sumcheck_client_ivc.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }
// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }
// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }
// =====================
 
#pragma once
 
#include "barretenberg/client_ivc/client_ivc_base.hpp"
#include "barretenberg/flavor/mega_zk_recursive_flavor.hpp"
#include "barretenberg/goblin/goblin.hpp"
#include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
#include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
#include "barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp"
#include "barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.hpp"
#include "barretenberg/stdlib/primitives/databus/databus.hpp"
#include "barretenberg/stdlib/proof/proof.hpp"
#include "barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp"
#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
#include "barretenberg/ultra_honk/decider_prover.hpp"
#include "barretenberg/ultra_honk/decider_verifier.hpp"
#include "barretenberg/ultra_honk/oink_verifier.hpp"
#include "barretenberg/ultra_honk/ultra_prover.hpp"
#include "barretenberg/ultra_honk/ultra_verifier.hpp"
#include <algorithm>
 
namespace bb {
 
class SumcheckClientIVC : public IVCBase {
 
  public:
    using Flavor = MegaFlavor;
    using MegaVerificationKey = Flavor::VerificationKey;
    using MegaZKVerificationKey = MegaZKFlavor::VerificationKey;
    using FF = Flavor::FF;
    using Commitment = Flavor::Commitment;
    using ProverPolynomials = Flavor::ProverPolynomials;
    using Point = Flavor::Curve::AffineElement;
    using FoldProof = std::vector<FF>;
    using ProverInstance = ProverInstance_<Flavor>;
    using DeciderZKProvingKey = ProverInstance_<MegaZKFlavor>;
    using VerifierInstance = VerifierInstance_<Flavor>;
    using ClientCircuit = MegaCircuitBuilder; // can only be Mega
    using DeciderProver = DeciderProver_<Flavor>;
    using DeciderVerifier = DeciderVerifier_<Flavor>;
    using FoldingProver = ProtogalaxyProver_<Flavor>;
    using FoldingVerifier = ProtogalaxyVerifier_<VerifierInstance>;
    using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey;
    using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey;
    using MegaProver = UltraProver_<Flavor>;
    using MegaVerifier = UltraVerifier_<Flavor>;
    using Transcript = NativeTranscript;
 
    using RecursiveFlavor = MegaRecursiveFlavor_<bb::MegaCircuitBuilder>;
    using StdlibFF = RecursiveFlavor::FF;
    using RecursiveCommitment = RecursiveFlavor::Commitment;
    using RecursiveVerifierInstance = stdlib::recursion::honk::RecursiveVerifierInstance_<RecursiveFlavor>;
    using RecursiveVerificationKey = RecursiveFlavor::VerificationKey;
    using RecursiveVKAndHash = RecursiveFlavor::VKAndHash;
    using FoldingRecursiveVerifier =
        bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_<RecursiveVerifierInstance>;
    using OinkRecursiveVerifier = bb::OinkVerifier<RecursiveFlavor>;
    using DeciderRecursiveVerifier = stdlib::recursion::honk::DeciderRecursiveVerifier_<RecursiveFlavor>;
    using RecursiveTranscript = RecursiveFlavor::Transcript;
 
    using DataBusDepot = stdlib::DataBusDepot<ClientCircuit>;
    using PairingPoints = stdlib::recursion::PairingPoints<ClientCircuit>;
    using PublicPairingPoints = stdlib::PublicInputComponent<PairingPoints>;
    using KernelIO = bb::stdlib::recursion::honk::KernelIO;
    using HidingKernelIO = bb::stdlib::recursion::honk::HidingKernelIO<ClientCircuit>;
    using AppIO = bb::stdlib::recursion::honk::AppIO;
    using StdlibProof = stdlib::Proof<ClientCircuit>;
    using WitnessCommitments = RecursiveFlavor::WitnessCommitments;
 
    // New stuff
    using Curve = curve::BN254;
    using PolynomialBatcher = GeminiProver_<Curve>::PolynomialBatcher;
 
    // Merge commitments
    using TableCommitments = std::array<RecursiveFlavor::Commitment, ClientCircuit::NUM_WIRES>;
 
    struct Proof {
        HonkProof mega_proof;
        GoblinProof goblin_proof;
 
        static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS(size_t virtual_log_n = MegaZKFlavor::VIRTUAL_LOG_N)
        {
            return /*mega_proof*/ MegaZKFlavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS(virtual_log_n) +
                   /*merge_proof*/ MERGE_PROOF_SIZE +
                   /*eccvm pre-ipa proof*/ (ECCVMFlavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS - IPA_PROOF_LENGTH) +
                   /*eccvm ipa proof*/ IPA_PROOF_LENGTH +
                   /*translator*/ TranslatorFlavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS;
        }
 
        static constexpr size_t PROOF_LENGTH(size_t virtual_log_n = MegaZKFlavor::VIRTUAL_LOG_N)
        {
            return PROOF_LENGTH_WITHOUT_PUB_INPUTS(virtual_log_n) +
                   /*public_inputs*/ bb::HidingKernelIO::PUBLIC_INPUTS_SIZE;
        }
 
        size_t size() const;
 
        std::vector<FF> to_field_elements() const;
 
        static Proof from_field_elements(const std::vector<SumcheckClientIVC::FF>& fields);
 
        // TODO(https://github.com/AztecProtocol/barretenberg/issues/1299): The following msgpack methods are generic
        // and should leverage some kind of shared msgpack utility.
        msgpack::sbuffer to_msgpack_buffer() const;
 
        uint8_t* to_msgpack_heap_buffer() const;
        static constexpr const char MSGPACK_SCHEMA_NAME[] = "ClientIVCProof";
 
        class DeserializationError : public std::runtime_error {
          public:
            DeserializationError(const std::string& msg)
                : std::runtime_error(std::string("Client IVC Proof deserialization error: ") + msg)
            {}
        };
 
        static Proof from_msgpack_buffer(uint8_t const*& buffer);
        static Proof from_msgpack_buffer(const msgpack::sbuffer& buffer);
 
        void to_file_msgpack(const std::string& filename) const;
        static Proof from_file_msgpack(const std::string& filename);
 
        MSGPACK_FIELDS(mega_proof, goblin_proof);
        bool operator==(const Proof& other) const = default;
    };
 
    struct VerificationKey {
        std::shared_ptr<MegaVerificationKey> mega;
        std::shared_ptr<ECCVMVerificationKey> eccvm;
        std::shared_ptr<TranslatorVerificationKey> translator;
 
        static size_t calc_num_data_types()
        {
            return MegaVerificationKey::calc_num_data_types() + ECCVMVerificationKey::calc_num_data_types() +
                   TranslatorVerificationKey::calc_num_data_types();
        }
 
        std::vector<bb::fr> to_field_elements() const
        {
            std::vector<bb::fr> elements;
 
            auto mega_elements = mega->to_field_elements();
            elements.insert(elements.end(), mega_elements.begin(), mega_elements.end());
 
            auto eccvm_elements = eccvm->to_field_elements();
            elements.insert(elements.end(), eccvm_elements.begin(), eccvm_elements.end());
 
            auto translator_elements = translator->to_field_elements();
            elements.insert(elements.end(), translator_elements.begin(), translator_elements.end());
 
            return elements;
        }
 
        size_t from_field_elements(std::span<const bb::fr> elements)
        {
            size_t read_idx = 0;
 
            mega = std::make_shared<MegaVerificationKey>();
            size_t mega_read = mega->from_field_elements(elements.subspan(read_idx));
            read_idx += mega_read;
 
            eccvm = std::make_shared<ECCVMVerificationKey>();
            size_t eccvm_read = eccvm->from_field_elements(elements.subspan(read_idx));
            read_idx += eccvm_read;
 
            translator = std::make_shared<TranslatorVerificationKey>();
            size_t translator_read = translator->from_field_elements(elements.subspan(read_idx));
            read_idx += translator_read;
 
            return read_idx;
        }
    };
 
    struct ProverAccumulator {
        std::vector<FF> challenge;
        std::array<FF, 2> batched_evaluations;
        std::array<Polynomial<FF>, 2> batched_polynomials;
        std::array<Commitment, 2> batched_commitments;
        size_t dyadic_size;
    };
 
    struct VerifierAccumulator {
        std::vector<FF> challenge;
        std::array<FF, 2> batched_evaluations;
        std::array<Commitment, 2> batched_commitments;
 
        FF hash_through_transcript(const std::string& domain_separator, Transcript& transcript) const
        {
            for (size_t idx = 0; idx < challenge.size(); idx++) {
                transcript.add_to_independent_hash_buffer(domain_separator + "challenge_" + std::to_string(idx),
                                                          challenge[idx]);
            }
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_evaluation_unshifted",
                                                      batched_evaluations[0]);
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_evaluation_shifted",
                                                      batched_evaluations[1]);
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_commitment_unshifted",
                                                      batched_commitments[0]);
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_commitment_shifted",
                                                      batched_commitments[1]);
            return transcript.hash_independent_buffer();
        }
    };
 
    struct RecursiveVerifierAccumulator {
        std::vector<StdlibFF> challenge;
        std::array<StdlibFF, 2> batched_evaluations;
        std::array<RecursiveCommitment, 2> batched_commitments;
 
        RecursiveVerifierAccumulator() = default;
        RecursiveVerifierAccumulator(const std::vector<StdlibFF>& challenge,
                                     const std::array<StdlibFF, 2>& batched_evaluations,
                                     const std::array<RecursiveCommitment, 2>& batched_commitments)
            : challenge(challenge)
            , batched_evaluations(batched_evaluations)
            , batched_commitments(batched_commitments)
        {}
        RecursiveVerifierAccumulator(ClientCircuit* builder, VerifierAccumulator& native_accumulator)
        {
            for (auto element : native_accumulator.challenge) {
                challenge.emplace_back(StdlibFF::from_witness(builder, element));
            }
 
            batched_evaluations[0] = StdlibFF::from_witness(builder, native_accumulator.batched_evaluations[0]);
            batched_evaluations[1] = StdlibFF::from_witness(builder, native_accumulator.batched_evaluations[1]);
 
            batched_commitments[0] =
                RecursiveCommitment::from_witness(builder, native_accumulator.batched_commitments[0]);
            batched_commitments[1] =
                RecursiveCommitment::from_witness(builder, native_accumulator.batched_commitments[1]);
        }
 
        StdlibFF hash_through_transcript(const std::string& domain_separator, RecursiveTranscript& transcript) const
        {
            for (size_t idx = 0; idx < challenge.size(); idx++) {
                transcript.add_to_independent_hash_buffer(domain_separator + "challenge_" + std::to_string(idx),
                                                          challenge[idx]);
            }
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_evaluation_unshifted",
                                                      batched_evaluations[0]);
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_evaluation_shifted",
                                                      batched_evaluations[1]);
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_commitment_unshifted",
                                                      batched_commitments[0]);
            transcript.add_to_independent_hash_buffer(domain_separator + "batched_commitment_shifted",
                                                      batched_commitments[1]);
            return transcript.hash_independent_buffer();
        }
 
        VerifierAccumulator get_value()
        {
            VerifierAccumulator value;
 
            for (auto element : challenge) {
                value.challenge.emplace_back(element.get_value());
            }
 
            value.batched_evaluations[0] = batched_evaluations[0].get_value();
            value.batched_evaluations[1] = batched_evaluations[1].get_value();
 
            value.batched_commitments[0] = batched_commitments[0].get_value();
            value.batched_commitments[1] = batched_commitments[1].get_value();
 
            return value;
        }
    };
 
    struct FirstSumcheckOutput {
        using VerifierCommitments = Flavor::VerifierCommitments;
        using ClaimedEvaluations = Flavor::AllValues;
 
        // \f$ \vec u = (u_0, ..., u_{d-1}) \f$
        std::vector<FF> challenge;
        // Evaluations at \f$ \vec u \f$ of the polynomials used in Sumcheck
        ClaimedEvaluations claimed_evaluations;
        // Full batched size
        size_t full_batched_size;
 
        ProverAccumulator batch(ProverPolynomials& polynomials,
                                VerifierCommitments& commitments,
                                const std::shared_ptr<Transcript>& transcript)
        {
            auto generate_challenges = [&transcript]<size_t N>(const std::string& label) -> std::array<FF, N> {
                std::array<std::string, N> labels;
                for (size_t idx = 0; idx < labels.size(); idx++) {
                    labels[idx] = label + std::to_string(idx);
                }
 
                std::array<FF, N> challenges;
                challenges = transcript->template get_challenges<FF>(labels);
 
                return challenges;
            };
 
            auto compute_batched_evaluation = []<size_t N>(RefArray<FF, N> claimed_evaluations,
                                                           RefArray<FF, N> challenges) {
                FF result(0);
                for (auto [eval, challenge] : zip_view(claimed_evaluations, challenges)) {
                    result += eval * challenge;
                }
                return result;
            };
 
            auto compute_batched_commitment = []<size_t N>(RefArray<Commitment, N> commitments,
                                                           RefArray<FF, N> challenges) {
                std::vector<Commitment> points;
                std::vector<FF> scalars;
                size_t idx = 0;
                for (auto [commitment, scalar] : zip_view(commitments, challenges)) {
                    if (commitment.is_point_at_infinity()) {
                        info("Commitment at index ", idx, " is zero");
                    }
                    points.emplace_back(commitment);
                    scalars.emplace_back(scalar);
                    idx++;
                }
                return batch_mul_native(points, scalars);
            };
 
            // Generate challenges to batch shifted and unshifted polynomials/evaluation
            auto unshifted_challenges =
                generate_challenges.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>("unshifted_challenge_");
            auto shifted_challenges =
                generate_challenges.operator()<Flavor::NUM_SHIFTED_ENTITIES>("shifted_challenge_");
 
            // Batch polynomials
            auto unshifted = polynomials.get_unshifted();
            auto shifted = polynomials.get_to_be_shifted();
 
            auto batched_unshifted = PolynomialBatcher::compute_batched<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted, full_batched_size, unshifted_challenges);
            auto batched_shifted = PolynomialBatcher::compute_batched<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted, full_batched_size, shifted_challenges, true);
 
            // Batch evaluations
            auto unshifted_evaluations = claimed_evaluations.get_unshifted();
            auto shifted_evaluations = claimed_evaluations.get_shifted();
 
            auto batched_unshifted_evaluation = compute_batched_evaluation.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted_evaluations, unshifted_challenges);
            auto batched_shifted_evaluation = compute_batched_evaluation.operator()<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted_evaluations, shifted_challenges);
 
            // Batch commitments
            auto unshifted_commitments = commitments.get_unshifted();
            auto shifted_commitments = commitments.get_to_be_shifted();
            auto batched_unshifted_commitment = compute_batched_commitment.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted_commitments, unshifted_challenges);
            auto batched_shifted_commitment = compute_batched_commitment.operator()<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted_commitments, shifted_challenges);
 
            return ProverAccumulator{
                .challenge = challenge,
                .batched_evaluations = { batched_unshifted_evaluation, batched_shifted_evaluation },
                .batched_polynomials = { batched_unshifted, batched_shifted },
                .batched_commitments = { batched_unshifted_commitment, batched_shifted_commitment },
                .dyadic_size = full_batched_size,
            };
        }
 
        VerifierAccumulator batch(const std::shared_ptr<VerifierInstance>& verifier_instance,
                                  const std::shared_ptr<Transcript>& transcript)
        {
            auto generate_challenges = [&transcript]<size_t N>(const std::string& label) -> std::array<FF, N> {
                std::array<std::string, N> labels;
                for (size_t idx = 0; idx < labels.size(); idx++) {
                    labels[idx] = label + std::to_string(idx);
                }
 
                std::array<FF, N> challenges;
                challenges = transcript->template get_challenges<FF>(labels);
 
                return challenges;
            };
 
            auto compute_batched_evaluation = []<size_t N>(RefArray<FF, N> claimed_evaluations,
                                                           RefArray<FF, N> challenges) {
                FF result(0);
                for (auto [eval, challenge] : zip_view(claimed_evaluations, challenges)) {
                    result += eval * challenge;
                }
                return result;
            };
 
            auto compute_batched_commitment = []<size_t N>(RefArray<Commitment, N> commitments,
                                                           RefArray<FF, N> challenges) {
                std::vector<Commitment> points;
                std::vector<FF> scalars;
                for (auto [commitment, scalar] : zip_view(commitments, challenges)) {
                    points.emplace_back(commitment);
                    scalars.emplace_back(scalar);
                }
                return batch_mul_native(points, scalars);
            };
 
            // NOTE: THIS MIGHT BE SLOW!!!!!!
            Flavor::VerifierCommitments verifier_commitments(verifier_instance->vk,
                                                             verifier_instance->witness_commitments);
 
            // Generate challenges to batch shifted and unshifted polynomials/evaluation
            auto unshifted_challenges =
                generate_challenges.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>("unshifted_challenge_");
            auto shifted_challenges =
                generate_challenges.operator()<Flavor::NUM_SHIFTED_ENTITIES>("shifted_challenge_");
 
            // Batch evaluations
            auto unshifted_evaluations = claimed_evaluations.get_unshifted();
            auto shifted_evaluations = claimed_evaluations.get_to_be_shifted();
 
            auto batched_unshifted_evaluation = compute_batched_evaluation.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted_evaluations, unshifted_challenges);
            auto batched_shifted_evaluation = compute_batched_evaluation.operator()<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted_evaluations, shifted_challenges);
 
            // Batch commitments
            auto unshifted_commitments = verifier_commitments.get_unshifted();
            auto shifted_commitments = verifier_commitments.get_to_be_shifted();
            auto batched_unshifted_commitment = compute_batched_commitment.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted_commitments, unshifted_challenges);
            auto batched_shifted_commitment = compute_batched_commitment.operator()<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted_commitments, shifted_challenges);
 
            return VerifierAccumulator{
                .challenge = challenge,
                .batched_evaluations = { batched_unshifted_evaluation, batched_shifted_evaluation },
                .batched_commitments = { batched_unshifted_commitment, batched_shifted_commitment }
            };
        }
    };
 
    struct RecursiveFirstSumcheckOutput {
        using ClaimedEvaluations = RecursiveFlavor::AllValues;
 
        // \f$ \vec u = (u_0, ..., u_{d-1}) \f$
        std::vector<StdlibFF> challenge;
        // Evaluations at \f$ \vec u \f$ of the polynomials used in Sumcheck
        ClaimedEvaluations claimed_evaluations;
 
        RecursiveVerifierAccumulator batch(const std::shared_ptr<RecursiveVerifierInstance>& verifier_instance,
                                           const std::shared_ptr<RecursiveTranscript>& transcript)
        {
            auto generate_challenges = [&transcript]<size_t N>(const std::string& label) -> std::array<StdlibFF, N> {
                std::array<std::string, N> labels;
                for (size_t idx = 0; idx < labels.size(); idx++) {
                    labels[idx] = label + std::to_string(idx);
                }
 
                std::array<StdlibFF, N> challenges;
                challenges = transcript->template get_challenges<StdlibFF>(labels);
 
                return challenges;
            };
 
            auto compute_batched_evaluation = []<size_t N>(RefArray<StdlibFF, N> claimed_evaluations,
                                                           RefArray<StdlibFF, N> challenges) {
                StdlibFF result(0);
                for (auto [eval, challenge] : zip_view(claimed_evaluations, challenges)) {
                    result += eval * challenge;
                }
                return result;
            };
 
            auto compute_batched_commitment = []<size_t N>(RefArray<RecursiveCommitment, N> commitments,
                                                           RefArray<StdlibFF, N> challenges) {
                std::vector<RecursiveCommitment> points;
                std::vector<StdlibFF> scalars;
                for (auto [commitment, scalar] : zip_view(commitments, challenges)) {
                    if (commitment.is_point_at_infinity().get_value()) {
                        info("HELLO");
                    }
                    if (scalar.is_zero().get_value()) {
                        info("HELLO");
                    }
                    points.emplace_back(commitment);
                    scalars.emplace_back(scalar);
                }
                return RecursiveCommitment::batch_mul(points, scalars);
            };
 
            // NOTE: THIS MIGHT BE SLOW!!!!!!
            RecursiveFlavor::VerifierCommitments verifier_commitments(verifier_instance->vk_and_hash->vk,
                                                                      verifier_instance->witness_commitments);
 
            // Generate challenges to batch shifted and unshifted polynomials/evaluation
            auto unshifted_challenges =
                generate_challenges.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>("unshifted_challenge_");
            auto shifted_challenges =
                generate_challenges.operator()<Flavor::NUM_SHIFTED_ENTITIES>("shifted_challenge_");
 
            // Batch evaluations
            auto unshifted_evaluations = claimed_evaluations.get_unshifted();
            auto shifted_evaluations = claimed_evaluations.get_to_be_shifted();
 
            auto batched_unshifted_evaluation = compute_batched_evaluation.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted_evaluations, unshifted_challenges);
            auto batched_shifted_evaluation = compute_batched_evaluation.operator()<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted_evaluations, shifted_challenges);
 
            // Batch commitments
            auto unshifted_verifier_commitments = verifier_commitments.get_unshifted();
            auto shifted_witness_commitments = verifier_commitments.get_to_be_shifted();
            auto batched_unshifted_commitment = compute_batched_commitment.operator()<Flavor::NUM_UNSHIFTED_ENTITIES>(
                unshifted_verifier_commitments, unshifted_challenges);
            auto batched_shifted_commitment = compute_batched_commitment.operator()<Flavor::NUM_SHIFTED_ENTITIES>(
                shifted_witness_commitments, shifted_challenges);
 
            return RecursiveVerifierAccumulator(challenge,
                                                { batched_unshifted_evaluation, batched_shifted_evaluation },
                                                { batched_unshifted_commitment, batched_shifted_commitment });
        }
    };
 
    // Specifies proof type or equivalently the type of recursive verification to be performed on a given proof
    enum class QUEUE_TYPE {
        OINK,
        PG,
        PG_FINAL, // the final PG verification, used in hiding kernel
        PG_TAIL,  // used in tail to indicate special handling of merge for ZK
        MEGA
    };
 
    // An entry in the native verification queue
    struct VerifierInputs {
        std::vector<FF> proof; // oink or PG
        std::shared_ptr<MegaVerificationKey> honk_vk;
        QUEUE_TYPE type;
        bool is_kernel = false;
    };
    using VerificationQueue = std::deque<VerifierInputs>;
 
    // An entry in the stdlib verification queue
    struct StdlibVerifierInputs {
        StdlibProof proof; // oink or PG
        std::shared_ptr<RecursiveVKAndHash> honk_vk_and_hash;
        QUEUE_TYPE type;
        bool is_kernel = false;
    };
    using StdlibVerificationQueue = std::deque<StdlibVerifierInputs>;
 
  private:
    // Transcript for CIVC prover (shared between Hiding circuit, Merge, ECCVM, and Translator)
    std::shared_ptr<Transcript> transcript = std::make_shared<Transcript>();
 
    // Transcript to be shared across the folding of K_{i-1} (kernel), A_{i,1} (app), .., A_{i, n}
    std::shared_ptr<Transcript> prover_accumulation_transcript = std::make_shared<Transcript>();
 
    size_t num_circuits; // total number of circuits to be accumulated in the IVC
  public:
    size_t num_circuits_accumulated = 0; // number of circuits accumulated so far
 
    ProverAccumulator prover_accumulator; // current PG prover accumulator instance
 
    HonkProof pcs_proof; // decider proof to be verified in the hiding circuit
 
    VerifierAccumulator recursive_verifier_native_accum; // native verifier accumulator used in recursive folding
    VerifierAccumulator native_verifier_accum;           //  native verifier accumulator used in prover folding
 
    // Set of tuples {proof, verification_key, type (Oink/PG)} to be recursively verified
    VerificationQueue verification_queue;
    // Set of tuples {stdlib_proof, stdlib_verification_key, type} corresponding to the native verification queue
    StdlibVerificationQueue stdlib_verification_queue;
 
    // Management of linking databus commitments between circuits in the IVC
    DataBusDepot bus_depot;
 
    typename MegaFlavor::CommitmentKey bn254_commitment_key;
 
    Goblin goblin;
 
    size_t get_num_circuits() const { return num_circuits; }
 
    // IVCBase interface
    Goblin& get_goblin() override { return goblin; }
    const Goblin& get_goblin() const override { return goblin; }
 
    SumcheckClientIVC(size_t num_circuits);
 
    void instantiate_stdlib_verification_queue(ClientCircuit& circuit,
                                               const std::vector<std::shared_ptr<RecursiveVKAndHash>>& input_keys = {});
 
    [[nodiscard("Pairing points should be accumulated")]] std::
        tuple<std::optional<RecursiveVerifierAccumulator>, PairingPoints, TableCommitments>
        perform_recursive_verification_and_databus_consistency_checks(
            ClientCircuit& circuit,
            const StdlibVerifierInputs& verifier_inputs,
            const std::optional<RecursiveVerifierAccumulator>& input_verifier_accumulator,
            const TableCommitments& T_prev_commitments,
            const std::shared_ptr<RecursiveTranscript>& accumulation_recursive_transcript);
 
    // Complete the logic of a kernel circuit (e.g. PG/merge recursive verification, databus consistency checks)
    void complete_kernel_circuit_logic(ClientCircuit& circuit);
 
    void accumulate(ClientCircuit& circuit, const std::shared_ptr<MegaVerificationKey>& precomputed_vk) override;
 
    Proof prove();
 
    static void hide_op_queue_accumulation_result(ClientCircuit& circuit);
    static void hide_op_queue_content_in_tail(ClientCircuit& circuit);
    static void hide_op_queue_content_in_hiding(ClientCircuit& circuit);
 
    static bool verify(const Proof& proof, const VerificationKey& vk);
 
    HonkProof construct_pcs_proof(const std::shared_ptr<Transcript>& transcript);
 
    VerificationKey get_vk() const;
 
  private:
    void update_native_verifier_accumulator(const VerifierInputs& queue_entry,
                                            const std::shared_ptr<Transcript>& verifier_transcript);
 
    static ProverAccumulator execute_first_sumcheck(const std::shared_ptr<ProverInstance>& prover_instance,
                                                    const std::shared_ptr<MegaVerificationKey>& honk_vk,
                                                    const std::shared_ptr<Transcript>& transcript);
 
    static VerifierAccumulator execute_first_sumcheck_native_verification(
        const std::shared_ptr<VerifierInstance>& verifier_instance,
        const std::shared_ptr<Transcript>& transcript,
        const HonkProof& proof);
 
    HonkProof construct_sumcheck_proof(const std::shared_ptr<ProverInstance>& prover_instance,
                                       const std::shared_ptr<MegaVerificationKey>& honk_vk,
                                       const std::shared_ptr<Transcript>& transcript);
 
    HonkProof construct_folding_proof(const std::shared_ptr<ProverInstance>& prover_instance,
                                      const std::shared_ptr<MegaVerificationKey>& honk_vk,
                                      const std::shared_ptr<Transcript>& transcript);
 
    HonkProof construct_honk_proof_for_hiding_kernel(ClientCircuit& circuit,
                                                     const std::shared_ptr<MegaVerificationKey>& verification_key);
 
    QUEUE_TYPE get_queue_type() const;
 
    static RecursiveVerifierAccumulator execute_first_sumcheck_recursive_verification(
        ClientCircuit& circuit,
        const std::shared_ptr<RecursiveVerifierInstance>& verifier_instance,
        const std::shared_ptr<RecursiveTranscript>& transcript,
        const StdlibProof& proof);
 
    static RecursiveVerifierAccumulator perform_folding_recursive_verification(
        ClientCircuit& circuit,
        const std::optional<RecursiveVerifierAccumulator>& verifier_accumulator,
        const std::shared_ptr<RecursiveVerifierInstance>& verifier_instance,
        const std::shared_ptr<RecursiveTranscript>& transcript,
        const StdlibProof& proof,
        std::optional<StdlibFF>& prev_accum_hash,
        bool is_kernel);
};
 
// Serialization methods for ClientIVC::VerificationKey
inline void read(uint8_t const*& it, SumcheckClientIVC::VerificationKey& vk)
{
    using serialize::read;
 
    size_t num_frs = SumcheckClientIVC::VerificationKey::calc_num_data_types();
 
    // Read exactly num_frs field elements from the buffer
    std::vector<bb::fr> field_elements(num_frs);
    for (auto& element : field_elements) {
        read(it, element);
    }
 
    // Then use from_field_elements to populate the verification key
    vk.from_field_elements(field_elements);
}
 
inline void write(std::vector<uint8_t>& buf, SumcheckClientIVC::VerificationKey const& vk)
{
    using serialize::write;
 
    // Convert to field elements and write them directly without length prefix
    auto field_elements = vk.to_field_elements();
    for (const auto& element : field_elements) {
        write(buf, element);
    }
}
 
} // namespace bb