Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
eccvm_verifier.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8#include "barretenberg/eccvm/eccvm_flavor.hpp"
9#include "barretenberg/goblin/translation_evaluations.hpp"
10#include "barretenberg/stdlib/eccvm_verifier/eccvm_recursive_flavor.hpp"
11#include "barretenberg/stdlib/proof/proof.hpp"
12
13namespace bb {
14
19template <typename Flavor> class ECCVMVerifier_ {
20 public:
21 using FF = Flavor::FF;
22 using BF = Flavor::BF;
23 using Curve = Flavor::Curve;
24 using Commitment = Flavor::Commitment;
25 using CommitmentLabels = Flavor::CommitmentLabels;
26 using Transcript = Flavor::Transcript;
27 using VerificationKey = Flavor::VerificationKey;
28 using VerifierCommitments = Flavor::VerifierCommitments;
29 using VerifierCommitmentKey = Flavor::VerifierCommitmentKey;
30 using Proof = Flavor::Proof;
31 using PCS = IPA<Curve, CONST_ECCVM_LOG_N>;
32 using TranslatorInputData = TranslatorInputData_<FF>;
33
34 static constexpr bool IsRecursive = Curve::is_stdlib_type;
35 using Builder = std::conditional_t<IsRecursive, typename Flavor::CircuitBuilder, void>;
36
42 struct ReductionResult {
43 OpeningClaim<Curve> ipa_claim; // IPA opening claim for deferred verification
44 bool reduction_succeeded = false; // Aggregate of sumcheck, consistency, and translation masking checks
45 };
46
47 // Unified constructor for both native and recursive verification
48 // For recursive case, extracts builder from proof elements via get_context()
49 ECCVMVerifier_(const std::shared_ptr<Transcript>& transcript, const Proof& proof)
50 : proof(proof)
51 , transcript(transcript)
52 {
53 // ECCVM VK is constant
54 auto native_vk = std::make_shared<ECCVMFlavor::VerificationKey>();
55 if constexpr (IsRecursive) {
56 // Extract builder from proof - safe since transcript cannot hash non-witness elements
57 builder = proof.back().get_context();
58 key = std::make_shared<VerificationKey>(builder, native_vk);
59 vk_hash = stdlib::witness_t<Builder>(builder, native_vk->hash());
60 key->fix_witness();
61 vk_hash.fix_witness();
62 } else {
63 key = native_vk;
64 vk_hash = native_vk->hash();
65 }
66 }
67
79 [[nodiscard("Verification result must be checked")]] ReductionResult reduce_to_ipa_opening();
80
89
90 std::shared_ptr<VerificationKey> get_verification_key() const { return key; }
91 std::shared_ptr<Transcript> get_transcript() const { return transcript; }
92
93 private:
94 void compute_translation_opening_claims(const std::vector<Commitment>& translation_commitments);
95 void compute_accumulated_result();
96
97 std::shared_ptr<VerificationKey> key;
98 Proof proof;
99 BF vk_hash;
100 std::shared_ptr<Transcript> transcript;
101
102 // Builder pointer (only used for recursive, nullptr for native)
103 std::conditional_t<IsRecursive, Builder*, void*> builder = nullptr;
104
105 // Final ShplonkVerifier consumes an array consisting of Translation Opening Claims and a
106 // `multivariate_to_univariate_opening_claim`
107 static constexpr size_t NUM_OPENING_CLAIMS = ECCVMFlavor::NUM_TRANSLATION_OPENING_CLAIMS + 1;
108 std::array<OpeningClaim<Curve>, NUM_OPENING_CLAIMS> opening_claims;
109
110 TranslationEvaluations_<FF> translation_evaluations;
111
112 // Translation evaluation and batching challenges. Propagated to TranslatorVerifier via get_translator_input_data()
113 FF evaluation_challenge_x;
114 FF batching_challenge_v;
115 FF accumulated_result;
116
117 // Intermediate verification state
118 FF translation_masking_term_eval;
119 bool translation_masking_consistency_checked = false;
120};
121
122// Type aliases
123using ECCVMVerifier = ECCVMVerifier_<ECCVMFlavor>;
124using ECCVMRecursiveVerifier = ECCVMVerifier_<ECCVMRecursiveFlavor>;
125
126} // namespace bb
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::ECCVMFlavor::CommitmentLabels
A container for commitment labels.
Definition eccvm_flavor.hpp:882
bb::ECCVMFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witnessk) pol...
Definition eccvm_flavor.hpp:819
bb::ECCVMFlavor::VerifierCommitments_
Definition eccvm_flavor.hpp:987
bb::ECCVMFlavor::VerifierCommitmentKey
bb::VerifierCommitmentKey< Curve > VerifierCommitmentKey
Definition eccvm_flavor.hpp:47
bb::ECCVMFlavor::FF
typename Curve::ScalarField FF
Definition eccvm_flavor.hpp:41
bb::ECCVMFlavor::VerifierCommitments
VerifierCommitments_< Commitment, VerificationKey > VerifierCommitments
Definition eccvm_flavor.hpp:998
bb::ECCVMFlavor::Commitment
typename G1::affine_element Commitment
Definition eccvm_flavor.hpp:45
bb::ECCVMFlavor::BF
typename Curve::BaseField BF
Definition eccvm_flavor.hpp:42
bb::ECCVMFlavor::Curve
curve::Grumpkin Curve
Definition eccvm_flavor.hpp:39
bb::ECCVMFlavor::NUM_TRANSLATION_OPENING_CLAIMS
static constexpr size_t NUM_TRANSLATION_OPENING_CLAIMS
Definition eccvm_flavor.hpp:160
bb::ECCVMFlavor::Transcript
BaseTranscript< Codec, HashFunction > Transcript
Definition eccvm_flavor.hpp:51
bb::ECCVMVerifier_
Unified ECCVM verifier class for both native and recursive verification.
Definition eccvm_verifier.hpp:19
bb::ECCVMVerifier_::translation_masking_consistency_checked
bool translation_masking_consistency_checked
Definition eccvm_verifier.hpp:119
bb::ECCVMVerifier_::batching_challenge_v
FF batching_challenge_v
Definition eccvm_verifier.hpp:114
bb::ECCVMVerifier_::transcript
std::shared_ptr< Transcript > transcript
Definition eccvm_verifier.hpp:100
bb::ECCVMVerifier_::translation_masking_term_eval
FF translation_masking_term_eval
Definition eccvm_verifier.hpp:118
bb::ECCVMVerifier_::builder
std::conditional_t< IsRecursive, Builder *, void * > builder
Definition eccvm_verifier.hpp:103
bb::ECCVMVerifier_::compute_translation_opening_claims
void compute_translation_opening_claims(const std::vector< Commitment > &translation_commitments)
To link the ECCVM Transcript wires op, Px, Py, z1, and z2 to the accumulator computed by the translat...
Definition eccvm_verifier.cpp:147
bb::ECCVMVerifier_::translation_evaluations
TranslationEvaluations_< FF > translation_evaluations
Definition eccvm_verifier.hpp:110
bb::ECCVMVerifier_::BF
Flavor::BF BF
Definition eccvm_verifier.hpp:22
bb::ECCVMVerifier_::NUM_OPENING_CLAIMS
static constexpr size_t NUM_OPENING_CLAIMS
Definition eccvm_verifier.hpp:107
bb::ECCVMVerifier_::ECCVMVerifier_
ECCVMVerifier_(const std::shared_ptr< Transcript > &transcript, const Proof &proof)
Definition eccvm_verifier.hpp:49
bb::ECCVMVerifier_::Builder
std::conditional_t< IsRecursive, typename Flavor::CircuitBuilder, void > Builder
Definition eccvm_verifier.hpp:35
bb::ECCVMVerifier_::key
std::shared_ptr< VerificationKey > key
Definition eccvm_verifier.hpp:97
bb::ECCVMVerifier_::accumulated_result
FF accumulated_result
Definition eccvm_verifier.hpp:115
bb::ECCVMVerifier_::IsRecursive
static constexpr bool IsRecursive
Definition eccvm_verifier.hpp:34
bb::ECCVMVerifier_::evaluation_challenge_x
FF evaluation_challenge_x
Definition eccvm_verifier.hpp:113
bb::ECCVMVerifier_::proof
Proof proof
Definition eccvm_verifier.hpp:98
bb::ECCVMVerifier_::get_verification_key
std::shared_ptr< VerificationKey > get_verification_key() const
Definition eccvm_verifier.hpp:90
bb::ECCVMVerifier_::opening_claims
std::array< OpeningClaim< Curve >, NUM_OPENING_CLAIMS > opening_claims
Definition eccvm_verifier.hpp:108
bb::ECCVMVerifier_::get_translator_input_data
TranslatorInputData get_translator_input_data() const
Get the data required by the TranslatorVerifier.
Definition eccvm_verifier.hpp:85
bb::ECCVMVerifier_::Commitment
Flavor::Commitment Commitment
Definition eccvm_verifier.hpp:24
bb::ECCVMVerifier_::get_transcript
std::shared_ptr< Transcript > get_transcript() const
Definition eccvm_verifier.hpp:91
bb::ECCVMVerifier_::compute_accumulated_result
void compute_accumulated_result()
Definition eccvm_verifier.cpp:244
bb::ECCVMVerifier_::reduce_to_ipa_opening
ReductionResult reduce_to_ipa_opening()
Reduce the ECCVM proof to an IPA opening claim.
Definition eccvm_verifier.cpp:20
bb::ECCVMVerifier_::FF
Flavor::FF FF
Definition eccvm_verifier.hpp:21
bb::ECCVMVerifier_::vk_hash
BF vk_hash
Definition eccvm_verifier.hpp:99
bb::ECCVMVerifier_::Proof
Flavor::Proof Proof
Definition eccvm_verifier.hpp:30
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:93
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:53
bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16
bb::curve::Grumpkin::is_stdlib_type
static constexpr bool is_stdlib_type
Definition grumpkin.hpp:69
bb::stdlib::witness_t
Definition witness.hpp:16
eccvm_flavor.hpp
eccvm_recursive_flavor.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::ECCVMVerifier_::ReductionResult
Result of reducing ECCVM proof to IPA opening claim.
Definition eccvm_verifier.hpp:42
bb::ECCVMVerifier_::ReductionResult::reduction_succeeded
bool reduction_succeeded
Definition eccvm_verifier.hpp:44
bb::ECCVMVerifier_::ReductionResult::ipa_claim
OpeningClaim< Curve > ipa_claim
Definition eccvm_verifier.hpp:43
bb::TranslationEvaluations_
Stores the evaluations of op, Px, Py, z1, and z2 computed by the ECCVM Prover. These evaluations are ...
Definition translation_evaluations.hpp:20
bb::TranslatorInputData_
Data passed from ECCVM Verifier to Translator Verifier for verification.
Definition translation_evaluations.hpp:35
translation_evaluations.hpp