Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
transcript.test.cpp
Go to the documentation of this file.
1#include <gtest/gtest.h>
2
3#include "barretenberg/circuit_checker/circuit_checker.hpp"
4#include "barretenberg/ecc/curves/bn254/fr.hpp"
5#include "barretenberg/ecc/curves/bn254/g1.hpp"
6#include "barretenberg/flavor/ultra_flavor.hpp"
7#include "barretenberg/flavor/ultra_recursive_flavor.hpp"
8#include "barretenberg/flavor/ultra_rollup_recursive_flavor.hpp"
9#include "barretenberg/polynomials/univariate.hpp"
10#include "barretenberg/stdlib/proof/proof.hpp"
11#include "barretenberg/transcript/transcript.hpp"
12#include "barretenberg/ultra_honk/decider_proving_key.hpp"
13#include "barretenberg/ultra_honk/ultra_prover.hpp"
14#include "barretenberg/ultra_honk/ultra_verifier.hpp"
15
16namespace bb::stdlib::recursion::honk {
17
18using Builder = UltraCircuitBuilder;
19using UltraFlavor = UltraFlavor;
20using UltraRecursiveFlavor = UltraRecursiveFlavor_<Builder>;
21using FF = fr;
22using NativeTranscript = NativeTranscript;
23using StdlibTranscript = BaseTranscript<StdlibTranscriptParams<Builder>>;
24using StdlibProof = stdlib::Proof<Builder>;
25
32template <class Flavor, size_t LENGTH> auto generate_mock_proof_data(auto prover_transcript)
33{
34 using FF = typename Flavor::FF;
35 using Commitment = typename Flavor::Commitment;
36 using Univariate = typename bb::Univariate<FF, LENGTH>;
37
38 // Create some mock data to be added to the transcript in several mock rounds
39 uint32_t data = 25;
40 auto scalar = FF::random_element();
41 auto commitment = Commitment::one();
42
43 std::array<FF, LENGTH> evaluations;
44 for (auto& eval : evaluations) {
45 eval = FF::random_element();
46 }
47 auto univariate = Univariate(evaluations);
48
49 // round 0
50 prover_transcript.send_to_verifier("data", data);
51 prover_transcript.template get_challenge<FF>("alpha");
52
53 // round 1
54 prover_transcript.send_to_verifier("scalar", scalar);
55 prover_transcript.send_to_verifier("commitment", commitment);
56 prover_transcript.template get_challenges<FF>("beta, gamma");
57
58 // round 2
59 prover_transcript.send_to_verifier("univariate", univariate);
60 prover_transcript.template get_challenges<FF>("gamma", "delta");
61
62 return prover_transcript.export_proof();
63}
64
74template <class Flavor, size_t LENGTH> void perform_mock_verifier_transcript_operations(auto transcript)
75{
76 using FF = typename Flavor::FF;
77 using Commitment = typename Flavor::Commitment;
78 using Univariate = typename bb::Univariate<FF, LENGTH>;
79
80 // round 0
81 transcript.template receive_from_prover<FF>("data");
82 transcript.template get_challenge<FF>("alpha");
83
84 // round 1
85 transcript.template receive_from_prover<FF>("scalar");
86 transcript.template receive_from_prover<Commitment>("commitment");
87 transcript.template get_challenges<FF>("beta, gamma");
88
89 // round 2
90 transcript.template receive_from_prover<Univariate>("univariate");
91 transcript.template get_challenges<FF>("gamma", "delta");
92}
93
99TEST(RecursiveHonkTranscript, InterfacesMatch)
100{
101 Builder builder;
102
103 constexpr size_t LENGTH = 8; // arbitrary length of Univariate to be serialized
104
105 // Instantiate a Prover Transcript and use it to generate some mock proof data
106 NativeTranscript prover_transcript;
107 auto proof_data = generate_mock_proof_data<UltraFlavor, LENGTH>(prover_transcript);
108
109 // Instantiate a (native) Verifier Transcript with the proof data and perform some mock transcript operations
110 NativeTranscript native_transcript;
111 native_transcript.load_proof(proof_data);
112 perform_mock_verifier_transcript_operations<UltraFlavor, LENGTH>(native_transcript);
113
114 // Confirm that Prover and Verifier transcripts have generated the same manifest via the operations performed
115 EXPECT_EQ(prover_transcript.get_manifest(), native_transcript.get_manifest());
116
117 // Instantiate a stdlib Transcript and perform the same operations
118 StdlibProof stdlib_proof(builder, proof_data);
119 StdlibTranscript transcript;
120 transcript.load_proof(stdlib_proof);
121 perform_mock_verifier_transcript_operations<UltraRecursiveFlavor, LENGTH>(transcript);
122
123 // Confirm that the native and stdlib verifier transcripts have generated the same manifest
124 EXPECT_EQ(transcript.get_manifest(), native_transcript.get_manifest());
125
126 // TODO(#1351): The Honk stdlib transcript does not currently lay down contraints for fiat-shamir hashing so
127 // check_circuit has limited value.
128 EXPECT_TRUE(CircuitChecker::check(builder));
129}
130
135TEST(RecursiveHonkTranscript, ReturnValuesMatch)
136{
137 using FF = fr;
138 using Commitment = g1::affine_element;
139
140 using field_ct = field_t<Builder>;
141 using fq_ct = bigfield<Builder, bb::Bn254FqParams>;
142 using element_ct = element<Builder, fq_ct, field_ct, bb::g1>;
143
144 Builder builder;
145
146 // Define some mock data for a mock proof
147 auto scalar = FF::random_element();
148 auto commitment = Commitment::one() * FF::random_element();
149
150 const size_t LENGTH = 10; // arbitrary
151 std::array<FF, LENGTH> evaluations;
152 for (auto& eval : evaluations) {
153 eval = FF::random_element();
154 }
155
156 // Construct a mock proof via the prover transcript
157 NativeTranscript prover_transcript;
158 prover_transcript.send_to_verifier("scalar", scalar);
159 prover_transcript.send_to_verifier("commitment", commitment);
160 prover_transcript.send_to_verifier("evaluations", evaluations);
161 prover_transcript.template get_challenges<FF>("alpha, beta");
162 auto proof_data = prover_transcript.export_proof();
163
164 // Perform the corresponding operations with the native verifier transcript
165 NativeTranscript native_transcript;
166 native_transcript.load_proof(proof_data);
167 auto native_scalar = native_transcript.template receive_from_prover<FF>("scalar");
168 auto native_commitment = native_transcript.template receive_from_prover<Commitment>("commitment");
169 auto native_evaluations = native_transcript.template receive_from_prover<std::array<FF, LENGTH>>("evaluations");
170 auto [native_alpha, native_beta] = native_transcript.template get_challenges<FF>("alpha", "beta");
171
172 // Perform the same operations with the stdlib verifier transcript
173 stdlib::Proof<Builder> stdlib_proof(builder, proof_data);
174 StdlibTranscript stdlib_transcript;
175 stdlib_transcript.load_proof(stdlib_proof);
176 auto stdlib_scalar = stdlib_transcript.template receive_from_prover<field_ct>("scalar");
177 auto stdlib_commitment = stdlib_transcript.template receive_from_prover<element_ct>("commitment");
178 auto stdlib_evaluations =
179 stdlib_transcript.template receive_from_prover<std::array<field_ct, LENGTH>>("evaluations");
180 auto [stdlib_alpha, stdlib_beta] = stdlib_transcript.template get_challenges<field_ct>("alpha", "beta");
181
182 // Confirm that return values are equivalent
183 EXPECT_EQ(native_scalar, stdlib_scalar.get_value());
184 EXPECT_EQ(native_commitment, stdlib_commitment.get_value());
185 for (size_t i = 0; i < LENGTH; ++i) {
186 EXPECT_EQ(native_evaluations[i], stdlib_evaluations[i].get_value());
187 }
188
189 EXPECT_EQ(static_cast<FF>(native_alpha), stdlib_alpha.get_value());
190 EXPECT_EQ(static_cast<FF>(native_beta), stdlib_beta.get_value());
191}
192
198TEST(RecursiveTranscript, InfinityConsistencyGrumpkin)
199{
200 using NativeCurve = curve::Grumpkin;
201 using NativeCommitment = typename NativeCurve::AffineElement;
202 using NativeFF = NativeCurve::ScalarField;
203
204 using FF = bigfield<Builder, bb::Bn254FqParams>;
205 using Commitment = cycle_group<Builder>;
206
207 Builder builder;
208
209 NativeCommitment infinity = NativeCommitment::infinity();
210
211 NativeTranscript prover_transcript;
212 prover_transcript.send_to_verifier("infinity", infinity);
213 NativeFF challenge = prover_transcript.get_challenge<NativeFF>("challenge");
214 auto proof_data = prover_transcript.export_proof();
215
216 NativeTranscript verifier_transcript;
217 verifier_transcript.load_proof(proof_data);
218 verifier_transcript.receive_from_prover<NativeCommitment>("infinity");
219 auto verifier_challenge = verifier_transcript.get_challenge<NativeFF>("challenge");
220
221 stdlib::Proof<Builder> stdlib_proof(builder, proof_data);
222 StdlibTranscript stdlib_transcript;
223 stdlib_transcript.load_proof(stdlib_proof);
224 auto stdlib_infinity = stdlib_transcript.receive_from_prover<Commitment>("infinity");
225 EXPECT_TRUE(stdlib_infinity.is_point_at_infinity().get_value());
226 auto stdlib_challenge = stdlib_transcript.get_challenge<FF>("challenge");
227
228 EXPECT_EQ(challenge, verifier_challenge);
229 EXPECT_EQ(verifier_challenge, NativeFF(stdlib_challenge.get_value() % FF::modulus));
230}
231
237TEST(RecursiveTranscript, InfinityConsistencyBN254)
238{
239 using NativeCurve = curve::BN254;
240 using NativeCommitment = typename NativeCurve::AffineElement;
241 using NativeFF = NativeCurve::ScalarField;
242
243 using FF = field_t<Builder>;
244 using BF = bigfield<Builder, bb::Bn254FqParams>;
245 using Commitment = element<Builder, BF, FF, bb::g1>;
246
247 Builder builder;
248
249 NativeCommitment infinity = NativeCommitment::infinity();
250
251 NativeTranscript prover_transcript;
252 prover_transcript.send_to_verifier("infinity", infinity);
253 NativeFF challenge = prover_transcript.get_challenge<NativeFF>("challenge");
254 auto proof_data = prover_transcript.export_proof();
255
256 NativeTranscript verifier_transcript;
257 verifier_transcript.load_proof(proof_data);
258 verifier_transcript.receive_from_prover<NativeCommitment>("infinity");
259 auto verifier_challenge = verifier_transcript.get_challenge<NativeFF>("challenge");
260
261 stdlib::Proof<Builder> stdlib_proof(builder, proof_data);
262 StdlibTranscript stdlib_transcript;
263 stdlib_transcript.load_proof(stdlib_proof);
264 auto stdlib_commitment = stdlib_transcript.receive_from_prover<Commitment>("infinity");
265 EXPECT_TRUE(stdlib_commitment.is_point_at_infinity().get_value());
266 auto stdlib_challenge = stdlib_transcript.get_challenge<FF>("challenge");
267
268 EXPECT_EQ(challenge, verifier_challenge);
269 EXPECT_EQ(verifier_challenge, stdlib_challenge.get_value());
270}
271} // namespace bb::stdlib::recursion::honk
circuit_checker.hpp
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:154
bb::BaseTranscript::receive_from_prover
T receive_from_prover(const std::string &label)
Reads the next element of type T from the transcript, with a predefined label, only used by verifier.
Definition transcript.hpp:591
bb::BaseTranscript::load_proof
void load_proof(const std::vector< DataType > &proof)
Definition transcript.hpp:319
bb::BaseTranscript::get_manifest
TranscriptManifest get_manifest() const
Definition transcript.hpp:686
bb::BaseTranscript::get_challenge
ChallengeType get_challenge(const std::string &label)
Definition transcript.hpp:676
bb::MegaFlavor::FF
Curve::ScalarField FF
Definition mega_flavor.hpp:37
bb::MegaFlavor::Commitment
Curve::AffineElement Commitment
Definition mega_flavor.hpp:39
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:42
bb::UltraRecursiveFlavor_
The recursive counterpart to the "native" Ultra flavor.
Definition ultra_recursive_flavor.hpp:51
bb::Univariate
A univariate polynomial represented by its values on {domain_start, domain_start + 1,...
Definition univariate.hpp:35
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19
bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve i.e....
Definition cycle_group.hpp:36
bb::stdlib::field_t< Builder >
builder
AluTraceBuilder builder
Definition alu.test.cpp:123
data
const std::vector< FF > data
Definition data_copy.test.cpp:61
decider_proving_key.hpp
fq_ct
bn254::BaseField fq_ct
Definition graph_description_bigfield.test.cpp:29
bb::stdlib::recursion::honk::generate_mock_proof_data
auto generate_mock_proof_data(auto prover_transcript)
Create some mock data; add it to the provided prover transcript in various mock rounds.
Definition transcript.test.cpp:32
bb::stdlib::recursion::honk::perform_mock_verifier_transcript_operations
void perform_mock_verifier_transcript_operations(auto transcript)
Perform series of verifier transcript operations.
Definition transcript.test.cpp:74
bb::stdlib::recursion::honk::TEST
TEST(RecursiveHonkTranscript, InterfacesMatch)
Test basic transcript functionality and check circuit.
Definition transcript.test.cpp:99
bb::stdlib::element
std::conditional_t< IsGoblinBigGroup< C, Fq, Fr, G >, element_goblin::goblin_element< C, goblin_field< C >, Fr, G >, element_default::element< C, Fq, Fr, G > > element
element wraps either element_default::element or element_goblin::goblin_element depending on parametr...
Definition biggroup.hpp:1055
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174
bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:24
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::field< Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:197
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665
ultra_flavor.hpp
ultra_prover.hpp
ultra_recursive_flavor.hpp
ultra_rollup_recursive_flavor.hpp
ultra_verifier.hpp