feat!: poseidon2 with compressed internal rounds and aux wires#22655
Closed
AztecBot wants to merge 11 commits into
Closed
feat!: poseidon2 with compressed internal rounds and aux wires#22655AztecBot wants to merge 11 commits into
AztecBot wants to merge 11 commits into
Conversation
AztecBot
added
ci-draft
iakovenkos
changed the base branch from
merge-train/barretenberg
to
si/poseidon2-opt-attempt
iakovenkos
changed the title
hypernova_verifier.test.cpp: `build_expected_folding_manifest` was
missing the 3 new witness commitments sent by the Mega oink prover in
round 0 after `RETURN_DATA_READ_COUNTS` and before the eta challenge.
Caused `HypernovaFoldingVerifierTests.Fold` to fail via a verifier
manifest byte-for-byte mismatch.
flavor/test_utils/proof_structures.hpp: `MegaStructuredProofBase` didn't
have fields or (de)serialization steps for w_p2_s{1,2,3}_comm, so the
`HonkTranscriptTests.StructureTest` (MegaFlavor + MegaZKFlavor) failed
at proof deserialization with a bigfield conversion error. Added 3 new
commitment fields + ordered them to match oink_prover's commit order
(after RETURN_DATA_READ_COUNTS, before LOOKUP_READ_COUNTS).
Tests all green:
- hypernova_tests: 9/9
- ultra_honk_tests: 271/271 (8 pre-existing skips)
- stdlib_poseidon2_tests: 28/28
- circuit_checker_tests: 81/81
RecursiveVerifierTest/8.SingleRecursiveVerification asserts the outer circuit's finalized gate count against HONK_RECURSION_CONSTANTS. The committed-state 7-wire encoding increases the recursive verifier's own gate count by 9745 (786327 vs 776582) — the recursive verifier materializes more witness polynomials (w_p2_s1/s2/s3 + their shifts) and has 3 additional subrelation accumulators (7 subrels for interior, 7 for terminal, 3 for entry vs the 4-wire Vandermonde variant). Verified: RecursiveVerifierTest/8.SingleRecursiveVerification PASSED after bump. bootstrap.sh test: 438/439 pass. Remaining failure is test_chonk_standalone_vks_havent_changed.sh (VK pin check) — expected given the +3 witness + shift entities; needs --update_inputs with explicit permission per CLAUDE.md's verification-key policy.
The 7-wire Poseidon2 encoding shifted the Mega VK layout (q_5 dropped,
net +1 precomputed column delta, plus misc encoding). Observed length
of `private_call.vk.key` in the regenerated Prover.toml is 139 fields.
Nargo error before this fix:
Type Array { length: 135, typ: Field } is expected to have length 135
but value Vec([Field(16), ...])
CHONK_VK_LENGTH_IN_FIELDS tracks MEGA_VK_LENGTH_IN_FIELDS.
Reverts 8521c69's direction — that commit bumped MEGA_VK_LENGTH_IN_FIELDS to match stale Prover.toml data instead of regenerating the inputs. After dropping q_5 from Mega's precomputed entities (7-wire Poseidon2 encoding), the correct VK length is 33 precomputed * 4 fr + 3 metadata = 135. Restores MEGA_VK_LENGTH_IN_FIELDS = 135 in constants.nr + constants.gen.ts and truncates the 6 stale vk.key arrays across 5 private-kernel Prover.toml files (init, inner has two, tail, tail-to-public, reset) from 139 to 135.
iakovenkos
added
ci-full
| returnTypes: [], | ||
| errorTypes: {}, | ||
| bytecode: Buffer.alloc(8, 0xfa), | ||
| verificationKey: Buffer.alloc(4448).toString('base64'), |
Contributor
There was a problem hiding this comment.
I remember struggling with this one, great cleanup!
AztecBot
added a commit
that referenced
this pull request
Apr 20, 2026
Ported from #22655 so the TS-side cleanup lands independently of the flavor change: removes the 4064 byte-size literal from the contract tests and the ~4 KB base64 VK blob from VerificationKey.makeFakeMegaHonk(). Buffer size is now derived from MEGA_VK_LENGTH_IN_FIELDS * Fr.SIZE_IN_BYTES so future Mega flavor changes only need to touch the generated constants file.
iakovenkos
pushed a commit
that referenced
this pull request
Apr 20, 2026
…22657) ## Context Follow-up to #22655 (`feat!: poseidon2 with compressed internal rounds and aux wires`) and the scope audit that started from it. The original PR surfaced a recurring pain: every time the MegaHonk flavor changes, TypeScript has to be hand-edited because several downstream call sites duplicate derived VK sizes or freeze entire VKs as inline blobs. While auditing for similar bad patterns, it became clear that a chunk of the stdlib VK module is **Plonk-era scaffolding** \u2014 pre-Honk types whose only remaining callers are themselves test-only or dead. Those classes are why the flavor-change struggle exists in TS in the first place: `VerificationKeyData.makeFakeHonk` was synthesising fake `keyAsBytes` by serializing a fake Plonk `VerificationKey`, dragging Plonk types into the Honk path. ## What this PR does (3 commits) ### 1. `chore(stdlib): remove dead mocked_keys.ts hex blob` Deletes `yarn-project/stdlib/src/abi/mocked_keys.ts`, a ~2 KB orphan Plonk VK hex blob. Grepping the monorepo: 1 declaration, 0 references. `stdlib/src/abi/index.ts` does not re-export it. ### 2. `chore(ts): use MEGA_VK_LENGTH_IN_FIELDS instead of hardcoded 4064` Ports the TS-only cleanup from #22655 so it lands independently of whether the Poseidon2 flavor change merges: - 4 call sites of `Buffer.alloc(4064)` in `aztec.js/src/contract/{contract,deploy_method}.test.ts` \u2192 `Buffer.alloc(MEGA_VK_LENGTH_IN_FIELDS * Fr.SIZE_IN_BYTES)`. - `VerificationKey.makeFakeMegaHonk()` dropped its ~4 KB base64 blob in favor of `Buffer.alloc(MEGA_VK_LENGTH_IN_FIELDS * Fr.SIZE_IN_BYTES)`. Intentionally NOT ported: the `MEGA_VK_LENGTH_IN_FIELDS 127\u2192135` bump in `constants.gen.ts`, which tracks the C++ flavor change that's not in `merge-train/barretenberg`. The ported code is layout-agnostic. ### 3. `chore(stdlib): drop Plonk VerificationKey/CommitmentMap/G1AffineElement` Deletes the entire Plonk-era VK scaffold. Nothing reads it off the wire and nothing in Honk needs it: - **`VerificationKey`** (Plonk class with `CommitmentMap` of `{Q_1, SIGMA_1, ...}`, `containsRecursiveProof`, `recursiveProofPublicInputIndices`): zero non-test callers. Every caller was itself dead (`makeVerificationKey` factory, a one-off round-trip test, or the Honk `VerificationKeyData` fake helpers that were using it as a source of placeholder bytes). - **`CommitmentMap`** and **`G1AffineElement`**: only referenced by `VerificationKey`. Gone. - **`CircuitType` enum** (`STANDARD`/`ULTRA`) in `stdlib/src/types/shared.ts`: only existed to type-tag Plonk VKs. Gone. - **`makeVerificationKey`** in `stdlib/src/tests/factories.ts`: exported but not imported anywhere. - **`'can deserialize vk built by noir'` test**: round-tripped an inline ~2 KB Plonk VK hex; cannot parse any current protocol VK. - **`VerificationKeyData.makeFakeHonk` / `makeFakeRollupHonk`**: now synthesize `keyAsBytes` from `VerificationKeyAsFields.toBuffer()` (the real Honk serialization) instead of from a fake Plonk VK. `makeFake(len)` had zero callers and was removed. - **`VerificationKey.makeFakeMegaHonk()`**: its one remaining caller (`pxe/.../private_kernel_execution_prover.test.ts`) now inlines `Buffer.alloc(MEGA_VK_LENGTH_IN_FIELDS * Fr.SIZE_IN_BYTES)`. Net: \u2212209 lines from `stdlib/src/vks/verification_key.ts` plus the shared / factories / pxe updates. ## Scope audit (gist) https://gist.github.com/AztecBot/67c6cc69458f63c296d0557b2e598632 (updated) ## Verification `grep` across `yarn-project/` confirms **zero** remaining references to `VerificationKey.makeFake`, `VerificationKey.makeFakeMegaHonk`, `VerificationKey.fromBuffer`, `new VerificationKey(`, `CommitmentMap`, `G1AffineElement`, `CircuitType`, or `makeVerificationKey`. Remaining hits for the string `VerificationKey` are unrelated (`VerificationKeyAsFields`, `VerificationKeyData`, `PrivateVerificationKeyHints`, `VerificationKeyNoir` type binding, `computeVerificationKeyHash`, `makeProofAndVerificationKey`).
dipkakwani
pushed a commit
to dipkakwani/aztec-packages
that referenced
this pull request
Apr 22, 2026
BEGIN_COMMIT_OVERRIDE chore: genericize databus (AztecProtocol#22648) chore(ts): drop dead Plonk VK scaffolding and port AztecProtocol#22655 TS cleanup (AztecProtocol#22657) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
adds 3 extra wires to reduce sumcheck's prover work spent on evaluating compressed Poseidon2 relations