Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: recursive verifier for decider and last folding proof #9626

Merged
merged 16 commits into from
Nov 5, 2024
Merged
Prev Previous commit
Next Next commit
rename
maramihali committed Nov 4, 2024
commit 3e8d1a6baa649ce1e4782d8687b1688a3b64d698
10 changes: 5 additions & 5 deletions barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp
Original file line number Diff line number Diff line change
@@ -213,13 +213,13 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr<Verific
}

/**
* @brief Construct the stealth circuit, which recursively verifies the last folding proof and decider proof, and
* @brief Construct the hiding circuit, which recursively verifies the last folding proof and decider proof, and
* then produce a proof of the circuit's correctness with MegaHonk.
*
* @details The aim of this intermediate stage is to reduce the cost of producing a zero-knowledge ClientIVCProof.
* @return HonkProof - a Mega proof
*/
HonkProof ClientIVC::construct_and_prove_stealth_circuit()
HonkProof ClientIVC::construct_and_prove_hiding_circuit()
{
max_block_size_tracker.print(); // print minimum structured sizes for each block
ASSERT(verification_queue.size() == 1); // ensure only a single fold proof remains in the queue
@@ -232,7 +232,7 @@ HonkProof ClientIVC::construct_and_prove_stealth_circuit()

ClientCircuit builder{ goblin.op_queue };
// The last circuit being folded is a kernel circuit whose public inputs need to be passed to the base rollup
// circuit. So, these have to be preserved as public inputs to the stealth circuit (and, subsequently, as public
// circuit. So, these have to be preserved as public inputs to the hiding circuit (and, subsequently, as public
// inputs to the tube circuit) which are intermediate stages.
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): link these properly, likely insecure
auto num_public_inputs = static_cast<uint32_t>(static_cast<uint256_t>(fold_proof[1]));
@@ -289,7 +289,7 @@ HonkProof ClientIVC::construct_and_prove_stealth_circuit()
*/
ClientIVC::Proof ClientIVC::prove()
{
HonkProof mega_proof = construct_and_prove_stealth_circuit();
HonkProof mega_proof = construct_and_prove_hiding_circuit();
ASSERT(merge_verification_queue.size() == 1); // ensure only a single merge proof remains in the queue
MergeProof& merge_proof = merge_verification_queue[0];
return { mega_proof, goblin.prove(merge_proof) };
@@ -301,7 +301,7 @@ bool ClientIVC::verify(const Proof& proof,
const std::shared_ptr<ClientIVC::TranslatorVerificationKey>& translator_vk)
{

// Verify the stealth circuit proof
// Verify the hiding circuit proof
MegaVerifier verifer{ ultra_vk };
bool ultra_verified = verifer.verify_proof(proof.mega_proof);
vinfo("Mega verified: ", ultra_verified);
4 changes: 2 additions & 2 deletions barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp
Original file line number Diff line number Diff line change
@@ -58,7 +58,7 @@ class ClientIVC {
using DataBusDepot = stdlib::DataBusDepot<ClientCircuit>;

/**
* @brief A full proof for the IVC scheme containing a Mega proof showing correctness of the stealth circuit (which
* @brief A full proof for the IVC scheme containing a Mega proof showing correctness of the hiding circuit (which
* recursive verified the last folding and decider proof) and a Goblin proof (translator VM, ECCVM and last merge
* proof).
*
@@ -152,7 +152,7 @@ class ClientIVC {

Proof prove();

HonkProof construct_and_prove_stealth_circuit();
HonkProof construct_and_prove_hiding_circuit();

static bool verify(const Proof& proof,
const std::shared_ptr<VerificationKey>& ultra_vk,