plane wifi wip

AztecProtocol · Nov 13, 2023 · 8dd245d · 8dd245d
1 parent 669d210
commit 8dd245d
Show file tree

Hide file tree

Showing 3 changed files with 118 additions and 49 deletions.
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp
@@ -290,42 +290,128 @@ template <ECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_pcs_evaluation_
         const auto& evaluation = gemini_output.opening_pairs[l + 1].evaluation;
         transcript.send_to_verifier(label, evaluation);
     }
-}
+
+    const FF evaluation_challenge_x = transcript.get_challenge("Translation:evaluation_challenge_x");
+
+    translation_consistency_check_data.witnesses = { prover_polynomials.transcript_op,
+                                                     prover_polynomials.transcript_x,
+                                                     prover_polynomials.transcript_y,
+                                                     prover_polynomials.transcript_z1,
+                                                     prover_polynomials.transcript_z2 };
+
+    translation_consistency_check_data.opening_pairs = {
+        {
+            evaluation_challenge_x,
+            prover_polynomials.transcript_op.evaluate(evaluation_challenge_x),
+        },
+        {
+            evaluation_challenge_x,
+            prover_polynomials.transcript_x.evaluate(evaluation_challenge_x),
+        },
+        {
+            evaluation_challenge_x,
+            prover_polynomials.transcript_y.evaluate(evaluation_challenge_x),
+        },
+        {
+            evaluation_challenge_x,
+            prover_polynomials.transcript_z1.evaluate(evaluation_challenge_x),
+        },
+        { evaluation_challenge_x, prover_polynomials.transcript_z2.evaluate(evaluation_challenge_x) }
+    };
+};
 
 /**
  * - Do Fiat-Shamir to get "nu" challenge.
  * - Compute commitment [Q]_1
  * */
-template <ECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_shplonk_batched_quotient_round()
+template <ECCVMFlavor Flavor>
+void ECCVMProver_<Flavor>::execute_batched_univariatization_shplonk_batched_quotient_round()
 {
-    nu_challenge = transcript.get_challenge("Shplonk:nu");
+    nu_challenge = transcript.get_challenge("ShplonkUnivariatization:nu");
 
-    batched_quotient_Q =
+    batched_univariatization_batched_quotient_Q =
         Shplonk::compute_batched_quotient(gemini_output.opening_pairs, gemini_output.witnesses, nu_challenge);
 
     // commit to Q(X) and add [Q] to the transcript
-    transcript.send_to_verifier("Shplonk:Q", commitment_key->commit(batched_quotient_Q));
+    transcript.send_to_verifier("ShplonkUnivariatization:Q",
+                                commitment_key->commit(batched_univariatization_batched_quotient_Q));
 }
 
 /**
  * - Do Fiat-Shamir to get "z" challenge.
  * - Compute polynomial Q(X) - Q_z(X)
  * */
-template <ECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_shplonk_partial_evaluation_round()
+template <ECCVMFlavor Flavor>
+void ECCVMProver_<Flavor>::execute_batched_univariatization_shplonk_partial_evaluation_round()
+{
+    const FF z_challenge = transcript.get_challenge("ShplonkUnivariatization:z");
+
+    batched_univariatization_shplonk_output =
+        Shplonk::compute_partially_evaluated_batched_quotient(gemini_output.opening_pairs,
+                                                              gemini_output.witnesses,
+                                                              std::move(batched_univariatization_batched_quotient_Q),
+                                                              nu_challenge,
+                                                              z_challenge);
+}
+
+/**
+ * - Compute final PCS opening proof:
+ * - For KZG, this is the quotient commitment [W]_1
+ * - For IPA, the vectors L and R // WORKTODO?
+ * */
+template <ECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_batched_univariatization_ipa_round()
+{
+    PCS::compute_opening_proof(commitment_key,
+                               batched_univariatization_shplonk_output.opening_pair,
+                               batched_univariatization_shplonk_output.witness,
+                               transcript);
+}
+
+/**
+ * - Do Fiat-Shamir to get "nu" challenge.
+ * - Compute commitment [Q]_1
+ * */
+template <ECCVMFlavor Flavor>
+void ECCVMProver_<Flavor>::execute_translation_consistency_check_shplonk_batched_quotient_round()
 {
-    const FF z_challenge = transcript.get_challenge("Shplonk:z");
+    nu_challenge = transcript.get_challenge("ShplonkTranslation:nu");
 
-    shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient(
-        gemini_output.opening_pairs, gemini_output.witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);
+    translation_consistency_check_batched_quotient_Q = Shplonk::compute_batched_quotient(
+        translation_consistency_check_data.opening_pairs, translation_consistency_check_data.witnesses, nu_challenge);
+
+    // commit to Q(X) and add [Q] to the transcript
+    transcript.send_to_verifier("ShplonkTranslation:Q",
+                                commitment_key->commit(translation_consistency_check_batched_quotient_Q));
+}
+
+/**
+ * - Do Fiat-Shamir to get "z" challenge.
+ * - Compute polynomial Q(X) - Q_z(X)
+ * */
+template <ECCVMFlavor Flavor>
+void ECCVMProver_<Flavor>::execute_translation_consistency_check_shplonk_partial_evaluation_round()
+{
+    const FF z_challenge = transcript.get_challenge("ShplonkTranslation:z");
+
+    translation_consistency_check_shplonk_output = Shplonk::compute_partially_evaluated_batched_quotient(
+        translation_consistency_check_data.opening_pairs,
+        translation_consistency_check_data.witnesses,
+        std::move(translation_consistency_check_batched_quotient_Q),
+        nu_challenge,
+        z_challenge);
 }
+
 /**
  * - Compute final PCS opening proof:
  * - For KZG, this is the quotient commitment [W]_1
- * - For IPA, the vectors L and R
+ * - For IPA, the vectors L and R // WORKTODO?
  * */
-template <ECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_final_pcs_round()
+template <ECCVMFlavor Flavor> void ECCVMProver_<Flavor>::execute_translation_consistency_check_ipa_round()
 {
-    PCS::compute_opening_proof(commitment_key, shplonk_output.opening_pair, shplonk_output.witness, transcript);
+    PCS::compute_opening_proof(commitment_key,
+                               translation_consistency_check_shplonk_output.opening_pair,
+                               translation_consistency_check_shplonk_output.witness,
+                               transcript);
 }
 
 template <ECCVMFlavor Flavor> plonk::proof& ECCVMProver_<Flavor>::export_proof()
@@ -336,42 +422,19 @@ template <ECCVMFlavor Flavor> plonk::proof& ECCVMProver_<Flavor>::export_proof()
 
 template <ECCVMFlavor Flavor> plonk::proof& ECCVMProver_<Flavor>::construct_proof()
 {
-    // Add circuit size public input size and public inputs to transcript.
     execute_preamble_round();
-
-    // Compute first three wire commitments
     execute_wire_commitments_round();
-
-    // Compute sorted list accumulator and commitment
     execute_log_derivative_commitments_round();
-
-    // Fiat-Shamir: beta & gamma
-    // Compute grand product(s) and commitments.
     execute_grand_product_computation_round();
-
-    // Fiat-Shamir: alpha
-    // Run sumcheck subprotocol.
     execute_relation_check_rounds();
-
-    // Fiat-Shamir: rho
-    // Compute Fold polynomials and their commitments.
     execute_univariatization_round();
-
-    // Fiat-Shamir: r
-    // Compute Fold evaluations
     execute_pcs_evaluation_round();
-
-    // Fiat-Shamir: nu
-    // Compute Shplonk batched quotient commitment Q
-    execute_shplonk_batched_quotient_round();
-
-    // Fiat-Shamir: z
-    // Compute partial evaluation Q_z
-    execute_shplonk_partial_evaluation_round();
-
-    // Fiat-Shamir: z
-    // Compute PCS opening proof (either KZG quotient commitment or IPA opening proof)
-    execute_final_pcs_round();
+    execute_batched_univariatization_shplonk_batched_quotient_round();
+    execute_batched_univariatization_shplonk_partial_evaluation_round();
+    execute_batched_univariatization_ipa_round();
+    execute_translation_consistency_check_shplonk_batched_quotient_round();
+    execute_translation_consistency_check_shplonk_partial_evaluation_round();
+    execute_translation_consistency_check_ipa_round();
 
     return export_proof();
 }

diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp
@@ -36,9 +36,12 @@ template <ECCVMFlavor Flavor> class ECCVMProver_ {
     void execute_relation_check_rounds();
     void execute_univariatization_round();
     void execute_pcs_evaluation_round();
-    void execute_shplonk_batched_quotient_round();
-    void execute_shplonk_partial_evaluation_round();
-    void execute_final_pcs_round();
+    void execute_batched_univariatization_shplonk_batched_quotient_round();
+    void execute_batched_univariatization_shplonk_partial_evaluation_round();
+    void execute_batched_univariatization_ipa_round();
+    void execute_translation_consistency_check_shplonk_batched_quotient_round();
+    void execute_translation_consistency_check_shplonk_partial_evaluation_round();
+    void execute_translation_consistency_check_ipa_round();
 
     plonk::proof& export_proof();
     plonk::proof& construct_proof();
@@ -61,14 +64,17 @@ template <ECCVMFlavor Flavor> class ECCVMProver_ {
     // Container for d + 1 Fold polynomials produced by Gemini
     std::vector<Polynomial> gemini_polynomials;
 
-    Polynomial batched_quotient_Q; // batched quotient poly computed by Shplonk
-    FF nu_challenge;               // needed in both Shplonk rounds
+    Polynomial batched_univariatization_batched_quotient_Q;      // batched quotient poly computed by Shplonk
+    Polynomial translation_consistency_check_batched_quotient_Q; // batched quotient poly computed by Shplonk
+    FF nu_challenge;                                             // needed in both Shplonk rounds
 
     Polynomial quotient_W;
 
     sumcheck::SumcheckOutput<Flavor> sumcheck_output;
     pcs::gemini::ProverOutput<Curve> gemini_output;
-    pcs::shplonk::ProverOutput<Curve> shplonk_output;
+    pcs::gemini::ProverOutput<Curve> translation_consistency_check_data; // WORKTODO: move this struct
+    pcs::shplonk::ProverOutput<Curve> batched_univariatization_shplonk_output;
+    pcs::shplonk::ProverOutput<Curve> translation_consistency_check_shplonk_output;
     std::shared_ptr<PCSCommitmentKey> commitment_key;
 
     using Gemini = pcs::gemini::GeminiProver_<Curve>;

diff --git a/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp b/barretenberg/cpp/src/barretenberg/polynomials/polynomial.hpp
@@ -105,8 +105,8 @@ template <typename Fr> class Polynomial {
         return coefficients_.get()[i];
     };
 
-    Fr evaluate(const Fr& z, const size_t target_size) const;
-    Fr evaluate(const Fr& z) const;
+    [[nodiscard]] Fr evaluate(const Fr& z, const size_t target_size) const;
+    [[nodiscard]] Fr evaluate(const Fr& z) const;
 
     Fr compute_barycentric_evaluation(const Fr& z, const EvaluationDomain<Fr>& domain)
         requires polynomial_arithmetic::SupportsFFT<Fr>;