Cg/PoC partial verification

cpp/src/aztec/honk/circuit_constructors/standard_circuit_constructor.hpp

@@ -4,10 +4,10 @@
 #include <proof_system/flavor/flavor.hpp>
 
 namespace honk {
-enum StandardSelectors { QM, QC, Q1, Q2, Q3, NUM };
+enum StandardSelectors { QM, Q1, Q2, Q3, QC, NUM };
 inline std::vector<std::string> standard_selector_names()
 {
-    std::vector<std::string> result{ "q_m", "q_c", "q_1", "q_2", "q_3" };
+    std::vector<std::string> result{ "q_m", "q_1", "q_2", "q_3", "q_c" };
     return result;
 }
 

cpp/src/aztec/honk/composer/composer_helper/composer_helper.cpp

@@ -270,15 +270,15 @@ std::shared_ptr<waffle::verification_key> ComposerHelper<CircuitConstructor>::co
  * @return The verifier.
  * */
 template <typename CircuitConstructor>
-waffle::Verifier ComposerHelper<CircuitConstructor>::create_verifier(CircuitConstructor& circuit_constructor)
+StandardVerifier ComposerHelper<CircuitConstructor>::create_verifier(CircuitConstructor& circuit_constructor)
 {
-    compute_verification_key(circuit_constructor);
-    // TODO figure out types, actuallt
+    auto verification_key = compute_verification_key(circuit_constructor);
+    // TODO figure out types, actually
     // circuit_verification_key->composer_type = type;
 
     // TODO: initialize verifier according to manifest and key
     // Verifier output_state(circuit_verification_key, create_manifest(public_inputs.size()));
-    waffle::Verifier output_state;
+    StandardVerifier output_state;
     // TODO: Do we need a commitment scheme defined here?
     // std::unique_ptr<KateCommitmentScheme<standard_settings>> kate_commitment_scheme =
     //    std::make_unique<KateCommitmentScheme<standard_settings>>();
@@ -289,14 +289,15 @@ waffle::Verifier ComposerHelper<CircuitConstructor>::create_verifier(CircuitCons
 }
 
 template <typename CircuitConstructor>
-waffle::UnrolledVerifier ComposerHelper<CircuitConstructor>::create_unrolled_verifier(
+StandardUnrolledVerifier ComposerHelper<CircuitConstructor>::create_unrolled_verifier(
     CircuitConstructor& circuit_constructor)
 {
     compute_verification_key(circuit_constructor);
-    // UnrolledVerifier output_state(circuit_verification_key,
-    //                               create_unrolled_manifest(circuit_constructor.n,
-    //                               circuit_constructor.public_inputs.size()));
-    waffle::UnrolledVerifier output_state;
+    StandardUnrolledVerifier output_state(
+        circuit_verification_key,
+        honk::StandardHonk::create_unrolled_manifest(circuit_constructor.public_inputs.size(),
+                                                     numeric::get_msb(circuit_verification_key->n)));
+    // StandardUnrolledVerifier output_state;
 
     // TODO: Deal with commitments
     // std::unique_ptr<KateCommitmentScheme<unrolled_standard_settings>> kate_commitment_scheme =
@@ -316,6 +317,69 @@ StandardUnrolledProver ComposerHelper<CircuitConstructor>::create_unrolled_prove
     compute_proving_key(circuit_constructor);
     compute_witness(circuit_constructor);
 
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("w_1_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("w_2_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("w_3_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("q_m_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("q_1_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("q_2_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("q_3_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
+
+    for (size_t i = 0; i < 8; i++) {
+        auto poly = circuit_proving_key->polynomial_cache.get("q_c_lagrange");
+        if (poly[i] != 0) {
+            info("nonzero value");
+        }
+        info(poly[i]);
+    }
     size_t num_sumcheck_rounds(circuit_proving_key->log_n);
     auto manifest = Flavor::create_unrolled_manifest(circuit_constructor.public_inputs.size(), num_sumcheck_rounds);
     StandardUnrolledProver output_state(circuit_proving_key, manifest);

cpp/src/aztec/honk/composer/composer_helper/composer_helper.hpp

@@ -44,7 +44,8 @@ template <typename CircuitConstructor> class ComposerHelper {
     {
         compute_witness_base<program_width>(circuit_constructor);
     }
-    waffle::Verifier create_verifier(CircuitConstructor& circuit_constructor);
+
+    StandardVerifier create_verifier(CircuitConstructor& circuit_constructor);
     /**
      * Preprocess the circuit. Delegates to create_prover.
      *
@@ -53,7 +54,7 @@ template <typename CircuitConstructor> class ComposerHelper {
     StandardProver preprocess(CircuitConstructor& circuit_constructor) { return create_prover(circuit_constructor); };
     StandardProver create_prover(CircuitConstructor& circuit_constructor);
 
-    waffle::UnrolledVerifier create_unrolled_verifier(CircuitConstructor& circuit_constructor);
+    StandardUnrolledVerifier create_unrolled_verifier(CircuitConstructor& circuit_constructor);
 
     template <typename Flavor> StandardUnrolledProver create_unrolled_prover(CircuitConstructor& circuit_constructor);
 

cpp/src/aztec/honk/composer/composer_helper/permutation_helper.hpp

@@ -184,7 +184,9 @@ void compute_standard_honk_sigma_permutations(CircuitConstructor& circuit_constr
  * @tparam program_width The number of witness polynomials
  * @param key Proving key where we will save the polynomials
  */
-template <size_t program_width> void compute_standard_honk_id_polynomials(waffle::proving_key* key)
+// TODO(Cody): why not a shared pointer here?/s
+template <size_t program_width>
+void compute_standard_honk_id_polynomials(auto key) // proving_key* and share_ptr<proving_key>
 {
     const size_t n = key->n;
     // Fill id polynomials with default values
@@ -210,9 +212,10 @@ template <size_t program_width> void compute_standard_honk_id_polynomials(waffle
  *
  * @param key Proving key where we will save the polynomials
  */
-inline void compute_first_and_last_lagrange_polynomials(waffle::proving_key* key)
+inline void compute_first_and_last_lagrange_polynomials(auto key) // proving_key* and share_ptr<proving_key>
 {
     const size_t n = key->n;
+    info("Computing Lagrange basis polys, the  value of n is: ", n);
     barretenberg::polynomial lagrange_polynomial_0(n, n);
     barretenberg::polynomial lagrange_polynomial_n_min_1(n, n);
     lagrange_polynomial_0[0] = 1;

cpp/src/aztec/honk/composer/standard_honk_composer.hpp

@@ -161,7 +161,7 @@ class StandardHonkComposer {
     }
     void compute_witness() { composer_helper.compute_witness(circuit_constructor); };
     // TODO(Cody): This will not be needed, but maybe something is required for ComposerHelper to be generic?
-    waffle::Verifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); }
+    StandardVerifier create_verifier() { return composer_helper.create_verifier(circuit_constructor); }
     /**
      * Preprocess the circuit. Delegates to create_prover.
      *
@@ -174,7 +174,7 @@ class StandardHonkComposer {
      */
     StandardProver preprocess() { return composer_helper.create_prover(circuit_constructor); };
     StandardProver create_prover() { return composer_helper.create_prover(circuit_constructor); };
-    waffle::UnrolledVerifier create_unrolled_verifier()
+    StandardUnrolledVerifier create_unrolled_verifier()
     {
         return composer_helper.create_unrolled_verifier(circuit_constructor);
     }

cpp/src/aztec/honk/composer/standard_honk_composer.test.cpp

@@ -1,11 +1,14 @@
 #include "standard_honk_composer.hpp"
+#include "common/assert.hpp"
 #include "numeric/uint256/uint256.hpp"
 #include "plonk/proof_system/types/polynomial_manifest.hpp"
 #include <cstdint>
 #include <honk/proof_system/prover.hpp>
 #include <honk/sumcheck/polynomials/multivariates.hpp>
 #include <gtest/gtest.h>
 
+#pragma GCC diagnostic ignored "-Wunused-variable"
+
 using namespace honk;
 
 namespace test_standard_honk_composer {
@@ -256,20 +259,56 @@ TEST(standard_honk_composer, test_assert_equal)
     // Check that the maximum cycle in the one, where we used assert_equal, is twice as long
     EXPECT_EQ(get_maximum_cycle(composer_with_assert_equal), get_maximum_cycle(composer_no_assert_equal) * 2);
 }
-
 TEST(StandarHonkComposer, BaseCase)
 {
     auto composer = StandardHonkComposer();
-    fr a = fr::one();
-    composer.circuit_constructor.add_public_variable(a);
+    fr a = 1;
+    composer.circuit_constructor.add_variable(a);
 
     auto prover = composer.create_unrolled_prover();
-    // waffle::Verifier verifier = composer.create_verifier();
-    auto multivariates = honk::sumcheck::Multivariates<fr, waffle::STANDARD_HONK_MANIFEST_SIZE>(prover.proving_key);
-    (void)multivariates;
+    auto verifier = composer.create_unrolled_verifier();
+
+    waffle::plonk_proof proof = prover.construct_proof();
+
+    bool verified = verifier.verify_proof(proof);
+    ASSERT_TRUE(verified);
+}
+
+TEST(StandarHonkComposer, TwoGates)
+{
+    auto composer = StandardHonkComposer();
+    // fr a = fr::one();
+    // composer.circuit_constructor.add_public_variable(a);
+
+    uint32_t w_l_1_idx = composer.circuit_constructor.add_variable(1);
+    uint32_t w_r_1_idx = composer.circuit_constructor.add_variable(1);
+    uint32_t w_o_1_idx = composer.circuit_constructor.add_variable(2);
+    uint32_t w_l_2_idx = composer.circuit_constructor.add_variable(2);
+    uint32_t w_r_2_idx = composer.circuit_constructor.add_variable(2);
+    uint32_t w_o_2_idx = composer.circuit_constructor.add_variable(4);
+
+    // composer.create_add_gate({ w_l_1_idx, w_r_1_idx, w_o_1_idx, 1, 1, -1, 0 });
+    // composer.create_mul_gate({ w_l_2_idx, w_r_2_idx, w_o_2_idx, 1, -1, 0 });
+    composer.create_add_gate({ composer.circuit_constructor.zero_idx,
+                               composer.circuit_constructor.zero_idx,
+                               composer.circuit_constructor.zero_idx,
+                               0,
+                               0,
+                               0,
+                               0 });
+    composer.create_mul_gate({ composer.circuit_constructor.zero_idx,
+                               composer.circuit_constructor.zero_idx,
+                               composer.circuit_constructor.zero_idx,
+                               0,
+                               0,
+                               0 });
+
+    auto prover = composer.create_unrolled_prover();
+    auto verifier = composer.create_unrolled_verifier();
+
     waffle::plonk_proof proof = prover.construct_proof();
 
-    // bool result = verifier.verify_proof(proof); // instance, prover.reference_string.SRS_T2);
-    // EXPECT_EQ(result, true);
+    bool verified = verifier.verify_proof(proof);
+    ASSERT_TRUE(verified);
 }
 } // namespace test_standard_honk_composer

cpp/src/aztec/honk/proof_system/prover.cpp

@@ -284,9 +284,9 @@ template <typename settings> void Prover<settings>::execute_relation_check_round
     using Transcript = transcript::StandardTranscript;
     using Sumcheck = sumcheck::Sumcheck<Multivariates,
                                         Transcript,
-                                        sumcheck::ArithmeticRelation,
+                                        sumcheck::ArithmeticRelation/* ,
                                         sumcheck::GrandProductComputationRelation,
-                                        sumcheck::GrandProductInitializationRelation>;
+                                        sumcheck::GrandProductInitializationRelation */>;
 
     // Compute alpha challenge
     transcript.apply_fiat_shamir("alpha");
@@ -295,25 +295,6 @@ template <typename settings> void Prover<settings>::execute_relation_check_round
     auto sumcheck = Sumcheck(multivariates, transcript);
 
     sumcheck.execute_prover();
-
-    // TODO(Cody): Execute as a loop over polynomial manifest? Things thare are called *_lagrange
-    transcript.add_element("w_1", multivariates.folded_polynomials[1][0].to_buffer());
-    transcript.add_element("w_2", multivariates.folded_polynomials[1][0].to_buffer());
-    transcript.add_element("w_3", multivariates.folded_polynomials[2][0].to_buffer());
-    transcript.add_element("z_perm", multivariates.folded_polynomials[3][0].to_buffer());
-    transcript.add_element("q_m", multivariates.folded_polynomials[4][0].to_buffer());
-    transcript.add_element("q_1", multivariates.folded_polynomials[5][0].to_buffer());
-    transcript.add_element("q_2", multivariates.folded_polynomials[6][0].to_buffer());
-    transcript.add_element("q_3", multivariates.folded_polynomials[7][0].to_buffer());
-    transcript.add_element("q_c", multivariates.folded_polynomials[8][0].to_buffer());
-    transcript.add_element("sigma_1", multivariates.folded_polynomials[9][0].to_buffer());
-    transcript.add_element("sigma_2", multivariates.folded_polynomials[10][0].to_buffer());
-    transcript.add_element("sigma_3", multivariates.folded_polynomials[11][0].to_buffer());
-    transcript.add_element("id_1", multivariates.folded_polynomials[12][0].to_buffer());
-    transcript.add_element("id_2", multivariates.folded_polynomials[13][0].to_buffer());
-    transcript.add_element("id_3", multivariates.folded_polynomials[14][0].to_buffer());
-    transcript.add_element("L_first", multivariates.folded_polynomials[15][0].to_buffer());
-    transcript.add_element("L_last", multivariates.folded_polynomials[16][0].to_buffer());
 }
 
 /**
@@ -415,26 +396,26 @@ template <typename settings> waffle::plonk_proof& Prover<settings>::construct_pr
     // // queue currently only handles commitments, not partial multivariate evaluations.
     // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
-    // Fiat-Shamir: rho
-    // Compute Fold polynomials and their commitments.
-    execute_univariatization_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
+    // // Fiat-Shamir: rho
+    // // Compute Fold polynomials and their commitments.
+    // execute_univariatization_round();
+    // // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
-    // Fiat-Shamir: r
-    // Compute Fold evaluations
-    execute_pcs_evaluation_round();
+    // // Fiat-Shamir: r
+    // // Compute Fold evaluations
+    // execute_pcs_evaluation_round();
 
-    // Fiat-Shamir: nu
-    // Compute Shplonk batched quotient commitment
-    execute_shplonk_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
+    // // Fiat-Shamir: nu
+    // // Compute Shplonk batched quotient commitment
+    // execute_shplonk_round();
+    // // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
-    // Fiat-Shamir: z
-    // Compute KZG quotient commitment
-    execute_kzg_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
+    // // Fiat-Shamir: z
+    // // Compute KZG quotient commitment
+    // execute_kzg_round();
+    // // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
-    // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
+    // // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
 
     return export_proof();
 }