diff --git a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp index 701c8e5b67d..7c35497b1f5 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp @@ -3,6 +3,7 @@ #include "barretenberg/benchmark/ultra_bench/mock_circuits.hpp" #include "barretenberg/common/op_count_google_bench.hpp" #include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp" +#include "barretenberg/ultra_honk/oink_prover.hpp" #include "barretenberg/ultra_honk/ultra_prover.hpp" using namespace benchmark; @@ -44,15 +45,16 @@ BB_PROFILE static void test_round_inner(State& state, GoblinUltraProver& prover, BB_REPORT_OP_COUNT_BENCH_CANCEL(); } }; - - time_if_index(PREAMBLE, [&] { prover.oink_prover.execute_preamble_round(); }); - time_if_index(WIRE_COMMITMENTS, [&] { prover.oink_prover.execute_wire_commitments_round(); }); - time_if_index(SORTED_LIST_ACCUMULATOR, [&] { prover.oink_prover.execute_sorted_list_accumulator_round(); }); - time_if_index(LOG_DERIVATIVE_INVERSE, [&] { prover.oink_prover.execute_log_derivative_inverse_round(); }); - time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { prover.oink_prover.execute_grand_product_computation_round(); }); - time_if_index(GENERATE_ALPHAS, [&] { prover.instance->alphas = prover.oink_prover.generate_alphas_round(); }); + OinkProver oink_prover(prover.instance->proving_key, prover.transcript); + time_if_index(PREAMBLE, [&] { oink_prover.execute_preamble_round(); }); + time_if_index(WIRE_COMMITMENTS, [&] { oink_prover.execute_wire_commitments_round(); }); + time_if_index(SORTED_LIST_ACCUMULATOR, [&] { oink_prover.execute_sorted_list_accumulator_round(); }); + time_if_index(LOG_DERIVATIVE_INVERSE, [&] { oink_prover.execute_log_derivative_inverse_round(); }); + time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { oink_prover.execute_grand_product_computation_round(); }); + time_if_index(GENERATE_ALPHAS, [&] { prover.instance->alphas = oink_prover.generate_alphas_round(); }); // we need to get the relation_parameters and prover_polynomials from the oink_prover - prover.instance->relation_parameters = prover.oink_prover.relation_parameters; + prover.instance->proving_key = std::move(oink_prover.proving_key); + prover.instance->relation_parameters = oink_prover.relation_parameters; prover.instance->prover_polynomials = GoblinUltraFlavor::ProverPolynomials(prover.instance->proving_key); time_if_index(RELATION_CHECK, [&] { prover.execute_relation_check_rounds(); }); time_if_index(ZEROMORPH, [&] { prover.execute_zeromorph_rounds(); }); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/mock_kernel_pinning.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/mock_kernel_pinning.test.cpp index ef232fcbf3f..fb10a67f9eb 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/mock_kernel_pinning.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/mock_kernel_pinning.test.cpp @@ -37,7 +37,7 @@ TEST_F(MockKernelTest, PinFoldingKernelSizes) kernel_circuit, { func_fold_proof, ivc.vks.func_vk }, {}, kernel_acc); auto kernel_fold_proof = ivc.accumulate(kernel_circuit); - EXPECT_EQ(ivc.prover_instance->proving_key->log_circuit_size, 17); + EXPECT_EQ(ivc.prover_instance->proving_key.log_circuit_size, 17); GoblinUltraCircuitBuilder circuit_3{ ivc.goblin.op_queue }; GoblinMockCircuits::construct_mock_function_circuit(circuit_3); @@ -49,5 +49,5 @@ TEST_F(MockKernelTest, PinFoldingKernelSizes) { func_fold_proof, ivc.vks.func_vk }, kernel_acc); auto instance = std::make_shared(kernel_circuit); - EXPECT_EQ(instance->proving_key->log_circuit_size, 17); + EXPECT_EQ(instance->proving_key.log_circuit_size, 17); } \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.cpp b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.cpp index 005b7d523c6..b232fa00799 100644 --- a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.cpp +++ b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.cpp @@ -6,11 +6,10 @@ namespace bb { template -void ExecutionTrace_::populate(Builder& builder, - const std::shared_ptr& proving_key) +void ExecutionTrace_::populate(Builder& builder, typename Flavor::ProvingKey& proving_key) { // Construct wire polynomials, selector polynomials, and copy cycles from raw circuit data - auto trace_data = construct_trace_data(builder, proving_key->circuit_size); + auto trace_data = construct_trace_data(builder, proving_key.circuit_size); add_wires_and_selectors_to_proving_key(trace_data, builder, proving_key); @@ -23,46 +22,48 @@ void ExecutionTrace_::populate(Builder& builder, } // Compute the permutation argument polynomials (sigma/id) and add them to proving key - compute_permutation_argument_polynomials(builder, proving_key.get(), trace_data.copy_cycles); + compute_permutation_argument_polynomials(builder, &proving_key, trace_data.copy_cycles); } template -void ExecutionTrace_::add_wires_and_selectors_to_proving_key( - TraceData& trace_data, Builder& builder, const std::shared_ptr& proving_key) +void ExecutionTrace_::add_wires_and_selectors_to_proving_key(TraceData& trace_data, + Builder& builder, + typename Flavor::ProvingKey& proving_key) { if constexpr (IsHonkFlavor) { - for (auto [pkey_wire, trace_wire] : zip_view(proving_key->get_wires(), trace_data.wires)) { + for (auto [pkey_wire, trace_wire] : zip_view(proving_key.get_wires(), trace_data.wires)) { pkey_wire = trace_wire.share(); } - for (auto [pkey_selector, trace_selector] : zip_view(proving_key->get_selectors(), trace_data.selectors)) { + for (auto [pkey_selector, trace_selector] : zip_view(proving_key.get_selectors(), trace_data.selectors)) { pkey_selector = trace_selector.share(); } - proving_key->pub_inputs_offset = trace_data.pub_inputs_offset; + proving_key.pub_inputs_offset = trace_data.pub_inputs_offset; } else if constexpr (IsPlonkFlavor) { for (size_t idx = 0; idx < trace_data.wires.size(); ++idx) { std::string wire_tag = "w_" + std::to_string(idx + 1) + "_lagrange"; - proving_key->polynomial_store.put(wire_tag, std::move(trace_data.wires[idx])); + proving_key.polynomial_store.put(wire_tag, std::move(trace_data.wires[idx])); } for (size_t idx = 0; idx < trace_data.selectors.size(); ++idx) { - proving_key->polynomial_store.put(builder.selector_names[idx] + "_lagrange", - std::move(trace_data.selectors[idx])); + proving_key.polynomial_store.put(builder.selector_names[idx] + "_lagrange", + std::move(trace_data.selectors[idx])); } } } template -void ExecutionTrace_::add_memory_records_to_proving_key( - TraceData& trace_data, Builder& builder, const std::shared_ptr& proving_key) +void ExecutionTrace_::add_memory_records_to_proving_key(TraceData& trace_data, + Builder& builder, + typename Flavor::ProvingKey& proving_key) requires IsUltraPlonkOrHonk { - ASSERT(proving_key->memory_read_records.empty() && proving_key->memory_write_records.empty()); + ASSERT(proving_key.memory_read_records.empty() && proving_key.memory_write_records.empty()); // Update indices of RAM/ROM reads/writes based on where block containing these gates sits in the trace for (auto& index : builder.memory_read_records) { - proving_key->memory_read_records.emplace_back(index + trace_data.ram_rom_offset); + proving_key.memory_read_records.emplace_back(index + trace_data.ram_rom_offset); } for (auto& index : builder.memory_write_records) { - proving_key->memory_write_records.emplace_back(index + trace_data.ram_rom_offset); + proving_key.memory_write_records.emplace_back(index + trace_data.ram_rom_offset); } } @@ -135,20 +136,20 @@ template void ExecutionTrace_::populate_public_inputs_blo } template -void ExecutionTrace_::add_ecc_op_wires_to_proving_key( - Builder& builder, const std::shared_ptr& proving_key) +void ExecutionTrace_::add_ecc_op_wires_to_proving_key(Builder& builder, + typename Flavor::ProvingKey& proving_key) requires IsGoblinFlavor { // Initialize the ecc op wire polynomials to zero on the whole domain std::array op_wire_polynomials; for (auto& poly : op_wire_polynomials) { - poly = Polynomial{ proving_key->circuit_size }; + poly = Polynomial{ proving_key.circuit_size }; } - Polynomial ecc_op_selector{ proving_key->circuit_size }; + Polynomial ecc_op_selector{ proving_key.circuit_size }; // Copy the ecc op data from the conventional wires into the op wires over the range of ecc op gates const size_t op_wire_offset = Flavor::has_zero_row ? 1 : 0; - for (auto [ecc_op_wire, wire] : zip_view(op_wire_polynomials, proving_key->get_wires())) { + for (auto [ecc_op_wire, wire] : zip_view(op_wire_polynomials, proving_key.get_wires())) { for (size_t i = 0; i < builder.blocks.ecc_op.size(); ++i) { size_t idx = i + op_wire_offset; ecc_op_wire[idx] = wire[idx]; @@ -156,11 +157,11 @@ void ExecutionTrace_::add_ecc_op_wires_to_proving_key( } } - proving_key->ecc_op_wire_1 = op_wire_polynomials[0].share(); - proving_key->ecc_op_wire_2 = op_wire_polynomials[1].share(); - proving_key->ecc_op_wire_3 = op_wire_polynomials[2].share(); - proving_key->ecc_op_wire_4 = op_wire_polynomials[3].share(); - proving_key->lagrange_ecc_op = ecc_op_selector.share(); + proving_key.ecc_op_wire_1 = op_wire_polynomials[0].share(); + proving_key.ecc_op_wire_2 = op_wire_polynomials[1].share(); + proving_key.ecc_op_wire_3 = op_wire_polynomials[2].share(); + proving_key.ecc_op_wire_4 = op_wire_polynomials[3].share(); + proving_key.lagrange_ecc_op = ecc_op_selector.share(); } template class ExecutionTrace_; diff --git a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp index 633dc618ff9..3dd3899242e 100644 --- a/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp +++ b/barretenberg/cpp/src/barretenberg/execution_trace/execution_trace.hpp @@ -42,7 +42,7 @@ template class ExecutionTrace_ { * * @param builder */ - static void populate(Builder& builder, const std::shared_ptr&); + static void populate(Builder& builder, ProvingKey&); private: /** @@ -54,7 +54,7 @@ template class ExecutionTrace_ { */ static void add_wires_and_selectors_to_proving_key(TraceData& trace_data, Builder& builder, - const std::shared_ptr& proving_key); + typename Flavor::ProvingKey& proving_key); /** * @brief Add the memory records indicating which rows correspond to RAM/ROM reads/writes @@ -70,7 +70,7 @@ template class ExecutionTrace_ { */ static void add_memory_records_to_proving_key(TraceData& trace_data, Builder& builder, - const std::shared_ptr& proving_key) + typename Flavor::ProvingKey& proving_key) requires IsUltraPlonkOrHonk; /** @@ -98,8 +98,7 @@ template class ExecutionTrace_ { * @param builder * @param proving_key */ - static void add_ecc_op_wires_to_proving_key(Builder& builder, - const std::shared_ptr& proving_key) + static void add_ecc_op_wires_to_proving_key(Builder& builder, typename Flavor::ProvingKey& proving_key) requires IsGoblinFlavor; }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 5b1f4824f03..7f15cc14fe0 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -165,19 +165,6 @@ class VerificationKey_ : public PrecomputedCommitments { this->log_circuit_size = numeric::get_msb(circuit_size); this->num_public_inputs = num_public_inputs; }; - - template VerificationKey_(const ProvingKeyPtr& proving_key) - { - this->pcs_verification_key = std::make_shared(); - this->circuit_size = proving_key->circuit_size; - this->log_circuit_size = numeric::get_msb(this->circuit_size); - this->num_public_inputs = proving_key->num_public_inputs; - this->pub_inputs_offset = proving_key->pub_inputs_offset; - - for (auto [polynomial, commitment] : zip_view(proving_key->get_precomputed_polynomials(), this->get_all())) { - commitment = proving_key->commitment_key->commit(polynomial); - } - } }; // Because of how Gemini is written, is importat to put the polynomials out in this order. diff --git a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp index ed23f29679e..35a7e321120 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp +++ b/barretenberg/cpp/src/barretenberg/goblin/mock_circuits_pinning.test.cpp @@ -25,9 +25,9 @@ TEST_F(MockCircuitsPinning, FunctionSizes) GoblinMockCircuits::construct_mock_function_circuit(app_circuit, large); auto instance = std::make_shared(app_circuit); if (large) { - EXPECT_EQ(instance->proving_key->log_circuit_size, 19); + EXPECT_EQ(instance->proving_key.log_circuit_size, 19); } else { - EXPECT_EQ(instance->proving_key->log_circuit_size, 17); + EXPECT_EQ(instance->proving_key.log_circuit_size, 17); }; }; run_test(true); @@ -51,9 +51,9 @@ TEST_F(MockCircuitsPinning, RecursionKernelSizes) auto instance = std::make_shared(kernel_circuit); if (large) { - EXPECT_EQ(instance->proving_key->log_circuit_size, 17); + EXPECT_EQ(instance->proving_key.log_circuit_size, 17); } else { - EXPECT_EQ(instance->proving_key->log_circuit_size, 17); + EXPECT_EQ(instance->proving_key.log_circuit_size, 17); }; } }; diff --git a/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.cpp b/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.cpp index f4b016460b3..aee76ed681e 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/plonk/composer/standard_composer.cpp @@ -41,7 +41,7 @@ std::shared_ptr StandardComposer::compute_proving_key(Circui subgroup_size, circuit_constructor.public_inputs.size(), crs, CircuitType::STANDARD); // Construct and add to proving key the wire, selector and copy constraint polynomials - Trace::populate(circuit_constructor, circuit_proving_key); + Trace::populate(circuit_constructor, *circuit_proving_key); // Make all selectors nonzero enforce_nonzero_selector_polynomials(circuit_constructor, circuit_proving_key.get()); diff --git a/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.cpp b/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.cpp index e0e24ca7efb..bc856916cb8 100644 --- a/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.cpp +++ b/barretenberg/cpp/src/barretenberg/plonk/composer/ultra_composer.cpp @@ -166,7 +166,7 @@ std::shared_ptr UltraComposer::compute_proving_key(CircuitBuilder& std::make_shared(subgroup_size, circuit.public_inputs.size(), crs, CircuitType::ULTRA); // Construct and add to proving key the wire, selector and copy constraint polynomials - Trace::populate(circuit, circuit_proving_key); + Trace::populate(circuit, *circuit_proving_key); enforce_nonzero_selector_polynomials(circuit, circuit_proving_key.get()); diff --git a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp index d0913aef1c4..add3db82ec1 100644 --- a/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp +++ b/barretenberg/cpp/src/barretenberg/plonk_honk_shared/instance_inspector.hpp @@ -49,7 +49,7 @@ void print_databus_info(auto& prover_instance) { info("\nInstance Inspector: Printing databus gate info."); auto& key = prover_instance->proving_key; - for (size_t idx = 0; idx < prover_instance->proving_key->circuit_size; ++idx) { + for (size_t idx = 0; idx < prover_instance->proving_key.circuit_size; ++idx) { if (key->q_busread[idx] == 1) { info("idx = ", idx); info("q_busread = ", key->q_busread[idx]); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp index bafae22398f..2e6f87f73f9 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp @@ -45,8 +45,8 @@ TEST(Protogalaxy, CombinerOn2Instances) /*log_circuit_size=*/1, idx * 128); restrict_to_standard_arithmetic_relation(prover_polynomials); instance->prover_polynomials = std::move(prover_polynomials); - instance->proving_key = std::make_shared(); - instance->proving_key->circuit_size = 2; + instance->proving_key = Flavor::ProvingKey(); + instance->proving_key.circuit_size = 2; instance_data[idx] = instance; } @@ -79,8 +79,8 @@ TEST(Protogalaxy, CombinerOn2Instances) /*log_circuit_size=*/1); restrict_to_standard_arithmetic_relation(prover_polynomials); instance->prover_polynomials = std::move(prover_polynomials); - instance->proving_key = std::make_shared(); - instance->proving_key->circuit_size = 2; + instance->proving_key = Flavor::ProvingKey(); + instance->proving_key.circuit_size = 2; instance_data[idx] = instance; } @@ -170,8 +170,8 @@ TEST(Protogalaxy, CombinerOn4Instances) auto prover_polynomials = get_zero_prover_polynomials( /*log_circuit_size=*/1); instance->prover_polynomials = std::move(prover_polynomials); - instance->proving_key = std::make_shared(); - instance->proving_key->circuit_size = 2; + instance->proving_key = Flavor::ProvingKey(); + instance->proving_key.circuit_size = 2; instance_data[idx] = instance; } diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp index 0b13eefeb37..1175e6d7f8f 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp @@ -17,7 +17,7 @@ DeciderProver_::DeciderProver_(const std::shared_ptr& inst, const std::shared_ptr& transcript) : accumulator(std::move(inst)) , transcript(transcript) - , commitment_key(inst->proving_key->commitment_key) + , commitment_key(inst->proving_key.commitment_key) {} /** @@ -28,7 +28,7 @@ DeciderProver_::DeciderProver_(const std::shared_ptr& inst, template void DeciderProver_::execute_relation_check_rounds() { using Sumcheck = SumcheckProver; - auto instance_size = accumulator->proving_key->circuit_size; + auto instance_size = accumulator->proving_key.circuit_size; auto sumcheck = Sumcheck(instance_size, transcript); sumcheck_output = sumcheck.prove(accumulator); } diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp index 453e0d844d7..da44a6e3054 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp @@ -79,7 +79,7 @@ template class ProtoGalaxyTests : public testing::Test { static void check_accumulator_target_sum_manual(std::shared_ptr& accumulator, bool expected_result) { - auto instance_size = accumulator->proving_key->circuit_size; + auto instance_size = accumulator->proving_key.circuit_size; auto expected_honk_evals = ProtoGalaxyProver::compute_full_honk_evaluations( accumulator->prover_polynomials, accumulator->alphas, accumulator->relation_parameters); // Construct pow(\vec{betas*}) as in the paper @@ -124,13 +124,13 @@ template class ProtoGalaxyTests : public testing::Test { instance->relation_parameters.beta = FF::random_element(); instance->relation_parameters.gamma = FF::random_element(); - instance->proving_key->compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, - instance->relation_parameters.eta_two, - instance->relation_parameters.eta_three); + instance->proving_key.compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, + instance->relation_parameters.eta_two, + instance->relation_parameters.eta_three); if constexpr (IsGoblinFlavor) { - instance->proving_key->compute_logderivative_inverse(instance->relation_parameters); + instance->proving_key.compute_logderivative_inverse(instance->relation_parameters); } - instance->proving_key->compute_grand_product_polynomials(instance->relation_parameters); + instance->proving_key.compute_grand_product_polynomials(instance->relation_parameters); instance->prover_polynomials = ProverPolynomials(instance->proving_key); for (auto& alpha : instance->alphas) { diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp index aadccfaa1ab..8e4fcdb2e41 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp @@ -6,9 +6,10 @@ template void ProtoGalaxyProver_::finalise_and_send_instance(std::shared_ptr instance, const std::string& domain_separator) { - OinkProver oink_prover(instance->proving_key, commitment_key, transcript, domain_separator + '_'); + OinkProver oink_prover(instance->proving_key, transcript, domain_separator + '_'); - auto [relation_params, alphas] = oink_prover.prove(); + auto [proving_key, relation_params, alphas] = oink_prover.prove(); + instance->proving_key = std::move(proving_key); instance->relation_parameters = std::move(relation_params); instance->prover_polynomials = ProverPolynomials(instance->proving_key); instance->alphas = std::move(alphas); @@ -22,7 +23,7 @@ template void ProtoGalaxyProver_::prepa if (!instance->is_accumulator) { finalise_and_send_instance(instance, domain_separator); instance->target_sum = 0; - instance->gate_challenges = std::vector(instance->proving_key->log_circuit_size, 0); + instance->gate_challenges = std::vector(instance->proving_key.log_circuit_size, 0); } idx++; @@ -61,19 +62,19 @@ std::shared_ptr ProtoGalaxyProver_gate_challenges = instances.next_gate_challenges; // Initialize accumulator proving key polynomials - auto accumulator_polys = next_accumulator->proving_key->get_all(); + auto accumulator_polys = next_accumulator->proving_key.get_all(); run_loop_in_parallel(Flavor::NUM_FOLDED_ENTITIES, [&](size_t start_idx, size_t end_idx) { for (size_t poly_idx = start_idx; poly_idx < end_idx; poly_idx++) { auto& acc_poly = accumulator_polys[poly_idx]; for (auto& acc_el : acc_poly) { - acc_el = acc_el * lagranges[0]; + acc_el *= lagranges[0]; } } }); // Fold the proving key polynomials for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) { - auto input_polys = instances[inst_idx]->proving_key->get_all(); + auto input_polys = instances[inst_idx]->proving_key.get_all(); run_loop_in_parallel(Flavor::NUM_FOLDED_ENTITIES, [&](size_t start_idx, size_t end_idx) { for (size_t poly_idx = start_idx; poly_idx < end_idx; poly_idx++) { auto& acc_poly = accumulator_polys[poly_idx]; @@ -85,19 +86,16 @@ std::shared_ptr ProtoGalaxyProver_proving_key->public_inputs) { - el = el * lagranges[0]; + for (auto& el : next_accumulator->proving_key.public_inputs) { + el *= lagranges[0]; size_t inst = 0; for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) { auto& instance = instances[inst_idx]; // TODO(https://github.com/AztecProtocol/barretenberg/issues/830) - if (instance->proving_key->num_public_inputs >= next_accumulator->proving_key->num_public_inputs) { - el += instance->proving_key->public_inputs[el_idx] * lagranges[inst]; + if (instance->proving_key.num_public_inputs >= next_accumulator->proving_key.num_public_inputs) { + el += instance->proving_key.public_inputs[el_idx] * lagranges[inst]; inst++; }; } @@ -124,6 +122,7 @@ std::shared_ptr ProtoGalaxyProver_relation_parameters = folded_relation_parameters; + next_accumulator->proving_key = std::move(instances[0]->proving_key); // Derive the prover polynomials from the proving key polynomials since we only fold the unshifted polynomials. This // is extremely cheap since we only call .share() and .shifted() polynomial functions. We need the folded prover // polynomials for the decider. @@ -142,14 +141,14 @@ template void ProtoGalaxyProver_::pertu BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::perturbator_round"); state.accumulator = get_accumulator(); FF delta = transcript->template get_challenge("delta"); - state.deltas = compute_round_challenge_pows(state.accumulator->proving_key->log_circuit_size, delta); - state.perturbator = Polynomial(state.accumulator->proving_key->log_circuit_size + 1); // initialize to all zeros + state.deltas = compute_round_challenge_pows(state.accumulator->proving_key.log_circuit_size, delta); + state.perturbator = Polynomial(state.accumulator->proving_key.log_circuit_size + 1); // initialize to all zeros // compute perturbator only if this is not the first round and has an accumulator if (state.accumulator->is_accumulator) { state.perturbator = compute_perturbator(state.accumulator, state.deltas); // Prover doesn't send the constant coefficient of F because this is supposed to be equal to the target sum of // the accumulator which the folding verifier has from the previous iteration. - for (size_t idx = 1; idx <= state.accumulator->proving_key->log_circuit_size; idx++) { + for (size_t idx = 1; idx <= state.accumulator->proving_key.log_circuit_size; idx++) { transcript->send_to_verifier("perturbator_" + std::to_string(idx), state.perturbator[idx]); } } diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp index ca5233c5eba..674163ab3ce 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp @@ -71,7 +71,7 @@ template class ProtoGalaxyProver_ { ProtoGalaxyProver_(const std::vector>& insts) : instances(ProverInstances(insts)) // TODO(https://github.com/AztecProtocol/barretenberg/issues/878) - , commitment_key(instances[1]->proving_key->commitment_key){}; + , commitment_key(instances[1]->proving_key.commitment_key){}; ~ProtoGalaxyProver_() = default; /** @@ -307,7 +307,7 @@ template class ProtoGalaxyProver_ { ExtendedUnivariateWithRandomization compute_combiner(const ProverInstances& instances, PowPolynomial& pow_betas) { BB_OP_COUNT_TIME(); - size_t common_instance_size = instances[0]->proving_key->circuit_size; + size_t common_instance_size = instances[0]->proving_key.circuit_size; pow_betas.compute_values(); // Determine number of threads for multithreading. // Note: Multithreading is "on" for every round but we reduce the number of threads from the max available based diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/goblin_ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/goblin_ultra_flavor.hpp index 4eb513ae5a5..a7a93833f43 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/goblin_ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/goblin_ultra_flavor.hpp @@ -398,8 +398,27 @@ class GoblinUltraFlavor { * circuits. * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/876) */ - using VerificationKey = VerificationKey_, VerifierCommitmentKey>; + // using VerificationKey = VerificationKey_, VerifierCommitmentKey>; + class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { + public: + VerificationKey() = default; + VerificationKey(const size_t circuit_size, const size_t num_public_inputs) + : VerificationKey_(circuit_size, num_public_inputs) + {} + VerificationKey(ProvingKey& proving_key) + { + this->pcs_verification_key = std::make_shared(); + this->circuit_size = proving_key.circuit_size; + this->log_circuit_size = numeric::get_msb(this->circuit_size); + this->num_public_inputs = proving_key.num_public_inputs; + this->pub_inputs_offset = proving_key.pub_inputs_offset; + + for (auto [polynomial, commitment] : zip_view(proving_key.get_precomputed_polynomials(), this->get_all())) { + commitment = proving_key.commitment_key->commit(polynomial); + } + } + }; /** * @brief A container for storing the partially evaluated multivariates produced by sumcheck. */ @@ -442,6 +461,7 @@ class GoblinUltraFlavor { */ class ProverPolynomials : public AllEntities { public: + // TODO(https://github.com/AztecProtocol/barretenberg/issues/925), proving_key could be const ref ProverPolynomials(ProvingKey& proving_key) { for (auto [prover_poly, key_poly] : zip_view(this->get_unshifted(), proving_key.get_all())) { @@ -453,17 +473,6 @@ class GoblinUltraFlavor { prover_poly = key_poly.shifted(); } } - ProverPolynomials(std::shared_ptr& proving_key) - { - for (auto [prover_poly, key_poly] : zip_view(this->get_unshifted(), proving_key->get_all())) { - ASSERT(flavor_get_label(*this, prover_poly) == flavor_get_label(*proving_key, key_poly)); - prover_poly = key_poly.share(); - } - for (auto [prover_poly, key_poly] : zip_view(this->get_shifted(), proving_key->get_to_be_shifted())) { - ASSERT(flavor_get_label(*this, prover_poly) == (flavor_get_label(*proving_key, key_poly) + "_shift")); - prover_poly = key_poly.shifted(); - } - } // Define all operations as default, except copy construction/assignment ProverPolynomials() = default; ProverPolynomials& operator=(const ProverPolynomials&) = delete; diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index 1e29d4a5ccb..bb40fe0c7ff 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -387,8 +387,26 @@ class UltraFlavor { * that, and split out separate PrecomputedPolynomials/Commitments data for clarity but also for portability of our * circuits. */ - using VerificationKey = VerificationKey_, VerifierCommitmentKey>; - + // using VerificationKey = VerificationKey_, VerifierCommitmentKey>; + class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { + public: + VerificationKey() = default; + VerificationKey(const size_t circuit_size, const size_t num_public_inputs) + : VerificationKey_(circuit_size, num_public_inputs) + {} + VerificationKey(ProvingKey& proving_key) + { + this->pcs_verification_key = std::make_shared(); + this->circuit_size = proving_key.circuit_size; + this->log_circuit_size = numeric::get_msb(this->circuit_size); + this->num_public_inputs = proving_key.num_public_inputs; + this->pub_inputs_offset = proving_key.pub_inputs_offset; + + for (auto [polynomial, commitment] : zip_view(proving_key.get_precomputed_polynomials(), this->get_all())) { + commitment = proving_key.commitment_key->commit(polynomial); + } + } + }; /** * @brief A field element for each entity of the flavor. These entities represent the prover polynomials * evaluated at one point. @@ -415,17 +433,6 @@ class UltraFlavor { prover_poly = key_poly.shifted(); } } - ProverPolynomials(std::shared_ptr& proving_key) - { - for (auto [prover_poly, key_poly] : zip_view(this->get_unshifted(), proving_key->get_all())) { - ASSERT(flavor_get_label(*this, prover_poly) == flavor_get_label(*proving_key, key_poly)); - prover_poly = key_poly.share(); - } - for (auto [prover_poly, key_poly] : zip_view(this->get_shifted(), proving_key->get_to_be_shifted())) { - ASSERT(flavor_get_label(*this, prover_poly) == (flavor_get_label(*proving_key, key_poly) + "_shift")); - prover_poly = key_poly.shifted(); - } - } // Define all operations as default, except copy construction/assignment ProverPolynomials() = default; ProverPolynomials& operator=(const ProverPolynomials&) = delete; diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp index 9900d20b9de..0e936dddfff 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.cpp @@ -56,19 +56,19 @@ void ProverInstance_::construct_databus_polynomials(Circuit& circuit) databus_id[i] = i; } - proving_key->calldata = public_calldata.share(); - proving_key->calldata_read_counts = calldata_read_counts.share(); - proving_key->databus_id = databus_id.share(); + proving_key.calldata = public_calldata.share(); + proving_key.calldata_read_counts = calldata_read_counts.share(); + proving_key.databus_id = databus_id.share(); } template void ProverInstance_::construct_table_polynomials(Circuit& circuit, size_t dyadic_circuit_size) { auto table_polynomials = construct_lookup_table_polynomials(circuit, dyadic_circuit_size); - proving_key->table_1 = table_polynomials[0].share(); - proving_key->table_2 = table_polynomials[1].share(); - proving_key->table_3 = table_polynomials[2].share(); - proving_key->table_4 = table_polynomials[3].share(); + proving_key.table_1 = table_polynomials[0].share(); + proving_key.table_2 = table_polynomials[1].share(); + proving_key.table_3 = table_polynomials[2].share(); + proving_key.table_4 = table_polynomials[3].share(); } template class ProverInstance_; diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp index 6d8437530dc..d17f45ce595 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.hpp @@ -30,7 +30,7 @@ template class ProverInstance_ { using Trace = ExecutionTrace_; public: - std::shared_ptr proving_key; + ProvingKey proving_key; ProverPolynomials prover_polynomials; RelationSeparator alphas; @@ -53,7 +53,7 @@ template class ProverInstance_ { dyadic_circuit_size = compute_dyadic_size(circuit); - proving_key = std::make_shared(dyadic_circuit_size, circuit.public_inputs.size()); + proving_key = std::move(ProvingKey(dyadic_circuit_size, circuit.public_inputs.size())); // Construct and add to proving key the wire, selector and copy constraint polynomials Trace::populate(circuit, proving_key); @@ -66,19 +66,19 @@ template class ProverInstance_ { // First and last lagrange polynomials (in the full circuit size) const auto [lagrange_first, lagrange_last] = compute_first_and_last_lagrange_polynomials(dyadic_circuit_size); - proving_key->lagrange_first = lagrange_first; - proving_key->lagrange_last = lagrange_last; + proving_key.lagrange_first = lagrange_first; + proving_key.lagrange_last = lagrange_last; construct_table_polynomials(circuit, dyadic_circuit_size); - proving_key->sorted_polynomials = construct_sorted_list_polynomials(circuit, dyadic_circuit_size); + proving_key.sorted_polynomials = construct_sorted_list_polynomials(circuit, dyadic_circuit_size); - std::span public_wires_source = proving_key->w_r; + std::span public_wires_source = proving_key.w_r; // Construct the public inputs array - for (size_t i = 0; i < proving_key->num_public_inputs; ++i) { - size_t idx = i + proving_key->pub_inputs_offset; - proving_key->public_inputs.emplace_back(public_wires_source[idx]); + for (size_t i = 0; i < proving_key.num_public_inputs; ++i) { + size_t idx = i + proving_key.pub_inputs_offset; + proving_key.public_inputs.emplace_back(public_wires_source[idx]); } } diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp index c4f9a0966e7..55834fac7b3 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/instance/prover_instance.test.cpp @@ -62,15 +62,15 @@ template class InstanceTests : public testing::Test { auto eta_two = FF::random_element(); auto eta_three = FF::random_element(); - auto sorted_list_polynomials = instance.proving_key->sorted_polynomials; + auto sorted_list_polynomials = instance.proving_key.sorted_polynomials; // Method 1: computed sorted list accumulator polynomial using prover library method - instance.proving_key->compute_sorted_list_accumulator(eta, eta_two, eta_three); - auto sorted_list_accumulator = instance.proving_key->sorted_accum; + instance.proving_key.compute_sorted_list_accumulator(eta, eta_two, eta_three); + auto sorted_list_accumulator = instance.proving_key.sorted_accum; // Compute s = s_1 + η*s_2 + η²*s_3 + η³*s_4 Polynomial sorted_list_accumulator_expected{ sorted_list_polynomials[0] }; - for (size_t i = 0; i < instance.proving_key->circuit_size; ++i) { + for (size_t i = 0; i < instance.proving_key.circuit_size; ++i) { sorted_list_accumulator_expected[i] += sorted_list_polynomials[1][i] * eta + sorted_list_polynomials[2][i] * eta_two + sorted_list_polynomials[3][i] * eta_three; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_flavor.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_flavor.hpp index 164b11be335..f48cf345271 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_flavor.hpp @@ -1046,12 +1046,20 @@ class GoblinTranslatorFlavor { VerificationKey(const size_t circuit_size, const size_t num_public_inputs) : VerificationKey_(circuit_size, num_public_inputs) {} - - template - VerificationKey(const ProvingKeyPtr& proving_key) - : VerificationKey_(proving_key) - , public_inputs(proving_key->public_inputs) - {} + VerificationKey(const std::shared_ptr& proving_key) + : public_inputs(proving_key->public_inputs) + { + this->pcs_verification_key = std::make_shared(); + this->circuit_size = proving_key->circuit_size; + this->log_circuit_size = numeric::get_msb(this->circuit_size); + this->num_public_inputs = proving_key->num_public_inputs; + this->pub_inputs_offset = proving_key->pub_inputs_offset; + + for (auto [polynomial, commitment] : + zip_view(proving_key->get_precomputed_polynomials(), this->get_all())) { + commitment = proving_key->commitment_key->commit(polynomial); + } + } }; /** * @brief A field element for each entity of the flavor. These entities represent the prover polynomials diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp index ca8185b309c..18e66bf9f09 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp @@ -153,7 +153,7 @@ TEST_F(GoblinUltraTranscriptTests, ProverManifestConsistency) auto proof = prover.construct_proof(); // Check that the prover generated manifest agrees with the manifest hard coded in this suite - auto manifest_expected = construct_goblin_ultra_honk_manifest(instance->proving_key->circuit_size); + auto manifest_expected = construct_goblin_ultra_honk_manifest(instance->proving_key.circuit_size); auto prover_manifest = prover.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < manifest_expected.size(); ++round) { diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index 1edfd735b6d..7d3a1251f3c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -29,6 +29,7 @@ template OinkProverOutput OinkProver::pro RelationSeparator alphas = generate_alphas_round(); return OinkProverOutput{ + .proving_key = std::move(proving_key), .relation_parameters = std::move(relation_parameters), .alphas = std::move(alphas), }; @@ -40,17 +41,17 @@ template OinkProverOutput OinkProver::pro */ template void OinkProver::execute_preamble_round() { - const auto circuit_size = static_cast(proving_key->circuit_size); - const auto num_public_inputs = static_cast(proving_key->num_public_inputs); + const auto circuit_size = static_cast(proving_key.circuit_size); + const auto num_public_inputs = static_cast(proving_key.num_public_inputs); transcript->send_to_verifier(domain_separator + "circuit_size", circuit_size); transcript->send_to_verifier(domain_separator + "public_input_size", num_public_inputs); transcript->send_to_verifier(domain_separator + "pub_inputs_offset", - static_cast(proving_key->pub_inputs_offset)); + static_cast(proving_key.pub_inputs_offset)); - ASSERT(proving_key->num_public_inputs == proving_key->public_inputs.size()); + ASSERT(proving_key.num_public_inputs == proving_key.public_inputs.size()); - for (size_t i = 0; i < proving_key->num_public_inputs; ++i) { - auto public_input_i = proving_key->public_inputs[i]; + for (size_t i = 0; i < proving_key.num_public_inputs; ++i) { + auto public_input_i = proving_key.public_inputs[i]; transcript->send_to_verifier(domain_separator + "public_input_" + std::to_string(i), public_input_i); } } @@ -64,9 +65,9 @@ template void OinkProver::execute_wire_commitment { // Commit to the first three wire polynomials of the instance // We only commit to the fourth wire polynomial after adding memory recordss - witness_commitments.w_l = commitment_key->commit(proving_key->w_l); - witness_commitments.w_r = commitment_key->commit(proving_key->w_r); - witness_commitments.w_o = commitment_key->commit(proving_key->w_o); + witness_commitments.w_l = commitment_key->commit(proving_key.w_l); + witness_commitments.w_r = commitment_key->commit(proving_key.w_r); + witness_commitments.w_o = commitment_key->commit(proving_key.w_o); auto wire_comms = witness_commitments.get_wires(); auto wire_labels = commitment_labels.get_wires(); @@ -76,10 +77,10 @@ template void OinkProver::execute_wire_commitment if constexpr (IsGoblinFlavor) { // Commit to Goblin ECC op wires - witness_commitments.ecc_op_wire_1 = commitment_key->commit(proving_key->ecc_op_wire_1); - witness_commitments.ecc_op_wire_2 = commitment_key->commit(proving_key->ecc_op_wire_2); - witness_commitments.ecc_op_wire_3 = commitment_key->commit(proving_key->ecc_op_wire_3); - witness_commitments.ecc_op_wire_4 = commitment_key->commit(proving_key->ecc_op_wire_4); + witness_commitments.ecc_op_wire_1 = commitment_key->commit(proving_key.ecc_op_wire_1); + witness_commitments.ecc_op_wire_2 = commitment_key->commit(proving_key.ecc_op_wire_2); + witness_commitments.ecc_op_wire_3 = commitment_key->commit(proving_key.ecc_op_wire_3); + witness_commitments.ecc_op_wire_4 = commitment_key->commit(proving_key.ecc_op_wire_4); auto op_wire_comms = witness_commitments.get_ecc_op_wires(); auto labels = commitment_labels.get_ecc_op_wires(); @@ -87,8 +88,8 @@ template void OinkProver::execute_wire_commitment transcript->send_to_verifier(domain_separator + labels[idx], op_wire_comms[idx]); } // Commit to DataBus columns - witness_commitments.calldata = commitment_key->commit(proving_key->calldata); - witness_commitments.calldata_read_counts = commitment_key->commit(proving_key->calldata_read_counts); + witness_commitments.calldata = commitment_key->commit(proving_key.calldata); + witness_commitments.calldata_read_counts = commitment_key->commit(proving_key.calldata_read_counts); transcript->send_to_verifier(domain_separator + commitment_labels.calldata, witness_commitments.calldata); transcript->send_to_verifier(domain_separator + commitment_labels.calldata_read_counts, witness_commitments.calldata_read_counts); @@ -108,12 +109,12 @@ template void OinkProver::execute_sorted_list_acc relation_parameters.eta_two = eta_two; relation_parameters.eta_three = eta_three; - proving_key->compute_sorted_accumulator_polynomials( + proving_key.compute_sorted_accumulator_polynomials( relation_parameters.eta, relation_parameters.eta_two, relation_parameters.eta_three); // Commit to the sorted witness-table accumulator and the finalized (i.e. with memory records) fourth wire // polynomial - witness_commitments.sorted_accum = commitment_key->commit(proving_key->sorted_accum); - witness_commitments.w_4 = commitment_key->commit(proving_key->w_4); + witness_commitments.sorted_accum = commitment_key->commit(proving_key.sorted_accum); + witness_commitments.w_4 = commitment_key->commit(proving_key.w_4); transcript->send_to_verifier(domain_separator + commitment_labels.sorted_accum, witness_commitments.sorted_accum); transcript->send_to_verifier(domain_separator + commitment_labels.w_4, witness_commitments.w_4); @@ -130,8 +131,8 @@ template void OinkProver::execute_log_derivative_ relation_parameters.gamma = gamma; if constexpr (IsGoblinFlavor) { // Compute and commit to the logderivative inverse used in DataBus - proving_key->compute_logderivative_inverse(relation_parameters); - witness_commitments.lookup_inverses = commitment_key->commit(proving_key->lookup_inverses); + proving_key.compute_logderivative_inverse(relation_parameters); + witness_commitments.lookup_inverses = commitment_key->commit(proving_key.lookup_inverses); transcript->send_to_verifier(domain_separator + commitment_labels.lookup_inverses, witness_commitments.lookup_inverses); } @@ -144,10 +145,10 @@ template void OinkProver::execute_log_derivative_ template void OinkProver::execute_grand_product_computation_round() { - proving_key->compute_grand_product_polynomials(relation_parameters); + proving_key.compute_grand_product_polynomials(relation_parameters); - witness_commitments.z_perm = commitment_key->commit(proving_key->z_perm); - witness_commitments.z_lookup = commitment_key->commit(proving_key->z_lookup); + witness_commitments.z_perm = commitment_key->commit(proving_key.z_perm); + witness_commitments.z_lookup = commitment_key->commit(proving_key.z_lookup); transcript->send_to_verifier(domain_separator + commitment_labels.z_perm, witness_commitments.z_perm); transcript->send_to_verifier(domain_separator + commitment_labels.z_lookup, witness_commitments.z_lookup); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp index 14398ae6b18..c4d8ed1e4bc 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp @@ -25,6 +25,7 @@ namespace bb { template struct OinkProverOutput { + typename Flavor::ProvingKey proving_key; bb::RelationParameters relation_parameters; typename Flavor::RelationSeparator alphas; }; @@ -44,7 +45,7 @@ template class OinkProver { using FF = typename Flavor::FF; public: - std::shared_ptr proving_key; + ProvingKey proving_key; std::shared_ptr transcript; std::shared_ptr commitment_key; std::string domain_separator; @@ -54,13 +55,12 @@ template class OinkProver { bb::RelationParameters relation_parameters; - OinkProver(const std::shared_ptr& proving_key, - const std::shared_ptr& commitment_key, + OinkProver(ProvingKey& proving_key, const std::shared_ptr& transcript, std::string domain_separator = "") - : proving_key(proving_key) + : proving_key(std::move(proving_key)) , transcript(transcript) - , commitment_key(commitment_key) + , commitment_key(this->proving_key.commitment_key) , domain_separator(std::move(domain_separator)) {} diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp index 7c21616cd32..2fb80d76c9f 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/relation_correctness.test.cpp @@ -262,8 +262,8 @@ TEST_F(UltraRelationCorrectnessTests, Ultra) // Create a prover (it will compute proving key and witness) auto instance = std::make_shared>(builder); - auto proving_key = instance->proving_key; - auto circuit_size = proving_key->circuit_size; + auto& proving_key = instance->proving_key; + auto circuit_size = proving_key.circuit_size; // Generate eta, beta and gamma instance->relation_parameters.eta = FF::random_element(); @@ -272,18 +272,18 @@ TEST_F(UltraRelationCorrectnessTests, Ultra) instance->relation_parameters.beta = FF::random_element(); instance->relation_parameters.gamma = FF::random_element(); - instance->proving_key->compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, - instance->relation_parameters.eta_two, - instance->relation_parameters.eta_three); - instance->proving_key->compute_grand_product_polynomials(instance->relation_parameters); + instance->proving_key.compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, + instance->relation_parameters.eta_two, + instance->relation_parameters.eta_three); + instance->proving_key.compute_grand_product_polynomials(instance->relation_parameters); instance->prover_polynomials = Flavor::ProverPolynomials(instance->proving_key); // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution - ensure_non_zero(proving_key->q_arith); - ensure_non_zero(proving_key->q_delta_range); - ensure_non_zero(proving_key->q_lookup); - ensure_non_zero(proving_key->q_elliptic); - ensure_non_zero(proving_key->q_aux); + ensure_non_zero(proving_key.q_arith); + ensure_non_zero(proving_key.q_delta_range); + ensure_non_zero(proving_key.q_lookup); + ensure_non_zero(proving_key.q_elliptic); + ensure_non_zero(proving_key.q_aux); // Construct the round for applying sumcheck relations and results for storing computed results using Relations = typename Flavor::Relations; @@ -318,8 +318,8 @@ TEST_F(UltraRelationCorrectnessTests, GoblinUltra) // Create a prover (it will compute proving key and witness) auto instance = std::make_shared>(builder); - auto proving_key = instance->proving_key; - auto circuit_size = proving_key->circuit_size; + auto& proving_key = instance->proving_key; + auto circuit_size = proving_key.circuit_size; // Generate eta, beta and gamma instance->relation_parameters.eta = FF::random_element(); @@ -328,26 +328,26 @@ TEST_F(UltraRelationCorrectnessTests, GoblinUltra) instance->relation_parameters.beta = FF::random_element(); instance->relation_parameters.gamma = FF::random_element(); - instance->proving_key->compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, - instance->relation_parameters.eta_two, - instance->relation_parameters.eta_three); - instance->proving_key->compute_logderivative_inverse(instance->relation_parameters); - instance->proving_key->compute_grand_product_polynomials(instance->relation_parameters); + instance->proving_key.compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, + instance->relation_parameters.eta_two, + instance->relation_parameters.eta_three); + instance->proving_key.compute_logderivative_inverse(instance->relation_parameters); + instance->proving_key.compute_grand_product_polynomials(instance->relation_parameters); instance->prover_polynomials = Flavor::ProverPolynomials(instance->proving_key); // Check that selectors are nonzero to ensure corresponding relation has nontrivial contribution - ensure_non_zero(proving_key->q_arith); - ensure_non_zero(proving_key->q_delta_range); - ensure_non_zero(proving_key->q_lookup); - ensure_non_zero(proving_key->q_elliptic); - ensure_non_zero(proving_key->q_aux); - ensure_non_zero(proving_key->q_busread); - ensure_non_zero(proving_key->q_poseidon2_external); - ensure_non_zero(proving_key->q_poseidon2_internal); - - ensure_non_zero(proving_key->calldata); - ensure_non_zero(proving_key->calldata_read_counts); - ensure_non_zero(proving_key->lookup_inverses); + ensure_non_zero(proving_key.q_arith); + ensure_non_zero(proving_key.q_delta_range); + ensure_non_zero(proving_key.q_lookup); + ensure_non_zero(proving_key.q_elliptic); + ensure_non_zero(proving_key.q_aux); + ensure_non_zero(proving_key.q_busread); + ensure_non_zero(proving_key.q_poseidon2_external); + ensure_non_zero(proving_key.q_poseidon2_internal); + + ensure_non_zero(proving_key.calldata); + ensure_non_zero(proving_key.calldata_read_counts); + ensure_non_zero(proving_key.lookup_inverses); // Construct the round for applying sumcheck relations and results for storing computed results using Relations = typename Flavor::Relations; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp index 1ac3f6d5d10..9c267bb72b5 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/sumcheck.test.cpp @@ -157,14 +157,14 @@ TEST_F(SumcheckTestsRealCircuit, Ultra) instance->relation_parameters.beta = FF::random_element(); instance->relation_parameters.gamma = FF::random_element(); - instance->proving_key->compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, - instance->relation_parameters.eta_two, - instance->relation_parameters.eta_three); - instance->proving_key->compute_grand_product_polynomials(instance->relation_parameters); + instance->proving_key.compute_sorted_accumulator_polynomials(instance->relation_parameters.eta, + instance->relation_parameters.eta_two, + instance->relation_parameters.eta_three); + instance->proving_key.compute_grand_product_polynomials(instance->relation_parameters); instance->prover_polynomials = Flavor::ProverPolynomials(instance->proving_key); auto prover_transcript = Transcript::prover_init_empty(); - auto circuit_size = instance->proving_key->circuit_size; + auto circuit_size = instance->proving_key.circuit_size; auto log_circuit_size = numeric::get_msb(circuit_size); RelationSeparator prover_alphas; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.test.cpp index 448e47384c2..c6015ca160c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_composer.test.cpp @@ -70,17 +70,17 @@ TEST_F(UltraHonkComposerTests, ANonZeroPolynomialIsAGoodPolynomial) auto instance = std::make_shared(circuit_builder); UltraProver prover(instance); auto proof = prover.construct_proof(); - auto proving_key = instance->proving_key; + auto& proving_key = instance->proving_key; - for (auto& poly : proving_key->get_selectors()) { + for (auto& poly : proving_key.get_selectors()) { ensure_non_zero(poly); } - for (auto& poly : proving_key->get_table_polynomials()) { + for (auto& poly : proving_key.get_table_polynomials()) { ensure_non_zero(poly); } - for (auto& poly : proving_key->get_wires()) { + for (auto& poly : proving_key.get_wires()) { ensure_non_zero(poly); } } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index be4c4f9ab87..f3fc6b0e5be 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -1,5 +1,6 @@ #include "ultra_prover.hpp" #include "barretenberg/sumcheck/sumcheck.hpp" +#include "barretenberg/ultra_honk/oink_prover.hpp" namespace bb { @@ -14,8 +15,7 @@ template UltraProver_::UltraProver_(const std::shared_ptr& inst, const std::shared_ptr& transcript) : instance(std::move(inst)) , transcript(transcript) - , commitment_key(instance->proving_key->commitment_key) - , oink_prover(inst->proving_key, commitment_key, transcript, "") + , commitment_key(instance->proving_key.commitment_key) {} /** @@ -29,8 +29,7 @@ template UltraProver_::UltraProver_(Builder& circuit) : instance(std::make_shared(circuit)) , transcript(std::make_shared()) - , commitment_key(instance->proving_key->commitment_key) - , oink_prover(instance->proving_key, commitment_key, transcript, "") + , commitment_key(instance->proving_key.commitment_key) {} /** @@ -40,7 +39,7 @@ UltraProver_::UltraProver_(Builder& circuit) template void UltraProver_::execute_relation_check_rounds() { using Sumcheck = SumcheckProver; - auto circuit_size = instance->proving_key->circuit_size; + auto circuit_size = instance->proving_key.circuit_size; auto sumcheck = Sumcheck(circuit_size, transcript); std::vector gate_challenges(numeric::get_msb(circuit_size)); @@ -75,7 +74,9 @@ template HonkProof& UltraProver_::export_proof() template HonkProof& UltraProver_::construct_proof() { - auto [relation_params, alphas] = oink_prover.prove(); + OinkProver oink_prover(instance->proving_key, transcript); + auto [proving_key, relation_params, alphas] = oink_prover.prove(); + instance->proving_key = std::move(proving_key); instance->relation_parameters = std::move(relation_params); instance->alphas = alphas; instance->prover_polynomials = ProverPolynomials(instance->proving_key); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index 36f466e2004..279890e614b 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -7,7 +7,6 @@ #include "barretenberg/sumcheck/instance/prover_instance.hpp" #include "barretenberg/sumcheck/sumcheck_output.hpp" #include "barretenberg/transcript/transcript.hpp" -#include "barretenberg/ultra_honk/oink_prover.hpp" namespace bb { @@ -39,8 +38,6 @@ template class UltraProver_ { std::shared_ptr commitment_key; - OinkProver oink_prover; - explicit UltraProver_(const std::shared_ptr&, const std::shared_ptr& transcript = std::make_shared()); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 44fcbfec08e..952894e4a36 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -140,7 +140,7 @@ TEST_F(UltraTranscriptTests, ProverManifestConsistency) auto proof = prover.construct_proof(); // Check that the prover generated manifest agrees with the manifest hard coded in this suite - auto manifest_expected = construct_ultra_honk_manifest(instance->proving_key->circuit_size); + auto manifest_expected = construct_ultra_honk_manifest(instance->proving_key.circuit_size); auto prover_manifest = prover.transcript->get_manifest(); // Note: a manifest can be printed using manifest.print() for (size_t round = 0; round < manifest_expected.size(); ++round) {