- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
RecursionConstraint struct contains information required to recursively verify a proof! More...
#include <recursion_constraint.hpp>
Static Public Member Functions | |
| template<typename Builder > | |
| static std::vector< bb::stdlib::field_t< Builder > > | fields_from_witnesses (Builder &builder, const std::vector< uint32_t > &witness_indices) |
Public Attributes | |
| std::vector< uint32_t > | key |
| std::vector< uint32_t > | proof |
| std::vector< uint32_t > | public_inputs |
| uint32_t | key_hash |
| uint32_t | proof_type |
Friends | |
| bool | operator== (RecursionConstraint const &lhs, RecursionConstraint const &rhs)=default |
RecursionConstraint struct contains information required to recursively verify a proof!
The recursive verifier algorithm produces an 'aggregation object' representing 2 G1 points, expressed as 16 witness values. The smart contract Verifier must be aware of this aggregation object in order to complete the full recursive verification. If the circuit verifies more than 1 proof, the recursion algorithm will update a pre-existing aggregation object (input_points_accumulator).
We currently require that the inner circuit being verified only has a single public input. If more are required, the outer circuit can hash them down to 1 input.
| verification_key_data | The inner circuit vkey. Is converted into circuit witness values (internal to the backend) |
| proof | The plonk proof. Is converted into circuit witness values (internal to the backend) |
| is_points_accumulator_nonzero | A flag to tell us whether the circuit has already recursively verified proofs (and therefore an aggregation object is present) |
| public_input | The index of the single public input |
| input_points_accumulator | Witness indices of pre-existing aggregation object (if it exists) |
| output_points_accumulator | Witness indices of the aggregation object produced by recursive verification |
| nested_points_accumulator | Public input indices of an aggregation object inside the proof. |
nested_points_accumulator. If the inner proof is of a circuit that does not have a nested aggregation object, these values are all zero.To outline the interaction between the input_aggergation_object and the nested_points_accumulator take the following example: If we have a circuit that verifies 2 proofs A and B, the recursion constraint for B will have an input_points_accumulator that points to the aggregation output produced by verifying A. If circuit B also verifies a proof, in the above example the recursion constraint for verifying B will have a nested object that describes the aggregation object in B’s public inputs as well as an input aggregation object that points to the object produced by the previous recursion constraint in the circuit (the one that verifies A)
TODO(https://github.com/AztecProtocol/barretenberg/issues/996): Create similar comments for Honk.
Definition at line 57 of file recursion_constraint.hpp.
|
inlinestatic |
Definition at line 67 of file recursion_constraint.hpp.
|
friend |
| std::vector<uint32_t> acir_format::RecursionConstraint::key |
Definition at line 58 of file recursion_constraint.hpp.
| uint32_t acir_format::RecursionConstraint::key_hash |
Definition at line 61 of file recursion_constraint.hpp.
| std::vector<uint32_t> acir_format::RecursionConstraint::proof |
Definition at line 59 of file recursion_constraint.hpp.
| uint32_t acir_format::RecursionConstraint::proof_type |
Definition at line 62 of file recursion_constraint.hpp.
| std::vector<uint32_t> acir_format::RecursionConstraint::public_inputs |
Definition at line 60 of file recursion_constraint.hpp.
1.9.8