diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp index f9c370bf3e7..de7a4d1eb75 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp @@ -142,19 +142,19 @@ template class GeminiVerifier_ { commitments.reserve(num_variables - 1); for (size_t i = 0; i < num_variables - 1; ++i) { auto commitment = - transcript.template receive_from_prover("Gemini:FOLD_" + std::to_string(i + 1)); + transcript->template receive_from_prover("Gemini:FOLD_" + std::to_string(i + 1)); commitments.emplace_back(commitment); } // compute vector of powers of random evaluation point r - const Fr r = transcript.get_challenge("Gemini:r"); + const Fr r = transcript->get_challenge("Gemini:r"); std::vector r_squares = squares_of_r(r, num_variables); // Get evaluations a_i, i = 0,...,m-1 from transcript std::vector evaluations; evaluations.reserve(num_variables); for (size_t i = 0; i < num_variables; ++i) { - auto eval = transcript.template receive_from_prover("Gemini:a_" + std::to_string(i)); + auto eval = transcript->template receive_from_prover("Gemini:a_" + std::to_string(i)); evaluations.emplace_back(eval); } diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp index 602cfe2fa78..1d91fe7a4e5 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp @@ -62,10 +62,10 @@ template class GeminiTest : public CommitmentTest { for (size_t l = 0; l < log_n - 1; ++l) { std::string label = "FOLD_" + std::to_string(l + 1); auto commitment = this->ck()->commit(gemini_polynomials[l + 2]); - prover_transcript.send_to_verifier(label, commitment); + prover_transcript->send_to_verifier(label, commitment); } - const Fr r_challenge = prover_transcript.get_challenge("Gemini:r"); + const Fr r_challenge = prover_transcript->get_challenge("Gemini:r"); auto prover_output = GeminiProver::compute_fold_polynomial_evaluations( multilinear_evaluation_point, std::move(gemini_polynomials), r_challenge); @@ -73,7 +73,7 @@ template class GeminiTest : public CommitmentTest { for (size_t l = 0; l < log_n; ++l) { std::string label = "Gemini:a_" + std::to_string(l); const auto& evaluation = prover_output.opening_pairs[l + 1].evaluation; - prover_transcript.send_to_verifier(label, evaluation); + prover_transcript->send_to_verifier(label, evaluation); } // Check that the Fold polynomials have been evaluated correctly in the prover diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 758d21d805b..85cfb13e668 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -31,16 +31,17 @@ template class IPA { * @param opening_pair (challenge, evaluation) * @param polynomial The witness polynomial whose opening proof needs to be computed * @param transcript Prover transcript + * https://github.com/AztecProtocol/aztec-packages/pull/3434 */ - static void compute_opening_proof(std::shared_ptr ck, + static void compute_opening_proof(const std::shared_ptr& ck, const OpeningPair& opening_pair, const Polynomial& polynomial, - BaseTranscript& transcript) + const std::shared_ptr& transcript) { ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero"); auto poly_degree = static_cast(polynomial.size()); - transcript.send_to_verifier("IPA:poly_degree", static_cast(poly_degree)); - Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge"); + transcript->send_to_verifier("IPA:poly_degree", static_cast(poly_degree)); + const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge"); auto aux_generator = Commitment::one() * generator_challenge; // Checks poly_degree is greater than zero and a power of two @@ -96,11 +97,11 @@ template class IPA { R_elements[i] += aux_generator * inner_prod_R; std::string index = std::to_string(i); - transcript.send_to_verifier("IPA:L_" + index, Commitment(L_elements[i])); - transcript.send_to_verifier("IPA:R_" + index, Commitment(R_elements[i])); + transcript->send_to_verifier("IPA:L_" + index, Commitment(L_elements[i])); + transcript->send_to_verifier("IPA:R_" + index, Commitment(R_elements[i])); // Generate the round challenge. - const Fr round_challenge = transcript.get_challenge("IPA:round_challenge_" + index); + const Fr round_challenge = transcript->get_challenge("IPA:round_challenge_" + index); const Fr round_challenge_inv = round_challenge.invert(); std::vector G_lo(G_vec_local.begin(), G_vec_local.begin() + static_cast(round_size)); @@ -122,7 +123,7 @@ template class IPA { } } - transcript.send_to_verifier("IPA:a_0", a_vec[0]); + transcript->send_to_verifier("IPA:a_0", a_vec[0]); } /** @@ -134,10 +135,12 @@ template class IPA { * * @return true/false depending on if the proof verifies */ - static bool verify(std::shared_ptr vk, const OpeningClaim& opening_claim, BaseTranscript& transcript) + static bool verify(const std::shared_ptr& vk, + const OpeningClaim& opening_claim, + const std::shared_ptr& transcript) { - auto poly_degree = static_cast(transcript.template receive_from_prover("IPA:poly_degree")); - Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge"); + auto poly_degree = static_cast(transcript->template receive_from_prover("IPA:poly_degree")); + const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge"); auto aux_generator = Commitment::one() * generator_challenge; auto log_poly_degree = static_cast(numeric::get_msb(poly_degree)); @@ -153,9 +156,9 @@ template class IPA { std::vector msm_scalars(pippenger_size); for (size_t i = 0; i < log_poly_degree; i++) { std::string index = std::to_string(i); - auto element_L = transcript.template receive_from_prover("IPA:L_" + index); - auto element_R = transcript.template receive_from_prover("IPA:R_" + index); - round_challenges[i] = transcript.get_challenge("IPA:round_challenge_" + index); + auto element_L = transcript->template receive_from_prover("IPA:L_" + index); + auto element_R = transcript->template receive_from_prover("IPA:R_" + index); + round_challenges[i] = transcript->get_challenge("IPA:round_challenge_" + index); round_challenges_inv[i] = round_challenges[i].invert(); msm_elements[2 * i] = element_L; @@ -211,7 +214,7 @@ template class IPA { auto G_zero = barretenberg::scalar_multiplication::pippenger_without_endomorphism_basis_points( &s_vec[0], &G_vec_local[0], poly_degree, vk->pippenger_runtime_state); - auto a_zero = transcript.template receive_from_prover("IPA:a_0"); + auto a_zero = transcript->template receive_from_prover("IPA:a_0"); GroupElement right_hand_side = G_zero * a_zero + aux_generator * a_zero * b_zero; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp index 315374defab..a19a7ce7aed 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp @@ -70,16 +70,16 @@ TEST_F(IPATest, Open) const OpeningClaim opening_claim{ opening_pair, commitment }; // initialize empty prover transcript - BaseTranscript prover_transcript; + auto prover_transcript = std::make_shared(); IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript); // initialize verifier transcript from proof data - BaseTranscript verifier_transcript{ prover_transcript.proof_data }; + auto verifier_transcript = std::make_shared(prover_transcript->proof_data); auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript); EXPECT_TRUE(result); - EXPECT_EQ(prover_transcript.get_manifest(), verifier_transcript.get_manifest()); + EXPECT_EQ(prover_transcript->get_manifest(), verifier_transcript->get_manifest()); } TEST_F(IPATest, GeminiShplonkIPAWithShift) @@ -137,10 +137,10 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift) for (size_t l = 0; l < log_n - 1; ++l) { std::string label = "FOLD_" + std::to_string(l + 1); auto commitment = this->ck()->commit(gemini_polynomials[l + 2]); - prover_transcript.send_to_verifier(label, commitment); + prover_transcript->send_to_verifier(label, commitment); } - const Fr r_challenge = prover_transcript.get_challenge("Gemini:r"); + const Fr r_challenge = prover_transcript->get_challenge("Gemini:r"); const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations( mle_opening_point, std::move(gemini_polynomials), r_challenge); @@ -148,15 +148,15 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift) for (size_t l = 0; l < log_n; ++l) { std::string label = "Gemini:a_" + std::to_string(l); const auto& evaluation = gemini_opening_pairs[l + 1].evaluation; - prover_transcript.send_to_verifier(label, evaluation); + prover_transcript->send_to_verifier(label, evaluation); } - const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu"); + const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu"); auto batched_quotient_Q = ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge); - prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q)); + prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q)); - const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z"); + const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z"); const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient( gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp index ca024515717..e0cfc6e6477 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp @@ -31,7 +31,7 @@ template class KZG { static void compute_opening_proof(std::shared_ptr ck, const OpeningPair& opening_pair, const Polynomial& polynomial, - BaseTranscript& prover_trancript) + const std::shared_ptr& prover_trancript) { Polynomial quotient(polynomial); quotient[0] -= opening_pair.evaluation; @@ -41,7 +41,7 @@ template class KZG { // TODO(#479): for now we compute the KZG commitment directly to unify the KZG and IPA interfaces but in the // future we might need to adjust this to use the incoming alternative to work queue (i.e. variation of // pthreads) or even the work queue itself - prover_trancript.send_to_verifier("KZG:W", quotient_commitment); + prover_trancript->send_to_verifier("KZG:W", quotient_commitment); }; /** @@ -53,9 +53,11 @@ template class KZG { * - P₀ = C − v⋅[1]₁ + r⋅[x]₁ * - P₁ = [Q(x)]₁ */ - static bool verify(std::shared_ptr vk, const OpeningClaim& claim, BaseTranscript& verifier_transcript) + static bool verify(const std::shared_ptr& vk, + const OpeningClaim& claim, + const std::shared_ptr& verifier_transcript) { - auto quotient_commitment = verifier_transcript.template receive_from_prover("KZG:W"); + auto quotient_commitment = verifier_transcript->template receive_from_prover("KZG:W"); auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) + (quotient_commitment * claim.opening_pair.challenge); auto rhs = -quotient_commitment; @@ -74,15 +76,15 @@ template class KZG { * - P₁ = [W(x)]₁ */ static std::array compute_pairing_points(const OpeningClaim& claim, - auto& verifier_transcript) + const auto& verifier_transcript) { - auto quotient_commitment = verifier_transcript.template receive_from_prover("KZG:W"); + auto quotient_commitment = verifier_transcript->template receive_from_prover("KZG:W"); GroupElement P_0; // Note: In the recursive setting, we only add the contribution if it is not the point at infinity (i.e. if the // evaluation is not equal to zero). if constexpr (Curve::is_stdlib_type) { - auto builder = verifier_transcript.builder; + auto builder = verifier_transcript->builder; auto one = Fr(builder, 1); std::vector commitments = { claim.commitment, quotient_commitment }; std::vector scalars = { one, claim.opening_pair.challenge }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp index f2f9f569b06..c06beb07283 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp @@ -122,10 +122,10 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift) for (size_t l = 0; l < log_n - 1; ++l) { std::string label = "FOLD_" + std::to_string(l + 1); auto commitment = this->ck()->commit(gemini_polynomials[l + 2]); - prover_transcript.send_to_verifier(label, commitment); + prover_transcript->send_to_verifier(label, commitment); } - const Fr r_challenge = prover_transcript.get_challenge("Gemini:r"); + const Fr r_challenge = prover_transcript->get_challenge("Gemini:r"); const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations( mle_opening_point, std::move(gemini_polynomials), r_challenge); @@ -133,18 +133,18 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift) for (size_t l = 0; l < log_n; ++l) { std::string label = "Gemini:a_" + std::to_string(l); const auto& evaluation = gemini_opening_pairs[l + 1].evaluation; - prover_transcript.send_to_verifier(label, evaluation); + prover_transcript->send_to_verifier(label, evaluation); } // Shplonk prover output: // - opening pair: (z_challenge, 0) // - witness: polynomial Q - Q_z - const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu"); + const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu"); auto batched_quotient_Q = ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge); - prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q)); + prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q)); - const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z"); + const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z"); const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient( gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp index 06b258644ac..e4cb18795a4 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp @@ -168,11 +168,11 @@ template class ShplonkVerifier_ { const size_t num_claims = claims.size(); - const Fr nu = transcript.get_challenge("Shplonk:nu"); + const Fr nu = transcript->get_challenge("Shplonk:nu"); - auto Q_commitment = transcript.template receive_from_prover("Shplonk:Q"); + auto Q_commitment = transcript->template receive_from_prover("Shplonk:Q"); - const Fr z_challenge = transcript.get_challenge("Shplonk:z"); + const Fr z_challenge = transcript->get_challenge("Shplonk:z"); // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1] // = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )] diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp index 15cb7605b35..aa3734fe4e1 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp @@ -47,11 +47,11 @@ TYPED_TEST(ShplonkTest, ShplonkSimple) std::vector polynomials = { poly1, poly2 }; // Execute the shplonk prover functionality - const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu"); + const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu"); auto batched_quotient_Q = ShplonkProver::compute_batched_quotient(opening_pairs, polynomials, nu_challenge); - prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q)); + prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q)); - const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z"); + const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z"); const auto [prover_opening_pair, shplonk_prover_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient( opening_pairs, polynomials, std::move(batched_quotient_Q), nu_challenge, z_challenge); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp index 1817a578440..80a8c3e4508 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp @@ -321,14 +321,14 @@ template class ZeroMorphProver_ { auto&& g_shift_evaluations, auto& multilinear_challenge, auto& commitment_key, - auto& transcript, + auto transcript, const std::vector>& concatenated_polynomials = {}, const std::vector& concatenated_evaluations = {}, // TODO(https://github.com/AztecProtocol/barretenberg/issues/743) remove span const std::vector>>& concatenation_groups = {}) { // Generate batching challenge \rho and powers 1,...,\rho^{m-1} - FF rho = transcript.get_challenge("rho"); + const FF rho = transcript->get_challenge("rho"); // Extract multilinear challenge u and claimed multilinear evaluations from Sumcheck output std::span u_challenge = multilinear_challenge; @@ -394,21 +394,21 @@ template class ZeroMorphProver_ { for (size_t idx = 0; idx < log_N; ++idx) { q_k_commitments[idx] = commitment_key->commit(quotients[idx]); std::string label = "ZM:C_q_" + std::to_string(idx); - transcript.send_to_verifier(label, q_k_commitments[idx]); + transcript->send_to_verifier(label, q_k_commitments[idx]); } // Get challenge y - FF y_challenge = transcript.get_challenge("ZM:y"); + FF y_challenge = transcript->get_challenge("ZM:y"); // Compute the batched, lifted-degree quotient \hat{q} auto batched_quotient = compute_batched_lifted_degree_quotient(quotients, y_challenge, N); // Compute and send the commitment C_q = [\hat{q}] auto q_commitment = commitment_key->commit(batched_quotient); - transcript.send_to_verifier("ZM:C_q", q_commitment); + transcript->send_to_verifier("ZM:C_q", q_commitment); // Get challenges x and z - auto [x_challenge, z_challenge] = challenges_to_field_elements(transcript.get_challenges("ZM:x", "ZM:z")); + auto [x_challenge, z_challenge] = challenges_to_field_elements(transcript->get_challenges("ZM:x", "ZM:z")); // Compute degree check polynomial \zeta partially evaluated at x auto zeta_x = @@ -429,7 +429,7 @@ template class ZeroMorphProver_ { // Compute and send proof commitment pi auto pi_commitment = commitment_key->commit(pi_polynomial); - transcript.send_to_verifier("ZM:PI", pi_commitment); + transcript->send_to_verifier("ZM:PI", pi_commitment); } }; @@ -645,7 +645,7 @@ template class ZeroMorphVerifier_ { const std::vector& concatenated_evaluations = {}) { size_t log_N = multivariate_challenge.size(); - FF rho = transcript.get_challenge("rho"); + FF rho = transcript->get_challenge("rho"); // Construct batched evaluation v = sum_{i=0}^{m-1}\rho^i*f_i(u) + sum_{i=0}^{l-1}\rho^{m+i}*h_i(u) FF batched_evaluation = FF(0); @@ -667,17 +667,17 @@ template class ZeroMorphVerifier_ { std::vector C_q_k; C_q_k.reserve(log_N); for (size_t i = 0; i < log_N; ++i) { - C_q_k.emplace_back(transcript.template receive_from_prover("ZM:C_q_" + std::to_string(i))); + C_q_k.emplace_back(transcript->template receive_from_prover("ZM:C_q_" + std::to_string(i))); } // Challenge y - FF y_challenge = transcript.get_challenge("ZM:y"); + FF y_challenge = transcript->get_challenge("ZM:y"); // Receive commitment C_{q} - auto C_q = transcript.template receive_from_prover("ZM:C_q"); + auto C_q = transcript->template receive_from_prover("ZM:C_q"); // Challenges x, z - auto [x_challenge, z_challenge] = challenges_to_field_elements(transcript.get_challenges("ZM:x", "ZM:z")); + auto [x_challenge, z_challenge] = challenges_to_field_elements(transcript->get_challenges("ZM:x", "ZM:z")); // Compute commitment C_{\zeta_x} auto C_zeta_x = compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge); @@ -696,7 +696,7 @@ template class ZeroMorphVerifier_ { auto C_zeta_Z = C_zeta_x + C_Z_x * z_challenge; // Receive proof commitment \pi - auto C_pi = transcript.template receive_from_prover("ZM:PI"); + auto C_pi = transcript->template receive_from_prover("ZM:PI"); // Construct inputs and perform pairing check to verify claimed evaluation // Note: The pairing check (without the degree check component X^{N_max-N-1}) can be expressed naturally as diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp index d884e1b046d..d8b878d24f2 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp @@ -97,7 +97,7 @@ template class ZeroMorphTest : public CommitmentTest { verified = this->vk()->pairing_check(pairing_points[0], pairing_points[1]); // The prover and verifier manifests should agree - EXPECT_EQ(prover_transcript.get_manifest(), verifier_transcript.get_manifest()); + EXPECT_EQ(prover_transcript->get_manifest(), verifier_transcript->get_manifest()); return verified; } @@ -263,7 +263,7 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT verified = this->vk()->pairing_check(pairing_points[0], pairing_points[1]); // The prover and verifier manifests should agree - EXPECT_EQ(prover_transcript.get_manifest(), verifier_transcript.get_manifest()); + EXPECT_EQ(prover_transcript->get_manifest(), verifier_transcript->get_manifest()); return verified; } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp index d79ce9f310e..c6df4cbddb2 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.cpp @@ -27,13 +27,14 @@ template void ECCVMComposer_::compute_witness(Circu } template -ECCVMProver_ ECCVMComposer_::create_prover(CircuitConstructor& circuit_constructor) +ECCVMProver_ ECCVMComposer_::create_prover(CircuitConstructor& circuit_constructor, + const std::shared_ptr& transcript) { compute_proving_key(circuit_constructor); compute_witness(circuit_constructor); compute_commitment_key(proving_key->circuit_size); - ECCVMProver_ output_state(proving_key, commitment_key); + ECCVMProver_ output_state(proving_key, commitment_key, transcript); return output_state; } @@ -45,7 +46,8 @@ ECCVMProver_ ECCVMComposer_::create_prover(CircuitConstructor& c * @return The verifier. * */ template -ECCVMVerifier_ ECCVMComposer_::create_verifier(CircuitConstructor& circuit_constructor) +ECCVMVerifier_ ECCVMComposer_::create_verifier(CircuitConstructor& circuit_constructor, + const std::shared_ptr& transcript) { auto verification_key = compute_verification_key(circuit_constructor); @@ -54,6 +56,7 @@ ECCVMVerifier_ ECCVMComposer_::create_verifier(CircuitConstructo auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); output_state.pcs_verification_key = std::move(pcs_verification_key); + output_state.transcript = transcript; return output_state; } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp index a92f06bef5c..3c4c3c6a97f 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.hpp @@ -10,12 +10,14 @@ namespace proof_system::honk { template class ECCVMComposer_ { public: + using FF = typename Flavor::FF; using CircuitConstructor = ECCVMCircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; using PCS = typename Flavor::PCS; using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; + using Transcript = typename Flavor::Transcript; static constexpr std::string_view NAME_STRING = "ECCVM"; static constexpr size_t NUM_RESERVED_GATES = 0; // equal to the number of multilinear evaluations leaked @@ -59,8 +61,11 @@ template class ECCVMComposer_ { void compute_witness(CircuitConstructor& circuit_constructor); - ECCVMProver_ create_prover(CircuitConstructor& circuit_constructor); - ECCVMVerifier_ create_verifier(CircuitConstructor& circuit_constructor); + ECCVMProver_ create_prover(CircuitConstructor& circuit_constructor, + const std::shared_ptr& transcript = std::make_shared()); + ECCVMVerifier_ create_verifier( + CircuitConstructor& circuit_constructor, + const std::shared_ptr& transcript = std::make_shared()); void add_table_column_selector_poly_to_proving_key(barretenberg::polynomial& small, const std::string& tag); diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index 21956f2e991..16d3f3a9cfb 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -22,9 +22,11 @@ namespace proof_system::honk { * @tparam settings Settings class. * */ template -ECCVMProver_::ECCVMProver_(std::shared_ptr input_key, - std::shared_ptr commitment_key) - : key(input_key) +ECCVMProver_::ECCVMProver_(const std::shared_ptr& input_key, + const std::shared_ptr& commitment_key, + const std::shared_ptr& transcript) + : transcript(transcript) + , key(input_key) , commitment_key(commitment_key) { @@ -146,7 +148,7 @@ template void ECCVMProver_::execute_preamble_round( { const auto circuit_size = static_cast(key->circuit_size); - transcript.send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("circuit_size", circuit_size); } /** @@ -158,7 +160,7 @@ template void ECCVMProver_::execute_wire_commitment auto wire_polys = key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } } @@ -169,7 +171,7 @@ template void ECCVMProver_::execute_wire_commitment template void ECCVMProver_::execute_log_derivative_commitments_round() { // Compute and add beta to relation parameters - auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); + auto [beta, gamma] = challenges_to_field_elements(transcript->get_challenges("beta", "gamma")); // TODO(#583)(@zac-williamson): fix Transcript to be able to generate more than 2 challenges per round! oof. auto beta_sqr = beta * beta; @@ -183,7 +185,7 @@ template void ECCVMProver_::execute_log_derivative_ // Compute inverse polynomial for our logarithmic-derivative lookup method lookup_library::compute_logderivative_inverse( prover_polynomials, relation_parameters, key->circuit_size); - transcript.send_to_verifier(commitment_labels.lookup_inverses, commitment_key->commit(key->lookup_inverses)); + transcript->send_to_verifier(commitment_labels.lookup_inverses, commitment_key->commit(key->lookup_inverses)); prover_polynomials.lookup_inverses = key->lookup_inverses; } @@ -196,7 +198,7 @@ template void ECCVMProver_::execute_grand_product_c // Compute permutation grand product and their commitments permutation_library::compute_permutation_grand_products(key, prover_polynomials, relation_parameters); - transcript.send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); + transcript->send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); } /** @@ -208,7 +210,7 @@ template void ECCVMProver_::execute_relation_check_ using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(key->circuit_size, transcript); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } @@ -222,7 +224,7 @@ template void ECCVMProver_::execute_univariatizatio const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹ - FF rho = transcript.get_challenge("rho"); + FF rho = transcript->get_challenge("rho"); std::vector rhos = pcs::gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Batch the unshifted polynomials and the to-be-shifted polynomials using ρ @@ -249,8 +251,8 @@ template void ECCVMProver_::execute_univariatizatio // Compute and add to trasnscript the commitments [Fold^(i)], i = 1, ..., d-1 for (size_t l = 0; l < key->log_circuit_size - 1; ++l) { - transcript.send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), - commitment_key->commit(gemini_polynomials[l + 2])); + transcript->send_to_verifier("Gemini:FOLD_" + std::to_string(l + 1), + commitment_key->commit(gemini_polynomials[l + 2])); } } @@ -262,14 +264,14 @@ template void ECCVMProver_::execute_univariatizatio * */ template void ECCVMProver_::execute_pcs_evaluation_round() { - const FF r_challenge = transcript.get_challenge("Gemini:r"); + const FF r_challenge = transcript->get_challenge("Gemini:r"); gemini_output = Gemini::compute_fold_polynomial_evaluations( sumcheck_output.challenge, std::move(gemini_polynomials), r_challenge); for (size_t l = 0; l < key->log_circuit_size; ++l) { std::string label = "Gemini:a_" + std::to_string(l); const auto& evaluation = gemini_output.opening_pairs[l + 1].evaluation; - transcript.send_to_verifier(label, evaluation); + transcript->send_to_verifier(label, evaluation); } } @@ -279,13 +281,13 @@ template void ECCVMProver_::execute_pcs_evaluation_ * */ template void ECCVMProver_::execute_shplonk_batched_quotient_round() { - nu_challenge = transcript.get_challenge("Shplonk:nu"); + nu_challenge = transcript->get_challenge("Shplonk:nu"); batched_quotient_Q = Shplonk::compute_batched_quotient(gemini_output.opening_pairs, gemini_output.witnesses, nu_challenge); // commit to Q(X) and add [Q] to the transcript - transcript.send_to_verifier("Shplonk:Q", commitment_key->commit(batched_quotient_Q)); + transcript->send_to_verifier("Shplonk:Q", commitment_key->commit(batched_quotient_Q)); } /** @@ -294,7 +296,7 @@ template void ECCVMProver_::execute_shplonk_batched * */ template void ECCVMProver_::execute_shplonk_partial_evaluation_round() { - const FF z_challenge = transcript.get_challenge("Shplonk:z"); + const FF z_challenge = transcript->get_challenge("Shplonk:z"); shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient( gemini_output.opening_pairs, gemini_output.witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge); @@ -323,10 +325,10 @@ template void ECCVMProver_::execute_transcript_cons for (size_t idx = 0; idx < key->circuit_size; idx++) { hack[idx] = 1; } - transcript.send_to_verifier("Translation:hack_commitment", commitment_key->commit(hack)); + transcript->send_to_verifier("Translation:hack_commitment", commitment_key->commit(hack)); // Get the challenge at which we evaluate the polynomials as univariates - evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); + evaluation_challenge_x = transcript->get_challenge("Translation:evaluation_challenge_x"); translation_evaluations.op = key->transcript_op.evaluate(evaluation_challenge_x); translation_evaluations.Px = key->transcript_Px.evaluate(evaluation_challenge_x); @@ -335,15 +337,15 @@ template void ECCVMProver_::execute_transcript_cons translation_evaluations.z2 = key->transcript_z2.evaluate(evaluation_challenge_x); // Add the univariate evaluations to the transcript - transcript.send_to_verifier("Translation:op", translation_evaluations.op); - transcript.send_to_verifier("Translation:Px", translation_evaluations.Px); - transcript.send_to_verifier("Translation:Py", translation_evaluations.Py); - transcript.send_to_verifier("Translation:z1", translation_evaluations.z1); - transcript.send_to_verifier("Translation:z2", translation_evaluations.z2); - transcript.send_to_verifier("Translation:hack_evaluation", hack.evaluate(evaluation_challenge_x)); + transcript->send_to_verifier("Translation:op", translation_evaluations.op); + transcript->send_to_verifier("Translation:Px", translation_evaluations.Px); + transcript->send_to_verifier("Translation:Py", translation_evaluations.Py); + transcript->send_to_verifier("Translation:z1", translation_evaluations.z1); + transcript->send_to_verifier("Translation:z2", translation_evaluations.z2); + transcript->send_to_verifier("Translation:hack_evaluation", hack.evaluate(evaluation_challenge_x)); // Get another challenge for batching the univariate claims - FF batching_challenge = transcript.get_challenge("Translation:batching_challenge"); + FF batching_challenge = transcript->get_challenge("Translation:batching_challenge"); // Collect the polynomials and evaluations to be batched RefArray univariate_polynomials{ key->transcript_op, key->transcript_Px, key->transcript_Py, @@ -367,7 +369,7 @@ template void ECCVMProver_::execute_transcript_cons template plonk::proof& ECCVMProver_::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index 3cd07fb9414..39b42b89688 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -26,7 +26,9 @@ template class ECCVMProver_ { using TranslationEvaluations = barretenberg::TranslationEvaluations; public: - explicit ECCVMProver_(std::shared_ptr input_key, std::shared_ptr commitment_key); + explicit ECCVMProver_(const std::shared_ptr& input_key, + const std::shared_ptr& commitment_key, + const std::shared_ptr& transcript = std::make_shared()); void execute_preamble_round(); void execute_wire_commitments_round(); @@ -43,7 +45,7 @@ template class ECCVMProver_ { plonk::proof& export_proof(); plonk::proof& construct_proof(); - Transcript transcript; + std::shared_ptr transcript; TranslationEvaluations translation_evaluations; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp index c0964b3be39..8df69c80e44 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp @@ -242,7 +242,7 @@ TYPED_TEST(ECCVMTranscriptTests, ProverManifestConsistency) // Check that the prover generated manifest agrees with the manifest hard coded in this suite auto manifest_expected = this->construct_eccvm_honk_manifest(prover.key->circuit_size, prover.shplonk_output.witness.size()); - auto prover_manifest = prover.transcript.get_manifest(); + auto prover_manifest = prover.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < manifest_expected.size(); ++round) { @@ -275,8 +275,8 @@ TYPED_TEST(ECCVMTranscriptTests, VerifierManifestConsistency) verifier.verify_proof(proof); // Check consistency between the manifests generated by the prover and verifier - auto prover_manifest = prover.transcript.get_manifest(); - auto verifier_manifest = verifier.transcript.get_manifest(); + auto prover_manifest = prover.transcript->get_manifest(); + auto verifier_manifest = verifier.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < prover_manifest.size(); ++round) { @@ -296,15 +296,15 @@ TYPED_TEST(ECCVMTranscriptTests, ChallengeGenerationTest) // initialized with random value sent to verifier auto transcript = Flavor::Transcript::prover_init_empty(); // test a bunch of challenges - auto challenges = transcript.get_challenges("a", "b", "c", "d", "e", "f"); + auto challenges = transcript->get_challenges("a", "b", "c", "d", "e", "f"); // check they are not 0 for (size_t i = 0; i < challenges.size(); ++i) { ASSERT_NE(challenges[i], 0) << "Challenge " << i << " is 0"; } constexpr uint32_t random_val{ 17 }; // arbitrary - transcript.send_to_verifier("random val", random_val); + transcript->send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = challenges_to_field_elements(transcript.get_challenges("a", "b", "c")); + auto [a, b, c] = challenges_to_field_elements(transcript->get_challenges("a", "b", "c")); ASSERT_NE(a, 0) << "Challenge a is 0"; ASSERT_NE(b, 0) << "Challenge b is 0"; @@ -329,19 +329,20 @@ TYPED_TEST(ECCVMTranscriptTests, StructureTest) EXPECT_TRUE(verifier.verify_proof(proof)); // try deserializing and serializing with no changes and check proof is still valid - prover.transcript.deserialize_full_transcript(); - prover.transcript.serialize_full_transcript(); + prover.transcript->deserialize_full_transcript(); + prover.transcript->serialize_full_transcript(); EXPECT_TRUE(verifier.verify_proof(prover.export_proof())); // we have changed nothing so proof is still valid typename Flavor::Commitment one_group_val = Flavor::Commitment::one(); auto rand_val = Flavor::FF::random_element(); - prover.transcript.transcript_Px_comm = one_group_val * rand_val; // choose random object to modify + prover.transcript->transcript_Px_comm = one_group_val * rand_val; // choose random object to modify EXPECT_TRUE(verifier.verify_proof( prover.export_proof())); // we have not serialized it back to the proof so it should still be fine - prover.transcript.serialize_full_transcript(); + prover.transcript->serialize_full_transcript(); EXPECT_FALSE(verifier.verify_proof(prover.export_proof())); // the proof is now wrong after serializing it - prover.transcript.deserialize_full_transcript(); - EXPECT_EQ(static_cast(prover.transcript.transcript_Px_comm), one_group_val * rand_val); + prover.transcript->deserialize_full_transcript(); + EXPECT_EQ(static_cast(prover.transcript->transcript_Px_comm), + one_group_val * rand_val); } \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp index 1ef8d6d3d16..d7f26ce7299 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp @@ -10,7 +10,7 @@ using namespace proof_system::honk::sumcheck; namespace proof_system::honk { template -ECCVMVerifier_::ECCVMVerifier_(std::shared_ptr verifier_key) +ECCVMVerifier_::ECCVMVerifier_(const std::shared_ptr& verifier_key) : key(verifier_key) {} @@ -49,12 +49,12 @@ template bool ECCVMVerifier_::verify_proof(const plonk RelationParameters relation_parameters; - transcript = Transcript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); VerifierCommitments commitments{ key }; CommitmentLabels commitment_labels; - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); if (circuit_size != key->circuit_size) { return false; @@ -62,7 +62,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk // Utility for extracting commitments from transcript const auto receive_commitment = [&](const std::string& label) { - return transcript.template receive_from_prover(label); + return transcript->template receive_from_prover(label); }; // Get commitments to VM wires @@ -142,7 +142,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk commitments.lookup_read_counts_1 = receive_commitment(commitment_labels.lookup_read_counts_1); // Get challenge for sorted list batching and wire four memory records - auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); + auto [beta, gamma] = challenges_to_field_elements(transcript->get_challenges("beta", "gamma")); relation_parameters.gamma = gamma; auto beta_sqr = beta * beta; @@ -159,7 +159,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, purported_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); @@ -177,7 +177,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk auto batched_commitment_to_be_shifted = GroupElement::zero(); const size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; // Compute powers of batching challenge rho - FF rho = transcript.get_challenge("rho"); + FF rho = transcript->get_challenge("rho"); std::vector rhos = pcs::gemini::powers_of_rho(rho, NUM_POLYNOMIALS); // Compute batched multivariate evaluation @@ -236,7 +236,7 @@ template bool ECCVMVerifier_::verify_proof(const plonk { auto hack_commitment = receive_commitment("Translation:hack_commitment"); - FF evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x"); + FF evaluation_challenge_x = transcript->get_challenge("Translation:evaluation_challenge_x"); // Construct arrays of commitments and evaluations to be batched const size_t NUM_UNIVARIATES = 6; @@ -245,15 +245,15 @@ template bool ECCVMVerifier_::verify_proof(const plonk commitments.transcript_z1, commitments.transcript_z2, hack_commitment }; std::array transcript_evaluations = { - transcript.template receive_from_prover("Translation:op"), - transcript.template receive_from_prover("Translation:Px"), - transcript.template receive_from_prover("Translation:Py"), - transcript.template receive_from_prover("Translation:z1"), - transcript.template receive_from_prover("Translation:z2"), - transcript.template receive_from_prover("Translation:hack_evaluation") + transcript->template receive_from_prover("Translation:op"), + transcript->template receive_from_prover("Translation:Px"), + transcript->template receive_from_prover("Translation:Py"), + transcript->template receive_from_prover("Translation:z1"), + transcript->template receive_from_prover("Translation:z2"), + transcript->template receive_from_prover("Translation:hack_evaluation") }; - FF batching_challenge = transcript.get_challenge("Translation:batching_challenge"); + FF batching_challenge = transcript->get_challenge("Translation:batching_challenge"); // Constuct batched commitment and batched evaluation auto batched_commitment = transcript_commitments[0]; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp index 4e8b32b84da..3733069e2c7 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp @@ -12,12 +12,12 @@ template class ECCVMVerifier_ { using Transcript = typename Flavor::Transcript; public: - explicit ECCVMVerifier_(std::shared_ptr verifier_key = nullptr); - ECCVMVerifier_(std::shared_ptr key, + explicit ECCVMVerifier_(const std::shared_ptr& verifier_key = nullptr); + ECCVMVerifier_(const std::shared_ptr& key, std::map commitments, std::map pcs_fr_elements, - std::shared_ptr pcs_verification_key, - Transcript& transcript) + const std::shared_ptr& pcs_verification_key, + const std::shared_ptr& transcript) : key(std::move(key)) , commitments(std::move(commitments)) , pcs_fr_elements(std::move(pcs_fr_elements)) @@ -36,7 +36,7 @@ template class ECCVMVerifier_ { std::map commitments; std::map pcs_fr_elements; std::shared_ptr pcs_verification_key; - Transcript transcript; + std::shared_ptr transcript; }; extern template class ECCVMVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/flavor/generated/AvmMini_flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/generated/AvmMini_flavor.hpp index e1bb16eb859..718d61f3c89 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/generated/AvmMini_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/generated/AvmMini_flavor.hpp @@ -376,34 +376,34 @@ class AvmMiniFlavor { circuit_size = deserialize_from_buffer(proof_data, num_bytes_read); size_t log_n = numeric::get_msb(circuit_size); - memTrace_m_clk = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - memTrace_m_sub_clk = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - memTrace_m_addr = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - memTrace_m_val = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - memTrace_m_lastAccess = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - memTrace_m_rw = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_subop = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_ia = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_ib = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_ic = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_mem_op_a = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_mem_op_b = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_mem_op_c = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_rwa = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_rwb = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_rwc = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_mem_idx_a = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_mem_idx_b = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_mem_idx_c = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - avmMini_last = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); + memTrace_m_clk = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + memTrace_m_sub_clk = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + memTrace_m_addr = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + memTrace_m_val = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + memTrace_m_lastAccess = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + memTrace_m_rw = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_subop = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_ia = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_ib = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_ic = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_mem_op_a = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_mem_op_b = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_mem_op_c = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_rwa = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_rwb = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_rwc = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_mem_idx_a = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_mem_idx_b = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_mem_idx_c = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); + avmMini_last = deserialize_from_buffer(Transcript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { sumcheck_univariates.emplace_back( deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read)); + Transcript::proof_data, num_bytes_read)); } sumcheck_evaluations = - deserialize_from_buffer>(BaseTranscript::proof_data, num_bytes_read); + deserialize_from_buffer>(Transcript::proof_data, num_bytes_read); for (size_t i = 0; i < log_n; ++i) { zm_cq_comms.push_back(deserialize_from_buffer(proof_data, num_bytes_read)); } @@ -414,36 +414,36 @@ class AvmMiniFlavor { void serialize_full_transcript() { size_t old_proof_length = proof_data.size(); - BaseTranscript::proof_data.clear(); + Transcript::proof_data.clear(); size_t log_n = numeric::get_msb(circuit_size); - serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - - serialize_to_buffer(memTrace_m_clk, BaseTranscript::proof_data); - serialize_to_buffer(memTrace_m_sub_clk, BaseTranscript::proof_data); - serialize_to_buffer(memTrace_m_addr, BaseTranscript::proof_data); - serialize_to_buffer(memTrace_m_val, BaseTranscript::proof_data); - serialize_to_buffer(memTrace_m_lastAccess, BaseTranscript::proof_data); - serialize_to_buffer(memTrace_m_rw, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_subop, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_ia, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_ib, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_ic, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_mem_op_a, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_mem_op_b, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_mem_op_c, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_rwa, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_rwb, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_rwc, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_mem_idx_a, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_mem_idx_b, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_mem_idx_c, BaseTranscript::proof_data); - serialize_to_buffer(avmMini_last, BaseTranscript::proof_data); + serialize_to_buffer(circuit_size, Transcript::proof_data); + + serialize_to_buffer(memTrace_m_clk, Transcript::proof_data); + serialize_to_buffer(memTrace_m_sub_clk, Transcript::proof_data); + serialize_to_buffer(memTrace_m_addr, Transcript::proof_data); + serialize_to_buffer(memTrace_m_val, Transcript::proof_data); + serialize_to_buffer(memTrace_m_lastAccess, Transcript::proof_data); + serialize_to_buffer(memTrace_m_rw, Transcript::proof_data); + serialize_to_buffer(avmMini_subop, Transcript::proof_data); + serialize_to_buffer(avmMini_ia, Transcript::proof_data); + serialize_to_buffer(avmMini_ib, Transcript::proof_data); + serialize_to_buffer(avmMini_ic, Transcript::proof_data); + serialize_to_buffer(avmMini_mem_op_a, Transcript::proof_data); + serialize_to_buffer(avmMini_mem_op_b, Transcript::proof_data); + serialize_to_buffer(avmMini_mem_op_c, Transcript::proof_data); + serialize_to_buffer(avmMini_rwa, Transcript::proof_data); + serialize_to_buffer(avmMini_rwb, Transcript::proof_data); + serialize_to_buffer(avmMini_rwc, Transcript::proof_data); + serialize_to_buffer(avmMini_mem_idx_a, Transcript::proof_data); + serialize_to_buffer(avmMini_mem_idx_b, Transcript::proof_data); + serialize_to_buffer(avmMini_mem_idx_c, Transcript::proof_data); + serialize_to_buffer(avmMini_last, Transcript::proof_data); for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_univariates[i], Transcript::proof_data); } - serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); + serialize_to_buffer(sumcheck_evaluations, Transcript::proof_data); for (size_t i = 0; i < log_n; ++i) { serialize_to_buffer(zm_cq_comms[i], proof_data); } diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp index 29085b01611..c5bb2a10ab2 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp @@ -502,7 +502,7 @@ class GoblinUltra { : BaseTranscript(proof) {} - void deserialize_full_transcript() override + void deserialize_full_transcript() { // take current proof and put them into the struct size_t num_bytes_read = 0; @@ -542,7 +542,7 @@ class GoblinUltra { zm_pi_comm = deserialize_from_buffer(proof_data, num_bytes_read); } - void serialize_full_transcript() override + void serialize_full_transcript() { size_t old_proof_length = proof_data.size(); proof_data.clear(); diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp index cbce512e6ed..c9dfb4562e1 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp @@ -2,14 +2,13 @@ #include "barretenberg/commitment_schemes/commitment_key.hpp" #include "barretenberg/commitment_schemes/kzg/kzg.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "barretenberg/polynomials/barycentric.hpp" -#include "barretenberg/polynomials/univariate.hpp" - #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/flavor/flavor_macros.hpp" #include "barretenberg/flavor/goblin_ultra.hpp" +#include "barretenberg/polynomials/barycentric.hpp" #include "barretenberg/polynomials/evaluation_domain.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/polynomials/univariate.hpp" #include "barretenberg/proof_system/circuit_builder/goblin_ultra_circuit_builder.hpp" #include "barretenberg/relations/auxiliary_relation.hpp" #include "barretenberg/relations/ecc_op_queue_relation.hpp" @@ -29,6 +28,7 @@ #include "barretenberg/stdlib/primitives/curves/bn254.hpp" #include "barretenberg/stdlib/primitives/field/field.hpp" +#include "barretenberg/stdlib/recursion/honk/transcript/transcript.hpp" namespace proof_system::honk::flavor { @@ -153,7 +153,7 @@ template class GoblinUltraRecursive_ { // Reuse the VerifierCommitments from GoblinUltra using VerifierCommitments = GoblinUltra::VerifierCommitments_; // Reuse the transcript from GoblinUltra - using Transcript = GoblinUltra::Transcript_; + using Transcript = proof_system::plonk::stdlib::recursion::honk::Transcript; }; } // namespace proof_system::honk::flavor diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp index 10a69f89c9a..065a70aed2f 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp @@ -421,18 +421,18 @@ class Ultra { : BaseTranscript(proof) {} - static Transcript prover_init_empty() + static std::shared_ptr prover_init_empty() { - Transcript transcript; + auto transcript = std::make_shared(); constexpr uint32_t init{ 42 }; // arbitrary - transcript.send_to_verifier("Init", init); + transcript->send_to_verifier("Init", init); return transcript; }; - static Transcript verifier_init_empty(const Transcript& transcript) + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) { - Transcript verifier_transcript{ transcript.proof_data }; - [[maybe_unused]] auto _ = verifier_transcript.template receive_from_prover("Init"); + auto verifier_transcript = std::make_shared(transcript->proof_data); + [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); return verifier_transcript; }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp index 1d7a75e5a20..6caba7a2294 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp @@ -2,14 +2,13 @@ #include "barretenberg/commitment_schemes/commitment_key.hpp" #include "barretenberg/commitment_schemes/kzg/kzg.hpp" #include "barretenberg/ecc/curves/bn254/g1.hpp" -#include "barretenberg/polynomials/barycentric.hpp" -#include "barretenberg/polynomials/univariate.hpp" - #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/flavor/flavor_macros.hpp" #include "barretenberg/flavor/ultra.hpp" +#include "barretenberg/polynomials/barycentric.hpp" #include "barretenberg/polynomials/evaluation_domain.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/polynomials/univariate.hpp" #include "barretenberg/proof_system/circuit_builder/ultra_circuit_builder.hpp" #include "barretenberg/relations/auxiliary_relation.hpp" #include "barretenberg/relations/elliptic_relation.hpp" @@ -18,6 +17,7 @@ #include "barretenberg/relations/permutation_relation.hpp" #include "barretenberg/relations/ultra_arithmetic_relation.hpp" #include "barretenberg/srs/factories/crs_factory.hpp" +#include "barretenberg/stdlib/recursion/honk/transcript/transcript.hpp" #include "barretenberg/transcript/transcript.hpp" #include @@ -371,126 +371,7 @@ template class UltraRecursive_ { } }; - /** - * @brief Derived class that defines proof structure for UltraRecursive proofs, as well as supporting functions. - * - */ - class Transcript : public BaseTranscript { - public: - // Transcript objects defined as public member variables for easy access and modification - uint32_t circuit_size; - uint32_t public_input_size; - uint32_t pub_inputs_offset; - std::vector public_inputs; - Commitment w_l_comm; - Commitment w_r_comm; - Commitment w_o_comm; - Commitment sorted_accum_comm; - Commitment w_4_comm; - Commitment z_perm_comm; - Commitment z_lookup_comm; - std::vector> sumcheck_univariates; - std::array sumcheck_evaluations; - std::vector zm_cq_comms; - Commitment zm_cq_comm; - Commitment zm_pi_comm; - - Transcript() = default; - - // Used by verifier to initialize the transcript - Transcript(const std::vector& proof) - : BaseTranscript(proof) - {} - - static Transcript prover_init_empty() - { - Transcript transcript; - constexpr uint32_t init{ 42 }; // arbitrary - transcript.send_to_verifier("Init", init); - return transcript; - }; - - static Transcript verifier_init_empty(const Transcript& transcript) - { - Transcript verifier_transcript{ transcript.proof_data }; - [[maybe_unused]] auto _ = verifier_transcript.template receive_from_prover("Init"); - return verifier_transcript; - }; - - /** - * @brief Takes a FULL UltraRecursive proof and deserializes it into the public member variables that compose - * the structure. Must be called in order to access the structure of the proof. - * - */ - void deserialize_full_transcript() - { - // take current proof and put them into the struct - size_t num_bytes_read = 0; - circuit_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - size_t log_n = numeric::get_msb(circuit_size); - - public_input_size = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - pub_inputs_offset = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - for (size_t i = 0; i < public_input_size; ++i) { - public_inputs.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); - } - w_l_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_r_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_o_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - sorted_accum_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - w_4_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_perm_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - z_lookup_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - for (size_t i = 0; i < log_n; ++i) { - sumcheck_univariates.push_back( - deserialize_from_buffer>( - BaseTranscript::proof_data, num_bytes_read)); - } - sumcheck_evaluations = - deserialize_from_buffer>(BaseTranscript::proof_data, num_bytes_read); - for (size_t i = 0; i < log_n; ++i) { - zm_cq_comms.push_back(deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read)); - } - zm_cq_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - zm_pi_comm = deserialize_from_buffer(BaseTranscript::proof_data, num_bytes_read); - } - /** - * @brief Serializes the structure variables into a FULL UltraRecursive proof. Should be called only if - * deserialize_full_transcript() was called and some transcript variable was modified. - * - */ - void serialize_full_transcript() - { - size_t old_proof_length = BaseTranscript::proof_data.size(); - BaseTranscript::proof_data.clear(); // clear proof_data so the rest of the function can replace it - size_t log_n = numeric::get_msb(circuit_size); - serialize_to_buffer(circuit_size, BaseTranscript::proof_data); - serialize_to_buffer(public_input_size, BaseTranscript::proof_data); - serialize_to_buffer(pub_inputs_offset, BaseTranscript::proof_data); - for (size_t i = 0; i < public_input_size; ++i) { - serialize_to_buffer(public_inputs[i], BaseTranscript::proof_data); - } - serialize_to_buffer(w_l_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_r_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_o_comm, BaseTranscript::proof_data); - serialize_to_buffer(sorted_accum_comm, BaseTranscript::proof_data); - serialize_to_buffer(w_4_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_perm_comm, BaseTranscript::proof_data); - serialize_to_buffer(z_lookup_comm, BaseTranscript::proof_data); - for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(sumcheck_univariates[i], BaseTranscript::proof_data); - } - serialize_to_buffer(sumcheck_evaluations, BaseTranscript::proof_data); - for (size_t i = 0; i < log_n; ++i) { - serialize_to_buffer(zm_cq_comms[i], BaseTranscript::proof_data); - } - serialize_to_buffer(zm_cq_comm, BaseTranscript::proof_data); - serialize_to_buffer(zm_pi_comm, BaseTranscript::proof_data); - - // sanity check to make sure we generate the same length of proof as before. - ASSERT(BaseTranscript::proof_data.size() == old_proof_length); - } - }; + using Transcript = proof_system::plonk::stdlib::recursion::honk::Transcript; }; } // namespace proof_system::honk::flavor diff --git a/barretenberg/cpp/src/barretenberg/proof_system/op_queue/ecc_op_queue.hpp b/barretenberg/cpp/src/barretenberg/proof_system/op_queue/ecc_op_queue.hpp index 88169a75366..5e905d2f769 100644 --- a/barretenberg/cpp/src/barretenberg/proof_system/op_queue/ecc_op_queue.hpp +++ b/barretenberg/cpp/src/barretenberg/proof_system/op_queue/ecc_op_queue.hpp @@ -103,11 +103,10 @@ class ECCOpQueue { { // Add a single row of data to the op queue and commit to each column as [1] * FF(data) std::array mock_op_queue_commitments; - size_t idx = 0; - for (auto& entry : this->ultra_ops) { + for (size_t idx = 0; idx < 4; idx++) { auto mock_data = Fr::random_element(); - entry.emplace_back(mock_data); - mock_op_queue_commitments[idx++] = Point::one() * mock_data; + this->ultra_ops[idx].emplace_back(mock_data); + mock_op_queue_commitments[idx] = Point::one() * mock_data; } // Set some internal data based on the size of the op queue data this->set_size_data(); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp index e332819a036..b8543daa64c 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp @@ -13,22 +13,22 @@ template void ProtoGalaxyProver_::prepa const auto circuit_size = static_cast(instance->proving_key->circuit_size); const auto num_public_inputs = static_cast(instance->proving_key->num_public_inputs); - transcript.send_to_verifier(domain_separator + "_circuit_size", circuit_size); - transcript.send_to_verifier(domain_separator + "_public_input_size", num_public_inputs); - transcript.send_to_verifier(domain_separator + "_pub_inputs_offset", - static_cast(instance->pub_inputs_offset)); + transcript->send_to_verifier(domain_separator + "_circuit_size", circuit_size); + transcript->send_to_verifier(domain_separator + "_public_input_size", num_public_inputs); + transcript->send_to_verifier(domain_separator + "_pub_inputs_offset", + static_cast(instance->pub_inputs_offset)); for (size_t i = 0; i < instance->proving_key->num_public_inputs; ++i) { auto public_input_i = instance->public_inputs[i]; - transcript.send_to_verifier(domain_separator + "_public_input_" + std::to_string(i), public_input_i); + transcript->send_to_verifier(domain_separator + "_public_input_" + std::to_string(i), public_input_i); } - auto [eta, beta, gamma] = challenges_to_field_elements(transcript.get_challenges( + auto [eta, beta, gamma] = challenges_to_field_elements(transcript->get_challenges( domain_separator + "_eta", domain_separator + "_beta", domain_separator + "_gamma")); instance->compute_sorted_accumulator_polynomials(eta); instance->compute_grand_product_polynomials(beta, gamma); - instance->alpha = transcript.get_challenge(domain_separator + "_alpha"); + instance->alpha = transcript->get_challenge(domain_separator + "_alpha"); } fold_relation_parameters(instances); @@ -43,7 +43,7 @@ ProverFoldingResult ProtoGalaxyProver_get_challenge("delta"); auto accumulator = get_accumulator(); auto instance_size = accumulator->prover_polynomials.get_polynomial_size(); const auto log_instance_size = static_cast(numeric::get_msb(instance_size)); @@ -51,10 +51,10 @@ ProverFoldingResult ProtoGalaxyProver_send_to_verifier("perturbator_" + std::to_string(idx), perturbator[idx]); } - FF perturbator_challenge = transcript.get_challenge("perturbator_challenge"); + FF perturbator_challenge = transcript->get_challenge("perturbator_challenge"); auto compressed_perturbator = perturbator.evaluate(perturbator_challenge); std::vector betas_star(log_instance_size); betas_star[0] = 1; @@ -68,9 +68,9 @@ ProverFoldingResult ProtoGalaxyProver_send_to_verifier("combiner_quotient_" + std::to_string(idx), combiner_quotient.value_at(idx)); } - FF combiner_challenge = transcript.get_challenge("combiner_quotient_challenge"); + FF combiner_challenge = transcript->get_challenge("combiner_quotient_challenge"); auto combiner_quotient_at_challenge = combiner_quotient.evaluate(combiner_challenge); // TODO(https://github.com/AztecProtocol/barretenberg/issues/764): Generalize these formulas as well as computation @@ -83,7 +83,7 @@ ProverFoldingResult ProtoGalaxyProver_ res; res.params.target_sum = new_target_sum; - res.folding_data = transcript.proof_data; + res.folding_data = transcript->proof_data; return res; } template class ProtoGalaxyProver_>; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp index c1d0a67e1a5..bc8a95ae2ee 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp @@ -16,6 +16,7 @@ template class ProtoGalaxyProver_ { public: using ProverInstances = ProverInstances_; using Flavor = typename ProverInstances::Flavor; + using Transcript = typename Flavor::Transcript; using FF = typename Flavor::FF; using Instance = typename ProverInstances::Instance; using Utils = barretenberg::RelationUtils; @@ -41,7 +42,7 @@ template class ProtoGalaxyProver_ { using RelationEvaluations = typename Flavor::TupleOfArraysOfValues; ProverInstances instances; - BaseTranscript transcript; + std::shared_ptr transcript = std::make_shared(); ProtoGalaxyProver_() = default; ProtoGalaxyProver_(ProverInstances insts) diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index 360ef286887..1aa99dea379 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -5,23 +5,23 @@ namespace proof_system::honk { template void ProtoGalaxyVerifier_::prepare_for_folding(std::vector fold_data) { - transcript = BaseTranscript{ fold_data }; + transcript = std::make_shared(fold_data); auto index = 0; for (auto it = verifier_instances.begin(); it != verifier_instances.end(); it++, index++) { auto inst = *it; auto domain_separator = std::to_string(index); - inst->instance_size = transcript.template receive_from_prover(domain_separator + "_circuit_size"); + inst->instance_size = transcript->template receive_from_prover(domain_separator + "_circuit_size"); inst->public_input_size = - transcript.template receive_from_prover(domain_separator + "_public_input_size"); + transcript->template receive_from_prover(domain_separator + "_public_input_size"); inst->pub_inputs_offset = - transcript.template receive_from_prover(domain_separator + "_pub_inputs_offset"); + transcript->template receive_from_prover(domain_separator + "_pub_inputs_offset"); for (size_t i = 0; i < inst->public_input_size; ++i) { auto public_input_i = - transcript.template receive_from_prover(domain_separator + "_public_input_" + std::to_string(i)); + transcript->template receive_from_prover(domain_separator + "_public_input_" + std::to_string(i)); inst->public_inputs.emplace_back(public_input_i); } - auto [eta, beta, gamma] = challenges_to_field_elements(transcript.get_challenges( + auto [eta, beta, gamma] = challenges_to_field_elements(transcript->get_challenges( domain_separator + "_eta", domain_separator + "_beta", domain_separator + "_gamma")); const FF public_input_delta = compute_public_input_delta( @@ -29,7 +29,7 @@ void ProtoGalaxyVerifier_::prepare_for_folding(std::vector(beta, gamma, inst->instance_size); inst->relation_parameters = RelationParameters{ eta, beta, gamma, public_input_delta, lookup_grand_product_delta }; - inst->alpha = transcript.get_challenge(domain_separator + "_alpha"); + inst->alpha = transcript->get_challenge(domain_separator + "_alpha"); } } @@ -40,27 +40,27 @@ VerifierFoldingResult ProtoGalaxyVerifier_< using Flavor = typename VerifierInstances::Flavor; prepare_for_folding(fold_data); - FF delta = transcript.get_challenge("delta"); + FF delta = transcript->get_challenge("delta"); auto accumulator = get_accumulator(); auto log_instance_size = static_cast(numeric::get_msb(accumulator->instance_size)); auto deltas = compute_round_challenge_pows(log_instance_size, delta); std::vector perturbator_coeffs(log_instance_size + 1); for (size_t idx = 0; idx <= log_instance_size; idx++) { - perturbator_coeffs[idx] = transcript.template receive_from_prover("perturbator_" + std::to_string(idx)); + perturbator_coeffs[idx] = transcript->template receive_from_prover("perturbator_" + std::to_string(idx)); } auto perturbator = Polynomial(perturbator_coeffs); - FF perturbator_challenge = transcript.get_challenge("perturbator_challenge"); + FF perturbator_challenge = transcript->get_challenge("perturbator_challenge"); auto perturbator_at_challenge = perturbator.evaluate(perturbator_challenge); // Thed degree of K(X) is dk - k - 1 = k(d - 1) - 1. Hence we need k(d - 1) evaluations to represent it. std::array combiner_quotient_evals = {}; for (size_t idx = 0; idx < VerifierInstances::BATCHED_EXTENDED_LENGTH - VerifierInstances::NUM; idx++) { - combiner_quotient_evals[idx] = transcript.template receive_from_prover( + combiner_quotient_evals[idx] = transcript->template receive_from_prover( "combiner_quotient_" + std::to_string(idx + VerifierInstances::NUM)); } Univariate combiner_quotient( combiner_quotient_evals); - FF combiner_challenge = transcript.get_challenge("combiner_quotient_challenge"); + FF combiner_challenge = transcript->get_challenge("combiner_quotient_challenge"); auto combiner_quotient_at_challenge = combiner_quotient.evaluate(combiner_challenge); auto vanishing_polynomial_at_challenge = combiner_challenge * (combiner_challenge - FF(1)); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp index 028710983dd..3c5a4ed8ef1 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp @@ -10,11 +10,13 @@ namespace proof_system::honk { template class ProtoGalaxyVerifier_ { public: using Flavor = typename VerifierInstances::Flavor; + using Transcript = typename Flavor::Transcript; using FF = typename Flavor::FF; using Instance = typename VerifierInstances::Instance; using VerificationKey = typename Flavor::VerificationKey; + VerifierInstances verifier_instances; - BaseTranscript transcript; + std::shared_ptr transcript = std::make_shared(); ProtoGalaxyVerifier_(VerifierInstances insts) : verifier_instances(insts){}; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp index d1957a6d4ff..1c2da5ce7bc 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp @@ -186,8 +186,8 @@ template class GoblinRecursiveVerifierTest : public testi // Additional check 2: Ensure that the underlying native and recursive verification algorithms agree by ensuring // the manifests produced by each agree. - auto recursive_manifest = verifier.transcript.get_manifest(); - auto native_manifest = native_verifier.transcript.get_manifest(); + auto recursive_manifest = verifier.transcript->get_manifest(); + auto native_manifest = native_verifier.transcript->get_manifest(); // recursive_manifest.print(); // native_manifest.print(); for (size_t i = 0; i < recursive_manifest.size(); ++i) { @@ -213,9 +213,9 @@ template class GoblinRecursiveVerifierTest : public testi auto inner_proof = inner_prover.construct_proof(); // Arbitrarily tamper with the proof to be verified - inner_prover.transcript.deserialize_full_transcript(); - inner_prover.transcript.sorted_accum_comm = Flavor::Commitment::one() * Flavor::FF::random_element(); - inner_prover.transcript.serialize_full_transcript(); + inner_prover.transcript->deserialize_full_transcript(); + inner_prover.transcript->sorted_accum_comm = Flavor::Commitment::one() * Flavor::FF::random_element(); + inner_prover.transcript->serialize_full_transcript(); inner_proof = inner_prover.export_proof(); // Create a recursive verification circuit for the proof of the inner circuit diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.cpp index 0e63c544de1..1a67be711dd 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.cpp @@ -27,17 +27,18 @@ std::array UltraRecursiveVerifier_::ve using VerifierCommitments = typename Flavor::VerifierCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; using RelationParams = ::proof_system::RelationParameters; + using Transcript = typename Flavor::Transcript; RelationParams relation_parameters; - transcript = Transcript{ builder, proof.proof_data }; + transcript = std::make_shared(builder, proof.proof_data); VerifierCommitments commitments{ key }; CommitmentLabels commitment_labels; - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); - const auto public_input_size = transcript.template receive_from_prover("public_input_size"); - const auto pub_inputs_offset = transcript.template receive_from_prover("pub_inputs_offset"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); + const auto public_input_size = transcript->template receive_from_prover("public_input_size"); + const auto pub_inputs_offset = transcript->template receive_from_prover("pub_inputs_offset"); // For debugging purposes only ASSERT(static_cast(circuit_size.get_value()) == key->circuit_size); @@ -45,45 +46,45 @@ std::array UltraRecursiveVerifier_::ve std::vector public_inputs; for (size_t i = 0; i < key->num_public_inputs; ++i) { - auto public_input_i = transcript.template receive_from_prover("public_input_" + std::to_string(i)); + auto public_input_i = transcript->template receive_from_prover("public_input_" + std::to_string(i)); public_inputs.emplace_back(public_input_i); } // Get commitments to first three wire polynomials - commitments.w_l = transcript.template receive_from_prover(commitment_labels.w_l); - commitments.w_r = transcript.template receive_from_prover(commitment_labels.w_r); - commitments.w_o = transcript.template receive_from_prover(commitment_labels.w_o); + commitments.w_l = transcript->template receive_from_prover(commitment_labels.w_l); + commitments.w_r = transcript->template receive_from_prover(commitment_labels.w_r); + commitments.w_o = transcript->template receive_from_prover(commitment_labels.w_o); // If Goblin, get commitments to ECC op wire polynomials and DataBus columns if constexpr (IsGoblinFlavor) { commitments.ecc_op_wire_1 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_1); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_1); commitments.ecc_op_wire_2 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_2); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_2); commitments.ecc_op_wire_3 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_3); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_3); commitments.ecc_op_wire_4 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_4); - commitments.calldata = transcript.template receive_from_prover(commitment_labels.calldata); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_4); + commitments.calldata = transcript->template receive_from_prover(commitment_labels.calldata); commitments.calldata_read_counts = - transcript.template receive_from_prover(commitment_labels.calldata_read_counts); + transcript->template receive_from_prover(commitment_labels.calldata_read_counts); } // Get challenge for sorted list batching and wire four memory records - auto eta = transcript.get_challenge("eta"); + auto eta = transcript->get_challenge("eta"); relation_parameters.eta = eta; // Get commitments to sorted list accumulator and fourth wire - commitments.sorted_accum = transcript.template receive_from_prover(commitment_labels.sorted_accum); - commitments.w_4 = transcript.template receive_from_prover(commitment_labels.w_4); + commitments.sorted_accum = transcript->template receive_from_prover(commitment_labels.sorted_accum); + commitments.w_4 = transcript->template receive_from_prover(commitment_labels.w_4); // Get permutation challenges - auto [beta, gamma] = transcript.get_challenges("beta", "gamma"); + auto [beta, gamma] = transcript->get_challenges("beta", "gamma"); // If Goblin (i.e. using DataBus) receive commitments to log-deriv inverses polynomial if constexpr (IsGoblinFlavor) { commitments.lookup_inverses = - transcript.template receive_from_prover(commitment_labels.lookup_inverses); + transcript->template receive_from_prover(commitment_labels.lookup_inverses); } const FF public_input_delta = proof_system::honk::compute_public_input_delta( @@ -97,13 +98,13 @@ std::array UltraRecursiveVerifier_::ve relation_parameters.lookup_grand_product_delta = lookup_grand_product_delta; // Get commitment to permutation and lookup grand products - commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); - commitments.z_lookup = transcript.template receive_from_prover(commitment_labels.z_lookup); + commitments.z_perm = transcript->template receive_from_prover(commitment_labels.z_perm); + commitments.z_lookup = transcript->template receive_from_prover(commitment_labels.z_lookup); // Execute Sumcheck Verifier and extract multivariate opening point u = (u_0, ..., u_{d-1}) and purported // multivariate evaluations at u auto sumcheck = Sumcheck(key->circuit_size); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.hpp index 0e61739e771..01e567c667d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/ultra_recursive_verifier.hpp @@ -33,7 +33,7 @@ template class UltraRecursiveVerifier_ { std::map commitments; std::shared_ptr pcs_verification_key; Builder* builder; - Transcript transcript; + std::shared_ptr> transcript; }; // Instance declarations for Ultra and Goblin-Ultra verifier circuits with both conventional Ultra and Goblin-Ultra diff --git a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp index 0852c45cc70..ddb345b972b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/verifier.test.cpp @@ -170,8 +170,8 @@ template class RecursiveVerifierTest : public testing::Te // Additional check 2: Ensure that the underlying native and recursive verification algorithms agree by ensuring // the manifests produced by each agree. - auto recursive_manifest = verifier.transcript.get_manifest(); - auto native_manifest = native_verifier.transcript.get_manifest(); + auto recursive_manifest = verifier.transcript->get_manifest(); + auto native_manifest = native_verifier.transcript->get_manifest(); // recursive_manifest.print(); // native_manifest.print(); for (size_t i = 0; i < recursive_manifest.size(); ++i) { @@ -198,9 +198,9 @@ template class RecursiveVerifierTest : public testing::Te auto inner_proof = inner_prover.construct_proof(); // Arbitrarily tamper with the proof to be verified - inner_prover.transcript.deserialize_full_transcript(); - inner_prover.transcript.sorted_accum_comm = Flavor::Commitment::one() * Flavor::FF::random_element(); - inner_prover.transcript.serialize_full_transcript(); + inner_prover.transcript->deserialize_full_transcript(); + inner_prover.transcript->sorted_accum_comm = Flavor::Commitment::one() * Flavor::FF::random_element(); + inner_prover.transcript->serialize_full_transcript(); inner_proof = inner_prover.export_proof(); // Create a recursive verification circuit for the proof of the inner circuit diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/partial_evaluation.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/partial_evaluation.test.cpp index c262d274d05..4cc607f5024 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/partial_evaluation.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/partial_evaluation.test.cpp @@ -56,7 +56,7 @@ TYPED_TEST(PartialEvaluationTests, TwoRoundsSpecial) std::array f0 = { v00, v10, v01, v11 }; auto full_polynomials = std::array, 1>({ f0 }); - Transcript transcript = Transcript::prover_init_empty(); + auto transcript = Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); FF round_challenge_0 = { 0x6c7301b49d85a46c, 0x44311531e39c64f6, 0xb13d66d8d6c1a24c, 0x04410c360230a295 }; @@ -94,7 +94,7 @@ TYPED_TEST(PartialEvaluationTests, TwoRoundsGeneric) std::array f0 = { v00, v10, v01, v11 }; auto full_polynomials = std::array, 1>({ f0 }); - Transcript transcript = Transcript::prover_init_empty(); + auto transcript = Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); FF round_challenge_0 = FF::random_element(); @@ -156,7 +156,7 @@ TYPED_TEST(PartialEvaluationTests, ThreeRoundsSpecial) std::array f0 = { v000, v100, v010, v110, v001, v101, v011, v111 }; auto full_polynomials = std::array, 1>({ f0 }); - Transcript transcript = Transcript::prover_init_empty(); + auto transcript = Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); FF round_challenge_0 = 1; @@ -208,7 +208,7 @@ TYPED_TEST(PartialEvaluationTests, ThreeRoundsGeneric) std::array f0 = { v000, v100, v010, v110, v001, v101, v011, v111 }; auto full_polynomials = std::array, 1>({ f0 }); - Transcript transcript = Transcript::prover_init_empty(); + auto transcript = Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); FF round_challenge_0 = FF::random_element(); @@ -271,7 +271,7 @@ TYPED_TEST(PartialEvaluationTests, ThreeRoundsGenericMultiplePolys) std::array f2 = { v000[2], v100[2], v010[2], v110[2], v001[2], v101[2], v011[2], v111[2] }; auto full_polynomials = std::array, 3>{ f0, f1, f2 }; - Transcript transcript = Transcript::prover_init_empty(); + auto transcript = Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); std::array expected_q1; diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index 6cc6ce75d90..bfd9c2d7f54 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -17,7 +17,8 @@ template class SumcheckProver { using Transcript = typename Flavor::Transcript; using Instance = ProverInstance_; - Transcript& transcript; + std::shared_ptr transcript; + const size_t multivariate_n; const size_t multivariate_d; SumcheckProverRound round; @@ -56,7 +57,7 @@ template class SumcheckProver { PartiallyEvaluatedMultivariates partially_evaluated_polynomials; // prover instantiates sumcheck with circuit size and a prover transcript - SumcheckProver(size_t multivariate_n, Transcript& transcript) + SumcheckProver(size_t multivariate_n, const std::shared_ptr& transcript) : transcript(transcript) , multivariate_n(multivariate_n) , multivariate_d(numeric::get_msb(multivariate_n)) @@ -73,7 +74,7 @@ template class SumcheckProver { const proof_system::RelationParameters& relation_parameters, FF alpha) // pass by value, not by reference { - FF zeta = transcript.get_challenge("Sumcheck:zeta"); + FF zeta = transcript->get_challenge("Sumcheck:zeta"); barretenberg::PowUnivariate pow_univariate(zeta); @@ -83,8 +84,8 @@ template class SumcheckProver { // First round // This populates partially_evaluated_polynomials. auto round_univariate = round.compute_univariate(full_polynomials, relation_parameters, pow_univariate, alpha); - transcript.send_to_verifier("Sumcheck:univariate_0", round_univariate); - FF round_challenge = transcript.get_challenge("Sumcheck:u_0"); + transcript->send_to_verifier("Sumcheck:univariate_0", round_univariate); + FF round_challenge = transcript->get_challenge("Sumcheck:u_0"); multivariate_challenge.emplace_back(round_challenge); partially_evaluate(full_polynomials, multivariate_n, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -97,8 +98,8 @@ template class SumcheckProver { // Write the round univariate to the transcript round_univariate = round.compute_univariate(partially_evaluated_polynomials, relation_parameters, pow_univariate, alpha); - transcript.send_to_verifier("Sumcheck:univariate_" + std::to_string(round_idx), round_univariate); - FF round_challenge = transcript.get_challenge("Sumcheck:u_" + std::to_string(round_idx)); + transcript->send_to_verifier("Sumcheck:univariate_" + std::to_string(round_idx), round_univariate); + FF round_challenge = transcript->get_challenge("Sumcheck:u_" + std::to_string(round_idx)); multivariate_challenge.emplace_back(round_challenge); partially_evaluate(partially_evaluated_polynomials, round.round_size, round_challenge); pow_univariate.partially_evaluate(round_challenge); @@ -111,7 +112,7 @@ template class SumcheckProver { zip_view(multivariate_evaluations.get_all(), partially_evaluated_polynomials.get_all())) { eval = (poly)[0]; } - transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); + transcript->send_to_verifier("Sumcheck:evaluations", multivariate_evaluations); return { multivariate_challenge, multivariate_evaluations }; }; @@ -174,6 +175,7 @@ template class SumcheckVerifier { using Utils = barretenberg::RelationUtils; using FF = typename Flavor::FF; using ClaimedEvaluations = typename Flavor::AllValues; + using Transcript = typename Flavor::Transcript; static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = Flavor::BATCHED_RELATION_PARTIAL_LENGTH; static constexpr size_t NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES; @@ -197,11 +199,11 @@ template class SumcheckVerifier { */ SumcheckOutput verify(const proof_system::RelationParameters& relation_parameters, FF alpha, - auto& transcript) + const std::shared_ptr& transcript) { bool verified(true); - FF zeta = transcript.get_challenge("Sumcheck:zeta"); + FF zeta = transcript->get_challenge("Sumcheck:zeta"); barretenberg::PowUnivariate pow_univariate(zeta); // All but final round. @@ -218,12 +220,12 @@ template class SumcheckVerifier { // Obtain the round univariate from the transcript std::string round_univariate_label = "Sumcheck:univariate_" + std::to_string(round_idx); auto round_univariate = - transcript.template receive_from_prover>( + transcript->template receive_from_prover>( round_univariate_label); bool checked = round.check_sum(round_univariate); verified = verified && checked; - FF round_challenge = transcript.get_challenge("Sumcheck:u_" + std::to_string(round_idx)); + FF round_challenge = transcript->get_challenge("Sumcheck:u_" + std::to_string(round_idx)); multivariate_challenge.emplace_back(round_challenge); round.compute_next_target_sum(round_univariate, round_challenge); @@ -233,7 +235,7 @@ template class SumcheckVerifier { // Final round ClaimedEvaluations purported_evaluations; auto transcript_evaluations = - transcript.template receive_from_prover>("Sumcheck:evaluations"); + transcript->template receive_from_prover>("Sumcheck:evaluations"); for (auto [eval, transcript_eval] : zip_view(purported_evaluations.get_all(), transcript_evaluations)) { eval = transcript_eval; } diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp index 7c6edcd2fc1..2eaa93341a8 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.test.cpp @@ -104,10 +104,10 @@ TEST_F(SumcheckTests, PolynomialNormalization) info(full_polynomials.w_l[2]); info(full_polynomials.w_l[3]); - Flavor::Transcript transcript = Flavor::Transcript::prover_init_empty(); + auto transcript = Flavor::Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); auto output = sumcheck.prove(full_polynomials, {}, alpha); FF u_0 = output.challenge[0]; @@ -167,11 +167,11 @@ TEST_F(SumcheckTests, Prover) } auto full_polynomials = construct_ultra_full_polynomials(random_polynomials); - Flavor::Transcript transcript = Flavor::Transcript::prover_init_empty(); + auto transcript = Flavor::Transcript::prover_init_empty(); auto sumcheck = SumcheckProver(multivariate_n, transcript); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); auto output = sumcheck.prove(full_polynomials, {}, alpha); FF u_0 = output.challenge[0]; FF u_1 = output.challenge[1]; @@ -243,16 +243,16 @@ TEST_F(SumcheckTests, ProverAndVerifierSimple) .public_input_delta = FF::one(), }; - Flavor::Transcript prover_transcript = Flavor::Transcript::prover_init_empty(); + auto prover_transcript = Flavor::Transcript::prover_init_empty(); auto sumcheck_prover = SumcheckProver(multivariate_n, prover_transcript); - FF prover_alpha = prover_transcript.get_challenge("alpha"); + FF prover_alpha = prover_transcript->get_challenge("alpha"); auto output = sumcheck_prover.prove(full_polynomials, {}, prover_alpha); - Flavor::Transcript verifier_transcript = Flavor::Transcript::verifier_init_empty(prover_transcript); + auto verifier_transcript = Flavor::Transcript::verifier_init_empty(prover_transcript); auto sumcheck_verifier = SumcheckVerifier(multivariate_n); - FF verifier_alpha = verifier_transcript.get_challenge("alpha"); + FF verifier_alpha = verifier_transcript->get_challenge("alpha"); auto verifier_output = sumcheck_verifier.verify(relation_parameters, verifier_alpha, verifier_transcript); auto verified = verifier_output.verified.value(); diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index cd7175d4a3d..018001ec101 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -53,6 +53,8 @@ class TranscriptManifest { */ class BaseTranscript { public: + using Proof = std::vector; + BaseTranscript() = default; /** @@ -60,7 +62,7 @@ class BaseTranscript { * * @param proof_data */ - explicit BaseTranscript(const std::vector& proof_data) + explicit BaseTranscript(const Proof& proof_data) : proof_data(proof_data.begin(), proof_data.end()) {} static constexpr size_t HASH_OUTPUT_SIZE = 32; @@ -153,7 +155,7 @@ class BaseTranscript { * @param element * @param proof_data */ - template void serialize_to_buffer(const T& element, std::vector& proof_data) + template void serialize_to_buffer(const T& element, Proof& proof_data) { auto element_bytes = to_buffer(element); proof_data.insert(proof_data.end(), element_bytes.begin(), element_bytes.end()); @@ -167,7 +169,7 @@ class BaseTranscript { * @param offset * @return T */ - template T deserialize_from_buffer(const std::vector& proof_data, size_t& offset) const + template T deserialize_from_buffer(const Proof& proof_data, size_t& offset) const { constexpr size_t element_size = sizeof(T); ASSERT(offset + element_size <= proof_data.size()); @@ -182,7 +184,7 @@ class BaseTranscript { public: // Contains the raw data sent by the prover. - std::vector proof_data; + Proof proof_data; /** * @brief Return the proof data starting at proof_start @@ -296,11 +298,11 @@ class BaseTranscript { * * @return BaseTranscript */ - static BaseTranscript prover_init_empty() + static std::shared_ptr prover_init_empty() { - BaseTranscript transcript; + auto transcript = std::make_shared(); constexpr uint32_t init{ 42 }; // arbitrary - transcript.send_to_verifier("Init", init); + transcript->send_to_verifier("Init", init); return transcript; }; @@ -311,10 +313,10 @@ class BaseTranscript { * @param transcript * @return BaseTranscript */ - static BaseTranscript verifier_init_empty(const BaseTranscript& transcript) + static std::shared_ptr verifier_init_empty(const std::shared_ptr& transcript) { - BaseTranscript verifier_transcript{ transcript.proof_data }; - [[maybe_unused]] auto _ = verifier_transcript.template receive_from_prover("Init"); + auto verifier_transcript = std::make_shared(transcript->proof_data); + [[maybe_unused]] auto _ = verifier_transcript->template receive_from_prover("Init"); return verifier_transcript; }; @@ -323,20 +325,6 @@ class BaseTranscript { [[nodiscard]] TranscriptManifest get_manifest() const { return manifest; }; void print() { manifest.print(); } - - /** - * @brief Deserializes the FULL transcript into the struct defined by each flavor derivedclass. - * @details Not supported for base transcript class because it does not have a defined structure. The current - * proof_data object must represent the whole proof and not a partial proof or it will throw an error. - */ - virtual void deserialize_full_transcript() { throw_or_abort("Cannot deserialize transcript"); } - - /** - * @brief Serializes the FULL transcript from the defined derived class back into proof_data. - * @details Only works if the struct is populated (usually from a call to deserialize_full_transcript). Allows for - * modified transcript objects to be updated in the actual proof for testing purposes. - */ - virtual void serialize_full_transcript() { throw_or_abort("Cannot serialize transcript"); } }; /** diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp index 7ecf87adaf5..ba6345c2a64 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.cpp @@ -14,6 +14,7 @@ namespace proof_system::honk { using Flavor = honk::flavor::GoblinTranslator; using Curve = typename Flavor::Curve; +using FF = typename Flavor::FF; using CircuitBuilder = typename Flavor::CircuitBuilder; using ProvingKey = typename Flavor::ProvingKey; using VerificationKey = typename Flavor::VerificationKey; @@ -21,6 +22,7 @@ using PCS = typename Flavor::PCS; using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Polynomial = typename Flavor::Polynomial; +using Transcript = typename Flavor::Transcript; /** * @brief Helper method to compute quantities like total number of gates and dyadic circuit size @@ -200,7 +202,8 @@ void GoblinTranslatorComposer::compute_witness(CircuitBuilder& circuit_builder) * @return GoblinTranslatorProver */ -GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder) +GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& circuit_builder, + const std::shared_ptr& transcript) { // Compute total number of gates, dyadic circuit size, etc. @@ -213,7 +216,7 @@ GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& c compute_commitment_key(proving_key->circuit_size); - GoblinTranslatorProver output_state(proving_key, commitment_key); + GoblinTranslatorProver output_state(proving_key, commitment_key, transcript); return output_state; } @@ -227,7 +230,8 @@ GoblinTranslatorProver GoblinTranslatorComposer::create_prover(CircuitBuilder& c * @return GoblinTranslatorVerifier */ -GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_builder) +GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const CircuitBuilder& circuit_builder, + const std::shared_ptr& transcript) { auto verification_key = compute_verification_key(circuit_builder); @@ -235,6 +239,7 @@ GoblinTranslatorVerifier GoblinTranslatorComposer::create_verifier(const Circuit auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); output_state.pcs_verification_key = std::move(pcs_verification_key); + output_state.transcript = transcript; return output_state; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp index 749151b3ebe..9734a0ba9b7 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_composer.hpp @@ -19,6 +19,7 @@ class GoblinTranslatorComposer { using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Polynomial = typename Flavor::Polynomial; + using Transcript = BaseTranscript; static constexpr size_t MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; static constexpr std::string_view NAME_STRING = "GoblinTranslator"; @@ -52,8 +53,12 @@ class GoblinTranslatorComposer { void compute_witness(CircuitBuilder& circuit_builder); - GoblinTranslatorProver create_prover(CircuitBuilder& circuit_builder); - GoblinTranslatorVerifier create_verifier(const CircuitBuilder& circuit_builder); + GoblinTranslatorProver create_prover( + CircuitBuilder& circuit_builder, + const std::shared_ptr& transcript = std::make_shared()); + GoblinTranslatorVerifier create_verifier( + const CircuitBuilder& circuit_builder, + const std::shared_ptr& transcript = std::make_shared()); std::shared_ptr compute_commitment_key(size_t circuit_size) { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 98e29dc0113..cd3e010b0d9 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -17,9 +17,20 @@ namespace proof_system::honk { * @tparam settings Settings class. * */ -GoblinTranslatorProver::GoblinTranslatorProver(std::shared_ptr input_key, - std::shared_ptr commitment_key) - : key(input_key) +/** + * Create GoblinTranslatorProver from proving key, witness and manifest. + * + * @param input_key Proving key. + * @param input_manifest Input manifest + * + * @tparam settings Settings class. + * */ + +GoblinTranslatorProver::GoblinTranslatorProver(const std::shared_ptr& input_key, + const std::shared_ptr& commitment_key, + const std::shared_ptr& transcript) + : transcript(transcript) + , key(input_key) , commitment_key(commitment_key) { // Copy all polynomials from the proving key @@ -249,10 +260,10 @@ void GoblinTranslatorProver::execute_preamble_round() uint256_t(key->accumulators_binary_limbs_1[1]) * SHIFT + uint256_t(key->accumulators_binary_limbs_2[1]) * SHIFTx2 + uint256_t(key->accumulators_binary_limbs_3[1]) * SHIFTx3); - transcript.send_to_verifier("circuit_size", circuit_size); - transcript.send_to_verifier("evaluation_input_x", key->evaluation_input_x); - transcript.send_to_verifier("batching_challenge_v", key->batching_challenge_v); - transcript.send_to_verifier("accumulated_result", accumulated_result); + transcript->send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("evaluation_input_x", key->evaluation_input_x); + transcript->send_to_verifier("batching_challenge_v", key->batching_challenge_v); + transcript->send_to_verifier("accumulated_result", accumulated_result); } /** @@ -265,7 +276,7 @@ void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_rou auto wire_polys = key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } } @@ -276,7 +287,7 @@ void GoblinTranslatorProver::execute_wire_and_sorted_constraints_commitments_rou void GoblinTranslatorProver::execute_grand_product_computation_round() { // Compute and store parameters required by relations in Sumcheck - FF gamma = transcript.get_challenge("gamma"); + FF gamma = transcript->get_challenge("gamma"); const size_t NUM_LIMB_BITS = Flavor::NUM_LIMB_BITS; relation_parameters.beta = 0; relation_parameters.gamma = gamma; @@ -316,7 +327,7 @@ void GoblinTranslatorProver::execute_grand_product_computation_round() // Compute constraint permutation grand product grand_product_library::compute_grand_products(key, prover_polynomials, relation_parameters); - transcript.send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); + transcript->send_to_verifier(commitment_labels.z_perm, commitment_key->commit(key->z_perm)); } /** @@ -329,7 +340,7 @@ void GoblinTranslatorProver::execute_relation_check_rounds() auto sumcheck = Sumcheck(key->circuit_size, transcript); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } @@ -355,7 +366,7 @@ void GoblinTranslatorProver::execute_zeromorph_rounds() plonk::proof& GoblinTranslatorProver::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index 8ac45653953..3a2db24407d 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -19,13 +19,15 @@ class GoblinTranslatorProver { using ProverPolynomials = typename Flavor::ProverPolynomials; using CommitmentLabels = typename Flavor::CommitmentLabels; using Curve = typename Flavor::Curve; + using Transcript = typename Flavor::Transcript; static size_t constexpr MINI_CIRCUIT_SIZE = Flavor::MINI_CIRCUIT_SIZE; static size_t constexpr FULL_CIRCUIT_SIZE = Flavor::FULL_CIRCUIT_SIZE; public: - explicit GoblinTranslatorProver(std::shared_ptr input_key, - std::shared_ptr commitment_key); + explicit GoblinTranslatorProver(const std::shared_ptr& input_key, + const std::shared_ptr& commitment_key, + const std::shared_ptr& transcript = std::make_shared()); void execute_preamble_round(); void execute_wire_and_sorted_constraints_commitments_round(); @@ -35,7 +37,7 @@ class GoblinTranslatorProver { plonk::proof& export_proof(); plonk::proof& construct_proof(); - BaseTranscript transcript; + std::shared_ptr transcript = std::make_shared(); proof_system::RelationParameters relation_parameters; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 8b8c934742b..089c2c37451 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -9,8 +9,11 @@ using namespace proof_system::honk::sumcheck; namespace proof_system::honk { -GoblinTranslatorVerifier::GoblinTranslatorVerifier(std::shared_ptr verifier_key) +GoblinTranslatorVerifier::GoblinTranslatorVerifier( + const std::shared_ptr& verifier_key, + const std::shared_ptr& transcript) : key(verifier_key) + , transcript(transcript) {} GoblinTranslatorVerifier::GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept @@ -65,17 +68,19 @@ void GoblinTranslatorVerifier::put_translation_data_in_relation_parameters(const */ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) { - transcript = BaseTranscript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); + + transcript = std::make_shared(proof.proof_data); Flavor::VerifierCommitments commitments{ key }; Flavor::CommitmentLabels commitment_labels; // TODO(Adrian): Change the initialization of the transcript to take the VK hash? - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); - evaluation_input_x = transcript.template receive_from_prover("evaluation_input_x"); - batching_challenge_v = transcript.template receive_from_prover("batching_challenge_v"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); + evaluation_input_x = transcript->template receive_from_prover("evaluation_input_x"); + batching_challenge_v = transcript->template receive_from_prover("batching_challenge_v"); - const BF accumulated_result = transcript.template receive_from_prover("accumulated_result"); + const BF accumulated_result = transcript->template receive_from_prover("accumulated_result"); put_translation_data_in_relation_parameters(evaluation_input_x, batching_challenge_v, accumulated_result); @@ -85,7 +90,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) // Get all the values of wires const auto receive_commitment = [&](const std::string& label) { - return transcript.template receive_from_prover(label); + return transcript->template receive_from_prover(label); }; commitments.op = receive_commitment(commitment_labels.op); @@ -230,7 +235,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) commitments.ordered_range_constraints_4 = receive_commitment(commitment_labels.ordered_range_constraints_4); // Get permutation challenges - FF gamma = transcript.get_challenge("gamma"); + FF gamma = transcript->get_challenge("gamma"); relation_parameters.beta = 0; relation_parameters.gamma = gamma; @@ -243,7 +248,7 @@ bool GoblinTranslatorVerifier::verify_proof(const plonk::proof& proof) // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp index 0b16855a0b5..e959eef720e 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.hpp @@ -13,6 +13,7 @@ class GoblinTranslatorVerifier { using VerificationKey = typename Flavor::VerificationKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using TranslationEvaluations = barretenberg::TranslationEvaluations; + using Transcript = typename Flavor::Transcript; BF evaluation_input_x = 0; BF batching_challenge_v = 0; @@ -20,10 +21,11 @@ class GoblinTranslatorVerifier { std::map commitments; std::map pcs_fr_elements; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + std::shared_ptr transcript; RelationParameters relation_parameters; - explicit GoblinTranslatorVerifier(std::shared_ptr verifier_key = nullptr); + GoblinTranslatorVerifier(const std::shared_ptr& verifier_key = nullptr, + const std::shared_ptr& transcript = std::make_shared()); GoblinTranslatorVerifier(GoblinTranslatorVerifier&& other) noexcept; GoblinTranslatorVerifier(const GoblinTranslatorVerifier& other) = delete; GoblinTranslatorVerifier& operator=(const GoblinTranslatorVerifier& other) = delete; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp index 355bf5c6c65..c1e174f0d62 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp @@ -142,7 +142,7 @@ TEST_F(GoblinUltraTranscriptTests, ProverManifestConsistency) // Check that the prover generated manifest agrees with the manifest hard coded in this suite auto manifest_expected = construct_goblin_ultra_honk_manifest(instance->proving_key->circuit_size); - auto prover_manifest = prover.transcript.get_manifest(); + auto prover_manifest = prover.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < manifest_expected.size(); ++round) { ASSERT_EQ(prover_manifest[round], manifest_expected[round]) << "Prover manifest discrepency in round " << round; @@ -172,8 +172,8 @@ TEST_F(GoblinUltraTranscriptTests, VerifierManifestConsistency) verifier.verify_proof(proof); // Check consistency between the manifests generated by the prover and verifier - auto prover_manifest = prover.transcript.get_manifest(); - auto verifier_manifest = verifier.transcript.get_manifest(); + auto prover_manifest = prover.transcript->get_manifest(); + auto verifier_manifest = verifier.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < prover_manifest.size(); ++round) { @@ -192,15 +192,15 @@ TEST_F(GoblinUltraTranscriptTests, ChallengeGenerationTest) // initialized with random value sent to verifier auto transcript = Flavor::Transcript::prover_init_empty(); // test a bunch of challenges - auto challenges = transcript.get_challenges("a", "b", "c", "d", "e", "f"); + auto challenges = transcript->get_challenges("a", "b", "c", "d", "e", "f"); // check they are not 0 for (size_t i = 0; i < challenges.size(); ++i) { ASSERT_NE(challenges[i], 0) << "Challenge " << i << " is 0"; } constexpr uint32_t random_val{ 17 }; // arbitrary - transcript.send_to_verifier("random val", random_val); + transcript->send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = challenges_to_field_elements(transcript.get_challenges("a", "b", "c")); + auto [a, b, c] = challenges_to_field_elements(transcript->get_challenges("a", "b", "c")); ASSERT_NE(a, 0) << "Challenge a is 0"; ASSERT_NE(b, 0) << "Challenge b is 0"; ASSERT_NE(c, 0) << "Challenge c is 0"; @@ -221,19 +221,19 @@ TEST_F(GoblinUltraTranscriptTests, StructureTest) EXPECT_TRUE(verifier.verify_proof(proof)); // try deserializing and serializing with no changes and check proof is still valid - prover.transcript.deserialize_full_transcript(); - prover.transcript.serialize_full_transcript(); + prover.transcript->deserialize_full_transcript(); + prover.transcript->serialize_full_transcript(); EXPECT_TRUE(verifier.verify_proof(prover.export_proof())); // we have changed nothing so proof is still valid Flavor::Commitment one_group_val = Flavor::Commitment::one(); FF rand_val = FF::random_element(); - prover.transcript.sorted_accum_comm = one_group_val * rand_val; // choose random object to modify + prover.transcript->sorted_accum_comm = one_group_val * rand_val; // choose random object to modify EXPECT_TRUE(verifier.verify_proof( prover.export_proof())); // we have not serialized it back to the proof so it should still be fine - prover.transcript.serialize_full_transcript(); + prover.transcript->serialize_full_transcript(); EXPECT_FALSE(verifier.verify_proof(prover.export_proof())); // the proof is now wrong after serializing it - prover.transcript.deserialize_full_transcript(); - EXPECT_EQ(static_cast(prover.transcript.sorted_accum_comm), one_group_val * rand_val); + prover.transcript->deserialize_full_transcript(); + EXPECT_EQ(static_cast(prover.transcript->sorted_accum_comm), one_group_val * rand_val); } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp index 24b614f4ea8..a27b2091f3a 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.cpp @@ -7,8 +7,11 @@ namespace proof_system::honk { * */ template -MergeProver_::MergeProver_(std::shared_ptr commitment_key, std::shared_ptr op_queue) - : op_queue(op_queue) +MergeProver_::MergeProver_(const std::shared_ptr& commitment_key, + const std::shared_ptr& op_queue, + const std::shared_ptr& transcript) + : transcript(transcript) + , op_queue(op_queue) , pcs_commitment_key(commitment_key) {} @@ -54,9 +57,9 @@ template plonk::proof& MergeProver_::construct_proof() C_T_current[idx] = C_T_prev + C_t_shift; std::string suffix = std::to_string(idx + 1); - transcript.send_to_verifier("T_PREV_" + suffix, C_T_prev); - transcript.send_to_verifier("t_SHIFT_" + suffix, C_t_shift); - transcript.send_to_verifier("T_CURRENT_" + suffix, C_T_current[idx]); + transcript->send_to_verifier("T_PREV_" + suffix, C_T_prev); + transcript->send_to_verifier("t_SHIFT_" + suffix, C_t_shift); + transcript->send_to_verifier("T_CURRENT_" + suffix, C_T_current[idx]); } // Store the commitments [T_{i}] (to be used later in subsequent iterations as [T_{i-1}]). @@ -64,7 +67,7 @@ template plonk::proof& MergeProver_::construct_proof() // Compute evaluations T_i(\kappa), T_{i-1}(\kappa), t_i^{shift}(\kappa), add to transcript. For each polynomial // we add a univariate opening claim {p(X), (\kappa, p(\kappa))} to the set of claims to be checked via batched KZG. - FF kappa = transcript.get_challenge("kappa"); + FF kappa = transcript->get_challenge("kappa"); // Add univariate opening claims for each polynomial. std::vector opening_claims; @@ -72,24 +75,24 @@ template plonk::proof& MergeProver_::construct_proof() for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { auto polynomial = Polynomial(T_prev[idx]); auto evaluation = polynomial.evaluate(kappa); - transcript.send_to_verifier("T_prev_eval_" + std::to_string(idx + 1), evaluation); + transcript->send_to_verifier("T_prev_eval_" + std::to_string(idx + 1), evaluation); opening_claims.emplace_back(OpeningClaim{ polynomial, { kappa, evaluation } }); } // Compute evaluation t_i^{shift}(\kappa) for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { auto evaluation = t_shift[idx].evaluate(kappa); - transcript.send_to_verifier("t_shift_eval_" + std::to_string(idx + 1), evaluation); + transcript->send_to_verifier("t_shift_eval_" + std::to_string(idx + 1), evaluation); opening_claims.emplace_back(OpeningClaim{ t_shift[idx], { kappa, evaluation } }); } // Compute evaluation T_i(\kappa) for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { auto polynomial = Polynomial(T_current[idx]); auto evaluation = polynomial.evaluate(kappa); - transcript.send_to_verifier("T_current_eval_" + std::to_string(idx + 1), evaluation); + transcript->send_to_verifier("T_current_eval_" + std::to_string(idx + 1), evaluation); opening_claims.emplace_back(OpeningClaim{ polynomial, { kappa, evaluation } }); } - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); // Constuct batched polynomial to opened via KZG auto batched_polynomial = Polynomial(N); @@ -107,9 +110,9 @@ template plonk::proof& MergeProver_::construct_proof() quotient.factor_roots(kappa); auto quotient_commitment = pcs_commitment_key->commit(quotient); - transcript.send_to_verifier("KZG:W", quotient_commitment); + transcript->send_to_verifier("KZG:W", quotient_commitment); - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp index 426caafc521..77318490bba 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_prover.hpp @@ -23,13 +23,16 @@ template class MergeProver_ { using Curve = typename Flavor::Curve; using OpeningClaim = typename pcs::ProverOpeningClaim; using OpeningPair = typename pcs::OpeningPair; + using Transcript = BaseTranscript; public: - BaseTranscript transcript; + std::shared_ptr transcript; std::shared_ptr op_queue; std::shared_ptr pcs_commitment_key; - explicit MergeProver_(std::shared_ptr, std::shared_ptr); + explicit MergeProver_(const std::shared_ptr&, + const std::shared_ptr&, + const std::shared_ptr& transcript = std::make_shared()); plonk::proof& construct_proof(); private: diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp index 3e76c0f3214..1d913b342fb 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp @@ -3,8 +3,10 @@ namespace proof_system::honk { template -MergeVerifier_::MergeVerifier_(std::unique_ptr verification_key) - : pcs_verification_key(std::move(verification_key)){}; +MergeVerifier_::MergeVerifier_(std::unique_ptr verification_key, + const std::shared_ptr& transcript) + : transcript(transcript) + , pcs_verification_key(std::move(verification_key)){}; /** * @brief Verify proper construction of the aggregate Goblin ECC op queue polynomials T_i^(j), j = 1,2,3,4. @@ -19,19 +21,19 @@ MergeVerifier_::MergeVerifier_(std::unique_ptr ve */ template bool MergeVerifier_::verify_proof(const plonk::proof& proof) { - transcript = BaseTranscript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); // Receive commitments [t_i^{shift}], [T_{i-1}], and [T_i] std::array C_T_prev; std::array C_t_shift; std::array C_T_current; for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - C_T_prev[idx] = transcript.template receive_from_prover("T_PREV_" + std::to_string(idx + 1)); - C_t_shift[idx] = transcript.template receive_from_prover("t_SHIFT_" + std::to_string(idx + 1)); - C_T_current[idx] = transcript.template receive_from_prover("T_CURRENT_" + std::to_string(idx + 1)); + C_T_prev[idx] = transcript->template receive_from_prover("T_PREV_" + std::to_string(idx + 1)); + C_t_shift[idx] = transcript->template receive_from_prover("t_SHIFT_" + std::to_string(idx + 1)); + C_T_current[idx] = transcript->template receive_from_prover("T_CURRENT_" + std::to_string(idx + 1)); } - FF kappa = transcript.get_challenge("kappa"); + FF kappa = transcript->get_challenge("kappa"); // Receive transcript poly evaluations and add corresponding univariate opening claims {(\kappa, p(\kappa), [p(X)]} std::array T_prev_evals; @@ -39,15 +41,16 @@ template bool MergeVerifier_::verify_proof(const plonk std::array T_current_evals; std::vector opening_claims; for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - T_prev_evals[idx] = transcript.template receive_from_prover("T_prev_eval_" + std::to_string(idx + 1)); + T_prev_evals[idx] = transcript->template receive_from_prover("T_prev_eval_" + std::to_string(idx + 1)); opening_claims.emplace_back(pcs::OpeningClaim{ { kappa, T_prev_evals[idx] }, C_T_prev[idx] }); } for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - t_shift_evals[idx] = transcript.template receive_from_prover("t_shift_eval_" + std::to_string(idx + 1)); + t_shift_evals[idx] = transcript->template receive_from_prover("t_shift_eval_" + std::to_string(idx + 1)); opening_claims.emplace_back(pcs::OpeningClaim{ { kappa, t_shift_evals[idx] }, C_t_shift[idx] }); } for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - T_current_evals[idx] = transcript.template receive_from_prover("T_current_eval_" + std::to_string(idx + 1)); + T_current_evals[idx] = + transcript->template receive_from_prover("T_current_eval_" + std::to_string(idx + 1)); opening_claims.emplace_back(pcs::OpeningClaim{ { kappa, T_current_evals[idx] }, C_T_current[idx] }); } @@ -57,7 +60,7 @@ template bool MergeVerifier_::verify_proof(const plonk identity_checked = identity_checked && (T_current_evals[idx] == T_prev_evals[idx] + t_shift_evals[idx]); } - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); // Constuct batched commitment and evaluation from constituents auto batched_commitment = opening_claims[0].commitment; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp index a4005f8a4f7..d6880476b79 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.hpp @@ -24,13 +24,15 @@ template class MergeVerifier_ { using OpeningClaim = typename pcs::OpeningClaim; using VerificationKey = typename Flavor::VerificationKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; + using Transcript = typename Flavor::Transcript; public: - BaseTranscript transcript; + std::shared_ptr transcript; std::shared_ptr op_queue; std::shared_ptr pcs_verification_key; - explicit MergeVerifier_(std::unique_ptr verification_key); + explicit MergeVerifier_(std::unique_ptr verification_key, + const std::shared_ptr& transcript); bool verify_proof(const plonk::proof& proof); }; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp index 3ed21abdd39..c0a1c6b1f61 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp @@ -35,6 +35,7 @@ TEST_F(SumcheckTestsRealCircuit, Ultra) { using Flavor = flavor::Ultra; using FF = typename Flavor::FF; + using Transcript = typename Flavor::Transcript; // Create a composer and a dummy circuit with a few gates auto builder = proof_system::UltraCircuitBuilder(); @@ -159,17 +160,17 @@ TEST_F(SumcheckTestsRealCircuit, Ultra) instance->compute_sorted_accumulator_polynomials(eta); instance->compute_grand_product_polynomials(beta, gamma); - Flavor::Transcript prover_transcript = Flavor::Transcript::prover_init_empty(); + auto prover_transcript = Transcript::prover_init_empty(); auto circuit_size = instance->proving_key->circuit_size; - instance->alpha = prover_transcript.get_challenge("alpha"); + instance->alpha = prover_transcript->get_challenge("alpha"); auto sumcheck_prover = SumcheckProver(circuit_size, prover_transcript); auto prover_output = sumcheck_prover.prove(instance); - Flavor::Transcript verifier_transcript = Flavor::Transcript::verifier_init_empty(prover_transcript); + auto verifier_transcript = Transcript::verifier_init_empty(prover_transcript); auto sumcheck_verifier = SumcheckVerifier(circuit_size); - FF alpha = verifier_transcript.get_challenge("alpha"); + FF alpha = verifier_transcript->get_challenge("alpha"); auto verifier_output = sumcheck_verifier.verify(instance->relation_parameters, alpha, verifier_transcript); auto verified = verifier_output.verified.value(); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp index 716c83d09a4..50f34044c29 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.cpp @@ -12,7 +12,7 @@ namespace proof_system::honk { * @return Pointer to the resulting verification key of the Instance. * */ template -void UltraComposer_::compute_verification_key(std::shared_ptr> instance) +void UltraComposer_::compute_verification_key(const std::shared_ptr>& instance) { if (instance->verification_key) { return; @@ -75,19 +75,21 @@ std::shared_ptr> UltraComposer_::create_instance } template -UltraProver_ UltraComposer_::create_prover(std::shared_ptr instance) +UltraProver_ UltraComposer_::create_prover(const std::shared_ptr& instance, + const std::shared_ptr& transcript) { - UltraProver_ output_state(instance, commitment_key); + UltraProver_ output_state(instance, commitment_key, transcript); return output_state; } template -UltraVerifier_ UltraComposer_::create_verifier(std::shared_ptr instance) +UltraVerifier_ UltraComposer_::create_verifier(const std::shared_ptr& instance, + const std::shared_ptr& transcript) { - UltraVerifier_ output_state(instance->verification_key); - auto pcs_verification_key = - std::make_unique(instance->verification_key->circuit_size, crs_factory_); + auto& verification_key = instance->verification_key; + UltraVerifier_ output_state(transcript, verification_key); + auto pcs_verification_key = std::make_unique(verification_key->circuit_size, crs_factory_); output_state.pcs_verification_key = std::move(pcs_verification_key); return output_state; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp index 33840e32bc7..cdfb202db39 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.hpp @@ -20,6 +20,8 @@ template class UltraComposer_ { using CommitmentKey = typename Flavor::CommitmentKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Instance = ProverInstance_; + using FF = typename Flavor::FF; + using Transcript = typename Flavor::Transcript; static constexpr size_t NUM_FOLDING = 2; using ProverInstances = ProverInstances_; @@ -55,8 +57,11 @@ template class UltraComposer_ { std::shared_ptr create_instance(CircuitBuilder& circuit); - UltraProver_ create_prover(std::shared_ptr); - UltraVerifier_ create_verifier(std::shared_ptr); + UltraProver_ create_prover(const std::shared_ptr&, + const std::shared_ptr& transcript = std::make_shared()); + UltraVerifier_ create_verifier( + const std::shared_ptr&, + const std::shared_ptr& transcript = std::make_shared()); /** * @brief Create Prover for Goblin ECC op queue merge protocol @@ -64,14 +69,16 @@ template class UltraComposer_ { * @param op_queue * @return MergeProver_ */ - MergeProver_ create_merge_prover(std::shared_ptr op_queue) + MergeProver_ create_merge_prover( + const std::shared_ptr& op_queue, + const std::shared_ptr& transcript = std::make_shared()) { // Store the previous aggregate op queue size and update the current one op_queue->set_size_data(); // Merge requires a commitment key with size equal to that of the current op queue transcript T_i since the // shift of the current contribution t_i will be of degree equal to deg(T_i) auto commitment_key = compute_commitment_key(op_queue->get_current_size()); - return MergeProver_(commitment_key, op_queue); + return MergeProver_(commitment_key, op_queue, transcript); } /** @@ -80,20 +87,22 @@ template class UltraComposer_ { * @param size Size of commitment key required to commit to shifted op queue contribution t_i * @return MergeVerifier_ */ - MergeVerifier_ create_merge_verifier(size_t srs_size) + MergeVerifier_ create_merge_verifier( + size_t srs_size, const std::shared_ptr& transcript = std::make_shared()) { auto pcs_verification_key = std::make_unique(srs_size, crs_factory_); - return MergeVerifier_(std::move(pcs_verification_key)); + return MergeVerifier_(std::move(pcs_verification_key), transcript); } - ProtoGalaxyProver_ create_folding_prover(std::vector> instances) + ProtoGalaxyProver_ create_folding_prover(const std::vector>& instances) { ProverInstances insts(instances); ProtoGalaxyProver_ output_state(insts); return output_state; }; - ProtoGalaxyVerifier_ create_folding_verifier(std::vector> instances) + ProtoGalaxyVerifier_ create_folding_verifier( + const std::vector>& instances) { std::vector> vks; for (const auto& inst : instances) { @@ -111,7 +120,7 @@ template class UltraComposer_ { * * @param inst */ - void compute_verification_key(std::shared_ptr); + void compute_verification_key(const std::shared_ptr&); }; extern template class UltraComposer_; extern template class UltraComposer_; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index 6c316094ceb..fe3031181ef 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -12,8 +12,11 @@ namespace proof_system::honk { * @tparam a type of UltraFlavor * */ template -UltraProver_::UltraProver_(std::shared_ptr inst, std::shared_ptr commitment_key) +UltraProver_::UltraProver_(const std::shared_ptr& inst, + const std::shared_ptr& commitment_key, + const std::shared_ptr& transcript) : instance(std::move(inst)) + , transcript(transcript) , commitment_key(commitment_key) { instance->initialize_prover_polynomials(); @@ -29,13 +32,13 @@ template void UltraProver_::execute_preamble_round( const auto circuit_size = static_cast(proving_key->circuit_size); const auto num_public_inputs = static_cast(proving_key->num_public_inputs); - transcript.send_to_verifier("circuit_size", circuit_size); - transcript.send_to_verifier("public_input_size", num_public_inputs); - transcript.send_to_verifier("pub_inputs_offset", static_cast(instance->pub_inputs_offset)); + transcript->send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("public_input_size", num_public_inputs); + transcript->send_to_verifier("pub_inputs_offset", static_cast(instance->pub_inputs_offset)); for (size_t i = 0; i < proving_key->num_public_inputs; ++i) { auto public_input_i = instance->public_inputs[i]; - transcript.send_to_verifier("public_input_" + std::to_string(i), public_input_i); + transcript->send_to_verifier("public_input_" + std::to_string(i), public_input_i); } } @@ -58,7 +61,7 @@ template void UltraProver_::execute_wire_commitment auto wire_comms = witness_commitments.get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < 3; ++idx) { - transcript.send_to_verifier(labels[idx], wire_comms[idx]); + transcript->send_to_verifier(labels[idx], wire_comms[idx]); } if constexpr (IsGoblinFlavor) { @@ -71,15 +74,15 @@ template void UltraProver_::execute_wire_commitment auto op_wire_comms = instance->witness_commitments.get_ecc_op_wires(); auto labels = commitment_labels.get_ecc_op_wires(); for (size_t idx = 0; idx < Flavor::NUM_WIRES; ++idx) { - transcript.send_to_verifier(labels[idx], op_wire_comms[idx]); + transcript->send_to_verifier(labels[idx], op_wire_comms[idx]); } // Commit to DataBus columns witness_commitments.calldata = commitment_key->commit(proving_key->calldata); witness_commitments.calldata_read_counts = commitment_key->commit(proving_key->calldata_read_counts); - transcript.send_to_verifier(commitment_labels.calldata, instance->witness_commitments.calldata); - transcript.send_to_verifier(commitment_labels.calldata_read_counts, - instance->witness_commitments.calldata_read_counts); + transcript->send_to_verifier(commitment_labels.calldata, instance->witness_commitments.calldata); + transcript->send_to_verifier(commitment_labels.calldata_read_counts, + instance->witness_commitments.calldata_read_counts); } } @@ -89,7 +92,7 @@ template void UltraProver_::execute_wire_commitment */ template void UltraProver_::execute_sorted_list_accumulator_round() { - FF eta = transcript.get_challenge("eta"); + FF eta = transcript->get_challenge("eta"); instance->compute_sorted_accumulator_polynomials(eta); @@ -99,8 +102,8 @@ template void UltraProver_::execute_sorted_list_acc witness_commitments.sorted_accum = commitment_key->commit(instance->prover_polynomials.sorted_accum); witness_commitments.w_4 = commitment_key->commit(instance->prover_polynomials.w_4); - transcript.send_to_verifier(commitment_labels.sorted_accum, instance->witness_commitments.sorted_accum); - transcript.send_to_verifier(commitment_labels.w_4, instance->witness_commitments.w_4); + transcript->send_to_verifier(commitment_labels.sorted_accum, instance->witness_commitments.sorted_accum); + transcript->send_to_verifier(commitment_labels.w_4, instance->witness_commitments.w_4); } /** @@ -110,7 +113,7 @@ template void UltraProver_::execute_sorted_list_acc template void UltraProver_::execute_log_derivative_inverse_round() { // Compute and store challenges beta and gamma - auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); + auto [beta, gamma] = challenges_to_field_elements(transcript->get_challenges("beta", "gamma")); relation_parameters.beta = beta; relation_parameters.gamma = gamma; @@ -118,7 +121,7 @@ template void UltraProver_::execute_log_derivative_ instance->compute_logderivative_inverse(beta, gamma); instance->witness_commitments.lookup_inverses = commitment_key->commit(instance->prover_polynomials.lookup_inverses); - transcript.send_to_verifier(commitment_labels.lookup_inverses, instance->witness_commitments.lookup_inverses); + transcript->send_to_verifier(commitment_labels.lookup_inverses, instance->witness_commitments.lookup_inverses); } } @@ -134,8 +137,8 @@ template void UltraProver_::execute_grand_product_c auto& witness_commitments = instance->witness_commitments; witness_commitments.z_perm = commitment_key->commit(instance->prover_polynomials.z_perm); witness_commitments.z_lookup = commitment_key->commit(instance->prover_polynomials.z_lookup); - transcript.send_to_verifier(commitment_labels.z_perm, instance->witness_commitments.z_perm); - transcript.send_to_verifier(commitment_labels.z_lookup, instance->witness_commitments.z_lookup); + transcript->send_to_verifier(commitment_labels.z_perm, instance->witness_commitments.z_perm); + transcript->send_to_verifier(commitment_labels.z_lookup, instance->witness_commitments.z_lookup); } /** @@ -147,7 +150,7 @@ template void UltraProver_::execute_relation_check_ using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(instance->proving_key->circuit_size, transcript); - instance->alpha = transcript.get_challenge("alpha"); + instance->alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(instance); } @@ -169,13 +172,13 @@ template void UltraProver_::execute_zeromorph_round template plonk::proof& UltraProver_::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } template plonk::proof& UltraProver_::construct_proof() { - // Add circuit size public input size and public inputs to transcript. + // Add circuit size public input size and public inputs to transcript-> execute_preamble_round(); // Compute first three wire commitments diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index 9d660067229..fb81addb7cc 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -23,7 +23,10 @@ template class UltraProver_ { using Transcript = typename Flavor::Transcript; public: - explicit UltraProver_(std::shared_ptr, std::shared_ptr); + explicit UltraProver_(const std::shared_ptr&, + const std::shared_ptr&, + const std::shared_ptr& transcript = std::make_shared()); + BBERG_PROFILE void execute_preamble_round(); BBERG_PROFILE void execute_wire_commitments_round(); BBERG_PROFILE void execute_sorted_list_accumulator_round(); @@ -35,7 +38,9 @@ template class UltraProver_ { plonk::proof& export_proof(); plonk::proof& construct_proof(); - Transcript transcript; + std::shared_ptr instance; + + std::shared_ptr transcript; std::vector public_inputs; size_t pub_inputs_offset; @@ -46,8 +51,6 @@ template class UltraProver_ { Polynomial quotient_W; - std::shared_ptr instance; - sumcheck::SumcheckOutput sumcheck_output; std::shared_ptr commitment_key; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 1d4e16edd70..c5564e8fd10 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -128,7 +128,7 @@ TEST_F(UltraTranscriptTests, ProverManifestConsistency) // Check that the prover generated manifest agrees with the manifest hard coded in this suite auto manifest_expected = construct_ultra_honk_manifest(instance->proving_key->circuit_size); - auto prover_manifest = prover.transcript.get_manifest(); + auto prover_manifest = prover.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < manifest_expected.size(); ++round) { ASSERT_EQ(prover_manifest[round], manifest_expected[round]) << "Prover manifest discrepency in round " << round; @@ -158,8 +158,8 @@ TEST_F(UltraTranscriptTests, VerifierManifestConsistency) verifier.verify_proof(proof); // Check consistency between the manifests generated by the prover and verifier - auto prover_manifest = prover.transcript.get_manifest(); - auto verifier_manifest = verifier.transcript.get_manifest(); + auto prover_manifest = prover.transcript->get_manifest(); + auto verifier_manifest = verifier.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < prover_manifest.size(); ++round) { @@ -178,15 +178,15 @@ TEST_F(UltraTranscriptTests, ChallengeGenerationTest) // initialized with random value sent to verifier auto transcript = Flavor::Transcript::prover_init_empty(); // test a bunch of challenges - auto challenges = transcript.get_challenges("a", "b", "c", "d", "e", "f"); + auto challenges = transcript->get_challenges("a", "b", "c", "d", "e", "f"); // check they are not 0 for (size_t i = 0; i < challenges.size(); ++i) { ASSERT_NE(challenges[i], 0) << "Challenge " << i << " is 0"; } constexpr uint32_t random_val{ 17 }; // arbitrary - transcript.send_to_verifier("random val", random_val); + transcript->send_to_verifier("random val", random_val); // test more challenges - auto [a, b, c] = challenges_to_field_elements(transcript.get_challenges("a", "b", "c")); + auto [a, b, c] = challenges_to_field_elements(transcript->get_challenges("a", "b", "c")); ASSERT_NE(a, 0) << "Challenge a is 0"; ASSERT_NE(b, 0) << "Challenge b is 0"; ASSERT_NE(c, 0) << "Challenge c is 0"; @@ -207,19 +207,19 @@ TEST_F(UltraTranscriptTests, StructureTest) EXPECT_TRUE(verifier.verify_proof(proof)); // try deserializing and serializing with no changes and check proof is still valid - prover.transcript.deserialize_full_transcript(); - prover.transcript.serialize_full_transcript(); + prover.transcript->deserialize_full_transcript(); + prover.transcript->serialize_full_transcript(); EXPECT_TRUE(verifier.verify_proof(prover.export_proof())); // we have changed nothing so proof is still valid Flavor::Commitment one_group_val = Flavor::Commitment::one(); FF rand_val = FF::random_element(); - prover.transcript.sorted_accum_comm = one_group_val * rand_val; // choose random object to modify + prover.transcript->sorted_accum_comm = one_group_val * rand_val; // choose random object to modify EXPECT_TRUE(verifier.verify_proof( prover.export_proof())); // we have not serialized it back to the proof so it should still be fine - prover.transcript.serialize_full_transcript(); + prover.transcript->serialize_full_transcript(); EXPECT_FALSE(verifier.verify_proof(prover.export_proof())); // the proof is now wrong after serializing it - prover.transcript.deserialize_full_transcript(); - EXPECT_EQ(static_cast(prover.transcript.sorted_accum_comm), one_group_val * rand_val); + prover.transcript->deserialize_full_transcript(); + EXPECT_EQ(static_cast(prover.transcript->sorted_accum_comm), one_group_val * rand_val); } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 22ea2ecdafe..df70e5ac12c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -9,8 +9,10 @@ using namespace proof_system::honk::sumcheck; namespace proof_system::honk { template -UltraVerifier_::UltraVerifier_(std::shared_ptr verifier_key) +UltraVerifier_::UltraVerifier_(const std::shared_ptr& transcript, + const std::shared_ptr& verifier_key) : key(verifier_key) + , transcript(transcript) {} template @@ -42,15 +44,15 @@ template bool UltraVerifier_::verify_proof(const plonk proof_system::RelationParameters relation_parameters; - transcript = BaseTranscript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); VerifierCommitments commitments{ key }; CommitmentLabels commitment_labels; // TODO(Adrian): Change the initialization of the transcript to take the VK hash? - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); - const auto public_input_size = transcript.template receive_from_prover("public_input_size"); - const auto pub_inputs_offset = transcript.template receive_from_prover("pub_inputs_offset"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); + const auto public_input_size = transcript->template receive_from_prover("public_input_size"); + const auto pub_inputs_offset = transcript->template receive_from_prover("pub_inputs_offset"); if (circuit_size != key->circuit_size) { return false; @@ -61,45 +63,45 @@ template bool UltraVerifier_::verify_proof(const plonk std::vector public_inputs; for (size_t i = 0; i < public_input_size; ++i) { - auto public_input_i = transcript.template receive_from_prover("public_input_" + std::to_string(i)); + auto public_input_i = transcript->template receive_from_prover("public_input_" + std::to_string(i)); public_inputs.emplace_back(public_input_i); } // Get commitments to first three wire polynomials - commitments.w_l = transcript.template receive_from_prover(commitment_labels.w_l); - commitments.w_r = transcript.template receive_from_prover(commitment_labels.w_r); - commitments.w_o = transcript.template receive_from_prover(commitment_labels.w_o); + commitments.w_l = transcript->template receive_from_prover(commitment_labels.w_l); + commitments.w_r = transcript->template receive_from_prover(commitment_labels.w_r); + commitments.w_o = transcript->template receive_from_prover(commitment_labels.w_o); // If Goblin, get commitments to ECC op wire polynomials and DataBus columns if constexpr (IsGoblinFlavor) { commitments.ecc_op_wire_1 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_1); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_1); commitments.ecc_op_wire_2 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_2); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_2); commitments.ecc_op_wire_3 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_3); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_3); commitments.ecc_op_wire_4 = - transcript.template receive_from_prover(commitment_labels.ecc_op_wire_4); - commitments.calldata = transcript.template receive_from_prover(commitment_labels.calldata); + transcript->template receive_from_prover(commitment_labels.ecc_op_wire_4); + commitments.calldata = transcript->template receive_from_prover(commitment_labels.calldata); commitments.calldata_read_counts = - transcript.template receive_from_prover(commitment_labels.calldata_read_counts); + transcript->template receive_from_prover(commitment_labels.calldata_read_counts); } // Get challenge for sorted list batching and wire four memory records - FF eta = transcript.get_challenge("eta"); + FF eta = transcript->get_challenge("eta"); relation_parameters.eta = eta; // Get commitments to sorted list accumulator and fourth wire - commitments.sorted_accum = transcript.template receive_from_prover(commitment_labels.sorted_accum); - commitments.w_4 = transcript.template receive_from_prover(commitment_labels.w_4); + commitments.sorted_accum = transcript->template receive_from_prover(commitment_labels.sorted_accum); + commitments.w_4 = transcript->template receive_from_prover(commitment_labels.w_4); // Get permutation challenges - auto [beta, gamma] = challenges_to_field_elements(transcript.get_challenges("beta", "gamma")); + auto [beta, gamma] = challenges_to_field_elements(transcript->get_challenges("beta", "gamma")); // If Goblin (i.e. using DataBus) receive commitments to log-deriv inverses polynomial if constexpr (IsGoblinFlavor) { commitments.lookup_inverses = - transcript.template receive_from_prover(commitment_labels.lookup_inverses); + transcript->template receive_from_prover(commitment_labels.lookup_inverses); } const FF public_input_delta = @@ -112,12 +114,12 @@ template bool UltraVerifier_::verify_proof(const plonk relation_parameters.lookup_grand_product_delta = lookup_grand_product_delta; // Get commitment to permutation and lookup grand products - commitments.z_perm = transcript.template receive_from_prover(commitment_labels.z_perm); - commitments.z_lookup = transcript.template receive_from_prover(commitment_labels.z_lookup); + commitments.z_perm = transcript->template receive_from_prover(commitment_labels.z_perm); + commitments.z_lookup = transcript->template receive_from_prover(commitment_labels.z_lookup); // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - FF alpha = transcript.get_challenge("alpha"); + FF alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index b449f76db4b..6a023071f02 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -10,9 +10,11 @@ template class UltraVerifier_ { using Commitment = typename Flavor::Commitment; using VerificationKey = typename Flavor::VerificationKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; + using Transcript = typename Flavor::Transcript; public: - explicit UltraVerifier_(std::shared_ptr verifier_key = nullptr); + explicit UltraVerifier_(const std::shared_ptr& transcript, + const std::shared_ptr& verifier_key = nullptr); UltraVerifier_(UltraVerifier_&& other); UltraVerifier_& operator=(const UltraVerifier_& other) = delete; @@ -23,7 +25,7 @@ template class UltraVerifier_ { std::shared_ptr key; std::map commitments; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + std::shared_ptr transcript; }; extern template class UltraVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.cpp index 30aa284c948..913dc121988 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.cpp @@ -76,7 +76,7 @@ void AvmMiniProver::execute_preamble_round() { const auto circuit_size = static_cast(key->circuit_size); - transcript.send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("circuit_size", circuit_size); } /** @@ -88,7 +88,7 @@ void AvmMiniProver::execute_wire_commitments_round() auto wire_polys = key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } } @@ -101,7 +101,7 @@ void AvmMiniProver::execute_relation_check_rounds() using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(key->circuit_size, transcript); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } @@ -124,13 +124,13 @@ void AvmMiniProver::execute_zeromorph_rounds() plonk::proof& AvmMiniProver::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } plonk::proof& AvmMiniProver::construct_proof() { - // Add circuit size public input size and public inputs to transcript. + // Add circuit size public input size and public inputs to transcript-> execute_preamble_round(); // Compute wire commitments diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.hpp index 792140b2ece..4a08b1fb8fa 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_prover.hpp @@ -34,7 +34,7 @@ class AvmMiniProver { plonk::proof& export_proof(); plonk::proof& construct_proof(); - Transcript transcript; + std::shared_ptr transcript = std::make_shared(); std::vector public_inputs; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.cpp index 493ac8d2d18..b0b9da4ec44 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.cpp @@ -43,52 +43,52 @@ bool AvmMiniVerifier::verify_proof(const plonk::proof& proof) RelationParameters relation_parameters; - transcript = BaseTranscript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); VerifierCommitments commitments{ key }; CommitmentLabels commitment_labels; - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); if (circuit_size != key->circuit_size) { return false; } // Get commitments to VM wires - commitments.memTrace_m_clk = transcript.template receive_from_prover(commitment_labels.memTrace_m_clk); + commitments.memTrace_m_clk = transcript->template receive_from_prover(commitment_labels.memTrace_m_clk); commitments.memTrace_m_sub_clk = - transcript.template receive_from_prover(commitment_labels.memTrace_m_sub_clk); + transcript->template receive_from_prover(commitment_labels.memTrace_m_sub_clk); commitments.memTrace_m_addr = - transcript.template receive_from_prover(commitment_labels.memTrace_m_addr); - commitments.memTrace_m_val = transcript.template receive_from_prover(commitment_labels.memTrace_m_val); + transcript->template receive_from_prover(commitment_labels.memTrace_m_addr); + commitments.memTrace_m_val = transcript->template receive_from_prover(commitment_labels.memTrace_m_val); commitments.memTrace_m_lastAccess = - transcript.template receive_from_prover(commitment_labels.memTrace_m_lastAccess); - commitments.memTrace_m_rw = transcript.template receive_from_prover(commitment_labels.memTrace_m_rw); - commitments.avmMini_subop = transcript.template receive_from_prover(commitment_labels.avmMini_subop); - commitments.avmMini_ia = transcript.template receive_from_prover(commitment_labels.avmMini_ia); - commitments.avmMini_ib = transcript.template receive_from_prover(commitment_labels.avmMini_ib); - commitments.avmMini_ic = transcript.template receive_from_prover(commitment_labels.avmMini_ic); + transcript->template receive_from_prover(commitment_labels.memTrace_m_lastAccess); + commitments.memTrace_m_rw = transcript->template receive_from_prover(commitment_labels.memTrace_m_rw); + commitments.avmMini_subop = transcript->template receive_from_prover(commitment_labels.avmMini_subop); + commitments.avmMini_ia = transcript->template receive_from_prover(commitment_labels.avmMini_ia); + commitments.avmMini_ib = transcript->template receive_from_prover(commitment_labels.avmMini_ib); + commitments.avmMini_ic = transcript->template receive_from_prover(commitment_labels.avmMini_ic); commitments.avmMini_mem_op_a = - transcript.template receive_from_prover(commitment_labels.avmMini_mem_op_a); + transcript->template receive_from_prover(commitment_labels.avmMini_mem_op_a); commitments.avmMini_mem_op_b = - transcript.template receive_from_prover(commitment_labels.avmMini_mem_op_b); + transcript->template receive_from_prover(commitment_labels.avmMini_mem_op_b); commitments.avmMini_mem_op_c = - transcript.template receive_from_prover(commitment_labels.avmMini_mem_op_c); - commitments.avmMini_rwa = transcript.template receive_from_prover(commitment_labels.avmMini_rwa); - commitments.avmMini_rwb = transcript.template receive_from_prover(commitment_labels.avmMini_rwb); - commitments.avmMini_rwc = transcript.template receive_from_prover(commitment_labels.avmMini_rwc); + transcript->template receive_from_prover(commitment_labels.avmMini_mem_op_c); + commitments.avmMini_rwa = transcript->template receive_from_prover(commitment_labels.avmMini_rwa); + commitments.avmMini_rwb = transcript->template receive_from_prover(commitment_labels.avmMini_rwb); + commitments.avmMini_rwc = transcript->template receive_from_prover(commitment_labels.avmMini_rwc); commitments.avmMini_mem_idx_a = - transcript.template receive_from_prover(commitment_labels.avmMini_mem_idx_a); + transcript->template receive_from_prover(commitment_labels.avmMini_mem_idx_a); commitments.avmMini_mem_idx_b = - transcript.template receive_from_prover(commitment_labels.avmMini_mem_idx_b); + transcript->template receive_from_prover(commitment_labels.avmMini_mem_idx_b); commitments.avmMini_mem_idx_c = - transcript.template receive_from_prover(commitment_labels.avmMini_mem_idx_c); - commitments.avmMini_last = transcript.template receive_from_prover(commitment_labels.avmMini_last); + transcript->template receive_from_prover(commitment_labels.avmMini_mem_idx_c); + commitments.avmMini_last = transcript->template receive_from_prover(commitment_labels.avmMini_last); // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.hpp index da36ecb8a4d..55f30477f6e 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/AvmMini_verifier.hpp @@ -12,6 +12,7 @@ class AvmMiniVerifier { using Commitment = Flavor::Commitment; using VerificationKey = Flavor::VerificationKey; using VerifierCommitmentKey = Flavor::VerifierCommitmentKey; + using Transcript = Flavor::Transcript; public: explicit AvmMiniVerifier(std::shared_ptr verifier_key = nullptr); @@ -26,7 +27,7 @@ class AvmMiniVerifier { std::shared_ptr key; std::map commitments; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + std::shared_ptr transcript; }; } // namespace proof_system::honk diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.cpp index 4fc64409547..b8cd3fe8907 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.cpp @@ -54,7 +54,7 @@ void FibProver::execute_preamble_round() { const auto circuit_size = static_cast(key->circuit_size); - transcript.send_to_verifier("circuit_size", circuit_size); + transcript->send_to_verifier("circuit_size", circuit_size); } /** @@ -66,7 +66,7 @@ void FibProver::execute_wire_commitments_round() auto wire_polys = key->get_wires(); auto labels = commitment_labels.get_wires(); for (size_t idx = 0; idx < wire_polys.size(); ++idx) { - transcript.send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); + transcript->send_to_verifier(labels[idx], commitment_key->commit(wire_polys[idx])); } } @@ -79,7 +79,7 @@ void FibProver::execute_relation_check_rounds() using Sumcheck = sumcheck::SumcheckProver; auto sumcheck = Sumcheck(key->circuit_size, transcript); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); sumcheck_output = sumcheck.prove(prover_polynomials, relation_parameters, alpha); } @@ -102,13 +102,13 @@ void FibProver::execute_zeromorph_rounds() plonk::proof& FibProver::export_proof() { - proof.proof_data = transcript.proof_data; + proof.proof_data = transcript->proof_data; return proof; } plonk::proof& FibProver::construct_proof() { - // Add circuit size public input size and public inputs to transcript. + // Add circuit size public input size and public inputs to transcript-> execute_preamble_round(); // Compute wire commitments diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.hpp index 7a3c80cbe6b..7b9e3cc6862 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_prover.hpp @@ -34,7 +34,7 @@ class FibProver { plonk::proof& export_proof(); plonk::proof& construct_proof(); - Transcript transcript; + std::shared_ptr transcript = std::make_shared(); std::vector public_inputs; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.cpp index f4da6b8f02f..a47e2c0fdf0 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.cpp @@ -40,28 +40,29 @@ bool FibVerifier::verify_proof(const plonk::proof& proof) // using ZeroMorph = pcs::zeromorph::ZeroMorphVerifier_; using VerifierCommitments = Flavor::VerifierCommitments; using CommitmentLabels = Flavor::CommitmentLabels; + using Transcript = Flavor::Transcript; RelationParameters relation_parameters; - transcript = BaseTranscript{ proof.proof_data }; + transcript = std::make_shared(proof.proof_data); VerifierCommitments commitments{ key }; CommitmentLabels commitment_labels; - const auto circuit_size = transcript.template receive_from_prover("circuit_size"); + const auto circuit_size = transcript->template receive_from_prover("circuit_size"); if (circuit_size != key->circuit_size) { return false; } // Get commitments to VM wires - commitments.Fibonacci_x = transcript.template receive_from_prover(commitment_labels.Fibonacci_x); - commitments.Fibonacci_y = transcript.template receive_from_prover(commitment_labels.Fibonacci_y); + commitments.Fibonacci_x = transcript->template receive_from_prover(commitment_labels.Fibonacci_x); + commitments.Fibonacci_y = transcript->template receive_from_prover(commitment_labels.Fibonacci_y); // Execute Sumcheck Verifier auto sumcheck = SumcheckVerifier(circuit_size); - auto alpha = transcript.get_challenge("alpha"); + auto alpha = transcript->get_challenge("alpha"); auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] = sumcheck.verify(relation_parameters, alpha, transcript); diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.hpp index 4d95adbcff4..303cb4fca70 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/Fib_verifier.hpp @@ -12,6 +12,7 @@ class FibVerifier { using Commitment = Flavor::Commitment; using VerificationKey = Flavor::VerificationKey; using VerifierCommitmentKey = Flavor::VerifierCommitmentKey; + using Transcript = Flavor::Transcript; public: explicit FibVerifier(std::shared_ptr verifier_key = nullptr); @@ -26,7 +27,7 @@ class FibVerifier { std::shared_ptr key; std::map commitments; std::shared_ptr pcs_verification_key; - BaseTranscript transcript; + std::shared_ptr transcript; }; } // namespace proof_system::honk