Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
goblin.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "barretenberg/eccvm/eccvm_flavor.hpp"
10#include "barretenberg/eccvm/eccvm_prover.hpp"
11#include "barretenberg/flavor/mega_flavor.hpp"
12#include "barretenberg/goblin/merge_prover.hpp"
13#include "barretenberg/goblin/merge_verifier.hpp"
14#include "barretenberg/goblin/types.hpp"
15#include "barretenberg/stdlib/proof/proof.hpp"
16#include "barretenberg/translator_vm/translator_circuit_builder.hpp"
17#include "barretenberg/translator_vm/translator_flavor.hpp"
18#include "barretenberg/ultra_honk/prover_instance.hpp"
19
20namespace bb {
21
22class Goblin {
23 using Commitment = MegaFlavor::Commitment;
24 using FF = MegaFlavor::FF;
25
26 protected:
27 // In AVM we only use Goblin for a single circuit whose proof is not required to be zero-knowledge. While Translator
28 // will still expect to find random ops at the beginning to ensure the accumulation result remains at a fixed row we
29 // opt for not adding random ops at the end of the op queue.
30 bool avm_mode = false;
31
32 public:
33 using MegaBuilder = MegaCircuitBuilder;
34 using Fr = bb::fr;
35 using Transcript = NativeTranscript;
36 using OpQueue = ECCOpQueue;
37 using ECCVMBuilder = ECCVMFlavor::CircuitBuilder;
38 using ECCVMProvingKey = ECCVMFlavor::ProvingKey;
39 using TranslatorBuilder = TranslatorCircuitBuilder;
40 using MergeProof = MergeProver::MergeProof;
41 using ECCVMVerificationKey = ECCVMFlavor::VerificationKey;
42 using TranslatorVerificationKey = TranslatorFlavor::VerificationKey;
43 using MergeRecursiveVerifier = stdlib::recursion::goblin::MergeRecursiveVerifier<MegaBuilder>;
44 using PairingPoints = MergeRecursiveVerifier::PairingPoints;
45 using TableCommitments = MergeVerifier::TableCommitments;
46 using RecursiveTableCommitments = MergeRecursiveVerifier::TableCommitments;
47 using MergeCommitments = MergeVerifier::InputCommitments;
48 using RecursiveMergeCommitments = MergeRecursiveVerifier::InputCommitments;
49 using RecursiveCommitment = MergeRecursiveVerifier::Commitment;
50 using RecursiveTranscript = MegaStdlibTranscript;
51 using TranslatorInputData = TranslatorInputData_<fq>;
52 using IPA_PCS = IPA<ECCVMFlavor::Curve, CONST_ECCVM_LOG_N>;
53
54 std::shared_ptr<OpQueue> op_queue = std::make_shared<OpQueue>();
55 CommitmentKey<curve::BN254> commitment_key;
56
57 GoblinProof goblin_proof;
58
59 fq translation_batching_challenge_v; // challenge for batching the translation polynomials
60 fq evaluation_challenge_x; // challenge for evaluating the translation polynomials
61 std::shared_ptr<Transcript> transcript; // shared between ECCVM and Translator
62
63 std::deque<MergeProof> merge_verification_queue; // queue of merge proofs to be verified
64
70
71 Goblin(CommitmentKey<curve::BN254> bn254_commitment_key = CommitmentKey<curve::BN254>(),
72 const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>());
73
80 void prove_merge(const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>(),
81 const MergeSettings merge_settings = MergeSettings::PREPEND);
82
88 void prove_eccvm();
89
94 void prove_translator();
95
101 GoblinProof prove();
102
113 std::pair<PairingPoints, RecursiveTableCommitments> recursively_verify_merge(
114 MegaBuilder& builder,
115 const RecursiveMergeCommitments& merge_commitments,
116 const std::shared_ptr<RecursiveTranscript>& transcript,
117 const MergeSettings merge_settings = MergeSettings::PREPEND);
118};
119
120} // namespace bb
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35
bb::ECCOpQueue
Manages ECC operations for the Goblin proving system.
Definition ecc_op_queue.hpp:38
bb::ECCVMFlavor::ProvingKey
The proving key is responsible for storing the polynomials used by the prover.
Definition eccvm_flavor.hpp:776
bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:38
bb::ECCVMFlavor::VerificationKey
FixedVKAndHash_< PrecomputedEntities< Commitment >, BF, ECCVMHardcodedVKAndHash > VerificationKey
The verification key stores commitments to the precomputed polynomials used by the verifier.
Definition eccvm_flavor.hpp:798
bb::FixedVKAndHash_
Simple verification key class for fixed-size circuits (ECCVM, Translator).
Definition flavor.hpp:136
bb::Goblin::evaluation_challenge_x
fq evaluation_challenge_x
Definition goblin.hpp:60
bb::Goblin::goblin_proof
GoblinProof goblin_proof
Definition goblin.hpp:57
bb::Goblin::recursively_verify_merge
std::pair< PairingPoints, RecursiveTableCommitments > recursively_verify_merge(MegaBuilder &builder, const RecursiveMergeCommitments &merge_commitments, const std::shared_ptr< RecursiveTranscript > &transcript, const MergeSettings merge_settings=MergeSettings::PREPEND)
Recursively verify the next merge proof in the merge verification queue.
Definition goblin.cpp:91
bb::Goblin::RecursiveCommitment
MergeRecursiveVerifier::Commitment RecursiveCommitment
Definition goblin.hpp:49
bb::Goblin::prove_eccvm
void prove_eccvm()
Construct an ECCVM proof and IPA opening proof.
Definition goblin.cpp:36
bb::Goblin::translation_batching_challenge_v
fq translation_batching_challenge_v
Definition goblin.hpp:59
bb::Goblin::TableCommitments
MergeVerifier::TableCommitments TableCommitments
Definition goblin.hpp:45
bb::Goblin::prove
GoblinProof prove()
Constuct a full Goblin proof (ECCVM, Translator, merge)
Definition goblin.cpp:62
bb::Goblin::PairingPoints
MergeRecursiveVerifier::PairingPoints PairingPoints
Definition goblin.hpp:44
bb::Goblin::prove_merge
void prove_merge(const std::shared_ptr< Transcript > &transcript=std::make_shared< Transcript >(), const MergeSettings merge_settings=MergeSettings::PREPEND)
Construct a merge proof for the goblin ECC ops in the provided circuit; append the proof to the merge...
Definition goblin.cpp:29
bb::Goblin::op_queue
std::shared_ptr< OpQueue > op_queue
Definition goblin.hpp:54
bb::Goblin::prove_translator
void prove_translator()
Construct a translator proof.
Definition goblin.cpp:53
bb::Goblin::Commitment
MegaFlavor::Commitment Commitment
Definition goblin.hpp:23
bb::Goblin::MergeProof
MergeProver::MergeProof MergeProof
Definition goblin.hpp:40
bb::Goblin::commitment_key
CommitmentKey< curve::BN254 > commitment_key
Definition goblin.hpp:55
bb::Goblin::avm_mode
bool avm_mode
Definition goblin.hpp:30
bb::Goblin::merge_verification_queue
std::deque< MergeProof > merge_verification_queue
Definition goblin.hpp:63
bb::Goblin::transcript
std::shared_ptr< Transcript > transcript
Definition goblin.hpp:61
bb::Goblin::RecursiveTableCommitments
MergeRecursiveVerifier::TableCommitments RecursiveTableCommitments
Definition goblin.hpp:46
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:92
bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19
bb::MegaFlavor::FF
Curve::ScalarField FF
Definition mega_flavor.hpp:38
bb::MegaFlavor::Commitment
Curve::AffineElement Commitment
Definition mega_flavor.hpp:40
bb::MergeProver::MergeProof
std::vector< FF > MergeProof
Definition merge_prover.hpp:34
bb::MergeVerifier_
Unified verifier class for the Goblin ECC op queue transcript merge protocol.
Definition merge_verifier.hpp:23
bb::MergeVerifier_::Commitment
typename Curve::AffineElement Commitment
Definition merge_verifier.hpp:26
bb::MergeVerifier_::PairingPoints
std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > > PairingPoints
Definition merge_verifier.hpp:30
bb::MergeVerifier_::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition merge_verifier.hpp:42
bb::TranslatorCircuitBuilder
TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQ...
Definition translator_circuit_builder.hpp:69
bb::TranslatorFlavor::VerificationKey
FixedVKAndHash_< PrecomputedEntities< Commitment >, FF, TranslatorHardcodedVKAndHash > VerificationKey
The verification key stores commitments to the precomputed polynomials used by the verifier.
Definition translator_flavor.hpp:847
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
eccvm_flavor.hpp
eccvm_prover.hpp
mega_flavor.hpp
merge_prover.hpp
merge_verifier.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174
bb::MergeSettings
MergeSettings
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at t...
Definition ecc_ops_table.hpp:21
bb::NativeTranscript
BaseTranscript< FrCodec, bb::crypto::Poseidon2< bb::crypto::Poseidon2Bn254ScalarFieldParams > > NativeTranscript
Definition transcript.hpp:495
bb::MegaCircuitBuilder
MegaCircuitBuilder_< field< Bn254FrParams > > MegaCircuitBuilder
Definition circuit_builders_fwd.hpp:20
bb::MegaStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< MegaCircuitBuilder > >, stdlib::poseidon2< MegaCircuitBuilder > > MegaStdlibTranscript
Definition transcript.hpp:503
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
prover_instance.hpp
bb::Goblin::VerificationKey::translator_verification_key
std::shared_ptr< TranslatorVerificationKey > translator_verification_key
Definition goblin.hpp:67
bb::Goblin::VerificationKey::eccvm_verification_key
std::shared_ptr< ECCVMVerificationKey > eccvm_verification_key
Definition goblin.hpp:66
bb::MergeVerifier_::InputCommitments
Definition merge_verifier.hpp:50
bb::TranslatorInputData_
Data passed from ECCVM Verifier to Translator Verifier for verification.
Definition translation_evaluations.hpp:35
translator_circuit_builder.hpp
translator_flavor.hpp