diff --git a/barretenberg/cpp/src/barretenberg/honk/flavor/goblin_translator.hpp b/barretenberg/cpp/src/barretenberg/honk/flavor/goblin_translator.hpp new file mode 100644 index 000000000000..d7d3b6d19e2e --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/honk/flavor/goblin_translator.hpp @@ -0,0 +1,1635 @@ +#pragma once +#include "../sumcheck/relation_definitions_fwd.hpp" +#include "barretenberg/ecc/curves/bn254/bn254.hpp" +#include "barretenberg/honk/pcs/commitment_key.hpp" +#include "barretenberg/honk/pcs/kzg/kzg.hpp" +#include "barretenberg/polynomials/univariate.hpp" +#include "barretenberg/proof_system/arithmetization/arithmetization.hpp" +#include "barretenberg/proof_system/circuit_builder/goblin_translator_circuit_builder.hpp" +#include "barretenberg/proof_system/flavor/flavor.hpp" +#include "barretenberg/proof_system/relations/decomposition_relation.hpp" +#include "barretenberg/proof_system/relations/extra_relations.hpp" +#include "barretenberg/proof_system/relations/gen_perm_sort_relation.hpp" +#include "barretenberg/proof_system/relations/non_native_field_relation.hpp" +#include "barretenberg/proof_system/relations/permutation_relation.hpp" +#include +#include +#include +#include +#include +#include + +namespace proof_system::honk::flavor { + +template class GoblinTranslator_ { + + public: + /** + * @brief Enum containing IDs of all the polynomials used in Goblin Translator + * + * @details We use the enum for easier updates of structure sizes and for cases where we need to get a particular + * polynomial programmatically + */ + enum ALL_ENTITIES_IDS : size_t { + /*The first 4 wires contain the standard values from the EccOpQueue*/ + OP, + X_LO_Y_HI, + X_HI_Z_1, + Y_LO_Z_2, + /*P.xₗₒ split into 2 NUM_LIMB_BITS bit limbs*/ + P_X_LOW_LIMBS, + /*Low limbs split further into smaller chunks for range constraints*/ + P_X_LOW_LIMBS_RANGE_CONSTRAINT_0, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_1, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_2, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_3, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_4, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, + /*P.xₕᵢ split into 2 NUM_LIMB_BITS bit limbs*/ + P_X_HIGH_LIMBS, + /*High limbs split into chunks for range constraints*/ + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide limb + // range cosntraints + /*P.yₗₒ split into 2 NUM_LIMB_BITS bit limbs*/ + P_Y_LOW_LIMBS, + /*Low limbs split into chunks for range constraints*/ + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, + /*P.yₕᵢ split into 2 NUM_LIMB_BITS bit limbs*/ + P_Y_HIGH_LIMBS, + /*High limbs split into chunks for range constraints*/ + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide limb + // range cosntraints + /*Low limbs of z_1 and z_2*/ + Z_LOW_LIMBS, + /*Range constraints for low limbs of z_1 and z_2*/ + Z_LOW_LIMBS_RANGE_CONSTRAINT_0, + Z_LOW_LIMBS_RANGE_CONSTRAINT_1, + Z_LOW_LIMBS_RANGE_CONSTRAINT_2, + Z_LOW_LIMBS_RANGE_CONSTRAINT_3, + Z_LOW_LIMBS_RANGE_CONSTRAINT_4, + Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, + /*High Limbs of z_1 and z_2*/ + Z_HIGH_LIMBS, + /*Range constraints for high limbs of z_1 and z_2*/ + Z_HIGH_LIMBS_RANGE_CONSTRAINT_0, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_1, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_2, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_3, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_4, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, + /* Contain NUM_LIMB_BITS-bit limbs of current and previous accumulator (previous at higher indices because of + the nuances of KZG commitment) */ + ACCUMULATORS_BINARY_LIMBS_0, + ACCUMULATORS_BINARY_LIMBS_1, + ACCUMULATORS_BINARY_LIMBS_2, + ACCUMULATORS_BINARY_LIMBS_3, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0, // Range constraints for the current accumulator limbs (no need to + // redo previous accumulator) + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide + // limb range constraints + + /* Quotient limbs*/ + QUOTIENT_LOW_BINARY_LIMBS, + QUOTIENT_HIGH_BINARY_LIMBS, + /* Range constraints for quotient */ + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_0, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_1, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_2, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_3, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_4, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_0, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_1, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_2, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_3, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_4, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, // The tail also contains some leftover values from relation wide + // limb range constraints + + /* Limbs for checking the correctness of mod 2²⁷² relations*/ + RELATION_WIDE_LIMBS, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3, + /*Concatenations of various range constraint wires*/ + CONCATENATED_RANGE_CONSTRAINTS_0, + CONCATENATED_RANGE_CONSTRAINTS_1, + CONCATENATED_RANGE_CONSTRAINTS_2, + CONCATENATED_RANGE_CONSTRAINTS_3, + /*Values from concatenated range constraints + some additional ones*/ + ORDERED_RANGE_CONSTRAINTS_0, + ORDERED_RANGE_CONSTRAINTS_1, + ORDERED_RANGE_CONSTRAINTS_2, + ORDERED_RANGE_CONSTRAINTS_3, + ORDERED_RANGE_CONSTRAINTS_4, + /*Grand Product Polynomial*/ + Z_PERM, + /*Shifted versions of polynomials*/ + X_LO_Y_HI_SHIFT, + X_HI_Z_1_SHIFT, + Y_LO_Z_2_SHIFT, + P_X_LOW_LIMBS_SHIFT, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + P_X_HIGH_LIMBS_SHIFT, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + P_Y_LOW_LIMBS_SHIFT, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + P_Y_HIGH_LIMBS_SHIFT, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + Z_LOW_LIMBS_SHIFT, + Z_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + Z_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + Z_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + Z_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + Z_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + Z_HIGH_LIMBS_SHIFT, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + ACCUMULATORS_BINARY_LIMBS_0_SHIFT, + ACCUMULATORS_BINARY_LIMBS_1_SHIFT, + ACCUMULATORS_BINARY_LIMBS_2_SHIFT, + ACCUMULATORS_BINARY_LIMBS_3_SHIFT, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + QUOTIENT_LOW_BINARY_LIMBS_SHIFT, + QUOTIENT_HIGH_BINARY_LIMBS_SHIFT, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_4_SHIFT, + QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL_SHIFT, + RELATION_WIDE_LIMBS_SHIFT, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0_SHIFT, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1_SHIFT, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2_SHIFT, + RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3_SHIFT, + ORDERED_RANGE_CONSTRAINTS_0_SHIFT, + ORDERED_RANGE_CONSTRAINTS_1_SHIFT, + ORDERED_RANGE_CONSTRAINTS_2_SHIFT, + ORDERED_RANGE_CONSTRAINTS_3_SHIFT, + ORDERED_RANGE_CONSTRAINTS_4_SHIFT, + + Z_PERM_SHIFT, + /*All precomputed polynomials*/ + LAGRANGE_FIRST, + LAGRANGE_LAST, + LAGRANGE_ODD_IN_MINICIRCUIT, + LAGRANGE_EVEN_IN_MINICIRCUIT, + LAGRANGE_SECOND, + LAGRANGE_SECOND_TO_LAST_IN_MINICIRCUIT, + ORDERED_EXTRA_RANGE_CONSTRAINTS_NUMERATOR, + /*Utility value*/ + TOTAL_COUNT + + }; + + using CircuitBuilder = GoblinTranslatorCircuitBuilder; + using PCS = pcs::kzg::KZG; + using Curve = curve::BN254; + using GroupElement = Curve::Element; + using Commitment = Curve::AffineElement; + using CommitmentHandle = Curve::AffineElement; + using CommitmentKey = pcs::CommitmentKey; + using VerifierCommitmentKey = pcs::VerifierCommitmentKey; + using FF = Curve::ScalarField; + using BF = Curve::BaseField; + using Polynomial = barretenberg::Polynomial; + using PolynomialHandle = std::span; + + // The size of the circuit which is filled with non-zero values for most polynomials. Most relations (everything + // except for Permutation and GenPermSort) can be evaluated just on the first chunk + // It is also the only parameter that can be changed without updating relations or structures in the flavor + static constexpr size_t MINI_CIRCUIT_SIZE = mini_circuit_size; + + // None of this parameters can be changed + + // How many mini_circuit_size polynomials are concatenated in one concatenated_* + static constexpr size_t CONCATENATION_INDEX = 16; + + // The number of concatenated_* wires + static constexpr size_t NUM_CONCATENATED_WIRES = 4; + + // Actual circuit size + static constexpr size_t FULL_CIRCUIT_SIZE = MINI_CIRCUIT_SIZE * CONCATENATION_INDEX; + + // Number of wires + static constexpr size_t NUM_WIRES = CircuitBuilder::NUM_WIRES; + + // The step in the GenPermSort relation + static constexpr size_t SORT_STEP = 3; + + // The bitness of the range constraint + static constexpr size_t MICRO_LIMB_BITS = CircuitBuilder::MICRO_LIMB_BITS; + + // The limbs of the modulus we are emulating in the goblin translator. 4 binary 68-bit limbs and the prime one + static constexpr auto NEGATIVE_MODULUS_LIMBS = CircuitBuilder::NEGATIVE_MODULUS_LIMBS; + + // Number of bits in a binary limb + // This is not a configurable value. Relations are sepcifically designed for it to be 68 + static constexpr size_t NUM_LIMB_BITS = CircuitBuilder::NUM_LIMB_BITS; + + // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often + // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS`. + // Note: this number does not include the individual sorted list polynomials. + static constexpr size_t NUM_ALL_ENTITIES = ALL_ENTITIES_IDS::TOTAL_COUNT; + // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying + // assignment of witnesses. We again choose a neutral name. + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = ALL_ENTITIES_IDS::TOTAL_COUNT - ALL_ENTITIES_IDS::Z_PERM_SHIFT; + // The total number of witness entities not including shifts. + static constexpr size_t NUM_WITNESS_ENTITIES = + ALL_ENTITIES_IDS::TOTAL_COUNT - (ALL_ENTITIES_IDS::Z_PERM_SHIFT - ALL_ENTITIES_IDS::Z_PERM); + + using GrandProductRelations = std::tuple>; + // define the tuple of Relations that comprise the Sumcheck relation + using Relations = std::tuple, + GoblinTranslatorGenPermSortRelation, + GoblinTranslatorDecompositionRelation, + GoblinTranslatorOpcodeConstraintRelation, + GoblinTranslatorAccumulatorTransferRelation, + GoblinTranslatorNonNativeFieldRelation>; + + static constexpr size_t MAX_RELATION_LENGTH = get_max_relation_length(); + + // MAX_RANDOM_RELATION_LENGTH = algebraic degree of sumcheck relation *after* multiplying by the `pow_zeta` random + // polynomial e.g. For \sum(x) [A(x) * B(x) + C(x)] * PowZeta(X), relation length = 2 and random relation length = 3 + static constexpr size_t MAX_RANDOM_RELATION_LENGTH = MAX_RELATION_LENGTH + 1; + static constexpr size_t NUM_RELATIONS = std::tuple_size::value; + + // define the containers for storing the contributions from each relation in Sumcheck + using SumcheckTupleOfTuplesOfUnivariates = decltype(create_sumcheck_tuple_of_tuples_of_univariates()); + using TupleOfArraysOfValues = decltype(create_sumcheck_tuple_of_arrays_of_values()); + + private: + template + /** + * @brief A base class labelling precomputed entities and (ordered) subsets of interest. + * @details Used to build the proving key and verification key. + */ + class PrecomputedEntities : public PrecomputedEntities_ { + public: + DataType& lagrange_first = std::get<0>(this->_data); + DataType& lagrange_last = std::get<1>(this->_data); + // TODO(#758): Check if one of these can be replaced by shifts + DataType& lagrange_odd_in_minicircuit = std::get<2>(this->_data); + DataType& lagrange_even_in_minicircuit = std::get<3>(this->_data); + DataType& lagrange_second = std::get<4>(this->_data); + DataType& lagrange_second_to_last_in_minicircuit = std::get<5>(this->_data); + DataType& ordered_extra_range_constraints_numerator = std::get<6>(this->_data); + std::vector get_selectors() { return {}; }; + std::vector get_sigma_polynomials() { return {}; }; + std::vector get_id_polynomials() { return {}; }; + }; + + /** + * @brief Container for all witness polynomials used/constructed by the prover. + * @details Shifts are not included here since they do not occupy their own memory. + */ + template + class WitnessEntities : public WitnessEntities_ { + public: + DataType& op = std::get<0>(this->_data); + DataType& x_lo_y_hi = std::get<1>(this->_data); + DataType& x_hi_z_1 = std::get<2>(this->_data); + DataType& y_lo_z_2 = std::get<3>(this->_data); + DataType& p_x_low_limbs = std::get<4>(this->_data); + DataType& p_x_low_limbs_range_constraint_0 = std::get<5>(this->_data); + DataType& p_x_low_limbs_range_constraint_1 = std::get<6>(this->_data); + DataType& p_x_low_limbs_range_constraint_2 = std::get<7>(this->_data); + DataType& p_x_low_limbs_range_constraint_3 = std::get<8>(this->_data); + DataType& p_x_low_limbs_range_constraint_4 = std::get<9>(this->_data); + DataType& p_x_low_limbs_range_constraint_tail = std::get<10>(this->_data); + DataType& p_x_high_limbs = std::get<11>(this->_data); + DataType& p_x_high_limbs_range_constraint_0 = std::get<12>(this->_data); + DataType& p_x_high_limbs_range_constraint_1 = std::get<13>(this->_data); + DataType& p_x_high_limbs_range_constraint_2 = std::get<14>(this->_data); + DataType& p_x_high_limbs_range_constraint_3 = std::get<15>(this->_data); + DataType& p_x_high_limbs_range_constraint_4 = std::get<16>(this->_data); + DataType& p_x_high_limbs_range_constraint_tail = std::get<17>(this->_data); + DataType& p_y_low_limbs = std::get<18>(this->_data); + DataType& p_y_low_limbs_range_constraint_0 = std::get<19>(this->_data); + DataType& p_y_low_limbs_range_constraint_1 = std::get<20>(this->_data); + DataType& p_y_low_limbs_range_constraint_2 = std::get<21>(this->_data); + DataType& p_y_low_limbs_range_constraint_3 = std::get<22>(this->_data); + DataType& p_y_low_limbs_range_constraint_4 = std::get<23>(this->_data); + DataType& p_y_low_limbs_range_constraint_tail = std::get<24>(this->_data); + DataType& p_y_high_limbs = std::get<25>(this->_data); + DataType& p_y_high_limbs_range_constraint_0 = std::get<26>(this->_data); + DataType& p_y_high_limbs_range_constraint_1 = std::get<27>(this->_data); + DataType& p_y_high_limbs_range_constraint_2 = std::get<28>(this->_data); + DataType& p_y_high_limbs_range_constraint_3 = std::get<29>(this->_data); + DataType& p_y_high_limbs_range_constraint_4 = std::get<30>(this->_data); + DataType& p_y_high_limbs_range_constraint_tail = std::get<31>(this->_data); + DataType& z_low_limbs = std::get<32>(this->_data); + DataType& z_low_limbs_range_constraint_0 = std::get<33>(this->_data); + DataType& z_low_limbs_range_constraint_1 = std::get<34>(this->_data); + DataType& z_low_limbs_range_constraint_2 = std::get<35>(this->_data); + DataType& z_low_limbs_range_constraint_3 = std::get<36>(this->_data); + DataType& z_low_limbs_range_constraint_4 = std::get<37>(this->_data); + DataType& z_low_limbs_range_constraint_tail = std::get<38>(this->_data); + DataType& z_high_limbs = std::get<39>(this->_data); + DataType& z_high_limbs_range_constraint_0 = std::get<40>(this->_data); + DataType& z_high_limbs_range_constraint_1 = std::get<41>(this->_data); + DataType& z_high_limbs_range_constraint_2 = std::get<42>(this->_data); + DataType& z_high_limbs_range_constraint_3 = std::get<43>(this->_data); + DataType& z_high_limbs_range_constraint_4 = std::get<44>(this->_data); + DataType& z_high_limbs_range_constraint_tail = std::get<45>(this->_data); + DataType& accumulators_binary_limbs_0 = std::get<46>(this->_data); + DataType& accumulators_binary_limbs_1 = std::get<47>(this->_data); + DataType& accumulators_binary_limbs_2 = std::get<48>(this->_data); + DataType& accumulators_binary_limbs_3 = std::get<49>(this->_data); + DataType& accumulator_low_limbs_range_constraint_0 = std::get<50>(this->_data); + DataType& accumulator_low_limbs_range_constraint_1 = std::get<51>(this->_data); + DataType& accumulator_low_limbs_range_constraint_2 = std::get<52>(this->_data); + DataType& accumulator_low_limbs_range_constraint_3 = std::get<53>(this->_data); + DataType& accumulator_low_limbs_range_constraint_4 = std::get<54>(this->_data); + DataType& accumulator_low_limbs_range_constraint_tail = std::get<55>(this->_data); + DataType& accumulator_high_limbs_range_constraint_0 = std::get<56>(this->_data); + DataType& accumulator_high_limbs_range_constraint_1 = std::get<57>(this->_data); + DataType& accumulator_high_limbs_range_constraint_2 = std::get<58>(this->_data); + DataType& accumulator_high_limbs_range_constraint_3 = std::get<59>(this->_data); + DataType& accumulator_high_limbs_range_constraint_4 = std::get<60>(this->_data); + DataType& accumulator_high_limbs_range_constraint_tail = std::get<61>(this->_data); + DataType& quotient_low_binary_limbs = std::get<62>(this->_data); + DataType& quotient_high_binary_limbs = std::get<63>(this->_data); + DataType& quotient_low_limbs_range_constraint_0 = std::get<64>(this->_data); + DataType& quotient_low_limbs_range_constraint_1 = std::get<65>(this->_data); + DataType& quotient_low_limbs_range_constraint_2 = std::get<66>(this->_data); + DataType& quotient_low_limbs_range_constraint_3 = std::get<67>(this->_data); + DataType& quotient_low_limbs_range_constraint_4 = std::get<68>(this->_data); + DataType& quotient_low_limbs_range_constraint_tail = std::get<69>(this->_data); + DataType& quotient_high_limbs_range_constraint_0 = std::get<70>(this->_data); + DataType& quotient_high_limbs_range_constraint_1 = std::get<71>(this->_data); + DataType& quotient_high_limbs_range_constraint_2 = std::get<72>(this->_data); + DataType& quotient_high_limbs_range_constraint_3 = std::get<73>(this->_data); + DataType& quotient_high_limbs_range_constraint_4 = std::get<74>(this->_data); + DataType& quotient_high_limbs_range_constraint_tail = std::get<75>(this->_data); + DataType& relation_wide_limbs = std::get<76>(this->_data); + DataType& relation_wide_limbs_range_constraint_0 = std::get<77>(this->_data); + DataType& relation_wide_limbs_range_constraint_1 = std::get<78>(this->_data); + DataType& relation_wide_limbs_range_constraint_2 = std::get<79>(this->_data); + DataType& relation_wide_limbs_range_constraint_3 = std::get<80>(this->_data); + DataType& concatenated_range_constraints_0 = std::get<81>(this->_data); + DataType& concatenated_range_constraints_1 = std::get<82>(this->_data); + DataType& concatenated_range_constraints_2 = std::get<83>(this->_data); + DataType& concatenated_range_constraints_3 = std::get<84>(this->_data); + DataType& ordered_range_constraints_0 = std::get<85>(this->_data); + DataType& ordered_range_constraints_1 = std::get<86>(this->_data); + DataType& ordered_range_constraints_2 = std::get<87>(this->_data); + DataType& ordered_range_constraints_3 = std::get<88>(this->_data); + DataType& ordered_range_constraints_4 = std::get<89>(this->_data); + DataType& z_perm = std::get<90>(this->_data); + + std::vector get_wires() override + { + return { op, + x_lo_y_hi, + x_hi_z_1, + y_lo_z_2, + p_x_low_limbs, + p_x_low_limbs_range_constraint_0, + p_x_low_limbs_range_constraint_1, + p_x_low_limbs_range_constraint_2, + p_x_low_limbs_range_constraint_3, + p_x_low_limbs_range_constraint_4, + p_x_low_limbs_range_constraint_tail, + p_x_high_limbs, + p_x_high_limbs_range_constraint_0, + p_x_high_limbs_range_constraint_1, + p_x_high_limbs_range_constraint_2, + p_x_high_limbs_range_constraint_3, + p_x_high_limbs_range_constraint_4, + p_x_high_limbs_range_constraint_tail, + p_y_low_limbs, + p_y_low_limbs_range_constraint_0, + p_y_low_limbs_range_constraint_1, + p_y_low_limbs_range_constraint_2, + p_y_low_limbs_range_constraint_3, + p_y_low_limbs_range_constraint_4, + p_y_low_limbs_range_constraint_tail, + p_y_high_limbs, + p_y_high_limbs_range_constraint_0, + p_y_high_limbs_range_constraint_1, + p_y_high_limbs_range_constraint_2, + p_y_high_limbs_range_constraint_3, + p_y_high_limbs_range_constraint_4, + p_y_high_limbs_range_constraint_tail, + z_low_limbs, + z_low_limbs_range_constraint_0, + z_low_limbs_range_constraint_1, + z_low_limbs_range_constraint_2, + z_low_limbs_range_constraint_3, + z_low_limbs_range_constraint_4, + z_low_limbs_range_constraint_tail, + z_high_limbs, + z_high_limbs_range_constraint_0, + z_high_limbs_range_constraint_1, + z_high_limbs_range_constraint_2, + z_high_limbs_range_constraint_3, + z_high_limbs_range_constraint_4, + z_high_limbs_range_constraint_tail, + accumulators_binary_limbs_0, + accumulators_binary_limbs_1, + accumulators_binary_limbs_2, + accumulators_binary_limbs_3, + accumulator_low_limbs_range_constraint_0, + accumulator_low_limbs_range_constraint_1, + accumulator_low_limbs_range_constraint_2, + accumulator_low_limbs_range_constraint_3, + accumulator_low_limbs_range_constraint_4, + accumulator_low_limbs_range_constraint_tail, + accumulator_high_limbs_range_constraint_0, + accumulator_high_limbs_range_constraint_1, + accumulator_high_limbs_range_constraint_2, + accumulator_high_limbs_range_constraint_3, + accumulator_high_limbs_range_constraint_4, + accumulator_high_limbs_range_constraint_tail, + quotient_low_binary_limbs, + quotient_high_binary_limbs, + quotient_low_limbs_range_constraint_0, + quotient_low_limbs_range_constraint_1, + quotient_low_limbs_range_constraint_2, + quotient_low_limbs_range_constraint_3, + quotient_low_limbs_range_constraint_4, + quotient_low_limbs_range_constraint_tail, + quotient_high_limbs_range_constraint_0, + quotient_high_limbs_range_constraint_1, + quotient_high_limbs_range_constraint_2, + quotient_high_limbs_range_constraint_3, + quotient_high_limbs_range_constraint_4, + quotient_high_limbs_range_constraint_tail, + relation_wide_limbs, + relation_wide_limbs_range_constraint_0, + relation_wide_limbs_range_constraint_1, + relation_wide_limbs_range_constraint_2, + relation_wide_limbs_range_constraint_3, + ordered_range_constraints_0, + ordered_range_constraints_1, + ordered_range_constraints_2, + ordered_range_constraints_3, + ordered_range_constraints_4 }; + }; + + /** + * @brief Get the polynomials that need to be constructed from other polynomials by concatenation + * + * @return std::vector + */ + std::vector get_concatenated_constraints() + { + return { concatenated_range_constraints_0, + concatenated_range_constraints_1, + concatenated_range_constraints_2, + concatenated_range_constraints_3 }; + } + + /** + * @brief Get the polynomials that are concatenated for the permutation relation + * + * @return std::vector> + */ + std::vector> get_concatenation_groups() + { + return { + { + p_x_low_limbs_range_constraint_0, + p_x_low_limbs_range_constraint_1, + p_x_low_limbs_range_constraint_2, + p_x_low_limbs_range_constraint_3, + p_x_low_limbs_range_constraint_4, + p_x_low_limbs_range_constraint_tail, + p_x_high_limbs_range_constraint_0, + p_x_high_limbs_range_constraint_1, + p_x_high_limbs_range_constraint_2, + p_x_high_limbs_range_constraint_3, + p_x_high_limbs_range_constraint_4, + p_x_high_limbs_range_constraint_tail, + p_y_low_limbs_range_constraint_0, + p_y_low_limbs_range_constraint_1, + p_y_low_limbs_range_constraint_2, + p_y_low_limbs_range_constraint_3, + }, + { + p_y_low_limbs_range_constraint_4, + p_y_low_limbs_range_constraint_tail, + p_y_high_limbs_range_constraint_0, + p_y_high_limbs_range_constraint_1, + p_y_high_limbs_range_constraint_2, + p_y_high_limbs_range_constraint_3, + p_y_high_limbs_range_constraint_4, + p_y_high_limbs_range_constraint_tail, + z_low_limbs_range_constraint_0, + z_low_limbs_range_constraint_1, + z_low_limbs_range_constraint_2, + z_low_limbs_range_constraint_3, + z_low_limbs_range_constraint_4, + z_low_limbs_range_constraint_tail, + z_high_limbs_range_constraint_0, + z_high_limbs_range_constraint_1, + }, + { + z_high_limbs_range_constraint_2, + z_high_limbs_range_constraint_3, + z_high_limbs_range_constraint_4, + z_high_limbs_range_constraint_tail, + accumulator_low_limbs_range_constraint_0, + accumulator_low_limbs_range_constraint_1, + accumulator_low_limbs_range_constraint_2, + accumulator_low_limbs_range_constraint_3, + accumulator_low_limbs_range_constraint_4, + accumulator_low_limbs_range_constraint_tail, + accumulator_high_limbs_range_constraint_0, + accumulator_high_limbs_range_constraint_1, + accumulator_high_limbs_range_constraint_2, + accumulator_high_limbs_range_constraint_3, + accumulator_high_limbs_range_constraint_4, + accumulator_high_limbs_range_constraint_tail, + }, + { + quotient_low_limbs_range_constraint_0, + quotient_low_limbs_range_constraint_1, + quotient_low_limbs_range_constraint_2, + quotient_low_limbs_range_constraint_3, + quotient_low_limbs_range_constraint_4, + quotient_low_limbs_range_constraint_tail, + quotient_high_limbs_range_constraint_0, + quotient_high_limbs_range_constraint_1, + quotient_high_limbs_range_constraint_2, + quotient_high_limbs_range_constraint_3, + quotient_high_limbs_range_constraint_4, + quotient_high_limbs_range_constraint_tail, + relation_wide_limbs_range_constraint_0, + relation_wide_limbs_range_constraint_1, + relation_wide_limbs_range_constraint_2, + relation_wide_limbs_range_constraint_3, + }, + }; + }; + }; + + /** + * @brief A base class labelling all entities (for instance, all of the polynomials used by the prover during + * sumcheck) in this Honk variant along with particular subsets of interest + * @details Used to build containers for: the prover's polynomial during sumcheck; the sumcheck's folded + * polynomials; the univariates consturcted during during sumcheck; the evaluations produced by sumcheck. + * + * Symbolically we have: AllEntities = PrecomputedEntities + WitnessEntities + "shiftEntities". It could be + * implemented as such, but we have this now. + */ + template + class AllEntities : public AllEntities_ { + public: + DataType& op = std::get<0>(this->_data); + DataType& x_lo_y_hi = std::get<1>(this->_data); + DataType& x_hi_z_1 = std::get<2>(this->_data); + DataType& y_lo_z_2 = std::get<3>(this->_data); + DataType& p_x_low_limbs = std::get<4>(this->_data); + DataType& p_x_low_limbs_range_constraint_0 = std::get<5>(this->_data); + DataType& p_x_low_limbs_range_constraint_1 = std::get<6>(this->_data); + DataType& p_x_low_limbs_range_constraint_2 = std::get<7>(this->_data); + DataType& p_x_low_limbs_range_constraint_3 = std::get<8>(this->_data); + DataType& p_x_low_limbs_range_constraint_4 = std::get<9>(this->_data); + DataType& p_x_low_limbs_range_constraint_tail = std::get<10>(this->_data); + DataType& p_x_high_limbs = std::get<11>(this->_data); + DataType& p_x_high_limbs_range_constraint_0 = std::get<12>(this->_data); + DataType& p_x_high_limbs_range_constraint_1 = std::get<13>(this->_data); + DataType& p_x_high_limbs_range_constraint_2 = std::get<14>(this->_data); + DataType& p_x_high_limbs_range_constraint_3 = std::get<15>(this->_data); + DataType& p_x_high_limbs_range_constraint_4 = std::get<16>(this->_data); + DataType& p_x_high_limbs_range_constraint_tail = std::get<17>(this->_data); + DataType& p_y_low_limbs = std::get<18>(this->_data); + DataType& p_y_low_limbs_range_constraint_0 = std::get<19>(this->_data); + DataType& p_y_low_limbs_range_constraint_1 = std::get<20>(this->_data); + DataType& p_y_low_limbs_range_constraint_2 = std::get<21>(this->_data); + DataType& p_y_low_limbs_range_constraint_3 = std::get<22>(this->_data); + DataType& p_y_low_limbs_range_constraint_4 = std::get<23>(this->_data); + DataType& p_y_low_limbs_range_constraint_tail = std::get<24>(this->_data); + DataType& p_y_high_limbs = std::get<25>(this->_data); + DataType& p_y_high_limbs_range_constraint_0 = std::get<26>(this->_data); + DataType& p_y_high_limbs_range_constraint_1 = std::get<27>(this->_data); + DataType& p_y_high_limbs_range_constraint_2 = std::get<28>(this->_data); + DataType& p_y_high_limbs_range_constraint_3 = std::get<29>(this->_data); + DataType& p_y_high_limbs_range_constraint_4 = std::get<30>(this->_data); + DataType& p_y_high_limbs_range_constraint_tail = std::get<31>(this->_data); + DataType& z_low_limbs = std::get<32>(this->_data); + DataType& z_low_limbs_range_constraint_0 = std::get<33>(this->_data); + DataType& z_low_limbs_range_constraint_1 = std::get<34>(this->_data); + DataType& z_low_limbs_range_constraint_2 = std::get<35>(this->_data); + DataType& z_low_limbs_range_constraint_3 = std::get<36>(this->_data); + DataType& z_low_limbs_range_constraint_4 = std::get<37>(this->_data); + DataType& z_low_limbs_range_constraint_tail = std::get<38>(this->_data); + DataType& z_high_limbs = std::get<39>(this->_data); + DataType& z_high_limbs_range_constraint_0 = std::get<40>(this->_data); + DataType& z_high_limbs_range_constraint_1 = std::get<41>(this->_data); + DataType& z_high_limbs_range_constraint_2 = std::get<42>(this->_data); + DataType& z_high_limbs_range_constraint_3 = std::get<43>(this->_data); + DataType& z_high_limbs_range_constraint_4 = std::get<44>(this->_data); + DataType& z_high_limbs_range_constraint_tail = std::get<45>(this->_data); + DataType& accumulators_binary_limbs_0 = std::get<46>(this->_data); + DataType& accumulators_binary_limbs_1 = std::get<47>(this->_data); + DataType& accumulators_binary_limbs_2 = std::get<48>(this->_data); + DataType& accumulators_binary_limbs_3 = std::get<49>(this->_data); + DataType& accumulator_low_limbs_range_constraint_0 = std::get<50>(this->_data); + DataType& accumulator_low_limbs_range_constraint_1 = std::get<51>(this->_data); + DataType& accumulator_low_limbs_range_constraint_2 = std::get<52>(this->_data); + DataType& accumulator_low_limbs_range_constraint_3 = std::get<53>(this->_data); + DataType& accumulator_low_limbs_range_constraint_4 = std::get<54>(this->_data); + DataType& accumulator_low_limbs_range_constraint_tail = std::get<55>(this->_data); + DataType& accumulator_high_limbs_range_constraint_0 = std::get<56>(this->_data); + DataType& accumulator_high_limbs_range_constraint_1 = std::get<57>(this->_data); + DataType& accumulator_high_limbs_range_constraint_2 = std::get<58>(this->_data); + DataType& accumulator_high_limbs_range_constraint_3 = std::get<59>(this->_data); + DataType& accumulator_high_limbs_range_constraint_4 = std::get<60>(this->_data); + DataType& accumulator_high_limbs_range_constraint_tail = std::get<61>(this->_data); + DataType& quotient_low_binary_limbs = std::get<62>(this->_data); + DataType& quotient_high_binary_limbs = std::get<63>(this->_data); + DataType& quotient_low_limbs_range_constraint_0 = std::get<64>(this->_data); + DataType& quotient_low_limbs_range_constraint_1 = std::get<65>(this->_data); + DataType& quotient_low_limbs_range_constraint_2 = std::get<66>(this->_data); + DataType& quotient_low_limbs_range_constraint_3 = std::get<67>(this->_data); + DataType& quotient_low_limbs_range_constraint_4 = std::get<68>(this->_data); + DataType& quotient_low_limbs_range_constraint_tail = std::get<69>(this->_data); + DataType& quotient_high_limbs_range_constraint_0 = std::get<70>(this->_data); + DataType& quotient_high_limbs_range_constraint_1 = std::get<71>(this->_data); + DataType& quotient_high_limbs_range_constraint_2 = std::get<72>(this->_data); + DataType& quotient_high_limbs_range_constraint_3 = std::get<73>(this->_data); + DataType& quotient_high_limbs_range_constraint_4 = std::get<74>(this->_data); + DataType& quotient_high_limbs_range_constraint_tail = std::get<75>(this->_data); + DataType& relation_wide_limbs = std::get<76>(this->_data); + DataType& relation_wide_limbs_range_constraint_0 = std::get<77>(this->_data); + DataType& relation_wide_limbs_range_constraint_1 = std::get<78>(this->_data); + DataType& relation_wide_limbs_range_constraint_2 = std::get<79>(this->_data); + DataType& relation_wide_limbs_range_constraint_3 = std::get<80>(this->_data); + DataType& concatenated_range_constraints_0 = std::get<81>(this->_data); + DataType& concatenated_range_constraints_1 = std::get<82>(this->_data); + DataType& concatenated_range_constraints_2 = std::get<83>(this->_data); + DataType& concatenated_range_constraints_3 = std::get<84>(this->_data); + DataType& ordered_range_constraints_0 = std::get<85>(this->_data); + DataType& ordered_range_constraints_1 = std::get<86>(this->_data); + DataType& ordered_range_constraints_2 = std::get<87>(this->_data); + DataType& ordered_range_constraints_3 = std::get<88>(this->_data); + DataType& ordered_range_constraints_4 = std::get<89>(this->_data); + DataType& z_perm = std::get<90>(this->_data); + DataType& x_lo_y_hi_shift = std::get<91>(this->_data); + DataType& x_hi_z_1_shift = std::get<92>(this->_data); + DataType& y_lo_z_2_shift = std::get<93>(this->_data); + DataType& p_x_low_limbs_shift = std::get<94>(this->_data); + DataType& p_x_low_limbs_range_constraint_0_shift = std::get<95>(this->_data); + DataType& p_x_low_limbs_range_constraint_1_shift = std::get<96>(this->_data); + DataType& p_x_low_limbs_range_constraint_2_shift = std::get<97>(this->_data); + DataType& p_x_low_limbs_range_constraint_3_shift = std::get<98>(this->_data); + DataType& p_x_low_limbs_range_constraint_4_shift = std::get<99>(this->_data); + DataType& p_x_low_limbs_range_constraint_tail_shift = std::get<100>(this->_data); + DataType& p_x_high_limbs_shift = std::get<101>(this->_data); + DataType& p_x_high_limbs_range_constraint_0_shift = std::get<102>(this->_data); + DataType& p_x_high_limbs_range_constraint_1_shift = std::get<103>(this->_data); + DataType& p_x_high_limbs_range_constraint_2_shift = std::get<104>(this->_data); + DataType& p_x_high_limbs_range_constraint_3_shift = std::get<105>(this->_data); + DataType& p_x_high_limbs_range_constraint_4_shift = std::get<106>(this->_data); + DataType& p_x_high_limbs_range_constraint_tail_shift = std::get<107>(this->_data); + DataType& p_y_low_limbs_shift = std::get<108>(this->_data); + DataType& p_y_low_limbs_range_constraint_0_shift = std::get<109>(this->_data); + DataType& p_y_low_limbs_range_constraint_1_shift = std::get<110>(this->_data); + DataType& p_y_low_limbs_range_constraint_2_shift = std::get<111>(this->_data); + DataType& p_y_low_limbs_range_constraint_3_shift = std::get<112>(this->_data); + DataType& p_y_low_limbs_range_constraint_4_shift = std::get<113>(this->_data); + DataType& p_y_low_limbs_range_constraint_tail_shift = std::get<114>(this->_data); + DataType& p_y_high_limbs_shift = std::get<115>(this->_data); + DataType& p_y_high_limbs_range_constraint_0_shift = std::get<116>(this->_data); + DataType& p_y_high_limbs_range_constraint_1_shift = std::get<117>(this->_data); + DataType& p_y_high_limbs_range_constraint_2_shift = std::get<118>(this->_data); + DataType& p_y_high_limbs_range_constraint_3_shift = std::get<119>(this->_data); + DataType& p_y_high_limbs_range_constraint_4_shift = std::get<120>(this->_data); + DataType& p_y_high_limbs_range_constraint_tail_shift = std::get<121>(this->_data); + DataType& z_low_limbs_shift = std::get<122>(this->_data); + DataType& z_low_limbs_range_constraint_0_shift = std::get<123>(this->_data); + DataType& z_low_limbs_range_constraint_1_shift = std::get<124>(this->_data); + DataType& z_low_limbs_range_constraint_2_shift = std::get<125>(this->_data); + DataType& z_low_limbs_range_constraint_3_shift = std::get<126>(this->_data); + DataType& z_low_limbs_range_constraint_4_shift = std::get<127>(this->_data); + DataType& z_low_limbs_range_constraint_tail_shift = std::get<128>(this->_data); + DataType& z_high_limbs_shift = std::get<129>(this->_data); + DataType& z_high_limbs_range_constraint_0_shift = std::get<130>(this->_data); + DataType& z_high_limbs_range_constraint_1_shift = std::get<131>(this->_data); + DataType& z_high_limbs_range_constraint_2_shift = std::get<132>(this->_data); + DataType& z_high_limbs_range_constraint_3_shift = std::get<133>(this->_data); + DataType& z_high_limbs_range_constraint_4_shift = std::get<134>(this->_data); + DataType& z_high_limbs_range_constraint_tail_shift = std::get<135>(this->_data); + DataType& accumulators_binary_limbs_0_shift = std::get<136>(this->_data); + DataType& accumulators_binary_limbs_1_shift = std::get<137>(this->_data); + DataType& accumulators_binary_limbs_2_shift = std::get<138>(this->_data); + DataType& accumulators_binary_limbs_3_shift = std::get<139>(this->_data); + DataType& accumulator_low_limbs_range_constraint_0_shift = std::get<140>(this->_data); + DataType& accumulator_low_limbs_range_constraint_1_shift = std::get<141>(this->_data); + DataType& accumulator_low_limbs_range_constraint_2_shift = std::get<142>(this->_data); + DataType& accumulator_low_limbs_range_constraint_3_shift = std::get<143>(this->_data); + DataType& accumulator_low_limbs_range_constraint_4_shift = std::get<144>(this->_data); + DataType& accumulator_low_limbs_range_constraint_tail_shift = std::get<145>(this->_data); + DataType& accumulator_high_limbs_range_constraint_0_shift = std::get<146>(this->_data); + DataType& accumulator_high_limbs_range_constraint_1_shift = std::get<147>(this->_data); + DataType& accumulator_high_limbs_range_constraint_2_shift = std::get<148>(this->_data); + DataType& accumulator_high_limbs_range_constraint_3_shift = std::get<149>(this->_data); + DataType& accumulator_high_limbs_range_constraint_4_shift = std::get<150>(this->_data); + DataType& accumulator_high_limbs_range_constraint_tail_shift = std::get<151>(this->_data); + DataType& quotient_low_binary_limbs_shift = std::get<152>(this->_data); + DataType& quotient_high_binary_limbs_shift = std::get<153>(this->_data); + DataType& quotient_low_limbs_range_constraint_0_shift = std::get<154>(this->_data); + DataType& quotient_low_limbs_range_constraint_1_shift = std::get<155>(this->_data); + DataType& quotient_low_limbs_range_constraint_2_shift = std::get<156>(this->_data); + DataType& quotient_low_limbs_range_constraint_3_shift = std::get<157>(this->_data); + DataType& quotient_low_limbs_range_constraint_4_shift = std::get<158>(this->_data); + DataType& quotient_low_limbs_range_constraint_tail_shift = std::get<159>(this->_data); + DataType& quotient_high_limbs_range_constraint_0_shift = std::get<160>(this->_data); + DataType& quotient_high_limbs_range_constraint_1_shift = std::get<161>(this->_data); + DataType& quotient_high_limbs_range_constraint_2_shift = std::get<162>(this->_data); + DataType& quotient_high_limbs_range_constraint_3_shift = std::get<163>(this->_data); + DataType& quotient_high_limbs_range_constraint_4_shift = std::get<164>(this->_data); + DataType& quotient_high_limbs_range_constraint_tail_shift = std::get<165>(this->_data); + DataType& relation_wide_limbs_shift = std::get<166>(this->_data); + DataType& relation_wide_limbs_range_constraint_0_shift = std::get<167>(this->_data); + DataType& relation_wide_limbs_range_constraint_1_shift = std::get<168>(this->_data); + DataType& relation_wide_limbs_range_constraint_2_shift = std::get<169>(this->_data); + DataType& relation_wide_limbs_range_constraint_3_shift = std::get<170>(this->_data); + DataType& ordered_range_constraints_0_shift = std::get<171>(this->_data); + DataType& ordered_range_constraints_1_shift = std::get<172>(this->_data); + DataType& ordered_range_constraints_2_shift = std::get<173>(this->_data); + DataType& ordered_range_constraints_3_shift = std::get<174>(this->_data); + DataType& ordered_range_constraints_4_shift = std::get<175>(this->_data); + DataType& z_perm_shift = std::get<176>(this->_data); + DataType& lagrange_first = std::get<177>(this->_data); + DataType& lagrange_last = std::get<178>(this->_data); + DataType& lagrange_odd_in_minicircuit = std::get<179>(this->_data); + DataType& lagrange_even_in_minicircuit = std::get<180>(this->_data); + DataType& lagrange_second = std::get<181>(this->_data); + DataType& lagrange_second_to_last_in_minicircuit = std::get<182>(this->_data); + DataType& ordered_extra_range_constraints_numerator = std::get<183>(this->_data); + + std::vector get_wires() override + { + + return { op, + x_lo_y_hi, + x_hi_z_1, + y_lo_z_2, + p_x_low_limbs, + p_x_low_limbs_range_constraint_0, + p_x_low_limbs_range_constraint_1, + p_x_low_limbs_range_constraint_2, + p_x_low_limbs_range_constraint_3, + p_x_low_limbs_range_constraint_4, + p_x_low_limbs_range_constraint_tail, + p_x_high_limbs, + p_x_high_limbs_range_constraint_0, + p_x_high_limbs_range_constraint_1, + p_x_high_limbs_range_constraint_2, + p_x_high_limbs_range_constraint_3, + p_x_high_limbs_range_constraint_4, + p_x_high_limbs_range_constraint_tail, + p_y_low_limbs, + p_y_low_limbs_range_constraint_0, + p_y_low_limbs_range_constraint_1, + p_y_low_limbs_range_constraint_2, + p_y_low_limbs_range_constraint_3, + p_y_low_limbs_range_constraint_4, + p_y_low_limbs_range_constraint_tail, + p_y_high_limbs, + p_y_high_limbs_range_constraint_0, + p_y_high_limbs_range_constraint_1, + p_y_high_limbs_range_constraint_2, + p_y_high_limbs_range_constraint_3, + p_y_high_limbs_range_constraint_4, + p_y_high_limbs_range_constraint_tail, + z_low_limbs, + z_low_limbs_range_constraint_0, + z_low_limbs_range_constraint_1, + z_low_limbs_range_constraint_2, + z_low_limbs_range_constraint_3, + z_low_limbs_range_constraint_4, + z_low_limbs_range_constraint_tail, + z_high_limbs, + z_high_limbs_range_constraint_0, + z_high_limbs_range_constraint_1, + z_high_limbs_range_constraint_2, + z_high_limbs_range_constraint_3, + z_high_limbs_range_constraint_4, + z_high_limbs_range_constraint_tail, + accumulators_binary_limbs_0, + accumulators_binary_limbs_1, + accumulators_binary_limbs_2, + accumulators_binary_limbs_3, + accumulator_low_limbs_range_constraint_0, + accumulator_low_limbs_range_constraint_1, + accumulator_low_limbs_range_constraint_2, + accumulator_low_limbs_range_constraint_3, + accumulator_low_limbs_range_constraint_4, + accumulator_low_limbs_range_constraint_tail, + accumulator_high_limbs_range_constraint_0, + accumulator_high_limbs_range_constraint_1, + accumulator_high_limbs_range_constraint_2, + accumulator_high_limbs_range_constraint_3, + accumulator_high_limbs_range_constraint_4, + accumulator_high_limbs_range_constraint_tail, + quotient_low_binary_limbs, + quotient_high_binary_limbs, + quotient_low_limbs_range_constraint_0, + quotient_low_limbs_range_constraint_1, + quotient_low_limbs_range_constraint_2, + quotient_low_limbs_range_constraint_3, + quotient_low_limbs_range_constraint_4, + quotient_low_limbs_range_constraint_tail, + quotient_high_limbs_range_constraint_0, + quotient_high_limbs_range_constraint_1, + quotient_high_limbs_range_constraint_2, + quotient_high_limbs_range_constraint_3, + quotient_high_limbs_range_constraint_4, + quotient_high_limbs_range_constraint_tail, + relation_wide_limbs, + relation_wide_limbs_range_constraint_0, + relation_wide_limbs_range_constraint_1, + relation_wide_limbs_range_constraint_2, + relation_wide_limbs_range_constraint_3, + ordered_range_constraints_0, + ordered_range_constraints_1, + ordered_range_constraints_2, + ordered_range_constraints_3, + ordered_range_constraints_4 }; + }; + + /** + * @brief Get the polynomials that are concatenated for the permutation relation + * + * @return std::vector> + */ + std::vector> get_concatenation_groups() + { + return { + { + p_x_low_limbs_range_constraint_0, + p_x_low_limbs_range_constraint_1, + p_x_low_limbs_range_constraint_2, + p_x_low_limbs_range_constraint_3, + p_x_low_limbs_range_constraint_4, + p_x_low_limbs_range_constraint_tail, + p_x_high_limbs_range_constraint_0, + p_x_high_limbs_range_constraint_1, + p_x_high_limbs_range_constraint_2, + p_x_high_limbs_range_constraint_3, + p_x_high_limbs_range_constraint_4, + p_x_high_limbs_range_constraint_tail, + p_y_low_limbs_range_constraint_0, + p_y_low_limbs_range_constraint_1, + p_y_low_limbs_range_constraint_2, + p_y_low_limbs_range_constraint_3, + }, + { + p_y_low_limbs_range_constraint_4, + p_y_low_limbs_range_constraint_tail, + p_y_high_limbs_range_constraint_0, + p_y_high_limbs_range_constraint_1, + p_y_high_limbs_range_constraint_2, + p_y_high_limbs_range_constraint_3, + p_y_high_limbs_range_constraint_4, + p_y_high_limbs_range_constraint_tail, + z_low_limbs_range_constraint_0, + z_low_limbs_range_constraint_1, + z_low_limbs_range_constraint_2, + z_low_limbs_range_constraint_3, + z_low_limbs_range_constraint_4, + z_low_limbs_range_constraint_tail, + z_high_limbs_range_constraint_0, + z_high_limbs_range_constraint_1, + }, + { + z_high_limbs_range_constraint_2, + z_high_limbs_range_constraint_3, + z_high_limbs_range_constraint_4, + z_high_limbs_range_constraint_tail, + accumulator_low_limbs_range_constraint_0, + accumulator_low_limbs_range_constraint_1, + accumulator_low_limbs_range_constraint_2, + accumulator_low_limbs_range_constraint_3, + accumulator_low_limbs_range_constraint_4, + accumulator_low_limbs_range_constraint_tail, + accumulator_high_limbs_range_constraint_0, + accumulator_high_limbs_range_constraint_1, + accumulator_high_limbs_range_constraint_2, + accumulator_high_limbs_range_constraint_3, + accumulator_high_limbs_range_constraint_4, + accumulator_high_limbs_range_constraint_tail, + }, + { + quotient_low_limbs_range_constraint_0, + quotient_low_limbs_range_constraint_1, + quotient_low_limbs_range_constraint_2, + quotient_low_limbs_range_constraint_3, + quotient_low_limbs_range_constraint_4, + quotient_low_limbs_range_constraint_tail, + quotient_high_limbs_range_constraint_0, + quotient_high_limbs_range_constraint_1, + quotient_high_limbs_range_constraint_2, + quotient_high_limbs_range_constraint_3, + quotient_high_limbs_range_constraint_4, + quotient_high_limbs_range_constraint_tail, + relation_wide_limbs_range_constraint_0, + relation_wide_limbs_range_constraint_1, + relation_wide_limbs_range_constraint_2, + relation_wide_limbs_range_constraint_3, + }, + }; + } + /** + * @brief Get the polynomials that need to be constructed from other polynomials by concatenation + * + * @return std::vector + */ + std::vector get_concatenated_constraints() + { + return { concatenated_range_constraints_0, + concatenated_range_constraints_1, + concatenated_range_constraints_2, + concatenated_range_constraints_3 }; + }; + /** + * @brief Get the polynomials from the grand product denominator + * + * @return std::vector + */ + std::vector get_ordered_constraints() + { + return { ordered_range_constraints_0, + ordered_range_constraints_1, + ordered_range_constraints_2, + ordered_range_constraints_3, + ordered_range_constraints_4 }; + }; + + // Gemini-specific getters. + std::vector get_unshifted() override + { + return { + op, + x_lo_y_hi, + x_hi_z_1, + y_lo_z_2, + p_x_low_limbs, + p_x_low_limbs_range_constraint_0, + p_x_low_limbs_range_constraint_1, + p_x_low_limbs_range_constraint_2, + p_x_low_limbs_range_constraint_3, + p_x_low_limbs_range_constraint_4, + p_x_low_limbs_range_constraint_tail, + p_x_high_limbs, + p_x_high_limbs_range_constraint_0, + p_x_high_limbs_range_constraint_1, + p_x_high_limbs_range_constraint_2, + p_x_high_limbs_range_constraint_3, + p_x_high_limbs_range_constraint_4, + p_x_high_limbs_range_constraint_tail, + p_y_low_limbs, + p_y_low_limbs_range_constraint_0, + p_y_low_limbs_range_constraint_1, + p_y_low_limbs_range_constraint_2, + p_y_low_limbs_range_constraint_3, + p_y_low_limbs_range_constraint_4, + p_y_low_limbs_range_constraint_tail, + p_y_high_limbs, + p_y_high_limbs_range_constraint_0, + p_y_high_limbs_range_constraint_1, + p_y_high_limbs_range_constraint_2, + p_y_high_limbs_range_constraint_3, + p_y_high_limbs_range_constraint_4, + p_y_high_limbs_range_constraint_tail, + z_low_limbs, + z_low_limbs_range_constraint_0, + z_low_limbs_range_constraint_1, + z_low_limbs_range_constraint_2, + z_low_limbs_range_constraint_3, + z_low_limbs_range_constraint_4, + z_low_limbs_range_constraint_tail, + z_high_limbs, + z_high_limbs_range_constraint_0, + z_high_limbs_range_constraint_1, + z_high_limbs_range_constraint_2, + z_high_limbs_range_constraint_3, + z_high_limbs_range_constraint_4, + z_high_limbs_range_constraint_tail, + accumulators_binary_limbs_0, + accumulators_binary_limbs_1, + accumulators_binary_limbs_2, + accumulators_binary_limbs_3, + accumulator_low_limbs_range_constraint_0, + accumulator_low_limbs_range_constraint_1, + accumulator_low_limbs_range_constraint_2, + accumulator_low_limbs_range_constraint_3, + accumulator_low_limbs_range_constraint_4, + accumulator_low_limbs_range_constraint_tail, + accumulator_high_limbs_range_constraint_0, + accumulator_high_limbs_range_constraint_1, + accumulator_high_limbs_range_constraint_2, + accumulator_high_limbs_range_constraint_3, + accumulator_high_limbs_range_constraint_4, + accumulator_high_limbs_range_constraint_tail, + quotient_low_binary_limbs, + quotient_high_binary_limbs, + quotient_low_limbs_range_constraint_0, + quotient_low_limbs_range_constraint_1, + quotient_low_limbs_range_constraint_2, + quotient_low_limbs_range_constraint_3, + quotient_low_limbs_range_constraint_4, + quotient_low_limbs_range_constraint_tail, + quotient_high_limbs_range_constraint_0, + quotient_high_limbs_range_constraint_1, + quotient_high_limbs_range_constraint_2, + quotient_high_limbs_range_constraint_3, + quotient_high_limbs_range_constraint_4, + quotient_high_limbs_range_constraint_tail, + relation_wide_limbs, + relation_wide_limbs_range_constraint_0, + relation_wide_limbs_range_constraint_1, + relation_wide_limbs_range_constraint_2, + relation_wide_limbs_range_constraint_3, + ordered_range_constraints_0, + ordered_range_constraints_1, + ordered_range_constraints_2, + ordered_range_constraints_3, + ordered_range_constraints_4, + z_perm, + + lagrange_first, + lagrange_last, + lagrange_odd_in_minicircuit, + lagrange_even_in_minicircuit, + lagrange_second, + lagrange_second_to_last_in_minicircuit, + ordered_extra_range_constraints_numerator, + + }; + }; + std::vector get_to_be_shifted() override + { + return { + x_lo_y_hi, + x_hi_z_1, + y_lo_z_2, + p_x_low_limbs, + p_x_low_limbs_range_constraint_0, + p_x_low_limbs_range_constraint_1, + p_x_low_limbs_range_constraint_2, + p_x_low_limbs_range_constraint_3, + p_x_low_limbs_range_constraint_4, + p_x_low_limbs_range_constraint_tail, + p_x_high_limbs, + p_x_high_limbs_range_constraint_0, + p_x_high_limbs_range_constraint_1, + p_x_high_limbs_range_constraint_2, + p_x_high_limbs_range_constraint_3, + p_x_high_limbs_range_constraint_4, + p_x_high_limbs_range_constraint_tail, + p_y_low_limbs, + p_y_low_limbs_range_constraint_0, + p_y_low_limbs_range_constraint_1, + p_y_low_limbs_range_constraint_2, + p_y_low_limbs_range_constraint_3, + p_y_low_limbs_range_constraint_4, + p_y_low_limbs_range_constraint_tail, + p_y_high_limbs, + p_y_high_limbs_range_constraint_0, + p_y_high_limbs_range_constraint_1, + p_y_high_limbs_range_constraint_2, + p_y_high_limbs_range_constraint_3, + p_y_high_limbs_range_constraint_4, + p_y_high_limbs_range_constraint_tail, + z_low_limbs, + z_low_limbs_range_constraint_0, + z_low_limbs_range_constraint_1, + z_low_limbs_range_constraint_2, + z_low_limbs_range_constraint_3, + z_low_limbs_range_constraint_4, + z_low_limbs_range_constraint_tail, + z_high_limbs, + z_high_limbs_range_constraint_0, + z_high_limbs_range_constraint_1, + z_high_limbs_range_constraint_2, + z_high_limbs_range_constraint_3, + z_high_limbs_range_constraint_4, + z_high_limbs_range_constraint_tail, + accumulators_binary_limbs_0, + accumulators_binary_limbs_1, + accumulators_binary_limbs_2, + accumulators_binary_limbs_3, + accumulator_low_limbs_range_constraint_0, + accumulator_low_limbs_range_constraint_1, + accumulator_low_limbs_range_constraint_2, + accumulator_low_limbs_range_constraint_3, + accumulator_low_limbs_range_constraint_4, + accumulator_low_limbs_range_constraint_tail, + accumulator_high_limbs_range_constraint_0, + accumulator_high_limbs_range_constraint_1, + accumulator_high_limbs_range_constraint_2, + accumulator_high_limbs_range_constraint_3, + accumulator_high_limbs_range_constraint_4, + accumulator_high_limbs_range_constraint_tail, + quotient_low_binary_limbs, + quotient_high_binary_limbs, + quotient_low_limbs_range_constraint_0, + quotient_low_limbs_range_constraint_1, + quotient_low_limbs_range_constraint_2, + quotient_low_limbs_range_constraint_3, + quotient_low_limbs_range_constraint_4, + quotient_low_limbs_range_constraint_tail, + quotient_high_limbs_range_constraint_0, + quotient_high_limbs_range_constraint_1, + quotient_high_limbs_range_constraint_2, + quotient_high_limbs_range_constraint_3, + quotient_high_limbs_range_constraint_4, + quotient_high_limbs_range_constraint_tail, + relation_wide_limbs, + relation_wide_limbs_range_constraint_0, + relation_wide_limbs_range_constraint_1, + relation_wide_limbs_range_constraint_2, + relation_wide_limbs_range_constraint_3, + ordered_range_constraints_0, + ordered_range_constraints_1, + ordered_range_constraints_2, + ordered_range_constraints_3, + ordered_range_constraints_4, + + z_perm, + }; + }; + std::vector get_shifted() override + { + return { + x_lo_y_hi_shift, + x_hi_z_1_shift, + y_lo_z_2_shift, + p_x_low_limbs_shift, + p_x_low_limbs_range_constraint_0_shift, + p_x_low_limbs_range_constraint_1_shift, + p_x_low_limbs_range_constraint_2_shift, + p_x_low_limbs_range_constraint_3_shift, + p_x_low_limbs_range_constraint_4_shift, + p_x_low_limbs_range_constraint_tail_shift, + p_x_high_limbs_shift, + p_x_high_limbs_range_constraint_0_shift, + p_x_high_limbs_range_constraint_1_shift, + p_x_high_limbs_range_constraint_2_shift, + p_x_high_limbs_range_constraint_3_shift, + p_x_high_limbs_range_constraint_4_shift, + p_x_high_limbs_range_constraint_tail_shift, + p_y_low_limbs_shift, + p_y_low_limbs_range_constraint_0_shift, + p_y_low_limbs_range_constraint_1_shift, + p_y_low_limbs_range_constraint_2_shift, + p_y_low_limbs_range_constraint_3_shift, + p_y_low_limbs_range_constraint_4_shift, + p_y_low_limbs_range_constraint_tail_shift, + p_y_high_limbs_shift, + p_y_high_limbs_range_constraint_0_shift, + p_y_high_limbs_range_constraint_1_shift, + p_y_high_limbs_range_constraint_2_shift, + p_y_high_limbs_range_constraint_3_shift, + p_y_high_limbs_range_constraint_4_shift, + p_y_high_limbs_range_constraint_tail_shift, + z_low_limbs_shift, + z_low_limbs_range_constraint_0_shift, + z_low_limbs_range_constraint_1_shift, + z_low_limbs_range_constraint_2_shift, + z_low_limbs_range_constraint_3_shift, + z_low_limbs_range_constraint_4_shift, + z_low_limbs_range_constraint_tail_shift, + z_high_limbs_shift, + z_high_limbs_range_constraint_0_shift, + z_high_limbs_range_constraint_1_shift, + z_high_limbs_range_constraint_2_shift, + z_high_limbs_range_constraint_3_shift, + z_high_limbs_range_constraint_4_shift, + z_high_limbs_range_constraint_tail_shift, + accumulators_binary_limbs_0_shift, + accumulators_binary_limbs_1_shift, + accumulators_binary_limbs_2_shift, + accumulators_binary_limbs_3_shift, + accumulator_low_limbs_range_constraint_0_shift, + accumulator_low_limbs_range_constraint_1_shift, + accumulator_low_limbs_range_constraint_2_shift, + accumulator_low_limbs_range_constraint_3_shift, + accumulator_low_limbs_range_constraint_4_shift, + accumulator_low_limbs_range_constraint_tail_shift, + accumulator_high_limbs_range_constraint_0_shift, + accumulator_high_limbs_range_constraint_1_shift, + accumulator_high_limbs_range_constraint_2_shift, + accumulator_high_limbs_range_constraint_3_shift, + accumulator_high_limbs_range_constraint_4_shift, + accumulator_high_limbs_range_constraint_tail_shift, + quotient_low_binary_limbs_shift, + quotient_high_binary_limbs_shift, + quotient_low_limbs_range_constraint_0_shift, + quotient_low_limbs_range_constraint_1_shift, + quotient_low_limbs_range_constraint_2_shift, + quotient_low_limbs_range_constraint_3_shift, + quotient_low_limbs_range_constraint_4_shift, + quotient_low_limbs_range_constraint_tail_shift, + quotient_high_limbs_range_constraint_0_shift, + quotient_high_limbs_range_constraint_1_shift, + quotient_high_limbs_range_constraint_2_shift, + quotient_high_limbs_range_constraint_3_shift, + quotient_high_limbs_range_constraint_4_shift, + quotient_high_limbs_range_constraint_tail_shift, + relation_wide_limbs_shift, + relation_wide_limbs_range_constraint_0_shift, + relation_wide_limbs_range_constraint_1_shift, + relation_wide_limbs_range_constraint_2_shift, + relation_wide_limbs_range_constraint_3_shift, + ordered_range_constraints_0_shift, + ordered_range_constraints_1_shift, + ordered_range_constraints_2_shift, + ordered_range_constraints_3_shift, + ordered_range_constraints_4_shift, + + z_perm_shift, + }; + }; + + /** + * @brief Polynomials/commitments, that can be constructed only after the r challenge has been received from + * gemini + * + * @return std::vector + */ + std::vector get_special() { return get_concatenated_constraints(); } + + std::vector get_unshifted_then_shifted_then_special() + { + std::vector result{ get_unshifted() }; + std::vector shifted{ get_shifted() }; + std::vector special{ get_special() }; + result.insert(result.end(), shifted.begin(), shifted.end()); + result.insert(result.end(), special.begin(), special.end()); + return result; + } + + AllEntities() = default; + + AllEntities(const AllEntities& other) + : AllEntities_(other){}; + + AllEntities(AllEntities&& other) noexcept + : AllEntities_(other){}; + + AllEntities& operator=(const AllEntities& other) + { + if (this == &other) { + return *this; + } + AllEntities_::operator=(other); + return *this; + } + + AllEntities& operator=(AllEntities&& other) noexcept + { + AllEntities_::operator=(other); + return *this; + } + + ~AllEntities() = default; + friend std::ostream& operator<<(std::ostream& os, const AllEntities& a) + { + os << "{ "; + std::ios_base::fmtflags f(os.flags()); + for (size_t i = 0; i < NUM_ALL_ENTITIES - 1; i++) { + os << "e[" << std::setw(2) << i << "] = " << (a._data[i]) << ",\n"; + } + os << "e[" << std::setw(2) << (NUM_ALL_ENTITIES - 1) << "] = " << std::get(a._data) + << " }"; + + os.flags(f); + return os; + } + }; + + public: + /** + * @brief The proving key is responsible for storing the polynomials used by the prover. + * @note TODO(Cody): Maybe multiple inheritance is the right thing here. In that case, nothing should eve + * inherit from ProvingKey. + */ + class ProvingKey : public ProvingKey_, + WitnessEntities> { + public: + BF batching_challenge_v = { 0 }; + BF evaluation_input_x = { 0 }; + ProvingKey() = default; + + // Expose constructors on the base class + using Base = ProvingKey_, + WitnessEntities>; + using Base::Base; + + ProvingKey(const size_t circuit_size) + : ProvingKey_, + WitnessEntities>(circuit_size, 0) + + , batching_challenge_v(0) + , evaluation_input_x(0) + + {} + }; + + /** + * @brief The verification key is responsible for storing the the commitments to the precomputed (non-witnessk) + * polynomials used by the verifier. + * + * @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to + * resolve that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for + * portability of our circuits. + */ + using VerificationKey = VerificationKey_>; + + /** + * @brief A field element for each entity of the flavor. These entities represent the prover polynomials evaluated + * at one point. + */ + class AllValues : public AllEntities { + public: + using Base = AllEntities; + using Base::Base; + AllValues(std::array _data_in) { this->_data = _data_in; } + }; + /** + * @brief A container for the prover polynomials handles; only stores spans. + */ + class ProverPolynomials : public AllEntities { + public: + /** + * @brief Returns the evaluations of all prover polynomials at one point on the boolean hypercube, which + * represents one row in the execution trace. + */ + AllValues get_row(const size_t row_idx) + { + AllValues result; + size_t column_idx = 0; // TODO(https://github.com/AztecProtocol/barretenberg/issues/391) zip + for (auto& column : this->_data) { + result[column_idx] = column[row_idx]; + column_idx++; + } + return result; + } + }; + + /** + * @brief A container for easier mapping of polynomials + */ + using ProverPolynomialIds = AllEntities; + + /** + * @brief An owning container of polynomials. + * @warning When this was introduced it broke some of our design principles. + * - Execution trace builders don't handle "polynomials" because the interpretation of the execution trace columns + * as polynomials is a detail of the proving system, and trace builders are (sometimes in practice, always in + * principle) reusable for different proving protocols (e.g., Plonk and Honk). + * - Polynomial storage is handled by key classes. Polynomials aren't moved, but are accessed elsewhere by + * std::spans. + * + * We will consider revising this data model: TODO(https://github.com/AztecProtocol/barretenberg/issues/743) + */ + class AllPolynomials : public AllEntities { + public: + AllValues get_row(const size_t row_idx) const + { + AllValues result; + size_t column_idx = 0; // // TODO(https://github.com/AztecProtocol/barretenberg/issues/391) zip + for (auto& column : this->_data) { + result[column_idx] = column[row_idx]; + column_idx++; + } + return result; + } + }; + /** + * @brief A container for polynomials produced after the first round of sumcheck. + * @todo TODO(#394) Use polynomial classes for guaranteed memory alignment. + */ + using RowPolynomials = AllEntities; + + /** + * @brief A container for storing the partially evaluated multivariates produced by sumcheck. + */ + class PartiallyEvaluatedMultivariates : public AllEntities { + + public: + PartiallyEvaluatedMultivariates() = default; + PartiallyEvaluatedMultivariates(const size_t circuit_size) + { + // Storage is only needed after the first partial evaluation, hence polynomials of size (n / 2) + for (auto& poly : this->_data) { + poly = Polynomial(circuit_size / 2); + } + } + }; + + /** + * @brief A container for univariates used during sumcheck. + */ + template + using ProverUnivariates = AllEntities, barretenberg::Univariate>; + + /** + * @brief A container for univariates produced during the hot loop in sumcheck. + */ + using ExtendedEdges = ProverUnivariates; + + /** + * @brief A container for commitment labels. + * @note It's debatable whether this should inherit from AllEntities. since most entries are not strictly + * needed. It has, however, been useful during debugging to have these labels available. + * + */ + class CommitmentLabels : public AllEntities { + public: + CommitmentLabels() + { + + this->op = "OP"; + this->x_lo_y_hi = "X_LO_Y_HI"; + this->x_hi_z_1 = "X_HI_Z_1"; + this->y_lo_z_2 = "Y_LO_Z_2"; + this->p_x_low_limbs = "P_X_LOW_LIMBS"; + this->p_x_low_limbs_range_constraint_0 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_0"; + this->p_x_low_limbs_range_constraint_1 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_1"; + this->p_x_low_limbs_range_constraint_2 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_2"; + this->p_x_low_limbs_range_constraint_3 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_3"; + this->p_x_low_limbs_range_constraint_4 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_4"; + this->p_x_low_limbs_range_constraint_tail = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->p_x_high_limbs = "P_X_HIGH_LIMBS"; + this->p_x_high_limbs_range_constraint_0 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0"; + this->p_x_high_limbs_range_constraint_1 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1"; + this->p_x_high_limbs_range_constraint_2 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2"; + this->p_x_high_limbs_range_constraint_3 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3"; + this->p_x_high_limbs_range_constraint_4 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4"; + this->p_x_high_limbs_range_constraint_tail = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->p_y_low_limbs = "P_Y_LOW_LIMBS"; + this->p_y_low_limbs_range_constraint_0 = "P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0"; + this->p_y_low_limbs_range_constraint_1 = "P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1"; + this->p_y_low_limbs_range_constraint_2 = "P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2"; + this->p_y_low_limbs_range_constraint_3 = "P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3"; + this->p_y_low_limbs_range_constraint_4 = "P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4"; + this->p_y_low_limbs_range_constraint_tail = "P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->p_y_high_limbs = "P_Y_HIGH_LIMBS"; + this->p_y_high_limbs_range_constraint_0 = "P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0"; + this->p_y_high_limbs_range_constraint_1 = "P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1"; + this->p_y_high_limbs_range_constraint_2 = "P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2"; + this->p_y_high_limbs_range_constraint_3 = "P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3"; + this->p_y_high_limbs_range_constraint_4 = "P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4"; + this->p_y_high_limbs_range_constraint_tail = "P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->z_low_limbs = "Z_LOw_LIMBS"; + this->z_low_limbs_range_constraint_0 = "Z_LOW_LIMBS_RANGE_CONSTRAINT_0"; + this->z_low_limbs_range_constraint_1 = "Z_LOW_LIMBS_RANGE_CONSTRAINT_1"; + this->z_low_limbs_range_constraint_2 = "Z_LOW_LIMBS_RANGE_CONSTRAINT_2"; + this->z_low_limbs_range_constraint_3 = "Z_LOW_LIMBS_RANGE_CONSTRAINT_3"; + this->z_low_limbs_range_constraint_4 = "Z_LOW_LIMBS_RANGE_CONSTRAINT_4"; + this->z_low_limbs_range_constraint_tail = "Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->z_high_limbs = "Z_HIGH_LIMBS"; + this->z_high_limbs_range_constraint_0 = "Z_HIGH_LIMBS_RANGE_CONSTRAINT_0"; + this->z_high_limbs_range_constraint_1 = "Z_HIGH_LIMBS_RANGE_CONSTRAINT_1"; + this->z_high_limbs_range_constraint_2 = "Z_HIGH_LIMBS_RANGE_CONSTRAINT_2"; + this->z_high_limbs_range_constraint_3 = "Z_HIGH_LIMBS_RANGE_CONSTRAINT_3"; + this->z_high_limbs_range_constraint_4 = "Z_HIGH_LIMBS_RANGE_CONSTRAINT_4"; + this->z_high_limbs_range_constraint_tail = "Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->accumulators_binary_limbs_0 = "ACCUMULATORS_BINARY_LIMBS_0"; + this->accumulators_binary_limbs_1 = "ACCUMULATORS_BINARY_LIMBS_1"; + this->accumulators_binary_limbs_2 = "ACCUMULATORS_BINARY_LIMBS_2"; + this->accumulators_binary_limbs_3 = "ACCUMULATORS_BINARY_LIMBS_3"; + this->accumulator_low_limbs_range_constraint_0 = "ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0"; + this->accumulator_low_limbs_range_constraint_1 = "ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1"; + this->accumulator_low_limbs_range_constraint_2 = "ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2"; + this->accumulator_low_limbs_range_constraint_3 = "ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3"; + this->accumulator_low_limbs_range_constraint_4 = "ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4"; + this->accumulator_low_limbs_range_constraint_tail = "ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->accumulator_high_limbs_range_constraint_0 = "ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0"; + this->accumulator_high_limbs_range_constraint_1 = "ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1"; + this->accumulator_high_limbs_range_constraint_2 = "ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2"; + this->accumulator_high_limbs_range_constraint_3 = "ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3"; + this->accumulator_high_limbs_range_constraint_4 = "ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4"; + this->accumulator_high_limbs_range_constraint_tail = "ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->quotient_low_binary_limbs = "QUOTIENT_LOW_BINARY_LIMBS"; + this->quotient_high_binary_limbs = "QUOTIENT_HIGH_BINARY_LIMBS"; + this->quotient_low_limbs_range_constraint_0 = "QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_0"; + this->quotient_low_limbs_range_constraint_1 = "QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_1"; + this->quotient_low_limbs_range_constraint_2 = "QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_2"; + this->quotient_low_limbs_range_constraint_3 = "QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_3"; + this->quotient_low_limbs_range_constraint_4 = "QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_4"; + this->quotient_low_limbs_range_constraint_tail = "QUOTIENT_LOW_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->quotient_high_limbs_range_constraint_0 = "QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_0"; + this->quotient_high_limbs_range_constraint_1 = "QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_1"; + this->quotient_high_limbs_range_constraint_2 = "QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_2"; + this->quotient_high_limbs_range_constraint_3 = "QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_3"; + this->quotient_high_limbs_range_constraint_4 = "QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_4"; + this->quotient_high_limbs_range_constraint_tail = "QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL"; + this->relation_wide_limbs = "RELATION_WIDE_LIMBS"; + this->relation_wide_limbs_range_constraint_0 = "RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0"; + this->relation_wide_limbs_range_constraint_1 = "RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1"; + this->relation_wide_limbs_range_constraint_2 = "RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2"; + this->relation_wide_limbs_range_constraint_3 = "RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2"; + this->concatenated_range_constraints_0 = "CONCATENATED_RANGE_CONSTRAINTS_0"; + this->concatenated_range_constraints_1 = "CONCATENATED_RANGE_CONSTRAINTS_1"; + this->concatenated_range_constraints_2 = "CONCATENATED_RANGE_CONSTRAINTS_2"; + this->concatenated_range_constraints_3 = "CONCATENATED_RANGE_CONSTRAINTS_3"; + this->z_perm = "Z_PERM"; + // "__" are only used for debugging + this->lagrange_first = "__LAGRANGE_FIRST"; + this->lagrange_last = "__LAGRANGE_LAST"; + this->lagrange_odd_in_minicircuit = "__LAGRANGE_ODD_IN_MINICIRCUIT"; + this->lagrange_even_in_minicircuit = "__LAGRANGE_EVEN_IN_MINICIRCUIT"; + this->lagrange_second = "__LAGRANGE_SECOND"; + this->lagrange_second_to_last_in_minicircuit = "__LAGRANGE_SECOND_TO_LAST_IN_MINICIRCUIT"; + this->ordered_extra_range_constraints_numerator = "__ORDERED_EXTRA_RANGE_CONSTRAINTS_NUMERATOR"; + }; + }; + + class VerifierCommitments : public AllEntities { + public: + VerifierCommitments(std::shared_ptr verification_key, VerifierTranscript transcript) + { + static_cast(transcript); + static_cast(verification_key); + this->lagrange_first = verification_key->lagrange_first; + this->lagrange_last = verification_key->lagrange_last; + this->lagrange_odd_in_minicircuit = verification_key->lagrange_odd_in_minicircuit; + this->lagrange_even_in_minicircuit = verification_key->lagrange_even_in_minicircuit; + this->lagrange_second = verification_key->lagrange_second; + this->lagrange_second_to_last_in_minicircuit = verification_key->lagrange_second_to_last_in_minicircuit; + this->ordered_extra_range_constraints_numerator = + verification_key->ordered_extra_range_constraints_numerator; + } + }; +}; + +using GoblinTranslatorBasic = GoblinTranslator_<2048>; +} // namespace proof_system::honk::flavor diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp index 9a83cf6b469a..ca40775d2b01 100644 --- a/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/proof_system/permutation_library.hpp @@ -166,4 +166,239 @@ void compute_permutation_grand_products(std::shared_ptr void compute_concatenated_polynomials(StorageHandle* proving_key) +{ + using PolynomialHandle = typename Flavor::PolynomialHandle; + // Concatenation groups are vectors of polynomials that are concatenated together + std::vector> concatenation_groups = proving_key->get_concatenation_groups(); + + // Resulting concatenated polynomials + std::vector targets = proving_key->get_concatenated_constraints(); + + // A function that produces 1 concatenated polynomial + // TODO(#756): This can be rewritten to use more cores. Currently uses at maximum the number of concatenated + // polynomials (4 in Goblin Translator) + auto ordering_function = [&](size_t i) { + auto my_group = concatenation_groups[i]; + auto& current_target = targets[i]; + + // For each polynomial in group + for (size_t j = 0; j < my_group.size(); j++) { + auto starting_write_offset = current_target.begin(); + auto finishing_read_offset = my_group[j].begin(); + std::advance(starting_write_offset, j * Flavor::MINI_CIRCUIT_SIZE); + std::advance(finishing_read_offset, Flavor::MINI_CIRCUIT_SIZE); + // Copy into appropriate position in the concatenated polynomial + std::copy(my_group[j].begin(), finishing_read_offset, starting_write_offset); + } + }; + parallel_for(concatenation_groups.size(), ordering_function); +} + +/** + * @brief Compute denominator polynomials for Goblin Translator's range constraint permutation + * + * @details We need to prove that all the range constraint wires indeed have values within the given range (unless + * changed ∈ [0 , 2¹⁴ - 1]. To do this, we use several virtual concatenated wires, each of which represents a subset + * or original wires (concatenated_range_constraints_). We also generate several new polynomials of the same length + * as concatenated ones. These polynomials have values within range, but they are also constrained by the + * GoblinTranslator's GenPermSort relation, which ensures that sequential values differ by not more than 3, the last + * value is the maximum and the first value is zero (zero at the start allows us not to dance around shifts). + * + * Ideally, we could simply rearrange the values in concatenated_.._0 ,..., concatenated_.._3 and get denominator + * polynomials (ordered_constraints), but we could get the worst case scenario: each value in the polynomials is + * maximum value. What can we do in that case? We still have to add (max_range/3)+1 values to each of the ordered + * wires for the sort constraint to hold. So we also need a and extra denominator to store k ⋅ ( max_range / 3 + 1 ) + * values that couldn't go in + ( max_range / 3 + 1 ) connecting values. To counteract the extra ( k + 1 ) ⋅ + * ⋅ (max_range / 3 + 1 ) values needed for denominator sort constraints we need a polynomial in the numerator. So we + * can construct a proof when ( k + 1 ) ⋅ ( max_range/ 3 + 1 ) < concatenated size + * + * @tparam Flavor + * @tparam StorageHandle + * @param proving_key + */ +template +void compute_goblin_translator_range_constraint_ordered_polynomials(StorageHandle* proving_key) +{ + + using FF = typename Flavor::FF; + + // Get constants + constexpr auto sort_step = Flavor::SORT_STEP; + constexpr auto num_concatenated_wires = Flavor::NUM_CONCATENATED_WIRES; + constexpr auto full_circuit_size = Flavor::FULL_CIRCUIT_SIZE; + constexpr auto mini_circuit_size = Flavor::MINI_CIRCUIT_SIZE; + + // The value we have to end polynomials with + constexpr uint32_t max_value = (1 << Flavor::MICRO_LIMB_BITS) - 1; + + // Number of elements needed to go from 0 to MAX_VALUE with our step + constexpr size_t sorted_elements_count = (max_value / sort_step) + 1 + (max_value % sort_step == 0 ? 0 : 1); + + // Check if we can construct these polynomials + static_assert((num_concatenated_wires + 1) * sorted_elements_count < full_circuit_size); + + // First use integers (easier to sort) + std::vector sorted_elements(sorted_elements_count); + + // Fill with necessary steps + sorted_elements[0] = max_value; + for (size_t i = 1; i < sorted_elements_count; i++) { + sorted_elements[i] = (sorted_elements_count - 1 - i) * sort_step; + } + + std::vector> ordered_vectors_uint(num_concatenated_wires); + auto ordered_constraint_polynomials = std::vector{ &proving_key->ordered_range_constraints_0, + &proving_key->ordered_range_constraints_1, + &proving_key->ordered_range_constraints_2, + &proving_key->ordered_range_constraints_3 }; + std::vector extra_denominator_uint(full_circuit_size); + + // Get information which polynomials need to be concatenated + auto concatenation_groups = proving_key->get_concatenation_groups(); + + // A function that transfers elements from each of the polynomials in the chosen concatenation group in the uint + // ordered polynomials + auto ordering_function = [&](size_t i) { + // Get the group and the main target vector + auto my_group = concatenation_groups[i]; + auto& current_vector = ordered_vectors_uint[i]; + current_vector.resize(Flavor::FULL_CIRCUIT_SIZE); + + // Calculate how much space there is for values from the original polynomials + auto free_space_before_runway = full_circuit_size - sorted_elements_count; + + // Calculate the offset of this group's overflowing elements in the extra denominator polynomial + size_t extra_denominator_offset = i * sorted_elements_count; + + // Go through each polynomial in the concatenation group + for (size_t j = 0; j < Flavor::CONCATENATION_INDEX; j++) { + + // Calculate the offset in the target vector + auto current_offset = j * mini_circuit_size; + // For each element in the polynomial + for (size_t k = 0; k < mini_circuit_size; k++) { + + // Put it it the target polynomial + if ((current_offset + k) < free_space_before_runway) { + current_vector[current_offset + k] = static_cast(uint256_t(my_group[j][k]).data[0]); + + // Or in the extra one if there is no space left + } else { + extra_denominator_uint[extra_denominator_offset] = + static_cast(uint256_t(my_group[j][k]).data[0]); + extra_denominator_offset++; + } + } + } + // Copy the steps into the target polynomial + auto starting_write_offset = current_vector.begin(); + std::advance(starting_write_offset, free_space_before_runway); + std::copy(sorted_elements.cbegin(), sorted_elements.cend(), starting_write_offset); + + // Sort the polynomial in nondescending order. We sort using vector with size_t elements for 2 reasons: + // 1. It is faster to sort size_t + // 2. Comparison operators for finite fields are operating on internal form, so we'd have to convert them from + // Montgomery + std::sort(current_vector.begin(), current_vector.end()); + + // Copy the values into the actual polynomial + std::transform(current_vector.cbegin(), + current_vector.cend(), + (*ordered_constraint_polynomials[i]).begin(), + [](uint32_t in) { return FF(in); }); + }; + + // Construct the first 4 polynomials + parallel_for(num_concatenated_wires, ordering_function); + ordered_vectors_uint.clear(); + + auto sorted_element_insertion_offset = extra_denominator_uint.begin(); + std::advance(sorted_element_insertion_offset, num_concatenated_wires * sorted_elements_count); + + // Add steps to the extra denominator polynomial + std::copy(sorted_elements.cbegin(), sorted_elements.cend(), sorted_element_insertion_offset); + + // Sort it +#ifdef NO_TBB + std::sort(extra_denominator_uint.begin(), extra_denominator_uint.end()); +#else + std::sort(std::execution::par_unseq, extra_denominator_uint.begin(), extra_denominator.end()); +#endif + + // And copy it to the actual polynomial + std::transform(extra_denominator_uint.cbegin(), + extra_denominator_uint.cend(), + proving_key->ordered_range_constraints_4.begin(), + [](uint32_t in) { return FF(in); }); +} + +/** + * @brief Compute the extra numerator for Goblin range constraint argument + * + * @details Goblin proves that several polynomials contain only values in a certain range through 2 relations: + * 1) A grand product which ignores positions of elements (GoblinTranslatorPermutationRelation) + * 2) A relation enforcing a certain ordering on the elements of the given polynomial + * (GoblinTranslatorGenPermSortRelation) + * + * We take the values from 4 polynomials, and spread them into 5 polynomials + add all the steps from MAX_VALUE to 0. We + * order these polynomials and use them in the denominator of the grand product, at the same time checking that they go + * from MAX_VALUE to 0. To counteract the added steps we also generate an extra range constraint numerator, which + * contains 5 MAX_VALUE, 5 (MAX_VALUE-STEP),... values + * + * @param key Proving key where we will save the polynomials + */ +template inline void compute_extra_range_constraint_numerator(auto proving_key) +{ + + // Get the full goblin circuits size (this is the length of concatenated range constraint polynomials) + auto full_circuit_size = Flavor::FULL_CIRCUIT_SIZE; + auto sort_step = Flavor::SORT_STEP; + auto num_concatenated_wires = Flavor::NUM_CONCATENATED_WIRES; + + auto& extra_range_constraint_numerator = proving_key->ordered_extra_range_constraints_numerator; + + uint32_t MAX_VALUE = (1 << Flavor::MICRO_LIMB_BITS) - 1; + + // Calculate how many elements there are in the sequence MAX_VALUE, MAX_VALUE - 3,...,0 + size_t sorted_elements_count = (MAX_VALUE / sort_step) + 1 + (MAX_VALUE % sort_step == 0 ? 0 : 1); + + // Check that we can fit every element in the polynomial + ASSERT((num_concatenated_wires + 1) * sorted_elements_count < full_circuit_size); + + std::vector sorted_elements(sorted_elements_count); + + // Calculate the sequence in integers + sorted_elements[0] = MAX_VALUE; + for (size_t i = 1; i < sorted_elements_count; i++) { + sorted_elements[i] = (sorted_elements_count - 1 - i) * sort_step; + } + + // TODO(#756): can be parallelized further. This will use at most 5 threads + auto fill_with_shift = [&](size_t shift) { + for (size_t i = 0; i < sorted_elements_count; i++) { + extra_range_constraint_numerator[shift + i * (num_concatenated_wires + 1)] = sorted_elements[i]; + } + }; + // Fill polynomials with a sequence, where each element is repeated num_concatenated_wires+1 times + parallel_for(num_concatenated_wires + 1, fill_with_shift); +} + } // namespace proof_system::honk::permutation_library \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/honk/sumcheck/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/honk/sumcheck/relation_correctness.test.cpp index 6733d3a6b113..e19db649b948 100644 --- a/barretenberg/cpp/src/barretenberg/honk/sumcheck/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/honk/sumcheck/relation_correctness.test.cpp @@ -1,5 +1,7 @@ #include "barretenberg/honk/composer/ultra_composer.hpp" +#include "barretenberg/honk/flavor/goblin_translator.hpp" #include "barretenberg/honk/proof_system/grand_product_library.hpp" +#include "barretenberg/honk/proof_system/permutation_library.hpp" #include "barretenberg/proof_system/relations/auxiliary_relation.hpp" #include "barretenberg/proof_system/relations/ecc_op_queue_relation.hpp" #include "barretenberg/proof_system/relations/elliptic_relation.hpp" @@ -323,4 +325,129 @@ TEST_F(RelationCorrectnessTests, GoblinUltraRelationCorrectness) check_relation>(circuit_size, prover_polynomials, params); } +/** + * @brief Test the correctness of GolbinTranslator's Permutation Relation + * + */ +TEST_F(RelationCorrectnessTests, GoblinTranslatorPermutationRelationCorrectness) +{ + using Flavor = flavor::GoblinTranslatorBasic; + using FF = typename Flavor::FF; + using ProverPolynomials = typename Flavor::ProverPolynomials; + using Polynomial = barretenberg::Polynomial; + using namespace proof_system::honk::permutation_library; + auto& engine = numeric::random::get_debug_engine(); + auto circuit_size = Flavor::MINI_CIRCUIT_SIZE * Flavor::CONCATENATION_INDEX; + + // We only need gamma, because permutationr elation only uses gamma + FF gamma = FF::random_element(); + + // Fill relation parameters + proof_system::RelationParameters params; + params.gamma = gamma; + + // Create storage for polynomials + ProverPolynomials prover_polynomials; + std::vector polynomial_container; + for (size_t i = 0; i < prover_polynomials.size(); i++) { + Polynomial temporary_polynomial(circuit_size); + polynomial_container.push_back(temporary_polynomial); + prover_polynomials[i] = polynomial_container[i]; + } + + // Fill in lagrange polynomials used in the permutation relation + prover_polynomials.lagrange_first[0] = 1; + prover_polynomials.lagrange_last[circuit_size - 1] = 1; + + // Put random values in all the non-concatenated constraint polynomials used to range constrain the values + auto fill_polynomial_with_random_14_bit_values = [&](auto& polynomial) { + for (size_t i = 0; i < Flavor::MINI_CIRCUIT_SIZE; i++) { + polynomial[i] = engine.get_random_uint16() & ((1 << Flavor::MICRO_LIMB_BITS) - 1); + } + }; + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_low_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_low_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_low_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_low_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_low_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_low_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_high_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_high_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_high_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_high_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_high_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_x_high_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_low_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_low_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_low_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_low_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_low_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_low_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_high_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_high_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_high_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_high_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_high_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.p_y_high_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_low_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_low_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_low_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_low_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_low_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_low_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_high_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_high_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_high_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_high_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_high_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.z_high_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_low_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_low_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_low_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_low_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_low_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_low_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_high_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_high_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_high_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_high_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_high_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.accumulator_high_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_low_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_low_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_low_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_low_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_low_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_low_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_high_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_high_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_high_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_high_limbs_range_constraint_3); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_high_limbs_range_constraint_4); + fill_polynomial_with_random_14_bit_values(prover_polynomials.quotient_high_limbs_range_constraint_tail); + fill_polynomial_with_random_14_bit_values(prover_polynomials.relation_wide_limbs_range_constraint_0); + fill_polynomial_with_random_14_bit_values(prover_polynomials.relation_wide_limbs_range_constraint_1); + fill_polynomial_with_random_14_bit_values(prover_polynomials.relation_wide_limbs_range_constraint_2); + fill_polynomial_with_random_14_bit_values(prover_polynomials.relation_wide_limbs_range_constraint_3); + + // Compute ordered range constraint polynomials that go in the denominator of the grand product polynomial + compute_goblin_translator_range_constraint_ordered_polynomials(&prover_polynomials); + + // Compute the fixed numerator (part of verification key) + compute_extra_range_constraint_numerator(&prover_polynomials); + + // Compute concatenated polynomials (4 polynomials produced from other constraint polynomials by concatenation) + compute_concatenated_polynomials(&prover_polynomials); + + // Compute the grand product polynomial + grand_product_library::compute_grand_product>( + circuit_size, prover_polynomials, params); + prover_polynomials.z_perm_shift = polynomial_container[Flavor::ALL_ENTITIES_IDS::Z_PERM].shifted(); + + using Relations = typename Flavor::Relations; + + // Check that permutation relation is satisfied across each row of the prover polynomials + check_relation>(circuit_size, prover_polynomials, params); +} + } // namespace test_honk_relations diff --git a/barretenberg/cpp/src/barretenberg/proof_system/relations/decomposition_relation.hpp b/barretenberg/cpp/src/barretenberg/proof_system/relations/decomposition_relation.hpp index d295dd0a46db..f26b3075566d 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/relations/decomposition_relation.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/relations/decomposition_relation.hpp @@ -10,7 +10,8 @@ template class GoblinTranslatorDecompositionRelationImpl { using FF = FF_; // 1 + polynomial degree of this relation - static constexpr size_t RELATION_LENGTH = 3; // degree(lagrange_odd(a - a_0 - a_1*2¹⁴ ... - a_l⋅2¹⁴ˡ )) = 2 + static constexpr size_t RELATION_LENGTH = + 3; // degree(lagrange_odd_in_minicircuit_in_minicircuit(a - a_0 - a_1*2¹⁴ ... - a_l⋅2¹⁴ˡ )) = 2 static constexpr std::array SUBRELATION_LENGTHS{ 3, // decomposition of P.x limb 0 into microlimbs subrelation 3, // decomposition of P.x limb 1 into microlimbs subrelation @@ -66,13 +67,14 @@ template class GoblinTranslatorDecompositionRelationImpl { * @brief Expression for decomposition of various values into smaller limbs or microlimbs. * @details This relation enforces three types of subrelations: * 1) A subrelation decomposing a value from the transcript (for example, z1) into 68-bit limbs. These relations - * will have the structure `lagrange_odd⋅(a - a_low - a_high⋅2⁶⁸)` + * will have the structure `lagrange_odd_in_minicircuit⋅(a - a_low - a_high⋅2⁶⁸)` * 2) A subrelation decomposing a value of one of the limbs used in bigfield computation (for example, the lower - * wide relation limb) into 14-bit limbs. These relations will have the structure `lagrange_odd⋅(a - a_0 - a_1⋅2¹⁴ - + * wide relation limb) into 14-bit limbs. These relations will have the structure `lagrange_odd_in_minicircuit⋅(a - + * a_0 - a_1⋅2¹⁴ - * ....)` 3) A subrelation making a microlimb range constraint more constraining. For example, we want to constrain - * some values to 12 bits instead of 14. So we add a constraint `lagrange_odd⋅(a_highest⋅4 - a_tail)`. In a separate - * relation both a_highest and a_tail are constrained to be 14 bits, but this relation changes the constraint on - * a_highest to be 12 bits. + * some values to 12 bits instead of 14. So we add a constraint `lagrange_odd_in_minicircuit⋅(a_highest⋅4 - + * a_tail)`. In a separate relation both a_highest and a_tail are constrained to be 14 bits, but this relation + * changes the constraint on a_highest to be 12 bits. * * @param evals transformed to `evals + C(in(X)...)*scaling_factor` * @param in an std::array containing the fully extended Univariate edges. @@ -270,7 +272,7 @@ template class GoblinTranslatorDecompositionRelationImpl { auto x_lo_y_hi_shift = View(in.x_lo_y_hi_shift); auto x_hi_z_1_shift = View(in.x_hi_z_1_shift); auto y_lo_z_2_shift = View(in.y_lo_z_2_shift); - auto lagrange_odd = View(in.lagrange_odd); + auto lagrange_odd_in_minicircuit = View(in.lagrange_odd_in_minicircuit); // Contributions that decompose 50, 52, 68 or 84 bit limbs used for computation into range-constrained chunks // Contribution 1 , P_x lowest limb decomposition @@ -279,7 +281,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_x_low_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + p_x_low_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - p_x_low_limbs); - tmp_1 *= lagrange_odd; + tmp_1 *= lagrange_odd_in_minicircuit; tmp_1 *= scaling_factor; std::get<0>(accumulators) += tmp_1; @@ -290,7 +292,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_x_low_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3 + p_x_low_limbs_range_constraint_4_shift * MICRO_LIMB_SHIFTx4) - p_x_low_limbs_shift); - tmp_2 *= lagrange_odd; + tmp_2 *= lagrange_odd_in_minicircuit; tmp_2 *= scaling_factor; std::get<1>(accumulators) += tmp_2; @@ -300,7 +302,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_x_high_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + p_x_high_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - p_x_high_limbs); - tmp_3 *= lagrange_odd; + tmp_3 *= lagrange_odd_in_minicircuit; tmp_3 *= scaling_factor; std::get<2>(accumulators) += tmp_3; @@ -310,7 +312,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_x_high_limbs_range_constraint_2_shift * MICRO_LIMB_SHIFTx2 + p_x_high_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3) - p_x_high_limbs_shift); - tmp_4 *= lagrange_odd; + tmp_4 *= lagrange_odd_in_minicircuit; tmp_4 *= scaling_factor; std::get<3>(accumulators) += tmp_4; @@ -320,7 +322,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_y_low_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + p_y_low_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - p_y_low_limbs); - tmp_5 *= lagrange_odd; + tmp_5 *= lagrange_odd_in_minicircuit; tmp_5 *= scaling_factor; std::get<4>(accumulators) += tmp_5; @@ -331,7 +333,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_y_low_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3 + p_y_low_limbs_range_constraint_4_shift * MICRO_LIMB_SHIFTx4) - p_y_low_limbs_shift); - tmp_6 *= lagrange_odd; + tmp_6 *= lagrange_odd_in_minicircuit; tmp_6 *= scaling_factor; std::get<5>(accumulators) += tmp_6; @@ -341,7 +343,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_y_high_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + p_y_high_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - p_y_high_limbs); - tmp_7 *= lagrange_odd; + tmp_7 *= lagrange_odd_in_minicircuit; tmp_7 *= scaling_factor; std::get<6>(accumulators) += tmp_7; @@ -351,7 +353,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_y_high_limbs_range_constraint_2_shift * MICRO_LIMB_SHIFTx2 + p_y_high_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3) - p_y_high_limbs_shift); - tmp_8 *= lagrange_odd; + tmp_8 *= lagrange_odd_in_minicircuit; tmp_8 *= scaling_factor; std::get<7>(accumulators) += tmp_8; @@ -361,7 +363,7 @@ template class GoblinTranslatorDecompositionRelationImpl { z_low_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + z_low_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - z_low_limbs); - tmp_9 *= lagrange_odd; + tmp_9 *= lagrange_odd_in_minicircuit; tmp_9 *= scaling_factor; std::get<8>(accumulators) += tmp_9; @@ -371,7 +373,7 @@ template class GoblinTranslatorDecompositionRelationImpl { z_low_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3 + z_low_limbs_range_constraint_4_shift * MICRO_LIMB_SHIFTx4) - z_low_limbs_shift); - tmp_10 *= lagrange_odd; + tmp_10 *= lagrange_odd_in_minicircuit; tmp_10 *= scaling_factor; std::get<9>(accumulators) += tmp_10; @@ -381,7 +383,7 @@ template class GoblinTranslatorDecompositionRelationImpl { z_high_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + z_high_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - z_high_limbs); - tmp_11 *= lagrange_odd; + tmp_11 *= lagrange_odd_in_minicircuit; tmp_11 *= scaling_factor; std::get<10>(accumulators) += tmp_11; @@ -392,7 +394,7 @@ template class GoblinTranslatorDecompositionRelationImpl { z_high_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3 + z_high_limbs_range_constraint_4_shift * MICRO_LIMB_SHIFTx4) - z_high_limbs_shift); - tmp_12 *= lagrange_odd; + tmp_12 *= lagrange_odd_in_minicircuit; tmp_12 *= scaling_factor; std::get<11>(accumulators) += tmp_12; @@ -403,7 +405,7 @@ template class GoblinTranslatorDecompositionRelationImpl { accumulator_low_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + accumulator_low_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - accumulators_binary_limbs_0); - tmp_13 *= lagrange_odd; + tmp_13 *= lagrange_odd_in_minicircuit; tmp_13 *= scaling_factor; std::get<12>(accumulators) += tmp_13; // Contribution 14 , accumulator second limb decomposition @@ -413,7 +415,7 @@ template class GoblinTranslatorDecompositionRelationImpl { accumulator_low_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3 + accumulator_low_limbs_range_constraint_4_shift * MICRO_LIMB_SHIFTx4) - accumulators_binary_limbs_1); - tmp_14 *= lagrange_odd; + tmp_14 *= lagrange_odd_in_minicircuit; tmp_14 *= scaling_factor; std::get<13>(accumulators) += tmp_14; @@ -424,7 +426,7 @@ template class GoblinTranslatorDecompositionRelationImpl { accumulator_high_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + accumulator_high_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - accumulators_binary_limbs_2); - tmp_15 *= lagrange_odd; + tmp_15 *= lagrange_odd_in_minicircuit; tmp_15 *= scaling_factor; std::get<14>(accumulators) += tmp_15; // Contribution 16 , accumulator highest limb decomposition @@ -433,7 +435,7 @@ template class GoblinTranslatorDecompositionRelationImpl { accumulator_high_limbs_range_constraint_2_shift * MICRO_LIMB_SHIFTx2 + accumulator_high_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3) - accumulators_binary_limbs_3); - tmp_16 *= lagrange_odd; + tmp_16 *= lagrange_odd_in_minicircuit; tmp_16 *= scaling_factor; std::get<15>(accumulators) += tmp_16; @@ -444,7 +446,7 @@ template class GoblinTranslatorDecompositionRelationImpl { quotient_low_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + quotient_low_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - quotient_low_binary_limbs); - tmp_17 *= lagrange_odd; + tmp_17 *= lagrange_odd_in_minicircuit; tmp_17 *= scaling_factor; std::get<16>(accumulators) += tmp_17; // Contribution 16 , quotient second lowest limb decomposition @@ -454,7 +456,7 @@ template class GoblinTranslatorDecompositionRelationImpl { quotient_low_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3 + quotient_low_limbs_range_constraint_4_shift * MICRO_LIMB_SHIFTx4) - quotient_low_binary_limbs_shift); - tmp_18 *= lagrange_odd; + tmp_18 *= lagrange_odd_in_minicircuit; tmp_18 *= scaling_factor; std::get<17>(accumulators) += tmp_18; @@ -465,7 +467,7 @@ template class GoblinTranslatorDecompositionRelationImpl { quotient_high_limbs_range_constraint_3 * MICRO_LIMB_SHIFTx3 + quotient_high_limbs_range_constraint_4 * MICRO_LIMB_SHIFTx4) - quotient_high_binary_limbs); - tmp_19 *= lagrange_odd; + tmp_19 *= lagrange_odd_in_minicircuit; tmp_19 *= scaling_factor; std::get<18>(accumulators) += tmp_19; // Contribution 20 , quotient highest limb decomposition @@ -474,7 +476,7 @@ template class GoblinTranslatorDecompositionRelationImpl { quotient_high_limbs_range_constraint_2_shift * MICRO_LIMB_SHIFTx2 + quotient_high_limbs_range_constraint_3_shift * MICRO_LIMB_SHIFTx3) - quotient_high_binary_limbs_shift); - tmp_20 *= lagrange_odd; + tmp_20 *= lagrange_odd_in_minicircuit; tmp_20 *= scaling_factor; std::get<19>(accumulators) += tmp_20; @@ -489,7 +491,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_x_high_limbs_range_constraint_tail_shift * MICRO_LIMB_SHIFTx4 + accumulator_high_limbs_range_constraint_tail_shift * MICRO_LIMB_SHIFTx5) - relation_wide_limbs); - tmp_21 *= lagrange_odd; + tmp_21 *= lagrange_odd_in_minicircuit; tmp_21 *= scaling_factor; std::get<20>(accumulators) += tmp_21; @@ -501,7 +503,7 @@ template class GoblinTranslatorDecompositionRelationImpl { p_y_high_limbs_range_constraint_tail_shift * MICRO_LIMB_SHIFTx4 + quotient_high_limbs_range_constraint_tail_shift * MICRO_LIMB_SHIFTx5) - relation_wide_limbs_shift); - tmp_22 *= lagrange_odd; + tmp_22 *= lagrange_odd_in_minicircuit; tmp_22 *= scaling_factor; std::get<21>(accumulators) += tmp_22; @@ -510,20 +512,20 @@ template class GoblinTranslatorDecompositionRelationImpl { // Contribution 23, range constrain the highest microlimb of lowest P.x limb to be 12 bits (68 % 14 = 12) auto tmp_23 = p_x_low_limbs_range_constraint_4 * SHIFT_12_TO_14 - p_x_low_limbs_range_constraint_tail; - tmp_23 *= lagrange_odd; + tmp_23 *= lagrange_odd_in_minicircuit; tmp_23 *= scaling_factor; std::get<22>(accumulators) += tmp_23; // Contribution 24, range constrain the highest microlimb of second lowest P.x limb to be 12 bits auto tmp_24 = p_x_low_limbs_range_constraint_4_shift * SHIFT_12_TO_14 - p_x_low_limbs_range_constraint_tail_shift; - tmp_24 *= lagrange_odd; + tmp_24 *= lagrange_odd_in_minicircuit; tmp_24 *= scaling_factor; std::get<23>(accumulators) += tmp_24; // Contribution 25, range constrain the highest microlimb of second highest P.x limb to be 12 bits auto tmp_25 = p_x_high_limbs_range_constraint_4 * SHIFT_12_TO_14 - p_x_high_limbs_range_constraint_tail; - tmp_25 *= lagrange_odd; + tmp_25 *= lagrange_odd_in_minicircuit; tmp_25 *= scaling_factor; std::get<24>(accumulators) += tmp_25; @@ -531,27 +533,27 @@ template class GoblinTranslatorDecompositionRelationImpl { auto tmp_26 = (p_x_high_limbs_range_constraint_3_shift * SHIFT_8_TO_14 - p_x_high_limbs_range_constraint_4_shift); - tmp_26 *= lagrange_odd; + tmp_26 *= lagrange_odd_in_minicircuit; tmp_26 *= scaling_factor; std::get<25>(accumulators) += tmp_26; // Contribution 27, range constrain the highest microlimb of lowest P.y limb to be 12 bits (68 % 14 = 12) auto tmp_27 = p_y_low_limbs_range_constraint_4 * SHIFT_12_TO_14 - p_y_low_limbs_range_constraint_tail; - tmp_27 *= lagrange_odd; + tmp_27 *= lagrange_odd_in_minicircuit; tmp_27 *= scaling_factor; std::get<26>(accumulators) += tmp_27; // Contribution 28, range constrain the highest microlimb of second lowest P.y limb to be 12 bits (68 % 14 = 12) auto tmp_28 = p_y_low_limbs_range_constraint_4_shift * SHIFT_12_TO_14 - p_y_low_limbs_range_constraint_tail_shift; - tmp_28 *= lagrange_odd; + tmp_28 *= lagrange_odd_in_minicircuit; tmp_28 *= scaling_factor; std::get<27>(accumulators) += tmp_28; // Contribution 29, range constrain the highest microlimb of second highest P.y limb to be 12 bits (68 % 14 = // 12) auto tmp_29 = p_y_high_limbs_range_constraint_4 * SHIFT_12_TO_14 - p_y_high_limbs_range_constraint_tail; - tmp_29 *= lagrange_odd; + tmp_29 *= lagrange_odd_in_minicircuit; tmp_29 *= scaling_factor; std::get<28>(accumulators) += tmp_29; @@ -559,32 +561,32 @@ template class GoblinTranslatorDecompositionRelationImpl { auto tmp_30 = (p_y_high_limbs_range_constraint_3_shift * SHIFT_8_TO_14 - p_y_high_limbs_range_constraint_4_shift); - tmp_30 *= lagrange_odd; + tmp_30 *= lagrange_odd_in_minicircuit; tmp_30 *= scaling_factor; std::get<29>(accumulators) += tmp_30; // Contribution 31, range constrain the highest microlimb of low z1 limb to be 12 bits (68 % 14 = 12) auto tmp_31 = (z_low_limbs_range_constraint_4 * SHIFT_12_TO_14 - z_low_limbs_range_constraint_tail); - tmp_31 *= lagrange_odd; + tmp_31 *= lagrange_odd_in_minicircuit; tmp_31 *= scaling_factor; std::get<30>(accumulators) += tmp_31; // Contribution 32, range constrain the highest microlimb of low z2 limb to be 12 bits (68 % 14 = 12) auto tmp_32 = (z_low_limbs_range_constraint_4_shift * SHIFT_12_TO_14 - z_low_limbs_range_constraint_tail_shift); - tmp_32 *= lagrange_odd; + tmp_32 *= lagrange_odd_in_minicircuit; tmp_32 *= scaling_factor; std::get<31>(accumulators) += tmp_32; // Contribution 33, range constrain the highest microlimb of high z1 limb to be 4 bits (60 % 14 = 12) auto tmp_33 = (z_high_limbs_range_constraint_4 * SHIFT_4_TO_14 - z_high_limbs_range_constraint_tail); - tmp_33 *= lagrange_odd; + tmp_33 *= lagrange_odd_in_minicircuit; tmp_33 *= scaling_factor; std::get<32>(accumulators) += tmp_33; // Contribution 34, range constrain the highest microlimb of high z2 limb to be 4 bits (60 % 14 = 12) auto tmp_34 = (z_high_limbs_range_constraint_4_shift * SHIFT_4_TO_14 - z_high_limbs_range_constraint_tail_shift); - tmp_34 *= lagrange_odd; + tmp_34 *= lagrange_odd_in_minicircuit; tmp_34 *= scaling_factor; std::get<33>(accumulators) += tmp_34; @@ -592,7 +594,7 @@ template class GoblinTranslatorDecompositionRelationImpl { // 14 = 12) auto tmp_35 = (accumulator_low_limbs_range_constraint_4 * SHIFT_12_TO_14 - accumulator_low_limbs_range_constraint_tail); - tmp_35 *= lagrange_odd; + tmp_35 *= lagrange_odd_in_minicircuit; tmp_35 *= scaling_factor; std::get<34>(accumulators) += tmp_35; @@ -600,7 +602,7 @@ template class GoblinTranslatorDecompositionRelationImpl { // bits (68 % 14 = 12) auto tmp_36 = (accumulator_low_limbs_range_constraint_4_shift * SHIFT_12_TO_14 - accumulator_low_limbs_range_constraint_tail_shift); - tmp_36 *= lagrange_odd; + tmp_36 *= lagrange_odd_in_minicircuit; tmp_36 *= scaling_factor; std::get<35>(accumulators) += tmp_36; @@ -608,7 +610,7 @@ template class GoblinTranslatorDecompositionRelationImpl { // bits (68 % 14 = 12) auto tmp_37 = (accumulator_high_limbs_range_constraint_4 * SHIFT_12_TO_14 - accumulator_high_limbs_range_constraint_tail); - tmp_37 *= lagrange_odd; + tmp_37 *= lagrange_odd_in_minicircuit; tmp_37 *= scaling_factor; std::get<36>(accumulators) += tmp_37; @@ -616,14 +618,14 @@ template class GoblinTranslatorDecompositionRelationImpl { // 14 = 12) auto tmp_38 = (accumulator_high_limbs_range_constraint_3_shift * SHIFT_8_TO_14 - accumulator_high_limbs_range_constraint_4_shift); - tmp_38 *= lagrange_odd; + tmp_38 *= lagrange_odd_in_minicircuit; tmp_38 *= scaling_factor; std::get<37>(accumulators) += tmp_38; // Contribution 39, range constrain the highest microlimb of lowest quotient limb to be 12 bits (68 % 14 = 12) auto tmp_39 = (quotient_low_limbs_range_constraint_4 * SHIFT_12_TO_14 - quotient_low_limbs_range_constraint_tail); - tmp_39 *= lagrange_odd; + tmp_39 *= lagrange_odd_in_minicircuit; tmp_39 *= scaling_factor; std::get<38>(accumulators) += tmp_39; @@ -631,7 +633,7 @@ template class GoblinTranslatorDecompositionRelationImpl { // = 12) auto tmp_40 = (quotient_low_limbs_range_constraint_4_shift * SHIFT_12_TO_14 - quotient_low_limbs_range_constraint_tail_shift); - tmp_40 *= lagrange_odd; + tmp_40 *= lagrange_odd_in_minicircuit; tmp_40 *= scaling_factor; std::get<39>(accumulators) += tmp_40; @@ -639,14 +641,14 @@ template class GoblinTranslatorDecompositionRelationImpl { // = 12) auto tmp_41 = (quotient_high_limbs_range_constraint_4 * SHIFT_12_TO_14 - quotient_high_limbs_range_constraint_tail); - tmp_41 *= lagrange_odd; + tmp_41 *= lagrange_odd_in_minicircuit; tmp_41 *= scaling_factor; std::get<40>(accumulators) += tmp_41; // Contribution 42, range constrain the highest microlimb of highest quotient limb to be 10 bits (52 % 14 = 12) auto tmp_42 = (quotient_high_limbs_range_constraint_3_shift * SHIFT_10_TO_14 - quotient_high_limbs_range_constraint_4_shift); - tmp_42 *= lagrange_odd; + tmp_42 *= lagrange_odd_in_minicircuit; tmp_42 *= scaling_factor; std::get<41>(accumulators) += tmp_42; @@ -654,36 +656,36 @@ template class GoblinTranslatorDecompositionRelationImpl { // Contribution 43, decompose x_lo auto tmp_43 = (p_x_low_limbs + p_x_low_limbs_shift * LIMB_SHIFT) - x_lo_y_hi; - tmp_43 *= lagrange_odd; + tmp_43 *= lagrange_odd_in_minicircuit; tmp_43 *= scaling_factor; std::get<42>(accumulators) += tmp_43; // Contribution 44, decompose x_hi auto tmp_44 = (p_x_high_limbs + p_x_high_limbs_shift * LIMB_SHIFT) - x_hi_z_1; - tmp_44 *= lagrange_odd; + tmp_44 *= lagrange_odd_in_minicircuit; tmp_44 *= scaling_factor; std::get<43>(accumulators) += tmp_44; // Contribution 45, decompose y_lo auto tmp_45 = (p_y_low_limbs + p_y_low_limbs_shift * LIMB_SHIFT) - y_lo_z_2; - tmp_45 *= lagrange_odd; + tmp_45 *= lagrange_odd_in_minicircuit; tmp_45 *= scaling_factor; std::get<44>(accumulators) += tmp_45; // Contribution 46, decompose y_hi auto tmp_46 = (p_y_high_limbs + p_y_high_limbs_shift * LIMB_SHIFT) - x_lo_y_hi_shift; - tmp_46 *= lagrange_odd; + tmp_46 *= lagrange_odd_in_minicircuit; tmp_46 *= scaling_factor; std::get<45>(accumulators) += tmp_46; // Contribution 47, decompose z1 auto tmp_47 = (z_low_limbs + z_high_limbs * LIMB_SHIFT) - x_hi_z_1_shift; - tmp_47 *= lagrange_odd; + tmp_47 *= lagrange_odd_in_minicircuit; tmp_47 *= scaling_factor; std::get<46>(accumulators) += tmp_47; // Contribution 48, decompose z2 auto tmp_48 = (z_low_limbs_shift + z_high_limbs_shift * LIMB_SHIFT) - y_lo_z_2_shift; - tmp_48 *= lagrange_odd; + tmp_48 *= lagrange_odd_in_minicircuit; tmp_48 *= scaling_factor; std::get<47>(accumulators) += tmp_48; }; diff --git a/barretenberg/cpp/src/barretenberg/proof_system/relations/extra_relations.hpp b/barretenberg/cpp/src/barretenberg/proof_system/relations/extra_relations.hpp index edd78f453776..bb03ae5913b2 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/relations/extra_relations.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/relations/extra_relations.hpp @@ -98,7 +98,7 @@ template class GoblinTranslatorAccumulatorTransferRelationImpl { using Accumulator = std::tuple_element_t<0, ContainerOverSubrelations>; using View = typename Accumulator::View; // We use combination of lagrange polynomials at even indices in the minicircuit for copying the accumulator - auto lagrange_even = View(in.lagrange_even); + auto lagrange_even_in_minicircuit = View(in.lagrange_even_in_minicircuit); // Lagrange at index 1 is used to confirm the accumulator result auto lagrange_second = View(in.lagrange_second); @@ -117,23 +117,23 @@ template class GoblinTranslatorAccumulatorTransferRelationImpl { // Contribution (1) (1-4 ensure transfer of accumulator limbs at even indices of the minicircuit) auto tmp_1 = accumulators_binary_limbs_0 - accumulators_binary_limbs_0_shift; - tmp_1 *= lagrange_even; + tmp_1 *= lagrange_even_in_minicircuit; tmp_1 *= scaling_factor; std::get<0>(accumulators) += tmp_1; // Contribution (2) auto tmp_2 = accumulators_binary_limbs_1 - accumulators_binary_limbs_1_shift; - tmp_2 *= lagrange_even; + tmp_2 *= lagrange_even_in_minicircuit; tmp_2 *= scaling_factor; std::get<1>(accumulators) += tmp_2; // Contribution (3) auto tmp_3 = accumulators_binary_limbs_2 - accumulators_binary_limbs_2_shift; - tmp_3 *= lagrange_even; + tmp_3 *= lagrange_even_in_minicircuit; tmp_3 *= scaling_factor; std::get<2>(accumulators) += tmp_3; // Contribution (4) auto tmp_4 = accumulators_binary_limbs_3 - accumulators_binary_limbs_3_shift; - tmp_4 *= lagrange_even; + tmp_4 *= lagrange_even_in_minicircuit; tmp_4 *= scaling_factor; std::get<3>(accumulators) += tmp_4; diff --git a/barretenberg/cpp/src/barretenberg/proof_system/relations/goblin_translator_relation_consistency.test.cpp b/barretenberg/cpp/src/barretenberg/proof_system/relations/goblin_translator_relation_consistency.test.cpp index 59e242fa1673..5f4d243a9d6c 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/relations/goblin_translator_relation_consistency.test.cpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/relations/goblin_translator_relation_consistency.test.cpp @@ -226,8 +226,8 @@ struct InputElements { FF& z_perm_shift = std::get<176>(this->_data); FF& lagrange_first = std::get<177>(this->_data); FF& lagrange_last = std::get<178>(this->_data); - FF& lagrange_odd = std::get<179>(this->_data); - FF& lagrange_even = std::get<180>(this->_data); + FF& lagrange_odd_in_minicircuit = std::get<179>(this->_data); + FF& lagrange_even_in_minicircuit = std::get<180>(this->_data); FF& lagrange_second = std::get<181>(this->_data); FF& lagrange_second_to_last_in_minicircuit = std::get<182>(this->_data); FF& ordered_extra_range_constraints_numerator = std::get<183>(this->_data); @@ -566,7 +566,7 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) const auto& x_hi_z_1_shift = input_elements.x_hi_z_1_shift; const auto& y_lo_z_2_shift = input_elements.y_lo_z_2_shift; - const auto& lagrange_odd = input_elements.lagrange_odd; + const auto& lagrange_odd_in_minicircuit = input_elements.lagrange_odd_in_minicircuit; RelationValues expected_values; @@ -597,17 +597,17 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) MICRO_LIMB_SHIFTx3, MICRO_LIMB_SHIFTx4, MICRO_LIMB_SHIFTx5, - lagrange_odd](auto& micro_limb_0, - auto& micro_limb_1, - auto& micro_limb_2, - auto& micro_limb_3, - auto& micro_limb_4, - auto& micro_limb_5, - auto& decomposed_limb) { + lagrange_odd_in_minicircuit](auto& micro_limb_0, + auto& micro_limb_1, + auto& micro_limb_2, + auto& micro_limb_3, + auto& micro_limb_4, + auto& micro_limb_5, + auto& decomposed_limb) { return (micro_limb_0 + micro_limb_1 * MICRO_LIMB_SHIFT + micro_limb_2 * MICRO_LIMB_SHIFTx2 + micro_limb_3 * MICRO_LIMB_SHIFTx3 + micro_limb_4 * MICRO_LIMB_SHIFTx4 + micro_limb_5 * MICRO_LIMB_SHIFTx5 - decomposed_limb) * - lagrange_odd; + lagrange_odd_in_minicircuit; }; /** @@ -616,7 +616,7 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) * */ auto check_standard_limb_decomposition = - [MICRO_LIMB_SHIFT, MICRO_LIMB_SHIFTx2, MICRO_LIMB_SHIFTx3, MICRO_LIMB_SHIFTx4, lagrange_odd]( + [MICRO_LIMB_SHIFT, MICRO_LIMB_SHIFTx2, MICRO_LIMB_SHIFTx3, MICRO_LIMB_SHIFTx4, lagrange_odd_in_minicircuit]( auto& micro_limb_0, auto& micro_limb_1, auto& micro_limb_2, @@ -625,7 +625,7 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) auto& decomposed_limb) { return (micro_limb_0 + micro_limb_1 * MICRO_LIMB_SHIFT + micro_limb_2 * MICRO_LIMB_SHIFTx2 + micro_limb_3 * MICRO_LIMB_SHIFTx3 + micro_limb_4 * MICRO_LIMB_SHIFTx4 - decomposed_limb) * - lagrange_odd; + lagrange_odd_in_minicircuit; }; /** @@ -633,11 +633,11 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) * */ auto check_standard_top_limb_decomposition = - [MICRO_LIMB_SHIFT, MICRO_LIMB_SHIFTx2, MICRO_LIMB_SHIFTx3, lagrange_odd]( + [MICRO_LIMB_SHIFT, MICRO_LIMB_SHIFTx2, MICRO_LIMB_SHIFTx3, lagrange_odd_in_minicircuit]( auto& micro_limb_0, auto& micro_limb_1, auto& micro_limb_2, auto& micro_limb_3, auto& decomposed_limb) { return (micro_limb_0 + micro_limb_1 * MICRO_LIMB_SHIFT + micro_limb_2 * MICRO_LIMB_SHIFTx2 + micro_limb_3 * MICRO_LIMB_SHIFTx3 - decomposed_limb) * - lagrange_odd; + lagrange_odd_in_minicircuit; }; /** @@ -645,30 +645,30 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) * version. * */ - auto check_standard_tail_micro_limb_correctness = [SHIFT_12_TO_14, lagrange_odd](auto& nonshifted_micro_limb, - auto shifted_micro_limb) { - return (nonshifted_micro_limb * SHIFT_12_TO_14 - shifted_micro_limb) * lagrange_odd; - }; + auto check_standard_tail_micro_limb_correctness = + [SHIFT_12_TO_14, lagrange_odd_in_minicircuit](auto& nonshifted_micro_limb, auto shifted_micro_limb) { + return (nonshifted_micro_limb * SHIFT_12_TO_14 - shifted_micro_limb) * lagrange_odd_in_minicircuit; + }; /** * @brief Ensure that the last microlimb of a standard top limb decomposition is 8 bits by checking a * shifted version. * */ - auto check_top_tail_micro_limb_correctness = [SHIFT_8_TO_14, lagrange_odd](auto& nonshifted_micro_limb, - auto shifted_micro_limb) { - return (nonshifted_micro_limb * SHIFT_8_TO_14 - shifted_micro_limb) * lagrange_odd; - }; + auto check_top_tail_micro_limb_correctness = + [SHIFT_8_TO_14, lagrange_odd_in_minicircuit](auto& nonshifted_micro_limb, auto shifted_micro_limb) { + return (nonshifted_micro_limb * SHIFT_8_TO_14 - shifted_micro_limb) * lagrange_odd_in_minicircuit; + }; /** * @brief Ensure that the last microlimb of z top limb decomposition is 4 bits by checking a shifted * version. * */ - auto check_z_top_tail_micro_limb_correctness = [SHIFT_4_TO_14, lagrange_odd](auto& nonshifted_micro_limb, - auto shifted_micro_limb) { - return (nonshifted_micro_limb * SHIFT_4_TO_14 - shifted_micro_limb) * lagrange_odd; - }; + auto check_z_top_tail_micro_limb_correctness = + [SHIFT_4_TO_14, lagrange_odd_in_minicircuit](auto& nonshifted_micro_limb, auto shifted_micro_limb) { + return (nonshifted_micro_limb * SHIFT_4_TO_14 - shifted_micro_limb) * lagrange_odd_in_minicircuit; + }; /** * @brief Ensure that the last microlimb of quotient top limb decomposition is 10 bits by checking a shifted @@ -676,8 +676,8 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) * */ auto check_quotient_top_tail_micro_limb_correctness = - [SHIFT_10_TO_14, lagrange_odd](auto& nonshifted_micro_limb, auto shifted_micro_limb) { - return (nonshifted_micro_limb * SHIFT_10_TO_14 - shifted_micro_limb) * lagrange_odd; + [SHIFT_10_TO_14, lagrange_odd_in_minicircuit](auto& nonshifted_micro_limb, auto shifted_micro_limb) { + return (nonshifted_micro_limb * SHIFT_10_TO_14 - shifted_micro_limb) * lagrange_odd_in_minicircuit; }; /** @@ -685,8 +685,8 @@ TEST_F(GoblinTranslatorRelationConsistency, DecompositionRelation) * */ auto check_wide_limb_into_regular_limb_correctness = - [LIMB_SHIFT, lagrange_odd](auto& low_limb, auto& high_limb, auto& wide_limb) { - return (low_limb + high_limb * LIMB_SHIFT - wide_limb) * lagrange_odd; + [LIMB_SHIFT, lagrange_odd_in_minicircuit](auto& low_limb, auto& high_limb, auto& wide_limb) { + return (low_limb + high_limb * LIMB_SHIFT - wide_limb) * lagrange_odd_in_minicircuit; }; // Check decomposition 50-72 bit limbs into microlimbs @@ -939,7 +939,7 @@ TEST_F(GoblinTranslatorRelationConsistency, AccumulatorTransferRelation) const InputElements input_elements = random_inputs ? InputElements::get_random() : InputElements::get_special(); - const auto& lagrange_even = input_elements.lagrange_even; + const auto& lagrange_even_in_minicircuit = input_elements.lagrange_even_in_minicircuit; const auto& lagrange_second = input_elements.lagrange_second; const auto& lagrange_second_to_last_in_minicircuit = input_elements.lagrange_second_to_last_in_minicircuit; const auto& accumulators_binary_limbs_0 = input_elements.accumulators_binary_limbs_0; @@ -959,10 +959,14 @@ TEST_F(GoblinTranslatorRelationConsistency, AccumulatorTransferRelation) parameters.accumulated_result; // Check transfer of accumulator at even indices - expected_values[0] = lagrange_even * (accumulators_binary_limbs_0 - accumulators_binary_limbs_0_shift); - expected_values[1] = lagrange_even * (accumulators_binary_limbs_1 - accumulators_binary_limbs_1_shift); - expected_values[2] = lagrange_even * (accumulators_binary_limbs_2 - accumulators_binary_limbs_2_shift); - expected_values[3] = lagrange_even * (accumulators_binary_limbs_3 - accumulators_binary_limbs_3_shift); + expected_values[0] = + lagrange_even_in_minicircuit * (accumulators_binary_limbs_0 - accumulators_binary_limbs_0_shift); + expected_values[1] = + lagrange_even_in_minicircuit * (accumulators_binary_limbs_1 - accumulators_binary_limbs_1_shift); + expected_values[2] = + lagrange_even_in_minicircuit * (accumulators_binary_limbs_2 - accumulators_binary_limbs_2_shift); + expected_values[3] = + lagrange_even_in_minicircuit * (accumulators_binary_limbs_3 - accumulators_binary_limbs_3_shift); // Check the accumulator starts as zero expected_values[4] = accumulators_binary_limbs_0 * lagrange_second_to_last_in_minicircuit; @@ -1031,7 +1035,7 @@ TEST_F(GoblinTranslatorRelationConsistency, NonNativeFieldRelation) auto& quotient_high_binary_limbs_shift = input_elements.quotient_high_binary_limbs_shift; auto& relation_wide_limbs = input_elements.relation_wide_limbs; auto& relation_wide_limbs_shift = input_elements.relation_wide_limbs_shift; - auto& lagrange_odd = input_elements.lagrange_odd; + auto& lagrange_odd_in_minicircuit = input_elements.lagrange_odd_in_minicircuit; RelationValues expected_values; @@ -1061,7 +1065,7 @@ TEST_F(GoblinTranslatorRelationConsistency, NonNativeFieldRelation) quotient_low_binary_limbs_shift * NEGATIVE_MODULUS_LIMBS[0] - accumulators_binary_limbs_1) * shift - relation_wide_limbs * shiftx2) * - lagrange_odd; + lagrange_odd_in_minicircuit; // Higher wide limb subrelation expected_values[1] = @@ -1103,7 +1107,7 @@ TEST_F(GoblinTranslatorRelationConsistency, NonNativeFieldRelation) quotient_low_binary_limbs * NEGATIVE_MODULUS_LIMBS[3] - accumulators_binary_limbs_3) * shift - relation_wide_limbs_shift * shiftx2) * - lagrange_odd; + lagrange_odd_in_minicircuit; auto reconstructed_p_x = (p_x_low_limbs + p_x_low_limbs_shift * shift + p_x_high_limbs * shiftx2 + p_x_high_limbs_shift * shiftx3); auto reconstructed_p_y = @@ -1127,7 +1131,7 @@ TEST_F(GoblinTranslatorRelationConsistency, NonNativeFieldRelation) reconstructed_z1 * parameters.batching_challenge_v[2][4] + reconstructed_z2 * parameters.batching_challenge_v[3][4] + reconstructed_quotient * NEGATIVE_MODULUS_LIMBS[4] - reconstructed_current_accumulator) * - lagrange_odd; + lagrange_odd_in_minicircuit; validate_relation_execution(expected_values, input_elements, parameters); }; diff --git a/barretenberg/cpp/src/barretenberg/proof_system/relations/non_native_field_relation.hpp b/barretenberg/cpp/src/barretenberg/proof_system/relations/non_native_field_relation.hpp index 92ed2f2d3d5b..f992a12b7a77 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/relations/non_native_field_relation.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/relations/non_native_field_relation.hpp @@ -67,12 +67,12 @@ template class GoblinTranslatorNonNativeFieldRelationImpl { * * Then the last subrelation is simply checking the integer equation in this native form * - * All of these subrelations are multiplied by lagrange_odd, which is a polynomial with 1 at each odd index less - * than the size of the mini-circuit (16 times smaller than the final circuit and the only part over which we need - * to calculate non-permutation relations). All other indices are set to zero. Each EccOpQueue entry (operation) - * occupies 2 rows in bn254 transcripts. So the Goblin Translator VM has a 2-row cycle and we need to switch the - * checks being performed depending on which row we are at right now. We have half a cycle of accumulation, - * where we perform this computation, and half a cycle where we just copy accumulator data. + * All of these subrelations are multiplied by lagrange_odd_in_minicircuit, which is a polynomial with 1 at each odd + * index less than the size of the mini-circuit (16 times smaller than the final circuit and the only part over + * which we need to calculate non-permutation relations). All other indices are set to zero. Each EccOpQueue entry + * (operation) occupies 2 rows in bn254 transcripts. So the Goblin Translator VM has a 2-row cycle and we need to + * switch the checks being performed depending on which row we are at right now. We have half a cycle of + * accumulation, where we perform this computation, and half a cycle where we just copy accumulator data. * * @param evals transformed to `evals + C(in(X)...)*scaling_factor` * @param in an std::array containing the fully extended Univariate edges. @@ -159,7 +159,7 @@ template class GoblinTranslatorNonNativeFieldRelationImpl { const auto& quotient_high_binary_limbs_shift = View(in.quotient_high_binary_limbs_shift); const auto& relation_wide_limbs = View(in.relation_wide_limbs); const auto& relation_wide_limbs_shift = View(in.relation_wide_limbs_shift); - const auto& lagrange_odd = View(in.lagrange_odd); + const auto& lagrange_odd_in_minicircuit = View(in.lagrange_odd_in_minicircuit); // Contribution (1) Computing the mod 2²⁷² relation over lower 136 bits // clang-format off @@ -191,7 +191,7 @@ template class GoblinTranslatorNonNativeFieldRelationImpl { // clang-format on // subtract large value; vanishing shows the desired relation holds on low 136-bit limb tmp -= relation_wide_limbs * shiftx2; - tmp *= lagrange_odd; + tmp *= lagrange_odd_in_minicircuit; tmp *= scaling_factor; std::get<0>(accumulators) += tmp; @@ -244,7 +244,7 @@ template class GoblinTranslatorNonNativeFieldRelationImpl { // clang-format on // subtract large value; vanishing shows the desired relation holds on high 136-bit limb tmp -= relation_wide_limbs_shift * shiftx2; - tmp *= lagrange_odd; + tmp *= lagrange_odd_in_minicircuit; tmp *= scaling_factor; std::get<1>(accumulators) += tmp; @@ -286,7 +286,7 @@ template class GoblinTranslatorNonNativeFieldRelationImpl { + reconstructed_quotient * NEGATIVE_MODULUS_LIMBS[4] - reconstructed_current_accumulator; // clang-format on - tmp *= lagrange_odd; + tmp *= lagrange_odd_in_minicircuit; tmp *= scaling_factor; std::get<2>(accumulators) += tmp; };