Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: sumcheck part of ECCVM recursive verifier instantiated as an UltraCircuit #6413

Merged
merged 59 commits into from
May 28, 2024
Merged
Show file tree
Hide file tree
Changes from 48 commits
Commits
Show all changes
59 commits
Select commit Hold shift + click to select a range
f3571c6
exploooring
maramihali May 14, 2024
927b78b
start doing recursive work
maramihali May 14, 2024
8b3a8cd
start doing recursive work
maramihali May 14, 2024
1afccd1
Merge branch 'mm/eccvm-work' of github.com:AztecProtocol/aztec-packag…
maramihali May 20, 2024
0e368c1
stuff
maramihali May 20, 2024
e512732
stuff
maramihali May 20, 2024
1ea0798
AAAAAAAAA
maramihali May 21, 2024
d3a94e4
stuff
maramihali May 21, 2024
3a0d99f
stuff
maramihali May 22, 2024
79e448a
implementation and tests
maramihali May 22, 2024
0b8a833
Merge remote-tracking branch 'origin/master' into mm/stdlib-verifier-…
maramihali May 22, 2024
038ca2c
actuall add the code
maramihali May 22, 2024
c89511f
Merge branch 'master' into mm/stdlib-verifier-commitment-key
maramihali May 22, 2024
1b12784
fix typo
maramihali May 22, 2024
b5f4daf
Merge branch 'mm/stdlib-verifier-commitment-key' of github.com:AztecP…
maramihali May 22, 2024
76239b2
Merge branch 'mm/stdlib-verifier-commitment-key' into mm/eccvm-work
maramihali May 22, 2024
b685b09
another thingy
maramihali May 22, 2024
5105e9c
Merge branch 'mm/stdlib-verifier-commitment-key' into mm/eccvm-work
maramihali May 22, 2024
f923145
aaaa
maramihali May 22, 2024
c4a5d0a
more chaos
maramihali May 22, 2024
50bb183
hacking
maramihali May 23, 2024
db48cd7
instantiated relations
maramihali May 23, 2024
5b82114
yay
maramihali May 23, 2024
75cd6a3
something doesn't work...
maramihali May 23, 2024
5b59b40
Merge branch 'mm/ecc_relations_stdlib' into mm/eccvm-work
maramihali May 23, 2024
3204ef1
works
maramihali May 24, 2024
7bf7eae
Merge remote-tracking branch 'origin/master' into mm/ecc_relations_st…
maramihali May 24, 2024
038de13
cleanup
maramihali May 24, 2024
88affab
Merge branch 'mm/ecc_relations_stdlib' into mm/eccvm-work
maramihali May 24, 2024
955cad0
something doesn't work
maramihali May 24, 2024
3405b61
remove unnecessary changes
maramihali May 24, 2024
9ea8d2b
fun times
maramihali May 24, 2024
a2bcef8
yaaay
maramihali May 24, 2024
c776938
stuff is good
maramihali May 24, 2024
3f898b2
add test to ensure inversion is correct and change constructors
maramihali May 24, 2024
4710dd1
Merge remote-tracking branch 'origin/master' into mm/ecc_relations_st…
maramihali May 24, 2024
221afd4
Merge remote-tracking branch 'origin/mm/ecc_relations_stdlib' into mm…
maramihali May 24, 2024
0e507c0
cleanup
maramihali May 24, 2024
660074d
Merge branch 'master' into mm/eccvm-work
maramihali May 28, 2024
9388d5f
cleanup
maramihali May 28, 2024
bb424aa
Merge remote-tracking branch 'origin/master' into mm/eccvm-work
maramihali May 28, 2024
995bea2
delete unnecessary file
maramihali May 28, 2024
a176c23
cleanup
maramihali May 28, 2024
46aa627
get ready for review *fingers crossed*
maramihali May 28, 2024
f67297d
Merge branch 'master' into mm/eccvm-work
maramihali May 28, 2024
7ccaca1
documentation
maramihali May 28, 2024
8d855ab
Merge branch 'mm/eccvm-work' of github.com:AztecProtocol/aztec-packag…
maramihali May 28, 2024
82919be
more cleanup
maramihali May 28, 2024
083ce09
fix build
maramihali May 28, 2024
3c5413d
do self_reduce in sumcheck, don't modify assert_equal in bigfield
maramihali May 28, 2024
4da1bce
add separate grumpkin curve stdlib structure
maramihali May 28, 2024
dc0f0fc
Merge branch 'master' into mm/eccvm-work
maramihali May 28, 2024
0b68af5
fix typos
maramihali May 28, 2024
08f6c88
Merge branch 'mm/eccvm-work' of github.com:AztecProtocol/aztec-packag…
maramihali May 28, 2024
35e63ac
add issues
maramihali May 28, 2024
fea7c51
Merge branch 'master' into mm/eccvm-work
maramihali May 28, 2024
d53f8a8
bump wasm to 28 to fix CI
maramihali May 28, 2024
ce88bb0
Merge branch 'mm/eccvm-work' of github.com:AztecProtocol/aztec-packag…
maramihali May 28, 2024
a9f3b86
fix gcc
maramihali May 28, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,8 @@ class ECCVMCircuitBuilder {

[[nodiscard]] size_t get_num_gates() const
{
// (issue #2218)
// TODO(https://github.com/AztecProtocol/aztec-packages/issues/2218): Reduce the amount of computation needed
// for this method
return op_queue->get_num_rows();
}

Expand Down
23 changes: 14 additions & 9 deletions barretenberg/cpp/src/barretenberg/eccvm/eccvm_composer.test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -14,26 +14,31 @@
#include "barretenberg/sumcheck/sumcheck_round.hpp"

using namespace bb;
using G1 = bb::g1;
using Fr = bb::fr;

class ECCVMComposerTests : public ::testing::Test {
protected:
// TODO(640): The Standard Honk on Grumpkin test suite fails unless the SRS is initialized for every test.
void SetUp() override { srs::init_grumpkin_crs_factory("../srs_db/grumpkin"); };
};
namespace {
auto& engine = numeric::get_debug_randomness();
}

/**
* @brief Adds operations in BN254 to the op_queue and then constructs and ECCVM circuit from the op_queue.
*
* @param engine
* @return ECCVMCircuitBuilder
*/
ECCVMCircuitBuilder generate_circuit(numeric::RNG* engine = nullptr)
{
std::shared_ptr<ECCOpQueue> op_queue = std::make_shared<ECCOpQueue>();
using Curve = curve::BN254;
using G1 = Curve::Element;
using Fr = Curve::ScalarField;

auto generators = G1::derive_generators("test generators", 3);

typename G1::element a = generators[0];
typename G1::element b = generators[1];
typename G1::element c = generators[2];
std::shared_ptr<ECCOpQueue> op_queue = std::make_shared<ECCOpQueue>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you change this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To make it uniform to the recursive verifier but can revert

G1 a = G1::random_element(engine);
G1 b = G1::random_element(engine);
G1 c = G1::random_element(engine);
Fr x = Fr::random_element(engine);
Fr y = Fr::random_element(engine);

Expand Down
110 changes: 9 additions & 101 deletions barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -17,120 +17,28 @@ bool ECCVMVerifier::verify_proof(const HonkProof& proof)
CommitmentLabels commitment_labels;

const auto circuit_size = transcript->template receive_from_prover<uint32_t>("circuit_size");
ASSERT(circuit_size == key->circuit_size);

if (circuit_size != key->circuit_size) {
return false;
for (auto [comm, label] : zip_view(commitments.get_wires(), commitment_labels.get_wires())) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

comm = transcript->template receive_from_prover<Commitment>(label);
}

// Utility for extracting commitments from transcript
const auto receive_commitment = [&](const std::string& label) {
return transcript->template receive_from_prover<Commitment>(label);
};

// Get commitments to VM wires
commitments.transcript_add = receive_commitment(commitment_labels.transcript_add);
commitments.transcript_mul = receive_commitment(commitment_labels.transcript_mul);
commitments.transcript_eq = receive_commitment(commitment_labels.transcript_eq);
commitments.transcript_msm_transition = receive_commitment(commitment_labels.transcript_msm_transition);
commitments.transcript_pc = receive_commitment(commitment_labels.transcript_pc);
commitments.transcript_msm_count = receive_commitment(commitment_labels.transcript_msm_count);
commitments.transcript_Px = receive_commitment(commitment_labels.transcript_Px);
commitments.transcript_Py = receive_commitment(commitment_labels.transcript_Py);
commitments.transcript_z1 = receive_commitment(commitment_labels.transcript_z1);
commitments.transcript_z2 = receive_commitment(commitment_labels.transcript_z2);
commitments.transcript_z1zero = receive_commitment(commitment_labels.transcript_z1zero);
commitments.transcript_z2zero = receive_commitment(commitment_labels.transcript_z2zero);
commitments.transcript_op = receive_commitment(commitment_labels.transcript_op);
commitments.transcript_accumulator_x = receive_commitment(commitment_labels.transcript_accumulator_x);
commitments.transcript_accumulator_y = receive_commitment(commitment_labels.transcript_accumulator_y);
commitments.transcript_msm_x = receive_commitment(commitment_labels.transcript_msm_x);
commitments.transcript_msm_y = receive_commitment(commitment_labels.transcript_msm_y);
commitments.precompute_pc = receive_commitment(commitment_labels.precompute_pc);
commitments.precompute_point_transition = receive_commitment(commitment_labels.precompute_point_transition);
commitments.precompute_round = receive_commitment(commitment_labels.precompute_round);
commitments.precompute_scalar_sum = receive_commitment(commitment_labels.precompute_scalar_sum);
commitments.precompute_s1hi = receive_commitment(commitment_labels.precompute_s1hi);
commitments.precompute_s1lo = receive_commitment(commitment_labels.precompute_s1lo);
commitments.precompute_s2hi = receive_commitment(commitment_labels.precompute_s2hi);
commitments.precompute_s2lo = receive_commitment(commitment_labels.precompute_s2lo);
commitments.precompute_s3hi = receive_commitment(commitment_labels.precompute_s3hi);
commitments.precompute_s3lo = receive_commitment(commitment_labels.precompute_s3lo);
commitments.precompute_s4hi = receive_commitment(commitment_labels.precompute_s4hi);
commitments.precompute_s4lo = receive_commitment(commitment_labels.precompute_s4lo);
commitments.precompute_skew = receive_commitment(commitment_labels.precompute_skew);
commitments.precompute_dx = receive_commitment(commitment_labels.precompute_dx);
commitments.precompute_dy = receive_commitment(commitment_labels.precompute_dy);
commitments.precompute_tx = receive_commitment(commitment_labels.precompute_tx);
commitments.precompute_ty = receive_commitment(commitment_labels.precompute_ty);
commitments.msm_transition = receive_commitment(commitment_labels.msm_transition);
commitments.msm_add = receive_commitment(commitment_labels.msm_add);
commitments.msm_double = receive_commitment(commitment_labels.msm_double);
commitments.msm_skew = receive_commitment(commitment_labels.msm_skew);
commitments.msm_accumulator_x = receive_commitment(commitment_labels.msm_accumulator_x);
commitments.msm_accumulator_y = receive_commitment(commitment_labels.msm_accumulator_y);
commitments.msm_pc = receive_commitment(commitment_labels.msm_pc);
commitments.msm_size_of_msm = receive_commitment(commitment_labels.msm_size_of_msm);
commitments.msm_count = receive_commitment(commitment_labels.msm_count);
commitments.msm_round = receive_commitment(commitment_labels.msm_round);
commitments.msm_add1 = receive_commitment(commitment_labels.msm_add1);
commitments.msm_add2 = receive_commitment(commitment_labels.msm_add2);
commitments.msm_add3 = receive_commitment(commitment_labels.msm_add3);
commitments.msm_add4 = receive_commitment(commitment_labels.msm_add4);
commitments.msm_x1 = receive_commitment(commitment_labels.msm_x1);
commitments.msm_y1 = receive_commitment(commitment_labels.msm_y1);
commitments.msm_x2 = receive_commitment(commitment_labels.msm_x2);
commitments.msm_y2 = receive_commitment(commitment_labels.msm_y2);
commitments.msm_x3 = receive_commitment(commitment_labels.msm_x3);
commitments.msm_y3 = receive_commitment(commitment_labels.msm_y3);
commitments.msm_x4 = receive_commitment(commitment_labels.msm_x4);
commitments.msm_y4 = receive_commitment(commitment_labels.msm_y4);
commitments.msm_collision_x1 = receive_commitment(commitment_labels.msm_collision_x1);
commitments.msm_collision_x2 = receive_commitment(commitment_labels.msm_collision_x2);
commitments.msm_collision_x3 = receive_commitment(commitment_labels.msm_collision_x3);
commitments.msm_collision_x4 = receive_commitment(commitment_labels.msm_collision_x4);
commitments.msm_lambda1 = receive_commitment(commitment_labels.msm_lambda1);
commitments.msm_lambda2 = receive_commitment(commitment_labels.msm_lambda2);
commitments.msm_lambda3 = receive_commitment(commitment_labels.msm_lambda3);
commitments.msm_lambda4 = receive_commitment(commitment_labels.msm_lambda4);
commitments.msm_slice1 = receive_commitment(commitment_labels.msm_slice1);
commitments.msm_slice2 = receive_commitment(commitment_labels.msm_slice2);
commitments.msm_slice3 = receive_commitment(commitment_labels.msm_slice3);
commitments.msm_slice4 = receive_commitment(commitment_labels.msm_slice4);
commitments.transcript_accumulator_empty = receive_commitment(commitment_labels.transcript_accumulator_empty);
commitments.transcript_reset_accumulator = receive_commitment(commitment_labels.transcript_reset_accumulator);
commitments.precompute_select = receive_commitment(commitment_labels.precompute_select);
commitments.lookup_read_counts_0 = receive_commitment(commitment_labels.lookup_read_counts_0);
commitments.lookup_read_counts_1 = receive_commitment(commitment_labels.lookup_read_counts_1);
commitments.transcript_base_infinity = receive_commitment(commitment_labels.transcript_base_infinity);
commitments.transcript_base_x_inverse = receive_commitment(commitment_labels.transcript_base_x_inverse);
commitments.transcript_base_y_inverse = receive_commitment(commitment_labels.transcript_base_y_inverse);
commitments.transcript_add_x_equal = receive_commitment(commitment_labels.transcript_add_x_equal);
commitments.transcript_add_y_equal = receive_commitment(commitment_labels.transcript_add_y_equal);
commitments.transcript_add_lambda = receive_commitment(commitment_labels.transcript_add_lambda);
commitments.transcript_msm_intermediate_x = receive_commitment(commitment_labels.transcript_msm_intermediate_x);
commitments.transcript_msm_intermediate_y = receive_commitment(commitment_labels.transcript_msm_intermediate_y);
commitments.transcript_msm_infinity = receive_commitment(commitment_labels.transcript_msm_infinity);
commitments.transcript_msm_x_inverse = receive_commitment(commitment_labels.transcript_msm_x_inverse);
commitments.transcript_msm_count_zero_at_transition =
receive_commitment(commitment_labels.transcript_msm_count_zero_at_transition);
commitments.transcript_msm_count_at_transition_inverse =
receive_commitment(commitment_labels.transcript_msm_count_at_transition_inverse);

// Get challenge for sorted list batching and wire four memory records
auto [beta, gamma] = transcript->template get_challenges<FF>("beta", "gamma");

relation_parameters.gamma = gamma;
auto beta_sqr = beta * beta;
relation_parameters.gamma = gamma;
relation_parameters.beta = beta;
relation_parameters.beta_sqr = beta_sqr;
relation_parameters.beta_sqr = beta * beta;
relation_parameters.beta_cube = beta_sqr * beta;
relation_parameters.eccvm_set_permutation_delta =
gamma * (gamma + beta_sqr) * (gamma + beta_sqr + beta_sqr) * (gamma + beta_sqr + beta_sqr + beta_sqr);
relation_parameters.eccvm_set_permutation_delta = relation_parameters.eccvm_set_permutation_delta.invert();

// Get commitment to permutation and lookup grand products
commitments.lookup_inverses = receive_commitment(commitment_labels.lookup_inverses);
commitments.z_perm = receive_commitment(commitment_labels.z_perm);
commitments.lookup_inverses =
transcript->template receive_from_prover<Commitment>(commitment_labels.lookup_inverses);
commitments.z_perm = transcript->template receive_from_prover<Commitment>(commitment_labels.z_perm);

// Execute Sumcheck Verifier
const size_t log_circuit_size = numeric::get_msb(circuit_size);
Expand Down Expand Up @@ -160,7 +68,7 @@ bool ECCVMVerifier::verify_proof(const HonkProof& proof)
// TODO(#768): Find a better way to do this. See issue for details.
bool univariate_opening_verified = false;
{
auto hack_commitment = receive_commitment("Translation:hack_commitment");
auto hack_commitment = transcript->template receive_from_prover<Commitment>("Translation:hack_commitment");

FF evaluation_challenge_x = transcript->template get_challenge<FF>("Translation:evaluation_challenge_x");

Expand Down
1 change: 0 additions & 1 deletion barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ class ECCVMVerifier {

std::shared_ptr<VerificationKey> key;
std::map<std::string, Commitment> commitments;
std::map<std::string, FF> pcs_fr_elements;
std::shared_ptr<Transcript> transcript;
};
} // namespace bb
Original file line number Diff line number Diff line change
@@ -1 +1 @@
barretenberg_module(eccvm_recursion eccvm stdlib_circuit_builders stdlib_primitives)
barretenberg_module(eccvm_recursion eccvm stdlib_honk_recursion)
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#include "barretenberg/eccvm_recursion/eccvm_recursive_flavor.hpp"
#include "barretenberg/flavor/relation_definitions.hpp"
#include "barretenberg/relations/ecc_vm/ecc_bools_relation_impl.hpp"
#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

namespace bb {
template class ECCVMBoolsRelationImpl<stdlib::bigfield<UltraCircuitBuilder, bb::Bn254FqParams>>;
template class ECCVMBoolsRelationImpl<stdlib::bigfield<MegaCircuitBuilder, bb::Bn254FqParams>>;
DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS(ECCVMBoolsRelationImpl, ECCVMRecursiveFlavor_<UltraCircuitBuilder>);
DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS(ECCVMBoolsRelationImpl, ECCVMRecursiveFlavor_<MegaCircuitBuilder>);
} // namespace bb
Original file line number Diff line number Diff line change
Expand Up @@ -55,5 +55,6 @@ TEST_F(EccRelationsConsistency, RecursiveToNativeConsistency)
validate_relation_execution<ECCVMPointTableRelation>();
validate_relation_execution<ECCVMTranscriptRelation>();
validate_relation_execution<ECCVMWnafRelation>();
validate_relation_execution<ECCVMBoolsRelation>();
}
} // namespace bb
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,10 @@ namespace bb {
template <typename BuilderType> class ECCVMRecursiveFlavor_ {
public:
using CircuitBuilder = BuilderType; // determines the arithmetisation of recursive verifier
using FF = stdlib::bigfield<CircuitBuilder, bb::Bn254FqParams>;
using BF = stdlib::field_t<CircuitBuilder>;
using Curve = stdlib::bn254<CircuitBuilder, true>;
using Commitment = Curve::AffineElement;
using FF = Curve::ScalarField;
using BF = Curve::BaseField;
using RelationSeparator = FF;
using NativeFlavor = ECCVMFlavor;
using NativeVerificationKey = NativeFlavor::VerificationKey;
Expand Down Expand Up @@ -70,6 +72,59 @@ template <typename BuilderType> class ECCVMRecursiveFlavor_ {
using Base::Base;
};

using VerifierCommitmentKey = VerifierCommitmentKey<Curve>;
/**
* @brief The verification key is responsible for storing the the commitments to the precomputed (non-witnessk)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo (witnessk)

* polynomials used by the verifier.
*
* @note Note the discrepancy with what sort of data is stored here vs in the proving key. We may want to
* resolve that, and split out separate PrecomputedPolynom ials/Commitments data for clarity but also for
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

space typo

* portability of our circuits.
*/
class VerificationKey
: public VerificationKey_<ECCVMFlavor::PrecomputedEntities<Commitment>, VerifierCommitmentKey> {
public:
VerificationKey(const size_t circuit_size, const size_t num_public_inputs)
{
this->circuit_size = circuit_size;
this->log_circuit_size = numeric::get_msb(circuit_size);
this->num_public_inputs = num_public_inputs;
};

/**
* @brief Construct a new Verification Key with stdlib types from a provided native verification
* key
*
* @param builder
* @param native_key Native verification key from which to extract the precomputed commitments
*/

VerificationKey(CircuitBuilder* builder, const std::shared_ptr<NativeVerificationKey>& native_key)
{
this->pcs_verification_key = std::make_shared<VerifierCommitmentKey>(
builder, native_key->circuit_size, native_key->pcs_verification_key);
this->circuit_size = native_key->circuit_size;
this->log_circuit_size = numeric::get_msb(this->circuit_size);
this->num_public_inputs = native_key->num_public_inputs;
this->pub_inputs_offset = native_key->pub_inputs_offset;

for (auto [native_commitment, commitment] : zip_view(native_key->get_all(), this->get_all())) {
commitment = Commitment::from_witness(builder, native_commitment);
}
}
};

/**
* @brief A container for the witness commitments.
*/
using WitnessCommitments = ECCVMFlavor::WitnessEntities<Commitment>;

using CommitmentLabels = ECCVMFlavor::CommitmentLabels;
// Reuse the VerifierCommitments from ECCVM
using VerifierCommitments = ECCVMFlavor::VerifierCommitments_<Commitment, VerificationKey>;
// Reuse the transcript from ECCVM
using Transcript = bb::BaseTranscript<bb::stdlib::recursion::honk::StdlibTranscriptParams<CircuitBuilder>>;

}; // NOLINTEND(cppcoreguidelines-avoid-const-or-ref-data-members)

} // namespace bb
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
#include "./eccvm_recursive_verifier.hpp"
#include "barretenberg/commitment_schemes/zeromorph/zeromorph.hpp"
#include "barretenberg/sumcheck/sumcheck.hpp"
#include "barretenberg/transcript/transcript.hpp"

namespace bb {

template <typename Flavor>
ECCVMRecursiveVerifier_<Flavor>::ECCVMRecursiveVerifier_(
Builder* builder, const std::shared_ptr<NativeVerificationKey>& native_verifier_key)
: key(std::make_shared<VerificationKey>(builder, native_verifier_key))
, builder(builder)
{}

/**
* @brief This function verifies an ECCVM Honk proof for given program settings up to sumcheck.
*/
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1007): Finish this
template <typename Flavor> bool ECCVMRecursiveVerifier_<Flavor>::verify_proof(const HonkProof& proof)
{

RelationParameters<FF> relation_parameters;

StdlibProof<Builder> stdlib_proof = bb::convert_proof_to_witness(builder, proof);
transcript = std::make_shared<Transcript>(stdlib_proof);

VerifierCommitments commitments{ key };
CommitmentLabels commitment_labels;

const auto circuit_size = transcript->template receive_from_prover<BF>("circuit_size");
for (auto [comm, label] : zip_view(commitments.get_wires(), commitment_labels.get_wires())) {
comm = transcript->template receive_from_prover<Commitment>(label);
}

// Get challenge for sorted list batching and wire four memory records
auto [beta, gamma] = transcript->template get_challenges<FF>("beta", "gamma");

auto beta_sqr = beta * beta;

relation_parameters.gamma = gamma;
relation_parameters.beta = beta;
relation_parameters.beta_sqr = beta * beta;
relation_parameters.beta_cube = beta_sqr * beta;
relation_parameters.eccvm_set_permutation_delta =
gamma * (gamma + beta_sqr) * (gamma + beta_sqr + beta_sqr) * (gamma + beta_sqr + beta_sqr + beta_sqr);
relation_parameters.eccvm_set_permutation_delta = relation_parameters.eccvm_set_permutation_delta.invert();

// Get commitment to permutation and lookup grand products
commitments.lookup_inverses =
transcript->template receive_from_prover<Commitment>(commitment_labels.lookup_inverses);
commitments.z_perm = transcript->template receive_from_prover<Commitment>(commitment_labels.z_perm);

// Execute Sumcheck Verifier
const size_t log_circuit_size = numeric::get_msb(static_cast<uint32_t>(circuit_size.get_value()));
auto sumcheck = SumcheckVerifier<Flavor>(log_circuit_size, transcript, FF(0));
FF alpha = transcript->template get_challenge<FF>("Sumcheck:alpha");
std::vector<FF> gate_challenges(static_cast<size_t>(numeric::get_msb(key->circuit_size)));
for (size_t idx = 0; idx < gate_challenges.size(); idx++) {
gate_challenges[idx] = transcript->template get_challenge<FF>("Sumcheck:gate_challenge_" + std::to_string(idx));
}

auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] =
sumcheck.verify(relation_parameters, alpha, gate_challenges);

return sumcheck_verified.value();
}

template class ECCVMRecursiveVerifier_<ECCVMRecursiveFlavor_<UltraCircuitBuilder>>;
} // namespace bb
Loading
Loading