Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ultra_zk_flavor.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "barretenberg/common/assert.hpp"
10#include "barretenberg/flavor/ultra_flavor.hpp"
11
12namespace bb {
13
23class UltraZKFlavor : public UltraFlavor {
24 public:
25 // This flavor runs with ZK Sumcheck
26 static constexpr bool HasZK = true;
27 // Determine the number of evaluations of Prover and Libra Polynomials that the Prover sends to the Verifier in
28 // the rounds of ZK Sumcheck.
29 static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = UltraFlavor::BATCHED_RELATION_PARTIAL_LENGTH + 1;
30 static_assert(BATCHED_RELATION_PARTIAL_LENGTH == Curve::LIBRA_UNIVARIATES_LENGTH,
31 "LIBRA_UNIVARIATES_LENGTH must be equal to UltraZKFlavor::BATCHED_RELATION_PARTIAL_LENGTH");
32 static constexpr size_t num_frs_comm = bb::field_conversion::calc_num_bn254_frs<Commitment>();
33 static constexpr size_t num_frs_fr = bb::field_conversion::calc_num_bn254_frs<FF>();
34
35 // Proof length formula method
36 static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS(size_t virtual_log_n = CONST_PROOF_SIZE_LOG_N)
37 {
38 return /* 1. NUM_WITNESS_ENTITIES commitments */ (NUM_WITNESS_ENTITIES * num_frs_comm) +
39 /* 2. Libra concatenation commitment*/ (num_frs_comm) +
40 /* 3. Libra sum */ (num_frs_fr) +
41 /* 4. virtual_log_n sumcheck univariates */
42 (virtual_log_n * BATCHED_RELATION_PARTIAL_LENGTH * num_frs_fr) +
43 /* 5. NUM_ALL_ENTITIES sumcheck evaluations*/ (NUM_ALL_ENTITIES * num_frs_fr) +
44 /* 6. Libra claimed evaluation */ (num_frs_fr) +
45 /* 7. Libra grand sum commitment */ (num_frs_comm) +
46 /* 8. Libra quotient commitment */ (num_frs_comm) +
47 /* 9. Gemini masking commitment */ (num_frs_comm) +
48 /* 10. Gemini masking evaluation */ (num_frs_fr) +
49 /* 11. virtual_log_n - 1 Gemini Fold commitments */
50 ((virtual_log_n - 1) * num_frs_comm) +
51 /* 12. virtual_log_n Gemini a evaluations */
52 (virtual_log_n * num_frs_fr) +
53 /* 13. NUM_SMALL_IPA_EVALUATIONS libra evals */ (NUM_SMALL_IPA_EVALUATIONS * num_frs_fr) +
54 /* 14. Shplonk Q commitment */ (num_frs_comm) +
55 /* 15. KZG W commitment */ (num_frs_comm);
56 }
57
63 template <typename Params> class Transcript_ : public UltraFlavor::Transcript_<Params> {
64 public:
65 using Base = UltraFlavor::Transcript_<Params>::Base;
66 // Note: we have a different vector of univariates because the degree for ZK flavors differs
67 std::vector<bb::Univariate<FF, BATCHED_RELATION_PARTIAL_LENGTH>> zk_sumcheck_univariates;
68 Commitment libra_concatenation_commitment;
69 FF libra_sum;
70 FF libra_claimed_evaluation;
71 Commitment libra_grand_sum_commitment;
72 Commitment libra_quotient_commitment;
73 FF libra_concatenation_eval;
74 FF libra_shifted_grand_sum_eval;
75 FF libra_grand_sum_eval;
76 FF libra_quotient_eval;
77 Commitment hiding_polynomial_commitment;
78 FF hiding_polynomial_eval;
79
80 Transcript_() = default;
81
82 static std::shared_ptr<Transcript_> prover_init_empty()
83 {
84 auto transcript = Base::prover_init_empty();
85 return std::static_pointer_cast<Transcript_>(transcript);
86 };
87
88 static std::shared_ptr<Transcript_> verifier_init_empty(const std::shared_ptr<Transcript_>& transcript)
89 {
90 auto verifier_transcript = Base::verifier_init_empty(transcript);
91 return std::static_pointer_cast<Transcript_>(verifier_transcript);
92 };
93
100 void deserialize_full_transcript(size_t num_public_inputs, size_t virtual_log_n = CONST_PROOF_SIZE_LOG_N)
101 {
102 // take current proof and put them into the struct
103 size_t num_frs_read = 0;
104 auto& proof_data = this->proof_data;
105 for (size_t i = 0; i < num_public_inputs; ++i) {
106 this->public_inputs.push_back(Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read));
107 }
108 this->w_l_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
109 this->w_r_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
110 this->w_o_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
111 this->lookup_read_counts_comm =
112 Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
113 this->lookup_read_tags_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
114 this->w_4_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
115 this->lookup_inverses_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
116 this->z_perm_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
117 libra_concatenation_commitment =
118 Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
119 libra_sum = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
120
121 for (size_t i = 0; i < virtual_log_n; ++i) {
122 zk_sumcheck_univariates.push_back(
123 Base::template deserialize_from_buffer<bb::Univariate<FF, BATCHED_RELATION_PARTIAL_LENGTH>>(
124 proof_data, num_frs_read));
125 }
126 libra_claimed_evaluation = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
127 this->sumcheck_evaluations =
128 Base::template deserialize_from_buffer<std::array<FF, NUM_ALL_ENTITIES>>(proof_data, num_frs_read);
129 libra_grand_sum_commitment = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
130 libra_quotient_commitment = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
131 hiding_polynomial_commitment = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
132 hiding_polynomial_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
133 for (size_t i = 0; i < virtual_log_n - 1; ++i) {
134 this->gemini_fold_comms.push_back(
135 Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read));
136 }
137 for (size_t i = 0; i < virtual_log_n; ++i) {
138 this->gemini_fold_evals.push_back(Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read));
139 }
140 libra_concatenation_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
141 libra_shifted_grand_sum_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
142 libra_grand_sum_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
143 libra_quotient_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);
144 this->shplonk_q_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
145
146 this->kzg_w_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);
147 }
148
155 void serialize_full_transcript(size_t virtual_log_n = CONST_PROOF_SIZE_LOG_N)
156 {
157 auto& proof_data = this->proof_data;
158 size_t old_proof_length = proof_data.size();
159 proof_data.clear(); // clear proof_data so the rest of the function can replace it
160 for (const auto& input : this->public_inputs) {
161 Base::serialize_to_buffer(input, proof_data);
162 }
163 Base::serialize_to_buffer(this->w_l_comm, proof_data);
164 Base::serialize_to_buffer(this->w_r_comm, proof_data);
165 Base::serialize_to_buffer(this->w_o_comm, proof_data);
166 Base::serialize_to_buffer(this->lookup_read_counts_comm, proof_data);
167 Base::serialize_to_buffer(this->lookup_read_tags_comm, proof_data);
168 Base::serialize_to_buffer(this->w_4_comm, proof_data);
169 Base::serialize_to_buffer(this->lookup_inverses_comm, proof_data);
170 Base::serialize_to_buffer(this->z_perm_comm, proof_data);
171 Base::serialize_to_buffer(libra_concatenation_commitment, proof_data);
172 Base::serialize_to_buffer(libra_sum, proof_data);
173
174 for (size_t i = 0; i < virtual_log_n; ++i) {
175 Base::serialize_to_buffer(zk_sumcheck_univariates[i], proof_data);
176 }
177 Base::serialize_to_buffer(libra_claimed_evaluation, proof_data);
178
179 Base::serialize_to_buffer(this->sumcheck_evaluations, proof_data);
180 Base::serialize_to_buffer(libra_grand_sum_commitment, proof_data);
181 Base::serialize_to_buffer(libra_quotient_commitment, proof_data);
182 Base::serialize_to_buffer(hiding_polynomial_commitment, proof_data);
183 Base::serialize_to_buffer(hiding_polynomial_eval, proof_data);
184 for (size_t i = 0; i < virtual_log_n - 1; ++i) {
185 Base::serialize_to_buffer(this->gemini_fold_comms[i], proof_data);
186 }
187 for (size_t i = 0; i < virtual_log_n; ++i) {
188 Base::serialize_to_buffer(this->gemini_fold_evals[i], proof_data);
189 }
190 Base::serialize_to_buffer(libra_concatenation_eval, proof_data);
191 Base::serialize_to_buffer(libra_shifted_grand_sum_eval, proof_data);
192 Base::serialize_to_buffer(libra_grand_sum_eval, proof_data);
193 Base::serialize_to_buffer(libra_quotient_eval, proof_data);
194 Base::serialize_to_buffer(this->shplonk_q_comm, proof_data);
195 Base::serialize_to_buffer(this->kzg_w_comm, proof_data);
196
197 BB_ASSERT_EQ(proof_data.size(), old_proof_length);
198 }
199 };
200 using Transcript = Transcript_<NativeTranscriptParams>;
201};
202} // namespace bb
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:59
bb::BaseTranscript< Params >::deserialize_from_buffer
T deserialize_from_buffer(const Proof &proof_data, size_t &offset) const
Deserializes the frs starting at offset into the typed element and returns that element.
Definition transcript.hpp:289
bb::BaseTranscript< Params >::serialize_to_buffer
void serialize_to_buffer(const T &element, Proof &proof_data)
Serializes object and appends it to proof_data.
Definition transcript.hpp:275
bb::BaseTranscript< Params >::verifier_init_empty
static std::shared_ptr< BaseTranscript > verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
Definition transcript.hpp:668
bb::BaseTranscript< Params >::prover_init_empty
static std::shared_ptr< BaseTranscript > prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
Definition transcript.hpp:653
bb::UltraFlavor::Transcript_
Derived class that defines proof structure for Ultra proofs, as well as supporting functions.
Definition ultra_flavor.hpp:349
bb::UltraFlavor::Transcript_::gemini_fold_evals
std::vector< FF > gemini_fold_evals
Definition ultra_flavor.hpp:366
bb::UltraFlavor::Transcript_::lookup_read_counts_comm
Commitment lookup_read_counts_comm
Definition ultra_flavor.hpp:358
bb::UltraFlavor::Transcript_::lookup_inverses_comm
Commitment lookup_inverses_comm
Definition ultra_flavor.hpp:362
bb::UltraFlavor::Transcript_::gemini_fold_comms
std::vector< Commitment > gemini_fold_comms
Definition ultra_flavor.hpp:365
bb::UltraFlavor::Transcript_::public_inputs
std::vector< FF > public_inputs
Definition ultra_flavor.hpp:354
bb::UltraFlavor::Transcript_::w_o_comm
Commitment w_o_comm
Definition ultra_flavor.hpp:357
bb::UltraFlavor::Transcript_::z_perm_comm
Commitment z_perm_comm
Definition ultra_flavor.hpp:361
bb::UltraFlavor::Transcript_::shplonk_q_comm
Commitment shplonk_q_comm
Definition ultra_flavor.hpp:367
bb::UltraFlavor::Transcript_::sumcheck_evaluations
std::array< FF, NUM_ALL_ENTITIES > sumcheck_evaluations
Definition ultra_flavor.hpp:364
bb::UltraFlavor::Transcript_::w_l_comm
Commitment w_l_comm
Definition ultra_flavor.hpp:355
bb::UltraFlavor::Transcript_::w_4_comm
Commitment w_4_comm
Definition ultra_flavor.hpp:360
bb::UltraFlavor::Transcript_::lookup_read_tags_comm
Commitment lookup_read_tags_comm
Definition ultra_flavor.hpp:359
bb::UltraFlavor::Transcript_::w_r_comm
Commitment w_r_comm
Definition ultra_flavor.hpp:356
bb::UltraFlavor::Transcript_::kzg_w_comm
Commitment kzg_w_comm
Definition ultra_flavor.hpp:368
bb::UltraFlavor::BATCHED_RELATION_PARTIAL_LENGTH
static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH
Definition ultra_flavor.hpp:107
bb::UltraFlavor::Commitment
Curve::AffineElement Commitment
Definition ultra_flavor.hpp:41
bb::UltraFlavor::NUM_ALL_ENTITIES
static constexpr size_t NUM_ALL_ENTITIES
Definition ultra_flavor.hpp:60
bb::UltraFlavor::NUM_WITNESS_ENTITIES
static constexpr size_t NUM_WITNESS_ENTITIES
Definition ultra_flavor.hpp:65
bb::UltraZKFlavor::Transcript_
Derived class that defines proof structure for Ultra zero knowledge proofs, as well as supporting fun...
Definition ultra_zk_flavor.hpp:63
bb::UltraZKFlavor::Transcript_::prover_init_empty
static std::shared_ptr< Transcript_ > prover_init_empty()
Definition ultra_zk_flavor.hpp:82
bb::UltraZKFlavor::Transcript_::hiding_polynomial_commitment
Commitment hiding_polynomial_commitment
Definition ultra_zk_flavor.hpp:77
bb::UltraZKFlavor::Transcript_::Transcript_
Transcript_()=default
bb::UltraZKFlavor::Transcript_::libra_claimed_evaluation
FF libra_claimed_evaluation
Definition ultra_zk_flavor.hpp:70
bb::UltraZKFlavor::Transcript_::deserialize_full_transcript
void deserialize_full_transcript(size_t num_public_inputs, size_t virtual_log_n=CONST_PROOF_SIZE_LOG_N)
Takes a FULL Ultra proof and deserializes it into the public member variables that compose the struct...
Definition ultra_zk_flavor.hpp:100
bb::UltraZKFlavor::Transcript_::libra_grand_sum_commitment
Commitment libra_grand_sum_commitment
Definition ultra_zk_flavor.hpp:71
bb::UltraZKFlavor::Transcript_::zk_sumcheck_univariates
std::vector< bb::Univariate< FF, BATCHED_RELATION_PARTIAL_LENGTH > > zk_sumcheck_univariates
Definition ultra_zk_flavor.hpp:67
bb::UltraZKFlavor::Transcript_::libra_grand_sum_eval
FF libra_grand_sum_eval
Definition ultra_zk_flavor.hpp:75
bb::UltraZKFlavor::Transcript_::verifier_init_empty
static std::shared_ptr< Transcript_ > verifier_init_empty(const std::shared_ptr< Transcript_ > &transcript)
Definition ultra_zk_flavor.hpp:88
bb::UltraZKFlavor::Transcript_::libra_quotient_commitment
Commitment libra_quotient_commitment
Definition ultra_zk_flavor.hpp:72
bb::UltraZKFlavor::Transcript_::libra_quotient_eval
FF libra_quotient_eval
Definition ultra_zk_flavor.hpp:76
bb::UltraZKFlavor::Transcript_::serialize_full_transcript
void serialize_full_transcript(size_t virtual_log_n=CONST_PROOF_SIZE_LOG_N)
Serializes the structure variables into a FULL Ultra proof. Should be called only if deserialize_full...
Definition ultra_zk_flavor.hpp:155
bb::UltraZKFlavor::Transcript_::libra_concatenation_commitment
Commitment libra_concatenation_commitment
Definition ultra_zk_flavor.hpp:68
bb::UltraZKFlavor::Transcript_::libra_sum
FF libra_sum
Definition ultra_zk_flavor.hpp:69
bb::UltraZKFlavor::Transcript_::libra_shifted_grand_sum_eval
FF libra_shifted_grand_sum_eval
Definition ultra_zk_flavor.hpp:74
bb::UltraZKFlavor::Transcript_::libra_concatenation_eval
FF libra_concatenation_eval
Definition ultra_zk_flavor.hpp:73
bb::UltraZKFlavor::Transcript_::hiding_polynomial_eval
FF hiding_polynomial_eval
Definition ultra_zk_flavor.hpp:78
bb::UltraZKFlavor
Child class of UltraFlavor that runs with ZK Sumcheck.
Definition ultra_zk_flavor.hpp:23
bb::UltraZKFlavor::HasZK
static constexpr bool HasZK
Definition ultra_zk_flavor.hpp:26
bb::UltraZKFlavor::num_frs_comm
static constexpr size_t num_frs_comm
Definition ultra_zk_flavor.hpp:32
bb::UltraZKFlavor::num_frs_fr
static constexpr size_t num_frs_fr
Definition ultra_zk_flavor.hpp:33
bb::UltraZKFlavor::BATCHED_RELATION_PARTIAL_LENGTH
static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH
Definition ultra_zk_flavor.hpp:29
bb::UltraZKFlavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS
static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS(size_t virtual_log_n=CONST_PROOF_SIZE_LOG_N)
Definition ultra_zk_flavor.hpp:36
bb::Univariate
A univariate polynomial represented by its values on {domain_start, domain_start + 1,...
Definition univariate.hpp:35
bb::curve::BN254::LIBRA_UNIVARIATES_LENGTH
static constexpr uint32_t LIBRA_UNIVARIATES_LENGTH
Definition bn254.hpp:46
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
ultra_flavor.hpp