Barretenberg: src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp Source File

#include "barretenberg/commitment_schemes/shplonk/shplemini.hpp"

#include "barretenberg/circuit_checker/circuit_checker.hpp"

#include "barretenberg/commitment_schemes/commitment_key.test.hpp"

#include "barretenberg/commitment_schemes/gemini/gemini.hpp"

#include "barretenberg/commitment_schemes/ipa/ipa.hpp"

#include "barretenberg/commitment_schemes/kzg/kzg.hpp"

#include "barretenberg/commitment_schemes/shplonk/shplonk.hpp"

#include "barretenberg/commitment_schemes/utils/mock_witness_generator.hpp"

#include "barretenberg/srs/global_crs.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"

#include "barretenberg/stdlib/primitives/padding_indicator_array/padding_indicator_array.hpp"

#include "barretenberg/stdlib/proof/proof.hpp"

#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"

#include <gtest/gtest.h>


using namespace bb;


template <class PCS> class ShpleminiRecursionTest : public CommitmentTest<typename PCS::Curve::NativeCurve> {};


numeric::RNG& shplemini_engine = numeric::get_debug_randomness();


TEST(ShpleminiRecursionTest, ProveAndVerifySingle)

{

    // Define some useful type aliases

    using Builder = UltraCircuitBuilder;

    using Curve = typename stdlib::bn254<Builder>;

    using NativeCurve = typename Curve::NativeCurve;

    using Commitment = typename Curve::AffineElement;

    using NativeCurve = typename Curve::NativeCurve;

    using NativePCS = std::conditional_t<std::same_as<NativeCurve, curve::BN254>, KZG<NativeCurve>, IPA<NativeCurve>>;

    using CommitmentKey = typename NativePCS::CK;

    using ShpleminiProver = ShpleminiProver_<NativeCurve>;

    using ShpleminiVerifier = ShpleminiVerifier_<Curve>;

    using Fr = typename Curve::ScalarField;

    using NativeFr = typename Curve::NativeCurve::ScalarField;

    using Transcript = StdlibTranscript<Builder>;

    using ClaimBatcher = ClaimBatcher_<Curve>;

    using ClaimBatch = ClaimBatcher::Batch;

    using MockClaimGen = MockClaimGenerator<NativeCurve>;

    using StdlibProof = bb::stdlib::Proof<Builder>;


    bb::srs::init_file_crs_factory(bb::srs::bb_crs_path());

    auto run_shplemini = [](size_t log_circuit_size) {

        size_t N = 1 << log_circuit_size;

        const std::vector<Fr> padding_indicator_array(CONST_PROOF_SIZE_LOG_N, 1);

        constexpr size_t NUM_POLYS = 5;

        constexpr size_t NUM_SHIFTED = 2;

        constexpr size_t NUM_RIGHT_SHIFTED_BY_K = 0;


        CommitmentKey commitment_key(16384);


        std::vector<NativeFr> u_challenge;

        u_challenge.reserve(CONST_PROOF_SIZE_LOG_N);

        for (size_t idx = 0; idx < CONST_PROOF_SIZE_LOG_N; idx++) {

            u_challenge.emplace_back(NativeFr::random_element(&shplemini_engine));

        };


        // Construct mock multivariate polynomial opening claims

        MockClaimGen mock_claims(N, NUM_POLYS, NUM_SHIFTED, NUM_RIGHT_SHIFTED_BY_K, u_challenge, commitment_key);


        // Initialize an empty NativeTranscript

        auto prover_transcript = NativeTranscript::prover_init_empty();

        auto prover_opening_claims =

            ShpleminiProver::prove(N, mock_claims.polynomial_batcher, u_challenge, commitment_key, prover_transcript);

        KZG<NativeCurve>::compute_opening_proof(commitment_key, prover_opening_claims, prover_transcript);

        Builder builder;

        StdlibProof stdlib_proof(builder, prover_transcript->export_proof());

        auto stdlib_verifier_transcript = std::make_shared<Transcript>();

        stdlib_verifier_transcript->load_proof(stdlib_proof);

        [[maybe_unused]] auto _ = stdlib_verifier_transcript->template receive_from_prover<Fr>("Init");


        // Execute Verifier protocol without the need for vk prior the final check

        const auto commitments_to_witnesses = [&builder](const auto& commitments) {

            std::vector<Commitment> commitments_in_biggroup(commitments.size());

            std::transform(commitments.begin(),

                           commitments.end(),

                           commitments_in_biggroup.begin(),

                           [&builder](const auto& native_commitment) {

                               auto comm = Commitment::from_witness(&builder, native_commitment);

                               // Removing the free witness tag, since the commitment in the full scheme are supposed to

                               // be fiat-shamirred earlier

                               comm.unset_free_witness_tag();

                               return comm;

                           });

            return commitments_in_biggroup;

        };

        const auto elements_to_witness = [&](const auto& elements) {

            std::vector<Fr> elements_in_circuit(elements.size());

            std::transform(

                elements.begin(), elements.end(), elements_in_circuit.begin(), [&builder](const auto& native_element) {

                    auto element = Fr::from_witness(&builder, native_element);

                    // Removing the free witness tag, since the element in the full scheme are supposed to

                    // be fiat-shamirred earlier

                    element.unset_free_witness_tag();

                    return element;

                });

            return elements_in_circuit;

        };

        auto stdlib_unshifted_commitments =

            commitments_to_witnesses(mock_claims.claim_batcher.get_unshifted().commitments);

        auto stdlib_to_be_shifted_commitments =

            commitments_to_witnesses(mock_claims.claim_batcher.get_shifted().commitments);

        auto stdlib_to_be_right_shifted_commitments =

            commitments_to_witnesses(mock_claims.claim_batcher.get_right_shifted_by_k().commitments);

        auto stdlib_unshifted_evaluations = elements_to_witness(mock_claims.claim_batcher.get_unshifted().evaluations);

        auto stdlib_shifted_evaluations = elements_to_witness(mock_claims.claim_batcher.get_shifted().evaluations);

        auto stdlib_right_shifted_evaluations =

            elements_to_witness(mock_claims.claim_batcher.get_right_shifted_by_k().evaluations);


        std::vector<Fr> u_challenge_in_circuit;

        u_challenge_in_circuit.reserve(CONST_PROOF_SIZE_LOG_N);


        for (auto u : u_challenge) {

            u_challenge_in_circuit.emplace_back(Fr::from_witness(&builder, u));

            // Removing the free witness tag, since the u_challenge in the full scheme are supposed to

            // be derived from the transcript earlier

            u_challenge_in_circuit.back().unset_free_witness_tag();

        }


        ClaimBatcher claim_batcher{

            .unshifted = ClaimBatch{ RefVector(stdlib_unshifted_commitments), RefVector(stdlib_unshifted_evaluations) },

            .shifted = ClaimBatch{ RefVector(stdlib_to_be_shifted_commitments), RefVector(stdlib_shifted_evaluations) },

            .right_shifted_by_k = ClaimBatch{ RefVector(stdlib_to_be_right_shifted_commitments),

                                              RefVector(stdlib_right_shifted_evaluations) },

            .k_shift_magnitude = MockClaimGen::k_magnitude

        };


        const auto opening_claim = ShpleminiVerifier::compute_batch_opening_claim(padding_indicator_array,

                                                                                  claim_batcher,

                                                                                  u_challenge_in_circuit,

                                                                                  Commitment::one(&builder),

                                                                                  stdlib_verifier_transcript);

        auto pairing_points = KZG<Curve>::reduce_verify_batch_opening_claim(opening_claim, stdlib_verifier_transcript);

        EXPECT_TRUE(CircuitChecker::check(builder));


        VerifierCommitmentKey<NativeCurve> vk;

        EXPECT_EQ(vk.pairing_check(pairing_points[0].get_value(), pairing_points[1].get_value()), true);


        // Return finalized number of gates;

        return builder.num_gates;

    };


    size_t num_gates_6 = run_shplemini(6);

    size_t num_gates_13 = run_shplemini(13);

    EXPECT_EQ(num_gates_6, num_gates_13);

}


circuit_checker.hpp

ShpleminiRecursionTest
Definition shplemini.test.cpp:19

bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:54

bb::BaseTranscript::prover_init_empty
static std::shared_ptr< BaseTranscript > prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
Definition transcript.hpp:564

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43

bb::CommitmentTest
Definition commitment_key.test.hpp:125

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:93

bb::KZG
Definition kzg.hpp:20

bb::KZG::reduce_verify_batch_opening_claim
static VerifierAccumulator reduce_verify_batch_opening_claim(BatchOpeningClaim< Curve > batch_opening_claim, const std::shared_ptr< Transcript > &transcript)
Computes the input points for the pairing check needed to verify a KZG opening claim obtained from a ...
Definition kzg.hpp:122

bb::KZG::compute_opening_proof
static void compute_opening_proof(const CK &ck, const ProverOpeningClaim< Curve > &opening_claim, const std::shared_ptr< Transcript > &prover_trancript)
Computes the KZG commitment to an opening proof polynomial at a single evaluation point.
Definition kzg.hpp:40

bb::RefVector
A template class for a reference vector. Behaves as if std::vector<T&> was possible.
Definition ref_vector.hpp:24

bb::ShpleminiProver_
Definition shplemini.hpp:21

bb::ShpleminiVerifier_
An efficient verifier for the evaluation proofs of multilinear polynomials and their shifts.
Definition shplemini.hpp:189

bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20

bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16

bb::curve::BN254
Definition bn254.hpp:16

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:56

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:52

bb::numeric::RNG
Definition engine.hpp:17

bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19

commitment_key.test.hpp

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

gemini.hpp

global_crs.hpp

ipa.hpp

kzg.hpp

mock_witness_generator.hpp

bb::numeric::get_debug_randomness
RNG & get_debug_randomness(bool reset, std::uint_fast64_t seed)
Definition engine.cpp:190

bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14

bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:24

bb::TEST
TEST(BoomerangMegaCircuitBuilder, BasicCircuit)
Definition graph_description_megacircuitbuilder.test.cpp:22

bb::vk
VerifierCommitmentKey< Curve > vk
Definition ipa.fuzzer.cpp:21

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

padding_indicator_array.hpp
For a small integer N = virtual_log_n and a given witness x = log_n, compute in-circuit an indicator_...

shplemini_engine
numeric::RNG & shplemini_engine
Definition shplemini.test.cpp:21

shplemini.hpp

shplonk.hpp

bn254.hpp

grumpkin.hpp

proof.hpp

bb::ClaimBatcher_
Logic to support batching opening claims for unshifted and shifted polynomials in Shplemini.
Definition claim_batcher.hpp:28

bb::MockClaimGenerator
Constructs random polynomials, computes commitments and corresponding evaluations.
Definition mock_witness_generator.hpp:23

bb::field< Bn254FrParams >

bb::stdlib::bn254
Definition bn254.hpp:15

ultra_circuit_builder.hpp