Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
bbapi_shared.hpp
Go to the documentation of this file.
1#pragma once
10#include "barretenberg/chonk/chonk.hpp"
11#include "barretenberg/common/throw_or_abort.hpp"
12#include "barretenberg/dsl/acir_format/acir_format.hpp"
13#include "barretenberg/flavor/ultra_flavor.hpp"
14#include "barretenberg/flavor/ultra_keccak_flavor.hpp"
15#include "barretenberg/flavor/ultra_keccak_zk_flavor.hpp"
16#include "barretenberg/flavor/ultra_zk_flavor.hpp"
17#include "barretenberg/honk/execution_trace/mega_execution_trace.hpp"
18#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
19#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
20#ifdef STARKNET_GARAGA_FLAVORS
21#include "barretenberg/flavor/ultra_starknet_flavor.hpp"
22#include "barretenberg/flavor/ultra_starknet_zk_flavor.hpp"
23#endif
24#include <cstdint>
25#include <string>
26#include <vector>
27
28namespace bb::bbapi {
29
36template <typename VK> inline void validate_vk_size(const std::vector<uint8_t>& vk_bytes)
37{
38 const size_t expected_size = VK::calc_num_data_types() * sizeof(bb::fr);
39 if (vk_bytes.size() != expected_size) {
40 throw_or_abort("verification key has wrong size: expected " + std::to_string(expected_size) + ", got " +
41 std::to_string(vk_bytes.size()));
42 }
43}
44
49enum class VkPolicy {
50 DEFAULT, // Use the provided VK as-is (default behavior)
51 CHECK, // Verify the provided VK matches the computed VK, throw error if mismatch
52 RECOMPUTE, // Always ignore the provided VK and treat it as nullptr
53 REWRITE // Check the VK and rewrite the input file with correct VK if mismatch (for check command)
54};
55
60struct CircuitInputNoVK {
67 std::string name;
68
75 std::vector<uint8_t> bytecode;
76
77 SERIALIZATION_FIELDS(name, bytecode);
78 bool operator==(const CircuitInputNoVK& other) const = default;
79};
80
85struct CircuitInput {
92 std::string name;
93
100 std::vector<uint8_t> bytecode;
101
106 std::vector<uint8_t> verification_key;
107
108 SERIALIZATION_FIELDS(name, bytecode, verification_key);
109 bool operator==(const CircuitInput& other) const = default;
110};
111
112struct ProofSystemSettings {
117 bool ipa_accumulation = false;
118
125 std::string oracle_hash_type = "poseidon2";
126
131 bool disable_zk = false;
132
133 // TODO(md): remove this once considered stable
134 bool optimized_solidity_verifier = false;
135
136 SERIALIZATION_FIELDS(ipa_accumulation, oracle_hash_type, disable_zk, optimized_solidity_verifier);
137 bool operator==(const ProofSystemSettings& other) const = default;
138};
139
143enum class OracleHashType { POSEIDON2, KECCAK, STARKNET };
144
145inline OracleHashType parse_oracle_hash_type(const std::string& type)
146{
147 if (type == "keccak") {
148 return OracleHashType::KECCAK;
149 }
150 if (type == "starknet") {
151 return OracleHashType::STARKNET;
152 }
153 return OracleHashType::POSEIDON2; // default
154}
155
159inline VkPolicy parse_vk_policy(const std::string& policy)
160{
161 if (policy == "check") {
162 return VkPolicy::CHECK;
163 }
164 if (policy == "recompute") {
165 return VkPolicy::RECOMPUTE;
166 }
167 if (policy == "rewrite") {
168 return VkPolicy::REWRITE;
169 }
170 return VkPolicy::DEFAULT; // default
171}
172
173#ifndef __wasm__
174// Forward declaration — defined in bbapi_chonk.hpp
175class ChonkBatchVerifierService;
176#endif
177
178struct BBApiRequest {
179 // Current depth of the IVC stack for this request
180 uint32_t ivc_stack_depth = 0;
181 std::shared_ptr<IVCBase> ivc_in_progress;
182 // Name of the last loaded circuit
183 std::string loaded_circuit_name;
184 // Store the parsed constraint system to get ahead of parsing before accumulate
185 std::optional<acir_format::AcirFormat> loaded_circuit_constraints;
186 // Store the verification key passed with the circuit
187 std::vector<uint8_t> loaded_circuit_vk;
188 // Policy for handling verification keys during accumulation
189 VkPolicy vk_policy = VkPolicy::DEFAULT;
190 // Error message - empty string means no error
191 std::string error_message;
192#ifndef __wasm__
193 // Batch verifier service instance (persists across RPC calls)
194 std::shared_ptr<ChonkBatchVerifierService> batch_verifier_service;
195#endif
196};
197
201struct ErrorResponse {
202 static constexpr const char MSGPACK_SCHEMA_NAME[] = "ErrorResponse";
203 std::string message;
204 SERIALIZATION_FIELDS(message);
205 bool operator==(const ErrorResponse&) const = default;
206};
207
211#define BBAPI_ERROR(request, msg) \
212 do { \
213 (request).error_message = (msg); \
214 return {}; \
215 } while (0)
216
217struct Shutdown {
218 static constexpr const char MSGPACK_SCHEMA_NAME[] = "Shutdown";
219 struct Response {
220 static constexpr const char MSGPACK_SCHEMA_NAME[] = "ShutdownResponse";
221 // Empty response - success indicated by no exception
222 void msgpack(auto&& pack_fn) { pack_fn(); }
223 bool operator==(const Response&) const = default;
224 };
225 void msgpack(auto&& pack_fn) { pack_fn(); }
226 Response execute(const BBApiRequest&) && { return {}; }
227 bool operator==(const Shutdown&) const = default;
228};
229
242template <typename Flavor>
243inline typename Flavor::Transcript::Proof concatenate_proof(const std::vector<uint256_t>& public_inputs,
244 const std::vector<uint256_t>& proof)
245{
246 using FF = typename Flavor::FF;
247 // Reject non-canonical field encodings (values >= field modulus) to ensure consistent
248 // verifier behavior across native and Solidity targets.
249 for (const auto& val : public_inputs) {
250 if (val >= FF::modulus) {
251 throw_or_abort("Non-canonical public input: value >= field modulus");
252 }
253 }
254 for (const auto& val : proof) {
255 if (val >= FF::modulus) {
256 throw_or_abort("Non-canonical proof element: value >= field modulus");
257 }
258 }
259 typename Flavor::Transcript::Proof result;
260 result.reserve(public_inputs.size() + proof.size());
261 result.insert(result.end(), public_inputs.begin(), public_inputs.end());
262 result.insert(result.end(), proof.begin(), proof.end());
263 return result;
264}
265
269template <typename VK> std::vector<uint256_t> vk_to_uint256_fields(const VK& vk)
270{
271 auto fields = vk.to_field_elements();
272 if constexpr (std::is_same_v<decltype(fields), std::vector<uint256_t>>) {
273 return fields;
274 } else {
275 return std::vector<uint256_t>(fields.begin(), fields.end());
276 }
277}
278
286inline void validate_rollup_settings(const ProofSystemSettings& settings)
287{
288 if (!settings.ipa_accumulation) {
289 return; // Not a rollup circuit, no validation needed
290 }
291
292 // Rollup circuits must use poseidon2 for efficient recursive verification
293 if (settings.oracle_hash_type != "poseidon2") {
294 throw_or_abort("Rollup circuits (ipa_accumulation=true) must use oracle_hash_type='poseidon2', got '" +
295 settings.oracle_hash_type + "'");
296 }
297}
298
317template <typename Operation> auto dispatch_by_settings(const ProofSystemSettings& settings, Operation&& operation)
318{
319 // Rollup circuits: UltraFlavor with RollupIO (includes IPA accumulation for ECCVM)
320 if (settings.ipa_accumulation) {
321 validate_rollup_settings(settings);
322 return operation.template operator()<UltraFlavor, RollupIO>();
323 }
324
325 // Non-rollup circuits: route based on oracle hash type and ZK setting
326 if (settings.oracle_hash_type == "poseidon2") {
327 if (settings.disable_zk) {
328 return operation.template operator()<UltraFlavor, DefaultIO>();
329 }
330 return operation.template operator()<UltraZKFlavor, DefaultIO>();
331 }
332
333 if (settings.oracle_hash_type == "keccak") {
334 if (settings.disable_zk) {
335 return operation.template operator()<UltraKeccakFlavor, DefaultIO>();
336 }
337 return operation.template operator()<UltraKeccakZKFlavor, DefaultIO>();
338 }
339
340#ifdef STARKNET_GARAGA_FLAVORS
341 if (settings.oracle_hash_type == "starknet") {
342 if (settings.disable_zk) {
343 return operation.template operator()<UltraStarknetFlavor, DefaultIO>();
344 }
345 return operation.template operator()<UltraStarknetZKFlavor, DefaultIO>();
346 }
347#endif
348
349 // Invalid configuration
350 throw_or_abort("Invalid proof system settings: oracle_hash_type='" + settings.oracle_hash_type +
351 "', disable_zk=" + std::to_string(settings.disable_zk) +
352 ", ipa_accumulation=" + std::to_string(settings.ipa_accumulation));
353}
354
355} // namespace bb::bbapi
acir_format.hpp
bb::DefaultIO
Manages the data that is propagated on the public inputs of an application/function circuit.
Definition special_public_inputs.hpp:20
bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:43
bb::RollupIO
The data that is propagated on the public inputs of a rollup circuit.
Definition special_public_inputs.hpp:109
bb::UltraZKFlavor
Child class of UltraFlavor that runs with ZK Sumcheck.
Definition ultra_zk_flavor.hpp:23
mega_execution_trace.hpp
bb::bbapi::OracleHashType
OracleHashType
Convert oracle hash type string to enum for internal use.
Definition bbapi_shared.hpp:143
bb::bbapi::VkPolicy
VkPolicy
Policy for handling verification keys during IVC accumulation.
Definition bbapi_shared.hpp:49
bb::bbapi::validate_rollup_settings
void validate_rollup_settings(const ProofSystemSettings &settings)
Validate rollup circuit settings.
Definition bbapi_shared.hpp:286
bb::bbapi::vk_to_uint256_fields
std::vector< uint256_t > vk_to_uint256_fields(const VK &vk)
Convert VK to uint256 field elements, handling flavor-specific return types.
Definition bbapi_shared.hpp:269
bb::bbapi::parse_vk_policy
VkPolicy parse_vk_policy(const std::string &policy)
Convert VK policy string to enum for internal use.
Definition bbapi_shared.hpp:159
bb::bbapi::concatenate_proof
Flavor::Transcript::Proof concatenate_proof(const std::vector< uint256_t > &public_inputs, const std::vector< uint256_t > &proof)
Concatenate public inputs and proof into a complete proof for verification.
Definition bbapi_shared.hpp:243
bb::bbapi::dispatch_by_settings
auto dispatch_by_settings(const ProofSystemSettings &settings, Operation &&operation)
Dispatch to the correct Flavor and IO type based on proof system settings.
Definition bbapi_shared.hpp:317
bb::bbapi::parse_oracle_hash_type
OracleHashType parse_oracle_hash_type(const std::string &type)
Definition bbapi_shared.hpp:145
bb::bbapi::validate_vk_size
void validate_vk_size(const std::vector< uint8_t > &vk_bytes)
Validate verification key size before deserialization.
Definition bbapi_shared.hpp:36
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:155
bb::vk
VerifierCommitmentKey< Curve > vk
Definition ipa.fuzzer.cpp:21
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402
special_public_inputs.hpp
bb::bbapi::BBApiRequest::batch_verifier_service
std::shared_ptr< ChonkBatchVerifierService > batch_verifier_service
Definition bbapi_shared.hpp:194
bb::bbapi::BBApiRequest::ivc_in_progress
std::shared_ptr< IVCBase > ivc_in_progress
Definition bbapi_shared.hpp:181
bb::bbapi::BBApiRequest::loaded_circuit_vk
std::vector< uint8_t > loaded_circuit_vk
Definition bbapi_shared.hpp:187
bb::bbapi::BBApiRequest::loaded_circuit_constraints
std::optional< acir_format::AcirFormat > loaded_circuit_constraints
Definition bbapi_shared.hpp:185
bb::bbapi::CircuitInput
A circuit to be used in either ultrahonk or Chonk proving.
Definition bbapi_shared.hpp:85
bb::bbapi::CircuitInput::operator==
bool operator==(const CircuitInput &other) const =default
bb::bbapi::CircuitInput::verification_key
std::vector< uint8_t > verification_key
Verification key of the circuit. This could be derived, but it is more efficient to have it fixed ahe...
Definition bbapi_shared.hpp:106
bb::bbapi::CircuitInput::name
std::string name
Human-readable name for the circuit.
Definition bbapi_shared.hpp:92
bb::bbapi::CircuitInput::SERIALIZATION_FIELDS
SERIALIZATION_FIELDS(name, bytecode, verification_key)
bb::bbapi::CircuitInput::bytecode
std::vector< uint8_t > bytecode
Serialized bytecode representation of the circuit.
Definition bbapi_shared.hpp:100
bb::bbapi::CircuitInputNoVK
A circuit to be used in either ultrahonk or chonk verification key derivation.
Definition bbapi_shared.hpp:60
bb::bbapi::CircuitInputNoVK::name
std::string name
Human-readable name for the circuit.
Definition bbapi_shared.hpp:67
bb::bbapi::CircuitInputNoVK::operator==
bool operator==(const CircuitInputNoVK &other) const =default
bb::bbapi::CircuitInputNoVK::SERIALIZATION_FIELDS
SERIALIZATION_FIELDS(name, bytecode)
bb::bbapi::CircuitInputNoVK::bytecode
std::vector< uint8_t > bytecode
Serialized bytecode representation of the circuit.
Definition bbapi_shared.hpp:75
bb::bbapi::ErrorResponse
Error response returned when a command fails.
Definition bbapi_shared.hpp:201
bb::bbapi::ErrorResponse::operator==
bool operator==(const ErrorResponse &) const =default
bb::bbapi::ErrorResponse::MSGPACK_SCHEMA_NAME
static constexpr const char MSGPACK_SCHEMA_NAME[]
Definition bbapi_shared.hpp:202
bb::bbapi::ProofSystemSettings::ipa_accumulation
bool ipa_accumulation
Optional flag to indicate if the proof should be generated with IPA accumulation (i....
Definition bbapi_shared.hpp:117
bb::bbapi::ProofSystemSettings::SERIALIZATION_FIELDS
SERIALIZATION_FIELDS(ipa_accumulation, oracle_hash_type, disable_zk, optimized_solidity_verifier)
bb::bbapi::ProofSystemSettings::operator==
bool operator==(const ProofSystemSettings &other) const =default
bb::bbapi::ProofSystemSettings::oracle_hash_type
std::string oracle_hash_type
The oracle hash type to be used for the proof.
Definition bbapi_shared.hpp:125
bb::bbapi::ProofSystemSettings::disable_zk
bool disable_zk
Flag to disable blinding of the proof. Useful for cases that don't require privacy,...
Definition bbapi_shared.hpp:131
bb::bbapi::Shutdown::Response::MSGPACK_SCHEMA_NAME
static constexpr const char MSGPACK_SCHEMA_NAME[]
Definition bbapi_shared.hpp:220
bb::bbapi::Shutdown::Response::operator==
bool operator==(const Response &) const =default
bb::bbapi::Shutdown::Response::msgpack
void msgpack(auto &&pack_fn)
Definition bbapi_shared.hpp:222
bb::bbapi::Shutdown::msgpack
void msgpack(auto &&pack_fn)
Definition bbapi_shared.hpp:225
bb::bbapi::Shutdown::MSGPACK_SCHEMA_NAME
static constexpr const char MSGPACK_SCHEMA_NAME[]
Definition bbapi_shared.hpp:218
bb::bbapi::Shutdown::operator==
bool operator==(const Shutdown &) const =default
bb::bbapi::Shutdown::execute
Response execute(const BBApiRequest &) &&
Definition bbapi_shared.hpp:226
bb::field< bb::Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:234
throw_or_abort.hpp
throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6
ultra_circuit_builder.hpp
ultra_flavor.hpp
ultra_keccak_flavor.hpp
ultra_keccak_zk_flavor.hpp
ultra_zk_flavor.hpp