Barretenberg: src/barretenberg/vm2/proving_helper.cpp Source File

#include "barretenberg/vm2/proving_helper.hpp"


#include <cstdint>

#include <cstdlib>

#include <memory>

#include <stdexcept>


#include "barretenberg/common/assert.hpp"

#include "barretenberg/common/serialize.hpp"

#include "barretenberg/common/thread.hpp"

#include "barretenberg/numeric/bitop/get_msb.hpp"

#include "barretenberg/vm2/common/constants.hpp"

#include "barretenberg/vm2/constraining/check_circuit.hpp"

#include "barretenberg/vm2/constraining/polynomials.hpp"

#include "barretenberg/vm2/constraining/prover.hpp"

#include "barretenberg/vm2/constraining/verifier.hpp"

#include "barretenberg/vm2/tooling/stats.hpp"


namespace bb::avm2 {


namespace {


// TODO: This doesn't need to be a shared_ptr, but BB requires it.

std::shared_ptr<AvmProver::ProvingKey> create_proving_key(AvmProver::ProverPolynomials& polynomials)

{

    auto proving_key = std::make_shared<AvmProver::ProvingKey>();


    for (auto [key_poly, prover_poly] : zip_view(proving_key->get_all(), polynomials.get_unshifted())) {

        BB_ASSERT_EQ(flavor_get_label(*proving_key, key_poly), flavor_get_label(polynomials, prover_poly));

        key_poly = std::move(prover_poly);

    }


    return proving_key;

}


} // namespace


// Create AvmVerifier::VerificationKey based on VkData and returns shared pointer.


std::shared_ptr<AvmVerifier::VerificationKey> AvmProvingHelper::create_verification_key(const VkData& vk_data)

{

    using VerificationKey = AvmVerifier::VerificationKey;

    std::vector<fr> vk_as_fields = many_from_buffer<AvmFlavorSettings::FF>(vk_data);


    std::span vk_span(vk_as_fields);


    vinfo("vk fields size: ", vk_as_fields.size());


    std::array<VerificationKey::Commitment, VerificationKey::NUM_PRECOMPUTED_COMMITMENTS> precomputed_cmts;

    for (size_t i = 0; i < VerificationKey::NUM_PRECOMPUTED_COMMITMENTS; i++) {

        // Adds 4 (NUM_FRS_COM) fr elements per commitment. Therefore, index = 4 * i.

        precomputed_cmts[i] = field_conversion::convert_from_bn254_frs<VerificationKey::Commitment>(

            vk_span.subspan(AvmFlavor::NUM_FRS_COM * i, AvmFlavor::NUM_FRS_COM));

    }


    return std::make_shared<VerificationKey>(precomputed_cmts);

}


std::pair<AvmProvingHelper::Proof, AvmProvingHelper::VkData> AvmProvingHelper::prove(tracegen::TraceContainer&& trace)

{

    auto polynomials = AVM_TRACK_TIME_V("proving/prove:compute_polynomials", constraining::compute_polynomials(trace));

    auto proving_key = AVM_TRACK_TIME_V("proving/prove:proving_key", create_proving_key(polynomials));

    // TODO(#15892): VK needs to be hardcoded. Computing it here is not efficient.

    auto verification_key =

        AVM_TRACK_TIME_V("proving/prove:verification_key", std::make_shared<AvmVerifier::VerificationKey>(proving_key));

    auto prover = AVM_TRACK_TIME_V("proving/prove:construct_prover",

                                   AvmProver(proving_key, verification_key, proving_key->commitment_key));


    auto proof = AVM_TRACK_TIME_V("proving/construct_proof", prover.construct_proof());

    auto serialized_vk = to_buffer(verification_key->to_field_elements());


    return { std::move(proof), std::move(serialized_vk) };

}


bool AvmProvingHelper::check_circuit(tracegen::TraceContainer&& trace)

{

    // The proof is done over the whole circuit (2^21 rows).

    // However, for check-circuit purposes we run only over the trace rows

    // PLUS one extra row to catch any possible errors in the empty remainder

    // of the circuit.

    const size_t num_rows = trace.get_num_rows_without_clk() + 1;

    const bool skippable_enabled = true;

    info("Running check ",

         skippable_enabled ? "(with skippable)" : "(without skippable)",

         " circuit over ",

         num_rows,

         " rows.");


    // Warning: this destroys the trace.

    auto polynomials = AVM_TRACK_TIME_V("proving/prove:compute_polynomials", constraining::compute_polynomials(trace));

    try {

        AVM_TRACK_TIME("proving/check_circuit",

                       constraining::run_check_circuit(polynomials, num_rows, skippable_enabled));

    } catch (std::runtime_error& e) {

        // FIXME: This exception is never caught because it's thrown in a different thread.

        // Execution never gets here!

        info("Circuit check failed: ", e.what());

    }


    return true;

}


bool AvmProvingHelper::verify(const AvmProvingHelper::Proof& proof, const PublicInputs& pi, const VkData& vk_data)

{

    auto vk = AVM_TRACK_TIME_V("proving/verify:create_verification_key", create_verification_key(vk_data));

    auto verifier = AVM_TRACK_TIME_V("proving/verify:construct_verifier", AvmVerifier(std::move(vk)));

    return AVM_TRACK_TIME_V("proving/verify_proof", verifier.verify_proof(proof, pi.to_columns()));

}


} // namespace bb::avm2

assert.hpp

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:59

check_circuit.hpp

bb::avm2::AvmFlavor::NUM_FRS_COM
static constexpr size_t NUM_FRS_COM
Definition flavor.hpp:99

bb::avm2::AvmProver
Definition prover.hpp:11

bb::avm2::AvmProver::ProverPolynomials
Flavor::ProverPolynomials ProverPolynomials
Definition prover.hpp:21

bb::avm2::AvmProvingHelper::VkData
std::vector< uint8_t > VkData
Definition proving_helper.hpp:15

bb::avm2::AvmProvingHelper::Proof
AvmProver::Proof Proof
Definition proving_helper.hpp:14

bb::avm2::AvmProvingHelper::verify
bool verify(const Proof &proof, const PublicInputs &pi, const VkData &vk_data)
Definition proving_helper.cpp:102

bb::avm2::AvmProvingHelper::prove
std::pair< Proof, VkData > prove(tracegen::TraceContainer &&trace)
Definition proving_helper.cpp:58

bb::avm2::AvmProvingHelper::check_circuit
bool check_circuit(tracegen::TraceContainer &&trace)
Definition proving_helper.cpp:74

bb::avm2::AvmProvingHelper::create_verification_key
static std::shared_ptr< AvmVerifier::VerificationKey > create_verification_key(const VkData &vk_data)
Definition proving_helper.cpp:39

bb::avm2::AvmVerifier
Definition verifier.hpp:8

bb::avm2::AvmVerifier::VerificationKey
Flavor::VerificationKey VerificationKey
Definition verifier.hpp:13

bb::avm2::tracegen::TraceContainer
Definition trace_container.hpp:22

zip_view
Definition zip_view.hpp:166

vinfo
void vinfo(Args... args)
Definition log.hpp:76

info
void info(Args... args)
Definition log.hpp:70

trace
TestTraceContainer trace
Definition data_copy.test.cpp:59

get_msb.hpp

VerificationKey
UltraKeccakFlavor::VerificationKey VerificationKey
Definition honk_key_gen.cpp:19

bb::avm2::constraining::compute_polynomials
AvmProver::ProverPolynomials compute_polynomials(tracegen::TraceContainer &trace)
Definition polynomials.cpp:12

bb::avm2::constraining::run_check_circuit
void run_check_circuit(AvmFlavor::ProverPolynomials &polys, size_t num_rows, bool skippable_enabled)
Definition check_circuit.cpp:18

bb::avm2
Definition flavor.hpp:472

bb::flavor_get_label
std::string flavor_get_label(Container &&container, const Element &element)
Definition flavor_concepts.hpp:66

bb::vk
VerifierCommitmentKey< Curve > vk
Definition ipa.fuzzer.cpp:21

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomials.hpp

prover.hpp

proving_helper.hpp

serialize.hpp

to_buffer
std::vector< uint8_t > to_buffer(T const &value)
Definition serialize.hpp:425

stats.hpp

AVM_TRACK_TIME_V
#define AVM_TRACK_TIME_V(key, body)
Definition stats.hpp:19

AVM_TRACK_TIME
#define AVM_TRACK_TIME(key, body)
Definition stats.hpp:17

bb::avm2::PublicInputs
Definition avm_inputs.hpp:27

bb::avm2::PublicInputs::to_columns
std::vector< std::vector< FF > > to_columns() const
Serialization to columns.
Definition avm_inputs.cpp:132

thread.hpp

verifier.hpp

constants.hpp