32 execute_preamble_round();
35 verifier_instance->gemini_masking_commitment =
36 transcript->template receive_from_prover<Commitment>(
"Gemini:masking_poly_comm");
38 execute_wire_commitments_round();
39 execute_sorted_list_accumulator_round();
40 execute_log_derivative_inverse_round();
41 execute_grand_product_computation_round();
43 verifier_instance->witness_commitments = witness_comms;
44 verifier_instance->relation_parameters = relation_parameters;
45 verifier_instance->alpha = generate_alpha_round();
54 auto vk = verifier_instance->get_vk();
56 FF vk_hash =
vk->hash_with_origin_tagging(*transcript);
57 transcript->add_to_hash_buffer(domain_separator +
"vk_hash", vk_hash);
58 vinfo(
"vk hash in Oink verifier: ", vk_hash);
62 const bool vk_hash_consistency = verifier_instance->vk_and_hash->hash.get_value() == vk_hash.get_value();
63 if (!vk_hash_consistency) {
64 info(
"Recursive Ultra Verifier: VK Hash Mismatch");
66 verifier_instance->vk_and_hash->hash.assert_equal(vk_hash);
68 BB_ASSERT_EQ(verifier_instance->vk_and_hash->hash, vk_hash,
"Native Ultra Verifier: VK Hash Mismatch");
71 size_t num_public_inputs = get_num_public_inputs();
73 std::vector<FF> public_inputs;
74 for (
size_t i = 0; i < num_public_inputs; ++i) {
76 transcript->template receive_from_prover<FF>(domain_separator +
"public_input_" +
std::to_string(i));
77 public_inputs.emplace_back(public_input_i);
79 verifier_instance->public_inputs =
std::move(public_inputs);
90 witness_comms.w_l = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_l);
91 witness_comms.w_r = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_r);
92 witness_comms.w_o = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_o);
97 for (
auto [commitment, label] :
zip_view(witness_comms.get_ecc_op_wires(), comm_labels.get_ecc_op_wires())) {
98 commitment = transcript->template receive_from_prover<Commitment>(domain_separator + label);
102 for (
auto [commitment, label] :
103 zip_view(witness_comms.get_databus_entities(), comm_labels.get_databus_entities())) {
104 commitment = transcript->template receive_from_prover<Commitment>(domain_separator + label);
117 domain_separator +
"eta", domain_separator +
"eta_two", domain_separator +
"eta_three" });
118 relation_parameters.eta = eta;
119 relation_parameters.eta_two = eta_two;
120 relation_parameters.eta_three = eta_three;
123 witness_comms.lookup_read_counts =
124 transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.lookup_read_counts);
125 witness_comms.lookup_read_tags =
126 transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.lookup_read_tags);
127 witness_comms.w_4 = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.w_4);
137 auto [beta, gamma] = transcript->template get_challenges<FF>(
139 relation_parameters.beta = beta;
140 relation_parameters.gamma = gamma;
142 witness_comms.lookup_inverses =
143 transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.lookup_inverses);
147 for (
auto [commitment, label] :
148 zip_view(witness_comms.get_databus_inverses(), comm_labels.get_databus_inverses())) {
149 commitment = transcript->template receive_from_prover<Commitment>(domain_separator + label);
160 auto vk = verifier_instance->get_vk();
162 const FF public_input_delta = compute_public_input_delta<Flavor>(
163 verifier_instance->public_inputs, relation_parameters.beta, relation_parameters.gamma,
vk->pub_inputs_offset);
165 relation_parameters.public_input_delta = public_input_delta;
168 witness_comms.z_perm = transcript->template receive_from_prover<Commitment>(domain_separator + comm_labels.z_perm);
175 return transcript->template get_challenge<FF>(domain_separator +
"alpha");
182#ifdef STARKNET_GARAGA_FLAVORS
#define BB_ASSERT_EQ(actual, expected,...)
static constexpr bool HasZK
Verifier class for all the presumcheck rounds, which are shared between the folding verifier and ultr...
void execute_wire_commitments_round()
Get the wire polynomials (part of the witness), with the exception of the fourth wire,...
void execute_preamble_round()
Get circuit size, public input size, and public inputs from transcript.
void verify()
Oink Verifier function that runs all the rounds of the verifier.
SubrelationSeparator generate_alpha_round()
void execute_log_derivative_inverse_round()
Get log derivative inverse polynomial and its commitment, if MegaFlavor.
void execute_grand_product_computation_round()
Compute lookup grand product delta and get permutation and lookup grand product commitments.
void execute_sorted_list_accumulator_round()
Get sorted witness-table accumulator and fourth wire commitments.
Entry point for Barretenberg command-line interface.
VerifierCommitmentKey< Curve > vk
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
std::string to_string(bb::avm2::ValueTag tag)
1.9.8