Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ultra_recursive_verifier.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8#include "barretenberg/flavor/mega_recursive_flavor.hpp"
9#include "barretenberg/flavor/mega_zk_recursive_flavor.hpp"
10#include "barretenberg/flavor/ultra_recursive_flavor.hpp"
11#include "barretenberg/flavor/ultra_rollup_recursive_flavor.hpp"
12#include "barretenberg/flavor/ultra_zk_recursive_flavor.hpp"
13#include "barretenberg/honk/proof_system/types/proof.hpp"
14#include "barretenberg/stdlib/honk_verifier/oink_recursive_verifier.hpp"
15#include "barretenberg/stdlib/primitives/pairing_points.hpp"
16#include "barretenberg/stdlib/proof/proof.hpp"
17#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
18#include "barretenberg/stdlib/transcript/transcript.hpp"
19#include "barretenberg/sumcheck/sumcheck.hpp"
20
21namespace bb::stdlib::recursion::honk {
22
23template <typename Builder> struct UltraRecursiveVerifierOutput {
24 using Curve = bn254<Builder>;
25 using FF = Curve::ScalarField;
26 using G1 = Curve::Group;
27
28 PairingPoints<Builder> points_accumulator;
29 OpeningClaim<grumpkin<Builder>> ipa_claim;
30 stdlib::Proof<Builder> ipa_proof;
31 std::array<G1, Builder::NUM_WIRES> ecc_op_tables; // Ecc op tables' commitments as extracted from the public inputs
32 // of the HidingKernel, only for ClientIVC
33 FF mega_hash; // The hash of public inputs and VK of the inner circuit in the GoblinAvmRecursiveVerifier
34
35 UltraRecursiveVerifierOutput() = default;
36
37 template <class IO>
38 UltraRecursiveVerifierOutput(IO& inputs)
39 : points_accumulator(inputs.pairing_inputs)
40 {
41 if constexpr (std::is_same_v<IO, RollupIO>) {
42 ipa_claim = inputs.ipa_claim;
43 } else if constexpr (std::is_same_v<IO, HidingKernelIO<Builder>>) {
44 ecc_op_tables = inputs.ecc_op_tables;
45 } else if constexpr (std::is_same_v<IO, GoblinAvmIO<Builder>>) {
46 mega_hash = inputs.mega_hash;
47 } else if constexpr (!std::is_same_v<IO, DefaultIO<Builder>>) {
48 throw_or_abort("Invalid public input type.");
49 }
50 }
51};
52
53template <typename Flavor> class UltraRecursiveVerifier_ {
54 public:
55 using FF = typename Flavor::FF;
56 using Commitment = typename Flavor::Commitment;
57 using GroupElement = typename Flavor::GroupElement;
58 using RecursiveDeciderVK = RecursiveDeciderVerificationKey_<Flavor>;
59 using VerificationKey = typename Flavor::VerificationKey;
60 using VKAndHash = typename Flavor::VKAndHash;
61 using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey;
62 using Builder = typename Flavor::CircuitBuilder;
63 using PairingObject = PairingPoints<Builder>;
64 using Transcript = bb::BaseTranscript<bb::stdlib::recursion::honk::StdlibTranscriptParams<Builder>>;
65 using OinkVerifier = OinkRecursiveVerifier_<Flavor>;
66 using Output = UltraRecursiveVerifierOutput<Builder>;
67 using StdlibProof = stdlib::Proof<Builder>;
68
69 explicit UltraRecursiveVerifier_(Builder* builder,
70 const std::shared_ptr<VKAndHash>& vk_and_hash,
71 const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>());
72
73 template <class IO>
74 [[nodiscard("IPA claim and Pairing points should be accumulated")]] Output verify_proof(const StdlibProof& proof);
75
76 // TODO(https://github.com/AztecProtocol/barretenberg/issues/1364): Improve VKs. Clarify the usage of
77 // RecursiveDeciderVK here. Seems unnecessary.
78 std::shared_ptr<RecursiveDeciderVK> key;
79 VerifierCommitmentKey pcs_verification_key;
80 Builder* builder;
81 std::shared_ptr<Transcript> transcript;
82};
83
84} // namespace bb::stdlib::recursion::honk
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:154
bb::MegaFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witness) poly...
Definition mega_flavor.hpp:440
bb::MegaFlavor::FF
Curve::ScalarField FF
Definition mega_flavor.hpp:37
bb::MegaFlavor::VerifierCommitmentKey
bb::VerifierCommitmentKey< Curve > VerifierCommitmentKey
Definition mega_flavor.hpp:43
bb::MegaFlavor::GroupElement
Curve::Element GroupElement
Definition mega_flavor.hpp:38
bb::MegaFlavor::CircuitBuilder
MegaCircuitBuilder CircuitBuilder
Definition mega_flavor.hpp:35
bb::MegaFlavor::Commitment
Curve::AffineElement Commitment
Definition mega_flavor.hpp:39
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:53
bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19
bb::stdlib::field_t
Definition field.hpp:45
bb::stdlib::recursion::honk::OinkRecursiveVerifier_
Definition oink_recursive_verifier.hpp:13
bb::stdlib::recursion::honk::RecursiveDeciderVerificationKey_
The stdlib counterpart of DeciderVerificationKey, used in recursive folding verification.
Definition recursive_decider_verification_key.hpp:18
bb::stdlib::recursion::honk::UltraRecursiveVerifier_
Definition ultra_recursive_verifier.hpp:53
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::key
std::shared_ptr< RecursiveDeciderVK > key
Definition ultra_recursive_verifier.hpp:78
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::Builder
typename Flavor::CircuitBuilder Builder
Definition ultra_recursive_verifier.hpp:62
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::VerifierCommitmentKey
typename Flavor::VerifierCommitmentKey VerifierCommitmentKey
Definition ultra_recursive_verifier.hpp:61
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::pcs_verification_key
VerifierCommitmentKey pcs_verification_key
Definition ultra_recursive_verifier.hpp:79
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::VerificationKey
typename Flavor::VerificationKey VerificationKey
Definition ultra_recursive_verifier.hpp:59
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::transcript
std::shared_ptr< Transcript > transcript
Definition ultra_recursive_verifier.hpp:81
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::Commitment
typename Flavor::Commitment Commitment
Definition ultra_recursive_verifier.hpp:56
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::verify_proof
Output verify_proof(const StdlibProof &proof)
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::FF
typename Flavor::FF FF
Definition ultra_recursive_verifier.hpp:55
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::GroupElement
typename Flavor::GroupElement GroupElement
Definition ultra_recursive_verifier.hpp:57
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::VKAndHash
typename Flavor::VKAndHash VKAndHash
Definition ultra_recursive_verifier.hpp:60
bb::stdlib::recursion::honk::UltraRecursiveVerifier_::builder
Builder * builder
Definition ultra_recursive_verifier.hpp:80
proof.hpp
mega_recursive_flavor.hpp
mega_zk_recursive_flavor.hpp
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
oink_recursive_verifier.hpp
pairing_points.hpp
special_public_inputs.hpp
bb::stdlib::bn254::ScalarField
field_t< CircuitBuilder > ScalarField
Definition bn254.hpp:33
bb::stdlib::bn254::Group
element< CircuitBuilder, bigfield< CircuitBuilder, bb::Bn254FqParams >, ScalarField, GroupNative > Group
Definition bn254.hpp:34
bb::stdlib::recursion::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:24
throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6
ultra_recursive_flavor.hpp
ultra_rollup_recursive_flavor.hpp
ultra_zk_recursive_flavor.hpp