oink_verifier.cpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: Completed, auditors: [Sergei], commit: }
// external_1:  { status: not started, auditors: [], commit: }
// external_2:  { status: not started, auditors: [], commit: }
// =====================
 
#include "barretenberg/ultra_honk/oink_verifier.hpp"
#include "barretenberg/common/throw_or_abort.hpp"
#include "barretenberg/ext/starknet/flavor/ultra_starknet_flavor.hpp"
#include "barretenberg/ext/starknet/flavor/ultra_starknet_zk_flavor.hpp"
#include "barretenberg/flavor/mega_avm_recursive_flavor.hpp"
#include "barretenberg/flavor/mega_zk_recursive_flavor.hpp"
#include "barretenberg/flavor/ultra_keccak_zk_flavor.hpp"
#include "barretenberg/flavor/ultra_zk_recursive_flavor.hpp"
#include "barretenberg/honk/library/grand_product_delta.hpp"
#include "barretenberg/numeric/bitop/get_msb.hpp"
 
namespace bb {
 
template <typename Flavor> void OinkVerifier<Flavor>::verify()
{
    receive_vk_hash_and_public_inputs();
    if constexpr (Flavor::HasZK) {
        verifier_instance->gemini_masking_commitment =
            transcript->template receive_from_prover<Commitment>("Gemini:masking_poly_comm");
    }
    receive_wire_commitments();
    receive_lookup_counts_and_w4_commitments();
    receive_logderiv_commitments();
    complete_grand_product_round();
 
    verifier_instance->alpha = transcript->template get_challenge<FF>("alpha");
}
 
template <typename Flavor> void OinkVerifier<Flavor>::receive_vk_hash_and_public_inputs()
{
    auto vk = verifier_instance->get_vk();
 
    FF vk_hash = vk->hash_with_origin_tagging(*transcript);
    transcript->add_to_hash_buffer("vk_hash", vk_hash);
    vinfo("vk hash in Oink verifier: ", vk_hash);
 
    // For recursive flavors, assert that the VK hash matches the expected hash provided in the VK
    if constexpr (IsRecursiveFlavor<Flavor>) {
        const bool is_write_vk_mode = vk_hash.get_context()->is_write_vk_mode();
        const bool vk_hash_consistency = verifier_instance->vk_and_hash->hash.get_value() == vk_hash.get_value();
        if (!vk_hash_consistency && !is_write_vk_mode) {
            info("Recursive Ultra Verifier: VK Hash Mismatch");
        }
        verifier_instance->vk_and_hash->hash.assert_equal(vk_hash);
 
        // Assert that the provided num_public_inputs matches VK's value (in-circuit constraint)
        vk->num_public_inputs.assert_equal(FF(num_public_inputs), "OinkVerifier: num_public_inputs mismatch with VK");
    } else {
        BB_ASSERT_EQ(verifier_instance->vk_and_hash->hash, vk_hash, "Native Ultra Verifier: VK Hash Mismatch");
        // Assert that the provided num_public_inputs matches VK's value
        BB_ASSERT_EQ(num_public_inputs,
                     static_cast<size_t>(vk->num_public_inputs),
                     "OinkVerifier: num_public_inputs mismatch with VK");
    };
 
    std::vector<FF> public_inputs;
    for (size_t i = 0; i < num_public_inputs; ++i) {
        auto public_input_i = transcript->template receive_from_prover<FF>("public_input_" + std::to_string(i));
        public_inputs.emplace_back(public_input_i);
    }
    verifier_instance->public_inputs = std::move(public_inputs);
}
 
template <typename Flavor> void OinkVerifier<Flavor>::receive_wire_commitments()
{
    // Get commitments to first three wire polynomials
    verifier_instance->witness_commitments.w_l = transcript->template receive_from_prover<Commitment>(comm_labels.w_l);
    verifier_instance->witness_commitments.w_r = transcript->template receive_from_prover<Commitment>(comm_labels.w_r);
    verifier_instance->witness_commitments.w_o = transcript->template receive_from_prover<Commitment>(comm_labels.w_o);
 
    if constexpr (IsMegaFlavor<Flavor>) {
        // Receive ECC op wire commitments
        for (auto [commitment, label] :
             zip_view(verifier_instance->witness_commitments.get_ecc_op_wires(), comm_labels.get_ecc_op_wires())) {
            commitment = transcript->template receive_from_prover<Commitment>(label);
        }
 
        // Receive DataBus related polynomial commitments
        for (auto [commitment, label] : zip_view(verifier_instance->witness_commitments.get_databus_entities(),
                                                 comm_labels.get_databus_entities())) {
            commitment = transcript->template receive_from_prover<Commitment>(label);
        }
    }
}
 
template <typename Flavor> void OinkVerifier<Flavor>::receive_lookup_counts_and_w4_commitments()
{
    // Get eta challenge and compute powers (eta, eta², eta³)
    verifier_instance->relation_parameters.compute_eta_powers(transcript->template get_challenge<FF>("eta"));
 
    // Get commitments to lookup argument polynomials and fourth wire
    verifier_instance->witness_commitments.lookup_read_counts =
        transcript->template receive_from_prover<Commitment>(comm_labels.lookup_read_counts);
    verifier_instance->witness_commitments.lookup_read_tags =
        transcript->template receive_from_prover<Commitment>(comm_labels.lookup_read_tags);
    verifier_instance->witness_commitments.w_4 = transcript->template receive_from_prover<Commitment>(comm_labels.w_4);
}
 
template <typename Flavor> void OinkVerifier<Flavor>::receive_logderiv_commitments()
{
    auto [beta, gamma] = transcript->template get_challenges<FF>(std::array<std::string, 2>{ "beta", "gamma" });
    verifier_instance->relation_parameters.compute_beta_powers(beta);
    verifier_instance->relation_parameters.gamma = gamma;
 
    verifier_instance->witness_commitments.lookup_inverses =
        transcript->template receive_from_prover<Commitment>(comm_labels.lookup_inverses);
 
    if constexpr (IsMegaFlavor<Flavor>) {
        for (auto [commitment, label] : zip_view(verifier_instance->witness_commitments.get_databus_inverses(),
                                                 comm_labels.get_databus_inverses())) {
            commitment = transcript->template receive_from_prover<Commitment>(label);
        }
    }
}
 
template <typename Flavor> void OinkVerifier<Flavor>::complete_grand_product_round()
{
    auto vk = verifier_instance->get_vk();
 
    verifier_instance->relation_parameters.public_input_delta =
        compute_public_input_delta<Flavor>(verifier_instance->public_inputs,
                                           verifier_instance->relation_parameters.beta,
                                           verifier_instance->relation_parameters.gamma,
                                           vk->pub_inputs_offset);
 
    verifier_instance->witness_commitments.z_perm =
        transcript->template receive_from_prover<Commitment>(comm_labels.z_perm);
}
 
// Native flavor instantiations
template class OinkVerifier<UltraFlavor>;
template class OinkVerifier<UltraZKFlavor>;
template class OinkVerifier<UltraKeccakFlavor>;
#ifdef STARKNET_GARAGA_FLAVORS
template class OinkVerifier<UltraStarknetFlavor>;
template class OinkVerifier<UltraStarknetZKFlavor>;
#endif
template class OinkVerifier<UltraKeccakZKFlavor>;
template class OinkVerifier<MegaFlavor>;
template class OinkVerifier<MegaZKFlavor>;
 
// Recursive flavor instantiations
template class OinkVerifier<UltraRecursiveFlavor_<UltraCircuitBuilder>>;
template class OinkVerifier<UltraRecursiveFlavor_<MegaCircuitBuilder>>;
template class OinkVerifier<MegaRecursiveFlavor_<UltraCircuitBuilder>>;
template class OinkVerifier<MegaRecursiveFlavor_<MegaCircuitBuilder>>;
template class OinkVerifier<MegaZKRecursiveFlavor_<MegaCircuitBuilder>>;
template class OinkVerifier<MegaZKRecursiveFlavor_<UltraCircuitBuilder>>;
template class OinkVerifier<MegaAvmRecursiveFlavor_<UltraCircuitBuilder>>;
template class OinkVerifier<UltraZKRecursiveFlavor_<UltraCircuitBuilder>>;
template class OinkVerifier<UltraZKRecursiveFlavor_<MegaCircuitBuilder>>;
 
} // namespace bb