feat: Implement native reconstruction from public inputs for AffineElement, bb::fq, and bb::fr#15774
Merged
federicobarbacovi merged 35 commits intoJul 17, 2025
Conversation
We modify the Merge protocol so that it enforces that the subtable polynomial `t_j` has degree smaller than `subtable_size` as read from the proof. Closes AztecProtocol/barretenberg#1442 **Details** As per the linked issue, we want to support ecc operations in app circuits. To ensure that app ecc ops do not modify ecc ops that happened before them, we need to ensure that the subtable length `t.size()` is smaller than the constant `l` by which we right shift `T_prev`. This is to ensure that `t + X^{l-1} T_prev` is indeed the polynomial corresponding to the column `t || T_prev`. We enforce this degree check in the merge protocol by requiring the prover to commit to `g(X) := X^{l-1} t(1/X)` and provide openings `c`, `d` of `t`, `g` at challenges `1/kappa`, `kappa`, respectively, for which we check `c * kappa^{l-1} = d`. To save on the number of MSMs performed, we use Shplonk to verify the following claims: - `t(X)` opens to `c` at `1/kappa` - `p(X) = t(X) + X^{l-1} T_prev(X) - T(X)` opens to `0` at `kappa` - `g(X) := X^{l-1} t(1/X)` opens to `d` at `kappa` --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: sergei iakovenko <105737703+iakovenkos@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: Suyash Bagad <suyash@aztecprotocol.com> Co-authored-by: Jonathan Hao <jonathan@aztec-labs.com> Co-authored-by: ledwards2225 <98505400+ledwards2225@users.noreply.github.com> Co-authored-by: Raju Krishnamoorthy <krishnamoorthy@gmail.com> Co-authored-by: notnotraju <raju@aztec-labs.com> Co-authored-by: Lucas Xia <lucasxia01@gmail.com> Co-authored-by: Khashayar Barooti <khashayar@aztecprotocol.com> Co-authored-by: Jean M <132435771+jeanmon@users.noreply.github.com> Co-authored-by: Alex Gherghisan <alexghr@users.noreply.github.com> Co-authored-by: Santiago Palladino <spalladino@users.noreply.github.com> Co-authored-by: Santiago Palladino <santiago@aztec-labs.com> Co-authored-by: ludamad <domuradical@gmail.com> Co-authored-by: maramihali <mara@aztecprotocol.com>
Restore accidentally deleted files in a previous PR. #15562
In my [previous PR](#15427), I moved the `GateSeparatorPolynomial` into the SumcheckProver class as a member, which extended its lifetime and increased memory usage in CIVC by the size of this polynomial, e.g. by 21 MB in `ecdsar1+transfer_0_recursions+sponsored_fpc` bench
This makes `SharedShiftedVirtualZeroesArray` holds an abstract BackingMemory. When `BB_SLOW_LOW_MEMORY=1` or when the `--slow_low_memory` runtime flag is enabled, `BackingMemory` will be `FileBackedMemory`. The memory is `mmap`ed to physical files so in memory-constrained environment, it won't be OOM. Otherwise, `BackingMemory` is `AlignedMemory` and the behavior is unchanged. See AztecProtocol/barretenberg#1456 for more contexts.
- Move the CIVC cli to use the new bbapi API - add placeholder for UH implementation - rename bbrpc => bbapi - bundle some CI changes, auto rebase script and bench_ivc tweaks
…b/reconstruct_from_public_affine_element
federicobarbacovi
changed the title
AffineElementAffineElement, bb::fq, and bb::fr`
federicobarbacovi
changed the title
AffineElement, bb::fq, and bb::fr`AffineElement, bb::fq, and bb::fr
ledwards2225
approved these changes
Jul 17, 2025
ledwards2225
left a comment
ledwards2225
left a comment
Contributor
There was a problem hiding this comment.
Looks great, thanks for this! Seems like you can simplify even further by using affine_element::reconstruct_from_public in a couple places
| static PairingPoints reconstruct_from_public(const std::span<const Fr, PAIRING_POINTS_SIZE>& limbs_in) | ||
| static PairingPoints reconstruct_from_public(const std::span<Fr, PAIRING_POINTS_SIZE>& limbs_in) | ||
| { | ||
| const size_t FRS_PER_FQ = 4; |
Contributor
There was a problem hiding this comment.
Can this be replaced by a constant owned by Fq or defined somewhere more centrally? I think there are many versions of this constant running around
Contributor
Author
There was a problem hiding this comment.
Ideally, I would like this to be a member of field. However, field is used both for fq, fr and secp256k1, secp256r1 curves. For this reason, I opted for defining the constants FQ_PUBLIC_INPUT_SIZE and FR_PUBLIC_INPUT_SIZE in fq.hpp and fr.hpp. If we decide to standardise, we can add a constant PUBLIC_INPUT_SIZE to the Params_ class we pass as a template to field. This would require deciding how to represent points in the base fields of secp256k1 and secp256r1 as public inputs.
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jul 17, 2025
See [merge-train-readme.md](https://github.com/AztecProtocol/aztec-packages/blob/next/.github/workflows/merge-train-readme.md). BEGIN_COMMIT_OVERRIDE feat: Implement native reconstruction from public inputs for `AffineElement`, `bb::fq`, and `bb::fr` (#15774) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Co-authored-by: sergei iakovenko <105737703+iakovenkos@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: Suyash Bagad <suyash@aztecprotocol.com> Co-authored-by: Jonathan Hao <jonathan@aztec-labs.com> Co-authored-by: ledwards2225 <98505400+ledwards2225@users.noreply.github.com> Co-authored-by: Raju Krishnamoorthy <krishnamoorthy@gmail.com> Co-authored-by: notnotraju <raju@aztec-labs.com> Co-authored-by: Lucas Xia <lucasxia01@gmail.com> Co-authored-by: Khashayar Barooti <khashayar@aztecprotocol.com> Co-authored-by: Jean M <132435771+jeanmon@users.noreply.github.com> Co-authored-by: Alex Gherghisan <alexghr@users.noreply.github.com> Co-authored-by: Santiago Palladino <spalladino@users.noreply.github.com> Co-authored-by: Santiago Palladino <santiago@aztec-labs.com> Co-authored-by: ludamad <domuradical@gmail.com> Co-authored-by: maramihali <mara@aztecprotocol.com> Co-authored-by: Sarkoxed <75146596+Sarkoxed@users.noreply.github.com>
federicobarbacovi
added a commit
that referenced
this pull request
Jul 18, 2025
commit 2a5f380 Author: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Date: Fri Jul 18 11:25:25 2025 +0000 Fixes commit 62c7260 Merge: f96e42c ae67a84 Author: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Date: Fri Jul 18 11:20:24 2025 +0000 Merge remote-tracking branch 'origin/merge-train/barretenberg' into fb/native_io_mechanism commit f96e42c Author: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Date: Fri Jul 18 11:17:55 2025 +0000 Introduce native IO mechanism and update ultra verifier interface commit 9c85f50 Author: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Date: Fri Jul 18 09:43:37 2025 +0000 Changes to function signatures commit 1885708 Author: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Date: Thu Jul 17 18:00:17 2025 +0200 feat: Implement native reconstruction from public inputs for `AffineElement`, `bb::fq`, and `bb::fr` (#15774) We make public input reconstruction in native land more idiomatic by introducing `reconstruct_from_public` method for `fq`, `fr`, and `affine_element`. --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: sergei iakovenko <105737703+iakovenkos@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: Suyash Bagad <suyash@aztecprotocol.com> Co-authored-by: Jonathan Hao <jonathan@aztec-labs.com> Co-authored-by: ledwards2225 <98505400+ledwards2225@users.noreply.github.com> Co-authored-by: Raju Krishnamoorthy <krishnamoorthy@gmail.com> Co-authored-by: notnotraju <raju@aztec-labs.com> Co-authored-by: Lucas Xia <lucasxia01@gmail.com> Co-authored-by: Khashayar Barooti <khashayar@aztecprotocol.com> Co-authored-by: Jean M <132435771+jeanmon@users.noreply.github.com> Co-authored-by: Alex Gherghisan <alexghr@users.noreply.github.com> Co-authored-by: Santiago Palladino <spalladino@users.noreply.github.com> Co-authored-by: Santiago Palladino <santiago@aztec-labs.com> Co-authored-by: ludamad <domuradical@gmail.com> Co-authored-by: maramihali <mara@aztecprotocol.com> Co-authored-by: Sarkoxed <75146596+Sarkoxed@users.noreply.github.com> commit d218481 Merge: 5380e55 afc8002 Author: AztecBot <tech@aztecprotocol.com> Date: Thu Jul 17 15:14:28 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 5380e55 Merge: 9ac2ef8 4023da4 Author: AztecBot <tech@aztecprotocol.com> Date: Thu Jul 17 14:53:32 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 9ac2ef8 Merge: 8b71509 710c791 Author: AztecBot <tech@aztecprotocol.com> Date: Thu Jul 17 11:48:55 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 8b71509 Merge: 7ea4056 4aeb094 Author: AztecBot <tech@aztecprotocol.com> Date: Thu Jul 17 09:01:52 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 7ea4056 Merge: ad3dea5 980391a Author: AztecBot <tech@aztecprotocol.com> Date: Thu Jul 17 06:19:25 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit ad3dea5 Merge: 8456fac 0ab34ee Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 22:51:35 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 8456fac Merge: de7c071 445db95 Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 22:26:26 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit de7c071 Merge: 0968cf0 9bbff1b Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 22:04:07 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 0968cf0 Merge: 921cd03 69bcc53 Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 21:57:40 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 921cd03 Merge: 29c5a1f 03138c4 Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 18:45:54 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 29c5a1f Merge: 6cd32ca 6205381 Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 17:59:18 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 6cd32ca Merge: 6893736 1891f8d Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 16:55:29 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 6893736 Merge: 9f27abb 5988a35 Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 16:44:00 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 9f27abb Author: AztecBot <tech@aztecprotocol.com> Date: Wed Jul 16 16:21:05 2025 +0000 [empty] Start merge-train. Choo choo.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As per title, the motivation is to make public input reconstruction in native land more idiomatic and similar to what we do in recursive land with the IO mechanism