Barretenberg: src/barretenberg/eccvm/eccvm_trace_checker.cpp Source File

#include "eccvm_trace_checker.hpp"

#include "barretenberg/eccvm/eccvm_flavor.hpp"

#include "barretenberg/honk/library/grand_product_library.hpp"


using namespace bb;


using Flavor = ECCVMFlavor;

using Builder = typename ECCVMFlavor::CircuitBuilder;

using FF = typename ECCVMFlavor::FF;

using ProverPolynomials = typename ECCVMFlavor::ProverPolynomials;


bool ECCVMTraceChecker::check(Builder& builder,

                              numeric::RNG* engine_ptr

#ifdef FUZZING

                              ,

                              bool disable_fixed_dyadic_trace_size

#endif

)

{

    const FF gamma = FF::random_element(engine_ptr);

    const FF beta = FF::random_element(engine_ptr);

    const FF beta_sqr = beta.sqr();

    const FF beta_cube = beta_sqr * beta;

    const FF beta_quartic = beta_sqr * beta_sqr;

    auto first_term_tag = beta_quartic; // FIRST_TERM_TAG (= 1) * beta_quartic

    auto eccvm_set_permutation_delta = (gamma + first_term_tag) * (gamma + beta_sqr + first_term_tag) *

                                       (gamma + beta_sqr + beta_sqr + first_term_tag) *

                                       (gamma + beta_sqr + beta_sqr + beta_sqr + first_term_tag);

    eccvm_set_permutation_delta = eccvm_set_permutation_delta.invert();

    bb::RelationParameters<typename Flavor::FF> params{

        .eta = 0,

        .beta = beta,

        .gamma = gamma,

        .public_input_delta = 0,

        .beta_sqr = beta_sqr,

        .beta_cube = beta_cube,

        .beta_quartic = beta_quartic,

        .eccvm_set_permutation_delta = eccvm_set_permutation_delta,

    };


#ifdef FUZZING

    ProverPolynomials polynomials(builder, disable_fixed_dyadic_trace_size);

#else

    ProverPolynomials polynomials(builder);

#endif

    const size_t num_rows = polynomials.get_polynomial_size();

    // Skip the disabled head region to preserve masking values

    compute_logderivative_inverse<FF, ECCVMLookupRelation<FF>>(polynomials, params, Flavor::TRACE_OFFSET);

    compute_grand_product<Flavor, ECCVMSetRelation<FF>>(polynomials, params);


    polynomials.z_perm_shift = Polynomial(polynomials.z_perm.shifted());


    const auto evaluate_relation = [&]<typename Relation>(const std::string& relation_name) {

        typename Relation::SumcheckArrayOfValuesOverSubrelations result;

        for (auto& r : result) {

            r = 0;

        }

        constexpr size_t NUM_SUBRELATIONS = result.size();


        // Skip the disabled head rows (masking region) — relations are zeroed there by row-disabling polynomial

        for (size_t i = Flavor::TRACE_OFFSET; i < num_rows; ++i) {

            auto row = polynomials.get_row(i);

#ifdef FUZZING

            // Check if the relation is skippable and should be skipped (only in fuzzing builds)

            if constexpr (isSkippable<Relation, decltype(row)>) {

                // Only accumulate if the relation should not be skipped

                if (!Relation::skip(row)) {

                    Relation::accumulate(result, row, params, 1);

                }

            } else {

                // If not skippable, always accumulate

                Relation::accumulate(result, row, params, 1);

            }

#else

            // In non-fuzzing builds, always accumulate for maximum security

            Relation::accumulate(result, row, params, 1);

#endif


            bool x = true;

            for (size_t j = 0; j < NUM_SUBRELATIONS; ++j) {

                if (result[j] != 0) {

                    info("Relation ", relation_name, ", subrelation index ", j, " failed at row ", i);

                    x = false;

                }

            }

            if (!x) {

                return false;

            }

        }

        return true;

    };


    bool result = true;

    result = result && evaluate_relation.template operator()<ECCVMTranscriptRelation<FF>>("ECCVMTranscriptRelation");

    result = result && evaluate_relation.template operator()<ECCVMPointTableRelation<FF>>("ECCVMPointTableRelation");

    result = result && evaluate_relation.template operator()<ECCVMWnafRelation<FF>>("ECCVMWnafRelation");

    result = result && evaluate_relation.template operator()<ECCVMMSMRelation<FF>>("ECCVMMSMRelation");

    result = result && evaluate_relation.template operator()<ECCVMSetRelation<FF>>("ECCVMSetRelation");

    result = result && evaluate_relation.template operator()<ECCVMBoolsRelation<FF>>("ECCVMBoolsRelation");


    using LookupRelation = ECCVMLookupRelation<FF>;

    typename ECCVMLookupRelation<typename Flavor::FF>::SumcheckArrayOfValuesOverSubrelations lookup_result;

    for (auto& r : lookup_result) {

        r = 0;

    }

    // Skip the disabled head rows (masking region) — row-disabling polynomial zeroes them in sumcheck

    for (size_t i = Flavor::TRACE_OFFSET; i < num_rows; ++i) {

        LookupRelation::accumulate(lookup_result, polynomials.get_row(i), params, 1);

    }

    for (auto r : lookup_result) {

        if (r != 0) {

            info("Relation ECCVMLookupRelation failed.");

            return false;

        }

    }

    return result;

}


bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::ECCVMFlavor::ProverPolynomials
A container for the prover polynomials.
Definition eccvm_flavor.hpp:484

bb::ECCVMFlavor
Definition eccvm_flavor.hpp:37

bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:43

bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:39

bb::ECCVMFlavor::TRACE_OFFSET
static constexpr size_t TRACE_OFFSET
Definition eccvm_flavor.hpp:62

bb::ECCVMTraceChecker::check
static bool check(ECCVMCircuitBuilder &, numeric::RNG *engine_ptr=nullptr)
Definition eccvm_trace_checker.cpp:12

bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75

bb::Relation
A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribu...
Definition relation_types.hpp:96

bb::Relation::SumcheckArrayOfValuesOverSubrelations
ArrayOfValues< FF, RelationImpl::SUBRELATION_PARTIAL_LENGTHS > SumcheckArrayOfValuesOverSubrelations
Definition relation_types.hpp:106

bb::numeric::RNG
Definition engine.hpp:17

info
#define info(...)
Definition log.hpp:93

bb::isSkippable
The templates defined herein facilitate sharing the relation arithmetic between the prover and the ve...
Definition relation_types.hpp:70

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

eccvm_flavor.hpp

ProverPolynomials
typename ECCVMFlavor::ProverPolynomials ProverPolynomials
Definition eccvm_trace_checker.cpp:10

eccvm_trace_checker.hpp

grand_product_library.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::RelationParameters
Container for parameters used by the grand product (permutation, lookup) Honk relations.
Definition relation_parameters.hpp:18

bb::RelationParameters::eta
T eta
Definition relation_parameters.hpp:24

bb::field< bb::Bn254FrParams >

bb::field::invert
constexpr field invert() const noexcept
Definition field_impl.hpp:386

bb::field< bb::Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:777

bb::field::sqr
BB_INLINE constexpr field sqr() const noexcept
Definition field_impl.hpp:72