Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ipa_recursive.test.cpp
Go to the documentation of this file.
1
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/commitment_schemes/ipa/ipa.hpp"
4#include "barretenberg/commitment_schemes/pcs_test_utils.hpp"
5#include "barretenberg/commitment_schemes/shplonk/shplemini.hpp"
6#include "barretenberg/stdlib/eccvm_verifier/verifier_commitment_key.hpp"
7#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"
8#include "barretenberg/stdlib/primitives/pairing_points.hpp"
9#include "barretenberg/stdlib/proof/proof.hpp"
10#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
11#include "barretenberg/transcript/transcript.hpp"
12#include "barretenberg/ultra_honk/prover_instance.hpp"
13
14using namespace bb;
15
16namespace {
17using NativeCurve = curve::Grumpkin;
18using Builder = UltraCircuitBuilder;
19using Curve = stdlib::grumpkin<Builder>;
20
21class IPARecursiveTests : public CommitmentTest<NativeCurve> {
22 public:
23 using Fr = typename NativeCurve::ScalarField;
24 using GroupElement = typename NativeCurve::Element;
25 using CK = CommitmentKey<NativeCurve>;
26 using VK = VerifierCommitmentKey<NativeCurve>;
27 using Polynomial = bb::Polynomial<Fr>;
28 using Commitment = typename NativeCurve::AffineElement;
29 using StdlibProof = bb::stdlib::Proof<Builder>;
30
31 using StdlibTranscript = UltraStdlibTranscript;
32 // `FailureMode::None` corresponds to a normal, completeness test. The other cases are legitimate failure modes,
33 // where the test should fail. As neither `a_0` nor `G_0` are hashed, the corresponding variants will not fail for
34 // Fiat-Shamir reasons. The last failure mode is: we send an OpeningClaim to the hash buffer, then
35 // we have the prover run the IPA process with a _different polynomial_.
36 enum class FailureMode : std::uint8_t { None, A_Zero, G_Zero, ChangePoly };
37
53 template <size_t log_poly_length>
54 std::pair<std::shared_ptr<StdlibTranscript>, OpeningClaim<Curve>> create_ipa_claim(
55 Builder& builder, Polynomial& poly, Fr x, FailureMode failure_mode = FailureMode::None)
56 {
57 using NativeIPA = IPA<NativeCurve, log_poly_length>;
58 EXPECT_EQ(1UL << log_poly_length, poly.size());
59 Commitment commitment = this->commit(poly);
60 auto eval = poly.evaluate(x);
61
62 const OpeningPair<NativeCurve> opening_pair = { x, eval };
63 const OpeningClaim<NativeCurve> opening_claim{ opening_pair, commitment };
64 const ProverOpeningClaim<NativeCurve> prover_claim{ poly, opening_pair };
65 // initialize empty prover transcript
66 auto prover_transcript = std::make_shared<NativeTranscript>();
67 using DataType = NativeTranscript::DataType;
68 std::vector<DataType> proof;
69 // Export proof
70 switch (failure_mode) {
71 case FailureMode::None:
72 // Normal operation
73 NativeIPA::compute_opening_proof(this->ck(), prover_claim, prover_transcript);
74 proof = prover_transcript->export_proof();
75 break;
76 case FailureMode::A_Zero:
77 NativeIPA::compute_opening_proof(this->ck(), prover_claim, prover_transcript);
78 proof = prover_transcript->export_proof();
79 // Multiply the last element of the proof, what the prover sends as a_0, by 3
80 proof.back() *= 3;
81 break;
82 case FailureMode::G_Zero: {
83 NativeIPA::compute_opening_proof(this->ck(), prover_claim, prover_transcript);
84 proof = prover_transcript->export_proof();
85 // Multiply the second to last element of the proof, what the prover sends as G_0, by 2.
86 const size_t comm_frs = 2; // an affine Grumpkin point requires 2 Fr elements to represent.
87 const size_t offset = log_poly_length * 2 * comm_frs; // we first send the L_i and R_i, then G_0.
88 auto element_frs = std::span{ proof }.subspan(offset, comm_frs);
89
90 Commitment op_commitment = NativeTranscript::template deserialize<Commitment>(element_frs);
91 Commitment new_op_commitment = op_commitment + op_commitment;
92 auto new_op_commitment_reserialized = NativeTranscript::serialize(new_op_commitment);
93 std::copy(new_op_commitment_reserialized.begin(),
94 new_op_commitment_reserialized.end(),
95 proof.begin() + static_cast<std::ptrdiff_t>(offset));
96 break;
97 }
98 case FailureMode::ChangePoly:
99 // instead of calling compute_opening_proof, we first add the prover claim to the hash buffer, then we run
100 // IPA with a _new_ polynomial.
101 NativeIPA::add_claim_to_hash_buffer(this->ck(), prover_claim, prover_transcript);
102 // generate a new polynomial evaluation claim.
103 auto [new_poly, new_x] = generate_poly_and_challenge<log_poly_length>();
104 auto new_eval = new_poly.evaluate(new_x);
105
106 const OpeningPair<NativeCurve> new_opening_pair = { new_x, new_eval };
107 const ProverOpeningClaim<NativeCurve> new_prover_claim{ new_poly, new_opening_pair };
108 NativeIPA::compute_opening_proof_internal(this->ck(), new_prover_claim, prover_transcript);
109 proof = prover_transcript->export_proof();
110 break;
111 }
112
113 // initialize verifier transcript from proof data
114 auto verifier_transcript = std::make_shared<NativeTranscript>(proof);
115 // run the native proof
116 auto result = NativeIPA::reduce_verify(this->vk(), opening_claim, verifier_transcript);
117
118 if (failure_mode == FailureMode::None) {
119 EXPECT_TRUE(result);
120 }
121
122 // Recursively verify the proof
123 auto stdlib_comm = Curve::Group::from_witness(&builder, commitment);
124 auto stdlib_x = Curve::ScalarField::from_witness(&builder, x);
125 auto stdlib_eval = Curve::ScalarField::from_witness(&builder, eval);
126 OpeningClaim<Curve> stdlib_opening_claim{ { stdlib_x, stdlib_eval }, stdlib_comm };
127
128 // Construct stdlib verifier transcript
129 auto recursive_verifier_transcript = std::make_shared<StdlibTranscript>(StdlibProof(builder, proof));
130 return { recursive_verifier_transcript, stdlib_opening_claim };
131 }
140 template <size_t log_poly_length>
141 Builder build_ipa_recursive_verifier_circuit(Polynomial& poly, Fr x, FailureMode failure_mode = FailureMode::None)
142 {
143 using RecursiveIPA = IPA<Curve, log_poly_length>;
144
145 Builder builder;
146 auto [stdlib_transcript, stdlib_claim] = create_ipa_claim<log_poly_length>(builder, poly, x, failure_mode);
147
148 RecursiveIPA::reduce_verify(stdlib_claim, stdlib_transcript);
149 stdlib::recursion::honk::DefaultIO<Builder>::add_default(builder);
150 builder.finalize_circuit(/*ensure_nonzero=*/true);
151 return builder;
152 }
153 // flag to determine what type of polynomial to generate
154 enum class PolyType : std::uint8_t { Random, ManyZeros, Sparse, Zero };
155
156 template <size_t log_poly_length>
157 std::tuple<Polynomial, Fr> generate_poly_and_challenge(PolyType poly_type = PolyType::Random)
158 {
159
160 static constexpr size_t poly_length = 1UL << log_poly_length;
161 Polynomial poly(poly_length);
162 switch (poly_type) {
163 case PolyType::Random:
164 poly = Polynomial::random(poly_length);
165 break;
166 case PolyType::ManyZeros:
167 poly = Polynomial::random(poly_length);
168 for (size_t i = 0; i < poly_length / 2; ++i) {
169 poly.at(i) = Fr::zero();
170 }
171 break;
172 case PolyType::Sparse:
173 // set a few coefficients to be non-zero
174 for (size_t i = 0; i < std::min<size_t>(100, poly_length / 2); ++i) {
175 size_t idx = static_cast<size_t>(this->engine->get_random_uint64() % poly_length);
176 poly.at(idx) = this->random_element();
177 }
178 break;
179 case PolyType::Zero:
180 break;
181 }
182 auto x = this->random_element();
183 return { poly, x };
184 }
185
190 template <size_t log_poly_length>
191 void test_recursive_ipa(Polynomial& poly, Fr x, FailureMode failure_mode = FailureMode::None)
192 {
193 BB_DISABLE_ASSERTS();
194 Builder builder(build_ipa_recursive_verifier_circuit<log_poly_length>(poly, x, failure_mode));
195 info("IPA Recursive Verifier num finalized gates = ", builder.get_num_finalized_gates());
196 if (failure_mode == FailureMode::None) {
197 EXPECT_TRUE(CircuitChecker::check(builder));
198 } else {
199 EXPECT_FALSE(CircuitChecker::check(builder));
200 }
201 }
202
209 template <size_t log_poly_length> void test_accumulation(Polynomial& poly1, Polynomial& poly2, Fr x1, Fr x2)
210 {
211 using NativeIPA = IPA<NativeCurve, log_poly_length>;
212 using RecursiveIPA = IPA<Curve, log_poly_length>;
213
214 // We create a circuit that does two IPA verifications. However, we don't do the full verifications and instead
215 // accumulate the claims into one claim. This accumulation is done in circuit. Create two accumulators, which
216 // contain the commitment and an opening claim.
217 Builder builder;
218 auto [transcript_1, claim_1] = create_ipa_claim<log_poly_length>(builder, poly1, x1);
219 auto [transcript_2, claim_2] = create_ipa_claim<log_poly_length>(builder, poly2, x2);
220
221 // Creates two IPA accumulators and accumulators from the two claims. Also constructs the accumulated h
222 // polynomial.
223 auto [output_claim, ipa_proof] =
224 RecursiveIPA::accumulate(this->ck(), transcript_1, claim_1, transcript_2, claim_2);
225 output_claim.set_public();
226 builder.ipa_proof = ipa_proof;
227 builder.finalize_circuit(/*ensure_nonzero=*/false);
228 info("Circuit with 2 IPA Recursive Verifiers and IPA Accumulation num finalized gates = ",
229 builder.get_num_finalized_gates());
230
231 EXPECT_TRUE(CircuitChecker::check(builder));
232
233 const OpeningPair<NativeCurve> opening_pair{ bb::fq(output_claim.opening_pair.challenge.get_value()),
234 bb::fq(output_claim.opening_pair.evaluation.get_value()) };
235 Commitment native_comm = output_claim.commitment.get_value();
236 const OpeningClaim<NativeCurve> opening_claim{ opening_pair, native_comm };
237
238 // Natively verify this proof to check it.
239 auto verifier_transcript = std::make_shared<NativeTranscript>(ipa_proof);
240
241 auto result = NativeIPA::reduce_verify(this->vk(), opening_claim, verifier_transcript);
242 EXPECT_TRUE(result);
243 }
244};
245} // namespace
246
247#define IPA_TEST
248
252TEST_F(IPARecursiveTests, RecursiveSmallSparse)
253{
254 static constexpr size_t log_poly_length = 2;
255 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::ManyZeros);
256 test_recursive_ipa<log_poly_length>(poly, x);
257}
258
262TEST_F(IPARecursiveTests, RecursiveMediumManyZeros)
263{
264 static constexpr size_t log_poly_length = 10;
265 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::Sparse);
266 test_recursive_ipa<log_poly_length>(poly, x);
267}
268
269TEST_F(IPARecursiveTests, RecursiveMediumZeroPoly)
270{
271 static constexpr size_t log_poly_length = 10;
272 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::Zero);
273 test_recursive_ipa<log_poly_length>(poly, x);
274}
275
276TEST_F(IPARecursiveTests, RecursiveMediumZeroChallenge)
277{
278 static constexpr size_t log_poly_length = 10;
279 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::Random);
280 test_recursive_ipa<log_poly_length>(poly, Fr::zero());
281}
282
283TEST_F(IPARecursiveTests, RecursiveMediumZeroEvaluation)
284{
285 static constexpr size_t log_poly_length = 10;
286 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::Random);
287 auto initial_evaluation = poly.evaluate(x);
288 poly.at(1) -= initial_evaluation / x;
289 test_recursive_ipa<log_poly_length>(poly, x);
290}
291
295TEST_F(IPARecursiveTests, RecursiveLargeRandom)
296{
297 static constexpr size_t log_poly_length = CONST_ECCVM_LOG_N;
298 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::Random);
299 test_recursive_ipa<log_poly_length>(poly, x);
300}
301
306TEST_F(IPARecursiveTests, RecursiveMediumRandomFailure)
307{
308 static constexpr size_t log_poly_length = 10;
309 auto [poly, x] = generate_poly_and_challenge<log_poly_length>(PolyType::Random);
310 test_recursive_ipa<log_poly_length>(poly, x, FailureMode::A_Zero);
311 test_recursive_ipa<log_poly_length>(poly, x, FailureMode::G_Zero);
312 test_recursive_ipa<log_poly_length>(poly, x, FailureMode::ChangePoly);
313}
314
318TEST_F(IPARecursiveTests, AccumulateSmallRandom)
319{
320 static constexpr size_t log_poly_length = 2;
321 auto [poly1, x1] = generate_poly_and_challenge<log_poly_length>(PolyType::Random);
322 auto [poly2, x2] = generate_poly_and_challenge<log_poly_length>(PolyType::Random);
323 test_accumulation<log_poly_length>(poly1, poly2, x1, x2);
324}
325
329TEST_F(IPARecursiveTests, AccumulateMediumRandom)
330{
331 static constexpr size_t log_poly_length = 10;
332 auto [poly1, x1] = generate_poly_and_challenge<log_poly_length>();
333 auto [poly2, x2] = generate_poly_and_challenge<log_poly_length>();
334 test_accumulation<log_poly_length>(poly1, poly2, x1, x2);
335}
336TEST_F(IPARecursiveTests, AccumulateMediumFirstZeroPoly)
337{
338 static constexpr size_t log_poly_length = 10;
339 static constexpr size_t poly_length = 1UL << log_poly_length;
340 Polynomial poly1(poly_length);
341 auto x1 = this->random_element();
342 auto [poly2, x2] = generate_poly_and_challenge<log_poly_length>();
343 test_accumulation<log_poly_length>(poly1, poly2, x1, x2);
344}
345TEST_F(IPARecursiveTests, AccumulateMediumBothZeroPoly)
346{
347 static constexpr size_t log_poly_length = 10;
348 static constexpr size_t poly_length = 1UL << log_poly_length;
349 Polynomial poly1(poly_length);
350 Polynomial poly2(poly_length);
351 auto x1 = this->random_element();
352 auto x2 = this->random_element();
353 test_accumulation<log_poly_length>(poly1, poly2, x1, x2);
354}
355TEST_F(IPARecursiveTests, AccumulateMediumSparseManyZeros)
356{
357 static constexpr size_t log_poly_length = 10;
358 auto [poly1, x1] = generate_poly_and_challenge<log_poly_length>(PolyType::Sparse);
359 auto [poly2, x2] = generate_poly_and_challenge<log_poly_length>(PolyType::ManyZeros);
360 test_accumulation<log_poly_length>(poly1, poly2, x1, x2);
361}
362
363TEST_F(IPARecursiveTests, FullRecursiveVerifierMediumZeroPoly)
364{
365
366 static constexpr size_t log_poly_length = 10;
367 static constexpr size_t poly_length = 1UL << log_poly_length;
368 using RecursiveIPA = IPA<Curve, log_poly_length>;
369
370 Builder builder;
371 Polynomial poly(poly_length);
372 auto x = this->random_element();
373 auto [stdlib_transcript, stdlib_claim] = create_ipa_claim<log_poly_length>(builder, poly, x);
374
375 VerifierCommitmentKey<Curve> stdlib_pcs_vkey(&builder, poly_length, this->vk());
376 auto result = RecursiveIPA::full_verify_recursive(stdlib_pcs_vkey, stdlib_claim, stdlib_transcript);
377 EXPECT_TRUE(result);
378 builder.finalize_circuit(/*ensure_nonzero=*/true);
379 info("Full IPA Recursive Verifier num finalized gates for length ",
380 1UL << log_poly_length,
381 " = ",
382 builder.get_num_finalized_gates());
383 EXPECT_TRUE(CircuitChecker::check(builder));
384}
385
386TEST_F(IPARecursiveTests, FullRecursiveVerifierMediumRandom)
387{
388
389 static constexpr size_t log_poly_length = 10;
390 static constexpr size_t poly_length = 1UL << log_poly_length;
391 using RecursiveIPA = IPA<Curve, log_poly_length>;
392
393 Builder builder;
394 auto [poly, x] = generate_poly_and_challenge<log_poly_length>();
395 auto [stdlib_transcript, stdlib_claim] = create_ipa_claim<log_poly_length>(builder, poly, x);
396
397 VerifierCommitmentKey<Curve> stdlib_pcs_vkey(&builder, poly_length, this->vk());
398 auto result = RecursiveIPA::full_verify_recursive(stdlib_pcs_vkey, stdlib_claim, stdlib_transcript);
399 EXPECT_TRUE(result);
400 builder.finalize_circuit(/*ensure_nonzero=*/true);
401 info("Full IPA Recursive Verifier num finalized gates for length ",
402 1UL << log_poly_length,
403 " = ",
404 builder.get_num_finalized_gates());
405 EXPECT_TRUE(CircuitChecker::check(builder));
406}
407
408TEST_F(IPARecursiveTests, AccumulationAndFullRecursiveVerifierMediumRandom)
409{
410 static constexpr size_t log_poly_length = 10;
411
412 using RecursiveIPA = IPA<Curve, log_poly_length>;
413
414 // We create a circuit that does two IPA verifications. However, we don't do the full verifications and instead
415 // accumulate the claims into one claim. This accumulation is done in circuit. Create two accumulators, which
416 // contain the commitment and an opening claim.
417 Builder builder;
418
419 auto [poly1, x1] = generate_poly_and_challenge<log_poly_length>();
420 auto [poly2, x2] = generate_poly_and_challenge<log_poly_length>();
421
422 auto [transcript_1, claim_1] = create_ipa_claim<log_poly_length>(builder, poly1, x1);
423 auto [transcript_2, claim_2] = create_ipa_claim<log_poly_length>(builder, poly2, x2);
424
425 // Creates two IPA accumulators and accumulators from the two claims. Also constructs the accumulated h
426 // polynomial.
427 auto [output_claim, ipa_proof] = RecursiveIPA::accumulate(this->ck(), transcript_1, claim_1, transcript_2, claim_2);
428 output_claim.set_public();
429 builder.ipa_proof = ipa_proof;
430 builder.finalize_circuit(/*ensure_nonzero=*/false);
431 info("Circuit with 2 IPA Recursive Verifiers and IPA Accumulation num finalized gates = ",
432 builder.get_num_finalized_gates());
433
434 EXPECT_TRUE(CircuitChecker::check(builder));
435
436 Builder root_rollup;
437 // Fully recursively verify this proof to check it.
438 VerifierCommitmentKey<Curve> stdlib_pcs_vkey(&root_rollup, 1UL << log_poly_length, this->vk());
439 auto stdlib_verifier_transcript = std::make_shared<StdlibTranscript>(StdlibProof(root_rollup, ipa_proof));
440 OpeningClaim<Curve> ipa_claim;
441 ipa_claim.opening_pair.challenge =
442 Curve::ScalarField::create_from_u512_as_witness(&root_rollup, output_claim.opening_pair.challenge.get_value());
443 ipa_claim.opening_pair.evaluation =
444 Curve::ScalarField::create_from_u512_as_witness(&root_rollup, output_claim.opening_pair.evaluation.get_value());
445 ipa_claim.commitment = Curve::AffineElement::from_witness(&root_rollup, output_claim.commitment.get_value());
446 auto result = RecursiveIPA::full_verify_recursive(stdlib_pcs_vkey, ipa_claim, stdlib_verifier_transcript);
447 root_rollup.finalize_circuit(/*ensure_nonzero=*/true);
448 EXPECT_TRUE(result);
449 info("Full IPA Recursive Verifier num finalized gates for length ",
450 1UL << log_poly_length,
451 " = ",
452 root_rollup.get_num_finalized_gates());
453}
BB_DISABLE_ASSERTS
#define BB_DISABLE_ASSERTS()
Definition assert.hpp:33
circuit_checker.hpp
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::BaseTranscript::DataType
typename Codec::DataType DataType
Definition transcript.hpp:45
bb::BaseTranscript::serialize
static std::vector< DataType > serialize(const T &element)
Definition transcript.hpp:423
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35
bb::CommitmentTest::commit
Commitment commit(const Polynomial &polynomial)
Definition pcs_test_utils.hpp:141
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:86
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:55
bb::OpeningClaim::opening_pair
OpeningPair< Curve > opening_pair
Definition claim.hpp:64
bb::OpeningClaim::commitment
Commitment commitment
Definition claim.hpp:66
bb::OpeningPair
Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v.
Definition claim.hpp:21
bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75
bb::Polynomial::random
static Polynomial random(size_t size, size_t start_index=0)
Definition polynomial.hpp:288
bb::Polynomial::evaluate
Fr evaluate(const Fr &z) const
Definition polynomial.cpp:187
bb::Polynomial::at
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
Definition polynomial.hpp:282
bb::Polynomial::size
std::size_t size() const
Definition polynomial.hpp:267
bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:36
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16
bb::curve::Grumpkin::Element
typename Group::element Element
Definition grumpkin.hpp:64
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:65
bb::numeric::RNG::get_random_uint64
virtual uint64_t get_random_uint64()=0
bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19
bb::stdlib::recursion::honk::DefaultIO::add_default
static void add_default(Builder &builder)
Add default public inputs when they are not present.
Definition special_public_inputs.hpp:200
info
#define info(...)
Definition log.hpp:93
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
SpecialScalarValue::Zero
@ Zero
InputConstancy::None
@ None
engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:285
offset
ssize_t offset
Definition engine.cpp:52
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::fq
field< Bn254FqParams > fq
Definition fq.hpp:153
bb::TEST_F
TEST_F(IPATest, ChallengesAreZero)
Definition ipa.test.cpp:155
bb::UltraStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< UltraCircuitBuilder > >, stdlib::poseidon2< UltraCircuitBuilder > > UltraStdlibTranscript
Definition transcript.hpp:503
bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:18
bb::ck
CommitmentKey< Curve > ck
Definition ipa.fuzzer.cpp:20
bb::vk
VerifierCommitmentKey< Curve > vk
Definition ipa.fuzzer.cpp:21
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
pcs_test_utils.hpp
prover_instance.hpp
pairing_points.hpp
special_public_inputs.hpp
bb::field< Bn254FrParams >::zero
static constexpr field zero()
Definition field_declarations.hpp:277
bb::stdlib::grumpkin
Curve grumpkin in circuit setting.
Definition grumpkin.hpp:21
verifier_commitment_key.hpp