Barretenberg: src/barretenberg/commitment_schemes/commitment_key.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Planned, auditors: [Sergei], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "barretenberg/common/bb_bench.hpp"

#include "barretenberg/common/ref_span.hpp"

#include "barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp"

#include "barretenberg/polynomials/polynomial.hpp"

#include "barretenberg/srs/factories/crs_factory.hpp"

#include "barretenberg/srs/global_crs.hpp"


#include <cstddef>

#include <cstdlib>

#include <limits>

#include <memory>

#include <string_view>


namespace bb {


template <class Curve> class CommitmentKey {


    using Fr = typename Curve::ScalarField;

    using Commitment = typename Curve::AffineElement;


  protected:

    std::shared_ptr<srs::factories::Crs<Curve>> srs;


  public:

    size_t srs_size;


    CommitmentKey() = default;


    CommitmentKey(const size_t num_points)

        : srs(srs::get_crs_factory<Curve>()->get_crs(num_points))

        , srs_size(num_points)

    {}


    bool initialized() const { return srs != nullptr; }


    std::span<Commitment> get_monomial_points() const { return srs->get_monomial_points(); }

    size_t get_monomial_size() const { return srs->get_monomial_size(); }


    Commitment commit(PolynomialSpan<const Fr> polynomial) const

    {

        BB_BENCH_NAME("CommitmentKey::commit");

        std::span<const Commitment> point_table = get_monomial_points();

        size_t consumed_srs = polynomial.start_index + polynomial.size();

        if (consumed_srs > get_monomial_size()) {

            throw_or_abort(format("Attempting to commit to a polynomial that needs ",

                                  consumed_srs,

                                  " points with an SRS of size ",

                                  get_monomial_size()));

        }

        return scalar_multiplication::pippenger_unsafe<Curve>(polynomial, point_table);

    };


    std::vector<Commitment> batch_commit(RefSpan<Polynomial<Fr>> polynomials,

                                         size_t max_batch_size = std::numeric_limits<size_t>::max()) const

    {

        BB_BENCH_NAME("CommitmentKey::batch_commit");


        // We can only commit max_batch_size at a time

        // This is to prevent excessive memory usage in the pippenger algorithm

        // First batch, create the commitments vector

        std::vector<Commitment> commitments;


        for (size_t i = 0; i < polynomials.size();) {

            // Note: have to be careful how we compute this to not overlow e.g. max_batch_size + 1 would

            size_t batch_size = std::min(max_batch_size, polynomials.size() - i);

            size_t batch_end = i + batch_size;


            // Prepare spans for batch MSM

            std::vector<std::span<const Commitment>> points_spans;

            std::vector<std::span<Fr>> scalar_spans;


            for (auto& polynomial : polynomials.subspan(i, batch_end - i)) {

                size_t consumed_srs = polynomial.start_index() + polynomial.size();

                if (consumed_srs > get_monomial_size()) {

                    throw_or_abort(format("Attempting to commit to a polynomial that needs ",

                                          consumed_srs,

                                          " points with an SRS of size ",

                                          get_monomial_size()));

                }

                std::span<const Commitment> point_table = get_monomial_points().subspan(polynomial.start_index());

                scalar_spans.emplace_back(polynomial.coeffs());

                points_spans.emplace_back(point_table);

            }


            // Perform batch MSM

            auto results = scalar_multiplication::MSM<Curve>::batch_multi_scalar_mul(points_spans, scalar_spans, false);

            for (const auto& result : results) {

                commitments.emplace_back(result);

            }

            i += batch_size;

        }

        return commitments;

    };


    // helper builder struct for constructing a batch to commit at once


    struct CommitBatch {

        CommitmentKey* key;

        RefVector<Polynomial<Fr>> wires;

        std::vector<std::string> labels;

        std::vector<const Polynomial<Fr>*> tail_polys; // optional ZK masking tails (parallel to wires)


        std::vector<Commitment> commit_and_send_to_verifier(auto transcript,

                                                            size_t max_batch_size = std::numeric_limits<size_t>::max())

        {

            std::vector<Commitment> commitments = key->batch_commit(wires, max_batch_size);


            // Adjust commitments for wires with masking tails: C' = C_short + commit(tail)

            for (size_t i = 0; i < commitments.size(); ++i) {

                if (i < tail_polys.size() && tail_polys[i] != nullptr && !tail_polys[i]->is_empty()) {

                    commitments[i] = commitments[i] + key->commit(*tail_polys[i]);

                }

                transcript->send_to_verifier(labels[i], commitments[i]);

            }


            return commitments;

        }


        void add_to_batch(Polynomial<Fr>& poly, const std::string& label, const Polynomial<Fr>* tail = nullptr)

        {

            wires.push_back(poly);

            labels.push_back(label);

            tail_polys.push_back(tail);

        }


    };


    CommitBatch start_batch() { return CommitBatch{ this, {}, {} }; }

};


} // namespace bb

bb_bench.hpp

BB_BENCH_NAME
#define BB_BENCH_NAME(name)
Definition bb_bench.hpp:264

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35

bb::CommitmentKey::CommitmentKey
CommitmentKey()=default

bb::CommitmentKey::batch_commit
std::vector< Commitment > batch_commit(RefSpan< Polynomial< Fr > > polynomials, size_t max_batch_size=std::numeric_limits< size_t >::max()) const
Batch commitment to multiple polynomials.
Definition commitment_key.hpp:94

bb::CommitmentKey::get_monomial_size
size_t get_monomial_size() const
Definition commitment_key.hpp:65

bb::CommitmentKey::Fr
typename Curve::ScalarField Fr
Definition commitment_key.hpp:37

bb::CommitmentKey::get_monomial_points
std::span< Commitment > get_monomial_points() const
Definition commitment_key.hpp:64

bb::CommitmentKey::srs_size
size_t srs_size
Definition commitment_key.hpp:44

bb::CommitmentKey::Commitment
typename Curve::AffineElement Commitment
Definition commitment_key.hpp:38

bb::CommitmentKey::CommitmentKey
CommitmentKey(const size_t num_points)
Construct a new Kate Commitment Key object from existing SRS.
Definition commitment_key.hpp:53

bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:73

bb::CommitmentKey::initialized
bool initialized() const
Checks the commitment key is properly initialized.
Definition commitment_key.hpp:62

bb::CommitmentKey::srs
std::shared_ptr< srs::factories::Crs< Curve > > srs
Definition commitment_key.hpp:41

bb::CommitmentKey::start_batch
CommitBatch start_batch()
Definition commitment_key.hpp:167

bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75

bb::RefSpan
Definition ref_span.hpp:11

bb::RefVector
A template class for a reference vector. Behaves as if std::vector<T&> was possible.
Definition ref_vector.hpp:24

bb::curve::Grumpkin
Definition grumpkin.hpp:58

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:64

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:60

bb::scalar_multiplication::MSM::batch_multi_scalar_mul
static std::vector< AffineElement > batch_multi_scalar_mul(std::span< std::span< const AffineElement > > points, std::span< std::span< ScalarField > > scalars, bool handle_edge_cases=true) noexcept
Compute multiple MSMs in parallel with work balancing.
Definition scalar_multiplication.cpp:497

format
std::string format(Args... args)
Definition log.hpp:23

crs_factory.hpp

global_crs.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomial.hpp

ref_span.hpp

scalar_multiplication.hpp

bb::CommitmentKey::CommitBatch
Definition commitment_key.hpp:137

bb::CommitmentKey::CommitBatch::labels
std::vector< std::string > labels
Definition commitment_key.hpp:140

bb::CommitmentKey::CommitBatch::commit_and_send_to_verifier
std::vector< Commitment > commit_and_send_to_verifier(auto transcript, size_t max_batch_size=std::numeric_limits< size_t >::max())
Definition commitment_key.hpp:143

bb::CommitmentKey::CommitBatch::key
CommitmentKey * key
Definition commitment_key.hpp:138

bb::CommitmentKey::CommitBatch::add_to_batch
void add_to_batch(Polynomial< Fr > &poly, const std::string &label, const Polynomial< Fr > *tail=nullptr)
Definition commitment_key.hpp:159

bb::CommitmentKey::CommitBatch::wires
RefVector< Polynomial< Fr > > wires
Definition commitment_key.hpp:139

bb::CommitmentKey::CommitBatch::tail_polys
std::vector< const Polynomial< Fr > * > tail_polys
Definition commitment_key.hpp:141

bb::PolynomialSpan
Definition polynomial.hpp:27

bb::PolynomialSpan::size
size_t size() const
Definition polynomial.hpp:36

bb::PolynomialSpan::start_index
size_t start_index
Definition polynomial.hpp:28

throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6