Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
graph_description_goblin_avm.test.cpp
Go to the documentation of this file.
1#include "barretenberg/boomerang_value_detection/graph.hpp"
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/common/test.hpp"
4
5#include "barretenberg/goblin/mock_circuits.hpp"
6#include "barretenberg/goblin_avm/goblin_avm.hpp"
7#include "barretenberg/goblin_avm/goblin_avm_verifier.hpp"
8#include "barretenberg/srs/global_crs.hpp"
9#include "barretenberg/stdlib/honk_verifier/ultra_verification_keys_comparator.hpp"
10#include "barretenberg/ultra_honk/ultra_prover.hpp"
11#include "barretenberg/ultra_honk/ultra_verifier.hpp"
12
13namespace bb::stdlib::recursion::honk {
14class BoomerangGoblinAvmRecursiveVerifierTests : public testing::Test {
15 public:
16 using InnerBuilder = MegaCircuitBuilder;
17 using ECCVMVK = GoblinAvm::ECCVMVerificationKey;
18 using TranslatorVK = GoblinAvm::TranslatorVerificationKey;
19
20 using OuterFlavor = UltraRollupFlavor;
21 using OuterBuilder = OuterFlavor::CircuitBuilder;
22 using OuterProver = UltraProver_<OuterFlavor>;
23 using OuterVerifier = UltraVerifier_<OuterFlavor, bb::RollupIO>;
24 using OuterProverInstance = ProverInstance_<OuterFlavor>;
25
26 using Commitment = UltraRollupFlavor::Commitment;
27 using RecursiveCommitment = bb::GoblinAvmRecursiveVerifier::Commitment;
28
29 using TableCommitments = std::array<Commitment, UltraCircuitBuilder::NUM_WIRES>;
30 using RecursiveTableCommitments = bb::GoblinAvmRecursiveVerifier::TableCommitments;
31
32 using Transcript = UltraStdlibTranscript;
33 using FF = TranslatorFlavor::FF;
34 using BF = TranslatorFlavor::BF;
35
36 static void SetUpTestSuite() { bb::srs::init_file_crs_factory(bb::srs::bb_crs_path()); }
37
43
49 static ProverOutput create_goblin_avm_prover_output(OuterBuilder* outer_builder)
50 {
51 auto op_queue = std::make_shared<ECCOpQueue>();
52 InnerBuilder inner_builder(op_queue);
53 GoblinAvm goblin(inner_builder);
54 MockCircuits::construct_arithmetic_circuit(inner_builder);
55
56 // Merge the ecc ops from the newly constructed circuit
57 auto goblin_proof = goblin.prove();
58
59 // Subtable values and commitments - needed for (Recursive)MergeVerifier
60 TableCommitments table_commitments;
61 auto ultra_ops_table_columns = goblin.op_queue->construct_ultra_ops_table_columns();
62 CommitmentKey<curve::BN254> pcs_commitment_key(goblin.op_queue->get_ultra_ops_table_num_rows());
63 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
64 table_commitments[idx] = pcs_commitment_key.commit(ultra_ops_table_columns[idx]);
65 }
66
67 RecursiveTableCommitments recursive_table_commitments;
68 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
69 recursive_table_commitments[idx] = RecursiveCommitment::from_witness(outer_builder, table_commitments[idx]);
70 // Removing the free witness tag, since the merge commitments in the full scheme are supposed to
71 // be fiat-shamirred earlier
72 recursive_table_commitments[idx].unset_free_witness_tag();
73 }
74
75 // Output is a goblin proof plus merge commitments
76 return { goblin_proof, table_commitments, recursive_table_commitments };
77 }
78};
79
84TEST_F(BoomerangGoblinAvmRecursiveVerifierTests, graph_description_basic)
85{
86 OuterBuilder builder;
87
88 auto [proof, table_commitments, recursive_table_commitments] = create_goblin_avm_prover_output(&builder);
89
90 auto transcript = std::make_shared<Transcript>();
91 GoblinAvmStdlibProof stdlib_proof(builder, proof);
92 GoblinAvmRecursiveVerifier verifier{ transcript, stdlib_proof, recursive_table_commitments };
93 auto output = verifier.reduce_to_pairing_check_and_ipa_opening();
94
95 stdlib::recursion::honk::RollupIO inputs;
96 inputs.pairing_inputs = output.translator_pairing_points;
97 inputs.ipa_claim = output.ipa_claim;
98 inputs.set_public();
99
100 builder.ipa_proof = output.ipa_proof.get_value();
101
102 // Construct and verify a proof for the Goblin Recursive Verifier circuit
103 {
104 auto prover_instance = std::make_shared<OuterProverInstance>(builder);
105 auto verification_key =
106 std::make_shared<typename OuterFlavor::VerificationKey>(prover_instance->get_precomputed());
107 auto vk_and_hash = std::make_shared<typename OuterFlavor::VKAndHash>(verification_key);
108 OuterProver prover(prover_instance, verification_key);
109 OuterVerifier verifier(vk_and_hash);
110 auto proof = prover.construct_proof();
111 bool verified = verifier.verify_proof(proof).result;
112
113 ASSERT_TRUE(verified);
114 }
115 // Use the already aggregated pairing points (merge + translator)
116 auto translator_pairing_points = output.translator_pairing_points;
117
118 // The pairing points are public outputs from the recursive verifier that will be verified externally via a pairing
119 // check. While they are computed within the circuit (via batch_mul for P0 and negation for P1), their output
120 // coordinates may not appear in multiple constraint gates. Calling fix_witness() adds explicit constraints on these
121 // values. Without these constraints, the StaticAnalyzer detects 20 variables (the coordinate limbs) that appear in
122 // only one gate. This ensures the pairing point coordinates are properly constrained within the circuit itself,
123 // rather than relying solely on them being public outputs.
124 translator_pairing_points.P0.fix_witness();
125 translator_pairing_points.P1.fix_witness();
126 info("Recursive Verifier: num gates = ", builder.num_gates());
127 auto graph = cdg::StaticAnalyzer(builder, false);
128 auto variables_in_one_gate = graph.get_variables_in_one_gate();
129 // The four variables that appear in one gate are the limbs of the y coordinate of the P1 point, which is the
130 // negation of the commitment sent by the prover. This negation results in a non-normalized y coordinate, which is
131 // normalized when P1 is set to a public input. As a result, the normalized limbs of P1.y appear only in one gate.
132 EXPECT_EQ(variables_in_one_gate.size(), 4);
133}
134
135} // namespace bb::stdlib::recursion::honk
circuit_checker.hpp
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:73
bb::FixedVKAndHash_
Simple verification key class for fixed-size circuits (ECCVM, Translator).
Definition flavor.hpp:136
bb::GoblinAvm
Specialization of Goblin for the AVM.
Definition goblin_avm.hpp:22
bb::GoblinAvm::prove
GoblinAvmProof prove()
Constuct a full GoblinAvm proof (ECCVM, Translator)
Definition goblin_avm.cpp:52
bb::GoblinAvm::TranslatorVerificationKey
TranslatorFlavor::VerificationKey TranslatorVerificationKey
Definition goblin_avm.hpp:25
bb::GoblinAvm::ECCVMVerificationKey
ECCVMFlavor::VerificationKey ECCVMVerificationKey
Definition goblin_avm.hpp:24
bb::GoblinAvmRecursiveVerifier::TableCommitments
std::array< Commitment, UltraCircuitBuilder::NUM_WIRES > TableCommitments
Definition goblin_avm_verifier.hpp:40
bb::Goblin::op_queue
std::shared_ptr< OpQueue > op_queue
Definition goblin.hpp:54
bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19
bb::MegaFlavor::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition mega_flavor.hpp:60
bb::MockCircuits::construct_arithmetic_circuit
static void construct_arithmetic_circuit(Builder &builder, const size_t target_log2_dyadic_size=4, bool include_public_inputs=true)
Populate a builder with a specified number of arithmetic gates; includes a PI.
Definition mock_circuits.hpp:133
bb::ProverInstance_
A ProverInstance is normally constructed from a finalized circuit and it contains all the information...
Definition prover_instance.hpp:33
bb::TranslatorFlavor::FF
Curve::ScalarField FF
Definition translator_flavor.hpp:41
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41
bb::UltraFlavor::Commitment
Curve::AffineElement Commitment
Definition ultra_flavor.hpp:42
bb::UltraFlavor::CircuitBuilder
UltraCircuitBuilder CircuitBuilder
Definition ultra_flavor.hpp:38
bb::UltraProver_
Definition ultra_prover.hpp:20
bb::UltraRollupFlavor
UltraRollupFlavor extends UltraFlavor with IPA proof support.
Definition ultra_rollup_flavor.hpp:17
bb::UltraVerifier_
Definition ultra_verifier.hpp:82
bb::stdlib::recursion::honk::BoomerangGoblinAvmRecursiveVerifierTests::create_goblin_avm_prover_output
static ProverOutput create_goblin_avm_prover_output(OuterBuilder *outer_builder)
Create a goblin proof needed by the goblin recursive verifier.
Definition graph_description_goblin_avm.test.cpp:49
bb::stdlib::recursion::honk::RollupIO
The data that is propagated on the public inputs of a rollup circuit.
Definition special_public_inputs.hpp:356
info
#define info(...)
Definition log.hpp:93
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
global_crs.hpp
mock_circuits.hpp
goblin_avm.hpp
goblin_avm_verifier.hpp
inputs
AvmProvingInputs inputs
Definition hinting_dbs.test.cpp:45
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
bb::stdlib::recursion::honk::TEST_F
TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic)
Construct and check a goblin recursive verification circuit.
Definition graph_description_goblin.test.cpp:69
bb::UltraStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< UltraCircuitBuilder > >, stdlib::poseidon2< UltraCircuitBuilder > > UltraStdlibTranscript
Definition transcript.hpp:501
bb::MegaCircuitBuilder
MegaCircuitBuilder_< field< Bn254FrParams > > MegaCircuitBuilder
Definition circuit_builders_fwd.hpp:20
cdg::StaticAnalyzer
UltraStaticAnalyzer StaticAnalyzer
Definition graph.hpp:194
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
ultra_prover.hpp
ultra_verification_keys_comparator.hpp
ultra_verifier.hpp