Barretenberg: src/barretenberg/dsl/acir_format/honk_recursion_constraint.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "honk_recursion_constraint.hpp"

#include "barretenberg/common/assert.hpp"

#include "barretenberg/constants.hpp"

#include "barretenberg/dsl/acir_format/mock_verifier_inputs.hpp"

#include "barretenberg/flavor/flavor.hpp"

#include "barretenberg/flavor/ultra_recursive_flavor.hpp"

#include "barretenberg/flavor/ultra_rollup_recursive_flavor.hpp"

#include "barretenberg/flavor/ultra_zk_recursive_flavor.hpp"

#include "barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.hpp"

#include "barretenberg/stdlib/primitives/bigfield/constants.hpp"

#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include "barretenberg/stdlib/primitives/pairing_points.hpp"

#include "barretenberg/stdlib/proof/proof.hpp"

#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"

#include "proof_surgeon.hpp"

#include "recursion_constraint.hpp"


#include <cstddef>


namespace acir_format {


using namespace bb;

using namespace bb::stdlib::recursion::honk;

template <typename Builder> using field_ct = stdlib::field_t<Builder>;

template <typename Builder> using bn254 = stdlib::bn254<Builder>;

template <typename Builder> using PairingPoints = bb::stdlib::recursion::PairingPoints<Builder>;


namespace {

template <typename Flavor>

void create_dummy_vkey_and_proof(typename Flavor::CircuitBuilder& builder,

                                 size_t proof_size,

                                 size_t public_inputs_size,

                                 const std::vector<field_ct<typename Flavor::CircuitBuilder>>& key_fields,

                                 const std::vector<field_ct<typename Flavor::CircuitBuilder>>& proof_fields)

    requires IsRecursiveFlavor<Flavor>

{

    using Builder = typename Flavor::CircuitBuilder;

    using NativeFlavor = typename Flavor::NativeFlavor;

    using IO = std::conditional_t<HasIPAAccumulator<Flavor>,

                                  stdlib::recursion::honk::RollupIO,

                                  stdlib::recursion::honk::DefaultIO<Builder>>;


    // Set vkey->circuit_size correctly based on the proof size

    BB_ASSERT_EQ(proof_size, NativeFlavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS());


    size_t num_inner_public_inputs = public_inputs_size - IO::PUBLIC_INPUTS_SIZE;

    uint32_t pub_inputs_offset = NativeFlavor::has_zero_row ? 1 : 0;


    // Generate mock honk vk

    auto honk_vk = create_mock_honk_vk<typename Flavor::NativeFlavor, IO>(

        1 << Flavor::VIRTUAL_LOG_N, pub_inputs_offset, num_inner_public_inputs);


    size_t offset = 0;


    // Set honk vk in builder

    for (auto& vk_element : honk_vk->to_field_elements()) {

        builder.set_variable(key_fields[offset].witness_index, vk_element);

        offset++;

    }


    // Generate dummy honk proof

    bb::HonkProof honk_proof = create_mock_honk_proof<typename Flavor::NativeFlavor, IO>(num_inner_public_inputs);


    offset = 0;

    // Set honk proof in builder

    for (auto& proof_element : honk_proof) {

        builder.set_variable(proof_fields[offset].witness_index, proof_element);

        offset++;

    }


    BB_ASSERT_EQ(offset, proof_size + public_inputs_size);

}

} // namespace


template <typename Flavor>


HonkRecursionConstraintOutput<typename Flavor::CircuitBuilder> create_honk_recursion_constraints(

    typename Flavor::CircuitBuilder& builder, const RecursionConstraint& input, bool has_valid_witness_assignments)

    requires(IsRecursiveFlavor<Flavor> && IsUltraHonk<typename Flavor::NativeFlavor>)

{

    using Builder = typename Flavor::CircuitBuilder;

    using RecursiveVerificationKey = Flavor::VerificationKey;

    using RecursiveVKAndHash = Flavor::VKAndHash;

    using RecursiveVerifier = bb::stdlib::recursion::honk::UltraRecursiveVerifier_<Flavor>;

    using IO = std::conditional_t<HasIPAAccumulator<Flavor>,

                                  stdlib::recursion::honk::RollupIO,

                                  stdlib::recursion::honk::DefaultIO<Builder>>;


    ASSERT(input.proof_type == HONK || input.proof_type == HONK_ZK || HasIPAAccumulator<Flavor>);

    BB_ASSERT_EQ(input.proof_type == ROLLUP_HONK || input.proof_type == ROOT_ROLLUP_HONK, HasIPAAccumulator<Flavor>);


    // Construct an in-circuit representation of the verification key.

    // For now, the v-key is a circuit constant and is fixed for the circuit.

    // (We may need a separate recursion opcode for this to vary, or add more config witnesses to this opcode)

    std::vector<field_ct<Builder>> key_fields = RecursionConstraint::fields_from_witnesses(builder, input.key);


    // Create circuit type for vkey hash.

    auto vk_hash = field_ct<Builder>::from_witness_index(&builder, input.key_hash);


    // Create witness indices for the proof with public inputs reinserted

    std::vector<uint32_t> proof_indices =

        ProofSurgeon<uint256_t>::create_indices_for_reconstructed_proof(input.proof, input.public_inputs);

    stdlib::Proof<Builder> proof_fields = RecursionConstraint::fields_from_witnesses(builder, proof_indices);


    // Populate the key fields and proof fields with dummy values to prevent issues (e.g. points must be on curve).

    if (!has_valid_witness_assignments) {

        // In the constraint, the agg object public inputs are still contained in the proof. To get the 'raw' size of

        // the proof and public_inputs we subtract and add the corresponding amount from the respective sizes.

        size_t size_of_proof_with_no_pub_inputs = input.proof.size() - IO::PUBLIC_INPUTS_SIZE;

        size_t total_num_public_inputs = input.public_inputs.size() + IO::PUBLIC_INPUTS_SIZE;


        create_dummy_vkey_and_proof<Flavor>(

            builder, size_of_proof_with_no_pub_inputs, total_num_public_inputs, key_fields, proof_fields);

    }


    // Recursively verify the proof

    auto vkey = std::make_shared<RecursiveVerificationKey>(builder, key_fields);

    auto vk_and_hash = std::make_shared<RecursiveVKAndHash>(vkey, vk_hash);

    RecursiveVerifier verifier(&builder, vk_and_hash);

    UltraRecursiveVerifierOutput<Builder> verifier_output = verifier.template verify_proof<IO>(proof_fields);

    // TODO(https://github.com/AztecProtocol/barretenberg/issues/996): investigate whether assert_equal on public inputs

    // is important, like what the plonk recursion constraint does.

    return verifier_output;

}


template HonkRecursionConstraintOutput<UltraCircuitBuilder> create_honk_recursion_constraints<

    UltraRecursiveFlavor_<UltraCircuitBuilder>>(UltraCircuitBuilder& builder,

                                                const RecursionConstraint& input,

                                                bool has_valid_witness_assignments);


template HonkRecursionConstraintOutput<UltraCircuitBuilder> create_honk_recursion_constraints<

    UltraRollupRecursiveFlavor_<UltraCircuitBuilder>>(UltraCircuitBuilder& builder,

                                                      const RecursionConstraint& input,

                                                      bool has_valid_witness_assignments);


template HonkRecursionConstraintOutput<MegaCircuitBuilder> create_honk_recursion_constraints<

    UltraRecursiveFlavor_<MegaCircuitBuilder>>(MegaCircuitBuilder& builder,

                                               const RecursionConstraint& input,

                                               bool has_valid_witness_assignments);


template HonkRecursionConstraintOutput<MegaCircuitBuilder> create_honk_recursion_constraints<

    UltraZKRecursiveFlavor_<MegaCircuitBuilder>>(MegaCircuitBuilder& builder,

                                                 const RecursionConstraint& input,

                                                 bool has_valid_witness_assignments);


template HonkRecursionConstraintOutput<UltraCircuitBuilder> create_honk_recursion_constraints<

    UltraZKRecursiveFlavor_<UltraCircuitBuilder>>(UltraCircuitBuilder& builder,

                                                  const RecursionConstraint& input,

                                                  bool has_valid_witness_assignments);


} // namespace acir_format

assert.hpp

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:59

ASSERT
#define ASSERT(expression,...)
Definition assert.hpp:49

circuit_builders_fwd.hpp

acir_format::ProofSurgeon::create_indices_for_reconstructed_proof
static std::vector< uint32_t > create_indices_for_reconstructed_proof(const std::vector< uint32_t > &proof_in, const std::vector< uint32_t > &public_inputs)
Reconstruct a bberg style proof from a acir style proof + public inputs.
Definition proof_surgeon.hpp:34

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:17

bb::MegaFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witness) poly...
Definition mega_flavor.hpp:440

bb::MegaFlavor::CircuitBuilder
MegaCircuitBuilder CircuitBuilder
Definition mega_flavor.hpp:35

bb::MegaFlavor::VIRTUAL_LOG_N
static constexpr size_t VIRTUAL_LOG_N
Definition mega_flavor.hpp:49

bb::PairingPoints
An object storing two bn254 points that represent the inputs to a pairing check.
Definition pairing_points.hpp:23

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:42

bb::UltraRecursiveFlavor_
The recursive counterpart to the "native" Ultra flavor.
Definition ultra_recursive_flavor.hpp:51

bb::UltraRollupRecursiveFlavor_
The recursive counterpart to the "native" UltraRollupFlavor.
Definition ultra_rollup_recursive_flavor.hpp:39

bb::UltraZKRecursiveFlavor_
The recursive counterpart to the Ultra flavor with ZK.
Definition ultra_zk_recursive_flavor.hpp:52

bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19

bb::stdlib::field_t< Builder >

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:59

bb::stdlib::recursion::honk::DefaultIO
Manages the data that is propagated on the public inputs of an application/function circuit.
Definition special_public_inputs.hpp:142

bb::stdlib::recursion::honk::RollupIO
The data that is propagated on the public inputs of a rollup circuit.
Definition special_public_inputs.hpp:322

bb::stdlib::recursion::honk::UltraRecursiveVerifier_
Definition ultra_recursive_verifier.hpp:53

constants.hpp

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

offset
ssize_t offset
Definition engine.cpp:36

flavor.hpp
Base class templates for structures that contain data parameterized by the fundamental polynomials of...

honk_recursion_constraint.hpp

mock_verifier_inputs.hpp

acir_format
Definition acir_format.cpp:34

acir_format::HONK_ZK
@ HONK_ZK
Definition recursion_constraint.hpp:19

acir_format::ROOT_ROLLUP_HONK
@ ROOT_ROLLUP_HONK
Definition recursion_constraint.hpp:19

acir_format::HONK
@ HONK
Definition recursion_constraint.hpp:19

acir_format::ROLLUP_HONK
@ ROLLUP_HONK
Definition recursion_constraint.hpp:19

acir_format::create_dummy_vkey_and_proof
void create_dummy_vkey_and_proof(Builder &builder, size_t proof_size, size_t public_inputs_size, const std::vector< field_ct > &key_fields, const std::vector< field_ct > &proof_fields)
Creates a dummy vkey and proof object.
Definition civc_recursion_constraints.cpp:36

acir_format::create_honk_recursion_constraints
HonkRecursionConstraintOutput< typename Flavor::CircuitBuilder > create_honk_recursion_constraints(typename Flavor::CircuitBuilder &builder, const RecursionConstraint &input, bool has_valid_witness_assignments)
Add constraints required to recursively verify an UltraHonk proof.
Definition honk_recursion_constraint.cpp:104

bb::stdlib::recursion::honk
Definition graph_description_goblin.test.cpp:13

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

proof_surgeon.hpp

recursion_constraint.hpp

constants.hpp

bn254.hpp

pairing_points.hpp

proof.hpp

special_public_inputs.hpp

acir_format::RecursionConstraint
RecursionConstraint struct contains information required to recursively verify a proof!
Definition recursion_constraint.hpp:57

acir_format::RecursionConstraint::fields_from_witnesses
static std::vector< bb::stdlib::field_t< Builder > > fields_from_witnesses(Builder &builder, const std::vector< uint32_t > &witness_indices)
Definition recursion_constraint.hpp:67

bb::stdlib::bn254
Definition bn254.hpp:15

bb::stdlib::recursion::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:24

bb::stdlib::recursion::honk::UltraRecursiveVerifierOutput
Definition ultra_recursive_verifier.hpp:23

ultra_recursive_flavor.hpp

ultra_recursive_verifier.hpp

ultra_rollup_recursive_flavor.hpp

ultra_zk_recursive_flavor.hpp