Barretenberg: src/barretenberg/hypernova/hypernova_verifier.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "barretenberg/hypernova/hypernova_verifier.hpp"


namespace bb {


template <typename Flavor_>

std::pair<std::vector<typename HypernovaFoldingVerifier<Flavor_>::FF>,

          std::vector<typename HypernovaFoldingVerifier<Flavor_>::FF>>


HypernovaFoldingVerifier<Flavor_>::get_batching_challenges()

{

    std::vector<std::string> labels_unshifted_entities(NUM_UNSHIFTED_ENTITIES);

    std::vector<std::string> labels_shifted_witnesses(NUM_SHIFTED_ENTITIES);

    for (size_t idx = 0; idx < NUM_UNSHIFTED_ENTITIES; idx++) {

        labels_unshifted_entities[idx] = "unshifted_challenge_" + std::to_string(idx);

    }

    for (size_t idx = 0; idx < NUM_SHIFTED_ENTITIES; idx++) {

        labels_shifted_witnesses[idx] = "shifted_challenge_" + std::to_string(idx);

    }

    auto unshifted_challenges = transcript->template get_challenges<FF>(labels_unshifted_entities);

    auto shifted_challenges = transcript->template get_challenges<FF>(labels_shifted_witnesses);


    return { unshifted_challenges, shifted_challenges };

}


template <typename Flavor_>

template <size_t N>


HypernovaFoldingVerifier<Flavor_>::Commitment HypernovaFoldingVerifier<Flavor_>::batch_mul(

    const RefArray<Commitment, N>& _points, const std::vector<FF>& scalars)

{

    std::vector<Commitment> points(N);

    for (size_t idx = 0; const auto& point : _points) {

        points[idx++] = point;

    }


    if constexpr (IsRecursiveFlavor<Flavor>) {

        return Curve::Group::batch_mul(points, scalars);

    } else {

        return batch_mul_native<Curve>(points, scalars);

    }

}


template <typename Flavor>


HypernovaFoldingVerifier<Flavor>::Accumulator HypernovaFoldingVerifier<Flavor>::sumcheck_output_to_accumulator(

    HypernovaFoldingVerifier<Flavor>::MegaSumcheckOutput& sumcheck_output,

    const std::shared_ptr<HypernovaFoldingVerifier::VerifierInstance>& instance)

{

    BB_BENCH_NAME("HypernovaFoldingVerifier::sumcheck_output_to_accumulator");


    // Generate challenges to batch shifted and unshifted polynomials/commitments/evaluation

    auto [unshifted_challenges, shifted_challenges] = get_batching_challenges();


    // Batch evaluations

    FF batched_unshifted_evaluation(0);

    FF batched_shifted_evaluation(0);


    for (auto [eval, challenge] : zip_view(sumcheck_output.claimed_evaluations.get_unshifted(), unshifted_challenges)) {

        batched_unshifted_evaluation += eval * challenge;

    }

    for (auto [eval, challenge] : zip_view(sumcheck_output.claimed_evaluations.get_shifted(), shifted_challenges)) {

        batched_shifted_evaluation += eval * challenge;

    }


    // Batch commitments

    VerifierCommitments verifier_commitments(instance->get_vk(), instance->witness_commitments);


    Commitment batched_unshifted_commitment = batch_mul(verifier_commitments.get_unshifted(), unshifted_challenges);

    Commitment batched_shifted_commitment = batch_mul(verifier_commitments.get_to_be_shifted(), shifted_challenges);


    return Accumulator{ .challenge = sumcheck_output.challenge,

                        .non_shifted_evaluation = batched_unshifted_evaluation,

                        .shifted_evaluation = batched_shifted_evaluation,

                        .non_shifted_commitment = batched_unshifted_commitment,

                        .shifted_commitment = batched_shifted_commitment };

};


template <typename Flavor>


SumcheckOutput<Flavor> HypernovaFoldingVerifier<Flavor>::sumcheck_on_incoming_instance(

    const std::shared_ptr<typename HypernovaFoldingVerifier::VerifierInstance>& instance, const Proof& proof)

{

    BB_BENCH_NAME("HypernovaFoldingVerifier::sumcheck_on_incoming_instance");


    vinfo("HypernovaFoldingVerifier: verifying Oink proof...");

    // Complete the incoming verifier instance

    OinkVerifier verifier{ instance, transcript };

    transcript->load_proof(proof);

    verifier.verify();


    instance->gate_challenges = transcript->template get_dyadic_powers_of_challenge<FF>(

        "HypernovaFoldingProver:gate_challenge", Flavor::VIRTUAL_LOG_N);


    // Sumcheck verification

    vinfo("HypernovaFoldingVerifier: verifying Sumcheck to turn instance into an accumulator...");


    std::vector<FF> padding_indicator_array(Flavor::VIRTUAL_LOG_N, 1);

    SumcheckVerifier sumcheck(transcript, instance->alpha, Flavor::VIRTUAL_LOG_N);

    SumcheckOutput<Flavor> sumcheck_output =

        sumcheck.verify(instance->relation_parameters, instance->gate_challenges, padding_indicator_array);


    return sumcheck_output;

};


template <typename Flavor>


std::pair<bool, typename HypernovaFoldingVerifier<Flavor>::Accumulator> HypernovaFoldingVerifier<Flavor>::

    instance_to_accumulator(const std::shared_ptr<typename HypernovaFoldingVerifier::VerifierInstance>& instance,

                            const Proof& proof)

{

    BB_BENCH_NAME("HypernovaFoldingVerifier::instance_to_accumulator");


    auto sumcheck_output = sumcheck_on_incoming_instance(instance, proof);


    auto accumulator = sumcheck_output_to_accumulator(sumcheck_output, instance);


    if (sumcheck_output.verified) {

        vinfo("HypernovaFoldingVerifier: Successfully turned instance into accumulator.");

    } else {

        vinfo("HypernovaFoldingVerifier: Failed to recursively verify Sumcheck to turn instance into an accumulator. "

              "Ignore if generating the VKs");

    }


    return { sumcheck_output.verified, accumulator };

};


template <typename Flavor>

std::tuple<bool, bool, typename HypernovaFoldingVerifier<Flavor>::Accumulator> HypernovaFoldingVerifier<


    Flavor>::verify_folding_proof(const std::shared_ptr<typename HypernovaFoldingVerifier::VerifierInstance>& instance,

                                  const HypernovaFoldingVerifier::Proof& proof)

{

    BB_BENCH_NAME("HypernovaFoldingVerifier::verify_folding_proof");


    vinfo("HypernovaFoldingVerifier: verifying folding proof...");


    auto sumcheck_output = sumcheck_on_incoming_instance(instance, proof);


    // Generate challenges to batch shifted and unshifted polynomials/commitments/evaluation

    auto [unshifted_challenges, shifted_challenges] = get_batching_challenges();


    VerifierCommitments verifier_commitments(instance->get_vk(), instance->witness_commitments);


    MultilinearBatchingVerifier batching_verifier(transcript);

    auto [sumcheck_batching_result, new_accumulator] =

        batching_verifier.verify_proof(sumcheck_output, verifier_commitments, unshifted_challenges, shifted_challenges);


    if (sumcheck_output.verified && sumcheck_batching_result) {

        vinfo("HypernovaFoldingVerifier: successfully verified folding proof.");

    } else if (!sumcheck_output.verified) {

        vinfo("HypernovaFoldingVerifier: Failed to recursively verify Sumcheck to turn instance into an accumulator. "

              "Ignore if generating the VKs");

    } else {

        vinfo("HypernovaFoldingVerifier: Failed to recursively verify Sumcheck to batch two accumulators. Ignore if "

              "generating the VKs");

    }


    return { sumcheck_output.verified, sumcheck_batching_result, new_accumulator };

};


template class HypernovaFoldingVerifier<MegaRecursiveFlavor_<MegaCircuitBuilder>>;

template class HypernovaFoldingVerifier<MegaFlavor>;

} // namespace bb

instance
std::shared_ptr< Napi::ThreadSafeFunction > instance
Definition avm_simulate_napi.cpp:75

BB_BENCH_NAME
#define BB_BENCH_NAME(name)
Definition bb_bench.hpp:219

bb::ECCVMFlavor::AllEntities::get_to_be_shifted
auto get_to_be_shifted()
Definition eccvm_flavor.hpp:429

bb::ECCVMFlavor::VerifierCommitments_
Definition eccvm_flavor.hpp:982

bb::HypernovaFoldingVerifier
Definition hypernova_verifier.hpp:21

bb::HypernovaFoldingVerifier::sumcheck_on_incoming_instance
SumcheckOutput< Flavor > sumcheck_on_incoming_instance(const std::shared_ptr< VerifierInstance > &instance, const Proof &proof)
Perform sumcheck on the incoming instance.
Definition hypernova_verifier.cpp:82

bb::HypernovaFoldingVerifier::Proof
std::conditional_t< IsRecursiveFlavor< Flavor >, typename HypernovaRecursiveTypes::Proof, typename HypernovaNativeTypes::Proof > Proof
Definition hypernova_verifier.hpp:43

bb::HypernovaFoldingVerifier::Commitment
Flavor::Commitment Commitment
Definition hypernova_verifier.hpp:26

bb::HypernovaFoldingVerifier::instance_to_accumulator
std::pair< bool, Accumulator > instance_to_accumulator(const std::shared_ptr< VerifierInstance > &instance, const Proof &proof)
Turn an instance into an accumulator by executing sumcheck.
Definition hypernova_verifier.cpp:109

bb::HypernovaFoldingVerifier::MultilinearBatchingVerifier
std::conditional_t< IsRecursiveFlavor< Flavor >, typename HypernovaRecursiveTypes::MultilinearBatchingVerifier, typename HypernovaNativeTypes::MultilinearBatchingVerifier > MultilinearBatchingVerifier
Definition hypernova_verifier.hpp:37

bb::HypernovaFoldingVerifier::batch_mul
Commitment batch_mul(const RefArray< Commitment, N > &_points, const std::vector< FF > &scalars)
Utility to perform batch mul of commitments.
Definition hypernova_verifier.cpp:32

bb::HypernovaFoldingVerifier::sumcheck_output_to_accumulator
Accumulator sumcheck_output_to_accumulator(MegaSumcheckOutput &sumcheck_output, const std::shared_ptr< VerifierInstance > &instance)
Convert the output of the sumcheck run on the incoming instance into an accumulator.
Definition hypernova_verifier.cpp:48

bb::HypernovaFoldingVerifier::get_batching_challenges
std::pair< std::vector< FF >, std::vector< FF > > get_batching_challenges()
Generate the challenges required to batch the incoming instance with the accumulator.
Definition hypernova_verifier.cpp:14

bb::HypernovaFoldingVerifier::Flavor
Flavor_ Flavor
Definition hypernova_verifier.hpp:23

bb::HypernovaFoldingVerifier::FF
Flavor::FF FF
Definition hypernova_verifier.hpp:24

bb::OinkVerifier
Verifier class for all the presumcheck rounds, which are shared between the folding verifier and ultr...
Definition oink_verifier.hpp:35

bb::OinkVerifier::verify
void verify()
Oink Verifier function that runs all the rounds of the verifier.
Definition oink_verifier.cpp:28

bb::RefArray
A template class for a reference array. Behaves as if std::array<T&, N> was possible.
Definition ref_array.hpp:22

bb::SumcheckVerifier
Implementation of the sumcheck Verifier for statements of the form  for multilinear polynomials .
Definition sumcheck.hpp:786

bb::SumcheckVerifier::verify
SumcheckOutput< Flavor > verify(const bb::RelationParameters< FF > &relation_parameters, const std::vector< FF > &gate_challenges, const std::vector< FF > &padding_indicator_array)
The Sumcheck verification method. First it extracts round univariate, checks sum (the sumcheck univar...
Definition sumcheck.hpp:844

zip_view
Definition zip_view.hpp:166

vinfo
#define vinfo(...)
Definition log.hpp:80

bb::IsRecursiveFlavor
Definition flavor_concepts.hpp:46

hypernova_verifier.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402

bb::MultilinearBatchingVerifierClaim
Definition multilinear_batching_claims.hpp:7

bb::MultilinearBatchingVerifierClaim::challenge
std::vector< FF > challenge
Definition multilinear_batching_claims.hpp:10

bb::SumcheckOutput
Contains the evaluations of multilinear polynomials  at the challenge point . These are computed by S...
Definition sumcheck_output.hpp:22

bb::SumcheckOutput::claimed_evaluations
ClaimedEvaluations claimed_evaluations
Definition sumcheck_output.hpp:30

bb::SumcheckOutput::challenge
std::vector< FF > challenge
Definition sumcheck_output.hpp:28