Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Classes | Public Types | Public Member Functions | Public Attributes | List of all members
bb::avm2::AvmGoblinRecursiveVerifier Class Reference

Recursive verifier of AVM2 proofs that utilizes the Goblin mechanism for efficient EC operations. More...

#include <goblin_avm_recursive_verifier.hpp>

Classes

struct  InnerProverOutput
 

Public Types

using UltraBuilder = UltraCircuitBuilder
 
using MegaBuilder = MegaCircuitBuilder
 
using PairingPoints = bb::stdlib::recursion::PairingPoints< UltraBuilder >
 
using MegaPairingPoints = bb::stdlib::recursion::PairingPoints< MegaBuilder >
 
using UltraFF = stdlib::bn254< UltraBuilder >::ScalarField
 
using RecursiveAvmGoblinOutput = stdlib::recursion::honk::UltraRecursiveVerifierOutput< UltraBuilder >
 

Public Member Functions

 AvmGoblinRecursiveVerifier (UltraBuilder &builder, const std::vector< UltraFF > &outer_key_fields)
 
RecursiveAvmGoblinOutput verify_proof (const stdlib::Proof< UltraBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs) const
 Recursively verify an AVM proof using Goblin and two layers of recursive verification.
 
RecursiveAvmGoblinOutput construct_outer_recursive_verification_circuit (const stdlib::Proof< UltraBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs, const InnerProverOutput &inner_output) const
 Construct the outer circuit which recursively verifies a Mega proof and a Goblin proof.
 
InnerProverOutput construct_and_prove_inner_recursive_verification_circuit (const stdlib::Proof< UltraBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs) const
 Construct and prove the inner Mega-arithmetized AVM recursive verifier circuit.
 

Public Attributes

UltraBuilderultra_builder
 
std::vector< UltraFFouter_key_fields
 
UltraFF vk_hash
 

Detailed Description

Recursive verifier of AVM2 proofs that utilizes the Goblin mechanism for efficient EC operations.

Recursive verification for AVM2 proofs proceeds in two phases: (1) recursive verification of the AVM2 proof in a Mega-arithmetized circuit C_M, and (2) recursive verification of the proof of C_M in an Ultra-arithmetized circuit C_U. This results in a protocol that overall is more efficient than direct recursive verification of the AVM2 proof in an Ultra circuit.

The proof of the Mega-arithmetized AVM2 recursive verifier circuit C_M is of the form {\pi_M, \pi_G}, where \pi_M is a MegaHonk proof and \pi_G is a Goblin proof consisting of an ECCVM proof, a Translator proof, and a Merge proof. \pi_M establishes proper verification of the AVM2 proof up to the deferred EC operations, whose correctness is in turn established by \pi_G. Note: the ECCCVM proof (part of \pi_G) contains an IPA proof. Recursive verification of this component will stop short of full verification, resulting in an IPA claim that must be accumulated with other such claims before final verification later on (e.g. at the root). This is analogous to the aggregation of pairing point inputs for proving systems that use KZG, such as Ultra/MegaHonk.

The Ultra-arithmetized circuit C_U is responsible for recursive verification of {\pi_M, \pi_G}, i.e. it contains both a Mega and a Goblin recursive verifier. The output of this recursive verification is a pairing check accumulator and an IPA claim accumulator. To ensure proper transfer of the AVM2 verifier inputs {\pi, pub_inputs, VK}_{AVM2} between the Mega and Ultra circuits, we utilize a hash consistency check. The representation of these inputs in C_M is hashed and the result h_M is propagated via the public inputs (i.e. it will be contained in \pi_M.pub_inputs). Then, C_U computes the hash h_U of its own representation of the same data and performs the check h_U = \pi_M.pub_inputs.h_M.

Note
The Mega circuit must be constrained to be a genuine AVM2 verifier circuit. This is done by fixing the VK(s) corresponding to proofs {\pi_M, \pi_G} to be circuit constants in C_U.

Definition at line 44 of file goblin_avm_recursive_verifier.hpp.

Member Typedef Documentation

◆ MegaBuilder

using bb::avm2::AvmGoblinRecursiveVerifier::MegaBuilder = MegaCircuitBuilder

Definition at line 47 of file goblin_avm_recursive_verifier.hpp.

◆ MegaPairingPoints

using bb::avm2::AvmGoblinRecursiveVerifier::MegaPairingPoints = bb::stdlib::recursion::PairingPoints<MegaBuilder>

Definition at line 50 of file goblin_avm_recursive_verifier.hpp.

◆ PairingPoints

using bb::avm2::AvmGoblinRecursiveVerifier::PairingPoints = bb::stdlib::recursion::PairingPoints<UltraBuilder>

Definition at line 49 of file goblin_avm_recursive_verifier.hpp.

◆ RecursiveAvmGoblinOutput

using bb::avm2::AvmGoblinRecursiveVerifier::RecursiveAvmGoblinOutput = stdlib::recursion::honk::UltraRecursiveVerifierOutput<UltraBuilder>

Definition at line 56 of file goblin_avm_recursive_verifier.hpp.

◆ UltraBuilder

using bb::avm2::AvmGoblinRecursiveVerifier::UltraBuilder = UltraCircuitBuilder

Definition at line 46 of file goblin_avm_recursive_verifier.hpp.

◆ UltraFF

using bb::avm2::AvmGoblinRecursiveVerifier::UltraFF = stdlib::bn254<UltraBuilder>::ScalarField

Definition at line 52 of file goblin_avm_recursive_verifier.hpp.

Constructor & Destructor Documentation

◆ AvmGoblinRecursiveVerifier()

bb::avm2::AvmGoblinRecursiveVerifier::AvmGoblinRecursiveVerifier ( UltraBuilder builder,
const std::vector< UltraFF > &  outer_key_fields 
)
inlineexplicit

Definition at line 70 of file goblin_avm_recursive_verifier.hpp.

Member Function Documentation

◆ construct_and_prove_inner_recursive_verification_circuit()

InnerProverOutput bb::avm2::AvmGoblinRecursiveVerifier::construct_and_prove_inner_recursive_verification_circuit ( const stdlib::Proof< UltraBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs 
) const
inline

Construct and prove the inner Mega-arithmetized AVM recursive verifier circuit.

Parameters
stdlib_proofAVM proof
public_inputsAVM public inputs
Returns
InnerCircuitOutput proof and verification key for Mega + Goblin; {\pi_M, \pi_G}, {VK_M, VK_G}

Definition at line 180 of file goblin_avm_recursive_verifier.hpp.

◆ construct_outer_recursive_verification_circuit()

RecursiveAvmGoblinOutput bb::avm2::AvmGoblinRecursiveVerifier::construct_outer_recursive_verification_circuit ( const stdlib::Proof< UltraBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs,
const InnerProverOutput inner_output 
) const
inline

Construct the outer circuit which recursively verifies a Mega proof and a Goblin proof.

Parameters
stdlib_proofAVM proof
public_inputsAVM public inputs
inner_outputOutput of the prover of the inner circuit {\pi_M, \pi_G}, {VK_M, VK_G}
Returns
RecursiveAvmGoblinOutput

Definition at line 113 of file goblin_avm_recursive_verifier.hpp.

◆ verify_proof()

RecursiveAvmGoblinOutput bb::avm2::AvmGoblinRecursiveVerifier::verify_proof ( const stdlib::Proof< UltraBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs 
) const
inline

Recursively verify an AVM proof using Goblin and two layers of recursive verification.

First, construct an inner Mega-arithmetized AVM recursive verifier circuit and a corresponding proof {\pi_M, \pi_G}. Then, construct an outer Ultra-arithmetized Mega/Goblin recursive verifier circuit.

Parameters
stdlib_proofAVM proof
public_inputsAVM public inputs
input_points_accumulator
Returns
RecursiveAvmGoblinOutput {ipa_proof, ipa_claim, points_accumulator}

Definition at line 89 of file goblin_avm_recursive_verifier.hpp.

Member Data Documentation

◆ outer_key_fields

std::vector<UltraFF> bb::avm2::AvmGoblinRecursiveVerifier::outer_key_fields

Definition at line 67 of file goblin_avm_recursive_verifier.hpp.

◆ ultra_builder

UltraBuilder& bb::avm2::AvmGoblinRecursiveVerifier::ultra_builder

Definition at line 66 of file goblin_avm_recursive_verifier.hpp.

◆ vk_hash

UltraFF bb::avm2::AvmGoblinRecursiveVerifier::vk_hash

Definition at line 68 of file goblin_avm_recursive_verifier.hpp.

The documentation for this class was generated from the following file: