Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
multilinear_batching_claims.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "barretenberg/flavor/multilinear_batching_flavor.hpp"
10#include "barretenberg/transcript/origin_tag.hpp"
11
12namespace bb {
13template <typename Curve> struct MultilinearBatchingVerifierClaim {
14 using FF = Curve::ScalarField;
15 using Commitment = Curve::AffineElement;
16 std::vector<FF> challenge;
17 FF non_shifted_evaluation;
18 FF shifted_evaluation;
19 Commitment non_shifted_commitment;
20 Commitment shifted_commitment;
21
30 template <typename RecursiveCurve>
31 static MultilinearBatchingVerifierClaim stdlib_from_native(
32 typename RecursiveCurve::Builder* builder,
33 const MultilinearBatchingVerifierClaim<typename RecursiveCurve::NativeCurve>& native_claim)
34 requires Curve::is_stdlib_type
35 {
36 MultilinearBatchingVerifierClaim<RecursiveCurve> result;
37
38 for (auto& element : native_claim.challenge) {
39 result.challenge.emplace_back(FF::from_witness(builder, element));
40 }
41
42 result.non_shifted_evaluation = FF::from_witness(builder, native_claim.non_shifted_evaluation);
43 result.shifted_evaluation = FF::from_witness(builder, native_claim.shifted_evaluation);
44 result.non_shifted_commitment = Commitment::from_witness(builder, native_claim.non_shifted_commitment);
45 result.shifted_commitment = Commitment::from_witness(builder, native_claim.shifted_commitment);
46
47 return result;
48 }
49
53 template <typename T>
54 T get_value()
55 requires Curve::is_stdlib_type
56 {
57 T native_claim;
58 native_claim.challenge.reserve(challenge.size());
59
60 for (auto& recursive_challenge : challenge) {
61 native_claim.challenge.emplace_back(recursive_challenge.get_value());
62 }
63 native_claim.non_shifted_evaluation = non_shifted_evaluation.get_value();
64 native_claim.shifted_evaluation = shifted_evaluation.get_value();
65 native_claim.non_shifted_commitment = non_shifted_commitment.get_value();
66 native_claim.shifted_commitment = shifted_commitment.get_value();
67
68 return native_claim;
69 }
70
76 template <typename Codec, typename HashFn> FF hash_with_origin_tagging(const OriginTag& tag) const
77 {
78 constexpr bool in_circuit = Curve::is_stdlib_type;
79 std::vector<FF> claim_elements;
80
81 // Tag, serialize, and append
82 auto append_tagged = [&]<typename U>(const U& component) {
83 auto frs = bb::tag_and_serialize<in_circuit, Codec>(component, tag);
84 claim_elements.insert(claim_elements.end(), frs.begin(), frs.end());
85 };
86
87 // Tag and serialize all challenge elements
88 for (const auto& element : challenge) {
89 append_tagged(element);
90 }
91
92 // Tag and serialize evaluations and commitments
93 append_tagged(non_shifted_evaluation);
94 append_tagged(shifted_evaluation);
95 append_tagged(non_shifted_commitment);
96 append_tagged(shifted_commitment);
97
98 // Sanitize free witness tags before hashing
99 bb::unset_free_witness_tags<in_circuit, FF>(claim_elements);
100
101 // Hash the tagged elements directly
102 return HashFn::hash(claim_elements);
103 }
104
111 template <typename TranscriptType> FF hash_with_origin_tagging(const TranscriptType& transcript) const
112 {
113 const OriginTag tag = bb::extract_transcript_tag(transcript);
114 return hash_with_origin_tagging<typename TranscriptType::Codec, typename TranscriptType::HashFunction>(tag);
115 }
116};
117
118struct MultilinearBatchingProverClaim {
119 using FF = MultilinearBatchingFlavor::FF;
120 using Commitment = MultilinearBatchingFlavor::Commitment;
121 using Polynomial = MultilinearBatchingFlavor::Polynomial;
122 std::vector<FF> challenge;
123 FF non_shifted_evaluation;
124 FF shifted_evaluation;
125 Polynomial non_shifted_polynomial;
126 Polynomial shifted_polynomial;
127 Commitment non_shifted_commitment;
128 Commitment shifted_commitment;
129 size_t dyadic_size;
130
131#ifndef NDEBUG
132 bool compare_with_verifier_claim(const MultilinearBatchingVerifierClaim<curve::BN254>& verifier_claim)
133 {
134 bool is_a_match = true;
135 CommitmentKey<curve::BN254> bn254_commitment_key(dyadic_size);
136
137 for (size_t idx = 0;
138 auto [prover_challenge, verifier_challenge] : zip_view(challenge, verifier_claim.challenge)) {
139 if (prover_challenge != verifier_challenge) {
140 info("Challenge mismatch at index ", idx);
141 is_a_match = false;
142 }
143 idx++;
144 }
145
146 if (verifier_claim.non_shifted_commitment != bn254_commitment_key.commit(non_shifted_polynomial)) {
147 info("Non-shifted commitment mismatch");
148 is_a_match = false;
149 }
150
151 if (verifier_claim.shifted_commitment != bn254_commitment_key.commit(shifted_polynomial)) {
152 info("Shifted commitment mismatch");
153 is_a_match = false;
154 }
155
156 // Bump the virtual size to compute mle evaluations
157 non_shifted_polynomial.increase_virtual_size(1 << challenge.size());
158 shifted_polynomial.increase_virtual_size(1 << challenge.size());
159
160 if (verifier_claim.non_shifted_evaluation != non_shifted_polynomial.evaluate_mle(verifier_claim.challenge)) {
161 info("Non-shifted evaluation mismatch");
162 is_a_match = false;
163 }
164
165 if (verifier_claim.shifted_evaluation != shifted_polynomial.evaluate_mle(verifier_claim.challenge, true)) {
166 info("Shifted evaluation mismatch");
167 is_a_match = false;
168 }
169
170 return is_a_match;
171 }
172#endif
173};
174
175} // namespace bb
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43
bb::CommitmentKey::commit
Commitment commit(PolynomialSpan< const Fr > polynomial) const
Uses the ProverSRS to create a commitment to p(X)
Definition commitment_key.hpp:88
bb::Polynomial::increase_virtual_size
void increase_virtual_size(const size_t size_in)
Definition polynomial.hpp:280
bb::Polynomial::evaluate_mle
Fr evaluate_mle(std::span< const Fr > evaluation_points, bool shift=false) const
evaluate multi-linear extension p(X_0,…,X_{n-1}) = \sum_i a_i*L_i(X_0,…,X_{n-1}) at u = (u_0,...
Definition polynomial.cpp:199
bb::curve::Grumpkin::is_stdlib_type
static constexpr bool is_stdlib_type
Definition grumpkin.hpp:69
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63
zip_view
Definition zip_view.hpp:166
info
void info(Args... args)
Definition log.hpp:89
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
multilinear_batching_flavor.hpp
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
bb::extract_transcript_tag
OriginTag extract_transcript_tag(const TranscriptType &transcript)
Extract origin tag context from a transcript.
Definition origin_tag.hpp:292
origin_tag.hpp
This file contains part of the logic for the Origin Tag mechanism that tracks the use of in-circuit p...
bb::MultilinearBatchingProverClaim::Commitment
MultilinearBatchingFlavor::Commitment Commitment
Definition multilinear_batching_claims.hpp:120
bb::MultilinearBatchingProverClaim::compare_with_verifier_claim
bool compare_with_verifier_claim(const MultilinearBatchingVerifierClaim< curve::BN254 > &verifier_claim)
Definition multilinear_batching_claims.hpp:132