Barretenberg: src/barretenberg/chonk/batched_honk_translator/batched_honk_translator_verifier.hpp Source File

#pragma once


#include "barretenberg/commitment_schemes/pairing_points.hpp"

#include "barretenberg/flavor/mega_zk_flavor.hpp"

#include "barretenberg/flavor/mega_zk_recursive_flavor.hpp"

#include "barretenberg/honk/proof_system/types/proof.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include "barretenberg/stdlib/primitives/pairing_points.hpp"

#include "barretenberg/stdlib/proof/proof.hpp"

#include "barretenberg/stdlib/translator_vm_verifier/translator_recursive_flavor.hpp"

#include "barretenberg/translator_vm/translator_flavor.hpp"

#include "barretenberg/ultra_honk/verifier_instance.hpp"


namespace bb {


template <typename Curve> class BatchedHonkTranslatorVerifier_ {

  public:

    static constexpr bool IsRecursive = Curve::is_stdlib_type;


    // Select MegaZK flavor based on native vs recursive.

    using MegaZKFlavorT = std::conditional_t<IsRecursive, MegaZKRecursiveFlavor_<UltraCircuitBuilder>, MegaZKFlavor>;

    // Select translator flavor based on native vs recursive.

    using TransFlavor = std::conditional_t<IsRecursive, TranslatorRecursiveFlavor, TranslatorFlavor>;


    using FF = typename MegaZKFlavorT::FF;

    using Commitment = typename MegaZKFlavorT::Commitment;

    using MegaZKVerifierInstance = VerifierInstance_<MegaZKFlavorT>;

    using MegaZKVKAndHash = typename MegaZKFlavorT::VKAndHash;

    using Transcript = std::conditional_t<IsRecursive, UltraStdlibTranscript, NativeTranscript>;

    using MegaZKVerifierCommitments = typename MegaZKFlavorT::VerifierCommitments;

    using TransVerifierCommitments = typename TransFlavor::VerifierCommitments;


    // Proof type: stdlib::Proof<UltraCircuitBuilder> for recursive, HonkProof for native.

    using Proof = std::conditional_t<IsRecursive, stdlib::Proof<UltraCircuitBuilder>, HonkProof>;


    // PairingPoints type.

    using PairingPoints =

        std::conditional_t<IsRecursive, stdlib::recursion::PairingPoints<Curve>, bb::PairingPoints<Curve>>;


    // BF type from the translator flavor (BN254 base field elements).

    using TransBF = typename TransFlavor::BF;


    // Joint RepeatedCommitmentsData for Shplemini's remove_repeated_commitments optimization.

    // After Shplemini's offset=2 (Q_commitment + gemini_masking_poly), the virtual layout is:

    //   Unshifted: [MegaZK_precomputed(P) | MegaZK_witness(W) | Trans_PCS_unshifted(TU)]

    //   Shifted:   [MegaZK_shifted(S) | Trans_PCS_shifted(TS)]

    //

    // Range 1 (MegaZK): witness[0..S-1] ↔ mega_zk_shifted[0..S-1]

    // Range 2 (Translator merged): ordered(5)+z_perm(1)+concat(5) in unshifted ↔ same in shifted


    static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS = [] {

        constexpr size_t P = MegaZKFlavorT::NUM_PRECOMPUTED_ENTITIES;

        // W = MegaFlavor::NUM_WITNESS_ENTITIES (without masking, which is handled by Shplemini's offset)

        constexpr size_t W = MegaZKFlavorT::REPEATED_COMMITMENTS.first.duplicate_start -

                             MegaZKFlavorT::REPEATED_COMMITMENTS.first.original_start;

        constexpr size_t S = MegaZKFlavorT::NUM_SHIFTED_ENTITIES;

        constexpr size_t TU = TranslatorFlavor::NUM_PCS_UNSHIFTED;

        // Skip before repeated entries: masking(1)+ordered_extra(1)+op(1)=3 in unshifted, op_queue(3) in shifted

        constexpr size_t TRANS_UNSHIFTED_SKIP = TranslatorFlavor::REPEATED_COMMITMENTS.first.original_start + 1;

        constexpr size_t TRANS_SHIFTED_SKIP =

            TranslatorFlavor::NUM_PCS_TO_BE_SHIFTED -

            (TranslatorFlavor::REPEATED_COMMITMENTS.first.count + TranslatorFlavor::REPEATED_COMMITMENTS.second.count);

        return RepeatedCommitmentsData(

            P,                                   // MegaZK original: start of witness in unshifted

            P + W + TU,                          // MegaZK duplicate: start of mega_zk_shifted

            S,                                   // MegaZK count

            P + W + TRANS_UNSHIFTED_SKIP,        // Translator original: ordered+z_perm+concat in unshifted

            P + W + TU + S + TRANS_SHIFTED_SKIP, // Translator duplicate: same entries in shifted

            TranslatorFlavor::REPEATED_COMMITMENTS.first.count +

                TranslatorFlavor::REPEATED_COMMITMENTS.second.count); // Translator count

    }();


    struct ReductionResult {

        PairingPoints pairing_points;

        bool reduction_succeeded = false;

    };


    struct OinkResult {

        std::vector<FF> public_inputs;

        Commitment calldata_commitment;

        std::array<Commitment, MegaZKFlavorT::NUM_WIRES> ecc_op_wires;

    };


    BatchedHonkTranslatorVerifier_(std::shared_ptr<MegaZKVKAndHash> mega_zk_vk_and_hash,

                                   std::shared_ptr<Transcript> transcript);


    OinkResult verify_mega_zk_oink(const Proof& mega_zk_proof);


    [[nodiscard("Verification result should be checked")]] ReductionResult verify(

        const Proof& joint_proof,

        const TransBF& evaluation_input_x,

        const TransBF& batching_challenge_v,

        const TransBF& accumulated_result,

        const std::array<Commitment, TranslatorFlavor::NUM_OP_QUEUE_WIRES>& op_queue_wire_commitments);


  private:

    // Methods mirroring the prover's structure.

    TransVerifierCommitments verify_translator_oink(

        const Proof& joint_proof,

        const TransBF& evaluation_input_x,

        const TransBF& batching_challenge_v,

        const TransBF& accumulated_result,

        const std::array<Commitment, TranslatorFlavor::NUM_OP_QUEUE_WIRES>& op_queue_wire_commitments);

    bool verify_joint_sumcheck();

    ReductionResult verify_joint_pcs(bool sumcheck_verified,

                                     MegaZKVerifierCommitments& mega_zk_commitments,

                                     TransVerifierCommitments& trans_commitments);


    std::shared_ptr<MegaZKVKAndHash> mega_zk_vk_and_hash;

    std::shared_ptr<Transcript> transcript;


    // Verifier instance stored after verify_mega_zk_oink (provides accessors)

    std::shared_ptr<MegaZKVerifierInstance> mega_zk_verifier_instance;


    // Builder pointer (only meaningful for recursive, nullptr for native).

    std::conditional_t<IsRecursive, UltraCircuitBuilder*, std::nullptr_t> builder = nullptr;


    // Relation parameters populated during verify_mega_zk_oink / verify_translator_oink.

    bb::RelationParameters<FF> mega_zk_relation_parameters;

    bb::RelationParameters<FF> translator_relation_parameters;


    // State populated by verify_joint_sumcheck(), consumed by verify_joint_pcs().

    std::vector<FF> joint_challenge;

    typename MegaZKFlavorT::AllValues mega_zk_evals;

    typename TransFlavor::AllValues trans_evals;

    std::array<Commitment, NUM_LIBRA_COMMITMENTS> libra_commitments;

    FF libra_evaluation;

    FF libra_challenge;

};


// Type aliases.

using BatchedHonkTranslatorVerifier = BatchedHonkTranslatorVerifier_<curve::BN254>;

using BatchedHonkTranslatorRecursiveVerifier = BatchedHonkTranslatorVerifier_<stdlib::bn254<UltraCircuitBuilder>>;


} // namespace bb

bb::BatchedHonkTranslatorVerifier_
Verifier for the batched MegaZK circuit + translator sumcheck and PCS.
Definition batched_honk_translator_verifier.hpp:32

bb::BatchedHonkTranslatorVerifier_::libra_commitments
std::array< Commitment, NUM_LIBRA_COMMITMENTS > libra_commitments
Definition batched_honk_translator_verifier.hpp:164

bb::BatchedHonkTranslatorVerifier_::libra_evaluation
FF libra_evaluation
Definition batched_honk_translator_verifier.hpp:165

bb::BatchedHonkTranslatorVerifier_::Proof
std::conditional_t< IsRecursive, stdlib::Proof< UltraCircuitBuilder >, HonkProof > Proof
Definition batched_honk_translator_verifier.hpp:50

bb::BatchedHonkTranslatorVerifier_::libra_challenge
FF libra_challenge
Definition batched_honk_translator_verifier.hpp:166

bb::BatchedHonkTranslatorVerifier_::mega_zk_verifier_instance
std::shared_ptr< MegaZKVerifierInstance > mega_zk_verifier_instance
Definition batched_honk_translator_verifier.hpp:151

bb::BatchedHonkTranslatorVerifier_::TransVerifierCommitments
typename TransFlavor::VerifierCommitments TransVerifierCommitments
Definition batched_honk_translator_verifier.hpp:47

bb::BatchedHonkTranslatorVerifier_::MegaZKFlavorT
std::conditional_t< IsRecursive, MegaZKRecursiveFlavor_< UltraCircuitBuilder >, MegaZKFlavor > MegaZKFlavorT
Definition batched_honk_translator_verifier.hpp:37

bb::BatchedHonkTranslatorVerifier_::verify_joint_pcs
ReductionResult verify_joint_pcs(bool sumcheck_verified, MegaZKVerifierCommitments &mega_zk_commitments, TransVerifierCommitments &trans_commitments)
Execute the joint Shplemini / KZG PCS reduction.
Definition batched_honk_translator_verifier.cpp:273

bb::BatchedHonkTranslatorVerifier_::Commitment
typename MegaZKFlavorT::Commitment Commitment
Definition batched_honk_translator_verifier.hpp:42

bb::BatchedHonkTranslatorVerifier_::verify
ReductionResult verify(const Proof &joint_proof, const TransBF &evaluation_input_x, const TransBF &batching_challenge_v, const TransBF &accumulated_result, const std::array< Commitment, TranslatorFlavor::NUM_OP_QUEUE_WIRES > &op_queue_wire_commitments)
Phase 2: Verify translator Oink + joint sumcheck + joint PCS.
Definition batched_honk_translator_verifier.cpp:343

bb::BatchedHonkTranslatorVerifier_::transcript
std::shared_ptr< Transcript > transcript
Definition batched_honk_translator_verifier.hpp:148

bb::BatchedHonkTranslatorVerifier_::trans_evals
TransFlavor::AllValues trans_evals
Definition batched_honk_translator_verifier.hpp:163

bb::BatchedHonkTranslatorVerifier_::verify_joint_sumcheck
bool verify_joint_sumcheck()
Verify the joint 17-round sumcheck.
Definition batched_honk_translator_verifier.cpp:98

bb::BatchedHonkTranslatorVerifier_::MegaZKVKAndHash
typename MegaZKFlavorT::VKAndHash MegaZKVKAndHash
Definition batched_honk_translator_verifier.hpp:44

bb::BatchedHonkTranslatorVerifier_::joint_challenge
std::vector< FF > joint_challenge
Definition batched_honk_translator_verifier.hpp:161

bb::BatchedHonkTranslatorVerifier_::mega_zk_vk_and_hash
std::shared_ptr< MegaZKVKAndHash > mega_zk_vk_and_hash
Definition batched_honk_translator_verifier.hpp:147

bb::BatchedHonkTranslatorVerifier_::translator_relation_parameters
bb::RelationParameters< FF > translator_relation_parameters
Definition batched_honk_translator_verifier.hpp:158

bb::BatchedHonkTranslatorVerifier_::mega_zk_evals
MegaZKFlavorT::AllValues mega_zk_evals
Definition batched_honk_translator_verifier.hpp:162

bb::BatchedHonkTranslatorVerifier_::FF
typename MegaZKFlavorT::FF FF
Definition batched_honk_translator_verifier.hpp:41

bb::BatchedHonkTranslatorVerifier_::Transcript
std::conditional_t< IsRecursive, UltraStdlibTranscript, NativeTranscript > Transcript
Definition batched_honk_translator_verifier.hpp:45

bb::BatchedHonkTranslatorVerifier_::mega_zk_relation_parameters
bb::RelationParameters< FF > mega_zk_relation_parameters
Definition batched_honk_translator_verifier.hpp:157

bb::BatchedHonkTranslatorVerifier_::IsRecursive
static constexpr bool IsRecursive
Definition batched_honk_translator_verifier.hpp:34

bb::BatchedHonkTranslatorVerifier_::TransFlavor
std::conditional_t< IsRecursive, TranslatorRecursiveFlavor, TranslatorFlavor > TransFlavor
Definition batched_honk_translator_verifier.hpp:39

bb::BatchedHonkTranslatorVerifier_::verify_translator_oink
TransVerifierCommitments verify_translator_oink(const Proof &joint_proof, const TransBF &evaluation_input_x, const TransBF &batching_challenge_v, const TransBF &accumulated_result, const std::array< Commitment, TranslatorFlavor::NUM_OP_QUEUE_WIRES > &op_queue_wire_commitments)
Verify the translator's Oink phase.
Definition batched_honk_translator_verifier.cpp:69

bb::BatchedHonkTranslatorVerifier_::PairingPoints
std::conditional_t< IsRecursive, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > > PairingPoints
Definition batched_honk_translator_verifier.hpp:54

bb::BatchedHonkTranslatorVerifier_::REPEATED_COMMITMENTS
static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS
Definition batched_honk_translator_verifier.hpp:66

bb::BatchedHonkTranslatorVerifier_::TransBF
typename TransFlavor::BF TransBF
Definition batched_honk_translator_verifier.hpp:57

bb::BatchedHonkTranslatorVerifier_::builder
std::conditional_t< IsRecursive, UltraCircuitBuilder *, std::nullptr_t > builder
Definition batched_honk_translator_verifier.hpp:154

bb::BatchedHonkTranslatorVerifier_::verify_mega_zk_oink
OinkResult verify_mega_zk_oink(const Proof &mega_zk_proof)
Phase 1: Verify the MegaZK Oink phase on the shared transcript.
Definition batched_honk_translator_verifier.cpp:35

bb::BatchedHonkTranslatorVerifier_::MegaZKVerifierCommitments
typename MegaZKFlavorT::VerifierCommitments MegaZKVerifierCommitments
Definition batched_honk_translator_verifier.hpp:46

bb::MegaZKFlavor
Child class of MegaFlavor that runs with ZK Sumcheck.
Definition mega_zk_flavor.hpp:17

bb::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:22

bb::TranslatorFlavor::REPEATED_COMMITMENTS
static constexpr RepeatedCommitmentsData REPEATED_COMMITMENTS
Definition translator_flavor.hpp:747

bb::TranslatorFlavor::NUM_PCS_UNSHIFTED
static constexpr size_t NUM_PCS_UNSHIFTED
Definition translator_flavor.hpp:728

bb::TranslatorFlavor::NUM_PCS_TO_BE_SHIFTED
static constexpr size_t NUM_PCS_TO_BE_SHIFTED
Definition translator_flavor.hpp:731

bb::VerifierInstance_
The VerifierInstance encapsulates all the necessary information for a Honk Verifier to verify a proof...
Definition verifier_instance.hpp:18

bb::curve::Grumpkin::is_stdlib_type
static constexpr bool is_stdlib_type
Definition grumpkin.hpp:68

pairing_points.hpp

proof.hpp

mega_zk_flavor.hpp

mega_zk_recursive_flavor.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bn254.hpp

pairing_points.hpp

proof.hpp

bb::BatchedHonkTranslatorVerifier_::OinkResult
Result of Phase 1 (MegaZK Oink verification).
Definition batched_honk_translator_verifier.hpp:100

bb::BatchedHonkTranslatorVerifier_::OinkResult::ecc_op_wires
std::array< Commitment, MegaZKFlavorT::NUM_WIRES > ecc_op_wires
Definition batched_honk_translator_verifier.hpp:103

bb::BatchedHonkTranslatorVerifier_::OinkResult::public_inputs
std::vector< FF > public_inputs
Definition batched_honk_translator_verifier.hpp:101

bb::BatchedHonkTranslatorVerifier_::OinkResult::calldata_commitment
Commitment calldata_commitment
Definition batched_honk_translator_verifier.hpp:102

bb::BatchedHonkTranslatorVerifier_::ReductionResult
Result of the batched sumcheck/PCS reduction.
Definition batched_honk_translator_verifier.hpp:91

bb::BatchedHonkTranslatorVerifier_::ReductionResult::pairing_points
PairingPoints pairing_points
Definition batched_honk_translator_verifier.hpp:92

bb::BatchedHonkTranslatorVerifier_::ReductionResult::reduction_succeeded
bool reduction_succeeded
Definition batched_honk_translator_verifier.hpp:93

bb::DuplicateRange::original_start
size_t original_start
Definition repeated_commitments_data.hpp:24

bb::DuplicateRange::count
size_t count
Definition repeated_commitments_data.hpp:26

bb::DuplicateRange::duplicate_start
size_t duplicate_start
Definition repeated_commitments_data.hpp:25

bb::RelationParameters
Container for parameters used by the grand product (permutation, lookup) Honk relations.
Definition relation_parameters.hpp:18

bb::RepeatedCommitmentsData
Definition repeated_commitments_data.hpp:29

bb::RepeatedCommitmentsData::second
DuplicateRange second
Definition repeated_commitments_data.hpp:31

bb::RepeatedCommitmentsData::first
DuplicateRange first
Definition repeated_commitments_data.hpp:30

translator_flavor.hpp

translator_recursive_flavor.hpp

verifier_instance.hpp