diff --git a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp index e9093518f54..701c8e5b67d 100644 --- a/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp +++ b/barretenberg/cpp/src/barretenberg/benchmark/ultra_bench/ultra_honk_rounds.bench.cpp @@ -15,6 +15,7 @@ enum { SORTED_LIST_ACCUMULATOR, LOG_DERIVATIVE_INVERSE, GRAND_PRODUCT_COMPUTATION, + GENERATE_ALPHAS, RELATION_CHECK, ZEROMORPH }; @@ -49,6 +50,7 @@ BB_PROFILE static void test_round_inner(State& state, GoblinUltraProver& prover, time_if_index(SORTED_LIST_ACCUMULATOR, [&] { prover.oink_prover.execute_sorted_list_accumulator_round(); }); time_if_index(LOG_DERIVATIVE_INVERSE, [&] { prover.oink_prover.execute_log_derivative_inverse_round(); }); time_if_index(GRAND_PRODUCT_COMPUTATION, [&] { prover.oink_prover.execute_grand_product_computation_round(); }); + time_if_index(GENERATE_ALPHAS, [&] { prover.instance->alphas = prover.oink_prover.generate_alphas_round(); }); // we need to get the relation_parameters and prover_polynomials from the oink_prover prover.instance->relation_parameters = prover.oink_prover.relation_parameters; prover.instance->prover_polynomials = GoblinUltraFlavor::ProverPolynomials(prover.instance->proving_key); @@ -75,7 +77,7 @@ BB_PROFILE static void test_round(State& state, size_t index) noexcept { \ test_round(state, round); \ } \ - BENCHMARK(ROUND_##round)->DenseRange(17, 19)->Unit(kMillisecond) + BENCHMARK(ROUND_##round)->DenseRange(12, 19)->Unit(kMillisecond) // Fast rounds take a long time to benchmark because of how we compute statistical significance. // Limit to one iteration so we don't spend a lot of time redoing full proofs just to measure this part. @@ -84,6 +86,7 @@ ROUND_BENCHMARK(WIRE_COMMITMENTS)->Iterations(1); ROUND_BENCHMARK(SORTED_LIST_ACCUMULATOR)->Iterations(1); ROUND_BENCHMARK(LOG_DERIVATIVE_INVERSE)->Iterations(1); ROUND_BENCHMARK(GRAND_PRODUCT_COMPUTATION)->Iterations(1); +ROUND_BENCHMARK(GENERATE_ALPHAS)->Iterations(1); ROUND_BENCHMARK(RELATION_CHECK); ROUND_BENCHMARK(ZEROMORPH); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp index a1cb41cef73..c1ce74400bf 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.cpp @@ -8,15 +8,10 @@ void ProtoGalaxyProver_::finalise_and_send_instance(std::shared { OinkProver oink_prover(instance->proving_key, commitment_key, transcript, domain_separator + '_'); - auto [relation_params] = oink_prover.prove(); + auto [relation_params, alphas] = oink_prover.prove(); instance->relation_parameters = std::move(relation_params); instance->prover_polynomials = ProverPolynomials(instance->proving_key); - - // Generate relation separators alphas for sumcheck - for (size_t idx = 0; idx < NUM_SUBRELATIONS - 1; idx++) { - instance->alphas[idx] = - transcript->template get_challenge(domain_separator + "_alpha_" + std::to_string(idx)); - } + instance->alphas = std::move(alphas); } template void ProtoGalaxyProver_::prepare_for_folding() diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp index b47ba04a292..cb357b1cb2b 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_verifier.cpp @@ -9,15 +9,11 @@ void ProtoGalaxyVerifier_::receive_and_finalise_instance(cons { auto& key = inst->verification_key; OinkVerifier oink_verifier{ key, transcript, domain_separator + '_' }; - auto [relation_parameters, witness_commitments, public_inputs] = oink_verifier.verify(); + auto [relation_parameters, witness_commitments, public_inputs, alphas] = oink_verifier.verify(); inst->relation_parameters = std::move(relation_parameters); inst->witness_commitments = std::move(witness_commitments); inst->public_inputs = std::move(public_inputs); - - // Get the relation separation challenges - for (size_t idx = 0; idx < NUM_SUBRELATIONS - 1; idx++) { - inst->alphas[idx] = transcript->template get_challenge(domain_separator + "_alpha_" + std::to_string(idx)); - } + inst->alphas = std::move(alphas); } // TODO(https://github.com/AztecProtocol/barretenberg/issues/795): The rounds prior to actual verifying are common diff --git a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/ultra_recursive_verifier.cpp b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/ultra_recursive_verifier.cpp index cf97878c6d7..c400f1d4953 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/ultra_recursive_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/honk_recursion/verifier/ultra_recursive_verifier.cpp @@ -108,7 +108,7 @@ std::array UltraRecursiveVerifier_::ve auto sumcheck = Sumcheck(log_circuit_size, transcript); RelationSeparator alpha; for (size_t idx = 0; idx < alpha.size(); idx++) { - alpha[idx] = transcript->template get_challenge("Sumcheck:alpha_" + std::to_string(idx)); + alpha[idx] = transcript->template get_challenge("alpha_" + std::to_string(idx)); } auto gate_challenges = std::vector(log_circuit_size); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp index 64d10ee0f25..ca8185b309c 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/goblin_ultra_transcript.test.cpp @@ -73,7 +73,7 @@ class GoblinUltraTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "Z_LOOKUP", frs_per_G); for (size_t i = 0; i < NUM_SUBRELATIONS - 1; i++) { - std::string label = "Sumcheck:alpha_" + std::to_string(i); + std::string label = "alpha_" + std::to_string(i); manifest_expected.add_challenge(round, label); round++; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index b5a5047443b..1edfd735b6d 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -25,8 +25,12 @@ template OinkProverOutput OinkProver::pro // Compute grand product(s) and commitments. execute_grand_product_computation_round(); + // Generate relation separators alphas for sumcheck/combiner computation + RelationSeparator alphas = generate_alphas_round(); + return OinkProverOutput{ .relation_parameters = std::move(relation_parameters), + .alphas = std::move(alphas), }; } @@ -149,6 +153,15 @@ template void OinkProver::execute_grand_product_c transcript->send_to_verifier(domain_separator + commitment_labels.z_lookup, witness_commitments.z_lookup); } +template typename Flavor::RelationSeparator OinkProver::generate_alphas_round() +{ + RelationSeparator alphas; + for (size_t idx = 0; idx < alphas.size(); idx++) { + alphas[idx] = transcript->template get_challenge(domain_separator + "alpha_" + std::to_string(idx)); + } + return alphas; +} + template class OinkProver; template class OinkProver; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp index ba92115bdc5..14398ae6b18 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.hpp @@ -26,6 +26,7 @@ namespace bb { template struct OinkProverOutput { bb::RelationParameters relation_parameters; + typename Flavor::RelationSeparator alphas; }; /** @@ -49,6 +50,7 @@ template class OinkProver { std::string domain_separator; typename Flavor::WitnessCommitments witness_commitments; typename Flavor::CommitmentLabels commitment_labels; + using RelationSeparator = typename Flavor::RelationSeparator; bb::RelationParameters relation_parameters; @@ -68,5 +70,6 @@ template class OinkProver { void execute_sorted_list_accumulator_round(); void execute_log_derivative_inverse_round(); void execute_grand_product_computation_round(); + RelationSeparator generate_alphas_round(); }; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index 47c21e9bb42..f7e265b49eb 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -16,10 +16,12 @@ template OinkOutput OinkVerifier::verify( execute_sorted_list_accumulator_round(); execute_log_derivative_inverse_round(); execute_grand_product_computation_round(); + RelationSeparator alphas = generate_alphas_round(); return OinkOutput{ .relation_parameters = relation_parameters, - .commitments = witness_comms, - .public_inputs = public_inputs }; + .commitments = std::move(witness_comms), + .public_inputs = public_inputs, + .alphas = alphas }; } /** @@ -130,6 +132,16 @@ template void OinkVerifier::execute_grand_product transcript->template receive_from_prover(domain_separator + comm_labels.z_lookup); } +template typename Flavor::RelationSeparator OinkVerifier::generate_alphas_round() +{ + // Get the relation separation challenges for sumcheck/combiner computation + RelationSeparator alphas; + for (size_t idx = 0; idx < alphas.size(); idx++) { + alphas[idx] = transcript->template get_challenge(domain_separator + "alpha_" + std::to_string(idx)); + } + return alphas; +} + template class OinkVerifier; template class OinkVerifier; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp index 41d6faaad18..31a572dbec1 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.hpp @@ -12,6 +12,7 @@ template struct OinkOutput { bb::RelationParameters relation_parameters; typename Flavor::WitnessCommitments commitments; std::vector public_inputs; + typename Flavor::RelationSeparator alphas; }; /** @@ -29,6 +30,7 @@ template class OinkVerifier { using Transcript = typename Flavor::Transcript; using FF = typename Flavor::FF; using Commitment = typename Flavor::Commitment; + using RelationSeparator = typename Flavor::RelationSeparator; public: std::shared_ptr transcript; @@ -58,5 +60,7 @@ template class OinkVerifier { void execute_log_derivative_inverse_round(); void execute_grand_product_computation_round(); + + RelationSeparator generate_alphas_round(); }; } // namespace bb \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index a8bce2bfc93..be4c4f9ab87 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -42,11 +42,7 @@ template void UltraProver_::execute_relation_chec using Sumcheck = SumcheckProver; auto circuit_size = instance->proving_key->circuit_size; auto sumcheck = Sumcheck(circuit_size, transcript); - RelationSeparator alphas; - for (size_t idx = 0; idx < alphas.size(); idx++) { - alphas[idx] = transcript->template get_challenge("Sumcheck:alpha_" + std::to_string(idx)); - } - instance->alphas = alphas; + std::vector gate_challenges(numeric::get_msb(circuit_size)); for (size_t idx = 0; idx < gate_challenges.size(); idx++) { gate_challenges[idx] = transcript->template get_challenge("Sumcheck:gate_challenge_" + std::to_string(idx)); @@ -79,8 +75,9 @@ template HonkProof& UltraProver_::export_proof() template HonkProof& UltraProver_::construct_proof() { - auto [relation_params] = oink_prover.prove(); + auto [relation_params, alphas] = oink_prover.prove(); instance->relation_parameters = std::move(relation_params); + instance->alphas = alphas; instance->prover_polynomials = ProverPolynomials(instance->proving_key); // Fiat-Shamir: alpha diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index e5831b778ca..36f466e2004 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -25,7 +25,6 @@ template class UltraProver_ { using ProverInstance = ProverInstance_; using Instance = ProverInstance; using Transcript = typename Flavor::Transcript; - using RelationSeparator = typename Flavor::RelationSeparator; using ZeroMorph = ZeroMorphProver_; std::shared_ptr instance; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 544bccaa11f..44fcbfec08e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -67,7 +67,7 @@ class UltraTranscriptTests : public ::testing::Test { manifest_expected.add_entry(round, "Z_LOOKUP", frs_per_G); for (size_t i = 0; i < NUM_SUBRELATIONS - 1; i++) { - std::string label = "Sumcheck:alpha_" + std::to_string(i); + std::string label = "alpha_" + std::to_string(i); manifest_expected.add_challenge(round, label); round++; } diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp index 15f21c9ca74..6d5b19761b8 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp @@ -49,7 +49,7 @@ template bool UltraVerifier_::verify_proof(const HonkP transcript = std::make_shared(proof); VerifierCommitments commitments{ key }; OinkVerifier oink_verifier{ key, transcript }; - auto [relation_parameters, witness_commitments, _] = oink_verifier.verify(); + auto [relation_parameters, witness_commitments, _, alphas] = oink_verifier.verify(); // Copy the witness_commitments over to the VerifierCommitments for (auto [wit_comm_1, wit_comm_2] : zip_view(commitments.get_witness(), witness_commitments.get_all())) { @@ -59,10 +59,6 @@ template bool UltraVerifier_::verify_proof(const HonkP // Execute Sumcheck Verifier const size_t log_circuit_size = numeric::get_msb(key->circuit_size); auto sumcheck = SumcheckVerifier(log_circuit_size, transcript); - RelationSeparator alphas; - for (size_t idx = 0; idx < alphas.size(); idx++) { - alphas[idx] = transcript->template get_challenge("Sumcheck:alpha_" + std::to_string(idx)); - } auto gate_challenges = std::vector(log_circuit_size); for (size_t idx = 0; idx < log_circuit_size; idx++) { diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp index e84305d66b0..f32deb49155 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.hpp @@ -12,7 +12,6 @@ template class UltraVerifier_ { using VerificationKey = typename Flavor::VerificationKey; using VerifierCommitmentKey = typename Flavor::VerifierCommitmentKey; using Transcript = typename Flavor::Transcript; - using RelationSeparator = typename Flavor::RelationSeparator; public: explicit UltraVerifier_(const std::shared_ptr& transcript,