Merge branch 'master' into zpedro/getting_started_reorder

.circleci/config.yml

@@ -440,16 +440,6 @@ jobs:
           command: |
             should_release || exit 0
             yarn-project/deploy_npm.sh latest
-      - run:
-          name: "Release canary to NPM: l1-contracts"
-          command: |
-            should_release || exit 0
-            deploy_npm l1-contracts canary
-      - run:
-          name: "Release latest to NPM: l1-contracts"
-          command: |
-            should_release || exit 0
-            deploy_npm l1-contracts latest
       - run:
           name: "Update aztec-up"
           command: |

.github/workflows/vm_full_tests.yml

@@ -55,6 +55,7 @@ jobs:
           concurrency_key: avm-full-tests-x86
       - name: "AVM Full Tests"
         working-directory: ./barretenberg/cpp/
-        timeout-minutes: 90
-        # limit our parallelism to half our cores
-        run: earthly-ci --no-output +vm-full-test --hardware_concurrency=64
+        timeout-minutes: 70
+        run: |
+          sudo shutdown -P 70 # hack until core part of the scripts
+          earthly-ci --no-output +vm-full-test --hardware_concurrency=64  # limit our parallelism to half our cores

barretenberg/acir_tests/gen_inner_proof_inputs_ultra_honk.sh

@@ -3,7 +3,7 @@
 #   BIN: to specify a different binary to test with (e.g. bb.js or bb.js-dev).
 set -eu
 
-BIN=${BIN:-../cpp/build-debug/bin/bb}
+BIN=${BIN:-../cpp/build/bin/bb}
 CRS_PATH=~/.bb-crs
 BRANCH=master
 VERBOSE=${VERBOSE:-}

barretenberg/cpp/src/barretenberg/benchmark/ipa_bench/ipa.bench.cpp

@@ -43,7 +43,7 @@ void ipa_open(State& state) noexcept
         auto prover_transcript = std::make_shared<NativeTranscript>();
         state.ResumeTiming();
         // Compute proof
-        IPA<Curve>::compute_opening_proof(ck, opening_pair, poly, prover_transcript);
+        IPA<Curve>::compute_opening_proof(ck, { poly, opening_pair }, prover_transcript);
         // Store info for verifier
         prover_transcripts[static_cast<size_t>(state.range(0)) - MIN_POLYNOMIAL_DEGREE_LOG2] = prover_transcript;
         opening_claims[static_cast<size_t>(state.range(0)) - MIN_POLYNOMIAL_DEGREE_LOG2] = opening_claim;

barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp

@@ -65,7 +65,7 @@ BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, UltraArithmeticRelati
 BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, DeltaRangeConstraintRelation<Fr>>);
 BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, EllipticRelation<Fr>>);
 BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, AuxiliaryRelation<Fr>>);
-BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, LookupRelation<Fr>>);
+BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, LogDerivLookupRelation<Fr>>);
 BENCHMARK(execute_relation_for_pg_univariates<UltraFlavor, UltraPermutationRelation<Fr>>);
 
 // Goblin-Ultra only relations (PG prover combiner work)
@@ -79,7 +79,7 @@ BENCHMARK(execute_relation_for_univariates<UltraFlavor, UltraArithmeticRelation<
 BENCHMARK(execute_relation_for_univariates<UltraFlavor, DeltaRangeConstraintRelation<Fr>>);
 BENCHMARK(execute_relation_for_univariates<UltraFlavor, EllipticRelation<Fr>>);
 BENCHMARK(execute_relation_for_univariates<UltraFlavor, AuxiliaryRelation<Fr>>);
-BENCHMARK(execute_relation_for_univariates<UltraFlavor, LookupRelation<Fr>>);
+BENCHMARK(execute_relation_for_univariates<UltraFlavor, LogDerivLookupRelation<Fr>>);
 BENCHMARK(execute_relation_for_univariates<UltraFlavor, UltraPermutationRelation<Fr>>);
 
 // Goblin-Ultra only relations (Sumcheck prover work)
@@ -93,7 +93,7 @@ BENCHMARK(execute_relation_for_values<UltraFlavor, UltraArithmeticRelation<Fr>>)
 BENCHMARK(execute_relation_for_values<UltraFlavor, DeltaRangeConstraintRelation<Fr>>);
 BENCHMARK(execute_relation_for_values<UltraFlavor, EllipticRelation<Fr>>);
 BENCHMARK(execute_relation_for_values<UltraFlavor, AuxiliaryRelation<Fr>>);
-BENCHMARK(execute_relation_for_values<UltraFlavor, LookupRelation<Fr>>);
+BENCHMARK(execute_relation_for_values<UltraFlavor, LogDerivLookupRelation<Fr>>);
 BENCHMARK(execute_relation_for_values<UltraFlavor, UltraPermutationRelation<Fr>>);
 
 // Goblin-Ultra only relations (verifier work)

barretenberg/cpp/src/barretenberg/circuit_checker/ultra_circuit_builder.test.cpp

@@ -1,6 +1,7 @@
 #include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
 #include "barretenberg/circuit_checker/circuit_checker.hpp"
 #include "barretenberg/crypto/pedersen_commitment/pedersen.hpp"
+#include "barretenberg/stdlib_circuit_builders/mock_circuits.hpp"
 #include "barretenberg/stdlib_circuit_builders/plookup_tables/fixed_base/fixed_base.hpp"
 
 #include <gtest/gtest.h>
@@ -104,6 +105,22 @@ TEST(ultra_circuit_constructor, create_gates_from_plookup_accumulators)
     EXPECT_EQ(result, true);
 }
 
+TEST(ultra_circuit_constructor, bad_lookup_failure)
+{
+    UltraCircuitBuilder builder;
+    MockCircuits::add_lookup_gates(builder);
+
+    // Erroneously set a non-zero wire value to zero in one of the lookup gates
+    for (auto& wire_3_witness_idx : builder.blocks.lookup.w_o()) {
+        if (wire_3_witness_idx != builder.zero_idx) {
+            wire_3_witness_idx = builder.zero_idx;
+            break;
+        }
+    }
+
+    EXPECT_FALSE(CircuitChecker::check(builder));
+}
+
 TEST(ultra_circuit_constructor, base_case)
 {
     UltraCircuitBuilder circuit_constructor = UltraCircuitBuilder();

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.fuzzer.cpp

@@ -21,11 +21,10 @@ class ProxyCaller {
   public:
     template <typename Transcript>
     static void compute_opening_proof_internal(const std::shared_ptr<CommitmentKey<Curve>>& ck,
-                                               const OpeningPair<Curve>& opening_pair,
-                                               const Polynomial<Curve::ScalarField>& polynomial,
+                                               const ProverOpeningClaim<Curve>& opening_claim,
                                                const std::shared_ptr<Transcript>& transcript)
     {
-        IPA<Curve>::compute_opening_proof_internal(ck, opening_pair, polynomial, transcript);
+        IPA<Curve>::compute_opening_proof_internal(ck, opening_claim, transcript);
     }
     template <typename Transcript>
     static bool verify_internal(const std::shared_ptr<VerifierCommitmentKey<Curve>>& vk,
@@ -145,7 +144,7 @@ extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size)
     }
     auto const opening_pair = OpeningPair<Curve>{ x, poly.evaluate(x) };
     auto const opening_claim = OpeningClaim<Curve>{ opening_pair, ck->commit(poly) };
-    ProxyCaller::compute_opening_proof_internal(ck, opening_pair, poly, transcript);
+    ProxyCaller::compute_opening_proof_internal(ck, { poly, opening_pair }, transcript);
 
     // Reset challenge indices
     transcript->reset_indices();

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp

@@ -130,10 +130,12 @@ template <typename Curve_> class IPA {
     */ 
    template <typename Transcript>
    static void compute_opening_proof_internal(const std::shared_ptr<CK>& ck,
-                                              const OpeningPair<Curve>& opening_pair,
-                                              const Polynomial& polynomial,
+                                              const ProverOpeningClaim<Curve>& opening_claim,
                                               const std::shared_ptr<Transcript>& transcript)
    {
+
+        Polynomial polynomial = opening_claim.polynomial;
+
         // clang-format on
         auto poly_length = static_cast<size_t>(polynomial.size());
 
@@ -184,6 +186,7 @@ template <typename Curve_> class IPA {
 
         // Step 5.
         // Compute vector b (vector of the powers of the challenge)
+        OpeningPair<Curve> opening_pair = opening_claim.opening_pair;
         std::vector<Fr> b_vec(poly_length);
         run_loop_in_parallel_if_effective(
             poly_length,
@@ -603,11 +606,10 @@ template <typename Curve_> class IPA {
      * compute_opening_proof_internal \endlink.
      */
     static void compute_opening_proof(const std::shared_ptr<CK>& ck,
-                                      const OpeningPair<Curve>& opening_pair,
-                                      const Polynomial& polynomial,
+                                      const ProverOpeningClaim<Curve>& opening_claim,
                                       const std::shared_ptr<NativeTranscript>& transcript)
     {
-        compute_opening_proof_internal(ck, opening_pair, polynomial, transcript);
+        compute_opening_proof_internal(ck, opening_claim, transcript);
     }
 
     /**

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.test.cpp

@@ -67,7 +67,7 @@ TEST_F(IPATest, OpenZeroPolynomial)
 
     // initialize empty prover transcript
     auto prover_transcript = std::make_shared<NativeTranscript>();
-    IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);
+    IPA::compute_opening_proof(this->ck(), { poly, opening_pair }, prover_transcript);
 
     // initialize verifier transcript from proof data
     auto verifier_transcript = std::make_shared<NativeTranscript>(prover_transcript->proof_data);
@@ -92,7 +92,7 @@ TEST_F(IPATest, OpenAtZero)
 
     // initialize empty prover transcript
     auto prover_transcript = std::make_shared<NativeTranscript>();
-    IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);
+    IPA::compute_opening_proof(this->ck(), { poly, opening_pair }, prover_transcript);
 
     // initialize verifier transcript from proof data
     auto verifier_transcript = std::make_shared<NativeTranscript>(prover_transcript->proof_data);
@@ -131,7 +131,7 @@ TEST_F(IPATest, ChallengesAreZero)
         auto new_random_vector = random_vector;
         new_random_vector[i] = Fr::zero();
         transcript->initialize(new_random_vector);
-        EXPECT_ANY_THROW(IPA::compute_opening_proof_internal(this->ck(), opening_pair, poly, transcript));
+        EXPECT_ANY_THROW(IPA::compute_opening_proof_internal(this->ck(), { poly, opening_pair }, transcript));
     }
     // Fill out a vector of affine elements that the verifier receives from the prover with generators (we don't care
     // about them right now)
@@ -181,7 +181,7 @@ TEST_F(IPATest, AIsZeroAfterOneRound)
     transcript->initialize(random_vector);
 
     // Compute opening proof
-    IPA::compute_opening_proof_internal(this->ck(), opening_pair, poly, transcript);
+    IPA::compute_opening_proof_internal(this->ck(), { poly, opening_pair }, transcript);
 
     // Reset indices
     transcript->reset_indices();
@@ -221,7 +221,7 @@ TEST_F(IPATest, Open)
 
     // initialize empty prover transcript
     auto prover_transcript = std::make_shared<NativeTranscript>();
-    IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);
+    IPA::compute_opening_proof(this->ck(), { poly, opening_pair }, prover_transcript);
 
     // initialize verifier transcript from proof data
     auto verifier_transcript = std::make_shared<NativeTranscript>(prover_transcript->proof_data);
@@ -295,22 +295,18 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
     const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations(
         mle_opening_point, std::move(gemini_polynomials), r_challenge);
 
+    std::vector<ProverOpeningClaim<Curve>> opening_claims;
+
     for (size_t l = 0; l < log_n; ++l) {
         std::string label = "Gemini:a_" + std::to_string(l);
         const auto& evaluation = gemini_opening_pairs[l + 1].evaluation;
         prover_transcript->send_to_verifier(label, evaluation);
+        opening_claims.emplace_back(gemini_witnesses[l], gemini_opening_pairs[l]);
     }
+    opening_claims.emplace_back(gemini_witnesses[log_n], gemini_opening_pairs[log_n]);
 
-    const Fr nu_challenge = prover_transcript->template get_challenge<Fr>("Shplonk:nu");
-    auto batched_quotient_Q =
-        ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge);
-    prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
-
-    const Fr z_challenge = prover_transcript->template get_challenge<Fr>("Shplonk:z");
-    const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient(
-        gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);
-
-    IPA::compute_opening_proof(this->ck(), shplonk_opening_pair, shplonk_witness, prover_transcript);
+    const auto opening_claim = ShplonkProver::prove(this->ck(), opening_claims, prover_transcript);
+    IPA::compute_opening_proof(this->ck(), opening_claim, prover_transcript);
 
     auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);
 
@@ -321,7 +317,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
                                                                      verifier_transcript);
 
     const auto shplonk_verifier_claim =
-        ShplonkVerifier::reduce_verification(this->vk(), gemini_verifier_claim, verifier_transcript);
+        ShplonkVerifier::reduce_verification(this->vk()->get_g1_identity(), gemini_verifier_claim, verifier_transcript);
     auto result = IPA::reduce_verify(this->vk(), shplonk_verifier_claim, verifier_transcript);
 
     EXPECT_EQ(result, true);

barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp

@@ -26,19 +26,19 @@ template <typename Curve_> class KZG {
      * @brief Computes the KZG commitment to an opening proof polynomial at a single evaluation point
      *
      * @param ck The commitment key which has a commit function, the srs and pippenger_runtime_state
-     * @param opening_pair OpeningPair = {r, v = p(r)}
-     * @param polynomial The witness whose opening proof needs to be computed
+     * @param opening_claim {p, (r, v = p(r))} where p is the witness polynomial whose opening proof needs to be
+     * computed
      * @param prover_transcript Prover transcript
      */
     static void compute_opening_proof(std::shared_ptr<CK> ck,
-                                      const OpeningPair<Curve>& opening_pair,
-                                      const Polynomial& polynomial,
+                                      const ProverOpeningClaim<Curve>& opening_claim,
                                       const std::shared_ptr<NativeTranscript>& prover_trancript)
     {
-        Polynomial quotient = polynomial;
-        quotient[0] -= opening_pair.evaluation;
+        Polynomial quotient = opening_claim.polynomial;
+        OpeningPair<Curve> pair = opening_claim.opening_pair;
+        quotient[0] -= pair.evaluation;
         // Computes the coefficients for the quotient polynomial q(X) = (p(X) - v) / (X - r) through an FFT
-        quotient.factor_roots(opening_pair.challenge);
+        quotient.factor_roots(pair.challenge);
         auto quotient_commitment = ck->commit(quotient);
         // TODO(#479): for now we compute the KZG commitment directly to unify the KZG and IPA interfaces but in the
         // future we might need to adjust this to use the incoming alternative to work queue (i.e. variation of

barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.test.cpp

@@ -41,7 +41,7 @@ TYPED_TEST(KZGTest, single)
 
     auto prover_transcript = NativeTranscript::prover_init_empty();
 
-    KZG::compute_opening_proof(this->ck(), opening_pair, witness, prover_transcript);
+    KZG::compute_opening_proof(this->ck(), { witness, opening_pair }, prover_transcript);
 
     auto verifier_transcript = NativeTranscript::verifier_init_empty(prover_transcript);
     auto pairing_points = KZG::reduce_verify(opening_claim, verifier_transcript);
@@ -130,27 +130,23 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
     const auto [gemini_opening_pairs, gemini_witnesses] = GeminiProver::compute_fold_polynomial_evaluations(
         mle_opening_point, std::move(gemini_polynomials), r_challenge);
 
+    std::vector<ProverOpeningClaim<TypeParam>> opening_claims;
     for (size_t l = 0; l < log_n; ++l) {
         std::string label = "Gemini:a_" + std::to_string(l);
         const auto& evaluation = gemini_opening_pairs[l + 1].evaluation;
         prover_transcript->send_to_verifier(label, evaluation);
+        opening_claims.emplace_back(gemini_witnesses[l], gemini_opening_pairs[l]);
     }
+    opening_claims.emplace_back(gemini_witnesses[log_n], gemini_opening_pairs[log_n]);
 
     // Shplonk prover output:
     // - opening pair: (z_challenge, 0)
     // - witness: polynomial Q - Q_z
-    const Fr nu_challenge = prover_transcript->template get_challenge<Fr>("Shplonk:nu");
-    auto batched_quotient_Q =
-        ShplonkProver::compute_batched_quotient(gemini_opening_pairs, gemini_witnesses, nu_challenge);
-    prover_transcript->send_to_verifier("Shplonk:Q", this->ck()->commit(batched_quotient_Q));
-
-    const Fr z_challenge = prover_transcript->template get_challenge<Fr>("Shplonk:z");
-    const auto [shplonk_opening_pair, shplonk_witness] = ShplonkProver::compute_partially_evaluated_batched_quotient(
-        gemini_opening_pairs, gemini_witnesses, std::move(batched_quotient_Q), nu_challenge, z_challenge);
+    const auto opening_claim = ShplonkProver::prove(this->ck(), opening_claims, prover_transcript);
 
     // KZG prover:
     // - Adds commitment [W] to transcript
-    KZG::compute_opening_proof(this->ck(), shplonk_opening_pair, shplonk_witness, prover_transcript);
+    KZG::compute_opening_proof(this->ck(), opening_claim, prover_transcript);
 
     // Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation)
 
@@ -166,7 +162,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
 
     // Shplonk verifier claim: commitment [Q] - [Q_z], opening point (z_challenge, 0)
     const auto shplonk_verifier_claim =
-        ShplonkVerifier::reduce_verification(this->vk(), gemini_verifier_claim, verifier_transcript);
+        ShplonkVerifier::reduce_verification(this->vk()->get_g1_identity(), gemini_verifier_claim, verifier_transcript);
 
     // KZG verifier:
     // aggregates inputs [Q] - [Q_z] and [W] into an 'accumulator' (can perform pairing check on result)