Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
recursive_verifier.test.cpp
Go to the documentation of this file.
1#include "barretenberg/vm2/constraining/recursion/recursive_verifier.hpp"
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/flavor/ultra_flavor.hpp"
4#include "barretenberg/flavor/ultra_rollup_flavor.hpp"
5#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
6#include "barretenberg/ultra_honk/prover_instance.hpp"
7#include "barretenberg/ultra_honk/ultra_prover.hpp"
8#include "barretenberg/ultra_honk/ultra_verifier.hpp"
9#include "barretenberg/vm2/common/aztec_constants.hpp"
10#include "barretenberg/vm2/constraining/prover.hpp"
11#include "barretenberg/vm2/constraining/recursion/recursive_flavor.hpp"
12#include "barretenberg/vm2/constraining/recursion/two_layer_avm_recursive_verifier.hpp"
13#include "barretenberg/vm2/constraining/verifier.hpp"
14#include "barretenberg/vm2/proving_helper.hpp"
15#include "barretenberg/vm2/testing/fixtures.hpp"
16
17#include <gtest/gtest.h>
18
19namespace bb::avm2::constraining {
20
21class AvmRecursiveTests : public ::testing::Test {
22 public:
23 using RecursiveFlavor = AvmRecursiveFlavor;
24 using InnerProver = AvmProvingHelper;
25 using InnerVerifier = AvmVerifier;
26 using OuterBuilder = typename RecursiveFlavor::CircuitBuilder;
27
28 static void SetUpTestSuite() { bb::srs::init_file_crs_factory(bb::srs::bb_crs_path()); }
29
30 // Helper function to create and verify native proof
35
36 // Helper function to create and verify native proof. Due to the way ASSERT_TRUE
37 // works, this routine needs to return void and therefore we feed proof_result
38 // by reference.
39 static void create_and_verify_native_proof(NativeProofResult& proof_result)
40 {
41 static auto [cached_verified, cached_proof_result] = []() {
42 auto [trace, public_inputs] = testing::get_minimal_trace_with_pi();
43
44 const auto public_inputs_cols = public_inputs.to_columns();
45
46 InnerProver prover;
47 const auto proof = prover.prove(std::move(trace));
48 const auto verification_key = InnerProver::create_verification_key(InnerProver().get_verification_key());
49 InnerVerifier verifier(verification_key);
50
51 const bool verified = verifier.verify_proof(proof, public_inputs_cols);
52
53 return std::pair<bool, NativeProofResult>{ verified, NativeProofResult{ proof, public_inputs_cols } };
54 }();
55
56 ASSERT_TRUE(cached_verified) << "native proof verification failed";
57 proof_result = cached_proof_result;
58 }
59};
60
61// Parameterized test class for testing with and without proof padding
62class AvmRecursiveTestsParameterized : public AvmRecursiveTests, public ::testing::WithParamInterface<bool> {};
63
73TEST_P(AvmRecursiveTestsParameterized, GoblinRecursion)
74{
75 if (testing::skip_slow_tests()) {
76 GTEST_SKIP() << "Skipping slow test";
77 }
78
79 const bool pad_proof = GetParam();
80
81 // Type aliases specific to GoblinRecursion test
82 using OuterBuilder = typename UltraRollupFlavor::CircuitBuilder;
83 using UltraFF = UltraRecursiveFlavor_<OuterBuilder>::FF;
84 using UltraRollupProver = UltraProver_<UltraRollupFlavor>;
85 using NativeVerifierCommitmentKey = typename AvmFlavor::VerifierCommitmentKey;
86
87 NativeProofResult proof_result;
88 std::cout << "Creating and verifying native proof..." << std::endl;
89 std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
90 ASSERT_NO_FATAL_FAILURE({ create_and_verify_native_proof(proof_result); });
91 std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now();
92 std::cout << "Time taken (native proof): " << std::chrono::duration_cast<std::chrono::seconds>(end - start).count()
93 << "s" << std::endl;
94
95 auto [proof, public_inputs_cols] = proof_result;
96
97 // Optionally pad the proof to match production behavior
98 if (pad_proof) {
99 std::cout << "Padding proof from " << proof.size() << " to " << AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED
100 << " fields" << std::endl;
101 ASSERT_LE(proof.size(), AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED) << "Proof exceeds padded length";
102 proof.resize(AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED, 0);
103 }
104
105 // Construct stdlib representations of the proof, public inputs and verification key
106 OuterBuilder outer_circuit;
107 stdlib::Proof<OuterBuilder> stdlib_proof(outer_circuit, proof);
108
109 std::vector<std::vector<UltraFF>> public_inputs_ct;
110 public_inputs_ct.reserve(public_inputs_cols.size());
111 for (const auto& vec : public_inputs_cols) {
112 std::vector<UltraFF> vec_ct;
113 vec_ct.reserve(vec.size());
114 for (const auto& val : vec) {
115 vec_ct.push_back(UltraFF::from_witness(&outer_circuit, val));
116 }
117 public_inputs_ct.push_back(vec_ct);
118 }
119
120 // Construct the AVM recursive verifier and verify the proof
121 // Scoped to free memory of AvmRecursiveVerifier.
122 auto verifier_output = [&]() {
123 std::cout << "Constructing AvmRecursiveVerifier and verifying " << (pad_proof ? "padded " : "") << "proof..."
124 << std::endl;
125 std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
126 TwoLayerAvmRecursiveVerifier avm_rec_verifier(outer_circuit);
127 auto result = avm_rec_verifier.verify_proof(stdlib_proof, public_inputs_ct);
128 std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now();
129 std::cout << "Time taken (recursive verification): "
130 << std::chrono::duration_cast<std::chrono::seconds>(end - start).count() << "s" << std::endl;
131 return result;
132 }();
133
134 stdlib::recursion::honk::RollupIO inputs;
135 inputs.pairing_inputs = verifier_output.points_accumulator;
136 inputs.ipa_claim = verifier_output.ipa_claim;
137 inputs.set_public();
138 outer_circuit.ipa_proof = verifier_output.ipa_proof.get_value();
139
140 // Ensure that the pairing check is satisfied on the outputs of the recursive verifier
141 NativeVerifierCommitmentKey pcs_vkey{};
142 bool agg_output_valid = pcs_vkey.pairing_check(verifier_output.points_accumulator.P0.get_value(),
143 verifier_output.points_accumulator.P1.get_value());
144 ASSERT_TRUE(agg_output_valid) << "Pairing points (aggregation state) are not valid.";
145 ASSERT_FALSE(outer_circuit.failed()) << "Outer circuit has failed.";
146
147 vinfo("Recursive verifier",
148 (pad_proof ? " (padded proof)" : ""),
149 ": finalized num gates = ",
150 outer_circuit.num_gates());
151
152 // Construct and verify an Ultra Rollup proof of the AVM recursive verifier circuit. This proof carries an IPA claim
153 // from ECCVM recursive verification in its public inputs that will be verified as part of the UltraRollupVerifier.
154 auto outer_proving_key = std::make_shared<ProverInstance_<UltraRollupFlavor>>(outer_circuit);
155
156 // Scoped to free memory of UltraRollupProver.
157 auto outer_proof = [&]() {
158 auto verification_key =
159 std::make_shared<UltraRollupFlavor::VerificationKey>(outer_proving_key->get_precomputed());
160 UltraRollupProver outer_prover(outer_proving_key, verification_key);
161 return outer_prover.construct_proof();
162 }();
163
164 // Verify the proof of the Ultra circuit that verified the AVM recursive verifier circuit
165 auto outer_verification_key =
166 std::make_shared<UltraRollupFlavor::VerificationKey>(outer_proving_key->get_precomputed());
167 auto outer_vk_and_hash = std::make_shared<UltraRollupFlavor::VKAndHash>(outer_verification_key);
168 UltraRollupVerifier final_verifier(outer_vk_and_hash);
169
170 bool result = final_verifier.verify_proof(outer_proof).result;
171 EXPECT_TRUE(result);
172}
173
174// Test that the transcript operations performed during AVM recursive verification match the ones performed by the
175// function defined in the AvmRecursiveFlavor::Transcript class
176TEST_P(AvmRecursiveTestsParameterized, TranscriptOperations)
177{
178 if (testing::skip_slow_tests()) {
179 GTEST_SKIP() << "Skipping slow test";
180 }
181
182 using FF = stdlib::field_t<MegaCircuitBuilder>;
183
184 const bool pad_proof = GetParam();
185
186 NativeProofResult proof_result;
187 std::cout << "Creating and verifying native proof..." << std::endl;
188 std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
189 ASSERT_NO_FATAL_FAILURE({ create_and_verify_native_proof(proof_result); });
190 std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now();
191 std::cout << "Time taken (native proof): " << std::chrono::duration_cast<std::chrono::seconds>(end - start).count()
192 << "s" << std::endl;
193
194 auto [proof, public_inputs_cols] = proof_result;
195
196 // Optionally pad the proof to match production behavior
197 if (pad_proof) {
198 std::cout << "Padding proof from " << proof.size() << " to " << AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED
199 << " fields" << std::endl;
200 ASSERT_LE(proof.size(), AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED) << "Proof exceeds padded length";
201 proof.resize(AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED, 0);
202 }
203
204 // Construct stdlib representations of the proof, public inputs and verification key
205 MegaCircuitBuilder builder;
206 stdlib::Proof<MegaCircuitBuilder> stdlib_proof(builder, proof);
207
208 std::vector<std::vector<FF>> public_inputs_ct;
209 public_inputs_ct.reserve(public_inputs_cols.size());
210 for (const auto& vec : public_inputs_cols) {
211 std::vector<FF> vec_ct;
212 vec_ct.reserve(vec.size());
213 for (const auto& val : vec) {
214 vec_ct.push_back(FF::from_witness(&builder, val));
215 }
216 public_inputs_ct.push_back(vec_ct);
217 }
218
219 // Construct the AVM recursive verifier and verify the proof
220 // Scoped to free memory of AvmRecursiveVerifier.
221 FF final_state_full_verification;
222 auto transcript = std::make_shared<AvmRecursiveFlavor::Transcript>();
223 transcript->enable_manifest();
224 {
225 std::cout << "Constructing AvmRecursiveVerifier and verifying proof..." << std::endl;
226 std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
227 AvmRecursiveVerifier avm_rec_verifier(builder, transcript);
228 [[maybe_unused]] auto _result = avm_rec_verifier.verify_proof(stdlib_proof, public_inputs_ct);
229 std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now();
230 std::cout << "Time taken (recursive verification): "
231 << std::chrono::duration_cast<std::chrono::seconds>(end - start).count() << "s" << std::endl;
232 final_state_full_verification = avm_rec_verifier.hash_avm_transcript(stdlib_proof);
233 };
234
235 // Perform only transcript operations
236 FF final_state_transcript_operations_only;
237 auto mocked_transcript = std::make_shared<AvmRecursiveFlavor::Transcript>();
238 {
239 std::tie(final_state_transcript_operations_only, mocked_transcript) =
240 AvmRecursiveFlavor::Transcript::hash_avm_transcript_for_testing(builder, stdlib_proof, public_inputs_ct);
241 }
242
243 // Check that the native values underlying the final states match
244 EXPECT_EQ(final_state_full_verification.get_value(), final_state_transcript_operations_only.get_value());
245
246 // Check consistency of the transcripts
247 auto manifest = transcript->get_manifest();
248 auto mocked_manifest = mocked_transcript->get_manifest();
249
250 // Note: a manifest can be printed using manifest.print()
251 BB_ASSERT_GT(manifest.size(), 0U);
252 BB_ASSERT_EQ(manifest.size(), mocked_manifest.size());
253 for (size_t round = 0; round < manifest.size(); ++round) {
254 ASSERT_EQ(manifest[round], mocked_manifest[round])
255 << std::format("Real/Mocked manifest discrepency in round {}", round);
256 }
257
258 // Check that the circuit is satisfied
259 final_state_transcript_operations_only.assert_equal(final_state_full_verification);
260 EXPECT_TRUE(CircuitChecker::check(builder));
261 EXPECT_TRUE(!builder.failed());
262}
263
264INSTANTIATE_TEST_SUITE_P(PaddingVariants,
265 AvmRecursiveTestsParameterized,
266 ::testing::Values(false, true),
267 [](const auto& info) { return info.param ? "Padded" : "Unpadded"; });
268
269// Ensures that the recursive verifier fails with wrong PIs.
270TEST_F(AvmRecursiveTests, GoblinRecursionFailsWithWrongPIs)
271{
272 if (testing::skip_slow_tests()) {
273 GTEST_SKIP() << "Skipping slow test";
274 }
275
276 // Type aliases specific to GoblinRecursion test
277 using OuterBuilder = typename UltraRollupFlavor::CircuitBuilder;
278 using UltraFF = UltraRecursiveFlavor_<OuterBuilder>::FF;
279
280 NativeProofResult proof_result;
281 std::cout << "Creating and verifying native proof..." << std::endl;
282 std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
283 ASSERT_NO_FATAL_FAILURE({ create_and_verify_native_proof(proof_result); });
284 std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now();
285 std::cout << "Time taken (native proof): " << std::chrono::duration_cast<std::chrono::seconds>(end - start).count()
286 << "s" << std::endl;
287
288 auto [proof, public_inputs_cols] = proof_result;
289
290 // Construct stdlib representations of the proof, public inputs and verification key
291 OuterBuilder outer_circuit;
292 stdlib::Proof<OuterBuilder> stdlib_proof(outer_circuit, proof);
293
294 std::vector<std::vector<UltraFF>> public_inputs_ct;
295 public_inputs_ct.reserve(public_inputs_cols.size());
296 for (const auto& vec : public_inputs_cols) {
297 std::vector<UltraFF> vec_ct;
298 vec_ct.reserve(vec.size());
299 for (const auto& val : vec) {
300 vec_ct.push_back(UltraFF::from_witness(&outer_circuit, val));
301 }
302 public_inputs_ct.push_back(vec_ct);
303 }
304 // Mutate a PI entry to verify that validation correctly fails with incorrect public inputs
305 public_inputs_ct[1][5] += 1;
306
307 // Construct the AVM recursive verifier and verify the proof
308 // Scoped to free memory of AvmRecursiveVerifier.
309 {
310 std::cout << "Constructing AvmRecursiveVerifier and verifying proof..." << std::endl;
311 std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
312 TwoLayerAvmRecursiveVerifier avm_rec_verifier(outer_circuit);
313 auto result = avm_rec_verifier.verify_proof(stdlib_proof, public_inputs_ct);
314 std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now();
315 std::cout << "Time taken (recursive verification): "
316 << std::chrono::duration_cast<std::chrono::seconds>(end - start).count() << "s" << std::endl;
317 };
318
319 ASSERT_TRUE(outer_circuit.failed()) << "Outer circuit SHOULD fail with bad PIs.";
320}
321
322} // namespace bb::avm2::constraining
BB_ASSERT_GT
#define BB_ASSERT_GT(left, right,...)
Definition assert.hpp:113
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:83
aztec_constants.hpp
AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED
#define AVM_V2_PROOF_LENGTH_IN_FIELDS_PADDED
Definition aztec_constants.hpp:178
circuit_checker.hpp
bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::UltraFlavor::CircuitBuilder
UltraCircuitBuilder CircuitBuilder
Definition ultra_flavor.hpp:38
bb::UltraProver_
Definition ultra_prover.hpp:20
bb::UltraRecursiveFlavor_::FF
typename Curve::ScalarField FF
Definition ultra_recursive_flavor.hpp:44
bb::UltraVerifier_
Definition ultra_verifier.hpp:82
bb::UltraVerifier_::verify_proof
Output verify_proof(const Proof &proof)
Perform ultra verification.
Definition ultra_verifier.cpp:214
bb::avm2::AvmFlavor::VerifierCommitmentKey
AvmFlavorSettings::VerifierCommitmentKey VerifierCommitmentKey
Definition flavor.hpp:43
bb::avm2::AvmProvingHelper::prove
Proof prove(tracegen::TraceContainer &&trace)
Definition proving_helper.cpp:54
bb::avm2::AvmProvingHelper::create_verification_key
static std::shared_ptr< AvmVerifier::VerificationKey > create_verification_key(const VkData &vk_data)
Definition proving_helper.cpp:23
bb::avm2::AvmRecursiveFlavor::TemplatedTranscript::hash_avm_transcript_for_testing
static std::pair< stdlib::field_t< Builder >, std::shared_ptr< TemplatedTranscript< Builder > > > hash_avm_transcript_for_testing(Builder &builder, const stdlib::Proof< Builder > &stdlib_proof, const std::vector< std::vector< stdlib::field_t< Builder > > > &public_inputs)
Testing method to hash the transcript after having replicated the operations performed on the AVM tra...
Definition recursive_flavor.hpp:292
bb::avm2::AvmRecursiveFlavor::CircuitBuilder
AvmRecursiveFlavorSettings::CircuitBuilder CircuitBuilder
Definition recursive_flavor.hpp:22
bb::avm2::AvmRecursiveVerifier::hash_avm_transcript
FF hash_avm_transcript(const StdlibProof &stdlib_proof)
Hash the transcript after verification is complete to produce a hash of the public inputs and proofs ...
Definition recursive_verifier.cpp:219
bb::avm2::AvmRecursiveVerifier::verify_proof
PairingPoints verify_proof(const HonkProof &proof, const std::vector< std::vector< fr > > &public_inputs_vec_nt)
Definition recursive_verifier.cpp:58
bb::avm2::AvmVerifier::verify_proof
virtual bool verify_proof(const HonkProof &proof, const std::vector< std::vector< FF > > &public_inputs)
This function verifies an Avm Honk proof for given program settings.
Definition verifier.cpp:42
bb::avm2::TwoLayerAvmRecursiveVerifier
Recursive verifier of AVM2 proofs that utilizes the Goblin mechanism for efficient EC operations.
Definition two_layer_avm_recursive_verifier.hpp:53
bb::avm2::TwoLayerAvmRecursiveVerifier::verify_proof
TwoLayerAvmRecursiveVerifierOutput verify_proof(const stdlib::Proof< UltraCircuitBuilder > &stdlib_proof, const std::vector< std::vector< UltraFF > > &public_inputs) const
Recursively verify an AVM proof using Goblin and two layers of recursive verification.
Definition two_layer_avm_recursive_verifier.hpp:86
bb::avm2::constraining::AvmRecursiveTests::OuterBuilder
typename RecursiveFlavor::CircuitBuilder OuterBuilder
Definition recursive_verifier.test.cpp:26
bb::avm2::constraining::AvmRecursiveTests::create_and_verify_native_proof
static void create_and_verify_native_proof(NativeProofResult &proof_result)
Definition recursive_verifier.test.cpp:39
bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19
bb::stdlib::field_t
Definition field.hpp:46
bb::stdlib::recursion::honk::RollupIO
The data that is propagated on the public inputs of a rollup circuit.
Definition special_public_inputs.hpp:356
info
#define info(...)
Definition log.hpp:93
vinfo
#define vinfo(...)
Definition log.hpp:94
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
trace
TestTraceContainer trace
Definition data_copy.test.cpp:63
inputs
AvmProvingInputs inputs
Definition hinting_dbs.test.cpp:45
bb::avm2::constraining::INSTANTIATE_TEST_SUITE_P
INSTANTIATE_TEST_SUITE_P(PaddingVariants, AvmRecursiveTestsParameterized, ::testing::Values(false, true), [](const auto &info) { return info.param ? "Padded" :"Unpadded";})
bb::avm2::constraining::TEST_F
TEST_F(AvmRecursiveTests, GoblinRecursionFailsWithWrongPIs)
Definition recursive_verifier.test.cpp:270
bb::avm2::constraining::TEST_P
TEST_P(AvmRecursiveTestsParameterized, GoblinRecursion)
A test of the Goblinized AVM recursive verifier.
Definition recursive_verifier.test.cpp:73
bb::avm2::testing::skip_slow_tests
bool skip_slow_tests()
Check if slow tests should be skipped.
Definition fixtures.cpp:199
bb::avm2::testing::get_minimal_trace_with_pi
std::pair< tracegen::TraceContainer, PublicInputs > get_minimal_trace_with_pi()
Definition fixtures.cpp:183
bb::avm2::FF
AvmFlavorSettings::FF FF
Definition field.hpp:10
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
prover_instance.hpp
proving_helper.hpp
recursive_flavor.hpp
recursive_verifier.hpp
special_public_inputs.hpp
two_layer_avm_recursive_verifier.hpp
ultra_flavor.hpp
ultra_prover.hpp
ultra_rollup_flavor.hpp
ultra_verifier.hpp