- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
Unified batch verifier for the batch Goblin ECC op queue merge protocol. More...
#include <batch_merge_verifier.hpp>
Classes | |
| struct | ReductionResult |
| Result of batch merge verification. More... | |
Public Types | |
| using | FF = typename Curve::ScalarField |
| using | Commitment = typename Curve::AffineElement |
| using | PCS = bb::KZG< Curve > |
| using | PairingPoints = std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > > |
| using | Proof = std::vector< FF > |
| using | Transcript = TranscriptFor_t< Curve > |
| using | ShplonkVerifier = ShplonkVerifier_< Curve > |
| using | TableCommitments = std::array< Commitment, NUM_WIRES > |
Public Member Functions | |
| BatchMergeVerifier_ () | |
| ReductionResult | reduce_to_pairing_check (const Proof &proof, const FF hash) |
| Reduce the batch merge proof to a pairing check. | |
Static Public Member Functions | |
| static FF | ecc_op_hash_step (const std::vector< Commitment > &col_commitments, const std::optional< FF > &prev_hash=std::nullopt) |
| Compute one step of the ECC op running hash. | |
Public Attributes | |
| std::shared_ptr< Transcript > | transcript |
Static Public Attributes | |
| static constexpr size_t | NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES |
| static constexpr size_t | MAX_MERGE_SIZE = MaxMergeSize |
| static constexpr size_t | LOG_MAX_MERGE_SIZE = static_cast<size_t>(numeric::get_msb(MAX_MERGE_SIZE)) |
| static constexpr bool | IsRecursive = Curve::is_stdlib_type |
| static constexpr size_t | NUM_COLUMN_TABLES = MAX_MERGE_SIZE + 1 |
| static constexpr size_t | NUM_EVALS_FROM_COLUMNS = NUM_COLUMN_TABLES * NUM_WIRES |
| static constexpr size_t | NUM_EVALS |
| static constexpr size_t | NUM_OPENING_CLAIMS = NUM_EVALS |
| static constexpr size_t | MERGE_BATCHED_CLAIM_SIZE = NUM_OPENING_CLAIMS + 2 |
Private Member Functions | |
| std::vector< FF > | compute_indicator_array (const FF &N) const |
| Compute array of length M := MaxMergeSize s.t. indicator_array[i] = (i < N). | |
| std::vector< FF > | compute_dirac_array (const std::vector< FF > &indicator_array) const |
| Compute array of length M := MaxMergeSize s.t. dirac_array[i] = (i == N - 1) | |
| bool | check_concatenation_identity (std::vector< FF > &evals, const std::vector< FF > &pow_kappa_subtable_size) const |
| Verify the concatenation identity T(κ) = Σ_i C_i(κ) · κ^{offset_i} for every column. | |
| bool | check_degree_identity (std::vector< FF > &evals, const std::vector< FF > &powers_of_kappa_inv, const FF &kappa, const std::vector< FF > °ree_check_challenges) const |
| Verify the degree identity G(κ⁻¹) = Σ_{i,col} α_{i,col} · C_i_col(κ) · κ^{1 − shift_sizes[j]}. | |
| bool | check_hash_consistency (const FF &hash, const std::vector< FF > &calculated_hashes, const std::vector< FF > &indicator_array) const |
| Verify that the column commitments in the proof match the running hash from accumulation. | |
Unified batch verifier for the batch Goblin ECC op queue merge protocol.
Works for both native verification and recursive (in-circuit) verification.
| Curve | The curve type (native curve::BN254 or stdlib bn254<Builder>) |
| MaxMergeSize | The maximum number of subtables that can be merged |
Definition at line 26 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::Commitment = typename Curve::AffineElement |
Definition at line 29 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::FF = typename Curve::ScalarField |
Definition at line 28 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::PairingPoints = std::conditional_t<Curve::is_stdlib_type, stdlib::recursion::PairingPoints<Curve>, bb::PairingPoints<Curve> > |
Definition at line 31 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::PCS = bb::KZG<Curve> |
Definition at line 30 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::Proof = std::vector<FF> |
Definition at line 33 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::ShplonkVerifier = ShplonkVerifier_<Curve> |
Definition at line 35 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::TableCommitments = std::array<Commitment, NUM_WIRES> |
Definition at line 48 of file batch_merge_verifier.hpp.
| using bb::BatchMergeVerifier_< Curve, MaxMergeSize >::Transcript = TranscriptFor_t<Curve> |
Definition at line 34 of file batch_merge_verifier.hpp.
|
inlineexplicit |
Definition at line 62 of file batch_merge_verifier.hpp.
|
private |
Verify the concatenation identity T(κ) = Σ_i C_i(κ) · κ^{offset_i} for every column.
offset_i = Σ_{j<i} shift_sizes[j]
| evals | Evaluations of C_i(κ) and T(κ) received from the proof |
| pow_kappa_subtable_size | Precomputed κ^{shift_sizes[i]} for each subtable i |
Definition at line 289 of file batch_merge_verifier.cpp.
|
private |
Verify the degree identity G(κ⁻¹) = Σ_{i,col} α_{i,col} · C_i_col(κ) · κ^{1 − shift_sizes[j]}.
This is a single combined check across all subtables and columns.
Definition at line 315 of file batch_merge_verifier.cpp.
|
private |
Verify that the column commitments in the proof match the running hash from accumulation.
This ensures that the commitments provided in the proof are consistent with the expected running hash computed during the accumulation process.
Definition at line 376 of file batch_merge_verifier.cpp.
|
private |
Compute array of length M := MaxMergeSize s.t. dirac_array[i] = (i == N - 1)
| indicator_array |
Definition at line 267 of file batch_merge_verifier.cpp.
|
private |
Compute array of length M := MaxMergeSize s.t. indicator_array[i] = (i < N).
| N |
Definition at line 242 of file batch_merge_verifier.cpp.
|
static |
Compute one step of the ECC op running hash.
Returns Poseidon2([prev_hash, serialize_to_fields(col_commitments)]).
Definition at line 343 of file batch_merge_verifier.cpp.
| BatchMergeVerifier_< Curve, MaxMergeSize >::ReductionResult bb::BatchMergeVerifier_< Curve, MaxMergeSize >::reduce_to_pairing_check | ( | const Proof & | proof, |
| const FF | hash | ||
| ) |
Reduce the batch merge proof to a pairing check.
| proof | Batch merge proof. |
| hash | Running hash of the column commitments [C_0]..[C_{M-1}] |
Definition at line 15 of file batch_merge_verifier.cpp.
|
staticconstexpr |
Definition at line 40 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 39 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 38 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 46 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 41 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 43 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 42 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 45 of file batch_merge_verifier.hpp.
|
staticconstexpr |
Definition at line 37 of file batch_merge_verifier.hpp.
| std::shared_ptr<Transcript> bb::BatchMergeVerifier_< Curve, MaxMergeSize >::transcript |
Definition at line 60 of file batch_merge_verifier.hpp.
1.9.8