fix: fixing boxes wip

barretenberg/.gitrepo

@@ -6,7 +6,7 @@
 [subrepo]
 	remote = https://github.com/AztecProtocol/barretenberg
 	branch = master
-	commit = d041c3e8e59132328e0171fb72d61ea50936ee48
-	parent = 09d0730bad4be2f4954cbb6d27538f7860d0f21f
+	commit = 1ec1e450ae96a9e8526b6661a81de40acb88d93a
+	parent = ccf9b17495ec46df6494fa93e1c848c87a05d071
 	method = merge
 	cmdver = 0.4.6

barretenberg/bootstrap_cache.sh

@@ -10,4 +10,4 @@ extract_repo bb.js \
   /usr/src/barretenberg/cpp/build-wasm-threads/bin ./cpp/build-wasm-threads
 
 echo -e "\033[1mBuilding ESM bb.ts...\033[0m"
-(cd ts && ./bootstrap.sh esm)
+(cd ts && SKIP_CPP_BUILD=1 ./scripts/build_wasm.sh && ./bootstrap.sh esm)

barretenberg/cpp/pil/avm/avm.pil

@@ -0,0 +1,191 @@
+
+include "mem_trace.pil";
+include "alu_chip.pil";
+
+namespace avmMini(256);
+
+    //===== CONSTANT POLYNOMIALS ==================================================
+    pol constant clk(i) { i };
+    pol constant first = [1] + [0]*; // Used mostly to toggle off the first row consisting
+                                     // only in first element of shifted polynomials.
+
+    //===== CONTROL FLOW ==========================================================
+    // Program counter
+    pol commit pc; 
+    // Return Pointer
+    pol commit internal_return_ptr;
+
+    pol commit sel_internal_call;
+    pol commit sel_internal_return;
+    pol commit sel_jump;
+
+    // Halt program execution
+    pol commit sel_halt;
+
+    //===== TABLE SUBOP-TR ========================================================
+    // Boolean selectors for (sub-)operations. Only one operation is activated at
+    // a time.
+
+    // ADD
+    pol commit sel_op_add;
+    // SUB
+    pol commit sel_op_sub;
+    // MUL
+    pol commit sel_op_mul;
+    // DIV
+    pol commit sel_op_div;
+
+    // Instruction memory tag (0: uninitialized, 1: u8, 2: u16, 3: u32, 4: u64, 5: u128, 6:field)
+    pol commit in_tag;
+
+    // Errors
+    pol commit op_err; // Boolean flag pertaining to an operation error
+    pol commit tag_err; // Boolean flag (foreign key to memTrace.m_tag_err)
+
+    // A helper witness being the inverse of some value
+    // to show a non-zero equality
+    pol commit inv;
+
+    // Intermediate register values
+    pol commit ia;
+    pol commit ib;
+    pol commit ic;
+
+    // Memory operation per intermediate register
+    pol commit mem_op_a;
+    pol commit mem_op_b;
+    pol commit mem_op_c;
+
+    // Read-write flag per intermediate register: Read = 0, Write = 1
+    pol commit rwa;
+    pol commit rwb;
+    pol commit rwc;
+
+    // Memory index involved into a memory operation per pertaining intermediate register
+    // We should range constrain it to 32 bits ultimately. For first mini-AVM,
+    // we will assume that these columns are of the right type.
+    pol commit mem_idx_a;
+    pol commit mem_idx_b;
+    pol commit mem_idx_c;
+
+
+    // Track the last line of the execution trace. It does NOT correspond to the last row of the whole table
+    // of size N. As this depends on the supplied bytecode, this polynomial cannot be constant.
+    pol commit last;
+
+    // Relations on type constraints
+
+    sel_op_add * (1 - sel_op_add) = 0;
+    sel_op_sub * (1 - sel_op_sub) = 0;
+    sel_op_mul * (1 - sel_op_mul) = 0;
+    sel_op_div * (1 - sel_op_div) = 0;
+
+    sel_internal_call * (1 - sel_internal_call) = 0;
+    sel_internal_return * (1 - sel_internal_return) = 0;
+    sel_jump * (1 - sel_jump) = 0;
+    sel_halt * (1 - sel_halt) = 0;
+
+    op_err * (1 - op_err) = 0;
+    tag_err * (1 - tag_err) = 0; // Potential optimization (boolean constraint derivation from equivalence check to memTrace)?
+
+    mem_op_a * (1 - mem_op_a) = 0;
+    mem_op_b * (1 - mem_op_b) = 0;
+    mem_op_c * (1 - mem_op_c) = 0;
+
+    rwa * (1 - rwa) = 0;
+    rwb * (1 - rwb) = 0;
+    rwc * (1 - rwc) = 0;
+
+    // TODO: Constrain rwa, rwb, rwc to u32 type and 0 <= in_tag <= 6
+
+    // Set intermediate registers to 0 whenever tag_err occurs
+    tag_err * ia = 0;
+    tag_err * ib = 0;
+    tag_err * ic = 0;
+
+    // Relation for division over the finite field
+    // If tag_err == 1 in a division, then ib == 0 and op_err == 1.
+    #[SUBOP_DIVISION_FF]
+    sel_op_div * (1 - op_err) * (ic * ib - ia) = 0;
+
+    // When sel_op_div == 1, we want ib == 0 <==> op_err == 1
+    // This can be achieved with the 2 following relations.
+    // inv is an extra witness to show that we can invert ib, i.e., inv = ib^(-1)
+    // If ib == 0, we have to set inv = 1 to satisfy the second relation,
+    // because op_err == 1 from the first relation.
+    #[SUBOP_DIVISION_ZERO_ERR1]
+    sel_op_div * (ib * inv - 1 + op_err) = 0;
+    #[SUBOP_DIVISION_ZERO_ERR2]
+    sel_op_div * op_err * (1 - inv) = 0;
+
+    // op_err cannot be maliciously activated for a non-relevant
+    // operation selector, i.e., op_err == 1 ==> sel_op_div || sel_op_XXX || ...
+    // op_err * (sel_op_div + sel_op_XXX + ... - 1) == 0
+    // Note that the above is even a stronger constraint, as it shows
+    // that exactly one sel_op_XXX must be true.
+    // At this time, we have only division producing an error.
+    #[SUBOP_ERROR_RELEVANT_OP]
+    op_err * (sel_op_div - 1) = 0;
+
+    // TODO: constraint that we stop execution at the first error (tag_err or op_err)
+    // An error can only happen at the last sub-operation row.
+
+    // OPEN/POTENTIAL OPTIMIZATION: Dedicated error per relevant operation?
+    // For the division, we could lower the degree from 4 to 3
+    // (sel_op_div - op_div_err) * (ic * ib - ia) = 0;
+    // Same for the relations related to the error activation:
+    // (ib * inv - 1 + op_div_err) = 0 && op_err * (1 - inv) = 0 
+    // This works in combination with op_div_err * (sel_op_div - 1) = 0;
+    // Drawback is the need to paralllelize the latter.
+
+    //===== CONTROL FLOW =======================================================
+    //===== JUMP ===============================================================
+    sel_jump * (pc' - ia) = 0;
+
+    //===== INTERNAL_CALL ======================================================
+    // - The program counter in the next row should be equal to the value loaded from the ia register
+    // - We then write the return location (pc + 1) into the call stack (in memory)
+
+    #[RETURN_POINTER_INCREMENT]
+    sel_internal_call * (internal_return_ptr' - (internal_return_ptr + 1)) = 0;
+    sel_internal_call * (internal_return_ptr - mem_idx_b) = 0;
+    sel_internal_call * (pc' - ia) = 0;
+    sel_internal_call * ((pc + 1) - ib) = 0;
+
+    // TODO(md): Below relations may be removed through sub-op table lookup
+    sel_internal_call * (rwb - 1) = 0;
+    sel_internal_call * (mem_op_b  - 1) = 0;
+
+    //===== INTERNAL_RETURN ===================================================
+    // - We load the memory pointer to be the internal_return_ptr 
+    // - Constrain then next program counter to be the loaded value
+    // - decrement the internal_return_ptr
+
+    #[RETURN_POINTER_DECREMENT]
+    sel_internal_return * (internal_return_ptr' - (internal_return_ptr - 1)) = 0;
+    sel_internal_return * ((internal_return_ptr - 1) - mem_idx_a) = 0;
+    sel_internal_return * (pc' - ia) = 0;
+
+    // TODO(md): Below relations may be removed through sub-op table lookup
+    sel_internal_return * rwa = 0;
+    sel_internal_return * (mem_op_a - 1) = 0;
+
+    //===== CONTROL_FLOW_CONSISTENCY ============================================
+    pol INTERNAL_CALL_STACK_SELECTORS = (first + sel_internal_call + sel_internal_return + sel_halt);
+    pol OPCODE_SELECTORS = (sel_op_add + sel_op_sub + sel_op_div + sel_op_mul);
+
+    // Program counter must increment if not jumping or returning
+    #[PC_INCREMENT]
+    (1 - first) * (1 - sel_halt) * OPCODE_SELECTORS * (pc' - (pc + 1)) = 0;
+
+    // first == 0 && sel_internal_call == 0 && sel_internal_return == 0 && sel_halt == 0 ==> internal_return_ptr == internal_return_ptr'
+    #[INTERNAL_RETURN_POINTER_CONSISTENCY]
+    (1 - INTERNAL_CALL_STACK_SELECTORS) * (internal_return_ptr' - internal_return_ptr) = 0; 
+
+    // TODO: we want to set an initial number for the reserved memory of the jump pointer
+
+    // Inter-table Constraints
+
+    // TODO: tag_err {clk} IS memTrace.m_tag_err {memTrace.m_clk}
+    // TODO: Map memory trace with intermediate register values whenever there is no tag error, sthg like:
+    // mem_op_a * (1 - tag_err) {mem_idx_a, clk, ia, rwa} IS m_sub_clk == 0 && 1 - m_tag_err {m_addr, m_clk, m_val, m_rw}

barretenberg/cpp/src/CMakeLists.txt

@@ -137,7 +137,8 @@ set(BARRETENBERG_TARGET_OBJECTS
     $<TARGET_OBJECTS:sumcheck_objects>
     $<TARGET_OBJECTS:transcript_objects>
     $<TARGET_OBJECTS:translator_vm_objects>
-    $<TARGET_OBJECTS:ultra_honk_objects>)
+    $<TARGET_OBJECTS:ultra_honk_objects>
+    $<TARGET_OBJECTS:vm_objects>)
 
 add_library(
     barretenberg

barretenberg/cpp/src/barretenberg/bb/main.cpp

@@ -1,5 +1,9 @@
+#include "barretenberg/bb/file_io.hpp"
+#include "barretenberg/common/serialize.hpp"
 #include "barretenberg/dsl/types.hpp"
+#include "barretenberg/honk/proof_system/types/proof.hpp"
 #include "barretenberg/plonk/proof_system/proving_key/serialize.hpp"
+#include "barretenberg/vm/avm_trace/AvmMini_execution.hpp"
 #include "config.hpp"
 #include "get_bn254_crs.hpp"
 #include "get_bytecode.hpp"
@@ -12,6 +16,7 @@
 #include <barretenberg/dsl/acir_proofs/acir_composer.hpp>
 #include <barretenberg/dsl/acir_proofs/goblin_acir_composer.hpp>
 #include <barretenberg/srs/global_crs.hpp>
+#include <cstdint>
 #include <iostream>
 #include <stdexcept>
 #include <string>
@@ -506,6 +511,7 @@ int main(int argc, char* argv[])
         if (command == "prove_and_verify_goblin") {
             return proveAndVerifyGoblin(bytecode_path, witness_path) ? 0 : 1;
         }
+
         if (command == "prove") {
             std::string output_path = get_option(args, "-o", "./proofs/proof");
             prove(bytecode_path, witness_path, output_path);
@@ -528,6 +534,23 @@ int main(int argc, char* argv[])
         } else if (command == "vk_as_fields") {
             std::string output_path = get_option(args, "-o", vk_path + "_fields.json");
             vk_as_fields(vk_path, output_path);
+        } else if (command == "avm_prove") {
+            std::string avm_bytecode_path = get_option(args, "-b", "./target/avm_bytecode.bin");
+            std::string output_path = get_option(args, "-o", "./proofs/avm_proof");
+            std::vector<uint8_t> call_data_bytes{};
+
+            if (flag_present(args, "-d")) {
+                auto const call_data_path = get_option(args, "-d", "./target/call_data.bin");
+                call_data_bytes = read_file(call_data_path);
+            }
+
+            srs::init_crs_factory("../srs_db/ignition");
+
+            std::vector<fr> const call_data = many_from_buffer<fr>(call_data_bytes);
+            auto const avm_bytecode = read_file(avm_bytecode_path);
+            auto const proof = avm_trace::Execution::run_and_prove(avm_bytecode, call_data);
+            std::vector<uint8_t> const proof_bytes = to_buffer(proof);
+            write_file(output_path, proof_bytes);
         } else {
             std::cerr << "Unknown command: " << command << "\n";
             return 1;

barretenberg/cpp/src/barretenberg/benchmark/goblin_bench/eccvm.bench.cpp

@@ -7,9 +7,9 @@
 using namespace benchmark;
 using namespace bb;
 
-using Flavor = honk::flavor::ECCVM;
+using Flavor = ECCVMFlavor;
 using Builder = ECCVMCircuitBuilder<Flavor>;
-using Composer = honk::ECCVMComposer;
+using Composer = ECCVMComposer;
 
 namespace {
 

barretenberg/cpp/src/barretenberg/benchmark/ipa_bench/ipa.bench.cpp

@@ -3,28 +3,22 @@
 
 using namespace benchmark;
 using namespace bb;
-using namespace bb::honk::pcs::ipa;
+
 namespace {
 using Curve = curve::Grumpkin;
 using Fr = Curve::ScalarField;
-using IPA = IPA<Curve>;
-using OpeningPair = honk::pcs::OpeningPair<Curve>;
-using OpeningClaim = honk::pcs::OpeningClaim<Curve>;
-using Polynomial = Polynomial<Curve::ScalarField>;
-using CommitmentKey = honk::pcs::CommitmentKey<Curve>;
-using VerifierCommitmentKey = honk::pcs::VerifierCommitmentKey<Curve>;
 
 constexpr size_t MIN_POLYNOMIAL_DEGREE_LOG2 = 10;
 constexpr size_t MAX_POLYNOMIAL_DEGREE_LOG2 = 16;
 std::shared_ptr<bb::srs::factories::CrsFactory<curve::Grumpkin>> crs_factory(
     new bb::srs::factories::FileCrsFactory<curve::Grumpkin>("../srs_db/grumpkin", 1 << 16));
 
-auto ck = std::make_shared<CommitmentKey>(1 << MAX_POLYNOMIAL_DEGREE_LOG2, crs_factory);
-auto vk = std::make_shared<VerifierCommitmentKey>(1 << MAX_POLYNOMIAL_DEGREE_LOG2, crs_factory);
+auto ck = std::make_shared<CommitmentKey<Curve>>(1 << MAX_POLYNOMIAL_DEGREE_LOG2, crs_factory);
+auto vk = std::make_shared<VerifierCommitmentKey<Curve>>(1 << MAX_POLYNOMIAL_DEGREE_LOG2, crs_factory);
 
-std::vector<std::shared_ptr<honk::BaseTranscript>> prover_transcripts(MAX_POLYNOMIAL_DEGREE_LOG2 -
-                                                                      MIN_POLYNOMIAL_DEGREE_LOG2 + 1);
-std::vector<OpeningClaim> opening_claims(MAX_POLYNOMIAL_DEGREE_LOG2 - MIN_POLYNOMIAL_DEGREE_LOG2 + 1);
+std::vector<std::shared_ptr<BaseTranscript>> prover_transcripts(MAX_POLYNOMIAL_DEGREE_LOG2 -
+                                                                MIN_POLYNOMIAL_DEGREE_LOG2 + 1);
+std::vector<OpeningClaim<Curve>> opening_claims(MAX_POLYNOMIAL_DEGREE_LOG2 - MIN_POLYNOMIAL_DEGREE_LOG2 + 1);
 
 void ipa_open(State& state) noexcept
 {
@@ -33,19 +27,19 @@ void ipa_open(State& state) noexcept
         state.PauseTiming();
         size_t n = 1 << static_cast<size_t>(state.range(0));
         // Construct the polynomial
-        Polynomial poly(n);
+        Polynomial<Fr> poly(n);
         for (size_t i = 0; i < n; ++i) {
             poly[i] = Fr::random_element(&engine);
         }
         auto x = Fr::random_element(&engine);
         auto eval = poly.evaluate(x);
-        const OpeningPair opening_pair = { x, eval };
-        const OpeningClaim opening_claim{ opening_pair, ck->commit(poly) };
+        const OpeningPair<Curve> opening_pair = { x, eval };
+        const OpeningClaim<Curve> opening_claim{ opening_pair, ck->commit(poly) };
         // initialize empty prover transcript
-        auto prover_transcript = std::make_shared<honk::BaseTranscript>();
+        auto prover_transcript = std::make_shared<BaseTranscript>();
         state.ResumeTiming();
         // Compute proof
-        IPA::compute_opening_proof(ck, opening_pair, poly, prover_transcript);
+        IPA<Curve>::compute_opening_proof(ck, opening_pair, poly, prover_transcript);
         // Store info for verifier
         prover_transcripts[static_cast<size_t>(state.range(0)) - MIN_POLYNOMIAL_DEGREE_LOG2] = prover_transcript;
         opening_claims[static_cast<size_t>(state.range(0)) - MIN_POLYNOMIAL_DEGREE_LOG2] = opening_claim;
@@ -59,10 +53,10 @@ void ipa_verify(State& state) noexcept
         auto prover_transcript = prover_transcripts[static_cast<size_t>(state.range(0)) - MIN_POLYNOMIAL_DEGREE_LOG2];
         auto opening_claim = opening_claims[static_cast<size_t>(state.range(0)) - MIN_POLYNOMIAL_DEGREE_LOG2];
         // initialize verifier transcript from proof data
-        auto verifier_transcript = std::make_shared<honk::BaseTranscript>(prover_transcript->proof_data);
+        auto verifier_transcript = std::make_shared<BaseTranscript>(prover_transcript->proof_data);
 
         state.ResumeTiming();
-        auto result = IPA::verify(vk, opening_claim, verifier_transcript);
+        auto result = IPA<Curve>::verify(vk, opening_claim, verifier_transcript);
         ASSERT(result);
     }
 }

barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp

@@ -6,8 +6,8 @@
 
 using namespace benchmark;
 
-namespace bb::honk {
-using Flavor = flavor::Ultra;
+namespace bb {
+using Flavor = UltraFlavor;
 using Instance = ProverInstance_<Flavor>;
 using Instances = ProverInstances_<Flavor, 2>;
 using ProtoGalaxyProver = ProtoGalaxyProver_<Instances>;
@@ -38,6 +38,6 @@ void fold_one(State& state) noexcept
 }
 
 BENCHMARK(fold_one)->/* vary the circuit size */ DenseRange(14, 20)->Unit(kMillisecond);
-} // namespace bb::honk
+} // namespace bb
 
 BENCHMARK_MAIN();