Barretenberg: src/barretenberg/eccvm/eccvm_translation_data.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Planned, auditors: [], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once

#include "barretenberg/eccvm/eccvm_flavor.hpp"

#include "barretenberg/goblin/translation_evaluations.hpp"

#include "barretenberg/transcript/transcript.hpp"


namespace bb {


template <typename Transcript> class TranslationData {

  public:

    using Flavor = ECCVMFlavor;

    using FF = typename Flavor::FF;

    using BF = typename Flavor::BF;

    using Commitment = typename Flavor::Commitment;

    using CommitmentKey = typename Flavor::CommitmentKey;

    using Polynomial = typename Flavor::Polynomial;

    static constexpr size_t SUBGROUP_SIZE = Flavor::Curve::SUBGROUP_SIZE;


    // A masking term of length 2 (degree 1) is required to mask [G] and G(r).

    static constexpr size_t WITNESS_MASKING_TERM_LENGTH = 2;

    static constexpr size_t MASKED_CONCATENATED_WITNESS_LENGTH = SUBGROUP_SIZE + WITNESS_MASKING_TERM_LENGTH;


    // M(X) whose Lagrange coefficients are given by (m_0||m_1|| ... || m_{NUM_TRANSLATION_EVALUATIONS-1} || 0 ||...||0)

    Polynomial concatenated_polynomial_lagrange;


    // M(X) + Z_H(X) * R(X), where R(X) is a random polynomial of length = WITNESS_MASKING_TERM_LENGTH

    Polynomial masked_concatenated_polynomial;


    // Interpolation domain {1, g, \ldots, g^{SUBGROUP_SIZE - 1}} required for Lagrange interpolation

    std::array<FF, SUBGROUP_SIZE> interpolation_domain;


    TranslationData(const RefVector<Polynomial>& transcript_polynomials,

                    const std::shared_ptr<Transcript>& transcript,

                    CommitmentKey& commitment_key)

        : concatenated_polynomial_lagrange(SUBGROUP_SIZE)

        , masked_concatenated_polynomial(MASKED_CONCATENATED_WITNESS_LENGTH)

    {

        // Reallocate the commitment key if necessary. This is an edge case with SmallSubgroupIPA since it has

        // polynomials that may exceed the circuit size.

        if (commitment_key.srs_size < MASKED_CONCATENATED_WITNESS_LENGTH) {

            commitment_key = typename Flavor::CommitmentKey(MASKED_CONCATENATED_WITNESS_LENGTH);

        }

        // Create interpolation domain required for Lagrange interpolation

        interpolation_domain[0] = FF{ 1 };


        for (size_t idx = 1; idx < SUBGROUP_SIZE; idx++) {

            interpolation_domain[idx] = interpolation_domain[idx - 1] * Flavor::Curve::subgroup_generator;

        }

        // Concatenate the last entries of the `transcript_polynomials`.

        compute_concatenated_polynomials(transcript_polynomials);


        // Commit to  M(X) + Z_H(X)*R(X), where R is a random polynomial of WITNESS_MASKING_TERM_LENGTH.

        transcript->send_to_verifier("Translation:concatenated_masking_term_commitment",

                                     commitment_key.commit(masked_concatenated_polynomial));

    }


    void compute_concatenated_polynomials(const RefVector<Polynomial>& transcript_polynomials)

    {

        std::array<FF, SUBGROUP_SIZE> coeffs_lagrange_subgroup;


        for (size_t idx = 0; idx < SUBGROUP_SIZE; idx++) {

            coeffs_lagrange_subgroup[idx] = FF{ 0 };

        }


        // Extract the masking terms from the head of the transcript polynomials (top-of-trace masking)

        // Positions 0..TRACE_OFFSET-1 contain: zero row (pos 0), masking values (pos 1,2,3)

        constexpr size_t coeffs_per_poly = Flavor::TRACE_OFFSET;

        for (size_t poly_idx = 0; poly_idx < NUM_TRANSLATION_EVALUATIONS; poly_idx++) {

            for (size_t idx = 0; idx < coeffs_per_poly; idx++) {

                size_t idx_to_populate = poly_idx * coeffs_per_poly + idx;

                coeffs_lagrange_subgroup[idx_to_populate] = transcript_polynomials[poly_idx][idx];

            }

        }

        concatenated_polynomial_lagrange = Polynomial(coeffs_lagrange_subgroup);


        // Generate the masking term

        auto masking_scalars = bb::Univariate<FF, WITNESS_MASKING_TERM_LENGTH>::get_random();


        // Compute monomial coefficients of the concatenated polynomial

        Polynomial concatenated_monomial_form_unmasked(interpolation_domain, coeffs_lagrange_subgroup, SUBGROUP_SIZE);


        for (size_t idx = 0; idx < SUBGROUP_SIZE; idx++) {

            masked_concatenated_polynomial.at(idx) = concatenated_monomial_form_unmasked.at(idx);

        }


        // Mask the polynomial in monomial form.

        for (size_t idx = 0; idx < masking_scalars.size(); idx++) {

            masked_concatenated_polynomial.at(idx) -= masking_scalars.value_at(idx);

            masked_concatenated_polynomial.at(SUBGROUP_SIZE + idx) += masking_scalars.value_at(idx);

        }

    }


};


} // namespace bb

bb::ECCVMFlavor
Definition eccvm_flavor.hpp:37

bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:43

bb::ECCVMFlavor::Commitment
typename G1::affine_element Commitment
Definition eccvm_flavor.hpp:47

bb::ECCVMFlavor::BF
typename Curve::BaseField BF
Definition eccvm_flavor.hpp:44

bb::ECCVMFlavor::Polynomial
bb::Polynomial< FF > Polynomial
Definition eccvm_flavor.hpp:45

bb::ECCVMFlavor::CommitmentKey
bb::CommitmentKey< Curve > CommitmentKey
Definition eccvm_flavor.hpp:48

bb::ECCVMFlavor::TRACE_OFFSET
static constexpr size_t TRACE_OFFSET
Definition eccvm_flavor.hpp:62

bb::RefVector
A template class for a reference vector. Behaves as if std::vector<T&> was possible.
Definition ref_vector.hpp:24

bb::TranslationData
A class designed to accept the ECCVM Transcript Polynomials, concatenate their masking terms in Lagra...
Definition eccvm_translation_data.hpp:20

bb::TranslationData::compute_concatenated_polynomials
void compute_concatenated_polynomials(const RefVector< Polynomial > &transcript_polynomials)
Extract the first  coefficients from each of the  transcript polynomials, concatenate them as ,...
Definition eccvm_translation_data.hpp:88

bb::TranslationData::MASKED_CONCATENATED_WITNESS_LENGTH
static constexpr size_t MASKED_CONCATENATED_WITNESS_LENGTH
Definition eccvm_translation_data.hpp:32

bb::TranslationData::TranslationData
TranslationData(const RefVector< Polynomial > &transcript_polynomials, const std::shared_ptr< Transcript > &transcript, CommitmentKey &commitment_key)
Let  and . Given masked transcript polynomials  for , we extract their first  coefficients (the maski...
Definition eccvm_translation_data.hpp:58

bb::TranslationData::CommitmentKey
typename Flavor::CommitmentKey CommitmentKey
Definition eccvm_translation_data.hpp:26

bb::TranslationData::concatenated_polynomial_lagrange
Polynomial concatenated_polynomial_lagrange
Definition eccvm_translation_data.hpp:35

bb::TranslationData::BF
typename Flavor::BF BF
Definition eccvm_translation_data.hpp:24

bb::TranslationData::Polynomial
typename Flavor::Polynomial Polynomial
Definition eccvm_translation_data.hpp:27

bb::TranslationData::SUBGROUP_SIZE
static constexpr size_t SUBGROUP_SIZE
Definition eccvm_translation_data.hpp:28

bb::TranslationData::FF
typename Flavor::FF FF
Definition eccvm_translation_data.hpp:23

bb::TranslationData::masked_concatenated_polynomial
Polynomial masked_concatenated_polynomial
Definition eccvm_translation_data.hpp:38

bb::TranslationData::Commitment
typename Flavor::Commitment Commitment
Definition eccvm_translation_data.hpp:25

bb::TranslationData::interpolation_domain
std::array< FF, SUBGROUP_SIZE > interpolation_domain
Definition eccvm_translation_data.hpp:41

bb::TranslationData::WITNESS_MASKING_TERM_LENGTH
static constexpr size_t WITNESS_MASKING_TERM_LENGTH
Definition eccvm_translation_data.hpp:31

bb::Univariate::get_random
static Univariate get_random()
Definition univariate.hpp:142

eccvm_flavor.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

transcript.hpp

translation_evaluations.hpp