Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
eccvm_prover.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8#include "barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp"
9#include "barretenberg/eccvm/eccvm_flavor.hpp"
10#include "barretenberg/goblin/translation_evaluations.hpp"
11#include "barretenberg/honk/library/grand_product_library.hpp"
12#include "barretenberg/honk/proof_system/types/proof.hpp"
13#include "barretenberg/relations/relation_parameters.hpp"
14#include "barretenberg/sumcheck/sumcheck_output.hpp"
15#include "barretenberg/sumcheck/zk_sumcheck_data.hpp"
16#include "barretenberg/transcript/transcript.hpp"
17
18namespace bb {
19
20// We won't compile this class with Standard, but we will like want to compile it (at least for testing)
21// with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc.
22class ECCVMProver {
23 public:
24 using Flavor = ECCVMFlavor;
25 using FF = Flavor::FF;
26 using BF = Flavor::BF;
27 using Commitment = Flavor::Commitment;
28 using PCS = Flavor::PCS;
29 using CommitmentKey = Flavor::CommitmentKey;
30 using ProvingKey = Flavor::ProvingKey;
31 using Polynomial = Flavor::Polynomial;
32 using CommitmentLabels = Flavor::CommitmentLabels;
33 using Transcript = Flavor::Transcript;
34 using TranslationEvaluations = bb::TranslationEvaluations_<FF>;
35 using CircuitBuilder = Flavor::CircuitBuilder;
36 using ZKData = ZKSumcheckData<Flavor>;
37 using SmallSubgroupIPA = SmallSubgroupIPAProver<Flavor>;
38 using OpeningClaim = ProverOpeningClaim<Flavor::Curve>;
39
40 explicit ECCVMProver(CircuitBuilder& builder,
41 const std::shared_ptr<Transcript>& transcript,
42 const std::shared_ptr<Transcript>& ipa_transcript = std::make_shared<Transcript>());
43
44 BB_PROFILE void execute_preamble_round();
45 BB_PROFILE void execute_wire_commitments_round();
46 BB_PROFILE void execute_log_derivative_commitments_round();
47 BB_PROFILE void execute_grand_product_computation_round();
48 BB_PROFILE void execute_relation_check_rounds();
49 BB_PROFILE void execute_pcs_rounds();
50 BB_PROFILE void execute_transcript_consistency_univariate_opening_round();
51
52 ECCVMProof export_proof();
53 ECCVMProof construct_proof();
54 void compute_translation_opening_claims();
55 void commit_to_witness_polynomial(Polynomial& polynomial,
56 const std::string& label,
57 CommitmentKey::CommitType commit_type = CommitmentKey::CommitType::Default,
58 const std::vector<std::pair<size_t, size_t>>& active_ranges = {});
59
60 std::shared_ptr<Transcript> transcript;
61 std::shared_ptr<Transcript> ipa_transcript;
62
63 size_t unmasked_witness_size;
64
65 // Final ShplonkProver consumes an array consisting of Translation Opening Claims and a
66 // `multivariate_to_univariate_opening_claim`
67 static constexpr size_t NUM_OPENING_CLAIMS = ECCVMFlavor::NUM_TRANSLATION_OPENING_CLAIMS + 1;
68 std::array<OpeningClaim, NUM_OPENING_CLAIMS> opening_claims;
69
70 TranslationEvaluations translation_evaluations;
71
72 std::vector<FF> public_inputs;
73
74 bb::RelationParameters<FF> relation_parameters;
75
76 std::shared_ptr<ProvingKey> key;
77
78 CommitmentLabels commitment_labels;
79 ZKData zk_sumcheck_data;
80
81 FF evaluation_challenge_x;
82 FF batching_challenge_v;
83
84 SumcheckOutput<Flavor> sumcheck_output;
85};
86
87} // namespace bb
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:154
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:40
bb::ECCVMFlavor::CommitmentLabels
A container for commitment labels.
Definition eccvm_flavor.hpp:877
bb::ECCVMFlavor::ProvingKey
The proving key is responsible for storing the polynomials used by the prover.
Definition eccvm_flavor.hpp:764
bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:41
bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:36
bb::ECCVMFlavor::Commitment
typename G1::affine_element Commitment
Definition eccvm_flavor.hpp:45
bb::ECCVMFlavor::BF
typename Curve::BaseField BF
Definition eccvm_flavor.hpp:42
bb::ECCVMFlavor::Polynomial
bb::Polynomial< FF > Polynomial
Definition eccvm_flavor.hpp:43
bb::ECCVMFlavor::NUM_TRANSLATION_OPENING_CLAIMS
static constexpr size_t NUM_TRANSLATION_OPENING_CLAIMS
Definition eccvm_flavor.hpp:155
bb::ECCVMFlavor::CommitmentKey
bb::CommitmentKey< Curve > CommitmentKey
Definition eccvm_flavor.hpp:46
bb::ECCVMFlavor::Transcript
NativeTranscript Transcript
Definition eccvm_flavor.hpp:49
bb::ECCVMFlavor::PCS
IPA< Curve > PCS
Definition eccvm_flavor.hpp:40
bb::ECCVMProver::construct_proof
ECCVMProof construct_proof()
Definition eccvm_prover.cpp:208
bb::ECCVMProver::execute_transcript_consistency_univariate_opening_round
BB_PROFILE void execute_transcript_consistency_univariate_opening_round()
bb::ECCVMProver::Commitment
Flavor::Commitment Commitment
Definition eccvm_prover.hpp:27
bb::ECCVMProver::public_inputs
std::vector< FF > public_inputs
Definition eccvm_prover.hpp:72
bb::ECCVMProver::sumcheck_output
SumcheckOutput< Flavor > sumcheck_output
Definition eccvm_prover.hpp:84
bb::ECCVMProver::execute_log_derivative_commitments_round
BB_PROFILE void execute_log_derivative_commitments_round()
Compute sorted witness-table accumulator.
Definition eccvm_prover.cpp:90
bb::ECCVMProver::unmasked_witness_size
size_t unmasked_witness_size
Definition eccvm_prover.hpp:63
bb::ECCVMProver::ipa_transcript
std::shared_ptr< Transcript > ipa_transcript
Definition eccvm_prover.hpp:61
bb::ECCVMProver::transcript
std::shared_ptr< Transcript > transcript
Definition eccvm_prover.hpp:60
bb::ECCVMProver::export_proof
ECCVMProof export_proof()
Definition eccvm_prover.cpp:203
bb::ECCVMProver::NUM_OPENING_CLAIMS
static constexpr size_t NUM_OPENING_CLAIMS
Definition eccvm_prover.hpp:67
bb::ECCVMProver::commitment_labels
CommitmentLabels commitment_labels
Definition eccvm_prover.hpp:78
bb::ECCVMProver::translation_evaluations
TranslationEvaluations translation_evaluations
Definition eccvm_prover.hpp:70
bb::ECCVMProver::key
std::shared_ptr< ProvingKey > key
Definition eccvm_prover.hpp:76
bb::ECCVMProver::commit_to_witness_polynomial
void commit_to_witness_polynomial(Polynomial &polynomial, const std::string &label, CommitmentKey::CommitType commit_type=CommitmentKey::CommitType::Default, const std::vector< std::pair< size_t, size_t > > &active_ranges={})
Utility to mask and commit to a witness polynomial and send the commitment to verifier.
Definition eccvm_prover.cpp:342
bb::ECCVMProver::execute_preamble_round
BB_PROFILE void execute_preamble_round()
Fiat-Shamir the VK.
Definition eccvm_prover.cpp:42
bb::ECCVMProver::execute_wire_commitments_round
BB_PROFILE void execute_wire_commitments_round()
Compute commitments to the first three wires.
Definition eccvm_prover.cpp:57
bb::ECCVMProver::opening_claims
std::array< OpeningClaim, NUM_OPENING_CLAIMS > opening_claims
Definition eccvm_prover.hpp:68
bb::ECCVMProver::execute_grand_product_computation_round
BB_PROFILE void execute_grand_product_computation_round()
Compute permutation and lookup grand product polynomials and commitments.
Definition eccvm_prover.cpp:117
bb::ECCVMProver::execute_relation_check_rounds
BB_PROFILE void execute_relation_check_rounds()
Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all evaluations at u being calculated.
Definition eccvm_prover.cpp:128
bb::ECCVMProver::execute_pcs_rounds
BB_PROFILE void execute_pcs_rounds()
Produce a univariate opening claim for the sumcheck multivariate evalutions and a batched univariate ...
Definition eccvm_prover.cpp:161
bb::ECCVMProver::compute_translation_opening_claims
void compute_translation_opening_claims()
To link the ECCVM Transcript wires op, Px, Py, z1, and z2 to the accumulator computed by the translat...
Definition eccvm_prover.cpp:266
bb::ECCVMProver::relation_parameters
bb::RelationParameters< FF > relation_parameters
Definition eccvm_prover.hpp:74
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:95
bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:34
bb::SmallSubgroupIPAProver
A Curve-agnostic ZK protocol to prove inner products of small vectors.
Definition small_subgroup_ipa.hpp:69
BB_PROFILE
#define BB_PROFILE
Definition compiler_hints.hpp:14
builder
AluTraceBuilder builder
Definition alu.test.cpp:123
eccvm_flavor.hpp
grand_product_library.hpp
proof.hpp
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
relation_parameters.hpp
small_subgroup_ipa.hpp
bb::RelationParameters
Container for parameters used by the grand product (permutation, lookup) Honk relations.
Definition relation_parameters.hpp:19
bb::SumcheckOutput
Contains the evaluations of multilinear polynomials at the challenge point . These are computed by S...
Definition sumcheck_output.hpp:22
bb::TranslationEvaluations_< FF >
bb::ZKSumcheckData
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
Definition zk_sumcheck_data.hpp:22
sumcheck_output.hpp
translation_evaluations.hpp
zk_sumcheck_data.hpp