feat: Goblin recursive verifier #1822
Conversation
ledwards2225
force-pushed
the
lde/goblin_recursive_verifier
branch
from
6d654db to
3d95476
Compare
| auto op_tuple = builder->queue_ecc_mul_accum(point.get_value(), scalar.get_value()); | ||
|
|
||
| // Adds constraints demonstrating proper decomposition of point coordinates. | ||
| // Note: may need to do point.x.assert_is_in_field() prior to the assert_eq() according to Kesha. |
There was a problem hiding this comment.
The mental model I have for assert equal is "this is a memcpy but for circuits", in particular:
- memcpy does not assert things are equal
- and memcpy(a,b) is not the same as memcpy(b,a)
There was a problem hiding this comment.
hmm yeah taking a closer look there is a big DO NOT USE IN CIRCUITS warning. Definitely don't understand the details here but it's on the list of things to figure out. Either way the fact that this mistake can be made is a bad sign
ledwards2225
force-pushed
the
lde/goblin_recursive_verifier
branch
3 times, most recently
from
67eefe8 to
d9d2b0c
Compare
| // achieved through a builder Simulator, the stdlib codepath should become the only codepath. | ||
| if constexpr (Curve::is_stdlib_type) { | ||
| std::vector<GroupElement> commitments = { batched_f, batched_g }; | ||
| auto one = Fr::from_witness(r.get_context(), 1); |
There was a problem hiding this comment.
This creates a non-constrained witness, so one can become anything. You probably just wanted Fr(1).
There was a problem hiding this comment.
Updated to Fr(ctx, 1); so that the builder can be used correctly in the naf decomp in batch_mul.
| lhs -= GroupElement::one(ctx) * claim.opening_pair.evaluation; | ||
| } | ||
| auto builder = verifier_transcript.builder; | ||
| auto one = Fr::from_witness(builder, 1); |
There was a problem hiding this comment.
Same issue with one being an unconstrained witness
| for (const auto& val : vanishing_evals) { | ||
| inverse_vanishing_evals.emplace_back(val.invert()); | ||
| auto builder = nu.get_context(); | ||
| evaluation_zero = Fr::from_witness(builder, 0); |
| // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1] | ||
| // = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )] | ||
| commitments.emplace_back(Q_commitment); | ||
| scalars.emplace_back(Fr::from_witness(builder, 1)); // Fr(1) |
| {} | ||
|
|
||
| template <typename Flavor> | ||
| UltraRecursiveVerifier_<Flavor>& UltraRecursiveVerifier_<Flavor>::operator=(UltraRecursiveVerifier_&& other) noexcept |
There was a problem hiding this comment.
Why did you delete these? Just curious, not a comment on the decision
There was a problem hiding this comment.
These are not currently in use and it's not clear they will be needed. I prefer to implement them and check their correctness as needed rather than leave them around to be used incorrectly.
ledwards2225
force-pushed
the
lde/goblin_recursive_verifier
branch
from
d9d2b0c to
e52d884
Compare
ledwards2225
force-pushed
the
lde/goblin_recursive_verifier
branch
from
b7ae155 to
05e872f
Compare
🤖 I have created a new Aztec Packages release --- ## [0.1.0-alpha60](v0.1.0-alpha59...v0.1.0-alpha60) (2023-09-06) ### Features * Goblin recursive verifier ([#1822](#1822)) ([f962cb6](f962cb6)) * initial `is_valid` eip1271 style wallet + minimal test changes ([#1935](#1935)) ([f264c54](f264c54)) ### Bug Fixes * benchmark git repo ([#2041](#2041)) ([3c696bb](3c696bb)) * cli canary & deployment ([#2053](#2053)) ([1ddd24a](1ddd24a)) * **rpc:** Fixes getNodeInfo serialisation ([#1991](#1991)) ([0a29fa8](0a29fa8)) ### Miscellaneous * **circuits:** - use msgpack for cbind routines of native private kernel circuits ([#1938](#1938)) ([3dc5c07](3dc5c07)) * **docs:** API docs stucture ([#2014](#2014)) ([9aab9dd](9aab9dd)) * Update function selector computation ([#2001](#2001)) ([e07ea1a](e07ea1a)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Updates the existing Ultra recursive verifier to allow for goblinized group operations. (Currently limited to
batch_mul)Checklist:
Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge.