Barretenberg: src/barretenberg/eccvm/eccvm_trace_checker.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "eccvm_trace_checker.hpp"

#include "barretenberg/eccvm/eccvm_flavor.hpp"

#include "barretenberg/honk/library/grand_product_library.hpp"


using namespace bb;


using Flavor = ECCVMFlavor;

using Builder = typename ECCVMFlavor::CircuitBuilder;

using FF = typename ECCVMFlavor::FF;

using ProverPolynomials = typename ECCVMFlavor::ProverPolynomials;


bool ECCVMTraceChecker::check(Builder& builder,

                              numeric::RNG* engine_ptr

#ifdef FUZZING

                              ,

                              bool disable_fixed_dyadic_trace_size

#endif

)

{

    const FF gamma = FF::random_element(engine_ptr);

    const FF beta = FF::random_element(engine_ptr);

    const FF beta_sqr = beta.sqr();

    const FF beta_cube = beta_sqr * beta;

    auto eccvm_set_permutation_delta =

        gamma * (gamma + beta_sqr) * (gamma + beta_sqr + beta_sqr) * (gamma + beta_sqr + beta_sqr + beta_sqr);

    eccvm_set_permutation_delta = eccvm_set_permutation_delta.invert();

    bb::RelationParameters<typename Flavor::FF> params{

        .eta = 0,

        .beta = beta,

        .gamma = gamma,

        .public_input_delta = 0,

        .beta_sqr = beta_sqr,

        .beta_cube = beta_cube,

        .eccvm_set_permutation_delta = eccvm_set_permutation_delta,

    };


#ifdef FUZZING

    ProverPolynomials polynomials(builder, disable_fixed_dyadic_trace_size);

#else

    ProverPolynomials polynomials(builder);

#endif

    const size_t num_rows = polynomials.get_polynomial_size();

    const size_t unmasked_witness_size = num_rows - NUM_DISABLED_ROWS_IN_SUMCHECK;

    compute_logderivative_inverse<FF, ECCVMLookupRelation<FF>>(polynomials, params, unmasked_witness_size);

    compute_grand_product<Flavor, ECCVMSetRelation<FF>>(polynomials, params, unmasked_witness_size);


    polynomials.z_perm_shift = Polynomial(polynomials.z_perm.shifted());


    const auto evaluate_relation = [&]<typename Relation>(const std::string& relation_name) {

        typename Relation::SumcheckArrayOfValuesOverSubrelations result;

        for (auto& r : result) {

            r = 0;

        }

        constexpr size_t NUM_SUBRELATIONS = result.size();


        for (size_t i = 0; i < num_rows; ++i) {

            auto row = polynomials.get_row(i);

#ifdef FUZZING

            // Check if the relation is skippable and should be skipped (only in fuzzing builds)

            if constexpr (isSkippable<Relation, decltype(row)>) {

                // Only accumulate if the relation should not be skipped

                if (!Relation::skip(row)) {

                    Relation::accumulate(result, row, params, 1);

                }

            } else {

                // If not skippable, always accumulate

                Relation::accumulate(result, row, params, 1);

            }

#else

            // In non-fuzzing builds, always accumulate for maximum security

            Relation::accumulate(result, row, params, 1);

#endif


            bool x = true;

            for (size_t j = 0; j < NUM_SUBRELATIONS; ++j) {

                if (result[j] != 0) {

                    info("Relation ", relation_name, ", subrelation index ", j, " failed at row ", i);

                    x = false;

                }

            }

            if (!x) {

                return false;

            }

        }

        return true;

    };


    bool result = true;

    result = result && evaluate_relation.template operator()<ECCVMTranscriptRelation<FF>>("ECCVMTranscriptRelation");

    result = result && evaluate_relation.template operator()<ECCVMPointTableRelation<FF>>("ECCVMPointTableRelation");

    result = result && evaluate_relation.template operator()<ECCVMWnafRelation<FF>>("ECCVMWnafRelation");

    result = result && evaluate_relation.template operator()<ECCVMMSMRelation<FF>>("ECCVMMSMRelation");

    result = result && evaluate_relation.template operator()<ECCVMSetRelation<FF>>("ECCVMSetRelation");

    result = result && evaluate_relation.template operator()<ECCVMBoolsRelation<FF>>("ECCVMBoolsRelation");


    using LookupRelation = ECCVMLookupRelation<FF>;

    typename ECCVMLookupRelation<typename Flavor::FF>::SumcheckArrayOfValuesOverSubrelations lookup_result;

    for (auto& r : lookup_result) {

        r = 0;

    }

    for (size_t i = 0; i < num_rows; ++i) {

        LookupRelation::accumulate(lookup_result, polynomials.get_row(i), params, 1);

    }

    for (auto r : lookup_result) {

        if (r != 0) {

            info("Relation ECCVMLookupRelation failed.");

            return false;

        }

    }

    return result;

}


bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::ECCVMFlavor::ProverPolynomials
A container for the prover polynomials.
Definition eccvm_flavor.hpp:437

bb::ECCVMFlavor
Definition eccvm_flavor.hpp:34

bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:41

bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:36

bb::ECCVMTraceChecker::check
static bool check(ECCVMCircuitBuilder &, numeric::RNG *engine_ptr=nullptr)
Definition eccvm_trace_checker.cpp:18

bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:74

bb::Relation
A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribu...
Definition relation_types.hpp:153

bb::Relation::SumcheckArrayOfValuesOverSubrelations
ArrayOfValues< FF, RelationImpl::SUBRELATION_PARTIAL_LENGTHS > SumcheckArrayOfValuesOverSubrelations
Definition relation_types.hpp:178

bb::numeric::RNG
Definition engine.hpp:17

info
void info(Args... args)
Definition log.hpp:70

bb::isSkippable
The templates defined herein facilitate sharing the relation arithmetic between the prover and the ve...
Definition relation_types.hpp:127

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

eccvm_flavor.hpp

ProverPolynomials
typename ECCVMFlavor::ProverPolynomials ProverPolynomials
Definition eccvm_trace_checker.cpp:16

eccvm_trace_checker.hpp

grand_product_library.hpp

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::FF
typename Flavor::FF FF
Definition protogalaxy.bench.cpp:16

bb::RelationParameters
Container for parameters used by the grand product (permutation, lookup) Honk relations.
Definition relation_parameters.hpp:19

bb::RelationParameters::eta
T eta
Definition relation_parameters.hpp:26