Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: Transcript handled through shared_ptr #3434

Merged
merged 17 commits into from
Dec 1, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -142,19 +142,19 @@ template <typename Curve> class GeminiVerifier_ {
commitments.reserve(num_variables - 1);
for (size_t i = 0; i < num_variables - 1; ++i) {
auto commitment =
transcript.template receive_from_prover<Commitment>("Gemini:FOLD_" + std::to_string(i + 1));
transcript->template receive_from_prover<Commitment>("Gemini:FOLD_" + std::to_string(i + 1));
commitments.emplace_back(commitment);
}

// compute vector of powers of random evaluation point r
const Fr r = transcript.get_challenge("Gemini:r");
const Fr r = transcript->get_challenge("Gemini:r");
std::vector<Fr> r_squares = squares_of_r(r, num_variables);

// Get evaluations a_i, i = 0,...,m-1 from transcript
std::vector<Fr> evaluations;
evaluations.reserve(num_variables);
for (size_t i = 0; i < num_variables; ++i) {
auto eval = transcript.template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
auto eval = transcript->template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
evaluations.emplace_back(eval);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,18 +62,18 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
for (size_t l = 0; l < log_n - 1; ++l) {
std::string label = "FOLD_" + std::to_string(l + 1);
auto commitment = this->ck()->commit(gemini_polynomials[l + 2]);
prover_transcript.send_to_verifier(label, commitment);
prover_transcript->send_to_verifier(label, commitment);
}

const Fr r_challenge = prover_transcript.get_challenge("Gemini:r");
const Fr r_challenge = prover_transcript->get_challenge("Gemini:r");

auto prover_output = GeminiProver::compute_fold_polynomial_evaluations(
multilinear_evaluation_point, std::move(gemini_polynomials), r_challenge);

for (size_t l = 0; l < log_n; ++l) {
std::string label = "Gemini:a_" + std::to_string(l);
const auto& evaluation = prover_output.opening_pairs[l + 1].evaluation;
prover_transcript.send_to_verifier(label, evaluation);
prover_transcript->send_to_verifier(label, evaluation);
}

// Check that the Fold polynomials have been evaluated correctly in the prover
Expand Down
33 changes: 18 additions & 15 deletions barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,17 @@ template <typename Curve> class IPA {
* @param opening_pair (challenge, evaluation)
* @param polynomial The witness polynomial whose opening proof needs to be computed
* @param transcript Prover transcript
* https://github.com/AztecProtocol/aztec-packages/pull/3434
*/
static void compute_opening_proof(std::shared_ptr<CK> ck,
static void compute_opening_proof(const std::shared_ptr<CK>& ck,
const OpeningPair<Curve>& opening_pair,
const Polynomial& polynomial,
BaseTranscript& transcript)
const std::shared_ptr<BaseTranscript>& transcript)
{
ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero");
auto poly_degree = static_cast<size_t>(polynomial.size());
transcript.send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree));
Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
transcript->send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree));
const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge");
auto aux_generator = Commitment::one() * generator_challenge;

// Checks poly_degree is greater than zero and a power of two
Expand Down Expand Up @@ -96,11 +97,11 @@ template <typename Curve> class IPA {
R_elements[i] += aux_generator * inner_prod_R;

std::string index = std::to_string(i);
transcript.send_to_verifier("IPA:L_" + index, Commitment(L_elements[i]));
transcript.send_to_verifier("IPA:R_" + index, Commitment(R_elements[i]));
transcript->send_to_verifier("IPA:L_" + index, Commitment(L_elements[i]));
transcript->send_to_verifier("IPA:R_" + index, Commitment(R_elements[i]));

// Generate the round challenge.
const Fr round_challenge = transcript.get_challenge("IPA:round_challenge_" + index);
const Fr round_challenge = transcript->get_challenge("IPA:round_challenge_" + index);
const Fr round_challenge_inv = round_challenge.invert();

std::vector<Commitment> G_lo(G_vec_local.begin(), G_vec_local.begin() + static_cast<long>(round_size));
Expand All @@ -122,7 +123,7 @@ template <typename Curve> class IPA {
}
}

transcript.send_to_verifier("IPA:a_0", a_vec[0]);
transcript->send_to_verifier("IPA:a_0", a_vec[0]);
}

/**
Expand All @@ -134,10 +135,12 @@ template <typename Curve> class IPA {
*
* @return true/false depending on if the proof verifies
*/
static bool verify(std::shared_ptr<VK> vk, const OpeningClaim<Curve>& opening_claim, BaseTranscript& transcript)
static bool verify(const std::shared_ptr<VK>& vk,
const OpeningClaim<Curve>& opening_claim,
const std::shared_ptr<BaseTranscript>& transcript)
{
auto poly_degree = static_cast<size_t>(transcript.template receive_from_prover<uint64_t>("IPA:poly_degree"));
Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
auto poly_degree = static_cast<size_t>(transcript->template receive_from_prover<uint64_t>("IPA:poly_degree"));
const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge");
auto aux_generator = Commitment::one() * generator_challenge;

auto log_poly_degree = static_cast<size_t>(numeric::get_msb(poly_degree));
Expand All @@ -153,9 +156,9 @@ template <typename Curve> class IPA {
std::vector<Fr> msm_scalars(pippenger_size);
for (size_t i = 0; i < log_poly_degree; i++) {
std::string index = std::to_string(i);
auto element_L = transcript.template receive_from_prover<Commitment>("IPA:L_" + index);
auto element_R = transcript.template receive_from_prover<Commitment>("IPA:R_" + index);
round_challenges[i] = transcript.get_challenge("IPA:round_challenge_" + index);
auto element_L = transcript->template receive_from_prover<Commitment>("IPA:L_" + index);
auto element_R = transcript->template receive_from_prover<Commitment>("IPA:R_" + index);
round_challenges[i] = transcript->get_challenge("IPA:round_challenge_" + index);
round_challenges_inv[i] = round_challenges[i].invert();

msm_elements[2 * i] = element_L;
Expand Down Expand Up @@ -211,7 +214,7 @@ template <typename Curve> class IPA {
auto G_zero = barretenberg::scalar_multiplication::pippenger_without_endomorphism_basis_points<Curve>(
&s_vec[0], &G_vec_local[0], poly_degree, vk->pippenger_runtime_state);

auto a_zero = transcript.template receive_from_prover<Fr>("IPA:a_0");
auto a_zero = transcript->template receive_from_prover<Fr>("IPA:a_0");

GroupElement right_hand_side = G_zero * a_zero + aux_generator * a_zero * b_zero;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,16 +70,16 @@ TEST_F(IPATest, Open)
const OpeningClaim<Curve> opening_claim{ opening_pair, commitment };

// initialize empty prover transcript
BaseTranscript prover_transcript;
auto prover_transcript = std::make_shared<BaseTranscript>();
IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);

// initialize verifier transcript from proof data
BaseTranscript verifier_transcript{ prover_transcript.proof_data };
auto verifier_transcript = std::make_shared<BaseTranscript>(prover_transcript->proof_data);

auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript);
EXPECT_TRUE(result);

EXPECT_EQ(prover_transcript.get_manifest(), verifier_transcript.get_manifest());
EXPECT_EQ(prover_transcript->get_manifest(), verifier_transcript->get_manifest());
}

TEST_F(IPATest, GeminiShplonkIPAWithShift)
Expand Down Expand Up @@ -137,26 +137,26 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
for (size_t l = 0; l < log_n - 1; ++l) {
std::string label = "FOLD_" + std::to_string(l + 1);
auto commitment = this->ck()->commit(gemini_polynomials[l + 2]);
prover_transcript.send_to_verifier(label, commitment);
prover_transcript->send_to_verifier(label, commitment);
}

const Fr r_challenge = prover_transcript.get_challenge("Gemini:r");
const Fr r_challenge = prover_transcript->get_challenge("Gemini:r");

const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations(
mle_opening_point, std::move(gemini_polynomials), r_challenge);

for (size_t l = 0; l < log_n; ++l) {
std::string label = "Gemini:a_" + std::to_string(l);
const auto& evaluation = gemini_opening_pairs[l + 1].evaluation;
prover_transcript.send_to_verifier(label, evaluation);
prover_transcript->send_to_verifier(label, evaluation);
}

const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu");
const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu");
auto batched_quotient_Q =
ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge);
prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));

const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z");
const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z");
const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient(
gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);

Expand Down
16 changes: 9 additions & 7 deletions barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ template <typename Curve> class KZG {
static void compute_opening_proof(std::shared_ptr<CK> ck,
const OpeningPair<Curve>& opening_pair,
const Polynomial& polynomial,
BaseTranscript& prover_trancript)
const std::shared_ptr<BaseTranscript>& prover_trancript)
{
Polynomial quotient(polynomial);
quotient[0] -= opening_pair.evaluation;
Expand All @@ -41,7 +41,7 @@ template <typename Curve> class KZG {
// TODO(#479): for now we compute the KZG commitment directly to unify the KZG and IPA interfaces but in the
// future we might need to adjust this to use the incoming alternative to work queue (i.e. variation of
// pthreads) or even the work queue itself
prover_trancript.send_to_verifier("KZG:W", quotient_commitment);
prover_trancript->send_to_verifier("KZG:W", quotient_commitment);
};

/**
Expand All @@ -53,9 +53,11 @@ template <typename Curve> class KZG {
* - P₀ = C − v⋅[1]₁ + r⋅[x]₁
* - P₁ = [Q(x)]₁
*/
static bool verify(std::shared_ptr<VK> vk, const OpeningClaim<Curve>& claim, BaseTranscript& verifier_transcript)
static bool verify(const std::shared_ptr<VK>& vk,
const OpeningClaim<Curve>& claim,
const std::shared_ptr<BaseTranscript>& verifier_transcript)
{
auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W");
auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) +
(quotient_commitment * claim.opening_pair.challenge);
auto rhs = -quotient_commitment;
Expand All @@ -74,15 +76,15 @@ template <typename Curve> class KZG {
* - P₁ = [W(x)]₁
*/
static std::array<GroupElement, 2> compute_pairing_points(const OpeningClaim<Curve>& claim,
auto& verifier_transcript)
const auto& verifier_transcript)
{
auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W");

GroupElement P_0;
// Note: In the recursive setting, we only add the contribution if it is not the point at infinity (i.e. if the
// evaluation is not equal to zero).
if constexpr (Curve::is_stdlib_type) {
auto builder = verifier_transcript.builder;
auto builder = verifier_transcript->builder;
auto one = Fr(builder, 1);
std::vector<GroupElement> commitments = { claim.commitment, quotient_commitment };
std::vector<Fr> scalars = { one, claim.opening_pair.challenge };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,29 +122,29 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
for (size_t l = 0; l < log_n - 1; ++l) {
std::string label = "FOLD_" + std::to_string(l + 1);
auto commitment = this->ck()->commit(gemini_polynomials[l + 2]);
prover_transcript.send_to_verifier(label, commitment);
prover_transcript->send_to_verifier(label, commitment);
}

const Fr r_challenge = prover_transcript.get_challenge("Gemini:r");
const Fr r_challenge = prover_transcript->get_challenge("Gemini:r");

const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations(
mle_opening_point, std::move(gemini_polynomials), r_challenge);

for (size_t l = 0; l < log_n; ++l) {
std::string label = "Gemini:a_" + std::to_string(l);
const auto& evaluation = gemini_opening_pairs[l + 1].evaluation;
prover_transcript.send_to_verifier(label, evaluation);
prover_transcript->send_to_verifier(label, evaluation);
}

// Shplonk prover output:
// - opening pair: (z_challenge, 0)
// - witness: polynomial Q - Q_z
const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu");
const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu");
auto batched_quotient_Q =
ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge);
prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));

const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z");
const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z");
const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient(
gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -168,11 +168,11 @@ template <typename Curve> class ShplonkVerifier_ {

const size_t num_claims = claims.size();

const Fr nu = transcript.get_challenge("Shplonk:nu");
const Fr nu = transcript->get_challenge("Shplonk:nu");

auto Q_commitment = transcript.template receive_from_prover<Commitment>("Shplonk:Q");
auto Q_commitment = transcript->template receive_from_prover<Commitment>("Shplonk:Q");

const Fr z_challenge = transcript.get_challenge("Shplonk:z");
const Fr z_challenge = transcript->get_challenge("Shplonk:z");

// [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1]
// = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ TYPED_TEST(ShplonkTest, ShplonkSimple)
std::vector<Polynomial> polynomials = { poly1, poly2 };

// Execute the shplonk prover functionality
const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu");
const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu");
auto batched_quotient_Q = ShplonkProver::compute_batched_quotient(opening_pairs, polynomials, nu_challenge);
prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));

const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z");
const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z");
const auto [prover_opening_pair, shplonk_prover_witness] =
ShplonkProver::compute_partially_evaluated_batched_quotient(
opening_pairs, polynomials, std::move(batched_quotient_Q), nu_challenge, z_challenge);
Expand Down
Loading