Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
goblin_verifier.test.cpp
Go to the documentation of this file.
1#include "barretenberg/goblin/goblin_verifier.hpp"
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/common/assert.hpp"
4#include "barretenberg/common/test.hpp"
5#include "barretenberg/goblin/goblin.hpp"
6#include "barretenberg/goblin/mock_circuits.hpp"
7#include "barretenberg/srs/global_crs.hpp"
8#include "barretenberg/stdlib/honk_verifier/ultra_verification_keys_comparator.hpp"
9#include "barretenberg/ultra_honk/ultra_prover.hpp"
10#include "barretenberg/ultra_honk/ultra_verifier.hpp"
11
12namespace bb::stdlib::recursion::honk {
13class GoblinRecursiveVerifierTests : public testing::Test {
14 public:
15 using Builder = UltraCircuitBuilder;
16 using ECCVMVK = Goblin::ECCVMVerificationKey;
17 using TranslatorVK = Goblin::TranslatorVerificationKey;
18
19 using OuterFlavor = UltraFlavor;
20 using OuterProver = UltraProver_<OuterFlavor>;
21 using OuterVerifier = UltraVerifier_<OuterFlavor, bb::DefaultIO>;
22 using OuterProverInstance = ProverInstance_<OuterFlavor>;
23
24 using Commitment = MergeVerifier::Commitment;
25 using RecursiveCommitment = bb::GoblinRecursiveVerifier::MergeVerifier::Commitment;
26 using MergeCommitments = MergeVerifier::InputCommitments;
27 using RecursiveMergeCommitments = bb::GoblinRecursiveVerifier::MergeVerifier::InputCommitments;
28 using Transcript = UltraStdlibTranscript;
29 using FF = TranslatorFlavor::FF;
30 using BF = TranslatorFlavor::BF;
31 static void SetUpTestSuite() { bb::srs::init_file_crs_factory(bb::srs::bb_crs_path()); }
32
33 // Compute the size of a Translator commitment (in bb::fr's)
34 static constexpr size_t comm_frs = FrCodec::calc_num_fields<Commitment>(); // 4
35 static constexpr size_t eval_frs = FrCodec::calc_num_fields<FF>(); // 1
36
42 // TODO(https://github.com/AztecProtocol/barretenberg/issues/1298):
43 // Better recursion testing - create more flexible proof tampering tests.
44 // Tamper with the `op` commitment in the merge commitments (op commitments are no longer in translator proof)
45 static void tamper_with_op_commitment(MergeCommitments& merge_commitments)
46 {
47 // The first commitment in merged table is the `op` wire commitment
48 merge_commitments.t_commitments[0] = merge_commitments.t_commitments[0] * FF(2);
49 };
50
51 // Translator proof ends with [..., Libra:quotient_eval, Shplonk:Q, KZG:W]. We invalidate the proof by multiplying
52 // the eval by 2 (it leads to a Libra consistency check failure).
53 static void tamper_with_libra_eval(HonkProof& translator_proof)
54 {
55 // Proof tail size
56 static constexpr size_t tail_size = 2 * comm_frs + eval_frs; // 2*4 + 1 = 9
57
58 // Index of the target field (one fr) from the beginning
59 const size_t idx = translator_proof.size() - tail_size;
60
61 // Tamper: multiply by 2 (or tweak however you like)
62 translator_proof[idx] = translator_proof[idx] + translator_proof[idx];
63 };
64
65 // ECCVM pre-IPA proof ends with evaluations including `op`. We tamper with the `op` evaluation.
66 // The structure is: [..., op_eval, x_lo_y_hi_eval, x_hi_z_1_eval, y_lo_z_2_eval, IPA_proof...]
67 // So op_eval is 3 fields before the IPA proof starts.
68 static void tamper_with_eccvm_op_eval(HonkProof& eccvm_proof)
69 {
70 // The `op` evaluation is located 3 evaluations before the end of pre-IPA proof
71 // (followed by x_lo_y_hi, x_hi_z_1, y_lo_z_2 evaluations)
72 static constexpr size_t evals_after_op = 3; // x_lo_y_hi, x_hi_z_1, y_lo_z_2
73 const size_t op_eval_idx = eccvm_proof.size() - evals_after_op;
74
75 // Tamper with the op evaluation
76 eccvm_proof[op_eval_idx] += FF(1);
77 };
78
84 static ProverOutput create_goblin_prover_output(Builder* outer_builder = nullptr, const size_t num_circuits = 5)
85 {
86
87 Goblin goblin;
88 GoblinMockCircuits::construct_and_merge_mock_circuits(goblin, num_circuits);
89
90 // Merge the ecc ops from the newly constructed circuit
91 auto goblin_proof = goblin.prove(MergeSettings::APPEND);
92 // Subtable values and commitments - needed for (Recursive)MergeVerifier
93 MergeCommitments merge_commitments;
94 auto t_current = goblin.op_queue->construct_current_ultra_ops_subtable_columns();
95 auto T_prev = goblin.op_queue->construct_previous_ultra_ops_table_columns();
96 CommitmentKey<curve::BN254> pcs_commitment_key(goblin.op_queue->get_ultra_ops_table_num_rows());
97 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
98 merge_commitments.t_commitments[idx] = pcs_commitment_key.commit(t_current[idx]);
99 merge_commitments.T_prev_commitments[idx] = pcs_commitment_key.commit(T_prev[idx]);
100 }
101
102 RecursiveMergeCommitments recursive_merge_commitments;
103 if (outer_builder != nullptr) {
104 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
105 recursive_merge_commitments.t_commitments[idx] =
106 RecursiveCommitment::from_witness(outer_builder, merge_commitments.t_commitments[idx]);
107 recursive_merge_commitments.T_prev_commitments[idx] =
108 RecursiveCommitment::from_witness(outer_builder, merge_commitments.T_prev_commitments[idx]);
109 // Removing the free witness tag, since the merge commitments in the full scheme are supposed to
110 // be fiat-shamirred earlier
111 recursive_merge_commitments.t_commitments[idx].unset_free_witness_tag();
112 recursive_merge_commitments.T_prev_commitments[idx].unset_free_witness_tag();
113 }
114 }
115
116 // Output is a goblin proof plus merge commitments
117 return { goblin_proof, merge_commitments, recursive_merge_commitments };
118 }
119};
120
125TEST_F(GoblinRecursiveVerifierTests, NativeVerification)
126{
127 auto [proof, merge_commitments, _] = create_goblin_prover_output();
128
129 auto transcript = std::make_shared<NativeTranscript>();
130 bb::GoblinVerifier verifier(transcript, proof, merge_commitments, MergeSettings::APPEND);
131 auto result = verifier.reduce_to_pairing_check_and_ipa_opening();
132
133 // Check pairing points (aggregate merge + translator)
134 result.translator_pairing_points.aggregate(result.merge_pairing_points);
135 bool pairing_verified = result.translator_pairing_points.check();
136
137 // Verify IPA opening
138 auto ipa_transcript = std::make_shared<NativeTranscript>(result.ipa_proof);
139 auto ipa_vk = VerifierCommitmentKey<curve::Grumpkin>{ ECCVMFlavor::ECCVM_FIXED_SIZE };
140 bool ipa_verified = IPA<curve::Grumpkin>::reduce_verify(ipa_vk, result.ipa_claim, ipa_transcript);
141
142 EXPECT_TRUE(pairing_verified && ipa_verified);
143}
144
149TEST_F(GoblinRecursiveVerifierTests, Basic)
150{
151 Builder builder;
152
153 auto [proof, merge_commitments, recursive_merge_commitments] = create_goblin_prover_output(&builder);
154
155 auto transcript = std::make_shared<Transcript>();
156 GoblinStdlibProof stdlib_proof(builder, proof);
157 bb::GoblinRecursiveVerifier verifier{
158 transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND
159 };
160 auto output = verifier.reduce_to_pairing_check_and_ipa_opening();
161
162 // Aggregate merge + translator pairing points
163 output.translator_pairing_points.aggregate(output.merge_pairing_points);
164
165 stdlib::recursion::honk::DefaultIO<Builder> inputs;
166 inputs.pairing_inputs = output.translator_pairing_points;
167 inputs.set_public();
168
169 info("Recursive Verifier: num gates = ", builder.num_gates());
170
171 EXPECT_EQ(builder.failed(), false) << builder.err();
172
173 EXPECT_TRUE(CircuitChecker::check(builder));
174
175 // Construct and verify a proof for the Goblin Recursive Verifier circuit
176 {
177 auto prover_instance = std::make_shared<OuterProverInstance>(builder);
178 auto verification_key =
179 std::make_shared<typename OuterFlavor::VerificationKey>(prover_instance->get_precomputed());
180 auto vk_and_hash = std::make_shared<typename OuterFlavor::VKAndHash>(verification_key);
181 OuterProver prover(prover_instance, verification_key);
182 OuterVerifier verifier(vk_and_hash);
183 auto proof = prover.construct_proof();
184 bool verified = verifier.verify_proof(proof).result;
185
186 ASSERT_TRUE(verified);
187 }
188}
189
190// Check that the GoblinRecursiveVerifier circuit does not depend on the inputs.
191TEST_F(GoblinRecursiveVerifierTests, IndependentVKHash)
192{
193 // Retrieves the trace blocks (each consisting of a specific gate) from the recursive verifier circuit
194 auto get_blocks = [](size_t inner_size)
195 -> std::tuple<typename Builder::ExecutionTrace, std::shared_ptr<OuterFlavor::VerificationKey>> {
196 Builder builder;
197
198 auto [proof, merge_commitments, recursive_merge_commitments] =
199 create_goblin_prover_output(&builder, inner_size);
200
201 auto transcript = std::make_shared<Transcript>();
202 GoblinStdlibProof stdlib_proof(builder, proof);
203 bb::GoblinRecursiveVerifier verifier{
204 transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND
205 };
206 auto output = verifier.reduce_to_pairing_check_and_ipa_opening();
207
208 // Aggregate merge + translator pairing points
209 output.translator_pairing_points.aggregate(output.merge_pairing_points);
210
211 stdlib::recursion::honk::DefaultIO<Builder> inputs;
212 inputs.pairing_inputs = output.translator_pairing_points;
213 inputs.set_public();
214
215 info("Recursive Verifier: num gates = ", builder.num_gates());
216
217 // Construct and verify a proof for the Goblin Recursive Verifier circuit
218 auto prover_instance = std::make_shared<OuterProverInstance>(builder);
219 auto outer_verification_key =
220 std::make_shared<typename OuterFlavor::VerificationKey>(prover_instance->get_precomputed());
221 auto vk_and_hash = std::make_shared<typename OuterFlavor::VKAndHash>(outer_verification_key);
222 OuterProver prover(prover_instance, outer_verification_key);
223 OuterVerifier outer_verifier(vk_and_hash);
224 return { builder.blocks, outer_verification_key };
225 };
226
227 auto [blocks_5, verification_key_5] = get_blocks(5);
228 auto [blocks_6, verification_key_6] = get_blocks(6);
229
230 compare_ultra_blocks_and_verification_keys<OuterFlavor>({ blocks_5, blocks_6 },
231 { verification_key_5, verification_key_6 });
232}
233
238TEST_F(GoblinRecursiveVerifierTests, ECCVMFailure)
239{
240 BB_DISABLE_ASSERTS(); // Avoid on_curve assertion failure in cycle_group etc
241 Builder builder;
242
243 auto [proof, merge_commitments, recursive_merge_commitments] = create_goblin_prover_output(&builder);
244
245 // Tamper with the ECCVM proof
246 for (auto& val : proof.eccvm_proof) {
247 if (val > 0) { // tamper by finding the first non-zero value and incrementing it by 1
248 val += 1;
249 break;
250 }
251 }
252
253 auto transcript = std::make_shared<Transcript>();
254 GoblinStdlibProof stdlib_proof(builder, proof);
255 bb::GoblinRecursiveVerifier verifier{
256 transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND
257 };
258 auto goblin_rec_verifier_output = verifier.reduce_to_pairing_check_and_ipa_opening();
259 EXPECT_FALSE(CircuitChecker::check(builder));
260
261 srs::init_file_crs_factory(bb::srs::bb_crs_path());
262 auto crs_factory = srs::get_grumpkin_crs_factory();
263 VerifierCommitmentKey<curve::Grumpkin> grumpkin_verifier_commitment_key(1 << CONST_ECCVM_LOG_N, crs_factory);
264 OpeningClaim<curve::Grumpkin> native_claim = goblin_rec_verifier_output.ipa_claim.get_native_opening_claim();
265 auto native_ipa_transcript = std::make_shared<NativeTranscript>(goblin_rec_verifier_output.ipa_proof.get_value());
266
267 bool native_result =
268 IPA<curve::Grumpkin>::reduce_verify(grumpkin_verifier_commitment_key, native_claim, native_ipa_transcript);
269 EXPECT_FALSE(native_result);
270}
271
276TEST_F(GoblinRecursiveVerifierTests, TranslatorFailure)
277{
278 auto [proof, merge_commitments, _] = create_goblin_prover_output();
279
280 // Tamper with the op commitment in merge commitments (used by Translator verifier)
281 {
282 MergeCommitments tampered_merge_commitments = merge_commitments;
283 tamper_with_op_commitment(tampered_merge_commitments);
284 Builder builder;
285
286 RecursiveMergeCommitments recursive_merge_commitments;
287 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
288 recursive_merge_commitments.t_commitments[idx] =
289 RecursiveCommitment::from_witness(&builder, tampered_merge_commitments.t_commitments[idx]);
290 recursive_merge_commitments.T_prev_commitments[idx] =
291 RecursiveCommitment::from_witness(&builder, tampered_merge_commitments.T_prev_commitments[idx]);
292 recursive_merge_commitments.t_commitments[idx].fix_witness();
293 recursive_merge_commitments.T_prev_commitments[idx].fix_witness();
294 }
295
296 auto transcript = std::make_shared<Transcript>();
297 GoblinStdlibProof stdlib_proof(builder, proof);
298 bb::GoblinRecursiveVerifier verifier{
299 transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND
300 };
301 auto goblin_rec_verifier_output = verifier.reduce_to_pairing_check_and_ipa_opening();
302
303 // Aggregate merge + translator pairing points
304 goblin_rec_verifier_output.translator_pairing_points.aggregate(goblin_rec_verifier_output.merge_pairing_points);
305
306 // Circuit is correct but pairing check should fail
307 EXPECT_TRUE(CircuitChecker::check(builder));
308
309 // Check that the pairing fails natively
310 bb::PairingPoints<curve::BN254> native_pairing_points(
311 goblin_rec_verifier_output.translator_pairing_points.P0.get_value(),
312 goblin_rec_verifier_output.translator_pairing_points.P1.get_value());
313 bool pairing_result = native_pairing_points.check();
314 EXPECT_FALSE(pairing_result);
315 }
316 // Tamper with the Translator proof non - preamble values
317 {
318 auto tampered_proof = proof;
319 tamper_with_libra_eval(tampered_proof.translator_proof);
320
321 Builder builder;
322
323 RecursiveMergeCommitments recursive_merge_commitments;
324 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
325 recursive_merge_commitments.t_commitments[idx] =
326 RecursiveCommitment::from_witness(&builder, merge_commitments.t_commitments[idx]);
327 recursive_merge_commitments.T_prev_commitments[idx] =
328 RecursiveCommitment::from_witness(&builder, merge_commitments.T_prev_commitments[idx]);
329 recursive_merge_commitments.t_commitments[idx].fix_witness();
330 recursive_merge_commitments.T_prev_commitments[idx].fix_witness();
331 }
332
333 auto transcript = std::make_shared<Transcript>();
334 GoblinStdlibProof stdlib_proof(builder, tampered_proof);
335 bb::GoblinRecursiveVerifier verifier{
336 transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND
337 };
338 [[maybe_unused]] auto goblin_rec_verifier_output = verifier.reduce_to_pairing_check_and_ipa_opening();
339 EXPECT_FALSE(CircuitChecker::check(builder));
340 }
341}
342
347TEST_F(GoblinRecursiveVerifierTests, TranslationEvaluationsFailure)
348{
349 Builder builder;
350
351 auto [proof, merge_commitments, recursive_merge_commitments] = create_goblin_prover_output(&builder);
352
353 // Tamper with the `op` evaluation in the ECCVM proof using the helper function
354 tamper_with_eccvm_op_eval(proof.eccvm_proof);
355
356 auto transcript = std::make_shared<Transcript>();
357 GoblinStdlibProof stdlib_proof(builder, proof);
358 bb::GoblinRecursiveVerifier verifier{
359 transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND
360 };
361 [[maybe_unused]] auto goblin_rec_verifier_output = verifier.reduce_to_pairing_check_and_ipa_opening();
362
363 EXPECT_FALSE(CircuitChecker::check(builder));
364}
365
370TEST_F(GoblinRecursiveVerifierTests, TranslatorMergeConsistencyFailure)
371{
372
373 {
374
375 Builder builder;
376
377 auto [proof, merge_commitments, recursive_merge_commitments] = create_goblin_prover_output(&builder);
378
379 // Check natively that the proof is correct.
380 auto native_transcript = std::make_shared<NativeTranscript>();
381 bb::GoblinVerifier native_verifier(native_transcript, proof, merge_commitments, MergeSettings::APPEND);
382 auto native_result = native_verifier.reduce_to_pairing_check_and_ipa_opening();
383 // Aggregate merge + translator pairing points before checking
384 native_result.translator_pairing_points.aggregate(native_result.merge_pairing_points);
385 bool pairing_verified = native_result.translator_pairing_points.check();
386 auto ipa_transcript = std::make_shared<NativeTranscript>(native_result.ipa_proof);
387 auto ipa_vk = VerifierCommitmentKey<curve::Grumpkin>{ ECCVMFlavor::ECCVM_FIXED_SIZE };
388 bool ipa_verified = IPA<curve::Grumpkin>::reduce_verify(ipa_vk, native_result.ipa_claim, ipa_transcript);
389 EXPECT_TRUE(pairing_verified && ipa_verified);
390
391 // Tamper with the op commitment in merge commitments (used by Translator verifier)
392 MergeCommitments tampered_merge_commitments = merge_commitments;
393 tamper_with_op_commitment(tampered_merge_commitments);
394
395 // Construct and check the Goblin Recursive Verifier circuit
396
397 RecursiveMergeCommitments tampered_recursive_merge_commitments;
398 for (size_t idx = 0; idx < MegaFlavor::NUM_WIRES; idx++) {
399 tampered_recursive_merge_commitments.t_commitments[idx] =
400 RecursiveCommitment::from_witness(&builder, tampered_merge_commitments.t_commitments[idx]);
401 tampered_recursive_merge_commitments.T_prev_commitments[idx] =
402 RecursiveCommitment::from_witness(&builder, tampered_merge_commitments.T_prev_commitments[idx]);
403 tampered_recursive_merge_commitments.t_commitments[idx].fix_witness();
404 tampered_recursive_merge_commitments.T_prev_commitments[idx].fix_witness();
405 }
406
407 auto transcript = std::make_shared<Transcript>();
408 GoblinStdlibProof stdlib_proof(builder, proof);
409 bb::GoblinRecursiveVerifier verifier{
410 transcript, stdlib_proof, tampered_recursive_merge_commitments, MergeSettings::APPEND
411 };
412 auto goblin_rec_verifier_output = verifier.reduce_to_pairing_check_and_ipa_opening();
413
414 // Aggregate merge + translator pairing points
415 goblin_rec_verifier_output.translator_pairing_points.aggregate(goblin_rec_verifier_output.merge_pairing_points);
416
417 // Circuit is correct but pairing check should fail
418 EXPECT_TRUE(CircuitChecker::check(builder));
419
420 // Check that the pairing fails natively
421 bb::PairingPoints<curve::BN254> native_pairing_points(
422 goblin_rec_verifier_output.translator_pairing_points.P0.get_value(),
423 goblin_rec_verifier_output.translator_pairing_points.P1.get_value());
424 bool pairing_result = native_pairing_points.check();
425 EXPECT_FALSE(pairing_result);
426 }
427}
428} // namespace bb::stdlib::recursion::honk
BB_DISABLE_ASSERTS
#define BB_DISABLE_ASSERTS()
Definition assert.hpp:33
circuit_checker.hpp
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:88
bb::ECCVMFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witnessk) pol...
Definition eccvm_flavor.hpp:819
bb::ECCVMFlavor::ECCVM_FIXED_SIZE
static constexpr size_t ECCVM_FIXED_SIZE
Definition eccvm_flavor.hpp:64
bb::Goblin::TranslatorVerificationKey
TranslatorFlavor::VerificationKey TranslatorVerificationKey
Definition goblin.hpp:36
bb::Goblin::op_queue
std::shared_ptr< OpQueue > op_queue
Definition goblin.hpp:48
bb::Goblin::prove
GoblinProof prove(const MergeSettings merge_settings=MergeSettings::PREPEND)
Constuct a full Goblin proof (ECCVM, Translator, merge)
Definition goblin.cpp:62
bb::Goblin::ECCVMVerificationKey
ECCVMFlavor::VerificationKey ECCVMVerificationKey
Definition goblin.hpp:35
bb::GoblinMockCircuits::construct_and_merge_mock_circuits
static void construct_and_merge_mock_circuits(Goblin &goblin, const size_t num_circuits=3)
Definition mock_circuits.hpp:149
bb::GoblinVerifier_
Unified Goblin verifier for both native and recursive verification.
Definition goblin_verifier.hpp:33
bb::GoblinVerifier_::reduce_to_pairing_check_and_ipa_opening
ReductionResult reduce_to_pairing_check_and_ipa_opening()
Reduce Goblin proof to pairing check and IPA opening claim.
Definition goblin_verifier.cpp:18
bb::IPA
IPA (inner product argument) commitment scheme class.
Definition ipa.hpp:93
bb::MegaFlavor::NUM_WIRES
static constexpr size_t NUM_WIRES
Definition mega_flavor.hpp:59
bb::MergeVerifier_::Commitment
typename Curve::AffineElement Commitment
Definition merge_verifier.hpp:26
bb::OpeningClaim
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
Definition claim.hpp:53
bb::OpeningClaim::get_native_opening_claim
auto get_native_opening_claim() const
Definition claim.hpp:129
bb::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:24
bb::PairingPoints::check
bool check() const
Perform the pairing check.
Definition pairing_points.hpp:93
bb::ProverInstance_
A ProverInstance is normally constructed from a finalized circuit and it contains all the information...
Definition prover_instance.hpp:33
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::TranslatorFlavor::VerificationKey
The verification key is responsible for storing the commitments to the precomputed (non-witnessk) pol...
Definition translator_flavor.hpp:850
bb::TranslatorFlavor::FF
Curve::ScalarField FF
Definition translator_flavor.hpp:40
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41
bb::UltraProver_
Definition ultra_prover.hpp:20
bb::UltraVerifier_
Definition ultra_verifier.hpp:82
bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16
bb::stdlib::recursion::honk::DefaultIO
Manages the data that is propagated on the public inputs of an application/function circuit.
Definition special_public_inputs.hpp:159
bb::stdlib::recursion::honk::GoblinRecursiveVerifierTests::create_goblin_prover_output
static ProverOutput create_goblin_prover_output(Builder *outer_builder=nullptr, const size_t num_circuits=5)
Create a goblin proof and the VM verification keys needed by the goblin recursive verifier.
Definition goblin_verifier.test.cpp:84
bb::stdlib::recursion::honk::GoblinRecursiveVerifierTests::RecursiveMergeCommitments
bb::GoblinRecursiveVerifier::MergeVerifier::InputCommitments RecursiveMergeCommitments
Definition goblin_verifier.test.cpp:27
bb::stdlib::recursion::honk::GoblinRecursiveVerifierTests::RecursiveCommitment
bb::GoblinRecursiveVerifier::MergeVerifier::Commitment RecursiveCommitment
Definition goblin_verifier.test.cpp:25
bb::stdlib::recursion::honk::GoblinRecursiveVerifierTests::tamper_with_op_commitment
static void tamper_with_op_commitment(MergeCommitments &merge_commitments)
Definition goblin_verifier.test.cpp:45
bb::stdlib::recursion::honk::GoblinRecursiveVerifierTests::tamper_with_libra_eval
static void tamper_with_libra_eval(HonkProof &translator_proof)
Definition goblin_verifier.test.cpp:53
info
void info(Args... args)
Definition log.hpp:89
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
global_crs.hpp
mock_circuits.hpp
goblin_verifier.hpp
inputs
AvmProvingInputs inputs
Definition hinting_dbs.test.cpp:45
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
bb::srs::get_grumpkin_crs_factory
std::shared_ptr< factories::CrsFactory< curve::Grumpkin > > get_grumpkin_crs_factory()
Definition global_crs.cpp:80
bb::stdlib::recursion::honk::TEST_F
TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic)
Construct and check a goblin recursive verification circuit.
Definition graph_description_goblin.test.cpp:69
bb::HonkProof
std::vector< fr > HonkProof
Definition proof.hpp:15
bb::UltraStdlibTranscript
BaseTranscript< stdlib::StdlibCodec< stdlib::field_t< UltraCircuitBuilder > >, stdlib::poseidon2< UltraCircuitBuilder > > UltraStdlibTranscript
Definition transcript.hpp:501
bb::UltraCircuitBuilder
UltraCircuitBuilder_< UltraExecutionTraceBlocks > UltraCircuitBuilder
Definition circuit_builders_fwd.hpp:18
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::GoblinVerifier_::ReductionResult::translator_pairing_points
PairingPoints translator_pairing_points
Definition goblin_verifier.hpp:61
bb::MergeVerifier_::InputCommitments
Definition merge_verifier.hpp:50
bb::MergeVerifier_::InputCommitments::T_prev_commitments
TableCommitments T_prev_commitments
Definition merge_verifier.hpp:52
bb::MergeVerifier_::InputCommitments::t_commitments
TableCommitments t_commitments
Definition merge_verifier.hpp:51
bb::stdlib::recursion::PairingPoints::set_public
uint32_t set_public()
Set the witness indices for the limbs of the pairing points to public.
Definition pairing_points.hpp:229
ultra_prover.hpp
ultra_verification_keys_comparator.hpp
ultra_verifier.hpp