Barretenberg: src/barretenberg/goblin/merge_prover.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/commitment_schemes/claim.hpp"

#include "barretenberg/flavor/mega_flavor.hpp"

#include "barretenberg/flavor/ultra_flavor.hpp"

#include "barretenberg/honk/proof_system/types/proof.hpp"

#include "barretenberg/op_queue/ecc_op_queue.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb {


class MergeProver {

    using Curve = curve::BN254;

    using FF = Curve::ScalarField;

    using Commitment = Curve::AffineElement;

    using Polynomial = bb::Polynomial<FF>;

    using CommitmentKey = bb::CommitmentKey<Curve>;

    using PCS = KZG<Curve>;

    using OpeningClaim = ProverOpeningClaim<Curve>;

    using OpeningPair = bb::OpeningPair<Curve>;

    using Transcript = NativeTranscript;


  public:

    using MergeProof = std::vector<FF>;


    explicit MergeProver(const std::shared_ptr<ECCOpQueue>& op_queue,

                         const MergeSettings settings = MergeSettings::PREPEND,

                         const CommitmentKey& commitment_key = CommitmentKey(),

                         const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>());


    BB_PROFILE MergeProof construct_proof();


    std::shared_ptr<ECCOpQueue> op_queue;

    CommitmentKey pcs_commitment_key;

    std::shared_ptr<Transcript> transcript;

    MergeSettings settings;


    // Number of columns that jointly constitute the op_queue, should be the same as the number of wires in the

    // MegaCircuitBuilder

    static constexpr size_t NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES;


  private:


    std::vector<std::string> labels_degree_check = { "LEFT_TABLE_DEGREE_CHECK_0",

                                                     "LEFT_TABLE_DEGREE_CHECK_1",

                                                     "LEFT_TABLE_DEGREE_CHECK_2",

                                                     "LEFT_TABLE_DEGREE_CHECK_3" };


    std::vector<std::string> labels_shplonk_batching_challenges = {

        "SHPLONK_MERGE_BATCHING_CHALLENGE_0",  "SHPLONK_MERGE_BATCHING_CHALLENGE_1",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_2",  "SHPLONK_MERGE_BATCHING_CHALLENGE_3",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_4",  "SHPLONK_MERGE_BATCHING_CHALLENGE_5",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_6",  "SHPLONK_MERGE_BATCHING_CHALLENGE_7",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_8",  "SHPLONK_MERGE_BATCHING_CHALLENGE_9",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_10", "SHPLONK_MERGE_BATCHING_CHALLENGE_11",

        "SHPLONK_MERGE_BATCHING_CHALLENGE_12"

    };


    static Polynomial compute_degree_check_polynomial(const std::array<Polynomial, NUM_WIRES>& left_table,

                                                      const std::vector<FF>& degree_check_challenges);


    static Polynomial compute_shplonk_batched_quotient(const std::array<Polynomial, NUM_WIRES>& left_table,

                                                       const std::array<Polynomial, NUM_WIRES>& right_table,

                                                       const std::array<Polynomial, NUM_WIRES>& merged_table,

                                                       const std::vector<FF>& shplonk_batching_challenges,

                                                       const FF& kappa,

                                                       const FF& kappa_inv,

                                                       const Polynomial& reversed_batched_left_tables,

                                                       const std::vector<FF>& evals);


    static OpeningClaim compute_shplonk_opening_claim(Polynomial& shplonk_batched_quotient,

                                                      const FF& shplonk_opening_challenge,

                                                      const std::array<Polynomial, NUM_WIRES>& left_table,

                                                      const std::array<Polynomial, NUM_WIRES>& right_table,

                                                      const std::array<Polynomial, NUM_WIRES>& merged_table,

                                                      const std::vector<FF>& shplonk_batching_challenges,

                                                      const FF& kappa,

                                                      const FF& kappa_inv,

                                                      Polynomial& reversed_batched_left_tables,

                                                      const std::vector<FF>& evals);

};


} // namespace bb

claim.hpp

bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43

bb::KZG
Definition kzg.hpp:22

bb::MegaExecutionTraceBlocks::NUM_WIRES
static constexpr size_t NUM_WIRES
Defines the circuit block types for the Mega arithmetization.
Definition mega_execution_trace.hpp:382

bb::MergeProver
Prover class for the Goblin ECC op queue transcript merge protocol.
Definition merge_prover.hpp:22

bb::MergeProver::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition merge_prover.hpp:50

bb::MergeProver::Commitment
Curve::AffineElement Commitment
Definition merge_prover.hpp:25

bb::MergeProver::op_queue
std::shared_ptr< ECCOpQueue > op_queue
Definition merge_prover.hpp:43

bb::MergeProver::MergeProof
std::vector< FF > MergeProof
Definition merge_prover.hpp:34

bb::MergeProver::settings
MergeSettings settings
Definition merge_prover.hpp:46

bb::MergeProver::construct_proof
BB_PROFILE MergeProof construct_proof()
Prove proper construction of the aggregate Goblin ECC op queue polynomials T_j.
Definition merge_prover.cpp:156

bb::MergeProver::labels_degree_check
std::vector< std::string > labels_degree_check
Definition merge_prover.hpp:53

bb::MergeProver::compute_shplonk_opening_claim
static OpeningClaim compute_shplonk_opening_claim(Polynomial &shplonk_batched_quotient, const FF &shplonk_opening_challenge, const std::array< Polynomial, NUM_WIRES > &left_table, const std::array< Polynomial, NUM_WIRES > &right_table, const std::array< Polynomial, NUM_WIRES > &merged_table, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, Polynomial &reversed_batched_left_tables, const std::vector< FF > &evals)
Compute the partially evaluated Shplonk batched quotient and the resulting opening claim.
Definition merge_prover.cpp:95

bb::MergeProver::labels_shplonk_batching_challenges
std::vector< std::string > labels_shplonk_batching_challenges
Definition merge_prover.hpp:58

bb::MergeProver::transcript
std::shared_ptr< Transcript > transcript
Definition merge_prover.hpp:45

bb::MergeProver::pcs_commitment_key
CommitmentKey pcs_commitment_key
Definition merge_prover.hpp:44

bb::MergeProver::compute_shplonk_batched_quotient
static Polynomial compute_shplonk_batched_quotient(const std::array< Polynomial, NUM_WIRES > &left_table, const std::array< Polynomial, NUM_WIRES > &right_table, const std::array< Polynomial, NUM_WIRES > &merged_table, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, const Polynomial &reversed_batched_left_tables, const std::vector< FF > &evals)
Compute the batched Shplonk quotient polynomial.
Definition merge_prover.cpp:50

bb::MergeProver::compute_degree_check_polynomial
static Polynomial compute_degree_check_polynomial(const std::array< Polynomial, NUM_WIRES > &left_table, const std::vector< FF > &degree_check_challenges)
Compute the batched polynomial for the degree check.
Definition merge_prover.cpp:40

bb::MergeProver::CommitmentKey
bb::CommitmentKey< Curve > CommitmentKey
Definition merge_prover.hpp:27

bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:53

bb::OpeningPair
Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v.
Definition claim.hpp:19

bb::Polynomial< FF >

bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:34

bb::curve::BN254
Definition bn254.hpp:16

bb::curve::BN254::AffineElement
typename Group::affine_element AffineElement
Definition bn254.hpp:22

bb::curve::BN254::ScalarField
bb::fr ScalarField
Definition bn254.hpp:18

BB_PROFILE
#define BB_PROFILE
Definition compiler_hints.hpp:14

ecc_op_queue.hpp

proof.hpp

mega_flavor.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::MergeSettings
MergeSettings
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at t...
Definition ecc_ops_table.hpp:21

bb::PREPEND
@ PREPEND
Definition ecc_ops_table.hpp:21

bb::NativeTranscript
BaseTranscript< FrCodec, bb::crypto::Poseidon2< bb::crypto::Poseidon2Bn254ScalarFieldParams > > NativeTranscript
Definition transcript.hpp:488

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bb::field< Bn254FrParams >

transcript.hpp

ultra_flavor.hpp