Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Public Member Functions | Static Public Member Functions | Private Types | Private Member Functions | Private Attributes | List of all members
bb::OinkProver< Flavor > Class Template Reference

Executes the "Oink" phase of the Honk proving protocol: the initial rounds that commit to witness data, lookup/logderivative inverses, and the permutation grand product, producing the relation parameters (eta, beta, gamma, alpha) along the way. More...

#include <oink_prover.hpp>

Public Member Functions

 OinkProver (std::shared_ptr< ProverInstance > prover_instance, std::shared_ptr< HonkVK > honk_vk, const std::shared_ptr< typename Flavor::Transcript > &transcript)
 
void prove (bool emit_alpha=true)
 Commit to witnesses, compute relation parameters, and prepare for Sumcheck.
 
Proof export_proof ()
 Export the Oink proof.
 

Static Public Member Functions

static void add_ram_rom_memory_records_to_wire_4 (ProverInstance &instance)
 Add RAM/ROM memory records to the fourth wire polynomial.
 
static void compute_logderivative_inverses (ProverInstance &instance)
 Compute the inverse polynomials used in the log derivative lookup relations.
 
static void compute_grand_product_polynomial (ProverInstance &instance)
 Computes public_input_delta and the permutation grand product polynomial.
 

Private Types

using CommitmentKey = typename Flavor::CommitmentKey
 
using HonkVK = typename Flavor::VerificationKey
 
using ProverInstance = ProverInstance_< Flavor >
 
using Transcript = typename Flavor::Transcript
 
using FF = typename Flavor::FF
 
using Proof = typename Transcript::Proof
 

Private Member Functions

void send_vk_hash_and_public_inputs ()
 Hash the verification key and send public inputs to the transcript.
 
void commit_to_wires ()
 Commit to the wire polynomials (part of the witness), with the exception of the fourth wire, which is only committed to after adding memory records. For Mega, we also commit to the ECC op wires and DataBus columns.
 
void commit_to_lookup_counts_and_w4 ()
 Compute sorted witness-table accumulator and commit to the resulting polynomials.
 
void commit_to_logderiv_inverses ()
 Compute log derivative inverse polynomial and its commitment, if required.
 
void commit_to_z_perm ()
 Compute the permutation grand product polynomial and commit to it.
 
void commit_to_masking_poly ()
 

Private Attributes

std::shared_ptr< ProverInstanceprover_instance
 
std::shared_ptr< HonkVKhonk_vk
 
std::shared_ptr< Transcripttranscript
 
CommitmentKey commitment_key
 
Flavor::CommitmentLabels commitment_labels
 

Detailed Description

template<typename Flavor>
class bb::OinkProver< Flavor >

Executes the "Oink" phase of the Honk proving protocol: the initial rounds that commit to witness data, lookup/logderivative inverses, and the permutation grand product, producing the relation parameters (eta, beta, gamma, alpha) along the way.

The rounds proceed in order:

  1. send_vk_hash_and_public_inputs – hash the verification key and send public inputs to transcript
  2. commit_to_masking_poly – (ZK only) commit to a random masking polynomial for Gemini
  3. commit_to_wires – commit to wire polynomials (w_l, w_r, w_o; plus ECC-op & databus wires for Mega)
  4. commit_to_lookup_counts_and_w4 – get eta challenge, add RAM/ROM memory records to w_4, commit to lookup read counts/tags and the finalized w_4
  5. commit_to_logderiv_inverses – get beta/gamma challenges, compute and commit to log-derivative lookup inverses (plus databus inverses for Mega)
  6. commit_to_z_perm – compute and commit to the permutation grand product polynomial
  7. get alpha challenge

After prove() completes, the prover instance holds all committed polynomials and relation parameters needed by the subsequent Sumcheck and PCS phases in UltraProver.

The underlying witness computations (RAM/ROM memory records, log-derivative inverses, permutation grand product) are also exposed as public static methods so that test code can invoke them independently of the transcript-driven commit flow.

Definition at line 52 of file oink_prover.hpp.

Member Typedef Documentation

◆ CommitmentKey

template<typename Flavor >
using bb::OinkProver< Flavor >::CommitmentKey = typename Flavor::CommitmentKey
private

Definition at line 53 of file oink_prover.hpp.

◆ FF

template<typename Flavor >
using bb::OinkProver< Flavor >::FF = typename Flavor::FF
private

Definition at line 57 of file oink_prover.hpp.

◆ HonkVK

template<typename Flavor >
using bb::OinkProver< Flavor >::HonkVK = typename Flavor::VerificationKey
private

Definition at line 54 of file oink_prover.hpp.

◆ Proof

template<typename Flavor >
using bb::OinkProver< Flavor >::Proof = typename Transcript::Proof
private

Definition at line 58 of file oink_prover.hpp.

◆ ProverInstance

template<typename Flavor >
using bb::OinkProver< Flavor >::ProverInstance = ProverInstance_<Flavor>
private

Definition at line 55 of file oink_prover.hpp.

◆ Transcript

template<typename Flavor >
using bb::OinkProver< Flavor >::Transcript = typename Flavor::Transcript
private

Definition at line 56 of file oink_prover.hpp.

Constructor & Destructor Documentation

◆ OinkProver()

template<typename Flavor >
bb::OinkProver< Flavor >::OinkProver ( std::shared_ptr< ProverInstance prover_instance,
std::shared_ptr< HonkVK honk_vk,
const std::shared_ptr< typename Flavor::Transcript > &  transcript 
)
inline

Definition at line 61 of file oink_prover.hpp.

Member Function Documentation

◆ add_ram_rom_memory_records_to_wire_4()

template<typename Flavor >
void bb::OinkProver< Flavor >::add_ram_rom_memory_records_to_wire_4 ( ProverInstance instance)
static

Add RAM/ROM memory records to the fourth wire polynomial.

This operation must be performed after the first three wires have been committed to, hence the dependence on the eta challenge.

Template Parameters
Flavor
Parameters
instanceprover instance whose polynomials, memory records, and eta powers are used

Definition at line 214 of file oink_prover.cpp.

◆ commit_to_logderiv_inverses()

template<typename Flavor >
void bb::OinkProver< Flavor >::commit_to_logderiv_inverses ( )
private

Compute log derivative inverse polynomial and its commitment, if required.

Definition at line 138 of file oink_prover.cpp.

◆ commit_to_lookup_counts_and_w4()

template<typename Flavor >
void bb::OinkProver< Flavor >::commit_to_lookup_counts_and_w4 ( )
private

Compute sorted witness-table accumulator and commit to the resulting polynomials.

Definition at line 111 of file oink_prover.cpp.

◆ commit_to_masking_poly()

template<typename Flavor >
void bb::OinkProver< Flavor >::commit_to_masking_poly ( )
private

Definition at line 192 of file oink_prover.cpp.

◆ commit_to_wires()

template<typename Flavor >
void bb::OinkProver< Flavor >::commit_to_wires ( )
private

Commit to the wire polynomials (part of the witness), with the exception of the fourth wire, which is only committed to after adding memory records. For Mega, we also commit to the ECC op wires and DataBus columns.

Definition at line 66 of file oink_prover.cpp.

◆ commit_to_z_perm()

template<typename Flavor >
void bb::OinkProver< Flavor >::commit_to_z_perm ( )
private

Compute the permutation grand product polynomial and commit to it.

Definition at line 175 of file oink_prover.cpp.

◆ compute_grand_product_polynomial()

template<typename Flavor >
void bb::OinkProver< Flavor >::compute_grand_product_polynomial ( ProverInstance instance)
static

Computes public_input_delta and the permutation grand product polynomial.

Parameters
instanceprover instance whose polynomials, public inputs, and relation parameters are used

Definition at line 277 of file oink_prover.cpp.

◆ compute_logderivative_inverses()

template<typename Flavor >
void bb::OinkProver< Flavor >::compute_logderivative_inverses ( ProverInstance instance)
static

Compute the inverse polynomials used in the log derivative lookup relations.

Template Parameters
Flavor
Parameters
instanceprover instance whose polynomials and relation parameters are used

Definition at line 246 of file oink_prover.cpp.

◆ export_proof()

template<typename Flavor >
OinkProver< Flavor >::Proof bb::OinkProver< Flavor >::export_proof ( )

Export the Oink proof.

Definition at line 41 of file oink_prover.cpp.

◆ prove()

template<typename Flavor >
void bb::OinkProver< Flavor >::prove ( bool  emit_alpha = true)

Commit to witnesses, compute relation parameters, and prepare for Sumcheck.

Definition at line 22 of file oink_prover.cpp.

◆ send_vk_hash_and_public_inputs()

template<typename Flavor >
void bb::OinkProver< Flavor >::send_vk_hash_and_public_inputs ( )
private

Hash the verification key and send public inputs to the transcript.

Definition at line 49 of file oink_prover.cpp.

Member Data Documentation

◆ commitment_key

template<typename Flavor >
CommitmentKey bb::OinkProver< Flavor >::commitment_key
private

Definition at line 83 of file oink_prover.hpp.

◆ commitment_labels

template<typename Flavor >
Flavor::CommitmentLabels bb::OinkProver< Flavor >::commitment_labels
private

Definition at line 84 of file oink_prover.hpp.

◆ honk_vk

template<typename Flavor >
std::shared_ptr<HonkVK> bb::OinkProver< Flavor >::honk_vk
private

Definition at line 81 of file oink_prover.hpp.

◆ prover_instance

template<typename Flavor >
std::shared_ptr<ProverInstance> bb::OinkProver< Flavor >::prover_instance
private

Definition at line 80 of file oink_prover.hpp.

◆ transcript

template<typename Flavor >
std::shared_ptr<Transcript> bb::OinkProver< Flavor >::transcript
private

Definition at line 82 of file oink_prover.hpp.

The documentation for this class was generated from the following files: