- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
Entry point for Barretenberg command-line interface. More...
Namespaces | |
| namespace | acir_bincode_mocks |
| namespace | avm2 |
| namespace | bbapi |
| namespace | benchmark |
| namespace | crypto |
| namespace | curve |
| namespace | detail |
| namespace | eccvm |
| namespace | field_conversion_tests |
| namespace | gemini |
| Prover output (evalutation pair, witness) that can be passed on to Shplonk batch opening. | |
| namespace | group_elements |
| namespace | grumpkin |
| namespace | ipc |
| namespace | lmdblib |
| namespace | messaging |
| namespace | mock_circuits |
| namespace | nodejs |
| namespace | numeric |
| namespace | pairing |
| namespace | plookup |
| namespace | polynomial_arithmetic |
| namespace | prover_instance_inspector |
| namespace | scalar_multiplication |
| namespace | secp256k1 |
| namespace | secp256r1 |
| namespace | srs |
| namespace | starknet |
| namespace | stdlib |
| namespace | test |
| namespace | thread_heuristics |
| namespace | transform |
| namespace | utils |
| namespace | wnaf |
| namespace | world_state |
Classes | |
| struct | accumulator_triple_ |
| struct | add_quad_ |
| struct | add_triple_ |
| class | API |
| struct | arithmetic_triple_ |
| class | ArithmeticRelationImpl |
| struct | AssertGuard |
| class | BarycentricDataCompileTime |
| class | BarycentricDataRunTime |
| class | BaseTranscript |
| Common transcript class for both parties. Stores the data for the current round, as well as the manifest. More... | |
| class | BatchedAffineAddition |
| Class for handling fast batched affine addition of large sets of EC points. More... | |
| class | BatchedAffineAdditionTests |
| struct | BatchOpeningClaim |
| An accumulator consisting of the Shplonk evaluation challenge and vectors of commitments and scalars. More... | |
| struct | Bn254Fq12Params |
| struct | Bn254Fq2Params |
| struct | Bn254Fq6Params |
| class | Bn254FqParams |
| class | Bn254FrParams |
| struct | Bn254G1Params |
| struct | Bn254G2Params |
| class | BN254Settings |
| Mock Flavors to use ZKSumcheckData and SmallSubgroupIPAProver in the PCS tests. More... | |
| struct | BuilderTypeHelper |
| struct | BuilderTypeHelper< Curve, std::enable_if_t< Curve::is_stdlib_type > > |
| struct | BusVector |
| A DataBus column. More... | |
| class | Chonk |
| The IVC scheme used by the aztec client for private function execution. More... | |
| class | ChonkAPI |
| class | CircuitBuilderBase |
| class | CircuitChecker |
| The unified interface for check circuit functionality implemented in the specialized CircuitChecker classes. More... | |
| struct | CircuitSchemaInternal |
| Serialized state of a circuit. More... | |
| struct | ClaimBatcher_ |
| Logic to support batching opening claims for unshifted and shifted polynomials in Shplemini. More... | |
| class | CommitmentKey |
| CommitmentKey object over a pairing group 𝔾₁. More... | |
| class | CommitmentTest |
| struct | CurveConstants |
| struct | cycle_node |
| cycle_node represents the idx of a value of the circuit. It will belong to a CyclicPermutation, which constrains all nodes in a CyclicPermutation to have the same value. The total number of constraints is always <2^32 since that is the type used to represent variables, so we can save space by using a type smaller than size_t. More... | |
| struct | databus_lookup_gate_ |
| class | DatabusLookupRelationImpl |
| Log-derivative lookup argument relation for establishing DataBus reads. More... | |
| class | DefaultIO |
| Manages the data that is propagated on the public inputs of an application/function circuit. More... | |
| class | DeltaRangeConstraintRelationImpl |
| class | DependentTestRelationImpl |
| A linearly dependent test relation for sumcheck testing. More... | |
| struct | ecc_add_gate_ |
| struct | ecc_dbl_gate_ |
| struct | ecc_op_tuple |
| struct | EccOpCode |
| Defines the opcodes for ECC operations used in both the Ultra and ECCVM formats. There are three opcodes that are reflected in both ultra ops and eccvm table and so, that lead to actual operations in the ECCVM : More... | |
| class | ECCOpQueue |
| Used to construct execution trace representations of elliptic curve operations. More... | |
| class | EccOpQueueRelationImpl |
| class | EccOpsTable |
| A table of ECC operations. More... | |
| class | EccRelationsConsistency |
| class | ECCVMBoolsRelationImpl |
| ECCVMBoolsRelationImpl evaluates the correctness of ECCVM boolean checks. More... | |
| class | ECCVMCircuitBuilder |
| class | ECCVMFixedVKCommitments |
| Stores the fixed ECCVM VK commitments (to precomputed polynomials) that depend only on the circuit size constant ECCVM_FIXED_SIZE. More... | |
| class | ECCVMFlavor |
| class | ECCVMLookupRelationImpl |
| class | ECCVMMSMMBuilder |
| class | ECCVMMSMRelationImpl |
| MSM relations that evaluate the Strauss multiscalar multiplication algorithm. More... | |
| struct | ECCVMOperation |
| class | ECCVMPointTablePrecomputationBuilder |
| class | ECCVMPointTableRelationImpl |
| ECCVMPointTableRelationImpl. More... | |
| class | ECCVMProver |
| class | ECCVMRecursiveFlavor |
| class | ECCVMRecursiveTests |
| class | EccvmRowTracker |
| Class for tracking the number of rows in the ECCVM circuit and the number of muls performed as the op queue is populated. More... | |
| class | ECCVMSetRelationImpl |
| class | ECCVMTraceChecker |
| class | ECCVMTranscriptBuilder |
| class | ECCVMTranscriptRelationImpl |
| ECCVMTranscriptRelationImpl evaluates the correctness of the ECCVM transcript columns. More... | |
| class | ECCVMVerifier_ |
| Unified ECCVM verifier class for both native and recursive verification. More... | |
| class | ECCVMWnafRelationImpl |
| ECCVMWnafRelationImpl evaluates relations that convert scalar multipliers into 4-bit WNAF slices. More... | |
| class | EcdsaCircuit |
| class | EllipticRelationImpl |
| class | EvaluationDomain |
| class | ExecutionTraceBlock |
| Basic structure for storing gate data in a builder. More... | |
| struct | field |
| General class for prime fields see Prime field documentation["field documentation"] for general implementation reference. More... | |
| class | field12 |
| struct | field2 |
| class | field6 |
| struct | FieldVM |
| Virtual machine for field arithmetic operations. More... | |
| struct | fixed_group_add_quad_ |
| struct | fixed_group_init_quad_ |
| class | Formatter |
| class | FrCodec |
| struct | GateSeparatorPolynomial |
| Implementation of the methods for the \(pow_{\beta}\)-polynomials used in in Sumcheck. More... | |
| class | GeminiProver_ |
| class | GeminiVerifier_ |
| Gemini Verifier utility methods used by ShpleminiVerifier. More... | |
| class | GenericLookupRelationImpl |
| Specifies positions of elements in the tuple of entities received from methods in the Settings class. More... | |
| class | GenericPermutationRelationImpl |
| class | Goblin |
| struct | GoblinAccumulationOutput |
| class | GoblinMockCircuits |
| struct | GoblinProof |
| struct | GoblinStdlibProof |
| struct | GoogleBbBenchReporter |
| class | group |
| group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr More... | |
| class | GrumpkinSettings |
| class | HidingKernelIO |
| Manages the data that is propagated on the public inputs of of a hiding kernel circuit. More... | |
| class | HypernovaDeciderProver |
| class | HypernovaDeciderVerifier |
| class | HypernovaFoldingProver |
| class | HypernovaFoldingVerifier |
| class | HypernovaNativeTypes |
| class | HypernovaRecursiveTypes |
| class | IPA |
| IPA (inner product argument) commitment scheme class. More... | |
| struct | is_field_type |
| Helper to determine whether input is bberg::field type. More... | |
| struct | is_field_type< bb::field< Params > > |
| class | IVCBase |
| Base class interface for IVC schemes. More... | |
| class | KZG |
| class | KZGTest |
| class | LogDerivLookupRelationImpl |
| Log-derivative lookup argument relation for establishing lookup reads from tables with 3 or fewer columns. More... | |
| class | MaliciousWitnessInjector |
| Test utility for injecting malicious witness values to test failure modes. More... | |
| struct | Mapping |
| Stores permutation mapping data for a single wire column. More... | |
| class | MegaCircuitBuilder_ |
| class | MegaExecutionTraceBlocks |
| class | MegaFlavor |
| class | MegaRecursiveFlavor_ |
| The recursive counterpart to the "native" Mega flavor. More... | |
| class | MegaTraceArithmeticBlock |
| class | MegaTraceBlock |
| struct | MegaTraceBlockData |
| A container indexed by the types of the blocks in the execution trace. More... | |
| class | MegaTraceBusReadBlock |
| class | MegaTraceDeltaRangeBlock |
| class | MegaTraceEllipticBlock |
| class | MegaTraceLookupBlock |
| class | MegaTraceMemoryBlock |
| class | MegaTraceNonNativeFieldBlock |
| class | MegaTracePoseidon2ExternalBlock |
| class | MegaTracePoseidon2InternalBlock |
| class | MegaTracePublicInputBlock |
| class | MegaZKFlavor |
| Child class of MegaFlavor that runs with ZK Sumcheck. See more in Sumcheck Outline. More... | |
| class | MegaZKRecursiveFlavor_ |
| The recursive counterpart to the "native" MegaZKFlavor. More... | |
| class | MemoryRelationImpl |
| class | MergeProver |
| Prover class for the Goblin ECC op queue transcript merge protocol. More... | |
| class | MergeTests |
| Unified test fixture for native and recursive merge verification. More... | |
| class | MergeTranscriptTests |
| Test class for merge protocol transcript pinning tests. More... | |
| class | MergeVerifier_ |
| Unified verifier class for the Goblin ECC op queue transcript merge protocol. More... | |
| struct | MetaData |
| Dyadic trace size and public inputs metadata; Common between prover and verifier keys. More... | |
| class | MockCircuits |
| struct | MockClaimGenerator |
| Constructs random polynomials, computes commitments and corresponding evaluations. More... | |
| class | MockTranscript |
| Mock transcript class used by IPA tests and fuzzer. More... | |
| struct | mul_quad_ |
| struct | mul_triple_ |
| class | MultilinearBatchingAccumulatorRelationImpl |
| class | MultilinearBatchingFlavor |
| class | MultilinearBatchingInstanceRelationImpl |
| class | MultilinearBatchingProver |
| struct | MultilinearBatchingProverClaim |
| class | MultilinearBatchingProvingKey |
| class | MultilinearBatchingRecursiveFlavor |
| class | MultilinearBatchingVerifier |
| struct | MultilinearBatchingVerifierClaim |
| struct | MultithreadData |
| class | NamedUnion |
| A wrapper around std::variant that provides msgpack serialization based on type names. More... | |
| class | NativeVerificationKey_ |
| Base Native verification key class. More... | |
| struct | non_native_multiplication_witnesses |
| struct | non_native_partial_multiplication_witnesses |
| class | NonNativeFieldRelationImpl |
| class | OinkProver |
| Class for all the oink rounds, which are shared between the folding prover and ultra prover. More... | |
| class | OinkVerifier |
| Verifier class for all the presumcheck rounds, which are shared between the folding verifier and ultra verifier. More... | |
| struct | OinkVerifierInstanceType |
| struct | OinkVerifierInstanceType< Flavor, true > |
| class | OpeningClaim |
| Unverified claim (C,r,v) for some witness polynomial p(X) such that. More... | |
| class | OpeningPair |
| Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v. More... | |
| struct | OriginTag |
| class | PairingPoints |
| An object storing two EC points that represent the inputs to a pairing check. More... | |
| class | PairingPointsTagging |
| Class to manage pairing point tagging. More... | |
| struct | PermutationMapping |
| struct | PolyData |
| class | Polynomial |
| Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x ... a_n x^n of a finite field polynomial equation of degree that is at most the size of some zk circuit. Past 'n' it has a virtual size where it conceptually has coefficients all equal to 0. Notably, we allow indexing past 'n' up to our virtual size (checked only in a debug build, however). As well, we have a start index that means coefficients before start_index are also considered to be 0. The polynomial is used to represent the gates of our arithmetized zk programs. Polynomials use the majority of the memory in proving, so caution should be used in making sure unnecessary copies are avoided, both for avoiding unnecessary memory usage and performance due to unnecessary allocations. The polynomial has a maximum degree in the underlying SharedShiftedVirtualZeroesArray, dictated by the circuit size, this is just used for debugging as we represent. More... | |
| struct | PolynomialSpan |
| struct | poseidon2_external_gate_ |
| struct | poseidon2_internal_gate_ |
| class | Poseidon2ExternalRelationImpl |
| class | Poseidon2InternalRelationImpl |
| struct | PrecomputedData_ |
| The precomputed data needed to compute a Honk VK. More... | |
| struct | PrivateExecutionStepRaw |
| This is the msgpack encoding of the objects returned by the following typescript: const stepToStruct = (step: PrivateExecutionStep) => { return { bytecode: step.bytecode, witness: serializeWitness(step.witness), vk: step.vk, functionName: step.functionName }; }; await fs.writeFile(path, encode(executionSteps.map(stepToStruct))); See format notes below. More... | |
| struct | PrivateExecutionSteps |
| class | ProverEqPolynomial |
| Prover-side eq(X, r) polynomial over Boolean hypercube. More... | |
| class | ProverInstance_ |
| A ProverInstance is normally constructed from a finalized circuit and it contains all the information required by a Mega Honk prover to create a proof. More... | |
| class | ProverOpeningClaim |
| Polynomial p and an opening pair (r,v) such that p(r) = v. More... | |
| class | ProxyCaller |
| Wrapper class that allows us to call IPA methods. More... | |
| struct | PublicComponentKey |
| class | PublicInputComponent |
| A wrapper class for deserializing objects from the public inputs of a circuit. More... | |
| struct | PublicInputsAndProof |
| struct | RamRecord |
| A RAM memory record that can be ordered, first by index, then by timestamp. More... | |
| struct | RamTranscript |
RamTranscript contains the RamRecords for a particular RAM table (recording READ and WRITE operations) as well as the vector whose ith entry corresponds to the current ith value of the RAM table. More... | |
| class | RecursiveCircuit |
| class | RecursiveVeriferCommitmentKeyTest |
| class | RefArray |
| A template class for a reference array. Behaves as if std::array<T&, N> was possible. More... | |
| class | RefSpan |
| class | RefVector |
| A template class for a reference vector. Behaves as if std::vector<T&> was possible. More... | |
| class | Relation |
| A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribution of a given relation to the corresponding accumulator. More... | |
| class | RelationChecker |
| A debugging utility for checking whether a set of polynomials satisfies the relations for a given Flavor. More... | |
| class | RelationChecker< bb::UltraFlavor > |
| class | RelationChecker< MegaFlavor > |
| struct | RelationParameters |
| Container for parameters used by the grand product (permutation, lookup) Honk relations. More... | |
| class | RelationUtils |
| struct | RepeatedCommitmentsData |
| class | RollupIO |
| The data that is propagated on the public inputs of a rollup circuit. More... | |
| class | RomRamLogic_ |
| ROM/RAM logic handler for UltraCircuitBuilder. More... | |
| struct | RomRecord |
| A ROM memory record that can be ordered, where the ordering is given by the index (a.k.a. position in the ROM array). More... | |
| struct | RomTranscript |
RomTranscript contains the RomRecords for a particular ROM table as well as the vector whose ith entry corresponds to the ith value (or pair of values) of the ROM table. More... | |
| struct | RoundUnivariateHandler |
| Handler for processing round univariates in sumcheck. Default implementation: send evaluations directly to transcript. More... | |
| struct | RoundUnivariateHandler< Flavor, true > |
| Specialization for Grumpkin flavors: commit to round univariates. More... | |
| struct | RowDisablingPolynomial |
| Polynomial for Sumcheck with disabled Rows. More... | |
| class | Selector |
| Abstract interface for a generic selector. More... | |
| class | ShpleminiKZGTest |
| class | ShpleminiProver_ |
| class | ShpleminiTest |
| class | ShpleminiVerifier_ |
| An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts. More... | |
| class | ShplonkProver_ |
| Shplonk Prover. More... | |
| class | ShplonkTest |
| class | ShplonkVerifier_ |
| Shplonk Verifier. More... | |
| class | SlabVectorSelector |
| Selector backed by a slab allocator vector. More... | |
| struct | SmallSubgroupIPACommitments |
| Contains commitments to polynomials [G], [A], and [Q]. See SmallSubgroupIPAProver docs. More... | |
| class | SmallSubgroupIPAProver |
| A Curve-agnostic ZK protocol to prove inner products of small vectors. More... | |
| class | SmallSubgroupIPATest |
| class | SmallSubgroupIPAVerifier |
| Verifies the consistency of polynomial evaluations provided by the the prover. More... | |
| class | StdlibVerificationKey_ |
| Base Stdlib verification key class. More... | |
| struct | SumcheckOutput |
| Contains the evaluations of multilinear polynomials \( P_1, \ldots, P_N\) at the challenge point \(\vec u
=(u_0,\ldots, u_{d-1})\). These are computed by Sumcheck Prover and need to be checked using Shplemini. More... | |
| class | SumcheckProver |
| The implementation of the sumcheck Prover for statements of the form \(\sum_{\vec \ell \in \{0,1\}^d}
pow_{\beta}(\vec \ell) \cdot F \left(P_1(\vec \ell),\ldots, P_N(\vec \ell) \right) = 0 \) for multilinear polynomials \(P_1, \ldots, P_N \). More... | |
| class | SumcheckProverRound |
| Imlementation of the Sumcheck prover round. More... | |
| class | SumcheckTestFlavor_ |
| A flexible, minimal test flavor for sumcheck testing. More... | |
| class | SumcheckVerifier |
| Implementation of the sumcheck Verifier for statements of the form \(\sum_{\vec \ell \in \{0,1\}^d}
pow_{\beta}(\vec \ell) \cdot F \left(P_1(\vec \ell),\ldots, P_N(\vec \ell) \right) = 0 \) for multilinear polynomials \(P_1, \ldots, P_N \). More... | |
| class | SumcheckVerifierRound |
| Implementation of the Sumcheck Verifier Round. More... | |
| class | SumcheckVerifierRound< Flavor, true > |
| Specialization for Grumpkin flavors: receive commitments and evaluations, defer per-round verification to Shplemini. More... | |
| struct | ThreadChunk |
| class | ThreadPool |
| class | ThreadTest |
| class | TraceToPolynomials |
| struct | TranscriptFor |
| Helper to get the appropriate Transcript type for a given Curve. More... | |
| struct | TranscriptFor< Curve, true > |
| class | TranscriptManifest |
| class | TranslationData |
A class designed to accept the ECCVM Transcript Polynomials, concatenate their masking terms in Lagrange basis over the SmallSubgroup, and commit to the concatenation. More... | |
| struct | TranslationEvaluations_ |
Stores the evaluations of op, Px, Py, z1, and z2 computed by the ECCVM Prover. These evaluations are batched and checked against the accumulated_result, which is computed and verified by Translator. More... | |
| class | TranslatorAccumulatorTransferRelationImpl |
| class | TranslatorCircuitBuilder |
| TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQueue in Fq while operating in the Fr scalar field (r is the modulus of Fr and q is the modulus of Fq) More... | |
| class | TranslatorCircuitChecker |
| class | TranslatorDecompositionRelationImpl |
| class | TranslatorDeltaRangeConstraintRelationImpl |
| struct | TranslatorFixedVKCommitments |
| Stores the fixed Translator VK commitments (to precomputed polynomials) that depend only on the circuit size constant CONST_TRANSLATOR_LOG_N. More... | |
| class | TranslatorFlavor |
| struct | TranslatorInputData_ |
| Data passed from ECCVM Verifier to Translator Verifier for verification. More... | |
| class | TranslatorNonNativeFieldRelationImpl |
| class | TranslatorOpcodeConstraintRelationImpl |
| class | TranslatorPermutationRelationImpl |
| class | TranslatorProver |
| class | TranslatorProvingKey |
| class | TranslatorRecursiveFlavor |
| The recursive counterpart of the native Translator flavor. More... | |
| class | TranslatorRecursiveTests |
| Test suite for standalone recursive verification of translation proofs. More... | |
| class | TranslatorRecursiveVerifier |
| class | TranslatorVerifier |
| class | TranslatorZeroConstraintsRelationImpl |
| struct | TupleOfContainersOverArray |
| Generic templates for constructing a container of containers of varying length, where the various lengths are specified in an array. More... | |
| struct | TupleOfContainersOverArray< InnerContainer, ValueType, domain_end, std::index_sequence< I... > > |
| class | U256Codec |
| class | UltraCircuitBuilder_ |
| class | UltraCircuitChecker |
| class | UltraEccOpsTable |
| Stores a table of elliptic curve operations represented in the Ultra format. More... | |
| class | UltraExecutionTraceBlocks |
| class | UltraFlavor |
| class | UltraHonkAPI |
| class | UltraHonkTests |
| class | UltraKeccakFlavor |
| class | UltraKeccakRecursiveFlavor_ |
| class | UltraKeccakZKFlavor |
| struct | UltraOp |
| class | UltraPermutationRelationImpl |
| Ultra Permutation Relation. More... | |
| class | UltraProver_ |
| class | UltraRecursiveFlavor_ |
| The recursive counterpart to the "native" Ultra flavor. More... | |
| class | UltraRollupFlavor |
| class | UltraRollupRecursiveFlavor_ |
| The recursive counterpart to the "native" UltraRollupFlavor. More... | |
| class | UltraTraceArithmeticBlock |
| class | UltraTraceBlock |
| struct | UltraTraceBlockData |
| Defines the circuit block types for the Ultra arithmetization. More... | |
| class | UltraTraceDeltaRangeBlock |
| class | UltraTraceEllipticBlock |
| class | UltraTraceLookupBlock |
| class | UltraTraceMemoryBlock |
| class | UltraTraceNonNativeFieldBlock |
| class | UltraTracePoseidon2ExternalBlock |
| class | UltraTracePoseidon2InternalBlock |
| class | UltraTracePublicInputBlock |
| class | UltraVerifier_ |
| class | UltraZKFlavor |
| Child class of UltraFlavor that runs with ZK Sumcheck. More... | |
| class | UltraZKRecursiveFlavor_ |
| The recursive counterpart to the Ultra flavor with ZK. More... | |
| class | Univariate |
| A univariate polynomial represented by its values on {0, 1,..., domain_end - 1}. More... | |
| class | UnivariateClaimData |
| class | UnivariateCoefficientBasis |
| A view of a univariate, also used to truncate univariates. More... | |
| class | UnivariateView |
| A view of a univariate, also used to truncate univariates. More... | |
| class | VerifierCommitmentKey |
| Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit. More... | |
| class | VerifierCommitmentKey< curve::BN254 > |
| Specialization for bn254. More... | |
| class | VerifierCommitmentKey< curve::Grumpkin > |
| Specialization for Grumpkin. More... | |
| struct | VerifierEqPolynomial |
| Verifier-side polynomial for division-free evaluation of eq(r, u). More... | |
| class | VerifierInstance_ |
| The VerifierInstance encapsulates all the necessary information for a Mega Honk Verifier to verify a proof (sumcheck + Shplemini). In the context of folding, this is provided to the Hypernova verifier as an incoming instance. More... | |
| struct | VerifierZKCorrectionHandler |
| Handler for ZK-related verification adjustments in sumcheck. Default implementation: no ZK adjustments needed. More... | |
| struct | VerifierZKCorrectionHandler< Flavor, true > |
| Specialization for ZK flavors: handle Libra masking and row disabling. More... | |
| class | VKAndHash_ |
| struct | VMSettings |
| Settings structure to control which operations are enabled in the VM. More... | |
| class | WitnessComputation |
| Methods for managing the compututation of derived witness polynomials such as the permutation grand product, log-derivative lookup inverses, and RAM/RAM memory records. More... | |
| class | ZeroSelector |
| Selector specialization that only allows zeros. More... | |
| struct | ZKSumcheckData |
| This structure is created to contain various polynomials and constants required by ZK Sumcheck. More... | |
Concepts | |
| concept | HasMsgpackSchemaName |
| Concept to check if a type has a static NAME member. | |
| concept | IsUltraHonk |
| Test whether a type T lies in a list of types ...U. | |
| concept | IsUltraOrMegaHonk |
| concept | IsMegaFlavor |
| concept | HasDataBus |
| concept | UseRowDisablingPolynomial |
| concept | HasIPAAccumulator |
| concept | IsRecursiveFlavor |
| concept | IsKeccakFlavor |
| concept | isMultilinearBatchingFlavor |
| concept | IsGrumpkinFlavor |
| concept | IsAnyOf |
| concept | IsDeserializableFromPublicInputs |
| A concept defining requirements for types that are to be deserialized from the public inputs of a circuit via the PublicInputComponent class. | |
| concept | HasSubrelationLinearlyIndependentMember |
| concept | isSkippable |
| The templates defined herein facilitate sharing the relation arithmetic between the prover and the verifier. | |
| concept | isRowSkippable |
| Check if the flavor has a static skip method to determine if accumulation of all relations can be skipped for a given row. | |
| concept | isAvmFlavor |
| concept | InCircuit |
Functions | |
| void | avm_prove (const std::filesystem::path &inputs_path, const std::filesystem::path &output_path) |
| Writes an avm proof and corresponding (incomplete) verification key to files. | |
| void | avm_check_circuit (const std::filesystem::path &inputs_path) |
| Stub - throws runtime error if called. | |
| bool | avm_verify (const std::filesystem::path &proof_path, const std::filesystem::path &public_inputs_path, const std::filesystem::path &vk_path) |
| Verifies an avm proof and writes the result to stdout. | |
| void | avm_simulate (const std::filesystem::path &inputs_path) |
| Simulates an public transaction. | |
| void | avm_write_verification_key (const std::filesystem::path &output_path) |
| Writes an avm (incomplete) verification key to a file. | |
| void | chonk_gate_count (const std::string &bytecode_path, bool include_gates_per_opcode) |
| std::vector< uint8_t > | decompress (const void *bytes, size_t size) |
| std::vector< uint8_t > | compress (const std::vector< uint8_t > &input) |
| int | process_msgpack_commands (std::istream &input_stream) |
| Process msgpack API commands from an input stream. | |
| int | execute_msgpack_ipc_server (std::unique_ptr< ipc::IpcServer > server) |
| Execute msgpack commands over IPC. | |
| int | execute_msgpack_run (const std::string &msgpack_input_file, int max_clients=1, size_t request_ring_size=1024UL *1024, size_t response_ring_size=1024UL *1024) |
| Execute msgpack run command. | |
| bool | transpile_artifact (const std::string &input_path, const std::string &output_path) |
| Transpile the artifact file (or copy if transpiler not enabled) | |
| bool | process_aztec_artifact (const std::string &input_path, const std::string &output_path, bool force=false) |
| Process Aztec contract artifacts: transpile and generate verification keys. | |
| std::vector< std::string > | find_contract_artifacts (const std::string &search_path=".") |
| Find all contract artifacts in target/ directories. | |
| bool | process_all_artifacts (const std::string &search_path=".", bool force=false) |
| Process all discovered contract artifacts in a directory tree. | |
| bool | get_cache_paths (const std::string &input_path) |
| Get cache paths for all verification keys in an artifact. | |
| size_t | get_file_size (std::string const &filename) |
| std::vector< uint8_t > | read_file (const std::string &filename, size_t bytes=0) |
| void | write_file (const std::string &filename, std::vector< uint8_t > const &data) |
| template<typename Fr > | |
| std::string | field_elements_to_json (const std::vector< Fr > &fields) |
| void | print_active_subcommands (const CLI::App &app, const std::string &prefix="bb command: ") |
| CLI::App * | find_deepest_subcommand (CLI::App *app) |
| void | print_subcommand_options (const CLI::App *sub) |
| int | parse_and_run_cli_command (int argc, char *argv[]) |
| Parse command line arguments and run the corresponding command. | |
| std::vector< uint8_t > | get_curve_constants_msgpack () |
| Generate msgpack-encoded curve constants for all supported curves. | |
| void | write_curve_constants_msgpack_to_stdout () |
| Write msgpack-encoded curve constants to stdout. | |
| TEST (BoomerangMegaCircuitBuilder, BasicCircuit) | |
| TEST (BoomerangMegaCircuitBuilder, OnlyGoblinEccOpQueueUltraOps) | |
| Check that the ultra ops are recorded correctly in the EccOpQueue. | |
| void | read (uint8_t const *&it, Chonk::VerificationKey &vk) |
| void | write (std::vector< uint8_t > &buf, Chonk::VerificationKey const &vk) |
| template<typename T > | |
| T | unpack_from_file (const std::filesystem::path &filename) |
| std::pair< Chonk::Proof, Chonk::VerificationKey > | accumulate_and_prove_with_precomputed_vks (size_t num_app_circuits, auto &precomputed_vks, const bool large_first_app=true) |
| Perform a specified number of circuit accumulation rounds. | |
| std::vector< std::shared_ptr< typename MegaFlavor::VerificationKey > > | precompute_vks (const size_t num_app_circuits, const bool large_first_app=true) |
| TEST (MegaCircuitBuilder, CopyConstructor) | |
| TEST (MegaCircuitBuilder, BaseCase) | |
| TEST (MegaCircuitBuilder, GoblinSimple) | |
| Test the queueing of simple ecc ops via the Goblin builder. | |
| TEST (MegaCircuitBuilder, GoblinEccOpQueueUltraOps) | |
| Check that the ultra ops are recorded correctly in the EccOpQueue. | |
| TEST (MegaCircuitBuilder, CompleteSelectorPartitioningCheck) | |
| Check that the selector partitioning is correct for the mega circuit builder. | |
| TEST (UltraCircuitBuilder, CopyConstructor) | |
| TEST (UltraCircuitBuilder, BaseCase) | |
| TEST (UltraCircuitBuilder, TestNoLookupProof) | |
| TEST (UltraCircuitBuilder, CheckCircuitShowcase) | |
| TEST (UltraCircuitBuilder, Rom) | |
| TEST (UltraCircuitBuilder, RamSimple) | |
| A simple-as-possible RAM read test, for easier debugging. | |
| TEST (UltraCircuitBuilder, Ram) | |
| TEST (UltraCircuitBuilder, RangeConstraint) | |
| TEST (UltraCircuitBuilder, RangeWithGates) | |
| TEST (UltraCircuitBuilder, RangeWithGatesWhereRangeIsNotAPowerOfTwo) | |
| TEST (UltraCircuitBuilder, ComposedRangeConstraint) | |
| TEST (UltraCircuitBuilder, RangeChecksOnDuplicates) | |
| TEST (UltraCircuitBuilder, NonTrivialTagPermutation) | |
| TEST (UltraCircuitBuilder, NonTrivialTagPermutationAndCycles) | |
| TEST (UltraCircuitBuilder, BadTagPermutation) | |
| TEST (UltraCircuitBuilder, SortWidget) | |
| TEST (UltraCircuitBuilder, SortWithEdgesGate) | |
| TEST (UltraCircuitBuilder, SortWidgetComplex) | |
| TEST (UltraCircuitBuilder, SortWidgetNeg) | |
| template<> | |
| auto | UltraCircuitChecker::init_empty_values< MegaCircuitBuilder_< bb::fr > > () |
| template<> | |
| MegaCircuitBuilder_< bb::fr > | UltraCircuitChecker::prepare_circuit< MegaCircuitBuilder_< bb::fr > > (const MegaCircuitBuilder_< bb::fr > &builder_in) |
| template bool | UltraCircuitChecker::check< MegaCircuitBuilder_< bb::fr > > (const MegaCircuitBuilder_< bb::fr > &builder_in) |
| template<typename Curve > | |
| CommitmentKey< Curve > | create_commitment_key (const size_t num_points) |
| template<typename FF > | |
| Polynomial< FF > | sparse_random_poly (const size_t size, const size_t num_nonzero) |
| template<typename FF > | |
| PolyData< FF > | structured_random_poly (bool non_zero_complement=false) |
| template<typename Curve > | |
| void | bench_commit_zero (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse_preprocessed (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse_random (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_sparse_random_preprocessed (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_random (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_random_non_power_of_2 (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_structured_random_poly (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_commit_mock_z_perm (::benchmark::State &state) |
| template<typename Curve > | |
| void | bench_pippenger_without_endomorphism_basis_points (::benchmark::State &state) |
| Benchmark pippenger_without_endomorphism_basis_points function, which is used notably in the IPA verifier. | |
| DenseRange (MIN_LOG_NUM_GRUMPKIN_POINTS, MAX_LOG_NUM_GRUMPKIN_POINTS) -> Unit(benchmark::kMillisecond) | |
| DenseRange (MIN_LOG_NUM_POINTS, MAX_LOG_NUM_POINTS) -> Unit(benchmark::kMillisecond) | |
| BENCHMARK (bench_commit_structured_random_poly< curve::BN254 >) -> Unit(benchmark::kMillisecond) | |
| BENCHMARK (bench_commit_mock_z_perm< curve::BN254 >) -> Unit(benchmark::kMillisecond) | |
| template<class CK > | |
| CK | create_commitment_key (const size_t num_points=0) |
| template<> | |
| CommitmentKey< curve::BN254 > | create_commitment_key< CommitmentKey< curve::BN254 > > (const size_t num_points) |
| template<> | |
| CommitmentKey< curve::Grumpkin > | create_commitment_key< CommitmentKey< curve::Grumpkin > > (const size_t num_points) |
| template<class VK > | |
| VK | create_verifier_commitment_key () |
| template<> | |
| VerifierCommitmentKey< curve::BN254 > | create_verifier_commitment_key< VerifierCommitmentKey< curve::BN254 > > () |
| template<> | |
| VerifierCommitmentKey< curve::Grumpkin > | create_verifier_commitment_key< VerifierCommitmentKey< curve::Grumpkin > > () |
| TEST_F (IPATest, ChallengesAreZero) | |
| TEST_F (IPATest, AIsZeroAfterOneRound) | |
| TEST_F (KZGTest, Single) | |
| TEST_F (KZGTest, ZeroEvaluation) | |
| TEST_F (KZGTest, ZeroPolynomial) | |
| TEST_F (KZGTest, ConstantPolynomial) | |
| TEST_F (KZGTest, EmptyPolynomial) | |
| TEST_F (KZGTest, SingleInLagrangeBasis) | |
| Test opening proof of a polynomial given by its evaluations at \( i = 0, \ldots, n \). Should only be used for small values of \( n \). | |
| TEST_F (KZGTest, ShpleminiKzgWithShift) | |
| TEST_F (KZGTest, ShpleminiKzgWithShiftAndInterleaving) | |
| TEST_F (KZGTest, ShpleminiKzgShiftsRemoval) | |
| TYPED_TEST_SUITE (ShpleminiTest, TestSettings) | |
| TYPED_TEST (ShpleminiTest, CorrectnessOfMultivariateClaimBatching) | |
| TYPED_TEST (ShpleminiTest, CorrectnessOfGeminiClaimBatching) | |
| TYPED_TEST (ShpleminiTest, ShpleminiZKNoSumcheckOpenings) | |
| Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver and Libra polynomials used to mask Sumcheck Round Univariates. This abstracts the PCS step in each ZK Flavor running over BN254. | |
| TYPED_TEST (ShpleminiTest, ShpleminiZKWithSumcheckOpenings) | |
| Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver, Libra polynomials used to mask Sumcheck Round Univariates and prove/verify the claimed evaluations of committed sumcheck round univariates. This test abstracts the PCS step in each ZK Flavor running over Grumpkin. | |
| TYPED_TEST (ShpleminiTest, HighDegreeAttackAccept) | |
| High degree attack test: prover commits to a higher degree polynomial than expected. | |
| TYPED_TEST (ShpleminiTest, HighDegreeAttackReject) | |
| High degree attack test: prover commits to a random higher degree polynomial. | |
| TYPED_TEST_SUITE (ShplonkTest, CurveTypes) | |
| TYPED_TEST (ShplonkTest, ShplonkSimple) | |
| TYPED_TEST (ShplonkTest, ShplonkLinearlyDependent) | |
| TYPED_TEST (ShplonkTest, ExportBatchClaimAndVerify) | |
| template<typename Curve > | |
| std::vector< typename Curve::ScalarField > | compute_eccvm_challenge_coeffs (const typename Curve::ScalarField &evaluation_challenge_x, const typename Curve::ScalarField &batching_challenge_v) |
| Denote \( M = \text{NUM_DISABLED_ROWS_IN_SUMCHECK} \) and \( N = NUM_SMALL_IPA_EVALUTIONS\). Given an evaluation challenge \( x \) and a batching challenge \(v\), compute the polynomial whose coefficients are given by the vector \( (1, x , x^2 , \ldots, x^{M - 1 }, v\cdot x, \ldots, v^{N-1} \cdot x^{M-2}, v^{N-1}, \cdot x^{M-1},
0, \ldots, 0)\) in the Lagrange basis over the Small Subgroup. | |
| TYPED_TEST_SUITE (SmallSubgroupIPATest, TestFlavors) | |
| TYPED_TEST (SmallSubgroupIPATest, ProverComputationsCorrectness) | |
| TYPED_TEST (SmallSubgroupIPATest, VerifierEvaluations) | |
| TYPED_TEST (SmallSubgroupIPATest, LibraEvaluationsConsistency) | |
| TYPED_TEST (SmallSubgroupIPATest, LibraEvaluationsConsistencyFailure) | |
| TYPED_TEST (SmallSubgroupIPATest, TranslationMaskingTermConsistency) | |
| TYPED_TEST (SmallSubgroupIPATest, TranslationMaskingTermConsistencyFailure) | |
| std::array< std::string, NUM_SMALL_IPA_EVALUATIONS > | get_evaluation_labels (const std::string &label_prefix) |
Shared by Prover and Verifier. label_prefix is either Libra: or Translation:. | |
| template<typename FF > | |
| std::array< FF, NUM_SMALL_IPA_EVALUATIONS > | compute_evaluation_points (const FF &small_ipa_evaluation_challenge, const FF &subgroup_generator) |
| The verification of Grand Sum Identity requires the evaluations G(r), A(g * r), A(r), Q(r). Shared by Prover and Verifier. | |
| AssertMode & | get_assert_mode () |
| void | assert_failure (std::string const &err) |
| template<size_t Start, size_t End, size_t Inc, class F > | |
| constexpr void | constexpr_for (F &&f) |
| Implements a loop using a compile-time iterator. Requires c++20. Implementation (and description) from https://artificial-mind.net/blog/2020/10/31/constexpr-for. | |
| template<typename C > | |
| C | slice (C const &container, size_t start) |
| template<typename C > | |
| C | slice (C const &container, size_t start, size_t end) |
| template<typename C > | |
| C | join (std::initializer_list< C > to_join) |
| std::string | join (std::vector< std::string > const &to_join, std::string const &with=",") |
| template<template< typename, typename... > typename Cont, typename InnerCont , typename... Args> | |
| InnerCont | flatten (Cont< InnerCont, Args... > const &in) |
| template<typename T > | |
| int64_t | index_of (std::vector< T > const &vec, T const &item) |
| template<template< typename, typename... > typename Cont, typename Inner , typename... Args> | |
| Inner | sum (Cont< Inner, Args... > const &in) |
| template<template< typename, typename... > typename Cont, typename Left , typename Right , typename... Args> | |
| std::pair< Left, Right > | sum_pairs (Cont< std::pair< Left, Right >, Args... > const &in) |
| std::string | msgpack_to_json (msgpack::object const &o, size_t max_chars) |
| template<typename... Types> | |
| NamedUnion (std::variant< Types... >) -> NamedUnion< Types... > | |
| void | parallel_for_atomic_pool (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_mutex_pool (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_queued (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_spawning (size_t num_iterations, const std::function< void(size_t)> &func) |
| template<typename T , typename... Ts> | |
| RefArray (T &, Ts &...) -> RefArray< T, 1+sizeof...(Ts)> | |
| Deduction guide for the RefArray class. Allows for RefArray {a, b, c} without explicit template params. | |
| template<typename T , std::size_t... Ns> | |
| RefArray< T,(Ns+...)> constexpr | concatenate (const RefArray< T, Ns > &... ref_arrays) |
| Concatenates multiple RefArray objects into a single RefArray. | |
| template<typename T , typename... Ts> | |
| RefVector (T &, Ts &...) -> RefVector< T > | |
| Deduction guide for the RefVector class. Allows for RefVector {a, b, c} without explicit template params. | |
| template<typename T > | |
| RefVector< T > | concatenate (const RefVector< T > &ref_vector, const auto &... ref_vectors) |
| Concatenates multiple RefVector objects into a single RefVector. | |
| template<typename T , std::size_t... Ns> | |
| std::array< T,(Ns+...)> | concatenate (const std::array< T, Ns > &... arrays) |
| Concatenates multiple std::array objects into a single array. | |
| template<typename T > | |
| std::vector< T > | concatenate (const std::vector< T > &vector, const auto &... vectors) |
| Concatenates multiple std::vector objects into a single std::vector. | |
| void | set_parallel_for_concurrency (size_t num_cores) |
| size_t | get_num_cpus () |
| void | parallel_for_omp (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_moody (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for (size_t num_iterations, const std::function< void(size_t)> &func) |
| void | parallel_for_range (size_t num_points, const std::function< void(size_t, size_t)> &func, size_t no_multhreading_if_less_or_equal) |
| Split a loop into several loops running in parallel. | |
| void | parallel_for_heuristic (size_t num_points, const std::function< void(size_t, size_t, size_t)> &func, size_t heuristic_cost) |
| Split a loop into several loops running in parallel based on operations in 1 iteration. | |
| MultithreadData | calculate_thread_data (size_t num_iterations, size_t min_iterations_per_thread=DEFAULT_MIN_ITERS_PER_THREAD) |
| Calculates number of threads and index bounds for each thread. | |
| size_t | calculate_num_threads (size_t num_iterations, size_t min_iterations_per_thread) |
| calculates number of threads to create based on minimum iterations per thread | |
| size_t | calculate_num_threads_pow2 (size_t num_iterations, size_t min_iterations_per_thread) |
| calculates number of threads to create based on minimum iterations per thread, guaranteed power of 2 | |
| size_t | get_num_cpus_pow2 () |
| template<typename Func > requires std::invocable<Func, std::size_t> | |
| void | parallel_for_heuristic (size_t num_points, const Func &func, size_t heuristic_cost) |
| template<typename Func , typename Accum > requires std::invocable<Func, std::size_t, Accum&> | |
| std::vector< Accum > | parallel_for_heuristic (size_t num_points, const Accum &initial_accum, const Func &func, size_t heuristic_cost) |
| parallel_for_heuristic variant that takes an accumulator initializer that is allocated in a vector, one accumulator per thread/chunk. This allows for thread-safe accumulation, see sum() or sum_pairs() in container.hpp for an easy way to combine the thread/chunk contributions into a final result. | |
| template<typename Func > requires std::invocable<Func, ThreadChunk> | |
| void | parallel_for (const Func &func) |
| TEST_F (ThreadTest, BasicParallelFor) | |
| TEST_F (ThreadTest, CalculateNumThreads) | |
| TEST_F (ThreadTest, CalculateNumThreadsPow2) | |
| TEST_F (ThreadTest, ZeroIterations) | |
| TEST_F (ThreadTest, OneIteration) | |
| TEST_F (ThreadTest, ParallelForRange) | |
| TEST_F (ThreadTest, ParallelForRangeThreshold) | |
| TEST_F (ThreadTest, HardwareConcurrency) | |
| TEST_F (ThreadTest, HardwareConcurrencyPow2) | |
| TEST_F (ThreadTest, SpawnedThreadsCanUseParallelFor) | |
| TYPED_TEST_SUITE (BatchedAffineAdditionTests, Curves) | |
| TYPED_TEST (BatchedAffineAdditionTests, Reduce) | |
| std::string | msgpack_schema_name (g1::affine_element const &) |
| template<typename B , typename base_field , typename Params > | |
| void | read (B &it, field2< base_field, Params > &value) |
| template<typename B , typename base_field , typename Params > | |
| void | write (B &buf, field2< base_field, Params > const &value) |
| template<typename B , typename Params > | |
| void | read (B &it, field< Params > &value) |
| template<typename B , typename Params > | |
| void | write (B &buf, field< Params > const &value) |
| template<typename Group , detail::DomainSeparator domain_separator, std::size_t num_generators, std::size_t starting_index = 0> | |
| constexpr std::span< const typename Group::affine_element > | get_precomputed_generators () |
| template<typename Group , detail::DomainSeparator domain_separator, std::size_t num_generators, std::size_t starting_index = 0> | |
| bool | check_precomputed_generators () |
| auto | get_unshifted_then_shifted (const auto &all_entities) |
| template<typename Tuple > | |
| constexpr size_t | compute_max_partial_relation_length () |
| Utility function to find max PARTIAL_RELATION_LENGTH tuples of Relations. | |
| template<typename Tuple > | |
| constexpr size_t | compute_number_of_subrelations () |
| Utility function to find the number of subrelations. | |
| template<typename RelationsTuple > | |
| constexpr auto | create_sumcheck_tuple_of_tuples_of_univariates () |
| Utility function to construct a container for the subrelation accumulators of sumcheck proving. | |
| template<typename RelationsTuple > | |
| constexpr auto | create_tuple_of_arrays_of_values () |
| template<typename PrecomputedCommitments , typename Transcript , VKSerializationMode SerializeMetadata> | |
| void | read (uint8_t const *&it, NativeVerificationKey_< PrecomputedCommitments, Transcript, SerializeMetadata > &vk) |
| template<typename PrecomputedCommitments , typename Transcript , VKSerializationMode SerializeMetadata> | |
| void | write (std::vector< uint8_t > &buf, NativeVerificationKey_< PrecomputedCommitments, Transcript, SerializeMetadata > const &vk) |
| template<typename Container , typename Element > | |
| std::string | flavor_get_label (Container &&container, const Element &element) |
| TYPED_TEST_SUITE (MergeTests, CurveTypes) | |
| TYPED_TEST (MergeTests, MergeProofSizeCheck) | |
| TYPED_TEST (MergeTests, SingleMerge) | |
| TYPED_TEST (MergeTests, MultipleMergesPrepend) | |
| TYPED_TEST (MergeTests, MergePrependThenAppend) | |
| TYPED_TEST (MergeTests, DegreeCheckFailurePrepend) | |
| TYPED_TEST (MergeTests, DegreeCheckFailureAppend) | |
| TYPED_TEST (MergeTests, MergeFailurePrepend) | |
| TYPED_TEST (MergeTests, MergeFailureAppend) | |
| TYPED_TEST (MergeTests, EvalFailurePrepend) | |
| TYPED_TEST (MergeTests, EvalFailureAppend) | |
| TYPED_TEST (MergeTests, DifferentTranscriptOriginTagFailure) | |
| Test that mixing values from different transcript instances causes instant failure. | |
| TEST_F (MergeTranscriptTests, ProverManifestConsistency) | |
| Ensure consistency between the hardcoded manifest and the one generated by the merge prover. | |
| TEST_F (MergeTranscriptTests, VerifierManifestConsistency) | |
| Ensure consistency between prover and verifier manifests. | |
| template<typename Builder > | |
| void | generate_sha256_test_circuit (Builder &builder, size_t num_iterations) |
| Generate a test circuit using SHA256 compression (sha256_block) | |
| template<typename Flavor > | |
| void | construct_lookup_table_polynomials (const RefArray< typename Flavor::Polynomial, 4 > &table_polynomials, const typename Flavor::CircuitBuilder &circuit) |
| Construct polynomials containing the concatenation of all lookup tables used in the circuit. | |
| template<typename Flavor > | |
| void | construct_lookup_read_counts (typename Flavor::Polynomial &read_counts, typename Flavor::Polynomial &read_tags, typename Flavor::CircuitBuilder &circuit) |
| Construct polynomial whose value at index i is the number of times the table entry at that index has been read. | |
| template<typename Flavor > | |
| void | compute_permutation_argument_polynomials (const typename Flavor::CircuitBuilder &circuit, typename Flavor::ProverPolynomials &polynomials, const std::vector< CyclicPermutation > ©_cycles) |
| Compute Honk-style permutation sigma/id polynomials and add to prover_instance, where the copy_cycles are pre-computed sets of wire addresses whose values should be copy-constrained. | |
| template<typename B , typename FF > | |
| void | read (B &buf, arithmetic_triple_< FF > &constraint) |
| template<typename B , typename FF > | |
| void | write (B &buf, arithmetic_triple_< FF > const &constraint) |
| template<typename Flavor > | |
| Flavor::FF | compute_public_input_delta (std::span< const typename Flavor::FF > public_inputs, const typename Flavor::FF &beta, const typename Flavor::FF &gamma, const typename Flavor::FF &offset=0) |
| Compute the correction term for the permutation argument. | |
| template<typename Flavor , typename GrandProdRelation > | |
| void | compute_grand_product (typename Flavor::ProverPolynomials &full_polynomials, bb::RelationParameters< typename Flavor::FF > &relation_parameters, size_t size_override=0) |
Compute a grand product polynomial, grand_product_polynomial, which for historical reasons is sometimes also called Z_perm(X). This polynomial will bear witness to some subset of: {copy constraints, multiset-equality, public inputs}. | |
| template<typename Flavor > | |
| void | compute_grand_products (typename Flavor::ProverPolynomials &full_polynomials, bb::RelationParameters< typename Flavor::FF > &relation_parameters, const size_t size_override=0) |
| Compute the grand product corresponding to each grand-product relation defined in the Flavor. | |
| template<typename FF , typename Relation , typename Polynomials , bool UseMultithreading = false> | |
| void | compute_logderivative_inverse (Polynomials &polynomials, auto &relation_parameters, const size_t circuit_size) |
Compute the inverse polynomial I(X) required for logderivative lookups
| |
| template<typename FF , typename Relation , typename ContainerOverSubrelations , typename AllEntities , typename Parameters > | |
| void | accumulate_logderivative_lookup_subrelation_contributions (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters ¶ms, const FF &scaling_factor) |
| Compute generic log-derivative lookup subrelation accumulation. | |
| template<typename FF , typename Relation , typename ContainerOverSubrelations , typename AllEntities , typename Parameters > | |
| void | accumulate_logderivative_permutation_subrelation_contributions (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters ¶ms, const FF &scaling_factor) |
| Compute generic log-derivative set permutation subrelation accumulation. | |
| template<typename Flavor > | |
| Flavor::ProverPolynomials | get_sequential_prover_polynomials (const size_t log_circuit_size, const size_t starting_value) |
| Get a ProverPolynomials instance initialized to sequential values starting at 0. | |
| template<typename Flavor > | |
| Flavor::ProverPolynomials | get_zero_prover_polynomials (const size_t log_circuit_size) |
| template<typename Fr > | |
| SharedShiftedVirtualZeroesArray< Fr > | _clone (const SharedShiftedVirtualZeroesArray< Fr > &array, size_t right_expansion=0, size_t left_expansion=0) |
| template<typename Fr > | |
| std::shared_ptr< Fr[]> | _allocate_aligned_memory (size_t n_elements) |
| template<typename Fr_ > | |
| Fr_ | _evaluate_mle (std::span< const Fr_ > evaluation_points, const SharedShiftedVirtualZeroesArray< Fr_ > &coefficients, bool shift) |
| Internal implementation to support both native and stdlib circuit field types. | |
| template<typename Fr_ > | |
| Fr_ | generic_evaluate_mle (std::span< const Fr_ > evaluation_points, const SharedShiftedVirtualZeroesArray< Fr_ > &coefficients) |
| Static exposed implementation to support both native and stdlib circuit field types. | |
| template<typename Fr > | |
| std::ostream & | operator<< (std::ostream &os, const Polynomial< Fr > &p) |
| template<typename Poly , typename... Polys> | |
| auto | zip_polys (Poly &&poly, Polys &&... polys) |
| template<typename B , class Fr , size_t domain_end> | |
| void | read (B &it, Univariate< Fr, domain_end > &univariate) |
| template<typename B , class Fr , size_t domain_end> | |
| void | write (B &it, Univariate< Fr, domain_end > const &univariate) |
| template<class Fr , size_t domain_end> | |
| Univariate< Fr, domain_end > | operator+ (const Fr &ff, const Univariate< Fr, domain_end > &uv) |
| template<class Fr , size_t domain_end> | |
| Univariate< Fr, domain_end > | operator- (const Fr &ff, const Univariate< Fr, domain_end > &uv) |
| template<class Fr , size_t domain_end> | |
| Univariate< Fr, domain_end > | operator* (const Fr &ff, const Univariate< Fr, domain_end > &uv) |
| template<class Fr , size_t domain_end> | |
| Univariate< Fr, domain_end > | operator+ (const Fr &ff, const UnivariateView< Fr, domain_end > &uv) |
| template<class Fr , size_t domain_end> | |
| Univariate< Fr, domain_end > | operator- (const Fr &ff, const UnivariateView< Fr, domain_end > &uv) |
| template<class Fr , size_t domain_end> | |
| Univariate< Fr, domain_end > | operator* (const Fr &ff, const UnivariateView< Fr, domain_end > &uv) |
| template<typename T , typename U , std::size_t N, std::size_t... Is> | |
| std::array< T, sizeof...(Is)> | array_to_array_aux (const std::array< U, N > &elements, std::index_sequence< Is... >) |
Create a sub-array of elements at the indices given in the template pack Is, converting them to the new type T. | |
| template<typename T , typename U , std::size_t N> | |
| std::array< T, N > | array_to_array (const std::array< U, N > &elements) |
| Given an std::array<U,N>, returns an std::array<T,N>, by calling the (explicit) constructor T(U). | |
| template<typename B , class Fr , size_t domain_end, bool has_a0_plus_a1> | |
| void | read (B &it, UnivariateCoefficientBasis< Fr, domain_end, has_a0_plus_a1 > &univariate) |
| template<typename B , class Fr , size_t domain_end, bool has_a0_plus_a1> | |
| void | write (B &it, UnivariateCoefficientBasis< Fr, domain_end, has_a0_plus_a1 > const &univariate) |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMBoolsRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMLookupRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMMSMRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMPointTableRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMSetRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_PERMUTATION_CLASS (ECCVMSetRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMTranscriptRelationImpl, ECCVMFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (ECCVMWnafRelationImpl, ECCVMFlavor) | |
| template<typename Relation , size_t subrelation_index> | |
| constexpr bool | subrelation_is_linearly_independent () |
| Check whether a given subrelation is linearly independent from the other subrelations. | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorDeltaRangeConstraintRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorOpcodeConstraintRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorAccumulatorTransferRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorZeroConstraintsRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorNonNativeFieldRelationImpl, TranslatorFlavor) | |
| DEFINE_SUMCHECK_RELATION_CLASS (TranslatorPermutationRelationImpl, TranslatorFlavor) | |
| std::vector< g1::affine_element > | get_bn254_g1_data (const std::filesystem::path &path, size_t num_points, bool allow_download) |
| g2::affine_element | get_bn254_g2_data (const std::filesystem::path &path, bool allow_download=true) |
| std::vector< curve::Grumpkin::AffineElement > | get_grumpkin_g1_data (const std::filesystem::path &path, size_t num_points, bool allow_download) |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMBoolsRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMLookupRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMMSMRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMPointTableRelationImpl, ECCVMRecursiveFlavor) | |
| TEST_F (EccRelationsConsistency, RecursiveToNativeConsistency) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMSetRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_PERMUTATION_CLASS (ECCVMSetRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMTranscriptRelationImpl, ECCVMRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (ECCVMWnafRelationImpl, ECCVMRecursiveFlavor) | |
| TEST_F (ECCVMRecursiveTests, SingleRecursiveVerification) | |
| TEST_F (ECCVMRecursiveTests, SingleRecursiveVerificationFailure) | |
| TEST_F (ECCVMRecursiveTests, SingleRecursiveVerificationFailureTamperedProof) | |
| TEST_F (ECCVMRecursiveTests, IndependentVKHash) | |
| TYPED_TEST_SUITE (RecursiveVeriferCommitmentKeyTest, Curves) | |
| TYPED_TEST (RecursiveVeriferCommitmentKeyTest, EqualityTest) | |
| template<typename InnerProver , typename InnerFlavor , typename ProofType > | |
| void | tamper_with_proof (InnerProver &inner_prover, ProofType &inner_proof, TamperType type) |
| Test method that provides several ways to tamper with a proof. TODO(https://github.com/AztecProtocol/barretenberg/issues/1298): Currently, several tests are failing due to challenges not being re-computed after tampering. We need to extend this tool to allow for more elaborate tampering. | |
| template<typename InnerProver , typename InnerFlavor , typename ProofType > | |
| void | tamper_with_proof (ProofType &inner_proof, bool end_of_proof) |
| Tamper with a proof by modifying the first pairing point to be P+G (where G is the generator). This keeps the point on the curve but makes the proof invalid. | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorDecompositionRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorDeltaRangeConstraintRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorOpcodeConstraintRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorAccumulatorTransferRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorZeroConstraintsRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorNonNativeFieldRelationImpl, TranslatorRecursiveFlavor) | |
| DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS (TranslatorPermutationRelationImpl, TranslatorRecursiveFlavor) | |
| TEST_F (TranslatorRecursiveTests, SingleRecursiveVerification) | |
| TEST_F (TranslatorRecursiveTests, IndependentVKHash) | |
| template<typename FF , size_t N> | |
| std::array< FF, N > | initialize_relation_separator (const FF &alpha) |
| void | check_round_provenance (const uint256_t &provenance_a, const uint256_t &provenance_b) |
| Detect if two elements from the same transcript are performing a suspicious interaction. | |
| std::ostream & | operator<< (std::ostream &os, OriginTag const &v) |
| template<bool in_circuit, typename T > | |
| void | assign_origin_tag (T &elem, const OriginTag &tag) |
| Assigns an origin tag to an element or all elements in an iterable container. | |
| template<bool in_circuit, typename T > | |
| void | check_origin_tag (T &elem, const OriginTag &tag) |
| Checks that an element or all elements in an iterable container have the expected origin tag. | |
| template<bool in_circuit, typename DataType > | |
| void | unset_free_witness_tags (std::vector< DataType > &input) |
| Unsets free witness tags on all elements in a vector. | |
| template<bool in_circuit, typename Codec , typename T > | |
| std::vector< typename Codec::DataType > | tag_and_serialize (const T &component, const OriginTag &tag) |
| Tag a component with a given origin tag and serialize it to field elements. | |
| template<typename TranscriptType > | |
| OriginTag | extract_transcript_tag (const TranscriptType &transcript) |
| Extract origin tag context from a transcript. | |
Variables | |
| const bool | avm_enabled = true |
| constexpr size_t | MIN_LOG_NUM_POINTS = 16 |
| constexpr size_t | MAX_LOG_NUM_POINTS = 20 |
| constexpr size_t | MAX_NUM_POINTS = 1 << MAX_LOG_NUM_POINTS |
| constexpr size_t | SPARSE_NUM_NONZERO = 100 |
| constexpr size_t | MIN_LOG_NUM_GRUMPKIN_POINTS = 12 |
| constexpr size_t | MAX_LOG_NUM_GRUMPKIN_POINTS = 16 |
| constexpr size_t | MAX_NUM_GRUMPKIN_POINTS = 1 << MAX_LOG_NUM_GRUMPKIN_POINTS |
| constexpr size_t | COMMITMENT_TEST_NUM_BN254_POINTS = 4096 |
| constexpr size_t | COMMITMENT_TEST_NUM_GRUMPKIN_POINTS = 1 << CONST_ECCVM_LOG_N |
| constexpr size_t | COMMITMENT_TEST_NUM_POINTS = 32 |
| CommitmentKey< Curve > | ck |
| VerifierCommitmentKey< Curve > | vk |
| constexpr size_t | PARALLEL_FOR_MAX_NESTING = 2 |
| const size_t | DEFAULT_MIN_ITERS_PER_THREAD = 1 << 4 |
| const char *const | BB_VERSION_PLACEHOLDER = "BARRETENBERG_VERSION_SENTINEL00000000.00000000.00000000" |
| constexpr size_t | BB_VERSION_SENTINEL_LEN = 29 |
| const char * | BB_VERSION = BB_VERSION_PLACEHOLDER + BB_VERSION_SENTINEL_LEN |
| constexpr uint32_t | PERMUTATION_ARGUMENT_VALUE_SEPARATOR = 1 << 28 |
| const size_t | INTERNAL_STATE_SIZE = 32 |
| Constant defining the number of elements in the VM's internal state. | |
| const size_t | SETTINGS_SIZE = sizeof(VMSettings) |
| const size_t | INSTRUCTION_HEADER_SIZE = 1 |
| Size of instruction header in bytes. | |
| const size_t | INDEX_SIZE = 1 |
| Size of index field in bytes. | |
| const size_t | SET_VALUE_SIZE |
| Size of SET_VALUE instruction. | |
| const size_t | ADD_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of ADD instruction. | |
| const size_t | ADD_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of ADD_ASSIGN instruction. | |
| const size_t | INCREMENT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of INCREMENT instruction. | |
| const size_t | MUL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of MUL instruction. | |
| const size_t | MUL_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of MUL_ASSIGN instruction. | |
| const size_t | SUB_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of SUB instruction. | |
| const size_t | SUB_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of SUB_ASSIGN instruction. | |
| const size_t | DIV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
| Size of DIV instruction. | |
| const size_t | DIV_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of DIV_ASSIGN instruction. | |
| const size_t | INV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of INV instruction. | |
| const size_t | NEG_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of NEG instruction. | |
| const size_t | SQR_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of SQR instruction. | |
| const size_t | SQR_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of SQR_ASSIGN instruction. | |
| const size_t | POW_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 + sizeof(uint64_t) |
| Size of POW instruction. | |
| const size_t | SQRT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of SQRT instruction. | |
| const size_t | IS_ZERO_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of IS_ZERO instruction. | |
| const size_t | EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of EQUAL instruction. | |
| const size_t | NOT_EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of NOT_EQUAL instruction. | |
| const size_t | TO_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of TO_MONTGOMERY instruction. | |
| const size_t | FROM_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of FROM_MONTGOMERY instruction. | |
| const size_t | REDUCE_ONCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
| Size of REDUCE_ONCE instruction. | |
| const size_t | SELF_REDUCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
| Size of SELF_REDUCE instruction. | |
| const size_t | BATCH_INVERT_SIZE |
| Size of BATCH_INVERT instruction. | |
| template<typename T > | |
| constexpr bool | is_field_type_v = is_field_type<T>::value |
| constexpr uint32_t | NUM_DATABUS_COMMITMENTS = 2 |
| constexpr uint32_t | PROPAGATED_DATABUS_COMMITMENT_SIZE = 8 |
| constexpr uint32_t | PROPAGATED_DATABUS_COMMITMENTS_SIZE = PROPAGATED_DATABUS_COMMITMENT_SIZE * NUM_DATABUS_COMMITMENTS |
| std::atomic< size_t > | unique_transcript_index { 0 } |
Entry point for Barretenberg command-line interface.
This file contains the implementation of field-agnostic UltraCircuitBuilder class that defines the logic of ultra-style circuits and is intended for the use in UltraHonk.
Defines particular circuit builder types expected to be used for circuit construction in stdlib and contains macros for explicit instantiation.
Note, this file contains the definitions. of field2 class. Declarations are in field2_declarations.hpp. Include ordering ensures linter/language server has knowledge of declarations when parsing definitions.
Provides interfaces for different PCS 'VerificationKey' classes.
Reduces multiple claims about commitments, each opened at a single point into a single claim for a single polynomial opened at a single point.
Protocol for opening several multi-linear polynomials at the same point.
Provides interfaces for different 'CommitmentKey' classes.
This function encapsulates the CLI parsing and command execution logic that would typically be in main.cpp, but as a standalone function. This design allows the CLI functionality to be tested by other modules without having to execute the program through its actual main() function.
The function sets up all available commands and options, parses the provided arguments, and executes the appropriate command based on the user's input. It handles all supported operations including circuit checking, proving, verification, and various utility functions.
| argc | The argument count |
| argv | The argument values array |
TODO(#218)(Mara): This class should handle any modification to the SRS (e.g compute pippenger point table) to simplify the codebase.
m = number of variables n = 2ᵐ u = (u₀,...,uₘ₋₁) f₀, …, fₖ₋₁ = multilinear polynomials, g₀, …, gₕ₋₁ = shifted multilinear polynomial, Each gⱼ is the left-shift of some f↺ᵢ, and gⱼ points to the same memory location as fᵢ. v₀, …, vₖ₋₁, v↺₀, …, v↺ₕ₋₁ = multilinear evalutions s.t. fⱼ(u) = vⱼ, and gⱼ(u) = f↺ⱼ(u) = v↺ⱼ
We use a challenge ρ to create a random linear combination of all fⱼ, and actually define A₀ = F + G↺, where F = ∑ⱼ ρʲ fⱼ G = ∑ⱼ ρᵏ⁺ʲ gⱼ, G↺ = is the shift of G where fⱼ is normal, and gⱼ is shifted. The evaluations are also batched, and v = ∑ ρʲ⋅vⱼ + ∑ ρᵏ⁺ʲ⋅v↺ⱼ = F(u) + G↺(u)
The prover then creates the folded polynomials A₀, ..., Aₘ₋₁, and opens them at different points, as univariates.
We open A₀ as univariate at r and -r. Since A₀ = F + G↺, but the verifier only has commitments to the gⱼs, we need to partially evaluate A₀ at both evaluation points. As univariate, we have A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X So we define
m = number of variables n = 2ᵐ u = (u₀,...,uₘ₋₁) f₀, …, fₖ₋₁ = multilinear polynomials, g₀, …, gₕ₋₁ = shifted multilinear polynomial, Each gⱼ is the left-shift of some f↺ᵢ, and gⱼ points to the same memory location as fᵢ. v₀, …, vₖ₋₁, v↺₀, …, v↺ₕ₋₁ = multilinear evalutions s.t. fⱼ(u) = vⱼ, and gⱼ(u) = f↺ⱼ(u) = v↺ⱼ
We use a challenge ρ to create a random linear combination of all fⱼ, and actually define A₀ = F + G↺, where F = ∑ⱼ ρʲ fⱼ G = ∑ⱼ ρᵏ⁺ʲ gⱼ, G↺ = is the shift of G where fⱼ is normal, and gⱼ is shifted. The evaluations are also batched, and v = ∑ ρʲ⋅vⱼ + ∑ ρᵏ⁺ʲ⋅v↺ⱼ = F(u) + G↺(u)
The prover then creates the folded polynomials A₀, ..., Aₘ₋₁, and opens them at different points, as univariates.
We open A₀ as univariate at r and -r. Since A₀ = F + G↺, but the verifier only has commitments to the gⱼs, we need to partially evaluate A₀ at both evaluation points. As univariate, we have A₀(X) = F(X) + G↺(X) = F(X) + G(X)/X So we define
We use the following terminology:
The challenges are ρ (batching) and r (random evaluation).
There's a lot to talk about here. To bring threading to WASM, parallel_for was written to replace the OpenMP loops we had scattered throughout our code. It provides a clean abstraction for the work division strategy we use (we used OMP's"#pragma omp parallel for</tt> everywhere).
The first implementation was <tt>parallel_for_spawning</tt>. You can read a description of each implementation in the
relevant source file, but parallel_for_spawning is the simplest approach imaginable.
Once WASM was working, I checked its performance in native code by running it against the polynomials benchmarks.
In doing so, OMP outperformed it significantly (at least for FFT algorithms). This set me on a course to try
and understand why and to provide a suitable alternative. Ultimately I found solutions that compared to OMP with
"moody" and "atomic_pool" solutions, although they were not <em>quite</em> as fast as OMP. However interestingly, when it
comes to actual "real world" testing (with proof construction), rather than raw benchmarking, most of the solutions
performed about the same, with OMP <em>actually slightly worse</em>. So maybe all this effort was a bit redundant.
Remember to always do real world testing...
My theory as to why OMP performs so much better in benchmarks is because it runs the tests in a very tight loop,
and OMP seems well designed to handle this. It actually looks like OMP consumes more cpu time in htop, and this
maybe due to aggressive spin-locking and may explain why it performs well in these scenarios.
My theory as to why spawning seems to counter-intuitively perform so well, is that spawning a new thread may actually
be cheaper than waking a sleeping thread. Or joining is somehow very efficient. Or it's because there's very low
other overhead. Or libc++ STL does some magic. Ok, that's not much of a theory...
Ultimately though the takeaway is as follows:
- OMP maybe preferable when running benchmarks if you want to check for that kind of "optimal linear scaling".
Although, if we want to get rid of OMP altogether, "atomic_pool" is a simple solution that seems to compare.
- The simplest "spawning" is probably best used everywhere else, and frees us from needing OMP to build the lib.
UPDATE!: So although spawning is simple and fast, due to unstable pthreads in wasi-sdk that causes hangs when
joining threads, we use "atomic_pool" by default. We may just wish to revert to spawning once it stablises.
UPDATE!: Interestingly "atomic_pool" performs worse than "mutex_pool" for some e.g. proving key construction. Haven't done deeper analysis. Defaulting to mutex_pool.
This file is designed to be included in header files to instruct the compiler that these classes exist and their instantiation will eventually take place. Given it has no dependencies, it causes no additional compilation or propagation.
| using bb::AggregationState = typedef stdlib::recursion::PairingPoints<UltraCircuitBuilder> |
Definition at line 26 of file ultra_honk.test.hpp.
| using bb::arithmetic_triple = typedef arithmetic_triple_<bb::fr> |
Definition at line 69 of file gate_data.hpp.
| using bb::ArithmeticRelation = typedef Relation<ArithmeticRelationImpl<FF> > |
Definition at line 114 of file ultra_arithmetic_relation.hpp.
| using bb::ArrayOfValues = typedef HomogeneousTupleToArray<TupleOfValues<FF, LENGTHS> > |
Definition at line 42 of file nested_containers.hpp.
| using bb::BarycentricData = typedef std::conditional_t<is_field_type_v<Fr>, BarycentricDataCompileTime<Fr, domain_end, num_evals>, BarycentricDataRunTime<Fr, domain_end, num_evals> > |
Exposes BarycentricData with compile time arrays if the type is bberg::field and runtime arrays otherwise.
This method is also needed for stdlib field, for which the arrays are not compile time computable
| Fr | |
| domain_end | |
| num_evals |
Definition at line 268 of file barycentric.hpp.
| using bb::CommitmentSchemeParams = typedef ::testing::Types<curve::BN254> |
Definition at line 303 of file commitment_key.test.hpp.
| typedef curve::BN254 bb::Curve |
Definition at line 19 of file ipa.fuzzer.cpp.
| typedef testing::Types< stdlib::grumpkin< UltraCircuitBuilder >, stdlib::grumpkin< MegaCircuitBuilder > > bb::Curves |
Definition at line 23 of file batched_affine_addition.test.cpp.
| typedef::testing::Types< curve::BN254, stdlib::bn254< MegaCircuitBuilder >, stdlib::bn254< UltraCircuitBuilder > > bb::CurveTypes |
Definition at line 17 of file shplonk.test.cpp.
| using bb::CyclicPermutation = typedef std::vector<cycle_node> |
Definition at line 111 of file permutation_lib.hpp.
| using bb::DataBus = typedef std::array<BusVector, 3> |
The DataBus; facilitates storage of public circuit input/output.
The DataBus is designed to facilitate efficient transfer of large amounts of public data between circuits. It is expected that only a small subset of the data being passed needs to be used in any single circuit, thus we provide a read mechanism (implemented through a Builder) that results in prover work proportional to only the data that is used. (The prover must still commit to all data in each bus vector but we do not need to hash all data in-circuit as we would with public inputs).
Definition at line 76 of file databus.hpp.
| using bb::DatabusLookupRelation = typedef Relation<DatabusLookupRelationImpl<FF> > |
Definition at line 381 of file databus_lookup_relation.hpp.
| using bb::DeltaRangeConstraintRelation = typedef Relation<DeltaRangeConstraintRelationImpl<FF> > |
Definition at line 98 of file delta_range_constraint_relation.hpp.
| using bb::DependentTestRelation = typedef Relation<DependentTestRelationImpl<FF> > |
Definition at line 100 of file sumcheck_test_flavor.hpp.
| using bb::EccOpQueueRelation = typedef Relation<EccOpQueueRelationImpl<FF> > |
Definition at line 118 of file ecc_op_queue_relation.hpp.
| using bb::ECCVMBoolsRelation = typedef Relation<ECCVMBoolsRelationImpl<FF> > |
Definition at line 37 of file ecc_bools_relation.hpp.
| using bb::ECCVMLookupRelation = typedef Relation<ECCVMLookupRelationImpl<FF> > |
Definition at line 249 of file ecc_lookup_relation.hpp.
| using bb::ECCVMMSMRelation = typedef Relation<ECCVMMSMRelationImpl<FF> > |
Definition at line 57 of file ecc_msm_relation.hpp.
| using bb::EccvmOpsTable = typedef EccOpsTable<ECCVMOperation> |
A VM operation is represented as one row with 6 columns in the ECCVM version of the Op Queue. | OP | X | Y | z_1 | z_2 | mul_scalar_full |.
Definition at line 206 of file ecc_ops_table.hpp.
| using bb::ECCVMPointTableRelation = typedef Relation<ECCVMPointTableRelationImpl<FF> > |
Definition at line 37 of file ecc_point_table_relation.hpp.
| using bb::ECCVMRecursiveVerifier = typedef ECCVMVerifier_<ECCVMRecursiveFlavor> |
Definition at line 105 of file eccvm_verifier.hpp.
| using bb::ECCVMSetRelation = typedef Relation<ECCVMSetRelationImpl<FF> > |
Definition at line 75 of file ecc_set_relation.hpp.
| using bb::ECCVMTranscriptRelation = typedef Relation<ECCVMTranscriptRelationImpl<FF> > |
Definition at line 62 of file ecc_transcript_relation.hpp.
| using bb::ECCVMVerifier = typedef ECCVMVerifier_<ECCVMFlavor> |
Definition at line 104 of file eccvm_verifier.hpp.
| using bb::ECCVMWnafRelation = typedef Relation<ECCVMWnafRelationImpl<FF> > |
Definition at line 58 of file ecc_wnaf_relation.hpp.
| using bb::EllipticRelation = typedef Relation<EllipticRelationImpl<FF> > |
Definition at line 151 of file elliptic_relation.hpp.
| using bb::evaluation_domain = typedef EvaluationDomain<bb::fr> |
Definition at line 76 of file evaluation_domain.hpp.
| using bb::ExtractValueType = typedef ValueType |
Definition at line 30 of file nested_containers.hpp.
| using bb::fq = typedef field<Bn254FqParams> |
| using bb::fr = typedef field<Bn254FrParams> |
| using bb::GenericLookup = typedef GenericLookupRelationImpl<Settings, FF> |
Definition at line 477 of file generic_lookup_relation.hpp.
| using bb::GenericLookupRelation = typedef Relation<GenericLookupRelationImpl<Settings, FF> > |
Definition at line 475 of file generic_lookup_relation.hpp.
| using bb::GenericPermutation = typedef GenericPermutationRelationImpl<Settings, FF> |
Definition at line 226 of file generic_permutation_relation.hpp.
| using bb::GenericPermutationRelation = typedef Relation<GenericPermutationRelationImpl<Settings, FF> > |
Definition at line 224 of file generic_permutation_relation.hpp.
| using bb::HomogeneousTupleToArray = typedef std::array<std::tuple_element_t<0, Tuple>, std::tuple_size_v<Tuple> > |
Definition at line 33 of file nested_containers.hpp.
| using bb::HonkProof = typedef std::vector<fr> |
| using bb::IpaCommitmentSchemeParams = typedef ::testing::Types<curve::Grumpkin> |
Definition at line 304 of file commitment_key.test.hpp.
| using bb::KeccakTranscript = typedef BaseTranscript<U256Codec, bb::crypto::Keccak> |
Definition at line 489 of file transcript.hpp.
| using bb::LogDerivLookupRelation = typedef Relation<LogDerivLookupRelationImpl<FF> > |
Definition at line 305 of file logderiv_lookup_relation.hpp.
| typedef MegaCircuitBuilder_< bb::fr > bb::MegaCircuitBuilder |
Definition at line 26 of file circuit_builders_fwd.hpp.
| using bb::MegaOinkProver = typedef OinkProver<MegaFlavor> |
Definition at line 78 of file oink_prover.hpp.
| using bb::MegaProver = typedef UltraProver_<MegaFlavor> |
Definition at line 84 of file ultra_prover.hpp.
| using bb::MegaStdlibTranscript = typedef BaseTranscript<stdlib::StdlibCodec<stdlib::field_t<MegaCircuitBuilder> >, stdlib::poseidon2<MegaCircuitBuilder> > |
Definition at line 495 of file transcript.hpp.
| using bb::MegaVerifier = typedef UltraVerifier_<MegaFlavor> |
Definition at line 62 of file ultra_verifier.hpp.
| using bb::MegaZKProver = typedef UltraProver_<MegaZKFlavor> |
Definition at line 85 of file ultra_prover.hpp.
| using bb::MegaZKVerifier = typedef UltraVerifier_<MegaZKFlavor> |
Definition at line 63 of file ultra_verifier.hpp.
| using bb::MemoryRelation = typedef Relation<MemoryRelationImpl<FF> > |
Definition at line 278 of file memory_relation.hpp.
| using bb::MergeVerifier = typedef MergeVerifier_<curve::BN254> |
Definition at line 118 of file merge_verifier.hpp.
| using bb::MultilinearBatchingAccumulatorRelation = typedef Relation<MultilinearBatchingAccumulatorRelationImpl<FF> > |
Definition at line 108 of file multilinear_batching_relation.hpp.
| using bb::MultilinearBatchingInstanceRelation = typedef Relation<MultilinearBatchingInstanceRelationImpl<FF> > |
Definition at line 106 of file multilinear_batching_relation.hpp.
| using bb::NativeTranscript = typedef BaseTranscript<FrCodec, bb::crypto::Poseidon2<bb::crypto::Poseidon2Bn254ScalarFieldParams> > |
Definition at line 488 of file transcript.hpp.
| using bb::NonNativeFieldRelation = typedef Relation<NonNativeFieldRelationImpl<FF> > |
Definition at line 151 of file non_native_field_relation.hpp.
| using bb::Poseidon2ExternalRelation = typedef Relation<Poseidon2ExternalRelationImpl<FF> > |
Definition at line 163 of file poseidon2_external_relation.hpp.
| using bb::Poseidon2InternalRelation = typedef Relation<Poseidon2InternalRelationImpl<FF> > |
Definition at line 165 of file poseidon2_internal_relation.hpp.
| using bb::PublicInputsVector = typedef std::vector<fr> |
| using bb::StdlibPublicInputsVector = typedef std::vector<bb::stdlib::field_t<Builder> > |
| using bb::StdlibTranscript = typedef BaseTranscript<stdlib::StdlibCodec<stdlib::field_t<Builder> >, stdlib::poseidon2<Builder> > |
Definition at line 492 of file transcript.hpp.
| using bb::SumcheckTestFlavor = typedef SumcheckTestFlavor_<curve::BN254, false, true> |
Base test flavor (BN254, non-ZK, short monomials)
Most common configuration for basic sumcheck testing
Definition at line 337 of file sumcheck_test_flavor.hpp.
| using bb::SumcheckTestFlavorFullBary = typedef SumcheckTestFlavor_<curve::BN254, false, false> |
Full barycentric extension variant.
Tests full extension to MAX_PARTIAL_RELATION_LENGTH (USE_SHORT_MONOMIALS = false)
Definition at line 349 of file sumcheck_test_flavor.hpp.
| typedef SumcheckTestFlavor_< curve::Grumpkin, true, true > bb::SumcheckTestFlavorGrumpkinZK |
Grumpkin ZK variant.
Tests ZK sumcheck over the Grumpkin curve (used in ECCVM/IVC)
Definition at line 356 of file sumcheck_test_flavor.hpp.
| using bb::SumcheckTestFlavorZK = typedef SumcheckTestFlavor_<curve::BN254, true, true> |
Zero-knowledge variant.
Tests sumcheck with masking (HasZK = true)
Definition at line 343 of file sumcheck_test_flavor.hpp.
| using bb::SumcheckTestFlavorZKFullBary = typedef SumcheckTestFlavor_<curve::BN254, true, false> |
ZK + Full barycentric combination.
Tests both ZK and full barycentric extension together
Definition at line 362 of file sumcheck_test_flavor.hpp.
| using bb::TestFlavors = typedef ::testing::Types<BN254Settings, GrumpkinSettings> |
Definition at line 47 of file small_subgroup_ipa.test.cpp.
| using bb::TestSettings = typedef ::testing::Types<BN254Settings, GrumpkinSettings> |
Definition at line 40 of file shplemini.test.cpp.
| using bb::TranscriptFor_t = typedef typename TranscriptFor<Curve>::type |
Definition at line 510 of file transcript.hpp.
| using bb::TranslatorAccumulatorTransferRelation = typedef Relation<TranslatorAccumulatorTransferRelationImpl<FF> > |
Definition at line 222 of file translator_extra_relations.hpp.
| using bb::TranslatorDecompositionRelation = typedef Relation<TranslatorDecompositionRelationImpl<FF> > |
Definition at line 105 of file translator_decomposition_relation.hpp.
| using bb::TranslatorDeltaRangeConstraintRelation = typedef Relation<TranslatorDeltaRangeConstraintRelationImpl<FF> > |
Definition at line 57 of file translator_delta_range_constraint_relation.hpp.
| using bb::TranslatorNonNativeFieldRelation = typedef Relation<TranslatorNonNativeFieldRelationImpl<FF> > |
Definition at line 101 of file translator_non_native_field_relation.hpp.
| using bb::TranslatorOpcodeConstraintRelation = typedef Relation<TranslatorOpcodeConstraintRelationImpl<FF> > |
Definition at line 219 of file translator_extra_relations.hpp.
| using bb::TranslatorPermutationRelation = typedef Relation<TranslatorPermutationRelationImpl<FF> > |
Definition at line 112 of file translator_permutation_relation.hpp.
| using bb::TranslatorZeroConstraintsRelation = typedef Relation<TranslatorZeroConstraintsRelationImpl<FF> > |
Definition at line 224 of file translator_extra_relations.hpp.
| using bb::TupleOfUnivariates = typedef typename TupleOfContainersOverArray<bb::Univariate, FF, LENGTHS>::type |
Definition at line 37 of file nested_containers.hpp.
| using bb::TupleOfValues = typedef typename TupleOfContainersOverArray<ExtractValueType, FF, LENGTHS>::type |
Definition at line 40 of file nested_containers.hpp.
Definition at line 24 of file circuit_builders_fwd.hpp.
| using bb::UltraKeccakProver = typedef UltraProver_<UltraKeccakFlavor> |
Definition at line 78 of file ultra_prover.hpp.
| using bb::UltraKeccakVerifier = typedef UltraVerifier_<UltraKeccakFlavor> |
Definition at line 58 of file ultra_verifier.hpp.
| using bb::UltraKeccakZKProver = typedef UltraProver_<UltraKeccakZKFlavor> |
Definition at line 83 of file ultra_prover.hpp.
| using bb::UltraPermutationRelation = typedef Relation<UltraPermutationRelationImpl<FF> > |
Definition at line 205 of file permutation_relation.hpp.
| using bb::UltraProver = typedef UltraProver_<UltraFlavor> |
Definition at line 76 of file ultra_prover.hpp.
| using bb::UltraRollupVerifier = typedef UltraVerifier_<UltraRollupFlavor> |
Definition at line 57 of file ultra_verifier.hpp.
| using bb::UltraStdlibTranscript = typedef BaseTranscript<stdlib::StdlibCodec<stdlib::field_t<UltraCircuitBuilder> >, stdlib::poseidon2<UltraCircuitBuilder> > |
Definition at line 493 of file transcript.hpp.
| using bb::UltraVerifier = typedef UltraVerifier_<UltraFlavor> |
Definition at line 56 of file ultra_verifier.hpp.
| using bb::UltraZKProver = typedef UltraProver_<UltraZKFlavor> |
Definition at line 77 of file ultra_prover.hpp.
|
strong |
| Enumerator | |
|---|---|
| ABORT | |
| WARN | |
Definition at line 15 of file assert.hpp.
|
strong |
| Enumerator | |
|---|---|
| CALLDATA | |
| SECONDARY_CALLDATA | |
| RETURNDATA | |
Definition at line 77 of file databus.hpp.
|
strong |
| Enumerator | |
|---|---|
| STANDARD | |
| ULTRA | |
| UNDEFINED | |
Definition at line 12 of file circuit_type.hpp.
| enum bb::CurveType |
Specifies positions of elements in the tuple of entities received from methods in the Settings class.
| Enumerator | |
|---|---|
| INVERSE_POLYNOMIAL_INDEX | |
| FIRST_PERMUTATION_SET_ENABLE_POLYNOMIAL_INDEX | |
| SECOND_PERMUTATION_SET_ENABLE_POLYNOMIAL_INDEX | |
| PERMUTATION_SETS_START_POLYNOMIAL_INDEX | |
Definition at line 28 of file generic_permutation_relation.hpp.
|
strong |
Enumeration of VM instructions that can be executed.
Each instruction corresponds to a specific field arithmetic operation. The VM parses these instructions from input data and executes them sequentially.
Definition at line 76 of file field.fuzzer.hpp.
| enum bb::MergeSettings |
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at the end (APPEND) of the EccOpQueue.
| Enumerator | |
|---|---|
| PREPEND | |
| APPEND | |
Definition at line 21 of file ecc_ops_table.hpp.
|
strong |
| Enumerator | |
|---|---|
| MODIFY_SUMCHECK_UNIVARIATE | |
| MODIFY_SUMCHECK_EVAL | |
| MODIFY_Z_PERM_COMMITMENT | |
| MODIFY_GEMINI_WITNESS | |
| END | |
Definition at line 14 of file tamper_proof.hpp.
|
strong |
Enum to control verification key metadata serialization.
| Enumerator | |
|---|---|
| FULL | |
| NO_METADATA | |
Definition at line 104 of file flavor.hpp.
Definition at line 429 of file polynomial.hpp.
| SharedShiftedVirtualZeroesArray< Fr > bb::_clone | ( | const SharedShiftedVirtualZeroesArray< Fr > & | array, |
| size_t | right_expansion = 0, |
||
| size_t | left_expansion = 0 |
||
| ) |
Definition at line 31 of file polynomial.cpp.
| Fr_ bb::_evaluate_mle | ( | std::span< const Fr_ > | evaluation_points, |
| const SharedShiftedVirtualZeroesArray< Fr_ > & | coefficients, | ||
| bool | shift | ||
| ) |
Internal implementation to support both native and stdlib circuit field types.
Instantiation with circuit field type is always called with shift == false
Definition at line 440 of file polynomial.hpp.
| std::pair< Chonk::Proof, Chonk::VerificationKey > bb::accumulate_and_prove_with_precomputed_vks | ( | size_t | num_app_circuits, |
| auto & | precomputed_vks, | ||
| const bool | large_first_app = true |
||
| ) |
Perform a specified number of circuit accumulation rounds.
| NUM_CIRCUITS | Number of circuits to accumulate (apps + kernels) |
Definition at line 21 of file test_bench_shared.hpp.
| void bb::accumulate_logderivative_lookup_subrelation_contributions | ( | ContainerOverSubrelations & | accumulator, |
| const AllEntities & | in, | ||
| const Parameters & | params, | ||
| const FF & | scaling_factor | ||
| ) |
Compute generic log-derivative lookup subrelation accumulation.
The generic log-derivative lookup relation consistes of two subrelations. The first demonstrates that the inverse polynomial I, defined via I_i = 1/[(read_term_i) * (write_term_i)], has been computed correctly. The second establishes the correctness of the lookups themselves based on the log-derivative lookup argument. Note that the latter subrelation is "linearly dependent" in the sense that it establishes that a sum across all rows of the exectution trace is zero, rather than that some expression holds independently at each row. Accordingly, this subrelation is not multiplied by a scaling factor at each accumulation step. The subrelation expressions are respectively:
I_i * (read_term_i) * (write_term_i) - 1 = 0
\sum_{i=0}^{n-1} [q_{logderiv_lookup} * I_i * write_term_i + read_count_i * I_i * read_term_i] = 0
The explicit expressions for read_term and write_term are dependent upon the particular structure of the lookup being performed and methods for computing them must be defined in the corresponding relation class.
| FF | |
| Relation | |
| ContainerOverSubrelations | |
| AllEntities | |
| Parameters |
| accumulator | |
| in | |
| params | |
| scaling_factor |
Definition at line 117 of file logderivative_library.hpp.
| void bb::accumulate_logderivative_permutation_subrelation_contributions | ( | ContainerOverSubrelations & | accumulator, |
| const AllEntities & | in, | ||
| const Parameters & | params, | ||
| const FF & | scaling_factor | ||
| ) |
Compute generic log-derivative set permutation subrelation accumulation.
The generic log-derivative lookup relation consistes of two subrelations. The first demonstrates that the inverse polynomial I, defined via I = 1/[(read_term) * (write_term)], has been computed correctly. The second establishes the correctness of the permutation itself based on the log-derivative argument. Note that the latter subrelation is "linearly dependent" in the sense that it establishes that a sum across all rows of the execution trace is zero, rather than that some expression holds independently at each row. Accordingly, this subrelation is not multiplied by a scaling factor at each accumulation step. The subrelation expressions are respectively:
I * (read_term) * (write_term) - q_{permutation_enabler} = 0
\sum_{i=0}^{n-1} [q_{write_enabler} * I * write_term + q_{read_enabler} * I * read_term] = 0
The explicit expressions for read_term and write_term are dependent upon the particular structure of the permutation being performed and methods for computing them must be defined in the corresponding relation class. The entities which are used to determine the use of permutation (is it enabled, is the first "read" set enabled, is the second "write" set enabled) must be defined in the relation class.
| FF | |
| Relation | |
| ContainerOverSubrelations | |
| AllEntities | |
| Parameters |
| accumulator | |
| in | |
| params | |
| scaling_factor |
Definition at line 213 of file logderivative_library.hpp.
| std::array< T, N > bb::array_to_array | ( | const std::array< U, N > & | elements | ) |
Given an std::array<U,N>, returns an std::array<T,N>, by calling the (explicit) constructor T(U).
https://stackoverflow.com/a/32175958 The main use case is to convert an array of Univariate into UnivariateView. The main use case would be to let Sumcheck decide the required degree of the relation evaluation, rather than hardcoding it inside the relation. The _aux version could also be used to create an array of only the polynomials required by the relation, and it could help us implement the optimization where we extend each edge only up to the maximum degree that is required over all relations (for example, L_LAST only needs degree 3).
| T | Output type |
| U | Input type (deduced from elements) |
| N | Common array size (deduced from elements) |
| elements | array to be converted |
Definition at line 759 of file univariate.hpp.
| std::array< T, sizeof...(Is)> bb::array_to_array_aux | ( | const std::array< U, N > & | elements, |
| std::index_sequence< Is... > | |||
| ) |
Create a sub-array of elements at the indices given in the template pack Is, converting them to the new type T.
| T | type to convert to |
| U | type to convert from |
| N | number (deduced by elements) |
| Is | list of indices we want in the returned array. When the second argument is called with std::make_index_sequence<N>, these will be 0, 1, ..., N-1. |
| elements | array to convert from |
std::make_index_sequence<N>. Definition at line 737 of file univariate.hpp.
| void bb::assert_failure | ( | std::string const & | err | ) |
Definition at line 11 of file assert.cpp.
|
inline |
Assigns an origin tag to an element or all elements in an iterable container.
Only operates when in_circuit is true
| in_circuit | Whether the transcript is in-circuit mode |
| T | The type of the element to tag (can be a single element or container) |
| elem | The element or container to assign the tag to |
| tag | The origin tag to assign |
Definition at line 220 of file origin_tag.hpp.
| void bb::avm_check_circuit | ( | const std::filesystem::path & | inputs_path | ) |
Stub - throws runtime error if called.
Definition at line 53 of file api_avm.cpp.
| void bb::avm_prove | ( | const std::filesystem::path & | inputs_path, |
| const std::filesystem::path & | output_path | ||
| ) |
Writes an avm proof and corresponding (incomplete) verification key to files.
Stub - throws runtime error if called.
Communication:
| inputs_path | Path to the file containing the serialised avm public inputs and hints |
| output_path | Path (directory) to write the output proof and verification keys |
Definition at line 30 of file api_avm.cpp.
| void bb::avm_simulate | ( | const std::filesystem::path & | inputs_path | ) |
Simulates an public transaction.
Stub - throws runtime error if called.
| inputs_path | Path to the file containing the serialised avm inputs |
Definition at line 81 of file api_avm.cpp.
| bool bb::avm_verify | ( | const std::filesystem::path & | proof_path, |
| const std::filesystem::path & | public_inputs_path, | ||
| const std::filesystem::path & | vk_path | ||
| ) |
Verifies an avm proof and writes the result to stdout.
Stub - throws runtime error if called.
Communication:
| proof_path | Path to the file containing the serialized proof |
| vk_path | Path to the file containing the serialized verification key |
Definition at line 65 of file api_avm.cpp.
| void bb::avm_write_verification_key | ( | const std::filesystem::path & | output_path | ) |
Writes an avm (incomplete) verification key to a file.
Stub - throws runtime error if called.
Communication:
| output_path | Path (directory) to write the output verification key |
Definition at line 93 of file api_avm.cpp.
| void bb::bench_commit_mock_z_perm | ( | ::benchmark::State & | state | ) |
Definition at line 218 of file commit.bench.cpp.
| void bb::bench_commit_random | ( | ::benchmark::State & | state | ) |
Definition at line 178 of file commit.bench.cpp.
| void bb::bench_commit_random_non_power_of_2 | ( | ::benchmark::State & | state | ) |
Definition at line 192 of file commit.bench.cpp.
| void bb::bench_commit_sparse | ( | ::benchmark::State & | state | ) |
Definition at line 108 of file commit.bench.cpp.
| void bb::bench_commit_sparse_preprocessed | ( | ::benchmark::State & | state | ) |
Definition at line 127 of file commit.bench.cpp.
| void bb::bench_commit_sparse_random | ( | ::benchmark::State & | state | ) |
Definition at line 146 of file commit.bench.cpp.
| void bb::bench_commit_sparse_random_preprocessed | ( | ::benchmark::State & | state | ) |
Definition at line 162 of file commit.bench.cpp.
| void bb::bench_commit_structured_random_poly | ( | ::benchmark::State & | state | ) |
Definition at line 205 of file commit.bench.cpp.
| void bb::bench_commit_zero | ( | ::benchmark::State & | state | ) |
Definition at line 96 of file commit.bench.cpp.
| void bb::bench_pippenger_without_endomorphism_basis_points | ( | ::benchmark::State & | state | ) |
Benchmark pippenger_without_endomorphism_basis_points function, which is used notably in the IPA verifier.
| Curve |
| state |
Definition at line 240 of file commit.bench.cpp.
| bb::BENCHMARK | ( | bench_commit_mock_z_perm< curve::BN254 > | ) | -> Unit(benchmark::kMillisecond) |
| bb::BENCHMARK | ( | bench_commit_structured_random_poly< curve::BN254 > | ) | -> Unit(benchmark::kMillisecond) |
| size_t bb::calculate_num_threads | ( | size_t | num_iterations, |
| size_t | min_iterations_per_thread | ||
| ) |
calculates number of threads to create based on minimum iterations per thread
Finds the number of cpus with get_num_cpus(), and calculates desired_num_threads Returns the min of desired_num_threads and max_num_threads. Note that it will not calculate a power of 2 necessarily, use calculate_num_threads_pow2 instead
| num_iterations | |
| min_iterations_per_thread |
Finds the number of cpus with get_num_cpus(), and calculates desired_num_threads Returns the min of desired_num_threads and max_num_theads. Note that it will not calculate a power of 2 necessarily, use calculate_num_threads_pow2 instead
| num_iterations | |
| min_iterations_per_thread |
Definition at line 238 of file thread.cpp.
| size_t bb::calculate_num_threads_pow2 | ( | size_t | num_iterations, |
| size_t | min_iterations_per_thread | ||
| ) |
calculates number of threads to create based on minimum iterations per thread, guaranteed power of 2
Same functionality as calculate_num_threads but guaranteed power of 2
| num_iterations | |
| min_iterations_per_thread |
Definition at line 254 of file thread.cpp.
| MultithreadData bb::calculate_thread_data | ( | size_t | num_iterations, |
| size_t | min_iterations_per_thread = DEFAULT_MIN_ITERS_PER_THREAD |
||
| ) |
Calculates number of threads and index bounds for each thread.
Finds the number of cpus with calculate_num_threads() then divides domain evenly amongst threads
| num_iterations | |
| min_iterations_per_thread |
Definition at line 212 of file thread.cpp.
|
inline |
Checks that an element or all elements in an iterable container have the expected origin tag.
Only operates when in_circuit is true
| in_circuit | Whether the transcript is in-circuit mode |
| T | The type of the element to check (can be a single element or container) |
| elem | The element or container to check |
| tag | The expected origin tag |
Definition at line 241 of file origin_tag.hpp.
|
inline |
Definition at line 63 of file precomputed_generators.hpp.
Detect if two elements from the same transcript are performing a suspicious interaction.
For now this detects that 2 elements from 2 different round can't mingle without a challenge in between
| provenance_a | Round provenance of first element |
| provenance_b | Round provenance of second element |
Definition at line 23 of file origin_tag.cpp.
| void bb::chonk_gate_count | ( | const std::string & | bytecode_path, |
| bool | include_gates_per_opcode | ||
| ) |
Definition at line 210 of file api_chonk.cpp.
|
protected |
Definition at line 9 of file private_execution_steps.cpp.
| std::vector< typename Curve::ScalarField > bb::compute_eccvm_challenge_coeffs | ( | const typename Curve::ScalarField & | evaluation_challenge_x, |
| const typename Curve::ScalarField & | batching_challenge_v | ||
| ) |
Denote \( M = \text{NUM_DISABLED_ROWS_IN_SUMCHECK} \) and \( N = NUM_SMALL_IPA_EVALUTIONS\). Given an evaluation challenge \( x \) and a batching challenge \(v\), compute the polynomial whose coefficients are given by the vector \( (1, x , x^2 , \ldots, x^{M - 1 }, v\cdot x, \ldots, v^{N-1} \cdot x^{M-2}, v^{N-1}, \cdot x^{M-1}, 0, \ldots, 0)\) in the Lagrange basis over the Small Subgroup.
| FF |
| evaluation_challenge_x | |
| batching_challenge_v | |
| subgroup_size |
Definition at line 484 of file small_subgroup_ipa.hpp.
|
inline |
The verification of Grand Sum Identity requires the evaluations G(r), A(g * r), A(r), Q(r). Shared by Prover and Verifier.
Definition at line 33 of file small_subgroup_ipa_utils.hpp.
| void bb::compute_grand_product | ( | typename Flavor::ProverPolynomials & | full_polynomials, |
| bb::RelationParameters< typename Flavor::FF > & | relation_parameters, | ||
| size_t | size_override = 0 |
||
| ) |
Compute a grand product polynomial, grand_product_polynomial, which for historical reasons is sometimes also called Z_perm(X). This polynomial will bear witness to some subset of: {copy constraints, multiset-equality, public inputs}.
Z_perm is a shiftable multilinear polynomial and hence is specified by its values on the boolean hypercube. As it is shiftable, Z_perm[0] == 0. Then it is specified by Z_perm[1] = 1 and the following iterative definition:
relation::numerator(j)
Z_perm[i] = ∏ -----------------------------------------------------------------------------— relation::denominator(j)
where ∏ := ∏_{j=0:i-1}
(Note that Z_perm[1] may be thought of as the quotient of the empty product by the empty product, and hence setting is 1 is consistent.)
The specific algebraic relation used by Z_perm is
UltraPermutationRelation for Ultra (and Mega). This inhomogenity is due to the fact that for Ultra/Mega, the grand product computation also involves computing public_input_delta, which doesn't as cleanly fit into the compute_grand_products pattern. (This latter is an optimization having to do with public inputs.)The multilinear polynomial Z_perm is designed to take into account copy-constraints, multiset equality checks, and public inputs. The formula is given as below. Here, the sigma polynomials (wires) encode the permutation (and, in the more general case, multiset tags.)
(w_1(j) + β⋅id_1(j) + γ) ⋅ (w_2(j) + β⋅id_2(j) + γ) ⋅ (w_3(j) + β⋅id_3(j) + γ)
Z_perm[i] = ∏ -----------------------------------------------------------------------------— (w_1(j) + β⋅σ_1(j) + γ) ⋅ (w_2(j) + β⋅σ_2(j) + γ) ⋅ (w_3(j) + β⋅σ_3(j) + γ) where ∏ := ∏_{j=0:i-1} and id_i(X) = id(X) + n*(i-1); here n is also called the SEPARATOR.
The grand product is constructed over the course of three steps.
For expositional simplicity, write Z_perm[i] as
A(j)
Z_perm[i] = ∏ -----------------------— B(h)
Step 1) Compute 2 length-n polynomials A, B Step 2) Compute 2 length-n polynomials numerator = ∏ A(j), denominator = ∏ B(j) Step 3) Compute Z_perm[i + 1] = numerator[i] / denominator[i]
Note: Step (3) utilizes Montgomery batch inversion, performed at the end of Step (2).
| Flavor | |
| GrandProdRelation |
| full_polynomials | |
| relation_parameters | |
| size_override | optional size of the domain; otherwise based on dyadic polynomial domain |
Definition at line 81 of file grand_product_library.hpp.
| void bb::compute_grand_products | ( | typename Flavor::ProverPolynomials & | full_polynomials, |
| bb::RelationParameters< typename Flavor::FF > & | relation_parameters, | ||
| const size_t | size_override = 0 |
||
| ) |
Compute the grand product corresponding to each grand-product relation defined in the Flavor.
Definition at line 201 of file grand_product_library.hpp.
| void bb::compute_logderivative_inverse | ( | Polynomials & | polynomials, |
| auto & | relation_parameters, | ||
| const size_t | circuit_size | ||
| ) |
Compute the inverse polynomial I(X) required for logderivative lookups
where ∏ := ∏_{j=0:relation::NUM_READ_TERMS-1} and ∏' := ∏'_{j=0:relation::NUM_WRITE_TERMS-1}
If row [i] does not contain a lookup read gate or a write gate, Inverse[i] = 0 N.B. by "write gate" we mean; do the lookup table polynomials contain nonzero values at this row? (in the ECCVM, the lookup table is not precomputed, so we have a concept of a "write gate", unlike when precomputed lookup tables are used)
The specific algebraic relations that define read terms and write terms are defined in Flavor::LookupRelation
Note: tparam UseMultithreading exists because the AVM calls this fn in a multithreaded loop (no nested multithreading allowed) but the ECCVM benefits from multithreading this fn
Definition at line 40 of file logderivative_library.hpp.
|
constexpr |
Utility function to find max PARTIAL_RELATION_LENGTH tuples of Relations.
The "partial length" of a relation is 1 + the degree of the relation, where any challenges used in the relation are as constants, not as variables..
Definition at line 460 of file flavor.hpp.
|
constexpr |
Utility function to find the number of subrelations.
Definition at line 471 of file flavor.hpp.
| void bb::compute_permutation_argument_polynomials | ( | const typename Flavor::CircuitBuilder & | circuit, |
| typename Flavor::ProverPolynomials & | polynomials, | ||
| const std::vector< CyclicPermutation > & | copy_cycles | ||
| ) |
Compute Honk-style permutation sigma/id polynomials and add to prover_instance, where the copy_cycles are pre-computed sets of wire addresses whose values should be copy-constrained.
Definition at line 282 of file permutation_lib.hpp.
| Flavor::FF bb::compute_public_input_delta | ( | std::span< const typename Flavor::FF > | public_inputs, |
| const typename Flavor::FF & | beta, | ||
| const typename Flavor::FF & | gamma, | ||
| const typename Flavor::FF & | offset = 0 |
||
| ) |
Compute the correction term for the permutation argument.
| Flavor |
| public_inputs | x₀, ..., xₘ₋₁ public inputs to the circuit |
| beta | random linear-combination term to combine both (wʲ, IDʲ) and (wʲ, σʲ) |
| gamma | Schwartz-Zippel random evaluation to ensure ∏ᵢ (γ + Sᵢ) = ∏ᵢ (γ + Tᵢ) |
| offset | Extent to which PI are offset from the 0th index in the wire polynomials, for example, due to inclusion of a leading zero row or Goblin style ECC op gates at the top of the execution trace. |
Definition at line 25 of file grand_product_delta.hpp.
|
constexpr |
Concatenates multiple RefArray objects into a single RefArray.
This function takes multiple RefArray objects as input and concatenates them into a single RefArray.
| T | The type of elements in the RefArray. |
| Ns | The sizes of the input RefArrays. |
| ref_arrays | The RefArray objects to be concatenated. |
Definition at line 158 of file ref_array.hpp.
| RefVector< T > bb::concatenate | ( | const RefVector< T > & | ref_vector, |
| const auto &... | ref_vectors | ||
| ) |
Concatenates multiple RefVector objects into a single RefVector.
This function takes multiple RefVector objects as input and concatenates them into a single RefVector.
| T | The type of elements in the RefVector. |
| ref_vectors | The RefVector objects to be concatenated. |
Definition at line 147 of file ref_vector.hpp.
| std::array< T,(Ns+...)> bb::concatenate | ( | const std::array< T, Ns > &... | arrays | ) |
Concatenates multiple std::array objects into a single array.
This function template takes a variadic number of std::array objects and concatenates their elements into a single std::array. The size of the resulting array is the sum of the sizes of the input arrays.
| T | The type of elements stored in the arrays. |
| Ns | The sizes of the input arrays. This is a variadic template parameter pack representing the sizes of each input array. |
| arrays | Variadic number of std::array objects to concatenate. Each array can have a different size but must contain the same type of elements. |
Example usage: std::array<int, 2> a = {1, 2}; std::array<int, 3> b = {3, 4, 5}; auto result = concatenate(a, b); // result is std::array<int, 5>{1, 2, 3, 4, 5}
Definition at line 26 of file std_array.hpp.
| std::vector< T > bb::concatenate | ( | const std::vector< T > & | vector, |
| const auto &... | vectors | ||
| ) |
Concatenates multiple std::vector objects into a single std::vector.
| T | The type of elements in the std::vector. |
| vectors | The std::vector objects to be concatenated. |
Definition at line 12 of file std_vector.hpp.
|
constexpr |
Implements a loop using a compile-time iterator. Requires c++20. Implementation (and description) from https://artificial-mind.net/blog/2020/10/31/constexpr-for.
| Start | the loop start value |
| End | the loop end value |
| Inc | how much the iterator increases by per iteration |
| F | a Lambda function that is executed once per loop |
| f | An rvalue reference to the lambda |
Implements a for loop where the iterator is a constexpr variable. Use this when you need to evaluate if constexpr statements on the iterator (or apply other constexpr expressions) Outside of this use-case avoid using this fn as it gives negligible performance increases vs regular loops.
N.B. A side-effect of this method is that all loops will be unrolled (each loop iteration uses different iterator template parameters => unique constexpr_for implementation per iteration) Do not use this for large (~100+) loops!
EXAMPLE USE OF constexpr_for
constexpr_for<0, 10, 1>([&]<size_t i>(){ if constexpr (i & 1 == 0) { foo[i] = even_container[i >> 1]; } else { foo[i] = odd_container[i >> 1]; } });
In the above example we are iterating from i = 0 to i < 10. The provided lambda function has captured everything in its surrounding scope (via [&]), which is where foo, even_container and odd_container have come from.
We do not need to explicitly define the class F parameter as the compiler derives it from our provided input argument F&& f (i.e. the lambda function)
In the loop itself we're evaluating a constexpr if statement that defines which code path is taken.
The above example benefits from constexpr_for because a run-time if statement has been reduced to a compile-time if statement. N.B. this would only give measurable improvements if the constexpr_for statement is itself in a hot loop that's iterated over many (>thousands) times
Definition at line 71 of file constexpr_utils.hpp.
| void bb::construct_lookup_read_counts | ( | typename Flavor::Polynomial & | read_counts, |
| typename Flavor::Polynomial & | read_tags, | ||
| typename Flavor::CircuitBuilder & | circuit | ||
| ) |
Construct polynomial whose value at index i is the number of times the table entry at that index has been read.
Read counts are needed for the log derivative lookup argument. The table polynomials are constructed as a concatenation of basic 3-column tables. Similarly, the read counts polynomial is constructed as the concatenation of read counts for the individual tables.
Definition at line 50 of file composer_lib.hpp.
| void bb::construct_lookup_table_polynomials | ( | const RefArray< typename Flavor::Polynomial, 4 > & | table_polynomials, |
| const typename Flavor::CircuitBuilder & | circuit | ||
| ) |
Construct polynomials containing the concatenation of all lookup tables used in the circuit.
The first three polynomials contain the table data, while the fourth polynomial contains a table index that simply reflects the order in which the tables were added to the circuit.
| Flavor |
| table_polynomials | Polynomials to populate with table data |
| circuit |
Definition at line 27 of file composer_lib.hpp.
| CommitmentKey< Curve > bb::create_commitment_key | ( | const size_t | num_points | ) |
Definition at line 16 of file commit.bench.cpp.
|
inline |
Definition at line 100 of file commitment_key.test.hpp.
|
inline |
Definition at line 78 of file commitment_key.test.hpp.
|
inline |
Definition at line 78 of file commitment_key.test.hpp.
|
constexpr |
Utility function to construct a container for the subrelation accumulators of sumcheck proving.
The size of the outer tuple is equal to the number of relations. Each relation contributes an inner tuple of univariates whose size is equal to the number of subrelations of the relation. The length of a univariate in an inner tuple is determined by the corresponding subrelation length.
Definition at line 485 of file flavor.hpp.
|
constexpr |
Definition at line 508 of file flavor.hpp.
|
inline |
Definition at line 120 of file commitment_key.test.hpp.
|
inline |
Definition at line 106 of file commitment_key.test.hpp.
|
inline |
Definition at line 106 of file commitment_key.test.hpp.
| std::vector< uint8_t > bb::decompress | ( | const void * | bytes, |
| size_t | size | ||
| ) |
Definition at line 30 of file private_execution_steps.cpp.
| bb::DEFINE_SUMCHECK_PERMUTATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMBoolsRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMLookupRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMMSMRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMPointTableRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMTranscriptRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | ECCVMWnafRelationImpl | , |
| ECCVMFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorAccumulatorTransferRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorDeltaRangeConstraintRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorNonNativeFieldRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorOpcodeConstraintRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorPermutationRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_RELATION_CLASS | ( | TranslatorZeroConstraintsRelationImpl | , |
| TranslatorFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_PERMUTATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMBoolsRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMLookupRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMMSMRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMPointTableRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMSetRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMTranscriptRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | ECCVMWnafRelationImpl | , |
| ECCVMRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorAccumulatorTransferRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorDecompositionRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorDeltaRangeConstraintRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorNonNativeFieldRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorOpcodeConstraintRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorPermutationRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DEFINE_SUMCHECK_VERIFIER_RELATION_CLASS | ( | TranslatorZeroConstraintsRelationImpl | , |
| TranslatorRecursiveFlavor | |||
| ) |
| bb::DenseRange | ( | MIN_LOG_NUM_GRUMPKIN_POINTS | , |
| MAX_LOG_NUM_GRUMPKIN_POINTS | |||
| ) | -> Unit(benchmark::kMillisecond) |
| bb::DenseRange | ( | MIN_LOG_NUM_POINTS | , |
| MAX_LOG_NUM_POINTS | |||
| ) | -> Unit(benchmark::kMillisecond) |
| int bb::execute_msgpack_ipc_server | ( | std::unique_ptr< ipc::IpcServer > | server | ) |
Execute msgpack commands over IPC.
Runs an IPC server that accepts concurrent clients. Clients can send msgpack commands independently, and responses are automatically routed back to the correct client.
| server | IPC server instance (socket or shared memory) |
Definition at line 148 of file api_msgpack.cpp.
| int bb::execute_msgpack_run | ( | const std::string & | msgpack_input_file, |
| int | max_clients = 1, |
||
| size_t | request_ring_size = 1024UL *1024, |
||
| size_t | response_ring_size = 1024UL *1024 |
||
| ) |
Execute msgpack run command.
This function handles the msgpack run subcommand, reading commands from either stdin, a specified file, a Unix domain socket (if path ends in .sock), or shared memory IPC (if path ends in .shm).
| msgpack_input_file | Path to input file (empty string means use stdin, .sock suffix means Unix socket, .shm suffix means shared memory) |
| max_clients | Maximum number of concurrent clients for IPC servers (default: 1) |
| request_ring_size | Request ring buffer size for shared memory (default: 1MB) |
| response_ring_size | Response ring buffer size for shared memory (default: 1MB) |
Definition at line 283 of file api_msgpack.cpp.
|
inline |
Extract origin tag context from a transcript.
Friend function that has controlled access to transcript's private round tracking state.
| TranscriptType | The type of transcript (NativeTranscript or StdlibTranscript) |
| transcript | The transcript to extract tag context from |
Definition at line 298 of file origin_tag.hpp.
|
inline |
Definition at line 90 of file file_io.hpp.
| std::vector< std::string > bb::find_contract_artifacts | ( | const std::string & | search_path = "." | ) |
Find all contract artifacts in target/ directories.
| search_path | Root path to search from (defaults to current directory) |
Definition at line 287 of file aztec_process.cpp.
| InnerCont bb::flatten | ( | Cont< InnerCont, Args... > const & | in | ) |
Definition at line 47 of file container.hpp.
|
inline |
Definition at line 70 of file flavor_concepts.hpp.
| void bb::generate_sha256_test_circuit | ( | Builder & | builder, |
| size_t | num_iterations | ||
| ) |
Generate a test circuit using SHA256 compression (sha256_block)
Creates circuit constraints by iteratively calling sha256_block, feeding the output as h_init for the next iteration. This tests the primitive exposed to ACIR (Sha256Compression opcode).
Definition at line 34 of file mock_circuits.hpp.
| Fr_ bb::generic_evaluate_mle | ( | std::span< const Fr_ > | evaluation_points, |
| const SharedShiftedVirtualZeroesArray< Fr_ > & | coefficients | ||
| ) |
Static exposed implementation to support both native and stdlib circuit field types.
Definition at line 511 of file polynomial.hpp.
| AssertMode & bb::get_assert_mode | ( | ) |
Definition at line 5 of file assert.cpp.
| std::vector< g1::affine_element > bb::get_bn254_g1_data | ( | const std::filesystem::path & | path, |
| size_t | num_points, | ||
| bool | allow_download | ||
| ) |
Definition at line 41 of file get_bn254_crs.cpp.
| g2::affine_element bb::get_bn254_g2_data | ( | const std::filesystem::path & | path, |
| bool | allow_download = true |
||
| ) |
| bool bb::get_cache_paths | ( | const std::string & | input_path | ) |
Get cache paths for all verification keys in an artifact.
Outputs cache key information in format: <hash>:<cache_path> One line per function, to stdout.
| input_path | Path to input artifact JSON |
Definition at line 348 of file aztec_process.cpp.
| std::vector< uint8_t > bb::get_curve_constants_msgpack | ( | ) |
Generate msgpack-encoded curve constants for all supported curves.
Definition at line 80 of file curve_constants.cpp.
|
inline |
Shared by Prover and Verifier. label_prefix is either Libra: or Translation:.
Definition at line 20 of file small_subgroup_ipa_utils.hpp.
|
inline |
Definition at line 17 of file file_io.hpp.
| std::vector< curve::Grumpkin::AffineElement > bb::get_grumpkin_g1_data | ( | const std::filesystem::path & | path, |
| size_t | num_points, | ||
| bool | allow_download | ||
| ) |
Definition at line 10 of file get_grumpkin_crs.cpp.
| size_t bb::get_num_cpus | ( | ) |
Definition at line 33 of file thread.cpp.
|
inline |
Definition at line 25 of file thread.hpp.
|
constexpr |
Definition at line 51 of file precomputed_generators.hpp.
| Flavor::ProverPolynomials bb::get_sequential_prover_polynomials | ( | const size_t | log_circuit_size, |
| const size_t | starting_value | ||
| ) |
Get a ProverPolynomials instance initialized to sequential values starting at 0.
Values are assigned according to the order specified in the underlying array of the flavor class. The function returns an array of data pointed to by the ProverPolynomials.
Definition at line 17 of file testing.hpp.
| auto bb::get_unshifted_then_shifted | ( | const auto & | all_entities | ) |
Definition at line 450 of file flavor.hpp.
| Flavor::ProverPolynomials bb::get_zero_prover_polynomials | ( | const size_t | log_circuit_size | ) |
Definition at line 35 of file testing.hpp.
| int64_t bb::index_of | ( | std::vector< T > const & | vec, |
| T const & | item | ||
| ) |
Definition at line 58 of file container.hpp.
| std::array< FF, N > bb::initialize_relation_separator | ( | const FF & | alpha | ) |
Definition at line 901 of file sumcheck.hpp.
| C bb::join | ( | std::initializer_list< C > | to_join | ) |
Definition at line 26 of file container.hpp.
|
inline |
Definition at line 35 of file container.hpp.
|
inline |
| std::string bb::msgpack_to_json | ( | msgpack::object const & | o, |
| size_t | max_chars | ||
| ) |
Definition at line 6 of file msgpack_to_json.cpp.
| bb::NamedUnion | ( | std::variant< Types... > | ) | -> NamedUnion< Types... > |
| Univariate< Fr, domain_end > bb::operator* | ( | const Fr & | ff, |
| const Univariate< Fr, domain_end > & | uv | ||
| ) |
Definition at line 567 of file univariate.hpp.
| Univariate< Fr, domain_end > bb::operator* | ( | const Fr & | ff, |
| const UnivariateView< Fr, domain_end > & | uv | ||
| ) |
Definition at line 718 of file univariate.hpp.
| Univariate< Fr, domain_end > bb::operator+ | ( | const Fr & | ff, |
| const Univariate< Fr, domain_end > & | uv | ||
| ) |
Definition at line 555 of file univariate.hpp.
| Univariate< Fr, domain_end > bb::operator+ | ( | const Fr & | ff, |
| const UnivariateView< Fr, domain_end > & | uv | ||
| ) |
Definition at line 706 of file univariate.hpp.
| Univariate< Fr, domain_end > bb::operator- | ( | const Fr & | ff, |
| const Univariate< Fr, domain_end > & | uv | ||
| ) |
Definition at line 561 of file univariate.hpp.
| Univariate< Fr, domain_end > bb::operator- | ( | const Fr & | ff, |
| const UnivariateView< Fr, domain_end > & | uv | ||
| ) |
Definition at line 712 of file univariate.hpp.
|
inline |
Definition at line 517 of file polynomial.hpp.
|
inline |
Definition at line 172 of file origin_tag.hpp.
| void bb::parallel_for | ( | const Func & | func | ) |
Definition at line 185 of file thread.hpp.
| void bb::parallel_for | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
Creates a thread pool and runs the function in parallel.
| num_iterations | Number of iterations |
| func | Function to run in parallel Observe that num_iterations is NOT the thread pool size. The size will be chosen based on the hardware concurrency (i.e., env or cpus). |
Definition at line 111 of file thread.cpp.
|
private |
A thread pooled strategy that uses atomics to prevent needing constantly lock on a queue. The main thread acts as a worker also, and when it completes, it spins until thread workers are done.
Definition at line 109 of file parallel_for_atomic_pool.cpp.
| std::vector< Accum > bb::parallel_for_heuristic | ( | size_t | num_points, |
| const Accum & | initial_accum, | ||
| const Func & | func, | ||
| size_t | heuristic_cost | ||
| ) |
parallel_for_heuristic variant that takes an accumulator initializer that is allocated in a vector, one accumulator per thread/chunk. This allows for thread-safe accumulation, see sum() or sum_pairs() in container.hpp for an easy way to combine the thread/chunk contributions into a final result.
Definition at line 78 of file thread.hpp.
| void bb::parallel_for_heuristic | ( | size_t | num_points, |
| const Func & | func, | ||
| size_t | heuristic_cost | ||
| ) |
Definition at line 58 of file thread.hpp.
| void bb::parallel_for_heuristic | ( | size_t | num_points, |
| const std::function< void(size_t, size_t, size_t)> & | func, | ||
| size_t | heuristic_cost | ||
| ) |
Split a loop into several loops running in parallel based on operations in 1 iteration.
Splits the num_points into appropriate number of chunks to do parallel processing on and calls the function that should contain the work loop, but only if it's worth it
| num_points | Total number of elements |
| func | A function or lambda expression with a for loop inside, for example: [&](size_t start, size_t end, size_t thread_index){for (size_t i=start; i<end; i++){ ... work ... } |
| heuristic_cost | the estimated cost of the operation, see namespace thread_heuristics below |
Definition at line 171 of file thread.cpp.
| void bb::parallel_for_moody | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
|
private |
A thread pooled strategy that uses std::mutex for protection. Each worker increments the "iteration" and processes. The main thread acts as a worker also, and when it completes, it spins until thread workers are done.
Definition at line 134 of file parallel_for_mutex_pool.cpp.
| void bb::parallel_for_omp | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
| void bb::parallel_for_queued | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
A thread pooled strategey that assumed that thread pools would be more efficient than spawning threads. Every iteration becomes a task in a queue. That's probably not very efficient. A normal mutex and condition variables are used to distribute tasks and notify.
Definition at line 19 of file parallel_for_queued.cpp.
| void bb::parallel_for_range | ( | size_t | num_points, |
| const std::function< void(size_t, size_t)> & | func, | ||
| size_t | no_multhreading_if_less_or_equal | ||
| ) |
Split a loop into several loops running in parallel.
Splits the num_points into appropriate number of chunks to do parallel processing on and calls the function that should contain the work loop
| num_points | Total number of elements |
| func | A function or lambda expression with a for loop inside, for example: [](size_t start, size_t end){for (size_t i=start; i<end; i++){(void)i;}} |
| no_multhreading_if_less_or_equal | If num points is less or equal to this value, run without parallelization |
Definition at line 141 of file thread.cpp.
| void bb::parallel_for_spawning | ( | size_t | num_iterations, |
| const std::function< void(size_t)> & | func | ||
| ) |
A very simple strategy. Spawn a worker thread for every iteration (but no more than num cores). Worker threads tight-loop incrementing an atomic variable from 0-num_iterations, until num_iterations reached. Main thread waits on all worker threads by joining.
Definition at line 11 of file parallel_for_spawning.cpp.
| int bb::parse_and_run_cli_command | ( | int | argc, |
| char * | argv[] | ||
| ) |
Parse command line arguments and run the corresponding command.
This function encapsulates the entire CLI parsing and command execution logic that is used in the main function. It's designed as a standalone function to support multiple entry points:
bb executableThe function utilizes CLI11 for argument parsing and creates a hierarchy of commands and subcommands with appropriate options. This encapsulation allows the CLI functionality to be tested and benchmarked without duplicating the command structure across multiple files.
| argc | Number of command-line arguments |
| argv | Array of command-line argument strings |
| std::vector< std::shared_ptr< typename MegaFlavor::VerificationKey > > bb::precompute_vks | ( | const size_t | num_app_circuits, |
| const bool | large_first_app = true |
||
| ) |
Definition at line 42 of file test_bench_shared.hpp.
| void bb::print_active_subcommands | ( | const CLI::App & | app, |
| const std::string & | prefix = "bb command: " |
||
| ) |
| bool bb::process_all_artifacts | ( | const std::string & | search_path = ".", |
| bool | force = false |
||
| ) |
Process all discovered contract artifacts in a directory tree.
| search_path | Root path to search from (defaults to current directory) |
| force | Force regeneration even if cached |
Definition at line 322 of file aztec_process.cpp.
| bool bb::process_aztec_artifact | ( | const std::string & | input_path, |
| const std::string & | output_path, | ||
| bool | force = false |
||
| ) |
Process Aztec contract artifacts: transpile and generate verification keys.
| input_path | Path to input artifact JSON |
| output_path | Path to output artifact JSON (can be same as input) |
| force | Force regeneration even if cached |
Definition at line 236 of file aztec_process.cpp.
| int bb::process_msgpack_commands | ( | std::istream & | input_stream | ) |
Process msgpack API commands from an input stream.
This function reads length-encoded msgpack buffers from the provided input stream, deserializes them into Command objects, executes them via the bbapi interface, and writes length-encoded responses back to stdout.
The format for each message is:
| input_stream | The input stream to read msgpack commands from (stdin or file) |
Definition at line 25 of file api_msgpack.cpp.
|
inline |
Definition at line 81 of file gate_data.hpp.
| void bb::read | ( | B & | it, |
| field2< base_field, Params > & | value | ||
| ) |
Definition at line 149 of file field2_declarations.hpp.
Definition at line 728 of file field_declarations.hpp.
|
inline |
Definition at line 541 of file univariate.hpp.
|
inline |
Definition at line 339 of file univariate_coefficient_basis.hpp.
|
inline |
|
inline |
Definition at line 549 of file flavor.hpp.
|
inline |
Definition at line 29 of file file_io.hpp.
| bb::RefArray | ( | T & | , |
| Ts & | ... | ||
| ) | -> RefArray< T, 1+sizeof...(Ts)> |
| bb::RefVector | ( | T & | , |
| Ts & | ... | ||
| ) | -> RefVector< T > |
| void bb::set_parallel_for_concurrency | ( | size_t | num_cores | ) |
Definition at line 23 of file thread.cpp.
Definition at line 9 of file container.hpp.
Definition at line 17 of file container.hpp.
| Polynomial< FF > bb::sparse_random_poly | ( | const size_t | size, |
| const size_t | num_nonzero | ||
| ) |
Definition at line 24 of file commit.bench.cpp.
| PolyData< FF > bb::structured_random_poly | ( | bool | non_zero_complement = false | ) |
Definition at line 44 of file commit.bench.cpp.
|
constexpr |
Check whether a given subrelation is linearly independent from the other subrelations.
More often than not, we want multiply each subrelation contribution by a power of the relation separator challenge. In cases where we wish to define a subrelation that merges into another, we encode this in a boolean array SUBRELATION_LINEARLY_INDEPENDENT in the relation. If no such array is defined, then the default case where all subrelations are independent is engaged.
Definition at line 30 of file relation_types.hpp.
| Inner bb::sum | ( | Cont< Inner, Args... > const & | in | ) |
Definition at line 70 of file container.hpp.
| std::pair< Left, Right > bb::sum_pairs | ( | Cont< std::pair< Left, Right >, Args... > const & | in | ) |
Definition at line 81 of file container.hpp.
|
inline |
Tag a component with a given origin tag and serialize it to field elements.
| in_circuit | Whether the transcript is in-circuit mode |
| Codec | The codec to use for serialization (provides DataType and serialize_to_fields) |
| T | The type of the component to tag and serialize |
| component | The component to tag and serialize |
| tag | The origin tag to assign |
Definition at line 281 of file origin_tag.hpp.
| void bb::tamper_with_proof | ( | InnerProver & | inner_prover, |
| ProofType & | inner_proof, | ||
| TamperType | type | ||
| ) |
Test method that provides several ways to tamper with a proof. TODO(https://github.com/AztecProtocol/barretenberg/issues/1298): Currently, several tests are failing due to challenges not being re-computed after tampering. We need to extend this tool to allow for more elaborate tampering.
| InnerProver | |
| InnerFlavor | |
| ProofType |
| inner_prover | |
| inner_proof | |
| type |
Definition at line 35 of file tamper_proof.hpp.
| void bb::tamper_with_proof | ( | ProofType & | inner_proof, |
| bool | end_of_proof | ||
| ) |
Tamper with a proof by modifying the first pairing point to be P+G (where G is the generator). This keeps the point on the curve but makes the proof invalid.
Definition at line 107 of file tamper_proof.hpp.
| bb::TEST | ( | BoomerangMegaCircuitBuilder | , |
| BasicCircuit | |||
| ) |
Definition at line 22 of file graph_description_megacircuitbuilder.test.cpp.
| bb::TEST | ( | BoomerangMegaCircuitBuilder | , |
| OnlyGoblinEccOpQueueUltraOps | |||
| ) |
Check that the ultra ops are recorded correctly in the EccOpQueue.
Definition at line 66 of file graph_description_megacircuitbuilder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| BaseCase | |||
| ) |
Definition at line 53 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| CompleteSelectorPartitioningCheck | |||
| ) |
Check that the selector partitioning is correct for the mega circuit builder.
We check that for the arithmetic, delta_range, elliptic, memory, nnf, lookup, busread, poseidon2_external, poseidon2_internal blocks, and the other selectors are zero on that block.
Definition at line 170 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| CopyConstructor | |||
| ) |
Definition at line 14 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| GoblinEccOpQueueUltraOps | |||
| ) |
Check that the ultra ops are recorded correctly in the EccOpQueue.
Definition at line 136 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | MegaCircuitBuilder | , |
| GoblinSimple | |||
| ) |
Test the queueing of simple ecc ops via the Goblin builder.
There are two things to check here: 1) When ecc ops are queued by the builder, the corresponding native operations are performed correctly by the internal ecc op queue, and 2) The ecc op gate operands are correctly encoded in the op_wires, i.e. the operands can be reconstructed as expected.
Definition at line 69 of file mega_circuit_builder.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| BadTagPermutation | |||
| ) |
Definition at line 88 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| BaseCase | |||
| ) |
Definition at line 36 of file ultra_circuit_builder_basic.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| CheckCircuitShowcase | |||
| ) |
Definition at line 65 of file ultra_circuit_builder_basic.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| ComposedRangeConstraint | |||
| ) |
Definition at line 111 of file ultra_circuit_builder_range.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| CopyConstructor | |||
| ) |
Definition at line 10 of file ultra_circuit_builder_basic.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| NonTrivialTagPermutation | |||
| ) |
Definition at line 19 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| NonTrivialTagPermutationAndCycles | |||
| ) |
Definition at line 49 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| Ram | |||
| ) |
Definition at line 85 of file ultra_circuit_builder_memory.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RamSimple | |||
| ) |
A simple-as-possible RAM read test, for easier debugging.
Definition at line 55 of file ultra_circuit_builder_memory.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeChecksOnDuplicates | |||
| ) |
Definition at line 133 of file ultra_circuit_builder_range.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeConstraint | |||
| ) |
Definition at line 20 of file ultra_circuit_builder_range.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeWithGates | |||
| ) |
Definition at line 81 of file ultra_circuit_builder_range.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| RangeWithGatesWhereRangeIsNotAPowerOfTwo | |||
| ) |
Definition at line 96 of file ultra_circuit_builder_range.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| Rom | |||
| ) |
Definition at line 11 of file ultra_circuit_builder_memory.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWidget | |||
| ) |
Definition at line 116 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWidgetComplex | |||
| ) |
Definition at line 216 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWidgetNeg | |||
| ) |
Definition at line 242 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| SortWithEdgesGate | |||
| ) |
Definition at line 133 of file ultra_circuit_builder_sort_permutation.test.cpp.
| bb::TEST | ( | UltraCircuitBuilder | , |
| TestNoLookupProof | |||
| ) |
Definition at line 44 of file ultra_circuit_builder_basic.test.cpp.
| bb::TEST_F | ( | EccRelationsConsistency | , |
| RecursiveToNativeConsistency | |||
| ) |
Definition at line 49 of file ecc_relation_consistency.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| IndependentVKHash | |||
| ) |
Definition at line 301 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| SingleRecursiveVerification | |||
| ) |
Definition at line 285 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| SingleRecursiveVerificationFailure | |||
| ) |
Definition at line 290 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | ECCVMRecursiveTests | , |
| SingleRecursiveVerificationFailureTamperedProof | |||
| ) |
Definition at line 295 of file eccvm_recursive_verifier.test.cpp.
| bb::TEST_F | ( | IPATest | , |
| AIsZeroAfterOneRound | |||
| ) |
Definition at line 229 of file ipa.test.cpp.
| bb::TEST_F | ( | IPATest | , |
| ChallengesAreZero | |||
| ) |
Definition at line 185 of file ipa.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ConstantPolynomial | |||
| ) |
Definition at line 94 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| EmptyPolynomial | |||
| ) |
Definition at line 103 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ShpleminiKzgShiftsRemoval | |||
| ) |
Definition at line 257 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ShpleminiKzgWithShift | |||
| ) |
Definition at line 145 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ShpleminiKzgWithShiftAndInterleaving | |||
| ) |
Definition at line 198 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| Single | |||
| ) |
Definition at line 54 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| SingleInLagrangeBasis | |||
| ) |
Test opening proof of a polynomial given by its evaluations at \( i = 0, \ldots, n \). Should only be used for small values of \( n \).
Definition at line 117 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ZeroEvaluation | |||
| ) |
Definition at line 64 of file kzg.test.cpp.
| bb::TEST_F | ( | KZGTest | , |
| ZeroPolynomial | |||
| ) |
Definition at line 77 of file kzg.test.cpp.
| bb::TEST_F | ( | MergeTranscriptTests | , |
| ProverManifestConsistency | |||
| ) |
Ensure consistency between the hardcoded manifest and the one generated by the merge prover.
Definition at line 595 of file merge.test.cpp.
| bb::TEST_F | ( | MergeTranscriptTests | , |
| VerifierManifestConsistency | |||
| ) |
Ensure consistency between prover and verifier manifests.
Definition at line 628 of file merge.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| BasicParallelFor | |||
| ) |
Definition at line 28 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| CalculateNumThreads | |||
| ) |
Definition at line 42 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| CalculateNumThreadsPow2 | |||
| ) |
Definition at line 65 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| HardwareConcurrency | |||
| ) |
Definition at line 153 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| HardwareConcurrencyPow2 | |||
| ) |
Definition at line 169 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| OneIteration | |||
| ) |
Definition at line 94 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| ParallelForRange | |||
| ) |
Definition at line 107 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| ParallelForRangeThreshold | |||
| ) |
Definition at line 125 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| SpawnedThreadsCanUseParallelFor | |||
| ) |
Definition at line 194 of file thread.test.cpp.
| bb::TEST_F | ( | ThreadTest | , |
| ZeroIterations | |||
| ) |
Definition at line 84 of file thread.test.cpp.
| bb::TEST_F | ( | TranslatorRecursiveTests | , |
| IndependentVKHash | |||
| ) |
Definition at line 258 of file translator_recursive_verifier.test.cpp.
| bb::TEST_F | ( | TranslatorRecursiveTests | , |
| SingleRecursiveVerification | |||
| ) |
Definition at line 253 of file translator_recursive_verifier.test.cpp.
| bool bb::transpile_artifact | ( | const std::string & | input_path, |
| const std::string & | output_path | ||
| ) |
Transpile the artifact file (or copy if transpiler not enabled)
Definition at line 199 of file aztec_process.cpp.
| bb::TYPED_TEST | ( | BatchedAffineAdditionTests | , |
| Reduce | |||
| ) |
Definition at line 28 of file batched_affine_addition.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| DegreeCheckFailureAppend | |||
| ) |
Definition at line 386 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| DegreeCheckFailurePrepend | |||
| ) |
Definition at line 381 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| DifferentTranscriptOriginTagFailure | |||
| ) |
Test that mixing values from different transcript instances causes instant failure.
Simulates a realistic scenario where a circuit contains two merge verifiers, each with their own transcript instance, and accidentally tries to use commitments from one verifier with the other verifier's transcript. This is a critical security vulnerability that the OriginTag system must detect.
The test creates two separate transcript instances (simulating two independent verifiers in the same circuit) and attempts to mix their values. The OriginTag system detects the parent tag mismatch and throws: "Tags from different transcripts were involved in the same computation"
Only runs in recursive context where OriginTag tracking is active.
Definition at line 424 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| EvalFailureAppend | |||
| ) |
Definition at line 406 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| EvalFailurePrepend | |||
| ) |
Definition at line 401 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| MergeFailureAppend | |||
| ) |
Definition at line 396 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| MergeFailurePrepend | |||
| ) |
Definition at line 391 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| MergePrependThenAppend | |||
| ) |
Definition at line 376 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| MergeProofSizeCheck | |||
| ) |
Definition at line 361 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| MultipleMergesPrepend | |||
| ) |
Definition at line 371 of file merge.test.cpp.
| bb::TYPED_TEST | ( | MergeTests | , |
| SingleMerge | |||
| ) |
Definition at line 366 of file merge.test.cpp.
| bb::TYPED_TEST | ( | RecursiveVeriferCommitmentKeyTest | , |
| EqualityTest | |||
| ) |
Definition at line 40 of file verifier_commitment_key.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| CorrectnessOfGeminiClaimBatching | |||
| ) |
Definition at line 146 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| CorrectnessOfMultivariateClaimBatching | |||
| ) |
Definition at line 52 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| HighDegreeAttackAccept | |||
| ) |
High degree attack test: prover commits to a higher degree polynomial than expected.
The polynomial is crafted such that it folds down to a constant (equal to the claimed evaluation) after the expected number of rounds. In this case, the verifier accepts. See: https://hackmd.io/zm5SDfBqTKKXGpI-zQHtpA?view
Definition at line 486 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| HighDegreeAttackReject | |||
| ) |
High degree attack test: prover commits to a random higher degree polynomial.
The polynomial does not fold down to a constant after the expected number of rounds. In this case, the verifier rejects with high probability.
Definition at line 558 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| ShpleminiZKNoSumcheckOpenings | |||
| ) |
Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver and Libra polynomials used to mask Sumcheck Round Univariates. This abstracts the PCS step in each ZK Flavor running over BN254.
Definition at line 263 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShpleminiTest | , |
| ShpleminiZKWithSumcheckOpenings | |||
| ) |
Test Shplemini with ZK data consisting of a hiding polynomial generated by GeminiProver, Libra polynomials used to mask Sumcheck Round Univariates and prove/verify the claimed evaluations of committed sumcheck round univariates. This test abstracts the PCS step in each ZK Flavor running over Grumpkin.
Definition at line 376 of file shplemini.test.cpp.
| bb::TYPED_TEST | ( | ShplonkTest | , |
| ExportBatchClaimAndVerify | |||
| ) |
Definition at line 92 of file shplonk.test.cpp.
| bb::TYPED_TEST | ( | ShplonkTest | , |
| ShplonkLinearlyDependent | |||
| ) |
Definition at line 50 of file shplonk.test.cpp.
| bb::TYPED_TEST | ( | ShplonkTest | , |
| ShplonkSimple | |||
| ) |
Definition at line 21 of file shplonk.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| LibraEvaluationsConsistency | |||
| ) |
Definition at line 173 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| LibraEvaluationsConsistencyFailure | |||
| ) |
Definition at line 210 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| ProverComputationsCorrectness | |||
| ) |
Definition at line 52 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| TranslationMaskingTermConsistency | |||
| ) |
Definition at line 255 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| TranslationMaskingTermConsistencyFailure | |||
| ) |
Definition at line 307 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST | ( | SmallSubgroupIPATest | , |
| VerifierEvaluations | |||
| ) |
Definition at line 123 of file small_subgroup_ipa.test.cpp.
| bb::TYPED_TEST_SUITE | ( | BatchedAffineAdditionTests | , |
| Curves | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | MergeTests | , |
| CurveTypes | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | RecursiveVeriferCommitmentKeyTest | , |
| Curves | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | ShpleminiTest | , |
| TestSettings | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | ShplonkTest | , |
| CurveTypes | |||
| ) |
| bb::TYPED_TEST_SUITE | ( | SmallSubgroupIPATest | , |
| TestFlavors | |||
| ) |
| template bool bb::UltraCircuitChecker::check< MegaCircuitBuilder_< bb::fr > > | ( | const MegaCircuitBuilder_< bb::fr > & | builder_in | ) |
| auto bb::UltraCircuitChecker::init_empty_values< MegaCircuitBuilder_< bb::fr > > | ( | ) |
Definition at line 14 of file ultra_circuit_checker.cpp.
| MegaCircuitBuilder_< bb::fr > bb::UltraCircuitChecker::prepare_circuit< MegaCircuitBuilder_< bb::fr > > | ( | const MegaCircuitBuilder_< bb::fr > & | builder_in | ) |
Definition at line 14 of file ultra_circuit_checker.cpp.
| T bb::unpack_from_file | ( | const std::filesystem::path & | filename | ) |
Definition at line 56 of file private_execution_steps.cpp.
|
inline |
Unsets free witness tags on all elements in a vector.
Only operates when in_circuit is true
| in_circuit | Whether the transcript is in-circuit mode |
| DataType | The type of the elements in the vector |
| input | The vector of elements to process |
Definition at line 261 of file origin_tag.hpp.
|
inline |
Definition at line 93 of file gate_data.hpp.
| void bb::write | ( | B & | buf, |
| field2< base_field, Params > const & | value | ||
| ) |
Definition at line 155 of file field2_declarations.hpp.
Definition at line 738 of file field_declarations.hpp.
|
inline |
Definition at line 548 of file univariate.hpp.
|
inline |
Definition at line 346 of file univariate_coefficient_basis.hpp.
|
inline |
|
inline |
Definition at line 567 of file flavor.hpp.
| void bb::write_curve_constants_msgpack_to_stdout | ( | ) |
Write msgpack-encoded curve constants to stdout.
Definition at line 90 of file curve_constants.cpp.
|
inline |
Definition at line 58 of file file_io.hpp.
| auto bb::zip_polys | ( | Poly && | poly, |
| Polys &&... | polys | ||
| ) |
Definition at line 534 of file polynomial.hpp.
| const size_t bb::ADD_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of ADD_ASSIGN instruction.
Definition at line 112 of file field.fuzzer.hpp.
| const size_t bb::ADD_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of ADD instruction.
Definition at line 111 of file field.fuzzer.hpp.
| const bool bb::avm_enabled = true |
Definition at line 14 of file api_avm.cpp.
| const size_t bb::BATCH_INVERT_SIZE |
Size of BATCH_INVERT instruction.
Definition at line 133 of file field.fuzzer.hpp.
|
inline |
Definition at line 14 of file version.hpp.
| const char *const bb::BB_VERSION_PLACEHOLDER = "BARRETENBERG_VERSION_SENTINEL00000000.00000000.00000000" |
Definition at line 10 of file version.cpp.
|
constexpr |
Definition at line 10 of file version.hpp.
| CommitmentKey<Curve> bb::ck |
Definition at line 20 of file ipa.fuzzer.cpp.
|
constexpr |
Definition at line 20 of file commitment_key.test.hpp.
|
constexpr |
Definition at line 21 of file commitment_key.test.hpp.
|
constexpr |
Definition at line 18 of file ipa.fuzzer.cpp.
| const size_t bb::DEFAULT_MIN_ITERS_PER_THREAD = 1 << 4 |
Definition at line 96 of file thread.hpp.
| const size_t bb::DIV_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of DIV_ASSIGN instruction.
Definition at line 119 of file field.fuzzer.hpp.
| const size_t bb::DIV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of DIV instruction.
Definition at line 118 of file field.fuzzer.hpp.
| const size_t bb::EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of EQUAL instruction.
Definition at line 127 of file field.fuzzer.hpp.
| const size_t bb::FROM_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of FROM_MONTGOMERY instruction.
Definition at line 130 of file field.fuzzer.hpp.
| const size_t bb::INCREMENT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of INCREMENT instruction.
Definition at line 113 of file field.fuzzer.hpp.
| const size_t bb::INDEX_SIZE = 1 |
Size of index field in bytes.
Definition at line 104 of file field.fuzzer.hpp.
| const size_t bb::INSTRUCTION_HEADER_SIZE = 1 |
Size of instruction header in bytes.
Definition at line 103 of file field.fuzzer.hpp.
| const size_t bb::INTERNAL_STATE_SIZE = 32 |
Constant defining the number of elements in the VM's internal state.
Definition at line 30 of file field.fuzzer.hpp.
| const size_t bb::INV_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of INV instruction.
Definition at line 120 of file field.fuzzer.hpp.
|
inlineconstexpr |
Definition at line 258 of file barycentric.hpp.
| const size_t bb::IS_ZERO_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of IS_ZERO instruction.
Definition at line 126 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 231 of file commit.bench.cpp.
|
constexpr |
Definition at line 91 of file commit.bench.cpp.
|
constexpr |
Definition at line 232 of file commit.bench.cpp.
|
constexpr |
Definition at line 92 of file commit.bench.cpp.
|
constexpr |
Definition at line 230 of file commit.bench.cpp.
|
constexpr |
Definition at line 90 of file commit.bench.cpp.
| const size_t bb::MUL_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of MUL_ASSIGN instruction.
Definition at line 115 of file field.fuzzer.hpp.
| const size_t bb::MUL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of MUL instruction.
Definition at line 114 of file field.fuzzer.hpp.
| const size_t bb::NEG_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of NEG instruction.
Definition at line 121 of file field.fuzzer.hpp.
| const size_t bb::NOT_EQUAL_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of NOT_EQUAL instruction.
Definition at line 128 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 16 of file databus.hpp.
|
constexpr |
Definition at line 16 of file thread.hpp.
|
constexpr |
Definition at line 9 of file constants.hpp.
| const size_t bb::POW_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 + sizeof(uint64_t) |
Size of POW instruction.
Definition at line 124 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 17 of file databus.hpp.
|
constexpr |
Definition at line 18 of file databus.hpp.
| const size_t bb::REDUCE_ONCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of REDUCE_ONCE instruction.
Definition at line 131 of file field.fuzzer.hpp.
| const size_t bb::SELF_REDUCE_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of SELF_REDUCE instruction.
Definition at line 132 of file field.fuzzer.hpp.
| const size_t bb::SET_VALUE_SIZE |
| const size_t bb::SETTINGS_SIZE = sizeof(VMSettings) |
Definition at line 68 of file field.fuzzer.hpp.
|
constexpr |
Definition at line 93 of file commit.bench.cpp.
| const size_t bb::SQR_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE |
Size of SQR_ASSIGN instruction.
Definition at line 123 of file field.fuzzer.hpp.
| const size_t bb::SQR_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of SQR instruction.
Definition at line 122 of file field.fuzzer.hpp.
| const size_t bb::SQRT_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of SQRT instruction.
Definition at line 125 of file field.fuzzer.hpp.
| const size_t bb::SUB_ASSIGN_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of SUB_ASSIGN instruction.
Definition at line 117 of file field.fuzzer.hpp.
| const size_t bb::SUB_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 3 |
Size of SUB instruction.
Definition at line 116 of file field.fuzzer.hpp.
| const size_t bb::TO_MONTGOMERY_SIZE = INSTRUCTION_HEADER_SIZE + INDEX_SIZE * 2 |
Size of TO_MONTGOMERY instruction.
Definition at line 129 of file field.fuzzer.hpp.
|
inline |
Definition at line 35 of file transcript.hpp.
| VerifierCommitmentKey<Curve> bb::vk |
Definition at line 21 of file ipa.fuzzer.cpp.
1.9.8