Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
multilinear_batching_claims.hpp
Go to the documentation of this file.
1#pragma once
2
3#include "barretenberg/flavor/multilinear_batching_flavor.hpp"
4#include "barretenberg/transcript/origin_tag.hpp"
5
6namespace bb {
7template <typename Curve> struct MultilinearBatchingVerifierClaim {
8 using FF = Curve::ScalarField;
9 using Commitment = Curve::AffineElement;
10 std::vector<FF> challenge;
11 FF non_shifted_evaluation;
12 FF shifted_evaluation;
13 Commitment non_shifted_commitment;
14 Commitment shifted_commitment;
15
24 template <typename RecursiveCurve>
25 static MultilinearBatchingVerifierClaim stdlib_from_native(
26 typename RecursiveCurve::Builder* builder,
27 const MultilinearBatchingVerifierClaim<typename RecursiveCurve::NativeCurve>& native_claim)
28 requires Curve::is_stdlib_type
29 {
30 MultilinearBatchingVerifierClaim<RecursiveCurve> result;
31
32 for (auto& element : native_claim.challenge) {
33 result.challenge.emplace_back(FF::from_witness(builder, element));
34 }
35
36 result.non_shifted_evaluation = FF::from_witness(builder, native_claim.non_shifted_evaluation);
37 result.shifted_evaluation = FF::from_witness(builder, native_claim.shifted_evaluation);
38 result.non_shifted_commitment = Commitment::from_witness(builder, native_claim.non_shifted_commitment);
39 result.shifted_commitment = Commitment::from_witness(builder, native_claim.shifted_commitment);
40
41 return result;
42 }
43
47 template <typename T>
48 T get_value()
49 requires Curve::is_stdlib_type
50 {
51 T native_claim;
52 native_claim.challenge.reserve(challenge.size());
53
54 for (auto& recursive_challenge : challenge) {
55 native_claim.challenge.emplace_back(recursive_challenge.get_value());
56 }
57 native_claim.non_shifted_evaluation = non_shifted_evaluation.get_value();
58 native_claim.shifted_evaluation = shifted_evaluation.get_value();
59 native_claim.non_shifted_commitment = non_shifted_commitment.get_value();
60 native_claim.shifted_commitment = shifted_commitment.get_value();
61
62 return native_claim;
63 }
64
68 template <typename T>
69 FF hash_with_origin_tagging([[maybe_unused]] const std::string& domain_separator, T& transcript) const
70 {
71 using Codec = typename T::Codec;
72 std::vector<FF> claim_elements;
73
74 const OriginTag tag = bb::extract_transcript_tag(transcript);
75
76 // Tag, serialize, and append
77 auto append_tagged = [&]<typename U>(const U& component) {
78 auto frs = bb::tag_and_serialize<T::in_circuit, Codec>(component, tag);
79 claim_elements.insert(claim_elements.end(), frs.begin(), frs.end());
80 };
81
82 // Tag and serialize all challenge elements
83 for (const auto& element : challenge) {
84 append_tagged(element);
85 }
86
87 // Tag and serialize evaluations and commitments
88 append_tagged(non_shifted_evaluation);
89 append_tagged(shifted_evaluation);
90 append_tagged(non_shifted_commitment);
91 append_tagged(shifted_commitment);
92
93 // Sanitize free witness tags before hashing
94 bb::unset_free_witness_tags<T::in_circuit, FF>(claim_elements);
95
96 // Hash the tagged elements directly
97 return T::HashFunction::hash(claim_elements);
98 }
99};
100
101struct MultilinearBatchingProverClaim {
102 using FF = MultilinearBatchingFlavor::FF;
103 using Commitment = MultilinearBatchingFlavor::Commitment;
104 using Polynomial = MultilinearBatchingFlavor::Polynomial;
105 std::vector<FF> challenge;
106 FF non_shifted_evaluation;
107 FF shifted_evaluation;
108 Polynomial non_shifted_polynomial;
109 Polynomial shifted_polynomial;
110 Commitment non_shifted_commitment;
111 Commitment shifted_commitment;
112 size_t dyadic_size;
113
114#ifndef NDEBUG
115 bool compare_with_verifier_claim(const MultilinearBatchingVerifierClaim<curve::BN254>& verifier_claim)
116 {
117 bool is_a_match = true;
118 CommitmentKey<curve::BN254> bn254_commitment_key(dyadic_size);
119
120 for (size_t idx = 0;
121 auto [prover_challenge, verifier_challenge] : zip_view(challenge, verifier_claim.challenge)) {
122 if (prover_challenge != verifier_challenge) {
123 info("Challenge mismatch at index ", idx);
124 is_a_match = false;
125 }
126 idx++;
127 }
128
129 if (verifier_claim.non_shifted_commitment != bn254_commitment_key.commit(non_shifted_polynomial)) {
130 info("Non-shifted commitment mismatch");
131 is_a_match = false;
132 }
133
134 if (verifier_claim.shifted_commitment != bn254_commitment_key.commit(shifted_polynomial)) {
135 info("Shifted commitment mismatch");
136 is_a_match = false;
137 }
138
139 // Bump the virtual size to compute mle evaluations
140 non_shifted_polynomial.increase_virtual_size(1 << challenge.size());
141 shifted_polynomial.increase_virtual_size(1 << challenge.size());
142
143 if (verifier_claim.non_shifted_evaluation != non_shifted_polynomial.evaluate_mle(verifier_claim.challenge)) {
144 info("Non-shifted evaluation mismatch");
145 is_a_match = false;
146 }
147
148 if (verifier_claim.shifted_evaluation != shifted_polynomial.evaluate_mle(verifier_claim.challenge, true)) {
149 info("Shifted evaluation mismatch");
150 is_a_match = false;
151 }
152
153 return is_a_match;
154 }
155#endif
156};
157
158} // namespace bb
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:88
bb::Polynomial::increase_virtual_size
void increase_virtual_size(const size_t size_in)
Definition polynomial.hpp:280
bb::Polynomial::evaluate_mle
Fr evaluate_mle(std::span< const Fr > evaluation_points, bool shift=false) const
evaluate multi-linear extension p(X_0,…,X_{n-1}) = \sum_i a_i*L_i(X_0,…,X_{n-1}) at u = (u_0,...
Definition polynomial.cpp:199
bb::curve::Grumpkin::is_stdlib_type
static constexpr bool is_stdlib_type
Definition grumpkin.hpp:69
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63
zip_view
Definition zip_view.hpp:166
info
void info(Args... args)
Definition log.hpp:75
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
multilinear_batching_flavor.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::extract_transcript_tag
OriginTag extract_transcript_tag(const TranscriptType &transcript)
Extract origin tag context from a transcript.
Definition origin_tag.hpp:298
origin_tag.hpp
This file contains part of the logic for the Origin Tag mechanism that tracks the use of in-circuit p...
bb::MultilinearBatchingProverClaim::Commitment
MultilinearBatchingFlavor::Commitment Commitment
Definition multilinear_batching_claims.hpp:103
bb::MultilinearBatchingProverClaim::compare_with_verifier_claim
bool compare_with_verifier_claim(const MultilinearBatchingVerifierClaim< curve::BN254 > &verifier_claim)
Definition multilinear_batching_claims.hpp:115