Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
stdlib_transcript.test.cpp
Go to the documentation of this file.
1#include <gtest/gtest.h>
2
3#include "barretenberg/circuit_checker/circuit_checker.hpp"
4#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"
5#include "barretenberg/stdlib/proof/proof.hpp"
6#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
7#include "barretenberg/transcript/transcript.hpp"
8
9namespace bb::stdlib::recursion::honk {
10
11using Builder = UltraCircuitBuilder;
12using UltraFlavor = UltraFlavor;
13using FF = fr;
14using NativeTranscript = NativeTranscript;
15using StdlibTranscript = UltraStdlibTranscript;
16using StdlibProof = stdlib::Proof<Builder>;
17
24template <class Curve, size_t LENGTH> auto generate_mock_proof_data(auto prover_transcript)
25{
26 using FF = typename Curve::ScalarField;
27 using Commitment = typename Curve::AffineElement;
28 using Univariate = typename bb::Univariate<FF, LENGTH>;
29
30 // Create some mock data to be added to the transcript in several mock rounds
31 uint32_t data = 25;
32 auto scalar = FF::random_element();
33 auto commitment = Commitment::one();
34
35 std::array<FF, LENGTH> evaluations;
36 for (auto& eval : evaluations) {
37 eval = FF::random_element();
38 }
39 auto univariate = Univariate(evaluations);
40
41 // round 0
42 prover_transcript.send_to_verifier("data", data);
43 prover_transcript.template get_challenge<FF>("alpha");
44
45 // round 1
46 prover_transcript.send_to_verifier("scalar", scalar);
47 prover_transcript.send_to_verifier("commitment", commitment);
48 prover_transcript.template get_challenges<FF>("beta, gamma");
49
50 // round 2
51 prover_transcript.send_to_verifier("univariate", univariate);
52 prover_transcript.template get_challenges<FF>("gamma", "delta");
53
54 return prover_transcript.export_proof();
55}
56
66template <class Curve, size_t LENGTH> void perform_mock_verifier_transcript_operations(auto transcript)
67{
68 using FF = typename Curve::ScalarField;
69 using Commitment = typename Curve::AffineElement;
70 using Univariate = typename bb::Univariate<FF, LENGTH>;
71
72 // round 0
73 transcript.template receive_from_prover<FF>("data");
74 transcript.template get_challenge<FF>("alpha");
75
76 // round 1
77 transcript.template receive_from_prover<FF>("scalar");
78 transcript.template receive_from_prover<Commitment>("commitment");
79 transcript.template get_challenges<FF>("beta, gamma");
80
81 // round 2
82 transcript.template receive_from_prover<Univariate>("univariate");
83 transcript.template get_challenges<FF>("gamma", "delta");
84}
85
91TEST(RecursiveHonkTranscript, InterfacesMatch)
92{
93 using NativeCurve = curve::BN254;
94 using StdlibCurve = stdlib::bn254<Builder>;
95 Builder builder;
96
97 constexpr size_t LENGTH = 8; // arbitrary length of Univariate to be serialized
98
99 // Instantiate a Prover Transcript and use it to generate some mock proof data
100 NativeTranscript prover_transcript;
101 auto proof_data = generate_mock_proof_data<NativeCurve, LENGTH>(prover_transcript);
102
103 // Instantiate a (native) Verifier Transcript with the proof data and perform some mock transcript operations
104 NativeTranscript native_transcript;
105 native_transcript.load_proof(proof_data);
106 perform_mock_verifier_transcript_operations<NativeCurve, LENGTH>(native_transcript);
107
108 // Confirm that Prover and Verifier transcripts have generated the same manifest via the operations performed
109 EXPECT_EQ(prover_transcript.get_manifest(), native_transcript.get_manifest());
110
111 // Instantiate a stdlib Transcript and perform the same operations
112 StdlibProof stdlib_proof(builder, proof_data);
113 StdlibTranscript transcript;
114 transcript.load_proof(stdlib_proof);
115 perform_mock_verifier_transcript_operations<StdlibCurve, LENGTH>(transcript);
116
117 // Confirm that the native and stdlib verifier transcripts have generated the same manifest
118 EXPECT_EQ(transcript.get_manifest(), native_transcript.get_manifest());
119
120 // TODO(#1351): The Honk stdlib transcript does not currently lay down contraints for fiat-shamir hashing so
121 // check_circuit has limited value.
122 EXPECT_TRUE(CircuitChecker::check(builder));
123}
124
129TEST(RecursiveHonkTranscript, ReturnValuesMatch)
130{
131 using FF = fr;
132 using Commitment = g1::affine_element;
133
134 using field_ct = field_t<Builder>;
135 using fq_ct = bigfield<Builder, bb::Bn254FqParams>;
136 using element_ct = element<Builder, fq_ct, field_ct, bb::g1>;
137
138 Builder builder;
139
140 // Define some mock data for a mock proof
141 auto scalar = FF::random_element();
142 auto commitment = Commitment::one() * FF::random_element();
143
144 const size_t LENGTH = 10; // arbitrary
145 std::array<FF, LENGTH> evaluations;
146 for (auto& eval : evaluations) {
147 eval = FF::random_element();
148 }
149
150 // Construct a mock proof via the prover transcript
151 NativeTranscript prover_transcript;
152 prover_transcript.send_to_verifier("scalar", scalar);
153 prover_transcript.send_to_verifier("commitment", commitment);
154 prover_transcript.send_to_verifier("evaluations", evaluations);
155 prover_transcript.template get_challenges<FF>("alpha, beta");
156 auto proof_data = prover_transcript.export_proof();
157
158 // Perform the corresponding operations with the native verifier transcript
159 NativeTranscript native_transcript;
160 native_transcript.load_proof(proof_data);
161 auto native_scalar = native_transcript.template receive_from_prover<FF>("scalar");
162 auto native_commitment = native_transcript.template receive_from_prover<Commitment>("commitment");
163 auto native_evaluations = native_transcript.template receive_from_prover<std::array<FF, LENGTH>>("evaluations");
164 auto [native_alpha, native_beta] = native_transcript.template get_challenges<FF>("alpha", "beta");
165
166 // Perform the same operations with the stdlib verifier transcript
167 stdlib::Proof<Builder> stdlib_proof(builder, proof_data);
168 StdlibTranscript stdlib_transcript;
169 stdlib_transcript.load_proof(stdlib_proof);
170 auto stdlib_scalar = stdlib_transcript.template receive_from_prover<field_ct>("scalar");
171 auto stdlib_commitment = stdlib_transcript.template receive_from_prover<element_ct>("commitment");
172 auto stdlib_evaluations =
173 stdlib_transcript.template receive_from_prover<std::array<field_ct, LENGTH>>("evaluations");
174 auto [stdlib_alpha, stdlib_beta] = stdlib_transcript.template get_challenges<field_ct>("alpha", "beta");
175
176 // Confirm that return values are equivalent
177 EXPECT_EQ(native_scalar, stdlib_scalar.get_value());
178 EXPECT_EQ(native_commitment, stdlib_commitment.get_value());
179 for (size_t i = 0; i < LENGTH; ++i) {
180 EXPECT_EQ(native_evaluations[i], stdlib_evaluations[i].get_value());
181 }
182
183 EXPECT_EQ(static_cast<FF>(native_alpha), stdlib_alpha.get_value());
184 EXPECT_EQ(static_cast<FF>(native_beta), stdlib_beta.get_value());
185}
186
192TEST(RecursiveTranscript, InfinityConsistencyGrumpkin)
193{
194 using NativeCurve = curve::Grumpkin;
195 using NativeCommitment = typename NativeCurve::AffineElement;
196 using NativeFF = NativeCurve::ScalarField;
197
198 using FF = bigfield<Builder, bb::Bn254FqParams>;
199 using Commitment = cycle_group<Builder>;
200
201 Builder builder;
202
203 NativeCommitment infinity = NativeCommitment::infinity();
204
205 NativeTranscript prover_transcript;
206 prover_transcript.send_to_verifier("infinity", infinity);
207 NativeFF challenge = prover_transcript.get_challenge<NativeFF>("challenge");
208 auto proof_data = prover_transcript.export_proof();
209
210 NativeTranscript verifier_transcript;
211 verifier_transcript.load_proof(proof_data);
212 verifier_transcript.receive_from_prover<NativeCommitment>("infinity");
213 auto verifier_challenge = verifier_transcript.get_challenge<NativeFF>("challenge");
214
215 stdlib::Proof<Builder> stdlib_proof(builder, proof_data);
216 StdlibTranscript stdlib_transcript;
217 stdlib_transcript.load_proof(stdlib_proof);
218 auto stdlib_infinity = stdlib_transcript.receive_from_prover<Commitment>("infinity");
219 EXPECT_TRUE(stdlib_infinity.is_point_at_infinity().get_value());
220 auto stdlib_challenge = stdlib_transcript.get_challenge<FF>("challenge");
221
222 EXPECT_EQ(challenge, verifier_challenge);
223 EXPECT_EQ(verifier_challenge, NativeFF(stdlib_challenge.get_value() % FF::modulus));
224}
225
231TEST(RecursiveTranscript, InfinityConsistencyBN254)
232{
233 using NativeCurve = curve::BN254;
234 using NativeCommitment = typename NativeCurve::AffineElement;
235 using NativeFF = NativeCurve::ScalarField;
236
237 using FF = field_t<Builder>;
238 using BF = bigfield<Builder, bb::Bn254FqParams>;
239 using Commitment = element<Builder, BF, FF, bb::g1>;
240
241 Builder builder;
242
243 NativeCommitment infinity = NativeCommitment::infinity();
244
245 NativeTranscript prover_transcript;
246 prover_transcript.send_to_verifier("infinity", infinity);
247 NativeFF challenge = prover_transcript.get_challenge<NativeFF>("challenge");
248 auto proof_data = prover_transcript.export_proof();
249
250 NativeTranscript verifier_transcript;
251 verifier_transcript.load_proof(proof_data);
252 verifier_transcript.receive_from_prover<NativeCommitment>("infinity");
253 auto verifier_challenge = verifier_transcript.get_challenge<NativeFF>("challenge");
254
255 stdlib::Proof<Builder> stdlib_proof(builder, proof_data);
256 StdlibTranscript stdlib_transcript;
257 stdlib_transcript.load_proof(stdlib_proof);
258 auto stdlib_commitment = stdlib_transcript.receive_from_prover<Commitment>("infinity");
259 EXPECT_TRUE(stdlib_commitment.is_point_at_infinity().get_value());
260 auto stdlib_challenge = stdlib_transcript.get_challenge<FF>("challenge");
261
262 EXPECT_EQ(challenge, verifier_challenge);
263 EXPECT_EQ(verifier_challenge, stdlib_challenge.get_value());
264}
265} // namespace bb::stdlib::recursion::honk
circuit_checker.hpp
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:54
bb::BaseTranscript::get_manifest
TranscriptManifest get_manifest() const
Definition transcript.hpp:597
bb::BaseTranscript::get_challenge
ChallengeType get_challenge(const std::string &label)
Definition transcript.hpp:587
bb::BaseTranscript::receive_from_prover
T receive_from_prover(const std::string &label)
Reads the next element of type T from the transcript, with a predefined label, only used by verifier.
Definition transcript.hpp:493
bb::BaseTranscript::load_proof
void load_proof(const std::vector< DataType > &proof)
Definition transcript.hpp:218
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:40
bb::Univariate
A univariate polynomial represented by its values on {domain_start, domain_start + 1,...
Definition univariate.hpp:36
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:56
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::stdlib::Proof
A simple wrapper around a vector of stdlib field elements representing a proof.
Definition proof.hpp:19
bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:31
bb::stdlib::field_t< Builder >
builder
AluTraceBuilder builder
Definition alu.test.cpp:123
data
const std::vector< FF > data
Definition data_copy.test.cpp:64
fq_ct
bn254::BaseField fq_ct
Definition graph_description_bigfield.test.cpp:29
bb::stdlib::recursion::honk::generate_mock_proof_data
auto generate_mock_proof_data(auto prover_transcript)
Create some mock data; add it to the provided prover transcript in various mock rounds.
Definition stdlib_transcript.test.cpp:24
bb::stdlib::recursion::honk::perform_mock_verifier_transcript_operations
void perform_mock_verifier_transcript_operations(auto transcript)
Perform series of verifier transcript operations.
Definition stdlib_transcript.test.cpp:66
bb::stdlib::recursion::honk::TEST
TEST(RecursiveHonkTranscript, InterfacesMatch)
Test basic transcript functionality and check circuit.
Definition stdlib_transcript.test.cpp:91
bb::stdlib::element
std::conditional_t< IsGoblinBigGroup< C, Fq, Fr, G >, element_goblin::goblin_element< C, goblin_field< C >, Fr, G >, element_default::element< C, Fq, Fr, G > > element
element wraps either element_default::element or element_goblin::goblin_element depending on parametr...
Definition biggroup.hpp:1030
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174
bb::UltraStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< UltraCircuitBuilder > >, stdlib::poseidon2< UltraCircuitBuilder > > UltraStdlibTranscript
Definition transcript.hpp:673
bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:24
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::field< Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:197
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:676
ultra_circuit_builder.hpp