Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adding structure to Transcript #2937

Merged
merged 23 commits into from
Oct 31, 2023
Merged

feat: adding structure to Transcript #2937

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
cea5c1b
combined transcripts to be all in base transcript
lucasxia01 Oct 19, 2023
b7fc57e
minor update
lucasxia01 Oct 19, 2023
4bd910a
initialize serialization function
lucasxia01 Oct 19, 2023
f37e650
added serialization,
lucasxia01 Oct 20, 2023
15526d5
small fix
lucasxia01 Oct 20, 2023
029ae02
initial integration of flavored transcripts, might be incomplete
lucasxia01 Oct 20, 2023
296724f
initial test of using structure
lucasxia01 Oct 20, 2023
8cca406
updated test, fixed bug
lucasxia01 Oct 23, 2023
750239a
updated eccvm flavors transcript, minor changes
lucasxia01 Oct 23, 2023
33bb44c
added function header comments
lucasxia01 Oct 24, 2023
9563963
added transcript class to recursive flavors, added more comments
lucasxia01 Oct 24, 2023
6130155
Merge branch 'master' into lx/transcript-add-structure
lucasxia01 Oct 25, 2023
8ade65d
small fix
lucasxia01 Oct 25, 2023
27be1f6
small edits to ultra transcript tests
lucasxia01 Oct 25, 2023
a3fd40d
updated ultra transcrip tests,
lucasxia01 Oct 26, 2023
35f67e2
made eccvm tests, fixed bugs and typos in eccvm flavor
lucasxia01 Oct 26, 2023
b41dec5
renamed transcript tests to be ultra,
lucasxia01 Oct 26, 2023
bdcf377
updated Luke's proof tampering recursive tests
lucasxia01 Oct 26, 2023
e1f4b74
small changes, renamed functions
lucasxia01 Oct 30, 2023
8142b97
Merge branch 'master' into lx/transcript-add-structure
lucasxia01 Oct 31, 2023
0e4e07c
merge conflict fix
lucasxia01 Oct 31, 2023
1bb7cbf
Merge branch 'master' into lx/transcript-add-structure
lucasxia01 Oct 31, 2023
22e78b2
update to relation_length variable names
lucasxia01 Oct 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
402 changes: 401 additions & 1 deletion barretenberg/cpp/src/barretenberg/honk/flavor/ecc_vm.hpp
View file
Open in desktop

Large diffs are not rendered by default.

102 changes: 101 additions & 1 deletion barretenberg/cpp/src/barretenberg/honk/flavor/goblin_ultra.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -414,7 +414,7 @@ class GoblinUltra {

class VerifierCommitments : public AllEntities<Commitment, CommitmentHandle> {
public:
VerifierCommitments(std::shared_ptr<VerificationKey> verification_key, VerifierTranscript<FF> transcript)
VerifierCommitments(std::shared_ptr<VerificationKey> verification_key, const BaseTranscript<FF>& transcript)
{
static_cast<void>(transcript);
q_m = verification_key->q_m;
Expand Down Expand Up @@ -451,6 +451,106 @@ class GoblinUltra {
std::vector<FF> gate_separation_challenges;
FF target_sum;
};

class Transcript : public BaseTranscript<FF> {
public:
uint32_t circuit_size;
uint32_t public_input_size;
uint32_t pub_inputs_offset;
std::vector<FF> public_inputs;
Commitment w_l_comm;
Commitment w_r_comm;
Commitment w_o_comm;
Commitment ecc_op_wire_1_comm;
Commitment ecc_op_wire_2_comm;
Commitment ecc_op_wire_3_comm;
Commitment ecc_op_wire_4_comm;
Commitment sorted_accum_comm;
Commitment w_4_comm;
Commitment z_perm_comm;
Commitment z_lookup_comm;
std::vector<barretenberg::Univariate<FF, MAX_RANDOM_RELATION_LENGTH>> sumcheck_univariates;
std::array<FF, NUM_ALL_ENTITIES> sumcheck_evaluations;
std::vector<Commitment> zm_cq_comms;
Commitment zm_cq_comm;
Commitment zm_pi_comm;

Transcript() = default;

Transcript(const std::vector<uint8_t>& proof)
: BaseTranscript<FF>(proof)
{}
void deserialize_full_transcript() override
{
// take current proof and put them into the struct
size_t num_bytes_read = 0;
circuit_size = deserialize_object<uint32_t>(proof_data, num_bytes_read);
size_t log_n = numeric::get_msb(circuit_size);

public_input_size = deserialize_object<uint32_t>(proof_data, num_bytes_read);
pub_inputs_offset = deserialize_object<uint32_t>(proof_data, num_bytes_read);
for (size_t i = 0; i < public_input_size; ++i) {
public_inputs.push_back(deserialize_object<FF>(proof_data, num_bytes_read));
}
w_l_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
w_r_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
w_o_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
ecc_op_wire_1_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
ecc_op_wire_2_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
ecc_op_wire_3_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
ecc_op_wire_4_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
sorted_accum_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
w_4_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
z_perm_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
z_lookup_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
for (size_t i = 0; i < log_n; ++i) {
sumcheck_univariates.push_back(
deserialize_object<barretenberg::Univariate<FF, MAX_RANDOM_RELATION_LENGTH>>(proof_data,
num_bytes_read));
}
sumcheck_evaluations = deserialize_object<std::array<FF, NUM_ALL_ENTITIES>>(proof_data, num_bytes_read);
for (size_t i = 0; i < log_n; ++i) {
zm_cq_comms.push_back(deserialize_object<Commitment>(proof_data, num_bytes_read));
}
zm_cq_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
zm_pi_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
}

void serialize_full_transcript() override
{
size_t old_proof_length = proof_data.size();
proof_data.clear();
size_t log_n = numeric::get_msb(circuit_size);
serialize_object(circuit_size, proof_data);
serialize_object(public_input_size, proof_data);
serialize_object(pub_inputs_offset, proof_data);
for (size_t i = 0; i < public_input_size; ++i) {
serialize_object(public_inputs[i], proof_data);
}
serialize_object(w_l_comm, proof_data);
serialize_object(w_r_comm, proof_data);
serialize_object(w_o_comm, proof_data);
serialize_object(ecc_op_wire_1_comm, proof_data);
serialize_object(ecc_op_wire_2_comm, proof_data);
serialize_object(ecc_op_wire_3_comm, proof_data);
serialize_object(ecc_op_wire_4_comm, proof_data);
serialize_object(sorted_accum_comm, proof_data);
serialize_object(w_4_comm, proof_data);
serialize_object(z_perm_comm, proof_data);
serialize_object(z_lookup_comm, proof_data);
for (size_t i = 0; i < log_n; ++i) {
serialize_object(sumcheck_univariates[i], proof_data);
}
serialize_object(sumcheck_evaluations, proof_data);
for (size_t i = 0; i < log_n; ++i) {
serialize_object(zm_cq_comms[i], proof_data);
}
serialize_object(zm_cq_comm, proof_data);
serialize_object(zm_pi_comm, proof_data);

ASSERT(proof_data.size() == old_proof_length);
}
};
};

} // namespace proof_system::honk::flavor
106 changes: 105 additions & 1 deletion barretenberg/cpp/src/barretenberg/honk/flavor/ultra.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,7 +378,7 @@ class Ultra {

class VerifierCommitments : public AllEntities<Commitment, CommitmentHandle> {
public:
VerifierCommitments(std::shared_ptr<VerificationKey> verification_key, VerifierTranscript<FF> transcript)
VerifierCommitments(std::shared_ptr<VerificationKey> verification_key, const BaseTranscript<FF>& transcript)
{
static_cast<void>(transcript);
q_m = verification_key->q_m;
Expand Down Expand Up @@ -414,6 +414,110 @@ class Ultra {
std::vector<FF> gate_separation_challenges;
FF target_sum;
};

class Transcript : public BaseTranscript<FF> {
public:
uint32_t circuit_size;
uint32_t public_input_size;
uint32_t pub_inputs_offset;
std::vector<FF> public_inputs;
Commitment w_l_comm;
Commitment w_r_comm;
Commitment w_o_comm;
Commitment sorted_accum_comm;
Commitment w_4_comm;
Commitment z_perm_comm;
Commitment z_lookup_comm;
std::vector<barretenberg::Univariate<FF, MAX_RANDOM_RELATION_LENGTH>> sumcheck_univariates;
std::array<FF, NUM_ALL_ENTITIES> sumcheck_evaluations;
std::vector<Commitment> zm_cq_comms;
Commitment zm_cq_comm;
Commitment zm_pi_comm;

Transcript() = default;

Transcript(const std::vector<uint8_t>& proof)
: BaseTranscript<FF>(proof)
{}

static Transcript prover_init_empty()
{
Transcript transcript;
constexpr uint32_t init{ 42 }; // arbitrary
transcript.send_to_verifier("Init", init);
return transcript;
};

static Transcript verifier_init_empty(const Transcript& transcript)
{
Transcript verifier_transcript{ transcript.proof_data };
[[maybe_unused]] auto _ = verifier_transcript.template receive_from_prover<uint32_t>("Init");
return verifier_transcript;
};

void deserialize_full_transcript() override
{
// take current proof and put them into the struct
size_t num_bytes_read = 0;
circuit_size = deserialize_object<uint32_t>(proof_data, num_bytes_read);
size_t log_n = numeric::get_msb(circuit_size);

public_input_size = deserialize_object<uint32_t>(proof_data, num_bytes_read);
pub_inputs_offset = deserialize_object<uint32_t>(proof_data, num_bytes_read);
for (size_t i = 0; i < public_input_size; ++i) {
public_inputs.push_back(deserialize_object<FF>(proof_data, num_bytes_read));
}
w_l_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
w_r_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
w_o_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
sorted_accum_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
w_4_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
z_perm_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
z_lookup_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
for (size_t i = 0; i < log_n; ++i) {
sumcheck_univariates.push_back(
deserialize_object<barretenberg::Univariate<FF, MAX_RANDOM_RELATION_LENGTH>>(proof_data,
num_bytes_read));
}
sumcheck_evaluations = deserialize_object<std::array<FF, NUM_ALL_ENTITIES>>(proof_data, num_bytes_read);
for (size_t i = 0; i < log_n; ++i) {
zm_cq_comms.push_back(deserialize_object<Commitment>(proof_data, num_bytes_read));
}
zm_cq_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
zm_pi_comm = deserialize_object<Commitment>(proof_data, num_bytes_read);
}

void serialize_full_transcript() override
{
size_t old_proof_length = proof_data.size();
proof_data.clear();
size_t log_n = numeric::get_msb(circuit_size);
serialize_object(circuit_size, proof_data);
serialize_object(public_input_size, proof_data);
serialize_object(pub_inputs_offset, proof_data);
for (size_t i = 0; i < public_input_size; ++i) {
serialize_object(public_inputs[i], proof_data);
}
serialize_object(w_l_comm, proof_data);
serialize_object(w_r_comm, proof_data);
serialize_object(w_o_comm, proof_data);
serialize_object(sorted_accum_comm, proof_data);
serialize_object(w_4_comm, proof_data);
serialize_object(z_perm_comm, proof_data);
serialize_object(z_lookup_comm, proof_data);
for (size_t i = 0; i < log_n; ++i) {
serialize_object(sumcheck_univariates[i], proof_data);
}
serialize_object(sumcheck_evaluations, proof_data);
for (size_t i = 0; i < log_n; ++i) {
serialize_object(zm_cq_comms[i], proof_data);
}
serialize_object(zm_cq_comm, proof_data);
serialize_object(zm_pi_comm, proof_data);

ASSERT(proof_data.size() == old_proof_length);
}
};
};

} // namespace proof_system::honk::flavor
4 changes: 2 additions & 2 deletions barretenberg/cpp/src/barretenberg/honk/pcs/gemini/gemini.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
std::vector<GroupElement> multilinear_commitments,
std::vector<GroupElement> multilinear_commitments_to_be_shifted)
{
auto prover_transcript = ProverTranscript<Fr>::init_empty();
auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();

const Fr rho = Fr::random_element();

Expand Down Expand Up @@ -79,7 +79,7 @@ template <class Curve> class GeminiTest : public CommitmentTest<Curve> {
// Check that the Fold polynomials have been evaluated correctly in the prover
this->verify_batch_opening_pair(prover_output.opening_pairs, prover_output.witnesses);

auto verifier_transcript = VerifierTranscript<Fr>::init_empty(prover_transcript);
auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);

// Compute:
// - Single opening pair: {r, \hat{a}_0}
Expand Down
6 changes: 2 additions & 4 deletions barretenberg/cpp/src/barretenberg/honk/pcs/ipa/ipa.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ template <typename Curve> class IPA {
static void compute_opening_proof(std::shared_ptr<CK> ck,
const OpeningPair<Curve>& opening_pair,
const Polynomial& polynomial,
ProverTranscript<Fr>& transcript)
BaseTranscript<Fr>& transcript)
{
ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero");
auto poly_degree = static_cast<size_t>(polynomial.size());
Expand Down Expand Up @@ -134,9 +134,7 @@ template <typename Curve> class IPA {
*
* @return true/false depending on if the proof verifies
*/
static bool verify(std::shared_ptr<VK> vk,
const OpeningClaim<Curve>& opening_claim,
VerifierTranscript<Fr>& transcript)
static bool verify(std::shared_ptr<VK> vk, const OpeningClaim<Curve>& opening_claim, BaseTranscript<Fr>& transcript)
{
auto poly_degree = static_cast<size_t>(transcript.template receive_from_prover<uint64_t>("IPA:poly_degree"));
Fr generator_challenge = transcript.get_challenge("IPA:generator_challenge");
Expand Down
8 changes: 4 additions & 4 deletions barretenberg/cpp/src/barretenberg/honk/pcs/ipa/ipa.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,11 @@ TEST_F(IPATest, Open)
const OpeningClaim<Curve> opening_claim{ opening_pair, commitment };

// initialize empty prover transcript
ProverTranscript<Fr> prover_transcript;
BaseTranscript<Fr> prover_transcript;
IPA::compute_opening_proof(this->ck(), opening_pair, poly, prover_transcript);

// initialize verifier transcript from proof data
VerifierTranscript<Fr> verifier_transcript{ prover_transcript.proof_data };
BaseTranscript<Fr> verifier_transcript{ prover_transcript.proof_data };

auto result = IPA::verify(this->vk(), opening_claim, verifier_transcript);
EXPECT_TRUE(result);
Expand Down Expand Up @@ -129,7 +129,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)
batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1];
batched_commitment_to_be_shifted = commitment2 * rhos[2];

auto prover_transcript = ProverTranscript<Fr>::init_empty();
auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();

auto gemini_polynomials = GeminiProver::compute_gemini_polynomials(
mle_opening_point, std::move(batched_unshifted), std::move(batched_to_be_shifted));
Expand Down Expand Up @@ -162,7 +162,7 @@ TEST_F(IPATest, GeminiShplonkIPAWithShift)

IPA::compute_opening_proof(this->ck(), shplonk_opening_pair, shplonk_witness, prover_transcript);

auto verifier_transcript = VerifierTranscript<Fr>::init_empty(prover_transcript);
auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);

auto gemini_verifier_claim = GeminiVerifier::reduce_verification(mle_opening_point,
batched_evaluation,
Expand Down
4 changes: 2 additions & 2 deletions barretenberg/cpp/src/barretenberg/honk/pcs/kzg/kzg.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ template <typename Curve> class KZG {
static void compute_opening_proof(std::shared_ptr<CK> ck,
const OpeningPair<Curve>& opening_pair,
const Polynomial& polynomial,
ProverTranscript<Fr>& prover_trancript)
BaseTranscript<Fr>& prover_trancript)
{
Polynomial quotient(polynomial);
quotient[0] -= opening_pair.evaluation;
Expand All @@ -55,7 +55,7 @@ template <typename Curve> class KZG {
*/
static bool verify(std::shared_ptr<VK> vk,
const OpeningClaim<Curve>& claim,
VerifierTranscript<Fr>& verifier_transcript)
BaseTranscript<Fr>& verifier_transcript)
{
auto quotient_commitment = verifier_transcript.template receive_from_prover<Commitment>("KZG:W");
auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) +
Expand Down
8 changes: 4 additions & 4 deletions barretenberg/cpp/src/barretenberg/honk/pcs/kzg/kzg.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ TYPED_TEST(KZGTest, single)
auto opening_pair = OpeningPair<TypeParam>{ challenge, evaluation };
auto opening_claim = OpeningClaim<TypeParam>{ opening_pair, commitment };

auto prover_transcript = ProverTranscript<Fr>::init_empty();
auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();

KZG::compute_opening_proof(this->ck(), opening_pair, witness, prover_transcript);

auto verifier_transcript = VerifierTranscript<Fr>::init_empty(prover_transcript);
auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);
bool verified = KZG::verify(this->vk(), opening_claim, verifier_transcript);

EXPECT_EQ(verified, true);
Expand Down Expand Up @@ -109,7 +109,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)
batched_commitment_unshifted = commitment1 * rhos[0] + commitment2 * rhos[1];
batched_commitment_to_be_shifted = commitment2 * rhos[2];

auto prover_transcript = ProverTranscript<Fr>::init_empty();
auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();

// Run the full prover PCS protocol:

Expand Down Expand Up @@ -154,7 +154,7 @@ TYPED_TEST(KZGTest, GeminiShplonkKzgWithShift)

// Run the full verifier PCS protocol with genuine opening claims (genuine commitment, genuine evaluation)

auto verifier_transcript = VerifierTranscript<Fr>::init_empty(prover_transcript);
auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);

// Gemini verifier output:
// - claim: d+1 commitments to Fold_{r}^(0), Fold_{-r}^(0), Fold^(l), d+1 evaluations a_0_pos, a_l, l = 0:d-1
Expand Down
4 changes: 2 additions & 2 deletions barretenberg/cpp/src/barretenberg/honk/pcs/shplonk/shplonk.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple)

const size_t n = 16;

auto prover_transcript = ProverTranscript<Fr>::init_empty();
auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();

// Generate two random (unrelated) polynomials of two different sizes, as well as their evaluations at a (single but
// different) random point and their commitments.
Expand Down Expand Up @@ -64,7 +64,7 @@ TYPED_TEST(ShplonkTest, ShplonkSimple)
opening_claims.emplace_back(OpeningClaim{ opening_pairs[0], commitment1 });
opening_claims.emplace_back(OpeningClaim{ opening_pairs[1], commitment2 });

auto verifier_transcript = VerifierTranscript<Fr>::init_empty(prover_transcript);
auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);

// Execute the shplonk verifier functionality
const auto verifier_claim = ShplonkVerifier::reduce_verification(this->vk(), opening_claims, verifier_transcript);
Expand Down
6 changes: 3 additions & 3 deletions barretenberg/cpp/src/barretenberg/honk/pcs/zeromorph/zeromorph.test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,8 @@ template <class Curve> class ZeroMorphTest : public CommitmentTest<Curve> {
g_commitments.emplace_back(f_commitments[i]);
}

// Initialize an empty ProverTranscript
auto prover_transcript = ProverTranscript<Fr>::init_empty();
// Initialize an empty BaseTranscript
auto prover_transcript = BaseTranscript<Fr>::prover_init_empty();

// Execute Prover protocol
{
Expand Down Expand Up @@ -147,7 +147,7 @@ template <class Curve> class ZeroMorphTest : public CommitmentTest<Curve> {
prover_transcript.send_to_verifier("ZM:PI", pi_commitment);
}

auto verifier_transcript = VerifierTranscript<Fr>::init_empty(prover_transcript);
auto verifier_transcript = BaseTranscript<Fr>::verifier_init_empty(prover_transcript);

// Execute Verifier protocol
{
Expand Down
Loading