Cg/move to shared

cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.cpp

@@ -1,6 +1,6 @@
 #include "standard_honk_composer_helper.hpp"
 #include "barretenberg/polynomials/polynomial.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 #include "barretenberg/honk/pcs/commitment_key.hpp"
 #include "barretenberg/numeric/bitop/get_msb.hpp"
 

cpp/src/barretenberg/honk/composer/composer_helper/standard_honk_composer_helper.hpp

@@ -5,13 +5,13 @@
 #include "barretenberg/proof_system/proving_key/proving_key.hpp"
 #include "barretenberg/honk/proof_system/prover.hpp"
 #include "barretenberg/honk/proof_system/verifier.hpp"
-#include "barretenberg/honk/circuit_constructors/standard_circuit_constructor.hpp"
+#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp"
 #include "barretenberg/honk/pcs/commitment_key.hpp"
 #include "barretenberg/proof_system/verification_key/verification_key.hpp"
 #include "barretenberg/plonk/proof_system/verifier/verifier.hpp"
 #include "barretenberg/proof_system/composer/composer_base.hpp"
-#include "composer_helper_lib.hpp"
-#include "permutation_helper.hpp"
+#include "barretenberg/proof_system/composer/composer_helper_lib.hpp"
+#include "barretenberg/proof_system/composer/permutation_helper.hpp"
 
 #include <utility>
 

cpp/src/barretenberg/honk/composer/standard_honk_composer.hpp

@@ -1,10 +1,10 @@
 #pragma once
 
 #include "composer_helper/standard_honk_composer_helper.hpp"
-#include "barretenberg/honk/circuit_constructors/standard_circuit_constructor.hpp"
+#include "barretenberg/proof_system/circuit_constructors/standard_circuit_constructor.hpp"
 #include "barretenberg/srs/reference_string/file_reference_string.hpp"
 #include "barretenberg/transcript/manifest.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 
 namespace honk {
 /**

cpp/src/barretenberg/honk/composer/standard_honk_composer.test.cpp

@@ -1,7 +1,7 @@
 #include "standard_honk_composer.hpp"
 #include "barretenberg/honk/sumcheck/relations/relation.hpp"
 #include "barretenberg/numeric/uint256/uint256.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 #include <cstdint>
 #include "barretenberg/honk/proof_system/prover.hpp"
 #include "barretenberg/honk/sumcheck/sumcheck_round.hpp"
@@ -347,7 +347,7 @@ TEST(StandardHonkComposer, SumcheckRelationCorrectness)
         .public_input_delta = public_input_delta,
     };
 
-    constexpr size_t num_polynomials = bonk::StandardArithmetization::NUM_POLYNOMIALS;
+    constexpr size_t num_polynomials = honk::StandardArithmetization::NUM_POLYNOMIALS;
     // Compute grand product polynomial (now all the necessary polynomials are inside the proving key)
     polynomial z_perm_poly = prover.compute_grand_product_polynomial(beta, gamma);
 
@@ -357,7 +357,7 @@ TEST(StandardHonkComposer, SumcheckRelationCorrectness)
     // in the list below
     std::array<std::span<const fr>, num_polynomials> evaluations_array;
 
-    using POLYNOMIAL = bonk::StandardArithmetization::POLYNOMIAL;
+    using POLYNOMIAL = honk::StandardArithmetization::POLYNOMIAL;
     evaluations_array[POLYNOMIAL::W_L] = prover.wire_polynomials[0];
     evaluations_array[POLYNOMIAL::W_R] = prover.wire_polynomials[1];
     evaluations_array[POLYNOMIAL::W_O] = prover.wire_polynomials[2];

cpp/src/barretenberg/honk/flavor/flavor.hpp

@@ -0,0 +1,188 @@
+#pragma once
+#include <array>
+#include <string>
+#include "barretenberg/common/log.hpp"
+#include "barretenberg/transcript/manifest.hpp"
+
+namespace honk {
+// TODO(Cody) This _should_ be shared with Plonk, but it isn't.
+struct StandardArithmetization {
+    /**
+     * @brief All of the multivariate polynomials used by the Standard Honk Prover.
+     * @details The polynomials are broken into three categories: precomputed, witness, and shifted.
+     * This separation must be maintained to allow for programmatic access, but the ordering of the
+     * polynomials can be permuted within each category if necessary. Polynomials can also be added
+     * or removed (assuming consistency with the prover algorithm) but the constants describing the
+     * number of poynomials in each category must be manually updated.
+     *
+     */
+    enum POLYNOMIAL {
+        /* --- PRECOMPUTED POLYNOMIALS --- */
+        Q_C,
+        Q_L,
+        Q_R,
+        Q_O,
+        Q_M,
+        SIGMA_1,
+        SIGMA_2,
+        SIGMA_3,
+        ID_1,
+        ID_2,
+        ID_3,
+        LAGRANGE_FIRST,
+        LAGRANGE_LAST, // = LAGRANGE_N-1 whithout ZK, but can be less
+        /* --- WITNESS POLYNOMIALS --- */
+        W_L,
+        W_R,
+        W_O,
+        Z_PERM,
+        /* --- SHIFTED POLYNOMIALS --- */
+        Z_PERM_SHIFT,
+        /* --- --- */
+        COUNT // for programmatic determination of NUM_POLYNOMIALS
+    };
+
+    static constexpr size_t NUM_POLYNOMIALS = POLYNOMIAL::COUNT;
+    static constexpr size_t NUM_SHIFTED_POLYNOMIALS = 1;
+    static constexpr size_t NUM_PRECOMPUTED_POLYNOMIALS = 13;
+    static constexpr size_t NUM_UNSHIFTED_POLYNOMIALS = NUM_POLYNOMIALS - NUM_SHIFTED_POLYNOMIALS;
+
+    // *** WARNING: The order of this array must be manually updated to match POLYNOMIAL enum ***
+    // TODO(luke): This is a temporary measure to associate the above enum with sting tags. Its only needed because
+    // the
+    // polynomials/commitments in the prover/verifier are stored in maps. This storage could be converted to simple
+    // arrays at which point these string tags can be removed.
+    inline static const std::array<std::string, 18> ENUM_TO_COMM = {
+        "Q_C",           "Q_1",     "Q_2",  "Q_3",  "Q_M",    "SIGMA_1",
+        "SIGMA_2",       "SIGMA_3", "ID_1", "ID_2", "ID_3",   "LAGRANGE_FIRST",
+        "LAGRANGE_LAST", "W_1",     "W_2",  "W_3",  "Z_PERM", "Z_PERM_SHIFT"
+    };
+};
+} // namespace honk
+
+namespace honk {
+struct StandardHonk {
+  public:
+    using Arithmetization = honk::StandardArithmetization;
+    using MULTIVARIATE = Arithmetization::POLYNOMIAL;
+    // // TODO(Cody): Where to specify? is this polynomial manifest size?
+    // static constexpr size_t STANDARD_HONK_MANIFEST_SIZE = 16;
+    // TODO(Cody): Maybe relation should be supplied and this should be computed as is done in sumcheck?
+    // Then honk::StandardHonk (or whatever we rename it) would become an alias for a Honk flavor with a
+    // certain set of parameters, including the relations?
+    static constexpr size_t MAX_RELATION_LENGTH = 5;
+
+    // TODO(Cody): should extract this from the parameter pack. Maybe that should be done here?
+
+    // num_sumcheck_rounds = 1 if using quotient polynomials, otherwise = number of sumcheck rounds
+    static transcript::Manifest create_manifest(const size_t num_public_inputs, const size_t num_sumcheck_rounds = 1)
+    {
+        constexpr size_t g1_size = 64;
+        constexpr size_t fr_size = 32;
+        const size_t public_input_size = fr_size * num_public_inputs;
+        // clang-format off
+        /*  A RoundManifest describes data that will be put in or extracted from a transcript.
+            Here we have (1 + 7 + num_sumcheck_rounds)-many RoundManifests. */
+        std::vector<transcript::Manifest::RoundManifest> manifest_rounds;
+
+        // Round 0
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            {
+              { .name = "circuit_size",      .num_bytes = 4, .derived_by_verifier = true },
+              { .name = "public_input_size", .num_bytes = 4, .derived_by_verifier = true }
+            },
+            /* challenge_name = */ "init",
+            /* num_challenges_in = */ 1));
+
+        // Round 1
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            { /* this is a noop */ },
+            /* challenge_name = */ "eta",
+            /* num_challenges_in = */ 0));
+
+        // Round 2
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            {
+              { .name = "public_inputs", .num_bytes = public_input_size, .derived_by_verifier = false },
+              { .name = "W_1",           .num_bytes = g1_size,           .derived_by_verifier = false },
+              { .name = "W_2",           .num_bytes = g1_size,           .derived_by_verifier = false },
+              { .name = "W_3",           .num_bytes = g1_size,           .derived_by_verifier = false },
+            },
+            /* challenge_name = */ "beta",
+            /* num_challenges_in = */ 2) // also produce "gamma"
+        );
+
+        // Round 3
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            { { .name = "Z_PERM", .num_bytes = g1_size, .derived_by_verifier = false } },
+            /* challenge_name = */ "alpha",
+            /* num_challenges_in = */ 2)
+        );
+
+        // Rounds 4, ... 4 + num_sumcheck_rounds-1
+        for (size_t i = 0; i < num_sumcheck_rounds; i++) {
+            auto label = std::to_string(i);
+            manifest_rounds.emplace_back(
+                transcript::Manifest::RoundManifest(
+            {
+              { .name = "univariate_" + label, .num_bytes = fr_size * honk::StandardHonk::MAX_RELATION_LENGTH, .derived_by_verifier = false }
+            },
+            /* challenge_name = */ "u_" + label,
+            /* num_challenges_in = */ 1));
+        }
+
+        // Round 5 + num_sumcheck_rounds
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            {
+              { .name = "multivariate_evaluations",     .num_bytes = fr_size * honk::StandardArithmetization::NUM_POLYNOMIALS, .derived_by_verifier = false, .challenge_map_index = 0 },
+            },
+            /* challenge_name = */ "rho",
+            /* num_challenges_in = */ 1)); /* TODO(Cody): magic number! Where should this be specified? */
+
+        // Rounds 6 + num_sumcheck_rounds, ... , 6 + 2 * num_sumcheck_rounds - 1
+        std::vector<transcript::Manifest::ManifestEntry> fold_commitment_entries;
+        for (size_t i = 1; i < num_sumcheck_rounds; i++) {
+            fold_commitment_entries.emplace_back(transcript::Manifest::ManifestEntry(
+              { .name = "FOLD_" + std::to_string(i), .num_bytes = g1_size, .derived_by_verifier = false }));
+        };
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            fold_commitment_entries,
+            /* challenge_name = */ "r",
+            /* num_challenges_in */ 1));
+
+        // Rounds 6 + 2 * num_sumcheck_rounds, ..., 6 + 3 * num_sumcheck_rounds
+        std::vector<transcript::Manifest::ManifestEntry> gemini_evaluation_entries;
+        for (size_t i = 0; i < num_sumcheck_rounds; i++) {
+            gemini_evaluation_entries.emplace_back(transcript::Manifest::ManifestEntry(
+            { .name = "a_" + std::to_string(i), .num_bytes = fr_size, .derived_by_verifier = false }));
+        };
+        manifest_rounds.emplace_back(transcript::Manifest::RoundManifest(
+            gemini_evaluation_entries,
+            /* challenge_name = */ "nu",
+            /* num_challenges_in */ 1));
+
+        // Round 7 + 3 * num_sumcheck_rounds
+        manifest_rounds.emplace_back(
+            transcript::Manifest::RoundManifest(
+            {
+              { .name = "Q", .num_bytes = g1_size, .derived_by_verifier = false }
+            },
+            /* challenge_name = */ "z",
+            /* num_challenges_in */ 1));
+
+        // Round 8 + 3 * num_sumcheck_rounds
+        manifest_rounds.emplace_back(
+            transcript::Manifest::RoundManifest(
+            {
+              { .name = "W", .num_bytes = g1_size, .derived_by_verifier = false }
+            },
+            /* challenge_name = */ "separator",
+            /* num_challenges_in */ 1));
+
+        // clang-format on
+
+        auto output = transcript::Manifest(manifest_rounds);
+        return output;
+    }
+};
+} // namespace honk

cpp/src/barretenberg/honk/flavor/flavor.test.cpp

@@ -0,0 +1,30 @@
+#include "flavor.hpp"
+
+#include <gtest/gtest.h>
+
+namespace test_flavor {
+
+// // TODO(Cody) This seems like a good idea, but I'm not sure why.
+// TEST(Flavor, StandardArithmetization){
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_L, 0);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_R, 1);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::W_O, 2);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Z_PERM, 3);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Z_PERM_SHIFT, 4);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_M, 5);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_L, 6);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_R, 7);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_O, 8);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::Q_C, 9);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_1, 10);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_2, 11);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::SIGMA_3, 12);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_1, 13);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_2, 14);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::ID_3, 15);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::LAGRANGE_FIRST, 16);
+//     EXPECT_EQ(StandardArithmetization::MULTIVARIATE::COUNT, 17);
+
+// }
+
+} // namespace test_flavor

cpp/src/barretenberg/honk/proof_system/program_settings.hpp

@@ -4,7 +4,7 @@
 
 #include "../../transcript/transcript_wrappers.hpp"
 #include "../../plonk/proof_system/types/prover_settings.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 
 namespace honk {
 
@@ -16,7 +16,7 @@ class standard_verifier_settings : public plonk::standard_settings {
     static constexpr size_t num_challenge_bytes = 16;
     static constexpr transcript::HashType hash_type = transcript::HashType::PedersenBlake3s;
     static constexpr size_t program_width = 3;
-    static constexpr size_t num_polys = bonk::StandardArithmetization::NUM_POLYNOMIALS;
+    static constexpr size_t num_polys = honk::StandardArithmetization::NUM_POLYNOMIALS;
 };
 
 } // namespace honk

cpp/src/barretenberg/honk/proof_system/prover.cpp

@@ -16,7 +16,7 @@
 #include "barretenberg/honk/sumcheck/relations/grand_product_computation_relation.hpp"
 #include "barretenberg/honk/sumcheck/relations/grand_product_initialization_relation.hpp"
 #include "barretenberg/polynomials/polynomial.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 #include "barretenberg/transcript/transcript_wrappers.hpp"
 #include <string>
 #include "barretenberg/honk/pcs/claim.hpp"
@@ -26,7 +26,7 @@ namespace honk {
 using Fr = barretenberg::fr;
 using Commitment = barretenberg::g1::affine_element;
 using Polynomial = barretenberg::Polynomial<Fr>;
-using POLYNOMIAL = bonk::StandardArithmetization::POLYNOMIAL;
+using POLYNOMIAL = honk::StandardArithmetization::POLYNOMIAL;
 
 /**
  * Create Prover from proving key, witness and manifest.
@@ -288,8 +288,8 @@ template <typename settings> void Prover<settings>::execute_relation_check_round
  * */
 template <typename settings> void Prover<settings>::execute_univariatization_round()
 {
-    const size_t NUM_POLYNOMIALS = bonk::StandardArithmetization::NUM_POLYNOMIALS;
-    const size_t NUM_UNSHIFTED_POLYS = bonk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS;
+    const size_t NUM_POLYNOMIALS = honk::StandardArithmetization::NUM_POLYNOMIALS;
+    const size_t NUM_UNSHIFTED_POLYS = honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS;
 
     // Generate batching challenge ρ and powers 1,ρ,…,ρᵐ⁻¹
     Fr rho = transcript.get_challenge("rho");

cpp/src/barretenberg/honk/proof_system/prover.hpp

@@ -2,7 +2,7 @@
 #include "barretenberg/ecc/curves/bn254/fr.hpp"
 #include "barretenberg/honk/pcs/shplonk/shplonk.hpp"
 #include "barretenberg/polynomials/polynomial.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 #include <array>
 #include "barretenberg/proof_system/proving_key/proving_key.hpp"
 #include "barretenberg/honk/pcs/commitment_key.hpp"
@@ -66,7 +66,7 @@ template <typename settings> class Prover {
     std::shared_ptr<pcs::kzg::CommitmentKey> commitment_key;
 
     // Container for spans of all polynomials required by the prover (i.e. all multivariates evaluated by Sumcheck).
-    std::array<std::span<Fr>, bonk::StandardArithmetization::POLYNOMIAL::COUNT> prover_polynomials;
+    std::array<std::span<Fr>, honk::StandardArithmetization::POLYNOMIAL::COUNT> prover_polynomials;
 
     // Honk only needs a small portion of the functionality but may be fine to use existing work_queue
     // NOTE: this is not currently in use, but it may well be used in the future.

cpp/src/barretenberg/honk/proof_system/verifier.cpp

@@ -11,13 +11,13 @@
 #include "barretenberg/honk/pcs/gemini/gemini.hpp"
 #include "barretenberg/honk/pcs/kzg/kzg.hpp"
 #include "barretenberg/numeric/bitop/get_msb.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 #include "barretenberg/proof_system/polynomial_store/polynomial_store.hpp"
 #include "barretenberg/ecc/curves/bn254/fq12.hpp"
 #include "barretenberg/ecc/curves/bn254/pairing.hpp"
 #include "barretenberg/ecc/curves/bn254/scalar_multiplication/scalar_multiplication.hpp"
 #include "barretenberg/polynomials/polynomial_arithmetic.hpp"
-#include "barretenberg/honk/composer/composer_helper/permutation_helper.hpp"
+#include "barretenberg/proof_system/composer/permutation_helper.hpp"
 #include <math.h>
 #include <optional>
 #include <string>
@@ -83,9 +83,9 @@ template <typename program_settings> bool Verifier<program_settings>::verify_pro
     using Gemini = pcs::gemini::MultilinearReductionScheme<pcs::kzg::Params>;
     using Shplonk = pcs::shplonk::SingleBatchOpeningScheme<pcs::kzg::Params>;
     using KZG = pcs::kzg::UnivariateOpeningScheme<pcs::kzg::Params>;
-    const size_t NUM_POLYNOMIALS = bonk::StandardArithmetization::NUM_POLYNOMIALS;
-    const size_t NUM_UNSHIFTED = bonk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS;
-    const size_t NUM_PRECOMPUTED = bonk::StandardArithmetization::NUM_PRECOMPUTED_POLYNOMIALS;
+    const size_t NUM_POLYNOMIALS = honk::StandardArithmetization::NUM_POLYNOMIALS;
+    const size_t NUM_UNSHIFTED = honk::StandardArithmetization::NUM_UNSHIFTED_POLYNOMIALS;
+    const size_t NUM_PRECOMPUTED = honk::StandardArithmetization::NUM_PRECOMPUTED_POLYNOMIALS;
 
     constexpr auto program_width = program_settings::program_width;
 
@@ -165,7 +165,7 @@ template <typename program_settings> bool Verifier<program_settings>::verify_pro
 
     // Construct batched commitment for NON-shifted polynomials
     for (size_t i = 0; i < NUM_PRECOMPUTED; ++i) {
-        auto commitment = key->commitments[bonk::StandardArithmetization::ENUM_TO_COMM[i]];
+        auto commitment = key->commitments[honk::StandardArithmetization::ENUM_TO_COMM[i]];
         batched_commitment_unshifted += commitment * rhos[i];
     }
     // add wire commitments

cpp/src/barretenberg/honk/proof_system/verifier.hpp

@@ -7,7 +7,7 @@
 #include "../sumcheck/sumcheck.hpp"
 #include "../sumcheck/relations/arithmetic_relation.hpp"
 #include "barretenberg/honk/pcs/commitment_key.hpp"
-#include "barretenberg/proof_system/flavor/flavor.hpp"
+#include "barretenberg/honk/flavor/flavor.hpp"
 #include "barretenberg/honk/pcs/gemini/gemini.hpp"
 #include "barretenberg/honk/pcs/shplonk/shplonk_single.hpp"
 #include "barretenberg/honk/pcs/kzg/kzg.hpp"