Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
goblin_verifier.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#include "goblin_verifier.hpp"
8#include "barretenberg/common/log.hpp"
9
10namespace bb {
11
17template <typename Curve>
18typename GoblinVerifier_<Curve>::ReductionResult GoblinVerifier_<Curve>::reduce_to_pairing_check_and_ipa_opening()
19{
20 // Step 1: Verify the merge proof
21 MergeVerifier merge_verifier{ merge_settings, transcript };
22 auto merge_result = merge_verifier.reduce_to_pairing_check(proof.merge_proof, merge_commitments);
23 vinfo("Goblin: Merge reduced to pairing check successfully: ", merge_result.reduction_succeeded ? "true" : "false");
24
25 if constexpr (!IsRecursive) {
26 if (!merge_result.reduction_succeeded) {
27 info("Goblin verification failed at Merge step");
28 return ReductionResult();
29 }
30 if (!merge_result.pairing_points.check()) {
31 info("Goblin verification failed at Merge pairing check");
32 return ReductionResult();
33 }
34 }
35
36 // Step 2: Verify the ECCVM proof
37 ECCVMVerifier eccvm_verifier{ transcript, proof.eccvm_proof };
38 auto eccvm_result = eccvm_verifier.reduce_to_ipa_opening();
39 vinfo("Goblin: ECCVM reduced to IPA opening successfully: ", eccvm_result.reduction_succeeded ? "true" : "false");
40
41 if constexpr (!IsRecursive) {
42 if (!eccvm_result.reduction_succeeded) {
43 info("Goblin verification failed at ECCVM step");
44 return ReductionResult();
45 }
46 }
47
48 // Get translation data from ECCVM verifier
49 auto translator_input = eccvm_verifier.get_translator_input_data();
50
51 // Step 3: Verify the Translator proof
52 // - Pass `merged_table_commitments` as op queue wire commitments to bind Translator and Merge to the same op_queue
53 // - `accumulated_result` and corresponding challenges ensure non-native computation matches ECCVM's native result
54 TranslatorVerifier translator_verifier{ transcript,
55 proof.translator_proof,
56 translator_input.evaluation_challenge_x,
57 translator_input.batching_challenge_v,
58 translator_input.accumulated_result,
59 merge_result.merged_commitments };
60 auto translator_result = translator_verifier.reduce_to_pairing_check();
61 vinfo("Goblin: Translator reduced to pairing check successfully: ",
62 translator_result.reduction_succeeded ? "true" : "false");
63
64 if constexpr (!IsRecursive) {
65 if (!translator_result.reduction_succeeded) {
66 info("Goblin verification failed at Translator step");
67 return ReductionResult();
68 }
69
70 if (!translator_result.pairing_points.check()) {
71 info("Goblin verification failed at Translator pairing check");
72 return ReductionResult();
73 }
74 }
75
76 // Combine all check results
77 // Recursive: must evaluate all booleans (circuit structure must be fixed)
78 // Native: redundant check (already returned early on failure), but kept for consistency
79 bool all_checks_passed =
80 merge_result.reduction_succeeded && eccvm_result.reduction_succeeded && translator_result.reduction_succeeded;
81
82 // Warning: `all_checks_passed` always excludes IPA verification (deferred in both modes).
83 // Native mode: pairing checks already performed above (fail-fast), included in all_checks_passed
84 // Recursive mode: pairing checks deferred, excluded from all_checks_passed (for in-circuit batching)
85 // In recursive mode, boolean flags are for circuit structure only (not actual verification).
86 // Note: Pairing points are NOT aggregated here - caller should use aggregate_multiple for efficiency
87 ReductionResult result{ .merge_pairing_points = std::move(merge_result.pairing_points),
88 .translator_pairing_points = std::move(translator_result.pairing_points),
89 .ipa_claim = std::move(eccvm_result.ipa_claim),
90 .ipa_proof = proof.ipa_proof,
91 .all_checks_passed = all_checks_passed };
92
93 return result;
94}
95
96// Explicit instantiations
97template class GoblinVerifier_<curve::BN254>;
98template class GoblinVerifier_<stdlib::bn254<UltraCircuitBuilder>>;
99
100} // namespace bb
bb::ECCVMVerifier_
Unified ECCVM verifier class for both native and recursive verification.
Definition eccvm_verifier.hpp:19
bb::ECCVMVerifier_::reduce_to_ipa_opening
ReductionResult reduce_to_ipa_opening()
Reduce the ECCVM proof to an IPA opening claim.
Definition eccvm_verifier.cpp:20
bb::GoblinVerifier_
Unified Goblin verifier for both native and recursive verification.
Definition goblin_verifier.hpp:33
bb::GoblinVerifier_::reduce_to_pairing_check_and_ipa_opening
ReductionResult reduce_to_pairing_check_and_ipa_opening()
Reduce Goblin proof to pairing check and IPA opening claim.
Definition goblin_verifier.cpp:18
bb::MergeVerifier_
Unified verifier class for the Goblin ECC op queue transcript merge protocol.
Definition merge_verifier.hpp:23
bb::MergeVerifier_::reduce_to_pairing_check
ReductionResult reduce_to_pairing_check(const Proof &proof, const InputCommitments &input_commitments)
Reduce the merge proof to a pairing check.
Definition merge_verifier.cpp:114
bb::TranslatorVerifier_
Translator verifier class that verifies the proof of the Translator circuit.
Definition translator_verifier.hpp:23
bb::TranslatorVerifier_::batching_challenge_v
BF batching_challenge_v
Definition translator_verifier.hpp:125
vinfo
#define vinfo(...)
Definition log.hpp:94
info
void info(Args... args)
Definition log.hpp:89
goblin_verifier.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::GoblinVerifier_::ReductionResult
Result of Goblin verification with mode-specific semantics.
Definition goblin_verifier.hpp:55
bb::GoblinVerifier_::ReductionResult::merge_pairing_points
PairingPoints merge_pairing_points
Definition goblin_verifier.hpp:60