refactor: Transcript handled through shared_ptr (#3434)

To enable sharing transcripts in the context of Goblin, I make the
transcript be handled through a shared pointer.

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.hpp

@@ -142,19 +142,19 @@ template <typename Curve> class GeminiVerifier_ {
         commitments.reserve(num_variables - 1);
         for (size_t i = 0; i < num_variables - 1; ++i) {
             auto commitment =
-                transcript.template receive_from_prover<Commitment>("Gemini:FOLD_" + std::to_string(i + 1));
+                transcript->template receive_from_prover<Commitment>("Gemini:FOLD_" + std::to_string(i + 1));
             commitments.emplace_back(commitment);
         }
 
         // compute vector of powers of random evaluation point r
-        const Fr r = transcript.get_challenge("Gemini:r");
+        const Fr r = transcript->get_challenge("Gemini:r");
         std::vector<Fr> r_squares = squares_of_r(r, num_variables);
 
         // Get evaluations a_i, i = 0,...,m-1 from transcript
         std::vector<Fr> evaluations;
         evaluations.reserve(num_variables);
         for (size_t i = 0; i < num_variables; ++i) {
-            auto eval = transcript.template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
+            auto eval = transcript->template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
             evaluations.emplace_back(eval);
         }
 

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini.test.cpp

@@ -62,18 +62,18 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
         for (size_t l = 0; l < log_n - 1; ++l) {
             std::string label = "FOLD_" + std::to_string(l + 1);
             auto commitment = this->ck()->commit(gemini_polynomials[l + 2]);
-            prover_transcript.send_to_verifier(label, commitment);
+            prover_transcript->send_to_verifier(label, commitment);
         }
 
-        const Fr r_challenge = prover_transcript.get_challenge("Gemini:r");
+        const Fr r_challenge = prover_transcript->get_challenge("Gemini:r");
 
         auto prover_output = GeminiProver::compute_fold_polynomial_evaluations(
             multilinear_evaluation_point, std::move(gemini_polynomials), r_challenge);
 
         for (size_t l = 0; l < log_n; ++l) {
             std::string label = "Gemini:a_" + std::to_string(l);
             const auto& evaluation = prover_output.opening_pairs[l + 1].evaluation;
-            prover_transcript.send_to_verifier(label, evaluation);
+            prover_transcript->send_to_verifier(label, evaluation);
         }
 
         // Check that the Fold polynomials have been evaluated correctly in the prover

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp

@@ -31,16 +31,17 @@ template <typename Curve> class IPA {
      * @param opening_pair (challenge, evaluation)
      * @param polynomial The witness polynomial whose opening proof needs to be computed
      * @param transcript Prover transcript
+     * https://github.com/AztecProtocol/aztec-packages/pull/3434
      */
-    static void compute_opening_proof(std::shared_ptr<CK> ck,
+    static void compute_opening_proof(const std::shared_ptr<CK>& ck,
                                       const OpeningPair<Curve>& opening_pair,
                                       const Polynomial& polynomial,
-                                      BaseTranscript& transcript)
+                                      const std::shared_ptr<BaseTranscript>& transcript)
     {
         ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero");
         auto poly_degree = static_cast<size_t>(polynomial.size());
-        transcript.send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree));
-        Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
+        transcript->send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree));
+        const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge");
         auto aux_generator = Commitment::one() * generator_challenge;
 
         // Checks poly_degree is greater than zero and a power of two
@@ -96,11 +97,11 @@ template <typename Curve> class IPA {
             R_elements[i] += aux_generator * inner_prod_R;
 
             std::string index = std::to_string(i);
-            transcript.send_to_verifier("IPA:L_" + index, Commitment(L_elements[i]));
-            transcript.send_to_verifier("IPA:R_" + index, Commitment(R_elements[i]));
+            transcript->send_to_verifier("IPA:L_" + index, Commitment(L_elements[i]));
+            transcript->send_to_verifier("IPA:R_" + index, Commitment(R_elements[i]));
 
             // Generate the round challenge.
-            const Fr round_challenge = transcript.get_challenge("IPA:round_challenge_" + index);
+            const Fr round_challenge = transcript->get_challenge("IPA:round_challenge_" + index);
             const Fr round_challenge_inv = round_challenge.invert();
 
             std::vector<Commitment> G_lo(G_vec_local.begin(), G_vec_local.begin() + static_cast<long>(round_size));
@@ -122,7 +123,7 @@ template <typename Curve> class IPA {
             }
         }
 
-        transcript.send_to_verifier("IPA:a_0", a_vec[0]);
+        transcript->send_to_verifier("IPA:a_0", a_vec[0]);
     }
 
     /**
@@ -134,10 +135,12 @@ template <typename Curve> class IPA {
      *
      * @return true/false depending on if the proof verifies
      */
-    static bool verify(std::shared_ptr<VK> vk, const OpeningClaim<Curve>& opening_claim, BaseTranscript& transcript)
+    static bool verify(const std::shared_ptr<VK>& vk,
+                       const OpeningClaim<Curve>& opening_claim,
+                       const std::shared_ptr<BaseTranscript>& transcript)
     {
-        auto poly_degree = static_cast<size_t>(transcript.template receive_from_prover<uint64_t>("IPA:poly_degree"));
-        Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
+        auto poly_degree = static_cast<size_t>(transcript->template receive_from_prover<uint64_t>("IPA:poly_degree"));
+        const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge");
         auto aux_generator = Commitment::one() * generator_challenge;
 
         auto log_poly_degree = static_cast<size_t>(numeric::get_msb(poly_degree));
@@ -153,9 +156,9 @@ template <typename Curve> class IPA {
         std::vector<Fr> msm_scalars(pippenger_size);
         for (size_t i = 0; i < log_poly_degree; i++) {
             std::string index = std::to_string(i);
-            auto element_L = transcript.template receive_from_prover<Commitment>("IPA:L_" + index);
-            auto element_R = transcript.template receive_from_prover<Commitment>("IPA:R_" + index);
-            round_challenges[i] = transcript.get_challenge("IPA:round_challenge_" + index);
+            auto element_L = transcript->template receive_from_prover<Commitment>("IPA:L_" + index);
+            auto element_R = transcript->template receive_from_prover<Commitment>("IPA:R_" + index);
+            round_challenges[i] = transcript->get_challenge("IPA:round_challenge_" + index);
             round_challenges_inv[i] = round_challenges[i].invert();
 
             msm_elements[2 * i] = element_L;
@@ -211,7 +214,7 @@ template <typename Curve> class IPA {
         auto G_zero = barretenberg::scalar_multiplication::pippenger_without_endomorphism_basis_points<Curve>(
             &s_vec[0], &G_vec_local[0], poly_degree, vk->pippenger_runtime_state);
 
-        auto a_zero = transcript.template receive_from_prover<Fr>("IPA:a_0");
+        auto a_zero = transcript->template receive_from_prover<Fr>("IPA:a_0");
 
         GroupElement right_hand_side = G_zero * a_zero + aux_generator * a_zero * b_zero;
 

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp

@@ -70,16 +70,16 @@ TEST_F(IPATest, Open)
     const OpeningClaim<Curve> opening_claim{ opening_pair, commitment };
 
     // initialize empty prover transcript
-    BaseTranscript prover_transcript;
+    auto prover_transcript = std::make_shared<BaseTranscript>();
     IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);
 
     // initialize verifier transcript from proof data
-    BaseTranscript verifier_transcript{ prover_transcript.proof_data };
+    auto verifier_transcript = std::make_shared<BaseTranscript>(prover_transcript->proof_data);
 
     auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript);
     EXPECT_TRUE(result);
 
-    EXPECT_EQ(prover_transcript.get_manifest(), verifier_transcript.get_manifest());
+    EXPECT_EQ(prover_transcript->get_manifest(), verifier_transcript->get_manifest());
 }
 
 TEST_F(IPATest, GeminiShplonkIPAWithShift)
@@ -137,26 +137,26 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
     for (size_t l = 0; l < log_n - 1; ++l) {
         std::string label = "FOLD_" + std::to_string(l + 1);
         auto commitment = this->ck()->commit(gemini_polynomials[l + 2]);
-        prover_transcript.send_to_verifier(label, commitment);
+        prover_transcript->send_to_verifier(label, commitment);
     }
 
-    const Fr r_challenge = prover_transcript.get_challenge("Gemini:r");
+    const Fr r_challenge = prover_transcript->get_challenge("Gemini:r");
 
     const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations(
         mle_opening_point, std::move(gemini_polynomials), r_challenge);
 
     for (size_t l = 0; l < log_n; ++l) {
         std::string label = "Gemini:a_" + std::to_string(l);
         const auto& evaluation = gemini_opening_pairs[l + 1].evaluation;
-        prover_transcript.send_to_verifier(label, evaluation);
+        prover_transcript->send_to_verifier(label, evaluation);
     }
 
-    const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu");
+    const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu");
     auto batched_quotient_Q =
         ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge);
-    prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
+    prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
 
-    const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z");
+    const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z");
     const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient(
         gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);
 

barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp

@@ -31,7 +31,7 @@ template <typename Curve> class KZG {
     static void compute_opening_proof(std::shared_ptr<CK> ck,
                                       const OpeningPair<Curve>& opening_pair,
                                       const Polynomial& polynomial,
-                                      BaseTranscript& prover_trancript)
+                                      const std::shared_ptr<BaseTranscript>& prover_trancript)
     {
         Polynomial quotient(polynomial);
         quotient[0] -= opening_pair.evaluation;
@@ -41,7 +41,7 @@ template <typename Curve> class KZG {
         // TODO(#479): for now we compute the KZG commitment directly to unify the KZG and IPA interfaces but in the
         // future we might need to adjust this to use the incoming alternative to work queue (i.e. variation of
         // pthreads) or even the work queue itself
-        prover_trancript.send_to_verifier("KZG:W", quotient_commitment);
+        prover_trancript->send_to_verifier("KZG:W", quotient_commitment);
     };
 
     /**
@@ -53,9 +53,11 @@ template <typename Curve> class KZG {
      *      - P₀ = C − v⋅[1]₁ + r⋅[x]₁
      *      - P₁ = [Q(x)]₁
      */
-    static bool verify(std::shared_ptr<VK> vk, const OpeningClaim<Curve>& claim, BaseTranscript& verifier_transcript)
+    static bool verify(const std::shared_ptr<VK>& vk,
+                       const OpeningClaim<Curve>& claim,
+                       const std::shared_ptr<BaseTranscript>& verifier_transcript)
     {
-        auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
+        auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W");
         auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) +
                    (quotient_commitment * claim.opening_pair.challenge);
         auto rhs = -quotient_commitment;
@@ -74,15 +76,15 @@ template <typename Curve> class KZG {
      *      - P₁ = [W(x)]₁
      */
     static std::array<GroupElement, 2> compute_pairing_points(const OpeningClaim<Curve>& claim,
-                                                              auto& verifier_transcript)
+                                                              const auto& verifier_transcript)
     {
-        auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
+        auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W");
 
         GroupElement P_0;
         // Note: In the recursive setting, we only add the contribution if it is not the point at infinity (i.e. if the
         // evaluation is not equal to zero).
         if constexpr (Curve::is_stdlib_type) {
-            auto builder = verifier_transcript.builder;
+            auto builder = verifier_transcript->builder;
             auto one = Fr(builder, 1);
             std::vector<GroupElement> commitments = { claim.commitment, quotient_commitment };
             std::vector<Fr> scalars = { one, claim.opening_pair.challenge };

barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp

@@ -122,29 +122,29 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
     for (size_t l = 0; l < log_n - 1; ++l) {
         std::string label = "FOLD_" + std::to_string(l + 1);
         auto commitment = this->ck()->commit(gemini_polynomials[l + 2]);
-        prover_transcript.send_to_verifier(label, commitment);
+        prover_transcript->send_to_verifier(label, commitment);
     }
 
-    const Fr r_challenge = prover_transcript.get_challenge("Gemini:r");
+    const Fr r_challenge = prover_transcript->get_challenge("Gemini:r");
 
     const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations(
         mle_opening_point, std::move(gemini_polynomials), r_challenge);
 
     for (size_t l = 0; l < log_n; ++l) {
         std::string label = "Gemini:a_" + std::to_string(l);
         const auto& evaluation = gemini_opening_pairs[l + 1].evaluation;
-        prover_transcript.send_to_verifier(label, evaluation);
+        prover_transcript->send_to_verifier(label, evaluation);
     }
 
     // Shplonk prover output:
     // - opening pair: (z_challenge, 0)
     // - witness: polynomial Q - Q_z
-    const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu");
+    const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu");
     auto batched_quotient_Q =
         ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge);
-    prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
+    prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
 
-    const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z");
+    const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z");
     const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient(
         gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);
 

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.hpp

@@ -168,11 +168,11 @@ template <typename Curve> class ShplonkVerifier_ {
 
         const size_t num_claims = claims.size();
 
-        const Fr nu = transcript.get_challenge("Shplonk:nu");
+        const Fr nu = transcript->get_challenge("Shplonk:nu");
 
-        auto Q_commitment = transcript.template receive_from_prover<Commitment>("Shplonk:Q");
+        auto Q_commitment = transcript->template receive_from_prover<Commitment>("Shplonk:Q");
 
-        const Fr z_challenge = transcript.get_challenge("Shplonk:z");
+        const Fr z_challenge = transcript->get_challenge("Shplonk:z");
 
         // [G] = [Q] - ∑ⱼ ρʲ / ( r − xⱼ )⋅[fⱼ] + G₀⋅[1]
         //     = [Q] - [∑ⱼ ρʲ ⋅ ( fⱼ(X) − vⱼ) / ( r − xⱼ )]

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplonk.test.cpp

@@ -47,11 +47,11 @@ TYPED_TEST(ShplonkTest, ShplonkSimple)
     std::vector<Polynomial> polynomials = { poly1, poly2 };
 
     // Execute the shplonk prover functionality
-    const Fr nu_challenge = prover_transcript.get_challenge("Shplonk:nu");
+    const Fr nu_challenge = prover_transcript->get_challenge("Shplonk:nu");
     auto batched_quotient_Q = ShplonkProver::compute_batched_quotient(opening_pairs, polynomials, nu_challenge);
-    prover_transcript.send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
+    prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
 
-    const Fr z_challenge = prover_transcript.get_challenge("Shplonk:z");
+    const Fr z_challenge = prover_transcript->get_challenge("Shplonk:z");
     const auto [prover_opening_pair, shplonk_prover_witness] =
         ShplonkProver::compute_partially_evaluated_batched_quotient(
             opening_pairs, polynomials, std::move(batched_quotient_Q), nu_challenge, z_challenge);