Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
acir_format.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Federico], commit: 2094fd1467dd9a94803b2c5007cf60ac357aa7d2 }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#include "acir_format.hpp"
8
9#include "barretenberg/bbapi/bbapi_shared.hpp"
10#include "barretenberg/common/assert.hpp"
11#include "barretenberg/common/bb_bench.hpp"
12#include "barretenberg/common/log.hpp"
13#include "barretenberg/common/throw_or_abort.hpp"
14#include "barretenberg/flavor/flavor.hpp"
15#include "barretenberg/honk/prover_instance_inspector.hpp"
16#include "barretenberg/stdlib/eccvm_verifier/verifier_commitment_key.hpp"
17#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"
18#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp"
19#include "barretenberg/stdlib/primitives/curves/secp256r1.hpp"
20#include "barretenberg/stdlib/primitives/field/field_conversion.hpp"
21#include "barretenberg/stdlib/primitives/pairing_points.hpp"
22#include "barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp"
23#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
24#include "barretenberg/transcript/transcript.hpp"
25
26#include <cstddef>
27#include <cstdint>
28#include <memory>
29
30namespace acir_format {
31
32using namespace bb;
33
34template <typename Builder>
35void build_constraints(Builder& builder, AcirFormat& constraints, const ProgramMetadata& metadata)
36{
37 bool collect_gates_per_opcode = metadata.collect_gates_per_opcode;
38
39 if (collect_gates_per_opcode) {
40 constraints.gates_per_opcode.resize(constraints.num_acir_opcodes, 0);
41 }
42
43 GateCounter gate_counter{ &builder, collect_gates_per_opcode };
44
45 // Add standard width-4 Ultra arithmetic gates
46 for (auto [constraint, opcode_idx] :
47 zip_view(constraints.quad_constraints, constraints.original_opcode_indices.quad_constraints)) {
48 create_quad_constraint(builder, constraint);
49 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
50 }
51
52 // When an expression doesn't fit into a single width-4 gate, we split it across multiple gates and we leverage
53 // w4_shift to use the least possible number of intermediate witnesses. See the documentation of
54 // split_into_mul_quad_gates for more information.
55 for (auto [big_constraint, opcode_idx] :
56 zip_view(constraints.big_quad_constraints, constraints.original_opcode_indices.big_quad_constraints)) {
57 create_big_quad_constraint(builder, big_constraint);
58 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
59 }
60
61 // Add logic constraint
62 for (const auto& [constraint, opcode_idx] :
63 zip_view(constraints.logic_constraints, constraints.original_opcode_indices.logic_constraints)) {
64 create_logic_gate(
65 builder, constraint.a, constraint.b, constraint.result, constraint.num_bits, constraint.is_xor_gate);
66 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
67 }
68
69 // Add range constraint
70 for (const auto& [constraint, opcode_idx] :
71 zip_view(constraints.range_constraints, constraints.original_opcode_indices.range_constraints)) {
72 builder.create_dyadic_range_constraint(
73 constraint.witness,
74 constraint.num_bits,
75 std::format("acir_format::build_constraints: range constraint at opcode index {} failed", opcode_idx));
76 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
77 }
78
79 // Add aes128 constraints
80 for (const auto& [constraint, opcode_idx] :
81 zip_view(constraints.aes128_constraints, constraints.original_opcode_indices.aes128_constraints)) {
82 create_aes128_constraints(builder, constraint);
83 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
84 }
85
86 // Add sha256 constraints
87 for (const auto& [constraint, opcode_idx] :
88 zip_view(constraints.sha256_compression, constraints.original_opcode_indices.sha256_compression)) {
89 create_sha256_compression_constraints(builder, constraint);
90 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
91 }
92
93 // Add ECDSA k1 constraints
94 for (const auto& [constraint, opcode_idx] :
95 zip_view(constraints.ecdsa_k1_constraints, constraints.original_opcode_indices.ecdsa_k1_constraints)) {
96 create_ecdsa_verify_constraints<stdlib::secp256k1<Builder>>(builder, constraint);
97 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
98 }
99
100 // Add ECDSA r1 constraints
101 for (const auto& [constraint, opcode_idx] :
102 zip_view(constraints.ecdsa_r1_constraints, constraints.original_opcode_indices.ecdsa_r1_constraints)) {
103 create_ecdsa_verify_constraints<stdlib::secp256r1<Builder>>(builder, constraint);
104 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
105 }
106
107 // Add blake2s constraints
108 for (const auto& [constraint, opcode_idx] :
109 zip_view(constraints.blake2s_constraints, constraints.original_opcode_indices.blake2s_constraints)) {
110 create_blake2s_constraints(builder, constraint);
111 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
112 }
113
114 // Add blake3 constraints
115 for (const auto& [constraint, opcode_idx] :
116 zip_view(constraints.blake3_constraints, constraints.original_opcode_indices.blake3_constraints)) {
117 create_blake3_constraints(builder, constraint);
118 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
119 }
120
121 // Add keccak permutations
122 for (const auto& [constraint, opcode_idx] :
123 zip_view(constraints.keccak_permutations, constraints.original_opcode_indices.keccak_permutations)) {
124 create_keccak_permutations_constraints(builder, constraint);
125 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
126 }
127
128 // Add poseidon2 constraints
129 for (const auto& [constraint, opcode_idx] :
130 zip_view(constraints.poseidon2_constraints, constraints.original_opcode_indices.poseidon2_constraints)) {
131 create_poseidon2_permutations_constraints(builder, constraint);
132 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
133 }
134
135 // Add multi scalar mul constraints
136 for (const auto& [constraint, opcode_idx] :
137 zip_view(constraints.multi_scalar_mul_constraints,
138 constraints.original_opcode_indices.multi_scalar_mul_constraints)) {
139 create_multi_scalar_mul_constraint(builder, constraint);
140 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
141 }
142
143 // Add ec add constraints
144 for (const auto& [constraint, opcode_idx] :
145 zip_view(constraints.ec_add_constraints, constraints.original_opcode_indices.ec_add_constraints)) {
146 create_ec_add_constraint(builder, constraint);
147 gate_counter.track_diff(constraints.gates_per_opcode, opcode_idx);
148 }
149
150 // Add block constraints
151 for (const auto& [constraint, opcode_indices] :
152 zip_view(constraints.block_constraints, constraints.original_opcode_indices.block_constraints)) {
153 create_block_constraints(builder, constraint);
154 if (collect_gates_per_opcode) {
155 // Each block constraint may correspond to multiple opcodes, so we record the average number of gates added
156 // by the entire constraint as the number of gates for each opcode.
157 size_t avg_gates_per_opcode = gate_counter.compute_diff() / opcode_indices.size();
158 for (size_t opcode_index : opcode_indices) {
159 constraints.gates_per_opcode[opcode_index] = avg_gates_per_opcode;
160 }
161 }
162 }
163
164 // RecursionConstraints
165 const bool is_hn_recursion_constraints = !constraints.hn_recursion_constraints.empty();
166 HonkRecursionConstraintsOutput<Builder> output = create_recursion_constraints<Builder>(
167 builder,
168 gate_counter,
169 constraints.gates_per_opcode,
170 metadata.ivc,
171 /*honk_recursion_data=*/
172 { constraints.honk_recursion_constraints, constraints.original_opcode_indices.honk_recursion_constraints },
173 /*avm_recursion_data=*/
174 { constraints.avm_recursion_constraints, constraints.original_opcode_indices.avm_recursion_constraints },
175 /*hn_recursion_data=*/
176 { constraints.hn_recursion_constraints, constraints.original_opcode_indices.hn_recursion_constraints },
177 /*chonk_recursion_data=*/
178 { constraints.chonk_recursion_constraints, constraints.original_opcode_indices.chonk_recursion_constraints });
179
180 // Process the result of adding recursion constraints and propagate the public inputs as needed
181 output.finalize(builder, is_hn_recursion_constraints, metadata.has_ipa_claim);
182}
183
190template <> UltraCircuitBuilder create_circuit(AcirProgram& program, const ProgramMetadata& metadata)
191{
192 BB_BENCH();
193 AcirFormat& constraints = program.constraints;
194 WitnessVector& witness = program.witness;
195 const bool is_write_vk_mode = witness.empty();
196
197 if (!is_write_vk_mode) {
198 BB_ASSERT_EQ(witness.size(),
199 constraints.max_witness_index + 1,
200 "ACIR witness size (" << witness.size() << ") does not match max witness index + 1 ("
201 << (constraints.max_witness_index + 1) << ").");
202 } else {
203 witness.resize(constraints.max_witness_index + 1, 0);
204 }
205
206 UltraCircuitBuilder builder{ witness, constraints.public_inputs, is_write_vk_mode };
207
208 // Populate constraints in the builder
209 build_constraints(builder, constraints, metadata);
210
211 vinfo("Created circuit");
212
213 return builder;
214};
215
222template <> MegaCircuitBuilder create_circuit(AcirProgram& program, const ProgramMetadata& metadata)
223{
224 BB_BENCH();
225 AcirFormat& constraints = program.constraints;
226 WitnessVector& witness = program.witness;
227 const bool is_write_vk_mode = witness.empty();
228
229 if (!is_write_vk_mode) {
230 BB_ASSERT_EQ(witness.size(),
231 constraints.max_witness_index + 1,
232 "ACIR witness size (" << witness.size() << ") does not match max witness index + 1 ("
233 << (constraints.max_witness_index + 1) << ").");
234 } else {
235 witness.resize(constraints.max_witness_index + 1, 0);
236 }
237
238 auto op_queue = (metadata.ivc == nullptr) ? std::make_shared<ECCOpQueue>() : metadata.ivc->get_goblin().op_queue;
239
240 // Construct a builder using the witness and public input data from acir and with the goblin-owned op_queue
241 MegaCircuitBuilder builder{ op_queue, witness, constraints.public_inputs, is_write_vk_mode };
242
243 // Populate constraints in the builder
244 build_constraints(builder, constraints, metadata);
245
246 vinfo("Created circuit");
247
248 return builder;
249};
250
251template void build_constraints<UltraCircuitBuilder>(UltraCircuitBuilder&, AcirFormat&, const ProgramMetadata&);
252template void build_constraints<MegaCircuitBuilder>(MegaCircuitBuilder&, AcirFormat&, const ProgramMetadata&);
253
254} // namespace acir_format
acir_format.hpp
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:93
bb_bench.hpp
BB_BENCH
#define BB_BENCH()
Definition bb_bench.hpp:223
bbapi_shared.hpp
Shared type definitions for the Barretenberg RPC API.
acir_format::GateCounter
Utility class for tracking the gate count of acir constraints.
Definition gate_counter.hpp:12
bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41
zip_view
Definition zip_view.hpp:166
vinfo
#define vinfo(...)
Definition log.hpp:94
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
flavor.hpp
Base class templates for structures that contain data parameterized by the fundamental polynomials of...
mega_circuit_builder.hpp
acir_format
Definition acir_format.cpp:30
acir_format::create_big_quad_constraint
void create_big_quad_constraint(Builder &builder, BigQuadConstraint &big_constraint)
Definition arithmetic_constraints.cpp:58
acir_format::build_constraints< MegaCircuitBuilder >
template void build_constraints< MegaCircuitBuilder >(MegaCircuitBuilder &, AcirFormat &, const ProgramMetadata &)
acir_format::build_constraints< UltraCircuitBuilder >
template void build_constraints< UltraCircuitBuilder >(UltraCircuitBuilder &, AcirFormat &, const ProgramMetadata &)
acir_format::create_blake3_constraints
void create_blake3_constraints(Builder &builder, const Blake3Constraint &constraint)
Definition blake3_constraint.cpp:14
acir_format::WitnessVector
std::vector< bb::fr > WitnessVector
Definition acir_format.hpp:35
acir_format::create_keccak_permutations_constraints
void create_keccak_permutations_constraints(Builder &builder, const Keccakf1600 &constraint)
Definition keccak_constraint.cpp:13
acir_format::create_ec_add_constraint
void create_ec_add_constraint(Builder &builder, const EcAdd &input)
Create constraints for addition of two points on the Grumpkin curve.
Definition ec_operations.cpp:38
acir_format::build_constraints
void build_constraints(Builder &builder, AcirFormat &constraints, const ProgramMetadata &metadata)
Add to the builder the constraints contained in an AcirFormat instance.
Definition acir_format.cpp:35
acir_format::create_blake2s_constraints
void create_blake2s_constraints(Builder &builder, const Blake2sConstraint &constraint)
Definition blake2s_constraint.cpp:16
acir_format::create_block_constraints
void create_block_constraints(UltraCircuitBuilder &builder, const BlockConstraint &constraint)
Create block constraints; Specialization for Ultra arithmetization.
Definition block_constraint.cpp:23
acir_format::create_circuit
UltraCircuitBuilder create_circuit(AcirProgram &program, const ProgramMetadata &metadata)
Specialization for creating an Ultra circuit from an acir program.
Definition acir_format.cpp:190
acir_format::create_sha256_compression_constraints
void create_sha256_compression_constraints(Builder &builder, const Sha256Compression &constraint)
Definition sha256_constraint.cpp:14
acir_format::create_aes128_constraints
void create_aes128_constraints(Builder &builder, const AES128Constraint &constraint)
Definition aes128_constraint.cpp:18
acir_format::create_multi_scalar_mul_constraint
void create_multi_scalar_mul_constraint(Builder &builder, const MultiScalarMul &constraint_input)
Create constraints for multi-scalar multiplication on the Grumpkin curve.
Definition multi_scalar_mul.cpp:49
acir_format::create_poseidon2_permutations_constraints
void create_poseidon2_permutations_constraints(Builder &builder, const Poseidon2Constraint &constraint)
Definition poseidon2_constraint.cpp:19
acir_format::create_quad_constraint
void create_quad_constraint(Builder &builder, QuadConstraint &mul_quad)
Create a simple width-4 Ultra arithmetic gate constraint representing the equation.
Definition arithmetic_constraints.cpp:48
acir_format::create_logic_gate
void create_logic_gate(Builder &builder, const WitnessOrConstant< bb::fr > a, const WitnessOrConstant< bb::fr > b, const uint32_t result, const size_t num_bits, const bool is_xor_gate)
Definition logic_constraint.cpp:13
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
prover_instance_inspector.hpp
field_conversion.hpp
pairing_points.hpp
acir_format::AcirFormat
Barretenberg's representation of ACIR constraints.
Definition acir_format.hpp:82
acir_format::AcirFormat::multi_scalar_mul_constraints
std::vector< MultiScalarMul > multi_scalar_mul_constraints
Definition acir_format.hpp:98
acir_format::AcirFormat::blake2s_constraints
std::vector< Blake2sConstraint > blake2s_constraints
Definition acir_format.hpp:94
acir_format::AcirFormat::sha256_compression
std::vector< Sha256Compression > sha256_compression
Definition acir_format.hpp:91
acir_format::AcirFormat::poseidon2_constraints
std::vector< Poseidon2Constraint > poseidon2_constraints
Definition acir_format.hpp:97
acir_format::AcirFormat::logic_constraints
std::vector< LogicConstraint > logic_constraints
Definition acir_format.hpp:88
acir_format::AcirFormat::ec_add_constraints
std::vector< EcAdd > ec_add_constraints
Definition acir_format.hpp:99
acir_format::AcirFormat::quad_constraints
std::vector< QuadConstraint > quad_constraints
Definition acir_format.hpp:104
acir_format::AcirFormat::max_witness_index
uint32_t max_witness_index
Definition acir_format.hpp:83
acir_format::AcirFormat::keccak_permutations
std::vector< Keccakf1600 > keccak_permutations
Definition acir_format.hpp:96
acir_format::AcirFormat::blake3_constraints
std::vector< Blake3Constraint > blake3_constraints
Definition acir_format.hpp:95
acir_format::AcirFormat::ecdsa_r1_constraints
std::vector< EcdsaConstraint > ecdsa_r1_constraints
Definition acir_format.hpp:93
acir_format::AcirFormat::range_constraints
std::vector< RangeConstraint > range_constraints
Definition acir_format.hpp:89
acir_format::AcirFormat::big_quad_constraints
std::vector< BigQuadConstraint > big_quad_constraints
Definition acir_format.hpp:105
acir_format::AcirFormat::aes128_constraints
std::vector< AES128Constraint > aes128_constraints
Definition acir_format.hpp:90
acir_format::AcirFormat::original_opcode_indices
AcirFormatOriginalOpcodeIndices original_opcode_indices
Definition acir_format.hpp:113
acir_format::AcirFormat::block_constraints
std::vector< BlockConstraint > block_constraints
Definition acir_format.hpp:106
acir_format::AcirFormat::ecdsa_k1_constraints
std::vector< EcdsaConstraint > ecdsa_k1_constraints
Definition acir_format.hpp:92
acir_format::AcirFormat::hn_recursion_constraints
std::vector< RecursionConstraint > hn_recursion_constraints
Definition acir_format.hpp:102
acir_format::AcirFormat::public_inputs
std::vector< uint32_t > public_inputs
Definition acir_format.hpp:86
acir_format::AcirFormat::gates_per_opcode
std::vector< size_t > gates_per_opcode
Definition acir_format.hpp:110
acir_format::AcirFormat::num_acir_opcodes
uint32_t num_acir_opcodes
Definition acir_format.hpp:84
acir_format::AcirFormatOriginalOpcodeIndices::logic_constraints
std::vector< size_t > logic_constraints
Definition acir_format.hpp:44
acir_format::AcirFormatOriginalOpcodeIndices::multi_scalar_mul_constraints
std::vector< size_t > multi_scalar_mul_constraints
Definition acir_format.hpp:54
acir_format::AcirFormatOriginalOpcodeIndices::range_constraints
std::vector< size_t > range_constraints
Definition acir_format.hpp:45
acir_format::AcirFormatOriginalOpcodeIndices::block_constraints
std::vector< std::vector< size_t > > block_constraints
Definition acir_format.hpp:63
acir_format::AcirFormatOriginalOpcodeIndices::big_quad_constraints
std::vector< size_t > big_quad_constraints
Definition acir_format.hpp:61
acir_format::AcirFormatOriginalOpcodeIndices::ec_add_constraints
std::vector< size_t > ec_add_constraints
Definition acir_format.hpp:55
acir_format::AcirFormatOriginalOpcodeIndices::ecdsa_r1_constraints
std::vector< size_t > ecdsa_r1_constraints
Definition acir_format.hpp:49
acir_format::AcirFormatOriginalOpcodeIndices::blake2s_constraints
std::vector< size_t > blake2s_constraints
Definition acir_format.hpp:50
acir_format::AcirFormatOriginalOpcodeIndices::sha256_compression
std::vector< size_t > sha256_compression
Definition acir_format.hpp:47
acir_format::AcirFormatOriginalOpcodeIndices::blake3_constraints
std::vector< size_t > blake3_constraints
Definition acir_format.hpp:51
acir_format::AcirFormatOriginalOpcodeIndices::ecdsa_k1_constraints
std::vector< size_t > ecdsa_k1_constraints
Definition acir_format.hpp:48
acir_format::AcirFormatOriginalOpcodeIndices::aes128_constraints
std::vector< size_t > aes128_constraints
Definition acir_format.hpp:46
acir_format::AcirFormatOriginalOpcodeIndices::quad_constraints
std::vector< size_t > quad_constraints
Definition acir_format.hpp:60
acir_format::AcirFormatOriginalOpcodeIndices::keccak_permutations
std::vector< size_t > keccak_permutations
Definition acir_format.hpp:52
acir_format::AcirFormatOriginalOpcodeIndices::poseidon2_constraints
std::vector< size_t > poseidon2_constraints
Definition acir_format.hpp:53
acir_format::AcirProgram
Struct containing both the constraints to be added to the circuit and the witness vector.
Definition acir_format.hpp:122
acir_format::AcirProgram::witness
WitnessVector witness
Definition acir_format.hpp:124
acir_format::AcirProgram::constraints
AcirFormat constraints
Definition acir_format.hpp:123
acir_format::HonkRecursionConstraintsOutput
Container for the output of multiple recursive verifications.
Definition recursion_constraint_output.hpp:30
acir_format::HonkRecursionConstraintsOutput::finalize
void finalize(Builder &builder, bool is_hn_recursion_constraints=false, bool has_ipa_claim=false)
Finalize the output by accumulating IPA claims/proofs, performing full IPA verification,...
acir_format::ProgramMetadata
Metadata required to create a circuit.
Definition acir_format.hpp:137
acir_format::ProgramMetadata::has_ipa_claim
bool has_ipa_claim
Definition acir_format.hpp:141
acir_format::ProgramMetadata::collect_gates_per_opcode
bool collect_gates_per_opcode
Definition acir_format.hpp:145
acir_format::ProgramMetadata::ivc
std::shared_ptr< bb::IVCBase > ivc
Definition acir_format.hpp:139
throw_or_abort.hpp
ultra_circuit_builder.hpp
verifier_commitment_key.hpp