diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp index 95d3ac76d03..3e40157661a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp @@ -330,3 +330,85 @@ TEST_F(IPATest, ShpleminiIPAWithShift) EXPECT_EQ(result, true); } +/** + * @brief Test the behaviour of the method ShpleminiVerifier::remove_shifted_commitments + * + */ +TEST_F(IPATest, ShpleminiIPAShiftsRemoval) +{ + using IPA = IPA; + using ShplonkProver = ShplonkProver_; + using ShpleminiVerifier = ShpleminiVerifier_; + using GeminiProver = GeminiProver_; + + const size_t n = 8; + const size_t log_n = 3; + + // Generate multilinear polynomials, their commitments (genuine and mocked) and evaluations (genuine) at a random + // point. + auto mle_opening_point = this->random_evaluation_point(log_n); // sometimes denoted 'u' + auto poly1 = Polynomial::random(n); + auto poly2 = Polynomial::random(n, /*shiftable*/ 1); + auto poly3 = Polynomial::random(n, /*shiftable*/ 1); + auto poly4 = Polynomial::random(n); + + Commitment commitment1 = this->commit(poly1); + Commitment commitment2 = this->commit(poly2); + Commitment commitment3 = this->commit(poly3); + Commitment commitment4 = this->commit(poly4); + + std::vector unshifted_commitments = { commitment1, commitment2, commitment3, commitment4 }; + std::vector shifted_commitments = { commitment2, commitment3 }; + auto eval1 = poly1.evaluate_mle(mle_opening_point); + auto eval2 = poly2.evaluate_mle(mle_opening_point); + auto eval3 = poly3.evaluate_mle(mle_opening_point); + auto eval4 = poly4.evaluate_mle(mle_opening_point); + + auto eval2_shift = poly2.evaluate_mle(mle_opening_point, true); + auto eval3_shift = poly3.evaluate_mle(mle_opening_point, true); + + auto prover_transcript = NativeTranscript::prover_init_empty(); + + // Run the full prover PCS protocol: + + // Compute: + // - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1 + // - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1 + auto prover_opening_claims = GeminiProver::prove(n, + RefArray{ poly1, poly2, poly3, poly4 }, + RefArray{ poly2, poly3 }, + mle_opening_point, + this->ck(), + prover_transcript); + + const auto opening_claim = ShplonkProver::prove(this->ck(), prover_opening_claims, prover_transcript); + IPA::compute_opening_proof(this->ck(), opening_claim, prover_transcript); + + // the index of the first commitment to a polynomial to be shifted in the union of unshifted_commitments and + // shifted_commitments. in our case, it is poly2 + const size_t to_be_shifted_commitments_start = 1; + // the index of the first commitment to a shifted polynomial in the union of unshifted_commitments and + // shifted_commitments. in our case, it is the second occurence of poly2 + const size_t shifted_commitments_start = 4; + // number of shifted polynomials + const size_t num_shifted_commitments = 2; + const RepeatedCommitmentsData repeated_commitments = + RepeatedCommitmentsData(to_be_shifted_commitments_start, shifted_commitments_start, num_shifted_commitments); + // since commitments to poly2, poly3 and their shifts are the same group elements, we simply combine the scalar + // multipliers of commitment2 and commitment3 in one place and remove the entries of the commitments and scalars + // vectors corresponding to the "shifted" commitment + auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript); + + auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(n, + RefVector(unshifted_commitments), + RefVector(shifted_commitments), + RefArray{ eval1, eval2, eval3, eval4 }, + RefArray{ eval2_shift, eval3_shift }, + mle_opening_point, + this->vk()->get_g1_identity(), + verifier_transcript, + repeated_commitments); + + auto result = IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->vk(), verifier_transcript); + EXPECT_EQ(result, true); +} diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp index 38d685c3a4a..a50c0a8919a 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp @@ -318,6 +318,7 @@ TYPED_TEST(KZGTest, ShpleminiKzgWithShiftAndConcatenation) mle_opening_point, this->vk()->get_g1_identity(), verifier_transcript, + {}, /* libra commitments = */ {}, /* libra evaluations = */ {}, to_vector_of_ref_vectors(concatenation_groups_commitments), @@ -327,5 +328,99 @@ TYPED_TEST(KZGTest, ShpleminiKzgWithShiftAndConcatenation) EXPECT_EQ(this->vk()->pairing_check(pairing_points[0], pairing_points[1]), true); } +TYPED_TEST(KZGTest, ShpleminiKzgShiftsRemoval) +{ + using ShplonkProver = ShplonkProver_; + using GeminiProver = GeminiProver_; + using ShpleminiVerifier = ShpleminiVerifier_; + using KZG = KZG; + using Fr = typename TypeParam::ScalarField; + using Commitment = typename TypeParam::AffineElement; + using Polynomial = typename bb::Polynomial; + + const size_t n = 16; + const size_t log_n = 4; + // Generate multilinear polynomials, their commitments (genuine and mocked) and evaluations (genuine) at a random + // point. + auto mle_opening_point = this->random_evaluation_point(log_n); // sometimes denoted 'u' + auto poly1 = Polynomial::random(n); + auto poly2 = Polynomial::random(n, 1); + auto poly3 = Polynomial::random(n, 1); + auto poly4 = Polynomial::random(n); + + Commitment commitment1 = this->commit(poly1); + Commitment commitment2 = this->commit(poly2); + Commitment commitment3 = this->commit(poly3); + Commitment commitment4 = this->commit(poly4); + std::vector unshifted_commitments = { commitment1, commitment2, commitment3, commitment4 }; + std::vector shifted_commitments = { commitment2, commitment3 }; + auto eval1 = poly1.evaluate_mle(mle_opening_point); + auto eval2 = poly2.evaluate_mle(mle_opening_point); + auto eval3 = poly3.evaluate_mle(mle_opening_point); + auto eval4 = poly4.evaluate_mle(mle_opening_point); + auto eval2_shift = poly2.evaluate_mle(mle_opening_point, true); + auto eval3_shift = poly3.evaluate_mle(mle_opening_point, true); + + // Collect multilinear evaluations for input to prover + // std::vector multilinear_evaluations = { eval1, eval2, eval3, eval4, eval2_shift, eval3_shift }; + + auto prover_transcript = NativeTranscript::prover_init_empty(); + + // Run the full prover PCS protocol: + + // Compute: + // - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1 + // - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1 + auto prover_opening_claims = GeminiProver::prove(n, + RefArray{ poly1, poly2, poly3, poly4 }, + RefArray{ poly2, poly3 }, + mle_opening_point, + this->ck(), + prover_transcript); + + // Shplonk prover output: + // - opening pair: (z_challenge, 0) + // - witness: polynomial Q - Q_z + const auto opening_claim = ShplonkProver::prove(this->ck(), prover_opening_claims, prover_transcript); + + // KZG prover: + // - Adds commitment [W] to transcript + KZG::compute_opening_proof(this->ck(), opening_claim, prover_transcript); + + // Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation) + + auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript); + // the index of the first commitment to a polynomial to be shifted in the union of unshifted_commitments and + // shifted_commitments. in our case, it is poly2 + const size_t to_be_shifted_commitments_start = 1; + // the index of the first commitment to a shifted polynomial in the union of unshifted_commitments and + // shifted_commitments. in our case, it is the second occurence of poly2 + const size_t shifted_commitments_start = 4; + // number of shifted polynomials + const size_t num_shifted_commitments = 2; + // since commitments to poly2, poly3 and their shifts are the same group elements, we simply combine the scalar + // multipliers of commitment2 and commitment3 in one place and remove the entries of the commitments and scalars + // vectors corresponding to the "shifted" commitment + const RepeatedCommitmentsData repeated_commitments = + RepeatedCommitmentsData(to_be_shifted_commitments_start, shifted_commitments_start, num_shifted_commitments); + + // Gemini verifier output: + // - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1 + const auto batch_opening_claim = + ShpleminiVerifier::compute_batch_opening_claim(n, + RefVector(unshifted_commitments), + RefVector(shifted_commitments), + RefArray{ eval1, eval2, eval3, eval4 }, + RefArray{ eval2_shift, eval3_shift }, + mle_opening_point, + this->vk()->get_g1_identity(), + verifier_transcript, + repeated_commitments); + + const auto pairing_points = KZG::reduce_verify_batch_opening_claim(batch_opening_claim, verifier_transcript); + + // Final pairing check: e([Q] - [Q_z] + z[W], [1]_2) = e([W], [x]_2) + EXPECT_EQ(this->vk()->pairing_check(pairing_points[0], pairing_points[1]), true); +} } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp index 2045714d9c2..83ced38c1f4 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp @@ -4,6 +4,7 @@ #include "barretenberg/commitment_schemes/gemini/gemini_impl.hpp" #include "barretenberg/commitment_schemes/shplonk/shplonk.hpp" #include "barretenberg/commitment_schemes/verification_key.hpp" +#include "barretenberg/flavor/repeated_commitments_data.hpp" #include "barretenberg/transcript/transcript.hpp" namespace bb { @@ -132,6 +133,7 @@ template class ShpleminiVerifier_ { const std::vector& multivariate_challenge, const Commitment& g1_identity, const std::shared_ptr& transcript, + const RepeatedCommitmentsData& repeated_commitments = {}, RefSpan libra_univariate_commitments = {}, const std::vector& libra_univariate_evaluations = {}, const std::vector>& concatenation_group_commitments = {}, @@ -288,6 +290,8 @@ template class ShpleminiVerifier_ { commitments.emplace_back(g1_identity); scalars.emplace_back(constant_term_accumulator); + remove_repeated_commitments(commitments, scalars, repeated_commitments, has_zk); + // For ZK flavors, the sumcheck output contains the evaluations of Libra univariates that submitted to the // ShpleminiVerifier, otherwise this argument is set to be empty if (has_zk) { @@ -493,13 +497,93 @@ template class ShpleminiVerifier_ { } } + /** + * @brief Combines scalars of repeating commitments to reduce the number of scalar multiplications performed by the + * verifier. + * + * @details The Shplemini verifier gets the access to multiple groups of commitments, some of which are duplicated + * because they correspond to polynomials whose shifts also evaluated or used in concatenation groups in + * Translator. This method combines the scalars associated with these repeating commitments, reducing the total + * number of scalar multiplications required during the verification. + * + * More specifically, the Shplemini verifier receives two or three groups of commitments: get_unshifted() and + * get_to_be_shifted() in the case of Ultra, Mega, and ECCVM Flavors; and get_unshifted_without_concatenated(), + * get_to_be_shifted(), and get_groups_to_be_concatenated() in the case of the TranslatorFlavor. The commitments are + * then placed in this specific order in a BatchOpeningClaim object containing a vector of commitments and a vector + * of scalars. The ranges with repeated commitments belong to the Flavors. This method iterates over these ranges + * and sums the scalar multipliers corresponding to the same group element. After combining the scalars, we erase + * corresponding entries in both vectors. + * + */ + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1151) Avoid erasing vector elements. + static void remove_repeated_commitments(std::vector& commitments, + std::vector& scalars, + const RepeatedCommitmentsData& repeated_commitments, + bool has_zk) + { + // We started populating commitments and scalars by adding Shplonk:Q commitmment and the corresponding scalar + // factor 1. In the case of ZK, we also added Gemini:masking_poly_comm before populating the vector with + // commitments to prover polynomials + const size_t offset = has_zk ? 2 : 1; + + // Extract the indices from the container, which is normally created in a given Flavor + const size_t& first_range_to_be_shifted_start = repeated_commitments.first_range_to_be_shifted_start + offset; + const size_t& first_range_shifted_start = repeated_commitments.first_range_shifted_start + offset; + const size_t& first_range_size = repeated_commitments.first_range_size; + + const size_t& second_range_to_be_shifted_start = repeated_commitments.second_range_to_be_shifted_start + offset; + const size_t& second_range_shifted_start = repeated_commitments.second_range_shifted_start + offset; + const size_t& second_range_size = repeated_commitments.second_range_size; + + // Iterate over the first range of to-be-shifted scalars and their shifted counterparts + for (size_t i = 0; i < first_range_size; i++) { + size_t idx_to_be_shifted = i + first_range_to_be_shifted_start; + size_t idx_shifted = i + first_range_shifted_start; + scalars[idx_to_be_shifted] = scalars[idx_to_be_shifted] + scalars[idx_shifted]; + } + + // Iterate over the second range of to-be-shifted precomputed scalars and their shifted counterparts (if + // provided) + for (size_t i = 0; i < second_range_size; i++) { + size_t idx_to_be_shifted = i + second_range_to_be_shifted_start; + size_t idx_shifted = i + second_range_shifted_start; + scalars[idx_to_be_shifted] = scalars[idx_to_be_shifted] + scalars[idx_shifted]; + } + + if (second_range_shifted_start > first_range_shifted_start) { + // Erase the shifted scalars and commitments from the second range (if provided) + for (size_t i = 0; i < second_range_size; ++i) { + scalars.erase(scalars.begin() + static_cast(second_range_shifted_start)); + commitments.erase(commitments.begin() + static_cast(second_range_shifted_start)); + } + + // Erase the shifted scalars and commitments from the first range + for (size_t i = 0; i < first_range_size; ++i) { + scalars.erase(scalars.begin() + static_cast(first_range_shifted_start)); + commitments.erase(commitments.begin() + static_cast(first_range_shifted_start)); + } + } else { + // Erase the shifted scalars and commitments from the first range + for (size_t i = 0; i < first_range_size; ++i) { + scalars.erase(scalars.begin() + static_cast(first_range_shifted_start)); + commitments.erase(commitments.begin() + static_cast(first_range_shifted_start)); + } + // Erase the shifted scalars and commitments from the second range (if provided) + for (size_t i = 0; i < second_range_size; ++i) { + scalars.erase(scalars.begin() + static_cast(second_range_shifted_start)); + commitments.erase(commitments.begin() + static_cast(second_range_shifted_start)); + } + } + } + /** * @brief Add the opening data corresponding to Libra masking univariates to the batched opening claim * * @details After verifying ZK Sumcheck, the verifier has to validate the claims about the evaluations of Libra - * univariates used to mask Sumcheck round univariates. To minimize the overhead of such openings, we continue the - * Shplonk batching started in Gemini, i.e. we add new claims multiplied by a suitable power of the Shplonk batching - * challenge and re-use the evaluation challenge sampled to prove the evaluations of Gemini polynomials. + * univariates used to mask Sumcheck round univariates. To minimize the overhead of such openings, we continue + * the Shplonk batching started in Gemini, i.e. we add new claims multiplied by a suitable power of the Shplonk + * batching challenge and re-use the evaluation challenge sampled to prove the evaluations of Gemini + * polynomials. * * @param commitments * @param scalars @@ -541,8 +625,8 @@ template class ShpleminiVerifier_ { if constexpr (!Curve::is_stdlib_type) { Fr::batch_invert(denominators); } - // add Libra commitments to the vector of commitments; compute corresponding scalars and the correction to the - // constant term + // add Libra commitments to the vector of commitments; compute corresponding scalars and the correction to + // the constant term for (const auto [libra_univariate_commitment, denominator, libra_univariate_evaluation] : zip_view(libra_univariate_commitments, denominators, libra_univariate_evaluations)) { commitments.push_back(std::move(libra_univariate_commitment)); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp index 3fab01e75c5..e3537c00a75 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp @@ -324,6 +324,7 @@ TYPED_TEST(ShpleminiTest, ShpleminiWithMaskingLibraUnivariates) mle_opening_point, this->vk()->get_g1_identity(), verifier_transcript, + {}, RefVector(libra_commitments), libra_evaluations); diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp index 02e2de4e920..b94b0c95085 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp @@ -130,14 +130,14 @@ TEST(ShpleminiRecursionTest, ProveAndVerifySingle) return zero; }); - auto opening_claim = ShpleminiVerifier::compute_batch_opening_claim(Fr::from_witness(&builder, N), - RefVector(stdlib_f_commitments), - RefVector(stdlib_g_commitments), - RefVector(stdlib_v_evaluations), - RefVector(stdlib_w_evaluations), - u_challenge_in_circuit, - Commitment::one(&builder), - stdlib_verifier_transcript); + const auto opening_claim = ShpleminiVerifier::compute_batch_opening_claim(Fr::from_witness(&builder, N), + RefVector(stdlib_f_commitments), + RefVector(stdlib_g_commitments), + RefVector(stdlib_v_evaluations), + RefVector(stdlib_w_evaluations), + u_challenge_in_circuit, + Commitment::one(&builder), + stdlib_verifier_transcript); auto pairing_points = KZG::reduce_verify_batch_opening_claim(opening_claim, stdlib_verifier_transcript); EXPECT_TRUE(CircuitChecker::check(builder)); diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp index a636fbb5452..a44e827d90e 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp @@ -7,6 +7,7 @@ #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/flavor/flavor_macros.hpp" #include "barretenberg/flavor/relation_definitions.hpp" +#include "barretenberg/flavor/repeated_commitments_data.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/polynomials/univariate.hpp" #include "barretenberg/relations/ecc_vm/ecc_bools_relation.hpp" @@ -52,8 +53,19 @@ class ECCVMFlavor { static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 3; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 87; + // The number of entities in ShiftedEntities. + static constexpr size_t NUM_SHIFTED_ENTITIES = 26; + // The number of entities in DerivedWitnessEntities that are not going to be shifted. + static constexpr size_t NUM_DERIVED_WITNESS_ENTITIES_NON_SHIFTED = 1; // The total number of witnesses including shifts and derived entities. - static constexpr size_t NUM_ALL_WITNESS_ENTITIES = 113; + static constexpr size_t NUM_ALL_WITNESS_ENTITIES = NUM_WITNESS_ENTITIES + NUM_SHIFTED_ENTITIES; + // A container to be fed to ShpleminiVerifier to avoid redundant scalar muls, the first number is the index of the + // first witness to be shifted. + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = + RepeatedCommitmentsData(NUM_PRECOMPUTED_ENTITIES + NUM_WITNESS_ENTITIES - + NUM_DERIVED_WITNESS_ENTITIES_NON_SHIFTED - NUM_SHIFTED_ENTITIES, + NUM_PRECOMPUTED_ENTITIES + NUM_WITNESS_ENTITIES, + NUM_SHIFTED_ENTITIES); using GrandProductRelations = std::tuple>; // define the tuple of Relations that comprise the Sumcheck relation @@ -121,91 +133,91 @@ class ECCVMFlavor { template class WireEntities { public: DEFINE_FLAVOR_MEMBERS(DataType, - transcript_add, // column 0 - transcript_mul, // column 1 - transcript_eq, // column 2 - transcript_msm_transition, // column 3 - transcript_pc, // column 4 - transcript_msm_count, // column 5 - transcript_Px, // column 6 - transcript_Py, // column 7 - transcript_z1, // column 8 - transcript_z2, // column 9 - transcript_z1zero, // column 10 - transcript_z2zero, // column 11 - transcript_op, // column 12 - transcript_accumulator_x, // column 13 - transcript_accumulator_y, // column 14 - transcript_msm_x, // column 15 - transcript_msm_y, // column 16 - precompute_pc, // column 17 - precompute_point_transition, // column 18 - precompute_round, // column 19 - precompute_scalar_sum, // column 20 - precompute_s1hi, // column 21 - precompute_s1lo, // column 22 - precompute_s2hi, // column 23 - precompute_s2lo, // column 24 - precompute_s3hi, // column 25 - precompute_s3lo, // column 26 - precompute_s4hi, // column 27 - precompute_s4lo, // column 28 - precompute_skew, // column 29 - precompute_dx, // column 30 - precompute_dy, // column 31 - precompute_tx, // column 32 - precompute_ty, // column 33 - msm_transition, // column 34 - msm_add, // column 35 - msm_double, // column 36 - msm_skew, // column 37 - msm_accumulator_x, // column 38 - msm_accumulator_y, // column 39 - msm_pc, // column 40 - msm_size_of_msm, // column 41 - msm_count, // column 42 - msm_round, // column 43 - msm_add1, // column 44 - msm_add2, // column 45 - msm_add3, // column 46 - msm_add4, // column 47 - msm_x1, // column 48 - msm_y1, // column 49 - msm_x2, // column 50 - msm_y2, // column 51 - msm_x3, // column 52 - msm_y3, // column 53 - msm_x4, // column 54 - msm_y4, // column 55 - msm_collision_x1, // column 56 - msm_collision_x2, // column 57 - msm_collision_x3, // column 58 - msm_collision_x4, // column 59 - msm_lambda1, // column 60 - msm_lambda2, // column 61 - msm_lambda3, // column 62 - msm_lambda4, // column 63 - msm_slice1, // column 64 - msm_slice2, // column 65 - msm_slice3, // column 66 - msm_slice4, // column 67 - transcript_accumulator_empty, // column 68 - transcript_reset_accumulator, // column 69 - precompute_select, // column 70 - lookup_read_counts_0, // column 71 - lookup_read_counts_1, // column 72 - transcript_base_infinity, // column 73 - transcript_base_x_inverse, // column 74 - transcript_base_y_inverse, // column 75 - transcript_add_x_equal, // column 76 - transcript_add_y_equal, // column 77 - transcript_add_lambda, // column 78 - transcript_msm_intermediate_x, // column 79 - transcript_msm_intermediate_y, // column 80 - transcript_msm_infinity, // column 81 - transcript_msm_x_inverse, // column 82 - transcript_msm_count_zero_at_transition, // column 83 - transcript_msm_count_at_transition_inverse); // column 84 + transcript_add, // column 0 + transcript_eq, // column 1 + transcript_msm_transition, // column 2 + transcript_Px, // column 3 + transcript_Py, // column 4 + transcript_z1, // column 5 + transcript_z2, // column 6 + transcript_z1zero, // column 7 + transcript_z2zero, // column 8 + transcript_op, // column 9 + transcript_msm_x, // column 10 + transcript_msm_y, // column 11 + precompute_point_transition, // column 12 + precompute_s1lo, // column 13 + precompute_s2hi, // column 14 + precompute_s2lo, // column 15 + precompute_s3hi, // column 16 + precompute_s3lo, // column 17 + precompute_s4hi, // column 18 + precompute_s4lo, // column 19 + precompute_skew, // column 20 + msm_size_of_msm, // column 21 + msm_add2, // column 22 + msm_add3, // column 23 + msm_add4, // column 24 + msm_x1, // column 25 + msm_y1, // column 26 + msm_x2, // column 27 + msm_y2, // column 28 + msm_x3, // column 29 + msm_y3, // column 30 + msm_x4, // column 31 + msm_y4, // column 32 + msm_collision_x1, // column 33 + msm_collision_x2, // column 34 + msm_collision_x3, // column 35 + msm_collision_x4, // column 36 + msm_lambda1, // column 37 + msm_lambda2, // column 38 + msm_lambda3, // column 39 + msm_lambda4, // column 40 + msm_slice1, // column 41 + msm_slice2, // column 42 + msm_slice3, // column 43 + msm_slice4, // column 44 + transcript_reset_accumulator, // column 45 + lookup_read_counts_0, // column 46 + lookup_read_counts_1, // column 47 + transcript_base_infinity, // column 48 + transcript_base_x_inverse, // column 49 + transcript_base_y_inverse, // column 50 + transcript_add_x_equal, // column 51 + transcript_add_y_equal, // column 52 + transcript_add_lambda, // column 53 + transcript_msm_intermediate_x, // column 54 + transcript_msm_intermediate_y, // column 55 + transcript_msm_infinity, // column 56 + transcript_msm_x_inverse, // column 57 + transcript_msm_count_zero_at_transition, // column 58 + transcript_msm_count_at_transition_inverse, // column 59 + transcript_mul, // column 60 + transcript_msm_count, // column 61 + transcript_accumulator_x, // column 62 + transcript_accumulator_y, // column 63 + precompute_scalar_sum, // column 64 + precompute_s1hi, // column 65 + precompute_dx, // column 66 + precompute_dy, // column 67 + precompute_tx, // column 68 + precompute_ty, // column 69 + msm_transition, // column 70 + msm_add, // column 71 + msm_double, // column 72 + msm_skew, // column 73 + msm_accumulator_x, // column 74 + msm_accumulator_y, // column 75 + msm_count, // column 76 + msm_round, // column 77 + msm_add1, // column 78 + msm_pc, // column 79 + precompute_pc, // column 80 + transcript_pc, // column 81 + precompute_round, // column 82 + transcript_accumulator_empty, // column 83 + precompute_select) // column 84 }; /** diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp index f562f36c6f8..92d3ffc5f13 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp @@ -41,11 +41,8 @@ class ECCVMTranscriptTests : public ::testing::Test { size_t round = 0; manifest_expected.add_entry(round, "circuit_size", frs_per_uint32); manifest_expected.add_entry(round, "TRANSCRIPT_ADD", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_MUL", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_EQ", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MSM_TRANSITION", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_PC", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_PX", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_PY", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_Z1", frs_per_G); @@ -53,15 +50,9 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "TRANSCRIPT_Z1ZERO", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_Z2ZERO", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_OP", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MSM_X", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MSM_Y", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_PC", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_POINT_TRANSITION", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_ROUND", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_SCALAR_SUM", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_S1HI", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_S1LO", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_S2HI", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_S2LO", frs_per_G); @@ -70,21 +61,7 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "PRECOMPUTE_S4HI", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_S4LO", frs_per_G); manifest_expected.add_entry(round, "PRECOMPUTE_SKEW", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_DX", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_DY", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_TX", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_TY", frs_per_G); - manifest_expected.add_entry(round, "MSM_TRANSITION", frs_per_G); - manifest_expected.add_entry(round, "MSM_ADD", frs_per_G); - manifest_expected.add_entry(round, "MSM_DOUBLE", frs_per_G); - manifest_expected.add_entry(round, "MSM_SKEW", frs_per_G); - manifest_expected.add_entry(round, "MSM_ACCUMULATOR_X", frs_per_G); - manifest_expected.add_entry(round, "MSM_ACCUMULATOR_Y", frs_per_G); - manifest_expected.add_entry(round, "MSM_PC", frs_per_G); manifest_expected.add_entry(round, "MSM_SIZE_OF_MSM", frs_per_G); - manifest_expected.add_entry(round, "MSM_COUNT", frs_per_G); - manifest_expected.add_entry(round, "MSM_ROUND", frs_per_G); - manifest_expected.add_entry(round, "MSM_ADD1", frs_per_G); manifest_expected.add_entry(round, "MSM_ADD2", frs_per_G); manifest_expected.add_entry(round, "MSM_ADD3", frs_per_G); manifest_expected.add_entry(round, "MSM_ADD4", frs_per_G); @@ -108,9 +85,7 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "MSM_SLICE2", frs_per_G); manifest_expected.add_entry(round, "MSM_SLICE3", frs_per_G); manifest_expected.add_entry(round, "MSM_SLICE4", frs_per_G); - manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_EMPTY", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_RESET_ACCUMULATOR", frs_per_G); - manifest_expected.add_entry(round, "PRECOMPUTE_SELECT", frs_per_G); manifest_expected.add_entry(round, "LOOKUP_READ_COUNTS_0", frs_per_G); manifest_expected.add_entry(round, "LOOKUP_READ_COUNTS_1", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_BASE_INFINITY", frs_per_G); @@ -125,6 +100,31 @@ class ECCVMTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "TRANSCRIPT_MSM_X_INVERSE", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_ZERO_AT_TRANSITION", frs_per_G); manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_AT_TRANSITION_INVERSE", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_MUL", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_SCALAR_SUM", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_S1HI", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_DX", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_DY", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_TX", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_TY", frs_per_G); + manifest_expected.add_entry(round, "MSM_TRANSITION", frs_per_G); + manifest_expected.add_entry(round, "MSM_ADD", frs_per_G); + manifest_expected.add_entry(round, "MSM_DOUBLE", frs_per_G); + manifest_expected.add_entry(round, "MSM_SKEW", frs_per_G); + manifest_expected.add_entry(round, "MSM_ACCUMULATOR_X", frs_per_G); + manifest_expected.add_entry(round, "MSM_ACCUMULATOR_Y", frs_per_G); + manifest_expected.add_entry(round, "MSM_COUNT", frs_per_G); + manifest_expected.add_entry(round, "MSM_ROUND", frs_per_G); + manifest_expected.add_entry(round, "MSM_ADD1", frs_per_G); + manifest_expected.add_entry(round, "MSM_PC", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_PC", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_PC", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_ROUND", frs_per_G); + manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_EMPTY", frs_per_G); + manifest_expected.add_entry(round, "PRECOMPUTE_SELECT", frs_per_G); manifest_expected.add_challenge(round, "beta", "gamma"); round++; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp index 210b9ee6ac4..f4a10683335 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp @@ -80,6 +80,7 @@ bool ECCVMVerifier::verify_proof(const ECCVMProof& proof) multivariate_challenge, key->pcs_verification_key->get_g1_identity(), transcript, + Flavor::REPEATED_COMMITMENTS, RefVector(libra_commitments), libra_evaluations); diff --git a/barretenberg/cpp/src/barretenberg/flavor/repeated_commitments_data.hpp b/barretenberg/cpp/src/barretenberg/flavor/repeated_commitments_data.hpp new file mode 100644 index 00000000000..c5b697ded49 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/flavor/repeated_commitments_data.hpp @@ -0,0 +1,36 @@ +#pragma once +#include + +namespace bb { +struct RepeatedCommitmentsData { + size_t first_range_to_be_shifted_start = 0; + size_t first_range_shifted_start = 0; + size_t first_range_size = 0; + size_t second_range_to_be_shifted_start = 0; + size_t second_range_shifted_start = 0; + size_t second_range_size = 0; + + RepeatedCommitmentsData() = default; + // Constructor for a single range + constexpr RepeatedCommitmentsData(size_t first_to_be_shifted_start, size_t first_shifted_start, size_t first_size) + : first_range_to_be_shifted_start(first_to_be_shifted_start) + , first_range_shifted_start(first_shifted_start) + , first_range_size(first_size) + {} + + // Constructor for both ranges + constexpr RepeatedCommitmentsData(size_t first_to_be_shifted_start, + size_t first_shifted_start, + size_t first_size, + size_t second_to_be_shifted_start, + size_t second_shifted_start, + size_t second_size) + : first_range_to_be_shifted_start(first_to_be_shifted_start) + , first_range_shifted_start(first_shifted_start) + , first_range_size(first_size) + , second_range_to_be_shifted_start(second_to_be_shifted_start) + , second_range_shifted_start(second_shifted_start) + , second_range_size(second_size) + {} +}; +} // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_flavor.hpp index f486752a9cb..637fe115c07 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_flavor.hpp @@ -45,8 +45,8 @@ template class ECCVMRecursiveFlavor_ { static constexpr size_t NUM_PRECOMPUTED_ENTITIES = ECCVMFlavor::NUM_PRECOMPUTED_ENTITIES; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = ECCVMFlavor::NUM_WITNESS_ENTITIES; - static constexpr size_t NUM_ALL_WITNESS_ENTITIES = ECCVMFlavor::NUM_ALL_WITNESS_ENTITIES; + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = ECCVMFlavor::REPEATED_COMMITMENTS; // define the tuple of Relations that comprise the Sumcheck relation // Reuse the Relations from ECCVM using Relations = ECCVMFlavor::Relations_; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp index 869e11b4920..dd1868f2cc6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/eccvm_verifier/eccvm_recursive_verifier.cpp @@ -94,8 +94,10 @@ template void ECCVMRecursiveVerifier_::verify_proof(co multivariate_challenge, key->pcs_verification_key->get_g1_identity(), transcript, + Flavor::REPEATED_COMMITMENTS, RefVector(libra_commitments), libra_evaluations); + // Reduce the accumulator to a single opening claim const OpeningClaim multivariate_to_univariate_opening_claim = PCS::reduce_batch_opening_claim(sumcheck_batch_opening_claims); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp index a47470cf577..3bbb2611cfb 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp @@ -31,14 +31,15 @@ std::array DeciderRecursiveVerifier_:: sumcheck.verify(accumulator->relation_parameters, accumulator->alphas, accumulator->gate_challenges); // Execute Shplemini rounds. - auto opening_claim = Shplemini::compute_batch_opening_claim(accumulator->verification_key->circuit_size, - commitments.get_unshifted(), - commitments.get_to_be_shifted(), - claimed_evaluations.get_unshifted(), - claimed_evaluations.get_shifted(), - multivariate_challenge, - Commitment::one(builder), - transcript); + const auto opening_claim = Shplemini::compute_batch_opening_claim(accumulator->verification_key->circuit_size, + commitments.get_unshifted(), + commitments.get_to_be_shifted(), + claimed_evaluations.get_unshifted(), + claimed_evaluations.get_shifted(), + multivariate_challenge, + Commitment::one(builder), + transcript, + Flavor::REPEATED_COMMITMENTS); auto pairing_points = PCS::reduce_verify_batch_opening_claim(opening_claim, transcript); return pairing_points; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp index 5928b8a0bff..26c2297b41d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.cpp @@ -117,8 +117,10 @@ UltraRecursiveVerifier_::AggregationObject UltraRecursiveVerifier_ class TranslatorRecursiveFlavor_ { // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = NativeFlavor::NUM_WITNESS_ENTITIES; + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = NativeFlavor::REPEATED_COMMITMENTS; + using Relations = TranslatorFlavor::Relations_; static constexpr size_t MAX_PARTIAL_RELATION_LENGTH = compute_max_partial_relation_length(); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp index 1dbae562d7d..2849fdd48b5 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/translator_vm_verifier/translator_recursive_verifier.cpp @@ -120,6 +120,9 @@ std::array TranslatorRecursiveVerifier_ opening_claim = Shplemini::compute_batch_opening_claim(circuit_size, commitments.get_unshifted_without_concatenated(), @@ -129,6 +132,7 @@ std::array TranslatorRecursiveVerifier_; // The total number of witnesses including shifts and derived entities. - static constexpr size_t NUM_ALL_WITNESS_ENTITIES = 23; + static constexpr size_t NUM_ALL_WITNESS_ENTITIES = NUM_WITNESS_ENTITIES + NUM_SHIFTED_WITNESSES; // For instances of this flavour, used in folding, we need a unique sumcheck batching challenges for each // subrelation. This @@ -272,6 +282,7 @@ class MegaFlavor { /** * @brief Class for ShiftedEntities, containing shifted witness and table polynomials. + * TODO: Remove NUM_SHIFTED_TABLES once these entities are deprecated. */ template class ShiftedTables { public: diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_recursive_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_recursive_flavor.hpp index 94ef17d6c8d..9fc58872fab 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_recursive_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_recursive_flavor.hpp @@ -68,6 +68,9 @@ template class MegaRecursiveFlavor_ { // random polynomial e.g. For \sum(x) [A(x) * B(x) + C(x)] * PowZeta(X), relation length = 2 and random relation // length = 3 static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = MAX_PARTIAL_RELATION_LENGTH + 1; + + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = MegaFlavor::REPEATED_COMMITMENTS; + static constexpr size_t NUM_RELATIONS = std::tuple_size_v; // For instances of this flavour, used in folding, we need a unique sumcheck batching challenge for each diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 4df8941fd53..d8be56ad096 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -3,6 +3,7 @@ #include "barretenberg/ecc/curves/bn254/g1.hpp" #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/flavor/flavor_macros.hpp" +#include "barretenberg/flavor/repeated_commitments_data.hpp" #include "barretenberg/plonk_honk_shared/library/grand_product_delta.hpp" #include "barretenberg/plonk_honk_shared/library/grand_product_library.hpp" #include "barretenberg/polynomials/barycentric.hpp" @@ -47,10 +48,21 @@ class UltraFlavor { static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 27; // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = 8; - // The total number of witnesses including shifts and derived entities. - static constexpr size_t NUM_ALL_WITNESS_ENTITIES = 13; // Total number of folded polynomials, which is just all polynomials except the shifts static constexpr size_t NUM_FOLDED_ENTITIES = NUM_PRECOMPUTED_ENTITIES + NUM_WITNESS_ENTITIES; + // The number of shifted witness entities including derived witness entities + static constexpr size_t NUM_SHIFTED_WITNESSES = 5; + // The number of shifted tables + static constexpr size_t NUM_SHIFTED_TABLES = 4; + + // A container to be fed to ShpleminiVerifier to avoid redundant scalar muls + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = + RepeatedCommitmentsData(NUM_PRECOMPUTED_ENTITIES, + NUM_PRECOMPUTED_ENTITIES + NUM_WITNESS_ENTITIES + NUM_SHIFTED_TABLES, + NUM_SHIFTED_WITNESSES); + + // The total number of witnesses including shifts and derived entities. + static constexpr size_t NUM_ALL_WITNESS_ENTITIES = NUM_WITNESS_ENTITIES + NUM_SHIFTED_WITNESSES; // define the tuple of Relations that comprise the Sumcheck relation // Note: made generic for use in MegaRecursive. @@ -193,6 +205,7 @@ class UltraFlavor { /** * @brief Class for ShiftedEntities, containing shifted witness and table polynomials. + * TODO: Remove NUM_SHIFTED_TABLES once these entities are deprecated. */ template class ShiftedTables { public: diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp index 972e1bf909c..9b28f0de7d9 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp @@ -69,6 +69,8 @@ template class UltraRecursiveFlavor_ { // The total number of witness entities not including shifts. static constexpr size_t NUM_WITNESS_ENTITIES = UltraFlavor::NUM_WITNESS_ENTITIES; + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = UltraFlavor::REPEATED_COMMITMENTS; + // define the tuple of Relations that comprise the Sumcheck relation using Relations = UltraFlavor::Relations_; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_circuit_builder.hpp index 2c8e0d2c9c4..6820125e050 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_circuit_builder.hpp @@ -96,53 +96,58 @@ class TranslatorCircuitBuilder : public CircuitBuilderBase { X_LOW_Y_HI, X_HIGH_Z_1, Y_LOW_Z_2, - P_X_LOW_LIMBS, // P.xₗₒ split into 2 68 bit limbs + P_X_LOW_LIMBS, // P.xₗₒ split into 2 68 bit limbs + P_X_HIGH_LIMBS, // P.xₕᵢ split into a 68 and a 50 bit limb + P_Y_LOW_LIMBS, // P.yₗₒ split into 2 68 bit limbs + P_Y_HIGH_LIMBS, // P.yₕᵢ split into a 68 and a 50 bit limb + Z_LOW_LIMBS, // Low limbs of z_1 and z_2 (68 bits each) + Z_HIGH_LIMBS, // High Limbs of z_1 and z_2 (60 bits each) + ACCUMULATORS_BINARY_LIMBS_0, // Contain 68-bit limbs of current and previous accumulator (previous at higher + // indices because of the nuances of KZG commitment). + ACCUMULATORS_BINARY_LIMBS_1, + ACCUMULATORS_BINARY_LIMBS_2, + ACCUMULATORS_BINARY_LIMBS_3, // Highest limb is 50 bits (254 mod 68) P_X_LOW_LIMBS_RANGE_CONSTRAINT_0, // Low + // limbs split further into smaller chunks for range constraints + QUOTIENT_LOW_BINARY_LIMBS, // Quotient limbs + QUOTIENT_HIGH_BINARY_LIMBS, + RELATION_WIDE_LIMBS, // Limbs for checking the correctness of mod 2²⁷² relations. P_X_LOW_LIMBS_RANGE_CONSTRAINT_0, // Low limbs split further into smaller chunks for range constraints P_X_LOW_LIMBS_RANGE_CONSTRAINT_1, P_X_LOW_LIMBS_RANGE_CONSTRAINT_2, P_X_LOW_LIMBS_RANGE_CONSTRAINT_3, P_X_LOW_LIMBS_RANGE_CONSTRAINT_4, P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - P_X_HIGH_LIMBS, // P.xₕᵢ split into a 68 and a 50 bit limb P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0, // High limbs split into chunks for range constraints P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1, P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2, P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3, P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4, P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, - P_Y_LOW_LIMBS, // P.yₗₒ split into 2 68 bit limbs P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0, // Low limbs split into chunks for range constraints P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1, P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2, P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3, P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4, P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - P_Y_HIGH_LIMBS, // P.yₕᵢ split into a 68 and a 50 bit limb P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0, // High limbs split into chunks for range constraints P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1, P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2, P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3, P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4, P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, - Z_LOW_LIMBS, // Low limbs of z_1 and z_2 (68 bits each) Z_LOW_LIMBS_RANGE_CONSTRAINT_0, // Range constraints for low limbs of z_1 and z_2 Z_LOW_LIMBS_RANGE_CONSTRAINT_1, Z_LOW_LIMBS_RANGE_CONSTRAINT_2, Z_LOW_LIMBS_RANGE_CONSTRAINT_3, Z_LOW_LIMBS_RANGE_CONSTRAINT_4, Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL, - Z_HIGH_LIMBS, // High Limbs of z_1 and z_2 (60 bits each) Z_HIGH_LIMBS_RANGE_CONSTRAINT_0, // Range constraints for high limbs of z_1 and z_2 Z_HIGH_LIMBS_RANGE_CONSTRAINT_1, Z_HIGH_LIMBS_RANGE_CONSTRAINT_2, Z_HIGH_LIMBS_RANGE_CONSTRAINT_3, Z_HIGH_LIMBS_RANGE_CONSTRAINT_4, Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, - ACCUMULATORS_BINARY_LIMBS_0, // Contain 68-bit limbs of current and previous accumulator (previous at higher - // indices because of the nuances of KZG commitment). - ACCUMULATORS_BINARY_LIMBS_1, - ACCUMULATORS_BINARY_LIMBS_2, - ACCUMULATORS_BINARY_LIMBS_3, // Highest limb is 50 bits (254 mod 68) + ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0, // Range constraints for the current accumulator limbs (no need to // redo previous accumulator) ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1, @@ -156,8 +161,7 @@ class TranslatorCircuitBuilder : public CircuitBuilderBase { ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3, ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4, ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL, - QUOTIENT_LOW_BINARY_LIMBS, // Quotient limbs - QUOTIENT_HIGH_BINARY_LIMBS, + QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_0, // Range constraints for quotient QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_1, QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_2, @@ -170,7 +174,6 @@ class TranslatorCircuitBuilder : public CircuitBuilderBase { QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_3, QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_4, QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_TAIL, - RELATION_WIDE_LIMBS, // Limbs for checking the correctness of mod 2²⁷² relations. RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0, RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1, RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2, diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp index dced2b66d4f..7167437d4e3 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_flavor.hpp @@ -6,6 +6,7 @@ #include "barretenberg/flavor/flavor.hpp" #include "barretenberg/flavor/flavor_macros.hpp" #include "barretenberg/flavor/relation_definitions.hpp" +#include "barretenberg/flavor/repeated_commitments_data.hpp" #include "barretenberg/honk/proof_system/permutation_library.hpp" #include "barretenberg/polynomials/polynomial.hpp" #include "barretenberg/polynomials/univariate.hpp" @@ -81,7 +82,30 @@ class TranslatorFlavor { static constexpr size_t NUM_WITNESS_ENTITIES = 91; // The total number of witnesses including shifts and derived entities. static constexpr size_t NUM_ALL_WITNESS_ENTITIES = 177; - + static constexpr size_t NUM_WIRES_NON_SHIFTED = 1; + static constexpr size_t NUM_SHIFTED_WITNESSES = 86; + static constexpr size_t NUM_CONCATENATED = NUM_CONCATENATED_WIRES * CONCATENATION_GROUP_SIZE; + // Number of elements in WireToBeShiftedWithoutConcatenated + static constexpr size_t NUM_WIRES_TO_BE_SHIFTED_WITHOUT_CONCATENATED = 16; + // The index of the first unshifted witness that is going to be shifted when AllEntities are partitioned into + // get_unshifted_without_concatenated(), get_to_be_shifted(), and get_groups_to_be_concatenated() + static constexpr size_t TO_BE_SHIFTED_WITNESSES_START = NUM_PRECOMPUTED_ENTITIES + NUM_WIRES_NON_SHIFTED; + // The index of the shift of the first to be shifted witness + static constexpr size_t SHIFTED_WITNESSES_START = NUM_SHIFTED_WITNESSES + TO_BE_SHIFTED_WITNESSES_START; + // The index of the first unshifted witness that is contained in the groups to be concatenated, when AllEntities are + // partitioned into get_unshifted_without_concatenated(), get_to_be_shifted(), and get_groups_to_be_concatenated() + static constexpr size_t TO_BE_CONCATENATED_START = + NUM_PRECOMPUTED_ENTITIES + NUM_WIRES_NON_SHIFTED + NUM_WIRES_TO_BE_SHIFTED_WITHOUT_CONCATENATED; + // The index of the first concatenation groups element inside AllEntities + static constexpr size_t CONCATENATED_START = NUM_SHIFTED_WITNESSES + SHIFTED_WITNESSES_START; + // A container to be fed to ShpleminiVerifier to avoid redundant scalar muls + static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = + RepeatedCommitmentsData(NUM_PRECOMPUTED_ENTITIES + NUM_WIRES_NON_SHIFTED, + NUM_PRECOMPUTED_ENTITIES + NUM_WIRES_NON_SHIFTED + NUM_SHIFTED_WITNESSES, + NUM_SHIFTED_WITNESSES, + TO_BE_CONCATENATED_START, + CONCATENATED_START, + NUM_CONCATENATED); using GrandProductRelations = std::tuple>; // define the tuple of Relations that comprise the Sumcheck relation template @@ -141,91 +165,103 @@ class TranslatorFlavor { concatenated_range_constraints_3) // column 3 }; // TODO(https://github.com/AztecProtocol/barretenberg/issues/790) dedupe with shifted? - template class WireToBeShiftedEntities { + template class WireToBeShiftedWithoutConcatenated { + public: + DEFINE_FLAVOR_MEMBERS(DataType, + x_lo_y_hi, // column 0 + x_hi_z_1, // column 1 + y_lo_z_2, // column 2 + p_x_low_limbs, // column 3 + p_x_high_limbs, // column 4 + p_y_low_limbs, // column 5 + p_y_high_limbs, // column 6 + z_low_limbs, // column 7 + z_high_limbs, // column 8 + accumulators_binary_limbs_0, // column 9 + accumulators_binary_limbs_1, // column 10 + accumulators_binary_limbs_2, // column 11 + accumulators_binary_limbs_3, // column 12 + quotient_low_binary_limbs, // column 13 + quotient_high_binary_limbs, // column 14 + relation_wide_limbs); // column 15 + }; + + template class WireToBeShiftedAndConcatenated { public: DEFINE_FLAVOR_MEMBERS(DataType, - x_lo_y_hi, // column 0 - x_hi_z_1, // column 1 - y_lo_z_2, // column 2 - p_x_low_limbs, // column 3 - p_x_low_limbs_range_constraint_0, // column 4 - p_x_low_limbs_range_constraint_1, // column 5 - p_x_low_limbs_range_constraint_2, // column 6 - p_x_low_limbs_range_constraint_3, // column 7 - p_x_low_limbs_range_constraint_4, // column 8 - p_x_low_limbs_range_constraint_tail, // column 9 - p_x_high_limbs, // column 10 - p_x_high_limbs_range_constraint_0, // column 11 - p_x_high_limbs_range_constraint_1, // column 12 - p_x_high_limbs_range_constraint_2, // column 13 - p_x_high_limbs_range_constraint_3, // column 14 - p_x_high_limbs_range_constraint_4, // column 15 - p_x_high_limbs_range_constraint_tail, // column 16 - p_y_low_limbs, // column 17 - p_y_low_limbs_range_constraint_0, // column 18 - p_y_low_limbs_range_constraint_1, // column 19 - p_y_low_limbs_range_constraint_2, // column 20 - p_y_low_limbs_range_constraint_3, // column 21 - p_y_low_limbs_range_constraint_4, // column 22 - p_y_low_limbs_range_constraint_tail, // column 23 - p_y_high_limbs, // column 24 - p_y_high_limbs_range_constraint_0, // column 25 - p_y_high_limbs_range_constraint_1, // column 26 - p_y_high_limbs_range_constraint_2, // column 27 - p_y_high_limbs_range_constraint_3, // column 28 - p_y_high_limbs_range_constraint_4, // column 29 - p_y_high_limbs_range_constraint_tail, // column 30 - z_low_limbs, // column 31 - z_low_limbs_range_constraint_0, // column 32 - z_low_limbs_range_constraint_1, // column 33 - z_low_limbs_range_constraint_2, // column 34 - z_low_limbs_range_constraint_3, // column 35 - z_low_limbs_range_constraint_4, // column 36 - z_low_limbs_range_constraint_tail, // column 37 - z_high_limbs, // column 38 - z_high_limbs_range_constraint_0, // column 39 - z_high_limbs_range_constraint_1, // column 40 - z_high_limbs_range_constraint_2, // column 41 - z_high_limbs_range_constraint_3, // column 42 - z_high_limbs_range_constraint_4, // column 43 - z_high_limbs_range_constraint_tail, // column 44 - accumulators_binary_limbs_0, // column 45 - accumulators_binary_limbs_1, // column 46 - accumulators_binary_limbs_2, // column 47 - accumulators_binary_limbs_3, // column 48 - accumulator_low_limbs_range_constraint_0, // column 49 - accumulator_low_limbs_range_constraint_1, // column 50 - accumulator_low_limbs_range_constraint_2, // column 51 - accumulator_low_limbs_range_constraint_3, // column 52 - accumulator_low_limbs_range_constraint_4, // column 53 - accumulator_low_limbs_range_constraint_tail, // column 54 - accumulator_high_limbs_range_constraint_0, // column 55 - accumulator_high_limbs_range_constraint_1, // column 56 - accumulator_high_limbs_range_constraint_2, // column 57 - accumulator_high_limbs_range_constraint_3, // column 58 - accumulator_high_limbs_range_constraint_4, // column 59 - accumulator_high_limbs_range_constraint_tail, // column 60 - quotient_low_binary_limbs, // column 61 - quotient_high_binary_limbs, // column 62 - quotient_low_limbs_range_constraint_0, // column 63 - quotient_low_limbs_range_constraint_1, // column 64 - quotient_low_limbs_range_constraint_2, // column 65 - quotient_low_limbs_range_constraint_3, // column 66 - quotient_low_limbs_range_constraint_4, // column 67 - quotient_low_limbs_range_constraint_tail, // column 68 - quotient_high_limbs_range_constraint_0, // column 69 - quotient_high_limbs_range_constraint_1, // column 70 - quotient_high_limbs_range_constraint_2, // column 71 - quotient_high_limbs_range_constraint_3, // column 72 - quotient_high_limbs_range_constraint_4, // column 73 - quotient_high_limbs_range_constraint_tail, // column 74 - relation_wide_limbs, // column 75 + p_x_low_limbs_range_constraint_0, // column 16 + p_x_low_limbs_range_constraint_1, // column 17 + p_x_low_limbs_range_constraint_2, // column 18 + p_x_low_limbs_range_constraint_3, // column 19 + p_x_low_limbs_range_constraint_4, // column 20 + p_x_low_limbs_range_constraint_tail, // column 21 + p_x_high_limbs_range_constraint_0, // column 22 + p_x_high_limbs_range_constraint_1, // column 23 + p_x_high_limbs_range_constraint_2, // column 24 + p_x_high_limbs_range_constraint_3, // column 25 + p_x_high_limbs_range_constraint_4, // column 26 + p_x_high_limbs_range_constraint_tail, // column 27 + p_y_low_limbs_range_constraint_0, // column 28 + p_y_low_limbs_range_constraint_1, // column 29 + p_y_low_limbs_range_constraint_2, // column 30 + p_y_low_limbs_range_constraint_3, // column 31 + p_y_low_limbs_range_constraint_4, // column 32 + p_y_low_limbs_range_constraint_tail, // column 33 + p_y_high_limbs_range_constraint_0, // column 34 + p_y_high_limbs_range_constraint_1, // column 35 + p_y_high_limbs_range_constraint_2, // column 36 + p_y_high_limbs_range_constraint_3, // column 37 + p_y_high_limbs_range_constraint_4, // column 38 + p_y_high_limbs_range_constraint_tail, // column 39 + z_low_limbs_range_constraint_0, // column 40 + z_low_limbs_range_constraint_1, // column 41 + z_low_limbs_range_constraint_2, // column 42 + z_low_limbs_range_constraint_3, // column 43 + z_low_limbs_range_constraint_4, // column 44 + z_low_limbs_range_constraint_tail, // column 45 + z_high_limbs_range_constraint_0, // column 46 + z_high_limbs_range_constraint_1, // column 47 + z_high_limbs_range_constraint_2, // column 48 + z_high_limbs_range_constraint_3, // column 49 + z_high_limbs_range_constraint_4, // column 50 + z_high_limbs_range_constraint_tail, // column 51 + accumulator_low_limbs_range_constraint_0, // column 52 + accumulator_low_limbs_range_constraint_1, // column 53 + accumulator_low_limbs_range_constraint_2, // column 54 + accumulator_low_limbs_range_constraint_3, // column 55 + accumulator_low_limbs_range_constraint_4, // column 56 + accumulator_low_limbs_range_constraint_tail, // column 57 + accumulator_high_limbs_range_constraint_0, // column 58 + accumulator_high_limbs_range_constraint_1, // column 59 + accumulator_high_limbs_range_constraint_2, // column 60 + accumulator_high_limbs_range_constraint_3, // column 61 + accumulator_high_limbs_range_constraint_4, // column 62 + accumulator_high_limbs_range_constraint_tail, // column 63 + quotient_low_limbs_range_constraint_0, // column 64 + quotient_low_limbs_range_constraint_1, // column 65 + quotient_low_limbs_range_constraint_2, // column 66 + quotient_low_limbs_range_constraint_3, // column 67 + quotient_low_limbs_range_constraint_4, // column 68 + quotient_low_limbs_range_constraint_tail, // column 69 + quotient_high_limbs_range_constraint_0, // column 70 + quotient_high_limbs_range_constraint_1, // column 71 + quotient_high_limbs_range_constraint_2, // column 72 + quotient_high_limbs_range_constraint_3, // column 73 + quotient_high_limbs_range_constraint_4, // column 74 + quotient_high_limbs_range_constraint_tail, // column 75 relation_wide_limbs_range_constraint_0, // column 76 relation_wide_limbs_range_constraint_1, // column 77 relation_wide_limbs_range_constraint_2, // column 78 relation_wide_limbs_range_constraint_3); // column 79 }; + template + class WireToBeShiftedEntities : public WireToBeShiftedWithoutConcatenated, + public WireToBeShiftedAndConcatenated { + public: + DEFINE_COMPOUND_GET_ALL(WireToBeShiftedWithoutConcatenated, WireToBeShiftedAndConcatenated) + }; + // TODO(https://github.com/AztecProtocol/barretenberg/issues/907) // Note: These are technically derived from wires but do not depend on challenges (like z_perm). They are committed // to in the wires commitment round. @@ -407,51 +443,54 @@ class TranslatorFlavor { x_hi_z_1_shift, // column 1 y_lo_z_2_shift, // column 2 p_x_low_limbs_shift, // column 3 + p_x_high_limbs_shift, // column 10 + p_y_low_limbs_shift, // column 17 + p_y_high_limbs_shift, // column 24 + z_low_limbs_shift, // column 31 + z_high_limbs_shift, // column 38 + accumulators_binary_limbs_0_shift, // column 45 + accumulators_binary_limbs_1_shift, // column 46 + accumulators_binary_limbs_2_shift, // column 47 + accumulators_binary_limbs_3_shift, // column 48 + quotient_low_binary_limbs_shift, // column 61 + quotient_high_binary_limbs_shift, // column 62 + relation_wide_limbs_shift, // column 75 p_x_low_limbs_range_constraint_0_shift, // column 4 p_x_low_limbs_range_constraint_1_shift, // column 5 p_x_low_limbs_range_constraint_2_shift, // column 6 p_x_low_limbs_range_constraint_3_shift, // column 7 p_x_low_limbs_range_constraint_4_shift, // column 8 p_x_low_limbs_range_constraint_tail_shift, // column 9 - p_x_high_limbs_shift, // column 10 p_x_high_limbs_range_constraint_0_shift, // column 11 p_x_high_limbs_range_constraint_1_shift, // column 12 p_x_high_limbs_range_constraint_2_shift, // column 13 p_x_high_limbs_range_constraint_3_shift, // column 14 p_x_high_limbs_range_constraint_4_shift, // column 15 p_x_high_limbs_range_constraint_tail_shift, // column 16 - p_y_low_limbs_shift, // column 17 p_y_low_limbs_range_constraint_0_shift, // column 18 p_y_low_limbs_range_constraint_1_shift, // column 19 p_y_low_limbs_range_constraint_2_shift, // column 20 p_y_low_limbs_range_constraint_3_shift, // column 21 p_y_low_limbs_range_constraint_4_shift, // column 22 p_y_low_limbs_range_constraint_tail_shift, // column 23 - p_y_high_limbs_shift, // column 24 p_y_high_limbs_range_constraint_0_shift, // column 25 p_y_high_limbs_range_constraint_1_shift, // column 26 p_y_high_limbs_range_constraint_2_shift, // column 27 p_y_high_limbs_range_constraint_3_shift, // column 28 p_y_high_limbs_range_constraint_4_shift, // column 29 p_y_high_limbs_range_constraint_tail_shift, // column 30 - z_low_limbs_shift, // column 31 z_low_limbs_range_constraint_0_shift, // column 32 z_low_limbs_range_constraint_1_shift, // column 33 z_low_limbs_range_constraint_2_shift, // column 34 z_low_limbs_range_constraint_3_shift, // column 35 z_low_limbs_range_constraint_4_shift, // column 36 z_low_limbs_range_constraint_tail_shift, // column 37 - z_high_limbs_shift, // column 38 z_high_limbs_range_constraint_0_shift, // column 39 z_high_limbs_range_constraint_1_shift, // column 40 z_high_limbs_range_constraint_2_shift, // column 41 z_high_limbs_range_constraint_3_shift, // column 42 z_high_limbs_range_constraint_4_shift, // column 43 z_high_limbs_range_constraint_tail_shift, // column 44 - accumulators_binary_limbs_0_shift, // column 45 - accumulators_binary_limbs_1_shift, // column 46 - accumulators_binary_limbs_2_shift, // column 47 - accumulators_binary_limbs_3_shift, // column 48 accumulator_low_limbs_range_constraint_0_shift, // column 49 accumulator_low_limbs_range_constraint_1_shift, // column 50 accumulator_low_limbs_range_constraint_2_shift, // column 51 @@ -464,8 +503,6 @@ class TranslatorFlavor { accumulator_high_limbs_range_constraint_3_shift, // column 58 accumulator_high_limbs_range_constraint_4_shift, // column 59 accumulator_high_limbs_range_constraint_tail_shift, // column 60 - quotient_low_binary_limbs_shift, // column 61 - quotient_high_binary_limbs_shift, // column 62 quotient_low_limbs_range_constraint_0_shift, // column 63 quotient_low_limbs_range_constraint_1_shift, // column 64 quotient_low_limbs_range_constraint_2_shift, // column 65 @@ -478,7 +515,6 @@ class TranslatorFlavor { quotient_high_limbs_range_constraint_3_shift, // column 72 quotient_high_limbs_range_constraint_4_shift, // column 73 quotient_high_limbs_range_constraint_tail_shift, // column 74 - relation_wide_limbs_shift, // column 75 relation_wide_limbs_range_constraint_0_shift, // column 76 relation_wide_limbs_range_constraint_1_shift, // column 77 relation_wide_limbs_range_constraint_2_shift, // column 78 @@ -839,13 +875,13 @@ class TranslatorFlavor { this->x_hi_z_1 = "X_HI_Z_1"; this->y_lo_z_2 = "Y_LO_Z_2"; this->p_x_low_limbs = "P_X_LOW_LIMBS"; + this->p_x_high_limbs = "P_X_HIGH_LIMBS"; this->p_x_low_limbs_range_constraint_0 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_0"; this->p_x_low_limbs_range_constraint_1 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_1"; this->p_x_low_limbs_range_constraint_2 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_2"; this->p_x_low_limbs_range_constraint_3 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_3"; this->p_x_low_limbs_range_constraint_4 = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_4"; this->p_x_low_limbs_range_constraint_tail = "P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL"; - this->p_x_high_limbs = "P_X_HIGH_LIMBS"; this->p_x_high_limbs_range_constraint_0 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0"; this->p_x_high_limbs_range_constraint_1 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1"; this->p_x_high_limbs_range_constraint_2 = "P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2"; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/translator_verifier.cpp index 1aabba2e607..628d3b0aab1 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/translator_verifier.cpp @@ -117,6 +117,7 @@ bool TranslatorVerifier::verify_proof(const HonkProof& proof) if (sumcheck_verified.has_value() && !sumcheck_verified.value()) { return false; } + // Execute Shplemini const BatchOpeningClaim opening_claim = Shplemini::compute_batch_opening_claim(circuit_size, @@ -127,6 +128,7 @@ bool TranslatorVerifier::verify_proof(const HonkProof& proof) multivariate_challenge, Commitment::one(), transcript, + Flavor::REPEATED_COMMITMENTS, RefVector(libra_commitments), libra_evaluations, commitments.get_groups_to_be_concatenated(), diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp index 540a74e6f13..996df320f95 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp @@ -79,6 +79,7 @@ template bool DeciderVerifier_::verify() sumcheck_output.challenge, Commitment::one(), transcript, + Flavor::REPEATED_COMMITMENTS, RefVector(libra_commitments), libra_evaluations); const auto pairing_points = PCS::reduce_verify_batch_opening_claim(opening_claim, transcript);