Barretenberg: src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp"

#include "barretenberg/commitment_schemes/shplonk/shplemini.hpp"

#include "barretenberg/numeric/bitop/get_msb.hpp"

#include "barretenberg/stdlib/primitives/padding_indicator_array/padding_indicator_array.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb::stdlib::recursion::honk {


template <typename Flavor>


DeciderRecursiveVerifier_<Flavor>::PairingPoints DeciderRecursiveVerifier_<Flavor>::verify_proof(const HonkProof& proof)

{

    StdlibProof stdlib_proof(*builder, proof);

    return verify_proof(stdlib_proof);

}


template <typename Flavor>


DeciderRecursiveVerifier_<Flavor>::PairingPoints DeciderRecursiveVerifier_<Flavor>::verify_proof(

    const StdlibProof& proof)

{

    using Sumcheck = ::bb::SumcheckVerifier<Flavor>;

    using PCS = typename Flavor::PCS;

    using Curve = typename Flavor::Curve;

    using Shplemini = ::bb::ShpleminiVerifier_<Curve>;

    using VerifierCommitments = typename Flavor::VerifierCommitments;

    using ClaimBatcher = ClaimBatcher_<Curve>;

    using ClaimBatch = ClaimBatcher::Batch;


    transcript->load_proof(proof);


    VerifierCommitments commitments{ accumulator->vk_and_hash->vk, accumulator->witness_commitments };

    // DeciderRecursiveVerifier's log circuit size is fixed, hence we are using a trivial `padding_indicator_array`.

    std::vector<FF> padding_indicator_array(Flavor::VIRTUAL_LOG_N, 1);


    Sumcheck sumcheck(transcript, accumulator->alphas, Flavor::VIRTUAL_LOG_N, accumulator->target_sum);

    SumcheckOutput<Flavor> output =

        sumcheck.verify(accumulator->relation_parameters, accumulator->gate_challenges, padding_indicator_array);


    // Execute Shplemini rounds.

    ClaimBatcher claim_batcher{

        .unshifted = ClaimBatch{ commitments.get_unshifted(), output.claimed_evaluations.get_unshifted() },

        .shifted = ClaimBatch{ commitments.get_to_be_shifted(), output.claimed_evaluations.get_shifted() }

    };

    const auto opening_claim = Shplemini::compute_batch_opening_claim(padding_indicator_array,

                                                                      claim_batcher,

                                                                      output.challenge,

                                                                      Commitment::one(builder),

                                                                      transcript,

                                                                      Flavor::REPEATED_COMMITMENTS,

                                                                      Flavor::HasZK);

    auto pairing_points = PCS::reduce_verify_batch_opening_claim(opening_claim, transcript);


    return { pairing_points[0], pairing_points[1] };

}


template class DeciderRecursiveVerifier_<bb::MegaRecursiveFlavor_<MegaCircuitBuilder>>;

template class DeciderRecursiveVerifier_<bb::MegaRecursiveFlavor_<UltraCircuitBuilder>>;

} // namespace bb::stdlib::recursion::honk

bb::MegaFlavor::REPEATED_COMMITMENTS
static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS
Definition mega_flavor.hpp:71

bb::MegaFlavor::Curve
curve::BN254 Curve
Definition mega_flavor.hpp:36

bb::MegaFlavor::HasZK
static constexpr bool HasZK
Definition mega_flavor.hpp:53

bb::MegaFlavor::VIRTUAL_LOG_N
static constexpr size_t VIRTUAL_LOG_N
Definition mega_flavor.hpp:49

bb::MegaFlavor::PCS
KZG< Curve > PCS
Definition mega_flavor.hpp:40

bb::MegaFlavor::VerifierCommitments
VerifierCommitments_< Commitment, VerificationKey > VerifierCommitments
Definition mega_flavor.hpp:648

bb::ShpleminiVerifier_
An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts.
Definition shplemini.hpp:189

bb::SumcheckVerifier
Implementation of the sumcheck Verifier for statements of the form  for multilinear polynomials .
Definition sumcheck.hpp:645

bb::curve::Grumpkin
Definition grumpkin.hpp:50

bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19

bb::stdlib::recursion::honk::DeciderRecursiveVerifier_
Definition decider_recursive_verifier.hpp:17

bb::stdlib::recursion::honk::DeciderRecursiveVerifier_::verify_proof
PairingPoints verify_proof(const HonkProof &proof)
Creates a circuit that executes the decider verifier algorithm up to the final pairing check.
Definition decider_recursive_verifier.cpp:21

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

decider_recursive_verifier.hpp

get_msb.hpp

bb::stdlib::recursion::honk
Definition graph_description_goblin.test.cpp:13

bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15

padding_indicator_array.hpp
For a small integer N = virtual_log_n and a given witness x = log_n, compute in-circuit an indicator_...

shplemini.hpp

bb::ClaimBatcher_
Logic to support batching opening claims for unshifted and shifted polynomials in Shplemini.
Definition claim_batcher.hpp:27

bb::SumcheckOutput
Contains the evaluations of multilinear polynomials  at the challenge point . These are computed by S...
Definition sumcheck_output.hpp:22

bb::SumcheckOutput::claimed_evaluations
ClaimedEvaluations claimed_evaluations
Definition sumcheck_output.hpp:30

bb::SumcheckOutput::challenge
std::vector< FF > challenge
Definition sumcheck_output.hpp:28

bb::stdlib::recursion::PairingPoints< Builder >

transcript.hpp