Common transcript class for both parties. Stores the data for the current round, as well as the manifest. More...
#include <transcript.hpp>
Public Types | |
| using | DataType = TranscriptParams::DataType |
| using | Proof = typename TranscriptParams::Proof |
Public Member Functions | |
| BaseTranscript () | |
| std::vector< DataType > | export_proof () |
| Return the proof data starting at proof_start. | |
| void | load_proof (const std::vector< DataType > &proof) |
| size_t | size_proof_data () |
| Return the size of proof_data. | |
| void | enable_manifest () |
| Enables the manifest. | |
| template<typename ChallengeType , typename... Strings> | |
| std::array< ChallengeType, sizeof...(Strings)> | get_challenges (const Strings &... labels) |
| After all the prover messages have been sent, finalize the round by hashing all the data and then create the number of requested challenges. | |
| template<typename ChallengeType , typename String , std::size_t N> | |
| std::array< ChallengeType, N > | get_challenges (std::array< String, N > const &labels) |
| Wrapper around get_challenges to handle array of challenges. | |
| template<typename ChallengeType > | |
| std::vector< ChallengeType > | compute_round_challenge_pows (const size_t num_powers, const ChallengeType &round_challenge) |
| Given δ, compute the vector [δ, δ^2,..., δ^2^num_powers]. | |
| template<typename ChallengeType , typename String > | |
| std::vector< ChallengeType > | get_powers_of_challenge (const String &label, size_t num_challenges) |
| template<class T > | |
| void | add_to_independent_hash_buffer (const std::string &label, const T &element) |
| Adds an element to an independent hash buffer. | |
| DataType | hash_independent_buffer () |
| Hashes the independent hash buffer and clears it. | |
| template<class T > | |
| void | add_to_hash_buffer (const std::string &label, const T &element) |
| Adds an element to the transcript. | |
| template<class T > | |
| void | send_to_verifier (const std::string &label, const T &element) |
| Adds a prover message to the transcript, only intended to be used by the prover. | |
| template<class T > | |
| T | receive_from_prover (const std::string &label) |
Reads the next element of type T from the transcript, with a predefined label, only used by verifier. | |
| template<typename ChallengeType > | |
| ChallengeType | get_challenge (const std::string &label) |
| TranscriptManifest | get_manifest () const |
| void | print () |
| BaseTranscript | branch_transcript () |
| Branch a transcript to perform verifier-only computations. | |
Static Public Member Functions | |
| static DataType | hash (const std::vector< DataType > &data) |
| Static hash method that forwards to TranscriptParams hash. | |
| template<typename T > | |
| static std::vector< DataType > | serialize (const T &element) |
| Serialize a size_t to a vector of field elements. | |
| static std::shared_ptr< BaseTranscript > | convert_prover_transcript_to_verifier_transcript (const std::shared_ptr< BaseTranscript > &prover_transcript) |
| Convert a prover transcript to a verifier transcript. | |
| static std::shared_ptr< BaseTranscript > | prover_init_empty () |
| For testing: initializes transcript with some arbitrary data so that a challenge can be generated after initialization. Only intended to be used by Prover. | |
| static std::shared_ptr< BaseTranscript > | verifier_init_empty (const std::shared_ptr< BaseTranscript > &transcript) |
| For testing: initializes transcript based on proof data then receives junk data produced by BaseTranscript::prover_init_empty(). Only intended to be used by Verifier. | |
Public Attributes | |
| size_t | transcript_index = 0 |
| size_t | round_index = 0 |
| bool | reception_phase = true |
| std::ptrdiff_t | proof_start = 0 |
| size_t | num_frs_written = 0 |
| size_t | num_frs_read = 0 |
| size_t | round_number = 0 |
Static Public Attributes | |
| static constexpr bool | in_circuit = InCircuit<DataType> |
| static constexpr size_t | HASH_OUTPUT_SIZE = 32 |
Protected Member Functions | |
| void | add_element_frs_to_hash_buffer (const std::string &label, std::span< const DataType > element_frs) |
| Adds challenge elements to the current_round_buffer and updates the manifest. | |
| template<typename T > | |
| void | serialize_to_buffer (const T &element, Proof &proof_data) |
| Serializes object and appends it to proof_data. | |
| template<typename T > | |
| T | deserialize_from_buffer (const Proof &proof_data, size_t &offset) const |
| Deserializes the frs starting at offset into the typed element and returns that element. | |
Protected Attributes | |
| Proof | proof_data |
Private Member Functions | |
| std::array< DataType, 2 > | get_next_duplex_challenge_buffer (size_t num_challenges) |
| Compute next challenge c_next = H( Compress(c_prev || round_buffer) ) | |
Private Attributes | |
| bool | is_first_challenge = true |
| DataType | previous_challenge {} |
| std::vector< DataType > | current_round_data |
| std::vector< DataType > | independent_hash_buffer |
| bool | use_manifest = false |
| TranscriptManifest | manifest |
Detailed Description
class bb::BaseTranscript< TranscriptParams >
Common transcript class for both parties. Stores the data for the current round, as well as the manifest.
Definition at line 154 of file transcript.hpp.
Member Typedef Documentation
◆ DataType
| using bb::BaseTranscript< TranscriptParams >::DataType = TranscriptParams::DataType |
Definition at line 156 of file transcript.hpp.
◆ Proof
| using bb::BaseTranscript< TranscriptParams >::Proof = typename TranscriptParams::Proof |
Definition at line 157 of file transcript.hpp.
Constructor & Destructor Documentation
◆ BaseTranscript()
|
inline |
Definition at line 172 of file transcript.hpp.
Member Function Documentation
◆ add_element_frs_to_hash_buffer()
|
inlineprotected |
Adds challenge elements to the current_round_buffer and updates the manifest.
- Parameters
-
label of the element sent element_frs serialized
Definition at line 257 of file transcript.hpp.
◆ add_to_hash_buffer()
|
inline |
Adds an element to the transcript.
Serializes the element to frs and adds it to the current_round_data buffer. Does NOT add the element to the proof.
- Parameters
-
label Human-readable name for the challenge. element Element to be added.
Definition at line 506 of file transcript.hpp.
◆ add_to_independent_hash_buffer()
|
inline |
Adds an element to an independent hash buffer.
Serializes the element to frs and adds it to the independent hash buffer. Does NOT add the element to the proof.
- Parameters
-
label Human-readable name for the challenge. element Element to be added.
Definition at line 455 of file transcript.hpp.
◆ branch_transcript()
|
inline |
Branch a transcript to perform verifier-only computations.
This function takes the current state of a transcript and creates a new transcript that starts from that state. In this way, computations that are not part of the prover's transcript (e.g., computations that can be used to perform calculations more efficiently) will not affect the verifier's transcript.
If transcript = (.., previous_challenge), then for soundness it is enough that branched_transcript = (previous_challenge, ...) However, there are a few implementation details we need to take into account:
branched_transcriptwill interact with witnesses that come fromtranscript. To prevent the tool that detects FS bugs from raising an error, we must ensure thatbranched_transcript.transcript_index = transcript.transcript_index.- To aid debugging, we set
branched_transcript.round_index = transcript.round_index, so that it is clear thatbranched_transcriptbuilds on the current state oftranscript. - To aid debugging, we increase
transcript.round_indexbyBRANCHING_JUMP, so that there is a gap between what happens before and after the transcript is branched. - To ensure soundness: a. We add to the hash buffer of
branched_transcriptthe valuetranscript.previous_challengeb. We enforce ASSERT(current_round_data.empty())
- Note
- We could remove 4.b and add to the hash buffer of
branched_transcriptbothtranscript.previous_challengeandtranscript.current_round_data. However, this would conflict with 3 (as the round intranscriptis not finished yet). There seems to be no reason why the branching cannot happen after the round is concluded, so we choose this implementation.
The relation between the transcript and the branched transcript is the following:
round_index transcript branched_transcript 0 * 1 | | | | | n * ================= *
n+BRANCHING_JUMP * | n+6 | | | | | ... ... ...
- Returns
- BaseTranscript
Definition at line 739 of file transcript.hpp.
◆ compute_round_challenge_pows()
|
inline |
Given δ, compute the vector [δ, δ^2,..., δ^2^num_powers].
This is Step 2 of the protocol as written in the paper.
Definition at line 430 of file transcript.hpp.
◆ convert_prover_transcript_to_verifier_transcript()
|
inlinestatic |
Convert a prover transcript to a verifier transcript.
- Parameters
-
prover_transcript The prover transcript to convert
- Returns
- std::shared_ptr<BaseTranscript> The verifier transcript
Definition at line 637 of file transcript.hpp.
◆ deserialize_from_buffer()
|
inlineprotected |
Deserializes the frs starting at offset into the typed element and returns that element.
Using the template parameter and the offset argument, this function deserializes the frs with from_buffer and then increments the offset appropriately based on the number of frs that were deserialized.
- Template Parameters
-
T
- Parameters
-
proof_data offset
- Returns
- T
Definition at line 289 of file transcript.hpp.
◆ enable_manifest()
|
inline |
Enables the manifest.
Definition at line 335 of file transcript.hpp.
◆ export_proof()
|
inline |
Return the proof data starting at proof_start.
This function returns the elements of the transcript in the interval [proof_start : proof_start + num_frs_written] and then updates proof_start. It is useful for when two provers share a transcript, as calling export_proof at the end of each provers' code returns the slices T_1, T_2 of the transcript that must be loaded by the verifiers via load_proof.
Definition at line 310 of file transcript.hpp.
◆ get_challenge()
|
inline |
Definition at line 676 of file transcript.hpp.
◆ get_challenges() [1/2]
|
inline |
After all the prover messages have been sent, finalize the round by hashing all the data and then create the number of requested challenges.
Challenges are generated by iteratively hashing over the previous challenge, using get_next_challenge_buffer(). Note that the pairs of challenges will be 128 and 126 bits, as in they will be [128, 126, 128, 126, ...].
- Parameters
-
labels human-readable names for the challenges for the manifest
- Returns
- std::array<Fr, num_challenges> challenges for this round.
Definition at line 369 of file transcript.hpp.
◆ get_challenges() [2/2]
|
inline |
Wrapper around get_challenges to handle array of challenges.
- Parameters
-
array of labels human-readable names for the challenges for the manifest
- Returns
- std::array<ChallengeType, N> challenges for this round.
Definition at line 419 of file transcript.hpp.
◆ get_manifest()
|
inline |
Definition at line 686 of file transcript.hpp.
◆ get_next_duplex_challenge_buffer()
|
inlineprivate |
Compute next challenge c_next = H( Compress(c_prev || round_buffer) )
This function computes a new challenge for the current round using the previous challenge and the current round data, if they exist. It clears the current_round_data if nonempty after computing the challenge to minimize how much we compress. It also sets previous_challenge to the current challenge buffer to set up next function call.
Definition at line 208 of file transcript.hpp.
◆ get_powers_of_challenge()
|
inline |
Definition at line 442 of file transcript.hpp.
◆ hash()
|
inlinestatic |
Static hash method that forwards to TranscriptParams hash.
This method allows hash to be called on the Transcript class directly, which is needed for verification key hashing.
- Parameters
-
data Vector of field elements to hash
- Returns
- Fr Hash result
Definition at line 345 of file transcript.hpp.
◆ hash_independent_buffer()
|
inline |
Hashes the independent hash buffer and clears it.
- Returns
- Fr The hash of the independent hash buffer.
Definition at line 491 of file transcript.hpp.
◆ load_proof()
|
inline |
Definition at line 319 of file transcript.hpp.
◆ print()
|
inline |
Definition at line 688 of file transcript.hpp.
◆ prover_init_empty()
|
inlinestatic |
For testing: initializes transcript with some arbitrary data so that a challenge can be generated after initialization. Only intended to be used by Prover.
- Returns
- BaseTranscript
Definition at line 653 of file transcript.hpp.
◆ receive_from_prover()
|
inline |
Reads the next element of type T from the transcript, with a predefined label, only used by verifier.
- Parameters
-
label Human readable name for the challenge.
- Returns
- deserialized element of type T
Definition at line 591 of file transcript.hpp.
◆ send_to_verifier()
|
inline |
Adds a prover message to the transcript, only intended to be used by the prover.
Serializes the provided object into proof_data, and updates the current round state in add_element_frs_to_hash_buffer.
- Parameters
-
label Description/name of the object being added. element Serializable object that will be added to the transcript
- Todo:
- Use a concept to only allow certain types to be passed. Requirements are that the object should be serializable.
Definition at line 550 of file transcript.hpp.
◆ serialize()
|
inlinestatic |
Serialize a size_t to a vector of field elements.
- Parameters
-
element
- Returns
- std::vector<DataType>
Definition at line 353 of file transcript.hpp.
◆ serialize_to_buffer()
|
inlineprotected |
Serializes object and appends it to proof_data.
Calls to_buffer on element to serialize, and modifies proof_data object by appending the serialized frs to it.
- Template Parameters
-
T
- Parameters
-
element proof_data
Definition at line 275 of file transcript.hpp.
◆ size_proof_data()
|
inline |
◆ verifier_init_empty()
|
inlinestatic |
For testing: initializes transcript based on proof data then receives junk data produced by BaseTranscript::prover_init_empty(). Only intended to be used by Verifier.
- Parameters
-
transcript
- Returns
- BaseTranscript
Definition at line 668 of file transcript.hpp.
Member Data Documentation
◆ current_round_data
|
private |
Definition at line 191 of file transcript.hpp.
◆ HASH_OUTPUT_SIZE
|
staticconstexpr |
Definition at line 180 of file transcript.hpp.
◆ in_circuit
|
staticconstexpr |
Definition at line 160 of file transcript.hpp.
◆ independent_hash_buffer
|
private |
Definition at line 193 of file transcript.hpp.
◆ is_first_challenge
|
private |
Definition at line 188 of file transcript.hpp.
◆ manifest
|
private |
Definition at line 198 of file transcript.hpp.
◆ num_frs_read
| size_t bb::BaseTranscript< TranscriptParams >::num_frs_read = 0 |
Definition at line 184 of file transcript.hpp.
◆ num_frs_written
| size_t bb::BaseTranscript< TranscriptParams >::num_frs_written = 0 |
Definition at line 183 of file transcript.hpp.
◆ previous_challenge
|
private |
Definition at line 189 of file transcript.hpp.
◆ proof_data
|
protected |
Definition at line 249 of file transcript.hpp.
◆ proof_start
| std::ptrdiff_t bb::BaseTranscript< TranscriptParams >::proof_start = 0 |
Definition at line 182 of file transcript.hpp.
◆ reception_phase
| bool bb::BaseTranscript< TranscriptParams >::reception_phase = true |
Definition at line 170 of file transcript.hpp.
◆ round_index
| size_t bb::BaseTranscript< TranscriptParams >::round_index = 0 |
Definition at line 167 of file transcript.hpp.
◆ round_number
| size_t bb::BaseTranscript< TranscriptParams >::round_number = 0 |
Definition at line 185 of file transcript.hpp.
◆ transcript_index
| size_t bb::BaseTranscript< TranscriptParams >::transcript_index = 0 |
Definition at line 163 of file transcript.hpp.
◆ use_manifest
|
private |
Definition at line 195 of file transcript.hpp.
The documentation for this class was generated from the following file:
- src/barretenberg/transcript/transcript.hpp
