From 4b2f1cd06770e33caa89139c6a86d1f0748e6837 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 8 Nov 2024 16:01:11 +0000 Subject: [PATCH 01/26] initial builder object --- .../plonk_honk_shared/types/aggregation_object_type.hpp | 5 ++++- .../stdlib_circuit_builders/circuit_builder_base.hpp | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 5f9bb79cda6..885f742c6de 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -12,5 +12,8 @@ constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; using PairingPointAccumulatorIndices = std::array; // PairingPointAccumPubInputIndices represents an array of 16 public input indices pointing to the witness indices of // the nested aggregation object. -using PairingPointAccumPubInputIndices = std::array; + +using AggregationObjectPubInputIndices = std::array; + +using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index 3defafa72e9..6b95acf2599 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -40,6 +40,10 @@ template class CircuitBuilderBase { PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; bool contains_pairing_point_accumulator = false; + // Public input indices which contain the output IPA opening claim + IPAClaimPubInputIndices ipa_claim_public_input_indices; + uint32_t ipa_verifier_count = 0; + // We know from the CLI arguments during proving whether a circuit should use a prover which produces // proofs that are friendly to verify in a circuit themselves. A verifier does not need a full circuit // description and should be able to verify a proof with just the verification key and the proof. From 3a6bdad8a33d437e990c0cd1ac9a9530b65326ca Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 19:00:25 +0000 Subject: [PATCH 02/26] rename --- .../src/barretenberg/dsl/acir_format/acir_format.cpp | 2 +- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 4 ++-- .../plonk/proof_system/proving_key/proving_key.hpp | 4 ++-- .../verification_key/verification_key.hpp | 4 ++-- .../types/aggregation_object_type.hpp | 7 +++---- .../eccvm_verifier/eccvm_recursive_verifier.cpp | 12 ++++++++---- .../eccvm_verifier/eccvm_recursive_verifier.hpp | 2 +- .../verification_key/verification_key.hpp | 4 ++-- .../stdlib_circuit_builders/circuit_builder_base.hpp | 2 +- .../stdlib_circuit_builders/circuit_simulator.hpp | 2 +- .../stdlib_circuit_builders/mega_flavor.hpp | 2 +- .../stdlib_circuit_builders/ultra_flavor.hpp | 2 +- 12 files changed, 25 insertions(+), 22 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index bd36912f2f1..55659d22ae1 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -298,7 +298,7 @@ void process_plonk_recursion_constraints(Builder& builder, // they want these constants set by keeping the nested aggregation object attached to // the proof as public inputs. As this is the only object that can prepended to the // proof if the proof is above the expected size (with public inputs stripped) - PairingPointAccumPubInputIndices nested_aggregation_object = {}; + PairingPointAccumulatorPubInputIndices nested_aggregation_object = {}; // If the proof has public inputs attached to it, we should handle setting the nested // aggregation object if (constraint.proof.size() > proof_size_no_pub_inputs) { diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 3b7fa66b826..b4b08b4962f 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -110,7 +110,7 @@ template class ProvingKey_ { public: size_t circuit_size; bool contains_pairing_point_accumulator; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bb::EvaluationDomain evaluation_domain; std::shared_ptr commitment_key; size_t num_public_inputs; @@ -152,7 +152,7 @@ class VerificationKey_ : public PrecomputedCommitments { using Commitment = typename VerifierCommitmentKey::Commitment; std::shared_ptr pcs_verification_key; bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices = {}; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices = {}; uint64_t pub_inputs_offset = 0; bool operator==(const VerificationKey_&) const = default; diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp index e0a2097adda..eedd49442d0 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/proving_key/proving_key.hpp @@ -25,7 +25,7 @@ struct proving_key_data { uint32_t circuit_size; uint32_t num_public_inputs; bool contains_pairing_point_accumulator; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; std::vector memory_read_records; std::vector memory_write_records; #ifdef __wasm__ @@ -60,7 +60,7 @@ struct proving_key { size_t log_circuit_size; size_t num_public_inputs; bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; std::vector memory_read_records; // Used by UltraPlonkComposer only; for ROM, RAM reads. std::vector memory_write_records; // Used by UltraPlonkComposer only, for RAM writes. diff --git a/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp b/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp index face2fba637..f3b84e29fc9 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk/proof_system/verification_key/verification_key.hpp @@ -18,7 +18,7 @@ struct verification_key_data { uint32_t num_public_inputs; std::map commitments; bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bool is_recursive_circuit = false; // for serialization: update with any new fields @@ -99,7 +99,7 @@ struct verification_key { bb::fr z_pow_n; // ʓ^n (ʓ being the 'evaluation challenge') bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bool is_recursive_circuit = false; diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 885f742c6de..88b66b45b8b 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -10,10 +10,9 @@ namespace bb { constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; // PairingPointAccumulatorIndices represents an array of 16 witness indices pointing to the nested aggregation object. using PairingPointAccumulatorIndices = std::array; -// PairingPointAccumPubInputIndices represents an array of 16 public input indices pointing to the witness indices of -// the nested aggregation object. - -using AggregationObjectPubInputIndices = std::array; +// PairingPointAccumulatorPubInputIndices represents an array of 16 public input indices pointing to the witness indices +// of the nested aggregation object. +using PairingPointAccumulatorPubInputIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index f2150c54e75..c25d156dae1 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -15,8 +15,11 @@ ECCVMRecursiveVerifier_::ECCVMRecursiveVerifier_( /** * @brief This function verifies an ECCVM Honk proof for given program settings up to sumcheck. + * + * Returns a transcript where the IPA proof has not been verified yet. */ -template void ECCVMRecursiveVerifier_::verify_proof(const HonkProof& proof) +template +ECCVMRecursiveVerifier_::Transcript ECCVMRecursiveVerifier_::verify_proof(const HonkProof& proof) { using Curve = typename Flavor::Curve; using Shplemini = ShpleminiVerifier_; @@ -138,11 +141,12 @@ template void ECCVMRecursiveVerifier_::verify_proof(co const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. - const typename PCS::VerifierAccumulator batched_opening_accumulator = - PCS::reduce_verify(key->pcs_verification_key, batch_opening_claim, transcript); + // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. + // const typename PCS::VerifierAccumulator batched_opening_accumulator = + // PCS::reduce_verify(key->pcs_verification_key, batch_opening_claim, transcript); ASSERT(sumcheck_verified); + return transcript; } template class ECCVMRecursiveVerifier_>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp index 6a590ebba40..08ea0072ad7 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp @@ -21,7 +21,7 @@ template class ECCVMRecursiveVerifier_ { const std::shared_ptr& native_verifier_key); // TODO(https://github.com/AztecProtocol/barretenberg/issues/991): switch recursive verifiers to StdlibProof - void verify_proof(const HonkProof& proof); + Transcript verify_proof(const HonkProof& proof); std::shared_ptr key; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp b/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp index fc4f6ad3993..5fc139f72ba 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/plonk_recursion/verification_key/verification_key.hpp @@ -240,7 +240,7 @@ template struct verification_key { Builder* ctx, const std::vector>& fields, bool inner_proof_contains_pairing_point_accumulator = false, - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices = {}) + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices = {}) { std::vector fields_raw; std::shared_ptr key = std::make_shared(); @@ -446,7 +446,7 @@ template struct verification_key { plonk::PolynomialManifest polynomial_manifest; // Used to check in the circuit if a proof contains any aggregated state. bool contains_pairing_point_accumulator = false; - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; size_t program_width = 4; Builder* context; }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index 6b95acf2599..77ace653d9e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -37,7 +37,7 @@ template class CircuitBuilderBase { std::map tau; // Public input indices which contain recursive proof information - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; bool contains_pairing_point_accumulator = false; // Public input indices which contain the output IPA opening claim diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp index f97c634c110..cff49381a57 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_simulator.hpp @@ -191,7 +191,7 @@ class CircuitSimulatorBN254 { [[nodiscard]] bool check_circuit() const { return !_failed; } // Public input indices which contain recursive proof information - PairingPointAccumPubInputIndices pairing_point_accumulator_public_input_indices; + PairingPointAccumulatorPubInputIndices pairing_point_accumulator_public_input_indices; }; class SimulatorCircuitChecker { diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index 13f6e3cbe85..e00ddc79f12 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -597,7 +597,7 @@ class MegaFlavor { const size_t num_public_inputs, const size_t pub_inputs_offset, const bool contains_pairing_point_accumulator, - const PairingPointAccumPubInputIndices& pairing_point_accumulator_public_input_indices, + const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, const DatabusPropagationData& databus_propagation_data, const Commitment& q_m, const Commitment& q_c, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 76b8e1ed56a..05bfb4652aa 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -455,7 +455,7 @@ class UltraFlavor { const uint64_t num_public_inputs, const uint64_t pub_inputs_offset, const bool contains_pairing_point_accumulator, - const PairingPointAccumPubInputIndices& pairing_point_accumulator_public_input_indices, + const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, const Commitment& q_m, const Commitment& q_c, const Commitment& q_l, From ed12d5b7d3da3fa49783b5f4fca694e2f807e700 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 19:17:44 +0000 Subject: [PATCH 03/26] return unfinished transcript --- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp | 4 +++- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index c25d156dae1..e5e6f9e28a2 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -19,7 +19,8 @@ ECCVMRecursiveVerifier_::ECCVMRecursiveVerifier_( * Returns a transcript where the IPA proof has not been verified yet. */ template -ECCVMRecursiveVerifier_::Transcript ECCVMRecursiveVerifier_::verify_proof(const HonkProof& proof) +std::shared_ptr::Transcript> ECCVMRecursiveVerifier_::verify_proof( + const HonkProof& proof) { using Curve = typename Flavor::Curve; using Shplemini = ShpleminiVerifier_; @@ -141,6 +142,7 @@ ECCVMRecursiveVerifier_::Transcript ECCVMRecursiveVerifier_::ver const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); + static_cast(batch_opening_claim); // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. // const typename PCS::VerifierAccumulator batched_opening_accumulator = // PCS::reduce_verify(key->pcs_verification_key, batch_opening_claim, transcript); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp index 08ea0072ad7..585a3a5a374 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp @@ -21,7 +21,7 @@ template class ECCVMRecursiveVerifier_ { const std::shared_ptr& native_verifier_key); // TODO(https://github.com/AztecProtocol/barretenberg/issues/991): switch recursive verifiers to StdlibProof - Transcript verify_proof(const HonkProof& proof); + std::shared_ptr verify_proof(const HonkProof& proof); std::shared_ptr key; From b948683d305c42df35f606baf7e3f702e756b757 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 20:36:58 +0000 Subject: [PATCH 04/26] ipa claim indices --- .../plonk_honk_shared/types/aggregation_object_type.hpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 88b66b45b8b..f8662b9821a 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -14,5 +14,7 @@ using PairingPointAccumulatorIndices = std::array; -using IPAClaimPubInputIndices = std::array; +constexpr uint32_t IPA_CLAIM_SIZE = 6; +using IPAClaimIndices = std::array; +using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file From beb03a4167f9a5983aec76d2abda5c8da7a8ca60 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 22:37:50 +0000 Subject: [PATCH 05/26] add ipa claim to public inputs upon accumulation --- .../barretenberg/commitment_schemes/claim.hpp | 16 ++++++++++++ .../commitment_schemes/ipa/ipa.hpp | 4 +++ .../dsl/acir_format/acir_format.cpp | 9 +------ .../types/aggregation_object_type.hpp | 2 +- .../circuit_builder_base.hpp | 15 +++-------- .../circuit_builder_base_impl.hpp | 25 ++++++++++--------- 6 files changed, 39 insertions(+), 32 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 129cb4df521..ef303c5728b 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -1,7 +1,9 @@ #pragma once #include "barretenberg/commitment_schemes/commitment_key.hpp" +#include "barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp" #include "barretenberg/polynomials/polynomial.hpp" +#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp" namespace bb { /** @@ -51,6 +53,20 @@ template class OpeningClaim { // commitment to univariate polynomial p(X) Commitment commitment; + IPAClaimIndices get_witness_indices() + requires(std::is_same_v>) + { + return { opening_pair.challenge.binary_basis_limbs[0].element.normalize().witness_index, + opening_pair.challenge.binary_basis_limbs[1].element.normalize().witness_index, + opening_pair.challenge.binary_basis_limbs[2].element.normalize().witness_index, + opening_pair.challenge.binary_basis_limbs[3].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, + opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, + commitment.x, + commitment.y }; + } /** * @brief inefficiently check that the claim is correct by recomputing the commitment * and evaluating the polynomial in r. diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 1ebcb1aff1d..86eb56eb402 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -822,6 +822,10 @@ template class IPA { for (Fr u_inv_i : pair_2.u_challenges_inv) { native_u_challenges_inv_2.push_back(bb::fq(u_inv_i.get_value())); } + // Add IPA Claim to public inputs of circuit + Builder* builder = r.get_context(); + builder->add_ipa_claim(output_claim.get_witness_indices()); + return {output_claim, create_challenge_poly(uint32_t(pair_1.log_poly_length.get_value()), native_u_challenges_inv_1, uint32_t(pair_2.log_poly_length.get_value()), native_u_challenges_inv_2, fq(alpha.get_value()))}; } }; diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp index 55659d22ae1..b97772b6657 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp @@ -342,16 +342,9 @@ void process_plonk_recursion_constraints(Builder& builder, // inputs. if (!constraint_system.recursion_constraints.empty()) { - // First add the output aggregation object as public inputs - // Set the indices as public inputs because they are no longer being - // created in ACIR - for (const auto& idx : current_output_aggregation_object) { - builder.set_public_input(idx); - } - // Make sure the verification key records the public input indices of the // final recursion output. - builder.set_pairing_point_accumulator(current_output_aggregation_object); + builder.add_pairing_point_accumulator(current_output_aggregation_object); } } diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index f8662b9821a..49025ee77c6 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -14,7 +14,7 @@ using PairingPointAccumulatorIndices = std::array; -constexpr uint32_t IPA_CLAIM_SIZE = 6; +constexpr uint32_t IPA_CLAIM_SIZE = 10; using IPAClaimIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index 77ace653d9e..12dbf713a41 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -42,6 +42,8 @@ template class CircuitBuilderBase { // Public input indices which contain the output IPA opening claim IPAClaimPubInputIndices ipa_claim_public_input_indices; + bool contains_ipa_claim = false; + uint32_t ipa_verifier_count = 0; // We know from the CLI arguments during proving whether a circuit should use a prover which produces @@ -210,18 +212,9 @@ template class CircuitBuilderBase { * @param proof_output_witness_indices Witness indices that need to become public and stored as recurisve proof * specific */ - void add_pairing_point_accumulator(const PairingPointAccumulatorIndices& proof_output_witness_indices); + void add_pairing_point_accumulator(const PairingPointAccumulatorIndices& pairing_point_accum_witness_indices); - /** - * TODO: We can remove this and use `add_pairing_point_accumulator` once my question has been addressed - * TODO: using `add_pairing_point_accumulator` also means that we will need to remove the cde which is - * TODO: adding the public_inputs - * @brief Update pairing_point_accumulator_public_input_indices with existing public inputs that represent a - * recursive proof - * - * @param proof_output_witness_indices - */ - void set_pairing_point_accumulator(const PairingPointAccumulatorIndices& proof_output_witness_indices); + void add_ipa_claim(const IPAClaimIndices& ipa_claim_witness_indices); bool failed() const; const std::string& err() const; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp index a192a8587b3..e3e4bbcfe9d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base_impl.hpp @@ -237,34 +237,35 @@ void CircuitBuilderBase::assert_valid_variables(const std::vector template void CircuitBuilderBase::add_pairing_point_accumulator( - const PairingPointAccumulatorIndices& proof_output_witness_indices) + const PairingPointAccumulatorIndices& pairing_point_accum_witness_indices) { if (contains_pairing_point_accumulator) { - failure("added recursive proof when one already exists"); + failure("added pairing point accumulator when one already exists"); ASSERT(0); } contains_pairing_point_accumulator = true; size_t i = 0; - for (const auto& idx : proof_output_witness_indices) { + for (const auto& idx : pairing_point_accum_witness_indices) { set_public_input(idx); pairing_point_accumulator_public_input_indices[i] = static_cast(public_inputs.size() - 1); ++i; } } -template -void CircuitBuilderBase::set_pairing_point_accumulator( - const PairingPointAccumulatorIndices& proof_output_witness_indices) +template void CircuitBuilderBase::add_ipa_claim(const IPAClaimIndices& ipa_claim_witness_indices) { - if (contains_pairing_point_accumulator) { - failure("added recursive proof when one already exists"); + if (contains_ipa_claim) { + failure("added IPA claim when one already exists"); ASSERT(0); } - contains_pairing_point_accumulator = true; - for (size_t i = 0; i < proof_output_witness_indices.size(); ++i) { - pairing_point_accumulator_public_input_indices[i] = - get_public_input_index(real_variable_index[proof_output_witness_indices[i]]); + contains_ipa_claim = true; + + size_t i = 0; + for (const auto& idx : ipa_claim_witness_indices) { + set_public_input(idx); + ipa_claim_public_input_indices[i] = static_cast(public_inputs.size() - 1); + ++i; } } From 20a69332d2fb8306d9b905229ab6aa8a1dd55dd5 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 12 Nov 2024 22:42:55 +0000 Subject: [PATCH 06/26] fix build --- barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index ef303c5728b..7676b2bd569 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -53,7 +53,7 @@ template class OpeningClaim { // commitment to univariate polynomial p(X) Commitment commitment; - IPAClaimIndices get_witness_indices() + IPAClaimIndices get_witness_indices() const requires(std::is_same_v>) { return { opening_pair.challenge.binary_basis_limbs[0].element.normalize().witness_index, From b3ebdeb26074d6b43171861dbc66dce3824ed2c7 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Wed, 13 Nov 2024 19:53:13 +0000 Subject: [PATCH 07/26] adding ipa claim to proving/verification keys --- .../stdlib_circuit_builders/ultra_flavor.hpp | 9 ++++++++- .../src/barretenberg/ultra_honk/decider_proving_key.hpp | 6 +++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 05bfb4652aa..9015c0483b9 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -272,7 +272,6 @@ class UltraFlavor { }; }; - public: /** * @brief A field element for each entity of the flavor. These entities represent the prover polynomials * evaluated at one point. @@ -341,6 +340,9 @@ class UltraFlavor { public: using Base = ProvingKey_; + bool contains_ipa_claim; + IPAClaimPubInputIndices ipa_claim_pub_input_indices; + ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, const size_t num_public_inputs, @@ -426,12 +428,17 @@ class UltraFlavor { */ class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: + bool contains_ipa_claim; + IPAClaimPubInputIndices ipa_claim_pub_input_indices; + bool operator==(const VerificationKey&) const = default; VerificationKey() = default; VerificationKey(const size_t circuit_size, const size_t num_public_inputs) : VerificationKey_(circuit_size, num_public_inputs) {} VerificationKey(ProvingKey& proving_key) + : contains_ipa_claim(proving_key.contains_ipa_claim) + , ipa_claim_pub_input_indices(proving_key.ipa_claim_pub_input_indices) { this->pcs_verification_key = std::make_shared(); this->circuit_size = proving_key.circuit_size; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 1de641beec9..181c148521d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -288,7 +288,11 @@ template class DeciderProvingKey_ { proving_key.public_inputs.emplace_back(proving_key.polynomials.w_r[idx]); } - // Set the recursive proof indices + // Set the IPA claim indices + proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; + proving_key.contains_ipa_claim = circuit.contains_ipa_claim; + + // Set the pairing point accumulator indices proving_key.pairing_point_accumulator_public_input_indices = circuit.pairing_point_accumulator_public_input_indices; proving_key.contains_pairing_point_accumulator = circuit.contains_pairing_point_accumulator; From 98e8018964ea9d50160d0ca450bb493bf8043257 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 18:38:54 +0000 Subject: [PATCH 08/26] fix build --- .../cpp/src/barretenberg/commitment_schemes/claim.hpp | 4 ++-- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 3 +++ .../stdlib_circuit_builders/ultra_flavor.hpp | 6 +++--- .../barretenberg/ultra_honk/decider_proving_key.hpp | 10 +++++----- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 7676b2bd569..9bf434955e2 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -64,8 +64,8 @@ template class OpeningClaim { opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, - commitment.x, - commitment.y }; + commitment.x.normalize().witness_index, // no idea if we need these normalize() calls... + commitment.y.normalize().witness_index }; } /** * @brief inefficiently check that the claim is correct by recomputing the commitment diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 854b4c3ee15..228dc5edcd6 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -379,6 +379,9 @@ MegaZKRecursiveFlavor_>; template concept HasDataBus = IsGoblinFlavor; +template +concept DoesRecursiveIPA = IsAnyOf; + template concept IsRecursiveFlavor = IsAnyOf, UltraRecursiveFlavor_, diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 9015c0483b9..6c7a8d191b1 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -341,7 +341,7 @@ class UltraFlavor { using Base = ProvingKey_; bool contains_ipa_claim; - IPAClaimPubInputIndices ipa_claim_pub_input_indices; + IPAClaimPubInputIndices ipa_claim_public_input_indices; ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, @@ -429,7 +429,7 @@ class UltraFlavor { class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: bool contains_ipa_claim; - IPAClaimPubInputIndices ipa_claim_pub_input_indices; + IPAClaimPubInputIndices ipa_claim_public_input_indices; bool operator==(const VerificationKey&) const = default; VerificationKey() = default; @@ -438,7 +438,7 @@ class UltraFlavor { {} VerificationKey(ProvingKey& proving_key) : contains_ipa_claim(proving_key.contains_ipa_claim) - , ipa_claim_pub_input_indices(proving_key.ipa_claim_pub_input_indices) + , ipa_claim_public_input_indices(proving_key.ipa_claim_public_input_indices) { this->pcs_verification_key = std::make_shared(); this->circuit_size = proving_key.circuit_size; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 181c148521d..54b90461b66 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -288,16 +288,16 @@ template class DeciderProvingKey_ { proving_key.public_inputs.emplace_back(proving_key.polynomials.w_r[idx]); } - // Set the IPA claim indices - proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; - proving_key.contains_ipa_claim = circuit.contains_ipa_claim; - + if constexpr (DoesRecursiveIPA) { // Set the IPA claim indices + proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; + proving_key.contains_ipa_claim = circuit.contains_ipa_claim; + } // Set the pairing point accumulator indices proving_key.pairing_point_accumulator_public_input_indices = circuit.pairing_point_accumulator_public_input_indices; proving_key.contains_pairing_point_accumulator = circuit.contains_pairing_point_accumulator; - if constexpr (IsGoblinFlavor) { // Set databus commitment propagation data + if constexpr (HasDataBus) { // Set databus commitment propagation data proving_key.databus_propagation_data = circuit.databus_propagation_data; } auto end = std::chrono::steady_clock::now(); From f1a429d90eb2aa5ca4eda353c449d2f5c3bc65bf Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 18:56:18 +0000 Subject: [PATCH 09/26] fix some random tests with namespace ambiguity issues --- .../examples/join_split/join_split.test.cpp | 16 ++++---- .../eccvm_recursive_verifier.cpp | 1 - .../encryption/schnorr/schnorr.test.cpp | 41 +++++++++---------- 3 files changed, 28 insertions(+), 30 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp b/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp index f56dbf882e7..677e30f198c 100644 --- a/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp +++ b/barretenberg/cpp/src/barretenberg/examples/join_split/join_split.test.cpp @@ -33,8 +33,8 @@ using namespace bb::join_split_example::proofs::notes::native; using key_pair = join_split_example::fixtures::grumpkin_key_pair; auto create_account_leaf_data(fr const& account_alias_hash, - grumpkin::g1::affine_element const& owner_key, - grumpkin::g1::affine_element const& signing_key) + bb::grumpkin::g1::affine_element const& owner_key, + bb::grumpkin::g1::affine_element const& signing_key) { return notes::native::account::account_note{ account_alias_hash, owner_key, signing_key }.commit(); } @@ -869,7 +869,7 @@ TEST_P(test_allow_chain_to_other_users_fail, ) { join_split_tx tx = simple_setup(); tx.allow_chain = GetParam(); - tx.output_note[tx.allow_chain - 1].owner = grumpkin::g1::element::random_element(); // i.e. not owned by self. + tx.output_note[tx.allow_chain - 1].owner = bb::grumpkin::g1::element::random_element(); // i.e. not owned by self. auto result = sign_and_verify_logic(tx, user.owner); EXPECT_FALSE(result.valid); EXPECT_EQ(result.err, "inter-user chaining disallowed"); @@ -1028,7 +1028,7 @@ TEST_F(join_split_tests, test_total_output_value_larger_than_total_input_value_f TEST_F(join_split_tests, test_different_input_note_owners_fails) { join_split_tx tx = simple_setup({ 1, 2 }); - tx.input_note[0].owner = grumpkin::g1::affine_element::hash_to_curve({ 1 }); + tx.input_note[0].owner = bb::grumpkin::g1::affine_element::hash_to_curve({ 1 }); auto result = sign_and_verify_logic(tx, user.owner); EXPECT_FALSE(result.valid); @@ -1073,7 +1073,7 @@ TEST_F(join_split_tests, test_different_note_account_required_vs_account_require TEST_F(join_split_tests, test_wrong_input_note_owner_fails) { join_split_tx tx = simple_setup(); - tx.input_note[0].owner = grumpkin::g1::element::random_element(); + tx.input_note[0].owner = bb::grumpkin::g1::element::random_element(); tx.input_note[1].owner = tx.input_note[0].owner; auto result = sign_and_verify_logic(tx, user.owner); @@ -1084,8 +1084,8 @@ TEST_F(join_split_tests, test_wrong_input_note_owner_fails) TEST_F(join_split_tests, test_random_output_note_owners) { join_split_tx tx = simple_setup(); - tx.output_note[0].owner = grumpkin::g1::element::random_element(); - tx.output_note[1].owner = grumpkin::g1::element::random_element(); + tx.output_note[0].owner = bb::grumpkin::g1::element::random_element(); + tx.output_note[1].owner = bb::grumpkin::g1::element::random_element(); EXPECT_TRUE(sign_and_verify_logic(tx, user.owner).valid); } @@ -1097,7 +1097,7 @@ TEST_F(join_split_tests, test_random_output_note_owners) TEST_F(join_split_tests, test_wrong_account_private_key_fails) { join_split_tx tx = simple_setup(); - tx.account_private_key = grumpkin::fr::random_element(); + tx.account_private_key = bb::grumpkin::fr::random_element(); auto result = sign_and_verify_logic(tx, user.owner); EXPECT_FALSE(result.valid); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index c2e66d7cf07..140052fcf4b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -149,7 +149,6 @@ template void ECCVMRecursiveVerifier_::verify_proof(co // PCS::reduce_verify(batch_opening_claim, ipa_transcript); ASSERT(sumcheck_verified); - return transcript; } template class ECCVMRecursiveVerifier_>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp index ea93c1c161d..a852624235a 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/encryption/schnorr/schnorr.test.cpp @@ -7,14 +7,13 @@ #include "schnorr.hpp" using namespace bb; -using namespace bb::stdlib; using namespace bb::crypto; using Builder = UltraCircuitBuilder; -using bool_ct = bool_t; -using byte_array_ct = byte_array; -using field_ct = field_t; -using witness_ct = witness_t; +using bool_ct = stdlib::bool_t; +using byte_array_ct = stdlib::byte_array; +using field_ct = stdlib::field_t; +using witness_ct = stdlib::witness_t; /** * @test Test circuit verifying a Schnorr signature generated by \see{crypto::schnorr_verify_signature}. @@ -42,10 +41,10 @@ TEST(stdlib_schnorr, schnorr_verify_signature) message_string, account.public_key, signature); EXPECT_EQ(first_result, true); - cycle_group pub_key{ witness_ct(&builder, account.public_key.x), - witness_ct(&builder, account.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key{ witness_ct(&builder, account.public_key.x), + witness_ct(&builder, account.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, message_string); schnorr_verify_signature(message, pub_key, sig); @@ -84,10 +83,10 @@ TEST(stdlib_schnorr, verify_signature_failure) EXPECT_EQ(native_result, false); // check stdlib verification with account 2 public key fails - cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), - witness_ct(&builder, account2.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), + witness_ct(&builder, account2.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, message_string); schnorr_verify_signature(message, pub_key2_ct, sig); @@ -118,10 +117,10 @@ TEST(stdlib_schnorr, schnorr_signature_verification_result) longer_string, account.public_key, signature); EXPECT_EQ(first_result, true); - cycle_group pub_key{ witness_ct(&builder, account.public_key.x), - witness_ct(&builder, account.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key{ witness_ct(&builder, account.public_key.x), + witness_ct(&builder, account.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, longer_string); bool_ct signature_result = schnorr_signature_verification_result(message, pub_key, sig); EXPECT_EQ(signature_result.witness_bool, true); @@ -161,10 +160,10 @@ TEST(stdlib_schnorr, signature_verification_result_failure) EXPECT_EQ(native_result, false); // check stdlib verification with account 2 public key fails - cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), - witness_ct(&builder, account2.public_key.y), - false }; - schnorr_signature_bits sig = schnorr_convert_signature(&builder, signature); + stdlib::cycle_group pub_key2_ct{ witness_ct(&builder, account2.public_key.x), + witness_ct(&builder, account2.public_key.y), + false }; + stdlib::schnorr_signature_bits sig = stdlib::schnorr_convert_signature(&builder, signature); byte_array_ct message(&builder, message_string); bool_ct signature_result = schnorr_signature_verification_result(message, pub_key2_ct, sig); EXPECT_EQ(signature_result.witness_bool, false); From c86252b545e1328ca71cf4e29994f032ae732afc Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 20:16:50 +0000 Subject: [PATCH 10/26] fix serialization --- .../stdlib_circuit_builders/flavor_serialization.test.cpp | 6 ++++++ .../barretenberg/stdlib_circuit_builders/ultra_flavor.hpp | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp index 162385bdcba..9be4c730815 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp @@ -47,6 +47,12 @@ TYPED_TEST(FlavorSerializationTests, VerificationKeySerialization) // Set the pcs ptr to null since this will not be reconstructed correctly from buffer original_vkey.pcs_verification_key = nullptr; + // probably not needed + if constexpr (DoesRecursiveIPA) { + original_vkey.contains_ipa_claim = 0; + original_vkey.ipa_claim_public_input_indices = + std::array{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + } // Populate some non-zero values in the databus_propagation_data to ensure its being handled if constexpr (IsMegaBuilder) { original_vkey.databus_propagation_data.app_return_data_public_input_idx = 2; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 4a39bdbfba7..1fc4281c793 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -476,6 +476,8 @@ class UltraFlavor { const uint64_t pub_inputs_offset, const bool contains_pairing_point_accumulator, const PairingPointAccumulatorPubInputIndices& pairing_point_accumulator_public_input_indices, + const bool contains_ipa_claim, + const IPAClaimPubInputIndices& ipa_claim_public_input_indices, const Commitment& q_m, const Commitment& q_c, const Commitment& q_l, @@ -503,6 +505,8 @@ class UltraFlavor { const Commitment& table_4, const Commitment& lagrange_first, const Commitment& lagrange_last) + : contains_ipa_claim(contains_ipa_claim) + , ipa_claim_public_input_indices(ipa_claim_public_input_indices) { this->circuit_size = circuit_size; this->log_circuit_size = numeric::get_msb(this->circuit_size); @@ -546,6 +550,8 @@ class UltraFlavor { pub_inputs_offset, contains_pairing_point_accumulator, pairing_point_accumulator_public_input_indices, + contains_ipa_claim, + ipa_claim_public_input_indices, q_m, q_c, q_l, From cb40e082893aa137acd4a7934ca7036539fae3c1 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Thu, 14 Nov 2024 23:06:54 +0000 Subject: [PATCH 11/26] fix test --- .../cpp/src/barretenberg/commitment_schemes/claim.hpp | 8 ++++---- .../plonk_honk_shared/types/aggregation_object_type.hpp | 2 +- .../stdlib_circuit_builders/flavor_serialization.test.cpp | 3 +-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 9bf434955e2..8ae0917576b 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -60,10 +60,10 @@ template class OpeningClaim { opening_pair.challenge.binary_basis_limbs[1].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[2].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[3].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, - opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, + // opening_pair.evaluation.binary_basis_limbs[3].element.normalize().witness_index, commitment.x.normalize().witness_index, // no idea if we need these normalize() calls... commitment.y.normalize().witness_index }; } diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index 49025ee77c6..f8662b9821a 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -14,7 +14,7 @@ using PairingPointAccumulatorIndices = std::array; -constexpr uint32_t IPA_CLAIM_SIZE = 10; +constexpr uint32_t IPA_CLAIM_SIZE = 6; using IPAClaimIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp index 9be4c730815..2b5de9630ef 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp @@ -50,8 +50,7 @@ TYPED_TEST(FlavorSerializationTests, VerificationKeySerialization) // probably not needed if constexpr (DoesRecursiveIPA) { original_vkey.contains_ipa_claim = 0; - original_vkey.ipa_claim_public_input_indices = - std::array{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + original_vkey.ipa_claim_public_input_indices = std::array{ 0, 0, 0, 0, 0, 0 }; } // Populate some non-zero values in the databus_propagation_data to ensure its being handled if constexpr (IsMegaBuilder) { From 68e8acb62c6c90ec364558f47e198d92dbf9ad29 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 15 Nov 2024 00:59:01 +0000 Subject: [PATCH 12/26] modify eccvm verify_proof --- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp | 6 ++++-- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp | 2 +- .../stdlib/goblin_verifier/goblin_recursive_verifier.cpp | 5 ++++- .../goblin_verifier/goblin_recursive_verifier.test.cpp | 6 ++++-- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index 140052fcf4b..ec359be3589 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -17,7 +17,9 @@ ECCVMRecursiveVerifier_::ECCVMRecursiveVerifier_( * @brief This function verifies an ECCVM Honk proof for given program settings up to sumcheck. * */ -template void ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) +template +std::pair, std::shared_ptr::Transcript>> +ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) { using Curve = typename Flavor::Curve; using Shplemini = ShpleminiVerifier_; @@ -143,12 +145,12 @@ template void ECCVMRecursiveVerifier_::verify_proof(co const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); - builder->add_ipa_claim(batch_opening_claim.get_witness_indices()); // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. // const typename PCS::VerifierAccumulator batched_opening_accumulator = // PCS::reduce_verify(batch_opening_claim, ipa_transcript); ASSERT(sumcheck_verified); + return { batch_opening_claim, ipa_transcript }; } template class ECCVMRecursiveVerifier_>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp index 58103e9644b..729740aa707 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.hpp @@ -21,7 +21,7 @@ template class ECCVMRecursiveVerifier_ { const std::shared_ptr& native_verifier_key); // TODO(https://github.com/AztecProtocol/barretenberg/issues/991): switch recursive verifiers to StdlibProof - void verify_proof(const ECCVMProof& proof); + std::pair, std::shared_ptr> verify_proof(const ECCVMProof& proof); std::shared_ptr key; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp index 8a6980ff4b0..e2f802cf5e9 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp @@ -12,8 +12,11 @@ void GoblinRecursiveVerifier::verify(const GoblinProof& proof) { // Run the ECCVM recursive verifier ECCVMVerifier eccvm_verifier{ builder, verification_keys.eccvm_verification_key }; - eccvm_verifier.verify_proof(proof.eccvm_proof); + auto [opening_claim, ipa_transcript] = eccvm_verifier.verify_proof(proof.eccvm_proof); + // Assuming the GoblinRecursiveVerifier can only be called at most once per circuit, we can add the claim to the + // builder. + builder->add_ipa_claim(opening_claim.get_witness_indices()); // Run the Translator recursive verifier TranslatorVerifier translator_verifier{ builder, verification_keys.translator_verification_key, diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp index 80ee773f2df..ff68204e443 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp @@ -113,7 +113,7 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) // Tamper with the ECCVM proof for (auto& val : proof.eccvm_proof.pre_ipa_proof) { - if (val > 0) { // tamper by finding the tenth non-zero value and incrementing it by 1 + if (val > 0) { // tamper by finding the first non-zero value and incrementing it by 1 // tamper by finding the first non-zero value // and incrementing it by 1 val += 1; @@ -123,8 +123,10 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) Builder builder; GoblinRecursiveVerifier verifier{ &builder, verifier_input }; + verifier.verify(proof); - EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == -opening_claim.commitment.get_value.*)"); + // EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == + // -opening_claim.commitment.get_value.*)"); } /** From 3c83148f715ec04bb35ca18cbe74bbedca148a8b Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 15 Nov 2024 01:16:42 +0000 Subject: [PATCH 13/26] make accumulate also generate the ipa proof --- .../commitment_schemes/ipa/ipa.hpp | 21 ++++++++++++++----- .../ipa_recursive.test.cpp | 10 +++------ 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 597b7c54071..933b7ca6553 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -749,8 +749,8 @@ template class IPA { } /** - * @brief Takes two IPA claims and accumulates them into 1 IPA claim. - * @details We create an IPA accumulator by running the IPA recursive verifier on each claim. Then, we generate challenges, and use these challenges to compute the new accumulator. We also create the accumulated polynomial. + * @brief Takes two IPA claims and accumulates them into 1 IPA claim. Also computes IPA proof for the claim. + * @details We create an IPA accumulator by running the IPA recursive verifier on each claim. Then, we generate challenges, and use these challenges to compute the new accumulator. We also create the accumulated polynomial, and generate the IPA proof for the accumulated claim. * More details are described here: https://hackmd.io/IXoLIPhVT_ej8yhZ_Ehvuw?both. * * @param verifier_ck @@ -758,11 +758,12 @@ template class IPA { * @param claim_1 * @param transcript_2 * @param claim_2 - * @return std::pair, Polynomial> + * @return std::pair, HonkProof> */ - static std::pair, Polynomial> accumulate(auto& transcript_1, OpeningClaim claim_1, auto& transcript_2, OpeningClaim claim_2) + static std::pair, HonkProof> accumulate(const std::shared_ptr>& ck, auto& transcript_1, OpeningClaim claim_1, auto& transcript_2, OpeningClaim claim_2) requires Curve::is_stdlib_type { + using NativeCurve = curve::Grumpkin; using Builder = typename Curve::Builder; // Step 1: Run the verifier for each IPA instance VerifierAccumulator pair_1 = reduce_verify(claim_1, transcript_1); @@ -797,7 +798,17 @@ template class IPA { Builder* builder = r.get_context(); builder->add_ipa_claim(output_claim.get_witness_indices()); - return {output_claim, create_challenge_poly(uint32_t(pair_1.log_poly_length.get_value()), native_u_challenges_inv_1, uint32_t(pair_2.log_poly_length.get_value()), native_u_challenges_inv_2, fq(alpha.get_value()))}; + // Compute proof for the claim + auto prover_transcript = std::make_shared(); + const OpeningPair opening_pair{ bb::fq(output_claim.opening_pair.challenge.get_value()), + bb::fq(output_claim.opening_pair.evaluation.get_value()) }; + Polynomial challenge_poly = create_challenge_poly(uint32_t(pair_1.log_poly_length.get_value()), native_u_challenges_inv_1, uint32_t(pair_2.log_poly_length.get_value()), native_u_challenges_inv_2, fq(alpha.get_value())); + + ASSERT(challenge_poly.evaluate(opening_pair.challenge) == opening_pair.evaluation && "Opening claim does not hold for challenge polynomial."); + + IPA::compute_opening_proof(ck, { challenge_poly, opening_pair }, prover_transcript); + + return {output_claim, prover_transcript->proof_data}; } }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp index 8b59b2b90b8..31931b2e5fc 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp @@ -158,25 +158,21 @@ class IPARecursiveTests : public CommitmentTest { // Creates two IPA accumulators and accumulators from the two claims. Also constructs the accumulated h // polynomial. - auto [output_claim, challenge_poly] = RecursiveIPA::accumulate(transcript_1, claim_1, transcript_2, claim_2); + auto [output_claim, ipa_proof] = + RecursiveIPA::accumulate(this->ck(), transcript_1, claim_1, transcript_2, claim_2); builder.finalize_circuit(/*ensure_nonzero=*/false); info("Circuit with 2 IPA Recursive Verifiers and IPA Accumulation num finalized gates = ", builder.get_num_finalized_gates()); EXPECT_TRUE(CircuitChecker::check(builder)); - // Run the IPA prover on this new accumulated claim. - auto prover_transcript = std::make_shared(); const OpeningPair opening_pair{ bb::fq(output_claim.opening_pair.challenge.get_value()), bb::fq(output_claim.opening_pair.evaluation.get_value()) }; Commitment native_comm = output_claim.commitment.get_value(); const OpeningClaim opening_claim{ opening_pair, native_comm }; - NativeIPA::compute_opening_proof(this->ck(), { challenge_poly, opening_pair }, prover_transcript); - - EXPECT_EQ(challenge_poly.evaluate(opening_pair.challenge), opening_pair.evaluation); // Natively verify this proof to check it. - auto verifier_transcript = std::make_shared(prover_transcript->proof_data); + auto verifier_transcript = std::make_shared(ipa_proof); auto result = NativeIPA::reduce_verify(this->vk(), opening_claim, verifier_transcript); EXPECT_TRUE(result); From ee9855107ce02d9c001238d46f539311622139f7 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Fri, 15 Nov 2024 22:56:45 +0000 Subject: [PATCH 14/26] add ipa claim/proof to tube --- barretenberg/cpp/CMakeLists.txt | 2 +- barretenberg/cpp/src/barretenberg/bb/main.cpp | 7 ++++++- .../cpp/src/barretenberg/client_ivc/client_ivc.cpp | 4 ++-- .../ipa_recursive.test.cpp | 4 ++-- .../commitment_schemes_recursion/shplemini.test.cpp | 2 +- .../commitment_schemes_recursion/zeromorph.test.cpp | 2 +- .../cpp/src/barretenberg/goblin/mock_circuits.hpp | 4 ++-- .../client_ivc_recursive_verifier.cpp | 7 +++++-- .../client_ivc_recursive_verifier.hpp | 4 +++- .../client_ivc_recursive_verifier.test.cpp | 12 +++++++++--- .../eccvm_verifier/eccvm_recursive_verifier.cpp | 4 ++-- .../eccvm_verifier/eccvm_recursive_verifier.test.cpp | 3 ++- .../goblin_verifier/goblin_recursive_verifier.cpp | 6 ++---- .../goblin_verifier/goblin_recursive_verifier.hpp | 12 +++++++++++- .../goblin_recursive_verifier.test.cpp | 3 ++- .../goblin_verifier/merge_recursive_verifier.cpp | 2 +- .../honk_verifier/decider_recursive_verifier.cpp | 2 +- .../honk_verifier/ultra_recursive_verifier.cpp | 2 +- .../protogalaxy_recursive_verifier.test.cpp | 12 ++++++++---- .../stdlib/transcript/transcript.test.cpp | 8 ++++---- .../translator_recursive_verifier.cpp | 2 +- .../translator_recursive_verifier.test.cpp | 2 +- .../ultra_circuit_builder.hpp | 2 ++ .../stdlib_circuit_builders/ultra_flavor.hpp | 1 + .../cpp/src/barretenberg/transcript/transcript.hpp | 11 ++++++++++- .../barretenberg/ultra_honk/decider_proving_key.hpp | 1 + .../vm/avm/generated/recursive_verifier.cpp | 2 +- 27 files changed, 83 insertions(+), 40 deletions(-) diff --git a/barretenberg/cpp/CMakeLists.txt b/barretenberg/cpp/CMakeLists.txt index 302e997f434..d911924130a 100644 --- a/barretenberg/cpp/CMakeLists.txt +++ b/barretenberg/cpp/CMakeLists.txt @@ -27,7 +27,7 @@ endif(DOXYGEN_FOUND) option(DISABLE_ASM "Disable custom assembly" OFF) option(DISABLE_ADX "Disable ADX assembly variant" OFF) -option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF) +option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON) option(MULTITHREADING "Enable multi-threading" ON) option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF) option(FUZZING "Build ONLY fuzzing harnesses" OFF) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 8daccc33257..c8293ffb768 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -596,7 +596,8 @@ void prove_tube(const std::string& output_path) } ClientIVC verifier{ builder, input }; - verifier.verify(proof); + stdlib::recursion::honk::ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput + client_ivc_rec_verifier_output = verifier.verify(proof); PairingPointAccumulatorIndices current_aggregation_object = stdlib::recursion::init_default_agg_obj_indices(*builder); @@ -605,6 +606,10 @@ void prove_tube(const std::string& output_path) // This is currently just setting the aggregation object to the default one. builder->add_pairing_point_accumulator(current_aggregation_object); + // The tube only calls an IPA recursive verifier once, so we can just add this IPA claim and proof + builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices()); + builder->ipa_proof = convert_stdlib_proof_to_native(client_ivc_rec_verifier_output.ipa_transcript->proof_data); + using Prover = UltraProver_; using Verifier = UltraVerifier_; Prover tube_prover{ *builder }; diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 9119e17f6ea..ce873d3cafd 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -25,7 +25,7 @@ void ClientIVC::instantiate_stdlib_verification_queue( size_t key_idx = 0; for (auto& [proof, vkey, type] : verification_queue) { // Construct stdlib proof directly from the internal native queue data - auto stdlib_proof = bb::convert_proof_to_witness(&circuit, proof); + auto stdlib_proof = bb::convert_native_proof_to_stdlib(&circuit, proof); // Use the provided stdlib vkey if present, otherwise construct one from the internal native queue auto stdlib_vkey = @@ -261,7 +261,7 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() auto stdlib_decider_vk = std::make_shared(&builder, verification_queue[0].honk_verification_key); - auto stdlib_proof = bb::convert_proof_to_witness(&builder, fold_proof); + auto stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, fold_proof); // Perform recursive folding verification of the last folding proof FoldingRecursiveVerifier folding_verifier{ &builder, stdlib_verifier_accumulator, { stdlib_decider_vk } }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp index 31931b2e5fc..fa55d812441 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/ipa_recursive.test.cpp @@ -56,8 +56,8 @@ class IPARecursiveTests : public CommitmentTest { OpeningClaim stdlib_opening_claim{ { stdlib_x, stdlib_eval }, stdlib_comm }; // Construct stdlib verifier transcript - auto recursive_verifier_transcript = - std::make_shared(bb::convert_proof_to_witness(&builder, prover_transcript->proof_data)); + auto recursive_verifier_transcript = std::make_shared( + bb::convert_native_proof_to_stdlib(&builder, prover_transcript->proof_data)); return { recursive_verifier_transcript, stdlib_opening_claim }; } diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp index b94b0c95085..97051dc2b08 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp @@ -88,7 +88,7 @@ TEST(ShpleminiRecursionTest, ProveAndVerifySingle) N, RefVector(f_polynomials), RefVector(g_polynomials), u_challenge, commitment_key, prover_transcript); KZG::compute_opening_proof(commitment_key, prover_opening_claims, prover_transcript); Builder builder; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, prover_transcript->proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, prover_transcript->proof_data); auto stdlib_verifier_transcript = std::make_shared(stdlib_proof); stdlib_verifier_transcript->template receive_from_prover("Init"); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp index 5c6f22d6af4..fb70282a51f 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/zeromorph.test.cpp @@ -95,7 +95,7 @@ TEST(ZeroMorphRecursionTest, ProveAndVerifySingle) prover_transcript); Builder builder; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, prover_transcript->proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, prover_transcript->proof_data); auto stdlib_verifier_transcript = std::make_shared(stdlib_proof); [[maybe_unused]] auto _ = stdlib_verifier_transcript->template receive_from_prover("Init"); diff --git a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp index 2ddcdfb2038..e8e5e51ff6b 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp @@ -212,7 +212,7 @@ class GoblinMockCircuits { // Execute recursive aggregation of function proof auto verification_key = std::make_shared(&builder, function_accum.verification_key); - auto proof = bb::convert_proof_to_witness(&builder, function_accum.proof); + auto proof = bb::convert_native_proof_to_stdlib(&builder, function_accum.proof); RecursiveVerifier verifier1{ &builder, verification_key }; verifier1.verify_proof( proof, stdlib::recursion::init_default_aggregation_state(builder)); @@ -221,7 +221,7 @@ class GoblinMockCircuits { if (!prev_kernel_accum.proof.empty()) { auto verification_key = std::make_shared(&builder, prev_kernel_accum.verification_key); - auto proof = bb::convert_proof_to_witness(&builder, prev_kernel_accum.proof); + auto proof = bb::convert_native_proof_to_stdlib(&builder, prev_kernel_accum.proof); RecursiveVerifier verifier2{ &builder, verification_key }; verifier2.verify_proof( proof, stdlib::recursion::init_default_aggregation_state(builder)); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 15f7ce40f3d..08e171d1d54 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -8,7 +8,8 @@ namespace bb::stdlib::recursion::honk { * @todo (https://github.com/AztecProtocol/barretenberg/issues/934): Add logic for accumulating the pairing points * produced by the verifiers (and potentially IPA accumulators for ECCVM verifier) */ -void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) +ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput ClientIVCRecursiveVerifier::verify( + const ClientIVC::Proof& proof) { // Construct stdlib Mega verification key auto stdlib_mega_vk = @@ -24,7 +25,9 @@ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) // Perform Goblin recursive verification GoblinVerifier goblin_verifier{ builder.get(), verifier_input.goblin_input }; - goblin_verifier.verify(proof.goblin_proof); + GoblinRecursiveVerifierOutput output = goblin_verifier.verify(proof.goblin_proof); + + return output; } } // namespace bb::stdlib::recursion::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp index d6954bb0532..d38b89d6232 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp @@ -21,6 +21,8 @@ class ClientIVCRecursiveVerifier { using Proof = ClientIVC::Proof; using FoldVerifierInput = FoldingVerifier::VerifierInput; using GoblinVerifierInput = GoblinVerifier::VerifierInput; + using ClientIVCRecursiveVerifierOutput = GoblinRecursiveVerifierOutput; + struct VerifierInput { std::shared_ptr mega_verification_key; GoblinVerifierInput goblin_input; @@ -30,7 +32,7 @@ class ClientIVCRecursiveVerifier { : builder(builder) , verifier_input(verifier_input){}; - void verify(const ClientIVC::Proof&); + ClientIVCRecursiveVerifierOutput verify(const ClientIVC::Proof&); private: std::shared_ptr builder; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 3b2fa2923de..4d5fefe1cd0 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -85,7 +85,7 @@ TEST_F(ClientIVCRecursionTests, Basic) ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit - verifier.verify(proof); + ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput output = verifier.verify(proof); EXPECT_EQ(builder->failed(), false) << builder->err(); @@ -107,10 +107,16 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) ClientIVCVerifier verifier{ tube_builder, verifier_input }; // Generate the recursive verification circuit - verifier.verify(proof); + ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput client_ivc_rec_verifier_output = + verifier.verify(proof); + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): fix this by taking it from the output instead of + // just using default. tube_builder->add_pairing_point_accumulator( stdlib::recursion::init_default_agg_obj_indices(*tube_builder)); + // The tube only calls an IPA recursive verifier once, so we can just add this IPA claim and proof + tube_builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices()); + tube_builder->ipa_proof = convert_stdlib_proof_to_native(client_ivc_rec_verifier_output.ipa_transcript->proof_data); info("ClientIVC Recursive Verifier: num prefinalized gates = ", tube_builder->num_gates); @@ -126,7 +132,7 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) Builder base_builder; auto native_vk = std::make_shared(proving_key->proving_key); auto vk = std::make_shared(&base_builder, native_vk); - auto tube_proof = bb::convert_proof_to_witness(&base_builder, native_tube_proof); + auto tube_proof = bb::convert_native_proof_to_stdlib(&base_builder, native_tube_proof); UltraRecursiveVerifier base_verifier{ &base_builder, vk }; base_verifier.verify_proof(tube_proof, stdlib::recursion::init_default_aggregation_state(base_builder)); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index ec359be3589..9bd8ce5a3b2 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -28,8 +28,8 @@ ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) RelationParameters relation_parameters; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof.pre_ipa_proof); - StdlibProof stdlib_ipa_proof = bb::convert_proof_to_witness(builder, proof.ipa_proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof.pre_ipa_proof); + StdlibProof stdlib_ipa_proof = bb::convert_native_proof_to_stdlib(builder, proof.ipa_proof); transcript = std::make_shared(stdlib_proof); ipa_transcript = std::make_shared(stdlib_ipa_proof); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp index 0aae8567845..8c5581e22b6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.test.cpp @@ -83,7 +83,8 @@ template class ECCVMRecursiveTests : public ::testing info("ECCVM Recursive Verifier"); OuterBuilder outer_circuit; RecursiveVerifier verifier{ &outer_circuit, verification_key }; - verifier.verify_proof(proof); + auto [opening_claim, ipa_transcript] = verifier.verify_proof(proof); + info("Recursive Verifier: num gates = ", outer_circuit.get_estimated_num_finalized_gates()); // Check for a failure flag in the recursive verifier circuit diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp index e2f802cf5e9..b9bf165bc96 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.cpp @@ -8,15 +8,12 @@ namespace bb::stdlib::recursion::honk { * @todo https://github.com/AztecProtocol/barretenberg/issues/934: Add logic for accumulating the pairing points * produced by the translator and merge verifier (and potentially IPA accumulators for ECCVM verifier) */ -void GoblinRecursiveVerifier::verify(const GoblinProof& proof) +GoblinRecursiveVerifierOutput GoblinRecursiveVerifier::verify(const GoblinProof& proof) { // Run the ECCVM recursive verifier ECCVMVerifier eccvm_verifier{ builder, verification_keys.eccvm_verification_key }; auto [opening_claim, ipa_transcript] = eccvm_verifier.verify_proof(proof.eccvm_proof); - // Assuming the GoblinRecursiveVerifier can only be called at most once per circuit, we can add the claim to the - // builder. - builder->add_ipa_claim(opening_claim.get_witness_indices()); // Run the Translator recursive verifier TranslatorVerifier translator_verifier{ builder, verification_keys.translator_verification_key, @@ -39,5 +36,6 @@ void GoblinRecursiveVerifier::verify(const GoblinProof& proof) MergeVerifier merge_verifier{ builder }; merge_verifier.verify_proof(proof.merge_proof); + return { opening_claim, ipa_transcript }; } } // namespace bb::stdlib::recursion::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp index 92ae344af66..a3c0828ce90 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.hpp @@ -5,6 +5,16 @@ #include "barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.hpp" namespace bb::stdlib::recursion::honk { + +struct GoblinRecursiveVerifierOutput { + using Builder = UltraCircuitBuilder; + using ECCVMFlavor = ECCVMRecursiveFlavor_; + using Curve = grumpkin; + using Transcript = bb::BaseTranscript>; + OpeningClaim opening_claim; + std::shared_ptr ipa_transcript; +}; + class GoblinRecursiveVerifier { public: // Goblin Recursive Verifier circuit is using Ultra arithmetisation @@ -35,7 +45,7 @@ class GoblinRecursiveVerifier { * * @todo(https://github.com/AztecProtocol/barretenberg/issues/991): The GoblinProof should aleady be a stdlib proof */ - void verify(const GoblinProof&); + GoblinRecursiveVerifierOutput verify(const GoblinProof&); private: Builder* builder; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp index ff68204e443..a668e00f82e 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp @@ -123,8 +123,9 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) Builder builder; GoblinRecursiveVerifier verifier{ &builder, verifier_input }; - verifier.verify(proof); + GoblinRecursiveVerifierOutput goblin_rec_verifier_output = verifier.verify(proof); + static_cast(goblin_rec_verifier_output); // EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == // -opening_claim.commitment.get_value.*)"); } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp index 593564fe4ed..6f3ea52555c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/merge_recursive_verifier.cpp @@ -19,7 +19,7 @@ std::array::Element, 2> MergeRecursiveVerifier_ stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); transcript = std::make_shared(stdlib_proof); // Receive commitments [t_i^{shift}], [T_{i-1}], and [T_i] diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp index 3bbb2611cfb..8e9a4cb4998 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp @@ -19,7 +19,7 @@ std::array DeciderRecursiveVerifier_:: using VerifierCommitments = typename Flavor::VerifierCommitments; using Transcript = typename Flavor::Transcript; - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); transcript = std::make_shared(stdlib_proof); VerifierCommitments commitments{ accumulator->verification_key, accumulator->witness_commitments }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp index 26c2297b41d..2bd074dfd97 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp @@ -27,7 +27,7 @@ template UltraRecursiveVerifier_::AggregationObject UltraRecursiveVerifier_::verify_proof( const HonkProof& proof, AggregationObject agg_obj) { - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); return verify_proof(stdlib_proof, agg_obj); } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp index 84a1b22d036..81586173b6c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp @@ -203,7 +203,8 @@ template class ProtogalaxyRecursiveTests : public tes auto recursive_decider_vk_1 = std::make_shared(&folding_circuit, decider_vk_1); auto recursive_decider_vk_2 = std::make_shared(&folding_circuit, decider_vk_2->verification_key); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&folding_circuit, folding_proof.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&folding_circuit, folding_proof.proof); auto verifier = FoldingRecursiveVerifier{ &folding_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; @@ -292,7 +293,8 @@ template class ProtogalaxyRecursiveTests : public tes auto recursive_decider_vk_1 = std::make_shared(&folding_circuit, decider_vk_1); auto recursive_decider_vk_2 = std::make_shared(&folding_circuit, decider_vk_2->verification_key); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&folding_circuit, folding_proof.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&folding_circuit, folding_proof.proof); auto verifier = FoldingRecursiveVerifier{ &folding_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; @@ -398,7 +400,8 @@ template class ProtogalaxyRecursiveTests : public tes std::make_shared(&folding_circuit, verifier_accumulator); auto recursive_decider_vk_2 = std::make_shared(&folding_circuit, verifier_inst->verification_key); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&folding_circuit, folding_proof.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&folding_circuit, folding_proof.proof); auto verifier = FoldingRecursiveVerifier{ &folding_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; @@ -436,7 +439,8 @@ template class ProtogalaxyRecursiveTests : public tes auto recursive_decider_vk_1 = std::make_shared(&verifier_circuit, honk_vk_1); auto recursive_decider_vk_2 = std::make_shared(&verifier_circuit, honk_vk_2); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&verifier_circuit, fold_result.proof); + StdlibProof stdlib_proof = + bb::convert_native_proof_to_stdlib(&verifier_circuit, fold_result.proof); auto verifier = FoldingRecursiveVerifier{ &verifier_circuit, recursive_decider_vk_1, { recursive_decider_vk_2 } }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp index 0344b1f8835..debefb03a5d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/transcript/transcript.test.cpp @@ -111,7 +111,7 @@ TEST(RecursiveHonkTranscript, InterfacesMatch) EXPECT_EQ(prover_transcript.get_manifest(), native_transcript.get_manifest()); // Instantiate a stdlib Transcript and perform the same operations - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript transcript{ stdlib_proof }; perform_mock_verifier_transcript_operations(transcript); @@ -164,7 +164,7 @@ TEST(RecursiveHonkTranscript, ReturnValuesMatch) auto [native_alpha, native_beta] = native_transcript.template get_challenges("alpha", "beta"); // Perform the same operations with the stdlib verifier transcript - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript stdlib_transcript{ stdlib_proof }; auto stdlib_scalar = stdlib_transcript.template receive_from_prover("scalar"); auto stdlib_commitment = stdlib_transcript.template receive_from_prover("commitment"); @@ -210,7 +210,7 @@ TEST(RecursiveTranscript, InfinityConsistencyGrumpkin) verifier_transcript.receive_from_prover("infinity"); auto verifier_challenge = verifier_transcript.get_challenge("challenge"); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript stdlib_transcript{ stdlib_proof }; auto stdlib_infinity = stdlib_transcript.receive_from_prover("infinity"); EXPECT_TRUE(stdlib_infinity.is_point_at_infinity().get_value()); @@ -248,7 +248,7 @@ TEST(RecursiveTranscript, InfinityConsistencyBN254) verifier_transcript.receive_from_prover("infinity"); auto verifier_challenge = verifier_transcript.get_challenge("challenge"); - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&builder, proof_data); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&builder, proof_data); StdlibTranscript stdlib_transcript{ stdlib_proof }; auto stdlib_commitment = stdlib_transcript.receive_from_prover("infinity"); EXPECT_TRUE(stdlib_commitment.is_point_at_infinity().get_value()); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp index 2849fdd48b5..ce321b18ea8 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp @@ -66,7 +66,7 @@ std::array TranslatorRecursiveVerifier_ stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); transcript->load_proof(stdlib_proof); batching_challenge_v = transcript->template get_challenge("Translation:batching_challenge"); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp index 27de41a35d3..1e2ab4beac0 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.test.cpp @@ -75,7 +75,7 @@ template class TranslatorRecursiveTests : public ::te OuterBuilder outer_circuit; // Mock a previous verifier that would in reality be the ECCVM recursive verifier - StdlibProof stdlib_proof = bb::convert_proof_to_witness(&outer_circuit, fake_inital_proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(&outer_circuit, fake_inital_proof); auto transcript = std::make_shared(stdlib_proof); transcript->template receive_from_prover("init"); diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp index 821339329fc..5e7db5a2f47 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp @@ -331,6 +331,8 @@ class UltraCircuitBuilder_ : public CircuitBuilderBase ipa_proof; + void process_non_native_field_multiplications(); UltraCircuitBuilder_(const size_t size_hint = 0) : CircuitBuilderBase(size_hint) diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 1fc4281c793..e524d22fb62 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -354,6 +354,7 @@ class UltraFlavor { bool contains_ipa_claim; IPAClaimPubInputIndices ipa_claim_public_input_indices; + HonkProof ipa_proof; ProvingKey() = default; ProvingKey(const size_t dyadic_circuit_size, diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index 06f69bdcb13..fa7853a3d96 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -441,7 +441,7 @@ template class BaseTranscript { }; template -static bb::StdlibProof convert_proof_to_witness(Builder* builder, const HonkProof& proof) +static bb::StdlibProof convert_native_proof_to_stdlib(Builder* builder, const HonkProof& proof) { bb::StdlibProof result; for (const auto& element : proof) { @@ -450,6 +450,15 @@ static bb::StdlibProof convert_proof_to_witness(Builder* builder, const return result; } +template static bb::HonkProof convert_stdlib_proof_to_native(const StdlibProof& proof) +{ + bb::HonkProof result; + for (const auto& element : proof) { + result.push_back(element.get_value()); + } + return result; +} + using NativeTranscript = BaseTranscript; /////////////////////////////////////////// diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index 5c0e42ec900..02101aae370 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -306,6 +306,7 @@ template class DeciderProvingKey_ { if constexpr (DoesRecursiveIPA) { // Set the IPA claim indices proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; proving_key.contains_ipa_claim = circuit.contains_ipa_claim; + proving_key.ipa_proof = circuit.ipa_proof; } // Set the pairing point accumulator indices proving_key.pairing_point_accumulator_public_input_indices = diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp index d61e6d7f0be..71518f7b6cf 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/recursive_verifier.cpp @@ -48,7 +48,7 @@ template AvmRecursiveVerifier_::AggregationObject AvmRecursiveVerifier_::verify_proof( const HonkProof& proof, const std::vector>& public_inputs_vec_nt, AggregationObject agg_obj) { - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); std::vector> public_inputs_ct; public_inputs_ct.reserve(public_inputs_vec_nt.size()); From 36a7cf16db28ce0d0770eddf85f85bf43a02b0cd Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Sat, 16 Nov 2024 00:22:42 +0000 Subject: [PATCH 15/26] add ipa verification to native UltraVerifier --- .../commitment_schemes/ipa/ipa.hpp | 8 +++--- .../ultra_honk/ultra_verifier.cpp | 27 +++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp index 933b7ca6553..c3e5bae6705 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp @@ -794,9 +794,6 @@ template class IPA { for (Fr u_inv_i : pair_2.u_challenges_inv) { native_u_challenges_inv_2.push_back(bb::fq(u_inv_i.get_value())); } - // Add IPA Claim to public inputs of circuit - Builder* builder = r.get_context(); - builder->add_ipa_claim(output_claim.get_witness_indices()); // Compute proof for the claim auto prover_transcript = std::make_shared(); @@ -808,6 +805,11 @@ template class IPA { IPA::compute_opening_proof(ck, { challenge_poly, opening_pair }, prover_transcript); + // Since we know this circuit will not have any more IPA claims to accumulate, add IPA Claim to public inputs of circuit and add the proof to the builder. + Builder* builder = r.get_context(); + builder->add_ipa_claim(output_claim.get_witness_indices()); + builder->ipa_proof = prover_transcript->proof_data; + return {output_claim, prover_transcript->proof_data}; } }; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index d43f4cadb1c..0579f783e91 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -22,6 +22,33 @@ template bool UltraVerifier_::verify_proof(const HonkP transcript->template get_challenge("Sumcheck:gate_challenge_" + std::to_string(idx))); } + const auto recover_fq_from_public_inputs = [](std::array limbs) { + const uint256_t limb = uint256_t(limbs[0]) + + (uint256_t(limbs[1]) << stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION) + + (uint256_t(limbs[2]) << (stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION * 2)) + + (uint256_t(limbs[3]) << (stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION * 3)); + return fq(limb); + }; + + // Parse out the nested IPA claim using key->ipa_claim_public_input_indices + if constexpr (DoesRecursiveIPA) { + if (verification_key->verification_key->contains_ipa_claim) { + OpeningClaim ipa_claim; + std::array bigfield_limbs; + for (size_t k = 0; k < 4; k++) { + bigfield_limbs[k] = + verification_key + ->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[k]]; + } + ipa_claim.opening_pair.challenge = recover_fq_from_public_inputs(bigfield_limbs); + ipa_claim.opening_pair.evaluation = 0; + ipa_claim.commitment = { + verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[4]], + verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[5]] + }; + } + } + DeciderVerifier decider_verifier{ verification_key, transcript }; return decider_verifier.verify(); From d1cd1cd8b5d0f3af4c46177a03ad9ebb47bc8ace Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 17:49:20 +0000 Subject: [PATCH 16/26] add native verifier to client ivc recursive verifier test --- .../client_ivc_recursive_verifier.test.cpp | 7 ++++++- .../barretenberg/ultra_honk/ultra_verifier.cpp | 15 ++++++++++++++- .../barretenberg/ultra_honk/ultra_verifier.hpp | 3 +-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index a8a57db3722..20f4bf6b78c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -126,8 +126,13 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) UltraProver tube_prover{ proving_key }; auto native_tube_proof = tube_prover.construct_proof(); - Builder base_builder; + // Natively verify the tube proof auto native_vk = std::make_shared(proving_key->proving_key); + UltraVerifier native_verifier(native_vk); + EXPECT_TRUE(native_verifier.verify_proof(native_tube_proof, tube_prover.proving_key->proving_key.ipa_proof)); + + // Construct a base rollup circuit that recursively verifies the tube proof. + Builder base_builder; auto vk = std::make_shared(&base_builder, native_vk); auto tube_proof = bb::convert_native_proof_to_stdlib(&base_builder, native_tube_proof); UltraRecursiveVerifier base_verifier{ &base_builder, vk }; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 0579f783e91..a4c50f85b3b 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -1,4 +1,5 @@ #include "./ultra_verifier.hpp" +#include "barretenberg/commitment_schemes/ipa/ipa.hpp" #include "barretenberg/numeric/bitop/get_msb.hpp" #include "barretenberg/transcript/transcript.hpp" #include "barretenberg/ultra_honk/oink_verifier.hpp" @@ -9,7 +10,7 @@ namespace bb { * @brief This function verifies an Ultra Honk proof for a given Flavor. * */ -template bool UltraVerifier_::verify_proof(const HonkProof& proof) +template bool UltraVerifier_::verify_proof(const HonkProof& proof, const HonkProof& ipa_proof) { using FF = typename Flavor::FF; @@ -46,6 +47,18 @@ template bool UltraVerifier_::verify_proof(const HonkP verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[4]], verification_key->public_inputs[verification_key->verification_key->ipa_claim_public_input_indices[5]] }; + + // verify the ipa_proof with this claim + auto crs_factory = std::make_shared>( + "../srs_db/grumpkin", (1 << CONST_ECCVM_LOG_N)); + auto grumpkin_verifier_commitment_key = + std::make_shared>((1 << CONST_ECCVM_LOG_N), crs_factory); + auto ipa_transcript = std::make_shared(ipa_proof); + bool ipa_result = + IPA::reduce_verify(grumpkin_verifier_commitment_key, ipa_claim, ipa_transcript); + if (!ipa_result) { + return false; + } } } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index 7365303b655..70a3f415548 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -12,7 +12,6 @@ template class UltraVerifier_ { using FF = typename Flavor::FF; using Commitment = typename Flavor::Commitment; using VerificationKey = typename Flavor::VerificationKey; - using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Transcript = typename Flavor::Transcript; using DeciderVK = DeciderVerificationKey_; using DeciderVerifier = DeciderVerifier_; @@ -22,7 +21,7 @@ template class UltraVerifier_ { : verification_key(std::make_shared(verifier_key)) {} - bool verify_proof(const HonkProof& proof); + bool verify_proof(const HonkProof& proof, const HonkProof& ipa_proof = {}); std::shared_ptr transcript{ nullptr }; std::shared_ptr verification_key; From 9d34263422a75b14a3c99186249e3e20d561d47c Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 18:44:39 +0000 Subject: [PATCH 17/26] update some tests --- barretenberg/cpp/CMakeLists.txt | 2 +- .../src/barretenberg/commitment_schemes/claim.hpp | 10 ++++++++++ .../goblin_recursive_verifier.test.cpp | 13 ++++++++++--- .../flavor_serialization.test.cpp | 5 ----- 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/barretenberg/cpp/CMakeLists.txt b/barretenberg/cpp/CMakeLists.txt index d911924130a..302e997f434 100644 --- a/barretenberg/cpp/CMakeLists.txt +++ b/barretenberg/cpp/CMakeLists.txt @@ -27,7 +27,7 @@ endif(DOXYGEN_FOUND) option(DISABLE_ASM "Disable custom assembly" OFF) option(DISABLE_ADX "Disable ADX assembly variant" OFF) -option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON) +option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF) option(MULTITHREADING "Enable multi-threading" ON) option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF) option(FUZZING "Build ONLY fuzzing harnesses" OFF) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index 8ae0917576b..f039e6a7f3b 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -67,6 +67,16 @@ template class OpeningClaim { commitment.x.normalize().witness_index, // no idea if we need these normalize() calls... commitment.y.normalize().witness_index }; } + + auto get_native_opening_claim() const + requires(Curve::is_stdlib_type) + { + return OpeningClaim{ + { static_cast(opening_pair.challenge.get_value()), + static_cast(opening_pair.evaluation.get_value()) }, + commitment.get_value() + }; + } /** * @brief inefficiently check that the claim is correct by recomputing the commitment * and evaluating the polynomial in r. diff --git a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp index a668e00f82e..a7f9512ec9b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/goblin_verifier/goblin_recursive_verifier.test.cpp @@ -125,9 +125,16 @@ TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure) GoblinRecursiveVerifier verifier{ &builder, verifier_input }; GoblinRecursiveVerifierOutput goblin_rec_verifier_output = verifier.verify(proof); - static_cast(goblin_rec_verifier_output); - // EXPECT_DEBUG_DEATH(verifier.verify(proof), "(ipa_relation.get_value.* == - // -opening_claim.commitment.get_value.*)"); + auto crs_factory = + std::make_shared>("../srs_db/grumpkin", 1 << CONST_ECCVM_LOG_N); + auto grumpkin_verifier_commitment_key = + std::make_shared>(1 << CONST_ECCVM_LOG_N, crs_factory); + OpeningClaim native_claim = goblin_rec_verifier_output.opening_claim.get_native_opening_claim(); + auto native_ipa_transcript = std::make_shared( + convert_stdlib_proof_to_native(goblin_rec_verifier_output.ipa_transcript->proof_data)); + + EXPECT_FALSE( + IPA::reduce_verify(grumpkin_verifier_commitment_key, native_claim, native_ipa_transcript)); } /** diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp index 2b5de9630ef..162385bdcba 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/flavor_serialization.test.cpp @@ -47,11 +47,6 @@ TYPED_TEST(FlavorSerializationTests, VerificationKeySerialization) // Set the pcs ptr to null since this will not be reconstructed correctly from buffer original_vkey.pcs_verification_key = nullptr; - // probably not needed - if constexpr (DoesRecursiveIPA) { - original_vkey.contains_ipa_claim = 0; - original_vkey.ipa_claim_public_input_indices = std::array{ 0, 0, 0, 0, 0, 0 }; - } // Populate some non-zero values in the databus_propagation_data to ensure its being handled if constexpr (IsMegaBuilder) { original_vkey.databus_propagation_data.app_return_data_public_input_idx = 2; From e260b878ef6ffd4cd0509cf0f8e13a2253242495 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 18:46:08 +0000 Subject: [PATCH 18/26] update avm file --- bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs b/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs index 3e7d779b523..80e5538a7d1 100644 --- a/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs +++ b/bb-pilcom/bb-pil-backend/templates/recursive_verifier.cpp.hbs @@ -48,7 +48,7 @@ template {{name}}RecursiveVerifier_::AggregationObject {{name}}RecursiveVerifier_::verify_proof( const HonkProof& proof, const std::vector>& public_inputs_vec_nt, AggregationObject agg_obj) { - StdlibProof stdlib_proof = bb::convert_proof_to_witness(builder, proof); + StdlibProof stdlib_proof = bb::convert_native_proof_to_stdlib(builder, proof); std::vector> public_inputs_ct; public_inputs_ct.reserve(public_inputs_vec_nt.size()); From dfc0b8188730baffb8dfea0553e0648ff08cb145 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 21:53:00 +0000 Subject: [PATCH 19/26] Remove long client ivc rec verifier output name --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 3 +-- .../client_ivc_recursive_verifier.cpp | 3 +-- .../client_ivc_recursive_verifier.hpp | 4 ++-- .../client_ivc_recursive_verifier.test.cpp | 9 ++++++--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 311bf8feff7..462b8e96072 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -590,8 +590,7 @@ void prove_tube(const std::string& output_path) } ClientIVC verifier{ builder, input }; - stdlib::recursion::honk::ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput - client_ivc_rec_verifier_output = verifier.verify(proof); + ClientIVC::Output client_ivc_rec_verifier_output = verifier.verify(proof); PairingPointAccumulatorIndices current_aggregation_object = stdlib::recursion::init_default_agg_obj_indices(*builder); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 08e171d1d54..90a7df0e894 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -8,8 +8,7 @@ namespace bb::stdlib::recursion::honk { * @todo (https://github.com/AztecProtocol/barretenberg/issues/934): Add logic for accumulating the pairing points * produced by the verifiers (and potentially IPA accumulators for ECCVM verifier) */ -ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput ClientIVCRecursiveVerifier::verify( - const ClientIVC::Proof& proof) +ClientIVCRecursiveVerifier::Output ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) { // Construct stdlib Mega verification key auto stdlib_mega_vk = diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp index d38b89d6232..4381b1f5faf 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp @@ -21,7 +21,7 @@ class ClientIVCRecursiveVerifier { using Proof = ClientIVC::Proof; using FoldVerifierInput = FoldingVerifier::VerifierInput; using GoblinVerifierInput = GoblinVerifier::VerifierInput; - using ClientIVCRecursiveVerifierOutput = GoblinRecursiveVerifierOutput; + using Output = GoblinRecursiveVerifierOutput; struct VerifierInput { std::shared_ptr mega_verification_key; @@ -32,7 +32,7 @@ class ClientIVCRecursiveVerifier { : builder(builder) , verifier_input(verifier_input){}; - ClientIVCRecursiveVerifierOutput verify(const ClientIVC::Proof&); + Output verify(const ClientIVC::Proof&); private: std::shared_ptr builder; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 20f4bf6b78c..9da1600ae8f 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -74,6 +74,8 @@ TEST_F(ClientIVCRecursionTests, NativeVerification) */ TEST_F(ClientIVCRecursionTests, Basic) { + using CIVCRecVerifierOutput = ClientIVCRecursiveVerifier::Output; + // Generate a genuine ClientIVC prover output ClientIVC ivc{ {}, /*auto_verify_mode=*/true }; auto [proof, verifier_input] = construct_client_ivc_prover_output(ivc); @@ -83,7 +85,7 @@ TEST_F(ClientIVCRecursionTests, Basic) ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit - ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput output = verifier.verify(proof); + CIVCRecVerifierOutput output = verifier.verify(proof); EXPECT_EQ(builder->failed(), false) << builder->err(); @@ -95,6 +97,8 @@ TEST_F(ClientIVCRecursionTests, Basic) TEST_F(ClientIVCRecursionTests, ClientTubeBase) { + using CIVCRecVerifierOutput = ClientIVCRecursiveVerifier::Output; + // Generate a genuine ClientIVC prover output ClientIVC ivc{ {}, /*auto_verify_mode=*/true }; auto [proof, verifier_input] = construct_client_ivc_prover_output(ivc); @@ -104,8 +108,7 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) ClientIVCVerifier verifier{ tube_builder, verifier_input }; // Generate the recursive verification circuit - ClientIVCRecursiveVerifier::ClientIVCRecursiveVerifierOutput client_ivc_rec_verifier_output = - verifier.verify(proof); + CIVCRecVerifierOutput client_ivc_rec_verifier_output = verifier.verify(proof); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): fix this by taking it from the output instead of // just using default. From ea3f929c4b44899f928c9b797f330c5a2c4429d2 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 22:27:46 +0000 Subject: [PATCH 20/26] add TODO --- barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp index f039e6a7f3b..27917a072fa 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp @@ -60,6 +60,8 @@ template class OpeningClaim { opening_pair.challenge.binary_basis_limbs[1].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[2].element.normalize().witness_index, opening_pair.challenge.binary_basis_limbs[3].element.normalize().witness_index, + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1153): Uncomment this when we turn the + // eval into witnesses. // opening_pair.evaluation.binary_basis_limbs[0].element.normalize().witness_index, // opening_pair.evaluation.binary_basis_limbs[1].element.normalize().witness_index, // opening_pair.evaluation.binary_basis_limbs[2].element.normalize().witness_index, From f8e919721a19a2787f287a964dad0608bb9e8b4e Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 22:27:57 +0000 Subject: [PATCH 21/26] rename concept --- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 2 +- .../cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp | 2 +- barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 9e2544e450b..0ea704d2eda 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -380,7 +380,7 @@ template concept HasDataBus = IsMegaFlavor; template -concept DoesRecursiveIPA = IsAnyOf; +concept HasIPAAccumulatorFlavor = IsAnyOf; template concept IsRecursiveFlavor = IsAnyOf, diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp index a9c2d8ba92f..e3f2c6a3a63 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_proving_key.hpp @@ -307,7 +307,7 @@ template class DeciderProvingKey_ { proving_key.public_inputs.emplace_back(proving_key.polynomials.w_r[idx]); } - if constexpr (DoesRecursiveIPA) { // Set the IPA claim indices + if constexpr (HasIPAAccumulatorFlavor) { // Set the IPA claim indices proving_key.ipa_claim_public_input_indices = circuit.ipa_claim_public_input_indices; proving_key.contains_ipa_claim = circuit.contains_ipa_claim; proving_key.ipa_proof = circuit.ipa_proof; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index a4c50f85b3b..672d0a3f2fa 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -32,7 +32,7 @@ template bool UltraVerifier_::verify_proof(const HonkP }; // Parse out the nested IPA claim using key->ipa_claim_public_input_indices - if constexpr (DoesRecursiveIPA) { + if constexpr (HasIPAAccumulatorFlavor) { if (verification_key->verification_key->contains_ipa_claim) { OpeningClaim ipa_claim; std::array bigfield_limbs; From 2adab6177ba31d7ffa8c712fb354a678ae56a19a Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Mon, 18 Nov 2024 22:47:03 +0000 Subject: [PATCH 22/26] addressed comments --- .../plonk_honk_shared/types/aggregation_object_type.hpp | 4 ++-- .../stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp | 4 ---- .../stdlib_circuit_builders/circuit_builder_base.hpp | 2 -- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp index f8662b9821a..99608cc626f 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/types/aggregation_object_type.hpp @@ -7,14 +7,14 @@ namespace bb { // An aggregation state is represented by two G1 affine elements. Each G1 point has // two field element coordinates (x, y). Thus, four base field elements // Four limbs are used when simulating a non-native field using the bigfield class, so 16 total field elements. -constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; +static constexpr uint32_t PAIRING_POINT_ACCUMULATOR_SIZE = 16; // PairingPointAccumulatorIndices represents an array of 16 witness indices pointing to the nested aggregation object. using PairingPointAccumulatorIndices = std::array; // PairingPointAccumulatorPubInputIndices represents an array of 16 public input indices pointing to the witness indices // of the nested aggregation object. using PairingPointAccumulatorPubInputIndices = std::array; -constexpr uint32_t IPA_CLAIM_SIZE = 6; +static constexpr uint32_t IPA_CLAIM_SIZE = 6; using IPAClaimIndices = std::array; using IPAClaimPubInputIndices = std::array; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index 9bd8ce5a3b2..a9422482854 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -145,10 +145,6 @@ ECCVMRecursiveVerifier_::verify_proof(const ECCVMProof& proof) const OpeningClaim batch_opening_claim = Shplonk::reduce_verification(key->pcs_verification_key->get_g1_identity(), opening_claims, transcript); - // // TODO(https://github.com/AztecProtocol/barretenberg/issues/1142): Handle this return value correctly. - // const typename PCS::VerifierAccumulator batched_opening_accumulator = - // PCS::reduce_verify(batch_opening_claim, ipa_transcript); - ASSERT(sumcheck_verified); return { batch_opening_claim, ipa_transcript }; } diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp index f1b85d97e1b..28b2c9ad8f6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/circuit_builder_base.hpp @@ -44,8 +44,6 @@ template class CircuitBuilderBase { IPAClaimPubInputIndices ipa_claim_public_input_indices; bool contains_ipa_claim = false; - uint32_t ipa_verifier_count = 0; - // We know from the CLI arguments during proving whether a circuit should use a prover which produces // proofs that are friendly to verify in a circuit themselves. A verifier does not need a full circuit // description and should be able to verify a proof with just the verification key and the proof. From b96488cb599ef5856455e16fdd5353f0dab54669 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 00:06:18 +0000 Subject: [PATCH 23/26] forgotten comment --- barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 672d0a3f2fa..d1358c436a2 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -31,7 +31,7 @@ template bool UltraVerifier_::verify_proof(const HonkP return fq(limb); }; - // Parse out the nested IPA claim using key->ipa_claim_public_input_indices + // Parse out the nested IPA claim using key->ipa_claim_public_input_indices and runs the native IPA verifier. if constexpr (HasIPAAccumulatorFlavor) { if (verification_key->verification_key->contains_ipa_claim) { OpeningClaim ipa_claim; From 0f35e51e3b089cb939727d155f6d3a86202868f5 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 00:32:22 +0000 Subject: [PATCH 24/26] try fixing verify_tube flow --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 7 ++++--- .../cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 7 +------ .../cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp | 6 +++++- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 462b8e96072..33b0fec3013 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -1136,14 +1136,15 @@ template bool verify_honk(const std::string& proof_path, { using VerificationKey = Flavor::VerificationKey; using Verifier = UltraVerifier_; - using VerifierCommitmentKey = bb::VerifierCommitmentKey; auto g2_data = get_bn254_g2_data(CRS_PATH); srs::init_crs_factory({}, g2_data); auto proof = from_buffer>(read_file(proof_path)); auto vk = std::make_shared(from_buffer(read_file(vk_path))); - vk->pcs_verification_key = std::make_shared(); - Verifier verifier{ vk }; + vk->pcs_verification_key = std::make_shared>(); + + auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); + Verifier verifier{ vk, ipa_verification_key }; bool verified = verifier.verify_proof(proof); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index d1358c436a2..820aeee03a6 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -49,13 +49,8 @@ template bool UltraVerifier_::verify_proof(const HonkP }; // verify the ipa_proof with this claim - auto crs_factory = std::make_shared>( - "../srs_db/grumpkin", (1 << CONST_ECCVM_LOG_N)); - auto grumpkin_verifier_commitment_key = - std::make_shared>((1 << CONST_ECCVM_LOG_N), crs_factory); auto ipa_transcript = std::make_shared(ipa_proof); - bool ipa_result = - IPA::reduce_verify(grumpkin_verifier_commitment_key, ipa_claim, ipa_transcript); + bool ipa_result = IPA::reduce_verify(ipa_verification_key, ipa_claim, ipa_transcript); if (!ipa_result) { return false; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index 70a3f415548..01b1ec5cc15 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -17,14 +17,18 @@ template class UltraVerifier_ { using DeciderVerifier = DeciderVerifier_; public: - explicit UltraVerifier_(const std::shared_ptr& verifier_key) + explicit UltraVerifier_( + const std::shared_ptr& verifier_key, + const std::shared_ptr>& ipa_verification_key = nullptr) : verification_key(std::make_shared(verifier_key)) + , ipa_verification_key(ipa_verification_key) {} bool verify_proof(const HonkProof& proof, const HonkProof& ipa_proof = {}); std::shared_ptr transcript{ nullptr }; std::shared_ptr verification_key; + std::shared_ptr> ipa_verification_key; }; using UltraVerifier = UltraVerifier_; From 790fa11456b3ee84a4f4e6f9c69d73123b70c166 Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 02:27:38 +0000 Subject: [PATCH 25/26] fix tests --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 11 +++++++++-- .../client_ivc_recursive_verifier.test.cpp | 3 ++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 33b0fec3013..369c00b4173 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -626,8 +626,9 @@ void prove_tube(const std::string& output_path) write_file(tubeAsFieldsVkPath, { data.begin(), data.end() }); info("Native verification of the tube_proof"); - Verifier tube_verifier(tube_verification_key); - bool verified = tube_verifier.verify_proof(tube_proof); + auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); + Verifier tube_verifier(tube_verification_key, ipa_verification_key); + bool verified = tube_verifier.verify_proof(tube_proof, builder->ipa_proof); info("Tube proof verification: ", verified); } @@ -1146,6 +1147,11 @@ template bool verify_honk(const std::string& proof_path, auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); Verifier verifier{ vk, ipa_verification_key }; + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1154): Remove this and pass in the IPA proof to the + // verifier. + if constexpr (HasIPAAccumulatorFlavor) { + vk->contains_ipa_claim = false; + } bool verified = verifier.verify_proof(proof); vinfo("verified: ", verified); @@ -1492,6 +1498,7 @@ int main(int argc, char* argv[]) std::string output_path = get_option(args, "-o", "./target"); auto tube_proof_path = output_path + "/proof"; auto tube_vk_path = output_path + "/vk"; + init_grumpkin_crs(1 << 16); return verify_honk(tube_proof_path, tube_vk_path) ? 0 : 1; } else if (command == "gates") { gateCount(bytecode_path, recursive, honk_recursion); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 9da1600ae8f..436e62b88a8 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -131,7 +131,8 @@ TEST_F(ClientIVCRecursionTests, ClientTubeBase) // Natively verify the tube proof auto native_vk = std::make_shared(proving_key->proving_key); - UltraVerifier native_verifier(native_vk); + auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); + UltraVerifier native_verifier(native_vk, ipa_verification_key); EXPECT_TRUE(native_verifier.verify_proof(native_tube_proof, tube_prover.proving_key->proving_key.ipa_proof)); // Construct a base rollup circuit that recursively verifies the tube proof. From 13de7efbb7f955de559789872b2da903c296e26c Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Tue, 19 Nov 2024 04:00:58 +0000 Subject: [PATCH 26/26] fix acir tests hopefully --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 369c00b4173..7648a9dbdbe 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -1144,14 +1144,16 @@ template bool verify_honk(const std::string& proof_path, auto vk = std::make_shared(from_buffer(read_file(vk_path))); vk->pcs_verification_key = std::make_shared>(); - auto ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); - Verifier verifier{ vk, ipa_verification_key }; - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1154): Remove this and pass in the IPA proof to the // verifier. + std::shared_ptr> ipa_verification_key = nullptr; if constexpr (HasIPAAccumulatorFlavor) { + init_grumpkin_crs(1 << 16); vk->contains_ipa_claim = false; + ipa_verification_key = std::make_shared>(1 << CONST_ECCVM_LOG_N); } + Verifier verifier{ vk, ipa_verification_key }; + bool verified = verifier.verify_proof(proof); vinfo("verified: ", verified); @@ -1498,7 +1500,6 @@ int main(int argc, char* argv[]) std::string output_path = get_option(args, "-o", "./target"); auto tube_proof_path = output_path + "/proof"; auto tube_vk_path = output_path + "/vk"; - init_grumpkin_crs(1 << 16); return verify_honk(tube_proof_path, tube_vk_path) ? 0 : 1; } else if (command == "gates") { gateCount(bytecode_path, recursive, honk_recursion);