feat: Protogalaxy constructor from a verification key

barretenberg/cpp/scripts/collect_profile_information.sh

@@ -15,7 +15,7 @@ cd $(dirname $0)/..
 
 # Configure and build with xray preset.
 cmake --preset $PRESET
-cmake --build --preset $PRESET
+cmake --build --preset $PRESET --target $EXECUTABLE
 
 cd build-$PRESET
 

barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp

@@ -24,7 +24,7 @@ void fold_one(State& state) noexcept
     const auto construct_instance = [&]() {
         Builder builder;
         bench_utils::generate_basic_arithmetic_circuit(builder, log2_num_gates);
-        return composer.create_instance(builder);
+        return composer.create_prover_instance(builder);
     };
 
     std::shared_ptr<Instance> instance_1 = construct_instance();
@@ -37,5 +37,5 @@ void fold_one(State& state) noexcept
     }
 }
 
-BENCHMARK(fold_one)->/* vary the circuit size */ DenseRange(14, 20)->Unit(kMillisecond);
+BENCHMARK(fold_one)->/* vary the circuit size */ DenseRange(15, 20)->Unit(kMillisecond);
 } // namespace proof_system::honk

barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/benchmark_utilities.hpp

@@ -172,7 +172,8 @@ inline proof_system::honk::UltraProver get_prover(
 {
     proof_system::honk::UltraComposer::CircuitBuilder builder;
     test_circuit_function(builder, num_iterations);
-    std::shared_ptr<proof_system::honk::UltraComposer::Instance> instance = composer.create_instance(builder);
+    std::shared_ptr<proof_system::honk::UltraComposer::ProverInstance> instance =
+        composer.create_prover_instance(builder);
     return composer.create_prover(instance);
 }
 

barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk.bench.cpp

@@ -44,5 +44,5 @@ BENCHMARK_CAPTURE(construct_proof_ultrahonk,
 
 BENCHMARK(construct_proof_ultrahonk_power_of_2)
     // 2**15 gates to 2**20 gates
-    ->DenseRange(15, 20)
+    ->DenseRange(14, 20)
     ->Unit(kMillisecond);

barretenberg/cpp/src/barretenberg/goblin/goblin.hpp

@@ -26,6 +26,7 @@ class Goblin {
      * @brief Output of goblin::accumulate; an Ultra proof and the corresponding verification key
      *
      */
+    // WORKTODO: this is being repurposed in the mock kernel circuit as KernelInput
     struct AccumulationOutput {
         HonkProof proof;
         std::shared_ptr<GUHVerificationKey> verification_key;
@@ -104,8 +105,11 @@ class Goblin {
 
         // Construct a Honk proof for the main circuit
         GoblinUltraComposer composer;
-        auto instance = composer.create_instance(circuit_builder);
-        auto prover = composer.create_prover(instance);
+        auto prover_instance = composer.create_prover_instance(circuit_builder);
+        // TODO(https://github.com/AztecProtocol/barretenberg/issues/831): SRS is too small if the verifier instance is
+        // created after merge proving.
+        auto verifier_instance = composer.create_verifier_instance(prover_instance);
+        auto prover = composer.create_prover(prover_instance);
         auto ultra_proof = prover.construct_proof();
 
         // Construct and store the merge proof to be recursively verified on the next call to accumulate
@@ -116,7 +120,7 @@ class Goblin {
             merge_proof_exists = true;
         }
 
-        return { ultra_proof, instance->verification_key };
+        return { ultra_proof, verifier_instance->verification_key };
     };
 
     void prove_eccvm()
@@ -174,7 +178,7 @@ class Goblin {
 
         // Construct a Honk proof for the main circuit
         GoblinUltraComposer composer;
-        auto instance = composer.create_instance(circuit_builder);
+        auto instance = composer.create_prover_instance(circuit_builder);
         auto prover = composer.create_prover(instance);
         auto ultra_proof = prover.construct_proof();
 
@@ -188,7 +192,10 @@ class Goblin {
         //     merge_proof_exists = true;
         // }
 
-        accumulator = { ultra_proof, instance->verification_key };
+        // WORKTODO: proper handling
+        auto verifier_instance = composer.create_verifier_instance(instance);
+
+        accumulator = { ultra_proof, verifier_instance->verification_key };
         return accumulator;
     };
 

barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp

@@ -57,12 +57,6 @@ template <UltraFlavor Flavor> void DeciderProver_<Flavor>::execute_preamble_roun
     for (size_t idx = 0; idx < witness_labels.size(); idx++) {
         transcript->send_to_verifier(witness_labels[idx], comm_view[idx]);
     }
-
-    auto vk_view = accumulator->verification_key->get_all();
-    auto vk_labels = accumulator->commitment_labels.get_precomputed();
-    for (size_t idx = 0; idx < vk_labels.size(); idx++) {
-        transcript->send_to_verifier(vk_labels[idx], vk_view[idx]);
-    }
 }
 
 /**

barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp

@@ -74,13 +74,6 @@ template <typename Flavor> bool DeciderVerifier_<Flavor>::verify_proof(const plo
         comm_view[idx] = transcript->template receive_from_prover<Commitment>(witness_labels[idx]);
     }
 
-    inst->verification_key = std::make_shared<VerificationKey>(inst->instance_size, inst->public_input_size);
-    auto vk_view = inst->verification_key->get_all();
-    auto vk_labels = inst->commitment_labels.get_precomputed();
-    for (size_t idx = 0; idx < vk_labels.size(); idx++) {
-        vk_view[idx] = transcript->template receive_from_prover<Commitment>(vk_labels[idx]);
-    }
-
     VerifierCommitments commitments{ inst->verification_key, inst->witness_commitments };
 
     auto sumcheck = SumcheckVerifier<Flavor>(inst->log_instance_size, transcript, inst->target_sum);

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp

@@ -59,11 +59,6 @@ void ProtoGalaxyProver_<ProverInstances>::finalise_and_send_instance(std::shared
     for (size_t idx = 0; idx < NUM_SUBRELATIONS - 1; idx++) {
         instance->alphas[idx] = transcript->get_challenge(domain_separator + "_alpha_" + std::to_string(idx));
     }
-    auto vk_view = instance->verification_key->get_all();
-    auto labels = instance->commitment_labels.get_precomputed();
-    for (size_t idx = 0; idx < labels.size(); idx++) {
-        transcript->send_to_verifier(domain_separator + "_" + labels[idx], vk_view[idx]);
-    }
 }
 
 template <class ProverInstances>
@@ -103,12 +98,6 @@ void ProtoGalaxyProver_<ProverInstances>::send_accumulator(std::shared_ptr<Insta
     for (size_t idx = 0; idx < witness_labels.size(); idx++) {
         transcript->send_to_verifier(domain_separator + "_" + witness_labels[idx], comm_view[idx]);
     }
-
-    auto vk_view = instance->verification_key->get_all();
-    auto vk_labels = instance->commitment_labels.get_precomputed();
-    for (size_t idx = 0; idx < vk_labels.size(); idx++) {
-        transcript->send_to_verifier(domain_separator + "_" + vk_labels[idx], vk_view[idx]);
-    }
 }
 
 template <class ProverInstances> void ProtoGalaxyProver_<ProverInstances>::prepare_for_folding()
@@ -137,7 +126,7 @@ template <class ProverInstances> void ProtoGalaxyProver_<ProverInstances>::prepa
     idx++;
 
     for (auto it = instances.begin() + 1; it != instances.end(); it++, idx++) {
-        auto instance = *it;
+        auto instance = *it; // WORKTODO: possible unnecessary copy here?
         auto domain_separator = std::to_string(idx);
         finalise_and_send_instance(instance, domain_separator);
     }
@@ -159,6 +148,9 @@ std::shared_ptr<typename ProverInstances::Instance> ProtoGalaxyProver_<ProverIns
     std::vector<FF> lagranges{ FF(1) - challenge, challenge };
 
     auto next_accumulator = std::make_shared<Instance>();
+    next_accumulator->proving_key = std::make_shared<ProvingKey>();
+    next_accumulator->proving_key->circuit_size = instances[0]->proving_key->circuit_size;
+    next_accumulator->proving_key->num_public_inputs = instances[0]->proving_key->num_public_inputs;
     next_accumulator->is_accumulator = true;
     next_accumulator->instance_size = instances[0]->instance_size;
     next_accumulator->log_instance_size = instances[0]->log_instance_size;
@@ -250,22 +242,6 @@ std::shared_ptr<typename ProverInstances::Instance> ProtoGalaxyProver_<ProverIns
                                  folded_relation_parameters.lookup_grand_product_delta);
     next_accumulator->relation_parameters = folded_relation_parameters;
 
-    // Fold the verification key and send it to the verifier as this is part of ϕ as well
-    auto acc_vk = std::make_shared<VerificationKey>(instances[0]->prover_polynomials.get_polynomial_size(),
-                                                    instances[0]->public_inputs.size());
-    auto labels = next_accumulator->commitment_labels.get_precomputed();
-    size_t vk_idx = 0;
-    for (auto& vk : acc_vk->get_all()) {
-        size_t inst = 0;
-        vk = Commitment::infinity();
-        for (auto& instance : instances) {
-            vk = vk + (instance->verification_key->get_all()[vk_idx]) * lagranges[inst];
-            inst++;
-        }
-        transcript->send_to_verifier("next_" + labels[vk_idx], vk);
-        vk_idx++;
-    }
-    next_accumulator->verification_key = acc_vk;
     return next_accumulator;
 }
 

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp

@@ -21,11 +21,11 @@ template <class ProverInstances_> class ProtoGalaxyProver_ {
     using Instance = typename ProverInstances::Instance;
     using Utils = bb::RelationUtils<Flavor>;
     using RowEvaluations = typename Flavor::AllValues;
+    using ProvingKey = typename Flavor::ProvingKey;
     using ProverPolynomials = typename Flavor::ProverPolynomials;
     using Relations = typename Flavor::Relations;
     using RelationSeparator = typename Flavor::RelationSeparator;
     using CombinedRelationSeparator = typename ProverInstances::RelationSeparator;
-    using VerificationKey = typename Flavor::VerificationKey;
     using CommitmentKey = typename Flavor::CommitmentKey;
     using WitnessCommitments = typename Flavor::WitnessCommitments;
     using Commitment = typename Flavor::Commitment;

barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp

@@ -44,13 +44,6 @@ void ProtoGalaxyVerifier_<VerifierInstances>::receive_accumulator(const std::sha
         comm_view[idx] =
             transcript->template receive_from_prover<Commitment>(domain_separator + "_" + witness_labels[idx]);
     }
-
-    inst->verification_key = std::make_shared<VerificationKey>(inst->instance_size, inst->public_input_size);
-    auto vk_view = inst->verification_key->get_all();
-    auto vk_labels = inst->commitment_labels.get_precomputed();
-    for (size_t idx = 0; idx < vk_labels.size(); idx++) {
-        vk_view[idx] = transcript->template receive_from_prover<Commitment>(domain_separator + "_" + vk_labels[idx]);
-    }
 }
 
 template <class VerifierInstances>
@@ -98,12 +91,12 @@ void ProtoGalaxyVerifier_<VerifierInstances>::receive_and_finalise_instance(cons
         inst->alphas[idx] = transcript->get_challenge(domain_separator + "_alpha_" + std::to_string(idx));
     }
 
-    inst->verification_key = std::make_shared<VerificationKey>(inst->instance_size, inst->public_input_size);
-    auto vk_view = inst->verification_key->get_all();
-    auto vk_labels = labels.get_precomputed();
-    for (size_t idx = 0; idx < vk_labels.size(); idx++) {
-        vk_view[idx] = transcript->template receive_from_prover<Commitment>(domain_separator + "_" + vk_labels[idx]);
-    }
+    // inst->verification_key = std::make_shared<VerificationKey>(inst->instance_size, inst->public_input_size);
+    // auto vk_view = inst->verification_key->get_all();
+    // auto vk_labels = labels.get_precomputed();
+    // for (size_t idx = 0; idx < vk_labels.size(); idx++) {
+    //     vk_view[idx] = transcript->template receive_from_prover<Commitment>(domain_separator + "_" + vk_labels[idx]);
+    // }
 }
 
 // TODO(https://github.com/AztecProtocol/barretenberg/issues/795): The rounds prior to actual verifying are common
@@ -255,20 +248,20 @@ bool ProtoGalaxyVerifier_<VerifierInstances>::verify_folding_proof(std::vector<u
         transcript->template receive_from_prover<FF>("next_lookup_grand_product_delta");
     verified = verified & (next_lookup_grand_product_delta == expected_parameters.lookup_grand_product_delta);
 
-    auto acc_vk = std::make_shared<VerificationKey>(instances[0]->instance_size, instances[0]->public_input_size);
-    auto vk_labels = commitment_labels.get_precomputed();
-    size_t vk_idx = 0;
-    for (auto& expected_vk : acc_vk->get_all()) {
-        size_t inst = 0;
-        expected_vk = Commitment::infinity();
-        for (auto& instance : instances) {
-            expected_vk = expected_vk + instance->verification_key->get_all()[vk_idx] * lagranges[inst];
-            inst++;
-        }
-        auto vk = transcript->template receive_from_prover<Commitment>("next_" + vk_labels[vk_idx]);
-        verified = verified & (vk == expected_vk);
-        vk_idx++;
-    }
+    // auto acc_vk = std::make_shared<VerificationKey>(instances[0]->instance_size, instances[0]->public_input_size);
+    // auto vk_labels = commitment_labels.get_precomputed();
+    // size_t vk_idx = 0;
+    // for (auto& expected_vk : acc_vk->get_all()) {
+    //     size_t inst = 0;
+    //     expected_vk = Commitment::infinity();
+    //     for (auto& instance : instances) {
+    //         expected_vk = expected_vk + instance->verification_key->get_all()[vk_idx] * lagranges[inst];
+    //         inst++;
+    //     }
+    //     auto vk = transcript->template receive_from_prover<Commitment>("next_" + vk_labels[vk_idx]);
+    //     verified = verified & (vk == expected_vk);
+    //     vk_idx++;
+    // }
 
     return verified;
 }

barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/goblin_verifier.test.cpp

@@ -151,21 +151,22 @@ template <typename BuilderType> class GoblinRecursiveVerifierTest : public testi
 
         // Compute native verification key
         InnerComposer inner_composer;
-        auto instance = inner_composer.create_instance(inner_circuit);
+        auto instance = inner_composer.create_prover_instance(inner_circuit);
         auto prover = inner_composer.create_prover(instance); // A prerequisite for computing VK
 
         // Instantiate the recursive verifier using the native verification key
-        RecursiveVerifier verifier{ &outer_circuit, instance->verification_key };
+        auto verification_key = inner_composer.compute_verification_key(instance);
+        RecursiveVerifier verifier{ &outer_circuit, verification_key };
 
         // Spot check some values in the recursive VK to ensure it was constructed correctly
-        EXPECT_EQ(verifier.key->circuit_size, instance->verification_key->circuit_size);
-        EXPECT_EQ(verifier.key->log_circuit_size, instance->verification_key->log_circuit_size);
-        EXPECT_EQ(verifier.key->num_public_inputs, instance->verification_key->num_public_inputs);
-        EXPECT_EQ(verifier.key->q_m.get_value(), instance->verification_key->q_m);
-        EXPECT_EQ(verifier.key->q_r.get_value(), instance->verification_key->q_r);
-        EXPECT_EQ(verifier.key->sigma_1.get_value(), instance->verification_key->sigma_1);
-        EXPECT_EQ(verifier.key->id_3.get_value(), instance->verification_key->id_3);
-        EXPECT_EQ(verifier.key->lagrange_ecc_op.get_value(), instance->verification_key->lagrange_ecc_op);
+        EXPECT_EQ(verifier.key->circuit_size, verification_key->circuit_size);
+        EXPECT_EQ(verifier.key->log_circuit_size, verification_key->log_circuit_size);
+        EXPECT_EQ(verifier.key->num_public_inputs, verification_key->num_public_inputs);
+        EXPECT_EQ(verifier.key->q_m.get_value(), verification_key->q_m);
+        EXPECT_EQ(verifier.key->q_r.get_value(), verification_key->q_r);
+        EXPECT_EQ(verifier.key->sigma_1.get_value(), verification_key->sigma_1);
+        EXPECT_EQ(verifier.key->id_3.get_value(), verification_key->id_3);
+        EXPECT_EQ(verifier.key->lagrange_ecc_op.get_value(), verification_key->lagrange_ecc_op);
     }
 
     /**
@@ -179,13 +180,14 @@ template <typename BuilderType> class GoblinRecursiveVerifierTest : public testi
 
         // Generate a proof over the inner circuit
         InnerComposer inner_composer;
-        auto instance = inner_composer.create_instance(inner_circuit);
+        auto instance = inner_composer.create_prover_instance(inner_circuit);
         auto inner_prover = inner_composer.create_prover(instance);
         auto inner_proof = inner_prover.construct_proof();
 
         // Create a recursive verification circuit for the proof of the inner circuit
+        auto verification_key = inner_composer.compute_verification_key(instance);
         OuterBuilder outer_circuit;
-        RecursiveVerifier verifier{ &outer_circuit, instance->verification_key };
+        RecursiveVerifier verifier{ &outer_circuit, verification_key };
         auto pairing_points = verifier.verify_proof(inner_proof);
         info("Recursive Verifier Goblin: num gates = ", outer_circuit.num_gates);
 
@@ -211,7 +213,7 @@ template <typename BuilderType> class GoblinRecursiveVerifierTest : public testi
         // Check 3: Construct and verify a proof of the recursive verifier circuit
         {
             auto composer = get_outer_composer<OuterBuilder>();
-            auto instance = composer.create_instance(outer_circuit);
+            auto instance = composer.create_prover_instance(outer_circuit);
             auto prover = composer.create_prover(instance);
             auto verifier = composer.create_verifier(instance);
             auto proof = prover.construct_proof();
@@ -234,7 +236,7 @@ template <typename BuilderType> class GoblinRecursiveVerifierTest : public testi
 
         // Generate a proof over the inner circuit
         InnerComposer inner_composer;
-        auto instance = inner_composer.create_instance(inner_circuit);
+        auto instance = inner_composer.create_prover_instance(inner_circuit);
         auto inner_prover = inner_composer.create_prover(instance);
         auto inner_proof = inner_prover.construct_proof();
 
@@ -245,8 +247,9 @@ template <typename BuilderType> class GoblinRecursiveVerifierTest : public testi
         inner_proof = inner_prover.export_proof();
 
         // Create a recursive verification circuit for the proof of the inner circuit
+        auto verification_key = inner_composer.compute_verification_key(instance);
         OuterBuilder outer_circuit;
-        RecursiveVerifier verifier{ &outer_circuit, instance->verification_key };
+        RecursiveVerifier verifier{ &outer_circuit, verification_key };
         verifier.verify_proof(inner_proof);
 
         // We expect the circuit check to fail due to the bad proof

barretenberg/cpp/src/barretenberg/stdlib/recursion/honk/verifier/merge_verifier.test.cpp

@@ -81,7 +81,7 @@ class RecursiveMergeVerifierTest : public testing::Test {
         // Check 3: Construct and verify a (goblin) ultra honk proof of the Merge recursive verifier circuit
         {
             GoblinUltraComposer composer;
-            auto instance = composer.create_instance(outer_circuit);
+            auto instance = composer.create_prover_instance(outer_circuit);
             auto prover = composer.create_prover(instance);
             auto verifier = composer.create_verifier(instance);
             auto proof = prover.construct_proof();