Barretenberg: src/barretenberg/goblin/batch_merge_verifier.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "barretenberg/commitment_schemes/claim.hpp"

#include "barretenberg/commitment_schemes/kzg/kzg.hpp"

#include "barretenberg/commitment_schemes/shplonk/shplonk.hpp"

#include "barretenberg/flavor/mega_flavor.hpp"

#include "barretenberg/honk/proof_system/types/proof.hpp"

#include "barretenberg/srs/global_crs.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb {


template <typename Curve, size_t MaxMergeSize> class BatchMergeVerifier_ {

  public:

    using FF = typename Curve::ScalarField;

    using Commitment = typename Curve::AffineElement;

    using PCS = bb::KZG<Curve>;

    using PairingPoints =

        std::conditional_t<Curve::is_stdlib_type, stdlib::recursion::PairingPoints<Curve>, bb::PairingPoints<Curve>>;

    using Proof = std::vector<FF>;

    using Transcript = TranscriptFor_t<Curve>;

    using ShplonkVerifier = ShplonkVerifier_<Curve>;


    static constexpr size_t NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES;

    static constexpr size_t MAX_MERGE_SIZE = MaxMergeSize;

    static constexpr size_t LOG_MAX_MERGE_SIZE = static_cast<size_t>(numeric::get_msb(MAX_MERGE_SIZE));

    static constexpr bool IsRecursive = Curve::is_stdlib_type;

    static constexpr size_t NUM_COLUMN_TABLES = MAX_MERGE_SIZE + 1; // ZK table + subtables

    static constexpr size_t NUM_EVALS_FROM_COLUMNS = NUM_COLUMN_TABLES * NUM_WIRES;

    static constexpr size_t NUM_EVALS =

        ((MAX_MERGE_SIZE + 2) * NUM_WIRES) + 1; // ZK table, subtables, merged tables, degree check poly

    static constexpr size_t NUM_OPENING_CLAIMS = NUM_EVALS;

    static constexpr size_t MERGE_BATCHED_CLAIM_SIZE = NUM_OPENING_CLAIMS + 2; // Add Shplonk quotient + identity


    using TableCommitments = std::array<Commitment, NUM_WIRES>;


    struct ReductionResult {

        PairingPoints pairing_points;

        TableCommitments merged_commitments; // [T_0]..[T_{NUM_WIRES-1}]

        bool reduction_succeeded = false;

    };


    // Public for testing purposes

    std::shared_ptr<Transcript> transcript;


    explicit BatchMergeVerifier_()

        : transcript(std::make_shared<Transcript>())

    {}


    [[nodiscard("Verification result should be checked")]] ReductionResult reduce_to_pairing_check(const Proof& proof,

                                                                                                   const FF hash);


    static FF ecc_op_hash_step(const std::vector<Commitment>& col_commitments,

                               const std::optional<FF>& prev_hash = std::nullopt);


  private:

    std::vector<FF> compute_indicator_array(const FF& N) const;


    std::vector<FF> compute_dirac_array(const std::vector<FF>& indicator_array) const;


    bool check_concatenation_identity(std::vector<FF>& evals, const std::vector<FF>& pow_kappa_subtable_size) const;


    bool check_degree_identity(std::vector<FF>& evals,

                               const std::vector<FF>& powers_of_kappa_inv,

                               const FF& kappa,

                               const std::vector<FF>& degree_check_challenges) const;


    bool check_hash_consistency(const FF& hash,

                                const std::vector<FF>& calculated_hashes,

                                const std::vector<FF>& indicator_array) const;

};


// Type aliases for convenience

using BatchMergeVerifier = BatchMergeVerifier_<curve::BN254, CHONK_MAX_NUM_CIRCUITS>;


namespace stdlib::recursion::goblin {

template <typename Builder>

using BatchMergeRecursiveVerifier = BatchMergeVerifier_<bn254<Builder>, CHONK_MAX_NUM_CIRCUITS>;

} // namespace stdlib::recursion::goblin


} // namespace bb

claim.hpp

bb::BatchMergeVerifier_
Unified batch verifier for the batch Goblin ECC op queue merge protocol.
Definition batch_merge_verifier.hpp:26

bb::BatchMergeVerifier_::MERGE_BATCHED_CLAIM_SIZE
static constexpr size_t MERGE_BATCHED_CLAIM_SIZE
Definition batch_merge_verifier.hpp:46

bb::BatchMergeVerifier_::transcript
std::shared_ptr< Transcript > transcript
Definition batch_merge_verifier.hpp:60

bb::BatchMergeVerifier_::check_degree_identity
bool check_degree_identity(std::vector< FF > &evals, const std::vector< FF > &powers_of_kappa_inv, const FF &kappa, const std::vector< FF > &degree_check_challenges) const
Verify the degree identity G(κ⁻¹) = Σ_{i,col} α_{i,col} · C_i_col(κ) · κ^{1 − shift_sizes[j]}.
Definition batch_merge_verifier.cpp:315

bb::BatchMergeVerifier_::FF
typename Curve::ScalarField FF
Definition batch_merge_verifier.hpp:28

bb::BatchMergeVerifier_::reduce_to_pairing_check
ReductionResult reduce_to_pairing_check(const Proof &proof, const FF hash)
Reduce the batch merge proof to a pairing check.
Definition batch_merge_verifier.cpp:16

bb::BatchMergeVerifier_::check_concatenation_identity
bool check_concatenation_identity(std::vector< FF > &evals, const std::vector< FF > &pow_kappa_subtable_size) const
Verify the concatenation identity T(κ) = Σ_i C_i(κ) · κ^{offset_i} for every column.
Definition batch_merge_verifier.cpp:289

bb::BatchMergeVerifier_::BatchMergeVerifier_
BatchMergeVerifier_()
Definition batch_merge_verifier.hpp:62

bb::BatchMergeVerifier_::IsRecursive
static constexpr bool IsRecursive
Definition batch_merge_verifier.hpp:40

bb::BatchMergeVerifier_::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition batch_merge_verifier.hpp:37

bb::BatchMergeVerifier_::ecc_op_hash_step
static FF ecc_op_hash_step(const std::vector< Commitment > &col_commitments, const std::optional< FF > &prev_hash=std::nullopt)
Compute one step of the ECC op running hash.
Definition batch_merge_verifier.cpp:343

bb::BatchMergeVerifier_::NUM_COLUMN_TABLES
static constexpr size_t NUM_COLUMN_TABLES
Definition batch_merge_verifier.hpp:41

bb::BatchMergeVerifier_::Commitment
typename Curve::AffineElement Commitment
Definition batch_merge_verifier.hpp:29

bb::BatchMergeVerifier_::compute_indicator_array
std::vector< FF > compute_indicator_array(const FF &N) const
Compute array of length M := MaxMergeSize s.t. indicator_array[i] = (i < N).
Definition batch_merge_verifier.cpp:243

bb::BatchMergeVerifier_::NUM_EVALS
static constexpr size_t NUM_EVALS
Definition batch_merge_verifier.hpp:43

bb::BatchMergeVerifier_::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition batch_merge_verifier.hpp:48

bb::BatchMergeVerifier_::LOG_MAX_MERGE_SIZE
static constexpr size_t LOG_MAX_MERGE_SIZE
Definition batch_merge_verifier.hpp:39

bb::BatchMergeVerifier_::NUM_EVALS_FROM_COLUMNS
static constexpr size_t NUM_EVALS_FROM_COLUMNS
Definition batch_merge_verifier.hpp:42

bb::BatchMergeVerifier_::PairingPoints
std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > > PairingPoints
Definition batch_merge_verifier.hpp:32

bb::BatchMergeVerifier_::compute_dirac_array
std::vector< FF > compute_dirac_array(const std::vector< FF > &indicator_array) const
Compute array of length M := MaxMergeSize s.t. dirac_array[i] = (i == N - 1)
Definition batch_merge_verifier.cpp:268

bb::BatchMergeVerifier_::Transcript
TranscriptFor_t< Curve > Transcript
Definition batch_merge_verifier.hpp:34

bb::BatchMergeVerifier_::MAX_MERGE_SIZE
static constexpr size_t MAX_MERGE_SIZE
Definition batch_merge_verifier.hpp:38

bb::BatchMergeVerifier_::check_hash_consistency
bool check_hash_consistency(const FF &hash, const std::vector< FF > &calculated_hashes, const std::vector< FF > &indicator_array) const
Verify that the column commitments in the proof match the running hash from accumulation.
Definition batch_merge_verifier.cpp:376

bb::BatchMergeVerifier_::NUM_OPENING_CLAIMS
static constexpr size_t NUM_OPENING_CLAIMS
Definition batch_merge_verifier.hpp:45

bb::BatchMergeVerifier_::Proof
std::vector< FF > Proof
Definition batch_merge_verifier.hpp:33

bb::KZG
Definition kzg.hpp:22

bb::MegaExecutionTraceBlocks::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition mega_execution_trace.hpp:124

bb::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:22

bb::ShplonkVerifier_
Shplonk Verifier.
Definition shplonk.hpp:331

bb::curve::Grumpkin::is_stdlib_type
static constexpr bool is_stdlib_type
Definition grumpkin.hpp:67

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:64

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:60

global_crs.hpp

proof.hpp

kzg.hpp

mega_flavor.hpp

bb::numeric::get_msb
constexpr T get_msb(const T in)
Definition get_msb.hpp:50

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::TranscriptFor_t
typename TranscriptFor< Curve >::type TranscriptFor_t
Definition transcript.hpp:524

std
STL namespace.

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

shplonk.hpp

bb::BatchMergeVerifier_::ReductionResult
Result of batch merge verification.
Definition batch_merge_verifier.hpp:53

bb::BatchMergeVerifier_::ReductionResult::pairing_points
PairingPoints pairing_points
Definition batch_merge_verifier.hpp:54

bb::BatchMergeVerifier_::ReductionResult::reduction_succeeded
bool reduction_succeeded
Definition batch_merge_verifier.hpp:56

bb::BatchMergeVerifier_::ReductionResult::merged_commitments
TableCommitments merged_commitments
Definition batch_merge_verifier.hpp:55

bb::field< bb::Bn254FrParams >

transcript.hpp