Barretenberg: src/barretenberg/goblin/goblin_verifier.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: Complete, auditors: [Sergei], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#include "goblin_verifier.hpp"

#include "barretenberg/common/bb_bench.hpp"

#include "barretenberg/common/log.hpp"


namespace bb {


template <typename Curve>


typename GoblinVerifier_<Curve>::ReductionResult GoblinVerifier_<Curve>::reduce_to_pairing_check_and_ipa_opening()

{

    BB_BENCH_NAME("GoblinVerifier::reduce");

    // Step 1: Verify the merge proof

    MergeVerifier merge_verifier{ merge_settings, transcript };

    auto merge_result = merge_verifier.reduce_to_pairing_check(proof.merge_proof, merge_commitments);

    vinfo("Goblin: Merge reduced to pairing check successfully: ", merge_result.reduction_succeeded ? "true" : "false");


    if constexpr (!IsRecursive) {

        if (!merge_result.reduction_succeeded) {

            info("Goblin verification failed at Merge step");

            return ReductionResult();

        }

        if (!merge_result.pairing_points.check()) {

            info("Goblin verification failed at Merge pairing check");

            return ReductionResult();

        }

    }


    // Step 2: Verify the ECCVM proof

    ECCVMVerifier eccvm_verifier{ transcript, proof.eccvm_proof };

    auto eccvm_result = eccvm_verifier.reduce_to_ipa_opening();

    vinfo("Goblin: ECCVM reduced to IPA opening successfully: ", eccvm_result.reduction_succeeded ? "true" : "false");


    if constexpr (!IsRecursive) {

        if (!eccvm_result.reduction_succeeded) {

            info("Goblin verification failed at ECCVM step");

            return ReductionResult();

        }

    }


    // Get translation data from ECCVM verifier

    auto translator_input = eccvm_verifier.get_translator_input_data();


    // Step 3: Verify the Translator proof

    // - Pass `merged_table_commitments` as op queue wire commitments to bind Translator and Merge to the same op_queue

    // - `accumulated_result` and corresponding challenges ensure non-native computation matches ECCVM's native result

    TranslatorVerifier translator_verifier{ transcript,

                                            proof.translator_proof,

                                            translator_input.evaluation_challenge_x,

                                            translator_input.batching_challenge_v,

                                            translator_input.accumulated_result,

                                            merge_result.merged_commitments };

    auto translator_result = translator_verifier.reduce_to_pairing_check();

    vinfo("Goblin: Translator reduced to pairing check successfully: ",

          translator_result.reduction_succeeded ? "true" : "false");


    if constexpr (!IsRecursive) {

        if (!translator_result.reduction_succeeded) {

            info("Goblin verification failed at Translator step");

            return ReductionResult();

        }


        if (!translator_result.pairing_points.check()) {

            info("Goblin verification failed at Translator pairing check");

            return ReductionResult();

        }

    }


    // Combine all check results

    // Recursive: must evaluate all booleans (circuit structure must be fixed)

    // Native: redundant check (already returned early on failure), but kept for consistency

    bool all_checks_passed =

        merge_result.reduction_succeeded && eccvm_result.reduction_succeeded && translator_result.reduction_succeeded;


    // Warning: `all_checks_passed` always excludes IPA verification (deferred in both modes).

    // Native mode: pairing checks already performed above (fail-fast), included in all_checks_passed

    // Recursive mode: pairing checks deferred, excluded from all_checks_passed (for in-circuit batching)

    // In recursive mode, boolean flags are for circuit structure only (not actual verification).

    // Note: Pairing points are NOT aggregated here - caller should use aggregate_multiple for efficiency

    ReductionResult result{ .merge_pairing_points = std::move(merge_result.pairing_points),

                            .translator_pairing_points = std::move(translator_result.pairing_points),

                            .ipa_claim = std::move(eccvm_result.ipa_claim),

                            .ipa_proof = proof.ipa_proof,

                            .all_checks_passed = all_checks_passed };


    return result;

}


// Explicit instantiations

template class GoblinVerifier_<curve::BN254>;

template class GoblinVerifier_<stdlib::bn254<UltraCircuitBuilder>>;


} // namespace bb

bb_bench.hpp

BB_BENCH_NAME
#define BB_BENCH_NAME(name)
Definition bb_bench.hpp:225

bb::ECCVMVerifier_
Unified ECCVM verifier class for both native and recursive verification.
Definition eccvm_verifier.hpp:19

bb::ECCVMVerifier_::reduce_to_ipa_opening
ReductionResult reduce_to_ipa_opening()
Reduce the ECCVM proof to an IPA opening claim.
Definition eccvm_verifier.cpp:21

bb::GoblinVerifier_
Unified Goblin verifier for both native and recursive verification.
Definition goblin_verifier.hpp:33

bb::GoblinVerifier_::reduce_to_pairing_check_and_ipa_opening
ReductionResult reduce_to_pairing_check_and_ipa_opening()
Reduce Goblin proof to pairing check and IPA opening claim.
Definition goblin_verifier.cpp:19

bb::MergeVerifier_
Unified verifier class for the Goblin ECC op queue transcript merge protocol.
Definition merge_verifier.hpp:23

bb::MergeVerifier_::reduce_to_pairing_check
ReductionResult reduce_to_pairing_check(const Proof &proof, const InputCommitments &input_commitments)
Reduce the merge proof to a pairing check.
Definition merge_verifier.cpp:115

bb::TranslatorVerifier_
Translator verifier class that verifies the proof of the Translator circuit.
Definition translator_verifier.hpp:23

bb::TranslatorVerifier_::batching_challenge_v
BF batching_challenge_v
Definition translator_verifier.hpp:132

log.hpp

info
#define info(...)
Definition log.hpp:93

vinfo
#define vinfo(...)
Definition log.hpp:94

goblin_verifier.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bb::GoblinVerifier_::ReductionResult
Result of Goblin verification with mode-specific semantics.
Definition goblin_verifier.hpp:55

bb::GoblinVerifier_::ReductionResult::merge_pairing_points
PairingPoints merge_pairing_points
Definition goblin_verifier.hpp:60