Barretenberg: src/barretenberg/goblin/goblin.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


// goblin.hpp

#pragma once


#include "barretenberg/eccvm/eccvm_flavor.hpp"

#include "barretenberg/eccvm/eccvm_prover.hpp"

#include "barretenberg/flavor/mega_flavor.hpp"

#include "barretenberg/goblin/types.hpp"

#include "barretenberg/stdlib/merge_verifier/merge_recursive_verifier.hpp"

#include "barretenberg/stdlib/proof/proof.hpp"

#include "barretenberg/translator_vm/translator_circuit_builder.hpp"

#include "barretenberg/translator_vm/translator_flavor.hpp"

#include "barretenberg/ultra_honk/merge_prover.hpp"

#include "barretenberg/ultra_honk/merge_verifier.hpp"

#include "barretenberg/ultra_honk/prover_instance.hpp"


namespace bb {


class Goblin {

    using Commitment = MegaFlavor::Commitment;

    using FF = MegaFlavor::FF;


  public:

    using MegaBuilder = MegaCircuitBuilder;

    using Fr = bb::fr;

    using Transcript = NativeTranscript;

    using OpQueue = ECCOpQueue;

    using ECCVMBuilder = ECCVMFlavor::CircuitBuilder;

    using ECCVMProvingKey = ECCVMFlavor::ProvingKey;

    using TranslatorBuilder = TranslatorCircuitBuilder;

    using MergeProof = MergeProver::MergeProof;

    using ECCVMVerificationKey = ECCVMFlavor::VerificationKey;

    using TranslatorVerificationKey = TranslatorFlavor::VerificationKey;

    using MergeRecursiveVerifier = stdlib::recursion::goblin::MergeRecursiveVerifier_<MegaBuilder>;

    using PairingPoints = MergeRecursiveVerifier::PairingPoints;

    using TableCommitments = MergeVerifier::TableCommitments;

    using RecursiveTableCommitments = MergeRecursiveVerifier::TableCommitments;

    using MergeCommitments = MergeVerifier::InputCommitments;

    using RecursiveMergeCommitments = MergeRecursiveVerifier::InputCommitments;

    using RecursiveCommitment = MergeRecursiveVerifier::Commitment;

    using RecursiveTranscript = MegaStdlibTranscript;


    std::shared_ptr<OpQueue> op_queue = std::make_shared<OpQueue>();

    CommitmentKey<curve::BN254> commitment_key;


    GoblinProof goblin_proof;


    fq translation_batching_challenge_v;    // challenge for batching the translation polynomials

    fq evaluation_challenge_x;              // challenge for evaluating the translation polynomials

    std::shared_ptr<Transcript> transcript; // shared between ECCVM and Translator


    std::deque<MergeProof> merge_verification_queue; // queue of merge proofs to be verified


    // In AVM we only use Goblin for a single circuit (it's recursive verifier) whose proof is not required to be

    // zero-knowledge. While Translator will still expect to find random ops at the beginning to ensure the accumulation

    // result remains at a fixed row we opt for not adding random ops at the end of the op queue.

    bool avm_mode = false;


    struct VerificationKey {

        std::shared_ptr<ECCVMVerificationKey> eccvm_verification_key = std::make_shared<ECCVMVerificationKey>();

        std::shared_ptr<TranslatorVerificationKey> translator_verification_key =

            std::make_shared<TranslatorVerificationKey>();

    };


    Goblin(CommitmentKey<curve::BN254> bn254_commitment_key = CommitmentKey<curve::BN254>(),

           const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>());


    void prove_merge(const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>(),

                     const MergeSettings merge_settings = MergeSettings::PREPEND);


    void prove_eccvm();


    void prove_translator();


    GoblinProof prove(const MergeSettings merge_settings = MergeSettings::PREPEND);


    std::pair<PairingPoints, RecursiveTableCommitments> recursively_verify_merge(

        MegaBuilder& builder,

        const RecursiveMergeCommitments& merge_commitments,

        const std::shared_ptr<RecursiveTranscript>& transcript,

        const MergeSettings merge_settings = MergeSettings::PREPEND);


    static bool verify(const GoblinProof& proof,

                       const MergeCommitments& merge_commitments,

                       const std::shared_ptr<Transcript>& transcript,

                       const MergeSettings merge_settings = MergeSettings::PREPEND);


    void ensure_well_formed_op_queue_for_avm(MegaBuilder& builder) const;

};


} // namespace bb

bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:54

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43

bb::ECCOpQueue
Used to construct execution trace representations of elliptic curve operations.
Definition ecc_op_queue.hpp:25

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::ECCVMFlavor::ProvingKey
The proving key is responsible for storing the polynomials used by the prover.
Definition eccvm_flavor.hpp:769

bb::ECCVMFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witnessk) pol...
Definition eccvm_flavor.hpp:795

bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:37

bb::Goblin
Definition goblin.hpp:24

bb::Goblin::evaluation_challenge_x
fq evaluation_challenge_x
Definition goblin.hpp:54

bb::Goblin::ensure_well_formed_op_queue_for_avm
void ensure_well_formed_op_queue_for_avm(MegaBuilder &builder) const
Translator requires the op queue to start with a no-op to ensure op queue polynomials are shiftable a...
Definition goblin.cpp:127

bb::Goblin::goblin_proof
GoblinProof goblin_proof
Definition goblin.hpp:51

bb::Goblin::verify
static bool verify(const GoblinProof &proof, const MergeCommitments &merge_commitments, const std::shared_ptr< Transcript > &transcript, const MergeSettings merge_settings=MergeSettings::PREPEND)
Verify a full Goblin proof (ECCVM, Translator, merge)
Definition goblin.cpp:93

bb::Goblin::recursively_verify_merge
std::pair< PairingPoints, RecursiveTableCommitments > recursively_verify_merge(MegaBuilder &builder, const RecursiveMergeCommitments &merge_commitments, const std::shared_ptr< RecursiveTranscript > &transcript, const MergeSettings merge_settings=MergeSettings::PREPEND)
Recursively verify the next merge proof in the merge verification queue.
Definition goblin.cpp:73

bb::Goblin::RecursiveCommitment
MergeRecursiveVerifier::Commitment RecursiveCommitment
Definition goblin.hpp:45

bb::Goblin::prove_eccvm
void prove_eccvm()
Construct an ECCVM proof and the translation polynomial evaluations.
Definition goblin.cpp:32

bb::Goblin::translation_batching_challenge_v
fq translation_batching_challenge_v
Definition goblin.hpp:53

bb::Goblin::TableCommitments
MergeVerifier::TableCommitments TableCommitments
Definition goblin.hpp:41

bb::Goblin::prove_merge
void prove_merge(const std::shared_ptr< Transcript > &transcript=std::make_shared< Transcript >(), const MergeSettings merge_settings=MergeSettings::PREPEND)
Construct a merge proof for the goblin ECC ops in the provided circuit; append the proof to the merge...
Definition goblin.cpp:25

bb::Goblin::op_queue
std::shared_ptr< OpQueue > op_queue
Definition goblin.hpp:48

bb::Goblin::prove_translator
void prove_translator()
Construct a translator proof.
Definition goblin.cpp:43

bb::Goblin::Commitment
MegaFlavor::Commitment Commitment
Definition goblin.hpp:25

bb::Goblin::prove
GoblinProof prove(const MergeSettings merge_settings=MergeSettings::PREPEND)
Constuct a full Goblin proof (ECCVM, Translator, merge)
Definition goblin.cpp:52

bb::Goblin::MergeProof
MergeProver::MergeProof MergeProof
Definition goblin.hpp:36

bb::Goblin::commitment_key
CommitmentKey< curve::BN254 > commitment_key
Definition goblin.hpp:49

bb::Goblin::avm_mode
bool avm_mode
Definition goblin.hpp:62

bb::Goblin::merge_verification_queue
std::deque< MergeProof > merge_verification_queue
Definition goblin.hpp:57

bb::Goblin::transcript
std::shared_ptr< Transcript > transcript
Definition goblin.hpp:55

bb::Goblin::RecursiveTableCommitments
MergeRecursiveVerifier::TableCommitments RecursiveTableCommitments
Definition goblin.hpp:42

bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19

bb::MegaFlavor::FF
Curve::ScalarField FF
Definition mega_flavor.hpp:37

bb::MegaFlavor::Commitment
Curve::AffineElement Commitment
Definition mega_flavor.hpp:39

bb::MergeProver::MergeProof
std::vector< FF > MergeProof
Definition merge_prover.hpp:34

bb::MergeVerifier::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition merge_verifier.hpp:35

bb::TranslatorCircuitBuilder
TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQ...
Definition translator_circuit_builder.hpp:69

bb::TranslatorFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witnessk) pol...
Definition translator_flavor.hpp:777

bb::stdlib::recursion::goblin::MergeRecursiveVerifier_
Definition merge_recursive_verifier.hpp:16

bb::stdlib::recursion::goblin::MergeRecursiveVerifier_::Commitment
typename Curve::Element Commitment
Definition merge_recursive_verifier.hpp:20

bb::stdlib::recursion::goblin::MergeRecursiveVerifier_::TableCommitments
std::array< Commitment, NUM_WIRES > TableCommitments
Definition merge_recursive_verifier.hpp:33

bb::stdlib::recursion::goblin::MergeRecursiveVerifier_::PairingPoints
stdlib::recursion::PairingPoints< CircuitBuilder > PairingPoints
Definition merge_recursive_verifier.hpp:24

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

eccvm_flavor.hpp

eccvm_prover.hpp

types.hpp

mega_flavor.hpp

merge_prover.hpp

merge_recursive_verifier.hpp

merge_verifier.hpp

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174

bb::MergeSettings
MergeSettings
The MergeSettings define whether an current subtable will be added at the beginning (PREPEND) or at t...
Definition ecc_ops_table.hpp:21

bb::PREPEND
@ PREPEND
Definition ecc_ops_table.hpp:21

bb::NativeTranscript
BaseTranscript< FrCodec, bb::crypto::Poseidon2< bb::crypto::Poseidon2Bn254ScalarFieldParams > > NativeTranscript
Definition transcript.hpp:667

bb::MegaCircuitBuilder
MegaCircuitBuilder_< field< Bn254FrParams > > MegaCircuitBuilder
Definition circuit_builders_fwd.hpp:26

bb::MegaStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< MegaCircuitBuilder > >, stdlib::poseidon2< MegaCircuitBuilder > > MegaStdlibTranscript
Definition transcript.hpp:675

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

prover_instance.hpp

proof.hpp

bb::Goblin::VerificationKey
Definition goblin.hpp:64

bb::Goblin::VerificationKey::translator_verification_key
std::shared_ptr< TranslatorVerificationKey > translator_verification_key
Definition goblin.hpp:66

bb::Goblin::VerificationKey::eccvm_verification_key
std::shared_ptr< ECCVMVerificationKey > eccvm_verification_key
Definition goblin.hpp:65

bb::GoblinProof
Definition types.hpp:19

bb::MergeVerifier::InputCommitments
Definition merge_verifier.hpp:43

bb::field< Bn254FrParams >

bb::stdlib::recursion::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:23

bb::stdlib::recursion::goblin::MergeRecursiveVerifier_::InputCommitments
Definition merge_recursive_verifier.hpp:41

translator_circuit_builder.hpp

translator_flavor.hpp