From 478944010ca8f28eabba733d04a9a8e9a43c29a9 Mon Sep 17 00:00:00 2001 From: Cody Gunton Date: Thu, 5 Sep 2024 10:08:40 -0400 Subject: [PATCH] refactor: Renaming `Instance`'s (#8362) The main objective of this PR is to do some renaming to stop using the term "instance" as we currently do in the Honk flavors that can be used to construct proofs from stdlib circuits (Mega, UItra, relative). This is bad terminology for several reasons: - the term "instace-witness pair" is widely in use in ZK, and our existing use of "instance" directly clashes with this. - `ProverInstance` is really just a key for Decider proving; similarly for `VerifierInstance` - `ProvingKey` as it currently exists is de facto deprecated in the contexts where we use "instance"'s since we have have rewritten those provers and verifiers using Oink prover and verifier. - "Prover instance" sounds a lot like an instance of the Prover class--can be confusing in conversation. - I take it as a sign that "instance" is a bad term that we variously use that term and the term "accumulator" for the same thing, depending on the context, whether or not any accumulation is or could even happen. I simply rename things to Decider[Proving/Verification]Key and variants of this depending on context. A sign that this is a good choice is the fact that we now have the absurd-looking `proving_key->proving_key`, which will become non-absurb when the inner proving key type is actually deprecated. At that point the DeciderProvingKey class could move into the flavor, time permitting. I also have a small change to remove the `State` struct I recently added to Protogalaxy Prover. This is where the work started before I undertook the big renaming job, and it's small and localized enough that it feels unnecessary to split it out. Note: renaming of files is done in a follow-on https://github.com/AztecProtocol/aztec-packages/pull/8383 --- .../cpp/scripts/analyze_client_ivc_bench.py | 2 +- .../src/barretenberg/aztec_ivc/aztec_ivc.cpp | 65 ++--- .../src/barretenberg/aztec_ivc/aztec_ivc.hpp | 37 +-- .../barretenberg/aztec_ivc/aztec_ivc.test.cpp | 14 +- .../aztec_ivc/mock_circuit_producer.hpp | 2 +- barretenberg/cpp/src/barretenberg/bb/main.cpp | 50 ++-- .../aztec_ivc_bench/aztec_ivc.bench.cpp | 4 +- .../protogalaxy_bench/protogalaxy.bench.cpp | 18 +- .../protogalaxy_rounds.bench.cpp | 49 ++-- .../relations_bench/relations.bench.cpp | 6 +- .../simulator_bench/simulator.bench.cpp | 8 +- .../ultra_bench/ultra_honk_rounds.bench.cpp | 6 +- .../barretenberg/client_ivc/client_ivc.cpp | 52 ++-- .../barretenberg/client_ivc/client_ivc.hpp | 43 ++-- .../client_ivc/client_ivc.test.cpp | 14 +- .../dsl/acir_format/acir_integration.test.cpp | 8 +- .../dsl/acir_format/block_constraint.test.cpp | 2 +- .../honk_recursion_constraint.test.cpp | 40 +-- .../barretenberg/dsl/acir_proofs/c_bind.cpp | 8 +- .../execution_trace/execution_trace.hpp | 2 +- .../cpp/src/barretenberg/flavor/flavor.hpp | 8 +- .../cpp/src/barretenberg/goblin/goblin.hpp | 12 +- .../src/barretenberg/goblin/mock_circuits.hpp | 21 +- .../goblin/mock_circuits_pinning.test.cpp | 14 +- .../plonk_honk_shared/instance_inspector.hpp | 26 +- .../barretenberg/polynomials/univariate.hpp | 6 +- .../protogalaxy/combiner.test.cpp | 164 ++++++------ .../protogalaxy/folding_result.hpp | 8 +- .../protogalaxy/protogalaxy.test.cpp | 235 +++++++++--------- .../protogalaxy/protogalaxy_prover.hpp | 86 ++++--- .../protogalaxy/protogalaxy_prover_impl.hpp | 132 +++++----- .../protogalaxy_prover_internal.hpp | 171 +++++++------ .../protogalaxy/protogalaxy_prover_mega.cpp | 2 +- .../protogalaxy/protogalaxy_prover_ultra.cpp | 2 +- .../protogalaxy/protogalaxy_verifier.cpp | 112 ++++----- .../protogalaxy/protogalaxy_verifier.hpp | 24 +- .../protogalaxy/prover_verifier_shared.cpp | 16 +- .../protogalaxy/prover_verifier_shared.hpp | 6 +- .../barretenberg/relations/relation_types.hpp | 20 +- .../solidity_helpers/honk_key_gen.cpp | 8 +- .../solidity_helpers/honk_proof_gen.cpp | 4 +- .../client_ivc_recursive_verifier.cpp | 10 +- .../client_ivc_recursive_verifier.hpp | 8 +- .../client_ivc_recursive_verifier.test.cpp | 20 +- .../eccvm_recursive_verifier.test.cpp | 8 +- .../goblin_verifier/goblin_recursion.test.cpp | 14 +- .../goblin_recursive_verifier.test.cpp | 8 +- .../goblin_verifier/merge_verifier.test.cpp | 2 +- .../decider_recursive_verifier.cpp | 3 +- .../decider_recursive_verifier.hpp | 10 +- .../honk_verifier/oink_recursive_verifier.cpp | 25 +- .../honk_verifier/oink_recursive_verifier.hpp | 18 +- .../ultra_recursive_verifier.cpp | 10 +- .../ultra_recursive_verifier.hpp | 2 +- .../ultra_recursive_verifier.test.cpp | 53 ++-- .../stdlib/primitives/databus/databus.hpp | 15 +- .../protogalaxy_recursive_verifier.cpp | 78 +++--- .../protogalaxy_recursive_verifier.hpp | 66 ++--- .../protogalaxy_recursive_verifier.test.cpp | 141 +++++------ .../recursive_instances.hpp | 16 +- .../recursive_verifier_instance.hpp | 114 ++++----- .../translator_recursive_verifier.test.cpp | 8 +- .../stdlib_circuit_builders/mega_flavor.hpp | 8 +- .../stdlib_circuit_builders/ultra_flavor.hpp | 8 +- .../stdlib_circuit_builders/ultra_keccak.hpp | 8 +- .../sumcheck/instance/instances.hpp | 54 ++-- .../sumcheck/instance/prover_instance.cpp | 10 +- .../sumcheck/instance/prover_instance.hpp | 25 +- .../sumcheck/instance/verifier_instance.hpp | 16 +- .../src/barretenberg/sumcheck/sumcheck.hpp | 9 +- .../barretenberg/ultra_honk/databus.test.cpp | 2 +- .../ultra_honk/decider_prover.cpp | 18 +- .../ultra_honk/decider_prover.hpp | 7 +- .../ultra_honk/decider_verifier.cpp | 8 +- .../ultra_honk/decider_verifier.hpp | 17 +- .../ultra_honk/mega_composer.test.cpp | 12 +- .../ultra_honk/mega_transcript.test.cpp | 18 +- .../barretenberg/ultra_honk/oink_prover.cpp | 65 ++--- .../barretenberg/ultra_honk/oink_prover.hpp | 10 +- .../barretenberg/ultra_honk/oink_verifier.cpp | 18 +- .../barretenberg/ultra_honk/oink_verifier.hpp | 8 +- .../ultra_honk/relation_correctness.test.cpp | 60 ++--- .../barretenberg/ultra_honk/sumcheck.test.cpp | 36 +-- .../ultra_honk/ultra_honk.test.cpp | 50 ++-- .../barretenberg/ultra_honk/ultra_prover.cpp | 25 +- .../barretenberg/ultra_honk/ultra_prover.hpp | 8 +- .../ultra_honk/ultra_transcript.test.cpp | 18 +- .../ultra_honk/ultra_verifier.cpp | 6 +- .../ultra_honk/ultra_verifier.hpp | 6 +- .../recursion/avm_recursive_verifier.test.cpp | 4 +- yarn-project/bb-prover/src/bb/execute.ts | 2 +- .../src/structs/client_ivc_proof.ts | 4 +- 92 files changed, 1327 insertions(+), 1349 deletions(-) diff --git a/barretenberg/cpp/scripts/analyze_client_ivc_bench.py b/barretenberg/cpp/scripts/analyze_client_ivc_bench.py index 43efc74fed0..485725375bc 100644 --- a/barretenberg/cpp/scripts/analyze_client_ivc_bench.py +++ b/barretenberg/cpp/scripts/analyze_client_ivc_bench.py @@ -16,7 +16,7 @@ # Single out an independent set of functions accounting for most of BENCHMARK's real_time to_keep = [ "construct_circuits(t)", - "ProverInstance(Circuit&)(t)", + "DeciderProvingKey(Circuit&)(t)", "ProtogalaxyProver::prove(t)", "Decider::construct_proof(t)", "ECCVMProver(CircuitBuilder&)(t)", diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.cpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.cpp index 71a4719e44f..58df09e229e 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.cpp @@ -23,32 +23,33 @@ void AztecIVC::complete_kernel_circuit_logic(ClientCircuit& circuit) switch (type) { case QUEUE_TYPE::PG: { // Construct stdlib verifier accumulator from the native counterpart computed on a previous round - auto stdlib_verifier_accum = std::make_shared(&circuit, verifier_accumulator); + auto stdlib_verifier_accum = + std::make_shared(&circuit, verifier_accumulator); // Perform folding recursive verification to update the verifier accumulator FoldingRecursiveVerifier verifier{ &circuit, stdlib_verifier_accum, { stdlib_vkey } }; auto verifier_accum = verifier.verify_folding_proof(stdlib_proof); // Extract native verifier accumulator from the stdlib accum for use on the next round - verifier_accumulator = std::make_shared(verifier_accum->get_value()); + verifier_accumulator = std::make_shared(verifier_accum->get_value()); // Perform databus commitment consistency checks and propagate return data commitments via public inputs - bus_depot.execute(verifier.instances[1]->witness_commitments, - verifier.instances[1]->public_inputs, - verifier.instances[1]->verification_key->databus_propagation_data); + bus_depot.execute(verifier.keys_to_fold[1]->witness_commitments, + verifier.keys_to_fold[1]->public_inputs, + verifier.keys_to_fold[1]->verification_key->databus_propagation_data); break; } case QUEUE_TYPE::OINK: { // Construct an incomplete stdlib verifier accumulator from the corresponding stdlib verification key - auto verifier_accum = std::make_shared(&circuit, stdlib_vkey); + auto verifier_accum = std::make_shared(&circuit, stdlib_vkey); // Perform oink recursive verification to complete the initial verifier accumulator OinkRecursiveVerifier oink{ &circuit, verifier_accum }; oink.verify_proof(stdlib_proof); - verifier_accum->is_accumulator = true; // indicate to PG that it should not run oink on this instance + verifier_accum->is_accumulator = true; // indicate to PG that it should not run oink on this key // Extract native verifier accumulator from the stdlib accum for use on the next round - verifier_accumulator = std::make_shared(verifier_accum->get_value()); + verifier_accumulator = std::make_shared(verifier_accum->get_value()); // Initialize the gate challenges to zero for use in first round of folding verifier_accumulator->gate_challenges = std::vector(verifier_accum->verification_key->log_circuit_size, 0); @@ -72,9 +73,9 @@ void AztecIVC::complete_kernel_circuit_logic(ClientCircuit& circuit) } /** - * @brief Execute prover work for instance accumulation - * @details Construct an instance for the provided circuit. If this is the first instance in the IVC, simply initialize - * the folding accumulator. Otherwise, execute the PG prover to fold the instance into the accumulator and produce a + * @brief Execute prover work for accumulation + * @details Construct an proving key for the provided circuit. If this is the first step in the IVC, simply initialize + * the folding accumulator. Otherwise, execute the PG prover to fold the proving key into the accumulator and produce a * folding proof. Also execute the merge protocol to produce a merge proof. * * @param circuit @@ -90,40 +91,40 @@ void AztecIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr(circuit)); - // Construct the prover instance for circuit - std::shared_ptr prover_instance; + // Construct the proving key for circuit + std::shared_ptr proving_key; if (!initialized) { - prover_instance = std::make_shared(circuit, trace_structure); + proving_key = std::make_shared(circuit, trace_structure); } else { - prover_instance = std::make_shared( + proving_key = std::make_shared( circuit, trace_structure, fold_output.accumulator->proving_key.commitment_key); } - // Set the instance verification key from precomputed if available, else compute it - instance_vk = precomputed_vk ? precomputed_vk : std::make_shared(prover_instance->proving_key); + // Set the verification key from precomputed if available, else compute it + honk_vk = precomputed_vk ? precomputed_vk : std::make_shared(proving_key->proving_key); - // If this is the first circuit in the IVC, use oink to compute the completed instance and generate an oink proof + // If this is the first circuit in the IVC, use oink to complete the decider proving key and generate an oink proof if (!initialized) { - OinkProver oink_prover{ prover_instance }; + OinkProver oink_prover{ proving_key }; oink_prover.prove(); - prover_instance->is_accumulator = true; // indicate to PG that it should not run oink on this instance + proving_key->is_accumulator = true; // indicate to PG that it should not run oink on this key // Initialize the gate challenges to zero for use in first round of folding - prover_instance->gate_challenges = std::vector(prover_instance->proving_key.log_circuit_size, 0); + proving_key->gate_challenges = std::vector(proving_key->proving_key.log_circuit_size, 0); - fold_output.accumulator = prover_instance; // initialize the prover accum with the completed instance + fold_output.accumulator = proving_key; // initialize the prover accum with the completed key // Add oink proof and corresponding verification key to the verification queue verification_queue.push_back( - bb::AztecIVC::RecursiveVerifierInputs{ oink_prover.transcript->proof_data, instance_vk, QUEUE_TYPE::OINK }); + bb::AztecIVC::RecursiveVerifierInputs{ oink_prover.transcript->proof_data, honk_vk, QUEUE_TYPE::OINK }); initialized = true; - } else { // Otherwise, fold the new instance into the accumulator - FoldingProver folding_prover({ fold_output.accumulator, prover_instance }); + } else { // Otherwise, fold the new key into the accumulator + FoldingProver folding_prover({ fold_output.accumulator, proving_key }); fold_output = folding_prover.prove(); // Add fold proof and corresponding verification key to the verification queue verification_queue.push_back( - bb::AztecIVC::RecursiveVerifierInputs{ fold_output.proof, instance_vk, QUEUE_TYPE::PG }); + bb::AztecIVC::RecursiveVerifierInputs{ fold_output.proof, honk_vk, QUEUE_TYPE::PG }); } // Track the maximum size of each block for all circuits porcessed (for debugging purposes only) @@ -146,8 +147,8 @@ AztecIVC::Proof AztecIVC::prove() }; bool AztecIVC::verify(const Proof& proof, - const std::shared_ptr& accumulator, - const std::shared_ptr& final_verifier_instance, + const std::shared_ptr& accumulator, + const std::shared_ptr& final_stack_vk, const std::shared_ptr& eccvm_vk, const std::shared_ptr& translator_vk) { @@ -156,7 +157,7 @@ bool AztecIVC::verify(const Proof& proof, bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); // Decider verification - AztecIVC::FoldingVerifier folding_verifier({ accumulator, final_verifier_instance }); + AztecIVC::FoldingVerifier folding_verifier({ accumulator, final_stack_vk }); auto verifier_accumulator = folding_verifier.verify_folding_proof(proof.folding_proof); AztecIVC::DeciderVerifier decider_verifier(verifier_accumulator); @@ -170,11 +171,11 @@ bool AztecIVC::verify(const Proof& proof, * @param proof * @return bool */ -bool AztecIVC::verify(Proof& proof, const std::vector>& verifier_instances) +bool AztecIVC::verify(Proof& proof, const std::vector>& vk_stack) { auto eccvm_vk = std::make_shared(goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(goblin.get_translator_proving_key()); - return verify(proof, verifier_instances[0], verifier_instances[1], eccvm_vk, translator_vk); + return verify(proof, vk_stack[0], vk_stack[1], eccvm_vk, translator_vk); } /** @@ -199,7 +200,7 @@ bool AztecIVC::prove_and_verify() auto proof = prove(); ASSERT(verification_queue.size() == 1); // ensure only a single fold proof remains in the queue - auto verifier_inst = std::make_shared(this->verification_queue[0].instance_vk); + auto verifier_inst = std::make_shared(this->verification_queue[0].honk_verification_key); return verify(proof, { this->verifier_accumulator, verifier_inst }); } diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp index ac0b3a3893d..2b07425f27e 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp @@ -15,7 +15,7 @@ namespace bb { /** * @brief The IVC scheme used by the aztec client for private function execution - * @details Combines Protogalaxy with Goblin to accumulate one circuit instance at a time with efficient EC group + * @details Combines Protogalaxy with Goblin to accumulate one circuit at a time with efficient EC group * operations. It is assumed that the circuits being accumulated correspond alternatingly to an app and a kernel, as is * the case in Aztec. Two recursive folding verifiers are appended to each kernel (except the first one) to verify the * folding of a previous kernel and an app/function circuit. Due to this structure it is enforced that the total number @@ -30,24 +30,25 @@ class AztecIVC { using FF = Flavor::FF; using FoldProof = std::vector; using MergeProof = std::vector; - using ProverInstance = ProverInstance_; - using VerifierInstance = VerifierInstance_; + using DeciderProvingKey = DeciderProvingKey_; + using DeciderVerificationKey = DeciderVerificationKey_; using ClientCircuit = MegaCircuitBuilder; // can only be Mega using DeciderProver = DeciderProver_; using DeciderVerifier = DeciderVerifier_; - using ProverInstances = ProverInstances_; - using FoldingProver = ProtogalaxyProver_; - using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtogalaxyVerifier_; + using DeciderProvingKeys = DeciderProvingKeys_; + using FoldingProver = ProtogalaxyProver_; + using DeciderVerificationKeys = DeciderVerificationKeys_; + using FoldingVerifier = ProtogalaxyVerifier_; using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey; using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey; using RecursiveFlavor = MegaRecursiveFlavor_; - using RecursiveVerifierInstances = bb::stdlib::recursion::honk::RecursiveVerifierInstances_; - using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance; + using RecursiveDeciderVerificationKeys = + bb::stdlib::recursion::honk::RecursiveDeciderVerificationKeys_; + using RecursiveDeciderVerificationKey = RecursiveDeciderVerificationKeys::DeciderVK; using RecursiveVerificationKey = RecursiveFlavor::VerificationKey; using FoldingRecursiveVerifier = - bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; + bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; using OinkRecursiveVerifier = stdlib::recursion::honk::OinkRecursiveVerifier_; using DataBusDepot = stdlib::DataBusDepot; @@ -66,7 +67,7 @@ class AztecIVC { enum class QUEUE_TYPE { OINK, PG }; struct RecursiveVerifierInputs { std::vector proof; // oink or PG - std::shared_ptr instance_vk; + std::shared_ptr honk_verification_key; QUEUE_TYPE type; }; @@ -79,10 +80,10 @@ class AztecIVC { public: GoblinProver goblin; - ProverFoldOutput fold_output; // prover accumulator instance and fold proof + ProverFoldOutput fold_output; // prover accumulator and fold proof - std::shared_ptr verifier_accumulator; // verifier accumulator instance - std::shared_ptr instance_vk; // verification key for instance to be folded + std::shared_ptr verifier_accumulator; // verifier accumulator + std::shared_ptr honk_vk; // honk vk to be completed and folded into the accumulator // Set of pairs of {fold_proof, verification_key} to be recursively verified std::vector verification_queue; @@ -92,7 +93,7 @@ class AztecIVC { // Management of linking databus commitments between circuits in the IVC DataBusDepot bus_depot; - // A flag indicating whether or not to construct a structured trace in the ProverInstance + // A flag indicating whether or not to construct a structured trace in the DeciderProvingKey TraceStructure trace_structure = TraceStructure::NONE; bool initialized = false; // Is the IVC accumulator initialized @@ -106,12 +107,12 @@ class AztecIVC { Proof prove(); static bool verify(const Proof& proof, - const std::shared_ptr& accumulator, - const std::shared_ptr& final_verifier_instance, + const std::shared_ptr& accumulator, + const std::shared_ptr& final_stack_vk, const std::shared_ptr& eccvm_vk, const std::shared_ptr& translator_vk); - bool verify(Proof& proof, const std::vector>& verifier_instances); + bool verify(Proof& proof, const std::vector>& vk_stack); bool prove_and_verify(); diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp index 09daa6708e1..a7c7ce6ed53 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp @@ -20,15 +20,15 @@ class AztecIVCTests : public ::testing::Test { using FF = typename Flavor::FF; using VerificationKey = Flavor::VerificationKey; using Builder = AztecIVC::ClientCircuit; - using ProverInstance = AztecIVC::ProverInstance; - using VerifierInstance = AztecIVC::VerifierInstance; + using DeciderProvingKey = AztecIVC::DeciderProvingKey; + using DeciderVerificationKey = AztecIVC::DeciderVerificationKey; using FoldProof = AztecIVC::FoldProof; using DeciderProver = AztecIVC::DeciderProver; using DeciderVerifier = AztecIVC::DeciderVerifier; - using ProverInstances = ProverInstances_; - using FoldingProver = ProtogalaxyProver_; - using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtogalaxyVerifier_; + using DeciderProvingKeys = DeciderProvingKeys_; + using FoldingProver = ProtogalaxyProver_; + using DeciderVerificationKeys = DeciderVerificationKeys_; + using FoldingVerifier = ProtogalaxyVerifier_; /** * @brief Construct mock circuit with arithmetic gates and goblin ops @@ -86,7 +86,7 @@ class AztecIVCTests : public ::testing::Test { for (size_t idx = 0; idx < num_circuits; ++idx) { ClientCircuit circuit = create_next_circuit(ivc, log2_num_gates); // create the next circuit ivc.accumulate(circuit); // accumulate the circuit - vkeys.emplace_back(ivc.instance_vk); // save the VK for the circuit + vkeys.emplace_back(ivc.honk_vk); // save the VK for the circuit } is_kernel = false; diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/mock_circuit_producer.hpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/mock_circuit_producer.hpp index e6d48e08b32..d7d52342e0f 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/mock_circuit_producer.hpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/mock_circuit_producer.hpp @@ -139,7 +139,7 @@ class PrivateFunctionExecutionMockCircuitProducer { for (size_t idx = 0; idx < num_circuits; ++idx) { ClientCircuit circuit = create_next_circuit(ivc); // create the next circuit ivc.accumulate(circuit); // accumulate the circuit - vkeys.emplace_back(ivc.instance_vk); // save the VK for the circuit + vkeys.emplace_back(ivc.honk_vk); // save the VK for the circuit } circuit_counter = 0; // reset the internal circuit counter back to 0 diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 07a62fc99cb..3348b0bfd4a 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -197,7 +197,7 @@ bool proveAndVerifyHonkAcirFormat(acir_format::AcirFormat constraint_system, aci auto proof = prover.construct_proof(); // Verify Honk proof - auto verification_key = std::make_shared(prover.instance->proving_key); + auto verification_key = std::make_shared(prover.proving_key->proving_key); Verifier verifier{ verification_key }; @@ -368,7 +368,7 @@ void client_ivc_prove_output_all_msgpack(const std::string& bytecodePath, // Write the proof and verification keys into the working directory in 'binary' format (in practice it seems this // directory is passed by bb.js) - std::string vkPath = outputDir + "/inst_vk"; // the vk of the last instance + std::string vkPath = outputDir + "/final_decider_vk"; // the vk of the last circuit in the stack std::string accPath = outputDir + "/pg_acc"; std::string proofPath = outputDir + "/client_ivc_proof"; std::string translatorVkPath = outputDir + "/translator_vk"; @@ -378,12 +378,12 @@ void client_ivc_prove_output_all_msgpack(const std::string& bytecodePath, auto eccvm_vk = std::make_shared(ivc.goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(ivc.goblin.get_translator_proving_key()); - auto last_instance = std::make_shared(ivc.instance_vk); - vinfo("ensure valid proof: ", ivc.verify(proof, { ivc.verifier_accumulator, last_instance })); + auto last_vk = std::make_shared(ivc.decider_vk); + vinfo("ensure valid proof: ", ivc.verify(proof, { ivc.verifier_accumulator, last_vk })); vinfo("write proof and vk data to files.."); write_file(proofPath, to_buffer(proof)); - write_file(vkPath, to_buffer(ivc.instance_vk)); + write_file(vkPath, to_buffer(ivc.decider_vk)); write_file(accPath, to_buffer(ivc.verifier_accumulator)); write_file(translatorVkPath, to_buffer(translator_vk)); write_file(eccVkPath, to_buffer(eccvm_vk)); @@ -402,7 +402,7 @@ template std::shared_ptr read_to_shared_ptr(const std::filesyste * an exit code of 0 will be returned for success and 1 for failure. * * @param proof_path Path to the file containing the serialized proof - * @param vk_path Path to the file containing the serialized verification key of the final mega honk instance + * @param vk_path Path to the serialized verification key of the final (MegaHonk) circuit in the stack * @param accumualtor_path Path to the file containing the serialized protogalaxy accumulator * @return true (resp., false) if the proof is valid (resp., invalid). */ @@ -416,7 +416,7 @@ bool verify_client_ivc(const std::filesystem::path& proof_path, init_grumpkin_crs(1 << 15); const auto proof = from_buffer(read_file(proof_path)); - const auto accumulator = read_to_shared_ptr(accumulator_path); + const auto accumulator = read_to_shared_ptr(accumulator_path); accumulator->verification_key->pcs_verification_key = std::make_shared>(); const auto final_vk = read_to_shared_ptr(final_vk_path); const auto eccvm_vk = read_to_shared_ptr(eccvm_vk_path); @@ -426,7 +426,7 @@ bool verify_client_ivc(const std::filesystem::path& proof_path, translator_vk->pcs_verification_key = std::make_shared>(); const bool verified = ClientIVC::verify( - proof, accumulator, std::make_shared(final_vk), eccvm_vk, translator_vk); + proof, accumulator, std::make_shared(final_vk), eccvm_vk, translator_vk); vinfo("verified: ", verified); return verified; } @@ -503,7 +503,7 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, // Write the proof and verification keys into the working directory in 'binary' format (in practice it seems this // directory is passed by bb.js) - std::string vkPath = outputPath + "/inst_vk"; // the vk of the last instance + std::string vkPath = outputPath + "/final_decider_vk"; // the vk of the last circuit in the stack std::string accPath = outputPath + "/pg_acc"; std::string proofPath = outputPath + "/client_ivc_proof"; std::string translatorVkPath = outputPath + "/translator_vk"; @@ -513,12 +513,12 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, auto eccvm_vk = std::make_shared(ivc.goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(ivc.goblin.get_translator_proving_key()); - auto last_instance = std::make_shared(ivc.instance_vk); - vinfo("ensure valid proof: ", ivc.verify(proof, { ivc.verifier_accumulator, last_instance })); + auto last_vk = std::make_shared(ivc.decider_vk); + vinfo("ensure valid proof: ", ivc.verify(proof, { ivc.verifier_accumulator, last_vk })); vinfo("write proof and vk data to files.."); write_file(proofPath, to_buffer(proof)); - write_file(vkPath, to_buffer(ivc.instance_vk)); // maybe dereference + write_file(vkPath, to_buffer(ivc.decider_vk)); // maybe dereference write_file(accPath, to_buffer(ivc.verifier_accumulator)); write_file(translatorVkPath, to_buffer(translator_vk)); write_file(eccVkPath, to_buffer(eccvm_vk)); @@ -533,8 +533,8 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, void prove_tube(const std::string& output_path) { using ClientIVC = stdlib::recursion::honk::ClientIVCRecursiveVerifier; - using NativeInstance = ClientIVC::FoldVerifierInput::Instance; - using InstanceFlavor = MegaFlavor; + using StackDeciderVK = ClientIVC::FoldVerifierInput::DeciderVK; + using StackHonkVK = typename MegaFlavor::VerificationKey; using ECCVMVk = ECCVMFlavor::VerificationKey; using TranslatorVk = TranslatorFlavor::VerificationKey; using FoldVerifierInput = ClientIVC::FoldVerifierInput; @@ -543,7 +543,7 @@ void prove_tube(const std::string& output_path) using Builder = UltraCircuitBuilder; using GrumpkinVk = bb::VerifierCommitmentKey; - std::string vkPath = output_path + "/inst_vk"; // the vk of the last instance + std::string vkPath = output_path + "/final_decider_vk"; // the vk of the last circuit in the stack std::string accPath = output_path + "/pg_acc"; std::string proofPath = output_path + "/client_ivc_proof"; std::string translatorVkPath = output_path + "/translator_vk"; @@ -555,10 +555,10 @@ void prove_tube(const std::string& output_path) // Read the proof and verification data from given files auto proof = from_buffer(read_file(proofPath)); - std::shared_ptr instance_vk = std::make_shared( - from_buffer(read_file(vkPath))); - std::shared_ptr verifier_accumulator = - std::make_shared(from_buffer(read_file(accPath))); + std::shared_ptr final_stack_vk = + std::make_shared(from_buffer(read_file(vkPath))); + std::shared_ptr verifier_accumulator = + std::make_shared(from_buffer(read_file(accPath))); std::shared_ptr translator_vk = std::make_shared(from_buffer(read_file(translatorVkPath))); std::shared_ptr eccvm_vk = std::make_shared(from_buffer(read_file(eccVkPath))); @@ -567,7 +567,7 @@ void prove_tube(const std::string& output_path) // TODO(https://github.com/AztecProtocol/barretenberg/issues/1025) eccvm_vk->pcs_verification_key = std::make_shared(eccvm_vk->circuit_size + 1); - FoldVerifierInput fold_verifier_input{ verifier_accumulator, { instance_vk } }; + FoldVerifierInput fold_verifier_input{ verifier_accumulator, { final_stack_vk } }; GoblinVerifierInput goblin_verifier_input{ eccvm_vk, translator_vk }; VerifierInput input{ fold_verifier_input, goblin_verifier_input }; auto builder = std::make_shared(); @@ -604,7 +604,7 @@ void prove_tube(const std::string& output_path) std::string tubeVkPath = output_path + "/vk"; auto tube_verification_key = - std::make_shared(tube_prover.instance->proving_key); + std::make_shared(tube_prover.proving_key->proving_key); write_file(tubeVkPath, to_buffer(tube_verification_key)); std::string tubeAsFieldsVkPath = output_path + "/vk_fields.json"; @@ -1142,11 +1142,11 @@ template bool verify_honk(const std::string& proof_path, template void write_vk_honk(const std::string& bytecodePath, const std::string& outputPath) { using Prover = UltraProver_; - using ProverInstance = ProverInstance_; + using DeciderProvingKey = DeciderProvingKey_; using VerificationKey = Flavor::VerificationKey; Prover prover = compute_valid_prover(bytecodePath, ""); - ProverInstance& prover_inst = *prover.instance; + DeciderProvingKey& prover_inst = *prover.proving_key; VerificationKey vk( prover_inst.proving_key); // uses a partial form of the proving key which only has precomputed entities @@ -1311,7 +1311,7 @@ void prove_honk_output_all(const std::string& bytecodePath, std::string proofFieldsPath = outputPath + "/proof_fields.json"; VerificationKey vk( - prover.instance->proving_key); // uses a partial form of the proving key which only has precomputed entities + prover.proving_key->proving_key); // uses a partial form of the proving key which only has precomputed entities // Write the 'binary' proof write_file(proofPath, to_buffer(proof)); @@ -1397,7 +1397,7 @@ int main(int argc, char* argv[]) std::filesystem::path output_dir = get_option(args, "-o", "./target"); std::filesystem::path client_ivc_proof_path = output_dir / "client_ivc_proof"; std::filesystem::path accumulator_path = output_dir / "pg_acc"; - std::filesystem::path final_vk_path = output_dir / "inst_vk"; + std::filesystem::path final_vk_path = output_dir / "final_decider_vk"; std::filesystem::path eccvm_vk_path = output_dir / "ecc_vk"; std::filesystem::path translator_vk_path = output_dir / "translator_vk"; diff --git a/barretenberg/cpp/src/barretenberg/benchmark/aztec_ivc_bench/aztec_ivc.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/aztec_ivc_bench/aztec_ivc.bench.cpp index 96004352476..e16664c432f 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/aztec_ivc_bench/aztec_ivc.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/aztec_ivc_bench/aztec_ivc.bench.cpp @@ -21,7 +21,7 @@ namespace { class AztecIVCBench : public benchmark::Fixture { public: using Builder = MegaCircuitBuilder; - using VerifierInstance = VerifierInstance_; + using DeciderVerificationKey = DeciderVerificationKey_; using Proof = AztecIVC::Proof; using MockCircuitProducer = PrivateFunctionExecutionMockCircuitProducer; @@ -40,7 +40,7 @@ class AztecIVCBench : public benchmark::Fixture { */ static bool verify_ivc(Proof& proof, AztecIVC& ivc) { - auto verifier_inst = std::make_shared(ivc.verification_queue[0].instance_vk); + auto verifier_inst = std::make_shared(ivc.verification_queue[0].honk_verification_key); bool verified = ivc.verify(proof, { ivc.verifier_accumulator, verifier_inst }); // This is a benchmark, not a test, so just print success or failure to the log diff --git a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp index e79f5a44b4f..35dce34f5fa 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp @@ -11,31 +11,29 @@ using namespace benchmark; namespace bb { -// Fold one instance into an accumulator. +// Fold one proving key into an accumulator. template void fold_k(State& state) noexcept { - using ProverInstance = ProverInstance_; - using Instance = ProverInstance; - using Instances = ProverInstances_; - using ProtogalaxyProver = ProtogalaxyProver_; + using DeciderProvingKey = DeciderProvingKey_; + using ProtogalaxyProver = ProtogalaxyProver_>; using Builder = typename Flavor::CircuitBuilder; bb::srs::init_crs_factory("../srs_db/ignition"); auto log2_num_gates = static_cast(state.range(0)); - const auto construct_instance = [&]() { + const auto construct_key = [&]() { Builder builder; MockCircuits::construct_arithmetic_circuit(builder, log2_num_gates); - return std::make_shared(builder); + return std::make_shared(builder); }; - std::vector> instances; + std::vector> decider_pks; // TODO(https://github.com/AztecProtocol/barretenberg/issues/938): Parallelize this loop for (size_t i = 0; i < k + 1; ++i) { - instances.emplace_back(construct_instance()); + decider_pks.emplace_back(construct_key()); } - ProtogalaxyProver folding_prover(instances); + ProtogalaxyProver folding_prover(decider_pks); for (auto _ : state) { BB_REPORT_OP_COUNT_IN_BENCH(state); diff --git a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp index ce372cf31f3..650b4a8727e 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp @@ -10,61 +10,60 @@ using namespace benchmark; namespace bb { template -void _bench_round(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&)) +void _bench_round(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&)) { using Builder = typename Flavor::CircuitBuilder; - using ProverInstance = ProverInstance_; - using Instances = ProverInstances_; - using ProtogalaxyProver = ProtogalaxyProver_; + using DeciderProvingKey = DeciderProvingKey_; + using DeciderPKs = DeciderProvingKeys_; + using ProtogalaxyProver = ProtogalaxyProver_; bb::srs::init_crs_factory("../srs_db/ignition"); auto log2_num_gates = static_cast(state.range(0)); - const auto construct_instance = [&]() { + const auto construct_key = [&]() { Builder builder; MockCircuits::construct_arithmetic_circuit(builder, log2_num_gates); - return std::make_shared(builder); + return std::make_shared(builder); }; // TODO(https://github.com/AztecProtocol/barretenberg/issues/938): Parallelize this loop, also extend to more than // k=1 - std::shared_ptr prover_instance_1 = construct_instance(); - std::shared_ptr prover_instance_2 = construct_instance(); + std::shared_ptr key_1 = construct_key(); + std::shared_ptr key_2 = construct_key(); - ProtogalaxyProver folding_prover({ prover_instance_1, prover_instance_2 }); + ProtogalaxyProver folding_prover({ key_1, key_2 }); // prepare the prover state - folding_prover.state.accumulator = prover_instance_1; - folding_prover.state.deltas.resize(log2_num_gates); - std::fill_n(folding_prover.state.deltas.begin(), log2_num_gates, 0); - folding_prover.state.perturbator = Flavor::Polynomial::random(1 << log2_num_gates); + folding_prover.accumulator = key_1; + folding_prover.deltas.resize(log2_num_gates); + std::fill_n(folding_prover.deltas.begin(), log2_num_gates, 0); + folding_prover.perturbator = Flavor::Polynomial::random(1 << log2_num_gates); folding_prover.transcript = Flavor::Transcript::prover_init_empty(); - folding_prover.run_oink_prover_on_each_instance(); + folding_prover.run_oink_prover_on_each_incomplete_key(); for (auto _ : state) { F(folding_prover); } } -void bench_round_mega(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&)) +void bench_round_mega(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&)) { _bench_round(state, F); } -BENCHMARK_CAPTURE(bench_round_mega, oink, [](auto& prover) { prover.run_oink_prover_on_each_instance(); }) +BENCHMARK_CAPTURE(bench_round_mega, oink, [](auto& prover) { prover.run_oink_prover_on_each_incomplete_key(); }) + -> DenseRange(14, 20) -> Unit(kMillisecond); +BENCHMARK_CAPTURE(bench_round_mega, perturbator, [](auto& prover) { prover.perturbator_round(prover.accumulator); }) -> DenseRange(14, 20) -> Unit(kMillisecond); -BENCHMARK_CAPTURE(bench_round_mega, perturbator, [](auto& prover) { - prover.perturbator_round(prover.state.accumulator); -}) -> DenseRange(14, 20) -> Unit(kMillisecond); BENCHMARK_CAPTURE(bench_round_mega, combiner_quotient, [](auto& prover) { - prover.combiner_quotient_round(prover.state.accumulator->gate_challenges, prover.state.deltas, prover.instances); + prover.combiner_quotient_round(prover.accumulator->gate_challenges, prover.deltas, prover.keys_to_fold); }) -> DenseRange(14, 20) -> Unit(kMillisecond); BENCHMARK_CAPTURE(bench_round_mega, fold, [](auto& prover) { - prover.update_target_sum_and_fold(prover.instances, - prover.state.combiner_quotient, - prover.state.alphas, - prover.state.relation_parameters, - prover.state.perturbator_evaluation); + prover.update_target_sum_and_fold(prover.keys_to_fold, + prover.combiner_quotient, + prover.alphas, + prover.relation_parameters, + prover.perturbator_evaluation); }) -> DenseRange(14, 20) -> Unit(kMillisecond); } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp index a33d912e0d9..501f39a5f10 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp @@ -53,10 +53,10 @@ template void execute_relation_for_univaria // Single execution of relation on PG univariates, i.e. PG combiner work template void execute_relation_for_pg_univariates(::benchmark::State& state) { - using ProverInstances = ProverInstances_; - using Input = ProtogalaxyProverInternal::ExtendedUnivariatesNoOptimisticSkipping; + using DeciderProvingKeys = DeciderProvingKeys_; + using Input = ProtogalaxyProverInternal::ExtendedUnivariatesNoOptimisticSkipping; using Accumulator = typename Relation::template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping< - ProverInstances::NUM>; + DeciderProvingKeys::NUM>; execute_relation(state); } diff --git a/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp index a91a265c29a..5e51abb2b8c 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp @@ -11,7 +11,7 @@ template class SimulatorFixture : public benchmark::F public: using Flavor = typename RecursiveFlavor::NativeFlavor; - using ProverInstance = ProverInstance_; + using DeciderProvingKey = DeciderProvingKey_; using Builder = typename Flavor::CircuitBuilder; using VerificationKey = typename Flavor::VerificationKey; using CircuitSimulator = typename RecursiveFlavor::CircuitBuilder; @@ -36,10 +36,10 @@ template class SimulatorFixture : public benchmark::F { auto builder = construct_mock_function_circuit(large); - auto instance = std::make_shared(builder); - UltraProver_ prover(instance); + auto proving_key = std::make_shared(builder); + UltraProver_ prover(proving_key); auto ultra_proof = prover.construct_proof(); - auto verification_key = std::make_shared(instance->proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); return { ultra_proof, verification_key }; } diff --git a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp index 81583e16c92..3454e4af3da 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp @@ -46,17 +46,17 @@ BB_PROFILE static void test_round_inner(State& state, MegaProver& prover, size_t BB_REPORT_OP_COUNT_BENCH_CANCEL(); } }; - OinkProver oink_prover(prover.instance, prover.transcript); + OinkProver oink_prover(prover.proving_key, prover.transcript); time_if_index(PREAMBLE, [&] { oink_prover.execute_preamble_round(); }); time_if_index(WIRE_COMMITMENTS, [&] { oink_prover.execute_wire_commitments_round(); }); time_if_index(SORTED_LIST_ACCUMULATOR, [&] { oink_prover.execute_sorted_list_accumulator_round(); }); time_if_index(LOG_DERIVATIVE_INVERSE, [&] { oink_prover.execute_log_derivative_inverse_round(); }); time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { oink_prover.execute_grand_product_computation_round(); }); - time_if_index(GENERATE_ALPHAS, [&] { prover.instance->alphas = oink_prover.generate_alphas_round(); }); + time_if_index(GENERATE_ALPHAS, [&] { prover.proving_key->alphas = oink_prover.generate_alphas_round(); }); prover.generate_gate_challenges(); - DeciderProver_ decider_prover(prover.instance, prover.transcript); + DeciderProver_ decider_prover(prover.proving_key, prover.transcript); time_if_index(RELATION_CHECK, [&] { decider_prover.execute_relation_check_rounds(); }); time_if_index(ZEROMORPH, [&] { decider_prover.execute_pcs_rounds(); }); } diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 6d93871660b..210bef71e50 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -6,9 +6,9 @@ namespace bb { /** * @brief Accumulate a circuit into the IVC scheme * @details If this is the first circuit being accumulated, initialize the prover and verifier accumulators. Otherwise, - * fold the instance for the provided circuit into the accumulator. If a previous fold proof exists, a recursive folding - * verification is appended to the provided circuit prior to its accumulation. Similarly, if a merge proof exists, a - * recursive merge verifier is appended. + * fold the key for the provided circuit into the accumulator. If a previous fold proof exists, a recursive + * folding verification is appended to the provided circuit prior to its accumulation. Similarly, if a merge proof + * exists, a recursive merge verifier is appended. * * @param circuit Circuit to be accumulated/folded * @param precomputed_vk Optional precomputed VK (otherwise will be computed herein) @@ -20,13 +20,13 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr(&circuit, verifier_accumulator); - auto stdlib_instance_vk = std::make_shared(&circuit, instance_vk); + auto stdlib_verifier_accum = std::make_shared(&circuit, verifier_accumulator); + auto stdlib_decider_vk = std::make_shared(&circuit, decider_vk); auto stdlib_proof = bb::convert_proof_to_witness(&circuit, fold_output.proof); - FoldingRecursiveVerifier verifier{ &circuit, stdlib_verifier_accum, { stdlib_instance_vk } }; + FoldingRecursiveVerifier verifier{ &circuit, stdlib_verifier_accum, { stdlib_decider_vk } }; auto verifier_accum = verifier.verify_folding_proof(stdlib_proof); - verifier_accumulator = std::make_shared(verifier_accum->get_value()); + verifier_accumulator = std::make_shared(verifier_accum->get_value()); } // Construct a merge proof (and add a recursive merge verifier to the circuit if a previous merge proof exists) @@ -36,32 +36,32 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr(circuit)); - // Construct the prover instance for circuit - std::shared_ptr prover_instance; + // Construct the proving key for the circuit + std::shared_ptr decider_pk; if (!initialized) { - prover_instance = std::make_shared(circuit, trace_structure); + decider_pk = std::make_shared(circuit, trace_structure); } else { - prover_instance = std::make_shared( + decider_pk = std::make_shared( circuit, trace_structure, fold_output.accumulator->proving_key.commitment_key); } // Track the maximum size of each block for all circuits porcessed (for debugging purposes only) max_block_size_tracker.update(circuit); - // Set the instance verification key from precomputed if available, else compute it + // Set the verification key from precomputed if available, else compute it if (precomputed_vk) { - instance_vk = precomputed_vk; + decider_vk = precomputed_vk; } else { - instance_vk = std::make_shared(prover_instance->proving_key); + decider_vk = std::make_shared(decider_pk->proving_key); } - // If the IVC is uninitialized, simply initialize the prover and verifier accumulator instances + // If the IVC is uninitialized, simply initialize the prover and verifier accumulators if (!initialized) { - fold_output.accumulator = prover_instance; - verifier_accumulator = std::make_shared(instance_vk); + fold_output.accumulator = decider_pk; + verifier_accumulator = std::make_shared(decider_vk); initialized = true; - } else { // Otherwise, fold the new instance into the accumulator - FoldingProver folding_prover({ fold_output.accumulator, prover_instance }); + } else { // Otherwise, fold the new proving key into the accumulator + FoldingProver folding_prover({ fold_output.accumulator, decider_pk }); fold_output = folding_prover.prove(); } } @@ -79,8 +79,8 @@ ClientIVC::Proof ClientIVC::prove() }; bool ClientIVC::verify(const Proof& proof, - const std::shared_ptr& accumulator, - const std::shared_ptr& final_verifier_instance, + const std::shared_ptr& accumulator, + const std::shared_ptr& final_stack_vk, const std::shared_ptr& eccvm_vk, const std::shared_ptr& translator_vk) { @@ -90,7 +90,7 @@ bool ClientIVC::verify(const Proof& proof, bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); // Decider verification - ClientIVC::FoldingVerifier folding_verifier({ accumulator, final_verifier_instance }); + ClientIVC::FoldingVerifier folding_verifier({ accumulator, final_stack_vk }); auto verifier_accumulator = folding_verifier.verify_folding_proof(proof.folding_proof); ClientIVC::DeciderVerifier decider_verifier(verifier_accumulator); @@ -104,11 +104,11 @@ bool ClientIVC::verify(const Proof& proof, * @param proof * @return bool */ -bool ClientIVC::verify(Proof& proof, const std::vector>& verifier_instances) const +bool ClientIVC::verify(Proof& proof, const std::vector>& vk_stack) const { auto eccvm_vk = std::make_shared(goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(goblin.get_translator_proving_key()); - return verify(proof, verifier_instances[0], verifier_instances[1], eccvm_vk, translator_vk); + return verify(proof, vk_stack[0], vk_stack[1], eccvm_vk, translator_vk); } /** @@ -142,7 +142,7 @@ std::vector> ClientIVC::precompute_f for (auto& circuit : circuits) { accumulate(circuit); - vkeys.emplace_back(instance_vk); + vkeys.emplace_back(decider_vk); } // Reset the scheme so it can be reused for actual accumulation, maintaining the trace structure setting as is @@ -163,7 +163,7 @@ bool ClientIVC::prove_and_verify() { auto proof = prove(); - auto verifier_inst = std::make_shared(this->instance_vk); + auto verifier_inst = std::make_shared(this->decider_vk); return verify(proof, { this->verifier_accumulator, verifier_inst }); } diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index 8c7d3fd538d..ec7d5dcc6b0 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -14,9 +14,7 @@ namespace bb { /** * @brief The IVC interface to be used by the aztec client for private function execution - * @details Combines Protogalaxy with Goblin to accumulate one circuit instance at a time with efficient EC group - * operations - * + * @details Combines Protogalaxy with Goblin to accumulate one circuit at a time with efficient EC group operations */ class ClientIVC { @@ -25,24 +23,25 @@ class ClientIVC { using VerificationKey = Flavor::VerificationKey; using FF = Flavor::FF; using FoldProof = std::vector; - using ProverInstance = ProverInstance_; - using VerifierInstance = VerifierInstance_; + using DeciderProvingKey = DeciderProvingKey_; + using DeciderVerificationKey = DeciderVerificationKey_; using ClientCircuit = MegaCircuitBuilder; // can only be Mega using DeciderProver = DeciderProver_; using DeciderVerifier = DeciderVerifier_; - using ProverInstances = ProverInstances_; - using FoldingProver = ProtogalaxyProver_; - using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtogalaxyVerifier_; + using DeciderProvingKeys = DeciderProvingKeys_; + using FoldingProver = ProtogalaxyProver_; + using DeciderVerificationKeys = DeciderVerificationKeys_; + using FoldingVerifier = ProtogalaxyVerifier_; using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey; using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey; using GURecursiveFlavor = MegaRecursiveFlavor_; - using RecursiveVerifierInstances = bb::stdlib::recursion::honk::RecursiveVerifierInstances_; - using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance; - using RecursiveVerificationKey = RecursiveVerifierInstances::VerificationKey; + using RecursiveDeciderVerificationKeys = + bb::stdlib::recursion::honk::RecursiveDeciderVerificationKeys_; + using RecursiveDeciderVerificationKey = RecursiveDeciderVerificationKeys::DeciderVK; + using RecursiveVerificationKey = RecursiveDeciderVerificationKeys::VerificationKey; using FoldingRecursiveVerifier = - bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; + bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; // A full proof for the IVC scheme struct Proof { @@ -60,19 +59,19 @@ class ClientIVC { private: using ProverFoldOutput = FoldingResult; - // Note: We need to save the last instance that was folded in order to compute its verification key, this will not - // be needed in the real IVC as they are provided as inputs + // Note: We need to save the last proving key that was folded in order to compute its verification key, this will + // not be needed in the real IVC as they are provided as inputs public: GoblinProver goblin; ProverFoldOutput fold_output; - std::shared_ptr verifier_accumulator; - std::shared_ptr instance_vk; + std::shared_ptr verifier_accumulator; + std::shared_ptr decider_vk; - // A flag indicating whether or not to construct a structured trace in the ProverInstance + // A flag indicating whether or not to construct a structured trace in the DeciderProvingKey TraceStructure trace_structure = TraceStructure::NONE; - // A flag indicating whether the IVC has been initialized with an initial instance + // A flag indicating whether the IVC has been initialized with an initial decider proving key bool initialized = false; void accumulate(ClientCircuit& circuit, const std::shared_ptr& precomputed_vk = nullptr); @@ -80,12 +79,12 @@ class ClientIVC { Proof prove(); static bool verify(const Proof& proof, - const std::shared_ptr& accumulator, - const std::shared_ptr& final_verifier_instance, + const std::shared_ptr& accumulator, + const std::shared_ptr& final_stack_vk, const std::shared_ptr& eccvm_vk, const std::shared_ptr& translator_vk); - bool verify(Proof& proof, const std::vector>& verifier_instances) const; + bool verify(Proof& proof, const std::vector>& vk_stack) const; bool prove_and_verify(); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index 7b8587c086a..8efb1b4f3b6 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -20,15 +20,15 @@ class ClientIVCTests : public ::testing::Test { using FF = typename Flavor::FF; using VerificationKey = Flavor::VerificationKey; using Builder = ClientIVC::ClientCircuit; - using ProverInstance = ClientIVC::ProverInstance; - using VerifierInstance = ClientIVC::VerifierInstance; + using DeciderProvingKey = ClientIVC::DeciderProvingKey; + using DeciderVerificationKey = ClientIVC::DeciderVerificationKey; using FoldProof = ClientIVC::FoldProof; using DeciderProver = ClientIVC::DeciderProver; using DeciderVerifier = ClientIVC::DeciderVerifier; - using ProverInstances = ProverInstances_; - using FoldingProver = ProtogalaxyProver_; - using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtogalaxyVerifier_; + using DeciderProvingKeys = DeciderProvingKeys_; + using FoldingProver = ProtogalaxyProver_; + using DeciderVerificationKeys = DeciderVerificationKeys_; + using FoldingVerifier = ProtogalaxyVerifier_; /** * @brief Prove and verify the IVC scheme @@ -41,7 +41,7 @@ class ClientIVCTests : public ::testing::Test { ZoneScopedN("ClientIVC::prove_and_verify"); auto proof = ivc.prove(); - auto verifier_inst = std::make_shared(ivc.instance_vk); + auto verifier_inst = std::make_shared(ivc.decider_vk); return ivc.verify(proof, { ivc.verifier_accumulator, verifier_inst }); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_integration.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_integration.test.cpp index e0353157aab..a1d47e61123 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_integration.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_integration.test.cpp @@ -65,13 +65,13 @@ class AcirIntegrationTest : public ::testing::Test { builder.blocks.summarize(); info("num gates = ", builder.get_num_gates()); info("total circuit size = ", builder.get_total_circuit_size()); - info("circuit size = ", prover.instance->proving_key.circuit_size); - info("log circuit size = ", prover.instance->proving_key.log_circuit_size); + info("circuit size = ", prover.proving_key->proving_key.circuit_size); + info("log circuit size = ", prover.proving_key->proving_key.log_circuit_size); #endif auto proof = prover.construct_proof(); // Verify Honk proof - auto verification_key = std::make_shared(prover.instance->proving_key); + auto verification_key = std::make_shared(prover.proving_key->proving_key); Verifier verifier{ verification_key }; return verifier.verify_proof(proof); } @@ -418,7 +418,7 @@ TEST_P(AcirIntegrationFoldingTest, DISABLED_FoldAndVerifyProgramStack) ivc.accumulate(circuit); CircuitChecker::check(circuit); - // EXPECT_TRUE(prove_and_verify_honk(ivc.prover_instance)); + // EXPECT_TRUE(prove_and_verify_honk(circuit)); program_stack.pop_back(); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp index 9affaf9f9f5..50d6a033e24 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/block_constraint.test.cpp @@ -33,7 +33,7 @@ class MegaHonk : public ::testing::Test { Prover prover{ circuit }; auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(prover.instance->proving_key); + auto verification_key = std::make_shared(prover.proving_key->proving_key); Verifier verifier{ verification_key }; return verifier.verify_proof(proof); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp index b216375b53c..37911c298cf 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.test.cpp @@ -15,7 +15,7 @@ using namespace bb; class AcirHonkRecursionConstraint : public ::testing::Test { public: - using ProverInstance = ProverInstance_; + using DeciderProvingKey = DeciderProvingKey_; using Prover = bb::UltraProver; using VerificationKey = UltraFlavor::VerificationKey; using Verifier = bb::UltraVerifier; @@ -145,9 +145,9 @@ class AcirHonkRecursionConstraint : public ::testing::Test { for (auto& inner_circuit : inner_circuits) { - auto instance = std::make_shared(inner_circuit); - Prover prover(instance); - auto verification_key = std::make_shared(instance->proving_key); + auto proving_key = std::make_shared(inner_circuit); + Prover prover(proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); Verifier verifier(verification_key); auto inner_proof = prover.construct_proof(); @@ -222,11 +222,11 @@ TEST_F(AcirHonkRecursionConstraint, TestBasicSingleHonkRecursionConstraint) info("circuit gates = ", layer_2_circuit.get_num_gates()); - auto instance = std::make_shared(layer_2_circuit); - Prover prover(instance); - info("prover gates = ", instance->proving_key.circuit_size); + auto proving_key = std::make_shared(layer_2_circuit); + Prover prover(proving_key); + info("prover gates = ", proving_key->proving_key.circuit_size); auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(instance->proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); Verifier verifier(verification_key); EXPECT_EQ(verifier.verify_proof(proof), true); } @@ -242,11 +242,11 @@ TEST_F(AcirHonkRecursionConstraint, TestBasicDoubleHonkRecursionConstraints) info("circuit gates = ", layer_2_circuit.get_num_gates()); - auto instance = std::make_shared(layer_2_circuit); - Prover prover(instance); - info("prover gates = ", instance->proving_key.circuit_size); + auto proving_key = std::make_shared(layer_2_circuit); + Prover prover(proving_key); + info("prover gates = ", proving_key->proving_key.circuit_size); auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(instance->proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); Verifier verifier(verification_key); EXPECT_EQ(verifier.verify_proof(proof), true); } @@ -300,11 +300,11 @@ TEST_F(AcirHonkRecursionConstraint, TestOneOuterRecursiveCircuit) info("created second outer circuit"); info("number of gates in layer 3 = ", layer_3_circuit.get_num_gates()); - auto instance = std::make_shared(layer_3_circuit); - Prover prover(instance); - info("prover gates = ", instance->proving_key.circuit_size); + auto proving_key = std::make_shared(layer_3_circuit); + Prover prover(proving_key); + info("prover gates = ", proving_key->proving_key.circuit_size); auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(instance->proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); Verifier verifier(verification_key); EXPECT_EQ(verifier.verify_proof(proof), true); } @@ -330,11 +330,11 @@ TEST_F(AcirHonkRecursionConstraint, TestFullRecursiveComposition) info("created third outer circuit"); info("number of gates in layer 3 circuit = ", layer_3_circuit.get_num_gates()); - auto instance = std::make_shared(layer_3_circuit); - Prover prover(instance); - info("prover gates = ", instance->proving_key.circuit_size); + auto proving_key = std::make_shared(layer_3_circuit); + Prover prover(proving_key); + info("prover gates = ", proving_key->proving_key.circuit_size); auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(instance->proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); Verifier verifier(verification_key); EXPECT_EQ(verifier.verify_proof(proof), true); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp index 677220bb856..6e03f99ec3c 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/c_bind.cpp @@ -75,7 +75,7 @@ WASM_EXPORT void acir_prove_and_verify_ultra_honk(uint8_t const* acir_vec, uint8 UltraProver prover{ builder }; auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(prover.instance->proving_key); + auto verification_key = std::make_shared(prover.proving_key->proving_key); UltraVerifier verifier{ verification_key }; *result = verifier.verify_proof(proof); @@ -121,7 +121,7 @@ WASM_EXPORT void acir_prove_and_verify_mega_honk(uint8_t const* acir_vec, uint8_ MegaProver prover{ builder }; auto proof = prover.construct_proof(); - auto verification_key = std::make_shared(prover.instance->proving_key); + auto verification_key = std::make_shared(prover.proving_key->proving_key); MegaVerifier verifier{ verification_key }; *result = verifier.verify_proof(proof); @@ -230,14 +230,14 @@ WASM_EXPORT void acir_verify_ultra_honk(uint8_t const* proof_buf, uint8_t const* WASM_EXPORT void acir_write_vk_ultra_honk(uint8_t const* acir_vec, uint8_t** out) { - using ProverInstance = ProverInstance_; + using DeciderProvingKey = DeciderProvingKey_; using VerificationKey = UltraFlavor::VerificationKey; auto constraint_system = acir_format::circuit_buf_to_acir_format(from_buffer>(acir_vec), /*honk_recursion=*/true); auto builder = acir_format::create_circuit(constraint_system, 0, {}, /*honk_recursion=*/true); - ProverInstance prover_inst(builder); + DeciderProvingKey prover_inst(builder); VerificationKey vk(prover_inst.proving_key); *out = to_heap_buffer(to_buffer(vk)); } diff --git a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp index 93a907f69da..752ef633ebc 100644 --- a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp +++ b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp @@ -67,7 +67,7 @@ template class ExecutionTrace_ { * constructs a trace that is both sorted and "structured" in the sense that each block/gate-type has a fixed amount * of space within the wire polynomials, regardless of how many actual constraints of each type exist. This is * useful primarily for folding since it guarantees that the set of relations that must be executed at each row is - * consistent across all instances. + * consistent across all folding steps. * * @param builder * @param is_structured whether or not the trace is to be structured with a fixed block size diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 91a8ef652d4..98be3e69610 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -273,10 +273,10 @@ template constexpr size_t compute_number_of_subrelations() * @brief Utility function to construct a container for the subrelation accumulators of Protogalaxy folding. * @details The size of the outer tuple is equal to the number of relations. Each relation contributes an inner tuple of * univariates whose size is equal to the number of subrelations of the relation. The length of a univariate in an inner - * tuple is determined by the corresponding subrelation length and the number of instances to be folded. + * tuple is determined by the corresponding subrelation length and the number of keys to be folded. * @tparam optimised Enable optimised version with skipping some of the computation */ -template +template constexpr auto create_protogalaxy_tuple_of_tuples_of_univariates() { constexpr auto seq = std::make_index_sequence>(); @@ -284,11 +284,11 @@ constexpr auto create_protogalaxy_tuple_of_tuples_of_univariates() if constexpr (optimised) { return std::make_tuple( typename std::tuple_element_t::template ProtogalaxyTupleOfUnivariatesOverSubrelations< - NUM_INSTANCES>{}...); + NUM_KEYS>{}...); } else { return std::make_tuple( typename std::tuple_element_t:: - template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping{}...); + template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping{}...); } }(seq); } diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp index ac19110f4c2..55336db7f0b 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp @@ -30,7 +30,7 @@ class GoblinProver { using Builder = MegaCircuitBuilder; using Fr = bb::fr; using Transcript = NativeTranscript; - using MegaProverInstance = ProverInstance_; + using MegaDeciderProvingKey = DeciderProvingKey_; using OpQueue = bb::ECCOpQueue; using ECCVMFlavor = bb::ECCVMFlavor; using ECCVMBuilder = bb::ECCVMCircuitBuilder; @@ -92,10 +92,10 @@ class GoblinProver { } // Construct a Honk proof for the main circuit - auto instance = std::make_shared(circuit_builder); - MegaProver prover(instance); + auto proving_key = std::make_shared(circuit_builder); + MegaProver prover(proving_key); auto ultra_proof = prover.construct_proof(); - auto verification_key = std::make_shared(instance->proving_key); + auto verification_key = std::make_shared(proving_key->proving_key); // Construct and store the merge proof to be recursively verified on the next call to accumulate MergeProver merge_prover{ circuit_builder.op_queue }; @@ -151,8 +151,8 @@ class GoblinProver { // TODO(https://github.com/AztecProtocol/barretenberg/issues/993): Some circuits (particularly on the first call // to accumulate) may not have any goblin ecc ops prior to the call to merge(), so the commitment to the new // contribution (C_t_shift) in the merge prover will be the point at infinity. (Note: Some dummy ops are added - // in 'add_gates_to_ensure...' but not until instance construction which comes later). See issue for ideas about - // how to resolve. + // in 'add_gates_to_ensure...' but not until proving_key construction which comes later). See issue for ideas + // about how to resolve. if (circuit_builder.blocks.ecc_op.size() == 0) { MockCircuits::construct_goblin_ecc_op_circuit(circuit_builder); // Add some arbitrary goblin ECC ops } diff --git a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp index 241f546cef3..a7a77544b06 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits.hpp @@ -30,10 +30,11 @@ class GoblinMockCircuits { using Flavor = bb::MegaFlavor; using RecursiveFlavor = bb::MegaRecursiveFlavor_; using RecursiveVerifier = bb::stdlib::recursion::honk::UltraRecursiveVerifier_; - using VerifierInstance = bb::VerifierInstance_; - using RecursiveVerifierInstance = ::bb::stdlib::recursion::honk::RecursiveVerifierInstance_; - using RecursiveVerificationKey = RecursiveVerifierInstance::VerificationKey; - using RecursiveVerifierAccumulator = std::shared_ptr; + using DeciderVerificationKey = bb::DeciderVerificationKey_; + using RecursiveDeciderVerificationKey = + ::bb::stdlib::recursion::honk::RecursiveDeciderVerificationKey_; + using RecursiveVerificationKey = RecursiveDeciderVerificationKey::VerificationKey; + using RecursiveVerifierAccumulator = std::shared_ptr; using VerificationKey = Flavor::VerificationKey; static constexpr size_t NUM_OP_QUEUE_COLUMNS = Flavor::NUM_WIRES; @@ -65,9 +66,9 @@ class GoblinMockCircuits { // TODO(https://github.com/AztecProtocol/barretenberg/issues/911): We require goblin ops to be added to the // function circuit because we cannot support zero commtiments. While the builder handles this at - // ProverInstance creation stage via the add_gates_to_ensure_all_polys_are_non_zero function for other MegaHonk - // circuits (where we don't explicitly need to add goblin ops), in IVC merge proving happens prior to folding - // where the absense of goblin ecc ops will result in zero commitments. + // DeciderProvingKey creation stage via the add_gates_to_ensure_all_polys_are_non_zero function for other + // MegaHonk circuits (where we don't explicitly need to add goblin ops), in IVC merge proving happens prior to + // folding where the absense of goblin ecc ops will result in zero commitments. MockCircuits::construct_goblin_ecc_op_circuit(builder); } @@ -98,9 +99,9 @@ class GoblinMockCircuits { // TODO(https://github.com/AztecProtocol/barretenberg/issues/911): We require goblin ops to be added to the // function circuit because we cannot support zero commtiments. While the builder handles this at - // ProverInstance creation stage via the add_gates_to_ensure_all_polys_are_non_zero function for other MegaHonk - // circuits (where we don't explicitly need to add goblin ops), in ClientIVC merge proving happens prior to - // folding where the absense of goblin ecc ops will result in zero commitments. + // DeciderProvingKey creation stage via the add_gates_to_ensure_all_polys_are_non_zero function for other + // MegaHonk circuits (where we don't explicitly need to add goblin ops), in ClientIVC merge proving happens + // prior to folding where the absense of goblin ecc ops will result in zero commitments. MockCircuits::construct_goblin_ecc_op_circuit(builder); } diff --git a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp index 38c14d4b5cb..6367c157c15 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp @@ -13,7 +13,7 @@ using namespace bb; */ class MegaMockCircuitsPinning : public ::testing::Test { protected: - using ProverInstance = ProverInstance_; + using DeciderProvingKey = DeciderProvingKey_; static void SetUpTestSuite() { srs::init_crs_factory("../srs_db/ignition"); } }; @@ -23,11 +23,11 @@ TEST_F(MegaMockCircuitsPinning, FunctionSizes) GoblinProver goblin; MegaCircuitBuilder app_circuit{ goblin.op_queue }; GoblinMockCircuits::construct_mock_function_circuit(app_circuit, large); - auto instance = std::make_shared(app_circuit); + auto proving_key = std::make_shared(app_circuit); if (large) { - EXPECT_EQ(instance->proving_key.log_circuit_size, 19); + EXPECT_EQ(proving_key->proving_key.log_circuit_size, 19); } else { - EXPECT_EQ(instance->proving_key.log_circuit_size, 17); + EXPECT_EQ(proving_key->proving_key.log_circuit_size, 17); }; }; run_test(true); @@ -40,11 +40,11 @@ TEST_F(MegaMockCircuitsPinning, AppCircuitSizes) GoblinProver goblin; MegaCircuitBuilder app_circuit{ goblin.op_queue }; GoblinMockCircuits::construct_mock_app_circuit(app_circuit, large); - auto instance = std::make_shared(app_circuit); + auto proving_key = std::make_shared(app_circuit); if (large) { - EXPECT_EQ(instance->proving_key.log_circuit_size, 19); + EXPECT_EQ(proving_key->proving_key.log_circuit_size, 19); } else { - EXPECT_EQ(instance->proving_key.log_circuit_size, 17); + EXPECT_EQ(proving_key->proving_key.log_circuit_size, 17); }; }; run_test(true); diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp index add3db82ec1..96f3bd65900 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp @@ -2,7 +2,7 @@ #include "barretenberg/common/log.hpp" -namespace bb::instance_inspector { +namespace bb::proving_key_inspector { // Determine whether a polynomial has at least one non-zero coefficient bool is_non_zero(auto& polynomial) @@ -16,13 +16,13 @@ bool is_non_zero(auto& polynomial) } /** - * @brief Utility for indicating which polynomials in a prover instance are identically zero + * @brief Utility for indicating which polynomials in a decider proving key are identically zero * - * @param prover_instance + * @param decider_proving_key */ -void inspect_instance(auto& prover_instance) +void inspect_proving_key(auto& decider_proving_key) { - auto& prover_polys = prover_instance->prover_polynomials; + auto& prover_polys = decider_proving_key->prover_polynomials; std::vector zero_polys; for (auto [label, poly] : zip_view(prover_polys.get_labels(), prover_polys.get_all())) { if (!is_non_zero(poly)) { @@ -30,9 +30,9 @@ void inspect_instance(auto& prover_instance) } } if (zero_polys.empty()) { - info("\nInstance Inspector: All prover polynomials are non-zero."); + info("\nProving Key Inspector: All prover polynomials are non-zero."); } else { - info("\nInstance Inspector: The following prover polynomials are identically zero: "); + info("\nProving Key Inspector: The following prover polynomials are identically zero: "); for (const std::string& label : zero_polys) { info("\t", label); } @@ -43,13 +43,13 @@ void inspect_instance(auto& prover_instance) /** * @brief Print some useful info about polys related to the databus lookup relation * - * @param prover_instance + * @param decider_proving_key */ -void print_databus_info(auto& prover_instance) +void print_databus_info(auto& decider_proving_key) { - info("\nInstance Inspector: Printing databus gate info."); - auto& key = prover_instance->proving_key; - for (size_t idx = 0; idx < prover_instance->proving_key.circuit_size; ++idx) { + info("\nProving Key Inspector: Printing databus gate info."); + auto& key = decider_proving_key->proving_key; + for (size_t idx = 0; idx < decider_proving_key->proving_key.circuit_size; ++idx) { if (key->q_busread[idx] == 1) { info("idx = ", idx); info("q_busread = ", key->q_busread[idx]); @@ -66,4 +66,4 @@ void print_databus_info(auto& prover_instance) info(); } -} // namespace bb::instance_inspector \ No newline at end of file +} // namespace bb::proving_key_inspector \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/polynomials/univariate.hpp b/barretenberg/cpp/src/barretenberg/polynomials/univariate.hpp index 18af318f912..01fe32d72c6 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/univariate.hpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/univariate.hpp @@ -21,9 +21,9 @@ template class Univariate { public: diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp index a9bcb68de76..966fb045273 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp @@ -13,12 +13,12 @@ using FF = typename Flavor::FF; // TODO(https://github.com/AztecProtocol/barretenberg/issues/780): Improve combiner tests to check more than the // arithmetic relation so we more than unit test folding relation parameters and alpha as well. -TEST(Protogalaxy, CombinerOn2Instances) +TEST(Protogalaxy, CombinerOn2Keys) { - constexpr size_t NUM_INSTANCES = 2; - using ProverInstance = ProverInstance_; - using ProverInstances = ProverInstances_; - using Fun = ProtogalaxyProverInternal; + constexpr size_t NUM_KEYS = 2; + using DeciderProvingKey = DeciderProvingKey_; + using DeciderProvingKeys = DeciderProvingKeys_; + using Fun = ProtogalaxyProverInternal; const auto restrict_to_standard_arithmetic_relation = [](auto& polys) { std::fill(polys.q_arith.begin(), polys.q_arith.end(), 1); @@ -37,26 +37,26 @@ TEST(Protogalaxy, CombinerOn2Instances) // Combiner test on prover polynomisls containing random values, restricted to only the standard arithmetic // relation. if (is_random_input) { - std::vector> instance_data(NUM_INSTANCES); + std::vector> keys_data(NUM_KEYS); - for (size_t idx = 0; idx < NUM_INSTANCES; idx++) { - auto instance = std::make_shared(); + for (size_t idx = 0; idx < NUM_KEYS; idx++) { + auto key = std::make_shared(); auto prover_polynomials = get_sequential_prover_polynomials( /*log_circuit_size=*/1, idx * 128); restrict_to_standard_arithmetic_relation(prover_polynomials); - instance->proving_key.polynomials = std::move(prover_polynomials); - instance->proving_key.circuit_size = 2; - instance->proving_key.log_circuit_size = 1; - instance_data[idx] = instance; + key->proving_key.polynomials = std::move(prover_polynomials); + key->proving_key.circuit_size = 2; + key->proving_key.log_circuit_size = 1; + keys_data[idx] = key; } - ProverInstances instances{ instance_data }; + DeciderProvingKeys keys{ keys_data }; Fun::UnivariateRelationSeparator alphas; alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1); Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( - instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + keys, gate_separators, univariate_relation_parameters_no_skpping, alphas); // The expected_result values are computed by running the python script combiner_example_gen.py auto expected_result = Univariate(std::array{ 9704UL, 13245288UL, @@ -72,20 +72,20 @@ TEST(Protogalaxy, CombinerOn2Instances) 9072095848UL }); EXPECT_EQ(result_no_skipping, expected_result); } else { - std::vector> instance_data(NUM_INSTANCES); + std::vector> keys_data(NUM_KEYS); - for (size_t idx = 0; idx < NUM_INSTANCES; idx++) { - auto instance = std::make_shared(); + for (size_t idx = 0; idx < NUM_KEYS; idx++) { + auto key = std::make_shared(); auto prover_polynomials = get_zero_prover_polynomials( /*log_circuit_size=*/1); restrict_to_standard_arithmetic_relation(prover_polynomials); - instance->proving_key.polynomials = std::move(prover_polynomials); - instance->proving_key.circuit_size = 2; - instance->proving_key.log_circuit_size = 1; - instance_data[idx] = instance; + key->proving_key.polynomials = std::move(prover_polynomials); + key->proving_key.circuit_size = 2; + key->proving_key.log_circuit_size = 1; + keys_data[idx] = key; } - ProverInstances instances{ instance_data }; + DeciderProvingKeys keys{ keys_data }; Fun::UnivariateRelationSeparator alphas; alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only @@ -106,15 +106,15 @@ TEST(Protogalaxy, CombinerOn2Instances) polys.q_o[idx] = -1; }; - create_add_gate(instances[0]->proving_key.polynomials, 0, 1, 2); - create_add_gate(instances[0]->proving_key.polynomials, 1, 0, 4); - create_add_gate(instances[1]->proving_key.polynomials, 0, 3, 4); - create_mul_gate(instances[1]->proving_key.polynomials, 1, 1, 4); + create_add_gate(keys[0]->proving_key.polynomials, 0, 1, 2); + create_add_gate(keys[0]->proving_key.polynomials, 1, 0, 4); + create_add_gate(keys[1]->proving_key.polynomials, 0, 3, 4); + create_mul_gate(keys[1]->proving_key.polynomials, 1, 1, 4); - restrict_to_standard_arithmetic_relation(instances[0]->proving_key.polynomials); - restrict_to_standard_arithmetic_relation(instances[1]->proving_key.polynomials); + restrict_to_standard_arithmetic_relation(keys[0]->proving_key.polynomials); + restrict_to_standard_arithmetic_relation(keys[1]->proving_key.polynomials); - /* Instance 0 Instance 1 + /* DeciderProvingKey 0 DeciderProvingKey 1 w_l w_r w_o q_m q_l q_r q_o q_c w_l w_r w_o q_m q_l q_r q_o q_c 1 2 3 0 1 1 -1 0 3 4 7 0 1 1 -1 0 0 4 4 0 1 1 -1 0 1 4 4 1 0 0 -1 0 */ @@ -137,9 +137,9 @@ TEST(Protogalaxy, CombinerOn2Instances) Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; Fun::UnivariateRelationParameters univariate_relation_parameters; auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( - instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + keys, gate_separators, univariate_relation_parameters_no_skpping, alphas); auto result_with_skipping = - Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas); + Fun::compute_combiner(keys, gate_separators, univariate_relation_parameters, alphas); auto expected_result = Univariate(std::array{ 0, 0, 12, 36, 72, 120, 180, 252, 336, 432, 540, 660 }); @@ -154,10 +154,10 @@ TEST(Protogalaxy, CombinerOn2Instances) // Check that the optimized combiner computation yields a result consistent with the unoptimized version TEST(Protogalaxy, CombinerOptimizationConsistency) { - constexpr size_t NUM_INSTANCES = 2; - using ProverInstance = ProverInstance_; - using ProverInstances = ProverInstances_; - using Fun = ProtogalaxyProverInternal; + constexpr size_t NUM_KEYS = 2; + using DeciderProvingKey = DeciderProvingKey_; + using DeciderProvingKeys = DeciderProvingKeys_; + using Fun = ProtogalaxyProverInternal; using UltraArithmeticRelation = UltraArithmeticRelation; constexpr size_t UNIVARIATE_LENGTH = 12; @@ -176,77 +176,75 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) // Combiner test on prover polynomisls containing random values, restricted to only the standard arithmetic // relation. if (is_random_input) { - std::vector> instance_data(NUM_INSTANCES); - ASSERT(NUM_INSTANCES == 2); // Don't want to handle more here + std::vector> keys_data(NUM_KEYS); + ASSERT(NUM_KEYS == 2); // Don't want to handle more here - for (size_t idx = 0; idx < NUM_INSTANCES; idx++) { - auto instance = std::make_shared(); + for (size_t idx = 0; idx < NUM_KEYS; idx++) { + auto key = std::make_shared(); auto prover_polynomials = get_sequential_prover_polynomials( /*log_circuit_size=*/1, idx * 128); restrict_to_standard_arithmetic_relation(prover_polynomials); - instance->proving_key.polynomials = std::move(prover_polynomials); - instance->proving_key.circuit_size = 2; - instance->proving_key.log_circuit_size = 1; - instance_data[idx] = instance; + key->proving_key.polynomials = std::move(prover_polynomials); + key->proving_key.circuit_size = 2; + key->proving_key.log_circuit_size = 1; + keys_data[idx] = key; } - ProverInstances instances{ instance_data }; + DeciderProvingKeys keys{ keys_data }; Fun::UnivariateRelationSeparator alphas; alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1); // Relation parameters are all zeroes RelationParameters relation_parameters; - // Temporary accumulator to compute the sumcheck on the second instance + // Temporary accumulator to compute the sumcheck on the second key typename Flavor::TupleOfArraysOfValues temporary_accumulator; - // Accumulate arithmetic relation over 2 rows on the second instance + // Accumulate arithmetic relation over 2 rows on the second key for (size_t i = 0; i < 2; i++) { - UltraArithmeticRelation::accumulate( - std::get<0>(temporary_accumulator), - instance_data[NUM_INSTANCES - 1]->proving_key.polynomials.get_row(i), - relation_parameters, - gate_separators[i]); + UltraArithmeticRelation::accumulate(std::get<0>(temporary_accumulator), + keys_data[NUM_KEYS - 1]->proving_key.polynomials.get_row(i), + relation_parameters, + gate_separators[i]); } // Get the result of the 0th subrelation of the arithmetic relation - FF instance_offset = std::get<0>(temporary_accumulator)[0]; + FF key_offset = std::get<0>(temporary_accumulator)[0]; // Subtract it from q_c[0] (it directly affect the target sum, making it zero and enabling the optimisation) - instance_data[1]->proving_key.polynomials.q_c[0] -= instance_offset; + keys_data[1]->proving_key.polynomials.q_c[0] -= key_offset; std::vector extended_polynomials; // These hold the extensions of prover polynomials // Manually extend all polynomials. Create new ProverPolynomials from extended values - for (size_t idx = NUM_INSTANCES; idx < UNIVARIATE_LENGTH; idx++) { + for (size_t idx = NUM_KEYS; idx < UNIVARIATE_LENGTH; idx++) { - auto instance = std::make_shared(); + auto key = std::make_shared(); auto prover_polynomials = get_zero_prover_polynomials(1); - for (auto [instance_0_polynomial, instance_1_polynomial, new_polynomial] : - zip_view(instance_data[0]->proving_key.polynomials.get_all(), - instance_data[1]->proving_key.polynomials.get_all(), + for (auto [key_0_polynomial, key_1_polynomial, new_polynomial] : + zip_view(keys_data[0]->proving_key.polynomials.get_all(), + keys_data[1]->proving_key.polynomials.get_all(), prover_polynomials.get_all())) { for (size_t i = 0; i < /*circuit_size*/ 2; i++) { - new_polynomial[i] = - instance_0_polynomial[i] + ((instance_1_polynomial[i] - instance_0_polynomial[i]) * idx); + new_polynomial[i] = key_0_polynomial[i] + ((key_1_polynomial[i] - key_0_polynomial[i]) * idx); } } extended_polynomials.push_back(std::move(prover_polynomials)); } std::array precomputed_result{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - // Compute the sum for each index separately, treating each extended instance independently + // Compute the sum for each index separately, treating each extended key independently for (size_t idx = 0; idx < UNIVARIATE_LENGTH; idx++) { typename Flavor::TupleOfArraysOfValues accumulator; - if (idx < NUM_INSTANCES) { + if (idx < NUM_KEYS) { for (size_t i = 0; i < 2; i++) { UltraArithmeticRelation::accumulate(std::get<0>(accumulator), - instance_data[idx]->proving_key.polynomials.get_row(i), + keys_data[idx]->proving_key.polynomials.get_row(i), relation_parameters, gate_separators[i]); } } else { for (size_t i = 0; i < 2; i++) { UltraArithmeticRelation::accumulate(std::get<0>(accumulator), - extended_polynomials[idx - NUM_INSTANCES].get_row(i), + extended_polynomials[idx - NUM_KEYS].get_row(i), relation_parameters, gate_separators[i]); } @@ -257,27 +255,27 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; Fun::UnivariateRelationParameters univariate_relation_parameters; auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( - instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + keys, gate_separators, univariate_relation_parameters_no_skpping, alphas); auto result_with_skipping = - Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas); + Fun::compute_combiner(keys, gate_separators, univariate_relation_parameters, alphas); EXPECT_EQ(result_no_skipping, expected_result); EXPECT_EQ(result_with_skipping, expected_result); } else { - std::vector> instance_data(NUM_INSTANCES); + std::vector> keys_data(NUM_KEYS); - for (size_t idx = 0; idx < NUM_INSTANCES; idx++) { - auto instance = std::make_shared(); + for (size_t idx = 0; idx < NUM_KEYS; idx++) { + auto key = std::make_shared(); auto prover_polynomials = get_zero_prover_polynomials( /*log_circuit_size=*/1); restrict_to_standard_arithmetic_relation(prover_polynomials); - instance->proving_key.polynomials = std::move(prover_polynomials); - instance->proving_key.circuit_size = 2; - instance->proving_key.log_circuit_size = 1; - instance_data[idx] = instance; + key->proving_key.polynomials = std::move(prover_polynomials); + key->proving_key.circuit_size = 2; + key->proving_key.log_circuit_size = 1; + keys_data[idx] = key; } - ProverInstances instances{ instance_data }; + DeciderProvingKeys keys{ keys_data }; Fun::UnivariateRelationSeparator alphas; alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only @@ -298,15 +296,15 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) polys.q_o[idx] = -1; }; - create_add_gate(instances[0]->proving_key.polynomials, 0, 1, 2); - create_add_gate(instances[0]->proving_key.polynomials, 1, 0, 4); - create_add_gate(instances[1]->proving_key.polynomials, 0, 3, 4); - create_mul_gate(instances[1]->proving_key.polynomials, 1, 1, 4); + create_add_gate(keys[0]->proving_key.polynomials, 0, 1, 2); + create_add_gate(keys[0]->proving_key.polynomials, 1, 0, 4); + create_add_gate(keys[1]->proving_key.polynomials, 0, 3, 4); + create_mul_gate(keys[1]->proving_key.polynomials, 1, 1, 4); - restrict_to_standard_arithmetic_relation(instances[0]->proving_key.polynomials); - restrict_to_standard_arithmetic_relation(instances[1]->proving_key.polynomials); + restrict_to_standard_arithmetic_relation(keys[0]->proving_key.polynomials); + restrict_to_standard_arithmetic_relation(keys[1]->proving_key.polynomials); - /* Instance 0 Instance 1 + /* DeciderProvingKey 0 DeciderProvingKey 1 w_l w_r w_o q_m q_l q_r q_o q_c w_l w_r w_o q_m q_l q_r q_o q_c 1 2 3 0 1 1 -1 0 3 4 7 0 1 1 -1 0 0 4 4 0 1 1 -1 0 1 4 4 1 0 0 -1 0 */ @@ -329,9 +327,9 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; Fun::UnivariateRelationParameters univariate_relation_parameters; auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( - instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + keys, gate_separators, univariate_relation_parameters_no_skpping, alphas); auto result_with_skipping = - Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas); + Fun::compute_combiner(keys, gate_separators, univariate_relation_parameters, alphas); auto expected_result = Univariate(std::array{ 0, 0, 12, 36, 72, 120, 180, 252, 336, 432, 540, 660 }); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/folding_result.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/folding_result.hpp index 61d6fdf3dd3..016668440f2 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/folding_result.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/folding_result.hpp @@ -4,14 +4,12 @@ #include "barretenberg/sumcheck/instance/prover_instance.hpp" namespace bb { /** - * @brief The result of running the Protogalaxy prover containing a new accumulator (relaxed instance) as well as the - * proof data to instantiate the verifier transcript. - * - * @tparam Flavor + * @brief The result of running the Protogalaxy prover containing a new accumulator as well as the proof data to + * instantiate the verifier transcript. */ template struct FoldingResult { public: - std::shared_ptr> accumulator; + std::shared_ptr> accumulator; // TODO(https://github.com/AztecProtocol/barretenberg/issues/656): turn folding data into a struct std::vector proof; }; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp index 910903abf24..59952528415 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp @@ -19,11 +19,11 @@ auto& engine = numeric::get_debug_randomness(); template class ProtogalaxyTests : public testing::Test { public: using VerificationKey = typename Flavor::VerificationKey; - using ProverInstance = ProverInstance_; - using ProverInstances = ProverInstances_; - using VerifierInstance = VerifierInstance_; - using VerifierInstances = VerifierInstances_; - using ProtogalaxyProver = ProtogalaxyProver_; + using DeciderProvingKey = DeciderProvingKey_; + using DeciderProvingKeys = DeciderProvingKeys_; + using DeciderVerificationKey = DeciderVerificationKey_; + using DeciderVerificationKeys = DeciderVerificationKeys_; + using ProtogalaxyProver = ProtogalaxyProver_; using FF = typename Flavor::FF; using Affine = typename Flavor::Commitment; using Projective = typename Flavor::GroupElement; @@ -36,12 +36,12 @@ template class ProtogalaxyTests : public testing::Test { using GateSeparatorPolynomial = bb::GateSeparatorPolynomial; using DeciderProver = DeciderProver_; using DeciderVerifier = DeciderVerifier_; - using FoldingProver = ProtogalaxyProver_; - using FoldingVerifier = ProtogalaxyVerifier_; - using Fun = ProtogalaxyProverInternal; + using FoldingProver = ProtogalaxyProver_; + using FoldingVerifier = ProtogalaxyVerifier_; + using Fun = ProtogalaxyProverInternal; - using TupleOfInstances = - std::tuple>, std::vector>>; + using TupleOfKeys = std::tuple>, + std::vector>>; static void SetUpTestSuite() { bb::srs::init_crs_factory("../srs_db/ignition"); } @@ -53,48 +53,47 @@ template class ProtogalaxyTests : public testing::Test { } } - // Construct prover and verifier instance for a provided circuit and add to tuple - static void construct_prover_and_verifier_instance(TupleOfInstances& instances, - Builder& builder, - TraceStructure structure = TraceStructure::NONE) + // Construct decider keys for a provided circuit and add to tuple + static void construct_keys(TupleOfKeys& keys, Builder& builder, TraceStructure structure = TraceStructure::NONE) { - auto prover_instance = std::make_shared(builder, structure); - auto verification_key = std::make_shared(prover_instance->proving_key); - auto verifier_instance = std::make_shared(verification_key); - get<0>(instances).emplace_back(prover_instance); - get<1>(instances).emplace_back(verifier_instance); + auto decider_proving_key = std::make_shared(builder, structure); + auto verification_key = std::make_shared(decider_proving_key->proving_key); + auto decider_verification_keys = std::make_shared(verification_key); + get<0>(keys).emplace_back(decider_proving_key); + get<1>(keys).emplace_back(decider_verification_keys); } - // constructs num_insts number of prover and verifier instances - static TupleOfInstances construct_instances(size_t num_insts, TraceStructure structure = TraceStructure::NONE) + // Construct a given numer of decider key pairs + static TupleOfKeys construct_keys(size_t num_keys, TraceStructure structure = TraceStructure::NONE) { - TupleOfInstances instances; + TupleOfKeys keys; // TODO(https://github.com/AztecProtocol/barretenberg/issues/938): Parallelize this loop - for (size_t idx = 0; idx < num_insts; idx++) { + for (size_t idx = 0; idx < num_keys; idx++) { auto builder = typename Flavor::CircuitBuilder(); construct_circuit(builder); - construct_prover_and_verifier_instance(instances, builder, structure); + construct_keys(keys, builder, structure); } - return instances; + return keys; } - static std::tuple, std::shared_ptr> fold_and_verify( - const std::vector>& prover_instances, - const std::vector>& verifier_instances) + static std::tuple, std::shared_ptr> fold_and_verify( + const std::vector>& proving_keys, + const std::vector>& verification_keys) { - FoldingProver folding_prover(prover_instances); - FoldingVerifier folding_verifier(verifier_instances); + FoldingProver folding_prover(proving_keys); + FoldingVerifier folding_verifier(verification_keys); auto [prover_accumulator, folding_proof] = folding_prover.prove(); auto verifier_accumulator = folding_verifier.verify_folding_proof(folding_proof); return { prover_accumulator, verifier_accumulator }; } - static void check_accumulator_target_sum_manual(std::shared_ptr& accumulator, bool expected_result) + static void check_accumulator_target_sum_manual(std::shared_ptr& accumulator, + bool expected_result) { - auto instance_size = accumulator->proving_key.circuit_size; + size_t accumulator_size = accumulator->proving_key.circuit_size; auto expected_honk_evals = Fun::compute_row_evaluations( accumulator->proving_key.polynomials, accumulator->alphas, accumulator->relation_parameters); // Construct pow(\vec{betas*}) as in the paper @@ -102,15 +101,15 @@ template class ProtogalaxyTests : public testing::Test { accumulator->gate_challenges.size()); // Compute the corresponding target sum and create a dummy accumulator - auto expected_target_sum = FF(0); - for (size_t i = 0; i < instance_size; i++) { - expected_target_sum += expected_honk_evals[i] * expected_gate_separators[i]; + FF expected_target_sum{ 0 }; + for (size_t idx = 0; idx < accumulator_size; idx++) { + expected_target_sum += expected_honk_evals[idx] * expected_gate_separators[idx]; } EXPECT_EQ(accumulator->target_sum == expected_target_sum, expected_result); } - static void decide_and_verify(std::shared_ptr& prover_accumulator, - std::shared_ptr& verifier_accumulator, + static void decide_and_verify(std::shared_ptr& prover_accumulator, + std::shared_ptr& verifier_accumulator, bool expected_result) { DeciderProver decider_prover(prover_accumulator); @@ -131,25 +130,25 @@ template class ProtogalaxyTests : public testing::Test { auto builder = typename Flavor::CircuitBuilder(); construct_circuit(builder); - auto instance = std::make_shared(builder); + auto decider_pk = std::make_shared(builder); - instance->relation_parameters.eta = FF::random_element(); - instance->relation_parameters.eta_two = FF::random_element(); - instance->relation_parameters.eta_three = FF::random_element(); - instance->relation_parameters.beta = FF::random_element(); - instance->relation_parameters.gamma = FF::random_element(); + decider_pk->relation_parameters.eta = FF::random_element(); + decider_pk->relation_parameters.eta_two = FF::random_element(); + decider_pk->relation_parameters.eta_three = FF::random_element(); + decider_pk->relation_parameters.beta = FF::random_element(); + decider_pk->relation_parameters.gamma = FF::random_element(); - instance->proving_key.add_ram_rom_memory_records_to_wire_4(instance->relation_parameters.eta, - instance->relation_parameters.eta_two, - instance->relation_parameters.eta_three); - instance->proving_key.compute_logderivative_inverses(instance->relation_parameters); - instance->proving_key.compute_grand_product_polynomials(instance->relation_parameters); + decider_pk->proving_key.add_ram_rom_memory_records_to_wire_4(decider_pk->relation_parameters.eta, + decider_pk->relation_parameters.eta_two, + decider_pk->relation_parameters.eta_three); + decider_pk->proving_key.compute_logderivative_inverses(decider_pk->relation_parameters); + decider_pk->proving_key.compute_grand_product_polynomials(decider_pk->relation_parameters); - for (auto& alpha : instance->alphas) { + for (auto& alpha : decider_pk->alphas) { alpha = FF::random_element(); } auto full_honk_evals = Fun::compute_row_evaluations( - instance->proving_key.polynomials, instance->alphas, instance->relation_parameters); + decider_pk->proving_key.polynomials, decider_pk->alphas, decider_pk->relation_parameters); // Evaluations should be 0 for valid circuit for (const auto& eval : full_honk_evals) { @@ -169,7 +168,7 @@ template class ProtogalaxyTests : public testing::Test { std::vector full_honk_evaluations = { FF(1), FF(1), FF(1), FF(1), FF(1), FF(1), FF(1), FF(1) }; auto perturbator = Fun::construct_perturbator_coefficients(betas, deltas, full_honk_evaluations); std::vector expected_values = { FF(648), FF(936), FF(432), FF(64) }; - EXPECT_EQ(perturbator.size(), 4); // log(instance_size) + 1 + EXPECT_EQ(perturbator.size(), 4); // log(size) + 1 for (size_t i = 0; i < perturbator.size(); i++) { EXPECT_EQ(perturbator[i], expected_values[i]); } @@ -183,12 +182,12 @@ template class ProtogalaxyTests : public testing::Test { static void test_pertubator_polynomial() { using RelationSeparator = typename Flavor::RelationSeparator; - const size_t log_instance_size(3); - const size_t instance_size(1 << log_instance_size); + const size_t log_size(3); + const size_t size(1 << log_size); // Construct fully random prover polynomials ProverPolynomials full_polynomials; for (auto& poly : full_polynomials.get_all()) { - poly = bb::Polynomial::random(instance_size); + poly = bb::Polynomial::random(size); } auto relation_parameters = bb::RelationParameters::get_random(); @@ -198,28 +197,28 @@ template class ProtogalaxyTests : public testing::Test { } auto full_honk_evals = Fun::compute_row_evaluations(full_polynomials, alphas, relation_parameters); - std::vector betas(log_instance_size); - for (size_t idx = 0; idx < log_instance_size; idx++) { + std::vector betas(log_size); + for (size_t idx = 0; idx < log_size; idx++) { betas[idx] = FF::random_element(); } // Construct pow(\vec{betas}) as in the paper - bb::GateSeparatorPolynomial gate_separators(betas, log_instance_size); + bb::GateSeparatorPolynomial gate_separators(betas, log_size); // Compute the corresponding target sum and create a dummy accumulator auto target_sum = FF(0); - for (size_t i = 0; i < instance_size; i++) { + for (size_t i = 0; i < size; i++) { target_sum += full_honk_evals[i] * gate_separators[i]; } - auto accumulator = std::make_shared(); + auto accumulator = std::make_shared(); accumulator->proving_key.polynomials = std::move(full_polynomials); accumulator->gate_challenges = betas; accumulator->target_sum = target_sum; accumulator->relation_parameters = relation_parameters; accumulator->alphas = alphas; - auto deltas = compute_round_challenge_pows(log_instance_size, FF::random_element()); + auto deltas = compute_round_challenge_pows(log_size, FF::random_element()); auto perturbator = Fun::compute_perturbator(accumulator, deltas); // Ensure the constant coefficient of the perturbator is equal to the target sum as indicated by the paper @@ -237,7 +236,7 @@ template class ProtogalaxyTests : public testing::Test { auto combiner = bb::Univariate(std::array{ 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 }); auto combiner_quotient = Fun::compute_combiner_quotient(perturbator_evaluation, combiner); - // K(i) = (G(i) - ( L_0(i) * F(\alpha)) / Z(i), i = {2,.., 13} for ProverInstances::NUM = 2 + // K(i) = (G(i) - ( L_0(i) * F(\alpha)) / Z(i), i = {2,.., 13} for DeciderProvingKeys::NUM = 2 // K(i) = (G(i) - (1 - i) * F(\alpha)) / i * (i - 1) auto expected_evals = bb::Univariate(std::array{ (FF(22) - (FF(1) - FF(2)) * perturbator_evaluation) / (FF(2) * FF(2 - 1)), @@ -258,27 +257,27 @@ template class ProtogalaxyTests : public testing::Test { } /** - * @brief For two dummy instances with their relation parameter η set, check that combining them in a + * @brief For two dummy decider proving keys with their relation parameter η set, check that combining them in a * univariate, barycentrially extended to the desired number of evaluations, is performed correctly. * */ static void test_compute_extended_relation_parameters() { Builder builder1; - auto instance1 = std::make_shared(builder1); - instance1->relation_parameters.eta = 1; + auto pk_1 = std::make_shared(builder1); + pk_1->relation_parameters.eta = 1; Builder builder2; builder2.add_variable(3); - auto instance2 = std::make_shared(builder2); - instance2->relation_parameters.eta = 3; + auto pk_2 = std::make_shared(builder2); + pk_2->relation_parameters.eta = 3; - ProverInstances instances{ { instance1, instance2 } }; + DeciderProvingKeys pks{ { pk_1, pk_2 } }; auto relation_parameters_no_optimistic_skipping = Fun::template compute_extended_relation_parameters< - typename Fun::UnivariateRelationParametersNoOptimisticSkipping>(instances); + typename Fun::UnivariateRelationParametersNoOptimisticSkipping>(pks); auto relation_parameters = Fun::template compute_extended_relation_parameters( - instances); + pks); bb::Univariate expected_eta{ { 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21 } }; EXPECT_EQ(relation_parameters_no_optimistic_skipping.eta, expected_eta); @@ -290,22 +289,22 @@ template class ProtogalaxyTests : public testing::Test { } /** - * @brief Given two dummy instances with the batching challenges alphas set (one for each subrelation) ensure - * combining them in a univariate of desired length works as expected. + * @brief Given two dummy decider proving_keys with the batching challenges alphas set (one for each subrelation) + * ensure combining them in a univariate of desired length works as expected. */ static void test_compute_and_extend_alphas() { Builder builder1; - auto instance1 = std::make_shared(builder1); - instance1->alphas.fill(2); + auto pk_1 = std::make_shared(builder1); + pk_1->alphas.fill(2); Builder builder2; builder2.add_variable(3); - auto instance2 = std::make_shared(builder2); - instance2->alphas.fill(4); + auto pk_2 = std::make_shared(builder2); + pk_2->alphas.fill(4); - ProverInstances instances{ { instance1, instance2 } }; - auto alphas = Fun::compute_and_extend_alphas(instances); + DeciderProvingKeys pks{ { pk_1, pk_2 } }; + auto alphas = Fun::compute_and_extend_alphas(pks); bb::Univariate expected_alphas{ { 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 } }; for (const auto& alpha : alphas) { @@ -321,13 +320,13 @@ template class ProtogalaxyTests : public testing::Test { static void test_protogalaxy_inhomogeneous() { auto check_fold_and_decide = [](Builder& circuit_1, Builder& circuit_2) { - // Construct the prover/verifier instances for each - TupleOfInstances instances; - construct_prover_and_verifier_instance(instances, circuit_1); - construct_prover_and_verifier_instance(instances, circuit_2); + // Construct decider key pairs for each + TupleOfKeys keys; + construct_keys(keys, circuit_1); + construct_keys(keys, circuit_2); // Perform prover and verifier folding - auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(instances), get<1>(instances)); + auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(keys), get<1>(keys)); check_accumulator_target_sum_manual(prover_accumulator, true); // Run decider @@ -402,13 +401,13 @@ template class ProtogalaxyTests : public testing::Test { } } - // Construct the prover/verifier instances for each - TupleOfInstances instances; - construct_prover_and_verifier_instance(instances, builder1); - construct_prover_and_verifier_instance(instances, builder2); + // Construct the key pairs for each + TupleOfKeys keys; + construct_keys(keys, builder1); + construct_keys(keys, builder2); // Perform prover and verifier folding - auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(instances), get<1>(instances)); + auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(keys), get<1>(keys)); // Expect failure in manual target sum check and decider bool expected_result = false; @@ -422,11 +421,11 @@ template class ProtogalaxyTests : public testing::Test { */ static void test_full_protogalaxy() { - TupleOfInstances insts = construct_instances(2); + TupleOfKeys insts = construct_keys(2); auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(insts), get<1>(insts)); check_accumulator_target_sum_manual(prover_accumulator, true); - TupleOfInstances insts_2 = construct_instances(1); // just one set of prover/verifier instances + TupleOfKeys insts_2 = construct_keys(1); // just one key pair auto [prover_accumulator_2, verifier_accumulator_2] = fold_and_verify({ prover_accumulator, get<0>(insts_2)[0] }, { verifier_accumulator, get<1>(insts_2)[0] }); check_accumulator_target_sum_manual(prover_accumulator_2, true); @@ -441,16 +440,15 @@ template class ProtogalaxyTests : public testing::Test { static void test_full_protogalaxy_structured_trace() { TraceStructure trace_structure = TraceStructure::SMALL_TEST; - TupleOfInstances instances = construct_instances(2, trace_structure); + TupleOfKeys keys_1 = construct_keys(2, trace_structure); - auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(instances), get<1>(instances)); + auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(keys_1), get<1>(keys_1)); check_accumulator_target_sum_manual(prover_accumulator, true); - TupleOfInstances instances_2 = - construct_instances(1, trace_structure); // just one set of prover/verifier instances + TupleOfKeys keys_2 = construct_keys(1, trace_structure); // just one key pair - auto [prover_accumulator_2, verifier_accumulator_2] = fold_and_verify( - { prover_accumulator, get<0>(instances_2)[0] }, { verifier_accumulator, get<1>(instances_2)[0] }); + auto [prover_accumulator_2, verifier_accumulator_2] = + fold_and_verify({ prover_accumulator, get<0>(keys_2)[0] }, { verifier_accumulator, get<1>(keys_2)[0] }); check_accumulator_target_sum_manual(prover_accumulator_2, true); info(prover_accumulator_2->proving_key.circuit_size); decide_and_verify(prover_accumulator_2, verifier_accumulator_2, true); @@ -479,22 +477,22 @@ template class ProtogalaxyTests : public testing::Test { MockCircuits::add_arithmetic_gates(builder2, 100); MockCircuits::add_arithmetic_gates(builder3, 1000); - // Construct the Prover/Verifier instances for the first two circuits - TupleOfInstances instances; - construct_prover_and_verifier_instance(instances, builder1, trace_structure); - construct_prover_and_verifier_instance(instances, builder2, trace_structure); + // Construct the decider key pairs for the first two circuits + TupleOfKeys keys_1; + construct_keys(keys_1, builder1, trace_structure); + construct_keys(keys_1, builder2, trace_structure); - // Fold the first two instances - auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(instances), get<1>(instances)); + // Fold the first two pairs + auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(keys_1), get<1>(keys_1)); check_accumulator_target_sum_manual(prover_accumulator, true); - // Construct the Prover/Verifier instance for the third circuit - TupleOfInstances instances_2; - construct_prover_and_verifier_instance(instances_2, builder3, trace_structure); + // Construct the decider key pair for the third circuit + TupleOfKeys keys_2; + construct_keys(keys_2, builder3, trace_structure); - // Fold 3rd instance into accumulator - auto [prover_accumulator_2, verifier_accumulator_2] = fold_and_verify( - { prover_accumulator, get<0>(instances_2)[0] }, { verifier_accumulator, get<1>(instances_2)[0] }); + // Fold 3rd pair of keys into their respective accumulators + auto [prover_accumulator_2, verifier_accumulator_2] = + fold_and_verify({ prover_accumulator, get<0>(keys_2)[0] }, { verifier_accumulator, get<1>(keys_2)[0] }); check_accumulator_target_sum_manual(prover_accumulator_2, true); info(prover_accumulator_2->proving_key.circuit_size); @@ -508,14 +506,14 @@ template class ProtogalaxyTests : public testing::Test { */ static void test_tampered_commitment() { - TupleOfInstances insts = construct_instances(2); + TupleOfKeys insts = construct_keys(2); auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(insts), get<1>(insts)); check_accumulator_target_sum_manual(prover_accumulator, true); // Tamper with a commitment verifier_accumulator->witness_commitments.w_l = Projective(Affine::random_element()); - TupleOfInstances insts_2 = construct_instances(1); // just one set of prover/verifier instances + TupleOfKeys insts_2 = construct_keys(1); // just one decider key pair auto [prover_accumulator_2, verifier_accumulator_2] = fold_and_verify({ prover_accumulator, get<0>(insts_2)[0] }, { verifier_accumulator, get<1>(insts_2)[0] }); check_accumulator_target_sum_manual(prover_accumulator_2, true); @@ -530,7 +528,7 @@ template class ProtogalaxyTests : public testing::Test { */ static void test_tampered_accumulator_polynomial() { - TupleOfInstances insts = construct_instances(2); + TupleOfKeys insts = construct_keys(2); auto [prover_accumulator, verifier_accumulator] = fold_and_verify(get<0>(insts), get<1>(insts)); check_accumulator_target_sum_manual(prover_accumulator, true); @@ -538,7 +536,7 @@ template class ProtogalaxyTests : public testing::Test { prover_accumulator->proving_key.polynomials.w_l[1] = FF::random_element(); check_accumulator_target_sum_manual(prover_accumulator, false); - TupleOfInstances insts_2 = construct_instances(1); // just one set of prover/verifier instances + TupleOfKeys insts_2 = construct_keys(1); // just one decider key pair auto [prover_accumulator_2, verifier_accumulator_2] = fold_and_verify({ prover_accumulator, get<0>(insts_2)[0] }, { verifier_accumulator, get<1>(insts_2)[0] }); @@ -546,13 +544,13 @@ template class ProtogalaxyTests : public testing::Test { decide_and_verify(prover_accumulator_2, verifier_accumulator_2, false); } - template static void test_fold_k_instances() + template static void test_fold_k_key_pairs() { constexpr size_t total_insts = k + 1; - TupleOfInstances insts = construct_instances(total_insts); + TupleOfKeys insts = construct_keys(total_insts); - ProtogalaxyProver_> folding_prover(get<0>(insts)); - ProtogalaxyVerifier_> folding_verifier(get<1>(insts)); + ProtogalaxyProver_> folding_prover(get<0>(insts)); + ProtogalaxyVerifier_> folding_verifier(get<1>(insts)); auto [prover_accumulator, folding_proof] = folding_prover.prove(); auto verifier_accumulator = folding_verifier.verify_folding_proof(folding_proof); @@ -630,8 +628,9 @@ TYPED_TEST(ProtogalaxyTests, BadLookupFailure) TestFixture::test_protogalaxy_bad_lookup_failure(); } -// We only fold one instance currently due to significant compile time added by multiple instances -TYPED_TEST(ProtogalaxyTests, Fold1Instance) +// We only fold one incoming decider key pair since this is all we plan to use, and compiling for higher values of k is +// a significant compilation time cost. +TYPED_TEST(ProtogalaxyTests, Fold1) { - TestFixture::template test_fold_k_instances<1>(); + TestFixture::template test_fold_k_key_pairs<1>(); } \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp index 0f9b09079ff..a917c6990ce 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp @@ -4,68 +4,66 @@ namespace bb { -template class ProtogalaxyProver_ { +template class ProtogalaxyProver_ { public: - using ProverInstance = typename ProverInstances_::Instance; - using Flavor = typename ProverInstances_::Flavor; - using FF = typename ProverInstances_::Flavor::FF; - static constexpr size_t NUM_INSTANCES = ProverInstances_::NUM; - using CombinerQuotient = Univariate; + using DeciderProvingKey = typename DeciderProvingKeys_::DeciderPK; + using Flavor = typename DeciderProvingKeys_::Flavor; + using FF = typename DeciderProvingKeys_::Flavor::FF; + static constexpr size_t NUM_KEYS = DeciderProvingKeys_::NUM; + using CombinerQuotient = Univariate; using TupleOfTuplesOfUnivariatesNoOptimisticSkipping = - typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping; - using TupleOfTuplesOfUnivariates = typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates; + typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping; + using TupleOfTuplesOfUnivariates = typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates; using UnivariateRelationParameters = - bb::RelationParameters>; + bb::RelationParameters>; using UnivariateRelationSeparator = - std::array, Flavor::NUM_SUBRELATIONS - 1>; + std::array, Flavor::NUM_SUBRELATIONS - 1>; - struct State { - std::shared_ptr accumulator; - Polynomial perturbator; - std::vector deltas; - CombinerQuotient combiner_quotient; - FF perturbator_evaluation; - UnivariateRelationParameters relation_parameters; - UnivariateRelationSeparator alphas; - }; using Transcript = typename Flavor::Transcript; - using Instance = typename ProverInstances_::Instance; + using DeciderPK = typename DeciderProvingKeys_::DeciderPK; using CommitmentKey = typename Flavor::CommitmentKey; - using ProverInstances = ProverInstances_; + using DeciderProvingKeys = DeciderProvingKeys_; - static constexpr size_t NUM_SUBRELATIONS = ProverInstances_::NUM_SUBRELATIONS; + static constexpr size_t NUM_SUBRELATIONS = DeciderProvingKeys_::NUM_SUBRELATIONS; - ProverInstances_ instances; - std::shared_ptr transcript = std::make_shared(); + DeciderProvingKeys_ keys_to_fold; std::shared_ptr commitment_key; - State state; + + // the state updated and carried forward beween rounds + std::shared_ptr transcript = std::make_shared(); + std::shared_ptr accumulator; + Polynomial perturbator; + std::vector deltas; + CombinerQuotient combiner_quotient; + FF perturbator_evaluation; + UnivariateRelationParameters relation_parameters; + UnivariateRelationSeparator alphas; ProtogalaxyProver_() = default; - ProtogalaxyProver_(const std::vector>& insts) - : instances(ProverInstances_(insts)) + ProtogalaxyProver_(const std::vector>& keys) + : keys_to_fold(DeciderProvingKeys_(keys)) // TODO(https://github.com/AztecProtocol/barretenberg/issues/878) - , commitment_key(instances[1]->proving_key.commitment_key){}; + , commitment_key(keys_to_fold[1]->proving_key.commitment_key){}; - // Returns the accumulator, which is the first element in ProverInstances. The accumulator is assumed to have the + // Returns the accumulator, which is the first element in DeciderProvingKeys. The accumulator is assumed to have the // FoldingParameters set and be the result of a previous round of folding. - std::shared_ptr get_accumulator() { return instances[0]; } + std::shared_ptr get_accumulator() { return keys_to_fold[0]; } /** - * @brief For each instance produced by a circuit, prior to folding, we need to complete the computation of its - * prover polynomials, commit to witnesses and generate the relation parameters as well as send the public data ϕ of - * an instance to the verifier. + * @brief For each key produced by a circuit, prior to folding, we need to complete the computation of its + * prover polynomials; commit to witnesses and generate the relation parameters; and send the public data ϕ of + * the key to the verifier. * - * @param domain_separator separates the same type of data coming from difference instances by instance - * index + * @param domain_separator a label used for tracking data in the transcript */ - void run_oink_prover_on_instance(std::shared_ptr, const std::string& domain_separator); + void run_oink_prover_on_one_incomplete_key(std::shared_ptr, const std::string& domain_separator); /** * @brief Create inputs to folding protocol (an Oink interaction). - * @details Finalise the prover instances that will be folded: complete computation of all the witness polynomials + * @details Complete the decider pks that will be folded: complete computation of all the witness polynomials * and compute commitments. Send commitments to the verifier and retrieve challenges. */ - void run_oink_prover_on_each_instance(); + void run_oink_prover_on_each_incomplete_key(); /** * @brief Steps 2 - 5 of the paper. @@ -74,7 +72,7 @@ template class ProtogalaxyProver_ { * @param accumulator * @return std::tuple, Polynomial> deltas, perturbator */ - std::tuple, Polynomial> perturbator_round(const std::shared_ptr& accumulator); + std::tuple, Polynomial> perturbator_round(const std::shared_ptr& accumulator); /** * @brief Steps 6 - 11 of the paper. @@ -84,16 +82,16 @@ template class ProtogalaxyProver_ { std::tuple, UnivariateRelationSeparator, UnivariateRelationParameters, FF, CombinerQuotient> combiner_quotient_round(const std::vector& gate_challenges, const std::vector& deltas, - const ProverInstances_& instances); + const DeciderProvingKeys_& keys); /** * @brief Steps 12 - 13 of the paper plus the prover folding work. * @details Compute \f$ e^* \f$ plus, then update the prover accumulator by taking a Lagrange-linear combination of - * the current accumulator and the instances to be folded. In our mental model, we are doing a scalar multipliation - * of matrices whose columns are polynomials, as well as taking similar linear combinations of the relation - * parameters. + * the current accumulator and the decider keys to be folded. In our mental model, we are doing a scalar + * multiplication of matrices whose columns are polynomials, as well as taking similar linear combinations of the + * relation parameters. */ - FoldingResult update_target_sum_and_fold(const ProverInstances_& instances, + FoldingResult update_target_sum_and_fold(const DeciderProvingKeys_& keys, const CombinerQuotient& combiner_quotient, const UnivariateRelationSeparator& alphas, const UnivariateRelationParameters& univariate_relation_parameters, diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp index 9f9d7b59a8e..37365af0156 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp @@ -7,51 +7,52 @@ #include "protogalaxy_prover.hpp" namespace bb { -template -void ProtogalaxyProver_::run_oink_prover_on_instance(std::shared_ptr instance, - const std::string& domain_separator) +template +void ProtogalaxyProver_::run_oink_prover_on_one_incomplete_key(std::shared_ptr keys, + const std::string& domain_separator) { - ZoneScopedN("ProtogalaxyProver::run_oink_prover_on_instance"); - OinkProver oink_prover(instance, transcript, domain_separator + '_'); + ZoneScopedN("ProtogalaxyProver::run_oink_prover_on_one_incomplete_key"); + OinkProver oink_prover(keys, transcript, domain_separator + '_'); oink_prover.prove(); } -template void ProtogalaxyProver_::run_oink_prover_on_each_instance() +template +void ProtogalaxyProver_::run_oink_prover_on_each_incomplete_key() { - BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::run_oink_prover_on_each_instance"); - auto idx = 0; - auto& instance = instances[0]; + BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::run_oink_prover_on_each_incomplete_key"); + size_t idx = 0; + auto& key = keys_to_fold[0]; auto domain_separator = std::to_string(idx); - if (!instance->is_accumulator) { - run_oink_prover_on_instance(instance, domain_separator); - instance->target_sum = 0; - instance->gate_challenges = std::vector(instance->proving_key.log_circuit_size, 0); + if (!key->is_accumulator) { + run_oink_prover_on_one_incomplete_key(key, domain_separator); + key->target_sum = 0; + key->gate_challenges = std::vector(key->proving_key.log_circuit_size, 0); } idx++; - for (auto it = instances.begin() + 1; it != instances.end(); it++, idx++) { - auto instance = *it; + for (auto it = keys_to_fold.begin() + 1; it != keys_to_fold.end(); it++, idx++) { + auto key = *it; auto domain_separator = std::to_string(idx); - run_oink_prover_on_instance(instance, domain_separator); + run_oink_prover_on_one_incomplete_key(key, domain_separator); } - state.accumulator = instances[0]; + accumulator = keys_to_fold[0]; }; -template -std::tuple, Polynomial> -ProtogalaxyProver_::perturbator_round( - const std::shared_ptr& accumulator) +template +std::tuple, Polynomial> +ProtogalaxyProver_::perturbator_round( + const std::shared_ptr& accumulator) { BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::perturbator_round"); - using Fun = ProtogalaxyProverInternal; + using Fun = ProtogalaxyProverInternal; const FF delta = transcript->template get_challenge("delta"); const std::vector deltas = compute_round_challenge_pows(accumulator->proving_key.log_circuit_size, delta); - // An honest prover with valid initial instances computes that the perturbator is 0 in the first round + // An honest prover with valid initial key computes that the perturbator is 0 in the first round const Polynomial perturbator = accumulator->is_accumulator ? Fun::compute_perturbator(accumulator, deltas) : Polynomial(accumulator->proving_key.log_circuit_size + 1); @@ -68,37 +69,36 @@ ProtogalaxyProver_::perturbator_round( return std::make_tuple(deltas, perturbator); }; -template -std::tuple, - typename ProtogalaxyProver_::UnivariateRelationSeparator, - typename ProtogalaxyProver_::UnivariateRelationParameters, - typename ProverInstances::Flavor::FF, - typename ProtogalaxyProver_::CombinerQuotient> -ProtogalaxyProver_::combiner_quotient_round(const std::vector& gate_challenges, - const std::vector& deltas, - const ProverInstances& instances) +template +std::tuple, + typename ProtogalaxyProver_::UnivariateRelationSeparator, + typename ProtogalaxyProver_::UnivariateRelationParameters, + typename DeciderProvingKeys::Flavor::FF, + typename ProtogalaxyProver_::CombinerQuotient> +ProtogalaxyProver_::combiner_quotient_round(const std::vector& gate_challenges, + const std::vector& deltas, + const DeciderProvingKeys& keys) { BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::combiner_quotient_round"); - using Fun = ProtogalaxyProverInternal; + using Fun = ProtogalaxyProverInternal; const FF perturbator_challenge = transcript->template get_challenge("perturbator_challenge"); const std::vector updated_gate_challenges = update_gate_challenges(perturbator_challenge, gate_challenges, deltas); - const UnivariateRelationSeparator alphas = Fun::compute_and_extend_alphas(instances); - const GateSeparatorPolynomial gate_separators{ updated_gate_challenges, - instances[0]->proving_key.log_circuit_size }; + const UnivariateRelationSeparator alphas = Fun::compute_and_extend_alphas(keys); + const GateSeparatorPolynomial gate_separators{ updated_gate_challenges, keys[0]->proving_key.log_circuit_size }; const UnivariateRelationParameters relation_parameters = - Fun::template compute_extended_relation_parameters(instances); + Fun::template compute_extended_relation_parameters(keys); TupleOfTuplesOfUnivariates accumulators; - auto combiner = Fun::compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators); + auto combiner = Fun::compute_combiner(keys, gate_separators, relation_parameters, alphas, accumulators); - const FF perturbator_evaluation = state.perturbator.evaluate(perturbator_challenge); + const FF perturbator_evaluation = perturbator.evaluate(perturbator_challenge); const CombinerQuotient combiner_quotient = Fun::compute_combiner_quotient(perturbator_evaluation, combiner); - for (size_t idx = ProverInstances::NUM; idx < ProverInstances::BATCHED_EXTENDED_LENGTH; idx++) { + for (size_t idx = DeciderProvingKeys::NUM; idx < DeciderProvingKeys::BATCHED_EXTENDED_LENGTH; idx++) { transcript->send_to_verifier("combiner_quotient_" + std::to_string(idx), combiner_quotient.value_at(idx)); } @@ -109,22 +109,22 @@ ProtogalaxyProver_::combiner_quotient_round(const std::vector -FoldingResult ProtogalaxyProver_::update_target_sum_and_fold( - const ProverInstances& instances, +template +FoldingResult ProtogalaxyProver_::update_target_sum_and_fold( + const DeciderProvingKeys& keys, const CombinerQuotient& combiner_quotient, const UnivariateRelationSeparator& alphas, const UnivariateRelationParameters& univariate_relation_parameters, const FF& perturbator_evaluation) { BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::update_target_sum_and_fold"); - using Fun = ProtogalaxyProverInternal; + using Fun = ProtogalaxyProverInternal; const FF combiner_challenge = transcript->template get_challenge("combiner_quotient_challenge"); - FoldingResult result{ .accumulator = instances[0], .proof = std::move(transcript->proof_data) }; + FoldingResult result{ .accumulator = keys[0], .proof = std::move(transcript->proof_data) }; // TODO(https://github.com/AztecProtocol/barretenberg/issues/881): bad pattern result.accumulator->is_accumulator = true; @@ -139,17 +139,17 @@ FoldingResult ProtogalaxyProver_proving_key.polynomials.get_unshifted()) { poly *= lagranges[0]; } - for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) { - for (auto [acc_poly, inst_poly] : zip_view(result.accumulator->proving_key.polynomials.get_unshifted(), - instances[inst_idx]->proving_key.polynomials.get_unshifted())) { - acc_poly.add_scaled(inst_poly, lagranges[inst_idx]); + for (size_t key_idx = 1; key_idx < DeciderProvingKeys::NUM; key_idx++) { + for (auto [acc_poly, key_poly] : zip_view(result.accumulator->proving_key.polynomials.get_unshifted(), + keys[key_idx]->proving_key.polynomials.get_unshifted())) { + acc_poly.add_scaled(key_poly, lagranges[key_idx]); } } // Evaluate the combined batching α_i univariate at challenge to obtain next α_i and send it to the // verifier, where i ∈ {0,...,NUM_SUBRELATIONS - 1} - for (auto [folded_alpha, inst_alpha] : zip_view(result.accumulator->alphas, alphas)) { - folded_alpha = inst_alpha.evaluate(combiner_challenge); + for (auto [folded_alpha, key_alpha] : zip_view(result.accumulator->alphas, alphas)) { + folded_alpha = key_alpha.evaluate(combiner_challenge); } // Evaluate each relation parameter univariate at challenge to obtain the folded relation parameters. @@ -161,33 +161,29 @@ FoldingResult ProtogalaxyProver_ -FoldingResult ProtogalaxyProver_::prove() +template +FoldingResult ProtogalaxyProver_::prove() { ZoneScopedN("ProtogalaxyProver::prove"); BB_OP_COUNT_TIME_NAME("ProtogalaxyProver::prove"); - // Ensure instances are all of the same size - for (size_t idx = 0; idx < ProverInstances::NUM - 1; ++idx) { - if (instances[idx]->proving_key.circuit_size != instances[idx + 1]->proving_key.circuit_size) { + // Ensure keys are all of the same size + for (size_t idx = 0; idx < DeciderProvingKeys::NUM - 1; ++idx) { + if (keys_to_fold[idx]->proving_key.circuit_size != keys_to_fold[idx + 1]->proving_key.circuit_size) { info("ProtogalaxyProver: circuit size mismatch!"); - info("Instance ", idx, " size = ", instances[idx]->proving_key.circuit_size); - info("Instance ", idx + 1, " size = ", instances[idx + 1]->proving_key.circuit_size); + info("DeciderPK ", idx, " size = ", keys_to_fold[idx]->proving_key.circuit_size); + info("DeciderPK ", idx + 1, " size = ", keys_to_fold[idx + 1]->proving_key.circuit_size); ASSERT(false); } } - run_oink_prover_on_each_instance(); + run_oink_prover_on_each_incomplete_key(); - std::tie(state.deltas, state.perturbator) = perturbator_round(state.accumulator); + std::tie(deltas, perturbator) = perturbator_round(accumulator); - std::tie(state.accumulator->gate_challenges, - state.alphas, - state.relation_parameters, - state.perturbator_evaluation, - state.combiner_quotient) = - combiner_quotient_round(state.accumulator->gate_challenges, state.deltas, instances); + std::tie(accumulator->gate_challenges, alphas, relation_parameters, perturbator_evaluation, combiner_quotient) = + combiner_quotient_round(accumulator->gate_challenges, deltas, keys_to_fold); const FoldingResult result = update_target_sum_and_fold( - instances, state.combiner_quotient, state.alphas, state.relation_parameters, state.perturbator_evaluation); + keys_to_fold, combiner_quotient, alphas, relation_parameters, perturbator_evaluation); return result; } diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp index 8767b4e076b..c1013cd3335 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp @@ -13,47 +13,46 @@ namespace bb { /** * @brief A purely static class (never add state to this!) consisting of functions used by the Protogalaxy prover. * - * @tparam ProverInstances_ + * @tparam DeciderProvingKeys_ */ -template class ProtogalaxyProverInternal { +template class ProtogalaxyProverInternal { public: - using ProverInstances = ProverInstances_; - using Flavor = typename ProverInstances::Flavor; + using DeciderPKs = DeciderProvingKeys_; + using Flavor = typename DeciderPKs::Flavor; using FF = typename Flavor::FF; - using Instance = typename ProverInstances::Instance; + using DeciderPK = typename DeciderPKs::DeciderPK; using RelationUtils = bb::RelationUtils; using ProverPolynomials = typename Flavor::ProverPolynomials; using Relations = typename Flavor::Relations; using RelationSeparator = typename Flavor::RelationSeparator; - static constexpr size_t NUM_INSTANCES = ProverInstances_::NUM; + static constexpr size_t NUM_KEYS = DeciderProvingKeys_::NUM; using UnivariateRelationParametersNoOptimisticSkipping = - bb::RelationParameters>; + bb::RelationParameters>; using UnivariateRelationParameters = - bb::RelationParameters>; + bb::RelationParameters>; using UnivariateRelationSeparator = - std::array, Flavor::NUM_SUBRELATIONS - 1>; + std::array, Flavor::NUM_SUBRELATIONS - 1>; // The length of ExtendedUnivariate is the largest length (==max_relation_degree + 1) of a univariate polynomial - // obtained by composing a relation with folded instance + relation parameters . - using ExtendedUnivariate = Univariate; + // obtained by composing a relation with Lagrange polynomial-linear combination of NUM-many decider pks, with + // relation parameters regarded as variables. + using ExtendedUnivariate = Univariate; // Represents the total length of the combiner univariate, obtained by combining the already folded relations with // the folded relation batching challenge. using ExtendedUnivariateWithRandomization = - Univariate; + Univariate; using ExtendedUnivariatesNoOptimisticSkipping = typename Flavor::template ProverUnivariates; using ExtendedUnivariates = typename Flavor::template ProverUnivariatesWithOptimisticSkipping; + /* SKIP_COUNT= */ DeciderPKs::NUM - 1>; using TupleOfTuplesOfUnivariatesNoOptimisticSkipping = - typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping; - using TupleOfTuplesOfUnivariates = - typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates; + typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping; + using TupleOfTuplesOfUnivariates = typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates; using RelationEvaluations = typename Flavor::TupleOfArraysOfValues; - static constexpr size_t NUM_SUBRELATIONS = ProverInstances::NUM_SUBRELATIONS; + static constexpr size_t NUM_SUBRELATIONS = DeciderPKs::NUM_SUBRELATIONS; /** * @brief Compute the values of the aggregated relation evaluations at each row in the execution trace, representing @@ -61,25 +60,25 @@ template class ProtogalaxyProverInternal { * challenges that help establishing each subrelation is independently valid in Honk - from the Plonk paper, DO NOT * confuse with α in Protogalaxy). * - * @details When folding Mega instances, one of the relations is linearly dependent. We define such relations - * as acting on the entire execution trace and hence requiring to be accumulated separately as we iterate over each - * row. At the end of the function, the linearly dependent contribution is accumulated at index 0 representing the - * sum f_0(ω) + α_j*g(ω) where f_0 represents the full honk evaluation at row 0, g(ω) is the linearly dependent - * subrelation and α_j is its corresponding batching challenge. + * @details When folding Mega decider proving keys, one of the relations is linearly dependent. We define such + * relations as acting on the entire execution trace and hence requiring to be accumulated separately as we iterate + * over each row. At the end of the function, the linearly dependent contribution is accumulated at index 0 + * representing the sum f_0(ω) + α_j*g(ω) where f_0 represents the full honk evaluation at row 0, g(ω) is the + * linearly dependent subrelation and α_j is its corresponding batching challenge. */ - static std::vector compute_row_evaluations(const ProverPolynomials& instance_polynomials, + static std::vector compute_row_evaluations(const ProverPolynomials& polynomials, const RelationSeparator& alpha, const RelationParameters& relation_parameters) { BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::compute_row_evaluations"); - auto instance_size = instance_polynomials.get_polynomial_size(); - std::vector full_honk_evaluations(instance_size); + const size_t polynomial_size = polynomials.get_polynomial_size(); + std::vector full_honk_evaluations(polynomial_size); const std::vector linearly_dependent_contribution_accumulators = parallel_for_heuristic( - instance_size, + polynomial_size, /*accumulator default*/ FF(0), [&](size_t row, FF& linearly_dependent_contribution_accumulator) { - auto row_evaluations = instance_polynomials.get_row(row); + auto row_evaluations = polynomials.get_row(row); RelationEvaluations relation_evaluations; RelationUtils::zero_elements(relation_evaluations); @@ -161,12 +160,9 @@ template class ProtogalaxyProverInternal { } /** - * @brief Construct the power perturbator polynomial F(X) in coefficient form from the accumulator, representing the - * relaxed instance. - * - * + * @brief Construct the power perturbator polynomial F(X) in coefficient form from the accumulator */ - static Polynomial compute_perturbator(const std::shared_ptr& accumulator, + static Polynomial compute_perturbator(const std::shared_ptr& accumulator, const std::vector& deltas) { BB_OP_COUNT_TIME(); @@ -178,11 +174,10 @@ template class ProtogalaxyProverInternal { } /** - * @brief Prepare a univariate polynomial for relation execution in one step of the main loop in folded instance - * construction. - * @details For a fixed prover polynomial index, extract that polynomial from each instance in Instances. From - *each polynomial, extract the value at row_idx. Use these values to create a univariate polynomial, and then - *extend (i.e., compute additional evaluations at adjacent domain values) as needed. + * @brief Prepare a univariate polynomial for relation execution in one step of the combiner construction. + * @details For a fixed prover polynomial index, extract that polynomial from each key in DeciderProvingKeys. From + * each polynomial, extract the value at row_idx. Use these values to create a univariate polynomial, and then + * extend (i.e., compute additional evaluations at adjacent domain values) as needed. * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/751) Optimize memory */ @@ -190,10 +185,10 @@ template class ProtogalaxyProverInternal { static void extend_univariates( std::conditional_t& extended_univariates, - const ProverInstances& instances, + const DeciderPKs& keys, const size_t row_idx) { - const auto base_univariates = instances.template row_to_univariates(row_idx); + const auto base_univariates = keys.template row_to_univariates(row_idx); for (auto [extended_univariate, base_univariate] : zip_view(extended_univariates.get_all(), base_univariates)) { extended_univariate = base_univariate.template extend_to(); } @@ -257,12 +252,12 @@ template class ProtogalaxyProverInternal { * @todo (https://github.com/AztecProtocol/barretenberg/issues/968) Make combiner tests better * * @tparam skip_zero_computations whether to use the the optimization that skips computing zero. - * @param instances + * @param * @param gate_separators * @return ExtendedUnivariateWithRandomization */ template - static ExtendedUnivariateWithRandomization compute_combiner(const ProverInstances& instances, + static ExtendedUnivariateWithRandomization compute_combiner(const DeciderPKs& keys, const GateSeparatorPolynomial& gate_separators, const Parameters& relation_parameters, const UnivariateRelationSeparator& alphas, @@ -273,7 +268,7 @@ template class ProtogalaxyProverInternal { // Whether to use univariates whose operators ignore some values which an honest prover would compute to be zero constexpr bool skip_zero_computations = std::same_as; - const size_t common_instance_size = instances[0]->proving_key.circuit_size; + const size_t common_polynomial_size = keys[0]->proving_key.circuit_size; // Determine number of threads for multithreading. // Note: Multithreading is "on" for every round but we reduce the number of threads from the max available based // on a specified minimum number of iterations per thread. This eventually leads to the use of a @@ -282,10 +277,10 @@ template class ProtogalaxyProverInternal { const size_t max_num_threads = get_num_cpus_pow2(); // number of available threads (power of 2) const size_t min_iterations_per_thread = 1 << 6; // min number of iterations for which we'll spin up a unique thread - const size_t desired_num_threads = common_instance_size / min_iterations_per_thread; - size_t num_threads = std::min(desired_num_threads, max_num_threads); // fewer than max if justified - num_threads = num_threads > 0 ? num_threads : 1; // ensure num threads is >= 1 - const size_t iterations_per_thread = common_instance_size / num_threads; // actual iterations per thread + const size_t desired_num_threads = common_polynomial_size / min_iterations_per_thread; + size_t num_threads = std::min(desired_num_threads, max_num_threads); // fewer than max if justified + num_threads = num_threads > 0 ? num_threads : 1; // ensure num threads is >= 1 + const size_t iterations_per_thread = common_polynomial_size / num_threads; // actual iterations per thread // Univariates are optimised for usual PG, but we need the unoptimised version for tests (it's a version that // doesn't skip computation), so we need to define types depending on the template instantiation @@ -313,8 +308,8 @@ template class ProtogalaxyProverInternal { // Instantiate univariates, possibly with skipping toto ignore computation in those indices (they are // still available for skipping relations, but all derived univariate will ignore those evaluations) // No need to initialise extended_univariates to 0, as it's assigned to. - constexpr size_t skip_count = skip_zero_computations ? ProverInstances::NUM - 1 : 0; - extend_univariates(extended_univariates[thread_idx], instances, idx); + constexpr size_t skip_count = skip_zero_computations ? DeciderPKs::NUM - 1 : 0; + extend_univariates(extended_univariates[thread_idx], keys, idx); const FF pow_challenge = gate_separators[idx]; @@ -345,22 +340,22 @@ template class ProtogalaxyProverInternal { * @details This is only used for testing the combiner calculation. */ static ExtendedUnivariateWithRandomization compute_combiner_no_optimistic_skipping( - const ProverInstances& instances, + const DeciderPKs& keys, const GateSeparatorPolynomial& gate_separators, const UnivariateRelationParametersNoOptimisticSkipping& relation_parameters, const UnivariateRelationSeparator& alphas) { TupleOfTuplesOfUnivariatesNoOptimisticSkipping accumulators; - return compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators); + return compute_combiner(keys, gate_separators, relation_parameters, alphas, accumulators); } - static ExtendedUnivariateWithRandomization compute_combiner(const ProverInstances& instances, + static ExtendedUnivariateWithRandomization compute_combiner(const DeciderPKs& keys, const GateSeparatorPolynomial& gate_separators, const UnivariateRelationParameters& relation_parameters, const UnivariateRelationSeparator& alphas) { TupleOfTuplesOfUnivariates accumulators; - return compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators); + return compute_combiner(keys, gate_separators, relation_parameters, alphas, accumulators); } /** @@ -392,11 +387,11 @@ template class ProtogalaxyProverInternal { TupleOfTuplesOfUnivariatesNoOptimisticSkipping& univariate_accumulators, const UnivariateRelationSeparator& alpha) { - auto result = std::get<0>(std::get<0>(univariate_accumulators)) - .template extend_to(); + auto result = + std::get<0>(std::get<0>(univariate_accumulators)).template extend_to(); size_t idx = 0; const auto scale_and_sum = [&](auto& element) { - auto extended = element.template extend_to(); + auto extended = element.template extend_to(); extended *= alpha[idx]; result += extended; idx++; @@ -408,22 +403,22 @@ template class ProtogalaxyProverInternal { return result; } - static std::pair> + static std::pair> compute_vanishing_polynomial_and_lagranges(const FF& challenge) { FF vanishing_polynomial_at_challenge; - std::array lagranges; + std::array lagranges; constexpr FF inverse_two = FF(2).invert(); - if constexpr (ProverInstances::NUM == 2) { + if constexpr (DeciderPKs::NUM == 2) { vanishing_polynomial_at_challenge = challenge * (challenge - FF(1)); lagranges = { FF(1) - challenge, challenge }; - } else if constexpr (ProverInstances::NUM == 3) { + } else if constexpr (DeciderPKs::NUM == 3) { vanishing_polynomial_at_challenge = challenge * (challenge - FF(1)) * (challenge - FF(2)); lagranges = { (FF(1) - challenge) * (FF(2) - challenge) * inverse_two, challenge * (FF(2) - challenge), challenge * (challenge - FF(1)) / FF(2) }; - } else if constexpr (ProverInstances::NUM == 4) { + } else if constexpr (DeciderPKs::NUM == 4) { constexpr FF inverse_six = FF(6).invert(); vanishing_polynomial_at_challenge = challenge * (challenge - FF(1)) * (challenge - FF(2)) * (challenge - FF(3)); @@ -432,7 +427,7 @@ template class ProtogalaxyProverInternal { challenge * (challenge - FF(1)) * (FF(3) - challenge) * inverse_two, challenge * (challenge - FF(1)) * (challenge - FF(2)) * inverse_six }; } - static_assert(ProverInstances::NUM < 5); + static_assert(DeciderPKs::NUM < 5); return { vanishing_polynomial_at_challenge, lagranges }; } @@ -444,52 +439,52 @@ template class ProtogalaxyProverInternal { * polynomials and Lagrange basis and use batch_invert. * */ - static Univariate compute_combiner_quotient( + static Univariate compute_combiner_quotient( FF perturbator_evaluation, ExtendedUnivariateWithRandomization combiner) { - std::array combiner_quotient_evals = {}; + std::array combiner_quotient_evals = {}; constexpr FF inverse_two = FF(2).invert(); constexpr FF inverse_six = FF(6).invert(); - for (size_t point = ProverInstances::NUM; point < combiner.size(); point++) { - auto idx = point - ProverInstances::NUM; + for (size_t point = DeciderPKs::NUM; point < combiner.size(); point++) { + auto idx = point - DeciderPKs::NUM; FF lagrange_0; FF vanishing_polynomial; - if constexpr (ProverInstances::NUM == 2) { + if constexpr (DeciderPKs::NUM == 2) { lagrange_0 = FF(1) - FF(point); vanishing_polynomial = FF(point) * (FF(point) - 1); - } else if constexpr (ProverInstances::NUM == 3) { + } else if constexpr (DeciderPKs::NUM == 3) { lagrange_0 = (FF(1) - FF(point)) * (FF(2) - FF(point)) * inverse_two; vanishing_polynomial = FF(point) * (FF(point) - 1) * (FF(point) - 2); - } else if constexpr (ProverInstances::NUM == 4) { + } else if constexpr (DeciderPKs::NUM == 4) { lagrange_0 = (FF(1) - FF(point)) * (FF(2) - FF(point)) * (FF(3) - FF(point)) * inverse_six; vanishing_polynomial = FF(point) * (FF(point) - 1) * (FF(point) - 2) * (FF(point) - 3); } - static_assert(ProverInstances::NUM < 5); + static_assert(DeciderPKs::NUM < 5); combiner_quotient_evals[idx] = (combiner.value_at(point) - perturbator_evaluation * lagrange_0) * vanishing_polynomial.invert(); } - return Univariate(combiner_quotient_evals); + return Univariate(combiner_quotient_evals); } /** - * @brief For each parameter, collect the value in each instance in a univariate and extend for use in the combiner - * compute. + * @brief For each parameter, collect the value in each decider pvogin key in a univariate and extend for use in the + * combiner compute. */ template - static ExtendedRelationParameters compute_extended_relation_parameters(const ProverInstances& instances) + static ExtendedRelationParameters compute_extended_relation_parameters(const DeciderPKs& keys) { using UnivariateParameter = typename ExtendedRelationParameters::DataType; ExtendedRelationParameters result; size_t param_idx = 0; for (auto& param : result.get_to_fold()) { - Univariate tmp(0); - size_t instance_idx = 0; - for (auto& instance : instances) { - tmp.value_at(instance_idx) = instance->relation_parameters.get_to_fold()[param_idx]; - instance_idx++; + Univariate tmp(0); + size_t key_idx = 0; + for (auto& key : keys) { + tmp.value_at(key_idx) = key->relation_parameters.get_to_fold()[param_idx]; + key_idx++; } param = tmp.template extend_to(); param_idx++; @@ -498,21 +493,21 @@ template class ProtogalaxyProverInternal { } /** - * @brief Combine the relation batching parameters (alphas) from each instance into a univariate, used in the - * computation of combiner. + * @brief Combine the relation batching parameters (alphas) from each decider proving key into a univariate for + * using in the combiner computation. */ - static UnivariateRelationSeparator compute_and_extend_alphas(const ProverInstances& instances) + static UnivariateRelationSeparator compute_and_extend_alphas(const DeciderPKs& keys) { UnivariateRelationSeparator result; size_t alpha_idx = 0; for (auto& alpha : result) { - Univariate tmp; - size_t instance_idx = 0; - for (auto& instance : instances) { - tmp.value_at(instance_idx) = instance->alphas[alpha_idx]; - instance_idx++; + Univariate tmp; + size_t key_idx = 0; + for (auto& key : keys) { + tmp.value_at(key_idx) = key->alphas[alpha_idx]; + key_idx++; } - alpha = tmp.template extend_to(); + alpha = tmp.template extend_to(); alpha_idx++; } return result; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp index 1f92af9dae1..b87d837a995 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp @@ -5,5 +5,5 @@ #include "protogalaxy_prover_impl.hpp" namespace bb { -template class ProtogalaxyProver_>; +template class ProtogalaxyProver_>; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp index bf6ff176912..16d6d3a6ee9 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp @@ -4,5 +4,5 @@ // TODO(https://github.com/AztecProtocol/barretenberg/issues/1076) Remove this instantiation. namespace bb { -template class ProtogalaxyProver_>; +template class ProtogalaxyProver_>; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index a774b08e58b..cf657498708 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -5,38 +5,38 @@ namespace bb { -template -void ProtogalaxyVerifier_::receive_and_finalise_instance(const std::shared_ptr& inst, - const std::string& domain_separator) +template +void ProtogalaxyVerifier_::receive_and_finalise_key(const std::shared_ptr& keys, + const std::string& domain_separator) { - OinkVerifier oink_verifier{ inst, transcript, domain_separator + '_' }; + OinkVerifier oink_verifier{ keys, transcript, domain_separator + '_' }; oink_verifier.verify(); } -template -void ProtogalaxyVerifier_::prepare_for_folding(const std::vector& fold_data) +template +void ProtogalaxyVerifier_::prepare_for_folding(const std::vector& fold_data) { transcript = std::make_shared(fold_data); - auto index = 0; - auto inst = instances[0]; + size_t index = 0; + auto key = keys_to_fold[0]; auto domain_separator = std::to_string(index); - if (!inst->is_accumulator) { - receive_and_finalise_instance(inst, domain_separator); - inst->target_sum = 0; - inst->gate_challenges = std::vector(static_cast(inst->verification_key->log_circuit_size), 0); + if (!key->is_accumulator) { + receive_and_finalise_key(key, domain_separator); + key->target_sum = 0; + key->gate_challenges = std::vector(static_cast(key->verification_key->log_circuit_size), 0); } index++; - for (auto it = instances.begin() + 1; it != instances.end(); it++, index++) { - auto inst = *it; + for (auto it = keys_to_fold.begin() + 1; it != keys_to_fold.end(); it++, index++) { + auto key = *it; auto domain_separator = std::to_string(index); - receive_and_finalise_instance(inst, domain_separator); + receive_and_finalise_key(key, domain_separator); } } -template -std::shared_ptr ProtogalaxyVerifier_::verify_folding_proof( - const std::vector& fold_data) +template +std::shared_ptr ProtogalaxyVerifier_< + DeciderVerificationKeys>::verify_folding_proof(const std::vector& fold_data) { prepare_for_folding(fold_data); @@ -59,29 +59,30 @@ std::shared_ptr ProtogalaxyVerifier_ combiner_quotient_evals; - for (size_t idx = 0; idx < VerifierInstances::BATCHED_EXTENDED_LENGTH - VerifierInstances::NUM; idx++) { + std::array + combiner_quotient_evals; + for (size_t idx = 0; idx < DeciderVerificationKeys::BATCHED_EXTENDED_LENGTH - DeciderVerificationKeys::NUM; idx++) { combiner_quotient_evals[idx] = transcript->template receive_from_prover( - "combiner_quotient_" + std::to_string(idx + VerifierInstances::NUM)); + "combiner_quotient_" + std::to_string(idx + DeciderVerificationKeys::NUM)); } - Univariate combiner_quotient( + Univariate combiner_quotient( combiner_quotient_evals); FF combiner_challenge = transcript->template get_challenge("combiner_quotient_challenge"); auto combiner_quotient_at_challenge = combiner_quotient.evaluate(combiner_challenge); constexpr FF inverse_two = FF(2).invert(); FF vanishing_polynomial_at_challenge; - std::array lagranges; - if constexpr (VerifierInstances::NUM == 2) { + std::array lagranges; + if constexpr (DeciderVerificationKeys::NUM == 2) { vanishing_polynomial_at_challenge = combiner_challenge * (combiner_challenge - FF(1)); lagranges = { FF(1) - combiner_challenge, combiner_challenge }; - } else if constexpr (VerifierInstances::NUM == 3) { + } else if constexpr (DeciderVerificationKeys::NUM == 3) { vanishing_polynomial_at_challenge = combiner_challenge * (combiner_challenge - FF(1)) * (combiner_challenge - FF(2)); lagranges = { (FF(1) - combiner_challenge) * (FF(2) - combiner_challenge) * inverse_two, combiner_challenge * (FF(2) - combiner_challenge), combiner_challenge * (combiner_challenge - FF(1)) * inverse_two }; - } else if constexpr (VerifierInstances::NUM == 4) { + } else if constexpr (DeciderVerificationKeys::NUM == 4) { constexpr FF inverse_six = FF(6).invert(); vanishing_polynomial_at_challenge = combiner_challenge * (combiner_challenge - FF(1)) * (combiner_challenge - FF(2)) * (combiner_challenge - FF(3)); @@ -91,10 +92,10 @@ std::shared_ptr ProtogalaxyVerifier_(accumulator->verification_key); + auto next_accumulator = std::make_shared(accumulator->verification_key); next_accumulator->verification_key = std::make_shared( accumulator->verification_key->circuit_size, accumulator->verification_key->num_public_inputs); next_accumulator->verification_key->pcs_verification_key = accumulator->verification_key->pcs_verification_key; @@ -109,15 +110,15 @@ std::shared_ptr ProtogalaxyVerifier_verification_key->databus_propagation_data; } - size_t vk_idx = 0; + size_t commitment_idx = 0; for (auto& expected_vk : next_accumulator->verification_key->get_all()) { - size_t inst = 0; + size_t vk_idx = 0; expected_vk = Commitment::infinity(); - for (auto& instance : instances) { - expected_vk = expected_vk + instance->verification_key->get_all()[vk_idx] * lagranges[inst]; - inst++; + for (auto& key : keys_to_fold) { + expected_vk = expected_vk + key->verification_key->get_all()[commitment_idx] * lagranges[vk_idx]; + vk_idx++; } - vk_idx++; + commitment_idx++; } next_accumulator->verification_key->num_public_inputs = accumulator->verification_key->num_public_inputs; next_accumulator->public_inputs = @@ -133,45 +134,44 @@ std::shared_ptr ProtogalaxyVerifier_witness_commitments; - size_t comm_idx = 0; + commitment_idx = 0; for (auto& comm : acc_witness_commitments.get_all()) { comm = Commitment::infinity(); - size_t inst = 0; - for (auto& instance : instances) { - comm = comm + instance->witness_commitments.get_all()[comm_idx] * lagranges[inst]; - inst++; + size_t vk_idx = 0; + for (auto& key : keys_to_fold) { + comm = comm + key->witness_commitments.get_all()[commitment_idx] * lagranges[vk_idx]; + vk_idx++; } - comm_idx++; + commitment_idx++; } size_t alpha_idx = 0; for (auto& alpha : next_accumulator->alphas) { alpha = FF(0); - size_t instance_idx = 0; - for (auto& instance : instances) { - alpha += instance->alphas[alpha_idx] * lagranges[instance_idx]; - instance_idx++; + size_t vk_idx = 0; + for (auto& key : keys_to_fold) { + alpha += key->alphas[alpha_idx] * lagranges[vk_idx]; + vk_idx++; } alpha_idx++; } auto& expected_parameters = next_accumulator->relation_parameters; - for (size_t inst_idx = 0; inst_idx < VerifierInstances::NUM; inst_idx++) { - auto instance = instances[inst_idx]; - expected_parameters.eta += instance->relation_parameters.eta * lagranges[inst_idx]; - expected_parameters.eta_two += instance->relation_parameters.eta_two * lagranges[inst_idx]; - expected_parameters.eta_three += instance->relation_parameters.eta_three * lagranges[inst_idx]; - expected_parameters.beta += instance->relation_parameters.beta * lagranges[inst_idx]; - expected_parameters.gamma += instance->relation_parameters.gamma * lagranges[inst_idx]; - expected_parameters.public_input_delta += - instance->relation_parameters.public_input_delta * lagranges[inst_idx]; + for (size_t vk_idx = 0; vk_idx < DeciderVerificationKeys::NUM; vk_idx++) { + auto& key = keys_to_fold[vk_idx]; + expected_parameters.eta += key->relation_parameters.eta * lagranges[vk_idx]; + expected_parameters.eta_two += key->relation_parameters.eta_two * lagranges[vk_idx]; + expected_parameters.eta_three += key->relation_parameters.eta_three * lagranges[vk_idx]; + expected_parameters.beta += key->relation_parameters.beta * lagranges[vk_idx]; + expected_parameters.gamma += key->relation_parameters.gamma * lagranges[vk_idx]; + expected_parameters.public_input_delta += key->relation_parameters.public_input_delta * lagranges[vk_idx]; expected_parameters.lookup_grand_product_delta += - instance->relation_parameters.lookup_grand_product_delta * lagranges[inst_idx]; + key->relation_parameters.lookup_grand_product_delta * lagranges[vk_idx]; } return next_accumulator; } -template class ProtogalaxyVerifier_>; -template class ProtogalaxyVerifier_>; +template class ProtogalaxyVerifier_>; +template class ProtogalaxyVerifier_>; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp index 8c96456b1e4..62cb343940a 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp @@ -7,13 +7,13 @@ #include "barretenberg/transcript/transcript.hpp" namespace bb { -template class ProtogalaxyVerifier_ { +template class ProtogalaxyVerifier_ { public: - using Flavor = typename VerifierInstances::Flavor; + using Flavor = typename DeciderVerificationKeys::Flavor; using Transcript = typename Flavor::Transcript; using FF = typename Flavor::FF; using Commitment = typename Flavor::Commitment; - using Instance = typename VerifierInstances::Instance; + using DeciderVK = typename DeciderVerificationKeys::DeciderVK; using VerificationKey = typename Flavor::VerificationKey; using WitnessCommitments = typename Flavor::WitnessCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; @@ -21,37 +21,35 @@ template class ProtogalaxyVerifier_ { static constexpr size_t NUM_SUBRELATIONS = Flavor::NUM_SUBRELATIONS; - VerifierInstances instances; + DeciderVerificationKeys keys_to_fold; std::shared_ptr transcript = std::make_shared(); CommitmentLabels commitment_labels; - ProtogalaxyVerifier_(const std::vector>& insts) - : instances(VerifierInstances(insts)){}; + ProtogalaxyVerifier_(const std::vector>& keys) + : keys_to_fold(DeciderVerificationKeys(keys)){}; ~ProtogalaxyVerifier_() = default; - std::shared_ptr get_accumulator() { return instances[0]; } + std::shared_ptr get_accumulator() { return keys_to_fold[0]; } /** - * @brief Instatiate the instances and the transcript. + * @brief Instatiate the vks and the transcript. * * @param fold_data The data transmitted via the transcript by the prover. */ void prepare_for_folding(const std::vector&); /** - * @brief Process the public data ϕ for the Instances to be folded. - * + * @brief Process the public data ϕ for the decider verification keys to be folded. */ - void receive_and_finalise_instance(const std::shared_ptr&, const std::string&); + void receive_and_finalise_key(const std::shared_ptr&, const std::string&); /** * @brief Run the folding protocol on the verifier side to establish whether the public data ϕ of the new * accumulator, received from the prover is the same as that produced by the verifier. - * */ - std::shared_ptr verify_folding_proof(const std::vector&); + std::shared_ptr verify_folding_proof(const std::vector&); }; } // namespace bb diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp index 90059bdf1e8..e6399e54465 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp @@ -5,24 +5,20 @@ std::vector update_gate_challenges(const fr& perturbator_challenge, const std::vector& gate_challenges, const std::vector& init_challenges) { - auto log_instance_size = gate_challenges.size(); - std::vector next_gate_challenges(log_instance_size); + const size_t num_challenges = gate_challenges.size(); + std::vector next_gate_challenges(num_challenges); - for (size_t idx = 0; idx < log_instance_size; idx++) { + for (size_t idx = 0; idx < num_challenges; idx++) { next_gate_challenges[idx] = gate_challenges[idx] + perturbator_challenge * init_challenges[idx]; } return next_gate_challenges; } -/** - * @brief For a new round challenge δ at each iteration of the Protogalaxy protocol, compute the vector - * [δ, δ^2,..., δ^t] where t = logn and n is the size of the instance. - */ -std::vector compute_round_challenge_pows(const size_t log_instance_size, const fr& round_challenge) +std::vector compute_round_challenge_pows(const size_t num_powers, const fr& round_challenge) { - std::vector pows(log_instance_size); + std::vector pows(num_powers); pows[0] = round_challenge; - for (size_t i = 1; i < log_instance_size; i++) { + for (size_t i = 1; i < num_powers; i++) { pows[i] = pows[i - 1].sqr(); } return pows; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp index 412f5e44495..9739c895d1c 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp @@ -12,9 +12,9 @@ std::vector update_gate_challenges(const fr& perturbator_challenge, const std::vector& init_challenges); /** - * @brief For a new round challenge δ at each iteration of the Protogalaxy protocol, compute the vector - * [δ, δ^2,..., δ^t] where t = logn and n is the size of the instance. + * @brief Given δ, compute the vector [δ, δ^2,..., δ^num_powers]. + * @details This is Step 2 of the protocol as written in the paper. */ -std::vector compute_round_challenge_pows(const size_t log_instance_size, const fr& round_challenge); +std::vector compute_round_challenge_pows(const size_t num_powers, const fr& round_challenge); } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp b/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp index 5ca396b2d6d..0e31cfa833c 100644 --- a/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp +++ b/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp @@ -95,22 +95,22 @@ consteval std::array c /** * @brief Get the subrelation accumulators for the Protogalaxy combiner calculation. * @details A subrelation of degree D, when evaluated on polynomials of degree N, gives a polynomial of degree D - * * N. In the context of Protogalaxy, N = NUM_INSTANCES-1. Hence, given a subrelation of length x, its - * evaluation on such polynomials will have degree (x-1) * (NUM_INSTANCES-1), and the length of this evaluation + * * N. In the context of Protogalaxy, N = NUM_KEYS-1. Hence, given a subrelation of length x, its + * evaluation on such polynomials will have degree (x-1) * (NUM_KEYS-1), and the length of this evaluation * will be one greater than this. - * @tparam NUM_INSTANCES + * @tparam NUM_KEYS * @tparam NUM_SUBRELATIONS * @param SUBRELATION_PARTIAL_LENGTHS The array of subrelation lengths supplied by a relation. * @return The transformed subrelation lenths */ -template +template consteval std::array compute_composed_subrelation_partial_lengths( std::array SUBRELATION_PARTIAL_LENGTHS) { std::transform(SUBRELATION_PARTIAL_LENGTHS.begin(), SUBRELATION_PARTIAL_LENGTHS.end(), SUBRELATION_PARTIAL_LENGTHS.begin(), - [](const size_t x) { return (x - 1) * (NUM_INSTANCES - 1) + 1; }); + [](const size_t x) { return (x - 1) * (NUM_KEYS - 1) + 1; }); return SUBRELATION_PARTIAL_LENGTHS; }; @@ -177,15 +177,15 @@ template class Relation : public RelationImpl { static constexpr size_t ZK_TOTAL_RELATION_LENGTH = *std::max_element(ZK_PARTIAL_LENGTHS.begin(), ZK_PARTIAL_LENGTHS.end()); - template + template using ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping = - TupleOfUnivariates(SUBRELATION_TOTAL_LENGTHS)>; - template + TupleOfUnivariates(SUBRELATION_TOTAL_LENGTHS)>; + template using ProtogalaxyTupleOfUnivariatesOverSubrelations = TupleOfUnivariatesWithOptimisticSkipping( + compute_composed_subrelation_partial_lengths( SUBRELATION_TOTAL_LENGTHS), - NUM_INSTANCES - 1>; + NUM_KEYS - 1>; using SumcheckTupleOfUnivariatesOverSubrelations = TupleOfUnivariates; // The containter constructor for sumcheck univariates corresponding to each subrelation in ZK Flavor's relations diff --git a/barretenberg/cpp/src/barretenberg/solidity_helpers/honk_key_gen.cpp b/barretenberg/cpp/src/barretenberg/solidity_helpers/honk_key_gen.cpp index b3f24dda249..2eaf9bdc990 100644 --- a/barretenberg/cpp/src/barretenberg/solidity_helpers/honk_key_gen.cpp +++ b/barretenberg/cpp/src/barretenberg/solidity_helpers/honk_key_gen.cpp @@ -13,7 +13,7 @@ using namespace bb; -using ProverInstance = ProverInstance_; +using DeciderProvingKey = DeciderProvingKey_; using VerificationKey = UltraKeccakFlavor::VerificationKey; template