Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
eccvm_trace_checker.cpp
Go to the documentation of this file.
1#include "eccvm_trace_checker.hpp"
2#include "barretenberg/eccvm/eccvm_flavor.hpp"
3#include "barretenberg/honk/library/grand_product_library.hpp"
4
5using namespace bb;
6
7using Flavor = ECCVMFlavor;
8using Builder = typename ECCVMFlavor::CircuitBuilder;
9using FF = typename ECCVMFlavor::FF;
10using ProverPolynomials = typename ECCVMFlavor::ProverPolynomials;
11
12bool ECCVMTraceChecker::check(Builder& builder,
13 numeric::RNG* engine_ptr
14#ifdef FUZZING
15 ,
16 bool disable_fixed_dyadic_trace_size
17#endif
18)
19{
20 const FF gamma = FF::random_element(engine_ptr);
21 const FF beta = FF::random_element(engine_ptr);
22 const FF beta_sqr = beta.sqr();
23 const FF beta_cube = beta_sqr * beta;
24 auto eccvm_set_permutation_delta =
25 gamma * (gamma + beta_sqr) * (gamma + beta_sqr + beta_sqr) * (gamma + beta_sqr + beta_sqr + beta_sqr);
26 eccvm_set_permutation_delta = eccvm_set_permutation_delta.invert();
27 bb::RelationParameters<typename Flavor::FF> params{
28 .eta = 0,
29 .beta = beta,
30 .gamma = gamma,
31 .public_input_delta = 0,
32 .beta_sqr = beta_sqr,
33 .beta_cube = beta_cube,
34 .eccvm_set_permutation_delta = eccvm_set_permutation_delta,
35 };
36
37#ifdef FUZZING
38 ProverPolynomials polynomials(builder, disable_fixed_dyadic_trace_size);
39#else
40 ProverPolynomials polynomials(builder);
41#endif
42 const size_t num_rows = polynomials.get_polynomial_size();
43 const size_t unmasked_witness_size = num_rows - NUM_DISABLED_ROWS_IN_SUMCHECK;
44 compute_logderivative_inverse<FF, ECCVMLookupRelation<FF>>(polynomials, params, unmasked_witness_size);
45 compute_grand_product<Flavor, ECCVMSetRelation<FF>>(polynomials, params, unmasked_witness_size);
46
47 polynomials.z_perm_shift = Polynomial(polynomials.z_perm.shifted());
48
49 const auto evaluate_relation = [&]<typename Relation>(const std::string& relation_name) {
50 typename Relation::SumcheckArrayOfValuesOverSubrelations result;
51 for (auto& r : result) {
52 r = 0;
53 }
54 constexpr size_t NUM_SUBRELATIONS = result.size();
55
56 for (size_t i = 0; i < num_rows; ++i) {
57 auto row = polynomials.get_row(i);
58#ifdef FUZZING
59 // Check if the relation is skippable and should be skipped (only in fuzzing builds)
60 if constexpr (isSkippable<Relation, decltype(row)>) {
61 // Only accumulate if the relation should not be skipped
62 if (!Relation::skip(row)) {
63 Relation::accumulate(result, row, params, 1);
64 }
65 } else {
66 // If not skippable, always accumulate
67 Relation::accumulate(result, row, params, 1);
68 }
69#else
70 // In non-fuzzing builds, always accumulate for maximum security
71 Relation::accumulate(result, row, params, 1);
72#endif
73
74 bool x = true;
75 for (size_t j = 0; j < NUM_SUBRELATIONS; ++j) {
76 if (result[j] != 0) {
77 info("Relation ", relation_name, ", subrelation index ", j, " failed at row ", i);
78 x = false;
79 }
80 }
81 if (!x) {
82 return false;
83 }
84 }
85 return true;
86 };
87
88 bool result = true;
89 result = result && evaluate_relation.template operator()<ECCVMTranscriptRelation<FF>>("ECCVMTranscriptRelation");
90 result = result && evaluate_relation.template operator()<ECCVMPointTableRelation<FF>>("ECCVMPointTableRelation");
91 result = result && evaluate_relation.template operator()<ECCVMWnafRelation<FF>>("ECCVMWnafRelation");
92 result = result && evaluate_relation.template operator()<ECCVMMSMRelation<FF>>("ECCVMMSMRelation");
93 result = result && evaluate_relation.template operator()<ECCVMSetRelation<FF>>("ECCVMSetRelation");
94 result = result && evaluate_relation.template operator()<ECCVMBoolsRelation<FF>>("ECCVMBoolsRelation");
95
96 using LookupRelation = ECCVMLookupRelation<FF>;
97 typename ECCVMLookupRelation<typename Flavor::FF>::SumcheckArrayOfValuesOverSubrelations lookup_result;
98 for (auto& r : lookup_result) {
99 r = 0;
100 }
101 for (size_t i = 0; i < num_rows; ++i) {
102 LookupRelation::accumulate(lookup_result, polynomials.get_row(i), params, 1);
103 }
104 for (auto r : lookup_result) {
105 if (r != 0) {
106 info("Relation ECCVMLookupRelation failed.");
107 return false;
108 }
109 }
110 return result;
111}
bb::ECCVMFlavor::ProverPolynomials
A container for the prover polynomials.
Definition eccvm_flavor.hpp:458
bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:41
bb::ECCVMFlavor::CircuitBuilder
ECCVMCircuitBuilder CircuitBuilder
Definition eccvm_flavor.hpp:37
bb::ECCVMTraceChecker::check
static bool check(ECCVMCircuitBuilder &, numeric::RNG *engine_ptr=nullptr)
Definition eccvm_trace_checker.cpp:12
bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75
bb::Relation
A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribu...
Definition relation_types.hpp:96
bb::Relation::SumcheckArrayOfValuesOverSubrelations
ArrayOfValues< FF, RelationImpl::SUBRELATION_PARTIAL_LENGTHS > SumcheckArrayOfValuesOverSubrelations
Definition relation_types.hpp:106
info
void info(Args... args)
Definition log.hpp:89
bb::isSkippable
The templates defined herein facilitate sharing the relation arithmetic between the prover and the ve...
Definition relation_types.hpp:70
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
eccvm_flavor.hpp
ProverPolynomials
typename ECCVMFlavor::ProverPolynomials ProverPolynomials
Definition eccvm_trace_checker.cpp:10
eccvm_trace_checker.hpp
grand_product_library.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::RelationParameters
Container for parameters used by the grand product (permutation, lookup) Honk relations.
Definition relation_parameters.hpp:19
bb::field::invert
constexpr field invert() const noexcept
Definition field_impl.hpp:377
bb::field< bb::Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:677
bb::field::sqr
BB_INLINE constexpr field sqr() const noexcept
Definition field_impl.hpp:69