_ptr key; // Container for spans of all polynomials required by the prover (i.e. all multivariates evaluated by Sumcheck). - std::array, honk::StandardArithmetization::POLYNOMIAL::COUNT> prover_polynomials; + std::array, Flavor::NUM_ALL_ENTITIES> prover_polynomials; // WORKTODO: to be replaced // Container for d + 1 Fold polynomials produced by Gemini std::vector fold_polynomials; Polynomial batched_quotient_Q; // batched quotient poly computed by Shplonk - Fr nu_challenge; // needed in both Shplonk rounds + FF nu_challenge; // needed in both Shplonk rounds Polynomial quotient_W; - work_queue queue; + work_queue queue; - // This makes 'settings' accesible from Prover - using settings_ = settings; + sumcheck::SumcheckOutput sumcheck_output; + pcs::gemini::ProverOutput gemini_output; + pcs::shplonk::ProverOutput shplonk_output; - sumcheck::SumcheckOutput sumcheck_output; - pcs::gemini::ProverOutput gemini_output; - pcs::shplonk::ProverOutput shplonk_output; - - using Gemini = pcs::gemini::MultilinearReductionScheme; - using Shplonk = pcs::shplonk::SingleBatchOpeningScheme; - using KZG = pcs::kzg::UnivariateOpeningScheme; + using Gemini = pcs::gemini::MultilinearReductionScheme; + using Shplonk = pcs::shplonk::SingleBatchOpeningScheme; + using KZG = pcs::kzg::UnivariateOpeningScheme; private: plonk::proof proof; }; -extern template class Prover; +extern template class Prover; -using StandardProver = Prover; +using StandardProver = Prover; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 753bee2b92..41ea3c726e 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -1,17 +1,18 @@ #include "prover_library.hpp" #include "barretenberg/plonk/proof_system/types/prover_settings.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include #include namespace proof_system::honk::prover_library { -using Fr = barretenberg::fr; -using Polynomial = barretenberg::Polynomial; +using FF = barretenberg::fr; +using Polynomial = barretenberg::Polynomial; /** * @brief Compute the permutation grand product polynomial Z_perm(X) * * - * @detail (This description assumes program_width 3). Z_perm may be defined in terms of its values + * @detail (This description assumes Flavor::num_wires 3). Z_perm may be defined in terms of its values * on X_i = 0,1,...,n-1 as Z_perm[0] = 1 and for i = 1:n-1 * * (w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ) @@ -25,8 +26,8 @@ using Polynomial = barretenberg::Polynomial; * Z_perm[i] = ∏ -------------------------- * B_1(j) ⋅ B_2(j) ⋅ B_3(j) * - * Step 1) Compute the 2*program_width length-n polynomials A_i and B_i - * Step 2) Compute the 2*program_width length-n polynomials ∏ A_i(j) and ∏ B_i(j) + * Step 1) Compute the 2*Flavor::num_wires length-n polynomials A_i and B_i + * Step 2) Compute the 2*Flavor::num_wires length-n polynomials ∏ A_i(j) and ∏ B_i(j) * Step 3) Compute the two length-n polynomials defined by * numer[i] = ∏ A_1(j)⋅A_2(j)⋅A_3(j), and denom[i] = ∏ B_1(j)⋅B_2(j)⋅B_3(j) * Step 4) Compute Z_perm[i+1] = numer[i]/denom[i] (recall: Z_perm[0] = 1) @@ -35,45 +36,49 @@ using Polynomial = barretenberg::Polynomial; * one batch inversion (at the expense of more multiplications) */ // TODO(#222)(luke): Parallelize -template -Polynomial compute_permutation_grand_product(std::shared_ptr& key, - std::vector& wire_polynomials, - Fr beta, - Fr gamma) +template +typename Flavor::Polynomial compute_permutation_grand_product( + std::shared_ptr& key, + std::vector& wire_polynomials, + typename Flavor::FF beta, + typename Flavor::FF gamma) { using barretenberg::polynomial_arithmetic::copy_polynomial; + using Polynomial = typename Flavor::Polynomial; // TODO(luke): instantiate z_perm here then make the 0th accum a span of it? avoid extra memory. // Allocate accumulator polynomials that will serve as scratch space - std::array numerator_accumulator; - std::array denominator_accumulator; - for (size_t i = 0; i < program_width; ++i) { + std::array numerator_accumulator; + std::array denominator_accumulator; + for (size_t i = 0; i < Flavor::num_wires; ++i) { numerator_accumulator[i] = Polynomial{ key->circuit_size }; denominator_accumulator[i] = Polynomial{ key->circuit_size }; } // Populate wire and permutation polynomials - std::array, program_width> wires; - std::array, program_width> sigmas; - std::array, program_width> ids; - for (size_t i = 0; i < program_width; ++i) { + std::array, Flavor::num_wires> wires; + std::array, Flavor::num_wires> sigmas; + std::array, Flavor::num_wires> ids; + for (size_t i = 0; i < Flavor::num_wires; ++i) { + std::string sigma_id = "sigma_" + std::to_string(i + 1) + "_lagrange"; wires[i] = wire_polynomials[i]; - sigmas[i] = key->polynomial_store.get("sigma_" + std::to_string(i + 1) + "_lagrange"); - ids[i] = key->polynomial_store.get("id_" + std::to_string(i + 1) + "_lagrange"); + // WORKTODO + // sigmas[i] = key->polynomial_store.get(sigma_id); + // ids[i] = key->polynomial_store.get("id_" + std::to_string(i + 1) + "_lagrange"); } // Step (1) // TODO(#222)(kesha): Change the order to engage automatic prefetching and get rid of redundant computation for (size_t i = 0; i < key->circuit_size; ++i) { - for (size_t k = 0; k < program_width; ++k) { + for (size_t k = 0; k < Flavor::num_wires; ++k) { numerator_accumulator[k][i] = wires[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ denominator_accumulator[k][i] = wires[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ } } // Step (2) - for (size_t k = 0; k < program_width; ++k) { + for (size_t k = 0; k < Flavor::num_wires; ++k) { for (size_t i = 0; i < key->circuit_size - 1; ++i) { numerator_accumulator[k][i + 1] *= numerator_accumulator[k][i]; denominator_accumulator[k][i + 1] *= denominator_accumulator[k][i]; @@ -82,7 +87,7 @@ Polynomial compute_permutation_grand_product(std::shared_ptr // Step (3) for (size_t i = 0; i < key->circuit_size; ++i) { - for (size_t k = 1; k < program_width; ++k) { + for (size_t k = 1; k < Flavor::num_wires; ++k) { numerator_accumulator[0][i] *= numerator_accumulator[k][i]; denominator_accumulator[0][i] *= denominator_accumulator[k][i]; } @@ -93,8 +98,8 @@ Polynomial compute_permutation_grand_product(std::shared_ptr // denominator_accumulator[0][i]. At the end of this computation, the quotient numerator_accumulator[0] / // denominator_accumulator[0] is stored in numerator_accumulator[0]. // Note: Since numerator_accumulator[0][i] corresponds to z_lookup[i+1], we only iterate up to i = (n - 2). - Fr* inversion_coefficients = &denominator_accumulator[1][0]; // arbitrary scratch space - Fr inversion_accumulator = Fr::one(); + FF* inversion_coefficients = &denominator_accumulator[1][0]; // arbitrary scratch space + FF inversion_accumulator = FF::one(); for (size_t i = 0; i < key->circuit_size - 1; ++i) { inversion_coefficients[i] = numerator_accumulator[0][i] * inversion_accumulator; inversion_accumulator *= denominator_accumulator[0][i]; @@ -181,15 +186,17 @@ Polynomial compute_permutation_grand_product(std::shared_ptr * @param gamma * @return Polynomial */ -Polynomial compute_lookup_grand_product(std::shared_ptr& key, - std::vector& wire_polynomials, - Polynomial& sorted_list_accumulator, - Fr eta, - Fr beta, - Fr gamma) +template +typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr& key, + std::vector& wire_polynomials, + typename Flavor::Polynomial& sorted_list_accumulator, + typename Flavor::FF eta, + typename Flavor::FF beta, + typename Flavor::FF gamma) + { - const Fr eta_sqr = eta.sqr(); - const Fr eta_cube = eta_sqr * eta; + const FF eta_sqr = eta.sqr(); + const FF eta_cube = eta_sqr * eta; const size_t circuit_size = key->circuit_size; @@ -203,37 +210,49 @@ Polynomial compute_lookup_grand_product(std::shared_ptr& key } // Obtain column step size values that have been stored in repurposed selctors - std::span column_1_step_size = key->polynomial_store.get("q_2_lagrange"); - std::span column_2_step_size = key->polynomial_store.get("q_m_lagrange"); - std::span column_3_step_size = key->polynomial_store.get("q_c_lagrange"); + std::span column_1_step_size; + std::span column_2_step_size; + std::span column_3_step_size; + // WORKTODO + // std::span column_1_step_size = key->polynomial_store.get("q_2_lagrange"); + // std::span column_2_step_size = key->polynomial_store.get("q_m_lagrange"); + // std::span column_3_step_size = key->polynomial_store.get("q_c_lagrange"); // Utilize three wires; this is not tied to program width - std::array, 3> wires; + std::array, 3> wires; for (size_t i = 0; i < 3; ++i) { wires[i] = wire_polynomials[i]; } // Note: the number of table polys is related to program width but '4' is the only value supported - std::array, 4> tables{ - key->polynomial_store.get("table_value_1_lagrange"), - key->polynomial_store.get("table_value_2_lagrange"), - key->polynomial_store.get("table_value_3_lagrange"), - key->polynomial_store.get("table_value_4_lagrange"), + std::vector temp_vector; + std::span temp_span{ temp_vector }; + std::array, 4> tables{ + temp_span, temp_span, temp_span, temp_span + // WORKDTODO + // key->polynomial_store.get("table_value_1_lagrange"), + // key->polynomial_store.get("table_value_2_lagrange"), + // key->polynomial_store.get("table_value_3_lagrange"), + // key->polynomial_store.get("table_value_4_lagrange"), }; - std::span lookup_selector = key->polynomial_store.get("table_type_lagrange"); - std::span lookup_index_selector = key->polynomial_store.get("q_3_lagrange"); + std::span lookup_selector{ temp_vector }; + std::span lookup_index_selector{ temp_vector }; + + // WORKTODO + // std::span lookup_selector = key->polynomial_store.get("table_type_lagrange"); + // std::span lookup_index_selector = key->polynomial_store.get("q_3_lagrange"); - const Fr beta_plus_one = beta + Fr(1); // (1 + β) - const Fr gamma_times_beta_plus_one = gamma * beta_plus_one; // γ(1 + β) + const FF beta_plus_one = beta + FF(1); // (1 + β) + const FF gamma_times_beta_plus_one = gamma * beta_plus_one; // γ(1 + β) // Step (1) - Fr T0; // intermediate value for various calculations below + FF T0; // intermediate value for various calculations below // Note: block_mask is used for efficient modulus, i.e. i % N := i & (N-1), for N = 2^k const size_t block_mask = circuit_size - 1; // Initialize 't(X)' to be used in an expression of the form t(X) + β*t(Xω) - Fr next_table = tables[0][0] + tables[1][0] * eta + tables[2][0] * eta_sqr + tables[3][0] * eta_cube; + FF next_table = tables[0][0] + tables[1][0] * eta + tables[2][0] * eta_sqr + tables[3][0] * eta_cube; for (size_t i = 0; i < circuit_size; ++i) { @@ -290,7 +309,7 @@ Polynomial compute_lookup_grand_product(std::shared_ptr& key // Step (3) // Compute * ∏_{j& key Polynomial z_lookup(key->circuit_size); // Initialize 0th coefficient to 0 to ensure z_perm is left-shiftable via division by X in gemini - z_lookup[0] = Fr::zero(); + z_lookup[0] = FF::zero(); barretenberg::polynomial_arithmetic::copy_polynomial( accumulators[0].data(), &z_lookup[1], key->circuit_size - 1, key->circuit_size - 1); @@ -327,20 +346,22 @@ Polynomial compute_lookup_grand_product(std::shared_ptr& key * @param eta random challenge * @return Polynomial */ -Polynomial compute_sorted_list_accumulator(std::shared_ptr& key, - std::vector& sorted_list_polynomials, - Fr eta) +template +typename Flavor::Polynomial compute_sorted_list_accumulator( + std::shared_ptr& key, + std::vector& sorted_list_polynomials, + typename Flavor::FF eta) { const size_t circuit_size = key->circuit_size; barretenberg::polynomial sorted_list_accumulator(sorted_list_polynomials[0]); - std::span s_2 = sorted_list_polynomials[1]; - std::span s_3 = sorted_list_polynomials[2]; - std::span s_4 = sorted_list_polynomials[3]; + std::span s_2 = sorted_list_polynomials[1]; + std::span s_3 = sorted_list_polynomials[2]; + std::span s_4 = sorted_list_polynomials[3]; // Construct s via Horner, i.e. s = s_1 + η(s_2 + η(s_3 + η*s_4)) for (size_t i = 0; i < circuit_size; ++i) { - Fr T0 = s_4[i]; + FF T0 = s_4[i]; T0 *= eta; T0 += s_3[i]; T0 *= eta; @@ -352,9 +373,41 @@ Polynomial compute_sorted_list_accumulator(std::shared_ptr& return sorted_list_accumulator; } -template Polynomial compute_permutation_grand_product( - std::shared_ptr&, std::vector&, Fr, Fr); -template Polynomial compute_permutation_grand_product( - std::shared_ptr&, std::vector&, Fr, Fr); - +template honk::flavor::Standard::Polynomial compute_permutation_grand_product( + std::shared_ptr&, + std::vector&, + honk::flavor::Standard::FF, + honk::flavor::Standard::FF); + +template honk::flavor::Ultra::Polynomial compute_permutation_grand_product( + std::shared_ptr&, + std::vector&, + honk::flavor::Ultra::FF, + honk::flavor::Ultra::FF); + +template typename honk::flavor::Standard::Polynomial compute_lookup_grand_product( + std::shared_ptr& key, + std::vector& wire_polynomials, + typename honk::flavor::Standard::Polynomial& sorted_list_accumulator, + typename honk::flavor::Standard::FF eta, + typename honk::flavor::Standard::FF beta, + typename honk::flavor::Standard::FF gamma); + +template typename honk::flavor::Ultra::Polynomial compute_lookup_grand_product( + std::shared_ptr& key, + std::vector& wire_polynomials, + typename honk::flavor::Ultra::Polynomial& sorted_list_accumulator, + typename honk::flavor::Ultra::FF eta, + typename honk::flavor::Ultra::FF beta, + typename honk::flavor::Ultra::FF gamma); + +template typename honk::flavor::Standard::Polynomial compute_sorted_list_accumulator( + std::shared_ptr& key, + std::vector& sorted_list_polynomials, + typename honk::flavor::Standard::FF eta); + +template typename honk::flavor::Ultra::Polynomial compute_sorted_list_accumulator( + std::shared_ptr& key, + std::vector& sorted_list_polynomials, + typename honk::flavor::Ultra::FF eta); } // namespace proof_system::honk::prover_library diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.hpp b/cpp/src/barretenberg/honk/proof_system/prover_library.hpp index c88a089f85..57968c6c2a 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.hpp @@ -7,24 +7,25 @@ namespace proof_system::honk::prover_library { -using Fr = barretenberg::fr; -using Polynomial = barretenberg::Polynomial; +template +typename Flavor::Polynomial compute_permutation_grand_product( + std::shared_ptr& key, + std::vector& wire_polynomials, + typename Flavor::FF beta, + typename Flavor::FF gamma); -template -Polynomial compute_permutation_grand_product(std::shared_ptr& key, - std::vector& wire_polynomials, - Fr beta, - Fr gamma); +template +typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr& key, + std::vector& wire_polynomials, + typename Flavor::Polynomial& sorted_list_accumulator, + typename Flavor::FF eta, + typename Flavor::FF beta, + typename Flavor::FF gamma); -Polynomial compute_lookup_grand_product(std::shared_ptr& key, - std::vector& wire_polynomials, - Polynomial& sorted_list_accumulator, - Fr eta, - Fr beta, - Fr gamma); - -Polynomial compute_sorted_list_accumulator(std::shared_ptr& key, - std::vector& sorted_list_polynomials, - Fr eta); +template +typename Flavor::Polynomial compute_sorted_list_accumulator( + std::shared_ptr& key, + std::vector& sorted_list_polynomials, + typename Flavor::FF eta); } // namespace proof_system::honk::prover_library diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index f62380ebc9..2718c21d4a 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -1,4 +1,5 @@ #include "barretenberg/plonk/proof_system/types/prover_settings.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "prover.hpp" #include "prover_library.hpp" #include "barretenberg/polynomials/polynomial.hpp" @@ -41,7 +42,7 @@ template class ProverLibraryTests : public testing::Test { * @note This test does confirm the correctness of z_permutation, only that the two implementations yield an * identical result. */ - template static void test_permutation_grand_product_construction() + template static void test_permutation_grand_product_construction() { // Define some mock inputs for proving key constructor static const size_t num_gates = 8; @@ -49,7 +50,7 @@ template class ProverLibraryTests : public testing::Test { auto reference_string = std::make_shared(num_gates + 1, "../srs_db/ignition"); // Instatiate a proving_key and make a pointer to it. This will be used to instantiate a Prover. - auto proving_key = std::make_shared( + auto proving_key = std::make_shared( num_gates, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); // static const size_t program_width = StandardProver::settings_::program_width; @@ -60,16 +61,16 @@ template class ProverLibraryTests : public testing::Test { std::vector wires; std::vector sigmas; std::vector ids; - for (size_t i = 0; i < program_width; ++i) { + for (size_t i = 0; i < Flavor::num_wires; ++i) { wires.emplace_back(get_random_polynomial(num_gates)); sigmas.emplace_back(get_random_polynomial(num_gates)); ids.emplace_back(get_random_polynomial(num_gates)); // Add sigma/ID polys to proving_key; to be used by the prover in constructing it's own z_perm - std::string sigma_label = "sigma_" + std::to_string(i + 1) + "_lagrange"; - proving_key->polynomial_store.put(sigma_label, Polynomial{ sigmas[i] }); - std::string id_label = "id_" + std::to_string(i + 1) + "_lagrange"; - proving_key->polynomial_store.put(id_label, Polynomial{ ids[i] }); + // std::string sigma_label = "sigma_" + std::to_string(i + 1) + "_lagrange"; + // proving_key->polynomial_store.put(sigma_label, Polynomial{ sigmas[i] }); // WORKTODO + // std::string id_label = "id_" + std::to_string(i + 1) + "_lagrange"; + // proving_key->polynomial_store.put(id_label, Polynomial{ ids[i] }); // WORKTODO } // Get random challenges @@ -78,13 +79,13 @@ template class ProverLibraryTests : public testing::Test { // Method 1: Compute z_perm using 'compute_grand_product_polynomial' as the prover would in practice Polynomial z_permutation = - prover_library::compute_permutation_grand_product(proving_key, wires, beta, gamma); + prover_library::compute_permutation_grand_product(proving_key, wires, beta, gamma); // Method 2: Compute z_perm locally using the simplest non-optimized syntax possible. The comment below, // which describes the computation in 4 steps, is adapted from a similar comment in // compute_grand_product_polynomial. /* - * Assume program_width 3. Z_perm may be defined in terms of its values + * Assume Flavor::num_wires 3. Z_perm may be defined in terms of its values * on X_i = 0,1,...,n-1 as Z_perm[0] = 0 and for i = 1:n-1 * * (w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ) @@ -98,27 +99,27 @@ template class ProverLibraryTests : public testing::Test { * Z_perm[i] = ∏ -------------------------- * B_1(j) ⋅ B_2(j) ⋅ B_3(j) * - * Step 1) Compute the 2*program_width length-n polynomials A_i and B_i - * Step 2) Compute the 2*program_width length-n polynomials ∏ A_i(j) and ∏ B_i(j) + * Step 1) Compute the 2*Flavor::num_wires length-n polynomials A_i and B_i + * Step 2) Compute the 2*Flavor::num_wires length-n polynomials ∏ A_i(j) and ∏ B_i(j) * Step 3) Compute the two length-n polynomials defined by * numer[i] = ∏ A_1(j)⋅A_2(j)⋅A_3(j), and denom[i] = ∏ B_1(j)⋅B_2(j)⋅B_3(j) * Step 4) Compute Z_perm[i+1] = numer[i]/denom[i] (recall: Z_perm[0] = 1) */ // Make scratch space for the numerator and denominator accumulators. - std::array, program_width> numererator_accum; - std::array, program_width> denominator_accum; + std::array, Flavor::num_wires> numererator_accum; + std::array, Flavor::num_wires> denominator_accum; // Step (1) for (size_t i = 0; i < proving_key->circuit_size; ++i) { - for (size_t k = 0; k < program_width; ++k) { + for (size_t k = 0; k < Flavor::num_wires; ++k) { numererator_accum[k][i] = wires[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ denominator_accum[k][i] = wires[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ } } // Step (2) - for (size_t k = 0; k < program_width; ++k) { + for (size_t k = 0; k < Flavor::num_wires; ++k) { for (size_t i = 0; i < proving_key->circuit_size - 1; ++i) { numererator_accum[k][i + 1] *= numererator_accum[k][i]; denominator_accum[k][i + 1] *= denominator_accum[k][i]; @@ -127,7 +128,7 @@ template class ProverLibraryTests : public testing::Test { // Step (3) for (size_t i = 0; i < proving_key->circuit_size; ++i) { - for (size_t k = 1; k < program_width; ++k) { + for (size_t k = 1; k < Flavor::num_wires; ++k) { numererator_accum[0][i] *= numererator_accum[k][i]; denominator_accum[0][i] *= denominator_accum[k][i]; } @@ -161,7 +162,9 @@ template class ProverLibraryTests : public testing::Test { auto reference_string = std::make_shared(circuit_size + 1, "../srs_db/ignition"); // Instatiate a proving_key and make a pointer to it. This will be used to instantiate a Prover. - auto proving_key = std::make_shared( + // WORKTODO + using Flavor = honk::flavor::Standard; + auto proving_key = std::make_shared( circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); // Construct mock wire and permutation polynomials. @@ -175,7 +178,7 @@ template class ProverLibraryTests : public testing::Test { for (size_t i = 0; i < 4; ++i) { tables.emplace_back(get_random_polynomial(circuit_size)); std::string label = "table_value_" + std::to_string(i + 1) + "_lagrange"; - proving_key->polynomial_store.put(label, Polynomial{ tables[i] }); + // proving_key->polynomial_store.put(label, Polynomial{ tables[i] }); // WORKTODO } auto s_lagrange = get_random_polynomial(circuit_size); @@ -185,12 +188,12 @@ template class ProverLibraryTests : public testing::Test { auto lookup_index_selector = get_random_polynomial(circuit_size); auto lookup_selector = get_random_polynomial(circuit_size); - proving_key->polynomial_store.put("s_lagrange", Polynomial{ s_lagrange }); - proving_key->polynomial_store.put("q_2_lagrange", Polynomial{ column_1_step_size }); - proving_key->polynomial_store.put("q_m_lagrange", Polynomial{ column_2_step_size }); - proving_key->polynomial_store.put("q_c_lagrange", Polynomial{ column_3_step_size }); - proving_key->polynomial_store.put("q_3_lagrange", Polynomial{ lookup_index_selector }); - proving_key->polynomial_store.put("table_type_lagrange", Polynomial{ lookup_selector }); + // proving_key->polynomial_store.put("s_lagrange", Polynomial{ s_lagrange }); // WORKTODO + // proving_key->polynomial_store.put("q_2_lagrange", Polynomial{ column_1_step_size }); // WORKTODO + // proving_key->polynomial_store.put("q_m_lagrange", Polynomial{ column_2_step_size }); // WORKTODO + // proving_key->polynomial_store.put("q_c_lagrange", Polynomial{ column_3_step_size }); // WORKTODO + // proving_key->polynomial_store.put("q_3_lagrange", Polynomial{ lookup_index_selector }); // WORKTODO + // proving_key->polynomial_store.put("table_type_lagrange", Polynomial{ lookup_selector }); // WORKTODO // Get random challenges auto beta = FF::random_element(); @@ -199,7 +202,7 @@ template class ProverLibraryTests : public testing::Test { // Method 1: Compute z_lookup using the prover library method Polynomial z_lookup = - prover_library::compute_lookup_grand_product(proving_key, wires, s_lagrange, eta, beta, gamma); + prover_library::compute_lookup_grand_product(proving_key, wires, s_lagrange, eta, beta, gamma); // Method 2: Compute the lookup grand product polynomial Z_lookup: // @@ -288,7 +291,8 @@ template class ProverLibraryTests : public testing::Test { static const size_t circuit_size = 8; static const size_t num_public_inputs = 0; auto reference_string = std::make_shared(circuit_size + 1, "../srs_db/ignition"); - auto proving_key = std::make_shared( + using Flavor = honk::flavor::Standard; // WORKTODO + auto proving_key = std::make_shared( circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); // Get random challenge eta @@ -302,7 +306,7 @@ template class ProverLibraryTests : public testing::Test { // Method 1: computed sorted list accumulator polynomial using prover library method Polynomial sorted_list_accumulator = - prover_library::compute_sorted_list_accumulator(proving_key, sorted_list_polynomials, eta); + prover_library::compute_sorted_list_accumulator(proving_key, sorted_list_polynomials, eta); // Method 2: Compute local sorted list accumulator simply and inefficiently const FF eta_sqr = eta.sqr(); @@ -325,8 +329,8 @@ TYPED_TEST_SUITE(ProverLibraryTests, FieldTypes); TYPED_TEST(ProverLibraryTests, PermutationGrandProduct) { - TestFixture::template test_permutation_grand_product_construction(); - TestFixture::template test_permutation_grand_product_construction(); + TestFixture::template test_permutation_grand_product_construction(); + TestFixture::template test_permutation_grand_product_construction(); } TYPED_TEST(ProverLibraryTests, LookupGrandProduct) diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index b26f10fa47..6235082721 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -153,11 +153,11 @@ template bool Verifier::verify_pro auto batched_commitment_to_be_shifted = Commitment::zero(); // Compute powers of batching challenge rho - Fr rho = transcript.get_challenge("rho"); - std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); + FF rho = transcript.get_challenge("rho"); + std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Compute batched multivariate evaluation - Fr batched_evaluation = Fr::zero(); + FF batched_evaluation = FF::zero(); for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { batched_evaluation += multivariate_evaluations[i] * rhos[i]; } diff --git a/cpp/src/barretenberg/honk/proof_system/work_queue.hpp b/cpp/src/barretenberg/honk/proof_system/work_queue.hpp index c666053adc..7d175b5067 100644 --- a/cpp/src/barretenberg/honk/proof_system/work_queue.hpp +++ b/cpp/src/barretenberg/honk/proof_system/work_queue.hpp @@ -1,7 +1,6 @@ #pragma once #include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include #include @@ -30,19 +29,15 @@ template class work_queue { }; private: - std::shared_ptr proving_key; // TODO(luke): Consider handling all transcript interactions in the prover rather than embedding them in the queue. proof_system::honk::ProverTranscript& transcript; CommitmentKey commitment_key; std::vector work_item_queue; public: - explicit work_queue(std::shared_ptr& proving_key, - proof_system::honk::ProverTranscript& prover_transcript) - : proving_key(proving_key) - , transcript(prover_transcript) - , commitment_key(proving_key->circuit_size, - "../srs_db/ignition"){}; // TODO(luke): make this properly parameterized + explicit work_queue(size_t circuit_size, proof_system::honk::ProverTranscript& prover_transcript) + : transcript(prover_transcript) + , commitment_key(circuit_size, "../srs_db/ignition"){}; // TODO(luke): make this properly parameterized work_queue(const work_queue& other) = default; work_queue(work_queue&& other) noexcept = default; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a1a5de286d..9d9d7b33d1 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -4,6 +4,7 @@ #include #include #include +#include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" @@ -31,6 +32,43 @@ template class Data { consteval size_t size() { return _data.size(); }; }; +class Ultra { + public: + using CircuitConstructor = proof_system::UltraCircuitConstructor; + static constexpr size_t num_wires = CircuitConstructor::num_wires; + // static constexpr size_t NUM_ALL_ENTITIES = 18; + // static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialView = std::span; + using G1 = barretenberg::g1; + using Commitment = G1; + using CommitmentView = G1; // TODO(Cody): make a pointer? + using PCSParams = pcs::kzg::Params; + + class ProvingKey { + public: + const size_t circuit_size; + const size_t log_circuit_size; // TODO(Cody) + const size_t num_public_inputs; + std::shared_ptr crs; + EvaluationDomain evaluation_domain; + const ComposerType composer_type; // TODO(Cody): Get rid of this + + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + : circuit_size(circuit_size) + , log_circuit_size(numeric::get_msb(circuit_size)) + , num_public_inputs(num_public_inputs) + , crs(crs) + , evaluation_domain(circuit_size, circuit_size) + , composer_type(composer_type){}; + }; +}; + class Standard { public: using CircuitConstructor = proof_system::StandardCircuitConstructor; @@ -44,6 +82,7 @@ class Standard { using G1 = barretenberg::g1; using Commitment = G1; using CommitmentView = G1; // TODO(Cody): make a pointer? + using PCSParams = pcs::kzg::Params; // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. template class PrecomputedData : public Data { From c8d75c70ae927f0f4f8d6dc16fb7ac9db07e4319 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 15 Apr 2023 03:28:28 +0000 Subject: [PATCH 006/119] "It builds" again after rebase --- .../ultra_honk_composer_helper.cpp | 101 +- .../ultra_honk_composer_helper.hpp | 14 +- .../honk/composer/ultra_honk_composer.hpp | 2 +- .../composer/ultra_honk_composer.test.cpp | 2075 +++++++++-------- .../honk/proof_system/ultra_prover.cpp | 10 +- .../honk/proof_system/ultra_prover.hpp | 21 +- .../relations/relation_correctness.test.cpp | 13 +- .../composer/permutation_helper.hpp | 45 +- .../composer/permutation_helper.test.cpp | 3 +- .../proof_system/flavor/flavor.hpp | 105 +- 10 files changed, 1244 insertions(+), 1145 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 1ef6fdcba0..4f675eb7c7 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -4,6 +4,7 @@ #include "barretenberg/plonk/proof_system/types/prover_settings.hpp" // #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/permutation_helper.hpp" #include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp" @@ -20,8 +21,7 @@ namespace proof_system::honk { * TODO(luke): The wire polynomials are returned directly whereas the sorted list polys are added to the proving * key. This should be made consistent once Cody's Flavor work is settled. */ -template -void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) +void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) { if (computed_witness) { return; @@ -40,8 +40,8 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstru const size_t subgroup_size = circuit_constructor.get_circuit_subgroup_size(total_num_gates + NUM_RESERVED_GATES); // Pad the wires (pointers to `witness_indices` of the `variables` vector). - // Note: the remaining NUM_RESERVED_GATES indices are padded with zeros within `compute_witness_base` (called - // next). + // Note: the remaining NUM_RESERVED_GATES indices are padded with zeros within `construct_wire_polynomials_base` + // (called next). for (size_t i = filled_gates; i < total_num_gates; ++i) { circuit_constructor.w_l.emplace_back(circuit_constructor.zero_idx); circuit_constructor.w_r.emplace_back(circuit_constructor.zero_idx); @@ -49,12 +49,13 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstru circuit_constructor.w_4.emplace_back(circuit_constructor.zero_idx); } - // TODO(#340)(luke): within compute_witness_base, the 3rd argument is used in the calculation of the dyadic circuit - // size (subgroup_size). Here (and in other split composers) we're passing in NUM_RANDOMIZED_GATES, but elsewhere, - // e.g. directly above, we use NUM_RESERVED_GATES in a similar role. Therefore, these two constants must be equal - // for everything to be consistent. What we should do is compute the dyadic circuit size once and for all then pass - // that around rather than computing in multiple places. - wire_polynomials = compute_witness_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES); + // TODO(#340)(luke): within construct_wire_polynomials_base, the 3rd argument is used in the calculation of the + // dyadic circuit size (subgroup_size). Here (and in other split composers) we're passing in NUM_RANDOMIZED_GATES, + // but elsewhere, e.g. directly above, we use NUM_RESERVED_GATES in a similar role. Therefore, these two constants + // must be equal for everything to be consistent. What we should do is compute the dyadic circuit size once and for + // all then pass that around rather than computing in multiple places. + wire_polynomials = + construct_wire_polynomials_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES); polynomial s_1(subgroup_size); polynomial s_2(subgroup_size); @@ -130,18 +131,18 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstru ++count; } - // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need - // to see what becomes of the proving key before making a decision here. - circuit_proving_key->polynomial_store.put("s_1_lagrange", std::move(s_1)); - circuit_proving_key->polynomial_store.put("s_2_lagrange", std::move(s_2)); - circuit_proving_key->polynomial_store.put("s_3_lagrange", std::move(s_3)); - circuit_proving_key->polynomial_store.put("s_4_lagrange", std::move(s_4)); + // WORK TODO + // // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need + // // to see what becomes of the proving key before making a decision here. + // circuit_proving_key->polynomial_store.put("s_1_lagrange", std::move(s_1)); + // circuit_proving_key->polynomial_store.put("s_2_lagrange", std::move(s_2)); + // circuit_proving_key->polynomial_store.put("s_3_lagrange", std::move(s_3)); + // circuit_proving_key->polynomial_store.put("s_4_lagrange", std::move(s_4)); computed_witness = true; } -template -UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) +UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_constructor) { finalize_circuit(circuit_constructor); @@ -160,8 +161,7 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitCo // * @return The verifier. // * */ // // TODO(Cody): This should go away altogether. -// template -// plonk::UltraVerifier UltraHonkComposerHelper::create_verifier( +// plonk::UltraVerifier UltraHonkComposerHelper::create_verifier( // const CircuitConstructor& circuit_constructor) // { // auto verification_key = compute_verification_key(circuit_constructor); @@ -177,8 +177,7 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitCo // return output_state; // } -template -std::shared_ptr UltraHonkComposerHelper::compute_proving_key( +std::shared_ptr UltraHonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { if (circuit_proving_key) { @@ -196,17 +195,16 @@ std::shared_ptr UltraHonkComposerHelper: const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key // TODO(#229)(Kesha): replace composer types. - circuit_proving_key = initialize_proving_key( + circuit_proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::PLOOKUP); - construct_lagrange_selector_forms(circuit_constructor, circuit_proving_key.get()); + construct_selector_polynomials(circuit_constructor, circuit_proving_key.get()); // TODO(#217)(luke): Naively enforcing non-zero selectors for Honk will result in some relations not being // satisfied. // enforce_nonzero_polynomial_selectors(circuit_constructor, circuit_proving_key.get()); - compute_honk_generalized_sigma_permutations(circuit_constructor, - circuit_proving_key.get()); + compute_honk_generalized_sigma_permutations(circuit_constructor, circuit_proving_key.get()); compute_first_and_last_lagrange_polynomials(circuit_proving_key.get()); @@ -280,26 +278,30 @@ std::shared_ptr UltraHonkComposerHelper: poly_q_table_column_3[subgroup_size - 1] = ++unique_last_value; poly_q_table_column_4[subgroup_size - 1] = ++unique_last_value; - circuit_proving_key->polynomial_store.put("table_value_1_lagrange", std::move(poly_q_table_column_1)); - circuit_proving_key->polynomial_store.put("table_value_2_lagrange", std::move(poly_q_table_column_2)); - circuit_proving_key->polynomial_store.put("table_value_3_lagrange", std::move(poly_q_table_column_3)); - circuit_proving_key->polynomial_store.put("table_value_4_lagrange", std::move(poly_q_table_column_4)); - - // Copy memory read/write record data into proving key. Prover needs to know which gates contain a read/write - // 'record' witness on the 4th wire. This wire value can only be fully computed once the first 3 wire polynomials - // have been committed to. The 4th wire on these gates will be a random linear combination of the first 3 wires, - // using the plookup challenge `eta` - std::copy(circuit_constructor.memory_read_records.begin(), - circuit_constructor.memory_read_records.end(), - std::back_inserter(circuit_proving_key->memory_read_records)); - std::copy(circuit_constructor.memory_write_records.begin(), - circuit_constructor.memory_write_records.end(), - std::back_inserter(circuit_proving_key->memory_write_records)); - - circuit_proving_key->recursive_proof_public_input_indices = - std::vector(recursive_proof_public_input_indices.begin(), recursive_proof_public_input_indices.end()); - - circuit_proving_key->contains_recursive_proof = contains_recursive_proof; + // WORKTODO + // circuit_proving_key->polynomial_store.put("table_value_1_lagrange", std::move(poly_q_table_column_1)); + // circuit_proving_key->polynomial_store.put("table_value_2_lagrange", std::move(poly_q_table_column_2)); + // circuit_proving_key->polynomial_store.put("table_value_3_lagrange", std::move(poly_q_table_column_3)); + // circuit_proving_key->polynomial_store.put("table_value_4_lagrange", std::move(poly_q_table_column_4)); + + // WORKTODO + // // Copy memory read/write record data into proving key. Prover needs to know which gates contain a read/write + // // 'record' witness on the 4th wire. This wire value can only be fully computed once the first 3 wire polynomials + // // have been committed to. The 4th wire on these gates will be a random linear combination of the first 3 wires, + // // using the plookup challenge `eta` + // std::copy(circuit_constructor.memory_read_records.begin(), + // circuit_constructor.memory_read_records.end(), + // std::back_inserter(circuit_proving_key->memory_read_records)); + // std::copy(circuit_constructor.memory_write_records.begin(), + // circuit_constructor.memory_write_records.end(), + // std::back_inserter(circuit_proving_key->memory_write_records)); + + // WORKTODO + // circuit_proving_key->recursive_proof_public_input_indices = + // std::vector(recursive_proof_public_input_indices.begin(), + // recursive_proof_public_input_indices.end()); + + // circuit_proving_key->contains_recursive_proof = contains_recursive_proof; return circuit_proving_key; } @@ -309,8 +311,7 @@ std::shared_ptr UltraHonkComposerHelper: // * // * @return Pointer to created circuit verification key. // * */ -// template -// std::shared_ptr UltraHonkComposerHelper::compute_verification_key( +// std::shared_ptr UltraHonkComposerHelper::compute_verification_key( // const CircuitConstructor& circuit_constructor) // { // if (circuit_verification_key) { @@ -335,8 +336,7 @@ std::shared_ptr UltraHonkComposerHelper: // return circuit_verification_key; // } -// template -// void UltraHonkComposerHelper::add_table_column_selector_poly_to_proving_key( +// void UltraHonkComposerHelper::add_table_column_selector_poly_to_proving_key( // polynomial& selector_poly_lagrange_form, const std::string& tag) // { // polynomial selector_poly_lagrange_form_copy(selector_poly_lagrange_form, circuit_proving_key->small_domain.size); @@ -352,5 +352,4 @@ std::shared_ptr UltraHonkComposerHelper: // circuit_proving_key->polynomial_store.put(tag + "_fft", std::move(selector_poly_coset_form)); // } -template class UltraHonkComposerHelper; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index de309735e6..14bcc7f904 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -15,17 +15,21 @@ namespace proof_system::honk { // TODO(Kesha): change initializations to specify this parameter // Cody: What does this mean? -template class UltraHonkComposerHelper { +class UltraHonkComposerHelper { public: + using Flavor = flavor::Ultra; + using CircuitConstructor = Flavor::CircuitConstructor; + using ProvingKey = Flavor::ProvingKey; // WORKTODO: undo this changed; not needed + // TODO(#340)(luke): In the split composers, NUM_RANDOMIZED_GATES has replaced NUM_RESERVED_GATES (in some places) // to determine the next-power-of-2 circuit size. (There are some places in this composer that still use // NUM_RESERVED_GATES). Therefore for consistency within this composer itself, and consistency with the original // Ultra Composer, this value must match that of NUM_RESERVED_GATES. This issue needs to be reconciled // simultaneously here and in the other split composers. static constexpr size_t NUM_RANDOMIZED_GATES = 4; // equal to the number of multilinear evaluations leaked - static constexpr size_t program_width = CircuitConstructor::program_width; + static constexpr size_t num_wires = CircuitConstructor::num_wires; std::vector wire_polynomials; - std::shared_ptr circuit_proving_key; + std::shared_ptr circuit_proving_key; std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all @@ -45,7 +49,7 @@ template class UltraHonkComposerHelper { : crs_factory_(std::move(crs_factory)) {} - UltraHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) + UltraHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) : circuit_proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} @@ -58,7 +62,7 @@ template class UltraHonkComposerHelper { void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; - std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); + std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); // std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); void compute_witness(CircuitConstructor& circuit_constructor); diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index 5fa40b4626..6efd77899c 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -16,7 +16,7 @@ class UltraHonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials - UltraHonkComposerHelper composer_helper; + UltraHonkComposerHelper composer_helper; size_t& num_gates; UltraHonkComposer() diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 0c8f1baefc..b7a33947d2 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,1036 +1,1039 @@ -#include "ultra_honk_composer.hpp" -#include "barretenberg/common/log.hpp" -#include "barretenberg/honk/proof_system/ultra_prover.hpp" -#include "barretenberg/honk/sumcheck/relations/relation.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" -#include -#include -#include "barretenberg/honk/proof_system/prover.hpp" -#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" -#include "barretenberg/honk/utils/public_inputs.hpp" - -// TODO(luke): TEMPORARY; for testing only (comparison with Ultra Plonk composers) -#include "barretenberg/plonk/composer/ultra_composer.hpp" -#include "barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp" -#include "barretenberg/plonk/proof_system/prover/prover.hpp" - -#include -#include - -using namespace proof_system::honk; - -namespace test_ultra_honk_composer { - -std::vector add_variables(auto& composer, std::vector variables) -{ - std::vector res; - for (size_t i = 0; i < variables.size(); i++) { - res.emplace_back(composer.add_variable(variables[i])); - } - return res; -} - -/** - * @brief TEMPORARY method for checking consistency of polynomials computed by Ultra Plonk/Honk composers - * - * @param honk_prover - * @param plonk_prover - */ -// NOTE: Currently checking exact consistency for witness polynomials (wires, sorted lists) and table polys. -// The permutation polys are computed differently between plonk and honk so we do not expect consistency. -// Equality is checked on all selectors but we ignore the final entry since we do not enforce non-zero selectors in -// Honk. -void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) -{ - auto& honk_store = honk_prover.key->polynomial_store; - auto& plonk_store = plonk_prover.key->polynomial_store; - - // Check that all selectors agree (aside from the final element which will differ due to not enforcing non-zero - // selectors in Honk). - for (auto& entry : honk_store) { - std::string key = entry.first; - bool is_selector = (key.find("q_") != std::string::npos) || (key.find("table_type") != std::string::npos); - if (plonk_store.contains(key) && is_selector) { - // check equality for all but final entry - for (size_t i = 0; i < honk_store.get(key).size() - 1; ++i) { - ASSERT_EQ(honk_store.get(key)[i], plonk_store.get(key)[i]); - } - } - } - - // Check that sorted witness-table and table polys agree - for (auto& entry : honk_store) { - std::string key = entry.first; - bool is_sorted_table = (key.find("s_") != std::string::npos); - bool is_table = (key.find("table_value_") != std::string::npos); - if (plonk_store.contains(key) && (is_sorted_table || is_table)) { - ASSERT_EQ(honk_store.get(key), plonk_store.get(key)); - } - } - - // Check that all wires agree - // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. - for (size_t i = 0; i < 4; ++i) { - std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; - ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); - } -} - -/** - * @brief TEMPORARY (verbose) method for checking consistency of polynomials computed by Ultra Plonk/Honk composers - * - * @param honk_prover - * @param plonk_prover - */ -void check_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) -{ - auto& honk_store = honk_prover.key->polynomial_store; - auto& plonk_store = plonk_prover.key->polynomial_store; - for (auto& entry : honk_store) { - std::string key = entry.first; - if (plonk_store.contains(key)) { - - bool polys_equal = (honk_store.get(key) == plonk_store.get(key)); - if (polys_equal) { - info("Equal: ", key); - } - if (!polys_equal) { - info("UNEQUAL: ", key); - } - } - } - - for (size_t i = 0; i < 4; ++i) { - std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; - bool wire_equal = (honk_prover.wire_polynomials[i] == plonk_prover.key->polynomial_store.get(label)); - if (wire_equal) { - info("Wire Equal: ", i); - } - if (!wire_equal) { - info("Wire UNEQUAL: ", i); - } - } - - // std::string label = "w_1_lagrange"; - // for (size_t i = 0; i < plonk_store.get(label).size(); ++i) { - // auto val_honk = honk_prover.wire_polynomials[0][i]; - // // auto val_honk = honk_store.get(label)[i]; - // auto val_plonk = plonk_store.get(label)[i]; - // if (val_honk != val_plonk) { - // info("UNEQUAL index = ", i); - // info("honk: ",val_honk); - // info("plonk: ", val_plonk); - // } - // } -} - -TEST(UltraHonkComposer, create_gates_from_plookup_accumulators) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - barretenberg::fr input_value = fr::random_element(); - { - - const fr input_hi = uint256_t(input_value).slice(126, 256); - const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = honk_composer.add_variable(input_hi); - const auto input_lo_index = honk_composer.add_variable(input_lo); - - const auto sequence_data_hi = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); - const auto sequence_data_lo = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - - const auto lookup_witnesses_hi = honk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = honk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); - } - { - const fr input_hi = uint256_t(input_value).slice(126, 256); - const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = plonk_composer.add_variable(input_hi); - const auto input_lo_index = plonk_composer.add_variable(input_lo); - - const auto sequence_data_hi = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); - const auto sequence_data_lo = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - - const auto lookup_witnesses_hi = plonk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = plonk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -/** - * @brief Build UltraHonkComposer - * - */ -TEST(UltraHonkComposer, test_no_lookup_proof) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - size_t MM = 4; - for (size_t i = 0; i < MM; ++i) { - for (size_t j = 0; j < MM; ++j) { - uint64_t left = static_cast(j); - uint64_t right = static_cast(i); - uint32_t left_idx = honk_composer.add_variable(fr(left)); - uint32_t right_idx = honk_composer.add_variable(fr(right)); - uint32_t result_idx = honk_composer.add_variable(fr(left ^ right)); - - uint32_t add_idx = - honk_composer.add_variable(fr(left) + fr(right) + honk_composer.get_variable(result_idx)); - honk_composer.create_big_add_gate( - { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); - } - } - - for (size_t i = 0; i < MM; ++i) { - for (size_t j = 0; j < MM; ++j) { - uint64_t left = static_cast(j); - uint64_t right = static_cast(i); - uint32_t left_idx = plonk_composer.add_variable(fr(left)); - uint32_t right_idx = plonk_composer.add_variable(fr(right)); - uint32_t result_idx = plonk_composer.add_variable(fr(left ^ right)); - - uint32_t add_idx = - plonk_composer.add_variable(fr(left) + fr(right) + plonk_composer.get_variable(result_idx)); - plonk_composer.create_big_add_gate( - { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); - } - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, test_elliptic_gate) -{ - typedef grumpkin::g1::affine_element affine_element; - typedef grumpkin::g1::element element; - - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; - affine_element p3(element(p1) + element(p2)); - - uint32_t x1 = honk_composer.add_variable(p1.x); - uint32_t y1 = honk_composer.add_variable(p1.y); - uint32_t x2 = honk_composer.add_variable(p2.x); - uint32_t y2 = honk_composer.add_variable(p2.y); - uint32_t x3 = honk_composer.add_variable(p3.x); - uint32_t y3 = honk_composer.add_variable(p3.y); - - ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - honk_composer.create_ecc_add_gate(gate); - - grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); - affine_element p2_endo = p2; - p2_endo.x *= beta; - p3 = affine_element(element(p1) + element(p2_endo)); - x3 = honk_composer.add_variable(p3.x); - y3 = honk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - honk_composer.create_ecc_add_gate(gate); - - p2_endo.x *= beta; - p3 = affine_element(element(p1) - element(p2_endo)); - x3 = honk_composer.add_variable(p3.x); - y3 = honk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - honk_composer.create_ecc_add_gate(gate); - } - { - affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; - affine_element p3(element(p1) + element(p2)); - - uint32_t x1 = plonk_composer.add_variable(p1.x); - uint32_t y1 = plonk_composer.add_variable(p1.y); - uint32_t x2 = plonk_composer.add_variable(p2.x); - uint32_t y2 = plonk_composer.add_variable(p2.y); - uint32_t x3 = plonk_composer.add_variable(p3.x); - uint32_t y3 = plonk_composer.add_variable(p3.y); - - ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - plonk_composer.create_ecc_add_gate(gate); - - grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); - affine_element p2_endo = p2; - p2_endo.x *= beta; - p3 = affine_element(element(p1) + element(p2_endo)); - x3 = plonk_composer.add_variable(p3.x); - y3 = plonk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - plonk_composer.create_ecc_add_gate(gate); - - p2_endo.x *= beta; - p3 = affine_element(element(p1) - element(p2_endo)); - x3 = plonk_composer.add_variable(p3.x); - y3 = plonk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - plonk_composer.create_ecc_add_gate(gate); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, non_trivial_tag_permutation) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fr a = fr::random_element(); - { - fr b = -a; - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(b); - auto c_idx = honk_composer.add_variable(b); - auto d_idx = honk_composer.add_variable(a); - - honk_composer.create_add_gate( - { a_idx, b_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - honk_composer.create_add_gate( - { c_idx, d_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - - honk_composer.create_tag(1, 2); - honk_composer.create_tag(2, 1); - - honk_composer.assign_tag(a_idx, 1); - honk_composer.assign_tag(b_idx, 1); - honk_composer.assign_tag(c_idx, 2); - honk_composer.assign_tag(d_idx, 2); - } - { - fr b = -a; - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(b); - auto c_idx = plonk_composer.add_variable(b); - auto d_idx = plonk_composer.add_variable(a); - - plonk_composer.create_add_gate( - { a_idx, b_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - plonk_composer.create_add_gate( - { c_idx, d_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - - plonk_composer.create_tag(1, 2); - plonk_composer.create_tag(2, 1); - - plonk_composer.assign_tag(a_idx, 1); - plonk_composer.assign_tag(b_idx, 1); - plonk_composer.assign_tag(c_idx, 2); - plonk_composer.assign_tag(d_idx, 2); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, non_trivial_tag_permutation_and_cycles) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fr a = fr::random_element(); - { - fr c = -a; - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(a); - honk_composer.assert_equal(a_idx, b_idx); - auto c_idx = honk_composer.add_variable(c); - auto d_idx = honk_composer.add_variable(c); - honk_composer.assert_equal(c_idx, d_idx); - auto e_idx = honk_composer.add_variable(a); - auto f_idx = honk_composer.add_variable(a); - honk_composer.assert_equal(e_idx, f_idx); - auto g_idx = honk_composer.add_variable(c); - auto h_idx = honk_composer.add_variable(c); - honk_composer.assert_equal(g_idx, h_idx); - - honk_composer.create_tag(1, 2); - honk_composer.create_tag(2, 1); - - honk_composer.assign_tag(a_idx, 1); - honk_composer.assign_tag(c_idx, 1); - honk_composer.assign_tag(e_idx, 2); - honk_composer.assign_tag(g_idx, 2); - - honk_composer.create_add_gate( - { b_idx, a_idx, honk_composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - honk_composer.create_add_gate( - { c_idx, g_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - honk_composer.create_add_gate( - { e_idx, f_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - } - { - fr c = -a; - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(a); - plonk_composer.assert_equal(a_idx, b_idx); - auto c_idx = plonk_composer.add_variable(c); - auto d_idx = plonk_composer.add_variable(c); - plonk_composer.assert_equal(c_idx, d_idx); - auto e_idx = plonk_composer.add_variable(a); - auto f_idx = plonk_composer.add_variable(a); - plonk_composer.assert_equal(e_idx, f_idx); - auto g_idx = plonk_composer.add_variable(c); - auto h_idx = plonk_composer.add_variable(c); - plonk_composer.assert_equal(g_idx, h_idx); - - plonk_composer.create_tag(1, 2); - plonk_composer.create_tag(2, 1); - - plonk_composer.assign_tag(a_idx, 1); - plonk_composer.assign_tag(c_idx, 1); - plonk_composer.assign_tag(e_idx, 2); - plonk_composer.assign_tag(g_idx, 2); - - plonk_composer.create_add_gate( - { b_idx, a_idx, plonk_composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - plonk_composer.create_add_gate( - { c_idx, g_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - plonk_composer.create_add_gate( - { e_idx, f_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, bad_tag_permutation) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fr a = fr::random_element(); - { - fr b = -a; - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(b); - auto c_idx = honk_composer.add_variable(b); - auto d_idx = honk_composer.add_variable(a + 1); - - honk_composer.create_add_gate({ a_idx, b_idx, honk_composer.get_zero_idx(), 1, 1, 0, 0 }); - honk_composer.create_add_gate({ c_idx, d_idx, honk_composer.get_zero_idx(), 1, 1, 0, -1 }); - - honk_composer.create_tag(1, 2); - honk_composer.create_tag(2, 1); - - honk_composer.assign_tag(a_idx, 1); - honk_composer.assign_tag(b_idx, 1); - honk_composer.assign_tag(c_idx, 2); - honk_composer.assign_tag(d_idx, 2); - } - { - fr b = -a; - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(b); - auto c_idx = plonk_composer.add_variable(b); - auto d_idx = plonk_composer.add_variable(a + 1); - - plonk_composer.create_add_gate({ a_idx, b_idx, plonk_composer.zero_idx, 1, 1, 0, 0 }); - plonk_composer.create_add_gate({ c_idx, d_idx, plonk_composer.zero_idx, 1, 1, 0, -1 }); - - plonk_composer.create_tag(1, 2); - plonk_composer.create_tag(2, 1); - - plonk_composer.assign_tag(a_idx, 1); - plonk_composer.assign_tag(b_idx, 1); - plonk_composer.assign_tag(c_idx, 2); - plonk_composer.assign_tag(d_idx, 2); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, sort_widget) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - fr a = fr::one(); - fr b = fr(2); - fr c = fr(3); - fr d = fr(4); - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(b); - auto c_idx = honk_composer.add_variable(c); - auto d_idx = honk_composer.add_variable(d); - honk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - } - { - fr a = fr::one(); - fr b = fr(2); - fr c = fr(3); - fr d = fr(4); - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(b); - auto c_idx = plonk_composer.add_variable(c); - auto d_idx = plonk_composer.add_variable(d); - plonk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, sort_with_edges_gate) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto idx = add_variables(honk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - - honk_composer.create_sort_constraint_with_edges(idx, 1, 29); - } - { - auto idx = add_variables(plonk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - - plonk_composer.create_sort_constraint_with_edges(idx, 1, 29); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, range_constraint) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto indices = - add_variables(honk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); - for (size_t i = 0; i < indices.size(); i++) { - honk_composer.create_new_range_constraint(indices[i], 79); - } - honk_composer.create_dummy_constraints(indices); - } - { - auto indices = - add_variables(plonk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); - for (size_t i = 0; i < indices.size(); i++) { - plonk_composer.create_new_range_constraint(indices[i], 79); - } - plonk_composer.create_dummy_constraints(indices); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, range_with_gates) -{ - - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - honk_composer.create_new_range_constraint(idx[i], 8); - } - - honk_composer.create_add_gate( - { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - honk_composer.create_add_gate( - { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - honk_composer.create_add_gate( - { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - honk_composer.create_add_gate( - { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - } - { - auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - plonk_composer.create_new_range_constraint(idx[i], 8); - } - - plonk_composer.create_add_gate( - { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - plonk_composer.create_add_gate( - { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - plonk_composer.create_add_gate( - { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - plonk_composer.create_add_gate( - { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, range_with_gates_where_range_is_not_a_power_of_two) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - honk_composer.create_new_range_constraint(idx[i], 12); - } - - honk_composer.create_add_gate( - { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - honk_composer.create_add_gate( - { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - honk_composer.create_add_gate( - { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - honk_composer.create_add_gate( - { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - } - { - auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - plonk_composer.create_new_range_constraint(idx[i], 12); - } - - plonk_composer.create_add_gate( - { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - plonk_composer.create_add_gate( - { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - plonk_composer.create_add_gate( - { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - plonk_composer.create_add_gate( - { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, sort_widget_complex) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; - std::vector ind; - for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(honk_composer.add_variable(a[i])); - honk_composer.create_sort_constraint(ind); - } - { - std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; - std::vector ind; - for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(plonk_composer.add_variable(a[i])); - plonk_composer.create_sort_constraint(ind); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, composed_range_constraint) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - auto c = fr::random_element(); - { - auto d = uint256_t(c).slice(0, 133); - auto e = fr(d); - auto a_idx = honk_composer.add_variable(fr(e)); - honk_composer.create_add_gate( - { a_idx, honk_composer.get_zero_idx(), honk_composer.get_zero_idx(), 1, 0, 0, -fr(e) }); - honk_composer.decompose_into_default_range(a_idx, 134); - } - { - auto d = uint256_t(c).slice(0, 133); - auto e = fr(d); - auto a_idx = plonk_composer.add_variable(fr(e)); - plonk_composer.create_add_gate({ a_idx, plonk_composer.zero_idx, plonk_composer.zero_idx, 1, 0, 0, -fr(e) }); - plonk_composer.decompose_into_default_range(a_idx, 134); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, non_native_field_multiplication) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fq a = fq::random_element(); - fq b = fq::random_element(); - { - uint256_t modulus = fq::modulus; - - uint1024_t a_big = uint512_t(uint256_t(a)); - uint1024_t b_big = uint512_t(uint256_t(b)); - uint1024_t p_big = uint512_t(uint256_t(modulus)); - - uint1024_t q_big = (a_big * b_big) / p_big; - uint1024_t r_big = (a_big * b_big) % p_big; - - uint256_t q(q_big.lo.lo); - uint256_t r(r_big.lo.lo); - - const auto split_into_limbs = [&](const uint512_t& input) { - constexpr size_t NUM_BITS = 68; - std::array limbs; - limbs[0] = input.slice(0, NUM_BITS).lo; - limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; - limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; - limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; - limbs[4] = fr(input.lo); - return limbs; - }; - - const auto get_limb_witness_indices = [&](const std::array& limbs) { - std::array limb_indices; - limb_indices[0] = honk_composer.add_variable(limbs[0]); - limb_indices[1] = honk_composer.add_variable(limbs[1]); - limb_indices[2] = honk_composer.add_variable(limbs[2]); - limb_indices[3] = honk_composer.add_variable(limbs[3]); - limb_indices[4] = honk_composer.add_variable(limbs[4]); - return limb_indices; - }; - const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); - auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); - - const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); - const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); - const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); - const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); - - proof_system::non_native_field_witnesses inputs{ - a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), - }; - const auto [lo_1_idx, hi_1_idx] = honk_composer.evaluate_non_native_field_multiplication(inputs); - honk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - } - { - uint256_t modulus = fq::modulus; - - uint1024_t a_big = uint512_t(uint256_t(a)); - uint1024_t b_big = uint512_t(uint256_t(b)); - uint1024_t p_big = uint512_t(uint256_t(modulus)); - - uint1024_t q_big = (a_big * b_big) / p_big; - uint1024_t r_big = (a_big * b_big) % p_big; - - uint256_t q(q_big.lo.lo); - uint256_t r(r_big.lo.lo); - - const auto split_into_limbs = [&](const uint512_t& input) { - constexpr size_t NUM_BITS = 68; - std::array limbs; - limbs[0] = input.slice(0, NUM_BITS).lo; - limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; - limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; - limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; - limbs[4] = fr(input.lo); - return limbs; - }; - - const auto get_limb_witness_indices = [&](const std::array& limbs) { - std::array limb_indices; - limb_indices[0] = plonk_composer.add_variable(limbs[0]); - limb_indices[1] = plonk_composer.add_variable(limbs[1]); - limb_indices[2] = plonk_composer.add_variable(limbs[2]); - limb_indices[3] = plonk_composer.add_variable(limbs[3]); - limb_indices[4] = plonk_composer.add_variable(limbs[4]); - return limb_indices; - }; - const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); - auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); - - const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); - const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); - const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); - const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); - - proof_system::plonk::UltraComposer::non_native_field_witnesses inputs{ - a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), - }; - const auto [lo_1_idx, hi_1_idx] = plonk_composer.evaluate_non_native_field_multiplication(inputs); - plonk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, rom) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - auto a = fr::random_element(); - auto b = fr::random_element(); - auto c = fr::random_element(); - auto d = fr::random_element(); - auto e = fr::random_element(); - auto f = fr::random_element(); - auto g = fr::random_element(); - auto h = fr::random_element(); - { - uint32_t rom_values[8]{ - honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), - honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), - honk_composer.add_variable(g), honk_composer.add_variable(h), - }; - - size_t rom_id = honk_composer.create_ROM_array(8); - - for (size_t i = 0; i < 8; ++i) { - honk_composer.set_ROM_element(rom_id, i, rom_values[i]); - } - - uint32_t a_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(5)); - EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(4)); - uint32_t c_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(1)); - - const auto d_value = - honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + honk_composer.get_variable(c_idx); - uint32_t d_idx = honk_composer.add_variable(d_value); - - honk_composer.create_big_add_gate({ - a_idx, - b_idx, - c_idx, - d_idx, - 1, - 1, - 1, - -1, - 0, - }); - } - { - uint32_t rom_values[8]{ - plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), - plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), - plonk_composer.add_variable(g), plonk_composer.add_variable(h), - }; - - size_t rom_id = plonk_composer.create_ROM_array(8); - - for (size_t i = 0; i < 8; ++i) { - plonk_composer.set_ROM_element(rom_id, i, rom_values[i]); - } - - uint32_t a_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(5)); - EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(4)); - uint32_t c_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(1)); - - const auto d_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + - plonk_composer.get_variable(c_idx); - uint32_t d_idx = plonk_composer.add_variable(d_value); - - plonk_composer.create_big_add_gate({ - a_idx, - b_idx, - c_idx, - d_idx, - 1, - 1, - 1, - -1, - 0, - }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - check_consistency(honk_prover, plonk_prover); - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, ram) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - auto a = fr::random_element(); - auto b = fr::random_element(); - auto c = fr::random_element(); - auto d = fr::random_element(); - auto e = fr::random_element(); - auto f = fr::random_element(); - auto g = fr::random_element(); - auto h = fr::random_element(); - { - uint32_t ram_values[8]{ - honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), - honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), - honk_composer.add_variable(g), honk_composer.add_variable(h), - }; - - size_t ram_id = honk_composer.create_RAM_array(8); - - for (size_t i = 0; i < 8; ++i) { - honk_composer.init_RAM_element(ram_id, i, ram_values[i]); - } - - uint32_t a_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(5)); - EXPECT_EQ(a_idx != ram_values[5], true); - - uint32_t b_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); - uint32_t c_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(1)); - - honk_composer.write_RAM_array(ram_id, honk_composer.add_variable(4), honk_composer.add_variable(500)); - uint32_t d_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); - - EXPECT_EQ(honk_composer.get_variable(d_idx), 500); - - // ensure these vars get used in another arithmetic gate - const auto e_value = honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + - honk_composer.get_variable(c_idx) + honk_composer.get_variable(d_idx); - uint32_t e_idx = honk_composer.add_variable(e_value); - - honk_composer.create_big_add_gate( - { - a_idx, - b_idx, - c_idx, - d_idx, - -1, - -1, - -1, - -1, - 0, - }, - true); - honk_composer.create_big_add_gate( - { - honk_composer.get_zero_idx(), - honk_composer.get_zero_idx(), - honk_composer.get_zero_idx(), - e_idx, - 0, - 0, - 0, - 0, - 0, - }, - false); - } - { - uint32_t ram_values[8]{ - plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), - plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), - plonk_composer.add_variable(g), plonk_composer.add_variable(h), - }; - - size_t ram_id = plonk_composer.create_RAM_array(8); - - for (size_t i = 0; i < 8; ++i) { - plonk_composer.init_RAM_element(ram_id, i, ram_values[i]); - } - - uint32_t a_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(5)); - EXPECT_EQ(a_idx != ram_values[5], true); - - uint32_t b_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); - uint32_t c_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(1)); - - plonk_composer.write_RAM_array(ram_id, plonk_composer.add_variable(4), plonk_composer.add_variable(500)); - uint32_t d_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); - - EXPECT_EQ(plonk_composer.get_variable(d_idx), 500); - - // ensure these vars get used in another arithmetic gate - const auto e_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + - plonk_composer.get_variable(c_idx) + plonk_composer.get_variable(d_idx); - uint32_t e_idx = plonk_composer.add_variable(e_value); - - plonk_composer.create_big_add_gate( - { - a_idx, - b_idx, - c_idx, - d_idx, - -1, - -1, - -1, - -1, - 0, - }, - true); - plonk_composer.create_big_add_gate( - { - plonk_composer.zero_idx, - plonk_composer.zero_idx, - plonk_composer.zero_idx, - e_idx, - 0, - 0, - 0, - 0, - 0, - }, - false); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -} // namespace test_ultra_honk_composer +// #include "ultra_honk_composer.hpp" +// #include "barretenberg/common/log.hpp" +// #include "barretenberg/honk/proof_system/ultra_prover.hpp" +// #include "barretenberg/honk/sumcheck/relations/relation.hpp" +// #include "barretenberg/numeric/uint256/uint256.hpp" +// #include "barretenberg/honk/flavor/flavor.hpp" +// #include +// #include +// #include "barretenberg/honk/proof_system/prover.hpp" +// #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" +// #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" +// #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" +// #include "barretenberg/honk/utils/public_inputs.hpp" + +// // TODO(luke): TEMPORARY; for testing only (comparison with Ultra Plonk composers) +// #include "barretenberg/plonk/composer/ultra_composer.hpp" +// #include "barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp" +// #include "barretenberg/plonk/proof_system/prover/prover.hpp" + +// #include +// #include + +// using namespace proof_system::honk; + +// namespace test_ultra_honk_composer { + +// std::vector add_variables(auto& composer, std::vector variables) +// { +// std::vector res; +// for (size_t i = 0; i < variables.size(); i++) { +// res.emplace_back(composer.add_variable(variables[i])); +// } +// return res; +// } + +// /** +// * @brief TEMPORARY method for checking consistency of polynomials computed by Ultra Plonk/Honk composers +// * +// * @param honk_prover +// * @param plonk_prover +// */ +// // NOTE: Currently checking exact consistency for witness polynomials (wires, sorted lists) and table polys. +// // The permutation polys are computed differently between plonk and honk so we do not expect consistency. +// // Equality is checked on all selectors but we ignore the final entry since we do not enforce non-zero selectors in +// // Honk. +// void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) +// { +// auto& honk_store = honk_prover.proving_key->polynomial_store; +// auto& plonk_store = plonk_prover.key->polynomial_store; + +// // Check that all selectors agree (aside from the final element which will differ due to not enforcing non-zero +// // selectors in Honk). +// for (auto& entry : honk_store) { +// std::string key = entry.first; +// bool is_selector = (key.find("q_") != std::string::npos) || (key.find("table_type") != std::string::npos); +// if (plonk_store.contains(key) && is_selector) { +// // check equality for all but final entry +// for (size_t i = 0; i < honk_store.get(key).size() - 1; ++i) { +// ASSERT_EQ(honk_store.get(key)[i], plonk_store.get(key)[i]); +// } +// } +// } + +// // Check that sorted witness-table and table polys agree +// for (auto& entry : honk_store) { +// std::string key = entry.first; +// bool is_sorted_table = (key.find("s_") != std::string::npos); +// bool is_table = (key.find("table_value_") != std::string::npos); +// if (plonk_store.contains(key) && (is_sorted_table || is_table)) { +// ASSERT_EQ(honk_store.get(key), plonk_store.get(key)); +// } +// } + +// // Check that all wires agree +// // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. +// for (size_t i = 0; i < 4; ++i) { +// std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; +// ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); +// } +// } + +// /** +// * @brief TEMPORARY (verbose) method for checking consistency of polynomials computed by Ultra Plonk/Honk composers +// * +// * @param honk_prover +// * @param plonk_prover +// */ +// void check_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) +// { +// auto& honk_store = honk_prover.proving_key->polynomial_store; +// auto& plonk_store = plonk_prover.key->polynomial_store; +// for (auto& entry : honk_store) { +// std::string key = entry.first; +// if (plonk_store.contains(key)) { + +// bool polys_equal = (honk_store.get(key) == plonk_store.get(key)); +// if (polys_equal) { +// info("Equal: ", key); +// } +// if (!polys_equal) { +// info("UNEQUAL: ", key); +// } +// } +// } + +// for (size_t i = 0; i < 4; ++i) { +// std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; +// bool wire_equal = (honk_prover.wire_polynomials[i] == plonk_prover.key->polynomial_store.get(label)); +// if (wire_equal) { +// info("Wire Equal: ", i); +// } +// if (!wire_equal) { +// info("Wire UNEQUAL: ", i); +// } +// } + +// // std::string label = "w_1_lagrange"; +// // for (size_t i = 0; i < plonk_store.get(label).size(); ++i) { +// // auto val_honk = honk_prover.wire_polynomials[0][i]; +// // // auto val_honk = honk_store.get(label)[i]; +// // auto val_plonk = plonk_store.get(label)[i]; +// // if (val_honk != val_plonk) { +// // info("UNEQUAL index = ", i); +// // info("honk: ",val_honk); +// // info("plonk: ", val_plonk); +// // } +// // } +// } + +// TEST(UltraHonkComposer, create_gates_from_plookup_accumulators) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// barretenberg::fr input_value = fr::random_element(); +// { + +// const fr input_hi = uint256_t(input_value).slice(126, 256); +// const fr input_lo = uint256_t(input_value).slice(0, 126); +// const auto input_hi_index = honk_composer.add_variable(input_hi); +// const auto input_lo_index = honk_composer.add_variable(input_lo); + +// const auto sequence_data_hi = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); +// const auto sequence_data_lo = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + +// const auto lookup_witnesses_hi = honk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); +// const auto lookup_witnesses_lo = honk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); +// } +// { +// const fr input_hi = uint256_t(input_value).slice(126, 256); +// const fr input_lo = uint256_t(input_value).slice(0, 126); +// const auto input_hi_index = plonk_composer.add_variable(input_hi); +// const auto input_lo_index = plonk_composer.add_variable(input_lo); + +// const auto sequence_data_hi = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); +// const auto sequence_data_lo = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + +// const auto lookup_witnesses_hi = plonk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); +// const auto lookup_witnesses_lo = plonk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// /** +// * @brief Build UltraHonkComposer +// * +// */ +// TEST(UltraHonkComposer, test_no_lookup_proof) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// size_t MM = 4; +// for (size_t i = 0; i < MM; ++i) { +// for (size_t j = 0; j < MM; ++j) { +// uint64_t left = static_cast(j); +// uint64_t right = static_cast(i); +// uint32_t left_idx = honk_composer.add_variable(fr(left)); +// uint32_t right_idx = honk_composer.add_variable(fr(right)); +// uint32_t result_idx = honk_composer.add_variable(fr(left ^ right)); + +// uint32_t add_idx = +// honk_composer.add_variable(fr(left) + fr(right) + honk_composer.get_variable(result_idx)); +// honk_composer.create_big_add_gate( +// { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); +// } +// } + +// for (size_t i = 0; i < MM; ++i) { +// for (size_t j = 0; j < MM; ++j) { +// uint64_t left = static_cast(j); +// uint64_t right = static_cast(i); +// uint32_t left_idx = plonk_composer.add_variable(fr(left)); +// uint32_t right_idx = plonk_composer.add_variable(fr(right)); +// uint32_t result_idx = plonk_composer.add_variable(fr(left ^ right)); + +// uint32_t add_idx = +// plonk_composer.add_variable(fr(left) + fr(right) + plonk_composer.get_variable(result_idx)); +// plonk_composer.create_big_add_gate( +// { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); +// } +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, test_elliptic_gate) +// { +// typedef grumpkin::g1::affine_element affine_element; +// typedef grumpkin::g1::element element; + +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; +// affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; +// affine_element p3(element(p1) + element(p2)); + +// uint32_t x1 = honk_composer.add_variable(p1.x); +// uint32_t y1 = honk_composer.add_variable(p1.y); +// uint32_t x2 = honk_composer.add_variable(p2.x); +// uint32_t y2 = honk_composer.add_variable(p2.y); +// uint32_t x3 = honk_composer.add_variable(p3.x); +// uint32_t y3 = honk_composer.add_variable(p3.y); + +// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; +// honk_composer.create_ecc_add_gate(gate); + +// grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); +// affine_element p2_endo = p2; +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) + element(p2_endo)); +// x3 = honk_composer.add_variable(p3.x); +// y3 = honk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; +// honk_composer.create_ecc_add_gate(gate); + +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) - element(p2_endo)); +// x3 = honk_composer.add_variable(p3.x); +// y3 = honk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; +// honk_composer.create_ecc_add_gate(gate); +// } +// { +// affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; +// affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; +// affine_element p3(element(p1) + element(p2)); + +// uint32_t x1 = plonk_composer.add_variable(p1.x); +// uint32_t y1 = plonk_composer.add_variable(p1.y); +// uint32_t x2 = plonk_composer.add_variable(p2.x); +// uint32_t y2 = plonk_composer.add_variable(p2.y); +// uint32_t x3 = plonk_composer.add_variable(p3.x); +// uint32_t y3 = plonk_composer.add_variable(p3.y); + +// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; +// plonk_composer.create_ecc_add_gate(gate); + +// grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); +// affine_element p2_endo = p2; +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) + element(p2_endo)); +// x3 = plonk_composer.add_variable(p3.x); +// y3 = plonk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; +// plonk_composer.create_ecc_add_gate(gate); + +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) - element(p2_endo)); +// x3 = plonk_composer.add_variable(p3.x); +// y3 = plonk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; +// plonk_composer.create_ecc_add_gate(gate); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, non_trivial_tag_permutation) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fr a = fr::random_element(); +// { +// fr b = -a; + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(b); +// auto c_idx = honk_composer.add_variable(b); +// auto d_idx = honk_composer.add_variable(a); + +// honk_composer.create_add_gate( +// { a_idx, b_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); +// honk_composer.create_add_gate( +// { c_idx, d_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); + +// honk_composer.create_tag(1, 2); +// honk_composer.create_tag(2, 1); + +// honk_composer.assign_tag(a_idx, 1); +// honk_composer.assign_tag(b_idx, 1); +// honk_composer.assign_tag(c_idx, 2); +// honk_composer.assign_tag(d_idx, 2); +// } +// { +// fr b = -a; + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(b); +// auto c_idx = plonk_composer.add_variable(b); +// auto d_idx = plonk_composer.add_variable(a); + +// plonk_composer.create_add_gate( +// { a_idx, b_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); +// plonk_composer.create_add_gate( +// { c_idx, d_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + +// plonk_composer.create_tag(1, 2); +// plonk_composer.create_tag(2, 1); + +// plonk_composer.assign_tag(a_idx, 1); +// plonk_composer.assign_tag(b_idx, 1); +// plonk_composer.assign_tag(c_idx, 2); +// plonk_composer.assign_tag(d_idx, 2); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, non_trivial_tag_permutation_and_cycles) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fr a = fr::random_element(); +// { +// fr c = -a; + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(a); +// honk_composer.assert_equal(a_idx, b_idx); +// auto c_idx = honk_composer.add_variable(c); +// auto d_idx = honk_composer.add_variable(c); +// honk_composer.assert_equal(c_idx, d_idx); +// auto e_idx = honk_composer.add_variable(a); +// auto f_idx = honk_composer.add_variable(a); +// honk_composer.assert_equal(e_idx, f_idx); +// auto g_idx = honk_composer.add_variable(c); +// auto h_idx = honk_composer.add_variable(c); +// honk_composer.assert_equal(g_idx, h_idx); + +// honk_composer.create_tag(1, 2); +// honk_composer.create_tag(2, 1); + +// honk_composer.assign_tag(a_idx, 1); +// honk_composer.assign_tag(c_idx, 1); +// honk_composer.assign_tag(e_idx, 2); +// honk_composer.assign_tag(g_idx, 2); + +// honk_composer.create_add_gate( +// { b_idx, a_idx, honk_composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); +// honk_composer.create_add_gate( +// { c_idx, g_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// honk_composer.create_add_gate( +// { e_idx, f_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// } +// { +// fr c = -a; + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(a); +// plonk_composer.assert_equal(a_idx, b_idx); +// auto c_idx = plonk_composer.add_variable(c); +// auto d_idx = plonk_composer.add_variable(c); +// plonk_composer.assert_equal(c_idx, d_idx); +// auto e_idx = plonk_composer.add_variable(a); +// auto f_idx = plonk_composer.add_variable(a); +// plonk_composer.assert_equal(e_idx, f_idx); +// auto g_idx = plonk_composer.add_variable(c); +// auto h_idx = plonk_composer.add_variable(c); +// plonk_composer.assert_equal(g_idx, h_idx); + +// plonk_composer.create_tag(1, 2); +// plonk_composer.create_tag(2, 1); + +// plonk_composer.assign_tag(a_idx, 1); +// plonk_composer.assign_tag(c_idx, 1); +// plonk_composer.assign_tag(e_idx, 2); +// plonk_composer.assign_tag(g_idx, 2); + +// plonk_composer.create_add_gate( +// { b_idx, a_idx, plonk_composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); +// plonk_composer.create_add_gate( +// { c_idx, g_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// plonk_composer.create_add_gate( +// { e_idx, f_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, bad_tag_permutation) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fr a = fr::random_element(); +// { +// fr b = -a; + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(b); +// auto c_idx = honk_composer.add_variable(b); +// auto d_idx = honk_composer.add_variable(a + 1); + +// honk_composer.create_add_gate({ a_idx, b_idx, honk_composer.get_zero_idx(), 1, 1, 0, 0 }); +// honk_composer.create_add_gate({ c_idx, d_idx, honk_composer.get_zero_idx(), 1, 1, 0, -1 }); + +// honk_composer.create_tag(1, 2); +// honk_composer.create_tag(2, 1); + +// honk_composer.assign_tag(a_idx, 1); +// honk_composer.assign_tag(b_idx, 1); +// honk_composer.assign_tag(c_idx, 2); +// honk_composer.assign_tag(d_idx, 2); +// } +// { +// fr b = -a; + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(b); +// auto c_idx = plonk_composer.add_variable(b); +// auto d_idx = plonk_composer.add_variable(a + 1); + +// plonk_composer.create_add_gate({ a_idx, b_idx, plonk_composer.zero_idx, 1, 1, 0, 0 }); +// plonk_composer.create_add_gate({ c_idx, d_idx, plonk_composer.zero_idx, 1, 1, 0, -1 }); + +// plonk_composer.create_tag(1, 2); +// plonk_composer.create_tag(2, 1); + +// plonk_composer.assign_tag(a_idx, 1); +// plonk_composer.assign_tag(b_idx, 1); +// plonk_composer.assign_tag(c_idx, 2); +// plonk_composer.assign_tag(d_idx, 2); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, sort_widget) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// fr a = fr::one(); +// fr b = fr(2); +// fr c = fr(3); +// fr d = fr(4); + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(b); +// auto c_idx = honk_composer.add_variable(c); +// auto d_idx = honk_composer.add_variable(d); +// honk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); +// } +// { +// fr a = fr::one(); +// fr b = fr(2); +// fr c = fr(3); +// fr d = fr(4); + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(b); +// auto c_idx = plonk_composer.add_variable(c); +// auto d_idx = plonk_composer.add_variable(d); +// plonk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, sort_with_edges_gate) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto idx = add_variables(honk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, +// 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + +// honk_composer.create_sort_constraint_with_edges(idx, 1, 29); +// } +// { +// auto idx = add_variables(plonk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, +// 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + +// plonk_composer.create_sort_constraint_with_edges(idx, 1, 29); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, range_constraint) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto indices = +// add_variables(honk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 +// }); +// for (size_t i = 0; i < indices.size(); i++) { +// honk_composer.create_new_range_constraint(indices[i], 79); +// } +// honk_composer.create_dummy_constraints(indices); +// } +// { +// auto indices = +// add_variables(plonk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 +// }); +// for (size_t i = 0; i < indices.size(); i++) { +// plonk_composer.create_new_range_constraint(indices[i], 79); +// } +// plonk_composer.create_dummy_constraints(indices); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, range_with_gates) +// { + +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// honk_composer.create_new_range_constraint(idx[i], 8); +// } + +// honk_composer.create_add_gate( +// { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); +// honk_composer.create_add_gate( +// { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); +// honk_composer.create_add_gate( +// { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); +// honk_composer.create_add_gate( +// { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); +// } +// { +// auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// plonk_composer.create_new_range_constraint(idx[i], 8); +// } + +// plonk_composer.create_add_gate( +// { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); +// plonk_composer.create_add_gate( +// { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); +// plonk_composer.create_add_gate( +// { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); +// plonk_composer.create_add_gate( +// { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, range_with_gates_where_range_is_not_a_power_of_two) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// honk_composer.create_new_range_constraint(idx[i], 12); +// } + +// honk_composer.create_add_gate( +// { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); +// honk_composer.create_add_gate( +// { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); +// honk_composer.create_add_gate( +// { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); +// honk_composer.create_add_gate( +// { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); +// } +// { +// auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// plonk_composer.create_new_range_constraint(idx[i], 12); +// } + +// plonk_composer.create_add_gate( +// { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); +// plonk_composer.create_add_gate( +// { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); +// plonk_composer.create_add_gate( +// { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); +// plonk_composer.create_add_gate( +// { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, sort_widget_complex) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; +// std::vector ind; +// for (size_t i = 0; i < a.size(); i++) +// ind.emplace_back(honk_composer.add_variable(a[i])); +// honk_composer.create_sort_constraint(ind); +// } +// { +// std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; +// std::vector ind; +// for (size_t i = 0; i < a.size(); i++) +// ind.emplace_back(plonk_composer.add_variable(a[i])); +// plonk_composer.create_sort_constraint(ind); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, composed_range_constraint) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// auto c = fr::random_element(); +// { +// auto d = uint256_t(c).slice(0, 133); +// auto e = fr(d); +// auto a_idx = honk_composer.add_variable(fr(e)); +// honk_composer.create_add_gate( +// { a_idx, honk_composer.get_zero_idx(), honk_composer.get_zero_idx(), 1, 0, 0, -fr(e) }); +// honk_composer.decompose_into_default_range(a_idx, 134); +// } +// { +// auto d = uint256_t(c).slice(0, 133); +// auto e = fr(d); +// auto a_idx = plonk_composer.add_variable(fr(e)); +// plonk_composer.create_add_gate({ a_idx, plonk_composer.zero_idx, plonk_composer.zero_idx, 1, 0, 0, -fr(e) }); +// plonk_composer.decompose_into_default_range(a_idx, 134); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, non_native_field_multiplication) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fq a = fq::random_element(); +// fq b = fq::random_element(); +// { +// uint256_t modulus = fq::modulus; + +// uint1024_t a_big = uint512_t(uint256_t(a)); +// uint1024_t b_big = uint512_t(uint256_t(b)); +// uint1024_t p_big = uint512_t(uint256_t(modulus)); + +// uint1024_t q_big = (a_big * b_big) / p_big; +// uint1024_t r_big = (a_big * b_big) % p_big; + +// uint256_t q(q_big.lo.lo); +// uint256_t r(r_big.lo.lo); + +// const auto split_into_limbs = [&](const uint512_t& input) { +// constexpr size_t NUM_BITS = 68; +// std::array limbs; +// limbs[0] = input.slice(0, NUM_BITS).lo; +// limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; +// limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; +// limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; +// limbs[4] = fr(input.lo); +// return limbs; +// }; + +// const auto get_limb_witness_indices = [&](const std::array& limbs) { +// std::array limb_indices; +// limb_indices[0] = honk_composer.add_variable(limbs[0]); +// limb_indices[1] = honk_composer.add_variable(limbs[1]); +// limb_indices[2] = honk_composer.add_variable(limbs[2]); +// limb_indices[3] = honk_composer.add_variable(limbs[3]); +// limb_indices[4] = honk_composer.add_variable(limbs[4]); +// return limb_indices; +// }; +// const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); +// auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); + +// const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); +// const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); +// const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); +// const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); + +// proof_system::non_native_field_witnesses inputs{ +// a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), +// }; +// const auto [lo_1_idx, hi_1_idx] = honk_composer.evaluate_non_native_field_multiplication(inputs); +// honk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); +// } +// { +// uint256_t modulus = fq::modulus; + +// uint1024_t a_big = uint512_t(uint256_t(a)); +// uint1024_t b_big = uint512_t(uint256_t(b)); +// uint1024_t p_big = uint512_t(uint256_t(modulus)); + +// uint1024_t q_big = (a_big * b_big) / p_big; +// uint1024_t r_big = (a_big * b_big) % p_big; + +// uint256_t q(q_big.lo.lo); +// uint256_t r(r_big.lo.lo); + +// const auto split_into_limbs = [&](const uint512_t& input) { +// constexpr size_t NUM_BITS = 68; +// std::array limbs; +// limbs[0] = input.slice(0, NUM_BITS).lo; +// limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; +// limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; +// limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; +// limbs[4] = fr(input.lo); +// return limbs; +// }; + +// const auto get_limb_witness_indices = [&](const std::array& limbs) { +// std::array limb_indices; +// limb_indices[0] = plonk_composer.add_variable(limbs[0]); +// limb_indices[1] = plonk_composer.add_variable(limbs[1]); +// limb_indices[2] = plonk_composer.add_variable(limbs[2]); +// limb_indices[3] = plonk_composer.add_variable(limbs[3]); +// limb_indices[4] = plonk_composer.add_variable(limbs[4]); +// return limb_indices; +// }; +// const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); +// auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); + +// const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); +// const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); +// const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); +// const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); + +// proof_system::plonk::UltraComposer::non_native_field_witnesses inputs{ +// a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), +// }; +// const auto [lo_1_idx, hi_1_idx] = plonk_composer.evaluate_non_native_field_multiplication(inputs); +// plonk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, rom) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// auto a = fr::random_element(); +// auto b = fr::random_element(); +// auto c = fr::random_element(); +// auto d = fr::random_element(); +// auto e = fr::random_element(); +// auto f = fr::random_element(); +// auto g = fr::random_element(); +// auto h = fr::random_element(); +// { +// uint32_t rom_values[8]{ +// honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), +// honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), +// honk_composer.add_variable(g), honk_composer.add_variable(h), +// }; + +// size_t rom_id = honk_composer.create_ROM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// honk_composer.set_ROM_element(rom_id, i, rom_values[i]); +// } + +// uint32_t a_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != rom_values[5], true); +// uint32_t b_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(4)); +// uint32_t c_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(1)); + +// const auto d_value = +// honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + +// honk_composer.get_variable(c_idx); +// uint32_t d_idx = honk_composer.add_variable(d_value); + +// honk_composer.create_big_add_gate({ +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// 1, +// 1, +// 1, +// -1, +// 0, +// }); +// } +// { +// uint32_t rom_values[8]{ +// plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), +// plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), +// plonk_composer.add_variable(g), plonk_composer.add_variable(h), +// }; + +// size_t rom_id = plonk_composer.create_ROM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// plonk_composer.set_ROM_element(rom_id, i, rom_values[i]); +// } + +// uint32_t a_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != rom_values[5], true); +// uint32_t b_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(4)); +// uint32_t c_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(1)); + +// const auto d_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + +// plonk_composer.get_variable(c_idx); +// uint32_t d_idx = plonk_composer.add_variable(d_value); + +// plonk_composer.create_big_add_gate({ +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// 1, +// 1, +// 1, +// -1, +// 0, +// }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// check_consistency(honk_prover, plonk_prover); +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, ram) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// auto a = fr::random_element(); +// auto b = fr::random_element(); +// auto c = fr::random_element(); +// auto d = fr::random_element(); +// auto e = fr::random_element(); +// auto f = fr::random_element(); +// auto g = fr::random_element(); +// auto h = fr::random_element(); +// { +// uint32_t ram_values[8]{ +// honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), +// honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), +// honk_composer.add_variable(g), honk_composer.add_variable(h), +// }; + +// size_t ram_id = honk_composer.create_RAM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// honk_composer.init_RAM_element(ram_id, i, ram_values[i]); +// } + +// uint32_t a_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != ram_values[5], true); + +// uint32_t b_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); +// uint32_t c_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(1)); + +// honk_composer.write_RAM_array(ram_id, honk_composer.add_variable(4), honk_composer.add_variable(500)); +// uint32_t d_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); + +// EXPECT_EQ(honk_composer.get_variable(d_idx), 500); + +// // ensure these vars get used in another arithmetic gate +// const auto e_value = honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + +// honk_composer.get_variable(c_idx) + honk_composer.get_variable(d_idx); +// uint32_t e_idx = honk_composer.add_variable(e_value); + +// honk_composer.create_big_add_gate( +// { +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// -1, +// -1, +// -1, +// -1, +// 0, +// }, +// true); +// honk_composer.create_big_add_gate( +// { +// honk_composer.get_zero_idx(), +// honk_composer.get_zero_idx(), +// honk_composer.get_zero_idx(), +// e_idx, +// 0, +// 0, +// 0, +// 0, +// 0, +// }, +// false); +// } +// { +// uint32_t ram_values[8]{ +// plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), +// plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), +// plonk_composer.add_variable(g), plonk_composer.add_variable(h), +// }; + +// size_t ram_id = plonk_composer.create_RAM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// plonk_composer.init_RAM_element(ram_id, i, ram_values[i]); +// } + +// uint32_t a_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != ram_values[5], true); + +// uint32_t b_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); +// uint32_t c_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(1)); + +// plonk_composer.write_RAM_array(ram_id, plonk_composer.add_variable(4), plonk_composer.add_variable(500)); +// uint32_t d_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); + +// EXPECT_EQ(plonk_composer.get_variable(d_idx), 500); + +// // ensure these vars get used in another arithmetic gate +// const auto e_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + +// plonk_composer.get_variable(c_idx) + plonk_composer.get_variable(d_idx); +// uint32_t e_idx = plonk_composer.add_variable(e_value); + +// plonk_composer.create_big_add_gate( +// { +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// -1, +// -1, +// -1, +// -1, +// 0, +// }, +// true); +// plonk_composer.create_big_add_gate( +// { +// plonk_composer.zero_idx, +// plonk_composer.zero_idx, +// plonk_composer.zero_idx, +// e_idx, +// 0, +// 0, +// 0, +// 0, +// 0, +// }, +// false); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// } // namespace test_ultra_honk_composer diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp index 769e744a6d..573d237355 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp @@ -32,12 +32,12 @@ namespace proof_system::honk { * * @tparam settings Settings class. * */ -template -UltraHonkProver::UltraHonkProver(std::vector&& wire_polys, - std::shared_ptr input_key) +template +UltraHonkProver::UltraHonkProver(std::vector&& wire_polys, + std::shared_ptr input_key) : wire_polynomials(wire_polys) , key(input_key) - , queue(key, transcript) + , queue(input_key->circuit_size, transcript) {} template plonk::proof& UltraHonkProver::export_proof() @@ -51,6 +51,6 @@ template plonk::proof& UltraHonkProver::construct_ return export_proof(); } -template class UltraHonkProver; +template class UltraHonkProver; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index b645e5863f..e8743e9c3b 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -24,31 +24,32 @@ #include #include "barretenberg/honk/pcs/claim.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk { // TODO(luke): The naming here is awkward. The Standard Honk prover is called "Prover" and aliased as StandardProver. To // be consistent with that convention outside of the prover class itself, I've called this class UltraHonkProver and use // the alias UltraProver externally. Resolve. -template class UltraHonkProver { +template class UltraHonkProver { - using Fr = barretenberg::fr; - using Polynomial = barretenberg::Polynomial; - using Commitment = barretenberg::g1::affine_element; - using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; + using FF = typename Flavor::FF; + using PCSParams = typename Flavor::PCSParams; + using ProvingKey = typename Flavor::ProvingKey; + using Polynomial = typename Flavor::Polynomial; public: UltraHonkProver(std::vector&& wire_polys, - std::shared_ptr input_key = nullptr); + std::shared_ptr input_key = nullptr); plonk::proof& export_proof(); plonk::proof& construct_proof(); - ProverTranscript transcript; + ProverTranscript transcript; std::vector wire_polynomials; - std::shared_ptr key; + std::shared_ptr key; work_queue queue; @@ -56,8 +57,8 @@ template class UltraHonkProver { plonk::proof proof; }; -extern template class UltraHonkProver; +extern template class UltraHonkProver; -using UltraProver = UltraHonkProver; +using UltraProver = UltraHonkProver; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index f5556a31da..932e953557 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -11,6 +11,7 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/honk/utils/public_inputs.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include @@ -32,7 +33,7 @@ TEST(RelationCorrectness, StandardRelationCorrectness) { // Create a composer and a dummy circuit with a few gates auto composer = StandardHonkComposer(); - static const size_t num_wires = StandardHonkComposer::num_wires; + // static const size_t num_wires = StandardHonkComposer::num_wires; fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly uint32_t a_idx = composer.add_public_variable(a); @@ -66,8 +67,8 @@ TEST(RelationCorrectness, StandardRelationCorrectness) constexpr size_t num_polynomials = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; // Compute grand product polynomial - polynomial z_perm_poly = - prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); + polynomial z_perm_poly = prover_library::compute_permutation_grand_product( + prover.key, prover.wire_polynomials, beta, gamma); // Create an array of spans to the underlying polynomials to more easily // get the transposition. @@ -139,7 +140,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) { // Create a composer and a dummy circuit with a few gates auto composer = UltraHonkComposer(); - static const size_t num_wires = 4; + // static const size_t num_wires = 4; fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly // TODO(luke): add method "add_public_variable" to UH composer @@ -177,8 +178,8 @@ TEST(RelationCorrectness, UltraRelationCorrectness) constexpr size_t num_polynomials = proof_system::honk::UltraArithmetization::COUNT; // Compute grand product polynomial - auto z_perm_poly = - prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); + auto z_perm_poly = prover_library::compute_permutation_grand_product( + prover.key, prover.wire_polynomials, beta, gamma); // Create an array of spans to the underlying polynomials to more easily // get the transposition. diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 20ab2d4b66..d49ec2cc04 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -229,15 +229,10 @@ PermutationMapping compute_permutation_mapping( * @param permutation_mappings A table with information about permuting each element * @param key Pointer to the proving key */ -// MERGECONFLICT -// template -// void compute_honk_style_permutation_lagrange_polynomials_from_mapping( -// std::string label, -// std::array, program_width>& permutation_mappings, -// plonk::proving_key* key) template -void compute_honk_style_sigma_lagrange_polynomials_from_mapping( - std::array, Flavor::num_wires>& sigma_mappings, +void compute_honk_style_permutation_lagrange_polynomials_from_mapping( + std::string label, + std::array, Flavor::num_wires>& permutation_mappings, typename Flavor::ProvingKey* proving_key) { const size_t num_gates = proving_key->circuit_size; @@ -245,11 +240,14 @@ void compute_honk_style_sigma_lagrange_polynomials_from_mapping( std::array permutation_poly; // sigma or ID poly size_t wire_index = 0; - for (auto& sigma_polynomial : proving_key->get_sigma_polynomials()) { + for (auto& current_permutation_poly : proving_key->get_sigma_polynomials()) { + // permutation_poly[wire_index] = barretenberg::polynomial(num_gates); + // auto& current_permutation_poly = permutation_poly[wire_index]; + auto new_poly = barretenberg::polynomial(num_gates); // WORKTODO - current_sigma_polynomial = new_poly; + current_permutation_poly = new_poly; ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); - const auto& current_mapping = sigma_mappings[wire_index][i]; + const auto& current_mapping = permutation_mappings[wire_index][i]; if (current_mapping.is_public_input) { // We intentionally want to break the cycles of the public input variables. // During the witness generation, the left and right wire polynomials at index i contain the i-th public @@ -263,7 +261,7 @@ void compute_honk_style_sigma_lagrange_polynomials_from_mapping( -barretenberg::fr(current_mapping.row_index + 1 + num_gates * current_mapping.column_index); } else if (current_mapping.is_tag) { // Set evaluations to (arbitrary) values disjoint from non-tag values - current_permutation_poly[i] = num_gates * program_width + current_mapping.row_index; + current_permutation_poly[i] = num_gates * Flavor::num_wires + current_mapping.row_index; } else { // For the regular permutation we simply point to the next location by setting the evaluation to its // index @@ -272,14 +270,15 @@ void compute_honk_style_sigma_lagrange_polynomials_from_mapping( } ITERATE_OVER_DOMAIN_END; } + static_cast(label); // MERGECONFLICT // // Save to polynomial cache - // for (size_t j = 0; j < program_width; j++) { + // for (size_t j = 0; j < Flavor::num_wires; j++) { // std::string index = std::to_string(j + 1); // key->polynomial_store.put(label + "_" + index + "_lagrange", std::move(permutation_poly[j])); - wire_index++; - } + wire_index++; } +} // namespace /** * Compute sigma permutation polynomial in lagrange base @@ -455,7 +454,7 @@ void compute_standard_honk_sigma_permutations(const typename Flavor::CircuitCons // Compute the permutation table specifying which element becomes which auto mapping = compute_permutation_mapping(circuit_constructor, proving_key); // Compute Honk-style sigma polynomial from the permutation table - compute_honk_style_permutation_lagrange_polynomials_from_mapping(mapping.sigmas, proving_key); + compute_honk_style_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, proving_key); } /** @@ -519,24 +518,24 @@ void compute_plonk_generalized_sigma_permutations(const typename Flavor::Circuit compute_monomial_and_coset_fft_polynomials_from_lagrange("id", key); } -// MERGECONFLICT what is this? /** * @brief Compute generalized permutation sigmas and ids for ultra plonk * * @tparam program_width * @tparam CircuitConstructor * @param circuit_constructor - * @param key + * @param proving_key * @return std::array, program_width> */ -template -void compute_honk_generalized_sigma_permutations(const CircuitConstructor& circuit_constructor, plonk::proving_key* key) +template +void compute_honk_generalized_sigma_permutations(const typename Flavor::CircuitConstructor& circuit_constructor, + typename Flavor::ProvingKey* proving_key) { - auto mapping = compute_permutation_mapping(circuit_constructor, key); + auto mapping = compute_permutation_mapping(circuit_constructor, proving_key); // Compute Honk-style sigma and ID polynomials from the corresponding mappings - compute_honk_style_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, key); - compute_honk_style_permutation_lagrange_polynomials_from_mapping("id", mapping.ids, key); + compute_honk_style_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, proving_key); + compute_honk_style_permutation_lagrange_polynomials_from_mapping("id", mapping.ids, proving_key); } } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index ea3d845d17..68391ca760 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -70,7 +70,8 @@ TEST_F(PermutationHelperTests, ComputePermutationMapping) TEST_F(PermutationHelperTests, ComputeHonkStyleSigmaLagrangePolynomialsFromMapping) { auto mapping = compute_permutation_mapping(circuit_constructor, proving_key.get()); - compute_honk_style_sigma_lagrange_polynomials_from_mapping(mapping.sigmas, proving_key.get()); + compute_honk_style_permutation_lagrange_polynomials_from_mapping( + "label", mapping.sigmas, proving_key.get()); } TEST_F(PermutationHelperTests, ComputeStandardAuxPolynomials) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 9d9d7b33d1..75cf80d42e 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -14,6 +14,7 @@ #include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" +#include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" // could be shared, but will it? namespace proof_system::honk::flavor { @@ -36,8 +37,8 @@ class Ultra { public: using CircuitConstructor = proof_system::UltraCircuitConstructor; static constexpr size_t num_wires = CircuitConstructor::num_wires; - // static constexpr size_t NUM_ALL_ENTITIES = 18; - // static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + static constexpr size_t NUM_ALL_ENTITIES = 18; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; @@ -47,14 +48,36 @@ class Ultra { using CommitmentView = G1; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; - class ProvingKey { + template class PrecomputedData : public Data { + public: + T& q_m = std::get<0>(this->_data); + T& q_l = std::get<1>(this->_data); + T& q_r = std::get<2>(this->_data); + T& q_o = std::get<3>(this->_data); + T& q_c = std::get<4>(this->_data); + T& sigma_1 = std::get<5>(this->_data); + T& sigma_2 = std::get<6>(this->_data); + T& sigma_3 = std::get<7>(this->_data); + T& id_1 = std::get<8>(this->_data); + T& id_2 = std::get<9>(this->_data); + T& id_3 = std::get<10>(this->_data); + T& lagrange_first = std::get<11>(this->_data); + T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; + std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; + std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; + }; + + class ProvingKey : public PrecomputedData { public: const size_t circuit_size; - const size_t log_circuit_size; // TODO(Cody) + const size_t log_circuit_size; const size_t num_public_inputs; std::shared_ptr crs; EvaluationDomain evaluation_domain; - const ComposerType composer_type; // TODO(Cody): Get rid of this + const ComposerType composer_type; // TODO(Cody): Get rid of this + PolynomialStore polynomial_store; // TODO(Cody): Get rid of this ProvingKey(const size_t circuit_size, const size_t num_public_inputs, @@ -67,6 +90,73 @@ class Ultra { , evaluation_domain(circuit_size, circuit_size) , composer_type(composer_type){}; }; + + using VerificationKey = PrecomputedData; + + template struct AllData : Data { + public: + T& w_l = std::get<0>(this->_data); + T& w_r = std::get<1>(this->_data); + T& w_o = std::get<2>(this->_data); + T& z_perm = std::get<3>(this->_data); + T& z_perm_shift = std::get<4>(this->_data); + T& q_m = std::get<5>(this->_data); + T& q_l = std::get<6>(this->_data); + T& q_r = std::get<7>(this->_data); + T& q_o = std::get<8>(this->_data); + T& q_c = std::get<9>(this->_data); + T& sigma_1 = std::get<10>(this->_data); + T& sigma_2 = std::get<11>(this->_data); + T& sigma_3 = std::get<12>(this->_data); + T& id_1 = std::get<13>(this->_data); + T& id_2 = std::get<14>(this->_data); + T& id_3 = std::get<15>(this->_data); + T& lagrange_first = std::get<16>(this->_data); + T& lagrange_last = std::get<17>(this->_data); + + std::vector get_not_to_be_shifted() + { // ...z_perm_shift is in here? + return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, + id_1, id_2, id_3, lagrange_first, lagrange_last }; + }; + + std::vector get_to_be_shifted() { return { z_perm }; }; + + // TODO(Cody): Look for a better solution? + std::vector get_in_order() + { + std::vector result{ get_not_to_be_shifted() }; + std::vector to_be_shifted{ get_to_be_shifted() }; + result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); + return result; + }; + }; + // These are classes are views of data living in different entities. They + // provide the utility of grouping these and ranged `for` loops over subsets. + using ProverPolynomials = AllData; + using VerifierCommitments = AllData; + + // TODO: Handle univariates right + using ExtendedEdges = AllData>; + + using PurportedEvaluations = AllData; + + class CommitmentLabels : public AllData { + public: + // this does away with the ENUM_TO_COMM array while preserving the + // transcript interface, which takes a string + // + // note: we could consider "enriching" the transcript interface to not use + // strings in the future, but I leave it this way for simplicity + std::string w_l = "w_l"; + std::string w_r = "w_r"; + std::string w_o = "w_o"; + std::string p_0 = "p_0"; + std::string p_1 = "p_1"; + std::string q_0 = "q_0"; + std::string q_1 = "q_1"; + std::string s_0 = "s_0"; + }; }; class Standard { @@ -111,11 +201,12 @@ class Standard { class ProvingKey : public PrecomputedData { public: const size_t circuit_size; - const size_t log_circuit_size; // TODO(Cody) + const size_t log_circuit_size; const size_t num_public_inputs; std::shared_ptr crs; EvaluationDomain evaluation_domain; - const ComposerType composer_type; // TODO(Cody): Get rid of this + const ComposerType composer_type; // TODO(Cody): Get rid of this + PolynomialStore polynomial_store; // TODO(Cody): Get rid of this ProvingKey(const size_t circuit_size, const size_t num_public_inputs, From cef40e5cbb4914c2db4f73e01be0954279f2dcdb Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 17 Apr 2023 14:38:53 +0000 Subject: [PATCH 007/119] Make flavor base class, proof_system_tests pass. --- .../circuit_constructor_base.hpp | 3 + .../proof_system/flavor/flavor.hpp | 680 +++++++++++++++--- 2 files changed, 581 insertions(+), 102 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 325349708d..693ed011dc 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -9,6 +9,9 @@ static constexpr uint32_t DUMMY_TAG = 0; template class CircuitConstructorBase { public: + // TODO(Cody): This needs to be templated to allow constructing circuits over Grumpkin. For now, adding FF here + // since the flavor can extract it. + using FF = barretenberg::fr; static constexpr size_t num_wires = Arithmetization::num_wires; // Keeping num_wires, at least temporarily, for backward compatibility static constexpr size_t program_width = Arithmetization::num_wires; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 75cf80d42e..468f3d45f9 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -16,31 +16,39 @@ #include "barretenberg/srs/reference_string/reference_string.hpp" #include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" -// could be shared, but will it? namespace proof_system::honk::flavor { -template class Data { +template class Flavor { public: - using DataType = std::array; - DataType _data; + using CircuitConstructor = CircuitConstructor_; + using FF = typename CircuitConstructor::FF; - // now it's safe to inherit from this... right? - virtual ~Data() = default; + static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_ALL_ENTITIES = NUM_ALL_ENTITIES_; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = NUM_PRECOMPUTED_ENTITIES_; + + /** + * @brief The basic class from which others will inherit. It essentially exists so we can avoid subclassing + * std::array. + * + * @tparam T + * @tparam NUM_ENTITIES + */ + template class Data { + public: + using DataType = std::array; + DataType _data; - T& operator[](size_t idx) { return _data[idx]; }; - typename DataType::iterator begin() { return _data.begin(); }; - typename DataType::iterator end() { return _data.end(); }; + // now it's safe to inherit from this... right? + virtual ~Data() = default; - consteval size_t size() { return _data.size(); }; -}; + T& operator[](size_t idx) { return _data[idx]; }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::iterator end() { return _data.end(); }; -class Ultra { - public: - using CircuitConstructor = proof_system::UltraCircuitConstructor; - static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = 18; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + consteval size_t size() { return _data.size(); }; + }; - using FF = barretenberg::fr; + // TODO(Cody): ? Make a curve type and just pass that? using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; using G1 = barretenberg::g1; @@ -48,28 +56,25 @@ class Ultra { using CommitmentView = G1; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; - template class PrecomputedData : public Data { + /** + * @brief This class provides a base for our classes that store preprocessed polynomials and subsets of views of + * these. + * + * @tparam T + * + * @todo TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. + */ + template + class PrecomputedData : public Data { public: - T& q_m = std::get<0>(this->_data); - T& q_l = std::get<1>(this->_data); - T& q_r = std::get<2>(this->_data); - T& q_o = std::get<3>(this->_data); - T& q_c = std::get<4>(this->_data); - T& sigma_1 = std::get<5>(this->_data); - T& sigma_2 = std::get<6>(this->_data); - T& sigma_3 = std::get<7>(this->_data); - T& id_1 = std::get<8>(this->_data); - T& id_2 = std::get<9>(this->_data); - T& id_3 = std::get<10>(this->_data); - T& lagrange_first = std::get<11>(this->_data); - T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - - std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; - std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; - std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; + virtual std::vector get_selectors() = 0; + virtual std::vector get_sigma_polynomials() = 0; + virtual std::vector get_id_polynomials() = 0; }; - class ProvingKey : public PrecomputedData { + class ProvingKey : public PrecomputedData { + // TODO(Cody): Made this public derivation so that I could iterate through + // the selectors public: const size_t circuit_size; const size_t log_circuit_size; @@ -90,10 +95,104 @@ class Ultra { , evaluation_domain(circuit_size, circuit_size) , composer_type(composer_type){}; }; + using VerificationKey = PrecomputedData; + + /** + * @brief A base class for when we want to collect all named entities in one place for using better and more uniform + * containers. + * + * @tparam T Will specialize to view types and strings. + */ + template struct AllData : Data { + public: + virtual std::vector get_not_to_be_shifted() = 0; + virtual std::vector get_to_be_shifted() = 0; + + // TODO(Cody): Look for a better solution? + virtual std::vector get_in_order() + { + std::vector result{ get_not_to_be_shifted() }; + std::vector to_be_shifted{ get_to_be_shifted() }; + result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); + return result; + }; + }; + // These are classes are views of data living in different entities. They + // provide the utility of grouping these and ranged `for` loops over + // subsets. + using ProverPolynomials = AllData; + using VerifierCommitments = AllData; - using VerificationKey = PrecomputedData; + // WORKTODO: Handle univariates right + using ExtendedEdges = AllData>; - template struct AllData : Data { + using PurportedEvaluations = AllData; + + class CommitmentLabels : public AllData { + public: + // this does away with the ENUM_TO_COMM array while preserving the + // transcript interface, which takes a string + // + // note: we could consider "enriching" the transcript interface to not + // use strings in the future, but I leave it this way for simplicity + }; +}; + +class Standard : public Flavor { + public: + // TODO(Cody): Made this public derivation so that I could populate + // selector polys from circuit constructor. + template + class PrecomputedData : public Flavor::PrecomputedData { + public: + StorageType& q_m = std::get<0>(this->_data); + StorageType& q_l = std::get<1>(this->_data); + StorageType& q_r = std::get<2>(this->_data); + StorageType& q_o = std::get<3>(this->_data); + StorageType& q_c = std::get<4>(this->_data); + StorageType& sigma_1 = std::get<5>(this->_data); + StorageType& sigma_2 = std::get<6>(this->_data); + StorageType& sigma_3 = std::get<7>(this->_data); + StorageType& id_1 = std::get<8>(this->_data); + StorageType& id_2 = std::get<9>(this->_data); + StorageType& id_3 = std::get<10>(this->_data); + StorageType& lagrange_first = std::get<11>(this->_data); + StorageType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; + }; + + // TODO(Cody): Made this public derivation so that I could iterate through + // the selectors + + class ProvingKey : public PrecomputedData { + public: + const size_t circuit_size; + const size_t log_circuit_size; + const size_t num_public_inputs; + std::shared_ptr crs; + EvaluationDomain evaluation_domain; + const ComposerType composer_type; // TODO(Cody): Get rid of this + PolynomialStore polynomial_store; // TODO(Cody): Get rid of this + + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + : circuit_size(circuit_size) + , log_circuit_size(numeric::get_msb(circuit_size)) + , num_public_inputs(num_public_inputs) + , crs(crs) + , + // evaluation_domain(circuit_size, circuit_size), + composer_type(composer_type){}; + }; + + using VerificationKey = PrecomputedData; + + template struct AllData : public Flavor::AllData { public: T& w_l = std::get<0>(this->_data); T& w_r = std::get<1>(this->_data); @@ -114,23 +213,15 @@ class Ultra { T& lagrange_first = std::get<16>(this->_data); T& lagrange_last = std::get<17>(this->_data); - std::vector get_not_to_be_shifted() + std::vector get_not_to_be_shifted() override { // ...z_perm_shift is in here? return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; }; - std::vector get_to_be_shifted() { return { z_perm }; }; - - // TODO(Cody): Look for a better solution? - std::vector get_in_order() - { - std::vector result{ get_not_to_be_shifted() }; - std::vector to_be_shifted{ get_to_be_shifted() }; - result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); - return result; - }; + std::vector get_to_be_shifted() override { return { z_perm }; }; }; + // These are classes are views of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over subsets. using ProverPolynomials = AllData; @@ -145,7 +236,6 @@ class Ultra { public: // this does away with the ENUM_TO_COMM array while preserving the // transcript interface, which takes a string - // // note: we could consider "enriching" the transcript interface to not use // strings in the future, but I leave it this way for simplicity std::string w_l = "w_l"; @@ -159,46 +249,37 @@ class Ultra { }; }; -class Standard { +// TODO: configure +class Ultra : public Flavor { public: - using CircuitConstructor = proof_system::StandardCircuitConstructor; - static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = 18; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - - using FF = barretenberg::fr; - using Polynomial = barretenberg::Polynomial; - using PolynomialView = std::span; - using G1 = barretenberg::g1; - using Commitment = G1; - using CommitmentView = G1; // TODO(Cody): make a pointer? - using PCSParams = pcs::kzg::Params; - - // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. - template class PrecomputedData : public Data { + // TODO(Cody): Made this public derivation so that I could populate + // selector polys from circuit constructor. + template + class PrecomputedData : public Flavor::PrecomputedData { public: - T& q_m = std::get<0>(this->_data); - T& q_l = std::get<1>(this->_data); - T& q_r = std::get<2>(this->_data); - T& q_o = std::get<3>(this->_data); - T& q_c = std::get<4>(this->_data); - T& sigma_1 = std::get<5>(this->_data); - T& sigma_2 = std::get<6>(this->_data); - T& sigma_3 = std::get<7>(this->_data); - T& id_1 = std::get<8>(this->_data); - T& id_2 = std::get<9>(this->_data); - T& id_3 = std::get<10>(this->_data); - T& lagrange_first = std::get<11>(this->_data); - T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - - std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; - std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; - std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; + StorageType& q_m = std::get<0>(this->_data); + StorageType& q_l = std::get<1>(this->_data); + StorageType& q_r = std::get<2>(this->_data); + StorageType& q_o = std::get<3>(this->_data); + StorageType& q_c = std::get<4>(this->_data); + StorageType& sigma_1 = std::get<5>(this->_data); + StorageType& sigma_2 = std::get<6>(this->_data); + StorageType& sigma_3 = std::get<7>(this->_data); + StorageType& id_1 = std::get<8>(this->_data); + StorageType& id_2 = std::get<9>(this->_data); + StorageType& id_3 = std::get<10>(this->_data); + StorageType& lagrange_first = std::get<11>(this->_data); + StorageType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; }; - // TODO(Cody): Made this public derivation so that I could iterate through the selectors + // TODO(Cody): Made this public derivation so that I could iterate through + // the selectors - class ProvingKey : public PrecomputedData { + class ProvingKey : public PrecomputedData { public: const size_t circuit_size; const size_t log_circuit_size; @@ -216,12 +297,14 @@ class Standard { , log_circuit_size(numeric::get_msb(circuit_size)) , num_public_inputs(num_public_inputs) , crs(crs) - , evaluation_domain(circuit_size, circuit_size) - , composer_type(composer_type){}; + , + // evaluation_domain(circuit_size, circuit_size), + composer_type(composer_type){}; }; - using VerificationKey = PrecomputedData; - template struct AllData : Data { + using VerificationKey = PrecomputedData; + + template struct AllData : public Flavor::AllData { public: T& w_l = std::get<0>(this->_data); T& w_r = std::get<1>(this->_data); @@ -242,23 +325,15 @@ class Standard { T& lagrange_first = std::get<16>(this->_data); T& lagrange_last = std::get<17>(this->_data); - std::vector get_not_to_be_shifted() + std::vector get_not_to_be_shifted() override { // ...z_perm_shift is in here? return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; }; - std::vector get_to_be_shifted() { return { z_perm }; }; - - // TODO(Cody): Look for a better solution? - std::vector get_in_order() - { - std::vector result{ get_not_to_be_shifted() }; - std::vector to_be_shifted{ get_to_be_shifted() }; - result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); - return result; - }; + std::vector get_to_be_shifted() override { return { z_perm }; }; }; + // These are classes are views of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over subsets. using ProverPolynomials = AllData; @@ -273,7 +348,6 @@ class Standard { public: // this does away with the ENUM_TO_COMM array while preserving the // transcript interface, which takes a string - // // note: we could consider "enriching" the transcript interface to not use // strings in the future, but I leave it this way for simplicity std::string w_l = "w_l"; @@ -286,8 +360,410 @@ class Standard { std::string s_0 = "s_0"; }; }; + } // namespace proof_system::honk::flavor +// // could be shared, but will it? +// namespace proof_system::honk::flavor { +// template class Data { +// public: +// using DataType = std::array; +// DataType _data; + +// // now it's safe to inherit from this... right? +// virtual ~Data() = default; + +// T& operator[](size_t idx) { return _data[idx]; }; +// typename DataType::iterator begin() { return _data.begin(); }; +// typename DataType::iterator end() { return _data.end(); }; + +// consteval size_t size() { return _data.size(); }; +// }; + +// class Flavor { +// public: +// using CircuitConstructor = proof_system::StandardCircuitConstructor; +// static constexpr size_t num_wires = CircuitConstructor::num_wires; +// static constexpr size_t NUM_ALL_ENTITIES = 18; +// static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + +// using FF = barretenberg::fr; +// using Polynomial = barretenberg::Polynomial; +// using PolynomialView = std::span; +// using G1 = barretenberg::g1; +// using Commitment = G1; +// using CommitmentView = G1; // TODO(Cody): make a pointer? +// using PCSParams = pcs::kzg::Params; + +// // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. +// template class PrecomputedData : public Data { +// public: +// T& q_m = std::get<0>(this->_data); +// T& q_l = std::get<1>(this->_data); +// T& q_r = std::get<2>(this->_data); +// T& q_o = std::get<3>(this->_data); +// T& q_c = std::get<4>(this->_data); +// T& sigma_1 = std::get<5>(this->_data); +// T& sigma_2 = std::get<6>(this->_data); +// T& sigma_3 = std::get<7>(this->_data); +// T& id_1 = std::get<8>(this->_data); +// T& id_2 = std::get<9>(this->_data); +// T& id_3 = std::get<10>(this->_data); +// T& lagrange_first = std::get<11>(this->_data); +// T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + +// std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; +// std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; +// std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; +// }; + +// // TODO(Cody): Made this public derivation so that I could iterate through the selectors + +// class ProvingKey : public PrecomputedData { +// public: +// const size_t circuit_size; +// const size_t log_circuit_size; +// const size_t num_public_inputs; +// std::shared_ptr crs; +// EvaluationDomain evaluation_domain; +// const ComposerType composer_type; // TODO(Cody): Get rid of this +// PolynomialStore polynomial_store; // TODO(Cody): Get rid of this + +// ProvingKey(const size_t circuit_size, +// const size_t num_public_inputs, +// std::shared_ptr const& crs, +// ComposerType composer_type) +// : circuit_size(circuit_size) +// , log_circuit_size(numeric::get_msb(circuit_size)) +// , num_public_inputs(num_public_inputs) +// , crs(crs) +// , evaluation_domain(circuit_size, circuit_size) +// , composer_type(composer_type){}; +// }; +// using VerificationKey = PrecomputedData; + +// template struct AllData : Data { +// public: +// T& w_l = std::get<0>(this->_data); +// T& w_r = std::get<1>(this->_data); +// T& w_o = std::get<2>(this->_data); +// T& z_perm = std::get<3>(this->_data); +// T& z_perm_shift = std::get<4>(this->_data); +// T& q_m = std::get<5>(this->_data); +// T& q_l = std::get<6>(this->_data); +// T& q_r = std::get<7>(this->_data); +// T& q_o = std::get<8>(this->_data); +// T& q_c = std::get<9>(this->_data); +// T& sigma_1 = std::get<10>(this->_data); +// T& sigma_2 = std::get<11>(this->_data); +// T& sigma_3 = std::get<12>(this->_data); +// T& id_1 = std::get<13>(this->_data); +// T& id_2 = std::get<14>(this->_data); +// T& id_3 = std::get<15>(this->_data); +// T& lagrange_first = std::get<16>(this->_data); +// T& lagrange_last = std::get<17>(this->_data); + +// std::vector get_not_to_be_shifted() +// { // ...z_perm_shift is in here? +// return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, +// id_1, id_2, id_3, lagrange_first, lagrange_last }; +// }; + +// std::vector get_to_be_shifted() { return { z_perm }; }; + +// // TODO(Cody): Look for a better solution? +// std::vector get_in_order() +// { +// std::vector result{ get_not_to_be_shifted() }; +// std::vector to_be_shifted{ get_to_be_shifted() }; +// result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); +// return result; +// }; +// }; +// // These are classes are views of data living in different entities. They +// // provide the utility of grouping these and ranged `for` loops over subsets. +// using ProverPolynomials = AllData; +// using VerifierCommitments = AllData; + +// // TODO: Handle univariates right +// using ExtendedEdges = AllData>; + +// using PurportedEvaluations = AllData; + +// class CommitmentLabels : public AllData { +// public: +// // this does away with the ENUM_TO_COMM array while preserving the +// // transcript interface, which takes a string +// // +// // note: we could consider "enriching" the transcript interface to not use +// // strings in the future, but I leave it this way for simplicity +// std::string w_l = "w_l"; +// std::string w_r = "w_r"; +// std::string w_o = "w_o"; +// std::string p_0 = "p_0"; +// std::string p_1 = "p_1"; +// std::string q_0 = "q_0"; +// std::string q_1 = "q_1"; +// std::string s_0 = "s_0"; +// }; +// }; + +// class Ultra { +// public: +// using CircuitConstructor = proof_system::UltraCircuitConstructor; +// static constexpr size_t num_wires = CircuitConstructor::num_wires; +// static constexpr size_t NUM_ALL_ENTITIES = 18; +// static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + +// using FF = barretenberg::fr; +// using Polynomial = barretenberg::Polynomial; +// using PolynomialView = std::span; +// using G1 = barretenberg::g1; +// using Commitment = G1; +// using CommitmentView = G1; // TODO(Cody): make a pointer? +// using PCSParams = pcs::kzg::Params; + +// template class PrecomputedData : public Data { +// public: +// T& q_m = std::get<0>(this->_data); +// T& q_l = std::get<1>(this->_data); +// T& q_r = std::get<2>(this->_data); +// T& q_o = std::get<3>(this->_data); +// T& q_c = std::get<4>(this->_data); +// T& sigma_1 = std::get<5>(this->_data); +// T& sigma_2 = std::get<6>(this->_data); +// T& sigma_3 = std::get<7>(this->_data); +// T& id_1 = std::get<8>(this->_data); +// T& id_2 = std::get<9>(this->_data); +// T& id_3 = std::get<10>(this->_data); +// T& lagrange_first = std::get<11>(this->_data); +// T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + +// std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; +// std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; +// std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; +// }; + +// class ProvingKey : public PrecomputedData { +// public: +// const size_t circuit_size; +// const size_t log_circuit_size; +// const size_t num_public_inputs; +// std::shared_ptr crs; +// EvaluationDomain evaluation_domain; +// const ComposerType composer_type; // TODO(Cody): Get rid of this +// PolynomialStore polynomial_store; // TODO(Cody): Get rid of this + +// ProvingKey(const size_t circuit_size, +// const size_t num_public_inputs, +// std::shared_ptr const& crs, +// ComposerType composer_type) +// : circuit_size(circuit_size) +// , log_circuit_size(numeric::get_msb(circuit_size)) +// , num_public_inputs(num_public_inputs) +// , crs(crs) +// , evaluation_domain(circuit_size, circuit_size) +// , composer_type(composer_type){}; +// }; + +// using VerificationKey = PrecomputedData; + +// template struct AllData : Data { +// public: +// T& w_l = std::get<0>(this->_data); +// T& w_r = std::get<1>(this->_data); +// T& w_o = std::get<2>(this->_data); +// T& z_perm = std::get<3>(this->_data); +// T& z_perm_shift = std::get<4>(this->_data); +// T& q_m = std::get<5>(this->_data); +// T& q_l = std::get<6>(this->_data); +// T& q_r = std::get<7>(this->_data); +// T& q_o = std::get<8>(this->_data); +// T& q_c = std::get<9>(this->_data); +// T& sigma_1 = std::get<10>(this->_data); +// T& sigma_2 = std::get<11>(this->_data); +// T& sigma_3 = std::get<12>(this->_data); +// T& id_1 = std::get<13>(this->_data); +// T& id_2 = std::get<14>(this->_data); +// T& id_3 = std::get<15>(this->_data); +// T& lagrange_first = std::get<16>(this->_data); +// T& lagrange_last = std::get<17>(this->_data); + +// std::vector get_not_to_be_shifted() +// { // ...z_perm_shift is in here? +// return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, +// id_1, id_2, id_3, lagrange_first, lagrange_last }; +// }; + +// std::vector get_to_be_shifted() { return { z_perm }; }; + +// // TODO(Cody): Look for a better solution? +// std::vector get_in_order() +// { +// std::vector result{ get_not_to_be_shifted() }; +// std::vector to_be_shifted{ get_to_be_shifted() }; +// result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); +// return result; +// }; +// }; +// // These are classes are views of data living in different entities. They +// // provide the utility of grouping these and ranged `for` loops over subsets. +// using ProverPolynomials = AllData; +// using VerifierCommitments = AllData; + +// // TODO: Handle univariates right +// using ExtendedEdges = AllData>; + +// using PurportedEvaluations = AllData; + +// class CommitmentLabels : public AllData { +// public: +// // this does away with the ENUM_TO_COMM array while preserving the +// // transcript interface, which takes a string +// // +// // note: we could consider "enriching" the transcript interface to not use +// // strings in the future, but I leave it this way for simplicity +// std::string w_l = "w_l"; +// std::string w_r = "w_r"; +// std::string w_o = "w_o"; +// std::string p_0 = "p_0"; +// std::string p_1 = "p_1"; +// std::string q_0 = "q_0"; +// std::string q_1 = "q_1"; +// std::string s_0 = "s_0"; +// }; +// }; + +// class Standard { +// public: +// using CircuitConstructor = proof_system::StandardCircuitConstructor; +// static constexpr size_t num_wires = CircuitConstructor::num_wires; +// static constexpr size_t NUM_ALL_ENTITIES = 18; +// static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + +// using FF = barretenberg::fr; +// using Polynomial = barretenberg::Polynomial; +// using PolynomialView = std::span; +// using G1 = barretenberg::g1; +// using Commitment = G1; +// using CommitmentView = G1; // TODO(Cody): make a pointer? +// using PCSParams = pcs::kzg::Params; + +// // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. +// template class PrecomputedData : public Data { +// public: +// T& q_m = std::get<0>(this->_data); +// T& q_l = std::get<1>(this->_data); +// T& q_r = std::get<2>(this->_data); +// T& q_o = std::get<3>(this->_data); +// T& q_c = std::get<4>(this->_data); +// T& sigma_1 = std::get<5>(this->_data); +// T& sigma_2 = std::get<6>(this->_data); +// T& sigma_3 = std::get<7>(this->_data); +// T& id_1 = std::get<8>(this->_data); +// T& id_2 = std::get<9>(this->_data); +// T& id_3 = std::get<10>(this->_data); +// T& lagrange_first = std::get<11>(this->_data); +// T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + +// std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; +// std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; +// std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; +// }; + +// // TODO(Cody): Made this public derivation so that I could iterate through the selectors + +// class ProvingKey : public PrecomputedData { +// public: +// const size_t circuit_size; +// const size_t log_circuit_size; +// const size_t num_public_inputs; +// std::shared_ptr crs; +// EvaluationDomain evaluation_domain; +// const ComposerType composer_type; // TODO(Cody): Get rid of this +// PolynomialStore polynomial_store; // TODO(Cody): Get rid of this + +// ProvingKey(const size_t circuit_size, +// const size_t num_public_inputs, +// std::shared_ptr const& crs, +// ComposerType composer_type) +// : circuit_size(circuit_size) +// , log_circuit_size(numeric::get_msb(circuit_size)) +// , num_public_inputs(num_public_inputs) +// , crs(crs) +// , evaluation_domain(circuit_size, circuit_size) +// , composer_type(composer_type){}; +// }; +// using VerificationKey = PrecomputedData; + +// template struct AllData : Data { +// public: +// T& w_l = std::get<0>(this->_data); +// T& w_r = std::get<1>(this->_data); +// T& w_o = std::get<2>(this->_data); +// T& z_perm = std::get<3>(this->_data); +// T& z_perm_shift = std::get<4>(this->_data); +// T& q_m = std::get<5>(this->_data); +// T& q_l = std::get<6>(this->_data); +// T& q_r = std::get<7>(this->_data); +// T& q_o = std::get<8>(this->_data); +// T& q_c = std::get<9>(this->_data); +// T& sigma_1 = std::get<10>(this->_data); +// T& sigma_2 = std::get<11>(this->_data); +// T& sigma_3 = std::get<12>(this->_data); +// T& id_1 = std::get<13>(this->_data); +// T& id_2 = std::get<14>(this->_data); +// T& id_3 = std::get<15>(this->_data); +// T& lagrange_first = std::get<16>(this->_data); +// T& lagrange_last = std::get<17>(this->_data); + +// std::vector get_not_to_be_shifted() +// { // ...z_perm_shift is in here? +// return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, +// id_1, id_2, id_3, lagrange_first, lagrange_last }; +// }; + +// std::vector get_to_be_shifted() { return { z_perm }; }; + +// // TODO(Cody): Look for a better solution? +// std::vector get_in_order() +// { +// std::vector result{ get_not_to_be_shifted() }; +// std::vector to_be_shifted{ get_to_be_shifted() }; +// result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); +// return result; +// }; +// }; +// // These are classes are views of data living in different entities. They +// // provide the utility of grouping these and ranged `for` loops over subsets. +// using ProverPolynomials = AllData; +// using VerifierCommitments = AllData; + +// // TODO: Handle univariates right +// using ExtendedEdges = AllData>; + +// using PurportedEvaluations = AllData; + +// class CommitmentLabels : public AllData { +// public: +// // this does away with the ENUM_TO_COMM array while preserving the +// // transcript interface, which takes a string +// // +// // note: we could consider "enriching" the transcript interface to not use +// // strings in the future, but I leave it this way for simplicity +// std::string w_l = "w_l"; +// std::string w_r = "w_r"; +// std::string w_o = "w_o"; +// std::string p_0 = "p_0"; +// std::string p_1 = "p_1"; +// std::string q_0 = "q_0"; +// std::string q_1 = "q_1"; +// std::string s_0 = "s_0"; +// }; +// }; + +// } // namespace proof_system::honk::flavor + namespace proof_system::plonk::flavor { struct Standard { using CircuitConstructor = proof_system::StandardCircuitConstructor; From 08b6c34def98afb6b0b8754d4e124283a8570b2f Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 17 Apr 2023 21:40:26 +0000 Subject: [PATCH 008/119] Less inheritance --- .../proof_system/flavor/flavor.hpp | 750 ++++-------------- 1 file changed, 138 insertions(+), 612 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 468f3d45f9..6603c82470 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -17,182 +17,116 @@ #include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" namespace proof_system::honk::flavor { -template class Flavor { - public: - using CircuitConstructor = CircuitConstructor_; - using FF = typename CircuitConstructor::FF; - static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = NUM_ALL_ENTITIES_; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = NUM_PRECOMPUTED_ENTITIES_; - - /** - * @brief The basic class from which others will inherit. It essentially exists so we can avoid subclassing - * std::array. - * - * @tparam T - * @tparam NUM_ENTITIES - */ - template class Data { - public: - using DataType = std::array; - DataType _data; - - // now it's safe to inherit from this... right? - virtual ~Data() = default; +template class Data { + public: + using DataType = std::array; + DataType _data; - T& operator[](size_t idx) { return _data[idx]; }; - typename DataType::iterator begin() { return _data.begin(); }; - typename DataType::iterator end() { return _data.end(); }; + // TODO(Cody): now it's safe to inherit from this... right? + virtual ~Data() = default; - consteval size_t size() { return _data.size(); }; - }; + T& operator[](size_t idx) { return _data[idx]; }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::iterator end() { return _data.end(); }; - // TODO(Cody): ? Make a curve type and just pass that? - using Polynomial = barretenberg::Polynomial; - using PolynomialView = std::span; - using G1 = barretenberg::g1; - using Commitment = G1; - using CommitmentView = G1; // TODO(Cody): make a pointer? - using PCSParams = pcs::kzg::Params; + consteval size_t size() { return _data.size(); }; +}; - /** - * @brief This class provides a base for our classes that store preprocessed polynomials and subsets of views of - * these. - * - * @tparam T - * - * @todo TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. - */ - template - class PrecomputedData : public Data { - public: - virtual std::vector get_selectors() = 0; - virtual std::vector get_sigma_polynomials() = 0; - virtual std::vector get_id_polynomials() = 0; - }; +template +class BasePrecomputedData : public Data { + public: + virtual std::vector get_selectors() = 0; + virtual std::vector get_sigma_polynomials() = 0; + virtual std::vector get_id_polynomials() = 0; +}; - class ProvingKey : public PrecomputedData { - // TODO(Cody): Made this public derivation so that I could iterate through - // the selectors - public: - const size_t circuit_size; - const size_t log_circuit_size; - const size_t num_public_inputs; - std::shared_ptr crs; - EvaluationDomain evaluation_domain; - const ComposerType composer_type; // TODO(Cody): Get rid of this - PolynomialStore polynomial_store; // TODO(Cody): Get rid of this - - ProvingKey(const size_t circuit_size, +// TODO(Cody): Made this public derivation so that I could iterate through +// the selectors +template class BaseProvingKey : public PrecomputedData { + public: + const size_t circuit_size; + const size_t log_circuit_size; + const size_t num_public_inputs; + std::shared_ptr crs; + EvaluationDomain evaluation_domain; + const ComposerType composer_type; // TODO(Cody): Get rid of this + PolynomialStore polynomial_store; // TODO(Cody): Get rid of this + + BaseProvingKey(const size_t circuit_size, const size_t num_public_inputs, std::shared_ptr const& crs, ComposerType composer_type) - : circuit_size(circuit_size) - , log_circuit_size(numeric::get_msb(circuit_size)) - , num_public_inputs(num_public_inputs) - , crs(crs) - , evaluation_domain(circuit_size, circuit_size) - , composer_type(composer_type){}; - }; - using VerificationKey = PrecomputedData; - - /** - * @brief A base class for when we want to collect all named entities in one place for using better and more uniform - * containers. - * - * @tparam T Will specialize to view types and strings. - */ - template struct AllData : Data { - public: - virtual std::vector get_not_to_be_shifted() = 0; - virtual std::vector get_to_be_shifted() = 0; - - // TODO(Cody): Look for a better solution? - virtual std::vector get_in_order() - { - std::vector result{ get_not_to_be_shifted() }; - std::vector to_be_shifted{ get_to_be_shifted() }; - result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); - return result; - }; - }; - // These are classes are views of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over - // subsets. - using ProverPolynomials = AllData; - using VerifierCommitments = AllData; + : circuit_size(circuit_size) + , log_circuit_size(numeric::get_msb(circuit_size)) + , num_public_inputs(num_public_inputs) + , crs(crs) + , + // evaluation_domain(circuit_size, circuit_size), + composer_type(composer_type){}; +}; - // WORKTODO: Handle univariates right - using ExtendedEdges = AllData>; +template using BaseVerificationKey = PrecomputedData; - using PurportedEvaluations = AllData; - - class CommitmentLabels : public AllData { - public: - // this does away with the ENUM_TO_COMM array while preserving the - // transcript interface, which takes a string - // - // note: we could consider "enriching" the transcript interface to not - // use strings in the future, but I leave it this way for simplicity +template class BaseAllData { + public: + virtual std::vector get_not_to_be_shifted() = 0; + virtual std::vector get_to_be_shifted() = 0; + + // TODO(Cody): Look for a better solution? + std::vector get_in_order() + { + std::vector result{ get_not_to_be_shifted() }; + std::vector to_be_shifted{ get_to_be_shifted() }; + result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); + return result; }; }; -class Standard : public Flavor { +class Standard { public: - // TODO(Cody): Made this public derivation so that I could populate - // selector polys from circuit constructor. - template - class PrecomputedData : public Flavor::PrecomputedData { - public: - StorageType& q_m = std::get<0>(this->_data); - StorageType& q_l = std::get<1>(this->_data); - StorageType& q_r = std::get<2>(this->_data); - StorageType& q_o = std::get<3>(this->_data); - StorageType& q_c = std::get<4>(this->_data); - StorageType& sigma_1 = std::get<5>(this->_data); - StorageType& sigma_2 = std::get<6>(this->_data); - StorageType& sigma_3 = std::get<7>(this->_data); - StorageType& id_1 = std::get<8>(this->_data); - StorageType& id_2 = std::get<9>(this->_data); - StorageType& id_3 = std::get<10>(this->_data); - StorageType& lagrange_first = std::get<11>(this->_data); - StorageType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - - std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; - std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; - std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; - }; + using CircuitConstructor = StandardCircuitConstructor; + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialView = std::span; + using G1 = barretenberg::g1; + using Commitment = G1; + using CommitmentView = G1; // TODO(Cody): make a pointer? + using PCSParams = pcs::kzg::Params; - // TODO(Cody): Made this public derivation so that I could iterate through - // the selectors + static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 18; + static constexpr size_t NUM_ALL_ENTITIES = 13; - class ProvingKey : public PrecomputedData { + // TODO(Cody): Made this public derivation so that I could populate selector + // polys from circuit constructor. + template + class PrecomputedData : public BasePrecomputedData { public: - const size_t circuit_size; - const size_t log_circuit_size; - const size_t num_public_inputs; - std::shared_ptr crs; - EvaluationDomain evaluation_domain; - const ComposerType composer_type; // TODO(Cody): Get rid of this - PolynomialStore polynomial_store; // TODO(Cody): Get rid of this - - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - : circuit_size(circuit_size) - , log_circuit_size(numeric::get_msb(circuit_size)) - , num_public_inputs(num_public_inputs) - , crs(crs) - , - // evaluation_domain(circuit_size, circuit_size), - composer_type(composer_type){}; + T& q_m = std::get<0>(this->_data); + T& q_l = std::get<1>(this->_data); + T& q_r = std::get<2>(this->_data); + T& q_o = std::get<3>(this->_data); + T& q_c = std::get<4>(this->_data); + T& sigma_1 = std::get<5>(this->_data); + T& sigma_2 = std::get<6>(this->_data); + T& sigma_3 = std::get<7>(this->_data); + T& id_1 = std::get<8>(this->_data); + T& id_2 = std::get<9>(this->_data); + T& id_3 = std::get<10>(this->_data); + T& lagrange_first = std::get<11>(this->_data); + T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() { return { id_1, id_2, id_3 }; }; }; - using VerificationKey = PrecomputedData; + using ProvingKey = BaseProvingKey, FF>; + + using VerificationKey = BaseVerificationKey>; - template struct AllData : public Flavor::AllData { + template class AllData : BaseAllData { public: T& w_l = std::get<0>(this->_data); T& w_r = std::get<1>(this->_data); @@ -213,21 +147,22 @@ class Standard : public Flavor(this->_data); T& lagrange_last = std::get<17>(this->_data); - std::vector get_not_to_be_shifted() override + std::vector get_not_to_be_shifted() { // ...z_perm_shift is in here? return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; }; - std::vector get_to_be_shifted() override { return { z_perm }; }; + std::vector get_to_be_shifted() { return { z_perm }; }; }; // These are classes are views of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over subsets. + // provide the utility of grouping these and ranged `for` loops over + // subsets. using ProverPolynomials = AllData; using VerifierCommitments = AllData; - // TODO: Handle univariates right + // WORKTODOXIxI: Handle univariates right using ExtendedEdges = AllData>; using PurportedEvaluations = AllData; @@ -249,62 +184,54 @@ class Standard : public Flavor { +class Ultra { public: - // TODO(Cody): Made this public derivation so that I could populate - // selector polys from circuit constructor. - template - class PrecomputedData : public Flavor::PrecomputedData { + using CircuitConstructor = UltraCircuitConstructor; + using FF = CircuitConstructor::FF; + + using Polynomial = barretenberg::Polynomial; + using PolynomialView = std::span; + using G1 = barretenberg::g1; + using Commitment = G1; + using CommitmentView = G1; // TODO(Cody): make a pointer? + using PCSParams = pcs::kzg::Params; + + static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 18; + static constexpr size_t NUM_ALL_ENTITIES = 13; + + // TODO(Cody): Made this public derivation so that I could populate selector + // polys from circuit constructor. + template + class PrecomputedData : public BasePrecomputedData { public: - StorageType& q_m = std::get<0>(this->_data); - StorageType& q_l = std::get<1>(this->_data); - StorageType& q_r = std::get<2>(this->_data); - StorageType& q_o = std::get<3>(this->_data); - StorageType& q_c = std::get<4>(this->_data); - StorageType& sigma_1 = std::get<5>(this->_data); - StorageType& sigma_2 = std::get<6>(this->_data); - StorageType& sigma_3 = std::get<7>(this->_data); - StorageType& id_1 = std::get<8>(this->_data); - StorageType& id_2 = std::get<9>(this->_data); - StorageType& id_3 = std::get<10>(this->_data); - StorageType& lagrange_first = std::get<11>(this->_data); - StorageType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - - std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; - std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; - std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; + T& q_m = std::get<0>(this->_data); + T& q_l = std::get<1>(this->_data); + T& q_r = std::get<2>(this->_data); + T& q_o = std::get<3>(this->_data); + T& q_c = std::get<4>(this->_data); + T& sigma_1 = std::get<5>(this->_data); + T& sigma_2 = std::get<6>(this->_data); + T& sigma_3 = std::get<7>(this->_data); + T& id_1 = std::get<8>(this->_data); + T& id_2 = std::get<9>(this->_data); + T& id_3 = std::get<10>(this->_data); + T& lagrange_first = std::get<11>(this->_data); + T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() { return { id_1, id_2, id_3 }; }; }; // TODO(Cody): Made this public derivation so that I could iterate through // the selectors - class ProvingKey : public PrecomputedData { - public: - const size_t circuit_size; - const size_t log_circuit_size; - const size_t num_public_inputs; - std::shared_ptr crs; - EvaluationDomain evaluation_domain; - const ComposerType composer_type; // TODO(Cody): Get rid of this - PolynomialStore polynomial_store; // TODO(Cody): Get rid of this - - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - : circuit_size(circuit_size) - , log_circuit_size(numeric::get_msb(circuit_size)) - , num_public_inputs(num_public_inputs) - , crs(crs) - , - // evaluation_domain(circuit_size, circuit_size), - composer_type(composer_type){}; - }; + using ProvingKey = BaseProvingKey, FF>; - using VerificationKey = PrecomputedData; + using VerificationKey = BaseVerificationKey>; - template struct AllData : public Flavor::AllData { + template class AllData : BaseAllData { public: T& w_l = std::get<0>(this->_data); T& w_r = std::get<1>(this->_data); @@ -325,17 +252,18 @@ class Ultra : public Flavor(this->_data); T& lagrange_last = std::get<17>(this->_data); - std::vector get_not_to_be_shifted() override + std::vector get_not_to_be_shifted() { // ...z_perm_shift is in here? return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; }; - std::vector get_to_be_shifted() override { return { z_perm }; }; + std::vector get_to_be_shifted() { return { z_perm }; }; }; // These are classes are views of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over subsets. + // provide the utility of grouping these and ranged `for` loops over + // subsets. using ProverPolynomials = AllData; using VerifierCommitments = AllData; @@ -360,410 +288,8 @@ class Ultra : public Flavor class Data { -// public: -// using DataType = std::array; -// DataType _data; - -// // now it's safe to inherit from this... right? -// virtual ~Data() = default; - -// T& operator[](size_t idx) { return _data[idx]; }; -// typename DataType::iterator begin() { return _data.begin(); }; -// typename DataType::iterator end() { return _data.end(); }; - -// consteval size_t size() { return _data.size(); }; -// }; - -// class Flavor { -// public: -// using CircuitConstructor = proof_system::StandardCircuitConstructor; -// static constexpr size_t num_wires = CircuitConstructor::num_wires; -// static constexpr size_t NUM_ALL_ENTITIES = 18; -// static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - -// using FF = barretenberg::fr; -// using Polynomial = barretenberg::Polynomial; -// using PolynomialView = std::span; -// using G1 = barretenberg::g1; -// using Commitment = G1; -// using CommitmentView = G1; // TODO(Cody): make a pointer? -// using PCSParams = pcs::kzg::Params; - -// // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. -// template class PrecomputedData : public Data { -// public: -// T& q_m = std::get<0>(this->_data); -// T& q_l = std::get<1>(this->_data); -// T& q_r = std::get<2>(this->_data); -// T& q_o = std::get<3>(this->_data); -// T& q_c = std::get<4>(this->_data); -// T& sigma_1 = std::get<5>(this->_data); -// T& sigma_2 = std::get<6>(this->_data); -// T& sigma_3 = std::get<7>(this->_data); -// T& id_1 = std::get<8>(this->_data); -// T& id_2 = std::get<9>(this->_data); -// T& id_3 = std::get<10>(this->_data); -// T& lagrange_first = std::get<11>(this->_data); -// T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - -// std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; -// std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; -// std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; -// }; - -// // TODO(Cody): Made this public derivation so that I could iterate through the selectors - -// class ProvingKey : public PrecomputedData { -// public: -// const size_t circuit_size; -// const size_t log_circuit_size; -// const size_t num_public_inputs; -// std::shared_ptr crs; -// EvaluationDomain evaluation_domain; -// const ComposerType composer_type; // TODO(Cody): Get rid of this -// PolynomialStore polynomial_store; // TODO(Cody): Get rid of this - -// ProvingKey(const size_t circuit_size, -// const size_t num_public_inputs, -// std::shared_ptr const& crs, -// ComposerType composer_type) -// : circuit_size(circuit_size) -// , log_circuit_size(numeric::get_msb(circuit_size)) -// , num_public_inputs(num_public_inputs) -// , crs(crs) -// , evaluation_domain(circuit_size, circuit_size) -// , composer_type(composer_type){}; -// }; -// using VerificationKey = PrecomputedData; - -// template struct AllData : Data { -// public: -// T& w_l = std::get<0>(this->_data); -// T& w_r = std::get<1>(this->_data); -// T& w_o = std::get<2>(this->_data); -// T& z_perm = std::get<3>(this->_data); -// T& z_perm_shift = std::get<4>(this->_data); -// T& q_m = std::get<5>(this->_data); -// T& q_l = std::get<6>(this->_data); -// T& q_r = std::get<7>(this->_data); -// T& q_o = std::get<8>(this->_data); -// T& q_c = std::get<9>(this->_data); -// T& sigma_1 = std::get<10>(this->_data); -// T& sigma_2 = std::get<11>(this->_data); -// T& sigma_3 = std::get<12>(this->_data); -// T& id_1 = std::get<13>(this->_data); -// T& id_2 = std::get<14>(this->_data); -// T& id_3 = std::get<15>(this->_data); -// T& lagrange_first = std::get<16>(this->_data); -// T& lagrange_last = std::get<17>(this->_data); - -// std::vector get_not_to_be_shifted() -// { // ...z_perm_shift is in here? -// return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, -// id_1, id_2, id_3, lagrange_first, lagrange_last }; -// }; - -// std::vector get_to_be_shifted() { return { z_perm }; }; - -// // TODO(Cody): Look for a better solution? -// std::vector get_in_order() -// { -// std::vector result{ get_not_to_be_shifted() }; -// std::vector to_be_shifted{ get_to_be_shifted() }; -// result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); -// return result; -// }; -// }; -// // These are classes are views of data living in different entities. They -// // provide the utility of grouping these and ranged `for` loops over subsets. -// using ProverPolynomials = AllData; -// using VerifierCommitments = AllData; - -// // TODO: Handle univariates right -// using ExtendedEdges = AllData>; - -// using PurportedEvaluations = AllData; - -// class CommitmentLabels : public AllData { -// public: -// // this does away with the ENUM_TO_COMM array while preserving the -// // transcript interface, which takes a string -// // -// // note: we could consider "enriching" the transcript interface to not use -// // strings in the future, but I leave it this way for simplicity -// std::string w_l = "w_l"; -// std::string w_r = "w_r"; -// std::string w_o = "w_o"; -// std::string p_0 = "p_0"; -// std::string p_1 = "p_1"; -// std::string q_0 = "q_0"; -// std::string q_1 = "q_1"; -// std::string s_0 = "s_0"; -// }; -// }; - -// class Ultra { -// public: -// using CircuitConstructor = proof_system::UltraCircuitConstructor; -// static constexpr size_t num_wires = CircuitConstructor::num_wires; -// static constexpr size_t NUM_ALL_ENTITIES = 18; -// static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - -// using FF = barretenberg::fr; -// using Polynomial = barretenberg::Polynomial; -// using PolynomialView = std::span; -// using G1 = barretenberg::g1; -// using Commitment = G1; -// using CommitmentView = G1; // TODO(Cody): make a pointer? -// using PCSParams = pcs::kzg::Params; - -// template class PrecomputedData : public Data { -// public: -// T& q_m = std::get<0>(this->_data); -// T& q_l = std::get<1>(this->_data); -// T& q_r = std::get<2>(this->_data); -// T& q_o = std::get<3>(this->_data); -// T& q_c = std::get<4>(this->_data); -// T& sigma_1 = std::get<5>(this->_data); -// T& sigma_2 = std::get<6>(this->_data); -// T& sigma_3 = std::get<7>(this->_data); -// T& id_1 = std::get<8>(this->_data); -// T& id_2 = std::get<9>(this->_data); -// T& id_3 = std::get<10>(this->_data); -// T& lagrange_first = std::get<11>(this->_data); -// T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - -// std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; -// std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; -// std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; -// }; - -// class ProvingKey : public PrecomputedData { -// public: -// const size_t circuit_size; -// const size_t log_circuit_size; -// const size_t num_public_inputs; -// std::shared_ptr crs; -// EvaluationDomain evaluation_domain; -// const ComposerType composer_type; // TODO(Cody): Get rid of this -// PolynomialStore polynomial_store; // TODO(Cody): Get rid of this - -// ProvingKey(const size_t circuit_size, -// const size_t num_public_inputs, -// std::shared_ptr const& crs, -// ComposerType composer_type) -// : circuit_size(circuit_size) -// , log_circuit_size(numeric::get_msb(circuit_size)) -// , num_public_inputs(num_public_inputs) -// , crs(crs) -// , evaluation_domain(circuit_size, circuit_size) -// , composer_type(composer_type){}; -// }; - -// using VerificationKey = PrecomputedData; - -// template struct AllData : Data { -// public: -// T& w_l = std::get<0>(this->_data); -// T& w_r = std::get<1>(this->_data); -// T& w_o = std::get<2>(this->_data); -// T& z_perm = std::get<3>(this->_data); -// T& z_perm_shift = std::get<4>(this->_data); -// T& q_m = std::get<5>(this->_data); -// T& q_l = std::get<6>(this->_data); -// T& q_r = std::get<7>(this->_data); -// T& q_o = std::get<8>(this->_data); -// T& q_c = std::get<9>(this->_data); -// T& sigma_1 = std::get<10>(this->_data); -// T& sigma_2 = std::get<11>(this->_data); -// T& sigma_3 = std::get<12>(this->_data); -// T& id_1 = std::get<13>(this->_data); -// T& id_2 = std::get<14>(this->_data); -// T& id_3 = std::get<15>(this->_data); -// T& lagrange_first = std::get<16>(this->_data); -// T& lagrange_last = std::get<17>(this->_data); - -// std::vector get_not_to_be_shifted() -// { // ...z_perm_shift is in here? -// return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, -// id_1, id_2, id_3, lagrange_first, lagrange_last }; -// }; - -// std::vector get_to_be_shifted() { return { z_perm }; }; - -// // TODO(Cody): Look for a better solution? -// std::vector get_in_order() -// { -// std::vector result{ get_not_to_be_shifted() }; -// std::vector to_be_shifted{ get_to_be_shifted() }; -// result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); -// return result; -// }; -// }; -// // These are classes are views of data living in different entities. They -// // provide the utility of grouping these and ranged `for` loops over subsets. -// using ProverPolynomials = AllData; -// using VerifierCommitments = AllData; - -// // TODO: Handle univariates right -// using ExtendedEdges = AllData>; - -// using PurportedEvaluations = AllData; - -// class CommitmentLabels : public AllData { -// public: -// // this does away with the ENUM_TO_COMM array while preserving the -// // transcript interface, which takes a string -// // -// // note: we could consider "enriching" the transcript interface to not use -// // strings in the future, but I leave it this way for simplicity -// std::string w_l = "w_l"; -// std::string w_r = "w_r"; -// std::string w_o = "w_o"; -// std::string p_0 = "p_0"; -// std::string p_1 = "p_1"; -// std::string q_0 = "q_0"; -// std::string q_1 = "q_1"; -// std::string s_0 = "s_0"; -// }; -// }; - -// class Standard { -// public: -// using CircuitConstructor = proof_system::StandardCircuitConstructor; -// static constexpr size_t num_wires = CircuitConstructor::num_wires; -// static constexpr size_t NUM_ALL_ENTITIES = 18; -// static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - -// using FF = barretenberg::fr; -// using Polynomial = barretenberg::Polynomial; -// using PolynomialView = std::span; -// using G1 = barretenberg::g1; -// using Commitment = G1; -// using CommitmentView = G1; // TODO(Cody): make a pointer? -// using PCSParams = pcs::kzg::Params; - -// // TODO(Cody): Made this public derivation so that I could populate selector polys from circuit constructor. -// template class PrecomputedData : public Data { -// public: -// T& q_m = std::get<0>(this->_data); -// T& q_l = std::get<1>(this->_data); -// T& q_r = std::get<2>(this->_data); -// T& q_o = std::get<3>(this->_data); -// T& q_c = std::get<4>(this->_data); -// T& sigma_1 = std::get<5>(this->_data); -// T& sigma_2 = std::get<6>(this->_data); -// T& sigma_3 = std::get<7>(this->_data); -// T& id_1 = std::get<8>(this->_data); -// T& id_2 = std::get<9>(this->_data); -// T& id_3 = std::get<10>(this->_data); -// T& lagrange_first = std::get<11>(this->_data); -// T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - -// std::array, 5> get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; -// std::array, 3> get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; -// std::array, 3> get_id_polynomials() { return { id_1, id_2, id_3 }; }; -// }; - -// // TODO(Cody): Made this public derivation so that I could iterate through the selectors - -// class ProvingKey : public PrecomputedData { -// public: -// const size_t circuit_size; -// const size_t log_circuit_size; -// const size_t num_public_inputs; -// std::shared_ptr crs; -// EvaluationDomain evaluation_domain; -// const ComposerType composer_type; // TODO(Cody): Get rid of this -// PolynomialStore polynomial_store; // TODO(Cody): Get rid of this - -// ProvingKey(const size_t circuit_size, -// const size_t num_public_inputs, -// std::shared_ptr const& crs, -// ComposerType composer_type) -// : circuit_size(circuit_size) -// , log_circuit_size(numeric::get_msb(circuit_size)) -// , num_public_inputs(num_public_inputs) -// , crs(crs) -// , evaluation_domain(circuit_size, circuit_size) -// , composer_type(composer_type){}; -// }; -// using VerificationKey = PrecomputedData; - -// template struct AllData : Data { -// public: -// T& w_l = std::get<0>(this->_data); -// T& w_r = std::get<1>(this->_data); -// T& w_o = std::get<2>(this->_data); -// T& z_perm = std::get<3>(this->_data); -// T& z_perm_shift = std::get<4>(this->_data); -// T& q_m = std::get<5>(this->_data); -// T& q_l = std::get<6>(this->_data); -// T& q_r = std::get<7>(this->_data); -// T& q_o = std::get<8>(this->_data); -// T& q_c = std::get<9>(this->_data); -// T& sigma_1 = std::get<10>(this->_data); -// T& sigma_2 = std::get<11>(this->_data); -// T& sigma_3 = std::get<12>(this->_data); -// T& id_1 = std::get<13>(this->_data); -// T& id_2 = std::get<14>(this->_data); -// T& id_3 = std::get<15>(this->_data); -// T& lagrange_first = std::get<16>(this->_data); -// T& lagrange_last = std::get<17>(this->_data); - -// std::vector get_not_to_be_shifted() -// { // ...z_perm_shift is in here? -// return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, -// id_1, id_2, id_3, lagrange_first, lagrange_last }; -// }; - -// std::vector get_to_be_shifted() { return { z_perm }; }; - -// // TODO(Cody): Look for a better solution? -// std::vector get_in_order() -// { -// std::vector result{ get_not_to_be_shifted() }; -// std::vector to_be_shifted{ get_to_be_shifted() }; -// result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); -// return result; -// }; -// }; -// // These are classes are views of data living in different entities. They -// // provide the utility of grouping these and ranged `for` loops over subsets. -// using ProverPolynomials = AllData; -// using VerifierCommitments = AllData; - -// // TODO: Handle univariates right -// using ExtendedEdges = AllData>; - -// using PurportedEvaluations = AllData; - -// class CommitmentLabels : public AllData { -// public: -// // this does away with the ENUM_TO_COMM array while preserving the -// // transcript interface, which takes a string -// // -// // note: we could consider "enriching" the transcript interface to not use -// // strings in the future, but I leave it this way for simplicity -// std::string w_l = "w_l"; -// std::string w_r = "w_r"; -// std::string w_o = "w_o"; -// std::string p_0 = "p_0"; -// std::string p_1 = "p_1"; -// std::string q_0 = "q_0"; -// std::string q_1 = "q_1"; -// std::string s_0 = "s_0"; -// }; -// }; - -// } // namespace proof_system::honk::flavor - namespace proof_system::plonk::flavor { struct Standard { using CircuitConstructor = proof_system::StandardCircuitConstructor; @@ -786,7 +312,7 @@ struct Ultra { namespace proof_system { -// Helper +// Stuff template concept IsAnyOf = (std::same_as || ...); template From 06ce1dc1b6b4017e4c82b023a60faf5d2cf3e0ad Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 17 Apr 2023 22:44:42 +0000 Subject: [PATCH 009/119] Good through creation of prover. --- .../standard_honk_composer_helper.cpp | 2 +- .../ultra_honk_composer_helper.cpp | 2 +- .../honk/proof_system/verifier.test.cpp | 2 +- .../composer/composer_helper_lib.hpp | 4 +-- .../composer/permutation_helper.hpp | 34 +++++++++---------- .../composer/permutation_helper.test.cpp | 4 +-- .../proof_system/flavor/flavor.hpp | 2 ++ 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 72a9e55b77..17fd48524f 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -114,7 +114,7 @@ std::shared_ptr StandardHonkComposerHelp compute_standard_honk_sigma_permutations(circuit_constructor, proving_key.get()); compute_standard_honk_id_polynomials(proving_key.get()); - compute_first_and_last_lagrange_polynomials(proving_key.get()); + compute_first_and_last_lagrange_polynomials(proving_key.get()); return proving_key; } diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 4f675eb7c7..ba07b77906 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -206,7 +206,7 @@ std::shared_ptr UltraHonkComposerHe compute_honk_generalized_sigma_permutations(circuit_constructor, circuit_proving_key.get()); - compute_first_and_last_lagrange_polynomials(circuit_proving_key.get()); + compute_first_and_last_lagrange_polynomials(circuit_proving_key.get()); const size_t subgroup_size = circuit_proving_key->circuit_size; diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp index 53888fb83e..ded2d173b2 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp @@ -181,7 +181,7 @@ // proving_key->polynomial_store.put("sigma_3_lagrange", std::move(sigma_3_lagrange_base)); // compute_standard_honk_id_polynomials(proving_key); -// compute_first_and_last_lagrange_polynomials(proving_key); +// compute_first_and_last_lagrange_polynomials(proving_key); // proving_key->polynomial_store.put("w_1_lagrange", std::move(w_l)); // proving_key->polynomial_store.put("w_2_lagrange", std::move(w_r)); diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index e3327cb4ee..04b84db9ba 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -38,13 +38,13 @@ std::shared_ptr initialize_proving_key( } /** - * @brief Construct lagrange selector polynomials from ciruit selector information and put into polynomial cache + * @brief Construct selector polynomials from ciruit selector information and put into polynomial cache * * @tparam CircuitConstructor The class holding the circuit * @param circuit_constructor The object holding the circuit * @param key Pointer to the proving key */ -template // TODO(Cody): Always Lagrange +template void construct_selector_polynomials(const typename Flavor::CircuitConstructor& circuit_constructor, typename Flavor::ProvingKey* proving_key) { diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index d49ec2cc04..77bc6a5317 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -231,21 +231,17 @@ PermutationMapping compute_permutation_mapping( */ template void compute_honk_style_permutation_lagrange_polynomials_from_mapping( - std::string label, + std::vector permutation_polynomials, // sigma or ID poly std::array, Flavor::num_wires>& permutation_mappings, typename Flavor::ProvingKey* proving_key) { const size_t num_gates = proving_key->circuit_size; - std::array permutation_poly; // sigma or ID poly - size_t wire_index = 0; - for (auto& current_permutation_poly : proving_key->get_sigma_polynomials()) { - // permutation_poly[wire_index] = barretenberg::polynomial(num_gates); - // auto& current_permutation_poly = permutation_poly[wire_index]; - - auto new_poly = barretenberg::polynomial(num_gates); // WORKTODO + for (auto& current_permutation_poly : permutation_polynomials) { + auto new_poly = typename Flavor::Polynomial(num_gates); // TODO(Cody): Cleanly allocate in pk? current_permutation_poly = new_poly; + ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); const auto& current_mapping = permutation_mappings[wire_index][i]; if (current_mapping.is_public_input) { @@ -270,7 +266,7 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( } ITERATE_OVER_DOMAIN_END; } - static_cast(label); + // static_cast(label); // MERGECONFLICT // // Save to polynomial cache // for (size_t j = 0; j < Flavor::num_wires; j++) { @@ -422,10 +418,10 @@ template void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): proving_key* and shared_ptr { // Fill id polynomials with default values - // WORKTODO: Allocate polynomial space in proving key constructor. + // TODO(Cody): Allocate polynomial space in proving key constructor. size_t coset_idx = 0; for (auto& id_poly : proving_key->get_id_polynomials()) { - barretenberg::polynomial new_poly(proving_key->circuit_size); + typename Flavor::Polynomial new_poly(proving_key->circuit_size); for (size_t i = 0; i < proving_key->circuit_size; ++i) { new_poly[i] = coset_idx * proving_key->circuit_size + i; } @@ -454,7 +450,8 @@ void compute_standard_honk_sigma_permutations(const typename Flavor::CircuitCons // Compute the permutation table specifying which element becomes which auto mapping = compute_permutation_mapping(circuit_constructor, proving_key); // Compute Honk-style sigma polynomial from the permutation table - compute_honk_style_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, proving_key); + compute_honk_style_permutation_lagrange_polynomials_from_mapping( + proving_key->get_sigma_polynomials(), mapping.sigmas, proving_key); } /** @@ -482,12 +479,11 @@ void compute_standard_plonk_sigma_permutations(const typename Flavor::CircuitCon * * @param key Proving key where we will save the polynomials */ -inline void compute_first_and_last_lagrange_polynomials( - auto proving_key) // TODO(Cody) proving_key* and share_ptr +template inline void compute_first_and_last_lagrange_polynomials(auto proving_key) { const size_t n = proving_key->circuit_size; - barretenberg::polynomial lagrange_polynomial_0(n); // WORKTODO - barretenberg::polynomial lagrange_polynomial_n_min_1(n); + typename Flavor::Polynomial lagrange_polynomial_0(n); + typename Flavor::Polynomial lagrange_polynomial_n_min_1(n); lagrange_polynomial_0[0] = 1; proving_key->lagrange_first = lagrange_polynomial_0; @@ -534,8 +530,10 @@ void compute_honk_generalized_sigma_permutations(const typename Flavor::CircuitC auto mapping = compute_permutation_mapping(circuit_constructor, proving_key); // Compute Honk-style sigma and ID polynomials from the corresponding mappings - compute_honk_style_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, proving_key); - compute_honk_style_permutation_lagrange_polynomials_from_mapping("id", mapping.ids, proving_key); + compute_honk_style_permutation_lagrange_polynomials_from_mapping( + proving_key->get_sigma_polynomials(), mapping.sigmas, proving_key); + compute_honk_style_permutation_lagrange_polynomials_from_mapping( + proving_key->get_id_polynomials(), mapping.ids, proving_key); } } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 68391ca760..d945fa5608 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -71,14 +71,14 @@ TEST_F(PermutationHelperTests, ComputeHonkStyleSigmaLagrangePolynomialsFromMappi { auto mapping = compute_permutation_mapping(circuit_constructor, proving_key.get()); compute_honk_style_permutation_lagrange_polynomials_from_mapping( - "label", mapping.sigmas, proving_key.get()); + proving_key->get_sigma_polynomials(), mapping.sigmas, proving_key.get()); } TEST_F(PermutationHelperTests, ComputeStandardAuxPolynomials) { compute_standard_honk_id_polynomials(proving_key); compute_standard_honk_sigma_permutations(circuit_constructor, proving_key.get()); - compute_first_and_last_lagrange_polynomials(proving_key); + compute_first_and_last_lagrange_polynomials(proving_key); } } // namespace proof_system::test_composer_lib diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 6603c82470..a4276904ff 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -97,6 +97,7 @@ class Standard { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 18; static constexpr size_t NUM_ALL_ENTITIES = 13; + static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this?/s // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. @@ -199,6 +200,7 @@ class Ultra { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 18; static constexpr size_t NUM_ALL_ENTITIES = 13; + static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this? // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. From 9073ecfbbddf7fdd4e399aa30bc4bcda8ad5bfef Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 18 Apr 2023 14:26:00 +0000 Subject: [PATCH 010/119] Fix compilation. --- .../proof_system/flavor/flavor.hpp | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a4276904ff..a1a007907b 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -66,9 +66,14 @@ template class BaseProvingKey : public P composer_type(composer_type){}; }; +/** + * @brief Collect all entities (really, views of these) from the protocol in one place. + * @details No need for a distinction between storage and view classes here. + * + * @tparam PrecomputedData + */ template using BaseVerificationKey = PrecomputedData; - -template class BaseAllData { +template class BaseAllData : public Data { public: virtual std::vector get_not_to_be_shifted() = 0; virtual std::vector get_to_be_shifted() = 0; @@ -95,8 +100,8 @@ class Standard { using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 18; - static constexpr size_t NUM_ALL_ENTITIES = 13; + static constexpr size_t NUM_ALL_ENTITIES = 18; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this?/s // TODO(Cody): Made this public derivation so that I could populate selector @@ -127,7 +132,7 @@ class Standard { using VerificationKey = BaseVerificationKey>; - template class AllData : BaseAllData { + template class AllData : public BaseAllData { public: T& w_l = std::get<0>(this->_data); T& w_r = std::get<1>(this->_data); @@ -198,8 +203,8 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 18; - static constexpr size_t NUM_ALL_ENTITIES = 13; + static constexpr size_t NUM_ALL_ENTITIES = 18; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this? // TODO(Cody): Made this public derivation so that I could populate selector From 05db2a3ce1f407155ffc1071737906ee2c1ded76 Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 18 Apr 2023 14:52:08 +0000 Subject: [PATCH 011/119] Bring back evaluation_domain constructor. --- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a1a007907b..3f67526e8b 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -61,9 +61,8 @@ template class BaseProvingKey : public P , log_circuit_size(numeric::get_msb(circuit_size)) , num_public_inputs(num_public_inputs) , crs(crs) - , - // evaluation_domain(circuit_size, circuit_size), - composer_type(composer_type){}; + , evaluation_domain(circuit_size, circuit_size) + , composer_type(composer_type){}; }; /** From fdbf396197756dea38d915d9559a9c6dcd344997 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 19 Apr 2023 19:32:59 +0000 Subject: [PATCH 012/119] Work on prover (it builds again!) --- .../composer/standard_honk_composer.test.cpp | 101 --- cpp/src/barretenberg/honk/flavor/flavor.hpp | 1 + .../honk/proof_system/program_settings.hpp | 9 +- .../barretenberg/honk/proof_system/prover.cpp | 84 +-- .../barretenberg/honk/proof_system/prover.hpp | 27 +- .../honk/proof_system/verifier.cpp | 19 +- .../honk/proof_system/verifier.hpp | 7 +- .../honk/proof_system/work_queue.hpp | 4 +- .../polynomials/multivariates.test.cpp | 35 +- .../relations/arithmetic_relation.hpp | 33 +- .../grand_product_computation_relation.hpp | 118 ++-- .../grand_product_initialization_relation.hpp | 18 +- .../relations/relation_consistency.test.cpp | 402 ++++------- .../relations/relation_correctness.test.cpp | 148 ++-- .../relations/ultra_arithmetic_relation.hpp | 49 +- .../ultra_arithmetic_relation_secondary.hpp | 21 +- .../ultra_relation_consistency.test.cpp | 337 +++++++++ .../barretenberg/honk/sumcheck/sumcheck.hpp | 23 +- .../honk/sumcheck/sumcheck.test.cpp | 91 +-- .../honk/sumcheck/sumcheck_output.hpp | 32 +- .../honk/sumcheck/sumcheck_round.hpp | 25 +- .../honk/sumcheck/sumcheck_round.test.cpp | 167 ++--- .../composer/composer_helper_lib.hpp | 4 +- .../composer/permutation_helper.hpp | 2 +- .../proof_system/flavor/flavor.hpp | 661 ++++++++++++++++-- .../proof_system/flavor/flavor.test.cpp | 4 +- 26 files changed, 1532 insertions(+), 890 deletions(-) create mode 100644 cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index d975428241..2c485d0ddf 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -365,105 +365,4 @@ TEST(StandardHonkComposer, VerificationKeyCreation) composer.circuit_constructor.selectors.size() + composer.num_wires * 2 + 2); } -/** - * @brief A test taking sumcheck relations and applying them to the witness and selector polynomials to ensure that the - * realtions are correct. - * - * TODO(Kesha): We'll have to update this function once we add zk, since the relation will be incorrect for he first few - * indices - * - */ -TEST(StandardHonkComposer, SumcheckRelationCorrectness) -{ - // Create a composer and a dummy circuit with a few gates - StandardHonkComposer composer = StandardHonkComposer(); - fr a = fr::one(); - // Using the public variable to check that public_input_delta is computed and added to the relation correctly - uint32_t a_idx = composer.add_public_variable(a); - fr b = fr::one(); - fr c = a + b; - fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - } - // Create a prover (it will compute proving key and witness) - auto prover = composer.create_prover(); - - // Generate beta and gamma - fr beta = fr::random_element(); - fr gamma = fr::random_element(); - - // Compute public input delta - const auto public_inputs = composer.circuit_constructor.get_public_inputs(); - auto public_input_delta = - honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); - - sumcheck::RelationParameters params{ - .beta = beta, - .gamma = gamma, - .public_input_delta = public_input_delta, - }; - - constexpr size_t num_polynomials = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; - // Compute grand product polynomial - polynomial z_perm_poly = prover_library::compute_permutation_grand_product( - prover.key, prover.wire_polynomials, beta, gamma); - - // Create an array of spans to the underlying polynomials to more easily - // get the transposition. - // Ex: polynomial_spans[3][i] returns the i-th coefficient of the third polynomial - // in the list below - std::array, num_polynomials> evaluations_array; - - // WORKTODO - // evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; - // evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; - // evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; - // evaluations_array[POLYNOMIAL::Z_PERM] = z_perm_poly; - // evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_poly.shifted(); - // evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); - // evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); - // evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); - // evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); - // evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); - // evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); - // evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); - // evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); - // evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); - // evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); - // evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); - // evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); - // evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); - - // Construct the round for applying sumcheck relations and results for storing computed results - auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), - honk::sumcheck::GrandProductComputationRelation(), - honk::sumcheck::GrandProductInitializationRelation()); - - fr result = 0; - for (size_t i = 0; i < prover.key->circuit_size; i++) { - // Compute an array containing all the evaluations at a given row i - std::array evaluations_at_index_i; - for (size_t j = 0; j < num_polynomials; ++j) { - evaluations_at_index_i[j] = evaluations_array[j][i]; - } - - // For each relation, call the `accumulate_relatiozn_evaluation` over all witness/selector values at the - // i-th row/vertex of the hypercube. - // We use ASSERT_EQ instead of EXPECT_EQ so that the tests stops at the first index at which the result is not - // 0, since result = 0 + C(transposed), which we expect will equal 0. - std::get<0>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - ASSERT_EQ(result, 0); - - std::get<1>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - ASSERT_EQ(result, 0); - - std::get<2>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - ASSERT_EQ(result, 0); - } -} } // namespace test_standard_honk_composer diff --git a/cpp/src/barretenberg/honk/flavor/flavor.hpp b/cpp/src/barretenberg/honk/flavor/flavor.hpp index c420ed64aa..4c4c1f84ee 100644 --- a/cpp/src/barretenberg/honk/flavor/flavor.hpp +++ b/cpp/src/barretenberg/honk/flavor/flavor.hpp @@ -5,6 +5,7 @@ #include "barretenberg/proof_system/arithmetization/arithmetization.hpp" #include "barretenberg/transcript/manifest.hpp" +// WORKTODO: Kill this file finally. namespace proof_system::honk { // TODO(Cody) This _should_ be shared with Plonk, but it isn't. struct StandardArithmetization { diff --git a/cpp/src/barretenberg/honk/proof_system/program_settings.hpp b/cpp/src/barretenberg/honk/proof_system/program_settings.hpp index b3df26bec6..8232fb3ef0 100644 --- a/cpp/src/barretenberg/honk/proof_system/program_settings.hpp +++ b/cpp/src/barretenberg/honk/proof_system/program_settings.hpp @@ -5,18 +5,19 @@ #include "../../transcript/transcript_wrappers.hpp" #include "../../plonk/proof_system/types/prover_settings.hpp" #include "barretenberg/honk/flavor/flavor.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk { // TODO(#221)(Luke/Cody): Shouldn't subclass plonk settings here. Also, define standard_settings for Honk prover. class standard_verifier_settings : public plonk::standard_settings { public: - typedef barretenberg::fr fr; - typedef transcript::StandardTranscript Transcript; + using fr = barretenberg::fr; + using Transcript = transcript::StandardTranscript; static constexpr size_t num_challenge_bytes = 16; static constexpr transcript::HashType hash_type = transcript::HashType::PedersenBlake3s; - static constexpr size_t num_wires = proof_system::honk::StandardHonk::Arithmetization::num_wires; - static constexpr size_t num_polys = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; + static constexpr size_t num_wires = proof_system::honk::flavor::Standard::num_wires; + static constexpr size_t num_polys = proof_system::honk::flavor::Standard::NUM_ALL_ENTITIES; }; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index ef4851774b..04ec308f2d 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -43,43 +43,26 @@ Prover::Prover(std::vector&& wire_polys, const std::shared_p { // Note(luke): This could be done programmatically with some hacks but this isnt too bad and its nice to see the // polys laid out explicitly. - // prover_polynomials.q_c = key->polynomial_store.get("q_c_lagrange"); - // prover_polynomials.q_l = key->polynomial_store.get("q_1_lagrange"); - // prover_polynomials.q_r = key->polynomial_store.get("q_2_lagrange"); - // prover_polynomials.q_o = key->polynomial_store.get("q_3_lagrange"); - // prover_polynomials.q_m = key->polynomial_store.get("q_m_lagrange"); - // prover_polynomials.sigma_1 = key->polynomial_store.get("sigma_1_lagrange"); - // prover_polynomials.sigma_2 = key->polynomial_store.get("sigma_2_lagrange"); - // prover_polynomials.sigma_3 = key->polynomial_store.get("sigma_3_lagrange"); - // prover_polynomials.id_1 = key->polynomial_store.get("id_1_lagrange"); - // prover_polynomials.id_2 = key->polynomial_store.get("id_2_lagrange"); - // prover_polynomials.id_3 = key->polynomial_store.get("id_3_lagrange"); - // prover_polynomials.lagrange_first = key->polynomial_store.get("L_first_lagrange"); - // prover_polynomials.lagrange_last = key->polynomial_store.get("L_last_lagrange"); - // prover_polynomials.w_l = wire_polynomials[0]; - // prover_polynomials.w_r = wire_polynomials[1]; - // prover_polynomials.w_o = wire_polynomials[2];template - - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_C] = key->polynomial_store.get("q_c_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_L] = key->polynomial_store.get("q_1_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_R] = key->polynomial_store.get("q_2_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_O] = key->polynomial_store.get("q_3_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::Q_M] = key->polynomial_store.get("q_m_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::SIGMA_1] = key->polynomial_store.get("sigma_1_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::SIGMA_2] = key->polynomial_store.get("sigma_2_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::SIGMA_3] = key->polynomial_store.get("sigma_3_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::ID_1] = key->polynomial_store.get("id_1_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::ID_2] = key->polynomial_store.get("id_2_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::ID_3] = key->polynomial_store.get("id_3_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::LAGRANGE_FIRST] = - // key->polynomial_store.get("L_first_lagrange"); - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::LAGRANGE_LAST] = - // key->polynomial_store.get("L_last_lagrange"); prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_L] = - // wire_polynomials[0]; prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_R] = wire_polynomials[1]; - // prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_O] = wire_polynomials[2]; + prover_polynomials.q_c = key->q_c; + prover_polynomials.q_l = key->q_l; + prover_polynomials.q_r = key->q_r; + prover_polynomials.q_o = key->q_o; + prover_polynomials.q_m = key->q_m; + prover_polynomials.sigma_1 = key->sigma_1; + prover_polynomials.sigma_2 = key->sigma_2; + prover_polynomials.sigma_3 = key->sigma_3; + prover_polynomials.id_1 = key->id_1; + prover_polynomials.id_2 = key->id_2; + prover_polynomials.id_3 = key->id_3; + prover_polynomials.lagrange_first = key->lagrange_first; + prover_polynomials.lagrange_last = key->lagrange_last; + // WORKTODO: loose coupling here. Also: unique pointers? + prover_polynomials.w_l = wire_polys[0]; + prover_polynomials.w_r = wire_polys[1]; + prover_polynomials.w_o = wire_polys[2]; // Add public inputs to transcript from the second wire polynomial - std::span public_wires_source = prover_polynomials[honk::StandardHonk::MULTIVARIATE::W_R]; + std::span public_wires_source = prover_polynomials.w_r; for (size_t i = 0; i < key->num_public_inputs; ++i) { public_inputs.emplace_back(public_wires_source[i]); @@ -93,9 +76,10 @@ Prover::Prover(std::vector&& wire_polys, const std::shared_p * */ template void Prover::compute_wire_commitments() { - for (size_t i = 0; i < Flavor::num_wires; ++i) { - // WORKTODO - queue.add_commitment(wire_polynomials[i], "W_" + std::to_string(i + 1)); + size_t wire_idx = 0; // ZIPTODO + for (auto& label : commitment_labels.get_wires()) { + queue.add_commitment(wire_polynomials[wire_idx], label); + wire_idx++; } } @@ -152,10 +136,10 @@ template void Prover::execute_grand_product_computatio z_permutation = prover_library::compute_permutation_grand_product(key, wire_polynomials, beta, gamma); - queue.add_commitment(z_permutation, "Z_PERM"); + queue.add_commitment(z_permutation, commitment_labels.z_perm); - prover_polynomials[honk::StandardHonk::MULTIVARIATE::Z_PERM] = z_permutation; - prover_polynomials[honk::StandardHonk::MULTIVARIATE::Z_PERM_SHIFT] = z_permutation.shifted(); + prover_polynomials.z_perm = z_permutation; + prover_polynomials.z_perm_shift = z_permutation.shifted(); } /** @@ -165,7 +149,7 @@ template void Prover::execute_grand_product_computatio * */ template void Prover::execute_relation_check_rounds() { - using Sumcheck = sumcheck::Sumcheck, sumcheck::ArithmeticRelation, sumcheck::GrandProductComputationRelation, @@ -183,8 +167,9 @@ template void Prover::execute_relation_check_rounds() * */ template void Prover::execute_univariatization_round() { - const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; - const size_t NUM_UNSHIFTED_POLYS = proof_system::honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS; + // WORKTODO: make static + const size_t NUM_POLYNOMIALS = prover_polynomials.size(); + const size_t NUM_UNSHIFTED_POLYS = prover_polynomials.get_not_to_be_shifted().size(); // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ FF rho = transcript.get_challenge("rho"); @@ -192,12 +177,15 @@ template void Prover::execute_univariatization_round() // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ Polynomial batched_poly_unshifted(key->circuit_size); // batched unshifted polynomials - for (size_t i = 0; i < NUM_UNSHIFTED_POLYS; ++i) { - batched_poly_unshifted.add_scaled(prover_polynomials[i], rhos[i]); + size_t unshifted_poly_idx = 0; // ZIPTODO + for (auto& unshifted_poly : prover_polynomials.get_not_to_be_shifted()) { + batched_poly_unshifted.add_scaled(unshifted_poly, rhos[unshifted_poly_idx]); + unshifted_poly_idx++; } + + // TODO(Cody): if generizing this, loop over to-be-shifted. Polynomial batched_poly_to_be_shifted(key->circuit_size); // batched to-be-shifted polynomials - batched_poly_to_be_shifted.add_scaled(prover_polynomials[honk::StandardHonk::MULTIVARIATE::Z_PERM], - rhos[NUM_UNSHIFTED_POLYS]); + batched_poly_to_be_shifted.add_scaled(prover_polynomials.z_perm, rhos[NUM_UNSHIFTED_POLYS]); // Compute d-1 polynomials Fold^(i), i = 1, ..., d-1. fold_polynomials = Gemini::compute_fold_polynomials( diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 97269516bc..8dabda87c9 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -1,9 +1,17 @@ #pragma once +#include +#include +#include +#include +#include +#include +#include +#include +#include #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/honk/pcs/shplonk/shplonk.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/honk/flavor/flavor.hpp" -#include #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" @@ -14,14 +22,6 @@ #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/honk/sumcheck/sumcheck.hpp" #include "barretenberg/honk/sumcheck/sumcheck_output.hpp" -#include -#include -#include -#include -#include -#include -#include -#include #include "barretenberg/honk/pcs/claim.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/proof_system/work_queue.hpp" @@ -35,6 +35,8 @@ template class Prover { using PCSParams = typename Flavor::PCSParams; using ProvingKey = typename Flavor::ProvingKey; using Polynomial = typename Flavor::Polynomial; + using ProverPolynomials = typename Flavor::ProverPolynomials; + using CommitmentLabels = typename Flavor::CommitmentLabels; public: Prover(std::vector&& wire_polys, std::shared_ptr input_key = nullptr); @@ -69,7 +71,10 @@ template class Prover { std::shared_ptr key; // Container for spans of all polynomials required by the prover (i.e. all multivariates evaluated by Sumcheck). - std::array, Flavor::NUM_ALL_ENTITIES> prover_polynomials; // WORKTODO: to be replaced + ProverPolynomials prover_polynomials; + + // TODO(Cody): Improve this, or at least make the lables static constexpr? + CommitmentLabels commitment_labels; // Container for d + 1 Fold polynomials produced by Gemini std::vector fold_polynomials; @@ -81,7 +86,7 @@ template class Prover { work_queue queue; - sumcheck::SumcheckOutput sumcheck_output; + sumcheck::SumcheckOutput sumcheck_output; pcs::gemini::ProverOutput gemini_output; pcs::shplonk::ProverOutput shplonk_output; diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 6235082721..9965295f98 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -11,6 +11,7 @@ #include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/honk/flavor/flavor.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" #include "barretenberg/ecc/curves/bn254/fq12.hpp" #include "barretenberg/ecc/curves/bn254/pairing.hpp" @@ -28,18 +29,19 @@ using namespace barretenberg; using namespace proof_system::honk::sumcheck; namespace proof_system::honk { -template -Verifier::Verifier(std::shared_ptr verifier_key) +template +Verifier::Verifier(std::shared_ptr verifier_key) : key(verifier_key) {} -template -Verifier::Verifier(Verifier&& other) +template +Verifier::Verifier(Verifier&& other) : key(other.key) , kate_verification_key(std::move(other.kate_verification_key)) {} -template Verifier& Verifier::operator=(Verifier&& other) +template +Verifier& Verifier::operator=(Verifier&& other) { key = other.key; kate_verification_key = (std::move(other.kate_verification_key)); @@ -74,7 +76,8 @@ template Verifier& Verifier bool Verifier::verify_proof(const plonk::proof& proof) +template +bool Verifier::verify_proof(const plonk::proof& proof) { using FF = typename program_settings::fr; using Commitment = barretenberg::g1::element; @@ -130,7 +133,7 @@ template bool Verifier::verify_pro // // TODO(Cody): Compute some basic public polys like id(X), pow(X), and any required Lagrange polys // Execute Sumcheck Verifier - auto sumcheck = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, @@ -196,6 +199,6 @@ template bool Verifier::verify_pro return kzg_claim.verify(kate_verification_key); } -template class Verifier; +template class Verifier; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.hpp b/cpp/src/barretenberg/honk/proof_system/verifier.hpp index ed4fe608a1..553d09ad38 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.hpp @@ -2,6 +2,7 @@ #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "./program_settings.hpp" #include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/transcript/manifest.hpp" #include "barretenberg/plonk/proof_system/commitment_scheme/commitment_scheme.hpp" #include "../sumcheck/sumcheck.hpp" @@ -13,7 +14,7 @@ #include "barretenberg/honk/pcs/kzg/kzg.hpp" namespace proof_system::honk { -template class Verifier { +template class Verifier { public: Verifier(std::shared_ptr verifier_key = nullptr); @@ -31,8 +32,8 @@ template class Verifier { VerifierTranscript transcript; }; -extern template class Verifier; +extern template class Verifier; -typedef Verifier StandardVerifier; +using StandardVerifier = Verifier; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/work_queue.hpp b/cpp/src/barretenberg/honk/proof_system/work_queue.hpp index 7d175b5067..e02db12e94 100644 --- a/cpp/src/barretenberg/honk/proof_system/work_queue.hpp +++ b/cpp/src/barretenberg/honk/proof_system/work_queue.hpp @@ -41,8 +41,8 @@ template class work_queue { work_queue(const work_queue& other) = default; work_queue(work_queue&& other) noexcept = default; - work_queue& operator=(const work_queue& other) = delete; - work_queue& operator=(work_queue&& other) = delete; + // work_queue& operator=(const work_queue& other) = delete; + // work_queue& operator=(work_queue&& other) = delete; ~work_queue() = default; [[nodiscard]] work_item_info get_queued_work_item_info() const diff --git a/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp b/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp index d30650154a..ed92f62d0d 100644 --- a/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp @@ -5,17 +5,17 @@ #include #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/numeric/random/engine.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" using namespace proof_system::honk::sumcheck; namespace test_sumcheck_polynomials { -template class MultivariatesTests : public testing::Test {}; +template class MultivariatesTests : public testing::Test {}; -using FieldTypes = testing::Types; -using Transcript = proof_system::honk::ProverTranscript; -TYPED_TEST_SUITE(MultivariatesTests, FieldTypes); +using Flavors = testing::Types; +using Transcript = proof_system::honk::ProverTranscript; // worktodo -#define MULTIVARIATES_TESTS_TYPE_ALIASES using FF = TypeParam; +TYPED_TEST_SUITE(MultivariatesTests, Flavors); /* * We represent a bivariate f0 as f0(X0, X1). The indexing starts from 0 to match with the round number in sumcheck. @@ -45,7 +45,8 @@ TYPED_TEST_SUITE(MultivariatesTests, FieldTypes); */ TYPED_TEST(MultivariatesTests, FoldTwoRoundsSpecial) { - MULTIVARIATES_TESTS_TYPE_ALIASES + using Flavor = TypeParam; + using FF = typename Flavor::FF; // values here are chosen to check another test const size_t multivariate_d(2); @@ -60,7 +61,7 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsSpecial) auto full_polynomials = std::array, 1>({ f0 }); auto transcript = honk::ProverTranscript::init_empty(); - auto sumcheck = Sumcheck(multivariate_n, transcript); + auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = { 0x6c7301b49d85a46c, 0x44311531e39c64f6, 0xb13d66d8d6c1a24c, 0x04410c360230a295 }; round_challenge_0.self_to_montgomery_form(); @@ -81,7 +82,8 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsSpecial) TYPED_TEST(MultivariatesTests, FoldTwoRoundsGeneric) { - MULTIVARIATES_TESTS_TYPE_ALIASES + using Flavor = TypeParam; + using FF = typename Flavor::FF; const size_t multivariate_d(2); const size_t multivariate_n(1 << multivariate_d); @@ -95,7 +97,7 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsGeneric) auto full_polynomials = std::array, 1>({ f0 }); auto transcript = honk::ProverTranscript::init_empty(); - auto sumcheck = Sumcheck(multivariate_n, transcript); + auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = FF::random_element(); FF expected_lo = v00 * (FF(1) - round_challenge_0) + v10 * round_challenge_0; @@ -136,7 +138,8 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsGeneric) */ TYPED_TEST(MultivariatesTests, FoldThreeRoundsSpecial) { - MULTIVARIATES_TESTS_TYPE_ALIASES + using Flavor = TypeParam; + using FF = typename Flavor::FF; const size_t multivariate_d(3); const size_t multivariate_n(1 << multivariate_d); @@ -154,7 +157,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsSpecial) auto full_polynomials = std::array, 1>({ f0 }); auto transcript = honk::ProverTranscript::init_empty(); - auto sumcheck = Sumcheck(multivariate_n, transcript); + auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = 1; FF expected_q1 = v000 * (FF(1) - round_challenge_0) + v100 * round_challenge_0; // 2 @@ -185,7 +188,8 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsSpecial) TYPED_TEST(MultivariatesTests, FoldThreeRoundsGeneric) { - MULTIVARIATES_TESTS_TYPE_ALIASES + using Flavor = TypeParam; + using FF = typename Flavor::FF; const size_t multivariate_d(3); const size_t multivariate_n(1 << multivariate_d); @@ -203,7 +207,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGeneric) auto full_polynomials = std::array, 1>({ f0 }); auto transcript = honk::ProverTranscript::init_empty(); - auto sumcheck = Sumcheck(multivariate_n, transcript); + auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = FF::random_element(); FF expected_q1 = v000 * (FF(1) - round_challenge_0) + v100 * round_challenge_0; @@ -234,7 +238,8 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGeneric) TYPED_TEST(MultivariatesTests, FoldThreeRoundsGenericMultiplePolys) { - MULTIVARIATES_TESTS_TYPE_ALIASES + using Flavor = TypeParam; + using FF = typename Flavor::FF; const size_t multivariate_d(3); const size_t multivariate_n(1 << multivariate_d); std::array v000; @@ -262,7 +267,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGenericMultiplePolys) auto full_polynomials = std::array, 3>{ f0, f1, f2 }; auto transcript = honk::ProverTranscript::init_empty(); - auto sumcheck = Sumcheck(multivariate_n, transcript); + auto sumcheck = Sumcheck(multivariate_n, transcript); std::array expected_q1; std::array expected_q2; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp index 55947abeb4..79829c3526 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp @@ -12,7 +12,6 @@ template class ArithmeticRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 4; - using MULTIVARIATE = StandardHonk::MULTIVARIATE; // could just get from StandardArithmetization /** * @brief Expression for the StandardArithmetic gate. @@ -32,14 +31,14 @@ template class ArithmeticRelation { // OPTIMIZATION?: Karatsuba in general, at least for some degrees? // See https://hackmd.io/xGLuj6biSsCjzQnYN-pEiA?both - auto w_l = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - auto w_r = UnivariateView(extended_edges[MULTIVARIATE::W_R]); - auto w_o = UnivariateView(extended_edges[MULTIVARIATE::W_O]); - auto q_m = UnivariateView(extended_edges[MULTIVARIATE::Q_M]); - auto q_l = UnivariateView(extended_edges[MULTIVARIATE::Q_L]); - auto q_r = UnivariateView(extended_edges[MULTIVARIATE::Q_R]); - auto q_o = UnivariateView(extended_edges[MULTIVARIATE::Q_O]); - auto q_c = UnivariateView(extended_edges[MULTIVARIATE::Q_C]); + auto w_l = UnivariateView(extended_edges.w_l); + auto w_r = UnivariateView(extended_edges.w_r); + auto w_o = UnivariateView(extended_edges.w_o); + auto q_m = UnivariateView(extended_edges.q_m); + auto q_l = UnivariateView(extended_edges.q_l); + auto q_r = UnivariateView(extended_edges.q_r); + auto q_o = UnivariateView(extended_edges.q_o); + auto q_c = UnivariateView(extended_edges.q_c); auto tmp = w_l * (q_m * w_r + q_l); tmp += q_r * w_r; @@ -53,14 +52,14 @@ template class ArithmeticRelation { const auto& purported_evaluations, const RelationParameters&) const { - auto w_l = purported_evaluations[MULTIVARIATE::W_L]; - auto w_r = purported_evaluations[MULTIVARIATE::W_R]; - auto w_o = purported_evaluations[MULTIVARIATE::W_O]; - auto q_m = purported_evaluations[MULTIVARIATE::Q_M]; - auto q_l = purported_evaluations[MULTIVARIATE::Q_L]; - auto q_r = purported_evaluations[MULTIVARIATE::Q_R]; - auto q_o = purported_evaluations[MULTIVARIATE::Q_O]; - auto q_c = purported_evaluations[MULTIVARIATE::Q_C]; + auto w_l = purported_evaluations.w_l; + auto w_r = purported_evaluations.w_r; + auto w_o = purported_evaluations.w_o; + auto q_m = purported_evaluations.q_m; + auto q_l = purported_evaluations.q_l; + auto q_r = purported_evaluations.q_r; + auto q_o = purported_evaluations.q_o; + auto q_c = purported_evaluations.q_c; full_honk_relation_value += w_l * (q_m * w_r + q_l); full_honk_relation_value += q_r * w_r; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp index 61f799e030..590589dc03 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp @@ -9,7 +9,6 @@ template class GrandProductComputationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 5; - using MULTIVARIATE = StandardHonk::MULTIVARIATE; /** * @brief Compute contribution of the permutation relation for a given edge (internal function) @@ -38,19 +37,19 @@ template class GrandProductComputationRelation { const auto& gamma = relation_parameters.gamma; const auto& public_input_delta = relation_parameters.public_input_delta; - auto w_1 = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - auto w_2 = UnivariateView(extended_edges[MULTIVARIATE::W_R]); - auto w_3 = UnivariateView(extended_edges[MULTIVARIATE::W_O]); - auto sigma_1 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_1]); - auto sigma_2 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_2]); - auto sigma_3 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_3]); - auto id_1 = UnivariateView(extended_edges[MULTIVARIATE::ID_1]); - auto id_2 = UnivariateView(extended_edges[MULTIVARIATE::ID_2]); - auto id_3 = UnivariateView(extended_edges[MULTIVARIATE::ID_3]); - auto z_perm = UnivariateView(extended_edges[MULTIVARIATE::Z_PERM]); - auto z_perm_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_PERM_SHIFT]); - auto lagrange_first = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_FIRST]); - auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + auto w_1 = UnivariateView(extended_edges.w_l); + auto w_2 = UnivariateView(extended_edges.w_r); + auto w_3 = UnivariateView(extended_edges.w_o); + auto sigma_1 = UnivariateView(extended_edges.sigma_1); + auto sigma_2 = UnivariateView(extended_edges.sigma_2); + auto sigma_3 = UnivariateView(extended_edges.sigma_3); + auto id_1 = UnivariateView(extended_edges.id_1); + auto id_2 = UnivariateView(extended_edges.id_2); + auto id_3 = UnivariateView(extended_edges.id_3); + auto z_perm = UnivariateView(extended_edges.z_perm); + auto z_perm_shift = UnivariateView(extended_edges.z_perm_shift); + auto lagrange_first = UnivariateView(extended_edges.lagrange_first); + auto lagrange_last = UnivariateView(extended_edges.lagrange_last); // Contribution (1) evals += (((z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) * @@ -68,19 +67,19 @@ template class GrandProductComputationRelation { const auto& gamma = relation_parameters.gamma; const auto& public_input_delta = relation_parameters.public_input_delta; - auto w_1 = purported_evaluations[MULTIVARIATE::W_L]; - auto w_2 = purported_evaluations[MULTIVARIATE::W_R]; - auto w_3 = purported_evaluations[MULTIVARIATE::W_O]; - auto sigma_1 = purported_evaluations[MULTIVARIATE::SIGMA_1]; - auto sigma_2 = purported_evaluations[MULTIVARIATE::SIGMA_2]; - auto sigma_3 = purported_evaluations[MULTIVARIATE::SIGMA_3]; - auto id_1 = purported_evaluations[MULTIVARIATE::ID_1]; - auto id_2 = purported_evaluations[MULTIVARIATE::ID_2]; - auto id_3 = purported_evaluations[MULTIVARIATE::ID_3]; - auto z_perm = purported_evaluations[MULTIVARIATE::Z_PERM]; - auto z_perm_shift = purported_evaluations[MULTIVARIATE::Z_PERM_SHIFT]; - auto lagrange_first = purported_evaluations[MULTIVARIATE::LAGRANGE_FIRST]; - auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + auto w_1 = purported_evaluations.w_l; + auto w_2 = purported_evaluations.w_r; + auto w_3 = purported_evaluations.w_o; + auto sigma_1 = purported_evaluations.sigma_1; + auto sigma_2 = purported_evaluations.sigma_2; + auto sigma_3 = purported_evaluations.sigma_3; + auto id_1 = purported_evaluations.id_1; + auto id_2 = purported_evaluations.id_2; + auto id_3 = purported_evaluations.id_3; + auto z_perm = purported_evaluations.z_perm; + auto z_perm_shift = purported_evaluations.z_perm_shift; + auto lagrange_first = purported_evaluations.lagrange_first; + auto lagrange_last = purported_evaluations.lagrange_last; // Contribution (1) full_honk_relation_value += @@ -97,7 +96,6 @@ template class UltraGrandProductComputationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 6; - using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; /** * @brief Compute contribution of the permutation relation for a given edge (internal function) @@ -119,22 +117,22 @@ template class UltraGrandProductComputationRelation { const auto& gamma = relation_parameters.gamma; const auto& public_input_delta = relation_parameters.public_input_delta; - auto w_1 = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - auto w_2 = UnivariateView(extended_edges[MULTIVARIATE::W_R]); - auto w_3 = UnivariateView(extended_edges[MULTIVARIATE::W_O]); - auto w_4 = UnivariateView(extended_edges[MULTIVARIATE::W_4]); - auto sigma_1 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_1]); - auto sigma_2 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_2]); - auto sigma_3 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_3]); - auto sigma_4 = UnivariateView(extended_edges[MULTIVARIATE::SIGMA_4]); - auto id_1 = UnivariateView(extended_edges[MULTIVARIATE::ID_1]); - auto id_2 = UnivariateView(extended_edges[MULTIVARIATE::ID_2]); - auto id_3 = UnivariateView(extended_edges[MULTIVARIATE::ID_3]); - auto id_4 = UnivariateView(extended_edges[MULTIVARIATE::ID_4]); - auto z_perm = UnivariateView(extended_edges[MULTIVARIATE::Z_PERM]); - auto z_perm_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_PERM_SHIFT]); - auto lagrange_first = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_FIRST]); - auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + auto w_1 = UnivariateView(extended_edges.w_l); + auto w_2 = UnivariateView(extended_edges.w_r); + auto w_3 = UnivariateView(extended_edges.w_o); + auto w_4 = UnivariateView(extended_edges.w_4); + auto sigma_1 = UnivariateView(extended_edges.sigma_1); + auto sigma_2 = UnivariateView(extended_edges.sigma_2); + auto sigma_3 = UnivariateView(extended_edges.sigma_3); + auto sigma_4 = UnivariateView(extended_edges.sigma_4); + auto id_1 = UnivariateView(extended_edges.id_1); + auto id_2 = UnivariateView(extended_edges.id_2); + auto id_3 = UnivariateView(extended_edges.id_3); + auto id_4 = UnivariateView(extended_edges.id_4); + auto z_perm = UnivariateView(extended_edges.z_perm); + auto z_perm_shift = UnivariateView(extended_edges.z_perm_shift); + auto lagrange_first = UnivariateView(extended_edges.lagrange_first); + auto lagrange_last = UnivariateView(extended_edges.lagrange_last); // Contribution (1) evals += (((z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) * @@ -152,22 +150,22 @@ template class UltraGrandProductComputationRelation { const auto& gamma = relation_parameters.gamma; const auto& public_input_delta = relation_parameters.public_input_delta; - auto w_1 = purported_evaluations[MULTIVARIATE::W_L]; - auto w_2 = purported_evaluations[MULTIVARIATE::W_R]; - auto w_3 = purported_evaluations[MULTIVARIATE::W_O]; - auto w_4 = purported_evaluations[MULTIVARIATE::W_4]; - auto sigma_1 = purported_evaluations[MULTIVARIATE::SIGMA_1]; - auto sigma_2 = purported_evaluations[MULTIVARIATE::SIGMA_2]; - auto sigma_3 = purported_evaluations[MULTIVARIATE::SIGMA_3]; - auto sigma_4 = purported_evaluations[MULTIVARIATE::SIGMA_4]; - auto id_1 = purported_evaluations[MULTIVARIATE::ID_1]; - auto id_2 = purported_evaluations[MULTIVARIATE::ID_2]; - auto id_3 = purported_evaluations[MULTIVARIATE::ID_3]; - auto id_4 = purported_evaluations[MULTIVARIATE::ID_4]; - auto z_perm = purported_evaluations[MULTIVARIATE::Z_PERM]; - auto z_perm_shift = purported_evaluations[MULTIVARIATE::Z_PERM_SHIFT]; - auto lagrange_first = purported_evaluations[MULTIVARIATE::LAGRANGE_FIRST]; - auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + auto w_1 = purported_evaluations.w_l; + auto w_2 = purported_evaluations.w_r; + auto w_3 = purported_evaluations.w_o; + auto w_4 = purported_evaluations.w_4; + auto sigma_1 = purported_evaluations.sigma_1; + auto sigma_2 = purported_evaluations.sigma_2; + auto sigma_3 = purported_evaluations.sigma_3; + auto sigma_4 = purported_evaluations.sigma_4; + auto id_1 = purported_evaluations.id_1; + auto id_2 = purported_evaluations.id_2; + auto id_3 = purported_evaluations.id_3; + auto id_4 = purported_evaluations.id_4; + auto z_perm = purported_evaluations.z_perm; + auto z_perm_shift = purported_evaluations.z_perm_shift; + auto lagrange_first = purported_evaluations.lagrange_first; + auto lagrange_last = purported_evaluations.lagrange_last; // Contribution (1) full_honk_relation_value += diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp index 6aa7d9f3b2..28179e8f19 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp @@ -9,7 +9,6 @@ template class GrandProductInitializationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 3; - using MULTIVARIATE = StandardHonk::MULTIVARIATE; // could just get from StandardArithmetization /** * @brief Add contribution of the permutation relation for a given edge @@ -29,8 +28,8 @@ template class GrandProductInitializationRelation { const RelationParameters&, const FF& scaling_factor) const { - auto z_perm_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_PERM_SHIFT]); - auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + auto z_perm_shift = UnivariateView(extended_edges.z_perm_shift); + auto lagrange_last = UnivariateView(extended_edges.lagrange_last); evals += (lagrange_last * z_perm_shift) * scaling_factor; }; @@ -39,8 +38,8 @@ template class GrandProductInitializationRelation { auto& purported_evaluations, const RelationParameters&) const { - auto z_perm_shift = purported_evaluations[MULTIVARIATE::Z_PERM_SHIFT]; - auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + auto z_perm_shift = purported_evaluations.z_perm_shift; + auto lagrange_last = purported_evaluations.lagrange_last; full_honk_relation_value += lagrange_last * z_perm_shift; }; @@ -53,7 +52,6 @@ template class UltraGrandProductInitializationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 3; - using MULTIVARIATE = UltraArithmetization::POLYNOMIAL; // could just get from StandardArithmetization /** * @brief Add contribution of the permutation relation for a given edge @@ -73,8 +71,8 @@ template class UltraGrandProductInitializationRelation { const RelationParameters&, const FF& scaling_factor) const { - auto z_perm_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_PERM_SHIFT]); - auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + auto z_perm_shift = UnivariateView(extended_edges.z_perm_shift); + auto lagrange_last = UnivariateView(extended_edges.lagrange_last); evals += (lagrange_last * z_perm_shift) * scaling_factor; }; @@ -83,8 +81,8 @@ template class UltraGrandProductInitializationRelation { auto& purported_evaluations, const RelationParameters&) const { - auto z_perm_shift = purported_evaluations[MULTIVARIATE::Z_PERM_SHIFT]; - auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + auto z_perm_shift = purported_evaluations.z_perm_shift; + auto lagrange_last = purported_evaluations.lagrange_last; full_honk_relation_value += lagrange_last * z_perm_shift; }; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index 5557d7d47c..2b9020b42f 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -1,5 +1,6 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "relation.hpp" #include "barretenberg/honk/flavor/flavor.hpp" #include "arithmetic_relation.hpp" @@ -28,64 +29,70 @@ static const size_t INPUT_UNIVARIATE_LENGTH = 2; namespace proof_system::honk_relation_tests { -template class RelationConsistency : public testing::Test { +class StandardRelationConsistency : public testing::Test { public: - template using Univariate = Univariate; - template using UnivariateView = UnivariateView; - using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; + using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; + // template using Univariate = Univariate; + // template using UnivariateView = UnivariateView; + // WORKTODO: Move MAX_RELATION_LENGTH into Flavor and simplicy this code + + template using ExtendedEdges = typename Flavor::template ExtendedEdges; + // TODO(#225)(Adrian): Accept FULL_RELATION_LENGTH as a template parameter for this function only, so that the test // can decide to which degree the polynomials must be extended. Possible accept an existing list of "edges" and // extend them to the degree. template - static std::array, NUM_POLYNOMIALS> compute_mock_extended_edges( - std::array, NUM_POLYNOMIALS>& input_univariates) + static void compute_mock_extended_edges( + ExtendedEdges extended_edges, + std::array, NUM_POLYNOMIALS>& input_univariates) { BarycentricData barycentric_2_to_max = BarycentricData(); - std::array, NUM_POLYNOMIALS> extended_univariates; + std::array, NUM_POLYNOMIALS> extended_univariates; for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { extended_univariates[i] = barycentric_2_to_max.extend(input_univariates[i]); } - auto w_l = Univariate(extended_univariates[0]); - auto w_r = Univariate(extended_univariates[1]); - auto w_o = Univariate(extended_univariates[2]); - auto z_perm = Univariate(extended_univariates[3]); - auto z_perm_shift = Univariate(extended_univariates[4]); // this is not real shifted data - auto q_m = Univariate(extended_univariates[5]); - auto q_l = Univariate(extended_univariates[6]); - auto q_r = Univariate(extended_univariates[7]); - auto q_o = Univariate(extended_univariates[8]); - auto q_c = Univariate(extended_univariates[9]); - auto sigma_1 = Univariate(extended_univariates[10]); - auto sigma_2 = Univariate(extended_univariates[11]); - auto sigma_3 = Univariate(extended_univariates[12]); - auto id_1 = Univariate(extended_univariates[13]); - auto id_2 = Univariate(extended_univariates[14]); - auto id_3 = Univariate(extended_univariates[15]); - auto lagrange_first = Univariate(extended_univariates[16]); - auto lagrange_last = Univariate(extended_univariates[17]); + auto w_l = Univariate(extended_univariates[0]); + auto w_r = Univariate(extended_univariates[1]); + auto w_o = Univariate(extended_univariates[2]); + auto z_perm = Univariate(extended_univariates[3]); + auto z_perm_shift = + Univariate(extended_univariates[4]); // this is not real shifted data + auto q_m = Univariate(extended_univariates[5]); + auto q_l = Univariate(extended_univariates[6]); + auto q_r = Univariate(extended_univariates[7]); + auto q_o = Univariate(extended_univariates[8]); + auto q_c = Univariate(extended_univariates[9]); + auto sigma_1 = Univariate(extended_univariates[10]); + auto sigma_2 = Univariate(extended_univariates[11]); + auto sigma_3 = Univariate(extended_univariates[12]); + auto id_1 = Univariate(extended_univariates[13]); + auto id_2 = Univariate(extended_univariates[14]); + auto id_3 = Univariate(extended_univariates[15]); + auto lagrange_first = Univariate(extended_univariates[16]); + auto lagrange_last = Univariate(extended_univariates[17]); // Construct extended edges array in order determined by enum - std::array, NUM_POLYNOMIALS> extended_edges; - extended_edges[POLYNOMIAL::W_L] = w_l; - extended_edges[POLYNOMIAL::W_R] = w_r; - extended_edges[POLYNOMIAL::W_O] = w_o; - extended_edges[POLYNOMIAL::Z_PERM] = z_perm; - extended_edges[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_shift; - extended_edges[POLYNOMIAL::Q_M] = q_m; - extended_edges[POLYNOMIAL::Q_L] = q_l; - extended_edges[POLYNOMIAL::Q_R] = q_r; - extended_edges[POLYNOMIAL::Q_O] = q_o; - extended_edges[POLYNOMIAL::Q_C] = q_c; - extended_edges[POLYNOMIAL::SIGMA_1] = sigma_1; - extended_edges[POLYNOMIAL::SIGMA_2] = sigma_2; - extended_edges[POLYNOMIAL::SIGMA_3] = sigma_3; - extended_edges[POLYNOMIAL::ID_1] = id_1; - extended_edges[POLYNOMIAL::ID_2] = id_2; - extended_edges[POLYNOMIAL::ID_3] = id_3; - extended_edges[POLYNOMIAL::LAGRANGE_FIRST] = lagrange_first; - extended_edges[POLYNOMIAL::LAGRANGE_LAST] = lagrange_last; - return extended_edges; + extended_edges.w_l = w_l; + extended_edges.w_r = w_r; + extended_edges.w_o = w_o; + extended_edges.z_perm = z_perm; + extended_edges.z_perm_shift = z_perm_shift; + extended_edges.q_m = q_m; + extended_edges.q_l = q_l; + extended_edges.q_r = q_r; + extended_edges.q_o = q_o; + extended_edges.q_c = q_c; + extended_edges.sigma_1 = sigma_1; + extended_edges.sigma_2 = sigma_2; + extended_edges.sigma_3 = sigma_3; + extended_edges.id_1 = id_1; + extended_edges.id_2 = id_2; + extended_edges.id_3 = id_3; + extended_edges.lagrange_first = lagrange_first; + extended_edges.lagrange_last = lagrange_last; } /** @@ -114,14 +121,15 @@ template class RelationConsistency : public testing::Test { * @param i index of the evaluations we want to take from each univariate * @return std::array such that result[j] = univariates[j].value_at(i) */ - template - static std::array transposed_univariate_array_at( - const std::array, NUM_UNIVARIATES>& univariates, size_t i) + template + static PurportedEvaluations transposed_univariate_array_at(ExtendedEdges univariates, size_t i) { ASSERT(i < univariate_length); - std::array result; - for (size_t j = 0; j < NUM_UNIVARIATES; ++j) { - result[j] = univariates[j].value_at(i); + std::array result; + size_t result_idx = 0; // WORKTODO + for (auto& univariate : univariates) { + result[result_idx] = univariate.value_at(i); + result_idx++; } return result; }; @@ -138,19 +146,18 @@ template class RelationConsistency : public testing::Test { * @param extended_edges * @param relation_parameters */ - template - static void validate_evaluations( - const Univariate& expected_evals, - const auto relation, - const std::array, NUM_POLYNOMIALS>& extended_edges, - const RelationParameters& relation_parameters) + template + static void validate_evaluations(const Univariate& expected_evals, + const auto relation, + const ExtendedEdges& extended_edges, + const RelationParameters& relation_parameters) { // Compute the expression index-by-index - Univariate expected_evals_index{ 0 }; + Univariate expected_evals_index{ 0 }; for (size_t i = 0; i < FULL_RELATION_LENGTH; ++i) { // Get an array of the same size as `extended_edges` with only the i-th element of each extended edge. - std::array evals_i = transposed_univariate_array_at(extended_edges, i); + PurportedEvaluations evals_i = transposed_univariate_array_at(extended_edges, i); // Evaluate the relation relation.add_full_relation_value_contribution( expected_evals_index.value_at(i), evals_i, relation_parameters); @@ -158,93 +165,90 @@ template class RelationConsistency : public testing::Test { EXPECT_EQ(expected_evals, expected_evals_index); // Compute the expression using the class, that converts the extended edges to UnivariateView - auto expected_evals_view = Univariate(0); + auto expected_evals_view = Univariate(0); // The scaling factor is essentially 1 since we are working with degree 1 univariates relation.add_edge_contribution(expected_evals_view, extended_edges, relation_parameters, 1); // Tiny hack to reduce `expected_evals` to be of size `relation.RELATION_LENGTH` - Univariate expected_evals_restricted{ UnivariateView( - expected_evals) }; + Univariate expected_evals_restricted{ + UnivariateView(expected_evals) + }; EXPECT_EQ(expected_evals_restricted, expected_evals_view); }; }; -using FieldTypes = testing::Types; -TYPED_TEST_SUITE(RelationConsistency, FieldTypes); -#define SUMCHECK_RELATION_TYPE_ALIASES using FF = TypeParam; - -TYPED_TEST(RelationConsistency, ArithmeticRelation) +TEST_F(StandardRelationConsistency, ArithmeticRelation) { - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::StandardArithmetization::POLYNOMIAL; - + using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; static constexpr size_t FULL_RELATION_LENGTH = 5; - static const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; + using ExtendedEdges = typename Flavor::template ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); + const auto relation_parameters = compute_mock_relation_parameters(); auto run_test = [&relation_parameters](bool is_random_input) { - std::array, NUM_POLYNOMIALS> extended_edges; std::array, NUM_POLYNOMIALS> input_polynomials; + ExtendedEdges extended_edges; if (!is_random_input) { // evaluation form, i.e. input_univariate(0) = 1, input_univariate(1) = 2,.. The polynomial is x+1. for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { input_polynomials[i] = Univariate({ 1, 2 }); } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); + compute_mock_extended_edges(extended_edges, input_polynomials); } else { // input_univariates are random polynomials of degree one for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); + compute_mock_extended_edges(extended_edges, input_polynomials); }; auto relation = ArithmeticRelation(); // Manually compute the expected edge contribution - const auto& w_l = extended_edges[MULTIVARIATE::W_L]; - const auto& w_r = extended_edges[MULTIVARIATE::W_R]; - const auto& w_o = extended_edges[MULTIVARIATE::W_O]; - const auto& q_m = extended_edges[MULTIVARIATE::Q_M]; - const auto& q_l = extended_edges[MULTIVARIATE::Q_L]; - const auto& q_r = extended_edges[MULTIVARIATE::Q_R]; - const auto& q_o = extended_edges[MULTIVARIATE::Q_O]; - const auto& q_c = extended_edges[MULTIVARIATE::Q_C]; + const auto& w_l = extended_edges.w_l; + const auto& w_r = extended_edges.w_r; + const auto& w_o = extended_edges.w_o; + const auto& q_m = extended_edges.q_m; + const auto& q_l = extended_edges.q_l; + const auto& q_r = extended_edges.q_r; + const auto& q_o = extended_edges.q_o; + const auto& q_c = extended_edges.q_c; // We first compute the evaluations using UnivariateViews, with the provided hard-coded formula. // Ensure that expression changes are detected. // expected_evals, length 4, extends to { { 5, 22, 57, 116, 205} } for input polynomial {1, 2} auto expected_evals = (q_m * w_r * w_l) + (q_r * w_r) + (q_l * w_l) + (q_o * w_o) + (q_c); - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); }; run_test(/* is_random_input=*/true); run_test(/* is_random_input=*/false); }; -TYPED_TEST(RelationConsistency, GrandProductComputationRelation) +TEST_F(StandardRelationConsistency, GrandProductComputationRelation) { - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::StandardArithmetization::POLYNOMIAL; - + using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; static constexpr size_t FULL_RELATION_LENGTH = 5; - static const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; + using ExtendedEdges = typename Flavor::template ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); + const auto relation_parameters = compute_mock_relation_parameters(); auto run_test = [&relation_parameters](bool is_random_input) { - std::array, NUM_POLYNOMIALS> extended_edges; + ExtendedEdges extended_edges; std::array, NUM_POLYNOMIALS> input_polynomials; if (!is_random_input) { // evaluation form, i.e. input_univariate(0) = 1, input_univariate(1) = 2,.. The polynomial is x+1. for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { input_polynomials[i] = Univariate({ 1, 2 }); } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); + compute_mock_extended_edges(extended_edges, input_polynomials); } else { // input_univariates are random polynomials of degree one for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); + compute_mock_extended_edges(extended_edges, input_polynomials); }; auto relation = GrandProductComputationRelation(); @@ -258,19 +262,19 @@ TYPED_TEST(RelationConsistency, GrandProductComputationRelation) // auto z_perm_shift = Univariate({ 1, 4, 9, 16, 25 }); // X^2 // Manually compute the expected edge contribution - const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; - const auto& w_2 = extended_edges[MULTIVARIATE::W_R]; - const auto& w_3 = extended_edges[MULTIVARIATE::W_O]; - const auto& sigma_1 = extended_edges[MULTIVARIATE::SIGMA_1]; - const auto& sigma_2 = extended_edges[MULTIVARIATE::SIGMA_2]; - const auto& sigma_3 = extended_edges[MULTIVARIATE::SIGMA_3]; - const auto& id_1 = extended_edges[MULTIVARIATE::ID_1]; - const auto& id_2 = extended_edges[MULTIVARIATE::ID_2]; - const auto& id_3 = extended_edges[MULTIVARIATE::ID_3]; - const auto& z_perm = extended_edges[MULTIVARIATE::Z_PERM]; - const auto& z_perm_shift = extended_edges[MULTIVARIATE::Z_PERM_SHIFT]; - const auto& lagrange_first = extended_edges[MULTIVARIATE::LAGRANGE_FIRST]; - const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; + const auto& w_1 = extended_edges.w_l; + const auto& w_2 = extended_edges.w_r; + const auto& w_3 = extended_edges.w_o; + const auto& sigma_1 = extended_edges.sigma_1; + const auto& sigma_2 = extended_edges.sigma_2; + const auto& sigma_3 = extended_edges.sigma_3; + const auto& id_1 = extended_edges.id_1; + const auto& id_2 = extended_edges.id_2; + const auto& id_3 = extended_edges.id_3; + const auto& z_perm = extended_edges.z_perm; + const auto& z_perm_shift = extended_edges.z_perm_shift; + const auto& lagrange_first = extended_edges.lagrange_first; + const auto& lagrange_last = extended_edges.lagrange_last; // We first compute the evaluations using UnivariateViews, with the provided hard-coded formula. // Ensure that expression changes are detected. @@ -280,209 +284,49 @@ TYPED_TEST(RelationConsistency, GrandProductComputationRelation) (z_perm_shift + lagrange_last * public_input_delta) * (w_1 + sigma_1 * beta + gamma) * (w_2 + sigma_2 * beta + gamma) * (w_3 + sigma_3 * beta + gamma); - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); }; run_test(/* is_random_input=*/true); run_test(/* is_random_input=*/false); }; -TYPED_TEST(RelationConsistency, GrandProductInitializationRelation) +TEST_F(StandardRelationConsistency, GrandProductInitializationRelation) { - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::StandardArithmetization::POLYNOMIAL; - + using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; static constexpr size_t FULL_RELATION_LENGTH = 5; - static const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; + using ExtendedEdges = typename Flavor::template ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); + const auto relation_parameters = compute_mock_relation_parameters(); auto run_test = [&relation_parameters](bool is_random_input) { - std::array, NUM_POLYNOMIALS> extended_edges; + ExtendedEdges extended_edges; std::array, NUM_POLYNOMIALS> input_polynomials; if (!is_random_input) { // evaluation form, i.e. input_univariate(0) = 1, input_univariate(1) = 2,.. The polynomial is x+1. for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { input_polynomials[i] = Univariate({ 1, 2 }); } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); + compute_mock_extended_edges(extended_edges, input_polynomials); } else { // input_univariates are random polynomials of degree one for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); + compute_mock_extended_edges(extended_edges, input_polynomials); }; auto relation = GrandProductInitializationRelation(); - const auto& z_perm_shift = extended_edges[MULTIVARIATE::Z_PERM_SHIFT]; - const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; + const auto& z_perm_shift = extended_edges.z_perm_shift; + const auto& lagrange_last = extended_edges.lagrange_last; // We first compute the evaluations using UnivariateViews, with the provided hard-coded formula. // Ensure that expression changes are detected. // expected_evals, lenght 3 (coeff form = x^2 + x), extends to { { 0, 2, 6, 12, 20 } } auto expected_evals = z_perm_shift * lagrange_last; - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); }; run_test(/* is_random_input=*/true); run_test(/* is_random_input=*/false); }; - -TYPED_TEST(RelationConsistency, UltraArithmeticRelation) -{ - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - - static constexpr size_t FULL_RELATION_LENGTH = 6; - static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); - std::array, NUM_POLYNOMIALS> extended_edges; - std::array, NUM_POLYNOMIALS> input_polynomials; - - // input_univariates are random polynomials of degree one - for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); - } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - - auto relation = UltraArithmeticRelation(); - - // Extract the extended edges for manual computation of relation contribution - const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; - const auto& w_2 = extended_edges[MULTIVARIATE::W_R]; - const auto& w_3 = extended_edges[MULTIVARIATE::W_O]; - const auto& w_4 = extended_edges[MULTIVARIATE::W_4]; - const auto& w_4_shift = extended_edges[MULTIVARIATE::W_4_SHIFT]; - const auto& q_m = extended_edges[MULTIVARIATE::Q_M]; - const auto& q_l = extended_edges[MULTIVARIATE::Q_L]; - const auto& q_r = extended_edges[MULTIVARIATE::Q_R]; - const auto& q_o = extended_edges[MULTIVARIATE::Q_O]; - const auto& q_4 = extended_edges[MULTIVARIATE::Q_4]; - const auto& q_c = extended_edges[MULTIVARIATE::Q_C]; - const auto& q_arith = extended_edges[MULTIVARIATE::QARITH]; - - static const FF neg_half = FF(-2).invert(); - - auto expected_evals = (q_arith - 3) * (q_m * w_2 * w_1) * neg_half; - expected_evals += (q_l * w_1) + (q_r * w_2) + (q_o * w_3) + (q_4 * w_4) + q_c; - expected_evals += (q_arith - 1) * w_4_shift; - expected_evals *= q_arith; - - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -}; - -TYPED_TEST(RelationConsistency, UltraArithmeticRelationSecondary) -{ - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - - static constexpr size_t FULL_RELATION_LENGTH = 6; - static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); - std::array, NUM_POLYNOMIALS> extended_edges; - std::array, NUM_POLYNOMIALS> input_polynomials; - - // input_univariates are random polynomials of degree one - for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); - } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - - auto relation = UltraArithmeticRelationSecondary(); - - // Extract the extended edges for manual computation of relation contribution - const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; - const auto& w_4 = extended_edges[MULTIVARIATE::W_4]; - const auto& w_1_shift = extended_edges[MULTIVARIATE::W_1_SHIFT]; - const auto& q_m = extended_edges[MULTIVARIATE::Q_M]; - const auto& q_arith = extended_edges[MULTIVARIATE::QARITH]; - - auto expected_evals = (w_1 + w_4 - w_1_shift + q_m); - expected_evals *= (q_arith - 2) * (q_arith - 1) * q_arith; - - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -}; - -TYPED_TEST(RelationConsistency, UltraGrandProductInitializationRelation) -{ - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - - static constexpr size_t FULL_RELATION_LENGTH = 6; - static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); - std::array, NUM_POLYNOMIALS> extended_edges; - std::array, NUM_POLYNOMIALS> input_polynomials; - - // input_univariates are random polynomials of degree one - for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); - } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - - auto relation = UltraGrandProductInitializationRelation(); - - // Extract the extended edges for manual computation of relation contribution - const auto& z_perm_shift = extended_edges[MULTIVARIATE::Z_PERM_SHIFT]; - const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; - - // Compute the expected result using a simple to read version of the relation expression - auto expected_evals = z_perm_shift * lagrange_last; - - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -}; - -TYPED_TEST(RelationConsistency, UltraGrandProductComputationRelation) -{ - SUMCHECK_RELATION_TYPE_ALIASES - using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - - static constexpr size_t FULL_RELATION_LENGTH = 6; - static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - - const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); - std::array, NUM_POLYNOMIALS> extended_edges; - std::array, NUM_POLYNOMIALS> input_polynomials; - - // input_univariates are random polynomials of degree one - for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); - } - extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - - auto relation = UltraGrandProductComputationRelation(); - - const auto& beta = relation_parameters.beta; - const auto& gamma = relation_parameters.gamma; - const auto& public_input_delta = relation_parameters.public_input_delta; - - // Extract the extended edges for manual computation of relation contribution - const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; - const auto& w_2 = extended_edges[MULTIVARIATE::W_R]; - const auto& w_3 = extended_edges[MULTIVARIATE::W_O]; - const auto& w_4 = extended_edges[MULTIVARIATE::W_4]; - const auto& sigma_1 = extended_edges[MULTIVARIATE::SIGMA_1]; - const auto& sigma_2 = extended_edges[MULTIVARIATE::SIGMA_2]; - const auto& sigma_3 = extended_edges[MULTIVARIATE::SIGMA_3]; - const auto& sigma_4 = extended_edges[MULTIVARIATE::SIGMA_4]; - const auto& id_1 = extended_edges[MULTIVARIATE::ID_1]; - const auto& id_2 = extended_edges[MULTIVARIATE::ID_2]; - const auto& id_3 = extended_edges[MULTIVARIATE::ID_3]; - const auto& id_4 = extended_edges[MULTIVARIATE::ID_4]; - const auto& z_perm = extended_edges[MULTIVARIATE::Z_PERM]; - const auto& z_perm_shift = extended_edges[MULTIVARIATE::Z_PERM_SHIFT]; - const auto& lagrange_first = extended_edges[MULTIVARIATE::LAGRANGE_FIRST]; - const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; - - // Compute the expected result using a simple to read version of the relation expression - auto expected_evals = (z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) * - (w_3 + id_3 * beta + gamma) * (w_4 + id_4 * beta + gamma) - - (z_perm_shift + lagrange_last * public_input_delta) * (w_1 + sigma_1 * beta + gamma) * - (w_2 + sigma_2 * beta + gamma) * (w_3 + sigma_3 * beta + gamma) * - (w_4 + sigma_4 * beta + gamma); - - TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -}; - } // namespace proof_system::honk_relation_tests diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 932e953557..cb60a706ff 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -31,9 +31,12 @@ namespace test_honk_relations { */ TEST(RelationCorrectness, StandardRelationCorrectness) { + using Flavor = honk::flavor::Standard; + using ProverPolynomials = typename Flavor::ProverPolynomials; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; + // Create a composer and a dummy circuit with a few gates auto composer = StandardHonkComposer(); - // static const size_t num_wires = StandardHonkComposer::num_wires; fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly uint32_t a_idx = composer.add_public_variable(a); @@ -65,7 +68,6 @@ TEST(RelationCorrectness, StandardRelationCorrectness) .public_input_delta = public_input_delta, }; - constexpr size_t num_polynomials = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; // Compute grand product polynomial polynomial z_perm_poly = prover_library::compute_permutation_grand_product( prover.key, prover.wire_polynomials, beta, gamma); @@ -74,27 +76,26 @@ TEST(RelationCorrectness, StandardRelationCorrectness) // get the transposition. // Ex: polynomial_spans[3][i] returns the i-th coefficient of the third polynomial // in the list below - std::array, num_polynomials> evaluations_array; - - using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; - evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; - evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; - evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; - evaluations_array[POLYNOMIAL::Z_PERM] = z_perm_poly; - evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_poly.shifted(); - evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); - evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); - evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); - evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); - evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); - evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); - evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); - evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); - evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); - evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); + ProverPolynomials prover_polynomials; + + prover_polynomials.w_l = prover.wire_polynomials[0]; + prover_polynomials.w_r = prover.wire_polynomials[1]; + prover_polynomials.w_o = prover.wire_polynomials[2]; + prover_polynomials.z_perm = z_perm_poly; + prover_polynomials.z_perm_shift = z_perm_poly.shifted(); + prover_polynomials.q_m = prover.key->q_m; + prover_polynomials.q_l = prover.key->q_l; + prover_polynomials.q_r = prover.key->q_r; + prover_polynomials.q_o = prover.key->q_o; + prover_polynomials.q_c = prover.key->q_c; + prover_polynomials.sigma_1 = prover.key->sigma_1; + prover_polynomials.sigma_2 = prover.key->sigma_2; + prover_polynomials.sigma_3 = prover.key->sigma_3; + prover_polynomials.id_1 = prover.key->id_1; + prover_polynomials.id_2 = prover.key->id_2; + prover_polynomials.id_3 = prover.key->id_3; + prover_polynomials.lagrange_first = prover.key->lagrange_first; + prover_polynomials.lagrange_last = prover.key->lagrange_last; // Construct the round for applying sumcheck relations and results for storing computed results auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), @@ -104,9 +105,12 @@ TEST(RelationCorrectness, StandardRelationCorrectness) fr result = 0; for (size_t i = 0; i < prover.key->circuit_size; i++) { // Compute an array containing all the evaluations at a given row i - std::array evaluations_at_index_i; - for (size_t j = 0; j < num_polynomials; ++j) { - evaluations_at_index_i[j] = evaluations_array[j][i]; + + PurportedEvaluations evaluations_at_index_i; + size_t poly_idx = 0; + for (auto& polynomial : prover_polynomials) { + evaluations_at_index_i[poly_idx] = polynomial[i]; + poly_idx++; } // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the @@ -138,6 +142,10 @@ TEST(RelationCorrectness, StandardRelationCorrectness) // NOTE(luke): More relations will be added as they are implemented for Ultra Honk TEST(RelationCorrectness, UltraRelationCorrectness) { + using Flavor = honk::flavor::Ultra; + using ProverPolynomials = typename Flavor::ProverPolynomials; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; + // Create a composer and a dummy circuit with a few gates auto composer = UltraHonkComposer(); // static const size_t num_wires = 4; @@ -176,53 +184,51 @@ TEST(RelationCorrectness, UltraRelationCorrectness) .public_input_delta = public_input_delta, }; - constexpr size_t num_polynomials = proof_system::honk::UltraArithmetization::COUNT; // Compute grand product polynomial - auto z_perm_poly = prover_library::compute_permutation_grand_product( - prover.key, prover.wire_polynomials, beta, gamma); + auto z_perm_poly = + prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); // Create an array of spans to the underlying polynomials to more easily // get the transposition. // Ex: polynomial_spans[3][i] returns the i-th coefficient of the third polynomial // in the list below - std::array, num_polynomials> evaluations_array; - - using POLYNOMIAL = proof_system::honk::UltraArithmetization::POLYNOMIAL; - evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; - evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; - evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; - evaluations_array[POLYNOMIAL::W_4] = prover.wire_polynomials[3]; - evaluations_array[POLYNOMIAL::W_1_SHIFT] = prover.wire_polynomials[0].shifted(); - evaluations_array[POLYNOMIAL::W_4_SHIFT] = prover.wire_polynomials[3].shifted(); - evaluations_array[POLYNOMIAL::S_1] = prover.key->polynomial_store.get("s_1_lagrange"); - evaluations_array[POLYNOMIAL::S_2] = prover.key->polynomial_store.get("s_2_lagrange"); - evaluations_array[POLYNOMIAL::S_3] = prover.key->polynomial_store.get("s_3_lagrange"); - evaluations_array[POLYNOMIAL::S_4] = prover.key->polynomial_store.get("s_4_lagrange"); - evaluations_array[POLYNOMIAL::Z_PERM] = z_perm_poly; - evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_poly.shifted(); - evaluations_array[POLYNOMIAL::Z_LOOKUP] = z_perm_poly; - evaluations_array[POLYNOMIAL::Z_LOOKUP_SHIFT] = z_perm_poly.shifted(); - evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); - evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); - evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); - evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); - evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); - evaluations_array[POLYNOMIAL::Q_4] = prover.key->polynomial_store.get("q_4_lagrange"); - evaluations_array[POLYNOMIAL::QARITH] = prover.key->polynomial_store.get("q_arith_lagrange"); - evaluations_array[POLYNOMIAL::QSORT] = prover.key->polynomial_store.get("q_sort_lagrange"); - evaluations_array[POLYNOMIAL::QELLIPTIC] = prover.key->polynomial_store.get("q_elliptic_lagrange"); - evaluations_array[POLYNOMIAL::QAUX] = prover.key->polynomial_store.get("q_aux_lagrange"); - evaluations_array[POLYNOMIAL::QLOOKUPTYPE] = prover.key->polynomial_store.get("table_type_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); - evaluations_array[POLYNOMIAL::SIGMA_4] = prover.key->polynomial_store.get("sigma_4_lagrange"); - evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); - evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); - evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); - evaluations_array[POLYNOMIAL::ID_4] = prover.key->polynomial_store.get("id_4_lagrange"); - evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); - evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); + ProverPolynomials prover_polynomials; + + prover_polynomials.w_l = prover.wire_polynomials[0]; + prover_polynomials.w_r = prover.wire_polynomials[1]; + prover_polynomials.w_o = prover.wire_polynomials[2]; + prover_polynomials.w_4 = prover.wire_polynomials[3]; + prover_polynomials.w_1_shift = prover.wire_polynomials[0].shifted(); + prover_polynomials.w_4_shift = prover.wire_polynomials[3].shifted(); + prover_polynomials.s_1 = prover.key->s_1; + prover_polynomials.s_2 = prover.key->s_2; + prover_polynomials.s_3 = prover.key->s_3; + prover_polynomials.s_4 = prover.key->s_4; + prover_polynomials.z_perm = z_perm_poly; + prover_polynomials.z_perm_shift = z_perm_poly.shifted(); + prover_polynomials.z_lookup = z_perm_poly; + prover_polynomials.z_lookup_shift = z_perm_poly.shifted(); + prover_polynomials.q_m = prover.key->q_m; + prover_polynomials.q_l = prover.key->q_l; + prover_polynomials.q_r = prover.key->q_r; + prover_polynomials.q_o = prover.key->q_o; + prover_polynomials.q_c = prover.key->q_c; + prover_polynomials.q_4 = prover.key->q_4; + prover_polynomials.q_arith = prover.key->q_arith; + prover_polynomials.q_sort = prover.key->q_sort; + prover_polynomials.q_elliptic = prover.key->q_elliptic; + prover_polynomials.q_aux = prover.key->q_aux; + prover_polynomials.q_lookuptype = prover.key->q_lookuptype; + prover_polynomials.sigma_1 = prover.key->sigma_1; + prover_polynomials.sigma_2 = prover.key->sigma_2; + prover_polynomials.sigma_3 = prover.key->sigma_3; + prover_polynomials.sigma_4 = prover.key->sigma_4; + prover_polynomials.id_1 = prover.key->id_1; + prover_polynomials.id_2 = prover.key->id_2; + prover_polynomials.id_3 = prover.key->id_3; + prover_polynomials.id_4 = prover.key->id_4; + prover_polynomials.lagrange_first = prover.key->lagrange_first; + prover_polynomials.lagrange_last = prover.key->lagrange_last; // Construct the round for applying sumcheck relations and results for storing computed results auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), @@ -233,9 +239,11 @@ TEST(RelationCorrectness, UltraRelationCorrectness) fr result = 0; for (size_t i = 0; i < prover.key->circuit_size; i++) { // Compute an array containing all the evaluations at a given row i - std::array evaluations_at_index_i; - for (size_t j = 0; j < num_polynomials; ++j) { - evaluations_at_index_i[j] = evaluations_array[j][i]; + PurportedEvaluations evaluations_at_index_i; + size_t poly_idx = 0; + for (auto& polynomial : prover_polynomials) { + evaluations_at_index_i[poly_idx] = polynomial[i]; + poly_idx++; } // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp index 2df6efc2c7..9de9207917 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp @@ -12,7 +12,6 @@ template class UltraArithmeticRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 6; // degree(q_arith^2 * q_m * w_r * w_l) = 5 - using MULTIVARIATE = UltraArithmetization::POLYNOMIAL; /** * @brief Expression for the Ultra Arithmetic gate. @@ -35,18 +34,18 @@ template class UltraArithmeticRelation { // OPTIMIZATION?: Karatsuba in general, at least for some degrees? // See https://hackmd.io/xGLuj6biSsCjzQnYN-pEiA?both - auto w_l = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - auto w_r = UnivariateView(extended_edges[MULTIVARIATE::W_R]); - auto w_o = UnivariateView(extended_edges[MULTIVARIATE::W_O]); - auto w_4 = UnivariateView(extended_edges[MULTIVARIATE::W_4]); - auto w_4_shift = UnivariateView(extended_edges[MULTIVARIATE::W_4_SHIFT]); - auto q_m = UnivariateView(extended_edges[MULTIVARIATE::Q_M]); - auto q_l = UnivariateView(extended_edges[MULTIVARIATE::Q_L]); - auto q_r = UnivariateView(extended_edges[MULTIVARIATE::Q_R]); - auto q_o = UnivariateView(extended_edges[MULTIVARIATE::Q_O]); - auto q_4 = UnivariateView(extended_edges[MULTIVARIATE::Q_4]); - auto q_c = UnivariateView(extended_edges[MULTIVARIATE::Q_C]); - auto q_arith = UnivariateView(extended_edges[MULTIVARIATE::QARITH]); + auto w_l = UnivariateView(extended_edges.w_l); + auto w_r = UnivariateView(extended_edges.w_r); + auto w_o = UnivariateView(extended_edges.w_o); + auto w_4 = UnivariateView(extended_edges.w_4); + auto w_4_shift = UnivariateView(extended_edges.w_4_shift); + auto q_m = UnivariateView(extended_edges.q_m); + auto q_l = UnivariateView(extended_edges.q_l); + auto q_r = UnivariateView(extended_edges.q_r); + auto q_o = UnivariateView(extended_edges.q_o); + auto q_4 = UnivariateView(extended_edges.q_4); + auto q_c = UnivariateView(extended_edges.q_c); + auto q_arith = UnivariateView(extended_edges.q_arith); static const FF neg_half = FF(-2).invert(); @@ -62,18 +61,18 @@ template class UltraArithmeticRelation { const auto& purported_evaluations, const RelationParameters&) const { - auto w_l = purported_evaluations[MULTIVARIATE::W_L]; - auto w_r = purported_evaluations[MULTIVARIATE::W_R]; - auto w_o = purported_evaluations[MULTIVARIATE::W_O]; - auto w_4 = purported_evaluations[MULTIVARIATE::W_4]; - auto w_4_shift = purported_evaluations[MULTIVARIATE::W_4_SHIFT]; - auto q_m = purported_evaluations[MULTIVARIATE::Q_M]; - auto q_l = purported_evaluations[MULTIVARIATE::Q_L]; - auto q_r = purported_evaluations[MULTIVARIATE::Q_R]; - auto q_o = purported_evaluations[MULTIVARIATE::Q_O]; - auto q_4 = purported_evaluations[MULTIVARIATE::Q_4]; - auto q_c = purported_evaluations[MULTIVARIATE::Q_C]; - auto q_arith = purported_evaluations[MULTIVARIATE::QARITH]; + auto w_l = purported_evaluations.w_l; + auto w_r = purported_evaluations.w_r; + auto w_o = purported_evaluations.w_o; + auto w_4 = purported_evaluations.w_4; + auto w_4_shift = purported_evaluations.w_4_shift; + auto q_m = purported_evaluations.q_m; + auto q_l = purported_evaluations.q_l; + auto q_r = purported_evaluations.q_r; + auto q_o = purported_evaluations.q_o; + auto q_4 = purported_evaluations.q_4; + auto q_c = purported_evaluations.q_c; + auto q_arith = purported_evaluations.q_arith; static const FF neg_half = FF(-2).invert(); diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp index 78c01db356..fc61f633bb 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp @@ -12,7 +12,6 @@ template class UltraArithmeticRelationSecondary { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 5; // degree(q_arith^3 * w_l) = 4 - using MULTIVARIATE = UltraArithmetization::POLYNOMIAL; /** * @brief Expression for the Ultra Arithmetic gate. @@ -33,11 +32,11 @@ template class UltraArithmeticRelationSecondary { // OPTIMIZATION?: Karatsuba in general, at least for some degrees? // See https://hackmd.io/xGLuj6biSsCjzQnYN-pEiA?both - auto w_l = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - auto w_4 = UnivariateView(extended_edges[MULTIVARIATE::W_4]); - auto w_l_shift = UnivariateView(extended_edges[MULTIVARIATE::W_1_SHIFT]); - auto q_m = UnivariateView(extended_edges[MULTIVARIATE::Q_M]); - auto q_arith = UnivariateView(extended_edges[MULTIVARIATE::QARITH]); + auto w_l = UnivariateView(extended_edges.w_l); + auto w_4 = UnivariateView(extended_edges.w_4); + auto w_l_shift = UnivariateView(extended_edges.w_1_shift); + auto q_m = UnivariateView(extended_edges.q_m); + auto q_arith = UnivariateView(extended_edges.q_arith); auto tmp = w_l + w_4 - w_l_shift + q_m; tmp *= (q_arith - 2); @@ -51,11 +50,11 @@ template class UltraArithmeticRelationSecondary { const auto& purported_evaluations, const RelationParameters&) const { - auto w_l = purported_evaluations[MULTIVARIATE::W_L]; - auto w_4 = purported_evaluations[MULTIVARIATE::W_4]; - auto w_l_shift = purported_evaluations[MULTIVARIATE::W_1_SHIFT]; - auto q_m = purported_evaluations[MULTIVARIATE::Q_M]; - auto q_arith = purported_evaluations[MULTIVARIATE::QARITH]; + auto w_l = purported_evaluations.w_l; + auto w_4 = purported_evaluations.w_4; + auto w_l_shift = purported_evaluations.w_1_shift; + auto q_m = purported_evaluations.q_m; + auto q_arith = purported_evaluations.q_arith; auto tmp = w_l + w_4 - w_l_shift + q_m; tmp *= (q_arith - 2); diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp new file mode 100644 index 0000000000..370a77be27 --- /dev/null +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -0,0 +1,337 @@ +#include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "relation.hpp" +#include "barretenberg/honk/flavor/flavor.hpp" +#include "arithmetic_relation.hpp" +#include "grand_product_initialization_relation.hpp" +#include "grand_product_computation_relation.hpp" +#include "../polynomials/univariate.hpp" +#include "../polynomials/barycentric_data.hpp" + +#include "barretenberg/ecc/curves/bn254/fr.hpp" +#include "barretenberg/numeric/random/engine.hpp" + +#include +#include +using namespace proof_system::honk::sumcheck; +/** + * We want to test if all three relations (namely, ArithmeticRelation, GrandProductComputationRelation, + * GrandProductInitializationRelation) provide correct contributions by manually computing their + * contributions with deterministic and random inputs. The relations are supposed to work with + * univariates (edges) of degree one (length 2) and spit out polynomials of corresponding degrees. We have + * MAX_RELATION_LENGTH = 5, meaning the output of a relation can atmost be a degree 5 polynomial. Hence, + * we use a method compute_mock_extended_edges() which starts with degree one input polynomial (two evaluation + points), + * extends them (using barycentric formula) to six evaluation points, and stores them to an array of polynomials. + */ +static const size_t INPUT_UNIVARIATE_LENGTH = 2; + +namespace proof_system::honk_relation_tests { + +class UltraRelationConsistency : public testing::Test { + public: + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; + + // WORKTODO: Move MAX_RELATION_LENGTH into Flavor and simplicy this code + template using ExtendedEdges = typename Flavor::template ExtendedEdges; + + // TODO(#225)(Adrian): Accept FULL_RELATION_LENGTH as a template parameter for this function only, so that the test + // can decide to which degree the polynomials must be extended. Possible accept an existing list of "edges" and + // extend them to the degree. + template + static void compute_mock_extended_edges( + ExtendedEdges extended_edges, + std::array, NUM_POLYNOMIALS>& input_univariates) + { + BarycentricData barycentric_2_to_max = + BarycentricData(); + std::array, NUM_POLYNOMIALS> extended_univariates; + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + extended_univariates[i] = barycentric_2_to_max.extend(input_univariates[i]); + } + auto w_l = Univariate(extended_univariates[0]); + auto w_r = Univariate(extended_univariates[1]); + auto w_o = Univariate(extended_univariates[2]); + auto z_perm = Univariate(extended_univariates[3]); + auto z_perm_shift = + Univariate(extended_univariates[4]); // this is not real shifted data + auto q_m = Univariate(extended_univariates[5]); + auto q_l = Univariate(extended_univariates[6]); + auto q_r = Univariate(extended_univariates[7]); + auto q_o = Univariate(extended_univariates[8]); + auto q_c = Univariate(extended_univariates[9]); + auto sigma_1 = Univariate(extended_univariates[10]); + auto sigma_2 = Univariate(extended_univariates[11]); + auto sigma_3 = Univariate(extended_univariates[12]); + auto id_1 = Univariate(extended_univariates[13]); + auto id_2 = Univariate(extended_univariates[14]); + auto id_3 = Univariate(extended_univariates[15]); + auto lagrange_first = Univariate(extended_univariates[16]); + auto lagrange_last = Univariate(extended_univariates[17]); + // Construct extended edges array in order determined by enum + + extended_edges.w_l = w_l; + extended_edges.w_r = w_r; + extended_edges.w_o = w_o; + extended_edges.z_perm = z_perm; + extended_edges.z_perm_shift = z_perm_shift; + extended_edges.q_m = q_m; + extended_edges.q_l = q_l; + extended_edges.q_r = q_r; + extended_edges.q_o = q_o; + extended_edges.q_c = q_c; + extended_edges.sigma_1 = sigma_1; + extended_edges.sigma_2 = sigma_2; + extended_edges.sigma_3 = sigma_3; + extended_edges.id_1 = id_1; + extended_edges.id_2 = id_2; + extended_edges.id_3 = id_3; + extended_edges.lagrange_first = lagrange_first; + extended_edges.lagrange_last = lagrange_last; + } + + /** + * @brief Returns randomly sampled parameters to feed to the relations. + * + * @return RelationParameters + */ + RelationParameters compute_mock_relation_parameters() + { + return { .beta = FF::random_element(), + .gamma = FF::random_element(), + .public_input_delta = FF::random_element() }; + } + + /** + * @brief Given an array of Univariates, create a new array containing only the i-th evaluations + * of all the univariates. + * + * @note Not really optimized, mainly used for testing that the relations evaluate to the same value when + * evaluated as Univariates, Expressions, or index-by-index + * @todo(Adrian) Maybe this is more helpful as part of a `check_logic` function. + * + * @tparam NUM_UNIVARIATES number of univariates in the input array (deduced from `univariates`) + * @tparam univariate_length number of evaluations (deduced from `univariates`) + * @param univariates array of Univariates + * @param i index of the evaluations we want to take from each univariate + * @return std::array such that result[j] = univariates[j].value_at(i) + */ + template + static PurportedEvaluations transposed_univariate_array_at(ExtendedEdges univariates, size_t i) + { + ASSERT(i < univariate_length); + std::array result; + size_t result_idx = 0; // WORKTODO + for (auto& univariate : univariates) { + result[result_idx] = univariate.value_at(i); + result_idx++; + } + return result; + }; + + /** + * @brief Compute the evaluation of a `relation` in different ways, comparing it to the provided `expected_evals` + * + * @details Check both `add_full_relation_value_contribution` and `add_edge_contribution` by comparing the result to + * the `expected_evals` computed by the caller. + * Ensures that the relations compute the same result as the expression given in the tests. + * + * @param expected_evals Relation evaluation computed by the caller. + * @param relation being tested + * @param extended_edges + * @param relation_parameters + */ + template + static void validate_evaluations(const Univariate& expected_evals, + const auto relation, + const ExtendedEdges& extended_edges, + const RelationParameters& relation_parameters) + { + + // Compute the expression index-by-index + Univariate expected_evals_index{ 0 }; + for (size_t i = 0; i < FULL_RELATION_LENGTH; ++i) { + // Get an array of the same size as `extended_edges` with only the i-th element of each extended edge. + PurportedEvaluations evals_i = transposed_univariate_array_at(extended_edges, i); + // Evaluate the relation + relation.add_full_relation_value_contribution( + expected_evals_index.value_at(i), evals_i, relation_parameters); + } + EXPECT_EQ(expected_evals, expected_evals_index); + + // Compute the expression using the class, that converts the extended edges to UnivariateView + auto expected_evals_view = Univariate(0); + // The scaling factor is essentially 1 since we are working with degree 1 univariates + relation.add_edge_contribution(expected_evals_view, extended_edges, relation_parameters, 1); + + // Tiny hack to reduce `expected_evals` to be of size `relation.RELATION_LENGTH` + Univariate expected_evals_restricted{ + UnivariateView(expected_evals) + }; + EXPECT_EQ(expected_evals_restricted, expected_evals_view); + }; +}; + +TEST_F(UltraRelationConsistency, UltraArithmeticRelation) +{ + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + static constexpr size_t FULL_RELATION_LENGTH = 6; + using ExtendedEdges = typename Flavor::template ExtendedEdges; + static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; + + const auto relation_parameters = compute_mock_relation_parameters(); + ExtendedEdges extended_edges; + std::array, NUM_POLYNOMIALS> input_polynomials; + + // input_univariates are random polynomials of degree one + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); + } + compute_mock_extended_edges(extended_edges, input_polynomials); + + auto relation = UltraArithmeticRelation(); + + // Extract the extended edges for manual computation of relation contribution + const auto& w_1 = extended_edges.w_l; + const auto& w_2 = extended_edges.w_r; + const auto& w_3 = extended_edges.w_o; + const auto& w_4 = extended_edges.w_4; + const auto& w_4_shift = extended_edges.w_4_shift; + const auto& q_m = extended_edges.q_m; + const auto& q_l = extended_edges.q_l; + const auto& q_r = extended_edges.q_r; + const auto& q_o = extended_edges.q_o; + const auto& q_4 = extended_edges.q_4; + const auto& q_c = extended_edges.q_c; + const auto& q_arith = extended_edges.q_arith; + + static const FF neg_half = FF(-2).invert(); + + auto expected_evals = (q_arith - 3) * (q_m * w_2 * w_1) * neg_half; + expected_evals += (q_l * w_1) + (q_r * w_2) + (q_o * w_3) + (q_4 * w_4) + q_c; + expected_evals += (q_arith - 1) * w_4_shift; + expected_evals *= q_arith; + + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); +}; + +TEST_F(UltraRelationConsistency, UltraArithmeticRelationSecondary) +{ + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + static constexpr size_t FULL_RELATION_LENGTH = 6; + using ExtendedEdges = typename Flavor::template ExtendedEdges; + static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; + + const auto relation_parameters = compute_mock_relation_parameters(); + ExtendedEdges extended_edges; + std::array, NUM_POLYNOMIALS> input_polynomials; + + // input_univariates are random polynomials of degree one + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); + } + compute_mock_extended_edges(extended_edges, input_polynomials); + + auto relation = UltraArithmeticRelationSecondary(); + + // Extract the extended edges for manual computation of relation contribution + const auto& w_1 = extended_edges.w_l; + const auto& w_4 = extended_edges.w_4; + const auto& w_1_shift = extended_edges.w_1_shift; + const auto& q_m = extended_edges.q_m; + const auto& q_arith = extended_edges.q_arith; + + auto expected_evals = (w_1 + w_4 - w_1_shift + q_m); + expected_evals *= (q_arith - 2) * (q_arith - 1) * q_arith; + + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); +}; + +TEST_F(UltraRelationConsistency, UltraGrandProductInitializationRelation) +{ + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + using Flavor = honk::flavor::Ultra; + static constexpr size_t FULL_RELATION_LENGTH = 6; + using ExtendedEdges = typename Flavor::ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; + auto relation_parameters = compute_mock_relation_parameters(); + ExtendedEdges extended_edges; + std::array, NUM_POLYNOMIALS> input_polynomials; + + // input_univariates are random polynomials of degree one + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); + } + compute_mock_extended_edges(extended_edges, input_polynomials); + + auto relation = UltraGrandProductInitializationRelation(); + + // Extract the extended edges for manual computation of relation contribution + const auto& z_perm_shift = extended_edges.z_perm_shift; + const auto& lagrange_last = extended_edges.lagrange_last; + + // Compute the expected result using a simple to read version of the relation expression + auto expected_evals = z_perm_shift * lagrange_last; + + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); +}; + +TEST_F(UltraRelationConsistency, UltraGrandProductComputationRelation) +{ + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + using Flavor = honk::flavor::Ultra; + static constexpr size_t FULL_RELATION_LENGTH = 6; + using ExtendedEdges = typename Flavor::template ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; + auto relation_parameters = compute_mock_relation_parameters(); + ExtendedEdges extended_edges; + std::array, NUM_POLYNOMIALS> input_polynomials; + + // input_univariates are random polynomials of degree one + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); + } + compute_mock_extended_edges(extended_edges, input_polynomials); + + auto relation = UltraGrandProductComputationRelation(); + + const auto& beta = relation_parameters.beta; + const auto& gamma = relation_parameters.gamma; + const auto& public_input_delta = relation_parameters.public_input_delta; + + // Extract the extended edges for manual computation of relation contribution + const auto& w_1 = extended_edges.w_l; + const auto& w_2 = extended_edges.w_r; + const auto& w_3 = extended_edges.w_o; + const auto& w_4 = extended_edges.w_4; + const auto& sigma_1 = extended_edges.sigma_1; + const auto& sigma_2 = extended_edges.sigma_2; + const auto& sigma_3 = extended_edges.sigma_3; + const auto& sigma_4 = extended_edges.sigma_4; + const auto& id_1 = extended_edges.id_1; + const auto& id_2 = extended_edges.id_2; + const auto& id_3 = extended_edges.id_3; + const auto& id_4 = extended_edges.id_4; + const auto& z_perm = extended_edges.z_perm; + const auto& z_perm_shift = extended_edges.z_perm_shift; + const auto& lagrange_first = extended_edges.lagrange_first; + const auto& lagrange_last = extended_edges.lagrange_last; + + // Compute the expected result using a simple to read version of the relation expression + auto expected_evals = (z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) * + (w_3 + id_3 * beta + gamma) * (w_4 + id_4 * beta + gamma) - + (z_perm_shift + lagrange_last * public_input_delta) * (w_1 + sigma_1 * beta + gamma) * + (w_2 + sigma_2 * beta + gamma) * (w_3 + sigma_3 * beta + gamma) * + (w_4 + sigma_4 * beta + gamma); + + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); +}; + +} // namespace proof_system::honk_relation_tests diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index 837922feb2..9a615550ac 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -19,17 +19,21 @@ namespace proof_system::honk::sumcheck { -template class... Relations> class Sumcheck { +template class... Relations> class Sumcheck { public: + using FF = typename Flavor::FF; + using FoldedPolynomials = typename Flavor::FoldedPolynomials; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; + static constexpr size_t MAX_RELATION_LENGTH = std::max({ Relations::RELATION_LENGTH... }); static constexpr size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; - std::array purported_evaluations; + // PurportedEvaluations purported_evaluations(); // TODO Transcript& transcript; const size_t multivariate_n; const size_t multivariate_d; - SumcheckRound round; + SumcheckRound round; // WORKTODO: NUM is in flavor?? /** * @@ -60,7 +64,8 @@ template class... Relations> cl * NOTE: With ~40 columns, prob only want to allocate 256 EdgeGroup's at once to keep stack under 1MB? * TODO(#224)(Cody): might want to just do C-style multidimensional array? for guaranteed adjacency? */ - std::array, NUM_POLYNOMIALS> folded_polynomials; + // std::array, NUM_POLYNOMIALS> folded_polynomials; + FoldedPolynomials folded_polynomials; // prover instantiates sumcheck with circuit size and a prover transcript Sumcheck(size_t multivariate_n, ProverTranscript& transcript) @@ -87,7 +92,7 @@ template class... Relations> cl * * @details */ - SumcheckOutput execute_prover( + SumcheckOutput execute_prover( auto full_polynomials, const RelationParameters& relation_parameters) // pass by value, not by reference { auto [alpha, zeta] = transcript.get_challenges("Sumcheck:alpha", "Sumcheck:zeta"); @@ -137,7 +142,7 @@ template class... Relations> cl * * @details If verification fails, returns std::nullopt, otherwise returns SumcheckOutput */ - std::optional> execute_verifier(const RelationParameters& relation_parameters) + std::optional> execute_verifier(const RelationParameters& relation_parameters) { bool verified(true); @@ -174,17 +179,17 @@ template class... Relations> cl } // Final round - auto purported_evaluations = + PurportedEvaluations purported_evaluations = transcript.template receive_from_prover>("Sumcheck:evaluations"); FF full_honk_relation_purported_value = round.compute_full_honk_relation_purported_value( - purported_evaluations, relation_parameters, pow_univariate, alpha); + purported_evaluations._data, relation_parameters, pow_univariate, alpha); verified = verified && (full_honk_relation_purported_value == round.target_total_sum); if (!verified) { return std::nullopt; } - return SumcheckOutput{ multivariate_challenge, purported_evaluations }; + return SumcheckOutput{ multivariate_challenge, purported_evaluations }; }; // TODO(#224)(Cody): Rename. fold is not descriptive, and it's already in use in the Gemini context. diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp index 95316ca5cb..edef16eca5 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp @@ -1,6 +1,7 @@ #include "sumcheck.hpp" #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/honk/flavor/flavor.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/transcript/transcript_wrappers.hpp" #include "relations/arithmetic_relation.hpp" #include "relations/grand_product_computation_relation.hpp" @@ -22,7 +23,9 @@ using namespace proof_system::honk; using namespace proof_system::honk::sumcheck; -using FF = barretenberg::fr; +using Flavor = honk::flavor::Standard; // TODO(Cody): Generalize this test. +using FF = typename Flavor::FF; +using ProverPolynomials = typename Flavor::ProverPolynomials; const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; @@ -33,44 +36,44 @@ namespace test_sumcheck_round { * */ template -std::array, NUM_POLYNOMIALS> construct_full_polynomials(std::array& w_l, - std::array& w_r, - std::array& w_o, - std::array& z_perm, - std::array& z_perm_shift, - std::array& q_m, - std::array& q_l, - std::array& q_r, - std::array& q_o, - std::array& q_c, - std::array& sigma_1, - std::array& sigma_2, - std::array& sigma_3, - std::array& id_1, - std::array& id_2, - std::array& id_3, - std::array& lagrange_first, - std::array& lagrange_last) +ProverPolynomials construct_full_polynomials(std::array& w_l, + std::array& w_r, + std::array& w_o, + std::array& z_perm, + std::array& z_perm_shift, + std::array& q_m, + std::array& q_l, + std::array& q_r, + std::array& q_o, + std::array& q_c, + std::array& sigma_1, + std::array& sigma_2, + std::array& sigma_3, + std::array& id_1, + std::array& id_2, + std::array& id_3, + std::array& lagrange_first, + std::array& lagrange_last) { - std::array, NUM_POLYNOMIALS> full_polynomials; - full_polynomials[POLYNOMIAL::W_L] = w_l; - full_polynomials[POLYNOMIAL::W_R] = w_r; - full_polynomials[POLYNOMIAL::W_O] = w_o; - full_polynomials[POLYNOMIAL::Z_PERM] = z_perm; - full_polynomials[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_shift; - full_polynomials[POLYNOMIAL::Q_M] = q_m; - full_polynomials[POLYNOMIAL::Q_L] = q_l; - full_polynomials[POLYNOMIAL::Q_R] = q_r; - full_polynomials[POLYNOMIAL::Q_O] = q_o; - full_polynomials[POLYNOMIAL::Q_C] = q_c; - full_polynomials[POLYNOMIAL::SIGMA_1] = sigma_1; - full_polynomials[POLYNOMIAL::SIGMA_2] = sigma_2; - full_polynomials[POLYNOMIAL::SIGMA_3] = sigma_3; - full_polynomials[POLYNOMIAL::ID_1] = id_1; - full_polynomials[POLYNOMIAL::ID_2] = id_2; - full_polynomials[POLYNOMIAL::ID_3] = id_3; - full_polynomials[POLYNOMIAL::LAGRANGE_FIRST] = lagrange_first; - full_polynomials[POLYNOMIAL::LAGRANGE_LAST] = lagrange_last; + ProverPolynomials full_polynomials; + full_polynomials.w_l = w_l; + full_polynomials.w_r = w_r; + full_polynomials.w_o = w_o; + full_polynomials.z_perm = z_perm; + full_polynomials.z_perm_shift = z_perm_shift; + full_polynomials.q_m = q_m; + full_polynomials.q_l = q_l; + full_polynomials.q_r = q_r; + full_polynomials.q_o = q_o; + full_polynomials.q_c = q_c; + full_polynomials.sigma_1 = sigma_1; + full_polynomials.sigma_2 = sigma_2; + full_polynomials.sigma_3 = sigma_3; + full_polynomials.id_1 = id_1; + full_polynomials.id_2 = id_2; + full_polynomials.id_3 = id_3; + full_polynomials.lagrange_first = lagrange_first; + full_polynomials.lagrange_last = lagrange_last; return full_polynomials; } @@ -142,7 +145,7 @@ TEST(Sumcheck, PolynomialNormalization) auto transcript = ProverTranscript::init_empty(); - auto sumcheck = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, @@ -242,7 +245,7 @@ TEST(Sumcheck, Prover) auto transcript = ProverTranscript::init_empty(); - auto sumcheck = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, @@ -323,7 +326,7 @@ TEST(Sumcheck, ProverAndVerifier) auto prover_transcript = ProverTranscript::init_empty(); - auto sumcheck_prover = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, @@ -333,7 +336,7 @@ TEST(Sumcheck, ProverAndVerifier) auto verifier_transcript = VerifierTranscript::init_empty(prover_transcript); - auto sumcheck_verifier = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, @@ -405,7 +408,7 @@ TEST(Sumcheck, ProverAndVerifierLonger) auto prover_transcript = ProverTranscript::init_empty(); - auto sumcheck_prover = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, @@ -415,7 +418,7 @@ TEST(Sumcheck, ProverAndVerifierLonger) auto verifier_transcript = VerifierTranscript::init_empty(prover_transcript); - auto sumcheck_verifier = Sumcheck, ArithmeticRelation, GrandProductComputationRelation, diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp index 52383cc80b..3a3beb82a6 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp @@ -8,12 +8,38 @@ namespace proof_system::honk::sumcheck { * @brief Contains the multi-linear evaluations of the polynomials at the challenge point 'u'. * These are computed by the prover and need to be checked using a multi-linear PCS like Gemini. */ -template struct SumcheckOutput { +template struct SumcheckOutput { + using FF = typename Flavor::FF; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; // u = (u_0, ..., u_{d-1}) std::vector challenge_point; // Evaluations in `u` of the polynomials used in Sumcheck - std::array evaluations; + PurportedEvaluations purported_evaluations; - bool operator==(const SumcheckOutput& other) const = default; + SumcheckOutput() + : purported_evaluations(std::array()){}; + + SumcheckOutput(std::vector _challenge_point, PurportedEvaluations _purported_evaluations) + : challenge_point(_challenge_point) + , purported_evaluations(_purported_evaluations){}; + + SumcheckOutput& operator=(SumcheckOutput&& other) + { + challenge_point = other.challenge_point; + purported_evaluations = other.purported_evaluations; + return *this; + }; + + SumcheckOutput(const SumcheckOutput& other) + : challenge_point(other.challenge_point) + , purported_evaluations(other.purported_evaluations){}; + + bool operator==(const SumcheckOutput& other) const + { + bool result{ false }; + result = challenge_point == other.challenge_point; + // result = purported_evaluations == other.purported_evaluations; + return result; + }; }; } // namespace proof_system::honk::sumcheck diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index 8a10169b8a..cf14b6c15b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -7,6 +7,7 @@ #include "polynomials/univariate.hpp" #include "polynomials/pow.hpp" #include "relations/relation.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk::sumcheck { @@ -50,9 +51,14 @@ namespace proof_system::honk::sumcheck { template functions always create different functions, this is guaranteed. */ -template class... Relations> class SumcheckRound { +template class... Relations> class SumcheckRound { public: + using FF = typename Flavor::FF; + template + using ExtendedEdges = typename Flavor::template ExtendedEdges; + using PurportedEvaluations = typename Flavor::PurportedEvaluations; + bool round_failed = false; size_t round_size; // a power of 2 @@ -66,7 +72,8 @@ template class... Relation std::tuple::RELATION_LENGTH, MAX_RELATION_LENGTH>...> barycentric_utils; std::tuple::RELATION_LENGTH>...> univariate_accumulators; std::array evaluations; - std::array, num_multivariates> extended_edges; + // std::array, num_multivariates> extended_edges; + ExtendedEdges extended_edges; // WORKTODO: alias std::array, NUM_RELATIONS> extended_univariates; // TODO(#224)(Cody): this should go away and we should use constexpr method to extend @@ -143,11 +150,13 @@ template class... Relation * @details Should only be called externally with relation_idx equal to 0. * */ - void extend_edges(auto& multivariates, size_t edge_idx) + void extend_edges(auto& multivariates, size_t edge_idx) // WORKTODO: auto can now be ProverPolynomials? { - for (size_t idx = 0; idx < num_multivariates; idx++) { - auto edge = Univariate({ multivariates[idx][edge_idx], multivariates[idx][edge_idx + 1] }); - extended_edges[idx] = barycentric_2_to_max.extend(edge); + size_t univariate_idx = 0; // ZIPTODO + for (auto& poly : multivariates) { + auto edge = Univariate({ poly[edge_idx], poly[edge_idx + 1] }); + extended_edges[univariate_idx] = barycentric_2_to_max.extend(edge); + univariate_idx++; } } @@ -208,7 +217,7 @@ template class... Relation * checked against the final value of the target total sum, defined as sigma_d. */ // TODO(#224)(Cody): Input should be an array? - FF compute_full_honk_relation_purported_value(std::span purported_evaluations, + FF compute_full_honk_relation_purported_value(PurportedEvaluations purported_evaluations, const RelationParameters& relation_parameters, const PowUnivariate& pow_univariate, const FF alpha) @@ -306,7 +315,7 @@ template class... Relation */ template // TODO(#224)(Cody): Input should be an array? - void accumulate_relation_evaluations(std::span purported_evaluations, + void accumulate_relation_evaluations(PurportedEvaluations purported_evaluations, const RelationParameters& relation_parameters) { std::get(relations).add_full_relation_value_contribution( diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp index 97b8ab4c47..5329c68a6d 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp @@ -21,11 +21,15 @@ using namespace proof_system::honk; using namespace proof_system::honk::sumcheck; + +using Flavor = flavor::Standard; +using FF = typename Flavor::FF; +using ProverPolynomials = typename Flavor::ProverPolynomials; +using PurportedEvaluations = typename Flavor::PurportedEvaluations; + +const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; const size_t max_relation_length = 5; const size_t input_polynomial_length = 2; -using FF = barretenberg::fr; -const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; -using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; namespace test_sumcheck_round { /** @@ -33,46 +37,44 @@ namespace test_sumcheck_round { * */ template -std::array, NUM_POLYNOMIALS> construct_full_polynomials(std::array& w_l, - std::array& w_r, - std::array& w_o, - std::array& z_perm, - std::array& z_perm_shift, - std::array& q_m, - std::array& q_l, - std::array& q_r, - std::array& q_o, - std::array& q_c, - std::array& sigma_1, - std::array& sigma_2, - std::array& sigma_3, - std::array& id_1, - std::array& id_2, - std::array& id_3, - std::array& lagrange_first, - std::array& lagrange_last) +void construct_full_polynomials(ProverPolynomials& full_polynomials, + std::array& w_l, + std::array& w_r, + std::array& w_o, + std::array& z_perm, + std::array& z_perm_shift, + std::array& q_m, + std::array& q_l, + std::array& q_r, + std::array& q_o, + std::array& q_c, + std::array& sigma_1, + std::array& sigma_2, + std::array& sigma_3, + std::array& id_1, + std::array& id_2, + std::array& id_3, + std::array& lagrange_first, + std::array& lagrange_last) { - std::array, NUM_POLYNOMIALS> full_polynomials; - full_polynomials[POLYNOMIAL::W_L] = w_l; - full_polynomials[POLYNOMIAL::W_R] = w_r; - full_polynomials[POLYNOMIAL::W_O] = w_o; - full_polynomials[POLYNOMIAL::Z_PERM] = z_perm; - full_polynomials[POLYNOMIAL::Z_PERM_SHIFT] = z_perm_shift; - full_polynomials[POLYNOMIAL::Q_M] = q_m; - full_polynomials[POLYNOMIAL::Q_L] = q_l; - full_polynomials[POLYNOMIAL::Q_R] = q_r; - full_polynomials[POLYNOMIAL::Q_O] = q_o; - full_polynomials[POLYNOMIAL::Q_C] = q_c; - full_polynomials[POLYNOMIAL::SIGMA_1] = sigma_1; - full_polynomials[POLYNOMIAL::SIGMA_2] = sigma_2; - full_polynomials[POLYNOMIAL::SIGMA_3] = sigma_3; - full_polynomials[POLYNOMIAL::ID_1] = id_1; - full_polynomials[POLYNOMIAL::ID_2] = id_2; - full_polynomials[POLYNOMIAL::ID_3] = id_3; - full_polynomials[POLYNOMIAL::LAGRANGE_FIRST] = lagrange_first; - full_polynomials[POLYNOMIAL::LAGRANGE_LAST] = lagrange_last; - - return full_polynomials; + full_polynomials.w_l = w_l; + full_polynomials.w_r = w_r; + full_polynomials.w_o = w_o; + full_polynomials.z_perm = z_perm; + full_polynomials.z_perm_shift = z_perm_shift; + full_polynomials.q_m = q_m; + full_polynomials.q_l = q_l; + full_polynomials.q_r = q_r; + full_polynomials.q_o = q_o; + full_polynomials.q_c = q_c; + full_polynomials.sigma_1 = sigma_1; + full_polynomials.sigma_2 = sigma_2; + full_polynomials.sigma_3 = sigma_3; + full_polynomials.id_1 = id_1; + full_polynomials.id_2 = id_2; + full_polynomials.id_3 = id_3; + full_polynomials.lagrange_first = lagrange_first; + full_polynomials.lagrange_last = lagrange_last; } // The below two methods are used in the test ComputeUnivariateProver @@ -85,7 +87,7 @@ static Univariate compute_round_univariate( auto relations = std::tuple( ArithmeticRelation(), GrandProductComputationRelation(), GrandProductInitializationRelation()); // Improvement(Cody): This is ugly? Maye supply some/all of this data through "flavor" class? - auto round = SumcheckRound compute_round_univariate( auto lagrange_first = input_polynomials[16]; auto lagrange_last = input_polynomials[17]; - auto full_polynomials = construct_full_polynomials(w_l, - w_r, - w_o, - z_perm, - z_perm_shift, - q_m, - q_l, - q_r, - q_o, - q_c, - sigma_1, - sigma_2, - sigma_3, - id_1, - id_2, - id_3, - lagrange_first, - lagrange_last); + ProverPolynomials full_polynomials; + construct_full_polynomials(full_polynomials, + w_l, + w_r, + w_o, + z_perm, + z_perm_shift, + q_m, + q_l, + q_r, + q_o, + q_c, + sigma_1, + sigma_2, + sigma_3, + id_1, + id_2, + id_3, + lagrange_first, + lagrange_last); PowUnivariate pow_zeta(1); Univariate round_univariate = round.compute_univariate(full_polynomials, relation_parameters, pow_zeta, alpha); @@ -189,29 +193,28 @@ static FF compute_full_purported_value(std::array& input_va const RelationParameters& relation_parameters, const FF alpha) { - std::vector purported_evaluations; - purported_evaluations.resize(NUM_POLYNOMIALS); - purported_evaluations[POLYNOMIAL::W_L] = input_values[0]; - purported_evaluations[POLYNOMIAL::W_R] = input_values[1]; - purported_evaluations[POLYNOMIAL::W_O] = input_values[2]; - purported_evaluations[POLYNOMIAL::Z_PERM] = input_values[3]; - purported_evaluations[POLYNOMIAL::Z_PERM_SHIFT] = input_values[4]; - purported_evaluations[POLYNOMIAL::Q_M] = input_values[5]; - purported_evaluations[POLYNOMIAL::Q_L] = input_values[6]; - purported_evaluations[POLYNOMIAL::Q_R] = input_values[7]; - purported_evaluations[POLYNOMIAL::Q_O] = input_values[8]; - purported_evaluations[POLYNOMIAL::Q_C] = input_values[9]; - purported_evaluations[POLYNOMIAL::SIGMA_1] = input_values[10]; - purported_evaluations[POLYNOMIAL::SIGMA_2] = input_values[11]; - purported_evaluations[POLYNOMIAL::SIGMA_3] = input_values[12]; - purported_evaluations[POLYNOMIAL::ID_1] = input_values[13]; - purported_evaluations[POLYNOMIAL::ID_2] = input_values[14]; - purported_evaluations[POLYNOMIAL::ID_3] = input_values[15]; - purported_evaluations[POLYNOMIAL::LAGRANGE_FIRST] = input_values[16]; - purported_evaluations[POLYNOMIAL::LAGRANGE_LAST] = input_values[17]; + PurportedEvaluations purported_evaluations; + purported_evaluations.w_l = input_values[0]; + purported_evaluations.w_r = input_values[1]; + purported_evaluations.w_o = input_values[2]; + purported_evaluations.z_perm = input_values[3]; + purported_evaluations.z_perm_shift = input_values[4]; + purported_evaluations.q_m = input_values[5]; + purported_evaluations.q_l = input_values[6]; + purported_evaluations.q_r = input_values[7]; + purported_evaluations.q_o = input_values[8]; + purported_evaluations.q_c = input_values[9]; + purported_evaluations.sigma_1 = input_values[10]; + purported_evaluations.sigma_2 = input_values[11]; + purported_evaluations.sigma_3 = input_values[12]; + purported_evaluations.id_1 = input_values[13]; + purported_evaluations.id_2 = input_values[14]; + purported_evaluations.id_3 = input_values[15]; + purported_evaluations.lagrange_first = input_values[16]; + purported_evaluations.lagrange_last = input_values[17]; auto relations = std::tuple( ArithmeticRelation(), GrandProductComputationRelation(), GrandProductInitializationRelation()); - auto round = SumcheckRoundcircuit_size >= selector_values.size()); @@ -135,7 +135,7 @@ std::vector construct_wire_polynomials_base( std::vector wire_polynomials; // Note: randomness is added to 3 of the last 4 positions in plonk/proof_system/prover/prover.cpp // StandardProverBase::execute_preamble_round(). - size_t wire_idx = 0; + size_t wire_idx = 0; // ZIPTODO for (auto& wire : circuit_constructor.wires) { // Initialize the polynomial with all the actual copies variable values // Expect all values to be set to 0 initially diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 77bc6a5317..cd380c0be2 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -419,7 +419,7 @@ void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): provi { // Fill id polynomials with default values // TODO(Cody): Allocate polynomial space in proving key constructor. - size_t coset_idx = 0; + size_t coset_idx = 0; // ZIPTODO for (auto& id_poly : proving_key->get_id_polynomials()) { typename Flavor::Polynomial new_poly(proving_key->circuit_size); for (size_t i = 0; i < proving_key->circuit_size; ++i) { diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 3f67526e8b..faaa51edcc 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -15,9 +15,12 @@ #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" #include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" +// WORKTODO: Names of these classes +// WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in +// SumcheckOutput) namespace proof_system::honk::flavor { - template class Data { public: using DataType = std::array; @@ -25,17 +28,24 @@ template class Data { // TODO(Cody): now it's safe to inherit from this... right? virtual ~Data() = default; + Data() = default; + // TODO(Cody): are these needed? + Data(const Data&) = default; + Data(Data&&) = default; + virtual Data& operator=(const Data&) = default; + virtual Data& operator=(const Data&&) = default; T& operator[](size_t idx) { return _data[idx]; }; typename DataType::iterator begin() { return _data.begin(); }; typename DataType::iterator end() { return _data.end(); }; - consteval size_t size() { return _data.size(); }; + size_t size() { return _data.size(); }; // WORKTODO: constexpr }; template class BasePrecomputedData : public Data { public: + BasePrecomputedData() = default; virtual std::vector get_selectors() = 0; virtual std::vector get_sigma_polynomials() = 0; virtual std::vector get_id_polynomials() = 0; @@ -50,9 +60,10 @@ template class BaseProvingKey : public P const size_t num_public_inputs; std::shared_ptr crs; EvaluationDomain evaluation_domain; - const ComposerType composer_type; // TODO(Cody): Get rid of this - PolynomialStore polynomial_store; // TODO(Cody): Get rid of this + const ComposerType composer_type; // WORKTODO: Get rid of this + PolynomialStore polynomial_store; // WORKTODO: Get rid of this + BaseProvingKey() = default; BaseProvingKey(const size_t circuit_size, const size_t num_public_inputs, std::shared_ptr const& crs, @@ -74,6 +85,13 @@ template class BaseProvingKey : public P template using BaseVerificationKey = PrecomputedData; template class BaseAllData : public Data { public: + BaseAllData() { this->_data = {}; } + + BaseAllData(std::array read_evals) { this->_data = read_evals; } + // BaseAllData(const BaseAllData& other){this->_data = other.data;}; + BaseAllData& operator=(const BaseAllData& other) { this->_data = other._data; }; + BaseAllData& operator=(const BaseAllData&& other) { this->_data = other._data; }; + virtual std::vector get_not_to_be_shifted() = 0; virtual std::vector get_to_be_shifted() = 0; @@ -101,7 +119,7 @@ class Standard { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this?/s + static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this? // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. @@ -125,6 +143,79 @@ class Standard { std::vector get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; std::vector get_id_polynomials() { return { id_1, id_2, id_3 }; }; + + virtual ~PrecomputedData() = default; + PrecomputedData() = default; + // TODO(Cody): are these needed? + PrecomputedData(const PrecomputedData& other) + { + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + }; + + PrecomputedData(PrecomputedData&& other) + { + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + }; + + PrecomputedData& operator=(const PrecomputedData& other) + { + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + return *this; + }; + + PrecomputedData& operator=(PrecomputedData&& other) + { + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + return *this; + }; }; using ProvingKey = BaseProvingKey, FF>; @@ -152,13 +243,112 @@ class Standard { T& lagrange_first = std::get<16>(this->_data); T& lagrange_last = std::get<17>(this->_data); - std::vector get_not_to_be_shifted() + std::vector get_wires() { return { w_l, w_r, w_o }; }; + + std::vector get_not_to_be_shifted() override { // ...z_perm_shift is in here? return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; }; - std::vector get_to_be_shifted() { return { z_perm }; }; + std::vector get_to_be_shifted() override { return { z_perm }; }; + + AllData() = default; + AllData(std::array _data_in) + { + this->_data = _data_in; + }; // WORKTODO: this will break references? + virtual ~AllData() = default; + // TODO(Cody): are these needed? + AllData(const AllData& other) + { + w_l = other.w_l; + w_r = other.w_r; + w_o = other.w_o; + z_perm = other.z_perm; + z_perm_shift = other.z_perm_shift; + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + }; + + AllData(AllData&& other) + { + w_l = other.w_l; + w_r = other.w_r; + w_o = other.w_o; + z_perm = other.z_perm; + z_perm_shift = other.z_perm_shift; + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + }; + + AllData& operator=(const AllData& other) + { + w_l = other.w_l; + w_r = other.w_r; + w_o = other.w_o; + z_perm = other.z_perm; + z_perm_shift = other.z_perm_shift; + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + return *this; + }; + + AllData& operator=(AllData&& other) + { + w_l = other.w_l; + w_r = other.w_r; + w_o = other.w_o; + z_perm = other.z_perm; + z_perm_shift = other.z_perm_shift; + q_m = other.q_m; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_c = other.q_c; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + return *this; + }; }; // These are classes are views of data living in different entities. They @@ -167,10 +357,15 @@ class Standard { using ProverPolynomials = AllData; using VerifierCommitments = AllData; - // WORKTODOXIxI: Handle univariates right - using ExtendedEdges = AllData>; + // WORKTODO: Handle univariates right + using FoldedPolynomials = AllData>; // WORKTODO add view class type. + template using ExtendedEdges = AllData>; - using PurportedEvaluations = AllData; + class PurportedEvaluations : public AllData { + public: // WORKTODO: this is bad + PurportedEvaluations() { this->_data = {}; } + PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } + }; class CommitmentLabels : public AllData { public: @@ -178,22 +373,19 @@ class Standard { // transcript interface, which takes a string // note: we could consider "enriching" the transcript interface to not use // strings in the future, but I leave it this way for simplicity - std::string w_l = "w_l"; - std::string w_r = "w_r"; - std::string w_o = "w_o"; - std::string p_0 = "p_0"; - std::string p_1 = "p_1"; - std::string q_0 = "q_0"; - std::string q_1 = "q_1"; - std::string s_0 = "s_0"; + + // WORKTODO: stick with these names from before? + std::string w_l = "W_1"; + std::string w_r = "W_2"; + std::string w_o = "W_3"; + std::string z_perm = "Z_PERM"; }; }; class Ultra { public: using CircuitConstructor = UltraCircuitConstructor; - using FF = CircuitConstructor::FF; - + using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; using G1 = barretenberg::g1; @@ -202,69 +394,384 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = 18; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this? + static constexpr size_t NUM_ALL_ENTITIES = 35; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; + static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this actually? - // TODO(Cody): Made this public derivation so that I could populate selector - // polys from circuit constructor. template class PrecomputedData : public BasePrecomputedData { public: - T& q_m = std::get<0>(this->_data); + T& q_c = std::get<0>(this->_data); T& q_l = std::get<1>(this->_data); T& q_r = std::get<2>(this->_data); T& q_o = std::get<3>(this->_data); - T& q_c = std::get<4>(this->_data); - T& sigma_1 = std::get<5>(this->_data); - T& sigma_2 = std::get<6>(this->_data); - T& sigma_3 = std::get<7>(this->_data); - T& id_1 = std::get<8>(this->_data); - T& id_2 = std::get<9>(this->_data); - T& id_3 = std::get<10>(this->_data); - T& lagrange_first = std::get<11>(this->_data); - T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + T& q_4 = std::get<4>(this->_data); + T& q_m = std::get<5>(this->_data); + T& q_arith = std::get<6>(this->_data); + T& q_sort = std::get<7>(this->_data); + T& q_elliptic = std::get<8>(this->_data); + T& q_aux = std::get<9>(this->_data); + T& q_lookuptype = std::get<10>(this->_data); + T& s_1 = std::get<11>(this->_data); // These shouldn't be in here, right? + T& s_2 = std::get<12>(this->_data); + T& s_3 = std::get<13>(this->_data); + T& s_4 = std::get<14>(this->_data); + T& sigma_1 = std::get<15>(this->_data); + T& sigma_2 = std::get<16>(this->_data); + T& sigma_3 = std::get<17>(this->_data); + T& sigma_4 = std::get<18>(this->_data); + T& id_1 = std::get<19>(this->_data); + T& id_2 = std::get<20>(this->_data); + T& id_3 = std::get<21>(this->_data); + T& id_4 = std::get<22>(this->_data); + T& lagrange_first = std::get<23>(this->_data); + T& lagrange_last = std::get<24>(this->_data); + + std::vector get_selectors() + { + return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; + }; + std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; + + virtual ~PrecomputedData() = default; + PrecomputedData() = default; + // TODO(Cody): are these needed? + PrecomputedData(const PrecomputedData& other) + : q_c(other.q_c) + , q_l(other.q_l) + , q_r(other.q_r) + , q_o(other.q_o) + , q_4(other.q_4) + , q_m(other.q_m) + , q_arith(other.q_arith) + , q_sort(other.q_sort) + , q_elliptic(other.q_elliptic) + , q_aux(other.q_aux) + , q_lookuptype(other.q_lookuptype) + , s_1(other.s_1) + , s_2(other.s_2) + , s_3(other.s_3) + , s_4(other.s_4) + , sigma_1(other.sigma_1) + , sigma_2(other.sigma_2) + , sigma_3(other.sigma_3) + , sigma_4(other.sigma_4) + , id_1(other.id_1) + , id_2(other.id_2) + , id_3(other.id_3) + , id_4(other.id_4) + , lagrange_first(other.lagrange_first) + , lagrange_last(other.lagrange_last){}; + + PrecomputedData(PrecomputedData&& other) + : q_c(other.q_c) + , q_l(other.q_l) + , q_r(other.q_r) + , q_o(other.q_o) + , q_4(other.q_4) + , q_m(other.q_m) + , q_arith(other.q_arith) + , q_sort(other.q_sort) + , q_elliptic(other.q_elliptic) + , q_aux(other.q_aux) + , q_lookuptype(other.q_lookuptype) + , s_1(other.s_1) + , s_2(other.s_2) + , s_3(other.s_3) + , s_4(other.s_4) + , sigma_1(other.sigma_1) + , sigma_2(other.sigma_2) + , sigma_3(other.sigma_3) + , sigma_4(other.sigma_4) + , id_1(other.id_1) + , id_2(other.id_2) + , id_3(other.id_3) + , id_4(other.id_4) + , lagrange_first(other.lagrange_first) + , lagrange_last(other.lagrange_last){}; + + PrecomputedData& operator=(const PrecomputedData& other) + // TODO(Cody): Doesn't work for self assignment? + { + q_c = other.q_c; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_4 = other.q_4; + q_m = other.q_m; + q_arith = other.q_arith; + q_sort = other.q_sort; + q_elliptic = other.q_elliptic; + q_aux = other.q_aux; + q_lookuptype = other.q_lookuptype; + s_1 = other.s_1; + s_2 = other.s_2; + s_3 = other.s_3; + s_4 = other.s_4; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + sigma_4 = other.sigma_4; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + id_4 = other.id_4; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + return *this; + }; - std::vector get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; - std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; - std::vector get_id_polynomials() { return { id_1, id_2, id_3 }; }; + PrecomputedData& operator=(PrecomputedData&& other) + { + q_c = other.q_c; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_4 = other.q_4; + q_m = other.q_m; + q_arith = other.q_arith; + q_sort = other.q_sort; + q_elliptic = other.q_elliptic; + q_aux = other.q_aux; + q_lookuptype = other.q_lookuptype; + s_1 = other.s_1; + s_2 = other.s_2; + s_3 = other.s_3; + s_4 = other.s_4; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + sigma_4 = other.sigma_4; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + id_4 = other.id_4; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + return *this; + }; }; - // TODO(Cody): Made this public derivation so that I could iterate through - // the selectors - using ProvingKey = BaseProvingKey, FF>; using VerificationKey = BaseVerificationKey>; - template class AllData : BaseAllData { + template class AllData : public BaseAllData { public: - T& w_l = std::get<0>(this->_data); - T& w_r = std::get<1>(this->_data); - T& w_o = std::get<2>(this->_data); - T& z_perm = std::get<3>(this->_data); - T& z_perm_shift = std::get<4>(this->_data); + T& q_c = std::get<0>(this->_data); + T& q_l = std::get<1>(this->_data); + T& q_r = std::get<2>(this->_data); + T& q_o = std::get<3>(this->_data); + T& q_4 = std::get<4>(this->_data); T& q_m = std::get<5>(this->_data); - T& q_l = std::get<6>(this->_data); - T& q_r = std::get<7>(this->_data); - T& q_o = std::get<8>(this->_data); - T& q_c = std::get<9>(this->_data); - T& sigma_1 = std::get<10>(this->_data); - T& sigma_2 = std::get<11>(this->_data); - T& sigma_3 = std::get<12>(this->_data); - T& id_1 = std::get<13>(this->_data); - T& id_2 = std::get<14>(this->_data); - T& id_3 = std::get<15>(this->_data); - T& lagrange_first = std::get<16>(this->_data); - T& lagrange_last = std::get<17>(this->_data); + T& q_arith = std::get<6>(this->_data); + T& q_sort = std::get<7>(this->_data); + T& q_elliptic = std::get<8>(this->_data); + T& q_aux = std::get<9>(this->_data); + T& q_lookuptype = std::get<10>(this->_data); + T& sigma_1 = std::get<11>(this->_data); + T& sigma_2 = std::get<12>(this->_data); + T& sigma_3 = std::get<13>(this->_data); + T& sigma_4 = std::get<14>(this->_data); + T& id_1 = std::get<15>(this->_data); + T& id_2 = std::get<16>(this->_data); + T& id_3 = std::get<17>(this->_data); + T& id_4 = std::get<18>(this->_data); + T& lagrange_first = std::get<19>(this->_data); + T& lagrange_last = std::get<20>(this->_data); + T& w_l = std::get<21>(this->_data); + T& w_r = std::get<22>(this->_data); + T& w_o = std::get<23>(this->_data); + T& w_4 = std::get<24>(this->_data); + T& s_1 = std::get<25>(this->_data); + T& s_2 = std::get<26>(this->_data); + T& s_3 = std::get<27>(this->_data); + T& s_4 = std::get<28>(this->_data); + T& z_perm = std::get<29>(this->_data); + T& z_lookup = std::get<30>(this->_data); + T& w_1_shift = std::get<31>(this->_data); + T& w_4_shift = std::get<32>(this->_data); + T& z_perm_shift = std::get<33>(this->_data); + T& z_lookup_shift = std::get<34>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + + std::vector get_not_to_be_shifted() override + { + return { + q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, + q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, id_2, id_3, id_4, lagrange_first, + lagrange_last, w_l, w_r, w_o, w_4, s_1, s_2, s_3, s_4, z_perm, + z_lookup + + }; + }; - std::vector get_not_to_be_shifted() - { // ...z_perm_shift is in here? - return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, - id_1, id_2, id_3, lagrange_first, lagrange_last }; + std::vector get_to_be_shifted() override { return { w_1_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; + + AllData() = default; + AllData(std::array _data_in) + { + this->_data = _data_in; + }; // WORKTODO: this will break references? + virtual ~AllData() = default; + // TODO(Cody): are these needed? + AllData(const AllData& other) + : q_c(other.q_c) + , q_l(other.q_l) + , q_r(other.q_r) + , q_o(other.q_o) + , q_4(other.q_4) + , q_m(other.q_m) + , q_arith(other.q_arith) + , q_sort(other.q_sort) + , q_elliptic(other.q_elliptic) + , q_aux(other.q_aux) + , q_lookuptype(other.q_lookuptype) + , sigma_1(other.sigma_1) + , sigma_2(other.sigma_2) + , sigma_3(other.sigma_3) + , sigma_4(other.sigma_4) + , id_1(other.id_1) + , id_2(other.id_2) + , id_3(other.id_3) + , id_4(other.id_4) + , lagrange_first(other.lagrange_first) + , lagrange_last(other.lagrange_last) + , w_l(other.w_l) + , w_r(other.w_r) + , w_o(other.w_o) + , w_4(other.w_4) + , s_1(other.s_1) + , s_2(other.s_2) + , s_3(other.s_3) + , s_4(other.s_4) + , z_perm(other.z_perm) + , z_lookup(other.z_lookup) + , w_1_shift(other.w_1_shift) + , w_4_shift(other.w_4_shift) + , z_perm_shift(other.z_perm_shift) + , z_lookup_shift(other.z_lookup_shift){}; + + AllData(AllData&& other) + : + + q_c(other.q_c) + , q_l(other.q_l) + , q_r(other.q_r) + , q_o(other.q_o) + , q_4(other.q_4) + , q_m(other.q_m) + , q_arith(other.q_arith) + , q_sort(other.q_sort) + , q_elliptic(other.q_elliptic) + , q_aux(other.q_aux) + , q_lookuptype(other.q_lookuptype) + , sigma_1(other.sigma_1) + , sigma_2(other.sigma_2) + , sigma_3(other.sigma_3) + , sigma_4(other.sigma_4) + , id_1(other.id_1) + , id_2(other.id_2) + , id_3(other.id_3) + , id_4(other.id_4) + , lagrange_first(other.lagrange_first) + , lagrange_last(other.lagrange_last) + , w_l(other.w_l) + , w_r(other.w_r) + , w_o(other.w_o) + , w_4(other.w_4) + , s_1(other.s_1) + , s_2(other.s_2) + , s_3(other.s_3) + , s_4(other.s_4) + , z_perm(other.z_perm) + , z_lookup(other.z_lookup) + , w_1_shift(other.w_1_shift) + , w_4_shift(other.w_4_shift) + , z_perm_shift(other.z_perm_shift) + , z_lookup_shift(other.z_lookup_shift){}; + + AllData& operator=(const AllData& other) + { + q_c = other.q_c; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_4 = other.q_4; + q_m = other.q_m; + q_arith = other.q_arith; + q_sort = other.q_sort; + q_elliptic = other.q_elliptic; + q_aux = other.q_aux; + q_lookuptype = other.q_lookuptype; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + sigma_4 = other.sigma_4; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + id_4 = other.id_4; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + w_l = other.w_l; + w_r = other.w_r; + w_o = other.w_o; + w_4 = other.w_4; + s_1 = other.s_1; + s_2 = other.s_2; + s_3 = other.s_3; + s_4 = other.s_4; + z_perm = other.z_perm; + z_lookup = other.z_lookup; + w_1_shift = other.w_1_shift; + w_4_shift = other.w_4_shift; + z_perm_shift = other.z_perm_shift; + z_lookup_shift = other.z_lookup_shift; + return *this; }; - std::vector get_to_be_shifted() { return { z_perm }; }; + AllData& operator=(AllData&& other) + { + q_c = other.q_c; + q_l = other.q_l; + q_r = other.q_r; + q_o = other.q_o; + q_4 = other.q_4; + q_m = other.q_m; + q_arith = other.q_arith; + q_sort = other.q_sort; + q_elliptic = other.q_elliptic; + q_aux = other.q_aux; + q_lookuptype = other.q_lookuptype; + sigma_1 = other.sigma_1; + sigma_2 = other.sigma_2; + sigma_3 = other.sigma_3; + sigma_4 = other.sigma_4; + id_1 = other.id_1; + id_2 = other.id_2; + id_3 = other.id_3; + id_4 = other.id_4; + lagrange_first = other.lagrange_first; + lagrange_last = other.lagrange_last; + w_l = other.w_l; + w_r = other.w_r; + w_o = other.w_o; + w_4 = other.w_4; + s_1 = other.s_1; + s_2 = other.s_2; + s_3 = other.s_3; + s_4 = other.s_4; + z_perm = other.z_perm; + z_lookup = other.z_lookup; + w_1_shift = other.w_1_shift; + w_4_shift = other.w_4_shift; + z_perm_shift = other.z_perm_shift; + z_lookup_shift = other.z_lookup_shift; + return *this; + }; }; // These are classes are views of data living in different entities. They @@ -273,10 +780,15 @@ class Ultra { using ProverPolynomials = AllData; using VerifierCommitments = AllData; - // TODO: Handle univariates right - using ExtendedEdges = AllData>; + // WORKTODO: Handle univariates right + using FoldedPolynomials = AllData>; // WORKTODO add view class type. + template using ExtendedEdges = AllData>; - using PurportedEvaluations = AllData; + class PurportedEvaluations : public AllData { + public: + PurportedEvaluations() { this->_data = {}; } + PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } + }; class CommitmentLabels : public AllData { public: @@ -284,16 +796,15 @@ class Ultra { // transcript interface, which takes a string // note: we could consider "enriching" the transcript interface to not use // strings in the future, but I leave it this way for simplicity - std::string w_l = "w_l"; - std::string w_r = "w_r"; - std::string w_o = "w_o"; - std::string p_0 = "p_0"; - std::string p_1 = "p_1"; - std::string q_0 = "q_0"; - std::string q_1 = "q_1"; - std::string s_0 = "s_0"; + + // WORKTODO: stick with these names from before? + std::string w_l = "W_1"; + std::string w_r = "W_2"; + std::string w_o = "W_3"; + std::string z_perm = "Z_PERM"; }; }; + } // namespace proof_system::honk::flavor namespace proof_system::plonk::flavor { diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index bf2b678111..3611bc45c2 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -19,13 +19,13 @@ TEST(Flavor, Standard) Flavor::VerificationKey verification_key; Flavor::ProverPolynomials prover_polynomials; Flavor::VerifierCommitments verifier_commitments; - Flavor::ExtendedEdges edges; + Flavor::ExtendedEdges edges; Flavor::PurportedEvaluations evals; Flavor::CommitmentLabels commitment_labels; EXPECT_EQ(prover_polynomials.size(), 18); EXPECT_EQ(prover_polynomials.size(), prover_polynomials.get_in_order().size()); - EXPECT_EQ(commitment_labels.w_l, "w_l"); + EXPECT_EQ(commitment_labels.w_r, "W_2"); auto get_test_polynomial = [](size_t& idx) { Flavor::Polynomial poly(4); From 1a7de69d8a704b9ea94b675101f7adaa0105f892 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 19 Apr 2023 21:04:06 +0000 Subject: [PATCH 013/119] BaseCase runs through but fails. --- .../honk/proof_system/prover_library.cpp | 23 ++--- .../ultra_plonk_composer.test.cpp | 2 - .../composer/permutation_helper.hpp | 9 +- .../proof_system/flavor/flavor.hpp | 92 +++++++++++++++---- .../proof_system/flavor/flavor.test.cpp | 14 ++- 5 files changed, 103 insertions(+), 37 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 41ea3c726e..ab591b47b2 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -12,7 +12,9 @@ using Polynomial = barretenberg::Polynomial; /** * @brief Compute the permutation grand product polynomial Z_perm(X) * * - * @detail (This description assumes Flavor::num_wires 3). Z_perm may be defined in terms of its values + * @detail (This description assumes Flavor::num_wires 3). Z_perm may be defined in terms of iwires +wires +wirests values * on X_i = 0,1,...,n-1 as Z_perm[0] = 1 and for i = 1:n-1 * * (w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ) @@ -57,23 +59,18 @@ typename Flavor::Polynomial compute_permutation_grand_product( } // Populate wire and permutation polynomials - std::array, Flavor::num_wires> wires; - std::array, Flavor::num_wires> sigmas; - std::array, Flavor::num_wires> ids; - for (size_t i = 0; i < Flavor::num_wires; ++i) { - std::string sigma_id = "sigma_" + std::to_string(i + 1) + "_lagrange"; - wires[i] = wire_polynomials[i]; - // WORKTODO - // sigmas[i] = key->polynomial_store.get(sigma_id); - // ids[i] = key->polynomial_store.get("id_" + std::to_string(i + 1) + "_lagrange"); - } + // std::array, Flavor::num_wires> wires = wire_polynomials; + auto ids = key->get_id_polynomials(); + + auto sigmas = key->get_sigma_polynomials(); // Step (1) // TODO(#222)(kesha): Change the order to engage automatic prefetching and get rid of redundant computation for (size_t i = 0; i < key->circuit_size; ++i) { for (size_t k = 0; k < Flavor::num_wires; ++k) { - numerator_accumulator[k][i] = wires[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ - denominator_accumulator[k][i] = wires[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ + numerator_accumulator[k][i] = wire_polynomials[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ + denominator_accumulator[k][i] = + wire_polynomials[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ } } diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.test.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.test.cpp index cc90c8de1e..0168f0e68b 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.test.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.test.cpp @@ -70,7 +70,6 @@ TEST(ultra_plonk_composer_splitting_tmp, debug_composer_discrepencies) for (const auto& [key, poly] : prover.key->polynomial_store) { if (prover_new.key->polynomial_store.contains(key)) { - // info(key); EXPECT_EQ(prover.key->polynomial_store.get(key), prover_new.key->polynomial_store.get(key)); } } @@ -79,7 +78,6 @@ TEST(ultra_plonk_composer_splitting_tmp, debug_composer_discrepencies) auto verifier_new = composer_new.create_verifier(); for (const auto& [key, poly] : verifier.key->commitments) { - // info(key); EXPECT_EQ(verifier.key->commitments[key], verifier_new.key->commitments[key]); } diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index cd380c0be2..9bbd0ab317 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -239,8 +239,8 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( size_t wire_index = 0; for (auto& current_permutation_poly : permutation_polynomials) { - auto new_poly = typename Flavor::Polynomial(num_gates); // TODO(Cody): Cleanly allocate in pk? - current_permutation_poly = new_poly; + // auto new_poly = typename Flavor::Polynomial(num_gates); // TODO(Cody): Cleanly allocate in pk? + // current_permutation_poly = new_poly; ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); const auto& current_mapping = permutation_mappings[wire_index][i]; @@ -421,11 +421,10 @@ void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): provi // TODO(Cody): Allocate polynomial space in proving key constructor. size_t coset_idx = 0; // ZIPTODO for (auto& id_poly : proving_key->get_id_polynomials()) { - typename Flavor::Polynomial new_poly(proving_key->circuit_size); for (size_t i = 0; i < proving_key->circuit_size; ++i) { - new_poly[i] = coset_idx * proving_key->circuit_size + i; + id_poly[i] = coset_idx * proving_key->circuit_size + i; } - id_poly = new_poly; + coset_idx++; } } diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index faaa51edcc..70646e81ff 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -55,25 +55,31 @@ class BasePrecomputedData : public Data { // the selectors template class BaseProvingKey : public PrecomputedData { public: - const size_t circuit_size; - const size_t log_circuit_size; - const size_t num_public_inputs; + size_t circuit_size; + size_t log_circuit_size; + size_t num_public_inputs; std::shared_ptr crs; EvaluationDomain evaluation_domain; - const ComposerType composer_type; // WORKTODO: Get rid of this + ComposerType composer_type; // WORKTODO: Get rid of this PolynomialStore polynomial_store; // WORKTODO: Get rid of this BaseProvingKey() = default; - BaseProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - : circuit_size(circuit_size) - , log_circuit_size(numeric::get_msb(circuit_size)) - , num_public_inputs(num_public_inputs) - , crs(crs) - , evaluation_domain(circuit_size, circuit_size) - , composer_type(composer_type){}; + // BaseProvingKey(const size_t circuit_size, + // const size_t num_public_inputs, + // std::shared_ptr const& crs, + // ComposerType composer_type) + // : circuit_size(circuit_size) + // , log_circuit_size(numeric::get_msb(circuit_size)) + // , num_public_inputs(num_public_inputs) + // , crs(crs) + // , evaluation_domain(circuit_size, circuit_size) + // , composer_type(composer_type){ + // for (auto& poly : this->_data) + // { + // auto new_poly = PrecomputedData(circuit_size); + // poly = new_poly; + // } + // }; }; /** @@ -149,6 +155,7 @@ class Standard { // TODO(Cody): are these needed? PrecomputedData(const PrecomputedData& other) { + this->_data = other._data; q_m = other.q_m; q_l = other.q_l; q_r = other.q_r; @@ -166,6 +173,7 @@ class Standard { PrecomputedData(PrecomputedData&& other) { + this->_data = other._data; q_m = other.q_m; q_l = other.q_l; q_r = other.q_r; @@ -183,6 +191,8 @@ class Standard { PrecomputedData& operator=(const PrecomputedData& other) { + this->_data = other._data; + q_m = other.q_m; q_l = other.q_l; q_r = other.q_r; @@ -201,6 +211,8 @@ class Standard { PrecomputedData& operator=(PrecomputedData&& other) { + this->_data = other._data; + q_m = other.q_m; q_l = other.q_l; q_r = other.q_r; @@ -218,7 +230,27 @@ class Standard { }; }; - using ProvingKey = BaseProvingKey, FF>; + class ProvingKey : public BaseProvingKey, FF> { + public: + ProvingKey() = default; + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + this->composer_type = composer_type; + + for (auto& poly : this->_data) { + auto new_poly = Polynomial(circuit_size); + poly = new_poly; + } + }; + }; using VerificationKey = BaseVerificationKey>; @@ -262,6 +294,8 @@ class Standard { // TODO(Cody): are these needed? AllData(const AllData& other) { + this->_data = other._data; + w_l = other.w_l; w_r = other.w_r; w_o = other.w_o; @@ -284,6 +318,8 @@ class Standard { AllData(AllData&& other) { + this->_data = other._data; + w_l = other.w_l; w_r = other.w_r; w_o = other.w_o; @@ -306,6 +342,8 @@ class Standard { AllData& operator=(const AllData& other) { + this->_data = other._data; + w_l = other.w_l; w_r = other.w_r; w_o = other.w_o; @@ -329,6 +367,8 @@ class Standard { AllData& operator=(AllData&& other) { + this->_data = other._data; + w_l = other.w_l; w_r = other.w_r; w_o = other.w_o; @@ -553,7 +593,27 @@ class Ultra { }; }; - using ProvingKey = BaseProvingKey, FF>; + class ProvingKey : public BaseProvingKey, FF> { + public: + ProvingKey() = default; + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + this->composer_type = composer_type; + + for (auto& poly : this->_data) { + auto new_poly = Polynomial(circuit_size); + poly = new_poly; + } + }; + }; using VerificationKey = BaseVerificationKey>; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 3611bc45c2..e777514f47 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -11,11 +11,23 @@ TEST(Flavor, Standard) { using Flavor = proof_system::honk::flavor::Standard; using FF = Flavor::FF; - Flavor::ProvingKey proving_key = []() { + using ProvingKey = typename Flavor::ProvingKey; + + ProvingKey proving_key = []() { auto crs_factory = ReferenceStringFactory(); auto crs = crs_factory.get_prover_crs(4); return Flavor::ProvingKey(/*circuit_size=*/4, /*num_inputs=*/0, crs, ComposerType::STANDARD); }(); + + size_t coset_idx = 0; + for (auto& id_poly : proving_key.get_id_polynomials()) { + typename Flavor::Polynomial new_poly(proving_key.circuit_size); + for (size_t i = 0; i < proving_key.circuit_size; ++i) { + id_poly[i] = coset_idx * proving_key.circuit_size + i; + } + coset_idx++; + } + Flavor::VerificationKey verification_key; Flavor::ProverPolynomials prover_polynomials; Flavor::VerifierCommitments verifier_commitments; From 27ffbeb5caba6461555b2fb372cc49a7b7d32581 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 19 Apr 2023 21:41:28 +0000 Subject: [PATCH 014/119] Add table polys and reinstate in prover lib. --- .../honk/proof_system/prover_library.cpp | 35 ++------ .../honk/proof_system/prover_library.test.cpp | 4 +- .../proof_system/flavor/flavor.hpp | 90 +++++++++++++------ 3 files changed, 75 insertions(+), 54 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index ab591b47b2..8ee167de4d 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -207,15 +207,11 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr column_1_step_size; - std::span column_2_step_size; - std::span column_3_step_size; - // WORKTODO - // std::span column_1_step_size = key->polynomial_store.get("q_2_lagrange"); - // std::span column_2_step_size = key->polynomial_store.get("q_m_lagrange"); - // std::span column_3_step_size = key->polynomial_store.get("q_c_lagrange"); + std::span column_1_step_size = key->q_r; + std::span column_2_step_size = key->q_m; + std::span column_3_step_size = key->q_c; - // Utilize three wires; this is not tied to program width + // Utilize three wires even when more are available. std::array, 3> wires; for (size_t i = 0; i < 3; ++i) { wires[i] = wire_polynomials[i]; @@ -225,12 +221,10 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr temp_vector; std::span temp_span{ temp_vector }; std::array, 4> tables{ - temp_span, temp_span, temp_span, temp_span - // WORKDTODO - // key->polynomial_store.get("table_value_1_lagrange"), - // key->polynomial_store.get("table_value_2_lagrange"), - // key->polynomial_store.get("table_value_3_lagrange"), - // key->polynomial_store.get("table_value_4_lagrange"), + key->table_1, + key->table_2, + key->table_3, + key->table_4, }; std::span lookup_selector{ temp_vector }; @@ -382,14 +376,6 @@ template honk::flavor::Ultra::Polynomial compute_permutation_grand_product( - std::shared_ptr& key, - std::vector& wire_polynomials, - typename honk::flavor::Standard::Polynomial& sorted_list_accumulator, - typename honk::flavor::Standard::FF eta, - typename honk::flavor::Standard::FF beta, - typename honk::flavor::Standard::FF gamma); - template typename honk::flavor::Ultra::Polynomial compute_lookup_grand_product( std::shared_ptr& key, std::vector& wire_polynomials, @@ -398,11 +384,6 @@ template typename honk::flavor::Ultra::Polynomial compute_lookup_grand_product( - std::shared_ptr& key, - std::vector& sorted_list_polynomials, - typename honk::flavor::Standard::FF eta); - template typename honk::flavor::Ultra::Polynomial compute_sorted_list_accumulator( std::shared_ptr& key, std::vector& sorted_list_polynomials, diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index 2718c21d4a..ab54de58dd 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -163,7 +163,7 @@ template class ProverLibraryTests : public testing::Test { // Instatiate a proving_key and make a pointer to it. This will be used to instantiate a Prover. // WORKTODO - using Flavor = honk::flavor::Standard; + using Flavor = honk::flavor::Ultra; auto proving_key = std::make_shared( circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); @@ -291,7 +291,7 @@ template class ProverLibraryTests : public testing::Test { static const size_t circuit_size = 8; static const size_t num_public_inputs = 0; auto reference_string = std::make_shared(circuit_size + 1, "../srs_db/ignition"); - using Flavor = honk::flavor::Standard; // WORKTODO + using Flavor = honk::flavor::Ultra; // WORKTODO auto proving_key = std::make_shared( circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 70646e81ff..49319fcc9e 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -434,8 +434,8 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = 35; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; + static constexpr size_t NUM_ALL_ENTITIES = 39; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 29; static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this actually? template @@ -464,8 +464,12 @@ class Ultra { T& id_2 = std::get<20>(this->_data); T& id_3 = std::get<21>(this->_data); T& id_4 = std::get<22>(this->_data); - T& lagrange_first = std::get<23>(this->_data); - T& lagrange_last = std::get<24>(this->_data); + T& table_1 = std::get<23>(this->_data); + T& table_2 = std::get<24>(this->_data); + T& table_3 = std::get<25>(this->_data); + T& table_4 = std::get<26>(this->_data); + T& lagrange_first = std::get<27>(this->_data); + T& lagrange_last = std::get<28>(this->_data); std::vector get_selectors() { @@ -501,6 +505,10 @@ class Ultra { , id_2(other.id_2) , id_3(other.id_3) , id_4(other.id_4) + , table_1(other.table_1) + , table_2(other.table_2) + , table_3(other.table_3) + , table_4(other.table_4) , lagrange_first(other.lagrange_first) , lagrange_last(other.lagrange_last){}; @@ -528,6 +536,10 @@ class Ultra { , id_2(other.id_2) , id_3(other.id_3) , id_4(other.id_4) + , table_1(other.table_1) + , table_2(other.table_2) + , table_3(other.table_3) + , table_4(other.table_4) , lagrange_first(other.lagrange_first) , lagrange_last(other.lagrange_last){}; @@ -557,6 +569,10 @@ class Ultra { id_2 = other.id_2; id_3 = other.id_3; id_4 = other.id_4; + table_1 = other.table_1; + table_2 = other.table_2; + table_3 = other.table_3; + table_4 = other.table_4; lagrange_first = other.lagrange_first; lagrange_last = other.lagrange_last; return *this; @@ -587,6 +603,10 @@ class Ultra { id_2 = other.id_2; id_3 = other.id_3; id_4 = other.id_4; + table_1 = other.table_1; + table_2 = other.table_2; + table_3 = other.table_3; + table_4 = other.table_4; lagrange_first = other.lagrange_first; lagrange_last = other.lagrange_last; return *this; @@ -638,32 +658,36 @@ class Ultra { T& id_2 = std::get<16>(this->_data); T& id_3 = std::get<17>(this->_data); T& id_4 = std::get<18>(this->_data); - T& lagrange_first = std::get<19>(this->_data); - T& lagrange_last = std::get<20>(this->_data); - T& w_l = std::get<21>(this->_data); - T& w_r = std::get<22>(this->_data); - T& w_o = std::get<23>(this->_data); - T& w_4 = std::get<24>(this->_data); - T& s_1 = std::get<25>(this->_data); - T& s_2 = std::get<26>(this->_data); - T& s_3 = std::get<27>(this->_data); - T& s_4 = std::get<28>(this->_data); - T& z_perm = std::get<29>(this->_data); - T& z_lookup = std::get<30>(this->_data); - T& w_1_shift = std::get<31>(this->_data); - T& w_4_shift = std::get<32>(this->_data); - T& z_perm_shift = std::get<33>(this->_data); - T& z_lookup_shift = std::get<34>(this->_data); + T& table_1 = std::get<19>(this->_data); + T& table_2 = std::get<20>(this->_data); + T& table_3 = std::get<21>(this->_data); + T& table_4 = std::get<22>(this->_data); + T& lagrange_first = std::get<23>(this->_data); + T& lagrange_last = std::get<24>(this->_data); + T& w_l = std::get<25>(this->_data); + T& w_r = std::get<26>(this->_data); + T& w_o = std::get<27>(this->_data); + T& w_4 = std::get<28>(this->_data); + T& s_1 = std::get<29>(this->_data); + T& s_2 = std::get<30>(this->_data); + T& s_3 = std::get<31>(this->_data); + T& s_4 = std::get<32>(this->_data); + T& z_perm = std::get<33>(this->_data); + T& z_lookup = std::get<34>(this->_data); + T& w_1_shift = std::get<35>(this->_data); + T& w_4_shift = std::get<36>(this->_data); + T& z_perm_shift = std::get<37>(this->_data); + T& z_lookup_shift = std::get<38>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; std::vector get_not_to_be_shifted() override { - return { - q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, - q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, id_2, id_3, id_4, lagrange_first, - lagrange_last, w_l, w_r, w_o, w_4, s_1, s_2, s_3, s_4, z_perm, - z_lookup + return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, + q_elliptic, q_aux, q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, + id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, + lagrange_last, w_l, w_r, w_o, w_4, s_1, s_2, s_3, + s_4, z_perm, z_lookup }; }; @@ -697,6 +721,10 @@ class Ultra { , id_2(other.id_2) , id_3(other.id_3) , id_4(other.id_4) + , table_1(other.table_1) + , table_2(other.table_2) + , table_3(other.table_3) + , table_4(other.table_4) , lagrange_first(other.lagrange_first) , lagrange_last(other.lagrange_last) , w_l(other.w_l) @@ -736,6 +764,10 @@ class Ultra { , id_2(other.id_2) , id_3(other.id_3) , id_4(other.id_4) + , table_1(other.table_1) + , table_2(other.table_2) + , table_3(other.table_3) + , table_4(other.table_4) , lagrange_first(other.lagrange_first) , lagrange_last(other.lagrange_last) , w_l(other.w_l) @@ -774,6 +806,10 @@ class Ultra { id_2 = other.id_2; id_3 = other.id_3; id_4 = other.id_4; + table_1 = other.table_1; + table_2 = other.table_2; + table_3 = other.table_3; + table_4 = other.table_4; lagrange_first = other.lagrange_first; lagrange_last = other.lagrange_last; w_l = other.w_l; @@ -814,6 +850,10 @@ class Ultra { id_2 = other.id_2; id_3 = other.id_3; id_4 = other.id_4; + table_1 = other.table_1; + table_2 = other.table_2; + table_3 = other.table_3; + table_4 = other.table_4; lagrange_first = other.lagrange_first; lagrange_last = other.lagrange_last; w_l = other.w_l; From 43bc9f10fab5e887ec8983b25a4542c5b278bb45 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 19 Apr 2023 22:37:27 +0000 Subject: [PATCH 015/119] Change assignment operators --- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 49319fcc9e..01e0c768c8 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -32,8 +32,8 @@ template class Data { // TODO(Cody): are these needed? Data(const Data&) = default; Data(Data&&) = default; - virtual Data& operator=(const Data&) = default; - virtual Data& operator=(const Data&&) = default; + Data& operator=(const Data&) = default; + Data& operator=(const Data&&) = default; T& operator[](size_t idx) { return _data[idx]; }; typename DataType::iterator begin() { return _data.begin(); }; From f10c9ce7887f4f052da8eb1896a7da12e1f65023 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 19 Apr 2023 23:06:54 +0000 Subject: [PATCH 016/119] Reinstate some more polynomials. --- .../ultra_honk_composer_helper.cpp | 11 +++--- .../composer/standard_honk_composer.test.cpp | 38 ++++++++----------- .../honk/proof_system/prover_library.cpp | 10 +---- .../honk/proof_system/verifier.test.cpp | 5 --- 4 files changed, 22 insertions(+), 42 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index ba07b77906..2589fb589e 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -278,13 +278,12 @@ std::shared_ptr UltraHonkComposerHe poly_q_table_column_3[subgroup_size - 1] = ++unique_last_value; poly_q_table_column_4[subgroup_size - 1] = ++unique_last_value; - // WORKTODO - // circuit_proving_key->polynomial_store.put("table_value_1_lagrange", std::move(poly_q_table_column_1)); - // circuit_proving_key->polynomial_store.put("table_value_2_lagrange", std::move(poly_q_table_column_2)); - // circuit_proving_key->polynomial_store.put("table_value_3_lagrange", std::move(poly_q_table_column_3)); - // circuit_proving_key->polynomial_store.put("table_value_4_lagrange", std::move(poly_q_table_column_4)); + circuit_proving_key->table_1 = poly_q_table_column_1; + circuit_proving_key->table_2 = poly_q_table_column_2; + circuit_proving_key->table_3 = poly_q_table_column_3; + circuit_proving_key->table_4 = poly_q_table_column_4; - // WORKTODO + // // // WORKTODO // // Copy memory read/write record data into proving key. Prover needs to know which gates contain a read/write // // 'record' witness on the 4th wire. This wire value can only be fully computed once the first 3 wire polynomials // // have been committed to. The 4th wire on these gates will be a random linear combination of the first 3 wires, diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 2c485d0ddf..c3ceaeece1 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -89,24 +89,22 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) barretenberg::fr right = barretenberg::fr::one(); // Let's check that indices are the same and nothing is lost, first - for (size_t j = 0; j < composer.num_wires; ++j) { - std::string index = std::to_string(j + 1); - const auto& sigma_j = barretenberg::polynomial(); - // WORKTODO - // const auto& sigma_j = proving_key->polynomial_store.get("sigma_" + index + "_lagrange"); + size_t wire_idx = 0; + for (auto& sigma_polynomial : proving_key->get_sigma_polynomials()) { for (size_t i = 0; i < n; ++i) { - left *= (gamma + j * n + i); - right *= (gamma + sigma_j[i]); + left *= (gamma + wire_idx * n + i); + right *= (gamma + sigma_polynomial[i]); } // Ensure that the public inputs cycles are correctly broken // and fix the cycle by adding the extra terms - if (j == 0) { + if (wire_idx == 0) { for (size_t i = 0; i < num_public_inputs; ++i) { - EXPECT_EQ(sigma_j[i], -fr(i + 1)); + EXPECT_EQ(sigma_polynomial[i], -fr(i + 1)); left *= (gamma - (i + 1)); right *= (gamma + (n + i)); } } + wire_idx++; } EXPECT_EQ(left, right); @@ -117,21 +115,19 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) // Now let's check that witness values correspond to the permutation composer.compute_witness(); - for (size_t j = 0; j < composer.num_wires; ++j) { + auto sigma_polynomials = proving_key->get_sigma_polynomials(); + auto id_polynomials = proving_key->get_id_polynomials(); + for (size_t j = 0; j < StandardHonkComposer::num_wires; ++j) { std::string index = std::to_string(j + 1); - const auto& permutation_polynomial = barretenberg::polynomial(10); - // WORKTODO - // const auto& permutation_polynomial = proving_key->polynomial_store.get("sigma_" + index + "_lagrange"); const auto& witness_polynomial = composer.composer_helper.wire_polynomials[j]; - const auto& id_polynomial = barretenberg::polynomial(10); - // WORKTODO - // const auto& id_polynomial = proving_key->polynomial_store.get("id_" + index + "_lagrange"); + const auto& sigma_polynomial = sigma_polynomials[j]; + const auto& id_polynomial = id_polynomials[j]; // left = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅ind(i,j) + γ) // right = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅σ(i,j) + γ) for (size_t i = 0; i < proving_key->circuit_size; ++i) { const auto current_witness = witness_polynomial[i]; left *= current_witness + beta * id_polynomial[i] + gamma; - right *= current_witness + beta * permutation_polynomial[i] + gamma; + right *= current_witness + beta * sigma_polynomial[i] + gamma; } // check that the first rows are correctly set to handle public inputs. for (size_t i = 0; i < num_public_inputs; ++i) { @@ -212,9 +208,7 @@ TEST(StandardHonkComposer, LagrangeCorrectness) } // Compute inner product of random polynomial and the first lagrange polynomial - auto first_lagrange_polynomial = barretenberg::polynomial(10); - // WORKTODO - // barretenberg::polynomial first_lagrange_polynomial = proving_key->polynomial_store.get("L_first_lagrange"); + barretenberg::polynomial first_lagrange_polynomial = proving_key->lagrange_first; barretenberg::fr first_product(0); for (size_t i = 0; i < proving_key->circuit_size; i++) { first_product += random_polynomial[i] * first_lagrange_polynomial[i]; @@ -222,9 +216,7 @@ TEST(StandardHonkComposer, LagrangeCorrectness) EXPECT_EQ(first_product, random_polynomial[0]); // Compute inner product of random polynomial and the last lagrange polynomial - auto last_lagrange_polynomial = barretenberg::polynomial(10); - // WORKTODO - // barretenberg::polynomial last_lagrange_polynomial = proving_key->polynomial_store.get("L_last_lagrange"); + auto last_lagrange_polynomial = proving_key->lagrange_last; barretenberg::fr last_product(0); for (size_t i = 0; i < proving_key->circuit_size; i++) { last_product += random_polynomial[i] * last_lagrange_polynomial[i]; diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 8ee167de4d..a20c48bb8a 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -218,8 +218,6 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr temp_vector; - std::span temp_span{ temp_vector }; std::array, 4> tables{ key->table_1, key->table_2, @@ -227,12 +225,8 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptrtable_4, }; - std::span lookup_selector{ temp_vector }; - std::span lookup_index_selector{ temp_vector }; - - // WORKTODO - // std::span lookup_selector = key->polynomial_store.get("table_type_lagrange"); - // std::span lookup_index_selector = key->polynomial_store.get("q_3_lagrange"); + std::span lookup_selector = key->q_lookuptype; // TODO(Cody): this was something called table_type + std::span lookup_index_selector = key->q_o; const FF beta_plus_one = beta + FF(1); // (1 + β) const FF gamma_times_beta_plus_one = gamma * beta_plus_one; // γ(1 + β) diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp index ded2d173b2..269bac2d5b 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp @@ -23,11 +23,6 @@ // template class VerifierTests : public testing::Test { // public: -// static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds) -// { -// return honk::StandardHonk::create_manifest(num_public_inputs, num_sumcheck_rounds); -// } - // static StandardVerifier generate_verifier(std::shared_ptr circuit_proving_key) // { // std::array poly_coefficients; From 549cad16d41591d47bf596d938876f234d741b2e Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 01:41:02 +0000 Subject: [PATCH 017/119] Fix grand product test. --- .../honk/proof_system/prover_library.cpp | 2 -- .../honk/proof_system/prover_library.test.cpp | 26 ++++++++++++------- .../honk/transcript/transcript.test.cpp | 2 -- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index a20c48bb8a..d812b3f21b 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -59,9 +59,7 @@ typename Flavor::Polynomial compute_permutation_grand_product( } // Populate wire and permutation polynomials - // std::array, Flavor::num_wires> wires = wire_polynomials; auto ids = key->get_id_polynomials(); - auto sigmas = key->get_sigma_polynomials(); // Step (1) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index ab54de58dd..a051257252 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -61,16 +61,22 @@ template class ProverLibraryTests : public testing::Test { std::vector wires; std::vector sigmas; std::vector ids; + + auto populate_span = [](auto& polynomial_view, auto& polynomial) { + for (size_t idx = 0; idx < polynomial.size(); idx++) { + polynomial_view[idx] = polynomial[idx]; + } + }; + + auto sigma_polynomials = proving_key->get_sigma_polynomials(); + auto id_polynomials = proving_key->get_id_polynomials(); for (size_t i = 0; i < Flavor::num_wires; ++i) { wires.emplace_back(get_random_polynomial(num_gates)); sigmas.emplace_back(get_random_polynomial(num_gates)); ids.emplace_back(get_random_polynomial(num_gates)); - // Add sigma/ID polys to proving_key; to be used by the prover in constructing it's own z_perm - // std::string sigma_label = "sigma_" + std::to_string(i + 1) + "_lagrange"; - // proving_key->polynomial_store.put(sigma_label, Polynomial{ sigmas[i] }); // WORKTODO - // std::string id_label = "id_" + std::to_string(i + 1) + "_lagrange"; - // proving_key->polynomial_store.put(id_label, Polynomial{ ids[i] }); // WORKTODO + populate_span(sigma_polynomials[i], sigmas[i]); + populate_span(id_polynomials[i], ids[i]); } // Get random challenges @@ -107,13 +113,13 @@ template class ProverLibraryTests : public testing::Test { */ // Make scratch space for the numerator and denominator accumulators. - std::array, Flavor::num_wires> numererator_accum; + std::array, Flavor::num_wires> numerator_accum; std::array, Flavor::num_wires> denominator_accum; // Step (1) for (size_t i = 0; i < proving_key->circuit_size; ++i) { for (size_t k = 0; k < Flavor::num_wires; ++k) { - numererator_accum[k][i] = wires[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ + numerator_accum[k][i] = wires[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ denominator_accum[k][i] = wires[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ } } @@ -121,7 +127,7 @@ template class ProverLibraryTests : public testing::Test { // Step (2) for (size_t k = 0; k < Flavor::num_wires; ++k) { for (size_t i = 0; i < proving_key->circuit_size - 1; ++i) { - numererator_accum[k][i + 1] *= numererator_accum[k][i]; + numerator_accum[k][i + 1] *= numerator_accum[k][i]; denominator_accum[k][i + 1] *= denominator_accum[k][i]; } } @@ -129,7 +135,7 @@ template class ProverLibraryTests : public testing::Test { // Step (3) for (size_t i = 0; i < proving_key->circuit_size; ++i) { for (size_t k = 1; k < Flavor::num_wires; ++k) { - numererator_accum[0][i] *= numererator_accum[k][i]; + numerator_accum[0][i] *= numerator_accum[k][i]; denominator_accum[0][i] *= denominator_accum[k][i]; } } @@ -139,7 +145,7 @@ template class ProverLibraryTests : public testing::Test { z_permutation_expected[0] = FF::zero(); // Z_0 = 1 // Note: in practice, we replace this expensive element-wise division with Montgomery batch inversion for (size_t i = 0; i < proving_key->circuit_size - 1; ++i) { - z_permutation_expected[i + 1] = numererator_accum[0][i] / denominator_accum[0][i]; + z_permutation_expected[i + 1] = numerator_accum[0][i] / denominator_accum[0][i]; } // Check consistency between locally computed z_perm and the one computed by the prover library diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index 1e2de3d9d9..4607847cb9 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -90,7 +90,6 @@ TYPED_TEST_SUITE(TranscriptTest, FieldTypes); /** * @brief Ensure consistency between the manifest hard coded in this testing suite and the one generated by the * standard honk prover over the course of proof construction. - * */ TYPED_TEST(TranscriptTest, ProverManifestConsistency) { @@ -111,7 +110,6 @@ TYPED_TEST(TranscriptTest, ProverManifestConsistency) // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < manifest_expected.size(); ++round) { ASSERT_EQ(prover_manifest[round], manifest_expected[round]) << "Prover manifest discrepency in round " << round; - ; } } From 5825d73fec9731f4038e7849670360ba5b28ceec Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 03:02:22 +0000 Subject: [PATCH 018/119] A bit of tidying up. --- .../composer_helper/standard_honk_composer_helper.cpp | 7 ++++--- .../composer_helper/standard_honk_composer_helper.hpp | 5 +++-- .../barretenberg/honk/proof_system/composer_helper.lib.hpp | 1 + cpp/src/barretenberg/plonk/composer/composer_base.hpp | 2 +- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 2 -- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 17fd48524f..de76dce977 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -17,7 +17,7 @@ namespace proof_system::honk { * Compute proving key base. * * 1. Load crs. - * 2. Initialize this.proving_key. + * 2. Initialize this->proving_key. * 3. Create constraint selector polynomials from each of this composer's `selectors` vectors and add them to the * proving key. * @@ -53,6 +53,7 @@ std::shared_ptr StandardHonkComposerHelper::compute_ver // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc auto commitment_key = pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); + // // WORKTODO // // Compute and store commitments to all precomputed polynomials // key->commitments["Q_M"] = commitment_key.commit(proving_key->polynomial_store.get("q_m_lagrange")); // key->commitments["Q_1"] = commitment_key.commit(proving_key->polynomial_store.get("q_1_lagrange")); @@ -107,8 +108,8 @@ std::shared_ptr StandardHonkComposerHelp return proving_key; } // Compute q_l, q_r, q_o, etc polynomials - // WORKTODO(Cody): meaningless constructor here - StandardHonkComposerHelper::compute_proving_key_base(circuit_constructor, ComposerType::STANDARD_HONK); + StandardHonkComposerHelper::compute_proving_key_base( + circuit_constructor, /*minimum_circuit_size=*/0, NUM_RANDOMIZED_GATES); // Compute sigma polynomials (we should update that late) compute_standard_honk_sigma_permutations(circuit_constructor, proving_key.get()); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 59ac5bda68..6f683b6a27 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -43,7 +43,8 @@ class StandardHonkComposerHelper { StandardHonkComposerHelper(std::unique_ptr&& crs_factory) : crs_factory_(std::move(crs_factory)) {} - StandardHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) + StandardHonkComposerHelper(std::shared_ptr p_key, + std::shared_ptr v_key) // WORKTODO : proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} @@ -63,7 +64,7 @@ class StandardHonkComposerHelper { // TODO(#216)(Adrian): Seems error prone to provide the number of randomized gates // Cody: Where should this go? In the flavor (or whatever that becomes)? std::shared_ptr compute_proving_key_base(const CircuitConstructor& circuit_constructor, - const size_t minimum_ciricut_size = 0, + const size_t minimum_circuit_size = 0, const size_t num_randomized_gates = NUM_RANDOMIZED_GATES); // This needs to be static as it may be used only to compute the selector commitments. diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index 7ad9a88cab..bf56d2a620 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -1,3 +1,4 @@ +// WORKTODO // #pragma once // #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" // #include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" diff --git a/cpp/src/barretenberg/plonk/composer/composer_base.hpp b/cpp/src/barretenberg/plonk/composer/composer_base.hpp index 6c93da04b1..a3e57bc383 100644 --- a/cpp/src/barretenberg/plonk/composer/composer_base.hpp +++ b/cpp/src/barretenberg/plonk/composer/composer_base.hpp @@ -111,7 +111,7 @@ class ComposerBase { virtual void print_num_gates() const { std::cout << num_gates << std::endl; } virtual size_t get_num_variables() const { return variables.size(); } virtual std::shared_ptr compute_proving_key_base(const ComposerType type = STANDARD, - const size_t minimum_ciricut_size = 0, + const size_t minimum_circuit_size = 0, const size_t num_reserved_gates = NUM_RESERVED_GATES); // This needs to be static as it may be used only to compute the selector commitments. static std::shared_ptr compute_verification_key_base( diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 01e0c768c8..846da06893 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -125,7 +125,6 @@ class Standard { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this? // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. @@ -436,7 +435,6 @@ class Ultra { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 39; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 29; - static constexpr size_t minimum_circuit_size = 3; // TODO(Cody): what is this actually? template class PrecomputedData : public BasePrecomputedData { From 7320e4c15a7b539db1556b42cb6051c0691f74b7 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 03:04:49 +0000 Subject: [PATCH 019/119] Debugging: sigma polys make it to loop in test. --- .../composer/standard_honk_composer.test.cpp | 9 ++- .../composer/permutation_helper.hpp | 56 +++++++++---------- 2 files changed, 31 insertions(+), 34 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index c3ceaeece1..ef2201d62d 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -11,6 +11,8 @@ #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" +#pragma GCC diagnostic ignored "-Wunused-variable" + #include using namespace proof_system::honk; @@ -94,6 +96,7 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) for (size_t i = 0; i < n; ++i) { left *= (gamma + wire_idx * n + i); right *= (gamma + sigma_polynomial[i]); + info(sigma_polynomial[i], "<-- in test"); } // Ensure that the public inputs cycles are correctly broken // and fix the cycle by adding the extra terms @@ -115,19 +118,19 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) // Now let's check that witness values correspond to the permutation composer.compute_witness(); - auto sigma_polynomials = proving_key->get_sigma_polynomials(); + auto permutation_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); for (size_t j = 0; j < StandardHonkComposer::num_wires; ++j) { std::string index = std::to_string(j + 1); + const auto& permutation_polynomial = permutation_polynomials[j]; const auto& witness_polynomial = composer.composer_helper.wire_polynomials[j]; - const auto& sigma_polynomial = sigma_polynomials[j]; const auto& id_polynomial = id_polynomials[j]; // left = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅ind(i,j) + γ) // right = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅σ(i,j) + γ) for (size_t i = 0; i < proving_key->circuit_size; ++i) { const auto current_witness = witness_polynomial[i]; left *= current_witness + beta * id_polynomial[i] + gamma; - right *= current_witness + beta * sigma_polynomial[i] + gamma; + right *= current_witness + beta * permutation_polynomial[i] + gamma; } // check that the first rows are correctly set to handle public inputs. for (size_t i = 0; i < num_public_inputs; ++i) { diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 9bbd0ab317..52ddef2bbf 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -239,39 +239,33 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( size_t wire_index = 0; for (auto& current_permutation_poly : permutation_polynomials) { - // auto new_poly = typename Flavor::Polynomial(num_gates); // TODO(Cody): Cleanly allocate in pk? - // current_permutation_poly = new_poly; - - ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); - const auto& current_mapping = permutation_mappings[wire_index][i]; - if (current_mapping.is_public_input) { - // We intentionally want to break the cycles of the public input variables. - // During the witness generation, the left and right wire polynomials at index i contain the i-th public - // input. The CyclicPermutation created for these variables always start with (i) -> (n+i), followed by - // the indices of the variables in the "real" gates. We make i point to -(i+1), so that the only way of - // repairing the cycle is add the mapping - // -(i+1) -> (n+i) - // These indices are chosen so they can easily be computed by the verifier. They can expect the running - // product to be equal to the "public input delta" that is computed in - current_permutation_poly[i] = - -barretenberg::fr(current_mapping.row_index + 1 + num_gates * current_mapping.column_index); - } else if (current_mapping.is_tag) { - // Set evaluations to (arbitrary) values disjoint from non-tag values - current_permutation_poly[i] = num_gates * Flavor::num_wires + current_mapping.row_index; - } else { - // For the regular permutation we simply point to the next location by setting the evaluation to its - // index - current_permutation_poly[i] = - barretenberg::fr(current_mapping.row_index + num_gates * current_mapping.column_index); + // ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); + for (size_t i = 0; i < proving_key->circuit_size; i++) { + const auto& current_mapping = permutation_mappings[wire_index][i]; + if (current_mapping.is_public_input) { + // We intentionally want to break the cycles of the public input variables. + // During the witness generation, the left and right wire polynomials at index i contain the i-th public + // input. The CyclicPermutation created for these variables always start with (i) -> (n+i), followed by + // the indices of the variables in the "real" gates. We make i point to -(i+1), so that the only way of + // repairing the cycle is add the mapping + // -(i+1) -> (n+i) + // These indices are chosen so they can easily be computed by the verifier. They can expect the running + // product to be equal to the "public input delta" that is computed in + current_permutation_poly[i] = + -barretenberg::fr(current_mapping.row_index + 1 + num_gates * current_mapping.column_index); + } else if (current_mapping.is_tag) { + // Set evaluations to (arbitrary) values disjoint from non-tag values + current_permutation_poly[i] = num_gates * Flavor::num_wires + current_mapping.row_index; + } else { + // For the regular permutation we simply point to the next location by setting the evaluation to its + // index + current_permutation_poly[i] = + barretenberg::fr(current_mapping.row_index + num_gates * current_mapping.column_index); + } + info(current_permutation_poly[i]); } - ITERATE_OVER_DOMAIN_END; + // ITERATE_OVER_DOMAIN_END; } - // static_cast(label); - // MERGECONFLICT - // // Save to polynomial cache - // for (size_t j = 0; j < Flavor::num_wires; j++) { - // std::string index = std::to_string(j + 1); - // key->polynomial_store.put(label + "_" + index + "_lagrange", std::move(permutation_poly[j])); wire_index++; } } // namespace From 6fd62061da680dbd3a8423fe525fd2be654ae401 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 03:20:41 +0000 Subject: [PATCH 020/119] Notes after lookover. --- .../barretenberg/honk/composer/ultra_honk_composer.test.cpp | 1 + cpp/src/barretenberg/honk/proof_system/prover.hpp | 2 ++ cpp/src/barretenberg/honk/proof_system/verifier.cpp | 3 ++- cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp | 2 -- cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp | 3 +-- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index b7a33947d2..61b3a21fe6 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,3 +1,4 @@ +// // WORKTODO // #include "ultra_honk_composer.hpp" // #include "barretenberg/common/log.hpp" // #include "barretenberg/honk/proof_system/ultra_prover.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 8dabda87c9..f31208f840 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -74,6 +74,8 @@ template class Prover { ProverPolynomials prover_polynomials; // TODO(Cody): Improve this, or at least make the lables static constexpr? + // WORKTODO: Maybe this doesn't really need to be one of the flavor components? There are commitments not + // corresponding to ProverPolynomials/entities/whatever. CommitmentLabels commitment_labels; // Container for d + 1 Fold polynomials produced by Gemini diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 9965295f98..108d243885 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -29,7 +29,7 @@ using namespace barretenberg; using namespace proof_system::honk::sumcheck; namespace proof_system::honk { -template +template // WORKTODO: merge these settings? Verifier::Verifier(std::shared_ptr verifier_key) : key(verifier_key) {} @@ -167,6 +167,7 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Construct batched commitment for NON-shifted polynomials for (size_t i = 0; i < NUM_PRECOMPUTED; ++i) { + // WORKTODO: get rid of ENUM_TO_COMM auto commitment = key->commitments[honk::StandardArithmetization::ENUM_TO_COMM[i]]; batched_commitment_unshifted += commitment * rhos[i]; } diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index 9a615550ac..64a4044fb4 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -29,7 +29,6 @@ template class... Relations static constexpr size_t MAX_RELATION_LENGTH = std::max({ Relations::RELATION_LENGTH... }); static constexpr size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; - // PurportedEvaluations purported_evaluations(); // TODO Transcript& transcript; const size_t multivariate_n; const size_t multivariate_d; @@ -64,7 +63,6 @@ template class... Relations * NOTE: With ~40 columns, prob only want to allocate 256 EdgeGroup's at once to keep stack under 1MB? * TODO(#224)(Cody): might want to just do C-style multidimensional array? for guaranteed adjacency? */ - // std::array, NUM_POLYNOMIALS> folded_polynomials; FoldedPolynomials folded_polynomials; // prover instantiates sumcheck with circuit size and a prover transcript diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index cf14b6c15b..8f3beae766 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -72,8 +72,7 @@ template class... R std::tuple::RELATION_LENGTH, MAX_RELATION_LENGTH>...> barycentric_utils; std::tuple::RELATION_LENGTH>...> univariate_accumulators; std::array evaluations; - // std::array, num_multivariates> extended_edges; - ExtendedEdges extended_edges; // WORKTODO: alias + ExtendedEdges extended_edges; std::array, NUM_RELATIONS> extended_univariates; // TODO(#224)(Cody): this should go away and we should use constexpr method to extend From f97be70231d22afce743847d02281da72be6dde7 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 13:28:35 +0000 Subject: [PATCH 021/119] See failures in AssertEquals test. --- .../composer/standard_honk_composer.test.cpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index ef2201d62d..3fcfb4c79a 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -263,14 +263,14 @@ TEST(StandardHonkComposer, AssertEquals) // Compute the proving key for sigma polynomials auto proving_key = composer.compute_proving_key(); auto permutation_length = composer.num_wires * proving_key->circuit_size; - std::vector sigma_polynomials; - - // Put the sigma polynomials into a vector for easy access - for (size_t i = 0; i < composer.num_wires; i++) { - std::string index = std::to_string(i + 1); - // WORKTODO - // sigma_polynomials.push_back(proving_key->polynomial_store.get("sigma_" + index + "_lagrange")); - } + auto sigma_polynomials = proving_key->get_sigma_polynomials(); + + // // Put the sigma polynomials into a vector for easy access + // for (size_t i = 0; i < composer.num_wires; i++) { + // std::string index = std::to_string(i + 1); + // // WORKTODO + // // sigma_polynomials.push_back(proving_key->polynomial_store.get("sigma_" + index + "_lagrange")); + // } // Let's compute the maximum cycle size_t maximum_cycle = 0; From e2c18d59158fd41a2af799004976d01d0e0983c2 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 14:40:40 +0000 Subject: [PATCH 022/119] Cleanup-ish --- .../composer/standard_honk_composer.test.cpp | 100 ++++++++---------- .../composer/composer_helper_lib.test.cpp | 2 +- 2 files changed, 47 insertions(+), 55 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 3fcfb4c79a..b0f5b2ce2a 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -18,53 +18,6 @@ using namespace proof_system::honk; namespace test_standard_honk_composer { -TEST(StandardHonkComposer, BaseCase) -{ - auto composer = StandardHonkComposer(); - fr a = 1; - composer.circuit_constructor.add_variable(a); - - auto prover = composer.create_prover(); - plonk::proof proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); - bool verified = verifier.verify_proof(proof); - ASSERT_TRUE(verified); -} - -TEST(StandardHonkComposer, TwoGates) -{ - auto run_test = [](bool expect_verified) { - auto composer = StandardHonkComposer(); - - // 1 + 1 - 2 = 0 - uint32_t w_l_1_idx; - if (expect_verified) { - w_l_1_idx = composer.circuit_constructor.add_variable(1); - } else { - w_l_1_idx = composer.circuit_constructor.add_variable(0); - } - uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1); - uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2); - composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); - - // 2 * 2 - 4 = 0 - uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2); - uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4); - composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); - - auto prover = composer.create_prover(); - - plonk::proof proof = prover.construct_proof(); - auto verifier = composer.create_verifier(); - bool verified = verifier.verify_proof(proof); - EXPECT_EQ(verified, expect_verified); - }; - - run_test(/* expect_verified=*/true); - run_test(/* expect_verified=*/false); -} - /** * @brief The goal of this test is to check that the sigma permutation vectors for honk are generated correctly. * @@ -265,13 +218,6 @@ TEST(StandardHonkComposer, AssertEquals) auto permutation_length = composer.num_wires * proving_key->circuit_size; auto sigma_polynomials = proving_key->get_sigma_polynomials(); - // // Put the sigma polynomials into a vector for easy access - // for (size_t i = 0; i < composer.num_wires; i++) { - // std::string index = std::to_string(i + 1); - // // WORKTODO - // // sigma_polynomials.push_back(proving_key->polynomial_store.get("sigma_" + index + "_lagrange")); - // } - // Let's compute the maximum cycle size_t maximum_cycle = 0; @@ -360,4 +306,50 @@ TEST(StandardHonkComposer, VerificationKeyCreation) composer.circuit_constructor.selectors.size() + composer.num_wires * 2 + 2); } +TEST(StandardHonkComposer, BaseCase) +{ + auto composer = StandardHonkComposer(); + fr a = 1; + composer.circuit_constructor.add_variable(a); + + auto prover = composer.create_prover(); + plonk::proof proof = prover.construct_proof(); + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + ASSERT_TRUE(verified); +} + +TEST(StandardHonkComposer, TwoGates) +{ + auto run_test = [](bool expect_verified) { + auto composer = StandardHonkComposer(); + + // 1 + 1 - 2 = 0 + uint32_t w_l_1_idx; + if (expect_verified) { + w_l_1_idx = composer.circuit_constructor.add_variable(1); + } else { + w_l_1_idx = composer.circuit_constructor.add_variable(0); + } + uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1); + uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2); + composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 }); + + // 2 * 2 - 4 = 0 + uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2); + uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2); + uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4); + composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 }); + + auto prover = composer.create_prover(); + + plonk::proof proof = prover.construct_proof(); + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + EXPECT_EQ(verified, expect_verified); + }; + + run_test(/* expect_verified=*/true); + run_test(/* expect_verified=*/false); +} } // namespace test_standard_honk_composer diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp index 0f0e6fc1e0..2a77de0456 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp @@ -29,7 +29,7 @@ TEST_F(ComposerLibTests, InitializeProvingKey) auto pk = initialize_proving_key(circuit_constructor, &crs_factory, - /*minimum_circuit_size=*/2, + /*minimum_circuit_size=*/0, /*num_randomized_gates=*/2, ComposerType::STANDARD); EXPECT_EQ(pk->circuit_size, 8); From 8155d48a9618438350348cb769ab1da49c6fd7f6 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 15:21:34 +0000 Subject: [PATCH 023/119] Logs showing change in sigma polys. --- sigma_before | 395 +++++++++++++++++++++++++++++++++++++++++++++++++++ sigma_now | 267 ++++++++++++++++++++++++++++++++++ 2 files changed, 662 insertions(+) create mode 100644 sigma_before create mode 100644 sigma_now diff --git a/sigma_before b/sigma_before new file mode 100644 index 0000000000..cff8908bb8 --- /dev/null +++ b/sigma_before @@ -0,0 +1,395 @@ +SIGMA VALUES INSIDE THE FUNCTION compute_honk_style_permutation_lagrange_polynomials_from_mapping +0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 +0x0000000000000000000000000000000000000000000000000000000000000041 +0x0000000000000000000000000000000000000000000000000000000000000003 +0x0000000000000000000000000000000000000000000000000000000000000043 +0x0000000000000000000000000000000000000000000000000000000000000006 +0x0000000000000000000000000000000000000000000000000000000000000086 +0x0000000000000000000000000000000000000000000000000000000000000000 +0x0000000000000000000000000000000000000000000000000000000000000008 +0x0000000000000000000000000000000000000000000000000000000000000049 +0x000000000000000000000000000000000000000000000000000000000000004a +0x000000000000000000000000000000000000000000000000000000000000000b +0x000000000000000000000000000000000000000000000000000000000000000c +0x000000000000000000000000000000000000000000000000000000000000000d +0x000000000000000000000000000000000000000000000000000000000000000e +0x000000000000000000000000000000000000000000000000000000000000000f +0x0000000000000000000000000000000000000000000000000000000000000010 +0x0000000000000000000000000000000000000000000000000000000000000011 +0x0000000000000000000000000000000000000000000000000000000000000012 +0x0000000000000000000000000000000000000000000000000000000000000013 +0x0000000000000000000000000000000000000000000000000000000000000014 +0x0000000000000000000000000000000000000000000000000000000000000015 +0x0000000000000000000000000000000000000000000000000000000000000016 +0x0000000000000000000000000000000000000000000000000000000000000017 +0x0000000000000000000000000000000000000000000000000000000000000018 +0x0000000000000000000000000000000000000000000000000000000000000019 +0x000000000000000000000000000000000000000000000000000000000000001a +0x000000000000000000000000000000000000000000000000000000000000001b +0x000000000000000000000000000000000000000000000000000000000000001c +0x000000000000000000000000000000000000000000000000000000000000001d +0x000000000000000000000000000000000000000000000000000000000000001e +0x000000000000000000000000000000000000000000000000000000000000001f +0x0000000000000000000000000000000000000000000000000000000000000020 +0x0000000000000000000000000000000000000000000000000000000000000021 +0x0000000000000000000000000000000000000000000000000000000000000022 +0x0000000000000000000000000000000000000000000000000000000000000023 +0x0000000000000000000000000000000000000000000000000000000000000024 +0x0000000000000000000000000000000000000000000000000000000000000025 +0x0000000000000000000000000000000000000000000000000000000000000026 +0x0000000000000000000000000000000000000000000000000000000000000027 +0x0000000000000000000000000000000000000000000000000000000000000005 +0x0000000000000000000000000000000000000000000000000000000000000028 +0x0000000000000000000000000000000000000000000000000000000000000029 +0x000000000000000000000000000000000000000000000000000000000000002a +0x000000000000000000000000000000000000000000000000000000000000002b +0x000000000000000000000000000000000000000000000000000000000000002c +0x000000000000000000000000000000000000000000000000000000000000002d +0x000000000000000000000000000000000000000000000000000000000000002e +0x000000000000000000000000000000000000000000000000000000000000002f +0x0000000000000000000000000000000000000000000000000000000000000030 +0x0000000000000000000000000000000000000000000000000000000000000031 +0x0000000000000000000000000000000000000000000000000000000000000032 +0x0000000000000000000000000000000000000000000000000000000000000033 +0x0000000000000000000000000000000000000000000000000000000000000034 +0x0000000000000000000000000000000000000000000000000000000000000035 +0x0000000000000000000000000000000000000000000000000000000000000036 +0x0000000000000000000000000000000000000000000000000000000000000037 +0x0000000000000000000000000000000000000000000000000000000000000038 +0x0000000000000000000000000000000000000000000000000000000000000039 +0x000000000000000000000000000000000000000000000000000000000000003a +0x000000000000000000000000000000000000000000000000000000000000003b +0x000000000000000000000000000000000000000000000000000000000000003c +0x000000000000000000000000000000000000000000000000000000000000003d +0x000000000000000000000000000000000000000000000000000000000000003e +0x000000000000000000000000000000000000000000000000000000000000003f +0x0000000000000000000000000000000000000000000000000000000000000004 +0x0000000000000000000000000000000000000000000000000000000000000081 +0x0000000000000000000000000000000000000000000000000000000000000082 +0x0000000000000000000000000000000000000000000000000000000000000083 +0x0000000000000000000000000000000000000000000000000000000000000084 +0x0000000000000000000000000000000000000000000000000000000000000047 +0x0000000000000000000000000000000000000000000000000000000000000087 +0x0000000000000000000000000000000000000000000000000000000000000048 +0x0000000000000000000000000000000000000000000000000000000000000009 +0x000000000000000000000000000000000000000000000000000000000000000a +0x000000000000000000000000000000000000000000000000000000000000004b +0x000000000000000000000000000000000000000000000000000000000000004c +0x000000000000000000000000000000000000000000000000000000000000004d +0x000000000000000000000000000000000000000000000000000000000000004e +0x000000000000000000000000000000000000000000000000000000000000004f +0x0000000000000000000000000000000000000000000000000000000000000050 +0x0000000000000000000000000000000000000000000000000000000000000051 +0x0000000000000000000000000000000000000000000000000000000000000052 +0x0000000000000000000000000000000000000000000000000000000000000053 +0x0000000000000000000000000000000000000000000000000000000000000054 +0x0000000000000000000000000000000000000000000000000000000000000055 +0x0000000000000000000000000000000000000000000000000000000000000056 +0x0000000000000000000000000000000000000000000000000000000000000057 +0x0000000000000000000000000000000000000000000000000000000000000058 +0x0000000000000000000000000000000000000000000000000000000000000059 +0x000000000000000000000000000000000000000000000000000000000000005a +0x000000000000000000000000000000000000000000000000000000000000005b +0x000000000000000000000000000000000000000000000000000000000000005c +0x000000000000000000000000000000000000000000000000000000000000005d +0x000000000000000000000000000000000000000000000000000000000000005e +0x000000000000000000000000000000000000000000000000000000000000005f +0x0000000000000000000000000000000000000000000000000000000000000060 +0x0000000000000000000000000000000000000000000000000000000000000061 +0x0000000000000000000000000000000000000000000000000000000000000062 +0x0000000000000000000000000000000000000000000000000000000000000063 +0x0000000000000000000000000000000000000000000000000000000000000064 +0x0000000000000000000000000000000000000000000000000000000000000065 +0x0000000000000000000000000000000000000000000000000000000000000066 +0x0000000000000000000000000000000000000000000000000000000000000067 +0x0000000000000000000000000000000000000000000000000000000000000045 +0x0000000000000000000000000000000000000000000000000000000000000068 +0x0000000000000000000000000000000000000000000000000000000000000069 +0x000000000000000000000000000000000000000000000000000000000000006a +0x000000000000000000000000000000000000000000000000000000000000006b +0x000000000000000000000000000000000000000000000000000000000000006c +0x000000000000000000000000000000000000000000000000000000000000006d +0x000000000000000000000000000000000000000000000000000000000000006e +0x000000000000000000000000000000000000000000000000000000000000006f +0x0000000000000000000000000000000000000000000000000000000000000070 +0x0000000000000000000000000000000000000000000000000000000000000071 +0x0000000000000000000000000000000000000000000000000000000000000072 +0x0000000000000000000000000000000000000000000000000000000000000073 +0x0000000000000000000000000000000000000000000000000000000000000074 +0x0000000000000000000000000000000000000000000000000000000000000075 +0x0000000000000000000000000000000000000000000000000000000000000076 +0x0000000000000000000000000000000000000000000000000000000000000077 +0x0000000000000000000000000000000000000000000000000000000000000078 +0x0000000000000000000000000000000000000000000000000000000000000079 +0x000000000000000000000000000000000000000000000000000000000000007a +0x000000000000000000000000000000000000000000000000000000000000007b +0x000000000000000000000000000000000000000000000000000000000000007c +0x000000000000000000000000000000000000000000000000000000000000007d +0x000000000000000000000000000000000000000000000000000000000000007e +0x000000000000000000000000000000000000000000000000000000000000007f +0x0000000000000000000000000000000000000000000000000000000000000080 +0x0000000000000000000000000000000000000000000000000000000000000042 +0x0000000000000000000000000000000000000000000000000000000000000044 +0x0000000000000000000000000000000000000000000000000000000000000002 +0x0000000000000000000000000000000000000000000000000000000000000001 +0x0000000000000000000000000000000000000000000000000000000000000046 +0x0000000000000000000000000000000000000000000000000000000000000007 +0x0000000000000000000000000000000000000000000000000000000000000088 +0x0000000000000000000000000000000000000000000000000000000000000089 +0x000000000000000000000000000000000000000000000000000000000000008a +0x000000000000000000000000000000000000000000000000000000000000008b +0x000000000000000000000000000000000000000000000000000000000000008c +0x000000000000000000000000000000000000000000000000000000000000008d +0x000000000000000000000000000000000000000000000000000000000000008e +0x000000000000000000000000000000000000000000000000000000000000008f +0x0000000000000000000000000000000000000000000000000000000000000090 +0x0000000000000000000000000000000000000000000000000000000000000091 +0x0000000000000000000000000000000000000000000000000000000000000092 +0x0000000000000000000000000000000000000000000000000000000000000093 +0x0000000000000000000000000000000000000000000000000000000000000094 +0x0000000000000000000000000000000000000000000000000000000000000095 +0x0000000000000000000000000000000000000000000000000000000000000096 +0x0000000000000000000000000000000000000000000000000000000000000097 +0x0000000000000000000000000000000000000000000000000000000000000098 +0x0000000000000000000000000000000000000000000000000000000000000099 +0x000000000000000000000000000000000000000000000000000000000000009a +0x000000000000000000000000000000000000000000000000000000000000009b +0x000000000000000000000000000000000000000000000000000000000000009c +0x000000000000000000000000000000000000000000000000000000000000009d +0x000000000000000000000000000000000000000000000000000000000000009e +0x000000000000000000000000000000000000000000000000000000000000009f +0x00000000000000000000000000000000000000000000000000000000000000a0 +0x00000000000000000000000000000000000000000000000000000000000000a1 +0x00000000000000000000000000000000000000000000000000000000000000a2 +0x00000000000000000000000000000000000000000000000000000000000000a3 +0x00000000000000000000000000000000000000000000000000000000000000a4 +0x00000000000000000000000000000000000000000000000000000000000000a5 +0x00000000000000000000000000000000000000000000000000000000000000a6 +0x00000000000000000000000000000000000000000000000000000000000000a7 +0x0000000000000000000000000000000000000000000000000000000000000085 +0x00000000000000000000000000000000000000000000000000000000000000a8 +0x00000000000000000000000000000000000000000000000000000000000000a9 +0x00000000000000000000000000000000000000000000000000000000000000aa +0x00000000000000000000000000000000000000000000000000000000000000ab +0x00000000000000000000000000000000000000000000000000000000000000ac +0x00000000000000000000000000000000000000000000000000000000000000ad +0x00000000000000000000000000000000000000000000000000000000000000ae +0x00000000000000000000000000000000000000000000000000000000000000af +0x00000000000000000000000000000000000000000000000000000000000000b0 +0x00000000000000000000000000000000000000000000000000000000000000b1 +0x00000000000000000000000000000000000000000000000000000000000000b2 +0x00000000000000000000000000000000000000000000000000000000000000b3 +0x00000000000000000000000000000000000000000000000000000000000000b4 +0x00000000000000000000000000000000000000000000000000000000000000b5 +0x00000000000000000000000000000000000000000000000000000000000000b6 +0x00000000000000000000000000000000000000000000000000000000000000b7 +0x00000000000000000000000000000000000000000000000000000000000000b8 +0x00000000000000000000000000000000000000000000000000000000000000b9 +0x00000000000000000000000000000000000000000000000000000000000000ba +0x00000000000000000000000000000000000000000000000000000000000000bb +0x00000000000000000000000000000000000000000000000000000000000000bc +0x00000000000000000000000000000000000000000000000000000000000000bd +0x00000000000000000000000000000000000000000000000000000000000000be +0x00000000000000000000000000000000000000000000000000000000000000bf + + + + + + + + + +SIGMA VALUES INSIDE THE TEST StandardHonkComposer.SigmaIDCorrectness +0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 +0x0000000000000000000000000000000000000000000000000000000000000041 +0x0000000000000000000000000000000000000000000000000000000000000003 +0x0000000000000000000000000000000000000000000000000000000000000043 +0x0000000000000000000000000000000000000000000000000000000000000006 +0x0000000000000000000000000000000000000000000000000000000000000086 +0x0000000000000000000000000000000000000000000000000000000000000000 +0x0000000000000000000000000000000000000000000000000000000000000008 +0x0000000000000000000000000000000000000000000000000000000000000049 +0x000000000000000000000000000000000000000000000000000000000000004a +0x000000000000000000000000000000000000000000000000000000000000000b +0x000000000000000000000000000000000000000000000000000000000000000c +0x000000000000000000000000000000000000000000000000000000000000000d +0x000000000000000000000000000000000000000000000000000000000000000e +0x000000000000000000000000000000000000000000000000000000000000000f +0x0000000000000000000000000000000000000000000000000000000000000010 +0x0000000000000000000000000000000000000000000000000000000000000011 +0x0000000000000000000000000000000000000000000000000000000000000012 +0x0000000000000000000000000000000000000000000000000000000000000013 +0x0000000000000000000000000000000000000000000000000000000000000014 +0x0000000000000000000000000000000000000000000000000000000000000015 +0x0000000000000000000000000000000000000000000000000000000000000016 +0x0000000000000000000000000000000000000000000000000000000000000017 +0x0000000000000000000000000000000000000000000000000000000000000018 +0x0000000000000000000000000000000000000000000000000000000000000019 +0x000000000000000000000000000000000000000000000000000000000000001a +0x000000000000000000000000000000000000000000000000000000000000001b +0x000000000000000000000000000000000000000000000000000000000000001c +0x000000000000000000000000000000000000000000000000000000000000001d +0x000000000000000000000000000000000000000000000000000000000000001e +0x000000000000000000000000000000000000000000000000000000000000001f +0x0000000000000000000000000000000000000000000000000000000000000020 +0x0000000000000000000000000000000000000000000000000000000000000021 +0x0000000000000000000000000000000000000000000000000000000000000022 +0x0000000000000000000000000000000000000000000000000000000000000023 +0x0000000000000000000000000000000000000000000000000000000000000024 +0x0000000000000000000000000000000000000000000000000000000000000025 +0x0000000000000000000000000000000000000000000000000000000000000026 +0x0000000000000000000000000000000000000000000000000000000000000027 +0x0000000000000000000000000000000000000000000000000000000000000005 +0x0000000000000000000000000000000000000000000000000000000000000028 +0x0000000000000000000000000000000000000000000000000000000000000029 +0x000000000000000000000000000000000000000000000000000000000000002a +0x000000000000000000000000000000000000000000000000000000000000002b +0x000000000000000000000000000000000000000000000000000000000000002c +0x000000000000000000000000000000000000000000000000000000000000002d +0x000000000000000000000000000000000000000000000000000000000000002e +0x000000000000000000000000000000000000000000000000000000000000002f +0x0000000000000000000000000000000000000000000000000000000000000030 +0x0000000000000000000000000000000000000000000000000000000000000031 +0x0000000000000000000000000000000000000000000000000000000000000032 +0x0000000000000000000000000000000000000000000000000000000000000033 +0x0000000000000000000000000000000000000000000000000000000000000034 +0x0000000000000000000000000000000000000000000000000000000000000035 +0x0000000000000000000000000000000000000000000000000000000000000036 +0x0000000000000000000000000000000000000000000000000000000000000037 +0x0000000000000000000000000000000000000000000000000000000000000038 +0x0000000000000000000000000000000000000000000000000000000000000039 +0x000000000000000000000000000000000000000000000000000000000000003a +0x000000000000000000000000000000000000000000000000000000000000003b +0x000000000000000000000000000000000000000000000000000000000000003c +0x000000000000000000000000000000000000000000000000000000000000003d +0x000000000000000000000000000000000000000000000000000000000000003e +0x000000000000000000000000000000000000000000000000000000000000003f +0x0000000000000000000000000000000000000000000000000000000000000004 +0x0000000000000000000000000000000000000000000000000000000000000081 +0x0000000000000000000000000000000000000000000000000000000000000082 +0x0000000000000000000000000000000000000000000000000000000000000083 +0x0000000000000000000000000000000000000000000000000000000000000084 +0x0000000000000000000000000000000000000000000000000000000000000047 +0x0000000000000000000000000000000000000000000000000000000000000087 +0x0000000000000000000000000000000000000000000000000000000000000048 +0x0000000000000000000000000000000000000000000000000000000000000009 +0x000000000000000000000000000000000000000000000000000000000000000a +0x000000000000000000000000000000000000000000000000000000000000004b +0x000000000000000000000000000000000000000000000000000000000000004c +0x000000000000000000000000000000000000000000000000000000000000004d +0x000000000000000000000000000000000000000000000000000000000000004e +0x000000000000000000000000000000000000000000000000000000000000004f +0x0000000000000000000000000000000000000000000000000000000000000050 +0x0000000000000000000000000000000000000000000000000000000000000051 +0x0000000000000000000000000000000000000000000000000000000000000052 +0x0000000000000000000000000000000000000000000000000000000000000053 +0x0000000000000000000000000000000000000000000000000000000000000054 +0x0000000000000000000000000000000000000000000000000000000000000055 +0x0000000000000000000000000000000000000000000000000000000000000056 +0x0000000000000000000000000000000000000000000000000000000000000057 +0x0000000000000000000000000000000000000000000000000000000000000058 +0x0000000000000000000000000000000000000000000000000000000000000059 +0x000000000000000000000000000000000000000000000000000000000000005a +0x000000000000000000000000000000000000000000000000000000000000005b +0x000000000000000000000000000000000000000000000000000000000000005c +0x000000000000000000000000000000000000000000000000000000000000005d +0x000000000000000000000000000000000000000000000000000000000000005e +0x000000000000000000000000000000000000000000000000000000000000005f +0x0000000000000000000000000000000000000000000000000000000000000060 +0x0000000000000000000000000000000000000000000000000000000000000061 +0x0000000000000000000000000000000000000000000000000000000000000062 +0x0000000000000000000000000000000000000000000000000000000000000063 +0x0000000000000000000000000000000000000000000000000000000000000064 +0x0000000000000000000000000000000000000000000000000000000000000065 +0x0000000000000000000000000000000000000000000000000000000000000066 +0x0000000000000000000000000000000000000000000000000000000000000067 +0x0000000000000000000000000000000000000000000000000000000000000045 +0x0000000000000000000000000000000000000000000000000000000000000068 +0x0000000000000000000000000000000000000000000000000000000000000069 +0x000000000000000000000000000000000000000000000000000000000000006a +0x000000000000000000000000000000000000000000000000000000000000006b +0x000000000000000000000000000000000000000000000000000000000000006c +0x000000000000000000000000000000000000000000000000000000000000006d +0x000000000000000000000000000000000000000000000000000000000000006e +0x000000000000000000000000000000000000000000000000000000000000006f +0x0000000000000000000000000000000000000000000000000000000000000070 +0x0000000000000000000000000000000000000000000000000000000000000071 +0x0000000000000000000000000000000000000000000000000000000000000072 +0x0000000000000000000000000000000000000000000000000000000000000073 +0x0000000000000000000000000000000000000000000000000000000000000074 +0x0000000000000000000000000000000000000000000000000000000000000075 +0x0000000000000000000000000000000000000000000000000000000000000076 +0x0000000000000000000000000000000000000000000000000000000000000077 +0x0000000000000000000000000000000000000000000000000000000000000078 +0x0000000000000000000000000000000000000000000000000000000000000079 +0x000000000000000000000000000000000000000000000000000000000000007a +0x000000000000000000000000000000000000000000000000000000000000007b +0x000000000000000000000000000000000000000000000000000000000000007c +0x000000000000000000000000000000000000000000000000000000000000007d +0x000000000000000000000000000000000000000000000000000000000000007e +0x000000000000000000000000000000000000000000000000000000000000007f +0x0000000000000000000000000000000000000000000000000000000000000080 +0x0000000000000000000000000000000000000000000000000000000000000042 +0x0000000000000000000000000000000000000000000000000000000000000044 +0x0000000000000000000000000000000000000000000000000000000000000002 +0x0000000000000000000000000000000000000000000000000000000000000001 +0x0000000000000000000000000000000000000000000000000000000000000046 +0x0000000000000000000000000000000000000000000000000000000000000007 +0x0000000000000000000000000000000000000000000000000000000000000088 +0x0000000000000000000000000000000000000000000000000000000000000089 +0x000000000000000000000000000000000000000000000000000000000000008a +0x000000000000000000000000000000000000000000000000000000000000008b +0x000000000000000000000000000000000000000000000000000000000000008c +0x000000000000000000000000000000000000000000000000000000000000008d +0x000000000000000000000000000000000000000000000000000000000000008e +0x000000000000000000000000000000000000000000000000000000000000008f +0x0000000000000000000000000000000000000000000000000000000000000090 +0x0000000000000000000000000000000000000000000000000000000000000091 +0x0000000000000000000000000000000000000000000000000000000000000092 +0x0000000000000000000000000000000000000000000000000000000000000093 +0x0000000000000000000000000000000000000000000000000000000000000094 +0x0000000000000000000000000000000000000000000000000000000000000095 +0x0000000000000000000000000000000000000000000000000000000000000096 +0x0000000000000000000000000000000000000000000000000000000000000097 +0x0000000000000000000000000000000000000000000000000000000000000098 +0x0000000000000000000000000000000000000000000000000000000000000099 +0x000000000000000000000000000000000000000000000000000000000000009a +0x000000000000000000000000000000000000000000000000000000000000009b +0x000000000000000000000000000000000000000000000000000000000000009c +0x000000000000000000000000000000000000000000000000000000000000009d +0x000000000000000000000000000000000000000000000000000000000000009e +0x000000000000000000000000000000000000000000000000000000000000009f +0x00000000000000000000000000000000000000000000000000000000000000a0 +0x00000000000000000000000000000000000000000000000000000000000000a1 +0x00000000000000000000000000000000000000000000000000000000000000a2 +0x00000000000000000000000000000000000000000000000000000000000000a3 +0x00000000000000000000000000000000000000000000000000000000000000a4 +0x00000000000000000000000000000000000000000000000000000000000000a5 +0x00000000000000000000000000000000000000000000000000000000000000a6 +0x00000000000000000000000000000000000000000000000000000000000000a7 +0x0000000000000000000000000000000000000000000000000000000000000085 +0x00000000000000000000000000000000000000000000000000000000000000a8 +0x00000000000000000000000000000000000000000000000000000000000000a9 +0x00000000000000000000000000000000000000000000000000000000000000aa +0x00000000000000000000000000000000000000000000000000000000000000ab +0x00000000000000000000000000000000000000000000000000000000000000ac +0x00000000000000000000000000000000000000000000000000000000000000ad +0x00000000000000000000000000000000000000000000000000000000000000ae +0x00000000000000000000000000000000000000000000000000000000000000af +0x00000000000000000000000000000000000000000000000000000000000000b0 +0x00000000000000000000000000000000000000000000000000000000000000b1 +0x00000000000000000000000000000000000000000000000000000000000000b2 +0x00000000000000000000000000000000000000000000000000000000000000b3 +0x00000000000000000000000000000000000000000000000000000000000000b4 +0x00000000000000000000000000000000000000000000000000000000000000b5 +0x00000000000000000000000000000000000000000000000000000000000000b6 +0x00000000000000000000000000000000000000000000000000000000000000b7 +0x00000000000000000000000000000000000000000000000000000000000000b8 +0x00000000000000000000000000000000000000000000000000000000000000b9 +0x00000000000000000000000000000000000000000000000000000000000000ba +0x00000000000000000000000000000000000000000000000000000000000000bb +0x00000000000000000000000000000000000000000000000000000000000000bc +0x00000000000000000000000000000000000000000000000000000000000000bd +0x00000000000000000000000000000000000000000000000000000000000000be +0x00000000000000000000000000000000000000000000000000000000000000bf \ No newline at end of file diff --git a/sigma_now b/sigma_now new file mode 100644 index 0000000000..4989d087a7 --- /dev/null +++ b/sigma_now @@ -0,0 +1,267 @@ +SIGMA VALUES INSIDE THE FUNCTION compute_honk_style_permutation_lagrange_polynomials_from_mapping +0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 +0x0000000000000000000000000000000000000000000000000000000000000041 +0x0000000000000000000000000000000000000000000000000000000000000003 +0x0000000000000000000000000000000000000000000000000000000000000043 +0x0000000000000000000000000000000000000000000000000000000000000006 +0x0000000000000000000000000000000000000000000000000000000000000086 +0x0000000000000000000000000000000000000000000000000000000000000000 +0x0000000000000000000000000000000000000000000000000000000000000008 +0x0000000000000000000000000000000000000000000000000000000000000049 +0x000000000000000000000000000000000000000000000000000000000000004a +0x000000000000000000000000000000000000000000000000000000000000000b +0x000000000000000000000000000000000000000000000000000000000000000c +0x000000000000000000000000000000000000000000000000000000000000000d +0x000000000000000000000000000000000000000000000000000000000000000e +0x000000000000000000000000000000000000000000000000000000000000000f +0x0000000000000000000000000000000000000000000000000000000000000010 +0x0000000000000000000000000000000000000000000000000000000000000011 +0x0000000000000000000000000000000000000000000000000000000000000012 +0x0000000000000000000000000000000000000000000000000000000000000013 +0x0000000000000000000000000000000000000000000000000000000000000014 +0x0000000000000000000000000000000000000000000000000000000000000015 +0x0000000000000000000000000000000000000000000000000000000000000016 +0x0000000000000000000000000000000000000000000000000000000000000017 +0x0000000000000000000000000000000000000000000000000000000000000018 +0x0000000000000000000000000000000000000000000000000000000000000019 +0x000000000000000000000000000000000000000000000000000000000000001a +0x000000000000000000000000000000000000000000000000000000000000001b +0x000000000000000000000000000000000000000000000000000000000000001c +0x000000000000000000000000000000000000000000000000000000000000001d +0x000000000000000000000000000000000000000000000000000000000000001e +0x000000000000000000000000000000000000000000000000000000000000001f +0x0000000000000000000000000000000000000000000000000000000000000020 +0x0000000000000000000000000000000000000000000000000000000000000021 +0x0000000000000000000000000000000000000000000000000000000000000022 +0x0000000000000000000000000000000000000000000000000000000000000023 +0x0000000000000000000000000000000000000000000000000000000000000024 +0x0000000000000000000000000000000000000000000000000000000000000025 +0x0000000000000000000000000000000000000000000000000000000000000026 +0x0000000000000000000000000000000000000000000000000000000000000027 +0x0000000000000000000000000000000000000000000000000000000000000005 +0x0000000000000000000000000000000000000000000000000000000000000028 +0x0000000000000000000000000000000000000000000000000000000000000029 +0x000000000000000000000000000000000000000000000000000000000000002a +0x000000000000000000000000000000000000000000000000000000000000002b +0x000000000000000000000000000000000000000000000000000000000000002c +0x000000000000000000000000000000000000000000000000000000000000002d +0x000000000000000000000000000000000000000000000000000000000000002e +0x000000000000000000000000000000000000000000000000000000000000002f +0x0000000000000000000000000000000000000000000000000000000000000030 +0x0000000000000000000000000000000000000000000000000000000000000031 +0x0000000000000000000000000000000000000000000000000000000000000032 +0x0000000000000000000000000000000000000000000000000000000000000033 +0x0000000000000000000000000000000000000000000000000000000000000034 +0x0000000000000000000000000000000000000000000000000000000000000035 +0x0000000000000000000000000000000000000000000000000000000000000036 +0x0000000000000000000000000000000000000000000000000000000000000037 +0x0000000000000000000000000000000000000000000000000000000000000038 +0x0000000000000000000000000000000000000000000000000000000000000039 +0x000000000000000000000000000000000000000000000000000000000000003a +0x000000000000000000000000000000000000000000000000000000000000003b +0x000000000000000000000000000000000000000000000000000000000000003c +0x000000000000000000000000000000000000000000000000000000000000003d +0x000000000000000000000000000000000000000000000000000000000000003e +0x000000000000000000000000000000000000000000000000000000000000003f +0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 +0x0000000000000000000000000000000000000000000000000000000000000041 +0x0000000000000000000000000000000000000000000000000000000000000003 +0x0000000000000000000000000000000000000000000000000000000000000043 +0x0000000000000000000000000000000000000000000000000000000000000006 +0x0000000000000000000000000000000000000000000000000000000000000086 +0x0000000000000000000000000000000000000000000000000000000000000000 +0x0000000000000000000000000000000000000000000000000000000000000008 +0x0000000000000000000000000000000000000000000000000000000000000049 +0x000000000000000000000000000000000000000000000000000000000000004a +0x000000000000000000000000000000000000000000000000000000000000000b +0x000000000000000000000000000000000000000000000000000000000000000c +0x000000000000000000000000000000000000000000000000000000000000000d +0x000000000000000000000000000000000000000000000000000000000000000e +0x000000000000000000000000000000000000000000000000000000000000000f +0x0000000000000000000000000000000000000000000000000000000000000010 +0x0000000000000000000000000000000000000000000000000000000000000011 +0x0000000000000000000000000000000000000000000000000000000000000012 +0x0000000000000000000000000000000000000000000000000000000000000013 +0x0000000000000000000000000000000000000000000000000000000000000014 +0x0000000000000000000000000000000000000000000000000000000000000015 +0x0000000000000000000000000000000000000000000000000000000000000016 +0x0000000000000000000000000000000000000000000000000000000000000017 +0x0000000000000000000000000000000000000000000000000000000000000018 +0x0000000000000000000000000000000000000000000000000000000000000019 +0x000000000000000000000000000000000000000000000000000000000000001a +0x000000000000000000000000000000000000000000000000000000000000001b +0x000000000000000000000000000000000000000000000000000000000000001c +0x000000000000000000000000000000000000000000000000000000000000001d +0x000000000000000000000000000000000000000000000000000000000000001e +0x000000000000000000000000000000000000000000000000000000000000001f +0x0000000000000000000000000000000000000000000000000000000000000020 +0x0000000000000000000000000000000000000000000000000000000000000021 +0x0000000000000000000000000000000000000000000000000000000000000022 +0x0000000000000000000000000000000000000000000000000000000000000023 +0x0000000000000000000000000000000000000000000000000000000000000024 +0x0000000000000000000000000000000000000000000000000000000000000025 +0x0000000000000000000000000000000000000000000000000000000000000026 +0x0000000000000000000000000000000000000000000000000000000000000027 +0x0000000000000000000000000000000000000000000000000000000000000005 +0x0000000000000000000000000000000000000000000000000000000000000028 +0x0000000000000000000000000000000000000000000000000000000000000029 +0x000000000000000000000000000000000000000000000000000000000000002a +0x000000000000000000000000000000000000000000000000000000000000002b +0x000000000000000000000000000000000000000000000000000000000000002c +0x000000000000000000000000000000000000000000000000000000000000002d +0x000000000000000000000000000000000000000000000000000000000000002e +0x000000000000000000000000000000000000000000000000000000000000002f +0x0000000000000000000000000000000000000000000000000000000000000030 +0x0000000000000000000000000000000000000000000000000000000000000031 +0x0000000000000000000000000000000000000000000000000000000000000032 +0x0000000000000000000000000000000000000000000000000000000000000033 +0x0000000000000000000000000000000000000000000000000000000000000034 +0x0000000000000000000000000000000000000000000000000000000000000035 +0x0000000000000000000000000000000000000000000000000000000000000036 +0x0000000000000000000000000000000000000000000000000000000000000037 +0x0000000000000000000000000000000000000000000000000000000000000038 +0x0000000000000000000000000000000000000000000000000000000000000039 +0x000000000000000000000000000000000000000000000000000000000000003a +0x000000000000000000000000000000000000000000000000000000000000003b +0x000000000000000000000000000000000000000000000000000000000000003c +0x000000000000000000000000000000000000000000000000000000000000003d +0x000000000000000000000000000000000000000000000000000000000000003e +0x000000000000000000000000000000000000000000000000000000000000003f +0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 +0x0000000000000000000000000000000000000000000000000000000000000041 +0x0000000000000000000000000000000000000000000000000000000000000003 +0x0000000000000000000000000000000000000000000000000000000000000043 +0x0000000000000000000000000000000000000000000000000000000000000006 +0x0000000000000000000000000000000000000000000000000000000000000086 +0x0000000000000000000000000000000000000000000000000000000000000000 +0x0000000000000000000000000000000000000000000000000000000000000008 +0x0000000000000000000000000000000000000000000000000000000000000049 +0x000000000000000000000000000000000000000000000000000000000000004a +0x000000000000000000000000000000000000000000000000000000000000000b +0x000000000000000000000000000000000000000000000000000000000000000c +0x000000000000000000000000000000000000000000000000000000000000000d +0x000000000000000000000000000000000000000000000000000000000000000e +0x000000000000000000000000000000000000000000000000000000000000000f +0x0000000000000000000000000000000000000000000000000000000000000010 +0x0000000000000000000000000000000000000000000000000000000000000011 +0x0000000000000000000000000000000000000000000000000000000000000012 +0x0000000000000000000000000000000000000000000000000000000000000013 +0x0000000000000000000000000000000000000000000000000000000000000014 +0x0000000000000000000000000000000000000000000000000000000000000015 +0x0000000000000000000000000000000000000000000000000000000000000016 +0x0000000000000000000000000000000000000000000000000000000000000017 +0x0000000000000000000000000000000000000000000000000000000000000018 +0x0000000000000000000000000000000000000000000000000000000000000019 +0x000000000000000000000000000000000000000000000000000000000000001a +0x000000000000000000000000000000000000000000000000000000000000001b +0x000000000000000000000000000000000000000000000000000000000000001c +0x000000000000000000000000000000000000000000000000000000000000001d +0x000000000000000000000000000000000000000000000000000000000000001e +0x000000000000000000000000000000000000000000000000000000000000001f +0x0000000000000000000000000000000000000000000000000000000000000020 +0x0000000000000000000000000000000000000000000000000000000000000021 +0x0000000000000000000000000000000000000000000000000000000000000022 +0x0000000000000000000000000000000000000000000000000000000000000023 +0x0000000000000000000000000000000000000000000000000000000000000024 +0x0000000000000000000000000000000000000000000000000000000000000025 +0x0000000000000000000000000000000000000000000000000000000000000026 +0x0000000000000000000000000000000000000000000000000000000000000027 +0x0000000000000000000000000000000000000000000000000000000000000005 +0x0000000000000000000000000000000000000000000000000000000000000028 +0x0000000000000000000000000000000000000000000000000000000000000029 +0x000000000000000000000000000000000000000000000000000000000000002a +0x000000000000000000000000000000000000000000000000000000000000002b +0x000000000000000000000000000000000000000000000000000000000000002c +0x000000000000000000000000000000000000000000000000000000000000002d +0x000000000000000000000000000000000000000000000000000000000000002e +0x000000000000000000000000000000000000000000000000000000000000002f +0x0000000000000000000000000000000000000000000000000000000000000030 +0x0000000000000000000000000000000000000000000000000000000000000031 +0x0000000000000000000000000000000000000000000000000000000000000032 +0x0000000000000000000000000000000000000000000000000000000000000033 +0x0000000000000000000000000000000000000000000000000000000000000034 +0x0000000000000000000000000000000000000000000000000000000000000035 +0x0000000000000000000000000000000000000000000000000000000000000036 +0x0000000000000000000000000000000000000000000000000000000000000037 +0x0000000000000000000000000000000000000000000000000000000000000038 +0x0000000000000000000000000000000000000000000000000000000000000039 +0x000000000000000000000000000000000000000000000000000000000000003a +0x000000000000000000000000000000000000000000000000000000000000003b +0x000000000000000000000000000000000000000000000000000000000000003c +0x000000000000000000000000000000000000000000000000000000000000003d +0x000000000000000000000000000000000000000000000000000000000000003e +0x000000000000000000000000000000000000000000000000000000000000003f + + + + + + + + + +SIGMA VALUES INSIDE THE TEST StandardHonkComposer.SigmaIDCorrectness +0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 +0x0000000000000000000000000000000000000000000000000000000000000041 +0x0000000000000000000000000000000000000000000000000000000000000003 +0x0000000000000000000000000000000000000000000000000000000000000043 +0x0000000000000000000000000000000000000000000000000000000000000006 +0x0000000000000000000000000000000000000000000000000000000000000086 +0x0000000000000000000000000000000000000000000000000000000000000000 +0x0000000000000000000000000000000000000000000000000000000000000008 +0x0000000000000000000000000000000000000000000000000000000000000049 +0x000000000000000000000000000000000000000000000000000000000000004a +0x000000000000000000000000000000000000000000000000000000000000000b +0x000000000000000000000000000000000000000000000000000000000000000c +0x000000000000000000000000000000000000000000000000000000000000000d +0x000000000000000000000000000000000000000000000000000000000000000e +0x000000000000000000000000000000000000000000000000000000000000000f +0x0000000000000000000000000000000000000000000000000000000000000010 +0x0000000000000000000000000000000000000000000000000000000000000011 +0x0000000000000000000000000000000000000000000000000000000000000012 +0x0000000000000000000000000000000000000000000000000000000000000013 +0x0000000000000000000000000000000000000000000000000000000000000014 +0x0000000000000000000000000000000000000000000000000000000000000015 +0x0000000000000000000000000000000000000000000000000000000000000016 +0x0000000000000000000000000000000000000000000000000000000000000017 +0x0000000000000000000000000000000000000000000000000000000000000018 +0x0000000000000000000000000000000000000000000000000000000000000019 +0x000000000000000000000000000000000000000000000000000000000000001a +0x000000000000000000000000000000000000000000000000000000000000001b +0x000000000000000000000000000000000000000000000000000000000000001c +0x000000000000000000000000000000000000000000000000000000000000001d +0x000000000000000000000000000000000000000000000000000000000000001e +0x000000000000000000000000000000000000000000000000000000000000001f +0x0000000000000000000000000000000000000000000000000000000000000020 +0x0000000000000000000000000000000000000000000000000000000000000021 +0x0000000000000000000000000000000000000000000000000000000000000022 +0x0000000000000000000000000000000000000000000000000000000000000023 +0x0000000000000000000000000000000000000000000000000000000000000024 +0x0000000000000000000000000000000000000000000000000000000000000025 +0x0000000000000000000000000000000000000000000000000000000000000026 +0x0000000000000000000000000000000000000000000000000000000000000027 +0x0000000000000000000000000000000000000000000000000000000000000005 +0x0000000000000000000000000000000000000000000000000000000000000028 +0x0000000000000000000000000000000000000000000000000000000000000029 +0x000000000000000000000000000000000000000000000000000000000000002a +0x000000000000000000000000000000000000000000000000000000000000002b +0x000000000000000000000000000000000000000000000000000000000000002c +0x000000000000000000000000000000000000000000000000000000000000002d +0x000000000000000000000000000000000000000000000000000000000000002e +0x000000000000000000000000000000000000000000000000000000000000002f +0x0000000000000000000000000000000000000000000000000000000000000030 +0x0000000000000000000000000000000000000000000000000000000000000031 +0x0000000000000000000000000000000000000000000000000000000000000032 +0x0000000000000000000000000000000000000000000000000000000000000033 +0x0000000000000000000000000000000000000000000000000000000000000034 +0x0000000000000000000000000000000000000000000000000000000000000035 +0x0000000000000000000000000000000000000000000000000000000000000036 +0x0000000000000000000000000000000000000000000000000000000000000037 +0x0000000000000000000000000000000000000000000000000000000000000038 +0x0000000000000000000000000000000000000000000000000000000000000039 +0x000000000000000000000000000000000000000000000000000000000000003a +0x000000000000000000000000000000000000000000000000000000000000003b +0x000000000000000000000000000000000000000000000000000000000000003c +0x000000000000000000000000000000000000000000000000000000000000003d +0x000000000000000000000000000000000000000000000000000000000000003e +0x000000000000000000000000000000000000000000000000000000000000003f \ No newline at end of file From 924d562e91149545a46a412f89e1a905befc5564 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 20 Apr 2023 18:37:30 +0000 Subject: [PATCH 024/119] move wire index incrementer inside loop in compute perm mapping --- .../barretenberg/proof_system/composer/permutation_helper.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 52ddef2bbf..e9e8d4a080 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -265,8 +265,8 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( info(current_permutation_poly[i]); } // ITERATE_OVER_DOMAIN_END; + wire_index++; } - wire_index++; } } // namespace From c279b8be22c5e2888c9cd9ef7e2be38b1ddae217 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 18:48:06 +0000 Subject: [PATCH 025/119] Comments --- cpp/src/barretenberg/honk/proof_system/prover_library.cpp | 1 + cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index d812b3f21b..947440edd7 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -6,6 +6,7 @@ namespace proof_system::honk::prover_library { +// WORKTODO: extract from flavor. using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 846da06893..30a37252c1 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -933,6 +933,6 @@ template concept IsAnyOf = (std::same_as || .. template concept IsPlonkFlavor = IsAnyOf; -template concept IsHonkFlavor = IsAnyOf; +template concept IsHonkFlavor = IsAnyOf; } // namespace proof_system From ac03bf8403c6cb2a2474ac10ac3a92934d6f9df2 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 20 Apr 2023 19:25:21 +0000 Subject: [PATCH 026/119] commitment label fix --- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 846da06893..cf7a60d42c 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -4,6 +4,7 @@ #include #include #include +#include #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" @@ -413,11 +414,13 @@ class Standard { // note: we could consider "enriching" the transcript interface to not use // strings in the future, but I leave it this way for simplicity - // WORKTODO: stick with these names from before? - std::string w_l = "W_1"; - std::string w_r = "W_2"; - std::string w_o = "W_3"; - std::string z_perm = "Z_PERM"; + CommitmentLabels() + { + w_l = "W_1"; + w_r = "W_2"; + w_o = "W_3"; + z_perm = "Z_PERM"; + }; }; }; From 56a5b0aac15bfea1000bfc256b6d849b9af716a4 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 20:34:06 +0000 Subject: [PATCH 027/119] New vk --- .../standard_honk_composer_helper.cpp | 36 ++++----- .../standard_honk_composer_helper.hpp | 11 +-- .../ultra_honk_composer_helper.cpp | 2 +- .../ultra_honk_composer_helper.hpp | 9 ++- .../honk/composer/standard_honk_composer.hpp | 5 +- .../composer/standard_honk_composer.test.cpp | 4 +- .../honk/composer/ultra_honk_composer.hpp | 9 ++- .../honk/proof_system/composer_helper.lib.hpp | 77 ++++++++----------- .../honk/proof_system/verifier.cpp | 18 +++-- .../honk/proof_system/verifier.hpp | 4 +- .../honk/transcript/transcript.hpp | 2 - .../composer/permutation_helper.hpp | 47 ++++++----- .../proof_system/flavor/flavor.hpp | 65 +++++++++------- 13 files changed, 141 insertions(+), 148 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index de76dce977..74357b793c 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -44,31 +44,29 @@ std::shared_ptr StandardHonkComposerHelp * (2) sets the polynomial manifest using the data from proving key. */ -std::shared_ptr StandardHonkComposerHelper::compute_verification_key_base( +std::shared_ptr StandardHonkComposerHelper::compute_verification_key_base( std::shared_ptr const& proving_key, std::shared_ptr const& vrs) { - auto key = std::make_shared( + auto key = std::make_shared( proving_key->circuit_size, proving_key->num_public_inputs, vrs, proving_key->composer_type); // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc auto commitment_key = pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); - // // WORKTODO - // // Compute and store commitments to all precomputed polynomials - // key->commitments["Q_M"] = commitment_key.commit(proving_key->polynomial_store.get("q_m_lagrange")); - // key->commitments["Q_1"] = commitment_key.commit(proving_key->polynomial_store.get("q_1_lagrange")); - // key->commitments["Q_2"] = commitment_key.commit(proving_key->polynomial_store.get("q_2_lagrange")); - // key->commitments["Q_3"] = commitment_key.commit(proving_key->polynomial_store.get("q_3_lagrange")); - // key->commitments["Q_C"] = commitment_key.commit(proving_key->polynomial_store.get("q_c_lagrange")); - // key->commitments["SIGMA_1"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_1_lagrange")); - // key->commitments["SIGMA_2"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_2_lagrange")); - // key->commitments["SIGMA_3"] = commitment_key.commit(proving_key->polynomial_store.get("sigma_3_lagrange")); - // key->commitments["ID_1"] = commitment_key.commit(proving_key->polynomial_store.get("id_1_lagrange")); - // key->commitments["ID_2"] = commitment_key.commit(proving_key->polynomial_store.get("id_2_lagrange")); - // key->commitments["ID_3"] = commitment_key.commit(proving_key->polynomial_store.get("id_3_lagrange")); - // key->commitments["LAGRANGE_FIRST"] = - // commitment_key.commit(proving_key->polynomial_store.get("L_first_lagrange")); key->commitments["LAGRANGE_LAST"] = - // commitment_key.commit(proving_key->polynomial_store.get("L_last_lagrange")); + // Compute and store commitments to all precomputed polynomials + key->q_m = commitment_key.commit(proving_key->q_m); + key->q_l = commitment_key.commit(proving_key->q_l); + key->q_r = commitment_key.commit(proving_key->q_r); + key->q_o = commitment_key.commit(proving_key->q_o); + key->q_c = commitment_key.commit(proving_key->q_c); + key->sigma_1 = commitment_key.commit(proving_key->sigma_1); + key->sigma_2 = commitment_key.commit(proving_key->sigma_2); + key->sigma_3 = commitment_key.commit(proving_key->sigma_3); + key->id_1 = commitment_key.commit(proving_key->id_1); + key->id_2 = commitment_key.commit(proving_key->id_2); + key->id_3 = commitment_key.commit(proving_key->id_3); + key->lagrange_first = commitment_key.commit(proving_key->lagrange_first); + key->lagrange_last = commitment_key.commit(proving_key->lagrange_last); return key; } @@ -125,7 +123,7 @@ std::shared_ptr StandardHonkComposerHelp * * @return Pointer to created circuit verification key. * */ -std::shared_ptr StandardHonkComposerHelper::compute_verification_key( +std::shared_ptr StandardHonkComposerHelper::compute_verification_key( const CircuitConstructor& circuit_constructor) { if (circuit_verification_key) { diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 6f683b6a27..80dc6ff70b 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -20,13 +20,14 @@ class StandardHonkComposerHelper { public: using Flavor = flavor::Standard; using CircuitConstructor = Flavor::CircuitConstructor; - using ProvingKey = Flavor::ProvingKey; // WORKTODO: undo this changed; not needed + using ProvingKey = Flavor::ProvingKey; + using VerificationKey = Flavor::VerificationKey; static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; std::shared_ptr proving_key; std::vector wire_polynomials; - std::shared_ptr circuit_verification_key; + std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all std::shared_ptr crs_factory_; @@ -44,7 +45,7 @@ class StandardHonkComposerHelper { : crs_factory_(std::move(crs_factory)) {} StandardHonkComposerHelper(std::shared_ptr p_key, - std::shared_ptr v_key) // WORKTODO + std::shared_ptr v_key) // WORKTODO : proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} @@ -55,7 +56,7 @@ class StandardHonkComposerHelper { ~StandardHonkComposerHelper() = default; std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); - std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); + std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); StandardVerifier create_verifier(const CircuitConstructor& circuit_constructor); @@ -68,7 +69,7 @@ class StandardHonkComposerHelper { const size_t num_randomized_gates = NUM_RANDOMIZED_GATES); // This needs to be static as it may be used only to compute the selector commitments. - static std::shared_ptr compute_verification_key_base( + static std::shared_ptr compute_verification_key_base( std::shared_ptr const& proving_key, std::shared_ptr const& vrs); void compute_witness(const CircuitConstructor& circuit_constructor, const size_t minimum_circuit_size = 0); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 2589fb589e..63dd8aa10c 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -310,7 +310,7 @@ std::shared_ptr UltraHonkComposerHe // * // * @return Pointer to created circuit verification key. // * */ -// std::shared_ptr UltraHonkComposerHelper::compute_verification_key( +// std::shared_ptr UltraHonkComposerHelper::compute_verification_key( // const CircuitConstructor& circuit_constructor) // { // if (circuit_verification_key) { diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 14bcc7f904..ad813e2afb 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -19,7 +19,8 @@ class UltraHonkComposerHelper { public: using Flavor = flavor::Ultra; using CircuitConstructor = Flavor::CircuitConstructor; - using ProvingKey = Flavor::ProvingKey; // WORKTODO: undo this changed; not needed + using ProvingKey = Flavor::ProvingKey; + using VerificationKey = Flavor::VerificationKey; // TODO(#340)(luke): In the split composers, NUM_RANDOMIZED_GATES has replaced NUM_RESERVED_GATES (in some places) // to determine the next-power-of-2 circuit size. (There are some places in this composer that still use @@ -30,7 +31,7 @@ class UltraHonkComposerHelper { static constexpr size_t num_wires = CircuitConstructor::num_wires; std::vector wire_polynomials; std::shared_ptr circuit_proving_key; - std::shared_ptr circuit_verification_key; + std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all std::shared_ptr crs_factory_; @@ -49,7 +50,7 @@ class UltraHonkComposerHelper { : crs_factory_(std::move(crs_factory)) {} - UltraHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) + UltraHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) : circuit_proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} @@ -63,7 +64,7 @@ class UltraHonkComposerHelper { void finalize_circuit(CircuitConstructor& circuit_constructor) { circuit_constructor.finalize_circuit(); }; std::shared_ptr compute_proving_key(const CircuitConstructor& circuit_constructor); - // std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); + // std::shared_ptr compute_verification_key(const CircuitConstructor& circuit_constructor); void compute_witness(CircuitConstructor& circuit_constructor); diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 735905b359..589c73c577 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -24,6 +24,7 @@ class StandardHonkComposer { using Flavor = flavor::Standard; using CircuitConstructor = StandardCircuitConstructor; using ProvingKey = typename Flavor::ProvingKey; + using VerificationKey = typename Flavor::VerificationKey; static constexpr ComposerType type = ComposerType::STANDARD_HONK; // TODO(Cody): Get rid of this. static constexpr size_t UINT_LOG2_BASE = 2; @@ -67,7 +68,7 @@ class StandardHonkComposer { {} StandardHonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, + std::shared_ptr const& v_key, size_t size_hint = 0) : circuit_constructor(size_hint) , composer_helper(p_key, v_key) @@ -175,7 +176,7 @@ class StandardHonkComposer { return composer_helper.compute_proving_key(circuit_constructor); } - std::shared_ptr compute_verification_key() + std::shared_ptr compute_verification_key() { return composer_helper.compute_verification_key(circuit_constructor); } diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index b0f5b2ce2a..04d96e1767 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -49,7 +49,6 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) for (size_t i = 0; i < n; ++i) { left *= (gamma + wire_idx * n + i); right *= (gamma + sigma_polynomial[i]); - info(sigma_polynomial[i], "<-- in test"); } // Ensure that the public inputs cycles are correctly broken // and fix the cycle by adding the extra terms @@ -302,8 +301,7 @@ TEST(StandardHonkComposer, VerificationKeyCreation) // There is nothing we can really check apart from the fact that constraint selectors and permutation selectors were // committed to, we simply check that the verification key now contains the appropriate number of constraint and // permutation selector commitments. This method should work with any future arithemtization. - EXPECT_EQ(verification_key->commitments.size(), - composer.circuit_constructor.selectors.size() + composer.num_wires * 2 + 2); + EXPECT_EQ(verification_key->size(), composer.circuit_constructor.selectors.size() + composer.num_wires * 2 + 2); } TEST(StandardHonkComposer, BaseCase) diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index 6efd77899c..52a378c05f 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -16,6 +16,11 @@ class UltraHonkComposer { // 1) Proving and verification keys // 2) CRS // 3) Converting variables to witness vectors/polynomials + using Flavor = flavor::Ultra; + using CircuitConstructor = UltraCircuitConstructor; + using ProvingKey = typename Flavor::ProvingKey; + using VerificationKey = typename Flavor::VerificationKey; + UltraHonkComposerHelper composer_helper; size_t& num_gates; @@ -31,8 +36,8 @@ class UltraHonkComposer { , composer_helper(crs_factory) , num_gates(circuit_constructor.num_gates){}; - UltraHonkComposer(std::shared_ptr const& p_key, - std::shared_ptr const& v_key, + UltraHonkComposer(std::shared_ptr const& p_key, + std::shared_ptr const& v_key, size_t size_hint = 0); UltraHonkComposer(UltraHonkComposer&& other) = default; UltraHonkComposer& operator=(UltraHonkComposer&& other) = delete; diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index bf56d2a620..dee5ba93d5 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -1,46 +1,31 @@ -// WORKTODO -// #pragma once -// #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" -// #include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" - -// namespace proof_system::plonk { - -// /** -// * @brief Computes the verification key by computing the: -// * (1) commitments to the selector, permutation, and lagrange (first/last) polynomials, -// * (2) sets the polynomial manifest using the data from proving key. -// */ -// std::shared_ptr compute_verification_key_common( -// std::shared_ptr const& proving_key, std::shared_ptr const& vrs) -// { -// auto circuit_verification_key = std::make_shared( -// proving_key->circuit_size, proving_key->num_public_inputs, vrs, proving_key->composer_type); -// // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc -// auto commitment_key = proof_system::honk::pcs::kzg::CommitmentKey(proving_key->circuit_size, -// "../srs_db/ignition"); - -// for (size_t i = 0; i < proving_key->polynomial_manifest.size(); ++i) { -// const auto& poly_info = proving_key->polynomial_manifest[i]; - -// const std::string poly_label(poly_info.polynomial_label); -// const std::string selector_commitment_label(poly_info.commitment_label); - -// if (poly_info.source == PolynomialSource::SELECTOR || poly_info.source == PolynomialSource::PERMUTATION || -// poly_info.source == PolynomialSource::OTHER) { -// // Fetch the polynomial in its vector form. - -// // Commit to the constraint selector polynomial and insert the commitment in the verification key. - -// auto poly_commitment = commitment_key.commit(proving_key->polynomial_store.get(poly_label)); -// circuit_verification_key->commitments.insert({ selector_commitment_label, poly_commitment }); -// } -// } - -// // Set the polynomial manifest in verification key. -// circuit_verification_key->polynomial_manifest = -// proof_system::plonk::PolynomialManifest(proving_key->composer_type); - -// return circuit_verification_key; -// } - -// } // namespace proof_system::plonk +#pragma once +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" + +namespace proof_system::honk { + +/** + * @brief Computes the verification key by computing the: + * (1) commitments to the selector, permutation, and lagrange (first/last) polynomials, + * (2) sets the polynomial manifest using the data from proving key. + */ +template +std::shared_ptr compute_verification_key_common( + std::shared_ptr const& proving_key, + std::shared_ptr const& vrs) +{ + auto verification_key = std::make_shared( + proving_key->circuit_size, proving_key->num_public_inputs, vrs, proving_key->composer_type); + // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc + // WORKTODO: ^^^^^^^^^^ resolvable now? + auto commitment_key = honk::pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); + + size_t poly_idx = 0; // ZIPTODO + for (auto& polynomial : proving_key) { + verification_key[poly_idx] = commitment_key.commit(polynomial) polynomial_idx++; + } + + return verification_key; +} + +} // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 108d243885..024f217611 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -30,7 +30,7 @@ using namespace proof_system::honk::sumcheck; namespace proof_system::honk { template // WORKTODO: merge these settings? -Verifier::Verifier(std::shared_ptr verifier_key) +Verifier::Verifier(std::shared_ptr verifier_key) : key(verifier_key) {} @@ -145,7 +145,7 @@ bool Verifier::verify_proof(const plonk::proof& proof) return false; } - auto [multivariate_challenge, multivariate_evaluations] = *sumcheck_output; + auto [multivariate_challenge, purported_evaluations] = *sumcheck_output; // Execute Gemini/Shplonk verification: @@ -161,15 +161,17 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Compute batched multivariate evaluation FF batched_evaluation = FF::zero(); - for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - batched_evaluation += multivariate_evaluations[i] * rhos[i]; + size_t evaluation_idx = 0; + for (auto& value : purported_evaluations) { + batched_evaluation += value * rhos[evaluation_idx]; + evaluation_idx++; } // Construct batched commitment for NON-shifted polynomials - for (size_t i = 0; i < NUM_PRECOMPUTED; ++i) { - // WORKTODO: get rid of ENUM_TO_COMM - auto commitment = key->commitments[honk::StandardArithmetization::ENUM_TO_COMM[i]]; - batched_commitment_unshifted += commitment * rhos[i]; + size_t commitment_idx = 0; + for (auto& commitment : *key) { + batched_commitment_unshifted += commitment * rhos[commitment_idx]; + commitment_idx++; } // add wire commitments for (size_t i = 0; i < num_wires; ++i) { diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.hpp b/cpp/src/barretenberg/honk/proof_system/verifier.hpp index 553d09ad38..717de4c316 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.hpp @@ -17,7 +17,7 @@ namespace proof_system::honk { template class Verifier { public: - Verifier(std::shared_ptr verifier_key = nullptr); + Verifier(std::shared_ptr verifier_key = nullptr); Verifier(Verifier&& other); Verifier(const Verifier& other) = delete; Verifier& operator=(const Verifier& other) = delete; @@ -25,7 +25,7 @@ template class Verifier { bool verify_proof(const plonk::proof& proof); - std::shared_ptr key; + std::shared_ptr key; std::map kate_g1_elements; std::map kate_fr_elements; std::shared_ptr kate_verification_key; diff --git a/cpp/src/barretenberg/honk/transcript/transcript.hpp b/cpp/src/barretenberg/honk/transcript/transcript.hpp index ff859806b2..fec507a642 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.hpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.hpp @@ -119,8 +119,6 @@ template class BaseTranscript { */ void consume_prover_element_bytes(const std::string& label, std::span element_bytes) { - (void)label; - // Add an entry to the current round of the manifest manifest.add_entry(round_number, label, element_bytes.size()); diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index e9e8d4a080..757e5ebe0a 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -239,32 +239,29 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( size_t wire_index = 0; for (auto& current_permutation_poly : permutation_polynomials) { - // ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); - for (size_t i = 0; i < proving_key->circuit_size; i++) { - const auto& current_mapping = permutation_mappings[wire_index][i]; - if (current_mapping.is_public_input) { - // We intentionally want to break the cycles of the public input variables. - // During the witness generation, the left and right wire polynomials at index i contain the i-th public - // input. The CyclicPermutation created for these variables always start with (i) -> (n+i), followed by - // the indices of the variables in the "real" gates. We make i point to -(i+1), so that the only way of - // repairing the cycle is add the mapping - // -(i+1) -> (n+i) - // These indices are chosen so they can easily be computed by the verifier. They can expect the running - // product to be equal to the "public input delta" that is computed in - current_permutation_poly[i] = - -barretenberg::fr(current_mapping.row_index + 1 + num_gates * current_mapping.column_index); - } else if (current_mapping.is_tag) { - // Set evaluations to (arbitrary) values disjoint from non-tag values - current_permutation_poly[i] = num_gates * Flavor::num_wires + current_mapping.row_index; - } else { - // For the regular permutation we simply point to the next location by setting the evaluation to its - // index - current_permutation_poly[i] = - barretenberg::fr(current_mapping.row_index + num_gates * current_mapping.column_index); - } - info(current_permutation_poly[i]); + ITERATE_OVER_DOMAIN_START(proving_key->evaluation_domain); + const auto& current_mapping = permutation_mappings[wire_index][i]; + if (current_mapping.is_public_input) { + // We intentionally want to break the cycles of the public input variables. + // During the witness generation, the left and right wire polynomials at index i contain the i-th public + // input. The CyclicPermutation created for these variables always start with (i) -> (n+i), followed by + // the indices of the variables in the "real" gates. We make i point to -(i+1), so that the only way of + // repairing the cycle is add the mapping + // -(i+1) -> (n+i) + // These indices are chosen so they can easily be computed by the verifier. They can expect the running + // product to be equal to the "public input delta" that is computed in + current_permutation_poly[i] = + -barretenberg::fr(current_mapping.row_index + 1 + num_gates * current_mapping.column_index); + } else if (current_mapping.is_tag) { + // Set evaluations to (arbitrary) values disjoint from non-tag values + current_permutation_poly[i] = num_gates * Flavor::num_wires + current_mapping.row_index; + } else { + // For the regular permutation we simply point to the next location by setting the evaluation to its + // index + current_permutation_poly[i] = + barretenberg::fr(current_mapping.row_index + num_gates * current_mapping.column_index); } - // ITERATE_OVER_DOMAIN_END; + ITERATE_OVER_DOMAIN_END; wire_index++; } } diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index e389dc87f6..e33f5faa2b 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -46,6 +46,10 @@ template class Data { template class BasePrecomputedData : public Data { public: + size_t circuit_size; + size_t log_circuit_size; + size_t num_public_inputs; + ComposerType composer_type; // WORKTODO: Get rid of this BasePrecomputedData() = default; virtual std::vector get_selectors() = 0; virtual std::vector get_sigma_polynomials() = 0; @@ -56,31 +60,11 @@ class BasePrecomputedData : public Data { // the selectors template class BaseProvingKey : public PrecomputedData { public: - size_t circuit_size; - size_t log_circuit_size; - size_t num_public_inputs; std::shared_ptr crs; EvaluationDomain evaluation_domain; - ComposerType composer_type; // WORKTODO: Get rid of this PolynomialStore polynomial_store; // WORKTODO: Get rid of this BaseProvingKey() = default; - // BaseProvingKey(const size_t circuit_size, - // const size_t num_public_inputs, - // std::shared_ptr const& crs, - // ComposerType composer_type) - // : circuit_size(circuit_size) - // , log_circuit_size(numeric::get_msb(circuit_size)) - // , num_public_inputs(num_public_inputs) - // , crs(crs) - // , evaluation_domain(circuit_size, circuit_size) - // , composer_type(composer_type){ - // for (auto& poly : this->_data) - // { - // auto new_poly = PrecomputedData(circuit_size); - // poly = new_poly; - // } - // }; }; /** @@ -89,7 +73,11 @@ template class BaseProvingKey : public P * * @tparam PrecomputedData */ -template using BaseVerificationKey = PrecomputedData; +template class BaseVerificationKey : public PrecomputedData { + public: + std::shared_ptr vrs; +}; + template class BaseAllData : public Data { public: BaseAllData() { this->_data = {}; } @@ -119,8 +107,8 @@ class Standard { using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; using G1 = barretenberg::g1; - using Commitment = G1; - using CommitmentView = G1; // TODO(Cody): make a pointer? + using Commitment = G1::affine_element; + using CommitmentView = G1::affine_element; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; @@ -146,9 +134,9 @@ class Standard { T& lagrange_first = std::get<11>(this->_data); T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - std::vector get_selectors() { return { q_m, q_l, q_r, q_o, q_c }; }; - std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3 }; }; - std::vector get_id_polynomials() { return { id_1, id_2, id_3 }; }; + std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; virtual ~PrecomputedData() = default; PrecomputedData() = default; @@ -252,7 +240,26 @@ class Standard { }; }; - using VerificationKey = BaseVerificationKey>; + class VerificationKey : public BaseVerificationKey> { + public: + VerificationKey() = default; + VerificationKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& vrs, + ComposerType composer_type) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->vrs = vrs; + this->composer_type = composer_type; + + // for (auto& poly : this->_data) { + // auto new_poly = Polynomial(circuit_size); + // poly = new_poly; + // } + }; + }; template class AllData : public BaseAllData { public: @@ -431,8 +438,8 @@ class Ultra { using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; using G1 = barretenberg::g1; - using Commitment = G1; - using CommitmentView = G1; // TODO(Cody): make a pointer? + using Commitment = G1::affine_element; + using CommitmentView = G1::affine_element; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; From 43fdc20e03bef3889d5641eea7b771fca749c604 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 20 Apr 2023 21:13:00 +0000 Subject: [PATCH 028/119] WIP on verifier (build but failing assert) --- .../honk/proof_system/verifier.cpp | 47 ++++++++++--------- .../proof_system/flavor/flavor.hpp | 33 ++++++++++--- .../proof_system/flavor/flavor.test.cpp | 2 +- 3 files changed, 52 insertions(+), 30 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 024f217611..1efda428fa 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -79,20 +79,24 @@ Verifier& Verifier::operator template bool Verifier::verify_proof(const plonk::proof& proof) { - using FF = typename program_settings::fr; + using FF = typename Flavor::FF; using Commitment = barretenberg::g1::element; - using CommitmentAffine = barretenberg::g1::affine_element; + // using CommitmentAffine = barretenberg::g1::affine_element; // WORKTODO: Commitment (just G1?) vs CommitmentAffine using Gemini = pcs::gemini::MultilinearReductionScheme; using Shplonk = pcs::shplonk::SingleBatchOpeningScheme; using KZG = pcs::kzg::UnivariateOpeningScheme; - const size_t NUM_POLYNOMIALS = honk::StandardArithmetization::NUM_POLYNOMIALS; - const size_t NUM_UNSHIFTED = honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS; - const size_t NUM_PRECOMPUTED = honk::StandardArithmetization::NUM_PRECOMPUTED_POLYNOMIALS; + using VerifierCommitments = typename Flavor::VerifierCommitments; - constexpr auto num_wires = program_settings::num_wires; + // const size_t NUM_POLYNOMIALS = honk::StandardArithmetization::NUM_POLYNOMIALS; + // const size_t NUM_UNSHIFTED = honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS; + // const size_t NUM_PRECOMPUTED = honk::StandardArithmetization::NUM_PRECOMPUTED_POLYNOMIALS; + + // constexpr auto num_wires = Flavor::num_wires; transcript = VerifierTranscript{ proof.proof_data }; + auto commitments = VerifierCommitments(key, transcript); + // TODO(Adrian): Change the initialization of the transcript to take the VK hash? const auto circuit_size = transcript.template receive_from_prover("circuit_size"); const auto public_input_size = transcript.template receive_from_prover("public_input_size"); @@ -110,11 +114,12 @@ bool Verifier::verify_proof(const plonk::proof& proof) public_inputs.emplace_back(public_input_i); } - // Get commitments to the wires - std::array wire_commitments; - for (size_t i = 0; i < num_wires; ++i) { - wire_commitments[i] = transcript.template receive_from_prover("W_" + std::to_string(i + 1)); - } + // // Get commitments to the wires + // std::array wire_commitments; + // for (size_t i = 0; i < num_wires; ++i) { + // wire_commitments[i] = transcript.template receive_from_prover("W_" + std::to_string(i + + // 1)); + // } // Get permutation challenges auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); @@ -127,8 +132,8 @@ bool Verifier::verify_proof(const plonk::proof& proof) .public_input_delta = public_input_delta, }; - // Get commitment to Z_PERM - auto z_permutation_commitment = transcript.template receive_from_prover("Z_PERM"); + // // Get commitment to Z_PERM + // auto z_permutation_commitment = transcript.template receive_from_prover("Z_PERM"); // // TODO(Cody): Compute some basic public polys like id(X), pow(X), and any required Lagrange polys @@ -157,7 +162,7 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Compute powers of batching challenge rho FF rho = transcript.get_challenge("rho"); - std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); + std::vector rhos = Gemini::powers_of_rho(rho, Flavor::NUM_ALL_ENTITIES); // Compute batched multivariate evaluation FF batched_evaluation = FF::zero(); @@ -169,20 +174,16 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Construct batched commitment for NON-shifted polynomials size_t commitment_idx = 0; - for (auto& commitment : *key) { + for (auto& commitment : commitments.get_not_to_be_shifted()) { batched_commitment_unshifted += commitment * rhos[commitment_idx]; commitment_idx++; } - // add wire commitments - for (size_t i = 0; i < num_wires; ++i) { - batched_commitment_unshifted += wire_commitments[i] * rhos[NUM_PRECOMPUTED + i]; - } - // add z_permutation commitment - batched_commitment_unshifted += z_permutation_commitment * rhos[NUM_PRECOMPUTED + num_wires]; // Construct batched commitment for to-be-shifted polynomials - batched_commitment_to_be_shifted = z_permutation_commitment * rhos[NUM_UNSHIFTED]; - + for (auto& commitment : commitments.get_to_be_shifted()) { + batched_commitment_unshifted += commitment * rhos[commitment_idx]; + commitment_idx++; + } // Produce a Gemini claim consisting of: // - d+1 commitments [Fold_{r}^(0)], [Fold_{-r}^(0)], and [Fold^(l)], l = 1:d-1 // - d+1 evaluations a_0_pos, and a_l, l = 0:d-1 diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index e33f5faa2b..beba3e45f4 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -8,6 +8,7 @@ #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/evaluation_domain.hpp" #include "barretenberg/polynomials/polynomial.hpp" @@ -253,11 +254,6 @@ class Standard { this->num_public_inputs = num_public_inputs; this->vrs = vrs; this->composer_type = composer_type; - - // for (auto& poly : this->_data) { - // auto new_poly = Polynomial(circuit_size); - // poly = new_poly; - // } }; }; @@ -402,7 +398,6 @@ class Standard { // provide the utility of grouping these and ranged `for` loops over // subsets. using ProverPolynomials = AllData; - using VerifierCommitments = AllData; // WORKTODO: Handle univariates right using FoldedPolynomials = AllData>; // WORKTODO add view class type. @@ -429,6 +424,32 @@ class Standard { z_perm = "Z_PERM"; }; }; + + class VerifierCommitments : public AllData { + public: + VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + { + auto commitment_labels = CommitmentLabels(); + w_l = transcript.template receive_from_prover(commitment_labels.w_l); + w_r = transcript.template receive_from_prover(commitment_labels.w_r); + w_o = transcript.template receive_from_prover(commitment_labels.w_o); + z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); + z_perm_shift = transcript.template receive_from_prover(commitment_labels.z_perm_shift); + q_m = verification_key->q_m; + q_l = verification_key->q_l; + q_r = verification_key->q_r; + q_o = verification_key->q_o; + q_c = verification_key->q_c; + sigma_1 = verification_key->sigma_1; + sigma_2 = verification_key->sigma_2; + sigma_3 = verification_key->sigma_3; + id_1 = verification_key->id_1; + id_2 = verification_key->id_2; + id_3 = verification_key->id_3; + lagrange_first = verification_key->lagrange_first; + lagrange_last = verification_key->lagrange_last; + } + }; }; class Ultra { diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index e777514f47..4eb89a177b 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -30,7 +30,7 @@ TEST(Flavor, Standard) Flavor::VerificationKey verification_key; Flavor::ProverPolynomials prover_polynomials; - Flavor::VerifierCommitments verifier_commitments; + // Flavor::VerifierCommitments verifier_commitments; Flavor::ExtendedEdges edges; Flavor::PurportedEvaluations evals; Flavor::CommitmentLabels commitment_labels; From a25deb38fb3e32eab8d8112853cd2477011d564d Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 21 Apr 2023 01:16:41 +0000 Subject: [PATCH 029/119] WIP on Gemini verification --- .../honk/proof_system/verifier.cpp | 33 ++++++++++++------- .../proof_system/flavor/flavor.hpp | 17 ++++++---- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 1efda428fa..fdb32e7f82 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -80,12 +80,14 @@ template bool Verifier::verify_proof(const plonk::proof& proof) { using FF = typename Flavor::FF; - using Commitment = barretenberg::g1::element; + using GroupElement = typename Flavor::GroupElement; + using Commitment = typename Flavor::Commitment; // using CommitmentAffine = barretenberg::g1::affine_element; // WORKTODO: Commitment (just G1?) vs CommitmentAffine using Gemini = pcs::gemini::MultilinearReductionScheme; using Shplonk = pcs::shplonk::SingleBatchOpeningScheme; using KZG = pcs::kzg::UnivariateOpeningScheme; using VerifierCommitments = typename Flavor::VerifierCommitments; + using CommitmentLabels = typename Flavor::CommitmentLabels; // const size_t NUM_POLYNOMIALS = honk::StandardArithmetization::NUM_POLYNOMIALS; // const size_t NUM_UNSHIFTED = honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS; @@ -96,6 +98,7 @@ bool Verifier::verify_proof(const plonk::proof& proof) transcript = VerifierTranscript{ proof.proof_data }; auto commitments = VerifierCommitments(key, transcript); + auto commitment_labels = CommitmentLabels(); // TODO(Adrian): Change the initialization of the transcript to take the VK hash? const auto circuit_size = transcript.template receive_from_prover("circuit_size"); @@ -114,12 +117,10 @@ bool Verifier::verify_proof(const plonk::proof& proof) public_inputs.emplace_back(public_input_i); } - // // Get commitments to the wires - // std::array wire_commitments; - // for (size_t i = 0; i < num_wires; ++i) { - // wire_commitments[i] = transcript.template receive_from_prover("W_" + std::to_string(i + - // 1)); - // } + // Get commitments to the wires + commitments.w_l = transcript.template receive_from_prover(commitment_labels.w_l); + commitments.w_r = transcript.template receive_from_prover(commitment_labels.w_r); + commitments.w_o = transcript.template receive_from_prover(commitment_labels.w_o); // Get permutation challenges auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); @@ -132,8 +133,8 @@ bool Verifier::verify_proof(const plonk::proof& proof) .public_input_delta = public_input_delta, }; - // // Get commitment to Z_PERM - // auto z_permutation_commitment = transcript.template receive_from_prover("Z_PERM"); + // Get commitment to Z_PERM + commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); // // TODO(Cody): Compute some basic public polys like id(X), pow(X), and any required Lagrange polys @@ -157,8 +158,8 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Construct inputs for Gemini verifier: // - Multivariate opening point u = (u_0, ..., u_{d-1}) // - batched unshifted and to-be-shifted polynomial commitments - auto batched_commitment_unshifted = Commitment::zero(); - auto batched_commitment_to_be_shifted = Commitment::zero(); + auto batched_commitment_unshifted = GroupElement::zero(); + auto batched_commitment_to_be_shifted = GroupElement::zero(); // Compute powers of batching challenge rho FF rho = transcript.get_challenge("rho"); @@ -167,7 +168,15 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Compute batched multivariate evaluation FF batched_evaluation = FF::zero(); size_t evaluation_idx = 0; - for (auto& value : purported_evaluations) { + // for (auto& value : purported_evaluations.get_in_order()) { + // batched_evaluation += value * rhos[evaluation_idx]; + // evaluation_idx++; + // } + for (auto& value : purported_evaluations.get_to_be_shifted()) { + batched_evaluation += value * rhos[evaluation_idx]; + evaluation_idx++; + } + for (auto& value : purported_evaluations.get_not_to_be_shifted()) { batched_evaluation += value * rhos[evaluation_idx]; evaluation_idx++; } diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index beba3e45f4..8e61ae3a50 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -108,6 +108,7 @@ class Standard { using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; using G1 = barretenberg::g1; + using GroupElement = G1::element; using Commitment = G1::affine_element; using CommitmentView = G1::affine_element; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; @@ -282,7 +283,7 @@ class Standard { std::vector get_not_to_be_shifted() override { // ...z_perm_shift is in here? - return { w_l, w_r, w_o, z_perm_shift, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, + return { w_l, w_r, w_o, z_perm, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; }; @@ -429,12 +430,13 @@ class Standard { public: VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) { - auto commitment_labels = CommitmentLabels(); - w_l = transcript.template receive_from_prover(commitment_labels.w_l); - w_r = transcript.template receive_from_prover(commitment_labels.w_r); - w_o = transcript.template receive_from_prover(commitment_labels.w_o); - z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); - z_perm_shift = transcript.template receive_from_prover(commitment_labels.z_perm_shift); + static_cast(transcript); + // auto commitment_labels = CommitmentLabels(); + // w_l = transcript.template receive_from_prover(commitment_labels.w_l); + // w_r = transcript.template receive_from_prover(commitment_labels.w_r); + // w_o = transcript.template receive_from_prover(commitment_labels.w_o); + // z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); + // z_perm_shift = transcript.template receive_from_prover(commitment_labels.z_perm_shift); q_m = verification_key->q_m; q_l = verification_key->q_l; q_r = verification_key->q_r; @@ -459,6 +461,7 @@ class Ultra { using Polynomial = barretenberg::Polynomial; using PolynomialView = std::span; using G1 = barretenberg::g1; + using GroupElement = G1::element; using Commitment = G1::affine_element; using CommitmentView = G1::affine_element; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; From 8b82d58fc358997a0421624d67cdd7da829733f0 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 21 Apr 2023 15:39:51 +0000 Subject: [PATCH 030/119] WIP sumcheck verifier passes but Gemini fails. --- .../barretenberg/honk/proof_system/prover.cpp | 15 ++++--- .../honk/proof_system/verifier.cpp | 15 +++---- .../relations/relation_correctness.test.cpp | 2 +- .../ultra_arithmetic_relation_secondary.hpp | 4 +- .../ultra_relation_consistency.test.cpp | 4 +- .../barretenberg/honk/sumcheck/sumcheck.hpp | 1 + .../honk/sumcheck/sumcheck_round.hpp | 2 +- .../proof_system/flavor/flavor.hpp | 44 +++++++++++++------ .../proof_system/flavor/flavor.test.cpp | 2 +- 9 files changed, 52 insertions(+), 37 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 04ec308f2d..480f3f2cd1 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -169,7 +169,6 @@ template void Prover::execute_univariatization_round() { // WORKTODO: make static const size_t NUM_POLYNOMIALS = prover_polynomials.size(); - const size_t NUM_UNSHIFTED_POLYS = prover_polynomials.get_not_to_be_shifted().size(); // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ FF rho = transcript.get_challenge("rho"); @@ -177,15 +176,17 @@ template void Prover::execute_univariatization_round() // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ Polynomial batched_poly_unshifted(key->circuit_size); // batched unshifted polynomials - size_t unshifted_poly_idx = 0; // ZIPTODO - for (auto& unshifted_poly : prover_polynomials.get_not_to_be_shifted()) { - batched_poly_unshifted.add_scaled(unshifted_poly, rhos[unshifted_poly_idx]); - unshifted_poly_idx++; + size_t poly_idx = 0; // ZIPTODO + for (auto& unshifted_poly : prover_polynomials.get_unshifted()) { + batched_poly_unshifted.add_scaled(unshifted_poly, rhos[poly_idx]); + poly_idx++; } - // TODO(Cody): if generizing this, loop over to-be-shifted. Polynomial batched_poly_to_be_shifted(key->circuit_size); // batched to-be-shifted polynomials - batched_poly_to_be_shifted.add_scaled(prover_polynomials.z_perm, rhos[NUM_UNSHIFTED_POLYS]); + for (auto& to_be_shifted_poly : prover_polynomials.get_to_be_shifted()) { + batched_poly_to_be_shifted.add_scaled(to_be_shifted_poly, rhos[poly_idx]); + poly_idx++; + }; // Compute d-1 polynomials Fold^(i), i = 1, ..., d-1. fold_polynomials = Gemini::compute_fold_polynomials( diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index fdb32e7f82..99cf913e15 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -135,6 +135,8 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Get commitment to Z_PERM commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); + // commitments.z_perm_shift = commitments.z_perm/* transcript.template + // receive_from_prover(commitment_labels.z_perm) */; // // TODO(Cody): Compute some basic public polys like id(X), pow(X), and any required Lagrange polys @@ -168,22 +170,14 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Compute batched multivariate evaluation FF batched_evaluation = FF::zero(); size_t evaluation_idx = 0; - // for (auto& value : purported_evaluations.get_in_order()) { - // batched_evaluation += value * rhos[evaluation_idx]; - // evaluation_idx++; - // } - for (auto& value : purported_evaluations.get_to_be_shifted()) { - batched_evaluation += value * rhos[evaluation_idx]; - evaluation_idx++; - } - for (auto& value : purported_evaluations.get_not_to_be_shifted()) { + for (auto& value : purported_evaluations.get_unshifted_then_shifted()) { batched_evaluation += value * rhos[evaluation_idx]; evaluation_idx++; } // Construct batched commitment for NON-shifted polynomials size_t commitment_idx = 0; - for (auto& commitment : commitments.get_not_to_be_shifted()) { + for (auto& commitment : commitments.get_unshifted()) { batched_commitment_unshifted += commitment * rhos[commitment_idx]; commitment_idx++; } @@ -193,6 +187,7 @@ bool Verifier::verify_proof(const plonk::proof& proof) batched_commitment_unshifted += commitment * rhos[commitment_idx]; commitment_idx++; } + // Produce a Gemini claim consisting of: // - d+1 commitments [Fold_{r}^(0)], [Fold_{-r}^(0)], and [Fold^(l)], l = 1:d-1 // - d+1 evaluations a_0_pos, and a_l, l = 0:d-1 diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index cb60a706ff..391b9caad9 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -198,7 +198,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.w_r = prover.wire_polynomials[1]; prover_polynomials.w_o = prover.wire_polynomials[2]; prover_polynomials.w_4 = prover.wire_polynomials[3]; - prover_polynomials.w_1_shift = prover.wire_polynomials[0].shifted(); + prover_polynomials.w_l_shift = prover.wire_polynomials[0].shifted(); prover_polynomials.w_4_shift = prover.wire_polynomials[3].shifted(); prover_polynomials.s_1 = prover.key->s_1; prover_polynomials.s_2 = prover.key->s_2; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp index fc61f633bb..66e42d9d09 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp @@ -34,7 +34,7 @@ template class UltraArithmeticRelationSecondary { auto w_l = UnivariateView(extended_edges.w_l); auto w_4 = UnivariateView(extended_edges.w_4); - auto w_l_shift = UnivariateView(extended_edges.w_1_shift); + auto w_l_shift = UnivariateView(extended_edges.w_l_shift); auto q_m = UnivariateView(extended_edges.q_m); auto q_arith = UnivariateView(extended_edges.q_arith); @@ -52,7 +52,7 @@ template class UltraArithmeticRelationSecondary { { auto w_l = purported_evaluations.w_l; auto w_4 = purported_evaluations.w_4; - auto w_l_shift = purported_evaluations.w_1_shift; + auto w_l_shift = purported_evaluations.w_l_shift; auto q_m = purported_evaluations.q_m; auto q_arith = purported_evaluations.q_arith; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index 370a77be27..e8e23f1831 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -242,11 +242,11 @@ TEST_F(UltraRelationConsistency, UltraArithmeticRelationSecondary) // Extract the extended edges for manual computation of relation contribution const auto& w_1 = extended_edges.w_l; const auto& w_4 = extended_edges.w_4; - const auto& w_1_shift = extended_edges.w_1_shift; + const auto& w_l_shift = extended_edges.w_l_shift; const auto& q_m = extended_edges.q_m; const auto& q_arith = extended_edges.q_arith; - auto expected_evals = (w_1 + w_4 - w_1_shift + q_m); + auto expected_evals = (w_1 + w_4 - w_l_shift + q_m); expected_evals *= (q_arith - 2) * (q_arith - 1) * q_arith; validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index 64a4044fb4..7b92ae02e6 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -124,6 +124,7 @@ template class... Relations } // Final round: Extract multivariate evaluations from folded_polynomials and add to transcript + // WORKTODO: improve loop. std::array multivariate_evaluations; for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { multivariate_evaluations[i] = folded_polynomials[i][0]; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index 8f3beae766..cd76e96462 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -71,7 +71,7 @@ template class... R // TODO(#224)(Cody): this barycentric stuff should be more built-in? std::tuple::RELATION_LENGTH, MAX_RELATION_LENGTH>...> barycentric_utils; std::tuple::RELATION_LENGTH>...> univariate_accumulators; - std::array evaluations; + std::array evaluations; // TODO(Cody): rename to relation_evaluations or something ExtendedEdges extended_edges; std::array, NUM_RELATIONS> extended_univariates; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 8e61ae3a50..569845944f 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -88,15 +88,16 @@ template class BaseAllData : public Data_data = other._data; }; BaseAllData& operator=(const BaseAllData&& other) { this->_data = other._data; }; - virtual std::vector get_not_to_be_shifted() = 0; + virtual std::vector get_unshifted() = 0; virtual std::vector get_to_be_shifted() = 0; + virtual std::vector get_shifted() = 0; // TODO(Cody): Look for a better solution? - std::vector get_in_order() + std::vector get_unshifted_then_shifted() { - std::vector result{ get_not_to_be_shifted() }; - std::vector to_be_shifted{ get_to_be_shifted() }; - result.insert(result.end(), to_be_shifted.begin(), to_be_shifted.end()); + std::vector result{ get_unshifted() }; + std::vector shifted{ get_shifted() }; + result.insert(result.end(), shifted.begin(), shifted.end()); return result; }; }; @@ -281,7 +282,7 @@ class Standard { std::vector get_wires() { return { w_l, w_r, w_o }; }; - std::vector get_not_to_be_shifted() override + std::vector get_unshifted() override { // ...z_perm_shift is in here? return { w_l, w_r, w_o, z_perm, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last }; @@ -289,6 +290,8 @@ class Standard { std::vector get_to_be_shifted() override { return { z_perm }; }; + std::vector get_shifted() override { return { z_perm_shift }; }; + AllData() = default; AllData(std::array _data_in) { @@ -423,6 +426,20 @@ class Standard { w_r = "W_2"; w_o = "W_3"; z_perm = "Z_PERM"; + z_perm_shift = "__z_perm_shift"; + q_m = "__q_m"; + q_l = "__q_l"; + q_r = "__q_r"; + q_o = "__q_o"; + q_c = "__q_c"; + sigma_1 = "__sigma_1"; + sigma_2 = "__sigma_2"; + sigma_3 = "__sigma_3"; + id_1 = "__id_1"; + id_2 = "__id_2"; + id_3 = "__id_3"; + lagrange_first = "__lagrange_first"; + lagrange_last = "__lagrange_last"; }; }; @@ -706,14 +723,14 @@ class Ultra { T& s_4 = std::get<32>(this->_data); T& z_perm = std::get<33>(this->_data); T& z_lookup = std::get<34>(this->_data); - T& w_1_shift = std::get<35>(this->_data); + T& w_l_shift = std::get<35>(this->_data); T& w_4_shift = std::get<36>(this->_data); T& z_perm_shift = std::get<37>(this->_data); T& z_lookup_shift = std::get<38>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_not_to_be_shifted() override + std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, @@ -724,7 +741,8 @@ class Ultra { }; }; - std::vector get_to_be_shifted() override { return { w_1_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; + std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; + std::vector get_shifted() override { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; AllData() = default; AllData(std::array _data_in) @@ -769,7 +787,7 @@ class Ultra { , s_4(other.s_4) , z_perm(other.z_perm) , z_lookup(other.z_lookup) - , w_1_shift(other.w_1_shift) + , w_l_shift(other.w_l_shift) , w_4_shift(other.w_4_shift) , z_perm_shift(other.z_perm_shift) , z_lookup_shift(other.z_lookup_shift){}; @@ -812,7 +830,7 @@ class Ultra { , s_4(other.s_4) , z_perm(other.z_perm) , z_lookup(other.z_lookup) - , w_1_shift(other.w_1_shift) + , w_l_shift(other.w_l_shift) , w_4_shift(other.w_4_shift) , z_perm_shift(other.z_perm_shift) , z_lookup_shift(other.z_lookup_shift){}; @@ -854,7 +872,7 @@ class Ultra { s_4 = other.s_4; z_perm = other.z_perm; z_lookup = other.z_lookup; - w_1_shift = other.w_1_shift; + w_l_shift = other.w_l_shift; w_4_shift = other.w_4_shift; z_perm_shift = other.z_perm_shift; z_lookup_shift = other.z_lookup_shift; @@ -898,7 +916,7 @@ class Ultra { s_4 = other.s_4; z_perm = other.z_perm; z_lookup = other.z_lookup; - w_1_shift = other.w_1_shift; + w_l_shift = other.w_l_shift; w_4_shift = other.w_4_shift; z_perm_shift = other.z_perm_shift; z_lookup_shift = other.z_lookup_shift; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 4eb89a177b..573a960612 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -36,7 +36,7 @@ TEST(Flavor, Standard) Flavor::CommitmentLabels commitment_labels; EXPECT_EQ(prover_polynomials.size(), 18); - EXPECT_EQ(prover_polynomials.size(), prover_polynomials.get_in_order().size()); + EXPECT_EQ(prover_polynomials.size(), prover_polynomials.get_unshifted_then_shifted().size()); EXPECT_EQ(commitment_labels.w_r, "W_2"); auto get_test_polynomial = [](size_t& idx) { From 84bbeed54189879cdd32ef92ada21a0a2d0b30b3 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 21 Apr 2023 20:46:33 +0000 Subject: [PATCH 031/119] proof bbytes agree with master --- .../composer/standard_honk_composer.test.cpp | 26 ++++++++++++ .../barretenberg/honk/proof_system/prover.cpp | 8 +++- .../barretenberg/honk/sumcheck/sumcheck.hpp | 6 +++ .../proof_system/flavor/flavor.hpp | 42 ++++++++++--------- 4 files changed, 61 insertions(+), 21 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 04d96e1767..f0e6e3c10d 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -2,7 +2,9 @@ #include "barretenberg/honk/sumcheck/relations/relation.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" #include "barretenberg/honk/flavor/flavor.hpp" +#include #include +#include #include "barretenberg/honk/proof_system/prover.hpp" #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" @@ -350,4 +352,28 @@ TEST(StandardHonkComposer, TwoGates) run_test(/* expect_verified=*/true); run_test(/* expect_verified=*/false); } + +TEST(StandardHonkComposer, SumcheckEvaluationsAreCorrect) +{ + auto composer = StandardHonkComposer(); + fr a = fr::one(); + // Construct a small but non-trivial circuit + uint32_t a_idx = composer.add_public_variable(a); + fr b = fr::one(); + fr c = a + b; + fr d = a + c; + uint32_t b_idx = composer.add_variable(b); + uint32_t c_idx = composer.add_variable(c); + uint32_t d_idx = composer.add_variable(d); + for (size_t i = 0; i < 16; i++) { + composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + } + auto prover = composer.create_prover(); + plonk::proof proof = prover.construct_proof(); + + // auto verifier = composer.create_verifier(); + // bool verified = verifier.verify_proof(proof); + // ASSERT_TRUE(verified); +} } // namespace test_standard_honk_composer diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 480f3f2cd1..7877f45f36 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -126,6 +126,9 @@ template void Prover::execute_grand_product_computatio // Compute and store parameters required by relations in Sumcheck auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + info("beta = ", beta); + info("gamma = ", gamma); + auto public_input_delta = compute_public_input_delta(public_inputs, beta, gamma, key->circuit_size); relation_parameters = sumcheck::RelationParameters{ @@ -172,6 +175,7 @@ template void Prover::execute_univariatization_round() // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ FF rho = transcript.get_challenge("rho"); + info("rho = ", rho); std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ @@ -207,7 +211,7 @@ template void Prover::execute_univariatization_round() template void Prover::execute_pcs_evaluation_round() { const FF r_challenge = transcript.get_challenge("Gemini:r"); - + info("r = ", r_challenge); gemini_output = Gemini::compute_fold_polynomial_evaluations( sumcheck_output.challenge_point, std::move(fold_polynomials), r_challenge); @@ -225,6 +229,7 @@ template void Prover::execute_pcs_evaluation_round() template void Prover::execute_shplonk_batched_quotient_round() { nu_challenge = transcript.get_challenge("Shplonk:nu"); + info("nu = ", nu_challenge); batched_quotient_Q = Shplonk::compute_batched_quotient(gemini_output.opening_pairs, gemini_output.witnesses, nu_challenge); @@ -240,6 +245,7 @@ template void Prover::execute_shplonk_batched_quotient template void Prover::execute_shplonk_partial_evaluation_round() { const FF z_challenge = transcript.get_challenge("Shplonk:z"); + info("z = ", z_challenge); shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient( gemini_output.opening_pairs, gemini_output.witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); } diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index 7b92ae02e6..d48d81028a 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -95,6 +95,9 @@ template class... Relations { auto [alpha, zeta] = transcript.get_challenges("Sumcheck:alpha", "Sumcheck:zeta"); + info("alpha = ", alpha); + info("zeta = ", zeta); + PowUnivariate pow_univariate(zeta); std::vector multivariate_challenge; @@ -105,6 +108,7 @@ template class... Relations auto round_univariate = round.compute_univariate(full_polynomials, relation_parameters, pow_univariate, alpha); transcript.send_to_verifier("Sumcheck:univariate_0", round_univariate); FF round_challenge = transcript.get_challenge("Sumcheck:u_0"); + info("u_0 = ", round_challenge); multivariate_challenge.emplace_back(round_challenge); fold(full_polynomials, multivariate_n, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -117,6 +121,7 @@ template class... Relations round_univariate = round.compute_univariate(folded_polynomials, relation_parameters, pow_univariate, alpha); transcript.send_to_verifier("Sumcheck:univariate_" + std::to_string(round_idx), round_univariate); FF round_challenge = transcript.get_challenge("Sumcheck:u_" + std::to_string(round_idx)); + info("u_", round_idx, " = ", round_challenge); multivariate_challenge.emplace_back(round_challenge); fold(folded_polynomials, round.round_size, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -128,6 +133,7 @@ template class... Relations std::array multivariate_evaluations; for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { multivariate_evaluations[i] = folded_polynomials[i][0]; + info("multivariate_evaluations[", i, "] = ", multivariate_evaluations[i]); } transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 569845944f..5c6b594e37 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -261,31 +261,33 @@ class Standard { template class AllData : public BaseAllData { public: - T& w_l = std::get<0>(this->_data); - T& w_r = std::get<1>(this->_data); - T& w_o = std::get<2>(this->_data); - T& z_perm = std::get<3>(this->_data); - T& z_perm_shift = std::get<4>(this->_data); - T& q_m = std::get<5>(this->_data); - T& q_l = std::get<6>(this->_data); - T& q_r = std::get<7>(this->_data); - T& q_o = std::get<8>(this->_data); - T& q_c = std::get<9>(this->_data); - T& sigma_1 = std::get<10>(this->_data); - T& sigma_2 = std::get<11>(this->_data); - T& sigma_3 = std::get<12>(this->_data); - T& id_1 = std::get<13>(this->_data); - T& id_2 = std::get<14>(this->_data); - T& id_3 = std::get<15>(this->_data); - T& lagrange_first = std::get<16>(this->_data); - T& lagrange_last = std::get<17>(this->_data); + T& q_c = std::get<0>(this->_data); + T& q_l = std::get<1>(this->_data); + T& q_r = std::get<2>(this->_data); + T& q_o = std::get<3>(this->_data); + T& q_m = std::get<4>(this->_data); + T& sigma_1 = std::get<5>(this->_data); + T& sigma_2 = std::get<6>(this->_data); + T& sigma_3 = std::get<7>(this->_data); + T& id_1 = std::get<8>(this->_data); + T& id_2 = std::get<9>(this->_data); + T& id_3 = std::get<10>(this->_data); + T& lagrange_first = std::get<11>(this->_data); + T& lagrange_last = std::get<12>(this->_data); + T& w_l = std::get<13>(this->_data); + T& w_r = std::get<14>(this->_data); + T& w_o = std::get<15>(this->_data); + T& z_perm = std::get<16>(this->_data); + T& z_perm_shift = std::get<17>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o }; }; std::vector get_unshifted() override { // ...z_perm_shift is in here? - return { w_l, w_r, w_o, z_perm, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, - id_1, id_2, id_3, lagrange_first, lagrange_last }; + // return { w_l, w_r, w_o, z_perm, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, + // id_1, id_2, id_3, lagrange_first, lagrange_last }; + return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, + lagrange_last, w_l, w_r, w_o, z_perm }; }; std::vector get_to_be_shifted() override { return { z_perm }; }; From ed6897226cdddca5313e21bef82dc2f7fbfb31e2 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 21 Apr 2023 20:52:41 +0000 Subject: [PATCH 032/119] WIP --- .../standard_honk_composer_helper.hpp | 3 +-- .../composer/standard_honk_composer.test.cpp | 1 + .../honk/proof_system/composer_helper.lib.hpp | 3 ++- .../barretenberg/honk/proof_system/prover.cpp | 3 +++ .../barretenberg/honk/proof_system/verifier.cpp | 7 ------- cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp | 6 +++++- .../honk/sumcheck/sumcheck_output.hpp | 2 +- .../barretenberg/honk/transcript/transcript.hpp | 1 + .../plonk/proof_system/types/proof.hpp | 16 +++++++++++++++- 9 files changed, 29 insertions(+), 13 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 80dc6ff70b..16a9894bec 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -44,8 +44,7 @@ class StandardHonkComposerHelper { StandardHonkComposerHelper(std::unique_ptr&& crs_factory) : crs_factory_(std::move(crs_factory)) {} - StandardHonkComposerHelper(std::shared_ptr p_key, - std::shared_ptr v_key) // WORKTODO + StandardHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) : proving_key(std::move(p_key)) , circuit_verification_key(std::move(v_key)) {} diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index f0e6e3c10d..2425bff3f0 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -314,6 +314,7 @@ TEST(StandardHonkComposer, BaseCase) auto prover = composer.create_prover(); plonk::proof proof = prover.construct_proof(); + proof.print(); auto verifier = composer.create_verifier(); bool verified = verifier.verify_proof(proof); ASSERT_TRUE(verified); diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index dee5ba93d5..be59231b22 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -22,7 +22,8 @@ std::shared_ptr compute_verification_key_commo size_t poly_idx = 0; // ZIPTODO for (auto& polynomial : proving_key) { - verification_key[poly_idx] = commitment_key.commit(polynomial) polynomial_idx++; + verification_key[poly_idx] = commitment_key.commit(polynomial); + polynomial_idx++; } return verification_key; diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 7877f45f36..bb184146c6 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -161,6 +161,9 @@ template void Prover::execute_relation_check_rounds() auto sumcheck = Sumcheck(key->circuit_size, transcript); sumcheck_output = sumcheck.execute_prover(prover_polynomials, relation_parameters); + // for (auto& eval : sumcheck_output.purported_evaluations) { + // info(eval); + // }; } /** diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 99cf913e15..9cbc953de1 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -82,19 +82,12 @@ bool Verifier::verify_proof(const plonk::proof& proof) using FF = typename Flavor::FF; using GroupElement = typename Flavor::GroupElement; using Commitment = typename Flavor::Commitment; - // using CommitmentAffine = barretenberg::g1::affine_element; // WORKTODO: Commitment (just G1?) vs CommitmentAffine using Gemini = pcs::gemini::MultilinearReductionScheme; using Shplonk = pcs::shplonk::SingleBatchOpeningScheme; using KZG = pcs::kzg::UnivariateOpeningScheme; using VerifierCommitments = typename Flavor::VerifierCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; - // const size_t NUM_POLYNOMIALS = honk::StandardArithmetization::NUM_POLYNOMIALS; - // const size_t NUM_UNSHIFTED = honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS; - // const size_t NUM_PRECOMPUTED = honk::StandardArithmetization::NUM_PRECOMPUTED_POLYNOMIALS; - - // constexpr auto num_wires = Flavor::num_wires; - transcript = VerifierTranscript{ proof.proof_data }; auto commitments = VerifierCommitments(key, transcript); diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index d48d81028a..82f13fffa3 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -133,7 +133,7 @@ template class... Relations std::array multivariate_evaluations; for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { multivariate_evaluations[i] = folded_polynomials[i][0]; - info("multivariate_evaluations[", i, "] = ", multivariate_evaluations[i]); + // info(multivariate_evaluations[i], "<-- in sumcheck prover"); } transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); @@ -187,6 +187,10 @@ template class... Relations PurportedEvaluations purported_evaluations = transcript.template receive_from_prover>("Sumcheck:evaluations"); + // for (auto& eval : purported_evaluations) { + // info(eval, "<-- in sumcheck verifier"); + // }; + FF full_honk_relation_purported_value = round.compute_full_honk_relation_purported_value( purported_evaluations._data, relation_parameters, pow_univariate, alpha); verified = verified && (full_honk_relation_purported_value == round.target_total_sum); diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp index 3a3beb82a6..d5200ac5b3 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp @@ -19,7 +19,7 @@ template struct SumcheckOutput { SumcheckOutput() : purported_evaluations(std::array()){}; - SumcheckOutput(std::vector _challenge_point, PurportedEvaluations _purported_evaluations) + SumcheckOutput(const std::vector& _challenge_point, const PurportedEvaluations& _purported_evaluations) : challenge_point(_challenge_point) , purported_evaluations(_purported_evaluations){}; diff --git a/cpp/src/barretenberg/honk/transcript/transcript.hpp b/cpp/src/barretenberg/honk/transcript/transcript.hpp index fec507a642..2542460824 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.hpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.hpp @@ -267,6 +267,7 @@ template class VerifierTranscript : public BaseTranscript { T element = from_buffer(element_bytes); + // info(label, ": ", element); return element; } }; diff --git a/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp b/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp index aedf516e04..5ec88353fe 100644 --- a/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp @@ -11,6 +11,20 @@ struct proof { std::vector proof_data; bool operator==(proof const& other) const = default; + void print() + { + size_t newline_counter = 0; + for (auto& byte : proof_data) { + if (newline_counter == 0 || newline_counter == 4 || newline_counter % 32 == 8) { + std::cerr << "\n" + << "0x"; + } + std::cerr << std::hex << std::setfill('0') << std::setw(2) + << static_cast(static_cast(byte)); + newline_counter++; + }; + std::cerr << std::endl; + } }; inline void read(uint8_t const*& it, proof& data) @@ -28,7 +42,7 @@ template inline void write(B& buf, proof const& data) inline std::ostream& operator<<(std::ostream& os, proof const& data) { // REFACTOR: This is copied from barretenberg/common/streams.hpp, - // which means we could just cout proof_data directly, but that breaks the build in the CI with + // which means we could just cout proof_data directly, but that breaks the build in the CI with // a redefined operator<< error in barretenberg/stdlib/hash/keccak/keccak.test.cpp, // which is something we really don't want to deal with right now. std::ios_base::fmtflags f(os.flags()); From 2bed95e25cf6a8a709fa2f9ed4f0f5a5e93811ee Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Fri, 21 Apr 2023 21:47:06 +0000 Subject: [PATCH 033/119] fix typo, verifies --- .../honk/composer/standard_honk_composer.test.cpp | 6 +++--- cpp/src/barretenberg/honk/proof_system/verifier.cpp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index f0e6e3c10d..d3bb96a66d 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -372,8 +372,8 @@ TEST(StandardHonkComposer, SumcheckEvaluationsAreCorrect) auto prover = composer.create_prover(); plonk::proof proof = prover.construct_proof(); - // auto verifier = composer.create_verifier(); - // bool verified = verifier.verify_proof(proof); - // ASSERT_TRUE(verified); + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + ASSERT_TRUE(verified); } } // namespace test_standard_honk_composer diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 99cf913e15..507572d8c6 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -184,7 +184,7 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Construct batched commitment for to-be-shifted polynomials for (auto& commitment : commitments.get_to_be_shifted()) { - batched_commitment_unshifted += commitment * rhos[commitment_idx]; + batched_commitment_to_be_shifted += commitment * rhos[commitment_idx]; commitment_idx++; } From 9192d6bb11e2e69ee97e3b0faa5595919392c395 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 22 Apr 2023 02:52:21 +0000 Subject: [PATCH 034/119] LookupGrandProduct passes. --- .../ultra_honk_composer_helper.cpp | 33 ++--- .../honk/proof_system/prover_library.test.cpp | 45 +++--- .../relations/relation_correctness.test.cpp | 8 +- .../random_widgets/plookup_widget_impl.hpp | 2 +- .../proof_system/flavor/flavor.hpp | 135 +++++++++--------- 5 files changed, 110 insertions(+), 113 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 63dd8aa10c..6f2a720e6b 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -283,24 +283,21 @@ std::shared_ptr UltraHonkComposerHe circuit_proving_key->table_3 = poly_q_table_column_3; circuit_proving_key->table_4 = poly_q_table_column_4; - // // // WORKTODO - // // Copy memory read/write record data into proving key. Prover needs to know which gates contain a read/write - // // 'record' witness on the 4th wire. This wire value can only be fully computed once the first 3 wire polynomials - // // have been committed to. The 4th wire on these gates will be a random linear combination of the first 3 wires, - // // using the plookup challenge `eta` - // std::copy(circuit_constructor.memory_read_records.begin(), - // circuit_constructor.memory_read_records.end(), - // std::back_inserter(circuit_proving_key->memory_read_records)); - // std::copy(circuit_constructor.memory_write_records.begin(), - // circuit_constructor.memory_write_records.end(), - // std::back_inserter(circuit_proving_key->memory_write_records)); - - // WORKTODO - // circuit_proving_key->recursive_proof_public_input_indices = - // std::vector(recursive_proof_public_input_indices.begin(), - // recursive_proof_public_input_indices.end()); - - // circuit_proving_key->contains_recursive_proof = contains_recursive_proof; + // Copy memory read/write record data into proving key. Prover needs to know which gates contain a read/write + // 'record' witness on the 4th wire. This wire value can only be fully computed once the first 3 wire polynomials + // have been committed to. The 4th wire on these gates will be a random linear combination of the first 3 wires, + // using the plookup challenge `eta` + std::copy(circuit_constructor.memory_read_records.begin(), + circuit_constructor.memory_read_records.end(), + std::back_inserter(circuit_proving_key->memory_read_records)); + std::copy(circuit_constructor.memory_write_records.begin(), + circuit_constructor.memory_write_records.end(), + std::back_inserter(circuit_proving_key->memory_write_records)); + + circuit_proving_key->recursive_proof_public_input_indices = + std::vector(recursive_proof_public_input_indices.begin(), recursive_proof_public_input_indices.end()); + + circuit_proving_key->contains_recursive_proof = contains_recursive_proof; return circuit_proving_key; } diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index a051257252..e5a8b29d41 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -34,6 +34,13 @@ template class ProverLibraryTests : public testing::Test { return random_polynomial; } + static void populate_span(auto& polynomial_view, auto& polynomial) + { + for (size_t idx = 0; idx < polynomial.size(); idx++) { + polynomial_view[idx] = polynomial[idx]; + } + }; + /** * @brief Check consistency of the computation of the permutation grand product polynomial z_permutation. * @details This test compares a simple, unoptimized, easily readable calculation of the grand product z_permutation @@ -62,12 +69,6 @@ template class ProverLibraryTests : public testing::Test { std::vector sigmas; std::vector ids; - auto populate_span = [](auto& polynomial_view, auto& polynomial) { - for (size_t idx = 0; idx < polynomial.size(); idx++) { - polynomial_view[idx] = polynomial[idx]; - } - }; - auto sigma_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); for (size_t i = 0; i < Flavor::num_wires; ++i) { @@ -168,7 +169,6 @@ template class ProverLibraryTests : public testing::Test { auto reference_string = std::make_shared(circuit_size + 1, "../srs_db/ignition"); // Instatiate a proving_key and make a pointer to it. This will be used to instantiate a Prover. - // WORKTODO using Flavor = honk::flavor::Ultra; auto proving_key = std::make_shared( circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); @@ -177,29 +177,30 @@ template class ProverLibraryTests : public testing::Test { // Note: for the purpose of checking the consistency between two methods of computing z_perm, these polynomials // can simply be random. We're not interested in the particular properties of the result. std::vector wires; - for (size_t i = 0; i < 3; ++i) { + for (size_t i = 0; i < Flavor::num_wires - 1; ++i) { // TODO: will this test ever generalize? wires.emplace_back(get_random_polynomial(circuit_size)); } std::vector tables; - for (size_t i = 0; i < 4; ++i) { - tables.emplace_back(get_random_polynomial(circuit_size)); - std::string label = "table_value_" + std::to_string(i + 1) + "_lagrange"; - // proving_key->polynomial_store.put(label, Polynomial{ tables[i] }); // WORKTODO + auto table_polynomials = proving_key->get_table_polynomials(); + for (auto& table_polynomial : table_polynomials) { + Polynomial random_polynomial = get_random_polynomial(circuit_size); + tables.emplace_back(random_polynomial); + populate_span(table_polynomial, random_polynomial); } - auto s_lagrange = get_random_polynomial(circuit_size); + auto sorted_batched = get_random_polynomial(circuit_size); auto column_1_step_size = get_random_polynomial(circuit_size); auto column_2_step_size = get_random_polynomial(circuit_size); auto column_3_step_size = get_random_polynomial(circuit_size); auto lookup_index_selector = get_random_polynomial(circuit_size); auto lookup_selector = get_random_polynomial(circuit_size); - // proving_key->polynomial_store.put("s_lagrange", Polynomial{ s_lagrange }); // WORKTODO - // proving_key->polynomial_store.put("q_2_lagrange", Polynomial{ column_1_step_size }); // WORKTODO - // proving_key->polynomial_store.put("q_m_lagrange", Polynomial{ column_2_step_size }); // WORKTODO - // proving_key->polynomial_store.put("q_c_lagrange", Polynomial{ column_3_step_size }); // WORKTODO - // proving_key->polynomial_store.put("q_3_lagrange", Polynomial{ lookup_index_selector }); // WORKTODO - // proving_key->polynomial_store.put("table_type_lagrange", Polynomial{ lookup_selector }); // WORKTODO + populate_span(proving_key->sorted_batched, sorted_batched); + populate_span(proving_key->q_r, column_1_step_size); + populate_span(proving_key->q_m, column_2_step_size); + populate_span(proving_key->q_c, column_3_step_size); + populate_span(proving_key->q_o, lookup_index_selector); + populate_span(proving_key->q_lookuptype, lookup_selector); // Get random challenges auto beta = FF::random_element(); @@ -208,7 +209,7 @@ template class ProverLibraryTests : public testing::Test { // Method 1: Compute z_lookup using the prover library method Polynomial z_lookup = - prover_library::compute_lookup_grand_product(proving_key, wires, s_lagrange, eta, beta, gamma); + prover_library::compute_lookup_grand_product(proving_key, wires, sorted_batched, eta, beta, gamma); // Method 2: Compute the lookup grand product polynomial Z_lookup: // @@ -254,7 +255,7 @@ template class ProverLibraryTests : public testing::Test { accumulators[2][i] = FF::one() + beta; // s + βs(Xω) + γ(1 + β) - accumulators[3][i] = s_lagrange[i] + beta * s_lagrange[shift_idx] + gamma * (FF::one() + beta); + accumulators[3][i] = sorted_batched[i] + beta * sorted_batched[shift_idx] + gamma * (FF::one() + beta); // Set t(X_i) for next iteration table_i = table_i_plus_1; @@ -297,7 +298,7 @@ template class ProverLibraryTests : public testing::Test { static const size_t circuit_size = 8; static const size_t num_public_inputs = 0; auto reference_string = std::make_shared(circuit_size + 1, "../srs_db/ignition"); - using Flavor = honk::flavor::Ultra; // WORKTODO + using Flavor = honk::flavor::Ultra; auto proving_key = std::make_shared( circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 391b9caad9..9082032e22 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -200,10 +200,10 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.w_4 = prover.wire_polynomials[3]; prover_polynomials.w_l_shift = prover.wire_polynomials[0].shifted(); prover_polynomials.w_4_shift = prover.wire_polynomials[3].shifted(); - prover_polynomials.s_1 = prover.key->s_1; - prover_polynomials.s_2 = prover.key->s_2; - prover_polynomials.s_3 = prover.key->s_3; - prover_polynomials.s_4 = prover.key->s_4; + prover_polynomials.sorted_1 = prover.key->sorted_1; + prover_polynomials.sorted_2 = prover.key->sorted_2; + prover_polynomials.sorted_3 = prover.key->sorted_3; + prover_polynomials.sorted_4 = prover.key->sorted_4; prover_polynomials.z_perm = z_perm_poly; prover_polynomials.z_perm_shift = z_perm_poly.shifted(); prover_polynomials.z_lookup = z_perm_poly; diff --git a/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp b/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp index 2a9161c443..dd23769ceb 100644 --- a/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp @@ -53,7 +53,7 @@ template void ProverPlookupWidget::compute_sorted_list_polynomial( transcript::StandardTranscript& transcript) { - barretenberg::polynomial s_accum(key->polynomial_store.get("s_1_lagrange")); + barretenberg::polynomial s_accum(key->polynomial_store.get("s_1_lagrange")); // WORKTODO std::span s_2 = key->polynomial_store.get("s_2_lagrange"); std::span s_3 = key->polynomial_store.get("s_3_lagrange"); std::span s_4 = key->polynomial_store.get("s_4_lagrange"); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 5c6b594e37..0acd557ce7 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -61,9 +61,10 @@ class BasePrecomputedData : public Data { // the selectors template class BaseProvingKey : public PrecomputedData { public: + bool contains_recursive_proof; + std::vector recursive_proof_public_input_indices; std::shared_ptr crs; EvaluationDomain evaluation_domain; - PolynomialStore polynomial_store; // WORKTODO: Get rid of this BaseProvingKey() = default; }; @@ -450,12 +451,6 @@ class Standard { VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) { static_cast(transcript); - // auto commitment_labels = CommitmentLabels(); - // w_l = transcript.template receive_from_prover(commitment_labels.w_l); - // w_r = transcript.template receive_from_prover(commitment_labels.w_r); - // w_o = transcript.template receive_from_prover(commitment_labels.w_o); - // z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); - // z_perm_shift = transcript.template receive_from_prover(commitment_labels.z_perm_shift); q_m = verification_key->q_m; q_l = verification_key->q_l; q_r = verification_key->q_r; @@ -487,7 +482,7 @@ class Ultra { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 39; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 29; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 30; template class PrecomputedData : public BasePrecomputedData { @@ -502,31 +497,33 @@ class Ultra { T& q_sort = std::get<7>(this->_data); T& q_elliptic = std::get<8>(this->_data); T& q_aux = std::get<9>(this->_data); - T& q_lookuptype = std::get<10>(this->_data); - T& s_1 = std::get<11>(this->_data); // These shouldn't be in here, right? - T& s_2 = std::get<12>(this->_data); - T& s_3 = std::get<13>(this->_data); - T& s_4 = std::get<14>(this->_data); - T& sigma_1 = std::get<15>(this->_data); - T& sigma_2 = std::get<16>(this->_data); - T& sigma_3 = std::get<17>(this->_data); - T& sigma_4 = std::get<18>(this->_data); - T& id_1 = std::get<19>(this->_data); - T& id_2 = std::get<20>(this->_data); - T& id_3 = std::get<21>(this->_data); - T& id_4 = std::get<22>(this->_data); - T& table_1 = std::get<23>(this->_data); - T& table_2 = std::get<24>(this->_data); - T& table_3 = std::get<25>(this->_data); - T& table_4 = std::get<26>(this->_data); - T& lagrange_first = std::get<27>(this->_data); - T& lagrange_last = std::get<28>(this->_data); + T& q_lookuptype = std::get<10>(this->_data); // WORKTODO: rename + T& sorted_1 = std::get<11>(this->_data); // TODO(Cody) These shouldn't be in here, right? + T& sorted_2 = std::get<12>(this->_data); // WORKTODO: Should rename these to sorted_i + T& sorted_3 = std::get<13>(this->_data); + T& sorted_4 = std::get<14>(this->_data); + T& sorted_batched = std::get<15>(this->_data); // WORKTODO: rename to sorted_batched + T& sigma_1 = std::get<16>(this->_data); + T& sigma_2 = std::get<17>(this->_data); + T& sigma_3 = std::get<18>(this->_data); + T& sigma_4 = std::get<19>(this->_data); + T& id_1 = std::get<20>(this->_data); + T& id_2 = std::get<21>(this->_data); + T& id_3 = std::get<22>(this->_data); + T& id_4 = std::get<23>(this->_data); + T& table_1 = std::get<24>(this->_data); + T& table_2 = std::get<25>(this->_data); + T& table_3 = std::get<26>(this->_data); + T& table_4 = std::get<27>(this->_data); + T& lagrange_first = std::get<28>(this->_data); + T& lagrange_last = std::get<29>(this->_data); std::vector get_selectors() { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; }; std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; virtual ~PrecomputedData() = default; @@ -544,10 +541,10 @@ class Ultra { , q_elliptic(other.q_elliptic) , q_aux(other.q_aux) , q_lookuptype(other.q_lookuptype) - , s_1(other.s_1) - , s_2(other.s_2) - , s_3(other.s_3) - , s_4(other.s_4) + , sorted_1(other.sorted_1) + , sorted_2(other.sorted_2) + , sorted_3(other.sorted_3) + , sorted_4(other.sorted_4) , sigma_1(other.sigma_1) , sigma_2(other.sigma_2) , sigma_3(other.sigma_3) @@ -575,10 +572,10 @@ class Ultra { , q_elliptic(other.q_elliptic) , q_aux(other.q_aux) , q_lookuptype(other.q_lookuptype) - , s_1(other.s_1) - , s_2(other.s_2) - , s_3(other.s_3) - , s_4(other.s_4) + , sorted_1(other.sorted_1) + , sorted_2(other.sorted_2) + , sorted_3(other.sorted_3) + , sorted_4(other.sorted_4) , sigma_1(other.sigma_1) , sigma_2(other.sigma_2) , sigma_3(other.sigma_3) @@ -608,10 +605,10 @@ class Ultra { q_elliptic = other.q_elliptic; q_aux = other.q_aux; q_lookuptype = other.q_lookuptype; - s_1 = other.s_1; - s_2 = other.s_2; - s_3 = other.s_3; - s_4 = other.s_4; + sorted_1 = other.sorted_1; + sorted_2 = other.sorted_2; + sorted_3 = other.sorted_3; + sorted_4 = other.sorted_4; sigma_1 = other.sigma_1; sigma_2 = other.sigma_2; sigma_3 = other.sigma_3; @@ -642,10 +639,10 @@ class Ultra { q_elliptic = other.q_elliptic; q_aux = other.q_aux; q_lookuptype = other.q_lookuptype; - s_1 = other.s_1; - s_2 = other.s_2; - s_3 = other.s_3; - s_4 = other.s_4; + sorted_1 = other.sorted_1; + sorted_2 = other.sorted_2; + sorted_3 = other.sorted_3; + sorted_4 = other.sorted_4; sigma_1 = other.sigma_1; sigma_2 = other.sigma_2; sigma_3 = other.sigma_3; @@ -666,6 +663,8 @@ class Ultra { class ProvingKey : public BaseProvingKey, FF> { public: + std::vector memory_read_records; + std::vector memory_write_records; ProvingKey() = default; ProvingKey(const size_t circuit_size, const size_t num_public_inputs, @@ -719,10 +718,10 @@ class Ultra { T& w_r = std::get<26>(this->_data); T& w_o = std::get<27>(this->_data); T& w_4 = std::get<28>(this->_data); - T& s_1 = std::get<29>(this->_data); - T& s_2 = std::get<30>(this->_data); - T& s_3 = std::get<31>(this->_data); - T& s_4 = std::get<32>(this->_data); + T& sorted_1 = std::get<29>(this->_data); + T& sorted_2 = std::get<30>(this->_data); + T& sorted_3 = std::get<31>(this->_data); + T& sorted_4 = std::get<32>(this->_data); T& z_perm = std::get<33>(this->_data); T& z_lookup = std::get<34>(this->_data); T& w_l_shift = std::get<35>(this->_data); @@ -734,11 +733,11 @@ class Ultra { std::vector get_unshifted() override { - return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, - q_elliptic, q_aux, q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, - id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, - lagrange_last, w_l, w_r, w_o, w_4, s_1, s_2, s_3, - s_4, z_perm, z_lookup + return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, + q_elliptic, q_aux, q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, + id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, + lagrange_last, w_l, w_r, w_o, w_4, sorted_1, sorted_2, sorted_3, + sorted_4, z_perm, z_lookup }; }; @@ -783,10 +782,10 @@ class Ultra { , w_r(other.w_r) , w_o(other.w_o) , w_4(other.w_4) - , s_1(other.s_1) - , s_2(other.s_2) - , s_3(other.s_3) - , s_4(other.s_4) + , sorted_1(other.sorted_1) + , sorted_2(other.sorted_2) + , sorted_3(other.sorted_3) + , sorted_4(other.sorted_4) , z_perm(other.z_perm) , z_lookup(other.z_lookup) , w_l_shift(other.w_l_shift) @@ -826,10 +825,10 @@ class Ultra { , w_r(other.w_r) , w_o(other.w_o) , w_4(other.w_4) - , s_1(other.s_1) - , s_2(other.s_2) - , s_3(other.s_3) - , s_4(other.s_4) + , sorted_1(other.sorted_1) + , sorted_2(other.sorted_2) + , sorted_3(other.sorted_3) + , sorted_4(other.sorted_4) , z_perm(other.z_perm) , z_lookup(other.z_lookup) , w_l_shift(other.w_l_shift) @@ -868,10 +867,10 @@ class Ultra { w_r = other.w_r; w_o = other.w_o; w_4 = other.w_4; - s_1 = other.s_1; - s_2 = other.s_2; - s_3 = other.s_3; - s_4 = other.s_4; + sorted_1 = other.sorted_1; + sorted_2 = other.sorted_2; + sorted_3 = other.sorted_3; + sorted_4 = other.sorted_4; z_perm = other.z_perm; z_lookup = other.z_lookup; w_l_shift = other.w_l_shift; @@ -912,10 +911,10 @@ class Ultra { w_r = other.w_r; w_o = other.w_o; w_4 = other.w_4; - s_1 = other.s_1; - s_2 = other.s_2; - s_3 = other.s_3; - s_4 = other.s_4; + sorted_1 = other.sorted_1; + sorted_2 = other.sorted_2; + sorted_3 = other.sorted_3; + sorted_4 = other.sorted_4; z_perm = other.z_perm; z_lookup = other.z_lookup; w_l_shift = other.w_l_shift; From a6f1875c714b77b10ff72eb3822de25aee8f23e4 Mon Sep 17 00:00:00 2001 From: codygunton Date: Sat, 22 Apr 2023 03:59:54 +0000 Subject: [PATCH 035/119] WIP debugging correctness test --- .../ultra_honk_composer_helper.cpp | 37 ++++++++----------- .../barretenberg/honk/proof_system/prover.hpp | 2 +- .../honk/proof_system/prover_library.test.cpp | 2 +- .../honk/proof_system/ultra_prover.cpp | 2 +- .../honk/proof_system/ultra_prover.hpp | 7 ++-- .../relations/relation_correctness.test.cpp | 6 ++- .../random_widgets/plookup_widget_impl.hpp | 2 +- .../proof_system/flavor/flavor.hpp | 35 ++++++++++-------- 8 files changed, 47 insertions(+), 46 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 6f2a720e6b..8966a7b1e4 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -131,13 +131,12 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr ++count; } - // WORK TODO - // // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need - // // to see what becomes of the proving key before making a decision here. - // circuit_proving_key->polynomial_store.put("s_1_lagrange", std::move(s_1)); - // circuit_proving_key->polynomial_store.put("s_2_lagrange", std::move(s_2)); - // circuit_proving_key->polynomial_store.put("s_3_lagrange", std::move(s_3)); - // circuit_proving_key->polynomial_store.put("s_4_lagrange", std::move(s_4)); + // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need + // to see what becomes of the proving key before making a decision here. + circuit_proving_key->sorted_1 = s_1; + circuit_proving_key->sorted_2 = s_2; + circuit_proving_key->sorted_3 = s_3; + circuit_proving_key->sorted_4 = s_4; computed_witness = true; } @@ -254,20 +253,16 @@ std::shared_ptr UltraHonkComposerHe ++offset; } - // // In the case of using UltraPlonkComposer for a circuit which does _not_ make use of any lookup tables, all - // four - // // table columns would be all zeros. This would result in these polys' commitments all being the point at - // infinity - // // (which is bad because our point arithmetic assumes we'll never operate on the point at infinity). To avoid - // this, - // // we set the last evaluation of each poly to be nonzero. The last `num_roots_cut_out_of_vanishing_poly = 4` - // // evaluations are ignored by constraint checks; we arbitrarily choose the very-last evaluation to be nonzero. - // See - // // ComposerBase::compute_proving_key_base for further explanation, as a similar trick is done there. We could - // // have chosen `1` for each such evaluation here, but that would have resulted in identical commitments for - // // all four columns. We don't want to have equal commitments, because biggroup operations assume no points are - // // equal, so if we tried to verify an ultra proof in a circuit, the biggroup operations would fail. To combat - // // this, we just choose distinct values: + // In the case of using UltraPlonkComposer for a circuit which does _not_ make use of any lookup tables, all four + // table columns would be all zeros. This would result in these polys' commitments all being the point at infinity + // (which is bad because our point arithmetic assumes we'll never operate on the point at infinity). To avoid this, + // we set the last evaluation of each poly to be nonzero. The last `num_roots_cut_out_of_vanishing_poly = 4` + // evaluations are ignored by constraint checks; we arbitrarily choose the very-last evaluation to be nonzero. See + // ComposerBase::compute_proving_key_base for further explanation, as a similar trick is done there. We could + // have chosen `1` for each such evaluation here, but that would have resulted in identical commitments for + // all four columns. We don't want to have equal commitments, because biggroup operations assume no points are + // equal, so if we tried to verify an ultra proof in a circuit, the biggroup operations would fail. To combat + // this, we just choose distinct values: size_t num_selectors = circuit_constructor.num_selectors; ASSERT(offset == subgroup_size - 1); auto unique_last_value = num_selectors + 1; // Note: in compute_proving_key_base, moments earlier, each selector diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index f31208f840..1f2e8407bd 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -29,7 +29,7 @@ namespace proof_system::honk { -template class Prover { +template class Prover { // WORKTODO: Rename to StandardProver or stop templating using FF = typename Flavor::FF; using PCSParams = typename Flavor::PCSParams; diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index e5a8b29d41..caddcdddfa 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -195,7 +195,7 @@ template class ProverLibraryTests : public testing::Test { auto lookup_index_selector = get_random_polynomial(circuit_size); auto lookup_selector = get_random_polynomial(circuit_size); - populate_span(proving_key->sorted_batched, sorted_batched); + // populate_span(proving_key->sorted_batched, sorted_batched); populate_span(proving_key->q_r, column_1_step_size); populate_span(proving_key->q_m, column_2_step_size); populate_span(proving_key->q_c, column_3_step_size); diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp index 573d237355..e000281d1b 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp @@ -33,7 +33,7 @@ namespace proof_system::honk { * @tparam settings Settings class. * */ template -UltraHonkProver::UltraHonkProver(std::vector&& wire_polys, +UltraHonkProver::UltraHonkProver(std::vector&& wire_polys, std::shared_ptr input_key) : wire_polynomials(wire_polys) , key(input_key) diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index e8743e9c3b..3c15104483 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -39,17 +39,16 @@ template class UltraHonkProver { using Polynomial = typename Flavor::Polynomial; public: - UltraHonkProver(std::vector&& wire_polys, - std::shared_ptr input_key = nullptr); + UltraHonkProver(std::vector&& wire_polys, std::shared_ptr input_key = nullptr); plonk::proof& export_proof(); plonk::proof& construct_proof(); ProverTranscript transcript; - std::vector wire_polynomials; + std::vector wire_polynomials; - std::shared_ptr key; + std::shared_ptr key; // WORKTODO: rename to proving_key work_queue queue; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 9082032e22..ef3c56a16f 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -148,7 +148,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) // Create a composer and a dummy circuit with a few gates auto composer = UltraHonkComposer(); - // static const size_t num_wires = 4; + fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly // TODO(luke): add method "add_public_variable" to UH composer @@ -204,6 +204,10 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.sorted_2 = prover.key->sorted_2; prover_polynomials.sorted_3 = prover.key->sorted_3; prover_polynomials.sorted_4 = prover.key->sorted_4; + prover_polynomials.table_1 = prover.key->table_1; + prover_polynomials.table_2 = prover.key->table_2; + prover_polynomials.table_3 = prover.key->table_3; + prover_polynomials.table_4 = prover.key->table_4; prover_polynomials.z_perm = z_perm_poly; prover_polynomials.z_perm_shift = z_perm_poly.shifted(); prover_polynomials.z_lookup = z_perm_poly; diff --git a/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp b/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp index dd23769ceb..2a9161c443 100644 --- a/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/widgets/random_widgets/plookup_widget_impl.hpp @@ -53,7 +53,7 @@ template void ProverPlookupWidget::compute_sorted_list_polynomial( transcript::StandardTranscript& transcript) { - barretenberg::polynomial s_accum(key->polynomial_store.get("s_1_lagrange")); // WORKTODO + barretenberg::polynomial s_accum(key->polynomial_store.get("s_1_lagrange")); std::span s_2 = key->polynomial_store.get("s_2_lagrange"); std::span s_3 = key->polynomial_store.get("s_3_lagrange"); std::span s_4 = key->polynomial_store.get("s_4_lagrange"); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 0acd557ce7..3bad4b9831 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -482,7 +482,7 @@ class Ultra { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 39; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 30; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 29; template class PrecomputedData : public BasePrecomputedData { @@ -502,21 +502,20 @@ class Ultra { T& sorted_2 = std::get<12>(this->_data); // WORKTODO: Should rename these to sorted_i T& sorted_3 = std::get<13>(this->_data); T& sorted_4 = std::get<14>(this->_data); - T& sorted_batched = std::get<15>(this->_data); // WORKTODO: rename to sorted_batched - T& sigma_1 = std::get<16>(this->_data); - T& sigma_2 = std::get<17>(this->_data); - T& sigma_3 = std::get<18>(this->_data); - T& sigma_4 = std::get<19>(this->_data); - T& id_1 = std::get<20>(this->_data); - T& id_2 = std::get<21>(this->_data); - T& id_3 = std::get<22>(this->_data); - T& id_4 = std::get<23>(this->_data); - T& table_1 = std::get<24>(this->_data); - T& table_2 = std::get<25>(this->_data); - T& table_3 = std::get<26>(this->_data); - T& table_4 = std::get<27>(this->_data); - T& lagrange_first = std::get<28>(this->_data); - T& lagrange_last = std::get<29>(this->_data); + T& sigma_1 = std::get<15>(this->_data); + T& sigma_2 = std::get<16>(this->_data); + T& sigma_3 = std::get<17>(this->_data); + T& sigma_4 = std::get<18>(this->_data); + T& id_1 = std::get<19>(this->_data); + T& id_2 = std::get<20>(this->_data); + T& id_3 = std::get<21>(this->_data); + T& id_4 = std::get<22>(this->_data); + T& table_1 = std::get<23>(this->_data); + T& table_2 = std::get<24>(this->_data); + T& table_3 = std::get<25>(this->_data); + T& table_4 = std::get<26>(this->_data); + T& lagrange_first = std::get<27>(this->_data); + T& lagrange_last = std::get<28>(this->_data); std::vector get_selectors() { @@ -786,6 +785,7 @@ class Ultra { , sorted_2(other.sorted_2) , sorted_3(other.sorted_3) , sorted_4(other.sorted_4) + // , sorted_batched(other.sorted_batched) , z_perm(other.z_perm) , z_lookup(other.z_lookup) , w_l_shift(other.w_l_shift) @@ -829,6 +829,7 @@ class Ultra { , sorted_2(other.sorted_2) , sorted_3(other.sorted_3) , sorted_4(other.sorted_4) + // , sorted_batched(other.sorted_batched) , z_perm(other.z_perm) , z_lookup(other.z_lookup) , w_l_shift(other.w_l_shift) @@ -871,6 +872,7 @@ class Ultra { sorted_2 = other.sorted_2; sorted_3 = other.sorted_3; sorted_4 = other.sorted_4; + // sorted_batched = other.sorted_batched; z_perm = other.z_perm; z_lookup = other.z_lookup; w_l_shift = other.w_l_shift; @@ -915,6 +917,7 @@ class Ultra { sorted_2 = other.sorted_2; sorted_3 = other.sorted_3; sorted_4 = other.sorted_4; + // sorted_batched = other.sorted_batched; z_perm = other.z_perm; z_lookup = other.z_lookup; w_l_shift = other.w_l_shift; From dcbabf11124b2c4f95c62b7a867bf186c9506fdc Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 24 Apr 2023 04:41:00 +0000 Subject: [PATCH 036/119] Get rid of old flavor file. --- .../standard_honk_composer_helper.cpp | 1 - .../honk/composer/standard_honk_composer.hpp | 1 - .../composer/standard_honk_composer.test.cpp | 1 - .../composer/ultra_honk_composer.test.cpp | 1 - cpp/src/barretenberg/honk/flavor/flavor.hpp | 245 ------------------ .../barretenberg/honk/flavor/flavor.test.cpp | 30 --- .../honk/proof_system/program_settings.hpp | 1 - .../barretenberg/honk/proof_system/prover.cpp | 1 - .../barretenberg/honk/proof_system/prover.hpp | 1 - .../honk/proof_system/ultra_prover.cpp | 1 - .../honk/proof_system/ultra_prover.hpp | 1 - .../honk/proof_system/verifier.cpp | 1 - .../honk/proof_system/verifier.hpp | 1 - .../honk/proof_system/verifier.test.cpp | 1 - .../relations/arithmetic_relation.hpp | 1 - .../grand_product_computation_relation.hpp | 1 - .../grand_product_initialization_relation.hpp | 1 - .../relations/relation_consistency.test.cpp | 1 - .../relations/relation_correctness.test.cpp | 1 - .../relations/ultra_arithmetic_relation.hpp | 1 - .../ultra_arithmetic_relation_secondary.hpp | 1 - .../ultra_relation_consistency.test.cpp | 5 +- .../barretenberg/honk/sumcheck/sumcheck.hpp | 3 +- .../honk/sumcheck/sumcheck.test.cpp | 8 +- .../honk/sumcheck/sumcheck_round.test.cpp | 5 - .../honk/transcript/transcript.test.cpp | 3 +- 26 files changed, 6 insertions(+), 312 deletions(-) delete mode 100644 cpp/src/barretenberg/honk/flavor/flavor.hpp delete mode 100644 cpp/src/barretenberg/honk/flavor/flavor.test.cpp diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 74357b793c..3136da80b6 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -1,7 +1,6 @@ #include "standard_honk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 589c73c577..dddac189b7 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -4,7 +4,6 @@ #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" #include "barretenberg/transcript/manifest.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/types/merkle_hash_type.hpp" #include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index f3c60a31e0..91764d34bb 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -1,7 +1,6 @@ #include "standard_honk_composer.hpp" #include "barretenberg/honk/sumcheck/relations/relation.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include #include #include diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 61b3a21fe6..b1d7c54e11 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -4,7 +4,6 @@ // #include "barretenberg/honk/proof_system/ultra_prover.hpp" // #include "barretenberg/honk/sumcheck/relations/relation.hpp" // #include "barretenberg/numeric/uint256/uint256.hpp" -// #include "barretenberg/honk/flavor/flavor.hpp" // #include // #include // #include "barretenberg/honk/proof_system/prover.hpp" diff --git a/cpp/src/barretenberg/honk/flavor/flavor.hpp b/cpp/src/barretenberg/honk/flavor/flavor.hpp deleted file mode 100644 index 4c4c1f84ee..0000000000 --- a/cpp/src/barretenberg/honk/flavor/flavor.hpp +++ /dev/null @@ -1,245 +0,0 @@ -#pragma once -#include -#include -#include "barretenberg/common/log.hpp" -#include "barretenberg/proof_system/arithmetization/arithmetization.hpp" -#include "barretenberg/transcript/manifest.hpp" - -// WORKTODO: Kill this file finally. -namespace proof_system::honk { -// TODO(Cody) This _should_ be shared with Plonk, but it isn't. -struct StandardArithmetization { - /** - * @brief All of the multivariate polynomials used by the Standard Honk Prover. - * @details The polynomials are broken into three categories: precomputed, witness, and shifted. - * This separation must be maintained to allow for programmatic access, but the ordering of the - * polynomials can be permuted within each category if necessary. Polynomials can also be added - * or removed (assuming consistency with the prover algorithm) but the constants describing the - * number of polynomials in each category must be manually updated. - * - */ - enum POLYNOMIAL { - /* --- PRECOMPUTED POLYNOMIALS --- */ - Q_C, - Q_L, - Q_R, - Q_O, - Q_M, - SIGMA_1, - SIGMA_2, - SIGMA_3, - ID_1, - ID_2, - ID_3, - LAGRANGE_FIRST, - LAGRANGE_LAST, // = LAGRANGE_N-1 whithout ZK, but can be less - /* --- WITNESS POLYNOMIALS --- */ - W_L, - W_R, - W_O, - Z_PERM, - /* --- SHIFTED POLYNOMIALS --- */ - Z_PERM_SHIFT, - /* --- --- */ - COUNT // for programmatic determination of NUM_POLYNOMIALS - }; - - static constexpr size_t NUM_POLYNOMIALS = POLYNOMIAL::COUNT; - static constexpr size_t NUM_SHIFTED_POLYNOMIALS = 1; - static constexpr size_t NUM_PRECOMPUTED_POLYNOMIALS = 13; - static constexpr size_t NUM_UNSHIFTED_POLYNOMIALS = NUM_POLYNOMIALS - NUM_SHIFTED_POLYNOMIALS; - - // *** WARNING: The order of this array must be manually updated to match POLYNOMIAL enum *** - // TODO(luke): This is a temporary measure to associate the above enum with sting tags. Its only needed because - // the - // polynomials/commitments in the prover/verifier are stored in maps. This storage could be converted to simple - // arrays at which point these string tags can be removed. - inline static const std::array ENUM_TO_COMM = { - "Q_C", "Q_1", "Q_2", "Q_3", "Q_M", "SIGMA_1", - "SIGMA_2", "SIGMA_3", "ID_1", "ID_2", "ID_3", "LAGRANGE_FIRST", - "LAGRANGE_LAST", "W_1", "W_2", "W_3", "Z_PERM", "Z_PERM_SHIFT" - }; -}; -} // namespace proof_system::honk - -namespace proof_system::honk { -struct StandardHonk { - public: - // This whole file is broken; changes here are in anticipation of a follow-up rework of the flavor specificaiton. - using Arithmetization = arithmetization::Standard; - using MULTIVARIATE = proof_system::honk::StandardArithmetization::POLYNOMIAL; - // // TODO(Cody): Where to specify? is this polynomial manifest size? - // static constexpr size_t STANDARD_HONK_MANIFEST_SIZE = 16; - // TODO(Cody): Maybe relation should be supplied and this should be computed as is done in sumcheck? - // Then honk::StandardHonk (or whatever we rename it) would become an alias for a Honk flavor with a - // certain set of parameters, including the relations? - static constexpr size_t MAX_RELATION_LENGTH = 5; - - // TODO(Cody): should extract this from the parameter pack. Maybe that should be done here? - - // num_sumcheck_rounds = 1 if using quotient polynomials, otherwise = number of sumcheck rounds - static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds = 1) - { - constexpr size_t g1_size = 64; - constexpr size_t fr_size = 32; - const size_t public_input_size = fr_size * num_public_inputs; - // clang-format off - /* A RoundManifest describes data that will be put in or extracted from a transcript. - Here we have (1 + 7 + num_sumcheck_rounds)-many RoundManifests. */ - std::vector manifest_rounds; - - // Round 0 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { - { .name = "circuit_size", .num_bytes = 4, .derived_by_verifier = true }, - { .name = "public_input_size", .num_bytes = 4, .derived_by_verifier = true } - }, - /* challenge_name = */ "init", - /* num_challenges_in = */ 1)); - - // Round 1 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { /* this is a noop */ }, - /* challenge_name = */ "eta", - /* num_challenges_in = */ 0)); - - // Round 2 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { - { .name = "public_inputs", .num_bytes = public_input_size, .derived_by_verifier = false }, - { .name = "W_1", .num_bytes = g1_size, .derived_by_verifier = false }, - { .name = "W_2", .num_bytes = g1_size, .derived_by_verifier = false }, - { .name = "W_3", .num_bytes = g1_size, .derived_by_verifier = false }, - }, - /* challenge_name = */ "beta", - /* num_challenges_in = */ 2) // also produce "gamma" - ); - - // Round 3 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { { .name = "Z_PERM", .num_bytes = g1_size, .derived_by_verifier = false } }, - /* challenge_name = */ "alpha", - /* num_challenges_in = */ 2) - ); - - // Rounds 4, ... 4 + num_sumcheck_rounds-1 - for (size_t i = 0; i < num_sumcheck_rounds; i++) { - auto label = std::to_string(i); - manifest_rounds.emplace_back( - transcript::Manifest::RoundManifest( - { - { .name = "univariate_" + label, .num_bytes = fr_size * honk::StandardHonk::MAX_RELATION_LENGTH, .derived_by_verifier = false } - }, - /* challenge_name = */ "u_" + label, - /* num_challenges_in = */ 1)); - } - - // Round 5 + num_sumcheck_rounds - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { - { .name = "multivariate_evaluations", .num_bytes = fr_size * honk::StandardArithmetization::NUM_POLYNOMIALS, .derived_by_verifier = false, .challenge_map_index = 0 }, - }, - /* challenge_name = */ "rho", - /* num_challenges_in = */ 1)); /* TODO(Cody): magic number! Where should this be specified? */ - - // Rounds 6 + num_sumcheck_rounds, ... , 6 + 2 * num_sumcheck_rounds - 1 - std::vector fold_commitment_entries; - for (size_t i = 1; i < num_sumcheck_rounds; i++) { - fold_commitment_entries.emplace_back(transcript::Manifest::ManifestEntry( - { .name = "FOLD_" + std::to_string(i), .num_bytes = g1_size, .derived_by_verifier = false })); - }; - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - fold_commitment_entries, - /* challenge_name = */ "r", - /* num_challenges_in */ 1)); - - // Rounds 6 + 2 * num_sumcheck_rounds, ..., 6 + 3 * num_sumcheck_rounds - std::vector gemini_evaluation_entries; - for (size_t i = 0; i < num_sumcheck_rounds; i++) { - gemini_evaluation_entries.emplace_back(transcript::Manifest::ManifestEntry( - { .name = "a_" + std::to_string(i), .num_bytes = fr_size, .derived_by_verifier = false })); - }; - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - gemini_evaluation_entries, - /* challenge_name = */ "nu", - /* num_challenges_in */ 1)); - - // Round 7 + 3 * num_sumcheck_rounds - manifest_rounds.emplace_back( - transcript::Manifest::RoundManifest( - { - { .name = "Q", .num_bytes = g1_size, .derived_by_verifier = false } - }, - /* challenge_name = */ "z", - /* num_challenges_in */ 1)); - - // Round 8 + 3 * num_sumcheck_rounds - manifest_rounds.emplace_back( - transcript::Manifest::RoundManifest( - { - { .name = "W", .num_bytes = g1_size, .derived_by_verifier = false } - }, - /* challenge_name = */ "separator", - /* num_challenges_in */ 1)); - - // clang-format on - - auto output = transcript::Manifest(manifest_rounds); - return output; - } -}; - -struct UltraArithmetization { - /** - * @brief All of the multivariate polynomials used by the Ultra Honk Prover. - * @details The polynomials are broken into three categories: precomputed, witness, and shifted. - * This separation must be maintained to allow for programmatic access, but the ordering of the - * polynomials can be permuted within each category if necessary. Polynomials can also be added - * or removed (assuming consistency with the prover algorithm) but the constants describing the - * number of polynomials in each category must be manually updated. - * - */ - enum POLYNOMIAL { - /* --- PRECOMPUTED POLYNOMIALS --- */ - Q_C, - Q_L, - Q_R, - Q_O, - Q_4, - Q_M, - QARITH, - QSORT, - QELLIPTIC, - QAUX, - QLOOKUPTYPE, - SIGMA_1, - SIGMA_2, - SIGMA_3, - SIGMA_4, - ID_1, - ID_2, - ID_3, - ID_4, - LAGRANGE_FIRST, - LAGRANGE_LAST, // = LAGRANGE_N-1 whithout ZK, but can be less - /* --- WITNESS POLYNOMIALS --- */ - W_L, - W_R, - W_O, - W_4, - S_1, - S_2, - S_3, - S_4, - Z_PERM, - Z_LOOKUP, - /* --- SHIFTED POLYNOMIALS --- */ - W_1_SHIFT, - W_4_SHIFT, - Z_PERM_SHIFT, - Z_LOOKUP_SHIFT, - /* --- --- */ - COUNT // for programmatic determination of NUM_POLYNOMIALS - }; -}; -} // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/flavor/flavor.test.cpp b/cpp/src/barretenberg/honk/flavor/flavor.test.cpp deleted file mode 100644 index 06accb9265..0000000000 --- a/cpp/src/barretenberg/honk/flavor/flavor.test.cpp +++ /dev/null @@ -1,30 +0,0 @@ -#include "flavor.hpp" - -#include - -namespace test_flavor { - -// // TODO(Cody) This seems like a good idea, but I'm not sure why. -// TEST(Flavor, StandardArithmetization){ -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_L, 0); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_R, 1); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_O, 2); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Z_PERM, 3); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Z_PERM_SHIFT, 4); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_M, 5); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_L, 6); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_R, 7); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_O, 8); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_C, 9); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_1, 10); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_2, 11); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_3, 12); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_1, 13); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_2, 14); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_3, 15); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::LAGRANGE_FIRST, 16); -// EXPECT_EQ(StandardArithmetization::MULTIVARIATE::COUNT, 17); - -// } - -} // namespace test_flavor diff --git a/cpp/src/barretenberg/honk/proof_system/program_settings.hpp b/cpp/src/barretenberg/honk/proof_system/program_settings.hpp index 8232fb3ef0..84c4cf7972 100644 --- a/cpp/src/barretenberg/honk/proof_system/program_settings.hpp +++ b/cpp/src/barretenberg/honk/proof_system/program_settings.hpp @@ -4,7 +4,6 @@ #include "../../transcript/transcript_wrappers.hpp" #include "../../plonk/proof_system/types/prover_settings.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk { diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index bb184146c6..932da4316d 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -18,7 +18,6 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/transcript/transcript_wrappers.hpp" #include diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 1f2e8407bd..a9110b59bc 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -11,7 +11,6 @@ #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/honk/pcs/shplonk/shplonk.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp index e000281d1b..186fa03a9d 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp @@ -17,7 +17,6 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/transcript/transcript_wrappers.hpp" #include #include "barretenberg/honk/pcs/claim.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index 3c15104483..c060a115b5 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -2,7 +2,6 @@ #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/honk/pcs/shplonk/shplonk.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 4a0f22f980..3e239fd83b 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -10,7 +10,6 @@ #include "barretenberg/honk/pcs/gemini/gemini.hpp" #include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" #include "barretenberg/ecc/curves/bn254/fq12.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.hpp b/cpp/src/barretenberg/honk/proof_system/verifier.hpp index 717de4c316..a4ff38714a 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.hpp @@ -8,7 +8,6 @@ #include "../sumcheck/sumcheck.hpp" #include "../sumcheck/relations/arithmetic_relation.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/honk/pcs/gemini/gemini.hpp" #include "barretenberg/honk/pcs/shplonk/shplonk_single.hpp" #include "barretenberg/honk/pcs/kzg/kzg.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp index 269bac2d5b..6443463370 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp @@ -2,7 +2,6 @@ // #include "barretenberg/numeric/bitop/get_msb.hpp" // #include "barretenberg/plonk/proof_system/constants.hpp" // #include "barretenberg/polynomials/polynomial.hpp" -// #include "barretenberg/honk/flavor/flavor.hpp" // #include "barretenberg/proof_system/flavor/flavor.hpp" // #include "prover.hpp" // #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp index 79829c3526..e7d095119c 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp @@ -2,7 +2,6 @@ #include #include -#include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" #include "relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp index 590589dc03..d0da9ee2c2 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp @@ -1,6 +1,5 @@ #pragma once #include "relation.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" namespace proof_system::honk::sumcheck { diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp index 28179e8f19..0fd8fbd606 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp @@ -1,6 +1,5 @@ #pragma once #include "relation.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" namespace proof_system::honk::sumcheck { diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index 2b9020b42f..fab8e0d96e 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -2,7 +2,6 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "relation.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "arithmetic_relation.hpp" #include "grand_product_initialization_relation.hpp" #include "grand_product_computation_relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index ef3c56a16f..26ee7c802b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -4,7 +4,6 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include #include "barretenberg/honk/proof_system/prover.hpp" #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp index 9de9207917..dd5aa02b85 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp @@ -2,7 +2,6 @@ #include #include -#include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" #include "relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp index 66e42d9d09..dde3e8e7ff 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp @@ -2,7 +2,6 @@ #include #include -#include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" #include "relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index e8e23f1831..237c470bc1 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -2,7 +2,6 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "relation.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "arithmetic_relation.hpp" #include "grand_product_initialization_relation.hpp" #include "grand_product_computation_relation.hpp" @@ -181,7 +180,7 @@ TEST_F(UltraRelationConsistency, UltraArithmeticRelation) using FF = typename Flavor::FF; static constexpr size_t FULL_RELATION_LENGTH = 6; using ExtendedEdges = typename Flavor::template ExtendedEdges; - static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; const auto relation_parameters = compute_mock_relation_parameters(); ExtendedEdges extended_edges; @@ -225,7 +224,7 @@ TEST_F(UltraRelationConsistency, UltraArithmeticRelationSecondary) using FF = typename Flavor::FF; static constexpr size_t FULL_RELATION_LENGTH = 6; using ExtendedEdges = typename Flavor::template ExtendedEdges; - static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; const auto relation_parameters = compute_mock_relation_parameters(); ExtendedEdges extended_edges; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index 82f13fffa3..ae64fcac12 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -7,7 +7,6 @@ #include "barretenberg/common/throw_or_abort.hpp" #include "sumcheck_round.hpp" #include "polynomials/univariate.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include #include #include @@ -27,7 +26,7 @@ template class... Relations using PurportedEvaluations = typename Flavor::PurportedEvaluations; static constexpr size_t MAX_RELATION_LENGTH = std::max({ Relations::RELATION_LENGTH... }); - static constexpr size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; + static constexpr size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; Transcript& transcript; const size_t multivariate_n; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp index edef16eca5..57c1885b51 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp @@ -1,6 +1,5 @@ #include "sumcheck.hpp" #include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/transcript/transcript_wrappers.hpp" #include "relations/arithmetic_relation.hpp" @@ -26,15 +25,10 @@ using namespace proof_system::honk::sumcheck; using Flavor = honk::flavor::Standard; // TODO(Cody): Generalize this test. using FF = typename Flavor::FF; using ProverPolynomials = typename Flavor::ProverPolynomials; -const size_t NUM_POLYNOMIALS = proof_system::honk::StandardArithmetization::NUM_POLYNOMIALS; -using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL; +const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; namespace test_sumcheck_round { -/** - * @brief Place polynomials into full_polynomials in the order determined by the StandardArithmetization enum. - * - */ template ProverPolynomials construct_full_polynomials(std::array& w_l, std::array& w_r, diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp index 5329c68a6d..c3d8dbf984 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp @@ -1,4 +1,3 @@ -#include "barretenberg/honk/flavor/flavor.hpp" #include "sumcheck_round.hpp" #include "relations/arithmetic_relation.hpp" #include "relations/grand_product_computation_relation.hpp" @@ -32,10 +31,6 @@ const size_t max_relation_length = 5; const size_t input_polynomial_length = 2; namespace test_sumcheck_round { -/** - * @brief Place polynomials into full_polynomials in the order determined by the StandardArithmetization enum. - * - */ template void construct_full_polynomials(ProverPolynomials& full_polynomials, std::array& w_l, diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index 4607847cb9..c5c4bd59e1 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -3,6 +3,7 @@ #include "barretenberg/honk/composer/standard_honk_composer.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include #include #include @@ -31,7 +32,7 @@ template class TranscriptTest : public testing::Test { size_t size_FF = sizeof(FF); size_t size_G = 2 * size_FF; size_t size_uni = max_relation_length * size_FF; - size_t size_evals = StandardArithmetization::NUM_POLYNOMIALS * size_FF; + size_t size_evals = flavor::Standard::NUM_ALL_ENTITIES; size_t round = 0; manifest_expected.add_entry(round, "circuit_size", 4); From a843aea6e3fd9f02535067470c0c098e7b2a0266 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Mon, 24 Apr 2023 20:12:16 +0000 Subject: [PATCH 037/119] fix and simplify relation consistency tests --- .../relations/relation_consistency.test.cpp | 46 +--------- .../ultra_relation_consistency.test.cpp | 46 +--------- .../proof_system/flavor/flavor.hpp | 83 ++++++++++--------- 3 files changed, 49 insertions(+), 126 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index fab8e0d96e..8c0cdc9061 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -44,54 +44,14 @@ class StandardRelationConsistency : public testing::Test { // extend them to the degree. template static void compute_mock_extended_edges( - ExtendedEdges extended_edges, - std::array, NUM_POLYNOMIALS>& input_univariates) + ExtendedEdges& extended_edges, + std::array, NUM_POLYNOMIALS>& input_edges) { BarycentricData barycentric_2_to_max = BarycentricData(); - std::array, NUM_POLYNOMIALS> extended_univariates; for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - extended_univariates[i] = barycentric_2_to_max.extend(input_univariates[i]); + extended_edges[i] = barycentric_2_to_max.extend(input_edges[i]); } - auto w_l = Univariate(extended_univariates[0]); - auto w_r = Univariate(extended_univariates[1]); - auto w_o = Univariate(extended_univariates[2]); - auto z_perm = Univariate(extended_univariates[3]); - auto z_perm_shift = - Univariate(extended_univariates[4]); // this is not real shifted data - auto q_m = Univariate(extended_univariates[5]); - auto q_l = Univariate(extended_univariates[6]); - auto q_r = Univariate(extended_univariates[7]); - auto q_o = Univariate(extended_univariates[8]); - auto q_c = Univariate(extended_univariates[9]); - auto sigma_1 = Univariate(extended_univariates[10]); - auto sigma_2 = Univariate(extended_univariates[11]); - auto sigma_3 = Univariate(extended_univariates[12]); - auto id_1 = Univariate(extended_univariates[13]); - auto id_2 = Univariate(extended_univariates[14]); - auto id_3 = Univariate(extended_univariates[15]); - auto lagrange_first = Univariate(extended_univariates[16]); - auto lagrange_last = Univariate(extended_univariates[17]); - // Construct extended edges array in order determined by enum - - extended_edges.w_l = w_l; - extended_edges.w_r = w_r; - extended_edges.w_o = w_o; - extended_edges.z_perm = z_perm; - extended_edges.z_perm_shift = z_perm_shift; - extended_edges.q_m = q_m; - extended_edges.q_l = q_l; - extended_edges.q_r = q_r; - extended_edges.q_o = q_o; - extended_edges.q_c = q_c; - extended_edges.sigma_1 = sigma_1; - extended_edges.sigma_2 = sigma_2; - extended_edges.sigma_3 = sigma_3; - extended_edges.id_1 = id_1; - extended_edges.id_2 = id_2; - extended_edges.id_3 = id_3; - extended_edges.lagrange_first = lagrange_first; - extended_edges.lagrange_last = lagrange_last; } /** diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index 237c470bc1..60f607663b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -42,54 +42,14 @@ class UltraRelationConsistency : public testing::Test { // extend them to the degree. template static void compute_mock_extended_edges( - ExtendedEdges extended_edges, - std::array, NUM_POLYNOMIALS>& input_univariates) + ExtendedEdges& extended_edges, + std::array, NUM_POLYNOMIALS>& input_edges) { BarycentricData barycentric_2_to_max = BarycentricData(); - std::array, NUM_POLYNOMIALS> extended_univariates; for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - extended_univariates[i] = barycentric_2_to_max.extend(input_univariates[i]); + extended_edges[i] = barycentric_2_to_max.extend(input_edges[i]); } - auto w_l = Univariate(extended_univariates[0]); - auto w_r = Univariate(extended_univariates[1]); - auto w_o = Univariate(extended_univariates[2]); - auto z_perm = Univariate(extended_univariates[3]); - auto z_perm_shift = - Univariate(extended_univariates[4]); // this is not real shifted data - auto q_m = Univariate(extended_univariates[5]); - auto q_l = Univariate(extended_univariates[6]); - auto q_r = Univariate(extended_univariates[7]); - auto q_o = Univariate(extended_univariates[8]); - auto q_c = Univariate(extended_univariates[9]); - auto sigma_1 = Univariate(extended_univariates[10]); - auto sigma_2 = Univariate(extended_univariates[11]); - auto sigma_3 = Univariate(extended_univariates[12]); - auto id_1 = Univariate(extended_univariates[13]); - auto id_2 = Univariate(extended_univariates[14]); - auto id_3 = Univariate(extended_univariates[15]); - auto lagrange_first = Univariate(extended_univariates[16]); - auto lagrange_last = Univariate(extended_univariates[17]); - // Construct extended edges array in order determined by enum - - extended_edges.w_l = w_l; - extended_edges.w_r = w_r; - extended_edges.w_o = w_o; - extended_edges.z_perm = z_perm; - extended_edges.z_perm_shift = z_perm_shift; - extended_edges.q_m = q_m; - extended_edges.q_l = q_l; - extended_edges.q_r = q_r; - extended_edges.q_o = q_o; - extended_edges.q_c = q_c; - extended_edges.sigma_1 = sigma_1; - extended_edges.sigma_2 = sigma_2; - extended_edges.sigma_3 = sigma_3; - extended_edges.id_1 = id_1; - extended_edges.id_2 = id_2; - extended_edges.id_3 = id_3; - extended_edges.lagrange_first = lagrange_first; - extended_edges.lagrange_last = lagrange_last; } /** diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 3bad4b9831..256fd42a2b 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -752,46 +752,49 @@ class Ultra { virtual ~AllData() = default; // TODO(Cody): are these needed? AllData(const AllData& other) - : q_c(other.q_c) - , q_l(other.q_l) - , q_r(other.q_r) - , q_o(other.q_o) - , q_4(other.q_4) - , q_m(other.q_m) - , q_arith(other.q_arith) - , q_sort(other.q_sort) - , q_elliptic(other.q_elliptic) - , q_aux(other.q_aux) - , q_lookuptype(other.q_lookuptype) - , sigma_1(other.sigma_1) - , sigma_2(other.sigma_2) - , sigma_3(other.sigma_3) - , sigma_4(other.sigma_4) - , id_1(other.id_1) - , id_2(other.id_2) - , id_3(other.id_3) - , id_4(other.id_4) - , table_1(other.table_1) - , table_2(other.table_2) - , table_3(other.table_3) - , table_4(other.table_4) - , lagrange_first(other.lagrange_first) - , lagrange_last(other.lagrange_last) - , w_l(other.w_l) - , w_r(other.w_r) - , w_o(other.w_o) - , w_4(other.w_4) - , sorted_1(other.sorted_1) - , sorted_2(other.sorted_2) - , sorted_3(other.sorted_3) - , sorted_4(other.sorted_4) - // , sorted_batched(other.sorted_batched) - , z_perm(other.z_perm) - , z_lookup(other.z_lookup) - , w_l_shift(other.w_l_shift) - , w_4_shift(other.w_4_shift) - , z_perm_shift(other.z_perm_shift) - , z_lookup_shift(other.z_lookup_shift){}; + // : q_c(other.q_c) + // , q_l(other.q_l) + // , q_r(other.q_r) + // , q_o(other.q_o) + // , q_4(other.q_4) + // , q_m(other.q_m) + // , q_arith(other.q_arith) + // , q_sort(other.q_sort) + // , q_elliptic(other.q_elliptic) + // , q_aux(other.q_aux) + // , q_lookuptype(other.q_lookuptype) + // , sigma_1(other.sigma_1) + // , sigma_2(other.sigma_2) + // , sigma_3(other.sigma_3) + // , sigma_4(other.sigma_4) + // , id_1(other.id_1) + // , id_2(other.id_2) + // , id_3(other.id_3) + // , id_4(other.id_4) + // , table_1(other.table_1) + // , table_2(other.table_2) + // , table_3(other.table_3) + // , table_4(other.table_4) + // , lagrange_first(other.lagrange_first) + // , lagrange_last(other.lagrange_last) + // , w_l(other.w_l) + // , w_r(other.w_r) + // , w_o(other.w_o) + // , w_4(other.w_4) + // , sorted_1(other.sorted_1) + // , sorted_2(other.sorted_2) + // , sorted_3(other.sorted_3) + // , sorted_4(other.sorted_4) + // // , sorted_batched(other.sorted_batched) + // , z_perm(other.z_perm) + // , z_lookup(other.z_lookup) + // , w_l_shift(other.w_l_shift) + // , w_4_shift(other.w_4_shift) + // , z_perm_shift(other.z_perm_shift) + // , z_lookup_shift(other.z_lookup_shift) + { + this->_data = other._data; + }; AllData(AllData&& other) : From b9ef0bf4b86c06df83ebbdffb62c21353eb9ed91 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Mon, 24 Apr 2023 20:13:10 +0000 Subject: [PATCH 038/119] fix expected manifest in transcript tests --- cpp/src/barretenberg/honk/transcript/transcript.test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index c5c4bd59e1..e8769cc3af 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -32,7 +32,7 @@ template class TranscriptTest : public testing::Test { size_t size_FF = sizeof(FF); size_t size_G = 2 * size_FF; size_t size_uni = max_relation_length * size_FF; - size_t size_evals = flavor::Standard::NUM_ALL_ENTITIES; + size_t size_evals = flavor::Standard::NUM_ALL_ENTITIES * size_FF; size_t round = 0; manifest_expected.add_entry(round, "circuit_size", 4); From 4410fdb55ca722ee3f000503f77ab339dadf6e29 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Mon, 24 Apr 2023 22:17:50 +0000 Subject: [PATCH 039/119] exploring some simplifications in the Flavor data classes --- .../proof_system/flavor/flavor.hpp | 337 +++++++++--------- .../proof_system/flavor/flavor.test.cpp | 28 ++ 2 files changed, 197 insertions(+), 168 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 256fd42a2b..510e0c21e0 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -29,13 +29,13 @@ template class Data { DataType _data; // TODO(Cody): now it's safe to inherit from this... right? - virtual ~Data() = default; - Data() = default; - // TODO(Cody): are these needed? - Data(const Data&) = default; - Data(Data&&) = default; - Data& operator=(const Data&) = default; - Data& operator=(const Data&&) = default; + // virtual ~Data() = default; + // Data() = default; + // // TODO(Cody): are these needed? + // Data(const Data&) = default; + // Data(Data&&) = default; + // Data& operator=(const Data&) = default; + // Data& operator=(Data&&) = default; T& operator[](size_t idx) { return _data[idx]; }; typename DataType::iterator begin() { return _data.begin(); }; @@ -51,7 +51,7 @@ class BasePrecomputedData : public Data { size_t log_circuit_size; size_t num_public_inputs; ComposerType composer_type; // WORKTODO: Get rid of this - BasePrecomputedData() = default; + // BasePrecomputedData() = default; virtual std::vector get_selectors() = 0; virtual std::vector get_sigma_polynomials() = 0; virtual std::vector get_id_polynomials() = 0; @@ -66,7 +66,7 @@ template class BaseProvingKey : public P std::shared_ptr crs; EvaluationDomain evaluation_domain; - BaseProvingKey() = default; + // BaseProvingKey() = default; }; /** @@ -82,12 +82,12 @@ template class BaseVerificationKey : public Precomput template class BaseAllData : public Data { public: - BaseAllData() { this->_data = {}; } + // BaseAllData() { this->_data = {}; } - BaseAllData(std::array read_evals) { this->_data = read_evals; } - // BaseAllData(const BaseAllData& other){this->_data = other.data;}; - BaseAllData& operator=(const BaseAllData& other) { this->_data = other._data; }; - BaseAllData& operator=(const BaseAllData&& other) { this->_data = other._data; }; + // BaseAllData(std::array read_evals) { this->_data = read_evals; } + // // BaseAllData(const BaseAllData& other){this->_data = other.data;}; + // BaseAllData& operator=(const BaseAllData& other) { this->_data = other._data; }; + // BaseAllData& operator=(const BaseAllData&& other) { this->_data = other._data; }; virtual std::vector get_unshifted() = 0; virtual std::vector get_to_be_shifted() = 0; @@ -143,83 +143,83 @@ class Standard { std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; virtual ~PrecomputedData() = default; - PrecomputedData() = default; - // TODO(Cody): are these needed? - PrecomputedData(const PrecomputedData& other) - { - this->_data = other._data; - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - }; - - PrecomputedData(PrecomputedData&& other) - { - this->_data = other._data; - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - }; - - PrecomputedData& operator=(const PrecomputedData& other) - { - this->_data = other._data; - - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - return *this; - }; - - PrecomputedData& operator=(PrecomputedData&& other) - { - this->_data = other._data; - - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - return *this; - }; + // PrecomputedData() = default; + // // TODO(Cody): are these needed? + // PrecomputedData(const PrecomputedData& other) + // { + // this->_data = other._data; + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; + // }; + + // PrecomputedData(PrecomputedData&& other) + // { + // this->_data = other._data; + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; + // }; + + // PrecomputedData& operator=(const PrecomputedData& other) + // { + // this->_data = other._data; + + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; + // return *this; + // }; + + // PrecomputedData& operator=(PrecomputedData&& other) + // { + // this->_data = other._data; + + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; + // return *this; + // }; }; class ProvingKey : public BaseProvingKey, FF> { @@ -306,72 +306,72 @@ class Standard { { this->_data = other._data; - w_l = other.w_l; - w_r = other.w_r; - w_o = other.w_o; - z_perm = other.z_perm; - z_perm_shift = other.z_perm_shift; - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; + // w_l = other.w_l; + // w_r = other.w_r; + // w_o = other.w_o; + // z_perm = other.z_perm; + // z_perm_shift = other.z_perm_shift; + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; }; AllData(AllData&& other) { this->_data = other._data; - w_l = other.w_l; - w_r = other.w_r; - w_o = other.w_o; - z_perm = other.z_perm; - z_perm_shift = other.z_perm_shift; - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; + // w_l = other.w_l; + // w_r = other.w_r; + // w_o = other.w_o; + // z_perm = other.z_perm; + // z_perm_shift = other.z_perm_shift; + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; }; AllData& operator=(const AllData& other) { this->_data = other._data; - w_l = other.w_l; - w_r = other.w_r; - w_o = other.w_o; - z_perm = other.z_perm; - z_perm_shift = other.z_perm_shift; - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; + // w_l = other.w_l; + // w_r = other.w_r; + // w_o = other.w_o; + // z_perm = other.z_perm; + // z_perm_shift = other.z_perm_shift; + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; return *this; }; @@ -379,24 +379,24 @@ class Standard { { this->_data = other._data; - w_l = other.w_l; - w_r = other.w_r; - w_o = other.w_o; - z_perm = other.z_perm; - z_perm_shift = other.z_perm_shift; - q_m = other.q_m; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_c = other.q_c; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; + // w_l = other.w_l; + // w_r = other.w_r; + // w_o = other.w_o; + // z_perm = other.z_perm; + // z_perm_shift = other.z_perm_shift; + // q_m = other.q_m; + // q_l = other.q_l; + // q_r = other.q_r; + // q_o = other.q_o; + // q_c = other.q_c; + // sigma_1 = other.sigma_1; + // sigma_2 = other.sigma_2; + // sigma_3 = other.sigma_3; + // id_1 = other.id_1; + // id_2 = other.id_2; + // id_3 = other.id_3; + // lagrange_first = other.lagrange_first; + // lagrange_last = other.lagrange_last; return *this; }; }; @@ -410,11 +410,12 @@ class Standard { using FoldedPolynomials = AllData>; // WORKTODO add view class type. template using ExtendedEdges = AllData>; - class PurportedEvaluations : public AllData { - public: // WORKTODO: this is bad - PurportedEvaluations() { this->_data = {}; } - PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } - }; + using PurportedEvaluations = AllData; + // class PurportedEvaluations : public AllData { + // public: // WORKTODO: this is bad + // PurportedEvaluations() { this->_data = {}; } + // PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } + // }; class CommitmentLabels : public AllData { public: diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 573a960612..ed92a2a155 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -1,4 +1,5 @@ #include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" #include #include @@ -96,4 +97,31 @@ TEST(Flavor, Standard) }; } +// TODO(luke): just playing around with the Flavor classes. These should become demonstrative tests +TEST(Flavor, General) +{ + using Flavor = proof_system::honk::flavor::Standard; + using FF = Flavor::FF; + using FoldedPolynomials = Flavor::FoldedPolynomials; + using Polynomial = Polynomial; + + FoldedPolynomials polynomials_A; + std::vector random_poly{ 10 }; + for (auto& coeff : random_poly) { + coeff = FF::random_element(); + } + + info("polynomials_A.size() = ", polynomials_A.size()); + + polynomials_A.w_l = random_poly; + + ASSERT_EQ(random_poly, polynomials_A.w_l); + + FoldedPolynomials polynomials_B(polynomials_A); + ASSERT_EQ(random_poly, polynomials_B.w_l); + + FoldedPolynomials polynomials_C(std::move(polynomials_B)); + ASSERT_EQ(random_poly, polynomials_C.w_l); +} + } // namespace proof_system::test_flavor From a4a61574be2202295eb30801710cfa25b8735e0c Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 25 Apr 2023 19:13:22 +0000 Subject: [PATCH 040/119] simplifying flavor classes a bit --- .../relations/relation_correctness.test.cpp | 1 + .../proof_system/flavor/flavor.hpp | 197 ++---------------- 2 files changed, 14 insertions(+), 184 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 26ee7c802b..5ad8f832e0 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -248,6 +248,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) evaluations_at_index_i[poly_idx] = polynomial[i]; poly_idx++; } + info("i = ", i); // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the // i-th row/vertex of the hypercube. We use ASSERT_EQ instead of EXPECT_EQ so that the tests stops at diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 510e0c21e0..7e190a679a 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -51,7 +51,9 @@ class BasePrecomputedData : public Data { size_t log_circuit_size; size_t num_public_inputs; ComposerType composer_type; // WORKTODO: Get rid of this - // BasePrecomputedData() = default; + + // virtual ~BasePrecomputedData() = default; + virtual std::vector get_selectors() = 0; virtual std::vector get_sigma_polynomials() = 0; virtual std::vector get_id_polynomials() = 0; @@ -65,8 +67,6 @@ template class BaseProvingKey : public P std::vector recursive_proof_public_input_indices; std::shared_ptr crs; EvaluationDomain evaluation_domain; - - // BaseProvingKey() = default; }; /** @@ -82,13 +82,6 @@ template class BaseVerificationKey : public Precomput template class BaseAllData : public Data { public: - // BaseAllData() { this->_data = {}; } - - // BaseAllData(std::array read_evals) { this->_data = read_evals; } - // // BaseAllData(const BaseAllData& other){this->_data = other.data;}; - // BaseAllData& operator=(const BaseAllData& other) { this->_data = other._data; }; - // BaseAllData& operator=(const BaseAllData&& other) { this->_data = other._data; }; - virtual std::vector get_unshifted() = 0; virtual std::vector get_to_be_shifted() = 0; virtual std::vector get_shifted() = 0; @@ -143,83 +136,6 @@ class Standard { std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; virtual ~PrecomputedData() = default; - // PrecomputedData() = default; - // // TODO(Cody): are these needed? - // PrecomputedData(const PrecomputedData& other) - // { - // this->_data = other._data; - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; - // }; - - // PrecomputedData(PrecomputedData&& other) - // { - // this->_data = other._data; - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; - // }; - - // PrecomputedData& operator=(const PrecomputedData& other) - // { - // this->_data = other._data; - - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; - // return *this; - // }; - - // PrecomputedData& operator=(PrecomputedData&& other) - // { - // this->_data = other._data; - - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; - // return *this; - // }; }; class ProvingKey : public BaseProvingKey, FF> { @@ -296,109 +212,27 @@ class Standard { std::vector get_shifted() override { return { z_perm_shift }; }; AllData() = default; - AllData(std::array _data_in) - { - this->_data = _data_in; - }; // WORKTODO: this will break references? - virtual ~AllData() = default; - // TODO(Cody): are these needed? - AllData(const AllData& other) - { - this->_data = other._data; - // w_l = other.w_l; - // w_r = other.w_r; - // w_o = other.w_o; - // z_perm = other.z_perm; - // z_perm_shift = other.z_perm_shift; - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; - }; + AllData(const AllData& other) + : BaseAllData(other){}; AllData(AllData&& other) - { - this->_data = other._data; - - // w_l = other.w_l; - // w_r = other.w_r; - // w_o = other.w_o; - // z_perm = other.z_perm; - // z_perm_shift = other.z_perm_shift; - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; - }; + : BaseAllData(other){}; + // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - this->_data = other._data; - - // w_l = other.w_l; - // w_r = other.w_r; - // w_o = other.w_o; - // z_perm = other.z_perm; - // z_perm_shift = other.z_perm_shift; - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; + BaseAllData::operator=(other); return *this; - }; + } AllData& operator=(AllData&& other) { - this->_data = other._data; - - // w_l = other.w_l; - // w_r = other.w_r; - // w_o = other.w_o; - // z_perm = other.z_perm; - // z_perm_shift = other.z_perm_shift; - // q_m = other.q_m; - // q_l = other.q_l; - // q_r = other.q_r; - // q_o = other.q_o; - // q_c = other.q_c; - // sigma_1 = other.sigma_1; - // sigma_2 = other.sigma_2; - // sigma_3 = other.sigma_3; - // id_1 = other.id_1; - // id_2 = other.id_2; - // id_3 = other.id_3; - // lagrange_first = other.lagrange_first; - // lagrange_last = other.lagrange_last; + BaseAllData::operator=(other); return *this; - }; + } + + AllData(std::array data_in) { this->_data = data_in; } }; // These are classes are views of data living in different entities. They @@ -411,11 +245,6 @@ class Standard { template using ExtendedEdges = AllData>; using PurportedEvaluations = AllData; - // class PurportedEvaluations : public AllData { - // public: // WORKTODO: this is bad - // PurportedEvaluations() { this->_data = {}; } - // PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } - // }; class CommitmentLabels : public AllData { public: From 881da26abe5defb8876f2624c8d239a737094abe Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Tue, 25 Apr 2023 21:24:08 +0000 Subject: [PATCH 041/119] make selector order match that in ultra composer; relation correctness passing --- .../relations/relation_correctness.test.cpp | 1 - .../proof_system/flavor/flavor.hpp | 198 ++---------------- 2 files changed, 18 insertions(+), 181 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 5ad8f832e0..26ee7c802b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -248,7 +248,6 @@ TEST(RelationCorrectness, UltraRelationCorrectness) evaluations_at_index_i[poly_idx] = polynomial[i]; poly_idx++; } - info("i = ", i); // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the // i-th row/vertex of the hypercube. We use ASSERT_EQ instead of EXPECT_EQ so that the tests stops at diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 7e190a679a..9508d0d51b 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -317,12 +317,12 @@ class Ultra { template class PrecomputedData : public BasePrecomputedData { public: - T& q_c = std::get<0>(this->_data); - T& q_l = std::get<1>(this->_data); - T& q_r = std::get<2>(this->_data); - T& q_o = std::get<3>(this->_data); - T& q_4 = std::get<4>(this->_data); - T& q_m = std::get<5>(this->_data); + T& q_m = std::get<0>(this->_data); + T& q_c = std::get<1>(this->_data); + T& q_l = std::get<2>(this->_data); + T& q_r = std::get<3>(this->_data); + T& q_o = std::get<4>(this->_data); + T& q_4 = std::get<5>(this->_data); T& q_arith = std::get<6>(this->_data); T& q_sort = std::get<7>(this->_data); T& q_elliptic = std::get<8>(this->_data); @@ -349,7 +349,8 @@ class Ultra { std::vector get_selectors() { - return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; + // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; + return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; }; std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; @@ -575,190 +576,27 @@ class Ultra { std::vector get_shifted() override { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; AllData() = default; - AllData(std::array _data_in) - { - this->_data = _data_in; - }; // WORKTODO: this will break references? - virtual ~AllData() = default; - // TODO(Cody): are these needed? + AllData(const AllData& other) - // : q_c(other.q_c) - // , q_l(other.q_l) - // , q_r(other.q_r) - // , q_o(other.q_o) - // , q_4(other.q_4) - // , q_m(other.q_m) - // , q_arith(other.q_arith) - // , q_sort(other.q_sort) - // , q_elliptic(other.q_elliptic) - // , q_aux(other.q_aux) - // , q_lookuptype(other.q_lookuptype) - // , sigma_1(other.sigma_1) - // , sigma_2(other.sigma_2) - // , sigma_3(other.sigma_3) - // , sigma_4(other.sigma_4) - // , id_1(other.id_1) - // , id_2(other.id_2) - // , id_3(other.id_3) - // , id_4(other.id_4) - // , table_1(other.table_1) - // , table_2(other.table_2) - // , table_3(other.table_3) - // , table_4(other.table_4) - // , lagrange_first(other.lagrange_first) - // , lagrange_last(other.lagrange_last) - // , w_l(other.w_l) - // , w_r(other.w_r) - // , w_o(other.w_o) - // , w_4(other.w_4) - // , sorted_1(other.sorted_1) - // , sorted_2(other.sorted_2) - // , sorted_3(other.sorted_3) - // , sorted_4(other.sorted_4) - // // , sorted_batched(other.sorted_batched) - // , z_perm(other.z_perm) - // , z_lookup(other.z_lookup) - // , w_l_shift(other.w_l_shift) - // , w_4_shift(other.w_4_shift) - // , z_perm_shift(other.z_perm_shift) - // , z_lookup_shift(other.z_lookup_shift) - { - this->_data = other._data; - }; + : BaseAllData(other){}; AllData(AllData&& other) - : - - q_c(other.q_c) - , q_l(other.q_l) - , q_r(other.q_r) - , q_o(other.q_o) - , q_4(other.q_4) - , q_m(other.q_m) - , q_arith(other.q_arith) - , q_sort(other.q_sort) - , q_elliptic(other.q_elliptic) - , q_aux(other.q_aux) - , q_lookuptype(other.q_lookuptype) - , sigma_1(other.sigma_1) - , sigma_2(other.sigma_2) - , sigma_3(other.sigma_3) - , sigma_4(other.sigma_4) - , id_1(other.id_1) - , id_2(other.id_2) - , id_3(other.id_3) - , id_4(other.id_4) - , table_1(other.table_1) - , table_2(other.table_2) - , table_3(other.table_3) - , table_4(other.table_4) - , lagrange_first(other.lagrange_first) - , lagrange_last(other.lagrange_last) - , w_l(other.w_l) - , w_r(other.w_r) - , w_o(other.w_o) - , w_4(other.w_4) - , sorted_1(other.sorted_1) - , sorted_2(other.sorted_2) - , sorted_3(other.sorted_3) - , sorted_4(other.sorted_4) - // , sorted_batched(other.sorted_batched) - , z_perm(other.z_perm) - , z_lookup(other.z_lookup) - , w_l_shift(other.w_l_shift) - , w_4_shift(other.w_4_shift) - , z_perm_shift(other.z_perm_shift) - , z_lookup_shift(other.z_lookup_shift){}; + : BaseAllData(other){}; + // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - q_c = other.q_c; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_4 = other.q_4; - q_m = other.q_m; - q_arith = other.q_arith; - q_sort = other.q_sort; - q_elliptic = other.q_elliptic; - q_aux = other.q_aux; - q_lookuptype = other.q_lookuptype; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - sigma_4 = other.sigma_4; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - id_4 = other.id_4; - table_1 = other.table_1; - table_2 = other.table_2; - table_3 = other.table_3; - table_4 = other.table_4; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - w_l = other.w_l; - w_r = other.w_r; - w_o = other.w_o; - w_4 = other.w_4; - sorted_1 = other.sorted_1; - sorted_2 = other.sorted_2; - sorted_3 = other.sorted_3; - sorted_4 = other.sorted_4; - // sorted_batched = other.sorted_batched; - z_perm = other.z_perm; - z_lookup = other.z_lookup; - w_l_shift = other.w_l_shift; - w_4_shift = other.w_4_shift; - z_perm_shift = other.z_perm_shift; - z_lookup_shift = other.z_lookup_shift; + BaseAllData::operator=(other); return *this; - }; + } AllData& operator=(AllData&& other) { - q_c = other.q_c; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_4 = other.q_4; - q_m = other.q_m; - q_arith = other.q_arith; - q_sort = other.q_sort; - q_elliptic = other.q_elliptic; - q_aux = other.q_aux; - q_lookuptype = other.q_lookuptype; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - sigma_4 = other.sigma_4; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - id_4 = other.id_4; - table_1 = other.table_1; - table_2 = other.table_2; - table_3 = other.table_3; - table_4 = other.table_4; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - w_l = other.w_l; - w_r = other.w_r; - w_o = other.w_o; - w_4 = other.w_4; - sorted_1 = other.sorted_1; - sorted_2 = other.sorted_2; - sorted_3 = other.sorted_3; - sorted_4 = other.sorted_4; - // sorted_batched = other.sorted_batched; - z_perm = other.z_perm; - z_lookup = other.z_lookup; - w_l_shift = other.w_l_shift; - w_4_shift = other.w_4_shift; - z_perm_shift = other.z_perm_shift; - z_lookup_shift = other.z_lookup_shift; + BaseAllData::operator=(other); return *this; - }; + } + + AllData(std::array data_in) { this->_data = data_in; } }; // These are classes are views of data living in different entities. They From ea20222dea52ffb2834e8c34ca65b4daea52d62f Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 25 Apr 2023 23:47:30 +0000 Subject: [PATCH 042/119] Cheaply fix Flavor.Standard. --- .../proof_system/flavor/flavor.test.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index ed92a2a155..6b49e8d78c 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -49,16 +49,11 @@ TEST(Flavor, Standard) }; size_t idx = 0; - auto w_l = get_test_polynomial(idx); - auto w_r = get_test_polynomial(idx); - auto w_o = get_test_polynomial(idx); - auto z_perm = get_test_polynomial(idx); - auto z_perm_shift = get_test_polynomial(idx); - auto q_m = get_test_polynomial(idx); + auto q_c = get_test_polynomial(idx); auto q_l = get_test_polynomial(idx); auto q_r = get_test_polynomial(idx); auto q_o = get_test_polynomial(idx); - auto q_c = get_test_polynomial(idx); + auto q_m = get_test_polynomial(idx); auto sigma_1 = get_test_polynomial(idx); auto sigma_2 = get_test_polynomial(idx); auto sigma_3 = get_test_polynomial(idx); @@ -67,6 +62,11 @@ TEST(Flavor, Standard) auto id_3 = get_test_polynomial(idx); auto lagrange_first = get_test_polynomial(idx); auto lagrange_last = get_test_polynomial(idx); + auto w_l = get_test_polynomial(idx); + auto w_r = get_test_polynomial(idx); + auto w_o = get_test_polynomial(idx); + auto z_perm = get_test_polynomial(idx); + auto z_perm_shift = get_test_polynomial(idx); prover_polynomials.w_l = w_l; prover_polynomials.w_r = w_r; From 94b4cc30b0469733196e66965c45ac591d5f5e58 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:10:30 +0000 Subject: [PATCH 043/119] Enrich circuit constructor --- .../proof_system/types/prover_settings.hpp | 2 +- .../arithmetization/arithmetization.hpp | 75 ++++++++++++++++++- .../circuit_constructor_base.cpp | 5 +- .../circuit_constructor_base.hpp | 6 +- .../standard_circuit_constructor.hpp | 12 +-- .../turbo_circuit_constructor.hpp | 24 +++--- .../ultra_circuit_constructor.hpp | 24 +++--- 7 files changed, 109 insertions(+), 39 deletions(-) diff --git a/cpp/src/barretenberg/plonk/proof_system/types/prover_settings.hpp b/cpp/src/barretenberg/plonk/proof_system/types/prover_settings.hpp index 3fa0e35d38..67d77015d8 100644 --- a/cpp/src/barretenberg/plonk/proof_system/types/prover_settings.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/types/prover_settings.hpp @@ -12,7 +12,7 @@ class settings_base { class standard_settings : public settings_base { public: - using Arithmetization = arithmetization::Standard; + using Arithmetization = arithmetization::Standard; static constexpr size_t num_challenge_bytes = 16; static constexpr transcript::HashType hash_type = transcript::HashType::PedersenBlake3s; static constexpr size_t program_width = 3; diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index a2f2207084..9299d82ae7 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -1,5 +1,7 @@ #pragma once +#include #include +#include namespace arithmetization { @@ -34,8 +36,75 @@ template struct Arithmetization { // These are not magic numbers and they should not be written with global constants. These paraters are not accessible // through clearly named static class members. -using Standard = Arithmetization; -using Turbo = Arithmetization; -using Ultra = Arithmetization; +template class Standard : public Arithmetization { + public: + struct Selectors { + using DataType = std::array, num_selectors>; + + DataType _data; + std::vector& q_m = std::get<0>(_data); + std::vector& q_1 = std::get<1>(_data); + std::vector& q_2 = std::get<2>(_data); + std::vector& q_3 = std::get<3>(_data); + std::vector& q_c = std::get<4>(_data); + size_t size() { return _data.size(); }; + typename DataType::const_iterator begin() const { return _data.begin(); }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::const_iterator end() const { return _data.end(); }; + typename DataType::iterator end() { return _data.end(); }; + }; +}; + +template class Turbo : public Arithmetization { + public: + struct Selectors { + using DataType = std::array, num_selectors>; + + DataType _data; + std::vector& q_m = std::get<0>(_data); + std::vector& q_c = std::get<1>(_data); + std::vector& q_1 = std::get<2>(_data); + std::vector& q_2 = std::get<3>(_data); + std::vector& q_3 = std::get<4>(_data); + std::vector& q_4 = std::get<5>(_data); + std::vector& q_5 = std::get<6>(_data); + std::vector& q_arith = std::get<7>(_data); + std::vector& q_fixed_base = std::get<8>(_data); + std::vector& q_range = std::get<9>(_data); + std::vector& q_logic = std::get<10>(_data); + + size_t size() { return _data.size(); }; + typename DataType::const_iterator begin() const { return _data.begin(); }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::const_iterator end() const { return _data.end(); }; + typename DataType::iterator end() { return _data.end(); }; + }; +}; + +template class Ultra : public Arithmetization { + public: + struct Selectors { + using DataType = std::array, num_selectors>; + + DataType _data; + std::vector& q_m = std::get<0>(_data); + std::vector& q_c = std::get<1>(_data); + std::vector& q_1 = std::get<2>(_data); + std::vector& q_2 = std::get<3>(_data); + std::vector& q_3 = std::get<4>(_data); + std::vector& q_4 = std::get<5>(_data); + std::vector& q_arith = std::get<6>(_data); + std::vector& q_sort = std::get<7>(_data); + std::vector& q_elliptic = std::get<8>(_data); + std::vector& q_aux = std::get<9>(_data); + std::vector& q_lookup_type = std::get<10>(_data); + + size_t size() { return _data.size(); }; + typename DataType::const_iterator begin() const { return _data.begin(); }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::const_iterator end() const { return _data.end(); }; + typename DataType::iterator end() { return _data.end(); }; + }; +}; } // namespace arithmetization \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp index 2f1f190805..1cdb79e88c 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.cpp @@ -41,6 +41,7 @@ void CircuitConstructorBase::assert_equal(const uint32_t a_vari real_variable_tags[a_real_idx] = real_variable_tags[b_real_idx]; } // Standard honk/ plonk instantiation -template class CircuitConstructorBase; -template class CircuitConstructorBase; +template class CircuitConstructorBase>; +template class CircuitConstructorBase>; +template class CircuitConstructorBase>; } // namespace proof_system diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 693ed011dc..c5ec77b45a 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -11,7 +11,7 @@ template class CircuitConstructorBase { public: // TODO(Cody): This needs to be templated to allow constructing circuits over Grumpkin. For now, adding FF here // since the flavor can extract it. - using FF = barretenberg::fr; + using FF = barretenberg::fr; // TODO(Cody): this should be set in Flavor and then passed to Arithmetization. static constexpr size_t num_wires = Arithmetization::num_wires; // Keeping num_wires, at least temporarily, for backward compatibility static constexpr size_t program_width = Arithmetization::num_wires; @@ -19,11 +19,11 @@ template class CircuitConstructorBase { // TODO(Cody): selector names are used by composer helper. They can therefore be specified through the proving // system flavor. Getting rid of this also lets us get rid of the weird constructor that's uses the selector names // functions - std::vector selector_names_; + std::vector selector_names_; // WORKTODO: needed? size_t num_gates = 0; std::array, num_wires> wires; - std::array, num_selectors> selectors; + typename Arithmetization::Selectors selectors; std::vector public_inputs; std::vector variables; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp index 421d150e08..176aa39ed8 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp @@ -10,17 +10,17 @@ inline std::vector standard_selector_names() return result; } -class StandardCircuitConstructor : public CircuitConstructorBase { +class StandardCircuitConstructor : public CircuitConstructorBase> { public: std::vector& w_l = std::get<0>(wires); std::vector& w_r = std::get<1>(wires); std::vector& w_o = std::get<2>(wires); - std::vector& q_m = std::get<0>(selectors); - std::vector& q_1 = std::get<1>(selectors); - std::vector& q_2 = std::get<2>(selectors); - std::vector& q_3 = std::get<3>(selectors); - std::vector& q_c = std::get<4>(selectors); + std::vector& q_m = selectors.q_m; + std::vector& q_1 = selectors.q_1; + std::vector& q_2 = selectors.q_2; + std::vector& q_3 = selectors.q_3; + std::vector& q_c = selectors.q_c; static constexpr ComposerType type = ComposerType::STANDARD_HONK; // TODO(Cody): Get rid of this. static constexpr size_t UINT_LOG2_BASE = 2; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp index d6a488a1c6..26310c44a8 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp @@ -11,7 +11,7 @@ inline std::vector turbo_selector_names() "q_5", "q_arith", "q_fixed_base", "q_range", "q_logic" }; return result; } -class TurboCircuitConstructor : public CircuitConstructorBase { +class TurboCircuitConstructor : public CircuitConstructorBase> { public: std::vector& w_l = std::get<0>(wires); @@ -19,17 +19,17 @@ class TurboCircuitConstructor : public CircuitConstructorBase& w_o = std::get<2>(wires); std::vector& w_4 = std::get<3>(wires); - std::vector& q_m = std::get<0>(selectors); - std::vector& q_c = std::get<1>(selectors); - std::vector& q_1 = std::get<2>(selectors); - std::vector& q_2 = std::get<3>(selectors); - std::vector& q_3 = std::get<4>(selectors); - std::vector& q_4 = std::get<5>(selectors); - std::vector& q_5 = std::get<6>(selectors); - std::vector& q_arith = std::get<7>(selectors); - std::vector& q_fixed_base = std::get<8>(selectors); - std::vector& q_range = std::get<9>(selectors); - std::vector& q_logic = std::get<10>(selectors); + std::vector& q_m = selectors.q_m; + std::vector& q_c = selectors.q_c; + std::vector& q_1 = selectors.q_1; + std::vector& q_2 = selectors.q_2; + std::vector& q_3 = selectors.q_3; + std::vector& q_4 = selectors.q_4; + std::vector& q_5 = selectors.q_5; + std::vector& q_arith = selectors.q_arith; + std::vector& q_fixed_base = selectors.q_fixed_base; + std::vector& q_range = selectors.q_range; + std::vector& q_logic = selectors.q_logic; static constexpr ComposerType type = ComposerType::TURBO; static constexpr size_t UINT_LOG2_BASE = 2; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp index 1895989b3b..6752b73e6d 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp @@ -146,24 +146,24 @@ inline std::vector ultra_selector_names() return result; } -class UltraCircuitConstructor : public CircuitConstructorBase { +class UltraCircuitConstructor : public CircuitConstructorBase> { public: std::vector& w_l = std::get<0>(wires); std::vector& w_r = std::get<1>(wires); std::vector& w_o = std::get<2>(wires); std::vector& w_4 = std::get<3>(wires); - std::vector& q_m = std::get<0>(selectors); - std::vector& q_c = std::get<1>(selectors); - std::vector& q_1 = std::get<2>(selectors); - std::vector& q_2 = std::get<3>(selectors); - std::vector& q_3 = std::get<4>(selectors); - std::vector& q_4 = std::get<5>(selectors); - std::vector& q_arith = std::get<6>(selectors); - std::vector& q_sort = std::get<7>(selectors); - std::vector& q_elliptic = std::get<8>(selectors); - std::vector& q_aux = std::get<9>(selectors); - std::vector& q_lookup_type = std::get<10>(selectors); + std::vector& q_m = selectors.q_m; + std::vector& q_c = selectors.q_c; + std::vector& q_1 = selectors.q_1; + std::vector& q_2 = selectors.q_2; + std::vector& q_3 = selectors.q_3; + std::vector& q_4 = selectors.q_4; + std::vector& q_arith = selectors.q_arith; + std::vector& q_sort = selectors.q_sort; + std::vector& q_elliptic = selectors.q_elliptic; + std::vector& q_aux = selectors.q_aux; + std::vector& q_lookup_type = selectors.q_lookup_type; // TODO(#216)(Kesha): replace this with Honk enums after we have a verifier and no longer depend on plonk // prover/verifier From 44430c0773d059d744566f333a87279b83f703b0 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:23:32 +0000 Subject: [PATCH 044/119] Reduce boilerplate. --- .../arithmetization/arithmetization.hpp | 98 ++++++++----------- 1 file changed, 42 insertions(+), 56 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index 9299d82ae7..4efca7adda 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -21,6 +21,7 @@ namespace arithmetization { template struct Arithmetization { static constexpr size_t num_wires = _num_wires; static constexpr size_t num_selectors = _num_selectors; + // Note: For even greater modularity, in each instantiation we could specify a list of components here, where a // component is a meaningful collection of functions for creating gates, as in: // @@ -34,76 +35,61 @@ template struct Arithmetization { // We should only do this if it becomes necessary or convenient. }; +template struct SelectorsBase { + using DataType = std::array, num_selectors>; + DataType _data; + size_t size() { return _data.size(); }; + + typename DataType::const_iterator begin() const { return _data.begin(); }; + typename DataType::iterator begin() { return _data.begin(); }; + typename DataType::const_iterator end() const { return _data.end(); }; + typename DataType::iterator end() { return _data.end(); }; +}; + // These are not magic numbers and they should not be written with global constants. These paraters are not accessible // through clearly named static class members. template class Standard : public Arithmetization { public: - struct Selectors { - using DataType = std::array, num_selectors>; - - DataType _data; - std::vector& q_m = std::get<0>(_data); - std::vector& q_1 = std::get<1>(_data); - std::vector& q_2 = std::get<2>(_data); - std::vector& q_3 = std::get<3>(_data); - std::vector& q_c = std::get<4>(_data); - size_t size() { return _data.size(); }; - typename DataType::const_iterator begin() const { return _data.begin(); }; - typename DataType::iterator begin() { return _data.begin(); }; - typename DataType::const_iterator end() const { return _data.end(); }; - typename DataType::iterator end() { return _data.end(); }; + struct Selectors : SelectorsBase { + std::vector& q_m = std::get<0>(this->_data); + std::vector& q_1 = std::get<1>(this->_data); + std::vector& q_2 = std::get<2>(this->_data); + std::vector& q_3 = std::get<3>(this->_data); + std::vector& q_c = std::get<4>(this->_data); }; }; template class Turbo : public Arithmetization { public: - struct Selectors { - using DataType = std::array, num_selectors>; - - DataType _data; - std::vector& q_m = std::get<0>(_data); - std::vector& q_c = std::get<1>(_data); - std::vector& q_1 = std::get<2>(_data); - std::vector& q_2 = std::get<3>(_data); - std::vector& q_3 = std::get<4>(_data); - std::vector& q_4 = std::get<5>(_data); - std::vector& q_5 = std::get<6>(_data); - std::vector& q_arith = std::get<7>(_data); - std::vector& q_fixed_base = std::get<8>(_data); - std::vector& q_range = std::get<9>(_data); - std::vector& q_logic = std::get<10>(_data); - - size_t size() { return _data.size(); }; - typename DataType::const_iterator begin() const { return _data.begin(); }; - typename DataType::iterator begin() { return _data.begin(); }; - typename DataType::const_iterator end() const { return _data.end(); }; - typename DataType::iterator end() { return _data.end(); }; + struct Selectors : SelectorsBase { + std::vector& q_m = std::get<0>(this->_data); + std::vector& q_c = std::get<1>(this->_data); + std::vector& q_1 = std::get<2>(this->_data); + std::vector& q_2 = std::get<3>(this->_data); + std::vector& q_3 = std::get<4>(this->_data); + std::vector& q_4 = std::get<5>(this->_data); + std::vector& q_5 = std::get<6>(this->_data); + std::vector& q_arith = std::get<7>(this->_data); + std::vector& q_fixed_base = std::get<8>(this->_data); + std::vector& q_range = std::get<9>(this->_data); + std::vector& q_logic = std::get<10>(this->_data); }; }; template class Ultra : public Arithmetization { public: - struct Selectors { - using DataType = std::array, num_selectors>; - - DataType _data; - std::vector& q_m = std::get<0>(_data); - std::vector& q_c = std::get<1>(_data); - std::vector& q_1 = std::get<2>(_data); - std::vector& q_2 = std::get<3>(_data); - std::vector& q_3 = std::get<4>(_data); - std::vector& q_4 = std::get<5>(_data); - std::vector& q_arith = std::get<6>(_data); - std::vector& q_sort = std::get<7>(_data); - std::vector& q_elliptic = std::get<8>(_data); - std::vector& q_aux = std::get<9>(_data); - std::vector& q_lookup_type = std::get<10>(_data); - - size_t size() { return _data.size(); }; - typename DataType::const_iterator begin() const { return _data.begin(); }; - typename DataType::iterator begin() { return _data.begin(); }; - typename DataType::const_iterator end() const { return _data.end(); }; - typename DataType::iterator end() { return _data.end(); }; + struct Selectors : SelectorsBase { + std::vector& q_m = std::get<0>(this->_data); + std::vector& q_c = std::get<1>(this->_data); + std::vector& q_1 = std::get<2>(this->_data); + std::vector& q_2 = std::get<3>(this->_data); + std::vector& q_3 = std::get<4>(this->_data); + std::vector& q_4 = std::get<5>(this->_data); + std::vector& q_arith = std::get<6>(this->_data); + std::vector& q_sort = std::get<7>(this->_data); + std::vector& q_elliptic = std::get<8>(this->_data); + std::vector& q_aux = std::get<9>(this->_data); + std::vector& q_lookup_type = std::get<10>(this->_data); }; }; From bdb25d68f2a38bc925c99d8a09c01e1bcd3016b1 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:24:21 +0000 Subject: [PATCH 045/119] Revert "Cheaply fix Flavor.Standard." This reverts commit ea20222dea52ffb2834e8c34ca65b4daea52d62f. --- .../proof_system/flavor/flavor.test.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 6b49e8d78c..ed92a2a155 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -49,11 +49,16 @@ TEST(Flavor, Standard) }; size_t idx = 0; - auto q_c = get_test_polynomial(idx); + auto w_l = get_test_polynomial(idx); + auto w_r = get_test_polynomial(idx); + auto w_o = get_test_polynomial(idx); + auto z_perm = get_test_polynomial(idx); + auto z_perm_shift = get_test_polynomial(idx); + auto q_m = get_test_polynomial(idx); auto q_l = get_test_polynomial(idx); auto q_r = get_test_polynomial(idx); auto q_o = get_test_polynomial(idx); - auto q_m = get_test_polynomial(idx); + auto q_c = get_test_polynomial(idx); auto sigma_1 = get_test_polynomial(idx); auto sigma_2 = get_test_polynomial(idx); auto sigma_3 = get_test_polynomial(idx); @@ -62,11 +67,6 @@ TEST(Flavor, Standard) auto id_3 = get_test_polynomial(idx); auto lagrange_first = get_test_polynomial(idx); auto lagrange_last = get_test_polynomial(idx); - auto w_l = get_test_polynomial(idx); - auto w_r = get_test_polynomial(idx); - auto w_o = get_test_polynomial(idx); - auto z_perm = get_test_polynomial(idx); - auto z_perm_shift = get_test_polynomial(idx); prover_polynomials.w_l = w_l; prover_polynomials.w_r = w_r; From e867a9c0126879cda9d5858575349981250ef139 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:35:55 +0000 Subject: [PATCH 046/119] Trip skipping segfaulting incomplete test. --- .../proof_system/arithmetization/arithmetization.hpp | 2 +- .../proof_system/composer/permutation_helper.test.cpp | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index 4efca7adda..6d432f2ac2 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -28,7 +28,7 @@ template struct Arithmetization { // struct Component { // using Arithmetic = component::Arithmetic3Wires; // using RangeConstraints = component::Base4Accumulators or component::GenPerm or... - // using LooupTables = component::Plookup4Wire or component::CQ8Wire or... + // using LookupTables = component::Plookup4Wire or component::CQ8Wire or... // ... // }; // diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index d945fa5608..392034d6c1 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -64,6 +64,7 @@ TEST_F(PermutationHelperTests, ComputeWireCopyCycles) TEST_F(PermutationHelperTests, ComputePermutationMapping) { + GTEST_SKIP() << "This segfaults on CI when run on its own."; compute_permutation_mapping(circuit_constructor, proving_key.get()); } From cfc911edb42a3b2b05f91a0bd2291a0c7af15c96 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:46:53 +0000 Subject: [PATCH 047/119] Reorg CCI workflow --- .circleci/config.yml | 20 ++++++++++++++++---- cpp/scripts/bb-tests | 11 +---------- cpp/scripts/stdlib-tests | 9 +++++++++ 3 files changed, 26 insertions(+), 14 deletions(-) create mode 100644 cpp/scripts/stdlib-tests diff --git a/.circleci/config.yml b/.circleci/config.yml index c4618ddcca..158f605a36 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -136,6 +136,18 @@ jobs: name: "Build" command: cond_spot_run_build barretenberg-x86_64-linux-clang-assert 64 + stdlib-tests: + docker: + - image: aztecprotocol/alpine-build-image + resource_class: small + steps: + - *checkout + - *setup_env + - run: + name: "Test" + command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib-tests + - *save_logs + barretenberg-tests: docker: - image: aztecprotocol/alpine-build-image @@ -160,8 +172,7 @@ jobs: command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 honk_tests - *save_logs - - stdlib-primitives-tests: + proof-system-tests: docker: - image: aztecprotocol/alpine-build-image resource_class: small @@ -170,7 +181,7 @@ jobs: - *setup_env - run: name: "Test" - command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib_primitives_tests --gtest_filter=-stdlib_biggroup* + command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 proof_system_tests - *save_logs stdlib-biggroup-tests: @@ -247,9 +258,10 @@ workflows: - x86_64-linux-clang - x86_64-linux-clang-assert - wasm-linux-clang + - proof-system-tests: *bb_test - honk-tests: *bb_test - barretenberg-tests: *bb_test - - stdlib-primitives-tests: *bb_test + - stdlib-tests: *bb_test - stdlib-biggroup-tests: *bb_test - stdlib-recursion-turbo-tests: *bb_test - stdlib-recursion-ultra-tests: *bb_test diff --git a/cpp/scripts/bb-tests b/cpp/scripts/bb-tests index ba012981ea..0bdd2508bb 100644 --- a/cpp/scripts/bb-tests +++ b/cpp/scripts/bb-tests @@ -9,16 +9,7 @@ ecc_tests numeric_tests plonk_tests polynomials_tests -proof_system_tests join_split_example_proofs_inner_proof_data_tests join_split_example_proofs_notes_tests srs_tests -stdlib_aes128_tests -stdlib_blake2s_tests -stdlib_blake3s_tests -stdlib_ecdsa_tests -stdlib_merkle_tree_tests -stdlib_pedersen_commitment_tests -stdlib_schnorr_tests -stdlib_sha256_tests -transcript_tests +transcript_tests \ No newline at end of file diff --git a/cpp/scripts/stdlib-tests b/cpp/scripts/stdlib-tests new file mode 100644 index 0000000000..1203dcde82 --- /dev/null +++ b/cpp/scripts/stdlib-tests @@ -0,0 +1,9 @@ +stdlib_primitives_tests --gtest_filter=-stdlib_biggroup* +stdlib_aes128_tests +stdlib_blake2s_tests +stdlib_blake3s_tests +stdlib_ecdsa_tests +stdlib_merkle_tree_tests +stdlib_pedersen_commitment_tests +stdlib_schnorr_tests +stdlib_sha256_tests \ No newline at end of file From 727a47e1a8c7d7d79eac4e241523a07a54a457ca Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:47:30 +0000 Subject: [PATCH 048/119] Fix CCI workflow. --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 158f605a36..de150151e4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -269,7 +269,7 @@ workflows: - benchmark-aggregator: requires: - barretenberg-tests - - stdlib-primitives-tests + - stdlib-tests - stdlib-biggroup-tests - stdlib-recursion-turbo-tests - stdlib-recursion-ultra-tests From 154da15dd83c7e7b2e083146409854d6f194ae13 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 02:56:53 +0000 Subject: [PATCH 049/119] Initialize proving key in SetUp(). --- .../proof_system/composer/permutation_helper.test.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 392034d6c1..0ea257a1d9 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -14,9 +14,6 @@ class PermutationHelperTests : public ::testing::Test { using FF = typename Flavor::FF; Flavor::CircuitConstructor circuit_constructor; ReferenceStringFactory crs_factory = ReferenceStringFactory(); - std::shared_ptr proving_key = [&]() { - return initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); - }(); virtual void SetUp() { @@ -55,6 +52,10 @@ class PermutationHelperTests : public ::testing::Test { v_4 | v_8 | v_12 */} + + std::shared_ptr proving_key = [&]() { + return initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); + }(); }; TEST_F(PermutationHelperTests, ComputeWireCopyCycles) @@ -64,7 +65,6 @@ TEST_F(PermutationHelperTests, ComputeWireCopyCycles) TEST_F(PermutationHelperTests, ComputePermutationMapping) { - GTEST_SKIP() << "This segfaults on CI when run on its own."; compute_permutation_mapping(circuit_constructor, proving_key.get()); } From 62a12d71240dfef8094097ea7cc20c3726106201 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 03:12:35 +0000 Subject: [PATCH 050/119] Write test idiomatically. --- .../proof_system/composer/permutation_helper.test.cpp | 6 +++--- .../barretenberg/proof_system/flavor/flavor.test.cpp | 11 ++++++++++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 0ea257a1d9..088954f41a 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -53,9 +53,9 @@ class PermutationHelperTests : public ::testing::Test { */} - std::shared_ptr proving_key = [&]() { - return initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); - }(); + std::shared_ptr proving_key = + initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); + ; }; TEST_F(PermutationHelperTests, ComputeWireCopyCycles) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index ed92a2a155..a46c3fcb97 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -88,7 +88,16 @@ TEST(Flavor, Standard) prover_polynomials.lagrange_last = lagrange_last; idx = 0; - for (auto& poly : prover_polynomials) { + for (auto& poly : prover_polynomials.get_wires()) { + EXPECT_EQ(poly[0], 4 * idx); + EXPECT_EQ(poly[1], 4 * idx + 1); + EXPECT_EQ(poly[2], 4 * idx + 2); + EXPECT_EQ(poly[3], 4 * idx + 3); + idx++; + }; + + idx = 4; // z_perm_shift is shifted + for (auto& poly : prover_polynomials.get_shifted()) { EXPECT_EQ(poly[0], 4 * idx); EXPECT_EQ(poly[1], 4 * idx + 1); EXPECT_EQ(poly[2], 4 * idx + 2); From 19bedf0e92f34c42f4827a520a7f3522ff8047f1 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 03:20:01 +0000 Subject: [PATCH 051/119] Change num_randomized_gates. --- .../proof_system/composer/permutation_helper.test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 088954f41a..9e06eccc1f 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -54,7 +54,7 @@ class PermutationHelperTests : public ::testing::Test { */} std::shared_ptr proving_key = - initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); + initialize_proving_key(circuit_constructor, &crs_factory, 0, 0, ComposerType::STANDARD); ; }; From 5a77e5b91627900601557b21e52691df4efddf97 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 03:34:06 +0000 Subject: [PATCH 052/119] Fix typo in pk setup. --- .../composer/permutation_helper.test.cpp | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 9e06eccc1f..6228dddfad 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -14,6 +14,7 @@ class PermutationHelperTests : public ::testing::Test { using FF = typename Flavor::FF; Flavor::CircuitConstructor circuit_constructor; ReferenceStringFactory crs_factory = ReferenceStringFactory(); + std::shared_ptr proving_key; virtual void SetUp() { @@ -38,24 +39,25 @@ class PermutationHelperTests : public ::testing::Test { circuit_constructor.create_add_gate({ v_3, v_7, v_11, 0, 0, 0, 0 }); circuit_constructor.create_add_gate({ v_4, v_8, v_12, 0, 0, 0, 0 }); - /* Execution trace: - w_l w_r w_o - ------------------------------ - pub1_idx | pub1_idx | 0 <-- public inputs - pub2_idx | pub2_idx | 0 <-/ - zero_idx | zero_idx | zero_idx <-- fix witness for 0 - one_idx | zero_idx | zero_idx <-- fix witness for 1 - one_idx | one_idx | one_idx <-- ensure nonzero selectors... TODO(Cody): redundant now - v_1 | v_5 | v_9 - v_2 | v_6 | v_10 - v_3 | v_7 | v_11 - v_4 | v_8 | v_12 + /* Execution trace: + w_l w_r w_o + ------------------------------ + pub1_idx | pub1_idx | 0 <-- public inputs + pub2_idx | pub2_idx | 0 <-/ + zero_idx | zero_idx | zero_idx <-- fix witness for 0 + one_idx | zero_idx | zero_idx <-- fix witness for 1 + one_idx | one_idx | one_idx <-- ensure nonzero selectors... TODO(Cody): redundant now + v_1 | v_5 | v_9 + v_2 | v_6 | v_10 + v_3 | v_7 | v_11 + v_4 | v_8 | v_12 - */} + */ - std::shared_ptr proving_key = - initialize_proving_key(circuit_constructor, &crs_factory, 0, 0, ComposerType::STANDARD); - ; + proving_key = initialize_proving_key(circuit_constructor, &crs_factory, 0, 2, ComposerType::STANDARD); + + // construct_selector_polynomials(circuit_constructor, proving_key.get()); + } }; TEST_F(PermutationHelperTests, ComputeWireCopyCycles) From 4d255db5604f8e2be4f8f222e457fe58b9d9e9e8 Mon Sep 17 00:00:00 2001 From: codygunton Date: Wed, 26 Apr 2023 04:09:45 +0000 Subject: [PATCH 053/119] Splitting out biggroup tests saves no time. --- .circleci/config.yml | 14 -------------- cpp/scripts/stdlib-tests | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index de150151e4..92ac550df9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -184,18 +184,6 @@ jobs: command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 proof_system_tests - *save_logs - stdlib-biggroup-tests: - docker: - - image: aztecprotocol/alpine-build-image - resource_class: small - steps: - - *checkout - - *setup_env - - run: - name: "Test" - command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib_primitives_tests --gtest_filter=stdlib_biggroup* - - *save_logs - stdlib-recursion-turbo-tests: docker: - image: aztecprotocol/alpine-build-image @@ -262,7 +250,6 @@ workflows: - honk-tests: *bb_test - barretenberg-tests: *bb_test - stdlib-tests: *bb_test - - stdlib-biggroup-tests: *bb_test - stdlib-recursion-turbo-tests: *bb_test - stdlib-recursion-ultra-tests: *bb_test - join-split-tests: *bb_test @@ -270,7 +257,6 @@ workflows: requires: - barretenberg-tests - stdlib-tests - - stdlib-biggroup-tests - stdlib-recursion-turbo-tests - stdlib-recursion-ultra-tests - join-split-tests diff --git a/cpp/scripts/stdlib-tests b/cpp/scripts/stdlib-tests index 1203dcde82..4f61b0c2f1 100644 --- a/cpp/scripts/stdlib-tests +++ b/cpp/scripts/stdlib-tests @@ -1,4 +1,4 @@ -stdlib_primitives_tests --gtest_filter=-stdlib_biggroup* +stdlib_primitives_tests stdlib_aes128_tests stdlib_blake2s_tests stdlib_blake3s_tests From 3589b0eaae39d237e62093060a2a36f38f686248 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 26 Apr 2023 16:06:01 +0000 Subject: [PATCH 054/119] getting things to build post master merge; all previously passing tests are passing --- .../composer/ultra_honk_composer.test.cpp | 2068 +++++++++-------- cpp/src/barretenberg/honk/flavor/flavor.hpp | 256 -- .../lookup_grand_product_relation.hpp | 227 +- .../relations/relation_correctness.test.cpp | 31 +- 4 files changed, 1166 insertions(+), 1416 deletions(-) delete mode 100644 cpp/src/barretenberg/honk/flavor/flavor.hpp diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 7e857dd490..057aba0af5 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,1032 +1,1036 @@ -#include "ultra_honk_composer.hpp" -#include "barretenberg/common/log.hpp" -#include "barretenberg/honk/proof_system/ultra_prover.hpp" -#include "barretenberg/honk/sumcheck/relations/relation.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" -#include -#include -#include "barretenberg/honk/proof_system/prover.hpp" -#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" -#include "barretenberg/honk/utils/grand_product_delta.hpp" - -// TODO(luke): TEMPORARY; for testing only (comparison with Ultra Plonk composers) -#include "barretenberg/plonk/composer/ultra_composer.hpp" -#include "barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp" -#include "barretenberg/plonk/proof_system/prover/prover.hpp" - -#include -#include - -using namespace proof_system::honk; - -namespace test_ultra_honk_composer { - -std::vector add_variables(auto& composer, std::vector variables) -{ - std::vector res; - for (size_t i = 0; i < variables.size(); i++) { - res.emplace_back(composer.add_variable(variables[i])); - } - return res; -} - -/** - * @brief TEMPORARY method for checking consistency of polynomials computed by Ultra Plonk/Honk composers - * - * @param honk_prover - * @param plonk_prover - */ -void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) -{ - auto& honk_store = honk_prover.key->polynomial_store; - auto& plonk_store = plonk_prover.key->polynomial_store; - - // Check that all selectors and table polynomials agree (aside from the final element which will differ - // due to not enforcing non-zero polynomials in Honk). - for (auto& entry : honk_store) { - std::string key = entry.first; - bool is_selector = (key.find("q_") != std::string::npos) || (key.find("table_type") != std::string::npos); - bool is_table = (key.find("table_value_") != std::string::npos); - if (plonk_store.contains(key) && (is_selector || is_table)) { - // check equality for all but final entry - for (size_t i = 0; i < honk_store.get(key).size() - 1; ++i) { - ASSERT_EQ(honk_store.get(key)[i], plonk_store.get(key)[i]); - } - } - } - - // Check that sorted witness-table polynomials agree - for (auto& entry : honk_store) { - std::string key = entry.first; - bool is_sorted_table = (key.find("s_") != std::string::npos); - if (plonk_store.contains(key) && is_sorted_table) { - ASSERT_EQ(honk_store.get(key), plonk_store.get(key)); - } - } - - // Check that all wires agree - // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. - for (size_t i = 0; i < 4; ++i) { - std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; - ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); - } -} - -/** - * @brief TEMPORARY (verbose) method for checking consistency of polynomials computed by Ultra Plonk/Honk composers - * - * @param honk_prover - * @param plonk_prover - */ -void check_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) -{ - auto& honk_store = honk_prover.key->polynomial_store; - auto& plonk_store = plonk_prover.key->polynomial_store; - for (auto& entry : honk_store) { - std::string key = entry.first; - if (plonk_store.contains(key)) { - - bool polys_equal = (honk_store.get(key) == plonk_store.get(key)); - if (polys_equal) { - info("Equal: ", key); - } - if (!polys_equal) { - info("UNEQUAL: ", key); - } - } - } - - for (size_t i = 0; i < 4; ++i) { - std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; - bool wire_equal = (honk_prover.wire_polynomials[i] == plonk_prover.key->polynomial_store.get(label)); - if (wire_equal) { - info("Wire Equal: ", i); - } - if (!wire_equal) { - info("Wire UNEQUAL: ", i); - } - } - - // std::string label = "w_1_lagrange"; - // for (size_t i = 0; i < plonk_store.get(label).size(); ++i) { - // auto val_honk = honk_prover.wire_polynomials[0][i]; - // // auto val_honk = honk_store.get(label)[i]; - // auto val_plonk = plonk_store.get(label)[i]; - // if (val_honk != val_plonk) { - // info("UNEQUAL index = ", i); - // info("honk: ",val_honk); - // info("plonk: ", val_plonk); - // } - // } -} - -TEST(UltraHonkComposer, create_gates_from_plookup_accumulators) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - barretenberg::fr input_value = fr::random_element(); - { - - const fr input_hi = uint256_t(input_value).slice(126, 256); - const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = honk_composer.add_variable(input_hi); - const auto input_lo_index = honk_composer.add_variable(input_lo); - - const auto sequence_data_hi = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); - const auto sequence_data_lo = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - - const auto lookup_witnesses_hi = honk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = honk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); - } - { - const fr input_hi = uint256_t(input_value).slice(126, 256); - const fr input_lo = uint256_t(input_value).slice(0, 126); - const auto input_hi_index = plonk_composer.add_variable(input_hi); - const auto input_lo_index = plonk_composer.add_variable(input_lo); - - const auto sequence_data_hi = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); - const auto sequence_data_lo = - plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - - const auto lookup_witnesses_hi = plonk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); - const auto lookup_witnesses_lo = plonk_composer.create_gates_from_plookup_accumulators( - plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -/** - * @brief Build UltraHonkComposer - * - */ -TEST(UltraHonkComposer, test_no_lookup_proof) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - size_t MM = 4; - for (size_t i = 0; i < MM; ++i) { - for (size_t j = 0; j < MM; ++j) { - uint64_t left = static_cast(j); - uint64_t right = static_cast(i); - uint32_t left_idx = honk_composer.add_variable(fr(left)); - uint32_t right_idx = honk_composer.add_variable(fr(right)); - uint32_t result_idx = honk_composer.add_variable(fr(left ^ right)); - - uint32_t add_idx = - honk_composer.add_variable(fr(left) + fr(right) + honk_composer.get_variable(result_idx)); - honk_composer.create_big_add_gate( - { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); - } - } - - for (size_t i = 0; i < MM; ++i) { - for (size_t j = 0; j < MM; ++j) { - uint64_t left = static_cast(j); - uint64_t right = static_cast(i); - uint32_t left_idx = plonk_composer.add_variable(fr(left)); - uint32_t right_idx = plonk_composer.add_variable(fr(right)); - uint32_t result_idx = plonk_composer.add_variable(fr(left ^ right)); - - uint32_t add_idx = - plonk_composer.add_variable(fr(left) + fr(right) + plonk_composer.get_variable(result_idx)); - plonk_composer.create_big_add_gate( - { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); - } - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, test_elliptic_gate) -{ - typedef grumpkin::g1::affine_element affine_element; - typedef grumpkin::g1::element element; - - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; - affine_element p3(element(p1) + element(p2)); - - uint32_t x1 = honk_composer.add_variable(p1.x); - uint32_t y1 = honk_composer.add_variable(p1.y); - uint32_t x2 = honk_composer.add_variable(p2.x); - uint32_t y2 = honk_composer.add_variable(p2.y); - uint32_t x3 = honk_composer.add_variable(p3.x); - uint32_t y3 = honk_composer.add_variable(p3.y); - - ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - honk_composer.create_ecc_add_gate(gate); - - grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); - affine_element p2_endo = p2; - p2_endo.x *= beta; - p3 = affine_element(element(p1) + element(p2_endo)); - x3 = honk_composer.add_variable(p3.x); - y3 = honk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - honk_composer.create_ecc_add_gate(gate); - - p2_endo.x *= beta; - p3 = affine_element(element(p1) - element(p2_endo)); - x3 = honk_composer.add_variable(p3.x); - y3 = honk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - honk_composer.create_ecc_add_gate(gate); - } - { - affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; - affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; - affine_element p3(element(p1) + element(p2)); - - uint32_t x1 = plonk_composer.add_variable(p1.x); - uint32_t y1 = plonk_composer.add_variable(p1.y); - uint32_t x2 = plonk_composer.add_variable(p2.x); - uint32_t y2 = plonk_composer.add_variable(p2.y); - uint32_t x3 = plonk_composer.add_variable(p3.x); - uint32_t y3 = plonk_composer.add_variable(p3.y); - - ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; - plonk_composer.create_ecc_add_gate(gate); - - grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); - affine_element p2_endo = p2; - p2_endo.x *= beta; - p3 = affine_element(element(p1) + element(p2_endo)); - x3 = plonk_composer.add_variable(p3.x); - y3 = plonk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; - plonk_composer.create_ecc_add_gate(gate); - - p2_endo.x *= beta; - p3 = affine_element(element(p1) - element(p2_endo)); - x3 = plonk_composer.add_variable(p3.x); - y3 = plonk_composer.add_variable(p3.y); - gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; - plonk_composer.create_ecc_add_gate(gate); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, non_trivial_tag_permutation) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fr a = fr::random_element(); - { - fr b = -a; - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(b); - auto c_idx = honk_composer.add_variable(b); - auto d_idx = honk_composer.add_variable(a); - - honk_composer.create_add_gate( - { a_idx, b_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - honk_composer.create_add_gate( - { c_idx, d_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - - honk_composer.create_tag(1, 2); - honk_composer.create_tag(2, 1); - - honk_composer.assign_tag(a_idx, 1); - honk_composer.assign_tag(b_idx, 1); - honk_composer.assign_tag(c_idx, 2); - honk_composer.assign_tag(d_idx, 2); - } - { - fr b = -a; - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(b); - auto c_idx = plonk_composer.add_variable(b); - auto d_idx = plonk_composer.add_variable(a); - - plonk_composer.create_add_gate( - { a_idx, b_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - plonk_composer.create_add_gate( - { c_idx, d_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - - plonk_composer.create_tag(1, 2); - plonk_composer.create_tag(2, 1); - - plonk_composer.assign_tag(a_idx, 1); - plonk_composer.assign_tag(b_idx, 1); - plonk_composer.assign_tag(c_idx, 2); - plonk_composer.assign_tag(d_idx, 2); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, non_trivial_tag_permutation_and_cycles) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fr a = fr::random_element(); - { - fr c = -a; - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(a); - honk_composer.assert_equal(a_idx, b_idx); - auto c_idx = honk_composer.add_variable(c); - auto d_idx = honk_composer.add_variable(c); - honk_composer.assert_equal(c_idx, d_idx); - auto e_idx = honk_composer.add_variable(a); - auto f_idx = honk_composer.add_variable(a); - honk_composer.assert_equal(e_idx, f_idx); - auto g_idx = honk_composer.add_variable(c); - auto h_idx = honk_composer.add_variable(c); - honk_composer.assert_equal(g_idx, h_idx); - - honk_composer.create_tag(1, 2); - honk_composer.create_tag(2, 1); - - honk_composer.assign_tag(a_idx, 1); - honk_composer.assign_tag(c_idx, 1); - honk_composer.assign_tag(e_idx, 2); - honk_composer.assign_tag(g_idx, 2); - - honk_composer.create_add_gate( - { b_idx, a_idx, honk_composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - honk_composer.create_add_gate( - { c_idx, g_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - honk_composer.create_add_gate( - { e_idx, f_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); - } - { - fr c = -a; - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(a); - plonk_composer.assert_equal(a_idx, b_idx); - auto c_idx = plonk_composer.add_variable(c); - auto d_idx = plonk_composer.add_variable(c); - plonk_composer.assert_equal(c_idx, d_idx); - auto e_idx = plonk_composer.add_variable(a); - auto f_idx = plonk_composer.add_variable(a); - plonk_composer.assert_equal(e_idx, f_idx); - auto g_idx = plonk_composer.add_variable(c); - auto h_idx = plonk_composer.add_variable(c); - plonk_composer.assert_equal(g_idx, h_idx); - - plonk_composer.create_tag(1, 2); - plonk_composer.create_tag(2, 1); - - plonk_composer.assign_tag(a_idx, 1); - plonk_composer.assign_tag(c_idx, 1); - plonk_composer.assign_tag(e_idx, 2); - plonk_composer.assign_tag(g_idx, 2); - - plonk_composer.create_add_gate( - { b_idx, a_idx, plonk_composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); - plonk_composer.create_add_gate( - { c_idx, g_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - plonk_composer.create_add_gate( - { e_idx, f_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, bad_tag_permutation) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fr a = fr::random_element(); - { - fr b = -a; - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(b); - auto c_idx = honk_composer.add_variable(b); - auto d_idx = honk_composer.add_variable(a + 1); - - honk_composer.create_add_gate({ a_idx, b_idx, honk_composer.get_zero_idx(), 1, 1, 0, 0 }); - honk_composer.create_add_gate({ c_idx, d_idx, honk_composer.get_zero_idx(), 1, 1, 0, -1 }); - - honk_composer.create_tag(1, 2); - honk_composer.create_tag(2, 1); - - honk_composer.assign_tag(a_idx, 1); - honk_composer.assign_tag(b_idx, 1); - honk_composer.assign_tag(c_idx, 2); - honk_composer.assign_tag(d_idx, 2); - } - { - fr b = -a; - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(b); - auto c_idx = plonk_composer.add_variable(b); - auto d_idx = plonk_composer.add_variable(a + 1); - - plonk_composer.create_add_gate({ a_idx, b_idx, plonk_composer.zero_idx, 1, 1, 0, 0 }); - plonk_composer.create_add_gate({ c_idx, d_idx, plonk_composer.zero_idx, 1, 1, 0, -1 }); - - plonk_composer.create_tag(1, 2); - plonk_composer.create_tag(2, 1); - - plonk_composer.assign_tag(a_idx, 1); - plonk_composer.assign_tag(b_idx, 1); - plonk_composer.assign_tag(c_idx, 2); - plonk_composer.assign_tag(d_idx, 2); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, sort_widget) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - fr a = fr::one(); - fr b = fr(2); - fr c = fr(3); - fr d = fr(4); - - auto a_idx = honk_composer.add_variable(a); - auto b_idx = honk_composer.add_variable(b); - auto c_idx = honk_composer.add_variable(c); - auto d_idx = honk_composer.add_variable(d); - honk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - } - { - fr a = fr::one(); - fr b = fr(2); - fr c = fr(3); - fr d = fr(4); - - auto a_idx = plonk_composer.add_variable(a); - auto b_idx = plonk_composer.add_variable(b); - auto c_idx = plonk_composer.add_variable(c); - auto d_idx = plonk_composer.add_variable(d); - plonk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, sort_with_edges_gate) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto idx = add_variables(honk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - - honk_composer.create_sort_constraint_with_edges(idx, 1, 29); - } - { - auto idx = add_variables(plonk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, - 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - - plonk_composer.create_sort_constraint_with_edges(idx, 1, 29); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, range_constraint) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto indices = - add_variables(honk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); - for (size_t i = 0; i < indices.size(); i++) { - honk_composer.create_new_range_constraint(indices[i], 79); - } - honk_composer.create_dummy_constraints(indices); - } - { - auto indices = - add_variables(plonk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); - for (size_t i = 0; i < indices.size(); i++) { - plonk_composer.create_new_range_constraint(indices[i], 79); - } - plonk_composer.create_dummy_constraints(indices); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, range_with_gates) -{ - - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - honk_composer.create_new_range_constraint(idx[i], 8); - } - - honk_composer.create_add_gate( - { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - honk_composer.create_add_gate( - { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - honk_composer.create_add_gate( - { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - honk_composer.create_add_gate( - { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - } - { - auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - plonk_composer.create_new_range_constraint(idx[i], 8); - } - - plonk_composer.create_add_gate( - { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - plonk_composer.create_add_gate( - { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - plonk_composer.create_add_gate( - { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - plonk_composer.create_add_gate( - { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, range_with_gates_where_range_is_not_a_power_of_two) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - honk_composer.create_new_range_constraint(idx[i], 12); - } - - honk_composer.create_add_gate( - { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); - honk_composer.create_add_gate( - { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); - honk_composer.create_add_gate( - { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); - honk_composer.create_add_gate( - { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); - } - { - auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); - for (size_t i = 0; i < idx.size(); i++) { - plonk_composer.create_new_range_constraint(idx[i], 12); - } - - plonk_composer.create_add_gate( - { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); - plonk_composer.create_add_gate( - { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); - plonk_composer.create_add_gate( - { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); - plonk_composer.create_add_gate( - { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, sort_widget_complex) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - { - std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; - std::vector ind; - for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(honk_composer.add_variable(a[i])); - honk_composer.create_sort_constraint(ind); - } - { - std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; - std::vector ind; - for (size_t i = 0; i < a.size(); i++) - ind.emplace_back(plonk_composer.add_variable(a[i])); - plonk_composer.create_sort_constraint(ind); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, composed_range_constraint) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - auto c = fr::random_element(); - { - auto d = uint256_t(c).slice(0, 133); - auto e = fr(d); - auto a_idx = honk_composer.add_variable(fr(e)); - honk_composer.create_add_gate( - { a_idx, honk_composer.get_zero_idx(), honk_composer.get_zero_idx(), 1, 0, 0, -fr(e) }); - honk_composer.decompose_into_default_range(a_idx, 134); - } - { - auto d = uint256_t(c).slice(0, 133); - auto e = fr(d); - auto a_idx = plonk_composer.add_variable(fr(e)); - plonk_composer.create_add_gate({ a_idx, plonk_composer.zero_idx, plonk_composer.zero_idx, 1, 0, 0, -fr(e) }); - plonk_composer.decompose_into_default_range(a_idx, 134); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, non_native_field_multiplication) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - fq a = fq::random_element(); - fq b = fq::random_element(); - { - uint256_t modulus = fq::modulus; - - uint1024_t a_big = uint512_t(uint256_t(a)); - uint1024_t b_big = uint512_t(uint256_t(b)); - uint1024_t p_big = uint512_t(uint256_t(modulus)); - - uint1024_t q_big = (a_big * b_big) / p_big; - uint1024_t r_big = (a_big * b_big) % p_big; - - uint256_t q(q_big.lo.lo); - uint256_t r(r_big.lo.lo); - - const auto split_into_limbs = [&](const uint512_t& input) { - constexpr size_t NUM_BITS = 68; - std::array limbs; - limbs[0] = input.slice(0, NUM_BITS).lo; - limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; - limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; - limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; - limbs[4] = fr(input.lo); - return limbs; - }; - - const auto get_limb_witness_indices = [&](const std::array& limbs) { - std::array limb_indices; - limb_indices[0] = honk_composer.add_variable(limbs[0]); - limb_indices[1] = honk_composer.add_variable(limbs[1]); - limb_indices[2] = honk_composer.add_variable(limbs[2]); - limb_indices[3] = honk_composer.add_variable(limbs[3]); - limb_indices[4] = honk_composer.add_variable(limbs[4]); - return limb_indices; - }; - const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); - auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); - - const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); - const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); - const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); - const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); - - proof_system::non_native_field_witnesses inputs{ - a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), - }; - const auto [lo_1_idx, hi_1_idx] = honk_composer.queue_non_native_field_multiplication(inputs); - honk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - } - { - uint256_t modulus = fq::modulus; - - uint1024_t a_big = uint512_t(uint256_t(a)); - uint1024_t b_big = uint512_t(uint256_t(b)); - uint1024_t p_big = uint512_t(uint256_t(modulus)); - - uint1024_t q_big = (a_big * b_big) / p_big; - uint1024_t r_big = (a_big * b_big) % p_big; - - uint256_t q(q_big.lo.lo); - uint256_t r(r_big.lo.lo); - - const auto split_into_limbs = [&](const uint512_t& input) { - constexpr size_t NUM_BITS = 68; - std::array limbs; - limbs[0] = input.slice(0, NUM_BITS).lo; - limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; - limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; - limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; - limbs[4] = fr(input.lo); - return limbs; - }; - - const auto get_limb_witness_indices = [&](const std::array& limbs) { - std::array limb_indices; - limb_indices[0] = plonk_composer.add_variable(limbs[0]); - limb_indices[1] = plonk_composer.add_variable(limbs[1]); - limb_indices[2] = plonk_composer.add_variable(limbs[2]); - limb_indices[3] = plonk_composer.add_variable(limbs[3]); - limb_indices[4] = plonk_composer.add_variable(limbs[4]); - return limb_indices; - }; - const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); - auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); - - const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); - const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); - const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); - const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); - - proof_system::plonk::UltraComposer::non_native_field_witnesses inputs{ - a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), - }; - const auto [lo_1_idx, hi_1_idx] = plonk_composer.queue_non_native_field_multiplication(inputs); - plonk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, rom) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - auto a = fr::random_element(); - auto b = fr::random_element(); - auto c = fr::random_element(); - auto d = fr::random_element(); - auto e = fr::random_element(); - auto f = fr::random_element(); - auto g = fr::random_element(); - auto h = fr::random_element(); - { - uint32_t rom_values[8]{ - honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), - honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), - honk_composer.add_variable(g), honk_composer.add_variable(h), - }; - - size_t rom_id = honk_composer.create_ROM_array(8); - - for (size_t i = 0; i < 8; ++i) { - honk_composer.set_ROM_element(rom_id, i, rom_values[i]); - } - - uint32_t a_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(5)); - EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(4)); - uint32_t c_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(1)); - - const auto d_value = - honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + honk_composer.get_variable(c_idx); - uint32_t d_idx = honk_composer.add_variable(d_value); - - honk_composer.create_big_add_gate({ - a_idx, - b_idx, - c_idx, - d_idx, - 1, - 1, - 1, - -1, - 0, - }); - } - { - uint32_t rom_values[8]{ - plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), - plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), - plonk_composer.add_variable(g), plonk_composer.add_variable(h), - }; - - size_t rom_id = plonk_composer.create_ROM_array(8); - - for (size_t i = 0; i < 8; ++i) { - plonk_composer.set_ROM_element(rom_id, i, rom_values[i]); - } - - uint32_t a_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(5)); - EXPECT_EQ(a_idx != rom_values[5], true); - uint32_t b_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(4)); - uint32_t c_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(1)); - - const auto d_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + - plonk_composer.get_variable(c_idx); - uint32_t d_idx = plonk_composer.add_variable(d_value); - - plonk_composer.create_big_add_gate({ - a_idx, - b_idx, - c_idx, - d_idx, - 1, - 1, - 1, - -1, - 0, - }); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - check_consistency(honk_prover, plonk_prover); - verify_consistency(honk_prover, plonk_prover); -} - -TEST(UltraHonkComposer, ram) -{ - auto honk_composer = UltraHonkComposer(); - auto plonk_composer = proof_system::plonk::UltraComposer(); - - auto a = fr::random_element(); - auto b = fr::random_element(); - auto c = fr::random_element(); - auto d = fr::random_element(); - auto e = fr::random_element(); - auto f = fr::random_element(); - auto g = fr::random_element(); - auto h = fr::random_element(); - { - uint32_t ram_values[8]{ - honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), - honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), - honk_composer.add_variable(g), honk_composer.add_variable(h), - }; - - size_t ram_id = honk_composer.create_RAM_array(8); - - for (size_t i = 0; i < 8; ++i) { - honk_composer.init_RAM_element(ram_id, i, ram_values[i]); - } - - uint32_t a_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(5)); - EXPECT_EQ(a_idx != ram_values[5], true); - - uint32_t b_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); - uint32_t c_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(1)); - - honk_composer.write_RAM_array(ram_id, honk_composer.add_variable(4), honk_composer.add_variable(500)); - uint32_t d_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); - - EXPECT_EQ(honk_composer.get_variable(d_idx), 500); - - // ensure these vars get used in another arithmetic gate - const auto e_value = honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + - honk_composer.get_variable(c_idx) + honk_composer.get_variable(d_idx); - uint32_t e_idx = honk_composer.add_variable(e_value); - - honk_composer.create_big_add_gate( - { - a_idx, - b_idx, - c_idx, - d_idx, - -1, - -1, - -1, - -1, - 0, - }, - true); - honk_composer.create_big_add_gate( - { - honk_composer.get_zero_idx(), - honk_composer.get_zero_idx(), - honk_composer.get_zero_idx(), - e_idx, - 0, - 0, - 0, - 0, - 0, - }, - false); - } - { - uint32_t ram_values[8]{ - plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), - plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), - plonk_composer.add_variable(g), plonk_composer.add_variable(h), - }; - - size_t ram_id = plonk_composer.create_RAM_array(8); - - for (size_t i = 0; i < 8; ++i) { - plonk_composer.init_RAM_element(ram_id, i, ram_values[i]); - } - - uint32_t a_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(5)); - EXPECT_EQ(a_idx != ram_values[5], true); - - uint32_t b_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); - uint32_t c_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(1)); - - plonk_composer.write_RAM_array(ram_id, plonk_composer.add_variable(4), plonk_composer.add_variable(500)); - uint32_t d_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); - - EXPECT_EQ(plonk_composer.get_variable(d_idx), 500); - - // ensure these vars get used in another arithmetic gate - const auto e_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + - plonk_composer.get_variable(c_idx) + plonk_composer.get_variable(d_idx); - uint32_t e_idx = plonk_composer.add_variable(e_value); - - plonk_composer.create_big_add_gate( - { - a_idx, - b_idx, - c_idx, - d_idx, - -1, - -1, - -1, - -1, - 0, - }, - true); - plonk_composer.create_big_add_gate( - { - plonk_composer.zero_idx, - plonk_composer.zero_idx, - plonk_composer.zero_idx, - e_idx, - 0, - 0, - 0, - 0, - 0, - }, - false); - } - - auto honk_prover = honk_composer.create_prover(); - auto plonk_prover = plonk_composer.create_prover(); - - verify_consistency(honk_prover, plonk_prover); -} - -} // namespace test_ultra_honk_composer +// // WORKTODO +// #include "ultra_honk_composer.hpp" +// #include "barretenberg/common/log.hpp" +// #include "barretenberg/honk/proof_system/ultra_prover.hpp" +// #include "barretenberg/honk/sumcheck/relations/relation.hpp" +// #include "barretenberg/numeric/uint256/uint256.hpp" +// #include "barretenberg/honk/flavor/flavor.hpp" +// #include +// #include +// #include "barretenberg/honk/proof_system/prover.hpp" +// #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" +// #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" +// #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" +// #include "barretenberg/honk/utils/grand_product_delta.hpp" + +// // TODO(luke): TEMPORARY; for testing only (comparison with Ultra Plonk composers) +// #include "barretenberg/plonk/composer/ultra_composer.hpp" +// #include "barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp" +// #include "barretenberg/plonk/proof_system/prover/prover.hpp" + +// #include +// #include + +// using namespace proof_system::honk; + +// namespace test_ultra_honk_composer { + +// std::vector add_variables(auto& composer, std::vector variables) +// { +// std::vector res; +// for (size_t i = 0; i < variables.size(); i++) { +// res.emplace_back(composer.add_variable(variables[i])); +// } +// return res; +// } + +// /** +// * @brief TEMPORARY method for checking consistency of polynomials computed by Ultra Plonk/Honk composers +// * +// * @param honk_prover +// * @param plonk_prover +// */ +// void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) +// { +// auto& honk_store = honk_prover.key->polynomial_store; +// auto& plonk_store = plonk_prover.key->polynomial_store; + +// // Check that all selectors and table polynomials agree (aside from the final element which will differ +// // due to not enforcing non-zero polynomials in Honk). +// for (auto& entry : honk_store) { +// std::string key = entry.first; +// bool is_selector = (key.find("q_") != std::string::npos) || (key.find("table_type") != std::string::npos); +// bool is_table = (key.find("table_value_") != std::string::npos); +// if (plonk_store.contains(key) && (is_selector || is_table)) { +// // check equality for all but final entry +// for (size_t i = 0; i < honk_store.get(key).size() - 1; ++i) { +// ASSERT_EQ(honk_store.get(key)[i], plonk_store.get(key)[i]); +// } +// } +// } + +// // Check that sorted witness-table polynomials agree +// for (auto& entry : honk_store) { +// std::string key = entry.first; +// bool is_sorted_table = (key.find("s_") != std::string::npos); +// if (plonk_store.contains(key) && is_sorted_table) { +// ASSERT_EQ(honk_store.get(key), plonk_store.get(key)); +// } +// } + +// // Check that all wires agree +// // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. +// for (size_t i = 0; i < 4; ++i) { +// std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; +// ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); +// } +// } + +// /** +// * @brief TEMPORARY (verbose) method for checking consistency of polynomials computed by Ultra Plonk/Honk composers +// * +// * @param honk_prover +// * @param plonk_prover +// */ +// void check_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) +// { +// auto& honk_store = honk_prover.key->polynomial_store; +// auto& plonk_store = plonk_prover.key->polynomial_store; +// for (auto& entry : honk_store) { +// std::string key = entry.first; +// if (plonk_store.contains(key)) { + +// bool polys_equal = (honk_store.get(key) == plonk_store.get(key)); +// if (polys_equal) { +// info("Equal: ", key); +// } +// if (!polys_equal) { +// info("UNEQUAL: ", key); +// } +// } +// } + +// for (size_t i = 0; i < 4; ++i) { +// std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; +// bool wire_equal = (honk_prover.wire_polynomials[i] == plonk_prover.key->polynomial_store.get(label)); +// if (wire_equal) { +// info("Wire Equal: ", i); +// } +// if (!wire_equal) { +// info("Wire UNEQUAL: ", i); +// } +// } + +// // std::string label = "w_1_lagrange"; +// // for (size_t i = 0; i < plonk_store.get(label).size(); ++i) { +// // auto val_honk = honk_prover.wire_polynomials[0][i]; +// // // auto val_honk = honk_store.get(label)[i]; +// // auto val_plonk = plonk_store.get(label)[i]; +// // if (val_honk != val_plonk) { +// // info("UNEQUAL index = ", i); +// // info("honk: ",val_honk); +// // info("plonk: ", val_plonk); +// // } +// // } +// } + +// TEST(UltraHonkComposer, create_gates_from_plookup_accumulators) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// barretenberg::fr input_value = fr::random_element(); +// { + +// const fr input_hi = uint256_t(input_value).slice(126, 256); +// const fr input_lo = uint256_t(input_value).slice(0, 126); +// const auto input_hi_index = honk_composer.add_variable(input_hi); +// const auto input_lo_index = honk_composer.add_variable(input_lo); + +// const auto sequence_data_hi = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); +// const auto sequence_data_lo = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + +// const auto lookup_witnesses_hi = honk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); +// const auto lookup_witnesses_lo = honk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); +// } +// { +// const fr input_hi = uint256_t(input_value).slice(126, 256); +// const fr input_lo = uint256_t(input_value).slice(0, 126); +// const auto input_hi_index = plonk_composer.add_variable(input_hi); +// const auto input_lo_index = plonk_composer.add_variable(input_lo); + +// const auto sequence_data_hi = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); +// const auto sequence_data_lo = +// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + +// const auto lookup_witnesses_hi = plonk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); +// const auto lookup_witnesses_lo = plonk_composer.create_gates_from_plookup_accumulators( +// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// /** +// * @brief Build UltraHonkComposer +// * +// */ +// TEST(UltraHonkComposer, test_no_lookup_proof) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// size_t MM = 4; +// for (size_t i = 0; i < MM; ++i) { +// for (size_t j = 0; j < MM; ++j) { +// uint64_t left = static_cast(j); +// uint64_t right = static_cast(i); +// uint32_t left_idx = honk_composer.add_variable(fr(left)); +// uint32_t right_idx = honk_composer.add_variable(fr(right)); +// uint32_t result_idx = honk_composer.add_variable(fr(left ^ right)); + +// uint32_t add_idx = +// honk_composer.add_variable(fr(left) + fr(right) + honk_composer.get_variable(result_idx)); +// honk_composer.create_big_add_gate( +// { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); +// } +// } + +// for (size_t i = 0; i < MM; ++i) { +// for (size_t j = 0; j < MM; ++j) { +// uint64_t left = static_cast(j); +// uint64_t right = static_cast(i); +// uint32_t left_idx = plonk_composer.add_variable(fr(left)); +// uint32_t right_idx = plonk_composer.add_variable(fr(right)); +// uint32_t result_idx = plonk_composer.add_variable(fr(left ^ right)); + +// uint32_t add_idx = +// plonk_composer.add_variable(fr(left) + fr(right) + plonk_composer.get_variable(result_idx)); +// plonk_composer.create_big_add_gate( +// { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); +// } +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, test_elliptic_gate) +// { +// typedef grumpkin::g1::affine_element affine_element; +// typedef grumpkin::g1::element element; + +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; +// affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; +// affine_element p3(element(p1) + element(p2)); + +// uint32_t x1 = honk_composer.add_variable(p1.x); +// uint32_t y1 = honk_composer.add_variable(p1.y); +// uint32_t x2 = honk_composer.add_variable(p2.x); +// uint32_t y2 = honk_composer.add_variable(p2.y); +// uint32_t x3 = honk_composer.add_variable(p3.x); +// uint32_t y3 = honk_composer.add_variable(p3.y); + +// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; +// honk_composer.create_ecc_add_gate(gate); + +// grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); +// affine_element p2_endo = p2; +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) + element(p2_endo)); +// x3 = honk_composer.add_variable(p3.x); +// y3 = honk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; +// honk_composer.create_ecc_add_gate(gate); + +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) - element(p2_endo)); +// x3 = honk_composer.add_variable(p3.x); +// y3 = honk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; +// honk_composer.create_ecc_add_gate(gate); +// } +// { +// affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; +// affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; +// affine_element p3(element(p1) + element(p2)); + +// uint32_t x1 = plonk_composer.add_variable(p1.x); +// uint32_t y1 = plonk_composer.add_variable(p1.y); +// uint32_t x2 = plonk_composer.add_variable(p2.x); +// uint32_t y2 = plonk_composer.add_variable(p2.y); +// uint32_t x3 = plonk_composer.add_variable(p3.x); +// uint32_t y3 = plonk_composer.add_variable(p3.y); + +// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; +// plonk_composer.create_ecc_add_gate(gate); + +// grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); +// affine_element p2_endo = p2; +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) + element(p2_endo)); +// x3 = plonk_composer.add_variable(p3.x); +// y3 = plonk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; +// plonk_composer.create_ecc_add_gate(gate); + +// p2_endo.x *= beta; +// p3 = affine_element(element(p1) - element(p2_endo)); +// x3 = plonk_composer.add_variable(p3.x); +// y3 = plonk_composer.add_variable(p3.y); +// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; +// plonk_composer.create_ecc_add_gate(gate); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, non_trivial_tag_permutation) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fr a = fr::random_element(); +// { +// fr b = -a; + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(b); +// auto c_idx = honk_composer.add_variable(b); +// auto d_idx = honk_composer.add_variable(a); + +// honk_composer.create_add_gate( +// { a_idx, b_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); +// honk_composer.create_add_gate( +// { c_idx, d_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); + +// honk_composer.create_tag(1, 2); +// honk_composer.create_tag(2, 1); + +// honk_composer.assign_tag(a_idx, 1); +// honk_composer.assign_tag(b_idx, 1); +// honk_composer.assign_tag(c_idx, 2); +// honk_composer.assign_tag(d_idx, 2); +// } +// { +// fr b = -a; + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(b); +// auto c_idx = plonk_composer.add_variable(b); +// auto d_idx = plonk_composer.add_variable(a); + +// plonk_composer.create_add_gate( +// { a_idx, b_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); +// plonk_composer.create_add_gate( +// { c_idx, d_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + +// plonk_composer.create_tag(1, 2); +// plonk_composer.create_tag(2, 1); + +// plonk_composer.assign_tag(a_idx, 1); +// plonk_composer.assign_tag(b_idx, 1); +// plonk_composer.assign_tag(c_idx, 2); +// plonk_composer.assign_tag(d_idx, 2); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, non_trivial_tag_permutation_and_cycles) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fr a = fr::random_element(); +// { +// fr c = -a; + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(a); +// honk_composer.assert_equal(a_idx, b_idx); +// auto c_idx = honk_composer.add_variable(c); +// auto d_idx = honk_composer.add_variable(c); +// honk_composer.assert_equal(c_idx, d_idx); +// auto e_idx = honk_composer.add_variable(a); +// auto f_idx = honk_composer.add_variable(a); +// honk_composer.assert_equal(e_idx, f_idx); +// auto g_idx = honk_composer.add_variable(c); +// auto h_idx = honk_composer.add_variable(c); +// honk_composer.assert_equal(g_idx, h_idx); + +// honk_composer.create_tag(1, 2); +// honk_composer.create_tag(2, 1); + +// honk_composer.assign_tag(a_idx, 1); +// honk_composer.assign_tag(c_idx, 1); +// honk_composer.assign_tag(e_idx, 2); +// honk_composer.assign_tag(g_idx, 2); + +// honk_composer.create_add_gate( +// { b_idx, a_idx, honk_composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); +// honk_composer.create_add_gate( +// { c_idx, g_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// honk_composer.create_add_gate( +// { e_idx, f_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// } +// { +// fr c = -a; + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(a); +// plonk_composer.assert_equal(a_idx, b_idx); +// auto c_idx = plonk_composer.add_variable(c); +// auto d_idx = plonk_composer.add_variable(c); +// plonk_composer.assert_equal(c_idx, d_idx); +// auto e_idx = plonk_composer.add_variable(a); +// auto f_idx = plonk_composer.add_variable(a); +// plonk_composer.assert_equal(e_idx, f_idx); +// auto g_idx = plonk_composer.add_variable(c); +// auto h_idx = plonk_composer.add_variable(c); +// plonk_composer.assert_equal(g_idx, h_idx); + +// plonk_composer.create_tag(1, 2); +// plonk_composer.create_tag(2, 1); + +// plonk_composer.assign_tag(a_idx, 1); +// plonk_composer.assign_tag(c_idx, 1); +// plonk_composer.assign_tag(e_idx, 2); +// plonk_composer.assign_tag(g_idx, 2); + +// plonk_composer.create_add_gate( +// { b_idx, a_idx, plonk_composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); +// plonk_composer.create_add_gate( +// { c_idx, g_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// plonk_composer.create_add_gate( +// { e_idx, f_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, bad_tag_permutation) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fr a = fr::random_element(); +// { +// fr b = -a; + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(b); +// auto c_idx = honk_composer.add_variable(b); +// auto d_idx = honk_composer.add_variable(a + 1); + +// honk_composer.create_add_gate({ a_idx, b_idx, honk_composer.get_zero_idx(), 1, 1, 0, 0 }); +// honk_composer.create_add_gate({ c_idx, d_idx, honk_composer.get_zero_idx(), 1, 1, 0, -1 }); + +// honk_composer.create_tag(1, 2); +// honk_composer.create_tag(2, 1); + +// honk_composer.assign_tag(a_idx, 1); +// honk_composer.assign_tag(b_idx, 1); +// honk_composer.assign_tag(c_idx, 2); +// honk_composer.assign_tag(d_idx, 2); +// } +// { +// fr b = -a; + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(b); +// auto c_idx = plonk_composer.add_variable(b); +// auto d_idx = plonk_composer.add_variable(a + 1); + +// plonk_composer.create_add_gate({ a_idx, b_idx, plonk_composer.zero_idx, 1, 1, 0, 0 }); +// plonk_composer.create_add_gate({ c_idx, d_idx, plonk_composer.zero_idx, 1, 1, 0, -1 }); + +// plonk_composer.create_tag(1, 2); +// plonk_composer.create_tag(2, 1); + +// plonk_composer.assign_tag(a_idx, 1); +// plonk_composer.assign_tag(b_idx, 1); +// plonk_composer.assign_tag(c_idx, 2); +// plonk_composer.assign_tag(d_idx, 2); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, sort_widget) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// fr a = fr::one(); +// fr b = fr(2); +// fr c = fr(3); +// fr d = fr(4); + +// auto a_idx = honk_composer.add_variable(a); +// auto b_idx = honk_composer.add_variable(b); +// auto c_idx = honk_composer.add_variable(c); +// auto d_idx = honk_composer.add_variable(d); +// honk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); +// } +// { +// fr a = fr::one(); +// fr b = fr(2); +// fr c = fr(3); +// fr d = fr(4); + +// auto a_idx = plonk_composer.add_variable(a); +// auto b_idx = plonk_composer.add_variable(b); +// auto c_idx = plonk_composer.add_variable(c); +// auto d_idx = plonk_composer.add_variable(d); +// plonk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, sort_with_edges_gate) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto idx = add_variables(honk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, +// 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + +// honk_composer.create_sort_constraint_with_edges(idx, 1, 29); +// } +// { +// auto idx = add_variables(plonk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, +// 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + +// plonk_composer.create_sort_constraint_with_edges(idx, 1, 29); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, range_constraint) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto indices = +// add_variables(honk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 +// }); +// for (size_t i = 0; i < indices.size(); i++) { +// honk_composer.create_new_range_constraint(indices[i], 79); +// } +// honk_composer.create_dummy_constraints(indices); +// } +// { +// auto indices = +// add_variables(plonk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 +// }); +// for (size_t i = 0; i < indices.size(); i++) { +// plonk_composer.create_new_range_constraint(indices[i], 79); +// } +// plonk_composer.create_dummy_constraints(indices); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, range_with_gates) +// { + +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// honk_composer.create_new_range_constraint(idx[i], 8); +// } + +// honk_composer.create_add_gate( +// { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); +// honk_composer.create_add_gate( +// { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); +// honk_composer.create_add_gate( +// { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); +// honk_composer.create_add_gate( +// { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); +// } +// { +// auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// plonk_composer.create_new_range_constraint(idx[i], 8); +// } + +// plonk_composer.create_add_gate( +// { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); +// plonk_composer.create_add_gate( +// { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); +// plonk_composer.create_add_gate( +// { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); +// plonk_composer.create_add_gate( +// { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, range_with_gates_where_range_is_not_a_power_of_two) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// honk_composer.create_new_range_constraint(idx[i], 12); +// } + +// honk_composer.create_add_gate( +// { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); +// honk_composer.create_add_gate( +// { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); +// honk_composer.create_add_gate( +// { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); +// honk_composer.create_add_gate( +// { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); +// } +// { +// auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); +// for (size_t i = 0; i < idx.size(); i++) { +// plonk_composer.create_new_range_constraint(idx[i], 12); +// } + +// plonk_composer.create_add_gate( +// { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); +// plonk_composer.create_add_gate( +// { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); +// plonk_composer.create_add_gate( +// { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); +// plonk_composer.create_add_gate( +// { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, sort_widget_complex) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// { +// std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; +// std::vector ind; +// for (size_t i = 0; i < a.size(); i++) +// ind.emplace_back(honk_composer.add_variable(a[i])); +// honk_composer.create_sort_constraint(ind); +// } +// { +// std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; +// std::vector ind; +// for (size_t i = 0; i < a.size(); i++) +// ind.emplace_back(plonk_composer.add_variable(a[i])); +// plonk_composer.create_sort_constraint(ind); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, composed_range_constraint) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// auto c = fr::random_element(); +// { +// auto d = uint256_t(c).slice(0, 133); +// auto e = fr(d); +// auto a_idx = honk_composer.add_variable(fr(e)); +// honk_composer.create_add_gate( +// { a_idx, honk_composer.get_zero_idx(), honk_composer.get_zero_idx(), 1, 0, 0, -fr(e) }); +// honk_composer.decompose_into_default_range(a_idx, 134); +// } +// { +// auto d = uint256_t(c).slice(0, 133); +// auto e = fr(d); +// auto a_idx = plonk_composer.add_variable(fr(e)); +// plonk_composer.create_add_gate({ a_idx, plonk_composer.zero_idx, plonk_composer.zero_idx, 1, 0, 0, -fr(e) }); +// plonk_composer.decompose_into_default_range(a_idx, 134); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, non_native_field_multiplication) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// fq a = fq::random_element(); +// fq b = fq::random_element(); +// { +// uint256_t modulus = fq::modulus; + +// uint1024_t a_big = uint512_t(uint256_t(a)); +// uint1024_t b_big = uint512_t(uint256_t(b)); +// uint1024_t p_big = uint512_t(uint256_t(modulus)); + +// uint1024_t q_big = (a_big * b_big) / p_big; +// uint1024_t r_big = (a_big * b_big) % p_big; + +// uint256_t q(q_big.lo.lo); +// uint256_t r(r_big.lo.lo); + +// const auto split_into_limbs = [&](const uint512_t& input) { +// constexpr size_t NUM_BITS = 68; +// std::array limbs; +// limbs[0] = input.slice(0, NUM_BITS).lo; +// limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; +// limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; +// limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; +// limbs[4] = fr(input.lo); +// return limbs; +// }; + +// const auto get_limb_witness_indices = [&](const std::array& limbs) { +// std::array limb_indices; +// limb_indices[0] = honk_composer.add_variable(limbs[0]); +// limb_indices[1] = honk_composer.add_variable(limbs[1]); +// limb_indices[2] = honk_composer.add_variable(limbs[2]); +// limb_indices[3] = honk_composer.add_variable(limbs[3]); +// limb_indices[4] = honk_composer.add_variable(limbs[4]); +// return limb_indices; +// }; +// const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); +// auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); + +// const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); +// const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); +// const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); +// const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); + +// proof_system::non_native_field_witnesses inputs{ +// a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), +// }; +// const auto [lo_1_idx, hi_1_idx] = honk_composer.queue_non_native_field_multiplication(inputs); +// honk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); +// } +// { +// uint256_t modulus = fq::modulus; + +// uint1024_t a_big = uint512_t(uint256_t(a)); +// uint1024_t b_big = uint512_t(uint256_t(b)); +// uint1024_t p_big = uint512_t(uint256_t(modulus)); + +// uint1024_t q_big = (a_big * b_big) / p_big; +// uint1024_t r_big = (a_big * b_big) % p_big; + +// uint256_t q(q_big.lo.lo); +// uint256_t r(r_big.lo.lo); + +// const auto split_into_limbs = [&](const uint512_t& input) { +// constexpr size_t NUM_BITS = 68; +// std::array limbs; +// limbs[0] = input.slice(0, NUM_BITS).lo; +// limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; +// limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; +// limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; +// limbs[4] = fr(input.lo); +// return limbs; +// }; + +// const auto get_limb_witness_indices = [&](const std::array& limbs) { +// std::array limb_indices; +// limb_indices[0] = plonk_composer.add_variable(limbs[0]); +// limb_indices[1] = plonk_composer.add_variable(limbs[1]); +// limb_indices[2] = plonk_composer.add_variable(limbs[2]); +// limb_indices[3] = plonk_composer.add_variable(limbs[3]); +// limb_indices[4] = plonk_composer.add_variable(limbs[4]); +// return limb_indices; +// }; +// const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); +// auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); + +// const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); +// const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); +// const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); +// const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); + +// proof_system::plonk::UltraComposer::non_native_field_witnesses inputs{ +// a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), +// }; +// const auto [lo_1_idx, hi_1_idx] = plonk_composer.queue_non_native_field_multiplication(inputs); +// plonk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, rom) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// auto a = fr::random_element(); +// auto b = fr::random_element(); +// auto c = fr::random_element(); +// auto d = fr::random_element(); +// auto e = fr::random_element(); +// auto f = fr::random_element(); +// auto g = fr::random_element(); +// auto h = fr::random_element(); +// { +// uint32_t rom_values[8]{ +// honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), +// honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), +// honk_composer.add_variable(g), honk_composer.add_variable(h), +// }; + +// size_t rom_id = honk_composer.create_ROM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// honk_composer.set_ROM_element(rom_id, i, rom_values[i]); +// } + +// uint32_t a_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != rom_values[5], true); +// uint32_t b_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(4)); +// uint32_t c_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(1)); + +// const auto d_value = +// honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + +// honk_composer.get_variable(c_idx); +// uint32_t d_idx = honk_composer.add_variable(d_value); + +// honk_composer.create_big_add_gate({ +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// 1, +// 1, +// 1, +// -1, +// 0, +// }); +// } +// { +// uint32_t rom_values[8]{ +// plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), +// plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), +// plonk_composer.add_variable(g), plonk_composer.add_variable(h), +// }; + +// size_t rom_id = plonk_composer.create_ROM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// plonk_composer.set_ROM_element(rom_id, i, rom_values[i]); +// } + +// uint32_t a_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != rom_values[5], true); +// uint32_t b_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(4)); +// uint32_t c_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(1)); + +// const auto d_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + +// plonk_composer.get_variable(c_idx); +// uint32_t d_idx = plonk_composer.add_variable(d_value); + +// plonk_composer.create_big_add_gate({ +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// 1, +// 1, +// 1, +// -1, +// 0, +// }); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// check_consistency(honk_prover, plonk_prover); +// verify_consistency(honk_prover, plonk_prover); +// } + +// TEST(UltraHonkComposer, ram) +// { +// auto honk_composer = UltraHonkComposer(); +// auto plonk_composer = proof_system::plonk::UltraComposer(); + +// auto a = fr::random_element(); +// auto b = fr::random_element(); +// auto c = fr::random_element(); +// auto d = fr::random_element(); +// auto e = fr::random_element(); +// auto f = fr::random_element(); +// auto g = fr::random_element(); +// auto h = fr::random_element(); +// { +// uint32_t ram_values[8]{ +// honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), +// honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), +// honk_composer.add_variable(g), honk_composer.add_variable(h), +// }; + +// size_t ram_id = honk_composer.create_RAM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// honk_composer.init_RAM_element(ram_id, i, ram_values[i]); +// } + +// uint32_t a_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != ram_values[5], true); + +// uint32_t b_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); +// uint32_t c_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(1)); + +// honk_composer.write_RAM_array(ram_id, honk_composer.add_variable(4), honk_composer.add_variable(500)); +// uint32_t d_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); + +// EXPECT_EQ(honk_composer.get_variable(d_idx), 500); + +// // ensure these vars get used in another arithmetic gate +// const auto e_value = honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + +// honk_composer.get_variable(c_idx) + honk_composer.get_variable(d_idx); +// uint32_t e_idx = honk_composer.add_variable(e_value); + +// honk_composer.create_big_add_gate( +// { +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// -1, +// -1, +// -1, +// -1, +// 0, +// }, +// true); +// honk_composer.create_big_add_gate( +// { +// honk_composer.get_zero_idx(), +// honk_composer.get_zero_idx(), +// honk_composer.get_zero_idx(), +// e_idx, +// 0, +// 0, +// 0, +// 0, +// 0, +// }, +// false); +// } +// { +// uint32_t ram_values[8]{ +// plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), +// plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), +// plonk_composer.add_variable(g), plonk_composer.add_variable(h), +// }; + +// size_t ram_id = plonk_composer.create_RAM_array(8); + +// for (size_t i = 0; i < 8; ++i) { +// plonk_composer.init_RAM_element(ram_id, i, ram_values[i]); +// } + +// uint32_t a_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(5)); +// EXPECT_EQ(a_idx != ram_values[5], true); + +// uint32_t b_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); +// uint32_t c_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(1)); + +// plonk_composer.write_RAM_array(ram_id, plonk_composer.add_variable(4), plonk_composer.add_variable(500)); +// uint32_t d_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); + +// EXPECT_EQ(plonk_composer.get_variable(d_idx), 500); + +// // ensure these vars get used in another arithmetic gate +// const auto e_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + +// plonk_composer.get_variable(c_idx) + plonk_composer.get_variable(d_idx); +// uint32_t e_idx = plonk_composer.add_variable(e_value); + +// plonk_composer.create_big_add_gate( +// { +// a_idx, +// b_idx, +// c_idx, +// d_idx, +// -1, +// -1, +// -1, +// -1, +// 0, +// }, +// true); +// plonk_composer.create_big_add_gate( +// { +// plonk_composer.zero_idx, +// plonk_composer.zero_idx, +// plonk_composer.zero_idx, +// e_idx, +// 0, +// 0, +// 0, +// 0, +// 0, +// }, +// false); +// } + +// auto honk_prover = honk_composer.create_prover(); +// auto plonk_prover = plonk_composer.create_prover(); + +// verify_consistency(honk_prover, plonk_prover); +// } + +// } // namespace test_ultra_honk_composer diff --git a/cpp/src/barretenberg/honk/flavor/flavor.hpp b/cpp/src/barretenberg/honk/flavor/flavor.hpp deleted file mode 100644 index 05e7f2fb50..0000000000 --- a/cpp/src/barretenberg/honk/flavor/flavor.hpp +++ /dev/null @@ -1,256 +0,0 @@ -#pragma once -#include -#include -#include "barretenberg/common/log.hpp" -#include "barretenberg/proof_system/arithmetization/arithmetization.hpp" -#include "barretenberg/transcript/manifest.hpp" - -namespace proof_system::honk { -// TODO(Cody) This _should_ be shared with Plonk, but it isn't. -struct StandardArithmetization { - /** - * @brief All of the multivariate polynomials used by the Standard Honk Prover. - * @details The polynomials are broken into three categories: precomputed, witness, and shifted. - * This separation must be maintained to allow for programmatic access, but the ordering of the - * polynomials can be permuted within each category if necessary. Polynomials can also be added - * or removed (assuming consistency with the prover algorithm) but the constants describing the - * number of polynomials in each category must be manually updated. - * - */ - enum POLYNOMIAL { - /* --- PRECOMPUTED POLYNOMIALS --- */ - Q_C, - Q_L, - Q_R, - Q_O, - Q_M, - SIGMA_1, - SIGMA_2, - SIGMA_3, - ID_1, - ID_2, - ID_3, - LAGRANGE_FIRST, - LAGRANGE_LAST, // = LAGRANGE_N-1 whithout ZK, but can be less - /* --- WITNESS POLYNOMIALS --- */ - W_L, - W_R, - W_O, - Z_PERM, - /* --- SHIFTED POLYNOMIALS --- */ - Z_PERM_SHIFT, - /* --- --- */ - COUNT // for programmatic determination of NUM_POLYNOMIALS - }; - - static constexpr size_t NUM_POLYNOMIALS = POLYNOMIAL::COUNT; - static constexpr size_t NUM_SHIFTED_POLYNOMIALS = 1; - static constexpr size_t NUM_PRECOMPUTED_POLYNOMIALS = 13; - static constexpr size_t NUM_UNSHIFTED_POLYNOMIALS = NUM_POLYNOMIALS - NUM_SHIFTED_POLYNOMIALS; - - // *** WARNING: The order of this array must be manually updated to match POLYNOMIAL enum *** - // TODO(luke): This is a temporary measure to associate the above enum with sting tags. Its only needed because - // the - // polynomials/commitments in the prover/verifier are stored in maps. This storage could be converted to simple - // arrays at which point these string tags can be removed. - inline static const std::array ENUM_TO_COMM = { - "Q_C", "Q_1", "Q_2", "Q_3", "Q_M", "SIGMA_1", - "SIGMA_2", "SIGMA_3", "ID_1", "ID_2", "ID_3", "LAGRANGE_FIRST", - "LAGRANGE_LAST", "W_1", "W_2", "W_3", "Z_PERM", "Z_PERM_SHIFT" - }; -}; -} // namespace proof_system::honk - -namespace proof_system::honk { -struct StandardHonk { - public: - // This whole file is broken; changes here are in anticipation of a follow-up rework of the flavor specificaiton. - using Arithmetization = arithmetization::Standard; - using MULTIVARIATE = proof_system::honk::StandardArithmetization::POLYNOMIAL; - // // TODO(Cody): Where to specify? is this polynomial manifest size? - // static constexpr size_t STANDARD_HONK_MANIFEST_SIZE = 16; - // TODO(Cody): Maybe relation should be supplied and this should be computed as is done in sumcheck? - // Then honk::StandardHonk (or whatever we rename it) would become an alias for a Honk flavor with a - // certain set of parameters, including the relations? - static constexpr size_t MAX_RELATION_LENGTH = 5; - - // TODO(Cody): should extract this from the parameter pack. Maybe that should be done here? - - // num_sumcheck_rounds = 1 if using quotient polynomials, otherwise = number of sumcheck rounds - static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds = 1) - { - constexpr size_t g1_size = 64; - constexpr size_t fr_size = 32; - const size_t public_input_size = fr_size * num_public_inputs; - // clang-format off - /* A RoundManifest describes data that will be put in or extracted from a transcript. - Here we have (1 + 7 + num_sumcheck_rounds)-many RoundManifests. */ - std::vector manifest_rounds; - - // Round 0 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { - { .name = "circuit_size", .num_bytes = 4, .derived_by_verifier = true }, - { .name = "public_input_size", .num_bytes = 4, .derived_by_verifier = true } - }, - /* challenge_name = */ "init", - /* num_challenges_in = */ 1)); - - // Round 1 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { /* this is a noop */ }, - /* challenge_name = */ "eta", - /* num_challenges_in = */ 0)); - - // Round 2 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { - { .name = "public_inputs", .num_bytes = public_input_size, .derived_by_verifier = false }, - { .name = "W_1", .num_bytes = g1_size, .derived_by_verifier = false }, - { .name = "W_2", .num_bytes = g1_size, .derived_by_verifier = false }, - { .name = "W_3", .num_bytes = g1_size, .derived_by_verifier = false }, - }, - /* challenge_name = */ "beta", - /* num_challenges_in = */ 2) // also produce "gamma" - ); - - // Round 3 - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { { .name = "Z_PERM", .num_bytes = g1_size, .derived_by_verifier = false } }, - /* challenge_name = */ "alpha", - /* num_challenges_in = */ 2) - ); - - // Rounds 4, ... 4 + num_sumcheck_rounds-1 - for (size_t i = 0; i < num_sumcheck_rounds; i++) { - auto label = std::to_string(i); - manifest_rounds.emplace_back( - transcript::Manifest::RoundManifest( - { - { .name = "univariate_" + label, .num_bytes = fr_size * honk::StandardHonk::MAX_RELATION_LENGTH, .derived_by_verifier = false } - }, - /* challenge_name = */ "u_" + label, - /* num_challenges_in = */ 1)); - } - - // Round 5 + num_sumcheck_rounds - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - { - { .name = "multivariate_evaluations", .num_bytes = fr_size * honk::StandardArithmetization::NUM_POLYNOMIALS, .derived_by_verifier = false, .challenge_map_index = 0 }, - }, - /* challenge_name = */ "rho", - /* num_challenges_in = */ 1)); /* TODO(Cody): magic number! Where should this be specified? */ - - // Rounds 6 + num_sumcheck_rounds, ... , 6 + 2 * num_sumcheck_rounds - 1 - std::vector fold_commitment_entries; - for (size_t i = 1; i < num_sumcheck_rounds; i++) { - fold_commitment_entries.emplace_back(transcript::Manifest::ManifestEntry( - { .name = "FOLD_" + std::to_string(i), .num_bytes = g1_size, .derived_by_verifier = false })); - }; - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - fold_commitment_entries, - /* challenge_name = */ "r", - /* num_challenges_in */ 1)); - - // Rounds 6 + 2 * num_sumcheck_rounds, ..., 6 + 3 * num_sumcheck_rounds - std::vector gemini_evaluation_entries; - for (size_t i = 0; i < num_sumcheck_rounds; i++) { - gemini_evaluation_entries.emplace_back(transcript::Manifest::ManifestEntry( - { .name = "a_" + std::to_string(i), .num_bytes = fr_size, .derived_by_verifier = false })); - }; - manifest_rounds.emplace_back(transcript::Manifest::RoundManifest( - gemini_evaluation_entries, - /* challenge_name = */ "nu", - /* num_challenges_in */ 1)); - - // Round 7 + 3 * num_sumcheck_rounds - manifest_rounds.emplace_back( - transcript::Manifest::RoundManifest( - { - { .name = "Q", .num_bytes = g1_size, .derived_by_verifier = false } - }, - /* challenge_name = */ "z", - /* num_challenges_in */ 1)); - - // Round 8 + 3 * num_sumcheck_rounds - manifest_rounds.emplace_back( - transcript::Manifest::RoundManifest( - { - { .name = "W", .num_bytes = g1_size, .derived_by_verifier = false } - }, - /* challenge_name = */ "separator", - /* num_challenges_in */ 1)); - - // clang-format on - - auto output = transcript::Manifest(manifest_rounds); - return output; - } -}; - -struct UltraArithmetization { - /** - * @brief All of the multivariate polynomials used by the Ultra Honk Prover. - * @details The polynomials are broken into three categories: precomputed, witness, and shifted. - * This separation must be maintained to allow for programmatic access, but the ordering of the - * polynomials can be permuted within each category if necessary. Polynomials can also be added - * or removed (assuming consistency with the prover algorithm) but the constants describing the - * number of polynomials in each category must be manually updated. - * - */ - enum POLYNOMIAL { - /* --- PRECOMPUTED POLYNOMIALS --- */ - Q_C, - Q_L, - Q_R, - Q_O, - Q_4, - Q_M, - QARITH, - QSORT, - QELLIPTIC, - QAUX, - QLOOKUPTYPE, - SIGMA_1, - SIGMA_2, - SIGMA_3, - SIGMA_4, - ID_1, - ID_2, - ID_3, - ID_4, - TABLE_1, - TABLE_2, - TABLE_3, - TABLE_4, - LAGRANGE_FIRST, - LAGRANGE_LAST, // = LAGRANGE_N-1 whithout ZK, but can be less - /* --- WITNESS POLYNOMIALS --- */ - W_L, - W_R, - W_O, - W_4, - S_1, - S_2, - S_3, - S_4, - S_ACCUM, - Z_PERM, - Z_LOOKUP, - /* --- SHIFTED POLYNOMIALS --- */ - W_1_SHIFT, - W_2_SHIFT, - W_3_SHIFT, - W_4_SHIFT, - TABLE_1_SHIFT, - TABLE_2_SHIFT, - TABLE_3_SHIFT, - TABLE_4_SHIFT, - S_ACCUM_SHIFT, - Z_PERM_SHIFT, - Z_LOOKUP_SHIFT, - /* --- --- */ - COUNT // for programmatic determination of NUM_POLYNOMIALS - }; -}; -} // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp index a7495eee31..a5631e1c85 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp @@ -3,13 +3,16 @@ #include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" +#pragma GCC diagnostic ignored "-Wunused-variable" +#pragma GCC diagnostic ignored "-Wunused-parameter" + namespace proof_system::honk::sumcheck { template class LookupGrandProductComputationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 6; // deg(z_lookup * column_selector * wire * q_lookup * table) = 5 - using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; + // using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; /** * @brief Compute contribution of the lookup grand prod relation for a given edge (internal function) @@ -44,57 +47,57 @@ template class LookupGrandProductComputationRelation { const auto eta_sqr = eta * eta; const auto eta_cube = eta_sqr * eta; - auto w_1 = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - auto w_2 = UnivariateView(extended_edges[MULTIVARIATE::W_R]); - auto w_3 = UnivariateView(extended_edges[MULTIVARIATE::W_O]); - - auto w_1_shift = UnivariateView(extended_edges[MULTIVARIATE::W_1_SHIFT]); - auto w_2_shift = UnivariateView(extended_edges[MULTIVARIATE::W_2_SHIFT]); - auto w_3_shift = UnivariateView(extended_edges[MULTIVARIATE::W_3_SHIFT]); - - auto table_1 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_1]); - auto table_2 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_2]); - auto table_3 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_3]); - auto table_4 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_4]); - - auto table_1_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_1_SHIFT]); - auto table_2_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_2_SHIFT]); - auto table_3_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_3_SHIFT]); - auto table_4_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_4_SHIFT]); - - auto s_accum = UnivariateView(extended_edges[MULTIVARIATE::S_ACCUM]); - auto s_accum_shift = UnivariateView(extended_edges[MULTIVARIATE::S_ACCUM_SHIFT]); - - auto z_lookup = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP]); - auto z_lookup_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]); - - auto table_index = UnivariateView(extended_edges[MULTIVARIATE::Q_O]); - auto column_1_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_R]); - auto column_2_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_M]); - auto column_3_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_C]); - auto q_lookup = UnivariateView(extended_edges[MULTIVARIATE::QLOOKUPTYPE]); - - auto lagrange_first = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_FIRST]); - auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); - - // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. - auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + - (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; - - // t_1 + ηt_2 + η²t_3 + η³t_4 - auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; - // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift - auto table_accum_shift = - table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; - - // Contribution (1) - auto tmp = (q_lookup * wire_accum + gamma); - tmp *= (table_accum + table_accum_shift * beta + gamma_by_one_plus_beta); - tmp *= one_plus_beta; - tmp *= (z_lookup + lagrange_first); - tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * - (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); - evals += tmp * scaling_factor; + // auto w_1 = UnivariateView(extended_edges[MULTIVARIATE::W_L]); + // auto w_2 = UnivariateView(extended_edges[MULTIVARIATE::W_R]); + // auto w_3 = UnivariateView(extended_edges[MULTIVARIATE::W_O]); + + // auto w_1_shift = UnivariateView(extended_edges[MULTIVARIATE::W_1_SHIFT]); + // auto w_2_shift = UnivariateView(extended_edges[MULTIVARIATE::W_2_SHIFT]); + // auto w_3_shift = UnivariateView(extended_edges[MULTIVARIATE::W_3_SHIFT]); + + // auto table_1 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_1]); + // auto table_2 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_2]); + // auto table_3 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_3]); + // auto table_4 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_4]); + + // auto table_1_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_1_SHIFT]); + // auto table_2_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_2_SHIFT]); + // auto table_3_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_3_SHIFT]); + // auto table_4_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_4_SHIFT]); + + // auto s_accum = UnivariateView(extended_edges[MULTIVARIATE::S_ACCUM]); + // auto s_accum_shift = UnivariateView(extended_edges[MULTIVARIATE::S_ACCUM_SHIFT]); + + // auto z_lookup = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP]); + // auto z_lookup_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]); + + // auto table_index = UnivariateView(extended_edges[MULTIVARIATE::Q_O]); + // auto column_1_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_R]); + // auto column_2_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_M]); + // auto column_3_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_C]); + // auto q_lookup = UnivariateView(extended_edges[MULTIVARIATE::QLOOKUPTYPE]); + + // auto lagrange_first = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_FIRST]); + // auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + + // // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. + // auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + + // (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; + + // // t_1 + ηt_2 + η²t_3 + η³t_4 + // auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; + // // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift + // auto table_accum_shift = + // table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; + + // // Contribution (1) + // auto tmp = (q_lookup * wire_accum + gamma); + // tmp *= (table_accum + table_accum_shift * beta + gamma_by_one_plus_beta); + // tmp *= one_plus_beta; + // tmp *= (z_lookup + lagrange_first); + // tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * + // (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); + // evals += tmp * scaling_factor; }; void add_full_relation_value_contribution(FF& full_honk_relation_value, @@ -111,56 +114,56 @@ template class LookupGrandProductComputationRelation { const auto eta_sqr = eta * eta; const auto eta_cube = eta_sqr * eta; - auto w_1 = purported_evaluations[MULTIVARIATE::W_L]; - auto w_2 = purported_evaluations[MULTIVARIATE::W_R]; - auto w_3 = purported_evaluations[MULTIVARIATE::W_O]; - - auto w_1_shift = purported_evaluations[MULTIVARIATE::W_1_SHIFT]; - auto w_2_shift = purported_evaluations[MULTIVARIATE::W_2_SHIFT]; - auto w_3_shift = purported_evaluations[MULTIVARIATE::W_3_SHIFT]; - - auto table_1 = purported_evaluations[MULTIVARIATE::TABLE_1]; - auto table_2 = purported_evaluations[MULTIVARIATE::TABLE_2]; - auto table_3 = purported_evaluations[MULTIVARIATE::TABLE_3]; - auto table_4 = purported_evaluations[MULTIVARIATE::TABLE_4]; - - auto table_1_shift = purported_evaluations[MULTIVARIATE::TABLE_1_SHIFT]; - auto table_2_shift = purported_evaluations[MULTIVARIATE::TABLE_2_SHIFT]; - auto table_3_shift = purported_evaluations[MULTIVARIATE::TABLE_3_SHIFT]; - auto table_4_shift = purported_evaluations[MULTIVARIATE::TABLE_4_SHIFT]; - - auto s_accum = purported_evaluations[MULTIVARIATE::S_ACCUM]; - auto s_accum_shift = purported_evaluations[MULTIVARIATE::S_ACCUM_SHIFT]; - auto z_lookup = purported_evaluations[MULTIVARIATE::Z_LOOKUP]; - auto z_lookup_shift = purported_evaluations[MULTIVARIATE::Z_LOOKUP_SHIFT]; - - auto table_index = purported_evaluations[MULTIVARIATE::Q_O]; - auto column_1_step_size = purported_evaluations[MULTIVARIATE::Q_R]; - auto column_2_step_size = purported_evaluations[MULTIVARIATE::Q_M]; - auto column_3_step_size = purported_evaluations[MULTIVARIATE::Q_C]; - auto q_lookup = purported_evaluations[MULTIVARIATE::QLOOKUPTYPE]; - - auto lagrange_first = purported_evaluations[MULTIVARIATE::LAGRANGE_FIRST]; - auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; - - // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. - auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + - (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; - - // t_1 + ηt_2 + η²t_3 + η³t_4 - auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; - // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift - auto table_accum_shift = - table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; - - // Contribution (1) - auto tmp = (q_lookup * wire_accum + gamma); - tmp *= (table_accum + beta * table_accum_shift + gamma_by_one_plus_beta); - tmp *= one_plus_beta; - tmp *= (z_lookup + lagrange_first); - tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * - (s_accum + beta * s_accum_shift + gamma_by_one_plus_beta); - full_honk_relation_value += tmp; + // auto w_1 = purported_evaluations[MULTIVARIATE::W_L]; + // auto w_2 = purported_evaluations[MULTIVARIATE::W_R]; + // auto w_3 = purported_evaluations[MULTIVARIATE::W_O]; + + // auto w_1_shift = purported_evaluations[MULTIVARIATE::W_1_SHIFT]; + // auto w_2_shift = purported_evaluations[MULTIVARIATE::W_2_SHIFT]; + // auto w_3_shift = purported_evaluations[MULTIVARIATE::W_3_SHIFT]; + + // auto table_1 = purported_evaluations[MULTIVARIATE::TABLE_1]; + // auto table_2 = purported_evaluations[MULTIVARIATE::TABLE_2]; + // auto table_3 = purported_evaluations[MULTIVARIATE::TABLE_3]; + // auto table_4 = purported_evaluations[MULTIVARIATE::TABLE_4]; + + // auto table_1_shift = purported_evaluations[MULTIVARIATE::TABLE_1_SHIFT]; + // auto table_2_shift = purported_evaluations[MULTIVARIATE::TABLE_2_SHIFT]; + // auto table_3_shift = purported_evaluations[MULTIVARIATE::TABLE_3_SHIFT]; + // auto table_4_shift = purported_evaluations[MULTIVARIATE::TABLE_4_SHIFT]; + + // auto s_accum = purported_evaluations[MULTIVARIATE::S_ACCUM]; + // auto s_accum_shift = purported_evaluations[MULTIVARIATE::S_ACCUM_SHIFT]; + // auto z_lookup = purported_evaluations[MULTIVARIATE::Z_LOOKUP]; + // auto z_lookup_shift = purported_evaluations[MULTIVARIATE::Z_LOOKUP_SHIFT]; + + // auto table_index = purported_evaluations[MULTIVARIATE::Q_O]; + // auto column_1_step_size = purported_evaluations[MULTIVARIATE::Q_R]; + // auto column_2_step_size = purported_evaluations[MULTIVARIATE::Q_M]; + // auto column_3_step_size = purported_evaluations[MULTIVARIATE::Q_C]; + // auto q_lookup = purported_evaluations[MULTIVARIATE::QLOOKUPTYPE]; + + // auto lagrange_first = purported_evaluations[MULTIVARIATE::LAGRANGE_FIRST]; + // auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + + // // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. + // auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + + // (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; + + // // t_1 + ηt_2 + η²t_3 + η³t_4 + // auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; + // // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift + // auto table_accum_shift = + // table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; + + // // Contribution (1) + // auto tmp = (q_lookup * wire_accum + gamma); + // tmp *= (table_accum + beta * table_accum_shift + gamma_by_one_plus_beta); + // tmp *= one_plus_beta; + // tmp *= (z_lookup + lagrange_first); + // tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * + // (s_accum + beta * s_accum_shift + gamma_by_one_plus_beta); + // full_honk_relation_value += tmp; }; }; @@ -168,7 +171,7 @@ template class LookupGrandProductInitializationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 3; // deg(lagrange_last * z_lookup_shift) = 2 - using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; + // using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; /** * @brief Compute contribution of the lookup grand prod relation for a given edge (internal function) @@ -184,22 +187,20 @@ template class LookupGrandProductInitializationRelation { inline void add_edge_contribution(Univariate& evals, const auto& extended_edges, const RelationParameters& /*unused*/, - const FF& scaling_factor) const - { - auto z_lookup_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]); - auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + const FF& scaling_factor) const { + // auto z_lookup_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]); + // auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); - evals += (lagrange_last * z_lookup_shift) * scaling_factor; + // evals += (lagrange_last * z_lookup_shift) * scaling_factor; }; void add_full_relation_value_contribution(FF& full_honk_relation_value, auto& purported_evaluations, - const RelationParameters& /*unused*/) const - { - auto z_lookup_shift = purported_evaluations[MULTIVARIATE::Z_LOOKUP_SHIFT]; - auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + const RelationParameters& /*unused*/) const { + // auto z_lookup_shift = purported_evaluations[MULTIVARIATE::Z_LOOKUP_SHIFT]; + // auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; - full_honk_relation_value += lagrange_last * z_lookup_shift; + // full_honk_relation_value += lagrange_last * z_lookup_shift; }; }; } // namespace proof_system::honk::sumcheck \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 2a1157590f..7b5f9e3788 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -225,15 +225,16 @@ TEST(RelationCorrectness, UltraRelationCorrectness) // Construct local sorted_list_polynomials to pass to compute_sorted_list_accumulator() std::vector sorted_list_polynomials; for (size_t i = 0; i < 4; ++i) { - std::string label = "s_" + std::to_string(i + 1) + "_lagrange"; - sorted_list_polynomials.emplace_back(prover.key->polynomial_store.get(label)); + // std::string label = "s_" + std::to_string(i + 1) + "_lagrange"; + // sorted_list_polynomials.emplace_back(prover.key->polynomial_store.get(label)); + sorted_list_polynomials.emplace_back(prover.key->circuit_size); } // Compute sorted witness-table accumulator auto sorted_list_accumulator = - prover_library::compute_sorted_list_accumulator(prover.key, sorted_list_polynomials, eta); + prover_library::compute_sorted_list_accumulator(prover.key, sorted_list_polynomials, eta); // Compute lookup grand product polynomial - auto z_lookup = prover_library::compute_lookup_grand_product( + auto z_lookup = prover_library::compute_lookup_grand_product( prover.key, prover.wire_polynomials, sorted_list_accumulator, eta, beta, gamma); // Create an array of spans to the underlying polynomials to more easily @@ -256,10 +257,10 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.table_2 = prover.key->table_2; prover_polynomials.table_3 = prover.key->table_3; prover_polynomials.table_4 = prover.key->table_4; - prover_polynomials.z_perm = z_perm_poly; - prover_polynomials.z_perm_shift = z_perm_poly.shifted(); - prover_polynomials.z_lookup = z_perm_poly; - prover_polynomials.z_lookup_shift = z_perm_poly.shifted(); + prover_polynomials.z_perm = z_permutation; + prover_polynomials.z_perm_shift = z_permutation.shifted(); + prover_polynomials.z_lookup = z_lookup; + prover_polynomials.z_lookup_shift = z_lookup.shifted(); prover_polynomials.q_m = prover.key->q_m; prover_polynomials.q_l = prover.key->q_l; prover_polynomials.q_r = prover.key->q_r; @@ -351,9 +352,9 @@ TEST(RelationCorrectness, UltraRelationCorrectness) auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), honk::sumcheck::UltraArithmeticRelationSecondary(), honk::sumcheck::UltraGrandProductInitializationRelation(), - honk::sumcheck::UltraGrandProductComputationRelation(), - honk::sumcheck::LookupGrandProductComputationRelation(), - honk::sumcheck::LookupGrandProductInitializationRelation()); + honk::sumcheck::UltraGrandProductComputationRelation()); + // honk::sumcheck::LookupGrandProductComputationRelation(), + // honk::sumcheck::LookupGrandProductInitializationRelation()); fr result = 0; for (size_t i = 0; i < prover.key->circuit_size; i++) { @@ -381,11 +382,11 @@ TEST(RelationCorrectness, UltraRelationCorrectness) std::get<3>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); ASSERT_EQ(result, 0); - std::get<4>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - ASSERT_EQ(result, 0); + // std::get<4>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + // ASSERT_EQ(result, 0); - std::get<5>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - ASSERT_EQ(result, 0); + // std::get<5>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + // ASSERT_EQ(result, 0); } } From 6601e978b2bb8db27beb4f79079b3067dd36c618 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 26 Apr 2023 16:20:51 +0000 Subject: [PATCH 055/119] well ok now its building anyway --- .../relations/lookup_grand_product_relation.hpp | 1 - .../sumcheck/relations/relation_correctness.test.cpp | 10 ++++++++-- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 8 ++++++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp index a5631e1c85..44bfa3d2e1 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp @@ -1,6 +1,5 @@ #pragma once #include "relation.hpp" -#include "barretenberg/honk/flavor/flavor.hpp" #include "../polynomials/univariate.hpp" #pragma GCC diagnostic ignored "-Wunused-variable" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 7b5f9e3788..ee0aec1ca9 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -154,8 +154,6 @@ TEST(RelationCorrectness, UltraRelationCorrectness) // Create a composer and a dummy circuit with a few gates auto composer = UltraHonkComposer(); - // static const size_t num_wires = 4; - barretenberg::fr pedersen_input_value = fr::random_element(); fr a = fr::one(); // Using the public variable to check that public_input_delta is computed and added to the relation correctly @@ -248,15 +246,23 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.w_o = prover.wire_polynomials[2]; prover_polynomials.w_4 = prover.wire_polynomials[3]; prover_polynomials.w_l_shift = prover.wire_polynomials[0].shifted(); + prover_polynomials.w_r_shift = prover.wire_polynomials[1].shifted(); + prover_polynomials.w_o_shift = prover.wire_polynomials[2].shifted(); prover_polynomials.w_4_shift = prover.wire_polynomials[3].shifted(); prover_polynomials.sorted_1 = prover.key->sorted_1; prover_polynomials.sorted_2 = prover.key->sorted_2; prover_polynomials.sorted_3 = prover.key->sorted_3; prover_polynomials.sorted_4 = prover.key->sorted_4; + prover_polynomials.sorted_accum = sorted_list_accumulator; + prover_polynomials.sorted_accum_shift = sorted_list_accumulator.shifted(); prover_polynomials.table_1 = prover.key->table_1; prover_polynomials.table_2 = prover.key->table_2; prover_polynomials.table_3 = prover.key->table_3; prover_polynomials.table_4 = prover.key->table_4; + prover_polynomials.table_1_shift = prover.key->table_1.shifted(); + prover_polynomials.table_2_shift = prover.key->table_2.shifted(); + prover_polynomials.table_3_shift = prover.key->table_3.shifted(); + prover_polynomials.table_4_shift = prover.key->table_4.shifted(); prover_polynomials.z_perm = z_permutation; prover_polynomials.z_perm_shift = z_permutation.shifted(); prover_polynomials.z_lookup = z_lookup; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 9508d0d51b..0d9c416b79 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -552,10 +552,18 @@ class Ultra { T& sorted_2 = std::get<30>(this->_data); T& sorted_3 = std::get<31>(this->_data); T& sorted_4 = std::get<32>(this->_data); + T& sorted_accum = std::get<32>(this->_data); T& z_perm = std::get<33>(this->_data); T& z_lookup = std::get<34>(this->_data); + T& table_1_shift = std::get<19>(this->_data); + T& table_2_shift = std::get<20>(this->_data); + T& table_3_shift = std::get<21>(this->_data); + T& table_4_shift = std::get<22>(this->_data); T& w_l_shift = std::get<35>(this->_data); + T& w_r_shift = std::get<35>(this->_data); + T& w_o_shift = std::get<35>(this->_data); T& w_4_shift = std::get<36>(this->_data); + T& sorted_accum_shift = std::get<37>(this->_data); T& z_perm_shift = std::get<37>(this->_data); T& z_lookup_shift = std::get<38>(this->_data); From d53aede40fb162b594fa989ce6326704ce2a9a7e Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 26 Apr 2023 17:13:09 +0000 Subject: [PATCH 056/119] lookup relation consistency tests passing --- .../honk/proof_system/prover_library.cpp | 2 +- .../honk/proof_system/prover_library.test.cpp | 2 +- .../lookup_grand_product_relation.hpp | 223 +++++++------- .../relations/relation_consistency.test.cpp | 274 ------------------ .../relations/relation_correctness.test.cpp | 69 +---- .../ultra_relation_consistency.test.cpp | 111 +++++++ .../proof_system/flavor/flavor.hpp | 188 ++---------- 7 files changed, 257 insertions(+), 612 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 947440edd7..1081b2e10c 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -224,7 +224,7 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptrtable_4, }; - std::span lookup_selector = key->q_lookuptype; // TODO(Cody): this was something called table_type + std::span lookup_selector = key->q_lookup; // TODO(Cody): this was something called table_type std::span lookup_index_selector = key->q_o; const FF beta_plus_one = beta + FF(1); // (1 + β) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index caddcdddfa..43bec3da39 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -200,7 +200,7 @@ template class ProverLibraryTests : public testing::Test { populate_span(proving_key->q_m, column_2_step_size); populate_span(proving_key->q_c, column_3_step_size); populate_span(proving_key->q_o, lookup_index_selector); - populate_span(proving_key->q_lookuptype, lookup_selector); + populate_span(proving_key->q_lookup, lookup_selector); // Get random challenges auto beta = FF::random_element(); diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp b/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp index 44bfa3d2e1..32830a8dc3 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp @@ -11,7 +11,6 @@ template class LookupGrandProductComputationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 6; // deg(z_lookup * column_selector * wire * q_lookup * table) = 5 - // using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; /** * @brief Compute contribution of the lookup grand prod relation for a given edge (internal function) @@ -46,57 +45,57 @@ template class LookupGrandProductComputationRelation { const auto eta_sqr = eta * eta; const auto eta_cube = eta_sqr * eta; - // auto w_1 = UnivariateView(extended_edges[MULTIVARIATE::W_L]); - // auto w_2 = UnivariateView(extended_edges[MULTIVARIATE::W_R]); - // auto w_3 = UnivariateView(extended_edges[MULTIVARIATE::W_O]); - - // auto w_1_shift = UnivariateView(extended_edges[MULTIVARIATE::W_1_SHIFT]); - // auto w_2_shift = UnivariateView(extended_edges[MULTIVARIATE::W_2_SHIFT]); - // auto w_3_shift = UnivariateView(extended_edges[MULTIVARIATE::W_3_SHIFT]); - - // auto table_1 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_1]); - // auto table_2 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_2]); - // auto table_3 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_3]); - // auto table_4 = UnivariateView(extended_edges[MULTIVARIATE::TABLE_4]); - - // auto table_1_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_1_SHIFT]); - // auto table_2_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_2_SHIFT]); - // auto table_3_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_3_SHIFT]); - // auto table_4_shift = UnivariateView(extended_edges[MULTIVARIATE::TABLE_4_SHIFT]); - - // auto s_accum = UnivariateView(extended_edges[MULTIVARIATE::S_ACCUM]); - // auto s_accum_shift = UnivariateView(extended_edges[MULTIVARIATE::S_ACCUM_SHIFT]); - - // auto z_lookup = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP]); - // auto z_lookup_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]); - - // auto table_index = UnivariateView(extended_edges[MULTIVARIATE::Q_O]); - // auto column_1_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_R]); - // auto column_2_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_M]); - // auto column_3_step_size = UnivariateView(extended_edges[MULTIVARIATE::Q_C]); - // auto q_lookup = UnivariateView(extended_edges[MULTIVARIATE::QLOOKUPTYPE]); - - // auto lagrange_first = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_FIRST]); - // auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); - - // // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. - // auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + - // (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; - - // // t_1 + ηt_2 + η²t_3 + η³t_4 - // auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; - // // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift - // auto table_accum_shift = - // table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; - - // // Contribution (1) - // auto tmp = (q_lookup * wire_accum + gamma); - // tmp *= (table_accum + table_accum_shift * beta + gamma_by_one_plus_beta); - // tmp *= one_plus_beta; - // tmp *= (z_lookup + lagrange_first); - // tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * - // (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); - // evals += tmp * scaling_factor; + auto w_1 = UnivariateView(extended_edges.w_l); + auto w_2 = UnivariateView(extended_edges.w_r); + auto w_3 = UnivariateView(extended_edges.w_o); + + auto w_1_shift = UnivariateView(extended_edges.w_l_shift); + auto w_2_shift = UnivariateView(extended_edges.w_r_shift); + auto w_3_shift = UnivariateView(extended_edges.w_o_shift); + + auto table_1 = UnivariateView(extended_edges.table_1); + auto table_2 = UnivariateView(extended_edges.table_2); + auto table_3 = UnivariateView(extended_edges.table_3); + auto table_4 = UnivariateView(extended_edges.table_4); + + auto table_1_shift = UnivariateView(extended_edges.table_1_shift); + auto table_2_shift = UnivariateView(extended_edges.table_2_shift); + auto table_3_shift = UnivariateView(extended_edges.table_3_shift); + auto table_4_shift = UnivariateView(extended_edges.table_4_shift); + + auto s_accum = UnivariateView(extended_edges.sorted_accum); + auto s_accum_shift = UnivariateView(extended_edges.sorted_accum_shift); + + auto z_lookup = UnivariateView(extended_edges.z_lookup); + auto z_lookup_shift = UnivariateView(extended_edges.z_lookup_shift); + + auto table_index = UnivariateView(extended_edges.q_o); + auto column_1_step_size = UnivariateView(extended_edges.q_r); + auto column_2_step_size = UnivariateView(extended_edges.q_m); + auto column_3_step_size = UnivariateView(extended_edges.q_c); + auto q_lookup = UnivariateView(extended_edges.q_lookup); + + auto lagrange_first = UnivariateView(extended_edges.lagrange_first); + auto lagrange_last = UnivariateView(extended_edges.lagrange_last); + + // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. + auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + + (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; + + // t_1 + ηt_2 + η²t_3 + η³t_4 + auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; + // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift + auto table_accum_shift = + table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; + + // Contribution (1) + auto tmp = (q_lookup * wire_accum + gamma); + tmp *= (table_accum + table_accum_shift * beta + gamma_by_one_plus_beta); + tmp *= one_plus_beta; + tmp *= (z_lookup + lagrange_first); + tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * + (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); + evals += tmp * scaling_factor; }; void add_full_relation_value_contribution(FF& full_honk_relation_value, @@ -113,56 +112,57 @@ template class LookupGrandProductComputationRelation { const auto eta_sqr = eta * eta; const auto eta_cube = eta_sqr * eta; - // auto w_1 = purported_evaluations[MULTIVARIATE::W_L]; - // auto w_2 = purported_evaluations[MULTIVARIATE::W_R]; - // auto w_3 = purported_evaluations[MULTIVARIATE::W_O]; - - // auto w_1_shift = purported_evaluations[MULTIVARIATE::W_1_SHIFT]; - // auto w_2_shift = purported_evaluations[MULTIVARIATE::W_2_SHIFT]; - // auto w_3_shift = purported_evaluations[MULTIVARIATE::W_3_SHIFT]; - - // auto table_1 = purported_evaluations[MULTIVARIATE::TABLE_1]; - // auto table_2 = purported_evaluations[MULTIVARIATE::TABLE_2]; - // auto table_3 = purported_evaluations[MULTIVARIATE::TABLE_3]; - // auto table_4 = purported_evaluations[MULTIVARIATE::TABLE_4]; - - // auto table_1_shift = purported_evaluations[MULTIVARIATE::TABLE_1_SHIFT]; - // auto table_2_shift = purported_evaluations[MULTIVARIATE::TABLE_2_SHIFT]; - // auto table_3_shift = purported_evaluations[MULTIVARIATE::TABLE_3_SHIFT]; - // auto table_4_shift = purported_evaluations[MULTIVARIATE::TABLE_4_SHIFT]; - - // auto s_accum = purported_evaluations[MULTIVARIATE::S_ACCUM]; - // auto s_accum_shift = purported_evaluations[MULTIVARIATE::S_ACCUM_SHIFT]; - // auto z_lookup = purported_evaluations[MULTIVARIATE::Z_LOOKUP]; - // auto z_lookup_shift = purported_evaluations[MULTIVARIATE::Z_LOOKUP_SHIFT]; - - // auto table_index = purported_evaluations[MULTIVARIATE::Q_O]; - // auto column_1_step_size = purported_evaluations[MULTIVARIATE::Q_R]; - // auto column_2_step_size = purported_evaluations[MULTIVARIATE::Q_M]; - // auto column_3_step_size = purported_evaluations[MULTIVARIATE::Q_C]; - // auto q_lookup = purported_evaluations[MULTIVARIATE::QLOOKUPTYPE]; - - // auto lagrange_first = purported_evaluations[MULTIVARIATE::LAGRANGE_FIRST]; - // auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; - - // // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. - // auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + - // (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; - - // // t_1 + ηt_2 + η²t_3 + η³t_4 - // auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; - // // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift - // auto table_accum_shift = - // table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; - - // // Contribution (1) - // auto tmp = (q_lookup * wire_accum + gamma); - // tmp *= (table_accum + beta * table_accum_shift + gamma_by_one_plus_beta); - // tmp *= one_plus_beta; - // tmp *= (z_lookup + lagrange_first); - // tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * - // (s_accum + beta * s_accum_shift + gamma_by_one_plus_beta); - // full_honk_relation_value += tmp; + auto w_1 = purported_evaluations.w_l; + auto w_2 = purported_evaluations.w_r; + auto w_3 = purported_evaluations.w_o; + + auto w_1_shift = purported_evaluations.w_l_shift; + auto w_2_shift = purported_evaluations.w_r_shift; + auto w_3_shift = purported_evaluations.w_o_shift; + + auto table_1 = purported_evaluations.table_1; + auto table_2 = purported_evaluations.table_2; + auto table_3 = purported_evaluations.table_3; + auto table_4 = purported_evaluations.table_4; + + auto table_1_shift = purported_evaluations.table_1_shift; + auto table_2_shift = purported_evaluations.table_2_shift; + auto table_3_shift = purported_evaluations.table_3_shift; + auto table_4_shift = purported_evaluations.table_4_shift; + + auto s_accum = purported_evaluations.sorted_accum; + auto s_accum_shift = purported_evaluations.sorted_accum_shift; + + auto z_lookup = purported_evaluations.z_lookup; + auto z_lookup_shift = purported_evaluations.z_lookup_shift; + + auto table_index = purported_evaluations.q_o; + auto column_1_step_size = purported_evaluations.q_r; + auto column_2_step_size = purported_evaluations.q_m; + auto column_3_step_size = purported_evaluations.q_c; + auto q_lookup = purported_evaluations.q_lookup; + + auto lagrange_first = purported_evaluations.lagrange_first; + auto lagrange_last = purported_evaluations.lagrange_last; + + // (w_1 + q_2*w_1_shift) + η(w_2 + q_m*w_2_shift) + η²(w_3 + q_c*w_3_shift) + η³q_index. + auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + + (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; + + // t_1 + ηt_2 + η²t_3 + η³t_4 + auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; + // t_1_shift + ηt_2_shift + η²t_3_shift + η³t_4_shift + auto table_accum_shift = + table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; + + // Contribution (1) + auto tmp = (q_lookup * wire_accum + gamma); + tmp *= (table_accum + beta * table_accum_shift + gamma_by_one_plus_beta); + tmp *= one_plus_beta; + tmp *= (z_lookup + lagrange_first); + tmp -= (z_lookup_shift + lagrange_last * grand_product_delta) * + (s_accum + beta * s_accum_shift + gamma_by_one_plus_beta); + full_honk_relation_value += tmp; }; }; @@ -170,7 +170,6 @@ template class LookupGrandProductInitializationRelation { public: // 1 + polynomial degree of this relation static constexpr size_t RELATION_LENGTH = 3; // deg(lagrange_last * z_lookup_shift) = 2 - // using MULTIVARIATE = proof_system::honk::UltraArithmetization::POLYNOMIAL; /** * @brief Compute contribution of the lookup grand prod relation for a given edge (internal function) @@ -186,20 +185,22 @@ template class LookupGrandProductInitializationRelation { inline void add_edge_contribution(Univariate& evals, const auto& extended_edges, const RelationParameters& /*unused*/, - const FF& scaling_factor) const { - // auto z_lookup_shift = UnivariateView(extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]); - // auto lagrange_last = UnivariateView(extended_edges[MULTIVARIATE::LAGRANGE_LAST]); + const FF& scaling_factor) const + { + auto z_lookup_shift = UnivariateView(extended_edges.z_lookup_shift); + auto lagrange_last = UnivariateView(extended_edges.lagrange_last); - // evals += (lagrange_last * z_lookup_shift) * scaling_factor; + evals += (lagrange_last * z_lookup_shift) * scaling_factor; }; void add_full_relation_value_contribution(FF& full_honk_relation_value, auto& purported_evaluations, - const RelationParameters& /*unused*/) const { - // auto z_lookup_shift = purported_evaluations[MULTIVARIATE::Z_LOOKUP_SHIFT]; - // auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST]; + const RelationParameters& /*unused*/) const + { + auto z_lookup_shift = purported_evaluations.z_lookup_shift; + auto lagrange_last = purported_evaluations.lagrange_last; - // full_honk_relation_value += lagrange_last * z_lookup_shift; + full_honk_relation_value += lagrange_last * z_lookup_shift; }; }; } // namespace proof_system::honk::sumcheck \ No newline at end of file diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index 7cc97aa626..274e93b184 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -292,278 +292,4 @@ TEST_F(StandardRelationConsistency, GrandProductInitializationRelation) run_test(/* is_random_input=*/false); }; -// TYPED_TEST(RelationConsistency, UltraArithmeticRelation) -// { -// SUMCHECK_RELATION_TYPE_ALIASES -// using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - -// static constexpr size_t FULL_RELATION_LENGTH = 6; -// static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - -// const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); -// std::array, NUM_POLYNOMIALS> extended_edges; -// std::array, NUM_POLYNOMIALS> input_polynomials; - -// // input_univariates are random polynomials of degree one -// for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { -// input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() -// }); -// } -// extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - -// auto relation = UltraArithmeticRelation(); - -// // Extract the extended edges for manual computation of relation contribution -// const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; -// const auto& w_2 = extended_edges[MULTIVARIATE::W_R]; -// const auto& w_3 = extended_edges[MULTIVARIATE::W_O]; -// const auto& w_4 = extended_edges[MULTIVARIATE::W_4]; -// const auto& w_4_shift = extended_edges[MULTIVARIATE::W_4_SHIFT]; -// const auto& q_m = extended_edges[MULTIVARIATE::Q_M]; -// const auto& q_l = extended_edges[MULTIVARIATE::Q_L]; -// const auto& q_r = extended_edges[MULTIVARIATE::Q_R]; -// const auto& q_o = extended_edges[MULTIVARIATE::Q_O]; -// const auto& q_4 = extended_edges[MULTIVARIATE::Q_4]; -// const auto& q_c = extended_edges[MULTIVARIATE::Q_C]; -// const auto& q_arith = extended_edges[MULTIVARIATE::QARITH]; - -// static const FF neg_half = FF(-2).invert(); - -// auto expected_evals = (q_arith - 3) * (q_m * w_2 * w_1) * neg_half; -// expected_evals += (q_l * w_1) + (q_r * w_2) + (q_o * w_3) + (q_4 * w_4) + q_c; -// expected_evals += (q_arith - 1) * w_4_shift; -// expected_evals *= q_arith; - -// TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -// }; - -// TYPED_TEST(RelationConsistency, UltraArithmeticRelationSecondary) -// { -// SUMCHECK_RELATION_TYPE_ALIASES -// using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - -// static constexpr size_t FULL_RELATION_LENGTH = 6; -// static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - -// const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); -// std::array, NUM_POLYNOMIALS> extended_edges; -// std::array, NUM_POLYNOMIALS> input_polynomials; - -// // input_univariates are random polynomials of degree one -// for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { -// input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() -// }); -// } -// extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - -// auto relation = UltraArithmeticRelationSecondary(); - -// // Extract the extended edges for manual computation of relation contribution -// const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; -// const auto& w_4 = extended_edges[MULTIVARIATE::W_4]; -// const auto& w_1_shift = extended_edges[MULTIVARIATE::W_1_SHIFT]; -// const auto& q_m = extended_edges[MULTIVARIATE::Q_M]; -// const auto& q_arith = extended_edges[MULTIVARIATE::QARITH]; - -// auto expected_evals = (w_1 + w_4 - w_1_shift + q_m); -// expected_evals *= (q_arith - 2) * (q_arith - 1) * q_arith; - -// TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -// }; - -// TYPED_TEST(RelationConsistency, UltraGrandProductInitializationRelation) -// { -// SUMCHECK_RELATION_TYPE_ALIASES -// using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - -// static constexpr size_t FULL_RELATION_LENGTH = 6; -// static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - -// const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); -// std::array, NUM_POLYNOMIALS> extended_edges; -// std::array, NUM_POLYNOMIALS> input_polynomials; - -// // input_univariates are random polynomials of degree one -// for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { -// input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() -// }); -// } -// extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - -// auto relation = UltraGrandProductInitializationRelation(); - -// // Extract the extended edges for manual computation of relation contribution -// const auto& z_perm_shift = extended_edges[MULTIVARIATE::Z_PERM_SHIFT]; -// const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; - -// // Compute the expected result using a simple to read version of the relation expression -// auto expected_evals = z_perm_shift * lagrange_last; - -// TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -// }; - -// TYPED_TEST(RelationConsistency, UltraGrandProductComputationRelation) -// { -// SUMCHECK_RELATION_TYPE_ALIASES -// using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - -// static constexpr size_t FULL_RELATION_LENGTH = 6; -// static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - -// const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); -// std::array, NUM_POLYNOMIALS> extended_edges; -// std::array, NUM_POLYNOMIALS> input_polynomials; - -// // input_univariates are random polynomials of degree one -// for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { -// input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() -// }); -// } -// extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - -// auto relation = UltraGrandProductComputationRelation(); - -// const auto& beta = relation_parameters.beta; -// const auto& gamma = relation_parameters.gamma; -// const auto& public_input_delta = relation_parameters.public_input_delta; - -// // Extract the extended edges for manual computation of relation contribution -// const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; -// const auto& w_2 = extended_edges[MULTIVARIATE::W_R]; -// const auto& w_3 = extended_edges[MULTIVARIATE::W_O]; -// const auto& w_4 = extended_edges[MULTIVARIATE::W_4]; -// const auto& sigma_1 = extended_edges[MULTIVARIATE::SIGMA_1]; -// const auto& sigma_2 = extended_edges[MULTIVARIATE::SIGMA_2]; -// const auto& sigma_3 = extended_edges[MULTIVARIATE::SIGMA_3]; -// const auto& sigma_4 = extended_edges[MULTIVARIATE::SIGMA_4]; -// const auto& id_1 = extended_edges[MULTIVARIATE::ID_1]; -// const auto& id_2 = extended_edges[MULTIVARIATE::ID_2]; -// const auto& id_3 = extended_edges[MULTIVARIATE::ID_3]; -// const auto& id_4 = extended_edges[MULTIVARIATE::ID_4]; -// const auto& z_perm = extended_edges[MULTIVARIATE::Z_PERM]; -// const auto& z_perm_shift = extended_edges[MULTIVARIATE::Z_PERM_SHIFT]; -// const auto& lagrange_first = extended_edges[MULTIVARIATE::LAGRANGE_FIRST]; -// const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; - -// // Compute the expected result using a simple to read version of the relation expression -// auto expected_evals = (z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) * -// (w_3 + id_3 * beta + gamma) * (w_4 + id_4 * beta + gamma) - -// (z_perm_shift + lagrange_last * public_input_delta) * (w_1 + sigma_1 * beta + gamma) * -// (w_2 + sigma_2 * beta + gamma) * (w_3 + sigma_3 * beta + gamma) * -// (w_4 + sigma_4 * beta + gamma); - -// TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -// }; - -// TYPED_TEST(RelationConsistency, LookupGrandProductComputationRelation) -// { -// SUMCHECK_RELATION_TYPE_ALIASES -// using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - -// static constexpr size_t FULL_RELATION_LENGTH = 6; -// static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - -// const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); -// std::array, NUM_POLYNOMIALS> extended_edges; -// std::array, NUM_POLYNOMIALS> input_polynomials; - -// // input_univariates are random polynomials of degree one -// for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { -// input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() -// }); -// } -// extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - -// auto relation = LookupGrandProductComputationRelation(); - -// const auto eta = relation_parameters.eta; -// const auto beta = relation_parameters.beta; -// const auto gamma = relation_parameters.gamma; -// auto grand_product_delta = relation_parameters.lookup_grand_product_delta; - -// // Extract the extended edges for manual computation of relation contribution -// auto one_plus_beta = FF::one() + beta; -// auto gamma_by_one_plus_beta = gamma * one_plus_beta; -// auto eta_sqr = eta * eta; -// auto eta_cube = eta_sqr * eta; - -// const auto& w_1 = extended_edges[MULTIVARIATE::W_L]; -// const auto& w_2 = extended_edges[MULTIVARIATE::W_R]; -// const auto& w_3 = extended_edges[MULTIVARIATE::W_O]; - -// const auto& w_1_shift = extended_edges[MULTIVARIATE::W_1_SHIFT]; -// const auto& w_2_shift = extended_edges[MULTIVARIATE::W_2_SHIFT]; -// const auto& w_3_shift = extended_edges[MULTIVARIATE::W_3_SHIFT]; - -// const auto& table_1 = extended_edges[MULTIVARIATE::TABLE_1]; -// const auto& table_2 = extended_edges[MULTIVARIATE::TABLE_2]; -// const auto& table_3 = extended_edges[MULTIVARIATE::TABLE_3]; -// const auto& table_4 = extended_edges[MULTIVARIATE::TABLE_4]; - -// const auto& table_1_shift = extended_edges[MULTIVARIATE::TABLE_1_SHIFT]; -// const auto& table_2_shift = extended_edges[MULTIVARIATE::TABLE_2_SHIFT]; -// const auto& table_3_shift = extended_edges[MULTIVARIATE::TABLE_3_SHIFT]; -// const auto& table_4_shift = extended_edges[MULTIVARIATE::TABLE_4_SHIFT]; - -// const auto& s_accum = extended_edges[MULTIVARIATE::S_ACCUM]; -// const auto& s_accum_shift = extended_edges[MULTIVARIATE::S_ACCUM_SHIFT]; -// const auto& z_lookup = extended_edges[MULTIVARIATE::Z_LOOKUP]; -// const auto& z_lookup_shift = extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]; - -// const auto& table_index = extended_edges[MULTIVARIATE::Q_O]; -// const auto& column_1_step_size = extended_edges[MULTIVARIATE::Q_R]; -// const auto& column_2_step_size = extended_edges[MULTIVARIATE::Q_M]; -// const auto& column_3_step_size = extended_edges[MULTIVARIATE::Q_C]; -// const auto& q_lookup = extended_edges[MULTIVARIATE::QLOOKUPTYPE]; - -// const auto& lagrange_first = extended_edges[MULTIVARIATE::LAGRANGE_FIRST]; -// const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; - -// auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + -// (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; - -// auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; -// auto table_accum_shift = table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * -// eta_cube; - -// // Compute the expected result using a simple to read version of the relation expression -// auto expected_evals = (z_lookup + lagrange_first) * (q_lookup * wire_accum + gamma) * -// (table_accum + table_accum_shift * beta + gamma_by_one_plus_beta) * one_plus_beta; -// expected_evals -= (z_lookup_shift + lagrange_last * grand_product_delta) * -// (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); - -// TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -// }; - -// TYPED_TEST(RelationConsistency, LookupGrandProductInitializationRelation) -// { -// SUMCHECK_RELATION_TYPE_ALIASES -// using MULTIVARIATE = honk::UltraArithmetization::POLYNOMIAL; - -// static constexpr size_t FULL_RELATION_LENGTH = 6; -// static const size_t NUM_POLYNOMIALS = proof_system::honk::UltraArithmetization::COUNT; - -// const auto relation_parameters = TestFixture::compute_mock_relation_parameters(); -// std::array, NUM_POLYNOMIALS> extended_edges; -// std::array, NUM_POLYNOMIALS> input_polynomials; - -// // input_univariates are random polynomials of degree one -// for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { -// input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() -// }); -// } -// extended_edges = TestFixture::template compute_mock_extended_edges(input_polynomials); - -// auto relation = LookupGrandProductInitializationRelation(); - -// // Extract the extended edges for manual computation of relation contribution -// const auto& z_lookup_shift = extended_edges[MULTIVARIATE::Z_LOOKUP_SHIFT]; -// const auto& lagrange_last = extended_edges[MULTIVARIATE::LAGRANGE_LAST]; - -// // Compute the expected result using a simple to read version of the relation expression -// auto expected_evals = z_lookup_shift * lagrange_last; - -// TestFixture::template validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); -// }; - } // namespace proof_system::honk_relation_tests diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index ee0aec1ca9..c40bbd72d7 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -5,7 +5,6 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" #include "barretenberg/numeric/uint256/uint256.hpp" -// #include "barretenberg/honk/flavor/flavor.hpp" #include #include #include "barretenberg/honk/proof_system/prover.hpp" @@ -13,7 +12,6 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" -#include "barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp" #include "barretenberg/honk/utils/grand_product_delta.hpp" #include "barretenberg/polynomials/polynomial.hpp" @@ -277,7 +275,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.q_sort = prover.key->q_sort; prover_polynomials.q_elliptic = prover.key->q_elliptic; prover_polynomials.q_aux = prover.key->q_aux; - prover_polynomials.q_lookuptype = prover.key->q_lookuptype; + prover_polynomials.q_lookup = prover.key->q_lookup; prover_polynomials.sigma_1 = prover.key->sigma_1; prover_polynomials.sigma_2 = prover.key->sigma_2; prover_polynomials.sigma_3 = prover.key->sigma_3; @@ -289,71 +287,6 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.lagrange_first = prover.key->lagrange_first; prover_polynomials.lagrange_last = prover.key->lagrange_last; - // std::array, num_polynomials> evaluations_array; - - // using POLYNOMIAL = proof_system::honk::UltraArithmetization::POLYNOMIAL; - // evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0]; - // evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1]; - // evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2]; - // evaluations_array[POLYNOMIAL::W_4] = prover.wire_polynomials[3]; - // evaluations_array[POLYNOMIAL::W_1_SHIFT] = prover.wire_polynomials[0].shifted(); - // evaluations_array[POLYNOMIAL::W_2_SHIFT] = prover.wire_polynomials[1].shifted(); - // evaluations_array[POLYNOMIAL::W_3_SHIFT] = prover.wire_polynomials[2].shifted(); - // evaluations_array[POLYNOMIAL::W_4_SHIFT] = prover.wire_polynomials[3].shifted(); - - // evaluations_array[POLYNOMIAL::S_1] = prover.key->polynomial_store.get("s_1_lagrange"); - // evaluations_array[POLYNOMIAL::S_2] = prover.key->polynomial_store.get("s_2_lagrange"); - // evaluations_array[POLYNOMIAL::S_3] = prover.key->polynomial_store.get("s_3_lagrange"); - // evaluations_array[POLYNOMIAL::S_4] = prover.key->polynomial_store.get("s_4_lagrange"); - - // evaluations_array[POLYNOMIAL::S_ACCUM] = sorted_list_accumulator; - // evaluations_array[POLYNOMIAL::S_ACCUM_SHIFT] = sorted_list_accumulator.shifted(); - - // evaluations_array[POLYNOMIAL::Z_PERM] = z_permutation; - // evaluations_array[POLYNOMIAL::Z_PERM_SHIFT] = z_permutation.shifted(); - - // evaluations_array[POLYNOMIAL::Z_LOOKUP] = z_lookup; - // evaluations_array[POLYNOMIAL::Z_LOOKUP_SHIFT] = z_lookup.shifted(); - - // evaluations_array[POLYNOMIAL::Q_M] = prover.key->polynomial_store.get("q_m_lagrange"); - // evaluations_array[POLYNOMIAL::Q_L] = prover.key->polynomial_store.get("q_1_lagrange"); - // evaluations_array[POLYNOMIAL::Q_R] = prover.key->polynomial_store.get("q_2_lagrange"); - // evaluations_array[POLYNOMIAL::Q_O] = prover.key->polynomial_store.get("q_3_lagrange"); - // evaluations_array[POLYNOMIAL::Q_4] = prover.key->polynomial_store.get("q_4_lagrange"); - // evaluations_array[POLYNOMIAL::Q_C] = prover.key->polynomial_store.get("q_c_lagrange"); - // evaluations_array[POLYNOMIAL::QARITH] = prover.key->polynomial_store.get("q_arith_lagrange"); - // evaluations_array[POLYNOMIAL::QSORT] = prover.key->polynomial_store.get("q_sort_lagrange"); - // evaluations_array[POLYNOMIAL::QELLIPTIC] = prover.key->polynomial_store.get("q_elliptic_lagrange"); - // evaluations_array[POLYNOMIAL::QAUX] = prover.key->polynomial_store.get("q_aux_lagrange"); - // evaluations_array[POLYNOMIAL::QLOOKUPTYPE] = prover.key->polynomial_store.get("table_type_lagrange"); - - // evaluations_array[POLYNOMIAL::SIGMA_1] = prover.key->polynomial_store.get("sigma_1_lagrange"); - // evaluations_array[POLYNOMIAL::SIGMA_2] = prover.key->polynomial_store.get("sigma_2_lagrange"); - // evaluations_array[POLYNOMIAL::SIGMA_3] = prover.key->polynomial_store.get("sigma_3_lagrange"); - // evaluations_array[POLYNOMIAL::SIGMA_4] = prover.key->polynomial_store.get("sigma_4_lagrange"); - - // evaluations_array[POLYNOMIAL::ID_1] = prover.key->polynomial_store.get("id_1_lagrange"); - // evaluations_array[POLYNOMIAL::ID_2] = prover.key->polynomial_store.get("id_2_lagrange"); - // evaluations_array[POLYNOMIAL::ID_3] = prover.key->polynomial_store.get("id_3_lagrange"); - // evaluations_array[POLYNOMIAL::ID_4] = prover.key->polynomial_store.get("id_4_lagrange"); - - // evaluations_array[POLYNOMIAL::TABLE_1] = prover.key->polynomial_store.get("table_value_1_lagrange"); - // evaluations_array[POLYNOMIAL::TABLE_2] = prover.key->polynomial_store.get("table_value_2_lagrange"); - // evaluations_array[POLYNOMIAL::TABLE_3] = prover.key->polynomial_store.get("table_value_3_lagrange"); - // evaluations_array[POLYNOMIAL::TABLE_4] = prover.key->polynomial_store.get("table_value_4_lagrange"); - - // evaluations_array[POLYNOMIAL::TABLE_1_SHIFT] = - // prover.key->polynomial_store.get("table_value_1_lagrange").shifted(); - // evaluations_array[POLYNOMIAL::TABLE_2_SHIFT] = - // prover.key->polynomial_store.get("table_value_2_lagrange").shifted(); - // evaluations_array[POLYNOMIAL::TABLE_3_SHIFT] = - // prover.key->polynomial_store.get("table_value_3_lagrange").shifted(); - // evaluations_array[POLYNOMIAL::TABLE_4_SHIFT] = - // prover.key->polynomial_store.get("table_value_4_lagrange").shifted(); - - // evaluations_array[POLYNOMIAL::LAGRANGE_FIRST] = prover.key->polynomial_store.get("L_first_lagrange"); - // evaluations_array[POLYNOMIAL::LAGRANGE_LAST] = prover.key->polynomial_store.get("L_last_lagrange"); - // Construct the round for applying sumcheck relations and results for storing computed results auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), honk::sumcheck::UltraArithmeticRelationSecondary(), diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index 60f607663b..e08c22a40d 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -1,5 +1,6 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" +#include "barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "relation.hpp" #include "arithmetic_relation.hpp" @@ -293,4 +294,114 @@ TEST_F(UltraRelationConsistency, UltraGrandProductComputationRelation) validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); }; +TEST_F(UltraRelationConsistency, LookupGrandProductComputationRelation) +{ + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + using Flavor = honk::flavor::Ultra; + static constexpr size_t FULL_RELATION_LENGTH = 6; + using ExtendedEdges = typename Flavor::ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; + auto relation_parameters = compute_mock_relation_parameters(); + ExtendedEdges extended_edges; + std::array, NUM_POLYNOMIALS> input_polynomials; + + // input_univariates are random polynomials of degree one + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); + } + compute_mock_extended_edges(extended_edges, input_polynomials); + + auto relation = LookupGrandProductComputationRelation(); + + const auto eta = relation_parameters.eta; + const auto beta = relation_parameters.beta; + const auto gamma = relation_parameters.gamma; + auto grand_product_delta = relation_parameters.lookup_grand_product_delta; + + // Extract the extended edges for manual computation of relation contribution + auto one_plus_beta = FF::one() + beta; + auto gamma_by_one_plus_beta = gamma * one_plus_beta; + auto eta_sqr = eta * eta; + auto eta_cube = eta_sqr * eta; + + const auto& w_1 = extended_edges.w_l; + const auto& w_2 = extended_edges.w_r; + const auto& w_3 = extended_edges.w_o; + + const auto& w_1_shift = extended_edges.w_l_shift; + const auto& w_2_shift = extended_edges.w_r_shift; + const auto& w_3_shift = extended_edges.w_o_shift; + + const auto& table_1 = extended_edges.table_1; + const auto& table_2 = extended_edges.table_2; + const auto& table_3 = extended_edges.table_3; + const auto& table_4 = extended_edges.table_4; + + const auto& table_1_shift = extended_edges.table_1_shift; + const auto& table_2_shift = extended_edges.table_2_shift; + const auto& table_3_shift = extended_edges.table_3_shift; + const auto& table_4_shift = extended_edges.table_4_shift; + + const auto& s_accum = extended_edges.sorted_accum; + const auto& s_accum_shift = extended_edges.sorted_accum_shift; + const auto& z_lookup = extended_edges.z_lookup; + const auto& z_lookup_shift = extended_edges.z_lookup_shift; + + const auto& table_index = extended_edges.q_o; + const auto& column_1_step_size = extended_edges.q_r; + const auto& column_2_step_size = extended_edges.q_m; + const auto& column_3_step_size = extended_edges.q_c; + const auto& q_lookup = extended_edges.q_lookup; + + const auto& lagrange_first = extended_edges.lagrange_first; + const auto& lagrange_last = extended_edges.lagrange_last; + + auto wire_accum = (w_1 + column_1_step_size * w_1_shift) + (w_2 + column_2_step_size * w_2_shift) * eta + + (w_3 + column_3_step_size * w_3_shift) * eta_sqr + table_index * eta_cube; + + auto table_accum = table_1 + table_2 * eta + table_3 * eta_sqr + table_4 * eta_cube; + auto table_accum_shift = table_1_shift + table_2_shift * eta + table_3_shift * eta_sqr + table_4_shift * eta_cube; + + // Compute the expected result using a simple to read version of the relation expression + auto expected_evals = (z_lookup + lagrange_first) * (q_lookup * wire_accum + gamma) * + (table_accum + table_accum_shift * beta + gamma_by_one_plus_beta) * one_plus_beta; + expected_evals -= (z_lookup_shift + lagrange_last * grand_product_delta) * + (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); + + info("expected_evals = ", expected_evals); + + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); +}; + +TEST_F(UltraRelationConsistency, LookupGrandProductInitializationRelation) +{ + using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; + using Flavor = honk::flavor::Ultra; + static constexpr size_t FULL_RELATION_LENGTH = 6; + using ExtendedEdges = typename Flavor::ExtendedEdges; + static const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; + auto relation_parameters = compute_mock_relation_parameters(); + ExtendedEdges extended_edges; + std::array, NUM_POLYNOMIALS> input_polynomials; + + // input_univariates are random polynomials of degree one + for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { + input_polynomials[i] = Univariate({ FF::random_element(), FF::random_element() }); + } + compute_mock_extended_edges(extended_edges, input_polynomials); + + auto relation = LookupGrandProductInitializationRelation(); + + // Extract the extended edges for manual computation of relation contribution + const auto& z_lookup_shift = extended_edges.z_lookup_shift; + const auto& lagrange_last = extended_edges.lagrange_last; + + // Compute the expected result using a simple to read version of the relation expression + auto expected_evals = z_lookup_shift * lagrange_last; + + validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); +}; + } // namespace proof_system::honk_relation_tests diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 0d9c416b79..c5ff62c173 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -311,7 +311,9 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = 39; + // TODO(luke): sure would be nice if this was computed programtically + static constexpr size_t NUM_ALL_ENTITIES = 47; + // TODO(luke): what does this need to reflect? e.g. are shifts of precomputed polys counted here? static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 29; template @@ -327,9 +329,11 @@ class Ultra { T& q_sort = std::get<7>(this->_data); T& q_elliptic = std::get<8>(this->_data); T& q_aux = std::get<9>(this->_data); - T& q_lookuptype = std::get<10>(this->_data); // WORKTODO: rename - T& sorted_1 = std::get<11>(this->_data); // TODO(Cody) These shouldn't be in here, right? - T& sorted_2 = std::get<12>(this->_data); // WORKTODO: Should rename these to sorted_i + T& q_lookup = std::get<10>(this->_data); + // TODO(luke): these are witness polys (just like the wires) but right now they are stored in the proving key + // (unlike the wires which are handles separately and owned by the prover). + T& sorted_1 = std::get<11>(this->_data); + T& sorted_2 = std::get<12>(this->_data); T& sorted_3 = std::get<13>(this->_data); T& sorted_4 = std::get<14>(this->_data); T& sigma_1 = std::get<15>(this->_data); @@ -349,146 +353,14 @@ class Ultra { std::vector get_selectors() { - // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; - return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookuptype }; + // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; + return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; }; std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; virtual ~PrecomputedData() = default; - PrecomputedData() = default; - // TODO(Cody): are these needed? - PrecomputedData(const PrecomputedData& other) - : q_c(other.q_c) - , q_l(other.q_l) - , q_r(other.q_r) - , q_o(other.q_o) - , q_4(other.q_4) - , q_m(other.q_m) - , q_arith(other.q_arith) - , q_sort(other.q_sort) - , q_elliptic(other.q_elliptic) - , q_aux(other.q_aux) - , q_lookuptype(other.q_lookuptype) - , sorted_1(other.sorted_1) - , sorted_2(other.sorted_2) - , sorted_3(other.sorted_3) - , sorted_4(other.sorted_4) - , sigma_1(other.sigma_1) - , sigma_2(other.sigma_2) - , sigma_3(other.sigma_3) - , sigma_4(other.sigma_4) - , id_1(other.id_1) - , id_2(other.id_2) - , id_3(other.id_3) - , id_4(other.id_4) - , table_1(other.table_1) - , table_2(other.table_2) - , table_3(other.table_3) - , table_4(other.table_4) - , lagrange_first(other.lagrange_first) - , lagrange_last(other.lagrange_last){}; - - PrecomputedData(PrecomputedData&& other) - : q_c(other.q_c) - , q_l(other.q_l) - , q_r(other.q_r) - , q_o(other.q_o) - , q_4(other.q_4) - , q_m(other.q_m) - , q_arith(other.q_arith) - , q_sort(other.q_sort) - , q_elliptic(other.q_elliptic) - , q_aux(other.q_aux) - , q_lookuptype(other.q_lookuptype) - , sorted_1(other.sorted_1) - , sorted_2(other.sorted_2) - , sorted_3(other.sorted_3) - , sorted_4(other.sorted_4) - , sigma_1(other.sigma_1) - , sigma_2(other.sigma_2) - , sigma_3(other.sigma_3) - , sigma_4(other.sigma_4) - , id_1(other.id_1) - , id_2(other.id_2) - , id_3(other.id_3) - , id_4(other.id_4) - , table_1(other.table_1) - , table_2(other.table_2) - , table_3(other.table_3) - , table_4(other.table_4) - , lagrange_first(other.lagrange_first) - , lagrange_last(other.lagrange_last){}; - - PrecomputedData& operator=(const PrecomputedData& other) - // TODO(Cody): Doesn't work for self assignment? - { - q_c = other.q_c; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_4 = other.q_4; - q_m = other.q_m; - q_arith = other.q_arith; - q_sort = other.q_sort; - q_elliptic = other.q_elliptic; - q_aux = other.q_aux; - q_lookuptype = other.q_lookuptype; - sorted_1 = other.sorted_1; - sorted_2 = other.sorted_2; - sorted_3 = other.sorted_3; - sorted_4 = other.sorted_4; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - sigma_4 = other.sigma_4; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - id_4 = other.id_4; - table_1 = other.table_1; - table_2 = other.table_2; - table_3 = other.table_3; - table_4 = other.table_4; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - return *this; - }; - - PrecomputedData& operator=(PrecomputedData&& other) - { - q_c = other.q_c; - q_l = other.q_l; - q_r = other.q_r; - q_o = other.q_o; - q_4 = other.q_4; - q_m = other.q_m; - q_arith = other.q_arith; - q_sort = other.q_sort; - q_elliptic = other.q_elliptic; - q_aux = other.q_aux; - q_lookuptype = other.q_lookuptype; - sorted_1 = other.sorted_1; - sorted_2 = other.sorted_2; - sorted_3 = other.sorted_3; - sorted_4 = other.sorted_4; - sigma_1 = other.sigma_1; - sigma_2 = other.sigma_2; - sigma_3 = other.sigma_3; - sigma_4 = other.sigma_4; - id_1 = other.id_1; - id_2 = other.id_2; - id_3 = other.id_3; - id_4 = other.id_4; - table_1 = other.table_1; - table_2 = other.table_2; - table_3 = other.table_3; - table_4 = other.table_4; - lagrange_first = other.lagrange_first; - lagrange_last = other.lagrange_last; - return *this; - }; }; class ProvingKey : public BaseProvingKey, FF> { @@ -529,7 +401,7 @@ class Ultra { T& q_sort = std::get<7>(this->_data); T& q_elliptic = std::get<8>(this->_data); T& q_aux = std::get<9>(this->_data); - T& q_lookuptype = std::get<10>(this->_data); + T& q_lookup = std::get<10>(this->_data); T& sigma_1 = std::get<11>(this->_data); T& sigma_2 = std::get<12>(this->_data); T& sigma_3 = std::get<13>(this->_data); @@ -552,29 +424,31 @@ class Ultra { T& sorted_2 = std::get<30>(this->_data); T& sorted_3 = std::get<31>(this->_data); T& sorted_4 = std::get<32>(this->_data); - T& sorted_accum = std::get<32>(this->_data); - T& z_perm = std::get<33>(this->_data); - T& z_lookup = std::get<34>(this->_data); - T& table_1_shift = std::get<19>(this->_data); - T& table_2_shift = std::get<20>(this->_data); - T& table_3_shift = std::get<21>(this->_data); - T& table_4_shift = std::get<22>(this->_data); - T& w_l_shift = std::get<35>(this->_data); - T& w_r_shift = std::get<35>(this->_data); - T& w_o_shift = std::get<35>(this->_data); - T& w_4_shift = std::get<36>(this->_data); - T& sorted_accum_shift = std::get<37>(this->_data); - T& z_perm_shift = std::get<37>(this->_data); - T& z_lookup_shift = std::get<38>(this->_data); + T& sorted_accum = std::get<33>(this->_data); + T& z_perm = std::get<34>(this->_data); + T& z_lookup = std::get<35>(this->_data); + // TODO(luke): THese are precomputable but are only ever instantiated as spans so do not need to be stored in + // the pkey + T& table_1_shift = std::get<36>(this->_data); + T& table_2_shift = std::get<37>(this->_data); + T& table_3_shift = std::get<38>(this->_data); + T& table_4_shift = std::get<39>(this->_data); + T& w_l_shift = std::get<40>(this->_data); + T& w_r_shift = std::get<41>(this->_data); + T& w_o_shift = std::get<42>(this->_data); + T& w_4_shift = std::get<43>(this->_data); + T& sorted_accum_shift = std::get<44>(this->_data); + T& z_perm_shift = std::get<45>(this->_data); + T& z_lookup_shift = std::get<46>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; std::vector get_unshifted() override { - return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, - q_elliptic, q_aux, q_lookuptype, sigma_1, sigma_2, sigma_3, sigma_4, id_1, - id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, - lagrange_last, w_l, w_r, w_o, w_4, sorted_1, sorted_2, sorted_3, + return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, + q_elliptic, q_aux, q_lookup, sigma_1, sigma_2, sigma_3, sigma_4, id_1, + id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, + lagrange_last, w_l, w_r, w_o, w_4, sorted_1, sorted_2, sorted_3, sorted_4, z_perm, z_lookup }; From 893d6ae7b7889c287478406742002eef106702e9 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 26 Apr 2023 18:14:37 +0000 Subject: [PATCH 057/119] reinstated UH composer tests passing --- .../composer/ultra_honk_composer.test.cpp | 1984 +++++++++-------- .../relations/relation_correctness.test.cpp | 17 +- .../proof_system/flavor/flavor.hpp | 1 + 3 files changed, 1008 insertions(+), 994 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 057aba0af5..977f8c9b29 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,80 +1,94 @@ -// // WORKTODO -// #include "ultra_honk_composer.hpp" -// #include "barretenberg/common/log.hpp" -// #include "barretenberg/honk/proof_system/ultra_prover.hpp" -// #include "barretenberg/honk/sumcheck/relations/relation.hpp" -// #include "barretenberg/numeric/uint256/uint256.hpp" -// #include "barretenberg/honk/flavor/flavor.hpp" -// #include -// #include -// #include "barretenberg/honk/proof_system/prover.hpp" -// #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" -// #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" -// #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" -// #include "barretenberg/honk/utils/grand_product_delta.hpp" - -// // TODO(luke): TEMPORARY; for testing only (comparison with Ultra Plonk composers) -// #include "barretenberg/plonk/composer/ultra_composer.hpp" -// #include "barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp" -// #include "barretenberg/plonk/proof_system/prover/prover.hpp" - -// #include -// #include - -// using namespace proof_system::honk; - -// namespace test_ultra_honk_composer { - -// std::vector add_variables(auto& composer, std::vector variables) -// { -// std::vector res; -// for (size_t i = 0; i < variables.size(); i++) { -// res.emplace_back(composer.add_variable(variables[i])); -// } -// return res; -// } - -// /** -// * @brief TEMPORARY method for checking consistency of polynomials computed by Ultra Plonk/Honk composers -// * -// * @param honk_prover -// * @param plonk_prover -// */ -// void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) -// { -// auto& honk_store = honk_prover.key->polynomial_store; -// auto& plonk_store = plonk_prover.key->polynomial_store; - -// // Check that all selectors and table polynomials agree (aside from the final element which will differ -// // due to not enforcing non-zero polynomials in Honk). -// for (auto& entry : honk_store) { -// std::string key = entry.first; -// bool is_selector = (key.find("q_") != std::string::npos) || (key.find("table_type") != std::string::npos); -// bool is_table = (key.find("table_value_") != std::string::npos); -// if (plonk_store.contains(key) && (is_selector || is_table)) { -// // check equality for all but final entry -// for (size_t i = 0; i < honk_store.get(key).size() - 1; ++i) { -// ASSERT_EQ(honk_store.get(key)[i], plonk_store.get(key)[i]); -// } -// } -// } - -// // Check that sorted witness-table polynomials agree -// for (auto& entry : honk_store) { -// std::string key = entry.first; -// bool is_sorted_table = (key.find("s_") != std::string::npos); -// if (plonk_store.contains(key) && is_sorted_table) { -// ASSERT_EQ(honk_store.get(key), plonk_store.get(key)); -// } -// } - -// // Check that all wires agree -// // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. -// for (size_t i = 0; i < 4; ++i) { -// std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; -// ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); -// } -// } +// WORKTODO +#include "ultra_honk_composer.hpp" +#include "barretenberg/common/log.hpp" +#include "barretenberg/honk/proof_system/ultra_prover.hpp" +#include "barretenberg/honk/sumcheck/relations/relation.hpp" +#include "barretenberg/numeric/uint256/uint256.hpp" +#include +#include +#include "barretenberg/honk/proof_system/prover.hpp" +#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" +#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" +#include "barretenberg/honk/utils/grand_product_delta.hpp" + +// TODO(luke): TEMPORARY; for testing only (comparison with Ultra Plonk composers) +#include "barretenberg/plonk/composer/ultra_composer.hpp" +#include "barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp" +#include "barretenberg/plonk/proof_system/prover/prover.hpp" + +#include +#include +#include + +using namespace proof_system::honk; + +namespace test_ultra_honk_composer { + +std::vector add_variables(auto& composer, std::vector variables) +{ + std::vector res; + for (size_t i = 0; i < variables.size(); i++) { + res.emplace_back(composer.add_variable(variables[i])); + } + return res; +} + +/** + * @brief TEMPORARY method for checking consistency of polynomials computed by Ultra Plonk/Honk composers + * + * @param honk_prover + * @param plonk_prover + */ +void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plonk_prover) +{ + auto& plonk_store = plonk_prover.key->polynomial_store; + + // Check consistency of table polys (aside from final entry) + auto honk_table_polys = honk_prover.key->get_table_polynomials(); + for (size_t i = 0; i < 4; ++i) { + std::string label = "table_value_" + std::to_string(i + 1) + "_lagrange"; + for (size_t j = 0; j < honk_prover.key->circuit_size - 1; ++j) { + ASSERT_EQ(honk_table_polys[i][j], plonk_store.get(label)[j]); + } + } + + // Check consistency of sorted concatenated witness-table polys (aside from final entry) + auto honk_sorted_polys = honk_prover.key->get_sorted_polynomials(); + for (size_t i = 0; i < 4; ++i) { + std::string label = "s_" + std::to_string(i + 1) + "_lagrange"; + for (size_t j = 0; j < honk_prover.key->circuit_size - 1; ++j) { + ASSERT_EQ(honk_sorted_polys[i][j], plonk_store.get(label)[j]); + } + } + + // Check consistency of selectors (aside from final entry) + auto honk_selectors = honk_prover.key->get_selectors(); + std::vector> plonk_selectors = { plonk_prover.key->polynomial_store.get("q_m_lagrange"), + plonk_prover.key->polynomial_store.get("q_c_lagrange"), + plonk_prover.key->polynomial_store.get("q_1_lagrange"), + plonk_prover.key->polynomial_store.get("q_2_lagrange"), + plonk_prover.key->polynomial_store.get("q_3_lagrange"), + plonk_prover.key->polynomial_store.get("q_4_lagrange"), + plonk_prover.key->polynomial_store.get("q_arith_lagrange"), + plonk_prover.key->polynomial_store.get("q_sort_lagrange"), + plonk_prover.key->polynomial_store.get("q_elliptic_lagrange"), + plonk_prover.key->polynomial_store.get("q_aux_lagrange"), + plonk_prover.key->polynomial_store.get("table_type_lagrange") }; + + for (size_t i = 0; i < plonk_selectors.size(); ++i) { + for (size_t j = 0; j < honk_prover.key->circuit_size - 1; ++j) { + ASSERT_EQ(honk_selectors[i][j], plonk_selectors[i][j]); + } + } + + // Check that all wires agree + // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. + for (size_t i = 0; i < 4; ++i) { + std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; + ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); + } +} // /** // * @brief TEMPORARY (verbose) method for checking consistency of polynomials computed by Ultra Plonk/Honk composers @@ -124,913 +138,909 @@ // // } // } -// TEST(UltraHonkComposer, create_gates_from_plookup_accumulators) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// barretenberg::fr input_value = fr::random_element(); -// { - -// const fr input_hi = uint256_t(input_value).slice(126, 256); -// const fr input_lo = uint256_t(input_value).slice(0, 126); -// const auto input_hi_index = honk_composer.add_variable(input_hi); -// const auto input_lo_index = honk_composer.add_variable(input_lo); - -// const auto sequence_data_hi = -// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); -// const auto sequence_data_lo = -// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - -// const auto lookup_witnesses_hi = honk_composer.create_gates_from_plookup_accumulators( -// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); -// const auto lookup_witnesses_lo = honk_composer.create_gates_from_plookup_accumulators( -// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); -// } -// { -// const fr input_hi = uint256_t(input_value).slice(126, 256); -// const fr input_lo = uint256_t(input_value).slice(0, 126); -// const auto input_hi_index = plonk_composer.add_variable(input_hi); -// const auto input_lo_index = plonk_composer.add_variable(input_lo); - -// const auto sequence_data_hi = -// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); -// const auto sequence_data_lo = -// plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); - -// const auto lookup_witnesses_hi = plonk_composer.create_gates_from_plookup_accumulators( -// plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); -// const auto lookup_witnesses_lo = plonk_composer.create_gates_from_plookup_accumulators( -// plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// /** -// * @brief Build UltraHonkComposer -// * -// */ -// TEST(UltraHonkComposer, test_no_lookup_proof) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// size_t MM = 4; -// for (size_t i = 0; i < MM; ++i) { -// for (size_t j = 0; j < MM; ++j) { -// uint64_t left = static_cast(j); -// uint64_t right = static_cast(i); -// uint32_t left_idx = honk_composer.add_variable(fr(left)); -// uint32_t right_idx = honk_composer.add_variable(fr(right)); -// uint32_t result_idx = honk_composer.add_variable(fr(left ^ right)); - -// uint32_t add_idx = -// honk_composer.add_variable(fr(left) + fr(right) + honk_composer.get_variable(result_idx)); -// honk_composer.create_big_add_gate( -// { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); -// } -// } - -// for (size_t i = 0; i < MM; ++i) { -// for (size_t j = 0; j < MM; ++j) { -// uint64_t left = static_cast(j); -// uint64_t right = static_cast(i); -// uint32_t left_idx = plonk_composer.add_variable(fr(left)); -// uint32_t right_idx = plonk_composer.add_variable(fr(right)); -// uint32_t result_idx = plonk_composer.add_variable(fr(left ^ right)); - -// uint32_t add_idx = -// plonk_composer.add_variable(fr(left) + fr(right) + plonk_composer.get_variable(result_idx)); -// plonk_composer.create_big_add_gate( -// { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); -// } -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, test_elliptic_gate) -// { -// typedef grumpkin::g1::affine_element affine_element; -// typedef grumpkin::g1::element element; - -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; -// affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; -// affine_element p3(element(p1) + element(p2)); - -// uint32_t x1 = honk_composer.add_variable(p1.x); -// uint32_t y1 = honk_composer.add_variable(p1.y); -// uint32_t x2 = honk_composer.add_variable(p2.x); -// uint32_t y2 = honk_composer.add_variable(p2.y); -// uint32_t x3 = honk_composer.add_variable(p3.x); -// uint32_t y3 = honk_composer.add_variable(p3.y); - -// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; -// honk_composer.create_ecc_add_gate(gate); - -// grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); -// affine_element p2_endo = p2; -// p2_endo.x *= beta; -// p3 = affine_element(element(p1) + element(p2_endo)); -// x3 = honk_composer.add_variable(p3.x); -// y3 = honk_composer.add_variable(p3.y); -// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; -// honk_composer.create_ecc_add_gate(gate); - -// p2_endo.x *= beta; -// p3 = affine_element(element(p1) - element(p2_endo)); -// x3 = honk_composer.add_variable(p3.x); -// y3 = honk_composer.add_variable(p3.y); -// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; -// honk_composer.create_ecc_add_gate(gate); -// } -// { -// affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; -// affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; -// affine_element p3(element(p1) + element(p2)); - -// uint32_t x1 = plonk_composer.add_variable(p1.x); -// uint32_t y1 = plonk_composer.add_variable(p1.y); -// uint32_t x2 = plonk_composer.add_variable(p2.x); -// uint32_t y2 = plonk_composer.add_variable(p2.y); -// uint32_t x3 = plonk_composer.add_variable(p3.x); -// uint32_t y3 = plonk_composer.add_variable(p3.y); - -// ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; -// plonk_composer.create_ecc_add_gate(gate); - -// grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); -// affine_element p2_endo = p2; -// p2_endo.x *= beta; -// p3 = affine_element(element(p1) + element(p2_endo)); -// x3 = plonk_composer.add_variable(p3.x); -// y3 = plonk_composer.add_variable(p3.y); -// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; -// plonk_composer.create_ecc_add_gate(gate); - -// p2_endo.x *= beta; -// p3 = affine_element(element(p1) - element(p2_endo)); -// x3 = plonk_composer.add_variable(p3.x); -// y3 = plonk_composer.add_variable(p3.y); -// gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; -// plonk_composer.create_ecc_add_gate(gate); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, non_trivial_tag_permutation) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// fr a = fr::random_element(); -// { -// fr b = -a; - -// auto a_idx = honk_composer.add_variable(a); -// auto b_idx = honk_composer.add_variable(b); -// auto c_idx = honk_composer.add_variable(b); -// auto d_idx = honk_composer.add_variable(a); - -// honk_composer.create_add_gate( -// { a_idx, b_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); -// honk_composer.create_add_gate( -// { c_idx, d_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); - -// honk_composer.create_tag(1, 2); -// honk_composer.create_tag(2, 1); - -// honk_composer.assign_tag(a_idx, 1); -// honk_composer.assign_tag(b_idx, 1); -// honk_composer.assign_tag(c_idx, 2); -// honk_composer.assign_tag(d_idx, 2); -// } -// { -// fr b = -a; - -// auto a_idx = plonk_composer.add_variable(a); -// auto b_idx = plonk_composer.add_variable(b); -// auto c_idx = plonk_composer.add_variable(b); -// auto d_idx = plonk_composer.add_variable(a); - -// plonk_composer.create_add_gate( -// { a_idx, b_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); -// plonk_composer.create_add_gate( -// { c_idx, d_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); - -// plonk_composer.create_tag(1, 2); -// plonk_composer.create_tag(2, 1); - -// plonk_composer.assign_tag(a_idx, 1); -// plonk_composer.assign_tag(b_idx, 1); -// plonk_composer.assign_tag(c_idx, 2); -// plonk_composer.assign_tag(d_idx, 2); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, non_trivial_tag_permutation_and_cycles) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// fr a = fr::random_element(); -// { -// fr c = -a; - -// auto a_idx = honk_composer.add_variable(a); -// auto b_idx = honk_composer.add_variable(a); -// honk_composer.assert_equal(a_idx, b_idx); -// auto c_idx = honk_composer.add_variable(c); -// auto d_idx = honk_composer.add_variable(c); -// honk_composer.assert_equal(c_idx, d_idx); -// auto e_idx = honk_composer.add_variable(a); -// auto f_idx = honk_composer.add_variable(a); -// honk_composer.assert_equal(e_idx, f_idx); -// auto g_idx = honk_composer.add_variable(c); -// auto h_idx = honk_composer.add_variable(c); -// honk_composer.assert_equal(g_idx, h_idx); - -// honk_composer.create_tag(1, 2); -// honk_composer.create_tag(2, 1); - -// honk_composer.assign_tag(a_idx, 1); -// honk_composer.assign_tag(c_idx, 1); -// honk_composer.assign_tag(e_idx, 2); -// honk_composer.assign_tag(g_idx, 2); - -// honk_composer.create_add_gate( -// { b_idx, a_idx, honk_composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); -// honk_composer.create_add_gate( -// { c_idx, g_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); -// honk_composer.create_add_gate( -// { e_idx, f_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); -// } -// { -// fr c = -a; - -// auto a_idx = plonk_composer.add_variable(a); -// auto b_idx = plonk_composer.add_variable(a); -// plonk_composer.assert_equal(a_idx, b_idx); -// auto c_idx = plonk_composer.add_variable(c); -// auto d_idx = plonk_composer.add_variable(c); -// plonk_composer.assert_equal(c_idx, d_idx); -// auto e_idx = plonk_composer.add_variable(a); -// auto f_idx = plonk_composer.add_variable(a); -// plonk_composer.assert_equal(e_idx, f_idx); -// auto g_idx = plonk_composer.add_variable(c); -// auto h_idx = plonk_composer.add_variable(c); -// plonk_composer.assert_equal(g_idx, h_idx); - -// plonk_composer.create_tag(1, 2); -// plonk_composer.create_tag(2, 1); - -// plonk_composer.assign_tag(a_idx, 1); -// plonk_composer.assign_tag(c_idx, 1); -// plonk_composer.assign_tag(e_idx, 2); -// plonk_composer.assign_tag(g_idx, 2); - -// plonk_composer.create_add_gate( -// { b_idx, a_idx, plonk_composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); -// plonk_composer.create_add_gate( -// { c_idx, g_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); -// plonk_composer.create_add_gate( -// { e_idx, f_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, bad_tag_permutation) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// fr a = fr::random_element(); -// { -// fr b = -a; - -// auto a_idx = honk_composer.add_variable(a); -// auto b_idx = honk_composer.add_variable(b); -// auto c_idx = honk_composer.add_variable(b); -// auto d_idx = honk_composer.add_variable(a + 1); - -// honk_composer.create_add_gate({ a_idx, b_idx, honk_composer.get_zero_idx(), 1, 1, 0, 0 }); -// honk_composer.create_add_gate({ c_idx, d_idx, honk_composer.get_zero_idx(), 1, 1, 0, -1 }); - -// honk_composer.create_tag(1, 2); -// honk_composer.create_tag(2, 1); - -// honk_composer.assign_tag(a_idx, 1); -// honk_composer.assign_tag(b_idx, 1); -// honk_composer.assign_tag(c_idx, 2); -// honk_composer.assign_tag(d_idx, 2); -// } -// { -// fr b = -a; - -// auto a_idx = plonk_composer.add_variable(a); -// auto b_idx = plonk_composer.add_variable(b); -// auto c_idx = plonk_composer.add_variable(b); -// auto d_idx = plonk_composer.add_variable(a + 1); - -// plonk_composer.create_add_gate({ a_idx, b_idx, plonk_composer.zero_idx, 1, 1, 0, 0 }); -// plonk_composer.create_add_gate({ c_idx, d_idx, plonk_composer.zero_idx, 1, 1, 0, -1 }); - -// plonk_composer.create_tag(1, 2); -// plonk_composer.create_tag(2, 1); - -// plonk_composer.assign_tag(a_idx, 1); -// plonk_composer.assign_tag(b_idx, 1); -// plonk_composer.assign_tag(c_idx, 2); -// plonk_composer.assign_tag(d_idx, 2); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, sort_widget) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// fr a = fr::one(); -// fr b = fr(2); -// fr c = fr(3); -// fr d = fr(4); - -// auto a_idx = honk_composer.add_variable(a); -// auto b_idx = honk_composer.add_variable(b); -// auto c_idx = honk_composer.add_variable(c); -// auto d_idx = honk_composer.add_variable(d); -// honk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); -// } -// { -// fr a = fr::one(); -// fr b = fr(2); -// fr c = fr(3); -// fr d = fr(4); - -// auto a_idx = plonk_composer.add_variable(a); -// auto b_idx = plonk_composer.add_variable(b); -// auto c_idx = plonk_composer.add_variable(c); -// auto d_idx = plonk_composer.add_variable(d); -// plonk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, sort_with_edges_gate) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// auto idx = add_variables(honk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, -// 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - -// honk_composer.create_sort_constraint_with_edges(idx, 1, 29); -// } -// { -// auto idx = add_variables(plonk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, -// 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); - -// plonk_composer.create_sort_constraint_with_edges(idx, 1, 29); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, range_constraint) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// auto indices = -// add_variables(honk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 -// }); -// for (size_t i = 0; i < indices.size(); i++) { -// honk_composer.create_new_range_constraint(indices[i], 79); -// } -// honk_composer.create_dummy_constraints(indices); -// } -// { -// auto indices = -// add_variables(plonk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 -// }); -// for (size_t i = 0; i < indices.size(); i++) { -// plonk_composer.create_new_range_constraint(indices[i], 79); -// } -// plonk_composer.create_dummy_constraints(indices); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, range_with_gates) -// { - -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); -// for (size_t i = 0; i < idx.size(); i++) { -// honk_composer.create_new_range_constraint(idx[i], 8); -// } - -// honk_composer.create_add_gate( -// { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); -// honk_composer.create_add_gate( -// { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); -// honk_composer.create_add_gate( -// { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); -// honk_composer.create_add_gate( -// { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); -// } -// { -// auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); -// for (size_t i = 0; i < idx.size(); i++) { -// plonk_composer.create_new_range_constraint(idx[i], 8); -// } - -// plonk_composer.create_add_gate( -// { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); -// plonk_composer.create_add_gate( -// { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); -// plonk_composer.create_add_gate( -// { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); -// plonk_composer.create_add_gate( -// { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, range_with_gates_where_range_is_not_a_power_of_two) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); -// for (size_t i = 0; i < idx.size(); i++) { -// honk_composer.create_new_range_constraint(idx[i], 12); -// } - -// honk_composer.create_add_gate( -// { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); -// honk_composer.create_add_gate( -// { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); -// honk_composer.create_add_gate( -// { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); -// honk_composer.create_add_gate( -// { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); -// } -// { -// auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); -// for (size_t i = 0; i < idx.size(); i++) { -// plonk_composer.create_new_range_constraint(idx[i], 12); -// } - -// plonk_composer.create_add_gate( -// { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); -// plonk_composer.create_add_gate( -// { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); -// plonk_composer.create_add_gate( -// { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); -// plonk_composer.create_add_gate( -// { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, sort_widget_complex) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// { -// std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; -// std::vector ind; -// for (size_t i = 0; i < a.size(); i++) -// ind.emplace_back(honk_composer.add_variable(a[i])); -// honk_composer.create_sort_constraint(ind); -// } -// { -// std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; -// std::vector ind; -// for (size_t i = 0; i < a.size(); i++) -// ind.emplace_back(plonk_composer.add_variable(a[i])); -// plonk_composer.create_sort_constraint(ind); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, composed_range_constraint) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// auto c = fr::random_element(); -// { -// auto d = uint256_t(c).slice(0, 133); -// auto e = fr(d); -// auto a_idx = honk_composer.add_variable(fr(e)); -// honk_composer.create_add_gate( -// { a_idx, honk_composer.get_zero_idx(), honk_composer.get_zero_idx(), 1, 0, 0, -fr(e) }); -// honk_composer.decompose_into_default_range(a_idx, 134); -// } -// { -// auto d = uint256_t(c).slice(0, 133); -// auto e = fr(d); -// auto a_idx = plonk_composer.add_variable(fr(e)); -// plonk_composer.create_add_gate({ a_idx, plonk_composer.zero_idx, plonk_composer.zero_idx, 1, 0, 0, -fr(e) }); -// plonk_composer.decompose_into_default_range(a_idx, 134); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, non_native_field_multiplication) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// fq a = fq::random_element(); -// fq b = fq::random_element(); -// { -// uint256_t modulus = fq::modulus; - -// uint1024_t a_big = uint512_t(uint256_t(a)); -// uint1024_t b_big = uint512_t(uint256_t(b)); -// uint1024_t p_big = uint512_t(uint256_t(modulus)); - -// uint1024_t q_big = (a_big * b_big) / p_big; -// uint1024_t r_big = (a_big * b_big) % p_big; - -// uint256_t q(q_big.lo.lo); -// uint256_t r(r_big.lo.lo); - -// const auto split_into_limbs = [&](const uint512_t& input) { -// constexpr size_t NUM_BITS = 68; -// std::array limbs; -// limbs[0] = input.slice(0, NUM_BITS).lo; -// limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; -// limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; -// limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; -// limbs[4] = fr(input.lo); -// return limbs; -// }; - -// const auto get_limb_witness_indices = [&](const std::array& limbs) { -// std::array limb_indices; -// limb_indices[0] = honk_composer.add_variable(limbs[0]); -// limb_indices[1] = honk_composer.add_variable(limbs[1]); -// limb_indices[2] = honk_composer.add_variable(limbs[2]); -// limb_indices[3] = honk_composer.add_variable(limbs[3]); -// limb_indices[4] = honk_composer.add_variable(limbs[4]); -// return limb_indices; -// }; -// const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); -// auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); - -// const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); -// const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); -// const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); -// const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); - -// proof_system::non_native_field_witnesses inputs{ -// a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), -// }; -// const auto [lo_1_idx, hi_1_idx] = honk_composer.queue_non_native_field_multiplication(inputs); -// honk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); -// } -// { -// uint256_t modulus = fq::modulus; - -// uint1024_t a_big = uint512_t(uint256_t(a)); -// uint1024_t b_big = uint512_t(uint256_t(b)); -// uint1024_t p_big = uint512_t(uint256_t(modulus)); - -// uint1024_t q_big = (a_big * b_big) / p_big; -// uint1024_t r_big = (a_big * b_big) % p_big; - -// uint256_t q(q_big.lo.lo); -// uint256_t r(r_big.lo.lo); - -// const auto split_into_limbs = [&](const uint512_t& input) { -// constexpr size_t NUM_BITS = 68; -// std::array limbs; -// limbs[0] = input.slice(0, NUM_BITS).lo; -// limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; -// limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; -// limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; -// limbs[4] = fr(input.lo); -// return limbs; -// }; - -// const auto get_limb_witness_indices = [&](const std::array& limbs) { -// std::array limb_indices; -// limb_indices[0] = plonk_composer.add_variable(limbs[0]); -// limb_indices[1] = plonk_composer.add_variable(limbs[1]); -// limb_indices[2] = plonk_composer.add_variable(limbs[2]); -// limb_indices[3] = plonk_composer.add_variable(limbs[3]); -// limb_indices[4] = plonk_composer.add_variable(limbs[4]); -// return limb_indices; -// }; -// const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); -// auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); - -// const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); -// const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); -// const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); -// const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); - -// proof_system::plonk::UltraComposer::non_native_field_witnesses inputs{ -// a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), -// }; -// const auto [lo_1_idx, hi_1_idx] = plonk_composer.queue_non_native_field_multiplication(inputs); -// plonk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, rom) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// auto a = fr::random_element(); -// auto b = fr::random_element(); -// auto c = fr::random_element(); -// auto d = fr::random_element(); -// auto e = fr::random_element(); -// auto f = fr::random_element(); -// auto g = fr::random_element(); -// auto h = fr::random_element(); -// { -// uint32_t rom_values[8]{ -// honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), -// honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), -// honk_composer.add_variable(g), honk_composer.add_variable(h), -// }; - -// size_t rom_id = honk_composer.create_ROM_array(8); - -// for (size_t i = 0; i < 8; ++i) { -// honk_composer.set_ROM_element(rom_id, i, rom_values[i]); -// } - -// uint32_t a_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(5)); -// EXPECT_EQ(a_idx != rom_values[5], true); -// uint32_t b_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(4)); -// uint32_t c_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(1)); - -// const auto d_value = -// honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + -// honk_composer.get_variable(c_idx); -// uint32_t d_idx = honk_composer.add_variable(d_value); - -// honk_composer.create_big_add_gate({ -// a_idx, -// b_idx, -// c_idx, -// d_idx, -// 1, -// 1, -// 1, -// -1, -// 0, -// }); -// } -// { -// uint32_t rom_values[8]{ -// plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), -// plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), -// plonk_composer.add_variable(g), plonk_composer.add_variable(h), -// }; - -// size_t rom_id = plonk_composer.create_ROM_array(8); - -// for (size_t i = 0; i < 8; ++i) { -// plonk_composer.set_ROM_element(rom_id, i, rom_values[i]); -// } - -// uint32_t a_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(5)); -// EXPECT_EQ(a_idx != rom_values[5], true); -// uint32_t b_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(4)); -// uint32_t c_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(1)); - -// const auto d_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + -// plonk_composer.get_variable(c_idx); -// uint32_t d_idx = plonk_composer.add_variable(d_value); - -// plonk_composer.create_big_add_gate({ -// a_idx, -// b_idx, -// c_idx, -// d_idx, -// 1, -// 1, -// 1, -// -1, -// 0, -// }); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// check_consistency(honk_prover, plonk_prover); -// verify_consistency(honk_prover, plonk_prover); -// } - -// TEST(UltraHonkComposer, ram) -// { -// auto honk_composer = UltraHonkComposer(); -// auto plonk_composer = proof_system::plonk::UltraComposer(); - -// auto a = fr::random_element(); -// auto b = fr::random_element(); -// auto c = fr::random_element(); -// auto d = fr::random_element(); -// auto e = fr::random_element(); -// auto f = fr::random_element(); -// auto g = fr::random_element(); -// auto h = fr::random_element(); -// { -// uint32_t ram_values[8]{ -// honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), -// honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), -// honk_composer.add_variable(g), honk_composer.add_variable(h), -// }; - -// size_t ram_id = honk_composer.create_RAM_array(8); - -// for (size_t i = 0; i < 8; ++i) { -// honk_composer.init_RAM_element(ram_id, i, ram_values[i]); -// } - -// uint32_t a_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(5)); -// EXPECT_EQ(a_idx != ram_values[5], true); - -// uint32_t b_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); -// uint32_t c_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(1)); - -// honk_composer.write_RAM_array(ram_id, honk_composer.add_variable(4), honk_composer.add_variable(500)); -// uint32_t d_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); - -// EXPECT_EQ(honk_composer.get_variable(d_idx), 500); - -// // ensure these vars get used in another arithmetic gate -// const auto e_value = honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + -// honk_composer.get_variable(c_idx) + honk_composer.get_variable(d_idx); -// uint32_t e_idx = honk_composer.add_variable(e_value); - -// honk_composer.create_big_add_gate( -// { -// a_idx, -// b_idx, -// c_idx, -// d_idx, -// -1, -// -1, -// -1, -// -1, -// 0, -// }, -// true); -// honk_composer.create_big_add_gate( -// { -// honk_composer.get_zero_idx(), -// honk_composer.get_zero_idx(), -// honk_composer.get_zero_idx(), -// e_idx, -// 0, -// 0, -// 0, -// 0, -// 0, -// }, -// false); -// } -// { -// uint32_t ram_values[8]{ -// plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), -// plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), -// plonk_composer.add_variable(g), plonk_composer.add_variable(h), -// }; - -// size_t ram_id = plonk_composer.create_RAM_array(8); - -// for (size_t i = 0; i < 8; ++i) { -// plonk_composer.init_RAM_element(ram_id, i, ram_values[i]); -// } - -// uint32_t a_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(5)); -// EXPECT_EQ(a_idx != ram_values[5], true); - -// uint32_t b_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); -// uint32_t c_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(1)); - -// plonk_composer.write_RAM_array(ram_id, plonk_composer.add_variable(4), plonk_composer.add_variable(500)); -// uint32_t d_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); - -// EXPECT_EQ(plonk_composer.get_variable(d_idx), 500); - -// // ensure these vars get used in another arithmetic gate -// const auto e_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + -// plonk_composer.get_variable(c_idx) + plonk_composer.get_variable(d_idx); -// uint32_t e_idx = plonk_composer.add_variable(e_value); - -// plonk_composer.create_big_add_gate( -// { -// a_idx, -// b_idx, -// c_idx, -// d_idx, -// -1, -// -1, -// -1, -// -1, -// 0, -// }, -// true); -// plonk_composer.create_big_add_gate( -// { -// plonk_composer.zero_idx, -// plonk_composer.zero_idx, -// plonk_composer.zero_idx, -// e_idx, -// 0, -// 0, -// 0, -// 0, -// 0, -// }, -// false); -// } - -// auto honk_prover = honk_composer.create_prover(); -// auto plonk_prover = plonk_composer.create_prover(); - -// verify_consistency(honk_prover, plonk_prover); -// } - -// } // namespace test_ultra_honk_composer +TEST(UltraHonkComposer, create_gates_from_plookup_accumulators) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + barretenberg::fr input_value = fr::random_element(); + { + + const fr input_hi = uint256_t(input_value).slice(126, 256); + const fr input_lo = uint256_t(input_value).slice(0, 126); + const auto input_hi_index = honk_composer.add_variable(input_hi); + const auto input_lo_index = honk_composer.add_variable(input_lo); + + const auto sequence_data_hi = + plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); + const auto sequence_data_lo = + plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + + const auto lookup_witnesses_hi = honk_composer.create_gates_from_plookup_accumulators( + plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); + const auto lookup_witnesses_lo = honk_composer.create_gates_from_plookup_accumulators( + plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); + } + { + const fr input_hi = uint256_t(input_value).slice(126, 256); + const fr input_lo = uint256_t(input_value).slice(0, 126); + const auto input_hi_index = plonk_composer.add_variable(input_hi); + const auto input_lo_index = plonk_composer.add_variable(input_lo); + + const auto sequence_data_hi = + plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_HI, input_hi); + const auto sequence_data_lo = + plookup::get_lookup_accumulators(plookup::MultiTableId::PEDERSEN_LEFT_LO, input_lo); + + const auto lookup_witnesses_hi = plonk_composer.create_gates_from_plookup_accumulators( + plookup::MultiTableId::PEDERSEN_LEFT_HI, sequence_data_hi, input_hi_index); + const auto lookup_witnesses_lo = plonk_composer.create_gates_from_plookup_accumulators( + plookup::MultiTableId::PEDERSEN_LEFT_LO, sequence_data_lo, input_lo_index); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +/** + * @brief Build UltraHonkComposer + * + */ +TEST(UltraHonkComposer, test_no_lookup_proof) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + size_t MM = 4; + for (size_t i = 0; i < MM; ++i) { + for (size_t j = 0; j < MM; ++j) { + uint64_t left = static_cast(j); + uint64_t right = static_cast(i); + uint32_t left_idx = honk_composer.add_variable(fr(left)); + uint32_t right_idx = honk_composer.add_variable(fr(right)); + uint32_t result_idx = honk_composer.add_variable(fr(left ^ right)); + + uint32_t add_idx = + honk_composer.add_variable(fr(left) + fr(right) + honk_composer.get_variable(result_idx)); + honk_composer.create_big_add_gate( + { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); + } + } + + for (size_t i = 0; i < MM; ++i) { + for (size_t j = 0; j < MM; ++j) { + uint64_t left = static_cast(j); + uint64_t right = static_cast(i); + uint32_t left_idx = plonk_composer.add_variable(fr(left)); + uint32_t right_idx = plonk_composer.add_variable(fr(right)); + uint32_t result_idx = plonk_composer.add_variable(fr(left ^ right)); + + uint32_t add_idx = + plonk_composer.add_variable(fr(left) + fr(right) + plonk_composer.get_variable(result_idx)); + plonk_composer.create_big_add_gate( + { left_idx, right_idx, result_idx, add_idx, fr(1), fr(1), fr(1), fr(-1), fr(0) }); + } + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, test_elliptic_gate) +{ + typedef grumpkin::g1::affine_element affine_element; + typedef grumpkin::g1::element element; + + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; + affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; + affine_element p3(element(p1) + element(p2)); + + uint32_t x1 = honk_composer.add_variable(p1.x); + uint32_t y1 = honk_composer.add_variable(p1.y); + uint32_t x2 = honk_composer.add_variable(p2.x); + uint32_t y2 = honk_composer.add_variable(p2.y); + uint32_t x3 = honk_composer.add_variable(p3.x); + uint32_t y3 = honk_composer.add_variable(p3.y); + + ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; + honk_composer.create_ecc_add_gate(gate); + + grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); + affine_element p2_endo = p2; + p2_endo.x *= beta; + p3 = affine_element(element(p1) + element(p2_endo)); + x3 = honk_composer.add_variable(p3.x); + y3 = honk_composer.add_variable(p3.y); + gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; + honk_composer.create_ecc_add_gate(gate); + + p2_endo.x *= beta; + p3 = affine_element(element(p1) - element(p2_endo)); + x3 = honk_composer.add_variable(p3.x); + y3 = honk_composer.add_variable(p3.y); + gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; + honk_composer.create_ecc_add_gate(gate); + } + { + affine_element p1 = crypto::generators::get_generator_data({ 0, 0 }).generator; + affine_element p2 = crypto::generators::get_generator_data({ 0, 1 }).generator; + affine_element p3(element(p1) + element(p2)); + + uint32_t x1 = plonk_composer.add_variable(p1.x); + uint32_t y1 = plonk_composer.add_variable(p1.y); + uint32_t x2 = plonk_composer.add_variable(p2.x); + uint32_t y2 = plonk_composer.add_variable(p2.y); + uint32_t x3 = plonk_composer.add_variable(p3.x); + uint32_t y3 = plonk_composer.add_variable(p3.y); + + ecc_add_gate gate{ x1, y1, x2, y2, x3, y3, 1, 1 }; + plonk_composer.create_ecc_add_gate(gate); + + grumpkin::fq beta = grumpkin::fq::cube_root_of_unity(); + affine_element p2_endo = p2; + p2_endo.x *= beta; + p3 = affine_element(element(p1) + element(p2_endo)); + x3 = plonk_composer.add_variable(p3.x); + y3 = plonk_composer.add_variable(p3.y); + gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta, 1 }; + plonk_composer.create_ecc_add_gate(gate); + + p2_endo.x *= beta; + p3 = affine_element(element(p1) - element(p2_endo)); + x3 = plonk_composer.add_variable(p3.x); + y3 = plonk_composer.add_variable(p3.y); + gate = ecc_add_gate{ x1, y1, x2, y2, x3, y3, beta.sqr(), -1 }; + plonk_composer.create_ecc_add_gate(gate); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, non_trivial_tag_permutation) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + fr a = fr::random_element(); + { + fr b = -a; + + auto a_idx = honk_composer.add_variable(a); + auto b_idx = honk_composer.add_variable(b); + auto c_idx = honk_composer.add_variable(b); + auto d_idx = honk_composer.add_variable(a); + + honk_composer.create_add_gate( + { a_idx, b_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); + honk_composer.create_add_gate( + { c_idx, d_idx, honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), fr::zero() }); + + honk_composer.create_tag(1, 2); + honk_composer.create_tag(2, 1); + + honk_composer.assign_tag(a_idx, 1); + honk_composer.assign_tag(b_idx, 1); + honk_composer.assign_tag(c_idx, 2); + honk_composer.assign_tag(d_idx, 2); + } + { + fr b = -a; + + auto a_idx = plonk_composer.add_variable(a); + auto b_idx = plonk_composer.add_variable(b); + auto c_idx = plonk_composer.add_variable(b); + auto d_idx = plonk_composer.add_variable(a); + + plonk_composer.create_add_gate( + { a_idx, b_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + plonk_composer.create_add_gate( + { c_idx, d_idx, plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), fr::zero() }); + + plonk_composer.create_tag(1, 2); + plonk_composer.create_tag(2, 1); + + plonk_composer.assign_tag(a_idx, 1); + plonk_composer.assign_tag(b_idx, 1); + plonk_composer.assign_tag(c_idx, 2); + plonk_composer.assign_tag(d_idx, 2); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, non_trivial_tag_permutation_and_cycles) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + fr a = fr::random_element(); + { + fr c = -a; + + auto a_idx = honk_composer.add_variable(a); + auto b_idx = honk_composer.add_variable(a); + honk_composer.assert_equal(a_idx, b_idx); + auto c_idx = honk_composer.add_variable(c); + auto d_idx = honk_composer.add_variable(c); + honk_composer.assert_equal(c_idx, d_idx); + auto e_idx = honk_composer.add_variable(a); + auto f_idx = honk_composer.add_variable(a); + honk_composer.assert_equal(e_idx, f_idx); + auto g_idx = honk_composer.add_variable(c); + auto h_idx = honk_composer.add_variable(c); + honk_composer.assert_equal(g_idx, h_idx); + + honk_composer.create_tag(1, 2); + honk_composer.create_tag(2, 1); + + honk_composer.assign_tag(a_idx, 1); + honk_composer.assign_tag(c_idx, 1); + honk_composer.assign_tag(e_idx, 2); + honk_composer.assign_tag(g_idx, 2); + + honk_composer.create_add_gate( + { b_idx, a_idx, honk_composer.get_zero_idx(), fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + honk_composer.create_add_gate( + { c_idx, g_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); + honk_composer.create_add_gate( + { e_idx, f_idx, honk_composer.get_zero_idx(), fr::one(), -fr::one(), fr::zero(), fr::zero() }); + } + { + fr c = -a; + + auto a_idx = plonk_composer.add_variable(a); + auto b_idx = plonk_composer.add_variable(a); + plonk_composer.assert_equal(a_idx, b_idx); + auto c_idx = plonk_composer.add_variable(c); + auto d_idx = plonk_composer.add_variable(c); + plonk_composer.assert_equal(c_idx, d_idx); + auto e_idx = plonk_composer.add_variable(a); + auto f_idx = plonk_composer.add_variable(a); + plonk_composer.assert_equal(e_idx, f_idx); + auto g_idx = plonk_composer.add_variable(c); + auto h_idx = plonk_composer.add_variable(c); + plonk_composer.assert_equal(g_idx, h_idx); + + plonk_composer.create_tag(1, 2); + plonk_composer.create_tag(2, 1); + + plonk_composer.assign_tag(a_idx, 1); + plonk_composer.assign_tag(c_idx, 1); + plonk_composer.assign_tag(e_idx, 2); + plonk_composer.assign_tag(g_idx, 2); + + plonk_composer.create_add_gate( + { b_idx, a_idx, plonk_composer.zero_idx, fr::one(), fr::neg_one(), fr::zero(), fr::zero() }); + plonk_composer.create_add_gate( + { c_idx, g_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + plonk_composer.create_add_gate( + { e_idx, f_idx, plonk_composer.zero_idx, fr::one(), -fr::one(), fr::zero(), fr::zero() }); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, bad_tag_permutation) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + fr a = fr::random_element(); + { + fr b = -a; + + auto a_idx = honk_composer.add_variable(a); + auto b_idx = honk_composer.add_variable(b); + auto c_idx = honk_composer.add_variable(b); + auto d_idx = honk_composer.add_variable(a + 1); + + honk_composer.create_add_gate({ a_idx, b_idx, honk_composer.get_zero_idx(), 1, 1, 0, 0 }); + honk_composer.create_add_gate({ c_idx, d_idx, honk_composer.get_zero_idx(), 1, 1, 0, -1 }); + + honk_composer.create_tag(1, 2); + honk_composer.create_tag(2, 1); + + honk_composer.assign_tag(a_idx, 1); + honk_composer.assign_tag(b_idx, 1); + honk_composer.assign_tag(c_idx, 2); + honk_composer.assign_tag(d_idx, 2); + } + { + fr b = -a; + + auto a_idx = plonk_composer.add_variable(a); + auto b_idx = plonk_composer.add_variable(b); + auto c_idx = plonk_composer.add_variable(b); + auto d_idx = plonk_composer.add_variable(a + 1); + + plonk_composer.create_add_gate({ a_idx, b_idx, plonk_composer.zero_idx, 1, 1, 0, 0 }); + plonk_composer.create_add_gate({ c_idx, d_idx, plonk_composer.zero_idx, 1, 1, 0, -1 }); + + plonk_composer.create_tag(1, 2); + plonk_composer.create_tag(2, 1); + + plonk_composer.assign_tag(a_idx, 1); + plonk_composer.assign_tag(b_idx, 1); + plonk_composer.assign_tag(c_idx, 2); + plonk_composer.assign_tag(d_idx, 2); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, sort_widget) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + fr a = fr::one(); + fr b = fr(2); + fr c = fr(3); + fr d = fr(4); + + auto a_idx = honk_composer.add_variable(a); + auto b_idx = honk_composer.add_variable(b); + auto c_idx = honk_composer.add_variable(c); + auto d_idx = honk_composer.add_variable(d); + honk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + } + { + fr a = fr::one(); + fr b = fr(2); + fr c = fr(3); + fr d = fr(4); + + auto a_idx = plonk_composer.add_variable(a); + auto b_idx = plonk_composer.add_variable(b); + auto c_idx = plonk_composer.add_variable(c); + auto d_idx = plonk_composer.add_variable(d); + plonk_composer.create_sort_constraint({ a_idx, b_idx, c_idx, d_idx }); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, sort_with_edges_gate) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + auto idx = add_variables(honk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + + honk_composer.create_sort_constraint_with_edges(idx, 1, 29); + } + { + auto idx = add_variables(plonk_composer, { 1, 2, 5, 6, 7, 10, 11, 13, 16, 17, 20, 22, 22, 25, + 26, 29, 29, 32, 32, 33, 35, 38, 39, 39, 42, 42, 43, 45 }); + + plonk_composer.create_sort_constraint_with_edges(idx, 1, 29); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, range_constraint) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + auto indices = + add_variables(honk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + for (size_t i = 0; i < indices.size(); i++) { + honk_composer.create_new_range_constraint(indices[i], 79); + } + honk_composer.create_dummy_constraints(indices); + } + { + auto indices = + add_variables(plonk_composer, { 1, 0, 3, 80, 5, 6, 29, 8, 15, 11, 32, 21, 42, 79, 16, 10, 3, 26, 13, 14 }); + for (size_t i = 0; i < indices.size(); i++) { + plonk_composer.create_new_range_constraint(indices[i], 79); + } + plonk_composer.create_dummy_constraints(indices); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, range_with_gates) +{ + + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + for (size_t i = 0; i < idx.size(); i++) { + honk_composer.create_new_range_constraint(idx[i], 8); + } + + honk_composer.create_add_gate( + { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); + honk_composer.create_add_gate( + { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); + honk_composer.create_add_gate( + { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); + honk_composer.create_add_gate( + { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); + } + { + auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + for (size_t i = 0; i < idx.size(); i++) { + plonk_composer.create_new_range_constraint(idx[i], 8); + } + + plonk_composer.create_add_gate( + { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + plonk_composer.create_add_gate( + { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + plonk_composer.create_add_gate( + { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + plonk_composer.create_add_gate( + { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, range_with_gates_where_range_is_not_a_power_of_two) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + auto idx = add_variables(honk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + for (size_t i = 0; i < idx.size(); i++) { + honk_composer.create_new_range_constraint(idx[i], 12); + } + + honk_composer.create_add_gate( + { idx[0], idx[1], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -3 }); + honk_composer.create_add_gate( + { idx[2], idx[3], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -7 }); + honk_composer.create_add_gate( + { idx[4], idx[5], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -11 }); + honk_composer.create_add_gate( + { idx[6], idx[7], honk_composer.get_zero_idx(), fr::one(), fr::one(), fr::zero(), -15 }); + } + { + auto idx = add_variables(plonk_composer, { 1, 2, 3, 4, 5, 6, 7, 8 }); + for (size_t i = 0; i < idx.size(); i++) { + plonk_composer.create_new_range_constraint(idx[i], 12); + } + + plonk_composer.create_add_gate( + { idx[0], idx[1], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -3 }); + plonk_composer.create_add_gate( + { idx[2], idx[3], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -7 }); + plonk_composer.create_add_gate( + { idx[4], idx[5], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -11 }); + plonk_composer.create_add_gate( + { idx[6], idx[7], plonk_composer.zero_idx, fr::one(), fr::one(), fr::zero(), -15 }); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, sort_widget_complex) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + { + std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; + std::vector ind; + for (size_t i = 0; i < a.size(); i++) + ind.emplace_back(honk_composer.add_variable(a[i])); + honk_composer.create_sort_constraint(ind); + } + { + std::vector a = { 1, 3, 4, 7, 7, 8, 16, 14, 15, 15, 18, 19, 21, 21, 24, 25, 26, 27, 30, 32 }; + std::vector ind; + for (size_t i = 0; i < a.size(); i++) + ind.emplace_back(plonk_composer.add_variable(a[i])); + plonk_composer.create_sort_constraint(ind); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, composed_range_constraint) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + auto c = fr::random_element(); + { + auto d = uint256_t(c).slice(0, 133); + auto e = fr(d); + auto a_idx = honk_composer.add_variable(fr(e)); + honk_composer.create_add_gate( + { a_idx, honk_composer.get_zero_idx(), honk_composer.get_zero_idx(), 1, 0, 0, -fr(e) }); + honk_composer.decompose_into_default_range(a_idx, 134); + } + { + auto d = uint256_t(c).slice(0, 133); + auto e = fr(d); + auto a_idx = plonk_composer.add_variable(fr(e)); + plonk_composer.create_add_gate({ a_idx, plonk_composer.zero_idx, plonk_composer.zero_idx, 1, 0, 0, -fr(e) }); + plonk_composer.decompose_into_default_range(a_idx, 134); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, non_native_field_multiplication) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + fq a = fq::random_element(); + fq b = fq::random_element(); + { + uint256_t modulus = fq::modulus; + + uint1024_t a_big = uint512_t(uint256_t(a)); + uint1024_t b_big = uint512_t(uint256_t(b)); + uint1024_t p_big = uint512_t(uint256_t(modulus)); + + uint1024_t q_big = (a_big * b_big) / p_big; + uint1024_t r_big = (a_big * b_big) % p_big; + + uint256_t q(q_big.lo.lo); + uint256_t r(r_big.lo.lo); + + const auto split_into_limbs = [&](const uint512_t& input) { + constexpr size_t NUM_BITS = 68; + std::array limbs; + limbs[0] = input.slice(0, NUM_BITS).lo; + limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; + limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; + limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; + limbs[4] = fr(input.lo); + return limbs; + }; + + const auto get_limb_witness_indices = [&](const std::array& limbs) { + std::array limb_indices; + limb_indices[0] = honk_composer.add_variable(limbs[0]); + limb_indices[1] = honk_composer.add_variable(limbs[1]); + limb_indices[2] = honk_composer.add_variable(limbs[2]); + limb_indices[3] = honk_composer.add_variable(limbs[3]); + limb_indices[4] = honk_composer.add_variable(limbs[4]); + return limb_indices; + }; + const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); + auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); + + const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); + const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); + const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); + const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); + + proof_system::non_native_field_witnesses inputs{ + a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), + }; + const auto [lo_1_idx, hi_1_idx] = honk_composer.queue_non_native_field_multiplication(inputs); + honk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); + } + { + uint256_t modulus = fq::modulus; + + uint1024_t a_big = uint512_t(uint256_t(a)); + uint1024_t b_big = uint512_t(uint256_t(b)); + uint1024_t p_big = uint512_t(uint256_t(modulus)); + + uint1024_t q_big = (a_big * b_big) / p_big; + uint1024_t r_big = (a_big * b_big) % p_big; + + uint256_t q(q_big.lo.lo); + uint256_t r(r_big.lo.lo); + + const auto split_into_limbs = [&](const uint512_t& input) { + constexpr size_t NUM_BITS = 68; + std::array limbs; + limbs[0] = input.slice(0, NUM_BITS).lo; + limbs[1] = input.slice(NUM_BITS * 1, NUM_BITS * 2).lo; + limbs[2] = input.slice(NUM_BITS * 2, NUM_BITS * 3).lo; + limbs[3] = input.slice(NUM_BITS * 3, NUM_BITS * 4).lo; + limbs[4] = fr(input.lo); + return limbs; + }; + + const auto get_limb_witness_indices = [&](const std::array& limbs) { + std::array limb_indices; + limb_indices[0] = plonk_composer.add_variable(limbs[0]); + limb_indices[1] = plonk_composer.add_variable(limbs[1]); + limb_indices[2] = plonk_composer.add_variable(limbs[2]); + limb_indices[3] = plonk_composer.add_variable(limbs[3]); + limb_indices[4] = plonk_composer.add_variable(limbs[4]); + return limb_indices; + }; + const uint512_t BINARY_BASIS_MODULUS = uint512_t(1) << (68 * 4); + auto modulus_limbs = split_into_limbs(BINARY_BASIS_MODULUS - uint512_t(modulus)); + + const auto a_indices = get_limb_witness_indices(split_into_limbs(uint256_t(a))); + const auto b_indices = get_limb_witness_indices(split_into_limbs(uint256_t(b))); + const auto q_indices = get_limb_witness_indices(split_into_limbs(uint256_t(q))); + const auto r_indices = get_limb_witness_indices(split_into_limbs(uint256_t(r))); + + proof_system::plonk::UltraComposer::non_native_field_witnesses inputs{ + a_indices, b_indices, q_indices, r_indices, modulus_limbs, fr(uint256_t(modulus)), + }; + const auto [lo_1_idx, hi_1_idx] = plonk_composer.queue_non_native_field_multiplication(inputs); + plonk_composer.range_constrain_two_limbs(lo_1_idx, hi_1_idx, 70, 70); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, rom) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + auto a = fr::random_element(); + auto b = fr::random_element(); + auto c = fr::random_element(); + auto d = fr::random_element(); + auto e = fr::random_element(); + auto f = fr::random_element(); + auto g = fr::random_element(); + auto h = fr::random_element(); + { + uint32_t rom_values[8]{ + honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), + honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), + honk_composer.add_variable(g), honk_composer.add_variable(h), + }; + + size_t rom_id = honk_composer.create_ROM_array(8); + + for (size_t i = 0; i < 8; ++i) { + honk_composer.set_ROM_element(rom_id, i, rom_values[i]); + } + + uint32_t a_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(5)); + EXPECT_EQ(a_idx != rom_values[5], true); + uint32_t b_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(4)); + uint32_t c_idx = honk_composer.read_ROM_array(rom_id, honk_composer.add_variable(1)); + + const auto d_value = + honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + honk_composer.get_variable(c_idx); + uint32_t d_idx = honk_composer.add_variable(d_value); + + honk_composer.create_big_add_gate({ + a_idx, + b_idx, + c_idx, + d_idx, + 1, + 1, + 1, + -1, + 0, + }); + } + { + uint32_t rom_values[8]{ + plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), + plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), + plonk_composer.add_variable(g), plonk_composer.add_variable(h), + }; + + size_t rom_id = plonk_composer.create_ROM_array(8); + + for (size_t i = 0; i < 8; ++i) { + plonk_composer.set_ROM_element(rom_id, i, rom_values[i]); + } + + uint32_t a_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(5)); + EXPECT_EQ(a_idx != rom_values[5], true); + uint32_t b_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(4)); + uint32_t c_idx = plonk_composer.read_ROM_array(rom_id, plonk_composer.add_variable(1)); + + const auto d_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + + plonk_composer.get_variable(c_idx); + uint32_t d_idx = plonk_composer.add_variable(d_value); + + plonk_composer.create_big_add_gate({ + a_idx, + b_idx, + c_idx, + d_idx, + 1, + 1, + 1, + -1, + 0, + }); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +TEST(UltraHonkComposer, ram) +{ + auto honk_composer = UltraHonkComposer(); + auto plonk_composer = proof_system::plonk::UltraComposer(); + + auto a = fr::random_element(); + auto b = fr::random_element(); + auto c = fr::random_element(); + auto d = fr::random_element(); + auto e = fr::random_element(); + auto f = fr::random_element(); + auto g = fr::random_element(); + auto h = fr::random_element(); + { + uint32_t ram_values[8]{ + honk_composer.add_variable(a), honk_composer.add_variable(b), honk_composer.add_variable(c), + honk_composer.add_variable(d), honk_composer.add_variable(e), honk_composer.add_variable(f), + honk_composer.add_variable(g), honk_composer.add_variable(h), + }; + + size_t ram_id = honk_composer.create_RAM_array(8); + + for (size_t i = 0; i < 8; ++i) { + honk_composer.init_RAM_element(ram_id, i, ram_values[i]); + } + + uint32_t a_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(5)); + EXPECT_EQ(a_idx != ram_values[5], true); + + uint32_t b_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); + uint32_t c_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(1)); + + honk_composer.write_RAM_array(ram_id, honk_composer.add_variable(4), honk_composer.add_variable(500)); + uint32_t d_idx = honk_composer.read_RAM_array(ram_id, honk_composer.add_variable(4)); + + EXPECT_EQ(honk_composer.get_variable(d_idx), 500); + + // ensure these vars get used in another arithmetic gate + const auto e_value = honk_composer.get_variable(a_idx) + honk_composer.get_variable(b_idx) + + honk_composer.get_variable(c_idx) + honk_composer.get_variable(d_idx); + uint32_t e_idx = honk_composer.add_variable(e_value); + + honk_composer.create_big_add_gate( + { + a_idx, + b_idx, + c_idx, + d_idx, + -1, + -1, + -1, + -1, + 0, + }, + true); + honk_composer.create_big_add_gate( + { + honk_composer.get_zero_idx(), + honk_composer.get_zero_idx(), + honk_composer.get_zero_idx(), + e_idx, + 0, + 0, + 0, + 0, + 0, + }, + false); + } + { + uint32_t ram_values[8]{ + plonk_composer.add_variable(a), plonk_composer.add_variable(b), plonk_composer.add_variable(c), + plonk_composer.add_variable(d), plonk_composer.add_variable(e), plonk_composer.add_variable(f), + plonk_composer.add_variable(g), plonk_composer.add_variable(h), + }; + + size_t ram_id = plonk_composer.create_RAM_array(8); + + for (size_t i = 0; i < 8; ++i) { + plonk_composer.init_RAM_element(ram_id, i, ram_values[i]); + } + + uint32_t a_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(5)); + EXPECT_EQ(a_idx != ram_values[5], true); + + uint32_t b_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); + uint32_t c_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(1)); + + plonk_composer.write_RAM_array(ram_id, plonk_composer.add_variable(4), plonk_composer.add_variable(500)); + uint32_t d_idx = plonk_composer.read_RAM_array(ram_id, plonk_composer.add_variable(4)); + + EXPECT_EQ(plonk_composer.get_variable(d_idx), 500); + + // ensure these vars get used in another arithmetic gate + const auto e_value = plonk_composer.get_variable(a_idx) + plonk_composer.get_variable(b_idx) + + plonk_composer.get_variable(c_idx) + plonk_composer.get_variable(d_idx); + uint32_t e_idx = plonk_composer.add_variable(e_value); + + plonk_composer.create_big_add_gate( + { + a_idx, + b_idx, + c_idx, + d_idx, + -1, + -1, + -1, + -1, + 0, + }, + true); + plonk_composer.create_big_add_gate( + { + plonk_composer.zero_idx, + plonk_composer.zero_idx, + plonk_composer.zero_idx, + e_idx, + 0, + 0, + 0, + 0, + 0, + }, + false); + } + + auto honk_prover = honk_composer.create_prover(); + auto plonk_prover = plonk_composer.create_prover(); + + verify_consistency(honk_prover, plonk_prover); +} + +} // namespace test_ultra_honk_composer diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index c40bbd72d7..38a981e6e7 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -11,6 +11,7 @@ #include "barretenberg/honk/sumcheck/sumcheck_round.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/honk/utils/grand_product_delta.hpp" #include "barretenberg/polynomials/polynomial.hpp" @@ -291,9 +292,9 @@ TEST(RelationCorrectness, UltraRelationCorrectness) auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), honk::sumcheck::UltraArithmeticRelationSecondary(), honk::sumcheck::UltraGrandProductInitializationRelation(), - honk::sumcheck::UltraGrandProductComputationRelation()); - // honk::sumcheck::LookupGrandProductComputationRelation(), - // honk::sumcheck::LookupGrandProductInitializationRelation()); + honk::sumcheck::UltraGrandProductComputationRelation(), + honk::sumcheck::LookupGrandProductComputationRelation(), + honk::sumcheck::LookupGrandProductInitializationRelation()); fr result = 0; for (size_t i = 0; i < prover.key->circuit_size; i++) { @@ -305,6 +306,8 @@ TEST(RelationCorrectness, UltraRelationCorrectness) poly_idx++; } + info("i = ", i); + // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the // i-th row/vertex of the hypercube. We use ASSERT_EQ instead of EXPECT_EQ so that the tests stops at // the first index at which the result is not 0, since result = 0 + C(transposed), which we expect will @@ -321,11 +324,11 @@ TEST(RelationCorrectness, UltraRelationCorrectness) std::get<3>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); ASSERT_EQ(result, 0); - // std::get<4>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - // ASSERT_EQ(result, 0); + std::get<4>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + ASSERT_EQ(result, 0); - // std::get<5>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); - // ASSERT_EQ(result, 0); + std::get<5>(relations).add_full_relation_value_contribution(result, evaluations_at_index_i, params); + ASSERT_EQ(result, 0); } } diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index c5ff62c173..4c8dee9fc4 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -359,6 +359,7 @@ class Ultra { std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; + std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; virtual ~PrecomputedData() = default; }; From 2f2461863844ef5da19fc381e3183518c403f327 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 26 Apr 2023 19:13:13 +0000 Subject: [PATCH 058/119] all tests reinstated and passing! --- .../sumcheck/relations/relation_correctness.test.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 38a981e6e7..a3c85c4b20 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -220,12 +220,17 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); // Construct local sorted_list_polynomials to pass to compute_sorted_list_accumulator() + // TODO(luke): this clunkiness can be cleaned up once we decide where the sorted polynomials will be stored: proving + // key or prover std::vector sorted_list_polynomials; + auto sorted_polynomials = prover.key->get_sorted_polynomials(); for (size_t i = 0; i < 4; ++i) { - // std::string label = "s_" + std::to_string(i + 1) + "_lagrange"; - // sorted_list_polynomials.emplace_back(prover.key->polynomial_store.get(label)); sorted_list_polynomials.emplace_back(prover.key->circuit_size); + for (size_t j = 0; j < prover.key->circuit_size; ++j) { + sorted_list_polynomials[i][j] = sorted_polynomials[i][j]; + } } + // Compute sorted witness-table accumulator auto sorted_list_accumulator = prover_library::compute_sorted_list_accumulator(prover.key, sorted_list_polynomials, eta); From d0732c0b7c6560fa45cb08eb3f665abc4b64f1e4 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Wed, 26 Apr 2023 22:12:11 +0000 Subject: [PATCH 059/119] new ProvingKey and WiP on making everything use the wires in the pkey --- .../standard_honk_composer_helper.cpp | 4 ++ .../standard_honk_composer_helper.hpp | 2 +- .../composer/standard_honk_composer.test.cpp | 3 +- .../barretenberg/honk/proof_system/prover.cpp | 29 ++++++++--- .../barretenberg/honk/proof_system/prover.hpp | 3 +- .../proof_system/flavor/flavor.hpp | 51 +++++++++++++++++-- 6 files changed, 76 insertions(+), 16 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 3136da80b6..ddbd3ec871 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -88,6 +88,10 @@ void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circu wire_polynomials = construct_wire_polynomials_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); + proving_key->w_l = wire_polynomials[0]; + proving_key->w_r = wire_polynomials[1]; + proving_key->w_o = wire_polynomials[2]; + computed_witness = true; } diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 16a9894bec..c6fa872abb 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -26,7 +26,7 @@ class StandardHonkComposerHelper { static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; std::shared_ptr proving_key; - std::vector wire_polynomials; + std::vector wire_polynomials; // WORKTODO(luke): REMOVE std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 3a0ab1cfa4..8fef4f22a2 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -73,10 +73,11 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) auto permutation_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); + auto wire_polynomials = proving_key->get_wires(); for (size_t j = 0; j < StandardHonkComposer::num_wires; ++j) { std::string index = std::to_string(j + 1); const auto& permutation_polynomial = permutation_polynomials[j]; - const auto& witness_polynomial = composer.composer_helper.wire_polynomials[j]; + const auto& witness_polynomial = wire_polynomials[j]; const auto& id_polynomial = id_polynomials[j]; // left = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅ind(i,j) + γ) // right = ∏ᵢ,ⱼ(ωᵢ,ⱼ + β⋅σ(i,j) + γ) diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 932da4316d..f49022029b 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -34,6 +34,7 @@ namespace proof_system::honk { * @tparam settings Settings class. * */ // TODO(Cody): both input types are foo& in prototype +// WORKTODO(luke): remove all trace of wire_poly(nomial)s here template Prover::Prover(std::vector&& wire_polys, const std::shared_ptr input_key) : wire_polynomials(wire_polys) @@ -56,9 +57,9 @@ Prover::Prover(std::vector&& wire_polys, const std::shared_p prover_polynomials.lagrange_first = key->lagrange_first; prover_polynomials.lagrange_last = key->lagrange_last; // WORKTODO: loose coupling here. Also: unique pointers? - prover_polynomials.w_l = wire_polys[0]; - prover_polynomials.w_r = wire_polys[1]; - prover_polynomials.w_o = wire_polys[2]; + prover_polynomials.w_l = key->w_l; + prover_polynomials.w_r = key->w_r; + prover_polynomials.w_o = key->w_o; // Add public inputs to transcript from the second wire polynomial std::span public_wires_source = prover_polynomials.w_r; @@ -76,8 +77,9 @@ Prover::Prover(std::vector&& wire_polys, const std::shared_p template void Prover::compute_wire_commitments() { size_t wire_idx = 0; // ZIPTODO + auto wire_polys = key->get_wires(); for (auto& label : commitment_labels.get_wires()) { - queue.add_commitment(wire_polynomials[wire_idx], label); + queue.add_commitment(wire_polys[wire_idx], label); wire_idx++; } } @@ -136,12 +138,23 @@ template void Prover::execute_grand_product_computatio .public_input_delta = public_input_delta, }; - z_permutation = prover_library::compute_permutation_grand_product(key, wire_polynomials, beta, gamma); + // WORKTODO(luke): I'm constructing a vector of Polynomials here to pass to compute_permutation_grand_product but + // eventually compute_permutation_grand_product will just extract them directly from the key. Just dont want to + // break other tests for now. + std::vector wire_polys; + for (auto wire : key->get_wires()) { + wire_polys.emplace_back(key->circuit_size); + for (size_t i = 0; i < key->circuit_size; ++i) { + wire_polys.back()[i] = wire[i]; + } + } + + key->z_perm = prover_library::compute_permutation_grand_product(key, wire_polys, beta, gamma); - queue.add_commitment(z_permutation, commitment_labels.z_perm); + queue.add_commitment(key->z_perm, commitment_labels.z_perm); - prover_polynomials.z_perm = z_permutation; - prover_polynomials.z_perm_shift = z_permutation.shifted(); + prover_polynomials.z_perm = key->z_perm; + prover_polynomials.z_perm_shift = key->z_perm.shifted(); } /** diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index a9110b59bc..3c851a8831 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -64,8 +64,9 @@ template class Prover { // WORKTODO: Rename to StandardProver sumcheck::RelationParameters relation_parameters; + // WORKTODO(luke): REMOVE (these are no longer used but some external tests still rely on them being set by the + // prover) std::vector wire_polynomials; - Polynomial z_permutation; std::shared_ptr key; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 4c8dee9fc4..d526444cd4 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -111,6 +111,8 @@ class Standard { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + // WORKTODO(luke): This number needs to be total witness polys not including shifts. + static constexpr size_t NUM_WITNESS_ENTITIES = 4; // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. @@ -138,26 +140,65 @@ class Standard { virtual ~PrecomputedData() = default; }; + // TODO(luke): this is a WiP + template class WitnessData : public Data { + public: + T& w_l = std::get<0>(this->_data); + T& w_r = std::get<1>(this->_data); + T& w_o = std::get<2>(this->_data); + T& z_perm = std::get<3>(this->_data); + // WORKTODO(luke): shifts are awkward because, in the case of polynomials, shifts do not occupy their own + // memory, whereas the other witnesses do. Maybe shifts simply arent needed here. T& z_perm_shift = + // std::get<3>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o }; }; + + virtual ~WitnessData() = default; + }; + + // WORKTODO(luke): WiP 'Prover Data' concept which is like the Plonk proving key; i.e. precomputed stuff plus + // storage for all witness polys class ProvingKey : public BaseProvingKey, FF> { public: + // Storage for both precomputed polynomials and all witness polynomials (excluding shifts which do not occupy + // their own memory) + WitnessData _witness_data; + + // TODO(luke): I think these will be ok but keep an eye on this. + Polynomial& w_l = _witness_data.w_l; + Polynomial& w_r = _witness_data.w_r; + Polynomial& w_o = _witness_data.w_o; + Polynomial& z_perm = _witness_data.z_perm; + + // Stuff that would otherwise be inherited from from BaseProvingKey + bool contains_recursive_proof; + std::vector recursive_proof_public_input_indices; + std::shared_ptr crs; + EvaluationDomain evaluation_domain; + ProvingKey() = default; ProvingKey(const size_t circuit_size, const size_t num_public_inputs, std::shared_ptr const& crs, ComposerType composer_type) + : crs(crs) + , evaluation_domain(EvaluationDomain(circuit_size, circuit_size)) { this->circuit_size = circuit_size; this->log_circuit_size = numeric::get_msb(circuit_size); this->num_public_inputs = num_public_inputs; - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); this->composer_type = composer_type; - + // Allocate memory for precomputed polynomials for (auto& poly : this->_data) { - auto new_poly = Polynomial(circuit_size); - poly = new_poly; + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : this->_witness_data._data) { + poly = Polynomial(circuit_size); } }; + + std::vector get_wires() { return _witness_data.get_wires(); }; }; class VerificationKey : public BaseVerificationKey> { From 06116f51b56ee8962f3ec4d16375625c7b3514d9 Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 27 Apr 2023 18:24:15 +0000 Subject: [PATCH 060/119] store all witness polys in the provng key for standard and ultra honk --- .../standard_honk_composer_helper.cpp | 4 +- .../standard_honk_composer_helper.hpp | 1 - .../ultra_honk_composer_helper.cpp | 10 +- .../ultra_honk_composer_helper.hpp | 1 - .../composer/ultra_honk_composer.test.cpp | 8 +- .../barretenberg/honk/proof_system/prover.cpp | 18 +-- .../barretenberg/honk/proof_system/prover.hpp | 6 +- .../honk/proof_system/prover_library.cpp | 25 ++-- .../honk/proof_system/prover_library.hpp | 9 +- .../honk/proof_system/prover_library.test.cpp | 21 ++- .../honk/proof_system/ultra_prover.cpp | 6 +- .../honk/proof_system/ultra_prover.hpp | 4 +- .../relations/relation_correctness.test.cpp | 33 +++-- .../proof_system/flavor/flavor.hpp | 121 +++++++++++------- .../stdlib/primitives/field/field.test.cpp | 4 +- 15 files changed, 138 insertions(+), 133 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index ddbd3ec871..2f42328409 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -85,7 +85,7 @@ void StandardHonkComposerHelper::compute_witness(const CircuitConstructor& circu if (computed_witness) { return; } - wire_polynomials = + auto wire_polynomials = construct_wire_polynomials_base(circuit_constructor, minimum_circuit_size, NUM_RANDOMIZED_GATES); proving_key->w_l = wire_polynomials[0]; @@ -161,7 +161,7 @@ StandardProver StandardHonkComposerHelper::create_prover(const CircuitConstructo compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - StandardProver output_state(std::move(wire_polynomials), proving_key); + StandardProver output_state(proving_key); return output_state; } diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index c6fa872abb..156d521b81 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -26,7 +26,6 @@ class StandardHonkComposerHelper { static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; std::shared_ptr proving_key; - std::vector wire_polynomials; // WORKTODO(luke): REMOVE std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 641c53bb07..f927f18f67 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -54,13 +54,19 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr // but elsewhere, e.g. directly above, we use NUM_RESERVED_GATES in a similar role. Therefore, these two constants // must be equal for everything to be consistent. What we should do is compute the dyadic circuit size once and for // all then pass that around rather than computing in multiple places. - wire_polynomials = + auto wire_polynomials = construct_wire_polynomials_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES); + circuit_proving_key->w_l = wire_polynomials[0]; + circuit_proving_key->w_r = wire_polynomials[1]; + circuit_proving_key->w_o = wire_polynomials[2]; + circuit_proving_key->w_4 = wire_polynomials[3]; + polynomial s_1(subgroup_size); polynomial s_2(subgroup_size); polynomial s_3(subgroup_size); polynomial s_4(subgroup_size); + // TODO(luke): The +1 size for z_lookup is not necessary and can lead to confusion. Resolve. polynomial z_lookup(subgroup_size + 1); // Only instantiated in this function; nothing assigned. // Save space for adding random scalars in the s polynomial later. The subtracted 1 allows us to insert a `1` at the @@ -148,7 +154,7 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_c compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - UltraProver output_state(std::move(wire_polynomials), circuit_proving_key); + UltraProver output_state(circuit_proving_key); return output_state; } diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index ad813e2afb..2d3db2ce1f 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -29,7 +29,6 @@ class UltraHonkComposerHelper { // simultaneously here and in the other split composers. static constexpr size_t NUM_RANDOMIZED_GATES = 4; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; - std::vector wire_polynomials; std::shared_ptr circuit_proving_key; std::shared_ptr circuit_verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index 977f8c9b29..e2aa8630d8 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -84,10 +84,10 @@ void verify_consistency(honk::UltraProver& honk_prover, plonk::UltraProver& plon // Check that all wires agree // Note: for Honk, wires are owned directly by the prover. For Plonk they are stored in the key. - for (size_t i = 0; i < 4; ++i) { - std::string label = "w_" + std::to_string(i + 1) + "_lagrange"; - ASSERT_EQ(honk_prover.wire_polynomials[i], plonk_prover.key->polynomial_store.get(label)); - } + ASSERT_EQ(honk_prover.key->w_l, plonk_prover.key->polynomial_store.get("w_1_lagrange")); + ASSERT_EQ(honk_prover.key->w_r, plonk_prover.key->polynomial_store.get("w_2_lagrange")); + ASSERT_EQ(honk_prover.key->w_o, plonk_prover.key->polynomial_store.get("w_3_lagrange")); + ASSERT_EQ(honk_prover.key->w_4, plonk_prover.key->polynomial_store.get("w_4_lagrange")); } // /** diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index f49022029b..ff8241d369 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -36,9 +36,8 @@ namespace proof_system::honk { // TODO(Cody): both input types are foo& in prototype // WORKTODO(luke): remove all trace of wire_poly(nomial)s here template -Prover::Prover(std::vector&& wire_polys, const std::shared_ptr input_key) - : wire_polynomials(wire_polys) - , key(input_key) +Prover::Prover(const std::shared_ptr input_key) + : key(input_key) , queue(input_key->circuit_size, transcript) { // Note(luke): This could be done programmatically with some hacks but this isnt too bad and its nice to see the @@ -138,18 +137,7 @@ template void Prover::execute_grand_product_computatio .public_input_delta = public_input_delta, }; - // WORKTODO(luke): I'm constructing a vector of Polynomials here to pass to compute_permutation_grand_product but - // eventually compute_permutation_grand_product will just extract them directly from the key. Just dont want to - // break other tests for now. - std::vector wire_polys; - for (auto wire : key->get_wires()) { - wire_polys.emplace_back(key->circuit_size); - for (size_t i = 0; i < key->circuit_size; ++i) { - wire_polys.back()[i] = wire[i]; - } - } - - key->z_perm = prover_library::compute_permutation_grand_product(key, wire_polys, beta, gamma); + key->z_perm = prover_library::compute_permutation_grand_product(key, beta, gamma); queue.add_commitment(key->z_perm, commitment_labels.z_perm); diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 3c851a8831..7e1554d4cc 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -38,7 +38,7 @@ template class Prover { // WORKTODO: Rename to StandardProver using CommitmentLabels = typename Flavor::CommitmentLabels; public: - Prover(std::vector&& wire_polys, std::shared_ptr input_key = nullptr); + explicit Prover(std::shared_ptr input_key = nullptr); void execute_preamble_round(); void execute_wire_commitments_round(); @@ -64,10 +64,6 @@ template class Prover { // WORKTODO: Rename to StandardProver sumcheck::RelationParameters relation_parameters; - // WORKTODO(luke): REMOVE (these are no longer used but some external tests still rely on them being set by the - // prover) - std::vector wire_polynomials; - std::shared_ptr key; // Container for spans of all polynomials required by the prover (i.e. all multivariates evaluated by Sumcheck). diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 1081b2e10c..d842745474 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -40,15 +40,15 @@ wirests values */ // TODO(#222)(luke): Parallelize template -typename Flavor::Polynomial compute_permutation_grand_product( - std::shared_ptr& key, - std::vector& wire_polynomials, - typename Flavor::FF beta, - typename Flavor::FF gamma) +typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptr& key, + typename Flavor::FF beta, + typename Flavor::FF gamma) { using barretenberg::polynomial_arithmetic::copy_polynomial; using Polynomial = typename Flavor::Polynomial; + auto wire_polynomials = key->get_wires(); + // TODO(luke): instantiate z_perm here then make the 0th accum a span of it? avoid extra memory. // Allocate accumulator polynomials that will serve as scratch space @@ -184,7 +184,6 @@ typename Flavor::Polynomial compute_permutation_grand_product( */ template typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr& key, - std::vector& wire_polynomials, typename Flavor::Polynomial& sorted_list_accumulator, typename Flavor::FF eta, typename Flavor::FF beta, @@ -210,10 +209,11 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr column_2_step_size = key->q_m; std::span column_3_step_size = key->q_c; + // WORKTODO: is this a bit ugly? what should we do here // Utilize three wires even when more are available. std::array, 3> wires; for (size_t i = 0; i < 3; ++i) { - wires[i] = wire_polynomials[i]; + wires[i] = key->get_wires()[i]; } // Note: the number of table polys is related to program width but '4' is the only value supported @@ -358,20 +358,13 @@ typename Flavor::Polynomial compute_sorted_list_accumulator( } template honk::flavor::Standard::Polynomial compute_permutation_grand_product( - std::shared_ptr&, - std::vector&, - honk::flavor::Standard::FF, - honk::flavor::Standard::FF); + std::shared_ptr&, honk::flavor::Standard::FF, honk::flavor::Standard::FF); template honk::flavor::Ultra::Polynomial compute_permutation_grand_product( - std::shared_ptr&, - std::vector&, - honk::flavor::Ultra::FF, - honk::flavor::Ultra::FF); + std::shared_ptr&, honk::flavor::Ultra::FF, honk::flavor::Ultra::FF); template typename honk::flavor::Ultra::Polynomial compute_lookup_grand_product( std::shared_ptr& key, - std::vector& wire_polynomials, typename honk::flavor::Ultra::Polynomial& sorted_list_accumulator, typename honk::flavor::Ultra::FF eta, typename honk::flavor::Ultra::FF beta, diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.hpp b/cpp/src/barretenberg/honk/proof_system/prover_library.hpp index 57968c6c2a..7f49603425 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.hpp @@ -8,15 +8,12 @@ namespace proof_system::honk::prover_library { template -typename Flavor::Polynomial compute_permutation_grand_product( - std::shared_ptr& key, - std::vector& wire_polynomials, - typename Flavor::FF beta, - typename Flavor::FF gamma); +typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptr& key, + typename Flavor::FF beta, + typename Flavor::FF gamma); template typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr& key, - std::vector& wire_polynomials, typename Flavor::Polynomial& sorted_list_accumulator, typename Flavor::FF eta, typename Flavor::FF beta, diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index 43bec3da39..23cd08867c 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -69,6 +69,7 @@ template class ProverLibraryTests : public testing::Test { std::vector sigmas; std::vector ids; + auto wire_polynomials = proving_key->get_wires(); auto sigma_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); for (size_t i = 0; i < Flavor::num_wires; ++i) { @@ -76,6 +77,7 @@ template class ProverLibraryTests : public testing::Test { sigmas.emplace_back(get_random_polynomial(num_gates)); ids.emplace_back(get_random_polynomial(num_gates)); + populate_span(wire_polynomials[i], wires[i]); populate_span(sigma_polynomials[i], sigmas[i]); populate_span(id_polynomials[i], ids[i]); } @@ -85,8 +87,7 @@ template class ProverLibraryTests : public testing::Test { auto gamma = FF::random_element(); // Method 1: Compute z_perm using 'compute_grand_product_polynomial' as the prover would in practice - Polynomial z_permutation = - prover_library::compute_permutation_grand_product(proving_key, wires, beta, gamma); + Polynomial z_permutation = prover_library::compute_permutation_grand_product(proving_key, beta, gamma); // Method 2: Compute z_perm locally using the simplest non-optimized syntax possible. The comment below, // which describes the computation in 4 steps, is adapted from a similar comment in @@ -174,12 +175,18 @@ template class ProverLibraryTests : public testing::Test { circuit_size, num_public_inputs, reference_string, ComposerType::STANDARD_HONK); // Construct mock wire and permutation polynomials. - // Note: for the purpose of checking the consistency between two methods of computing z_perm, these polynomials - // can simply be random. We're not interested in the particular properties of the result. + // Note: for the purpose of checking the consistency between two methods of computing z_lookup, these + // polynomials can simply be random. We're not interested in the particular properties of the result. std::vector wires; - for (size_t i = 0; i < Flavor::num_wires - 1; ++i) { // TODO: will this test ever generalize? - wires.emplace_back(get_random_polynomial(circuit_size)); + auto wire_polynomials = proving_key->get_wires(); + // Note(luke): Use of 3 wires is fundamental to the structure of the tables and should not be tied to num_wires + // for now + for (size_t i = 0; i < 3; ++i) { // TODO(Cody): will this test ever generalize? + Polynomial random_polynomial = get_random_polynomial(circuit_size); + wires.emplace_back(random_polynomial); + populate_span(wire_polynomials[i], random_polynomial); } + std::vector tables; auto table_polynomials = proving_key->get_table_polynomials(); for (auto& table_polynomial : table_polynomials) { @@ -209,7 +216,7 @@ template class ProverLibraryTests : public testing::Test { // Method 1: Compute z_lookup using the prover library method Polynomial z_lookup = - prover_library::compute_lookup_grand_product(proving_key, wires, sorted_batched, eta, beta, gamma); + prover_library::compute_lookup_grand_product(proving_key, sorted_batched, eta, beta, gamma); // Method 2: Compute the lookup grand product polynomial Z_lookup: // diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp index 186fa03a9d..ef000265ad 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp @@ -32,10 +32,8 @@ namespace proof_system::honk { * @tparam settings Settings class. * */ template -UltraHonkProver::UltraHonkProver(std::vector&& wire_polys, - std::shared_ptr input_key) - : wire_polynomials(wire_polys) - , key(input_key) +UltraHonkProver::UltraHonkProver(std::shared_ptr input_key) + : key(input_key) , queue(input_key->circuit_size, transcript) {} diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index c060a115b5..a62f32dbb3 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -38,15 +38,13 @@ template class UltraHonkProver { using Polynomial = typename Flavor::Polynomial; public: - UltraHonkProver(std::vector&& wire_polys, std::shared_ptr input_key = nullptr); + UltraHonkProver(std::shared_ptr input_key = nullptr); plonk::proof& export_proof(); plonk::proof& construct_proof(); ProverTranscript transcript; - std::vector wire_polynomials; - std::shared_ptr key; // WORKTODO: rename to proving_key work_queue queue; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index a3c85c4b20..ec55efa778 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -74,8 +74,8 @@ TEST(RelationCorrectness, StandardRelationCorrectness) }; // Compute grand product polynomial - polynomial z_permutation = prover_library::compute_permutation_grand_product( - prover.key, prover.wire_polynomials, beta, gamma); + polynomial z_permutation = + prover_library::compute_permutation_grand_product(prover.key, beta, gamma); // Create an array of spans to the underlying polynomials to more easily // get the transposition. @@ -83,9 +83,9 @@ TEST(RelationCorrectness, StandardRelationCorrectness) // in the list below ProverPolynomials prover_polynomials; - prover_polynomials.w_l = prover.wire_polynomials[0]; - prover_polynomials.w_r = prover.wire_polynomials[1]; - prover_polynomials.w_o = prover.wire_polynomials[2]; + prover_polynomials.w_l = prover.key->w_l; + prover_polynomials.w_r = prover.key->w_r; + prover_polynomials.w_o = prover.key->w_o; prover_polynomials.z_perm = z_permutation; prover_polynomials.z_perm_shift = z_permutation.shifted(); prover_polynomials.q_m = prover.key->q_m; @@ -216,8 +216,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) }; // Compute grand product polynomial - auto z_permutation = - prover_library::compute_permutation_grand_product(prover.key, prover.wire_polynomials, beta, gamma); + auto z_permutation = prover_library::compute_permutation_grand_product(prover.key, beta, gamma); // Construct local sorted_list_polynomials to pass to compute_sorted_list_accumulator() // TODO(luke): this clunkiness can be cleaned up once we decide where the sorted polynomials will be stored: proving @@ -236,8 +235,8 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_library::compute_sorted_list_accumulator(prover.key, sorted_list_polynomials, eta); // Compute lookup grand product polynomial - auto z_lookup = prover_library::compute_lookup_grand_product( - prover.key, prover.wire_polynomials, sorted_list_accumulator, eta, beta, gamma); + auto z_lookup = + prover_library::compute_lookup_grand_product(prover.key, sorted_list_accumulator, eta, beta, gamma); // Create an array of spans to the underlying polynomials to more easily // get the transposition. @@ -245,14 +244,14 @@ TEST(RelationCorrectness, UltraRelationCorrectness) // in the list below ProverPolynomials prover_polynomials; - prover_polynomials.w_l = prover.wire_polynomials[0]; - prover_polynomials.w_r = prover.wire_polynomials[1]; - prover_polynomials.w_o = prover.wire_polynomials[2]; - prover_polynomials.w_4 = prover.wire_polynomials[3]; - prover_polynomials.w_l_shift = prover.wire_polynomials[0].shifted(); - prover_polynomials.w_r_shift = prover.wire_polynomials[1].shifted(); - prover_polynomials.w_o_shift = prover.wire_polynomials[2].shifted(); - prover_polynomials.w_4_shift = prover.wire_polynomials[3].shifted(); + prover_polynomials.w_l = prover.key->w_l; + prover_polynomials.w_r = prover.key->w_r; + prover_polynomials.w_o = prover.key->w_o; + prover_polynomials.w_4 = prover.key->w_4; + prover_polynomials.w_l_shift = prover.key->w_l.shifted(); + prover_polynomials.w_r_shift = prover.key->w_r.shifted(); + prover_polynomials.w_o_shift = prover.key->w_o.shifted(); + prover_polynomials.w_4_shift = prover.key->w_4.shifted(); prover_polynomials.sorted_1 = prover.key->sorted_1; prover_polynomials.sorted_2 = prover.key->sorted_2; prover_polynomials.sorted_3 = prover.key->sorted_3; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index d526444cd4..2b11a587fc 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -140,50 +140,40 @@ class Standard { virtual ~PrecomputedData() = default; }; - // TODO(luke): this is a WiP + // Container for all witness polynomials used/constructed by the prover. + // Note: shifts are not included here since they do not occupy their own memory template class WitnessData : public Data { public: T& w_l = std::get<0>(this->_data); T& w_r = std::get<1>(this->_data); T& w_o = std::get<2>(this->_data); T& z_perm = std::get<3>(this->_data); - // WORKTODO(luke): shifts are awkward because, in the case of polynomials, shifts do not occupy their own - // memory, whereas the other witnesses do. Maybe shifts simply arent needed here. T& z_perm_shift = - // std::get<3>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o }; }; virtual ~WitnessData() = default; }; - // WORKTODO(luke): WiP 'Prover Data' concept which is like the Plonk proving key; i.e. precomputed stuff plus - // storage for all witness polys + // WORKTODO(luke): Proving key now stores all multivariate polynomials used by the prover. Is Pkey still the right + // name? class ProvingKey : public BaseProvingKey, FF> { public: - // Storage for both precomputed polynomials and all witness polynomials (excluding shifts which do not occupy - // their own memory) - WitnessData _witness_data; + WitnessData _witness_data; // WORKTODO: name? - // TODO(luke): I think these will be ok but keep an eye on this. Polynomial& w_l = _witness_data.w_l; Polynomial& w_r = _witness_data.w_r; Polynomial& w_o = _witness_data.w_o; Polynomial& z_perm = _witness_data.z_perm; - // Stuff that would otherwise be inherited from from BaseProvingKey - bool contains_recursive_proof; - std::vector recursive_proof_public_input_indices; - std::shared_ptr crs; - EvaluationDomain evaluation_domain; - ProvingKey() = default; ProvingKey(const size_t circuit_size, const size_t num_public_inputs, std::shared_ptr const& crs, ComposerType composer_type) - : crs(crs) - , evaluation_domain(EvaluationDomain(circuit_size, circuit_size)) { + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + this->circuit_size = circuit_size; this->log_circuit_size = numeric::get_msb(circuit_size); this->num_public_inputs = num_public_inputs; @@ -260,7 +250,7 @@ class Standard { AllData(AllData&& other) : BaseAllData(other){}; - // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? + // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { BaseAllData::operator=(other); @@ -355,7 +345,8 @@ class Ultra { // TODO(luke): sure would be nice if this was computed programtically static constexpr size_t NUM_ALL_ENTITIES = 47; // TODO(luke): what does this need to reflect? e.g. are shifts of precomputed polys counted here? - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 29; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; + static constexpr size_t NUM_WITNESS_ENTITIES = 11; template class PrecomputedData : public BasePrecomputedData { @@ -371,26 +362,20 @@ class Ultra { T& q_elliptic = std::get<8>(this->_data); T& q_aux = std::get<9>(this->_data); T& q_lookup = std::get<10>(this->_data); - // TODO(luke): these are witness polys (just like the wires) but right now they are stored in the proving key - // (unlike the wires which are handles separately and owned by the prover). - T& sorted_1 = std::get<11>(this->_data); - T& sorted_2 = std::get<12>(this->_data); - T& sorted_3 = std::get<13>(this->_data); - T& sorted_4 = std::get<14>(this->_data); - T& sigma_1 = std::get<15>(this->_data); - T& sigma_2 = std::get<16>(this->_data); - T& sigma_3 = std::get<17>(this->_data); - T& sigma_4 = std::get<18>(this->_data); - T& id_1 = std::get<19>(this->_data); - T& id_2 = std::get<20>(this->_data); - T& id_3 = std::get<21>(this->_data); - T& id_4 = std::get<22>(this->_data); - T& table_1 = std::get<23>(this->_data); - T& table_2 = std::get<24>(this->_data); - T& table_3 = std::get<25>(this->_data); - T& table_4 = std::get<26>(this->_data); - T& lagrange_first = std::get<27>(this->_data); - T& lagrange_last = std::get<28>(this->_data); + T& sigma_1 = std::get<11>(this->_data); + T& sigma_2 = std::get<12>(this->_data); + T& sigma_3 = std::get<13>(this->_data); + T& sigma_4 = std::get<14>(this->_data); + T& id_1 = std::get<15>(this->_data); + T& id_2 = std::get<16>(this->_data); + T& id_3 = std::get<17>(this->_data); + T& id_4 = std::get<18>(this->_data); + T& table_1 = std::get<19>(this->_data); + T& table_2 = std::get<20>(this->_data); + T& table_3 = std::get<21>(this->_data); + T& table_4 = std::get<22>(this->_data); + T& lagrange_first = std::get<23>(this->_data); + T& lagrange_last = std::get<24>(this->_data); std::vector get_selectors() { @@ -400,33 +385,75 @@ class Ultra { std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; - std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; virtual ~PrecomputedData() = default; }; + // Container for all witness polys + template class WitnessData : public Data { + public: + T& w_l = std::get<0>(this->_data); + T& w_r = std::get<1>(this->_data); + T& w_o = std::get<2>(this->_data); + T& w_4 = std::get<3>(this->_data); + T& sorted_1 = std::get<4>(this->_data); + T& sorted_2 = std::get<5>(this->_data); + T& sorted_3 = std::get<6>(this->_data); + T& sorted_4 = std::get<7>(this->_data); + T& sorted_accum = std::get<8>(this->_data); + T& z_perm = std::get<9>(this->_data); + T& z_lookup = std::get<10>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; + + virtual ~WitnessData() = default; + }; + class ProvingKey : public BaseProvingKey, FF> { public: + WitnessData _witness_data; + + Polynomial& w_l = _witness_data.w_l; + Polynomial& w_r = _witness_data.w_r; + Polynomial& w_o = _witness_data.w_o; + Polynomial& w_4 = _witness_data.w_4; + Polynomial& sorted_1 = _witness_data.sorted_1; + Polynomial& sorted_2 = _witness_data.sorted_2; + Polynomial& sorted_3 = _witness_data.sorted_3; + Polynomial& sorted_4 = _witness_data.sorted_4; + Polynomial& sorted_accum = _witness_data.sorted_accum; + Polynomial& z_perm = _witness_data.z_perm; + Polynomial& z_lookup = _witness_data.z_lookup; + std::vector memory_read_records; std::vector memory_write_records; + ProvingKey() = default; ProvingKey(const size_t circuit_size, const size_t num_public_inputs, std::shared_ptr const& crs, ComposerType composer_type) { + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + this->circuit_size = circuit_size; this->log_circuit_size = numeric::get_msb(circuit_size); this->num_public_inputs = num_public_inputs; - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); this->composer_type = composer_type; - + // Allocate memory for precomputed polynomials for (auto& poly : this->_data) { - auto new_poly = Polynomial(circuit_size); - poly = new_poly; + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : this->_witness_data._data) { + poly = Polynomial(circuit_size); } }; + + std::vector get_wires() { return _witness_data.get_wires(); }; + std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; }; using VerificationKey = BaseVerificationKey>; @@ -469,8 +496,6 @@ class Ultra { T& sorted_accum = std::get<33>(this->_data); T& z_perm = std::get<34>(this->_data); T& z_lookup = std::get<35>(this->_data); - // TODO(luke): THese are precomputable but are only ever instantiated as spans so do not need to be stored in - // the pkey T& table_1_shift = std::get<36>(this->_data); T& table_2_shift = std::get<37>(this->_data); T& table_3_shift = std::get<38>(this->_data); diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp index 7d3fa5e576..a3939b0a7e 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp @@ -196,7 +196,7 @@ template class stdlib_field : public testing::Test { auto prover = composer.create_prover(); if constexpr (Composer::type == ComposerType::STANDARD_HONK) { - EXPECT_EQ(prover.wire_polynomials[2][20], fr(expected)); + EXPECT_EQ(prover.key->w_r[20], fr(expected)); } else { EXPECT_EQ(prover.key->polynomial_store.get("w_3_lagrange")[18], fr(expected)); } @@ -291,7 +291,7 @@ template class stdlib_field : public testing::Test { auto prover = composer.create_prover(); if constexpr (Composer::type == ComposerType::STANDARD_HONK) { - EXPECT_EQ(prover.wire_polynomials[2][19], fr(4181)); + EXPECT_EQ(prover.key->w_r[19], fr(4181)); } else { EXPECT_EQ(prover.key->polynomial_store.get("w_3_lagrange")[17], fr(4181)); } From d64b9f84362616018459c4d400cdbb9a238d3af3 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 19:05:45 +0000 Subject: [PATCH 061/119] Small WORKTODOs --- .../honk/composer/ultra_honk_composer.test.cpp | 1 - .../honk/proof_system/prover_library.cpp | 13 ++++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp index e2aa8630d8..ab61865322 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.test.cpp @@ -1,4 +1,3 @@ -// WORKTODO #include "ultra_honk_composer.hpp" #include "barretenberg/common/log.hpp" #include "barretenberg/honk/proof_system/ultra_prover.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index d842745474..1fdade361e 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -6,10 +6,6 @@ namespace proof_system::honk::prover_library { -// WORKTODO: extract from flavor. -using FF = barretenberg::fr; -using Polynomial = barretenberg::Polynomial; - /** * @brief Compute the permutation grand product polynomial Z_perm(X) * * @@ -45,6 +41,7 @@ typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptrget_wires(); @@ -190,6 +187,9 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr& sorted_list_polynomials, typename Flavor::FF eta) { + using FF = typename Flavor::FF; + using Polynomial = typename Flavor::Polynomial; + const size_t circuit_size = key->circuit_size; - barretenberg::polynomial sorted_list_accumulator(sorted_list_polynomials[0]); + Polynomial sorted_list_accumulator(sorted_list_polynomials[0]); std::span s_2 = sorted_list_polynomials[1]; std::span s_3 = sorted_list_polynomials[2]; std::span s_4 = sorted_list_polynomials[3]; From 2c83444d3263fcc8610e9c05b707e36e7d8d732a Mon Sep 17 00:00:00 2001 From: ledwards2225 Date: Thu, 27 Apr 2023 19:15:46 +0000 Subject: [PATCH 062/119] fix wrong wire access in field tests --- cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp index a3939b0a7e..0805ece78c 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp @@ -196,7 +196,7 @@ template class stdlib_field : public testing::Test { auto prover = composer.create_prover(); if constexpr (Composer::type == ComposerType::STANDARD_HONK) { - EXPECT_EQ(prover.key->w_r[20], fr(expected)); + EXPECT_EQ(prover.key->w_o[20], fr(expected)); } else { EXPECT_EQ(prover.key->polynomial_store.get("w_3_lagrange")[18], fr(expected)); } @@ -291,7 +291,7 @@ template class stdlib_field : public testing::Test { auto prover = composer.create_prover(); if constexpr (Composer::type == ComposerType::STANDARD_HONK) { - EXPECT_EQ(prover.key->w_r[19], fr(4181)); + EXPECT_EQ(prover.key->w_o[19], fr(4181)); } else { EXPECT_EQ(prover.key->polynomial_store.get("w_3_lagrange")[17], fr(4181)); } From 5c54ee0c40e1c2be458dc0d2c0ee3a530b0513d1 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 19:27:25 +0000 Subject: [PATCH 063/119] WORKTODO: read wires --- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 2b11a587fc..be4a079a5e 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -453,6 +453,9 @@ class Ultra { }; std::vector get_wires() { return _witness_data.get_wires(); }; + // The plookup wires that store plookup read data. + std::array get_plookup_read_wires() { return { w_l, w_r, w_o }; }; + // The sorted concatenations of table and witness data needed for plookup. std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; }; @@ -509,7 +512,6 @@ class Ultra { T& z_lookup_shift = std::get<46>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, @@ -520,7 +522,6 @@ class Ultra { }; }; - std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; std::vector get_shifted() override { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; From 0a6d1a941db51fb55e9776cf75b2419bf81d1e46 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 19:35:48 +0000 Subject: [PATCH 064/119] Small WORKTODOs --- cpp/src/barretenberg/honk/proof_system/prover.cpp | 9 ++------- .../barretenberg/honk/proof_system/prover_library.cpp | 9 +++------ 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index ff8241d369..83a58db25c 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -33,15 +33,12 @@ namespace proof_system::honk { * * @tparam settings Settings class. * */ -// TODO(Cody): both input types are foo& in prototype -// WORKTODO(luke): remove all trace of wire_poly(nomial)s here template Prover::Prover(const std::shared_ptr input_key) : key(input_key) , queue(input_key->circuit_size, transcript) { - // Note(luke): This could be done programmatically with some hacks but this isnt too bad and its nice to see the - // polys laid out explicitly. + prover_polynomials.q_c = key->q_c; prover_polynomials.q_l = key->q_l; prover_polynomials.q_r = key->q_r; @@ -55,7 +52,6 @@ Prover::Prover(const std::shared_ptr input_key) prover_polynomials.id_3 = key->id_3; prover_polynomials.lagrange_first = key->lagrange_first; prover_polynomials.lagrange_last = key->lagrange_last; - // WORKTODO: loose coupling here. Also: unique pointers? prover_polynomials.w_l = key->w_l; prover_polynomials.w_r = key->w_r; prover_polynomials.w_o = key->w_o; @@ -173,8 +169,7 @@ template void Prover::execute_relation_check_rounds() * */ template void Prover::execute_univariatization_round() { - // WORKTODO: make static - const size_t NUM_POLYNOMIALS = prover_polynomials.size(); + const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ FF rho = transcript.get_challenge("rho"); diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 1fdade361e..121058f77f 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -209,12 +209,9 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr column_2_step_size = key->q_m; std::span column_3_step_size = key->q_c; - // WORKTODO: is this a bit ugly? what should we do here - // Utilize three wires even when more are available. - std::array, 3> wires; - for (size_t i = 0; i < 3; ++i) { - wires[i] = key->get_wires()[i]; - } + // We utilize three wires even when more are available. + // TODO(#389): const correctness + std::array, 3> wires = key->get_plookup_read_wires(); // Note: the number of table polys is related to program width but '4' is the only value supported std::array, 4> tables{ From b1e26172203379869d2108a8a1f52858372f1591 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 20:49:25 +0000 Subject: [PATCH 065/119] Prover ~> StandardProver_, simly for Honk --- .../barretenberg/honk/proof_system/prover.cpp | 47 +++++++------------ .../barretenberg/honk/proof_system/prover.hpp | 28 ++++------- .../honk/proof_system/ultra_prover.cpp | 31 ++---------- .../honk/proof_system/ultra_prover.hpp | 39 ++++----------- 4 files changed, 39 insertions(+), 106 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 83a58db25c..f7277ac419 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -1,27 +1,12 @@ #include "prover.hpp" -#include -#include #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/sumcheck/sumcheck.hpp" -#include -#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" // will go away #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/honk/utils/power_polynomial.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" -#include -#include -#include -#include -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/ecc/curves/bn254/g1.hpp" #include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" -#include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" -#include "barretenberg/transcript/transcript_wrappers.hpp" -#include -#include "barretenberg/honk/pcs/claim.hpp" namespace proof_system::honk { @@ -33,8 +18,8 @@ namespace proof_system::honk { * * @tparam settings Settings class. * */ -template -Prover::Prover(const std::shared_ptr input_key) +template +StandardProver_::StandardProver_(const std::shared_ptr input_key) : key(input_key) , queue(input_key->circuit_size, transcript) { @@ -69,7 +54,7 @@ Prover::Prover(const std::shared_ptr input_key) * - Add PI to transcript (I guess PI will stay in w_2 for now?) * * */ -template void Prover::compute_wire_commitments() +template void StandardProver_::compute_wire_commitments() { size_t wire_idx = 0; // ZIPTODO auto wire_polys = key->get_wires(); @@ -83,7 +68,7 @@ template void Prover::compute_wire_commitments() * - Add circuit size, public input size, and public inputs to transcript * * */ -template void Prover::execute_preamble_round() +template void StandardProver_::execute_preamble_round() { const auto circuit_size = static_cast(key->circuit_size); const auto num_public_inputs = static_cast(key->num_public_inputs); @@ -100,7 +85,7 @@ template void Prover::execute_preamble_round() /** * - compute wire commitments * */ -template void Prover::execute_wire_commitments_round() +template void StandardProver_::execute_wire_commitments_round() { compute_wire_commitments(); } @@ -108,7 +93,7 @@ template void Prover::execute_wire_commitments_round() /** * For Standard Honk, this is a non-op (just like for Standard/Turbo Plonk). * */ -template void Prover::execute_tables_round() +template void StandardProver_::execute_tables_round() { // No operations are needed here for Standard Honk } @@ -117,7 +102,7 @@ template void Prover::execute_tables_round() * - Do Fiat-Shamir to get "beta" challenge (Note: gamma = beta^2) * - Compute grand product polynomial (permutation only) and commitment * */ -template void Prover::execute_grand_product_computation_round() +template void StandardProver_::execute_grand_product_computation_round() { // Compute and store parameters required by relations in Sumcheck auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); @@ -146,7 +131,7 @@ template void Prover::execute_grand_product_computatio * - Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all * evaluations at u being calculated. * */ -template void Prover::execute_relation_check_rounds() +template void StandardProver_::execute_relation_check_rounds() { using Sumcheck = sumcheck::Sumcheck, @@ -167,7 +152,7 @@ template void Prover::execute_relation_check_rounds() * - Compute d+1 Fold polynomials and their evaluations. * * */ -template void Prover::execute_univariatization_round() +template void StandardProver_::execute_univariatization_round() { const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; @@ -206,7 +191,7 @@ template void Prover::execute_univariatization_round() * - Compute and aggregate opening pairs (challenge, evaluation) for each of d Fold polynomials. * - Add d-many Fold evaluations a_i, i = 0, ..., d-1 to the transcript, excluding eval of Fold_{r}^(0) * */ -template void Prover::execute_pcs_evaluation_round() +template void StandardProver_::execute_pcs_evaluation_round() { const FF r_challenge = transcript.get_challenge("Gemini:r"); info("r = ", r_challenge); @@ -224,7 +209,7 @@ template void Prover::execute_pcs_evaluation_round() * - Do Fiat-Shamir to get "nu" challenge. * - Compute commitment [Q]_1 * */ -template void Prover::execute_shplonk_batched_quotient_round() +template void StandardProver_::execute_shplonk_batched_quotient_round() { nu_challenge = transcript.get_challenge("Shplonk:nu"); info("nu = ", nu_challenge); @@ -240,7 +225,7 @@ template void Prover::execute_shplonk_batched_quotient * - Do Fiat-Shamir to get "z" challenge. * - Compute polynomial Q(X) - Q_z(X) * */ -template void Prover::execute_shplonk_partial_evaluation_round() +template void StandardProver_::execute_shplonk_partial_evaluation_round() { const FF z_challenge = transcript.get_challenge("Shplonk:z"); info("z = ", z_challenge); @@ -252,19 +237,19 @@ template void Prover::execute_shplonk_partial_evaluati * - Compute KZG quotient commitment [W]_1. * * */ -template void Prover::execute_kzg_round() +template void StandardProver_::execute_kzg_round() { quotient_W = KZG::compute_opening_proof_polynomial(shplonk_output.opening_pair, shplonk_output.witness); queue.add_commitment(quotient_W, "KZG:W"); } -template plonk::proof& Prover::export_proof() +template plonk::proof& StandardProver_::export_proof() { proof.proof_data = transcript.proof_data; return proof; } -template plonk::proof& Prover::construct_proof() +template plonk::proof& StandardProver_::construct_proof() { // Add circuit size and public input size to transcript. execute_preamble_round(); @@ -314,6 +299,6 @@ template plonk::proof& Prover::construct_proof() return export_proof(); } -template class Prover; +template class StandardProver_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 7e1554d4cc..7c86dc370d 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -1,34 +1,23 @@ #pragma once -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/honk/pcs/shplonk/shplonk.hpp" -#include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" -#include "barretenberg/plonk/proof_system/types/program_settings.hpp" #include "barretenberg/honk/pcs/gemini/gemini.hpp" #include "barretenberg/honk/pcs/shplonk/shplonk_single.hpp" #include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/honk/sumcheck/sumcheck.hpp" #include "barretenberg/honk/sumcheck/sumcheck_output.hpp" -#include "barretenberg/honk/pcs/claim.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/proof_system/work_queue.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk { -template class Prover { // WORKTODO: Rename to StandardProver or stop templating +// We won't compile this class with honk::flavor::Ultra, but we will like want to compile it (at least for testing) +// with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. +template concept StandardFlavor = IsAnyOf; + +template class StandardProver_ { using FF = typename Flavor::FF; using PCSParams = typename Flavor::PCSParams; @@ -38,7 +27,7 @@ template class Prover { // WORKTODO: Rename to StandardProver using CommitmentLabels = typename Flavor::CommitmentLabels; public: - explicit Prover(std::shared_ptr input_key = nullptr); + explicit StandardProver_(std::shared_ptr input_key = nullptr); void execute_preamble_round(); void execute_wire_commitments_round(); @@ -96,8 +85,9 @@ template class Prover { // WORKTODO: Rename to StandardProver plonk::proof proof; }; -extern template class Prover; +extern template class StandardProver_; -using StandardProver = Prover; +using StandardProver = StandardProver_; +// using GrumpkinStandardProver = StandardProver_; // e.g. } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp index ef000265ad..5a641d3b56 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.cpp @@ -1,25 +1,4 @@ #include "ultra_prover.hpp" -#include -#include -#include "barretenberg/honk/proof_system/prover_library.hpp" -#include "barretenberg/honk/sumcheck/sumcheck.hpp" -#include -#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" // will go away -#include "barretenberg/honk/utils/power_polynomial.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" -#include -#include -#include -#include -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" -#include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/transcript/transcript_wrappers.hpp" -#include -#include "barretenberg/honk/pcs/claim.hpp" namespace proof_system::honk { @@ -31,23 +10,23 @@ namespace proof_system::honk { * * @tparam settings Settings class. * */ -template -UltraHonkProver::UltraHonkProver(std::shared_ptr input_key) +template +UltraProver_::UltraProver_(std::shared_ptr input_key) : key(input_key) , queue(input_key->circuit_size, transcript) {} -template plonk::proof& UltraHonkProver::export_proof() +template plonk::proof& UltraProver_::export_proof() { proof.proof_data = transcript.proof_data; return proof; } -template plonk::proof& UltraHonkProver::construct_proof() +template plonk::proof& UltraProver_::construct_proof() { return export_proof(); } -template class UltraHonkProver; +template class UltraProver_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index a62f32dbb3..8d96a6724e 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -1,36 +1,15 @@ #pragma once -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/honk/pcs/shplonk/shplonk.hpp" -#include "barretenberg/polynomials/polynomial.hpp" -#include -#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" +#include "barretenberg/honk/proof_system/work_queue.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" -#include "barretenberg/plonk/proof_system/types/program_settings.hpp" -#include "barretenberg/honk/pcs/gemini/gemini.hpp" -#include "barretenberg/honk/pcs/shplonk/shplonk_single.hpp" -#include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/honk/sumcheck/sumcheck.hpp" -#include "barretenberg/honk/sumcheck/sumcheck_output.hpp" -#include -#include -#include -#include -#include -#include -#include -#include -#include "barretenberg/honk/pcs/claim.hpp" -#include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" namespace proof_system::honk { -// TODO(luke): The naming here is awkward. The Standard Honk prover is called "Prover" and aliased as StandardProver. To -// be consistent with that convention outside of the prover class itself, I've called this class UltraHonkProver and use -// the alias UltraProver externally. Resolve. -template class UltraHonkProver { +// We won't compile this class with honk::flavor::Ultra, but we will like want to compile it (at least for testing) +// with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. +template concept UltraFlavor = IsAnyOf; +template class UltraProver_ { using FF = typename Flavor::FF; using PCSParams = typename Flavor::PCSParams; @@ -38,14 +17,14 @@ template class UltraHonkProver { using Polynomial = typename Flavor::Polynomial; public: - UltraHonkProver(std::shared_ptr input_key = nullptr); + UltraProver_(std::shared_ptr input_key = nullptr); plonk::proof& export_proof(); plonk::proof& construct_proof(); ProverTranscript transcript; - std::shared_ptr key; // WORKTODO: rename to proving_key + std::shared_ptr key; work_queue queue; @@ -53,8 +32,8 @@ template class UltraHonkProver { plonk::proof proof; }; -extern template class UltraHonkProver; +extern template class UltraProver_; -using UltraProver = UltraHonkProver; +using UltraProver = UltraProver_; } // namespace proof_system::honk From b8884cad70215d5d943f5302c1fcc6086e3c0eb9 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 20:52:57 +0000 Subject: [PATCH 066/119] Small WORKTODOs --- .../barretenberg/honk/proof_system/prover.hpp | 2 - .../proof_system/flavor/flavor.hpp | 37 ++++++++++--------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 7c86dc370d..b382013cae 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -59,8 +59,6 @@ template class StandardProver_ { ProverPolynomials prover_polynomials; // TODO(Cody): Improve this, or at least make the lables static constexpr? - // WORKTODO: Maybe this doesn't really need to be one of the flavor components? There are commitments not - // corresponding to ProverPolynomials/entities/whatever. CommitmentLabels commitment_labels; // Container for d + 1 Fold polynomials produced by Gemini diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index be4a079a5e..e6a8b498f9 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -286,24 +286,25 @@ class Standard { CommitmentLabels() { - w_l = "W_1"; - w_r = "W_2"; - w_o = "W_3"; - z_perm = "Z_PERM"; - z_perm_shift = "__z_perm_shift"; - q_m = "__q_m"; - q_l = "__q_l"; - q_r = "__q_r"; - q_o = "__q_o"; - q_c = "__q_c"; - sigma_1 = "__sigma_1"; - sigma_2 = "__sigma_2"; - sigma_3 = "__sigma_3"; - id_1 = "__id_1"; - id_2 = "__id_2"; - id_3 = "__id_3"; - lagrange_first = "__lagrange_first"; - lagrange_last = "__lagrange_last"; + constexpr w_l = "W_1"; + constexpr w_r = "W_2"; + constexpr w_o = "W_3"; + const z_perm = "Z_PERM"; + // The ones beginning with "__" are only used for debugging + constexpr z_perm_shift = "__Z_PERM_SHIFT"; + constexpr q_m = "__Q_M"; + constexpr q_l = "__Q_L"; + constexpr q_r = "__Q_R"; + constexpr q_o = "__Q_O"; + constexpr q_c = "__Q_C"; + constexpr sigma_1 = "__SIGMA_1"; + constexpr sigma_2 = "__SIGMA_2"; + constexpr sigma_3 = "__SIGMA_3"; + constexpr id_1 = "__ID_1"; + constexpr id_2 = "__ID_2"; + constexpr id_3 = "__ID_3"; + constexpr lagrange_first = "__LAGRANGE_FIRST"; + constexpr lagrange_last = "__LAGRANGE_LAST"; }; }; From 5f9f19e660652e56ae7027aba664f19fd485361c Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 20:53:28 +0000 Subject: [PATCH 067/119] Delete test due to significant drift over time. --- .../honk/proof_system/verifier.test.cpp | 225 ------------------ 1 file changed, 225 deletions(-) delete mode 100644 cpp/src/barretenberg/honk/proof_system/verifier.test.cpp diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp deleted file mode 100644 index 6443463370..0000000000 --- a/cpp/src/barretenberg/honk/proof_system/verifier.test.cpp +++ /dev/null @@ -1,225 +0,0 @@ -// // WORKTODO -// #include "barretenberg/numeric/bitop/get_msb.hpp" -// #include "barretenberg/plonk/proof_system/constants.hpp" -// #include "barretenberg/polynomials/polynomial.hpp" -// #include "barretenberg/proof_system/flavor/flavor.hpp" -// #include "prover.hpp" -// #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" -// #include "barretenberg/transcript/transcript.hpp" -// #include "verifier.hpp" -// #include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp" -// #include -// #include "barretenberg/srs/reference_string/file_reference_string.hpp" -// #include "barretenberg/polynomials/polynomial_arithmetic.hpp" -// #include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp" -// #include "barretenberg/proof_system/composer/permutation_helper.hpp" -// #include - -// using namespace barretenberg; -// using namespace proof_system::honk; - -// namespace test_honk_verifier { - -// template class VerifierTests : public testing::Test { -// public: -// static StandardVerifier generate_verifier(std::shared_ptr circuit_proving_key) -// { -// std::array poly_coefficients; -// poly_coefficients[0] = circuit_proving_key->polynomial_store.get("q_1_lagrange").get_coefficients(); -// poly_coefficients[1] = circuit_proving_key->polynomial_store.get("q_2_lagrange").get_coefficients(); -// poly_coefficients[2] = circuit_proving_key->polynomial_store.get("q_3_lagrange").get_coefficients(); -// poly_coefficients[3] = circuit_proving_key->polynomial_store.get("q_m_lagrange").get_coefficients(); -// poly_coefficients[4] = circuit_proving_key->polynomial_store.get("q_c_lagrange").get_coefficients(); -// poly_coefficients[5] = circuit_proving_key->polynomial_store.get("sigma_1_lagrange").get_coefficients(); -// poly_coefficients[6] = circuit_proving_key->polynomial_store.get("sigma_2_lagrange").get_coefficients(); -// poly_coefficients[7] = circuit_proving_key->polynomial_store.get("sigma_3_lagrange").get_coefficients(); - -// std::vector commitments; -// scalar_multiplication::pippenger_runtime_state prover(circuit_proving_key->circuit_size); -// commitments.resize(8); - -// for (size_t i = 0; i < 8; ++i) { -// commitments[i] = g1::affine_element( -// scalar_multiplication::pippenger(poly_coefficients[i], -// circuit_proving_key->reference_string->get_monomial_points(), -// circuit_proving_key->circuit_size, -// prover)); -// } - -// auto crs = std::make_shared("../srs_db/ignition"); -// auto circuit_verification_key = -// std::make_shared(circuit_proving_key->circuit_size, -// circuit_proving_key->num_public_inputs, -// crs, -// circuit_proving_key->composer_type); - -// circuit_verification_key->commitments.insert({ "Q_1", commitments[0] }); -// circuit_verification_key->commitments.insert({ "Q_2", commitments[1] }); -// circuit_verification_key->commitments.insert({ "Q_3", commitments[2] }); -// circuit_verification_key->commitments.insert({ "Q_M", commitments[3] }); -// circuit_verification_key->commitments.insert({ "Q_C", commitments[4] }); - -// circuit_verification_key->commitments.insert({ "SIGMA_1", commitments[5] }); -// circuit_verification_key->commitments.insert({ "SIGMA_2", commitments[6] }); -// circuit_verification_key->commitments.insert({ "SIGMA_3", commitments[7] }); - -// StandardVerifier verifier(circuit_verification_key); - -// // std::unique_ptr> kate_commitment_scheme = -// // std::make_unique>(); -// // verifier.commitment_scheme = std::move(kate_commitment_scheme); - -// return verifier; -// } - -// // Note: this example is adapted from a corresponding PlonK verifier test. -// static StandardProver generate_test_data(const size_t n) -// { -// // Create some constraints that satisfy our arithmetic circuit relation -// // even indices = mul gates, odd incides = add gates - -// auto crs = std::make_shared(n + 1, "../srs_db/ignition"); -// std::shared_ptr proving_key = -// std::make_shared(n, 0, crs, ComposerType::STANDARD_HONK); - -// polynomial w_l(n); -// polynomial w_r(n); -// polynomial w_o(n); -// polynomial q_l(n); -// polynomial q_r(n); -// polynomial q_o(n); -// polynomial q_c(n); -// polynomial q_m(n); - -// fr T0; -// for (size_t i = 0; i < n / 4; ++i) { -// w_l.at(2 * i) = fr::random_element(); -// w_r.at(2 * i) = fr::random_element(); -// w_o.at(2 * i) = w_l.at(2 * i) * w_r.at(2 * i); -// w_o[2 * i] = w_o[2 * i] + w_l[2 * i]; -// w_o[2 * i] = w_o[2 * i] + w_r[2 * i]; -// w_o[2 * i] = w_o[2 * i] + fr::one(); -// q_l.at(2 * i) = fr::one(); -// q_r.at(2 * i) = fr::one(); -// q_o.at(2 * i) = fr::neg_one(); -// q_c.at(2 * i) = fr::one(); -// q_m.at(2 * i) = fr::one(); - -// w_l.at(2 * i + 1) = fr::random_element(); -// w_r.at(2 * i + 1) = fr::random_element(); -// w_o.at(2 * i + 1) = fr::random_element(); - -// T0 = w_l.at(2 * i + 1) + w_r.at(2 * i + 1); -// q_c.at(2 * i + 1) = T0 + w_o.at(2 * i + 1); -// q_c.at(2 * i + 1).self_neg(); -// q_l.at(2 * i + 1) = fr::one(); -// q_r.at(2 * i + 1) = fr::one(); -// q_o.at(2 * i + 1) = fr::one(); -// q_m.at(2 * i + 1) = fr::zero(); -// } -// size_t shift = n / 2; -// polynomial_arithmetic::copy_polynomial(&w_l.at(0), &w_l.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&w_r.at(0), &w_r.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&w_o.at(0), &w_o.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&q_m.at(0), &q_m.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&q_l.at(0), &q_l.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&q_r.at(0), &q_r.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&q_o.at(0), &q_o.at(shift), shift, shift); -// polynomial_arithmetic::copy_polynomial(&q_c.at(0), &q_c.at(shift), shift, shift); - -// std::vector sigma_1_mapping; -// std::vector sigma_2_mapping; -// std::vector sigma_3_mapping; -// // create basic permutation - second half of witness vector is a copy of the first half -// sigma_1_mapping.resize(n); -// sigma_2_mapping.resize(n); -// sigma_3_mapping.resize(n); - -// for (size_t i = 0; i < n / 2; ++i) { -// sigma_1_mapping[shift + i] = (uint32_t)i; -// sigma_2_mapping[shift + i] = (uint32_t)i + (1U << 30U); -// sigma_3_mapping[shift + i] = (uint32_t)i + (1U << 31U); -// sigma_1_mapping[i] = (uint32_t)(i + shift); -// sigma_2_mapping[i] = (uint32_t)(i + shift) + (1U << 30U); -// sigma_3_mapping[i] = (uint32_t)(i + shift) + (1U << 31U); -// } -// // make last permutation the same as identity permutation -// // we are setting the permutation in the last 4 gates as identity permutation since -// // we are cutting out 4 roots as of now. -// size_t num_roots_cut_out_of_the_vanishing_polynomial = 4; -// for (uint32_t j = 0; j < num_roots_cut_out_of_the_vanishing_polynomial; ++j) { -// sigma_1_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j; -// sigma_2_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j + (1U << 30U); -// sigma_3_mapping[shift - 1 - j] = (uint32_t)shift - 1 - j + (1U << 31U); -// sigma_1_mapping[n - 1 - j] = (uint32_t)n - 1 - j; -// sigma_2_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 30U); -// sigma_3_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 31U); -// } - -// polynomial sigma_1(proving_key->circuit_size); -// polynomial sigma_2(proving_key->circuit_size); -// polynomial sigma_3(proving_key->circuit_size); - -// // plonk::compute_permutation_lagrange_base_single(sigma_1, sigma_1_mapping, -// // proving_key->small_domain); plonk::compute_permutation_lagrange_base_single(sigma_2, -// // sigma_2_mapping, proving_key->small_domain); -// // plonk::compute_permutation_lagrange_base_single(sigma_3, sigma_3_mapping, -// // proving_key->small_domain); - -// polynomial sigma_1_lagrange_base(sigma_1, proving_key->circuit_size); -// polynomial sigma_2_lagrange_base(sigma_2, proving_key->circuit_size); -// polynomial sigma_3_lagrange_base(sigma_3, proving_key->circuit_size); - -// proving_key->polynomial_store.put("sigma_1_lagrange", std::move(sigma_1_lagrange_base)); -// proving_key->polynomial_store.put("sigma_2_lagrange", std::move(sigma_2_lagrange_base)); -// proving_key->polynomial_store.put("sigma_3_lagrange", std::move(sigma_3_lagrange_base)); - -// compute_standard_honk_id_polynomials(proving_key); -// compute_first_and_last_lagrange_polynomials(proving_key); - -// proving_key->polynomial_store.put("w_1_lagrange", std::move(w_l)); -// proving_key->polynomial_store.put("w_2_lagrange", std::move(w_r)); -// proving_key->polynomial_store.put("w_3_lagrange", std::move(w_o)); - -// proving_key->polynomial_store.put("q_1_lagrange", std::move(q_l)); -// proving_key->polynomial_store.put("q_2_lagrange", std::move(q_r)); -// proving_key->polynomial_store.put("q_3_lagrange", std::move(q_o)); -// proving_key->polynomial_store.put("q_m_lagrange", std::move(q_m)); -// proving_key->polynomial_store.put("q_c_lagrange", std::move(q_c)); - -// // TODO(#223)(Cody): This should be more generic -// std::vector witness_polynomials; -// auto prover = StandardProver(std::move(witness_polynomials), proving_key); - -// std::unique_ptr kate_commitment_key = -// std::make_unique(proving_key->circuit_size, "../srs_db/ignition"); - -// return prover; -// } -// }; - -// using FieldTypes = testing::Types; -// TYPED_TEST_SUITE(VerifierTests, FieldTypes); - -// // This test is modeled after a corresponding test for the Plonk Verifier. As is the case there, this test relies on -// // valid proof construction which makes the scope quite large. Not really a unit test but a nice test nonetheless. -// // TODO(#223)(Luke/Cody): Make this a meaningful test (or remove altogether) -// TYPED_TEST(VerifierTests, VerifyArithmeticProofSmall) -// { -// GTEST_SKIP() << "It's good to have a standalone test, but for now we just rely on composer tests."; -// size_t n = 8; - -// StandardProver prover = TestFixture::generate_test_data(n); - -// StandardVerifier verifier = TestFixture::generate_verifier(prover.key); - -// // construct proof -// plonk::proof proof = prover.construct_proof(); - -// // verify proof -// bool result = verifier.verify_proof(proof); - -// EXPECT_EQ(result, true); -// } - -// } // namespace test_honk_verifier From d1631d0bda1fcf24f19f77a66f58e6ffa01e4242 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:04:13 +0000 Subject: [PATCH 068/119] Fix commitment labels --- .../proof_system/flavor/flavor.hpp | 93 ++++++++++++++----- 1 file changed, 70 insertions(+), 23 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index e6a8b498f9..0518b9dcb6 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -286,25 +286,25 @@ class Standard { CommitmentLabels() { - constexpr w_l = "W_1"; - constexpr w_r = "W_2"; - constexpr w_o = "W_3"; - const z_perm = "Z_PERM"; + w_l = "W_1"; + w_r = "W_2"; + w_o = "W_3"; + z_perm = "Z_PERM"; // The ones beginning with "__" are only used for debugging - constexpr z_perm_shift = "__Z_PERM_SHIFT"; - constexpr q_m = "__Q_M"; - constexpr q_l = "__Q_L"; - constexpr q_r = "__Q_R"; - constexpr q_o = "__Q_O"; - constexpr q_c = "__Q_C"; - constexpr sigma_1 = "__SIGMA_1"; - constexpr sigma_2 = "__SIGMA_2"; - constexpr sigma_3 = "__SIGMA_3"; - constexpr id_1 = "__ID_1"; - constexpr id_2 = "__ID_2"; - constexpr id_3 = "__ID_3"; - constexpr lagrange_first = "__LAGRANGE_FIRST"; - constexpr lagrange_last = "__LAGRANGE_LAST"; + z_perm_shift = "__Z_PERM_SHIFT"; + q_m = "__Q_M"; + q_l = "__Q_L"; + q_r = "__Q_R"; + q_o = "__Q_O"; + q_c = "__Q_C"; + sigma_1 = "__SIGMA_1"; + sigma_2 = "__SIGMA_2"; + sigma_3 = "__SIGMA_3"; + id_1 = "__ID_1"; + id_2 = "__ID_2"; + id_3 = "__ID_3"; + lagrange_first = "__LAGRANGE_FIRST"; + lagrange_last = "__LAGRANGE_LAST"; }; }; @@ -573,11 +573,58 @@ class Ultra { // note: we could consider "enriching" the transcript interface to not use // strings in the future, but I leave it this way for simplicity - // WORKTODO: stick with these names from before? - std::string w_l = "W_1"; - std::string w_r = "W_2"; - std::string w_o = "W_3"; - std::string z_perm = "Z_PERM"; + CommitmentLabels() + { + w_l = "W_L"; + w_r = "W_R"; + w_o = "W_O"; + w_4 = "W_4"; + z_perm = "Z_PERM"; + z_lookup = "Z_LOOKUP"; + + // The ones beginning with "__" are only used for debugging + q_c = "__Q_C"; + q_l = "__Q_L"; + q_r = "__Q_R"; + q_o = "__Q_O"; + q_4 = "__Q_4"; + q_m = "__Q_M"; + q_arith = "__Q_ARITH"; + q_sort = "__Q_SORT"; + q_elliptic = "__Q_ELLIPTIC"; + q_aux = "__Q_AUX"; + q_lookup = "__Q_LOOKUP"; + sigma_1 = "__SIGMA_1"; + sigma_2 = "__SIGMA_2"; + sigma_3 = "__SIGMA_3"; + sigma_4 = "__SIGMA_4"; + id_1 = "__ID_1"; + id_2 = "__ID_2"; + id_3 = "__ID_3"; + id_4 = "__ID_4"; + table_1 = "__TABLE_1"; + table_2 = "__TABLE_2"; + table_3 = "__TABLE_3"; + table_4 = "__TABLE_4"; + lagrange_first = "__LAGRANGE_FIRST"; + lagrange_last = "__LAGRANGE_LAST"; + sorted_1 = "__SORTED_1"; + sorted_2 = "__SORTED_2"; + sorted_3 = "__SORTED_3"; + sorted_4 = "__SORTED_4"; + sorted_accum = "__SORTED_ACCUM"; + table_1_shift = "__TABLE_1_SHIFT"; + table_2_shift = "__TABLE_2_SHIFT"; + table_3_shift = "__TABLE_3_SHIFT"; + table_4_shift = "__TABLE_4_SHIFT"; + w_l_shift = "__W_L_SHIFT"; + w_r_shift = "__W_R_SHIFT"; + w_o_shift = "__W_O_SHIFT"; + w_4_shift = "__W_4_SHIFT"; + sorted_accum_shift = "__SORTED_ACCUM_SHIFT"; + z_perm_shift = "__Z_PERM_SHIFT"; + z_lookup_shift = "__Z_LOOKUP_SHIFT"; + }; }; }; From a768d8f97cf7266188ffaf4821249d0e7f18935f Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:04:32 +0000 Subject: [PATCH 069/119] Clean up test --- .../sumcheck/polynomials/multivariates.test.cpp | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp b/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp index ed92f62d0d..697ca053ac 100644 --- a/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp @@ -13,7 +13,6 @@ namespace test_sumcheck_polynomials { template class MultivariatesTests : public testing::Test {}; using Flavors = testing::Types; -using Transcript = proof_system::honk::ProverTranscript; // worktodo TYPED_TEST_SUITE(MultivariatesTests, Flavors); @@ -47,6 +46,7 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsSpecial) { using Flavor = TypeParam; using FF = typename Flavor::FF; + using Transcript = honk::ProverTranscript; // values here are chosen to check another test const size_t multivariate_d(2); @@ -60,7 +60,7 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsSpecial) std::array f0 = { v00, v10, v01, v11 }; auto full_polynomials = std::array, 1>({ f0 }); - auto transcript = honk::ProverTranscript::init_empty(); + auto transcript = Transcript::init_empty(); auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = { 0x6c7301b49d85a46c, 0x44311531e39c64f6, 0xb13d66d8d6c1a24c, 0x04410c360230a295 }; @@ -84,6 +84,7 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsGeneric) { using Flavor = TypeParam; using FF = typename Flavor::FF; + using Transcript = honk::ProverTranscript; const size_t multivariate_d(2); const size_t multivariate_n(1 << multivariate_d); @@ -96,7 +97,7 @@ TYPED_TEST(MultivariatesTests, FoldTwoRoundsGeneric) std::array f0 = { v00, v10, v01, v11 }; auto full_polynomials = std::array, 1>({ f0 }); - auto transcript = honk::ProverTranscript::init_empty(); + auto transcript = Transcript::init_empty(); auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = FF::random_element(); @@ -140,6 +141,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsSpecial) { using Flavor = TypeParam; using FF = typename Flavor::FF; + using Transcript = honk::ProverTranscript; const size_t multivariate_d(3); const size_t multivariate_n(1 << multivariate_d); @@ -156,7 +158,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsSpecial) std::array f0 = { v000, v100, v010, v110, v001, v101, v011, v111 }; auto full_polynomials = std::array, 1>({ f0 }); - auto transcript = honk::ProverTranscript::init_empty(); + auto transcript = Transcript::init_empty(); auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = 1; @@ -190,6 +192,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGeneric) { using Flavor = TypeParam; using FF = typename Flavor::FF; + using Transcript = honk::ProverTranscript; const size_t multivariate_d(3); const size_t multivariate_n(1 << multivariate_d); @@ -206,7 +209,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGeneric) std::array f0 = { v000, v100, v010, v110, v001, v101, v011, v111 }; auto full_polynomials = std::array, 1>({ f0 }); - auto transcript = honk::ProverTranscript::init_empty(); + auto transcript = Transcript::init_empty(); auto sumcheck = Sumcheck(multivariate_n, transcript); FF round_challenge_0 = FF::random_element(); @@ -240,6 +243,8 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGenericMultiplePolys) { using Flavor = TypeParam; using FF = typename Flavor::FF; + using Transcript = honk::ProverTranscript; + const size_t multivariate_d(3); const size_t multivariate_n(1 << multivariate_d); std::array v000; @@ -266,7 +271,7 @@ TYPED_TEST(MultivariatesTests, FoldThreeRoundsGenericMultiplePolys) std::array f2 = { v000[2], v100[2], v010[2], v110[2], v001[2], v101[2], v011[2], v111[2] }; auto full_polynomials = std::array, 3>{ f0, f1, f2 }; - auto transcript = honk::ProverTranscript::init_empty(); + auto transcript = Transcript::init_empty(); auto sumcheck = Sumcheck(multivariate_n, transcript); std::array expected_q1; From ecb272fb18d423108796fe4d3ea3de3bf6c5f8c2 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:11:42 +0000 Subject: [PATCH 070/119] Make MAX_RELATION_LENGTH issue. --- .../honk/sumcheck/relations/relation_consistency.test.cpp | 4 +--- .../sumcheck/relations/ultra_relation_consistency.test.cpp | 2 +- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index 274e93b184..8ca3086bbd 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -34,9 +34,7 @@ class StandardRelationConsistency : public testing::Test { using Flavor = honk::flavor::Standard; using FF = typename Flavor::FF; using PurportedEvaluations = typename Flavor::PurportedEvaluations; - // template using Univariate = Univariate; - // template using UnivariateView = UnivariateView; - // WORKTODO: Move MAX_RELATION_LENGTH into Flavor and simplicy this code + // TODO(#390): Move MAX_RELATION_LENGTH into Flavor and simplify this. template using ExtendedEdges = typename Flavor::template ExtendedEdges; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index e08c22a40d..2896547228 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -35,7 +35,7 @@ class UltraRelationConsistency : public testing::Test { using FF = typename Flavor::FF; using PurportedEvaluations = typename Flavor::PurportedEvaluations; - // WORKTODO: Move MAX_RELATION_LENGTH into Flavor and simplicy this code + // TODO(#390): Move MAX_RELATION_LENGTH into Flavor and simplify this. template using ExtendedEdges = typename Flavor::template ExtendedEdges; // TODO(#225)(Adrian): Accept FULL_RELATION_LENGTH as a template parameter for this function only, so that the test diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 0518b9dcb6..a327567547 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -16,7 +16,6 @@ #include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" -#include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" // WORKTODO: Names of these classes From 0684049a114167984d1aabcc4887b84de8cc9ad9 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:15:34 +0000 Subject: [PATCH 071/119] Reference zip issue --- .../barretenberg/honk/proof_system/composer_helper.lib.hpp | 2 +- cpp/src/barretenberg/honk/proof_system/prover.cpp | 4 ++-- .../honk/sumcheck/relations/relation_consistency.test.cpp | 2 +- cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp | 2 +- .../proof_system/composer/composer_helper_lib.hpp | 4 ++-- .../barretenberg/proof_system/composer/permutation_helper.hpp | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index be59231b22..8d7706e73f 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -20,7 +20,7 @@ std::shared_ptr compute_verification_key_commo // WORKTODO: ^^^^^^^^^^ resolvable now? auto commitment_key = honk::pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); - size_t poly_idx = 0; // ZIPTODO + size_t poly_idx = 0; // TODO(#391) zip for (auto& polynomial : proving_key) { verification_key[poly_idx] = commitment_key.commit(polynomial); polynomial_idx++; diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index f7277ac419..a89d202a9e 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -56,7 +56,7 @@ StandardProver_::StandardProver_(const std::shared_ptr input * */ template void StandardProver_::compute_wire_commitments() { - size_t wire_idx = 0; // ZIPTODO + size_t wire_idx = 0; // TODO(#391) zip auto wire_polys = key->get_wires(); for (auto& label : commitment_labels.get_wires()) { queue.add_commitment(wire_polys[wire_idx], label); @@ -163,7 +163,7 @@ template void StandardProver_::execute_univariat // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ Polynomial batched_poly_unshifted(key->circuit_size); // batched unshifted polynomials - size_t poly_idx = 0; // ZIPTODO + size_t poly_idx = 0; // TODO(#391) zip for (auto& unshifted_poly : prover_polynomials.get_unshifted()) { batched_poly_unshifted.add_scaled(unshifted_poly, rhos[poly_idx]); poly_idx++; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index 8ca3086bbd..c4d41a5fc3 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -86,7 +86,7 @@ class StandardRelationConsistency : public testing::Test { { ASSERT(i < univariate_length); std::array result; - size_t result_idx = 0; // WORKTODO + size_t result_idx = 0; // TODO(#391) zip for (auto& univariate : univariates) { result[result_idx] = univariate.value_at(i); result_idx++; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index cd76e96462..e9fd0e027b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -151,7 +151,7 @@ template class... R */ void extend_edges(auto& multivariates, size_t edge_idx) // WORKTODO: auto can now be ProverPolynomials? { - size_t univariate_idx = 0; // ZIPTODO + size_t univariate_idx = 0; // TODO(#391) zip for (auto& poly : multivariates) { auto edge = Univariate({ poly[edge_idx], poly[edge_idx + 1] }); extended_edges[univariate_idx] = barycentric_2_to_max.extend(edge); diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index 8650861bf3..1c4ebde2e4 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -50,7 +50,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c { const size_t num_public_inputs = circuit_constructor.public_inputs.size(); // TODO(Cody): Loose coupling here! Would rather build up pk from arithmetizaiton - size_t selector_idx = 0; // ZIPTODO + size_t selector_idx = 0; // TODO(#391) zip for (auto& selector_values : circuit_constructor.selectors) { ASSERT(proving_key->circuit_size >= selector_values.size()); @@ -135,7 +135,7 @@ std::vector construct_wire_polynomials_base( std::vector wire_polynomials; // Note: randomness is added to 3 of the last 4 positions in plonk/proof_system/prover/prover.cpp // StandardProverBase::execute_preamble_round(). - size_t wire_idx = 0; // ZIPTODO + size_t wire_idx = 0; // TODO(#391) zip for (auto& wire : circuit_constructor.wires) { // Initialize the polynomial with all the actual copies variable values // Expect all values to be set to 0 initially diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 3875672bb9..cf056c5301 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -410,7 +410,7 @@ void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): provi { // Fill id polynomials with default values // TODO(Cody): Allocate polynomial space in proving key constructor. - size_t coset_idx = 0; // ZIPTODO + size_t coset_idx = 0; // TODO(#391) zip for (auto& id_poly : proving_key->get_id_polynomials()) { for (size_t i = 0; i < proving_key->circuit_size; ++i) { id_poly[i] = coset_idx * proving_key->circuit_size + i; From 916a225731d177d034f3f142934bea2c83697096 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:16:29 +0000 Subject: [PATCH 072/119] Another opportunity to zip --- .../honk/sumcheck/relations/ultra_relation_consistency.test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index 2896547228..568e1f8dd4 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -84,7 +84,7 @@ class UltraRelationConsistency : public testing::Test { { ASSERT(i < univariate_length); std::array result; - size_t result_idx = 0; // WORKTODO + size_t result_idx = 0; // TODO(#391) zip for (auto& univariate : univariates) { result[result_idx] = univariate.value_at(i); result_idx++; From d1973270c0ede578922fea2cbd8dc4aed8b2d96c Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:20:18 +0000 Subject: [PATCH 073/119] Remove unused template argument. --- .../honk/proof_system/composer_helper.lib.hpp | 2 +- .../barretenberg/honk/proof_system/prover.cpp | 4 ++-- cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp | 2 +- .../honk/sumcheck/sumcheck_round.hpp | 6 ++++-- .../honk/sumcheck/sumcheck_round.test.cpp | 16 ++++++---------- .../composer/composer_helper_lib.hpp | 4 ++-- .../proof_system/composer/permutation_helper.hpp | 2 +- 7 files changed, 17 insertions(+), 19 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index 8d7706e73f..be59231b22 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -20,7 +20,7 @@ std::shared_ptr compute_verification_key_commo // WORKTODO: ^^^^^^^^^^ resolvable now? auto commitment_key = honk::pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); - size_t poly_idx = 0; // TODO(#391) zip + size_t poly_idx = 0; // ZIPTODO for (auto& polynomial : proving_key) { verification_key[poly_idx] = commitment_key.commit(polynomial); polynomial_idx++; diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index a89d202a9e..f7277ac419 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -56,7 +56,7 @@ StandardProver_::StandardProver_(const std::shared_ptr input * */ template void StandardProver_::compute_wire_commitments() { - size_t wire_idx = 0; // TODO(#391) zip + size_t wire_idx = 0; // ZIPTODO auto wire_polys = key->get_wires(); for (auto& label : commitment_labels.get_wires()) { queue.add_commitment(wire_polys[wire_idx], label); @@ -163,7 +163,7 @@ template void StandardProver_::execute_univariat // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ Polynomial batched_poly_unshifted(key->circuit_size); // batched unshifted polynomials - size_t poly_idx = 0; // TODO(#391) zip + size_t poly_idx = 0; // ZIPTODO for (auto& unshifted_poly : prover_polynomials.get_unshifted()) { batched_poly_unshifted.add_scaled(unshifted_poly, rhos[poly_idx]); poly_idx++; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index cb41bb352a..b5afa4d3ae 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -31,7 +31,7 @@ template class... Relations Transcript& transcript; const size_t multivariate_n; const size_t multivariate_d; - SumcheckRound round; // WORKTODO: NUM is in flavor?? + SumcheckRound round; /** * diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index e9fd0e027b..8f525be9db 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -49,9 +49,11 @@ namespace proof_system::honk::sumcheck { Note: This class uses recursive function calls with template parameters. This is a common trick that is used to force the compiler to unroll loops. The idea is that a function that is only called once will always be inlined, and since template functions always create different functions, this is guaranteed. + + @todo TODO(#390): Template only on Flavor? Is it useful to have these decoupled? */ -template class... Relations> class SumcheckRound { +template class... Relations> class SumcheckRound { public: using FF = typename Flavor::FF; @@ -151,7 +153,7 @@ template class... R */ void extend_edges(auto& multivariates, size_t edge_idx) // WORKTODO: auto can now be ProverPolynomials? { - size_t univariate_idx = 0; // TODO(#391) zip + size_t univariate_idx = 0; // ZIPTODO for (auto& poly : multivariates) { auto edge = Univariate({ poly[edge_idx], poly[edge_idx + 1] }); extended_edges[univariate_idx] = barycentric_2_to_max.extend(edge); diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp index c3d8dbf984..0964a01987 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp @@ -82,11 +82,9 @@ static Univariate compute_round_univariate( auto relations = std::tuple( ArithmeticRelation(), GrandProductComputationRelation(), GrandProductInitializationRelation()); // Improvement(Cody): This is ugly? Maye supply some/all of this data through "flavor" class? - auto round = SumcheckRound(round_size, relations); + auto round = + SumcheckRound( + round_size, relations); auto w_l = input_polynomials[0]; auto w_r = input_polynomials[1]; auto w_o = input_polynomials[2]; @@ -209,11 +207,9 @@ static FF compute_full_purported_value(std::array& input_va purported_evaluations.lagrange_last = input_values[17]; auto relations = std::tuple( ArithmeticRelation(), GrandProductComputationRelation(), GrandProductInitializationRelation()); - auto round = SumcheckRound(relations); + auto round = + SumcheckRound( + relations); PowUnivariate pow_univariate(1); FF full_purported_value = round.compute_full_honk_relation_purported_value( purported_evaluations, relation_parameters, pow_univariate, alpha); diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index 1c4ebde2e4..8650861bf3 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -50,7 +50,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c { const size_t num_public_inputs = circuit_constructor.public_inputs.size(); // TODO(Cody): Loose coupling here! Would rather build up pk from arithmetizaiton - size_t selector_idx = 0; // TODO(#391) zip + size_t selector_idx = 0; // ZIPTODO for (auto& selector_values : circuit_constructor.selectors) { ASSERT(proving_key->circuit_size >= selector_values.size()); @@ -135,7 +135,7 @@ std::vector construct_wire_polynomials_base( std::vector wire_polynomials; // Note: randomness is added to 3 of the last 4 positions in plonk/proof_system/prover/prover.cpp // StandardProverBase::execute_preamble_round(). - size_t wire_idx = 0; // TODO(#391) zip + size_t wire_idx = 0; // ZIPTODO for (auto& wire : circuit_constructor.wires) { // Initialize the polynomial with all the actual copies variable values // Expect all values to be set to 0 initially diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index cf056c5301..3875672bb9 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -410,7 +410,7 @@ void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): provi { // Fill id polynomials with default values // TODO(Cody): Allocate polynomial space in proving key constructor. - size_t coset_idx = 0; // TODO(#391) zip + size_t coset_idx = 0; // ZIPTODO for (auto& id_poly : proving_key->get_id_polynomials()) { for (size_t i = 0; i < proving_key->circuit_size; ++i) { id_poly[i] = coset_idx * proving_key->circuit_size + i; From 59ceaf7d11ab186a64c73dd1eee6cb8897ea041a Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:22:36 +0000 Subject: [PATCH 074/119] Update comment. --- cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index 8f525be9db..4b36c5aa67 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -149,9 +149,10 @@ template class... Relations> class SumcheckRo * entry of relation_evals. * * @details Should only be called externally with relation_idx equal to 0. + * In practice, multivariates is one of ProverPolynomials or FoldedPolynomials. * */ - void extend_edges(auto& multivariates, size_t edge_idx) // WORKTODO: auto can now be ProverPolynomials? + void extend_edges(auto& multivariates, size_t edge_idx) { size_t univariate_idx = 0; // ZIPTODO for (auto& poly : multivariates) { From dffbefd8c7d4d621d41f678e9cf6c1602418a72e Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:39:06 +0000 Subject: [PATCH 075/119] Ranged `for` loop and note. --- .../honk/composer/standard_honk_composer.test.cpp | 2 +- .../honk/proof_system/composer_helper.lib.hpp | 2 +- cpp/src/barretenberg/honk/proof_system/prover.cpp | 6 +++--- cpp/src/barretenberg/honk/proof_system/verifier.cpp | 6 +++--- .../sumcheck/relations/relation_consistency.test.cpp | 2 +- .../sumcheck/relations/relation_correctness.test.cpp | 4 ++-- .../relations/ultra_relation_consistency.test.cpp | 2 +- cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp | 12 ++++++------ .../barretenberg/honk/sumcheck/sumcheck_round.hpp | 2 +- cpp/src/barretenberg/honk/transcript/transcript.hpp | 1 - .../circuit_constructor_base.hpp | 2 +- .../proof_system/composer/composer_helper_lib.hpp | 6 +++--- .../proof_system/composer/permutation_helper.hpp | 2 +- .../barretenberg/proof_system/flavor/flavor.test.cpp | 10 +++++----- 14 files changed, 29 insertions(+), 30 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 8fef4f22a2..75e3ca98f8 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -60,7 +60,7 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) right *= (gamma + (n + i)); } } - wire_idx++; + ++wire_idx; } EXPECT_EQ(left, right); diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index be59231b22..69276c86bb 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -23,7 +23,7 @@ std::shared_ptr compute_verification_key_commo size_t poly_idx = 0; // ZIPTODO for (auto& polynomial : proving_key) { verification_key[poly_idx] = commitment_key.commit(polynomial); - polynomial_idx++; + ++polynomial_idx; } return verification_key; diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index f7277ac419..69b1986eee 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -60,7 +60,7 @@ template void StandardProver_::compute_wire_comm auto wire_polys = key->get_wires(); for (auto& label : commitment_labels.get_wires()) { queue.add_commitment(wire_polys[wire_idx], label); - wire_idx++; + ++wire_idx; } } @@ -166,13 +166,13 @@ template void StandardProver_::execute_univariat size_t poly_idx = 0; // ZIPTODO for (auto& unshifted_poly : prover_polynomials.get_unshifted()) { batched_poly_unshifted.add_scaled(unshifted_poly, rhos[poly_idx]); - poly_idx++; + ++poly_idx; } Polynomial batched_poly_to_be_shifted(key->circuit_size); // batched to-be-shifted polynomials for (auto& to_be_shifted_poly : prover_polynomials.get_to_be_shifted()) { batched_poly_to_be_shifted.add_scaled(to_be_shifted_poly, rhos[poly_idx]); - poly_idx++; + ++poly_idx; }; // Compute d-1 polynomials Fold^(i), i = 1, ..., d-1. diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 3e239fd83b..3eda4e013d 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -164,20 +164,20 @@ bool Verifier::verify_proof(const plonk::proof& proof) size_t evaluation_idx = 0; for (auto& value : purported_evaluations.get_unshifted_then_shifted()) { batched_evaluation += value * rhos[evaluation_idx]; - evaluation_idx++; + ++evaluation_idx; } // Construct batched commitment for NON-shifted polynomials size_t commitment_idx = 0; for (auto& commitment : commitments.get_unshifted()) { batched_commitment_unshifted += commitment * rhos[commitment_idx]; - commitment_idx++; + ++commitment_idx; } // Construct batched commitment for to-be-shifted polynomials for (auto& commitment : commitments.get_to_be_shifted()) { batched_commitment_to_be_shifted += commitment * rhos[commitment_idx]; - commitment_idx++; + ++commitment_idx; } // Produce a Gemini claim consisting of: diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index c4d41a5fc3..655c8c1de8 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -89,7 +89,7 @@ class StandardRelationConsistency : public testing::Test { size_t result_idx = 0; // TODO(#391) zip for (auto& univariate : univariates) { result[result_idx] = univariate.value_at(i); - result_idx++; + ++result_idx; } return result; }; diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index ec55efa778..f9c4f81c6e 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -115,7 +115,7 @@ TEST(RelationCorrectness, StandardRelationCorrectness) size_t poly_idx = 0; for (auto& polynomial : prover_polynomials) { evaluations_at_index_i[poly_idx] = polynomial[i]; - poly_idx++; + ++poly_idx; } // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the @@ -307,7 +307,7 @@ TEST(RelationCorrectness, UltraRelationCorrectness) size_t poly_idx = 0; for (auto& polynomial : prover_polynomials) { evaluations_at_index_i[poly_idx] = polynomial[i]; - poly_idx++; + ++poly_idx; } info("i = ", i); diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index 568e1f8dd4..c35be90b01 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -87,7 +87,7 @@ class UltraRelationConsistency : public testing::Test { size_t result_idx = 0; // TODO(#391) zip for (auto& univariate : univariates) { result[result_idx] = univariate.value_at(i); - result_idx++; + ++result_idx; } return result; }; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index b5afa4d3ae..53c416746b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -128,13 +128,13 @@ template class... Relations } // Final round: Extract multivariate evaluations from folded_polynomials and add to transcript - // WORKTODO: improve loop. - std::array multivariate_evaluations; - for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) { - multivariate_evaluations[i] = folded_polynomials[i][0]; - // info(multivariate_evaluations[i], "<-- in sumcheck prover"); + PurportedEvaluations multivariate_evaluations; + size_t evaluation_idx = 0; + for (auto& polynomial : folded_polynomials) { // TODO(#391) zip + multivariate_evaluations[evaluation_idx] = polynomial[0]; + ++evaluation_idx; } - transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); + transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations._data); return { multivariate_challenge, multivariate_evaluations }; }; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index 4b36c5aa67..9f97114d8a 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -158,7 +158,7 @@ template class... Relations> class SumcheckRo for (auto& poly : multivariates) { auto edge = Univariate({ poly[edge_idx], poly[edge_idx + 1] }); extended_edges[univariate_idx] = barycentric_2_to_max.extend(edge); - univariate_idx++; + ++univariate_idx; } } diff --git a/cpp/src/barretenberg/honk/transcript/transcript.hpp b/cpp/src/barretenberg/honk/transcript/transcript.hpp index 2542460824..fec507a642 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.hpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.hpp @@ -267,7 +267,6 @@ template class VerifierTranscript : public BaseTranscript { T element = from_buffer(element_bytes); - // info(label, ": ", element); return element; } }; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index c5ec77b45a..363b4bcad1 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -19,7 +19,7 @@ template class CircuitConstructorBase { // TODO(Cody): selector names are used by composer helper. They can therefore be specified through the proving // system flavor. Getting rid of this also lets us get rid of the weird constructor that's uses the selector names // functions - std::vector selector_names_; // WORKTODO: needed? + std::vector selector_names_; // TODO(Cody): These are plonk-only and could go in the plonk flavor. size_t num_gates = 0; std::array, num_wires> wires; diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index 8650861bf3..bde9b2e4f2 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -66,7 +66,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c proving_key->polynomial_store.put(circuit_constructor.selector_names_[selector_idx] + "_lagrange", std::move(selector_poly_lagrange)); } - selector_idx++; + ++selector_idx; } } @@ -89,7 +89,7 @@ void enforce_nonzero_selector_polynomials(const typename Flavor::CircuitConstruc size_t idx = 1; for (auto selector : proving_key->get_selectors()) { selector[selector.size() - 1] = idx; - idx++; + ++idx; } } else if constexpr (IsPlonkFlavor) { for (size_t idx = 0; idx < circuit_constructor.num_selectors; ++idx) { @@ -147,7 +147,7 @@ std::vector construct_wire_polynomials_base( for (size_t i = 0; i < num_public_inputs; ++i) { w_lagrange[i] = circuit_constructor.get_variable(public_inputs[i]); } - wire_idx++; + ++wire_idx; } // Assign the variable values (which are pointed-to by the `w_` wire_polynomials) to the wire witness diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 3875672bb9..ca03e1f67d 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -415,7 +415,7 @@ void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): provi for (size_t i = 0; i < proving_key->circuit_size; ++i) { id_poly[i] = coset_idx * proving_key->circuit_size + i; } - coset_idx++; + ++coset_idx; } } diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index a46c3fcb97..2420afdf69 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -17,7 +17,7 @@ TEST(Flavor, Standard) ProvingKey proving_key = []() { auto crs_factory = ReferenceStringFactory(); auto crs = crs_factory.get_prover_crs(4); - return Flavor::ProvingKey(/*circuit_size=*/4, /*num_inputs=*/0, crs, ComposerType::STANDARD); + return Flavor::ProvingKey(/*circuit_size=*/4, /*num_public_inputs=*/0, crs, ComposerType::STANDARD); }(); size_t coset_idx = 0; @@ -26,7 +26,7 @@ TEST(Flavor, Standard) for (size_t i = 0; i < proving_key.circuit_size; ++i) { id_poly[i] = coset_idx * proving_key.circuit_size + i; } - coset_idx++; + ++coset_idx; } Flavor::VerificationKey verification_key; @@ -43,7 +43,7 @@ TEST(Flavor, Standard) auto get_test_polynomial = [](size_t& idx) { Flavor::Polynomial poly(4); for (size_t i = 0; i < 4; i++) { - poly[i] = idx++; + poly[i] = ++idx; }; return poly; }; @@ -93,7 +93,7 @@ TEST(Flavor, Standard) EXPECT_EQ(poly[1], 4 * idx + 1); EXPECT_EQ(poly[2], 4 * idx + 2); EXPECT_EQ(poly[3], 4 * idx + 3); - idx++; + ++idx; }; idx = 4; // z_perm_shift is shifted @@ -102,7 +102,7 @@ TEST(Flavor, Standard) EXPECT_EQ(poly[1], 4 * idx + 1); EXPECT_EQ(poly[2], 4 * idx + 2); EXPECT_EQ(poly[3], 4 * idx + 3); - idx++; + ++idx; }; } From ac0414d2b1c251e420948366756eacb9048aa91b Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 27 Apr 2023 21:49:07 +0000 Subject: [PATCH 076/119] Clarify complicated loop. --- .../composer/permutation_helper.hpp | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index ca03e1f67d..726651c723 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -102,18 +102,19 @@ std::vector compute_wire_copy_cycles(const typename Flavor::C } // Iterate over all variables of the "real" gates, and add a corresponding node to the cycle for that variable - // WORKTODO: ranged for loop - for (size_t i = 0; i < num_gates; ++i) { - for (size_t j = 0; j < Flavor::num_wires; ++j) { + for (size_t gate_idx = 0; gate_idx < num_gates; ++gate_idx) { + size_t wire_idx = 0; + for (auto& wire : circuit_constructor.wires) { // We are looking at the j-th wire in the i-th row. // The value in this position should be equal to the value of the element at index `var_index` // of the `constructor.variables` vector. // Therefore, we add (i,j) to the cycle at index `var_index` to indicate that w^j_i should have the values // constructor.variables[var_index]. - const uint32_t var_index = circuit_constructor.real_variable_index[circuit_constructor.wires[j][i]]; - const auto wire_index = static_cast(j); - const auto gate_index = static_cast(i + num_public_inputs); - copy_cycles[var_index].emplace_back(cycle_node{ wire_index, gate_index }); + const uint32_t var_index = circuit_constructor.real_variable_index[wire[gate_idx]]; + const auto wire_index = static_cast(wire_idx); + const auto shifted_gate_idx = static_cast(gate_idx + num_public_inputs); + copy_cycles[var_index].emplace_back(cycle_node{ wire_index, shifted_gate_idx }); + ++wire_idx; } } return copy_cycles; @@ -142,7 +143,7 @@ PermutationMapping compute_permutation_mapping( PermutationMapping mapping; // Initialize the table of permutations so that every element points to itself - // WORKTODO: ranged for loops depending on `generalized`? + // TODO(Cody): Loose coupling here for (size_t i = 0; i < Flavor::num_wires; ++i) { mapping.sigmas[i].reserve(proving_key->circuit_size); if constexpr (generalized) { From ffdffef362f5586dd9e8d88a27c2d60c2166e1fd Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 02:03:49 +0000 Subject: [PATCH 077/119] Note on ComposerType --- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a327567547..b2145a78f3 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -49,7 +49,7 @@ class BasePrecomputedData : public Data { size_t circuit_size; size_t log_circuit_size; size_t num_public_inputs; - ComposerType composer_type; // WORKTODO: Get rid of this + ComposerType composer_type; // TODO(#392) // virtual ~BasePrecomputedData() = default; From f881a128c30a2b7971ef8a711b63b1a05ae9ec68 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 02:07:58 +0000 Subject: [PATCH 078/119] Add note on ComposerType --- cpp/src/barretenberg/proof_system/types/composer_type.hpp | 2 +- cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/types/composer_type.hpp b/cpp/src/barretenberg/proof_system/types/composer_type.hpp index 295967e136..bc744f976f 100644 --- a/cpp/src/barretenberg/proof_system/types/composer_type.hpp +++ b/cpp/src/barretenberg/proof_system/types/composer_type.hpp @@ -1,6 +1,6 @@ #pragma once namespace proof_system { -// TODO(Cody) Get rid of this. +// TODO(#392) This enum has been overloaded. Perhaps its different responsibilities have been split up. enum ComposerType { STANDARD, TURBO, PLOOKUP, STANDARD_HONK }; } // namespace proof_system \ No newline at end of file diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp index 0805ece78c..eea4c675c4 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp @@ -1,4 +1,5 @@ #include "../bool/bool.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" #include "field.hpp" #include "array.hpp" #include "barretenberg/plonk/proof_system/constants.hpp" @@ -195,6 +196,7 @@ template class stdlib_field : public testing::Test { uint64_t expected = fidget(composer); auto prover = composer.create_prover(); + // TODO(Cody): This is a hack and the test should be rewritten. if constexpr (Composer::type == ComposerType::STANDARD_HONK) { EXPECT_EQ(prover.key->w_o[20], fr(expected)); } else { From fb3b0db4b2cbc3cf49ab2bf3b30a7886e4933203 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 02:12:24 +0000 Subject: [PATCH 079/119] Fix the dirty hack. --- .../barretenberg/honk/proof_system/composer_helper.lib.hpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index 69276c86bb..7acaef12f4 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -16,9 +16,8 @@ std::shared_ptr compute_verification_key_commo { auto verification_key = std::make_shared( proving_key->circuit_size, proving_key->num_public_inputs, vrs, proving_key->composer_type); - // TODO(kesha): Dirty hack for now. Need to actually make commitment-agnositc - // WORKTODO: ^^^^^^^^^^ resolvable now? - auto commitment_key = honk::pcs::kzg::CommitmentKey(proving_key->circuit_size, "../srs_db/ignition"); + + auto commitment_key = typename Flavor::PCSParams::CK(proving_key->circuit_size, "../srs_db/ignition"); size_t poly_idx = 0; // ZIPTODO for (auto& polynomial : proving_key) { From 3c17edd6be9ffa19b4c9c0276af04cf2c1b7d8bf Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 02:41:40 +0000 Subject: [PATCH 080/119] Generalize verifier, nix unused template param --- .../ultra_honk_composer_helper.cpp | 9 ---- .../honk/proof_system/program_settings.hpp | 22 --------- .../honk/proof_system/verifier.cpp | 47 ++++++------------ .../honk/proof_system/verifier.hpp | 43 +++++++--------- .../relations/relation_correctness.test.cpp | 49 ++++++++----------- 5 files changed, 56 insertions(+), 114 deletions(-) delete mode 100644 cpp/src/barretenberg/honk/proof_system/program_settings.hpp diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index f927f18f67..7449b5feb7 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -1,17 +1,8 @@ #include "ultra_honk_composer_helper.hpp" #include "barretenberg/honk/proof_system/ultra_prover.hpp" -#include "barretenberg/plonk/proof_system/types/program_settings.hpp" -#include "barretenberg/plonk/proof_system/types/prover_settings.hpp" -// #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/permutation_helper.hpp" -#include "barretenberg/plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp" - -#include -#include -#include -#include namespace proof_system::honk { diff --git a/cpp/src/barretenberg/honk/proof_system/program_settings.hpp b/cpp/src/barretenberg/honk/proof_system/program_settings.hpp deleted file mode 100644 index 84c4cf7972..0000000000 --- a/cpp/src/barretenberg/honk/proof_system/program_settings.hpp +++ /dev/null @@ -1,22 +0,0 @@ -#pragma once - -#include - -#include "../../transcript/transcript_wrappers.hpp" -#include "../../plonk/proof_system/types/prover_settings.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" - -namespace proof_system::honk { - -// TODO(#221)(Luke/Cody): Shouldn't subclass plonk settings here. Also, define standard_settings for Honk prover. -class standard_verifier_settings : public plonk::standard_settings { - public: - using fr = barretenberg::fr; - using Transcript = transcript::StandardTranscript; - static constexpr size_t num_challenge_bytes = 16; - static constexpr transcript::HashType hash_type = transcript::HashType::PedersenBlake3s; - static constexpr size_t num_wires = proof_system::honk::flavor::Standard::num_wires; - static constexpr size_t num_polys = proof_system::honk::flavor::Standard::NUM_ALL_ENTITIES; -}; - -} // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 3eda4e013d..831128c6a1 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -1,46 +1,32 @@ -#include -#include "barretenberg/common/throw_or_abort.hpp" -#include -#include -#include "barretenberg/honk/transcript/transcript.hpp" #include "./verifier.hpp" -#include "barretenberg/plonk/proof_system/public_inputs/public_inputs.hpp" -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" -#include "barretenberg/honk/pcs/gemini/gemini.hpp" -#include "barretenberg/honk/pcs/kzg/kzg.hpp" +#include "barretenberg/honk/transcript/transcript.hpp" +// #include "barretenberg/honk/pcs/commitment_key.hpp" +// #include "barretenberg/honk/pcs/gemini/gemini.hpp" +// #include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" -#include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp" -#include "barretenberg/ecc/curves/bn254/fq12.hpp" -#include "barretenberg/ecc/curves/bn254/pairing.hpp" #include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp" -#include "barretenberg/polynomials/polynomial_arithmetic.hpp" -#include "barretenberg/proof_system/composer/permutation_helper.hpp" -#include -#include -#include #include "barretenberg/honk/utils/power_polynomial.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" using namespace barretenberg; using namespace proof_system::honk::sumcheck; namespace proof_system::honk { -template // WORKTODO: merge these settings? -Verifier::Verifier(std::shared_ptr verifier_key) +template +StandardVerifier_::StandardVerifier_(std::shared_ptr verifier_key) : key(verifier_key) {} -template -Verifier::Verifier(Verifier&& other) +template +StandardVerifier_::StandardVerifier_(StandardVerifier_&& other) : key(other.key) , kate_verification_key(std::move(other.kate_verification_key)) {} -template -Verifier& Verifier::operator=(Verifier&& other) +template StandardVerifier_& StandardVerifier_::operator=(StandardVerifier_&& other) { key = other.key; kate_verification_key = (std::move(other.kate_verification_key)); @@ -75,8 +61,7 @@ Verifier& Verifier::operator [Q]_1, [W]_1 */ -template -bool Verifier::verify_proof(const plonk::proof& proof) +template bool StandardVerifier_::verify_proof(const plonk::proof& proof) { using FF = typename Flavor::FF; using GroupElement = typename Flavor::GroupElement; @@ -135,9 +120,9 @@ bool Verifier::verify_proof(const plonk::proof& proof) // Execute Sumcheck Verifier auto sumcheck = Sumcheck, - ArithmeticRelation, - GrandProductComputationRelation, - GrandProductInitializationRelation>(circuit_size, transcript); + honk::sumcheck::ArithmeticRelation, + honk::sumcheck::GrandProductComputationRelation, + honk::sumcheck::GrandProductInitializationRelation>(circuit_size, transcript); std::optional sumcheck_output = sumcheck.execute_verifier(relation_parameters); // If Sumcheck does not return an output, sumcheck verification has failed @@ -199,6 +184,6 @@ bool Verifier::verify_proof(const plonk::proof& proof) return kzg_claim.verify(kate_verification_key); } -template class Verifier; +template class StandardVerifier_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.hpp b/cpp/src/barretenberg/honk/proof_system/verifier.hpp index a4ff38714a..4e4cd0dd0f 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.hpp @@ -1,38 +1,33 @@ #pragma once -#include "barretenberg/plonk/proof_system/types/proof.hpp" -#include "./program_settings.hpp" -#include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" -#include "barretenberg/transcript/manifest.hpp" -#include "barretenberg/plonk/proof_system/commitment_scheme/commitment_scheme.hpp" -#include "../sumcheck/sumcheck.hpp" -#include "../sumcheck/relations/arithmetic_relation.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" -#include "barretenberg/honk/pcs/gemini/gemini.hpp" -#include "barretenberg/honk/pcs/shplonk/shplonk_single.hpp" -#include "barretenberg/honk/pcs/kzg/kzg.hpp" +#include "barretenberg/plonk/proof_system/types/proof.hpp" +#include "barretenberg/honk/sumcheck/sumcheck.hpp" namespace proof_system::honk { -template class Verifier { +template class StandardVerifier_ { + using FF = typename Flavor::FF; + using Commitment = typename Flavor::Commitment; + using VerificationKey = typename Flavor::VerificationKey; + using PCSVerificationKey = typename Flavor::PCSParams::VK; public: - Verifier(std::shared_ptr verifier_key = nullptr); - Verifier(Verifier&& other); - Verifier(const Verifier& other) = delete; - Verifier& operator=(const Verifier& other) = delete; - Verifier& operator=(Verifier&& other); + StandardVerifier_(std::shared_ptr verifier_key = nullptr); + StandardVerifier_(StandardVerifier_&& other); + StandardVerifier_(const StandardVerifier_& other) = delete; + StandardVerifier_& operator=(const StandardVerifier_& other) = delete; + StandardVerifier_& operator=(StandardVerifier_&& other); bool verify_proof(const plonk::proof& proof); - std::shared_ptr key; - std::map kate_g1_elements; - std::map kate_fr_elements; - std::shared_ptr kate_verification_key; - VerifierTranscript transcript; + std::shared_ptr key; + std::map kate_g1_elements; + std::map kate_fr_elements; + std::shared_ptr kate_verification_key; + VerifierTranscript transcript; }; -extern template class Verifier; +extern template class StandardVerifier_; -using StandardVerifier = Verifier; +using StandardVerifier = StandardVerifier_; } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index f9c4f81c6e..1be032ca1c 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -1,24 +1,15 @@ +#include + #include "barretenberg/honk/composer/ultra_honk_composer.hpp" #include "barretenberg/honk/composer/standard_honk_composer.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/sumcheck/relations/relation.hpp" +#include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" +#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" -#include "barretenberg/numeric/uint256/uint256.hpp" -#include -#include -#include "barretenberg/honk/proof_system/prover.hpp" -#include "barretenberg/honk/sumcheck/sumcheck_round.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" -#include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" -#include "barretenberg/honk/utils/grand_product_delta.hpp" -#include "barretenberg/polynomials/polynomial.hpp" - -#include -#include -#include using namespace proof_system::honk; @@ -37,6 +28,7 @@ namespace test_honk_relations { TEST(RelationCorrectness, StandardRelationCorrectness) { using Flavor = honk::flavor::Standard; + using FF = typename Flavor::FF; using ProverPolynomials = typename Flavor::ProverPolynomials; using PurportedEvaluations = typename Flavor::PurportedEvaluations; @@ -65,9 +57,9 @@ TEST(RelationCorrectness, StandardRelationCorrectness) // Compute public input delta const auto public_inputs = composer.circuit_constructor.get_public_inputs(); auto public_input_delta = - honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); + honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); - sumcheck::RelationParameters params{ + sumcheck::RelationParameters params{ .beta = beta, .gamma = gamma, .public_input_delta = public_input_delta, @@ -103,9 +95,9 @@ TEST(RelationCorrectness, StandardRelationCorrectness) prover_polynomials.lagrange_last = prover.key->lagrange_last; // Construct the round for applying sumcheck relations and results for storing computed results - auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), - honk::sumcheck::GrandProductComputationRelation(), - honk::sumcheck::GrandProductInitializationRelation()); + auto relations = std::tuple(honk::sumcheck::ArithmeticRelation(), + honk::sumcheck::GrandProductComputationRelation(), + honk::sumcheck::GrandProductInitializationRelation()); fr result = 0; for (size_t i = 0; i < prover.key->circuit_size; i++) { @@ -147,6 +139,7 @@ TEST(RelationCorrectness, StandardRelationCorrectness) TEST(RelationCorrectness, UltraRelationCorrectness) { using Flavor = honk::flavor::Ultra; + using FF = typename Flavor::FF; using ProverPolynomials = typename Flavor::ProverPolynomials; using PurportedEvaluations = typename Flavor::PurportedEvaluations; @@ -203,11 +196,11 @@ TEST(RelationCorrectness, UltraRelationCorrectness) // Compute public input delta const auto public_inputs = composer.circuit_constructor.get_public_inputs(); auto public_input_delta = - honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); + honk::compute_public_input_delta(public_inputs, beta, gamma, prover.key->circuit_size); auto lookup_grand_product_delta = - honk::compute_lookup_grand_product_delta(beta, gamma, prover.key->circuit_size); + honk::compute_lookup_grand_product_delta(beta, gamma, prover.key->circuit_size); - sumcheck::RelationParameters params{ + sumcheck::RelationParameters params{ .eta = eta, .beta = beta, .gamma = gamma, @@ -293,12 +286,12 @@ TEST(RelationCorrectness, UltraRelationCorrectness) prover_polynomials.lagrange_last = prover.key->lagrange_last; // Construct the round for applying sumcheck relations and results for storing computed results - auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), - honk::sumcheck::UltraArithmeticRelationSecondary(), - honk::sumcheck::UltraGrandProductInitializationRelation(), - honk::sumcheck::UltraGrandProductComputationRelation(), - honk::sumcheck::LookupGrandProductComputationRelation(), - honk::sumcheck::LookupGrandProductInitializationRelation()); + auto relations = std::tuple(honk::sumcheck::UltraArithmeticRelation(), + honk::sumcheck::UltraArithmeticRelationSecondary(), + honk::sumcheck::UltraGrandProductInitializationRelation(), + honk::sumcheck::UltraGrandProductComputationRelation(), + honk::sumcheck::LookupGrandProductComputationRelation(), + honk::sumcheck::LookupGrandProductInitializationRelation()); fr result = 0; for (size_t i = 0; i < prover.key->circuit_size; i++) { From dc3e03aefe75fd175ad02a058a40a7998324aa13 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 02:49:36 +0000 Subject: [PATCH 081/119] Fix reverted comments (?) --- .../barretenberg/honk/proof_system/composer_helper.lib.hpp | 2 +- cpp/src/barretenberg/honk/proof_system/prover.cpp | 4 ++-- cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp | 2 +- .../proof_system/composer/composer_helper_lib.hpp | 4 ++-- .../barretenberg/proof_system/composer/permutation_helper.hpp | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index 7acaef12f4..bdf6547dcc 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -19,7 +19,7 @@ std::shared_ptr compute_verification_key_commo auto commitment_key = typename Flavor::PCSParams::CK(proving_key->circuit_size, "../srs_db/ignition"); - size_t poly_idx = 0; // ZIPTODO + size_t poly_idx = 0; // TODO(#391) zip for (auto& polynomial : proving_key) { verification_key[poly_idx] = commitment_key.commit(polynomial); ++polynomial_idx; diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 69b1986eee..a4ed77aab3 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -56,7 +56,7 @@ StandardProver_::StandardProver_(const std::shared_ptr input * */ template void StandardProver_::compute_wire_commitments() { - size_t wire_idx = 0; // ZIPTODO + size_t wire_idx = 0; // TODO(#391) zip auto wire_polys = key->get_wires(); for (auto& label : commitment_labels.get_wires()) { queue.add_commitment(wire_polys[wire_idx], label); @@ -163,7 +163,7 @@ template void StandardProver_::execute_univariat // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ Polynomial batched_poly_unshifted(key->circuit_size); // batched unshifted polynomials - size_t poly_idx = 0; // ZIPTODO + size_t poly_idx = 0; // TODO(#391) zip for (auto& unshifted_poly : prover_polynomials.get_unshifted()) { batched_poly_unshifted.add_scaled(unshifted_poly, rhos[poly_idx]); ++poly_idx; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index 9f97114d8a..7c90f2432b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -154,7 +154,7 @@ template class... Relations> class SumcheckRo */ void extend_edges(auto& multivariates, size_t edge_idx) { - size_t univariate_idx = 0; // ZIPTODO + size_t univariate_idx = 0; // TODO(#391) zip for (auto& poly : multivariates) { auto edge = Univariate({ poly[edge_idx], poly[edge_idx + 1] }); extended_edges[univariate_idx] = barycentric_2_to_max.extend(edge); diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index bde9b2e4f2..077a30505f 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -50,7 +50,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c { const size_t num_public_inputs = circuit_constructor.public_inputs.size(); // TODO(Cody): Loose coupling here! Would rather build up pk from arithmetizaiton - size_t selector_idx = 0; // ZIPTODO + size_t selector_idx = 0; // TODO(#391) zip for (auto& selector_values : circuit_constructor.selectors) { ASSERT(proving_key->circuit_size >= selector_values.size()); @@ -135,7 +135,7 @@ std::vector construct_wire_polynomials_base( std::vector wire_polynomials; // Note: randomness is added to 3 of the last 4 positions in plonk/proof_system/prover/prover.cpp // StandardProverBase::execute_preamble_round(). - size_t wire_idx = 0; // ZIPTODO + size_t wire_idx = 0; // TODO(#391) zip for (auto& wire : circuit_constructor.wires) { // Initialize the polynomial with all the actual copies variable values // Expect all values to be set to 0 initially diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 726651c723..05470d56fe 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -411,7 +411,7 @@ void compute_standard_honk_id_polynomials(auto proving_key) // TODO(Cody): provi { // Fill id polynomials with default values // TODO(Cody): Allocate polynomial space in proving key constructor. - size_t coset_idx = 0; // ZIPTODO + size_t coset_idx = 0; // TODO(#391) zip for (auto& id_poly : proving_key->get_id_polynomials()) { for (size_t i = 0; i < proving_key->circuit_size; ++i) { id_poly[i] = coset_idx * proving_key->circuit_size + i; From bfe8ce5473ddd928befe192da079af50c67e984f Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 03:02:09 +0000 Subject: [PATCH 082/119] Fix compilation. --- cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp index 2420afdf69..50159e965c 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp @@ -31,7 +31,6 @@ TEST(Flavor, Standard) Flavor::VerificationKey verification_key; Flavor::ProverPolynomials prover_polynomials; - // Flavor::VerifierCommitments verifier_commitments; Flavor::ExtendedEdges edges; Flavor::PurportedEvaluations evals; Flavor::CommitmentLabels commitment_labels; @@ -43,7 +42,7 @@ TEST(Flavor, Standard) auto get_test_polynomial = [](size_t& idx) { Flavor::Polynomial poly(4); for (size_t i = 0; i < 4; i++) { - poly[i] = ++idx; + poly[i] = idx++; }; return poly; }; From e98ca5de11b03af786c031d348920512783a93c8 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 03:15:25 +0000 Subject: [PATCH 083/119] Clean up comments --- .../composer_helper/standard_honk_composer_helper.cpp | 2 +- .../composer_helper/ultra_honk_composer_helper.cpp | 8 +++----- .../composer_helper/ultra_honk_composer_helper.hpp | 2 -- cpp/src/barretenberg/honk/proof_system/verifier.cpp | 3 --- .../composer_helper/standard_plonk_composer_helper.cpp | 3 +-- .../composer_helper/turbo_plonk_composer_helper.cpp | 3 +-- .../composer_helper/ultra_plonk_composer_helper.cpp | 3 +-- .../composer_helper/ultra_plonk_composer_helper.hpp | 2 -- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 2 +- 9 files changed, 8 insertions(+), 20 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index 2f42328409..cf0c931c06 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -28,7 +28,7 @@ std::shared_ptr StandardHonkComposerHelp const CircuitConstructor& constructor, const size_t minimum_circuit_size, const size_t num_randomized_gates) { // Initialize proving_key - // TODO(#229)(Kesha): replace composer types. + // TODO(#392)(Kesha): replace composer types. proving_key = initialize_proving_key( constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::STANDARD_HONK); // Compute lagrange selectors diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 7449b5feb7..9d10497b9c 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -9,8 +9,7 @@ namespace proof_system::honk { /** * @brief Compute witness polynomials * - * TODO(luke): The wire polynomials are returned directly whereas the sorted list polys are added to the proving - * key. This should be made consistent once Cody's Flavor work is settled. + * WORKTODO Put sorted witness polynomials in pk? */ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) { @@ -129,7 +128,7 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr } // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need - // to see what becomes of the proving key before making a decision here. + // to see what becomes of the proving key before making a decision here. // WORKTODO: resolve this? circuit_proving_key->sorted_1 = s_1; circuit_proving_key->sorted_2 = s_2; circuit_proving_key->sorted_3 = s_3; @@ -156,7 +155,6 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_c // * // * @return The verifier. // * */ -// // TODO(Cody): This should go away altogether. // plonk::UltraVerifier UltraHonkComposerHelper::create_verifier( // const CircuitConstructor& circuit_constructor) // { @@ -190,7 +188,7 @@ std::shared_ptr UltraHonkComposerHe const size_t minimum_circuit_size = tables_size + lookups_size; const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key - // TODO(#229)(Kesha): replace composer types. + // TODO(#392)(Kesha): replace composer types. circuit_proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::PLOOKUP); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 2d3db2ce1f..58edf60a51 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -13,8 +13,6 @@ #include namespace proof_system::honk { -// TODO(Kesha): change initializations to specify this parameter -// Cody: What does this mean? class UltraHonkComposerHelper { public: using Flavor = flavor::Ultra; diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 831128c6a1..3feb179d76 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -1,8 +1,5 @@ #include "./verifier.hpp" #include "barretenberg/honk/transcript/transcript.hpp" -// #include "barretenberg/honk/pcs/commitment_key.hpp" -// #include "barretenberg/honk/pcs/gemini/gemini.hpp" -// #include "barretenberg/honk/pcs/kzg/kzg.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp" diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp index 13575a3514..dabf5e4bc1 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.cpp @@ -62,7 +62,7 @@ std::shared_ptr StandardPlonkComposerHelper::compute_proving const size_t minimum_circuit_size = 0; const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key - // TODO(#229)(Kesha): replace composer types. + // TODO(#392)(Kesha): replace composer types. circuit_proving_key = proof_system::initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::STANDARD); // Compute lagrange selectors @@ -113,7 +113,6 @@ std::shared_ptr StandardPlonkComposerHelper::compute_ve * * @return The verifier. * */ -// TODO(Cody): This should go away altogether. plonk::Verifier StandardPlonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp index 352931866c..c367d9ccd1 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.cpp @@ -38,7 +38,7 @@ std::shared_ptr TurboPlonkComposerHelper::compute_proving_ke const size_t minimum_circuit_size = 0; const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key - // TODO(#229)(Kesha): replace composer types. + // TODO(#392)(Kesha): replace composer types. circuit_proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::TURBO); @@ -153,7 +153,6 @@ plonk::TurboProver TurboPlonkComposerHelper::create_prover(const CircuitConstruc * * @return The verifier. * */ -// TODO(Cody): This should go away altogether. plonk::TurboVerifier TurboPlonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { auto verification_key = compute_verification_key(circuit_constructor); diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp index 5a9b9a7fc6..2d76986bd4 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.cpp @@ -191,7 +191,6 @@ UltraProver UltraPlonkComposerHelper::create_prover(CircuitConstructor& circuit_ * * @return The verifier. * */ -// TODO(Cody): This should go away altogether. plonk::UltraVerifier UltraPlonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { @@ -225,7 +224,7 @@ std::shared_ptr UltraPlonkComposerHelper::compute_proving_key( const size_t minimum_circuit_size = tables_size + lookups_size; const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; // Initialize circuit_proving_key - // TODO(#229)(Kesha): replace composer types. + // TODO(#392)(Kesha): replace composer types. circuit_proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::PLOOKUP); diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp index b902d294e0..d5b78bf01f 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp @@ -12,8 +12,6 @@ #include namespace proof_system::plonk { -// TODO(Kesha): change initializations to specify this parameter -// Cody: What does this mean? class UltraPlonkComposerHelper { public: using Flavor = plonk::flavor::Ultra; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index b2145a78f3..a5e30f208d 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -377,7 +377,7 @@ class Ultra { T& lagrange_first = std::get<23>(this->_data); T& lagrange_last = std::get<24>(this->_data); - std::vector get_selectors() + std::vector get_selectors() // WORKTODO: make these arrays? { // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; From c7fc7cbe13010c5d1e6f7e67d1e0d86b9b39376e Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 03:29:02 +0000 Subject: [PATCH 084/119] More cleanup of TODOs --- .../composer_helper/standard_honk_composer_helper.hpp | 1 - .../honk/composer/standard_honk_composer.hpp | 3 +-- .../barretenberg/honk/composer/ultra_honk_composer.hpp | 3 +-- cpp/src/barretenberg/honk/proof_system/prover.hpp | 1 - cpp/src/barretenberg/honk/proof_system/verifier.cpp | 4 ---- cpp/src/barretenberg/honk/proof_system/work_queue.hpp | 2 -- cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp | 9 ++++----- .../composer_helper/standard_plonk_composer_helper.hpp | 2 -- .../circuit_constructors/circuit_constructor_base.hpp | 8 +++----- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 1 + 10 files changed, 10 insertions(+), 24 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 156d521b81..9117ba33d6 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -61,7 +61,6 @@ class StandardHonkComposerHelper { StandardProver create_prover(const CircuitConstructor& circuit_constructor); // TODO(#216)(Adrian): Seems error prone to provide the number of randomized gates - // Cody: Where should this go? In the flavor (or whatever that becomes)? std::shared_ptr compute_proving_key_base(const CircuitConstructor& circuit_constructor, const size_t minimum_circuit_size = 0, const size_t num_randomized_gates = NUM_RANDOMIZED_GATES); diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index dddac189b7..300b6bc5e1 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -3,7 +3,6 @@ #include "composer_helper/standard_honk_composer_helper.hpp" #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" -#include "barretenberg/transcript/manifest.hpp" #include "barretenberg/proof_system/types/merkle_hash_type.hpp" #include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" @@ -16,7 +15,7 @@ namespace proof_system::honk { */ class StandardHonkComposer { public: - // TODO(Cody): This should go in flavor or something. + // TODO(Cody): Put this in the flavor? static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; diff --git a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp index c24034666f..9f4c39b250 100644 --- a/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/ultra_honk_composer.hpp @@ -1,9 +1,8 @@ #pragma once -#include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp" +#include #include "barretenberg/honk/proof_system/ultra_prover.hpp" #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp" -#include namespace proof_system::honk { diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index b382013cae..8c093769dd 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -58,7 +58,6 @@ template class StandardProver_ { // Container for spans of all polynomials required by the prover (i.e. all multivariates evaluated by Sumcheck). ProverPolynomials prover_polynomials; - // TODO(Cody): Improve this, or at least make the lables static constexpr? CommitmentLabels commitment_labels; // Container for d + 1 Fold polynomials produced by Gemini diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 3feb179d76..058d156186 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -109,10 +109,6 @@ template bool StandardVerifier_::verify_proof(const pl // Get commitment to Z_PERM commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); - // commitments.z_perm_shift = commitments.z_perm/* transcript.template - // receive_from_prover(commitment_labels.z_perm) */; - - // // TODO(Cody): Compute some basic public polys like id(X), pow(X), and any required Lagrange polys // Execute Sumcheck Verifier auto sumcheck = Sumcheck class work_queue { work_queue(const work_queue& other) = default; work_queue(work_queue&& other) noexcept = default; - // work_queue& operator=(const work_queue& other) = delete; - // work_queue& operator=(work_queue&& other) = delete; ~work_queue() = default; [[nodiscard]] work_item_info get_queued_work_item_info() const diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index 7c90f2432b..c50b22bf4b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -73,7 +73,7 @@ template class... Relations> class SumcheckRo // TODO(#224)(Cody): this barycentric stuff should be more built-in? std::tuple::RELATION_LENGTH, MAX_RELATION_LENGTH>...> barycentric_utils; std::tuple::RELATION_LENGTH>...> univariate_accumulators; - std::array evaluations; // TODO(Cody): rename to relation_evaluations or something + std::array relation_evaluations; ExtendedEdges extended_edges; std::array, NUM_RELATIONS> extended_univariates; @@ -94,7 +94,7 @@ template class... Relations> class SumcheckRo { // FF's default constructor may not initialize to zero (e.g., barretenberg::fr), hence we can't rely on // aggregate initialization of the evaluations array. - std::fill(evaluations.begin(), evaluations.end(), FF(0)); + std::fill(relation_evaluations.begin(), relation_evaluations.end(), FF(0)); }; /** @@ -218,7 +218,6 @@ template class... Relations> class SumcheckRo * together, with appropriate scaling factors, produces the expected value of the full Honk relation. This value is * checked against the final value of the target total sum, defined as sigma_d. */ - // TODO(#224)(Cody): Input should be an array? FF compute_full_honk_relation_purported_value(PurportedEvaluations purported_evaluations, const RelationParameters& relation_parameters, const PowUnivariate& pow_univariate, @@ -229,7 +228,7 @@ template class... Relations> class SumcheckRo // IMPROVEMENT(Cody): Reuse functions from univariate_accumulators batching? FF running_challenge = 1; FF output = 0; - for (auto& evals : evaluations) { + for (auto& evals : relation_evaluations) { output += evals * running_challenge; running_challenge *= alpha; } @@ -321,7 +320,7 @@ template class... Relations> class SumcheckRo const RelationParameters& relation_parameters) { std::get(relations).add_full_relation_value_contribution( - evaluations[relation_idx], purported_evaluations, relation_parameters); + relation_evaluations[relation_idx], purported_evaluations, relation_parameters); // Repeat for the next relation. if constexpr (relation_idx + 1 < NUM_RELATIONS) { diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp index f60a2c810b..bd3b517f4b 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp @@ -13,8 +13,6 @@ #include namespace proof_system::plonk { -// TODO(Kesha): change initializations to specify this parameter -// Cody: What does this mean? class StandardPlonkComposerHelper { public: using Flavor = plonk::flavor::Standard; diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 363b4bcad1..7d370413cc 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -11,15 +11,13 @@ template class CircuitConstructorBase { public: // TODO(Cody): This needs to be templated to allow constructing circuits over Grumpkin. For now, adding FF here // since the flavor can extract it. - using FF = barretenberg::fr; // TODO(Cody): this should be set in Flavor and then passed to Arithmetization. + using FF = barretenberg::fr; static constexpr size_t num_wires = Arithmetization::num_wires; // Keeping num_wires, at least temporarily, for backward compatibility static constexpr size_t program_width = Arithmetization::num_wires; static constexpr size_t num_selectors = Arithmetization::num_selectors; - // TODO(Cody): selector names are used by composer helper. They can therefore be specified through the proving - // system flavor. Getting rid of this also lets us get rid of the weird constructor that's uses the selector names - // functions - std::vector selector_names_; // TODO(Cody): These are plonk-only and could go in the plonk flavor. + + std::vector selector_names_; // WORKTODO: These are plonk-only and could go in the plonk flavor. size_t num_gates = 0; std::array, num_wires> wires; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a5e30f208d..937c1c2209 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -19,6 +19,7 @@ #include "barretenberg/proof_system/flavor/flavor.hpp" // WORKTODO: Names of these classes +// WORKTODO: Selectors should come from arithmetization. // WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in // SumcheckOutput) namespace proof_system::honk::flavor { From 16119504270afaaa1051132a9f3e212b7489b67d Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 03:45:33 +0000 Subject: [PATCH 085/119] Rename template args in Flavor. --- .../proof_system/flavor/flavor.hpp | 380 +++++++++--------- 1 file changed, 199 insertions(+), 181 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 937c1c2209..205075ff95 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -22,11 +22,24 @@ // WORKTODO: Selectors should come from arithmetization. // WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in // SumcheckOutput) +/** + * WORKTODO: Outline what's going on here, explain the data model and how to think about these classes. + * + */ namespace proof_system::honk::flavor { -template class Data { + +/** + * @brief Base data class, a wrapper for std::array, from which every flavor class ultimately derives. + * @details Ideally we could derive from std::array, but that is unsafe because std::array's destructor is non-virtual. + * + * @tparam T The underlying data type stored in the array + * @tparam HandleType The type that will be used to + * @tparam NUM_ENTITIES The size of the underlying array. + */ +template class Data { public: - using DataType = std::array; - DataType _data; + using ArrayType = std::array; + ArrayType _data; // TODO(Cody): now it's safe to inherit from this... right? // virtual ~Data() = default; @@ -37,15 +50,15 @@ template class Data { // Data& operator=(const Data&) = default; // Data& operator=(Data&&) = default; - T& operator[](size_t idx) { return _data[idx]; }; - typename DataType::iterator begin() { return _data.begin(); }; - typename DataType::iterator end() { return _data.end(); }; + DataType& operator[](size_t idx) { return _data[idx]; }; + typename ArrayType::iterator begin() { return _data.begin(); }; + typename ArrayType::iterator end() { return _data.end(); }; size_t size() { return _data.size(); }; // WORKTODO: constexpr }; -template -class BasePrecomputedData : public Data { +template +class BasePrecomputedData : public Data { public: size_t circuit_size; size_t log_circuit_size; @@ -54,9 +67,9 @@ class BasePrecomputedData : public Data { // virtual ~BasePrecomputedData() = default; - virtual std::vector get_selectors() = 0; - virtual std::vector get_sigma_polynomials() = 0; - virtual std::vector get_id_polynomials() = 0; + virtual std::vector get_selectors() = 0; + virtual std::vector get_sigma_polynomials() = 0; + virtual std::vector get_id_polynomials() = 0; }; // TODO(Cody): Made this public derivation so that I could iterate through @@ -80,17 +93,18 @@ template class BaseVerificationKey : public Precomput std::shared_ptr vrs; }; -template class BaseAllData : public Data { +template +class BaseAllData : public Data { public: - virtual std::vector get_unshifted() = 0; - virtual std::vector get_to_be_shifted() = 0; - virtual std::vector get_shifted() = 0; + virtual std::vector get_unshifted() = 0; + virtual std::vector get_to_be_shifted() = 0; + virtual std::vector get_shifted() = 0; // TODO(Cody): Look for a better solution? - std::vector get_unshifted_then_shifted() + std::vector get_unshifted_then_shifted() { - std::vector result{ get_unshifted() }; - std::vector shifted{ get_shifted() }; + std::vector result{ get_unshifted() }; + std::vector shifted{ get_shifted() }; result.insert(result.end(), shifted.begin(), shifted.end()); return result; }; @@ -116,40 +130,46 @@ class Standard { // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. - template - class PrecomputedData : public BasePrecomputedData { + template + class PrecomputedData : public BasePrecomputedData { public: - T& q_m = std::get<0>(this->_data); - T& q_l = std::get<1>(this->_data); - T& q_r = std::get<2>(this->_data); - T& q_o = std::get<3>(this->_data); - T& q_c = std::get<4>(this->_data); - T& sigma_1 = std::get<5>(this->_data); - T& sigma_2 = std::get<6>(this->_data); - T& sigma_3 = std::get<7>(this->_data); - T& id_1 = std::get<8>(this->_data); - T& id_2 = std::get<9>(this->_data); - T& id_3 = std::get<10>(this->_data); - T& lagrange_first = std::get<11>(this->_data); - T& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - - std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; - std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; - std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; + DataType& q_m = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_c = std::get<4>(this->_data); + DataType& sigma_1 = std::get<5>(this->_data); + DataType& sigma_2 = std::get<6>(this->_data); + DataType& sigma_3 = std::get<7>(this->_data); + DataType& id_1 = std::get<8>(this->_data); + DataType& id_2 = std::get<9>(this->_data); + DataType& id_3 = std::get<10>(this->_data); + DataType& lagrange_first = std::get<11>(this->_data); + DataType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; virtual ~PrecomputedData() = default; }; - // Container for all witness polynomials used/constructed by the prover. - // Note: shifts are not included here since they do not occupy their own memory - template class WitnessData : public Data { + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory + * + * @tparam T + * @tparam HandleType + */ + template + class WitnessData : public Data { public: - T& w_l = std::get<0>(this->_data); - T& w_r = std::get<1>(this->_data); - T& w_o = std::get<2>(this->_data); - T& z_perm = std::get<3>(this->_data); + DataType& w_l = std::get<0>(this->_data); + DataType& w_r = std::get<1>(this->_data); + DataType& w_o = std::get<2>(this->_data); + DataType& z_perm = std::get<3>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o }; }; + std::vector get_wires() { return { w_l, w_r, w_o }; }; virtual ~WitnessData() = default; }; @@ -207,59 +227,57 @@ class Standard { }; }; - template class AllData : public BaseAllData { + template class AllData : public BaseAllData { public: - T& q_c = std::get<0>(this->_data); - T& q_l = std::get<1>(this->_data); - T& q_r = std::get<2>(this->_data); - T& q_o = std::get<3>(this->_data); - T& q_m = std::get<4>(this->_data); - T& sigma_1 = std::get<5>(this->_data); - T& sigma_2 = std::get<6>(this->_data); - T& sigma_3 = std::get<7>(this->_data); - T& id_1 = std::get<8>(this->_data); - T& id_2 = std::get<9>(this->_data); - T& id_3 = std::get<10>(this->_data); - T& lagrange_first = std::get<11>(this->_data); - T& lagrange_last = std::get<12>(this->_data); - T& w_l = std::get<13>(this->_data); - T& w_r = std::get<14>(this->_data); - T& w_o = std::get<15>(this->_data); - T& z_perm = std::get<16>(this->_data); - T& z_perm_shift = std::get<17>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o }; }; - - std::vector get_unshifted() override + DataType& q_c = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_m = std::get<4>(this->_data); + DataType& sigma_1 = std::get<5>(this->_data); + DataType& sigma_2 = std::get<6>(this->_data); + DataType& sigma_3 = std::get<7>(this->_data); + DataType& id_1 = std::get<8>(this->_data); + DataType& id_2 = std::get<9>(this->_data); + DataType& id_3 = std::get<10>(this->_data); + DataType& lagrange_first = std::get<11>(this->_data); + DataType& lagrange_last = std::get<12>(this->_data); + DataType& w_l = std::get<13>(this->_data); + DataType& w_r = std::get<14>(this->_data); + DataType& w_o = std::get<15>(this->_data); + DataType& z_perm = std::get<16>(this->_data); + DataType& z_perm_shift = std::get<17>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o }; }; + + std::vector get_unshifted() override { // ...z_perm_shift is in here? - // return { w_l, w_r, w_o, z_perm, q_m, q_l, q_r, q_o, q_c, sigma_1, sigma_2, sigma_3, - // id_1, id_2, id_3, lagrange_first, lagrange_last }; return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last, w_l, w_r, w_o, z_perm }; }; - std::vector get_to_be_shifted() override { return { z_perm }; }; + std::vector get_to_be_shifted() override { return { z_perm }; }; - std::vector get_shifted() override { return { z_perm_shift }; }; + std::vector get_shifted() override { return { z_perm_shift }; }; AllData() = default; AllData(const AllData& other) - : BaseAllData(other){}; + : BaseAllData(other){}; AllData(AllData&& other) - : BaseAllData(other){}; + : BaseAllData(other){}; // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } AllData& operator=(AllData&& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } @@ -349,64 +367,65 @@ class Ultra { static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; static constexpr size_t NUM_WITNESS_ENTITIES = 11; - template - class PrecomputedData : public BasePrecomputedData { + template + class PrecomputedData : public BasePrecomputedData { public: - T& q_m = std::get<0>(this->_data); - T& q_c = std::get<1>(this->_data); - T& q_l = std::get<2>(this->_data); - T& q_r = std::get<3>(this->_data); - T& q_o = std::get<4>(this->_data); - T& q_4 = std::get<5>(this->_data); - T& q_arith = std::get<6>(this->_data); - T& q_sort = std::get<7>(this->_data); - T& q_elliptic = std::get<8>(this->_data); - T& q_aux = std::get<9>(this->_data); - T& q_lookup = std::get<10>(this->_data); - T& sigma_1 = std::get<11>(this->_data); - T& sigma_2 = std::get<12>(this->_data); - T& sigma_3 = std::get<13>(this->_data); - T& sigma_4 = std::get<14>(this->_data); - T& id_1 = std::get<15>(this->_data); - T& id_2 = std::get<16>(this->_data); - T& id_3 = std::get<17>(this->_data); - T& id_4 = std::get<18>(this->_data); - T& table_1 = std::get<19>(this->_data); - T& table_2 = std::get<20>(this->_data); - T& table_3 = std::get<21>(this->_data); - T& table_4 = std::get<22>(this->_data); - T& lagrange_first = std::get<23>(this->_data); - T& lagrange_last = std::get<24>(this->_data); - - std::vector get_selectors() // WORKTODO: make these arrays? + DataType& q_m = std::get<0>(this->_data); + DataType& q_c = std::get<1>(this->_data); + DataType& q_l = std::get<2>(this->_data); + DataType& q_r = std::get<3>(this->_data); + DataType& q_o = std::get<4>(this->_data); + DataType& q_4 = std::get<5>(this->_data); + DataType& q_arith = std::get<6>(this->_data); + DataType& q_sort = std::get<7>(this->_data); + DataType& q_elliptic = std::get<8>(this->_data); + DataType& q_aux = std::get<9>(this->_data); + DataType& q_lookup = std::get<10>(this->_data); + DataType& sigma_1 = std::get<11>(this->_data); + DataType& sigma_2 = std::get<12>(this->_data); + DataType& sigma_3 = std::get<13>(this->_data); + DataType& sigma_4 = std::get<14>(this->_data); + DataType& id_1 = std::get<15>(this->_data); + DataType& id_2 = std::get<16>(this->_data); + DataType& id_3 = std::get<17>(this->_data); + DataType& id_4 = std::get<18>(this->_data); + DataType& table_1 = std::get<19>(this->_data); + DataType& table_2 = std::get<20>(this->_data); + DataType& table_3 = std::get<21>(this->_data); + DataType& table_4 = std::get<22>(this->_data); + DataType& lagrange_first = std::get<23>(this->_data); + DataType& lagrange_last = std::get<24>(this->_data); + + std::vector get_selectors() // WORKTODO: make these arrays? { // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; }; - std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; - std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; - std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; + std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; + std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; virtual ~PrecomputedData() = default; }; // Container for all witness polys - template class WitnessData : public Data { + template + class WitnessData : public Data { public: - T& w_l = std::get<0>(this->_data); - T& w_r = std::get<1>(this->_data); - T& w_o = std::get<2>(this->_data); - T& w_4 = std::get<3>(this->_data); - T& sorted_1 = std::get<4>(this->_data); - T& sorted_2 = std::get<5>(this->_data); - T& sorted_3 = std::get<6>(this->_data); - T& sorted_4 = std::get<7>(this->_data); - T& sorted_accum = std::get<8>(this->_data); - T& z_perm = std::get<9>(this->_data); - T& z_lookup = std::get<10>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; + DataType& w_l = std::get<0>(this->_data); + DataType& w_r = std::get<1>(this->_data); + DataType& w_o = std::get<2>(this->_data); + DataType& w_4 = std::get<3>(this->_data); + DataType& sorted_1 = std::get<4>(this->_data); + DataType& sorted_2 = std::get<5>(this->_data); + DataType& sorted_3 = std::get<6>(this->_data); + DataType& sorted_4 = std::get<7>(this->_data); + DataType& sorted_accum = std::get<8>(this->_data); + DataType& z_perm = std::get<9>(this->_data); + DataType& z_lookup = std::get<10>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; virtual ~WitnessData() = default; }; @@ -462,58 +481,58 @@ class Ultra { using VerificationKey = BaseVerificationKey>; - template class AllData : public BaseAllData { + template class AllData : public BaseAllData { public: - T& q_c = std::get<0>(this->_data); - T& q_l = std::get<1>(this->_data); - T& q_r = std::get<2>(this->_data); - T& q_o = std::get<3>(this->_data); - T& q_4 = std::get<4>(this->_data); - T& q_m = std::get<5>(this->_data); - T& q_arith = std::get<6>(this->_data); - T& q_sort = std::get<7>(this->_data); - T& q_elliptic = std::get<8>(this->_data); - T& q_aux = std::get<9>(this->_data); - T& q_lookup = std::get<10>(this->_data); - T& sigma_1 = std::get<11>(this->_data); - T& sigma_2 = std::get<12>(this->_data); - T& sigma_3 = std::get<13>(this->_data); - T& sigma_4 = std::get<14>(this->_data); - T& id_1 = std::get<15>(this->_data); - T& id_2 = std::get<16>(this->_data); - T& id_3 = std::get<17>(this->_data); - T& id_4 = std::get<18>(this->_data); - T& table_1 = std::get<19>(this->_data); - T& table_2 = std::get<20>(this->_data); - T& table_3 = std::get<21>(this->_data); - T& table_4 = std::get<22>(this->_data); - T& lagrange_first = std::get<23>(this->_data); - T& lagrange_last = std::get<24>(this->_data); - T& w_l = std::get<25>(this->_data); - T& w_r = std::get<26>(this->_data); - T& w_o = std::get<27>(this->_data); - T& w_4 = std::get<28>(this->_data); - T& sorted_1 = std::get<29>(this->_data); - T& sorted_2 = std::get<30>(this->_data); - T& sorted_3 = std::get<31>(this->_data); - T& sorted_4 = std::get<32>(this->_data); - T& sorted_accum = std::get<33>(this->_data); - T& z_perm = std::get<34>(this->_data); - T& z_lookup = std::get<35>(this->_data); - T& table_1_shift = std::get<36>(this->_data); - T& table_2_shift = std::get<37>(this->_data); - T& table_3_shift = std::get<38>(this->_data); - T& table_4_shift = std::get<39>(this->_data); - T& w_l_shift = std::get<40>(this->_data); - T& w_r_shift = std::get<41>(this->_data); - T& w_o_shift = std::get<42>(this->_data); - T& w_4_shift = std::get<43>(this->_data); - T& sorted_accum_shift = std::get<44>(this->_data); - T& z_perm_shift = std::get<45>(this->_data); - T& z_lookup_shift = std::get<46>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_unshifted() override + DataType& q_c = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_4 = std::get<4>(this->_data); + DataType& q_m = std::get<5>(this->_data); + DataType& q_arith = std::get<6>(this->_data); + DataType& q_sort = std::get<7>(this->_data); + DataType& q_elliptic = std::get<8>(this->_data); + DataType& q_aux = std::get<9>(this->_data); + DataType& q_lookup = std::get<10>(this->_data); + DataType& sigma_1 = std::get<11>(this->_data); + DataType& sigma_2 = std::get<12>(this->_data); + DataType& sigma_3 = std::get<13>(this->_data); + DataType& sigma_4 = std::get<14>(this->_data); + DataType& id_1 = std::get<15>(this->_data); + DataType& id_2 = std::get<16>(this->_data); + DataType& id_3 = std::get<17>(this->_data); + DataType& id_4 = std::get<18>(this->_data); + DataType& table_1 = std::get<19>(this->_data); + DataType& table_2 = std::get<20>(this->_data); + DataType& table_3 = std::get<21>(this->_data); + DataType& table_4 = std::get<22>(this->_data); + DataType& lagrange_first = std::get<23>(this->_data); + DataType& lagrange_last = std::get<24>(this->_data); + DataType& w_l = std::get<25>(this->_data); + DataType& w_r = std::get<26>(this->_data); + DataType& w_o = std::get<27>(this->_data); + DataType& w_4 = std::get<28>(this->_data); + DataType& sorted_1 = std::get<29>(this->_data); + DataType& sorted_2 = std::get<30>(this->_data); + DataType& sorted_3 = std::get<31>(this->_data); + DataType& sorted_4 = std::get<32>(this->_data); + DataType& sorted_accum = std::get<33>(this->_data); + DataType& z_perm = std::get<34>(this->_data); + DataType& z_lookup = std::get<35>(this->_data); + DataType& table_1_shift = std::get<36>(this->_data); + DataType& table_2_shift = std::get<37>(this->_data); + DataType& table_3_shift = std::get<38>(this->_data); + DataType& table_4_shift = std::get<39>(this->_data); + DataType& w_l_shift = std::get<40>(this->_data); + DataType& w_r_shift = std::get<41>(this->_data); + DataType& w_o_shift = std::get<42>(this->_data); + DataType& w_4_shift = std::get<43>(this->_data); + DataType& sorted_accum_shift = std::get<44>(this->_data); + DataType& z_perm_shift = std::get<45>(this->_data); + DataType& z_lookup_shift = std::get<46>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup, sigma_1, sigma_2, sigma_3, sigma_4, id_1, @@ -523,27 +542,27 @@ class Ultra { }; }; - std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; - std::vector get_shifted() override { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; + std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; + std::vector get_shifted() override { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; AllData() = default; AllData(const AllData& other) - : BaseAllData(other){}; + : BaseAllData(other){}; AllData(AllData&& other) - : BaseAllData(other){}; + : BaseAllData(other){}; // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } AllData& operator=(AllData&& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } @@ -652,7 +671,6 @@ struct Ultra { namespace proof_system { -// Stuff template concept IsAnyOf = (std::same_as || ...); template From 9a30d6ebbc6c68401fed497f0665b9bcaf5a66b5 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 04:03:22 +0000 Subject: [PATCH 086/119] Add handle types for uniformity --- .../proof_system/flavor/flavor.hpp | 97 +++++++++++-------- 1 file changed, 56 insertions(+), 41 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 205075ff95..bc206a87a4 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -93,18 +93,18 @@ template class BaseVerificationKey : public Precomput std::shared_ptr vrs; }; -template +template class BaseAllData : public Data { public: - virtual std::vector get_unshifted() = 0; - virtual std::vector get_to_be_shifted() = 0; - virtual std::vector get_shifted() = 0; + virtual std::vector get_unshifted() = 0; + virtual std::vector get_to_be_shifted() = 0; + virtual std::vector get_shifted() = 0; // TODO(Cody): Look for a better solution? - std::vector get_unshifted_then_shifted() + std::vector get_unshifted_then_shifted() { - std::vector result{ get_unshifted() }; - std::vector shifted{ get_shifted() }; + std::vector result{ get_unshifted() }; + std::vector shifted{ get_shifted() }; result.insert(result.end(), shifted.begin(), shifted.end()); return result; }; @@ -115,7 +115,7 @@ class Standard { using CircuitConstructor = StandardCircuitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; - using PolynomialView = std::span; + using PolynomialView = std::span; // WORKTODO(Cody): rename using G1 = barretenberg::g1; using GroupElement = G1::element; using Commitment = G1::affine_element; @@ -227,7 +227,8 @@ class Standard { }; }; - template class AllData : public BaseAllData { + template + class AllData : public BaseAllData { public: DataType& q_c = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -248,36 +249,36 @@ class Standard { DataType& z_perm = std::get<16>(this->_data); DataType& z_perm_shift = std::get<17>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o }; }; + std::vector get_wires() { return { w_l, w_r, w_o }; }; - std::vector get_unshifted() override + std::vector get_unshifted() override { // ...z_perm_shift is in here? return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last, w_l, w_r, w_o, z_perm }; }; - std::vector get_to_be_shifted() override { return { z_perm }; }; + std::vector get_to_be_shifted() override { return { z_perm }; }; - std::vector get_shifted() override { return { z_perm_shift }; }; + std::vector get_shifted() override { return { z_perm_shift }; }; AllData() = default; AllData(const AllData& other) - : BaseAllData(other){}; + : BaseAllData(other){}; AllData(AllData&& other) - : BaseAllData(other){}; + : BaseAllData(other){}; // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } AllData& operator=(AllData&& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } @@ -287,15 +288,17 @@ class Standard { // These are classes are views of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. - using ProverPolynomials = AllData; + using ProverPolynomials = AllData; - // WORKTODO: Handle univariates right - using FoldedPolynomials = AllData>; // WORKTODO add view class type. - template using ExtendedEdges = AllData>; + using FoldedPolynomials = AllData, PolynomialView>; // TODO(Cody): Just reuse ProverPolynomials? + // TODO(#390): Simplify this? + template + using ExtendedEdges = + AllData, sumcheck::Univariate>; - using PurportedEvaluations = AllData; + using PurportedEvaluations = AllData; - class CommitmentLabels : public AllData { + class CommitmentLabels : public AllData { public: // this does away with the ENUM_TO_COMM array while preserving the // transcript interface, which takes a string @@ -326,11 +329,11 @@ class Standard { }; }; - class VerifierCommitments : public AllData { + class VerifierCommitments : public AllData { public: VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) { - static_cast(transcript); + static_cast(transcript); // WORKTODO q_m = verification_key->q_m; q_l = verification_key->q_l; q_r = verification_key->q_r; @@ -481,7 +484,8 @@ class Ultra { using VerificationKey = BaseVerificationKey>; - template class AllData : public BaseAllData { + template + class AllData : public BaseAllData { public: DataType& q_c = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -531,8 +535,8 @@ class Ultra { DataType& z_perm_shift = std::get<45>(this->_data); DataType& z_lookup_shift = std::get<46>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_unshifted() override + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup, sigma_1, sigma_2, sigma_3, sigma_4, id_1, @@ -542,27 +546,30 @@ class Ultra { }; }; - std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; - std::vector get_shifted() override { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; + std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; + std::vector get_shifted() override + { + return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; + }; AllData() = default; AllData(const AllData& other) - : BaseAllData(other){}; + : BaseAllData(other){}; AllData(AllData&& other) - : BaseAllData(other){}; + : BaseAllData(other){}; // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } AllData& operator=(AllData&& other) { - BaseAllData::operator=(other); + BaseAllData::operator=(other); return *this; } @@ -572,20 +579,21 @@ class Ultra { // These are classes are views of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. - using ProverPolynomials = AllData; - using VerifierCommitments = AllData; + using ProverPolynomials = AllData; + using VerifierCommitments = AllData; - // WORKTODO: Handle univariates right - using FoldedPolynomials = AllData>; // WORKTODO add view class type. - template using ExtendedEdges = AllData>; + using FoldedPolynomials = AllData, PolynomialView>; // TODO(Cody): Just reuse ProverPolynomials? + template + using ExtendedEdges = + AllData, sumcheck::Univariate>; - class PurportedEvaluations : public AllData { + class PurportedEvaluations : public AllData { public: PurportedEvaluations() { this->_data = {}; } PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } }; - class CommitmentLabels : public AllData { + class CommitmentLabels : public AllData { public: // this does away with the ENUM_TO_COMM array while preserving the // transcript interface, which takes a string @@ -645,6 +653,13 @@ class Ultra { z_lookup_shift = "__Z_LOOKUP_SHIFT"; }; }; + + // class VerifierCommitments : public AllData { + // public: + // VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + // { + // } + // }; }; } // namespace proof_system::honk::flavor From 64836c8aa227aaff70a6c9b561e0bf4fbf5b17c9 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 04:13:53 +0000 Subject: [PATCH 087/119] Rename the base classes. --- .../proof_system/flavor/flavor.hpp | 85 ++++++++++--------- 1 file changed, 43 insertions(+), 42 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index bc206a87a4..c47c35f842 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -22,6 +22,7 @@ // WORKTODO: Selectors should come from arithmetization. // WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in // SumcheckOutput) +// TODO(Cody): Handle types. /** * WORKTODO: Outline what's going on here, explain the data model and how to think about these classes. * @@ -36,7 +37,7 @@ namespace proof_system::honk::flavor { * @tparam HandleType The type that will be used to * @tparam NUM_ENTITIES The size of the underlying array. */ -template class Data { +template class Data_ { public: using ArrayType = std::array; ArrayType _data; @@ -58,7 +59,7 @@ template class Dat }; template -class BasePrecomputedData : public Data { +class PrecomputedData_ : public Data_ { public: size_t circuit_size; size_t log_circuit_size; @@ -74,7 +75,7 @@ class BasePrecomputedData : public Data class BaseProvingKey : public PrecomputedData { +template class ProvingKey_ : public PrecomputedData { public: bool contains_recursive_proof; std::vector recursive_proof_public_input_indices; @@ -88,13 +89,13 @@ template class BaseProvingKey : public P * * @tparam PrecomputedData */ -template class BaseVerificationKey : public PrecomputedData { +template class VerificationKey_ : public PrecomputedData { public: std::shared_ptr vrs; }; template -class BaseAllData : public Data { +class AllData_ : public Data_ { public: virtual std::vector get_unshifted() = 0; virtual std::vector get_to_be_shifted() = 0; @@ -115,11 +116,11 @@ class Standard { using CircuitConstructor = StandardCircuitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; - using PolynomialView = std::span; // WORKTODO(Cody): rename + using PolynomialHandle = std::span; // WORKTODO(Cody): rename using G1 = barretenberg::g1; using GroupElement = G1::element; using Commitment = G1::affine_element; - using CommitmentView = G1::affine_element; // TODO(Cody): make a pointer? + using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; @@ -131,7 +132,7 @@ class Standard { // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. template - class PrecomputedData : public BasePrecomputedData { + class PrecomputedData : public PrecomputedData_ { public: DataType& q_m = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -162,7 +163,7 @@ class Standard { * @tparam HandleType */ template - class WitnessData : public Data { + class WitnessData : public Data_ { public: DataType& w_l = std::get<0>(this->_data); DataType& w_r = std::get<1>(this->_data); @@ -176,9 +177,9 @@ class Standard { // WORKTODO(luke): Proving key now stores all multivariate polynomials used by the prover. Is Pkey still the right // name? - class ProvingKey : public BaseProvingKey, FF> { + class ProvingKey : public ProvingKey_, FF> { public: - WitnessData _witness_data; // WORKTODO: name? + WitnessData _witness_data; // WORKTODO: name? Polynomial& w_l = _witness_data.w_l; Polynomial& w_r = _witness_data.w_r; @@ -208,10 +209,10 @@ class Standard { } }; - std::vector get_wires() { return _witness_data.get_wires(); }; + std::vector get_wires() { return _witness_data.get_wires(); }; }; - class VerificationKey : public BaseVerificationKey> { + class VerificationKey : public VerificationKey_> { public: VerificationKey() = default; VerificationKey(const size_t circuit_size, @@ -228,7 +229,7 @@ class Standard { }; template - class AllData : public BaseAllData { + class AllData : public AllData_ { public: DataType& q_c = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -264,33 +265,33 @@ class Standard { AllData() = default; AllData(const AllData& other) - : BaseAllData(other){}; + : AllData_(other){}; AllData(AllData&& other) - : BaseAllData(other){}; + : AllData_(other){}; // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - BaseAllData::operator=(other); + AllData_::operator=(other); return *this; } AllData& operator=(AllData&& other) { - BaseAllData::operator=(other); + AllData_::operator=(other); return *this; } AllData(std::array data_in) { this->_data = data_in; } }; - // These are classes are views of data living in different entities. They + // These collect lightweight handles of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. - using ProverPolynomials = AllData; + using ProverPolynomials = AllData; - using FoldedPolynomials = AllData, PolynomialView>; // TODO(Cody): Just reuse ProverPolynomials? + using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? // TODO(#390): Simplify this? template using ExtendedEdges = @@ -329,7 +330,7 @@ class Standard { }; }; - class VerifierCommitments : public AllData { + class VerifierCommitments : public AllData { public: VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) { @@ -356,11 +357,11 @@ class Ultra { using CircuitConstructor = UltraCircuitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; - using PolynomialView = std::span; + using PolynomialHandle = std::span; using G1 = barretenberg::g1; using GroupElement = G1::element; using Commitment = G1::affine_element; - using CommitmentView = G1::affine_element; // TODO(Cody): make a pointer? + using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; @@ -371,7 +372,7 @@ class Ultra { static constexpr size_t NUM_WITNESS_ENTITIES = 11; template - class PrecomputedData : public BasePrecomputedData { + class PrecomputedData : public PrecomputedData_ { public: DataType& q_m = std::get<0>(this->_data); DataType& q_c = std::get<1>(this->_data); @@ -413,7 +414,7 @@ class Ultra { // Container for all witness polys template - class WitnessData : public Data { + class WitnessData : public Data_ { public: DataType& w_l = std::get<0>(this->_data); DataType& w_r = std::get<1>(this->_data); @@ -433,9 +434,9 @@ class Ultra { virtual ~WitnessData() = default; }; - class ProvingKey : public BaseProvingKey, FF> { + class ProvingKey : public ProvingKey_, FF> { public: - WitnessData _witness_data; + WitnessData _witness_data; Polynomial& w_l = _witness_data.w_l; Polynomial& w_r = _witness_data.w_r; @@ -475,17 +476,17 @@ class Ultra { } }; - std::vector get_wires() { return _witness_data.get_wires(); }; + std::vector get_wires() { return _witness_data.get_wires(); }; // The plookup wires that store plookup read data. - std::array get_plookup_read_wires() { return { w_l, w_r, w_o }; }; + std::array get_plookup_read_wires() { return { w_l, w_r, w_o }; }; // The sorted concatenations of table and witness data needed for plookup. - std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; + std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; }; - using VerificationKey = BaseVerificationKey>; + using VerificationKey = VerificationKey_>; template - class AllData : public BaseAllData { + class AllData : public AllData_ { public: DataType& q_c = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -555,34 +556,34 @@ class Ultra { AllData() = default; AllData(const AllData& other) - : BaseAllData(other){}; + : AllData_(other){}; AllData(AllData&& other) - : BaseAllData(other){}; + : AllData_(other){}; // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { - BaseAllData::operator=(other); + AllData_::operator=(other); return *this; } AllData& operator=(AllData&& other) { - BaseAllData::operator=(other); + AllData_::operator=(other); return *this; } AllData(std::array data_in) { this->_data = data_in; } }; - // These are classes are views of data living in different entities. They + // These collect lightweight handles of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. - using ProverPolynomials = AllData; - using VerifierCommitments = AllData; + using ProverPolynomials = AllData; + using VerifierCommitments = AllData; - using FoldedPolynomials = AllData, PolynomialView>; // TODO(Cody): Just reuse ProverPolynomials? + using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? template using ExtendedEdges = AllData, sumcheck::Univariate>; @@ -654,7 +655,7 @@ class Ultra { }; }; - // class VerifierCommitments : public AllData { + // class VerifierCommitments : public AllData { // public: // VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) // { From a69185c77baa6e9fa6b755498d2986f1d9c913db Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 04:14:03 +0000 Subject: [PATCH 088/119] Straggler --- .../barretenberg/proof_system/composer/permutation_helper.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 05470d56fe..2c8b5c9b4c 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -232,7 +232,7 @@ PermutationMapping compute_permutation_mapping( */ template void compute_honk_style_permutation_lagrange_polynomials_from_mapping( - std::vector permutation_polynomials, // sigma or ID poly + std::vector permutation_polynomials, // sigma or ID poly std::array, Flavor::num_wires>& permutation_mappings, typename Flavor::ProvingKey* proving_key) { From 66ac270366586d605481066b25ced4bf69feb2aa Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 04:21:37 +0000 Subject: [PATCH 089/119] Some hierarchy simplifications. --- .../proof_system/flavor/flavor.hpp | 24 ++++--------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index c47c35f842..5b732635e4 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -21,6 +21,7 @@ // WORKTODO: Names of these classes // WORKTODO: Selectors should come from arithmetization. // WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in +// WORKTODO: privacy // SumcheckOutput) // TODO(Cody): Handle types. /** @@ -42,20 +43,13 @@ template class Dat using ArrayType = std::array; ArrayType _data; - // TODO(Cody): now it's safe to inherit from this... right? - // virtual ~Data() = default; - // Data() = default; - // // TODO(Cody): are these needed? - // Data(const Data&) = default; - // Data(Data&&) = default; - // Data& operator=(const Data&) = default; - // Data& operator=(Data&&) = default; + virtual ~Data_() = default; DataType& operator[](size_t idx) { return _data[idx]; }; typename ArrayType::iterator begin() { return _data.begin(); }; typename ArrayType::iterator end() { return _data.end(); }; - size_t size() { return _data.size(); }; // WORKTODO: constexpr + constexpr size_t size() { return NUM_ENTITIES; }; }; template @@ -66,8 +60,6 @@ class PrecomputedData_ : public Data_ get_selectors() = 0; virtual std::vector get_sigma_polynomials() = 0; virtual std::vector get_id_polynomials() = 0; @@ -116,7 +108,7 @@ class Standard { using CircuitConstructor = StandardCircuitConstructor; using FF = barretenberg::fr; using Polynomial = barretenberg::Polynomial; - using PolynomialHandle = std::span; // WORKTODO(Cody): rename + using PolynomialHandle = std::span; using G1 = barretenberg::g1; using GroupElement = G1::element; using Commitment = G1::affine_element; @@ -151,8 +143,6 @@ class Standard { std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; - - virtual ~PrecomputedData() = default; }; /** @@ -171,8 +161,6 @@ class Standard { DataType& z_perm = std::get<3>(this->_data); std::vector get_wires() { return { w_l, w_r, w_o }; }; - - virtual ~WitnessData() = default; }; // WORKTODO(luke): Proving key now stores all multivariate polynomials used by the prover. Is Pkey still the right @@ -408,8 +396,6 @@ class Ultra { std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; - - virtual ~PrecomputedData() = default; }; // Container for all witness polys @@ -430,8 +416,6 @@ class Ultra { std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; - - virtual ~WitnessData() = default; }; class ProvingKey : public ProvingKey_, FF> { From 87499ffe1db452cbe9da4433911b0ca6bb2a6dbb Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 14:55:44 +0000 Subject: [PATCH 090/119] Split flavor --- barretenberg.code-workspace | 4 + cpp/.clangd | 7 +- .../standard_honk_composer_helper.cpp | 13 +- .../standard_honk_composer_helper.hpp | 14 +- .../composer/standard_honk_composer.test.cpp | 1 - .../flavor/flavor.test.cpp | 2 +- cpp/src/barretenberg/honk/flavor/standard.hpp | 258 ++++++++ cpp/src/barretenberg/honk/flavor/ultra.hpp | 330 ++++++++++ .../honk/pcs/commitment_key.test.hpp | 1 - .../barretenberg/honk/proof_system/prover.cpp | 2 +- .../barretenberg/honk/proof_system/prover.hpp | 2 +- .../honk/proof_system/prover_library.cpp | 4 +- .../honk/proof_system/prover_library.test.cpp | 5 +- .../honk/proof_system/ultra_prover.hpp | 2 +- .../honk/proof_system/verifier.cpp | 2 +- .../honk/proof_system/verifier.hpp | 2 +- .../polynomials/multivariates.test.cpp | 2 +- .../relations/relation_consistency.test.cpp | 2 +- .../ultra_relation_consistency.test.cpp | 2 +- .../honk/sumcheck/sumcheck.test.cpp | 2 +- .../honk/sumcheck/sumcheck_round.hpp | 2 +- .../honk/sumcheck/sumcheck_round.test.cpp | 1 + .../honk/transcript/transcript.test.cpp | 2 +- .../standard_plonk_composer_helper.hpp | 2 +- .../turbo_plonk_composer_helper.hpp | 2 +- .../ultra_plonk_composer_helper.hpp | 1 + .../splitting_tmp/standard_plonk_composer.hpp | 1 - .../splitting_tmp/ultra_plonk_composer.hpp | 1 - cpp/src/barretenberg/plonk/flavor/flavor.hpp | 29 + .../composer/composer_helper_lib.test.cpp | 2 +- .../composer/permutation_helper.test.cpp | 2 +- .../proof_system/flavor/flavor.hpp | 595 +----------------- .../stdlib/primitives/field/field.test.cpp | 1 - 33 files changed, 678 insertions(+), 620 deletions(-) rename cpp/src/barretenberg/{proof_system => honk}/flavor/flavor.test.cpp (98%) create mode 100644 cpp/src/barretenberg/honk/flavor/standard.hpp create mode 100644 cpp/src/barretenberg/honk/flavor/ultra.hpp create mode 100644 cpp/src/barretenberg/plonk/flavor/flavor.hpp diff --git a/barretenberg.code-workspace b/barretenberg.code-workspace index c0737c9176..a95ef89173 100644 --- a/barretenberg.code-workspace +++ b/barretenberg.code-workspace @@ -84,6 +84,10 @@ // to the default value "clangd". // "clangd.path": "clangd-15", + // We should disable automatic inclusion of headers unless we decide to follow "WhyIWYU". + "clangd.arguments": [ + "-header-insertion=never" + ] // // CMake // diff --git a/cpp/.clangd b/cpp/.clangd index a082221eec..5e025df074 100644 --- a/cpp/.clangd +++ b/cpp/.clangd @@ -5,10 +5,11 @@ CompileFlags: # Tweak the parse settings If: PathMatch: [src/.*\.hpp, src/.*\.cpp, src/.*\.tcc] Diagnostics: - # Checks whether we are including unused header files + # Value Strict checks whether we are including unused header files # Note that some headers may be _implicitly_ used and still - # need to be included, so be careful before removing them. - UnusedIncludes: Strict + # need to be included. This is very noisy, and is probably best used + # by occasionally toggling it on. + UnusedIncludes: None # Static analysis configuration ClangTidy: diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp index cf0c931c06..1b8568779b 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp @@ -1,7 +1,6 @@ #include "standard_honk_composer_helper.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/honk/pcs/commitment_key.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" @@ -129,24 +128,24 @@ std::shared_ptr StandardHonkComposerHelp std::shared_ptr StandardHonkComposerHelper::compute_verification_key( const CircuitConstructor& circuit_constructor) { - if (circuit_verification_key) { - return circuit_verification_key; + if (verification_key) { + return verification_key; } if (!proving_key) { compute_proving_key(circuit_constructor); } - circuit_verification_key = + verification_key = StandardHonkComposerHelper::compute_verification_key_base(proving_key, crs_factory_->get_verifier_crs()); - circuit_verification_key->composer_type = proving_key->composer_type; + verification_key->composer_type = proving_key->composer_type; - return circuit_verification_key; + return verification_key; } StandardVerifier StandardHonkComposerHelper::create_verifier(const CircuitConstructor& circuit_constructor) { compute_verification_key(circuit_constructor); - StandardVerifier output_state(circuit_verification_key); + StandardVerifier output_state(verification_key); // TODO(Cody): This should be more generic auto kate_verification_key = std::make_unique("../srs_db/ignition"); diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index 9117ba33d6..bd6aa8fd0a 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -1,19 +1,15 @@ #pragma once -#include "barretenberg/polynomials/polynomial.hpp" +#include #include "barretenberg/srs/reference_string/file_reference_string.hpp" -#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/honk/proof_system/prover.hpp" #include "barretenberg/honk/proof_system/verifier.hpp" #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" -#include "barretenberg/honk/pcs/commitment_key.hpp" -#include "barretenberg/plonk/proof_system/verification_key/verification_key.hpp" #include "barretenberg/plonk/proof_system/verifier/verifier.hpp" -#include "barretenberg/proof_system/arithmetization/gate_data.hpp" #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/permutation_helper.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" -#include + +#include "barretenberg/honk/flavor/standard.hpp" namespace proof_system::honk { class StandardHonkComposerHelper { @@ -26,7 +22,7 @@ class StandardHonkComposerHelper { static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; std::shared_ptr proving_key; - std::shared_ptr circuit_verification_key; + std::shared_ptr verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all std::shared_ptr crs_factory_; @@ -45,7 +41,7 @@ class StandardHonkComposerHelper { {} StandardHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) : proving_key(std::move(p_key)) - , circuit_verification_key(std::move(v_key)) + , verification_key(std::move(v_key)) {} StandardHonkComposerHelper(StandardHonkComposerHelper&& other) noexcept = default; StandardHonkComposerHelper(const StandardHonkComposerHelper& other) = delete; diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 75e3ca98f8..705aac1d25 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -9,7 +9,6 @@ #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #pragma GCC diagnostic ignored "-Wunused-variable" #include "barretenberg/honk/utils/grand_product_delta.hpp" diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp b/cpp/src/barretenberg/honk/flavor/flavor.test.cpp similarity index 98% rename from cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp rename to cpp/src/barretenberg/honk/flavor/flavor.test.cpp index 50159e965c..110167c8a5 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/honk/flavor/flavor.test.cpp @@ -1,4 +1,4 @@ -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" #include diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp new file mode 100644 index 0000000000..bc05c15ce1 --- /dev/null +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -0,0 +1,258 @@ +#pragma once +#include +#include +#include +#include +#include +#include +#include "barretenberg/honk/pcs/commitment_key.hpp" +#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" +#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/honk/transcript/transcript.hpp" +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/polynomials/evaluation_domain.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" + +namespace proof_system::honk::flavor { + +class Standard { + public: + using CircuitConstructor = StandardCircuitConstructor; + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialHandle = std::span; + using G1 = barretenberg::g1; + using GroupElement = G1::element; + using Commitment = G1::affine_element; + using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? + using PCSParams = pcs::kzg::Params; + + static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_ALL_ENTITIES = 18; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; + // WORKTODO(luke): This number needs to be total witness polys not including shifts. + static constexpr size_t NUM_WITNESS_ENTITIES = 4; + + // TODO(Cody): Made this public derivation so that I could populate selector + // polys from circuit constructor. + template + class PrecomputedData : public PrecomputedData_ { + public: + DataType& q_m = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_c = std::get<4>(this->_data); + DataType& sigma_1 = std::get<5>(this->_data); + DataType& sigma_2 = std::get<6>(this->_data); + DataType& sigma_3 = std::get<7>(this->_data); + DataType& id_1 = std::get<8>(this->_data); + DataType& id_2 = std::get<9>(this->_data); + DataType& id_3 = std::get<10>(this->_data); + DataType& lagrange_first = std::get<11>(this->_data); + DataType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less + + std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; + }; + + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory + * + * @tparam T + * @tparam HandleType + */ + template + class WitnessData : public Data_ { + public: + DataType& w_l = std::get<0>(this->_data); + DataType& w_r = std::get<1>(this->_data); + DataType& w_o = std::get<2>(this->_data); + DataType& z_perm = std::get<3>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o }; }; + }; + + // WORKTODO(luke): Proving key now stores all multivariate polynomials used by the prover. Is Pkey still the right + // name? + class ProvingKey : public ProvingKey_, FF> { + public: + WitnessData _witness_data; // WORKTODO: name? + + Polynomial& w_l = _witness_data.w_l; + Polynomial& w_r = _witness_data.w_r; + Polynomial& w_o = _witness_data.w_o; + Polynomial& z_perm = _witness_data.z_perm; + + ProvingKey() = default; + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->composer_type = composer_type; + // Allocate memory for precomputed polynomials + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : this->_witness_data._data) { + poly = Polynomial(circuit_size); + } + }; + + std::vector get_wires() { return _witness_data.get_wires(); }; + }; + + class VerificationKey : public VerificationKey_> { + public: + VerificationKey() = default; + VerificationKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& vrs, + ComposerType composer_type) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->vrs = vrs; + this->composer_type = composer_type; + }; + }; + + template + class AllData : public AllData_ { + public: + DataType& q_c = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_m = std::get<4>(this->_data); + DataType& sigma_1 = std::get<5>(this->_data); + DataType& sigma_2 = std::get<6>(this->_data); + DataType& sigma_3 = std::get<7>(this->_data); + DataType& id_1 = std::get<8>(this->_data); + DataType& id_2 = std::get<9>(this->_data); + DataType& id_3 = std::get<10>(this->_data); + DataType& lagrange_first = std::get<11>(this->_data); + DataType& lagrange_last = std::get<12>(this->_data); + DataType& w_l = std::get<13>(this->_data); + DataType& w_r = std::get<14>(this->_data); + DataType& w_o = std::get<15>(this->_data); + DataType& z_perm = std::get<16>(this->_data); + DataType& z_perm_shift = std::get<17>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o }; }; + + std::vector get_unshifted() override + { // ...z_perm_shift is in here? + return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, + lagrange_last, w_l, w_r, w_o, z_perm }; + }; + + std::vector get_to_be_shifted() override { return { z_perm }; }; + + std::vector get_shifted() override { return { z_perm_shift }; }; + + AllData() = default; + + AllData(const AllData& other) + : AllData_(other){}; + + AllData(AllData&& other) + : AllData_(other){}; + + // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? + AllData& operator=(const AllData& other) + { + AllData_::operator=(other); + return *this; + } + + AllData& operator=(AllData&& other) + { + AllData_::operator=(other); + return *this; + } + + AllData(std::array data_in) { this->_data = data_in; } + }; + + // These collect lightweight handles of data living in different entities. They + // provide the utility of grouping these and ranged `for` loops over + // subsets. + using ProverPolynomials = AllData; + + using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? + // TODO(#390): Simplify this? + template + using ExtendedEdges = + AllData, sumcheck::Univariate>; + + using PurportedEvaluations = AllData; + + class CommitmentLabels : public AllData { + public: + // this does away with the ENUM_TO_COMM array while preserving the + // transcript interface, which takes a string + // note: we could consider "enriching" the transcript interface to not use + // strings in the future, but I leave it this way for simplicity + + CommitmentLabels() + { + w_l = "W_1"; + w_r = "W_2"; + w_o = "W_3"; + z_perm = "Z_PERM"; + // The ones beginning with "__" are only used for debugging + z_perm_shift = "__Z_PERM_SHIFT"; + q_m = "__Q_M"; + q_l = "__Q_L"; + q_r = "__Q_R"; + q_o = "__Q_O"; + q_c = "__Q_C"; + sigma_1 = "__SIGMA_1"; + sigma_2 = "__SIGMA_2"; + sigma_3 = "__SIGMA_3"; + id_1 = "__ID_1"; + id_2 = "__ID_2"; + id_3 = "__ID_3"; + lagrange_first = "__LAGRANGE_FIRST"; + lagrange_last = "__LAGRANGE_LAST"; + }; + }; + + class VerifierCommitments : public AllData { + public: + VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + { + static_cast(transcript); // WORKTODO + q_m = verification_key->q_m; + q_l = verification_key->q_l; + q_r = verification_key->q_r; + q_o = verification_key->q_o; + q_c = verification_key->q_c; + sigma_1 = verification_key->sigma_1; + sigma_2 = verification_key->sigma_2; + sigma_3 = verification_key->sigma_3; + id_1 = verification_key->id_1; + id_2 = verification_key->id_2; + id_3 = verification_key->id_3; + lagrange_first = verification_key->lagrange_first; + lagrange_last = verification_key->lagrange_last; + } + }; +}; + +} // namespace proof_system::honk::flavor diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp new file mode 100644 index 0000000000..a50118b361 --- /dev/null +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -0,0 +1,330 @@ +#pragma once +#include +#include +#include +#include +#include +#include +#include "barretenberg/honk/pcs/commitment_key.hpp" +#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" +#include "barretenberg/ecc/curves/bn254/g1.hpp" +#include "barretenberg/honk/transcript/transcript.hpp" +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/polynomials/evaluation_domain.hpp" +#include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" +#include "barretenberg/srs/reference_string/reference_string.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" + +namespace proof_system::honk::flavor { + +class Ultra { + public: + using CircuitConstructor = UltraCircuitConstructor; + using FF = barretenberg::fr; + using Polynomial = barretenberg::Polynomial; + using PolynomialHandle = std::span; + using G1 = barretenberg::g1; + using GroupElement = G1::element; + using Commitment = G1::affine_element; + using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? + using PCSParams = pcs::kzg::Params; + + static constexpr size_t num_wires = CircuitConstructor::num_wires; + // TODO(luke): sure would be nice if this was computed programtically + static constexpr size_t NUM_ALL_ENTITIES = 47; + // TODO(luke): what does this need to reflect? e.g. are shifts of precomputed polys counted here? + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; + static constexpr size_t NUM_WITNESS_ENTITIES = 11; + + template + class PrecomputedData : public PrecomputedData_ { + public: + DataType& q_m = std::get<0>(this->_data); + DataType& q_c = std::get<1>(this->_data); + DataType& q_l = std::get<2>(this->_data); + DataType& q_r = std::get<3>(this->_data); + DataType& q_o = std::get<4>(this->_data); + DataType& q_4 = std::get<5>(this->_data); + DataType& q_arith = std::get<6>(this->_data); + DataType& q_sort = std::get<7>(this->_data); + DataType& q_elliptic = std::get<8>(this->_data); + DataType& q_aux = std::get<9>(this->_data); + DataType& q_lookup = std::get<10>(this->_data); + DataType& sigma_1 = std::get<11>(this->_data); + DataType& sigma_2 = std::get<12>(this->_data); + DataType& sigma_3 = std::get<13>(this->_data); + DataType& sigma_4 = std::get<14>(this->_data); + DataType& id_1 = std::get<15>(this->_data); + DataType& id_2 = std::get<16>(this->_data); + DataType& id_3 = std::get<17>(this->_data); + DataType& id_4 = std::get<18>(this->_data); + DataType& table_1 = std::get<19>(this->_data); + DataType& table_2 = std::get<20>(this->_data); + DataType& table_3 = std::get<21>(this->_data); + DataType& table_4 = std::get<22>(this->_data); + DataType& lagrange_first = std::get<23>(this->_data); + DataType& lagrange_last = std::get<24>(this->_data); + + std::vector get_selectors() // WORKTODO: make these arrays? + { + // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; + return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; + }; + std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; + std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; + }; + + // Container for all witness polys + template + class WitnessData : public Data_ { + public: + DataType& w_l = std::get<0>(this->_data); + DataType& w_r = std::get<1>(this->_data); + DataType& w_o = std::get<2>(this->_data); + DataType& w_4 = std::get<3>(this->_data); + DataType& sorted_1 = std::get<4>(this->_data); + DataType& sorted_2 = std::get<5>(this->_data); + DataType& sorted_3 = std::get<6>(this->_data); + DataType& sorted_4 = std::get<7>(this->_data); + DataType& sorted_accum = std::get<8>(this->_data); + DataType& z_perm = std::get<9>(this->_data); + DataType& z_lookup = std::get<10>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; + }; + + class ProvingKey : public ProvingKey_, FF> { + public: + WitnessData _witness_data; + + Polynomial& w_l = _witness_data.w_l; + Polynomial& w_r = _witness_data.w_r; + Polynomial& w_o = _witness_data.w_o; + Polynomial& w_4 = _witness_data.w_4; + Polynomial& sorted_1 = _witness_data.sorted_1; + Polynomial& sorted_2 = _witness_data.sorted_2; + Polynomial& sorted_3 = _witness_data.sorted_3; + Polynomial& sorted_4 = _witness_data.sorted_4; + Polynomial& sorted_accum = _witness_data.sorted_accum; + Polynomial& z_perm = _witness_data.z_perm; + Polynomial& z_lookup = _witness_data.z_lookup; + + std::vector memory_read_records; + std::vector memory_write_records; + + ProvingKey() = default; + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->composer_type = composer_type; + // Allocate memory for precomputed polynomials + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : this->_witness_data._data) { + poly = Polynomial(circuit_size); + } + }; + + std::vector get_wires() { return _witness_data.get_wires(); }; + // The plookup wires that store plookup read data. + std::array get_plookup_read_wires() { return { w_l, w_r, w_o }; }; + // The sorted concatenations of table and witness data needed for plookup. + std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; + }; + + using VerificationKey = VerificationKey_>; + + template + class AllData : public AllData_ { + public: + DataType& q_c = std::get<0>(this->_data); + DataType& q_l = std::get<1>(this->_data); + DataType& q_r = std::get<2>(this->_data); + DataType& q_o = std::get<3>(this->_data); + DataType& q_4 = std::get<4>(this->_data); + DataType& q_m = std::get<5>(this->_data); + DataType& q_arith = std::get<6>(this->_data); + DataType& q_sort = std::get<7>(this->_data); + DataType& q_elliptic = std::get<8>(this->_data); + DataType& q_aux = std::get<9>(this->_data); + DataType& q_lookup = std::get<10>(this->_data); + DataType& sigma_1 = std::get<11>(this->_data); + DataType& sigma_2 = std::get<12>(this->_data); + DataType& sigma_3 = std::get<13>(this->_data); + DataType& sigma_4 = std::get<14>(this->_data); + DataType& id_1 = std::get<15>(this->_data); + DataType& id_2 = std::get<16>(this->_data); + DataType& id_3 = std::get<17>(this->_data); + DataType& id_4 = std::get<18>(this->_data); + DataType& table_1 = std::get<19>(this->_data); + DataType& table_2 = std::get<20>(this->_data); + DataType& table_3 = std::get<21>(this->_data); + DataType& table_4 = std::get<22>(this->_data); + DataType& lagrange_first = std::get<23>(this->_data); + DataType& lagrange_last = std::get<24>(this->_data); + DataType& w_l = std::get<25>(this->_data); + DataType& w_r = std::get<26>(this->_data); + DataType& w_o = std::get<27>(this->_data); + DataType& w_4 = std::get<28>(this->_data); + DataType& sorted_1 = std::get<29>(this->_data); + DataType& sorted_2 = std::get<30>(this->_data); + DataType& sorted_3 = std::get<31>(this->_data); + DataType& sorted_4 = std::get<32>(this->_data); + DataType& sorted_accum = std::get<33>(this->_data); + DataType& z_perm = std::get<34>(this->_data); + DataType& z_lookup = std::get<35>(this->_data); + DataType& table_1_shift = std::get<36>(this->_data); + DataType& table_2_shift = std::get<37>(this->_data); + DataType& table_3_shift = std::get<38>(this->_data); + DataType& table_4_shift = std::get<39>(this->_data); + DataType& w_l_shift = std::get<40>(this->_data); + DataType& w_r_shift = std::get<41>(this->_data); + DataType& w_o_shift = std::get<42>(this->_data); + DataType& w_4_shift = std::get<43>(this->_data); + DataType& sorted_accum_shift = std::get<44>(this->_data); + DataType& z_perm_shift = std::get<45>(this->_data); + DataType& z_lookup_shift = std::get<46>(this->_data); + + std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_unshifted() override + { + return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, + q_elliptic, q_aux, q_lookup, sigma_1, sigma_2, sigma_3, sigma_4, id_1, + id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, + lagrange_last, w_l, w_r, w_o, w_4, sorted_1, sorted_2, sorted_3, + sorted_4, z_perm, z_lookup + + }; + }; + std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; + std::vector get_shifted() override + { + return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; + }; + + AllData() = default; + + AllData(const AllData& other) + : AllData_(other){}; + + AllData(AllData&& other) + : AllData_(other){}; + + // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? + AllData& operator=(const AllData& other) + { + AllData_::operator=(other); + return *this; + } + + AllData& operator=(AllData&& other) + { + AllData_::operator=(other); + return *this; + } + + AllData(std::array data_in) { this->_data = data_in; } + }; + + // These collect lightweight handles of data living in different entities. They + // provide the utility of grouping these and ranged `for` loops over + // subsets. + using ProverPolynomials = AllData; + using VerifierCommitments = AllData; + + using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? + template + using ExtendedEdges = + AllData, sumcheck::Univariate>; + + class PurportedEvaluations : public AllData { + public: + PurportedEvaluations() { this->_data = {}; } + PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } + }; + + class CommitmentLabels : public AllData { + public: + // this does away with the ENUM_TO_COMM array while preserving the + // transcript interface, which takes a string + // note: we could consider "enriching" the transcript interface to not use + // strings in the future, but I leave it this way for simplicity + + CommitmentLabels() + { + w_l = "W_L"; + w_r = "W_R"; + w_o = "W_O"; + w_4 = "W_4"; + z_perm = "Z_PERM"; + z_lookup = "Z_LOOKUP"; + + // The ones beginning with "__" are only used for debugging + q_c = "__Q_C"; + q_l = "__Q_L"; + q_r = "__Q_R"; + q_o = "__Q_O"; + q_4 = "__Q_4"; + q_m = "__Q_M"; + q_arith = "__Q_ARITH"; + q_sort = "__Q_SORT"; + q_elliptic = "__Q_ELLIPTIC"; + q_aux = "__Q_AUX"; + q_lookup = "__Q_LOOKUP"; + sigma_1 = "__SIGMA_1"; + sigma_2 = "__SIGMA_2"; + sigma_3 = "__SIGMA_3"; + sigma_4 = "__SIGMA_4"; + id_1 = "__ID_1"; + id_2 = "__ID_2"; + id_3 = "__ID_3"; + id_4 = "__ID_4"; + table_1 = "__TABLE_1"; + table_2 = "__TABLE_2"; + table_3 = "__TABLE_3"; + table_4 = "__TABLE_4"; + lagrange_first = "__LAGRANGE_FIRST"; + lagrange_last = "__LAGRANGE_LAST"; + sorted_1 = "__SORTED_1"; + sorted_2 = "__SORTED_2"; + sorted_3 = "__SORTED_3"; + sorted_4 = "__SORTED_4"; + sorted_accum = "__SORTED_ACCUM"; + table_1_shift = "__TABLE_1_SHIFT"; + table_2_shift = "__TABLE_2_SHIFT"; + table_3_shift = "__TABLE_3_SHIFT"; + table_4_shift = "__TABLE_4_SHIFT"; + w_l_shift = "__W_L_SHIFT"; + w_r_shift = "__W_R_SHIFT"; + w_o_shift = "__W_O_SHIFT"; + w_4_shift = "__W_4_SHIFT"; + sorted_accum_shift = "__SORTED_ACCUM_SHIFT"; + z_perm_shift = "__Z_PERM_SHIFT"; + z_lookup_shift = "__Z_LOOKUP_SHIFT"; + }; + }; + + // class VerifierCommitments : public AllData { + // public: + // VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + // { + // } + // }; +}; + +} // namespace proof_system::honk::flavor diff --git a/cpp/src/barretenberg/honk/pcs/commitment_key.test.hpp b/cpp/src/barretenberg/honk/pcs/commitment_key.test.hpp index 0676a2631f..991bc98386 100644 --- a/cpp/src/barretenberg/honk/pcs/commitment_key.test.hpp +++ b/cpp/src/barretenberg/honk/pcs/commitment_key.test.hpp @@ -14,7 +14,6 @@ #include "../oracle/oracle.hpp" #include "../../transcript/transcript_wrappers.hpp" -#include "../../proof_system/flavor/flavor.hpp" #include "claim.hpp" #include "commitment_key.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index a4ed77aab3..a697626032 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -6,7 +6,7 @@ #include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp" #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" namespace proof_system::honk { diff --git a/cpp/src/barretenberg/honk/proof_system/prover.hpp b/cpp/src/barretenberg/honk/proof_system/prover.hpp index 8c093769dd..7c7d1d0bb8 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.hpp @@ -9,7 +9,7 @@ #include "barretenberg/honk/sumcheck/sumcheck_output.hpp" #include "barretenberg/honk/proof_system/prover_library.hpp" #include "barretenberg/honk/proof_system/work_queue.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" namespace proof_system::honk { diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 121058f77f..3e31edcecf 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -1,6 +1,6 @@ #include "prover_library.hpp" -#include "barretenberg/plonk/proof_system/types/prover_settings.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" +#include "barretenberg/honk/flavor/ultra.hpp" #include #include diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index 23cd08867c..dc31dc612f 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -1,5 +1,6 @@ -#include "barretenberg/plonk/proof_system/types/prover_settings.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" + +#include "barretenberg/honk/flavor/standard.hpp" +#include "barretenberg/honk/flavor/ultra.hpp" #include "prover.hpp" #include "prover_library.hpp" #include "barretenberg/polynomials/polynomial.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index 8d96a6724e..e481fe99fe 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -2,7 +2,7 @@ #include "barretenberg/honk/proof_system/work_queue.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/ultra.hpp" namespace proof_system::honk { diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 058d156186..82bd2a5f11 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -1,7 +1,7 @@ #include "./verifier.hpp" #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp" #include "barretenberg/honk/utils/power_polynomial.hpp" #include "barretenberg/honk/sumcheck/relations/arithmetic_relation.hpp" diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.hpp b/cpp/src/barretenberg/honk/proof_system/verifier.hpp index 4e4cd0dd0f..c62f4c3a27 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.hpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.hpp @@ -1,5 +1,5 @@ #pragma once -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/plonk/proof_system/types/proof.hpp" #include "barretenberg/honk/sumcheck/sumcheck.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp b/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp index 697ca053ac..3e40df0113 100644 --- a/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/polynomials/multivariates.test.cpp @@ -5,7 +5,7 @@ #include #include "barretenberg/honk/transcript/transcript.hpp" #include "barretenberg/numeric/random/engine.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" using namespace proof_system::honk::sumcheck; namespace test_sumcheck_polynomials { diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp index 655c8c1de8..be3cce9708 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_consistency.test.cpp @@ -1,7 +1,7 @@ #include "barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include "relation.hpp" #include "arithmetic_relation.hpp" #include "grand_product_initialization_relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index c35be90b01..9d2a1e512d 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -1,7 +1,7 @@ #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/honk/sumcheck/relations/ultra_arithmetic_relation_secondary.hpp" #include "barretenberg/honk/sumcheck/relations/lookup_grand_product_relation.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/ultra.hpp" #include "relation.hpp" #include "arithmetic_relation.hpp" #include "grand_product_initialization_relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp index 57c1885b51..bae0506199 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.test.cpp @@ -1,6 +1,6 @@ #include "sumcheck.hpp" #include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include "barretenberg/transcript/transcript_wrappers.hpp" #include "relations/arithmetic_relation.hpp" #include "relations/grand_product_computation_relation.hpp" diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp index c50b22bf4b..0aea53047f 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.hpp @@ -7,7 +7,7 @@ #include "polynomials/univariate.hpp" #include "polynomials/pow.hpp" #include "relations/relation.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/ultra.hpp" // WORKTOO namespace proof_system::honk::sumcheck { diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp index 0964a01987..97fefa6a48 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_round.test.cpp @@ -5,6 +5,7 @@ #include "polynomials/univariate.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" #include "barretenberg/numeric/random/engine.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include diff --git a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp index e8769cc3af..b0d46c74a3 100644 --- a/cpp/src/barretenberg/honk/transcript/transcript.test.cpp +++ b/cpp/src/barretenberg/honk/transcript/transcript.test.cpp @@ -3,7 +3,7 @@ #include "barretenberg/honk/composer/standard_honk_composer.hpp" #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/honk/flavor/standard.hpp" #include #include #include diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp index bd3b517f4b..3c54be288c 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/standard_plonk_composer_helper.hpp @@ -1,6 +1,6 @@ #pragma once -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/plonk/flavor/flavor.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp index 189ba02cbf..de35b01e80 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/turbo_plonk_composer_helper.hpp @@ -1,6 +1,6 @@ #pragma once -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/plonk/flavor/flavor.hpp" #include "barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp index d5b78bf01f..8a0c086972 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/ultra_plonk_composer_helper.hpp @@ -1,5 +1,6 @@ #pragma once +#include "barretenberg/plonk/flavor/flavor.hpp" #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp index 29d3bdff03..9dc96d2e2f 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/standard_plonk_composer.hpp @@ -4,7 +4,6 @@ #include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/file_reference_string.hpp" #include "barretenberg/transcript/manifest.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/proof_system/types/merkle_hash_type.hpp" #include "barretenberg/proof_system/types/pedersen_commitment_type.hpp" diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp index 5dc74a8e0e..35a5a22bbd 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/ultra_plonk_composer.hpp @@ -1,5 +1,4 @@ #pragma once -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "barretenberg/plonk/composer/composer_base.hpp" #include "barretenberg/plonk/composer/plookup_tables/plookup_tables.hpp" #include "barretenberg/plonk/proof_system/prover/prover.hpp" diff --git a/cpp/src/barretenberg/plonk/flavor/flavor.hpp b/cpp/src/barretenberg/plonk/flavor/flavor.hpp new file mode 100644 index 0000000000..0ce0219e27 --- /dev/null +++ b/cpp/src/barretenberg/plonk/flavor/flavor.hpp @@ -0,0 +1,29 @@ +#pragma once +#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" +#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" + +namespace proof_system::plonk::flavor { +class Standard { + public: + using CircuitConstructor = proof_system::StandardCircuitConstructor; + using ProvingKey = plonk::proving_key; + static constexpr size_t num_wires = CircuitConstructor::num_wires; +}; + +class Turbo { + public: + using CircuitConstructor = proof_system::TurboCircuitConstructor; + using ProvingKey = plonk::proving_key; + static constexpr size_t num_wires = CircuitConstructor::num_wires; +}; + +class Ultra { + public: + using CircuitConstructor = proof_system::UltraCircuitConstructor; + using ProvingKey = plonk::proving_key; + static constexpr size_t num_wires = CircuitConstructor::num_wires; +}; +} // namespace proof_system::plonk::flavor \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp index 2a77de0456..720705b7f0 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.test.cpp @@ -1,6 +1,6 @@ #include #include -#include "barretenberg/proof_system/flavor/flavor.hpp" // TODO: needed? +#include "barretenberg/honk/flavor/standard.hpp" // TODO: needed? #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 6228dddfad..75be6f5df9 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -1,6 +1,6 @@ #include #include -#include "barretenberg/proof_system/flavor/flavor.hpp" // TODO: needed? +#include "barretenberg/honk/flavor/standard.hpp" // TODO: needed? #include "barretenberg/proof_system/composer/composer_helper_lib.hpp" #include "barretenberg/proof_system/composer/permutation_helper.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 5b732635e4..b019cae428 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -1,22 +1,10 @@ #pragma once #include #include -#include -#include -#include #include -#include "barretenberg/honk/pcs/commitment_key.hpp" -#include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" -#include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "barretenberg/honk/transcript/transcript.hpp" -#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" -#include "barretenberg/polynomials/evaluation_domain.hpp" -#include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" -#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" -#include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/polynomials/evaluation_domain.hpp" +#include "barretenberg/proof_system/types/composer_type.hpp" // WORKTODO: Names of these classes // WORKTODO: Selectors should come from arithmetization. @@ -72,7 +60,7 @@ template class ProvingKey_ : public Prec bool contains_recursive_proof; std::vector recursive_proof_public_input_indices; std::shared_ptr crs; - EvaluationDomain evaluation_domain; + barretenberg::EvaluationDomain evaluation_domain; }; /** @@ -103,574 +91,29 @@ class AllData_ : public Data_ { }; }; -class Standard { - public: - using CircuitConstructor = StandardCircuitConstructor; - using FF = barretenberg::fr; - using Polynomial = barretenberg::Polynomial; - using PolynomialHandle = std::span; - using G1 = barretenberg::g1; - using GroupElement = G1::element; - using Commitment = G1::affine_element; - using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? - using PCSParams = pcs::kzg::Params; - - static constexpr size_t num_wires = CircuitConstructor::num_wires; - static constexpr size_t NUM_ALL_ENTITIES = 18; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - // WORKTODO(luke): This number needs to be total witness polys not including shifts. - static constexpr size_t NUM_WITNESS_ENTITIES = 4; - - // TODO(Cody): Made this public derivation so that I could populate selector - // polys from circuit constructor. - template - class PrecomputedData : public PrecomputedData_ { - public: - DataType& q_m = std::get<0>(this->_data); - DataType& q_l = std::get<1>(this->_data); - DataType& q_r = std::get<2>(this->_data); - DataType& q_o = std::get<3>(this->_data); - DataType& q_c = std::get<4>(this->_data); - DataType& sigma_1 = std::get<5>(this->_data); - DataType& sigma_2 = std::get<6>(this->_data); - DataType& sigma_3 = std::get<7>(this->_data); - DataType& id_1 = std::get<8>(this->_data); - DataType& id_2 = std::get<9>(this->_data); - DataType& id_3 = std::get<10>(this->_data); - DataType& lagrange_first = std::get<11>(this->_data); - DataType& lagrange_last = std::get<12>(this->_data); // = LAGRANGE_N-1 whithout ZK, but can be less - - std::vector get_selectors() override { return { q_m, q_l, q_r, q_o, q_c }; }; - std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3 }; }; - std::vector get_id_polynomials() override { return { id_1, id_2, id_3 }; }; - }; - - /** - * @brief Container for all witness polynomials used/constructed by the prover. - * @details Shifts are not included here since they do not occupy their own memory - * - * @tparam T - * @tparam HandleType - */ - template - class WitnessData : public Data_ { - public: - DataType& w_l = std::get<0>(this->_data); - DataType& w_r = std::get<1>(this->_data); - DataType& w_o = std::get<2>(this->_data); - DataType& z_perm = std::get<3>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o }; }; - }; - - // WORKTODO(luke): Proving key now stores all multivariate polynomials used by the prover. Is Pkey still the right - // name? - class ProvingKey : public ProvingKey_, FF> { - public: - WitnessData _witness_data; // WORKTODO: name? - - Polynomial& w_l = _witness_data.w_l; - Polynomial& w_r = _witness_data.w_r; - Polynomial& w_o = _witness_data.w_o; - Polynomial& z_perm = _witness_data.z_perm; - - ProvingKey() = default; - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - { - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); - - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->composer_type = composer_type; - // Allocate memory for precomputed polynomials - for (auto& poly : this->_data) { - poly = Polynomial(circuit_size); - } - // Allocate memory for witness polynomials - for (auto& poly : this->_witness_data._data) { - poly = Polynomial(circuit_size); - } - }; - - std::vector get_wires() { return _witness_data.get_wires(); }; - }; - - class VerificationKey : public VerificationKey_> { - public: - VerificationKey() = default; - VerificationKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& vrs, - ComposerType composer_type) - { - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->vrs = vrs; - this->composer_type = composer_type; - }; - }; - - template - class AllData : public AllData_ { - public: - DataType& q_c = std::get<0>(this->_data); - DataType& q_l = std::get<1>(this->_data); - DataType& q_r = std::get<2>(this->_data); - DataType& q_o = std::get<3>(this->_data); - DataType& q_m = std::get<4>(this->_data); - DataType& sigma_1 = std::get<5>(this->_data); - DataType& sigma_2 = std::get<6>(this->_data); - DataType& sigma_3 = std::get<7>(this->_data); - DataType& id_1 = std::get<8>(this->_data); - DataType& id_2 = std::get<9>(this->_data); - DataType& id_3 = std::get<10>(this->_data); - DataType& lagrange_first = std::get<11>(this->_data); - DataType& lagrange_last = std::get<12>(this->_data); - DataType& w_l = std::get<13>(this->_data); - DataType& w_r = std::get<14>(this->_data); - DataType& w_o = std::get<15>(this->_data); - DataType& z_perm = std::get<16>(this->_data); - DataType& z_perm_shift = std::get<17>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o }; }; - - std::vector get_unshifted() override - { // ...z_perm_shift is in here? - return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, - lagrange_last, w_l, w_r, w_o, z_perm }; - }; - - std::vector get_to_be_shifted() override { return { z_perm }; }; - - std::vector get_shifted() override { return { z_perm_shift }; }; - - AllData() = default; - - AllData(const AllData& other) - : AllData_(other){}; - - AllData(AllData&& other) - : AllData_(other){}; - - // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? - AllData& operator=(const AllData& other) - { - AllData_::operator=(other); - return *this; - } - - AllData& operator=(AllData&& other) - { - AllData_::operator=(other); - return *this; - } - - AllData(std::array data_in) { this->_data = data_in; } - }; - - // These collect lightweight handles of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over - // subsets. - using ProverPolynomials = AllData; - - using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? - // TODO(#390): Simplify this? - template - using ExtendedEdges = - AllData, sumcheck::Univariate>; - - using PurportedEvaluations = AllData; - - class CommitmentLabels : public AllData { - public: - // this does away with the ENUM_TO_COMM array while preserving the - // transcript interface, which takes a string - // note: we could consider "enriching" the transcript interface to not use - // strings in the future, but I leave it this way for simplicity - - CommitmentLabels() - { - w_l = "W_1"; - w_r = "W_2"; - w_o = "W_3"; - z_perm = "Z_PERM"; - // The ones beginning with "__" are only used for debugging - z_perm_shift = "__Z_PERM_SHIFT"; - q_m = "__Q_M"; - q_l = "__Q_L"; - q_r = "__Q_R"; - q_o = "__Q_O"; - q_c = "__Q_C"; - sigma_1 = "__SIGMA_1"; - sigma_2 = "__SIGMA_2"; - sigma_3 = "__SIGMA_3"; - id_1 = "__ID_1"; - id_2 = "__ID_2"; - id_3 = "__ID_3"; - lagrange_first = "__LAGRANGE_FIRST"; - lagrange_last = "__LAGRANGE_LAST"; - }; - }; - - class VerifierCommitments : public AllData { - public: - VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) - { - static_cast(transcript); // WORKTODO - q_m = verification_key->q_m; - q_l = verification_key->q_l; - q_r = verification_key->q_r; - q_o = verification_key->q_o; - q_c = verification_key->q_c; - sigma_1 = verification_key->sigma_1; - sigma_2 = verification_key->sigma_2; - sigma_3 = verification_key->sigma_3; - id_1 = verification_key->id_1; - id_2 = verification_key->id_2; - id_3 = verification_key->id_3; - lagrange_first = verification_key->lagrange_first; - lagrange_last = verification_key->lagrange_last; - } - }; -}; - -class Ultra { - public: - using CircuitConstructor = UltraCircuitConstructor; - using FF = barretenberg::fr; - using Polynomial = barretenberg::Polynomial; - using PolynomialHandle = std::span; - using G1 = barretenberg::g1; - using GroupElement = G1::element; - using Commitment = G1::affine_element; - using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? - using PCSParams = pcs::kzg::Params; - - static constexpr size_t num_wires = CircuitConstructor::num_wires; - // TODO(luke): sure would be nice if this was computed programtically - static constexpr size_t NUM_ALL_ENTITIES = 47; - // TODO(luke): what does this need to reflect? e.g. are shifts of precomputed polys counted here? - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; - static constexpr size_t NUM_WITNESS_ENTITIES = 11; - - template - class PrecomputedData : public PrecomputedData_ { - public: - DataType& q_m = std::get<0>(this->_data); - DataType& q_c = std::get<1>(this->_data); - DataType& q_l = std::get<2>(this->_data); - DataType& q_r = std::get<3>(this->_data); - DataType& q_o = std::get<4>(this->_data); - DataType& q_4 = std::get<5>(this->_data); - DataType& q_arith = std::get<6>(this->_data); - DataType& q_sort = std::get<7>(this->_data); - DataType& q_elliptic = std::get<8>(this->_data); - DataType& q_aux = std::get<9>(this->_data); - DataType& q_lookup = std::get<10>(this->_data); - DataType& sigma_1 = std::get<11>(this->_data); - DataType& sigma_2 = std::get<12>(this->_data); - DataType& sigma_3 = std::get<13>(this->_data); - DataType& sigma_4 = std::get<14>(this->_data); - DataType& id_1 = std::get<15>(this->_data); - DataType& id_2 = std::get<16>(this->_data); - DataType& id_3 = std::get<17>(this->_data); - DataType& id_4 = std::get<18>(this->_data); - DataType& table_1 = std::get<19>(this->_data); - DataType& table_2 = std::get<20>(this->_data); - DataType& table_3 = std::get<21>(this->_data); - DataType& table_4 = std::get<22>(this->_data); - DataType& lagrange_first = std::get<23>(this->_data); - DataType& lagrange_last = std::get<24>(this->_data); - - std::vector get_selectors() // WORKTODO: make these arrays? - { - // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; - return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; - }; - std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; - std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; - std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; - }; - - // Container for all witness polys - template - class WitnessData : public Data_ { - public: - DataType& w_l = std::get<0>(this->_data); - DataType& w_r = std::get<1>(this->_data); - DataType& w_o = std::get<2>(this->_data); - DataType& w_4 = std::get<3>(this->_data); - DataType& sorted_1 = std::get<4>(this->_data); - DataType& sorted_2 = std::get<5>(this->_data); - DataType& sorted_3 = std::get<6>(this->_data); - DataType& sorted_4 = std::get<7>(this->_data); - DataType& sorted_accum = std::get<8>(this->_data); - DataType& z_perm = std::get<9>(this->_data); - DataType& z_lookup = std::get<10>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; - }; - - class ProvingKey : public ProvingKey_, FF> { - public: - WitnessData _witness_data; - - Polynomial& w_l = _witness_data.w_l; - Polynomial& w_r = _witness_data.w_r; - Polynomial& w_o = _witness_data.w_o; - Polynomial& w_4 = _witness_data.w_4; - Polynomial& sorted_1 = _witness_data.sorted_1; - Polynomial& sorted_2 = _witness_data.sorted_2; - Polynomial& sorted_3 = _witness_data.sorted_3; - Polynomial& sorted_4 = _witness_data.sorted_4; - Polynomial& sorted_accum = _witness_data.sorted_accum; - Polynomial& z_perm = _witness_data.z_perm; - Polynomial& z_lookup = _witness_data.z_lookup; - - std::vector memory_read_records; - std::vector memory_write_records; - - ProvingKey() = default; - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - { - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); - - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->composer_type = composer_type; - // Allocate memory for precomputed polynomials - for (auto& poly : this->_data) { - poly = Polynomial(circuit_size); - } - // Allocate memory for witness polynomials - for (auto& poly : this->_witness_data._data) { - poly = Polynomial(circuit_size); - } - }; - - std::vector get_wires() { return _witness_data.get_wires(); }; - // The plookup wires that store plookup read data. - std::array get_plookup_read_wires() { return { w_l, w_r, w_o }; }; - // The sorted concatenations of table and witness data needed for plookup. - std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; - }; - - using VerificationKey = VerificationKey_>; - - template - class AllData : public AllData_ { - public: - DataType& q_c = std::get<0>(this->_data); - DataType& q_l = std::get<1>(this->_data); - DataType& q_r = std::get<2>(this->_data); - DataType& q_o = std::get<3>(this->_data); - DataType& q_4 = std::get<4>(this->_data); - DataType& q_m = std::get<5>(this->_data); - DataType& q_arith = std::get<6>(this->_data); - DataType& q_sort = std::get<7>(this->_data); - DataType& q_elliptic = std::get<8>(this->_data); - DataType& q_aux = std::get<9>(this->_data); - DataType& q_lookup = std::get<10>(this->_data); - DataType& sigma_1 = std::get<11>(this->_data); - DataType& sigma_2 = std::get<12>(this->_data); - DataType& sigma_3 = std::get<13>(this->_data); - DataType& sigma_4 = std::get<14>(this->_data); - DataType& id_1 = std::get<15>(this->_data); - DataType& id_2 = std::get<16>(this->_data); - DataType& id_3 = std::get<17>(this->_data); - DataType& id_4 = std::get<18>(this->_data); - DataType& table_1 = std::get<19>(this->_data); - DataType& table_2 = std::get<20>(this->_data); - DataType& table_3 = std::get<21>(this->_data); - DataType& table_4 = std::get<22>(this->_data); - DataType& lagrange_first = std::get<23>(this->_data); - DataType& lagrange_last = std::get<24>(this->_data); - DataType& w_l = std::get<25>(this->_data); - DataType& w_r = std::get<26>(this->_data); - DataType& w_o = std::get<27>(this->_data); - DataType& w_4 = std::get<28>(this->_data); - DataType& sorted_1 = std::get<29>(this->_data); - DataType& sorted_2 = std::get<30>(this->_data); - DataType& sorted_3 = std::get<31>(this->_data); - DataType& sorted_4 = std::get<32>(this->_data); - DataType& sorted_accum = std::get<33>(this->_data); - DataType& z_perm = std::get<34>(this->_data); - DataType& z_lookup = std::get<35>(this->_data); - DataType& table_1_shift = std::get<36>(this->_data); - DataType& table_2_shift = std::get<37>(this->_data); - DataType& table_3_shift = std::get<38>(this->_data); - DataType& table_4_shift = std::get<39>(this->_data); - DataType& w_l_shift = std::get<40>(this->_data); - DataType& w_r_shift = std::get<41>(this->_data); - DataType& w_o_shift = std::get<42>(this->_data); - DataType& w_4_shift = std::get<43>(this->_data); - DataType& sorted_accum_shift = std::get<44>(this->_data); - DataType& z_perm_shift = std::get<45>(this->_data); - DataType& z_lookup_shift = std::get<46>(this->_data); - - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; - std::vector get_unshifted() override - { - return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, - q_elliptic, q_aux, q_lookup, sigma_1, sigma_2, sigma_3, sigma_4, id_1, - id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, - lagrange_last, w_l, w_r, w_o, w_4, sorted_1, sorted_2, sorted_3, - sorted_4, z_perm, z_lookup - - }; - }; - std::vector get_to_be_shifted() override { return { w_l, w_4, z_perm, z_lookup }; }; - std::vector get_shifted() override - { - return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; - }; - - AllData() = default; - - AllData(const AllData& other) - : AllData_(other){}; - - AllData(AllData&& other) - : AllData_(other){}; - - // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? - AllData& operator=(const AllData& other) - { - AllData_::operator=(other); - return *this; - } - - AllData& operator=(AllData&& other) - { - AllData_::operator=(other); - return *this; - } - - AllData(std::array data_in) { this->_data = data_in; } - }; - - // These collect lightweight handles of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over - // subsets. - using ProverPolynomials = AllData; - using VerifierCommitments = AllData; - - using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? - template - using ExtendedEdges = - AllData, sumcheck::Univariate>; - - class PurportedEvaluations : public AllData { - public: - PurportedEvaluations() { this->_data = {}; } - PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } - }; - - class CommitmentLabels : public AllData { - public: - // this does away with the ENUM_TO_COMM array while preserving the - // transcript interface, which takes a string - // note: we could consider "enriching" the transcript interface to not use - // strings in the future, but I leave it this way for simplicity - - CommitmentLabels() - { - w_l = "W_L"; - w_r = "W_R"; - w_o = "W_O"; - w_4 = "W_4"; - z_perm = "Z_PERM"; - z_lookup = "Z_LOOKUP"; - - // The ones beginning with "__" are only used for debugging - q_c = "__Q_C"; - q_l = "__Q_L"; - q_r = "__Q_R"; - q_o = "__Q_O"; - q_4 = "__Q_4"; - q_m = "__Q_M"; - q_arith = "__Q_ARITH"; - q_sort = "__Q_SORT"; - q_elliptic = "__Q_ELLIPTIC"; - q_aux = "__Q_AUX"; - q_lookup = "__Q_LOOKUP"; - sigma_1 = "__SIGMA_1"; - sigma_2 = "__SIGMA_2"; - sigma_3 = "__SIGMA_3"; - sigma_4 = "__SIGMA_4"; - id_1 = "__ID_1"; - id_2 = "__ID_2"; - id_3 = "__ID_3"; - id_4 = "__ID_4"; - table_1 = "__TABLE_1"; - table_2 = "__TABLE_2"; - table_3 = "__TABLE_3"; - table_4 = "__TABLE_4"; - lagrange_first = "__LAGRANGE_FIRST"; - lagrange_last = "__LAGRANGE_LAST"; - sorted_1 = "__SORTED_1"; - sorted_2 = "__SORTED_2"; - sorted_3 = "__SORTED_3"; - sorted_4 = "__SORTED_4"; - sorted_accum = "__SORTED_ACCUM"; - table_1_shift = "__TABLE_1_SHIFT"; - table_2_shift = "__TABLE_2_SHIFT"; - table_3_shift = "__TABLE_3_SHIFT"; - table_4_shift = "__TABLE_4_SHIFT"; - w_l_shift = "__W_L_SHIFT"; - w_r_shift = "__W_R_SHIFT"; - w_o_shift = "__W_O_SHIFT"; - w_4_shift = "__W_4_SHIFT"; - sorted_accum_shift = "__SORTED_ACCUM_SHIFT"; - z_perm_shift = "__Z_PERM_SHIFT"; - z_lookup_shift = "__Z_LOOKUP_SHIFT"; - }; - }; - - // class VerifierCommitments : public AllData { - // public: - // VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) - // { - // } - // }; -}; +} // namespace proof_system::honk::flavor +// Forward declare honk flavors +namespace proof_system::honk::flavor { +class Standard; +class Ultra; } // namespace proof_system::honk::flavor +// Forward declare plonk flavors namespace proof_system::plonk::flavor { -struct Standard { - using CircuitConstructor = proof_system::StandardCircuitConstructor; - using ProvingKey = plonk::proving_key; - static constexpr size_t num_wires = CircuitConstructor::num_wires; -}; - -struct Turbo { - using CircuitConstructor = proof_system::TurboCircuitConstructor; - using ProvingKey = plonk::proving_key; - static constexpr size_t num_wires = CircuitConstructor::num_wires; -}; - -struct Ultra { - using CircuitConstructor = proof_system::UltraCircuitConstructor; - using ProvingKey = plonk::proving_key; - static constexpr size_t num_wires = CircuitConstructor::num_wires; -}; +class Standard; +class Turbo; +class Ultra; } // namespace proof_system::plonk::flavor +// Establish concepts for testing flavor attributes namespace proof_system { - +/** + * @brief Test whether a type T lies in a list of types ...U. + * + * @tparam T The type being tested + * @tparam U A parameter pack of types being checked against T. + */ template concept IsAnyOf = (std::same_as || ...); template diff --git a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp index eea4c675c4..b8280e3298 100644 --- a/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp +++ b/cpp/src/barretenberg/stdlib/primitives/field/field.test.cpp @@ -1,5 +1,4 @@ #include "../bool/bool.hpp" -#include "barretenberg/proof_system/flavor/flavor.hpp" #include "field.hpp" #include "array.hpp" #include "barretenberg/plonk/proof_system/constants.hpp" From 372f14b8cfef9f43601e3ebb2b0927c37af7320f Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 14:57:49 +0000 Subject: [PATCH 091/119] Less verbose name --- .../ultra_honk_composer_helper.cpp | 86 +++++++++---------- .../ultra_honk_composer_helper.hpp | 8 +- 2 files changed, 47 insertions(+), 47 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 9d10497b9c..8d8ed33aa6 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -47,10 +47,10 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr auto wire_polynomials = construct_wire_polynomials_base(circuit_constructor, total_num_gates, NUM_RANDOMIZED_GATES); - circuit_proving_key->w_l = wire_polynomials[0]; - circuit_proving_key->w_r = wire_polynomials[1]; - circuit_proving_key->w_o = wire_polynomials[2]; - circuit_proving_key->w_4 = wire_polynomials[3]; + proving_key->w_l = wire_polynomials[0]; + proving_key->w_r = wire_polynomials[1]; + proving_key->w_o = wire_polynomials[2]; + proving_key->w_4 = wire_polynomials[3]; polynomial s_1(subgroup_size); polynomial s_2(subgroup_size); @@ -129,10 +129,10 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need // to see what becomes of the proving key before making a decision here. // WORKTODO: resolve this? - circuit_proving_key->sorted_1 = s_1; - circuit_proving_key->sorted_2 = s_2; - circuit_proving_key->sorted_3 = s_3; - circuit_proving_key->sorted_4 = s_4; + proving_key->sorted_1 = s_1; + proving_key->sorted_2 = s_2; + proving_key->sorted_3 = s_3; + proving_key->sorted_4 = s_4; computed_witness = true; } @@ -144,7 +144,7 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_c compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); - UltraProver output_state(circuit_proving_key); + UltraProver output_state(proving_key); return output_state; } @@ -160,7 +160,7 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_c // { // auto verification_key = compute_verification_key(circuit_constructor); -// plonk::UltraVerifier output_state(circuit_verification_key, +// plonk::UltraVerifier output_state(verification_key, // create_manifest(circuit_constructor.public_inputs.size())); // std::unique_ptr> kate_commitment_scheme = @@ -174,8 +174,8 @@ UltraProver UltraHonkComposerHelper::create_prover(CircuitConstructor& circuit_c std::shared_ptr UltraHonkComposerHelper::compute_proving_key( const CircuitConstructor& circuit_constructor) { - if (circuit_proving_key) { - return circuit_proving_key; + if (proving_key) { + return proving_key; } size_t tables_size = 0; @@ -187,22 +187,22 @@ std::shared_ptr UltraHonkComposerHe const size_t minimum_circuit_size = tables_size + lookups_size; const size_t num_randomized_gates = NUM_RANDOMIZED_GATES; - // Initialize circuit_proving_key + // Initialize proving_key // TODO(#392)(Kesha): replace composer types. - circuit_proving_key = initialize_proving_key( + proving_key = initialize_proving_key( circuit_constructor, crs_factory_.get(), minimum_circuit_size, num_randomized_gates, ComposerType::PLOOKUP); - construct_selector_polynomials(circuit_constructor, circuit_proving_key.get()); + construct_selector_polynomials(circuit_constructor, proving_key.get()); // TODO(#217)(luke): Naively enforcing non-zero selectors for Honk will result in some relations not being // satisfied. - // enforce_nonzero_polynomial_selectors(circuit_constructor, circuit_proving_key.get()); + // enforce_nonzero_polynomial_selectors(circuit_constructor, proving_key.get()); - compute_honk_generalized_sigma_permutations(circuit_constructor, circuit_proving_key.get()); + compute_honk_generalized_sigma_permutations(circuit_constructor, proving_key.get()); - compute_first_and_last_lagrange_polynomials(circuit_proving_key.get()); + compute_first_and_last_lagrange_polynomials(proving_key.get()); - const size_t subgroup_size = circuit_proving_key->circuit_size; + const size_t subgroup_size = proving_key->circuit_size; polynomial poly_q_table_column_1(subgroup_size); polynomial poly_q_table_column_2(subgroup_size); @@ -275,10 +275,10 @@ std::shared_ptr UltraHonkComposerHe // poly_q_table_column_3[subgroup_size - 1] = ++unique_last_value; // poly_q_table_column_4[subgroup_size - 1] = ++unique_last_value; - circuit_proving_key->table_1 = poly_q_table_column_1; - circuit_proving_key->table_2 = poly_q_table_column_2; - circuit_proving_key->table_3 = poly_q_table_column_3; - circuit_proving_key->table_4 = poly_q_table_column_4; + proving_key->table_1 = poly_q_table_column_1; + proving_key->table_2 = poly_q_table_column_2; + proving_key->table_3 = poly_q_table_column_3; + proving_key->table_4 = poly_q_table_column_4; // Copy memory read/write record data into proving key. Prover needs to know which gates contain a read/write // 'record' witness on the 4th wire. This wire value can only be fully computed once the first 3 wire polynomials @@ -286,17 +286,17 @@ std::shared_ptr UltraHonkComposerHe // using the plookup challenge `eta` std::copy(circuit_constructor.memory_read_records.begin(), circuit_constructor.memory_read_records.end(), - std::back_inserter(circuit_proving_key->memory_read_records)); + std::back_inserter(proving_key->memory_read_records)); std::copy(circuit_constructor.memory_write_records.begin(), circuit_constructor.memory_write_records.end(), - std::back_inserter(circuit_proving_key->memory_write_records)); + std::back_inserter(proving_key->memory_write_records)); - circuit_proving_key->recursive_proof_public_input_indices = + proving_key->recursive_proof_public_input_indices = std::vector(recursive_proof_public_input_indices.begin(), recursive_proof_public_input_indices.end()); - circuit_proving_key->contains_recursive_proof = contains_recursive_proof; + proving_key->contains_recursive_proof = contains_recursive_proof; - return circuit_proving_key; + return proving_key; } // /** @@ -307,42 +307,42 @@ std::shared_ptr UltraHonkComposerHe // std::shared_ptr UltraHonkComposerHelper::compute_verification_key( // const CircuitConstructor& circuit_constructor) // { -// if (circuit_verification_key) { -// return circuit_verification_key; +// if (verification_key) { +// return verification_key; // } -// if (!circuit_proving_key) { +// if (!proving_key) { // compute_proving_key(circuit_constructor); // } -// circuit_verification_key = compute_verification_key_common(circuit_proving_key, +// verification_key = compute_verification_key_common(proving_key, // crs_factory_->get_verifier_crs()); -// circuit_verification_key->composer_type = type; // Invariably plookup for this class. +// verification_key->composer_type = type; // Invariably plookup for this class. // // See `add_recusrive_proof()` for how this recursive data is assigned. -// circuit_verification_key->recursive_proof_public_input_indices = +// verification_key->recursive_proof_public_input_indices = // std::vector(recursive_proof_public_input_indices.begin(), // recursive_proof_public_input_indices.end()); -// circuit_verification_key->contains_recursive_proof = contains_recursive_proof; +// verification_key->contains_recursive_proof = contains_recursive_proof; -// return circuit_verification_key; +// return verification_key; // } // void UltraHonkComposerHelper::add_table_column_selector_poly_to_proving_key( // polynomial& selector_poly_lagrange_form, const std::string& tag) // { -// polynomial selector_poly_lagrange_form_copy(selector_poly_lagrange_form, circuit_proving_key->small_domain.size); +// polynomial selector_poly_lagrange_form_copy(selector_poly_lagrange_form, proving_key->small_domain.size); -// selector_poly_lagrange_form.ifft(circuit_proving_key->small_domain); +// selector_poly_lagrange_form.ifft(proving_key->small_domain); // auto& selector_poly_coeff_form = selector_poly_lagrange_form; -// polynomial selector_poly_coset_form(selector_poly_coeff_form, circuit_proving_key->circuit_size * 4); -// selector_poly_coset_form.coset_fft(circuit_proving_key->large_domain); +// polynomial selector_poly_coset_form(selector_poly_coeff_form, proving_key->circuit_size * 4); +// selector_poly_coset_form.coset_fft(proving_key->large_domain); -// circuit_proving_key->polynomial_store.put(tag, std::move(selector_poly_coeff_form)); -// circuit_proving_key->polynomial_store.put(tag + "_lagrange", std::move(selector_poly_lagrange_form_copy)); -// circuit_proving_key->polynomial_store.put(tag + "_fft", std::move(selector_poly_coset_form)); +// proving_key->polynomial_store.put(tag, std::move(selector_poly_coeff_form)); +// proving_key->polynomial_store.put(tag + "_lagrange", std::move(selector_poly_lagrange_form_copy)); +// proving_key->polynomial_store.put(tag + "_fft", std::move(selector_poly_coset_form)); // } } // namespace proof_system::honk diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 58edf60a51..3929625e8d 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -27,8 +27,8 @@ class UltraHonkComposerHelper { // simultaneously here and in the other split composers. static constexpr size_t NUM_RANDOMIZED_GATES = 4; // equal to the number of multilinear evaluations leaked static constexpr size_t num_wires = CircuitConstructor::num_wires; - std::shared_ptr circuit_proving_key; - std::shared_ptr circuit_verification_key; + std::shared_ptr proving_key; + std::shared_ptr verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs // at all std::shared_ptr crs_factory_; @@ -48,8 +48,8 @@ class UltraHonkComposerHelper { {} UltraHonkComposerHelper(std::shared_ptr p_key, std::shared_ptr v_key) - : circuit_proving_key(std::move(p_key)) - , circuit_verification_key(std::move(v_key)) + : proving_key(std::move(p_key)) + , verification_key(std::move(v_key)) {} UltraHonkComposerHelper(UltraHonkComposerHelper&& other) noexcept = default; From df37f582353a12c26ec5fa50f4baa58a8512d4ba Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 18:35:43 +0000 Subject: [PATCH 092/119] Comments and clarity. --- .../composer_helper/ultra_honk_composer_helper.cpp | 3 --- cpp/src/barretenberg/honk/flavor/standard.hpp | 11 +++++------ cpp/src/barretenberg/honk/flavor/ultra.hpp | 4 ++-- .../barretenberg/honk/proof_system/prover_library.cpp | 2 +- .../circuit_constructors/circuit_constructor_base.hpp | 4 +++- .../proof_system/composer/composer_helper_lib.hpp | 1 + .../proof_system/composer/permutation_helper.hpp | 3 +-- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 7 +++---- 8 files changed, 16 insertions(+), 19 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp index 8d8ed33aa6..72ed55ba93 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.cpp @@ -9,7 +9,6 @@ namespace proof_system::honk { /** * @brief Compute witness polynomials * - * WORKTODO Put sorted witness polynomials in pk? */ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constructor) { @@ -127,8 +126,6 @@ void UltraHonkComposerHelper::compute_witness(CircuitConstructor& circuit_constr ++count; } - // TODO(luke): Adding these to the key for now but this is inconsistent since these are 'witness' polys. Need - // to see what becomes of the proving key before making a decision here. // WORKTODO: resolve this? proving_key->sorted_1 = s_1; proving_key->sorted_2 = s_2; proving_key->sorted_3 = s_3; diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index bc05c15ce1..88436cead7 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -33,7 +33,7 @@ class Standard { static constexpr size_t num_wires = CircuitConstructor::num_wires; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; - // WORKTODO(luke): This number needs to be total witness polys not including shifts. + // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 4; // TODO(Cody): Made this public derivation so that I could populate selector @@ -78,11 +78,9 @@ class Standard { std::vector get_wires() { return { w_l, w_r, w_o }; }; }; - // WORKTODO(luke): Proving key now stores all multivariate polynomials used by the prover. Is Pkey still the right - // name? class ProvingKey : public ProvingKey_, FF> { public: - WitnessData _witness_data; // WORKTODO: name? + WitnessData _witness_data; Polynomial& w_l = _witness_data.w_l; Polynomial& w_r = _witness_data.w_r; @@ -115,6 +113,7 @@ class Standard { std::vector get_wires() { return _witness_data.get_wires(); }; }; + // WORKTODO: verifiercircuitdata class VerificationKey : public VerificationKey_> { public: VerificationKey() = default; @@ -173,7 +172,6 @@ class Standard { AllData(AllData&& other) : AllData_(other){}; - // WORKTODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllData& operator=(const AllData& other) { AllData_::operator=(other); @@ -194,7 +192,7 @@ class Standard { // subsets. using ProverPolynomials = AllData; - using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? + using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(#394): use Polynomial class. // TODO(#390): Simplify this? template using ExtendedEdges = @@ -233,6 +231,7 @@ class Standard { }; }; + // WORKTODO: this should not be an alldata class VerifierCommitments : public AllData { public: VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index a50118b361..cfd9880f8e 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -68,7 +68,7 @@ class Ultra { DataType& lagrange_first = std::get<23>(this->_data); DataType& lagrange_last = std::get<24>(this->_data); - std::vector get_selectors() // WORKTODO: make these arrays? + std::vector get_selectors() // TODO(#395): return arrays? { // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; @@ -142,7 +142,7 @@ class Ultra { std::vector get_wires() { return _witness_data.get_wires(); }; // The plookup wires that store plookup read data. - std::array get_plookup_read_wires() { return { w_l, w_r, w_o }; }; + std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; // The sorted concatenations of table and witness data needed for plookup. std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; }; diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 3e31edcecf..be8944794f 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -211,7 +211,7 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptr, 3> wires = key->get_plookup_read_wires(); + std::array, 3> wires = key->get_table_column_wires(); // Note: the number of table polys is related to program width but '4' is the only value supported std::array, 4> tables{ diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 7d370413cc..6b770c74f3 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -17,7 +17,9 @@ template class CircuitConstructorBase { static constexpr size_t program_width = Arithmetization::num_wires; static constexpr size_t num_selectors = Arithmetization::num_selectors; - std::vector selector_names_; // WORKTODO: These are plonk-only and could go in the plonk flavor. + // TODO(Cody): These are plonk-specific and could be specified in the plonk flavors. + // Also, theere is loose coupling with the vectors of SelectorProperties + std::vector selector_names_; size_t num_gates = 0; std::array, num_wires> wires; diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index 077a30505f..fa31ee8a1f 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -63,6 +63,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c if constexpr (IsHonkFlavor) { proving_key->_data[selector_idx] = selector_poly_lagrange; } else if constexpr (IsPlonkFlavor) { + // TODO(Cody): Loose coupling here of selector_names and selector_properties. proving_key->polynomial_store.put(circuit_constructor.selector_names_[selector_idx] + "_lagrange", std::move(selector_poly_lagrange)); } diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 2c8b5c9b4c..0cb669323c 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -143,8 +143,7 @@ PermutationMapping compute_permutation_mapping( PermutationMapping mapping; // Initialize the table of permutations so that every element points to itself - // TODO(Cody): Loose coupling here - for (size_t i = 0; i < Flavor::num_wires; ++i) { + for (size_t i = 0; i < Flavor::num_wires; ++i) { // TODO(#391) zip and split mapping.sigmas[i].reserve(proving_key->circuit_size); if constexpr (generalized) { mapping.ids[i].reserve(proving_key->circuit_size); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index b019cae428..6fc72cb643 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -7,11 +7,10 @@ #include "barretenberg/proof_system/types/composer_type.hpp" // WORKTODO: Names of these classes -// WORKTODO: Selectors should come from arithmetization. // WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in -// WORKTODO: privacy -// SumcheckOutput) -// TODO(Cody): Handle types. +// TODO(#396): Access specifiers +// TODO(#397): Handle types. +// TODO(#398): Selectors should come from arithmetization. /** * WORKTODO: Outline what's going on here, explain the data model and how to think about these classes. * From 859e5dd51b1fae5a170695c38c6b94976839bb4a Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 18:53:41 +0000 Subject: [PATCH 093/119] Rename "data" to "entities" --- cpp/src/barretenberg/honk/flavor/standard.hpp | 48 +++++++++---------- cpp/src/barretenberg/honk/flavor/ultra.hpp | 47 +++++++++--------- .../proof_system/flavor/flavor.hpp | 14 +++--- 3 files changed, 55 insertions(+), 54 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 88436cead7..990fa9fbdb 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -27,7 +27,7 @@ class Standard { using G1 = barretenberg::g1; using GroupElement = G1::element; using Commitment = G1::affine_element; - using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? + using CommitmentHandle = G1::affine_element; using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; @@ -39,7 +39,7 @@ class Standard { // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. template - class PrecomputedData : public PrecomputedData_ { + class PrecomputedEntities : public PrecomputedEntities_ { public: DataType& q_m = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -68,7 +68,7 @@ class Standard { * @tparam HandleType */ template - class WitnessData : public Data_ { + class WitnessEntities : public Entities_ { public: DataType& w_l = std::get<0>(this->_data); DataType& w_r = std::get<1>(this->_data); @@ -78,9 +78,9 @@ class Standard { std::vector get_wires() { return { w_l, w_r, w_o }; }; }; - class ProvingKey : public ProvingKey_, FF> { + class ProvingKey : public ProvingKey_, FF> { public: - WitnessData _witness_data; + WitnessEntities _witness_data; Polynomial& w_l = _witness_data.w_l; Polynomial& w_r = _witness_data.w_r; @@ -114,7 +114,7 @@ class Standard { }; // WORKTODO: verifiercircuitdata - class VerificationKey : public VerificationKey_> { + class VerificationKey : public VerificationKey_> { public: VerificationKey() = default; VerificationKey(const size_t circuit_size, @@ -131,7 +131,7 @@ class Standard { }; template - class AllData : public AllData_ { + class AllEntities : public AllEntities_ { public: DataType& q_c = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -164,43 +164,43 @@ class Standard { std::vector get_shifted() override { return { z_perm_shift }; }; - AllData() = default; + AllEntities() = default; - AllData(const AllData& other) - : AllData_(other){}; + AllEntities(const AllEntities& other) + : AllEntities_(other){}; - AllData(AllData&& other) - : AllData_(other){}; + AllEntities(AllEntities&& other) + : AllEntities_(other){}; - AllData& operator=(const AllData& other) + AllEntities& operator=(const AllEntities& other) { - AllData_::operator=(other); + AllEntities_::operator=(other); return *this; } - AllData& operator=(AllData&& other) + AllEntities& operator=(AllEntities&& other) { - AllData_::operator=(other); + AllEntities_::operator=(other); return *this; } - AllData(std::array data_in) { this->_data = data_in; } + AllEntities(std::array data_in) { this->_data = data_in; } }; // These collect lightweight handles of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. - using ProverPolynomials = AllData; + using ProverPolynomials = AllEntities; - using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(#394): use Polynomial class. + using FoldedPolynomials = AllEntities, PolynomialHandle>; // TODO(#394): use Polynomial class. // TODO(#390): Simplify this? template using ExtendedEdges = - AllData, sumcheck::Univariate>; + AllEntities, sumcheck::Univariate>; - using PurportedEvaluations = AllData; + using PurportedEvaluations = AllEntities; - class CommitmentLabels : public AllData { + class CommitmentLabels : public AllEntities { public: // this does away with the ENUM_TO_COMM array while preserving the // transcript interface, which takes a string @@ -231,8 +231,8 @@ class Standard { }; }; - // WORKTODO: this should not be an alldata - class VerifierCommitments : public AllData { + // WORKTODO: this should not be an allEntities + class VerifierCommitments : public AllEntities { public: VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) { diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index cfd9880f8e..283f9442fb 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -40,7 +40,7 @@ class Ultra { static constexpr size_t NUM_WITNESS_ENTITIES = 11; template - class PrecomputedData : public PrecomputedData_ { + class PrecomputedEntities : public PrecomputedEntities_ { public: DataType& q_m = std::get<0>(this->_data); DataType& q_c = std::get<1>(this->_data); @@ -80,7 +80,7 @@ class Ultra { // Container for all witness polys template - class WitnessData : public Data_ { + class WitnessEntities : public Entities_ { public: DataType& w_l = std::get<0>(this->_data); DataType& w_r = std::get<1>(this->_data); @@ -98,9 +98,9 @@ class Ultra { std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; }; - class ProvingKey : public ProvingKey_, FF> { + class ProvingKey : public ProvingKey_, FF> { public: - WitnessData _witness_data; + WitnessEntities _witness_data; Polynomial& w_l = _witness_data.w_l; Polynomial& w_r = _witness_data.w_r; @@ -147,10 +147,10 @@ class Ultra { std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; }; - using VerificationKey = VerificationKey_>; + using VerificationKey = VerificationKey_>; template - class AllData : public AllData_ { + class AllEntities : public AllEntities_ { public: DataType& q_c = std::get<0>(this->_data); DataType& q_l = std::get<1>(this->_data); @@ -217,48 +217,49 @@ class Ultra { return { w_l_shift, w_4_shift, z_perm_shift, z_lookup_shift }; }; - AllData() = default; + AllEntities() = default; - AllData(const AllData& other) - : AllData_(other){}; + AllEntities(const AllEntities& other) + : AllEntities_(other){}; - AllData(AllData&& other) - : AllData_(other){}; + AllEntities(AllEntities&& other) + : AllEntities_(other){}; // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? - AllData& operator=(const AllData& other) + AllEntities& operator=(const AllEntities& other) { - AllData_::operator=(other); + AllEntities_::operator=(other); return *this; } - AllData& operator=(AllData&& other) + AllEntities& operator=(AllEntities&& other) { - AllData_::operator=(other); + AllEntities_::operator=(other); return *this; } - AllData(std::array data_in) { this->_data = data_in; } + AllEntities(std::array data_in) { this->_data = data_in; } }; // These collect lightweight handles of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. - using ProverPolynomials = AllData; - using VerifierCommitments = AllData; + using ProverPolynomials = AllEntities; + using VerifierCommitments = AllEntities; - using FoldedPolynomials = AllData, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? + using FoldedPolynomials = + AllEntities, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? template using ExtendedEdges = - AllData, sumcheck::Univariate>; + AllEntities, sumcheck::Univariate>; - class PurportedEvaluations : public AllData { + class PurportedEvaluations : public AllEntities { public: PurportedEvaluations() { this->_data = {}; } PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } }; - class CommitmentLabels : public AllData { + class CommitmentLabels : public AllEntities { public: // this does away with the ENUM_TO_COMM array while preserving the // transcript interface, which takes a string @@ -319,7 +320,7 @@ class Ultra { }; }; - // class VerifierCommitments : public AllData { + // class VerifierCommitments : public AllEntities { // public: // VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) // { diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 6fc72cb643..3dd0c98e7f 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -25,12 +25,12 @@ namespace proof_system::honk::flavor { * @tparam HandleType The type that will be used to * @tparam NUM_ENTITIES The size of the underlying array. */ -template class Data_ { +template class Entities_ { public: using ArrayType = std::array; ArrayType _data; - virtual ~Data_() = default; + virtual ~Entities_() = default; DataType& operator[](size_t idx) { return _data[idx]; }; typename ArrayType::iterator begin() { return _data.begin(); }; @@ -40,7 +40,7 @@ template class Dat }; template -class PrecomputedData_ : public Data_ { +class PrecomputedEntities_ : public Entities_ { public: size_t circuit_size; size_t log_circuit_size; @@ -54,7 +54,7 @@ class PrecomputedData_ : public Data_ class ProvingKey_ : public PrecomputedData { +template class ProvingKey_ : public PrecomputedEntities { public: bool contains_recursive_proof; std::vector recursive_proof_public_input_indices; @@ -66,15 +66,15 @@ template class ProvingKey_ : public Prec * @brief Collect all entities (really, views of these) from the protocol in one place. * @details No need for a distinction between storage and view classes here. * - * @tparam PrecomputedData + * @tparam PrecomputedEntities */ -template class VerificationKey_ : public PrecomputedData { +template class VerificationKey_ : public PrecomputedEntities { public: std::shared_ptr vrs; }; template -class AllData_ : public Data_ { +class AllEntities_ : public Entities_ { public: virtual std::vector get_unshifted() = 0; virtual std::vector get_to_be_shifted() = 0; From 2bdacb7ab7897d7f0ab06747041680a2a0ada8a4 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 19:07:10 +0000 Subject: [PATCH 094/119] Use access specifiers in flavors. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 106 ++++++++--------- cpp/src/barretenberg/honk/flavor/ultra.hpp | 107 +++++++++--------- 2 files changed, 108 insertions(+), 105 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 990fa9fbdb..63a224f983 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -36,6 +36,7 @@ class Standard { // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 4; + private: // TODO(Cody): Made this public derivation so that I could populate selector // polys from circuit constructor. template @@ -78,58 +79,6 @@ class Standard { std::vector get_wires() { return { w_l, w_r, w_o }; }; }; - class ProvingKey : public ProvingKey_, FF> { - public: - WitnessEntities _witness_data; - - Polynomial& w_l = _witness_data.w_l; - Polynomial& w_r = _witness_data.w_r; - Polynomial& w_o = _witness_data.w_o; - Polynomial& z_perm = _witness_data.z_perm; - - ProvingKey() = default; - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - { - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); - - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->composer_type = composer_type; - // Allocate memory for precomputed polynomials - for (auto& poly : this->_data) { - poly = Polynomial(circuit_size); - } - // Allocate memory for witness polynomials - for (auto& poly : this->_witness_data._data) { - poly = Polynomial(circuit_size); - } - }; - - std::vector get_wires() { return _witness_data.get_wires(); }; - }; - - // WORKTODO: verifiercircuitdata - class VerificationKey : public VerificationKey_> { - public: - VerificationKey() = default; - VerificationKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& vrs, - ComposerType composer_type) - { - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->vrs = vrs; - this->composer_type = composer_type; - }; - }; - template class AllEntities : public AllEntities_ { public: @@ -187,6 +136,59 @@ class Standard { AllEntities(std::array data_in) { this->_data = data_in; } }; + public: + class ProvingKey : public ProvingKey_, FF> { + public: + WitnessEntities _witness_data; + + Polynomial& w_l = _witness_data.w_l; + Polynomial& w_r = _witness_data.w_r; + Polynomial& w_o = _witness_data.w_o; + Polynomial& z_perm = _witness_data.z_perm; + + ProvingKey() = default; + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->composer_type = composer_type; + // Allocate memory for precomputed polynomials + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : this->_witness_data._data) { + poly = Polynomial(circuit_size); + } + }; + + std::vector get_wires() { return _witness_data.get_wires(); }; + }; + + // WORKTODO: verifiercircuitdata + class VerificationKey : public VerificationKey_> { + public: + VerificationKey() = default; + VerificationKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& vrs, + ComposerType composer_type) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->vrs = vrs; + this->composer_type = composer_type; + }; + }; + // These collect lightweight handles of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 283f9442fb..a8bb1d9023 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -33,12 +33,12 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; - // TODO(luke): sure would be nice if this was computed programtically static constexpr size_t NUM_ALL_ENTITIES = 47; - // TODO(luke): what does this need to reflect? e.g. are shifts of precomputed polys counted here? static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; + // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 11; + private: template class PrecomputedEntities : public PrecomputedEntities_ { public: @@ -98,57 +98,6 @@ class Ultra { std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; }; - class ProvingKey : public ProvingKey_, FF> { - public: - WitnessEntities _witness_data; - - Polynomial& w_l = _witness_data.w_l; - Polynomial& w_r = _witness_data.w_r; - Polynomial& w_o = _witness_data.w_o; - Polynomial& w_4 = _witness_data.w_4; - Polynomial& sorted_1 = _witness_data.sorted_1; - Polynomial& sorted_2 = _witness_data.sorted_2; - Polynomial& sorted_3 = _witness_data.sorted_3; - Polynomial& sorted_4 = _witness_data.sorted_4; - Polynomial& sorted_accum = _witness_data.sorted_accum; - Polynomial& z_perm = _witness_data.z_perm; - Polynomial& z_lookup = _witness_data.z_lookup; - - std::vector memory_read_records; - std::vector memory_write_records; - - ProvingKey() = default; - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - { - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); - - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->composer_type = composer_type; - // Allocate memory for precomputed polynomials - for (auto& poly : this->_data) { - poly = Polynomial(circuit_size); - } - // Allocate memory for witness polynomials - for (auto& poly : this->_witness_data._data) { - poly = Polynomial(circuit_size); - } - }; - - std::vector get_wires() { return _witness_data.get_wires(); }; - // The plookup wires that store plookup read data. - std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; - // The sorted concatenations of table and witness data needed for plookup. - std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; - }; - - using VerificationKey = VerificationKey_>; - template class AllEntities : public AllEntities_ { public: @@ -241,6 +190,58 @@ class Ultra { AllEntities(std::array data_in) { this->_data = data_in; } }; + public: + class ProvingKey : public ProvingKey_, FF> { + public: + WitnessEntities _witness_data; + + Polynomial& w_l = _witness_data.w_l; + Polynomial& w_r = _witness_data.w_r; + Polynomial& w_o = _witness_data.w_o; + Polynomial& w_4 = _witness_data.w_4; + Polynomial& sorted_1 = _witness_data.sorted_1; + Polynomial& sorted_2 = _witness_data.sorted_2; + Polynomial& sorted_3 = _witness_data.sorted_3; + Polynomial& sorted_4 = _witness_data.sorted_4; + Polynomial& sorted_accum = _witness_data.sorted_accum; + Polynomial& z_perm = _witness_data.z_perm; + Polynomial& z_lookup = _witness_data.z_lookup; + + std::vector memory_read_records; + std::vector memory_write_records; + + ProvingKey() = default; + ProvingKey(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->crs = crs; + this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); + + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->composer_type = composer_type; + // Allocate memory for precomputed polynomials + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : this->_witness_data._data) { + poly = Polynomial(circuit_size); + } + }; + + std::vector get_wires() { return _witness_data.get_wires(); }; + // The plookup wires that store plookup read data. + std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; + // The sorted concatenations of table and witness data needed for plookup. + std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; + }; + + using VerificationKey = VerificationKey_>; + // These collect lightweight handles of data living in different entities. They // provide the utility of grouping these and ranged `for` loops over // subsets. From 4dfe9458f734b9f379b6375f52e85df47bfa8dd5 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 20:05:35 +0000 Subject: [PATCH 095/119] Explicitness in flavor --- cpp/.clangd | 4 ++++ cpp/src/barretenberg/honk/flavor/standard.hpp | 8 +++++++- cpp/src/barretenberg/honk/flavor/ultra.hpp | 11 ++++++----- cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 1 + 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/cpp/.clangd b/cpp/.clangd index 5e025df074..599f23163a 100644 --- a/cpp/.clangd +++ b/cpp/.clangd @@ -57,6 +57,10 @@ Diagnostics: - cert-err58-cpp # Triggers on some tests that are not complex - readability-function-cognitive-complexity + # It is often nicer to not be explicit + - google-explicit-constructor + CheckOptions: + - cppcoreguidelines-special-member-functions.AllowSoleDefaultDtor: True --- # this divider is necessary # Disable some checks for Google Test/Bench diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 63a224f983..44b04b5b72 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -101,7 +101,7 @@ class Standard { DataType& z_perm = std::get<16>(this->_data); DataType& z_perm_shift = std::get<17>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o }; }; + std::vector get_wires() override { return { w_l, w_r, w_o }; }; std::vector get_unshifted() override { // ...z_perm_shift is in here? @@ -123,6 +123,9 @@ class Standard { AllEntities& operator=(const AllEntities& other) { + if (this == &other) { + return *this; + } AllEntities_::operator=(other); return *this; } @@ -133,6 +136,8 @@ class Standard { return *this; } + ~AllEntities() = default; + AllEntities(std::array data_in) { this->_data = data_in; } }; @@ -210,6 +215,7 @@ class Standard { // strings in the future, but I leave it this way for simplicity CommitmentLabels() + : AllEntities() { w_l = "W_1"; w_r = "W_2"; diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index a8bb1d9023..a69594b97d 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -68,14 +68,15 @@ class Ultra { DataType& lagrange_first = std::get<23>(this->_data); DataType& lagrange_last = std::get<24>(this->_data); - std::vector get_selectors() // TODO(#395): return arrays? + // TODO(#395): return arrays? + std::vector get_selectors() override { - // return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; }; - std::vector get_sigma_polynomials() { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_sigma_polynomials() override { return { sigma_1, sigma_2, sigma_3, sigma_4 }; }; + std::vector get_id_polynomials() override { return { id_1, id_2, id_3, id_4 }; }; + std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; - std::vector get_id_polynomials() { return { id_1, id_2, id_3, id_4 }; }; }; // Container for all witness polys @@ -149,7 +150,7 @@ class Ultra { DataType& z_perm_shift = std::get<45>(this->_data); DataType& z_lookup_shift = std::get<46>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_wires() override { return { w_l, w_r, w_o, w_4 }; }; std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 3dd0c98e7f..d266bc9754 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -76,6 +76,7 @@ template class VerificationKey_ : public Precompu template class AllEntities_ : public Entities_ { public: + virtual std::vector get_wires() = 0; virtual std::vector get_unshifted() = 0; virtual std::vector get_to_be_shifted() = 0; virtual std::vector get_shifted() = 0; From 0be17f0b819ebb4fb627211182991fa5c37aa843 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 21:07:49 +0000 Subject: [PATCH 096/119] Move constructor from array and clean up. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 11 ++++++---- cpp/src/barretenberg/honk/flavor/ultra.hpp | 20 +++++++++---------- .../proof_system/flavor/flavor.hpp | 8 +++++--- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 44b04b5b72..2367e9cddf 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -137,8 +137,6 @@ class Standard { } ~AllEntities() = default; - - AllEntities(std::array data_in) { this->_data = data_in; } }; public: @@ -199,13 +197,18 @@ class Standard { // subsets. using ProverPolynomials = AllEntities; - using FoldedPolynomials = AllEntities, PolynomialHandle>; // TODO(#394): use Polynomial class. + using FoldedPolynomials = AllEntities, PolynomialHandle>; // TODO(#390): Simplify this? template using ExtendedEdges = AllEntities, sumcheck::Univariate>; - using PurportedEvaluations = AllEntities; + class PurportedEvaluations : public AllEntities { + public: + using Base = AllEntities; + using Base::Base; + PurportedEvaluations(std::array _data_in) { this->_data = _data_in; } + }; class CommitmentLabels : public AllEntities { public: diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index a69594b97d..3878292de2 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -12,8 +12,6 @@ #include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp" #include "barretenberg/polynomials/evaluation_domain.hpp" #include "barretenberg/polynomials/polynomial.hpp" -#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp" -#include "barretenberg/proof_system/circuit_constructors/turbo_circuit_constructor.hpp" #include "barretenberg/proof_system/circuit_constructors/ultra_circuit_constructor.hpp" #include "barretenberg/srs/reference_string/reference_string.hpp" #include "barretenberg/proof_system/flavor/flavor.hpp" @@ -29,7 +27,7 @@ class Ultra { using G1 = barretenberg::g1; using GroupElement = G1::element; using Commitment = G1::affine_element; - using CommitmentHandle = G1::affine_element; // TODO(Cody): make a pointer? + using CommitmentHandle = G1::affine_element; using PCSParams = pcs::kzg::Params; static constexpr size_t num_wires = CircuitConstructor::num_wires; @@ -68,7 +66,6 @@ class Ultra { DataType& lagrange_first = std::get<23>(this->_data); DataType& lagrange_last = std::get<24>(this->_data); - // TODO(#395): return arrays? std::vector get_selectors() override { return { q_m, q_c, q_l, q_r, q_o, q_4, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; @@ -175,9 +172,11 @@ class Ultra { AllEntities(AllEntities&& other) : AllEntities_(other){}; - // TODO(luke): avoiding self assignment (clang warning) here is a bit gross. Is there a better way? AllEntities& operator=(const AllEntities& other) { + if (this == &other) { + return *this; + } AllEntities_::operator=(other); return *this; } @@ -188,7 +187,7 @@ class Ultra { return *this; } - AllEntities(std::array data_in) { this->_data = data_in; } + ~AllEntities() = default; }; public: @@ -249,16 +248,16 @@ class Ultra { using ProverPolynomials = AllEntities; using VerifierCommitments = AllEntities; - using FoldedPolynomials = - AllEntities, PolynomialHandle>; // TODO(Cody): Just reuse ProverPolynomials? + using FoldedPolynomials = AllEntities, PolynomialHandle>; template using ExtendedEdges = AllEntities, sumcheck::Univariate>; class PurportedEvaluations : public AllEntities { public: - PurportedEvaluations() { this->_data = {}; } - PurportedEvaluations(std::array read_evals) { this->_data = read_evals; } + using Base = AllEntities; + using Base::Base; + PurportedEvaluations(std::array _data_in) { this->_data = _data_in; } }; class CommitmentLabels : public AllEntities { @@ -276,7 +275,6 @@ class Ultra { w_4 = "W_4"; z_perm = "Z_PERM"; z_lookup = "Z_LOOKUP"; - // The ones beginning with "__" are only used for debugging q_c = "__Q_C"; q_l = "__Q_L"; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index d266bc9754..9eca665811 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -7,9 +7,11 @@ #include "barretenberg/proof_system/types/composer_type.hpp" // WORKTODO: Names of these classes -// WORKTODO: Define special member functions in reasonable way and untangle the bad consequences elsewhere (e.g., in -// TODO(#396): Access specifiers -// TODO(#397): Handle types. + +// TODO(#394): Folded polynomials should use polynomial class. +// TODO(#395): Getters should return arrays? +// TODO(#396): Access specifiers? +// TODO(#397): Use more handle types? // TODO(#398): Selectors should come from arithmetization. /** * WORKTODO: Outline what's going on here, explain the data model and how to think about these classes. From 8421b497b4917b670184800d0ed243602de6edec Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 22:03:17 +0000 Subject: [PATCH 097/119] Add huge introductory comment. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 2 - .../proof_system/flavor/flavor.hpp | 78 ++++++++++++++++--- 2 files changed, 66 insertions(+), 14 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 2367e9cddf..b23cd667b3 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -175,7 +175,6 @@ class Standard { std::vector get_wires() { return _witness_data.get_wires(); }; }; - // WORKTODO: verifiercircuitdata class VerificationKey : public VerificationKey_> { public: VerificationKey() = default; @@ -242,7 +241,6 @@ class Standard { }; }; - // WORKTODO: this should not be an allEntities class VerifierCommitments : public AllEntities { public: VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 9eca665811..0f7fc7f5af 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -1,3 +1,67 @@ +/** + * @file flavor.hpp + * @brief Base class templates for structures that contain data related to the fundamental polynomials of a Honk + * variant (a "flavor"). + * + * @details #Motivation + * We choose the framework set out in these classes for several reasons. + * For one, it allows for a large amount of the information of Honk flavor to be read at a glance in a single file. + * + * The primary motivation, however, is to reduce the sort loose coupling that is a significant source of complexity in + * the original plonk code. There, we find many similarly-named entities defined in a wide variety of places (to name + * some: selector_properties; FooSelectors; PolynomialIndex; the labels given to the polynomial store; the commitment + * label; inconsistent terminology and notation around these), and it can be difficult to discover or remember the + * relationships between these. We aim to standardize these, to enfore identical and informative naming, and to prevent + * the developer having to think very much about the ordering of protocol entities in disparate places. + * + * Another motivation is iterate on the polynomial manifest, which is nice in its compatness, but which feels needlessly + * manual and low-level. In the past, this contained even more boolean parameters, making it quite hard to parse. + * Looping over the polynomial manifest means extracting a globally-defined "FOO_MANIFEST_SIZE" (the use of "manifest" + * here is distinct from the manifests in the transcript) and then looping over a C-style array, and manually parsing + * the various tags. We greatly enrich this structure by using basic C++ OOP functionality. Rather than recording the + * polynomial source in an enum, we simply group polynomial handles using getter functions in our new class. We get code + * that is more compact, more legible, and which is safer because it admits ranged `for` loops. + * + * Another motivation is proper and clear specification of Honk variants. The flavors are meant to be explicit and + * easily comparable. The various settings template parameters and things like the ComposerType enum became overloaded + * in time, and continue to be a point of accumulation for tech debt. We aim to remedy some of this by putting proving + * system information in the flavor, and circuit construction information in the arithmetization (or larger circuit + * constructor class). + * + * @details #Data model + * All of the flavor classes derive from a single Entitives_ template, which simply wraps a std::array (we would + * inherit, but this is unsafe as std::array has a non-virtual destructor). The developer should think of every flavor + * class as being: + * - A std::array instance. + * - An informative name for each entry of that array that is fixed at compile time. + * - Some classic metadata like we'd see in plonk (e.g., a circuit size, a refernce string, an evaluation domain). + * - A collection of getters that record subsets of the array that are of interest in the Honk variant. + * + * Each getter returns a container of HandleType's, where a HandleType is something that is inexpensive to create and + * lets one view and mutate a DataType instance. The primary example here is that std::span is the handle type chosen + * for barrtenberg::Polynomial. + * + * @details #Some Notes + * + * @note It would be ideal to codify more structure in this file and to have it imposed on the actual flavors, but our + * inheritance model is complicated as it is, and we saw no reasonable way to fix this. + * + * @note One asymmetry to note is in the use of the term "key". It is worthwhile to distinguish betwen prover/verifier + * circuit data, and "keys" that consist of such data augmented with witness data (whether, raw, blinded, or polynomial + * commitments). Currently the proving key contains witness data, while the verification key does not. + * TODO(Cody): It would be nice to resolve this but it's not essential. + * + * @note The VerifierCommitments classes are not 'tight' in the sense that that the underlying array contains(a few) + * empty slots. This is a conscious choice to limit complexity at the expense of explicitness. Note that there is very + * little memory cost here since the DataType size in that case is small. + * + * @todo TODO(#394): Folded polynomials should use polynomial class. + * @todo TODO(#395): Getters should return arrays? + * @todo TODO(#396): Access specifiers? + * @todo TODO(#397): Use more handle types? + * @todo TODO(#398): Selectors should come from arithmetization. + */ + #pragma once #include #include @@ -6,22 +70,12 @@ #include "barretenberg/polynomials/evaluation_domain.hpp" #include "barretenberg/proof_system/types/composer_type.hpp" -// WORKTODO: Names of these classes - -// TODO(#394): Folded polynomials should use polynomial class. -// TODO(#395): Getters should return arrays? -// TODO(#396): Access specifiers? -// TODO(#397): Use more handle types? -// TODO(#398): Selectors should come from arithmetization. -/** - * WORKTODO: Outline what's going on here, explain the data model and how to think about these classes. - * - */ namespace proof_system::honk::flavor { /** * @brief Base data class, a wrapper for std::array, from which every flavor class ultimately derives. - * @details Ideally we could derive from std::array, but that is unsafe because std::array's destructor is non-virtual. + * @details Ideally we could derive from std::array, but that is unsafe because std::array's destructor is + * non-virtual. * * @tparam T The underlying data type stored in the array * @tparam HandleType The type that will be used to From e89aeef7ef193f051240d525e01cec94b1460296 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 22:12:16 +0000 Subject: [PATCH 098/119] Document flavor class templates. --- .../proof_system/flavor/flavor.hpp | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 0f7fc7f5af..6a8347cd04 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -74,8 +74,6 @@ namespace proof_system::honk::flavor { /** * @brief Base data class, a wrapper for std::array, from which every flavor class ultimately derives. - * @details Ideally we could derive from std::array, but that is unsafe because std::array's destructor is - * non-virtual. * * @tparam T The underlying data type stored in the array * @tparam HandleType The type that will be used to @@ -95,6 +93,10 @@ template class Ent constexpr size_t size() { return NUM_ENTITIES; }; }; +/** + * @brief Base class containing circuit-specifying data. + * + */ template class PrecomputedEntities_ : public Entities_ { public: @@ -108,8 +110,13 @@ class PrecomputedEntities_ : public Entities_ get_id_polynomials() = 0; }; -// TODO(Cody): Made this public derivation so that I could iterate through -// the selectors +/** + * @brief Base proving key class. + * + * @tparam PrecomputedEntities An instance of PrecomputedEntities_ with polynomial data type and span handle type. + * @tparam FF The scalar field on which we will encode our polynomial data. When instantiating, this may be extractable + * from the other template paramter. + */ template class ProvingKey_ : public PrecomputedEntities { public: bool contains_recursive_proof; @@ -119,10 +126,9 @@ template class ProvingKey_ : public }; /** - * @brief Collect all entities (really, views of these) from the protocol in one place. - * @details No need for a distinction between storage and view classes here. + * @brief Base verification key class. * - * @tparam PrecomputedEntities + * @tparam PrecomputedEntities An instance of PrecomputedEntities_ with affine_element data type and handle type. */ template class VerificationKey_ : public PrecomputedEntities { public: From c6dc98af6677907503a7462b6e243b7c240e8789 Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 22:22:05 +0000 Subject: [PATCH 099/119] num_wires ~> NUM_WIRES --- .../standard_honk_composer_helper.hpp | 2 +- .../ultra_honk_composer_helper.hpp | 2 +- .../honk/composer/standard_honk_composer.hpp | 2 +- .../composer/standard_honk_composer.test.cpp | 6 +++--- cpp/src/barretenberg/honk/flavor/standard.hpp | 12 ++++++++--- cpp/src/barretenberg/honk/flavor/ultra.hpp | 2 +- .../honk/proof_system/prover_library.cpp | 18 ++++++++--------- .../honk/proof_system/prover_library.test.cpp | 20 +++++++++---------- cpp/src/barretenberg/plonk/flavor/flavor.hpp | 6 +++--- .../arithmetization/arithmetization.hpp | 12 +++++------ .../circuit_constructor_base.hpp | 8 ++++---- .../composer/permutation_helper.hpp | 20 +++++++++---------- 12 files changed, 58 insertions(+), 52 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp index bd6aa8fd0a..031ebb8115 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp @@ -20,7 +20,7 @@ class StandardHonkComposerHelper { using VerificationKey = Flavor::VerificationKey; static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; std::shared_ptr proving_key; std::shared_ptr verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs diff --git a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp index 3929625e8d..3bcd6ddd33 100644 --- a/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp +++ b/cpp/src/barretenberg/honk/composer/composer_helper/ultra_honk_composer_helper.hpp @@ -26,7 +26,7 @@ class UltraHonkComposerHelper { // Ultra Composer, this value must match that of NUM_RESERVED_GATES. This issue needs to be reconciled // simultaneously here and in the other split composers. static constexpr size_t NUM_RANDOMIZED_GATES = 4; // equal to the number of multilinear evaluations leaked - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; std::shared_ptr proving_key; std::shared_ptr verification_key; // TODO(#218)(kesha): we need to put this into the commitment key, so that the composer doesn't have to handle srs diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index 300b6bc5e1..a9f7aab3d1 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -36,7 +36,7 @@ class StandardHonkComposer { // Leaving it in for now just in case bool contains_recursive_proof = false; - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; /**Standard methods*/ diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 705aac1d25..3b26c8e970 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -73,7 +73,7 @@ TEST(StandardHonkComposer, SigmaIDCorrectness) auto permutation_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); auto wire_polynomials = proving_key->get_wires(); - for (size_t j = 0; j < StandardHonkComposer::num_wires; ++j) { + for (size_t j = 0; j < StandardHonkComposer::NUM_WIRES; ++j) { std::string index = std::to_string(j + 1); const auto& permutation_polynomial = permutation_polynomials[j]; const auto& witness_polynomial = wire_polynomials[j]; @@ -215,7 +215,7 @@ TEST(StandardHonkComposer, AssertEquals) auto get_maximum_cycle = [](auto& composer) { // Compute the proving key for sigma polynomials auto proving_key = composer.compute_proving_key(); - auto permutation_length = composer.num_wires * proving_key->circuit_size; + auto permutation_length = composer.NUM_WIRES * proving_key->circuit_size; auto sigma_polynomials = proving_key->get_sigma_polynomials(); // Let's compute the maximum cycle @@ -302,7 +302,7 @@ TEST(StandardHonkComposer, VerificationKeyCreation) // There is nothing we can really check apart from the fact that constraint selectors and permutation selectors were // committed to, we simply check that the verification key now contains the appropriate number of constraint and // permutation selector commitments. This method should work with any future arithemtization. - EXPECT_EQ(verification_key->size(), composer.circuit_constructor.selectors.size() + composer.num_wires * 2 + 2); + EXPECT_EQ(verification_key->size(), composer.circuit_constructor.selectors.size() + composer.NUM_WIRES * 2 + 2); } TEST(StandardHonkComposer, BaseCase) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index b23cd667b3..900d13f128 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -18,6 +18,14 @@ namespace proof_system::honk::flavor { +/** + * @brief Standard Honk + * @details We built this variant first because it is the most basic. Because of this, it will remain useful for testing + * various constructions. Future variants may exist with varying: underlying curve (here we use BN254); commitment + * scheme (here we use Gemini + Shplonk + KZG); zero knowlege property (it's not implemented yet, but in the future we + * will be able to toggle it on or off). + * + */ class Standard { public: using CircuitConstructor = StandardCircuitConstructor; @@ -30,15 +38,13 @@ class Standard { using CommitmentHandle = G1::affine_element; using PCSParams = pcs::kzg::Params; - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; static constexpr size_t NUM_ALL_ENTITIES = 18; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 4; private: - // TODO(Cody): Made this public derivation so that I could populate selector - // polys from circuit constructor. template class PrecomputedEntities : public PrecomputedEntities_ { public: diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 3878292de2..0bc4c47987 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -30,7 +30,7 @@ class Ultra { using CommitmentHandle = G1::affine_element; using PCSParams = pcs::kzg::Params; - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; static constexpr size_t NUM_ALL_ENTITIES = 47; static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; // The total number of witness entities not including shifts. diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index be8944794f..3e4b2fa3dc 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -9,7 +9,7 @@ namespace proof_system::honk::prover_library { /** * @brief Compute the permutation grand product polynomial Z_perm(X) * * - * @detail (This description assumes Flavor::num_wires 3). Z_perm may be defined in terms of iwires + * @detail (This description assumes Flavor::NUM_WIRES 3). Z_perm may be defined in terms of iwires wires wirests values * on X_i = 0,1,...,n-1 as Z_perm[0] = 1 and for i = 1:n-1 @@ -25,8 +25,8 @@ wirests values * Z_perm[i] = ∏ -------------------------- * B_1(j) ⋅ B_2(j) ⋅ B_3(j) * - * Step 1) Compute the 2*Flavor::num_wires length-n polynomials A_i and B_i - * Step 2) Compute the 2*Flavor::num_wires length-n polynomials ∏ A_i(j) and ∏ B_i(j) + * Step 1) Compute the 2*Flavor::NUM_WIRES length-n polynomials A_i and B_i + * Step 2) Compute the 2*Flavor::NUM_WIRES length-n polynomials ∏ A_i(j) and ∏ B_i(j) * Step 3) Compute the two length-n polynomials defined by * numer[i] = ∏ A_1(j)⋅A_2(j)⋅A_3(j), and denom[i] = ∏ B_1(j)⋅B_2(j)⋅B_3(j) * Step 4) Compute Z_perm[i+1] = numer[i]/denom[i] (recall: Z_perm[0] = 1) @@ -49,9 +49,9 @@ typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptr numerator_accumulator; - std::array denominator_accumulator; - for (size_t i = 0; i < Flavor::num_wires; ++i) { + std::array numerator_accumulator; + std::array denominator_accumulator; + for (size_t i = 0; i < Flavor::NUM_WIRES; ++i) { numerator_accumulator[i] = Polynomial{ key->circuit_size }; denominator_accumulator[i] = Polynomial{ key->circuit_size }; } @@ -63,7 +63,7 @@ typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptrcircuit_size; ++i) { - for (size_t k = 0; k < Flavor::num_wires; ++k) { + for (size_t k = 0; k < Flavor::NUM_WIRES; ++k) { numerator_accumulator[k][i] = wire_polynomials[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ denominator_accumulator[k][i] = wire_polynomials[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ @@ -71,7 +71,7 @@ typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptrcircuit_size - 1; ++i) { numerator_accumulator[k][i + 1] *= numerator_accumulator[k][i]; denominator_accumulator[k][i + 1] *= denominator_accumulator[k][i]; @@ -80,7 +80,7 @@ typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptrcircuit_size; ++i) { - for (size_t k = 1; k < Flavor::num_wires; ++k) { + for (size_t k = 1; k < Flavor::NUM_WIRES; ++k) { numerator_accumulator[0][i] *= numerator_accumulator[k][i]; denominator_accumulator[0][i] *= denominator_accumulator[k][i]; } diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index dc31dc612f..04a74e1b11 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -73,7 +73,7 @@ template class ProverLibraryTests : public testing::Test { auto wire_polynomials = proving_key->get_wires(); auto sigma_polynomials = proving_key->get_sigma_polynomials(); auto id_polynomials = proving_key->get_id_polynomials(); - for (size_t i = 0; i < Flavor::num_wires; ++i) { + for (size_t i = 0; i < Flavor::NUM_WIRES; ++i) { wires.emplace_back(get_random_polynomial(num_gates)); sigmas.emplace_back(get_random_polynomial(num_gates)); ids.emplace_back(get_random_polynomial(num_gates)); @@ -94,7 +94,7 @@ template class ProverLibraryTests : public testing::Test { // which describes the computation in 4 steps, is adapted from a similar comment in // compute_grand_product_polynomial. /* - * Assume Flavor::num_wires 3. Z_perm may be defined in terms of its values + * Assume Flavor::NUM_WIRES 3. Z_perm may be defined in terms of its values * on X_i = 0,1,...,n-1 as Z_perm[0] = 0 and for i = 1:n-1 * * (w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ) @@ -108,27 +108,27 @@ template class ProverLibraryTests : public testing::Test { * Z_perm[i] = ∏ -------------------------- * B_1(j) ⋅ B_2(j) ⋅ B_3(j) * - * Step 1) Compute the 2*Flavor::num_wires length-n polynomials A_i and B_i - * Step 2) Compute the 2*Flavor::num_wires length-n polynomials ∏ A_i(j) and ∏ B_i(j) + * Step 1) Compute the 2*Flavor::NUM_WIRES length-n polynomials A_i and B_i + * Step 2) Compute the 2*Flavor::NUM_WIRES length-n polynomials ∏ A_i(j) and ∏ B_i(j) * Step 3) Compute the two length-n polynomials defined by * numer[i] = ∏ A_1(j)⋅A_2(j)⋅A_3(j), and denom[i] = ∏ B_1(j)⋅B_2(j)⋅B_3(j) * Step 4) Compute Z_perm[i+1] = numer[i]/denom[i] (recall: Z_perm[0] = 1) */ // Make scratch space for the numerator and denominator accumulators. - std::array, Flavor::num_wires> numerator_accum; - std::array, Flavor::num_wires> denominator_accum; + std::array, Flavor::NUM_WIRES> numerator_accum; + std::array, Flavor::NUM_WIRES> denominator_accum; // Step (1) for (size_t i = 0; i < proving_key->circuit_size; ++i) { - for (size_t k = 0; k < Flavor::num_wires; ++k) { + for (size_t k = 0; k < Flavor::NUM_WIRES; ++k) { numerator_accum[k][i] = wires[k][i] + (ids[k][i] * beta) + gamma; // w_k(i) + β.id_k(i) + γ denominator_accum[k][i] = wires[k][i] + (sigmas[k][i] * beta) + gamma; // w_k(i) + β.σ_k(i) + γ } } // Step (2) - for (size_t k = 0; k < Flavor::num_wires; ++k) { + for (size_t k = 0; k < Flavor::NUM_WIRES; ++k) { for (size_t i = 0; i < proving_key->circuit_size - 1; ++i) { numerator_accum[k][i + 1] *= numerator_accum[k][i]; denominator_accum[k][i + 1] *= denominator_accum[k][i]; @@ -137,7 +137,7 @@ template class ProverLibraryTests : public testing::Test { // Step (3) for (size_t i = 0; i < proving_key->circuit_size; ++i) { - for (size_t k = 1; k < Flavor::num_wires; ++k) { + for (size_t k = 1; k < Flavor::NUM_WIRES; ++k) { numerator_accum[0][i] *= numerator_accum[k][i]; denominator_accum[0][i] *= denominator_accum[k][i]; } @@ -180,7 +180,7 @@ template class ProverLibraryTests : public testing::Test { // polynomials can simply be random. We're not interested in the particular properties of the result. std::vector wires; auto wire_polynomials = proving_key->get_wires(); - // Note(luke): Use of 3 wires is fundamental to the structure of the tables and should not be tied to num_wires + // Note(luke): Use of 3 wires is fundamental to the structure of the tables and should not be tied to NUM_WIRES // for now for (size_t i = 0; i < 3; ++i) { // TODO(Cody): will this test ever generalize? Polynomial random_polynomial = get_random_polynomial(circuit_size); diff --git a/cpp/src/barretenberg/plonk/flavor/flavor.hpp b/cpp/src/barretenberg/plonk/flavor/flavor.hpp index 0ce0219e27..b9bfa7b0a4 100644 --- a/cpp/src/barretenberg/plonk/flavor/flavor.hpp +++ b/cpp/src/barretenberg/plonk/flavor/flavor.hpp @@ -10,20 +10,20 @@ class Standard { public: using CircuitConstructor = proof_system::StandardCircuitConstructor; using ProvingKey = plonk::proving_key; - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; }; class Turbo { public: using CircuitConstructor = proof_system::TurboCircuitConstructor; using ProvingKey = plonk::proving_key; - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; }; class Ultra { public: using CircuitConstructor = proof_system::UltraCircuitConstructor; using ProvingKey = plonk::proving_key; - static constexpr size_t num_wires = CircuitConstructor::num_wires; + static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; }; } // namespace proof_system::plonk::flavor \ No newline at end of file diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index 6d432f2ac2..0cc19220a5 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -15,11 +15,11 @@ namespace arithmetization { * @remark It may make sense to say this is only partial arithmetization data, with the full data being * contained in the circuit constructor. We could change the name of this class if it conflicts with common usage. * - * @tparam _num_wires + * @tparam _NUM_WIRES * @tparam _num_selectors */ -template struct Arithmetization { - static constexpr size_t num_wires = _num_wires; +template struct Arithmetization { + static constexpr size_t NUM_WIRES = _NUM_WIRES; static constexpr size_t num_selectors = _num_selectors; // Note: For even greater modularity, in each instantiation we could specify a list of components here, where a @@ -48,7 +48,7 @@ template struct SelectorsBase { // These are not magic numbers and they should not be written with global constants. These paraters are not accessible // through clearly named static class members. -template class Standard : public Arithmetization { +template class Standard : public Arithmetization { public: struct Selectors : SelectorsBase { std::vector& q_m = std::get<0>(this->_data); @@ -59,7 +59,7 @@ template class Standard : public Arithmetization class Turbo : public Arithmetization { +template class Turbo : public Arithmetization { public: struct Selectors : SelectorsBase { std::vector& q_m = std::get<0>(this->_data); @@ -76,7 +76,7 @@ template class Turbo : public Arithmetization class Ultra : public Arithmetization { +template class Ultra : public Arithmetization { public: struct Selectors : SelectorsBase { std::vector& q_m = std::get<0>(this->_data); diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 6b770c74f3..3ae1f1a773 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -12,9 +12,9 @@ template class CircuitConstructorBase { // TODO(Cody): This needs to be templated to allow constructing circuits over Grumpkin. For now, adding FF here // since the flavor can extract it. using FF = barretenberg::fr; - static constexpr size_t num_wires = Arithmetization::num_wires; - // Keeping num_wires, at least temporarily, for backward compatibility - static constexpr size_t program_width = Arithmetization::num_wires; + static constexpr size_t NUM_WIRES = Arithmetization::NUM_WIRES; + // Keeping NUM_WIRES, at least temporarily, for backward compatibility + static constexpr size_t program_width = Arithmetization::NUM_WIRES; static constexpr size_t num_selectors = Arithmetization::num_selectors; // TODO(Cody): These are plonk-specific and could be specified in the plonk flavors. @@ -22,7 +22,7 @@ template class CircuitConstructorBase { std::vector selector_names_; size_t num_gates = 0; - std::array, num_wires> wires; + std::array, NUM_WIRES> wires; typename Arithmetization::Selectors selectors; std::vector public_inputs; diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp index 0cb669323c..2c12ef18e9 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.hpp @@ -50,8 +50,8 @@ struct permutation_subgroup_element { bool is_tag = false; }; -template struct PermutationMapping { - using Mapping = std::array, num_wires>; +template struct PermutationMapping { + using Mapping = std::array, NUM_WIRES>; Mapping sigmas; Mapping ids; }; @@ -134,16 +134,16 @@ std::vector compute_wire_copy_cycles(const typename Flavor::C * @return PermutationMapping sigma mapping (and id mapping if generalized == true) */ template -PermutationMapping compute_permutation_mapping( +PermutationMapping compute_permutation_mapping( const typename Flavor::CircuitConstructor& circuit_constructor, typename Flavor::ProvingKey* proving_key) { // Compute wire copy cycles (cycles of permutations) auto wire_copy_cycles = compute_wire_copy_cycles(circuit_constructor); - PermutationMapping mapping; + PermutationMapping mapping; // Initialize the table of permutations so that every element points to itself - for (size_t i = 0; i < Flavor::num_wires; ++i) { // TODO(#391) zip and split + for (size_t i = 0; i < Flavor::NUM_WIRES; ++i) { // TODO(#391) zip and split mapping.sigmas[i].reserve(proving_key->circuit_size); if constexpr (generalized) { mapping.ids[i].reserve(proving_key->circuit_size); @@ -232,7 +232,7 @@ PermutationMapping compute_permutation_mapping( template void compute_honk_style_permutation_lagrange_polynomials_from_mapping( std::vector permutation_polynomials, // sigma or ID poly - std::array, Flavor::num_wires>& permutation_mappings, + std::array, Flavor::NUM_WIRES>& permutation_mappings, typename Flavor::ProvingKey* proving_key) { const size_t num_gates = proving_key->circuit_size; @@ -254,7 +254,7 @@ void compute_honk_style_permutation_lagrange_polynomials_from_mapping( -barretenberg::fr(current_mapping.row_index + 1 + num_gates * current_mapping.column_index); } else if (current_mapping.is_tag) { // Set evaluations to (arbitrary) values disjoint from non-tag values - current_permutation_poly[i] = num_gates * Flavor::num_wires + current_mapping.row_index; + current_permutation_poly[i] = num_gates * Flavor::NUM_WIRES + current_mapping.row_index; } else { // For the regular permutation we simply point to the next location by setting the evaluation to its // index @@ -461,7 +461,7 @@ void compute_standard_plonk_sigma_permutations(const typename Flavor::CircuitCon // Compute Plonk-style sigma polynomials from the mapping compute_plonk_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, key); // Compute their monomial and coset versions - compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); + compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); } /** @@ -500,8 +500,8 @@ void compute_plonk_generalized_sigma_permutations(const typename Flavor::Circuit compute_plonk_permutation_lagrange_polynomials_from_mapping("sigma", mapping.sigmas, key); compute_plonk_permutation_lagrange_polynomials_from_mapping("id", mapping.ids, key); // Compute the monomial and coset-ffts for sigmas and IDs - compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); - compute_monomial_and_coset_fft_polynomials_from_lagrange("id", key); + compute_monomial_and_coset_fft_polynomials_from_lagrange("sigma", key); + compute_monomial_and_coset_fft_polynomials_from_lagrange("id", key); } /** From 2a9af175bccbc67506fb98997113ea4dbbeb00ec Mon Sep 17 00:00:00 2001 From: codygunton Date: Fri, 28 Apr 2023 23:02:57 +0000 Subject: [PATCH 100/119] Comment standard flavor; resolve last WORKTODO. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 68 +++++++++++++++---- cpp/src/barretenberg/honk/flavor/ultra.hpp | 2 +- .../honk/proof_system/verifier.cpp | 2 +- .../proof_system/flavor/flavor.hpp | 2 +- 4 files changed, 59 insertions(+), 15 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 900d13f128..88b754c26c 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -39,12 +39,20 @@ class Standard { using PCSParams = pcs::kzg::Params; static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates. We often need containers of + // this size to hold related data, so we choose a more agnostic name than `NUM_POLYNOMIALS` static constexpr size_t NUM_ALL_ENTITIES = 18; + // The number of polynomials that can be precomputed to describe a circuit and aid a prover in constructing a + // satisfying assignment of witness. We again choose a neutral name. static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 4; private: + /** + * @brief A base class labelling precomputed entities and particular subsets of interest. + * @details Used to build the proving key and verification key. + */ template class PrecomputedEntities : public PrecomputedEntities_ { public: @@ -69,10 +77,7 @@ class Standard { /** * @brief Container for all witness polynomials used/constructed by the prover. - * @details Shifts are not included here since they do not occupy their own memory - * - * @tparam T - * @tparam HandleType + * @details Shifts are not included here since they do not occupy their own memory. */ template class WitnessEntities : public Entities_ { @@ -85,6 +90,12 @@ class Standard { std::vector get_wires() { return { w_l, w_r, w_o }; }; }; + /** + * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during + * sumcheck) in this Honk variant along with paritcular subsets of interest. + * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded + * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. + */ template class AllEntities : public AllEntities_ { public: @@ -109,16 +120,16 @@ class Standard { std::vector get_wires() override { return { w_l, w_r, w_o }; }; + // Gemin-specific getters. std::vector get_unshifted() override { // ...z_perm_shift is in here? return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last, w_l, w_r, w_o, z_perm }; }; - std::vector get_to_be_shifted() override { return { z_perm }; }; - std::vector get_shifted() override { return { z_perm_shift }; }; + // TODO(Cody): It would be nice to define these constructors once in a base class template. AllEntities() = default; AllEntities(const AllEntities& other) @@ -146,6 +157,10 @@ class Standard { }; public: + /** + * @brief The proving key is responsible for storing the polynomials used by the prover. + * @details Maybe multiple inheritance is reasonable here. + */ class ProvingKey : public ProvingKey_, FF> { public: WitnessEntities _witness_data; @@ -181,6 +196,14 @@ class Standard { std::vector get_wires() { return _witness_data.get_wires(); }; }; + /** + * @brief The verificaiton key is responsible for storing the the commitments to the precomputed (non-witnessk) + * polynomials used by the verifier. + * + * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve + * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our + * circuits. + */ class VerificationKey : public VerificationKey_> { public: VerificationKey() = default; @@ -197,17 +220,29 @@ class Standard { }; }; - // These collect lightweight handles of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over - // subsets. + /** + * @brief A container for polynomials handles; only stores spans. + */ using ProverPolynomials = AllEntities; + /** + * @brief A container for polynomials produced after the first round of sumcheck. + * @todo TODO(#394) Use polynomial classes for guaranteed memory alignment. + */ using FoldedPolynomials = AllEntities, PolynomialHandle>; - // TODO(#390): Simplify this? + + /** + * @brief A container for univariates produced during the hot loop in sumcheck. + * @todo TODO(#390): Simplify this by moving MAX_RELATION_LENGTH? + */ template using ExtendedEdges = AllEntities, sumcheck::Univariate>; + /** + * @brief A container for the polynomials evaluations produced during sumcheck, which are purported to be the + * evaluations of polynomials committed in earlier rounds. + */ class PurportedEvaluations : public AllEntities { public: using Base = AllEntities; @@ -215,6 +250,12 @@ class Standard { PurportedEvaluations(std::array _data_in) { this->_data = _data_in; } }; + /** + * @brief A container for commitment labels. + * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly needed. It + * has, however, been useful during debugging to have these lables avilable. + * + */ class CommitmentLabels : public AllEntities { public: // this does away with the ENUM_TO_COMM array while preserving the @@ -247,11 +288,14 @@ class Standard { }; }; + /** + * @brief A container for all commitments used by the verifier. + */ class VerifierCommitments : public AllEntities { public: - VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + VerifierCommitments(std::shared_ptr verification_key) { - static_cast(transcript); // WORKTODO + // Initialize pre-computed commitments here, witness commitments during proof verification. q_m = verification_key->q_m; q_l = verification_key->q_l; q_r = verification_key->q_r; diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 0bc4c47987..21de6f5dbd 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -322,7 +322,7 @@ class Ultra { // class VerifierCommitments : public AllEntities { // public: - // VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + // VerifierCommitments(std::shared_ptr verification_key) // { // } // }; diff --git a/cpp/src/barretenberg/honk/proof_system/verifier.cpp b/cpp/src/barretenberg/honk/proof_system/verifier.cpp index 82bd2a5f11..6238f6e2e1 100644 --- a/cpp/src/barretenberg/honk/proof_system/verifier.cpp +++ b/cpp/src/barretenberg/honk/proof_system/verifier.cpp @@ -71,7 +71,7 @@ template bool StandardVerifier_::verify_proof(const pl transcript = VerifierTranscript{ proof.proof_data }; - auto commitments = VerifierCommitments(key, transcript); + auto commitments = VerifierCommitments(key); auto commitment_labels = CommitmentLabels(); // TODO(Adrian): Change the initialization of the transcript to take the VK hash? diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 6a8347cd04..e8ccd1c459 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -143,7 +143,7 @@ class AllEntities_ : public Entities_ { virtual std::vector get_to_be_shifted() = 0; virtual std::vector get_shifted() = 0; - // TODO(Cody): Look for a better solution? + // Because of how Gemini is written, is importat to put the polynomials out in this order. std::vector get_unshifted_then_shifted() { std::vector result{ get_unshifted() }; From 91913f97571376b576e9eb4b6e4628ea12ea84ea Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 14:23:58 +0000 Subject: [PATCH 101/119] Comments and WitnessEntities_ --- cpp/src/barretenberg/honk/flavor/standard.hpp | 19 ++--- .../proof_system/flavor/flavor.hpp | 70 +++++++++++-------- 2 files changed, 51 insertions(+), 38 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 88b754c26c..31a015e089 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -20,7 +20,7 @@ namespace proof_system::honk::flavor { /** * @brief Standard Honk - * @details We built this variant first because it is the most basic. Because of this, it will remain useful for testing + * @details We built this flavor first because it is the most basic. Because of this, it will remain useful for testing * various constructions. Future variants may exist with varying: underlying curve (here we use BN254); commitment * scheme (here we use Gemini + Shplonk + KZG); zero knowlege property (it's not implemented yet, but in the future we * will be able to toggle it on or off). @@ -40,17 +40,17 @@ class Standard { static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; // The number of multivariate polynomials on which a sumcheck prover sumcheck operates. We often need containers of - // this size to hold related data, so we choose a more agnostic name than `NUM_POLYNOMIALS` + // this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` static constexpr size_t NUM_ALL_ENTITIES = 18; - // The number of polynomials that can be precomputed to describe a circuit and aid a prover in constructing a - // satisfying assignment of witness. We again choose a neutral name. + // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying + // assignment of witnesses. We again choose a neutral name. static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 13; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 4; private: /** - * @brief A base class labelling precomputed entities and particular subsets of interest. + * @brief A base class labelling precomputed entities and (ordered) subsets of interest. * @details Used to build the proving key and verification key. */ template @@ -80,19 +80,19 @@ class Standard { * @details Shifts are not included here since they do not occupy their own memory. */ template - class WitnessEntities : public Entities_ { + class WitnessEntities : public WitnessEntities_ { public: DataType& w_l = std::get<0>(this->_data); DataType& w_r = std::get<1>(this->_data); DataType& w_o = std::get<2>(this->_data); DataType& z_perm = std::get<3>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o }; }; + std::vector get_wires() override { return { w_l, w_r, w_o }; }; }; /** * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during - * sumcheck) in this Honk variant along with paritcular subsets of interest. + * sumcheck) in this Honk variant along with particular subsets of interest. * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. */ @@ -159,7 +159,8 @@ class Standard { public: /** * @brief The proving key is responsible for storing the polynomials used by the prover. - * @details Maybe multiple inheritance is reasonable here. + * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve inherit + * from ProvingKey. */ class ProvingKey : public ProvingKey_, FF> { public: diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index e8ccd1c459..6f0d7dd364 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -1,50 +1,52 @@ /** * @file flavor.hpp - * @brief Base class templates for structures that contain data related to the fundamental polynomials of a Honk + * @brief Base class templates for structures that contain data parameterized by the fundamental polynomials of a Honk * variant (a "flavor"). * * @details #Motivation * We choose the framework set out in these classes for several reasons. + * * For one, it allows for a large amount of the information of Honk flavor to be read at a glance in a single file. * - * The primary motivation, however, is to reduce the sort loose coupling that is a significant source of complexity in - * the original plonk code. There, we find many similarly-named entities defined in a wide variety of places (to name + * The primary motivation, however, is to reduce the sort loose of coupling that is a significant source of complexity + * in the original plonk code. There, we find many similarly-named entities defined in many different places (to name * some: selector_properties; FooSelectors; PolynomialIndex; the labels given to the polynomial store; the commitment * label; inconsistent terminology and notation around these), and it can be difficult to discover or remember the - * relationships between these. We aim to standardize these, to enfore identical and informative naming, and to prevent - * the developer having to think very much about the ordering of protocol entities in disparate places. - * - * Another motivation is iterate on the polynomial manifest, which is nice in its compatness, but which feels needlessly - * manual and low-level. In the past, this contained even more boolean parameters, making it quite hard to parse. - * Looping over the polynomial manifest means extracting a globally-defined "FOO_MANIFEST_SIZE" (the use of "manifest" - * here is distinct from the manifests in the transcript) and then looping over a C-style array, and manually parsing - * the various tags. We greatly enrich this structure by using basic C++ OOP functionality. Rather than recording the - * polynomial source in an enum, we simply group polynomial handles using getter functions in our new class. We get code - * that is more compact, more legible, and which is safer because it admits ranged `for` loops. + * relationships between these. We aim for a more uniform treatment, to enfore identical and informative naming, and to + * prevent the developer having to think very much about the ordering of protocol entities in disparate places. + * + * Another motivation is iterate on the polynomial manifest of plonk, which is nice in its compatness, but which feels + * needlessly manual and low-level. In the past, this contained even more boolean parameters, making it quite hard to + * parse. A typical construction is to loop over the polynomial manifest by extracting a globally-defined + * "FOO_MANIFEST_SIZE" (the use of "manifest" here is distinct from the manifests in the transcript) to loop + * over a C-style array, and then manually parsing the various tags of different types in the manifest entries. We + * greatly enrich this structure by using basic C++ OOP functionality. Rather than recording the polynomial source in an + * enum, we group polynomial handles using getter functions in our new class. We get code that is more compact, + * more legible, and which is safer because it admits ranged `for` loops. * * Another motivation is proper and clear specification of Honk variants. The flavors are meant to be explicit and - * easily comparable. The various settings template parameters and things like the ComposerType enum became overloaded - * in time, and continue to be a point of accumulation for tech debt. We aim to remedy some of this by putting proving - * system information in the flavor, and circuit construction information in the arithmetization (or larger circuit - * constructor class). + * easily comparable. In plonk, the various settings template parameters and objects like the ComposerType enum became + * overloaded in time, and continue to be a point of accumulation for tech debt. We aim to remedy some of this by + * putting proving system information in the flavor, and circuit construction information in the arithmetization (or + * larger circuit constructor class). * * @details #Data model * All of the flavor classes derive from a single Entitives_ template, which simply wraps a std::array (we would * inherit, but this is unsafe as std::array has a non-virtual destructor). The developer should think of every flavor * class as being: - * - A std::array instance. - * - An informative name for each entry of that array that is fixed at compile time. - * - Some classic metadata like we'd see in plonk (e.g., a circuit size, a refernce string, an evaluation domain). + * - A std::array instance called _data. + * - An informative name for each entry of _data that is fixed at compile time. + * - Some classic metadata like we'd see in plonk (e.g., a circuit size, a reference string, an evaluation domain). * - A collection of getters that record subsets of the array that are of interest in the Honk variant. * - * Each getter returns a container of HandleType's, where a HandleType is something that is inexpensive to create and - * lets one view and mutate a DataType instance. The primary example here is that std::span is the handle type chosen - * for barrtenberg::Polynomial. + * Each getter returns a container of HandleType's, where a HandleType is a value type that is inexpensive to create and + * that lets one view and mutate a DataType instance. The primary example here is that std::span is the handle type + * chosen for barrtenberg::Polynomial. * * @details #Some Notes * - * @note It would be ideal to codify more structure in this file and to have it imposed on the actual flavors, but our - * inheritance model is complicated as it is, and we saw no reasonable way to fix this. + * @note It would be ideal to codify more structure in these base class tempalte and to have it imposed on the actual + * flavors, but our inheritance model is complicated as it is, and we saw no reasonable way to fix this. * * @note One asymmetry to note is in the use of the term "key". It is worthwhile to distinguish betwen prover/verifier * circuit data, and "keys" that consist of such data augmented with witness data (whether, raw, blinded, or polynomial @@ -52,8 +54,8 @@ * TODO(Cody): It would be nice to resolve this but it's not essential. * * @note The VerifierCommitments classes are not 'tight' in the sense that that the underlying array contains(a few) - * empty slots. This is a conscious choice to limit complexity at the expense of explicitness. Note that there is very - * little memory cost here since the DataType size in that case is small. + * empty slots. This is a conscious choice to limit complexity. Note that there is very little memory cost here since + * the DataType size in that case is small. * * @todo TODO(#394): Folded polynomials should use polynomial class. * @todo TODO(#395): Getters should return arrays? @@ -73,7 +75,7 @@ namespace proof_system::honk::flavor { /** - * @brief Base data class, a wrapper for std::array, from which every flavor class ultimately derives. + * @brief Base data class template, a wrapper for std::array, from which every flavor class ultimately derives. * * @tparam T The underlying data type stored in the array * @tparam HandleType The type that will be used to @@ -94,7 +96,7 @@ template class Ent }; /** - * @brief Base class containing circuit-specifying data. + * @brief Base class template containing circuit-specifying data. * */ template @@ -110,6 +112,16 @@ class PrecomputedEntities_ : public Entities_ get_id_polynomials() = 0; }; +/** + * @brief Base class template containing witness (wires and derived witnesses). + * @details Shifts are not included here since they do not occupy their own memory. + */ +template +class WitnessEntities_ : public Entities_ { + public: + virtual std::vector get_wires() = 0; +}; + /** * @brief Base proving key class. * From 0c331465c09b56788465eb1fb73a14005a05bc4f Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 15:13:52 +0000 Subject: [PATCH 102/119] Remove redundant template arg. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 2 +- cpp/src/barretenberg/honk/flavor/ultra.hpp | 2 +- cpp/src/barretenberg/polynomials/polynomial.hpp | 2 ++ cpp/src/barretenberg/proof_system/flavor/flavor.hpp | 11 ++++++++--- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 31a015e089..bebdb34373 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -162,7 +162,7 @@ class Standard { * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve inherit * from ProvingKey. */ - class ProvingKey : public ProvingKey_, FF> { + class ProvingKey : public ProvingKey_> { public: WitnessEntities _witness_data; diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 21de6f5dbd..1285830942 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -191,7 +191,7 @@ class Ultra { }; public: - class ProvingKey : public ProvingKey_, FF> { + class ProvingKey : public ProvingKey_> { public: WitnessEntities _witness_data; diff --git a/cpp/src/barretenberg/polynomials/polynomial.hpp b/cpp/src/barretenberg/polynomials/polynomial.hpp index fed986d00c..6c71e14b6c 100644 --- a/cpp/src/barretenberg/polynomials/polynomial.hpp +++ b/cpp/src/barretenberg/polynomials/polynomial.hpp @@ -12,6 +12,8 @@ namespace barretenberg { template class Polynomial { public: + using FF = Fr; + // Creates a read only polynomial using mmap. Polynomial(std::string const& filename); diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 6f0d7dd364..d9ae7b6251 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -99,9 +99,11 @@ template class Ent * @brief Base class template containing circuit-specifying data. * */ -template -class PrecomputedEntities_ : public Entities_ { +template +class PrecomputedEntities_ : public Entities_ { public: + using DataType = DataType_; + size_t circuit_size; size_t log_circuit_size; size_t num_public_inputs; @@ -129,8 +131,11 @@ class WitnessEntities_ : public Entities_ class ProvingKey_ : public PrecomputedEntities { +template class ProvingKey_ : public PrecomputedEntities { public: + using Polynomial = typename PrecomputedEntities::DataType; + using FF = typename Polynomial::FF; + bool contains_recursive_proof; std::vector recursive_proof_public_input_indices; std::shared_ptr crs; From 93d6d61c2d55683f229b428cdde9f852567eeed7 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 16:08:34 +0000 Subject: [PATCH 103/119] Symmetry of proving key. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 19 +++++------- cpp/src/barretenberg/honk/flavor/ultra.hpp | 29 +++++++------------ .../composer/composer_helper_lib.hpp | 5 ++-- .../proof_system/flavor/flavor.hpp | 7 +++-- 4 files changed, 26 insertions(+), 34 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index bebdb34373..0867543ed2 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -162,14 +162,13 @@ class Standard { * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve inherit * from ProvingKey. */ - class ProvingKey : public ProvingKey_> { + class ProvingKey : public ProvingKey_, + WitnessEntities> { public: - WitnessEntities _witness_data; - - Polynomial& w_l = _witness_data.w_l; - Polynomial& w_r = _witness_data.w_r; - Polynomial& w_o = _witness_data.w_o; - Polynomial& z_perm = _witness_data.z_perm; + using PrecomputedPolynomials = PrecomputedEntities; + std::array& precomputed_polynomials = PrecomputedPolynomials::_data; + using WitnessPolynomials = WitnessEntities; + std::array& witness_polynomials = WitnessPolynomials::_data; ProvingKey() = default; ProvingKey(const size_t circuit_size, @@ -185,16 +184,14 @@ class Standard { this->num_public_inputs = num_public_inputs; this->composer_type = composer_type; // Allocate memory for precomputed polynomials - for (auto& poly : this->_data) { + for (auto& poly : precomputed_polynomials) { poly = Polynomial(circuit_size); } // Allocate memory for witness polynomials - for (auto& poly : this->_witness_data._data) { + for (auto& poly : witness_polynomials) { poly = Polynomial(circuit_size); } }; - - std::vector get_wires() { return _witness_data.get_wires(); }; }; /** diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 1285830942..3620c36c4b 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -191,21 +191,13 @@ class Ultra { }; public: - class ProvingKey : public ProvingKey_> { + class ProvingKey : public ProvingKey_, + WitnessEntities> { public: - WitnessEntities _witness_data; - - Polynomial& w_l = _witness_data.w_l; - Polynomial& w_r = _witness_data.w_r; - Polynomial& w_o = _witness_data.w_o; - Polynomial& w_4 = _witness_data.w_4; - Polynomial& sorted_1 = _witness_data.sorted_1; - Polynomial& sorted_2 = _witness_data.sorted_2; - Polynomial& sorted_3 = _witness_data.sorted_3; - Polynomial& sorted_4 = _witness_data.sorted_4; - Polynomial& sorted_accum = _witness_data.sorted_accum; - Polynomial& z_perm = _witness_data.z_perm; - Polynomial& z_lookup = _witness_data.z_lookup; + using PrecomputedPolynomials = PrecomputedEntities; + std::array& precomputed_polynomials = PrecomputedPolynomials::_data; + using WitnessPolynomials = WitnessEntities; + std::array& witness_polynomials = WitnessPolynomials::_data; std::vector memory_read_records; std::vector memory_write_records; @@ -224,20 +216,21 @@ class Ultra { this->num_public_inputs = num_public_inputs; this->composer_type = composer_type; // Allocate memory for precomputed polynomials - for (auto& poly : this->_data) { + for (auto& poly : precomputed_polynomials) { poly = Polynomial(circuit_size); } // Allocate memory for witness polynomials - for (auto& poly : this->_witness_data._data) { + for (auto& poly : witness_polynomials) { poly = Polynomial(circuit_size); } }; - std::vector get_wires() { return _witness_data.get_wires(); }; + std::vector selectors{ q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; + std::vector get_wires() { return WitnessPolynomials::get_wires(); }; // The plookup wires that store plookup read data. std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; // The sorted concatenations of table and witness data needed for plookup. - std::vector get_sorted_polynomials() { return _witness_data.get_sorted_polynomials(); }; + std::vector get_sorted_polynomials() { return WitnessPolynomials::get_sorted_polynomials(); }; }; using VerificationKey = VerificationKey_>; diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index fa31ee8a1f..830cf71953 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -49,7 +49,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c typename Flavor::ProvingKey* proving_key) { const size_t num_public_inputs = circuit_constructor.public_inputs.size(); - // TODO(Cody): Loose coupling here! Would rather build up pk from arithmetizaiton + // TODO(#398): Loose coupling here! Would rather build up pk from arithmetization size_t selector_idx = 0; // TODO(#391) zip for (auto& selector_values : circuit_constructor.selectors) { ASSERT(proving_key->circuit_size >= selector_values.size()); @@ -61,7 +61,8 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c selector_poly_lagrange[num_public_inputs + i] = selector_values[i]; } if constexpr (IsHonkFlavor) { - proving_key->_data[selector_idx] = selector_poly_lagrange; + // TODO(#398): Loose coupling here of arithmetization and flavor. + proving_key->precomputed_polynomials[selector_idx] = selector_poly_lagrange; } else if constexpr (IsPlonkFlavor) { // TODO(Cody): Loose coupling here of selector_names and selector_properties. proving_key->polynomial_store.put(circuit_constructor.selector_names_[selector_idx] + "_lagrange", diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index d9ae7b6251..1d54d066bd 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -131,9 +131,10 @@ class WitnessEntities_ : public Entities_ class ProvingKey_ : public PrecomputedEntities { +template +class ProvingKey_ : public PrecomputedPolynomials, public WitnessPolynomials { public: - using Polynomial = typename PrecomputedEntities::DataType; + using Polynomial = typename PrecomputedPolynomials::DataType; using FF = typename Polynomial::FF; bool contains_recursive_proof; @@ -147,7 +148,7 @@ template class ProvingKey_ : public PrecomputedEn * * @tparam PrecomputedEntities An instance of PrecomputedEntities_ with affine_element data type and handle type. */ -template class VerificationKey_ : public PrecomputedEntities { +template class VerificationKey_ : public PrecomputedCommitments { public: std::shared_ptr vrs; }; From 604e68ef23b247d382f76789396f93290de85999 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 16:14:48 +0000 Subject: [PATCH 104/119] Remove some boilerplate --- cpp/src/barretenberg/honk/flavor/standard.hpp | 5 ----- cpp/src/barretenberg/honk/flavor/ultra.hpp | 14 +++----------- .../barretenberg/proof_system/flavor/flavor.hpp | 3 +++ 3 files changed, 6 insertions(+), 16 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 0867543ed2..6ae6765492 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -165,11 +165,6 @@ class Standard { class ProvingKey : public ProvingKey_, WitnessEntities> { public: - using PrecomputedPolynomials = PrecomputedEntities; - std::array& precomputed_polynomials = PrecomputedPolynomials::_data; - using WitnessPolynomials = WitnessEntities; - std::array& witness_polynomials = WitnessPolynomials::_data; - ProvingKey() = default; ProvingKey(const size_t circuit_size, const size_t num_public_inputs, diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 3620c36c4b..609f1afe22 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -78,7 +78,7 @@ class Ultra { // Container for all witness polys template - class WitnessEntities : public Entities_ { + class WitnessEntities : public WitnessEntities_ { public: DataType& w_l = std::get<0>(this->_data); DataType& w_r = std::get<1>(this->_data); @@ -92,7 +92,8 @@ class Ultra { DataType& z_perm = std::get<9>(this->_data); DataType& z_lookup = std::get<10>(this->_data); - std::vector get_wires() { return { w_l, w_r, w_o, w_4 }; }; + std::vector get_wires() override { return { w_l, w_r, w_o, w_4 }; }; + // The sorted concatenations of table and witness data needed for plookup. std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; }; @@ -194,11 +195,6 @@ class Ultra { class ProvingKey : public ProvingKey_, WitnessEntities> { public: - using PrecomputedPolynomials = PrecomputedEntities; - std::array& precomputed_polynomials = PrecomputedPolynomials::_data; - using WitnessPolynomials = WitnessEntities; - std::array& witness_polynomials = WitnessPolynomials::_data; - std::vector memory_read_records; std::vector memory_write_records; @@ -225,12 +221,8 @@ class Ultra { } }; - std::vector selectors{ q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, q_elliptic, q_aux, q_lookup }; - std::vector get_wires() { return WitnessPolynomials::get_wires(); }; // The plookup wires that store plookup read data. std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; - // The sorted concatenations of table and witness data needed for plookup. - std::vector get_sorted_polynomials() { return WitnessPolynomials::get_sorted_polynomials(); }; }; using VerificationKey = VerificationKey_>; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 1d54d066bd..92b1855ee0 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -137,6 +137,9 @@ class ProvingKey_ : public PrecomputedPolynomials, public WitnessPolynomials { using Polynomial = typename PrecomputedPolynomials::DataType; using FF = typename Polynomial::FF; + typename PrecomputedPolynomials::ArrayType& precomputed_polynomials = PrecomputedPolynomials::_data; + typename WitnessPolynomials::ArrayType& witness_polynomials = WitnessPolynomials::_data; + bool contains_recursive_proof; std::vector recursive_proof_public_input_indices; std::shared_ptr crs; From f25d7275199205e79333c90c7b3f37dfde8d0fc9 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 16:28:26 +0000 Subject: [PATCH 105/119] Share proving key constructor. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 26 +++-------------- cpp/src/barretenberg/honk/flavor/ultra.hpp | 28 ++++--------------- .../proof_system/flavor/flavor.hpp | 22 +++++++++++++++ 3 files changed, 31 insertions(+), 45 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 6ae6765492..15bb21e1c2 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -165,28 +165,10 @@ class Standard { class ProvingKey : public ProvingKey_, WitnessEntities> { public: - ProvingKey() = default; - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - { - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); - - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->composer_type = composer_type; - // Allocate memory for precomputed polynomials - for (auto& poly : precomputed_polynomials) { - poly = Polynomial(circuit_size); - } - // Allocate memory for witness polynomials - for (auto& poly : witness_polynomials) { - poly = Polynomial(circuit_size); - } - }; + // Expose constructors on the base class + using Base = ProvingKey_, + WitnessEntities>; + using Base::Base; }; /** diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 609f1afe22..8521635386 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -195,32 +195,14 @@ class Ultra { class ProvingKey : public ProvingKey_, WitnessEntities> { public: + // Expose constructors on the base class + using Base = ProvingKey_, + WitnessEntities>; + using Base::Base; + std::vector memory_read_records; std::vector memory_write_records; - ProvingKey() = default; - ProvingKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& crs, - ComposerType composer_type) - { - this->crs = crs; - this->evaluation_domain = EvaluationDomain(circuit_size, circuit_size); - - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->composer_type = composer_type; - // Allocate memory for precomputed polynomials - for (auto& poly : precomputed_polynomials) { - poly = Polynomial(circuit_size); - } - // Allocate memory for witness polynomials - for (auto& poly : witness_polynomials) { - poly = Polynomial(circuit_size); - } - }; - // The plookup wires that store plookup read data. std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; }; diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 92b1855ee0..2f7874f167 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -144,6 +144,28 @@ class ProvingKey_ : public PrecomputedPolynomials, public WitnessPolynomials { std::vector recursive_proof_public_input_indices; std::shared_ptr crs; barretenberg::EvaluationDomain evaluation_domain; + + ProvingKey_() = default; + ProvingKey_(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& crs, + ComposerType composer_type) + { + this->crs = crs; + this->evaluation_domain = barretenberg::EvaluationDomain(circuit_size, circuit_size); + PrecomputedPolynomials::circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->composer_type = composer_type; + // Allocate memory for precomputed polynomials + for (auto& poly : precomputed_polynomials) { + poly = Polynomial(circuit_size); + } + // Allocate memory for witness polynomials + for (auto& poly : witness_polynomials) { + poly = Polynomial(circuit_size); + } + }; }; /** From 1ddb4514b6789bc4441d502d871946e190d8eec4 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 21:31:34 +0000 Subject: [PATCH 106/119] Rename members; resue VK constructors. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 18 ++-------------- .../composer/composer_helper_lib.hpp | 2 +- .../proof_system/flavor/flavor.hpp | 21 +++++++++++++++---- 3 files changed, 20 insertions(+), 21 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 15bb21e1c2..35e1a901c3 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -165,7 +165,7 @@ class Standard { class ProvingKey : public ProvingKey_, WitnessEntities> { public: - // Expose constructors on the base class + // Expose constructors of the base class using Base = ProvingKey_, WitnessEntities>; using Base::Base; @@ -179,21 +179,7 @@ class Standard { * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our * circuits. */ - class VerificationKey : public VerificationKey_> { - public: - VerificationKey() = default; - VerificationKey(const size_t circuit_size, - const size_t num_public_inputs, - std::shared_ptr const& vrs, - ComposerType composer_type) - { - this->circuit_size = circuit_size; - this->log_circuit_size = numeric::get_msb(circuit_size); - this->num_public_inputs = num_public_inputs; - this->vrs = vrs; - this->composer_type = composer_type; - }; - }; + using VerificationKey = VerificationKey_>; /** * @brief A container for polynomials handles; only stores spans. diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index 830cf71953..f2b2506fb2 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -62,7 +62,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c } if constexpr (IsHonkFlavor) { // TODO(#398): Loose coupling here of arithmetization and flavor. - proving_key->precomputed_polynomials[selector_idx] = selector_poly_lagrange; + proving_key->_precomputed_polynomials[selector_idx] = selector_poly_lagrange; } else if constexpr (IsPlonkFlavor) { // TODO(Cody): Loose coupling here of selector_names and selector_properties. proving_key->polynomial_store.put(circuit_constructor.selector_names_[selector_idx] + "_lagrange", diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index 2f7874f167..a28c3a192c 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -137,8 +137,8 @@ class ProvingKey_ : public PrecomputedPolynomials, public WitnessPolynomials { using Polynomial = typename PrecomputedPolynomials::DataType; using FF = typename Polynomial::FF; - typename PrecomputedPolynomials::ArrayType& precomputed_polynomials = PrecomputedPolynomials::_data; - typename WitnessPolynomials::ArrayType& witness_polynomials = WitnessPolynomials::_data; + typename PrecomputedPolynomials::ArrayType& _precomputed_polynomials = PrecomputedPolynomials::_data; + typename WitnessPolynomials::ArrayType& _witness_polynomials = WitnessPolynomials::_data; bool contains_recursive_proof; std::vector recursive_proof_public_input_indices; @@ -158,11 +158,11 @@ class ProvingKey_ : public PrecomputedPolynomials, public WitnessPolynomials { this->num_public_inputs = num_public_inputs; this->composer_type = composer_type; // Allocate memory for precomputed polynomials - for (auto& poly : precomputed_polynomials) { + for (auto& poly : _precomputed_polynomials) { poly = Polynomial(circuit_size); } // Allocate memory for witness polynomials - for (auto& poly : witness_polynomials) { + for (auto& poly : _witness_polynomials) { poly = Polynomial(circuit_size); } }; @@ -176,6 +176,19 @@ class ProvingKey_ : public PrecomputedPolynomials, public WitnessPolynomials { template class VerificationKey_ : public PrecomputedCommitments { public: std::shared_ptr vrs; + + VerificationKey_() = default; + VerificationKey_(const size_t circuit_size, + const size_t num_public_inputs, + std::shared_ptr const& vrs, + ComposerType composer_type) + { + this->circuit_size = circuit_size; + this->log_circuit_size = numeric::get_msb(circuit_size); + this->num_public_inputs = num_public_inputs; + this->vrs = vrs; + this->composer_type = composer_type; + }; }; template From 050bb38b7339b633e3a4b9fcd8fc05b32dfcc5c1 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 22:07:46 +0000 Subject: [PATCH 107/119] Paste standard flavor comments into ultra flavor. --- cpp/src/barretenberg/honk/flavor/standard.hpp | 12 ++-- cpp/src/barretenberg/honk/flavor/ultra.hpp | 70 ++++++++++++++++--- .../proof_system/flavor/flavor.hpp | 14 +++- 3 files changed, 76 insertions(+), 20 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 35e1a901c3..3aa7c21c86 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -92,9 +92,12 @@ class Standard { /** * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during - * sumcheck) in this Honk variant along with particular subsets of interest. + * sumcheck) in this Honk variant along with particular subsets of interest * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. + * + * Symbolically we have: AllEntities = PrecomputedEntities + WitnessEntities + "ShiftedEntities". It could be + * implemented as such, but we don't have this now. */ template class AllEntities : public AllEntities_ { @@ -122,7 +125,7 @@ class Standard { // Gemin-specific getters. std::vector get_unshifted() override - { // ...z_perm_shift is in here? + { return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, lagrange_last, w_l, w_r, w_o, z_perm }; }; @@ -219,11 +222,6 @@ class Standard { */ class CommitmentLabels : public AllEntities { public: - // this does away with the ENUM_TO_COMM array while preserving the - // transcript interface, which takes a string - // note: we could consider "enriching" the transcript interface to not use - // strings in the future, but I leave it this way for simplicity - CommitmentLabels() : AllEntities() { diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 8521635386..077d1c426c 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -31,13 +31,21 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates. We often need containers of + // this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` static constexpr size_t NUM_ALL_ENTITIES = 47; + // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying + // assignment of witnesses. We again choose a neutral name. static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 25; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 11; private: template + /** + * @brief A base class labelling precomputed entities and (ordered) subsets of interest. + * @details Used to build the proving key and verification key. + */ class PrecomputedEntities : public PrecomputedEntities_ { public: DataType& q_m = std::get<0>(this->_data); @@ -76,7 +84,10 @@ class Ultra { std::vector get_table_polynomials() { return { table_1, table_2, table_3, table_4 }; }; }; - // Container for all witness polys + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory. + */ template class WitnessEntities : public WitnessEntities_ { public: @@ -97,6 +108,15 @@ class Ultra { std::vector get_sorted_polynomials() { return { sorted_1, sorted_2, sorted_3, sorted_4 }; }; }; + /** + * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during + * sumcheck) in this Honk variant along with particular subsets of interest + * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded + * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. + * + * Symbolically we have: AllEntities = PrecomputedEntities + WitnessEntities + "ShiftedEntities". It could be + * implemented as such, but we have this now. + */ template class AllEntities : public AllEntities_ { public: @@ -149,6 +169,7 @@ class Ultra { DataType& z_lookup_shift = std::get<46>(this->_data); std::vector get_wires() override { return { w_l, w_r, w_o, w_4 }; }; + // Gemin-specific getters. std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, @@ -192,6 +213,11 @@ class Ultra { }; public: + /** + * @brief The proving key is responsible for storing the polynomials used by the prover. + * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve inherit + * from ProvingKey. + */ class ProvingKey : public ProvingKey_, WitnessEntities> { public: @@ -207,19 +233,39 @@ class Ultra { std::array get_table_column_wires() { return { w_l, w_r, w_o }; }; }; + /** + * @brief The verificaiton key is responsible for storing the the commitments to the precomputed (non-witnessk) + * polynomials used by the verifier. + * + * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve + * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our + * circuits. + */ using VerificationKey = VerificationKey_>; - // These collect lightweight handles of data living in different entities. They - // provide the utility of grouping these and ranged `for` loops over - // subsets. + /** + * @brief A container for polynomials handles; only stores spans. + */ using ProverPolynomials = AllEntities; - using VerifierCommitments = AllEntities; + /** + * @brief A container for polynomials produced after the first round of sumcheck. + * @todo TODO(#394) Use polynomial classes for guaranteed memory alignment. + */ using FoldedPolynomials = AllEntities, PolynomialHandle>; + + /** + * @brief A container for univariates produced during the hot loop in sumcheck. + * @todo TODO(#390): Simplify this by moving MAX_RELATION_LENGTH? + */ template using ExtendedEdges = AllEntities, sumcheck::Univariate>; + /** + * @brief A container for the polynomials evaluations produced during sumcheck, which are purported to be the + * evaluations of polynomials committed in earlier rounds. + */ class PurportedEvaluations : public AllEntities { public: using Base = AllEntities; @@ -227,13 +273,14 @@ class Ultra { PurportedEvaluations(std::array _data_in) { this->_data = _data_in; } }; + /** + * @brief A container for commitment labels. + * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly needed. It + * has, however, been useful during debugging to have these lables avilable. + * + */ class CommitmentLabels : public AllEntities { public: - // this does away with the ENUM_TO_COMM array while preserving the - // transcript interface, which takes a string - // note: we could consider "enriching" the transcript interface to not use - // strings in the future, but I leave it this way for simplicity - CommitmentLabels() { w_l = "W_L"; @@ -287,6 +334,9 @@ class Ultra { }; }; + /** + * @brief A container for all commitments used by the verifier. + */ // class VerifierCommitments : public AllEntities { // public: // VerifierCommitments(std::shared_ptr verification_key) diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index a28c3a192c..f1c5579729 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -191,6 +191,11 @@ template class VerificationKey_ : public Preco }; }; +/** + * @brief Base class containing all entities (or handles on these) in one place. + * + * @tparam PrecomputedEntities An instance of PrecomputedEntities_ with affine_element data type and handle type. + */ template class AllEntities_ : public Entities_ { public: @@ -232,11 +237,14 @@ namespace proof_system { * @tparam T The type being tested * @tparam U A parameter pack of types being checked against T. */ -template concept IsAnyOf = (std::same_as || ...); +// clang-format off +template +concept IsAnyOf = (std::same_as || ...); template concept IsPlonkFlavor = IsAnyOf; -template concept IsHonkFlavor = IsAnyOf; - +template +concept IsHonkFlavor = IsAnyOf; +// clang-format on } // namespace proof_system From e6d7ebe10ac9112cedea79ef7bcf754dc202afdf Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 1 May 2023 22:23:35 +0000 Subject: [PATCH 108/119] Cleanup --- .../honk/proof_system/composer_helper.lib.hpp | 8 ++++++- .../honk/proof_system/prover_library.cpp | 13 +++++------ .../composer_helper/composer_helper_lib.cpp | 2 +- .../composer_helper/composer_helper_lib.hpp | 5 +++-- .../composer/composer_helper_lib.hpp | 22 ++++++++++++++----- 5 files changed, 34 insertions(+), 16 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp index bdf6547dcc..24c89a3a06 100644 --- a/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp +++ b/cpp/src/barretenberg/honk/proof_system/composer_helper.lib.hpp @@ -5,9 +5,15 @@ namespace proof_system::honk { /** - * @brief Computes the verification key by computing the: + * @brief Computes the verification key. + * @details Does the following * (1) commitments to the selector, permutation, and lagrange (first/last) polynomials, * (2) sets the polynomial manifest using the data from proving key. + * + * @tparam Flavor + * @param proving_key A completely construted proving key. + * @param vrs The reference string used by the verifier + * @return std::shared_ptr */ template std::shared_ptr compute_verification_key_common( diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp index 3e4b2fa3dc..87ee1631be 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.cpp @@ -9,11 +9,8 @@ namespace proof_system::honk::prover_library { /** * @brief Compute the permutation grand product polynomial Z_perm(X) * * - * @detail (This description assumes Flavor::NUM_WIRES 3). Z_perm may be defined in terms of iwires -wires -wirests values - * on X_i = 0,1,...,n-1 as Z_perm[0] = 1 and for i = 1:n-1 - * + * @details (This description assumes Flavor::NUM_WIRES 3). + * Z_perm may be defined in terms of its values on X_i = 0,1,...,n-1 as Z_perm[0] = 1 and for i = 1:n-1 * (w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ) * Z_perm[i] = ∏ -------------------------------------------------------------------------------- * (w_1(j) + β⋅σ_1(j) + γ) ⋅ (w_2(j) + β⋅σ_2(j) + γ) ⋅ (w_3(j) + β⋅σ_3(j) + γ) @@ -33,8 +30,10 @@ wirests values * * Note: Step (4) utilizes Montgomery batch inversion to replace n-many inversions with * one batch inversion (at the expense of more multiplications) + * + * @todo TODO(#222)(luke): Parallelize */ -// TODO(#222)(luke): Parallelize + template typename Flavor::Polynomial compute_permutation_grand_product(std::shared_ptr& key, typename Flavor::FF beta, @@ -221,7 +220,7 @@ typename Flavor::Polynomial compute_lookup_grand_product(std::shared_ptrtable_4, }; - std::span lookup_selector = key->q_lookup; // TODO(Cody): this was something called table_type + std::span lookup_selector = key->q_lookup; std::span lookup_index_selector = key->q_o; const FF beta_plus_one = beta + FF(1); // (1 + β) diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.cpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.cpp index 4ab16d7434..54b11e71db 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.cpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.cpp @@ -11,7 +11,7 @@ namespace proof_system::plonk { /** * @brief Retrieve lagrange forms of selector polynomials and compute monomial and coset-monomial forms and put into - * cache + * cache. * * @param key Pointer to the proving key * @param selector_properties Names of selectors diff --git a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp index 927174cc0f..c704608a3a 100644 --- a/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/plonk/composer/splitting_tmp/composer_helper/composer_helper_lib.hpp @@ -5,14 +5,15 @@ namespace proof_system::plonk { struct SelectorProperties { std::string name; - bool requires_lagrange_base_polynomial = false; // does the prover need the raw lagrange-base selector values? + // TODO: does the prover need the raw lagrange-base selector values? + bool requires_lagrange_base_polynomial = false; }; /** * @brief Retrieve lagrange forms of selector polynomials and compute monomial and coset-monomial forms and put into * cache * - * @param key Pointer to the proving key + * @param key Pointer to the proving key TODO(#293) * @param selector_properties Names of selectors */ void compute_monomial_and_coset_selector_forms(plonk::proving_key* key, diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index f2b2506fb2..af7b2805a6 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -6,14 +6,21 @@ namespace proof_system { /** - * @brief Initialize proving key and load the crs * * @tparam CircuitConstructor Class containing the circuit + * @return std::shared_ptr + */ + +/** + * @brief Initilalize proving key and load the crs + * + * @tparam Flavor * @param circuit_constructor Object containing the circuit + * @param crs_factory Produces the prover's reference string * @param minimum_circuit_size The minimum size of polynomials without randomized elements * @param num_randomized_gates Number of gates with randomized witnesses * @param composer_type The type of composer we are using - * @return std::shared_ptr + * @return std::shared_ptr */ template std::shared_ptr initialize_proving_key( @@ -40,7 +47,7 @@ std::shared_ptr initialize_proving_key( /** * @brief Construct selector polynomials from ciruit selector information and put into polynomial cache * - * @tparam CircuitConstructor The class holding the circuit + * @tparam Flavor * @param circuit_constructor The object holding the circuit * @param key Pointer to the proving key */ @@ -75,7 +82,7 @@ void construct_selector_polynomials(const typename Flavor::CircuitConstructor& c /** * @brief Fill the last index of each selector polynomial in lagrange form with a non-zero value * - * @tparam CircuitConstructor The class holding the circuit + * @tparam Flavor * @param circuit_constructor The object holding the circuit * @param key Pointer to the proving key * @@ -109,9 +116,14 @@ void enforce_nonzero_selector_polynomials(const typename Flavor::CircuitConstruc * * @details The first two witness polynomials bein with the public input values.of w_1, w_2 polynomials is filled with * public_input values. - * @return A vector containing the computed witness polynomials. + * * * @tparam Flavor provides the circuit constructor type and the number of wires. + * @param circuit_constructor + * @param minimum_circuit_size + * @param number_of_randomized_gates + * + * @return std::vector * */ template std::vector construct_wire_polynomials_base( From c7b3e30d8fe2cc6f12f45c9328be9725592d845b Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 19:05:38 +0000 Subject: [PATCH 109/119] Add cci config line back in. --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index f07a70bb55..08b20a8879 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -321,6 +321,7 @@ workflows: - x86_64-linux-clang: *defaults - x86_64-linux-clang-assert: *defaults - wasm-linux-clang: *defaults + - proof-system-tests: *bb_test - honk-tests: *bb_test - barretenberg-tests: *bb_test - stdlib-tests: *bb_test From 4a8d52dd8be23d33e021bc25e03a9dd1079be91d Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 19:31:51 +0000 Subject: [PATCH 110/119] Low-lying fixes like typos. --- .../composer/standard_honk_composer.test.cpp | 1 - cpp/src/barretenberg/honk/flavor/standard.hpp | 10 +- cpp/src/barretenberg/honk/flavor/ultra.hpp | 10 +- .../barretenberg/honk/proof_system/prover.cpp | 8 +- .../relations/relation_correctness.test.cpp | 2 - .../ultra_relation_consistency.test.cpp | 2 - .../barretenberg/honk/sumcheck/sumcheck.hpp | 9 - .../arithmetization/arithmetization.hpp | 2 +- .../circuit_constructor_base.hpp | 2 +- .../composer/composer_helper_lib.hpp | 9 +- .../proof_system/flavor/flavor.hpp | 6 +- sigma_before | 395 ------------------ sigma_now | 267 ------------ 13 files changed, 17 insertions(+), 706 deletions(-) delete mode 100644 sigma_before delete mode 100644 sigma_now diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index 3b26c8e970..ac0865a151 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -313,7 +313,6 @@ TEST(StandardHonkComposer, BaseCase) auto prover = composer.create_prover(); plonk::proof proof = prover.construct_proof(); - proof.print(); auto verifier = composer.create_verifier(); bool verified = verifier.verify_proof(proof); ASSERT_TRUE(verified); diff --git a/cpp/src/barretenberg/honk/flavor/standard.hpp b/cpp/src/barretenberg/honk/flavor/standard.hpp index 3aa7c21c86..a88c1b6cfc 100644 --- a/cpp/src/barretenberg/honk/flavor/standard.hpp +++ b/cpp/src/barretenberg/honk/flavor/standard.hpp @@ -39,8 +39,8 @@ class Standard { using PCSParams = pcs::kzg::Params; static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; - // The number of multivariate polynomials on which a sumcheck prover sumcheck operates. We often need containers of - // this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often + // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` static constexpr size_t NUM_ALL_ENTITIES = 18; // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying // assignment of witnesses. We again choose a neutral name. @@ -123,7 +123,7 @@ class Standard { std::vector get_wires() override { return { w_l, w_r, w_o }; }; - // Gemin-specific getters. + // Gemini-specific getters. std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_m, sigma_1, sigma_2, sigma_3, id_1, id_2, id_3, lagrange_first, @@ -175,7 +175,7 @@ class Standard { }; /** - * @brief The verificaiton key is responsible for storing the the commitments to the precomputed (non-witnessk) + * @brief The verification key is responsible for storing the the commitments to the precomputed (non-witness) * polynomials used by the verifier. * * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve @@ -217,7 +217,7 @@ class Standard { /** * @brief A container for commitment labels. * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly needed. It - * has, however, been useful during debugging to have these lables avilable. + * has, however, been useful during debugging to have these labels available. * */ class CommitmentLabels : public AllEntities { diff --git a/cpp/src/barretenberg/honk/flavor/ultra.hpp b/cpp/src/barretenberg/honk/flavor/ultra.hpp index 077d1c426c..f02947dd67 100644 --- a/cpp/src/barretenberg/honk/flavor/ultra.hpp +++ b/cpp/src/barretenberg/honk/flavor/ultra.hpp @@ -31,8 +31,8 @@ class Ultra { using PCSParams = pcs::kzg::Params; static constexpr size_t NUM_WIRES = CircuitConstructor::NUM_WIRES; - // The number of multivariate polynomials on which a sumcheck prover sumcheck operates. We often need containers of - // this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often + // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS` static constexpr size_t NUM_ALL_ENTITIES = 47; // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying // assignment of witnesses. We again choose a neutral name. @@ -169,7 +169,7 @@ class Ultra { DataType& z_lookup_shift = std::get<46>(this->_data); std::vector get_wires() override { return { w_l, w_r, w_o, w_4 }; }; - // Gemin-specific getters. + // Gemini-specific getters. std::vector get_unshifted() override { return { q_c, q_l, q_r, q_o, q_4, q_m, q_arith, q_sort, @@ -234,7 +234,7 @@ class Ultra { }; /** - * @brief The verificaiton key is responsible for storing the the commitments to the precomputed (non-witnessk) + * @brief The verification key is responsible for storing the the commitments to the precomputed (non-witnessk) * polynomials used by the verifier. * * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to resolve @@ -276,7 +276,7 @@ class Ultra { /** * @brief A container for commitment labels. * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly needed. It - * has, however, been useful during debugging to have these lables avilable. + * has, however, been useful during debugging to have these labels available. * */ class CommitmentLabels : public AllEntities { diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index a697626032..9fb0b84dfe 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -14,7 +14,7 @@ namespace proof_system::honk { * Create Prover from proving key, witness and manifest. * * @param input_key Proving key. - * @param input_manifest Input manifestxo + * @param input_manifest Input manifest * * @tparam settings Settings class. * */ @@ -107,9 +107,6 @@ template void StandardProver_::execute_grand_pro // Compute and store parameters required by relations in Sumcheck auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); - info("beta = ", beta); - info("gamma = ", gamma); - auto public_input_delta = compute_public_input_delta(public_inputs, beta, gamma, key->circuit_size); relation_parameters = sumcheck::RelationParameters{ @@ -142,9 +139,6 @@ template void StandardProver_::execute_relation_ auto sumcheck = Sumcheck(key->circuit_size, transcript); sumcheck_output = sumcheck.execute_prover(prover_polynomials, relation_parameters); - // for (auto& eval : sumcheck_output.purported_evaluations) { - // info(eval); - // }; } /** diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp index 1be032ca1c..b71d4fa938 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/relation_correctness.test.cpp @@ -303,8 +303,6 @@ TEST(RelationCorrectness, UltraRelationCorrectness) ++poly_idx; } - info("i = ", i); - // For each relation, call the `accumulate_relation_evaluation` over all witness/selector values at the // i-th row/vertex of the hypercube. We use ASSERT_EQ instead of EXPECT_EQ so that the tests stops at // the first index at which the result is not 0, since result = 0 + C(transposed), which we expect will diff --git a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp index 9d2a1e512d..9e394e2f97 100644 --- a/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp +++ b/cpp/src/barretenberg/honk/sumcheck/relations/ultra_relation_consistency.test.cpp @@ -369,8 +369,6 @@ TEST_F(UltraRelationConsistency, LookupGrandProductComputationRelation) expected_evals -= (z_lookup_shift + lagrange_last * grand_product_delta) * (s_accum + s_accum_shift * beta + gamma_by_one_plus_beta); - info("expected_evals = ", expected_evals); - validate_evaluations(expected_evals, relation, extended_edges, relation_parameters); }; diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp index 53c416746b..8968ee1260 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp @@ -94,9 +94,6 @@ template class... Relations { auto [alpha, zeta] = transcript.get_challenges("Sumcheck:alpha", "Sumcheck:zeta"); - info("alpha = ", alpha); - info("zeta = ", zeta); - PowUnivariate pow_univariate(zeta); std::vector multivariate_challenge; @@ -107,7 +104,6 @@ template class... Relations auto round_univariate = round.compute_univariate(full_polynomials, relation_parameters, pow_univariate, alpha); transcript.send_to_verifier("Sumcheck:univariate_0", round_univariate); FF round_challenge = transcript.get_challenge("Sumcheck:u_0"); - info("u_0 = ", round_challenge); multivariate_challenge.emplace_back(round_challenge); fold(full_polynomials, multivariate_n, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -120,7 +116,6 @@ template class... Relations round_univariate = round.compute_univariate(folded_polynomials, relation_parameters, pow_univariate, alpha); transcript.send_to_verifier("Sumcheck:univariate_" + std::to_string(round_idx), round_univariate); FF round_challenge = transcript.get_challenge("Sumcheck:u_" + std::to_string(round_idx)); - info("u_", round_idx, " = ", round_challenge); multivariate_challenge.emplace_back(round_challenge); fold(folded_polynomials, round.round_size, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -186,10 +181,6 @@ template class... Relations PurportedEvaluations purported_evaluations = transcript.template receive_from_prover>("Sumcheck:evaluations"); - // for (auto& eval : purported_evaluations) { - // info(eval, "<-- in sumcheck verifier"); - // }; - FF full_honk_relation_purported_value = round.compute_full_honk_relation_purported_value( purported_evaluations._data, relation_parameters, pow_univariate, alpha); verified = verified && (full_honk_relation_purported_value == round.target_total_sum); diff --git a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp index 0cc19220a5..fb4d72071e 100644 --- a/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp +++ b/cpp/src/barretenberg/proof_system/arithmetization/arithmetization.hpp @@ -46,7 +46,7 @@ template struct SelectorsBase { typename DataType::iterator end() { return _data.end(); }; }; -// These are not magic numbers and they should not be written with global constants. These paraters are not accessible +// These are not magic numbers and they should not be written with global constants. These parameters are not accessible // through clearly named static class members. template class Standard : public Arithmetization { public: diff --git a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp index 3ae1f1a773..3f6776eb09 100644 --- a/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp +++ b/cpp/src/barretenberg/proof_system/circuit_constructors/circuit_constructor_base.hpp @@ -18,7 +18,7 @@ template class CircuitConstructorBase { static constexpr size_t num_selectors = Arithmetization::num_selectors; // TODO(Cody): These are plonk-specific and could be specified in the plonk flavors. - // Also, theere is loose coupling with the vectors of SelectorProperties + // Also, there is loose coupling with the vectors of SelectorProperties std::vector selector_names_; size_t num_gates = 0; diff --git a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp index af7b2805a6..9eb71bf254 100644 --- a/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp +++ b/cpp/src/barretenberg/proof_system/composer/composer_helper_lib.hpp @@ -5,12 +5,6 @@ namespace proof_system { -/** - * - * @tparam CircuitConstructor Class containing the circuit - * @return std::shared_ptr - */ - /** * @brief Initilalize proving key and load the crs * @@ -114,8 +108,7 @@ void enforce_nonzero_selector_polynomials(const typename Flavor::CircuitConstruc /** * @brief Construct the witness polynomials from the witness vectors in the circuit constructor. * - * @details The first two witness polynomials bein with the public input values.of w_1, w_2 polynomials is filled with - * public_input values. + * @details The first two witness polynomials begin with the public input values. * * * @tparam Flavor provides the circuit constructor type and the number of wires. diff --git a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp index f1c5579729..047102b599 100644 --- a/cpp/src/barretenberg/proof_system/flavor/flavor.hpp +++ b/cpp/src/barretenberg/proof_system/flavor/flavor.hpp @@ -6,7 +6,7 @@ * @details #Motivation * We choose the framework set out in these classes for several reasons. * - * For one, it allows for a large amount of the information of Honk flavor to be read at a glance in a single file. + * For one, it allows for a large amount of the information of a Honk flavor to be read at a glance in a single file. * * The primary motivation, however, is to reduce the sort loose of coupling that is a significant source of complexity * in the original plonk code. There, we find many similarly-named entities defined in many different places (to name @@ -31,7 +31,7 @@ * larger circuit constructor class). * * @details #Data model - * All of the flavor classes derive from a single Entitives_ template, which simply wraps a std::array (we would + * All of the flavor classes derive from a single Entities_ template, which simply wraps a std::array (we would * inherit, but this is unsafe as std::array has a non-virtual destructor). The developer should think of every flavor * class as being: * - A std::array instance called _data. @@ -45,7 +45,7 @@ * * @details #Some Notes * - * @note It would be ideal to codify more structure in these base class tempalte and to have it imposed on the actual + * @note It would be ideal to codify more structure in these base class template and to have it imposed on the actual * flavors, but our inheritance model is complicated as it is, and we saw no reasonable way to fix this. * * @note One asymmetry to note is in the use of the term "key". It is worthwhile to distinguish betwen prover/verifier diff --git a/sigma_before b/sigma_before deleted file mode 100644 index cff8908bb8..0000000000 --- a/sigma_before +++ /dev/null @@ -1,395 +0,0 @@ -SIGMA VALUES INSIDE THE FUNCTION compute_honk_style_permutation_lagrange_polynomials_from_mapping -0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 -0x0000000000000000000000000000000000000000000000000000000000000041 -0x0000000000000000000000000000000000000000000000000000000000000003 -0x0000000000000000000000000000000000000000000000000000000000000043 -0x0000000000000000000000000000000000000000000000000000000000000006 -0x0000000000000000000000000000000000000000000000000000000000000086 -0x0000000000000000000000000000000000000000000000000000000000000000 -0x0000000000000000000000000000000000000000000000000000000000000008 -0x0000000000000000000000000000000000000000000000000000000000000049 -0x000000000000000000000000000000000000000000000000000000000000004a -0x000000000000000000000000000000000000000000000000000000000000000b -0x000000000000000000000000000000000000000000000000000000000000000c -0x000000000000000000000000000000000000000000000000000000000000000d -0x000000000000000000000000000000000000000000000000000000000000000e -0x000000000000000000000000000000000000000000000000000000000000000f -0x0000000000000000000000000000000000000000000000000000000000000010 -0x0000000000000000000000000000000000000000000000000000000000000011 -0x0000000000000000000000000000000000000000000000000000000000000012 -0x0000000000000000000000000000000000000000000000000000000000000013 -0x0000000000000000000000000000000000000000000000000000000000000014 -0x0000000000000000000000000000000000000000000000000000000000000015 -0x0000000000000000000000000000000000000000000000000000000000000016 -0x0000000000000000000000000000000000000000000000000000000000000017 -0x0000000000000000000000000000000000000000000000000000000000000018 -0x0000000000000000000000000000000000000000000000000000000000000019 -0x000000000000000000000000000000000000000000000000000000000000001a -0x000000000000000000000000000000000000000000000000000000000000001b -0x000000000000000000000000000000000000000000000000000000000000001c -0x000000000000000000000000000000000000000000000000000000000000001d -0x000000000000000000000000000000000000000000000000000000000000001e -0x000000000000000000000000000000000000000000000000000000000000001f -0x0000000000000000000000000000000000000000000000000000000000000020 -0x0000000000000000000000000000000000000000000000000000000000000021 -0x0000000000000000000000000000000000000000000000000000000000000022 -0x0000000000000000000000000000000000000000000000000000000000000023 -0x0000000000000000000000000000000000000000000000000000000000000024 -0x0000000000000000000000000000000000000000000000000000000000000025 -0x0000000000000000000000000000000000000000000000000000000000000026 -0x0000000000000000000000000000000000000000000000000000000000000027 -0x0000000000000000000000000000000000000000000000000000000000000005 -0x0000000000000000000000000000000000000000000000000000000000000028 -0x0000000000000000000000000000000000000000000000000000000000000029 -0x000000000000000000000000000000000000000000000000000000000000002a -0x000000000000000000000000000000000000000000000000000000000000002b -0x000000000000000000000000000000000000000000000000000000000000002c -0x000000000000000000000000000000000000000000000000000000000000002d -0x000000000000000000000000000000000000000000000000000000000000002e -0x000000000000000000000000000000000000000000000000000000000000002f -0x0000000000000000000000000000000000000000000000000000000000000030 -0x0000000000000000000000000000000000000000000000000000000000000031 -0x0000000000000000000000000000000000000000000000000000000000000032 -0x0000000000000000000000000000000000000000000000000000000000000033 -0x0000000000000000000000000000000000000000000000000000000000000034 -0x0000000000000000000000000000000000000000000000000000000000000035 -0x0000000000000000000000000000000000000000000000000000000000000036 -0x0000000000000000000000000000000000000000000000000000000000000037 -0x0000000000000000000000000000000000000000000000000000000000000038 -0x0000000000000000000000000000000000000000000000000000000000000039 -0x000000000000000000000000000000000000000000000000000000000000003a -0x000000000000000000000000000000000000000000000000000000000000003b -0x000000000000000000000000000000000000000000000000000000000000003c -0x000000000000000000000000000000000000000000000000000000000000003d -0x000000000000000000000000000000000000000000000000000000000000003e -0x000000000000000000000000000000000000000000000000000000000000003f -0x0000000000000000000000000000000000000000000000000000000000000004 -0x0000000000000000000000000000000000000000000000000000000000000081 -0x0000000000000000000000000000000000000000000000000000000000000082 -0x0000000000000000000000000000000000000000000000000000000000000083 -0x0000000000000000000000000000000000000000000000000000000000000084 -0x0000000000000000000000000000000000000000000000000000000000000047 -0x0000000000000000000000000000000000000000000000000000000000000087 -0x0000000000000000000000000000000000000000000000000000000000000048 -0x0000000000000000000000000000000000000000000000000000000000000009 -0x000000000000000000000000000000000000000000000000000000000000000a -0x000000000000000000000000000000000000000000000000000000000000004b -0x000000000000000000000000000000000000000000000000000000000000004c -0x000000000000000000000000000000000000000000000000000000000000004d -0x000000000000000000000000000000000000000000000000000000000000004e -0x000000000000000000000000000000000000000000000000000000000000004f -0x0000000000000000000000000000000000000000000000000000000000000050 -0x0000000000000000000000000000000000000000000000000000000000000051 -0x0000000000000000000000000000000000000000000000000000000000000052 -0x0000000000000000000000000000000000000000000000000000000000000053 -0x0000000000000000000000000000000000000000000000000000000000000054 -0x0000000000000000000000000000000000000000000000000000000000000055 -0x0000000000000000000000000000000000000000000000000000000000000056 -0x0000000000000000000000000000000000000000000000000000000000000057 -0x0000000000000000000000000000000000000000000000000000000000000058 -0x0000000000000000000000000000000000000000000000000000000000000059 -0x000000000000000000000000000000000000000000000000000000000000005a -0x000000000000000000000000000000000000000000000000000000000000005b -0x000000000000000000000000000000000000000000000000000000000000005c -0x000000000000000000000000000000000000000000000000000000000000005d -0x000000000000000000000000000000000000000000000000000000000000005e -0x000000000000000000000000000000000000000000000000000000000000005f -0x0000000000000000000000000000000000000000000000000000000000000060 -0x0000000000000000000000000000000000000000000000000000000000000061 -0x0000000000000000000000000000000000000000000000000000000000000062 -0x0000000000000000000000000000000000000000000000000000000000000063 -0x0000000000000000000000000000000000000000000000000000000000000064 -0x0000000000000000000000000000000000000000000000000000000000000065 -0x0000000000000000000000000000000000000000000000000000000000000066 -0x0000000000000000000000000000000000000000000000000000000000000067 -0x0000000000000000000000000000000000000000000000000000000000000045 -0x0000000000000000000000000000000000000000000000000000000000000068 -0x0000000000000000000000000000000000000000000000000000000000000069 -0x000000000000000000000000000000000000000000000000000000000000006a -0x000000000000000000000000000000000000000000000000000000000000006b -0x000000000000000000000000000000000000000000000000000000000000006c -0x000000000000000000000000000000000000000000000000000000000000006d -0x000000000000000000000000000000000000000000000000000000000000006e -0x000000000000000000000000000000000000000000000000000000000000006f -0x0000000000000000000000000000000000000000000000000000000000000070 -0x0000000000000000000000000000000000000000000000000000000000000071 -0x0000000000000000000000000000000000000000000000000000000000000072 -0x0000000000000000000000000000000000000000000000000000000000000073 -0x0000000000000000000000000000000000000000000000000000000000000074 -0x0000000000000000000000000000000000000000000000000000000000000075 -0x0000000000000000000000000000000000000000000000000000000000000076 -0x0000000000000000000000000000000000000000000000000000000000000077 -0x0000000000000000000000000000000000000000000000000000000000000078 -0x0000000000000000000000000000000000000000000000000000000000000079 -0x000000000000000000000000000000000000000000000000000000000000007a -0x000000000000000000000000000000000000000000000000000000000000007b -0x000000000000000000000000000000000000000000000000000000000000007c -0x000000000000000000000000000000000000000000000000000000000000007d -0x000000000000000000000000000000000000000000000000000000000000007e -0x000000000000000000000000000000000000000000000000000000000000007f -0x0000000000000000000000000000000000000000000000000000000000000080 -0x0000000000000000000000000000000000000000000000000000000000000042 -0x0000000000000000000000000000000000000000000000000000000000000044 -0x0000000000000000000000000000000000000000000000000000000000000002 -0x0000000000000000000000000000000000000000000000000000000000000001 -0x0000000000000000000000000000000000000000000000000000000000000046 -0x0000000000000000000000000000000000000000000000000000000000000007 -0x0000000000000000000000000000000000000000000000000000000000000088 -0x0000000000000000000000000000000000000000000000000000000000000089 -0x000000000000000000000000000000000000000000000000000000000000008a -0x000000000000000000000000000000000000000000000000000000000000008b -0x000000000000000000000000000000000000000000000000000000000000008c -0x000000000000000000000000000000000000000000000000000000000000008d -0x000000000000000000000000000000000000000000000000000000000000008e -0x000000000000000000000000000000000000000000000000000000000000008f -0x0000000000000000000000000000000000000000000000000000000000000090 -0x0000000000000000000000000000000000000000000000000000000000000091 -0x0000000000000000000000000000000000000000000000000000000000000092 -0x0000000000000000000000000000000000000000000000000000000000000093 -0x0000000000000000000000000000000000000000000000000000000000000094 -0x0000000000000000000000000000000000000000000000000000000000000095 -0x0000000000000000000000000000000000000000000000000000000000000096 -0x0000000000000000000000000000000000000000000000000000000000000097 -0x0000000000000000000000000000000000000000000000000000000000000098 -0x0000000000000000000000000000000000000000000000000000000000000099 -0x000000000000000000000000000000000000000000000000000000000000009a -0x000000000000000000000000000000000000000000000000000000000000009b -0x000000000000000000000000000000000000000000000000000000000000009c -0x000000000000000000000000000000000000000000000000000000000000009d -0x000000000000000000000000000000000000000000000000000000000000009e -0x000000000000000000000000000000000000000000000000000000000000009f -0x00000000000000000000000000000000000000000000000000000000000000a0 -0x00000000000000000000000000000000000000000000000000000000000000a1 -0x00000000000000000000000000000000000000000000000000000000000000a2 -0x00000000000000000000000000000000000000000000000000000000000000a3 -0x00000000000000000000000000000000000000000000000000000000000000a4 -0x00000000000000000000000000000000000000000000000000000000000000a5 -0x00000000000000000000000000000000000000000000000000000000000000a6 -0x00000000000000000000000000000000000000000000000000000000000000a7 -0x0000000000000000000000000000000000000000000000000000000000000085 -0x00000000000000000000000000000000000000000000000000000000000000a8 -0x00000000000000000000000000000000000000000000000000000000000000a9 -0x00000000000000000000000000000000000000000000000000000000000000aa -0x00000000000000000000000000000000000000000000000000000000000000ab -0x00000000000000000000000000000000000000000000000000000000000000ac -0x00000000000000000000000000000000000000000000000000000000000000ad -0x00000000000000000000000000000000000000000000000000000000000000ae -0x00000000000000000000000000000000000000000000000000000000000000af -0x00000000000000000000000000000000000000000000000000000000000000b0 -0x00000000000000000000000000000000000000000000000000000000000000b1 -0x00000000000000000000000000000000000000000000000000000000000000b2 -0x00000000000000000000000000000000000000000000000000000000000000b3 -0x00000000000000000000000000000000000000000000000000000000000000b4 -0x00000000000000000000000000000000000000000000000000000000000000b5 -0x00000000000000000000000000000000000000000000000000000000000000b6 -0x00000000000000000000000000000000000000000000000000000000000000b7 -0x00000000000000000000000000000000000000000000000000000000000000b8 -0x00000000000000000000000000000000000000000000000000000000000000b9 -0x00000000000000000000000000000000000000000000000000000000000000ba -0x00000000000000000000000000000000000000000000000000000000000000bb -0x00000000000000000000000000000000000000000000000000000000000000bc -0x00000000000000000000000000000000000000000000000000000000000000bd -0x00000000000000000000000000000000000000000000000000000000000000be -0x00000000000000000000000000000000000000000000000000000000000000bf - - - - - - - - - -SIGMA VALUES INSIDE THE TEST StandardHonkComposer.SigmaIDCorrectness -0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 -0x0000000000000000000000000000000000000000000000000000000000000041 -0x0000000000000000000000000000000000000000000000000000000000000003 -0x0000000000000000000000000000000000000000000000000000000000000043 -0x0000000000000000000000000000000000000000000000000000000000000006 -0x0000000000000000000000000000000000000000000000000000000000000086 -0x0000000000000000000000000000000000000000000000000000000000000000 -0x0000000000000000000000000000000000000000000000000000000000000008 -0x0000000000000000000000000000000000000000000000000000000000000049 -0x000000000000000000000000000000000000000000000000000000000000004a -0x000000000000000000000000000000000000000000000000000000000000000b -0x000000000000000000000000000000000000000000000000000000000000000c -0x000000000000000000000000000000000000000000000000000000000000000d -0x000000000000000000000000000000000000000000000000000000000000000e -0x000000000000000000000000000000000000000000000000000000000000000f -0x0000000000000000000000000000000000000000000000000000000000000010 -0x0000000000000000000000000000000000000000000000000000000000000011 -0x0000000000000000000000000000000000000000000000000000000000000012 -0x0000000000000000000000000000000000000000000000000000000000000013 -0x0000000000000000000000000000000000000000000000000000000000000014 -0x0000000000000000000000000000000000000000000000000000000000000015 -0x0000000000000000000000000000000000000000000000000000000000000016 -0x0000000000000000000000000000000000000000000000000000000000000017 -0x0000000000000000000000000000000000000000000000000000000000000018 -0x0000000000000000000000000000000000000000000000000000000000000019 -0x000000000000000000000000000000000000000000000000000000000000001a -0x000000000000000000000000000000000000000000000000000000000000001b -0x000000000000000000000000000000000000000000000000000000000000001c -0x000000000000000000000000000000000000000000000000000000000000001d -0x000000000000000000000000000000000000000000000000000000000000001e -0x000000000000000000000000000000000000000000000000000000000000001f -0x0000000000000000000000000000000000000000000000000000000000000020 -0x0000000000000000000000000000000000000000000000000000000000000021 -0x0000000000000000000000000000000000000000000000000000000000000022 -0x0000000000000000000000000000000000000000000000000000000000000023 -0x0000000000000000000000000000000000000000000000000000000000000024 -0x0000000000000000000000000000000000000000000000000000000000000025 -0x0000000000000000000000000000000000000000000000000000000000000026 -0x0000000000000000000000000000000000000000000000000000000000000027 -0x0000000000000000000000000000000000000000000000000000000000000005 -0x0000000000000000000000000000000000000000000000000000000000000028 -0x0000000000000000000000000000000000000000000000000000000000000029 -0x000000000000000000000000000000000000000000000000000000000000002a -0x000000000000000000000000000000000000000000000000000000000000002b -0x000000000000000000000000000000000000000000000000000000000000002c -0x000000000000000000000000000000000000000000000000000000000000002d -0x000000000000000000000000000000000000000000000000000000000000002e -0x000000000000000000000000000000000000000000000000000000000000002f -0x0000000000000000000000000000000000000000000000000000000000000030 -0x0000000000000000000000000000000000000000000000000000000000000031 -0x0000000000000000000000000000000000000000000000000000000000000032 -0x0000000000000000000000000000000000000000000000000000000000000033 -0x0000000000000000000000000000000000000000000000000000000000000034 -0x0000000000000000000000000000000000000000000000000000000000000035 -0x0000000000000000000000000000000000000000000000000000000000000036 -0x0000000000000000000000000000000000000000000000000000000000000037 -0x0000000000000000000000000000000000000000000000000000000000000038 -0x0000000000000000000000000000000000000000000000000000000000000039 -0x000000000000000000000000000000000000000000000000000000000000003a -0x000000000000000000000000000000000000000000000000000000000000003b -0x000000000000000000000000000000000000000000000000000000000000003c -0x000000000000000000000000000000000000000000000000000000000000003d -0x000000000000000000000000000000000000000000000000000000000000003e -0x000000000000000000000000000000000000000000000000000000000000003f -0x0000000000000000000000000000000000000000000000000000000000000004 -0x0000000000000000000000000000000000000000000000000000000000000081 -0x0000000000000000000000000000000000000000000000000000000000000082 -0x0000000000000000000000000000000000000000000000000000000000000083 -0x0000000000000000000000000000000000000000000000000000000000000084 -0x0000000000000000000000000000000000000000000000000000000000000047 -0x0000000000000000000000000000000000000000000000000000000000000087 -0x0000000000000000000000000000000000000000000000000000000000000048 -0x0000000000000000000000000000000000000000000000000000000000000009 -0x000000000000000000000000000000000000000000000000000000000000000a -0x000000000000000000000000000000000000000000000000000000000000004b -0x000000000000000000000000000000000000000000000000000000000000004c -0x000000000000000000000000000000000000000000000000000000000000004d -0x000000000000000000000000000000000000000000000000000000000000004e -0x000000000000000000000000000000000000000000000000000000000000004f -0x0000000000000000000000000000000000000000000000000000000000000050 -0x0000000000000000000000000000000000000000000000000000000000000051 -0x0000000000000000000000000000000000000000000000000000000000000052 -0x0000000000000000000000000000000000000000000000000000000000000053 -0x0000000000000000000000000000000000000000000000000000000000000054 -0x0000000000000000000000000000000000000000000000000000000000000055 -0x0000000000000000000000000000000000000000000000000000000000000056 -0x0000000000000000000000000000000000000000000000000000000000000057 -0x0000000000000000000000000000000000000000000000000000000000000058 -0x0000000000000000000000000000000000000000000000000000000000000059 -0x000000000000000000000000000000000000000000000000000000000000005a -0x000000000000000000000000000000000000000000000000000000000000005b -0x000000000000000000000000000000000000000000000000000000000000005c -0x000000000000000000000000000000000000000000000000000000000000005d -0x000000000000000000000000000000000000000000000000000000000000005e -0x000000000000000000000000000000000000000000000000000000000000005f -0x0000000000000000000000000000000000000000000000000000000000000060 -0x0000000000000000000000000000000000000000000000000000000000000061 -0x0000000000000000000000000000000000000000000000000000000000000062 -0x0000000000000000000000000000000000000000000000000000000000000063 -0x0000000000000000000000000000000000000000000000000000000000000064 -0x0000000000000000000000000000000000000000000000000000000000000065 -0x0000000000000000000000000000000000000000000000000000000000000066 -0x0000000000000000000000000000000000000000000000000000000000000067 -0x0000000000000000000000000000000000000000000000000000000000000045 -0x0000000000000000000000000000000000000000000000000000000000000068 -0x0000000000000000000000000000000000000000000000000000000000000069 -0x000000000000000000000000000000000000000000000000000000000000006a -0x000000000000000000000000000000000000000000000000000000000000006b -0x000000000000000000000000000000000000000000000000000000000000006c -0x000000000000000000000000000000000000000000000000000000000000006d -0x000000000000000000000000000000000000000000000000000000000000006e -0x000000000000000000000000000000000000000000000000000000000000006f -0x0000000000000000000000000000000000000000000000000000000000000070 -0x0000000000000000000000000000000000000000000000000000000000000071 -0x0000000000000000000000000000000000000000000000000000000000000072 -0x0000000000000000000000000000000000000000000000000000000000000073 -0x0000000000000000000000000000000000000000000000000000000000000074 -0x0000000000000000000000000000000000000000000000000000000000000075 -0x0000000000000000000000000000000000000000000000000000000000000076 -0x0000000000000000000000000000000000000000000000000000000000000077 -0x0000000000000000000000000000000000000000000000000000000000000078 -0x0000000000000000000000000000000000000000000000000000000000000079 -0x000000000000000000000000000000000000000000000000000000000000007a -0x000000000000000000000000000000000000000000000000000000000000007b -0x000000000000000000000000000000000000000000000000000000000000007c -0x000000000000000000000000000000000000000000000000000000000000007d -0x000000000000000000000000000000000000000000000000000000000000007e -0x000000000000000000000000000000000000000000000000000000000000007f -0x0000000000000000000000000000000000000000000000000000000000000080 -0x0000000000000000000000000000000000000000000000000000000000000042 -0x0000000000000000000000000000000000000000000000000000000000000044 -0x0000000000000000000000000000000000000000000000000000000000000002 -0x0000000000000000000000000000000000000000000000000000000000000001 -0x0000000000000000000000000000000000000000000000000000000000000046 -0x0000000000000000000000000000000000000000000000000000000000000007 -0x0000000000000000000000000000000000000000000000000000000000000088 -0x0000000000000000000000000000000000000000000000000000000000000089 -0x000000000000000000000000000000000000000000000000000000000000008a -0x000000000000000000000000000000000000000000000000000000000000008b -0x000000000000000000000000000000000000000000000000000000000000008c -0x000000000000000000000000000000000000000000000000000000000000008d -0x000000000000000000000000000000000000000000000000000000000000008e -0x000000000000000000000000000000000000000000000000000000000000008f -0x0000000000000000000000000000000000000000000000000000000000000090 -0x0000000000000000000000000000000000000000000000000000000000000091 -0x0000000000000000000000000000000000000000000000000000000000000092 -0x0000000000000000000000000000000000000000000000000000000000000093 -0x0000000000000000000000000000000000000000000000000000000000000094 -0x0000000000000000000000000000000000000000000000000000000000000095 -0x0000000000000000000000000000000000000000000000000000000000000096 -0x0000000000000000000000000000000000000000000000000000000000000097 -0x0000000000000000000000000000000000000000000000000000000000000098 -0x0000000000000000000000000000000000000000000000000000000000000099 -0x000000000000000000000000000000000000000000000000000000000000009a -0x000000000000000000000000000000000000000000000000000000000000009b -0x000000000000000000000000000000000000000000000000000000000000009c -0x000000000000000000000000000000000000000000000000000000000000009d -0x000000000000000000000000000000000000000000000000000000000000009e -0x000000000000000000000000000000000000000000000000000000000000009f -0x00000000000000000000000000000000000000000000000000000000000000a0 -0x00000000000000000000000000000000000000000000000000000000000000a1 -0x00000000000000000000000000000000000000000000000000000000000000a2 -0x00000000000000000000000000000000000000000000000000000000000000a3 -0x00000000000000000000000000000000000000000000000000000000000000a4 -0x00000000000000000000000000000000000000000000000000000000000000a5 -0x00000000000000000000000000000000000000000000000000000000000000a6 -0x00000000000000000000000000000000000000000000000000000000000000a7 -0x0000000000000000000000000000000000000000000000000000000000000085 -0x00000000000000000000000000000000000000000000000000000000000000a8 -0x00000000000000000000000000000000000000000000000000000000000000a9 -0x00000000000000000000000000000000000000000000000000000000000000aa -0x00000000000000000000000000000000000000000000000000000000000000ab -0x00000000000000000000000000000000000000000000000000000000000000ac -0x00000000000000000000000000000000000000000000000000000000000000ad -0x00000000000000000000000000000000000000000000000000000000000000ae -0x00000000000000000000000000000000000000000000000000000000000000af -0x00000000000000000000000000000000000000000000000000000000000000b0 -0x00000000000000000000000000000000000000000000000000000000000000b1 -0x00000000000000000000000000000000000000000000000000000000000000b2 -0x00000000000000000000000000000000000000000000000000000000000000b3 -0x00000000000000000000000000000000000000000000000000000000000000b4 -0x00000000000000000000000000000000000000000000000000000000000000b5 -0x00000000000000000000000000000000000000000000000000000000000000b6 -0x00000000000000000000000000000000000000000000000000000000000000b7 -0x00000000000000000000000000000000000000000000000000000000000000b8 -0x00000000000000000000000000000000000000000000000000000000000000b9 -0x00000000000000000000000000000000000000000000000000000000000000ba -0x00000000000000000000000000000000000000000000000000000000000000bb -0x00000000000000000000000000000000000000000000000000000000000000bc -0x00000000000000000000000000000000000000000000000000000000000000bd -0x00000000000000000000000000000000000000000000000000000000000000be -0x00000000000000000000000000000000000000000000000000000000000000bf \ No newline at end of file diff --git a/sigma_now b/sigma_now deleted file mode 100644 index 4989d087a7..0000000000 --- a/sigma_now +++ /dev/null @@ -1,267 +0,0 @@ -SIGMA VALUES INSIDE THE FUNCTION compute_honk_style_permutation_lagrange_polynomials_from_mapping -0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 -0x0000000000000000000000000000000000000000000000000000000000000041 -0x0000000000000000000000000000000000000000000000000000000000000003 -0x0000000000000000000000000000000000000000000000000000000000000043 -0x0000000000000000000000000000000000000000000000000000000000000006 -0x0000000000000000000000000000000000000000000000000000000000000086 -0x0000000000000000000000000000000000000000000000000000000000000000 -0x0000000000000000000000000000000000000000000000000000000000000008 -0x0000000000000000000000000000000000000000000000000000000000000049 -0x000000000000000000000000000000000000000000000000000000000000004a -0x000000000000000000000000000000000000000000000000000000000000000b -0x000000000000000000000000000000000000000000000000000000000000000c -0x000000000000000000000000000000000000000000000000000000000000000d -0x000000000000000000000000000000000000000000000000000000000000000e -0x000000000000000000000000000000000000000000000000000000000000000f -0x0000000000000000000000000000000000000000000000000000000000000010 -0x0000000000000000000000000000000000000000000000000000000000000011 -0x0000000000000000000000000000000000000000000000000000000000000012 -0x0000000000000000000000000000000000000000000000000000000000000013 -0x0000000000000000000000000000000000000000000000000000000000000014 -0x0000000000000000000000000000000000000000000000000000000000000015 -0x0000000000000000000000000000000000000000000000000000000000000016 -0x0000000000000000000000000000000000000000000000000000000000000017 -0x0000000000000000000000000000000000000000000000000000000000000018 -0x0000000000000000000000000000000000000000000000000000000000000019 -0x000000000000000000000000000000000000000000000000000000000000001a -0x000000000000000000000000000000000000000000000000000000000000001b -0x000000000000000000000000000000000000000000000000000000000000001c -0x000000000000000000000000000000000000000000000000000000000000001d -0x000000000000000000000000000000000000000000000000000000000000001e -0x000000000000000000000000000000000000000000000000000000000000001f -0x0000000000000000000000000000000000000000000000000000000000000020 -0x0000000000000000000000000000000000000000000000000000000000000021 -0x0000000000000000000000000000000000000000000000000000000000000022 -0x0000000000000000000000000000000000000000000000000000000000000023 -0x0000000000000000000000000000000000000000000000000000000000000024 -0x0000000000000000000000000000000000000000000000000000000000000025 -0x0000000000000000000000000000000000000000000000000000000000000026 -0x0000000000000000000000000000000000000000000000000000000000000027 -0x0000000000000000000000000000000000000000000000000000000000000005 -0x0000000000000000000000000000000000000000000000000000000000000028 -0x0000000000000000000000000000000000000000000000000000000000000029 -0x000000000000000000000000000000000000000000000000000000000000002a -0x000000000000000000000000000000000000000000000000000000000000002b -0x000000000000000000000000000000000000000000000000000000000000002c -0x000000000000000000000000000000000000000000000000000000000000002d -0x000000000000000000000000000000000000000000000000000000000000002e -0x000000000000000000000000000000000000000000000000000000000000002f -0x0000000000000000000000000000000000000000000000000000000000000030 -0x0000000000000000000000000000000000000000000000000000000000000031 -0x0000000000000000000000000000000000000000000000000000000000000032 -0x0000000000000000000000000000000000000000000000000000000000000033 -0x0000000000000000000000000000000000000000000000000000000000000034 -0x0000000000000000000000000000000000000000000000000000000000000035 -0x0000000000000000000000000000000000000000000000000000000000000036 -0x0000000000000000000000000000000000000000000000000000000000000037 -0x0000000000000000000000000000000000000000000000000000000000000038 -0x0000000000000000000000000000000000000000000000000000000000000039 -0x000000000000000000000000000000000000000000000000000000000000003a -0x000000000000000000000000000000000000000000000000000000000000003b -0x000000000000000000000000000000000000000000000000000000000000003c -0x000000000000000000000000000000000000000000000000000000000000003d -0x000000000000000000000000000000000000000000000000000000000000003e -0x000000000000000000000000000000000000000000000000000000000000003f -0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 -0x0000000000000000000000000000000000000000000000000000000000000041 -0x0000000000000000000000000000000000000000000000000000000000000003 -0x0000000000000000000000000000000000000000000000000000000000000043 -0x0000000000000000000000000000000000000000000000000000000000000006 -0x0000000000000000000000000000000000000000000000000000000000000086 -0x0000000000000000000000000000000000000000000000000000000000000000 -0x0000000000000000000000000000000000000000000000000000000000000008 -0x0000000000000000000000000000000000000000000000000000000000000049 -0x000000000000000000000000000000000000000000000000000000000000004a -0x000000000000000000000000000000000000000000000000000000000000000b -0x000000000000000000000000000000000000000000000000000000000000000c -0x000000000000000000000000000000000000000000000000000000000000000d -0x000000000000000000000000000000000000000000000000000000000000000e -0x000000000000000000000000000000000000000000000000000000000000000f -0x0000000000000000000000000000000000000000000000000000000000000010 -0x0000000000000000000000000000000000000000000000000000000000000011 -0x0000000000000000000000000000000000000000000000000000000000000012 -0x0000000000000000000000000000000000000000000000000000000000000013 -0x0000000000000000000000000000000000000000000000000000000000000014 -0x0000000000000000000000000000000000000000000000000000000000000015 -0x0000000000000000000000000000000000000000000000000000000000000016 -0x0000000000000000000000000000000000000000000000000000000000000017 -0x0000000000000000000000000000000000000000000000000000000000000018 -0x0000000000000000000000000000000000000000000000000000000000000019 -0x000000000000000000000000000000000000000000000000000000000000001a -0x000000000000000000000000000000000000000000000000000000000000001b -0x000000000000000000000000000000000000000000000000000000000000001c -0x000000000000000000000000000000000000000000000000000000000000001d -0x000000000000000000000000000000000000000000000000000000000000001e -0x000000000000000000000000000000000000000000000000000000000000001f -0x0000000000000000000000000000000000000000000000000000000000000020 -0x0000000000000000000000000000000000000000000000000000000000000021 -0x0000000000000000000000000000000000000000000000000000000000000022 -0x0000000000000000000000000000000000000000000000000000000000000023 -0x0000000000000000000000000000000000000000000000000000000000000024 -0x0000000000000000000000000000000000000000000000000000000000000025 -0x0000000000000000000000000000000000000000000000000000000000000026 -0x0000000000000000000000000000000000000000000000000000000000000027 -0x0000000000000000000000000000000000000000000000000000000000000005 -0x0000000000000000000000000000000000000000000000000000000000000028 -0x0000000000000000000000000000000000000000000000000000000000000029 -0x000000000000000000000000000000000000000000000000000000000000002a -0x000000000000000000000000000000000000000000000000000000000000002b -0x000000000000000000000000000000000000000000000000000000000000002c -0x000000000000000000000000000000000000000000000000000000000000002d -0x000000000000000000000000000000000000000000000000000000000000002e -0x000000000000000000000000000000000000000000000000000000000000002f -0x0000000000000000000000000000000000000000000000000000000000000030 -0x0000000000000000000000000000000000000000000000000000000000000031 -0x0000000000000000000000000000000000000000000000000000000000000032 -0x0000000000000000000000000000000000000000000000000000000000000033 -0x0000000000000000000000000000000000000000000000000000000000000034 -0x0000000000000000000000000000000000000000000000000000000000000035 -0x0000000000000000000000000000000000000000000000000000000000000036 -0x0000000000000000000000000000000000000000000000000000000000000037 -0x0000000000000000000000000000000000000000000000000000000000000038 -0x0000000000000000000000000000000000000000000000000000000000000039 -0x000000000000000000000000000000000000000000000000000000000000003a -0x000000000000000000000000000000000000000000000000000000000000003b -0x000000000000000000000000000000000000000000000000000000000000003c -0x000000000000000000000000000000000000000000000000000000000000003d -0x000000000000000000000000000000000000000000000000000000000000003e -0x000000000000000000000000000000000000000000000000000000000000003f -0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 -0x0000000000000000000000000000000000000000000000000000000000000041 -0x0000000000000000000000000000000000000000000000000000000000000003 -0x0000000000000000000000000000000000000000000000000000000000000043 -0x0000000000000000000000000000000000000000000000000000000000000006 -0x0000000000000000000000000000000000000000000000000000000000000086 -0x0000000000000000000000000000000000000000000000000000000000000000 -0x0000000000000000000000000000000000000000000000000000000000000008 -0x0000000000000000000000000000000000000000000000000000000000000049 -0x000000000000000000000000000000000000000000000000000000000000004a -0x000000000000000000000000000000000000000000000000000000000000000b -0x000000000000000000000000000000000000000000000000000000000000000c -0x000000000000000000000000000000000000000000000000000000000000000d -0x000000000000000000000000000000000000000000000000000000000000000e -0x000000000000000000000000000000000000000000000000000000000000000f -0x0000000000000000000000000000000000000000000000000000000000000010 -0x0000000000000000000000000000000000000000000000000000000000000011 -0x0000000000000000000000000000000000000000000000000000000000000012 -0x0000000000000000000000000000000000000000000000000000000000000013 -0x0000000000000000000000000000000000000000000000000000000000000014 -0x0000000000000000000000000000000000000000000000000000000000000015 -0x0000000000000000000000000000000000000000000000000000000000000016 -0x0000000000000000000000000000000000000000000000000000000000000017 -0x0000000000000000000000000000000000000000000000000000000000000018 -0x0000000000000000000000000000000000000000000000000000000000000019 -0x000000000000000000000000000000000000000000000000000000000000001a -0x000000000000000000000000000000000000000000000000000000000000001b -0x000000000000000000000000000000000000000000000000000000000000001c -0x000000000000000000000000000000000000000000000000000000000000001d -0x000000000000000000000000000000000000000000000000000000000000001e -0x000000000000000000000000000000000000000000000000000000000000001f -0x0000000000000000000000000000000000000000000000000000000000000020 -0x0000000000000000000000000000000000000000000000000000000000000021 -0x0000000000000000000000000000000000000000000000000000000000000022 -0x0000000000000000000000000000000000000000000000000000000000000023 -0x0000000000000000000000000000000000000000000000000000000000000024 -0x0000000000000000000000000000000000000000000000000000000000000025 -0x0000000000000000000000000000000000000000000000000000000000000026 -0x0000000000000000000000000000000000000000000000000000000000000027 -0x0000000000000000000000000000000000000000000000000000000000000005 -0x0000000000000000000000000000000000000000000000000000000000000028 -0x0000000000000000000000000000000000000000000000000000000000000029 -0x000000000000000000000000000000000000000000000000000000000000002a -0x000000000000000000000000000000000000000000000000000000000000002b -0x000000000000000000000000000000000000000000000000000000000000002c -0x000000000000000000000000000000000000000000000000000000000000002d -0x000000000000000000000000000000000000000000000000000000000000002e -0x000000000000000000000000000000000000000000000000000000000000002f -0x0000000000000000000000000000000000000000000000000000000000000030 -0x0000000000000000000000000000000000000000000000000000000000000031 -0x0000000000000000000000000000000000000000000000000000000000000032 -0x0000000000000000000000000000000000000000000000000000000000000033 -0x0000000000000000000000000000000000000000000000000000000000000034 -0x0000000000000000000000000000000000000000000000000000000000000035 -0x0000000000000000000000000000000000000000000000000000000000000036 -0x0000000000000000000000000000000000000000000000000000000000000037 -0x0000000000000000000000000000000000000000000000000000000000000038 -0x0000000000000000000000000000000000000000000000000000000000000039 -0x000000000000000000000000000000000000000000000000000000000000003a -0x000000000000000000000000000000000000000000000000000000000000003b -0x000000000000000000000000000000000000000000000000000000000000003c -0x000000000000000000000000000000000000000000000000000000000000003d -0x000000000000000000000000000000000000000000000000000000000000003e -0x000000000000000000000000000000000000000000000000000000000000003f - - - - - - - - - -SIGMA VALUES INSIDE THE TEST StandardHonkComposer.SigmaIDCorrectness -0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000000 -0x0000000000000000000000000000000000000000000000000000000000000041 -0x0000000000000000000000000000000000000000000000000000000000000003 -0x0000000000000000000000000000000000000000000000000000000000000043 -0x0000000000000000000000000000000000000000000000000000000000000006 -0x0000000000000000000000000000000000000000000000000000000000000086 -0x0000000000000000000000000000000000000000000000000000000000000000 -0x0000000000000000000000000000000000000000000000000000000000000008 -0x0000000000000000000000000000000000000000000000000000000000000049 -0x000000000000000000000000000000000000000000000000000000000000004a -0x000000000000000000000000000000000000000000000000000000000000000b -0x000000000000000000000000000000000000000000000000000000000000000c -0x000000000000000000000000000000000000000000000000000000000000000d -0x000000000000000000000000000000000000000000000000000000000000000e -0x000000000000000000000000000000000000000000000000000000000000000f -0x0000000000000000000000000000000000000000000000000000000000000010 -0x0000000000000000000000000000000000000000000000000000000000000011 -0x0000000000000000000000000000000000000000000000000000000000000012 -0x0000000000000000000000000000000000000000000000000000000000000013 -0x0000000000000000000000000000000000000000000000000000000000000014 -0x0000000000000000000000000000000000000000000000000000000000000015 -0x0000000000000000000000000000000000000000000000000000000000000016 -0x0000000000000000000000000000000000000000000000000000000000000017 -0x0000000000000000000000000000000000000000000000000000000000000018 -0x0000000000000000000000000000000000000000000000000000000000000019 -0x000000000000000000000000000000000000000000000000000000000000001a -0x000000000000000000000000000000000000000000000000000000000000001b -0x000000000000000000000000000000000000000000000000000000000000001c -0x000000000000000000000000000000000000000000000000000000000000001d -0x000000000000000000000000000000000000000000000000000000000000001e -0x000000000000000000000000000000000000000000000000000000000000001f -0x0000000000000000000000000000000000000000000000000000000000000020 -0x0000000000000000000000000000000000000000000000000000000000000021 -0x0000000000000000000000000000000000000000000000000000000000000022 -0x0000000000000000000000000000000000000000000000000000000000000023 -0x0000000000000000000000000000000000000000000000000000000000000024 -0x0000000000000000000000000000000000000000000000000000000000000025 -0x0000000000000000000000000000000000000000000000000000000000000026 -0x0000000000000000000000000000000000000000000000000000000000000027 -0x0000000000000000000000000000000000000000000000000000000000000005 -0x0000000000000000000000000000000000000000000000000000000000000028 -0x0000000000000000000000000000000000000000000000000000000000000029 -0x000000000000000000000000000000000000000000000000000000000000002a -0x000000000000000000000000000000000000000000000000000000000000002b -0x000000000000000000000000000000000000000000000000000000000000002c -0x000000000000000000000000000000000000000000000000000000000000002d -0x000000000000000000000000000000000000000000000000000000000000002e -0x000000000000000000000000000000000000000000000000000000000000002f -0x0000000000000000000000000000000000000000000000000000000000000030 -0x0000000000000000000000000000000000000000000000000000000000000031 -0x0000000000000000000000000000000000000000000000000000000000000032 -0x0000000000000000000000000000000000000000000000000000000000000033 -0x0000000000000000000000000000000000000000000000000000000000000034 -0x0000000000000000000000000000000000000000000000000000000000000035 -0x0000000000000000000000000000000000000000000000000000000000000036 -0x0000000000000000000000000000000000000000000000000000000000000037 -0x0000000000000000000000000000000000000000000000000000000000000038 -0x0000000000000000000000000000000000000000000000000000000000000039 -0x000000000000000000000000000000000000000000000000000000000000003a -0x000000000000000000000000000000000000000000000000000000000000003b -0x000000000000000000000000000000000000000000000000000000000000003c -0x000000000000000000000000000000000000000000000000000000000000003d -0x000000000000000000000000000000000000000000000000000000000000003e -0x000000000000000000000000000000000000000000000000000000000000003f \ No newline at end of file From b9c2952782923ba70e5ebacb8c852034d9907085 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 19:40:54 +0000 Subject: [PATCH 111/119] Cheaply reintroduce equality check. --- cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp b/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp index d5200ac5b3..cfe3dfb09b 100644 --- a/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp +++ b/cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp @@ -38,7 +38,7 @@ template struct SumcheckOutput { { bool result{ false }; result = challenge_point == other.challenge_point; - // result = purported_evaluations == other.purported_evaluations; + result = purported_evaluations._data == other.purported_evaluations._data; return result; }; }; From 503aca0be369e750b5ba0fcc370bb9ff5fc98906 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 19:47:52 +0000 Subject: [PATCH 112/119] Leave note on unfinished tests --- .../proof_system/composer/permutation_helper.test.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp index 75be6f5df9..57103c69ae 100644 --- a/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp +++ b/cpp/src/barretenberg/proof_system/composer/permutation_helper.test.cpp @@ -62,16 +62,19 @@ class PermutationHelperTests : public ::testing::Test { TEST_F(PermutationHelperTests, ComputeWireCopyCycles) { + // TODO(#425) Flesh out these tests compute_wire_copy_cycles(circuit_constructor); } TEST_F(PermutationHelperTests, ComputePermutationMapping) { + // TODO(#425) Flesh out these tests compute_permutation_mapping(circuit_constructor, proving_key.get()); } TEST_F(PermutationHelperTests, ComputeHonkStyleSigmaLagrangePolynomialsFromMapping) { + // TODO(#425) Flesh out these tests auto mapping = compute_permutation_mapping(circuit_constructor, proving_key.get()); compute_honk_style_permutation_lagrange_polynomials_from_mapping( proving_key->get_sigma_polynomials(), mapping.sigmas, proving_key.get()); @@ -79,6 +82,7 @@ TEST_F(PermutationHelperTests, ComputeHonkStyleSigmaLagrangePolynomialsFromMappi TEST_F(PermutationHelperTests, ComputeStandardAuxPolynomials) { + // TODO(#425) Flesh out these tests compute_standard_honk_id_polynomials(proving_key); compute_standard_honk_sigma_permutations(circuit_constructor, proving_key.get()); compute_first_and_last_lagrange_polynomials(proving_key); From 75589bf99ebcb32d9ade5e1ba7b2dcc465ba9a45 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 19:58:34 +0000 Subject: [PATCH 113/119] Make todo an issue --- cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp index a9f7aab3d1..ea60cb6a2a 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp @@ -15,7 +15,7 @@ namespace proof_system::honk { */ class StandardHonkComposer { public: - // TODO(Cody): Put this in the flavor? + // TODO(#426): This doesn't belong here static constexpr merkle::HashType merkle_hash_type = merkle::HashType::LOOKUP_PEDERSEN; static constexpr pedersen::CommitmentType commitment_type = pedersen::CommitmentType::FIXED_BASE_PEDERSEN; From aa6d063eaf9269b5aa8e00c79ebc547e9dddda55 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 20:04:55 +0000 Subject: [PATCH 114/119] Add failure case. --- .../composer/standard_honk_composer.test.cpp | 49 +++++++++++-------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp index ac0865a151..78a8c930ad 100644 --- a/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp +++ b/cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp @@ -352,27 +352,36 @@ TEST(StandardHonkComposer, TwoGates) run_test(/* expect_verified=*/false); } -TEST(StandardHonkComposer, SumcheckEvaluationsAreCorrect) +TEST(StandardHonkComposer, SumcheckEvaluations) { - auto composer = StandardHonkComposer(); - fr a = fr::one(); - // Construct a small but non-trivial circuit - uint32_t a_idx = composer.add_public_variable(a); - fr b = fr::one(); - fr c = a + b; - fr d = a + c; - uint32_t b_idx = composer.add_variable(b); - uint32_t c_idx = composer.add_variable(c); - uint32_t d_idx = composer.add_variable(d); - for (size_t i = 0; i < 16; i++) { - composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); - composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); - } - auto prover = composer.create_prover(); - plonk::proof proof = prover.construct_proof(); + auto run_test = [](bool expected_result) { + auto composer = StandardHonkComposer(); + fr a = fr::one(); + // Construct a small but non-trivial circuit + uint32_t a_idx = composer.add_public_variable(a); + fr b = fr::one(); + fr c = a + b; + fr d = a + c; - auto verifier = composer.create_verifier(); - bool verified = verifier.verify_proof(proof); - ASSERT_TRUE(verified); + if (expected_result == false) { + d += 1; + }; + + uint32_t b_idx = composer.add_variable(b); + uint32_t c_idx = composer.add_variable(c); + uint32_t d_idx = composer.add_variable(d); + for (size_t i = 0; i < 16; i++) { + composer.create_add_gate({ a_idx, b_idx, c_idx, fr::one(), fr::one(), fr::neg_one(), fr::zero() }); + composer.create_add_gate({ d_idx, c_idx, a_idx, fr::one(), fr::neg_one(), fr::neg_one(), fr::zero() }); + } + auto prover = composer.create_prover(); + plonk::proof proof = prover.construct_proof(); + + auto verifier = composer.create_verifier(); + bool verified = verifier.verify_proof(proof); + ASSERT_EQ(verified, expected_result); + }; + run_test(/*expected_result=*/true); + run_test(/*expected_result=*/false); } } // namespace test_standard_honk_composer From 7053096afd90443fb98c1e90a264439842c49791 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 20:22:41 +0000 Subject: [PATCH 115/119] Clarify some flavor tests. --- .../barretenberg/honk/flavor/flavor.test.cpp | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/cpp/src/barretenberg/honk/flavor/flavor.test.cpp b/cpp/src/barretenberg/honk/flavor/flavor.test.cpp index 110167c8a5..1211313af4 100644 --- a/cpp/src/barretenberg/honk/flavor/flavor.test.cpp +++ b/cpp/src/barretenberg/honk/flavor/flavor.test.cpp @@ -8,7 +8,7 @@ #pragma GCC diagnostic ignored "-Wunused-variable" namespace proof_system::test_flavor { -TEST(Flavor, Standard) +TEST(Flavor, StandardGetters) { using Flavor = proof_system::honk::flavor::Standard; using FF = Flavor::FF; @@ -20,6 +20,7 @@ TEST(Flavor, Standard) return Flavor::ProvingKey(/*circuit_size=*/4, /*num_public_inputs=*/0, crs, ComposerType::STANDARD); }(); + // set size_t coset_idx = 0; for (auto& id_poly : proving_key.get_id_polynomials()) { typename Flavor::Polynomial new_poly(proving_key.circuit_size); @@ -29,14 +30,22 @@ TEST(Flavor, Standard) ++coset_idx; } + // Polynomials in the proving key can be set through loops over subsets produced by the getters + EXPECT_EQ(proving_key.id_1[0], FF(0)); + EXPECT_EQ(proving_key.id_2[0], FF(4)); + EXPECT_EQ(proving_key.id_3[0], FF(8)); + Flavor::VerificationKey verification_key; Flavor::ProverPolynomials prover_polynomials; Flavor::ExtendedEdges edges; Flavor::PurportedEvaluations evals; Flavor::CommitmentLabels commitment_labels; - EXPECT_EQ(prover_polynomials.size(), 18); + // Globals are also available through STL container sizes + EXPECT_EQ(prover_polynomials.size(), Flavor::NUM_ALL_ENTITIES); + // Shited polynomials have the righ tsize EXPECT_EQ(prover_polynomials.size(), prover_polynomials.get_unshifted_then_shifted().size()); + // Commitment lables are stored in the flavor. EXPECT_EQ(commitment_labels.w_r, "W_2"); auto get_test_polynomial = [](size_t& idx) { @@ -86,6 +95,8 @@ TEST(Flavor, Standard) prover_polynomials.lagrange_first = lagrange_first; prover_polynomials.lagrange_last = lagrange_last; + // You can set polynomial values directly through the symbol names + // and then access the values through the getters. idx = 0; for (auto& poly : prover_polynomials.get_wires()) { EXPECT_EQ(poly[0], 4 * idx); @@ -105,8 +116,7 @@ TEST(Flavor, Standard) }; } -// TODO(luke): just playing around with the Flavor classes. These should become demonstrative tests -TEST(Flavor, General) +TEST(Flavor, AllEntitiesSpecialMemberFunctions) { using Flavor = proof_system::honk::flavor::Standard; using FF = Flavor::FF; @@ -119,7 +129,7 @@ TEST(Flavor, General) coeff = FF::random_element(); } - info("polynomials_A.size() = ", polynomials_A.size()); + // Test some special member functions. polynomials_A.w_l = random_poly; From e7a997dfca003b93ddd2b48b6c1a45147561c234 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 20:24:57 +0000 Subject: [PATCH 116/119] Remove some logging. --- cpp/src/barretenberg/honk/proof_system/prover.cpp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover.cpp b/cpp/src/barretenberg/honk/proof_system/prover.cpp index 9fb0b84dfe..ca92ca8f27 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover.cpp @@ -152,7 +152,6 @@ template void StandardProver_::execute_univariat // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ FF rho = transcript.get_challenge("rho"); - info("rho = ", rho); std::vector rhos = Gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ @@ -188,7 +187,6 @@ template void StandardProver_::execute_univariat template void StandardProver_::execute_pcs_evaluation_round() { const FF r_challenge = transcript.get_challenge("Gemini:r"); - info("r = ", r_challenge); gemini_output = Gemini::compute_fold_polynomial_evaluations( sumcheck_output.challenge_point, std::move(fold_polynomials), r_challenge); @@ -206,7 +204,6 @@ template void StandardProver_::execute_pcs_evalu template void StandardProver_::execute_shplonk_batched_quotient_round() { nu_challenge = transcript.get_challenge("Shplonk:nu"); - info("nu = ", nu_challenge); batched_quotient_Q = Shplonk::compute_batched_quotient(gemini_output.opening_pairs, gemini_output.witnesses, nu_challenge); @@ -222,7 +219,6 @@ template void StandardProver_::execute_shplonk_b template void StandardProver_::execute_shplonk_partial_evaluation_round() { const FF z_challenge = transcript.get_challenge("Shplonk:z"); - info("z = ", z_challenge); shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient( gemini_output.opening_pairs, gemini_output.witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); } From 034c541fa12334ed142635bb8fce58ddcb0bfbd3 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 20:27:00 +0000 Subject: [PATCH 117/119] Add assert suggested by Kesha. --- cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp index 04a74e1b11..9a33d3ce8a 100644 --- a/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp +++ b/cpp/src/barretenberg/honk/proof_system/prover_library.test.cpp @@ -35,8 +35,9 @@ template class ProverLibraryTests : public testing::Test { return random_polynomial; } - static void populate_span(auto& polynomial_view, auto& polynomial) + static void populate_span(auto& polynomial_view, const auto& polynomial) { + ASSERT(polynomial_view.size() <= polynomial.size()); for (size_t idx = 0; idx < polynomial.size(); idx++) { polynomial_view[idx] = polynomial[idx]; } From 0561e5dc678e1cc9e2d19db1764261d543e2c4bc Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 20:27:22 +0000 Subject: [PATCH 118/119] Fix typo. --- cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp index e481fe99fe..3c782432d6 100644 --- a/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp +++ b/cpp/src/barretenberg/honk/proof_system/ultra_prover.hpp @@ -6,7 +6,7 @@ namespace proof_system::honk { -// We won't compile this class with honk::flavor::Ultra, but we will like want to compile it (at least for testing) +// We won't compile this class with honk::flavor::Standard, but we will like want to compile it (at least for testing) // with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc. template concept UltraFlavor = IsAnyOf; template class UltraProver_ { From 5282d6890639f7cbae98e26a49428fa9c8121856 Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 4 May 2023 20:34:50 +0000 Subject: [PATCH 119/119] Remove proof printing function. --- .../plonk/proof_system/types/proof.hpp | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp b/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp index 5ec88353fe..d0a65aa2b6 100644 --- a/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp +++ b/cpp/src/barretenberg/plonk/proof_system/types/proof.hpp @@ -11,20 +11,6 @@ struct proof { std::vector proof_data; bool operator==(proof const& other) const = default; - void print() - { - size_t newline_counter = 0; - for (auto& byte : proof_data) { - if (newline_counter == 0 || newline_counter == 4 || newline_counter % 32 == 8) { - std::cerr << "\n" - << "0x"; - } - std::cerr << std::hex << std::setfill('0') << std::setw(2) - << static_cast(static_cast(byte)); - newline_counter++; - }; - std::cerr << std::endl; - } }; inline void read(uint8_t const*& it, proof& data)