Barretenberg: src/barretenberg/goblin/goblin.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Planned, auditors: [], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "barretenberg/eccvm/eccvm_flavor.hpp"

#include "barretenberg/eccvm/eccvm_prover.hpp"

#include "barretenberg/flavor/mega_flavor.hpp"

#include "barretenberg/goblin/batch_merge_prover.hpp"

#include "barretenberg/goblin/batch_merge_verifier.hpp"

#include "barretenberg/goblin/merge_prover.hpp"

#include "barretenberg/goblin/merge_verifier.hpp"

#include "barretenberg/goblin/types.hpp"

#include "barretenberg/stdlib/proof/proof.hpp"

#include "barretenberg/translator_vm/translator_circuit_builder.hpp"

#include "barretenberg/translator_vm/translator_flavor.hpp"

#include "barretenberg/ultra_honk/prover_instance.hpp"


namespace bb {


class Goblin {

    using Commitment = MegaFlavor::Commitment;

    using FF = MegaFlavor::FF;


  protected:

    // In AVM we only use Goblin for a single circuit whose proof is not required to be zero-knowledge. While Translator

    // will still expect to find random ops at the beginning to ensure the accumulation result remains at a fixed row we

    // opt for not adding random ops at the end of the op queue.

    bool avm_mode = false;


  public:

    using MegaBuilder = MegaCircuitBuilder;

    using Fr = bb::fr;

    using Transcript = NativeTranscript;

    using OpQueue = ECCOpQueue;

    using ECCVMBuilder = ECCVMFlavor::CircuitBuilder;

    using ECCVMProvingKey = ECCVMFlavor::ProvingKey;

    using TranslatorBuilder = TranslatorCircuitBuilder;

    using MergeProof = MergeProver::MergeProof;

    using BatchMergeProof = BatchMergeProver::MergeProof;

    using ECCVMVerificationKey = ECCVMFlavor::VerificationKey;

    using TranslatorVerificationKey = TranslatorFlavor::VerificationKey;

    using MergeRecursiveVerifier = stdlib::recursion::goblin::MergeRecursiveVerifier<MegaBuilder>;

    using BatchMergeRecursiveVerifier = stdlib::recursion::goblin::BatchMergeRecursiveVerifier<MegaBuilder>;

    using PairingPoints = MergeRecursiveVerifier::PairingPoints;

    using TableCommitments = MergeVerifier::TableCommitments;

    using RecursiveTableCommitments = MergeRecursiveVerifier::TableCommitments;

    using BatchRecursiveTableCommitments = BatchMergeRecursiveVerifier::TableCommitments;

    using MergeCommitments = MergeVerifier::InputCommitments;

    using RecursiveMergeCommitments = MergeRecursiveVerifier::InputCommitments;

    using RecursiveCommitment = MergeRecursiveVerifier::Commitment;

    using RecursiveTranscript = MegaStdlibTranscript;

    using TranslatorInputData = TranslatorInputData_<fq>;

    using IPA_PCS = IPA<ECCVMFlavor::Curve, CONST_ECCVM_LOG_N>;


    std::shared_ptr<OpQueue> op_queue = std::make_shared<OpQueue>();


    GoblinProof goblin_proof;


    fq translation_batching_challenge_v;    // challenge for batching the translation polynomials

    fq evaluation_challenge_x;              // challenge for evaluating the translation polynomials

    std::shared_ptr<Transcript> transcript; // shared between ECCVM and Translator


    BatchMergeProof batch_merge_proof; // delayed batch merge proof for Chonk


    struct VerificationKey {

        std::shared_ptr<ECCVMVerificationKey> eccvm_verification_key = std::make_shared<ECCVMVerificationKey>();

        std::shared_ptr<TranslatorVerificationKey> translator_verification_key =

            std::make_shared<TranslatorVerificationKey>();

    };


    Goblin(const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>());


    MergeProof prove_merge(const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>()) const;


    void prove_eccvm();


    void prove_translator();


    GoblinProof prove();


    std::pair<PairingPoints, RecursiveTableCommitments> recursively_verify_merge(

        MegaBuilder& builder,

        const RecursiveMergeCommitments& merge_commitments,

        const std::shared_ptr<RecursiveTranscript>& transcript);


    void prove_batch_merge();


    std::pair<PairingPoints, BatchRecursiveTableCommitments> recursively_verify_batch_merge(

        MegaBuilder& builder, const BatchMergeRecursiveVerifier::FF& hash) const;

};


} // namespace bb

batch_merge_prover.hpp

batch_merge_verifier.hpp

bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41

bb::BatchMergeProver::MergeProof
std::vector< FF > MergeProof
Definition batch_merge_prover.hpp:38

bb::BatchMergeVerifier_
Unified batch verifier for the batch Goblin ECC op queue merge protocol.
Definition batch_merge_verifier.hpp:26

bb::BatchMergeVerifier_::FF
typename Curve::ScalarField FF
Definition batch_merge_verifier.hpp:28

bb::BatchMergeVerifier_::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition batch_merge_verifier.hpp:48

bb::ECCOpQueue
Manages ECC operations for the Goblin proving system.
Definition ecc_op_queue.hpp:38

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::ECCVMFlavor::ProvingKey
The proving key is responsible for storing the polynomials used by the prover.
Definition eccvm_flavor.hpp:824

bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:39

bb::ECCVMFlavor::VerificationKey
FixedVKAndHash_< PrecomputedEntities< Commitment >, BF, ECCVMHardcodedVKAndHash > VerificationKey
The verification key stores commitments to the precomputed polynomials used by the verifier.
Definition eccvm_flavor.hpp:846

bb::FixedVKAndHash_
Simple verification key class for fixed-size circuits (ECCVM, Translator, AVM).
Definition flavor.hpp:101

bb::Goblin
Definition goblin.hpp:24

bb::Goblin::evaluation_challenge_x
fq evaluation_challenge_x
Definition goblin.hpp:64

bb::Goblin::goblin_proof
GoblinProof goblin_proof
Definition goblin.hpp:61

bb::Goblin::RecursiveCommitment
MergeRecursiveVerifier::Commitment RecursiveCommitment
Definition goblin.hpp:54

bb::Goblin::prove_merge
MergeProof prove_merge(const std::shared_ptr< Transcript > &transcript=std::make_shared< Transcript >()) const
Construct a single-step merge proof for the most recently merged subtable.
Definition goblin.cpp:28

bb::Goblin::prove_eccvm
void prove_eccvm()
Construct an ECCVM proof and IPA opening proof.
Definition goblin.cpp:35

bb::Goblin::translation_batching_challenge_v
fq translation_batching_challenge_v
Definition goblin.hpp:63

bb::Goblin::TableCommitments
MergeVerifier::TableCommitments TableCommitments
Definition goblin.hpp:49

bb::Goblin::prove
GoblinProof prove()
Constuct a full Goblin proof (ECCVM, Translator, merge)
Definition goblin.cpp:69

bb::Goblin::prove_batch_merge
void prove_batch_merge()
Construct a batched merge proof for all subtables accumulated during the IVC.
Definition goblin.cpp:98

bb::Goblin::PairingPoints
MergeRecursiveVerifier::PairingPoints PairingPoints
Definition goblin.hpp:48

bb::Goblin::BatchRecursiveTableCommitments
BatchMergeRecursiveVerifier::TableCommitments BatchRecursiveTableCommitments
Definition goblin.hpp:51

bb::Goblin::batch_merge_proof
BatchMergeProof batch_merge_proof
Definition goblin.hpp:67

bb::Goblin::op_queue
std::shared_ptr< OpQueue > op_queue
Definition goblin.hpp:59

bb::Goblin::prove_translator
void prove_translator()
Construct a translator proof.
Definition goblin.cpp:60

bb::Goblin::Commitment
MegaFlavor::Commitment Commitment
Definition goblin.hpp:25

bb::Goblin::MergeProof
MergeProver::MergeProof MergeProof
Definition goblin.hpp:42

bb::Goblin::avm_mode
bool avm_mode
Definition goblin.hpp:32

bb::Goblin::BatchMergeProof
BatchMergeProver::MergeProof BatchMergeProof
Definition goblin.hpp:43

bb::Goblin::recursively_verify_merge
std::pair< PairingPoints, RecursiveTableCommitments > recursively_verify_merge(MegaBuilder &builder, const RecursiveMergeCommitments &merge_commitments, const std::shared_ptr< RecursiveTranscript > &transcript)
Recursively verify the most recent single-step merge proof.

bb::Goblin::transcript
std::shared_ptr< Transcript > transcript
Definition goblin.hpp:65

bb::Goblin::RecursiveTableCommitments
MergeRecursiveVerifier::TableCommitments RecursiveTableCommitments
Definition goblin.hpp:50

bb::Goblin::recursively_verify_batch_merge
std::pair< PairingPoints, BatchRecursiveTableCommitments > recursively_verify_batch_merge(MegaBuilder &builder, const BatchMergeRecursiveVerifier::FF &hash) const
Recursively verify the batched merge proof inside the hiding kernel.
Definition goblin.cpp:115

bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:86

bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19

bb::MegaFlavor::FF
Curve::ScalarField FF
Definition mega_flavor.hpp:42

bb::MegaFlavor::Commitment
Curve::AffineElement Commitment
Definition mega_flavor.hpp:44

bb::MergeProver::MergeProof
std::vector< FF > MergeProof
Definition merge_prover.hpp:38

bb::MergeVerifier_
Verifier for the single-step Goblin ECC op queue merge protocol.
Definition merge_verifier.hpp:25

bb::MergeVerifier_::Commitment
typename Curve::AffineElement Commitment
Definition merge_verifier.hpp:28

bb::MergeVerifier_::PairingPoints
std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > > PairingPoints
Definition merge_verifier.hpp:32

bb::MergeVerifier_::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition merge_verifier.hpp:44

bb::TranslatorCircuitBuilder
TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQ...
Definition translator_circuit_builder.hpp:69

bb::TranslatorFlavor::VerificationKey
FixedVKAndHash_< VKEntities< Commitment >, FF, TranslatorHardcodedVKAndHash > VerificationKey
The verification key stores commitments to the precomputed polynomials used by the verifier.
Definition translator_flavor.hpp:1182

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

eccvm_flavor.hpp

eccvm_prover.hpp

types.hpp

mega_flavor.hpp

merge_prover.hpp

merge_verifier.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:155

bb::NativeTranscript
BaseTranscript< FrCodec, bb::crypto::Poseidon2< bb::crypto::Poseidon2Bn254ScalarFieldParams > > NativeTranscript
Definition transcript.hpp:502

bb::MegaCircuitBuilder
MegaCircuitBuilder_< field< Bn254FrParams > > MegaCircuitBuilder
Definition circuit_builders_fwd.hpp:20

bb::MegaStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< MegaCircuitBuilder > >, stdlib::poseidon2< MegaCircuitBuilder > > MegaStdlibTranscript
Definition transcript.hpp:510

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

prover_instance.hpp

proof.hpp

bb::Goblin::VerificationKey
Definition goblin.hpp:69

bb::Goblin::VerificationKey::translator_verification_key
std::shared_ptr< TranslatorVerificationKey > translator_verification_key
Definition goblin.hpp:71

bb::Goblin::VerificationKey::eccvm_verification_key
std::shared_ptr< ECCVMVerificationKey > eccvm_verification_key
Definition goblin.hpp:70

bb::GoblinProof
Definition types.hpp:20

bb::MergeVerifier_::InputCommitments
Definition merge_verifier.hpp:53

bb::TranslatorInputData_
Data passed from ECCVM Verifier to Translator Verifier for verification.
Definition translation_evaluations.hpp:35

bb::field< Bn254FrParams >

translator_circuit_builder.hpp

translator_flavor.hpp