Barretenberg: src/barretenberg/commitment_schemes/utils/mock_witness_generator.hpp Source File

#pragma once


#include "barretenberg/commitment_schemes/commitment_key.hpp"

#include "barretenberg/commitment_schemes/gemini/gemini.hpp"

#include "barretenberg/commitment_schemes/shplonk/shplemini.hpp"

#include "barretenberg/commitment_schemes/utils/test_utils.hpp"

#include "barretenberg/ecc/curves/bn254/bn254.hpp"

#include "barretenberg/polynomials/polynomial.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb {


template <typename Curve> struct MockClaimGenerator {

  public:

    using CommitmentKey = bb::CommitmentKey<Curve>;

    using Fr = typename Curve::ScalarField;

    using Commitment = typename Curve::AffineElement;

    using Polynomial = bb::Polynomial<Fr>;

    using PolynomialBatcher = bb::GeminiProver_<Curve>::PolynomialBatcher;

    using ClaimBatcher = ClaimBatcher_<Curve>;

    using ClaimBatch = ClaimBatcher::Batch;


    CommitmentKey ck;


    struct ClaimData {

        std::vector<Polynomial> polys;

        std::vector<Commitment> commitments;

        std::vector<Fr> evals;

    };


    ClaimData unshifted;

    ClaimData to_be_shifted;


    std::vector<Fr> const_size_mle_opening_point;


    PolynomialBatcher polynomial_batcher;

    ClaimBatcher claim_batcher;


    // Containers for mock Sumcheck data

    std::vector<bb::Polynomial<Fr>> round_univariates;

    std::vector<Commitment> sumcheck_commitments;

    std::vector<std::array<Fr, 3>> sumcheck_evaluations;


    MockClaimGenerator(const size_t poly_size,

                       const size_t num_polynomials,

                       const size_t num_to_be_shifted,

                       const std::vector<Fr>& mle_opening_point,

                       const CommitmentKey& commitment_key)


        : ck(commitment_key) // Initialize the commitment key

        , polynomial_batcher(poly_size)


    {

        size_t log_size = numeric::get_msb(poly_size);

        // If the size of the opening point is bigger than the log of the poly size, we assume that the prover is

        // extending all of its polynomials by zero outside of the hypercube of size 2^{log_size}.

        bool has_virtual_rounds = (mle_opening_point.size() > log_size);


        std::span<const Fr> challenge;


        if (has_virtual_rounds) {

            // The evaluation on the full domain can be obtain by scaling by extension-by-zero factor `ebz_factor`

            // computed below.

            challenge = std::span<const Fr>(mle_opening_point).subspan(0, log_size);

        } else {

            challenge = std::span<const Fr>(mle_opening_point);

        }


        BB_ASSERT_GTE(num_polynomials, num_to_be_shifted);

        const size_t num_not_to_be_shifted = num_polynomials - num_to_be_shifted;


        Fr ebz_factor = 1;


        for (size_t idx = log_size; idx < mle_opening_point.size(); idx++) {

            ebz_factor *= (Fr(1) - mle_opening_point[idx]);

        }


        // Construct claim data for polynomials that are NOT to be shifted

        for (size_t idx = 0; idx < num_not_to_be_shifted; idx++) {

            Polynomial poly = Polynomial::random(poly_size);

            unshifted.commitments.push_back(ck.commit(poly));

            unshifted.evals.push_back(poly.evaluate_mle(challenge) * ebz_factor);

            unshifted.polys.push_back(std::move(poly));

        }


        // Construct claim data for polynomials that are to-be-shifted

        for (size_t idx = 0; idx < num_to_be_shifted; idx++) {

            Polynomial poly = Polynomial::random(poly_size, /*shiftable*/ 1);

            Commitment commitment = ck.commit(poly);

            to_be_shifted.commitments.push_back(commitment);

            to_be_shifted.evals.push_back(poly.shifted().evaluate_mle(challenge) * ebz_factor);

            to_be_shifted.polys.push_back(poly.share());

            // Populate the unshifted counterpart in the unshifted claims

            unshifted.commitments.push_back(commitment);

            unshifted.evals.push_back(poly.evaluate_mle(challenge) * ebz_factor);

            unshifted.polys.push_back(std::move(poly));

        }


        polynomial_batcher.set_unshifted(RefVector(unshifted.polys));

        polynomial_batcher.set_to_be_shifted_by_one(RefVector(to_be_shifted.polys));


        claim_batcher =

            ClaimBatcher{ .unshifted = ClaimBatch{ RefVector(unshifted.commitments), RefVector(unshifted.evals) },

                          .shifted =

                              ClaimBatch{ RefVector(to_be_shifted.commitments), RefVector(to_be_shifted.evals) } };

    }


    // Generate zero polynomials to test edge cases in PCS


    MockClaimGenerator(const size_t n, const size_t num_zero_polynomials)

        : polynomial_batcher(n)

    {

        for (size_t idx = 0; idx < num_zero_polynomials; idx++) {

            unshifted.polys.emplace_back(n);

            unshifted.commitments.push_back(Commitment::infinity());

            unshifted.evals.push_back(Fr(0));

        }


        polynomial_batcher.set_unshifted(RefVector(unshifted.polys));


        claim_batcher =

            ClaimBatcher{ .unshifted = ClaimBatch{ RefVector(unshifted.commitments), RefVector(unshifted.evals) } };

    }


    // Generates mock claims by using the custom polynomials provided as input instead of random polynomials. Used for

    // the high degree attack tests.


    MockClaimGenerator(const size_t poly_size,

                       const std::vector<Polynomial> custom_unshifted,

                       const std::vector<Fr>& custom_unshifted_evals,

                       const CommitmentKey& commitment_key)


        : ck(commitment_key)

        , polynomial_batcher(poly_size)

    {


        //  ---------- Unshifted ----------

        for (size_t i = 0; i < custom_unshifted.size(); ++i) {

            auto& p = custom_unshifted[i];

            unshifted.commitments.push_back(ck.commit(p));

            unshifted.evals.push_back(custom_unshifted_evals[i]);

            unshifted.polys.push_back(std::move(p));

        }


        polynomial_batcher.set_unshifted(RefVector(unshifted.polys));


        claim_batcher =

            ClaimBatcher{ .unshifted = ClaimBatch{ RefVector(unshifted.commitments), RefVector(unshifted.evals) } };

    }


    template <typename Flavor>


    void compute_sumcheck_opening_data(const size_t log_n,

                                       const size_t sumcheck_univariate_length,

                                       std::vector<Fr>& challenge,

                                       const CommitmentKey& ck)

    {

        // Generate valid sumcheck polynomials of given length

        auto mock_sumcheck_polynomials = ZKSumcheckData<Flavor>(log_n, sumcheck_univariate_length);


        for (size_t idx = 0; idx < log_n; idx++) {

            bb::Polynomial<Fr> round_univariate = mock_sumcheck_polynomials.libra_univariates[idx];


            round_univariate.at(0) += mock_sumcheck_polynomials.libra_running_sum;


            sumcheck_commitments.push_back(ck.commit(round_univariate));


            sumcheck_evaluations.push_back({ round_univariate.at(0),

                                             round_univariate.evaluate(Fr(1)),

                                             round_univariate.evaluate(challenge[idx]) });


            mock_sumcheck_polynomials.update_zk_sumcheck_data(challenge[idx], idx);

            round_univariates.push_back(round_univariate);

        }

    }


};


} // namespace bb

BB_ASSERT_GTE
#define BB_ASSERT_GTE(left, right,...)
Definition assert.hpp:128

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35

bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:73

bb::GeminiProver_::PolynomialBatcher
Class responsible for computation of the batched multilinear polynomials required by the Gemini proto...
Definition gemini.hpp:125

bb::GeminiProver_::PolynomialBatcher::set_to_be_shifted_by_one
void set_to_be_shifted_by_one(RefVector< Polynomial > polynomials)
Definition gemini.hpp:149

bb::GeminiProver_::PolynomialBatcher::set_unshifted
void set_unshifted(RefVector< Polynomial > polynomials)
Definition gemini.hpp:148

bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75

bb::Polynomial::shifted
Polynomial shifted() const
Returns a Polynomial the left-shift of self.
Definition polynomial.cpp:270

bb::Polynomial::random
static Polynomial random(size_t size, size_t start_index=0)
Definition polynomial.hpp:288

bb::Polynomial::evaluate
Fr evaluate(const Fr &z) const
Definition polynomial.cpp:187

bb::Polynomial::evaluate_mle
Fr evaluate_mle(std::span< const Fr > evaluation_points, bool shift=false) const
evaluate multi-linear extension p(X_0,…,X_{n-1}) = \sum_i a_i*L_i(X_0,…,X_{n-1}) at u = (u_0,...
Definition polynomial.cpp:198

bb::Polynomial::share
Polynomial share() const
Definition polynomial.cpp:146

bb::Polynomial::at
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
Definition polynomial.hpp:282

bb::RefVector
A template class for a reference vector. Behaves as if std::vector<T&> was possible.
Definition ref_vector.hpp:24

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:65

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:61

commitment_key.hpp

test_utils.hpp

bn254.hpp

gemini.hpp

bb::numeric::get_msb
constexpr T get_msb(const T in)
Definition get_msb.hpp:49

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomial.hpp

shplemini.hpp

bb::ClaimBatcher_::Batch
Definition claim_batcher.hpp:30

bb::ClaimBatcher_
Logic to support batching opening claims for unshifted and shifted polynomials in Shplemini.
Definition claim_batcher.hpp:26

bb::ClaimBatcher_::unshifted
std::optional< Batch > unshifted
Definition claim_batcher.hpp:37

bb::MockClaimGenerator::ClaimData
Definition mock_witness_generator.hpp:29

bb::MockClaimGenerator::ClaimData::commitments
std::vector< Commitment > commitments
Definition mock_witness_generator.hpp:31

bb::MockClaimGenerator::ClaimData::polys
std::vector< Polynomial > polys
Definition mock_witness_generator.hpp:30

bb::MockClaimGenerator::ClaimData::evals
std::vector< Fr > evals
Definition mock_witness_generator.hpp:32

bb::MockClaimGenerator
Constructs random polynomials, computes commitments and corresponding evaluations.
Definition mock_witness_generator.hpp:17

bb::MockClaimGenerator::to_be_shifted
ClaimData to_be_shifted
Definition mock_witness_generator.hpp:36

bb::MockClaimGenerator::MockClaimGenerator
MockClaimGenerator(const size_t poly_size, const size_t num_polynomials, const size_t num_to_be_shifted, const std::vector< Fr > &mle_opening_point, const CommitmentKey &commitment_key)
Construct claim data for a set of random polynomials with the specified type.
Definition mock_witness_generator.hpp:59

bb::MockClaimGenerator::round_univariates
std::vector< bb::Polynomial< Fr > > round_univariates
Definition mock_witness_generator.hpp:44

bb::MockClaimGenerator::unshifted
ClaimData unshifted
Definition mock_witness_generator.hpp:35

bb::MockClaimGenerator::const_size_mle_opening_point
std::vector< Fr > const_size_mle_opening_point
Definition mock_witness_generator.hpp:38

bb::MockClaimGenerator::sumcheck_commitments
std::vector< Commitment > sumcheck_commitments
Definition mock_witness_generator.hpp:45

bb::MockClaimGenerator::claim_batcher
ClaimBatcher claim_batcher
Definition mock_witness_generator.hpp:41

bb::MockClaimGenerator::sumcheck_evaluations
std::vector< std::array< Fr, 3 > > sumcheck_evaluations
Definition mock_witness_generator.hpp:46

bb::MockClaimGenerator::Commitment
typename Curve::AffineElement Commitment
Definition mock_witness_generator.hpp:21

bb::MockClaimGenerator::MockClaimGenerator
MockClaimGenerator(const size_t poly_size, const std::vector< Polynomial > custom_unshifted, const std::vector< Fr > &custom_unshifted_evals, const CommitmentKey &commitment_key)
Definition mock_witness_generator.hpp:141

bb::MockClaimGenerator::polynomial_batcher
PolynomialBatcher polynomial_batcher
Definition mock_witness_generator.hpp:40

bb::MockClaimGenerator::Fr
typename Curve::ScalarField Fr
Definition mock_witness_generator.hpp:20

bb::MockClaimGenerator::ck
CommitmentKey ck
Definition mock_witness_generator.hpp:27

bb::MockClaimGenerator::MockClaimGenerator
MockClaimGenerator(const size_t n, const size_t num_zero_polynomials)
Definition mock_witness_generator.hpp:124

bb::MockClaimGenerator::compute_sumcheck_opening_data
void compute_sumcheck_opening_data(const size_t log_n, const size_t sumcheck_univariate_length, std::vector< Fr > &challenge, const CommitmentKey &ck)
Definition mock_witness_generator.hpp:165

bb::ZKSumcheckData
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
Definition zk_sumcheck_data.hpp:22

transcript.hpp