bb::MergeVerifier_< Curve > Class Template Reference

Unified verifier class for the Goblin ECC op queue transcript merge protocol. More...

#include <merge_verifier.hpp>

Classes
struct	InputCommitments
struct	ReductionResult
	Result of merge verification. More...

Public Types
using	FF = typename Curve::ScalarField
using	Commitment = typename Curve::AffineElement
using	GroupElement = typename Curve::Element
using	PCS = bb::KZG< Curve >
using	PairingPoints = std::conditional_t< Curve::is_stdlib_type, stdlib::recursion::PairingPoints< Curve >, bb::PairingPoints< Curve > >
using	Proof = std::vector< FF >
using	Transcript = TranscriptFor_t< Curve >
using	TableCommitments = std::array< Commitment, NUM_WIRES >

Public Member Functions
	MergeVerifier_ (const MergeSettings settings=MergeSettings::PREPEND, std::shared_ptr< Transcript > transcript=std::make_shared< Transcript >())
ReductionResult	reduce_to_pairing_check (const Proof &proof, const InputCommitments &input_commitments)
	Reduce the merge proof to a pairing check.

Public Attributes
MergeSettings	settings
std::shared_ptr< Transcript >	transcript

Static Public Attributes
static constexpr size_t	NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES
static constexpr bool	IsRecursive = Curve::is_stdlib_type
static constexpr size_t	MERGE_BATCHED_CLAIM_SIZE = (3 * NUM_WIRES) + 3

Private Member Functions
bool	check_concatenation_identities (std::vector< FF > &evals, const FF &pow_kappa) const
bool	check_degree_identity (std::vector< FF > &evals, const FF &pow_kappa_minus_one, const std::vector< FF > &degree_check_challenges) const
BatchOpeningClaim< Curve >	compute_shplonk_opening_claim (const std::vector< Commitment > &table_commitments, const Commitment &shplonk_batched_quotient, const FF &shplonk_opening_challenge, const std::vector< FF > &shplonk_batching_challenges, const FF &kappa, const FF &kappa_inv, const std::vector< FF > &evals) const

Private Attributes
std::vector< std::string >	labels_degree_check
std::vector< std::string >	labels_shplonk_batching_challenges

Detailed Description

template<typename Curve>
class bb::MergeVerifier_< Curve >

Unified verifier class for the Goblin ECC op queue transcript merge protocol.

Works for both native verification and recursive (in-circuit) verification

Template Parameters

Curve

The curve type (native curve::BN254 or stdlib bn254<Builder>)

Definition at line 23 of file merge_verifier.hpp.

Member Typedef Documentation

Commitment

template<typename Curve >

using bb::MergeVerifier_< Curve >::Commitment = typename Curve::AffineElement

Definition at line 26 of file merge_verifier.hpp.

FF

template<typename Curve >

using bb::MergeVerifier_< Curve >::FF = typename Curve::ScalarField

Definition at line 25 of file merge_verifier.hpp.

GroupElement

template<typename Curve >

using bb::MergeVerifier_< Curve >::GroupElement = typename Curve::Element

Definition at line 27 of file merge_verifier.hpp.

PairingPoints

template<typename Curve >

using bb::MergeVerifier_< Curve >::PairingPoints = std::conditional_t<Curve::is_stdlib_type, stdlib::recursion::PairingPoints<Curve>, bb::PairingPoints<Curve> >

Definition at line 29 of file merge_verifier.hpp.

PCS

template<typename Curve >

using bb::MergeVerifier_< Curve >::PCS = bb::KZG<Curve>

Definition at line 28 of file merge_verifier.hpp.

Proof

template<typename Curve >

using bb::MergeVerifier_< Curve >::Proof = std::vector<FF>

Definition at line 31 of file merge_verifier.hpp.

TableCommitments

template<typename Curve >

using bb::MergeVerifier_< Curve >::TableCommitments = std::array<Commitment, NUM_WIRES>

Definition at line 42 of file merge_verifier.hpp.

Transcript

template<typename Curve >

using bb::MergeVerifier_< Curve >::Transcript = TranscriptFor_t<Curve>

Definition at line 32 of file merge_verifier.hpp.

Constructor & Destructor Documentation

MergeVerifier_()

template<typename Curve >

bb::MergeVerifier_< Curve >::MergeVerifier_ ( const MergeSettings  settings = MergeSettings::PREPEND, std::shared_ptr< Transcript >  transcript = std::make_shared<Transcript>()  )

inlineexplicit

Definition at line 69 of file merge_verifier.hpp.

Member Function Documentation

check_concatenation_identities()

template<typename Curve >

bool bb::MergeVerifier_< Curve >::check_concatenation_identities ( std::vector< FF > &  evals, const FF &  pow_kappa  ) const

private

Definition at line 16 of file merge_verifier.cpp.

check_degree_identity()

template<typename Curve >

bool bb::MergeVerifier_< Curve >::check_degree_identity ( std::vector< FF > &  evals, const FF &  pow_kappa_minus_one, const std::vector< FF > &  degree_check_challenges  ) const

private

Definition at line 34 of file merge_verifier.cpp.

compute_shplonk_opening_claim()

template<typename Curve >

BatchOpeningClaim< Curve > bb::MergeVerifier_< Curve >::compute_shplonk_opening_claim ( const std::vector< Commitment > &  table_commitments, const Commitment &  shplonk_batched_quotient, const FF &  shplonk_opening_challenge, const std::vector< FF > &  shplonk_batching_challenges, const FF &  kappa, const FF &  kappa_inv, const std::vector< FF > &  evals  ) const

private

Definition at line 55 of file merge_verifier.cpp.

reduce_to_pairing_check()

template<typename Curve >

MergeVerifier_< Curve >::ReductionResult bb::MergeVerifier_< Curve >::reduce_to_pairing_check	(	const Proof &	proof,
		const InputCommitments &	input_commitments
	)

Reduce the merge proof to a pairing check.

Verify proper construction of the aggregate Goblin ECC op queue polynomials T_j.

Verifies the merge protocol's degree and concatenation checks, then reduces the polynomial opening claims to a KZG pairing check. This method does NOT perform the final pairing verification - it returns pairing points that must be verified externally

The merge protocol proves that for each wire column j: M_j(X) = L_j(X) + X^k * R_j(X) (concatenation identity) deg(L_j) < k (degree bound)

Parameters

proof	The merge proof (HonkProof for native, stdlib::Proof<Builder> for recursive)
input_commitments	The input commitments

Returns

ReductionResult containing:

• pairing_points: KZG pairing check points to be verified externally
• merged_commitments: Commitments [M_1]...[M_4] to the merged op queue tables
• reduction_succeeded: true if degree and concatenation checks passed

Verifies that M_j(X) = L_j(X) + X^k * R_j(X) and deg(L_j) < k for j = 1,2,3,4. Checks concatenation and degree identities, then verifies Shplonk opening proof.

See also

MERGE_PROTOCOL.md for complete protocol specification.

Parameters

proof	The merge proof to verify
input_commitments	Commitments to subtable (t) and previous table (T_prev)

Returns

VerificationResult containing pairing points, merged table commitments, and check results

Definition at line 114 of file merge_verifier.cpp.

Member Data Documentation

IsRecursive

template<typename Curve >

constexpr bool bb::MergeVerifier_< Curve >::IsRecursive = Curve::is_stdlib_type

staticconstexpr

Definition at line 37 of file merge_verifier.hpp.

labels_degree_check

template<typename Curve >

std::vector<std::string> bb::MergeVerifier_< Curve >::labels_degree_check

private

Initial value:

= { "LEFT_TABLE_DEGREE_CHECK_0",
                                                     "LEFT_TABLE_DEGREE_CHECK_1",
                                                     "LEFT_TABLE_DEGREE_CHECK_2",
                                                     "LEFT_TABLE_DEGREE_CHECK_3" }

Definition at line 96 of file merge_verifier.hpp.

labels_shplonk_batching_challenges

template<typename Curve >

std::vector<std::string> bb::MergeVerifier_< Curve >::labels_shplonk_batching_challenges

private

Initial value:

= {
        "SHPLONK_MERGE_BATCHING_CHALLENGE_0",  "SHPLONK_MERGE_BATCHING_CHALLENGE_1",
        "SHPLONK_MERGE_BATCHING_CHALLENGE_2",  "SHPLONK_MERGE_BATCHING_CHALLENGE_3",
        "SHPLONK_MERGE_BATCHING_CHALLENGE_4",  "SHPLONK_MERGE_BATCHING_CHALLENGE_5",
        "SHPLONK_MERGE_BATCHING_CHALLENGE_6",  "SHPLONK_MERGE_BATCHING_CHALLENGE_7",
        "SHPLONK_MERGE_BATCHING_CHALLENGE_8",  "SHPLONK_MERGE_BATCHING_CHALLENGE_9",
        "SHPLONK_MERGE_BATCHING_CHALLENGE_10", "SHPLONK_MERGE_BATCHING_CHALLENGE_11",
        "SHPLONK_MERGE_BATCHING_CHALLENGE_12"
    }

Definition at line 101 of file merge_verifier.hpp.

MERGE_BATCHED_CLAIM_SIZE

template<typename Curve >

constexpr size_t bb::MergeVerifier_< Curve >::MERGE_BATCHED_CLAIM_SIZE = (3 * NUM_WIRES) + 3

staticconstexpr

Definition at line 40 of file merge_verifier.hpp.

NUM_WIRES

template<typename Curve >

constexpr size_t bb::MergeVerifier_< Curve >::NUM_WIRES = MegaExecutionTraceBlocks::NUM_WIRES

staticconstexpr

Definition at line 36 of file merge_verifier.hpp.

settings

template<typename Curve >

MergeSettings bb::MergeVerifier_< Curve >::settings

Definition at line 66 of file merge_verifier.hpp.

transcript

template<typename Curve >

std::shared_ptr<Transcript> bb::MergeVerifier_< Curve >::transcript

Definition at line 67 of file merge_verifier.hpp.

---

The documentation for this class was generated from the following files:

• src/barretenberg/goblin/merge_verifier.hpp
• src/barretenberg/goblin/merge_verifier.cpp