Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
eccvm_transcript.test.cpp
Go to the documentation of this file.
1#include "barretenberg/commitment_schemes/ipa/ipa.hpp"
2#include "barretenberg/ecc/curves/bn254/g1.hpp"
3#include "barretenberg/eccvm/eccvm_flavor.hpp"
4#include "barretenberg/eccvm/eccvm_prover.hpp"
5#include "barretenberg/eccvm/eccvm_test_utils.hpp"
6#include "barretenberg/eccvm/eccvm_verifier.hpp"
7#include "barretenberg/flavor/flavor.hpp"
8#include "barretenberg/numeric/bitop/get_msb.hpp"
9#include "barretenberg/polynomials/univariate.hpp"
10#include "barretenberg/srs/global_crs.hpp"
11#include "barretenberg/transcript/transcript.hpp"
12#include <gtest/gtest.h>
13
14using namespace bb;
15using eccvm_test_utils::add_hiding_op_for_test;
16
17class ECCVMTranscriptTests : public ::testing::Test {
18 public:
19 void SetUp() override { srs::init_file_crs_factory(srs::bb_crs_path()); };
20 using FF = grumpkin::fr;
21 using Flavor = ECCVMFlavor;
22 using Transcript = Flavor::Transcript;
23 using PCS = IPA<Flavor::Curve, CONST_ECCVM_LOG_N>;
35 TranscriptManifest construct_eccvm_honk_manifest()
36 {
37 TranscriptManifest manifest_expected;
38 // Size of types is number of bb::frs needed to represent the type
39 size_t frs_per_Fq = FrCodec::calc_num_fields<FF>();
40 size_t frs_per_Fr = FrCodec::calc_num_fields<Flavor::BF>();
41 size_t frs_per_G = FrCodec::calc_num_fields<typename Flavor::Commitment>();
42 size_t frs_per_evals = (Flavor::NUM_ALL_ENTITIES)*frs_per_Fq;
43
44 size_t round = 0;
45 manifest_expected.add_entry(round, "vk_hash", frs_per_Fr);
46 manifest_expected.add_entry(round, "Gemini:masking_poly_comm", frs_per_G);
47 manifest_expected.add_entry(round, "TRANSCRIPT_ADD", frs_per_G);
48 manifest_expected.add_entry(round, "TRANSCRIPT_EQ", frs_per_G);
49 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_TRANSITION", frs_per_G);
50 manifest_expected.add_entry(round, "TRANSCRIPT_PX", frs_per_G);
51 manifest_expected.add_entry(round, "TRANSCRIPT_PY", frs_per_G);
52 manifest_expected.add_entry(round, "TRANSCRIPT_Z1", frs_per_G);
53 manifest_expected.add_entry(round, "TRANSCRIPT_Z2", frs_per_G);
54 manifest_expected.add_entry(round, "TRANSCRIPT_Z1ZERO", frs_per_G);
55 manifest_expected.add_entry(round, "TRANSCRIPT_Z2ZERO", frs_per_G);
56 manifest_expected.add_entry(round, "TRANSCRIPT_OP", frs_per_G);
57 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_X", frs_per_G);
58 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_Y", frs_per_G);
59 manifest_expected.add_entry(round, "PRECOMPUTE_POINT_TRANSITION", frs_per_G);
60 manifest_expected.add_entry(round, "PRECOMPUTE_S1LO", frs_per_G);
61 manifest_expected.add_entry(round, "PRECOMPUTE_S2HI", frs_per_G);
62 manifest_expected.add_entry(round, "PRECOMPUTE_S2LO", frs_per_G);
63 manifest_expected.add_entry(round, "PRECOMPUTE_S3HI", frs_per_G);
64 manifest_expected.add_entry(round, "PRECOMPUTE_S3LO", frs_per_G);
65 manifest_expected.add_entry(round, "PRECOMPUTE_S4HI", frs_per_G);
66 manifest_expected.add_entry(round, "PRECOMPUTE_S4LO", frs_per_G);
67 manifest_expected.add_entry(round, "PRECOMPUTE_SKEW", frs_per_G);
68 manifest_expected.add_entry(round, "MSM_SIZE_OF_MSM", frs_per_G);
69 manifest_expected.add_entry(round, "MSM_ADD2", frs_per_G);
70 manifest_expected.add_entry(round, "MSM_ADD3", frs_per_G);
71 manifest_expected.add_entry(round, "MSM_ADD4", frs_per_G);
72 manifest_expected.add_entry(round, "MSM_X1", frs_per_G);
73 manifest_expected.add_entry(round, "MSM_Y1", frs_per_G);
74 manifest_expected.add_entry(round, "MSM_X2", frs_per_G);
75 manifest_expected.add_entry(round, "MSM_Y2", frs_per_G);
76 manifest_expected.add_entry(round, "MSM_X3", frs_per_G);
77 manifest_expected.add_entry(round, "MSM_Y3", frs_per_G);
78 manifest_expected.add_entry(round, "MSM_X4", frs_per_G);
79 manifest_expected.add_entry(round, "MSM_Y4", frs_per_G);
80 manifest_expected.add_entry(round, "MSM_COLLISION_X1", frs_per_G);
81 manifest_expected.add_entry(round, "MSM_COLLISION_X2", frs_per_G);
82 manifest_expected.add_entry(round, "MSM_COLLISION_X3", frs_per_G);
83 manifest_expected.add_entry(round, "MSM_COLLISION_X4", frs_per_G);
84 manifest_expected.add_entry(round, "MSM_LAMBDA1", frs_per_G);
85 manifest_expected.add_entry(round, "MSM_LAMBDA2", frs_per_G);
86 manifest_expected.add_entry(round, "MSM_LAMBDA3", frs_per_G);
87 manifest_expected.add_entry(round, "MSM_LAMBDA4", frs_per_G);
88 manifest_expected.add_entry(round, "MSM_SLICE1", frs_per_G);
89 manifest_expected.add_entry(round, "MSM_SLICE2", frs_per_G);
90 manifest_expected.add_entry(round, "MSM_SLICE3", frs_per_G);
91 manifest_expected.add_entry(round, "MSM_SLICE4", frs_per_G);
92 manifest_expected.add_entry(round, "TRANSCRIPT_RESET_ACCUMULATOR", frs_per_G);
93 manifest_expected.add_entry(round, "LOOKUP_READ_COUNTS_0", frs_per_G);
94 manifest_expected.add_entry(round, "LOOKUP_READ_COUNTS_1", frs_per_G);
95 manifest_expected.add_entry(round, "TRANSCRIPT_BASE_INFINITY", frs_per_G);
96 manifest_expected.add_entry(round, "TRANSCRIPT_BASE_X_INVERSE", frs_per_G);
97 manifest_expected.add_entry(round, "TRANSCRIPT_BASE_Y_INVERSE", frs_per_G);
98 manifest_expected.add_entry(round, "TRANSCRIPT_ADD_X_EQUAL", frs_per_G);
99 manifest_expected.add_entry(round, "TRANSCRIPT_ADD_Y_EQUAL", frs_per_G);
100 manifest_expected.add_entry(round, "TRANSCRIPT_ADD_LAMBDA", frs_per_G);
101 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_INTERMEDIATE_X", frs_per_G);
102 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_INTERMEDIATE_Y", frs_per_G);
103 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_INFINITY", frs_per_G);
104 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_X_INVERSE", frs_per_G);
105 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_ZERO_AT_TRANSITION", frs_per_G);
106 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT_AT_TRANSITION_INVERSE", frs_per_G);
107 manifest_expected.add_entry(round, "TRANSCRIPT_MUL", frs_per_G);
108 manifest_expected.add_entry(round, "TRANSCRIPT_MSM_COUNT", frs_per_G);
109 manifest_expected.add_entry(round, "PRECOMPUTE_SCALAR_SUM", frs_per_G);
110 manifest_expected.add_entry(round, "PRECOMPUTE_S1HI", frs_per_G);
111 manifest_expected.add_entry(round, "PRECOMPUTE_DX", frs_per_G);
112 manifest_expected.add_entry(round, "PRECOMPUTE_DY", frs_per_G);
113 manifest_expected.add_entry(round, "PRECOMPUTE_TX", frs_per_G);
114 manifest_expected.add_entry(round, "PRECOMPUTE_TY", frs_per_G);
115 manifest_expected.add_entry(round, "MSM_TRANSITION", frs_per_G);
116 manifest_expected.add_entry(round, "MSM_ADD", frs_per_G);
117 manifest_expected.add_entry(round, "MSM_DOUBLE", frs_per_G);
118 manifest_expected.add_entry(round, "MSM_SKEW", frs_per_G);
119 manifest_expected.add_entry(round, "MSM_ACCUMULATOR_X", frs_per_G);
120 manifest_expected.add_entry(round, "MSM_ACCUMULATOR_Y", frs_per_G);
121 manifest_expected.add_entry(round, "MSM_COUNT", frs_per_G);
122 manifest_expected.add_entry(round, "MSM_ROUND", frs_per_G);
123 manifest_expected.add_entry(round, "MSM_ADD1", frs_per_G);
124 manifest_expected.add_entry(round, "MSM_PC", frs_per_G);
125 manifest_expected.add_entry(round, "PRECOMPUTE_PC", frs_per_G);
126 manifest_expected.add_entry(round, "TRANSCRIPT_PC", frs_per_G);
127 manifest_expected.add_entry(round, "PRECOMPUTE_ROUND", frs_per_G);
128 manifest_expected.add_entry(round, "PRECOMPUTE_SELECT", frs_per_G);
129 manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_NOT_EMPTY", frs_per_G);
130 manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_X", frs_per_G);
131 manifest_expected.add_entry(round, "TRANSCRIPT_ACCUMULATOR_Y", frs_per_G);
132 manifest_expected.add_challenge(round, std::array{ "beta", "gamma" });
133
134 round++;
135 manifest_expected.add_entry(round, "LOOKUP_INVERSES", frs_per_G);
136 manifest_expected.add_entry(round, "Z_PERM", frs_per_G);
137 manifest_expected.add_challenge(round, "Sumcheck:alpha");
138
139 for (size_t i = 0; i < CONST_ECCVM_LOG_N; i++) {
140 round++;
141 std::string label = "Sumcheck:gate_challenge_" + std::to_string(i);
142 manifest_expected.add_challenge(round, label);
143 }
144 round++;
145
146 manifest_expected.add_entry(round, "Libra:concatenation_commitment", frs_per_G);
147 manifest_expected.add_entry(round, "Libra:Sum", frs_per_Fq);
148 // get the challenge for the ZK Sumcheck claim
149 manifest_expected.add_challenge(round, "Libra:Challenge");
150
151 for (size_t i = 0; i < CONST_ECCVM_LOG_N; ++i) {
152 round++;
153 std::string idx = std::to_string(i);
154 manifest_expected.add_entry(round, "Sumcheck:univariate_comm_" + idx, frs_per_G);
155 manifest_expected.add_entry(round, "Sumcheck:univariate_" + idx + "_eval_0", frs_per_Fq);
156 manifest_expected.add_entry(round, "Sumcheck:univariate_" + idx + "_eval_1", frs_per_Fq);
157 std::string label = "Sumcheck:u_" + idx;
158 manifest_expected.add_challenge(round, label);
159 }
160
161 round++;
162
163 manifest_expected.add_entry(round, "Sumcheck:evaluations", frs_per_evals);
164 manifest_expected.add_entry(round, "Libra:claimed_evaluation", frs_per_Fq);
165 manifest_expected.add_entry(round, "Libra:grand_sum_commitment", frs_per_G);
166 manifest_expected.add_entry(round, "Libra:quotient_commitment", frs_per_G);
167
168 manifest_expected.add_challenge(round, "rho");
169
170 round++;
171 for (size_t i = 1; i < CONST_ECCVM_LOG_N; ++i) {
172 std::string idx = std::to_string(i);
173 manifest_expected.add_entry(round, "Gemini:FOLD_" + idx, frs_per_G);
174 }
175 manifest_expected.add_challenge(round, "Gemini:r");
176 round++;
177 for (size_t i = 1; i <= CONST_ECCVM_LOG_N; ++i) {
178 std::string idx = std::to_string(i);
179 manifest_expected.add_entry(round, "Gemini:a_" + idx, frs_per_Fq);
180 }
181 manifest_expected.add_entry(round, "Libra:concatenation_eval", frs_per_Fq);
182 manifest_expected.add_entry(round, "Libra:shifted_grand_sum_eval", frs_per_Fq);
183 manifest_expected.add_entry(round, "Libra:grand_sum_eval", frs_per_Fq);
184 manifest_expected.add_entry(round, "Libra:quotient_eval", frs_per_Fq);
185 manifest_expected.add_challenge(round, "Shplonk:nu");
186 round++;
187 manifest_expected.add_entry(round, "Shplonk:Q", frs_per_G);
188 manifest_expected.add_challenge(round, "Shplonk:z");
189
190 round++;
191 manifest_expected.add_entry(round, "Translation:concatenated_masking_term_commitment", frs_per_G);
192 manifest_expected.add_challenge(round, "Translation:evaluation_challenge_x");
193
194 round++;
195 manifest_expected.add_entry(round, "Translation:op", frs_per_Fq);
196 manifest_expected.add_entry(round, "Translation:Px", frs_per_Fq);
197 manifest_expected.add_entry(round, "Translation:Py", frs_per_Fq);
198 manifest_expected.add_entry(round, "Translation:z1", frs_per_Fq);
199 manifest_expected.add_entry(round, "Translation:z2", frs_per_Fq);
200 manifest_expected.add_challenge(round, "Translation:batching_challenge_v");
201
202 round++;
203 manifest_expected.add_entry(round, "Translation:masking_term_eval", frs_per_Fq);
204 manifest_expected.add_entry(round, "Translation:grand_sum_commitment", frs_per_G);
205 manifest_expected.add_entry(round, "Translation:quotient_commitment", frs_per_G);
206 manifest_expected.add_challenge(round, "Translation:small_ipa_evaluation_challenge");
207
208 round++;
209 manifest_expected.add_entry(round, "Translation:concatenation_eval", frs_per_Fq);
210 manifest_expected.add_entry(round, "Translation:grand_sum_shift_eval", frs_per_Fq);
211 manifest_expected.add_entry(round, "Translation:grand_sum_eval", frs_per_Fq);
212 manifest_expected.add_entry(round, "Translation:quotient_eval", frs_per_Fq);
213 manifest_expected.add_challenge(round, "Shplonk:nu");
214
215 round++;
216 manifest_expected.add_entry(round, "Shplonk:Q", frs_per_G);
217 manifest_expected.add_challenge(round, "Shplonk:z");
218
219 return manifest_expected;
220 }
221
222 TranscriptManifest construct_eccvm_ipa_manifest()
223 {
224 TranscriptManifest manifest_expected;
225 // Size of types is number of bb::frs needed to represent the type
226 size_t frs_per_Fq = FrCodec::calc_num_fields<FF>();
227 size_t frs_per_G = FrCodec::calc_num_fields<Flavor::Commitment>();
228 size_t round = 0;
229
230 manifest_expected.add_entry(round, "IPA:commitment", frs_per_G);
231 manifest_expected.add_entry(round, "IPA:challenge", frs_per_Fq);
232 manifest_expected.add_entry(round, "IPA:evaluation", frs_per_Fq);
233 manifest_expected.add_challenge(round, "IPA:generator_challenge");
234
235 for (size_t i = 0; i < CONST_ECCVM_LOG_N; ++i) {
236 round++;
237 std::string idx = std::to_string(CONST_ECCVM_LOG_N - i - 1);
238 manifest_expected.add_entry(round, "IPA:L_" + idx, frs_per_G);
239 manifest_expected.add_entry(round, "IPA:R_" + idx, frs_per_G);
240 std::string label = "IPA:round_challenge_" + idx;
241 manifest_expected.add_challenge(round, label);
242 }
243
244 round++;
245 manifest_expected.add_entry(round, "IPA:G_0", frs_per_G);
246 manifest_expected.add_entry(round, "IPA:a_0", frs_per_Fq);
247 return manifest_expected;
248 }
249
250 ECCVMCircuitBuilder generate_trace(numeric::RNG* engine = nullptr)
251 {
252 std::shared_ptr<ECCOpQueue> op_queue = std::make_shared<ECCOpQueue>();
253 using G1 = typename Flavor::CycleGroup;
254 using Fr = typename G1::Fr;
255
256 auto generators = G1::derive_generators("test generators", 3);
257
258 typename G1::element a = generators[0];
259 typename G1::element b = generators[1];
260 typename G1::element c = generators[2];
261 Fr x = Fr::random_element(engine);
262 Fr y = Fr::random_element(engine);
263
264 op_queue->add_accumulate(a);
265 op_queue->mul_accumulate(a, x);
266 op_queue->mul_accumulate(b, x);
267 op_queue->mul_accumulate(b, y);
268 op_queue->add_accumulate(a);
269 op_queue->mul_accumulate(b, x);
270 op_queue->eq_and_reset();
271 op_queue->add_accumulate(c);
272 op_queue->mul_accumulate(a, x);
273 op_queue->mul_accumulate(b, x);
274 op_queue->eq_and_reset();
275 op_queue->mul_accumulate(a, x);
276 op_queue->mul_accumulate(b, x);
277 op_queue->mul_accumulate(c, x);
278 op_queue->merge();
279 add_hiding_op_for_test(op_queue);
280
281 ECCVMCircuitBuilder builder{ op_queue };
282 return builder;
283 }
284};
285
286numeric::RNG& engine = numeric::get_debug_randomness();
287
292TEST_F(ECCVMTranscriptTests, ProverManifestConsistency)
293{
294 // Construct a simple circuit
295 auto builder = this->generate_trace(&engine);
296
297 // Automatically generate a transcript manifest by constructing a proof
298 std::shared_ptr<Transcript> prover_transcript = std::make_shared<Transcript>();
299 ECCVMProver prover(builder, prover_transcript);
300 prover.transcript->enable_manifest();
301 auto [proof, opening_claim] = prover.construct_proof();
302
303 // Compute IPA proof with manifest enabled
304 auto ipa_transcript = std::make_shared<Transcript>();
305 ipa_transcript->enable_manifest();
306 PCS::compute_opening_proof(prover.key->commitment_key, opening_claim, ipa_transcript);
307
308 // Check that the prover generated manifest agrees with the manifest hard coded in this suite
309 auto manifest_expected = this->construct_eccvm_honk_manifest();
310 auto prover_manifest = prover.transcript->get_manifest();
311
312 // Note: a manifest can be printed using manifest.print()
313 ASSERT_GT(manifest_expected.size(), 0);
314 for (size_t round = 0; round < manifest_expected.size(); ++round) {
315 ASSERT_EQ(prover_manifest[round], manifest_expected[round]) << "Prover manifest discrepency in round " << round;
316 }
317
318 auto ipa_manifest_expected = this->construct_eccvm_ipa_manifest();
319 auto prover_ipa_manifest = ipa_transcript->get_manifest();
320
321 // Note: a manifest can be printed using manifest.print()
322 ASSERT_GT(ipa_manifest_expected.size(), 0);
323 for (size_t round = 0; round < ipa_manifest_expected.size(); ++round) {
324 ASSERT_EQ(prover_ipa_manifest[round], ipa_manifest_expected[round])
325 << "IPA prover manifest discrepency in round " << round;
326 }
327}
328
334TEST_F(ECCVMTranscriptTests, VerifierManifestConsistency)
335{
336 // Construct a simple circuit
337 auto builder = this->generate_trace(&engine);
338
339 // Automatically generate a transcript manifest in the prover by constructing a proof
340 std::shared_ptr<Transcript> prover_transcript = std::make_shared<Transcript>();
341 ECCVMProver prover(builder, prover_transcript);
342 prover_transcript->enable_manifest();
343 auto [proof, opening_claim] = prover.construct_proof();
344
345 // Compute IPA proof with manifest enabled
346 auto prover_ipa_transcript = std::make_shared<Transcript>();
347 prover_ipa_transcript->enable_manifest();
348 PCS::compute_opening_proof(prover.key->commitment_key, opening_claim, prover_ipa_transcript);
349
350 // Automatically generate a transcript manifest in the verifier by verifying a proof
351 std::shared_ptr<Transcript> verifier_transcript = std::make_shared<Transcript>();
352 verifier_transcript->enable_manifest();
353 ECCVMVerifier verifier(verifier_transcript, proof);
354 auto verification_result = verifier.reduce_to_ipa_opening();
355
356 // Verify IPA with manifest enabled
357 auto verifier_ipa_transcript = std::make_shared<Transcript>(prover_ipa_transcript->export_proof());
358 verifier_ipa_transcript->enable_manifest();
359 auto ipa_vk = VerifierCommitmentKey<curve::Grumpkin>{ ECCVMFlavor::ECCVM_FIXED_SIZE };
360 IPA<curve::Grumpkin>::reduce_verify(ipa_vk, verification_result.ipa_claim, verifier_ipa_transcript);
361
362 // Check consistency between the manifests generated by the prover and verifier
363 auto prover_manifest = prover.transcript->get_manifest();
364 auto verifier_manifest = verifier.get_transcript()->get_manifest();
365
366 // Note: a manifest can be printed using manifest.print()
367 // The last challenge generated by the ECCVM Prover is the translation univariate batching challenge and, on the
368 // verifier side, is only generated in the translator verifier hence the ECCVM prover's manifest will have one extra
369 // challenge
370 ASSERT_GT(prover_manifest.size(), 0);
371 for (size_t round = 0; round < prover_manifest.size() - 1; ++round) {
372 ASSERT_EQ(prover_manifest[round], verifier_manifest[round])
373 << "Prover/Verifier manifest discrepency in round " << round;
374 }
375
376 // Check consistency of IPA transcripts
377 auto prover_ipa_manifest = prover_ipa_transcript->get_manifest();
378 auto verifier_ipa_manifest = verifier_ipa_transcript->get_manifest();
379 ASSERT_GT(prover_ipa_manifest.size(), 0);
380 for (size_t round = 0; round < prover_ipa_manifest.size(); ++round) {
381 ASSERT_EQ(prover_ipa_manifest[round], verifier_ipa_manifest[round])
382 << "Prover/Verifier IPA manifest discrepency in round " << round;
383 }
384}
385
391TEST_F(ECCVMTranscriptTests, ChallengeGenerationTest)
392{
393 // initialized with random value sent to verifier
394 auto transcript = Flavor::Transcript::prover_init_empty();
395 // test a bunch of challenges
396 std::vector<std::string> challenge_labels{ "a", "b", "c", "d", "e", "f" };
397 auto challenges = transcript->template get_challenges<FF>(challenge_labels);
398 // check they are not 0
399 for (size_t i = 0; i < challenges.size(); ++i) {
400 ASSERT_NE(challenges[i], 0) << "Challenge " << i << " is 0";
401 }
402 constexpr uint32_t random_val{ 17 }; // arbitrary
403 transcript->send_to_verifier("random val", random_val);
404 // test more challenges
405 challenge_labels = { "a", "b", "c" };
406 challenges = transcript->template get_challenges<FF>(challenge_labels);
407
408 ASSERT_NE(challenges[0], 0) << "Challenge a is 0";
409 ASSERT_NE(challenges[1], 0) << "Challenge b is 0";
410 ASSERT_NE(challenges[2], 0) << "Challenge c is 0";
411}
ECCVMTranscriptTests::generate_trace
ECCVMCircuitBuilder generate_trace(numeric::RNG *engine=nullptr)
Definition eccvm_transcript.test.cpp:250
ECCVMTranscriptTests::construct_eccvm_honk_manifest
TranscriptManifest construct_eccvm_honk_manifest()
Construct a manifest for a ECCVM Honk proof.
Definition eccvm_transcript.test.cpp:35
ECCVMTranscriptTests::construct_eccvm_ipa_manifest
TranscriptManifest construct_eccvm_ipa_manifest()
Definition eccvm_transcript.test.cpp:222
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::ECCVMFlavor::ECCVM_FIXED_SIZE
static constexpr size_t ECCVM_FIXED_SIZE
Definition eccvm_flavor.hpp:64
bb::ECCVMFlavor::NUM_ALL_ENTITIES
static constexpr size_t NUM_ALL_ENTITIES
Definition eccvm_flavor.hpp:75
bb::ECCVMFlavor::Transcript
BaseTranscript< Codec, HashFunction > Transcript
Definition eccvm_flavor.hpp:51
bb::ECCVMProver::transcript
std::shared_ptr< Transcript > transcript
Definition eccvm_prover.hpp:55
bb::ECCVMProver::construct_proof
std::pair< Proof, OpeningClaim > construct_proof()
Definition eccvm_prover.cpp:202
bb::ECCVMProver::key
std::shared_ptr< ProvingKey > key
Definition eccvm_prover.hpp:73
bb::ECCVMVerifier_
Unified ECCVM verifier class for both native and recursive verification.
Definition eccvm_verifier.hpp:19
bb::ECCVMVerifier_::get_transcript
std::shared_ptr< Transcript > get_transcript() const
Definition eccvm_verifier.hpp:91
bb::ECCVMVerifier_::reduce_to_ipa_opening
ReductionResult reduce_to_ipa_opening()
Reduce the ECCVM proof to an IPA opening claim.
Definition eccvm_verifier.cpp:20
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:93
bb::TranscriptManifest::add_entry
void add_entry(size_t round, const std::string &element_label, size_t element_size)
Definition transcript_manifest.hpp:78
bb::TranscriptManifest::add_challenge
void add_challenge(size_t round, const std::string &label)
Add a single challenge label to the manifest for the given round.
Definition transcript_manifest.hpp:45
bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
a
FF a
Definition field_gt.test.cpp:52
b
FF b
Definition field_gt.test.cpp:53
eccvm_flavor.hpp
eccvm_prover.hpp
eccvm_test_utils.hpp
engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:286
eccvm_verifier.hpp
flavor.hpp
Base class templates for structures that contain data parameterized by the fundamental polynomials of...
get_msb.hpp
global_crs.hpp
bb::eccvm_test_utils::add_hiding_op_for_test
void add_hiding_op_for_test(const std::shared_ptr< ECCOpQueue > &op_queue)
Set a hiding op on the op_queue for testing.
Definition eccvm_test_utils.hpp:70
bb::numeric::get_debug_randomness
RNG & get_debug_randomness(bool reset, std::uint_fast64_t seed)
Definition engine.cpp:190
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::TEST_F
TEST_F(IPATest, ChallengesAreZero)
Definition ipa.test.cpp:185
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402
G1
Curve::AffineElement G1
Definition pippenger.bench.cpp:29
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:677