chore: use decider verifier in ultra verifier (#8115)

Use decider verifier in ultra verifier instead of duplicating the logic. (Also removes some unnecessary and/or broken constructors)
AztecProtocol · Aug 21, 2024 · 6c5ab2b · 6c5ab2b
1 parent 7b73f69
commit 6c5ab2b
Show file tree

Hide file tree

Showing 10 changed files with 56 additions and 94 deletions.
diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp
@@ -3,12 +3,12 @@
 #include "barretenberg/goblin/goblin.hpp"
 #include "barretenberg/goblin/mock_circuits.hpp"
 #include "barretenberg/plonk_honk_shared/arithmetization/max_block_size_tracker.hpp"
-#include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/stdlib/primitives/databus/databus.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
 #include "barretenberg/ultra_honk/decider_prover.hpp"
+#include "barretenberg/ultra_honk/decider_verifier.hpp"
 #include <algorithm>
 
 namespace bb {

diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp
@@ -3,11 +3,11 @@
 #include "barretenberg/goblin/goblin.hpp"
 #include "barretenberg/goblin/mock_circuits.hpp"
 #include "barretenberg/plonk_honk_shared/arithmetization/max_block_size_tracker.hpp"
-#include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
 #include "barretenberg/ultra_honk/decider_prover.hpp"
+#include "barretenberg/ultra_honk/decider_verifier.hpp"
 #include <algorithm>
 
 namespace bb {

diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp
@@ -1,10 +1,10 @@
 #include "barretenberg/goblin/mock_circuits.hpp"
 #include "barretenberg/polynomials/pow.hpp"
-#include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/stdlib_circuit_builders/mock_circuits.hpp"
 #include "barretenberg/ultra_honk/decider_prover.hpp"
+#include "barretenberg/ultra_honk/decider_verifier.hpp"
 
 #include <gtest/gtest.h>
 

diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/ultra_recursive_verifier.test.cpp
@@ -234,8 +234,8 @@ template <typename RecursiveFlavor> class RecursiveVerifierTest : public testing
         auto pcs_verification_key = std::make_shared<VerifierCommitmentKey>();
         bool result = pcs_verification_key->pairing_check(pairing_points.P0.get_value(), pairing_points.P1.get_value());
         info("input pairing points result: ", result);
-        auto recursive_result = native_verifier.key->pcs_verification_key->pairing_check(pairing_points.P0.get_value(),
-                                                                                         pairing_points.P1.get_value());
+        auto recursive_result = native_verifier.instance->verification_key->pcs_verification_key->pairing_check(
+            pairing_points.P0.get_value(), pairing_points.P1.get_value());
         EXPECT_EQ(recursive_result, native_result);
 
         // Check 2: Ensure that the underlying native and recursive verification algorithms agree by ensuring

diff --git a/.../cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp b/.../cpp/src/barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.test.cpp
@@ -1,7 +1,6 @@
 #include "barretenberg/stdlib/protogalaxy_verifier/protogalaxy_recursive_verifier.hpp"
 #include "barretenberg/circuit_checker/circuit_checker.hpp"
 #include "barretenberg/common/test.hpp"
-#include "barretenberg/protogalaxy/decider_verifier.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
 #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
 #include "barretenberg/stdlib/hash/blake3s/blake3s.hpp"
@@ -11,6 +10,7 @@
 #include "barretenberg/stdlib_circuit_builders/ultra_recursive_flavor.hpp"
 #include "barretenberg/sumcheck/instance/instances.hpp"
 #include "barretenberg/ultra_honk/decider_prover.hpp"
+#include "barretenberg/ultra_honk/decider_verifier.hpp"
 #include "barretenberg/ultra_honk/ultra_prover.hpp"
 #include "barretenberg/ultra_honk/ultra_verifier.hpp"
 

diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/instance/verifier_instance.hpp
@@ -28,7 +28,7 @@ template <class Flavor, size_t NUM_ = 2> class VerifierInstance_ {
 
     // The folding parameters (\vec{β}, e) which are set for accumulators (i.e. relaxed instances).
     std::vector<FF> gate_challenges;
-    FF target_sum;
+    FF target_sum{ 0 };
 
     WitnessCommitments witness_commitments;
     CommitmentLabels commitment_labels;

diff --git a/...etenberg/protogalaxy/decider_verifier.cpp → ...retenberg/ultra_honk/decider_verifier.cpp b/...etenberg/protogalaxy/decider_verifier.cpp → ...retenberg/ultra_honk/decider_verifier.cpp
@@ -15,25 +15,33 @@ DeciderVerifier_<Flavor>::DeciderVerifier_(const std::shared_ptr<VerifierInstanc
 {}
 
 template <typename Flavor>
-DeciderVerifier_<Flavor>::DeciderVerifier_()
-    : pcs_verification_key(std::make_unique<VerifierCommitmentKey>())
-    , transcript(std::make_shared<Transcript>())
+DeciderVerifier_<Flavor>::DeciderVerifier_(const std::shared_ptr<VerifierInstance>& accumulator)
+    : accumulator(accumulator)
+    , pcs_verification_key(accumulator->verification_key->pcs_verification_key)
 {}
 
 /**
- * @brief This function verifies an Ultra Honk proof for a given Flavor, produced for a relaxed instance (ϕ, \vec{β*},
+ * @brief This function verifies a decider proof for a given Flavor, produced for a relaxed instance (ϕ, \vec{β*},
  * e*).
  *
  */
-template <typename Flavor> bool DeciderVerifier_<Flavor>::verify_proof(const HonkProof& proof)
+template <typename Flavor> bool DeciderVerifier_<Flavor>::verify_proof(const DeciderProof& proof)
+{
+    transcript = std::make_shared<Transcript>(proof);
+    return verify();
+}
+
+/**
+ * @brief Verify a decider proof that is assumed to be contained in the transcript
+ *
+ */
+template <typename Flavor> bool DeciderVerifier_<Flavor>::verify()
 {
     using PCS = typename Flavor::PCS;
     using Curve = typename Flavor::Curve;
     using ZeroMorph = ZeroMorphVerifier_<Curve>;
     using VerifierCommitments = typename Flavor::VerifierCommitments;
 
-    transcript = std::make_shared<Transcript>(proof);
-
     VerifierCommitments commitments{ accumulator->verification_key, accumulator->witness_commitments };
 
     auto sumcheck = SumcheckVerifier<Flavor>(
@@ -66,6 +74,7 @@ template <typename Flavor> bool DeciderVerifier_<Flavor>::verify_proof(const Hon
 }
 
 template class DeciderVerifier_<UltraFlavor>;
+template class DeciderVerifier_<UltraKeccakFlavor>;
 template class DeciderVerifier_<MegaFlavor>;
 
 } // namespace bb
diff --git a/...etenberg/protogalaxy/decider_verifier.hpp → ...retenberg/ultra_honk/decider_verifier.hpp b/...etenberg/protogalaxy/decider_verifier.hpp → ...retenberg/ultra_honk/decider_verifier.hpp
@@ -14,14 +14,26 @@ template <typename Flavor> class DeciderVerifier_ {
     using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey;
     using Transcript = typename Flavor::Transcript;
     using VerifierInstance = VerifierInstance_<Flavor>;
+    using DeciderProof = std::vector<FF>;
 
   public:
     explicit DeciderVerifier_();
+    /**
+     * @brief Constructor from prover instance and a transcript assumed to be initialized with a full honk proof
+     * @details Used in the case where an external transcript already exists and has been initialized with a proof, e.g.
+     * when the decider is being used in the context of the larger honk protocol.
+     *
+     */
     explicit DeciderVerifier_(const std::shared_ptr<VerifierInstance>& accumulator,
-                              const std::shared_ptr<Transcript>& transcript = std::make_shared<Transcript>());
-
-    bool verify_proof(const HonkProof& proof);
+                              const std::shared_ptr<Transcript>& transcript);
+    /**
+     * @brief Constructor from prover instance
+     *
+     */
+    explicit DeciderVerifier_(const std::shared_ptr<VerifierInstance>& accumulator);
 
+    bool verify_proof(const DeciderProof&); // used when a decider proof is known explicitly
+    bool verify();                          // used when transcript that has been initialized with a proof
     std::shared_ptr<VerificationKey> key;
     std::map<std::string, Commitment> commitments;
     std::shared_ptr<VerifierInstance> accumulator;

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp
@@ -5,35 +5,6 @@
 #include "barretenberg/ultra_honk/oink_verifier.hpp"
 
 namespace bb {
-template <typename Flavor>
-UltraVerifier_<Flavor>::UltraVerifier_(const std::shared_ptr<Transcript>& transcript,
-                                       const std::shared_ptr<VerificationKey>& verifier_key)
-    : key(verifier_key)
-    , transcript(transcript)
-{}
-
-/**
- * @brief Construct an UltraVerifier directly from a verification key
- *
- * @tparam Flavor
- * @param verifier_key
- */
-template <typename Flavor>
-UltraVerifier_<Flavor>::UltraVerifier_(const std::shared_ptr<VerificationKey>& verifier_key)
-    : key(verifier_key)
-    , transcript(std::make_shared<Transcript>())
-{}
-
-template <typename Flavor>
-UltraVerifier_<Flavor>::UltraVerifier_(UltraVerifier_&& other)
-    : key(std::move(other.key))
-{}
-
-template <typename Flavor> UltraVerifier_<Flavor>& UltraVerifier_<Flavor>::operator=(UltraVerifier_&& other)
-{
-    key = other.key;
-    return *this;
-}
 
 /**
  * @brief This function verifies an Ultra Honk proof for a given Flavor.
@@ -42,51 +13,22 @@ template <typename Flavor> UltraVerifier_<Flavor>& UltraVerifier_<Flavor>::opera
 template <typename Flavor> bool UltraVerifier_<Flavor>::verify_proof(const HonkProof& proof)
 {
     using FF = typename Flavor::FF;
-    using PCS = typename Flavor::PCS;
-    using Curve = typename Flavor::Curve;
-    using ZeroMorph = ZeroMorphVerifier_<Curve>;
-    using VerifierCommitments = typename Flavor::VerifierCommitments;
 
     transcript = std::make_shared<Transcript>(proof);
-    VerifierCommitments commitments{ key };
-    OinkVerifier<Flavor> oink_verifier{ key, transcript };
+    OinkVerifier<Flavor> oink_verifier{ instance->verification_key, transcript };
     auto [relation_parameters, witness_commitments, public_inputs, alphas] = oink_verifier.verify();
+    instance->relation_parameters = std::move(relation_parameters);
+    instance->witness_commitments = std::move(witness_commitments);
+    instance->alphas = std::move(alphas);
 
-    // Copy the witness_commitments over to the VerifierCommitments
-    for (auto [wit_comm_1, wit_comm_2] : zip_view(commitments.get_witness(), witness_commitments.get_all())) {
-        wit_comm_1 = wit_comm_2;
-    }
-
-    // Execute Sumcheck Verifier
-    const size_t log_circuit_size = static_cast<size_t>(numeric::get_msb(key->circuit_size));
-    auto sumcheck = SumcheckVerifier<Flavor>(log_circuit_size, transcript);
-
-    auto gate_challenges = std::vector<FF>(CONST_PROOF_SIZE_LOG_N);
-    for (size_t idx = 0; idx < gate_challenges.size(); idx++) {
-        gate_challenges[idx] = transcript->template get_challenge<FF>("Sumcheck:gate_challenge_" + std::to_string(idx));
+    for (size_t idx = 0; idx < CONST_PROOF_SIZE_LOG_N; idx++) {
+        instance->gate_challenges.emplace_back(
+            transcript->template get_challenge<FF>("Sumcheck:gate_challenge_" + std::to_string(idx)));
     }
-    auto [multivariate_challenge, claimed_evaluations, sumcheck_verified] =
-        sumcheck.verify(relation_parameters, alphas, gate_challenges);
 
-    // If Sumcheck did not verify, return false
-    if (sumcheck_verified.has_value() && !sumcheck_verified.value()) {
-        info("Ultra Verifier: Sumcheck verification failed.");
-        return false;
-    }
+    DeciderVerifier decider_verifier{ instance, transcript };
 
-    // Execute ZeroMorph rounds to produce an opening claim and verify it with a univariate PCS. See
-    // https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description of the unrolled protocol.
-    auto opening_claim = ZeroMorph::verify(key->circuit_size,
-                                           commitments.get_unshifted(),
-                                           commitments.get_to_be_shifted(),
-                                           claimed_evaluations.get_unshifted(),
-                                           claimed_evaluations.get_shifted(),
-                                           multivariate_challenge,
-                                           Commitment::one(),
-                                           transcript);
-    auto pairing_points = PCS::reduce_verify(opening_claim, transcript);
-    auto pcs_verified = key->pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]);
-    return sumcheck_verified.value() && pcs_verified;
+    return decider_verifier.verify();
 }
 
 template class UltraVerifier_<UltraFlavor>;

diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp
@@ -3,7 +3,9 @@
 #include "barretenberg/srs/global_crs.hpp"
 #include "barretenberg/stdlib_circuit_builders/mega_flavor.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_flavor.hpp"
+#include "barretenberg/sumcheck/instance//verifier_instance.hpp"
 #include "barretenberg/sumcheck/sumcheck.hpp"
+#include "barretenberg/ultra_honk/decider_verifier.hpp"
 
 namespace bb {
 template <typename Flavor> class UltraVerifier_ {
@@ -12,21 +14,18 @@ template <typename Flavor> class UltraVerifier_ {
     using VerificationKey = typename Flavor::VerificationKey;
     using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey;
     using Transcript = typename Flavor::Transcript;
+    using Instance = VerifierInstance_<Flavor>;
+    using DeciderVerifier = DeciderVerifier_<Flavor>;
 
   public:
-    explicit UltraVerifier_(const std::shared_ptr<Transcript>& transcript,
-                            const std::shared_ptr<VerificationKey>& verifier_key = nullptr);
-
-    explicit UltraVerifier_(const std::shared_ptr<VerificationKey>& verifier_key);
-    UltraVerifier_(UltraVerifier_&& other);
-
-    UltraVerifier_& operator=(const UltraVerifier_& other) = delete;
-    UltraVerifier_& operator=(UltraVerifier_&& other);
+    explicit UltraVerifier_(const std::shared_ptr<VerificationKey>& verifier_key)
+        : instance(std::make_shared<Instance>(verifier_key))
+    {}
 
     bool verify_proof(const HonkProof& proof);
 
-    std::shared_ptr<VerificationKey> key;
-    std::shared_ptr<Transcript> transcript;
+    std::shared_ptr<Transcript> transcript{ nullptr };
+    std::shared_ptr<Instance> instance;
 };
 
 using UltraVerifier = UltraVerifier_<UltraFlavor>;