diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp index 8a322620000..ce360d83949 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/kzg/kzg.hpp @@ -11,13 +11,16 @@ namespace bb { -template class KZG { +template class KZG { + public: + using Curve = Curve_; using CK = CommitmentKey; using VK = VerifierCommitmentKey; using Fr = typename Curve::ScalarField; using Commitment = typename Curve::AffineElement; using GroupElement = typename Curve::Element; using Polynomial = bb::Polynomial; + using VerifierAccumulator = std::array; /** * @brief Computes the KZG commitment to an opening proof polynomial at a single evaluation point @@ -27,7 +30,6 @@ template class KZG { * @param polynomial The witness whose opening proof needs to be computed * @param prover_transcript Prover transcript */ - public: static void compute_opening_proof(std::shared_ptr ck, const OpeningPair& opening_pair, const Polynomial& polynomial, @@ -75,13 +77,16 @@ template class KZG { * - P₀ = C − v⋅[1]₁ + r⋅[W(x)]₁ * - P₁ = [W(x)]₁ */ - static std::array compute_pairing_points(const OpeningClaim& claim, - const auto& verifier_transcript) + static VerifierAccumulator reduce_verify(const OpeningClaim& claim, const auto& verifier_transcript) { auto quotient_commitment = verifier_transcript->template receive_from_prover("KZG:W"); + // Note: The pairing check can be expressed naturally as + // e(C - v * [1]_1, [1]_2) = e([W]_1, [X - r]_2) where C =[p(X)]_1. This can be rearranged (e.g. see the plonk + // paper) as e(C + r*[W]_1 - v*[1]_1, [1]_2) * e(-[W]_1, [X]_2) = 1, or e(P_0, [1]_2) * e(P_1, [X]_2) = 1 GroupElement P_0; if constexpr (Curve::is_stdlib_type) { + // Express operation as a batch_mul in order to use Goblinization if available auto builder = quotient_commitment.get_context(); auto one = Fr(builder, 1); std::vector commitments = { claim.commitment, diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp index 231d4f610b7..5f444c87792 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.hpp @@ -29,9 +29,10 @@ template inline std::vector powers_of_challenge(const FF challeng /** * @brief Prover for ZeroMorph multilinear PCS * - * @tparam Curve + * @tparam PCS - The univariate PCS used inside ZeroMorph as a building block */ -template class ZeroMorphProver_ { +template class ZeroMorphProver_ { + using Curve = typename PCS::Curve; using FF = typename Curve::ScalarField; using Commitment = typename Curve::AffineElement; using Polynomial = bb::Polynomial; @@ -263,10 +264,14 @@ template class ZeroMorphProver_ { } /** - * @brief Compute combined evaluation and degree-check quotient polynomial pi - * @details Compute univariate quotient pi, where + * @brief Compute combined evaluation and degree-check polynomial pi + * @details Compute univariate polynomial pi, where + * + * pi = (\zeta_c + z*Z_x) X^{N_{max}-(N-1)} * - * pi = (q_\zeta + z*q_Z) X^{N_{max}-(N-1)}, with q_\zeta = \zeta_x/(X-x), q_Z = Z_x/(X-x) + * The proof that pi(x) = 0 for some verifier challenge x will then be computed as part of the univariate PCS + * opening. If this is instantiated with KZG, the PCS is going to compute the quotient + * q_pi = (q_\zeta + z*q_Z)X^{N_{max}-(N-1)}, with q_\zeta = \zeta_x/(X-x), q_Z = Z_x/(X-x), * * @param Z_x * @param zeta_x @@ -275,35 +280,30 @@ template class ZeroMorphProver_ { * @param N_max * @return Polynomial */ - static Polynomial compute_batched_evaluation_and_degree_check_quotient(Polynomial& zeta_x, - Polynomial& Z_x, - FF x_challenge, - FF z_challenge) + static Polynomial compute_batched_evaluation_and_degree_check_polynomial(Polynomial& zeta_x, + Polynomial& Z_x, + FF z_challenge) { // We cannot commit to polynomials with size > N_max size_t N = zeta_x.size(); ASSERT(N <= N_max); - // Compute q_{\zeta} and q_Z in place - zeta_x.factor_roots(x_challenge); - Z_x.factor_roots(x_challenge); - - // Compute batched quotient q_{\zeta} + z*q_Z - auto batched_quotient = zeta_x; - batched_quotient.add_scaled(Z_x, z_challenge); - - // TODO(#742): To complete the degree check, we need to commit to (q_{\zeta} + z*q_Z)*X^{N_max - N - 1}. - // Verification then requires a pairing check similar to the standard KZG check but with [1]_2 replaced by - // [X^{N_max - N -1}]_2. Two issues: A) we do not have an SRS with these G2 elements (so need to generate a fake - // setup until we can do the real thing), and B) its not clear to me how to update our pairing algorithms to do - // this type of pairing. For now, simply construct q_{\zeta} + z*q_Z without the shift and do a standard KZG - // pairing check. When we're ready, all we have to do to make this fully legit is commit to the shift here and - // update the pairing check accordingly. Note: When this is implemented properly, it doesnt make sense to store - // the (massive) shifted polynomial of size N_max. Ideally would only store the unshifted version and just - // compute the shifted commitment directly via a new method. - auto batched_shifted_quotient = batched_quotient; - - return batched_shifted_quotient; + // Compute batched polynomial zeta_x + Z_x + auto batched_polynomial = zeta_x; + batched_polynomial.add_scaled(Z_x, z_challenge); + + // TODO(#742): To complete the degree check, we need to do an opening proof for x_challenge with a univariate + // PCS for the degree-lifted polynomial (\zeta_c + z*Z_x)*X^{N_max - N - 1}. If this PCS is KZG, verification + // then requires a pairing check similar to the standard KZG check but with [1]_2 replaced by [X^{N_max - N + // -1}]_2. Two issues: A) we do not have an SRS with these G2 elements (so need to generate a fake setup until + // we can do the real thing), and B) its not clear to me how to update our pairing algorithms to do this type of + // pairing. For now, simply construct pi without the shift and do a standard KZG pairing check if the PCS is + // KZG. When we're ready, all we have to do to make this fully legit is commit to the shift here and update the + // pairing check accordingly. Note: When this is implemented properly, it doesnt make sense to store the + // (massive) shifted polynomial of size N_max. Ideally would only store the unshifted version and just compute + // the shifted commitment directly via a new method. + + return batched_polynomial; } /** @@ -424,12 +424,11 @@ template class ZeroMorphProver_ { concatenation_groups_batched); // Compute batched degree-check and ZM-identity quotient polynomial pi - auto pi_polynomial = - compute_batched_evaluation_and_degree_check_quotient(zeta_x, Z_x, x_challenge, z_challenge); + auto pi_polynomial = compute_batched_evaluation_and_degree_check_polynomial(zeta_x, Z_x, z_challenge); - // Compute and send proof commitment pi - auto pi_commitment = commitment_key->commit(pi_polynomial); - transcript->send_to_verifier("ZM:PI", pi_commitment); + // Compute opening proof for x_challenge using the underlying univariate PCS + PCS::compute_opening_proof( + commitment_key, { .challenge = x_challenge, .evaluation = FF(0) }, pi_polynomial, transcript); } }; @@ -438,9 +437,11 @@ template class ZeroMorphProver_ { * * @tparam Curve */ -template class ZeroMorphVerifier_ { +template class ZeroMorphVerifier_ { + using Curve = typename PCS::Curve; using FF = typename Curve::ScalarField; using Commitment = typename Curve::AffineElement; + using VerifierAccumulator = PCS::VerifierAccumulator; public: /** @@ -634,15 +635,14 @@ template class ZeroMorphVerifier_ { * @param transcript * @return std::array Inputs to the final pairing check */ - static std::array verify( - RefSpan unshifted_commitments, - RefSpan to_be_shifted_commitments, - RefSpan unshifted_evaluations, - RefSpan shifted_evaluations, - std::span multivariate_challenge, - auto& transcript, - const std::vector>& concatenation_group_commitments = {}, - RefSpan concatenated_evaluations = {}) + static VerifierAccumulator verify(RefSpan unshifted_commitments, + RefSpan to_be_shifted_commitments, + RefSpan unshifted_evaluations, + RefSpan shifted_evaluations, + std::span multivariate_challenge, + auto& transcript, + const std::vector>& concatenation_group_commitments = {}, + RefSpan concatenated_evaluations = {}) { size_t log_N = multivariate_challenge.size(); FF rho = transcript->template get_challenge("rho"); @@ -696,7 +696,7 @@ template class ZeroMorphVerifier_ { Commitment C_zeta_Z; if constexpr (Curve::is_stdlib_type) { // Express operation as a batch_mul in order to use Goblinization if available - auto builder = rho.get_context(); + auto builder = z_challenge.get_context(); std::vector scalars = { FF(builder, 1), z_challenge }; std::vector points = { C_zeta_x, C_Z_x }; C_zeta_Z = Commitment::batch_mul(points, scalars); @@ -704,28 +704,8 @@ template class ZeroMorphVerifier_ { C_zeta_Z = C_zeta_x + C_Z_x * z_challenge; } - // Receive proof commitment \pi - auto C_pi = transcript->template receive_from_prover("ZM:PI"); - - // Construct inputs and perform pairing check to verify claimed evaluation - // Note: The pairing check (without the degree check component X^{N_max-N-1}) can be expressed naturally as - // e(C_{\zeta,Z}, [1]_2) = e(pi, [X - x]_2). This can be rearranged (e.g. see the plonk paper) as - // e(C_{\zeta,Z} - x*pi, [1]_2) * e(-pi, [X]_2) = 1, or - // e(P_0, [1]_2) * e(P_1, [X]_2) = 1 - Commitment P0; - if constexpr (Curve::is_stdlib_type) { - // Express operation as a batch_mul in order to use Goblinization if available - auto builder = rho.get_context(); - std::vector scalars = { FF(builder, 1), x_challenge }; - std::vector points = { C_zeta_Z, C_pi }; - P0 = Commitment::batch_mul(points, scalars); - } else { - P0 = C_zeta_Z + C_pi * x_challenge; - } - - auto P1 = -C_pi; - - return { P0, P1 }; + return PCS::reduce_verify( + { .opening_pair = { .challenge = x_challenge, .evaluation = FF(0) }, .commitment = C_zeta_Z }, transcript); } }; diff --git a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp index 863f7921dc3..7274300114e 100644 --- a/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp +++ b/barretenberg/cpp/src/barretenberg/commitment_schemes/zeromorph/zeromorph.test.cpp @@ -1,19 +1,21 @@ #include "zeromorph.hpp" #include "../commitment_key.test.hpp" +#include "barretenberg/commitment_schemes/kzg/kzg.hpp" #include "barretenberg/transcript/transcript.hpp" #include namespace bb { -template class ZeroMorphTest : public CommitmentTest { +template class ZeroMorphTest : public CommitmentTest { public: + using Curve = typename PCS::Curve; using Fr = typename Curve::ScalarField; using Polynomial = bb::Polynomial; using Commitment = typename Curve::AffineElement; using GroupElement = typename Curve::Element; - using ZeroMorphProver = ZeroMorphProver_; - using ZeroMorphVerifier = ZeroMorphVerifier_; + using ZeroMorphProver = ZeroMorphProver_; + using ZeroMorphVerifier = ZeroMorphVerifier_; // Evaluate Phi_k(x) = \sum_{i=0}^k x^i using the direct inefficent formula Fr Phi(Fr challenge, size_t subscript) @@ -105,14 +107,15 @@ template class ZeroMorphTest : public CommitmentTest { } }; -template class ZeroMorphWithConcatenationTest : public CommitmentTest { +template class ZeroMorphWithConcatenationTest : public CommitmentTest { public: + using Curve = typename PCS::Curve; using Fr = typename Curve::ScalarField; using Polynomial = bb::Polynomial; using Commitment = typename Curve::AffineElement; using GroupElement = typename Curve::Element; - using ZeroMorphProver = ZeroMorphProver_; - using ZeroMorphVerifier = ZeroMorphVerifier_; + using ZeroMorphProver = ZeroMorphProver_; + using ZeroMorphVerifier = ZeroMorphVerifier_; // Evaluate Phi_k(x) = \sum_{i=0}^k x^i using the direct inefficent formula Fr Phi(Fr challenge, size_t subscript) @@ -260,9 +263,9 @@ template class ZeroMorphWithConcatenationTest : public CommitmentT } }; -using CurveTypes = ::testing::Types; -TYPED_TEST_SUITE(ZeroMorphTest, CurveTypes); -TYPED_TEST_SUITE(ZeroMorphWithConcatenationTest, CurveTypes); +using PCSTypes = ::testing::Types>; +TYPED_TEST_SUITE(ZeroMorphTest, PCSTypes); +TYPED_TEST_SUITE(ZeroMorphWithConcatenationTest, PCSTypes); /** * @brief Test method for computing q_k given multilinear f @@ -276,7 +279,8 @@ TYPED_TEST(ZeroMorphTest, QuotientConstruction) { // Define some useful type aliases using ZeroMorphProver = ZeroMorphProver_; - using Fr = typename TypeParam::ScalarField; + using Curve = typename TypeParam::Curve; + using Fr = typename Curve::ScalarField; using Polynomial = bb::Polynomial; // Define size parameters @@ -323,7 +327,8 @@ TYPED_TEST(ZeroMorphTest, BatchedLiftedDegreeQuotient) { // Define some useful type aliases using ZeroMorphProver = ZeroMorphProver_; - using Fr = typename TypeParam::ScalarField; + using Curve = typename TypeParam::Curve; + using Fr = typename Curve::ScalarField; using Polynomial = bb::Polynomial; const size_t N = 8; @@ -367,7 +372,8 @@ TYPED_TEST(ZeroMorphTest, PartiallyEvaluatedQuotientZeta) { // Define some useful type aliases using ZeroMorphProver = ZeroMorphProver_; - using Fr = typename TypeParam::ScalarField; + using Curve = typename TypeParam::Curve; + using Fr = typename Curve::ScalarField; using Polynomial = bb::Polynomial; const size_t N = 8; @@ -409,7 +415,8 @@ TYPED_TEST(ZeroMorphTest, PartiallyEvaluatedQuotientZeta) */ TYPED_TEST(ZeroMorphTest, PhiEvaluation) { - using Fr = typename TypeParam::ScalarField; + using Curve = typename TypeParam::Curve; + using Fr = typename Curve::ScalarField; const size_t N = 8; size_t n = numeric::get_msb(N); @@ -449,7 +456,8 @@ TYPED_TEST(ZeroMorphTest, PartiallyEvaluatedQuotientZ) { // Define some useful type aliases using ZeroMorphProver = ZeroMorphProver_; - using Fr = typename TypeParam::ScalarField; + using Curve = typename TypeParam::Curve; + using Fr = typename Curve::ScalarField; using Polynomial = bb::Polynomial; const size_t N = 8; diff --git a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp index 7e8e7de0729..16eb1b95921 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/goblin_ultra_recursive.hpp @@ -34,6 +34,7 @@ template class GoblinUltraRecursiveFlavor_ { public: using CircuitBuilder = BuilderType; // Determines arithmetization of circuit instantiated with this flavor using Curve = stdlib::bn254; + using PCS = KZG; using GroupElement = typename Curve::Element; using FF = typename Curve::ScalarField; using Commitment = typename Curve::Element; diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp index 9cf7672b43f..8e9a07b5a16 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra_recursive.hpp @@ -49,6 +49,7 @@ template class UltraRecursiveFlavor_ { public: using CircuitBuilder = BuilderType; // Determines arithmetization of circuit instantiated with this flavor using Curve = stdlib::bn254; + using PCS = KZG; using GroupElement = typename Curve::Element; using Commitment = typename Curve::Element; using FF = typename Curve::ScalarField; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp index 062d19f96b8..4c113531d69 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp @@ -18,7 +18,7 @@ template class DeciderProver_ { using Polynomial = typename Flavor::Polynomial; using ProverPolynomials = typename Flavor::ProverPolynomials; using CommitmentLabels = typename Flavor::CommitmentLabels; - using Curve = typename Flavor::Curve; + using PCS = typename Flavor::PCS; using Instance = ProverInstance_; using Transcript = typename Flavor::Transcript; using RelationSeparator = typename Flavor::RelationSeparator; @@ -47,7 +47,7 @@ template class DeciderProver_ { std::shared_ptr commitment_key; - using ZeroMorph = ZeroMorphProver_; + using ZeroMorph = ZeroMorphProver_; private: HonkProof proof; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp index 637dc322980..88905126d27 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_verifier.cpp @@ -27,8 +27,8 @@ DeciderVerifier_::DeciderVerifier_() */ template bool DeciderVerifier_::verify_proof(const HonkProof& proof) { - using Curve = typename Flavor::Curve; - using ZeroMorph = ZeroMorphVerifier_; + using PCS = typename Flavor::PCS; + using ZeroMorph = ZeroMorphVerifier_; using VerifierCommitments = typename Flavor::VerifierCommitments; transcript = std::make_shared(proof); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/decider_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/decider_recursive_verifier.cpp index b78083534e5..325f0647206 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/decider_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/decider_recursive_verifier.cpp @@ -14,8 +14,8 @@ template std::array DeciderRecursiveVerifier_::verify_proof(const HonkProof& proof) { using Sumcheck = ::bb::SumcheckVerifier; - using Curve = typename Flavor::Curve; - using ZeroMorph = ::bb::ZeroMorphVerifier_; + using PCS = typename Flavor::PCS; + using ZeroMorph = ::bb::ZeroMorphVerifier_; using VerifierCommitments = typename Flavor::VerifierCommitments; using Transcript = typename Flavor::Transcript; diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/merge_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/merge_recursive_verifier.cpp index f5e65035b8d..bbc17238b9a 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/merge_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/merge_recursive_verifier.cpp @@ -79,7 +79,7 @@ std::array::Element, 2> MergeRecursiveVerifier_ std::array UltraRecursiveVerifier_::verify_proof(const HonkProof& proof) { using Sumcheck = ::bb::SumcheckVerifier; - using Curve = typename Flavor::Curve; - using ZeroMorph = ::bb::ZeroMorphVerifier_; + using PCS = typename Flavor::PCS; + using ZeroMorph = ::bb::ZeroMorphVerifier_; using VerifierCommitments = typename Flavor::VerifierCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; using RelationParams = ::bb::RelationParameters; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index f7a39dfc9ea..6e10cb24ad9 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -155,7 +155,7 @@ void GoblinTranslatorProver::execute_relation_check_rounds() * */ void GoblinTranslatorProver::execute_zeromorph_rounds() { - using ZeroMorph = ZeroMorphProver_; + using ZeroMorph = ZeroMorphProver_; ZeroMorph::prove(prover_polynomials.get_unshifted(), prover_polynomials.get_to_be_shifted(), sumcheck_output.claimed_evaluations.get_unshifted(), diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index c46545707ba..c8bb0893d13 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -19,7 +19,7 @@ class GoblinTranslatorProver { using Polynomial = typename Flavor::Polynomial; using ProverPolynomials = typename Flavor::ProverPolynomials; using CommitmentLabels = typename Flavor::CommitmentLabels; - using Curve = typename Flavor::Curve; + using PCS = typename Flavor::PCS; using Transcript = typename Flavor::Transcript; public: diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 2eb78673a02..720ae146648 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -259,14 +259,14 @@ bool GoblinTranslatorVerifier::verify_proof(const HonkProof& proof) // Execute ZeroMorph rounds. See https://hackmd.io/dlf9xEwhTQyE3hiGbq4FsA?view for a complete description ofthe // unrolled protocol. - auto pairing_points = ZeroMorphVerifier_::verify(commitments.get_unshifted(), - commitments.get_to_be_shifted(), - claimed_evaluations.get_unshifted(), - claimed_evaluations.get_shifted(), - multivariate_challenge, - transcript, - commitments.get_concatenation_groups(), - claimed_evaluations.get_concatenated_constraints()); + auto pairing_points = ZeroMorphVerifier_::verify(commitments.get_unshifted(), + commitments.get_to_be_shifted(), + claimed_evaluations.get_unshifted(), + claimed_evaluations.get_shifted(), + multivariate_challenge, + transcript, + commitments.get_concatenation_groups(), + claimed_evaluations.get_concatenated_constraints()); auto verified = pcs_verification_key->pairing_check(pairing_points[0], pairing_points[1]); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp index d3a5d4f4424..82370a525e5 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp @@ -107,8 +107,7 @@ class GoblinUltraTranscriptTests : public ::testing::Test { manifest_expected.add_challenge(round, "ZM:x", "ZM:z"); round++; - // TODO(Mara): Make testing more flavor agnostic so we can test this with all flavors - manifest_expected.add_entry(round, "ZM:PI", frs_per_G); + manifest_expected.add_entry(round, "KZG:W", frs_per_G); manifest_expected.add_challenge(round); // no challenge return manifest_expected; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index 46aa631f6cb..b30fda61969 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -21,12 +21,12 @@ template class UltraProver_ { using Polynomial = typename Flavor::Polynomial; using ProverPolynomials = typename Flavor::ProverPolynomials; using CommitmentLabels = typename Flavor::CommitmentLabels; - using Curve = typename Flavor::Curve; + using PCS = typename Flavor::PCS; using ProverInstance = ProverInstance_; using Instance = ProverInstance; using Transcript = typename Flavor::Transcript; using RelationSeparator = typename Flavor::RelationSeparator; - using ZeroMorph = ZeroMorphProver_; + using ZeroMorph = ZeroMorphProver_; std::shared_ptr instance; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 723cbeaf30b..17383a15d2c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -101,8 +101,7 @@ class UltraTranscriptTests : public ::testing::Test { manifest_expected.add_challenge(round, "ZM:x", "ZM:z"); round++; - // TODO(Mara): Make testing more flavor agnostic so we can test this with all flavors - manifest_expected.add_entry(round, "ZM:PI", frs_per_G); + manifest_expected.add_entry(round, "KZG:W", frs_per_G); manifest_expected.add_challenge(round); // no challenge return manifest_expected; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index b0b7a602c18..bcc7fadc333 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -43,8 +43,8 @@ template bool UltraVerifier_::verify_proof(const HonkP { using FF = typename Flavor::FF; using Commitment = typename Flavor::Commitment; - using Curve = typename Flavor::Curve; - using ZeroMorph = ZeroMorphVerifier_; + using PCS = typename Flavor::PCS; + using ZeroMorph = ZeroMorphVerifier_; using VerifierCommitments = typename Flavor::VerifierCommitments; using CommitmentLabels = typename Flavor::CommitmentLabels; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp index d0fe0046c9a..8c36d7dabac 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp @@ -20,7 +20,6 @@ class AvmProver { using Polynomial = Flavor::Polynomial; using ProverPolynomials = Flavor::ProverPolynomials; using CommitmentLabels = Flavor::CommitmentLabels; - using Curve = Flavor::Curve; using Transcript = Flavor::Transcript; public: @@ -53,7 +52,7 @@ class AvmProver { std::shared_ptr commitment_key; - using ZeroMorph = ZeroMorphProver_; + using ZeroMorph = ZeroMorphProver_; private: HonkProof proof; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/avm_verifier.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/avm_verifier.cpp index c457ce090a2..9f863e2dcef 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/avm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/avm_verifier.cpp @@ -32,8 +32,8 @@ bool AvmVerifier::verify_proof(const HonkProof& proof) using Flavor = AvmFlavor; using FF = Flavor::FF; using Commitment = Flavor::Commitment; - // using Curve = Flavor::Curve; - // using ZeroMorph = ZeroMorphVerifier_; + // using PCS = Flavor::PCS; + // using ZeroMorph = ZeroMorphVerifier_; using VerifierCommitments = Flavor::VerifierCommitments; using CommitmentLabels = Flavor::CommitmentLabels; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/toy_prover.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/toy_prover.hpp index 9c451ad8a6a..1658343e0bc 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/toy_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/toy_prover.hpp @@ -53,7 +53,7 @@ class ToyProver { std::shared_ptr commitment_key; - using ZeroMorph = ZeroMorphProver_; + using ZeroMorph = ZeroMorphProver_; private: HonkProof proof; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/toy_verifier.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/toy_verifier.cpp index f30cd4207e4..57f2c2bb0c9 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/toy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/toy_verifier.cpp @@ -32,8 +32,8 @@ bool ToyVerifier::verify_proof(const HonkProof& proof) using Flavor = ToyFlavor; using FF = Flavor::FF; using Commitment = Flavor::Commitment; - // using Curve = Flavor::Curve; - // using ZeroMorph = ZeroMorphVerifier_; + // using PCS = Flavor::PCS; + // using ZeroMorph = ZeroMorphVerifier_; using VerifierCommitments = Flavor::VerifierCommitments; using CommitmentLabels = Flavor::CommitmentLabels;