Carryover

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp

@@ -142,19 +142,19 @@ template <typename Curve> class GeminiVerifier_ {
         commitments.reserve(num_variables - 1);
         for (size_t i = 0; i < num_variables - 1; ++i) {
             auto commitment =
-                transcript.template receive_from_prover<Commitment>("Gemini:FOLD_" + std::to_string(i + 1));
+                transcript->template receive_from_prover<Commitment>("Gemini:FOLD_" + std::to_string(i + 1));
             commitments.emplace_back(commitment);
         }
 
         // compute vector of powers of random evaluation point r
-        const Fr r = transcript.get_challenge("Gemini:r");
+        const Fr r = transcript->get_challenge("Gemini:r");
         std::vector<Fr> r_squares = squares_of_r(r, num_variables);
 
         // Get evaluations a_i, i = 0,...,m-1 from transcript
         std::vector<Fr> evaluations;
         evaluations.reserve(num_variables);
         for (size_t i = 0; i < num_variables; ++i) {
-            auto eval = transcript.template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
+            auto eval = transcript->template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
             evaluations.emplace_back(eval);
         }
 

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp

@@ -25,7 +25,7 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
                                           std::vector<GroupElement> multilinear_commitments,
                                           std::vector<GroupElement> multilinear_commitments_to_be_shifted)
     {
-        auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();
+        auto prover_transcript = BaseTranscript::prover_init_empty();
 
         const Fr rho = Fr::random_element();
 
@@ -79,7 +79,7 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
         // Check that the Fold polynomials have been evaluated correctly in the prover
         this->verify_batch_opening_pair(prover_output.opening_pairs, prover_output.witnesses);
 
-        auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);
+        auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript);
 
         // Compute:
         // - Single opening pair: {r, \hat{a}_0}

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp

@@ -35,12 +35,12 @@ template <typename Curve> class IPA {
     static void compute_opening_proof(std::shared_ptr<CK> ck,
                                       const OpeningPair<Curve>& opening_pair,
                                       const Polynomial& polynomial,
-                                      BaseTranscript<Fr>& transcript)
+                                      std::shared_ptr<BaseTranscript> transcript)
     {
         ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero");
         auto poly_degree = static_cast<size_t>(polynomial.size());
-        transcript.send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree));
-        Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
+        transcript->send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree));
+        const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge");
         auto aux_generator = Commitment::one() * generator_challenge;
 
         // Checks poly_degree is greater than zero and a power of two
@@ -96,11 +96,11 @@ template <typename Curve> class IPA {
             R_elements[i] += aux_generator * inner_prod_R;
 
             std::string index = std::to_string(i);
-            transcript.send_to_verifier("IPA:L_" + index, Commitment(L_elements[i]));
-            transcript.send_to_verifier("IPA:R_" + index, Commitment(R_elements[i]));
+            transcript->send_to_verifier("IPA:L_" + index, Commitment(L_elements[i]));
+            transcript->send_to_verifier("IPA:R_" + index, Commitment(R_elements[i]));
 
             // Generate the round challenge.
-            const Fr round_challenge = transcript.get_challenge("IPA:round_challenge_" + index);
+            const Fr round_challenge = transcript->get_challenge("IPA:round_challenge_" + index);
             const Fr round_challenge_inv = round_challenge.invert();
 
             std::vector<Commitment> G_lo(G_vec_local.begin(), G_vec_local.begin() + static_cast<long>(round_size));
@@ -122,7 +122,7 @@ template <typename Curve> class IPA {
             }
         }
 
-        transcript.send_to_verifier("IPA:a_0", a_vec[0]);
+        transcript->send_to_verifier("IPA:a_0", a_vec[0]);
     }
 
     /**
@@ -134,10 +134,12 @@ template <typename Curve> class IPA {
      *
      * @return true/false depending on if the proof verifies
      */
-    static bool verify(std::shared_ptr<VK> vk, const OpeningClaim<Curve>& opening_claim, BaseTranscript<Fr>& transcript)
+    static bool verify(std::shared_ptr<VK> vk,
+                       const OpeningClaim<Curve>& opening_claim,
+                       std::shared_ptr<BaseTranscript> transcript)
     {
-        auto poly_degree = static_cast<size_t>(transcript.template receive_from_prover<uint64_t>("IPA:poly_degree"));
-        Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
+        auto poly_degree = static_cast<size_t>(transcript->template receive_from_prover<uint64_t>("IPA:poly_degree"));
+        const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge");
         auto aux_generator = Commitment::one() * generator_challenge;
 
         auto log_poly_degree = static_cast<size_t>(numeric::get_msb(poly_degree));
@@ -153,9 +155,9 @@ template <typename Curve> class IPA {
         std::vector<Fr> msm_scalars(pippenger_size);
         for (size_t i = 0; i < log_poly_degree; i++) {
             std::string index = std::to_string(i);
-            auto element_L = transcript.template receive_from_prover<Commitment>("IPA:L_" + index);
-            auto element_R = transcript.template receive_from_prover<Commitment>("IPA:R_" + index);
-            round_challenges[i] = transcript.get_challenge("IPA:round_challenge_" + index);
+            auto element_L = transcript->template receive_from_prover<Commitment>("IPA:L_" + index);
+            auto element_R = transcript->template receive_from_prover<Commitment>("IPA:R_" + index);
+            round_challenges[i] = transcript->get_challenge("IPA:round_challenge_" + index);
             round_challenges_inv[i] = round_challenges[i].invert();
 
             msm_elements[2 * i] = element_L;
@@ -211,7 +213,7 @@ template <typename Curve> class IPA {
         auto G_zero = barretenberg::scalar_multiplication::pippenger_without_endomorphism_basis_points<Curve>(
             &s_vec[0], &G_vec_local[0], poly_degree, vk->pippenger_runtime_state);
 
-        auto a_zero = transcript.template receive_from_prover<Fr>("IPA:a_0");
+        auto a_zero = transcript->template receive_from_prover<Fr>("IPA:a_0");
 
         GroupElement right_hand_side = G_zero * a_zero + aux_generator * a_zero * b_zero;
 

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp

@@ -70,11 +70,11 @@ TEST_F(IPATest, Open)
     const OpeningClaim<Curve> opening_claim{ opening_pair, commitment };
 
     // initialize empty prover transcript
-    BaseTranscript<Fr> prover_transcript;
+    BaseTranscript prover_transcript;
     IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);
 
     // initialize verifier transcript from proof data
-    BaseTranscript<Fr> verifier_transcript{ prover_transcript.proof_data };
+    BaseTranscript verifier_transcript{ prover_transcript.proof_data };
 
     auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript);
     EXPECT_TRUE(result);
@@ -129,7 +129,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
     batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1];
     batched_commitment_to_be_shifted = commitment2 * rhos[2];
 
-    auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();
+    auto prover_transcript = BaseTranscript::prover_init_empty();
 
     auto gemini_polynomials = GeminiProver::compute_gemini_polynomials(
         mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted));
@@ -162,7 +162,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
 
     IPA::compute_opening_proof(this->ck(), shplonk_opening_pair, shplonk_witness, prover_transcript);
 
-    auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);
+    auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript);
 
     auto gemini_verifier_claim = GeminiVerifier::reduce_verification(mle_opening_point,
                                                                      batched_evaluation,

barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp

@@ -31,7 +31,7 @@ template <typename Curve> class KZG {
     static void compute_opening_proof(std::shared_ptr<CK> ck,
                                       const OpeningPair<Curve>& opening_pair,
                                       const Polynomial& polynomial,
-                                      BaseTranscript<Fr>& prover_trancript)
+                                      BaseTranscript& prover_trancript)
     {
         Polynomial quotient(polynomial);
         quotient[0] -= opening_pair.evaluation;
@@ -55,9 +55,9 @@ template <typename Curve> class KZG {
      */
     static bool verify(std::shared_ptr<VK> vk,
                        const OpeningClaim<Curve>& claim,
-                       BaseTranscript<Fr>& verifier_transcript)
+                       std::shared_ptr<BaseTranscript> verifier_transcript)
     {
-        auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
+        auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W");
         auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) +
                    (quotient_commitment * claim.opening_pair.challenge);
         auto rhs = -quotient_commitment;
@@ -78,13 +78,13 @@ template <typename Curve> class KZG {
     static std::array<GroupElement, 2> compute_pairing_points(const OpeningClaim<Curve>& claim,
                                                               auto& verifier_transcript)
     {
-        auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
+        auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W");
 
         GroupElement P_0;
         // Note: In the recursive setting, we only add the contribution if it is not the point at infinity (i.e. if the
         // evaluation is not equal to zero).
         if constexpr (Curve::is_stdlib_type) {
-            auto builder = verifier_transcript.builder;
+            auto builder = verifier_transcript->builder;
             auto one = Fr(builder, 1);
             std::vector<GroupElement> commitments = { claim.commitment, quotient_commitment };
             std::vector<Fr> scalars = { one, claim.opening_pair.challenge };

barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp

@@ -39,11 +39,11 @@ TYPED_TEST(KZGTest, single)
     auto opening_pair = OpeningPair<TypeParam>{ challenge, evaluation };
     auto opening_claim = OpeningClaim<TypeParam>{ opening_pair, commitment };
 
-    auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();
+    auto prover_transcript = BaseTranscript::prover_init_empty();
 
     KZG::compute_opening_proof(this->ck(), opening_pair, witness, prover_transcript);
 
-    auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);
+    auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript);
     bool verified = KZG::verify(this->vk(), opening_claim, verifier_transcript);
 
     EXPECT_EQ(verified, true);
@@ -109,7 +109,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
     batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1];
     batched_commitment_to_be_shifted = commitment2 * rhos[2];
 
-    auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();
+    auto prover_transcript = BaseTranscript::prover_init_empty();
 
     // Run the full prover PCS protocol:
 
@@ -154,7 +154,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
 
     // Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation)
 
-    auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);
+    auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript);
 
     // Gemini verifier output:
     // - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp

@@ -168,11 +168,11 @@ template <typename Curve> class ShplonkVerifier_ {
 
         const size_t num_claims = claims.size();
 
-        const Fr nu = transcript.get_challenge("Shplonk:nu");
+        const Fr nu = transcript->get_challenge("Shplonk:nu");
 
-        auto Q_commitment = transcript.template receive_from_prover<Commitment>("Shplonk:Q");
+        auto Q_commitment = transcript->template receive_from_prover<Commitment>("Shplonk:Q");
 
-        const Fr z_challenge = transcript.get_challenge("Shplonk:z");
+        const Fr z_challenge = transcript->get_challenge("Shplonk:z");
 
         // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1]
         //     = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )]

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp

@@ -28,7 +28,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple)
 
     const size_t n = 16;
 
-    auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();
+    auto prover_transcript = BaseTranscript::prover_init_empty();
 
     // Generate two random (unrelated) polynomials of two different sizes, as well as their evaluations at a (single but
     // different) random point and their commitments.
@@ -64,7 +64,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple)
     opening_claims.emplace_back(OpeningClaim{ opening_pairs[0], commitment1 });
     opening_claims.emplace_back(OpeningClaim{ opening_pairs[1], commitment2 });
 
-    auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);
+    auto verifier_transcript = BaseTranscript::verifier_init_empty(prover_transcript);
 
     // Execute the shplonk verifier functionality
     const auto verifier_claim = ShplonkVerifier::reduce_verification(this->vk(), opening_claims, verifier_transcript);

barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp

@@ -324,7 +324,7 @@ template <typename Curve> class ZeroMorphProver_ {
                       const std::vector<std::vector<std::span<FF>>>& concatenation_groups = {})
     {
         // Generate batching challenge \rho and powers 1,...,\rho^{m-1}
-        FF rho = transcript.get_challenge("rho");
+        const FF rho = transcript->get_challenge("rho");
 
         // Extract multilinear challenge u and claimed multilinear evaluations from Sumcheck output
         std::span<FF> u_challenge = multilinear_challenge;
@@ -390,21 +390,21 @@ template <typename Curve> class ZeroMorphProver_ {
         for (size_t idx = 0; idx < log_N; ++idx) {
             q_k_commitments[idx] = commitment_key->commit(quotients[idx]);
             std::string label = "ZM:C_q_" + std::to_string(idx);
-            transcript.send_to_verifier(label, q_k_commitments[idx]);
+            transcript->send_to_verifier(label, q_k_commitments[idx]);
         }
 
         // Get challenge y
-        auto y_challenge = transcript.get_challenge("ZM:y");
+        FF y_challenge = transcript->get_challenge("ZM:y");
 
         // Compute the batched, lifted-degree quotient \hat{q}
         auto batched_quotient = compute_batched_lifted_degree_quotient(quotients, y_challenge, N);
 
         // Compute and send the commitment C_q = [\hat{q}]
         auto q_commitment = commitment_key->commit(batched_quotient);
-        transcript.send_to_verifier("ZM:C_q", q_commitment);
+        transcript->send_to_verifier("ZM:C_q", q_commitment);
 
         // Get challenges x and z
-        auto [x_challenge, z_challenge] = transcript.get_challenges("ZM:x", "ZM:z");
+        auto [x_challenge, z_challenge] = transcript->get_challenges("ZM:x", "ZM:z");
 
         // Compute degree check polynomial \zeta partially evaluated at x
         auto zeta_x =
@@ -425,7 +425,7 @@ template <typename Curve> class ZeroMorphProver_ {
 
         // Compute and send proof commitment pi
         auto pi_commitment = commitment_key->commit(pi_polynomial);
-        transcript.send_to_verifier("ZM:PI", pi_commitment);
+        transcript->send_to_verifier("ZM:PI", pi_commitment);
     }
 };
 
@@ -641,7 +641,7 @@ template <typename Curve> class ZeroMorphVerifier_ {
         const std::vector<FF>& concatenated_evaluations = {})
     {
         size_t log_N = multivariate_challenge.size();
-        FF rho = transcript.get_challenge("rho");
+        FF rho = transcript->get_challenge("rho");
 
         // Construct batched evaluation v = sum_{i=0}^{m-1}\rho^i*f_i(u) + sum_{i=0}^{l-1}\rho^{m+i}*h_i(u)
         FF batched_evaluation = FF(0);
@@ -663,18 +663,19 @@ template <typename Curve> class ZeroMorphVerifier_ {
         std::vector<Commitment> C_q_k;
         C_q_k.reserve(log_N);
         for (size_t i = 0; i < log_N; ++i) {
-            C_q_k.emplace_back(transcript.template receive_from_prover<Commitment>("ZM:C_q_" + std::to_string(i)));
+            C_q_k.emplace_back(transcript->template receive_from_prover<Commitment>("ZM:C_q_" + std::to_string(i)));
         }
 
         // Challenge y
-        auto y_challenge = transcript.get_challenge("ZM:y");
+        FF y_challenge = transcript->get_challenge("ZM:y");
 
         // Receive commitment C_{q}
-        auto C_q = transcript.template receive_from_prover<Commitment>("ZM:C_q");
+        auto C_q = transcript->template receive_from_prover<Commitment>("ZM:C_q");
 
         // Challenges x, z
-        auto [x_challenge, z_challenge] = transcript.get_challenges("ZM:x", "ZM:z");
-
+        auto challenges = transcript->get_challenges("ZM:x", "ZM:z");
+        FF x_challenge = challenges[0];
+        FF z_challenge = challenges[1];
         // Compute commitment C_{\zeta_x}
         auto C_zeta_x = compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge);
 
@@ -692,7 +693,7 @@ template <typename Curve> class ZeroMorphVerifier_ {
         auto C_zeta_Z = C_zeta_x + C_Z_x * z_challenge;
 
         // Receive proof commitment \pi
-        auto C_pi = transcript.template receive_from_prover<Commitment>("ZM:PI");
+        auto C_pi = transcript->template receive_from_prover<Commitment>("ZM:PI");
 
         // Construct inputs and perform pairing check to verify claimed evaluation
         // Note: The pairing check (without the degree check component X^{N_max-N-1}) can be expressed naturally as