squash; prove_then_verify flow acir test passes

AztecProtocol · Jun 12, 2024 · fb8ab2c · fb8ab2c
1 parent ca0e084
commit fb8ab2c
Show file tree

Hide file tree

Showing 16 changed files with 149 additions and 103 deletions.
diff --git a/barretenberg/acir_tests/flows/prove_then_verify_ultra_honk.sh b/barretenberg/acir_tests/flows/prove_then_verify_ultra_honk.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-set -eu
+set -eux
 
 VFLAG=${VERBOSE:+-v}
 BFLAG="-b ./target/program.json"

diff --git a/barretenberg/acir_tests/gen_inner_proof_inputs_ultra_honk.sh b/barretenberg/acir_tests/gen_inner_proof_inputs_ultra_honk.sh
@@ -3,7 +3,7 @@
 #   BIN: to specify a different binary to test with (e.g. bb.js or bb.js-dev).
 set -eu
 
-BIN=${BIN:-../cpp/build-debug/bin/bb}
+BIN=${BIN:-../cpp/build/bin/bb}
 CRS_PATH=~/.bb-crs
 BRANCH=master
 VERBOSE=${VERBOSE:-}

diff --git a/barretenberg/acir_tests/reset_acir_tests.sh b/barretenberg/acir_tests/reset_acir_tests.sh
@@ -1,5 +1,4 @@
 cd ~/aztec-packages/noir/noir-repo
-cargo clean
 noirup -p .
 cd test_programs && ./rebuild.sh
 

diff --git a/barretenberg/cpp/CMakeLists.txt b/barretenberg/cpp/CMakeLists.txt
@@ -27,7 +27,7 @@ endif(DOXYGEN_FOUND)
 
 option(DISABLE_ASM "Disable custom assembly" OFF)
 option(DISABLE_ADX "Disable ADX assembly variant" OFF)
-option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF)
+option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON)
 option(MULTITHREADING "Enable multi-threading" ON)
 option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF)
 option(FUZZING "Build ONLY fuzzing harnesses" OFF)
@@ -143,9 +143,7 @@ include(cmake/gtest.cmake)
 include(cmake/benchmark.cmake)
 include(cmake/module.cmake)
 include(cmake/msgpack.cmake)
-include(cmake/backward-cpp.cmake)
-
-if (WASM)
+if (NOT WASM)
     set(DISABLE_AZTEC_VM ON)
 endif()
 if(DISABLE_AZTEC_VM)

diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp
@@ -730,19 +730,9 @@ bool avm_verify(const std::filesystem::path& proof_path, const std::filesystem::
 }
 #endif
 
-/**
- * @brief Creates a proof for an ACIR circuit
- *
- * Communication:
- * - stdout: The proof is written to stdout as a byte array
- * - Filesystem: The proof is written to the path specified by outputPath
- *
- * @param bytecodePath Path to the file containing the serialized circuit
- * @param witnessPath Path to the file containing the serialized witness
- * @param outputPath Path to write the proof to
- */
-template <IsUltraFlavor Flavor>
-void prove_honk(const std::string& bytecodePath, const std::string& witnessPath, const std::string& outputPath)
+// WORKTODO: This is a hack; inefficient to construct witnesses twice in prover_then_verify flow
+template <typename Flavor>
+UltraProver_<Flavor> compute_valid_prover(const std::string& bytecodePath, const std::string& witnessPath)
 {
     using Builder = Flavor::CircuitBuilder;
     using Prover = UltraProver_<Flavor>;
@@ -762,6 +752,28 @@ void prove_honk(const std::string& bytecodePath, const std::string& witnessPath,
 
     // Construct Honk proof
     Prover prover{ builder };
+    return prover;
+}
+
+/**
+ * @brief Creates a proof for an ACIR circuit
+ *
+ * Communication:
+ * - stdout: The proof is written to stdout as a byte array
+ * - Filesystem: The proof is written to the path specified by outputPath
+ *
+ * @param bytecodePath Path to the file containing the serialized circuit
+ * @param witnessPath Path to the file containing the serialized witness
+ * @param outputPath Path to write the proof to
+ */
+template <IsUltraFlavor Flavor>
+void prove_honk(const std::string& bytecodePath, const std::string& witnessPath, const std::string& outputPath)
+{
+    // using Builder = Flavor::CircuitBuilder;
+    using Prover = UltraProver_<Flavor>;
+
+    // Construct Honk proof
+    Prover prover = compute_valid_prover<Flavor>(bytecodePath, witnessPath);
     auto proof = prover.construct_proof();
 
     if (outputPath == "-") {
@@ -818,24 +830,15 @@ template <IsUltraFlavor Flavor> bool verify_honk(const std::string& proof_path,
  * @param bytecodePath Path to the file containing the serialized circuit
  * @param outputPath Path to write the verification key to
  */
-template <IsUltraFlavor Flavor> void write_vk_honk(const std::string& bytecodePath, const std::string& outputPath)
+template <IsUltraFlavor Flavor>
+void write_vk_honk(const std::string& bytecodePath, const std::string& witnessPath, const std::string& outputPath)
 {
-    using Builder = Flavor::CircuitBuilder;
+    using Prover = UltraProver_<Flavor>;
     using ProverInstance = ProverInstance_<Flavor>;
     using VerificationKey = Flavor::VerificationKey;
 
-    bool honk_recursion = false;
-    if constexpr (IsAnyOf<Flavor, UltraFlavor>) {
-        honk_recursion = true;
-    }
-    auto constraint_system = get_constraint_system(bytecodePath, honk_recursion);
-    auto builder = acir_format::create_circuit<Builder>(constraint_system, 0, {}, honk_recursion);
-
-    auto num_extra_gates = builder.get_num_gates_added_to_ensure_nonzero_polynomials();
-    size_t srs_size = builder.get_circuit_subgroup_size(builder.get_total_circuit_size() + num_extra_gates);
-    init_bn254_crs(srs_size);
-
-    ProverInstance prover_inst(builder);
+    Prover prover = compute_valid_prover<Flavor>(bytecodePath, witnessPath);
+    ProverInstance& prover_inst = *prover.instance;
     VerificationKey vk(
         prover_inst.proving_key); // uses a partial form of the proving key which only has precomputed entities
 
@@ -1068,15 +1071,15 @@ int main(int argc, char* argv[])
             return verify_honk<UltraFlavor>(proof_path, vk_path) ? 0 : 1;
         } else if (command == "write_vk_ultra_honk") {
             std::string output_path = get_option(args, "-o", "./target/vk");
-            write_vk_honk<UltraFlavor>(bytecode_path, output_path);
+            write_vk_honk<UltraFlavor>(bytecode_path, witness_path, output_path);
         } else if (command == "prove_mega_honk") {
             std::string output_path = get_option(args, "-o", "./proofs/proof");
             prove_honk<MegaFlavor>(bytecode_path, witness_path, output_path);
         } else if (command == "verify_mega_honk") {
             return verify_honk<MegaFlavor>(proof_path, vk_path) ? 0 : 1;
         } else if (command == "write_vk_mega_honk") {
             std::string output_path = get_option(args, "-o", "./target/vk");
-            write_vk_honk<MegaFlavor>(bytecode_path, output_path);
+            write_vk_honk<MegaFlavor>(bytecode_path, witness_path, output_path);
         } else if (command == "proof_as_fields_honk") {
             std::string output_path = get_option(args, "-o", proof_path + "_fields.json");
             proof_as_fields_honk(proof_path, output_path);

diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp
@@ -393,12 +393,19 @@ template <typename PCS> class ZeroMorphProver_ {
 
         // Compute and send commitments C_{q_k} = [q_k], k = 0,...,d-1
         std::vector<Commitment> q_k_commitments;
+        constexpr size_t MAX_LOG_CIRCUIT_SIZE = 28;
         q_k_commitments.reserve(log_N);
         for (size_t idx = 0; idx < log_N; ++idx) {
             q_k_commitments[idx] = commitment_key->commit(quotients[idx]);
             std::string label = "ZM:C_q_" + std::to_string(idx);
             transcript->send_to_verifier(label, q_k_commitments[idx]);
         }
+        // TODO(CONSTANT_PROOF_SIZE): Send some BS q_ks (We dont have Flavor tho.. ick)
+        for (size_t idx = log_N; idx < MAX_LOG_CIRCUIT_SIZE; ++idx) {
+            auto buffer_element = Commitment::one();
+            std::string label = "ZM:C_q_" + std::to_string(idx);
+            transcript->send_to_verifier(label, buffer_element);
+        }
 
         // Get challenge y
         FF y_challenge = transcript->template get_challenge<FF>("ZM:y");
@@ -458,10 +465,10 @@ template <typename PCS> class ZeroMorphVerifier_ {
      * @param x_challenge
      * @return Commitment
      */
-    static Commitment compute_C_zeta_x(Commitment C_q, std::vector<Commitment>& C_q_k, FF y_challenge, FF x_challenge)
+    static Commitment compute_C_zeta_x(
+        Commitment C_q, std::vector<Commitment>& C_q_k, FF y_challenge, FF x_challenge, const size_t log_N)
     {
-        size_t log_N = C_q_k.size();
-        size_t N = 1 << log_N;
+        const size_t N = 1 << log_N;
 
         // Instantiate containers for input to batch mul
         std::vector<FF> scalars;
@@ -477,19 +484,25 @@ template <typename PCS> class ZeroMorphVerifier_ {
         commitments.emplace_back(C_q);
 
         // Contribution from C_q_k, k = 0,...,log_N
-        for (size_t k = 0; k < log_N; ++k) {
+        constexpr size_t MAX_LOG_CIRCUIT_SIZE = 28;
+        for (size_t k = 0; k < MAX_LOG_CIRCUIT_SIZE; ++k) {
             auto deg_k = static_cast<size_t>((1 << k) - 1);
             // Compute scalar y^k * x^{N - deg_k - 1}
-            auto scalar = y_challenge.pow(k);
-            scalar *= x_challenge.pow(N - deg_k - 1);
-            scalar *= FF(-1);
-
+            FF scalar;
+            if (k < log_N) {
+                scalar = y_challenge.pow(k);
+                scalar *= x_challenge.pow(N - deg_k - 1);
+                scalar *= FF(-1);
+            } else {
+                scalar = 0;
+            }
             scalars.emplace_back(scalar);
             commitments.emplace_back(C_q_k[k]);
         }
 
         // Compute batch mul to get the result
         if constexpr (Curve::is_stdlib_type) {
+            info("executing batch mul");
             return Commitment::batch_mul(commitments, scalars);
         } else {
             return batch_mul_native(commitments, scalars);
@@ -529,9 +542,9 @@ template <typename PCS> class ZeroMorphVerifier_ {
                                     FF batched_evaluation,
                                     FF x_challenge,
                                     std::span<FF> u_challenge,
+                                    const size_t log_N,
                                     const std::vector<RefVector<Commitment>>& concatenation_groups_commitments = {})
     {
-        size_t log_N = C_q_k.size();
         size_t N = 1 << log_N;
 
         std::vector<FF> scalars;
@@ -586,22 +599,27 @@ template <typename PCS> class ZeroMorphVerifier_ {
         // scalar = -x * (x^{2^k} * \Phi_{n-k-1}(x^{2^{k+1}}) - u_k * \Phi_{n-k}(x^{2^k}))
         auto x_pow_2k = x_challenge;                 // x^{2^k}
         auto x_pow_2kp1 = x_challenge * x_challenge; // x^{2^{k + 1}}
-        for (size_t k = 0; k < log_N; ++k) {
-
-            auto phi_term_1 = phi_numerator / (x_pow_2kp1 - 1); // \Phi_{n-k-1}(x^{2^{k + 1}})
-            auto phi_term_2 = phi_numerator / (x_pow_2k - 1);   // \Phi_{n-k}(x^{2^k})
-
-            auto scalar = x_pow_2k * phi_term_1;
-            scalar -= u_challenge[k] * phi_term_2;
-            scalar *= x_challenge;
-            scalar *= FF(-1);
-
-            scalars.emplace_back(scalar);
-            commitments.emplace_back(C_q_k[k]);
-
-            // Update powers of challenge x
-            x_pow_2k = x_pow_2kp1;
-            x_pow_2kp1 *= x_pow_2kp1;
+        constexpr size_t MAX_LOG_CIRCUIT_SIZE = 28;
+        for (size_t k = 0; k < MAX_LOG_CIRCUIT_SIZE; ++k) {
+            if (k >= log_N) {
+                scalars.emplace_back(0);
+                commitments.emplace_back(C_q_k[k]);
+            } else {
+                auto phi_term_1 = phi_numerator / (x_pow_2kp1 - 1); // \Phi_{n-k-1}(x^{2^{k + 1}})
+                auto phi_term_2 = phi_numerator / (x_pow_2k - 1);   // \Phi_{n-k}(x^{2^k})
+
+                auto scalar = x_pow_2k * phi_term_1;
+                scalar -= u_challenge[k] * phi_term_2;
+                scalar *= x_challenge;
+                scalar *= FF(-1);
+
+                scalars.emplace_back(scalar);
+                commitments.emplace_back(C_q_k[k]);
+
+                // Update powers of challenge x
+                x_pow_2k = x_pow_2kp1;
+                x_pow_2kp1 *= x_pow_2kp1;
+            }
         }
 
         if constexpr (Curve::is_stdlib_type) {
@@ -671,8 +689,9 @@ template <typename PCS> class ZeroMorphVerifier_ {
 
         // Receive commitments [q_k]
         std::vector<Commitment> C_q_k;
-        C_q_k.reserve(log_N);
-        for (size_t i = 0; i < log_N; ++i) {
+        const size_t MAX_LOG_CIRCUIT_SIZE = 28;
+        C_q_k.reserve(MAX_LOG_CIRCUIT_SIZE);
+        for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
             C_q_k.emplace_back(transcript->template receive_from_prover<Commitment>("ZM:C_q_" + std::to_string(i)));
         }
 
@@ -686,7 +705,7 @@ template <typename PCS> class ZeroMorphVerifier_ {
         auto [x_challenge, z_challenge] = transcript->template get_challenges<FF>("ZM:x", "ZM:z");
 
         // Compute commitment C_{\zeta_x}
-        auto C_zeta_x = compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge);
+        auto C_zeta_x = compute_C_zeta_x(C_q, C_q_k, y_challenge, x_challenge, log_N);
 
         // Compute commitment C_{Z_x}
         Commitment C_Z_x = compute_C_Z_x(first_g1,
@@ -697,6 +716,7 @@ template <typename PCS> class ZeroMorphVerifier_ {
                                          batched_evaluation,
                                          x_challenge,
                                          multivariate_challenge,
+                                         log_N,
                                          concatenation_group_commitments);
 
         // Compute commitment C_{\zeta,Z}

diff --git a/barretenberg/cpp/src/barretenberg/ecc/groups/affine_element.hpp b/barretenberg/cpp/src/barretenberg/ecc/groups/affine_element.hpp
@@ -70,6 +70,7 @@ template <typename Fq_, typename Fr_, typename Params> class alignas(64) affine_
     static affine_element infinity();
     constexpr affine_element set_infinity() const noexcept;
     constexpr void self_set_infinity() noexcept;
+    constexpr void set_point_at_infinity() { self_set_infinity(); };
 
     [[nodiscard]] constexpr bool is_point_at_infinity() const noexcept;
 

diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_flavor.hpp
@@ -939,7 +939,7 @@ class ECCVMFlavor {
             size_t num_frs_read = 0;
             circuit_size = NativeTranscript::template deserialize_from_buffer<uint32_t>(NativeTranscript::proof_data,
                                                                                         num_frs_read);
-            size_t log_n = numeric::get_msb(circuit_size);
+            // size_t log_n = numeric::get_msb(circuit_size);
             transcript_add_comm = NativeTranscript::template deserialize_from_buffer<Commitment>(
                 NativeTranscript::proof_data, num_frs_read);
             transcript_mul_comm = NativeTranscript::template deserialize_from_buffer<Commitment>(
@@ -1116,14 +1116,15 @@ class ECCVMFlavor {
                 NativeTranscript::proof_data, num_frs_read);
             z_perm_comm = NativeTranscript::template deserialize_from_buffer<Commitment>(NativeTranscript::proof_data,
                                                                                          num_frs_read);
-            for (size_t i = 0; i < log_n; ++i) {
+            const size_t MAX_LOG_CIRCUIT_SIZE = 28; // TODO(CONSTANT_PROOF_SIZE)
+            for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
                 sumcheck_univariates.emplace_back(NativeTranscript::template deserialize_from_buffer<
                                                   bb::Univariate<FF, BATCHED_RELATION_PARTIAL_LENGTH>>(
                     NativeTranscript::proof_data, num_frs_read));
             }
             sumcheck_evaluations = NativeTranscript::template deserialize_from_buffer<std::array<FF, NUM_ALL_ENTITIES>>(
                 NativeTranscript::proof_data, num_frs_read);
-            for (size_t i = 0; i < log_n; ++i) {
+            for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
                 zm_cq_comms.push_back(
                     NativeTranscript::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read));
             }
@@ -1175,7 +1176,7 @@ class ECCVMFlavor {
             NativeTranscript::proof_data.clear();
 
             NativeTranscript::template serialize_to_buffer(circuit_size, NativeTranscript::proof_data);
-            size_t log_n = numeric::get_msb(circuit_size);
+            // size_t log_n = numeric::get_msb(circuit_size);
 
             NativeTranscript::template serialize_to_buffer(transcript_add_comm, NativeTranscript::proof_data);
             NativeTranscript::template serialize_to_buffer(transcript_mul_comm, NativeTranscript::proof_data);
@@ -1275,11 +1276,12 @@ class ECCVMFlavor {
                                                            NativeTranscript::proof_data);
             NativeTranscript::template serialize_to_buffer(lookup_inverses_comm, NativeTranscript::proof_data);
             NativeTranscript::template serialize_to_buffer(z_perm_comm, NativeTranscript::proof_data);
-            for (size_t i = 0; i < log_n; ++i) {
+            const size_t MAX_LOG_CIRCUIT_SIZE = 28; // TODO(CONSTANT_PROOF_SIZE)
+            for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
                 NativeTranscript::template serialize_to_buffer(sumcheck_univariates[i], NativeTranscript::proof_data);
             }
             NativeTranscript::template serialize_to_buffer(sumcheck_evaluations, NativeTranscript::proof_data);
-            for (size_t i = 0; i < log_n; ++i) {
+            for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
                 NativeTranscript::template serialize_to_buffer(zm_cq_comms[i], NativeTranscript::proof_data);
             }
             NativeTranscript::template serialize_to_buffer(zm_cq_comm, NativeTranscript::proof_data);

diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp
@@ -140,7 +140,8 @@ class ECCVMTranscriptTests : public ::testing::Test {
             manifest_expected.add_challenge(round, label);
         }
 
-        for (size_t i = 0; i < log_n; ++i) {
+        const size_t MAX_LOG_CIRCUIT_SIZE = 28; // TODO(CONSTANT_PROOF_SIZE)
+        for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
             round++;
             std::string idx = std::to_string(i);
             manifest_expected.add_entry(round, "Sumcheck:univariate_" + idx, frs_per_uni);
@@ -153,7 +154,7 @@ class ECCVMTranscriptTests : public ::testing::Test {
         manifest_expected.add_challenge(round, "rho");
 
         round++;
-        for (size_t i = 0; i < log_n; ++i) {
+        for (size_t i = 0; i < MAX_LOG_CIRCUIT_SIZE; ++i) {
             std::string idx = std::to_string(i);
             manifest_expected.add_entry(round, "ZM:C_q_" + idx, frs_per_G);
         }