From f45182600e351f5b4dd84504aac3c94859c49db6 Mon Sep 17 00:00:00 2001 From: maramihali Date: Mon, 28 Oct 2024 11:18:10 +0000 Subject: [PATCH 01/13] experimenting --- .../barretenberg/client_ivc/client_ivc.cpp | 39 ++++++++++++------- .../barretenberg/client_ivc/client_ivc.hpp | 11 ++++-- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 66926c1a07d..3c295f85a0a 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -202,12 +202,7 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr builder; + // Construct stdlib accumulator, vkey and proof + auto stdlib_verifier_accum = + std::make_shared(builder.get(), verification_queue[0].honk_verification_key); + + auto stdlib_decider_vk = + std::make_shared(builder.get(), verifier_input.fold_input.decider_vks[0]); + auto stdlib_proof = bb::convert_proof_to_witness(builder.get(), proof.folding_proof); + + // Free the accumulator to save memory + + return proof; +} + +/** + * @brief Construct a proof for the IVC, which, if verified, fully establishes its correctness + * + * @return Proof + */ +ClientIVC::Proof ClientIVC::prove() +{ + HonkProof ultra_proof = construct_and_prove_hiding_circuit(); + return { ultra_proof, goblin.prove(merge_proof) }; }; bool ClientIVC::verify(const Proof& proof, @@ -230,12 +247,6 @@ bool ClientIVC::verify(const Proof& proof, GoblinVerifier goblin_verifier{ eccvm_vk, translator_vk }; bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); - // Decider verification - ClientIVC::FoldingVerifier folding_verifier({ accumulator, final_stack_vk }); - auto verifier_accumulator = folding_verifier.verify_folding_proof(proof.folding_proof); - - ClientIVC::DeciderVerifier decider_verifier(verifier_accumulator); - bool decision = decider_verifier.verify_proof(proof.decider_proof); return goblin_verified && decision; } diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index 8f0f3400f00..b34d0de4f2d 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -55,13 +55,12 @@ class ClientIVC { // A full proof for the IVC scheme struct Proof { - FoldProof folding_proof; // final fold proof - HonkProof decider_proof; + HonkProof ultra_proof; GoblinProof goblin_proof; - size_t size() const { return folding_proof.size() + decider_proof.size() + goblin_proof.size(); } + size_t size() const { return ultra_proof.size() + goblin_proof.size(); } - MSGPACK_FIELDS(folding_proof, decider_proof, goblin_proof); + MSGPACK_FIELDS(ultra_proof, goblin_proof); }; enum class QUEUE_TYPE { OINK, PG }; // for specifying type of proof in the verification queue @@ -143,6 +142,10 @@ class ClientIVC { Proof prove(); + HonkProof construct_and_prove_hiding_circuit(); + + HonkProof construct_hiding_circuit(); + static bool verify(const Proof& proof, const std::shared_ptr& accumulator, const std::shared_ptr& final_stack_vk, From fe8dd2d6cf80ba76175763fd56a7fb28fe93eec8 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 29 Oct 2024 11:41:17 +0000 Subject: [PATCH 02/13] hiding circuit --- barretenberg/acir_tests/run_acir_tests.sh | 2 +- barretenberg/cpp/src/barretenberg/bb/main.cpp | 43 +++++-------- .../barretenberg/client_ivc/client_ivc.cpp | 64 +++++++++++++------ .../barretenberg/client_ivc/client_ivc.hpp | 12 ++-- .../client_ivc/test_bench_shared.hpp | 4 +- .../client_ivc_recursive_verifier.cpp | 21 ++---- .../client_ivc_recursive_verifier.hpp | 5 +- .../client_ivc_recursive_verifier.test.cpp | 14 ++-- .../barretenberg/ultra_honk/oink_prover.cpp | 1 + .../barretenberg/ultra_honk/oink_verifier.cpp | 2 + 10 files changed, 91 insertions(+), 77 deletions(-) diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index 1b8d413afe6..89c0e2fd810 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -10,7 +10,7 @@ pids=() source ./bash_helpers/catch.sh trap handle_sigchild SIGCHLD -BIN=${BIN:-../cpp/build/bin/bb} +BIN=${BIN:-../cpp/build-asan/bin/bb} FLOW=${FLOW:-prove_and_verify} HONK=${HONK:-false} CRS_PATH=~/.bb-crs diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 58bbb33f8bd..1e65606832e 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -378,8 +378,7 @@ void client_ivc_prove_output_all_msgpack(const std::string& bytecodePath, // Write the proof and verification keys into the working directory in 'binary' format (in practice it seems this // directory is passed by bb.js) - std::string vkPath = outputDir + "/final_decider_vk"; // the vk of the last circuit in the stack - std::string accPath = outputDir + "/pg_acc"; + std::string vkPath = outputDir + "/mega_vk"; // the vk of the last circuit in the stack std::string proofPath = outputDir + "/client_ivc_proof"; std::string translatorVkPath = outputDir + "/translator_vk"; std::string eccVkPath = outputDir + "/ecc_vk"; @@ -389,12 +388,11 @@ void client_ivc_prove_output_all_msgpack(const std::string& bytecodePath, auto translator_vk = std::make_shared(ivc.goblin.get_translator_proving_key()); auto last_vk = std::make_shared(ivc.honk_vk); - vinfo("ensure valid proof: ", ivc.verify(proof, { ivc.verifier_accumulator, last_vk })); + vinfo("ensure valid proof: ", ivc.verify(proof)); vinfo("write proof and vk data to files.."); write_file(proofPath, to_buffer(proof)); write_file(vkPath, to_buffer(ivc.honk_vk)); - write_file(accPath, to_buffer(ivc.verifier_accumulator)); write_file(translatorVkPath, to_buffer(translator_vk)); write_file(eccVkPath, to_buffer(eccvm_vk)); } @@ -435,8 +433,7 @@ bool verify_client_ivc(const std::filesystem::path& proof_path, const auto translator_vk = read_to_shared_ptr(translator_vk_path); translator_vk->pcs_verification_key = std::make_shared>(); - const bool verified = ClientIVC::verify( - proof, accumulator, std::make_shared(final_vk), eccvm_vk, translator_vk); + const bool verified = ClientIVC::verify(proof, final_vk, eccvm_vk, translator_vk); vinfo("verified: ", verified); return verified; } @@ -493,7 +490,6 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, using Builder = Flavor::CircuitBuilder; using ECCVMVK = ECCVMFlavor::VerificationKey; using TranslatorVK = TranslatorFlavor::VerificationKey; - using DeciderVK = ClientIVC::DeciderVerificationKey; init_bn254_crs(1 << 22); init_grumpkin_crs(1 << 16); @@ -525,8 +521,7 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, // Write the proof and verification keys into the working directory in 'binary' format (in practice it seems this // directory is passed by bb.js) - std::string vkPath = outputPath + "/final_decider_vk"; // the vk of the last circuit in the stack - std::string accPath = outputPath + "/pg_acc"; + std::string vkPath = outputPath + "/mega_vk"; // the vk of the last circuit in the stack std::string proofPath = outputPath + "/client_ivc_proof"; std::string translatorVkPath = outputPath + "/translator_vk"; std::string eccVkPath = outputPath + "/ecc_vk"; @@ -534,14 +529,11 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, auto proof = ivc.prove(); auto eccvm_vk = std::make_shared(ivc.goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(ivc.goblin.get_translator_proving_key()); - - auto last_vk = std::make_shared(ivc.honk_vk); - vinfo("ensure valid proof: ", ivc.verify(proof, { ivc.verifier_accumulator, last_vk })); + vinfo("ensure valid proof: ", ivc.verify(proof)); vinfo("write proof and vk data to files.."); write_file(proofPath, to_buffer(proof)); write_file(vkPath, to_buffer(ivc.honk_vk)); // maybe dereference - write_file(accPath, to_buffer(ivc.verifier_accumulator)); write_file(translatorVkPath, to_buffer(translator_vk)); write_file(eccVkPath, to_buffer(eccvm_vk)); } @@ -555,18 +547,15 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, void prove_tube(const std::string& output_path) { using ClientIVC = stdlib::recursion::honk::ClientIVCRecursiveVerifier; - using StackDeciderVK = ClientIVC::FoldVerifierInput::DeciderVK; using StackHonkVK = typename MegaFlavor::VerificationKey; using ECCVMVk = ECCVMFlavor::VerificationKey; using TranslatorVk = TranslatorFlavor::VerificationKey; - using FoldVerifierInput = ClientIVC::FoldVerifierInput; using GoblinVerifierInput = ClientIVC::GoblinVerifierInput; using VerifierInput = ClientIVC::VerifierInput; using Builder = UltraCircuitBuilder; using GrumpkinVk = bb::VerifierCommitmentKey; - std::string vkPath = output_path + "/final_decider_vk"; // the vk of the last circuit in the stack - std::string accPath = output_path + "/pg_acc"; + std::string vkPath = output_path + "/mega_vk"; // the vk of the last circuit in the stack std::string proofPath = output_path + "/client_ivc_proof"; std::string translatorVkPath = output_path + "/translator_vk"; std::string eccVkPath = output_path + "/ecc_vk"; @@ -579,8 +568,6 @@ void prove_tube(const std::string& output_path) auto proof = from_buffer(read_file(proofPath)); std::shared_ptr final_stack_vk = std::make_shared(from_buffer(read_file(vkPath))); - std::shared_ptr verifier_accumulator = - std::make_shared(from_buffer(read_file(accPath))); std::shared_ptr translator_vk = std::make_shared(from_buffer(read_file(translatorVkPath))); std::shared_ptr eccvm_vk = std::make_shared(from_buffer(read_file(eccVkPath))); @@ -589,21 +576,21 @@ void prove_tube(const std::string& output_path) // TODO(https://github.com/AztecProtocol/barretenberg/issues/1025) eccvm_vk->pcs_verification_key = std::make_shared(eccvm_vk->circuit_size + 1); - FoldVerifierInput fold_verifier_input{ verifier_accumulator, { final_stack_vk } }; GoblinVerifierInput goblin_verifier_input{ eccvm_vk, translator_vk }; - VerifierInput input{ fold_verifier_input, goblin_verifier_input }; + VerifierInput input{ final_stack_vk, goblin_verifier_input }; auto builder = std::make_shared(); + info("here"); // Padding needed for sending the right number of public inputs // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use // these public inputs by turning proof into witnesses and call // set_public on each witness - auto num_public_inputs = static_cast(static_cast(proof.folding_proof[1])); - num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - num_public_inputs -= 1 * 8; // TODO(https://github.com/AztecProtocol/barretenberg/issues/1125) Make this dynamic - for (size_t i = 0; i < num_public_inputs; i++) { - auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; - builder->add_public_variable(proof.folding_proof[i + offset]); - } + // auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); + // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + // num_public_inputs -= 1 * 8; // TODO(https://github.com/AztecProtocol/barretenberg/issues/1125) Make this dynamic + // for (size_t i = 0; i < num_public_inputs; i++) { + // auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; + // builder->add_public_variable(proof.ultra_proof[i + offset]); + // } ClientIVC verifier{ builder, input }; verifier.verify(proof); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 3c295f85a0a..7f5e180f64c 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -18,7 +18,7 @@ void ClientIVC::instantiate_stdlib_verification_queue( { bool vkeys_provided = !input_keys.empty(); if (vkeys_provided && verification_queue.size() != input_keys.size()) { - info("Warning: Incorrect number of verification keys provided in stdlib verification queue instantiation."); + // info("Warning: Incorrect number of verification keys provided in stdlib verification queue instantiation."); ASSERT(false); } @@ -204,24 +204,50 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr builder; + ClientCircuit builder{ goblin.op_queue }; + goblin.verify_merge(builder, merge_verification_queue[0]); + merge_verification_queue.clear(); + // Construct stdlib accumulator, vkey and proof - auto stdlib_verifier_accum = - std::make_shared(builder.get(), verification_queue[0].honk_verification_key); + auto stdlib_verifier_accumulator = + std::make_shared(&builder, verifier_accumulator); auto stdlib_decider_vk = - std::make_shared(builder.get(), verifier_input.fold_input.decider_vks[0]); - auto stdlib_proof = bb::convert_proof_to_witness(builder.get(), proof.folding_proof); + std::make_shared(&builder, verification_queue[0].honk_verification_key); - // Free the accumulator to save memory + auto stdlib_proof = bb::convert_proof_to_witness(&builder, fold_proof); + + // Perform recursive folding verification + FoldingRecursiveVerifier folding_verifier{ &builder, stdlib_verifier_accumulator, { stdlib_decider_vk } }; + auto recursive_verifier_accumulator = folding_verifier.verify_folding_proof(stdlib_proof); + auto native_verifier_acc = std::make_shared(recursive_verifier_accumulator->get_value()); + verification_queue.clear(); + // Perform recursive decider verification + DeciderRecursiveVerifier decider{ &builder, native_verifier_acc }; + decider.verify_proof(decider_proof); + + // TODO: proper aggregation + builder.add_recursive_proof(stdlib::recursion::init_default_agg_obj_indices(builder)); + + MergeProof merge_proof = goblin.prove_merge(builder); + merge_verification_queue.emplace_back(merge_proof); + + auto decider_pk = std::make_shared(builder); // finalises here + honk_vk = std::make_shared(decider_pk->proving_key); + UltraProver prover(decider_pk); + // info("circuit size of proving key: ", decider_pk->proving_key.circuit_size); + // info("circuit size of vk: ", honk_vk->circuit_size); + // Add assert equal here? + HonkProof proof = prover.construct_proof(); + // Construct merge proof for the present circuit and add to merge verification queue return proof; } @@ -234,20 +260,24 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() ClientIVC::Proof ClientIVC::prove() { HonkProof ultra_proof = construct_and_prove_hiding_circuit(); + ASSERT(merge_verification_queue.size() == 1); // ensure only a single merge proof remains in the queue + MergeProof& merge_proof = merge_verification_queue[0]; + // merge here return { ultra_proof, goblin.prove(merge_proof) }; }; bool ClientIVC::verify(const Proof& proof, - const std::shared_ptr& accumulator, - const std::shared_ptr& final_stack_vk, + const std::shared_ptr& ultra_vk, const std::shared_ptr& eccvm_vk, const std::shared_ptr& translator_vk) { + + UltraVerifier verifer{ ultra_vk }; + bool ultra_verified = verifer.verify_proof(proof.ultra_proof); // Goblin verification (merge, eccvm, translator) GoblinVerifier goblin_verifier{ eccvm_vk, translator_vk }; bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); - - return goblin_verified && decision; + return goblin_verified && ultra_verified; } /** @@ -256,11 +286,11 @@ bool ClientIVC::verify(const Proof& proof, * @param proof * @return bool */ -bool ClientIVC::verify(const Proof& proof, const std::vector>& vk_stack) +bool ClientIVC::verify(const Proof& proof) { auto eccvm_vk = std::make_shared(goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(goblin.get_translator_proving_key()); - return verify(proof, vk_stack[0], vk_stack[1], eccvm_vk, translator_vk); + return verify(proof, honk_vk, eccvm_vk, translator_vk); } /** @@ -283,9 +313,7 @@ HonkProof ClientIVC::decider_prove() const bool ClientIVC::prove_and_verify() { auto proof = prove(); - - auto verifier_inst = std::make_shared(this->verification_queue[0].honk_verification_key); - return verify(proof, { this->verifier_accumulator, verifier_inst }); + return verify(proof); } /** diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index b34d0de4f2d..43e03b8eb60 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -5,6 +5,7 @@ #include "barretenberg/plonk_honk_shared/arithmetization/max_block_size_tracker.hpp" #include "barretenberg/protogalaxy/protogalaxy_prover.hpp" #include "barretenberg/protogalaxy/protogalaxy_verifier.hpp" +#include "barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp" #include "barretenberg/stdlib/primitives/databus/databus.hpp" #include "barretenberg/ultra_honk/decider_keys.hpp" #include "barretenberg/ultra_honk/decider_prover.hpp" @@ -41,6 +42,8 @@ class ClientIVC { using FoldingVerifier = ProtogalaxyVerifier_; using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey; using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey; + using UltraProver = UltraProver_; + using UltraVerifier = UltraVerifier_; using RecursiveFlavor = MegaRecursiveFlavor_; using RecursiveDeciderVerificationKeys = @@ -50,6 +53,7 @@ class ClientIVC { using FoldingRecursiveVerifier = bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_; using OinkRecursiveVerifier = stdlib::recursion::honk::OinkRecursiveVerifier_; + using DeciderRecursiveVerifier = stdlib::recursion::honk::DeciderRecursiveVerifier_; using DataBusDepot = stdlib::DataBusDepot; @@ -144,15 +148,13 @@ class ClientIVC { HonkProof construct_and_prove_hiding_circuit(); - HonkProof construct_hiding_circuit(); - + // why do we want this static member function? static bool verify(const Proof& proof, - const std::shared_ptr& accumulator, - const std::shared_ptr& final_stack_vk, + const std::shared_ptr& ultra_vk, const std::shared_ptr& eccvm_vk, const std::shared_ptr& translator_vk); - bool verify(const Proof& proof, const std::vector>& vk_stack); + bool verify(const Proof& proof); bool prove_and_verify(); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/test_bench_shared.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/test_bench_shared.hpp index b66ff324b2f..34fce9b314b 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/test_bench_shared.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/test_bench_shared.hpp @@ -14,9 +14,7 @@ namespace bb { */ bool verify_ivc(ClientIVC::Proof& proof, ClientIVC& ivc) { - auto verifier_inst = - std::make_shared>(ivc.verification_queue[0].honk_verification_key); - bool verified = ivc.verify(proof, { ivc.verifier_accumulator, verifier_inst }); + bool verified = ivc.verify(proof); // This is a benchmark, not a test, so just print success or failure to the log if (verified) { diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index e2d30c8128a..f20f4da9caa 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -10,22 +10,15 @@ namespace bb::stdlib::recursion::honk { */ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) { - // Construct stdlib accumulator, vkey and proof - auto stdlib_verifier_accum = - std::make_shared(builder.get(), verifier_input.fold_input.accumulator); - auto stdlib_decider_vk = - std::make_shared(builder.get(), verifier_input.fold_input.decider_vks[0]); - auto stdlib_proof = bb::convert_proof_to_witness(builder.get(), proof.folding_proof); - - // Perform recursive folding verification - FoldingVerifier folding_verifier{ builder.get(), stdlib_verifier_accum, { stdlib_decider_vk } }; - auto recursive_verifier_accumulator = folding_verifier.verify_folding_proof(stdlib_proof); - auto native_verifier_acc = - std::make_shared(recursive_verifier_accumulator->get_value()); + // Construct stdlib mega verification key + auto stdlib_mega_vk = + std::make_shared(builder.get(), verifier_input.mega_verification_key); + aggregation_state agg_obj = + init_default_aggregation_state(*builder); // Perform recursive decider verification - DeciderVerifier decider{ builder.get(), native_verifier_acc }; - decider.verify_proof(proof.decider_proof); + MegaVerifier verifier{ builder.get(), stdlib_mega_vk }; + verifier.verify_proof(proof.ultra_proof, agg_obj); // Perform Goblin recursive verification GoblinVerifier goblin_verifier{ builder.get(), verifier_input.goblin_input }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp index e7c1de159b5..d6954bb0532 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.hpp @@ -12,14 +12,17 @@ class ClientIVCRecursiveVerifier { using RecursiveVerificationKey = RecursiveDeciderVerificationKeys::VerificationKey; using DeciderVerifier = DeciderRecursiveVerifier_; using FoldingVerifier = ProtogalaxyRecursiveVerifier_; + using MegaVerifier = UltraRecursiveVerifier_; using GoblinVerifier = GoblinRecursiveVerifier; + using Flavor = RecursiveFlavor::NativeFlavor; + using VerificationKey = Flavor::VerificationKey; public: using Proof = ClientIVC::Proof; using FoldVerifierInput = FoldingVerifier::VerifierInput; using GoblinVerifierInput = GoblinVerifier::VerifierInput; struct VerifierInput { - FoldVerifierInput fold_input; + std::shared_ptr mega_verification_key; GoblinVerifierInput goblin_input; }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 4771632be21..66c5844e9ee 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -47,12 +47,11 @@ class ClientIVCRecursionTests : public testing::Test { } Proof proof = ivc.prove(); - FoldVerifierInput fold_verifier_input{ ivc.verifier_accumulator, { ivc.honk_vk } }; GoblinVerifierInput goblin_verifier_input{ std::make_shared(ivc.goblin.get_eccvm_proving_key()), std::make_shared( ivc.goblin.get_translator_proving_key()) }; - return { proof, { fold_verifier_input, goblin_verifier_input } }; + return { proof, { ivc.honk_vk, goblin_verifier_input } }; } }; @@ -67,13 +66,13 @@ TEST_F(ClientIVCRecursionTests, NativeVerification) auto [proof, verifier_input] = construct_client_ivc_prover_output(ivc); // Construct the set of native decider vks to be processed by the folding verifier - std::vector> keys{ verifier_input.fold_input.accumulator }; - for (auto vk : verifier_input.fold_input.decider_vks) { - keys.emplace_back(std::make_shared(vk)); - } + // std::vector> keys{ verifier_input.fold_input.accumulator }; + // for (auto vk : verifier_input.fold_input.decider_vks) { + // keys.emplace_back(std::make_shared(vk)); + // } // Confirm that the IVC proof can be natively verified - EXPECT_TRUE(ivc.verify(proof, keys)); + EXPECT_TRUE(ivc.verify(proof)); } /** @@ -89,6 +88,7 @@ TEST_F(ClientIVCRecursionTests, Basic) // Construct the ClientIVC recursive verifier auto builder = std::make_shared(); + // builder->add_recursive_proof(stdlib::recursion::init_default_agg_obj_indices(*builder)); ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index b9279d2a5ae..2804f29be03 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -70,6 +70,7 @@ template void OinkProver::execute_preamble_round( { PROFILE_THIS_NAME("OinkProver::execute_preamble_round"); const auto circuit_size = static_cast(proving_key->proving_key.circuit_size); + // info("in oink prover: ", circuit_size); const auto num_public_inputs = static_cast(proving_key->proving_key.num_public_inputs); transcript->send_to_verifier(domain_separator + "circuit_size", circuit_size); transcript->send_to_verifier(domain_separator + "public_input_size", num_public_inputs); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index 227fa145a44..fe0f4c9e9b5 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -38,6 +38,8 @@ template void OinkVerifier::execute_preamble_roun transcript->template receive_from_prover(domain_separator + "pub_inputs_offset"); if (circuit_size != verification_key->verification_key->circuit_size) { + // info(circuit_size); + // info(verification_key->verification_key->circuit_size); throw_or_abort("OinkVerifier::execute_preamble_round: proof circuit size does not match verification key!"); } if (public_input_size != verification_key->verification_key->num_public_inputs) { From 5954826f303c219457e7299277f5e73b4bbcfdbb Mon Sep 17 00:00:00 2001 From: maramihali Date: Wed, 30 Oct 2024 16:02:02 +0000 Subject: [PATCH 03/13] barretenberg/cpp/src/barretenberg/bb/main.cpp --- barretenberg/acir_tests/run_acir_tests.sh | 2 +- barretenberg/cpp/src/barretenberg/bb/main.cpp | 29 +++++++++---------- .../barretenberg/client_ivc/client_ivc.cpp | 2 ++ yarn-project/bb-prover/src/bb/execute.ts | 5 ++-- .../src/structs/client_ivc_proof.ts | 23 ++++++--------- .../src/client_ivc_integration.test.ts | 2 +- 6 files changed, 28 insertions(+), 35 deletions(-) diff --git a/barretenberg/acir_tests/run_acir_tests.sh b/barretenberg/acir_tests/run_acir_tests.sh index 89c0e2fd810..1b8d413afe6 100755 --- a/barretenberg/acir_tests/run_acir_tests.sh +++ b/barretenberg/acir_tests/run_acir_tests.sh @@ -10,7 +10,7 @@ pids=() source ./bash_helpers/catch.sh trap handle_sigchild SIGCHLD -BIN=${BIN:-../cpp/build-asan/bin/bb} +BIN=${BIN:-../cpp/build/bin/bb} FLOW=${FLOW:-prove_and_verify} HONK=${HONK:-false} CRS_PATH=~/.bb-crs diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 1e65606832e..fc0f9419e90 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -415,8 +415,7 @@ template std::shared_ptr read_to_shared_ptr(const std::filesyste * @return true (resp., false) if the proof is valid (resp., invalid). */ bool verify_client_ivc(const std::filesystem::path& proof_path, - const std::filesystem::path& accumulator_path, - const std::filesystem::path& final_vk_path, + const std::filesystem::path& mega_vk, const std::filesystem::path& eccvm_vk_path, const std::filesystem::path& translator_vk_path) { @@ -424,15 +423,15 @@ bool verify_client_ivc(const std::filesystem::path& proof_path, init_grumpkin_crs(1 << 15); const auto proof = from_buffer(read_file(proof_path)); - const auto accumulator = read_to_shared_ptr(accumulator_path); - accumulator->verification_key->pcs_verification_key = std::make_shared>(); - const auto final_vk = read_to_shared_ptr(final_vk_path); + const auto final_vk = read_to_shared_ptr(mega_vk); + final_vk->pcs_verification_key = std::make_shared>(); + const auto eccvm_vk = read_to_shared_ptr(eccvm_vk_path); eccvm_vk->pcs_verification_key = std::make_shared>(eccvm_vk->circuit_size + 1); const auto translator_vk = read_to_shared_ptr(translator_vk_path); translator_vk->pcs_verification_key = std::make_shared>(); - + info("here"); const bool verified = ClientIVC::verify(proof, final_vk, eccvm_vk, translator_vk); vinfo("verified: ", verified); return verified; @@ -583,10 +582,12 @@ void prove_tube(const std::string& output_path) // Padding needed for sending the right number of public inputs // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use // these public inputs by turning proof into witnesses and call - // set_public on each witness - // auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); - // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - // num_public_inputs -= 1 * 8; // TODO(https://github.com/AztecProtocol/barretenberg/issues/1125) Make this dynamic + // set_public on each witness + auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); + info(num_public_inputs); // I think the problem here is that thereareno public inputs + num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + num_public_inputs -= 1 * 8; // TODO(https://github.com/AztecProtocol/barretenberg/issues/1125) Make this dynamic + info(num_public_inputs); // for (size_t i = 0; i < num_public_inputs; i++) { // auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; // builder->add_public_variable(proof.ultra_proof[i + offset]); @@ -1447,15 +1448,11 @@ int main(int argc, char* argv[]) if (command == "verify_client_ivc") { std::filesystem::path output_dir = get_option(args, "-o", "./target"); std::filesystem::path client_ivc_proof_path = output_dir / "client_ivc_proof"; - std::filesystem::path accumulator_path = output_dir / "pg_acc"; - std::filesystem::path final_vk_path = output_dir / "final_decider_vk"; + std::filesystem::path mega_vk_path = output_dir / "mega_vk"; std::filesystem::path eccvm_vk_path = output_dir / "ecc_vk"; std::filesystem::path translator_vk_path = output_dir / "translator_vk"; - return verify_client_ivc( - client_ivc_proof_path, accumulator_path, final_vk_path, eccvm_vk_path, translator_vk_path) - ? 0 - : 1; + return verify_client_ivc(client_ivc_proof_path, mega_vk_path, eccvm_vk_path, translator_vk_path) ? 0 : 1; } if (command == "fold_and_verify_program") { return foldAndVerifyProgram(bytecode_path, witness_path) ? 0 : 1; diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 7f5e180f64c..86d9e889613 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -149,6 +149,7 @@ void ClientIVC::complete_kernel_circuit_logic(ClientCircuit& circuit) void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr& precomputed_vk, bool mock_vk) { if (auto_verify_mode && circuit.databus_propagation_data.is_kernel) { + info("we are never here I assume?"); complete_kernel_circuit_logic(circuit); } @@ -207,6 +208,7 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() // max_block_size_tracker.print(); // print minimum structured sizes for each block ASSERT(verification_queue.size() == 1); // ensure only a single fold proof remains in the queue ASSERT(merge_verification_queue.size() == 1); // ensure only a single merge proof remains in the queue + info("Am I ever heere?"); FoldProof& fold_proof = verification_queue[0].proof; HonkProof decider_proof = decider_prove(); // Free the accumulator to save memory diff --git a/yarn-project/bb-prover/src/bb/execute.ts b/yarn-project/bb-prover/src/bb/execute.ts index 76b9403be95..c965a86a7b8 100644 --- a/yarn-project/bb-prover/src/bb/execute.ts +++ b/yarn-project/bb-prover/src/bb/execute.ts @@ -424,8 +424,7 @@ export async function generateTubeProof( } // // Paths for the inputs - const vkPath = join(workingDirectory, 'final_decider_vk.bin'); // the vk of the last instance - const accPath = join(workingDirectory, 'pg_acc.bin'); + const vkPath = join(workingDirectory, 'mega_vk.bin'); const proofPath = join(workingDirectory, 'client_ivc_proof.bin'); const translatorVkPath = join(workingDirectory, 'translator_vk.bin'); const eccVkPath = join(workingDirectory, 'ecc_vk.bin'); @@ -446,7 +445,6 @@ export async function generateTubeProof( try { if ( !filePresent(vkPath) || - !filePresent(accPath) || !filePresent(proofPath) || !filePresent(translatorVkPath) || !filePresent(eccVkPath) @@ -644,6 +642,7 @@ export async function verifyClientIvcProof( const args = ['-o', targetPath]; const timer = new Timer(); const command = 'verify_client_ivc'; + console.log("Client IVC args ",args); const result = await executeBB(pathToBB, command, args, log); const duration = timer.ms(); if (result.status == BB_RESULT.SUCCESS) { diff --git a/yarn-project/circuits.js/src/structs/client_ivc_proof.ts b/yarn-project/circuits.js/src/structs/client_ivc_proof.ts index 916690eaeef..7b0e5b523f8 100644 --- a/yarn-project/circuits.js/src/structs/client_ivc_proof.ts +++ b/yarn-project/circuits.js/src/structs/client_ivc_proof.ts @@ -12,8 +12,7 @@ export class ClientIvcProof { // produced by the sequencer when making the tube proof // TODO(https://github.com/AztecProtocol/aztec-packages/issues/7370): Need to precompute private kernel tail VK so we can verify this immediately in the tx pool // which parts of these are needed to quickly verify that we have a correct IVC proof - public instVkBuffer: Buffer, - public pgAccBuffer: Buffer, + public megaVkBuffer: Buffer, public clientIvcProofBuffer: Buffer, public translatorVkBuffer: Buffer, public eccVkBuffer: Buffer, @@ -24,7 +23,7 @@ export class ClientIvcProof { } static empty() { - return new ClientIvcProof(Buffer.from(''), Buffer.from(''), Buffer.from(''), Buffer.from(''), Buffer.from('')); + return new ClientIvcProof(Buffer.from(''), Buffer.from(''), Buffer.from(''), Buffer.from('')); } /** @@ -34,12 +33,12 @@ export class ClientIvcProof { * @returns the encapsulated client ivc proof */ static async readFromOutputDirectory(directory: string) { - const [instVkBuffer, pgAccBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer] = await Promise.all( - ['final_decider_vk', 'pg_acc', 'client_ivc_proof', 'translator_vk', 'ecc_vk'].map(fileName => + const [megaVkBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer] = await Promise.all( + ['mega_vk', 'client_ivc_proof', 'translator_vk', 'ecc_vk'].map(fileName => fs.readFile(path.join(directory, fileName)), ), ); - return new ClientIvcProof(instVkBuffer, pgAccBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer); + return new ClientIvcProof(megaVkBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer); } /** @@ -56,10 +55,9 @@ export class ClientIvcProof { * @param directory the directory of results */ async writeToOutputDirectory(directory: string) { - const { instVkBuffer, pgAccBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer } = this; + const { megaVkBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer } = this; const fileData = [ - ['final_decider_vk', instVkBuffer], - ['pg_acc', pgAccBuffer], + ['mega_vk', this.megaVkBuffer], ['client_ivc_proof', clientIvcProofBuffer], ['translator_vk', translatorVkBuffer], ['ecc_vk', eccVkBuffer], @@ -74,16 +72,13 @@ export class ClientIvcProof { reader.readBuffer(), reader.readBuffer(), reader.readBuffer(), - reader.readBuffer(), ); } public toBuffer() { return serializeToBuffer( - this.instVkBuffer.length, - this.instVkBuffer, - this.pgAccBuffer.length, - this.pgAccBuffer, + this.megaVkBuffer.length, + this.megaVkBuffer, this.clientIvcProofBuffer.length, this.clientIvcProofBuffer, this.translatorVkBuffer.length, diff --git a/yarn-project/ivc-integration/src/client_ivc_integration.test.ts b/yarn-project/ivc-integration/src/client_ivc_integration.test.ts index 1a8409f3588..244a726e2d9 100644 --- a/yarn-project/ivc-integration/src/client_ivc_integration.test.ts +++ b/yarn-project/ivc-integration/src/client_ivc_integration.test.ts @@ -1,4 +1,4 @@ -import { BB_RESULT, executeBbClientIvcProof, verifyClientIvcProof } from '@aztec/bb-prover'; + import { BB_RESULT, executeBbClientIvcProof, verifyClientIvcProof } from '@aztec/bb-prover'; import { ClientIvcProof } from '@aztec/circuits.js'; import { createDebugLogger } from '@aztec/foundation/log'; From 408e2f7050bf1e56cbd803ea97e4bdb8305d2b57 Mon Sep 17 00:00:00 2001 From: maramihali Date: Thu, 31 Oct 2024 14:06:39 +0000 Subject: [PATCH 04/13] better handling of agg obj? --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 10 +++++----- .../cpp/src/barretenberg/client_ivc/client_ivc.cpp | 9 +++++++++ .../client_ivc_recursive_verifier.cpp | 4 ++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 401e4f3d588..8124e383c7f 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -583,11 +583,11 @@ void prove_tube(const std::string& output_path) // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use // these public inputs by turning proof into witnesses and call // set_public on each witness - auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); - info(num_public_inputs); // I think the problem here is that thereareno public inputs - num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments - info(num_public_inputs); + // auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); + // info(num_public_inputs); // I think the problem here is that thereareno public inputs + // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments + // info(num_public_inputs); // for (size_t i = 0; i < num_public_inputs; i++) { // auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; // builder->add_public_variable(proof.ultra_proof[i + offset]); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 8e5f6ea749b..6cb7d5a499f 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -224,10 +224,19 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() // Free the accumulator to save memory fold_output.accumulator = nullptr; + auto num_public_inputs = static_cast(static_cast(fold_proof[1])); + num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments + ClientCircuit builder{ goblin.op_queue }; goblin.verify_merge(builder, merge_verification_queue[0]); merge_verification_queue.clear(); + for (size_t i = 0; i < num_public_inputs; i++) { + size_t offset = 3; + builder.add_public_variable(fold_proof[i + offset]); + } + // Construct stdlib accumulator, vkey and proof auto stdlib_verifier_accumulator = std::make_shared(&builder, verifier_accumulator); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index f20f4da9caa..92cca3b6243 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -16,9 +16,13 @@ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) aggregation_state agg_obj = init_default_aggregation_state(*builder); + // do something with public inputs here? + // // Perform recursive decider verification MegaVerifier verifier{ builder.get(), stdlib_mega_vk }; verifier.verify_proof(proof.ultra_proof, agg_obj); + info("number of public inputs in ultra proof: ", + static_cast(static_cast(proof.ultra_proof[1]))); // Perform Goblin recursive verification GoblinVerifier goblin_verifier{ builder.get(), verifier_input.goblin_input }; From 4ac64f4e9432a33376665282054efd9514a3e6dc Mon Sep 17 00:00:00 2001 From: maramihali Date: Thu, 31 Oct 2024 16:09:40 +0000 Subject: [PATCH 05/13] logs --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 2 ++ barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp | 2 ++ barretenberg/cpp/src/barretenberg/goblin/goblin.hpp | 3 +++ .../noir-protocol-circuits/crates/types/src/constants.nr | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 8124e383c7f..de26c965c13 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -526,6 +526,7 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, std::string eccVkPath = outputPath + "/ecc_vk"; auto proof = ivc.prove(); + info("client ivc proof length ", proof.size()); auto eccvm_vk = std::make_shared(ivc.goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(ivc.goblin.get_translator_proving_key()); vinfo("ensure valid proof: ", ivc.verify(proof)); @@ -607,6 +608,7 @@ void prove_tube(const std::string& output_path) using Verifier = UltraVerifier_; Prover tube_prover{ *builder }; auto tube_proof = tube_prover.construct_proof(); + info("tube proof length ", tube_proof.size()); std::string tubeProofPath = output_path + "/proof"; write_file(tubeProofPath, to_buffer(tube_proof)); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 6cb7d5a499f..514c444c7b2 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -295,9 +295,11 @@ bool ClientIVC::verify(const Proof& proof, UltraVerifier verifer{ ultra_vk }; bool ultra_verified = verifer.verify_proof(proof.ultra_proof); + vinfo("Ultra verified: ", ultra_verified); // Goblin verification (merge, eccvm, translator) GoblinVerifier goblin_verifier{ eccvm_vk, translator_vk }; bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); + vinfo("Goblin verified: ", goblin_verified); return goblin_verified && ultra_verified; } diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp index fcfd0d78913..b66c8dc466d 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp @@ -287,9 +287,11 @@ class GoblinVerifier { { MergeVerifier merge_verifier; bool merge_verified = merge_verifier.verify_proof(proof.merge_proof); + vinfo("Merge verified: ", merge_verified); ECCVMVerifier eccvm_verifier(eccvm_verification_key); bool eccvm_verified = eccvm_verifier.verify_proof(proof.eccvm_proof); + vinfo("ECCVM verified: ", eccvm_verified); TranslatorVerifier translator_verifier(translator_verification_key, eccvm_verifier.transcript); @@ -297,6 +299,7 @@ class GoblinVerifier { // TODO(https://github.com/AztecProtocol/barretenberg/issues/799): Ensure translation_evaluations are passed // correctly bool translation_verified = translator_verifier.verify_translation(proof.translation_evaluations); + vinfo("Translator verified: ", translation_verified, " ", accumulator_construction_verified); return merge_verified && eccvm_verified && accumulator_construction_verified && translation_verified; }; diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr b/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr index d132ebc7a8b..12de2f561c9 100644 --- a/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr +++ b/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr @@ -479,7 +479,7 @@ global TUBE_PROOF_LENGTH: u32 = RECURSIVE_PROOF_LENGTH; // in the future these c global HONK_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 128; -global CLIENT_IVC_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 143; +global CLIENT_IVC_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 143; //mega? // VK is composed of // - circuit size encoded as a fr field element (32 bytes) // - num of inputs encoded as a fr field element (32 bytes) From b49f67027d39840e514ff5f7755c17736a90d9ef Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 1 Nov 2024 10:52:57 +0000 Subject: [PATCH 06/13] ? --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 11 ++++------- .../src/barretenberg/client_ivc/client_ivc.cpp | 16 ++++++++-------- .../client_ivc_recursive_verifier.cpp | 4 ++-- yarn-project/bb-prover/src/bb/execute.ts | 10 ++-------- 4 files changed, 16 insertions(+), 25 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index de26c965c13..a4e62a513b3 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -585,10 +585,11 @@ void prove_tube(const std::string& output_path) // these public inputs by turning proof into witnesses and call // set_public on each witness // auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); - // info(num_public_inputs); // I think the problem here is that thereareno public inputs // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments - // info(num_public_inputs); + // // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments + // info("Number of public inputs after subtracting stuff: ", + // num_public_inputs); // I think the problem here is that thereareno public inputs + // // info(num_public_inputs); // for (size_t i = 0; i < num_public_inputs; i++) { // auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; // builder->add_public_variable(proof.ultra_proof[i + offset]); @@ -599,10 +600,6 @@ void prove_tube(const std::string& output_path) // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): Add aggregation to goblin recursive verifiers. // This is currently just setting the aggregation object to the default one. - AggregationObjectIndices current_aggregation_object = - stdlib::recursion::init_default_agg_obj_indices(*builder); - - builder->add_recursive_proof(current_aggregation_object); using Prover = UltraProver_; using Verifier = UltraVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 514c444c7b2..0591e498e4c 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -224,18 +224,18 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() // Free the accumulator to save memory fold_output.accumulator = nullptr; - auto num_public_inputs = static_cast(static_cast(fold_proof[1])); - num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments - + // auto num_public_inputs = static_cast(static_cast(fold_proof[1])); + // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments + // info("num_public_inputs ofth e last folding proof ", num_public_inputs); ClientCircuit builder{ goblin.op_queue }; goblin.verify_merge(builder, merge_verification_queue[0]); merge_verification_queue.clear(); - for (size_t i = 0; i < num_public_inputs; i++) { - size_t offset = 3; - builder.add_public_variable(fold_proof[i + offset]); - } + // for (size_t i = 0; i < num_public_inputs; i++) { + // size_t offset = 3; + // builder.add_public_variable(fold_proof[i + offset]); + // } // Construct stdlib accumulator, vkey and proof auto stdlib_verifier_accumulator = diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 92cca3b6243..9907ef6e33a 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -10,6 +10,8 @@ namespace bb::stdlib::recursion::honk { */ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) { + info("number of public inputs in ultra proof: ", + static_cast(static_cast(proof.ultra_proof[1]))); // Construct stdlib mega verification key auto stdlib_mega_vk = std::make_shared(builder.get(), verifier_input.mega_verification_key); @@ -21,8 +23,6 @@ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) // Perform recursive decider verification MegaVerifier verifier{ builder.get(), stdlib_mega_vk }; verifier.verify_proof(proof.ultra_proof, agg_obj); - info("number of public inputs in ultra proof: ", - static_cast(static_cast(proof.ultra_proof[1]))); // Perform Goblin recursive verification GoblinVerifier goblin_verifier{ builder.get(), verifier_input.goblin_input }; diff --git a/yarn-project/bb-prover/src/bb/execute.ts b/yarn-project/bb-prover/src/bb/execute.ts index 06a35aa1b61..94b3eee149b 100644 --- a/yarn-project/bb-prover/src/bb/execute.ts +++ b/yarn-project/bb-prover/src/bb/execute.ts @@ -444,12 +444,7 @@ export async function generateTubeProof( } try { - if ( - !filePresent(vkPath) || - !filePresent(proofPath) || - !filePresent(translatorVkPath) || - !filePresent(eccVkPath) - ) { + if (!filePresent(vkPath) || !filePresent(proofPath) || !filePresent(translatorVkPath) || !filePresent(eccVkPath)) { return { status: BB_RESULT.FAILURE, reason: `Client IVC input files not present in ${workingDirectory}` }; } const args = ['-o', outputPath, '-v']; @@ -643,7 +638,6 @@ export async function verifyClientIvcProof( const args = ['-o', targetPath]; const timer = new Timer(); const command = 'verify_client_ivc'; - console.log("Client IVC args ",args); const result = await executeBB(pathToBB, command, args, log); const duration = timer.ms(); if (result.status == BB_RESULT.SUCCESS) { @@ -746,7 +740,7 @@ export async function writeVkAsFields( * @param pathToBB - The full path to the bb binary * @param proofPath - The directory containing the binary proof * @param proofFileName - The filename of the proof - * @param vkFileName - The filename of the verification key + * @param vkFileName - The filename oFailed to verify proof from key!f the verification key * @param log - A logging function * @returns An object containing a result indication and duration taken */ From d7acf20a46f934677c1567039160f8c6a03fd76d Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 1 Nov 2024 12:20:57 +0000 Subject: [PATCH 07/13] ? --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 4 ++++ .../cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp | 1 + yarn-project/bb-prover/src/prover/bb_prover.ts | 1 + yarn-project/circuits.js/src/structs/client_ivc_proof.ts | 9 ++------- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index a4e62a513b3..b43b0a10bcd 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -598,6 +598,10 @@ void prove_tube(const std::string& output_path) verifier.verify(proof); + AggregationObjectIndices current_aggregation_object = + stdlib::recursion::init_default_agg_obj_indices(*builder); + + builder->add_recursive_proof(current_aggregation_object); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): Add aggregation to goblin recursive verifiers. // This is currently just setting the aggregation object to the default one. diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index f8807a67c68..8e914534ab0 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -14,6 +14,7 @@ template bool UltraVerifier_::verify_proof(const HonkP using FF = typename Flavor::FF; transcript = std::make_shared(proof); + info("am I here at all?"); OinkVerifier oink_verifier{ verification_key, transcript }; oink_verifier.verify(); diff --git a/yarn-project/bb-prover/src/prover/bb_prover.ts b/yarn-project/bb-prover/src/prover/bb_prover.ts index 490a037f64a..3c06f5b832e 100644 --- a/yarn-project/bb-prover/src/prover/bb_prover.ts +++ b/yarn-project/bb-prover/src/prover/bb_prover.ts @@ -905,6 +905,7 @@ export class BBNativeRollupProver implements ServerCircuitProver { fs.readFile(proofFilename), fs.readFile(proofFieldsFilename, { encoding: 'utf-8' }), ]); + logger.debug('HERE'); const json = JSON.parse(proofString); diff --git a/yarn-project/circuits.js/src/structs/client_ivc_proof.ts b/yarn-project/circuits.js/src/structs/client_ivc_proof.ts index 7b0e5b523f8..52562c221b5 100644 --- a/yarn-project/circuits.js/src/structs/client_ivc_proof.ts +++ b/yarn-project/circuits.js/src/structs/client_ivc_proof.ts @@ -57,7 +57,7 @@ export class ClientIvcProof { async writeToOutputDirectory(directory: string) { const { megaVkBuffer, clientIvcProofBuffer, translatorVkBuffer, eccVkBuffer } = this; const fileData = [ - ['mega_vk', this.megaVkBuffer], + ['mega_vk', megaVkBuffer], ['client_ivc_proof', clientIvcProofBuffer], ['translator_vk', translatorVkBuffer], ['ecc_vk', eccVkBuffer], @@ -67,12 +67,7 @@ export class ClientIvcProof { static fromBuffer(buffer: Buffer | BufferReader): ClientIvcProof { const reader = BufferReader.asReader(buffer); - return new ClientIvcProof( - reader.readBuffer(), - reader.readBuffer(), - reader.readBuffer(), - reader.readBuffer(), - ); + return new ClientIvcProof(reader.readBuffer(), reader.readBuffer(), reader.readBuffer(), reader.readBuffer()); } public toBuffer() { From 45050960b0198e8bd5796437ba31bf5e6a71ba18 Mon Sep 17 00:00:00 2001 From: maramihali Date: Fri, 1 Nov 2024 14:46:12 +0000 Subject: [PATCH 08/13] it works? --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 23 ++++++++++--------- .../barretenberg/client_ivc/client_ivc.cpp | 16 ++++++------- .../client_ivc_recursive_verifier.cpp | 2 -- 3 files changed, 20 insertions(+), 21 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index b43b0a10bcd..2fb3714dda3 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -546,6 +546,7 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, */ void prove_tube(const std::string& output_path) { + vinfo("PLEASE BE HERE"); using ClientIVC = stdlib::recursion::honk::ClientIVCRecursiveVerifier; using StackHonkVK = typename MegaFlavor::VerificationKey; using ECCVMVk = ECCVMFlavor::VerificationKey; @@ -579,21 +580,21 @@ void prove_tube(const std::string& output_path) GoblinVerifierInput goblin_verifier_input{ eccvm_vk, translator_vk }; VerifierInput input{ final_stack_vk, goblin_verifier_input }; auto builder = std::make_shared(); - info("here"); + vinfo("here"); // Padding needed for sending the right number of public inputs // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use // these public inputs by turning proof into witnesses and call // set_public on each witness - // auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); - // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - // // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments - // info("Number of public inputs after subtracting stuff: ", - // num_public_inputs); // I think the problem here is that thereareno public inputs - // // info(num_public_inputs); - // for (size_t i = 0; i < num_public_inputs; i++) { - // auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; - // builder->add_public_variable(proof.ultra_proof[i + offset]); - // } + auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); + num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments + vinfo("Number of public inputs after subtracting stuff in mega proof: ", + num_public_inputs); // I think the problem here is that thereareno public inputs + // info(num_public_inputs); + for (size_t i = 0; i < num_public_inputs; i++) { + auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; + builder->add_public_variable(proof.ultra_proof[i + offset]); + } ClientIVC verifier{ builder, input }; verifier.verify(proof); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 0591e498e4c..ff89310731e 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -224,18 +224,18 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() // Free the accumulator to save memory fold_output.accumulator = nullptr; - // auto num_public_inputs = static_cast(static_cast(fold_proof[1])); - // num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments - // info("num_public_inputs ofth e last folding proof ", num_public_inputs); + auto num_public_inputs = static_cast(static_cast(fold_proof[1])); + num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments + vinfo("num_public_inputs of the last folding proof ", num_public_inputs); ClientCircuit builder{ goblin.op_queue }; goblin.verify_merge(builder, merge_verification_queue[0]); merge_verification_queue.clear(); - // for (size_t i = 0; i < num_public_inputs; i++) { - // size_t offset = 3; - // builder.add_public_variable(fold_proof[i + offset]); - // } + for (size_t i = 0; i < num_public_inputs; i++) { + size_t offset = 3; + builder.add_public_variable(fold_proof[i + offset]); + } // Construct stdlib accumulator, vkey and proof auto stdlib_verifier_accumulator = diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 9907ef6e33a..d6c5aa0f256 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -10,8 +10,6 @@ namespace bb::stdlib::recursion::honk { */ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) { - info("number of public inputs in ultra proof: ", - static_cast(static_cast(proof.ultra_proof[1]))); // Construct stdlib mega verification key auto stdlib_mega_vk = std::make_shared(builder.get(), verifier_input.mega_verification_key); From 734dacaaf9c616d28e6dfed9062dff1f71657335 Mon Sep 17 00:00:00 2001 From: maramihali Date: Mon, 4 Nov 2024 12:10:36 +0000 Subject: [PATCH 09/13] still passes, a bit of cleanup --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 16 +++--- .../barretenberg/client_ivc/client_ivc.cpp | 53 +++++++++++-------- .../barretenberg/client_ivc/client_ivc.hpp | 9 ++-- .../client_ivc_recursive_verifier.cpp | 6 +-- .../client_ivc_recursive_verifier.test.cpp | 8 +-- .../barretenberg/ultra_honk/oink_prover.cpp | 1 - .../crates/types/src/constants.nr | 4 +- yarn-project/bb-prover/src/bb/execute.ts | 2 +- .../bb-prover/src/prover/bb_prover.ts | 1 - .../src/client_ivc_integration.test.ts | 2 +- 10 files changed, 50 insertions(+), 52 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 2fb3714dda3..8c9c13178ae 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -583,17 +583,15 @@ void prove_tube(const std::string& output_path) vinfo("here"); // Padding needed for sending the right number of public inputs // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use - // these public inputs by turning proof into witnesses and call - // set_public on each witness - auto num_public_inputs = static_cast(static_cast(proof.ultra_proof[1])); + // these public inputs by turning proof into witnesses and calling set_public on each witness + auto num_public_inputs = static_cast(static_cast(proof.mega_proof[1])); + vinfo("Number of public inputs BEFORE subtracting stuff in mega proof: ", num_public_inputs); num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments - vinfo("Number of public inputs after subtracting stuff in mega proof: ", - num_public_inputs); // I think the problem here is that thereareno public inputs - // info(num_public_inputs); + // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments? + vinfo("Number of public inputs after subtracting stuff in mega proof: ", num_public_inputs); for (size_t i = 0; i < num_public_inputs; i++) { auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; - builder->add_public_variable(proof.ultra_proof[i + offset]); + builder->add_public_variable(proof.mega_proof[i + offset]); } ClientIVC verifier{ builder, input }; @@ -602,9 +600,9 @@ void prove_tube(const std::string& output_path) AggregationObjectIndices current_aggregation_object = stdlib::recursion::init_default_agg_obj_indices(*builder); - builder->add_recursive_proof(current_aggregation_object); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): Add aggregation to goblin recursive verifiers. // This is currently just setting the aggregation object to the default one. + builder->add_recursive_proof(current_aggregation_object); using Prover = UltraProver_; using Verifier = UltraVerifier_; diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index ff89310731e..082258b1d6a 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -213,31 +213,43 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr(static_cast(fold_proof[1])); - num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object + vinfo("num_public_inputs of the last folding proof BEFORE SUBTRACTION", num_public_inputs); + num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // exclude aggregation object num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments vinfo("num_public_inputs of the last folding proof ", num_public_inputs); - ClientCircuit builder{ goblin.op_queue }; - goblin.verify_merge(builder, merge_verification_queue[0]); - merge_verification_queue.clear(); - for (size_t i = 0; i < num_public_inputs; i++) { size_t offset = 3; builder.add_public_variable(fold_proof[i + offset]); } - // Construct stdlib accumulator, vkey and proof + goblin.verify_merge(builder, merge_verification_queue[0]); + merge_verification_queue.clear(); + + // Construct stdlib accumulator, decider vkey and folding proof auto stdlib_verifier_accumulator = std::make_shared(&builder, verifier_accumulator); @@ -246,29 +258,27 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() auto stdlib_proof = bb::convert_proof_to_witness(&builder, fold_proof); - // Perform recursive folding verification + // Perform recursive folding verification oft he la FoldingRecursiveVerifier folding_verifier{ &builder, stdlib_verifier_accumulator, { stdlib_decider_vk } }; auto recursive_verifier_accumulator = folding_verifier.verify_folding_proof(stdlib_proof); auto native_verifier_acc = std::make_shared(recursive_verifier_accumulator->get_value()); verification_queue.clear(); + // Perform recursive decider verification DeciderRecursiveVerifier decider{ &builder, native_verifier_acc }; decider.verify_proof(decider_proof); - // TODO: proper aggregation builder.add_recursive_proof(stdlib::recursion::init_default_agg_obj_indices(builder)); + // Construct the last merge proof for the present circuit and add to merge verification queue MergeProof merge_proof = goblin.prove_merge(builder); merge_verification_queue.emplace_back(merge_proof); - auto decider_pk = std::make_shared(builder); // finalises here + auto decider_pk = std::make_shared(builder); honk_vk = std::make_shared(decider_pk->proving_key); UltraProver prover(decider_pk); - // info("circuit size of proving key: ", decider_pk->proving_key.circuit_size); - // info("circuit size of vk: ", honk_vk->circuit_size); - // Add assert equal here? + HonkProof proof = prover.construct_proof(); - // Construct merge proof for the present circuit and add to merge verification queue return proof; } @@ -280,11 +290,10 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() */ ClientIVC::Proof ClientIVC::prove() { - HonkProof ultra_proof = construct_and_prove_hiding_circuit(); + HonkProof mega_proof = construct_and_prove_stealth_circuit(); ASSERT(merge_verification_queue.size() == 1); // ensure only a single merge proof remains in the queue MergeProof& merge_proof = merge_verification_queue[0]; - // merge here - return { ultra_proof, goblin.prove(merge_proof) }; + return { mega_proof, goblin.prove(merge_proof) }; }; bool ClientIVC::verify(const Proof& proof, @@ -294,9 +303,9 @@ bool ClientIVC::verify(const Proof& proof, { UltraVerifier verifer{ ultra_vk }; - bool ultra_verified = verifer.verify_proof(proof.ultra_proof); + bool ultra_verified = verifer.verify_proof(proof.mega_proof); vinfo("Ultra verified: ", ultra_verified); - // Goblin verification (merge, eccvm, translator) + // Goblin verification (final merge, eccvm, translator) GoblinVerifier goblin_verifier{ eccvm_vk, translator_vk }; bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); vinfo("Goblin verified: ", goblin_verified); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index 43e03b8eb60..678014a9965 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -59,12 +59,12 @@ class ClientIVC { // A full proof for the IVC scheme struct Proof { - HonkProof ultra_proof; + HonkProof mega_proof; GoblinProof goblin_proof; - size_t size() const { return ultra_proof.size() + goblin_proof.size(); } + size_t size() const { return mega_proof.size() + goblin_proof.size(); } - MSGPACK_FIELDS(ultra_proof, goblin_proof); + MSGPACK_FIELDS(mega_proof, goblin_proof); }; enum class QUEUE_TYPE { OINK, PG }; // for specifying type of proof in the verification queue @@ -146,9 +146,8 @@ class ClientIVC { Proof prove(); - HonkProof construct_and_prove_hiding_circuit(); + HonkProof construct_and_prove_stealth_circuit(); - // why do we want this static member function? static bool verify(const Proof& proof, const std::shared_ptr& ultra_vk, const std::shared_ptr& eccvm_vk, diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index d6c5aa0f256..19a6b2b104d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -13,14 +13,14 @@ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) // Construct stdlib mega verification key auto stdlib_mega_vk = std::make_shared(builder.get(), verifier_input.mega_verification_key); + + // Dummy aggregation object until we do proper aggregation aggregation_state agg_obj = init_default_aggregation_state(*builder); - // do something with public inputs here? - // // Perform recursive decider verification MegaVerifier verifier{ builder.get(), stdlib_mega_vk }; - verifier.verify_proof(proof.ultra_proof, agg_obj); + verifier.verify_proof(proof.mega_proof, agg_obj); // Perform Goblin recursive verification GoblinVerifier goblin_verifier{ builder.get(), verifier_input.goblin_input }; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index 66c5844e9ee..cb68696eb65 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -65,12 +65,6 @@ TEST_F(ClientIVCRecursionTests, NativeVerification) ivc.auto_verify_mode = true; auto [proof, verifier_input] = construct_client_ivc_prover_output(ivc); - // Construct the set of native decider vks to be processed by the folding verifier - // std::vector> keys{ verifier_input.fold_input.accumulator }; - // for (auto vk : verifier_input.fold_input.decider_vks) { - // keys.emplace_back(std::make_shared(vk)); - // } - // Confirm that the IVC proof can be natively verified EXPECT_TRUE(ivc.verify(proof)); } @@ -88,7 +82,7 @@ TEST_F(ClientIVCRecursionTests, Basic) // Construct the ClientIVC recursive verifier auto builder = std::make_shared(); - // builder->add_recursive_proof(stdlib::recursion::init_default_agg_obj_indices(*builder)); + ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index 2804f29be03..b9279d2a5ae 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -70,7 +70,6 @@ template void OinkProver::execute_preamble_round( { PROFILE_THIS_NAME("OinkProver::execute_preamble_round"); const auto circuit_size = static_cast(proving_key->proving_key.circuit_size); - // info("in oink prover: ", circuit_size); const auto num_public_inputs = static_cast(proving_key->proving_key.num_public_inputs); transcript->send_to_verifier(domain_separator + "circuit_size", circuit_size); transcript->send_to_verifier(domain_separator + "public_input_size", num_public_inputs); diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr b/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr index 12de2f561c9..42b3d129340 100644 --- a/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr +++ b/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr @@ -477,9 +477,9 @@ global RECURSIVE_PROOF_LENGTH: u32 = 463; global NESTED_RECURSIVE_PROOF_LENGTH: u32 = 463; global TUBE_PROOF_LENGTH: u32 = RECURSIVE_PROOF_LENGTH; // in the future these can differ -global HONK_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 128; +global HONK_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 128; // size of an Ultra verification key -global CLIENT_IVC_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 143; //mega? +global CLIENT_IVC_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 143; // size of a Mega verification key // VK is composed of // - circuit size encoded as a fr field element (32 bytes) // - num of inputs encoded as a fr field element (32 bytes) diff --git a/yarn-project/bb-prover/src/bb/execute.ts b/yarn-project/bb-prover/src/bb/execute.ts index 94b3eee149b..def069771ba 100644 --- a/yarn-project/bb-prover/src/bb/execute.ts +++ b/yarn-project/bb-prover/src/bb/execute.ts @@ -740,7 +740,7 @@ export async function writeVkAsFields( * @param pathToBB - The full path to the bb binary * @param proofPath - The directory containing the binary proof * @param proofFileName - The filename of the proof - * @param vkFileName - The filename oFailed to verify proof from key!f the verification key + * @param vkFileName - The filename of the verification key * @param log - A logging function * @returns An object containing a result indication and duration taken */ diff --git a/yarn-project/bb-prover/src/prover/bb_prover.ts b/yarn-project/bb-prover/src/prover/bb_prover.ts index 3c06f5b832e..490a037f64a 100644 --- a/yarn-project/bb-prover/src/prover/bb_prover.ts +++ b/yarn-project/bb-prover/src/prover/bb_prover.ts @@ -905,7 +905,6 @@ export class BBNativeRollupProver implements ServerCircuitProver { fs.readFile(proofFilename), fs.readFile(proofFieldsFilename, { encoding: 'utf-8' }), ]); - logger.debug('HERE'); const json = JSON.parse(proofString); diff --git a/yarn-project/ivc-integration/src/client_ivc_integration.test.ts b/yarn-project/ivc-integration/src/client_ivc_integration.test.ts index 244a726e2d9..1a8409f3588 100644 --- a/yarn-project/ivc-integration/src/client_ivc_integration.test.ts +++ b/yarn-project/ivc-integration/src/client_ivc_integration.test.ts @@ -1,4 +1,4 @@ - import { BB_RESULT, executeBbClientIvcProof, verifyClientIvcProof } from '@aztec/bb-prover'; +import { BB_RESULT, executeBbClientIvcProof, verifyClientIvcProof } from '@aztec/bb-prover'; import { ClientIvcProof } from '@aztec/circuits.js'; import { createDebugLogger } from '@aztec/foundation/log'; From 95b8cc5e49cd5783b4468019ac54c7ec6adaf16c Mon Sep 17 00:00:00 2001 From: maramihali Date: Mon, 4 Nov 2024 14:00:05 +0000 Subject: [PATCH 10/13] more cleanup --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 18 ++++++------------ .../src/barretenberg/client_ivc/client_ivc.cpp | 12 ++++++------ .../src/barretenberg/client_ivc/client_ivc.hpp | 12 +++++++++--- .../client_ivc_recursive_verifier.cpp | 2 +- .../client_ivc_recursive_verifier.test.cpp | 1 - .../barretenberg/ultra_honk/oink_verifier.cpp | 2 -- .../barretenberg/ultra_honk/ultra_verifier.cpp | 1 - 7 files changed, 22 insertions(+), 26 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 8c9c13178ae..e3a17d7e4e3 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -431,7 +431,6 @@ bool verify_client_ivc(const std::filesystem::path& proof_path, std::make_shared>(eccvm_vk->circuit_size + 1); const auto translator_vk = read_to_shared_ptr(translator_vk_path); translator_vk->pcs_verification_key = std::make_shared>(); - info("here"); const bool verified = ClientIVC::verify(proof, final_vk, eccvm_vk, translator_vk); vinfo("verified: ", verified); return verified; @@ -526,7 +525,6 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, std::string eccVkPath = outputPath + "/ecc_vk"; auto proof = ivc.prove(); - info("client ivc proof length ", proof.size()); auto eccvm_vk = std::make_shared(ivc.goblin.get_eccvm_proving_key()); auto translator_vk = std::make_shared(ivc.goblin.get_translator_proving_key()); vinfo("ensure valid proof: ", ivc.verify(proof)); @@ -546,7 +544,6 @@ void client_ivc_prove_output_all(const std::string& bytecodePath, */ void prove_tube(const std::string& output_path) { - vinfo("PLEASE BE HERE"); using ClientIVC = stdlib::recursion::honk::ClientIVCRecursiveVerifier; using StackHonkVK = typename MegaFlavor::VerificationKey; using ECCVMVk = ECCVMFlavor::VerificationKey; @@ -567,8 +564,7 @@ void prove_tube(const std::string& output_path) // Read the proof and verification data from given files auto proof = from_buffer(read_file(proofPath)); - std::shared_ptr final_stack_vk = - std::make_shared(from_buffer(read_file(vkPath))); + std::shared_ptr mega_vk = std::make_shared(from_buffer(read_file(vkPath))); std::shared_ptr translator_vk = std::make_shared(from_buffer(read_file(translatorVkPath))); std::shared_ptr eccvm_vk = std::make_shared(from_buffer(read_file(eccVkPath))); @@ -578,17 +574,16 @@ void prove_tube(const std::string& output_path) eccvm_vk->pcs_verification_key = std::make_shared(eccvm_vk->circuit_size + 1); GoblinVerifierInput goblin_verifier_input{ eccvm_vk, translator_vk }; - VerifierInput input{ final_stack_vk, goblin_verifier_input }; + VerifierInput input{ mega_vk, goblin_verifier_input }; auto builder = std::make_shared(); - vinfo("here"); - // Padding needed for sending the right number of public inputs + + // Preserve the public inputs that should be passed to the base rollup by making them public inputs to the tube + // circuit // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use // these public inputs by turning proof into witnesses and calling set_public on each witness auto num_public_inputs = static_cast(static_cast(proof.mega_proof[1])); - vinfo("Number of public inputs BEFORE subtracting stuff in mega proof: ", num_public_inputs); num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object - // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments? - vinfo("Number of public inputs after subtracting stuff in mega proof: ", num_public_inputs); + for (size_t i = 0; i < num_public_inputs; i++) { auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; builder->add_public_variable(proof.mega_proof[i + offset]); @@ -608,7 +603,6 @@ void prove_tube(const std::string& output_path) using Verifier = UltraVerifier_; Prover tube_prover{ *builder }; auto tube_proof = tube_prover.construct_proof(); - info("tube proof length ", tube_proof.size()); std::string tubeProofPath = output_path + "/proof"; write_file(tubeProofPath, to_buffer(tube_proof)); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 082258b1d6a..e66a44b2864 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -18,7 +18,7 @@ void ClientIVC::instantiate_stdlib_verification_queue( { bool vkeys_provided = !input_keys.empty(); if (vkeys_provided && verification_queue.size() != input_keys.size()) { - // info("Warning: Incorrect number of verification keys provided in stdlib verification queue instantiation."); + info("Warning: Incorrect number of verification keys provided in stdlib verification queue instantiation."); ASSERT(false); } @@ -159,7 +159,6 @@ void ClientIVC::complete_kernel_circuit_logic(ClientCircuit& circuit) void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr& precomputed_vk, bool mock_vk) { if (auto_verify_mode && circuit.databus_propagation_data.is_kernel) { - info("we are never here I assume?"); complete_kernel_circuit_logic(circuit); } @@ -215,7 +214,7 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr(builder); honk_vk = std::make_shared(decider_pk->proving_key); - UltraProver prover(decider_pk); + MegaProver prover(decider_pk); HonkProof proof = prover.construct_proof(); @@ -302,9 +301,10 @@ bool ClientIVC::verify(const Proof& proof, const std::shared_ptr& translator_vk) { - UltraVerifier verifer{ ultra_vk }; + // Verify the stealth circuit proof + MegaVerifier verifer{ ultra_vk }; bool ultra_verified = verifer.verify_proof(proof.mega_proof); - vinfo("Ultra verified: ", ultra_verified); + vinfo("Mega verified: ", ultra_verified); // Goblin verification (final merge, eccvm, translator) GoblinVerifier goblin_verifier{ eccvm_vk, translator_vk }; bool goblin_verified = goblin_verifier.verify(proof.goblin_proof); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index 678014a9965..6683e017ad1 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -42,8 +42,8 @@ class ClientIVC { using FoldingVerifier = ProtogalaxyVerifier_; using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey; using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey; - using UltraProver = UltraProver_; - using UltraVerifier = UltraVerifier_; + using MegaProver = UltraProver_; + using MegaVerifier = UltraVerifier_; using RecursiveFlavor = MegaRecursiveFlavor_; using RecursiveDeciderVerificationKeys = @@ -57,7 +57,13 @@ class ClientIVC { using DataBusDepot = stdlib::DataBusDepot; - // A full proof for the IVC scheme + /** + * @brief A full proof for the IVC scheme containing a Mega proof showing correctness of the stealth circuit (which + * recursive verified the last folding and decider proof) and a Goblin proof (translator VM, ECCVM and last merge + * proof). + * + * @details This proof will be zero-knowledge. + */ struct Proof { HonkProof mega_proof; GoblinProof goblin_proof; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp index 19a6b2b104d..15f7ce40f3d 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.cpp @@ -10,7 +10,7 @@ namespace bb::stdlib::recursion::honk { */ void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof) { - // Construct stdlib mega verification key + // Construct stdlib Mega verification key auto stdlib_mega_vk = std::make_shared(builder.get(), verifier_input.mega_verification_key); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp index cb68696eb65..8191014292b 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/client_ivc_verifier/client_ivc_recursive_verifier.test.cpp @@ -82,7 +82,6 @@ TEST_F(ClientIVCRecursionTests, Basic) // Construct the ClientIVC recursive verifier auto builder = std::make_shared(); - ClientIVCVerifier verifier{ builder, verifier_input }; // Generate the recursive verification circuit diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index fe0f4c9e9b5..227fa145a44 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -38,8 +38,6 @@ template void OinkVerifier::execute_preamble_roun transcript->template receive_from_prover(domain_separator + "pub_inputs_offset"); if (circuit_size != verification_key->verification_key->circuit_size) { - // info(circuit_size); - // info(verification_key->verification_key->circuit_size); throw_or_abort("OinkVerifier::execute_preamble_round: proof circuit size does not match verification key!"); } if (public_input_size != verification_key->verification_key->num_public_inputs) { diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 8e914534ab0..f8807a67c68 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -14,7 +14,6 @@ template bool UltraVerifier_::verify_proof(const HonkP using FF = typename Flavor::FF; transcript = std::make_shared(proof); - info("am I here at all?"); OinkVerifier oink_verifier{ verification_key, transcript }; oink_verifier.verify(); From 3e8d1a6baa649ce1e4782d8687b1688a3b64d698 Mon Sep 17 00:00:00 2001 From: maramihali Date: Mon, 4 Nov 2024 14:04:46 +0000 Subject: [PATCH 11/13] rename --- .../cpp/src/barretenberg/client_ivc/client_ivc.cpp | 10 +++++----- .../cpp/src/barretenberg/client_ivc/client_ivc.hpp | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index e66a44b2864..5184192f526 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -213,13 +213,13 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr(static_cast(fold_proof[1])); @@ -289,7 +289,7 @@ HonkProof ClientIVC::construct_and_prove_stealth_circuit() */ ClientIVC::Proof ClientIVC::prove() { - HonkProof mega_proof = construct_and_prove_stealth_circuit(); + HonkProof mega_proof = construct_and_prove_hiding_circuit(); ASSERT(merge_verification_queue.size() == 1); // ensure only a single merge proof remains in the queue MergeProof& merge_proof = merge_verification_queue[0]; return { mega_proof, goblin.prove(merge_proof) }; @@ -301,7 +301,7 @@ bool ClientIVC::verify(const Proof& proof, const std::shared_ptr& translator_vk) { - // Verify the stealth circuit proof + // Verify the hiding circuit proof MegaVerifier verifer{ ultra_vk }; bool ultra_verified = verifer.verify_proof(proof.mega_proof); vinfo("Mega verified: ", ultra_verified); diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp index 6683e017ad1..ce735a207be 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp @@ -58,7 +58,7 @@ class ClientIVC { using DataBusDepot = stdlib::DataBusDepot; /** - * @brief A full proof for the IVC scheme containing a Mega proof showing correctness of the stealth circuit (which + * @brief A full proof for the IVC scheme containing a Mega proof showing correctness of the hiding circuit (which * recursive verified the last folding and decider proof) and a Goblin proof (translator VM, ECCVM and last merge * proof). * @@ -152,7 +152,7 @@ class ClientIVC { Proof prove(); - HonkProof construct_and_prove_stealth_circuit(); + HonkProof construct_and_prove_hiding_circuit(); static bool verify(const Proof& proof, const std::shared_ptr& ultra_vk, From 16d37544b26a8b2a26d7ccb59f7c7e39abed1d55 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 5 Nov 2024 12:12:06 +0000 Subject: [PATCH 12/13] resolve review comments --- barretenberg/cpp/src/barretenberg/bb/main.cpp | 2 +- .../cpp/src/barretenberg/client_ivc/client_ivc.cpp | 12 +++++------- .../dsl/acir_format/honk_recursion_constraint.cpp | 6 +++--- .../barretenberg/dsl/acir_format/proof_surgeon.hpp | 13 +++++-------- barretenberg/cpp/src/barretenberg/goblin/goblin.hpp | 3 --- .../barretenberg/honk/proof_system/types/proof.hpp | 6 ++++++ .../honk_verifier/decider_recursive_verifier.hpp | 11 +++++++++++ 7 files changed, 31 insertions(+), 22 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp index 34abeb7a7dd..a0d5ed3743b 100644 --- a/barretenberg/cpp/src/barretenberg/bb/main.cpp +++ b/barretenberg/cpp/src/barretenberg/bb/main.cpp @@ -591,7 +591,7 @@ void prove_tube(const std::string& output_path) num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object for (size_t i = 0; i < num_public_inputs; i++) { - auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET; + auto offset = bb::HONK_PROOF_PUBLIC_INPUT_OFFSET; builder->add_public_variable(proof.mega_proof[i + offset]); } ClientIVC verifier{ builder, input }; diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp index 5184192f526..cb354199c06 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp @@ -235,18 +235,17 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() // circuit. So, these have to be preserved as public inputs to the hiding circuit (and, subsequently, as public // inputs to the tube circuit) which are intermediate stages. // TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): link these properly, likely insecure - auto num_public_inputs = static_cast(static_cast(fold_proof[1])); + auto num_public_inputs = static_cast(static_cast(fold_proof[PUBLIC_INPUTS_SIZE_INDEX])); vinfo("num_public_inputs of the last folding proof BEFORE SUBTRACTION", num_public_inputs); num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // exclude aggregation object num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments vinfo("num_public_inputs of the last folding proof ", num_public_inputs); for (size_t i = 0; i < num_public_inputs; i++) { - size_t offset = 3; + size_t offset = HONK_PROOF_PUBLIC_INPUT_OFFSET; builder.add_public_variable(fold_proof[i + offset]); } - goblin.verify_merge(builder, merge_verification_queue[0]); - merge_verification_queue.clear(); + process_recursive_merge_verification_queue(builder); // Construct stdlib accumulator, decider vkey and folding proof auto stdlib_verifier_accumulator = @@ -257,14 +256,13 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit() auto stdlib_proof = bb::convert_proof_to_witness(&builder, fold_proof); - // Perform recursive folding verification oft he la + // Perform recursive folding verification of the last folding proof FoldingRecursiveVerifier folding_verifier{ &builder, stdlib_verifier_accumulator, { stdlib_decider_vk } }; auto recursive_verifier_accumulator = folding_verifier.verify_folding_proof(stdlib_proof); - auto native_verifier_acc = std::make_shared(recursive_verifier_accumulator->get_value()); verification_queue.clear(); // Perform recursive decider verification - DeciderRecursiveVerifier decider{ &builder, native_verifier_acc }; + DeciderRecursiveVerifier decider{ &builder, recursive_verifier_accumulator }; decider.verify_proof(decider_proof); builder.add_recursive_proof(stdlib::recursion::init_default_agg_obj_indices(builder)); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.cpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.cpp index 8543c86acfb..a5d03784986 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.cpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.cpp @@ -40,13 +40,13 @@ void create_dummy_vkey_and_proof(Builder& builder, // Set vkey->circuit_size correctly based on the proof size size_t num_frs_comm = bb::field_conversion::calc_num_bn254_frs(); size_t num_frs_fr = bb::field_conversion::calc_num_bn254_frs(); - assert((proof_size - HONK_RECURSION_PUBLIC_INPUT_OFFSET - Flavor::NUM_WITNESS_ENTITIES * num_frs_comm - + assert((proof_size - bb::HONK_PROOF_PUBLIC_INPUT_OFFSET - Flavor::NUM_WITNESS_ENTITIES * num_frs_comm - Flavor::NUM_ALL_ENTITIES * num_frs_fr - num_frs_comm) % (num_frs_comm + num_frs_fr * (Flavor::BATCHED_RELATION_PARTIAL_LENGTH + 1)) == 0); // Note: this computation should always result in log_circuit_size = CONST_PROOF_SIZE_LOG_N auto log_circuit_size = - (proof_size - HONK_RECURSION_PUBLIC_INPUT_OFFSET - Flavor::NUM_WITNESS_ENTITIES * num_frs_comm - + (proof_size - bb::HONK_PROOF_PUBLIC_INPUT_OFFSET - Flavor::NUM_WITNESS_ENTITIES * num_frs_comm - Flavor::NUM_ALL_ENTITIES * num_frs_fr - num_frs_comm) / (num_frs_comm + num_frs_fr * (Flavor::BATCHED_RELATION_PARTIAL_LENGTH + 1)); // First key field is circuit size @@ -76,7 +76,7 @@ void create_dummy_vkey_and_proof(Builder& builder, offset += 4; } - offset = HONK_RECURSION_PUBLIC_INPUT_OFFSET; + offset = bb::HONK_PROOF_PUBLIC_INPUT_OFFSET; // first 3 things builder.assert_equal(builder.add_variable(1 << log_circuit_size), proof_fields[0].witness_index); builder.assert_equal(builder.add_variable(public_inputs_size), proof_fields[1].witness_index); diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_format/proof_surgeon.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_format/proof_surgeon.hpp index d6877def5de..0a614f98c35 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_format/proof_surgeon.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_format/proof_surgeon.hpp @@ -10,9 +10,6 @@ namespace acir_format { -// Where the public inputs start within a proof (after circuit_size, num_pub_inputs, pub_input_offset) -static constexpr size_t HONK_RECURSION_PUBLIC_INPUT_OFFSET = 3; - class ProofSurgeon { using FF = bb::fr; @@ -71,9 +68,9 @@ class ProofSurgeon { proof.reserve(proof_in.size() + public_inputs.size()); // Construct the complete proof as the concatenation {"initial data" | public_inputs | proof_in} - proof.insert(proof.end(), proof_in.begin(), proof_in.begin() + HONK_RECURSION_PUBLIC_INPUT_OFFSET); + proof.insert(proof.end(), proof_in.begin(), proof_in.begin() + bb::HONK_PROOF_PUBLIC_INPUT_OFFSET); proof.insert(proof.end(), public_inputs.begin(), public_inputs.end()); - proof.insert(proof.end(), proof_in.begin() + HONK_RECURSION_PUBLIC_INPUT_OFFSET, proof_in.end()); + proof.insert(proof.end(), proof_in.begin() + bb::HONK_PROOF_PUBLIC_INPUT_OFFSET, proof_in.end()); return proof; } @@ -90,10 +87,10 @@ class ProofSurgeon { { // Construct iterators pointing to the start and end of the public inputs within the proof auto pub_inputs_begin_itr = - proof_witnesses.begin() + static_cast(HONK_RECURSION_PUBLIC_INPUT_OFFSET); + proof_witnesses.begin() + static_cast(bb::HONK_PROOF_PUBLIC_INPUT_OFFSET); auto pub_inputs_end_itr = proof_witnesses.begin() + - static_cast(HONK_RECURSION_PUBLIC_INPUT_OFFSET + num_public_inputs_to_extract); + static_cast(bb::HONK_PROOF_PUBLIC_INPUT_OFFSET + num_public_inputs_to_extract); // Construct the isolated public inputs std::vector public_input_witnesses{ pub_inputs_begin_itr, pub_inputs_end_itr }; @@ -117,7 +114,7 @@ class ProofSurgeon { std::vector public_input_witness_indices; public_input_witness_indices.reserve(num_public_inputs_to_extract); - const size_t start = HONK_RECURSION_PUBLIC_INPUT_OFFSET; + const size_t start = bb::HONK_PROOF_PUBLIC_INPUT_OFFSET; const size_t end = start + num_public_inputs_to_extract; for (size_t i = start; i < end; ++i) { public_input_witness_indices.push_back(proof[i].get_witness_index()); diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp index b66c8dc466d..fcfd0d78913 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp @@ -287,11 +287,9 @@ class GoblinVerifier { { MergeVerifier merge_verifier; bool merge_verified = merge_verifier.verify_proof(proof.merge_proof); - vinfo("Merge verified: ", merge_verified); ECCVMVerifier eccvm_verifier(eccvm_verification_key); bool eccvm_verified = eccvm_verifier.verify_proof(proof.eccvm_proof); - vinfo("ECCVM verified: ", eccvm_verified); TranslatorVerifier translator_verifier(translator_verification_key, eccvm_verifier.transcript); @@ -299,7 +297,6 @@ class GoblinVerifier { // TODO(https://github.com/AztecProtocol/barretenberg/issues/799): Ensure translation_evaluations are passed // correctly bool translation_verified = translator_verifier.verify_translation(proof.translation_evaluations); - vinfo("Translator verified: ", translation_verified, " ", accumulator_construction_verified); return merge_verified && eccvm_verified && accumulator_construction_verified && translation_verified; }; diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/types/proof.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/types/proof.hpp index a20111a69be..297c5c2abbc 100644 --- a/barretenberg/cpp/src/barretenberg/honk/proof_system/types/proof.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/proof_system/types/proof.hpp @@ -5,6 +5,12 @@ namespace bb { +// Where the public inputs start within a proof (after circuit_size, num_pub_inputs, pub_input_offset) +static constexpr size_t HONK_PROOF_PUBLIC_INPUT_OFFSET = 3; + +// Where the number of public inputs is specified in a proof +static constexpr size_t PUBLIC_INPUTS_SIZE_INDEX = 1; + using HonkProof = std::vector; // this can be fr? template using StdlibProof = std::vector>; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp index b4b8cec6690..398925da947 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp @@ -26,6 +26,17 @@ template class DeciderRecursiveVerifier_ { : builder(builder) , accumulator(std::make_shared(builder, accumulator)){}; + explicit DeciderRecursiveVerifier_(Builder* builder, std::shared_ptr accumulator) + : builder(builder) + { + if (this->builder == accumulator->builder) { + this->accumulator = std::move(accumulator); + } else { + this->accumulator = std::make_shared( + this->builder, std::make_shared(accumulator->get_value())); + } + } + PairingPoints verify_proof(const HonkProof& proof); std::shared_ptr pcs_verification_key; From 8cbf615c66f9f9266f4436217cfc9cc9fb096662 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 5 Nov 2024 16:46:56 +0000 Subject: [PATCH 13/13] add extra comment --- .../stdlib/honk_verifier/decider_recursive_verifier.hpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp index 398925da947..409159fd764 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_verifier/decider_recursive_verifier.hpp @@ -26,6 +26,15 @@ template class DeciderRecursiveVerifier_ { : builder(builder) , accumulator(std::make_shared(builder, accumulator)){}; + /** + * @brief Construct a decider recursive verifier directly from a stdlib accumulator, returned by a prior iteration + * of a recursive folding verifier. This is only appropriate when the two verifiers are part of the same builder, + * otherwise the constructor above should be used which instantiatesn a recursive vk from a native one in the + * verifier's builder context. + * + * @param builder + * @param accumulator + */ explicit DeciderRecursiveVerifier_(Builder* builder, std::shared_ptr accumulator) : builder(builder) {