Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: eccvm transcript builder #9026

Merged
merged 11 commits into from
Oct 8, 2024
Merged

refactor: eccvm transcript builder #9026

merged 11 commits into from
Oct 8, 2024

Conversation

iakovenkos
Copy link
Contributor

  • improved the structure of the main method compute_rows

  • cleaned up logic without modifying it

  • improved code sharing

  • added docs (not very detailed but should be helpful)

  • added the point at infinity test to ECCVMCircuitBuilderTests. this test passing means that we are not handling point at infinity correctly

@iakovenkos iakovenkos added the crypto cryptography label Oct 4, 2024
iakovenkos
iakovenkos commented Oct 4, 2024
View reviewed changes
barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
VMState state{
.pc = total_number_of_muls,
.count = 0,
.accumulator = CycleGroup::affine_point_at_infinity,
.msm_accumulator = offset_generator(),
.is_accumulator_empty = true,
};

VMState updated_state;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tried to remove it, but seems tricky

iakovenkos
iakovenkos commented Oct 4, 2024
View reviewed changes
barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
accumulator_trace[i] = state.accumulator;
msm_accumulator_trace[i] = msm_transition ? updated_state.msm_accumulator : Element::infinity();
intermediate_accumulator_trace[i] =
msm_transition ? (updated_state.msm_accumulator - offset_generator()) : Element::infinity();
if (entry.mul && next_not_msm && !row.accumulator_empty) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

state is re-written by the updates state, so this check is unnecessary

iakovenkos
iakovenkos commented Oct 4, 2024
View reviewed changes
barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
auto rhsy = accumulator_trace[i].is_point_at_infinity() ? (0) : accumulator_trace[i].y;
inverse_trace_x[i] = lhsx - rhsx;
inverse_trace_y[i] = lhsy - rhsy;
} else if (add) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here add = row.q_add, but it coincides with entry.add, so the logic could be simplified a little

iakovenkos
iakovenkos commented Oct 4, 2024
View reviewed changes
barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
for (size_t i = 0; i < accumulator_trace.size(); ++i) {
TranscriptRow& row = transcript_state[i + 1];
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not necessary, but makes the operations with the current transcipt row way clearer

iakovenkos
iakovenkos commented Oct 4, 2024
View reviewed changes
barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
@@ -10,8 +10,13 @@ class ECCVMTranscriptBuilder {
using FF = grumpkin::fr;
using Element = typename CycleGroup::element;
using AffineElement = typename CycleGroup::affine_element;
using VMOperation = typename bb::eccvm::VMOperation<CycleGroup>;
using Accumulator = typename std::vector<Element>;

struct TranscriptRow {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seemed logical to group the fields in the order of being populated

iakovenkos
iakovenkos commented Oct 4, 2024
View reviewed changes
barretenberg/cpp/src/barretenberg/relations/ecc_vm/ecc_transcript_relation_impl.hpp
@@ -212,7 +212,7 @@ void ECCVMTranscriptRelationImpl<FF>::accumulate(ContainerOverSubrelations& accu
* If q_mul = 1 OR q_add = 1 OR q_eq = 1, require (transcript_Px, transcript_Py) is valid ecc point
* q_mul/q_add/q_eq mutually exclusive, can represent as sum of 3
*/
const auto validate_on_curve = q_mul + q_add + q_mul + q_eq;
const auto validate_on_curve = q_add + q_mul + q_eq;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

must have been a typo

@iakovenkos iakovenkos self-assigned this Oct 4, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 4, 2024
edited
Loading

Changes to circuit sizes

Generated at commit: cb228589d052b8e5d422b8baf81605ef106299a7, compared to commit: ebb6a2da62c9d99f448b0da9cf1d14fd64a59b9f

🧾 Summary (100% most significant diffs)

Program ACIR opcodes (+/-) % Circuit size (+/-) %
public_kernel_merge_simulated 0 ➖ 0.00% +3,130 ❌ +313000.00%
public_kernel_inner_simulated 0 ➖ 0.00% +2,475 ❌ +247500.00%
private_kernel_tail_to_public_simulated 0 ➖ 0.00% +3,130 ❌ +78250.00%
public_kernel_tail_simulated 0 ➖ 0.00% +667 ❌ +66700.00%
private_kernel_init_simulated 0 ➖ 0.00% +1,973 ❌ +49325.00%
private_kernel_inner_simulated 0 ➖ 0.00% +1,973 ❌ +49325.00%
private_kernel_reset_simulated 0 ➖ 0.00% +1,973 ❌ +49325.00%
private_kernel_reset_simulated_4_4_4_4_4_4_4_4_1 0 ➖ 0.00% +1,973 ❌ +49325.00%
private_kernel_empty_simulated 0 ➖ 0.00% +667 ❌ +16675.00%
private_kernel_tail_simulated 0 ➖ 0.00% +667 ❌ +16675.00%
rollup_base_simulated 0 ➖ 0.00% +33 ❌ +3300.00%
empty_nested 0 ➖ +∞% +4 ❌ +100.00%
empty_nested_simulated 0 ➖ 0.00% +4 ❌ +100.00%
parity_base 0 ➖ 0.00% +21,130 ❌ +65.46%
private_kernel_empty 0 ➖ 0.00% +661 ❌ +19.06%
private_kernel_tail_to_public 0 ➖ 0.00% +3,095 ❌ +7.40%
private_kernel_init 0 ➖ 0.00% +1,955 ❌ +6.47%
private_kernel_tail 0 ➖ 0.00% +646 ❌ +5.91%
rollup_block_root_empty 0 ➖ 0.00% +105 ❌ +3.65%
private_kernel_inner 0 ➖ 0.00% +1,944 ❌ +3.54%
private_kernel_reset_4_4_4_4_4_4_4_4_1 0 ➖ 0.00% +1,933 ❌ +2.63%
public_kernel_merge 0 ➖ 0.00% +14,254 ❌ +1.29%
rollup_block_root 0 ➖ 0.00% +33,633 ❌ +1.19%
parity_root 0 ➖ 0.00% +44,738 ❌ +1.19%
rollup_merge 0 ➖ 0.00% +22,410 ❌ +1.18%
rollup_block_merge 0 ➖ 0.00% +22,493 ❌ +1.16%
rollup_root 0 ➖ 0.00% +22,477 ❌ +1.16%
public_kernel_tail 0 ➖ 0.00% +11,730 ❌ +0.52%
rollup_base 0 ➖ 0.00% +15,095 ❌ +0.43%
private_kernel_reset 0 ➖ 0.00% +1,873 ❌ +0.40%
public_kernel_inner 0 ➖ 0.00% +1,728 ❌ +0.33%
Full diff report 👇
Program ACIR opcodes (+/-) % Circuit size (+/-) %
public_kernel_merge_simulated 1 (0) 0.00% 3,131 (+3,130) +313000.00%
public_kernel_inner_simulated 1 (0) 0.00% 2,476 (+2,475) +247500.00%
private_kernel_tail_to_public_simulated 1 (0) 0.00% 3,134 (+3,130) +78250.00%
public_kernel_tail_simulated 1 (0) 0.00% 668 (+667) +66700.00%
private_kernel_init_simulated 1 (0) 0.00% 1,977 (+1,973) +49325.00%
private_kernel_inner_simulated 1 (0) 0.00% 1,977 (+1,973) +49325.00%
private_kernel_reset_simulated 1 (0) 0.00% 1,977 (+1,973) +49325.00%
private_kernel_reset_simulated_4_4_4_4_4_4_4_4_1 1 (0) 0.00% 1,977 (+1,973) +49325.00%
private_kernel_empty_simulated 1 (0) 0.00% 671 (+667) +16675.00%
private_kernel_tail_simulated 1 (0) 0.00% 671 (+667) +16675.00%
rollup_base_simulated 1 (0) 0.00% 34 (+33) +3300.00%
empty_nested 0 (0) +∞% 8 (+4) +100.00%
empty_nested_simulated 1 (0) 0.00% 8 (+4) +100.00%
parity_base 5,371 (0) 0.00% 53,408 (+21,130) +65.46%
private_kernel_empty 670 (0) 0.00% 4,129 (+661) +19.06%
private_kernel_tail_to_public 29,831 (0) 0.00% 44,919 (+3,095) +7.40%
private_kernel_init 24,901 (0) 0.00% 32,162 (+1,955) +6.47%
private_kernel_tail 4,745 (0) 0.00% 11,573 (+646) +5.91%
rollup_block_root_empty 93 (0) 0.00% 2,980 (+105) +3.65%
private_kernel_inner 43,951 (0) 0.00% 56,831 (+1,944) +3.54%
private_kernel_reset_4_4_4_4_4_4_4_4_1 34,899 (0) 0.00% 75,549 (+1,933) +2.63%
public_kernel_merge 53,488 (0) 0.00% 1,117,793 (+14,254) +1.29%
rollup_block_root 4,154 (0) 0.00% 2,870,753 (+33,633) +1.19%
parity_root 5,399 (0) 0.00% 3,819,849 (+44,738) +1.19%
rollup_merge 3,671 (0) 0.00% 1,918,477 (+22,410) +1.18%
rollup_block_merge 20,255 (0) 0.00% 1,954,063 (+22,493) +1.16%
rollup_root 20,239 (0) 0.00% 1,954,031 (+22,477) +1.16%
public_kernel_tail 259,172 (0) 0.00% 2,281,716 (+11,730) +0.52%
rollup_base 671,887 (0) 0.00% 3,541,069 (+15,095) +0.43%
private_kernel_reset 91,935 (0) 0.00% 472,006 (+1,873) +0.40%
public_kernel_inner 268,756 (0) 0.00% 518,289 (+1,728) +0.33%

Rumata888
Rumata888 approved these changes Oct 7, 2024
View reviewed changes
Copy link
Contributor

@Rumata888 Rumata888 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everthing looks good, could you just please document (add descriptions) to all the functions you've split out.

barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp Outdated Show resolved Hide resolved
barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
}

private:
static void populate_transcript_row(TranscriptRow& row,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these functions need descriptions

barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp Outdated
}
}
static void batch_invert(std::vector<FF>& inverse_trace_x,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these calls can stay in the original function

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
TranscriptRow& final_row = transcript_state.back();
final_row.pc = updated_state.pc;
final_row.accumulator_x =
(updated_state.accumulator.is_point_at_infinity()) ? 0 : AffineElement(updated_state.accumulator).x;
updated_state.accumulator.is_point_at_infinity() ? 0 : AffineElement(updated_state.accumulator).x;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably add an explanation for (0,0)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, I don't have a good explanation, because that's exactly where the point at infinity breaks Goblin

barretenberg/cpp/src/barretenberg/eccvm/transcript_builder.hpp
add_lambda_numerator[i],
add_lambda_denominator[i]);
} else {
row.transcript_add_x_equal = 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what does this do?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the slopes are only used when there's an msm transition or an addition

iakovenkos
iakovenkos commented Oct 7, 2024
View reviewed changes
Copy link
Contributor Author

@iakovenkos iakovenkos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expanded the docs to some extent. Agree that they could be done even more detailed

@iakovenkos iakovenkos merged commit d2c9ae2 into master Oct 8, 2024
37 checks passed
@iakovenkos iakovenkos deleted the si/refactor-eccvm-transcript-builder branch October 8, 2024 14:32
@AztecBot AztecBot mentioned this pull request Oct 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rumata888 Rumata888 Rumata888 approved these changes

Assignees

@iakovenkos iakovenkos

Labels
crypto cryptography
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iakovenkos @Rumata888