From 7d606f84b2a151228efd123c46e98635bc5d99cc Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 7 May 2024 19:48:15 +0000 Subject: [PATCH 1/4] Try extra commitment key --- .../client_ivc/client_ivc.test.cpp | 94 ++++++++++--------- .../goblin_translator_prover.cpp | 2 +- 2 files changed, 51 insertions(+), 45 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index 0dd189112b84..bae42e96b04e 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -113,53 +113,59 @@ class ClientIVCTests : public ::testing::Test { */ // TODO fix with https://github.com/AztecProtocol/barretenberg/issues/930 // intermittent failures, presumably due to uninitialized memory -TEST_F(ClientIVCTests, DISABLED_Full) +TEST_F(ClientIVCTests, Full) { - using VerificationKey = Flavor::VerificationKey; - - ClientIVC ivc; - // Initialize IVC with function circuit - Builder function_circuit = create_mock_circuit(ivc); - ivc.initialize(function_circuit); - - auto function_vk = std::make_shared(ivc.prover_fold_output.accumulator->proving_key); - auto foo_verifier_instance = std::make_shared(function_vk); - // Accumulate kernel circuit (first kernel mocked as simple circuit since no folding proofs yet) - Builder kernel_circuit = create_mock_circuit(ivc); - FoldProof kernel_fold_proof = ivc.accumulate(kernel_circuit); - // This will have a different verification key because we added the recursive merge verification to the circuit - auto function_vk_with_merge = std::make_shared(ivc.prover_instance->proving_key); - auto kernel_vk = function_vk_with_merge; - auto intermediary_acc = update_accumulator_and_decide_native( - ivc.prover_fold_output.accumulator, kernel_fold_proof, foo_verifier_instance, kernel_vk); - - VerifierFoldData kernel_fold_output = { kernel_fold_proof, function_vk_with_merge }; - size_t NUM_CIRCUITS = 1; - for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) { - // Accumulate function circuit - Builder function_circuit = create_mock_circuit(ivc); - FoldProof function_fold_proof = ivc.accumulate(function_circuit); + const auto run_test = []() { + using VerificationKey = Flavor::VerificationKey; - intermediary_acc = update_accumulator_and_decide_native( - ivc.prover_fold_output.accumulator, function_fold_proof, intermediary_acc, function_vk_with_merge); + ClientIVC ivc; + // Initialize IVC with function circuit + Builder function_circuit = create_mock_circuit(ivc); + ivc.initialize(function_circuit); - VerifierFoldData function_fold_output = { function_fold_proof, function_vk_with_merge }; - // Accumulate kernel circuit - Builder kernel_circuit{ ivc.goblin.op_queue }; - foo_verifier_instance = construct_mock_folding_kernel( - kernel_circuit, kernel_fold_output, function_fold_output, foo_verifier_instance); + auto function_vk = std::make_shared(ivc.prover_fold_output.accumulator->proving_key); + auto foo_verifier_instance = std::make_shared(function_vk); + // Accumulate kernel circuit (first kernel mocked as simple circuit since no folding proofs yet) + Builder kernel_circuit = create_mock_circuit(ivc); FoldProof kernel_fold_proof = ivc.accumulate(kernel_circuit); - kernel_vk = std::make_shared(ivc.prover_instance->proving_key); - - intermediary_acc = update_accumulator_and_decide_native( - ivc.prover_fold_output.accumulator, kernel_fold_proof, intermediary_acc, kernel_vk); - - VerifierFoldData kernel_fold_output = { kernel_fold_proof, kernel_vk }; + // This will have a different verification key because we added the recursive merge verification to the circuit + auto function_vk_with_merge = std::make_shared(ivc.prover_instance->proving_key); + auto kernel_vk = function_vk_with_merge; + auto intermediary_acc = update_accumulator_and_decide_native( + ivc.prover_fold_output.accumulator, kernel_fold_proof, foo_verifier_instance, kernel_vk); + + VerifierFoldData kernel_fold_output = { kernel_fold_proof, function_vk_with_merge }; + size_t NUM_CIRCUITS = 1; + for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) { + // Accumulate function circuit + Builder function_circuit = create_mock_circuit(ivc); + FoldProof function_fold_proof = ivc.accumulate(function_circuit); + + intermediary_acc = update_accumulator_and_decide_native( + ivc.prover_fold_output.accumulator, function_fold_proof, intermediary_acc, function_vk_with_merge); + + VerifierFoldData function_fold_output = { function_fold_proof, function_vk_with_merge }; + // Accumulate kernel circuit + Builder kernel_circuit{ ivc.goblin.op_queue }; + foo_verifier_instance = construct_mock_folding_kernel( + kernel_circuit, kernel_fold_output, function_fold_output, foo_verifier_instance); + FoldProof kernel_fold_proof = ivc.accumulate(kernel_circuit); + kernel_vk = std::make_shared(ivc.prover_instance->proving_key); + + intermediary_acc = update_accumulator_and_decide_native( + ivc.prover_fold_output.accumulator, kernel_fold_proof, intermediary_acc, kernel_vk); + + VerifierFoldData kernel_fold_output = { kernel_fold_proof, kernel_vk }; + } + + // Constuct four proofs: merge, eccvm, translator, decider + auto proof = ivc.prove(); + auto inst = std::make_shared(kernel_vk); + // Verify all four proofs + EXPECT_TRUE(ivc.verify(proof, { foo_verifier_instance, inst })); + }; + for (size_t idx = 0; idx < 256; idx++) { + info("run ", idx); + run_test(); } - - // Constuct four proofs: merge, eccvm, translator, decider - auto proof = ivc.prove(); - auto inst = std::make_shared(kernel_vk); - // Verify all four proofs - EXPECT_TRUE(ivc.verify(proof, { foo_verifier_instance, inst })); }; \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index 52776acbe42d..aeaccb53564c 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -19,7 +19,7 @@ GoblinTranslatorProver::GoblinTranslatorProver(CircuitBuilder& circuit_builder, // Compute total number of gates, dyadic circuit size, etc. key = std::make_shared(circuit_builder); compute_witness(circuit_builder); - compute_commitment_key(key->circuit_size); + compute_commitment_key(16 * key->circuit_size); } /** From db354413c03db389fce2e92916e1fe3c3fb85384 Mon Sep 17 00:00:00 2001 From: codygunton Date: Tue, 7 May 2024 22:38:41 +0000 Subject: [PATCH 2/4] A reproducible failure! --- .../cpp/src/barretenberg/client_ivc/client_ivc.test.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index bae42e96b04e..2d9a67b93878 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -164,7 +164,8 @@ TEST_F(ClientIVCTests, Full) // Verify all four proofs EXPECT_TRUE(ivc.verify(proof, { foo_verifier_instance, inst })); }; - for (size_t idx = 0; idx < 256; idx++) { + for (size_t idx = 192; idx < 256; idx++) { + numeric::get_debug_randomness(true, idx); info("run ", idx); run_test(); } From e31f78450c828d4327baf5b28176436c011f1ef2 Mon Sep 17 00:00:00 2001 From: codygunton Date: Mon, 6 May 2024 20:12:47 +0000 Subject: [PATCH 3/4] Get rid of proof refs --- barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp | 4 ++-- barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp | 4 ++-- .../cpp/src/barretenberg/protogalaxy/decider_prover.cpp | 4 ++-- .../cpp/src/barretenberg/protogalaxy/decider_prover.hpp | 4 ++-- .../barretenberg/translator_vm/goblin_translator_prover.cpp | 4 ++-- .../barretenberg/translator_vm/goblin_translator_prover.hpp | 4 ++-- barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp | 4 ++-- barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp | 4 ++-- barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp | 4 ++-- barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp | 4 ++-- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp index ea860e1e4c71..538963c3f29f 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp @@ -184,13 +184,13 @@ void ECCVMProver::execute_transcript_consistency_univariate_opening_round() translation_batching_challenge_v = transcript->template get_challenge("Translation:batching_challenge"); } -HonkProof& ECCVMProver::export_proof() +HonkProof ECCVMProver::export_proof() { proof = transcript->export_proof(); return proof; } -HonkProof& ECCVMProver::construct_proof() +HonkProof ECCVMProver::construct_proof() { BB_OP_COUNT_TIME_NAME("ECCVMProver::construct_proof"); diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp index a4f99d8cde0e..24c6349d20ea 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp @@ -37,8 +37,8 @@ class ECCVMProver { BB_PROFILE void execute_zeromorph_rounds(); BB_PROFILE void execute_transcript_consistency_univariate_opening_round(); - HonkProof& export_proof(); - HonkProof& construct_proof(); + HonkProof export_proof(); + HonkProof construct_proof(); std::shared_ptr transcript; diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp index 7c17c906600e..d7209c084b3d 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.cpp @@ -49,13 +49,13 @@ template void DeciderProver_::execute_zeromorph_r transcript); } -template HonkProof& DeciderProver_::export_proof() +template HonkProof DeciderProver_::export_proof() { proof = transcript->proof_data; return proof; } -template HonkProof& DeciderProver_::construct_proof() +template HonkProof DeciderProver_::construct_proof() { BB_OP_COUNT_TIME_NAME("Decider::construct_proof"); diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp index 977605f5a7db..3df1166b635e 100644 --- a/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/protogalaxy/decider_prover.hpp @@ -30,8 +30,8 @@ template class DeciderProver_ { BB_PROFILE void execute_relation_check_rounds(); BB_PROFILE void execute_zeromorph_rounds(); - HonkProof& export_proof(); - HonkProof& construct_proof(); + HonkProof export_proof(); + HonkProof construct_proof(); std::shared_ptr accumulator; diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp index aeaccb53564c..cf8872692482 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.cpp @@ -183,13 +183,13 @@ void GoblinTranslatorProver::execute_zeromorph_rounds() key->polynomials.get_concatenation_groups()); } -HonkProof& GoblinTranslatorProver::export_proof() +HonkProof GoblinTranslatorProver::export_proof() { proof = transcript->export_proof(); return proof; } -HonkProof& GoblinTranslatorProver::construct_proof() +HonkProof GoblinTranslatorProver::construct_proof() { BB_OP_COUNT_TIME_NAME("GoblinTranslatorProver::construct_proof"); diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp index 077632dfc044..8dedc08ae413 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_prover.hpp @@ -37,8 +37,8 @@ class GoblinTranslatorProver { BB_PROFILE void execute_grand_product_computation_round(); BB_PROFILE void execute_relation_check_rounds(); BB_PROFILE void execute_zeromorph_rounds(); - HonkProof& export_proof(); - HonkProof& construct_proof(); + HonkProof export_proof(); + HonkProof construct_proof(); std::shared_ptr transcript = std::make_shared(); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp index 7030f194cb40..3a2a9e58f702 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.cpp @@ -66,13 +66,13 @@ template void UltraProver_::execute_zeromorph_rou transcript); } -template HonkProof& UltraProver_::export_proof() +template HonkProof UltraProver_::export_proof() { proof = transcript->proof_data; return proof; } -template HonkProof& UltraProver_::construct_proof() +template HonkProof UltraProver_::construct_proof() { OinkProver oink_prover(instance->proving_key, transcript); auto [proving_key, relation_params, alphas] = oink_prover.prove(); diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp index 279890e614bd..9c7a34308f9e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_prover.hpp @@ -51,8 +51,8 @@ template class UltraProver_ { BB_PROFILE void execute_relation_check_rounds(); BB_PROFILE void execute_zeromorph_rounds(); - HonkProof& export_proof(); - HonkProof& construct_proof(); + HonkProof export_proof(); + HonkProof construct_proof(); private: HonkProof proof; diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp index feb378a13269..10836915bf79 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.cpp @@ -684,13 +684,13 @@ void AvmProver::execute_zeromorph_rounds() transcript); } -HonkProof& AvmProver::export_proof() +HonkProof AvmProver::export_proof() { proof = transcript->proof_data; return proof; } -HonkProof& AvmProver::construct_proof() +HonkProof AvmProver::construct_proof() { // Add circuit size public input size and public inputs to transcript. execute_preamble_round(); diff --git a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp index 47e2603a9caa..74d504446a30 100644 --- a/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/generated/avm_prover.hpp @@ -32,8 +32,8 @@ class AvmProver { void execute_relation_check_rounds(); void execute_zeromorph_rounds(); - HonkProof& export_proof(); - HonkProof& construct_proof(); + HonkProof export_proof(); + HonkProof construct_proof(); std::shared_ptr transcript = std::make_shared(); From 5cd6d96b995d17fd9508fad9cb327d6db28532aa Mon Sep 17 00:00:00 2001 From: codygunton Date: Thu, 9 May 2024 21:25:39 +0000 Subject: [PATCH 4/4] Debugging logs --- .../client_ivc/client_ivc.test.cpp | 4 +- .../eccvm/eccvm_builder_types.hpp | 11 ++++ .../eccvm/eccvm_circuit_builder.hpp | 63 ++++++++++--------- .../src/barretenberg/eccvm/eccvm_verifier.cpp | 2 + .../src/barretenberg/eccvm/msm_builder.hpp | 28 +++++++++ .../flavor/relation_definitions.hpp | 1 - .../cpp/src/barretenberg/goblin/goblin.hpp | 6 +- .../barretenberg/transcript/transcript.hpp | 2 +- .../goblin_translator_verifier.cpp | 9 ++- 9 files changed, 90 insertions(+), 36 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp index 2d9a67b93878..396c77f8334d 100644 --- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp +++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp @@ -1,4 +1,5 @@ #include "barretenberg/client_ivc/client_ivc.hpp" +#include "barretenberg/eccvm/eccvm_trace_checker.hpp" #include "barretenberg/goblin/goblin.hpp" #include "barretenberg/goblin/mock_circuits.hpp" #include "barretenberg/stdlib_circuit_builders/goblin_ultra_circuit_builder.hpp" @@ -160,11 +161,12 @@ TEST_F(ClientIVCTests, Full) // Constuct four proofs: merge, eccvm, translator, decider auto proof = ivc.prove(); + EXPECT_TRUE(ECCVMTraceChecker::check(*(ivc.goblin.eccvm_builder), &engine)); auto inst = std::make_shared(kernel_vk); // Verify all four proofs EXPECT_TRUE(ivc.verify(proof, { foo_verifier_instance, inst })); }; - for (size_t idx = 192; idx < 256; idx++) { + for (size_t idx = 84; idx < 256; idx++) { numeric::get_debug_randomness(true, idx); info("run ", idx); run_test(); diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_builder_types.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_builder_types.hpp index 2db0d13abf28..7674450868f0 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_builder_types.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_builder_types.hpp @@ -33,6 +33,17 @@ template struct VMOperation { return res; } bool operator==(const VMOperation& other) const = default; + void print() const + { + info("add : ", add); + info("mul : ", mul); + info("eq : ", eq); + info("reset : ", reset); + info("base_point : ", base_point); + info("z1 : ", z1); + info("z2 : ", z2); + info("mul_scalar_full: ", mul_scalar_full); + } }; template struct ScalarMul { uint32_t pc; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_circuit_builder.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_circuit_builder.hpp index 7f49af86030b..44155bba5342 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_circuit_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_circuit_builder.hpp @@ -119,6 +119,8 @@ class ECCVMCircuitBuilder { size_t op_idx = 0; // populate opqueue and mul indices for (const auto& op : raw_ops) { + info("op index: ", op_idx); + op.print(); if (op.mul) { if (op.z1 != 0 || op.z2 != 0) { msm_opqueue_index.push_back(op_idx); @@ -148,38 +150,36 @@ class ECCVMCircuitBuilder { msm.resize(msm_sizes[i]); } - run_loop_in_parallel(msm_opqueue_index.size(), [&](size_t start, size_t end) { - for (size_t i = start; i < end; i++) { - const auto& op = raw_ops[msm_opqueue_index[i]]; - auto [msm_index, mul_index] = msm_mul_index[i]; - if (op.z1 != 0) { - ASSERT(result.size() > msm_index); - ASSERT(result[msm_index].size() > mul_index); - result[msm_index][mul_index] = (ScalarMul{ - .pc = 0, - .scalar = op.z1, - .base_point = op.base_point, - .wnaf_digits = compute_wnaf_digits(op.z1), - .wnaf_skew = (op.z1 & 1) == 0, - .precomputed_table = compute_precomputed_table(op.base_point), - }); - mul_index++; - } - if (op.z2 != 0) { - ASSERT(result.size() > msm_index); - ASSERT(result[msm_index].size() > mul_index); - auto endo_point = AffineElement{ op.base_point.x * FF::cube_root_of_unity(), -op.base_point.y }; - result[msm_index][mul_index] = (ScalarMul{ - .pc = 0, - .scalar = op.z2, - .base_point = endo_point, - .wnaf_digits = compute_wnaf_digits(op.z2), - .wnaf_skew = (op.z2 & 1) == 0, - .precomputed_table = compute_precomputed_table(endo_point), - }); - } + for (size_t i = 0; i < msm_opqueue_index.size(); i++) { + const auto& op = raw_ops[msm_opqueue_index[i]]; + auto [msm_index, mul_index] = msm_mul_index[i]; + if (op.z1 != 0) { + ASSERT(result.size() > msm_index); + ASSERT(result[msm_index].size() > mul_index); + result[msm_index][mul_index] = (ScalarMul{ + .pc = 0, + .scalar = op.z1, + .base_point = op.base_point, + .wnaf_digits = compute_wnaf_digits(op.z1), + .wnaf_skew = (op.z1 & 1) == 0, + .precomputed_table = compute_precomputed_table(op.base_point), + }); + mul_index++; + } + if (op.z2 != 0) { + ASSERT(result.size() > msm_index); + ASSERT(result[msm_index].size() > mul_index); + auto endo_point = AffineElement{ op.base_point.x * FF::cube_root_of_unity(), -op.base_point.y }; + result[msm_index][mul_index] = (ScalarMul{ + .pc = 0, + .scalar = op.z2, + .base_point = endo_point, + .wnaf_digits = compute_wnaf_digits(op.z2), + .wnaf_skew = (op.z2 & 1) == 0, + .precomputed_table = compute_precomputed_table(endo_point), + }); } - }); + }; // update pc. easier to do this serially but in theory could be optimised out // We start pc at `num_muls` and decrement for each mul processed. @@ -190,6 +190,7 @@ class ECCVMCircuitBuilder { // sumcheck relations that involve pc (if we did the other way around, starting at 1 and ending at num_muls, // we create a discontinuity in pc values between the last transcript row and the following empty row) uint32_t pc = num_muls; + // index of bad sm is [38], [0] for (auto& msm : result) { for (auto& mul : msm) { mul.pc = pc; diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp index 6b9e01b70696..81ffcb408ef1 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp @@ -133,6 +133,8 @@ bool ECCVMVerifier::verify_proof(const HonkProof& proof) // If Sumcheck did not verify, return false if (sumcheck_verified.has_value() && !sumcheck_verified.value()) { + ASSERT(sumcheck_verified.value()); + info("ECCVM sumcheck verification failed"); return false; } diff --git a/barretenberg/cpp/src/barretenberg/eccvm/msm_builder.hpp b/barretenberg/cpp/src/barretenberg/eccvm/msm_builder.hpp index 69f4871eb91d..b3a79f60e9d6 100644 --- a/barretenberg/cpp/src/barretenberg/eccvm/msm_builder.hpp +++ b/barretenberg/cpp/src/barretenberg/eccvm/msm_builder.hpp @@ -36,6 +36,14 @@ class ECCVMMSMMBuilder { AffineElement point{ 0, 0 }; FF lambda = 0; FF collision_inverse = 0; + void print() const + { + info(" add :", add); + info(" slice :", slice); + info(" point :", point); + info(" lambda :", lambda); + info(" collision_inverse :", collision_inverse); + } }; std::array add_state{ AddState{ false, 0, { 0, 0 }, 0, 0 }, AddState{ false, 0, { 0, 0 }, 0, 0 }, @@ -43,6 +51,23 @@ class ECCVMMSMMBuilder { AddState{ false, 0, { 0, 0 }, 0, 0 } }; FF accumulator_x = 0; FF accumulator_y = 0; + + void print() const + { + info("pc : ", pc); + info("msm_size : ", msm_size); + info("msm_count : ", msm_count); + info("msm_round : ", msm_round); + info("msm_transition : ", msm_transition); + info("q_add : ", q_add); + info("q_double : ", q_double); + info("q_skew : ", q_skew); + for (const auto& state : add_state) { + state.print(); + } + info("accumulator_x : ", accumulator_x); + info("accumulator_y : ", accumulator_y); + }; }; /** @@ -469,6 +494,9 @@ class ECCVMMSMMBuilder { typename MSMRow::AddState{ false, 0, AffineElement{ 0, 0 }, 0, 0 }, typename MSMRow::AddState{ false, 0, AffineElement{ 0, 0 }, 0, 0 } }; + msm_rows[2697].print(); + info("printed the failing row"); + return { msm_rows, point_table_read_counts }; } }; diff --git a/barretenberg/cpp/src/barretenberg/flavor/relation_definitions.hpp b/barretenberg/cpp/src/barretenberg/flavor/relation_definitions.hpp index 0b1fed6342ee..c06bfb552cac 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/relation_definitions.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/relation_definitions.hpp @@ -23,7 +23,6 @@ RelationImpl::MethodName>::AccumulatorType, EdgeType(Flavor)>( \ EdgeType(Flavor) const&, RelationParameters const&); -#define SUMCHECK_RELATION_CLASS(...) _SUMCHECK_RELATION_CLASS(__VA_ARGS__) #define DEFINE_SUMCHECK_RELATION_CLASS(RelationImpl, Flavor) \ ACCUMULATE(RelationImpl, Flavor, SumcheckTupleOfUnivariatesOverSubrelations, ExtendedEdge) \ ACCUMULATE(RelationImpl, Flavor, SumcheckArrayOfValuesOverSubrelations, EvaluationEdge) \ diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp index 3823a5100598..f62e3ab7b00c 100644 --- a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp +++ b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp @@ -82,13 +82,13 @@ class Goblin { // on the first call to accumulate there is no merge proof to verify bool merge_proof_exists{ false }; - private: // TODO(https://github.com/AztecProtocol/barretenberg/issues/798) unique_ptr use is a hack std::unique_ptr eccvm_builder; std::unique_ptr translator_builder; std::unique_ptr translator_prover; std::unique_ptr eccvm_prover; + private: AccumulationOutput accumulator; // Used only for ACIR methods for now public: @@ -191,6 +191,10 @@ class Goblin { goblin_proof.merge_proof = std::move(merge_proof); prove_eccvm(); prove_translator(); + info("proof exported: "); + for (auto& elt : goblin_proof.to_buffer()) { + info(elt); + } return goblin_proof; }; diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index d5d7347229d3..ec50c264b417 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -11,7 +11,7 @@ #include "barretenberg/stdlib/primitives/field/field_conversion.hpp" // #define LOG_CHALLENGES -// #define LOG_INTERACTIONS +#define LOG_INTERACTIONS namespace bb { diff --git a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp index 5607769937d3..829dc403b879 100644 --- a/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/translator_vm/goblin_translator_verifier.cpp @@ -55,9 +55,16 @@ void GoblinTranslatorVerifier::put_translation_data_in_relation_parameters(const */ bool GoblinTranslatorVerifier::verify_proof(const HonkProof& proof) { + info("verifying proof: "); + for (auto& elt : proof) { + info(elt); + } batching_challenge_v = transcript->template get_challenge("Translation:batching_challenge"); transcript->load_proof(proof); - + info("loaded proof proof: "); + for (auto& elt : transcript->proof_data) { + info(elt); + } Flavor::VerifierCommitments commitments{ key }; Flavor::CommitmentLabels commitment_labels;