9#include <gtest/gtest.h>
22 template <
typename Curve>
28 auto srs =
ck.get_monomial_points();
31 result.reserve(count);
32 for (
size_t i = 1; i <= count; i++) {
33 result.emplace_back(Group::from_witness(
builder, srs[i]), Group::from_witness(
builder, -srs[i - 1]));
45 using Curve = TypeParam;
46 using Builder =
typename Curve::Builder;
50 auto pps = TestFixture::template create_valid_pairing_points<Curve>(&
builder, 1);
61 using Builder =
typename TypeParam::Builder;
62 static constexpr size_t NUM_GATES_ADDED = 8;
66 size_t num_gates =
builder.num_gates();
68 EXPECT_EQ(NUM_GATES_ADDED,
builder.num_gates() - num_gates)
69 <<
"There has been a change in the number of gates required to set default PairingPoints as public inputs.";
77 using Builder = TypeParam::Builder;
82 auto pp = PP::construct_default();
83 EXPECT_TRUE(pp.is_default());
89 EXPECT_TRUE(native_pp.
check()) <<
"Default PairingPoints are not valid pairing points.";
95 using Curve = TypeParam;
96 using Builder =
typename Curve::Builder;
101 auto pps = TestFixture::template create_valid_pairing_points<Curve>(&
builder, 2);
102 EXPECT_FALSE(pps[0].is_default());
103 EXPECT_FALSE(pps[1].is_default());
106 auto orig_P0 = pps[0].P0();
107 auto orig_P1 = pps[0].P1();
109 pps[0].aggregate(pps[1]);
110 EXPECT_FALSE(pps[0].is_default());
115 transcript.add_to_hash_buffer(
"Accumulator_P1", orig_P1);
116 transcript.add_to_hash_buffer(
"Aggregated_P0", pps[1].P0());
117 transcript.add_to_hash_buffer(
"Aggregated_P1", pps[1].P1());
118 auto r = transcript.template get_challenge<Fr>(
"recursion_separator");
121 Group expected_P0 = orig_P0 + pps[1].P0() * r;
122 Group expected_P1 = orig_P1 + pps[1].P1() * r;
124 EXPECT_EQ(pps[0].P0().get_value(), expected_P0.get_value());
125 EXPECT_EQ(pps[0].P1().get_value(), expected_P1.get_value());
133 using Curve = TypeParam;
134 using Builder =
typename Curve::Builder;
138 auto pps = TestFixture::template create_valid_pairing_points<Curve>(&
builder, 1);
142 EXPECT_FALSE(empty.is_populated());
143 EXPECT_FALSE(empty.is_default());
146 empty.aggregate(pps[0]);
147 EXPECT_TRUE(empty.is_populated());
148 EXPECT_FALSE(empty.is_default());
149 EXPECT_EQ(empty.P0().get_value(), pps[0].P0().get_value());
150 EXPECT_EQ(empty.P1().get_value(), pps[0].P1().get_value());
156 using Curve = TypeParam;
157 using Builder =
typename Curve::Builder;
163 auto pps = TestFixture::template create_valid_pairing_points<Curve>(&
builder, 3);
167 for (
size_t idx = 0; idx < 3; ++idx) {
169 transcript.add_to_hash_buffer(
"second_component_" +
std::to_string(idx), pps[idx].P1());
171 std::vector<std::string> labels = {
"pp_aggregation_challenge_1",
"pp_aggregation_challenge_2" };
172 auto challenges = transcript.template get_challenges<Fr>(labels);
175 Group expected_P0 = pps[0].P0() + pps[1].P0() * challenges[0] + pps[2].P0() * challenges[1];
176 Group expected_P1 = pps[0].P1() + pps[1].P1() * challenges[0] + pps[2].P1() * challenges[1];
179 PP aggregated = PP::aggregate_multiple(pp_vec);
181 EXPECT_FALSE(aggregated.is_default());
182 EXPECT_EQ(aggregated.P0().get_value(), expected_P0.get_value());
183 EXPECT_EQ(aggregated.P1().get_value(), expected_P1.get_value());
190 using Curve = TypeParam;
191 using Builder =
typename Curve::Builder;
199 PP original = PP::construct_default();
200 EXPECT_TRUE(original.is_populated());
203 uint32_t start_idx = original.set_public(&
builder);
206 std::vector<Fr> public_inputs;
207 for (uint32_t var_idx :
builder.public_inputs()) {
208 public_inputs.emplace_back(Fr::from_witness_index(&
builder, var_idx));
212 PP reconstructed = PublicPP::reconstruct(public_inputs,
PublicComponentKey{ start_idx });
213 EXPECT_TRUE(reconstructed.is_populated());
216 EXPECT_EQ(reconstructed.P0().get_value(), original.P0().get_value());
217 EXPECT_EQ(reconstructed.P1().get_value(), original.P1().get_value());
236 using Curve = TypeParam;
237 using Builder =
typename Curve::Builder;
241 using NativeFr =
typename Curve::ScalarFieldNative;
245 Fr scalar_one = Fr::from_witness(&
builder, NativeFr::random_element());
246 Fr scalar_two = Fr::from_witness(&
builder, NativeFr::random_element());
247 Group P0 = Group::batch_mul({ Group::one(&
builder) }, { scalar_one });
248 Group P1 = Group::batch_mul({ Group::one(&
builder) }, { scalar_two });
251 EXPECT_TRUE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
261 EXPECT_FALSE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
268 EXPECT_TRUE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
279 EXPECT_FALSE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
291 EXPECT_TRUE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
297 using Curve = TypeParam;
298 using Builder =
typename Curve::Builder;
302 using NativeFr =
typename Curve::ScalarFieldNative;
308 Fr scalar_one = Fr::from_witness(&
builder, NativeFr::random_element());
309 Fr scalar_two = Fr::from_witness(&
builder, NativeFr::random_element());
310 Group P0 = Group::batch_mul({ Group::one(&
builder) }, { scalar_one });
311 Group P1 = Group::batch_mul({ Group::one(&
builder) }, { scalar_two });
323 EXPECT_FALSE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
326 pp_one.aggregate(pp_two);
329 EXPECT_FALSE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
334 "Pairing points must all be aggregated together. Either no pairing points should be created, or "
335 "all created pairing points must be aggregated into a single pairing point. Found 2 different "
339 pp_one.aggregate(pp_three);
344 "Pairing points must be set to public in the circuit before constructing the ProverInstance.");
357 using Curve = TypeParam;
358 using Builder =
typename Curve::Builder;
363 using NativeFr = Curve::ScalarFieldNative;
367 Fr scalar_one = Fr::from_witness(&
builder, NativeFr::random_element());
368 Fr scalar_two = Fr::from_witness(&
builder, NativeFr::random_element());
369 Group P0 = Group::batch_mul({ Group::one(&
builder) }, { scalar_one });
370 Group P1 = Group::batch_mul({ Group::one(&
builder) }, { scalar_two });
376 EXPECT_TRUE(
builder.pairing_points_tagging.has_single_pairing_point_tag());
386 using Curve = TypeParam;
387 using Builder =
typename Curve::Builder;
391 using NativeFr =
typename Curve::ScalarFieldNative;
395 Fr scalar_one = Fr::from_witness(&
builder, NativeFr::random_element());
396 Fr scalar_two = Fr::from_witness(&
builder, NativeFr::random_element());
397 Group P0 = Group::batch_mul({ Group::one(&
builder) }, { scalar_one });
398 Group P1 = Group::batch_mul({ Group::one(&
builder) }, { scalar_two });
411 "Cannot merge pairing point tags after pairing points have been set to public.");
415 builder.pairing_points_tagging.set_public_pairing_points(),
416 "Trying to set pairing points to public for a circuit that already has public pairing points.");
#define BB_ASSERT_EQ(actual, expected,...)
#define EXPECT_THROW_WITH_MESSAGE(code, expectedMessageRegex)
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
void add_to_hash_buffer(const std::string &label, const T &element)
Adds an element to the transcript.
CommitmentKey object over a pairing group 𝔾₁.
An object storing two EC points that represent the inputs to a pairing check.
bool check() const
Verify the pairing equation e(P0, [1]₂) · e(P1, [x]₂) = 1.
Contains all the information required by a Honk prover to create a proof, constructed from a finalize...
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
typename grumpkin::g1 Group
static void SetUpTestSuite()
static std::vector< PairingPoints< Curve > > create_valid_pairing_points(typename Curve::Builder *builder, size_t count)
Create N distinct valid pairing points as circuit witnesses from SRS points.
static void SetUpTestSuite()
Manages the data that is propagated on the public inputs of an application/function circuit.
PairingInputs pairing_inputs
ProverInstance_< UltraKeccakFlavor > ProverInstance
std::filesystem::path bb_crs_path()
void init_file_crs_factory(const std::filesystem::path &path)
TYPED_TEST(PairingPointsTests, EmptyPairingPointsProtection)
TYPED_TEST_SUITE(PairingPointsTests, Curves)
testing::Types< stdlib::bn254< UltraCircuitBuilder >, stdlib::bn254< MegaCircuitBuilder > > Curves
CommitmentKey< Curve > ck
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
std::string to_string(bb::avm2::ValueTag tag)
An object storing two EC points that represent the inputs to a pairing check.
static uint32_t set_default_to_public(Builder *builder)
Set the witness indices for the default (infinity) pairing points to public.
static PairingPoints aggregate_multiple(std::vector< PairingPoints > &pairing_points, bool handle_edge_cases=true)
Aggregate multiple PairingPoints using random linear combination.
void aggregate(PairingPoints const &other)
Aggregate another PairingPoints into this one via random linear combination.
uint32_t set_public(Builder *ctx=nullptr)
Set the witness indices for the pairing points to public.
1.9.8