Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
hypernova_verifier.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6#pragma once
7
8#include "barretenberg/flavor/flavor.hpp"
9#include "barretenberg/multilinear_batching/multilinear_batching_claims.hpp"
10#include "barretenberg/multilinear_batching/multilinear_batching_verifier.hpp"
11#include "barretenberg/stdlib/proof/proof.hpp"
12#include "barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp"
13#include "barretenberg/sumcheck/sumcheck.hpp"
14#include "barretenberg/ultra_honk/oink_verifier.hpp"
15
16namespace bb {
17
22template <typename Flavor_> class HypernovaFoldingVerifier {
23 public:
24 using Flavor = Flavor_;
25 using FF = Flavor::FF;
26 using Curve = Flavor::Curve;
27 using Commitment = Flavor::Commitment;
28 using VerifierCommitments = Flavor::VerifierCommitments;
29 using Transcript = Flavor::Transcript;
30 using Accumulator = MultilinearBatchingVerifierClaim<Curve>;
31 using OinkVerifier = bb::OinkVerifier<Flavor>;
32 using SumcheckVerifier = bb::SumcheckVerifier<Flavor>;
33 using MegaSumcheckOutput = SumcheckOutput<Flavor>;
34 using BatchingFlavor =
35 std::conditional_t<IsRecursiveFlavor<Flavor>, MultilinearBatchingRecursiveFlavor, MultilinearBatchingFlavor>;
36 using MultilinearBatchingVerifier = bb::MultilinearBatchingVerifier<BatchingFlavor>;
37 using VerifierInstance = VerifierInstance_<Flavor>;
38
39 using Proof = std::conditional_t<IsRecursiveFlavor<Flavor>, stdlib::Proof<MegaCircuitBuilder>, HonkProof>;
40
41 static constexpr size_t NUM_UNSHIFTED_ENTITIES = MegaFlavor::NUM_UNSHIFTED_ENTITIES;
42 static constexpr size_t NUM_SHIFTED_ENTITIES = MegaFlavor::NUM_SHIFTED_ENTITIES;
43
44 HypernovaFoldingVerifier(std::shared_ptr<Transcript> transcript)
45 : transcript(std::move(transcript)) {};
46
53 std::pair<bool, Accumulator> instance_to_accumulator(const std::shared_ptr<VerifierInstance>& instance,
54 const Proof& proof);
55
66 std::tuple<bool, bool, Accumulator> verify_folding_proof(
67 const std::shared_ptr<typename HypernovaFoldingVerifier::VerifierInstance>& instance, const Proof& proof);
68
69 private:
70 std::shared_ptr<Transcript> transcript;
71
78 SumcheckOutput<Flavor> sumcheck_on_incoming_instance(const std::shared_ptr<VerifierInstance>& instance,
79 const Proof& proof);
80
84 Accumulator sumcheck_output_to_accumulator(MegaSumcheckOutput& sumcheck_output,
85 const std::shared_ptr<VerifierInstance>& instance);
86
90 template <size_t N> Commitment batch_mul(const RefArray<Commitment, N>& _points, const std::vector<FF>& scalars);
91};
92} // namespace bb
instance
std::shared_ptr< Napi::ThreadSafeFunction > instance
Definition avm_simulate_napi.cpp:128
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::ECCVMFlavor::VerifierCommitments_
Definition eccvm_flavor.hpp:911
bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:42
bb::ECCVMFlavor::VerifierCommitments
VerifierCommitments_< Commitment, VerificationKey > VerifierCommitments
Definition eccvm_flavor.hpp:922
bb::ECCVMFlavor::Commitment
typename G1::affine_element Commitment
Definition eccvm_flavor.hpp:46
bb::ECCVMFlavor::Curve
curve::Grumpkin Curve
Definition eccvm_flavor.hpp:40
bb::ECCVMFlavor::Transcript
BaseTranscript< Codec, HashFunction > Transcript
Definition eccvm_flavor.hpp:52
bb::HypernovaFoldingVerifier
HyperNova folding verifier (native + recursive). Verifies folding proofs and maintains accumulators.
Definition hypernova_verifier.hpp:22
bb::HypernovaFoldingVerifier::NUM_SHIFTED_ENTITIES
static constexpr size_t NUM_SHIFTED_ENTITIES
Definition hypernova_verifier.hpp:42
bb::HypernovaFoldingVerifier::verify_folding_proof
std::tuple< bool, bool, Accumulator > verify_folding_proof(const std::shared_ptr< typename HypernovaFoldingVerifier::VerifierInstance > &instance, const Proof &proof)
Verify folding proof. Return the new accumulator and the results of the two sumchecks.
Definition hypernova_verifier.cpp:108
bb::HypernovaFoldingVerifier::sumcheck_on_incoming_instance
SumcheckOutput< Flavor > sumcheck_on_incoming_instance(const std::shared_ptr< VerifierInstance > &instance, const Proof &proof)
Perform sumcheck on the incoming instance.
Definition hypernova_verifier.cpp:60
bb::HypernovaFoldingVerifier::Proof
std::conditional_t< IsRecursiveFlavor< Flavor >, stdlib::Proof< MegaCircuitBuilder >, HonkProof > Proof
Definition hypernova_verifier.hpp:39
bb::HypernovaFoldingVerifier::BatchingFlavor
std::conditional_t< IsRecursiveFlavor< Flavor >, MultilinearBatchingRecursiveFlavor, MultilinearBatchingFlavor > BatchingFlavor
Definition hypernova_verifier.hpp:35
bb::HypernovaFoldingVerifier::instance_to_accumulator
std::pair< bool, Accumulator > instance_to_accumulator(const std::shared_ptr< VerifierInstance > &instance, const Proof &proof)
Turn an instance into an accumulator by executing sumcheck.
Definition hypernova_verifier.cpp:87
bb::HypernovaFoldingVerifier::NUM_UNSHIFTED_ENTITIES
static constexpr size_t NUM_UNSHIFTED_ENTITIES
Definition hypernova_verifier.hpp:41
bb::HypernovaFoldingVerifier::batch_mul
Commitment batch_mul(const RefArray< Commitment, N > &_points, const std::vector< FF > &scalars)
Utility to perform batch mul of commitments.
Definition hypernova_verifier.cpp:14
bb::HypernovaFoldingVerifier::sumcheck_output_to_accumulator
Accumulator sumcheck_output_to_accumulator(MegaSumcheckOutput &sumcheck_output, const std::shared_ptr< VerifierInstance > &instance)
Convert the output of the sumcheck run on the incoming instance into an accumulator.
Definition hypernova_verifier.cpp:25
bb::HypernovaFoldingVerifier::transcript
std::shared_ptr< Transcript > transcript
Definition hypernova_verifier.hpp:70
bb::HypernovaFoldingVerifier::HypernovaFoldingVerifier
HypernovaFoldingVerifier(std::shared_ptr< Transcript > transcript)
Definition hypernova_verifier.hpp:44
bb::MegaFlavor::NUM_SHIFTED_ENTITIES
static constexpr size_t NUM_SHIFTED_ENTITIES
Definition mega_flavor.hpp:70
bb::MegaFlavor::NUM_UNSHIFTED_ENTITIES
static constexpr size_t NUM_UNSHIFTED_ENTITIES
Definition mega_flavor.hpp:72
bb::MultilinearBatchingVerifier
Multilinear batching verifier. Verifies claim reduction via sumcheck.
Definition multilinear_batching_verifier.hpp:25
bb::OinkVerifier
Verifier class for all the presumcheck rounds, which are shared between the folding verifier and ultr...
Definition oink_verifier.hpp:25
bb::RefArray
A template class for a reference array. Behaves as if std::array<T&, N> was possible.
Definition ref_array.hpp:22
bb::SumcheckVerifier
Implementation of the sumcheck Verifier for statements of the form for multilinear polynomials .
Definition sumcheck.hpp:719
bb::VerifierInstance_
The VerifierInstance encapsulates all the necessary information for a Honk Verifier to verify a proof...
Definition verifier_instance.hpp:20
bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19
flavor.hpp
Base class templates for structures that contain data parameterized by the fundamental polynomials of...
mega_circuit_builder.hpp
multilinear_batching_claims.hpp
multilinear_batching_verifier.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15
std
STL namespace.
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
oink_verifier.hpp
bb::MultilinearBatchingVerifierClaim
Verifier's claim for multilinear batching - contains commitments and evaluation claims.
Definition multilinear_batching_claims.hpp:18
bb::SumcheckOutput
Contains the evaluations of multilinear polynomials at the challenge point . These are computed by S...
Definition sumcheck_output.hpp:22