Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
shplemini.test.cpp
Go to the documentation of this file.
1
2#include "shplemini.hpp"
3#include "../commitment_key.test.hpp"
4#include "../gemini/gemini.hpp"
5#include "../kzg/kzg.hpp"
6#include "../shplonk/shplonk.hpp"
7#include "../utils/batch_mul_native.hpp"
8#include "barretenberg/commitment_schemes/ipa/ipa.hpp"
9#include "barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp"
10#include "barretenberg/commitment_schemes/utils/mock_witness_generator.hpp"
11#include "barretenberg/commitment_schemes/utils/test_settings.hpp"
12#include "barretenberg/ecc/curves/bn254/g1.hpp"
13#include "barretenberg/sumcheck/sumcheck.hpp"
14
15#include <gtest/gtest.h>
16#include <vector>
17
18namespace bb {
19
20template <class Flavor> class ShpleminiTest : public CommitmentTest<typename Flavor::Curve> {
21 public:
22 // Size of the test polynomials
23 static constexpr size_t log_n = 9;
24 static constexpr size_t n = 1UL << log_n;
25 // Total number of random polynomials in each test
26 static constexpr size_t num_polynomials = 7;
27 // Number of shiftable polynomials
28 static constexpr size_t num_shiftable = 2;
29 // Number of polynomials to be right shifted by k
30 static constexpr size_t num_right_shiftable_by_k = 2;
31
32 // The length of the mock sumcheck univariates.
33 static constexpr size_t sumcheck_univariate_length = 24;
34
35 using Fr = typename Flavor::Curve::ScalarField;
36 using GroupElement = typename Flavor::Curve::Element;
37 using Commitment = typename Flavor::Curve::AffineElement;
38 using CK = typename Flavor::CommitmentKey;
39 using IPA = IPA<typename Flavor::Curve, log_n>;
40};
41
42using TestSettings = ::testing::Types<BN254Settings, GrumpkinSettings>;
43
44TYPED_TEST_SUITE(ShpleminiTest, TestSettings);
45
46// This test checks that batch_multivariate_opening_claims method operates correctly
47TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
48{
49 using Curve = typename TypeParam::Curve;
50 using Fr = typename Curve::ScalarField;
51 using GroupElement = typename Curve::Element;
52 using Commitment = typename Curve::AffineElement;
53 using CK = typename TypeParam::CommitmentKey;
54
55 CK ck = create_commitment_key<CK>(this->n);
56
57 // Generate mock challenges
58 Fr rho = Fr::random_element();
59 Fr gemini_eval_challenge = Fr::random_element();
60 Fr shplonk_batching_challenge = Fr::random_element();
61 Fr shplonk_eval_challenge = Fr::random_element();
62
63 // Generate multilinear polynomials and compute their commitments
64 auto mle_opening_point = this->random_evaluation_point(this->log_n);
65
66 MockClaimGenerator<Curve> mock_claims(this->n,
67 /*num_polynomials*/ this->num_polynomials,
68 /*num_to_be_shifted*/ this->num_shiftable,
69 /*num_to_be_right_shifted_by_k*/ this->num_right_shiftable_by_k,
70 mle_opening_point,
71 ck);
72
73 // Collect multilinear evaluations
74 std::vector<Fr> rhos = gemini::powers_of_rho(rho, this->num_polynomials + this->num_shiftable);
75
76 // Lambda to compute batched multivariate evaluation
77 auto update_batched_eval = [&](Fr& batched_eval, const std::vector<Fr>& evaluations, Fr& rho_power) {
78 for (auto& eval : evaluations) {
79 batched_eval += eval * rho_power;
80 rho_power *= rho;
81 }
82 };
83
84 Fr rho_power(1);
85 Fr batched_evaluation(0);
86 update_batched_eval(batched_evaluation, mock_claims.unshifted.evals, rho_power);
87 update_batched_eval(batched_evaluation, mock_claims.to_be_shifted.evals, rho_power);
88 update_batched_eval(batched_evaluation, mock_claims.to_be_right_shifted_by_k.evals, rho_power);
89
90 // Lambda to compute batched commitment
91 auto compute_batched_commitment = [&](const std::vector<Commitment>& commitments, Fr& rho_power) {
92 GroupElement batched = GroupElement::zero();
93 for (auto& comm : commitments) {
94 batched += comm * rho_power;
95 rho_power *= rho;
96 }
97 return batched;
98 };
99
100 // Compute batched commitments manually
101 rho_power = Fr(1);
102 GroupElement batched_commitment_unshifted =
103 compute_batched_commitment(mock_claims.unshifted.commitments, rho_power);
104 GroupElement batched_commitment_to_be_shifted =
105 compute_batched_commitment(mock_claims.to_be_shifted.commitments, rho_power);
106 GroupElement batched_commitment_to_be_right_shifted_by_k =
107 compute_batched_commitment(mock_claims.to_be_right_shifted_by_k.commitments, rho_power);
108
109 // Compute expected result manually
110 GroupElement to_be_right_shifted_by_k_contribution =
111 batched_commitment_to_be_right_shifted_by_k *
112 gemini_eval_challenge.pow(mock_claims.claim_batcher.k_shift_magnitude);
113 GroupElement to_be_shifted_contribution = batched_commitment_to_be_shifted * gemini_eval_challenge.invert();
114
115 GroupElement commitment_to_univariate_pos =
116 batched_commitment_unshifted + to_be_right_shifted_by_k_contribution + to_be_shifted_contribution;
117
118 GroupElement commitment_to_univariate_neg =
119 batched_commitment_unshifted + to_be_right_shifted_by_k_contribution - to_be_shifted_contribution;
120
121 GroupElement expected_result =
122 commitment_to_univariate_pos * (shplonk_eval_challenge - gemini_eval_challenge).invert() +
123 commitment_to_univariate_neg *
124 (shplonk_batching_challenge * (shplonk_eval_challenge + gemini_eval_challenge).invert());
125
126 // Run the ShepliminiVerifier batching method
127 std::vector<Commitment> commitments;
128 std::vector<Fr> scalars;
129 Fr verifier_batched_evaluation{ 0 };
130
131 Fr inverted_vanishing_eval_pos = (shplonk_eval_challenge - gemini_eval_challenge).invert();
132 Fr inverted_vanishing_eval_neg = (shplonk_eval_challenge + gemini_eval_challenge).invert();
133
134 std::vector<Fr> inverted_vanishing_evals = { inverted_vanishing_eval_pos, inverted_vanishing_eval_neg };
135
136 mock_claims.claim_batcher.compute_scalars_for_each_batch(
137 inverted_vanishing_evals, shplonk_batching_challenge, gemini_eval_challenge);
138
139 rho_power = Fr{ 1 };
140 mock_claims.claim_batcher.update_batch_mul_inputs_and_batched_evaluation(
141 commitments, scalars, verifier_batched_evaluation, rho, rho_power);
142
143 // Final pairing check
144 GroupElement shplemini_result = batch_mul_native(commitments, scalars);
145
146 EXPECT_EQ(commitments.size(),
147 mock_claims.unshifted.commitments.size() + mock_claims.to_be_shifted.commitments.size() +
148 mock_claims.to_be_right_shifted_by_k.commitments.size());
149 EXPECT_EQ(batched_evaluation, verifier_batched_evaluation);
150 EXPECT_EQ(-expected_result, shplemini_result);
151}
152TYPED_TEST(ShpleminiTest, CorrectnessOfGeminiClaimBatching)
153{
154 using Curve = TypeParam::Curve;
155 using GeminiProver = GeminiProver_<Curve>;
156 using ShpleminiVerifier = ShpleminiVerifier_<Curve>;
157 using ShplonkVerifier = ShplonkVerifier_<Curve>;
158 using Fr = typename Curve::ScalarField;
159 using GroupElement = typename Curve::Element;
160 using Commitment = typename Curve::AffineElement;
161 using Polynomial = typename bb::Polynomial<Fr>;
162 using CK = typename TypeParam::CommitmentKey;
163
164 CK ck = create_commitment_key<CK>(this->n);
165
166 // Generate mock challenges
167 Fr rho = Fr::random_element();
168 Fr gemini_eval_challenge = Fr::random_element();
169 Fr shplonk_batching_challenge = Fr::random_element();
170
171 std::vector<Fr> shplonk_batching_challenge_powers =
172 compute_shplonk_batching_challenge_powers(shplonk_batching_challenge, this->log_n);
173
174 Fr shplonk_eval_challenge = Fr::random_element();
175
176 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
177
178 MockClaimGenerator<Curve> mock_claims(this->n,
179 /*num_polynomials*/ this->num_polynomials,
180 /*num_to_be_shifted*/ this->num_shiftable,
181 /*num_to_be_right_shifted_by_k*/ this->num_right_shiftable_by_k,
182 mle_opening_point,
183 ck);
184
185 // Collect multilinear evaluations
186 std::vector<Fr> rhos = gemini::powers_of_rho(rho, this->num_polynomials + this->num_shiftable);
187
188 Fr running_scalar = Fr(1);
189 Polynomial batched = mock_claims.polynomial_batcher.compute_batched(rho, running_scalar);
190
191 // Compute:
192 // - (d+1) opening pairs: {r, \hat{a}_0}, {-r^{2^i}, a_i}, i = 0, ..., d-1
193 // - (d+1) Fold polynomials Fold_{r}^(0), Fold_{-r}^(0), and Fold^(i), i = 0, ..., d-1
194 auto fold_polynomials = GeminiProver::compute_fold_polynomials(this->log_n, mle_opening_point, batched);
195
196 std::vector<Commitment> prover_commitments;
197 for (size_t l = 0; l < this->log_n - 1; ++l) {
198 auto commitment = ck.commit(fold_polynomials[l]);
199 prover_commitments.emplace_back(commitment);
200 }
201
202 auto [A_0_pos, A_0_neg] =
203 mock_claims.polynomial_batcher.compute_partially_evaluated_batch_polynomials(gemini_eval_challenge);
204
205 const auto opening_claims = GeminiProver::construct_univariate_opening_claims(
206 this->log_n, std::move(A_0_pos), std::move(A_0_neg), std::move(fold_polynomials), gemini_eval_challenge);
207
208 std::vector<Fr> prover_evaluations;
209 for (size_t l = 0; l < this->log_n; ++l) {
210 const auto& evaluation = opening_claims[l + 1].opening_pair.evaluation;
211 prover_evaluations.emplace_back(evaluation);
212 }
213
214 std::vector<Fr> r_squares = gemini::powers_of_evaluation_challenge(gemini_eval_challenge, this->log_n);
215
216 GroupElement expected_result = GroupElement::zero();
217 std::vector<Fr> expected_inverse_vanishing_evals;
218 expected_inverse_vanishing_evals.reserve(2 * this->log_n);
219 // Compute expected inverses
220 for (size_t idx = 0; idx < this->log_n; idx++) {
221 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge - r_squares[idx]).invert());
222 expected_inverse_vanishing_evals.emplace_back((shplonk_eval_challenge + r_squares[idx]).invert());
223 }
224
225 Fr current_challenge{ shplonk_batching_challenge * shplonk_batching_challenge };
226 for (size_t idx = 0; idx < prover_commitments.size(); ++idx) {
227 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 2];
228 current_challenge *= shplonk_batching_challenge;
229 expected_result -= prover_commitments[idx] * current_challenge * expected_inverse_vanishing_evals[2 * idx + 3];
230 current_challenge *= shplonk_batching_challenge;
231 }
232
233 // Run the ShepliminiVerifier batching method
234 std::vector<Fr> inverse_vanishing_evals =
235 ShplonkVerifier::compute_inverted_gemini_denominators(shplonk_eval_challenge, r_squares);
236
237 Fr expected_constant_term_accumulator{ 0 };
238 std::vector<Fr> padding_indicator_array(this->log_n, Fr{ 1 });
239
240 std::vector<Fr> gemini_fold_pos_evaluations =
241 GeminiVerifier_<Curve>::compute_fold_pos_evaluations(padding_indicator_array,
242 expected_constant_term_accumulator,
243 mle_opening_point,
244 r_squares,
245 prover_evaluations,
246 expected_constant_term_accumulator);
247 std::vector<Commitment> commitments;
248 std::vector<Fr> scalars;
249
250 ShpleminiVerifier::batch_gemini_claims_received_from_prover(padding_indicator_array,
251 prover_commitments,
252 prover_evaluations,
253 gemini_fold_pos_evaluations,
254 inverse_vanishing_evals,
255 shplonk_batching_challenge_powers,
256 commitments,
257 scalars,
258 expected_constant_term_accumulator);
259
260 // Compute the group element using the output of Shplemini method
261 GroupElement shplemini_result = batch_mul_native(commitments, scalars);
262
263 EXPECT_EQ(shplemini_result, expected_result);
264}
265
271TYPED_TEST(ShpleminiTest, ShpleminiZKNoSumcheckOpenings)
272{
273 using ZKData = ZKSumcheckData<TypeParam>;
274 using Curve = TypeParam::Curve;
275 using ShpleminiProver = ShpleminiProver_<Curve>;
276 using ShpleminiVerifier = ShpleminiVerifier_<Curve>;
277 using Fr = typename Curve::ScalarField;
278 using Commitment = typename Curve::AffineElement;
279 using CK = typename TypeParam::CommitmentKey;
280
281 // Initialize transcript and commitment key
282 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
283
284 // SmallSubgroupIPAProver requires at least CURVE::SUBGROUP_SIZE + 3 elements in the ck.
285 static constexpr size_t log_subgroup_size = static_cast<size_t>(numeric::get_msb(Curve::SUBGROUP_SIZE));
286 CK ck = create_commitment_key<CK>(std::max<size_t>(this->n, 1ULL << (log_subgroup_size + 1)));
287
288 // Generate Libra polynomials, compute masked concatenated Libra polynomial, commit to it
289 ZKData zk_sumcheck_data(this->log_n, prover_transcript, ck);
290
291 // Generate multivariate challenge
292 std::vector<Fr> mle_opening_point = this->random_evaluation_point(this->log_n);
293
294 // Generate random prover polynomials, compute their evaluations and commitments
295 MockClaimGenerator<Curve> mock_claims(this->n,
296 /*num_polynomials*/ this->num_polynomials,
297 /*num_to_be_shifted*/ this->num_shiftable,
298 /*num_to_be_right_shifted_by_k*/ this->num_right_shiftable_by_k,
299 mle_opening_point,
300 ck);
301
302 // Compute the sum of the Libra constant term and Libra univariates evaluated at Sumcheck challenges
303 const Fr claimed_inner_product = SmallSubgroupIPAProver<TypeParam>::compute_claimed_inner_product(
304 zk_sumcheck_data, mle_opening_point, this->log_n);
305
306 prover_transcript->send_to_verifier("Libra:claimed_evaluation", claimed_inner_product);
307
308 // Instantiate SmallSubgroupIPAProver, this prover sends commitments to Big Sum and Quotient polynomials
309 SmallSubgroupIPAProver<TypeParam> small_subgroup_ipa_prover(
310 zk_sumcheck_data, mle_opening_point, claimed_inner_product, prover_transcript, ck);
311 small_subgroup_ipa_prover.prove();
312
313 // Reduce to KZG or IPA based on the curve used in the test Flavor
314 const auto opening_claim = ShpleminiProver::prove(this->n,
315 mock_claims.polynomial_batcher,
316 mle_opening_point,
317 ck,
318 prover_transcript,
319 small_subgroup_ipa_prover.get_witness_polynomials());
320
321 if constexpr (std::is_same_v<TypeParam, GrumpkinSettings>) {
322 TestFixture::IPA::compute_opening_proof(this->ck(), opening_claim, prover_transcript);
323 } else {
324 KZG<Curve>::compute_opening_proof(this->ck(), opening_claim, prover_transcript);
325 }
326
327 // Initialize verifier's transcript
328 auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);
329
330 // Start populating Verifier's array of Libra commitments
331 std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments = {};
332 libra_commitments[0] =
333 verifier_transcript->template receive_from_prover<Commitment>("Libra:concatenation_commitment");
334
335 // Place Libra data to the transcript
336 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>("Libra:Sum");
337 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>("Libra:Challenge");
338 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>("Libra:claimed_evaluation");
339
340 // Check that transcript is consistent
341 EXPECT_EQ(libra_total_sum, zk_sumcheck_data.libra_total_sum);
342 EXPECT_EQ(libra_challenge, zk_sumcheck_data.libra_challenge);
343 EXPECT_EQ(libra_evaluation, claimed_inner_product);
344
345 // Finalize the array of Libra/SmallSubgroupIpa commitments
346 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>("Libra:grand_sum_commitment");
347 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>("Libra:quotient_commitment");
348
349 // Used to verify the consistency of the evaluations of the concatenated libra polynomial, big sum polynomial, and
350 // the quotient polynomial computed by SmallSubgroupIPAProver
351 bool consistency_checked = true;
352
353 // Run Shplemini
354 std::vector<Fr> padding_indicator_array(this->log_n, Fr{ 1 });
355
356 const auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
357 mock_claims.claim_batcher,
358 mle_opening_point,
359 this->vk().get_g1_identity(),
360 verifier_transcript,
361 {},
362 true,
363 &consistency_checked,
364 libra_commitments,
365 libra_evaluation);
366 // Verify claim using KZG or IPA
367 if constexpr (std::is_same_v<TypeParam, GrumpkinSettings>) {
368 auto result =
369 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->vk(), verifier_transcript);
370 EXPECT_EQ(result, true);
371 } else {
372 const auto pairing_points =
373 KZG<Curve>::reduce_verify_batch_opening_claim(batch_opening_claim, verifier_transcript);
374 // Final pairing check: e([Q] - [Q_z] + z[W], [1]_2) = e([W], [x]_2)
375 EXPECT_EQ(this->vk().pairing_check(pairing_points[0], pairing_points[1]), true);
376 }
377}
378
385TYPED_TEST(ShpleminiTest, ShpleminiZKWithSumcheckOpenings)
386{
387 using Curve = TypeParam::Curve;
388 using Fr = typename Curve::ScalarField;
389 using Commitment = typename Curve::AffineElement;
390 using CK = typename TypeParam::CommitmentKey;
391
392 using ShpleminiProver = ShpleminiProver_<Curve>;
393 using ShpleminiVerifier = ShpleminiVerifier_<Curve>;
394
395 CK ck = create_commitment_key<CK>(4096);
396
397 // Generate Sumcheck challenge
398 std::vector<Fr> challenge = this->random_evaluation_point(this->log_n);
399
400 auto prover_transcript = TypeParam::Transcript::prover_init_empty();
401
402 // Generate masking polynomials for Sumcheck Round Univariates
403 ZKSumcheckData<TypeParam> zk_sumcheck_data(this->log_n, prover_transcript, ck);
404 // Generate mock witness
405 MockClaimGenerator<Curve> mock_claims(this->n, 1);
406
407 // Generate valid sumcheck polynomials of given length
408 mock_claims.template compute_sumcheck_opening_data<TypeParam>(
409 this->log_n, this->sumcheck_univariate_length, challenge, ck);
410
411 // Compute the sum of the Libra constant term and Libra univariates evaluated at Sumcheck challenges
412 const Fr claimed_inner_product =
413 SmallSubgroupIPAProver<TypeParam>::compute_claimed_inner_product(zk_sumcheck_data, challenge, this->log_n);
414
415 prover_transcript->send_to_verifier("Libra:claimed_evaluation", claimed_inner_product);
416
417 // Instantiate SmallSubgroupIPAProver, this prover sends commitments to Big Sum and Quotient polynomials
418 SmallSubgroupIPAProver<TypeParam> small_subgroup_ipa_prover(
419 zk_sumcheck_data, challenge, claimed_inner_product, prover_transcript, ck);
420 small_subgroup_ipa_prover.prove();
421
422 // Reduce proving to a single claimed fed to KZG or IPA
423 const auto opening_claim = ShpleminiProver::prove(this->n,
424 mock_claims.polynomial_batcher,
425 challenge,
426 ck,
427 prover_transcript,
428 small_subgroup_ipa_prover.get_witness_polynomials(),
429 mock_claims.round_univariates,
430 mock_claims.sumcheck_evaluations);
431
432 if constexpr (std::is_same_v<TypeParam, GrumpkinSettings>) {
433 TestFixture::IPA::compute_opening_proof(this->ck(), opening_claim, prover_transcript);
434 } else {
435 KZG<Curve>::compute_opening_proof(this->ck(), opening_claim, prover_transcript);
436 }
437
438 // Initialize verifier's transcript
439 auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);
440
441 std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments = {};
442 libra_commitments[0] =
443 verifier_transcript->template receive_from_prover<Commitment>("Libra:concatenation_commitment");
444
445 // Place Libra data to the transcript
446 const Fr libra_total_sum = verifier_transcript->template receive_from_prover<Fr>("Libra:Sum");
447 const Fr libra_challenge = verifier_transcript->template get_challenge<Fr>("Libra:Challenge");
448 const Fr libra_evaluation = verifier_transcript->template receive_from_prover<Fr>("Libra:claimed_evaluation");
449
450 // Check that transcript is consistent
451 EXPECT_EQ(libra_total_sum, zk_sumcheck_data.libra_total_sum);
452 EXPECT_EQ(libra_challenge, zk_sumcheck_data.libra_challenge);
453 EXPECT_EQ(libra_evaluation, claimed_inner_product);
454
455 // Finalize the array of Libra/SmallSubgroupIpa commitments
456 libra_commitments[1] = verifier_transcript->template receive_from_prover<Commitment>("Libra:grand_sum_commitment");
457 libra_commitments[2] = verifier_transcript->template receive_from_prover<Commitment>("Libra:quotient_commitment");
458
459 bool consistency_checked = true;
460
461 // Run Shplemini
462 std::vector<Fr> padding_indicator_array(this->log_n, Fr{ 1 });
463
464 const auto batch_opening_claim = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,
465 mock_claims.claim_batcher,
466 challenge,
467 this->vk().get_g1_identity(),
468 verifier_transcript,
469 {},
470 true,
471 &consistency_checked,
472 libra_commitments,
473 libra_evaluation,
474 mock_claims.sumcheck_commitments,
475 mock_claims.sumcheck_evaluations);
476 // Verify claim using KZG or IPA
477 if constexpr (std::is_same_v<TypeParam, GrumpkinSettings>) {
478 auto result =
479 TestFixture::IPA::reduce_verify_batch_opening_claim(batch_opening_claim, this->vk(), verifier_transcript);
480 EXPECT_EQ(result, true);
481 } else {
482 const auto pairing_points =
483 KZG<Curve>::reduce_verify_batch_opening_claim(batch_opening_claim, verifier_transcript);
484 // Final pairing check: e([Q] - [Q_z] + z[W], [1]_2) = e([W], [x]_2)
485 EXPECT_EQ(this->vk().pairing_check(pairing_points[0], pairing_points[1]), true);
486 }
487}
488} // namespace bb
bb::BaseTranscript::verifier_init_empty
static std::shared_ptr< BaseTranscript > verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
Definition transcript.hpp:668
bb::GeminiProver_::PolynomialBatcher::compute_batched
Polynomial compute_batched(const Fr &challenge, Fr &running_scalar)
Compute batched polynomial A₀ = F + G/X as the linear combination of all polynomials to be opened.
Definition gemini.hpp:195
bb::GeminiProver_::PolynomialBatcher::compute_partially_evaluated_batch_polynomials
std::pair< Polynomial, Polynomial > compute_partially_evaluated_batch_polynomials(const Fr &r_challenge)
Compute partially evaluated batched polynomials A₀(X, r) = A₀₊ = F + G/r, A₀(X, -r) = A₀₋ = F - G/r.
Definition gemini.hpp:257
bb::GeminiProver_
Definition gemini.hpp:103
bb::GeminiVerifier_
Definition gemini.hpp:345
bb::KZG::reduce_verify_batch_opening_claim
static VerifierAccumulator reduce_verify_batch_opening_claim(BatchOpeningClaim< Curve > batch_opening_claim, const std::shared_ptr< Transcript > &transcript)
Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a ...
Definition kzg.hpp:122
bb::KZG::compute_opening_proof
static void compute_opening_proof(const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
Definition kzg.hpp:40
bb::MegaFlavor::CommitmentKey
bb::CommitmentKey< Curve > CommitmentKey
Definition mega_flavor.hpp:42
bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:74
bb::ShpleminiProver_
Definition shplemini.hpp:21
bb::ShpleminiTest::n
static constexpr size_t n
Definition shplemini.test.cpp:24
bb::ShpleminiTest::Fr
typename Flavor::Curve::ScalarField Fr
Definition shplemini.test.cpp:35
bb::ShpleminiTest::num_polynomials
static constexpr size_t num_polynomials
Definition shplemini.test.cpp:26
bb::ShpleminiTest::CK
typename Flavor::CommitmentKey CK
Definition shplemini.test.cpp:38
bb::ShpleminiTest::Commitment
typename Flavor::Curve::AffineElement Commitment
Definition shplemini.test.cpp:37
bb::ShpleminiTest::log_n
static constexpr size_t log_n
Definition shplemini.test.cpp:23
bb::ShpleminiTest::sumcheck_univariate_length
static constexpr size_t sumcheck_univariate_length
Definition shplemini.test.cpp:33
bb::ShpleminiTest::num_shiftable
static constexpr size_t num_shiftable
Definition shplemini.test.cpp:28
bb::ShpleminiTest::GroupElement
typename Flavor::Curve::Element GroupElement
Definition shplemini.test.cpp:36
bb::ShpleminiTest::IPA
IPA< typename Flavor::Curve, log_n > IPA
Definition shplemini.test.cpp:39
bb::ShpleminiTest::num_right_shiftable_by_k
static constexpr size_t num_right_shiftable_by_k
Definition shplemini.test.cpp:30
bb::ShpleminiVerifier_
An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts.
Definition shplemini.hpp:189
bb::ShplonkVerifier_
Shplonk Verifier.
Definition shplonk.hpp:343
bb::SmallSubgroupIPAProver
A Curve-agnostic ZK protocol to prove inner products of small vectors.
Definition small_subgroup_ipa.hpp:69
bb::SmallSubgroupIPAProver::get_witness_polynomials
std::array< bb::Polynomial< FF >, NUM_SMALL_IPA_EVALUATIONS > get_witness_polynomials() const
Definition small_subgroup_ipa.hpp:178
bb::SmallSubgroupIPAProver::compute_claimed_inner_product
static FF compute_claimed_inner_product(ZKSumcheckData< Flavor > &zk_sumcheck_data, const std::vector< FF > &multivariate_challenge, const size_t &log_circuit_size)
For test purposes: Compute the sum of the Libra constant term and Libra univariates evaluated at Sumc...
Definition small_subgroup_ipa.cpp:381
bb::SmallSubgroupIPAProver::prove
void prove()
Compute the derived witnesses and and commit to them.
Definition small_subgroup_ipa.cpp:150
bb::curve::Grumpkin::Element
typename Group::element Element
Definition grumpkin.hpp:55
bb::curve::Grumpkin::SUBGROUP_SIZE
static constexpr size_t SUBGROUP_SIZE
Definition grumpkin.hpp:67
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:56
expected_result
bool expected_result
Definition field_gt.test.cpp:53
mock_witness_generator.hpp
bb::gemini::powers_of_evaluation_challenge
std::vector< Fr > powers_of_evaluation_challenge(const Fr r, const size_t num_squares)
Compute squares of folding challenge r.
Definition gemini.hpp:92
bb::gemini::powers_of_rho
std::vector< Fr > powers_of_rho(const Fr rho, const size_t num_powers)
Compute powers of challenge ρ
Definition gemini.hpp:75
bb::numeric::get_msb
constexpr T get_msb(const T in)
Definition get_msb.hpp:47
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::TestSettings
::testing::Types< BN254Settings, GrumpkinSettings > TestSettings
Definition shplemini.test.cpp:42
bb::TYPED_TEST_SUITE
TYPED_TEST_SUITE(ShpleminiTest, TestSettings)
bb::TYPED_TEST
TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
Definition shplemini.test.cpp:47
bb::ck
CommitmentKey< Curve > ck
Definition ipa.fuzzer.cpp:20
bb::vk
VerifierCommitmentKey< Curve > vk
Definition ipa.fuzzer.cpp:21
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
Fr
Curve::ScalarField Fr
Definition pippenger.bench.cpp:28
small_subgroup_ipa.hpp
bb::ClaimBatcher_::k_shift_magnitude
uint32_t k_shift_magnitude
Definition claim_batcher.hpp:60
bb::ClaimBatcher_::compute_scalars_for_each_batch
void compute_scalars_for_each_batch(std::span< const Fr > inverted_vanishing_evals, const Fr &nu_challenge, const Fr &r_challenge)
Compute scalars used to batch each set of claims, excluding contribution from batching challenge \rho...
Definition claim_batcher.hpp:89
bb::ClaimBatcher_::update_batch_mul_inputs_and_batched_evaluation
void update_batch_mul_inputs_and_batched_evaluation(std::vector< Commitment > &commitments, std::vector< Fr > &scalars, Fr &batched_evaluation, const Fr &rho, Fr &rho_power, Fr shplonk_batching_pos={ 0 }, Fr shplonk_batching_neg={ 0 })
Append the commitments and scalars from each batch of claims to the Shplemini, vectors which subseque...
Definition claim_batcher.hpp:145
bb::MockClaimGenerator
Constructs random polynomials, computes commitments and corresponding evaluations.
Definition mock_witness_generator.hpp:23
bb::MockClaimGenerator::round_univariates
std::vector< bb::Polynomial< Fr > > round_univariates
Definition mock_witness_generator.hpp:52
bb::MockClaimGenerator::sumcheck_commitments
std::vector< Commitment > sumcheck_commitments
Definition mock_witness_generator.hpp:53
bb::MockClaimGenerator::sumcheck_evaluations
std::vector< std::array< Fr, 3 > > sumcheck_evaluations
Definition mock_witness_generator.hpp:54
bb::ZKSumcheckData
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
Definition zk_sumcheck_data.hpp:22
bb::field::pow
BB_INLINE constexpr field pow(const uint256_t &exponent) const noexcept
Definition field_impl.hpp:353
bb::field::invert
constexpr field invert() const noexcept
Definition field_impl.hpp:378
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665
test_settings.hpp