Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Classes | Public Types | Public Member Functions | Static Public Member Functions | Private Attributes | List of all members
bb::avm2::TwoLayerAvmRecursiveVerifier Class Reference

Recursive verifier of AVM2 proofs that utilizes the Goblin mechanism for efficient EC operations. More...

#include <two_layer_avm_recursive_verifier.hpp>

Classes

struct  InnerProverOutput
 

Public Types

using MegaPairingPoints = bb::stdlib::recursion::PairingPoints< stdlib::bn254< MegaCircuitBuilder > >
 
using UltraFF = stdlib::field_t< UltraCircuitBuilder >
 
using MegaFF = stdlib::field_t< MegaCircuitBuilder >
 
using TwoLayerAvmRecursiveVerifierOutput = stdlib::recursion::honk::UltraRecursiveVerifierOutput< UltraCircuitBuilder >
 

Public Member Functions

 TwoLayerAvmRecursiveVerifier (UltraCircuitBuilder &builder)
 
TwoLayerAvmRecursiveVerifierOutput verify_proof (const stdlib::Proof< UltraCircuitBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs) const
 Recursively verify an AVM proof using Goblin and two layers of recursive verification.
 
TwoLayerAvmRecursiveVerifierOutput construct_outer_recursive_verification_circuit (const stdlib::Proof< UltraCircuitBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs, const InnerProverOutput &inner_output) const
 Construct the outer circuit which recursively verifies a Mega proof and a Goblin proof.
 

Static Public Member Functions

static InnerProverOutput construct_and_prove_inner_recursive_verification_circuit (const stdlib::Proof< UltraCircuitBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs)
 Construct and prove the inner Mega-arithmetized AVM recursive verifier circuit.
 
static void construct_inner_recursive_verification_circuit (MegaCircuitBuilder &inner_builder, const stdlib::Proof< UltraCircuitBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs)
 Construct the inner recursive verification circuit for the AVM2 recursive verifier.
 

Private Attributes

UltraCircuitBuilderouter_builder
 

Detailed Description

Recursive verifier of AVM2 proofs that utilizes the Goblin mechanism for efficient EC operations.

Recursive verification for AVM2 proofs proceeds in two phases: (1) recursive verification of the AVM2 proof in a Mega-arithmetized circuit C_M, and (2) recursive verification of the proof of C_M in an Ultra-arithmetized circuit C_U. This results in a protocol that overall is more efficient than direct recursive verification of the AVM2 proof in an Ultra circuit.

The proof of the Mega-arithmetized AVM2 recursive verifier circuit C_M is of the form {\pi_M, \pi_G}, where \pi_M is a MegaHonk proof and \pi_G is a GoblinAvm proof consisting of an ECCVM proof, an IPA proof, and a Translator proof. \pi_M establishes proper verification of the AVM2 proof up to the deferred EC operations, whose correctness is in turn established by \pi_G. Recursive verification of this component will stop short of full verification, resulting in an IPA claim that must be accumulated with other such claims before final verification later on (e.g. at the root). This is analogous to the aggregation of pairing point inputs for proving systems that use KZG, such as Ultra/MegaHonk.

The Ultra-arithmetized circuit C_U is responsible for recursive verification of {\pi_M, \pi_G}, i.e. it contains both a Mega and a GoblinAvm recursive verifier. The output of this recursive verification is a pairing check accumulator and an IPA claim accumulator. To ensure proper transfer of the AVM2 verifier inputs {\pi, pub_inputs}_{AVM2} between the Mega and Ultra circuits, we utilize a hash consistency check. The transcript of the AVM recursive verifier is used to generate a challenge h_M after the end of the verification algorithm. This challenge records the final state of the transcript, which hashed the proof and public inputs {\pi, pub_inputs}_{AVM2} used in C_M. The challenge h_M is propagated via the public inputs. Then, C_U computes the same challenge h_U independently and performs the check h_U = \pi_M.pub_inputs.h_M.

Note
The Mega circuit must be constrained to be a genuine AVM2 verifier circuit. This is done by fixing the VK(s) corresponding to proofs {\pi_M, \pi_G} to be circuit constants in C_U.

Definition at line 53 of file two_layer_avm_recursive_verifier.hpp.

Member Typedef Documentation

◆ MegaFF

using bb::avm2::TwoLayerAvmRecursiveVerifier::MegaFF = stdlib::field_t<MegaCircuitBuilder>

Definition at line 58 of file two_layer_avm_recursive_verifier.hpp.

◆ MegaPairingPoints

using bb::avm2::TwoLayerAvmRecursiveVerifier::MegaPairingPoints = bb::stdlib::recursion::PairingPoints<stdlib::bn254<MegaCircuitBuilder> >

Definition at line 55 of file two_layer_avm_recursive_verifier.hpp.

◆ TwoLayerAvmRecursiveVerifierOutput

using bb::avm2::TwoLayerAvmRecursiveVerifier::TwoLayerAvmRecursiveVerifierOutput = stdlib::recursion::honk::UltraRecursiveVerifierOutput<UltraCircuitBuilder>

Definition at line 61 of file two_layer_avm_recursive_verifier.hpp.

◆ UltraFF

using bb::avm2::TwoLayerAvmRecursiveVerifier::UltraFF = stdlib::field_t<UltraCircuitBuilder>

Definition at line 57 of file two_layer_avm_recursive_verifier.hpp.

Constructor & Destructor Documentation

◆ TwoLayerAvmRecursiveVerifier()

bb::avm2::TwoLayerAvmRecursiveVerifier::TwoLayerAvmRecursiveVerifier ( UltraCircuitBuilder builder)
inlineexplicit

Definition at line 75 of file two_layer_avm_recursive_verifier.hpp.

Member Function Documentation

◆ construct_and_prove_inner_recursive_verification_circuit()

static InnerProverOutput bb::avm2::TwoLayerAvmRecursiveVerifier::construct_and_prove_inner_recursive_verification_circuit ( const stdlib::Proof< UltraCircuitBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs 
)
inlinestatic

Construct and prove the inner Mega-arithmetized AVM recursive verifier circuit.

Parameters
stdlib_proofAVM proof
public_inputsAVM public inputs
Returns
InnerCircuitOutput proof and verification key for Mega + Goblin proof; {\pi_M, \pi_G, VK_M}

Definition at line 164 of file two_layer_avm_recursive_verifier.hpp.

◆ construct_inner_recursive_verification_circuit()

static void bb::avm2::TwoLayerAvmRecursiveVerifier::construct_inner_recursive_verification_circuit ( MegaCircuitBuilder inner_builder,
const stdlib::Proof< UltraCircuitBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs 
)
inlinestatic

Construct the inner recursive verification circuit for the AVM2 recursive verifier.

Definition at line 205 of file two_layer_avm_recursive_verifier.hpp.

◆ construct_outer_recursive_verification_circuit()

TwoLayerAvmRecursiveVerifierOutput bb::avm2::TwoLayerAvmRecursiveVerifier::construct_outer_recursive_verification_circuit ( const stdlib::Proof< UltraCircuitBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs,
const InnerProverOutput inner_output 
) const
inline

Construct the outer circuit which recursively verifies a Mega proof and a Goblin proof.

Parameters
stdlib_proofAVM proof
public_inputsAVM public inputs
inner_outputOutput of the prover of the inner circuit {\pi_M, \pi_G, VK_M}
Returns
Output

Definition at line 111 of file two_layer_avm_recursive_verifier.hpp.

◆ verify_proof()

TwoLayerAvmRecursiveVerifierOutput bb::avm2::TwoLayerAvmRecursiveVerifier::verify_proof ( const stdlib::Proof< UltraCircuitBuilder > &  stdlib_proof,
const std::vector< std::vector< UltraFF > > &  public_inputs 
) const
inline

Recursively verify an AVM proof using Goblin and two layers of recursive verification.

First, construct an inner Mega-arithmetized AVM recursive verifier circuit and a corresponding proof {\pi_M, \pi_G}. Then, construct an outer Ultra-arithmetized Mega/Goblin recursive verifier circuit.

Parameters
stdlib_proofAVM proof
public_inputsAVM public inputs
Returns
TwoLayerAvmRecursiveVerifierOutput {ipa_proof, ipa_claim, points_accumulator}

Definition at line 86 of file two_layer_avm_recursive_verifier.hpp.

Member Data Documentation

◆ outer_builder

UltraCircuitBuilder* bb::avm2::TwoLayerAvmRecursiveVerifier::outer_builder
private

Definition at line 72 of file two_layer_avm_recursive_verifier.hpp.

The documentation for this class was generated from the following file: