Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
multilinear_batching_verifier.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#include "multilinear_batching_verifier.hpp"
8#include "barretenberg/flavor/mega_recursive_flavor.hpp"
9#include "barretenberg/flavor/multilinear_batching_flavor.hpp"
10#include "barretenberg/flavor/multilinear_batching_recursive_flavor.hpp"
11#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp"
12#include "barretenberg/sumcheck/sumcheck_output.hpp"
13
14namespace bb {
15
16template <typename Flavor_>
17MultilinearBatchingVerifier<Flavor_>::MultilinearBatchingVerifier(const std::shared_ptr<Transcript>& transcript)
18 : transcript(transcript)
19{}
20
21template <typename Flavor_>
22MultilinearBatchingVerifier<Flavor_>::FF MultilinearBatchingVerifier<Flavor_>::compute_new_target_sum(
23 const FF& alpha,
24 SumcheckOutput<InstanceFlavor>& instance_sumcheck,
25 const std::vector<InstanceFF>& unshifted_challenges,
26 const std::vector<InstanceFF>& shifted_challenges,
27 const FF& accumulator_non_shifted_evaluation,
28 const FF& accumulator_shifted_evaluation) const
29{
30 // Compute new target sum as:
31 // accumulator_non_shifted_evaluation
32 // + alpha * accumulator_shifted_evaluation
33 // + alpha^2 sum( instance_sumcheck.claimed_unshifted_evals * unshifted_challenges )
34 // + alpha^3 sum( instance_sumcheck.claimed_shifted_evals * shifted_challenges )
35 FF target_sum(0);
36 for (auto [eval, challenge] : zip_view(instance_sumcheck.claimed_evaluations.get_shifted(), shifted_challenges)) {
37 target_sum += eval * challenge;
38 }
39 target_sum *= alpha;
40 for (auto [eval, challenge] :
41 zip_view(instance_sumcheck.claimed_evaluations.get_unshifted(), unshifted_challenges)) {
42 target_sum += eval * challenge;
43 }
44 target_sum *= alpha;
45 target_sum += accumulator_shifted_evaluation; // Accumulator shifted evaluation
46 target_sum *= alpha;
47 target_sum += accumulator_non_shifted_evaluation; // Accumulator non-shifted evaluation
48
49 return target_sum;
50}
51
52template <typename Flavor_>
53template <size_t N>
54MultilinearBatchingVerifier<Flavor_>::Commitment MultilinearBatchingVerifier<Flavor_>::batch_mul(
55 RefArray<Commitment, N> instance_commitments,
56 const Commitment& accumulator_commitment,
57 std::vector<FF>& scalars,
58 const FF& batching_challenge)
59{
60 std::vector<Commitment> points(N + 1);
61 for (size_t idx = 0; auto point : instance_commitments) {
62 points[idx++] = point;
63 }
64 points.back() = accumulator_commitment;
65 scalars.emplace_back(batching_challenge);
66
67 if constexpr (IsRecursiveFlavor<Flavor>) {
68 return Curve::Group::batch_mul(points, scalars);
69 } else {
70 return batch_mul_native<Curve>(points, scalars);
71 }
72}
73
74template <typename Flavor_>
75MultilinearBatchingVerifier<Flavor_>::VerifierClaim MultilinearBatchingVerifier<Flavor_>::compute_new_claim(
76 const SumcheckOutput<Flavor>& sumcheck_result,
77 InstanceCommitments& verifier_commitments,
78 std::vector<InstanceFF>& unshifted_challenges,
79 std::vector<InstanceFF>& shifted_challenges,
80 const Commitment& non_shifted_accumulator_commitment,
81 const Commitment& shifted_accumulator_commitment,
82 const FF& batching_challenge)
83{
84 // Compute new claim as instance + challenge * accumulator
85 Commitment non_shifted_commitment = batch_mul<NUM_UNSHIFTED_ENTITIES>(verifier_commitments.get_unshifted(),
86 non_shifted_accumulator_commitment,
87 unshifted_challenges,
88 batching_challenge);
89 Commitment shifted_commitment = batch_mul<NUM_SHIFTED_ENTITIES>(verifier_commitments.get_to_be_shifted(),
90 shifted_accumulator_commitment,
91 shifted_challenges,
92 batching_challenge);
93
94 FF shifted_evaluation = sumcheck_result.claimed_evaluations.w_shifted_instance +
95 sumcheck_result.claimed_evaluations.w_shifted_accumulator * batching_challenge;
96 FF non_shifted_evaluation = sumcheck_result.claimed_evaluations.w_non_shifted_instance +
97 sumcheck_result.claimed_evaluations.w_non_shifted_accumulator * batching_challenge;
98 std::vector<FF> challenge = sumcheck_result.challenge;
99
100 return VerifierClaim{
101 .challenge = challenge,
102 .non_shifted_evaluation = non_shifted_evaluation,
103 .shifted_evaluation = shifted_evaluation,
104 .non_shifted_commitment = non_shifted_commitment,
105 .shifted_commitment = shifted_commitment,
106 };
107};
108
109template <typename Flavor_>
110std::pair<bool, typename MultilinearBatchingVerifier<Flavor_>::VerifierClaim> MultilinearBatchingVerifier<
111 Flavor_>::verify_proof(SumcheckOutput<InstanceFlavor>& instance_sumcheck,
112 InstanceCommitments& verifier_commitments,
113 std::vector<InstanceFF>& unshifted_challenges,
114 std::vector<InstanceFF>& shifted_challenges)
115{
116 // Receive commitments
117 auto non_shifted_accumulator_commitment =
118 transcript->template receive_from_prover<Commitment>("non_shifted_accumulator_commitment");
119 auto shifted_accumulator_commitment =
120 transcript->template receive_from_prover<Commitment>("shifted_accumulator_commitment");
121
122 // Receive challenges and evaluations
123 std::vector<FF> accumulator_challenges(Flavor::VIRTUAL_LOG_N);
124 std::vector<FF> accumulator_evaluations(2);
125 for (size_t i = 0; i < Flavor::VIRTUAL_LOG_N; i++) {
126 accumulator_challenges[i] =
127 transcript->template receive_from_prover<FF>("accumulator_challenge_" + std::to_string(i));
128 }
129 for (size_t i = 0; i < 2; i++) {
130 accumulator_evaluations[i] =
131 transcript->template receive_from_prover<FF>("accumulator_evaluation_" + std::to_string(i));
132 }
133
134 // Run sumcheck
135 const FF alpha = transcript->template get_challenge<FF>("Sumcheck:alpha");
136
137 FF target_sum = compute_new_target_sum(alpha,
138 instance_sumcheck,
139 unshifted_challenges,
140 shifted_challenges,
141 accumulator_evaluations[0],
142 accumulator_evaluations[1]);
143
144 Sumcheck sumcheck(transcript, alpha, Flavor::VIRTUAL_LOG_N, target_sum);
145 // MultilinearBatchingFlavor doesn't use gate challenges, and all rounds are non-padding
146 std::vector<FF> padding_indicator_array(Flavor::VIRTUAL_LOG_N, FF(1));
147 const auto sumcheck_result = sumcheck.verify({}, {}, padding_indicator_array);
148
149 // Construct new claim
150 auto claim_batching_challenge = transcript->template get_challenge<FF>("claim_batching_challenge");
151 VerifierClaim verifier_claim = compute_new_claim(sumcheck_result,
152 verifier_commitments,
153 unshifted_challenges,
154 shifted_challenges,
155 non_shifted_accumulator_commitment,
156 shifted_accumulator_commitment,
157 claim_batching_challenge);
158
159 // Verify that the sumcheck claimed evaluations match the evaluations computed from the verifier for the eq
160 // polynomials
161 bool verified = true;
162 auto equality_verified = sumcheck_result.claimed_evaluations.w_evaluations_accumulator ==
163 VerifierEqPolynomial<FF>::eval(accumulator_challenges, sumcheck_result.challenge) &&
164 sumcheck_result.claimed_evaluations.w_evaluations_instance ==
165 VerifierEqPolynomial<FF>::eval(instance_sumcheck.challenge, sumcheck_result.challenge);
166
167 if constexpr (IsRecursiveFlavor<Flavor>) {
168 equality_verified.assert_equal(stdlib::bool_t(equality_verified.get_context(), true));
169 verified = sumcheck_result.verified && equality_verified.get_value();
170 } else {
171 verified = sumcheck_result.verified && equality_verified;
172 }
173
174 return { verified, verifier_claim };
175}
176
177template class MultilinearBatchingVerifier<MultilinearBatchingFlavor>;
178template class MultilinearBatchingVerifier<MultilinearBatchingRecursiveFlavor>;
179
180} // namespace bb
FF
bb::field< bb::Bn254FrParams > FF
Definition field.cpp:22
circuit_builders_fwd.hpp
bb::MultilinearBatchingVerifier::compute_new_target_sum
FF compute_new_target_sum(const FF &alpha, SumcheckOutput< InstanceFlavor > &instance_sumcheck, const std::vector< InstanceFF > &unshifted_challenges, const std::vector< InstanceFF > &shifted_challenges, const FF &accumulator_non_shifted_evaluation, const FF &accumulator_shifted_evaluation) const
Utility to compute the new target sum for the batching sumcheck.
Definition multilinear_batching_verifier.cpp:22
bb::MultilinearBatchingVerifier::compute_new_claim
VerifierClaim compute_new_claim(const SumcheckOutput< Flavor > &sumcheck_result, InstanceCommitments &verifier_commitments, std::vector< InstanceFF > &unshifted_challenges, std::vector< InstanceFF > &shifted_challenges, const Commitment &non_shifted_accumulator_commitment, const Commitment &shifted_accumulator_commitment, const FF &batching_challenge)
Utility to compute the new claim after the batching sumcheck.
Definition multilinear_batching_verifier.cpp:75
bb::MultilinearBatchingVerifier::batch_mul
Commitment batch_mul(RefArray< Commitment, N > instance_commitments, const Commitment &accumulator_commitment, std::vector< FF > &scalars, const FF &batching_challenge)
Utility to perform batch mul of commitments.
Definition multilinear_batching_verifier.cpp:54
bb::MultilinearBatchingVerifier::MultilinearBatchingVerifier
MultilinearBatchingVerifier(const std::shared_ptr< Transcript > &transcript)
Definition multilinear_batching_verifier.cpp:17
bb::MultilinearBatchingVerifier::InstanceCommitments
InstanceFlavor::VerifierCommitments InstanceCommitments
Definition multilinear_batching_verifier.hpp:37
bb::RefArray
A template class for a reference array. Behaves as if std::array<T&, N> was possible.
Definition ref_array.hpp:22
bb::SumcheckVerifier
Implementation of the sumcheck Verifier for statements of the form for multilinear polynomials .
Definition sumcheck.hpp:786
bb::SumcheckVerifier::verify
SumcheckOutput< Flavor > verify(const bb::RelationParameters< FF > &relation_parameters, const std::vector< FF > &gate_challenges, const std::vector< FF > &padding_indicator_array)
The Sumcheck verification method. First it extracts round univariate, checks sum (the sumcheck univar...
Definition sumcheck.hpp:844
bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59
zip_view
Definition zip_view.hpp:166
mega_recursive_flavor.hpp
multilinear_batching_flavor.hpp
multilinear_batching_recursive_flavor.hpp
multilinear_batching_verifier.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402
bb::SumcheckOutput
Contains the evaluations of multilinear polynomials at the challenge point . These are computed by S...
Definition sumcheck_output.hpp:22
bb::SumcheckOutput::claimed_evaluations
ClaimedEvaluations claimed_evaluations
Definition sumcheck_output.hpp:30
bb::SumcheckOutput::challenge
std::vector< FF > challenge
Definition sumcheck_output.hpp:28
bb::VerifierEqPolynomial::eval
static FF eval(std::span< const FF > r_in, std::span< const FF > u)
Definition eq_polynomial.hpp:236
sumcheck_output.hpp