chonk_verifier.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: Complete, auditors: [Sergei], commit: }
// external_1:  { status: not started, auditors: [], commit: }
// external_2:  { status: not started, auditors: [], commit: }
// =====================
//
// Recursive Chonk verifier for in-circuit verification of Chonk IVC proofs.
// See: chonk/README.md
//
#pragma once
#include "barretenberg/chonk/batched_honk_translator/batched_honk_translator_verifier.hpp"
#include "barretenberg/chonk/chonk_proof.hpp"
#include "barretenberg/constants.hpp"
#include "barretenberg/eccvm/eccvm_flavor.hpp"
#include "barretenberg/flavor/mega_zk_recursive_flavor.hpp"
#include "barretenberg/goblin/goblin_verifier.hpp"
#include "barretenberg/stdlib/primitives/field/field.hpp"
#include "barretenberg/stdlib/proof/proof.hpp"
#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
#include "barretenberg/translator_vm/translator_flavor.hpp"
#include "barretenberg/ultra_honk/ultra_verifier.hpp"
 
namespace bb {
 
template <bool IsRecursive> class ChonkVerifier {
    // Conditional types based on recursion
    using Builder = std::conditional_t<IsRecursive, UltraCircuitBuilder, void>;
    using HidingKernelVerifier = std::conditional_t<IsRecursive, bb::MegaZKRecursiveVerifier, bb::MegaZKVerifier>;
    using GoblinVerifier = std::conditional_t<IsRecursive, bb::GoblinRecursiveVerifier, bb::GoblinVerifier>;
    using Transcript = typename GoblinVerifier::Transcript;
    using GoblinReductionResult = typename GoblinVerifier::ReductionResult;
    using HidingKernelIO =
        std::conditional_t<IsRecursive, stdlib::recursion::honk::HidingKernelIO<Builder>, bb::HidingKernelIO>;
    using PairingPoints = typename GoblinVerifier::ReductionResult::PairingPoints;
    using IPAClaim = typename GoblinVerifier::ReductionResult::IPAClaim;
    using IPAProof = typename GoblinVerifier::ReductionResult::IPAProof;
    using MergeCommitments = typename GoblinVerifier::MergeVerifier::InputCommitments;
 
    // Number of pairing point sets aggregated in recursive verification (PI, Merge, Batched PCS)
    static constexpr size_t NUM_PAIRING_POINTS = 3;
 
  public:
    struct ReductionResult {
        PairingPoints pairing_points; // Aggregated pairing points (PI + PCS + Merge + Translator)
        IPAClaim ipa_claim;           // IPA opening claim from ECCVM (Grumpkin curve)
        IPAProof ipa_proof;           // IPA proof for verifying the claim
        bool all_checks_passed;       // Reduction checks passed (sumcheck, evaluations, etc.)
    };
 
    using Output = std::conditional_t<IsRecursive, ReductionResult, bool>;
    using VKAndHash = typename HidingKernelVerifier::VKAndHash;
    using VK = typename HidingKernelVerifier::VerificationKey;
    using Commitment = typename HidingKernelVerifier::Commitment;
    using Proof = std::conditional_t<IsRecursive, ChonkStdlibProof, ChonkProof>;
 
    ChonkVerifier(const std::shared_ptr<VKAndHash>& vk_and_hash)
        : vk_and_hash(vk_and_hash)
        , transcript(std::make_shared<Transcript>())
    {}
 
    [[nodiscard("IPA claim and pairing points must be accumulated")]] Output verify(const Proof& proof);
 
    struct IPAReductionResult {
        OpeningClaim<curve::Grumpkin> ipa_claim;
        ::bb::HonkProof ipa_proof;
        bool all_checks_passed;
    };
 
    IPAReductionResult reduce_to_ipa_claim(const Proof& proof);
 
  private:
    // VK and hash of the hiding kernel
    std::shared_ptr<VKAndHash> vk_and_hash;
    // Shared transcript for all verifiers
    std::shared_ptr<Transcript> transcript;
};
 
// Type aliases for ease of use
using ChonkNativeVerifier = ChonkVerifier<false>;
using ChonkRecursiveVerifier = ChonkVerifier<true>;
 
} // namespace bb