Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
commitment_key.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
13#include "barretenberg/common/bb_bench.hpp"
14#include "barretenberg/common/ref_span.hpp"
15#include "barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp"
16#include "barretenberg/polynomials/polynomial.hpp"
17#include "barretenberg/srs/factories/crs_factory.hpp"
18#include "barretenberg/srs/global_crs.hpp"
19
20#include <cstddef>
21#include <cstdlib>
22#include <limits>
23#include <memory>
24#include <string_view>
25
26namespace bb {
35template <class Curve> class CommitmentKey {
36
37 using Fr = typename Curve::ScalarField;
38 using Commitment = typename Curve::AffineElement;
39
40 protected:
41 std::shared_ptr<srs::factories::Crs<Curve>> srs;
42
43 public:
44 size_t srs_size;
45
46 CommitmentKey() = default;
47
53 CommitmentKey(const size_t num_points)
54 : srs(srs::get_crs_factory<Curve>()->get_crs(num_points))
55 , srs_size(num_points)
56 {}
62 bool initialized() const { return srs != nullptr; }
63
64 std::span<Commitment> get_monomial_points() const { return srs->get_monomial_points(); }
65 size_t get_monomial_size() const { return srs->get_monomial_size(); }
66
73 Commitment commit(PolynomialSpan<const Fr> polynomial) const
74 {
75 BB_BENCH_NAME("CommitmentKey::commit");
76 std::span<const Commitment> point_table = get_monomial_points();
77 size_t consumed_srs = polynomial.start_index + polynomial.size();
78 if (consumed_srs > get_monomial_size()) {
79 throw_or_abort(format("Attempting to commit to a polynomial that needs ",
80 consumed_srs,
81 " points with an SRS of size ",
82 get_monomial_size()));
83 }
84 return scalar_multiplication::pippenger_unsafe<Curve>(polynomial, point_table);
85 };
94 std::vector<Commitment> batch_commit(RefSpan<Polynomial<Fr>> polynomials,
95 size_t max_batch_size = std::numeric_limits<size_t>::max()) const
96 {
97 BB_BENCH_NAME("CommitmentKey::batch_commit");
98
99 // We can only commit max_batch_size at a time
100 // This is to prevent excessive memory usage in the pippenger algorithm
101 // First batch, create the commitments vector
102 std::vector<Commitment> commitments;
103
104 for (size_t i = 0; i < polynomials.size();) {
105 // Note: have to be careful how we compute this to not overlow e.g. max_batch_size + 1 would
106 size_t batch_size = std::min(max_batch_size, polynomials.size() - i);
107 size_t batch_end = i + batch_size;
108
109 // Prepare spans for batch MSM
110 std::vector<std::span<const Commitment>> points_spans;
111 std::vector<std::span<Fr>> scalar_spans;
112
113 for (auto& polynomial : polynomials.subspan(i, batch_end - i)) {
114 std::span<const Commitment> point_table = get_monomial_points().subspan(polynomial.start_index());
115 size_t consumed_srs = polynomial.start_index() + polynomial.size();
116 if (consumed_srs > get_monomial_size()) {
117 throw_or_abort(format("Attempting to commit to a polynomial that needs ",
118 consumed_srs,
119 " points with an SRS of size ",
120 get_monomial_size()));
121 }
122 scalar_spans.emplace_back(polynomial.coeffs());
123 points_spans.emplace_back(point_table);
124 }
125
126 // Perform batch MSM
127 auto results = scalar_multiplication::MSM<Curve>::batch_multi_scalar_mul(points_spans, scalar_spans, false);
128 for (const auto& result : results) {
129 commitments.emplace_back(result);
130 }
131 i += batch_size;
132 }
133 return commitments;
134 };
135
136 // helper builder struct for constructing a batch to commit at once
137 struct CommitBatch {
138 CommitmentKey* key;
139 RefVector<Polynomial<Fr>> wires;
140 std::vector<std::string> labels;
141 std::vector<Commitment> commit_and_send_to_verifier(auto transcript,
142 size_t max_batch_size = std::numeric_limits<size_t>::max())
143 {
144 std::vector<Commitment> commitments = key->batch_commit(wires, max_batch_size);
145 for (size_t i = 0; i < commitments.size(); ++i) {
146 transcript->send_to_verifier(labels[i], commitments[i]);
147 }
148
149 return commitments;
150 }
151
152 void add_to_batch(Polynomial<Fr>& poly, const std::string& label, bool mask)
153 {
154 if (mask) {
155 poly.mask();
156 }
157 wires.push_back(poly);
158 labels.push_back(label);
159 }
160 };
161
162 CommitBatch start_batch() { return CommitBatch{ this, {}, {} }; }
163};
164
165} // namespace bb
bb_bench.hpp
BB_BENCH_NAME
#define BB_BENCH_NAME(name)
Definition bb_bench.hpp:219
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35
bb::CommitmentKey::CommitmentKey
CommitmentKey()=default
bb::CommitmentKey::batch_commit
std::vector< Commitment > batch_commit(RefSpan< Polynomial< Fr > > polynomials, size_t max_batch_size=std::numeric_limits< size_t >::max()) const
Batch commitment to multiple polynomials.
Definition commitment_key.hpp:94
bb::CommitmentKey::get_monomial_size
size_t get_monomial_size() const
Definition commitment_key.hpp:65
bb::CommitmentKey::Fr
typename Curve::ScalarField Fr
Definition commitment_key.hpp:37
bb::CommitmentKey::get_monomial_points
std::span< Commitment > get_monomial_points() const
Definition commitment_key.hpp:64
bb::CommitmentKey::Commitment
typename Curve::AffineElement Commitment
Definition commitment_key.hpp:38
bb::CommitmentKey::CommitmentKey
CommitmentKey(const size_t num_points)
Construct a new Kate Commitment Key object from existing SRS.
Definition commitment_key.hpp:53
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:73
bb::CommitmentKey::initialized
bool initialized() const
Checks the commitment key is properly initialized.
Definition commitment_key.hpp:62
bb::CommitmentKey::srs
std::shared_ptr< srs::factories::Crs< Curve > > srs
Definition commitment_key.hpp:41
bb::CommitmentKey::start_batch
CommitBatch start_batch()
Definition commitment_key.hpp:162
bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75
bb::Polynomial::mask
void mask()
Add random values to the coefficients of a polynomial. In practice, this is used for ensuring the com...
Definition polynomial.hpp:268
bb::RefVector
A template class for a reference vector. Behaves as if std::vector<T&> was possible.
Definition ref_vector.hpp:24
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63
bb::scalar_multiplication::MSM::batch_multi_scalar_mul
static std::vector< AffineElement > batch_multi_scalar_mul(std::span< std::span< const AffineElement > > points, std::span< std::span< ScalarField > > scalars, bool handle_edge_cases=true) noexcept
Compute multiple multi-scalar multiplications.
Definition scalar_multiplication.cpp:761
format
std::string format(Args... args)
Definition log.hpp:23
crs_factory.hpp
global_crs.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
ref_span.hpp
scalar_multiplication.hpp
bb::CommitmentKey::CommitBatch::labels
std::vector< std::string > labels
Definition commitment_key.hpp:140
bb::CommitmentKey::CommitBatch::commit_and_send_to_verifier
std::vector< Commitment > commit_and_send_to_verifier(auto transcript, size_t max_batch_size=std::numeric_limits< size_t >::max())
Definition commitment_key.hpp:141
bb::CommitmentKey::CommitBatch::add_to_batch
void add_to_batch(Polynomial< Fr > &poly, const std::string &label, bool mask)
Definition commitment_key.hpp:152
bb::CommitmentKey::CommitBatch::wires
RefVector< Polynomial< Fr > > wires
Definition commitment_key.hpp:139
bb::PolynomialSpan::size
size_t size() const
Definition polynomial.hpp:36
throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6