- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
Entry point for Barretenberg command-line interface. More...
Namespaces | |
| namespace | acir_bincode_mocks |
| namespace | avm2 |
| namespace | bbapi |
| namespace | benchmark |
| namespace | crypto |
| namespace | curve |
| namespace | detail |
| namespace | eccvm |
| namespace | field_conversion |
| namespace | field_conversion_tests |
| namespace | gemini |
| Prover output (evalutation pair, witness) that can be passed on to Shplonk batch opening. | |
| namespace | group_elements |
| namespace | grumpkin |
| namespace | lmdblib |
| namespace | merkle |
| namespace | messaging |
| namespace | mock_circuits |
| namespace | nodejs |
| namespace | numeric |
| namespace | pairing |
| namespace | plookup |
| namespace | polynomial_arithmetic |
| namespace | proving_key_inspector |
| namespace | scalar_multiplication |
| namespace | secp256k1 |
| namespace | secp256r1 |
| namespace | srs |
| namespace | starknet |
| namespace | stdlib |
| namespace | thread_heuristics |
| namespace | transform |
| namespace | utils |
| namespace | wnaf |
| namespace | world_state |
Classes | |
| struct | accumulator_triple_ |
| struct | ActiveRegionData |
| struct | add_quad_ |
| struct | add_triple_ |
| class | API |
| class | BarycentricDataCompileTime |
| class | BarycentricDataRunTime |
| class | BaseTranscript |
| Common transcript class for both parties. Stores the data for the current round, as well as the manifest. More... | |
| class | BatchedAffineAddition |
| Class for handling fast batched affine addition of large sets of EC points. More... | |
| class | BatchedAffineAdditionTests |
| struct | BatchOpeningClaim |
| An accumulator consisting of the Shplonk evaluation challenge and vectors of commitments and scalars. More... | |
| struct | Bn254Fq12Params |
| struct | Bn254Fq2Params |
| struct | Bn254Fq6Params |
| class | Bn254FqParams |
| class | Bn254FrParams |
| struct | Bn254G1Params |
| struct | Bn254G2Params |
| class | BN254Settings |
| Mock Flavors to use ZKSumcheckData and SmallSubgroupIPAProver in the PCS tests. More... | |
| struct | BusVector |
| A DataBus column. More... | |
| class | CircuitBuilderBase |
| class | CircuitChecker |
| The unified interface for check circuit functionality implemented in the specialized CircuitChecker classes. More... | |
| struct | CircuitSchemaInternal |
| Serialized state of a circuit. More... | |
| struct | ClaimBatcher_ |
| Logic to support batching opening claims for unshifted and shifted polynomials in Shplemini. More... | |
| class | ClientIVC |
| The IVC scheme used by the aztec client for private function execution. More... | |
| class | ClientIVCAPI |
| class | CommitmentKey |
| CommitmentKey object over a pairing group 𝔾₁. More... | |
| class | CommitmentKeyTest |
| class | CommitmentTest |
| class | ContainerSlabAllocator |
| struct | cycle_node |
| cycle_node represents the idx of a value of the circuit. It will belong to a CyclicPermutation, such that all nodes in a CyclicPermutation must have the value. The total number of constraints is always <2^32 since that is the type used to represent variables, so we can save space by using a type smaller than size_t. More... | |
| struct | databus_lookup_gate_ |
| class | DatabusLookupRelationImpl |
| Log-derivative lookup argument relation for establishing DataBus reads. More... | |
| class | DeciderProver_ |
| class | DeciderProvingKey_ |
| A DeciderProvingKey is normally constructed from a finalized circuit and it contains all the information required by an Mega Honk prover to create a proof. A DeciderProvingKey is also the result of running the Protogalaxy prover, in which case it becomes a relaxed counterpart with the folding parameters (target sum and gate challenges set to non-zero values). More... | |
| struct | DeciderProvingKeys_ |
| class | DeciderVerificationKey_ |
| The DeciderVerificationKey encapsulates all the necessary information for a Mega Honk Verifier to verify a proof (sumcheck + Shplemini). In the context of folding, this is returned by the Protogalaxy verifier with non-zero target sum and gate challenges. More... | |
| struct | DeciderVerificationKeys_ |
| class | DeciderVerifier_ |
| class | DefaultIO |
| Manages the data that is propagated on the public inputs of an application/function circuit. More... | |
| class | DeltaRangeConstraintRelationImpl |
| struct | ecc_add_gate_ |
| struct | ecc_dbl_gate_ |
| struct | ecc_op_tuple |
| struct | EccOpCode |
| Defines the opcodes for ECC operations used in both the Ultra and ECCVM formats. There are three opcodes that are reflected in both ultra ops and eccvm table and so, that lead to actual operations in the ECCVM : More... | |
| class | ECCOpQueue |
| Used to construct execution trace representations of elliptic curve operations. More... | |
| class | EccOpQueueRelationImpl |
| class | EccOpsTable |
| A table of ECC operations. More... | |
| class | EccRelationsConsistency |
| class | ECCVMBoolsRelationImpl |
| ECCVMBoolsRelationImpl evaluates the correctness of ECCVM boolean checks. More... | |
| class | ECCVMCircuitBuilder |
| class | ECCVMFixedVKCommitments |
| Stores the fixed ECCVM VK commitments (to precomputed polynomials) that depend only on the circuit size constant ECCVM_FIXED_SIZE. More... | |
| class | ECCVMFlavor |
| class | ECCVMLookupRelationImpl |
| class | ECCVMMSMMBuilder |
| class | ECCVMMSMRelationImpl |
| MSM relations that evaluate the Strauss multiscalar multiplication algorithm. More... | |
| struct | ECCVMOperation |
| class | ECCVMPointTablePrecomputationBuilder |
| class | ECCVMPointTableRelationImpl |
| ECCVMPointTableRelationImpl. More... | |
| struct | ECCVMProof |
| class | ECCVMProver |
| class | ECCVMRecursiveFlavor |
| class | ECCVMRecursiveTests |
| class | ECCVMRecursiveVerifier |
| class | EccvmRowTracker |
| Class for tracking the number of rows in the ECCVM circuit and the number of muls performed as the op queue is populated. More... | |
| class | ECCVMSetRelationImpl |
| class | ECCVMTraceChecker |
| class | ECCVMTranscriptBuilder |
| class | ECCVMTranscriptRelationImpl |
| ECCVMTranscriptRelationImpl evaluates the correctness of the ECCVM transcript columns. More... | |
| class | ECCVMVerifier |
| class | ECCVMWnafRelationImpl |
| ECCVMWnafRelationImpl evaluates relations that convert scalar multipliers into 4-bit WNAF slices. More... | |
| class | EcdsaCircuit |
| class | EllipticRelationImpl |
| class | EvaluationDomain |
| class | ExecutionTraceBlock |
| Basic structure for storing gate data in a builder. More... | |
| struct | ExecutionTraceUsageTracker |
| Tracks the cumulative usage of the execution trace across a series of circuits. More... | |
| struct | field |
| General class for prime fields see Prime field documentation["field documentation"] for general implementation reference. More... | |
| class | field12 |
| struct | field2 |
| class | field6 |
| struct | FieldVM |
| Virtual machine for field arithmetic operations. More... | |
| struct | fixed_group_add_quad_ |
| struct | fixed_group_init_quad_ |
| struct | FoldingResult |
| The result of running the Protogalaxy prover containing a new accumulator as well as the proof data to instantiate the verifier transcript. More... | |
| class | Formatter |
| struct | GateSeparatorPolynomial |
| Implementation of the methods for the \(pow_{\ell}\)-polynomials used in Protogalaxy and \(pow_{\beta}\)-polynomials used in Sumcheck. More... | |
| class | GeminiProver_ |
| class | GeminiVerifier_ |
| class | GenericLookupRelationImpl |
| Specifies positions of elements in the tuple of entities received from methods in the Settings class. More... | |
| class | GenericPermutationRelationImpl |
| class | Goblin |
| struct | GoblinAccumulationOutput |
| class | GoblinMockCircuits |
| struct | GoblinProof |
| struct | GoogleBenchOpCountReporter |
| class | group |
| group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr More... | |
| class | GrumpkinSettings |
| class | HidingKernelIO |
| Manages the data that is propagated on the public inputs of of a hiding kernel circuit. More... | |
| class | IPA |
| IPA (inner product argument) commitment scheme class. More... | |
| struct | is_field_type |
| Helper to determine whether input is bberg::field type. More... | |
| struct | is_field_type< bb::field< Params > > |
| struct | is_iterable |
| struct | is_iterable< T, std::void_t< decltype(std::begin(std::declval< T & >())), decltype(std::end(std::declval< T & >()))> > |
| struct | KeccakTranscriptParams |
| class | KZG |
| class | KZGTest |
| class | LogDerivLookupRelationImpl |
| struct | Mapping |
| Stores permutation mapping data for a single wire column. More... | |
| class | MegaCircuitBuilder_ |
| class | MegaExecutionTraceBlocks |
| class | MegaFlavor |
| class | MegaRecursiveFlavor_ |
| The recursive counterpart to the "native" Mega flavor. More... | |
| class | MegaTraceArithmeticBlock |
| class | MegaTraceBlock |
| struct | MegaTraceBlockData |
| A container indexed by the types of the blocks in the execution trace. More... | |
| class | MegaTraceBusReadBlock |
| class | MegaTraceDeltaRangeBlock |
| class | MegaTraceEllipticBlock |
| class | MegaTraceLookupBlock |
| class | MegaTraceMemoryBlock |
| class | MegaTraceNonNativeFieldBlock |
| class | MegaTraceOverflowBlock |
| class | MegaTracePoseidon2ExternalBlock |
| class | MegaTracePoseidon2InternalBlock |
| class | MegaTracePublicInputBlock |
| class | MegaZKFlavor |
| Child class of MegaFlavor that runs with ZK Sumcheck. See more in Sumcheck Outline. More... | |
| class | MegaZKRecursiveFlavor_ |
| The recursive counterpart to the "native" MegaZKFlavor. More... | |
| class | MemoryRelationImpl |
| class | MergeProver |
| Prover class for the Goblin ECC op queue transcript merge protocol. More... | |
| class | MergeVerifier |
| Verifier class for the Goblin ECC op queue transcript merge protocol. More... | |
| struct | MetaData |
| Dyadic trace size and public inputs metadata; Common between prover and verifier keys. More... | |
| class | MockCircuits |
| struct | MockClaimGenerator |
| Constructs random polynomials, computes commitments and corresponding evaluations. More... | |
| class | MockTranscript |
| Mock transcript class used by IPA tests and fuzzer. More... | |
| struct | mul_quad_ |
| struct | mul_triple_ |
| struct | MultithreadData |
| class | NamedUnion |
| A wrapper around std::variant that provides msgpack serialization based on type names. More... | |
| struct | NativeTranscriptParams |
| class | NativeVerificationKey_ |
| Base Native verification key class. More... | |
| struct | non_native_multiplication_witnesses |
| struct | non_native_partial_multiplication_witnesses |
| class | NonNativeFieldRelationImpl |
| class | OinkProver |
| Class for all the oink rounds, which are shared between the folding prover and ultra prover. More... | |
| class | OinkVerifier |
| Verifier class for all the presumcheck rounds, which are shared between the folding verifier and ultra verifier. More... | |
| class | OpeningClaim |
| Unverified claim (C,r,v) for some witness polynomial p(X) such that. More... | |
| class | OpeningPair |
| Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v. More... | |
| struct | OriginTag |
| class | PairingPoints |
| An object storing two bn254 points that represent the inputs to a pairing check. More... | |
| struct | permutation_subgroup_element |
| Permutations subgroup element structure is used to hold data necessary to construct permutation polynomials. More... | |
| struct | PermutationMapping |
| struct | poly_triple_ |
| struct | PolyData |
| class | Polynomial |
| Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x ... a_n x^n of a finite field polynomial equation of degree that is at most the size of some zk circuit. Past 'n' it has a virtual size where it conceptually has coefficients all equal to 0. Notably, we allow indexing past 'n' up to our virtual size (checked only in a debug build, however). As well, we have a start index that means coefficients before start_index are also considered to be 0. The polynomial is used to represent the gates of our arithmetized zk programs. Polynomials use the majority of the memory in proving, so caution should be used in making sure unnecessary copies are avoided, both for avoiding unnecessary memory usage and performance due to unnecessary allocations. The polynomial has a maximum degree in the underlying SharedShiftedVirtualZeroesArray, dictated by the circuit size, this is just used for debugging as we represent. More... | |
| struct | PolynomialSpan |
| struct | poseidon2_external_gate_ |
| struct | poseidon2_internal_gate_ |
| class | Poseidon2ExternalRelationImpl |
| class | Poseidon2InternalRelationImpl |
| struct | PrecomputedData_ |
| The precomputed data needed to compute a Honk VK. More... | |
| struct | PrivateExecutionStepRaw |
| This is the msgpack encoding of the objects returned by the following typescript: const stepToStruct = (step: PrivateExecutionStep) => { return { bytecode: step.bytecode, witness: serializeWitness(step.witness), vk: step.vk, functionName: step.functionName }; }; await fs.writeFile(path, encode(executionSteps.map(stepToStruct))); See format notes below. More... | |
| struct | PrivateExecutionSteps |
| class | ProtogalaxyProver_ |
| class | ProtogalaxyProverInternal |
| A purely static class (never add state to this!) consisting of functions used by the Protogalaxy prover. More... | |
| class | ProtogalaxyVerifier_ |
| class | ProverOpeningClaim |
| Polynomial p and an opening pair (r,v) such that p(r) = v. More... | |
| class | ProxyCaller |
| Class that allows us to call internal IPA methods, because it's friendly. More... | |
| struct | PublicComponentKey |
| class | PublicInputComponent |
| A wrapper class for deserializing objects from the public inputs of a circuit. More... | |
| struct | PublicInputsAndProof |
| struct | RamRecord |
| A RAM memory record that can be ordered. More... | |
| struct | RamTranscript |
| Each ram array is an instance of memory transcript. It saves values and indexes for a particular memory array. More... | |
| class | RecursiveCircuit |
| class | RecursiveVeriferCommitmentKeyTest |
| class | RefArray |
| A template class for a reference array. Behaves as if std::array<T&, N> was possible. More... | |
| class | RefSpan |
| class | RefVector |
| A template class for a reference vector. Behaves as if std::vector<T&> was possible. More... | |
| class | Relation |
| A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribution of a given relation to the corresponding accumulator. More... | |
| class | RelationChecker |
| A debugging utility for checking whether a set of polynomials satisfies the relations for a given Flavor. More... | |
| class | RelationChecker< bb::UltraFlavor > |
| class | RelationChecker< MegaFlavor > |
| struct | RelationParameters |
| Container for parameters used by the grand product (permutation, lookup) Honk relations. More... | |
| class | RelationUtils |
| struct | RepeatedCommitmentsData |
| class | RollupIO |
| The data that is propagated on the public inputs of a rollup circuit. More... | |
| class | RomRamLogic_ |
| ROM/RAM logic handler for UltraCircuitBuilder. More... | |
| struct | RomRecord |
| A ROM memory record that can be ordered. More... | |
| struct | RomTranscript |
| Each rom array is an instance of memory transcript. It saves values and indexes for a particular memory array. More... | |
| struct | RowDisablingPolynomial |
| Polynomial for Sumcheck with disabled Rows. More... | |
| class | Selector |
| Abstract interface for a generic selector. More... | |
| class | ShpleminiProver_ |
| class | ShpleminiTest |
| class | ShpleminiVerifier_ |
| An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts. More... | |
| class | ShplonkProver_ |
| Shplonk Prover. More... | |
| class | ShplonkTest |
| class | ShplonkVerifier_ |
| Shplonk Verifier. More... | |
| class | SlabVectorSelector |
| Selector backed by a slab allocator vector. More... | |
| struct | SmallSubgroupIPACommitments |
| Contains commitments to polynomials [G], [A], and [Q]. See SmallSubgroupIPAProver docs. More... | |
| class | SmallSubgroupIPAProver |
| A Curve-agnostic ZK protocol to prove inner products of small vectors. More... | |
| class | SmallSubgroupIPATest |
| class | SmallSubgroupIPAVerifier |
| Verifies the consistency of polynomial evaluations provided by the the prover. More... | |
| class | StdlibVerificationKey_ |
| Base Stdlib verification key class. More... | |
| struct | SumcheckOutput |
| Contains the evaluations of multilinear polynomials \( P_1, \ldots, P_N\) at the challenge point \(\vec u
=(u_0,\ldots, u_{d-1})\). These are computed by Sumcheck Prover and need to be checked using Shplemini. More... | |
| class | SumcheckProver |
| The implementation of the sumcheck Prover for statements of the form \(\sum_{\vec \ell \in \{0,1\}^d}
pow_{\beta}(\vec \ell) \cdot F \left(P_1(\vec \ell),\ldots, P_N(\vec \ell) \right) = 0 \) for multilinear polynomials \(P_1, \ldots, P_N \). More... | |
| class | SumcheckProverRound |
| Imlementation of the Sumcheck prover round. More... | |
| class | SumcheckVerifier |
| Implementation of the sumcheck Verifier for statements of the form \(\sum_{\vec \ell \in \{0,1\}^d}
pow_{\beta}(\vec \ell) \cdot F \left(P_1(\vec \ell),\ldots, P_N(\vec \ell) \right) = 0 \) for multilinear polynomials \(P_1, \ldots, P_N \). More... | |
| class | SumcheckVerifierRound |
| Implementation of the Sumcheck Verifier Round. More... | |
| class | ThreadPool |
| struct | TraceSettings |
| struct | TraceStructure |
| class | TraceToPolynomials |
| class | TranscriptManifest |
| class | TranslationData |
A class designed to accept the ECCVM Transcript Polynomials, concatenate their masking terms in Lagrange basis over the SmallSubgroup, and commit to the concatenation. More... | |
| struct | TranslationEvaluations_ |
Stores the evaluations of op, Px, Py, z1, and z2 computed by the ECCVM Prover. These evaluations are batched and checked against the accumulated_result, which is computed and verified by Translator. More... | |
| class | TranslatorAccumulatorTransferRelationImpl |
| class | TranslatorCircuitBuilder |
| TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQueue in Fq while operating in the Fr scalar field (r is the modulus of Fr and q is the modulus of Fq) More... | |
| class | TranslatorCircuitChecker |
| class | TranslatorDecompositionRelationImpl |
| class | TranslatorDeltaRangeConstraintRelationImpl |
| struct | TranslatorFixedVKCommitments |
| Stores the fixed Translator VK commitments (to precomputed polynomials) that depend only on the circuit size constant CONST_TRANSLATOR_LOG_N. More... | |
| class | TranslatorFlavor |
| class | TranslatorNonNativeFieldRelationImpl |
| class | TranslatorOpcodeConstraintRelationImpl |
| class | TranslatorPermutationRelationImpl |
| class | TranslatorProver |
| class | TranslatorProvingKey |
| class | TranslatorRecursiveFlavor |
| The recursive counterpart of the native Translator flavor. More... | |
| class | TranslatorRecursiveTests |
| Test suite for standalone recursive verification of translation proofs. More... | |
| class | TranslatorRecursiveVerifier |
| class | TranslatorVerifier |
| class | TranslatorZeroConstraintsRelationImpl |
| struct | TupleOfContainersOverArray |
| Generic templates for constructing a container of containers of varying length, where the various lengths are specified in an array. More... | |
| struct | TupleOfContainersOverArray< InnerContainer, ValueType, domain_end, domain_start, skip_count, std::index_sequence< I... > > |
| class | UltraArithmeticRelationImpl |
| class | UltraCircuitBuilder_ |
| class | UltraCircuitChecker |
| class | UltraEccOpsTable |
| Stores a table of elliptic curve operations represented in the Ultra format. More... | |
| class | UltraExecutionTraceBlocks |
| class | UltraFlavor |
| class | UltraHonkAPI |
| class | UltraKeccakFlavor |
| class | UltraKeccakRecursiveFlavor_ |
| class | UltraKeccakZKFlavor |
| struct | UltraOp |
| class | UltraPermutationRelationImpl |
| Ultra Permutation Relation. More... | |
| class | UltraProver_ |
| class | UltraRecursiveFlavor_ |
| The recursive counterpart to the "native" Ultra flavor. More... | |
| class | UltraRollupFlavor |
| class | UltraRollupRecursiveFlavor_ |
| The recursive counterpart to the "native" UltraRollupFlavor. More... | |
| class | UltraTraceArithmeticBlock |
| class | UltraTraceBlock |
| struct | UltraTraceBlockData |
| Defines the circuit block types for the Ultra arithmetization. More... | |
| class | UltraTraceDeltaRangeBlock |
| class | UltraTraceEllipticBlock |
| class | UltraTraceLookupBlock |
| class | UltraTraceMemoryBlock |
| class | UltraTraceNonNativeFieldBlock |
| class | UltraTraceOverflowBlock |
| class | UltraTracePoseidon2ExternalBlock |
| class | UltraTracePoseidon2InternalBlock |
| class | UltraTracePublicInputBlock |
| class | UltraVerifier_ |
| class | UltraZKFlavor |
| Child class of UltraFlavor that runs with ZK Sumcheck. More... | |
| class | UltraZKRecursiveFlavor_ |
| The recursive counterpart to the Ultra flavor with ZK. More... | |
| class | Univariate |
| A univariate polynomial represented by its values on {domain_start, domain_start + 1,..., domain_end - 1}. For memory efficiency purposes, we store the evaluations in an array starting from 0 and make the mapping to the right domain under the hood. More... | |
| class | UnivariateClaimData |
| class | UnivariateCoefficientBasis |
| A view of a univariate, also used to truncate univariates. More... | |
| class | UnivariateView |
| A view of a univariate, also used to truncate univariates. More... | |
| class | VerifierCommitmentKey |
| Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit. More... | |
| class | VerifierCommitmentKey< curve::BN254 > |
| Specialization for bn254. More... | |
| class | VerifierCommitmentKey< curve::Grumpkin > |
| Specialization for Grumpkin. More... | |
| class | VKAndHash_ |
| struct | VMSettings |
| Settings structure to control which operations are enabled in the VM. More... | |
| class | WitnessComputation |
| Methods for managing the compututation of derived witness polynomials such as the permutation grand product, log-derivative lookup inverses, and RAM/RAM memory records. More... | |
| class | ZeroSelector |
| Selector specialization that only allows zeros. More... | |
| struct | ZKSumcheckData |
| This structure is created to contain various polynomials and constants required by ZK Sumcheck. More... | |
Concepts | |
| concept | IsCheckable |
| concept | HasMsgpackSchemaName |
| Concept to check if a type has a static NAME member. | |
| concept | IsUltraHonk |
| Test whether a type T lies in a list of types ...U. | |
| concept | IsUltraOrMegaHonk |
| concept | IsMegaFlavor |
| concept | HasDataBus |
| concept | UseRowDisablingPolynomial |
| concept | HasIPAAccumulator |
| concept | IsRecursiveFlavor |
| concept | IsKeccakFlavor |
| concept | IsGrumpkinFlavor |
| concept | HasAdditionalSelectors |
| concept | IsAnyOf |
| concept | IsDeserializableFromPublicInputs |
| A concept defining requirements for types that are to be deserialized from the public inputs of a circuit via the PublicInputComponent class. | |
| concept | HasSubrelationLinearlyIndependentMember |
| concept | HasParameterLengthAdjustmentsMember |
| concept | isSkippable |
| The templates defined herein facilitate sharing the relation arithmetic between the prover and the verifier. | |
| concept | isRowSkippable |
| Check if the flavor has a static skip method to determine if accumulation of all relations can be skipped for a given row. | |
| concept | specifiesUnivariateChunks |
| concept | Loggable |
| concept | InCircuit |
Functions | |
| acir_format::WitnessVector | get_witness (std::string const &witness_path) |
| acir_format::AcirFormat | get_constraint_system (std::string const &bytecode_path) |
| acir_format::WitnessVectorStack | get_witness_stack (std::string const &witness_path) |
| std::vector< acir_format::AcirFormat > | get_constraint_systems (std::string const &bytecode_path) |
| void | avm_prove (const std::filesystem::path &inputs_path, const std::filesystem::path &output_path) |
| Writes an avm proof and corresponding (incomplete) verification key to files. | |
| void | avm_check_circuit (const std::filesystem::path &inputs_path) |
| bool | avm_verify (const std::filesystem::path &proof_path, const std::filesystem::path &public_inputs_path, const std::filesystem::path &vk_path) |
| Verifies an avm proof and writes the result to stdout. | |
| void | gate_count_for_ivc (const std::string &bytecode_path, bool include_gates_per_opcode) |
| void | write_arbitrary_valid_client_ivc_proof_and_vk_to_file (const std::filesystem::path &output_dir) |
| std::vector< uint8_t > | decompress (const void *bytes, size_t size) |
| std::vector< uint8_t > | compress (const std::vector< uint8_t > &input) |
| int | process_msgpack_commands (std::istream &input_stream) |
| Process msgpack API commands from an input stream. | |
| int | execute_msgpack_run (const std::string &msgpack_input_file) |
| Execute msgpack run command. | |
| template<typename Flavor > | |
| void | write_recursion_inputs_ultra_honk (const std::string &bytecode_path, const std::string &witness_path, const std::string &output_path) |
| template void | write_recursion_inputs_ultra_honk< UltraFlavor > (const std::string &bytecode_path, const std::string &witness_path, const std::string &output_path) |
| template void | write_recursion_inputs_ultra_honk< UltraRollupFlavor > (const std::string &bytecode_path, const std::string &witness_path, const std::string &output_path) |
| std::vector< uint8_t > | exec_pipe (const std::string &command) |
| size_t | get_file_size (std::string const &filename) |
| std::vector< uint8_t > | read_file (const std::string &filename, size_t bytes=0) |
| void | write_file (const std::string &filename, std::vector< uint8_t > const &data) |
| template<typename Fr > | |
| std::string | field_elements_to_json (const std::vector< Fr > &fields) |
| void | prove_tube (const std::string &output_path, const std::string &vk_path) |
| Creates a Honk Proof for the Tube circuit responsible for recursively verifying a ClientIVC proof. | |
| void | print_active_subcommands (const CLI::App &app, const std::string &prefix="bb command: ") |
| CLI::App * | find_deepest_subcommand (CLI::App *app) |
| void | print_subcommand_options (const CLI::App *sub) |
| int | parse_and_run_cli_command (int argc, char *argv[]) |
| Parse command line arguments and run the corresponding command. | |
| void | vector_of_evaluations (State &state) noexcept |
| void | compute_row_evaluations (State &state) noexcept |
| void | fold_k (State &state) noexcept |
| BENCHMARK (vector_of_evaluations) -> DenseRange(15, 21) ->Unit(kMillisecond) ->Iterations(1) | |
| BENCHMARK (compute_row_evaluations) -> DenseRange(15, 21) ->Unit(kMillisecond) | |
| BENCHMARK (fold_k) -> DenseRange(14, 20) ->Unit(kMillisecond) | |
| void | _bench_round (::benchmark::State &state, void(*F)(ProtogalaxyProver_< Flavor > &)) |
| void | bench_round_mega (::benchmark::State &state, void(*F)(ProtogalaxyProver_< MegaFlavor > &)) |
| BENCHMARK_CAPTURE (bench_round_mega, oink, [](auto &prover) { prover.run_oink_prover_on_each_incomplete_key();}) -> DenseRange(14, 20) -> Unit(kMillisecond) | |
| BENCHMARK_CAPTURE (bench_round_mega, perturbator, [](auto &prover) { prover.perturbator_round(prover.accumulator);}) -> DenseRange(14, 20) -> Unit(kMillisecond) | |
| BENCHMARK_CAPTURE (bench_round_mega, combiner_quotient, [](auto &prover) { prover.combiner_quotient_round(prover.accumulator->gate_challenges, prover.deltas, prover.keys_to_fold);}) -> DenseRange(14, 20) -> Unit(kMillisecond) | |
| BENCHMARK_CAPTURE (bench_round_mega, fold, [](auto &prover) { prover.update_target_sum_and_fold(prover.keys_to_fold, prover.combiner_quotient, prover.alphas, prover.relation_parameters, prover.perturbator_evaluation);}) -> DenseRange(14, 20) -> Unit(kMillisecond) | |
| TEST (MegaCircuitBuilder, CopyConstructor) | |
| TEST (MegaCircuitBuilder, BaseCase) | |
| TEST (MegaCircuitBuilder, GoblinSimple) | |
| Test the queueing of simple ecc ops via the Goblin builder. | |
| TEST (MegaCircuitBuilder, GoblinEccOpQueueUltraOps) | |
| Check that the ultra ops are recorded correctly in the EccOpQueue. | |
| TEST (MegaCircuitBuilder, CompleteSelectorPartitioningCheck) | |
| Check that the selector partitioning is correct for the mega circuit builder. | |
| TEST (UltraCircuitBuilder, CopyConstructor) | |
| TEST (UltraCircuitBuilder, CreateGatesFromPlookupAccumulators) | |
| TEST (UltraCircuitBuilder, BadLookupFailure) | |
| TEST (UltraCircuitBuilder, BaseCase) | |
| TEST (UltraCircuitBuilder, TestNoLookupProof) | |
| TEST (UltraCircuitBuilder, TestEllipticGate) | |
| TEST (UltraCircuitBuilder, TestEllipticDoubleGate) | |
| TEST (UltraCircuitBuilder, NonTrivialTagPermutation) | |
| TEST (UltraCircuitBuilder, NonTrivialTagPermutationAndCycles) | |
| TEST (UltraCircuitBuilder, BadTagPermutation) | |
| TEST (UltraCircuitBuilder, SortWidget) | |
| std::vector< uint32_t > | add_variables (UltraCircuitBuilder &builder, std::vector< fr > variables) |
| TEST (UltraCircuitBuilder, SortWithEdgesGate) | |
| TEST (UltraCircuitBuilder, RangeConstraint) | |
| TEST (UltraCircuitBuilder, RangeWithGates) | |
| TEST (UltraCircuitBuilder, RangeWithGatesWhereRangeIsNotAPowerOfTwo) | |
| TEST (UltraCircuitBuilder, SortWidgetComplex) | |
| TEST (UltraCircuitBuilder, SortWidgetNeg) | |
| TEST (UltraCircuitBuilder, ComposedRangeConstraint) | |
| TEST (UltraCircuitBuilder, NonNativeFieldMultiplication) | |
| TEST (UltraCircuitBuilder, NonNativeFieldMultiplicationSortCheck) | |
| Test that the nnf block only contains nnf gates. | |
| TEST (UltraCircuitBuilder, Rom) | |
| TEST (UltraCircuitBuilder, RamSimple) | |
| A simple-as-possible RAM read test, for easier debugging. | |
| TEST (UltraCircuitBuilder, Ram) | |
| TEST (UltraCircuitBuilder, RangeChecksOnDuplicates) | |
| TEST (UltraCircuitBuilder, CheckCircuitShowcase) | |
| template<> | |
| auto | UltraCircuitChecker::init_empty_values< MegaCircuitBuilder_< bb::fr > > () |
| template<> | |
| MegaCircuitBuilder_< bb::fr > | UltraCircuitChecker::prepare_circuit< MegaCircuitBuilder_< bb::fr > > (const MegaCircuitBuilder_< bb::fr > &builder_in) |
| template bool | UltraCircuitChecker::check< MegaCircuitBuilder_< bb::fr > > (const MegaCircuitBuilder_< bb::fr > &builder_in) |
| template<typename T > | |
| T | unpack_from_file (const std::filesystem::path &filename) |
| bool | verify_ivc (ClientIVC::Proof &proof, ClientIVC &ivc) |
| Verify an IVC proof. | |
| std::pair< ClientIVC::Proof, ClientIVC::VerificationKey > | accumulate_and_prove_ivc_with_precomputed_vks (size_t num_app_circuits, auto &precomputed_vks, const bool large_first_app=true) |
| Perform a specified number of circuit accumulation rounds. | |
| std::vector< std::shared_ptr< typename MegaFlavor::VerificationKey > > | precompute_vks (const size_t num_app_circuits, const bool large_first_app=true) |
| template<typename Curve > | |
| CommitmentKey< Curve > | create_commitment_key (const size_t num_points) |
| template<typename FF > | |
| Polynomial< FF > | sparse_random_poly (const size_t size, const size_t num_nonzero) |
| template<typename FF > | |
| PolyData< FF > | structured_random_poly (bool non_zero_complement=false) |
| template<typename Curve > | |
| void | bench_commit_zero (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse_preprocessed (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse_random (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse_random_preprocessed (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_random (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_random_non_power_of_2 (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_structured_random_poly (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_structured_random_poly_preprocessed (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_mock_z_perm (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_mock_z_perm_preprocessed (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_pippenger_without_endomorphism_basis_points (::benchmark::State &state) |
| Benchmark pippenger_without_endomorphism_basis_points function, which is used notably in the IPA verifier. | |
| DenseRange (MIN_LOG_NUM_GRUMPKIN_POINTS, MAX_LOG_NUM_GRUMPKIN_POINTS) -> Unit(benchmark::kMillisecond) | |
| DenseRange (MIN_LOG_NUM_POINTS, MAX_LOG_NUM_POINTS) -> Unit(benchmark::kMillisecond) | |
| BENCHMARK (bench_commit_structured_random_poly< curve::BN254 >) -> Unit(benchmark::kMillisecond) | |
| BENCHMARK (bench_commit_structured_random_poly_preprocessed< curve::BN254 >) -> Unit(benchmark::kMillisecond) | |
| BENCHMARK (bench_commit_mock_z_perm< curve::BN254 >) -> Unit(benchmark::kMillisecond) | |
| BENCHMARK (bench_commit_mock_z_perm_preprocessed< curve::BN254 >) -> Unit(benchmark::kMillisecond) | |
| template<class CK > | |
| CK | create_commitment_key (const size_t num_points=0) |
| template<> | |
| CommitmentKey< curve::BN254 > | create_commitment_key< CommitmentKey< curve::BN254 > > (const size_t num_points) |
| template<> | |
| CommitmentKey< curve::Grumpkin > | create_commitment_key< CommitmentKey< curve::Grumpkin > > (const size_t num_points) |
| template<class VK > | |
| VK | create_verifier_commitment_key () |
| template<> | |
| VerifierCommitmentKey< curve::BN254 > | create_verifier_commitment_key< VerifierCommitmentKey< curve::BN254 > > () |
| template<> | |
| VerifierCommitmentKey< curve::Grumpkin > | create_verifier_commitment_key< VerifierCommitmentKey< curve::Grumpkin > > () |
| TEST_F (IPATest, ChallengesAreZero) | |
| TEST_F (IPATest, AIsZeroAfterOneRound) | |
| TEST_F (KZGTest, Single) | |
| TEST_F (KZGTest, ZeroEvaluation) | |
| TEST_F (KZGTest, ZeroPolynomial) | |
| TEST_F (KZGTest, ConstantPolynomial) | |
| TEST_F (KZGTest, EmptyPolynomial) | |
| TEST_F (KZGTest, SingleInLagrangeBasis) | |
| Test opening proof of a polynomial given by its evaluations at \( i = 0, \ldots, n \). Should only be used for small values of \( n \). | |
| TEST_F (KZGTest, GeminiShplonkKzgWithShift) | |
| Test full PCS protocol: Gemini, Shplonk, KZG and pairing check. | |
| TEST_F (KZGTest, ShpleminiKzgWithShift) | |
| TEST_F (KZGTest, ShpleminiKzgWithShiftAndInterleaving) | |
| TEST_F (KZGTest, ShpleminiKzgShiftsRemoval) | |
| TYPED_TEST_SUITE (ShpleminiTest, TestSettings) | |
| TYPED_TEST (ShpleminiTest, CorrectnessOfMultivariateClaimBatching) | |
| TYPED_TEST (ShpleminiTest, CorrectnessOfGeminiClaimBatching) | |
| TYPED_TEST (ShpleminiTest, ShpleminiZKNoSumcheckOpenings) | |
| Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver and Libra polynomials used to mask Sumcheck Round Univariates. This abstracts the PCS step in each ZK Flavor running over BN254. | |
| TYPED_TEST (ShpleminiTest, ShpleminiZKWithSumcheckOpenings) | |
| Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver, Libra polynomials used to mask Sumcheck Round Univariates and prove/verify the claimed evaluations of committed sumcheck round univariates. This test abstracts the PCS step in each ZK Flavor running over Grumpkin. | |
| TYPED_TEST_SUITE (ShplonkTest, CurveTypes) | |
| TYPED_TEST (ShplonkTest, ShplonkSimple) | |
| TYPED_TEST (ShplonkTest, ShplonkLinearlyDependent) | |
| TYPED_TEST (ShplonkTest, ExportBatchClaimAndVerify) | |
| template<typename Curve > | |
| std::vector< typename Curve::ScalarField > | compute_eccvm_challenge_coeffs (const typename Curve::ScalarField &evaluation_challenge_x, const typename Curve::ScalarField &batching_challenge_v) |
| Denote \( M = \text{NUM_DISABLED_ROWS_IN_SUMCHECK} \) and \( N = NUM_SMALL_IPA_EVALUTIONS\). Given an evaluation challenge \( x \) and a batching challenge \(v\), compute the polynomial whose coefficients are given by the vector \( (1, x , x^2 , \ldots, x^{M - 1 }, v\cdot x, \ldots, v^{N-1} \cdot x^{M-2}, v^{N-1}, \cdot x^{M-1},
0, \ldots, 0)\) in the Lagrange basis over the Small Subgroup. | |
| TYPED_TEST_SUITE (SmallSubgroupIPATest, TestFlavors) | |
| TYPED_TEST (SmallSubgroupIPATest, ProverComputationsCorrectness) | |
| TYPED_TEST (SmallSubgroupIPATest, VerifierEvaluations) | |
| TYPED_TEST (SmallSubgroupIPATest, LibraEvaluationsConsistency) | |
| TYPED_TEST (SmallSubgroupIPATest, LibraEvaluationsConsistencyFailure) | |
| TYPED_TEST (SmallSubgroupIPATest, TranslationMaskingTermConsistency) | |
| TYPED_TEST (SmallSubgroupIPATest, TranslationMaskingTermConsistencyFailure) | |
| std::array< std::string, NUM_SMALL_IPA_EVALUATIONS > | get_evaluation_labels (const std::string &label_prefix) |
Shared by Prover and Verifier. label_prefix is either Libra: or Translation:. | |
| template<typename FF > | |
| std::array< FF, NUM_SMALL_IPA_EVALUATIONS > | compute_evaluation_points (const FF &small_ipa_evaluation_challenge, const FF &subgroup_generator) |
| The verification of Grand Sum Identity requires the evaluations G(r), A(g * r), A(r), Q(r). Shared by Prover and Verifier. | |
| TYPED_TEST_SUITE (CommitmentKeyTest, Curves) | |
| TYPED_TEST (CommitmentKeyTest, CommitFull) | |
| TYPED_TEST (CommitmentKeyTest, CommitFullMedium) | |
| TYPED_TEST (CommitmentKeyTest, CommitSRSCheck) | |
| TYPED_TEST (CommitmentKeyTest, CommitStructuredWire) | |
| Test commit_structured on polynomial with blocks of non-zero values (like wires when using structured trace) | |
| TYPED_TEST (CommitmentKeyTest, CommitStructuredMaskedWire) | |
| Test commit_structured on polynomial with blocks of non-zero values that resembles masked structured witness. | |
| TYPED_TEST (CommitmentKeyTest, CommitStructuredNonzeroComplement) | |
| Test the method for committing to structured polynomials with a constant nonzero complement (i.e. the permutation grand product polynomial z_perm in the structured trace setting). | |
| template<size_t Start, size_t End, size_t Inc, class F > | |
| constexpr void | constexpr_for (F &&f) |
| Implements a loop using a compile-time iterator. Requires c++20. Implementation (and description) from https://artificial-mind.net/blog/2020/10/31/constexpr-for. | |
| template<typename C > | |
| C | slice (C const &container, size_t start) |
| template<typename C > | |
| C | slice (C const &container, size_t start, size_t end) |
| template<typename C > | |
| C | join (std::initializer_list< C > to_join) |
| std::string | join (std::vector< std::string > const &to_join, std::string const &with=",") |
| template<template< typename, typename... > typename Cont, typename InnerCont , typename... Args> | |
| InnerCont | flatten (Cont< InnerCont, Args... > const &in) |
| template<typename T > | |
| int64_t | index_of (std::vector< T > const &vec, T const &item) |
| template<template< typename, typename... > typename Cont, typename Inner , typename... Args> | |
| Inner | sum (Cont< Inner, Args... > const &in) |
| template<template< typename, typename... > typename Cont, typename Left , typename Right , typename... Args> | |
| std::pair< Left, Right > | sum_pairs (Cont< std::pair< Left, Right >, Args... > const &in) |
| std::string | msgpack_to_json (msgpack::object const &o, size_t max_chars) |
| template<typename... Types> | |
| NamedUnion (std::variant< Types... >) -> NamedUnion< Types... > | |
| void | parallel_for_atomic_pool (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_mutex_pool (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_queued (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_spawning (size_t num_iterations, const std::function< void(size_t)> &func) |
| template<typename T , typename... Ts> | |
| RefArray (T &, Ts &...) -> RefArray< T, 1+sizeof...(Ts)> | |
| Deduction guide for the RefArray class. Allows for RefArray {a, b, c} without explicit template params. | |
| template<typename T , std::size_t... Ns> | |
| RefArray< T,(Ns+...)> constexpr | concatenate (const RefArray< T, Ns > &... ref_arrays) |
| Concatenates multiple RefArray objects into a single RefArray. | |
| template<typename T , typename... Ts> | |
| RefVector (T &, Ts &...) -> RefVector< T > | |
| Deduction guide for the RefVector class. Allows for RefVector {a, b, c} without explicit template params. | |
| template<typename T > | |
| RefVector< T > | concatenate (const RefVector< T > &ref_vector, const auto &... ref_vectors) |
| Concatenates multiple RefVector objects into a single RefVector. | |
| void | init_slab_allocator (size_t circuit_subgroup_size) |
| std::shared_ptr< void > | get_mem_slab (size_t size) |
| void * | get_mem_slab_raw (size_t size) |
| void | free_mem_slab_raw (void *p) |
| template<typename T , std::size_t... Ns> | |
| std::array< T,(Ns+...)> | concatenate (const std::array< T, Ns > &... arrays) |
| Concatenates multiple std::array objects into a single array. | |
| template<typename T > | |
| std::vector< T > | concatenate (const std::vector< T > &vector, const auto &... vectors) |
| Concatenates multiple std::vector objects into a single std::vector. | |
| void | parallel_for_omp (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_moody (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_range (size_t num_points, const std::function< void(size_t, size_t)> &func, size_t no_multhreading_if_less_or_equal) |
| Split a loop into several loops running in parallel. | |
| void | parallel_for_heuristic (size_t num_points, const std::function< void(size_t, size_t, size_t)> &func, size_t heuristic_cost) |
| Split a loop into several loops running in parallel based on operations in 1 iteration. | |
| MultithreadData | calculate_thread_data (size_t num_iterations, size_t min_iterations_per_thread=DEFAULT_MIN_ITERS_PER_THREAD) |
| Calculates number of threads and index bounds for each thread. | |
| size_t | calculate_num_threads (size_t num_iterations, size_t min_iterations_per_thread) |
| calculates number of threads to create based on minimum iterations per thread | |
| size_t | calculate_num_threads_pow2 (size_t num_iterations, size_t min_iterations_per_thread) |
| calculates number of threads to create based on minimum iterations per thread, guaranteed power of 2 | |
| size_t | get_num_cpus () |
| size_t | get_num_cpus_pow2 () |
| template<typename Func > requires std::invocable<Func, std::size_t> | |
| void | parallel_for_heuristic (size_t num_points, const Func &func, size_t heuristic_cost) |
| template<typename Func , typename Accum > requires std::invocable<Func, std::size_t, Accum&> | |
| std::vector< Accum > | parallel_for_heuristic (size_t num_points, const Accum &initial_accum, const Func &func, size_t heuristic_cost) |
| parallel_for_heuristic variant that takes an accumulator initializer that is allocated in a vector, one accumulator per thread/chunk. This allows for thread-safe accumulation, see sum() or sum_pairs() in container.hpp for an easy way to combine the thread/chunk contributions into a final result. | |
| TYPED_TEST_SUITE (BatchedAffineAdditionTests, Curves) | |
| TYPED_TEST (BatchedAffineAdditionTests, Reduce) | |
| template<typename B , typename base_field , typename Params > | |
| void | read (B &it, field2< base_field, Params > &value) |
| template<typename B , typename base_field , typename Params > | |
| void | write (B &buf, field2< base_field, Params > const &value) |
| template<typename B , typename Params > | |
| void | read (B &it, field< Params > &value) |
| template<typename B , typename Params > | |
| void | write (B &buf, field< Params > const &value) |
| template<typename Group , detail::DomainSeparator domain_separator, std::size_t num_generators, std::size_t starting_index = 0> | |
| constexpr std::span< const typename Group::affine_element > | get_precomputed_generators () |
| template<typename Group , detail::DomainSeparator domain_separator, std::size_t num_generators, std::size_t starting_index = 0> | |
| bool | check_precomputed_generators () |
| auto | get_unshifted_then_shifted (const auto &all_entities) |
| template<typename Tuple > | |
| constexpr size_t | compute_max_partial_relation_length () |
| Utility function to find max PARTIAL_RELATION_LENGTH tuples of Relations. | |
| template<typename Tuple > | |
| constexpr size_t | compute_max_total_relation_length () |
| Utility function to find max TOTAL_RELATION_LENGTH among tuples of Relations. | |
| template<typename Tuple > | |
| constexpr size_t | compute_number_of_subrelations () |
| Utility function to find the number of subrelations. | |
| template<typename Tuple , size_t NUM_KEYS, bool optimized = false> | |
| constexpr auto | create_protogalaxy_tuple_of_tuples_of_univariates () |
| Utility function to construct a container for the subrelation accumulators of Protogalaxy folding. | |
| template<typename RelationsTuple > | |
| constexpr auto | create_sumcheck_tuple_of_tuples_of_univariates () |
| Utility function to construct a container for the subrelation accumulators of sumcheck proving. | |
| template<typename RelationsTuple > | |
| constexpr auto | create_tuple_of_arrays_of_values () |
| Construct tuple of arrays. | |
| template<typename Container , typename Element > | |
| std::string | flavor_get_label (Container &&container, const Element &element) |
| template<typename Builder > | |
| void | generate_sha256_test_circuit (Builder &builder, size_t num_iterations) |
| template<typename Flavor > | |
| void | construct_lookup_table_polynomials (const RefArray< typename Flavor::Polynomial, 4 > &table_polynomials, const typename Flavor::CircuitBuilder &circuit, const size_t dyadic_circuit_size, const size_t additional_offset=0) |
| template<typename Flavor > | |
| void | construct_lookup_read_counts (typename Flavor::Polynomial &read_counts, typename Flavor::Polynomial &read_tags, typename Flavor::CircuitBuilder &circuit, const size_t dyadic_circuit_size) |
| Construct polynomial whose value at index i is the number of times the table entry at that index has been read. | |
| template<typename Flavor > | |
| void | compute_permutation_argument_polynomials (const typename Flavor::CircuitBuilder &circuit, typename Flavor::ProverPolynomials &polynomials, const std::vector< CyclicPermutation > ©_cycles, ActiveRegionData &active_region_data) |
| Compute Honk style generalized permutation sigmas and ids and add to proving_key. | |
| template<typename B , typename FF > | |
| void | read (B &buf, poly_triple_< FF > &constraint) |
| template<typename B , typename FF > | |
| void | write (B &buf, poly_triple_< FF > const &constraint) |
| template<typename Flavor > | |
| Flavor::FF | compute_public_input_delta (std::span< const typename Flavor::FF > public_inputs, const typename Flavor::FF &beta, const typename Flavor::FF &gamma, const typename Flavor::FF &offset=0) |
| Compute the correction term for the permutation argument. | |
| template<typename Flavor , typename GrandProdRelation > | |
| void | compute_grand_product (typename Flavor::ProverPolynomials &full_polynomials, bb::RelationParameters< typename Flavor::FF > &relation_parameters, size_t size_override=0, const ActiveRegionData &active_region_data=ActiveRegionData{}) |
| Compute a permutation grand product polynomial Z_perm(X) | |
| template<typename Flavor > | |
| void | compute_grand_products (typename Flavor::ProverPolynomials &full_polynomials, bb::RelationParameters< typename Flavor::FF > &relation_parameters, const size_t size_override=0) |
| Compute the grand product corresponding to each grand-product relation defined in the Flavor. | |
| template<typename FF , typename Relation , typename Polynomials , bool UseMultithreading = false> | |
| void | compute_logderivative_inverse (Polynomials &polynomials, auto &relation_parameters, const size_t circuit_size) |
Compute the inverse polynomial I(X) required for logderivative lookups
| |
| template<typename FF , typename Relation , typename ContainerOverSubrelations , typename AllEntities , typename Parameters > | |
| void | accumulate_logderivative_lookup_subrelation_contributions (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters ¶ms, const FF &scaling_factor) |
| Compute generic log-derivative lookup subrelation accumulation. | |
| template<typename FF , typename Relation , typename ContainerOverSubrelations , typename AllEntities , typename Parameters > | |
| void | accumulate_logderivative_permutation_subrelation_contributions (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters ¶ms, const FF &scaling_factor) |
| Compute generic log-derivative set permutation subrelation accumulation. | |
| template<typename Flavor > | |
| Flavor::ProverPolynomials | get_sequential_prover_polynomials (const size_t log_circuit_size, const size_t starting_value) |
| Get a ProverPolynomials instance initialized to sequential values starting at 0. | |
| template<typename Flavor > | |
| Flavor::ProverPolynomials | get_zero_prover_polynomials (const size_t log_circuit_size) |
| template<typename Fr > | |
| SharedShiftedVirtualZeroesArray< Fr > | _clone (const SharedShiftedVirtualZeroesArray< Fr > &array, size_t right_expansion=0, size_t left_expansion=0) |
| template<typename Fr > | |
| std::shared_ptr< Fr[]> | _allocate_aligned_memory (size_t n_elements) |
| template<typename Fr_ > | |
| Fr_ | _evaluate_mle (std::span< const Fr_ > evaluation_points, const SharedShiftedVirtualZeroesArray< Fr_ > &coefficients, bool shift) |
| Internal implementation to support both native and stdlib circuit field types. | |
| template<typename Fr_ > | |
| Fr_ | generic_evaluate_mle (std::span< const Fr_ > evaluation_points, const SharedShiftedVirtualZeroesArray< Fr_ > &coefficients) |
| Static exposed implementation to support both native and stdlib circuit field types. | |
| template<typename Fr > | |
| std::ostream & | operator<< (std::ostream &os, const Polynomial< Fr > &p) |
| template<typename Poly , typename... Polys> | |
| auto | zip_polys (Poly &&poly, Polys &&... polys) |
| template<typename B , class Fr , size_t domain_end, size_t domain_start = 0> | |
| void | read (B &it, Univariate< Fr, domain_end, domain_start > &univariate) |
| template<typename B , class Fr , size_t domain_end, size_t domain_start = 0> | |
| void | write (B &it, Univariate< Fr, domain_end, domain_start > const &univariate) |
| template<class Fr , size_t domain_end, size_t domain_start = 0, size_t skip_count = 0> | |
| Univariate< Fr, domain_end, domain_start, skip_count > | operator+ (const Fr &ff, const Univariate< Fr, domain_end, domain_start, skip_count > &uv) |
| template<class Fr , size_t domain_end, size_t domain_start = 0, size_t skip_count = 0> | |
| Univariate< Fr, domain_end, domain_start, skip_count > | operator- (const Fr &ff, const Univariate< Fr, domain_end, domain_start, skip_count > &uv) |
| template<class Fr , size_t domain_end, size_t domain_start = 0, size_t skip_count = 0> | |
| Univariate< Fr, domain_end, domain_start, skip_count > | operator* (const Fr &ff, const Univariate< Fr, domain_end, domain_start, skip_count > &uv) |
| template<class Fr , size_t domain_end, size_t domain_start = 0, size_t skip_count = 0> | |
| Univariate< Fr, domain_end, domain_start, skip_count > | operator+ (const Fr &ff, const UnivariateView< Fr, domain_end, domain_start, skip_count > &uv) |
| template<class Fr , size_t domain_end, size_t domain_start = 0, size_t skip_count = 0> | |
| Univariate< Fr, domain_end, domain_start, skip_count > | operator- (const Fr &ff, const UnivariateView< Fr, domain_end, domain_start, skip_count > &uv) |
| template<class Fr , size_t domain_end, size_t domain_start = 0, size_t skip_count = 0> | |
| Univariate< Fr, domain_end, domain_start, skip_count > | operator* (const Fr &ff, const UnivariateView< Fr, domain_end, domain_start, skip_count > &uv) |
| template<typename T , typename U , std::size_t N, std::size_t... Is> | |
| std::array< T, sizeof...(Is)> | array_to_array_aux (const std::array< U, N > &elements, std::index_sequence< Is... >) |
Create a sub-array of elements at the indices given in the template pack Is, converting them to the new type T. | |
| template<typename T , typename U , std::size_t N> | |
| std::array< T, N > | array_to_array (const std::array< U, N > &elements) |
| Given an std::array<U,N>, returns an std::array<T,N>, by calling the (explicit) constructor T(U). | |
| template<typename B , class Fr , size_t domain_end, bool has_a0_plus_a1> | |
| void | read (B &it, UnivariateCoefficientBasis< Fr, domain_end, has_a0_plus_a1 > &univariate) |
| template<typename B , class Fr , size_t domain_end, bool has_a0_plus_a1> | |
| void | write (B &it, UnivariateCoefficientBasis< Fr, domain_end, has_a0_plus_a1 > const &univariate) |
| template<typename FF , size_t NUM> | |
| std::tuple< FF, std::vector< FF > > | compute_vanishing_polynomial_and_lagrange_evaluations (const FF &combiner_challenge) |
| template<typename FF > | |
| std::vector< FF > | update_gate_challenges (const FF &perturbator_challenge, const std::vector< FF > &gate_challenges, const std::vector< FF > &init_challenges) |
| Compute the gate challenges used in the combiner calculation. | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMBoolsRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMLookupRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMMSMRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMPointTableRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMSetRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_PERMUTATION_CLASS (ECCVMSetRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMTranscriptRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMWnafRelationImpl, ECCVMFlavor) | |
| template<typename Relation , size_t subrelation_index> | |
| constexpr bool | subrelation_is_linearly_independent () |
| Check whether a given subrelation is linearly independent from the other subrelations. | |
| template<typename RelationImpl > | |
| consteval std::array< size_t, RelationImpl::SUBRELATION_PARTIAL_LENGTHS.size()> | compute_total_subrelation_lengths () |
| Compute the total subrelation lengths, i.e., the lengths when regarding the challenges as variables. | |
| template<size_t NUM_KEYS, size_t NUM_SUBRELATIONS> | |
| consteval std::array< size_t, NUM_SUBRELATIONS > | compute_composed_subrelation_partial_lengths (std::array< size_t, NUM_SUBRELATIONS > SUBRELATION_PARTIAL_LENGTHS) |
| Get the subrelation accumulators for the Protogalaxy combiner calculation. | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorDeltaRangeConstraintRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorOpcodeConstraintRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorAccumulatorTransferRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorZeroConstraintsRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorNonNativeFieldRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorPermutationRelationImpl, TranslatorFlavor) | |
| std::vector< g1::affine_element > | get_bn254_g1_data (const std::filesystem::path &path, size_t num_points, bool allow_download) |
| g2::affine_element | get_bn254_g2_data (const std::filesystem::path &path, bool allow_download) |
| std::vector< curve::Grumpkin::AffineElement > | get_grumpkin_g1_data (const std::filesystem::path &path, size_t num_points, bool allow_download) |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMBoolsRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMLookupRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMMSMRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMPointTableRelationImpl, ECCVMRecursiveFlavor) | |
| TEST_F (EccRelationsConsistency, RecursiveToNativeConsistency) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMSetRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_PERMUTATION_CLASS (ECCVMSetRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMTranscriptRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMWnafRelationImpl, ECCVMRecursiveFlavor) | |
| TEST_F (ECCVMRecursiveTests, SingleRecursiveVerification) | |
| TEST_F (ECCVMRecursiveTests, SingleRecursiveVerificationFailure) | |
| TEST_F (ECCVMRecursiveTests, SingleRecursiveVerificationFailureTamperedProof) | |
| TEST_F (ECCVMRecursiveTests, IndependentVKHash) | |
| TYPED_TEST_SUITE (RecursiveVeriferCommitmentKeyTest, Curves) | |
| TYPED_TEST (RecursiveVeriferCommitmentKeyTest, EqualityTest) | |
| template<typename InnerProver , typename InnerFlavor , typename ProofType > | |
| void | tamper_with_proof (InnerProver &inner_prover, ProofType &inner_proof, TamperType type) |
| Test method that provides several ways to tamper with a proof. TODO(https://github.com/AztecProtocol/barretenberg/issues/1298): Currently, several tests are failing due to challenges not being re-computed after tampering. We need to extend this tool to allow for more elaborate tampering. | |
| template<typename InnerProver , typename InnerFlavor , typename ProofType > | |
| void | tamper_with_proof (ProofType &inner_proof, bool end_of_proof) |
| Tamper with a proof by finding the first non-zero value and incrementing it by 1 and by modifying the last commitment. | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorDecompositionRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorDeltaRangeConstraintRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorOpcodeConstraintRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorAccumulatorTransferRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorZeroConstraintsRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorNonNativeFieldRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorPermutationRelationImpl, TranslatorRecursiveFlavor) | |
| TEST_F (TranslatorRecursiveTests, SingleRecursiveVerification) | |
| TEST_F (TranslatorRecursiveTests, IndependentVKHash) | |
| template<typename FF , size_t N> | |
| std::array< FF, N > | initialize_relation_separator (const FF &alpha) |
| void | check_child_tags (const uint256_t &tag_a, const uint256_t &tag_b) |
| Detect if two elements from the same transcript are performing a suspicious interaction. | |
| std::ostream & | operator<< (std::ostream &os, OriginTag const &v) |
| bb::fr | keccak_hash_uint256 (std::vector< uint256_t > const &data) |
Variables | |
| const char *const | BB_VERSION_PLACEHOLDER = "00000000.00000000.00000000" |
| constexpr size_t | MIN_LOG_NUM_POINTS = 16 |
| constexpr size_t | MAX_LOG_NUM_POINTS = 20 |
| constexpr size_t | MAX_NUM_POINTS = 1 << MAX_LOG_NUM_POINTS |
| constexpr size_t | SPARSE_NUM_NONZERO = 100 |
| constexpr size_t | MIN_LOG_NUM_GRUMPKIN_POINTS = 12 |
| constexpr size_t | MAX_LOG_NUM_GRUMPKIN_POINTS = 16 |
| constexpr size_t | MAX_NUM_GRUMPKIN_POINTS = 1 << MAX_LOG_NUM_GRUMPKIN_POINTS |
| constexpr size_t | COMMITMENT_TEST_NUM_BN254_POINTS = 4096 |
| constexpr size_t | COMMITMENT_TEST_NUM_GRUMPKIN_POINTS = 1 << CONST_ECCVM_LOG_N |
| constexpr size_t | COMMITMENT_TEST_NUM_POINTS = 32 |
| CommitmentKey< Curve > | ck |
| VerifierCommitmentKey< Curve > | vk |
| const size_t | DEFAULT_MIN_ITERS_PER_THREAD = 1 << 4 |
| constexpr uint32_t | PERMUTATION_ARGUMENT_VALUE_SEPARATOR = 1 << 28 |
| const size_t | INTERNAL_STATE_SIZE = 32 |
| Constant defining the number of elements in the VM's internal state. | |
| const size_t | SETTINGS_SIZE = sizeof(VMSettings) |
| const size_t | INSTRUCTION_HEADER_SIZE = 1 |
| Size of instruction header in bytes. | |
| const size_t | INDEX_SIZE = 1 |
| Size of index field in bytes. | |
| const size_t | SET_VALUE_SIZE |
| Size of SET_VALUE instruction. | |
| const size_t | ADD_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of ADD instruction. | |
| const size_t | ADD_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of ADD_ASSIGN instruction. | |
| const size_t | INCREMENT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of INCREMENT instruction. | |
| const size_t | MUL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of MUL instruction. | |
| const size_t | MUL_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of MUL_ASSIGN instruction. | |
| const size_t | SUB_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of SUB instruction. | |
| const size_t | SUB_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of SUB_ASSIGN instruction. | |
| const size_t | DIV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of DIV instruction. | |
| const size_t | DIV_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of DIV_ASSIGN instruction. | |
| const size_t | INV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of INV instruction. | |
| const size_t | NEG_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of NEG instruction. | |
| const size_t | SQR_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of SQR instruction. | |
| const size_t | SQR_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of SQR_ASSIGN instruction. | |
| const size_t | POW_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 + sizeof(uint64_t) |
| Size of POW instruction. | |
| const size_t | SQRT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of SQRT instruction. | |
| const size_t | IS_ZERO_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of IS_ZERO instruction. | |
| const size_t | EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of EQUAL instruction. | |
| const size_t | NOT_EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of NOT_EQUAL instruction. | |
| const size_t | TO_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of TO_MONTGOMERY instruction. | |
| const size_t | FROM_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of FROM_MONTGOMERY instruction. | |
| const size_t | REDUCE_ONCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of REDUCE_ONCE instruction. | |
| const size_t | SELF_REDUCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of SELF_REDUCE instruction. | |
| const size_t | BATCH_INVERT_SIZE |
| Size of BATCH_INVERT instruction. | |
| template<typename T > | |
| constexpr bool | is_field_type_v = is_field_type<T>::value |
| constexpr uint32_t | NUM_DATABUS_COMMITMENTS = 2 |
| constexpr uint32_t | PROPAGATED_DATABUS_COMMITMENT_SIZE = 8 |
| constexpr uint32_t | PROPAGATED_DATABUS_COMMITMENTS_SIZE = PROPAGATED_DATABUS_COMMITMENT_SIZE * NUM_DATABUS_COMMITMENTS |
| template<typename T > | |
| constexpr bool | is_iterable_v = is_iterable<T>::value |
| std::atomic< size_t > | unique_transcript_index { 0 } |
Entry point for Barretenberg command-line interface.
Defines particular circuit builder types expected to be used for circuit construction in stdlib and contains macros for explicit instantiation.
Note, this file contains the definitions. of field2 class. Declarations are in field2_declarations.hpp. Include ordering ensures linter/language server has knowledge of declarations when parsing definitions.
Provides interfaces for different PCS 'VerificationKey' classes.
Reduces multiple claims about commitments, each opened at a single point into a single claim for a single polynomial opened at a single point.
Protocol for opening several multi-linear polynomials at the same point.
Provides interfaces for different 'CommitmentKey' classes.
This function encapsulates the CLI parsing and command execution logic that would typically be in main.cpp, but as a standalone function. This design allows the CLI functionality to be tested by other modules without having to execute the program through its actual main() function.
The function sets up all available commands and options, parses the provided arguments, and executes the appropriate command based on the user's input. It handles all supported operations including circuit checking, proving, verification, and various utility functions.
| argc | The argument count |
| argv | The argument values array |
TODO(#218)(Mara): This class should handle any modification to the SRS (e.g compute pippenger point table) to simplify the codebase.
m = number of variables n = 2ᵐ u = (u₀,...,uₘ₋₁) f₀, …, fₖ₋₁ = multilinear polynomials, g₀, …, gₕ₋₁ = shifted multilinear polynomial, Each gⱼ is the left-shift of some f↺ᵢ, and gⱼ points to the same memory location as fᵢ. v₀, …, vₖ₋₁, v↺₀, …, v↺ₕ₋₁ = multilinear evalutions s.t. fⱼ(u) = vⱼ, and gⱼ(u) = f↺ⱼ(u) = v↺ⱼ
We use a challenge ρ to create a random linear combination of all fⱼ, and actually define A₀ = F + G↺, where F = ∑ⱼ ρʲ fⱼ G = ∑ⱼ ρᵏ⁺ʲ gⱼ, G↺ = is the shift of G where fⱼ is normal, and gⱼ is shifted. The evaluations are also batched, and v = ∑ ρʲ⋅vⱼ + ∑ ρᵏ⁺ʲ⋅v↺ⱼ = F(u) + G↺(u)
The prover then creates the folded polynomials A₀, ..., Aₘ₋₁, and opens them at different points, as univariates.
We open A₀ as univariate at r and -r. Since A₀ = F + G↺, but the verifier only has commitments to the gⱼs, we need to partially evaluate A₀ at both evaluation points. As univariate, we have A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X So we define
m = number of variables n = 2ᵐ u = (u₀,...,uₘ₋₁) f₀, …, fₖ₋₁ = multilinear polynomials, g₀, …, gₕ₋₁ = shifted multilinear polynomial, Each gⱼ is the left-shift of some f↺ᵢ, and gⱼ points to the same memory location as fᵢ. v₀, …, vₖ₋₁, v↺₀, …, v↺ₕ₋₁ = multilinear evalutions s.t. fⱼ(u) = vⱼ, and gⱼ(u) = f↺ⱼ(u) = v↺ⱼ
We use a challenge ρ to create a random linear combination of all fⱼ, and actually define A₀ = F + G↺, where F = ∑ⱼ ρʲ fⱼ G = ∑ⱼ ρᵏ⁺ʲ gⱼ, G↺ = is the shift of G where fⱼ is normal, and gⱼ is shifted. The evaluations are also batched, and v = ∑ ρʲ⋅vⱼ + ∑ ρᵏ⁺ʲ⋅v↺ⱼ = F(u) + G↺(u)
The prover then creates the folded polynomials A₀, ..., Aₘ₋₁, and opens them at different points, as univariates.
We open A₀ as univariate at r and -r. Since A₀ = F + G↺, but the verifier only has commitments to the gⱼs, we need to partially evaluate A₀ at both evaluation points. As univariate, we have A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X So we define
We use the following terminology:
The challenges are ρ (batching) and r (random evaluation).
There's a lot to talk about here. To bring threading to WASM, parallel_for was written to replace the OpenMP loops we had scattered throughout our code. It provides a clean abstraction for the work division strategy we use (we used OMP's"#pragma omp parallel for</tt> everywhere).
The first implementation was <tt>parallel_for_spawning</tt>. You can read a description of each implementation in the
relevant source file, but parallel_for_spawning is the simplest approach imaginable.
Once WASM was working, I checked its performance in native code by running it against the polynomials benchmarks.
In doing so, OMP outperformed it significantly (at least for FFT algorithms). This set me on a course to try
and understand why and to provide a suitable alternative. Ultimately I found solutions that compared to OMP with
"moody" and "atomic_pool" solutions, although they were not <em>quite</em> as fast as OMP. However interestingly, when it
comes to actual "real world" testing (with proof construction), rather than raw benchmarking, most of the solutions
performed about the same, with OMP <em>actually slightly worse</em>. So maybe all this effort was a bit redundant.
Remember to always do real world testing...
My theory as to why OMP performs so much better in benchmarks is because it runs the tests in a very tight loop,
and OMP seems well designed to handle this. It actually looks like OMP consumes more cpu time in htop, and this
maybe due to aggressive spin-locking and may explain why it performs well in these scenarios.
My theory as to why spawning seems to counter-intuitively perform so well, is that spawning a new thread may actually
be cheaper than waking a sleeping thread. Or joining is somehow very efficient. Or it's because there's very low
other overhead. Or libc++ STL does some magic. Ok, that's not much of a theory...
Ultimately though the takeaway is as follows:
- OMP maybe preferable when running benchmarks if you want to check for that kind of "optimal linear scaling".
Although, if we want to get rid of OMP altogether, "atomic_pool" is a simple solution that seems to compare.
- The simplest "spawning" is probably best used everywhere else, and frees us from needing OMP to build the lib.
UPDATE!: So although spawning is simple and fast, due to unstable pthreads in wasi-sdk that causes hangs when
joining threads, we use "atomic_pool" by default. We may just wish to revert to spawning once it stablises.
UPDATE!: Interestingly "atomic_pool" performs worse than "mutex_pool" for some e.g. proving key construction. Haven't done deeper analysis. Defaulting to mutex_pool.
This file is designed to be included in header files to instruct the compiler that these classes exist and their instantiation will eventually take place. Given it has no dependencies, it causes no additional compilation or propagation.
| using bb::ArrayOfValues = typedef HomogeneousTupleToArray<TupleOfValues<FF, LENGTHS> > |
Definition at line 59 of file nested_containers.hpp.
| using bb::BarycentricData = typedef std::conditional_t<is_field_type_v<Fr>, BarycentricDataCompileTime<Fr, domain_end, num_evals, domain_start>, BarycentricDataRunTime<Fr, domain_end, num_evals, domain_start> > |
Exposes BarycentricData with compile time arrays if the type is bberg::field and runtime arrays otherwise.
This method is also needed for stdlib field, for which the arrays are not compile time computable
| Fr | |
| domain_size | |
| num_evals |
Definition at line 268 of file barycentric.hpp.
| using bb::CommitmentSchemeParams = typedef ::testing::Types<curve::BN254> |
Definition at line 303 of file commitment_key.test.hpp.
| typedef curve::BN254 bb::Curve |
Definition at line 19 of file ipa.fuzzer.cpp.
| typedef testing::Types< stdlib::grumpkin< UltraCircuitBuilder >, stdlib::grumpkin< MegaCircuitBuilder > > bb::Curves |
Definition at line 93 of file sparse_commitment.test.cpp.
| using bb::CurveTypes = typedef ::testing::Types<curve::BN254, curve::Grumpkin> |
Definition at line 17 of file shplonk.test.cpp.
| using bb::CyclicPermutation = typedef std::vector<cycle_node> |
Definition at line 127 of file permutation_lib.hpp.
| using bb::DataBus = typedef std::array<BusVector, 3> |
The DataBus; facilitates storage of public circuit input/output.
The DataBus is designed to facilitate efficient transfer of large amounts of public data between circuits. It is expected that only a small subset of the data being passed needs to be used in any single circuit, thus we provide a read mechanism (implemented through a Builder) that results in prover work proportional to only the data that is used. (The prover must still commit to all data in each bus vector but we do not need to hash all data in-circuit as we would with public inputs).
Definition at line 76 of file databus.hpp.
| using bb::DatabusLookupRelation = typedef Relation<DatabusLookupRelationImpl<FF> > |
Definition at line 380 of file databus_lookup_relation.hpp.
| using bb::DeltaRangeConstraintRelation = typedef Relation<DeltaRangeConstraintRelationImpl<FF> > |
Definition at line 98 of file delta_range_constraint_relation.hpp.
| using bb::EccOpQueueRelation = typedef Relation<EccOpQueueRelationImpl<FF> > |
Definition at line 118 of file ecc_op_queue_relation.hpp.
| using bb::ECCVMBoolsRelation = typedef Relation<ECCVMBoolsRelationImpl<FF> > |
Definition at line 37 of file ecc_bools_relation.hpp.
| using bb::ECCVMLookupRelation = typedef Relation<ECCVMLookupRelationImpl<FF> > |
Definition at line 255 of file ecc_lookup_relation.hpp.
| using bb::ECCVMMSMRelation = typedef Relation<ECCVMMSMRelationImpl<FF> > |
Definition at line 57 of file ecc_msm_relation.hpp.
| using bb::EccvmOpsTable = typedef EccOpsTable<ECCVMOperation> |
A VM operation is represented as one row with 6 columns in the ECCVM version of the Op Queue. | OP | X | Y | z_1 | z_2 | mul_scalar_full |.
Definition at line 203 of file ecc_ops_table.hpp.
| using bb::ECCVMPointTableRelation = typedef Relation<ECCVMPointTableRelationImpl<FF> > |
Definition at line 37 of file ecc_point_table_relation.hpp.
| using bb::ECCVMSetRelation = typedef Relation<ECCVMSetRelationImpl<FF> > |
Definition at line 61 of file ecc_set_relation.hpp.
| using bb::ECCVMTranscriptRelation = typedef Relation<ECCVMTranscriptRelationImpl<FF> > |
Definition at line 62 of file ecc_transcript_relation.hpp.
| using bb::ECCVMWnafRelation = typedef Relation<ECCVMWnafRelationImpl<FF> > |
Definition at line 55 of file ecc_wnaf_relation.hpp.
| using bb::EllipticRelation = typedef Relation<EllipticRelationImpl<FF> > |
Definition at line 126 of file elliptic_relation.hpp.
| using bb::evaluation_domain = typedef EvaluationDomain<bb::fr> |
Definition at line 76 of file evaluation_domain.hpp.
| using bb::ExtractValueType = typedef ValueType |
Definition at line 42 of file nested_containers.hpp.
| using bb::FF = typedef typename Flavor::FF |
Definition at line 16 of file protogalaxy.bench.cpp.
| typedef MegaFlavor bb::Flavor |
Definition at line 15 of file protogalaxy.bench.cpp.
| using bb::fq = typedef field<Bn254FqParams> |
| using bb::fr = typedef field<Bn254FrParams> |
| using bb::GenericLookup = typedef GenericLookupRelationImpl<Settings, FF> |
Definition at line 477 of file generic_lookup_relation.hpp.
| using bb::GenericLookupRelation = typedef Relation<GenericLookupRelationImpl<Settings, FF> > |
Definition at line 475 of file generic_lookup_relation.hpp.
| using bb::GenericPermutation = typedef GenericPermutationRelationImpl<Settings, FF> |
Definition at line 227 of file generic_permutation_relation.hpp.
| using bb::GenericPermutationRelation = typedef Relation<GenericPermutationRelationImpl<Settings, FF> > |
Definition at line 225 of file generic_permutation_relation.hpp.
| using bb::GetParameterView = typedef std::conditional_t<IsField<typename Params::DataType>, typename Params::DataType, View> |
A type to optionally extract a view of a relation parameter in a relation.
In sumcheck, challenges in relations are always field elements, but in folding we need univariate challenges. This template inspecting the underlying type of a RelationParameters instance. When this type is a field type, do nothing, otherwise apply the provided view type.
| Params | |
| View |
Definition at line 28 of file relation_types.hpp.
| using bb::HomogeneousTupleToArray = typedef std::array<std::tuple_element_t<0, Tuple>, std::tuple_size_v<Tuple> > |
Definition at line 45 of file nested_containers.hpp.
| using bb::HonkProof = typedef std::vector<fr> |
| using bb::IpaCommitmentSchemeParams = typedef ::testing::Types<curve::Grumpkin> |
Definition at line 304 of file commitment_key.test.hpp.
| using bb::KeccakTranscript = typedef BaseTranscript<KeccakTranscriptParams> |
Definition at line 824 of file transcript.hpp.
| using bb::LogDerivLookupRelation = typedef Relation<LogDerivLookupRelationImpl<FF> > |
Definition at line 300 of file logderiv_lookup_relation.hpp.
| typedef MegaCircuitBuilder_< bb::fr > bb::MegaCircuitBuilder |
Definition at line 26 of file circuit_builders_fwd.hpp.
| using bb::MegaDeciderProver = typedef DeciderProver_<MegaFlavor> |
Definition at line 63 of file decider_prover.hpp.
| using bb::MegaDeciderVerifier = typedef DeciderVerifier_<MegaFlavor> |
Definition at line 59 of file decider_verifier.hpp.
| using bb::MegaOinkProver = typedef OinkProver<MegaFlavor> |
Definition at line 83 of file oink_prover.hpp.
| using bb::MegaProver = typedef UltraProver_<MegaFlavor> |
Definition at line 75 of file ultra_prover.hpp.
| using bb::MegaVerifier = typedef UltraVerifier_<MegaFlavor> |
Definition at line 63 of file ultra_verifier.hpp.
| using bb::MegaZKDeciderProver = typedef DeciderProver_<MegaZKFlavor> |
Definition at line 64 of file decider_prover.hpp.
| using bb::MegaZKDeciderVerifier = typedef DeciderVerifier_<MegaZKFlavor> |
Definition at line 60 of file decider_verifier.hpp.
| using bb::MegaZKProver = typedef UltraProver_<MegaZKFlavor> |
Definition at line 76 of file ultra_prover.hpp.
| using bb::MegaZKVerifier = typedef UltraVerifier_<MegaZKFlavor> |
Definition at line 64 of file ultra_verifier.hpp.
| using bb::MemoryRelation = typedef Relation<MemoryRelationImpl<FF> > |
Definition at line 277 of file memory_relation.hpp.
| using bb::NativeTranscript = typedef BaseTranscript<NativeTranscriptParams> |
Definition at line 755 of file transcript.hpp.
| using bb::NonNativeFieldRelation = typedef Relation<NonNativeFieldRelationImpl<FF> > |
Definition at line 151 of file non_native_field_relation.hpp.
| using bb::poly_triple = typedef poly_triple_<bb::fr> |
Definition at line 69 of file gate_data.hpp.
| using bb::Poseidon2ExternalRelation = typedef Relation<Poseidon2ExternalRelationImpl<FF> > |
Definition at line 128 of file poseidon2_external_relation.hpp.
| using bb::Poseidon2InternalRelation = typedef Relation<Poseidon2InternalRelationImpl<FF> > |
Definition at line 117 of file poseidon2_internal_relation.hpp.
| using bb::PublicInputsVector = typedef std::vector<fr> |
| using bb::SlabVector = typedef std::vector<T, bb::ContainerSlabAllocator<T> > |
A vector that uses the slab allocator.
Definition at line 82 of file slab_allocator.hpp.
| using bb::StdlibPublicInputsVector = typedef std::vector<bb::stdlib::field_t<Builder> > |
| using bb::TestFlavors = typedef ::testing::Types<BN254Settings, GrumpkinSettings> |
Definition at line 47 of file small_subgroup_ipa.test.cpp.
| using bb::TestSettings = typedef ::testing::Types<BN254Settings, GrumpkinSettings> |
Definition at line 42 of file shplemini.test.cpp.
| using bb::TranslatorAccumulatorTransferRelation = typedef Relation<TranslatorAccumulatorTransferRelationImpl<FF> > |
Definition at line 203 of file translator_extra_relations.hpp.
| using bb::TranslatorDecompositionRelation = typedef Relation<TranslatorDecompositionRelationImpl<FF> > |
Definition at line 105 of file translator_decomposition_relation.hpp.
| using bb::TranslatorDeltaRangeConstraintRelation = typedef Relation<TranslatorDeltaRangeConstraintRelationImpl<FF> > |
Definition at line 57 of file translator_delta_range_constraint_relation.hpp.
| using bb::TranslatorNonNativeFieldRelation = typedef Relation<TranslatorNonNativeFieldRelationImpl<FF> > |
Definition at line 101 of file translator_non_native_field_relation.hpp.
| using bb::TranslatorOpcodeConstraintRelation = typedef Relation<TranslatorOpcodeConstraintRelationImpl<FF> > |
Definition at line 200 of file translator_extra_relations.hpp.
| using bb::TranslatorPermutationRelation = typedef Relation<TranslatorPermutationRelationImpl<FF> > |
Definition at line 112 of file translator_permutation_relation.hpp.
| using bb::TranslatorZeroConstraintsRelation = typedef Relation<TranslatorZeroConstraintsRelationImpl<FF> > |
Definition at line 205 of file translator_extra_relations.hpp.
| using bb::TupleOfUnivariates = typedef typename TupleOfContainersOverArray<bb::Univariate, FF, LENGTHS, 0, 0>::type |
Definition at line 49 of file nested_containers.hpp.
| using bb::TupleOfUnivariatesWithOptimisticSkipping = typedef typename TupleOfContainersOverArray<bb::Univariate, FF, LENGTHS, 0, SKIP_COUNT>::type |
Definition at line 53 of file nested_containers.hpp.
| using bb::TupleOfValues = typedef typename TupleOfContainersOverArray<ExtractValueType, FF, LENGTHS>::type |
Definition at line 57 of file nested_containers.hpp.
| using bb::UltraArithmeticRelation = typedef Relation<UltraArithmeticRelationImpl<FF> > |
Definition at line 127 of file ultra_arithmetic_relation.hpp.
Definition at line 24 of file circuit_builders_fwd.hpp.
| using bb::UltraDeciderProver = typedef DeciderProver_<UltraFlavor> |
Definition at line 62 of file decider_prover.hpp.
| using bb::UltraDeciderVerifier = typedef DeciderVerifier_<UltraFlavor> |
Definition at line 58 of file decider_verifier.hpp.
| using bb::UltraKeccakProver = typedef UltraProver_<UltraKeccakFlavor> |
Definition at line 69 of file ultra_prover.hpp.
| using bb::UltraKeccakVerifier = typedef UltraVerifier_<UltraKeccakFlavor> |
Definition at line 59 of file ultra_verifier.hpp.
| using bb::UltraKeccakZKProver = typedef UltraProver_<UltraKeccakZKFlavor> |
Definition at line 74 of file ultra_prover.hpp.
| using bb::UltraPermutationRelation = typedef Relation<UltraPermutationRelationImpl<FF> > |
Definition at line 206 of file permutation_relation.hpp.
| using bb::UltraProver = typedef UltraProver_<UltraFlavor> |
Definition at line 67 of file ultra_prover.hpp.
| using bb::UltraRollupVerifier = typedef UltraVerifier_<UltraRollupFlavor> |
Definition at line 58 of file ultra_verifier.hpp.
| using bb::UltraVerifier = typedef UltraVerifier_<UltraFlavor> |
Definition at line 57 of file ultra_verifier.hpp.
| using bb::UltraZKProver = typedef UltraProver_<UltraZKFlavor> |
Definition at line 68 of file ultra_prover.hpp.
|
strong |
| Enumerator | |
|---|---|
| CALLDATA | |
| SECONDARY_CALLDATA | |
| RETURNDATA | |
Definition at line 77 of file databus.hpp.
|
strong |
| Enumerator | |
|---|---|
| STANDARD | |
| ULTRA | |
| UNDEFINED | |
Definition at line 12 of file circuit_type.hpp.
| enum bb::CurveType |
Specifies positions of elements in the tuple of entities received from methods in the Settings class.
Definition at line 28 of file generic_permutation_relation.hpp.
|
strong |
Enumeration of VM instructions that can be executed.
Each instruction corresponds to a specific field arithmetic operation. The VM parses these instructions from input data and executes them sequentially.
Definition at line 76 of file field.fuzzer.hpp.
| enum bb::MergeSettings |
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at the end (APPEND) of the EccOpQueue.
| Enumerator | |
|---|---|
| PREPEND | |
| APPEND | |
Definition at line 21 of file ecc_ops_table.hpp.
|
strong |
| Enumerator | |
|---|---|
| MODIFY_SUMCHECK_UNIVARIATE | |
| MODIFY_SUMCHECK_EVAL | |
| MODIFY_Z_PERM_COMMITMENT | |
| MODIFY_GEMINI_WITNESS | |
| END | |
Definition at line 14 of file tamper_proof.hpp.
Definition at line 450 of file polynomial.hpp.
| void bb::_bench_round | ( | ::benchmark::State & | state, |
| void(*)(ProtogalaxyProver_< Flavor > &) | F | ||
| ) |
Definition at line 14 of file protogalaxy_rounds.bench.cpp.
| SharedShiftedVirtualZeroesArray< Fr > bb::_clone | ( | const SharedShiftedVirtualZeroesArray< Fr > & | array, |
| size_t | right_expansion = 0, |
||
| size_t | left_expansion = 0 |
||
| ) |
Definition at line 31 of file polynomial.cpp.
| Fr_ bb::_evaluate_mle | ( | std::span< const Fr_ > | evaluation_points, |
| const SharedShiftedVirtualZeroesArray< Fr_ > & | coefficients, | ||
| bool | shift | ||
| ) |
Internal implementation to support both native and stdlib circuit field types.
Instantiation with circuit field type is always called with shift == false
Definition at line 461 of file polynomial.hpp.
| std::pair< ClientIVC::Proof, ClientIVC::VerificationKey > bb::accumulate_and_prove_ivc_with_precomputed_vks | ( | size_t | num_app_circuits, |
| auto & | precomputed_vks, | ||
| const bool | large_first_app = true |
||
| ) |
Perform a specified number of circuit accumulation rounds.
| NUM_CIRCUITS | Number of circuits to accumulate (apps + kernels) |
Definition at line 38 of file test_bench_shared.hpp.
| void bb::accumulate_logderivative_lookup_subrelation_contributions | ( | ContainerOverSubrelations & | accumulator, |
| const AllEntities & | in, | ||
| const Parameters & | params, | ||
| const FF & | scaling_factor | ||
| ) |
Compute generic log-derivative lookup subrelation accumulation.
The generic log-derivative lookup relation consistes of two subrelations. The first demonstrates that the inverse polynomial I, defined via I_i = 1/[(read_term_i) * (write_term_i)], has been computed correctly. The second establishes the correctness of the lookups themselves based on the log-derivative lookup argument. Note that the latter subrelation is "linearly dependent" in the sense that it establishes that a sum across all rows of the exectution trace is zero, rather than that some expression holds independently at each row. Accordingly, this subrelation is not multiplied by a scaling factor at each accumulation step. The subrelation expressions are respectively:
I_i * (read_term_i) * (write_term_i) - 1 = 0
\sum_{i=0}^{n-1} [q_{logderiv_lookup} * I_i * write_term_i + read_count_i * I_i * read_term_i] = 0
The explicit expressions for read_term and write_term are dependent upon the particular structure of the lookup being performed and methods for computing them must be defined in the corresponding relation class.
| FF | |
| Relation | |
| ContainerOverSubrelations | |
| AllEntities | |
| Parameters |
| accumulator | |
| in | |
| params | |
| scaling_factor |
Definition at line 119 of file logderivative_library.hpp.
| void bb::accumulate_logderivative_permutation_subrelation_contributions | ( | ContainerOverSubrelations & | accumulator, |
| const AllEntities & | in, | ||
| const Parameters & | params, | ||
| const FF & | scaling_factor | ||
| ) |
Compute generic log-derivative set permutation subrelation accumulation.
The generic log-derivative lookup relation consistes of two subrelations. The first demonstrates that the inverse polynomial I, defined via I = 1/[(read_term) * (write_term)], has been computed correctly. The second establishes the correctness of the permutation itself based on the log-derivative argument. Note that the latter subrelation is "linearly dependent" in the sense that it establishes that a sum across all rows of the execution trace is zero, rather than that some expression holds independently at each row. Accordingly, this subrelation is not multiplied by a scaling factor at each accumulation step. The subrelation expressions are respectively:
I * (read_term) * (write_term) - q_{permutation_enabler} = 0
\sum_{i=0}^{n-1} [q_{write_enabler} * I * write_term + q_{read_enabler} * I * read_term] = 0
The explicit expressions for read_term and write_term are dependent upon the particular structure of the permutation being performed and methods for computing them must be defined in the corresponding relation class. The entities which are used to determine the use of permutation (is it enabled, is the first "read" set enabled, is the second "write" set enabled) must be defined in the relation class.
| FF | |
| Relation | |
| ContainerOverSubrelations | |
| AllEntities | |
| Parameters |
| accumulator | |
| in | |
| params | |
| scaling_factor |
Definition at line 215 of file logderivative_library.hpp.
| std::vector< uint32_t > bb::add_variables | ( | UltraCircuitBuilder & | builder, |
| std::vector< fr > | variables | ||
| ) |
Definition at line 314 of file ultra_circuit_builder.test.cpp.
| std::array< T, N > bb::array_to_array | ( | const std::array< U, N > & | elements | ) |
Given an std::array<U,N>, returns an std::array<T,N>, by calling the (explicit) constructor T(U).
https://stackoverflow.com/a/32175958 The main use case is to convert an array of Univariate into UnivariateView. The main use case would be to let Sumcheck decide the required degree of the relation evaluation, rather than hardcoding it inside the relation. The _aux version could also be used to create an array of only the polynomials required by the relation, and it could help us implement the optimization where we extend each edge only up to the maximum degree that is required over all relations (for example, L_LAST only needs degree 3).
| T | Output type |
| U | Input type (deduced from elements) |
| N | Common array size (deduced from elements) |
| elements | array to be converted |
Definition at line 839 of file univariate.hpp.
| std::array< T, sizeof...(Is)> bb::array_to_array_aux | ( | const std::array< U, N > & | elements, |
| std::index_sequence< Is... > | |||
| ) |
Create a sub-array of elements at the indices given in the template pack Is, converting them to the new type T.
| T | type to convert to |
| U | type to convert from |
| N | number (deduced by elements) |
| Is | list of indices we want in the returned array. When the second argument is called with std::make_index_sequence<N>, these will be 0, 1, ..., N-1. |
| elements | array to convert from |
std::make_index_sequence<N>. Definition at line 817 of file univariate.hpp.
| void bb::avm_check_circuit | ( | const std::filesystem::path & | inputs_path | ) |
Definition at line 50 of file api_avm.cpp.
| void bb::avm_prove | ( | const std::filesystem::path & | inputs_path, |
| const std::filesystem::path & | output_path | ||
| ) |
Writes an avm proof and corresponding (incomplete) verification key to files.
Communication:
| inputs_path | Path to the file containing the serialised avm public inputs and hints |
| output_path | Path (directory) to write the output proof and verification keys |
Definition at line 27 of file api_avm.cpp.
| bool bb::avm_verify | ( | const std::filesystem::path & | proof_path, |
| const std::filesystem::path & | public_inputs_path, | ||
| const std::filesystem::path & | vk_path | ||
| ) |
Verifies an avm proof and writes the result to stdout.
Communication:
| proof_path | Path to the file containing the serialized proof |
| vk_path | Path to the file containing the serialized verification key |
Definition at line 62 of file api_avm.cpp.
| void bb::bench_commit_mock_z_perm | ( | ::benchmark::State & | state | ) |
Definition at line 231 of file commit.bench.cpp.
| void bb::bench_commit_mock_z_perm_preprocessed | ( | ::benchmark::State & | state | ) |
Definition at line 244 of file commit.bench.cpp.
| void bb::bench_commit_random | ( | ::benchmark::State & | state | ) |
Definition at line 178 of file commit.bench.cpp.
| void bb::bench_commit_random_non_power_of_2 | ( | ::benchmark::State & | state | ) |
Definition at line 192 of file commit.bench.cpp.
| void bb::bench_commit_sparse | ( | ::benchmark::State & | state | ) |
Definition at line 108 of file commit.bench.cpp.
| void bb::bench_commit_sparse_preprocessed | ( | ::benchmark::State & | state | ) |
Definition at line 127 of file commit.bench.cpp.
| void bb::bench_commit_sparse_random | ( | ::benchmark::State & | state | ) |
Definition at line 146 of file commit.bench.cpp.
| void bb::bench_commit_sparse_random_preprocessed | ( | ::benchmark::State & | state | ) |
Definition at line 162 of file commit.bench.cpp.
| void bb::bench_commit_structured_random_poly | ( | ::benchmark::State & | state | ) |
Definition at line 205 of file commit.bench.cpp.
| void bb::bench_commit_structured_random_poly_preprocessed | ( | ::benchmark::State & | state | ) |
Definition at line 218 of file commit.bench.cpp.
| void bb::bench_commit_zero | ( | ::benchmark::State & | state | ) |
Definition at line 96 of file commit.bench.cpp.
| void bb::bench_pippenger_without_endomorphism_basis_points | ( | ::benchmark::State & | state | ) |
Benchmark pippenger_without_endomorphism_basis_points function, which is used notably in the IPA verifier.
| Curve |
| state |
Definition at line 266 of file commit.bench.cpp.
| void bb::bench_round_mega | ( | ::benchmark::State & | state, |
| void(*)(ProtogalaxyProver_< MegaFlavor > &) | F | ||
| ) |
Definition at line 56 of file protogalaxy_rounds.bench.cpp.
| bb::BENCHMARK | ( | bench_commit_mock_z_perm< curve::BN254 > | ) | -> Unit(benchmark::kMillisecond) |
| bb::BENCHMARK | ( | bench_commit_mock_z_perm_preprocessed< curve::BN254 > | ) | -> Unit(benchmark::kMillisecond) |
| bb::BENCHMARK | ( | bench_commit_structured_random_poly< curve::BN254 > | ) | -> Unit(benchmark::kMillisecond) |
| bb::BENCHMARK | ( | bench_commit_structured_random_poly_preprocessed< curve::BN254 > | ) | -> Unit(benchmark::kMillisecond) |
| bb::BENCHMARK | ( | compute_row_evaluations | ) | -> DenseRange(15, 21) ->Unit(kMillisecond) |
| bb::BENCHMARK | ( | fold_k | ) | -> DenseRange(14, 20) ->Unit(kMillisecond) |
| bb::BENCHMARK | ( | vector_of_evaluations | ) | -> DenseRange(15, 21) ->Unit(kMillisecond) ->Iterations(1) |
| bb::BENCHMARK_CAPTURE | ( | bench_round_mega | , |
| combiner_quotient | , | ||
| [] (auto &prover) { prover.combiner_quotient_round(prover.accumulator->gate_challenges, prover.deltas, prover.keys_to_fold);} | |||
| ) | -> DenseRange(14, 20) -> Unit(kMillisecond) |
| bb::BENCHMARK_CAPTURE | ( | bench_round_mega | , |
| fold | , | ||
| [] (auto &prover) { prover.update_target_sum_and_fold(prover.keys_to_fold, prover.combiner_quotient, prover.alphas, prover.relation_parameters, prover.perturbator_evaluation);} | |||
| ) | -> DenseRange(14, 20) -> Unit(kMillisecond) |
| bb::BENCHMARK_CAPTURE | ( | bench_round_mega | , |
| oink | , | ||
| [] (auto &prover) { prover.run_oink_prover_on_each_incomplete_key();} | |||
| ) | -> DenseRange(14, 20) -> Unit(kMillisecond) |
| bb::BENCHMARK_CAPTURE | ( | bench_round_mega | , |
| perturbator | , | ||
| [] (auto &prover) { prover.perturbator_round(prover.accumulator);} | |||
| ) | -> DenseRange(14, 20) -> Unit(kMillisecond) |
| size_t bb::calculate_num_threads | ( | size_t | num_iterations, |
| size_t | min_iterations_per_thread | ||
| ) |
calculates number of threads to create based on minimum iterations per thread
Finds the number of cpus with get_num_cpus(), and calculates desired_num_threads Returns the min of desired_num_threads and max_num_threads. Note that it will not calculate a power of 2 necessarily, use calculate_num_threads_pow2 instead
| num_iterations | |
| min_iterations_per_thread |
Finds the number of cpus with get_num_cpus(), and calculates desired_num_threads Returns the min of desired_num_threads and max_num_theads. Note that it will not calculate a power of 2 necessarily, use calculate_num_threads_pow2 instead
| num_iterations | |
| min_iterations_per_thread |
Definition at line 199 of file thread.cpp.
| size_t bb::calculate_num_threads_pow2 | ( | size_t | num_iterations, |
| size_t | min_iterations_per_thread | ||
| ) |
calculates number of threads to create based on minimum iterations per thread, guaranteed power of 2
Same functionality as calculate_num_threads but guaranteed power of 2
| num_iterations | |
| min_iterations_per_thread |
Definition at line 215 of file thread.cpp.
| MultithreadData bb::calculate_thread_data | ( | size_t | num_iterations, |
| size_t | min_iterations_per_thread = DEFAULT_MIN_ITERS_PER_THREAD |
||
| ) |
Calculates number of threads and index bounds for each thread.
Finds the number of cpus with calculate_num_threads() then divides domain evenly amongst threads
| num_iterations | |
| min_iterations_per_thread |
Definition at line 173 of file thread.cpp.
Detect if two elements from the same transcript are performing a suspicious interaction.
For now this detects that 2 elements from 2 different round can't mingle without a challenge in between
| tag_a | |
| tag_b |
Definition at line 23 of file origin_tag.cpp.
|
inline |
Definition at line 63 of file precomputed_generators.hpp.
|
protected |
Definition at line 8 of file private_execution_steps.cpp.
| consteval std::array< size_t, NUM_SUBRELATIONS > bb::compute_composed_subrelation_partial_lengths | ( | std::array< size_t, NUM_SUBRELATIONS > | SUBRELATION_PARTIAL_LENGTHS | ) |
Get the subrelation accumulators for the Protogalaxy combiner calculation.
A subrelation of degree D, when evaluated on polynomials of degree N, gives a polynomial of degree D
| NUM_KEYS | |
| NUM_SUBRELATIONS |
| SUBRELATION_PARTIAL_LENGTHS | The array of subrelation lengths supplied by a relation. |
Definition at line 86 of file relation_types.hpp.
| std::vector< typename Curve::ScalarField > bb::compute_eccvm_challenge_coeffs | ( | const typename Curve::ScalarField & | evaluation_challenge_x, |
| const typename Curve::ScalarField & | batching_challenge_v | ||
| ) |
Denote \( M = \text{NUM_DISABLED_ROWS_IN_SUMCHECK} \) and \( N = NUM_SMALL_IPA_EVALUTIONS\). Given an evaluation challenge \( x \) and a batching challenge \(v\), compute the polynomial whose coefficients are given by the vector \( (1, x , x^2 , \ldots, x^{M - 1 }, v\cdot x, \ldots, v^{N-1} \cdot x^{M-2}, v^{N-1}, \cdot x^{M-1}, 0, \ldots, 0)\) in the Lagrange basis over the Small Subgroup.
| FF |
| evaluation_challenge_x | |
| batching_challenge_v | |
| subgroup_size |
Definition at line 486 of file small_subgroup_ipa.hpp.
|
inline |
The verification of Grand Sum Identity requires the evaluations G(r), A(g * r), A(r), Q(r). Shared by Prover and Verifier.
Definition at line 33 of file small_subgroup_ipa_utils.hpp.
| void bb::compute_grand_product | ( | typename Flavor::ProverPolynomials & | full_polynomials, |
| bb::RelationParameters< typename Flavor::FF > & | relation_parameters, | ||
| size_t | size_override = 0, |
||
| const ActiveRegionData & | active_region_data = ActiveRegionData{} |
||
| ) |
Compute a permutation grand product polynomial Z_perm(X)
Z_perm may be defined in terms of its values on X_i = 0,1,...,n-1 as Z_perm[0] = 1 and for i = 1:n-1 relation::numerator(j) Z_perm[i] = ∏ -----------------------------------------------------------------------------— relation::denominator(j)
where ∏ := ∏_{j=0:i-1}
The specific algebraic relation used by Z_perm is defined by Flavor::GrandProductRelations
For example, in Flavor::Standard the relation describes:
(w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ)
Z_perm[i] = ∏ -----------------------------------------------------------------------------— (w_1(j) + β⋅σ_1(j) + γ) ⋅ (w_2(j) + β⋅σ_2(j) + γ) ⋅ (w_3(j) + β⋅σ_3(j) + γ) where ∏ := ∏_{j=0:i-1} and id_i(X) = id(X) + n*(i-1)
For Flavor::Ultra both the UltraPermutation and Lookup grand products are computed by this method.
The grand product is constructed over the course of three steps.
For expositional simplicity, write Z_perm[i] as
A(j)
Z_perm[i] = ∏ -----------------------— B(h)
Step 1) Compute 2 length-n polynomials A, B Step 2) Compute 2 length-n polynomials numerator = ∏ A(j), nenominator = ∏ B(j) Step 3) Compute Z_perm[i + 1] = numerator[i] / denominator[i] (recall: Z_perm[0] = 1)
Note: Step (3) utilizes Montgomery batch inversion to replace n-many inversions with
| Flavor | |
| GrandProdRelation |
| full_polynomials | |
| relation_parameters | |
| size_override | optional size of the domain; otherwise based on dyadic polynomial domain |
| active_region_data | optional specification of active region of execution trace |
Definition at line 72 of file grand_product_library.hpp.
| void bb::compute_grand_products | ( | typename Flavor::ProverPolynomials & | full_polynomials, |
| bb::RelationParameters< typename Flavor::FF > & | relation_parameters, | ||
| const size_t | size_override = 0 |
||
| ) |
Compute the grand product corresponding to each grand-product relation defined in the Flavor.
Definition at line 231 of file grand_product_library.hpp.
| void bb::compute_logderivative_inverse | ( | Polynomials & | polynomials, |
| auto & | relation_parameters, | ||
| const size_t | circuit_size | ||
| ) |
Compute the inverse polynomial I(X) required for logderivative lookups
where ∏ := ∏_{j=0:relation::NUM_READ_TERMS-1} and ∏' := ∏'_{j=0:relation::NUM_WRITE_TERMS-1}
If row [i] does not contain a lookup read gate or a write gate, Inverse[i] = 0 N.B. by "write gate" we mean; do the lookup table polynomials contain nonzero values at this row? (in the ECCVM, the lookup table is not precomputed, so we have a concept of a "write gate", unlike when precomputed lookup tables are used)
The specific algebraic relations that define read terms and write terms are defined in Flavor::LookupRelation
Note: tparam UseMultithreading exists because the AVM calls this fn in a multithreaded loop (no nested multithreading allowed) but the ECCVM benefits from multithreading this fn
Definition at line 40 of file logderivative_library.hpp.
|
constexpr |
Utility function to find max PARTIAL_RELATION_LENGTH tuples of Relations.
The "partial length" of a relation is 1 + the degree of the relation, where any challenges used in the relation are as constants, not as variables..
Definition at line 359 of file flavor.hpp.
|
constexpr |
Utility function to find max TOTAL_RELATION_LENGTH among tuples of Relations.
The "total length" of a relation is 1 + the degree of the relation, where any challenges used in the relation are regarded as variables.
Definition at line 372 of file flavor.hpp.
|
constexpr |
Utility function to find the number of subrelations.
Definition at line 383 of file flavor.hpp.
| void bb::compute_permutation_argument_polynomials | ( | const typename Flavor::CircuitBuilder & | circuit, |
| typename Flavor::ProverPolynomials & | polynomials, | ||
| const std::vector< CyclicPermutation > & | copy_cycles, | ||
| ActiveRegionData & | active_region_data | ||
| ) |
Compute Honk style generalized permutation sigmas and ids and add to proving_key.
| circuit | |
| proving_key | |
| copy_cycles | pre-computed sets of wire addresses whose values should be copy constrained |
Definition at line 287 of file permutation_lib.hpp.
| Flavor::FF bb::compute_public_input_delta | ( | std::span< const typename Flavor::FF > | public_inputs, |
| const typename Flavor::FF & | beta, | ||
| const typename Flavor::FF & | gamma, | ||
| const typename Flavor::FF & | offset = 0 |
||
| ) |
Compute the correction term for the permutation argument.
| Field |
| public_inputs | x₀, ..., xₘ₋₁ public inputs to the circuit |
| beta | random linear-combination term to combine both (wʲ, IDʲ) and (wʲ, σʲ) |
| gamma | Schwartz-Zippel random evaluation to ensure ∏ᵢ (γ + Sᵢ) = ∏ᵢ (γ + Tᵢ) |
| domain_size | Total number of rows required for the circuit (power of 2) |
| offset | Extent to which PI are offset from the 0th index in the wire polynomials, for example, due to inclusion of a leading zero row or Goblin style ECC op gates at the top of the execution trace. |
Definition at line 26 of file grand_product_delta.hpp.
|
noexcept |
Definition at line 28 of file protogalaxy.bench.cpp.
| consteval std::array< size_t, RelationImpl::SUBRELATION_PARTIAL_LENGTHS.size()> bb::compute_total_subrelation_lengths | ( | ) |
Compute the total subrelation lengths, i.e., the lengths when regarding the challenges as variables.
Definition at line 60 of file relation_types.hpp.
| std::tuple< FF, std::vector< FF > > bb::compute_vanishing_polynomial_and_lagrange_evaluations | ( | const FF & | combiner_challenge | ) |
Definition at line 38 of file protogalaxy_verifier.cpp.
|
constexpr |
Concatenates multiple RefArray objects into a single RefArray.
This function takes multiple RefArray objects as input and concatenates them into a single RefArray.
| T | The type of elements in the RefArray. |
| Ns | The sizes of the input RefArrays. |
| ref_arrays | The RefArray objects to be concatenated. |
Definition at line 158 of file ref_array.hpp.
| RefVector< T > bb::concatenate | ( | const RefVector< T > & | ref_vector, |
| const auto &... | ref_vectors | ||
| ) |
Concatenates multiple RefVector objects into a single RefVector.
This function takes multiple RefVector objects as input and concatenates them into a single RefVector.
| T | The type of elements in the RefVector. |
| ref_vectors | The RefVector objects to be concatenated. |
Definition at line 136 of file ref_vector.hpp.
| std::array< T,(Ns+...)> bb::concatenate | ( | const std::array< T, Ns > &... | arrays | ) |
Concatenates multiple std::array objects into a single array.
This function template takes a variadic number of std::array objects and concatenates their elements into a single std::array. The size of the resulting array is the sum of the sizes of the input arrays.
| T | The type of elements stored in the arrays. |
| Ns | The sizes of the input arrays. This is a variadic template parameter pack representing the sizes of each input array. |
| arrays | Variadic number of std::array objects to concatenate. Each array can have a different size but must contain the same type of elements. |
Example usage: std::array<int, 2> a = {1, 2}; std::array<int, 3> b = {3, 4, 5}; auto result = concatenate(a, b); // result is std::array<int, 5>{1, 2, 3, 4, 5}
Definition at line 26 of file std_array.hpp.
| std::vector< T > bb::concatenate | ( | const std::vector< T > & | vector, |
| const auto &... | vectors | ||
| ) |
Concatenates multiple std::vector objects into a single std::vector.
| T | The type of elements in the std::vector. |
| vectors | The std::vector objects to be concatenated. |
Definition at line 12 of file std_vector.hpp.
|
constexpr |
Implements a loop using a compile-time iterator. Requires c++20. Implementation (and description) from https://artificial-mind.net/blog/2020/10/31/constexpr-for.
| Start | the loop start value |
| End | the loop end value |
| Inc | how much the iterator increases by per iteration |
| F | a Lambda function that is executed once per loop |
| f | An rvalue reference to the lambda |
Implements a for loop where the iterator is a constexpr variable. Use this when you need to evaluate if constexpr statements on the iterator (or apply other constexpr expressions) Outside of this use-case avoid using this fn as it gives negligible performance increases vs regular loops.
N.B. A side-effect of this method is that all loops will be unrolled (each loop iteration uses different iterator template parameters => unique constexpr_for implementation per iteration) Do not use this for large (~100+) loops!
EXAMPLE USE OF constexpr_for
constexpr_for<0, 10, 1>([&]<size_t i>(){ if constexpr (i & 1 == 0) { foo[i] = even_container[i >> 1]; } else { foo[i] = odd_container[i >> 1]; } });
In the above example we are iterating from i = 0 to i < 10. The provided lambda function has captured everything in its surrounding scope (via [&]), which is where foo, even_container and odd_container have come from.
We do not need to explicitly define the class F parameter as the compiler derives it from our provided input argument F&& f (i.e. the lambda function)
In the loop itself we're evaluating a constexpr if statement that defines which code path is taken.
The above example benefits from constexpr_for because a run-time if statement has been reduced to a compile-time if statement. N.B. this would only give measurable improvements if the constexpr_for statement is itself in a hot loop that's iterated over many (>thousands) times
Definition at line 71 of file constexpr_utils.hpp.
| void bb::construct_lookup_read_counts | ( | typename Flavor::Polynomial & | read_counts, |
| typename Flavor::Polynomial & | read_tags, | ||
| typename Flavor::CircuitBuilder & | circuit, | ||
| const size_t | dyadic_circuit_size | ||
| ) |
Construct polynomial whose value at index i is the number of times the table entry at that index has been read.
Read counts are needed for the log derivative lookup argument. The table polynomials are constructed as a concatenation of basic 3-column tables. Similarly, the read counts polynomial is constructed as the concatenation of read counts for the individual tables.
Definition at line 56 of file composer_lib.hpp.
| void bb::construct_lookup_table_polynomials | ( | const RefArray< typename Flavor::Polynomial, 4 > & | table_polynomials, |
| const typename Flavor::CircuitBuilder & | circuit, | ||
| const size_t | dyadic_circuit_size, | ||
| const size_t | additional_offset = 0 |
||
| ) |
Definition at line 18 of file composer_lib.hpp.
| CommitmentKey< Curve > bb::create_commitment_key | ( | const size_t | num_points | ) |
Definition at line 16 of file commit.bench.cpp.
|
inline |
Definition at line 100 of file commitment_key.test.hpp.
|
inline |
Definition at line 78 of file commitment_key.test.hpp.
|
inline |
Definition at line 78 of file commitment_key.test.hpp.
|
constexpr |
Utility function to construct a container for the subrelation accumulators of Protogalaxy folding.
The size of the outer tuple is equal to the number of relations. Each relation contributes an inner tuple of univariates whose size is equal to the number of subrelations of the relation. The length of a univariate in an inner tuple is determined by the corresponding subrelation length and the number of keys to be folded.
| optimized | Enable optimized version with skipping some of the computation |
Definition at line 400 of file flavor.hpp.
|
constexpr |
Utility function to construct a container for the subrelation accumulators of sumcheck proving.
The size of the outer tuple is equal to the number of relations. Each relation contributes an inner tuple of univariates whose size is equal to the number of subrelations of the relation. The length of a univariate in an inner tuple is determined by the corresponding subrelation length.
Definition at line 422 of file flavor.hpp.
|
constexpr |
Construct tuple of arrays.
Container for storing value of each identity in each relation. Each Relation contributes an array of length num-identities.
Definition at line 436 of file flavor.hpp.
|
inline |
Definition at line 120 of file commitment_key.test.hpp.
|
inline |
Definition at line 106 of file commitment_key.test.hpp.
|
inline |
Definition at line 106 of file commitment_key.test.hpp.
| std::vector< uint8_t > bb::decompress | ( | const void * | bytes, |
| size_t | size | ||
| ) |
Definition at line 29 of file private_execution_steps.cpp.
| bb::DEFINE_SUMCHECK_PERMUTATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMBoolsRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMLookupRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMMSMRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMPointTableRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMTranscriptRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMWnafRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorAccumulatorTransferRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorDeltaRangeConstraintRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorNonNativeFieldRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorOpcodeConstraintRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorPermutationRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorZeroConstraintsRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_PERMUTATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMBoolsRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMLookupRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMMSMRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMPointTableRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMTranscriptRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMWnafRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorAccumulatorTransferRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorDecompositionRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorDeltaRangeConstraintRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorNonNativeFieldRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorOpcodeConstraintRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorPermutationRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorZeroConstraintsRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DenseRange | ( | MIN_LOG_NUM_GRUMPKIN_POINTS | , |
| MAX_LOG_NUM_GRUMPKIN_POINTS | |||
| ) | -> Unit(benchmark::kMillisecond) |
| bb::DenseRange | ( | MIN_LOG_NUM_POINTS | , |
| MAX_LOG_NUM_POINTS | |||
| ) | -> Unit(benchmark::kMillisecond) |
|
inline |
Definition at line 10 of file exec_pipe.hpp.
|
inline |
Execute msgpack run command.
This function handles the msgpack run subcommand, reading commands from either stdin or a specified file and processing them through the msgpack API.
| msgpack_input_file | Path to input file (empty string means use stdin) |
Definition at line 105 of file api_msgpack.hpp.
|
inline |
Definition at line 90 of file file_io.hpp.
| InnerCont bb::flatten | ( | Cont< InnerCont, Args... > const & | in | ) |
Definition at line 47 of file container.hpp.
|
inline |
Definition at line 66 of file flavor_concepts.hpp.
|
noexcept |
Definition at line 48 of file protogalaxy.bench.cpp.
|
private |
Definition at line 228 of file slab_allocator.cpp.
| void bb::gate_count_for_ivc | ( | const std::string & | bytecode_path, |
| bool | include_gates_per_opcode | ||
| ) |
Definition at line 227 of file api_client_ivc.cpp.
| void bb::generate_sha256_test_circuit | ( | Builder & | builder, |
| size_t | num_iterations | ||
| ) |
Definition at line 27 of file mock_circuits.hpp.
| Fr_ bb::generic_evaluate_mle | ( | std::span< const Fr_ > | evaluation_points, |
| const SharedShiftedVirtualZeroesArray< Fr_ > & | coefficients | ||
| ) |
Static exposed implementation to support both native and stdlib circuit field types.
Definition at line 532 of file polynomial.hpp.
| std::vector< g1::affine_element > bb::get_bn254_g1_data | ( | const std::filesystem::path & | path, |
| size_t | num_points, | ||
| bool | allow_download | ||
| ) |
Definition at line 35 of file get_bn254_crs.cpp.
| g2::affine_element bb::get_bn254_g2_data | ( | const std::filesystem::path & | path, |
| bool | allow_download | ||
| ) |
Definition at line 76 of file get_bn254_crs.cpp.
| acir_format::AcirFormat bb::get_constraint_system | ( | std::string const & | bytecode_path | ) |
Definition at line 14 of file acir_format_getters.cpp.
| std::vector< acir_format::AcirFormat > bb::get_constraint_systems | ( | std::string const & | bytecode_path | ) |
Definition at line 26 of file acir_format_getters.cpp.
|
inline |
Shared by Prover and Verifier. label_prefix is either Libra: or Translation:.
Definition at line 20 of file small_subgroup_ipa_utils.hpp.
|
inline |
Definition at line 17 of file file_io.hpp.
| std::vector< curve::Grumpkin::AffineElement > bb::get_grumpkin_g1_data | ( | const std::filesystem::path & | path, |
| size_t | num_points, | ||
| bool | allow_download | ||
| ) |
Definition at line 27 of file get_grumpkin_crs.cpp.
|
private |
Returns a slab from the preallocated pool of slabs, or fallback to a new heap allocation (32 byte aligned). Ref counted result so no need to manually free.
Definition at line 213 of file slab_allocator.cpp.
|
private |
Sometimes you want a raw pointer to a slab so you can manage when it's released manually (e.g. c_binds, containers). This still gets a slab with a shared_ptr, but holds the shared_ptr internally until free_mem_slab_raw is called.
Definition at line 218 of file slab_allocator.cpp.
|
inline |
Definition at line 12 of file thread.hpp.
|
inline |
Definition at line 18 of file thread.hpp.
|
constexpr |
Definition at line 51 of file precomputed_generators.hpp.
| Flavor::ProverPolynomials bb::get_sequential_prover_polynomials | ( | const size_t | log_circuit_size, |
| const size_t | starting_value | ||
| ) |
Get a ProverPolynomials instance initialized to sequential values starting at 0.
Values are assigned according to the order specified in the underlying array of the flavor class. The function returns an array of data pointed to by the ProverPolynomials.
Definition at line 17 of file testing.hpp.
| auto bb::get_unshifted_then_shifted | ( | const auto & | all_entities | ) |
Definition at line 349 of file flavor.hpp.
| acir_format::WitnessVector bb::get_witness | ( | std::string const & | witness_path | ) |
Definition at line 8 of file acir_format_getters.cpp.
| acir_format::WitnessVectorStack bb::get_witness_stack | ( | std::string const & | witness_path | ) |
Definition at line 20 of file acir_format_getters.cpp.
| Flavor::ProverPolynomials bb::get_zero_prover_polynomials | ( | const size_t | log_circuit_size | ) |
Definition at line 35 of file testing.hpp.
| int64_t bb::index_of | ( | std::vector< T > const & | vec, |
| T const & | item | ||
| ) |
Definition at line 58 of file container.hpp.
|
private |
Allocates a bunch of memory slabs sized to serve an UltraPLONK proof construction. If you want normal memory allocator behavior, just don't call this init function.
WARNING: If client code is still holding onto slabs from previous use, when those slabs are released they'll end up back in the allocator. That's probably not desired as presumably those slabs are now too small, so they're effectively leaked. But good client code should be releasing it's resources promptly anyway. It's not considered "proper use" to call init, take slab, and call init again, before releasing the slab.
TODO: Take a composer type and allocate slabs according to those requirements? TODO: De-globalise. Init the allocator and pass around. Use a PolynomialFactory (PolynomialStore?). TODO: Consider removing, but once due-dilligence has been done that we no longer have memory limitations.
Definition at line 208 of file slab_allocator.cpp.
| std::array< FF, N > bb::initialize_relation_separator | ( | const FF & | alpha | ) |
Definition at line 925 of file sumcheck.hpp.
| C bb::join | ( | std::initializer_list< C > | to_join | ) |
Definition at line 26 of file container.hpp.
|
inline |
Definition at line 35 of file container.hpp.
Definition at line 762 of file transcript.hpp.
| std::string bb::msgpack_to_json | ( | msgpack::object const & | o, |
| size_t | max_chars | ||
| ) |
Definition at line 6 of file msgpack_to_json.cpp.
| bb::NamedUnion | ( | std::variant< Types... > | ) | -> NamedUnion< Types... > |
| Univariate< Fr, domain_end, domain_start, skip_count > bb::operator* | ( | const Fr & | ff, |
| const Univariate< Fr, domain_end, domain_start, skip_count > & | uv | ||
| ) |
Definition at line 634 of file univariate.hpp.
| Univariate< Fr, domain_end, domain_start, skip_count > bb::operator* | ( | const Fr & | ff, |
| const UnivariateView< Fr, domain_end, domain_start, skip_count > & | uv | ||
| ) |
Definition at line 797 of file univariate.hpp.
| Univariate< Fr, domain_end, domain_start, skip_count > bb::operator+ | ( | const Fr & | ff, |
| const Univariate< Fr, domain_end, domain_start, skip_count > & | uv | ||
| ) |
Definition at line 620 of file univariate.hpp.
| Univariate< Fr, domain_end, domain_start, skip_count > bb::operator+ | ( | const Fr & | ff, |
| const UnivariateView< Fr, domain_end, domain_start, skip_count > & | uv | ||
| ) |
Definition at line 783 of file univariate.hpp.
| Univariate< Fr, domain_end, domain_start, skip_count > bb::operator- | ( | const Fr & | ff, |
| const Univariate< Fr, domain_end, domain_start, skip_count > & | uv | ||
| ) |
Definition at line 627 of file univariate.hpp.
| Univariate< Fr, domain_end, domain_start, skip_count > bb::operator- | ( | const Fr & | ff, |
| const UnivariateView< Fr, domain_end, domain_start, skip_count > & | uv | ||
| ) |
Definition at line 790 of file univariate.hpp.
|
inline |
Definition at line 538 of file polynomial.hpp.
|
inline |
Definition at line 172 of file origin_tag.hpp.
| void bb::parallel_for | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
Creates a thread pool and runs the function in parallel.
| num_iterations | Number of iterations |
| func | Function to run in parallel Observe that num_iterations is NOT the thread pool size. The size will be chosen based on the hardware concurrency (i.e., env or cpus). |
Definition at line 72 of file thread.cpp.
|
private |
A thread pooled strategy that uses atomics to prevent needing constantly lock on a queue. The main thread acts as a worker also, and when it completes, it spins until thread workers are done.
Definition at line 109 of file parallel_for_atomic_pool.cpp.
| std::vector< Accum > bb::parallel_for_heuristic | ( | size_t | num_points, |
| const Accum & | initial_accum, | ||
| const Func & | func, | ||
| size_t | heuristic_cost | ||
| ) |
parallel_for_heuristic variant that takes an accumulator initializer that is allocated in a vector, one accumulator per thread/chunk. This allows for thread-safe accumulation, see sum() or sum_pairs() in container.hpp for an easy way to combine the thread/chunk contributions into a final result.
Definition at line 71 of file thread.hpp.
| void bb::parallel_for_heuristic | ( | size_t | num_points, |
| const Func & | func, | ||
| size_t | heuristic_cost | ||
| ) |
Definition at line 51 of file thread.hpp.
| void bb::parallel_for_heuristic | ( | size_t | num_points, |
| const std::function< void(size_t, size_t, size_t)> & | func, | ||
| size_t | heuristic_cost | ||
| ) |
Split a loop into several loops running in parallel based on operations in 1 iteration.
Splits the num_points into appropriate number of chunks to do parallel processing on and calls the function that should contain the work loop, but only if it's worth it
| num_points | Total number of elements |
| func | A function or lambda expression with a for loop inside, for example: [&](size_t start, size_t end, size_t thread_index){for (size_t i=start; i<end; i++){ ... work ... } |
| heuristic_cost | the estimated cost of the operation, see namespace thread_heuristics below |
Definition at line 132 of file thread.cpp.
| void bb::parallel_for_moody | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
|
private |
A thread pooled strategy that uses std::mutex for protection. Each worker increments the "iteration" and processes. The main thread acts as a worker also, and when it completes, it spins until thread workers are done.
Definition at line 125 of file parallel_for_mutex_pool.cpp.
| void bb::parallel_for_omp | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
| void bb::parallel_for_queued | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
A thread pooled strategey that assumed that thread pools would be more efficient than spawning threads. Every iteration becomes a task in a queue. That's probably not very efficient. A normal mutex and condition variables are used to distribute tasks and notify.
Definition at line 19 of file parallel_for_queued.cpp.
| void bb::parallel_for_range | ( | size_t | num_points, |
| const std::function< void(size_t, size_t)> & | func, | ||
| size_t | no_multhreading_if_less_or_equal | ||
| ) |
Split a loop into several loops running in parallel.
Splits the num_points into appropriate number of chunks to do parallel processing on and calls the function that should contain the work loop
| num_points | Total number of elements |
| func | A function or lambda expression with a for loop inside, for example: [](size_t start, size_t end){for (size_t i=start; i<end; i++){(void)i;}} |
| no_multhreading_if_less_or_equal | If num points is less or equal to this value, run without parallelization |
Definition at line 102 of file thread.cpp.
| void bb::parallel_for_spawning | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
A very simple strategy. Spawn a worker thread for every iteration (but no more than num cores). Worker threads tight-loop incrementing an atomic variable from 0-num_iterations, until num_iterations reached. Main thread waits on all worker threads by joining.
Definition at line 11 of file parallel_for_spawning.cpp.
| int bb::parse_and_run_cli_command | ( | int | argc, |
| char * | argv[] | ||
| ) |
Parse command line arguments and run the corresponding command.
This function encapsulates the entire CLI parsing and command execution logic that is used in the main function. It's designed as a standalone function to support multiple entry points:
bb executableThe function utilizes CLI11 for argument parsing and creates a hierarchy of commands and subcommands with appropriate options. This encapsulation allows the CLI functionality to be tested and benchmarked without duplicating the command structure across multiple files.
| argc | Number of command-line arguments |
| argv | Array of command-line argument strings |
| std::vector< std::shared_ptr< typename MegaFlavor::VerificationKey > > bb::precompute_vks | ( | const size_t | num_app_circuits, |
| const bool | large_first_app = true |
||
| ) |
Definition at line 60 of file test_bench_shared.hpp.
| void bb::print_active_subcommands | ( | const CLI::App & | app, |
| const std::string & | prefix = "bb command: " |
||
| ) |
|
inline |
Process msgpack API commands from an input stream.
This function reads length-encoded msgpack buffers from the provided input stream, deserializes them into Command objects, executes them via the bbapi interface, and writes length-encoded responses back to stdout.
The format for each message is:
| input_stream | The input stream to read msgpack commands from (stdin or file) |
Definition at line 28 of file api_msgpack.hpp.
| void bb::prove_tube | ( | const std::string & | output_path, |
| const std::string & | vk_path | ||
| ) |
Creates a Honk Proof for the Tube circuit responsible for recursively verifying a ClientIVC proof.
| output_path | the working directory from which the proof and verification data are read |
| num_unused_public_inputs | |
| output_path | the working directory from which the proof is read and output is written |
| vk_path | the path to the verification key data to use when proving (this is the one of two ClientIVC VKs, public or private tail) |
Definition at line 15 of file prove_tube.cpp.
|
inline |
Definition at line 81 of file gate_data.hpp.
| void bb::read | ( | B & | it, |
| field2< base_field, Params > & | value | ||
| ) |
Definition at line 149 of file field2_declarations.hpp.
Definition at line 721 of file field_declarations.hpp.
|
inline |
Definition at line 606 of file univariate.hpp.
|
inline |
Definition at line 339 of file univariate_coefficient_basis.hpp.
|
inline |
Definition at line 29 of file file_io.hpp.
| bb::RefArray | ( | T & | , |
| Ts & | ... | ||
| ) | -> RefArray< T, 1+sizeof...(Ts)> |
| bb::RefVector | ( | T & | , |
| Ts & | ... | ||
| ) | -> RefVector< T > |
Definition at line 9 of file container.hpp.
Definition at line 17 of file container.hpp.
| Polynomial< FF > bb::sparse_random_poly | ( | const size_t | size, |
| const size_t | num_nonzero | ||
| ) |
Definition at line 24 of file commit.bench.cpp.
| PolyData< FF > bb::structured_random_poly | ( | bool | non_zero_complement = false | ) |
Definition at line 44 of file commit.bench.cpp.
|
constexpr |
Check whether a given subrelation is linearly independent from the other subrelations.
More often than not, we want multiply each subrelation contribution by a power of the relation separator challenge. In cases where we wish to define a subrelation that merges into another, we encode this in a boolean array SUBRELATION_LINEARLY_INDEPENDENT in the relation. If no such array is defined, then the default case where all subrelations are independent is engaged.
Definition at line 46 of file relation_types.hpp.
| Inner bb::sum | ( | Cont< Inner, Args... > const & | in | ) |
Definition at line 70 of file container.hpp.
| std::pair< Left, Right > bb::sum_pairs | ( | Cont< std::pair< Left, Right >, Args... > const & | in | ) |
Definition at line 81 of file container.hpp.
| void bb::tamper_with_proof | ( | InnerProver & | inner_prover, |
| ProofType & | inner_proof, | ||
| TamperType | type | ||
| ) |
Test method that provides several ways to tamper with a proof. TODO(https://github.com/AztecProtocol/barretenberg/issues/1298): Currently, several tests are failing due to challenges not being re-computed after tampering. We need to extend this tool to allow for more elaborate tampering.
| InnerProver | |
| InnerFlavor | |
| ProofType |
| inner_prover | |
| inner_proof | |
| type |
Definition at line 35 of file tamper_proof.hpp.
| void bb::tamper_with_proof | ( | ProofType & | inner_proof, |
| bool | end_of_proof | ||
| ) |
Tamper with a proof by finding the first non-zero value and incrementing it by 1 and by modifying the last commitment.
Definition at line 107 of file tamper_proof.hpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| BaseCase | |||
| ) |
Definition at line 53 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| CompleteSelectorPartitioningCheck | |||
| ) |
Check that the selector partitioning is correct for the mega circuit builder.
We check that for the arithmetic, delta_range, elliptic, memory, nnf, lookup, busread, poseidon2_external, poseidon2_internal blocks, and the other selectors are zero on that block.
Definition at line 170 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| CopyConstructor | |||
| ) |
Definition at line 14 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| GoblinEccOpQueueUltraOps | |||
| ) |
Check that the ultra ops are recorded correctly in the EccOpQueue.
Definition at line 136 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| GoblinSimple | |||
| ) |
Test the queueing of simple ecc ops via the Goblin builder.
There are two things to check here: 1) When ecc ops are queued by the builder, the corresponding native operations are performed correctly by the internal ecc op queue, and 2) The ecc op gate operands are correctly encoded in the op_wires, i.e. the operands can be reconstructed as expected.
Definition at line 69 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| BadLookupFailure | |||
| ) |
Definition at line 105 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| BadTagPermutation | |||
| ) |
Definition at line 267 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| BaseCase | |||
| ) |
Definition at line 121 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| CheckCircuitShowcase | |||
| ) |
Definition at line 883 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| ComposedRangeConstraint | |||
| ) |
Definition at line 557 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| CopyConstructor | |||
| ) |
Definition at line 16 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| CreateGatesFromPlookupAccumulators | |||
| ) |
Definition at line 43 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| NonNativeFieldMultiplication | |||
| ) |
Definition at line 580 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| NonNativeFieldMultiplicationSortCheck | |||
| ) |
Test that the nnf block only contains nnf gates.
Definition at line 638 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| NonTrivialTagPermutation | |||
| ) |
Definition at line 199 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| NonTrivialTagPermutationAndCycles | |||
| ) |
Definition at line 229 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| Ram | |||
| ) |
Definition at line 778 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RamSimple | |||
| ) |
A simple-as-possible RAM read test, for easier debugging.
Definition at line 748 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeChecksOnDuplicates | |||
| ) |
Definition at line 848 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeConstraint | |||
| ) |
Definition at line 411 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeWithGates | |||
| ) |
Definition at line 480 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeWithGatesWhereRangeIsNotAPowerOfTwo | |||
| ) |
Definition at line 496 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| Rom | |||
| ) |
Definition at line 703 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWidget | |||
| ) |
Definition at line 296 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWidgetComplex | |||
| ) |
Definition at line 512 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWidgetNeg | |||
| ) |
Definition at line 539 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWithEdgesGate | |||
| ) |
Definition at line 322 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| TestEllipticDoubleGate | |||
| ) |
Definition at line 179 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| TestEllipticGate | |||
| ) |
Definition at line 151 of file ultra_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| TestNoLookupProof | |||
| ) |
Definition at line 129 of file ultra_circuit_builder.test.cpp.
| bb::TEST_F | ( | EccRelationsConsistency | , |
| RecursiveToNativeConsistency | |||
| ) |
Definition at line 49 of file ecc_relation_consistency.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| IndependentVKHash | |||
| ) |
Definition at line 257 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| SingleRecursiveVerification | |||
| ) |
Definition at line 242 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| SingleRecursiveVerificationFailure | |||
| ) |
Definition at line 247 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| SingleRecursiveVerificationFailureTamperedProof | |||
| ) |
Definition at line 252 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | IPATest | , |
| AIsZeroAfterOneRound | |||
| ) |
Definition at line 167 of file ipa.test.cpp.
| bb::TEST_F | ( | IPATest | , |
| ChallengesAreZero | |||
| ) |
Definition at line 123 of file ipa.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ConstantPolynomial | |||
| ) |
Definition at line 96 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| EmptyPolynomial | |||
| ) |
Definition at line 105 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| GeminiShplonkKzgWithShift | |||
| ) |
Test full PCS protocol: Gemini, Shplonk, KZG and pairing check.
Demonstrates the full PCS protocol as it is used in the construction and verification of a single Honk proof. (Expository comments included throughout).
Definition at line 153 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ShpleminiKzgShiftsRemoval | |||
| ) |
Definition at line 320 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ShpleminiKzgWithShift | |||
| ) |
Definition at line 208 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ShpleminiKzgWithShiftAndInterleaving | |||
| ) |
Definition at line 261 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| Single | |||
| ) |
Definition at line 56 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| SingleInLagrangeBasis | |||
| ) |
Test opening proof of a polynomial given by its evaluations at \( i = 0, \ldots, n \). Should only be used for small values of \( n \).
Definition at line 119 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ZeroEvaluation | |||
| ) |
Definition at line 66 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ZeroPolynomial | |||
| ) |
Definition at line 79 of file kzg.test.cpp.
| bb::TEST_F | ( | TranslatorRecursiveTests | , |
| IndependentVKHash | |||
| ) |
Definition at line 201 of file translator_recursive_verifier.test.cpp.
| bb::TEST_F | ( | TranslatorRecursiveTests | , |
| SingleRecursiveVerification | |||
| ) |
Definition at line 196 of file translator_recursive_verifier.test.cpp.
| bb::TYPED_TEST | ( | BatchedAffineAdditionTests | , |
| Reduce | |||
| ) |
Definition at line 28 of file batched_affine_addition.test.cpp.
| bb::TYPED_TEST | ( | CommitmentKeyTest | , |
| CommitFull | |||
| ) |
Definition at line 98 of file sparse_commitment.test.cpp.
| bb::TYPED_TEST | ( | CommitmentKeyTest | , |
| CommitFullMedium | |||
| ) |
Definition at line 126 of file sparse_commitment.test.cpp.
| bb::TYPED_TEST | ( | CommitmentKeyTest | , |
| CommitSRSCheck | |||
| ) |
Definition at line 154 of file sparse_commitment.test.cpp.
| bb::TYPED_TEST | ( | CommitmentKeyTest | , |
| CommitStructuredMaskedWire | |||
| ) |
Test commit_structured on polynomial with blocks of non-zero values that resembles masked structured witness.
Definition at line 219 of file sparse_commitment.test.cpp.
| bb::TYPED_TEST | ( | CommitmentKeyTest | , |
| CommitStructuredNonzeroComplement | |||
| ) |
Test the method for committing to structured polynomials with a constant nonzero complement (i.e. the permutation grand product polynomial z_perm in the structured trace setting).
Definition at line 256 of file sparse_commitment.test.cpp.
| bb::TYPED_TEST | ( | CommitmentKeyTest | , |
| CommitStructuredWire | |||
| ) |
Test commit_structured on polynomial with blocks of non-zero values (like wires when using structured trace)
Definition at line 185 of file sparse_commitment.test.cpp.
| bb::TYPED_TEST | ( | RecursiveVeriferCommitmentKeyTest | , |
| EqualityTest | |||
| ) |
Definition at line 40 of file verifier_commitment_key.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| CorrectnessOfGeminiClaimBatching | |||
| ) |
Definition at line 152 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| CorrectnessOfMultivariateClaimBatching | |||
| ) |
Definition at line 47 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| ShpleminiZKNoSumcheckOpenings | |||
| ) |
Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver and Libra polynomials used to mask Sumcheck Round Univariates. This abstracts the PCS step in each ZK Flavor running over BN254.
Definition at line 271 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| ShpleminiZKWithSumcheckOpenings | |||
| ) |
Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver, Libra polynomials used to mask Sumcheck Round Univariates and prove/verify the claimed evaluations of committed sumcheck round univariates. This test abstracts the PCS step in each ZK Flavor running over Grumpkin.
Definition at line 385 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShplonkTest | , |
| ExportBatchClaimAndVerify | |||
| ) |
Definition at line 92 of file shplonk.test.cpp.
| bb::TYPED_TEST | ( | ShplonkTest | , |
| ShplonkLinearlyDependent | |||
| ) |
Definition at line 50 of file shplonk.test.cpp.
| bb::TYPED_TEST | ( | ShplonkTest | , |
| ShplonkSimple | |||
| ) |
Definition at line 21 of file shplonk.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| LibraEvaluationsConsistency | |||
| ) |
Definition at line 173 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| LibraEvaluationsConsistencyFailure | |||
| ) |
Definition at line 210 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| ProverComputationsCorrectness | |||
| ) |
Definition at line 52 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| TranslationMaskingTermConsistency | |||
| ) |
Definition at line 255 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| TranslationMaskingTermConsistencyFailure | |||
| ) |
Definition at line 307 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| VerifierEvaluations | |||
| ) |
Definition at line 123 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST_SUITE | ( | BatchedAffineAdditionTests | , |
| Curves | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | CommitmentKeyTest | , |
| Curves | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | RecursiveVeriferCommitmentKeyTest | , |
| Curves | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | ShpleminiTest | , |
| TestSettings | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | ShplonkTest | , |
| CurveTypes | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | SmallSubgroupIPATest | , |
| TestFlavors | |||
| ) |
| template bool bb::UltraCircuitChecker::check< MegaCircuitBuilder_< bb::fr > > | ( | const MegaCircuitBuilder_< bb::fr > & | builder_in | ) |
| auto bb::UltraCircuitChecker::init_empty_values< MegaCircuitBuilder_< bb::fr > > | ( | ) |
Definition at line 14 of file ultra_circuit_checker.cpp.
| MegaCircuitBuilder_< bb::fr > bb::UltraCircuitChecker::prepare_circuit< MegaCircuitBuilder_< bb::fr > > | ( | const MegaCircuitBuilder_< bb::fr > & | builder_in | ) |
Definition at line 14 of file ultra_circuit_checker.cpp.
| T bb::unpack_from_file | ( | const std::filesystem::path & | filename | ) |
Definition at line 55 of file private_execution_steps.cpp.
| std::vector< FF > bb::update_gate_challenges | ( | const FF & | perturbator_challenge, |
| const std::vector< FF > & | gate_challenges, | ||
| const std::vector< FF > & | init_challenges | ||
| ) |
Compute the gate challenges used in the combiner calculation.
This is Step 8 of the protocol as written in the paper.
Definition at line 16 of file prover_verifier_shared.hpp.
|
noexcept |
Definition at line 18 of file protogalaxy.bench.cpp.
| bool bb::verify_ivc | ( | ClientIVC::Proof & | proof, |
| ClientIVC & | ivc | ||
| ) |
Verify an IVC proof.
Definition at line 20 of file test_bench_shared.hpp.
| void bb::write | ( | B & | buf, |
| field2< base_field, Params > const & | value | ||
| ) |
Definition at line 155 of file field2_declarations.hpp.
Definition at line 731 of file field_declarations.hpp.
|
inline |
Definition at line 93 of file gate_data.hpp.
|
inline |
Definition at line 613 of file univariate.hpp.
|
inline |
Definition at line 346 of file univariate_coefficient_basis.hpp.
| void bb::write_arbitrary_valid_client_ivc_proof_and_vk_to_file | ( | const std::filesystem::path & | output_dir | ) |
Definition at line 261 of file api_client_ivc.cpp.
|
inline |
Definition at line 58 of file file_io.hpp.
| void bb::write_recursion_inputs_ultra_honk | ( | const std::string & | bytecode_path, |
| const std::string & | witness_path, | ||
| const std::string & | output_path | ||
| ) |
|
extern |
|
extern |
| auto bb::zip_polys | ( | Poly && | poly, |
| Polys &&... | polys | ||
| ) |
Definition at line 555 of file polynomial.hpp.
| const size_t bb::ADD_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of ADD_ASSIGN instruction.
Definition at line 112 of file field.fuzzer.hpp.
| const size_t bb::ADD_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of ADD instruction.
Definition at line 111 of file field.fuzzer.hpp.
| const size_t bb::BATCH_INVERT_SIZE |
Size of BATCH_INVERT instruction.
Definition at line 133 of file field.fuzzer.hpp.
| const char* const bb::BB_VERSION_PLACEHOLDER = "00000000.00000000.00000000" |
| CommitmentKey<Curve> bb::ck |
Definition at line 20 of file ipa.fuzzer.cpp.
|
constexpr |
Definition at line 20 of file commitment_key.test.hpp.
|
constexpr |
Definition at line 21 of file commitment_key.test.hpp.
|
constexpr |
Definition at line 18 of file ipa.fuzzer.cpp.
| const size_t bb::DEFAULT_MIN_ITERS_PER_THREAD = 1 << 4 |
Definition at line 89 of file thread.hpp.
| const size_t bb::DIV_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of DIV_ASSIGN instruction.
Definition at line 119 of file field.fuzzer.hpp.
| const size_t bb::DIV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of DIV instruction.
Definition at line 118 of file field.fuzzer.hpp.
| const size_t bb::EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of EQUAL instruction.
Definition at line 127 of file field.fuzzer.hpp.
| const size_t bb::FROM_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of FROM_MONTGOMERY instruction.
Definition at line 130 of file field.fuzzer.hpp.
| const size_t bb::INCREMENT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of INCREMENT instruction.
Definition at line 113 of file field.fuzzer.hpp.
| const size_t bb::INDEX_SIZE = 1 |
Size of index field in bytes.
Definition at line 104 of file field.fuzzer.hpp.
| const size_t bb::INSTRUCTION_HEADER_SIZE = 1 |
Size of instruction header in bytes.
Definition at line 103 of file field.fuzzer.hpp.
| const size_t bb::INTERNAL_STATE_SIZE = 32 |
Constant defining the number of elements in the VM's internal state.
Definition at line 30 of file field.fuzzer.hpp.
| const size_t bb::INV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of INV instruction.
Definition at line 120 of file field.fuzzer.hpp.
|
inlineconstexpr |
Definition at line 258 of file barycentric.hpp.
|
constexpr |
Definition at line 143 of file transcript.hpp.
| const size_t bb::IS_ZERO_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of IS_ZERO instruction.
Definition at line 126 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 257 of file commit.bench.cpp.
|
constexpr |
Definition at line 91 of file commit.bench.cpp.
|
constexpr |
Definition at line 258 of file commit.bench.cpp.
|
constexpr |
Definition at line 92 of file commit.bench.cpp.
|
constexpr |
Definition at line 256 of file commit.bench.cpp.
|
constexpr |
Definition at line 90 of file commit.bench.cpp.
| const size_t bb::MUL_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of MUL_ASSIGN instruction.
Definition at line 115 of file field.fuzzer.hpp.
| const size_t bb::MUL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of MUL instruction.
Definition at line 114 of file field.fuzzer.hpp.
| const size_t bb::NEG_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of NEG instruction.
Definition at line 121 of file field.fuzzer.hpp.
| const size_t bb::NOT_EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of NOT_EQUAL instruction.
Definition at line 128 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 16 of file databus.hpp.
|
constexpr |
Definition at line 9 of file constants.hpp.
| const size_t bb::POW_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 + sizeof(uint64_t) |
Size of POW instruction.
Definition at line 124 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 17 of file databus.hpp.
|
constexpr |
Definition at line 18 of file databus.hpp.
| const size_t bb::REDUCE_ONCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of REDUCE_ONCE instruction.
Definition at line 131 of file field.fuzzer.hpp.
| const size_t bb::SELF_REDUCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of SELF_REDUCE instruction.
Definition at line 132 of file field.fuzzer.hpp.
| const size_t bb::SET_VALUE_SIZE |
| const size_t bb::SETTINGS_SIZE = sizeof(VMSettings) |
Definition at line 68 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 93 of file commit.bench.cpp.
| const size_t bb::SQR_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of SQR_ASSIGN instruction.
Definition at line 123 of file field.fuzzer.hpp.
| const size_t bb::SQR_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of SQR instruction.
Definition at line 122 of file field.fuzzer.hpp.
| const size_t bb::SQRT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of SQRT instruction.
Definition at line 125 of file field.fuzzer.hpp.
| const size_t bb::SUB_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of SUB_ASSIGN instruction.
Definition at line 117 of file field.fuzzer.hpp.
| const size_t bb::SUB_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of SUB instruction.
Definition at line 116 of file field.fuzzer.hpp.
| const size_t bb::TO_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of TO_MONTGOMERY instruction.
Definition at line 129 of file field.fuzzer.hpp.
|
inline |
Definition at line 149 of file transcript.hpp.
| VerifierCommitmentKey<Curve> bb::vk |
Definition at line 21 of file ipa.fuzzer.cpp.
1.9.8