Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
commitment_key.test.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "barretenberg/commitment_schemes/commitment_key.hpp"
10#include "barretenberg/commitment_schemes/verification_key.hpp"
11#include "barretenberg/constants.hpp"
12#include "barretenberg/ecc/curves/bn254/g1.hpp"
13#include "barretenberg/srs/global_crs.hpp"
14#include "claim.hpp"
15
16#include <gtest/gtest.h>
17
18namespace bb {
19
20constexpr size_t COMMITMENT_TEST_NUM_BN254_POINTS = 4096;
21constexpr size_t COMMITMENT_TEST_NUM_GRUMPKIN_POINTS = 1 << CONST_ECCVM_LOG_N;
22
23template <class Curve> class UnivariateClaimData {
24 using Fr = typename Curve::ScalarField;
25 using Commitment = typename Curve::AffineElement;
26 using Polynomial = bb::Polynomial<Fr>;
27 using OpeningPair = OpeningPair<Curve>;
28
29 public:
30 Polynomial poly;
31 Commitment commitment;
32 OpeningPair opening_pair;
33
39
40 ProverOpeningClaim<Curve> prover_opening_claim() const { return { poly, opening_pair }; }
41
42 OpeningClaim<Curve> verifier_opening_claim() const { return { opening_pair, commitment }; }
43
44 Commitment polynomial_commiment() const { return commitment; };
45
46 static std::vector<ProverOpeningClaim<Curve>> prover_opening_claims(
47 const std::vector<UnivariateClaimData>& claim_data)
48 {
49 std::vector<ProverOpeningClaim<Curve>> prover_claims;
50 for (const auto& claim : claim_data) {
51 prover_claims.emplace_back(claim.prover_opening_claim());
52 }
53
54 return prover_claims;
55 }
56
57 static std::vector<OpeningClaim<Curve>> verifier_opening_claims(const std::vector<UnivariateClaimData>& claim_data)
58 {
59 std::vector<OpeningClaim<Curve>> verifier_claims;
60 for (const auto& claim : claim_data) {
61 verifier_claims.emplace_back(claim.verifier_opening_claim());
62 }
63
64 return verifier_claims;
65 }
66
67 static std::vector<Commitment> polynomial_commitments(const std::vector<UnivariateClaimData>& claim_data)
68 {
69 std::vector<Commitment> commitments;
70 for (const auto& claim : claim_data) {
71 commitments.emplace_back(claim.polynomial_commiment());
72 }
73
74 return commitments;
75 }
76};
77
78template <class CK> CK create_commitment_key(const size_t num_points = 0);
79
80template <>
81inline CommitmentKey<curve::BN254> create_commitment_key<CommitmentKey<curve::BN254>>(const size_t num_points)
82{
83 bb::srs::init_file_crs_factory(bb::srs::bb_crs_path());
84 if (num_points != 0) {
85 return CommitmentKey<curve::BN254>(num_points);
86 };
87 return CommitmentKey<curve::BN254>(COMMITMENT_TEST_NUM_BN254_POINTS);
88}
89// For IPA
90template <>
91inline CommitmentKey<curve::Grumpkin> create_commitment_key<CommitmentKey<curve::Grumpkin>>(const size_t num_points)
92{
93 srs::init_file_crs_factory(bb::srs::bb_crs_path());
94 if (num_points != 0) {
95 return CommitmentKey<curve::Grumpkin>(num_points);
96 }
97 return CommitmentKey<curve::Grumpkin>(COMMITMENT_TEST_NUM_GRUMPKIN_POINTS);
98}
99
100template <typename CK> inline CK create_commitment_key(size_t num_points)
101// requires std::default_initializable<CK>
102{
103 return CK(num_points);
104}
105
106template <class VK> inline VK create_verifier_commitment_key();
107
108template <>
109inline VerifierCommitmentKey<curve::BN254> create_verifier_commitment_key<VerifierCommitmentKey<curve::BN254>>()
110{
111 return VerifierCommitmentKey<curve::BN254>();
112}
113// For IPA
114template <>
115inline VerifierCommitmentKey<curve::Grumpkin> create_verifier_commitment_key<VerifierCommitmentKey<curve::Grumpkin>>()
116{
117 srs::init_file_crs_factory(bb::srs::bb_crs_path());
118 return VerifierCommitmentKey<curve::Grumpkin>(COMMITMENT_TEST_NUM_GRUMPKIN_POINTS, srs::get_grumpkin_crs_factory());
119}
120template <typename VK> VK create_verifier_commitment_key()
121// requires std::default_initializable<VK>
122{
123 return VK();
124}
125template <typename Curve> class CommitmentTest : public ::testing::Test {
126 using CK = CommitmentKey<Curve>;
127 using VK = VerifierCommitmentKey<Curve>;
128
129 using Fr = typename Curve::ScalarField;
130 using Commitment = typename Curve::AffineElement;
131 using Polynomial = bb::Polynomial<Fr>;
132
133 public:
134 CommitmentTest()
135 : engine{ &numeric::get_randomness() }
136 {}
137
138 const CK& ck() { return commitment_key; }
139 VK& vk() { return verification_key; }
140
141 Commitment commit(const Polynomial& polynomial) { return commitment_key.commit(polynomial); }
142
143 Fr random_element() { return Fr::random_element(engine); }
144
145 Polynomial random_polynomial(const size_t poly_size) { return Polynomial::random(poly_size); }
146
147 OpeningPair<Curve> random_eval(const Polynomial& polynomial)
148 {
149 Fr x{ random_element() };
150 Fr y{ polynomial.evaluate(x) };
151 return { x, y };
152 }
153
154 std::vector<Fr> random_evaluation_point(const size_t num_variables)
155 {
156 std::vector<Fr> u(num_variables);
157 for (size_t l = 0; l < num_variables; ++l) {
158 u[l] = random_element();
159 }
160 return u;
161 }
162
163 void verify_opening_claim(const OpeningClaim<Curve>& claim,
164 const Polynomial& witness,
165 CommitmentKey<Curve> ck = CommitmentKey<Curve>())
166 {
167 auto& commitment = claim.commitment;
168 auto& [x, y] = claim.opening_pair;
169 Fr y_expected = witness.evaluate(x);
170 EXPECT_EQ(y, y_expected) << "OpeningClaim: evaluations mismatch";
171 Commitment commitment_expected;
172
173 if (!ck.srs) {
174 commitment_expected = commit(witness);
175 } else {
176 commitment_expected = ck.commit(witness);
177 }
178
179 EXPECT_EQ(commitment, commitment_expected) << "OpeningClaim: commitment mismatch";
180 }
181
182 void verify_opening_pair(const OpeningPair<Curve>& opening_pair, const Polynomial& witness)
183 {
184 auto& [x, y] = opening_pair;
185 Fr y_expected = witness.evaluate(x);
186 EXPECT_EQ(y, y_expected) << "OpeningPair: evaluations mismatch";
187 }
188
196 void verify_batch_opening_claim(std::span<const OpeningClaim<Curve>> multi_claims,
197 std::span<const Polynomial> witnesses)
198 {
199 const size_t num_claims = multi_claims.size();
200 ASSERT_EQ(witnesses.size(), num_claims);
201
202 for (size_t j = 0; j < num_claims; ++j) {
203 this->verify_opening_claim(multi_claims[j], witnesses[j]);
204 }
205 }
206
211 void verify_batch_opening_pair(std::vector<ProverOpeningClaim<Curve>> opening_claims)
212 {
213 for (auto claim : opening_claims) {
214 auto& [x, y] = claim.opening_pair;
215 Fr y_expected = claim.polynomial.evaluate(x);
216 EXPECT_EQ(y, y_expected) << "OpeningPair: evaluations mismatch";
217 }
218 }
219
220 // Generate random claim data
221 std::vector<UnivariateClaimData<Curve>> generate_claim_data(const std::vector<size_t>& poly_sizes)
222 {
223 const size_t num_claims = poly_sizes.size();
224 std::vector<UnivariateClaimData<Curve>> claims;
225 claims.reserve(num_claims);
226 for (const auto& poly_size : poly_sizes) {
227 auto r = this->random_element();
228 auto poly = this->random_polynomial(poly_size);
229 auto eval = poly.evaluate(r);
230 auto commitment = this->commit(poly);
231
232 OpeningPair<Curve> opening_pair(r, eval);
233 UnivariateClaimData<Curve> claim(poly, commitment, opening_pair);
234 claims.emplace_back(claim);
235 }
236
237 return claims;
238 }
239
240 // Linearly combine multiple claims and append new claim
241 std::pair<std::vector<Fr>, std::vector<Fr>> combine_claims(std::vector<UnivariateClaimData<Curve>>& claims)
242 {
243 const size_t num_claims = claims.size();
244 size_t max_poly_size = 0;
245
246 // Generate random coefficients and find max poly size
247 std::vector<Fr> coefficients;
248 coefficients.reserve(num_claims);
249 for (size_t idx = 0; idx < num_claims; idx++) {
250 coefficients.emplace_back(this->random_element());
251 max_poly_size = std::max(max_poly_size, claims[idx].poly.size());
252 }
253 // Generate random linear combination
254 auto challenge = this->random_element();
255 Polynomial linear_combination(max_poly_size);
256 Fr eval = 0;
257 std::vector<Fr> evals;
258 evals.reserve(num_claims);
259 for (const auto& [coeff, claim] : zip_view(coefficients, claims)) {
260 linear_combination.add_scaled(claim.poly, coeff);
261 // Compute evaluation
262 auto tmp = claim.poly.evaluate(challenge);
263 evals.emplace_back(tmp);
264 eval += coeff * tmp;
265 }
266
267 Commitment commitment = this->commit(linear_combination);
268 OpeningPair<Curve> opening_pair(challenge, eval);
269 UnivariateClaimData<Curve> new_claim(linear_combination, commitment, opening_pair);
270 claims.emplace_back(new_claim);
271
272 return std::make_pair(coefficients, evals);
273 }
274
275 numeric::RNG* engine;
276
277 // Per-test-suite set-up.
278 // Called before the first test in this test suite.
279 // Can be omitted if not needed.
280 static void SetUpTestSuite()
281 {
282 // Avoid reallocating static objects if called in subclasses of FooTest.
283 if (!commitment_key.initialized()) {
284 commitment_key = create_commitment_key<CK>();
285 }
286 if (!verification_key.initialized()) {
287 verification_key = create_verifier_commitment_key<VK>();
288 }
289 }
290
291 // Per-test-suite tear-down.
292 // Called after the last test in this test suite.
293 // Can be omitted if not needed.
294 static void TearDownTestSuite() {}
295
296 static CK commitment_key;
297 static VK verification_key;
298};
299
300template <typename Curve> CommitmentKey<Curve> CommitmentTest<Curve>::commitment_key;
301template <typename Curve> VerifierCommitmentKey<Curve> CommitmentTest<Curve>::verification_key;
302
303using CommitmentSchemeParams = ::testing::Types<curve::BN254>;
304using IpaCommitmentSchemeParams = ::testing::Types<curve::Grumpkin>;
305
306} // namespace bb
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:40
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:87
bb::CommitmentKey::initialized
bool initialized() const
Checks the commitment key is properly initialized.
Definition commitment_key.hpp:79
bb::CommitmentKey::srs
std::shared_ptr< srs::factories::Crs< Curve > > srs
Definition commitment_key.hpp:58
bb::CommitmentTest::commit
Commitment commit(const Polynomial &polynomial)
Definition commitment_key.test.hpp:141
bb::CommitmentTest::verify_opening_pair
void verify_opening_pair(const OpeningPair< Curve > &opening_pair, const Polynomial &witness)
Definition commitment_key.test.hpp:182
bb::CommitmentTest::random_polynomial
Polynomial random_polynomial(const size_t poly_size)
Definition commitment_key.test.hpp:145
bb::CommitmentTest::Fr
typename Curve::ScalarField Fr
Definition commitment_key.test.hpp:129
bb::CommitmentTest::verify_batch_opening_pair
void verify_batch_opening_pair(std::vector< ProverOpeningClaim< Curve > > opening_claims)
Ensures that a set of opening pairs is correct by checking that evaluations are correct by recomputin...
Definition commitment_key.test.hpp:211
bb::CommitmentTest::random_evaluation_point
std::vector< Fr > random_evaluation_point(const size_t num_variables)
Definition commitment_key.test.hpp:154
bb::CommitmentTest::verify_opening_claim
void verify_opening_claim(const OpeningClaim< Curve > &claim, const Polynomial &witness, CommitmentKey< Curve > ck=CommitmentKey< Curve >())
Definition commitment_key.test.hpp:163
bb::CommitmentTest::verify_batch_opening_claim
void verify_batch_opening_claim(std::span< const OpeningClaim< Curve > > multi_claims, std::span< const Polynomial > witnesses)
Ensures that a 'BatchOpeningClaim' is correct by checking that.
Definition commitment_key.test.hpp:196
bb::CommitmentTest::Commitment
typename Curve::AffineElement Commitment
Definition commitment_key.test.hpp:130
bb::CommitmentTest::generate_claim_data
std::vector< UnivariateClaimData< Curve > > generate_claim_data(const std::vector< size_t > &poly_sizes)
Definition commitment_key.test.hpp:221
bb::CommitmentTest::combine_claims
std::pair< std::vector< Fr >, std::vector< Fr > > combine_claims(std::vector< UnivariateClaimData< Curve > > &claims)
Definition commitment_key.test.hpp:241
bb::CommitmentTest::random_eval
OpeningPair< Curve > random_eval(const Polynomial &polynomial)
Definition commitment_key.test.hpp:147
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:53
bb::OpeningClaim::opening_pair
OpeningPair< Curve > opening_pair
Definition claim.hpp:62
bb::OpeningClaim::commitment
Commitment commitment
Definition claim.hpp:64
bb::OpeningPair
Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v.
Definition claim.hpp:19
bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:74
bb::Polynomial::random
static Polynomial random(size_t size, size_t start_index=0)
Definition polynomial.hpp:312
bb::Polynomial::evaluate
Fr evaluate(const Fr &z, size_t target_size) const
Definition polynomial.cpp:190
bb::Polynomial::add_scaled
void add_scaled(PolynomialSpan< const Fr > other, Fr scaling_factor) &
adds the polynomial q(X) 'other', multiplied by a scaling factor.
Definition polynomial.cpp:335
bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:34
bb::UnivariateClaimData::prover_opening_claim
ProverOpeningClaim< Curve > prover_opening_claim() const
Definition commitment_key.test.hpp:40
bb::UnivariateClaimData::Fr
typename Curve::ScalarField Fr
Definition commitment_key.test.hpp:24
bb::UnivariateClaimData::polynomial_commitments
static std::vector< Commitment > polynomial_commitments(const std::vector< UnivariateClaimData > &claim_data)
Definition commitment_key.test.hpp:67
bb::UnivariateClaimData::verifier_opening_claims
static std::vector< OpeningClaim< Curve > > verifier_opening_claims(const std::vector< UnivariateClaimData > &claim_data)
Definition commitment_key.test.hpp:57
bb::UnivariateClaimData::prover_opening_claims
static std::vector< ProverOpeningClaim< Curve > > prover_opening_claims(const std::vector< UnivariateClaimData > &claim_data)
Definition commitment_key.test.hpp:46
bb::UnivariateClaimData::Commitment
typename Curve::AffineElement Commitment
Definition commitment_key.test.hpp:25
bb::UnivariateClaimData::OpeningPair
OpeningPair< Curve > OpeningPair
Definition commitment_key.test.hpp:27
bb::UnivariateClaimData::polynomial_commiment
Commitment polynomial_commiment() const
Definition commitment_key.test.hpp:44
bb::UnivariateClaimData::UnivariateClaimData
UnivariateClaimData(Polynomial &poly, Commitment &commitment, OpeningPair &opening_pair)
Definition commitment_key.test.hpp:34
bb::UnivariateClaimData::verifier_opening_claim
OpeningClaim< Curve > verifier_opening_claim() const
Definition commitment_key.test.hpp:42
bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:56
zip_view
Definition zip_view.hpp:166
commitment_key.hpp
global_crs.hpp
bb::numeric::get_randomness
RNG & get_randomness()
Definition engine.cpp:203
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
bb::srs::get_grumpkin_crs_factory
std::shared_ptr< factories::CrsFactory< curve::Grumpkin > > get_grumpkin_crs_factory()
Definition global_crs.cpp:80
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::create_commitment_key
CommitmentKey< Curve > create_commitment_key(const size_t num_points)
Definition commit.bench.cpp:16
bb::CommitmentSchemeParams
::testing::Types< curve::BN254 > CommitmentSchemeParams
Definition commitment_key.test.hpp:303
bb::COMMITMENT_TEST_NUM_BN254_POINTS
constexpr size_t COMMITMENT_TEST_NUM_BN254_POINTS
Definition commitment_key.test.hpp:20
bb::COMMITMENT_TEST_NUM_GRUMPKIN_POINTS
constexpr size_t COMMITMENT_TEST_NUM_GRUMPKIN_POINTS
Definition commitment_key.test.hpp:21
bb::create_verifier_commitment_key
VK create_verifier_commitment_key()
Definition commitment_key.test.hpp:120
bb::IpaCommitmentSchemeParams
::testing::Types< curve::Grumpkin > IpaCommitmentSchemeParams
Definition commitment_key.test.hpp:304
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665
verification_key.hpp