Barretenberg: src/barretenberg/commitment_schemes/claim.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Complete, auditors: [Khashayar], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "barretenberg/commitment_schemes/commitment_key.hpp"

#include "barretenberg/polynomials/polynomial.hpp"

#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"


namespace bb {


template <typename Curve> class OpeningPair {

    using Fr = typename Curve::ScalarField;


  public:

    Fr challenge;  // r

    Fr evaluation; // v = p(r)


    bool operator==(const OpeningPair& other) const = default;

};


template <typename Curve> class ProverOpeningClaim {

    using Fr = typename Curve::ScalarField;

    using Polynomial = bb::Polynomial<Fr>;


  public:

    Polynomial polynomial;           // p

    OpeningPair<Curve> opening_pair; // (challenge r, evaluation v = p(r))

    // Gemini Folds have to be opened at `challenge` and -`challenge`. Instead of copying a polynomial into 2 claims, we

    // raise the flag that turns on relevant claim processing logic in Shplonk.

    bool gemini_fold = false;

};


template <typename Curve> class OpeningClaim {

    using CK = CommitmentKey<Curve>;

    using Commitment = typename Curve::AffineElement;

    using Fr = typename Curve::ScalarField;


  public:

    using Builder =

        std::conditional_t<std::is_same_v<Curve, stdlib::grumpkin<UltraCircuitBuilder>>, UltraCircuitBuilder, void>;

    // (challenge r, evaluation v = p(r))

    OpeningPair<Curve> opening_pair;

    // commitment to univariate polynomial p(X)

    Commitment commitment;


    static constexpr bool IS_GRUMPKIN =

        std::is_same_v<Curve, curve::Grumpkin> || std::is_same_v<Curve, stdlib::grumpkin<UltraCircuitBuilder>>;

    // Size of public inputs representation of an opening claim over Grumpkin: 2 * 4 + 2 = 10

    static constexpr size_t PUBLIC_INPUTS_SIZE = IS_GRUMPKIN ? GRUMPKIN_OPENING_CLAIM_SIZE : INVALID_PUBLIC_INPUTS_SIZE;


    uint32_t set_public()

        requires(std::is_same_v<Curve, stdlib::grumpkin<UltraCircuitBuilder>>)

    {

        uint32_t start_idx = opening_pair.challenge.set_public();

        opening_pair.evaluation.set_public();

        commitment.set_public();


        return start_idx;

    }


    static OpeningClaim<Curve> reconstruct_from_public(

        const std::span<const stdlib::field_t<Builder>, PUBLIC_INPUTS_SIZE>& limbs)

        requires(std::is_same_v<Curve, stdlib::grumpkin<UltraCircuitBuilder>>)

    {

        const size_t FIELD_SIZE = Fr::PUBLIC_INPUTS_SIZE;

        const size_t COMMITMENT_SIZE = Commitment::PUBLIC_INPUTS_SIZE;

        std::span<const stdlib::field_t<Builder>, FIELD_SIZE> challenge_limbs{ limbs.data(), FIELD_SIZE };

        std::span<const stdlib::field_t<Builder>, FIELD_SIZE> evaluation_limbs{ limbs.data() + FIELD_SIZE, FIELD_SIZE };

        std::span<const stdlib::field_t<Builder>, COMMITMENT_SIZE> commitment_limbs{ limbs.data() + 2 * FIELD_SIZE,

                                                                                     COMMITMENT_SIZE };

        auto challenge = Fr::reconstruct_from_public(challenge_limbs);

        auto evaluation = Fr::reconstruct_from_public(evaluation_limbs);

        auto commitment = Commitment::reconstruct_from_public(commitment_limbs);


        return OpeningClaim<Curve>{ { challenge, evaluation }, commitment };

    }


    static OpeningClaim<Curve> reconstruct_from_public(const std::span<const bb::fr, PUBLIC_INPUTS_SIZE>& limbs)

        requires(std::is_same_v<Curve, curve::Grumpkin>)

    {

        const size_t FIELD_SIZE = Fr::PUBLIC_INPUTS_SIZE;

        const size_t COMMITMENT_SIZE = Commitment::PUBLIC_INPUTS_SIZE;

        std::span<const bb::fr, FIELD_SIZE> challenge_limbs{ limbs.data(), FIELD_SIZE };

        std::span<const bb::fr, FIELD_SIZE> evaluation_limbs{ limbs.data() + FIELD_SIZE, FIELD_SIZE };

        std::span<const bb::fr, COMMITMENT_SIZE> commitment_limbs{ limbs.data() + 2 * FIELD_SIZE, COMMITMENT_SIZE };


        Fr challenge = Fr::reconstruct_from_public(challenge_limbs);

        Fr evaluation = Fr::reconstruct_from_public(evaluation_limbs);

        Commitment commitment = Commitment::reconstruct_from_public(commitment_limbs);


        return OpeningClaim<Curve>{ { challenge, evaluation }, commitment };

    }


    auto get_native_opening_claim() const

        requires(Curve::is_stdlib_type)

    {

        return OpeningClaim<typename Curve::NativeCurve>{

            { static_cast<typename Curve::NativeCurve::ScalarField>(opening_pair.challenge.get_value()),

              static_cast<typename Curve::NativeCurve::ScalarField>(opening_pair.evaluation.get_value()) },

            commitment.get_value()

        };

    }


    bool operator==(const OpeningClaim& other) const = default;

};


template <typename Curve> struct BatchOpeningClaim {


    using Commitment = typename Curve::AffineElement;

    using Scalar = typename Curve::ScalarField;


    std::vector<Commitment> commitments;

    std::vector<Scalar> scalars;

    Scalar evaluation_point;

};


} // namespace bb

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43

bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:53

bb::OpeningClaim::reconstruct_from_public
static OpeningClaim< Curve > reconstruct_from_public(const std::span< const stdlib::field_t< Builder >, PUBLIC_INPUTS_SIZE > &limbs)
Reconstruct an opening claim from limbs stored on the public inputs.
Definition claim.hpp:91

bb::OpeningClaim::reconstruct_from_public
static OpeningClaim< Curve > reconstruct_from_public(const std::span< const bb::fr, PUBLIC_INPUTS_SIZE > &limbs)
Reconstruct a native opening claim from native field elements.
Definition claim.hpp:113

bb::OpeningClaim::opening_pair
OpeningPair< Curve > opening_pair
Definition claim.hpp:62

bb::OpeningClaim::Builder
std::conditional_t< std::is_same_v< Curve, stdlib::grumpkin< UltraCircuitBuilder > >, UltraCircuitBuilder, void > Builder
Definition claim.hpp:60

bb::OpeningClaim::get_native_opening_claim
auto get_native_opening_claim() const
Definition claim.hpp:129

bb::OpeningClaim::IS_GRUMPKIN
static constexpr bool IS_GRUMPKIN
Definition claim.hpp:66

bb::OpeningClaim::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition claim.hpp:69

bb::OpeningClaim::commitment
Commitment commitment
Definition claim.hpp:64

bb::OpeningClaim::operator==
bool operator==(const OpeningClaim &other) const =default

bb::OpeningClaim::set_public
uint32_t set_public()
Set the witness indices for the opening claim to public.
Definition claim.hpp:76

bb::OpeningClaim::Commitment
typename Curve::AffineElement Commitment
Definition claim.hpp:55

bb::OpeningClaim::Fr
typename Curve::ScalarField Fr
Definition claim.hpp:56

bb::OpeningPair
Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v.
Definition claim.hpp:19

bb::OpeningPair::Fr
typename Curve::ScalarField Fr
Definition claim.hpp:20

bb::OpeningPair::evaluation
Fr evaluation
Definition claim.hpp:24

bb::OpeningPair::challenge
Fr challenge
Definition claim.hpp:23

bb::OpeningPair::operator==
bool operator==(const OpeningPair &other) const =default

bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75

bb::ProverOpeningClaim
Polynomial p and an opening pair (r,v) such that p(r) = v.
Definition claim.hpp:34

bb::ProverOpeningClaim::polynomial
Polynomial polynomial
Definition claim.hpp:39

bb::ProverOpeningClaim::opening_pair
OpeningPair< Curve > opening_pair
Definition claim.hpp:40

bb::ProverOpeningClaim::gemini_fold
bool gemini_fold
Definition claim.hpp:43

bb::ProverOpeningClaim::Fr
typename Curve::ScalarField Fr
Definition claim.hpp:35

bb::curve::Grumpkin
Definition grumpkin.hpp:57

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:59

bb::stdlib::field_t
Definition field.hpp:45

commitment_key.hpp

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:18

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomial.hpp

grumpkin.hpp

bb::BatchOpeningClaim
An accumulator consisting of the Shplonk evaluation challenge and vectors of commitments and scalars.
Definition claim.hpp:151

bb::BatchOpeningClaim::Scalar
typename Curve::ScalarField Scalar
Definition claim.hpp:154

bb::BatchOpeningClaim::evaluation_point
Scalar evaluation_point
Definition claim.hpp:158

bb::BatchOpeningClaim::commitments
std::vector< Commitment > commitments
Definition claim.hpp:156

bb::BatchOpeningClaim::scalars
std::vector< Scalar > scalars
Definition claim.hpp:157

bb::BatchOpeningClaim::Commitment
typename Curve::AffineElement Commitment
Definition claim.hpp:153

bb::field< Bn254FqParams >

bb::field< Bn254FrParams >::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition field_declarations.hpp:47

bb::field< Bn254FrParams >::reconstruct_from_public
static field reconstruct_from_public(const std::span< const field< V >, PUBLIC_INPUTS_SIZE > &limbs)