Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
oink_verifier.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#include "barretenberg/ultra_honk/oink_verifier.hpp"
8#include "barretenberg/common/throw_or_abort.hpp"
9#include "barretenberg/ext/starknet/flavor/ultra_starknet_flavor.hpp"
10#include "barretenberg/ext/starknet/flavor/ultra_starknet_zk_flavor.hpp"
11#include "barretenberg/flavor/mega_avm_recursive_flavor.hpp"
12#include "barretenberg/flavor/mega_zk_recursive_flavor.hpp"
13#include "barretenberg/flavor/ultra_keccak_zk_flavor.hpp"
14#include "barretenberg/flavor/ultra_rollup_recursive_flavor.hpp"
15#include "barretenberg/flavor/ultra_zk_recursive_flavor.hpp"
16#include "barretenberg/honk/library/grand_product_delta.hpp"
17#include "barretenberg/numeric/bitop/get_msb.hpp"
18
19namespace bb {
20
29template <typename Flavor> void OinkVerifier<Flavor>::verify()
30{
31 // Execute the Verifier rounds
32 execute_preamble_round();
33 // For ZK flavors: receive Gemini masking polynomial commitment
34 if constexpr (Flavor::HasZK) {
35 verifier_instance->gemini_masking_commitment =
36 transcript->template receive_from_prover<Commitment>("Gemini:masking_poly_comm");
37 }
38 execute_wire_commitments_round();
39 execute_sorted_list_accumulator_round();
40 execute_log_derivative_inverse_round();
41 execute_grand_product_computation_round();
42
43 verifier_instance->witness_commitments = witness_comms;
44 verifier_instance->relation_parameters = relation_parameters;
45 verifier_instance->alpha = generate_alpha_round();
46}
47
52template <typename Flavor> void OinkVerifier<Flavor>::execute_preamble_round()
53{
54 auto vk = verifier_instance->get_vk();
55
56 FF vk_hash = vk->hash_with_origin_tagging(*transcript);
57 transcript->add_to_hash_buffer(domain_separator + "vk_hash", vk_hash);
58 vinfo("vk hash in Oink verifier: ", vk_hash);
59
60 // For recursive flavors, assert that the VK hash matches the expected hash provided in the VK
61 if constexpr (IsRecursiveFlavor<Flavor>) {
62 const bool is_write_vk_mode = vk_hash.get_context()->is_write_vk_mode();
63 const bool vk_hash_consistency = verifier_instance->vk_and_hash->hash.get_value() == vk_hash.get_value();
64 if (!vk_hash_consistency && !is_write_vk_mode) {
65 info("Recursive Ultra Verifier: VK Hash Mismatch");
66 }
67 verifier_instance->vk_and_hash->hash.assert_equal(vk_hash);
68 } else {
69 BB_ASSERT_EQ(verifier_instance->vk_and_hash->hash, vk_hash, "Native Ultra Verifier: VK Hash Mismatch");
70 };
71
72 size_t num_public_inputs = get_num_public_inputs();
73
74 std::vector<FF> public_inputs;
75 for (size_t i = 0; i < num_public_inputs; ++i) {
76 auto public_input_i =
77 transcript->template receive_from_prover<FF>(domain_separator + "public_input_" + std::to_string(i));
78 public_inputs.emplace_back(public_input_i);
79 }
80 verifier_instance->public_inputs = std::move(public_inputs);
81}
82
88template <typename Flavor> void OinkVerifier<Flavor>::execute_wire_commitments_round()
89{
90 // Get commitments to first three wire polynomials
91 witness_comms.w_l = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_l);
92 witness_comms.w_r = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_r);
93 witness_comms.w_o = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_o);
94
95 // If Goblin, get commitments to ECC op wire polynomials and DataBus columns
96 if constexpr (IsMegaFlavor<Flavor>) {
97 // Receive ECC op wire commitments
98 for (auto [commitment, label] : zip_view(witness_comms.get_ecc_op_wires(), comm_labels.get_ecc_op_wires())) {
99 commitment = transcript->template receive_from_prover<Commitment>(domain_separator + label);
100 }
101
102 // Receive DataBus related polynomial commitments
103 for (auto [commitment, label] :
104 zip_view(witness_comms.get_databus_entities(), comm_labels.get_databus_entities())) {
105 commitment = transcript->template receive_from_prover<Commitment>(domain_separator + label);
106 }
107 }
108}
109
114template <typename Flavor> void OinkVerifier<Flavor>::execute_sorted_list_accumulator_round()
115{
116 // Get eta challenges
117 auto [eta, eta_two, eta_three] = transcript->template get_challenges<FF>(std::array<std::string, 3>{
118 domain_separator + "eta", domain_separator + "eta_two", domain_separator + "eta_three" });
119 relation_parameters.eta = eta;
120 relation_parameters.eta_two = eta_two;
121 relation_parameters.eta_three = eta_three;
122
123 // Get commitments to lookup argument polynomials and fourth wire
124 witness_comms.lookup_read_counts =
125 transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.lookup_read_counts);
126 witness_comms.lookup_read_tags =
127 transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.lookup_read_tags);
128 witness_comms.w_4 = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_4);
129}
130
135template <typename Flavor> void OinkVerifier<Flavor>::execute_log_derivative_inverse_round()
136{
137 // Get permutation challenges
138 auto [beta, gamma] = transcript->template get_challenges<FF>(
139 std::array<std::string, 2>{ domain_separator + "beta", domain_separator + "gamma" });
140 relation_parameters.beta = beta;
141 relation_parameters.gamma = gamma;
142
143 witness_comms.lookup_inverses =
144 transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.lookup_inverses);
145
146 // If Goblin (i.e. using DataBus) receive commitments to log-deriv inverses polynomials
147 if constexpr (IsMegaFlavor<Flavor>) {
148 for (auto [commitment, label] :
149 zip_view(witness_comms.get_databus_inverses(), comm_labels.get_databus_inverses())) {
150 commitment = transcript->template receive_from_prover<Commitment>(domain_separator + label);
151 }
152 }
153}
154
159template <typename Flavor> void OinkVerifier<Flavor>::execute_grand_product_computation_round()
160{
161 auto vk = verifier_instance->get_vk();
162
163 const FF public_input_delta = compute_public_input_delta<Flavor>(
164 verifier_instance->public_inputs, relation_parameters.beta, relation_parameters.gamma, vk->pub_inputs_offset);
165
166 relation_parameters.public_input_delta = public_input_delta;
167
168 // Get commitment to permutation and lookup grand products
169 witness_comms.z_perm = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.z_perm);
170}
171
172template <typename Flavor> typename Flavor::SubrelationSeparator OinkVerifier<Flavor>::generate_alpha_round()
173{
174 // Get the single alpha challenge for sumcheck computation
175 // Powers of this challenge will be used to batch subrelations
176 return transcript->template get_challenge<FF>(domain_separator + "alpha");
177}
178
179// Native flavor instantiations
180template class OinkVerifier<UltraFlavor>;
181template class OinkVerifier<UltraZKFlavor>;
182template class OinkVerifier<UltraKeccakFlavor>;
183#ifdef STARKNET_GARAGA_FLAVORS
184template class OinkVerifier<UltraStarknetFlavor>;
185template class OinkVerifier<UltraStarknetZKFlavor>;
186#endif
187template class OinkVerifier<UltraKeccakZKFlavor>;
188template class OinkVerifier<UltraRollupFlavor>;
189template class OinkVerifier<MegaFlavor>;
190template class OinkVerifier<MegaZKFlavor>;
191
192// Recursive flavor instantiations
193template class OinkVerifier<UltraRecursiveFlavor_<UltraCircuitBuilder>>;
194template class OinkVerifier<UltraRecursiveFlavor_<MegaCircuitBuilder>>;
195template class OinkVerifier<MegaRecursiveFlavor_<UltraCircuitBuilder>>;
196template class OinkVerifier<MegaRecursiveFlavor_<MegaCircuitBuilder>>;
197template class OinkVerifier<MegaZKRecursiveFlavor_<MegaCircuitBuilder>>;
198template class OinkVerifier<MegaZKRecursiveFlavor_<UltraCircuitBuilder>>;
199template class OinkVerifier<MegaAvmRecursiveFlavor_<UltraCircuitBuilder>>;
200template class OinkVerifier<UltraRollupRecursiveFlavor_<UltraCircuitBuilder>>;
201template class OinkVerifier<UltraZKRecursiveFlavor_<UltraCircuitBuilder>>;
202template class OinkVerifier<UltraZKRecursiveFlavor_<MegaCircuitBuilder>>;
203
204} // namespace bb
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:83
bb::ECCVMFlavor::HasZK
static constexpr bool HasZK
Definition eccvm_flavor.hpp:59
bb::OinkVerifier
Verifier class for all the presumcheck rounds, which are shared between the folding verifier and ultr...
Definition oink_verifier.hpp:25
bb::OinkVerifier::execute_wire_commitments_round
void execute_wire_commitments_round()
Get the wire polynomials (part of the witness), with the exception of the fourth wire,...
Definition oink_verifier.cpp:88
bb::OinkVerifier::FF
typename Flavor::FF FF
Definition oink_verifier.hpp:28
bb::OinkVerifier::execute_preamble_round
void execute_preamble_round()
Get circuit size, public input size, and public inputs from transcript.
Definition oink_verifier.cpp:52
bb::OinkVerifier::verify
void verify()
Oink Verifier function that runs all the rounds of the verifier.
Definition oink_verifier.cpp:29
bb::OinkVerifier::generate_alpha_round
SubrelationSeparator generate_alpha_round()
Definition oink_verifier.cpp:172
bb::OinkVerifier::execute_log_derivative_inverse_round
void execute_log_derivative_inverse_round()
Get log derivative inverse polynomial and its commitment, if MegaFlavor.
Definition oink_verifier.cpp:135
bb::OinkVerifier::execute_grand_product_computation_round
void execute_grand_product_computation_round()
Compute lookup grand product delta and get permutation and lookup grand product commitments.
Definition oink_verifier.cpp:159
bb::OinkVerifier::execute_sorted_list_accumulator_round
void execute_sorted_list_accumulator_round()
Get sorted witness-table accumulator and fourth wire commitments.
Definition oink_verifier.cpp:114
zip_view
Definition zip_view.hpp:166
info
#define info(...)
Definition log.hpp:93
vinfo
#define vinfo(...)
Definition log.hpp:94
get_msb.hpp
grand_product_delta.hpp
mega_avm_recursive_flavor.hpp
mega_zk_recursive_flavor.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::vk
VerifierCommitmentKey< Curve > vk
Definition ipa.fuzzer.cpp:21
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402
oink_verifier.hpp
throw_or_abort.hpp
ultra_keccak_zk_flavor.hpp
ultra_rollup_recursive_flavor.hpp
ultra_starknet_flavor.hpp
ultra_starknet_zk_flavor.hpp
ultra_zk_recursive_flavor.hpp