From d5178771ca1afcde69b6cca42eca610c409e61eb Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Fri, 27 Sep 2024 22:12:09 +0000 Subject: [PATCH 01/10] feat: add shplemini transcript --- barretenberg/sol/src/honk/HonkTypes.sol | 4 + barretenberg/sol/src/honk/Transcript.sol | 118 +++++++++++++++++++++-- barretenberg/sol/src/honk/utils.sol | 5 + 3 files changed, 119 insertions(+), 8 deletions(-) diff --git a/barretenberg/sol/src/honk/HonkTypes.sol b/barretenberg/sol/src/honk/HonkTypes.sol index 180b163271f2..1d96f8c478e9 100644 --- a/barretenberg/sol/src/honk/HonkTypes.sol +++ b/barretenberg/sol/src/honk/HonkTypes.sol @@ -136,5 +136,9 @@ library Honk { // Sumcheck Fr[BATCHED_RELATION_PARTIAL_LENGTH][CONST_PROOF_SIZE_LOG_N] sumcheckUnivariates; Fr[NUMBER_OF_ENTITIES] sumcheckEvaluations; + // Gemini + Honk.G1ProofPoint[CONST_PROOF_SIZE_LOG_N] geminiFoldUnivariates; + Fr[CONST_PROOF_SIZE_LOG_N] geminiAEvaluations; + Honk.G1ProofPoint shplonkQ; } } diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index 70ac62341581..39e49accce64 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -19,7 +19,11 @@ struct Transcript { Fr[NUMBER_OF_ALPHAS] alphas; Fr[CONST_PROOF_SIZE_LOG_N] gateChallenges; Fr[CONST_PROOF_SIZE_LOG_N] sumCheckUChallenges; - // Fr rho; + // Gemini + Fr rho; + Fr geminiR; + Fr shplonkNu; + Fr shplonkZ; // Derived Fr publicInputsDelta; } @@ -40,7 +44,14 @@ library TranscriptLib { (t.gateChallenges, previousChallenge) = generateGateChallenges(previousChallenge); (t.sumCheckUChallenges, previousChallenge) = generateSumcheckChallenges(proof, previousChallenge); - // (t.rho, previousChallenge) = generateRhoChallenge(proof, previousChallenge); + + (t.rho, previousChallenge) = generateRhoChallenge(proof, previousChallenge); + + (t.geminiR, previousChallenge) = generateGeminiRChallenge(proof, previousChallenge); + + (t.shplonkNu, previousChallenge) = generateShplonkNuChallenge(proof, previousChallenge); + + (t.shplonkZ, previousChallenge) = generateShplonkZChallenge(proof, previousChallenge); return t; } @@ -196,6 +207,62 @@ library TranscriptLib { (rho, unused) = splitChallenge(nextPreviousChallenge); } + function generateGeminiRChallenge(Honk.Proof memory proof, Fr prevChallenge) + internal + view + returns (Fr geminiR, Fr nextPreviousChallenge) + { + uint256[(CONST_PROOF_SIZE_LOG_N - 1) * 4 + 1] memory gR; + gR[0] = Fr.unwrap(prevChallenge); + + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; i++) { + gR[1 + i * 4] = proof.geminiFoldUnivariates[i].x_0; + gR[2 + i * 4] = proof.geminiFoldUnivariates[i].x_1; + gR[3 + i * 4] = proof.geminiFoldUnivariates[i].y_0; + gR[4 + i * 4] = proof.geminiFoldUnivariates[i].y_1; + } + + nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(gR))); + Fr unused; + (geminiR, unused) = splitChallenge(nextPreviousChallenge); + } + + function generateShplonkNuChallenge(Honk.Proof memory proof, Fr prevChallenge) + internal + view + returns (Fr shplonkNu, Fr nextPreviousChallenge) + { + uint256[(CONST_PROOF_SIZE_LOG_N) + 1] memory shplonkNuChallengeElements; + shplonkNuChallengeElements[0] = Fr.unwrap(prevChallenge); + + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; i++) { + shplonkNuChallengeElements[i + 1] = Fr.unwrap(proof.geminiAEvaluations[i]); + } + + nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(shplonkNuChallengeElements))); + Fr unused; + (shplonkNu, unused) = splitChallenge(nextPreviousChallenge); + logFr("shplonkNu", shplonkNu); + } + + function generateShplonkZChallenge(Honk.Proof memory proof, Fr prevChallenge) + internal + view + returns (Fr shplonkZ, Fr nextPreviousChallenge) + { + uint256[5] memory shplonkZChallengeElements; + shplonkZChallengeElements[0] = Fr.unwrap(prevChallenge); + + shplonkZChallengeElements[1] = proof.shplonkQ.x_0; + shplonkZChallengeElements[2] = proof.shplonkQ.x_1; + shplonkZChallengeElements[3] = proof.shplonkQ.y_0; + shplonkZChallengeElements[4] = proof.shplonkQ.y_1; + + nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(shplonkZChallengeElements))); + Fr unused; + (shplonkZ, unused) = splitChallenge(nextPreviousChallenge); + } + // TODO: mod q proof points // TODO: Preprocess all of the memory locations // TODO: Adjust proof point serde away from poseidon forced field elements @@ -287,12 +354,47 @@ library TranscriptLib { } boundary = boundary + (NUMBER_OF_ENTITIES * 0x20); - // p.zmPi = Honk.G1ProofPoint({ - // x_0: uint256(bytes32(proof[boundary + 0x80:boundary + 0xa0])), - // x_1: uint256(bytes32(proof[boundary + 0xa0:boundary + 0xc0])), - // y_0: uint256(bytes32(proof[boundary + 0xc0:boundary + 0xe0])), - // y_1: uint256(bytes32(proof[boundary + 0xe0:boundary + 0x100])) - // }); + + // Gemini + // Read gemini fold univariates + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; i++) { + uint256 xStart = boundary + (i * 0x80); + uint256 xEnd = xStart + 0x20; + + uint256 x1Start = xEnd; + uint256 x1End = x1Start + 0x20; + + uint256 yStart = x1End; + uint256 yEnd = yStart + 0x20; + + uint256 y1Start = yEnd; + uint256 y1End = y1Start + 0x20; + p.geminiFoldUnivariates[i] = Honk.G1ProofPoint({ + x_0: uint256(bytes32(proof[xStart:xEnd])), + x_1: uint256(bytes32(proof[x1Start:x1End])), + y_0: uint256(bytes32(proof[yStart:yEnd])), + y_1: uint256(bytes32(proof[y1Start:y1End])) + }); + } + + boundary = boundary + ((CONST_PROOF_SIZE_LOG_N - 1) * 0x80); + + // Read gemini a evaluations + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; i++) { + uint256 start = boundary + (i * 0x20); + uint256 end = start + 0x20; + p.geminiAEvaluations[i] = FrLib.fromBytes32(bytes32(proof[start:end])); + } + + boundary = boundary + (CONST_PROOF_SIZE_LOG_N * 0x20); + + // Shplonk + p.shplonkQ = Honk.G1ProofPoint({ + x_0: uint256(bytes32(proof[boundary:boundary + 0x20])), + x_1: uint256(bytes32(proof[boundary + 0x20:boundary + 0x40])), + y_0: uint256(bytes32(proof[boundary + 0x40:boundary + 0x60])), + y_1: uint256(bytes32(proof[boundary + 0x60:boundary + 0x80])) + }); return p; } diff --git a/barretenberg/sol/src/honk/utils.sol b/barretenberg/sol/src/honk/utils.sol index 15d5e9b7b678..dc70597d1b61 100644 --- a/barretenberg/sol/src/honk/utils.sol +++ b/barretenberg/sol/src/honk/utils.sol @@ -55,6 +55,11 @@ function logUint(string memory name, uint256 value) pure { console2.log(name, as_hex); } +function logUint(string memory name, uint256 i, uint256 value) pure { + string memory as_hex = bytes32ToString(bytes32(value)); + console2.log(name, i, as_hex); +} + function logFr(string memory name, Fr value) pure { string memory as_hex = bytes32ToString(bytes32(Fr.unwrap(value))); console2.log(name, as_hex); From a838f127cf8cf775fcd16c5ceb746ab53e947401 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Fri, 27 Sep 2024 23:34:38 +0000 Subject: [PATCH 02/10] feat: shplemini verification --- barretenberg/sol/src/honk/Fr.sol | 16 ++ barretenberg/sol/src/honk/HonkTypes.sol | 1 + barretenberg/sol/src/honk/Transcript.sol | 10 + .../sol/src/honk/instance/BlakeHonk.sol | 239 ++++++++++++++---- 4 files changed, 214 insertions(+), 52 deletions(-) diff --git a/barretenberg/sol/src/honk/Fr.sol b/barretenberg/sol/src/honk/Fr.sol index aeeebb0f2add..803e193baf1d 100644 --- a/barretenberg/sol/src/honk/Fr.sol +++ b/barretenberg/sol/src/honk/Fr.sol @@ -82,6 +82,22 @@ library FrLib { function div(Fr numerator, Fr denominator) internal view returns (Fr) { return numerator * invert(denominator); } + + function sqr(Fr value) internal view returns (Fr) { + return value * value; + } + + function unwrap(Fr value) internal pure returns (uint256) { + return Fr.unwrap(value); + } + + function ZERO() internal pure returns (Fr) { + return Fr.wrap(0); + } + + function ONE() internal pure returns (Fr) { + return Fr.wrap(1); + } } // Free functions diff --git a/barretenberg/sol/src/honk/HonkTypes.sol b/barretenberg/sol/src/honk/HonkTypes.sol index 1d96f8c478e9..23633bfa6172 100644 --- a/barretenberg/sol/src/honk/HonkTypes.sol +++ b/barretenberg/sol/src/honk/HonkTypes.sol @@ -140,5 +140,6 @@ library Honk { Honk.G1ProofPoint[CONST_PROOF_SIZE_LOG_N] geminiFoldUnivariates; Fr[CONST_PROOF_SIZE_LOG_N] geminiAEvaluations; Honk.G1ProofPoint shplonkQ; + Honk.G1ProofPoint kzgQuotient; } } diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index 39e49accce64..506bc3e7c570 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -396,6 +396,16 @@ library TranscriptLib { y_1: uint256(bytes32(proof[boundary + 0x60:boundary + 0x80])) }); + boundary = boundary + 0x80; + + // KZG + p.kzgQuotient = Honk.G1ProofPoint({ + x_0: uint256(bytes32(proof[boundary:boundary + 0x20])), + x_1: uint256(bytes32(proof[boundary + 0x20:boundary + 0x40])), + y_0: uint256(bytes32(proof[boundary + 0x40:boundary + 0x60])), + y_1: uint256(bytes32(proof[boundary + 0x60:boundary + 0x80])) + }); + return p; } } diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index 4c40fc2337b5..1d04723bcdc0 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -12,6 +12,7 @@ import { NUMBER_OF_SUBRELATIONS, NUMBER_OF_ALPHAS, NUMBER_UNSHIFTED, + NUMBER_TO_BE_SHIFTED, BATCHED_RELATION_PARTIAL_LENGTH, CONST_PROOF_SIZE_LOG_N } from "../HonkTypes.sol"; @@ -28,6 +29,7 @@ import {RelationsLib} from "../Relations.sol"; // Errors error PublicInputsLengthWrong(); error SumcheckFailed(); +error ShpleminiFailed(); /// Smart contract verifier of honk proofs contract BlakeHonkVerifier is IVerifier { @@ -50,7 +52,10 @@ contract BlakeHonkVerifier is IVerifier { bool sumcheckVerified = verifySumcheck(p, t); if (!sumcheckVerified) revert SumcheckFailed(); - return sumcheckVerified; // Boolean condition not required - nice for vanity :) + bool shpleminiVerified = verifyShplemini(p, t); + if (!shpleminiVerified) revert ShpleminiFailed(); + + return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) } function loadVerificationKey() internal view returns (Honk.VerificationKey memory) { @@ -182,58 +187,190 @@ contract BlakeHonkVerifier is IVerifier { pure returns (Fr newEvaluation) { - Fr univariateEval = Fr.wrap(1) + (roundChallenge * (tp.gateChallenges[round] - Fr.wrap(1))); + Fr univariateEval = Fr.ONE() + (roundChallenge * (tp.gateChallenges[round] - Fr.ONE())); newEvaluation = currentEvaluation * univariateEval; } - // TODO: TODO: TODO: optimize - // Scalar Mul and acumulate into total - function batchMul(Honk.G1Point[LOG_N + 1] memory base, Fr[LOG_N + 1] memory scalars) + function verifyShplemini(Honk.Proof memory proof, Transcript memory tp) internal view returns (bool verified) { + Fr[CONST_PROOF_SIZE_LOG_N] memory squares = computeSquares(tp.rChallenge); + + + // Remember to convert this from a proof point + // Honk.G1Point[CONST_PROOF_SIZE_LOG_N + 1] memory commitments; + // TODO: check size of scalars + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory scalars; + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory commitments; + + + + + Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals = + computeInvertedGeminiDenominators(tp, squares); + + Fr unshifted_scalar = inverse_vanishing_evals[0] + (tp.shplonkZ * inverse_vanishing_evals[1]); + Fr shifted_scalar = tp.geminiR.invert() * (inverse_vanishing_evals[0] - (tp.shplonkZ * inverse_vanishing_evals[1])); + + scalars[0] = Fr.ONE(); + commitments[0] = convertProofPoint(proof.shplonkQ); + + // Batch multivariate opening claims + Fr batchingChallenge = Fr.ONE(); + Fr batchedEvaluation = Fr.ZERO(); + for (uint256 i = 1; i <= NUMBER_UNSHIFTED; ++i) { + scalars[i] = -unshiftedScalar * batchingChallenge; + batchingChallenge = batchingChallenge * tp.rho; + batchedEvaluation += proof.sumcheckEvaluations[i] * batchingChallenge; + } + // g commitments are accumulated at r + for (uint256 i = NUMBER_UNSHIFTED + 1; i <= NUMBER_OF_ENTITIES; ++i) { + scalars[i] = -shiftedScalar * batchingChallenge; + batchingChallenge = batchingChallenge * tp.rho; + batchedEvaluation += proof.sumcheckEvaluations[i] * batchingChallenge; + } + + commitments[1] = vk.qm; + commitments[2] = vk.qc; + commitments[3] = vk.ql; + commitments[4] = vk.qr; + commitments[5] = vk.qo; + commitments[6] = vk.q4; + commitments[7] = vk.qArith; + commitments[8] = vk.qDeltaRange; + commitments[9] = vk.qElliptic; + commitments[10] = vk.qAux; + commitments[11] = vk.qLookup; + commitments[12] = vk.qPoseidon2External; + commitments[13] = vk.qPoseidon2Internal; + commitments[14] = vk.s1; + commitments[15] = vk.s2; + commitments[16] = vk.s3; + commitments[17] = vk.s4; + commitments[18] = vk.id1; + commitments[19] = vk.id2; + commitments[20] = vk.id3; + commitments[21] = vk.id4; + commitments[22] = vk.t1; + commitments[23] = vk.t2; + commitments[24] = vk.t3; + commitments[25] = vk.t4; + commitments[26] = vk.lagrangeFirst; + commitments[27] = vk.lagrangeLast; + + // Accumulate proof points + commitments[28] = convertProofPoint(proof.w1); + commitments[29] = convertProofPoint(proof.w2); + commitments[30] = convertProofPoint(proof.w3); + commitments[31] = convertProofPoint(proof.w4); + commitments[32] = convertProofPoint(proof.zPerm); + commitments[33] = convertProofPoint(proof.lookupInverses); + commitments[34] = convertProofPoint(proof.lookupReadCounts); + commitments[35] = convertProofPoint(proof.lookupReadTags); + + // to be Shifted + commitments[36] = vk.t1; + commitments[37] = vk.t2; + commitments[38] = vk.t3; + commitments[39] = vk.t4; + commitments[40] = convertProofPoint(proof.w1); + commitments[41] = convertProofPoint(proof.w2); + commitments[42] = convertProofPoint(proof.w3); + commitments[43] = convertProofPoint(proof.w4); + commitments[44] = convertProofPoint(proof.zPerm); + + + // Batch gemini claims from the prover + Fr constant_term_accumulator = Fr.ZERO(); + batchingChallenge = tp.shplonkNu.sqr(); + + for (uint256 i; i < CONST_PROOF_SIZE_LOG_N; ++i) { + bool dummy_round = i >= LOG_N; + + Fr scalingFactor = 0; + if (!dummy_round) { + scaling_factor = batchingChallenge * inverse_vanishing_evals[i + 2]; + } + + constant_term_accumulator += scaling_factor * proof.geminiAEvaluations[i + 1]; + batchingChallenge = batchingChallenge * tp.shplonkNu; + + scalars[NUMBER_OF_ENTITIES + 1 + i] = -scalingFactor; + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); + } + + // Compute evaluation A₀(r) + Fr a_0_pos = computeGeminiBatchedUnivariateEvaluation(tp, constant_term_accumulator, proof.geminiAEvaluations, squares); + + constant_term_accumulator += a_0_pos * inverse_vanishing_evals[0]; + constant_term_accumulator += proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]; + + // Finalise the batch opening claim + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = Honk.G1Point({x: 1, y: 2}); + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = constant_term_accumulator; + + // TODO: put below into the reduce verify function + Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] = quotient_commitment; + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] = tp.shplonkZ; // evaluation challenge + + Honk.G1Point memory P_0 = batchMul(commitments, scalars); + Honk.G1Point memory P_1 = negateInplace(quotient_commitment); + + return pairing(P_0, P_1); + } + + function computeSquares(Fr r) internal view returns (Fr[CONST_PROOF_SIZE_LOG_N] memory squares) { + squares[0] = r; + for (uint256 i = 1; i < CONST_PROOF_SIZE_LOG_N; ++i) { + squares[i] = squares[i - 1].sqr(); + } + } + + function computeInvertedGeminiDenominators(Transcript memory tp, Fr[CONST_PROOF_SIZE_LOG_N] memory eval_challenge_powers) internal view - returns (Honk.G1Point memory result) + returns (Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals) { - uint256 limit = LOG_N + 1; - assembly { - let success := 0x01 - let free := mload(0x40) + Fr eval_challenge = tp.shplonkZ; + inverse_vanishing_evals[0] = (eval_challenge - eval_challenge_powers[0]).invert(); - // Write the original into the accumulator - // Load into memory forecMUL, leave offset foreccAdd result - // base is an array of pointers, so we have to dereference them - mstore(add(free, 0x40), mload(mload(base))) - mstore(add(free, 0x60), mload(add(0x20, mload(base)))) - // Add scalar - mstore(add(free, 0x80), mload(scalars)) - success := and(success, staticcall(gas(), 7, add(free, 0x40), 0x60, free, 0x40)) + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N + 1; ++i) { + Fr round_inverted_denominator = 0; + if (i < LOG_N + 1) { + round_inverted_denominator = (eval_challenge + eval_challenge_powers[i]).invert(); + } + inverse_vanishing_evals[i] = round_inverted_denominator; + } + } - let count := 0x01 + function computeGeminiBatchedUnivariateEvaluation(Transcript memory tp, Fr batched_evaluation_accumulator, Fr[CONST_PROOF_SIZE_LOG_N] memory gemini_evaluations, Fr[CONST_PROOF_SIZE_LOG_N] memory gemini_eval_challenge_powers) internal view returns (Fr a_0_pos) { - for {} lt(count, limit) { count := add(count, 1) } { - // Get loop offsets - let base_base := add(base, mul(count, 0x20)) - let scalar_base := add(scalars, mul(count, 0x20)) + for (uint256 i = CONST_PROOF_SIZE_LOG_N; i > 0; --i) { + Fr challenge_power = gemini_eval_challenge_powers[i - 1]; + Fr u = tp.sumCheckUChallenges[i - 1]; + Fr eval_neg = gemini_evaluations[i - 1]; - mstore(add(free, 0x40), mload(mload(base_base))) - mstore(add(free, 0x60), mload(add(0x20, mload(base_base)))) - // Add scalar - mstore(add(free, 0x80), mload(scalar_base)) + Fr batched_eval_round_acc = + ((challenge_power * batched_eval_accumulator * 2) - eval_neg * (challenge_power * (Fr.ONE() - u) - u)); + // Divide by the denominator + batched_eval_round_acc *= (challenge_power * (Fr.ONE() - u) + u).invert(); - success := and(success, staticcall(gas(), 7, add(free, 0x40), 0x60, add(free, 0x40), 0x40)) - success := and(success, staticcall(gas(), 6, free, 0x80, free, 0x40)) + bool is_dummy_round = (i > LOG_N); + if (!is_dummy_round) { + batched_eval_accumulator = batched_eval_round_acc; } - - mstore(result, mload(free)) - mstore(add(result, 0x20), mload(add(free, 0x20))) } + + a_0_pos =batched_eval_accumulator; } + // This implementation is the same as above with different constants - function batchMul2( - Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory base, - Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory scalars + function batchMul( + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory base, + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars ) internal view returns (Honk.G1Point memory result) { - uint256 limit = NUMBER_OF_ENTITIES + LOG_N + 1; + uint256 limit = NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2; assembly { let success := 0x01 let free := mload(0x40) @@ -269,26 +406,24 @@ contract BlakeHonkVerifier is IVerifier { } } - // function kzgReduceVerify( - // Honk.Proof memory proof, - // Transcript memory tp, - // Fr evaluation, - // Honk.G1Point memory commitment - // ) internal view returns (bool) { - // Honk.G1Point memory quotient_commitment = convertProofPoint(proof.zmPi); - // Honk.G1Point memory ONE = Honk.G1Point({x: 1, y: 2}); + function kzgReduceVerify( + Honk.Proof memory proof, + Transcript memory tp, + Fr evaluation, + Honk.G1Point memory commitment + ) internal view returns (bool) { + Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + Honk.G1Point memory ONE = Honk.G1Point({x: 1, y: 2}); - // Honk.G1Point memory P0 = commitment; - // P0 = ecAdd(P0, ecMul(quotient_commitment, tp.zmX)); - // Honk.G1Point memory evalAsPoint = ecMul(ONE, evaluation); - // P0 = ecSub(P0, evalAsPoint); + Honk.G1Point memory evalAsPoint = ecMul(ONE, evaluation); + P0 = ecSub(P0, evalAsPoint); - // Honk.G1Point memory P1 = negateInplace(quotient_commitment); + Honk.G1Point memory P1 = negateInplace(quotient_commitment); - // // Perform pairing check - // return pairing(P0, P1); - // } + // Perform pairing check + return pairing(P0, P1); + } function pairing(Honk.G1Point memory rhs, Honk.G1Point memory lhs) internal view returns (bool) { bytes memory input = abi.encodePacked( From cb1be8a48005675e9ef79e48075ec932f00f636d Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 28 Sep 2024 01:06:20 +0000 Subject: [PATCH 03/10] feat: shplemini --- barretenberg/sol/src/honk/Fr.sol | 10 +- barretenberg/sol/src/honk/Transcript.sol | 1 - .../sol/src/honk/instance/BlakeHonk.sol | 156 +++++++++--------- barretenberg/sol/src/honk/utils.sol | 4 +- 4 files changed, 84 insertions(+), 87 deletions(-) diff --git a/barretenberg/sol/src/honk/Fr.sol b/barretenberg/sol/src/honk/Fr.sol index 803e193baf1d..58291c2b3585 100644 --- a/barretenberg/sol/src/honk/Fr.sol +++ b/barretenberg/sol/src/honk/Fr.sol @@ -83,7 +83,7 @@ library FrLib { return numerator * invert(denominator); } - function sqr(Fr value) internal view returns (Fr) { + function sqr(Fr value) internal pure returns (Fr) { return value * value; } @@ -91,12 +91,8 @@ library FrLib { return Fr.unwrap(value); } - function ZERO() internal pure returns (Fr) { - return Fr.wrap(0); - } - - function ONE() internal pure returns (Fr) { - return Fr.wrap(1); + function neg(Fr value) internal pure returns (Fr) { + return Fr.wrap(MODULUS - Fr.unwrap(value)); } } diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index 506bc3e7c570..15e2a2b6d1c2 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -242,7 +242,6 @@ library TranscriptLib { nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(shplonkNuChallengeElements))); Fr unused; (shplonkNu, unused) = splitChallenge(nextPreviousChallenge); - logFr("shplonkNu", shplonkNu); } function generateShplonkZChallenge(Honk.Proof memory proof, Fr prevChallenge) diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index 1d04723bcdc0..d9ec3f4ea4a5 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -33,6 +33,8 @@ error ShpleminiFailed(); /// Smart contract verifier of honk proofs contract BlakeHonkVerifier is IVerifier { + using FrLib for Fr; + function verify(bytes calldata proof, bytes32[] calldata publicInputs) public view override returns (bool) { Honk.VerificationKey memory vk = loadVerificationKey(); Honk.Proof memory p = TranscriptLib.loadProof(proof); @@ -52,7 +54,7 @@ contract BlakeHonkVerifier is IVerifier { bool sumcheckVerified = verifySumcheck(p, t); if (!sumcheckVerified) revert SumcheckFailed(); - bool shpleminiVerified = verifyShplemini(p, t); + bool shpleminiVerified = verifyShplemini(p, vk, t); if (!shpleminiVerified) revert ShpleminiFailed(); return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) @@ -187,45 +189,58 @@ contract BlakeHonkVerifier is IVerifier { pure returns (Fr newEvaluation) { - Fr univariateEval = Fr.ONE() + (roundChallenge * (tp.gateChallenges[round] - Fr.ONE())); + Fr univariateEval = Fr.wrap(1) + (roundChallenge * (tp.gateChallenges[round] - Fr.wrap(1))); newEvaluation = currentEvaluation * univariateEval; } - function verifyShplemini(Honk.Proof memory proof, Transcript memory tp) internal view returns (bool verified) { - Fr[CONST_PROOF_SIZE_LOG_N] memory squares = computeSquares(tp.rChallenge); + // Stack too deeps + struct REE { + Fr unshiftedScalar; + Fr shiftedScalar; + Fr constantTermAccumulator; + Fr batchingChallenge; + Fr batchedEvaluation; + } + function verifyShplemini(Honk.Proof memory proof, Honk.VerificationKey memory vk, Transcript memory tp) + internal + view + returns (bool verified) + { + REE memory r; // stack + + Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); // Remember to convert this from a proof point // Honk.G1Point[CONST_PROOF_SIZE_LOG_N + 1] memory commitments; // TODO: check size of scalars - Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory scalars; - Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory commitments; - - - + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars; + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory commitments; Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals = - computeInvertedGeminiDenominators(tp, squares); + computeInvertedGeminiDenominators(tp, powers_of_evaluation_challenge); - Fr unshifted_scalar = inverse_vanishing_evals[0] + (tp.shplonkZ * inverse_vanishing_evals[1]); - Fr shifted_scalar = tp.geminiR.invert() * (inverse_vanishing_evals[0] - (tp.shplonkZ * inverse_vanishing_evals[1])); + r.unshiftedScalar = inverse_vanishing_evals[0] + (tp.shplonkNu * inverse_vanishing_evals[1]); + r.shiftedScalar = + tp.geminiR.invert() * (inverse_vanishing_evals[0] - (tp.shplonkNu * inverse_vanishing_evals[1])); - scalars[0] = Fr.ONE(); + scalars[0] = Fr.wrap(1); commitments[0] = convertProofPoint(proof.shplonkQ); // Batch multivariate opening claims - Fr batchingChallenge = Fr.ONE(); - Fr batchedEvaluation = Fr.ZERO(); - for (uint256 i = 1; i <= NUMBER_UNSHIFTED; ++i) { - scalars[i] = -unshiftedScalar * batchingChallenge; - batchingChallenge = batchingChallenge * tp.rho; - batchedEvaluation += proof.sumcheckEvaluations[i] * batchingChallenge; + r.batchingChallenge = Fr.wrap(1); + r.batchedEvaluation = Fr.wrap(0); + + for (uint256 i = 1; i <= NUMBER_UNSHIFTED; ++i) { + scalars[i] = r.unshiftedScalar.neg() * r.batchingChallenge; + r.batchedEvaluation = r.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * r.batchingChallenge); + r.batchingChallenge = r.batchingChallenge * tp.rho; } // g commitments are accumulated at r for (uint256 i = NUMBER_UNSHIFTED + 1; i <= NUMBER_OF_ENTITIES; ++i) { - scalars[i] = -shiftedScalar * batchingChallenge; - batchingChallenge = batchingChallenge * tp.rho; - batchedEvaluation += proof.sumcheckEvaluations[i] * batchingChallenge; + scalars[i] = r.shiftedScalar.neg() * r.batchingChallenge; + r.batchedEvaluation = r.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * r.batchingChallenge); + r.batchingChallenge = r.batchingChallenge * tp.rho; } commitments[1] = vk.qm; @@ -277,41 +292,43 @@ contract BlakeHonkVerifier is IVerifier { commitments[43] = convertProofPoint(proof.w4); commitments[44] = convertProofPoint(proof.zPerm); - // Batch gemini claims from the prover - Fr constant_term_accumulator = Fr.ZERO(); - batchingChallenge = tp.shplonkNu.sqr(); + r.constantTermAccumulator = Fr.wrap(0); + r.batchingChallenge = tp.shplonkNu.sqr(); - for (uint256 i; i < CONST_PROOF_SIZE_LOG_N; ++i) { - bool dummy_round = i >= LOG_N; + for (uint256 i; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + bool dummy_round = i >= (LOG_N - 1); - Fr scalingFactor = 0; + Fr scalingFactor = Fr.wrap(0); if (!dummy_round) { - scaling_factor = batchingChallenge * inverse_vanishing_evals[i + 2]; + scalingFactor = r.batchingChallenge * inverse_vanishing_evals[i + 2]; + scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); } - constant_term_accumulator += scaling_factor * proof.geminiAEvaluations[i + 1]; - batchingChallenge = batchingChallenge * tp.shplonkNu; + r.constantTermAccumulator = r.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + r.batchingChallenge = r.batchingChallenge * tp.shplonkNu; - scalars[NUMBER_OF_ENTITIES + 1 + i] = -scalingFactor; commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); } // Compute evaluation A₀(r) - Fr a_0_pos = computeGeminiBatchedUnivariateEvaluation(tp, constant_term_accumulator, proof.geminiAEvaluations, squares); + Fr a_0_pos = computeGeminiBatchedUnivariateEvaluation( + tp, r.batchedEvaluation, proof.geminiAEvaluations, powers_of_evaluation_challenge + ); - constant_term_accumulator += a_0_pos * inverse_vanishing_evals[0]; - constant_term_accumulator += proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]; + r.constantTermAccumulator = r.constantTermAccumulator + (a_0_pos * inverse_vanishing_evals[0]); + r.constantTermAccumulator = + r.constantTermAccumulator + (proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]); // Finalise the batch opening claim - commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = Honk.G1Point({x: 1, y: 2}); - scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = constant_term_accumulator; + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = r.constantTermAccumulator; // TODO: put below into the reduce verify function Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); - commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] = quotient_commitment; - scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] = tp.shplonkZ; // evaluation challenge + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = tp.shplonkZ; // evaluation challenge Honk.G1Point memory P_0 = batchMul(commitments, scalars); Honk.G1Point memory P_1 = negateInplace(quotient_commitment); @@ -326,45 +343,49 @@ contract BlakeHonkVerifier is IVerifier { } } - function computeInvertedGeminiDenominators(Transcript memory tp, Fr[CONST_PROOF_SIZE_LOG_N] memory eval_challenge_powers) - internal - view - returns (Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals) - { + function computeInvertedGeminiDenominators( + Transcript memory tp, + Fr[CONST_PROOF_SIZE_LOG_N] memory eval_challenge_powers + ) internal view returns (Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals) { Fr eval_challenge = tp.shplonkZ; inverse_vanishing_evals[0] = (eval_challenge - eval_challenge_powers[0]).invert(); - for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N + 1; ++i) { - Fr round_inverted_denominator = 0; - if (i < LOG_N + 1) { + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Fr round_inverted_denominator = Fr.wrap(0); + if (i <= LOG_N + 1) { round_inverted_denominator = (eval_challenge + eval_challenge_powers[i]).invert(); } - inverse_vanishing_evals[i] = round_inverted_denominator; + inverse_vanishing_evals[i + 1] = round_inverted_denominator; } } - function computeGeminiBatchedUnivariateEvaluation(Transcript memory tp, Fr batched_evaluation_accumulator, Fr[CONST_PROOF_SIZE_LOG_N] memory gemini_evaluations, Fr[CONST_PROOF_SIZE_LOG_N] memory gemini_eval_challenge_powers) internal view returns (Fr a_0_pos) { - + function computeGeminiBatchedUnivariateEvaluation( + Transcript memory tp, + Fr batchedEvalAccumulator, + Fr[CONST_PROOF_SIZE_LOG_N] memory geminiEvaluations, + Fr[CONST_PROOF_SIZE_LOG_N] memory geminiEvalChallengePowers + ) internal view returns (Fr a_0_pos) { for (uint256 i = CONST_PROOF_SIZE_LOG_N; i > 0; --i) { - Fr challenge_power = gemini_eval_challenge_powers[i - 1]; + Fr challengePower = geminiEvalChallengePowers[i - 1]; Fr u = tp.sumCheckUChallenges[i - 1]; - Fr eval_neg = gemini_evaluations[i - 1]; + Fr evalNeg = geminiEvaluations[i - 1]; - Fr batched_eval_round_acc = - ((challenge_power * batched_eval_accumulator * 2) - eval_neg * (challenge_power * (Fr.ONE() - u) - u)); + Fr batchedEvalRoundAcc = ( + (challengePower * batchedEvalAccumulator * Fr.wrap(2)) + - evalNeg * (challengePower * (Fr.wrap(1) - u) - u) + ); // Divide by the denominator - batched_eval_round_acc *= (challenge_power * (Fr.ONE() - u) + u).invert(); + batchedEvalRoundAcc = batchedEvalRoundAcc * (challengePower * (Fr.wrap(1) - u) + u).invert(); bool is_dummy_round = (i > LOG_N); if (!is_dummy_round) { - batched_eval_accumulator = batched_eval_round_acc; + batchedEvalAccumulator = batchedEvalRoundAcc; } } - a_0_pos =batched_eval_accumulator; + a_0_pos = batchedEvalAccumulator; } - // This implementation is the same as above with different constants function batchMul( Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory base, @@ -406,25 +427,6 @@ contract BlakeHonkVerifier is IVerifier { } } - function kzgReduceVerify( - Honk.Proof memory proof, - Transcript memory tp, - Fr evaluation, - Honk.G1Point memory commitment - ) internal view returns (bool) { - Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); - Honk.G1Point memory ONE = Honk.G1Point({x: 1, y: 2}); - - - Honk.G1Point memory evalAsPoint = ecMul(ONE, evaluation); - P0 = ecSub(P0, evalAsPoint); - - Honk.G1Point memory P1 = negateInplace(quotient_commitment); - - // Perform pairing check - return pairing(P0, P1); - } - function pairing(Honk.G1Point memory rhs, Honk.G1Point memory lhs) internal view returns (bool) { bytes memory input = abi.encodePacked( rhs.x, diff --git a/barretenberg/sol/src/honk/utils.sol b/barretenberg/sol/src/honk/utils.sol index dc70597d1b61..55c0e73806e9 100644 --- a/barretenberg/sol/src/honk/utils.sol +++ b/barretenberg/sol/src/honk/utils.sol @@ -46,8 +46,8 @@ function logG(string memory name, uint256 i, Honk.G1Point memory point) pure { string memory x = bytes32ToString(bytes32(point.x)); string memory y = bytes32ToString(bytes32(point.y)); - string memory message = string(abi.encodePacked(name, " ", i, " x: ", x, " y: ", y)); - console2.log(message); + string memory message = string(abi.encodePacked(" x: ", x, " y: ", y)); + console2.log(name, i, message); } function logUint(string memory name, uint256 value) pure { From 993c70a900f8068c55ba7362554716f0f272e753 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 28 Sep 2024 13:07:44 +0000 Subject: [PATCH 04/10] fix: remove log --- barretenberg/sol/src/honk/Transcript.sol | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index 39e49accce64..2a5fa1f0be50 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -66,7 +66,7 @@ library TranscriptLib { function generateEtaChallenge(Honk.Proof memory proof, bytes32[] calldata publicInputs, uint256 publicInputsSize) internal - view + pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); @@ -101,7 +101,7 @@ library TranscriptLib { function generateBetaAndGammaChallenges(Fr previousChallenge, Honk.Proof memory proof) internal - view + pure returns (Fr beta, Fr gamma, Fr nextPreviousChallenge) { bytes32[13] memory round1; @@ -126,7 +126,7 @@ library TranscriptLib { // Alpha challenges non-linearise the gate contributions function generateAlphaChallenges(Fr previousChallenge, Honk.Proof memory proof) internal - view + pure returns (Fr[NUMBER_OF_ALPHAS] memory alphas, Fr nextPreviousChallenge) { // Generate the original sumcheck alpha 0 by hashing zPerm and zLookup @@ -157,7 +157,7 @@ library TranscriptLib { function generateGateChallenges(Fr previousChallenge) internal - view + pure returns (Fr[CONST_PROOF_SIZE_LOG_N] memory gateChallenges, Fr nextPreviousChallenge) { for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; i++) { @@ -170,7 +170,7 @@ library TranscriptLib { function generateSumcheckChallenges(Honk.Proof memory proof, Fr prevChallenge) internal - view + pure returns (Fr[CONST_PROOF_SIZE_LOG_N] memory sumcheckChallenges, Fr nextPreviousChallenge) { for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; i++) { @@ -188,10 +188,9 @@ library TranscriptLib { nextPreviousChallenge = prevChallenge; } - // TODO: reuse this for Shplemini function generateRhoChallenge(Honk.Proof memory proof, Fr prevChallenge) internal - view + pure returns (Fr rho, Fr nextPreviousChallenge) { Fr[NUMBER_OF_ENTITIES + 1] memory rhoChallengeElements; @@ -209,7 +208,7 @@ library TranscriptLib { function generateGeminiRChallenge(Honk.Proof memory proof, Fr prevChallenge) internal - view + pure returns (Fr geminiR, Fr nextPreviousChallenge) { uint256[(CONST_PROOF_SIZE_LOG_N - 1) * 4 + 1] memory gR; @@ -229,7 +228,7 @@ library TranscriptLib { function generateShplonkNuChallenge(Honk.Proof memory proof, Fr prevChallenge) internal - view + pure returns (Fr shplonkNu, Fr nextPreviousChallenge) { uint256[(CONST_PROOF_SIZE_LOG_N) + 1] memory shplonkNuChallengeElements; @@ -242,12 +241,11 @@ library TranscriptLib { nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(shplonkNuChallengeElements))); Fr unused; (shplonkNu, unused) = splitChallenge(nextPreviousChallenge); - logFr("shplonkNu", shplonkNu); } function generateShplonkZChallenge(Honk.Proof memory proof, Fr prevChallenge) internal - view + pure returns (Fr shplonkZ, Fr nextPreviousChallenge) { uint256[5] memory shplonkZChallengeElements; @@ -267,7 +265,7 @@ library TranscriptLib { // TODO: Preprocess all of the memory locations // TODO: Adjust proof point serde away from poseidon forced field elements // TODO: move this back to probably each instance to avoid dynamic init of arrays in the Transcript Lib - function loadProof(bytes calldata proof) internal view returns (Honk.Proof memory) { + function loadProof(bytes calldata proof) internal pure returns (Honk.Proof memory) { Honk.Proof memory p; // Metadata From d3555e230ba00fa80790a8652e9d134b9ff01ee5 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 28 Sep 2024 16:54:10 +0000 Subject: [PATCH 05/10] feat: for other circuit types --- .../sol/src/honk/instance/Add2Honk.sol | 306 +++++++++++++---- .../sol/src/honk/instance/BlakeHonk.sol | 118 +++++-- .../sol/src/honk/instance/EcdsaHonk.sol | 308 ++++++++++++++---- .../src/honk/keys/Add2HonkVerificationKey.sol | 166 +++++----- .../honk/keys/BlakeHonkVerificationKey.sol | 166 +++++----- .../honk/keys/EcdsaHonkVerificationKey.sol | 166 +++++----- 6 files changed, 828 insertions(+), 402 deletions(-) diff --git a/barretenberg/sol/src/honk/instance/Add2Honk.sol b/barretenberg/sol/src/honk/instance/Add2Honk.sol index a6eaec5afa81..4c3e1fc540c2 100644 --- a/barretenberg/sol/src/honk/instance/Add2Honk.sol +++ b/barretenberg/sol/src/honk/instance/Add2Honk.sol @@ -28,9 +28,12 @@ import {RelationsLib} from "../Relations.sol"; // Errors error PublicInputsLengthWrong(); error SumcheckFailed(); +error ShpleminiFailed(); /// Smart contract verifier of honk proofs contract Add2HonkVerifier is IVerifier { + using FrLib for Fr; + function verify(bytes calldata proof, bytes32[] calldata publicInputs) public view override returns (bool) { Honk.VerificationKey memory vk = loadVerificationKey(); Honk.Proof memory p = TranscriptLib.loadProof(proof); @@ -50,10 +53,13 @@ contract Add2HonkVerifier is IVerifier { bool sumcheckVerified = verifySumcheck(p, t); if (!sumcheckVerified) revert SumcheckFailed(); - return sumcheckVerified; // Boolean condition not required - nice for vanity :) + bool shpleminiVerified = verifyShplemini(p, vk, t); + if (!shpleminiVerified) revert ShpleminiFailed(); + + return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) } - function loadVerificationKey() internal view returns (Honk.VerificationKey memory) { + function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } @@ -112,7 +118,7 @@ contract Add2HonkVerifier is IVerifier { function checkSum(Fr[BATCHED_RELATION_PARTIAL_LENGTH] memory roundUnivariate, Fr roundTarget) internal - view + pure returns (bool checked) { Fr totalSum = roundUnivariate[0] + roundUnivariate[1]; @@ -186,60 +192,262 @@ contract Add2HonkVerifier is IVerifier { newEvaluation = currentEvaluation * univariateEval; } - // TODO: TODO: TODO: optimize - // Scalar Mul and acumulate into total - function batchMul(Honk.G1Point[LOG_N + 1] memory base, Fr[LOG_N + 1] memory scalars) + // Avoid stack too deep + struct ShpleminiIntermediates { + // i-th unshifted commitment is multiplied by −ρⁱ and the unshifted_scalar ( 1/(z−r) + ν/(z+r) ) + Fr unshiftedScalar; + // i-th shifted commitment is multiplied by −ρⁱ⁺ᵏ and the shifted_scalar r⁻¹ ⋅ (1/(z−r) − ν/(z+r)) + Fr shiftedScalar; + // Scalar to be multiplied by [1]₁ + Fr constantTermAccumulator; + // Linear combination of multilinear (sumcheck) evaluations and powers of rho + Fr batchingChallenge; + // Accumulator for powers of rho + Fr batchedEvaluation; + } + + function verifyShplemini(Honk.Proof memory proof, Honk.VerificationKey memory vk, Transcript memory tp) internal view - returns (Honk.G1Point memory result) + returns (bool verified) { - uint256 limit = LOG_N + 1; - assembly { - let success := 0x01 - let free := mload(0x40) + ShpleminiIntermediates memory mem; // stack + + // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size, I think this should be CONST_PROOF_SIZE + Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); + + // Arrays hold values that will be linearly combined for the gemini and shplonk batch openings + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars; + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory commitments; + + Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals = + computeInvertedGeminiDenominators(tp, powers_of_evaluation_challenge); + + mem.unshiftedScalar = inverse_vanishing_evals[0] + (tp.shplonkNu * inverse_vanishing_evals[1]); + mem.shiftedScalar = + tp.geminiR.invert() * (inverse_vanishing_evals[0] - (tp.shplonkNu * inverse_vanishing_evals[1])); + + scalars[0] = Fr.wrap(1); + commitments[0] = convertProofPoint(proof.shplonkQ); + + /* Batch multivariate opening claims, shifted and unshifted + * The vector of scalars is populated as follows: + * \f[ + * \left( + * - \left(\frac{1}{z-r} + \nu \times \frac{1}{z+r}\right), + * \ldots, + * - \rho^{i+k-1} \times \left(\frac{1}{z-r} + \nu \times \frac{1}{z+r}\right), + * - \rho^{i+k} \times \frac{1}{r} \times \left(\frac{1}{z-r} - \nu \times \frac{1}{z+r}\right), + * \ldots, + * - \rho^{k+m-1} \times \frac{1}{r} \times \left(\frac{1}{z-r} - \nu \times \frac{1}{z+r}\right) + * \right) + * \f] + * + * The following vector is concatenated to the vector of commitments: + * \f[ + * f_0, \ldots, f_{m-1}, f_{\text{shift}, 0}, \ldots, f_{\text{shift}, k-1} + * \f] + * + * Simultaneously, the evaluation of the multilinear polynomial + * \f[ + * \sum \rho^i \cdot f_i + \sum \rho^{i+k} \cdot f_{\text{shift}, i} + * \f] + * at the challenge point \f$ (u_0,\ldots, u_{n-1}) \f$ is computed. + * + * This approach minimizes the number of iterations over the commitments to multilinear polynomials + * and eliminates the need to store the powers of \f$ \rho \f$. + */ + mem.batchingChallenge = Fr.wrap(1); + mem.batchedEvaluation = Fr.wrap(0); + + for (uint256 i = 1; i <= NUMBER_UNSHIFTED; ++i) { + scalars[i] = mem.unshiftedScalar.neg() * mem.batchingChallenge; + mem.batchedEvaluation = mem.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * mem.batchingChallenge); + mem.batchingChallenge = mem.batchingChallenge * tp.rho; + } + // g commitments are accumulated at r + for (uint256 i = NUMBER_UNSHIFTED + 1; i <= NUMBER_OF_ENTITIES; ++i) { + scalars[i] = mem.shiftedScalar.neg() * mem.batchingChallenge; + mem.batchedEvaluation = mem.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * mem.batchingChallenge); + mem.batchingChallenge = mem.batchingChallenge * tp.rho; + } - // Write the original into the accumulator - // Load into memory forecMUL, leave offset foreccAdd result - // base is an array of pointers, so we have to dereference them - mstore(add(free, 0x40), mload(mload(base))) - mstore(add(free, 0x60), mload(add(0x20, mload(base)))) - // Add scalar - mstore(add(free, 0x80), mload(scalars)) - success := and(success, staticcall(gas(), 7, add(free, 0x40), 0x60, free, 0x40)) + commitments[1] = vk.qm; + commitments[2] = vk.qc; + commitments[3] = vk.ql; + commitments[4] = vk.qr; + commitments[5] = vk.qo; + commitments[6] = vk.q4; + commitments[7] = vk.qArith; + commitments[8] = vk.qDeltaRange; + commitments[9] = vk.qElliptic; + commitments[10] = vk.qAux; + commitments[11] = vk.qLookup; + commitments[12] = vk.qPoseidon2External; + commitments[13] = vk.qPoseidon2Internal; + commitments[14] = vk.s1; + commitments[15] = vk.s2; + commitments[16] = vk.s3; + commitments[17] = vk.s4; + commitments[18] = vk.id1; + commitments[19] = vk.id2; + commitments[20] = vk.id3; + commitments[21] = vk.id4; + commitments[22] = vk.t1; + commitments[23] = vk.t2; + commitments[24] = vk.t3; + commitments[25] = vk.t4; + commitments[26] = vk.lagrangeFirst; + commitments[27] = vk.lagrangeLast; + + // Accumulate proof points + commitments[28] = convertProofPoint(proof.w1); + commitments[29] = convertProofPoint(proof.w2); + commitments[30] = convertProofPoint(proof.w3); + commitments[31] = convertProofPoint(proof.w4); + commitments[32] = convertProofPoint(proof.zPerm); + commitments[33] = convertProofPoint(proof.lookupInverses); + commitments[34] = convertProofPoint(proof.lookupReadCounts); + commitments[35] = convertProofPoint(proof.lookupReadTags); + + // to be Shifted + commitments[36] = vk.t1; + commitments[37] = vk.t2; + commitments[38] = vk.t3; + commitments[39] = vk.t4; + commitments[40] = convertProofPoint(proof.w1); + commitments[41] = convertProofPoint(proof.w2); + commitments[42] = convertProofPoint(proof.w3); + commitments[43] = convertProofPoint(proof.w4); + commitments[44] = convertProofPoint(proof.zPerm); + + /* Batch gemini claims from the prover + * place the commitments to gemini aᵢ to the vector of commitments, compute the contributions from + * aᵢ(−r²ⁱ) for i=1, … , n−1 to the constant term accumulator, add corresponding scalars + * + * 1. Moves the vector + * \f[ + * \left( \text{com}(A_1), \text{com}(A_2), \ldots, \text{com}(A_{n-1}) \right) + * \f] + * to the 'commitments' vector. + * + * 2. Computes the scalars: + * \f[ + * \frac{\nu^{2}}{z + r^2}, \frac{\nu^3}{z + r^4}, \ldots, \frac{\nu^{n-1}}{z + r^{2^{n-1}}} + * \f] + * and places them into the 'scalars' vector. + * + * 3. Accumulates the summands of the constant term: + * \f[ + * \sum_{i=2}^{n-1} \frac{\nu^{i} \cdot A_i(-r^{2^i})}{z + r^{2^i}} + * \f] + * and adds them to the 'constant_term_accumulator'. + */ + mem.constantTermAccumulator = Fr.wrap(0); + mem.batchingChallenge = tp.shplonkNu.sqr(); + + for (uint256 i; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + bool dummy_round = i >= (LOG_N - 1); + + Fr scalingFactor = Fr.wrap(0); + if (!dummy_round) { + scalingFactor = mem.batchingChallenge * inverse_vanishing_evals[i + 2]; + scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); + } - let count := 0x01 + mem.constantTermAccumulator = mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; - for {} lt(count, limit) { count := add(count, 1) } { - // Get loop offsets - let base_base := add(base, mul(count, 0x20)) - let scalar_base := add(scalars, mul(count, 0x20)) + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); + } - mstore(add(free, 0x40), mload(mload(base_base))) - mstore(add(free, 0x60), mload(add(0x20, mload(base_base)))) - // Add scalar - mstore(add(free, 0x80), mload(scalar_base)) + // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: + // Compute evaluation A₀(r) + Fr a_0_pos = computeGeminiBatchedUnivariateEvaluation( + tp, mem.batchedEvaluation, proof.geminiAEvaluations, powers_of_evaluation_challenge + ); - success := and(success, staticcall(gas(), 7, add(free, 0x40), 0x60, add(free, 0x40), 0x40)) - success := and(success, staticcall(gas(), 6, free, 0x80, free, 0x40)) + mem.constantTermAccumulator = mem.constantTermAccumulator + (a_0_pos * inverse_vanishing_evals[0]); + mem.constantTermAccumulator = + mem.constantTermAccumulator + (proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]); + + // Finalise the batch opening claim + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = mem.constantTermAccumulator; + + Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = tp.shplonkZ; // evaluation challenge + + Honk.G1Point memory P_0 = batchMul(commitments, scalars); + Honk.G1Point memory P_1 = negateInplace(quotient_commitment); + + return pairing(P_0, P_1); + } + + function computeSquares(Fr r) internal pure returns (Fr[CONST_PROOF_SIZE_LOG_N] memory squares) { + squares[0] = r; + for (uint256 i = 1; i < CONST_PROOF_SIZE_LOG_N; ++i) { + squares[i] = squares[i - 1].sqr(); + } + } + + function computeInvertedGeminiDenominators( + Transcript memory tp, + Fr[CONST_PROOF_SIZE_LOG_N] memory eval_challenge_powers + ) internal view returns (Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals) { + Fr eval_challenge = tp.shplonkZ; + inverse_vanishing_evals[0] = (eval_challenge - eval_challenge_powers[0]).invert(); + + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Fr round_inverted_denominator = Fr.wrap(0); + if (i <= LOG_N + 1) { + round_inverted_denominator = (eval_challenge + eval_challenge_powers[i]).invert(); } + inverse_vanishing_evals[i + 1] = round_inverted_denominator; + } + } - mstore(result, mload(free)) - mstore(add(result, 0x20), mload(add(free, 0x20))) + function computeGeminiBatchedUnivariateEvaluation( + Transcript memory tp, + Fr batchedEvalAccumulator, + Fr[CONST_PROOF_SIZE_LOG_N] memory geminiEvaluations, + Fr[CONST_PROOF_SIZE_LOG_N] memory geminiEvalChallengePowers + ) internal view returns (Fr a_0_pos) { + for (uint256 i = CONST_PROOF_SIZE_LOG_N; i > 0; --i) { + Fr challengePower = geminiEvalChallengePowers[i - 1]; + Fr u = tp.sumCheckUChallenges[i - 1]; + Fr evalNeg = geminiEvaluations[i - 1]; + + Fr batchedEvalRoundAcc = ( + (challengePower * batchedEvalAccumulator * Fr.wrap(2)) + - evalNeg * (challengePower * (Fr.wrap(1) - u) - u) + ); + // Divide by the denominator + batchedEvalRoundAcc = batchedEvalRoundAcc * (challengePower * (Fr.wrap(1) - u) + u).invert(); + + bool is_dummy_round = (i > LOG_N); + if (!is_dummy_round) { + batchedEvalAccumulator = batchedEvalRoundAcc; + } } + + a_0_pos = batchedEvalAccumulator; } // This implementation is the same as above with different constants - function batchMul2( - Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory base, - Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory scalars + function batchMul( + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory base, + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars ) internal view returns (Honk.G1Point memory result) { - uint256 limit = NUMBER_OF_ENTITIES + LOG_N + 1; + uint256 limit = NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2; assembly { let success := 0x01 let free := mload(0x40) // Write the original into the accumulator - // Load into memory for ecMUL, leave offset for eccAdd result + // Load into memory forecMUL, leave offset foreccAdd result // base is an array of pointers, so we have to dereference them mstore(add(free, 0x40), mload(mload(base))) mstore(add(free, 0x60), mload(add(0x20, mload(base)))) @@ -269,27 +477,6 @@ contract Add2HonkVerifier is IVerifier { } } - // function kzgReduceVerify( - // Honk.Proof memory proof, - // Transcript memory tp, - // Fr evaluation, - // Honk.G1Point memory commitment - // ) internal view returns (bool) { - // Honk.G1Point memory quotient_commitment = convertProofPoint(proof.zmPi); - // Honk.G1Point memory ONE = Honk.G1Point({x: 1, y: 2}); - - // Honk.G1Point memory P0 = commitment; - // P0 = ecAdd(P0, ecMul(quotient_commitment, tp.zmX)); - - // Honk.G1Point memory evalAsPoint = ecMul(ONE, evaluation); - // P0 = ecSub(P0, evalAsPoint); - - // Honk.G1Point memory P1 = negateInplace(quotient_commitment); - - // // Perform pairing check - // return pairing(P0, P1); - // } - function pairing(Honk.G1Point memory rhs, Honk.G1Point memory lhs) internal view returns (bool) { bytes memory input = abi.encodePacked( rhs.x, @@ -309,7 +496,8 @@ contract Add2HonkVerifier is IVerifier { ); (bool success, bytes memory result) = address(0x08).staticcall(input); - return abi.decode(result, (bool)); + bool decodedResult = abi.decode(result, (bool)); + return success && decodedResult; } } diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index d9ec3f4ea4a5..69b6f857263b 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -60,7 +60,7 @@ contract BlakeHonkVerifier is IVerifier { return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) } - function loadVerificationKey() internal view returns (Honk.VerificationKey memory) { + function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } @@ -119,7 +119,7 @@ contract BlakeHonkVerifier is IVerifier { function checkSum(Fr[BATCHED_RELATION_PARTIAL_LENGTH] memory roundUnivariate, Fr roundTarget) internal - view + pure returns (bool checked) { Fr totalSum = roundUnivariate[0] + roundUnivariate[1]; @@ -193,12 +193,17 @@ contract BlakeHonkVerifier is IVerifier { newEvaluation = currentEvaluation * univariateEval; } - // Stack too deeps - struct REE { + // Avoid stack too deep + struct ShpleminiIntermediates { + // i-th unshifted commitment is multiplied by −ρⁱ and the unshifted_scalar ( 1/(z−r) + ν/(z+r) ) Fr unshiftedScalar; + // i-th shifted commitment is multiplied by −ρⁱ⁺ᵏ and the shifted_scalar r⁻¹ ⋅ (1/(z−r) − ν/(z+r)) Fr shiftedScalar; + // Scalar to be multiplied by [1]₁ Fr constantTermAccumulator; + // Linear combination of multilinear (sumcheck) evaluations and powers of rho Fr batchingChallenge; + // Accumulator for powers of rho Fr batchedEvaluation; } @@ -207,40 +212,65 @@ contract BlakeHonkVerifier is IVerifier { view returns (bool verified) { - REE memory r; // stack + ShpleminiIntermediates memory mem; // stack + // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size, I think this should be CONST_PROOF_SIZE Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); - // Remember to convert this from a proof point - // Honk.G1Point[CONST_PROOF_SIZE_LOG_N + 1] memory commitments; - // TODO: check size of scalars + // Arrays hold values that will be linearly combined for the gemini and shplonk batch openings Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars; Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory commitments; Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals = computeInvertedGeminiDenominators(tp, powers_of_evaluation_challenge); - r.unshiftedScalar = inverse_vanishing_evals[0] + (tp.shplonkNu * inverse_vanishing_evals[1]); - r.shiftedScalar = + mem.unshiftedScalar = inverse_vanishing_evals[0] + (tp.shplonkNu * inverse_vanishing_evals[1]); + mem.shiftedScalar = tp.geminiR.invert() * (inverse_vanishing_evals[0] - (tp.shplonkNu * inverse_vanishing_evals[1])); scalars[0] = Fr.wrap(1); commitments[0] = convertProofPoint(proof.shplonkQ); - // Batch multivariate opening claims - r.batchingChallenge = Fr.wrap(1); - r.batchedEvaluation = Fr.wrap(0); + /* Batch multivariate opening claims, shifted and unshifted + * The vector of scalars is populated as follows: + * \f[ + * \left( + * - \left(\frac{1}{z-r} + \nu \times \frac{1}{z+r}\right), + * \ldots, + * - \rho^{i+k-1} \times \left(\frac{1}{z-r} + \nu \times \frac{1}{z+r}\right), + * - \rho^{i+k} \times \frac{1}{r} \times \left(\frac{1}{z-r} - \nu \times \frac{1}{z+r}\right), + * \ldots, + * - \rho^{k+m-1} \times \frac{1}{r} \times \left(\frac{1}{z-r} - \nu \times \frac{1}{z+r}\right) + * \right) + * \f] + * + * The following vector is concatenated to the vector of commitments: + * \f[ + * f_0, \ldots, f_{m-1}, f_{\text{shift}, 0}, \ldots, f_{\text{shift}, k-1} + * \f] + * + * Simultaneously, the evaluation of the multilinear polynomial + * \f[ + * \sum \rho^i \cdot f_i + \sum \rho^{i+k} \cdot f_{\text{shift}, i} + * \f] + * at the challenge point \f$ (u_0,\ldots, u_{n-1}) \f$ is computed. + * + * This approach minimizes the number of iterations over the commitments to multilinear polynomials + * and eliminates the need to store the powers of \f$ \rho \f$. + */ + mem.batchingChallenge = Fr.wrap(1); + mem.batchedEvaluation = Fr.wrap(0); for (uint256 i = 1; i <= NUMBER_UNSHIFTED; ++i) { - scalars[i] = r.unshiftedScalar.neg() * r.batchingChallenge; - r.batchedEvaluation = r.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * r.batchingChallenge); - r.batchingChallenge = r.batchingChallenge * tp.rho; + scalars[i] = mem.unshiftedScalar.neg() * mem.batchingChallenge; + mem.batchedEvaluation = mem.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * mem.batchingChallenge); + mem.batchingChallenge = mem.batchingChallenge * tp.rho; } // g commitments are accumulated at r for (uint256 i = NUMBER_UNSHIFTED + 1; i <= NUMBER_OF_ENTITIES; ++i) { - scalars[i] = r.shiftedScalar.neg() * r.batchingChallenge; - r.batchedEvaluation = r.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * r.batchingChallenge); - r.batchingChallenge = r.batchingChallenge * tp.rho; + scalars[i] = mem.shiftedScalar.neg() * mem.batchingChallenge; + mem.batchedEvaluation = mem.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * mem.batchingChallenge); + mem.batchingChallenge = mem.batchingChallenge * tp.rho; } commitments[1] = vk.qm; @@ -292,39 +322,60 @@ contract BlakeHonkVerifier is IVerifier { commitments[43] = convertProofPoint(proof.w4); commitments[44] = convertProofPoint(proof.zPerm); - // Batch gemini claims from the prover - r.constantTermAccumulator = Fr.wrap(0); - r.batchingChallenge = tp.shplonkNu.sqr(); + /* Batch gemini claims from the prover + * place the commitments to gemini aᵢ to the vector of commitments, compute the contributions from + * aᵢ(−r²ⁱ) for i=1, … , n−1 to the constant term accumulator, add corresponding scalars + * + * 1. Moves the vector + * \f[ + * \left( \text{com}(A_1), \text{com}(A_2), \ldots, \text{com}(A_{n-1}) \right) + * \f] + * to the 'commitments' vector. + * + * 2. Computes the scalars: + * \f[ + * \frac{\nu^{2}}{z + r^2}, \frac{\nu^3}{z + r^4}, \ldots, \frac{\nu^{n-1}}{z + r^{2^{n-1}}} + * \f] + * and places them into the 'scalars' vector. + * + * 3. Accumulates the summands of the constant term: + * \f[ + * \sum_{i=2}^{n-1} \frac{\nu^{i} \cdot A_i(-r^{2^i})}{z + r^{2^i}} + * \f] + * and adds them to the 'constant_term_accumulator'. + */ + mem.constantTermAccumulator = Fr.wrap(0); + mem.batchingChallenge = tp.shplonkNu.sqr(); for (uint256 i; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { bool dummy_round = i >= (LOG_N - 1); Fr scalingFactor = Fr.wrap(0); if (!dummy_round) { - scalingFactor = r.batchingChallenge * inverse_vanishing_evals[i + 2]; + scalingFactor = mem.batchingChallenge * inverse_vanishing_evals[i + 2]; scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); } - r.constantTermAccumulator = r.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); - r.batchingChallenge = r.batchingChallenge * tp.shplonkNu; + mem.constantTermAccumulator = mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); } + // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: // Compute evaluation A₀(r) Fr a_0_pos = computeGeminiBatchedUnivariateEvaluation( - tp, r.batchedEvaluation, proof.geminiAEvaluations, powers_of_evaluation_challenge + tp, mem.batchedEvaluation, proof.geminiAEvaluations, powers_of_evaluation_challenge ); - r.constantTermAccumulator = r.constantTermAccumulator + (a_0_pos * inverse_vanishing_evals[0]); - r.constantTermAccumulator = - r.constantTermAccumulator + (proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]); + mem.constantTermAccumulator = mem.constantTermAccumulator + (a_0_pos * inverse_vanishing_evals[0]); + mem.constantTermAccumulator = + mem.constantTermAccumulator + (proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]); // Finalise the batch opening claim commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); - scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = r.constantTermAccumulator; + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = mem.constantTermAccumulator; - // TODO: put below into the reduce verify function Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; @@ -336,7 +387,7 @@ contract BlakeHonkVerifier is IVerifier { return pairing(P_0, P_1); } - function computeSquares(Fr r) internal view returns (Fr[CONST_PROOF_SIZE_LOG_N] memory squares) { + function computeSquares(Fr r) internal pure returns (Fr[CONST_PROOF_SIZE_LOG_N] memory squares) { squares[0] = r; for (uint256 i = 1; i < CONST_PROOF_SIZE_LOG_N; ++i) { squares[i] = squares[i - 1].sqr(); @@ -446,7 +497,8 @@ contract BlakeHonkVerifier is IVerifier { ); (bool success, bytes memory result) = address(0x08).staticcall(input); - return abi.decode(result, (bool)); + bool decodedResult = abi.decode(result, (bool)); + return success && decodedResult; } } diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol index 2a683c27dcc1..bb60383fdd79 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol @@ -28,9 +28,12 @@ import {RelationsLib} from "../Relations.sol"; // Errors error PublicInputsLengthWrong(); error SumcheckFailed(); +error ShpleminiFailed(); /// Smart contract verifier of honk proofs contract EcdsaHonkVerifier is IVerifier { + using FrLib for Fr; + function verify(bytes calldata proof, bytes32[] calldata publicInputs) public view override returns (bool) { Honk.VerificationKey memory vk = loadVerificationKey(); Honk.Proof memory p = TranscriptLib.loadProof(proof); @@ -50,10 +53,13 @@ contract EcdsaHonkVerifier is IVerifier { bool sumcheckVerified = verifySumcheck(p, t); if (!sumcheckVerified) revert SumcheckFailed(); - return sumcheckVerified; // Boolean condition not required - nice for vanity :) + bool shpleminiVerified = verifyShplemini(p, vk, t); + if (!shpleminiVerified) revert ShpleminiFailed(); + + return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) } - function loadVerificationKey() internal view returns (Honk.VerificationKey memory) { + function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } @@ -112,7 +118,7 @@ contract EcdsaHonkVerifier is IVerifier { function checkSum(Fr[BATCHED_RELATION_PARTIAL_LENGTH] memory roundUnivariate, Fr roundTarget) internal - view + pure returns (bool checked) { Fr totalSum = roundUnivariate[0] + roundUnivariate[1]; @@ -186,54 +192,260 @@ contract EcdsaHonkVerifier is IVerifier { newEvaluation = currentEvaluation * univariateEval; } - // TODO: TODO: TODO: optimize - // Scalar Mul and acumulate into total - function batchMul(Honk.G1Point[LOG_N + 1] memory base, Fr[LOG_N + 1] memory scalars) + // Avoid stack too deep + struct ShpleminiIntermediates { + // i-th unshifted commitment is multiplied by −ρⁱ and the unshifted_scalar ( 1/(z−r) + ν/(z+r) ) + Fr unshiftedScalar; + // i-th shifted commitment is multiplied by −ρⁱ⁺ᵏ and the shifted_scalar r⁻¹ ⋅ (1/(z−r) − ν/(z+r)) + Fr shiftedScalar; + // Scalar to be multiplied by [1]₁ + Fr constantTermAccumulator; + // Linear combination of multilinear (sumcheck) evaluations and powers of rho + Fr batchingChallenge; + // Accumulator for powers of rho + Fr batchedEvaluation; + } + + /** + * Shplemini is a combination of the gemini commitment scheme, that uses shplonk's batch opening claim. + */ + function verifyShplemini(Honk.Proof memory proof, Honk.VerificationKey memory vk, Transcript memory tp) internal view - returns (Honk.G1Point memory result) + returns (bool verified) { - uint256 limit = LOG_N + 1; - assembly { - let success := 0x01 - let free := mload(0x40) + ShpleminiIntermediates memory mem; // stack + + // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size, I think this should be CONST_PROOF_SIZE + Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); + + // Arrays hold values that will be linearly combined for the gemini and shplonk batch openings + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars; + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory commitments; + + Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals = + computeInvertedGeminiDenominators(tp, powers_of_evaluation_challenge); + + mem.unshiftedScalar = inverse_vanishing_evals[0] + (tp.shplonkNu * inverse_vanishing_evals[1]); + mem.shiftedScalar = + tp.geminiR.invert() * (inverse_vanishing_evals[0] - (tp.shplonkNu * inverse_vanishing_evals[1])); + + scalars[0] = Fr.wrap(1); + commitments[0] = convertProofPoint(proof.shplonkQ); + + /* Batch multivariate opening claims, shifted and unshifted + * The vector of scalars is populated as follows: + * \f[ + * \left( + * - \left(\frac{1}{z-r} + \nu \times \frac{1}{z+r}\right), + * \ldots, + * - \rho^{i+k-1} \times \left(\frac{1}{z-r} + \nu \times \frac{1}{z+r}\right), + * - \rho^{i+k} \times \frac{1}{r} \times \left(\frac{1}{z-r} - \nu \times \frac{1}{z+r}\right), + * \ldots, + * - \rho^{k+m-1} \times \frac{1}{r} \times \left(\frac{1}{z-r} - \nu \times \frac{1}{z+r}\right) + * \right) + * \f] + * + * The following vector is concatenated to the vector of commitments: + * \f[ + * f_0, \ldots, f_{m-1}, f_{\text{shift}, 0}, \ldots, f_{\text{shift}, k-1} + * \f] + * + * Simultaneously, the evaluation of the multilinear polynomial + * \f[ + * \sum \rho^i \cdot f_i + \sum \rho^{i+k} \cdot f_{\text{shift}, i} + * \f] + * at the challenge point \f$ (u_0,\ldots, u_{n-1}) \f$ is computed. + * + * This approach minimizes the number of iterations over the commitments to multilinear polynomials + * and eliminates the need to store the powers of \f$ \rho \f$. + */ + mem.batchingChallenge = Fr.wrap(1); + mem.batchedEvaluation = Fr.wrap(0); + + for (uint256 i = 1; i <= NUMBER_UNSHIFTED; ++i) { + scalars[i] = mem.unshiftedScalar.neg() * mem.batchingChallenge; + mem.batchedEvaluation = mem.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * mem.batchingChallenge); + mem.batchingChallenge = mem.batchingChallenge * tp.rho; + } + // g commitments are accumulated at r + for (uint256 i = NUMBER_UNSHIFTED + 1; i <= NUMBER_OF_ENTITIES; ++i) { + scalars[i] = mem.shiftedScalar.neg() * mem.batchingChallenge; + mem.batchedEvaluation = mem.batchedEvaluation + (proof.sumcheckEvaluations[i - 1] * mem.batchingChallenge); + mem.batchingChallenge = mem.batchingChallenge * tp.rho; + } - // Write the original into the accumulator - // Load into memory forecMUL, leave offset foreccAdd result - // base is an array of pointers, so we have to dereference them - mstore(add(free, 0x40), mload(mload(base))) - mstore(add(free, 0x60), mload(add(0x20, mload(base)))) - // Add scalar - mstore(add(free, 0x80), mload(scalars)) - success := and(success, staticcall(gas(), 7, add(free, 0x40), 0x60, free, 0x40)) + commitments[1] = vk.qm; + commitments[2] = vk.qc; + commitments[3] = vk.ql; + commitments[4] = vk.qr; + commitments[5] = vk.qo; + commitments[6] = vk.q4; + commitments[7] = vk.qArith; + commitments[8] = vk.qDeltaRange; + commitments[9] = vk.qElliptic; + commitments[10] = vk.qAux; + commitments[11] = vk.qLookup; + commitments[12] = vk.qPoseidon2External; + commitments[13] = vk.qPoseidon2Internal; + commitments[14] = vk.s1; + commitments[15] = vk.s2; + commitments[16] = vk.s3; + commitments[17] = vk.s4; + commitments[18] = vk.id1; + commitments[19] = vk.id2; + commitments[20] = vk.id3; + commitments[21] = vk.id4; + commitments[22] = vk.t1; + commitments[23] = vk.t2; + commitments[24] = vk.t3; + commitments[25] = vk.t4; + commitments[26] = vk.lagrangeFirst; + commitments[27] = vk.lagrangeLast; + + // Accumulate proof points + commitments[28] = convertProofPoint(proof.w1); + commitments[29] = convertProofPoint(proof.w2); + commitments[30] = convertProofPoint(proof.w3); + commitments[31] = convertProofPoint(proof.w4); + commitments[32] = convertProofPoint(proof.zPerm); + commitments[33] = convertProofPoint(proof.lookupInverses); + commitments[34] = convertProofPoint(proof.lookupReadCounts); + commitments[35] = convertProofPoint(proof.lookupReadTags); + + // to be Shifted + commitments[36] = vk.t1; + commitments[37] = vk.t2; + commitments[38] = vk.t3; + commitments[39] = vk.t4; + commitments[40] = convertProofPoint(proof.w1); + commitments[41] = convertProofPoint(proof.w2); + commitments[42] = convertProofPoint(proof.w3); + commitments[43] = convertProofPoint(proof.w4); + commitments[44] = convertProofPoint(proof.zPerm); + + /* Batch gemini claims from the prover + * place the commitments to gemini aᵢ to the vector of commitments, compute the contributions from + * aᵢ(−r²ⁱ) for i=1, … , n−1 to the constant term accumulator, add corresponding scalars + * + * 1. Moves the vector + * \f[ + * \left( \text{com}(A_1), \text{com}(A_2), \ldots, \text{com}(A_{n-1}) \right) + * \f] + * to the 'commitments' vector. + * + * 2. Computes the scalars: + * \f[ + * \frac{\nu^{2}}{z + r^2}, \frac{\nu^3}{z + r^4}, \ldots, \frac{\nu^{n-1}}{z + r^{2^{n-1}}} + * \f] + * and places them into the 'scalars' vector. + * + * 3. Accumulates the summands of the constant term: + * \f[ + * \sum_{i=2}^{n-1} \frac{\nu^{i} \cdot A_i(-r^{2^i})}{z + r^{2^i}} + * \f] + * and adds them to the 'constant_term_accumulator'. + */ + mem.constantTermAccumulator = Fr.wrap(0); + mem.batchingChallenge = tp.shplonkNu.sqr(); + + for (uint256 i; i < CONST_PROOF_SIZE_LOG_N - 1; ++i) { + bool dummy_round = i >= (LOG_N - 1); + + Fr scalingFactor = Fr.wrap(0); + if (!dummy_round) { + scalingFactor = mem.batchingChallenge * inverse_vanishing_evals[i + 2]; + scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); + } - let count := 0x01 + mem.constantTermAccumulator = mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; - for {} lt(count, limit) { count := add(count, 1) } { - // Get loop offsets - let base_base := add(base, mul(count, 0x20)) - let scalar_base := add(scalars, mul(count, 0x20)) + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); + } - mstore(add(free, 0x40), mload(mload(base_base))) - mstore(add(free, 0x60), mload(add(0x20, mload(base_base)))) - // Add scalar - mstore(add(free, 0x80), mload(scalar_base)) + // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: + // Compute evaluation A₀(r) + Fr a_0_pos = computeGeminiBatchedUnivariateEvaluation( + tp, mem.batchedEvaluation, proof.geminiAEvaluations, powers_of_evaluation_challenge + ); - success := and(success, staticcall(gas(), 7, add(free, 0x40), 0x60, add(free, 0x40), 0x40)) - success := and(success, staticcall(gas(), 6, free, 0x80, free, 0x40)) + mem.constantTermAccumulator = mem.constantTermAccumulator + (a_0_pos * inverse_vanishing_evals[0]); + mem.constantTermAccumulator = + mem.constantTermAccumulator + (proof.geminiAEvaluations[0] * tp.shplonkNu * inverse_vanishing_evals[1]); + + // Finalise the batch opening claim + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = mem.constantTermAccumulator; + + + Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + + commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; + scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = tp.shplonkZ; // evaluation challenge + + Honk.G1Point memory P_0 = batchMul(commitments, scalars); + Honk.G1Point memory P_1 = negateInplace(quotient_commitment); + + return pairing(P_0, P_1); + } + + function computeSquares(Fr r) internal pure returns (Fr[CONST_PROOF_SIZE_LOG_N] memory squares) { + squares[0] = r; + for (uint256 i = 1; i < CONST_PROOF_SIZE_LOG_N; ++i) { + squares[i] = squares[i - 1].sqr(); + } + } + + function computeInvertedGeminiDenominators( + Transcript memory tp, + Fr[CONST_PROOF_SIZE_LOG_N] memory eval_challenge_powers + ) internal view returns (Fr[CONST_PROOF_SIZE_LOG_N + 1] memory inverse_vanishing_evals) { + Fr eval_challenge = tp.shplonkZ; + inverse_vanishing_evals[0] = (eval_challenge - eval_challenge_powers[0]).invert(); + + for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N; ++i) { + Fr round_inverted_denominator = Fr.wrap(0); + if (i <= LOG_N + 1) { + round_inverted_denominator = (eval_challenge + eval_challenge_powers[i]).invert(); } + inverse_vanishing_evals[i + 1] = round_inverted_denominator; + } + } - mstore(result, mload(free)) - mstore(add(result, 0x20), mload(add(free, 0x20))) + function computeGeminiBatchedUnivariateEvaluation( + Transcript memory tp, + Fr batchedEvalAccumulator, + Fr[CONST_PROOF_SIZE_LOG_N] memory geminiEvaluations, + Fr[CONST_PROOF_SIZE_LOG_N] memory geminiEvalChallengePowers + ) internal view returns (Fr a_0_pos) { + for (uint256 i = CONST_PROOF_SIZE_LOG_N; i > 0; --i) { + Fr challengePower = geminiEvalChallengePowers[i - 1]; + Fr u = tp.sumCheckUChallenges[i - 1]; + Fr evalNeg = geminiEvaluations[i - 1]; + + Fr batchedEvalRoundAcc = ( + (challengePower * batchedEvalAccumulator * Fr.wrap(2)) + - evalNeg * (challengePower * (Fr.wrap(1) - u) - u) + ); + // Divide by the denominator + batchedEvalRoundAcc = batchedEvalRoundAcc * (challengePower * (Fr.wrap(1) - u) + u).invert(); + + bool is_dummy_round = (i > LOG_N); + if (!is_dummy_round) { + batchedEvalAccumulator = batchedEvalRoundAcc; + } } + + a_0_pos = batchedEvalAccumulator; } // This implementation is the same as above with different constants - function batchMul2( - Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory base, - Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] memory scalars + function batchMul( + Honk.G1Point[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory base, + Fr[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2] memory scalars ) internal view returns (Honk.G1Point memory result) { - uint256 limit = NUMBER_OF_ENTITIES + LOG_N + 1; + uint256 limit = NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 2; assembly { let success := 0x01 let free := mload(0x40) @@ -269,27 +481,6 @@ contract EcdsaHonkVerifier is IVerifier { } } - // function kzgReduceVerify( - // Honk.Proof memory proof, - // Transcript memory tp, - // Fr evaluation, - // Honk.G1Point memory commitment - // ) internal view returns (bool) { - // Honk.G1Point memory quotient_commitment = convertProofPoint(proof.zmPi); - // Honk.G1Point memory ONE = Honk.G1Point({x: 1, y: 2}); - - // Honk.G1Point memory P0 = commitment; - // P0 = ecAdd(P0, ecMul(quotient_commitment, tp.zmX)); - - // Honk.G1Point memory evalAsPoint = ecMul(ONE, evaluation); - // P0 = ecSub(P0, evalAsPoint); - - // Honk.G1Point memory P1 = negateInplace(quotient_commitment); - - // // Perform pairing check - // return pairing(P0, P1); - // } - function pairing(Honk.G1Point memory rhs, Honk.G1Point memory lhs) internal view returns (bool) { bytes memory input = abi.encodePacked( rhs.x, @@ -309,7 +500,8 @@ contract EcdsaHonkVerifier is IVerifier { ); (bool success, bytes memory result) = address(0x08).staticcall(input); - return abi.decode(result, (bool)); + bool decodedResult = abi.decode(result, (bool)); + return success && decodedResult; } } diff --git a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol index 2402e0a4069f..3fe9801dd1ba 100644 --- a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol @@ -2,125 +2,123 @@ // Copyright 2022 Aztec pragma solidity >=0.8.21; -import {Honk} from "../HonkTypes.sol"; - +import { Honk } from "../HonkTypes.sol"; uint256 constant N = 32; uint256 constant LOG_N = 5; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 3; - library Add2HonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ circuitSize: uint256(32), logCircuitSize: uint256(5), publicInputsSize: uint256(3), - ql: Honk.G1Point({ - x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce), - y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854) + ql: Honk.G1Point({ + x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce), + y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854) }), - qr: Honk.G1Point({ - x: uint256(0x291338e99e7857222c76c5e4ba8b954f5fde09fd2f05634d622ba379657cd501), - y: uint256(0x137030ce3236d7c12307adf650a73b87fc95a774ec43ac0a3a341ef26b7f56c9) + qr: Honk.G1Point({ + x: uint256(0x291338e99e7857222c76c5e4ba8b954f5fde09fd2f05634d622ba379657cd501), + y: uint256(0x137030ce3236d7c12307adf650a73b87fc95a774ec43ac0a3a341ef26b7f56c9) }), - qo: Honk.G1Point({ - x: uint256(0x0f90f4bb16b330b82ef51e7ce3f70a9310ea2d3c5ef855f07b6f58081b5ef41f), - y: uint256(0x0e09412eea75978da57db1d3fa6b7d14c0e282c378be9a6d0efc5770863ed70b) + qo: Honk.G1Point({ + x: uint256(0x0f90f4bb16b330b82ef51e7ce3f70a9310ea2d3c5ef855f07b6f58081b5ef41f), + y: uint256(0x0e09412eea75978da57db1d3fa6b7d14c0e282c378be9a6d0efc5770863ed70b) }), - q4: Honk.G1Point({ - x: uint256(0x1eec247154ced5c29b0836528d7c19eda11399dc21e23df4bee4b5cd0bec659f), - y: uint256(0x107cc382fdee2f6530d39b072a2bc50bdb0c0ac4b054a905b03b9d53bebef404) + q4: Honk.G1Point({ + x: uint256(0x1eec247154ced5c29b0836528d7c19eda11399dc21e23df4bee4b5cd0bec659f), + y: uint256(0x107cc382fdee2f6530d39b072a2bc50bdb0c0ac4b054a905b03b9d53bebef404) }), - qm: Honk.G1Point({ - x: uint256(0x0c17b7ba3864cabe287a2b121b5cb3f8ee4ede87a7f656b8d9b470be025007c8), - y: uint256(0x09590397bf354089980bd40f5d84f4c12faa8b4646425fa660ab7c4c76fb4859) + qm: Honk.G1Point({ + x: uint256(0x0c17b7ba3864cabe287a2b121b5cb3f8ee4ede87a7f656b8d9b470be025007c8), + y: uint256(0x09590397bf354089980bd40f5d84f4c12faa8b4646425fa660ab7c4c76fb4859) }), - qc: Honk.G1Point({ - x: uint256(0x2ac1a00b4c9bb4e7deef8d7a6bf9e26e61f2b935409e41c5770c074303b6d142), - y: uint256(0x192d962de288fb26f3d68052b2f475e884ca47e595de1184171cd1500249fa66) + qc: Honk.G1Point({ + x: uint256(0x2ac1a00b4c9bb4e7deef8d7a6bf9e26e61f2b935409e41c5770c074303b6d142), + y: uint256(0x192d962de288fb26f3d68052b2f475e884ca47e595de1184171cd1500249fa66) }), - qArith: Honk.G1Point({ - x: uint256(0x1797e3e7ee9e4f42b42bd375f13f2ccb395b827e9079e999b6c128d9b083c395), - y: uint256(0x101a60efaab1c8564add45d41b9147efacf45941c3efe93c3568bde1e08e1919) + qArith: Honk.G1Point({ + x: uint256(0x1797e3e7ee9e4f42b42bd375f13f2ccb395b827e9079e999b6c128d9b083c395), + y: uint256(0x101a60efaab1c8564add45d41b9147efacf45941c3efe93c3568bde1e08e1919) }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x0e84090add56f2500ab518c655cae63896ea793e6b3f6a14218d476534109610), - y: uint256(0x2b78a584bd6ae88cf4ec7c65c90e0b65df446fdddba972f3c4414ad3c901f4f9) + qDeltaRange: Honk.G1Point({ + x: uint256(0x0e84090add56f2500ab518c655cae63896ea793e6b3f6a14218d476534109610), + y: uint256(0x2b78a584bd6ae88cf4ec7c65c90e0b65df446fdddba972f3c4414ad3c901f4f9) }), - qElliptic: Honk.G1Point({ - x: uint256(0x1bd6129f9646aa21af0d77e7b1cc9794e611b5d59a27773f744710b476fbd30f), - y: uint256(0x2f8d492d76a22b6834f0b88e2d4096139a9d1593d56e65e710b2f344756b721e) + qElliptic: Honk.G1Point({ + x: uint256(0x1bd6129f9646aa21af0d77e7b1cc9794e611b5d59a27773f744710b476fbd30f), + y: uint256(0x2f8d492d76a22b6834f0b88e2d4096139a9d1593d56e65e710b2f344756b721e) }), - qAux: Honk.G1Point({ - x: uint256(0x056ab50282da428d93b17cbd1c81267dcebcfbabdedb47b2d715b5baa6520bff), - y: uint256(0x10b4e7bd9d6d91a57b0695be166ffd27cbeee602bcb5a9ed32c8d9440912cb72) + qAux: Honk.G1Point({ + x: uint256(0x056ab50282da428d93b17cbd1c81267dcebcfbabdedb47b2d715b5baa6520bff), + y: uint256(0x10b4e7bd9d6d91a57b0695be166ffd27cbeee602bcb5a9ed32c8d9440912cb72) }), - qLookup: Honk.G1Point({ - x: uint256(0x19e2d786ebad24caf1bef735441e58525a2f9b5807b2102f295c58cde00f5c97), - y: uint256(0x085713ce7bac807a084a66904ebc6e695840e8cf405a6fd0c325f8bfcf7c2dd8) + qLookup: Honk.G1Point({ + x: uint256(0x19e2d786ebad24caf1bef735441e58525a2f9b5807b2102f295c58cde00f5c97), + y: uint256(0x085713ce7bac807a084a66904ebc6e695840e8cf405a6fd0c325f8bfcf7c2dd8) }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x0ca0bc4b1cd9eadbbf49eae56a99a4502ef13d965226a634d0981555e4a4da56), - y: uint256(0x1a8a818e6c61f68cefa329f2fabc95c80ad56a538d852f75eda858ed1a616c74) + qPoseidon2External: Honk.G1Point({ + x: uint256(0x0ca0bc4b1cd9eadbbf49eae56a99a4502ef13d965226a634d0981555e4a4da56), + y: uint256(0x1a8a818e6c61f68cefa329f2fabc95c80ad56a538d852f75eda858ed1a616c74) }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x09dfd2992ac1708f0dd1d28c2ad910d9cf21a1510948580f406bc9416113d620), - y: uint256(0x205f76eebda12f565c98c775c4e4f3534b5dcc29e57eed899b1a1a880534dcb9) + qPoseidon2Internal: Honk.G1Point({ + x: uint256(0x09dfd2992ac1708f0dd1d28c2ad910d9cf21a1510948580f406bc9416113d620), + y: uint256(0x205f76eebda12f565c98c775c4e4f3534b5dcc29e57eed899b1a1a880534dcb9) }), - s1: Honk.G1Point({ - x: uint256(0x19a07402ffcc103c3d8fbfbc7e9a660147d7380e65c34f64b75701b8d4868c11), - y: uint256(0x0b7ab8c749a4af75d6100dba9246d7f993748b326d23791a595e21a17653fe30) + s1: Honk.G1Point({ + x: uint256(0x19a07402ffcc103c3d8fbfbc7e9a660147d7380e65c34f64b75701b8d4868c11), + y: uint256(0x0b7ab8c749a4af75d6100dba9246d7f993748b326d23791a595e21a17653fe30) }), - s2: Honk.G1Point({ - x: uint256(0x027234cb39eacbf2ebe98907cf433e429a37933e429d4f24df14274b5c4d2549), - y: uint256(0x2c1ea0996e3fd6cfabcfc6bbd4c86c65fb19c3dda2ded5c4f973af397e8e5c8b) + s2: Honk.G1Point({ + x: uint256(0x027234cb39eacbf2ebe98907cf433e429a37933e429d4f24df14274b5c4d2549), + y: uint256(0x2c1ea0996e3fd6cfabcfc6bbd4c86c65fb19c3dda2ded5c4f973af397e8e5c8b) }), - s3: Honk.G1Point({ - x: uint256(0x243daee8a40861aba1ef660929ee9e874e52cd8e8d75f8c0245852369a731491), - y: uint256(0x0a20f23c0697fb0698478f7a861dde5e18bf5aa34f4731178e74f7460df49a88) + s3: Honk.G1Point({ + x: uint256(0x243daee8a40861aba1ef660929ee9e874e52cd8e8d75f8c0245852369a731491), + y: uint256(0x0a20f23c0697fb0698478f7a861dde5e18bf5aa34f4731178e74f7460df49a88) }), - s4: Honk.G1Point({ - x: uint256(0x18b8202abb615440b5544d88092245911d2b5ff3b5a4a80bb15dbabafdfb56a7), - y: uint256(0x096a6685f36b1ca09a62820ae3be7538128093440fa943ea7412617a6d927916) + s4: Honk.G1Point({ + x: uint256(0x18b8202abb615440b5544d88092245911d2b5ff3b5a4a80bb15dbabafdfb56a7), + y: uint256(0x096a6685f36b1ca09a62820ae3be7538128093440fa943ea7412617a6d927916) }), - t1: Honk.G1Point({ - x: uint256(0x2e0cddbc5712d79b59cb3b41ebbcdd494997477ab161763e46601d95844837ef), - y: uint256(0x303126892f664d8d505964d14315ec426db4c64531d350750df62dbbc41a1bd9) + t1: Honk.G1Point({ + x: uint256(0x2e0cddbc5712d79b59cb3b41ebbcdd494997477ab161763e46601d95844837ef), + y: uint256(0x303126892f664d8d505964d14315ec426db4c64531d350750df62dbbc41a1bd9) }), - t2: Honk.G1Point({ - x: uint256(0x00874a5ad262eecc6b565e0b08507476a6b2c6040c0c62bd59acfe3e3e125672), - y: uint256(0x127b2a745a1b74968c3edc18982b9bef082fb517183c9c6841c2b8ef2ca1df04) + t2: Honk.G1Point({ + x: uint256(0x00874a5ad262eecc6b565e0b08507476a6b2c6040c0c62bd59acfe3e3e125672), + y: uint256(0x127b2a745a1b74968c3edc18982b9bef082fb517183c9c6841c2b8ef2ca1df04) }), - t3: Honk.G1Point({ - x: uint256(0x15a18748490ff4c2b1871081954e86c9efd4f8c3d56e1eb23d789a8f710d5be6), - y: uint256(0x2097c84955059442a95df075833071a0011ef987dc016ab110eacd554a1d8bbf) + t3: Honk.G1Point({ + x: uint256(0x15a18748490ff4c2b1871081954e86c9efd4f8c3d56e1eb23d789a8f710d5be6), + y: uint256(0x2097c84955059442a95df075833071a0011ef987dc016ab110eacd554a1d8bbf) }), - t4: Honk.G1Point({ - x: uint256(0x2aecd48089890ea0798eb952c66824d38e9426ad3085b68b00a93c17897c2877), - y: uint256(0x1216bdb2f0d961bb8a7a23331d215078d8a9ce405ce559f441f2e71477ff3ddb) + t4: Honk.G1Point({ + x: uint256(0x2aecd48089890ea0798eb952c66824d38e9426ad3085b68b00a93c17897c2877), + y: uint256(0x1216bdb2f0d961bb8a7a23331d215078d8a9ce405ce559f441f2e71477ff3ddb) }), - id1: Honk.G1Point({ - x: uint256(0x292298ecab24d2b6f6999cac29848def2665a62342170311f44c08708db0fe1f), - y: uint256(0x277022c35d3145de166b139aa94609551122915366ba42ff7c5157b748fb7f9d) + id1: Honk.G1Point({ + x: uint256(0x292298ecab24d2b6f6999cac29848def2665a62342170311f44c08708db0fe1f), + y: uint256(0x277022c35d3145de166b139aa94609551122915366ba42ff7c5157b748fb7f9d) }), - id2: Honk.G1Point({ - x: uint256(0x2ddc6a05ccd584bdfc65d642b39a3be3075e7a370602112dbf9fc644789acace), - y: uint256(0x1a4167481d5f295af9921741bd0e32dda7a78cb391132b31ab4a77559c297c2e) + id2: Honk.G1Point({ + x: uint256(0x2ddc6a05ccd584bdfc65d642b39a3be3075e7a370602112dbf9fc644789acace), + y: uint256(0x1a4167481d5f295af9921741bd0e32dda7a78cb391132b31ab4a77559c297c2e) }), - id3: Honk.G1Point({ - x: uint256(0x19629b85ab2acf9713223ff4f758882af6247963bbf2f6ec4f9cbcde13675b87), - y: uint256(0x165063fe922948bf1d065a882242724c1bde5fdfd93be29586b45e1ce2cc750c) + id3: Honk.G1Point({ + x: uint256(0x19629b85ab2acf9713223ff4f758882af6247963bbf2f6ec4f9cbcde13675b87), + y: uint256(0x165063fe922948bf1d065a882242724c1bde5fdfd93be29586b45e1ce2cc750c) }), - id4: Honk.G1Point({ - x: uint256(0x2493c99a3d068b03f8f2b8d28b57cea3ee22dd60456277b86c32a18982dcb185), - y: uint256(0x1ded39c4c8366469843cd63f09ecacf6c3731486320082c20ec71bbdc92196c1) + id4: Honk.G1Point({ + x: uint256(0x2493c99a3d068b03f8f2b8d28b57cea3ee22dd60456277b86c32a18982dcb185), + y: uint256(0x1ded39c4c8366469843cd63f09ecacf6c3731486320082c20ec71bbdc92196c1) }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) + lagrangeFirst: Honk.G1Point({ + x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x140b0936c323fd2471155617b6af56ee40d90bea71fba7a412dd61fcf34e8ceb), - y: uint256(0x2b6c10790a5f6631c87d652e059df42b90071823185c5ff8e440fd3d73b6fefc) + lagrangeLast: Honk.G1Point({ + x: uint256(0x140b0936c323fd2471155617b6af56ee40d90bea71fba7a412dd61fcf34e8ceb), + y: uint256(0x2b6c10790a5f6631c87d652e059df42b90071823185c5ff8e440fd3d73b6fefc) }) }); return vk; diff --git a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol index 0eaeba194f11..9046fee0ec9a 100644 --- a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol @@ -2,125 +2,123 @@ // Copyright 2022 Aztec pragma solidity >=0.8.21; -import {Honk} from "../HonkTypes.sol"; - +import { Honk } from "../HonkTypes.sol"; uint256 constant N = 32768; uint256 constant LOG_N = 15; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 4; - library BlakeHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ circuitSize: uint256(32768), logCircuitSize: uint256(15), publicInputsSize: uint256(4), - ql: Honk.G1Point({ - x: uint256(0x2e5f133c25f7e05bd6660196c892121f7fa686cb9a8717a5deea6cd0881e618e), - y: uint256(0x1189bba9eeea96ba8935052434f4b0a60b0a481e3464dd81dfcd89e23def001b) + ql: Honk.G1Point({ + x: uint256(0x2e5f133c25f7e05bd6660196c892121f7fa686cb9a8717a5deea6cd0881e618e), + y: uint256(0x1189bba9eeea96ba8935052434f4b0a60b0a481e3464dd81dfcd89e23def001b) }), - qr: Honk.G1Point({ - x: uint256(0x2a93ffb34002da94f5b156ba5a212ac3616c848bd9c44c9821bbdd64cfd848af), - y: uint256(0x015699dcc0b28766d45f5ddce8258393e84c40619d26034e76f778460a1e4d89) + qr: Honk.G1Point({ + x: uint256(0x2a93ffb34002da94f5b156ba5a212ac3616c848bd9c44c9821bbdd64cfd848af), + y: uint256(0x015699dcc0b28766d45f5ddce8258393e84c40619d26034e76f778460a1e4d89) }), - qo: Honk.G1Point({ - x: uint256(0x2057928e8c5eb539c32c3025007b7be1e1663c358f59540c6f949794c274f886), - y: uint256(0x12bf0b15c3aa92792330f58b04512714c4a902e537fe87cc438293e1805eaabf) + qo: Honk.G1Point({ + x: uint256(0x2057928e8c5eb539c32c3025007b7be1e1663c358f59540c6f949794c274f886), + y: uint256(0x12bf0b15c3aa92792330f58b04512714c4a902e537fe87cc438293e1805eaabf) }), - q4: Honk.G1Point({ - x: uint256(0x304f47a08d4687afa0e2502a9782c32c458bf873ef50c169b732a367e567aaf3), - y: uint256(0x0bb37044594e7de200408a4db6bc46adf7790b06f17dce6f38b7deed480aa9f0) + q4: Honk.G1Point({ + x: uint256(0x304f47a08d4687afa0e2502a9782c32c458bf873ef50c169b732a367e567aaf3), + y: uint256(0x0bb37044594e7de200408a4db6bc46adf7790b06f17dce6f38b7deed480aa9f0) }), - qm: Honk.G1Point({ - x: uint256(0x0aea5b04332ad8781411f7edde21266857ffe11e93af334b14a2b948429afaa4), - y: uint256(0x2bd2e3884d486b387122effa12e8698daef82e9b99d7d25b7d5df91a9d738495) + qm: Honk.G1Point({ + x: uint256(0x0aea5b04332ad8781411f7edde21266857ffe11e93af334b14a2b948429afaa4), + y: uint256(0x2bd2e3884d486b387122effa12e8698daef82e9b99d7d25b7d5df91a9d738495) }), - qc: Honk.G1Point({ - x: uint256(0x0e3b418ea1924b4514d5009cd983b5a8074fa95cd1fb200f019fdebe944e4225), - y: uint256(0x1e6ef5bde7a9727f1c1d07c91461ae1b40524650b35fdd92ac7a129f263b1beb) + qc: Honk.G1Point({ + x: uint256(0x0e3b418ea1924b4514d5009cd983b5a8074fa95cd1fb200f019fdebe944e4225), + y: uint256(0x1e6ef5bde7a9727f1c1d07c91461ae1b40524650b35fdd92ac7a129f263b1beb) }), - qArith: Honk.G1Point({ - x: uint256(0x096841bfa8ec2295a5af5bf69ec539c31a05b221c84ed1d24c702e31ce1cbc95), - y: uint256(0x10b14cca7e9ff05fcf1e3084f4fc9ab098cf379864b2e2e2e0d33fc5df9d9a50) + qArith: Honk.G1Point({ + x: uint256(0x096841bfa8ec2295a5af5bf69ec539c31a05b221c84ed1d24c702e31ce1cbc95), + y: uint256(0x10b14cca7e9ff05fcf1e3084f4fc9ab098cf379864b2e2e2e0d33fc5df9d9a50) }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x2d27fd1a30a0ab04a05144c27ac41187d5cf89a6022e47b263d1ccb93b3cbea5), - y: uint256(0x238eb233e9aebc81285a2647f2598bab00a4367da47b12c2b0476afc2d94ab1d) + qDeltaRange: Honk.G1Point({ + x: uint256(0x2d27fd1a30a0ab04a05144c27ac41187d5cf89a6022e47b263d1ccb93b3cbea5), + y: uint256(0x238eb233e9aebc81285a2647f2598bab00a4367da47b12c2b0476afc2d94ab1d) }), - qElliptic: Honk.G1Point({ - x: uint256(0x1c6fc8e14453adf64e6d9643ef9f1fb55e3a307ac1ec84f86cd736fc866e05ab), - y: uint256(0x1bf8619b1704b99ab8820ed94dd760da2945e8e1c771c0bdeadbe40aa5700cdd) + qElliptic: Honk.G1Point({ + x: uint256(0x1c6fc8e14453adf64e6d9643ef9f1fb55e3a307ac1ec84f86cd736fc866e05ab), + y: uint256(0x1bf8619b1704b99ab8820ed94dd760da2945e8e1c771c0bdeadbe40aa5700cdd) }), - qAux: Honk.G1Point({ - x: uint256(0x023fe0703623b99c93358348d76eb620f26ceafa58df018e3a8f1d599a61e76f), - y: uint256(0x2ceb9c4c4ca12ea769157ef10cde9644f9f0549805e48d5fd5d73a634d2cdcb5) + qAux: Honk.G1Point({ + x: uint256(0x023fe0703623b99c93358348d76eb620f26ceafa58df018e3a8f1d599a61e76f), + y: uint256(0x2ceb9c4c4ca12ea769157ef10cde9644f9f0549805e48d5fd5d73a634d2cdcb5) }), - qLookup: Honk.G1Point({ - x: uint256(0x1375bbfbf5ed31b38460f46a43ac14e2cda93a3bc5cfd6e8a93cca356694a346), - y: uint256(0x204c5173892c19a97a04b5f8419898063df5136489809ddb9f7eabb58d6858ab) + qLookup: Honk.G1Point({ + x: uint256(0x1375bbfbf5ed31b38460f46a43ac14e2cda93a3bc5cfd6e8a93cca356694a346), + y: uint256(0x204c5173892c19a97a04b5f8419898063df5136489809ddb9f7eabb58d6858ab) }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x1fa8529236d7eacdab8dcd8169af30d334be103357577353e9ef08dfda841785), - y: uint256(0x055251b013746385e921b4620e55ef4f08b4d8afc4dbca7e6c3ca0f1b52c5a2b) + qPoseidon2External: Honk.G1Point({ + x: uint256(0x1fa8529236d7eacdab8dcd8169af30d334be103357577353e9ef08dfda841785), + y: uint256(0x055251b013746385e921b4620e55ef4f08b4d8afc4dbca7e6c3ca0f1b52c5a2b) }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x1515283648ab8622ac6447f1fcf201a598d8df325279bfac9a6564924df97ee5), - y: uint256(0x0335bb595984ad38686009bca08f5f420e3b4cf888fad5af4a99eca08190a315) + qPoseidon2Internal: Honk.G1Point({ + x: uint256(0x1515283648ab8622ac6447f1fcf201a598d8df325279bfac9a6564924df97ee5), + y: uint256(0x0335bb595984ad38686009bca08f5f420e3b4cf888fad5af4a99eca08190a315) }), - s1: Honk.G1Point({ - x: uint256(0x26cec5ff3eb1b803c52fa1fefaac7a2be5cd13c1a1cc20bb9f22049c7f8597d2), - y: uint256(0x07e80e74eb0e06d7c0c9a3fbbdea4e86e5934faa8142625f175320778bcba65f) + s1: Honk.G1Point({ + x: uint256(0x26cec5ff3eb1b803c52fa1fefaac7a2be5cd13c1a1cc20bb9f22049c7f8597d2), + y: uint256(0x07e80e74eb0e06d7c0c9a3fbbdea4e86e5934faa8142625f175320778bcba65f) }), - s2: Honk.G1Point({ - x: uint256(0x140b2faaf30cb5fc528621f4a395943e7fab8198dc734ac13253dd249682dd2a), - y: uint256(0x12709c4a13428f4704d284c90a81cc83280680185ae6298187e86debcd3e00f7) + s2: Honk.G1Point({ + x: uint256(0x140b2faaf30cb5fc528621f4a395943e7fab8198dc734ac13253dd249682dd2a), + y: uint256(0x12709c4a13428f4704d284c90a81cc83280680185ae6298187e86debcd3e00f7) }), - s3: Honk.G1Point({ - x: uint256(0x0aca5621e9f49279969497b3da0eb8a74c68c3513f4cf98e8b1d6f88567557a8), - y: uint256(0x2664811311f75057a16267bc0479eaeea2424156417cc4d3f8bd286fac9aa5d2) + s3: Honk.G1Point({ + x: uint256(0x0aca5621e9f49279969497b3da0eb8a74c68c3513f4cf98e8b1d6f88567557a8), + y: uint256(0x2664811311f75057a16267bc0479eaeea2424156417cc4d3f8bd286fac9aa5d2) }), - s4: Honk.G1Point({ - x: uint256(0x04417c606a41393e73113ec3f834883dbeb302889199b888c0f5ea58a008ff98), - y: uint256(0x0865670de7962d29b6a9012f28ea52113c4e2b55d7de44e829edec87dba1d5c2) + s4: Honk.G1Point({ + x: uint256(0x04417c606a41393e73113ec3f834883dbeb302889199b888c0f5ea58a008ff98), + y: uint256(0x0865670de7962d29b6a9012f28ea52113c4e2b55d7de44e829edec87dba1d5c2) }), - t1: Honk.G1Point({ - x: uint256(0x1ec1b607634e31421b5047dc99d7674d6505fed978df0f42a3504f9771a8a7fa), - y: uint256(0x1da802c6dc2fe6cffc6f9ae983080c66690ceee40c181b4d51fdba6c5c360297) + t1: Honk.G1Point({ + x: uint256(0x1ec1b607634e31421b5047dc99d7674d6505fed978df0f42a3504f9771a8a7fa), + y: uint256(0x1da802c6dc2fe6cffc6f9ae983080c66690ceee40c181b4d51fdba6c5c360297) }), - t2: Honk.G1Point({ - x: uint256(0x1e38a0a482b7174f429a3bef25fb0a7656abc88cfd215b8e8404132601620784), - y: uint256(0x2e9ea07a995fa6d589e37fba2715f3f1fa338652ddf84d4e2e4f33dccadb9156) + t2: Honk.G1Point({ + x: uint256(0x1e38a0a482b7174f429a3bef25fb0a7656abc88cfd215b8e8404132601620784), + y: uint256(0x2e9ea07a995fa6d589e37fba2715f3f1fa338652ddf84d4e2e4f33dccadb9156) }), - t3: Honk.G1Point({ - x: uint256(0x211a0833bb3c6f9ae6c94519b6878ed6157c4a080df786a053d9a19796b9a7f8), - y: uint256(0x1a3a450e1a272aa1fe9f097acf359502ff69df617de4918b37a497def94db2b5) + t3: Honk.G1Point({ + x: uint256(0x211a0833bb3c6f9ae6c94519b6878ed6157c4a080df786a053d9a19796b9a7f8), + y: uint256(0x1a3a450e1a272aa1fe9f097acf359502ff69df617de4918b37a497def94db2b5) }), - t4: Honk.G1Point({ - x: uint256(0x281a984aef14716cd5d8fc2759eb8ea2464909b5c57d97b6bc50e4dad74d92d3), - y: uint256(0x169160e1505685aabd5bd60e994bac45162c6868235cc4252c8b87d0f12603fd) + t4: Honk.G1Point({ + x: uint256(0x281a984aef14716cd5d8fc2759eb8ea2464909b5c57d97b6bc50e4dad74d92d3), + y: uint256(0x169160e1505685aabd5bd60e994bac45162c6868235cc4252c8b87d0f12603fd) }), - id1: Honk.G1Point({ - x: uint256(0x01c082a85908fea4c69c4e51436fba7d965e1d88e485da16e35d8f4e8af3b8bd), - y: uint256(0x11b0ada021468b059aa6c27f4d4950ef65b98d4d8808ae21718bd8b90f9bb365) + id1: Honk.G1Point({ + x: uint256(0x01c082a85908fea4c69c4e51436fba7d965e1d88e485da16e35d8f4e8af3b8bd), + y: uint256(0x11b0ada021468b059aa6c27f4d4950ef65b98d4d8808ae21718bd8b90f9bb365) }), - id2: Honk.G1Point({ - x: uint256(0x0b8667619755bd09c7970defeae2c920df2b17b41608303ae1d7393615dd04e4), - y: uint256(0x1c5419cd435c5516ac566a9d1dfecdb4e10190c63f2dbd8a1932785caf022e2c) + id2: Honk.G1Point({ + x: uint256(0x0b8667619755bd09c7970defeae2c920df2b17b41608303ae1d7393615dd04e4), + y: uint256(0x1c5419cd435c5516ac566a9d1dfecdb4e10190c63f2dbd8a1932785caf022e2c) }), - id3: Honk.G1Point({ - x: uint256(0x110aee72793c4b4ede92c1375f058b4170fcf01bf18f8f1ee934f7ae0fa26da5), - y: uint256(0x15c4f6a01ff04ef6b5225c896dfb7060a7a2c320395bda410e756d6b507b7eb8) + id3: Honk.G1Point({ + x: uint256(0x110aee72793c4b4ede92c1375f058b4170fcf01bf18f8f1ee934f7ae0fa26da5), + y: uint256(0x15c4f6a01ff04ef6b5225c896dfb7060a7a2c320395bda410e756d6b507b7eb8) }), - id4: Honk.G1Point({ - x: uint256(0x2472aba130e7ed2aefad128109415ec2bdeb56e81e3cbeacc93e00c95f203579), - y: uint256(0x0c867d0f8e2f9c861574383b89020980358d898497f80c198a6c17c2f4daf9a4) + id4: Honk.G1Point({ + x: uint256(0x2472aba130e7ed2aefad128109415ec2bdeb56e81e3cbeacc93e00c95f203579), + y: uint256(0x0c867d0f8e2f9c861574383b89020980358d898497f80c198a6c17c2f4daf9a4) }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) + lagrangeFirst: Honk.G1Point({ + x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x13b825e996cc8d600f363dca4481a54d6dd3da85900cd9f0a61fa02600851998), - y: uint256(0x151cb86205f2dc38a5651840c1a4b4928f3f3c98f77c2abd08336562986dc404) + lagrangeLast: Honk.G1Point({ + x: uint256(0x13b825e996cc8d600f363dca4481a54d6dd3da85900cd9f0a61fa02600851998), + y: uint256(0x151cb86205f2dc38a5651840c1a4b4928f3f3c98f77c2abd08336562986dc404) }) }); return vk; diff --git a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol index b2d9abdf2a20..79c18006bae0 100644 --- a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol @@ -2,125 +2,123 @@ // Copyright 2022 Aztec pragma solidity >=0.8.21; -import {Honk} from "../HonkTypes.sol"; - +import { Honk } from "../HonkTypes.sol"; uint256 constant N = 65536; uint256 constant LOG_N = 16; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 6; - library EcdsaHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ circuitSize: uint256(65536), logCircuitSize: uint256(16), publicInputsSize: uint256(6), - ql: Honk.G1Point({ - x: uint256(0x0b1acdcf739e1e6c27df046577122a292a77f4fcdf8056d8b8ae12f105d3a888), - y: uint256(0x145dad3bdd9a262411aaa657129df49dbf44a63f510e9ab8191622c643ebd9bd) + ql: Honk.G1Point({ + x: uint256(0x051ccdb8069f35f4ef85ad098e95681736a7bed10a7bee1b76a506235dc0b579), + y: uint256(0x05e168c2e4f90231545f5b24c1a84c1419b8798e4235cc2036c9e101e462b71d) }), - qr: Honk.G1Point({ - x: uint256(0x1940872f30b32522e26efd0fd4a642289bce2c56083e7a03af564c30969066d8), - y: uint256(0x181fd173051ca19e37f09c42298c36d2e9834df50535d85d429f562352c0d924) + qr: Honk.G1Point({ + x: uint256(0x2c99eed1f855cd5152942cc090aabf15308eb00ac549e965eb3e1950479cce58), + y: uint256(0x170bf8541390153bf5807bc022c9369f99d8bc1fd87922a0627b144fec0414e2) }), - qo: Honk.G1Point({ - x: uint256(0x2a1afa631e8b6ab8fb1444fb0154686a5a34c7a4ddae66bdc344e782a81382b3), - y: uint256(0x0cfa0936a5e63e723a5c318c7461ddc22824ad0ee62fa00e2e8b92f9b3f1cdf6) + qo: Honk.G1Point({ + x: uint256(0x1594abb7debcf41e3296178eeec941dbb6242ba13f50f4549734657ee5ebb8b1), + y: uint256(0x262e1469c56c719bdc4eaab93cc95868eed9fea1fa9ded03b46f2c061a341d4f) }), - q4: Honk.G1Point({ - x: uint256(0x1a01666b2e915221eb0c1ae6bf91394d18c73e6882dd1241d244f932678982ec), - y: uint256(0x212b0436d2da1b4a6507142b794024ded58e3d41fdde2f95249405ffdd02b324) + q4: Honk.G1Point({ + x: uint256(0x16b49bbcd37e15ed89b2f6f5b97d021abe440ba7cbc69904484991fa7e6058a9), + y: uint256(0x197b14cb5d037642b27ed7cd79b9568e5853ad1e3508453c0ed1f30c1962fd52) }), - qm: Honk.G1Point({ - x: uint256(0x0dd29943b961b1c615ab22df0e5b567489a7c9a9ad3ac92ae281d68ca603326c), - y: uint256(0x2a552165dc59dc5c5398e6b8c2227dc3f36ccdcc1250e7c9a8c1631c963aff2f) + qm: Honk.G1Point({ + x: uint256(0x175280d74e116a82ad6ccc34f640a5b3dda74b17372c9a0941d57749e37068a6), + y: uint256(0x0827b11a78b8a625ba940983effbcf7354aa0388bd472481c0a8a088653b9769) }), - qc: Honk.G1Point({ - x: uint256(0x203785f30cf75ed2e8559faa797897174bca19ebcb44266c6bc87aee8dc86964), - y: uint256(0x11ae3fbccf0c302ab29a8123b2ef631a659a3750d27df3eb7c492ae978ac3f07) + qc: Honk.G1Point({ + x: uint256(0x2a262a7189292da31f3f4a7926c4d9fcae883188aafe9cf3ba2a623f0004a67a), + y: uint256(0x0d90b8808180521422b90889592111434dd5bbc0e5deb27419c1f5e6d0bf9883) }), - qArith: Honk.G1Point({ - x: uint256(0x059453a86c23185b89783698e7da32ce59270611c312c82a16c42e83d66f3a11), - y: uint256(0x23403bda1774d1e372f94dd86571d393290df9d27cc1f032a1a2ba3a02becb28) + qArith: Honk.G1Point({ + x: uint256(0x2026f95bb8f7b6ed57287e4833e2789cce8ec9a95b829e6a2abbf5d13d681d22), + y: uint256(0x19cea5af7d9b39a4ad86a0ab52f8a358f7f35236561a50cdf6f2860f0b3426a8) }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x189ec3e8c791a2933a4f188b2183c4bfeb9a2a8e51bb10a7571c243603dd3fce), - y: uint256(0x00d30f1839bdf225d00e20bcf76adcf2bfc6ea98a4ca12b4f36c68f4a865fa59) + qDeltaRange: Honk.G1Point({ + x: uint256(0x02d0f736b422d74d9aa2ef26deedb67fdd2e798aae001c4292dabd2c5df31249), + y: uint256(0x0ae6265d6dcc9da8d3b23f088c6fb062c9be10bfa79e9d0463d4a7785ea4a5f9) }), - qElliptic: Honk.G1Point({ - x: uint256(0x16b1166d95a8e2496eb12363dbfb9ca5aa5bc0975fc4994dc2c61cc0609d8eba), - y: uint256(0x1aded54ecb6c2ec4fdeaef0f9e3b2dae5da1e1958d76b953b9e29efb1e8962b4) + qElliptic: Honk.G1Point({ + x: uint256(0x0ffa449a9d6e6c6f3e302eb3f16ce9d3d3711b9102ecf0e303ff91f3f9eb25f5), + y: uint256(0x095ef997439bccdd1234b2431a520823bcfe3e77f50190e66e70e2c51e906193) }), - qAux: Honk.G1Point({ - x: uint256(0x1011b815b4505f86944621990bd81bd442780186904784572d50087942aa8607), - y: uint256(0x24e575bf4641129d492759c66a4a5c1d3da80b647d4e67adfea20ab72eb69854) + qAux: Honk.G1Point({ + x: uint256(0x09023d45c436e756762d8b3527cfcb3f694cdbafd192ccae59210740bdf03ad3), + y: uint256(0x020c9b591603814f1815038e25d1bb3fb85261bf699abfc8921f48954f0bc2b0) }), - qLookup: Honk.G1Point({ - x: uint256(0x13a5f6d8f4de0f66dc7ea0d75efa7ae6632e6448c13bbbe5358412f7a36518d6), - y: uint256(0x142fd8f3223785fbd36b380c6065215d16b821b3df4d86d5464f1bfff2a29544) + qLookup: Honk.G1Point({ + x: uint256(0x08c0d34ca72136661975f3b1ad658bfda38661b9ff320b60e2974496e03fd62e), + y: uint256(0x236caf48f4c3a7ca207f5c0ec75f304657e49780015cf40ff9be37f8ba3c6624) }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x02c909437bb59751312ce2208a2b367d3c9eaa8721d7671306c41ebd9843b3ba), - y: uint256(0x1db8a23e0231ac4b008ccdb6f21aa37c59349a77b51d894217596f0ef543120c) + qPoseidon2External: Honk.G1Point({ + x: uint256(0x09d58ddd055d3d65b4f36a347c18c11956b7d43c4f15434ded62bdf1224ff37d), + y: uint256(0x3002f0782d68214149ae47ee94771a6509709499ca06a8421eeeae97ea37e2a9) }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x19d898bac51355e0822e2aa6e6630494e47ea2476a0c4c15b6f03ce441f6c6d0), - y: uint256(0x2add808f3d5b3c608ce5937fcd3c9c968ba56dbe5855e2f6d3e4bdd9d118d19b) + qPoseidon2Internal: Honk.G1Point({ + x: uint256(0x1d11dbf6b2ced628ad64ea9d8afef60b6ea2e246160b6525915eb0ab7bdc94aa), + y: uint256(0x1ecef8438441a2565ee641757bdc6739da7389d913453eee0aaac561fb08495c) }), - s1: Honk.G1Point({ - x: uint256(0x0dd1eea7735fc4052df5a19e4859c59e50e3ab9cb3cc2accbd42ef8a1104449b), - y: uint256(0x1541af79ad21fe21642a50d97899451c868b6d5d608431e5de6b0a730abe130d) + s1: Honk.G1Point({ + x: uint256(0x105eb99bfd557812572f2a5ec5b6eff27375b4ed5ce4e7a9649fe3038cfacbac), + y: uint256(0x1efd910252f319f9c0dc21c7688b92d80fd0a8636f152e0d9c8e0afb5c9a6d2e) }), - s2: Honk.G1Point({ - x: uint256(0x21d9072c3474c1cfe1c2d96c098c4d9af4bb5d222944aa6470063f4a8b9b9770), - y: uint256(0x137ad8c018449f48311b5394ac91a6b2f5c5e40c676216a299a3d501d69b1f7d) + s2: Honk.G1Point({ + x: uint256(0x2bbbf5e8a2f7feb08ee64585bf3da54db0da09b211f726adda93020a2ae23e56), + y: uint256(0x2a9e8e1c3850c66da60224163dc4846ea6f37ed48f9d6dfd40b450fa61081484) }), - s3: Honk.G1Point({ - x: uint256(0x2c2fe61ccbf18af13d41950ef58f3a2a64d355657a4dfba8e9917e618ea8add4), - y: uint256(0x2e7edf4dae50db17925e431d3198a39cb4bdc6f4e6e7d8d6163c972f4750a606) + s3: Honk.G1Point({ + x: uint256(0x0d264ba46f4a7bafd0ba9d9f9f4827109e1da2cfdb11835b9fc65aaafe9f9f20), + y: uint256(0x0f9ff6e122bcacd091ffd98d8caf249ab216e9c784e667475e2184ed34892272) }), - s4: Honk.G1Point({ - x: uint256(0x1825a30f42c7508e2ee2158d374dc626cf4149b745ba55d533181f418ac605aa), - y: uint256(0x15d9b33a9612c0c8a55a75a827c0230656054765c7b37ba77a798b71a4766d1b) + s4: Honk.G1Point({ + x: uint256(0x2556809f13dc85764a5e4ea8fda1bbba54f36dad477124915fc8c198db16f496), + y: uint256(0x27461805fb3a7ee919331973984491c36cc83eee61d3664d5319922902327750) }), - t1: Honk.G1Point({ - x: uint256(0x1ddc9ef86584375e5998d9f6fc16a4e646dc315ab86b477abc2f18a723dc24f6), - y: uint256(0x03a3b132ca6590c4ffdf35e1acd932da680a4247a55c88dd2284af78cb047906) + t1: Honk.G1Point({ + x: uint256(0x1ddc9ef86584375e5998d9f6fc16a4e646dc315ab86b477abc2f18a723dc24f6), + y: uint256(0x03a3b132ca6590c4ffdf35e1acd932da680a4247a55c88dd2284af78cb047906) }), - t2: Honk.G1Point({ - x: uint256(0x1e4cde3e410660193bacdf1db498ffb6bf1618c4d7b355415858d7d996e8bd03), - y: uint256(0x18d7f0300f961521ead0cb3c81a2a43a2dea0fdcb17bd772aef6c7b908be4273) + t2: Honk.G1Point({ + x: uint256(0x1e4cde3e410660193bacdf1db498ffb6bf1618c4d7b355415858d7d996e8bd03), + y: uint256(0x18d7f0300f961521ead0cb3c81a2a43a2dea0fdcb17bd772aef6c7b908be4273) }), - t3: Honk.G1Point({ - x: uint256(0x0e77f28b07af551fea1ad81b304fd41013850e8b3539309c20bb2fa115289642), - y: uint256(0x15f92fde2f0d7a77c27daeb397336220ffc07b99f710980253e84f8ae94afd4d) + t3: Honk.G1Point({ + x: uint256(0x0e77f28b07af551fea1ad81b304fd41013850e8b3539309c20bb2fa115289642), + y: uint256(0x15f92fde2f0d7a77c27daeb397336220ffc07b99f710980253e84f8ae94afd4d) }), - t4: Honk.G1Point({ - x: uint256(0x2285ea4116ca00b673b2daadf596052b6d9ba6d231a4bea8af5a3c0f28c44aa4), - y: uint256(0x076bf1e1f682badebfca083e25d808e8dae96372631c0721a7ee238c333a862a) + t4: Honk.G1Point({ + x: uint256(0x2285ea4116ca00b673b2daadf596052b6d9ba6d231a4bea8af5a3c0f28c44aa4), + y: uint256(0x076bf1e1f682badebfca083e25d808e8dae96372631c0721a7ee238c333a862a) }), - id1: Honk.G1Point({ - x: uint256(0x003bfa695fb125e2e815ae3565a2b7667fe2240edfd46c312fa6b6ed88226d3f), - y: uint256(0x080c85e17835fce14e045eeb531ef2c287ad933a2ca7f35d3c7df03d0367fb9c) + id1: Honk.G1Point({ + x: uint256(0x0b034b231d25a2e152b830397a59c97e02175212a6c5ce00129625cfb2e5c53d), + y: uint256(0x22e1842515d4569ca06477f4b2685d0a767bfa1eecca343c889840af8c086db9) }), - id2: Honk.G1Point({ - x: uint256(0x17662e6b69e1a67d8682a5c00b4d3c57c8f3ce7d82df027ba71c5031a946e070), - y: uint256(0x14bd830834279aa5f4ff64181af68bef9121c6322d37d25b5490f60a83b755f9) + id2: Honk.G1Point({ + x: uint256(0x0e82a73cd55280503e70d5bdd855071d202ff65f31a65996955a7661775ff290), + y: uint256(0x1325a665dfee8e1247f3129ca943e12736f800afc1a9dcfa0476050b8e3c87f8) }), - id3: Honk.G1Point({ - x: uint256(0x05bc83edcd40f963c7f6983f1c6a993ce32ca97a6e45c076dc4e38195ba8560a), - y: uint256(0x01239f42bab3bc0d1cc4194ca17fa76036ce2e4887a3dc499fe71da67d7af9a3) + id3: Honk.G1Point({ + x: uint256(0x2ad12a1238e051fba16108022b5e58bba1fc7966fe759016a93fae5397e8c403), + y: uint256(0x257cfc281b0135bb8dfb0df6a7b69ca39835af544007eb61ace84ce7014c1fea) }), - id4: Honk.G1Point({ - x: uint256(0x1bcbd59c8e9e24132d3d3dfb1eaf21fa4ed74e922bb4d44f3c8d22ebb50105da), - y: uint256(0x147b021c1046d59dcc6b8be404ef2670f7e6f33a03dbaeef966c9bf3882324f4) + id4: Honk.G1Point({ + x: uint256(0x058bf4de2f71f4d2e11235d140d05db461fb50d8aef64c8c52e2c0f57438dcce), + y: uint256(0x1e90ce7ec8cca2e65d7deafb655e6c7b0c4b964cd2cb1e5b4ef5ad78ab2f4b46) }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) + lagrangeFirst: Honk.G1Point({ + x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x28bf8c9eeae6946902ee08351768a3e4f67d812e6465f55f16bf69fad16cf46d), - y: uint256(0x12dab1c326b33ea63ec6651324077c0ea2cb0ddfafd63fb8f9fbcc70bd53d7e0) + lagrangeLast: Honk.G1Point({ + x: uint256(0x28bf8c9eeae6946902ee08351768a3e4f67d812e6465f55f16bf69fad16cf46d), + y: uint256(0x12dab1c326b33ea63ec6651324077c0ea2cb0ddfafd63fb8f9fbcc70bd53d7e0) }) }); return vk; From c7c07684e7150e53227474d65f32e24e19b51152 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 28 Sep 2024 19:40:01 +0000 Subject: [PATCH 06/10] fix: typo --- barretenberg/sol/src/honk/instance/Add2Honk.sol | 2 +- barretenberg/sol/src/honk/instance/BlakeHonk.sol | 2 +- barretenberg/sol/src/honk/instance/EcdsaHonk.sol | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/barretenberg/sol/src/honk/instance/Add2Honk.sol b/barretenberg/sol/src/honk/instance/Add2Honk.sol index 4c3e1fc540c2..7c37aa47b03c 100644 --- a/barretenberg/sol/src/honk/instance/Add2Honk.sol +++ b/barretenberg/sol/src/honk/instance/Add2Honk.sol @@ -447,7 +447,7 @@ contract Add2HonkVerifier is IVerifier { let free := mload(0x40) // Write the original into the accumulator - // Load into memory forecMUL, leave offset foreccAdd result + // Load into memory for ecMUL, leave offset for eccAdd result // base is an array of pointers, so we have to dereference them mstore(add(free, 0x40), mload(mload(base))) mstore(add(free, 0x60), mload(add(0x20, mload(base)))) diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index 69b6f857263b..e5c4b214fd94 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -448,7 +448,7 @@ contract BlakeHonkVerifier is IVerifier { let free := mload(0x40) // Write the original into the accumulator - // Load into memory forecMUL, leave offset foreccAdd result + // Load into memory for ecMUL, leave offset for eccAdd result // base is an array of pointers, so we have to dereference them mstore(add(free, 0x40), mload(mload(base))) mstore(add(free, 0x60), mload(add(0x20, mload(base)))) diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol index bb60383fdd79..d62f03784e3c 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol @@ -451,7 +451,7 @@ contract EcdsaHonkVerifier is IVerifier { let free := mload(0x40) // Write the original into the accumulator - // Load into memory forecMUL, leave offset foreccAdd result + // Load into memory for ecMUL, leave offset for eccAdd result // base is an array of pointers, so we have to dereference them mstore(add(free, 0x40), mload(mload(base))) mstore(add(free, 0x60), mload(add(0x20, mload(base)))) From e17684b49026fff71e93e8108fa9917138f3a95f Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 28 Sep 2024 19:40:42 +0000 Subject: [PATCH 07/10] fmt --- .../sol/src/honk/instance/Add2Honk.sol | 3 +- .../sol/src/honk/instance/BlakeHonk.sol | 3 +- .../sol/src/honk/instance/EcdsaHonk.sol | 4 +- .../src/honk/keys/Add2HonkVerificationKey.sol | 166 +++++++++--------- .../honk/keys/BlakeHonkVerificationKey.sol | 166 +++++++++--------- .../honk/keys/EcdsaHonkVerificationKey.sol | 166 +++++++++--------- 6 files changed, 258 insertions(+), 250 deletions(-) diff --git a/barretenberg/sol/src/honk/instance/Add2Honk.sol b/barretenberg/sol/src/honk/instance/Add2Honk.sol index 7c37aa47b03c..1ec5ac8845f4 100644 --- a/barretenberg/sol/src/honk/instance/Add2Honk.sol +++ b/barretenberg/sol/src/honk/instance/Add2Honk.sol @@ -355,7 +355,8 @@ contract Add2HonkVerifier is IVerifier { scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); } - mem.constantTermAccumulator = mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + mem.constantTermAccumulator = + mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index e5c4b214fd94..904e41a641ee 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -356,7 +356,8 @@ contract BlakeHonkVerifier is IVerifier { scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); } - mem.constantTermAccumulator = mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + mem.constantTermAccumulator = + mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol index d62f03784e3c..5b7094b4a21f 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol @@ -358,7 +358,8 @@ contract EcdsaHonkVerifier is IVerifier { scalars[NUMBER_OF_ENTITIES + 1 + i] = scalingFactor.neg(); } - mem.constantTermAccumulator = mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); + mem.constantTermAccumulator = + mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); @@ -378,7 +379,6 @@ contract EcdsaHonkVerifier is IVerifier { commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = mem.constantTermAccumulator; - Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; diff --git a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol index 3fe9801dd1ba..2402e0a4069f 100644 --- a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol @@ -2,123 +2,125 @@ // Copyright 2022 Aztec pragma solidity >=0.8.21; -import { Honk } from "../HonkTypes.sol"; +import {Honk} from "../HonkTypes.sol"; + uint256 constant N = 32; uint256 constant LOG_N = 5; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 3; + library Add2HonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ circuitSize: uint256(32), logCircuitSize: uint256(5), publicInputsSize: uint256(3), - ql: Honk.G1Point({ - x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce), - y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854) + ql: Honk.G1Point({ + x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce), + y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854) }), - qr: Honk.G1Point({ - x: uint256(0x291338e99e7857222c76c5e4ba8b954f5fde09fd2f05634d622ba379657cd501), - y: uint256(0x137030ce3236d7c12307adf650a73b87fc95a774ec43ac0a3a341ef26b7f56c9) + qr: Honk.G1Point({ + x: uint256(0x291338e99e7857222c76c5e4ba8b954f5fde09fd2f05634d622ba379657cd501), + y: uint256(0x137030ce3236d7c12307adf650a73b87fc95a774ec43ac0a3a341ef26b7f56c9) }), - qo: Honk.G1Point({ - x: uint256(0x0f90f4bb16b330b82ef51e7ce3f70a9310ea2d3c5ef855f07b6f58081b5ef41f), - y: uint256(0x0e09412eea75978da57db1d3fa6b7d14c0e282c378be9a6d0efc5770863ed70b) + qo: Honk.G1Point({ + x: uint256(0x0f90f4bb16b330b82ef51e7ce3f70a9310ea2d3c5ef855f07b6f58081b5ef41f), + y: uint256(0x0e09412eea75978da57db1d3fa6b7d14c0e282c378be9a6d0efc5770863ed70b) }), - q4: Honk.G1Point({ - x: uint256(0x1eec247154ced5c29b0836528d7c19eda11399dc21e23df4bee4b5cd0bec659f), - y: uint256(0x107cc382fdee2f6530d39b072a2bc50bdb0c0ac4b054a905b03b9d53bebef404) + q4: Honk.G1Point({ + x: uint256(0x1eec247154ced5c29b0836528d7c19eda11399dc21e23df4bee4b5cd0bec659f), + y: uint256(0x107cc382fdee2f6530d39b072a2bc50bdb0c0ac4b054a905b03b9d53bebef404) }), - qm: Honk.G1Point({ - x: uint256(0x0c17b7ba3864cabe287a2b121b5cb3f8ee4ede87a7f656b8d9b470be025007c8), - y: uint256(0x09590397bf354089980bd40f5d84f4c12faa8b4646425fa660ab7c4c76fb4859) + qm: Honk.G1Point({ + x: uint256(0x0c17b7ba3864cabe287a2b121b5cb3f8ee4ede87a7f656b8d9b470be025007c8), + y: uint256(0x09590397bf354089980bd40f5d84f4c12faa8b4646425fa660ab7c4c76fb4859) }), - qc: Honk.G1Point({ - x: uint256(0x2ac1a00b4c9bb4e7deef8d7a6bf9e26e61f2b935409e41c5770c074303b6d142), - y: uint256(0x192d962de288fb26f3d68052b2f475e884ca47e595de1184171cd1500249fa66) + qc: Honk.G1Point({ + x: uint256(0x2ac1a00b4c9bb4e7deef8d7a6bf9e26e61f2b935409e41c5770c074303b6d142), + y: uint256(0x192d962de288fb26f3d68052b2f475e884ca47e595de1184171cd1500249fa66) }), - qArith: Honk.G1Point({ - x: uint256(0x1797e3e7ee9e4f42b42bd375f13f2ccb395b827e9079e999b6c128d9b083c395), - y: uint256(0x101a60efaab1c8564add45d41b9147efacf45941c3efe93c3568bde1e08e1919) + qArith: Honk.G1Point({ + x: uint256(0x1797e3e7ee9e4f42b42bd375f13f2ccb395b827e9079e999b6c128d9b083c395), + y: uint256(0x101a60efaab1c8564add45d41b9147efacf45941c3efe93c3568bde1e08e1919) }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x0e84090add56f2500ab518c655cae63896ea793e6b3f6a14218d476534109610), - y: uint256(0x2b78a584bd6ae88cf4ec7c65c90e0b65df446fdddba972f3c4414ad3c901f4f9) + qDeltaRange: Honk.G1Point({ + x: uint256(0x0e84090add56f2500ab518c655cae63896ea793e6b3f6a14218d476534109610), + y: uint256(0x2b78a584bd6ae88cf4ec7c65c90e0b65df446fdddba972f3c4414ad3c901f4f9) }), - qElliptic: Honk.G1Point({ - x: uint256(0x1bd6129f9646aa21af0d77e7b1cc9794e611b5d59a27773f744710b476fbd30f), - y: uint256(0x2f8d492d76a22b6834f0b88e2d4096139a9d1593d56e65e710b2f344756b721e) + qElliptic: Honk.G1Point({ + x: uint256(0x1bd6129f9646aa21af0d77e7b1cc9794e611b5d59a27773f744710b476fbd30f), + y: uint256(0x2f8d492d76a22b6834f0b88e2d4096139a9d1593d56e65e710b2f344756b721e) }), - qAux: Honk.G1Point({ - x: uint256(0x056ab50282da428d93b17cbd1c81267dcebcfbabdedb47b2d715b5baa6520bff), - y: uint256(0x10b4e7bd9d6d91a57b0695be166ffd27cbeee602bcb5a9ed32c8d9440912cb72) + qAux: Honk.G1Point({ + x: uint256(0x056ab50282da428d93b17cbd1c81267dcebcfbabdedb47b2d715b5baa6520bff), + y: uint256(0x10b4e7bd9d6d91a57b0695be166ffd27cbeee602bcb5a9ed32c8d9440912cb72) }), - qLookup: Honk.G1Point({ - x: uint256(0x19e2d786ebad24caf1bef735441e58525a2f9b5807b2102f295c58cde00f5c97), - y: uint256(0x085713ce7bac807a084a66904ebc6e695840e8cf405a6fd0c325f8bfcf7c2dd8) + qLookup: Honk.G1Point({ + x: uint256(0x19e2d786ebad24caf1bef735441e58525a2f9b5807b2102f295c58cde00f5c97), + y: uint256(0x085713ce7bac807a084a66904ebc6e695840e8cf405a6fd0c325f8bfcf7c2dd8) }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x0ca0bc4b1cd9eadbbf49eae56a99a4502ef13d965226a634d0981555e4a4da56), - y: uint256(0x1a8a818e6c61f68cefa329f2fabc95c80ad56a538d852f75eda858ed1a616c74) + qPoseidon2External: Honk.G1Point({ + x: uint256(0x0ca0bc4b1cd9eadbbf49eae56a99a4502ef13d965226a634d0981555e4a4da56), + y: uint256(0x1a8a818e6c61f68cefa329f2fabc95c80ad56a538d852f75eda858ed1a616c74) }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x09dfd2992ac1708f0dd1d28c2ad910d9cf21a1510948580f406bc9416113d620), - y: uint256(0x205f76eebda12f565c98c775c4e4f3534b5dcc29e57eed899b1a1a880534dcb9) + qPoseidon2Internal: Honk.G1Point({ + x: uint256(0x09dfd2992ac1708f0dd1d28c2ad910d9cf21a1510948580f406bc9416113d620), + y: uint256(0x205f76eebda12f565c98c775c4e4f3534b5dcc29e57eed899b1a1a880534dcb9) }), - s1: Honk.G1Point({ - x: uint256(0x19a07402ffcc103c3d8fbfbc7e9a660147d7380e65c34f64b75701b8d4868c11), - y: uint256(0x0b7ab8c749a4af75d6100dba9246d7f993748b326d23791a595e21a17653fe30) + s1: Honk.G1Point({ + x: uint256(0x19a07402ffcc103c3d8fbfbc7e9a660147d7380e65c34f64b75701b8d4868c11), + y: uint256(0x0b7ab8c749a4af75d6100dba9246d7f993748b326d23791a595e21a17653fe30) }), - s2: Honk.G1Point({ - x: uint256(0x027234cb39eacbf2ebe98907cf433e429a37933e429d4f24df14274b5c4d2549), - y: uint256(0x2c1ea0996e3fd6cfabcfc6bbd4c86c65fb19c3dda2ded5c4f973af397e8e5c8b) + s2: Honk.G1Point({ + x: uint256(0x027234cb39eacbf2ebe98907cf433e429a37933e429d4f24df14274b5c4d2549), + y: uint256(0x2c1ea0996e3fd6cfabcfc6bbd4c86c65fb19c3dda2ded5c4f973af397e8e5c8b) }), - s3: Honk.G1Point({ - x: uint256(0x243daee8a40861aba1ef660929ee9e874e52cd8e8d75f8c0245852369a731491), - y: uint256(0x0a20f23c0697fb0698478f7a861dde5e18bf5aa34f4731178e74f7460df49a88) + s3: Honk.G1Point({ + x: uint256(0x243daee8a40861aba1ef660929ee9e874e52cd8e8d75f8c0245852369a731491), + y: uint256(0x0a20f23c0697fb0698478f7a861dde5e18bf5aa34f4731178e74f7460df49a88) }), - s4: Honk.G1Point({ - x: uint256(0x18b8202abb615440b5544d88092245911d2b5ff3b5a4a80bb15dbabafdfb56a7), - y: uint256(0x096a6685f36b1ca09a62820ae3be7538128093440fa943ea7412617a6d927916) + s4: Honk.G1Point({ + x: uint256(0x18b8202abb615440b5544d88092245911d2b5ff3b5a4a80bb15dbabafdfb56a7), + y: uint256(0x096a6685f36b1ca09a62820ae3be7538128093440fa943ea7412617a6d927916) }), - t1: Honk.G1Point({ - x: uint256(0x2e0cddbc5712d79b59cb3b41ebbcdd494997477ab161763e46601d95844837ef), - y: uint256(0x303126892f664d8d505964d14315ec426db4c64531d350750df62dbbc41a1bd9) + t1: Honk.G1Point({ + x: uint256(0x2e0cddbc5712d79b59cb3b41ebbcdd494997477ab161763e46601d95844837ef), + y: uint256(0x303126892f664d8d505964d14315ec426db4c64531d350750df62dbbc41a1bd9) }), - t2: Honk.G1Point({ - x: uint256(0x00874a5ad262eecc6b565e0b08507476a6b2c6040c0c62bd59acfe3e3e125672), - y: uint256(0x127b2a745a1b74968c3edc18982b9bef082fb517183c9c6841c2b8ef2ca1df04) + t2: Honk.G1Point({ + x: uint256(0x00874a5ad262eecc6b565e0b08507476a6b2c6040c0c62bd59acfe3e3e125672), + y: uint256(0x127b2a745a1b74968c3edc18982b9bef082fb517183c9c6841c2b8ef2ca1df04) }), - t3: Honk.G1Point({ - x: uint256(0x15a18748490ff4c2b1871081954e86c9efd4f8c3d56e1eb23d789a8f710d5be6), - y: uint256(0x2097c84955059442a95df075833071a0011ef987dc016ab110eacd554a1d8bbf) + t3: Honk.G1Point({ + x: uint256(0x15a18748490ff4c2b1871081954e86c9efd4f8c3d56e1eb23d789a8f710d5be6), + y: uint256(0x2097c84955059442a95df075833071a0011ef987dc016ab110eacd554a1d8bbf) }), - t4: Honk.G1Point({ - x: uint256(0x2aecd48089890ea0798eb952c66824d38e9426ad3085b68b00a93c17897c2877), - y: uint256(0x1216bdb2f0d961bb8a7a23331d215078d8a9ce405ce559f441f2e71477ff3ddb) + t4: Honk.G1Point({ + x: uint256(0x2aecd48089890ea0798eb952c66824d38e9426ad3085b68b00a93c17897c2877), + y: uint256(0x1216bdb2f0d961bb8a7a23331d215078d8a9ce405ce559f441f2e71477ff3ddb) }), - id1: Honk.G1Point({ - x: uint256(0x292298ecab24d2b6f6999cac29848def2665a62342170311f44c08708db0fe1f), - y: uint256(0x277022c35d3145de166b139aa94609551122915366ba42ff7c5157b748fb7f9d) + id1: Honk.G1Point({ + x: uint256(0x292298ecab24d2b6f6999cac29848def2665a62342170311f44c08708db0fe1f), + y: uint256(0x277022c35d3145de166b139aa94609551122915366ba42ff7c5157b748fb7f9d) }), - id2: Honk.G1Point({ - x: uint256(0x2ddc6a05ccd584bdfc65d642b39a3be3075e7a370602112dbf9fc644789acace), - y: uint256(0x1a4167481d5f295af9921741bd0e32dda7a78cb391132b31ab4a77559c297c2e) + id2: Honk.G1Point({ + x: uint256(0x2ddc6a05ccd584bdfc65d642b39a3be3075e7a370602112dbf9fc644789acace), + y: uint256(0x1a4167481d5f295af9921741bd0e32dda7a78cb391132b31ab4a77559c297c2e) }), - id3: Honk.G1Point({ - x: uint256(0x19629b85ab2acf9713223ff4f758882af6247963bbf2f6ec4f9cbcde13675b87), - y: uint256(0x165063fe922948bf1d065a882242724c1bde5fdfd93be29586b45e1ce2cc750c) + id3: Honk.G1Point({ + x: uint256(0x19629b85ab2acf9713223ff4f758882af6247963bbf2f6ec4f9cbcde13675b87), + y: uint256(0x165063fe922948bf1d065a882242724c1bde5fdfd93be29586b45e1ce2cc750c) }), - id4: Honk.G1Point({ - x: uint256(0x2493c99a3d068b03f8f2b8d28b57cea3ee22dd60456277b86c32a18982dcb185), - y: uint256(0x1ded39c4c8366469843cd63f09ecacf6c3731486320082c20ec71bbdc92196c1) + id4: Honk.G1Point({ + x: uint256(0x2493c99a3d068b03f8f2b8d28b57cea3ee22dd60456277b86c32a18982dcb185), + y: uint256(0x1ded39c4c8366469843cd63f09ecacf6c3731486320082c20ec71bbdc92196c1) }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) + lagrangeFirst: Honk.G1Point({ + x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x140b0936c323fd2471155617b6af56ee40d90bea71fba7a412dd61fcf34e8ceb), - y: uint256(0x2b6c10790a5f6631c87d652e059df42b90071823185c5ff8e440fd3d73b6fefc) + lagrangeLast: Honk.G1Point({ + x: uint256(0x140b0936c323fd2471155617b6af56ee40d90bea71fba7a412dd61fcf34e8ceb), + y: uint256(0x2b6c10790a5f6631c87d652e059df42b90071823185c5ff8e440fd3d73b6fefc) }) }); return vk; diff --git a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol index 9046fee0ec9a..0eaeba194f11 100644 --- a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol @@ -2,123 +2,125 @@ // Copyright 2022 Aztec pragma solidity >=0.8.21; -import { Honk } from "../HonkTypes.sol"; +import {Honk} from "../HonkTypes.sol"; + uint256 constant N = 32768; uint256 constant LOG_N = 15; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 4; + library BlakeHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ circuitSize: uint256(32768), logCircuitSize: uint256(15), publicInputsSize: uint256(4), - ql: Honk.G1Point({ - x: uint256(0x2e5f133c25f7e05bd6660196c892121f7fa686cb9a8717a5deea6cd0881e618e), - y: uint256(0x1189bba9eeea96ba8935052434f4b0a60b0a481e3464dd81dfcd89e23def001b) + ql: Honk.G1Point({ + x: uint256(0x2e5f133c25f7e05bd6660196c892121f7fa686cb9a8717a5deea6cd0881e618e), + y: uint256(0x1189bba9eeea96ba8935052434f4b0a60b0a481e3464dd81dfcd89e23def001b) }), - qr: Honk.G1Point({ - x: uint256(0x2a93ffb34002da94f5b156ba5a212ac3616c848bd9c44c9821bbdd64cfd848af), - y: uint256(0x015699dcc0b28766d45f5ddce8258393e84c40619d26034e76f778460a1e4d89) + qr: Honk.G1Point({ + x: uint256(0x2a93ffb34002da94f5b156ba5a212ac3616c848bd9c44c9821bbdd64cfd848af), + y: uint256(0x015699dcc0b28766d45f5ddce8258393e84c40619d26034e76f778460a1e4d89) }), - qo: Honk.G1Point({ - x: uint256(0x2057928e8c5eb539c32c3025007b7be1e1663c358f59540c6f949794c274f886), - y: uint256(0x12bf0b15c3aa92792330f58b04512714c4a902e537fe87cc438293e1805eaabf) + qo: Honk.G1Point({ + x: uint256(0x2057928e8c5eb539c32c3025007b7be1e1663c358f59540c6f949794c274f886), + y: uint256(0x12bf0b15c3aa92792330f58b04512714c4a902e537fe87cc438293e1805eaabf) }), - q4: Honk.G1Point({ - x: uint256(0x304f47a08d4687afa0e2502a9782c32c458bf873ef50c169b732a367e567aaf3), - y: uint256(0x0bb37044594e7de200408a4db6bc46adf7790b06f17dce6f38b7deed480aa9f0) + q4: Honk.G1Point({ + x: uint256(0x304f47a08d4687afa0e2502a9782c32c458bf873ef50c169b732a367e567aaf3), + y: uint256(0x0bb37044594e7de200408a4db6bc46adf7790b06f17dce6f38b7deed480aa9f0) }), - qm: Honk.G1Point({ - x: uint256(0x0aea5b04332ad8781411f7edde21266857ffe11e93af334b14a2b948429afaa4), - y: uint256(0x2bd2e3884d486b387122effa12e8698daef82e9b99d7d25b7d5df91a9d738495) + qm: Honk.G1Point({ + x: uint256(0x0aea5b04332ad8781411f7edde21266857ffe11e93af334b14a2b948429afaa4), + y: uint256(0x2bd2e3884d486b387122effa12e8698daef82e9b99d7d25b7d5df91a9d738495) }), - qc: Honk.G1Point({ - x: uint256(0x0e3b418ea1924b4514d5009cd983b5a8074fa95cd1fb200f019fdebe944e4225), - y: uint256(0x1e6ef5bde7a9727f1c1d07c91461ae1b40524650b35fdd92ac7a129f263b1beb) + qc: Honk.G1Point({ + x: uint256(0x0e3b418ea1924b4514d5009cd983b5a8074fa95cd1fb200f019fdebe944e4225), + y: uint256(0x1e6ef5bde7a9727f1c1d07c91461ae1b40524650b35fdd92ac7a129f263b1beb) }), - qArith: Honk.G1Point({ - x: uint256(0x096841bfa8ec2295a5af5bf69ec539c31a05b221c84ed1d24c702e31ce1cbc95), - y: uint256(0x10b14cca7e9ff05fcf1e3084f4fc9ab098cf379864b2e2e2e0d33fc5df9d9a50) + qArith: Honk.G1Point({ + x: uint256(0x096841bfa8ec2295a5af5bf69ec539c31a05b221c84ed1d24c702e31ce1cbc95), + y: uint256(0x10b14cca7e9ff05fcf1e3084f4fc9ab098cf379864b2e2e2e0d33fc5df9d9a50) }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x2d27fd1a30a0ab04a05144c27ac41187d5cf89a6022e47b263d1ccb93b3cbea5), - y: uint256(0x238eb233e9aebc81285a2647f2598bab00a4367da47b12c2b0476afc2d94ab1d) + qDeltaRange: Honk.G1Point({ + x: uint256(0x2d27fd1a30a0ab04a05144c27ac41187d5cf89a6022e47b263d1ccb93b3cbea5), + y: uint256(0x238eb233e9aebc81285a2647f2598bab00a4367da47b12c2b0476afc2d94ab1d) }), - qElliptic: Honk.G1Point({ - x: uint256(0x1c6fc8e14453adf64e6d9643ef9f1fb55e3a307ac1ec84f86cd736fc866e05ab), - y: uint256(0x1bf8619b1704b99ab8820ed94dd760da2945e8e1c771c0bdeadbe40aa5700cdd) + qElliptic: Honk.G1Point({ + x: uint256(0x1c6fc8e14453adf64e6d9643ef9f1fb55e3a307ac1ec84f86cd736fc866e05ab), + y: uint256(0x1bf8619b1704b99ab8820ed94dd760da2945e8e1c771c0bdeadbe40aa5700cdd) }), - qAux: Honk.G1Point({ - x: uint256(0x023fe0703623b99c93358348d76eb620f26ceafa58df018e3a8f1d599a61e76f), - y: uint256(0x2ceb9c4c4ca12ea769157ef10cde9644f9f0549805e48d5fd5d73a634d2cdcb5) + qAux: Honk.G1Point({ + x: uint256(0x023fe0703623b99c93358348d76eb620f26ceafa58df018e3a8f1d599a61e76f), + y: uint256(0x2ceb9c4c4ca12ea769157ef10cde9644f9f0549805e48d5fd5d73a634d2cdcb5) }), - qLookup: Honk.G1Point({ - x: uint256(0x1375bbfbf5ed31b38460f46a43ac14e2cda93a3bc5cfd6e8a93cca356694a346), - y: uint256(0x204c5173892c19a97a04b5f8419898063df5136489809ddb9f7eabb58d6858ab) + qLookup: Honk.G1Point({ + x: uint256(0x1375bbfbf5ed31b38460f46a43ac14e2cda93a3bc5cfd6e8a93cca356694a346), + y: uint256(0x204c5173892c19a97a04b5f8419898063df5136489809ddb9f7eabb58d6858ab) }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x1fa8529236d7eacdab8dcd8169af30d334be103357577353e9ef08dfda841785), - y: uint256(0x055251b013746385e921b4620e55ef4f08b4d8afc4dbca7e6c3ca0f1b52c5a2b) + qPoseidon2External: Honk.G1Point({ + x: uint256(0x1fa8529236d7eacdab8dcd8169af30d334be103357577353e9ef08dfda841785), + y: uint256(0x055251b013746385e921b4620e55ef4f08b4d8afc4dbca7e6c3ca0f1b52c5a2b) }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x1515283648ab8622ac6447f1fcf201a598d8df325279bfac9a6564924df97ee5), - y: uint256(0x0335bb595984ad38686009bca08f5f420e3b4cf888fad5af4a99eca08190a315) + qPoseidon2Internal: Honk.G1Point({ + x: uint256(0x1515283648ab8622ac6447f1fcf201a598d8df325279bfac9a6564924df97ee5), + y: uint256(0x0335bb595984ad38686009bca08f5f420e3b4cf888fad5af4a99eca08190a315) }), - s1: Honk.G1Point({ - x: uint256(0x26cec5ff3eb1b803c52fa1fefaac7a2be5cd13c1a1cc20bb9f22049c7f8597d2), - y: uint256(0x07e80e74eb0e06d7c0c9a3fbbdea4e86e5934faa8142625f175320778bcba65f) + s1: Honk.G1Point({ + x: uint256(0x26cec5ff3eb1b803c52fa1fefaac7a2be5cd13c1a1cc20bb9f22049c7f8597d2), + y: uint256(0x07e80e74eb0e06d7c0c9a3fbbdea4e86e5934faa8142625f175320778bcba65f) }), - s2: Honk.G1Point({ - x: uint256(0x140b2faaf30cb5fc528621f4a395943e7fab8198dc734ac13253dd249682dd2a), - y: uint256(0x12709c4a13428f4704d284c90a81cc83280680185ae6298187e86debcd3e00f7) + s2: Honk.G1Point({ + x: uint256(0x140b2faaf30cb5fc528621f4a395943e7fab8198dc734ac13253dd249682dd2a), + y: uint256(0x12709c4a13428f4704d284c90a81cc83280680185ae6298187e86debcd3e00f7) }), - s3: Honk.G1Point({ - x: uint256(0x0aca5621e9f49279969497b3da0eb8a74c68c3513f4cf98e8b1d6f88567557a8), - y: uint256(0x2664811311f75057a16267bc0479eaeea2424156417cc4d3f8bd286fac9aa5d2) + s3: Honk.G1Point({ + x: uint256(0x0aca5621e9f49279969497b3da0eb8a74c68c3513f4cf98e8b1d6f88567557a8), + y: uint256(0x2664811311f75057a16267bc0479eaeea2424156417cc4d3f8bd286fac9aa5d2) }), - s4: Honk.G1Point({ - x: uint256(0x04417c606a41393e73113ec3f834883dbeb302889199b888c0f5ea58a008ff98), - y: uint256(0x0865670de7962d29b6a9012f28ea52113c4e2b55d7de44e829edec87dba1d5c2) + s4: Honk.G1Point({ + x: uint256(0x04417c606a41393e73113ec3f834883dbeb302889199b888c0f5ea58a008ff98), + y: uint256(0x0865670de7962d29b6a9012f28ea52113c4e2b55d7de44e829edec87dba1d5c2) }), - t1: Honk.G1Point({ - x: uint256(0x1ec1b607634e31421b5047dc99d7674d6505fed978df0f42a3504f9771a8a7fa), - y: uint256(0x1da802c6dc2fe6cffc6f9ae983080c66690ceee40c181b4d51fdba6c5c360297) + t1: Honk.G1Point({ + x: uint256(0x1ec1b607634e31421b5047dc99d7674d6505fed978df0f42a3504f9771a8a7fa), + y: uint256(0x1da802c6dc2fe6cffc6f9ae983080c66690ceee40c181b4d51fdba6c5c360297) }), - t2: Honk.G1Point({ - x: uint256(0x1e38a0a482b7174f429a3bef25fb0a7656abc88cfd215b8e8404132601620784), - y: uint256(0x2e9ea07a995fa6d589e37fba2715f3f1fa338652ddf84d4e2e4f33dccadb9156) + t2: Honk.G1Point({ + x: uint256(0x1e38a0a482b7174f429a3bef25fb0a7656abc88cfd215b8e8404132601620784), + y: uint256(0x2e9ea07a995fa6d589e37fba2715f3f1fa338652ddf84d4e2e4f33dccadb9156) }), - t3: Honk.G1Point({ - x: uint256(0x211a0833bb3c6f9ae6c94519b6878ed6157c4a080df786a053d9a19796b9a7f8), - y: uint256(0x1a3a450e1a272aa1fe9f097acf359502ff69df617de4918b37a497def94db2b5) + t3: Honk.G1Point({ + x: uint256(0x211a0833bb3c6f9ae6c94519b6878ed6157c4a080df786a053d9a19796b9a7f8), + y: uint256(0x1a3a450e1a272aa1fe9f097acf359502ff69df617de4918b37a497def94db2b5) }), - t4: Honk.G1Point({ - x: uint256(0x281a984aef14716cd5d8fc2759eb8ea2464909b5c57d97b6bc50e4dad74d92d3), - y: uint256(0x169160e1505685aabd5bd60e994bac45162c6868235cc4252c8b87d0f12603fd) + t4: Honk.G1Point({ + x: uint256(0x281a984aef14716cd5d8fc2759eb8ea2464909b5c57d97b6bc50e4dad74d92d3), + y: uint256(0x169160e1505685aabd5bd60e994bac45162c6868235cc4252c8b87d0f12603fd) }), - id1: Honk.G1Point({ - x: uint256(0x01c082a85908fea4c69c4e51436fba7d965e1d88e485da16e35d8f4e8af3b8bd), - y: uint256(0x11b0ada021468b059aa6c27f4d4950ef65b98d4d8808ae21718bd8b90f9bb365) + id1: Honk.G1Point({ + x: uint256(0x01c082a85908fea4c69c4e51436fba7d965e1d88e485da16e35d8f4e8af3b8bd), + y: uint256(0x11b0ada021468b059aa6c27f4d4950ef65b98d4d8808ae21718bd8b90f9bb365) }), - id2: Honk.G1Point({ - x: uint256(0x0b8667619755bd09c7970defeae2c920df2b17b41608303ae1d7393615dd04e4), - y: uint256(0x1c5419cd435c5516ac566a9d1dfecdb4e10190c63f2dbd8a1932785caf022e2c) + id2: Honk.G1Point({ + x: uint256(0x0b8667619755bd09c7970defeae2c920df2b17b41608303ae1d7393615dd04e4), + y: uint256(0x1c5419cd435c5516ac566a9d1dfecdb4e10190c63f2dbd8a1932785caf022e2c) }), - id3: Honk.G1Point({ - x: uint256(0x110aee72793c4b4ede92c1375f058b4170fcf01bf18f8f1ee934f7ae0fa26da5), - y: uint256(0x15c4f6a01ff04ef6b5225c896dfb7060a7a2c320395bda410e756d6b507b7eb8) + id3: Honk.G1Point({ + x: uint256(0x110aee72793c4b4ede92c1375f058b4170fcf01bf18f8f1ee934f7ae0fa26da5), + y: uint256(0x15c4f6a01ff04ef6b5225c896dfb7060a7a2c320395bda410e756d6b507b7eb8) }), - id4: Honk.G1Point({ - x: uint256(0x2472aba130e7ed2aefad128109415ec2bdeb56e81e3cbeacc93e00c95f203579), - y: uint256(0x0c867d0f8e2f9c861574383b89020980358d898497f80c198a6c17c2f4daf9a4) + id4: Honk.G1Point({ + x: uint256(0x2472aba130e7ed2aefad128109415ec2bdeb56e81e3cbeacc93e00c95f203579), + y: uint256(0x0c867d0f8e2f9c861574383b89020980358d898497f80c198a6c17c2f4daf9a4) }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) + lagrangeFirst: Honk.G1Point({ + x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x13b825e996cc8d600f363dca4481a54d6dd3da85900cd9f0a61fa02600851998), - y: uint256(0x151cb86205f2dc38a5651840c1a4b4928f3f3c98f77c2abd08336562986dc404) + lagrangeLast: Honk.G1Point({ + x: uint256(0x13b825e996cc8d600f363dca4481a54d6dd3da85900cd9f0a61fa02600851998), + y: uint256(0x151cb86205f2dc38a5651840c1a4b4928f3f3c98f77c2abd08336562986dc404) }) }); return vk; diff --git a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol index 79c18006bae0..26207d04184b 100644 --- a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol @@ -2,123 +2,125 @@ // Copyright 2022 Aztec pragma solidity >=0.8.21; -import { Honk } from "../HonkTypes.sol"; +import {Honk} from "../HonkTypes.sol"; + uint256 constant N = 65536; uint256 constant LOG_N = 16; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 6; + library EcdsaHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { Honk.VerificationKey memory vk = Honk.VerificationKey({ circuitSize: uint256(65536), logCircuitSize: uint256(16), publicInputsSize: uint256(6), - ql: Honk.G1Point({ - x: uint256(0x051ccdb8069f35f4ef85ad098e95681736a7bed10a7bee1b76a506235dc0b579), - y: uint256(0x05e168c2e4f90231545f5b24c1a84c1419b8798e4235cc2036c9e101e462b71d) + ql: Honk.G1Point({ + x: uint256(0x051ccdb8069f35f4ef85ad098e95681736a7bed10a7bee1b76a506235dc0b579), + y: uint256(0x05e168c2e4f90231545f5b24c1a84c1419b8798e4235cc2036c9e101e462b71d) }), - qr: Honk.G1Point({ - x: uint256(0x2c99eed1f855cd5152942cc090aabf15308eb00ac549e965eb3e1950479cce58), - y: uint256(0x170bf8541390153bf5807bc022c9369f99d8bc1fd87922a0627b144fec0414e2) + qr: Honk.G1Point({ + x: uint256(0x2c99eed1f855cd5152942cc090aabf15308eb00ac549e965eb3e1950479cce58), + y: uint256(0x170bf8541390153bf5807bc022c9369f99d8bc1fd87922a0627b144fec0414e2) }), - qo: Honk.G1Point({ - x: uint256(0x1594abb7debcf41e3296178eeec941dbb6242ba13f50f4549734657ee5ebb8b1), - y: uint256(0x262e1469c56c719bdc4eaab93cc95868eed9fea1fa9ded03b46f2c061a341d4f) + qo: Honk.G1Point({ + x: uint256(0x1594abb7debcf41e3296178eeec941dbb6242ba13f50f4549734657ee5ebb8b1), + y: uint256(0x262e1469c56c719bdc4eaab93cc95868eed9fea1fa9ded03b46f2c061a341d4f) }), - q4: Honk.G1Point({ - x: uint256(0x16b49bbcd37e15ed89b2f6f5b97d021abe440ba7cbc69904484991fa7e6058a9), - y: uint256(0x197b14cb5d037642b27ed7cd79b9568e5853ad1e3508453c0ed1f30c1962fd52) + q4: Honk.G1Point({ + x: uint256(0x16b49bbcd37e15ed89b2f6f5b97d021abe440ba7cbc69904484991fa7e6058a9), + y: uint256(0x197b14cb5d037642b27ed7cd79b9568e5853ad1e3508453c0ed1f30c1962fd52) }), - qm: Honk.G1Point({ - x: uint256(0x175280d74e116a82ad6ccc34f640a5b3dda74b17372c9a0941d57749e37068a6), - y: uint256(0x0827b11a78b8a625ba940983effbcf7354aa0388bd472481c0a8a088653b9769) + qm: Honk.G1Point({ + x: uint256(0x175280d74e116a82ad6ccc34f640a5b3dda74b17372c9a0941d57749e37068a6), + y: uint256(0x0827b11a78b8a625ba940983effbcf7354aa0388bd472481c0a8a088653b9769) }), - qc: Honk.G1Point({ - x: uint256(0x2a262a7189292da31f3f4a7926c4d9fcae883188aafe9cf3ba2a623f0004a67a), - y: uint256(0x0d90b8808180521422b90889592111434dd5bbc0e5deb27419c1f5e6d0bf9883) + qc: Honk.G1Point({ + x: uint256(0x2a262a7189292da31f3f4a7926c4d9fcae883188aafe9cf3ba2a623f0004a67a), + y: uint256(0x0d90b8808180521422b90889592111434dd5bbc0e5deb27419c1f5e6d0bf9883) }), - qArith: Honk.G1Point({ - x: uint256(0x2026f95bb8f7b6ed57287e4833e2789cce8ec9a95b829e6a2abbf5d13d681d22), - y: uint256(0x19cea5af7d9b39a4ad86a0ab52f8a358f7f35236561a50cdf6f2860f0b3426a8) + qArith: Honk.G1Point({ + x: uint256(0x2026f95bb8f7b6ed57287e4833e2789cce8ec9a95b829e6a2abbf5d13d681d22), + y: uint256(0x19cea5af7d9b39a4ad86a0ab52f8a358f7f35236561a50cdf6f2860f0b3426a8) }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x02d0f736b422d74d9aa2ef26deedb67fdd2e798aae001c4292dabd2c5df31249), - y: uint256(0x0ae6265d6dcc9da8d3b23f088c6fb062c9be10bfa79e9d0463d4a7785ea4a5f9) + qDeltaRange: Honk.G1Point({ + x: uint256(0x02d0f736b422d74d9aa2ef26deedb67fdd2e798aae001c4292dabd2c5df31249), + y: uint256(0x0ae6265d6dcc9da8d3b23f088c6fb062c9be10bfa79e9d0463d4a7785ea4a5f9) }), - qElliptic: Honk.G1Point({ - x: uint256(0x0ffa449a9d6e6c6f3e302eb3f16ce9d3d3711b9102ecf0e303ff91f3f9eb25f5), - y: uint256(0x095ef997439bccdd1234b2431a520823bcfe3e77f50190e66e70e2c51e906193) + qElliptic: Honk.G1Point({ + x: uint256(0x0ffa449a9d6e6c6f3e302eb3f16ce9d3d3711b9102ecf0e303ff91f3f9eb25f5), + y: uint256(0x095ef997439bccdd1234b2431a520823bcfe3e77f50190e66e70e2c51e906193) }), - qAux: Honk.G1Point({ - x: uint256(0x09023d45c436e756762d8b3527cfcb3f694cdbafd192ccae59210740bdf03ad3), - y: uint256(0x020c9b591603814f1815038e25d1bb3fb85261bf699abfc8921f48954f0bc2b0) + qAux: Honk.G1Point({ + x: uint256(0x09023d45c436e756762d8b3527cfcb3f694cdbafd192ccae59210740bdf03ad3), + y: uint256(0x020c9b591603814f1815038e25d1bb3fb85261bf699abfc8921f48954f0bc2b0) }), - qLookup: Honk.G1Point({ - x: uint256(0x08c0d34ca72136661975f3b1ad658bfda38661b9ff320b60e2974496e03fd62e), - y: uint256(0x236caf48f4c3a7ca207f5c0ec75f304657e49780015cf40ff9be37f8ba3c6624) + qLookup: Honk.G1Point({ + x: uint256(0x08c0d34ca72136661975f3b1ad658bfda38661b9ff320b60e2974496e03fd62e), + y: uint256(0x236caf48f4c3a7ca207f5c0ec75f304657e49780015cf40ff9be37f8ba3c6624) }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x09d58ddd055d3d65b4f36a347c18c11956b7d43c4f15434ded62bdf1224ff37d), - y: uint256(0x3002f0782d68214149ae47ee94771a6509709499ca06a8421eeeae97ea37e2a9) + qPoseidon2External: Honk.G1Point({ + x: uint256(0x09d58ddd055d3d65b4f36a347c18c11956b7d43c4f15434ded62bdf1224ff37d), + y: uint256(0x3002f0782d68214149ae47ee94771a6509709499ca06a8421eeeae97ea37e2a9) }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x1d11dbf6b2ced628ad64ea9d8afef60b6ea2e246160b6525915eb0ab7bdc94aa), - y: uint256(0x1ecef8438441a2565ee641757bdc6739da7389d913453eee0aaac561fb08495c) + qPoseidon2Internal: Honk.G1Point({ + x: uint256(0x1d11dbf6b2ced628ad64ea9d8afef60b6ea2e246160b6525915eb0ab7bdc94aa), + y: uint256(0x1ecef8438441a2565ee641757bdc6739da7389d913453eee0aaac561fb08495c) }), - s1: Honk.G1Point({ - x: uint256(0x105eb99bfd557812572f2a5ec5b6eff27375b4ed5ce4e7a9649fe3038cfacbac), - y: uint256(0x1efd910252f319f9c0dc21c7688b92d80fd0a8636f152e0d9c8e0afb5c9a6d2e) + s1: Honk.G1Point({ + x: uint256(0x105eb99bfd557812572f2a5ec5b6eff27375b4ed5ce4e7a9649fe3038cfacbac), + y: uint256(0x1efd910252f319f9c0dc21c7688b92d80fd0a8636f152e0d9c8e0afb5c9a6d2e) }), - s2: Honk.G1Point({ - x: uint256(0x2bbbf5e8a2f7feb08ee64585bf3da54db0da09b211f726adda93020a2ae23e56), - y: uint256(0x2a9e8e1c3850c66da60224163dc4846ea6f37ed48f9d6dfd40b450fa61081484) + s2: Honk.G1Point({ + x: uint256(0x2bbbf5e8a2f7feb08ee64585bf3da54db0da09b211f726adda93020a2ae23e56), + y: uint256(0x2a9e8e1c3850c66da60224163dc4846ea6f37ed48f9d6dfd40b450fa61081484) }), - s3: Honk.G1Point({ - x: uint256(0x0d264ba46f4a7bafd0ba9d9f9f4827109e1da2cfdb11835b9fc65aaafe9f9f20), - y: uint256(0x0f9ff6e122bcacd091ffd98d8caf249ab216e9c784e667475e2184ed34892272) + s3: Honk.G1Point({ + x: uint256(0x0d264ba46f4a7bafd0ba9d9f9f4827109e1da2cfdb11835b9fc65aaafe9f9f20), + y: uint256(0x0f9ff6e122bcacd091ffd98d8caf249ab216e9c784e667475e2184ed34892272) }), - s4: Honk.G1Point({ - x: uint256(0x2556809f13dc85764a5e4ea8fda1bbba54f36dad477124915fc8c198db16f496), - y: uint256(0x27461805fb3a7ee919331973984491c36cc83eee61d3664d5319922902327750) + s4: Honk.G1Point({ + x: uint256(0x2556809f13dc85764a5e4ea8fda1bbba54f36dad477124915fc8c198db16f496), + y: uint256(0x27461805fb3a7ee919331973984491c36cc83eee61d3664d5319922902327750) }), - t1: Honk.G1Point({ - x: uint256(0x1ddc9ef86584375e5998d9f6fc16a4e646dc315ab86b477abc2f18a723dc24f6), - y: uint256(0x03a3b132ca6590c4ffdf35e1acd932da680a4247a55c88dd2284af78cb047906) + t1: Honk.G1Point({ + x: uint256(0x1ddc9ef86584375e5998d9f6fc16a4e646dc315ab86b477abc2f18a723dc24f6), + y: uint256(0x03a3b132ca6590c4ffdf35e1acd932da680a4247a55c88dd2284af78cb047906) }), - t2: Honk.G1Point({ - x: uint256(0x1e4cde3e410660193bacdf1db498ffb6bf1618c4d7b355415858d7d996e8bd03), - y: uint256(0x18d7f0300f961521ead0cb3c81a2a43a2dea0fdcb17bd772aef6c7b908be4273) + t2: Honk.G1Point({ + x: uint256(0x1e4cde3e410660193bacdf1db498ffb6bf1618c4d7b355415858d7d996e8bd03), + y: uint256(0x18d7f0300f961521ead0cb3c81a2a43a2dea0fdcb17bd772aef6c7b908be4273) }), - t3: Honk.G1Point({ - x: uint256(0x0e77f28b07af551fea1ad81b304fd41013850e8b3539309c20bb2fa115289642), - y: uint256(0x15f92fde2f0d7a77c27daeb397336220ffc07b99f710980253e84f8ae94afd4d) + t3: Honk.G1Point({ + x: uint256(0x0e77f28b07af551fea1ad81b304fd41013850e8b3539309c20bb2fa115289642), + y: uint256(0x15f92fde2f0d7a77c27daeb397336220ffc07b99f710980253e84f8ae94afd4d) }), - t4: Honk.G1Point({ - x: uint256(0x2285ea4116ca00b673b2daadf596052b6d9ba6d231a4bea8af5a3c0f28c44aa4), - y: uint256(0x076bf1e1f682badebfca083e25d808e8dae96372631c0721a7ee238c333a862a) + t4: Honk.G1Point({ + x: uint256(0x2285ea4116ca00b673b2daadf596052b6d9ba6d231a4bea8af5a3c0f28c44aa4), + y: uint256(0x076bf1e1f682badebfca083e25d808e8dae96372631c0721a7ee238c333a862a) }), - id1: Honk.G1Point({ - x: uint256(0x0b034b231d25a2e152b830397a59c97e02175212a6c5ce00129625cfb2e5c53d), - y: uint256(0x22e1842515d4569ca06477f4b2685d0a767bfa1eecca343c889840af8c086db9) + id1: Honk.G1Point({ + x: uint256(0x0b034b231d25a2e152b830397a59c97e02175212a6c5ce00129625cfb2e5c53d), + y: uint256(0x22e1842515d4569ca06477f4b2685d0a767bfa1eecca343c889840af8c086db9) }), - id2: Honk.G1Point({ - x: uint256(0x0e82a73cd55280503e70d5bdd855071d202ff65f31a65996955a7661775ff290), - y: uint256(0x1325a665dfee8e1247f3129ca943e12736f800afc1a9dcfa0476050b8e3c87f8) + id2: Honk.G1Point({ + x: uint256(0x0e82a73cd55280503e70d5bdd855071d202ff65f31a65996955a7661775ff290), + y: uint256(0x1325a665dfee8e1247f3129ca943e12736f800afc1a9dcfa0476050b8e3c87f8) }), - id3: Honk.G1Point({ - x: uint256(0x2ad12a1238e051fba16108022b5e58bba1fc7966fe759016a93fae5397e8c403), - y: uint256(0x257cfc281b0135bb8dfb0df6a7b69ca39835af544007eb61ace84ce7014c1fea) + id3: Honk.G1Point({ + x: uint256(0x2ad12a1238e051fba16108022b5e58bba1fc7966fe759016a93fae5397e8c403), + y: uint256(0x257cfc281b0135bb8dfb0df6a7b69ca39835af544007eb61ace84ce7014c1fea) }), - id4: Honk.G1Point({ - x: uint256(0x058bf4de2f71f4d2e11235d140d05db461fb50d8aef64c8c52e2c0f57438dcce), - y: uint256(0x1e90ce7ec8cca2e65d7deafb655e6c7b0c4b964cd2cb1e5b4ef5ad78ab2f4b46) + id4: Honk.G1Point({ + x: uint256(0x058bf4de2f71f4d2e11235d140d05db461fb50d8aef64c8c52e2c0f57438dcce), + y: uint256(0x1e90ce7ec8cca2e65d7deafb655e6c7b0c4b964cd2cb1e5b4ef5ad78ab2f4b46) }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) + lagrangeFirst: Honk.G1Point({ + x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x28bf8c9eeae6946902ee08351768a3e4f67d812e6465f55f16bf69fad16cf46d), - y: uint256(0x12dab1c326b33ea63ec6651324077c0ea2cb0ddfafd63fb8f9fbcc70bd53d7e0) + lagrangeLast: Honk.G1Point({ + x: uint256(0x28bf8c9eeae6946902ee08351768a3e4f67d812e6465f55f16bf69fad16cf46d), + y: uint256(0x12dab1c326b33ea63ec6651324077c0ea2cb0ddfafd63fb8f9fbcc70bd53d7e0) }) }); return vk; From d03d0342a1bd0c0df7c14a1f6622b792187b34c6 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:30:14 +0000 Subject: [PATCH 08/10] fix: rename geminiComms --- barretenberg/sol/src/honk/HonkTypes.sol | 2 +- barretenberg/sol/src/honk/Transcript.sol | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/barretenberg/sol/src/honk/HonkTypes.sol b/barretenberg/sol/src/honk/HonkTypes.sol index 1d96f8c478e9..0e8890e8c2ca 100644 --- a/barretenberg/sol/src/honk/HonkTypes.sol +++ b/barretenberg/sol/src/honk/HonkTypes.sol @@ -137,7 +137,7 @@ library Honk { Fr[BATCHED_RELATION_PARTIAL_LENGTH][CONST_PROOF_SIZE_LOG_N] sumcheckUnivariates; Fr[NUMBER_OF_ENTITIES] sumcheckEvaluations; // Gemini - Honk.G1ProofPoint[CONST_PROOF_SIZE_LOG_N] geminiFoldUnivariates; + Honk.G1ProofPoint[CONST_PROOF_SIZE_LOG_N - 1] geminiFoldComms; Fr[CONST_PROOF_SIZE_LOG_N] geminiAEvaluations; Honk.G1ProofPoint shplonkQ; } diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index 2a5fa1f0be50..f7c1f8df677f 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -215,10 +215,10 @@ library TranscriptLib { gR[0] = Fr.unwrap(prevChallenge); for (uint256 i = 0; i < CONST_PROOF_SIZE_LOG_N - 1; i++) { - gR[1 + i * 4] = proof.geminiFoldUnivariates[i].x_0; - gR[2 + i * 4] = proof.geminiFoldUnivariates[i].x_1; - gR[3 + i * 4] = proof.geminiFoldUnivariates[i].y_0; - gR[4 + i * 4] = proof.geminiFoldUnivariates[i].y_1; + gR[1 + i * 4] = proof.geminiFoldComms[i].x_0; + gR[2 + i * 4] = proof.geminiFoldComms[i].x_1; + gR[3 + i * 4] = proof.geminiFoldComms[i].y_0; + gR[4 + i * 4] = proof.geminiFoldComms[i].y_1; } nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(gR))); @@ -367,7 +367,7 @@ library TranscriptLib { uint256 y1Start = yEnd; uint256 y1End = y1Start + 0x20; - p.geminiFoldUnivariates[i] = Honk.G1ProofPoint({ + p.geminiFoldComms[i] = Honk.G1ProofPoint({ x_0: uint256(bytes32(proof[xStart:xEnd])), x_1: uint256(bytes32(proof[x1Start:x1End])), y_0: uint256(bytes32(proof[yStart:yEnd])), From ca844d77543505c885962700d5bcefc197a8b7b5 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:42:41 +0000 Subject: [PATCH 09/10] fix: update vks and merge fix --- .../sol/src/honk/instance/Add2Honk.sol | 2 +- .../sol/src/honk/instance/BlakeHonk.sol | 2 +- .../sol/src/honk/instance/EcdsaHonk.sol | 2 +- .../ultra/keys/Add2UltraVerificationKey.sol | 4 +- .../ultra/keys/BlakeUltraVerificationKey.sol | 4 +- .../ultra/keys/EcdsaUltraVerificationKey.sol | 76 ++++++------- .../keys/RecursiveUltraVerificationKey.sol | 104 +++++++++--------- 7 files changed, 97 insertions(+), 97 deletions(-) diff --git a/barretenberg/sol/src/honk/instance/Add2Honk.sol b/barretenberg/sol/src/honk/instance/Add2Honk.sol index 1ec5ac8845f4..331f5f7332de 100644 --- a/barretenberg/sol/src/honk/instance/Add2Honk.sol +++ b/barretenberg/sol/src/honk/instance/Add2Honk.sol @@ -359,7 +359,7 @@ contract Add2HonkVerifier is IVerifier { mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; - commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldComms[i]); } // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index 904e41a641ee..e2b34037de3e 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -360,7 +360,7 @@ contract BlakeHonkVerifier is IVerifier { mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; - commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldComms[i]); } // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol index 5b7094b4a21f..b54f5d1988d8 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol @@ -362,7 +362,7 @@ contract EcdsaHonkVerifier is IVerifier { mem.constantTermAccumulator + (scalingFactor * proof.geminiAEvaluations[i + 1]); mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu; - commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldUnivariates[i]); + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldComms[i]); } // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: diff --git a/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol index 341b831b05aa..b87c356a1932 100644 --- a/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol @@ -1,11 +1,11 @@ -// Verification Key Hash: 4199008b0f295433fcc5b10612c7b9a9d87fbd4a221275c2119e7c2060905534 +// Verification Key Hash: 40bb22daf923fbfe17fb0be06e0fa50474e40302c1af031f1aaf5f521998ad3a // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; library Add2UltraVerificationKey { function verificationKeyHash() internal pure returns (bytes32) { - return 0x4199008b0f295433fcc5b10612c7b9a9d87fbd4a221275c2119e7c2060905534; + return 0x40bb22daf923fbfe17fb0be06e0fa50474e40302c1af031f1aaf5f521998ad3a; } function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { diff --git a/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol index 27de321eb3db..572ab115fad6 100644 --- a/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol @@ -1,11 +1,11 @@ -// Verification Key Hash: f1610f1094b31fc37136369383140118871a3bf69a190023d73dce30a3e5ba2e +// Verification Key Hash: 3963021515adf584e49a665edcbb8f92b252b66554a7a9f6b880ae6d76c013c3 // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; library BlakeUltraVerificationKey { function verificationKeyHash() internal pure returns (bytes32) { - return 0xf1610f1094b31fc37136369383140118871a3bf69a190023d73dce30a3e5ba2e; + return 0x3963021515adf584e49a665edcbb8f92b252b66554a7a9f6b880ae6d76c013c3; } function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { diff --git a/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol index 63a0b71a890d..44a8be7486d9 100644 --- a/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol @@ -1,11 +1,11 @@ -// Verification Key Hash: c1102f0000ae4bf7f5b38f96c80e03284a3ec4bada1f0682ddde94c8ba688c58 +// Verification Key Hash: 2f843a63de8da557c6caf7abb57a3110d0c057892dd42037b7ed109d1a7b6105 // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; library EcdsaUltraVerificationKey { function verificationKeyHash() internal pure returns (bytes32) { - return 0xc1102f0000ae4bf7f5b38f96c80e03284a3ec4bada1f0682ddde94c8ba688c58; + return 0x2f843a63de8da557c6caf7abb57a3110d0c057892dd42037b7ed109d1a7b6105; } function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { @@ -14,34 +14,34 @@ library EcdsaUltraVerificationKey { mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000006) // vk.num_inputs mstore(add(_vk, 0x40), 0x00eeb2cb5981ed45649abebde081dcff16c8601de4347e7dd1628ba2daac43b7) // vk.work_root mstore(add(_vk, 0x60), 0x30641e0e92bebef818268d663bcad6dbcfd6c0149170f6d7d350b1b1fa6c1001) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x149e839df8f43c6975d85aa1007d219354b3389f7c93c96935e531fe03d01f88) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x15af1728559ee0f81053b668fa9978c5fc81ee84d017bc955ccfa37c19bd42a0) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x29ba522730da8fa2a791946868afba96af78b025ba860d8e1d02e0325e677101) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x1434909cf7d729b2f4227d83569641d90c4a72d393390825de20cea7ddad8044) // vk.Q2.y - mstore(add(_vk, 0x100), 0x03b90587c8746a60d96bc184e03c8469d813956caba6137040b350360357fe4f) // vk.Q3.x - mstore(add(_vk, 0x120), 0x211f025196191d107ae492f80f0effeb1e9242069f333d405698365df4838d43) // vk.Q3.y - mstore(add(_vk, 0x140), 0x0eae4a0952b07a5dbaf7750d79dae8fda3cfa4b5e7882413b6ada72c4297561e) // vk.Q4.x - mstore(add(_vk, 0x160), 0x0fa2558fd5e0afe53d359b1ec584eb6c0fabad27e4909227d9a4457d588b2830) // vk.Q4.y - mstore(add(_vk, 0x180), 0x01e7626aeb0ca204c26be5b01b3171994011b03f8966bb201303fc196c6c1a7e) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x07972ee3ae6e0a0cf4978b64cd08783f42c7ce9905f1fd35da4ff6fa0e1a18e2) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x03bd15837131c97d246c0aa57786e302b6d8227826104f70f56cba936a7b408e) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x1a2e3be55cd01c1a4f4ef33fa96986e37c56abc06876e7f7d76229fb9f122c4c) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x26d1d1578bb09f2f047035f103c3b32180c89b338e7d04ace8872b1154be6fb5) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x10c4691982c731ec4e2bb8216e8af8405fbe96fe8fe305ef2c3e03444fe68f85) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x1feb6cf63471a70e29caeee13eb393760c0f7d9e556327beb09a22b6b35e89f7) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x1a834941cde87aa7a82450b4f093f149df9937db2edbdab47fa7216fbcb33580) // vk.QSORT.y + mstore(add(_vk, 0x80), 0x1cc85a07fb1009e23540957b29121dc57aaae5b1e89a22a932a1bdf7ccac1af2) // vk.Q1.x + mstore(add(_vk, 0xa0), 0x19a1a4fa6d8781abbcb696097c1817f54da296348a292954e2aa9856f2fa3b6a) // vk.Q1.y + mstore(add(_vk, 0xc0), 0x0409f05fe2901e7e339b3aaf0d7af7b5d4023e416da923321b15aae633b18fee) // vk.Q2.x + mstore(add(_vk, 0xe0), 0x0ae6cc44e9024c190ab310d7ad110226c5c76f15d158b60fc9acd98f2e1f1aa3) // vk.Q2.y + mstore(add(_vk, 0x100), 0x20e3b4e35df25ba02ac2a9be26bc6fe74640355e57455598e69922b8d3fd0939) // vk.Q3.x + mstore(add(_vk, 0x120), 0x1f49d18bdb86a449e676558c6d6349f123372641187e33e12128ee7468431942) // vk.Q3.y + mstore(add(_vk, 0x140), 0x00e95627d4db555ccf3b1ee6def34fab1a815f0482cb6a745a363940d3163831) // vk.Q4.x + mstore(add(_vk, 0x160), 0x19fe011a8a139da323b5ce5abebe54bf4c105acd6045d7b2b5df40a34411f44b) // vk.Q4.y + mstore(add(_vk, 0x180), 0x04b41648960da31317eff66b5ca9be0a6c81ebeead27e70b3c5b28d4aba11081) // vk.Q_M.x + mstore(add(_vk, 0x1a0), 0x1bff2df21a3fd9c49c29b7f7c153dd0bc331d75afc6a35fb7155c17bb0f67a63) // vk.Q_M.y + mstore(add(_vk, 0x1c0), 0x15faa2ea86a6a66cd9b969d6305f863595a73b9215c1ae442969f4993a8e5230) // vk.Q_C.x + mstore(add(_vk, 0x1e0), 0x26391cc92544b485d90313d3396b53d9207db8f84ead11bcf45467fa7eb38b94) // vk.Q_C.y + mstore(add(_vk, 0x200), 0x01a0d650b65d29965e4ae2a8cfb69470d7560f0826268da59c6e72e684a06c9b) // vk.Q_ARITHMETIC.x + mstore(add(_vk, 0x220), 0x2248d4a02e68036c8d0a4a6725ba0e5e8e95950a5285a3a7daa1a1726cc8ec6b) // vk.Q_ARITHMETIC.y + mstore(add(_vk, 0x240), 0x01afcbad715a0c382971311ad6fe4ff8b6e99200162aeb6245b585c99c8748a9) // vk.QSORT.x + mstore(add(_vk, 0x260), 0x18bf352081d1ba2ffe8088d34ce6471e4cf6d2ee63f006ea9a5e31cc41b6587c) // vk.QSORT.y mstore(add(_vk, 0x280), 0x21245d6c0a4d2ff12b21a825f39f30e8f8cf9b259448d111183e975828539576) // vk.Q_ELLIPTIC.x mstore(add(_vk, 0x2a0), 0x16a409532c8a1693536e93b6ce9920bfc2e6796e8dfe404675a0cdf6ee77ee7a) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x24005a1e8120ffcb3e5fc06ff50794b9d4b0bd70eabb1f8dfb342bec8a64dd61) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x2c18b52f602a5a9b4461872eff0712f56d128bb9364471f838d7b07f008660e3) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x02497b2d5e01266cea1f1bf4d9ad66e54045b3e388066db97b9623668728f65d) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x0156cae236ca46f64832b4b826804da6c7221ab5ca4cdadd53a1b787992307fe) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x2673cb9276dcc16be61e4c2ec24f6a881e771a273198ab0b392c26085a5f03b4) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x1384aef6995f8e632b76cce98d900e2535d92719be668a8f0e20c893c87f391a) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x11d48b7fc901d1e72489d937970ee3baea2662d268f9b1c08d71820a21ac6a39) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x126e543f1951015c8a56ff6d571e67da3cc52d2671f3ce8d258378edcfe8a8f5) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x0b41b102b59ecae092c04a4f09755db1dc4286c3072034ca23b7f885bcfec814) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x13bf888757f9fad73f21ab3a0ef53a286329dbf0aaaa935d1689d8554db05813) // vk.SIGMA4.y + mstore(add(_vk, 0x2c0), 0x2d455f287e41544fd3744bab412640fd6916b01aa2163c84071eb47f0306a473) // vk.Q_AUX.x + mstore(add(_vk, 0x2e0), 0x09dea8e2b5e382a1c4a37bc4e60f5e8380688310b855c249d64153478d25e223) // vk.Q_AUX.y + mstore(add(_vk, 0x300), 0x09671927e293b22a3fb9fa8ea1680fcc4570bb2f312cb88004ff7fd4474e2109) // vk.SIGMA1.x + mstore(add(_vk, 0x320), 0x1c6442d9a49b3b93a928ef6ba2f348bc4c8cb778a59345faf7d173129f22b5a3) // vk.SIGMA1.y + mstore(add(_vk, 0x340), 0x0337d84b45a5abc701edbdc1a1d878178c23496b39ccddcc3f0f6199e3f97df6) // vk.SIGMA2.x + mstore(add(_vk, 0x360), 0x1c744f7be93d40c96d15fdf9d81c9502b7018573ad23e51dea7b065fdeb6f13a) // vk.SIGMA2.y + mstore(add(_vk, 0x380), 0x23a975cfb71f0c0d46ef9c0b01e6482e780b5e3af1a63547f7d01c46c1911699) // vk.SIGMA3.x + mstore(add(_vk, 0x3a0), 0x0d5a0be212cb2c7d3bba8c2406a9d2c4b04d4e64b0acef2681eb7c6aa490a7cb) // vk.SIGMA3.y + mstore(add(_vk, 0x3c0), 0x1ca2d0cca80bb16eab28d06c5c175e862a8ef14bceb6da79e65236a8a6a36838) // vk.SIGMA4.x + mstore(add(_vk, 0x3e0), 0x0555fe3dbd2ba2d7db2b5f740bf32fb57f4c5ac9d9f2e59e9a5a2cc2d84dae05) // vk.SIGMA4.y mstore(add(_vk, 0x400), 0x18f7cf965339d9c9d190296fa92f915767b0a8da455975f3e03fa98439fd7110) // vk.TABLE1.x mstore(add(_vk, 0x420), 0x0eecc02f9d44125407adbf00d56b086afd1adc5de536450afe05de382761b32f) // vk.TABLE1.y mstore(add(_vk, 0x440), 0x0bdfe662ea9f40f125ca5f7e99a8c6ba09b87ba8313864316745df862946c5c4) // vk.TABLE2.x @@ -50,16 +50,16 @@ library EcdsaUltraVerificationKey { mstore(add(_vk, 0x4a0), 0x1fda66dfb58273345f2471dff55c51b6856241460272e64b4cc67cde65231e89) // vk.TABLE3.y mstore(add(_vk, 0x4c0), 0x024ccc0fcff3b515cdc97dde2fae5c516bf3c97207891801707142af02538a83) // vk.TABLE4.x mstore(add(_vk, 0x4e0), 0x27827250d02b7b67d084bfc52b26c722f33f75ae5098c109573bfe92b782e559) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x302e6c8067a7ca14e1d75776754c1a3ad99d21056ae8e607ea66029cbe534906) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x07f2eb44fd686bf54e604a6b40c9151b7123db580a23c064ef703af4013dbc2f) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x00992a2f510c6371b9231c1d68d0e0fdbe10c5f4344de9441cc7c845afb37a1d) // vk.ID1.x - mstore(add(_vk, 0x560), 0x13eb38f67d8c03245e6f0655f5d40c145b2c06dd1657d8da26dc75af0cefa0f7) // vk.ID1.y - mstore(add(_vk, 0x580), 0x2ce905fbf9f932ae4f9b7b0feda15271b80921e9bf4e58c302ae99f1207fa4e7) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x2c2a6dc03599757fc625b0e55984d3fb28a954d40eb54f988b52c55936076988) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x0f547249b9aa5b9a951757893c059f8ed590366da4dd3ccd36aeac3069c7471f) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x2be2746434bfe0ccb2390357b17f8ec70ff12fc3aad4500b8d1723ec6709a170) // vk.ID3.y - mstore(add(_vk, 0x600), 0x19d1ed6b528ae5095d83167c3ba3578b36c7cd9249e47d10ceff352890d0938f) // vk.ID4.x - mstore(add(_vk, 0x620), 0x1dcd2caa39e180a497ff98414548e5de682d19fc598b3cd44242f1bb53a0e078) // vk.ID4.y + mstore(add(_vk, 0x500), 0x22b1d6b9827d6d03049f76dc9dc219ae6de93abe52d4d7de8677d961d3408c77) // vk.TABLE_TYPE.x + mstore(add(_vk, 0x520), 0x10ebc6be9f74e0367276028c613ab3efe0f2ed546c05339b36d5165d009c833a) // vk.TABLE_TYPE.y + mstore(add(_vk, 0x540), 0x2aa2e5247ce6524fecba0a2de9f383353096665f3ae8082fe7017fbf6d6572d8) // vk.ID1.x + mstore(add(_vk, 0x560), 0x1db802f61a6194bea68f7d5ec697facf26f1c1336b09e382801e8b773f0e116f) // vk.ID1.y + mstore(add(_vk, 0x580), 0x1aa955e508f3c2fbf55a36719eb666a45239935c4af10b8a1f4580d5cd614236) // vk.ID2.x + mstore(add(_vk, 0x5a0), 0x2bc21aa51420951a10a39d5c5242101d2207c47a0077852acb7d3fd6a16e1c58) // vk.ID2.y + mstore(add(_vk, 0x5c0), 0x245c89c4cf7c7e297b4db8e2625f5abd56398c351256a39aece0a36a940aaf62) // vk.ID3.x + mstore(add(_vk, 0x5e0), 0x01bd6e61d801d895c7edfee071518761f3c8c0e10bec5f0fb0b25ae430a2c91e) // vk.ID3.y + mstore(add(_vk, 0x600), 0x30223d4653291c03019e96bd716769c7c6d6520fddf2e633a75f94b08bee86dd) // vk.ID4.x + mstore(add(_vk, 0x620), 0x2e389428afa291855039f1b4af22e70d469f4e20116b85889737d624a2d27fef) // vk.ID4.y mstore(add(_vk, 0x640), 0x00) // vk.contains_recursive_proof mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 diff --git a/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol index 1cabff016cbc..641305da4bcd 100644 --- a/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol +++ b/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol @@ -1,72 +1,72 @@ -// Verification Key Hash: 9e6cf5dacef11085d9ea83e98b85ebdc37749931c90443898dcd8d18f639dad8 +// Verification Key Hash: a52397545a883471ee94e8a27e184be64d21640d76712b1e6fba67f3546503c9 // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Aztec pragma solidity >=0.8.4; library RecursiveUltraVerificationKey { function verificationKeyHash() internal pure returns (bytes32) { - return 0x9e6cf5dacef11085d9ea83e98b85ebdc37749931c90443898dcd8d18f639dad8; + return 0xa52397545a883471ee94e8a27e184be64d21640d76712b1e6fba67f3546503c9; } function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { assembly { - mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000040000) // vk.circuit_size + mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000080000) // vk.circuit_size mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000010) // vk.num_inputs - mstore(add(_vk, 0x40), 0x19ddbcaf3a8d46c15c0176fbb5b95e4dc57088ff13f4d1bd84c6bfa57dcdc0e0) // vk.work_root - mstore(add(_vk, 0x60), 0x30644259cd94e7dd5045d7a27013b7fcd21c9e3b7fa75222e7bda49b729b0401) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x02c6f00fd259ba9440c68d211969bbd81509b234882d65fc79ee90fdcb6ccfda) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x07f4fc84032451c171ea7150385b54a383fb083cc0c93895e2ef931e8e448345) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x02b407e4c824960a965b5193ad8c6ccf4baaa4c99da5d11b13a2d6af52973ef7) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x021fe5c3dd23b42f696dcd08659b8aa403c8e927f8c6e7b1446f4e9205c0a1c2) // vk.Q2.y - mstore(add(_vk, 0x100), 0x14f63403b60fb3ccf8325ec20e463e1daa492faf4d0151a8e7366f07c68f1d83) // vk.Q3.x - mstore(add(_vk, 0x120), 0x207cbbaffb34a0fe5eba27fd30f67e5389b1de65b703ccb78726831208ab600d) // vk.Q3.y - mstore(add(_vk, 0x140), 0x00ef12b054f19d72f2a6d0e628c6387026afd8a8924eb144ccc9948d4f6c5549) // vk.Q4.x - mstore(add(_vk, 0x160), 0x0a1cbb57818ceec1d15878315046a7db1238d292307cabafbb97f569df6dcefa) // vk.Q4.y - mstore(add(_vk, 0x180), 0x0d098b0bcd6db60c47f8e7e9eb1c072972deb39b294907cbc353352ebc2bea85) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x0ff57407d8b18914e30d8583a77f67732f8b2762429a712c55b0c00fb83fe1c2) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x2b01c45f214633bfaea1589083ab9a3a0915a6da362baa3151b1a0e80fb79160) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x0392d6380d2912befda8d98bcddd6050683a814bb84eb7f57e28176033783f11) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x24a6e759b9d12a53f809367cb3cbd00d96dfaa3af623e984bd986886447b642d) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x265e4202aa18f537a514281d72aaea8ab10090da270d8f9901363b4f48bc0610) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x04e5e383b53cf0f3eb3e824dcbc95d7fbb2ca7770bf92a3e86b652a425534714) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x1bb4418c97c423508baf8d7825f2f41066dc4769dc4c9643ebddca0a71b71a87) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x00a2e0e8c69ad29b60904f91a9db016a32a3de05f6ccdf024b5f149e8388484c) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x24be2bffbba65b40f4eeabba7a3660511baad3936c4ec40a6f9e20d194ec3a07) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x28725b01fa9c481b39aef64f5f54f9f967fd976b7ff4be45a9ca50f7500fef4c) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x264e3e4c4529b321c407f802c173d2fb73b03e8ce09fe3de3c11f84b87b99d32) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x1ec8ec2e5a6f36a00042f1199bad7fb25e950c9ce97f59777fd1739f422ce750) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x002526bd09111cbc4d6f6c6e200f627e7ae60fb59bd5f1357d82f386b1009dc9) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x0cc83ed6a722c67efdd44d5b6de2490621fd59c7c1c7a1416c99a6dff933e5d9) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x01eb69a024162e13bc58e174cef5c0d2c7a12bdf3619f78010cfe09cd165c19d) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x257e795ed0c6598cb79a148110eb2ce1dfb2a6378267e0a33f3c1d4dd7aadbcc) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x01d596a895131eb6dbf6c9a89ddd9321ec5ed272d921b4edfed20b8f8ddc80cb) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x167af14f050f637263e94a86a2408a14178c7ea304ffaee2db4b2d20e173832b) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x211fb82fbb784f81f12914fbdb876c4a4b1f3670bf7aa291f661f7541bc8779c) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x09796190fd3ba909c6530c89811df9b5b4f5f2fe6501ec21dd864b20673fc02c) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x00b9c2423e310caa43e1eb83b55f53977fccbed85422df8935635d77d146bf39) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x217dad26ccc0c543ec5750513e9365a5cae8164b08d364efcf4b5890ff05f334) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x1db28433f6bde424423f3587787f81c48101d2dc6e54b431332cb275f8518c62) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x2cc2d90f2da7f4ec16b7fe61babd4fb9b580ecff03c471764dd67a8c433afab5) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x3032b9ff096a43ce326cc63ffc6a86dcb913fb1f7700939f5304f6c6beb24574) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x1f4c58502ca713ed0bffb4ff31ed55e557e83a37d31b8e703aa9219d6158e2d2) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x0b0d5ed5432c5e7b56344c1d26ce0d9f632e8f8aa52505d6c89f6da89f357fa8) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x0869d6ec86b39958a4a10ed67954dc8931a1e5ee901099071c3c0684dd0eddde) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x1fc9d5e1b18c601f367b9551c00f5e541a48aa562cd0adb4369b51a7e99395b6) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x205b387095b6e538a6169c93c9db7d85ec219e2f0304b449f8849f5fde2c659f) // vk.ID1.x - mstore(add(_vk, 0x560), 0x07d8d408db8702ba4db7fec434fdee2b944313f72b0f94a9dcec74e7b715b3f8) // vk.ID1.y - mstore(add(_vk, 0x580), 0x2c758668e1cbf0572b139911af3f553c7898f7f07ffdcc58484a1a0acd14a03e) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x159322db7ac7485c5be7ce811a773c5fda9e26b0c47139eda1af6103c5c21b1c) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x026ba63c8620f00298a42a356b18392228d92c4301e8c51e44a3a2e14a6ebc89) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x2a962181e6a7df5a05d1750e7a22b6ec21fc84d8de08524aa75c4ee8f646bd0c) // vk.ID3.y - mstore(add(_vk, 0x600), 0x2c81aa9e4f466e56d2a6f1a971d431a487379970bb892424e12a0c71c41479b0) // vk.ID4.x - mstore(add(_vk, 0x620), 0x2e662e641087ed19b9ff866748197ab8a871deded79d2835f32e4bbadef1a889) // vk.ID4.y + mstore(add(_vk, 0x40), 0x2260e724844bca5251829353968e4915305258418357473a5c1d597f613f6cbd) // vk.work_root + mstore(add(_vk, 0x60), 0x3064486657634403844b0eac78ca882cfd284341fcb0615a15cfcd17b14d8201) // vk.domain_inverse + mstore(add(_vk, 0x80), 0x05104b486160545badec11f151e7c70b87050871da5653387ab4ab2ad0eef5ca) // vk.Q1.x + mstore(add(_vk, 0xa0), 0x2672c7fb298fce83f510eb6e1b851a5bb2daf8fc43c7771e96c56c8a09ddfeae) // vk.Q1.y + mstore(add(_vk, 0xc0), 0x2c019acf99c5663da83cec224bd32570ee90f45c4486a54dec3ca4552d8ab07a) // vk.Q2.x + mstore(add(_vk, 0xe0), 0x0fb7a3385ab42cafb0e104ac17ac2dacfb161d292c00fca102b1e780e86ccaf3) // vk.Q2.y + mstore(add(_vk, 0x100), 0x273ca9c29ef10864f4c9c053c336776a71ca5ebbf4bec1cb381e431943f9b5d7) // vk.Q3.x + mstore(add(_vk, 0x120), 0x2a94f00fe384ab945a8f5e3c97194a425a4d2109e5b113f059e42ee232659436) // vk.Q3.y + mstore(add(_vk, 0x140), 0x0e8b5c127c8a3ec285c2ac80d9046528051387878802203988a60650a0a960ab) // vk.Q4.x + mstore(add(_vk, 0x160), 0x17efdb659ae0d26aa78db132f9be9130460c0fce0c2a8e9b726de68247f76891) // vk.Q4.y + mstore(add(_vk, 0x180), 0x2f668d8a50bdb5c366e39433892f903262a04b6473ba3468c12057d58ad3bbfb) // vk.Q_M.x + mstore(add(_vk, 0x1a0), 0x2397c6171bc6d084e98297690441c9da9f011d18b3ea0bb58ee4d47227feb6b4) // vk.Q_M.y + mstore(add(_vk, 0x1c0), 0x1dafbfb4d30fcf880ef839ecc7fda9a97c315c5fa1713d08f7cdf6dba53ffb17) // vk.Q_C.x + mstore(add(_vk, 0x1e0), 0x099fa3de9ce0cc28085739745582b53bf7939e3d97928afd491392053c1c0a68) // vk.Q_C.y + mstore(add(_vk, 0x200), 0x028912be5d0accd4edf4949f89be1c1a2fcf4f59559ba03114da00ec3bf643ac) // vk.Q_ARITHMETIC.x + mstore(add(_vk, 0x220), 0x2428952bfba8ba44830fb0ae6fcdeb9bf17d611add9432450ebbe3d928e2f431) // vk.Q_ARITHMETIC.y + mstore(add(_vk, 0x240), 0x2b40c900824bcca193d402e0ef7f78792deaccd99743a78e5330abe8886ac989) // vk.QSORT.x + mstore(add(_vk, 0x260), 0x102a7a02bc1a7317702c09560636e991b856f26f88ee8f0b33da3dd7fe222dbb) // vk.QSORT.y + mstore(add(_vk, 0x280), 0x2bcf00433471db2be265df28ba2e70c36ca52f2932a4de25c0d60868703a0726) // vk.Q_ELLIPTIC.x + mstore(add(_vk, 0x2a0), 0x2f225b86590c67ae48360cb41d5b291ba94ce2dbae850afd9a6854122341b5ba) // vk.Q_ELLIPTIC.y + mstore(add(_vk, 0x2c0), 0x2eaee34d8508092cc4e19bc3f27ffa7dfc72230710e220f228f48906fae21e56) // vk.Q_AUX.x + mstore(add(_vk, 0x2e0), 0x0c503c5d6245b99bbc056925e96abd20feaed6507707311092b3ed87eadb3874) // vk.Q_AUX.y + mstore(add(_vk, 0x300), 0x021ba851cec3aedfbf1d9944907ae721f0d3e8fa3548513b6f108d101067ae85) // vk.SIGMA1.x + mstore(add(_vk, 0x320), 0x24eef378da346c4f9eededc5dc519d35b14fec46412c8fcf7564cafb9843d761) // vk.SIGMA1.y + mstore(add(_vk, 0x340), 0x0492b2fed8a158177dd3e825fb34ca7481bfead06bc01f308dc81fcd852ef3bc) // vk.SIGMA2.x + mstore(add(_vk, 0x360), 0x289bf1bcc6a9cb19b102c7fb9dba839e1817a24257194cad404b393ce77e66b5) // vk.SIGMA2.y + mstore(add(_vk, 0x380), 0x05d2a9c66d5c142b254b4f7d09f0eb837d95d8ec002e0644f51d455041403ca5) // vk.SIGMA3.x + mstore(add(_vk, 0x3a0), 0x2434b76f470965c85363ff15b3f37c7b4be4fb2741451dc33943879f1e4cbba4) // vk.SIGMA3.y + mstore(add(_vk, 0x3c0), 0x2f4bcc93500665a87a8f959e1636fe88cb1f17688b8c286fe930ccf934a49ac2) // vk.SIGMA4.x + mstore(add(_vk, 0x3e0), 0x243f7b4ae1d483c99523b6a2999f404ab744017c8f43080c3582c38ea8ea3d1a) // vk.SIGMA4.y + mstore(add(_vk, 0x400), 0x0ddc3b6d8e59cf0996ca71ad4132ca9d618ffd933cf58a8a0953dc76f97cf108) // vk.TABLE1.x + mstore(add(_vk, 0x420), 0x153193287060386695f4f2d0d3525dec4c6a253f431d3f3fc06aa0e5b0448b8c) // vk.TABLE1.y + mstore(add(_vk, 0x440), 0x1170f0ece62f8c572bca96b141d27f4bd25585edb9319128045c005d48491b1e) // vk.TABLE2.x + mstore(add(_vk, 0x460), 0x246cd041690f653f88ed0c56ad282a3dd2e37b8edb1f56b785809d7710bf1c88) // vk.TABLE2.y + mstore(add(_vk, 0x480), 0x26153c937447356a0c6d6be09d85eb34bc8a00ce9d452888e5fc2b5a7e14fed7) // vk.TABLE3.x + mstore(add(_vk, 0x4a0), 0x189da022421fbd8dfd7973084d978e555388ad9364679246b07992f84b4e91b2) // vk.TABLE3.y + mstore(add(_vk, 0x4c0), 0x285311c5e9a4cbb56a3f04f29d5443e8c0f9753e2a5a35acec051fafe2cecce5) // vk.TABLE4.x + mstore(add(_vk, 0x4e0), 0x2436400260c9d3180beedd0bf49fec92d2d0ac76a1be7f1fad96cbd997175312) // vk.TABLE4.y + mstore(add(_vk, 0x500), 0x139bb66456d96a4e2dad361f7949a6b8c6739650965ae729788162fbb0382399) // vk.TABLE_TYPE.x + mstore(add(_vk, 0x520), 0x098fad1329e1765863f8ac829332168359901da71702e5119ce4b89a7ae6f017) // vk.TABLE_TYPE.y + mstore(add(_vk, 0x540), 0x14fc4c6c2521387172a6b801e2b6c8a2308d725695d3f49a57151c2a0a8af0fe) // vk.ID1.x + mstore(add(_vk, 0x560), 0x2ce0c2c73ded7bcf19c1208f134b67ed74f77ef717db1c05c010bc8df7bed39e) // vk.ID1.y + mstore(add(_vk, 0x580), 0x0e2455a361f4a3741dab6a03b8186996a5a9873a3b62b3fa8eb5a551cb46bb7a) // vk.ID2.x + mstore(add(_vk, 0x5a0), 0x29a288b84aeabb0421861492256c6ea82530b5b14c0e01e5b7b2553cf197a2e7) // vk.ID2.y + mstore(add(_vk, 0x5c0), 0x01fbecd3bc90ad298a27bf4f9aa071746c30b5af932a1ba8d5b04394f85e0370) // vk.ID3.x + mstore(add(_vk, 0x5e0), 0x0b21c924fc2b44729ff84deeae724c68dd1636e847b0f7cdd92ad203af7cf0d5) // vk.ID3.y + mstore(add(_vk, 0x600), 0x12f7ebb5e50b429b766b1dc5e8b32b7727593641e4f976b72a7046d0a3ff8dea) // vk.ID4.x + mstore(add(_vk, 0x620), 0x2d45226edb0f8338bb5fa88ecefeeaa9bbb72232a2e842f8c7f37cd11f7065ed) // vk.ID4.y mstore(add(_vk, 0x640), 0x01) // vk.contains_recursive_proof mstore(add(_vk, 0x660), 0) // vk.recursive_proof_public_input_indices mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 - mstore(_omegaInverseLoc, 0x036853f083780e87f8d7c71d111119c57dbe118c22d5ad707a82317466c5174c) // vk.work_root_inverse + mstore(_omegaInverseLoc, 0x06e402c0a314fb67a15cf806664ae1b722dbc0efe66e6c81d98f9924ca535321) // vk.work_root_inverse } } } From 2a2fe4e4fcd6e84e275a4a9328b353fd84d7e12b Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 1 Oct 2024 14:19:15 +0000 Subject: [PATCH 10/10] fix --- barretenberg/sol/src/honk/instance/Add2Honk.sol | 4 +--- barretenberg/sol/src/honk/instance/BlakeHonk.sol | 4 +--- barretenberg/sol/src/honk/instance/EcdsaHonk.sol | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/barretenberg/sol/src/honk/instance/Add2Honk.sol b/barretenberg/sol/src/honk/instance/Add2Honk.sol index 331f5f7332de..a56a3b256a01 100644 --- a/barretenberg/sol/src/honk/instance/Add2Honk.sol +++ b/barretenberg/sol/src/honk/instance/Add2Honk.sol @@ -194,9 +194,7 @@ contract Add2HonkVerifier is IVerifier { // Avoid stack too deep struct ShpleminiIntermediates { - // i-th unshifted commitment is multiplied by −ρⁱ and the unshifted_scalar ( 1/(z−r) + ν/(z+r) ) Fr unshiftedScalar; - // i-th shifted commitment is multiplied by −ρⁱ⁺ᵏ and the shifted_scalar r⁻¹ ⋅ (1/(z−r) − ν/(z+r)) Fr shiftedScalar; // Scalar to be multiplied by [1]₁ Fr constantTermAccumulator; @@ -213,7 +211,7 @@ contract Add2HonkVerifier is IVerifier { { ShpleminiIntermediates memory mem; // stack - // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size, I think this should be CONST_PROOF_SIZE + // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); // Arrays hold values that will be linearly combined for the gemini and shplonk batch openings diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index e2b34037de3e..d5f739f0315a 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -195,9 +195,7 @@ contract BlakeHonkVerifier is IVerifier { // Avoid stack too deep struct ShpleminiIntermediates { - // i-th unshifted commitment is multiplied by −ρⁱ and the unshifted_scalar ( 1/(z−r) + ν/(z+r) ) Fr unshiftedScalar; - // i-th shifted commitment is multiplied by −ρⁱ⁺ᵏ and the shifted_scalar r⁻¹ ⋅ (1/(z−r) − ν/(z+r)) Fr shiftedScalar; // Scalar to be multiplied by [1]₁ Fr constantTermAccumulator; @@ -214,7 +212,7 @@ contract BlakeHonkVerifier is IVerifier { { ShpleminiIntermediates memory mem; // stack - // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size, I think this should be CONST_PROOF_SIZE + // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); // Arrays hold values that will be linearly combined for the gemini and shplonk batch openings diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol index b54f5d1988d8..5e3c064defc1 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol @@ -194,9 +194,7 @@ contract EcdsaHonkVerifier is IVerifier { // Avoid stack too deep struct ShpleminiIntermediates { - // i-th unshifted commitment is multiplied by −ρⁱ and the unshifted_scalar ( 1/(z−r) + ν/(z+r) ) Fr unshiftedScalar; - // i-th shifted commitment is multiplied by −ρⁱ⁺ᵏ and the shifted_scalar r⁻¹ ⋅ (1/(z−r) − ν/(z+r)) Fr shiftedScalar; // Scalar to be multiplied by [1]₁ Fr constantTermAccumulator; @@ -216,7 +214,7 @@ contract EcdsaHonkVerifier is IVerifier { { ShpleminiIntermediates memory mem; // stack - // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size, I think this should be CONST_PROOF_SIZE + // - Compute vector (r, r², ... , r²⁽ⁿ⁻¹⁾), where n = log_circuit_size Fr[CONST_PROOF_SIZE_LOG_N] memory powers_of_evaluation_challenge = computeSquares(tp.geminiR); // Arrays hold values that will be linearly combined for the gemini and shplonk batch openings