Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
merge_prover.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "barretenberg/commitment_schemes/claim.hpp"
10#include "barretenberg/flavor/mega_flavor.hpp"
11#include "barretenberg/flavor/ultra_flavor.hpp"
12#include "barretenberg/honk/proof_system/types/proof.hpp"
13#include "barretenberg/op_queue/ecc_op_queue.hpp"
14#include "barretenberg/transcript/transcript.hpp"
15
16namespace bb {
17
22class MergeProver {
23 using Curve = curve::BN254;
24 using FF = Curve::ScalarField;
25 using Commitment = Curve::AffineElement;
26 using Polynomial = bb::Polynomial<FF>;
27 using CommitmentKey = bb::CommitmentKey<Curve>;
28 using PCS = KZG<Curve>;
29 using OpeningClaim = ProverOpeningClaim<Curve>;
30 using OpeningPair = bb::OpeningPair<Curve>;
31 using Transcript = NativeTranscript;
32
33 public:
34 using MergeProof = std::vector<FF>;
35
36 explicit MergeProver(const std::shared_ptr<ECCOpQueue>& op_queue,
37 std::shared_ptr<Transcript> transcript,
38 MergeSettings settings = MergeSettings::PREPEND);
39
40 BB_PROFILE MergeProof construct_proof();
41
42 // Public for test access (computing commitments)
43 CommitmentKey pcs_commitment_key;
44
45 private:
46 std::shared_ptr<Transcript> transcript;
47 std::shared_ptr<ECCOpQueue> op_queue;
48 MergeSettings settings;
49
50 static constexpr size_t NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES;
51 std::vector<std::string> labels_degree_check = { "LEFT_TABLE_DEGREE_CHECK_0",
52 "LEFT_TABLE_DEGREE_CHECK_1",
53 "LEFT_TABLE_DEGREE_CHECK_2",
54 "LEFT_TABLE_DEGREE_CHECK_3" };
55
56 std::vector<std::string> labels_shplonk_batching_challenges = {
57 "SHPLONK_MERGE_BATCHING_CHALLENGE_0", "SHPLONK_MERGE_BATCHING_CHALLENGE_1",
58 "SHPLONK_MERGE_BATCHING_CHALLENGE_2", "SHPLONK_MERGE_BATCHING_CHALLENGE_3",
59 "SHPLONK_MERGE_BATCHING_CHALLENGE_4", "SHPLONK_MERGE_BATCHING_CHALLENGE_5",
60 "SHPLONK_MERGE_BATCHING_CHALLENGE_6", "SHPLONK_MERGE_BATCHING_CHALLENGE_7",
61 "SHPLONK_MERGE_BATCHING_CHALLENGE_8", "SHPLONK_MERGE_BATCHING_CHALLENGE_9",
62 "SHPLONK_MERGE_BATCHING_CHALLENGE_10", "SHPLONK_MERGE_BATCHING_CHALLENGE_11",
63 "SHPLONK_MERGE_BATCHING_CHALLENGE_12"
64 };
65
78 static Polynomial compute_degree_check_polynomial(const std::array<Polynomial, NUM_WIRES>& left_table,
79 const std::vector<FF>& degree_check_challenges);
80
92 static Polynomial compute_shplonk_batched_quotient(const std::array<Polynomial, NUM_WIRES>& left_table,
93 const std::array<Polynomial, NUM_WIRES>& right_table,
94 const std::array<Polynomial, NUM_WIRES>& merged_table,
95 const std::vector<FF>& shplonk_batching_challenges,
96 const FF& kappa,
97 const FF& kappa_inv,
98 const Polynomial& reversed_batched_left_tables,
99 const std::vector<FF>& evals);
100
113 static OpeningClaim compute_shplonk_opening_claim(Polynomial& shplonk_batched_quotient,
114 const FF& shplonk_opening_challenge,
115 const std::array<Polynomial, NUM_WIRES>& left_table,
116 const std::array<Polynomial, NUM_WIRES>& right_table,
117 const std::array<Polynomial, NUM_WIRES>& merged_table,
118 const std::vector<FF>& shplonk_batching_challenges,
119 const FF& kappa,
120 const FF& kappa_inv,
121 Polynomial& reversed_batched_left_tables,
122 const std::vector<FF>& evals);
123};
124
125} // namespace bb
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35
bb::MergeProver
Prover class for the Goblin ECC op queue transcript merge protocol.
Definition merge_prover.hpp:22
bb::MergeProver::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition merge_prover.hpp:50
bb::MergeProver::Commitment
Curve::AffineElement Commitment
Definition merge_prover.hpp:25
bb::MergeProver::op_queue
std::shared_ptr< ECCOpQueue > op_queue
Definition merge_prover.hpp:47
bb::MergeProver::MergeProof
std::vector< FF > MergeProof
Definition merge_prover.hpp:34
bb::MergeProver::settings
MergeSettings settings
Definition merge_prover.hpp:48
bb::MergeProver::construct_proof
BB_PROFILE MergeProof construct_proof()
Prove proper construction of the aggregate Goblin ECC op queue polynomials T_j.
Definition merge_prover.cpp:154
bb::MergeProver::labels_degree_check
std::vector< std::string > labels_degree_check
Definition merge_prover.hpp:51
bb::MergeProver::compute_shplonk_opening_claim
static OpeningClaim compute_shplonk_opening_claim(Polynomial &shplonk_batched_quotient, const FF &shplonk_opening_challenge, const std::array< Polynomial, NUM_WIRES > &left_table, const std::array< Polynomial, NUM_WIRES > &right_table, const std::array< Polynomial, NUM_WIRES > &merged_table, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, Polynomial &reversed_batched_left_tables, const std::vector< FF > &evals)
Compute the partially evaluated Shplonk batched quotient and the resulting opening claim.
Definition merge_prover.cpp:93
bb::MergeProver::labels_shplonk_batching_challenges
std::vector< std::string > labels_shplonk_batching_challenges
Definition merge_prover.hpp:56
bb::MergeProver::transcript
std::shared_ptr< Transcript > transcript
Definition merge_prover.hpp:46
bb::MergeProver::pcs_commitment_key
CommitmentKey pcs_commitment_key
Definition merge_prover.hpp:43
bb::MergeProver::compute_shplonk_batched_quotient
static Polynomial compute_shplonk_batched_quotient(const std::array< Polynomial, NUM_WIRES > &left_table, const std::array< Polynomial, NUM_WIRES > &right_table, const std::array< Polynomial, NUM_WIRES > &merged_table, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, const Polynomial &reversed_batched_left_tables, const std::vector< FF > &evals)
Compute the batched Shplonk quotient polynomial.
Definition merge_prover.cpp:48
bb::MergeProver::compute_degree_check_polynomial
static Polynomial compute_degree_check_polynomial(const std::array< Polynomial, NUM_WIRES > &left_table, const std::vector< FF > &degree_check_challenges)
Compute the batched polynomial for the degree check.
Definition merge_prover.cpp:38
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:55
bb::OpeningPair
Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v.
Definition claim.hpp:21
bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:36
bb::curve::BN254::AffineElement
typename Group::affine_element AffineElement
Definition bn254.hpp:22
bb::curve::BN254::ScalarField
bb::fr ScalarField
Definition bn254.hpp:18
BB_PROFILE
#define BB_PROFILE
Definition compiler_hints.hpp:14
ecc_op_queue.hpp
proof.hpp
mega_flavor.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::MergeSettings
MergeSettings
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at t...
Definition ecc_ops_table.hpp:21
bb::NativeTranscript
BaseTranscript< FrCodec, bb::crypto::Poseidon2< bb::crypto::Poseidon2Bn254ScalarFieldParams > > NativeTranscript
Definition transcript.hpp:497
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
ultra_flavor.hpp