Barretenberg: src/barretenberg/dsl/acir_format/chonk_recursion_constraints.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: Planned, auditors: [], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================

#include "barretenberg/chonk/chonk_verifier.hpp"

#include "barretenberg/dsl/acir_format/mock_verifier_inputs.hpp"

#include "barretenberg/dsl/acir_format/recursion_constraint.hpp"

#include "barretenberg/dsl/acir_format/utils.hpp"

#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"


namespace acir_format {


using namespace bb;


void create_dummy_vkey_and_proof(UltraCircuitBuilder& builder,

                                 size_t proof_size,

                                 size_t public_inputs_size,

                                 const std::vector<stdlib::field_t<UltraCircuitBuilder>>& key_fields,

                                 const std::vector<stdlib::field_t<UltraCircuitBuilder>>& proof_fields)

{

    using Builder = UltraCircuitBuilder;

    using IO = stdlib::recursion::honk::HidingKernelIO<Builder>;


    BB_ASSERT_EQ(proof_size, ChonkProof::PROOF_LENGTH_WITHOUT_PUB_INPUTS);


    size_t num_inner_public_inputs = public_inputs_size - IO::PUBLIC_INPUTS_SIZE;


    // Generate mock honk vk

    // Note: log_circuit_size = VIRTUAL_LOG_N

    auto honk_vk = create_mock_honk_vk<MegaZKFlavor, IO>(1 << MegaZKFlavor::VIRTUAL_LOG_N, num_inner_public_inputs);


    // Set honk vk in builder

    populate_fields(builder, key_fields, honk_vk->to_field_elements());


    // Generate dummy Chonk proof

    bb::HonkProof chonk_proof = create_mock_chonk_proof<Builder>(num_inner_public_inputs);


    // Set Chonk proof in builder

    populate_fields(builder, proof_fields, chonk_proof);


    BB_ASSERT_EQ(chonk_proof.size(), proof_size + public_inputs_size);

}


[[nodiscard(

    "IPA claim and Pairing points should be accumulated")]] HonkRecursionConstraintOutput<bb::UltraCircuitBuilder>


create_chonk_recursion_constraints(bb::UltraCircuitBuilder& builder, const RecursionConstraint& input)

{

    using Builder = bb::UltraCircuitBuilder;

    using field_ct = stdlib::field_t<Builder>;

    using RecursiveVKAndHash = ChonkRecursiveVerifier::VKAndHash;

    using VerificationKey = ChonkRecursiveVerifier::VK;

    using IO = stdlib::recursion::honk::HidingKernelIO<Builder>;


    BB_ASSERT_EQ(input.proof_type, PROOF_TYPE::CHONK);


    // Reconstruct proof indices from proof and public inputs

    std::vector<uint32_t> proof_indices = add_public_inputs_to_proof(input.proof, input.public_inputs);


    // Construct field elements from witness indices

    std::vector<field_ct> key_fields = fields_from_witnesses(builder, input.key);

    std::vector<field_ct> proof_fields = fields_from_witnesses(builder, proof_indices);

    field_ct vk_hash = field_ct::from_witness_index(&builder, input.key_hash);


    if (builder.is_write_vk_mode()) {

        BB_ASSERT_GTE(input.proof.size(),

                      IO::PUBLIC_INPUTS_SIZE,

                      "create_chonk_recursion_constraints: fewer proof elements than public inputs.");

        BB_ASSERT_LTE(input.public_inputs.size(),

                      SIZE_MAX - IO::PUBLIC_INPUTS_SIZE,

                      "create_chonk_recursion_constraints: too many public inputs.");

        size_t total_pub_inputs_size = input.public_inputs.size() + IO::PUBLIC_INPUTS_SIZE;

        size_t proof_size_without_pub_inputs = input.proof.size() - IO::PUBLIC_INPUTS_SIZE;


        create_dummy_vkey_and_proof(

            builder, proof_size_without_pub_inputs, total_pub_inputs_size, key_fields, proof_fields);

    }


    // Recursively verify Chonk proof

    auto mega_vk = std::make_shared<VerificationKey>(key_fields);

    auto mega_vk_and_hash = std::make_shared<RecursiveVKAndHash>(mega_vk, vk_hash);

    ChonkStdlibProof stdlib_proof = ChonkStdlibProof::from_field_elements(proof_fields);


    ChonkRecursiveVerifier verifier(mega_vk_and_hash);

    ChonkRecursiveVerifier::Output verification_output = verifier.verify(stdlib_proof);


    // Construct output

    // Note: ChonkVerifier aggregates all pairing points (PI + PCS + Merge + Translator)

    HonkRecursionConstraintOutput<Builder> output;

    output.points_accumulator = verification_output.pairing_points;

    output.ipa_claim = verification_output.ipa_claim;

    output.ipa_proof = verification_output.ipa_proof;


    return output;

}


} // namespace acir_format

BB_ASSERT_GTE
#define BB_ASSERT_GTE(left, right,...)
Definition assert.hpp:128

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:83

BB_ASSERT_LTE
#define BB_ASSERT_LTE(left, right,...)
Definition assert.hpp:158

bigfield.hpp

chonk_verifier.hpp

bb::ChonkVerifier
Verifier for Chonk IVC proofs (both native and recursive).
Definition chonk_verifier.hpp:43

bb::ChonkVerifier::Output
std::conditional_t< IsRecursive, ReductionResult, bool > Output
Definition chonk_verifier.hpp:72

bb::ChonkVerifier::VK
typename HidingKernelVerifier::VerificationKey VK
Definition chonk_verifier.hpp:74

bb::ChonkVerifier::verify
Output verify(const Proof &proof)
Verify a Chonk proof.

bb::ChonkVerifier::VKAndHash
typename HidingKernelVerifier::VKAndHash VKAndHash
Definition chonk_verifier.hpp:73

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::MegaZKFlavor::VIRTUAL_LOG_N
static constexpr size_t VIRTUAL_LOG_N
Definition mega_zk_flavor.hpp:21

bb::NativeVerificationKey_
Base Native verification key class.
Definition flavor.hpp:172

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41

bb::stdlib::field_t
Definition field.hpp:46

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:63

bb::stdlib::recursion::honk::HidingKernelIO
Manages the data that is propagated on the public inputs of a hiding kernel circuit.
Definition special_public_inputs.hpp:272

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

utils.hpp

mock_verifier_inputs.hpp

acir_format
Definition acir_format.cpp:30

acir_format::CHONK
@ CHONK
Definition recursion_constraint.hpp:33

acir_format::populate_fields
void populate_fields(Builder &builder, const std::vector< field_t< Builder > > &fields, const std::vector< bb::fr > &values)
========== WRITE_VK UTILITIES ========== ///
Definition utils.cpp:78

acir_format::fields_from_witnesses
std::vector< field_t< Builder > > fields_from_witnesses(Builder &builder, std::span< const uint32_t > witness_indices)
========== ACIR TO BARRETENBERG ========== ///
Definition utils.cpp:16

acir_format::create_dummy_vkey_and_proof
void create_dummy_vkey_and_proof(UltraCircuitBuilder &builder, size_t proof_size, size_t public_inputs_size, const std::vector< stdlib::field_t< UltraCircuitBuilder > > &key_fields, const std::vector< stdlib::field_t< UltraCircuitBuilder > > &proof_fields)
Creates a dummy vkey and proof object.
Definition chonk_recursion_constraints.cpp:28

acir_format::add_public_inputs_to_proof
std::vector< uint32_t > add_public_inputs_to_proof(const std::vector< uint32_t > &proof_in, const std::vector< uint32_t > &public_inputs)
Reconstruct a barretenberg style proof from an ACIR style proof + public inputs.
Definition utils.cpp:40

acir_format::create_chonk_recursion_constraints
HonkRecursionConstraintOutput< bb::UltraCircuitBuilder > create_chonk_recursion_constraints(bb::UltraCircuitBuilder &builder, const RecursionConstraint &input)
Add constraints associated with recursive verification of a Chonk proof.
Definition chonk_recursion_constraints.cpp:68

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15

bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:18

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

recursion_constraint.hpp

acir_format::RecursionConstraint
RecursionConstraint struct contains information required to recursively verify a proof.
Definition recursion_constraint.hpp:119

acir_format::RecursionConstraint::key
std::vector< uint32_t > key
Definition recursion_constraint.hpp:120

acir_format::RecursionConstraint::proof_type
uint32_t proof_type
Definition recursion_constraint.hpp:124

acir_format::RecursionConstraint::key_hash
uint32_t key_hash
Definition recursion_constraint.hpp:123

acir_format::RecursionConstraint::public_inputs
std::vector< uint32_t > public_inputs
Definition recursion_constraint.hpp:122

acir_format::RecursionConstraint::proof
std::vector< uint32_t > proof
Definition recursion_constraint.hpp:121

bb::ChonkProof_
Chonk proof type.
Definition chonk_proof.hpp:25

bb::ChonkProof_< false >::PROOF_LENGTH_WITHOUT_PUB_INPUTS
static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS
The size of a Chonk proof without backend-added public inputs.
Definition chonk_proof.hpp:37

bb::ChonkProof_::from_field_elements
static ChonkProof_ from_field_elements(const std::vector< FF > &fields)
Common logic to reconstruct proof from field elements.
Definition chonk_proof.cpp:32

bb::stdlib::recursion::honk::UltraRecursiveVerifierOutput
Output type for recursive ultra verification.
Definition ultra_verifier.hpp:28

bb::stdlib::recursion::honk::UltraRecursiveVerifierOutput::ipa_claim
OpeningClaim< grumpkin< Builder > > ipa_claim
Definition ultra_verifier.hpp:34

bb::stdlib::recursion::honk::UltraRecursiveVerifierOutput::points_accumulator
PairingPoints< Curve > points_accumulator
Definition ultra_verifier.hpp:33

bb::stdlib::recursion::honk::UltraRecursiveVerifierOutput::ipa_proof
stdlib::Proof< Builder > ipa_proof
Definition ultra_verifier.hpp:35