From 9cbe368f8804d7d0dc49db3d555fbe1e2d3dd016 Mon Sep 17 00:00:00 2001 From: Lucas Xia Date: Wed, 20 Mar 2024 14:23:11 -0600 Subject: [PATCH] refactor: moving public inputs back to instance (#5315) Previously I moved the verifier public inputs from the verifier instance to the verification key since I was mirroring the Prover side. However, this asymmetry is what we actually want. The verification key should store only circuit related data, and the verifier should receive the public inputs through the proof. This work moves the public inputs back to the verifier instance. OinkOutput now also contains the public inputs to enable passing them back to the instance. --- .../src/barretenberg/flavor/goblin_ultra.hpp | 15 +-------------- .../flavor/goblin_ultra_recursive.hpp | 6 ------ .../cpp/src/barretenberg/flavor/ultra.hpp | 15 +-------------- .../src/barretenberg/flavor/ultra_recursive.hpp | 6 ------ .../protogalaxy/protogalaxy_verifier.cpp | 14 +++++++------- .../verifier/protogalaxy_recursive_verifier.cpp | 15 ++++++--------- .../verifier/recursive_verifier_instance.hpp | 12 ++++++------ .../sumcheck/instance/verifier_instance.hpp | 1 + .../barretenberg/ultra_honk/oink_verifier.cpp | 17 ++++++----------- .../barretenberg/ultra_honk/oink_verifier.hpp | 2 ++ .../barretenberg/ultra_honk/ultra_verifier.cpp | 2 +- 11 files changed, 31 insertions(+), 74 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp index 39f9529314a..e4a033ece45 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra.hpp @@ -287,20 +287,7 @@ class GoblinUltraFlavor { * circuits. * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/876) */ - class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { - public: - std::vector public_inputs; - - VerificationKey(const size_t circuit_size, const size_t num_public_inputs) - : VerificationKey_(circuit_size, num_public_inputs) - {} - - template - VerificationKey(const ProvingKeyPtr& proving_key) - : VerificationKey_(proving_key) - , public_inputs(proving_key->public_inputs) - {} - }; + using VerificationKey = VerificationKey_, VerifierCommitmentKey>; /** * @brief A container for storing the partially evaluated multivariates produced by sumcheck. diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp index 16eb1b95921..21b3f80dd0e 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp @@ -100,8 +100,6 @@ template class GoblinUltraRecursiveFlavor_ { class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: - std::vector public_inputs; - VerificationKey(const size_t circuit_size, const size_t num_public_inputs) { this->circuit_size = circuit_size; @@ -122,10 +120,6 @@ template class GoblinUltraRecursiveFlavor_ { this->log_circuit_size = numeric::get_msb(this->circuit_size); this->num_public_inputs = native_key->num_public_inputs; this->pub_inputs_offset = native_key->pub_inputs_offset; - this->public_inputs = std::vector(native_key->num_public_inputs); - for (auto [public_input, native_public_input] : zip_view(this->public_inputs, native_key->public_inputs)) { - public_input = FF::from_witness(builder, native_public_input); - } this->q_m = Commitment::from_witness(builder, native_key->q_m); this->q_l = Commitment::from_witness(builder, native_key->q_l); this->q_r = Commitment::from_witness(builder, native_key->q_r); diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp index 32a3a627bea..a2323eba35f 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra.hpp @@ -290,20 +290,7 @@ class UltraFlavor { * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our * circuits. */ - class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { - public: - std::vector public_inputs; - - VerificationKey(const size_t circuit_size, const size_t num_public_inputs) - : VerificationKey_(circuit_size, num_public_inputs) - {} - - template - VerificationKey(const ProvingKeyPtr& proving_key) - : VerificationKey_(proving_key) - , public_inputs(proving_key->public_inputs) - {} - }; + using VerificationKey = VerificationKey_, VerifierCommitmentKey>; /** * @brief A field element for each entity of the flavor. These entities represent the prover polynomials diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp index 8e9a07b5a16..d1b4174252f 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp @@ -272,8 +272,6 @@ template class UltraRecursiveFlavor_ { */ class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: - std::vector public_inputs; - VerificationKey(const size_t circuit_size, const size_t num_public_inputs) { this->circuit_size = circuit_size; @@ -293,10 +291,6 @@ template class UltraRecursiveFlavor_ { this->log_circuit_size = numeric::get_msb(this->circuit_size); this->num_public_inputs = native_key->num_public_inputs; this->pub_inputs_offset = native_key->pub_inputs_offset; - this->public_inputs = std::vector(native_key->num_public_inputs); - for (auto [public_input, native_public_input] : zip_view(this->public_inputs, native_key->public_inputs)) { - public_input = FF::from_witness(builder, native_public_input); - } this->q_m = Commitment::from_witness(builder, native_key->q_m); this->q_l = Commitment::from_witness(builder, native_key->q_l); this->q_r = Commitment::from_witness(builder, native_key->q_r); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index 2f82d72cc0c..54930916236 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -9,9 +9,10 @@ void ProtoGalaxyVerifier_::receive_and_finalise_instance(cons { auto& key = inst->verification_key; OinkVerifier oink_verifier{ key, transcript, domain_separator + '_' }; - auto [relation_parameters, witness_commitments] = oink_verifier.verify(); - inst->relation_parameters = relation_parameters; - inst->witness_commitments = witness_commitments; + auto [relation_parameters, witness_commitments, public_inputs] = oink_verifier.verify(); + inst->relation_parameters = std::move(relation_parameters); + inst->witness_commitments = std::move(witness_commitments); + inst->public_inputs = std::move(public_inputs); // Get the relation separation challenges for (size_t idx = 0; idx < NUM_SUBRELATIONS - 1; idx++) { @@ -96,16 +97,15 @@ std::shared_ptr ProtoGalaxyVerifier_verification_key->num_public_inputs = accumulator->verification_key->num_public_inputs; - next_accumulator->verification_key->public_inputs = - std::vector(next_accumulator->verification_key->num_public_inputs, 0); + next_accumulator->public_inputs = std::vector(next_accumulator->verification_key->num_public_inputs, 0); size_t public_input_idx = 0; - for (auto& public_input : next_accumulator->verification_key->public_inputs) { + for (auto& public_input : next_accumulator->public_inputs) { size_t inst = 0; for (auto& instance : instances) { // TODO(https://github.com/AztecProtocol/barretenberg/issues/830) if (instance->verification_key->num_public_inputs >= next_accumulator->verification_key->num_public_inputs) { - public_input += instance->verification_key->public_inputs[public_input_idx] * lagranges[inst]; + public_input += instance->public_inputs[public_input_idx] * lagranges[inst]; inst++; } } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.cpp index b9fe586a41f..7069a0eb0cf 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/protogalaxy_recursive_verifier.cpp @@ -21,11 +21,10 @@ void ProtoGalaxyRecursiveVerifier_::receive_and_finalise_inst transcript->template receive_from_prover(domain_separator + "_pub_inputs_offset"); inst->verification_key->pub_inputs_offset = uint32_t(pub_inputs_offset.get_value()); - inst->verification_key->public_inputs.clear(); for (size_t i = 0; i < inst->verification_key->num_public_inputs; ++i) { auto public_input_i = transcript->template receive_from_prover(domain_separator + "_public_input_" + std::to_string(i)); - inst->verification_key->public_inputs.emplace_back(public_input_i); + inst->public_inputs.emplace_back(public_input_i); } // Get commitments to first three wire polynomials @@ -72,7 +71,7 @@ void ProtoGalaxyRecursiveVerifier_::receive_and_finalise_inst transcript->template receive_from_prover(domain_separator + "_" + labels.z_lookup); // Compute correction terms for grand products - const FF public_input_delta = compute_public_input_delta(inst->verification_key->public_inputs, + const FF public_input_delta = compute_public_input_delta(inst->public_inputs, beta, gamma, inst->verification_key->circuit_size, @@ -156,7 +155,7 @@ std::shared_ptr ProtoGalaxyRecursiveVerifi accumulator->verification_key->circuit_size, accumulator->verification_key->num_public_inputs); next_accumulator->verification_key->pcs_verification_key = accumulator->verification_key->pcs_verification_key; next_accumulator->verification_key->pub_inputs_offset = accumulator->verification_key->pub_inputs_offset; - next_accumulator->verification_key->public_inputs = accumulator->verification_key->public_inputs; + next_accumulator->public_inputs = accumulator->public_inputs; size_t vk_idx = 0; for (auto& expected_vk : next_accumulator->verification_key->get_all()) { size_t inst = 0; @@ -194,16 +193,14 @@ std::shared_ptr ProtoGalaxyRecursiveVerifi comm_idx++; } - next_accumulator->verification_key->num_public_inputs = accumulator->verification_key->num_public_inputs; - next_accumulator->verification_key->public_inputs = - std::vector(next_accumulator->verification_key->num_public_inputs, 0); + next_accumulator->public_inputs = std::vector(next_accumulator->verification_key->num_public_inputs, 0); size_t public_input_idx = 0; - for (auto& public_input : next_accumulator->verification_key->public_inputs) { + for (auto& public_input : next_accumulator->public_inputs) { size_t inst = 0; for (auto& instance : instances) { if (instance->verification_key->num_public_inputs >= next_accumulator->verification_key->num_public_inputs) { - public_input += instance->verification_key->public_inputs[public_input_idx] * lagranges[inst]; + public_input += instance->public_inputs[public_input_idx] * lagranges[inst]; inst++; }; } diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/recursive_verifier_instance.hpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/recursive_verifier_instance.hpp index 236719a8c4b..12a54f89169 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/recursive_verifier_instance.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/recursive_verifier_instance.hpp @@ -29,6 +29,7 @@ template class RecursiveVerifierInstance_ { RelationParameters relation_parameters; RelationSeparator alphas; bool is_accumulator = false; + std::vector public_inputs; // The folding parameters (\vec{β}, e) which are set for accumulators (i.e. relaxed instances). std::vector gate_challenges; @@ -48,13 +49,13 @@ template class RecursiveVerifierInstance_ { : verification_key(std::make_shared(instance->verification_key->circuit_size, instance->verification_key->num_public_inputs)) , is_accumulator(bool(instance->is_accumulator)) + , public_inputs(std::vector(instance->verification_key->num_public_inputs)) { verification_key->pub_inputs_offset = instance->verification_key->pub_inputs_offset; verification_key->pcs_verification_key = instance->verification_key->pcs_verification_key; - verification_key->public_inputs = std::vector(instance->verification_key->num_public_inputs); - for (auto [public_input, native_public_input] : - zip_view(verification_key->public_inputs, instance->verification_key->public_inputs)) { + + for (auto [public_input, native_public_input] : zip_view(public_inputs, instance->public_inputs)) { public_input = FF::from_witness(builder, native_public_input); } @@ -110,9 +111,8 @@ template class RecursiveVerifierInstance_ { VerifierInstance inst(inst_verification_key); inst.is_accumulator = is_accumulator; - inst.verification_key->public_inputs = std::vector(verification_key->num_public_inputs); - for (auto [public_input, inst_public_input] : - zip_view(verification_key->public_inputs, inst.verification_key->public_inputs)) { + inst.public_inputs = std::vector(verification_key->num_public_inputs); + for (auto [public_input, inst_public_input] : zip_view(public_inputs, inst.public_inputs)) { inst_public_input = public_input.get_value(); } diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp index e739a2fa08c..2b894a5b295 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp @@ -23,6 +23,7 @@ template class VerifierInstance_ { RelationParameters relation_parameters; RelationSeparator alphas; bool is_accumulator = false; + std::vector public_inputs; // The folding parameters (\vec{β}, e) which are set for accumulators (i.e. relaxed instances). std::vector gate_challenges; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index ac285ad0753..a79e610c7a7 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -17,10 +17,9 @@ template OinkOutput OinkVerifier::verify( execute_log_derivative_inverse_round(); execute_grand_product_computation_round(); - return OinkOutput{ - .relation_parameters = relation_parameters, - .commitments = witness_comms, - }; + return OinkOutput{ .relation_parameters = relation_parameters, + .commitments = witness_comms, + .public_inputs = public_inputs }; } /** @@ -40,11 +39,10 @@ template void OinkVerifier::execute_preamble_roun ASSERT(public_input_size == key->num_public_inputs); ASSERT(pub_inputs_offset == key->pub_inputs_offset); - key->public_inputs.clear(); for (size_t i = 0; i < public_input_size; ++i) { auto public_input_i = transcript->template receive_from_prover(domain_separator + "public_input_" + std::to_string(i)); - key->public_inputs.emplace_back(public_input_i); + public_inputs.emplace_back(public_input_i); } } @@ -116,11 +114,8 @@ template void OinkVerifier::execute_log_derivativ */ template void OinkVerifier::execute_grand_product_computation_round() { - const FF public_input_delta = compute_public_input_delta(key->public_inputs, - relation_parameters.beta, - relation_parameters.gamma, - key->circuit_size, - key->pub_inputs_offset); + const FF public_input_delta = compute_public_input_delta( + public_inputs, relation_parameters.beta, relation_parameters.gamma, key->circuit_size, key->pub_inputs_offset); const FF lookup_grand_product_delta = compute_lookup_grand_product_delta(relation_parameters.beta, relation_parameters.gamma, key->circuit_size); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp index 2b7a72b9175..1386c1717b5 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp @@ -11,6 +11,7 @@ namespace bb { template struct OinkOutput { bb::RelationParameters relation_parameters; typename Flavor::WitnessCommitments commitments; + std::vector public_inputs; }; /** @@ -36,6 +37,7 @@ template class OinkVerifier { typename Flavor::CommitmentLabels comm_labels; bb::RelationParameters relation_parameters; WitnessCommitments witness_comms; + std::vector public_inputs; OinkVerifier(const std::shared_ptr& verifier_key, const std::shared_ptr& transcript, diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 34b197b06b8..6b20e56daa4 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -49,7 +49,7 @@ template bool UltraVerifier_::verify_proof(const HonkP transcript = std::make_shared(proof); VerifierCommitments commitments{ key }; OinkVerifier oink_verifier{ key, transcript }; - auto [relation_parameters, witness_commitments] = oink_verifier.verify(); + auto [relation_parameters, witness_commitments, _] = oink_verifier.verify(); // Copy the witness_commitments over to the VerifierCommitments for (auto [wit_comm_1, wit_comm_2] : zip_view(commitments.get_witness(), witness_commitments.get_all())) {