feat: fix commitments and openings of masking polynomials used in zk sumcheck #10773

iakovenkos · 2024-12-16T19:27:20Z

We have updated the approach for committing to Libra masking polynomials. Instead of committing to them and opening them separately, we now utilize the inner products using KZG with ZK and a linear-time verifier protocol, referred to as SmallSubgroupIPA.

Key Changes in this PR

Addressed ZK issues of the previous approach.
Reduced the number of scalar multiplications required in our ZK verifiers over BN254.
Finalized the necessary logic for UltraZK.

Remark

However, the non-native arithmetic required by ECCVMRecursiveVerifier becomes prohibitively expensive if we continue sending the coefficients of SumcheckUnivariates. To address this, we have implemented a Grumpkin-based version of SmallSubgroupIPA, which assumes sending commitments to the SumcheckRound univariates. This will be done in a follow-up update.

…p generators

…flavor

iakovenkos · 2024-12-18T13:35:18Z

barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.hpp

@@ -25,6 +25,8 @@ template <IsUltraFlavor Flavor> class DeciderProver_ {
    using DeciderPK = DeciderProvingKey_<Flavor>;
    using Transcript = typename Flavor::Transcript;
    using RelationSeparator = typename Flavor::RelationSeparator;
+    using ZKSumcheckData = ZKSumcheckData<Curve, Transcript, CommitmentKey>;
+    using SmallSubgroupIPA = SmallSubgroupIPAProver<Curve, Transcript, CommitmentKey>;


GCC was complaining

github-actions · 2024-12-18T17:27:42Z

Changes to public function bytecode sizes

Generated at commit: 98afdd3a4797fb4681797b9631c9bab26215db51, compared to commit: 607dc4b090c81b7fad9f44c3b13f1f45659922ad

🧾 Summary (100% most significant diffs)

Program	Bytecode size in bytes (+/-)	%
Token::complete_refund	+1,438 ❌	+26.10%
FPC::public_dispatch	+404 ❌	+5.39%
Token::public_dispatch	+212 ❌	+0.65%

Full diff report 👇

Program	Bytecode size in bytes (+/-)	%
Token::complete_refund	6,948 (+1,438)	+26.10%
FPC::public_dispatch	7,905 (+404)	+5.39%
Token::public_dispatch	32,739 (+212)	+0.65%

codygunton

You asked for a quick style / quality review. Voila!

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp

barretenberg/cpp/src/barretenberg/ecc/curves/grumpkin/grumpkin.hpp

barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp

barretenberg/cpp/src/barretenberg/sumcheck/zk_sumcheck_data.hpp

iakovenkos · 2024-12-19T19:35:30Z

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp

+        for (size_t i = 0; i < big_sum_polynomial.size(); ++i) {
+            for (size_t j = 0; j < lagrange_first_monomial.size(); ++j) {
+                batched_polynomial.at(i + j) += big_sum_polynomial.at(i) * lagrange_first_monomial.at(j);
+            }


Yes, it's quadratic. But the polynomials are small. Max 256 coeffs.

iakovenkos · 2024-12-19T20:19:48Z

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.test.cpp

@@ -223,118 +223,4 @@ TYPED_TEST(ShpleminiTest, CorrectnessOfGeminiClaimBatching)
    EXPECT_EQ(shplemini_result, expected_result);
 }



this test got stale

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp

iakovenkos · 2024-12-20T09:27:06Z

barretenberg/cpp/src/barretenberg/sumcheck/zk_sumcheck_data.hpp

Thats's where we commit to the concatenated Libra polynomials to run the SmallSubgroupIPA opening after the sumcheck

iakovenkos · 2024-12-20T09:28:27Z

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp

+                "Libra:concatenation_eval", "Libra:shifted_big_sum_eval", "Libra:big_sum_eval", "Libra:quotient_eval"
+            };
+            const std::array<FF, 4> evaluation_points = { gemini_r, gemini_r * subgroup_generator, gemini_r, gemini_r };
+            for (size_t idx = 0; idx < 4; idx++) {


Here we batch the prover's opening claims from SmallSubgroupIPA

iakovenkos · 2024-12-20T09:29:25Z

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp

-                            RefSpan<Commitment> libra_univariate_commitments,
-                            const std::vector<Fr>& libra_univariate_evaluations,
-                            const std::vector<Fr>& multivariate_challenge,
+                            const std::array<Commitment, 3>& libra_commitments,


The verifier's batching of SmallSubgroupIPA opening claims. Adds 3 scalar muls to the big batch_mul

iakovenkos · 2024-12-20T09:31:05Z

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp

                        shplonk_batching_challenge,
                        shplonk_evaluation_challenge);
+
+            consistency_checked = SmallSubgroupIPAVerifier<Curve>::evaluations_consistency_check(


Here is the important check that the verifier has to perform. It's the most expensive part in the ECCVMRecursive context.

barretenberg/cpp/src/barretenberg/commitment_schemes/claim.hpp

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp

barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_output.hpp

barretenberg/cpp/src/barretenberg/sumcheck/zk_sumcheck_data.hpp

barretenberg/cpp/src/barretenberg/ultra_honk/decider_prover.cpp

barretenberg/cpp/src/barretenberg/ultra_honk/decider_verifier.cpp

iakovenkos · 2025-01-03T09:12:17Z

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp

-        RefSpan<Commitment> libra_univariate_commitments = {},
-        const std::vector<Fr>& libra_univariate_evaluations = {},
+        const bool has_zk = false,
+        bool* consistency_checked = nullptr,


this way, could keep it as an optional argument without polluting AVM

why bool pointer?

issue added

iakovenkos · 2025-01-03T09:17:23Z

barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp

@@ -190,7 +191,7 @@ template <typename Flavor> class SumcheckProver {
                                 const bb::RelationParameters<FF>& relation_parameters,
                                 const RelationSeparator alpha,
                                 const std::vector<FF>& gate_challenges,
-                                 ZKSumcheckData<Flavor> zk_sumcheck_data = ZKSumcheckData<Flavor>())
+                                 const std::shared_ptr<ZKData>& zk_sumcheck_data = nullptr)


using shared_ptr, could keep it const with default arg nullptr. zk_sumcheck_data itself has to be updated after each round

maramihali · 2025-01-06T12:58:41Z

barretenberg/cpp/src/barretenberg/commitment_schemes/shplonk/shplemini.hpp

-        RefSpan<Commitment> libra_univariate_commitments = {},
-        const std::vector<Fr>& libra_univariate_evaluations = {},
+        const bool has_zk = false,
+        bool* consistency_checked = nullptr,


why bool pointer?

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp

maramihali · 2025-01-06T13:06:49Z

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp

@@ -421,8 +431,11 @@ template <typename Curve> class SmallSubgroupIPAVerifier {

        // Compute the evaluations of the challenge polynomial, Lagrange first, and Lagrange last for the fixed small
        // subgroup
-        auto [challenge_poly, lagrange_first, lagrange_last] = compute_batched_barycentric_evaluations(
-            challenge_polynomial_lagrange, gemini_evaluation_challenge, subgroup_generator_inverse);
+        auto [challenge_poly, lagrange_first, lagrange_last] =


another option is to make the function return a tuple of three values (since you need them separately) and you can use std:tie here

barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp

…:AztecProtocol/aztec-packages into si/fixing-libra-commitments-and-openings

maramihali

thanks for the changes!

🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.69.1</summary> ## [0.69.1](aztec-package-v0.69.0...aztec-package-v0.69.1) (2025-01-08) ### Features * Optionally handle rpc errors with 200 + err body ([#11083](#11083)) ([b42756b](b42756b)) ### Miscellaneous * Representing `TxHash` as `Fr` ([#10954](#10954)) ([84e67ac](84e67ac)) </details> <details><summary>barretenberg.js: 0.69.1</summary> ## [0.69.1](barretenberg.js-v0.69.0...barretenberg.js-v0.69.1) (2025-01-08) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-packages: 0.69.1</summary> ## [0.69.1](aztec-packages-v0.69.0...aztec-packages-v0.69.1) (2025-01-08) ### Features * Acir formal proofs ([#10973](#10973)) ([1cb7cd7](1cb7cd7)) * **blobs:** Blob sink ([#10079](#10079)) ([94b6c86](94b6c86)) * Derive transcript structure between non-zk and zk flavors and between Ultra and UltraKeccak ([#11086](#11086)) ([48286c6](48286c6)) * Fix commitments and openings of masking polynomials used in zk sumcheck ([#10773](#10773)) ([fc48dcc](fc48dcc)) * Improve blob simulation speed ([#11075](#11075)) ([fe845e2](fe845e2)) * Improve witness generation for cycle_group::batch_mul ([#9563](#9563)) ([7da7f2b](7da7f2b)) * More efficient `compute_l2_to_l1_hash` ([#11036](#11036)) ([60d43fd](60d43fd)) * Optionally handle rpc errors with 200 + err body ([#11083](#11083)) ([b42756b](b42756b)) * Prover node checks txs availability before sending quote ([#10965](#10965)) ([b9e7109](b9e7109)), closes [#10803](#10803) * Slasher ([#10693](#10693)) ([9dad251](9dad251)) * Use unconstrained helper in `append_tx_effects_for_blob` ([#11037](#11037)) ([5355a5e](5355a5e)) * Validate block proposal txs iteratively ([#10921](#10921)) ([c92129e](c92129e)), closes [#10869](#10869) ### Bug Fixes * Add bytecode instances in reverse ([#11064](#11064)) ([036496c](036496c)) * Can't use `self.field` in trait default implementations ([#11004](#11004)) ([f31278f](f31278f)) * Check class registration nullifier in node before returning class ([#11074](#11074)) ([649b590](649b590)) * **ci:** Update docs hash ([#11082](#11082)) ([b0a8397](b0a8397)) * Optional check for architecture in bootstrap image-aztec ([#11085](#11085)) ([fed44a5](fed44a5)), closes [#10957](#10957) * Prover node retries gathering needed txs ([#11089](#11089)) ([6f07132](6f07132)) * Reset pc to 0 for next enqueued call in avm witgen ([#11043](#11043)) ([44e4816](44e4816)) * Update requests per call should be less than per tx ([#11072](#11072)) ([da5e95f](da5e95f)) * Update schema naming ([#11038](#11038)) ([547e556](547e556)) ### Miscellaneous * **avm:** Handle specific MSM errors ([#11068](#11068)) ([a5097a9](a5097a9)), closes [#10854](#10854) * **avm:** More column information in permutations ([#11070](#11070)) ([8829f24](8829f24)) * Avoid getport race conditions when starting anvil ([#11077](#11077)) ([b73f7f9](b73f7f9)) * Bump `noir-gates-diff` ([#11056](#11056)) ([e076000](e076000)) * Bump `noir-gates-diff` commit ([#11042](#11042)) ([c820a0e](c820a0e)) * Bump devnet prover agents ([#11046](#11046)) ([55de1ce](55de1ce)) * Bump rc-1 prover agents ([#11033](#11033)) ([fb58c16](fb58c16)) * **ci:** Fix CI to create baseline gate reports ([#11055](#11055)) ([e2f6905](e2f6905)) * Clean up proof lengths and IPA ([#11020](#11020)) ([800c834](800c834)) * Disable noir contracts tests until stabilized ([#11047](#11047)) ([a76b52e](a76b52e)) * Fix customTags is not iterable in e2e-prover-full ([#11057](#11057)) ([f35094f](f35094f)) * Fix invalid random log id ([#11076](#11076)) ([b1b67b0](b1b67b0)) * Fix write_recursion_inputs flow in bootstrap ([#11080](#11080)) ([cd5a615](cd5a615)) * Hide note_hashes log ([#11059](#11059)) ([d9a14d2](d9a14d2)) * Let IndexedTreeLeafPreimage have LeafPreimage as a parent trait ([#10913](#10913)) ([496a55a](496a55a)) * Load in the big dashboard during metrics install ([#11007](#11007)) ([f6f2c12](f6f2c12)) * New test that you can register, deploy, and call a public function all in one tx ([#11045](#11045)) ([5e3183c](5e3183c)) * Pass fn signatures ([#10849](#10849)) ([a2c4e98](a2c4e98)) * Patch jest to not use JSON serialization in message passing ci3 ([#10964](#10964)) ([d08f540](d08f540)) * Refactor tail public inputs ([#11031](#11031)) ([4ed1530](4ed1530)) * Remove abi refs from publisher ([#10766](#10766)) ([17d6802](17d6802)) * Remove some instances of `--silence-warnings` ([#11071](#11071)) ([ecbd59e](ecbd59e)) * Renaming getIncomingNotes ([#10743](#10743)) ([ffa7407](ffa7407)) * Replace relative paths to noir-protocol-circuits ([7194a7e](7194a7e)) * Replace relative paths to noir-protocol-circuits ([b00bd13](b00bd13)) * Replace relative paths to noir-protocol-circuits ([c4fcbc0](c4fcbc0)) * Replace relative paths to noir-protocol-circuits ([694343d](694343d)) * Representing `TxHash` as `Fr` ([#10954](#10954)) ([84e67ac](84e67ac)) * Restore `prove_then_verify` test on `verify_rollup_honk_proof` ([#11018](#11018)) ([79e289d](79e289d)) * Unify honk verifier contracts ([#11067](#11067)) ([9968849](9968849)) * Update noir-bignum to v0.5.0 ([#11066](#11066)) ([bf10a5c](bf10a5c)) * Updated aztec-spartan.sh and the README ([#11088](#11088)) ([56128a6](56128a6)) </details> <details><summary>barretenberg: 0.69.1</summary> ## [0.69.1](barretenberg-v0.69.0...barretenberg-v0.69.1) (2025-01-08) ### Features * Acir formal proofs ([#10973](#10973)) ([1cb7cd7](1cb7cd7)) * Derive transcript structure between non-zk and zk flavors and between Ultra and UltraKeccak ([#11086](#11086)) ([48286c6](48286c6)) * Fix commitments and openings of masking polynomials used in zk sumcheck ([#10773](#10773)) ([fc48dcc](fc48dcc)) * Improve witness generation for cycle_group::batch_mul ([#9563](#9563)) ([7da7f2b](7da7f2b)) ### Bug Fixes * Add bytecode instances in reverse ([#11064](#11064)) ([036496c](036496c)) * Reset pc to 0 for next enqueued call in avm witgen ([#11043](#11043)) ([44e4816](44e4816)) * Update requests per call should be less than per tx ([#11072](#11072)) ([da5e95f](da5e95f)) ### Miscellaneous * **avm:** Handle specific MSM errors ([#11068](#11068)) ([a5097a9](a5097a9)), closes [#10854](#10854) * **avm:** More column information in permutations ([#11070](#11070)) ([8829f24](8829f24)) * Clean up proof lengths and IPA ([#11020](#11020)) ([800c834](800c834)) * Fix write_recursion_inputs flow in bootstrap ([#11080](#11080)) ([cd5a615](cd5a615)) * Restore `prove_then_verify` test on `verify_rollup_honk_proof` ([#11018](#11018)) ([79e289d](79e289d)) * Unify honk verifier contracts ([#11067](#11067)) ([9968849](9968849)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).

🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.69.1</summary> ## [0.69.1](AztecProtocol/aztec-packages@aztec-package-v0.69.0...aztec-package-v0.69.1) (2025-01-08) ### Features * Optionally handle rpc errors with 200 + err body ([#11083](AztecProtocol/aztec-packages#11083)) ([b42756b](AztecProtocol/aztec-packages@b42756b)) ### Miscellaneous * Representing `TxHash` as `Fr` ([#10954](AztecProtocol/aztec-packages#10954)) ([84e67ac](AztecProtocol/aztec-packages@84e67ac)) </details> <details><summary>barretenberg.js: 0.69.1</summary> ## [0.69.1](AztecProtocol/aztec-packages@barretenberg.js-v0.69.0...barretenberg.js-v0.69.1) (2025-01-08) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-packages: 0.69.1</summary> ## [0.69.1](AztecProtocol/aztec-packages@aztec-packages-v0.69.0...aztec-packages-v0.69.1) (2025-01-08) ### Features * Acir formal proofs ([#10973](AztecProtocol/aztec-packages#10973)) ([1cb7cd7](AztecProtocol/aztec-packages@1cb7cd7)) * **blobs:** Blob sink ([#10079](AztecProtocol/aztec-packages#10079)) ([94b6c86](AztecProtocol/aztec-packages@94b6c86)) * Derive transcript structure between non-zk and zk flavors and between Ultra and UltraKeccak ([#11086](AztecProtocol/aztec-packages#11086)) ([48286c6](AztecProtocol/aztec-packages@48286c6)) * Fix commitments and openings of masking polynomials used in zk sumcheck ([#10773](AztecProtocol/aztec-packages#10773)) ([fc48dcc](AztecProtocol/aztec-packages@fc48dcc)) * Improve blob simulation speed ([#11075](AztecProtocol/aztec-packages#11075)) ([fe845e2](AztecProtocol/aztec-packages@fe845e2)) * Improve witness generation for cycle_group::batch_mul ([#9563](AztecProtocol/aztec-packages#9563)) ([7da7f2b](AztecProtocol/aztec-packages@7da7f2b)) * More efficient `compute_l2_to_l1_hash` ([#11036](AztecProtocol/aztec-packages#11036)) ([60d43fd](AztecProtocol/aztec-packages@60d43fd)) * Optionally handle rpc errors with 200 + err body ([#11083](AztecProtocol/aztec-packages#11083)) ([b42756b](AztecProtocol/aztec-packages@b42756b)) * Prover node checks txs availability before sending quote ([#10965](AztecProtocol/aztec-packages#10965)) ([b9e7109](AztecProtocol/aztec-packages@b9e7109)), closes [#10803](AztecProtocol/aztec-packages#10803) * Slasher ([#10693](AztecProtocol/aztec-packages#10693)) ([9dad251](AztecProtocol/aztec-packages@9dad251)) * Use unconstrained helper in `append_tx_effects_for_blob` ([#11037](AztecProtocol/aztec-packages#11037)) ([5355a5e](AztecProtocol/aztec-packages@5355a5e)) * Validate block proposal txs iteratively ([#10921](AztecProtocol/aztec-packages#10921)) ([c92129e](AztecProtocol/aztec-packages@c92129e)), closes [#10869](AztecProtocol/aztec-packages#10869) ### Bug Fixes * Add bytecode instances in reverse ([#11064](AztecProtocol/aztec-packages#11064)) ([036496c](AztecProtocol/aztec-packages@036496c)) * Can't use `self.field` in trait default implementations ([#11004](AztecProtocol/aztec-packages#11004)) ([f31278f](AztecProtocol/aztec-packages@f31278f)) * Check class registration nullifier in node before returning class ([#11074](AztecProtocol/aztec-packages#11074)) ([649b590](AztecProtocol/aztec-packages@649b590)) * **ci:** Update docs hash ([#11082](AztecProtocol/aztec-packages#11082)) ([b0a8397](AztecProtocol/aztec-packages@b0a8397)) * Optional check for architecture in bootstrap image-aztec ([#11085](AztecProtocol/aztec-packages#11085)) ([fed44a5](AztecProtocol/aztec-packages@fed44a5)), closes [#10957](AztecProtocol/aztec-packages#10957) * Prover node retries gathering needed txs ([#11089](AztecProtocol/aztec-packages#11089)) ([6f07132](AztecProtocol/aztec-packages@6f07132)) * Reset pc to 0 for next enqueued call in avm witgen ([#11043](AztecProtocol/aztec-packages#11043)) ([44e4816](AztecProtocol/aztec-packages@44e4816)) * Update requests per call should be less than per tx ([#11072](AztecProtocol/aztec-packages#11072)) ([da5e95f](AztecProtocol/aztec-packages@da5e95f)) * Update schema naming ([#11038](AztecProtocol/aztec-packages#11038)) ([547e556](AztecProtocol/aztec-packages@547e556)) ### Miscellaneous * **avm:** Handle specific MSM errors ([#11068](AztecProtocol/aztec-packages#11068)) ([a5097a9](AztecProtocol/aztec-packages@a5097a9)), closes [#10854](AztecProtocol/aztec-packages#10854) * **avm:** More column information in permutations ([#11070](AztecProtocol/aztec-packages#11070)) ([8829f24](AztecProtocol/aztec-packages@8829f24)) * Avoid getport race conditions when starting anvil ([#11077](AztecProtocol/aztec-packages#11077)) ([b73f7f9](AztecProtocol/aztec-packages@b73f7f9)) * Bump `noir-gates-diff` ([#11056](AztecProtocol/aztec-packages#11056)) ([e076000](AztecProtocol/aztec-packages@e076000)) * Bump `noir-gates-diff` commit ([#11042](AztecProtocol/aztec-packages#11042)) ([c820a0e](AztecProtocol/aztec-packages@c820a0e)) * Bump devnet prover agents ([#11046](AztecProtocol/aztec-packages#11046)) ([55de1ce](AztecProtocol/aztec-packages@55de1ce)) * Bump rc-1 prover agents ([#11033](AztecProtocol/aztec-packages#11033)) ([fb58c16](AztecProtocol/aztec-packages@fb58c16)) * **ci:** Fix CI to create baseline gate reports ([#11055](AztecProtocol/aztec-packages#11055)) ([e2f6905](AztecProtocol/aztec-packages@e2f6905)) * Clean up proof lengths and IPA ([#11020](AztecProtocol/aztec-packages#11020)) ([800c834](AztecProtocol/aztec-packages@800c834)) * Disable noir contracts tests until stabilized ([#11047](AztecProtocol/aztec-packages#11047)) ([a76b52e](AztecProtocol/aztec-packages@a76b52e)) * Fix customTags is not iterable in e2e-prover-full ([#11057](AztecProtocol/aztec-packages#11057)) ([f35094f](AztecProtocol/aztec-packages@f35094f)) * Fix invalid random log id ([#11076](AztecProtocol/aztec-packages#11076)) ([b1b67b0](AztecProtocol/aztec-packages@b1b67b0)) * Fix write_recursion_inputs flow in bootstrap ([#11080](AztecProtocol/aztec-packages#11080)) ([cd5a615](AztecProtocol/aztec-packages@cd5a615)) * Hide note_hashes log ([#11059](AztecProtocol/aztec-packages#11059)) ([d9a14d2](AztecProtocol/aztec-packages@d9a14d2)) * Let IndexedTreeLeafPreimage have LeafPreimage as a parent trait ([#10913](AztecProtocol/aztec-packages#10913)) ([496a55a](AztecProtocol/aztec-packages@496a55a)) * Load in the big dashboard during metrics install ([#11007](AztecProtocol/aztec-packages#11007)) ([f6f2c12](AztecProtocol/aztec-packages@f6f2c12)) * New test that you can register, deploy, and call a public function all in one tx ([#11045](AztecProtocol/aztec-packages#11045)) ([5e3183c](AztecProtocol/aztec-packages@5e3183c)) * Pass fn signatures ([#10849](AztecProtocol/aztec-packages#10849)) ([a2c4e98](AztecProtocol/aztec-packages@a2c4e98)) * Patch jest to not use JSON serialization in message passing ci3 ([#10964](AztecProtocol/aztec-packages#10964)) ([d08f540](AztecProtocol/aztec-packages@d08f540)) * Refactor tail public inputs ([#11031](AztecProtocol/aztec-packages#11031)) ([4ed1530](AztecProtocol/aztec-packages@4ed1530)) * Remove abi refs from publisher ([#10766](AztecProtocol/aztec-packages#10766)) ([17d6802](AztecProtocol/aztec-packages@17d6802)) * Remove some instances of `--silence-warnings` ([#11071](AztecProtocol/aztec-packages#11071)) ([ecbd59e](AztecProtocol/aztec-packages@ecbd59e)) * Renaming getIncomingNotes ([#10743](AztecProtocol/aztec-packages#10743)) ([ffa7407](AztecProtocol/aztec-packages@ffa7407)) * Replace relative paths to noir-protocol-circuits ([7194a7e](AztecProtocol/aztec-packages@7194a7e)) * Replace relative paths to noir-protocol-circuits ([b00bd13](AztecProtocol/aztec-packages@b00bd13)) * Replace relative paths to noir-protocol-circuits ([c4fcbc0](AztecProtocol/aztec-packages@c4fcbc0)) * Replace relative paths to noir-protocol-circuits ([694343d](AztecProtocol/aztec-packages@694343d)) * Representing `TxHash` as `Fr` ([#10954](AztecProtocol/aztec-packages#10954)) ([84e67ac](AztecProtocol/aztec-packages@84e67ac)) * Restore `prove_then_verify` test on `verify_rollup_honk_proof` ([#11018](AztecProtocol/aztec-packages#11018)) ([79e289d](AztecProtocol/aztec-packages@79e289d)) * Unify honk verifier contracts ([#11067](AztecProtocol/aztec-packages#11067)) ([9968849](AztecProtocol/aztec-packages@9968849)) * Update noir-bignum to v0.5.0 ([#11066](AztecProtocol/aztec-packages#11066)) ([bf10a5c](AztecProtocol/aztec-packages@bf10a5c)) * Updated aztec-spartan.sh and the README ([#11088](AztecProtocol/aztec-packages#11088)) ([56128a6](AztecProtocol/aztec-packages@56128a6)) </details> <details><summary>barretenberg: 0.69.1</summary> ## [0.69.1](AztecProtocol/aztec-packages@barretenberg-v0.69.0...barretenberg-v0.69.1) (2025-01-08) ### Features * Acir formal proofs ([#10973](AztecProtocol/aztec-packages#10973)) ([1cb7cd7](AztecProtocol/aztec-packages@1cb7cd7)) * Derive transcript structure between non-zk and zk flavors and between Ultra and UltraKeccak ([#11086](AztecProtocol/aztec-packages#11086)) ([48286c6](AztecProtocol/aztec-packages@48286c6)) * Fix commitments and openings of masking polynomials used in zk sumcheck ([#10773](AztecProtocol/aztec-packages#10773)) ([fc48dcc](AztecProtocol/aztec-packages@fc48dcc)) * Improve witness generation for cycle_group::batch_mul ([#9563](AztecProtocol/aztec-packages#9563)) ([7da7f2b](AztecProtocol/aztec-packages@7da7f2b)) ### Bug Fixes * Add bytecode instances in reverse ([#11064](AztecProtocol/aztec-packages#11064)) ([036496c](AztecProtocol/aztec-packages@036496c)) * Reset pc to 0 for next enqueued call in avm witgen ([#11043](AztecProtocol/aztec-packages#11043)) ([44e4816](AztecProtocol/aztec-packages@44e4816)) * Update requests per call should be less than per tx ([#11072](AztecProtocol/aztec-packages#11072)) ([da5e95f](AztecProtocol/aztec-packages@da5e95f)) ### Miscellaneous * **avm:** Handle specific MSM errors ([#11068](AztecProtocol/aztec-packages#11068)) ([a5097a9](AztecProtocol/aztec-packages@a5097a9)), closes [#10854](AztecProtocol/aztec-packages#10854) * **avm:** More column information in permutations ([#11070](AztecProtocol/aztec-packages#11070)) ([8829f24](AztecProtocol/aztec-packages@8829f24)) * Clean up proof lengths and IPA ([#11020](AztecProtocol/aztec-packages#11020)) ([800c834](AztecProtocol/aztec-packages@800c834)) * Fix write_recursion_inputs flow in bootstrap ([#11080](AztecProtocol/aztec-packages#11080)) ([cd5a615](AztecProtocol/aztec-packages@cd5a615)) * Restore `prove_then_verify` test on `verify_rollup_honk_proof` ([#11018](AztecProtocol/aztec-packages#11018)) ([79e289d](AztecProtocol/aztec-packages@79e289d)) * Unify honk verifier contracts ([#11067](AztecProtocol/aztec-packages#11067)) ([9968849](AztecProtocol/aztec-packages@9968849)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).

This PR is a follow-up to #10773

This PR is a follow-up to AztecProtocol/aztec-packages#10773

iakovenkos added 18 commits December 4, 2024 12:37

first steps

cee04ed

wip: computing the batched big sum claim poly

b859440

wip wip assessing approaches

ff70d41

enhanced zk sumcheck data struct with prover's methods, fixed subgrou…

109ac5f

…p generators

verifies, important pieces missing

e986228

consistency check added

77c386a

reduced the number of gates

0e9a384

big sum masked

d0f2dde

masked constant term + clean-up

31505cf

eccvm working

2986222

cleaning up and simplifying

4577e05

clean up + adding scalar field subgroup generators to curves

d35feb5

separated zk sumcheck data from small subgroup ipa

c9d43c6

isolated small subgroup ipa verifier methods

559626c

more clean-up

48ca947

mega with zk transcript test fixed

29f6de7

eccvm and translator transcript tests + template on curve instead of …

c37a3fc

…flavor

Merge branch 'master' into si/fixing-libra-commitments-and-openings

000347e

iakovenkos marked this pull request as ready for review December 18, 2024 10:45

bb native tests fix

537f268

iakovenkos commented Dec 18, 2024

View reviewed changes

iakovenkos and others added 3 commits December 18, 2024 16:24

gcc build fix + clean-up + bn254 flavors subgroup size increase

ad60e4a

come back to 87

e11702b

Merge branch 'master' into si/fixing-libra-commitments-and-openings

cfd31c1

codygunton reviewed Dec 18, 2024

View reviewed changes

iakovenkos added 2 commits December 18, 2024 19:57

adding tests

63a855b

added ifft for bn254 - no need to commit to sumcheck univariates

be153e6

iakovenkos commented Dec 19, 2024

View reviewed changes

iakovenkos added the crypto cryptography label Dec 19, 2024

iakovenkos added 2 commits December 20, 2024 09:09

minor clean-up

2208253

small fix

398f7de

iakovenkos commented Dec 20, 2024

View reviewed changes

barretenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp Show resolved Hide resolved

iakovenkos commented Dec 20, 2024

View reviewed changes

maramihali reviewed Jan 2, 2025

View reviewed changes

iakovenkos added 2 commits January 2, 2025 17:16

resolved comments

6ab449b

sumcheck clean-up

c7ea181

iakovenkos commented Jan 3, 2025

View reviewed changes

iakovenkos and others added 4 commits January 3, 2025 09:22

Merge branch 'master' into si/fixing-libra-commitments-and-openings

6e03b63

removed noise in docs

90b7cde

fix tests

ce8e47d

Merge branch 'master' into si/fixing-libra-commitments-and-openings

b13eb0b

maramihali reviewed Jan 7, 2025

View reviewed changes

iakovenkos added 3 commits January 7, 2025 12:02

review addressed

3c84180

Merge branch 'master' into si/fixing-libra-commitments-and-openings

7231860

Merge branch 'si/fixing-libra-commitments-and-openings' of github.com…

40792a0

…:AztecProtocol/aztec-packages into si/fixing-libra-commitments-and-openings

maramihali approved these changes Jan 7, 2025

View reviewed changes

iakovenkos merged commit fc48dcc into master Jan 7, 2025
22 checks passed

iakovenkos deleted the si/fixing-libra-commitments-and-openings branch January 7, 2025 12:39

AztecBot mentioned this pull request Jan 7, 2025

chore(master): Release 0.69.1 #11028

Merged

iakovenkos mentioned this pull request Jan 8, 2025

chore: SmallSubgroupIPA tests #11106

Merged

iakovenkos added a commit that referenced this pull request Jan 10, 2025

chore: SmallSubgroupIPA tests (#11106)

f034e2a

This PR is a follow-up to #10773

AztecBot pushed a commit to AztecProtocol/barretenberg that referenced this pull request Jan 11, 2025

chore: SmallSubgroupIPA tests (#11106)

6e7f5e3

This PR is a follow-up to AztecProtocol/aztec-packages#10773

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: fix commitments and openings of masking polynomials used in zk sumcheck #10773

feat: fix commitments and openings of masking polynomials used in zk sumcheck #10773

iakovenkos commented Dec 16, 2024 •

edited

Loading

iakovenkos Dec 18, 2024

github-actions bot commented Dec 18, 2024

codygunton left a comment

iakovenkos Dec 19, 2024

iakovenkos Dec 19, 2024

iakovenkos Dec 20, 2024

iakovenkos Dec 20, 2024

iakovenkos Dec 20, 2024

iakovenkos Dec 20, 2024

iakovenkos Jan 3, 2025

maramihali Jan 6, 2025

iakovenkos Jan 7, 2025

iakovenkos Jan 3, 2025

maramihali Jan 6, 2025

maramihali Jan 6, 2025

maramihali left a comment

		@@ -223,118 +223,4 @@ TYPED_TEST(ShpleminiTest, CorrectnessOfGeminiClaimBatching)
		EXPECT_EQ(shplemini_result, expected_result);
		}

feat: fix commitments and openings of masking polynomials used in zk sumcheck #10773

feat: fix commitments and openings of masking polynomials used in zk sumcheck #10773

Conversation

iakovenkos commented Dec 16, 2024 • edited Loading

Key Changes in this PR

Remark

Choose a reason for hiding this comment

github-actions bot commented Dec 18, 2024

Changes to public function bytecode sizes

🧾 Summary (100% most significant diffs)

codygunton left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

maramihali left a comment

Choose a reason for hiding this comment

iakovenkos commented Dec 16, 2024 •

edited

Loading