Merge branch 'master' into sync-noir

AztecProtocol · Dec 3, 2024 · 4772967 · 4772967
2 parents bcded2c + 93cd323
commit 4772967
Show file tree

Hide file tree

Showing 209 changed files with 4,089 additions and 5,216 deletions.
diff --git a/.github/.gitignore b/.github/.gitignore
@@ -0,0 +1 @@
+.secrets
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -444,7 +444,7 @@ jobs:
         timeout-minutes: 40
         run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-ultra-honk
 
-  bb-acir-tests-bb-mega-honk:
+  bb-acir-tests-bb-client-ivc:
     needs: [noir-build-acir-tests, build, configure]
     runs-on: ${{ needs.configure.outputs.username }}-x86
     if: needs.configure.outputs.barretenberg == 'true' || needs.configure.outputs.noir == 'true'
@@ -453,11 +453,11 @@ jobs:
         with: { ref: "${{ env.GIT_COMMIT }}" }
       - uses: ./.github/ci-setup-action
         with:
-          concurrency_key: barretenberg-acir-tests-bb-mega-honk-x86
-      - name: "BB Native Acir Tests (Megahonk)"
+          concurrency_key: barretenberg-acir-tests-bb-client-ivc-x86
+      - name: "BB Native Acir Tests (ClientIVC)"
         working-directory: ./barretenberg/
         timeout-minutes: 40
-        run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-mega-honk
+        run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-client-ivc
 
   bb-acir-tests-sol:
     needs: [noir-build-acir-tests, build, configure]
@@ -969,7 +969,7 @@ jobs:
       - bb-acir-tests-bb
       - bb-acir-tests-bb-ultra-plonk
       - bb-acir-tests-bb-ultra-honk
-      - bb-acir-tests-bb-mega-honk
+      - bb-acir-tests-bb-client-ivc
       - bb-acir-tests-sol
       - bb-acir-tests-sol-honk
       - bb-acir-tests-bb-js

diff --git a/.github/workflows/network-deploy.yml b/.github/workflows/network-deploy.yml
@@ -1,18 +1,17 @@
-name: Aztec Network EKS Deployment
-
-# Manual trigerring of this workflow is intentionally disabled
-# Helm deployments do not support lock files
-# Without a lockfile, manual trigerring can lead to corrupted or partial deployments
+name: Aztec Network Deployment
 
 on:
-  push:
-    branches:
-      - staging
-      - production
-  pull_request:
-    branches:
-      - staging
-      - production
+  workflow_dispatch:
+    inputs:
+      namespace:
+        description: The namespace to deploy to, e.g. smoke
+        required: true
+      values_file:
+        description: The values file to use, e.g. 1-validators.yaml
+        required: true
+      aztec_docker_image:
+        description: The Aztec Docker image to use, e.g. aztecprotocol/aztec:da809c58290f9590836f45ec59376cbf04d3c4ce-x86_64
+        required: true
 
 jobs:
   network_deployment:
@@ -24,34 +23,67 @@ jobs:
 
     # Set up a variable based on the branch name
     env:
-      NAMESPACE: ${{ github.ref == 'refs/heads/production' && 'production' || 'staging' }}
+      AZTEC_DOCKER_IMAGE: ${{ inputs.aztec_docker_image }}
+      NAMESPACE: ${{ inputs.namespace }}
+      VALUES_FILE: ${{ inputs.values_file }}
       CHART_PATH: ./spartan/aztec-network
+      CLUSTER_NAME: aztec-gke
+      REGION: us-west1-a
+      TF_STATE_BUCKET: aztec-terraform
+      GKE_CLUSTER_CONTEXT: gke_testnet-440309_us-west1-a_aztec-gke
 
     steps:
-      # Step 1: Check out the repository's code
       - name: Checkout code
         uses: actions/checkout@v3
 
-      # Step 2: Configure AWS credentials using GitHub Secrets
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
 
-      # Step 3: Set up Kubernetes context for AWS EKS
-      - name: Configure kubectl with EKS cluster
+      - name: Install GKE Auth Plugin
         run: |
-          aws eks update-kubeconfig --region us-east-1 --name spartan
+          gcloud components install gke-gcloud-auth-plugin --quiet
 
-      # Step 4: Install Helm
-      - name: Install Helm
+      - name: Configure kubectl with GKE cluster
         run: |
-          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+          gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }}
 
-      # Step 5: Apply Helm Chart
-      - name: Deploy Helm chart
+      - name: Ensure Terraform state bucket exists
         run: |
-          helm dependency update ${{ env.CHART_PATH }}
-          helm upgrade --install ${{ env.NAMESPACE }} ${{ env.CHART_PATH }} --namespace ${{ env.NAMESPACE }} --set network.public=true --atomic --create-namespace --timeout 20m
+          if ! gsutil ls gs://${{ env.TF_STATE_BUCKET }} >/dev/null 2>&1; then
+            echo "Creating GCS bucket for Terraform state..."
+            gsutil mb -l us-east4 gs://${{ env.TF_STATE_BUCKET }}
+            gsutil versioning set on gs://${{ env.TF_STATE_BUCKET }}
+          else
+            echo "Terraform state bucket already exists"
+          fi
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: "1.5.0" # Specify your desired version
+
+      - name: Terraform Init
+        working-directory: ./spartan/terraform/deploy-release
+        run: |
+          terraform init \
+            -backend-config="bucket=${{ env.TF_STATE_BUCKET }}" \
+            -backend-config="prefix=network-deploy/${{ env.REGION }}/${{ env.CLUSTER_NAME }}/${{ env.NAMESPACE }}/terraform.tfstate" \
+
+      - name: Terraform Plan
+        working-directory: ./spartan/terraform/deploy-release
+        run: |
+          terraform plan \
+            -var="release_name=${{ env.NAMESPACE }}" \
+            -var="values_file=${{ env.VALUES_FILE }}" \
+            -var="gke_cluster_context=${{ env.GKE_CLUSTER_CONTEXT }}" \
+            -var="aztec_docker_image=${{ env.AZTEC_DOCKER_IMAGE }}" \
+            -out=tfplan
+
+      - name: Terraform Apply
+        working-directory: ./spartan/terraform/deploy-release
+        run: terraform apply -auto-approve tfplan
diff --git a/barretenberg/.gitrepo b/barretenberg/.gitrepo
@@ -6,7 +6,7 @@
 [subrepo]
 remote = https://github.com/AztecProtocol/barretenberg
 	branch = master
-	commit = 5e751b81cd5e5f34d9286d5a19ea6d4853566480
-	parent = 887c01103255ea4cbbb6cb33c8771d47123b3bff
+	commit = 0fe0a5d6dff43547aaec45256440982184e93bb0
+	parent = da1470d074f4884e61b51e450a661432c6f0a10f
 	method = merge
 	cmdver = 0.4.6
diff --git a/barretenberg/Earthfile b/barretenberg/Earthfile
@@ -27,9 +27,9 @@ barretenberg-acir-tests-bb:
     ENV VERBOSE=1
 
     # Fold and verify an ACIR program stack using ClientIvc
-    RUN FLOW=fold_and_verify_program ./run_acir_tests.sh fold_basic
+    RUN INPUT_TYPE=compiletime_stack FLOW=prove_and_verify_client_ivc ./run_acir_tests.sh fold_basic
     # Fold and verify an ACIR program stack using ClientIvc, then natively verify the ClientIVC proof.
-    RUN FLOW=prove_then_verify_client_ivc ./run_acir_tests.sh fold_basic
+    RUN INPUT_TYPE=compiletime_stack FLOW=prove_then_verify_client_ivc ./run_acir_tests.sh fold_basic
     # Fold and verify an ACIR program stack using ClientIvc, recursively verify as part of the Tube circuit and produce and verify a Honk proof
     RUN FLOW=prove_then_verify_tube ./run_acir_tests.sh fold_basic
     # Run 1_mul through native bb build, all_cmds flow, to test all cli args.
@@ -79,7 +79,7 @@ barretenberg-acir-tests-bb-ultra-honk:
     # Construct and verify a UltraHonk proof for a single program that recursively verifies a Honk proof
     RUN FLOW=prove_and_verify_ultra_honk ./run_acir_tests.sh verify_honk_proof
 
-barretenberg-acir-tests-bb-mega-honk:
+barretenberg-acir-tests-bb-client-ivc:
     FROM ../build-images/+from-registry
 
     COPY ./cpp/+preset-clang-assert/bin/bb /usr/src/barretenberg/cpp/build/bin/bb
@@ -92,12 +92,10 @@ barretenberg-acir-tests-bb-mega-honk:
     ENV TEST_SRC /usr/src/acir_artifacts
     ENV VERBOSE=1
 
-    # Construct and separately verify a MegaHonk proof for all acir programs
-    RUN FLOW=prove_then_verify_mega_honk ./run_acir_tests.sh
-    # Construct and verify a MegaHonk proof for a single arbitrary program
-    RUN FLOW=prove_and_verify_mega_honk ./run_acir_tests.sh 6_array
-    # Construct and verify a MegaHonk proof for all ACIR programs using the new witness stack workflow
-    RUN FLOW=prove_and_verify_mega_honk_program ./run_acir_tests.sh
+    # Construct and verify a ClientIVC proof for a single arbitrary program
+    RUN FLOW=prove_and_verify_client_ivc ./run_acir_tests.sh 6_array
+    # Construct and separately verify a ClientIVC proof for all acir programs
+    RUN FLOW=prove_then_verify_client_ivc CLIENT_IVC_SKIPS=true ./run_acir_tests.sh
 
 barretenberg-acir-tests-sol:
     FROM ../build-images/+from-registry

diff --git a/barretenberg/acir_tests/flows/fold_and_verify_program.sh b/barretenberg/acir_tests/flows/fold_and_verify_program.sh
@@ -1,6 +1,8 @@
 #!/bin/sh
 set -eu
 
+# this flow is deprecated. currently it is bb.js only. for bb is is replaced by:
+# prove_and_verify --scheme client_ivc --input-type compiletime_stack
 VFLAG=${VERBOSE:+-v}
 
 $BIN fold_and_verify_program $VFLAG -c $CRS_PATH -b ./target/program.json
diff --git a/barretenberg/acir_tests/flows/prove_and_verify_client_ivc.sh b/barretenberg/acir_tests/flows/prove_and_verify_client_ivc.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+VFLAG=${VERBOSE:+-v}
+INFLAG=${INPUT_TYPE=compiletime_stack}
+
+FLAGS="$CRS_PATH -b ./target/program.json $VFLAG --scheme client_ivc -c --input_type $INFLAG"
+
+$BIN prove_and_verify $FLAGS
diff --git a/barretenberg/acir_tests/flows/prove_and_verify_mega_honk.sh b/barretenberg/acir_tests/flows/prove_and_verify_mega_honk.sh
@@ -3,4 +3,9 @@ set -eu
 
 VFLAG=${VERBOSE:+-v}
 
+# this flow is deprecated. currently it is bb.js only. for bb is is replaced by:
+# prove_and_verify --scheme client_ivc --input-type compiletime_stack
+# NB: In general, it is not meaningful to produce a MegaHonk proof an its own since
+#     the MegaHonk proof does not attest to the correctness of every possible kind
+#     of gate that could appear in a Mega execution trace.
 $BIN prove_and_verify_mega_honk $VFLAG -c $CRS_PATH -b ./target/program.json
diff --git a/barretenberg/acir_tests/flows/prove_and_verify_mega_honk_program.sh b/barretenberg/acir_tests/flows/prove_and_verify_mega_honk_program.sh
@@ -3,4 +3,9 @@ set -eu
 
 VFLAG=${VERBOSE:+-v}
 
+# this flow is deprecated. currently it is bb.js only. for bb is is replaced by:
+# prove_and_verify --scheme client_ivc --input-type compiletime_stack
+# NB: In general, it is not meaningful to produce a MegaHonk proof an its own since
+#     the MegaHonk proof does not attest to the correctness of every possible kind
+#     of gate that could appear in a Mega execution trace.
 $BIN prove_and_verify_mega_honk_program $VFLAG -c $CRS_PATH -b ./target/program.json
diff --git a/barretenberg/acir_tests/flows/prove_then_verify_client_ivc.sh b/barretenberg/acir_tests/flows/prove_then_verify_client_ivc.sh
@@ -3,7 +3,9 @@ set -eu
 
 VFLAG=${VERBOSE:+-v}
 BFLAG="-b ./target/program.json"
-FLAGS="-c $CRS_PATH $VFLAG"
+INFLAG=${INPUT_TYPE=compiletime_stack}
 
-$BIN client_ivc_prove_output_all $FLAGS $BFLAG
-$BIN verify_client_ivc $FLAGS
+FLAGS="--scheme client_ivc -c $CRS_PATH $VFLAG"
+
+$BIN prove $FLAGS $BFLAG --input_type $INFLAG
+$BIN verify $FLAGS
diff --git a/barretenberg/acir_tests/flows/prove_then_verify_tube.sh b/barretenberg/acir_tests/flows/prove_then_verify_tube.sh
@@ -5,7 +5,7 @@ mkdir -p ./proofs
 
 VFLAG=${VERBOSE:+-v}
 
-$BIN client_ivc_prove_output_all $VFLAG -c $CRS_PATH -b ./target/program.json
+$BIN prove --scheme client_ivc --input_type compiletime_stack $VFLAG -c $CRS_PATH -b ./target/program.json
 $BIN prove_tube -k vk -p proof -c $CRS_PATH $VFLAG
 $BIN verify_tube -k vk -p proof -c $CRS_PATH $VFLAG
 
diff --git a/barretenberg/acir_tests/flows/prove_tube.sh b/barretenberg/acir_tests/flows/prove_tube.sh
@@ -5,5 +5,5 @@ VFLAG=${VERBOSE:+-v}
 BFLAG="-b ./target/program.json"
 FLAGS="-c $CRS_PATH $VFLAG"
 
-$BIN client_ivc_prove_output_all $VFLAG -c $CRS_PATH -b ./target/program.json
+$BIN prove --scheme client_ivc --input_type compiletime_stack $VFLAG -c $CRS_PATH -b ./target/program.json
 $BIN prove_tube -k vk -p proof $FLAGS
diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh
@@ -14,6 +14,7 @@ trap handle_sigchild SIGCHLD
 BIN=${BIN:-../cpp/build/bin/bb}
 FLOW=${FLOW:-prove_and_verify}
 HONK=${HONK:-false}
+CLIENT_IVC_SKIPS=${CLIENT_IVC_SKIPS:-false}
 CRS_PATH=~/.bb-crs
 BRANCH=master
 VERBOSE=${VERBOSE:-}
@@ -57,6 +58,21 @@ if [ "$HONK" = true ]; then
     SKIP_ARRAY+=(single_verify_proof double_verify_proof double_verify_nested_proof)
 fi
 
+if [ "$CLIENT_IVC_SKIPS" = true ]; then
+    # At least for now, skip folding tests that fail when run against ClientIVC.
+    # This is not a regression--folding was not being properly tested.
+    # TODO(https://github.com/AztecProtocol/barretenberg/issues/1164): Resolve this
+    # The reason for failure is that compile-time folding, as initially conceived, is
+    # only supported by ClientIVC through hacks. ClientIVC in Aztec is ultimately to be
+    # used through runtime folding, since the kernels that are needed are detected and
+    # constructed at runtime in Aztec's typescript proving interface. ClientIVC appends
+    # folding verifiers and does databus and Goblin merge work depending on its inputs,
+    # detecting which circuits are Aztec kernels. These tests may simple fail for trivial
+    # reasons, e.g. because  the number of circuits in the stack is odd.
+    SKIP_ARRAY+=(fold_basic_nested_call fold_fibonacci fold_numeric_generic_poseidon ram_blowup_regression)
+fi
+
+
 function test() {
   cd $1
 

diff --git a/barretenberg/cpp/docs/Fuzzing.md b/barretenberg/cpp/docs/Fuzzing.md
@@ -2,7 +2,7 @@
 
 ## Intro
 
-We are gradually introducing fuzzing of various primitives into barretenberg, focusing first and foremost on in-cicruit types. If you are developing / patching a primitive and there is a fuzzer available for it, please take the time to update the fuzzer (if you've added new functionality) and run it for at least a few hours to increase security.
+We are gradually introducing fuzzing of various primitives into barretenberg, focusing first and foremost on in-circuit types. If you are developing / patching a primitive and there is a fuzzer available for it, please take the time to update the fuzzer (if you've added new functionality) and run it for at least a few hours to increase security.
 
 ## Build
 

diff --git a/barretenberg/cpp/docs/src/sumcheck-outline.md b/barretenberg/cpp/docs/src/sumcheck-outline.md
@@ -195,9 +195,9 @@ Observe that \f$ G \f$ has several important properties
 - The coefficients of \f$ G \f$ are independent and uniformly distributed.
 - Evaluations of \f$ G \f$ at \f$ \vec \ell \in \{0,1\}^d\f$ and related Sumcheck Round Univariates are efficiently computable.
 
-The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$  are independent and uniformly distributed. We call them Libra Round Univarites.
+The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$  are independent and uniformly distributed. We call them Libra Round Univariates.
 
-Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge.
+Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univariates multiplied by the challenge.
 The fact that the degrees of Libra Round Univariates are big enough (i.e. \f$ \tilde{D}\geq D \f$) and that their evaluations are random imply that the evaluations \f$ \tilde{S}^i(0),\ldots,\tilde{S}^i(\tilde D)\f$ defined in [Compute Round Univariates](#ComputeRoundUnivariates) are now masked by the evaluations of Libra Round Univariates. These evaluations are described explicitly [below](#LibraRoundUnivariates).
 
 ### Example {#LibraPolynomialExample}

diff --git a/barretenberg/cpp/src/barretenberg/bb/acir_format_getters.hpp b/barretenberg/cpp/src/barretenberg/bb/acir_format_getters.hpp
@@ -0,0 +1,34 @@
+#pragma once
+#include "barretenberg/bb/config.hpp"
+#include "barretenberg/bb/file_io.hpp"
+#include "barretenberg/bb/get_bytecode.hpp"
+#include "barretenberg/dsl/acir_format/acir_format.hpp"
+#include "barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp"
+
+namespace bb {
+
+acir_format::WitnessVector get_witness(std::string const& witness_path)
+{
+    auto witness_data = get_bytecode(witness_path);
+    return acir_format::witness_buf_to_witness_data(witness_data);
+}
+
+acir_format::AcirFormat get_constraint_system(std::string const& bytecode_path, bool honk_recursion)
+{
+    auto bytecode = get_bytecode(bytecode_path);
+    return acir_format::circuit_buf_to_acir_format(bytecode, honk_recursion);
+}
+
+acir_format::WitnessVectorStack get_witness_stack(std::string const& witness_path)
+{
+    auto witness_data = get_bytecode(witness_path);
+    return acir_format::witness_buf_to_witness_stack(witness_data);
+}
+
+std::vector<acir_format::AcirFormat> get_constraint_systems(std::string const& bytecode_path, bool honk_recursion)
+{
+    auto bytecode = get_bytecode(bytecode_path);
+    return acir_format::program_buf_to_acir_format(bytecode, honk_recursion);
+}
+
+} // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/bb/api.hpp b/barretenberg/cpp/src/barretenberg/bb/api.hpp
@@ -0,0 +1,39 @@
+#pragma once
+#include <filesystem>
+
+namespace bb {
+
+class API {
+  public:
+    struct Flags {
+        std::optional<std::string> output_type; // bytes, fields, bytes_and_fields, fields_msgpack
+        std::optional<std::string> input_type;  // compiletime_stack, runtime_stack
+    };
+
+    virtual void prove(const Flags& flags,
+                       const std::filesystem::path& bytecode_path,
+                       const std::filesystem::path& witness_path,
+                       const std::filesystem::path& output_dir) = 0;
+
+    virtual bool verify(const Flags& flags,
+                        const std::filesystem::path& proof_path,
+                        const std::filesystem::path& vk_path) = 0;
+
+    virtual bool prove_and_verify(const Flags& flags,
+                                  const std::filesystem::path& bytecode_path,
+                                  const std::filesystem::path& witness_path) = 0;
+
+    virtual void gates(const Flags& flags,
+                       const std::filesystem::path& bytecode_path,
+                       const std::filesystem::path& witness_path) = 0;
+
+    virtual void contract(const Flags& flags,
+                          const std::filesystem::path& output_path,
+                          const std::filesystem::path& vk_path) = 0;
+
+    virtual void to_fields(const Flags& flags,
+                           const std::filesystem::path& proof_path,
+                           const std::filesystem::path& vk_path,
+                           const std::filesystem::path& output_path) = 0;
+};
+} // namespace bb