Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
merge_prover.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "barretenberg/commitment_schemes/claim.hpp"
10#include "barretenberg/constants.hpp"
11#include "barretenberg/flavor/mega_flavor.hpp"
12#include "barretenberg/flavor/ultra_flavor.hpp"
13#include "barretenberg/honk/proof_system/types/proof.hpp"
14#include "barretenberg/op_queue/ecc_op_queue.hpp"
15#include "barretenberg/transcript/transcript.hpp"
16
17namespace bb {
18
26class MergeProver {
27 using Curve = curve::BN254;
28 using FF = Curve::ScalarField;
29 using Commitment = Curve::AffineElement;
30 using Polynomial = bb::Polynomial<FF>;
31 using CommitmentKey = bb::CommitmentKey<Curve>;
32 using PCS = KZG<Curve>;
33 using OpeningClaim = ProverOpeningClaim<Curve>;
34 using OpeningPair = bb::OpeningPair<Curve>;
35 using Transcript = NativeTranscript;
36
37 public:
38 using MergeProof = std::vector<FF>;
39 static constexpr size_t NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES;
40
41 explicit MergeProver(const std::shared_ptr<ECCOpQueue>& op_queue, std::shared_ptr<Transcript> transcript);
42
43 BB_PROFILE MergeProof construct_proof();
44
45 using Table = std::array<Polynomial, NUM_WIRES>;
46
47 CommitmentKey pcs_commitment_key;
48
49 private:
50 std::shared_ptr<Transcript> transcript;
51 std::shared_ptr<ECCOpQueue> op_queue;
52 size_t fixed_append_shift_size = 0;
53
54 std::vector<std::string> labels_degree_check = { "LEFT_TABLE_DEGREE_CHECK_0",
55 "LEFT_TABLE_DEGREE_CHECK_1",
56 "LEFT_TABLE_DEGREE_CHECK_2",
57 "LEFT_TABLE_DEGREE_CHECK_3" };
58
59 std::vector<std::string> labels_shplonk_batching_challenges = {
60 "SHPLONK_MERGE_BATCHING_CHALLENGE_0", "SHPLONK_MERGE_BATCHING_CHALLENGE_1",
61 "SHPLONK_MERGE_BATCHING_CHALLENGE_2", "SHPLONK_MERGE_BATCHING_CHALLENGE_3",
62 "SHPLONK_MERGE_BATCHING_CHALLENGE_4", "SHPLONK_MERGE_BATCHING_CHALLENGE_5",
63 "SHPLONK_MERGE_BATCHING_CHALLENGE_6", "SHPLONK_MERGE_BATCHING_CHALLENGE_7",
64 "SHPLONK_MERGE_BATCHING_CHALLENGE_8", "SHPLONK_MERGE_BATCHING_CHALLENGE_9",
65 "SHPLONK_MERGE_BATCHING_CHALLENGE_10", "SHPLONK_MERGE_BATCHING_CHALLENGE_11",
66 "SHPLONK_MERGE_BATCHING_CHALLENGE_12"
67 };
68
81 Polynomial compute_degree_check_polynomial(const std::array<Polynomial, NUM_WIRES>& left_table,
82 const std::vector<FF>& degree_check_challenges) const;
83
95 static Polynomial compute_shplonk_batched_quotient(const std::array<Polynomial, NUM_WIRES>& left_table,
96 const std::array<Polynomial, NUM_WIRES>& right_table,
97 const std::array<Polynomial, NUM_WIRES>& merged_table,
98 const std::vector<FF>& shplonk_batching_challenges,
99 const FF& kappa,
100 const FF& kappa_inv,
101 const Polynomial& reversed_batched_left_tables,
102 const std::vector<FF>& evals);
103
116 static OpeningClaim compute_shplonk_opening_claim(Polynomial& shplonk_batched_quotient,
117 const FF& shplonk_opening_challenge,
118 const std::array<Polynomial, NUM_WIRES>& left_table,
119 const std::array<Polynomial, NUM_WIRES>& right_table,
120 const std::array<Polynomial, NUM_WIRES>& merged_table,
121 const std::vector<FF>& shplonk_batching_challenges,
122 const FF& kappa,
123 const FF& kappa_inv,
124 Polynomial& reversed_batched_left_tables,
125 const std::vector<FF>& evals);
126};
127
128} // namespace bb
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:35
bb::MergeProver
Prover for the single-step Goblin ECC op queue merge protocol.
Definition merge_prover.hpp:26
bb::MergeProver::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition merge_prover.hpp:39
bb::MergeProver::Commitment
Curve::AffineElement Commitment
Definition merge_prover.hpp:29
bb::MergeProver::op_queue
std::shared_ptr< ECCOpQueue > op_queue
Definition merge_prover.hpp:51
bb::MergeProver::MergeProof
std::vector< FF > MergeProof
Definition merge_prover.hpp:38
bb::MergeProver::Table
std::array< Polynomial, NUM_WIRES > Table
Definition merge_prover.hpp:45
bb::MergeProver::construct_proof
BB_PROFILE MergeProof construct_proof()
Prove proper construction of the aggregate Goblin ECC op queue polynomials T_j.
Definition merge_prover.cpp:156
bb::MergeProver::labels_degree_check
std::vector< std::string > labels_degree_check
Definition merge_prover.hpp:54
bb::MergeProver::compute_degree_check_polynomial
Polynomial compute_degree_check_polynomial(const std::array< Polynomial, NUM_WIRES > &left_table, const std::vector< FF > &degree_check_challenges) const
Compute the batched polynomial for the degree check.
Definition merge_prover.cpp:31
bb::MergeProver::compute_shplonk_opening_claim
static OpeningClaim compute_shplonk_opening_claim(Polynomial &shplonk_batched_quotient, const FF &shplonk_opening_challenge, const std::array< Polynomial, NUM_WIRES > &left_table, const std::array< Polynomial, NUM_WIRES > &right_table, const std::array< Polynomial, NUM_WIRES > &merged_table, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, Polynomial &reversed_batched_left_tables, const std::vector< FF > &evals)
Compute the partially evaluated Shplonk batched quotient and the resulting opening claim.
Definition merge_prover.cpp:91
bb::MergeProver::labels_shplonk_batching_challenges
std::vector< std::string > labels_shplonk_batching_challenges
Definition merge_prover.hpp:59
bb::MergeProver::transcript
std::shared_ptr< Transcript > transcript
Definition merge_prover.hpp:50
bb::MergeProver::pcs_commitment_key
CommitmentKey pcs_commitment_key
Definition merge_prover.hpp:47
bb::MergeProver::compute_shplonk_batched_quotient
static Polynomial compute_shplonk_batched_quotient(const std::array< Polynomial, NUM_WIRES > &left_table, const std::array< Polynomial, NUM_WIRES > &right_table, const std::array< Polynomial, NUM_WIRES > &merged_table, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, const Polynomial &reversed_batched_left_tables, const std::vector< FF > &evals)
Compute the batched Shplonk quotient polynomial.
Definition merge_prover.cpp:42
bb::MergeProver::fixed_append_shift_size
size_t fixed_append_shift_size
Definition merge_prover.hpp:52
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:55
bb::OpeningPair
Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v.
Definition claim.hpp:21
bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:36
bb::curve::BN254::AffineElement
typename Group::affine_element AffineElement
Definition bn254.hpp:22
bb::curve::BN254::ScalarField
bb::fr ScalarField
Definition bn254.hpp:18
BB_PROFILE
#define BB_PROFILE
Definition compiler_hints.hpp:14
ecc_op_queue.hpp
proof.hpp
mega_flavor.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::NativeTranscript
BaseTranscript< FrCodec, bb::crypto::Poseidon2< bb::crypto::Poseidon2Bn254ScalarFieldParams > > NativeTranscript
Definition transcript.hpp:502
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
ultra_flavor.hpp