diff --git a/barretenberg/cpp/docs/src/sumcheck-outline.md b/barretenberg/cpp/docs/src/sumcheck-outline.md index c141e96446e..85081c4482a 100644 --- a/barretenberg/cpp/docs/src/sumcheck-outline.md +++ b/barretenberg/cpp/docs/src/sumcheck-outline.md @@ -142,7 +142,7 @@ and computed \f$\sigma_d = \tilde{S}^{d-1}(u_{d-1})\f$. ### Final Verification Step {#NonZKSumcheckVerification} - Extract claimed evaluations of prover polynomials \f$P_1,\ldots, P_N\f$ at the challenge point \f$ - (u_0,\ldots,u_{d-1}) \f$ from the transcript and \ref bb::SumcheckVerifierRound< Flavor >::compute_full_honk_relation_purported_value "compute evaluation:" + (u_0,\ldots,u_{d-1}) \f$ from the transcript and \ref bb::SumcheckVerifierRound< Flavor >::compute_full_relation_purported_value "compute evaluation:" \f{align}{\tilde{F}\left( P_1(u_0,\ldots, u_{d-1}), \ldots, P_N(u_0,\ldots, u_{d-1}) \right)\f} - Compare \f$ \sigma_d \f$ against the evaluation of \f$ \tilde{F} \f$ at \f$P_1(u_0,\ldots, u_{d-1}), \ldots, @@ -171,11 +171,11 @@ To prevent the witness information leakage through the Round Univariates determi \f{align}{ G \gets \sum_{i=0}^{d-1} g_{i}(X_i), \f} -where \f$ d \f$ is the number of Sumcheck rounds, and the Libra univariates are given by the formula +where \f$ d \f$ is the number of Sumcheck rounds, and the Libra univariates are given by the formula \f{align}{ g_{i} = \sum_{j=0}^{\tilde{D}} g_{i,j} \cdot L_{j,\{0,\ldots, \tilde{D}\}}(X_i) \quad \text{for } (g_{i,j}) \gets_{\$} \mathbb{F}^{d\cdot (\tilde{D}+1)} \f} -and \f$L_{j, \{0,\ldots, \tilde{D}\}}\f$ is the \f$j\f$th univariate Lagrange polynomial for the domain \f$\{0,\ldots, \tilde{D}\}\f$. Recall that \f$\deg_{X_i} \left(L_{j, \{0,\ldots, \tilde{D}\}} (X_i)\right) = \tilde{D}\f$. +and \f$L_{j, \{0,\ldots, \tilde{D}\}}\f$ is the \f$j\f$th univariate Lagrange polynomial for the domain \f$\{0,\ldots, \tilde{D}\}\f$. Recall that \f$\deg_{X_i} \left(L_{j, \{0,\ldots, \tilde{D}\}} (X_i)\right) = \tilde{D}\f$. Set \f{align}{ @@ -197,7 +197,7 @@ Observe that \f$ G \f$ has several important properties The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$ are independent and uniformly distributed. We call them Libra Round Univarites. -Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge. +Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge. The fact that the degrees of Libra Round Univariates are big enough (i.e. \f$ \tilde{D}\geq D \f$) and that their evaluations are random imply that the evaluations \f$ \tilde{S}^i(0),\ldots,\tilde{S}^i(\tilde D)\f$ defined in [Compute Round Univariates](#ComputeRoundUnivariates) are now masked by the evaluations of Libra Round Univariates. These evaluations are described explicitly [below](#LibraRoundUnivariates). ### Example {#LibraPolynomialExample} @@ -221,7 +221,7 @@ Since \f$G\f$ is a polynomial of a very special form, the computation of \f$\tex \f} since the evaluations of \f$ g_i \f$ at \f$\vec \ell \in \{0,1\}^{d}\f$ depend only on \f$ \ell_i \f$, and therefore, there are \f$2^{d-1}\f$ summands \f$ g_i(0) \f$ corresponding to the points \f$\vec \ell\f$ with \f$\ell_i=0\f$ and \f$2^{d-1}\f$ summands \f$ g_i(1) \f$ corresponding to \f$\vec \ell\f$ with \f$\ell_i=1\f$. -The prover computes +The prover computes \f{align}{ \texttt{libra_total_sum} \gets 2^{d-1} \sum_{i = 0}^{d-1} \left( g_i(0) + g_i(1) \right). \f} @@ -232,8 +232,8 @@ As in [Sumcheck Book-keeping](#BookKeepingTable), we use a table of evaluations Namely, before entering the first round, the prover updates the vector of Libra univariates in place \f{align}{ \texttt{libra_univariates}_{j}(k) \gets \texttt{libra_challenge} \cdot 2^{d-1} \cdot g_{j}(k) \text{ for } j= i,\ldots, d-1, \text{ and } k=0,\ldots, \tilde{D} -\f} -and computes the term +\f} +and computes the term \f{align}{ \texttt{libra_running_sum} \gets 2^{-1} \left( \texttt{libra_challenge} \cdot \texttt{libra_total_sum} - \left(\texttt{libra_univariates}_{0}(0) + \texttt{libra_univariates}_{0}(1)\right) \right). \f} @@ -255,12 +255,12 @@ By design of the method \ref bb::SumcheckProver< Flavor >::setup_zk_sumcheck_dat \f} for \f$k=0,\ldots, \tilde{D}\f$. It is done by the method \ref bb::SumcheckProverRound< Flavor >::compute_libra_round_univariate "compute_libra_round_univariate" called inside \ref bb::SumcheckProverRound< Flavor >::compute_univariate "Sumcheck Round Univariate computation", which also takes care of adding \f$\texttt{libra_round_univariate}\f$ to the \f$\texttt{round_unviariate}\f$. -When the prover receives the challenge \f$u_0\f$, it \ref bb::SumcheckProver< Flavor >::update_libra_data "updates Libra data": +When the prover receives the challenge \f$u_0\f$, it \ref bb::SumcheckProver< Flavor >::update_libra_data "updates Libra data": - updates the table of Libra univariates by multiplying every term by \f$1/2\f$. -- computes the value \f$2^{d-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$ +- computes the value \f$2^{d-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$ - places the value \f$ g_0(u_0)\f$ to the vector \f$ \texttt{libra_evaluations}\f$ -- updates the running sum +- updates the running sum \f{align}{ \texttt{libra_running_sum} \gets 2^{d-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0) + 2^{-1} \cdot \left( \texttt{libra_running_sum} - (\texttt{libra_univariates}_{1}(0) + \texttt{libra_univariates}_{1}(1)) \right) \f} @@ -270,7 +270,7 @@ In Round \f$ i \f$, the prover computes \f$ i \f$-th Libra round univariate \f{align}{ \texttt{libra_univariate}_i(X_i) = \texttt{libra_challenge} \cdot \sum_{\vec \ell \in \{0,1\}^{d-1 - i}} G(u_0,\ldots, u_{i-1}, X_{i}, \vec \ell) = \texttt{libra_challenge} \cdot 2^{d-1 - i} \left( \sum_{j = 0}^{i-1} g_j(u_{j}) + g_{i}(X_i) + \sum_{j=i+1}^{d-1} \left(g_{j,0} + g_{j,1}\right) \right) -\f} +\f} By design of the method \ref bb::SumcheckProver< Flavor >::update_zk_sumcheck_data "update_zk_sumcheck_data", the latter could be expressed as follows \f{align}{ @@ -284,13 +284,13 @@ for \f$k=0,\ldots, \tilde{D}\f$. This computation is done by the method \ref bb: When the prover receives new challenge \f$u_i\f$, it \ref bb::SumcheckProver< Flavor >::update_libra_data "updates Libra data". If \f$ i < d-1\f$, the prover - updates the table of Libra univariates by multiplying every term by \f$1/2\f$. -- computes the value \f$2^{d-i - 2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$ +- computes the value \f$2^{d-i - 2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$ - places the value \f$ g_0(u_0)\f$ to the vector \f$ \texttt{libra_evaluations}\f$ -- updates the running sum +- updates the running sum \f{align}{ \texttt{libra_running_sum} \gets 2^{d-i-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0) + 2^{-1} \cdot \left( \texttt{libra_running_sum} - (\texttt{libra_univariates}_{i+1}(0) + \texttt{libra_univariates}_{i+1}(1)) \right) \f} -If \f$ i = d-1\f$, the prover +If \f$ i = d-1\f$, the prover - computes the value \f$ g_{d-1}(u_{d-1})\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the last univariate in the table \f$\texttt{libra_univariates}\f$ and dividing the result by \f$ \texttt{libra_challenge} \f$. - updates the table of Libra univariates by multiplying every term by \f$\texttt{libra_challenge}^{-1}\f$. @@ -385,13 +385,13 @@ Note that \f$ \tilde{D} \f$ sets up the corresponding parameter of [Lib The random scalars \f$ \rho_1,\ldots, \rho_{N_w}\f$ are created by the method \ref bb::SumcheckProver< Flavor >::setup_zk_sumcheck_data "setup_zk_sumcheck_data" and are stored as \f$ \texttt{eval_masking_scalars} \f$. ### Book-keeping {#BookKeepingMaskingWitnesses} -To faciliate the computation of Sumcheck Round Univariates, the prover \ref bb::SumcheckProver< Flavor >::create_evaluation_masking_table "creates the vector" of univariates +To faciliate the computation of Sumcheck Round Univariates, the prover \ref bb::SumcheckProver< Flavor >::create_evaluation_masking_table "creates the vector" of univariates \f{align}{ \texttt{masking_terms_evaluations}_j(k)\gets \texttt{eval_masking_scalars}_j \cdot (1-k) k \f} of the same size as the ExtendedEdges created by the ZK Flavor running Sumcheck. -When the prover receives the challenge \f$ u_i \f$, this vector is \ref bb::SumcheckProver< Flavor >::update_masking_terms_evaluations "updated" as follows +When the prover receives the challenge \f$ u_i \f$, this vector is \ref bb::SumcheckProver< Flavor >::update_masking_terms_evaluations "updated" as follows \f{align}{ \texttt{masking_terms_evaluations}_j(k) \gets \texttt{eval_masking_scalars}_j \cdot u_i \cdot (1-u_i) @@ -408,9 +408,9 @@ which reduces to computing at most \f$ (D+ D_w + 1) \times N \times 2^{d-1 - i}\ &\ P_j(u_0,\ldots, u_{i-1}, k, \vec \ell) + \rho_j \cdot \sum_{k=0}^{i-1} u_k(1-u_k) + \rho_j\cdot (1-k) k \quad \text{ for } j=1,\ldots, N_w\\ &\ P_j(u_0,\ldots, u_{i-1}, k, \vec \ell) \quad \text { for } j= N_w+1,\ldots, N \f} -By design, we have -\f{align}{ - \texttt{masking_terms_evaluations}_j(k) = \rho_j \cdot \sum_{k=0}^{i-1} u_k(1-u_k) + \rho_j\cdot (1-k) k. +By design, we have +\f{align}{ + \texttt{masking_terms_evaluations}_j(k) = \rho_j \cdot \sum_{k=0}^{i-1} u_k(1-u_k) + \rho_j\cdot (1-k) k. \f} Then the method \ref bb::SumcheckProverRound< Flavor >::extend_zk_edges "extend_zk_edges" gets the \f$j\f$-th edge corresponding to the witness polynomial and corrects it with the univariate \f$ \texttt{masking_terms_evaluations}_j\f$. The non-witness polynomials are treated as in \ref bb::SumcheckProverRound< Flavor >::extend_edges "extend_edges" used in non-ZK Flavors. @@ -460,10 +460,10 @@ The total costs of ZK Sumcheck are obtained from [Libra Costs](#LibraCosts) and Group Operations

\f$+ d\f$ MSMs of size \f$(D+D_w)\f$ = [Libra Commitments](#LibraCommitments)

\f$+ \left(2 \cdot (D+D_w) D+1\right)\f$ group ops = shplonk

-

\f$+ N_w\f$ MSMs of size \f$2^d\f$ (same group element multiplied by \f$\rho_1,\ldots,\rho_{N_w}\f$)

+

\f$+ N_w\f$ MSMs of size \f$2^d\f$ (same group element multiplied by \f$\rho_1,\ldots,\rho_{N_w}\f$)

\f$ + (d + 3) \f$ group ops

-

\f$ + N_w\f$ MSMs of size \f$2\f$

+

\f$ + N_w\f$ MSMs of size \f$2\f$

@@ -478,7 +478,7 @@ The total costs of ZK Sumcheck are obtained from [Libra Costs](#LibraCosts) and Communication -

\f$+ (d+ 2)\f$ group elements for Libra; \f$+N_w\f$ group elements for witness masking

+

\f$+ (d+ 2)\f$ group elements for Libra; \f$+N_w\f$ group elements for witness masking

\f$+ D_w \cdot d \f$ field elements

@@ -486,7 +486,7 @@ The total costs of ZK Sumcheck are obtained from [Libra Costs](#LibraCosts) and ## Theoretic Field Operations vs. Implementation The table above sets a reasonable upper bound on the amount of prover's field operations. -However, in the implementation, the relation \f$ F \f$ is computed as a vector of its subrelations, which allows us to decrease the costs of computing the round univariates. Namely, for a given subrelation \f$ F_j \f$, its maximum partial degree \f$D_j\f$ and its witness degree \f$D_{w,j} \f$ are generally less than \f$ D\f$ and \f$ D_w \f$, respectively. +However, in the implementation, the relation \f$ F \f$ is computed as a vector of its subrelations, which allows us to decrease the costs of computing the round univariates. Namely, for a given subrelation \f$ F_j \f$, its maximum partial degree \f$D_j\f$ and its witness degree \f$D_{w,j} \f$ are generally less than \f$ D\f$ and \f$ D_w \f$, respectively. Therefore, we compute \f$ F_j \f$'s contribution to Sumcheck Round Univariates by evaluating the univariate polynomial \f{align}{ \sum_{\vec \ell\in \{0,1\}^{d-1-i}} pow_{\beta}(u_0,\ldots, u_{i-1}, X_i, \vec \ell) \cdot F_j(u_0,\ldots, u_{i-1}, X_i,\vec \ell) diff --git a/barretenberg/cpp/scripts/analyze_client_ivc_bench.py b/barretenberg/cpp/scripts/analyze_client_ivc_bench.py index c2464204ea4..43efc74fed0 100644 --- a/barretenberg/cpp/scripts/analyze_client_ivc_bench.py +++ b/barretenberg/cpp/scripts/analyze_client_ivc_bench.py @@ -66,10 +66,10 @@ print('\nBreakdown of ProtogalaxyProver::prove:') protogalaxy_round_labels = [ - "ProtoGalaxyProver_::preparation_round(t)", - "ProtoGalaxyProver_::perturbator_round(t)", - "ProtoGalaxyProver_::combiner_quotient_round(t)", - "ProtoGalaxyProver_::update_target_sum_and_fold(t)" + "ProtogalaxyProver_::preparation_round(t)", + "ProtogalaxyProver_::perturbator_round(t)", + "ProtogalaxyProver_::combiner_quotient_round(t)", + "ProtogalaxyProver_::update_target_sum_and_fold(t)" ] max_label_length = max(len(label) for label in protogalaxy_round_labels) for key in protogalaxy_round_labels: diff --git a/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py b/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py index 56be71fec2e..b5686fc351a 100755 --- a/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py +++ b/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py @@ -47,10 +47,10 @@ print('\nBreakdown of ProtogalaxyProver::prove:') protogalaxy_round_labels = [ - "ProtoGalaxyProver_::preparation_round(t)", - "ProtoGalaxyProver_::perturbator_round(t)", - "ProtoGalaxyProver_::combiner_quotient_round(t)", - "ProtoGalaxyProver_::update_target_sum_and_fold(t)" + "ProtogalaxyProver_::preparation_round(t)", + "ProtogalaxyProver_::perturbator_round(t)", + "ProtogalaxyProver_::combiner_quotient_round(t)", + "ProtogalaxyProver_::update_target_sum_and_fold(t)" ] max_label_length = max(len(label) for label in protogalaxy_round_labels) for key in protogalaxy_round_labels: diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp index ead9390e54f..ac0b3a3893d 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp @@ -36,9 +36,9 @@ class AztecIVC { using DeciderProver = DeciderProver_; using DeciderVerifier = DeciderVerifier_; using ProverInstances = ProverInstances_; - using FoldingProver = ProtoGalaxyProver_; + using FoldingProver = ProtogalaxyProver_; using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtoGalaxyVerifier_; + using FoldingVerifier = ProtogalaxyVerifier_; using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey; using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey; @@ -47,7 +47,7 @@ class AztecIVC { using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance; using RecursiveVerificationKey = RecursiveFlavor::VerificationKey; using FoldingRecursiveVerifier = - bb::stdlib::recursion::honk::ProtoGalaxyRecursiveVerifier_; + bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; using OinkRecursiveVerifier = stdlib::recursion::honk::OinkRecursiveVerifier_; using DataBusDepot = stdlib::DataBusDepot; diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp index 237d8b6b7e7..84012b3cb85 100644 --- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp @@ -26,9 +26,9 @@ class AztecIVCTests : public ::testing::Test { using DeciderProver = AztecIVC::DeciderProver; using DeciderVerifier = AztecIVC::DeciderVerifier; using ProverInstances = ProverInstances_; - using FoldingProver = ProtoGalaxyProver_; + using FoldingProver = ProtogalaxyProver_; using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtoGalaxyVerifier_; + using FoldingVerifier = ProtogalaxyVerifier_; /** * @brief Construct mock circuit with arithmetic gates and goblin ops diff --git a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp index 21a4e46606a..e79f5a44b4f 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp @@ -17,7 +17,7 @@ template void fold_k(State& state) noexcept using ProverInstance = ProverInstance_; using Instance = ProverInstance; using Instances = ProverInstances_; - using ProtoGalaxyProver = ProtoGalaxyProver_; + using ProtogalaxyProver = ProtogalaxyProver_; using Builder = typename Flavor::CircuitBuilder; bb::srs::init_crs_factory("../srs_db/ignition"); @@ -35,7 +35,7 @@ template void fold_k(State& state) noexcept instances.emplace_back(construct_instance()); } - ProtoGalaxyProver folding_prover(instances); + ProtogalaxyProver folding_prover(instances); for (auto _ : state) { BB_REPORT_OP_COUNT_IN_BENCH(state); diff --git a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp index 414a89b908b..ce372cf31f3 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp @@ -10,12 +10,12 @@ using namespace benchmark; namespace bb { template -void _bench_round(::benchmark::State& state, void (*F)(ProtoGalaxyProver_>&)) +void _bench_round(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&)) { using Builder = typename Flavor::CircuitBuilder; using ProverInstance = ProverInstance_; using Instances = ProverInstances_; - using ProtoGalaxyProver = ProtoGalaxyProver_; + using ProtogalaxyProver = ProtogalaxyProver_; bb::srs::init_crs_factory("../srs_db/ignition"); auto log2_num_gates = static_cast(state.range(0)); @@ -31,7 +31,7 @@ void _bench_round(::benchmark::State& state, void (*F)(ProtoGalaxyProver_ prover_instance_1 = construct_instance(); std::shared_ptr prover_instance_2 = construct_instance(); - ProtoGalaxyProver folding_prover({ prover_instance_1, prover_instance_2 }); + ProtogalaxyProver folding_prover({ prover_instance_1, prover_instance_2 }); // prepare the prover state folding_prover.state.accumulator = prover_instance_1; @@ -46,7 +46,7 @@ void _bench_round(::benchmark::State& state, void (*F)(ProtoGalaxyProver_>&)) +void bench_round_mega(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&)) { _bench_round(state, F); } diff --git a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp index b6545d90245..a33d912e0d9 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp @@ -54,8 +54,9 @@ template void execute_relation_for_univaria template void execute_relation_for_pg_univariates(::benchmark::State& state) { using ProverInstances = ProverInstances_; - using Input = ProtogalaxyProverInternal::ExtendedUnivariates; - using Accumulator = typename Relation::template ProtogalaxyTupleOfUnivariatesOverSubrelations; + using Input = ProtogalaxyProverInternal::ExtendedUnivariatesNoOptimisticSkipping; + using Accumulator = typename Relation::template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping< + ProverInstances::NUM>; execute_relation(state); } diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index 3051b1bf433..8c7d3fd538d 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -31,9 +31,9 @@ class ClientIVC { using DeciderProver = DeciderProver_; using DeciderVerifier = DeciderVerifier_; using ProverInstances = ProverInstances_; - using FoldingProver = ProtoGalaxyProver_; + using FoldingProver = ProtogalaxyProver_; using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtoGalaxyVerifier_; + using FoldingVerifier = ProtogalaxyVerifier_; using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey; using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey; @@ -42,7 +42,7 @@ class ClientIVC { using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance; using RecursiveVerificationKey = RecursiveVerifierInstances::VerificationKey; using FoldingRecursiveVerifier = - bb::stdlib::recursion::honk::ProtoGalaxyRecursiveVerifier_; + bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; // A full proof for the IVC scheme struct Proof { diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index 57cf6997837..77685d2717c 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -26,9 +26,9 @@ class ClientIVCTests : public ::testing::Test { using DeciderProver = ClientIVC::DeciderProver; using DeciderVerifier = ClientIVC::DeciderVerifier; using ProverInstances = ProverInstances_; - using FoldingProver = ProtoGalaxyProver_; + using FoldingProver = ProtogalaxyProver_; using VerifierInstances = VerifierInstances_; - using FoldingVerifier = ProtoGalaxyVerifier_; + using FoldingVerifier = ProtogalaxyVerifier_; /** * @brief Prove and verify the IVC scheme diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 2d38473aac0..6ecd4a7b5f9 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -328,13 +328,13 @@ constexpr auto create_protogalaxy_tuple_of_tuples_of_univariates() constexpr auto seq = std::make_index_sequence>(); return [](std::index_sequence) { if constexpr (optimised) { - return std::make_tuple( - typename std::tuple_element_t:: - template OptimisedProtogalaxyTupleOfUnivariatesOverSubrelations{}...); - } else { return std::make_tuple( typename std::tuple_element_t::template ProtogalaxyTupleOfUnivariatesOverSubrelations< NUM_INSTANCES>{}...); + } else { + return std::make_tuple( + typename std::tuple_element_t:: + template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping{}...); } }(seq); } @@ -412,13 +412,13 @@ concept IsPlonkFlavor = IsAnyOf concept IsUltraPlonkFlavor = IsAnyOf; -template +template concept IsUltraPlonkOrHonk = IsAnyOf; -template +template concept IsHonkFlavor = IsAnyOf; -template +template concept IsUltraFlavor = IsAnyOf; template @@ -451,9 +451,9 @@ template concept IsFoldingFlavor = IsAnyOf, - UltraRecursiveFlavor_, + MegaFlavor, + UltraRecursiveFlavor_, + UltraRecursiveFlavor_, UltraRecursiveFlavor_, MegaRecursiveFlavor_, MegaRecursiveFlavor_, MegaRecursiveFlavor_>; diff --git a/barretenberg/cpp/src/barretenberg/polynomials/pow.bench.cpp b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.bench.hpp similarity index 84% rename from barretenberg/cpp/src/barretenberg/polynomials/pow.bench.cpp rename to barretenberg/cpp/src/barretenberg/polynomials/gate_separator.bench.hpp index b3f1d31e55b..ae5bde5c3ea 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/pow.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.bench.hpp @@ -1,5 +1,5 @@ -#include "barretenberg/polynomials/pow.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" +#include "barretenberg/polynomials/gate_separator.hpp" #include using namespace benchmark; @@ -16,7 +16,7 @@ void compute_pow_poly(benchmark::State& state) for (auto _ : state) { int64_t num_betas = state.range(0); std::vector cur_betas(betas.begin(), betas.begin() + num_betas); - PowPolynomial pow{ cur_betas, cur_betas.size() }; + GateSeparatorPolynomial poly{ cur_betas, cur_betas.size() }; } } diff --git a/barretenberg/cpp/src/barretenberg/polynomials/pow.hpp b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.hpp similarity index 89% rename from barretenberg/cpp/src/barretenberg/polynomials/pow.hpp rename to barretenberg/cpp/src/barretenberg/polynomials/gate_separator.hpp index 81bea2a0aed..5ef5580fcbc 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/pow.hpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.hpp @@ -8,7 +8,7 @@ #include namespace bb { -template struct PowPolynomial { +template struct GateSeparatorPolynomial { /** * @brief The challenges \f$(\beta_0,\ldots, \beta_{d-1}) \f$ * @@ -20,7 +20,7 @@ template struct PowPolynomial { * identified with the integers \f$\ell = 0,\ldots, 2^d-1\f$ * */ - std::vector pow_betas; + std::vector beta_products; /** * @brief In Round \f$ i\f$ of Sumcheck, it points to the \f$ i \f$-th element in \f$ \vec \beta \f$ * @@ -28,7 +28,7 @@ template struct PowPolynomial { size_t current_element_idx = 0; /** * @brief In Round \f$ i\f$ of Sumcheck, the periodicity equals to \f$ 2^{i+1}\f$ and represents the fixed interval - * at which elements not containing either of \f$ (\beta_0,\ldots ,β_i)\f$ appear in #pow_betas. + * at which elements not containing either of \f$ (\beta_0,\ldots ,β_i)\f$ appear in #beta_products. * */ size_t periodicity = 2; @@ -42,33 +42,33 @@ template struct PowPolynomial { FF partial_evaluation_result = FF(1); /** - * @brief Construct a new PowPolynomial + * @brief Construct a new GateSeparatorPolynomial * * @param betas * @param log_num_monomials */ - PowPolynomial(const std::vector& betas, const size_t log_num_monomials) + GateSeparatorPolynomial(const std::vector& betas, const size_t log_num_monomials) : betas(betas) - , pow_betas(compute_pow_betas(betas, log_num_monomials)) + , beta_products(compute_beta_products(betas, log_num_monomials)) {} /** - * @brief Construct a new PowPolynomial object without expanding to a vector of monomials - * @details The sumcheck verifier does not use pow_betas + * @brief Construct a new GateSeparatorPolynomial object without expanding to a vector of monomials + * @details The sumcheck verifier does not use beta_products * * @param betas */ - PowPolynomial(const std::vector& betas) + GateSeparatorPolynomial(const std::vector& betas) : betas(betas) {} /** - * @brief Retruns the element in #pow_betas at place #idx. + * @brief Retruns the element in #beta_products at place #idx. * * @param idx * @return FF const& */ - FF const& operator[](size_t idx) const { return pow_betas[idx]; } + FF const& operator[](size_t idx) const { return beta_products[idx]; } /** * @brief Computes the component at index #current_element_idx in #betas. * @@ -134,15 +134,16 @@ template struct PowPolynomial { * @brief Given \f$ \vec\beta = (\beta_0,...,\beta_{d-1})\f$ compute \f$ pow_{\ell}(\vec \beta) = pow_{\beta}(\vec * \ell)\f$ for \f$ \ell =0,\ldots,2^{d}-1\f$. * - * @param log_num_monomials Determines the number of beta challenges used to compute pow_betas (required because + * @param log_num_monomials Determines the number of beta challenges used to compute beta_products (required because * when we generate CONST_SIZE_PROOF_LOG_N, currently 28, challenges but the real circuit size is less than 1 << - * CONST_SIZE_PROOF_LOG_N, we should compute unnecessarily a vector of pow_betas of length 1 << 28 ) + * CONST_SIZE_PROOF_LOG_N, we should compute unnecessarily a vector of beta_products of length 1 << 28 ) */ - BB_PROFILE static std::vector compute_pow_betas(const std::vector& betas, const size_t log_num_monomials) + BB_PROFILE static std::vector compute_beta_products(const std::vector& betas, + const size_t log_num_monomials) { size_t pow_size = 1 << log_num_monomials; - std::vector pow_betas(pow_size); + std::vector beta_products(pow_size); // Determine number of threads for multithreading. // Note: Multithreading is "on" for every round but we reduce the number of threads from the max available based @@ -169,20 +170,20 @@ template struct PowPolynomial { res *= betas[beta_idx]; } } - pow_betas[i] = res; + beta_products[i] = res; } }); - return pow_betas; + return beta_products; } }; /**< - * @struct PowPolynomial - * @brief Implementation of the methods for the \f$pow_{\ell}\f$-polynomials used in ProtoGalaxy and + * @struct GateSeparatorPolynomial + * @brief Implementation of the methods for the \f$pow_{\ell}\f$-polynomials used in Protogalaxy and \f$pow_{\beta}\f$-polynomials used in Sumcheck. * * @details - * ## PowPolynomial in Protogalaxy + * ## GateSeparatorPolynomial in Protogalaxy * * \todo Expand this while completing PG docs. * @@ -235,12 +236,12 @@ S^i_{\ell}( X_i ) * Define \f{align} T^{i}( X_i ) = \sum_{\ell = 0}^{2^{d-i-1}-1} \beta_{i+1}^{\ell_{i+1}} \cdot \ldots \cdot \beta_{d-1}^{\ell_{d-1}} \cdot S^{i}_{\ell}( X_i ) \f} then \f$ \deg_{X_i} (T^i) \leq \deg_{X_i} S^i \f$. - ### Features of PowPolynomial used by Sumcheck Prover + ### Features of GateSeparatorPolynomial used by Sumcheck Prover - The factor \f$ c_i \f$ is the #partial_evaluation_result, it is updated by \ref partially_evaluate. - The challenges \f$(\beta_0,\ldots, \beta_{d-1}) \f$ are recorded in #betas. - The consecutive evaluations \f$ pow_{\ell}(\vec \beta) = pow_{\beta}(\vec \ell) \f$ for \f$\vec \ell\f$ identified with the integers \f$\ell = 0,\ldots, 2^d-1\f$ represented in binary are pre-computed by \ref compute_values and stored -in #pow_betas. +in #beta_products. * */ diff --git a/barretenberg/cpp/src/barretenberg/polynomials/pow.test.cpp b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.test.cpp similarity index 54% rename from barretenberg/cpp/src/barretenberg/polynomials/pow.test.cpp rename to barretenberg/cpp/src/barretenberg/polynomials/gate_separator.test.cpp index 4673f792cf8..59d49091a7b 100644 --- a/barretenberg/cpp/src/barretenberg/polynomials/pow.test.cpp +++ b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.test.cpp @@ -1,10 +1,10 @@ -#include "pow.hpp" +#include "gate_separator.hpp" #include "barretenberg/ecc/curves/bn254/fr.hpp" #include using namespace bb; -TEST(PowPolynomial, FullPowConsistency) +TEST(GateSeparatorPolynomial, FullPowConsistency) { constexpr size_t d = 5; std::vector betas(d); @@ -12,27 +12,27 @@ TEST(PowPolynomial, FullPowConsistency) beta = fr::random_element(); } - PowPolynomial pow_polynomial(betas); + GateSeparatorPolynomial poly(betas); std::array variables{}; for (auto& u_i : variables) { u_i = fr::random_element(); - pow_polynomial.partially_evaluate(u_i); + poly.partially_evaluate(u_i); } size_t beta_idx = 0; fr expected_eval = 1; for (auto& u_i : variables) { - expected_eval *= fr(1) - u_i + u_i * pow_polynomial.betas[beta_idx]; + expected_eval *= fr(1) - u_i + u_i * poly.betas[beta_idx]; beta_idx++; } - EXPECT_EQ(pow_polynomial.partial_evaluation_result, expected_eval); + EXPECT_EQ(poly.partial_evaluation_result, expected_eval); } -TEST(PowPolynomial, PowPolynomialsOnPowers) +TEST(GateSeparatorPolynomial, GateSeparatorPolynomialsOnPowers) { std::vector betas{ 2, 4, 16 }; - PowPolynomial pow(betas, betas.size()); + GateSeparatorPolynomial poly(betas, betas.size()); std::vector expected_values{ 1, 2, 4, 8, 16, 32, 64, 128 }; - EXPECT_EQ(expected_values, pow.pow_betas); + EXPECT_EQ(expected_values, poly.beta_products); } diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp index c57e08a905d..a9bcb68de76 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp @@ -53,10 +53,10 @@ TEST(Protogalaxy, CombinerOn2Instances) ProverInstances instances{ instance_data }; Fun::UnivariateRelationSeparator alphas; alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only - PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1); - Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters; - auto result = Fun::compute_combiner_no_optimistic_skipping( - instances, pow_polynomial, univariate_relation_parameters, alphas); + GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1); + Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; + auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( + instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); // The expected_result values are computed by running the python script combiner_example_gen.py auto expected_result = Univariate(std::array{ 9704UL, 13245288UL, @@ -70,7 +70,7 @@ TEST(Protogalaxy, CombinerOn2Instances) 5055956840UL, 6869630184UL, 9072095848UL }); - EXPECT_EQ(result, expected_result); + EXPECT_EQ(result_no_skipping, expected_result); } else { std::vector> instance_data(NUM_INSTANCES); @@ -133,18 +133,18 @@ TEST(Protogalaxy, CombinerOn2Instances) relation value: 0 0 0 0 0 0 0 0 0 6 18 36 60 90 */ - PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1); - Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters; - Fun::UnivariateRelationParameters optimised_univariate_relation_parameters; - auto result = Fun::compute_combiner_no_optimistic_skipping( - instances, pow_polynomial, univariate_relation_parameters, alphas); - auto optimised_result = - Fun::compute_combiner(instances, pow_polynomial, optimised_univariate_relation_parameters, alphas); + GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1); + Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; + Fun::UnivariateRelationParameters univariate_relation_parameters; + auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( + instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + auto result_with_skipping = + Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas); auto expected_result = Univariate(std::array{ 0, 0, 12, 36, 72, 120, 180, 252, 336, 432, 540, 660 }); - EXPECT_EQ(result, expected_result); - EXPECT_EQ(optimised_result, expected_result); + EXPECT_EQ(result_no_skipping, expected_result); + EXPECT_EQ(result_with_skipping, expected_result); } }; run_test(true); @@ -193,7 +193,7 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) ProverInstances instances{ instance_data }; Fun::UnivariateRelationSeparator alphas; alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only - PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1); + GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1); // Relation parameters are all zeroes RelationParameters relation_parameters; @@ -206,7 +206,7 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) std::get<0>(temporary_accumulator), instance_data[NUM_INSTANCES - 1]->proving_key.polynomials.get_row(i), relation_parameters, - pow_polynomial[i]); + gate_separators[i]); } // Get the result of the 0th subrelation of the arithmetic relation FF instance_offset = std::get<0>(temporary_accumulator)[0]; @@ -241,28 +241,28 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) UltraArithmeticRelation::accumulate(std::get<0>(accumulator), instance_data[idx]->proving_key.polynomials.get_row(i), relation_parameters, - pow_polynomial[i]); + gate_separators[i]); } } else { for (size_t i = 0; i < 2; i++) { UltraArithmeticRelation::accumulate(std::get<0>(accumulator), extended_polynomials[idx - NUM_INSTANCES].get_row(i), relation_parameters, - pow_polynomial[i]); + gate_separators[i]); } } precomputed_result[idx] = std::get<0>(accumulator)[0]; } auto expected_result = Univariate(precomputed_result); - Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters; - Fun::UnivariateRelationParameters optimised_univariate_relation_parameters; - auto result = Fun::compute_combiner_no_optimistic_skipping( - instances, pow_polynomial, univariate_relation_parameters, alphas); - auto optimised_result = - Fun::compute_combiner(instances, pow_polynomial, optimised_univariate_relation_parameters, alphas); - - EXPECT_EQ(result, expected_result); - EXPECT_EQ(optimised_result, expected_result); + Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; + Fun::UnivariateRelationParameters univariate_relation_parameters; + auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( + instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + auto result_with_skipping = + Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas); + + EXPECT_EQ(result_no_skipping, expected_result); + EXPECT_EQ(result_with_skipping, expected_result); } else { std::vector> instance_data(NUM_INSTANCES); @@ -325,18 +325,18 @@ TEST(Protogalaxy, CombinerOptimizationConsistency) relation value: 0 0 0 0 0 0 0 0 0 6 18 36 60 90 */ - PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1); - Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters; - Fun::UnivariateRelationParameters optimised_univariate_relation_parameters; - auto result = Fun::compute_combiner_no_optimistic_skipping( - instances, pow_polynomial, univariate_relation_parameters, alphas); - auto optimised_result = - Fun::compute_combiner(instances, pow_polynomial, optimised_univariate_relation_parameters, alphas); + GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1); + Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping; + Fun::UnivariateRelationParameters univariate_relation_parameters; + auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping( + instances, gate_separators, univariate_relation_parameters_no_skpping, alphas); + auto result_with_skipping = + Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas); auto expected_result = Univariate(std::array{ 0, 0, 12, 36, 72, 120, 180, 252, 336, 432, 540, 660 }); - EXPECT_EQ(result, expected_result); - EXPECT_EQ(optimised_result, expected_result); + EXPECT_EQ(result_no_skipping, expected_result); + EXPECT_EQ(result_with_skipping, expected_result); } }; run_test(true); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp index 56f09ffe349..910903abf24 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp @@ -1,5 +1,5 @@ #include "barretenberg/goblin/mock_circuits.hpp" -#include "barretenberg/polynomials/pow.hpp" +#include "barretenberg/polynomials/gate_separator.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover_internal.hpp" #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp" @@ -16,14 +16,14 @@ namespace { auto& engine = numeric::get_debug_randomness(); -template class ProtoGalaxyTests : public testing::Test { +template class ProtogalaxyTests : public testing::Test { public: using VerificationKey = typename Flavor::VerificationKey; using ProverInstance = ProverInstance_; using ProverInstances = ProverInstances_; using VerifierInstance = VerifierInstance_; using VerifierInstances = VerifierInstances_; - using ProtoGalaxyProver = ProtoGalaxyProver_; + using ProtogalaxyProver = ProtogalaxyProver_; using FF = typename Flavor::FF; using Affine = typename Flavor::Commitment; using Projective = typename Flavor::GroupElement; @@ -33,11 +33,11 @@ template class ProtoGalaxyTests : public testing::Test { using RelationParameters = bb::RelationParameters; using WitnessCommitments = typename Flavor::WitnessCommitments; using CommitmentKey = typename Flavor::CommitmentKey; - using PowPolynomial = bb::PowPolynomial; + using GateSeparatorPolynomial = bb::GateSeparatorPolynomial; using DeciderProver = DeciderProver_; using DeciderVerifier = DeciderVerifier_; - using FoldingProver = ProtoGalaxyProver_; - using FoldingVerifier = ProtoGalaxyVerifier_; + using FoldingProver = ProtogalaxyProver_; + using FoldingVerifier = ProtogalaxyVerifier_; using Fun = ProtogalaxyProverInternal; using TupleOfInstances = @@ -95,15 +95,16 @@ template class ProtoGalaxyTests : public testing::Test { static void check_accumulator_target_sum_manual(std::shared_ptr& accumulator, bool expected_result) { auto instance_size = accumulator->proving_key.circuit_size; - auto expected_honk_evals = Fun::compute_full_honk_evaluations( + auto expected_honk_evals = Fun::compute_row_evaluations( accumulator->proving_key.polynomials, accumulator->alphas, accumulator->relation_parameters); // Construct pow(\vec{betas*}) as in the paper - PowPolynomial expected_pows(accumulator->gate_challenges, accumulator->gate_challenges.size()); + GateSeparatorPolynomial expected_gate_separators(accumulator->gate_challenges, + accumulator->gate_challenges.size()); // Compute the corresponding target sum and create a dummy accumulator auto expected_target_sum = FF(0); for (size_t i = 0; i < instance_size; i++) { - expected_target_sum += expected_honk_evals[i] * expected_pows[i]; + expected_target_sum += expected_honk_evals[i] * expected_gate_separators[i]; } EXPECT_EQ(accumulator->target_sum == expected_target_sum, expected_result); } @@ -147,7 +148,7 @@ template class ProtoGalaxyTests : public testing::Test { for (auto& alpha : instance->alphas) { alpha = FF::random_element(); } - auto full_honk_evals = Fun::compute_full_honk_evaluations( + auto full_honk_evals = Fun::compute_row_evaluations( instance->proving_key.polynomials, instance->alphas, instance->relation_parameters); // Evaluations should be 0 for valid circuit @@ -196,19 +197,19 @@ template class ProtoGalaxyTests : public testing::Test { alpha = FF::random_element(); } - auto full_honk_evals = Fun::compute_full_honk_evaluations(full_polynomials, alphas, relation_parameters); + auto full_honk_evals = Fun::compute_row_evaluations(full_polynomials, alphas, relation_parameters); std::vector betas(log_instance_size); for (size_t idx = 0; idx < log_instance_size; idx++) { betas[idx] = FF::random_element(); } // Construct pow(\vec{betas}) as in the paper - bb::PowPolynomial pow_beta(betas, log_instance_size); + bb::GateSeparatorPolynomial gate_separators(betas, log_instance_size); // Compute the corresponding target sum and create a dummy accumulator auto target_sum = FF(0); for (size_t i = 0; i < instance_size; i++) { - target_sum += full_honk_evals[i] * pow_beta[i]; + target_sum += full_honk_evals[i] * gate_separators[i]; } auto accumulator = std::make_shared(); @@ -550,8 +551,8 @@ template class ProtoGalaxyTests : public testing::Test { constexpr size_t total_insts = k + 1; TupleOfInstances insts = construct_instances(total_insts); - ProtoGalaxyProver_> folding_prover(get<0>(insts)); - ProtoGalaxyVerifier_> folding_verifier(get<1>(insts)); + ProtogalaxyProver_> folding_prover(get<0>(insts)); + ProtogalaxyVerifier_> folding_verifier(get<1>(insts)); auto [prover_accumulator, folding_proof] = folding_prover.prove(); auto verifier_accumulator = folding_verifier.verify_folding_proof(folding_proof); @@ -563,74 +564,74 @@ template class ProtoGalaxyTests : public testing::Test { } // namespace using FlavorTypes = testing::Types; -TYPED_TEST_SUITE(ProtoGalaxyTests, FlavorTypes); +TYPED_TEST_SUITE(ProtogalaxyTests, FlavorTypes); -TYPED_TEST(ProtoGalaxyTests, PerturbatorCoefficients) +TYPED_TEST(ProtogalaxyTests, PerturbatorCoefficients) { TestFixture::test_pertubator_coefficients(); } -TYPED_TEST(ProtoGalaxyTests, FullHonkEvaluationsValidCircuit) +TYPED_TEST(ProtogalaxyTests, FullHonkEvaluationsValidCircuit) { TestFixture::test_full_honk_evaluations_valid_circuit(); } -TYPED_TEST(ProtoGalaxyTests, PerturbatorPolynomial) +TYPED_TEST(ProtogalaxyTests, PerturbatorPolynomial) { TestFixture::test_pertubator_polynomial(); } -TYPED_TEST(ProtoGalaxyTests, CombinerQuotient) +TYPED_TEST(ProtogalaxyTests, CombinerQuotient) { TestFixture::test_combiner_quotient(); } -TYPED_TEST(ProtoGalaxyTests, CombineRelationParameters) +TYPED_TEST(ProtogalaxyTests, CombineRelationParameters) { TestFixture::test_compute_extended_relation_parameters(); } -TYPED_TEST(ProtoGalaxyTests, CombineAlphas) +TYPED_TEST(ProtogalaxyTests, CombineAlphas) { TestFixture::test_compute_and_extend_alphas(); } -TYPED_TEST(ProtoGalaxyTests, ProtogalaxyInhomogeneous) +TYPED_TEST(ProtogalaxyTests, ProtogalaxyInhomogeneous) { TestFixture::test_protogalaxy_inhomogeneous(); } -TYPED_TEST(ProtoGalaxyTests, FullProtogalaxyTest) +TYPED_TEST(ProtogalaxyTests, FullProtogalaxyTest) { TestFixture::test_full_protogalaxy(); } -TYPED_TEST(ProtoGalaxyTests, FullProtogalaxyStructuredTrace) +TYPED_TEST(ProtogalaxyTests, FullProtogalaxyStructuredTrace) { TestFixture::test_full_protogalaxy_structured_trace(); } -TYPED_TEST(ProtoGalaxyTests, FullProtogalaxyStructuredTraceInhomogeneous) +TYPED_TEST(ProtogalaxyTests, FullProtogalaxyStructuredTraceInhomogeneous) { TestFixture::test_full_protogalaxy_structured_trace_inhomogeneous_circuits(); } -TYPED_TEST(ProtoGalaxyTests, TamperedCommitment) +TYPED_TEST(ProtogalaxyTests, TamperedCommitment) { TestFixture::test_tampered_commitment(); } -TYPED_TEST(ProtoGalaxyTests, TamperedAccumulatorPolynomial) +TYPED_TEST(ProtogalaxyTests, TamperedAccumulatorPolynomial) { TestFixture::test_tampered_accumulator_polynomial(); } -TYPED_TEST(ProtoGalaxyTests, BadLookupFailure) +TYPED_TEST(ProtogalaxyTests, BadLookupFailure) { TestFixture::test_protogalaxy_bad_lookup_failure(); } // We only fold one instance currently due to significant compile time added by multiple instances -TYPED_TEST(ProtoGalaxyTests, Fold1Instance) +TYPED_TEST(ProtogalaxyTests, Fold1Instance) { TestFixture::template test_fold_k_instances<1>(); } \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp index 8ba4f990c13..0f9b09079ff 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp @@ -4,16 +4,16 @@ namespace bb { -template class ProtoGalaxyProver_ { +template class ProtogalaxyProver_ { public: using ProverInstance = typename ProverInstances_::Instance; using Flavor = typename ProverInstances_::Flavor; using FF = typename ProverInstances_::Flavor::FF; static constexpr size_t NUM_INSTANCES = ProverInstances_::NUM; using CombinerQuotient = Univariate; + using TupleOfTuplesOfUnivariatesNoOptimisticSkipping = + typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping; using TupleOfTuplesOfUnivariates = typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates; - using OptimisedTupleOfTuplesOfUnivariates = - typename Flavor::template OptimisedProtogalaxyTupleOfTuplesOfUnivariates; using UnivariateRelationParameters = bb::RelationParameters>; using UnivariateRelationSeparator = @@ -40,12 +40,16 @@ template class ProtoGalaxyProver_ { std::shared_ptr commitment_key; State state; - ProtoGalaxyProver_() = default; - ProtoGalaxyProver_(const std::vector>& insts) + ProtogalaxyProver_() = default; + ProtogalaxyProver_(const std::vector>& insts) : instances(ProverInstances_(insts)) // TODO(https://github.com/AztecProtocol/barretenberg/issues/878) , commitment_key(instances[1]->proving_key.commitment_key){}; + // Returns the accumulator, which is the first element in ProverInstances. The accumulator is assumed to have the + // FoldingParameters set and be the result of a previous round of folding. + std::shared_ptr get_accumulator() { return instances[0]; } + /** * @brief For each instance produced by a circuit, prior to folding, we need to complete the computation of its * prover polynomials, commit to witnesses and generate the relation parameters as well as send the public data ϕ of @@ -54,20 +58,7 @@ template class ProtoGalaxyProver_ { * @param domain_separator separates the same type of data coming from difference instances by instance * index */ - void finalise_and_send_instance(std::shared_ptr, const std::string& domain_separator); - - /** - * @brief Execute the folding prover. - * - * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/753): fold goblin polynomials - * @return FoldingResult is a pair consisting of an accumulator and a folding proof, which is a proof that the - * accumulator was computed correctly. - */ - BB_PROFILE FoldingResult prove(); - - // Returns the accumulator, which is the first element in ProverInstances. The accumulator is assumed to have the - // FoldingParameters set and be the result of a previous round of folding. - std::shared_ptr get_accumulator() { return instances[0]; } + void run_oink_prover_on_instance(std::shared_ptr, const std::string& domain_separator); /** * @brief Create inputs to folding protocol (an Oink interaction). @@ -90,7 +81,6 @@ template class ProtoGalaxyProver_ { * @details Compute combiner (G polynomial in the paper) and then its quotient (K polynomial), whose coefficient * will be sent to the verifier. */ - /*gate_challenges, alphas, optimised_relation_parameters, perturbator_evaluation, combiner_quotient */ std::tuple, UnivariateRelationSeparator, UnivariateRelationParameters, FF, CombinerQuotient> combiner_quotient_round(const std::vector& gate_challenges, const std::vector& deltas, @@ -108,5 +98,13 @@ template class ProtoGalaxyProver_ { const UnivariateRelationSeparator& alphas, const UnivariateRelationParameters& univariate_relation_parameters, const FF& perturbator_evaluation); + + /** + * @brief Execute the folding prover. + * + * @return FoldingResult is a pair consisting of an accumulator and a folding proof, which is a proof that the + * accumulator was computed correctly. + */ + BB_PROFILE FoldingResult prove(); }; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp index 7ba4ceb8410..9f9d7b59a8e 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp @@ -8,74 +8,23 @@ namespace bb { template -void ProtoGalaxyProver_::finalise_and_send_instance(std::shared_ptr instance, - const std::string& domain_separator) +void ProtogalaxyProver_::run_oink_prover_on_instance(std::shared_ptr instance, + const std::string& domain_separator) { - ZoneScopedN("ProtoGalaxyProver::finalise_and_send_instance"); + ZoneScopedN("ProtogalaxyProver::run_oink_prover_on_instance"); OinkProver oink_prover(instance, transcript, domain_separator + '_'); - oink_prover.prove(); } -template -FoldingResult ProtoGalaxyProver_::update_target_sum_and_fold( - const ProverInstances& instances, - const CombinerQuotient& combiner_quotient, - const UnivariateRelationSeparator& alphas, - const UnivariateRelationParameters& univariate_relation_parameters, - const FF& perturbator_evaluation) -{ - BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::update_target_sum_and_fold"); - using Fun = ProtogalaxyProverInternal; - - const FF combiner_challenge = transcript->template get_challenge("combiner_quotient_challenge"); - - FoldingResult result{ .accumulator = instances[0], .proof = std::move(transcript->proof_data) }; - - // TODO(https://github.com/AztecProtocol/barretenberg/issues/881): bad pattern - result.accumulator->is_accumulator = true; - - // Compute the next target sum - auto [vanishing_polynomial_at_challenge, lagranges] = - Fun::compute_vanishing_polynomial_and_lagranges(combiner_challenge); - result.accumulator->target_sum = perturbator_evaluation * lagranges[0] + - vanishing_polynomial_at_challenge * combiner_quotient.evaluate(combiner_challenge); - - // Fold the proving key polynomials - for (auto& poly : result.accumulator->proving_key.polynomials.get_unshifted()) { - poly *= lagranges[0]; - } - for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) { - for (auto [acc_poly, inst_poly] : zip_view(result.accumulator->proving_key.polynomials.get_unshifted(), - instances[inst_idx]->proving_key.polynomials.get_unshifted())) { - acc_poly.add_scaled(inst_poly, lagranges[inst_idx]); - } - } - - // Evaluate the combined batching α_i univariate at challenge to obtain next α_i and send it to the - // verifier, where i ∈ {0,...,NUM_SUBRELATIONS - 1} - for (auto [folded_alpha, inst_alpha] : zip_view(result.accumulator->alphas, alphas)) { - folded_alpha = inst_alpha.evaluate(combiner_challenge); - } - - // Evaluate each relation parameter univariate at challenge to obtain the folded relation parameters. - for (auto [univariate, value] : zip_view(univariate_relation_parameters.get_to_fold(), - result.accumulator->relation_parameters.get_to_fold())) { - value = univariate.evaluate(combiner_challenge); - } - - return result; -} - -template void ProtoGalaxyProver_::run_oink_prover_on_each_instance() +template void ProtogalaxyProver_::run_oink_prover_on_each_instance() { - BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::run_oink_prover_on_each_instance"); + BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::run_oink_prover_on_each_instance"); auto idx = 0; auto& instance = instances[0]; auto domain_separator = std::to_string(idx); if (!instance->is_accumulator) { - finalise_and_send_instance(instance, domain_separator); + run_oink_prover_on_instance(instance, domain_separator); instance->target_sum = 0; instance->gate_challenges = std::vector(instance->proving_key.log_circuit_size, 0); } @@ -85,7 +34,7 @@ template void ProtoGalaxyProver_::run_o for (auto it = instances.begin() + 1; it != instances.end(); it++, idx++) { auto instance = *it; auto domain_separator = std::to_string(idx); - finalise_and_send_instance(instance, domain_separator); + run_oink_prover_on_instance(instance, domain_separator); } state.accumulator = instances[0]; @@ -93,10 +42,10 @@ template void ProtoGalaxyProver_::run_o template std::tuple, Polynomial> -ProtoGalaxyProver_::perturbator_round( +ProtogalaxyProver_::perturbator_round( const std::shared_ptr& accumulator) { - BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::perturbator_round"); + BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::perturbator_round"); using Fun = ProtogalaxyProverInternal; @@ -108,7 +57,8 @@ ProtoGalaxyProver_::perturbator_round( : Polynomial(accumulator->proving_key.log_circuit_size + 1); // Prover doesn't send the constant coefficient of F because this is supposed to be equal to the target sum of // the accumulator which the folding verifier has from the previous iteration. - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1087): Verifier circuit for first IVC step is different + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1087): Verifier circuit for first IVC step is + // different if (accumulator->is_accumulator) { for (size_t idx = 1; idx <= accumulator->proving_key.log_circuit_size; idx++) { transcript->send_to_verifier("perturbator_" + std::to_string(idx), perturbator[idx]); @@ -120,15 +70,15 @@ ProtoGalaxyProver_::perturbator_round( template std::tuple, - typename ProtoGalaxyProver_::UnivariateRelationSeparator, - typename ProtoGalaxyProver_::UnivariateRelationParameters, + typename ProtogalaxyProver_::UnivariateRelationSeparator, + typename ProtogalaxyProver_::UnivariateRelationParameters, typename ProverInstances::Flavor::FF, - typename ProtoGalaxyProver_::CombinerQuotient> -ProtoGalaxyProver_::combiner_quotient_round(const std::vector& gate_challenges, + typename ProtogalaxyProver_::CombinerQuotient> +ProtogalaxyProver_::combiner_quotient_round(const std::vector& gate_challenges, const std::vector& deltas, const ProverInstances& instances) { - BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::combiner_quotient_round"); + BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::combiner_quotient_round"); using Fun = ProtogalaxyProverInternal; @@ -137,12 +87,13 @@ ProtoGalaxyProver_::combiner_quotient_round(const std::vector updated_gate_challenges = update_gate_challenges(perturbator_challenge, gate_challenges, deltas); const UnivariateRelationSeparator alphas = Fun::compute_and_extend_alphas(instances); - const PowPolynomial pow_polynomial{ updated_gate_challenges, instances[0]->proving_key.log_circuit_size }; + const GateSeparatorPolynomial gate_separators{ updated_gate_challenges, + instances[0]->proving_key.log_circuit_size }; const UnivariateRelationParameters relation_parameters = Fun::template compute_extended_relation_parameters(instances); - OptimisedTupleOfTuplesOfUnivariates accumulators; - auto combiner = Fun::compute_combiner(instances, pow_polynomial, relation_parameters, alphas, accumulators); + TupleOfTuplesOfUnivariates accumulators; + auto combiner = Fun::compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators); const FF perturbator_evaluation = state.perturbator.evaluate(perturbator_challenge); const CombinerQuotient combiner_quotient = Fun::compute_combiner_quotient(perturbator_evaluation, combiner); @@ -155,8 +106,63 @@ ProtoGalaxyProver_::combiner_quotient_round(const std::vector +FoldingResult ProtogalaxyProver_::update_target_sum_and_fold( + const ProverInstances& instances, + const CombinerQuotient& combiner_quotient, + const UnivariateRelationSeparator& alphas, + const UnivariateRelationParameters& univariate_relation_parameters, + const FF& perturbator_evaluation) +{ + BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::update_target_sum_and_fold"); + using Fun = ProtogalaxyProverInternal; + + const FF combiner_challenge = transcript->template get_challenge("combiner_quotient_challenge"); + + FoldingResult result{ .accumulator = instances[0], .proof = std::move(transcript->proof_data) }; + + // TODO(https://github.com/AztecProtocol/barretenberg/issues/881): bad pattern + result.accumulator->is_accumulator = true; + + // Compute the next target sum + auto [vanishing_polynomial_at_challenge, lagranges] = + Fun::compute_vanishing_polynomial_and_lagranges(combiner_challenge); + result.accumulator->target_sum = perturbator_evaluation * lagranges[0] + + vanishing_polynomial_at_challenge * combiner_quotient.evaluate(combiner_challenge); + + // Fold the proving key polynomials + for (auto& poly : result.accumulator->proving_key.polynomials.get_unshifted()) { + poly *= lagranges[0]; + } + for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) { + for (auto [acc_poly, inst_poly] : zip_view(result.accumulator->proving_key.polynomials.get_unshifted(), + instances[inst_idx]->proving_key.polynomials.get_unshifted())) { + acc_poly.add_scaled(inst_poly, lagranges[inst_idx]); + } + } + + // Evaluate the combined batching α_i univariate at challenge to obtain next α_i and send it to the + // verifier, where i ∈ {0,...,NUM_SUBRELATIONS - 1} + for (auto [folded_alpha, inst_alpha] : zip_view(result.accumulator->alphas, alphas)) { + folded_alpha = inst_alpha.evaluate(combiner_challenge); + } + + // Evaluate each relation parameter univariate at challenge to obtain the folded relation parameters. + for (auto [univariate, value] : zip_view(univariate_relation_parameters.get_to_fold(), + result.accumulator->relation_parameters.get_to_fold())) { + value = univariate.evaluate(combiner_challenge); + } + + return result; +} + template -FoldingResult ProtoGalaxyProver_::prove() +FoldingResult ProtogalaxyProver_::prove() { ZoneScopedN("ProtogalaxyProver::prove"); BB_OP_COUNT_TIME_NAME("ProtogalaxyProver::prove"); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp index a6ceea085e4..8767b4e076b 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_internal.hpp @@ -41,24 +41,25 @@ template class ProtogalaxyProverInternal { using ExtendedUnivariateWithRandomization = Univariate; - using ExtendedUnivariates = typename Flavor::template ProverUnivariates; - using OptimisedExtendedUnivariates = - typename Flavor::template OptimisedProverUnivariates; - + using ExtendedUnivariatesNoOptimisticSkipping = + typename Flavor::template ProverUnivariates; + using ExtendedUnivariates = + typename Flavor::template ProverUnivariatesWithOptimisticSkipping; + + using TupleOfTuplesOfUnivariatesNoOptimisticSkipping = + typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping; using TupleOfTuplesOfUnivariates = typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates; - using OptimisedTupleOfTuplesOfUnivariates = - typename Flavor::template OptimisedProtogalaxyTupleOfTuplesOfUnivariates; using RelationEvaluations = typename Flavor::TupleOfArraysOfValues; static constexpr size_t NUM_SUBRELATIONS = ProverInstances::NUM_SUBRELATIONS; /** - * @brief Compute the values of the full Honk relation at each row in the execution trace, representing f_i(ω) in - * the ProtoGalaxy paper, given the evaluations of all the prover polynomials and \vec{α} (the batching challenges - * that help establishing each subrelation is independently valid in Honk - from the Plonk paper, DO NOT confuse - * with α in ProtoGalaxy). + * @brief Compute the values of the aggregated relation evaluations at each row in the execution trace, representing + * f_i(ω) in the Protogalaxy paper, given the evaluations of all the prover polynomials and \vec{α} (the batching + * challenges that help establishing each subrelation is independently valid in Honk - from the Plonk paper, DO NOT + * confuse with α in Protogalaxy). * * @details When folding Mega instances, one of the relations is linearly dependent. We define such relations * as acting on the entire execution trace and hence requiring to be accumulated separately as we iterate over each @@ -66,12 +67,12 @@ template class ProtogalaxyProverInternal { * sum f_0(ω) + α_j*g(ω) where f_0 represents the full honk evaluation at row 0, g(ω) is the linearly dependent * subrelation and α_j is its corresponding batching challenge. */ - static std::vector compute_full_honk_evaluations(const ProverPolynomials& instance_polynomials, - const RelationSeparator& alpha, - const RelationParameters& relation_parameters) + static std::vector compute_row_evaluations(const ProverPolynomials& instance_polynomials, + const RelationSeparator& alpha, + const RelationParameters& relation_parameters) { - BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::compute_full_honk_evaluations"); + BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::compute_row_evaluations"); auto instance_size = instance_polynomials.get_polynomial_size(); std::vector full_honk_evaluations(instance_size); const std::vector linearly_dependent_contribution_accumulators = parallel_for_heuristic( @@ -169,7 +170,7 @@ template class ProtogalaxyProverInternal { const std::vector& deltas) { BB_OP_COUNT_TIME(); - auto full_honk_evaluations = compute_full_honk_evaluations( + auto full_honk_evaluations = compute_row_evaluations( accumulator->proving_key.polynomials, accumulator->alphas, accumulator->relation_parameters); const auto betas = accumulator->gate_challenges; ASSERT(betas.size() == deltas.size()); @@ -187,7 +188,8 @@ template class ProtogalaxyProverInternal { template static void extend_univariates( - std::conditional_t& extended_univariates, + std::conditional_t& + extended_univariates, const ProverInstances& instances, const size_t row_idx) { @@ -256,12 +258,12 @@ template class ProtogalaxyProverInternal { * * @tparam skip_zero_computations whether to use the the optimization that skips computing zero. * @param instances - * @param pow_betas + * @param gate_separators * @return ExtendedUnivariateWithRandomization */ template static ExtendedUnivariateWithRandomization compute_combiner(const ProverInstances& instances, - const PowPolynomial& pow_betas, + const GateSeparatorPolynomial& gate_separators, const Parameters& relation_parameters, const UnivariateRelationSeparator& alphas, TupleOfTuples& univariate_accumulators) @@ -269,7 +271,7 @@ template class ProtogalaxyProverInternal { BB_OP_COUNT_TIME(); // Whether to use univariates whose operators ignore some values which an honest prover would compute to be zero - constexpr bool skip_zero_computations = std::same_as; + constexpr bool skip_zero_computations = std::same_as; const size_t common_instance_size = instances[0]->proving_key.circuit_size; // Determine number of threads for multithreading. @@ -289,7 +291,7 @@ template class ProtogalaxyProverInternal { // doesn't skip computation), so we need to define types depending on the template instantiation using ThreadAccumulators = TupleOfTuples; using ExtendedUnivatiatesType = - std::conditional_t; + std::conditional_t; // Construct univariate accumulator containers; one per thread std::vector thread_univariate_accumulators(num_threads); @@ -314,7 +316,7 @@ template class ProtogalaxyProverInternal { constexpr size_t skip_count = skip_zero_computations ? ProverInstances::NUM - 1 : 0; extend_univariates(extended_univariates[thread_idx], instances, idx); - const FF pow_challenge = pow_betas[idx]; + const FF pow_challenge = gate_separators[idx]; // Accumulate the i-th row's univariate contribution. Note that the relation parameters passed to // this function have already been folded. Moreover, linear-dependent relations that act over the @@ -332,7 +334,8 @@ template class ProtogalaxyProverInternal { RelationUtils::add_nested_tuples(univariate_accumulators, accumulators); } // This does nothing if TupleOfTuples is TupleOfTuplesOfUnivariates - TupleOfTuplesOfUnivariates deoptimized_univariates = deoptimise_univariates(univariate_accumulators); + TupleOfTuplesOfUnivariatesNoOptimisticSkipping deoptimized_univariates = + deoptimise_univariates(univariate_accumulators); // Batch the univariate contributions from each sub-relation to obtain the round univariate return batch_over_relations(deoptimized_univariates, alphas); } @@ -343,52 +346,51 @@ template class ProtogalaxyProverInternal { */ static ExtendedUnivariateWithRandomization compute_combiner_no_optimistic_skipping( const ProverInstances& instances, - const PowPolynomial& pow_betas, + const GateSeparatorPolynomial& gate_separators, const UnivariateRelationParametersNoOptimisticSkipping& relation_parameters, const UnivariateRelationSeparator& alphas) { - TupleOfTuplesOfUnivariates accumulators; - return compute_combiner(instances, pow_betas, relation_parameters, alphas, accumulators); + TupleOfTuplesOfUnivariatesNoOptimisticSkipping accumulators; + return compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators); } static ExtendedUnivariateWithRandomization compute_combiner(const ProverInstances& instances, - const PowPolynomial& pow_betas, + const GateSeparatorPolynomial& gate_separators, const UnivariateRelationParameters& relation_parameters, const UnivariateRelationSeparator& alphas) { - OptimisedTupleOfTuplesOfUnivariates accumulators; - return compute_combiner(instances, pow_betas, relation_parameters, alphas, accumulators); + TupleOfTuplesOfUnivariates accumulators; + return compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators); } /** * @brief Convert univariates from optimised form to regular - * * @details We need to convert before we batch relations, since optimised versions don't have enough information to * extend the univariates to maximum length - * - * @param optimised_univariate_accumulators - * @param new_univariate_accumulators */ - template - static TupleOfTuplesOfUnivariates deoptimise_univariates(const PossiblyOptimisedTupleOfTuplesOfUnivariates& tup) + template + static TupleOfTuplesOfUnivariatesNoOptimisticSkipping deoptimise_univariates( + const TupleOfTuplesOfUnivariatePossiblyOptimistic& tup) { // If input does not have optimized operators, return the input - if constexpr (std::same_as) { + if constexpr (std::same_as) { return tup; } const auto deoptimise = [&](auto& element) { - auto& optimised_element = std::get(std::get(tup)); - element = optimised_element.convert(); + auto& element_with_skipping = std::get(std::get(tup)); + element = element_with_skipping.convert(); }; - TupleOfTuplesOfUnivariates result; + TupleOfTuplesOfUnivariatesNoOptimisticSkipping result; RelationUtils::template apply_to_tuple_of_tuples<0, 0>(result, deoptimise); return result; } - static ExtendedUnivariateWithRandomization batch_over_relations(TupleOfTuplesOfUnivariates& univariate_accumulators, - const UnivariateRelationSeparator& alpha) + static ExtendedUnivariateWithRandomization batch_over_relations( + TupleOfTuplesOfUnivariatesNoOptimisticSkipping& univariate_accumulators, + const UnivariateRelationSeparator& alpha) { auto result = std::get<0>(std::get<0>(univariate_accumulators)) .template extend_to(); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp index 2d96969cf8d..1f92af9dae1 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_mega.cpp @@ -5,5 +5,5 @@ #include "protogalaxy_prover_impl.hpp" namespace bb { -template class ProtoGalaxyProver_>; +template class ProtogalaxyProver_>; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp index 8cc9c4f768f..bf6ff176912 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_ultra.cpp @@ -4,5 +4,5 @@ // TODO(https://github.com/AztecProtocol/barretenberg/issues/1076) Remove this instantiation. namespace bb { -template class ProtoGalaxyProver_>; +template class ProtogalaxyProver_>; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index 4896413da80..a774b08e58b 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -6,7 +6,7 @@ namespace bb { template -void ProtoGalaxyVerifier_::receive_and_finalise_instance(const std::shared_ptr& inst, +void ProtogalaxyVerifier_::receive_and_finalise_instance(const std::shared_ptr& inst, const std::string& domain_separator) { OinkVerifier oink_verifier{ inst, transcript, domain_separator + '_' }; @@ -14,7 +14,7 @@ void ProtoGalaxyVerifier_::receive_and_finalise_instance(cons } template -void ProtoGalaxyVerifier_::prepare_for_folding(const std::vector& fold_data) +void ProtogalaxyVerifier_::prepare_for_folding(const std::vector& fold_data) { transcript = std::make_shared(fold_data); auto index = 0; @@ -35,7 +35,7 @@ void ProtoGalaxyVerifier_::prepare_for_folding(const std::vec } template -std::shared_ptr ProtoGalaxyVerifier_::verify_folding_proof( +std::shared_ptr ProtogalaxyVerifier_::verify_folding_proof( const std::vector& fold_data) { prepare_for_folding(fold_data); @@ -171,7 +171,7 @@ std::shared_ptr ProtoGalaxyVerifier_>; -template class ProtoGalaxyVerifier_>; +template class ProtogalaxyVerifier_>; +template class ProtogalaxyVerifier_>; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp index 0d08141c3f7..8c96456b1e4 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.hpp @@ -7,7 +7,7 @@ #include "barretenberg/transcript/transcript.hpp" namespace bb { -template class ProtoGalaxyVerifier_ { +template class ProtogalaxyVerifier_ { public: using Flavor = typename VerifierInstances::Flavor; using Transcript = typename Flavor::Transcript; @@ -27,9 +27,9 @@ template class ProtoGalaxyVerifier_ { CommitmentLabels commitment_labels; - ProtoGalaxyVerifier_(const std::vector>& insts) + ProtogalaxyVerifier_(const std::vector>& insts) : instances(VerifierInstances(insts)){}; - ~ProtoGalaxyVerifier_() = default; + ~ProtogalaxyVerifier_() = default; std::shared_ptr get_accumulator() { return instances[0]; } diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp index 12484eb37d6..90059bdf1e8 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.cpp @@ -15,7 +15,7 @@ std::vector update_gate_challenges(const fr& perturbator_challenge, } /** - * @brief For a new round challenge δ at each iteration of the ProtoGalaxy protocol, compute the vector + * @brief For a new round challenge δ at each iteration of the Protogalaxy protocol, compute the vector * [δ, δ^2,..., δ^t] where t = logn and n is the size of the instance. */ std::vector compute_round_challenge_pows(const size_t log_instance_size, const fr& round_challenge) diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp index ff21c50498b..412f5e44495 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/prover_verifier_shared.hpp @@ -12,7 +12,7 @@ std::vector update_gate_challenges(const fr& perturbator_challenge, const std::vector& init_challenges); /** - * @brief For a new round challenge δ at each iteration of the ProtoGalaxy protocol, compute the vector + * @brief For a new round challenge δ at each iteration of the Protogalaxy protocol, compute the vector * [δ, δ^2,..., δ^t] where t = logn and n is the size of the instance. */ std::vector compute_round_challenge_pows(const size_t log_instance_size, const fr& round_challenge); diff --git a/barretenberg/cpp/src/barretenberg/relations/nested_containers.hpp b/barretenberg/cpp/src/barretenberg/relations/nested_containers.hpp index 36a522eb161..719aa770ed3 100644 --- a/barretenberg/cpp/src/barretenberg/relations/nested_containers.hpp +++ b/barretenberg/cpp/src/barretenberg/relations/nested_containers.hpp @@ -44,7 +44,7 @@ using TupleOfUnivariates = typename TupleOfContainersOverArray -using OptimisedTupleOfUnivariates = +using TupleOfUnivariatesWithOptimisticSkipping = typename TupleOfContainersOverArray::type; template diff --git a/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp b/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp index 81da1f4df79..5ca396b2d6d 100644 --- a/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp +++ b/barretenberg/cpp/src/barretenberg/relations/relation_types.hpp @@ -178,14 +178,14 @@ template class Relation : public RelationImpl { *std::max_element(ZK_PARTIAL_LENGTHS.begin(), ZK_PARTIAL_LENGTHS.end()); template - using ProtogalaxyTupleOfUnivariatesOverSubrelations = + using ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping = TupleOfUnivariates(SUBRELATION_TOTAL_LENGTHS)>; template - using OptimisedProtogalaxyTupleOfUnivariatesOverSubrelations = - OptimisedTupleOfUnivariates( - SUBRELATION_TOTAL_LENGTHS), - NUM_INSTANCES - 1>; + using ProtogalaxyTupleOfUnivariatesOverSubrelations = + TupleOfUnivariatesWithOptimisticSkipping( + SUBRELATION_TOTAL_LENGTHS), + NUM_INSTANCES - 1>; using SumcheckTupleOfUnivariatesOverSubrelations = TupleOfUnivariates; // The containter constructor for sumcheck univariates corresponding to each subrelation in ZK Flavor's relations diff --git a/barretenberg/cpp/src/barretenberg/relations/utils.hpp b/barretenberg/cpp/src/barretenberg/relations/utils.hpp index 681363124ad..49fedad8c38 100644 --- a/barretenberg/cpp/src/barretenberg/relations/utils.hpp +++ b/barretenberg/cpp/src/barretenberg/relations/utils.hpp @@ -1,6 +1,6 @@ #pragma once #include "barretenberg/flavor/flavor.hpp" -#include "barretenberg/polynomials/pow.hpp" +#include "barretenberg/polynomials/gate_separator.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include #include diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp index 4f9f006a06d..b68e104615d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp @@ -11,7 +11,7 @@ class ClientIVCRecursiveVerifier { using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance; using RecursiveVerificationKey = RecursiveVerifierInstances::VerificationKey; using DeciderVerifier = DeciderRecursiveVerifier_; - using FoldingVerifier = ProtoGalaxyRecursiveVerifier_; + using FoldingVerifier = ProtogalaxyRecursiveVerifier_; using GoblinVerifier = GoblinRecursiveVerifier; public: diff --git a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.cpp index ce1428f06d7..5d0f02fdad1 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.cpp @@ -5,7 +5,7 @@ namespace bb::stdlib::recursion::honk { template -void ProtoGalaxyRecursiveVerifier_::receive_and_finalise_instance( +void ProtogalaxyRecursiveVerifier_::receive_and_finalise_instance( const std::shared_ptr& inst, std::string& domain_separator) { domain_separator = domain_separator + "_"; @@ -15,7 +15,7 @@ void ProtoGalaxyRecursiveVerifier_::receive_and_finalise_inst // TODO(https://github.com/AztecProtocol/barretenberg/issues/795): The rounds prior to actual verifying are common // between decider and folding verifier and could be somehow shared so we do not duplicate code so much. -template void ProtoGalaxyRecursiveVerifier_::prepare_for_folding() +template void ProtogalaxyRecursiveVerifier_::prepare_for_folding() { auto index = 0; auto inst = instances[0]; @@ -36,7 +36,7 @@ template void ProtoGalaxyRecursiveVerifier_ -std::shared_ptr ProtoGalaxyRecursiveVerifier_< +std::shared_ptr ProtogalaxyRecursiveVerifier_< VerifierInstances>::verify_folding_proof(const StdlibProof& proof) { using Transcript = typename Flavor::Transcript; @@ -131,13 +131,13 @@ std::shared_ptr ProtoGalaxyRecursiveVerifi return next_accumulator; } -template class ProtoGalaxyRecursiveVerifier_< +template class ProtogalaxyRecursiveVerifier_< RecursiveVerifierInstances_, 2>>; -template class ProtoGalaxyRecursiveVerifier_, 2>>; -template class ProtoGalaxyRecursiveVerifier_, 2>>; -template class ProtoGalaxyRecursiveVerifier_, 2>>; -template class ProtoGalaxyRecursiveVerifier_< +template class ProtogalaxyRecursiveVerifier_, 2>>; +template class ProtogalaxyRecursiveVerifier_, 2>>; +template class ProtogalaxyRecursiveVerifier_, 2>>; +template class ProtogalaxyRecursiveVerifier_< RecursiveVerifierInstances_, 2>>; -template class ProtoGalaxyRecursiveVerifier_< +template class ProtogalaxyRecursiveVerifier_< RecursiveVerifierInstances_, 2>>; } // namespace bb::stdlib::recursion::honk \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp index 66b79a326da..0a1d139ef57 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp @@ -9,7 +9,7 @@ #include "barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp" namespace bb::stdlib::recursion::honk { -template class ProtoGalaxyRecursiveVerifier_ { +template class ProtogalaxyRecursiveVerifier_ { public: using Flavor = typename VerifierInstances::Flavor; using NativeFlavor = typename Flavor::NativeFlavor; @@ -43,14 +43,14 @@ template class ProtoGalaxyRecursiveVerifier_ { std::shared_ptr transcript; VerifierInstances instances; - ProtoGalaxyRecursiveVerifier_(Builder* builder, + ProtogalaxyRecursiveVerifier_(Builder* builder, const std::shared_ptr& accumulator, const std::vector>& instance_vks) : builder(builder) , instances(VerifierInstances(builder, accumulator, instance_vks)){}; /** - * @brief Given a new round challenge δ for each iteration of the full ProtoGalaxy protocol, compute the vector + * @brief Given a new round challenge δ for each iteration of the full Protogalaxy protocol, compute the vector * [δ, δ^2,..., δ^t] where t = logn and n is the size of the instance. */ static std::vector compute_round_challenge_pows(size_t log_instance_size, FF round_challenge) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp index 3486b600f35..7e4f0c69a09 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp @@ -15,7 +15,7 @@ #include "barretenberg/ultra_honk/ultra_verifier.hpp" namespace bb::stdlib::recursion::honk { -template class ProtoGalaxyRecursiveTests : public testing::Test { +template class ProtogalaxyRecursiveTests : public testing::Test { public: // Define types for the inner circuit, i.e. the circuit whose proof will be recursively verified using InnerFlavor = typename RecursiveFlavor::NativeFlavor; @@ -39,14 +39,14 @@ template class ProtoGalaxyRecursiveTests : public tes using RecursiveVerifierInstances = ::bb::stdlib::recursion::honk::RecursiveVerifierInstances_; using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance; using RecursiveVerificationKey = RecursiveVerifierInstances::VerificationKey; - using FoldingRecursiveVerifier = ProtoGalaxyRecursiveVerifier_; + using FoldingRecursiveVerifier = ProtogalaxyRecursiveVerifier_; using DeciderRecursiveVerifier = DeciderRecursiveVerifier_; using InnerDeciderProver = DeciderProver_; using InnerDeciderVerifier = DeciderVerifier_; using InnerVerifierInstances = VerifierInstances_; using InnerProverInstances = ProverInstances_; - using InnerFoldingVerifier = ProtoGalaxyVerifier_; - using InnerFoldingProver = ProtoGalaxyProver_; + using InnerFoldingVerifier = ProtogalaxyVerifier_; + using InnerFoldingProver = ProtogalaxyProver_; static void SetUpTestSuite() { bb::srs::init_crs_factory("../srs_db/ignition"); } /** @@ -391,35 +391,35 @@ template class ProtoGalaxyRecursiveTests : public tes using FlavorTypes = testing::Types, MegaRecursiveFlavor_>; -TYPED_TEST_SUITE(ProtoGalaxyRecursiveTests, FlavorTypes); +TYPED_TEST_SUITE(ProtogalaxyRecursiveTests, FlavorTypes); -TYPED_TEST(ProtoGalaxyRecursiveTests, InnerCircuit) +TYPED_TEST(ProtogalaxyRecursiveTests, InnerCircuit) { TestFixture::test_circuit(); } -TYPED_TEST(ProtoGalaxyRecursiveTests, NewEvaluate) +TYPED_TEST(ProtogalaxyRecursiveTests, NewEvaluate) { TestFixture::test_new_evaluate(); } -TYPED_TEST(ProtoGalaxyRecursiveTests, RecursiveFoldingTest) +TYPED_TEST(ProtogalaxyRecursiveTests, RecursiveFoldingTest) { TestFixture::test_recursive_folding(); } -TYPED_TEST(ProtoGalaxyRecursiveTests, FullProtogalaxyRecursiveTest) +TYPED_TEST(ProtogalaxyRecursiveTests, FullProtogalaxyRecursiveTest) { TestFixture::test_full_protogalaxy_recursive(); } -TYPED_TEST(ProtoGalaxyRecursiveTests, TamperedDeciderProof) +TYPED_TEST(ProtogalaxyRecursiveTests, TamperedDeciderProof) { TestFixture::test_tampered_decider_proof(); } -TYPED_TEST(ProtoGalaxyRecursiveTests, TamperedAccumulator) +TYPED_TEST(ProtogalaxyRecursiveTests, TamperedAccumulator) { TestFixture::test_tampered_accumulator(); } diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp index f614265b156..27a9b5dc472 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/mega_flavor.hpp @@ -85,11 +85,11 @@ class MegaFlavor { using RelationSeparator = std::array; template - using ProtogalaxyTupleOfTuplesOfUnivariates = + using ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping = decltype(create_protogalaxy_tuple_of_tuples_of_univariates()); template - using OptimisedProtogalaxyTupleOfTuplesOfUnivariates = + using ProtogalaxyTupleOfTuplesOfUnivariates = decltype(create_protogalaxy_tuple_of_tuples_of_univariates()); @@ -682,7 +682,7 @@ class MegaFlavor { * @details During folding and sumcheck, the prover evaluates the relations on these univariates. */ template - using OptimisedProverUnivariates = AllEntities>; + using ProverUnivariatesWithOptimisticSkipping = AllEntities>; /** * @brief A container for univariates produced during the hot loop in sumcheck. diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp index f5d4f58ddd8..c25a1c736b6 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_flavor.hpp @@ -84,10 +84,10 @@ class UltraFlavor { static constexpr size_t NUM_RELATIONS = std::tuple_size_v; template - using ProtogalaxyTupleOfTuplesOfUnivariates = + using ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping = decltype(create_protogalaxy_tuple_of_tuples_of_univariates()); template - using OptimisedProtogalaxyTupleOfTuplesOfUnivariates = + using ProtogalaxyTupleOfTuplesOfUnivariates = decltype(create_protogalaxy_tuple_of_tuples_of_univariates()); @@ -570,7 +570,7 @@ class UltraFlavor { * @details During folding and sumcheck, the prover evaluates the relations on these univariates. */ template - using OptimisedProverUnivariates = AllEntities>; + using ProverUnivariatesWithOptimisticSkipping = AllEntities>; /** * @brief A container for univariates produced during the hot loop in sumcheck. diff --git a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak.hpp b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak.hpp index add2e13f272..82b5e9dcd3f 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib_circuit_builders/ultra_keccak.hpp @@ -79,10 +79,10 @@ class UltraKeccakFlavor { static constexpr size_t NUM_RELATIONS = std::tuple_size_v; template - using ProtogalaxyTupleOfTuplesOfUnivariates = + using ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping = decltype(create_protogalaxy_tuple_of_tuples_of_univariates()); template - using OptimisedProtogalaxyTupleOfTuplesOfUnivariates = + using ProtogalaxyTupleOfTuplesOfUnivariates = decltype(create_protogalaxy_tuple_of_tuples_of_univariates()); @@ -502,7 +502,7 @@ class UltraKeccakFlavor { * @details During folding and sumcheck, the prover evaluates the relations on these univariates. */ template - using OptimisedProverUnivariates = AllEntities>; + using ProverUnivariatesWithOptimisticSkipping = AllEntities>; /** * @brief A container for univariates produced during the hot loop in sumcheck. diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp index a71bcb1f2c8..c7dbbf6caff 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp @@ -79,7 +79,7 @@ to the transcript. ## Round Univariates -\subsubsection SumcheckProverContributionsofPow Contributions of PowPolynomial +\subsubsection SumcheckProverContributionsofPow Contributions of GateSeparatorPolynomial * Let \f$ \vec \beta = (\beta_0,\ldots, \beta_{d-1}) \in \mathbb{F}\f$ be a vector of challenges. * @@ -91,7 +91,7 @@ is computed as follows. First, we introduce notation - \f$ S^i_{\ell} (X_i) = F \left(P_1(u_0,\ldots, u_{i-1}, X_i, \vec \ell), \ldots, P_1(u_0,\ldots, u_{i-1}, X_i, \vec \ell) \right) \f$ - As explained in \ref bb::PowPolynomial "PowPolynomial", + As explained in \ref bb::GateSeparatorPolynomial "GateSeparatorPolynomial", \f{align}{ \tilde{S}^{i}(X_i) = \sum_{ \ell = 0} ^{2^{d-i-1}-1} pow^i_\beta ( X_i, \ell_{i+1}, \ldots, \ell_{d-1} ) \cdot S^i_{\ell}( X_i ) = c_i\cdot ( (1−X_i) + X_i\cdot \beta_i ) \cdot \sum_{\ell = 0}^{2^{d-i-1}-1} \beta_{i+1}^{\ell_{i+1}} @@ -211,7 +211,7 @@ template class SumcheckProver { setup_zk_sumcheck_data(zk_sumcheck_data); }; - bb::PowPolynomial pow_univariate(gate_challenges, multivariate_d); + bb::GateSeparatorPolynomial gate_separators(gate_challenges, multivariate_d); std::vector multivariate_challenge; multivariate_challenge.reserve(multivariate_d); @@ -220,7 +220,7 @@ template class SumcheckProver { // #partially_evaluated_polynomials, which has \f$ n/2 \f$ rows and \f$ N \f$ columns. When the Flavor has ZK, // compute_univariate also takes into account the zk_sumcheck_data. auto round_univariate = round.compute_univariate( - round_idx, full_polynomials, relation_parameters, pow_univariate, alpha, zk_sumcheck_data); + round_idx, full_polynomials, relation_parameters, gate_separators, alpha, zk_sumcheck_data); { ZoneScopedN("rest of sumcheck round 1"); @@ -234,7 +234,7 @@ template class SumcheckProver { if constexpr (Flavor::HasZK) { update_zk_sumcheck_data(zk_sumcheck_data, round_challenge, round_idx); }; - pow_univariate.partially_evaluate(round_challenge); + gate_separators.partially_evaluate(round_challenge); round.round_size = round.round_size >> 1; // TODO(#224)(Cody): Maybe partially_evaluate should do this and // release memory? // All but final round // We operate on partially_evaluated_polynomials in place. @@ -245,7 +245,7 @@ template class SumcheckProver { round_univariate = round.compute_univariate(round_idx, partially_evaluated_polynomials, relation_parameters, - pow_univariate, + gate_separators, alpha, zk_sumcheck_data); // Place evaluations of Sumcheck Round Univariate in the transcript @@ -259,7 +259,7 @@ template class SumcheckProver { update_zk_sumcheck_data(zk_sumcheck_data, round_challenge, round_idx); }; - pow_univariate.partially_evaluate(round_challenge); + gate_separators.partially_evaluate(round_challenge); round.round_size = round.round_size >> 1; } // Check that the challenges \f$ u_0,\ldots, u_{d-1} \f$ do not satisfy the equation \f$ u_0(1-u_0) + \ldots + @@ -649,7 +649,7 @@ polynomials that are sent in clear. * ### Final Verification Step * - Extract \ref ClaimedEvaluations of prover polynomials \f$P_1,\ldots, P_N\f$ at the challenge point \f$ (u_0,\ldots,u_{d-1}) \f$ from the transcript and \ref bb::SumcheckVerifierRound< Flavor - >::compute_full_honk_relation_purported_value "compute evaluation:" + >::compute_full_relation_purported_value "compute evaluation:" \f{align}{\tilde{F}\left( P_1(u_0,\ldots, u_{d-1}), \ldots, P_N(u_0,\ldots, u_{d-1}) \right)\f} and store it at \f$ \texttt{full_honk_relation_purported_value} \f$. * - Compare \f$ \sigma_d \f$ against the evaluation of \f$ \tilde{F} \f$ at \f$P_1(u_0,\ldots, u_{d-1}), \ldots, @@ -716,7 +716,7 @@ template class SumcheckVerifier { { bool verified(true); - bb::PowPolynomial pow_univariate(gate_challenges); + bb::GateSeparatorPolynomial gate_separators(gate_challenges); // All but final round. // target_total_sum is initialized to zero then mutated in place. @@ -758,7 +758,7 @@ template class SumcheckVerifier { multivariate_challenge.emplace_back(round_challenge); round.compute_next_target_sum(round_univariate, round_challenge, dummy_round); - pow_univariate.partially_evaluate(round_challenge, dummy_round); + gate_separators.partially_evaluate(round_challenge, dummy_round); } else { if (round_idx < multivariate_d) { @@ -766,7 +766,7 @@ template class SumcheckVerifier { verified = verified && checked; multivariate_challenge.emplace_back(round_challenge); round.compute_next_target_sum(round_univariate, round_challenge); - pow_univariate.partially_evaluate(round_challenge); + gate_separators.partially_evaluate(round_challenge); } else { multivariate_challenge.emplace_back(round_challenge); } @@ -792,8 +792,8 @@ template class SumcheckVerifier { } // Evaluate the Honk relation at the point (u_0, ..., u_{d-1}) using claimed evaluations of prover polynomials. // In ZK Flavors, the evaluation is corrected by full_libra_purported_value - FF full_honk_purported_value = round.compute_full_honk_relation_purported_value( - purported_evaluations, relation_parameters, pow_univariate, alpha, full_libra_purported_value); + FF full_honk_purported_value = round.compute_full_relation_purported_value( + purported_evaluations, relation_parameters, gate_separators, alpha, full_libra_purported_value); bool final_check(false); //! [Final Verification Step] if constexpr (IsRecursiveFlavor) { diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp index 2a0fad04e6b..4e9d11108af 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp @@ -1,7 +1,7 @@ #pragma once #include "barretenberg/common/thread.hpp" #include "barretenberg/flavor/flavor.hpp" -#include "barretenberg/polynomials/pow.hpp" +#include "barretenberg/polynomials/gate_separator.hpp" #include "barretenberg/relations/relation_parameters.hpp" #include "barretenberg/relations/relation_types.hpp" #include "barretenberg/relations/utils.hpp" @@ -157,7 +157,7 @@ template class SumcheckProverRound { const size_t round_idx, ProverPolynomialsOrPartiallyEvaluatedMultivariates& polynomials, const bb::RelationParameters& relation_parameters, - const bb::PowPolynomial& pow_polynomial, + const bb::GateSeparatorPolynomial& gate_sparators, const RelationSeparator alpha, std::optional> zk_sumcheck_data = std::nullopt) // only submitted when Flavor HasZK { @@ -201,7 +201,7 @@ template class SumcheckProverRound { accumulate_relation_univariates(thread_univariate_accumulators[thread_idx], extended_edges[thread_idx], relation_parameters, - pow_polynomial[(edge_idx >> 1) * pow_polynomial.periodicity]); + gate_sparators[(edge_idx >> 1) * gate_sparators.periodicity]); } }); @@ -214,13 +214,13 @@ template class SumcheckProverRound { auto libra_round_univariate = compute_libra_round_univariate(zk_sumcheck_data.value(), round_idx); // Batch the univariate contributions from each sub-relation to obtain the round univariate auto round_univariate = - batch_over_relations(univariate_accumulators, alpha, pow_polynomial); + batch_over_relations(univariate_accumulators, alpha, gate_sparators); // Mask the round univariate return round_univariate + libra_round_univariate; } // Batch the univariate contributions from each sub-relation to obtain the round univariate else { - return batch_over_relations(univariate_accumulators, alpha, pow_polynomial); + return batch_over_relations(univariate_accumulators, alpha, gate_sparators); } } @@ -238,18 +238,18 @@ template class SumcheckProverRound { * \tilde{S}^i(D))\f$. * * @param challenge Challenge \f$\alpha\f$. - * @param pow_polynomial Round \f$pow_{\beta}\f$-factor given by \f$ ( (1−u_i) + u_i\cdot \beta_i )\f$. + * @param gate_sparators Round \f$pow_{\beta}\f$-factor given by \f$ ( (1−u_i) + u_i\cdot \beta_i )\f$. */ template static ExtendedUnivariate batch_over_relations(ContainerOverSubrelations& univariate_accumulators, const RelationSeparator& challenge, - const bb::PowPolynomial& pow_polynomial) + const bb::GateSeparatorPolynomial& gate_sparators) { auto running_challenge = FF(1); Utils::scale_univariates(univariate_accumulators, challenge, running_challenge); auto result = ExtendedUnivariate(0); - extend_and_batch_univariates(univariate_accumulators, result, pow_polynomial); + extend_and_batch_univariates(univariate_accumulators, result, gate_sparators); // Reset all univariate accumulators to 0 before beginning accumulation in the next round Utils::zero_univariates(univariate_accumulators); @@ -267,16 +267,16 @@ template class SumcheckProverRound { * @tparam extended_size Size after extension * @param tuple A tuple of tuples of Univariates * @param result Round univariate \f$ \tilde{S}^i\f$ represented by its evaluations over \f$ \{0,\ldots, D\} \f$. - * @param pow_polynomial Round \f$pow_{\beta}\f$-factor \f$ ( (1−X_i) + X_i\cdot \beta_i )\f$. + * @param gate_sparators Round \f$pow_{\beta}\f$-factor \f$ ( (1−X_i) + X_i\cdot \beta_i )\f$. */ template static void extend_and_batch_univariates(const TupleOfTuplesOfUnivariates& tuple, ExtendedUnivariate& result, - const bb::PowPolynomial& pow_polynomial) + const bb::GateSeparatorPolynomial& gate_sparators) { ExtendedUnivariate extended_random_polynomial; // Pow-Factor \f$ (1-X) + X\beta_i \f$ - auto random_polynomial = bb::Univariate({ 1, pow_polynomial.current_element() }); + auto random_polynomial = bb::Univariate({ 1, gate_sparators.current_element() }); extended_random_polynomial = random_polynomial.template extend_to(); auto extend_and_sum = [&](Element& element) { @@ -295,7 +295,7 @@ template class SumcheckProverRound { // Multiply by the pow polynomial univariate contribution and the partial // evaluation result c_i (i.e. \f$ pow(u_0,...,u_{l-1})) \f$ where \f$(u_0,...,u_{i-1})\f$ are the // verifier challenges from previous rounds. - result += extended * extended_random_polynomial * pow_polynomial.partial_evaluation_result; + result += extended * extended_random_polynomial * gate_sparators.partial_evaluation_result; } }; Utils::apply_to_tuple_of_tuples(tuple, extend_and_sum); @@ -347,7 +347,8 @@ template class SumcheckProverRound { * @param extended_edges Contains tuples of evaluations of \f$ P_j\left(u_0,\ldots, u_{i-1}, k, \vec \ell \right) *\f$, for \f$ j=1,\ldots, N \f$, \f$ k \in \{0,\ldots, D\} \f$ and fixed \f$\vec \ell \in \{0,1\}^{d-1 - i} \f$. * @param scaling_factor In Round \f$ i \f$, for \f$ (\ell_{i+1}, \ldots, \ell_{d-1}) \in \{0,1\}^{d-1-i}\f$ takes - *an element of \ref bb::PowPolynomial< FF >::pow_betas "vector of powers of challenges" at index \f$ 2^{i+1} + *an element of \ref bb::GateSeparatorPolynomial< FF >::beta_products "vector of powers of challenges" at index \f$ + *2^{i+1} *(\ell_{i+1} 2^{i+1} +\ldots + \ell_{d-1} 2^{d-1})\f$. * @result #univariate_accumulators are updated with the contribution from the current group of edges. For each * relation, a univariate of some degree is computed by accumulating the contributions of each group of edges. @@ -391,7 +392,7 @@ template class SumcheckProverRound { * * The last step of the verifification requires to compute the value \f$ pow(u_0,\ldots, u_{d-1}) \cdot F \left(P_1(u_0,\ldots, u_{d-1}), \ldots, P_N(u_0,\ldots, u_{d-1}) \right) \f$ implemented as - * - \ref compute_full_honk_relation_purported_value method needed at the last verification step. + * - \ref compute_full_relation_purported_value method needed at the last verification step. */ template class SumcheckVerifierRound { using Utils = bb::RelationUtils; @@ -515,18 +516,15 @@ template class SumcheckVerifierRound { * method computes the evaluation of \f$ \tilde{F} \f$ taking these values as arguments. * */ - // also copy paste in PG - // so instead of having claimed evaluations of each relation in part you have the actual evaluations - // kill the pow_univariate - FF compute_full_honk_relation_purported_value(ClaimedEvaluations purported_evaluations, - const bb::RelationParameters& relation_parameters, - const bb::PowPolynomial& pow_polynomial, - const RelationSeparator alpha, - std::optional full_libra_purported_value = std::nullopt) + FF compute_full_relation_purported_value(ClaimedEvaluations purported_evaluations, + const bb::RelationParameters& relation_parameters, + const bb::GateSeparatorPolynomial& gate_sparators, + const RelationSeparator alpha, + std::optional full_libra_purported_value = std::nullopt) { // The verifier should never skip computation of contributions from any relation Utils::template accumulate_relation_evaluations_without_skipping<>( - purported_evaluations, relation_evaluations, relation_parameters, pow_polynomial.partial_evaluation_result); + purported_evaluations, relation_evaluations, relation_parameters, gate_sparators.partial_evaluation_result); FF running_challenge{ 1 }; FF output{ 0 }; diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.test.cpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.test.cpp index 932ab785acf..236757ac1b8 100644 --- a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.test.cpp +++ b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.test.cpp @@ -33,9 +33,9 @@ TEST(SumcheckRound, SumcheckTupleOfTuplesOfUnivariates) RelationUtils::scale_univariates(tuple_of_tuples, challenge, running_challenge); // Use extend_and_batch_univariates to extend to MAX_LENGTH then accumulate - PowPolynomial pow_polynomial({ 1 }); + GateSeparatorPolynomial gate_separators({ 1 }); auto result = Univariate(); - SumcheckProverRound::extend_and_batch_univariates(tuple_of_tuples, result, pow_polynomial); + SumcheckProverRound::extend_and_batch_univariates(tuple_of_tuples, result, gate_separators); // Repeat the batching process manually auto result_expected = univariate_1.template extend_to() * 1 + diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp index e4366719644..338a49da101 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp @@ -374,7 +374,7 @@ class AvmFlavor { * @details During folding and sumcheck, the prover evaluates the relations on these univariates. */ template - using OptimisedProverUnivariates = AllEntities>; + using ProverUnivariatesWithOptimisticSkipping = AllEntities>; /** * @brief A container for univariates produced during the hot loop in sumcheck. diff --git a/bb-pilcom/bb-pil-backend/templates/flavor.hpp.hbs b/bb-pilcom/bb-pil-backend/templates/flavor.hpp.hbs index c0a9924a0f0..3313db0fedb 100644 --- a/bb-pilcom/bb-pil-backend/templates/flavor.hpp.hbs +++ b/bb-pilcom/bb-pil-backend/templates/flavor.hpp.hbs @@ -257,13 +257,13 @@ class {{name}}Flavor { template using ProverUnivariates = AllEntities>; - /** - * @brief A container for univariates used during Protogalaxy folding and sumcheck with some of the computation - * optimistically ignored - * @details During folding and sumcheck, the prover evaluates the relations on these univariates. - */ - template - using OptimisedProverUnivariates = AllEntities>; + /** + * @brief A container for univariates used during Protogalaxy folding and sumcheck with some of the computation + * optimistically ignored + * @details During folding and sumcheck, the prover evaluates the relations on these univariates. + */ + template + using ProverUnivariatesWithOptimisticSkipping = AllEntities>; /** * @brief A container for univariates produced during the hot loop in sumcheck.