refactor: share decider with ultra_prover (AztecProtocol#5467)

Call the decider prover in ultra_prover to avoid duplication of sumcheck/zeromorph rounds. Also removes the HonkProof& return types, which is unsafe.
zkpassport · May 17, 2024 · b3b7376 · b3b7376
1 parent 66a2d43
commit b3b7376
Show file tree

Hide file tree

Showing 15 changed files with 43 additions and 77 deletions.
diff --git a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp
@@ -3,6 +3,7 @@
 #include "barretenberg/benchmark/ultra_bench/mock_circuits.hpp"
 #include "barretenberg/common/op_count_google_bench.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 #include "barretenberg/ultra_honk/oink_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_prover.hpp"
 
@@ -53,10 +54,13 @@ BB_PROFILE static void test_round_inner(State& state, GoblinUltraProver& prover,
     time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { oink_prover.execute_grand_product_computation_round(); });
     time_if_index(GENERATE_ALPHAS, [&] { prover.instance->alphas = oink_prover.generate_alphas_round(); });
     // we need to get the relation_parameters and prover_polynomials from the oink_prover
-    prover.instance->proving_key = std::move(oink_prover.proving_key);
     prover.instance->relation_parameters = oink_prover.relation_parameters;
-    time_if_index(RELATION_CHECK, [&] { prover.execute_relation_check_rounds(); });
-    time_if_index(ZEROMORPH, [&] { prover.execute_zeromorph_rounds(); });
+
+    prover.generate_gate_challenges();
+
+    DeciderProver_<GoblinUltraFlavor> decider_prover(prover.instance, prover.transcript);
+    time_if_index(RELATION_CHECK, [&] { decider_prover.execute_relation_check_rounds(); });
+    time_if_index(ZEROMORPH, [&] { decider_prover.execute_zeromorph_rounds(); });
 }
 BB_PROFILE static void test_round(State& state, size_t index) noexcept
 {

diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp
@@ -2,11 +2,11 @@
 
 #include "barretenberg/goblin/goblin.hpp"
 #include "barretenberg/goblin/mock_circuits.hpp"
-#include "barretenberg/protogalaxy/decider_prover.hpp"
 #include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 
 namespace bb {
 

diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp
@@ -184,13 +184,13 @@ void ECCVMProver::execute_transcript_consistency_univariate_opening_round()
     translation_batching_challenge_v = transcript->template get_challenge<FF>("Translation:batching_challenge");
 }
 
-HonkProof& ECCVMProver::export_proof()
+HonkProof ECCVMProver::export_proof()
 {
     proof = transcript->export_proof();
     return proof;
 }
 
-HonkProof& ECCVMProver::construct_proof()
+HonkProof ECCVMProver::construct_proof()
 {
     BB_OP_COUNT_TIME_NAME("ECCVMProver::construct_proof");
 

diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp
@@ -37,8 +37,8 @@ class ECCVMProver {
     BB_PROFILE void execute_zeromorph_rounds();
     BB_PROFILE void execute_transcript_consistency_univariate_opening_round();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Transcript> transcript;
 

diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp
@@ -1,10 +1,10 @@
 #include "barretenberg/goblin/mock_circuits.hpp"
 #include "barretenberg/polynomials/pow.hpp"
-#include "barretenberg/protogalaxy/decider_prover.hpp"
 #include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/stdlib_circuit_builders/mock_circuits.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 
 #include <gtest/gtest.h>
 

diff --git a/...p/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.test.cpp b/...p/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.test.cpp
@@ -1,7 +1,6 @@
 #include "barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.hpp"
 #include "barretenberg/circuit_checker/circuit_checker.hpp"
 #include "barretenberg/common/test.hpp"
-#include "barretenberg/protogalaxy/decider_prover.hpp"
 #include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
@@ -11,6 +10,7 @@
 #include "barretenberg/stdlib/primitives/curves/bn254.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_verifier.hpp"
 

diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp
@@ -185,13 +185,13 @@ void GoblinTranslatorProver::execute_zeromorph_rounds()
                      key->polynomials.get_concatenation_groups());
 }
 
-HonkProof& GoblinTranslatorProver::export_proof()
+HonkProof GoblinTranslatorProver::export_proof()
 {
     proof = transcript->export_proof();
     return proof;
 }
 
-HonkProof& GoblinTranslatorProver::construct_proof()
+HonkProof GoblinTranslatorProver::construct_proof()
 {
     BB_OP_COUNT_TIME_NAME("GoblinTranslatorProver::construct_proof");
 

diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp
@@ -37,8 +37,8 @@ class GoblinTranslatorProver {
     BB_PROFILE void execute_grand_product_computation_round();
     BB_PROFILE void execute_relation_check_rounds();
     BB_PROFILE void execute_zeromorph_rounds();
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Transcript> transcript = std::make_shared<Transcript>();
 

diff --git a/...rretenberg/protogalaxy/decider_prover.cpp → ...arretenberg/ultra_honk/decider_prover.cpp b/...rretenberg/protogalaxy/decider_prover.cpp → ...arretenberg/ultra_honk/decider_prover.cpp
@@ -17,7 +17,7 @@ DeciderProver_<Flavor>::DeciderProver_(const std::shared_ptr<Instance>& inst,
                                        const std::shared_ptr<Transcript>& transcript)
     : accumulator(std::move(inst))
     , transcript(transcript)
-    , commitment_key(inst->proving_key.commitment_key)
+    , commitment_key(accumulator->proving_key.commitment_key)
 {}
 
 /**
@@ -49,13 +49,13 @@ template <IsUltraFlavor Flavor> void DeciderProver_<Flavor>::execute_zeromorph_r
                      transcript);
 }
 
-template <IsUltraFlavor Flavor> HonkProof& DeciderProver_<Flavor>::export_proof()
+template <IsUltraFlavor Flavor> HonkProof DeciderProver_<Flavor>::export_proof()
 {
     proof = transcript->proof_data;
     return proof;
 }
 
-template <IsUltraFlavor Flavor> HonkProof& DeciderProver_<Flavor>::construct_proof()
+template <IsUltraFlavor Flavor> HonkProof DeciderProver_<Flavor>::construct_proof()
 {
     BB_OP_COUNT_TIME_NAME("Decider::construct_proof");
 

diff --git a/...rretenberg/protogalaxy/decider_prover.hpp → ...arretenberg/ultra_honk/decider_prover.hpp b/...rretenberg/protogalaxy/decider_prover.hpp → ...arretenberg/ultra_honk/decider_prover.hpp
@@ -30,8 +30,8 @@ template <IsUltraFlavor Flavor> class DeciderProver_ {
     BB_PROFILE void execute_relation_check_rounds();
     BB_PROFILE void execute_zeromorph_rounds();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Instance> accumulator;
 

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/merge_verifier.cpp
@@ -17,7 +17,7 @@ MergeVerifier_<Flavor>::MergeVerifier_()
  * Schwartz-Zippel check. Evaluations are checked via batched KZG.
  *
  * @tparam Flavor
- * @return HonkProof&
+ * @return bool
  */
 template <typename Flavor> bool MergeVerifier_<Flavor>::verify_proof(const HonkProof& proof)
 {

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp
@@ -1,7 +1,7 @@
 #include "ultra_prover.hpp"
 #include "barretenberg/sumcheck/sumcheck.hpp"
+#include "barretenberg/ultra_honk/decider_prover.hpp"
 #include "barretenberg/ultra_honk/oink_prover.hpp"
-
 namespace bb {
 
 /**
@@ -32,64 +32,32 @@ UltraProver_<Flavor>::UltraProver_(Builder& circuit)
     , commitment_key(instance->proving_key.commitment_key)
 {}
 
-/**
- * @brief Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all evaluations at u being calculated.
- *
- */
-template <IsUltraFlavor Flavor> void UltraProver_<Flavor>::execute_relation_check_rounds()
+template <IsUltraFlavor Flavor> HonkProof UltraProver_<Flavor>::export_proof()
 {
-    using Sumcheck = SumcheckProver<Flavor>;
-    auto circuit_size = instance->proving_key.circuit_size;
-    auto sumcheck = Sumcheck(circuit_size, transcript);
-
-    std::vector<FF> gate_challenges(numeric::get_msb(circuit_size));
+    proof = transcript->proof_data;
+    return proof;
+}
+template <IsUltraFlavor Flavor> void UltraProver_<Flavor>::generate_gate_challenges()
+{
+    std::vector<FF> gate_challenges(numeric::get_msb(instance->proving_key.circuit_size));
     for (size_t idx = 0; idx < gate_challenges.size(); idx++) {
         gate_challenges[idx] = transcript->template get_challenge<FF>("Sumcheck:gate_challenge_" + std::to_string(idx));
     }
     instance->gate_challenges = gate_challenges;
-    sumcheck_output = sumcheck.prove(instance);
 }
 
-/**
- * @brief Execute the ZeroMorph protocol to prove the multilinear evaluations produced by Sumcheck
- * @details See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the unrolled protocol.
- *
- * */
-template <IsUltraFlavor Flavor> void UltraProver_<Flavor>::execute_zeromorph_rounds()
-{
-    ZeroMorph::prove(instance->proving_key.polynomials.get_unshifted(),
-                     instance->proving_key.polynomials.get_to_be_shifted(),
-                     sumcheck_output.claimed_evaluations.get_unshifted(),
-                     sumcheck_output.claimed_evaluations.get_shifted(),
-                     sumcheck_output.challenge,
-                     commitment_key,
-                     transcript);
-}
-
-template <IsUltraFlavor Flavor> HonkProof& UltraProver_<Flavor>::export_proof()
-{
-    proof = transcript->proof_data;
-    return proof;
-}
-
-template <IsUltraFlavor Flavor> HonkProof& UltraProver_<Flavor>::construct_proof()
+template <IsUltraFlavor Flavor> HonkProof UltraProver_<Flavor>::construct_proof()
 {
     OinkProver<Flavor> oink_prover(instance->proving_key, transcript);
     auto [proving_key, relation_params, alphas] = oink_prover.prove();
     instance->proving_key = std::move(proving_key);
-
     instance->relation_parameters = std::move(relation_params);
     instance->alphas = alphas;
 
-    // Fiat-Shamir: alpha
-    // Run sumcheck subprotocol.
-    execute_relation_check_rounds();
-
-    // Fiat-Shamir: rho, y, x, z
-    // Execute Zeromorph multilinear PCS
-    execute_zeromorph_rounds();
+    generate_gate_challenges();
 
-    return export_proof();
+    DeciderProver_<Flavor> decider_prover(instance, transcript);
+    return decider_prover.construct_proof();
 }
 
 template class UltraProver_<UltraFlavor>;

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp
@@ -43,16 +43,10 @@ template <IsUltraFlavor Flavor_> class UltraProver_ {
 
     explicit UltraProver_(Builder&);
 
-    BB_PROFILE void execute_preamble_round();
-    BB_PROFILE void execute_wire_commitments_round();
-    BB_PROFILE void execute_sorted_list_accumulator_round();
-    BB_PROFILE void execute_log_derivative_inverse_round();
-    BB_PROFILE void execute_grand_product_computation_round();
-    BB_PROFILE void execute_relation_check_rounds();
-    BB_PROFILE void execute_zeromorph_rounds();
+    BB_PROFILE void generate_gate_challenges();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
   private:
     HonkProof proof;

diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp
@@ -750,13 +750,13 @@ void AvmProver::execute_zeromorph_rounds()
                      transcript);
 }
 
-HonkProof& AvmProver::export_proof()
+HonkProof AvmProver::export_proof()
 {
     proof = transcript->proof_data;
     return proof;
 }
 
-HonkProof& AvmProver::construct_proof()
+HonkProof AvmProver::construct_proof()
 {
     // Add circuit size public input size and public inputs to transcript.
     execute_preamble_round();

diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp
@@ -32,8 +32,8 @@ class AvmProver {
     void execute_relation_check_rounds();
     void execute_zeromorph_rounds();
 
-    HonkProof& export_proof();
-    HonkProof& construct_proof();
+    HonkProof export_proof();
+    HonkProof construct_proof();
 
     std::shared_ptr<Transcript> transcript = std::make_shared<Transcript>();