Barretenberg: src/barretenberg/eccvm/eccvm_prover.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once

#include "barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp"

#include "barretenberg/eccvm/eccvm_flavor.hpp"

#include "barretenberg/goblin/translation_evaluations.hpp"

#include "barretenberg/honk/library/grand_product_library.hpp"

#include "barretenberg/honk/proof_system/types/proof.hpp"

#include "barretenberg/relations/relation_parameters.hpp"

#include "barretenberg/sumcheck/sumcheck_output.hpp"

#include "barretenberg/sumcheck/zk_sumcheck_data.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb {


// We won't compile this class with Standard, but we will like want to compile it (at least for testing)

// with a flavor that uses the curve Grumpkin, or a flavor that does/does not have zk, etc.


class ECCVMProver {

  public:

    using Flavor = ECCVMFlavor;

    using FF = Flavor::FF;

    using BF = Flavor::BF;

    using Commitment = Flavor::Commitment;

    using PCS = Flavor::PCS;

    using CommitmentKey = Flavor::CommitmentKey;

    using ProvingKey = Flavor::ProvingKey;

    using Polynomial = Flavor::Polynomial;

    using CommitmentLabels = Flavor::CommitmentLabels;

    using Transcript = Flavor::Transcript;

    using TranslationEvaluations = bb::TranslationEvaluations_<FF>;

    using CircuitBuilder = Flavor::CircuitBuilder;

    using ZKData = ZKSumcheckData<Flavor>;

    using SmallSubgroupIPA = SmallSubgroupIPAProver<Flavor>;

    using OpeningClaim = ProverOpeningClaim<Flavor::Curve>;

    using Proof = HonkProof;


    explicit ECCVMProver(CircuitBuilder& builder, const std::shared_ptr<Transcript>& transcript);


    BB_PROFILE void execute_preamble_round();

    BB_PROFILE void execute_wire_commitments_round();

    BB_PROFILE void execute_log_derivative_commitments_round();

    BB_PROFILE void execute_grand_product_computation_round();

    BB_PROFILE void execute_relation_check_rounds();

    BB_PROFILE void execute_pcs_rounds();

    BB_PROFILE void execute_transcript_consistency_univariate_opening_round();


    Proof export_proof();

    std::pair<Proof, OpeningClaim> construct_proof();

    void compute_translation_opening_claims();

    void commit_to_witness_polynomial(Polynomial& polynomial, const std::string& label);


    std::shared_ptr<Transcript> transcript;


    size_t unmasked_witness_size;


    // The batch opening claim to be verified via IPA

    OpeningClaim batch_opening_claim;


    // Final ShplonkProver consumes an array consisting of Translation Opening Claims and a

    // `multivariate_to_univariate_opening_claim`

    static constexpr size_t NUM_OPENING_CLAIMS = ECCVMFlavor::NUM_TRANSLATION_OPENING_CLAIMS + 1;

    std::array<OpeningClaim, NUM_OPENING_CLAIMS> opening_claims;


    TranslationEvaluations translation_evaluations;


    std::vector<FF> public_inputs;


    bb::RelationParameters<FF> relation_parameters;


    std::shared_ptr<ProvingKey> key;


    CommitmentLabels commitment_labels;

    ZKData zk_sumcheck_data;


    FF evaluation_challenge_x;

    FF batching_challenge_v;


    SumcheckOutput<Flavor> sumcheck_output;

};


} // namespace bb

bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::ECCVMFlavor::CommitmentLabels
A container for commitment labels.
Definition eccvm_flavor.hpp:877

bb::ECCVMFlavor::ProvingKey
The proving key is responsible for storing the polynomials used by the prover.
Definition eccvm_flavor.hpp:792

bb::ECCVMFlavor
Definition eccvm_flavor.hpp:35

bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:42

bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:37

bb::ECCVMFlavor::Commitment
typename G1::affine_element Commitment
Definition eccvm_flavor.hpp:46

bb::ECCVMFlavor::BF
typename Curve::BaseField BF
Definition eccvm_flavor.hpp:43

bb::ECCVMFlavor::Polynomial
bb::Polynomial< FF > Polynomial
Definition eccvm_flavor.hpp:44

bb::ECCVMFlavor::NUM_TRANSLATION_OPENING_CLAIMS
static constexpr size_t NUM_TRANSLATION_OPENING_CLAIMS
Definition eccvm_flavor.hpp:159

bb::ECCVMFlavor::CommitmentKey
bb::CommitmentKey< Curve > CommitmentKey
Definition eccvm_flavor.hpp:47

bb::ECCVMFlavor::Transcript
NativeTranscript Transcript
Definition eccvm_flavor.hpp:50

bb::ECCVMFlavor::PCS
IPA< Curve > PCS
Definition eccvm_flavor.hpp:41

bb::ECCVMProver
Definition eccvm_prover.hpp:22

bb::ECCVMProver::batching_challenge_v
FF batching_challenge_v
Definition eccvm_prover.hpp:80

bb::ECCVMProver::batch_opening_claim
OpeningClaim batch_opening_claim
Definition eccvm_prover.hpp:61

bb::ECCVMProver::commit_to_witness_polynomial
void commit_to_witness_polynomial(Polynomial &polynomial, const std::string &label)
Utility to mask and commit to a witness polynomial and send the commitment to verifier.
Definition eccvm_prover.cpp:331

bb::ECCVMProver::execute_transcript_consistency_univariate_opening_round
BB_PROFILE void execute_transcript_consistency_univariate_opening_round()

bb::ECCVMProver::Commitment
Flavor::Commitment Commitment
Definition eccvm_prover.hpp:27

bb::ECCVMProver::public_inputs
std::vector< FF > public_inputs
Definition eccvm_prover.hpp:70

bb::ECCVMProver::FF
Flavor::FF FF
Definition eccvm_prover.hpp:25

bb::ECCVMProver::sumcheck_output
SumcheckOutput< Flavor > sumcheck_output
Definition eccvm_prover.hpp:82

bb::ECCVMProver::execute_log_derivative_commitments_round
BB_PROFILE void execute_log_derivative_commitments_round()
Compute sorted witness-table accumulator.
Definition eccvm_prover.cpp:78

bb::ECCVMProver::unmasked_witness_size
size_t unmasked_witness_size
Definition eccvm_prover.hpp:58

bb::ECCVMProver::evaluation_challenge_x
FF evaluation_challenge_x
Definition eccvm_prover.hpp:79

bb::ECCVMProver::Proof
HonkProof Proof
Definition eccvm_prover.hpp:39

bb::ECCVMProver::transcript
std::shared_ptr< Transcript > transcript
Definition eccvm_prover.hpp:56

bb::ECCVMProver::export_proof
Proof export_proof()
Definition eccvm_prover.cpp:192

bb::ECCVMProver::NUM_OPENING_CLAIMS
static constexpr size_t NUM_OPENING_CLAIMS
Definition eccvm_prover.hpp:65

bb::ECCVMProver::construct_proof
std::pair< Proof, OpeningClaim > construct_proof()
Definition eccvm_prover.cpp:197

bb::ECCVMProver::commitment_labels
CommitmentLabels commitment_labels
Definition eccvm_prover.hpp:76

bb::ECCVMProver::translation_evaluations
TranslationEvaluations translation_evaluations
Definition eccvm_prover.hpp:68

bb::ECCVMProver::key
std::shared_ptr< ProvingKey > key
Definition eccvm_prover.hpp:74

bb::ECCVMProver::execute_preamble_round
BB_PROFILE void execute_preamble_round()
Fiat-Shamir the VK.
Definition eccvm_prover.cpp:40

bb::ECCVMProver::zk_sumcheck_data
ZKData zk_sumcheck_data
Definition eccvm_prover.hpp:77

bb::ECCVMProver::execute_wire_commitments_round
BB_PROFILE void execute_wire_commitments_round()
Compute commitments to the first three wires.
Definition eccvm_prover.cpp:55

bb::ECCVMProver::opening_claims
std::array< OpeningClaim, NUM_OPENING_CLAIMS > opening_claims
Definition eccvm_prover.hpp:66

bb::ECCVMProver::execute_grand_product_computation_round
BB_PROFILE void execute_grand_product_computation_round()
Compute permutation and lookup grand product polynomials and commitments.
Definition eccvm_prover.cpp:106

bb::ECCVMProver::execute_relation_check_rounds
BB_PROFILE void execute_relation_check_rounds()
Run Sumcheck resulting in u = (u_1,...,u_d) challenges and all evaluations at u being calculated.
Definition eccvm_prover.cpp:118

bb::ECCVMProver::execute_pcs_rounds
BB_PROFILE void execute_pcs_rounds()
Produce a univariate opening claim for the sumcheck multivariate evalutions and a batched univariate ...
Definition eccvm_prover.cpp:151

bb::ECCVMProver::compute_translation_opening_claims
void compute_translation_opening_claims()
To link the ECCVM Transcript wires op, Px, Py, z1, and z2 to the accumulator computed by the translat...
Definition eccvm_prover.cpp:255

bb::ECCVMProver::relation_parameters
bb::RelationParameters< FF > relation_parameters
Definition eccvm_prover.hpp:72

bb::ECCVMProver::BF
Flavor::BF BF
Definition eccvm_prover.hpp:26

bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:93

bb::Polynomial< FF >

bb::ProverOpeningClaim< Flavor::Curve >

bb::SmallSubgroupIPAProver
A Curve-agnostic ZK protocol to prove inner products of small vectors.
Definition small_subgroup_ipa.hpp:69

BB_PROFILE
#define BB_PROFILE
Definition compiler_hints.hpp:14

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

eccvm_flavor.hpp

grand_product_library.hpp

proof.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

relation_parameters.hpp

small_subgroup_ipa.hpp

bb::RelationParameters
Container for parameters used by the grand product (permutation, lookup) Honk relations.
Definition relation_parameters.hpp:19

bb::SumcheckOutput
Contains the evaluations of multilinear polynomials  at the challenge point . These are computed by S...
Definition sumcheck_output.hpp:22

bb::TranslationEvaluations_< FF >

bb::ZKSumcheckData
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
Definition zk_sumcheck_data.hpp:22

sumcheck_output.hpp

transcript.hpp

translation_evaluations.hpp

zk_sumcheck_data.hpp