eccvm_recursive_flavor.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }
// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }
// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }
// =====================
 
#pragma once
#include "barretenberg/eccvm/eccvm_flavor.hpp"
#include "barretenberg/stdlib/eccvm_verifier/verifier_commitment_key.hpp"
#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"
#include "barretenberg/stdlib/proof/proof.hpp"
 
// NOLINTBEGIN(cppcoreguidelines-avoid-const-or-ref-data-members) ?
 
namespace bb {
 
class ECCVMRecursiveFlavor {
  public:
    using CircuitBuilder = UltraCircuitBuilder; // determines the arithmetisation of recursive verifier
    using Curve = stdlib::grumpkin<CircuitBuilder>;
    using Commitment = Curve::AffineElement;
    using GroupElement = Curve::Element;
    using FF = Curve::ScalarField;
    using BF = Curve::BaseField;
    using NativeFlavor = ECCVMFlavor;
    using NativeVerificationKey = NativeFlavor::VerificationKey;
    using PCS = IPA<Curve>;
 
    // Indicates that this flavor runs with non-ZK Sumcheck.
    static constexpr bool HasZK = true;
    // ECCVM proof size and its recursive verifier circuit are genuinely fixed, hence no padding is needed.
    static constexpr bool USE_PADDING = ECCVMFlavor::USE_PADDING;
 
    static constexpr size_t NUM_WIRES = ECCVMFlavor::NUM_WIRES;
    // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often
    // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS`.
    // Note: this number does not include the individual sorted list polynomials.
    static constexpr size_t NUM_ALL_ENTITIES = ECCVMFlavor::NUM_ALL_ENTITIES;
    // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying
    // assignment of witnesses. We again choose a neutral name.
    static constexpr size_t NUM_PRECOMPUTED_ENTITIES = ECCVMFlavor::NUM_PRECOMPUTED_ENTITIES;
    // The total number of witness entities not including shifts.
    static constexpr size_t NUM_WITNESS_ENTITIES = ECCVMFlavor::NUM_WITNESS_ENTITIES;
 
    static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = ECCVMFlavor::REPEATED_COMMITMENTS;
    // define the tuple of Relations that comprise the Sumcheck relation
    // Reuse the Relations from ECCVM
    using Relations = ECCVMFlavor::Relations_<FF>;
 
    static constexpr size_t NUM_SUBRELATIONS = ECCVMFlavor::NUM_SUBRELATIONS;
    using SubrelationSeparators = std::array<FF, NUM_SUBRELATIONS - 1>;
 
    static constexpr size_t MAX_PARTIAL_RELATION_LENGTH = ECCVMFlavor::MAX_PARTIAL_RELATION_LENGTH;
 
    // BATCHED_RELATION_PARTIAL_LENGTH = algebraic degree of sumcheck relation *after* multiplying by the `pow_zeta`
    // random polynomial e.g. For \sum(x) [A(x) * B(x) + C(x)] * PowZeta(X), relation length = 2 and random relation
    // length = 3
    static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = ECCVMFlavor::BATCHED_RELATION_PARTIAL_LENGTH;
    static constexpr size_t NUM_RELATIONS = std::tuple_size<Relations>::value;
 
    class AllValues : public ECCVMFlavor::AllEntities<FF> {
      public:
        using Base = ECCVMFlavor::AllEntities<FF>;
        using Base::Base;
    };
 
    using VerifierCommitmentKey = bb::VerifierCommitmentKey<Curve>;
    class VerificationKey : public StdlibVerificationKey_<CircuitBuilder,
                                                          ECCVMFlavor::PrecomputedEntities<Commitment>,
                                                          VKSerializationMode::NO_METADATA> {
      public:
        VerifierCommitmentKey pcs_verification_key;
 
        VerificationKey(CircuitBuilder* builder, const std::shared_ptr<NativeVerificationKey>& native_key)
            : pcs_verification_key(builder, 1UL << CONST_ECCVM_LOG_N, native_key->pcs_verification_key)
        {
 
            // TODO(https://github.com/AztecProtocol/barretenberg/issues/1324): Remove `log_circuit_size` from MSGPACK
            // and the verification key.
            this->log_circuit_size = BF{ static_cast<uint64_t>(CONST_ECCVM_LOG_N) };
            this->log_circuit_size.convert_constant_to_fixed_witness(builder);
            this->num_public_inputs = BF::from_witness(builder, typename BF::native(native_key->num_public_inputs));
            this->pub_inputs_offset = BF::from_witness(builder, typename BF::native(native_key->pub_inputs_offset));
 
            for (auto [native_commitment, commitment] : zip_view(native_key->get_all(), this->get_all())) {
                commitment = Commitment::from_witness(builder, native_commitment);
            }
        }
 
        FF hash_with_origin_tagging([[maybe_unused]] const std::string& domain_separator,
                                    [[maybe_unused]] Transcript& transcript) const override
        {
            throw_or_abort("Not intended to be used because vk is hardcoded in circuit.");
        }
 
        void fix_witness()
        {
            for (Commitment& commitment : this->get_all()) {
                commitment.fix_witness();
            }
        }
    };
 
    using WitnessCommitments = ECCVMFlavor::WitnessEntities<Commitment>;
 
    using CommitmentLabels = ECCVMFlavor::CommitmentLabels;
    // Reuse the VerifierCommitments from ECCVM
    using VerifierCommitments = ECCVMFlavor::VerifierCommitments_<Commitment, VerificationKey>;
    // Reuse the transcript from ECCVM
    using Transcript = StdlibTranscript<CircuitBuilder>;
 
    // Proof type for recursive verification
    using Proof = stdlib::Proof<CircuitBuilder>;
 
    using VKAndHash = VKAndHash_<VerificationKey, FF>;
 
}; // NOLINTEND(cppcoreguidelines-avoid-const-or-ref-data-members)
 
} // namespace bb