Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
eccvm_transcript.test.cpp
Go to the documentation of this file.
1#include "barretenberg/commitment_schemes/ipa/ipa.hpp"
2#include "barretenberg/ecc/curves/bn254/g1.hpp"
3#include "barretenberg/eccvm/eccvm_flavor.hpp"
4#include "barretenberg/eccvm/eccvm_prover.hpp"
5#include "barretenberg/eccvm/eccvm_test_utils.hpp"
6#include "barretenberg/eccvm/eccvm_verifier.hpp"
7#include "barretenberg/flavor/flavor.hpp"
8#include "barretenberg/numeric/bitop/get_msb.hpp"
9#include "barretenberg/polynomials/univariate.hpp"
10#include "barretenberg/srs/global_crs.hpp"
11#include "barretenberg/transcript/transcript.hpp"
12#include <gtest/gtest.h>
13
14using namespace bb;
15using eccvm_test_utils::add_hiding_op_for_test;
16
17class ECCVMTranscriptTests : public ::testing::Test {
18 public:
19 void SetUp() override { srs::init_file_crs_factory(srs::bb_crs_path()); };
20 using FF = grumpkin::fr;
21 using Flavor = ECCVMFlavor;
22 using Transcript = Flavor::Transcript;
23 using PCS = IPA<Flavor::Curve, CONST_ECCVM_LOG_N>;
35 TranscriptManifest construct_eccvm_honk_manifest()
36 {
37 TranscriptManifest manifest_expected;
38 // Size of types is number of bb::frs needed to represent the type
39 size_t frs_per_Fq = FrCodec::calc_num_fields<FF>();
40 size_t frs_per_Fr = FrCodec::calc_num_fields<Flavor::BF>();
41 size_t frs_per_G = FrCodec::calc_num_fields<typename Flavor::Commitment>();
42 size_t frs_per_evals = (Flavor::NUM_ALL_ENTITIES)*frs_per_Fq;
43
44 size_t round = 0;
45 manifest_expected.add_entry(round, "vk_hash", frs_per_Fr);
46 manifest_expected.add_entry(round, "Gemini:masking_poly_comm", frs_per_G);
47 manifest_expected.add_entry(round, "TRANSCRIPT_ADD", frs_per_G);
48 manifest_expected.add_entry(round, "TRANSCRIPT_EQ", frs_per_G);
49 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_TRANSITION", frs_per_G);
50 manifest_expected.add_entry(round, "TRANSCRIPT_PX", frs_per_G);
51 manifest_expected.add_entry(round, "TRANSCRIPT_PY", frs_per_G);
52 manifest_expected.add_entry(round, "TRANSCRIPT_Z1", frs_per_G);
53 manifest_expected.add_entry(round, "TRANSCRIPT_Z2", frs_per_G);
54 manifest_expected.add_entry(round, "TRANSCRIPT_Z1ZERO", frs_per_G);
55 manifest_expected.add_entry(round, "TRANSCRIPT_Z2ZERO", frs_per_G);
56 manifest_expected.add_entry(round, "TRANSCRIPT_OP", frs_per_G);
57 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_X", frs_per_G);
58 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_Y", frs_per_G);
59 manifest_expected.add_entry(round, "PRECOMPUTE_POINT_TRANSITION", frs_per_G);
60 manifest_expected.add_entry(round, "PRECOMPUTE_S1LO", frs_per_G);
61 manifest_expected.add_entry(round, "PRECOMPUTE_S2HI", frs_per_G);
62 manifest_expected.add_entry(round, "PRECOMPUTE_S2LO", frs_per_G);
63 manifest_expected.add_entry(round, "PRECOMPUTE_S3HI", frs_per_G);
64 manifest_expected.add_entry(round, "PRECOMPUTE_S3LO", frs_per_G);
65 manifest_expected.add_entry(round, "PRECOMPUTE_S4HI", frs_per_G);
66 manifest_expected.add_entry(round, "PRECOMPUTE_S4LO", frs_per_G);
67 manifest_expected.add_entry(round, "PRECOMPUTE_SKEW", frs_per_G);
68 manifest_expected.add_entry(round, "MSM_SIZE_OF_MSM", frs_per_G);
69 manifest_expected.add_entry(round, "MSM_ADD2", frs_per_G);
70 manifest_expected.add_entry(round, "MSM_ADD3", frs_per_G);
71 manifest_expected.add_entry(round, "MSM_ADD4", frs_per_G);
72 manifest_expected.add_entry(round, "MSM_X1", frs_per_G);
73 manifest_expected.add_entry(round, "MSM_Y1", frs_per_G);
74 manifest_expected.add_entry(round, "MSM_X2", frs_per_G);
75 manifest_expected.add_entry(round, "MSM_Y2", frs_per_G);
76 manifest_expected.add_entry(round, "MSM_X3", frs_per_G);
77 manifest_expected.add_entry(round, "MSM_Y3", frs_per_G);
78 manifest_expected.add_entry(round, "MSM_X4", frs_per_G);
79 manifest_expected.add_entry(round, "MSM_Y4", frs_per_G);
80 manifest_expected.add_entry(round, "MSM_COLLISION_X1", frs_per_G);
81 manifest_expected.add_entry(round, "MSM_COLLISION_X2", frs_per_G);
82 manifest_expected.add_entry(round, "MSM_COLLISION_X3", frs_per_G);
83 manifest_expected.add_entry(round, "MSM_COLLISION_X4", frs_per_G);
84 manifest_expected.add_entry(round, "MSM_LAMBDA1", frs_per_G);
85 manifest_expected.add_entry(round, "MSM_LAMBDA2", frs_per_G);
86 manifest_expected.add_entry(round, "MSM_LAMBDA3", frs_per_G);
87 manifest_expected.add_entry(round, "MSM_LAMBDA4", frs_per_G);
88 manifest_expected.add_entry(round, "MSM_SLICE1", frs_per_G);
89 manifest_expected.add_entry(round, "MSM_SLICE2", frs_per_G);
90 manifest_expected.add_entry(round, "MSM_SLICE3", frs_per_G);
91 manifest_expected.add_entry(round, "MSM_SLICE4", frs_per_G);
92 manifest_expected.add_entry(round, "TRANSCRIPT_RESET_ACCUMULATOR", frs_per_G);
93 manifest_expected.add_entry(round, "LOOKUP_READ_COUNTS_0", frs_per_G);
94 manifest_expected.add_entry(round, "LOOKUP_READ_COUNTS_1", frs_per_G);
95 manifest_expected.add_entry(round, "TRANSCRIPT_BASE_INFINITY", frs_per_G);
96 manifest_expected.add_entry(round, "TRANSCRIPT_BASE_X_INVERSE", frs_per_G);
97 manifest_expected.add_entry(round, "TRANSCRIPT_BASE_Y_INVERSE", frs_per_G);
98 manifest_expected.add_entry(round, "TRANSCRIPT_ADD_X_EQUAL", frs_per_G);
99 manifest_expected.add_entry(round, "TRANSCRIPT_ADD_Y_EQUAL", frs_per_G);
100 manifest_expected.add_entry(round, "TRANSCRIPT_ADD_LAMBDA", frs_per_G);
101 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_INTERMEDIATE_X", frs_per_G);
102 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_INTERMEDIATE_Y", frs_per_G);
103 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_INFINITY", frs_per_G);
104 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_X_INVERSE", frs_per_G);
105 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_ZERO_AT_TRANSITION", frs_per_G);
106 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_AT_TRANSITION_INVERSE", frs_per_G);
107 manifest_expected.add_entry(round, "TRANSCRIPT_MUL", frs_per_G);
108 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT", frs_per_G);
109 manifest_expected.add_entry(round, "PRECOMPUTE_SCALAR_SUM", frs_per_G);
110 manifest_expected.add_entry(round, "PRECOMPUTE_S1HI", frs_per_G);
111 manifest_expected.add_entry(round, "PRECOMPUTE_DX", frs_per_G);
112 manifest_expected.add_entry(round, "PRECOMPUTE_DY", frs_per_G);
113 manifest_expected.add_entry(round, "PRECOMPUTE_TX", frs_per_G);
114 manifest_expected.add_entry(round, "PRECOMPUTE_TY", frs_per_G);
115 manifest_expected.add_entry(round, "MSM_TRANSITION", frs_per_G);
116 manifest_expected.add_entry(round, "MSM_ADD", frs_per_G);
117 manifest_expected.add_entry(round, "MSM_DOUBLE", frs_per_G);
118 manifest_expected.add_entry(round, "MSM_SKEW", frs_per_G);
119 manifest_expected.add_entry(round, "MSM_ACCUMULATOR_X", frs_per_G);
120 manifest_expected.add_entry(round, "MSM_ACCUMULATOR_Y", frs_per_G);
121 manifest_expected.add_entry(round, "MSM_COUNT", frs_per_G);
122 manifest_expected.add_entry(round, "MSM_ROUND", frs_per_G);
123 manifest_expected.add_entry(round, "MSM_ADD1", frs_per_G);
124 manifest_expected.add_entry(round, "MSM_PC", frs_per_G);
125 manifest_expected.add_entry(round, "PRECOMPUTE_PC", frs_per_G);
126 manifest_expected.add_entry(round, "TRANSCRIPT_PC", frs_per_G);
127 manifest_expected.add_entry(round, "PRECOMPUTE_ROUND", frs_per_G);
128 manifest_expected.add_entry(round, "PRECOMPUTE_SELECT", frs_per_G);
129 manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_NOT_EMPTY", frs_per_G);
130 manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G);
131 manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G);
132 manifest_expected.add_challenge(round, std::array{ "beta", "gamma" });
133
134 round++;
135 manifest_expected.add_entry(round, "LOOKUP_INVERSES", frs_per_G);
136 manifest_expected.add_entry(round, "Z_PERM", frs_per_G);
137 manifest_expected.add_challenge(round, "Sumcheck:alpha");
138
139 manifest_expected.add_challenge(round, "Sumcheck:gate_challenge");
140 round++;
141
142 manifest_expected.add_entry(round, "Libra:concatenation_commitment", frs_per_G);
143 manifest_expected.add_entry(round, "Libra:Sum", frs_per_Fq);
144 // get the challenge for the ZK Sumcheck claim
145 manifest_expected.add_challenge(round, "Libra:Challenge");
146
147 for (size_t i = 0; i < CONST_ECCVM_LOG_N; ++i) {
148 round++;
149 std::string idx = std::to_string(i);
150 manifest_expected.add_entry(round, "Sumcheck:univariate_comm_" + idx, frs_per_G);
151 manifest_expected.add_entry(round, "Sumcheck:univariate_" + idx + "_eval_0", frs_per_Fq);
152 manifest_expected.add_entry(round, "Sumcheck:univariate_" + idx + "_eval_1", frs_per_Fq);
153 std::string label = "Sumcheck:u_" + idx;
154 manifest_expected.add_challenge(round, label);
155 }
156
157 round++;
158
159 manifest_expected.add_entry(round, "Sumcheck:evaluations", frs_per_evals);
160 manifest_expected.add_entry(round, "Libra:claimed_evaluation", frs_per_Fq);
161 manifest_expected.add_entry(round, "Libra:grand_sum_commitment", frs_per_G);
162 manifest_expected.add_entry(round, "Libra:quotient_commitment", frs_per_G);
163
164 manifest_expected.add_challenge(round, "rho");
165
166 round++;
167 for (size_t i = 1; i < CONST_ECCVM_LOG_N; ++i) {
168 std::string idx = std::to_string(i);
169 manifest_expected.add_entry(round, "Gemini:FOLD_" + idx, frs_per_G);
170 }
171 manifest_expected.add_challenge(round, "Gemini:r");
172 round++;
173 for (size_t i = 1; i <= CONST_ECCVM_LOG_N; ++i) {
174 std::string idx = std::to_string(i);
175 manifest_expected.add_entry(round, "Gemini:a_" + idx, frs_per_Fq);
176 }
177 manifest_expected.add_entry(round, "Libra:concatenation_eval", frs_per_Fq);
178 manifest_expected.add_entry(round, "Libra:shifted_grand_sum_eval", frs_per_Fq);
179 manifest_expected.add_entry(round, "Libra:grand_sum_eval", frs_per_Fq);
180 manifest_expected.add_entry(round, "Libra:quotient_eval", frs_per_Fq);
181 manifest_expected.add_challenge(round, "Shplonk:nu");
182 round++;
183 manifest_expected.add_entry(round, "Shplonk:Q", frs_per_G);
184 manifest_expected.add_challenge(round, "Shplonk:z");
185
186 round++;
187 manifest_expected.add_entry(round, "Translation:concatenated_masking_term_commitment", frs_per_G);
188 manifest_expected.add_challenge(round, "Translation:evaluation_challenge_x");
189
190 round++;
191 manifest_expected.add_entry(round, "Translation:op", frs_per_Fq);
192 manifest_expected.add_entry(round, "Translation:Px", frs_per_Fq);
193 manifest_expected.add_entry(round, "Translation:Py", frs_per_Fq);
194 manifest_expected.add_entry(round, "Translation:z1", frs_per_Fq);
195 manifest_expected.add_entry(round, "Translation:z2", frs_per_Fq);
196 manifest_expected.add_challenge(round, "Translation:batching_challenge_v");
197
198 round++;
199 manifest_expected.add_entry(round, "Translation:masking_term_eval", frs_per_Fq);
200 manifest_expected.add_entry(round, "Translation:grand_sum_commitment", frs_per_G);
201 manifest_expected.add_entry(round, "Translation:quotient_commitment", frs_per_G);
202 manifest_expected.add_challenge(round, "Translation:small_ipa_evaluation_challenge");
203
204 round++;
205 manifest_expected.add_entry(round, "Translation:concatenation_eval", frs_per_Fq);
206 manifest_expected.add_entry(round, "Translation:grand_sum_shift_eval", frs_per_Fq);
207 manifest_expected.add_entry(round, "Translation:grand_sum_eval", frs_per_Fq);
208 manifest_expected.add_entry(round, "Translation:quotient_eval", frs_per_Fq);
209 manifest_expected.add_challenge(round, "Shplonk:nu");
210
211 round++;
212 manifest_expected.add_entry(round, "Shplonk:Q", frs_per_G);
213 manifest_expected.add_challenge(round, "Shplonk:z");
214
215 return manifest_expected;
216 }
217
218 TranscriptManifest construct_eccvm_ipa_manifest()
219 {
220 TranscriptManifest manifest_expected;
221 // Size of types is number of bb::frs needed to represent the type
222 size_t frs_per_Fq = FrCodec::calc_num_fields<FF>();
223 size_t frs_per_G = FrCodec::calc_num_fields<Flavor::Commitment>();
224 size_t round = 0;
225
226 manifest_expected.add_entry(round, "IPA:commitment", frs_per_G);
227 manifest_expected.add_entry(round, "IPA:challenge", frs_per_Fq);
228 manifest_expected.add_entry(round, "IPA:evaluation", frs_per_Fq);
229 manifest_expected.add_challenge(round, "IPA:generator_challenge");
230
231 for (size_t i = 0; i < CONST_ECCVM_LOG_N; ++i) {
232 round++;
233 std::string idx = std::to_string(CONST_ECCVM_LOG_N - i - 1);
234 manifest_expected.add_entry(round, "IPA:L_" + idx, frs_per_G);
235 manifest_expected.add_entry(round, "IPA:R_" + idx, frs_per_G);
236 std::string label = "IPA:round_challenge_" + idx;
237 manifest_expected.add_challenge(round, label);
238 }
239
240 round++;
241 manifest_expected.add_entry(round, "IPA:G_0", frs_per_G);
242 manifest_expected.add_entry(round, "IPA:a_0", frs_per_Fq);
243 return manifest_expected;
244 }
245
246 ECCVMCircuitBuilder generate_trace(numeric::RNG* engine = nullptr)
247 {
248 std::shared_ptr<ECCOpQueue> op_queue = std::make_shared<ECCOpQueue>();
249 using G1 = typename Flavor::CycleGroup;
250 using Fr = typename G1::Fr;
251
252 auto generators = G1::derive_generators("test generators", 3);
253
254 typename G1::element a = generators[0];
255 typename G1::element b = generators[1];
256 typename G1::element c = generators[2];
257 Fr x = Fr::random_element(engine);
258 Fr y = Fr::random_element(engine);
259
260 op_queue->add_accumulate(a);
261 op_queue->mul_accumulate(a, x);
262 op_queue->mul_accumulate(b, x);
263 op_queue->mul_accumulate(b, y);
264 op_queue->add_accumulate(a);
265 op_queue->mul_accumulate(b, x);
266 op_queue->eq_and_reset();
267 op_queue->add_accumulate(c);
268 op_queue->mul_accumulate(a, x);
269 op_queue->mul_accumulate(b, x);
270 op_queue->eq_and_reset();
271 op_queue->mul_accumulate(a, x);
272 op_queue->mul_accumulate(b, x);
273 op_queue->mul_accumulate(c, x);
274 op_queue->merge();
275 add_hiding_op_for_test(op_queue);
276
277 ECCVMCircuitBuilder builder{ op_queue };
278 return builder;
279 }
280};
281
282numeric::RNG& engine = numeric::get_debug_randomness();
283
288TEST_F(ECCVMTranscriptTests, ProverManifestConsistency)
289{
290 // Construct a simple circuit
291 auto builder = this->generate_trace(&engine);
292
293 // Automatically generate a transcript manifest by constructing a proof
294 std::shared_ptr<Transcript> prover_transcript = std::make_shared<Transcript>();
295 ECCVMProver prover(builder, prover_transcript);
296 prover.transcript->enable_manifest();
297 auto [proof, opening_claim] = prover.construct_proof();
298
299 // Compute IPA proof with manifest enabled
300 auto ipa_transcript = std::make_shared<Transcript>();
301 ipa_transcript->enable_manifest();
302 PCS::compute_opening_proof(prover.key->commitment_key, opening_claim, ipa_transcript);
303
304 // Check that the prover generated manifest agrees with the manifest hard coded in this suite
305 auto manifest_expected = this->construct_eccvm_honk_manifest();
306 auto prover_manifest = prover.transcript->get_manifest();
307
308 // Note: a manifest can be printed using manifest.print()
309 ASSERT_GT(manifest_expected.size(), 0);
310 for (size_t round = 0; round < manifest_expected.size(); ++round) {
311 ASSERT_EQ(prover_manifest[round], manifest_expected[round]) << "Prover manifest discrepency in round " << round;
312 }
313
314 auto ipa_manifest_expected = this->construct_eccvm_ipa_manifest();
315 auto prover_ipa_manifest = ipa_transcript->get_manifest();
316
317 // Note: a manifest can be printed using manifest.print()
318 ASSERT_GT(ipa_manifest_expected.size(), 0);
319 for (size_t round = 0; round < ipa_manifest_expected.size(); ++round) {
320 ASSERT_EQ(prover_ipa_manifest[round], ipa_manifest_expected[round])
321 << "IPA prover manifest discrepency in round " << round;
322 }
323}
324
330TEST_F(ECCVMTranscriptTests, VerifierManifestConsistency)
331{
332 // Construct a simple circuit
333 auto builder = this->generate_trace(&engine);
334
335 // Automatically generate a transcript manifest in the prover by constructing a proof
336 std::shared_ptr<Transcript> prover_transcript = std::make_shared<Transcript>();
337 ECCVMProver prover(builder, prover_transcript);
338 prover_transcript->enable_manifest();
339 auto [proof, opening_claim] = prover.construct_proof();
340
341 // Compute IPA proof with manifest enabled
342 auto prover_ipa_transcript = std::make_shared<Transcript>();
343 prover_ipa_transcript->enable_manifest();
344 PCS::compute_opening_proof(prover.key->commitment_key, opening_claim, prover_ipa_transcript);
345
346 // Automatically generate a transcript manifest in the verifier by verifying a proof
347 std::shared_ptr<Transcript> verifier_transcript = std::make_shared<Transcript>();
348 verifier_transcript->enable_manifest();
349 ECCVMVerifier verifier(verifier_transcript, proof);
350 auto verification_result = verifier.reduce_to_ipa_opening();
351
352 // Verify IPA with manifest enabled
353 auto verifier_ipa_transcript = std::make_shared<Transcript>(prover_ipa_transcript->export_proof());
354 verifier_ipa_transcript->enable_manifest();
355 auto ipa_vk = VerifierCommitmentKey<curve::Grumpkin>{ ECCVMFlavor::ECCVM_FIXED_SIZE };
356 IPA<curve::Grumpkin>::reduce_verify(ipa_vk, verification_result.ipa_claim, verifier_ipa_transcript);
357
358 // Check consistency between the manifests generated by the prover and verifier
359 auto prover_manifest = prover.transcript->get_manifest();
360 auto verifier_manifest = verifier.get_transcript()->get_manifest();
361
362 // Note: a manifest can be printed using manifest.print()
363 // The last challenge generated by the ECCVM Prover is the translation univariate batching challenge and, on the
364 // verifier side, is only generated in the translator verifier hence the ECCVM prover's manifest will have one extra
365 // challenge
366 ASSERT_GT(prover_manifest.size(), 0);
367 for (size_t round = 0; round < prover_manifest.size() - 1; ++round) {
368 ASSERT_EQ(prover_manifest[round], verifier_manifest[round])
369 << "Prover/Verifier manifest discrepency in round " << round;
370 }
371
372 // Check consistency of IPA transcripts
373 auto prover_ipa_manifest = prover_ipa_transcript->get_manifest();
374 auto verifier_ipa_manifest = verifier_ipa_transcript->get_manifest();
375 ASSERT_GT(prover_ipa_manifest.size(), 0);
376 for (size_t round = 0; round < prover_ipa_manifest.size(); ++round) {
377 ASSERT_EQ(prover_ipa_manifest[round], verifier_ipa_manifest[round])
378 << "Prover/Verifier IPA manifest discrepency in round " << round;
379 }
380}
381
387TEST_F(ECCVMTranscriptTests, ChallengeGenerationTest)
388{
389 // initialized with random value sent to verifier
390 auto transcript = Flavor::Transcript::test_prover_init_empty();
391 // test a bunch of challenges
392 std::vector<std::string> challenge_labels{ "a", "b", "c", "d", "e", "f" };
393 auto challenges = transcript->template get_challenges<FF>(challenge_labels);
394 // check they are not 0
395 for (size_t i = 0; i < challenges.size(); ++i) {
396 ASSERT_NE(challenges[i], 0) << "Challenge " << i << " is 0";
397 }
398 constexpr uint32_t random_val{ 17 }; // arbitrary
399 transcript->send_to_verifier("random val", random_val);
400 // test more challenges
401 challenge_labels = { "a", "b", "c" };
402 challenges = transcript->template get_challenges<FF>(challenge_labels);
403
404 ASSERT_NE(challenges[0], 0) << "Challenge a is 0";
405 ASSERT_NE(challenges[1], 0) << "Challenge b is 0";
406 ASSERT_NE(challenges[2], 0) << "Challenge c is 0";
407}
ECCVMTranscriptTests::generate_trace
ECCVMCircuitBuilder generate_trace(numeric::RNG *engine=nullptr)
Definition eccvm_transcript.test.cpp:246
ECCVMTranscriptTests::construct_eccvm_honk_manifest
TranscriptManifest construct_eccvm_honk_manifest()
Construct a manifest for a ECCVM Honk proof.
Definition eccvm_transcript.test.cpp:35
ECCVMTranscriptTests::construct_eccvm_ipa_manifest
TranscriptManifest construct_eccvm_ipa_manifest()
Definition eccvm_transcript.test.cpp:218
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::ECCVMFlavor::ECCVM_FIXED_SIZE
static constexpr size_t ECCVM_FIXED_SIZE
Definition eccvm_flavor.hpp:68
bb::ECCVMFlavor::NUM_ALL_ENTITIES
static constexpr size_t NUM_ALL_ENTITIES
Definition eccvm_flavor.hpp:79
bb::ECCVMFlavor::Transcript
BaseTranscript< Codec, HashFunction > Transcript
Definition eccvm_flavor.hpp:53
bb::ECCVMProver::transcript
std::shared_ptr< Transcript > transcript
Definition eccvm_prover.hpp:53
bb::ECCVMProver::construct_proof
std::pair< Proof, OpeningClaim > construct_proof()
Definition eccvm_prover.cpp:207
bb::ECCVMProver::key
std::shared_ptr< ProvingKey > key
Definition eccvm_prover.hpp:69
bb::ECCVMVerifier_
Unified ECCVM verifier class for both native and recursive verification.
Definition eccvm_verifier.hpp:19
bb::ECCVMVerifier_::get_transcript
std::shared_ptr< Transcript > get_transcript() const
Definition eccvm_verifier.hpp:92
bb::ECCVMVerifier_::reduce_to_ipa_opening
ReductionResult reduce_to_ipa_opening()
Reduce the ECCVM proof to an IPA opening claim.
Definition eccvm_verifier.cpp:21
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:86
bb::TranscriptManifest::add_entry
void add_entry(size_t round, const std::string &element_label, size_t element_size)
Definition transcript_manifest.hpp:78
bb::TranscriptManifest::add_challenge
void add_challenge(size_t round, const std::string &label)
Add a single challenge label to the manifest for the given round.
Definition transcript_manifest.hpp:45
bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
a
FF a
Definition field_gt.test.cpp:52
b
FF b
Definition field_gt.test.cpp:53
eccvm_flavor.hpp
eccvm_prover.hpp
eccvm_test_utils.hpp
engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:282
eccvm_verifier.hpp
flavor.hpp
Base class templates shared across Honk flavors.
get_msb.hpp
global_crs.hpp
bb::eccvm_test_utils::add_hiding_op_for_test
void add_hiding_op_for_test(const std::shared_ptr< ECCOpQueue > &op_queue)
Set a hiding op on the op_queue for testing.
Definition eccvm_test_utils.hpp:70
bb::numeric::get_debug_randomness
RNG & get_debug_randomness(bool reset, std::uint_fast64_t seed)
Definition engine.cpp:245
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::TEST_F
TEST_F(IPATest, ChallengesAreZero)
Definition ipa.test.cpp:155
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402
G1
Curve::AffineElement G1
Definition pippenger.bench.cpp:22
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:777