new work queue hooked up everywhere excluding shplonk

cpp/src/barretenberg/honk/proof_system/prover.cpp

@@ -5,6 +5,7 @@
 #include "barretenberg/honk/sumcheck/sumcheck.hpp"
 #include <array>
 #include "barretenberg/honk/sumcheck/polynomials/univariate.hpp" // will go away
+#include "barretenberg/honk/transcript/transcript.hpp"
 #include "barretenberg/honk/utils/power_polynomial.hpp"
 #include "barretenberg/honk/pcs/commitment_key.hpp"
 #include <memory>
@@ -39,13 +40,13 @@ using POLYNOMIAL = proof_system::honk::StandardArithmetization::POLYNOMIAL;
  * */
 template <typename settings>
 Prover<settings>::Prover(std::vector<barretenberg::polynomial>&& wire_polys,
-                         std::shared_ptr<plonk::proving_key> input_key)
+                         const std::shared_ptr<plonk::proving_key> input_key)
     : wire_polynomials(wire_polys)
     , key(input_key)
     , commitment_key(std::make_unique<pcs::kzg::CommitmentKey>(
           input_key->circuit_size,
           "../srs_db/ignition")) // TODO(Cody): Need better constructors for prover.
-// , queue(proving_key.get(), &transcript)
+    , queue(key, transcript, commitment_key)
 {
     // Note(luke): This could be done programmatically with some hacks but this isnt too bad and its nice to see the
     // polys laid out explicitly.
@@ -75,16 +76,16 @@ Prover<settings>::Prover(std::vector<barretenberg::polynomial>&& wire_polys,
 }
 
 /**
- * - Commit to wires 1,2,3
+ * - Add commitment to wires 1,2,3 to work queue
  * - Add PI to transcript (I guess PI will stay in w_2 for now?)
  *
  * */
 template <typename settings> void Prover<settings>::compute_wire_commitments()
 {
     for (size_t i = 0; i < settings::Arithmetization::num_wires; ++i) {
-        auto commitment = commitment_key->commit(wire_polynomials[i]);
-
-        transcript.send_to_verifier("W_" + std::to_string(i + 1), commitment);
+        queue.add_to_queue({ .work_type = WorkType::SCALAR_MULTIPLICATION,
+                             .mul_scalars = wire_polynomials[i],
+                             .label = "W_" + std::to_string(i + 1) });
     }
 }
 
@@ -94,8 +95,6 @@ template <typename settings> void Prover<settings>::compute_wire_commitments()
  * */
 template <typename settings> void Prover<settings>::execute_preamble_round()
 {
-    // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
-
     const auto circuit_size = static_cast<uint32_t>(key->circuit_size);
     const auto num_public_inputs = static_cast<uint32_t>(key->num_public_inputs);
 
@@ -113,7 +112,6 @@ template <typename settings> void Prover<settings>::execute_preamble_round()
  * */
 template <typename settings> void Prover<settings>::execute_wire_commitments_round()
 {
-    // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
     compute_wire_commitments();
 }
 
@@ -131,8 +129,6 @@ template <typename settings> void Prover<settings>::execute_tables_round()
  * */
 template <typename settings> void Prover<settings>::execute_grand_product_computation_round()
 {
-    // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
-
     // Compute and store parameters required by relations in Sumcheck
     auto [beta, gamma] = transcript.get_challenges("beta", "gamma");
 
@@ -147,9 +143,8 @@ template <typename settings> void Prover<settings>::execute_grand_product_comput
     z_permutation =
         prover_library::compute_permutation_grand_product<settings::program_width>(key, wire_polynomials, beta, gamma);
 
-    auto commitment = commitment_key->commit(z_permutation);
-
-    transcript.send_to_verifier("Z_PERM", commitment);
+    queue.add_to_queue(
+        { .work_type = WorkType::SCALAR_MULTIPLICATION, .mul_scalars = z_permutation, .label = "Z_PERM" });
 
     prover_polynomials[POLYNOMIAL::Z_PERM] = z_permutation;
     prover_polynomials[POLYNOMIAL::Z_PERM_SHIFT] = z_permutation.shifted();
@@ -162,8 +157,6 @@ template <typename settings> void Prover<settings>::execute_grand_product_comput
  * */
 template <typename settings> void Prover<settings>::execute_relation_check_rounds()
 {
-    // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
-
     using Sumcheck = sumcheck::Sumcheck<Fr,
                                         ProverTranscript<Fr>,
                                         sumcheck::ArithmeticRelation,
@@ -197,22 +190,15 @@ template <typename settings> void Prover<settings>::execute_univariatization_rou
     Polynomial batched_poly_to_be_shifted(key->circuit_size); // batched to-be-shifted polynomials
     batched_poly_to_be_shifted.add_scaled(prover_polynomials[POLYNOMIAL::Z_PERM], rhos[NUM_UNSHIFTED_POLYS]);
 
-    // // Reserve space for d+1 Fold polynomials. At the end of this round, the last d-1 polynomials will
-    // // correspond to Fold^(i). At the end of the full Gemini prover protocol, the first two will
-    // // be the partially evaluated Fold polynomials Fold_{r}^(0) and Fold_{-r}^(0).
-    // fold_polynomials.reserve(key->log_circuit_size + 1);
-    // fold_polynomials.emplace_back(batched_poly_unshifted);
-    // fold_polynomials.emplace_back(batched_poly_to_be_shifted);
-
     // Compute d-1 polynomials Fold^(i), i = 1, ..., d-1.
     fold_polynomials = Gemini::compute_fold_polynomials(
         sumcheck_output.challenge_point, std::move(batched_poly_unshifted), std::move(batched_poly_to_be_shifted));
 
     // Compute and add to trasnscript the commitments [Fold^(i)], i = 1, ..., d-1
     for (size_t l = 0; l < key->log_circuit_size - 1; ++l) {
-        std::string label = "Gemini:FOLD_" + std::to_string(l + 1);
-        auto commitment = commitment_key->commit(fold_polynomials[l + 2]);
-        transcript.send_to_verifier(label, commitment);
+        queue.add_to_queue({ .work_type = WorkType::SCALAR_MULTIPLICATION,
+                             .mul_scalars = fold_polynomials[l + 2],
+                             .label = "Gemini:FOLD_" + std::to_string(l + 1) });
     }
 }
 
@@ -282,34 +268,30 @@ template <typename settings> plonk::proof& Prover<settings>::construct_proof()
 {
     // Add circuit size and public input size to transcript.
     execute_preamble_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
     // Compute wire commitments; Add PI to transcript
     execute_wire_commitments_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
+    queue.process_queue();
 
     // Currently a no-op; may execute some "random widgets", commit to W_4, do RAM/ROM stuff
     // if this prover structure is kept when we bring tables to Honk.
     // Suggestion: Maybe we shouldn't mix and match proof creation for different systems and
     // instead instatiate construct_proof differently for each?
     execute_tables_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
     // Fiat-Shamir: beta & gamma
     // Compute grand product(s) and commitments.
     execute_grand_product_computation_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
+    queue.process_queue();
 
     // Fiat-Shamir: alpha
     // Run sumcheck subprotocol.
     execute_relation_check_rounds();
-    // // queue currently only handles commitments, not partial multivariate evaluations.
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
 
     // Fiat-Shamir: rho
     // Compute Fold polynomials and their commitments.
     execute_univariatization_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
+    queue.process_queue();
 
     // Fiat-Shamir: r
     // Compute Fold evaluations
@@ -324,9 +306,6 @@ template <typename settings> plonk::proof& Prover<settings>::construct_proof()
     // Fiat-Shamir: z
     // Compute KZG quotient commitment
     execute_kzg_round();
-    // queue.process_queue(); // NOTE: Don't remove; we may reinstate the queue
-
-    // queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue
 
     return export_proof();
 }

cpp/src/barretenberg/honk/proof_system/prover.hpp

@@ -24,6 +24,7 @@
 #include <string>
 #include "barretenberg/honk/pcs/claim.hpp"
 #include "barretenberg/honk/proof_system/prover_library.hpp"
+#include "barretenberg/honk/proof_system/work_queue.hpp"
 
 namespace proof_system::honk {
 
@@ -72,21 +73,7 @@ template <typename settings> class Prover {
     // Container for d + 1 Fold polynomials produced by Gemini
     std::vector<Polynomial> fold_polynomials;
 
-    Polynomial batched_quotient_Q;
-    Fr nu_challenge;
-
-    // Honk only needs a small portion of the functionality but may be fine to use existing work_queue
-    // NOTE: this is not currently in use, but it may well be used in the future.
-    // TODO(Adrian): Uncomment when we need this again.
-    // proof_system::work_queue queue;
-    // void flush_queued_work_items() { queue.flush_queue(); }
-    // proof_system::work_queue::work_item_info get_queued_work_item_info() const {
-    //     return queue.get_queued_work_item_info();
-    // }
-    // size_t get_scalar_multiplication_size(const size_t work_item_number) const
-    // {
-    //     return queue.get_scalar_multiplication_size(work_item_number);
-    // }
+    work_queue<pcs::kzg::Params> queue;
 
     // This makes 'settings' accesible from Prover
     using settings_ = settings;

cpp/src/barretenberg/honk/proof_system/work_queue.hpp

@@ -0,0 +1,138 @@
+#pragma once
+
+#include "barretenberg/honk/transcript/transcript.hpp"
+#include "barretenberg/plonk/proof_system/proving_key/proving_key.hpp"
+#include <cstddef>
+#include <memory>
+
+namespace proof_system::honk {
+
+// Currently only one type of work queue operation but there will likely be others related to Sumcheck
+enum WorkType { SCALAR_MULTIPLICATION };
+
+template <typename Params> class work_queue {
+
+    using CommitmentKey = typename Params::CK;
+    using FF = typename Params::Fr;
+    using Commitment = typename Params::C;
+
+  public:
+    struct work_item_info {
+        uint32_t num_scalar_multiplications;
+    };
+
+    struct work_item {
+        WorkType work_type = SCALAR_MULTIPLICATION;
+        std::span<FF> mul_scalars;
+        std::string label;
+    };
+
+    explicit work_queue(std::shared_ptr<proof_system::plonk::proving_key>& proving_key,
+                        proof_system::honk::ProverTranscript<FF>& prover_transcript,
+                        std::shared_ptr<CommitmentKey>& commitment_key)
+        : key(proving_key)
+        , transcript(prover_transcript)
+        , commitment_key(commitment_key){};
+
+    work_queue(const work_queue& other) = default;
+    work_queue(work_queue&& other) noexcept = default;
+    work_queue& operator=(const work_queue& other) = delete;
+    work_queue& operator=(work_queue&& other) = delete;
+    ~work_queue() = default;
+
+    [[nodiscard]] work_item_info get_queued_work_item_info() const
+    {
+        uint32_t scalar_mul_count = 0;
+        for (const auto& item : work_item_queue) {
+            if (item.work_type == WorkType::SCALAR_MULTIPLICATION) {
+                ++scalar_mul_count;
+            }
+        }
+        return work_item_info{ scalar_mul_count };
+    };
+
+    [[nodiscard]] FF* get_scalar_multiplication_data(size_t work_item_number) const
+    {
+        size_t count = 0;
+        for (const auto& item : work_item_queue) {
+            if (item.work_type == WorkType::SCALAR_MULTIPLICATION) {
+                if (count == work_item_number) {
+                    return const_cast<FF*>(item.mul_scalars.data());
+                }
+                ++count;
+            }
+        }
+        return nullptr;
+    };
+
+    [[nodiscard]] size_t get_scalar_multiplication_size(size_t work_item_number) const
+    {
+        size_t count = 0;
+        for (const auto& item : work_item_queue) {
+            if (item.work_type == WorkType::SCALAR_MULTIPLICATION) {
+                if (count == work_item_number) {
+                    return item.mul_scalars.size();
+                }
+                ++count;
+            }
+        }
+        return 0;
+    };
+
+    void put_scalar_multiplication_data(const Commitment& result, size_t work_item_number)
+    {
+        size_t count = 0;
+        for (const auto& item : work_item_queue) {
+            if (item.work_type == WorkType::SCALAR_MULTIPLICATION) {
+                if (count == work_item_number) {
+                    transcript.send_to_verifier(item.label, result);
+                    return;
+                }
+                ++count;
+            }
+        }
+    };
+
+    void flush_queue() { work_item_queue = std::vector<work_item>(); };
+
+    void add_to_queue(const work_item& item)
+    {
+        // Note: currently no difference between wasm and native but may be in the future
+#if defined(__wasm__)
+        work_item_queue.push_back(item);
+#else
+        work_item_queue.push_back(item);
+#endif
+    };
+
+    void process_queue()
+    {
+        for (const auto& item : work_item_queue) {
+            switch (item.work_type) {
+
+            case WorkType::SCALAR_MULTIPLICATION: {
+
+                // Run pippenger multi-scalar multiplication.
+                auto commitment = commitment_key->commit(item.mul_scalars);
+
+                transcript.send_to_verifier(item.label, commitment);
+
+                break;
+            }
+            default: {
+            }
+            }
+        }
+        work_item_queue = std::vector<work_item>();
+    };
+
+    [[nodiscard]] std::vector<work_item> get_queue() const { return work_item_queue; };
+
+  private:
+    std::shared_ptr<proof_system::plonk::proving_key> key;
+    // TODO(luke): Consider handling all transcript interactions in the prover rather than embedding them in the queue.
+    proof_system::honk::ProverTranscript<FF>& transcript;
+    std::shared_ptr<CommitmentKey>& commitment_key;
+    std::vector<work_item> work_item_queue;
+};
+} // namespace proof_system::honk