ultra_recursive_flavor.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }
// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }
// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }
// =====================
 
#pragma once
#include "barretenberg/flavor/ultra_flavor.hpp"
#include "barretenberg/srs/factories/crs_factory.hpp"
 
#include <array>
#include <concepts>
#include <span>
#include <string>
#include <type_traits>
#include <vector>
 
#include "barretenberg/stdlib/primitives/curves/bn254.hpp"
#include "barretenberg/stdlib/primitives/field/field.hpp"
 
namespace bb {
 
template <typename BuilderType> class UltraRecursiveFlavor_ {
  public:
    using CircuitBuilder = BuilderType; // Determines arithmetization of circuit instantiated with this flavor
    using Curve = stdlib::bn254<CircuitBuilder>;
    using PCS = KZG<Curve>;
    using GroupElement = typename Curve::Element;
    using Commitment = typename Curve::Element;
    using FF = typename Curve::ScalarField;
    using NativeFlavor = UltraFlavor;
    using NativeVerificationKey = NativeFlavor::VerificationKey;
    using Transcript = StdlibTranscript<CircuitBuilder>;
 
    static constexpr size_t VIRTUAL_LOG_N = UltraFlavor::VIRTUAL_LOG_N;
    // indicates when evaluating sumcheck, edges can be left as degree-1 monomials
    static constexpr bool USE_SHORT_MONOMIALS = UltraFlavor::USE_SHORT_MONOMIALS;
 
    // Note(luke): Eventually this may not be needed at all
    using VerifierCommitmentKey = bb::VerifierCommitmentKey<NativeFlavor::Curve>;
    // Indicates that this flavor runs with non-ZK Sumcheck.
    static constexpr bool HasZK = false;
    // To achieve fixed proof size and that the recursive verifier circuit is constant, we are using padding in Sumcheck
    // and Shplemini
    static constexpr bool USE_PADDING = UltraFlavor::USE_PADDING;
    static constexpr size_t NUM_WIRES = UltraFlavor::NUM_WIRES;
    // The number of multivariate polynomials on which a sumcheck prover sumcheck operates (including shifts). We often
    // need containers of this size to hold related data, so we choose a name more agnostic than `NUM_POLYNOMIALS`.
    // Note: this number does not include the individual sorted list polynomials.
    static constexpr size_t NUM_ALL_ENTITIES = UltraFlavor::NUM_ALL_ENTITIES;
    // The number of polynomials precomputed to describe a circuit and to aid a prover in constructing a satisfying
    // assignment of witnesses. We again choose a neutral name.
    static constexpr size_t NUM_PRECOMPUTED_ENTITIES = UltraFlavor::NUM_PRECOMPUTED_ENTITIES;
    // The total number of witness entities not including shifts.
    static constexpr size_t NUM_WITNESS_ENTITIES = UltraFlavor::NUM_WITNESS_ENTITIES;
 
    static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = UltraFlavor::REPEATED_COMMITMENTS;
 
    // define the tuple of Relations that comprise the Sumcheck relation
    using Relations = UltraFlavor::Relations_<FF>;
 
    static constexpr size_t MAX_PARTIAL_RELATION_LENGTH = compute_max_partial_relation_length<Relations>();
    // static_assert(MAX_PARTIAL_RELATION_LENGTH == 7);
 
    // BATCHED_RELATION_PARTIAL_LENGTH = algebraic degree of sumcheck relation *after* multiplying by the `pow_zeta`
    // random polynomial e.g. For \sum(x) [A(x) * B(x) + C(x)] * PowZeta(X), relation length = 2 and random relation
    // length = 3
    static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = MAX_PARTIAL_RELATION_LENGTH + 1;
    static constexpr size_t NUM_RELATIONS = std::tuple_size<Relations>::value;
 
    // A challenge whose powers are used to batch subrelation contributions during Sumcheck
    static constexpr size_t NUM_SUBRELATIONS = NativeFlavor::NUM_SUBRELATIONS;
    using SubrelationSeparator = FF;
 
    class VerificationKey : public StdlibVerificationKey_<BuilderType, UltraFlavor::PrecomputedEntities<Commitment>> {
      public:
        using NativeVerificationKey = NativeFlavor::VerificationKey;
 
        VerificationKey(CircuitBuilder* builder, const std::shared_ptr<NativeVerificationKey>& native_key)
        {
            this->log_circuit_size = FF::from_witness(builder, typename FF::native(native_key->log_circuit_size));
            this->num_public_inputs = FF::from_witness(builder, typename FF::native(native_key->num_public_inputs));
            this->pub_inputs_offset = FF::from_witness(builder, typename FF::native(native_key->pub_inputs_offset));
 
            // Generate stdlib commitments (biggroup) from the native counterparts
            for (auto [commitment, native_commitment] : zip_view(this->get_all(), native_key->get_all())) {
                commitment = Commitment::from_witness(builder, native_commitment);
            }
        };
 
        VerificationKey(std::span<FF> elements)
        {
            using Codec = stdlib::StdlibCodec<FF>;
 
            size_t num_frs_read = 0;
 
            this->log_circuit_size = Codec::template deserialize_from_frs<FF>(elements, num_frs_read);
            this->num_public_inputs = Codec::template deserialize_from_frs<FF>(elements, num_frs_read);
            this->pub_inputs_offset = Codec::template deserialize_from_frs<FF>(elements, num_frs_read);
 
            for (Commitment& commitment : this->get_all()) {
                commitment = Codec::template deserialize_from_frs<Commitment>(elements, num_frs_read);
            }
        }
 
        static VerificationKey from_witness_indices(CircuitBuilder& builder,
                                                    const std::span<const uint32_t>& witness_indices)
        {
            std::vector<FF> vk_fields;
            vk_fields.reserve(witness_indices.size());
            for (const auto& idx : witness_indices) {
                vk_fields.emplace_back(FF::from_witness_index(&builder, idx));
            }
            return VerificationKey(vk_fields);
        }
 
#ifndef NDEBUG
        NativeVerificationKey get_value() const
        {
            NativeVerificationKey native_vk;
            native_vk.log_circuit_size = static_cast<uint64_t>(this->log_circuit_size.get_value());
            native_vk.num_public_inputs = static_cast<uint64_t>(this->num_public_inputs.get_value());
            native_vk.pub_inputs_offset = static_cast<uint64_t>(this->pub_inputs_offset.get_value());
            for (auto [commitment, native_commitment] : zip_view(this->get_all(), native_vk.get_all())) {
                native_commitment = commitment.get_value();
            }
            return native_vk;
        }
#endif
    };
 
    class AllValues : public UltraFlavor::AllEntities<FF> {
      public:
        using Base = UltraFlavor::AllEntities<FF>;
        using Base::Base;
    };
 
    using CommitmentLabels = UltraFlavor::CommitmentLabels;
 
    using WitnessCommitments = UltraFlavor::WitnessEntities<Commitment>;
 
    // Reuse the VerifierCommitments from Ultra
    using VerifierCommitments = UltraFlavor::VerifierCommitments_<Commitment, VerificationKey>;
 
    using VKAndHash = VKAndHash_<FF, VerificationKey>;
};
 
} // namespace bb