Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: recursive verifier for decider and last folding proof #9626

Merged
merged 16 commits into from
Nov 5, 2024
Prev Previous commit
Next Next commit
it works?
maramihali committed Nov 1, 2024
commit 45050960b0198e8bd5796437ba31bf5e6a71ba18
23 changes: 12 additions & 11 deletions barretenberg/cpp/src/barretenberg/bb/main.cpp
Original file line number Diff line number Diff line change
@@ -546,6 +546,7 @@ void client_ivc_prove_output_all(const std::string& bytecodePath,
*/
void prove_tube(const std::string& output_path)
{
vinfo("PLEASE BE HERE");
using ClientIVC = stdlib::recursion::honk::ClientIVCRecursiveVerifier;
using StackHonkVK = typename MegaFlavor::VerificationKey;
using ECCVMVk = ECCVMFlavor::VerificationKey;
@@ -579,21 +580,21 @@ void prove_tube(const std::string& output_path)
GoblinVerifierInput goblin_verifier_input{ eccvm_vk, translator_vk };
VerifierInput input{ final_stack_vk, goblin_verifier_input };
auto builder = std::make_shared<Builder>();
info("here");
vinfo("here");
// Padding needed for sending the right number of public inputs
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1048): INSECURE - make this tube proof actually use
// these public inputs by turning proof into witnesses and call
// set_public on each witness
// auto num_public_inputs = static_cast<uint32_t>(static_cast<uint256_t>(proof.ultra_proof[1]));
// num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object
// // num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments
// info("Number of public inputs after subtracting stuff: ",
// num_public_inputs); // I think the problem here is that thereareno public inputs
// // info(num_public_inputs);
// for (size_t i = 0; i < num_public_inputs; i++) {
// auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET;
// builder->add_public_variable(proof.ultra_proof[i + offset]);
// }
auto num_public_inputs = static_cast<uint32_t>(static_cast<uint256_t>(proof.ultra_proof[1]));
num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object
Copy link
Contributor Author

@maramihali maramihali Nov 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding is that, at least atm, there are no DATABUS commitments anymore at this stage

// num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments
vinfo("Number of public inputs after subtracting stuff in mega proof: ",
num_public_inputs); // I think the problem here is that thereareno public inputs
// info(num_public_inputs);
for (size_t i = 0; i < num_public_inputs; i++) {
auto offset = acir_format::HONK_RECURSION_PUBLIC_INPUT_OFFSET;
builder->add_public_variable(proof.ultra_proof[i + offset]);
}
ClientIVC verifier{ builder, input };

verifier.verify(proof);
16 changes: 8 additions & 8 deletions barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp
Original file line number Diff line number Diff line change
@@ -224,18 +224,18 @@ HonkProof ClientIVC::construct_and_prove_hiding_circuit()
// Free the accumulator to save memory
fold_output.accumulator = nullptr;

// auto num_public_inputs = static_cast<uint32_t>(static_cast<uint256_t>(fold_proof[1]));
// num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object
// num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments
// info("num_public_inputs ofth e last folding proof ", num_public_inputs);
auto num_public_inputs = static_cast<uint32_t>(static_cast<uint256_t>(fold_proof[1]));
num_public_inputs -= bb::AGGREGATION_OBJECT_SIZE; // don't add the agg object
num_public_inputs -= bb::PROPAGATED_DATABUS_COMMITMENTS_SIZE; // exclude propagated databus commitments
vinfo("num_public_inputs of the last folding proof ", num_public_inputs);
ClientCircuit builder{ goblin.op_queue };
goblin.verify_merge(builder, merge_verification_queue[0]);
merge_verification_queue.clear();

// for (size_t i = 0; i < num_public_inputs; i++) {
// size_t offset = 3;
// builder.add_public_variable(fold_proof[i + offset]);
// }
for (size_t i = 0; i < num_public_inputs; i++) {
size_t offset = 3;
maramihali marked this conversation as resolved.
Show resolved Hide resolved
builder.add_public_variable(fold_proof[i + offset]);
}

// Construct stdlib accumulator, vkey and proof
auto stdlib_verifier_accumulator =
Original file line number Diff line number Diff line change
@@ -10,8 +10,6 @@ namespace bb::stdlib::recursion::honk {
*/
void ClientIVCRecursiveVerifier::verify(const ClientIVC::Proof& proof)
{
info("number of public inputs in ultra proof: ",
static_cast<uint32_t>(static_cast<uint256_t>(proof.ultra_proof[1])));
// Construct stdlib mega verification key
auto stdlib_mega_vk =
std::make_shared<RecursiveVerificationKey>(builder.get(), verifier_input.mega_verification_key);