Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecc_transcript_relation.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Raju], commit: 2a49eb6 }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "barretenberg/ecc/curves/bn254/g1.hpp"
10#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
11#include "barretenberg/relations/relation_types.hpp"
12
13namespace bb {
14
35template <typename FF_> class ECCVMTranscriptRelationImpl {
36 public:
37 using FF = FF_;
38
39 // Named subrelation indices — matches SUBRELATION_PARTIAL_LENGTHS ordering.
40 enum SubrelationIndex : size_t {
41 // z1/z2 zero checks: if z_zero flag is set, scalar must be 0
42 Z1_ZERO_CHECK = 0,
43 Z2_ZERO_CHECK = 1,
44 // Opcode encoding: op = q_reset + 2*q_eq + 4*q_mul + 8*q_add
45 OPCODE_WELL_FORMED = 2,
46 // Point counter update: pc decrements by number of muls
47 PC_UPDATE = 3,
48 // MSM count zero at transition: witnesses correct msm_count_zero_at_transition
49 MSM_COUNT_ZERO_AT_TRANSITION = 4,
50 // MSM transition: msm_transition = q_mul * (1 - q_mul_shift) * (1 - msm_count_zero_at_transition)
51 MSM_TRANSITION = 5,
52 // MSM count zero when not at a mul op
53 MSM_COUNT_ZERO_WHEN_NOT_MUL = 6,
54 // MSM count increments correctly across mul rows
55 MSM_COUNT_INCREMENT_ACROSS_ROWS = 7,
56 // Opcode exclusion: q_mul and q_add are mutually exclusive with other opcodes
57 OPCODE_EXCLUSION = 8,
58 // Equality check x-coordinate
59 EQ_X_DIFF = 9,
60 // Equality check y-coordinate
61 EQ_Y_DIFF = 10,
62 // Boundary: is_accumulator_empty = 1 at third row
63 BOUNDARY_ACCUMULATOR_EMPTY = 11,
64 // Boundary: msm_count = 0 at third row, pc = 0 at last row
65 BOUNDARY_MSM_COUNT_AND_PC = 12,
66 // On-curve check for input points
67 ON_CURVE_CHECK = 13,
68 // Lambda relation for add/msm group operations
69 LAMBDA_RELATION = 14,
70 // Accumulator x-coordinate update
71 ACCUMULATOR_X_UPDATE = 15,
72 // Accumulator y-coordinate update
73 ACCUMULATOR_Y_UPDATE = 16,
74 // MSM offset generator subtraction: x-coordinate
75 OFFSET_GENERATOR_X = 17,
76 // MSM offset generator subtraction: y-coordinate
77 OFFSET_GENERATOR_Y = 18,
78 // MSM infinity x-diff check
79 MSM_INFINITY_X_DIFF = 19,
80 // MSM infinity y-sum check
81 MSM_INFINITY_Y_SUM = 20,
82 // MSM infinity inverse check
83 MSM_INFINITY_INVERSE = 21,
84 // Accumulator empty flag update
85 ACCUMULATOR_EMPTY_UPDATE = 22,
86 // x-equal flag validation
87 ADD_X_EQUAL_CHECK = 23,
88 // y-equal flag validation
89 ADD_Y_EQUAL_CHECK = 24,
90 // Hiding op row: q_eq must be 1
91 HIDING_ROW_EQ = 25,
92 // Hiding op row: q_reset must be 1
93 HIDING_ROW_RESET = 26,
94 // Infinity flag consistency: Px = 0 when base infinity
95 INFINITY_BASE_PX = 27,
96 // Infinity flag consistency: Py = 0 when base infinity
97 INFINITY_BASE_PY = 28,
98 // Infinity flag consistency: acc_x = 0 when accumulator empty
99 INFINITY_ACC_X = 29,
100 // Infinity flag consistency: acc_y = 0 when accumulator empty
101 INFINITY_ACC_Y = 30,
102 // Boundary: accumulator_not_empty must be 0 at lagrange_first row
103 ACCUMULATOR_NOT_EMPTY_INIT = 31,
104 NUM_SUBRELATIONS,
105 };
106
107 static constexpr std::array<size_t, 32> SUBRELATION_PARTIAL_LENGTHS{
108 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
109 };
110 static_assert(NUM_SUBRELATIONS == SUBRELATION_PARTIAL_LENGTHS.size());
111
112 template <typename ContainerOverSubrelations, typename AllEntities, typename Parameters>
113 static void accumulate(ContainerOverSubrelations& accumulator,
114 const AllEntities& in,
115 const Parameters& /* unused */,
116 const FF& scaling_factor);
117
118 static constexpr FF get_curve_b()
119 {
120 if constexpr (FF::modulus == bb::fq::modulus) {
121 return bb::g1::curve_b;
122 } else if constexpr (FF::modulus == grumpkin::fq::modulus) {
123 return grumpkin::g1::curve_b;
124 } else {
125 static_assert(!std::is_same_v<FF, FF>, "Unsupported field type for ECC transcript relation");
126 }
127 }
128};
129
130template <typename FF> using ECCVMTranscriptRelation = Relation<ECCVMTranscriptRelationImpl<FF>>;
131
132} // namespace bb
bb::ECCVMTranscriptRelationImpl
ECCVMTranscriptRelationImpl evaluates the correctness of the ECCVM transcript columns.
Definition ecc_transcript_relation.hpp:35
bb::ECCVMTranscriptRelationImpl::accumulate
static void accumulate(ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters &, const FF &scaling_factor)
ECCVMTranscriptRelationImpl evaluates the correctness of the ECCVM transcript columns.
Definition ecc_transcript_relation_impl.hpp:40
bb::ECCVMTranscriptRelationImpl::SUBRELATION_PARTIAL_LENGTHS
static constexpr std::array< size_t, 32 > SUBRELATION_PARTIAL_LENGTHS
Definition ecc_transcript_relation.hpp:107
bb::Relation
A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribu...
Definition relation_types.hpp:96
bb::group::curve_b
static constexpr Fq curve_b
Definition group.hpp:53
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
relation_types.hpp
bb::field< bb::Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:234