WIP running verifier; cna't get purpoprted evals.

cpp/src/aztec/honk/composer/composer_helper/permutation_helper.hpp

@@ -184,7 +184,9 @@ void compute_standard_honk_sigma_permutations(CircuitConstructor& circuit_constr
  * @tparam program_width The number of witness polynomials
  * @param key Proving key where we will save the polynomials
  */
-template <size_t program_width> void compute_standard_honk_id_polynomials(waffle::proving_key* key)
+// TODO(Cody): why not a shared pointer here?/s
+template <size_t program_width>
+void compute_standard_honk_id_polynomials(auto key) // proving_key* and share_ptr<proving_key>
 {
     const size_t n = key->n;
     // Fill id polynomials with default values
@@ -210,7 +212,7 @@ template <size_t program_width> void compute_standard_honk_id_polynomials(waffle
  *
  * @param key Proving key where we will save the polynomials
  */
-inline void compute_first_and_last_lagrange_polynomials(waffle::proving_key* key)
+inline void compute_first_and_last_lagrange_polynomials(auto key) // proving_key* and share_ptr<proving_key>
 {
     const size_t n = key->n;
     barretenberg::polynomial lagrange_polynomial_0(n, n);

cpp/src/aztec/honk/proof_system/verifier.cpp

@@ -68,8 +68,6 @@ template <typename program_settings> Verifier<program_settings>& Verifier<progra
 */
 template <typename program_settings> bool Verifier<program_settings>::verify_proof(const waffle::plonk_proof& proof)
 {
-    // TODO(luke): TBD how 'd' gets set here and elsewhere
-    const size_t multivariate_d(1);
 
     const size_t num_polys = program_settings::num_polys;
     using FF = typename program_settings::fr;
@@ -106,7 +104,7 @@ template <typename program_settings> bool Verifier<program_settings>::verify_pro
 
     // Execute Sumcheck Verifier
     auto sumcheck = Sumcheck<Multivariates, Transcript, ArithmeticRelation>(transcript);
-    // sumcheck.execute_verifier(); // Need to mock prover in tests for this to run
+    sumcheck.execute_verifier(); // Need to mock prover in tests for this to run
 
     // Execute Gemini/Shplonk verification:
     // Gemini (reduce_verify()): Compute [Fold_{r}^(0)]_1, [Fold_{-r}^(0)]_1, Fold_{r}^(0)(r)

cpp/src/aztec/honk/proof_system/verifier.test.cpp

@@ -1,3 +1,6 @@
+#include "numeric/bitop/get_msb.hpp"
+#include "plonk/proof_system/constants.hpp"
+#include "proof_system/flavor/flavor.hpp"
 #include "prover.hpp"
 #include "proof_system/proving_key/proving_key.hpp"
 #include "transcript/transcript.hpp"
@@ -8,6 +11,7 @@
 #include <polynomials/polynomial_arithmetic.hpp>
 #include <plonk/proof_system/types/polynomial_manifest.hpp>
 #include <plonk/proof_system/commitment_scheme/kate_commitment_scheme.hpp>
+#include <honk/composer/composer_helper/permutation_helper.hpp>
 
 using namespace barretenberg;
 using namespace honk;
@@ -17,20 +21,26 @@ namespace test_honk_verifier {
 template <class FF> class VerifierTests : public testing::Test {
   public:
     // TODO(luke): replace this with an appropriate mock honk manifest
-    static transcript::Manifest create_manifest(const size_t num_public_inputs = 0)
+    static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds)
     {
-        // constexpr size_t g1_size = 64;
-        constexpr size_t fr_size = 32;
-        const size_t public_input_size = fr_size * num_public_inputs;
-        const transcript::Manifest output = transcript::Manifest(
-            { transcript::Manifest::RoundManifest(
-                  { { "circuit_size", 4, true }, { "public_input_size", 4, true } }, "init", 1),
-              transcript::Manifest::RoundManifest({}, "eta", 0),
-              transcript::Manifest::RoundManifest({ { "public_inputs", public_input_size, false } }, "beta", 2),
-              transcript::Manifest::RoundManifest({}, "alpha", 0) });
-        return output;
+        return honk::StandardHonk::create_unrolled_manifest(num_public_inputs, num_sumcheck_rounds);
     }
 
+    // // TODO(luke): replace this with an appropriate mock honk manifest
+    // static transcript::Manifest create_manifest(const size_t num_public_inputs = 0)
+    // {
+    //     // constexpr size_t g1_size = 64;
+    //     constexpr size_t fr_size = 32;
+    //     const size_t public_input_size = fr_size * num_public_inputs;
+    //     const transcript::Manifest output = transcript::Manifest(
+    //         { transcript::Manifest::RoundManifest(
+    //               { { "circuit_size", 4, true }, { "public_input_size", 4, true } }, "init", 1),
+    //           transcript::Manifest::RoundManifest({}, "eta", 0),
+    //           transcript::Manifest::RoundManifest({ { "public_inputs", public_input_size, false } }, "beta", 2),
+    //           transcript::Manifest::RoundManifest({}, "alpha", 0) });
+    //     return output;
+    // }
+
     static StandardVerifier generate_verifier(std::shared_ptr<waffle::proving_key> circuit_proving_key)
     {
         std::array<fr*, 8> poly_coefficients;
@@ -44,15 +54,15 @@ template <class FF> class VerifierTests : public testing::Test {
         poly_coefficients[7] = circuit_proving_key->polynomial_cache.get("sigma_3_lagrange").get_coefficients();
 
         std::vector<barretenberg::g1::affine_element> commitments;
-        scalar_multiplication::pippenger_runtime_state state(circuit_proving_key->n);
+        scalar_multiplication::pippenger_runtime_state prover(circuit_proving_key->n);
         commitments.resize(8);
 
         for (size_t i = 0; i < 8; ++i) {
             commitments[i] = g1::affine_element(
                 scalar_multiplication::pippenger(poly_coefficients[i],
                                                  circuit_proving_key->reference_string->get_monomials(),
                                                  circuit_proving_key->n,
-                                                 state));
+                                                 prover));
         }
 
         auto crs = std::make_shared<waffle::VerifierFileReferenceString>("../srs_db/ignition");
@@ -69,7 +79,7 @@ template <class FF> class VerifierTests : public testing::Test {
         circuit_verification_key->permutation_selectors.insert({ "SIGMA_2", commitments[6] });
         circuit_verification_key->permutation_selectors.insert({ "SIGMA_3", commitments[7] });
 
-        StandardVerifier verifier(circuit_verification_key, create_manifest());
+        StandardVerifier verifier(circuit_verification_key, create_manifest(0, circuit_proving_key->log_n));
 
         // TODO(luke): set verifier PCS ala the following:
         // std::unique_ptr<KateCommitmentScheme<standard_settings>> kate_commitment_scheme =
@@ -81,13 +91,14 @@ template <class FF> class VerifierTests : public testing::Test {
 
     // TODO: this example is adapted from a corresponding PlonK verifier test. Needs to be
     // updated further as the Honk PoC comes together.
-    static StandardProver generate_test_data(const size_t n)
+    static StandardUnrolledProver generate_test_data(const size_t n)
     {
         // Create some constraints that satisfy our arithmetic circuit relation
         // even indices = mul gates, odd incides = add gates
 
         auto crs = std::make_shared<waffle::FileReferenceString>(n + 1, "../srs_db/ignition");
-        std::shared_ptr<waffle::proving_key> key = std::make_shared<waffle::proving_key>(n, 0, crs, waffle::STANDARD);
+        std::shared_ptr<waffle::proving_key> proving_key =
+            std::make_shared<waffle::proving_key>(n, 0, crs, waffle::STANDARD_HONK);
 
         polynomial w_l;
         polynomial w_r;
@@ -171,40 +182,49 @@ template <class FF> class VerifierTests : public testing::Test {
             sigma_3_mapping[n - 1 - j] = (uint32_t)n - 1 - j + (1U << 31U);
         }
 
-        polynomial sigma_1(key->n);
-        polynomial sigma_2(key->n);
-        polynomial sigma_3(key->n);
+        polynomial sigma_1(proving_key->n);
+        polynomial sigma_2(proving_key->n);
+        polynomial sigma_3(proving_key->n);
 
         // TODO(luke): This is part of the permutation functionality that needs to be updated for honk
         // waffle::compute_permutation_lagrange_base_single<standard_settings>(sigma_1, sigma_1_mapping,
-        // key->small_domain); waffle::compute_permutation_lagrange_base_single<standard_settings>(sigma_2,
-        // sigma_2_mapping, key->small_domain);
+        // proving_key->small_domain); waffle::compute_permutation_lagrange_base_single<standard_settings>(sigma_2,
+        // sigma_2_mapping, proving_key->small_domain);
         // waffle::compute_permutation_lagrange_base_single<standard_settings>(sigma_3, sigma_3_mapping,
-        // key->small_domain);
+        // proving_key->small_domain);
+
+        polynomial sigma_1_lagrange_base(sigma_1, proving_key->n);
+        polynomial sigma_2_lagrange_base(sigma_2, proving_key->n);
+        polynomial sigma_3_lagrange_base(sigma_3, proving_key->n);
+
+        proving_key->polynomial_cache.put("sigma_1_lagrange", std::move(sigma_1_lagrange_base));
+        proving_key->polynomial_cache.put("sigma_2_lagrange", std::move(sigma_2_lagrange_base));
+        proving_key->polynomial_cache.put("sigma_3_lagrange", std::move(sigma_3_lagrange_base));
 
-        polynomial sigma_1_lagrange_base(sigma_1, key->n);
-        polynomial sigma_2_lagrange_base(sigma_2, key->n);
-        polynomial sigma_3_lagrange_base(sigma_3, key->n);
+        // TODO(Cody): These should be computed here to illustrate how the prover state is computed, or
+        // as we do for the other polynomials, or we should reconsider the place of this test.
+        honk::compute_standard_honk_id_polynomials<3>(proving_key);
+        honk::compute_first_and_last_lagrange_polynomials(proving_key);
 
-        key->polynomial_cache.put("sigma_1_lagrange", std::move(sigma_1_lagrange_base));
-        key->polynomial_cache.put("sigma_2_lagrange", std::move(sigma_2_lagrange_base));
-        key->polynomial_cache.put("sigma_3_lagrange", std::move(sigma_3_lagrange_base));
+        proving_key->polynomial_cache.put("w_1_lagrange", std::move(w_l));
+        proving_key->polynomial_cache.put("w_2_lagrange", std::move(w_r));
+        proving_key->polynomial_cache.put("w_3_lagrange", std::move(w_o));
 
-        key->polynomial_cache.put("w_1_lagrange", std::move(w_l));
-        key->polynomial_cache.put("w_2_lagrange", std::move(w_r));
-        key->polynomial_cache.put("w_3_lagrange", std::move(w_o));
+        proving_key->polynomial_cache.put("q_1_lagrange", std::move(q_l));
+        proving_key->polynomial_cache.put("q_2_lagrange", std::move(q_r));
+        proving_key->polynomial_cache.put("q_3_lagrange", std::move(q_o));
+        proving_key->polynomial_cache.put("q_m_lagrange", std::move(q_m));
+        proving_key->polynomial_cache.put("q_c_lagrange", std::move(q_c));
 
-        key->polynomial_cache.put("q_1_lagrange", std::move(q_l));
-        key->polynomial_cache.put("q_2_lagrange", std::move(q_r));
-        key->polynomial_cache.put("q_3_lagrange", std::move(q_o));
-        key->polynomial_cache.put("q_m_lagrange", std::move(q_m));
-        key->polynomial_cache.put("q_c_lagrange", std::move(q_c));
+        // TODO(Cody): This should be more generic
+        StandardUnrolledProver prover = StandardUnrolledProver(proving_key, create_manifest(0, proving_key->log_n));
 
-        // TODO(luke): add a PCS to the proving key
+        std::unique_ptr<pcs::kzg::CommitmentKey> kate_commitment_key =
+            std::make_unique<pcs::kzg::CommitmentKey>(proving_key->n, "../srs_db/ignition");
 
-        StandardProver state = StandardProver(std::move(key), create_manifest());
+        prover.commitment_key = std::move(kate_commitment_key);
 
-        return state;
+        return prover;
     }
 };
 
@@ -213,17 +233,16 @@ TYPED_TEST_SUITE(VerifierTests, FieldTypes);
 
 // This test is modeled after a corresponding test for the Plonk Verifier. As is the case there, this test relies on
 // valid proof construction which makes the scope quite large. Not really a unit test but a nice test nonetheless.
-TYPED_TEST(VerifierTests, verify_arithmetic_proof_small)
+TYPED_TEST(VerifierTests, VerifyArithmeticProofSmall)
 {
-    GTEST_SKIP() << "Broken by improved mock of construct_proof.";
     size_t n = 8;
 
-    StandardProver state = TestFixture::generate_test_data(n);
+    StandardUnrolledProver prover = TestFixture::generate_test_data(n);
 
-    StandardVerifier verifier = TestFixture::generate_verifier(state.proving_key);
+    StandardVerifier verifier = TestFixture::generate_verifier(prover.proving_key);
 
     // construct proof
-    waffle::plonk_proof proof = state.construct_proof();
+    waffle::plonk_proof proof = prover.construct_proof();
 
     // verify proof
     bool result = verifier.verify_proof(proof);

cpp/src/aztec/honk/sumcheck/polynomials/multivariates.hpp

@@ -6,6 +6,7 @@
 #include <algorithm>
 #include <span>
 #include <common/log.hpp>
+#include <common/serialize.hpp>
 
 namespace honk {
 namespace sumcheck {
@@ -98,10 +99,16 @@ template <class FF_, size_t num_polys> class Multivariates {
     }
 
     explicit Multivariates(transcript::StandardTranscript transcript)
-        : multivariate_n(
-              static_cast<size_t>(transcript.get_field_element("circuit_size").from_montgomery_form().data[0]))
+        : multivariate_n([](std::vector<uint8_t> buffer) {
+            return static_cast<size_t>(buffer[3]) + (static_cast<size_t>(buffer[2]) << 8) +
+                   (static_cast<size_t>(buffer[1]) << 16) + (static_cast<size_t>(buffer[0]) << 24);
+        }(transcript.get_element("circuit_size")))
         , multivariate_d(numeric::get_msb(multivariate_n))
-    {}
+    {
+        // std::vector<uint8_t> buffer = transcript.get_element("circuit_size");
+        // multivariate_n = buffer[0] + (buffer[1] << 8) + (buffer[2] << 16) + (buffer[3] << 24);
+        // multivariate_d = numeric::get_msb(multivariate_n);
+    }
 
     // TODO(Cody): Rename. fold is not descriptive, and it's already in use in the Gemini context.
     //             Probably just call it partial_evaluation?

cpp/src/aztec/honk/sumcheck/sumcheck.hpp

@@ -45,7 +45,7 @@ template <class Multivariates, class Transcript, template <class> class... Relat
 
         // First round
         // This populates multivariates.folded_polynomials.
-        FF relation_separator_challenge = transcript.get_mock_challenge();
+        FF relation_separator_challenge = transcript.get_mock_challenge(); // TODO(Cody): Replace
         auto round_univariate = round.compute_univariate(multivariates.full_polynomials, relation_separator_challenge);
         transcript.add_element("univariate_" + std::to_string(multivariates.multivariate_d),
                                round_univariate.to_buffer());
@@ -85,10 +85,10 @@ template <class Multivariates, class Transcript, template <class> class... Relat
         for (size_t round_idx = 0; round_idx < multivariates.multivariate_d; round_idx++) {
             // Obtain the round univariate from the transcript
             auto round_univariate = Univariate<FF, MAX_RELATION_LENGTH>::serialize_from_buffer(
-                &transcript.get_element("univariate_" + std::to_string(round_idx))[0]);
+                &transcript.get_element("univariate_" + std::to_string(multivariates.multivariate_d - round_idx))[0]);
 
             verified = verified && round.check_sum(round_univariate);
-            FF round_challenge = transcript.get_mock_challenge();
+            FF round_challenge = transcript.get_mock_challenge(); // TODO(real challenge)
             round.compute_next_target_sum(round_univariate, round_challenge);
         }
 

cpp/src/aztec/proof_system/flavor/flavor.hpp

@@ -54,7 +54,7 @@ struct StandardHonk {
         /*  A RoundManifest describes data that will be put in or extracted from a transcript.
             Here we have (1 + 7 + num_sumcheck_rounds)-many RoundManifests. */
         std::vector<transcript::Manifest::RoundManifest> manifest_rounds;
-
+    
         // Round 0
         manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
             {