Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
mock_witness_generator.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "barretenberg/commitment_schemes/commitment_key.hpp"
10#include "barretenberg/commitment_schemes/gemini/gemini.hpp"
11#include "barretenberg/commitment_schemes/shplonk/shplemini.hpp"
12#include "barretenberg/commitment_schemes/utils/test_utils.hpp"
13#include "barretenberg/ecc/curves/bn254/bn254.hpp"
14#include "barretenberg/polynomials/polynomial.hpp"
15#include "barretenberg/transcript/transcript.hpp"
16
17namespace bb {
23template <typename Curve> struct MockClaimGenerator {
24 public:
25 using CommitmentKey = bb::CommitmentKey<Curve>;
26 using Fr = typename Curve::ScalarField;
27 using Commitment = typename Curve::AffineElement;
28 using Polynomial = bb::Polynomial<Fr>;
29 using PolynomialBatcher = bb::GeminiProver_<Curve>::PolynomialBatcher;
30 using ClaimBatcher = ClaimBatcher_<Curve>;
31 using ClaimBatch = ClaimBatcher::Batch;
32 using InterleavedBatch = ClaimBatcher::InterleavedBatch;
33
34 CommitmentKey ck;
35
36 struct ClaimData {
37 std::vector<Polynomial> polys;
38 std::vector<Commitment> commitments;
39 std::vector<Fr> evals;
40 };
41
42 ClaimData unshifted;
43 ClaimData to_be_shifted;
44 ClaimData to_be_right_shifted_by_k;
45
46 std::vector<Fr> const_size_mle_opening_point;
47
48 PolynomialBatcher polynomial_batcher;
49 ClaimBatcher claim_batcher;
50
51 // Containers for mock Sumcheck data
52 std::vector<bb::Polynomial<Fr>> round_univariates;
53 std::vector<Commitment> sumcheck_commitments;
54 std::vector<std::array<Fr, 3>> sumcheck_evaluations;
55
62 InterleaveData interleave_data;
63
64 static constexpr size_t k_magnitude = 6; // mock shift magnitude for right-shift-by-k (assumed even)
65
77 MockClaimGenerator(const size_t poly_size,
78 const size_t num_polynomials,
79 const size_t num_to_be_shifted,
80 const size_t num_to_be_right_shifted_by_k,
81 const std::vector<Fr>& mle_opening_point,
82 const CommitmentKey& commitment_key,
83 size_t num_interleaved = 0,
84 size_t num_to_be_interleaved = 0)
85
86 : ck(commitment_key) // Initialize the commitment key
87 , polynomial_batcher(poly_size)
88
89 {
90 size_t log_size = numeric::get_msb(poly_size);
91 // If the size of the opening point is bigger than the log of the poly size, we assume that the prover is
92 // extending all of its polynomials by zero outside of the hypercube of size 2^{log_size}.
93 bool has_virtual_rounds = (mle_opening_point.size() > log_size);
94
95 std::span<const Fr> challenge;
96
97 if (has_virtual_rounds) {
98 // The evaluation on the full domain can be obtain by scaling by extension-by-zero factor `ebz_factor`
99 // computed below.
100 challenge = std::span<const Fr>(mle_opening_point).subspan(0, log_size);
101 } else {
102 challenge = std::span<const Fr>(mle_opening_point);
103 }
104
105 const size_t total_num_to_be_shifted = num_to_be_shifted + num_to_be_right_shifted_by_k;
106 BB_ASSERT_GTE(num_polynomials, total_num_to_be_shifted);
107 const size_t num_not_to_be_shifted = num_polynomials - total_num_to_be_shifted;
108
109 Fr ebz_factor = 1;
110
111 for (size_t idx = log_size; idx < mle_opening_point.size(); idx++) {
112 ebz_factor *= (Fr(1) - mle_opening_point[idx]);
113 }
114
115 // Construct claim data for polynomials that are NOT to be shifted
116 for (size_t idx = 0; idx < num_not_to_be_shifted; idx++) {
117 Polynomial poly = Polynomial::random(poly_size);
118 unshifted.commitments.push_back(ck.commit(poly));
119 unshifted.evals.push_back(poly.evaluate_mle(challenge) * ebz_factor);
120 unshifted.polys.push_back(std::move(poly));
121 }
122
123 // Construct claim data for polynomials that are to-be-shifted
124 for (size_t idx = 0; idx < num_to_be_shifted; idx++) {
125 Polynomial poly = Polynomial::random(poly_size, /*shiftable*/ 1);
126 Commitment commitment = ck.commit(poly);
127 to_be_shifted.commitments.push_back(commitment);
128 to_be_shifted.evals.push_back(poly.shifted().evaluate_mle(challenge) * ebz_factor);
129 to_be_shifted.polys.push_back(poly.share());
130 // Populate the unshifted counterpart in the unshifted claims
131 unshifted.commitments.push_back(commitment);
132 unshifted.evals.push_back(poly.evaluate_mle(challenge) * ebz_factor);
133 unshifted.polys.push_back(std::move(poly));
134 }
135
136 // Construct claim data for polynomials that are to-be-right-shifted-by-k
137 for (size_t idx = 0; idx < num_to_be_right_shifted_by_k; idx++) {
138 Polynomial poly = Polynomial::random(poly_size - k_magnitude, poly_size, 0);
139 Commitment commitment = ck.commit(poly);
140 to_be_right_shifted_by_k.commitments.push_back(commitment);
141 to_be_right_shifted_by_k.evals.push_back(poly.right_shifted(k_magnitude).evaluate_mle(challenge) *
142 ebz_factor);
143 to_be_right_shifted_by_k.polys.push_back(poly.share());
144 // Populate the unshifted counterpart in the unshifted claims
145 unshifted.commitments.push_back(commitment);
146 unshifted.evals.push_back(poly.evaluate_mle(challenge) * ebz_factor);
147 unshifted.polys.push_back(std::move(poly));
148 }
149
150 polynomial_batcher.set_unshifted(RefVector(unshifted.polys));
151 polynomial_batcher.set_to_be_shifted_by_one(RefVector(to_be_shifted.polys));
152 polynomial_batcher.set_to_be_shifted_by_k(RefVector(to_be_right_shifted_by_k.polys), k_magnitude);
153
154 claim_batcher =
155 ClaimBatcher{ .unshifted = ClaimBatch{ RefVector(unshifted.commitments), RefVector(unshifted.evals) },
156 .shifted = ClaimBatch{ RefVector(to_be_shifted.commitments), RefVector(to_be_shifted.evals) },
157 .right_shifted_by_k = ClaimBatch{ RefVector(to_be_right_shifted_by_k.commitments),
158 RefVector(to_be_right_shifted_by_k.evals) },
159 .k_shift_magnitude = k_magnitude };
160 if (num_interleaved > 0) {
161 interleave_data =
162 generate_interleaving_inputs(mle_opening_point, num_interleaved, num_to_be_interleaved, ck);
163 polynomial_batcher.set_interleaved(RefVector(interleave_data.polys),
164 to_vector_of_ref_vectors(interleave_data.groups));
165
166 claim_batcher.interleaved =
167 InterleavedBatch{ .commitments_groups = to_vector_of_ref_vectors(interleave_data.group_commitments),
168 .evaluations = RefVector(interleave_data.evaluations) };
169 }
170 }
171
172 // Generate zero polynomials to test edge cases in PCS
173 MockClaimGenerator(const size_t n, const size_t num_zero_polynomials)
174 : polynomial_batcher(n)
175 {
176 for (size_t idx = 0; idx < num_zero_polynomials; idx++) {
177 unshifted.polys.emplace_back(n);
178 unshifted.commitments.push_back(Commitment::infinity());
179 unshifted.evals.push_back(Fr(0));
180 }
181
182 polynomial_batcher.set_unshifted(RefVector(unshifted.polys));
183
184 claim_batcher =
185 ClaimBatcher{ .unshifted = ClaimBatch{ RefVector(unshifted.commitments), RefVector(unshifted.evals) } };
186 }
187
188 InterleaveData generate_interleaving_inputs(const std::vector<Fr>& u_challenge,
189 const size_t num_interleaved,
190 const size_t group_size,
191 const CommitmentKey& ck)
192 {
193
194 size_t N = 1 << u_challenge.size();
195 size_t MINI_CIRCUIT_N = N / group_size; // size of chunks
196
197 // Polynomials "chunks" that are interleaved in the PCS
198 std::vector<std::vector<Polynomial>> groups;
199
200 // Concatenated polynomials
201 std::vector<Polynomial> interleaved_polynomials;
202
203 // Evaluations of interleaved polynomials
204 std::vector<Fr> c_evaluations;
205
206 // For each polynomial to be interleaved
207 for (size_t i = 0; i < num_interleaved; ++i) {
208 std::vector<Polynomial> group;
209 Polynomial interleaved_polynomial(N);
210 for (size_t j = 0; j < group_size; j++) {
211 Polynomial chunk_polynomial(N);
212 // Fill the chunk polynomial with random values and appropriately fill the space in
213 // interleaved_polynomial
214 for (size_t k = 0; k < MINI_CIRCUIT_N; k++) {
215 // Chunks should be shiftable
216 auto tmp = Fr(0);
217 if (k > 0) {
218 tmp = Fr::random_element();
219 }
220 chunk_polynomial.at(k) = tmp;
221 interleaved_polynomial.at(k * group_size + j) = tmp;
222 }
223 group.emplace_back(chunk_polynomial);
224 }
225 // Store chunks
226 groups.emplace_back(group);
227 // Store interleaved polynomial
228 interleaved_polynomials.emplace_back(interleaved_polynomial);
229 // Get evaluation
230 c_evaluations.emplace_back(interleaved_polynomial.evaluate_mle(u_challenge));
231 }
232
233 // Compute commitments of all polynomial chunks
234 std::vector<std::vector<Commitment>> groups_commitments;
235 for (size_t i = 0; i < num_interleaved; ++i) {
236 std::vector<Commitment> group_commitment;
237 for (size_t j = 0; j < group_size; j++) {
238 group_commitment.emplace_back(ck.commit(groups[i][j]));
239 }
240 groups_commitments.emplace_back(group_commitment);
241 }
242
243 return { groups, interleaved_polynomials, c_evaluations, groups_commitments };
244 }
245
246 template <typename Flavor>
247 void compute_sumcheck_opening_data(const size_t log_n,
248 const size_t sumcheck_univariate_length,
249 std::vector<Fr>& challenge,
250 const CommitmentKey& ck)
251 {
252 // Generate valid sumcheck polynomials of given length
253 auto mock_sumcheck_polynomials = ZKSumcheckData<Flavor>(log_n, sumcheck_univariate_length);
254
255 for (size_t idx = 0; idx < log_n; idx++) {
256 bb::Polynomial<Fr> round_univariate = mock_sumcheck_polynomials.libra_univariates[idx];
257
258 round_univariate.at(0) += mock_sumcheck_polynomials.libra_running_sum;
259
260 sumcheck_commitments.push_back(ck.commit(round_univariate));
261
262 sumcheck_evaluations.push_back({ round_univariate.at(0),
263 round_univariate.evaluate(Fr(1)),
264 round_univariate.evaluate(challenge[idx]) });
265
266 mock_sumcheck_polynomials.update_zk_sumcheck_data(challenge[idx], idx);
267 round_univariates.push_back(round_univariate);
268 }
269 }
270};
271
272} // namespace bb
BB_ASSERT_GTE
#define BB_ASSERT_GTE(left, right,...)
Definition assert.hpp:101
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:40
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:87
bb::GeminiProver_::PolynomialBatcher
Class responsible for computation of the batched multilinear polynomials required by the Gemini proto...
Definition gemini.hpp:123
bb::GeminiProver_::PolynomialBatcher::set_to_be_shifted_by_one
void set_to_be_shifted_by_one(RefVector< Polynomial > polynomials)
Definition gemini.hpp:161
bb::GeminiProver_::PolynomialBatcher::set_interleaved
void set_interleaved(RefVector< Polynomial > results, std::vector< RefVector< Polynomial > > groups)
Definition gemini.hpp:177
bb::GeminiProver_::PolynomialBatcher::set_to_be_shifted_by_k
void set_to_be_shifted_by_k(RefVector< Polynomial > polynomials, const size_t shift_magnitude)
Definition gemini.hpp:162
bb::GeminiProver_::PolynomialBatcher::set_unshifted
void set_unshifted(RefVector< Polynomial > polynomials)
Definition gemini.hpp:160
bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:74
bb::Polynomial::shifted
Polynomial shifted() const
Returns a Polynomial the left-shift of self.
Definition polynomial.cpp:351
bb::Polynomial::random
static Polynomial random(size_t size, size_t start_index=0)
Definition polynomial.hpp:312
bb::Polynomial::evaluate
Fr evaluate(const Fr &z, size_t target_size) const
Definition polynomial.cpp:190
bb::Polynomial::evaluate_mle
Fr evaluate_mle(std::span< const Fr > evaluation_points, bool shift=false) const
evaluate multi-linear extension p(X_0,…,X_{n-1}) = \sum_i a_i*L_i(X_0,…,X_{n-1}) at u = (u_0,...
Definition polynomial.cpp:202
bb::Polynomial::share
Polynomial share() const
Definition polynomial.cpp:145
bb::Polynomial::right_shifted
Polynomial right_shifted(const size_t magnitude) const
Returns a Polynomial equal to the right-shift-by-magnitude of self.
Definition polynomial.cpp:361
bb::Polynomial::at
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
Definition polynomial.hpp:306
bb::RefVector
A template class for a reference vector. Behaves as if std::vector<T&> was possible.
Definition ref_vector.hpp:23
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:56
bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:36
commitment_key.hpp
bb::numeric::get_msb
constexpr T get_msb(const T in)
Definition get_msb.hpp:47
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::ClaimBatcher_::Batch
Definition claim_batcher.hpp:31
bb::ClaimBatcher_::InterleavedBatch
Definition claim_batcher.hpp:37
bb::ClaimBatcher_::InterleavedBatch::commitments_groups
std::vector< RefVector< Commitment > > commitments_groups
Definition claim_batcher.hpp:38
bb::ClaimBatcher_
Logic to support batching opening claims for unshifted and shifted polynomials in Shplemini.
Definition claim_batcher.hpp:27
bb::ClaimBatcher_::unshifted
std::optional< Batch > unshifted
Definition claim_batcher.hpp:45
bb::ClaimBatcher_::interleaved
std::optional< InterleavedBatch > interleaved
Definition claim_batcher.hpp:48
bb::MockClaimGenerator::InterleaveData::groups
std::vector< std::vector< Polynomial > > groups
Definition mock_witness_generator.hpp:57
bb::MockClaimGenerator::InterleaveData::group_commitments
std::vector< std::vector< Commitment > > group_commitments
Definition mock_witness_generator.hpp:60
bb::MockClaimGenerator
Constructs random polynomials, computes commitments and corresponding evaluations.
Definition mock_witness_generator.hpp:23
bb::MockClaimGenerator::MockClaimGenerator
MockClaimGenerator(const size_t poly_size, const size_t num_polynomials, const size_t num_to_be_shifted, const size_t num_to_be_right_shifted_by_k, const std::vector< Fr > &mle_opening_point, const CommitmentKey &commitment_key, size_t num_interleaved=0, size_t num_to_be_interleaved=0)
Construct claim data for a set of random polynomials with the specified type.
Definition mock_witness_generator.hpp:77
bb::MockClaimGenerator::round_univariates
std::vector< bb::Polynomial< Fr > > round_univariates
Definition mock_witness_generator.hpp:52
bb::MockClaimGenerator::const_size_mle_opening_point
std::vector< Fr > const_size_mle_opening_point
Definition mock_witness_generator.hpp:46
bb::MockClaimGenerator::sumcheck_commitments
std::vector< Commitment > sumcheck_commitments
Definition mock_witness_generator.hpp:53
bb::MockClaimGenerator::sumcheck_evaluations
std::vector< std::array< Fr, 3 > > sumcheck_evaluations
Definition mock_witness_generator.hpp:54
bb::MockClaimGenerator::Commitment
typename Curve::AffineElement Commitment
Definition mock_witness_generator.hpp:27
bb::MockClaimGenerator::generate_interleaving_inputs
InterleaveData generate_interleaving_inputs(const std::vector< Fr > &u_challenge, const size_t num_interleaved, const size_t group_size, const CommitmentKey &ck)
Definition mock_witness_generator.hpp:188
bb::MockClaimGenerator::Fr
typename Curve::ScalarField Fr
Definition mock_witness_generator.hpp:26
bb::MockClaimGenerator::k_magnitude
static constexpr size_t k_magnitude
Definition mock_witness_generator.hpp:64
bb::MockClaimGenerator::MockClaimGenerator
MockClaimGenerator(const size_t n, const size_t num_zero_polynomials)
Definition mock_witness_generator.hpp:173
bb::MockClaimGenerator::compute_sumcheck_opening_data
void compute_sumcheck_opening_data(const size_t log_n, const size_t sumcheck_univariate_length, std::vector< Fr > &challenge, const CommitmentKey &ck)
Definition mock_witness_generator.hpp:247
bb::ZKSumcheckData
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
Definition zk_sumcheck_data.hpp:22
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665
test_utils.hpp