Skip to content

Commit

Permalink
Merge branch 'master' into sync-noir
Browse files Browse the repository at this point in the history
  • Loading branch information
TomAFrench authored Nov 14, 2024
2 parents e29c2e3 + bf4176f commit 2c99d66
Show file tree
Hide file tree
Showing 43 changed files with 1,185 additions and 302 deletions.
1 change: 1 addition & 0 deletions barretenberg/cpp/src/barretenberg/benchmark/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,4 @@ add_subdirectory(append_only_tree_bench)
add_subdirectory(ultra_bench)
add_subdirectory(stdlib_hash)
add_subdirectory(circuit_construction_bench)
add_subdirectory(mega_memory_bench)
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ void eccvm_prove(State& state) noexcept
Builder builder = generate_trace(target_num_gates);
ECCVMProver prover(builder);
for (auto _ : state) {
auto proof = prover.construct_proof();
ECCVMProof proof = prover.construct_proof();
};
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
barretenberg_module(
mega_memory_bench
ultra_honk
stdlib_primitives
)

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ template <typename Curve_> class IPA {

size_t poly_length = polynomial.size();

// TODO(https://github.com/AztecProtocol/barretenberg/issues/1150): Hash more things here.
// Step 1.
// Send polynomial degree + 1 = d to the verifier
transcript->send_to_verifier("IPA:poly_degree_plus_1", static_cast<uint32_t>(poly_length));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -330,3 +330,85 @@ TEST_F(IPATest, ShpleminiIPAWithShift)

EXPECT_EQ(result, true);
}
/**
* @brief Test the behaviour of the method ShpleminiVerifier::remove_shifted_commitments
*
*/
TEST_F(IPATest, ShpleminiIPAShiftsRemoval)
{
using IPA = IPA<Curve>;
using ShplonkProver = ShplonkProver_<Curve>;
using ShpleminiVerifier = ShpleminiVerifier_<Curve>;
using GeminiProver = GeminiProver_<Curve>;

const size_t n = 8;
const size_t log_n = 3;

// Generate multilinear polynomials, their commitments (genuine and mocked) and evaluations (genuine) at a random
// point.
auto mle_opening_point = this->random_evaluation_point(log_n); // sometimes denoted 'u'
auto poly1 = Polynomial::random(n);
auto poly2 = Polynomial::random(n, /*shiftable*/ 1);
auto poly3 = Polynomial::random(n, /*shiftable*/ 1);
auto poly4 = Polynomial::random(n);

Commitment commitment1 = this->commit(poly1);
Commitment commitment2 = this->commit(poly2);
Commitment commitment3 = this->commit(poly3);
Commitment commitment4 = this->commit(poly4);

std::vector<Commitment> unshifted_commitments = { commitment1, commitment2, commitment3, commitment4 };
std::vector<Commitment> shifted_commitments = { commitment2, commitment3 };
auto eval1 = poly1.evaluate_mle(mle_opening_point);
auto eval2 = poly2.evaluate_mle(mle_opening_point);
auto eval3 = poly3.evaluate_mle(mle_opening_point);
auto eval4 = poly4.evaluate_mle(mle_opening_point);

auto eval2_shift = poly2.evaluate_mle(mle_opening_point, true);
auto eval3_shift = poly3.evaluate_mle(mle_opening_point, true);

auto prover_transcript = NativeTranscript::prover_init_empty();

// Run the full prover PCS protocol:

// Compute:
// - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1
// - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1
auto prover_opening_claims = GeminiProver::prove(n,
RefArray{ poly1, poly2, poly3, poly4 },
RefArray{ poly2, poly3 },
mle_opening_point,
this->ck(),
prover_transcript);

const auto opening_claim = ShplonkProver::prove(this->ck(), prover_opening_claims, prover_transcript);
IPA::compute_opening_proof(this->ck(), opening_claim, prover_transcript);

// the index of the first commitment to a polynomial to be shifted in the union of unshifted_commitments and
// shifted_commitments. in our case, it is poly2
const size_t to_be_shifted_commitments_start = 1;
// the index of the first commitment to a shifted polynomial in the union of unshifted_commitments and
// shifted_commitments. in our case, it is the second occurence of poly2
const size_t shifted_commitments_start = 4;
// number of shifted polynomials
const size_t num_shifted_commitments = 2;
const RepeatedCommitmentsData repeated_commitments =
RepeatedCommitmentsData(to_be_shifted_commitments_start, shifted_commitments_start, num_shifted_commitments);
// since commitments to poly2, poly3 and their shifts are the same group elements, we simply combine the scalar
// multipliers of commitment2 and commitment3 in one place and remove the entries of the commitments and scalars
// vectors corresponding to the "shifted" commitment
auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);

auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(n,
RefVector(unshifted_commitments),
RefVector(shifted_commitments),
RefArray{ eval1, eval2, eval3, eval4 },
RefArray{ eval2_shift, eval3_shift },
mle_opening_point,
this->vk()->get_g1_identity(),
verifier_transcript,
repeated_commitments);

auto result = IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->vk(), verifier_transcript);
EXPECT_EQ(result, true);
}
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,7 @@ TYPED_TEST(KZGTest, ShpleminiKzgWithShiftAndConcatenation)
mle_opening_point,
this->vk()->get_g1_identity(),
verifier_transcript,
{},
/* libra commitments = */ {},
/* libra evaluations = */ {},
to_vector_of_ref_vectors(concatenation_groups_commitments),
Expand All @@ -327,5 +328,99 @@ TYPED_TEST(KZGTest, ShpleminiKzgWithShiftAndConcatenation)

EXPECT_EQ(this->vk()->pairing_check(pairing_points[0], pairing_points[1]), true);
}
TYPED_TEST(KZGTest, ShpleminiKzgShiftsRemoval)
{
using ShplonkProver = ShplonkProver_<TypeParam>;
using GeminiProver = GeminiProver_<TypeParam>;
using ShpleminiVerifier = ShpleminiVerifier_<TypeParam>;
using KZG = KZG<TypeParam>;
using Fr = typename TypeParam::ScalarField;
using Commitment = typename TypeParam::AffineElement;
using Polynomial = typename bb::Polynomial<Fr>;

const size_t n = 16;
const size_t log_n = 4;
// Generate multilinear polynomials, their commitments (genuine and mocked) and evaluations (genuine) at a random
// point.
auto mle_opening_point = this->random_evaluation_point(log_n); // sometimes denoted 'u'
auto poly1 = Polynomial::random(n);
auto poly2 = Polynomial::random(n, 1);
auto poly3 = Polynomial::random(n, 1);
auto poly4 = Polynomial::random(n);

Commitment commitment1 = this->commit(poly1);
Commitment commitment2 = this->commit(poly2);
Commitment commitment3 = this->commit(poly3);
Commitment commitment4 = this->commit(poly4);
std::vector<Commitment> unshifted_commitments = { commitment1, commitment2, commitment3, commitment4 };
std::vector<Commitment> shifted_commitments = { commitment2, commitment3 };
auto eval1 = poly1.evaluate_mle(mle_opening_point);
auto eval2 = poly2.evaluate_mle(mle_opening_point);
auto eval3 = poly3.evaluate_mle(mle_opening_point);
auto eval4 = poly4.evaluate_mle(mle_opening_point);
auto eval2_shift = poly2.evaluate_mle(mle_opening_point, true);
auto eval3_shift = poly3.evaluate_mle(mle_opening_point, true);

// Collect multilinear evaluations for input to prover
// std::vector<Fr> multilinear_evaluations = { eval1, eval2, eval3, eval4, eval2_shift, eval3_shift };

auto prover_transcript = NativeTranscript::prover_init_empty();

// Run the full prover PCS protocol:

// Compute:
// - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1
// - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1
auto prover_opening_claims = GeminiProver::prove(n,
RefArray{ poly1, poly2, poly3, poly4 },
RefArray{ poly2, poly3 },
mle_opening_point,
this->ck(),
prover_transcript);

// Shplonk prover output:
// - opening pair: (z_challenge, 0)
// - witness: polynomial Q - Q_z
const auto opening_claim = ShplonkProver::prove(this->ck(), prover_opening_claims, prover_transcript);

// KZG prover:
// - Adds commitment [W] to transcript
KZG::compute_opening_proof(this->ck(), opening_claim, prover_transcript);

// Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation)

auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);
// the index of the first commitment to a polynomial to be shifted in the union of unshifted_commitments and
// shifted_commitments. in our case, it is poly2
const size_t to_be_shifted_commitments_start = 1;
// the index of the first commitment to a shifted polynomial in the union of unshifted_commitments and
// shifted_commitments. in our case, it is the second occurence of poly2
const size_t shifted_commitments_start = 4;
// number of shifted polynomials
const size_t num_shifted_commitments = 2;
// since commitments to poly2, poly3 and their shifts are the same group elements, we simply combine the scalar
// multipliers of commitment2 and commitment3 in one place and remove the entries of the commitments and scalars
// vectors corresponding to the "shifted" commitment
const RepeatedCommitmentsData repeated_commitments =
RepeatedCommitmentsData(to_be_shifted_commitments_start, shifted_commitments_start, num_shifted_commitments);

// Gemini verifier output:
// - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1
const auto batch_opening_claim =
ShpleminiVerifier::compute_batch_opening_claim(n,
RefVector(unshifted_commitments),
RefVector(shifted_commitments),
RefArray{ eval1, eval2, eval3, eval4 },
RefArray{ eval2_shift, eval3_shift },
mle_opening_point,
this->vk()->get_g1_identity(),
verifier_transcript,
repeated_commitments);

const auto pairing_points = KZG::reduce_verify_batch_opening_claim(batch_opening_claim, verifier_transcript);

// Final pairing check: e([Q] - [Q_z] + z[W], [1]_2) = e([W], [x]_2)
EXPECT_EQ(this->vk()->pairing_check(pairing_points[0], pairing_points[1]), true);
}

} // namespace bb
Loading

0 comments on commit 2c99d66

Please sign in to comment.