52 static constexpr bool HasZK =
false;
77 template <
typename FF>
98 static constexpr size_t NUM_SUBRELATIONS = compute_number_of_subrelations<Relations>();
110 static constexpr size_t num_frs_comm = bb::field_conversion::calc_num_bn254_frs<Commitment>();
111 static constexpr size_t num_frs_fr = bb::field_conversion::calc_num_bn254_frs<FF>();
133 template <
size_t NUM_KEYS>
135 decltype(create_protogalaxy_tuple_of_tuples_of_univariates<Relations, NUM_KEYS>());
136 template <
size_t NUM_KEYS>
168 q_poseidon2_external,
169 q_poseidon2_internal,
190 return RefArray{ q_lookup, q_arith, q_delta_range, q_elliptic,
191 q_memory, q_nnf, q_poseidon2_external, q_poseidon2_internal };
216 auto get_wires() {
return RefArray{ w_l, w_r, w_o, w_4 }; };
219 MSGPACK_FIELDS(w_l, w_r, w_o, w_4, z_perm, lookup_inverses, lookup_read_counts, lookup_read_tags);
234 auto get_shifted() {
return RefArray{ w_l_shift, w_r_shift, w_o_shift, w_4_shift, z_perm_shift }; };
246 template <
typename DataType>
290 if (poly.is_empty()) {
306 for (
auto [result_field, polynomial] :
zip_view(result.get_all(), get_all())) {
307 result_field = polynomial[row_idx];
316 result_field = polynomial[row_idx];
319 result_field = polynomial[row_idx];
321 for (
auto [result_field, polynomial] :
zip_view(result.get_wires(), get_wires())) {
322 result_field = polynomial[row_idx];
331 shifted = to_be_shifted.shifted();
337 for (
auto& polynomial : this->get_all()) {
338 polynomial.increase_virtual_size(size_in);
394 for (
size_t i = 0; i < public_input_size; ++i) {
405 for (
size_t i = 0; i < virtual_log_n; ++i) {
412 for (
size_t i = 0; i < virtual_log_n - 1; ++i) {
416 for (
size_t i = 0; i < virtual_log_n; ++i) {
446 for (
size_t i = 0; i < virtual_log_n; ++i) {
450 for (
size_t i = 0; i < virtual_log_n - 1; ++i) {
453 for (
size_t i = 0; i < virtual_log_n; ++i) {
495 commitment = commitment_key.commit(polynomial);
518 q_poseidon2_external,
519 q_poseidon2_internal,
548 for (
auto& poly : this->get_all()) {
555 for (
auto [poly, full_poly] :
zip_view(get_all(), full_polynomials.get_all())) {
557 size_t desired_size = full_poly.end_index() / 2 + full_poly.end_index() % 2;
558 poly =
Polynomial(desired_size, circuit_size / 2);
572 template <
size_t LENGTH,
size_t SKIP_COUNT>
600 lookup_inverses =
"LOOKUP_INVERSES";
601 lookup_read_counts =
"LOOKUP_READ_COUNTS";
602 lookup_read_tags =
"LOOKUP_READ_TAGS";
610 q_lookup =
"Q_LOOKUP";
612 q_delta_range =
"Q_SORT";
613 q_elliptic =
"Q_ELLIPTIC";
614 q_memory =
"Q_MEMORY";
616 q_poseidon2_external =
"Q_POSEIDON2_EXTERNAL";
617 q_poseidon2_internal =
"Q_POSEIDON2_INTERNAL";
630 lagrange_first =
"LAGRANGE_FIRST";
631 lagrange_last =
"LAGRANGE_LAST";
640 template <
typename Commitment,
typename VerificationKey>
646 this->q_m = verification_key->q_m;
647 this->q_c = verification_key->q_c;
648 this->q_l = verification_key->q_l;
649 this->q_r = verification_key->q_r;
650 this->q_o = verification_key->q_o;
651 this->q_4 = verification_key->q_4;
652 this->q_lookup = verification_key->q_lookup;
653 this->q_arith = verification_key->q_arith;
654 this->q_delta_range = verification_key->q_delta_range;
655 this->q_elliptic = verification_key->q_elliptic;
656 this->q_memory = verification_key->q_memory;
657 this->q_nnf = verification_key->q_nnf;
658 this->q_poseidon2_external = verification_key->q_poseidon2_external;
659 this->q_poseidon2_internal = verification_key->q_poseidon2_internal;
660 this->sigma_1 = verification_key->sigma_1;
661 this->sigma_2 = verification_key->sigma_2;
662 this->sigma_3 = verification_key->sigma_3;
663 this->sigma_4 = verification_key->sigma_4;
664 this->id_1 = verification_key->id_1;
665 this->id_2 = verification_key->id_2;
666 this->id_3 = verification_key->id_3;
667 this->id_4 = verification_key->id_4;
668 this->table_1 = verification_key->table_1;
669 this->table_2 = verification_key->table_2;
670 this->table_3 = verification_key->table_3;
671 this->table_4 = verification_key->table_4;
672 this->lagrange_first = verification_key->lagrange_first;
673 this->lagrange_last = verification_key->lagrange_last;
675 if (witness_commitments.has_value()) {
676 auto commitments = witness_commitments.value();
677 this->w_l = commitments.w_l;
678 this->w_r = commitments.w_r;
679 this->w_o = commitments.w_o;
680 this->lookup_inverses = commitments.lookup_inverses;
681 this->lookup_read_counts = commitments.lookup_read_counts;
682 this->lookup_read_tags = commitments.lookup_read_tags;
683 this->w_4 = commitments.w_4;
684 this->z_perm = commitments.z_perm;
#define BB_ASSERT_EQ(actual, expected,...)
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
T deserialize_from_buffer(const Proof &proof_data, size_t &offset) const
Deserializes the frs starting at offset into the typed element and returns that element.
void serialize_to_buffer(const T &element, Proof &proof_data)
Serializes object and appends it to proof_data.
static std::shared_ptr< BaseTranscript > verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
static std::shared_ptr< BaseTranscript > prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
CommitmentKey object over a pairing group 𝔾₁.
Base Native verification key class.
uint64_t log_circuit_size
uint64_t pub_inputs_offset
uint64_t num_public_inputs
A template class for a reference array. Behaves as if std::array<T&, N> was possible.
A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribu...
static constexpr size_t NUM_WIRES
static constexpr CircuitType CIRCUIT_TYPE
A base class labelling all entities (for instance, all of the polynomials used by the prover during s...
A field element for each entity of the flavor. These entities represent the prover polynomials evalua...
A container for commitment labels.
A container for storing the partially evaluated multivariates produced by sumcheck.
PartiallyEvaluatedMultivariates()=default
PartiallyEvaluatedMultivariates(const size_t circuit_size)
PartiallyEvaluatedMultivariates(const ProverPolynomials &full_polynomials, size_t circuit_size)
A base class labelling precomputed entities and (ordered) subsets of interest.
auto get_gate_selectors()
DEFINE_FLAVOR_MEMBERS(DataType, q_m, q_c, q_l, q_r, q_o, q_4, q_lookup, q_arith, q_delta_range, q_elliptic, q_memory, q_nnf, q_poseidon2_external, q_poseidon2_internal, sigma_1, sigma_2, sigma_3, sigma_4, id_1, id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, lagrange_last) static const expr CircuitType CIRCUIT_TYPE
bool operator==(const PrecomputedEntities &) const =default
auto get_non_gate_selectors()
A container for polynomials handles.
ProverPolynomials(size_t circuit_size)
ProverPolynomials(const ProverPolynomials &o)=delete
ProverPolynomials & operator=(const ProverPolynomials &)=delete
~ProverPolynomials()=default
ProverPolynomials()=default
ProverPolynomials & operator=(ProverPolynomials &&o) noexcept=default
AllValues get_row_for_permutation_arg(size_t row_idx)
size_t get_polynomial_size() const
void increase_polynomials_virtual_size(const size_t size_in)
ProverPolynomials(ProverPolynomials &&o) noexcept=default
AllValues get_row(const size_t row_idx) const
Class for ShitftedEntities, containing shifted witness polynomials.
DEFINE_FLAVOR_MEMBERS(DataType, w_l_shift, w_r_shift, w_o_shift, w_4_shift, z_perm_shift) auto get_shifted()
Derived class that defines proof structure for Ultra proofs, as well as supporting functions.
void serialize_full_transcript(size_t virtual_log_n=VIRTUAL_LOG_N)
Serializes the structure variables into a FULL Ultra proof. Should be called only if deserialize_full...
std::vector< FF > gemini_fold_evals
Commitment lookup_read_counts_comm
Commitment lookup_inverses_comm
std::vector< Commitment > gemini_fold_comms
std::vector< FF > public_inputs
static std::shared_ptr< Transcript_ > prover_init_empty()
Commitment shplonk_q_comm
std::array< FF, NUM_ALL_ENTITIES > sumcheck_evaluations
Commitment lookup_read_tags_comm
std::vector< bb::Univariate< FF, BATCHED_RELATION_PARTIAL_LENGTH > > sumcheck_univariates
static std::shared_ptr< Transcript_ > verifier_init_empty(const std::shared_ptr< Transcript_ > &transcript)
void deserialize_full_transcript(size_t public_input_size, size_t virtual_log_n=VIRTUAL_LOG_N)
Takes a FULL Ultra proof and deserializes it into the public member variables that compose the struct...
The verification key is responsible for storing the commitments to the precomputed (non-witnessk) pol...
VerificationKey()=default
VerificationKey(const size_t circuit_size, const size_t num_public_inputs)
static constexpr size_t VERIFICATION_KEY_LENGTH
MSGPACK_FIELDS(log_circuit_size, num_public_inputs, pub_inputs_offset, q_m, q_c, q_l, q_r, q_o, q_4, q_lookup, q_arith, q_delta_range, q_elliptic, q_memory, q_nnf, q_poseidon2_external, q_poseidon2_internal, sigma_1, sigma_2, sigma_3, sigma_4, id_1, id_2, id_3, id_4, table_1, table_2, table_3, table_4, lagrange_first, lagrange_last)
bool operator==(const VerificationKey &) const =default
VerificationKey(const PrecomputedData &precomputed)
std::true_type MSGPACK_NO_STATIC_CHECK
A container encapsulating all the commitments that the verifier receives (to precomputed polynomials ...
VerifierCommitments_(const std::shared_ptr< VerificationKey > &verification_key, const std::optional< WitnessEntities< Commitment > > &witness_commitments=std::nullopt)
Container for all witness polynomials used/constructed by the prover.
DEFINE_FLAVOR_MEMBERS(DataType, w_l, w_r, w_o, w_4, z_perm, lookup_inverses, lookup_read_counts, lookup_read_tags) auto get_wires()
MSGPACK_FIELDS(w_l, w_r, w_o, w_4, z_perm, lookup_inverses, lookup_read_counts, lookup_read_tags)
static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS
static constexpr size_t MAX_TOTAL_RELATION_LENGTH
static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH
static constexpr size_t NUM_FOLDED_ENTITIES
static constexpr bool USE_PADDING
static constexpr size_t NUM_RELATIONS
static constexpr size_t NUM_PRECOMPUTED_ENTITIES
static constexpr bool HasZK
static constexpr bool is_decider
static constexpr bool USE_SHORT_MONOMIALS
static constexpr size_t num_frs_comm
Curve::AffineElement Commitment
static constexpr size_t num_frs_fr
static constexpr size_t MAX_PARTIAL_RELATION_LENGTH
std::array< FF, NUM_SUBRELATIONS - 1 > SubrelationSeparators
static constexpr size_t NUM_SHIFTED_WITNESSES
static constexpr size_t NUM_SUBRELATIONS
static constexpr bool has_zero_row
bb::Polynomial< FF > Polynomial
static constexpr size_t VIRTUAL_LOG_N
decltype(create_protogalaxy_tuple_of_tuples_of_univariates< Relations, NUM_KEYS >()) ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping
std::tuple< bb::UltraArithmeticRelation< FF >, bb::UltraPermutationRelation< FF >, bb::LogDerivLookupRelation< FF >, bb::DeltaRangeConstraintRelation< FF >, bb::EllipticRelation< FF >, bb::MemoryRelation< FF >, bb::NonNativeFieldRelation< FF >, bb::Poseidon2ExternalRelation< FF >, bb::Poseidon2InternalRelation< FF > > Relations_
Curve::Element GroupElement
Relations_< FF > Relations
static constexpr size_t DECIDER_PROOF_LENGTH(size_t virtual_log_n=VIRTUAL_LOG_N)
static constexpr size_t NUM_ALL_ENTITIES
static constexpr size_t OINK_PROOF_LENGTH_WITHOUT_PUB_INPUTS
decltype(create_protogalaxy_tuple_of_tuples_of_univariates< Relations, NUM_KEYS, true >()) ProtogalaxyTupleOfTuplesOfUnivariates
static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS(size_t virtual_log_n=VIRTUAL_LOG_N)
static constexpr size_t NUM_WIRES
static constexpr size_t NUM_WITNESS_ENTITIES
A univariate polynomial represented by its values on {domain_start, domain_start + 1,...
typename Group::element Element
typename Group::affine_element AffineElement
constexpr size_t NUM_KEYS
Base class templates for structures that contain data parameterized by the fundamental polynomials of...
#define DEFINE_COMPOUND_GET_ALL(...)
constexpr T get_msb(const T in)
Entry point for Barretenberg command-line interface.
constexpr auto create_protogalaxy_tuple_of_tuples_of_univariates()
Utility function to construct a container for the subrelation accumulators of Protogalaxy folding.
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
RefArray< T,(Ns+...)> constexpr concatenate(const RefArray< T, Ns > &... ref_arrays)
Concatenates multiple RefArray objects into a single RefArray.
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
#define PROFILE_THIS_NAME(name)
The precomputed data needed to compute a Honk VK.
RefArray< Polynomial, NUM_PRECOMPUTED_ENTITIES > polynomials
1.9.8