Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
pairing_points.test.cpp
Go to the documentation of this file.
1#include "barretenberg/stdlib/primitives/pairing_points.hpp"
2#include "barretenberg/circuit_checker/circuit_checker.hpp"
3#include "barretenberg/commitment_schemes/pairing_points.hpp"
4#include "barretenberg/srs/global_crs.hpp"
5#include "barretenberg/stdlib/special_public_inputs/special_public_inputs.hpp"
6#include "barretenberg/ultra_honk/prover_instance.hpp"
7#include <gtest/gtest.h>
8
9namespace bb::stdlib::recursion {
10
11template <typename Builder> class PairingPointsTests : public testing::Test {
12 public:
13 static void SetUpTestSuite() { bb::srs::init_file_crs_factory(bb::srs::bb_crs_path()); }
14};
15
16using Curves = testing::Types<stdlib::bn254<UltraCircuitBuilder>, stdlib::bn254<MegaCircuitBuilder>>;
17TYPED_TEST_SUITE(PairingPointsTests, Curves);
18
19TYPED_TEST(PairingPointsTests, ConstructDefault)
20{
21 static constexpr size_t NUM_GATES_ADDED = 20;
22
23 typename TypeParam::Builder builder;
24
25 size_t num_gates = builder.num_gates();
26 PairingPoints<TypeParam>::set_default_to_public(&builder);
27 EXPECT_EQ(NUM_GATES_ADDED, builder.num_gates() - num_gates)
28 << "There has been a change in the number of gates required to set default PairingPoints as public inputs.";
29
30 EXPECT_TRUE(CircuitChecker::check(builder));
31}
32
33TYPED_TEST(PairingPointsTests, TestDefault)
34{
35 using Builder = TypeParam::Builder;
36 using Group = PairingPoints<TypeParam>::Group;
37 using CommitmentKey = bb::CommitmentKey<curve::BN254>;
38
39 Builder builder;
40
41 Group P0(DEFAULT_PAIRING_POINTS_P0_X, DEFAULT_PAIRING_POINTS_P0_Y, /*assert_on_curve=*/false);
42 Group P1(DEFAULT_PAIRING_POINTS_P1_X, DEFAULT_PAIRING_POINTS_P1_Y, /*assert_on_curve=*/false);
43 P0.convert_constant_to_fixed_witness(&builder);
44 P1.convert_constant_to_fixed_witness(&builder);
45 PairingPoints<TypeParam> pp(P0, P1);
46 pp.set_public();
47 EXPECT_TRUE(CircuitChecker::check(builder));
48
49 // Validate default PairingPoints
50 CommitmentKey commitment_key;
51 bb::PairingPoints<curve::BN254> native_pp(P0.get_value(), P1.get_value());
52 EXPECT_TRUE(native_pp.check()) << "Default PairingPoints are not valid pairing points.";
53}
54
55TYPED_TEST(PairingPointsTests, TaggingMechanismWorks)
56{
57 using Curve = TypeParam;
58 using Builder = typename Curve::Builder;
59 using PairingPoints = PairingPoints<Curve>;
60 using Group = PairingPoints::Group;
61 using Fr = PairingPoints::Fr;
62 using NativeFr = typename Curve::ScalarFieldNative;
63
64 Builder builder;
65
66 Fr scalar_one = Fr::from_witness(&builder, NativeFr::random_element());
67 Fr scalar_two = Fr::from_witness(&builder, NativeFr::random_element());
68 Group P0 = Group::batch_mul({ Group::one(&builder) }, { scalar_one });
69 Group P1 = Group::batch_mul({ Group::one(&builder) }, { scalar_two });
70
71 // Check that no pairing points exist
72 EXPECT_TRUE(builder.pairing_points_tagging.has_single_pairing_point_tag());
73
74 PairingPoints pp_one = { P0, P1 };
75 PairingPoints pp_two = { P0, P1 };
76
77 // Check the tags
78 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_one.tag_index), 0U);
79 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_two.tag_index), 1U);
80
81 // Check that there are two different pairing points in the builder
82 EXPECT_FALSE(builder.pairing_points_tagging.has_single_pairing_point_tag());
83
84 // Merge the tags
85 pp_one.aggregate(pp_two);
86
87 // Check that the tags have been merged
88 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_two.tag_index), 0U);
89 EXPECT_TRUE(builder.pairing_points_tagging.has_single_pairing_point_tag());
90
91 // Create two new pairing points and aggregate with aggregate_multiple
92 PairingPoints pp_three = { P0, P1 };
93 PairingPoints pp_four = { P0, P1 };
94
95 // Check the tags
96 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_three.tag_index), 2U);
97 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_four.tag_index), 3U);
98
99 // Check that there are two different pairing points in the builder
100 EXPECT_FALSE(builder.pairing_points_tagging.has_single_pairing_point_tag());
101
102 // Merge the tags
103 std::vector<PairingPoints> pp_to_be_aggregated = { pp_one, pp_three, pp_four };
104 PairingPoints aggregated_pp = PairingPoints::aggregate_multiple(pp_to_be_aggregated);
105
106 // Check that the tags have been merged
107 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_one.tag_index), 4U);
108 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_two.tag_index), 4U);
109 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_three.tag_index), 4U);
110 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_four.tag_index), 4U);
111 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(aggregated_pp.tag_index), 4U);
112 EXPECT_TRUE(builder.pairing_points_tagging.has_single_pairing_point_tag());
113}
114
115TYPED_TEST(PairingPointsTests, TaggingMechanismFails)
116{
117
118 using Curve = TypeParam;
119 using Builder = typename Curve::Builder;
120 using PairingPoints = PairingPoints<Curve>;
121 using Group = PairingPoints::Group;
122 using Fr = PairingPoints::Fr;
123 using NativeFr = typename Curve::ScalarFieldNative;
124 using Flavor = std::conditional_t<IsMegaBuilder<Builder>, MegaFlavor, UltraFlavor>;
125 using ProverInstance = ProverInstance_<Flavor>;
126
127 Builder builder;
128
129 Fr scalar_one = Fr::from_witness(&builder, NativeFr::random_element());
130 Fr scalar_two = Fr::from_witness(&builder, NativeFr::random_element());
131 Group P0 = Group::batch_mul({ Group::one(&builder) }, { scalar_one });
132 Group P1 = Group::batch_mul({ Group::one(&builder) }, { scalar_two });
133
134 PairingPoints pp_one = { P0, P1 };
135 PairingPoints pp_two = { P0, P1 };
136 PairingPoints pp_three = { P0, P1 };
137
138 // Check the tags
139 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_one.tag_index), 0U);
140 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_two.tag_index), 1U);
141 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_three.tag_index), 2U);
142
143 // Check that there are different pairing points in the builder
144 EXPECT_FALSE(builder.pairing_points_tagging.has_single_pairing_point_tag());
145
146 // Merge the tags
147 pp_one.aggregate(pp_two);
148
149 // Check that the tags have not been merged
150 EXPECT_FALSE(builder.pairing_points_tagging.has_single_pairing_point_tag());
151
152 // Create a ProverInstance, expect failure because pairing points have not been aggregated
153 EXPECT_THROW_WITH_MESSAGE(
154 ProverInstance prover_instance(builder),
155 "Pairing points must all be aggregated together. Either no pairing points should be created, or "
156 "all created pairing points must be aggregated into a single pairing point. Found 2 different "
157 "pairing points");
158
159 // Aggregate pairing points
160 pp_one.aggregate(pp_three);
161
162 // Create a ProverInstance, expect failure because pairing points have not been set to public
163 EXPECT_THROW_WITH_MESSAGE(
164 ProverInstance prover_instance(builder),
165 "Pairing points must be set to public in the circuit before constructing the ProverInstance.");
166
167 stdlib::recursion::honk::DefaultIO<Builder> inputs;
168 inputs.pairing_inputs = pp_one;
169 inputs.set_public();
170
171 // Construct Prover instance successfully
172 ProverInstance prover_instance(builder);
173}
174
175TYPED_TEST(PairingPointsTests, CopyConstructorWorks)
176{
177 using Curve = TypeParam;
178 using Builder = typename Curve::Builder;
179
180 using PairingPoints = PairingPoints<Curve>;
181 using Group = PairingPoints::Group;
182 using Fr = Curve::ScalarField;
183 using NativeFr = Curve::ScalarFieldNative;
184
185 Builder builder;
186
187 Fr scalar_one = Fr::from_witness(&builder, NativeFr::random_element());
188 Fr scalar_two = Fr::from_witness(&builder, NativeFr::random_element());
189 Group P0 = Group::batch_mul({ Group::one(&builder) }, { scalar_one });
190 Group P1 = Group::batch_mul({ Group::one(&builder) }, { scalar_two });
191
192 PairingPoints pp_original = { P0, P1 };
193 PairingPoints pp_copy(pp_original);
194
195 // Check that there is only one tag
196 EXPECT_TRUE(builder.pairing_points_tagging.has_single_pairing_point_tag());
197
198 // Check that the tags are the same
199 BB_ASSERT_EQ(builder.pairing_points_tagging.get_tag(pp_original.tag_index),
200 builder.pairing_points_tagging.get_tag(pp_copy.tag_index));
201}
202
203TYPED_TEST(PairingPointsTests, AggregateMultipleWithDuplicatePoints)
204{
205 using Curve = TypeParam;
206 using Builder = typename Curve::Builder;
207 using PairingPoints = PairingPoints<Curve>;
208 using Group = PairingPoints::Group;
209
210 Builder builder;
211
212 // Use default pairing points that are known to satisfy the pairing equation
213 Group P0(DEFAULT_PAIRING_POINTS_P0_X, DEFAULT_PAIRING_POINTS_P0_Y, /*assert_on_curve=*/false);
214 Group P1(DEFAULT_PAIRING_POINTS_P1_X, DEFAULT_PAIRING_POINTS_P1_Y, /*assert_on_curve=*/false);
215 P0.convert_constant_to_fixed_witness(&builder);
216 P1.convert_constant_to_fixed_witness(&builder);
217
218 // Create duplicate pairing points (same P0, P1)
219 PairingPoints pp_first = { P0, P1 };
220 PairingPoints pp_second = { P0, P1 }; // Duplicate
221 PairingPoints pp_third = { P0, P1 }; // Another duplicate
222
223 // Test aggregate_multiple with all duplicate points
224 // The n-1 optimization computes: P_agg = P₀ + r₁·P₁ + r₂·P₂
225 // With duplicates: P_agg = P + r₁·P + r₂·P = (1 + r₁ + r₂)·P
226 // This tests that the optimization handles the edge case where first point equals others
227 std::vector<PairingPoints> pp_vector = { pp_first, pp_second, pp_third };
228 PairingPoints aggregated = PairingPoints::aggregate_multiple(pp_vector);
229
230 // Circuit should be valid
231 EXPECT_TRUE(CircuitChecker::check(builder));
232
233 // Verify tags are properly merged
234 EXPECT_TRUE(builder.pairing_points_tagging.has_single_pairing_point_tag());
235
236 // Verify the result is exactly what we expect: (1 + r₁ + r₂)·(P0, P1)
237 // We replicate the challenge generation to compute the expected scalar
238 using Fr = typename Curve::ScalarField;
239 bb::StdlibTranscript<Builder> transcript{};
240 for (size_t idx = 0; idx < 3; ++idx) {
241 transcript.add_to_hash_buffer("first_component_" + std::to_string(idx), pp_vector[idx].P0);
242 transcript.add_to_hash_buffer("second_component_" + std::to_string(idx), pp_vector[idx].P1);
243 }
244 std::array<std::string, 2> challenge_labels = { "pp_aggregation_challenge_1", "pp_aggregation_challenge_2" };
245 std::array<Fr, 2> challenges = transcript.template get_challenges<Fr, 2>(challenge_labels);
246
247 // Compute expected result: (1 + r₁ + r₂)·P0
248 Fr total_scalar = Fr(1);
249 for (const auto& challenge : challenges) {
250 total_scalar += challenge;
251 }
252 Group expected_P0 = P0 * total_scalar;
253 Group expected_P1 = P1 * total_scalar;
254
255 // Verify the aggregated result matches the expected result
256 EXPECT_EQ(aggregated.P0.get_value(), expected_P0.get_value()) << "Aggregated P0 should equal (1 + r₁ + r₂)·P0";
257 EXPECT_EQ(aggregated.P1.get_value(), expected_P1.get_value()) << "Aggregated P1 should equal (1 + r₁ + r₂)·P1";
258
259 // The result should still be a valid pairing point (scalar multiple of the original)
260 bb::PairingPoints<typename Curve::NativeCurve> native_aggregated(aggregated.P0.get_value(),
261 aggregated.P1.get_value());
262 EXPECT_TRUE(native_aggregated.check())
263 << "Aggregated duplicate pairing points should still satisfy pairing equation";
264}
265
266} // namespace bb::stdlib::recursion
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:93
EXPECT_THROW_WITH_MESSAGE
#define EXPECT_THROW_WITH_MESSAGE(code, expectedMessageRegex)
Definition assert.hpp:192
circuit_checker.hpp
bb::BaseTranscript
Common transcript class for both parties. Stores the data for the current round, as well as the manif...
Definition transcript.hpp:41
bb::BaseTranscript::add_to_hash_buffer
void add_to_hash_buffer(const std::string &label, const T &element)
Adds an element to the transcript.
Definition transcript.hpp:320
bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:43
bb::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:24
bb::PairingPoints::check
bool check() const
Perform the pairing check.
Definition pairing_points.hpp:93
bb::ProverInstance_
A ProverInstance is normally constructed from a finalized circuit and it contains all the information...
Definition prover_instance.hpp:33
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::stdlib::recursion::honk::DefaultIO
Manages the data that is propagated on the public inputs of an application/function circuit.
Definition special_public_inputs.hpp:159
pairing_points.hpp
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
global_crs.hpp
inputs
AvmProvingInputs inputs
Definition hinting_dbs.test.cpp:45
bb::srs::bb_crs_path
std::filesystem::path bb_crs_path()
Definition global_crs.cpp:14
bb::srs::init_file_crs_factory
void init_file_crs_factory(const std::filesystem::path &path)
Definition global_crs.hpp:14
bb::stdlib::recursion::TYPED_TEST
TYPED_TEST(PairingPointsTests, ConstructDefault)
Definition pairing_points.test.cpp:19
bb::stdlib::recursion::TYPED_TEST_SUITE
TYPED_TEST_SUITE(PairingPointsTests, Curves)
bb::stdlib::recursion::Curves
testing::Types< stdlib::bn254< UltraCircuitBuilder >, stdlib::bn254< MegaCircuitBuilder > > Curves
Definition pairing_points.test.cpp:16
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
std::to_string
std::string to_string(bb::avm2::ValueTag tag)
Definition tagged_value.cpp:402
Fr
Curve::ScalarField Fr
Definition pippenger.bench.cpp:28
prover_instance.hpp
pairing_points.hpp
special_public_inputs.hpp
bb::stdlib::recursion::PairingPoints
An object storing two EC points that represent the inputs to a pairing check.
Definition pairing_points.hpp:36
bb::stdlib::recursion::PairingPoints::set_default_to_public
static uint32_t set_default_to_public(Builder *builder)
Set the witness indices for the default limbs of the pairing points to public.
Definition pairing_points.hpp:243
bb::stdlib::recursion::PairingPoints::aggregate_multiple
static PairingPoints aggregate_multiple(std::vector< PairingPoints > &pairing_points, bool handle_edge_cases=true)
Aggregate multiple PairingPoints using random linear combination.
Definition pairing_points.hpp:104
bb::stdlib::recursion::PairingPoints::aggregate
void aggregate(PairingPoints const &other)
Compute a linear combination of the present pairing points with an input set of pairing points.
Definition pairing_points.hpp:181
bb::stdlib::recursion::PairingPoints::set_public
uint32_t set_public()
Set the witness indices for the limbs of the pairing points to public.
Definition pairing_points.hpp:229