From aeda006c597e755ecdab9ef521af126fc3687f7b Mon Sep 17 00:00:00 2001 From: lucasxia01 Date: Wed, 4 Jun 2025 10:59:03 +0000 Subject: [PATCH] initial solidity changes to add vk hashing to solidity verifier --- barretenberg/acir_tests/flows/sol_honk.sh | 2 +- barretenberg/cpp/CMakeLists.txt | 2 +- .../dsl/acir_proofs/honk_contract.hpp | 363 ++++++++++++------ .../dsl/acir_proofs/honk_zk_contract.hpp | 38 +- .../barretenberg/honk/utils/honk_key_gen.hpp | 78 ++-- barretenberg/sol/bootstrap.sh | 5 +- barretenberg/sol/scripts/init.sh | 9 - .../sol/src/honk/BaseHonkVerifier.sol | 124 +++--- .../sol/src/honk/BaseZKHonkVerifier.sol | 112 +++--- barretenberg/sol/src/honk/HonkTypes.sol | 55 +-- barretenberg/sol/src/honk/Transcript.sol | 201 ++++++++-- .../src/honk/keys/Add2HonkVerificationKey.sol | 268 +++++++------ .../honk/keys/BlakeHonkVerificationKey.sol | 268 +++++++------ .../honk/keys/EcdsaHonkVerificationKey.sol | 268 +++++++------ barretenberg/sol/src/honk/utils.sol | 4 +- .../src/ultra/instance/Add2UltraVerifier.sol | 16 - .../src/ultra/instance/BlakeUltraVerifier.sol | 16 - .../src/ultra/instance/EcdsaUltraVerifier.sol | 16 - .../ultra/instance/RecursiveUltraVerifier.sol | 16 - .../ultra/keys/Add2UltraVerificationKey.sol | 72 ---- .../ultra/keys/BlakeUltraVerificationKey.sol | 72 ---- .../ultra/keys/EcdsaUltraVerificationKey.sol | 72 ---- .../keys/RecursiveUltraVerificationKey.sol | 72 ---- barretenberg/sol/test/ultra/Add2.t.sol | 40 -- barretenberg/sol/test/ultra/Blake.t.sol | 42 -- barretenberg/sol/test/ultra/ECDSA.t.sol | 49 --- barretenberg/sol/test/ultra/Recursive.t.sol | 40 -- barretenberg/sol/test/ultra/TestBaseUltra.sol | 22 -- 28 files changed, 1120 insertions(+), 1222 deletions(-) delete mode 100755 barretenberg/sol/scripts/init.sh delete mode 100644 barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol delete mode 100644 barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol delete mode 100644 barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol delete mode 100644 barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol delete mode 100644 barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol delete mode 100644 barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol delete mode 100644 barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol delete mode 100644 barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol delete mode 100644 barretenberg/sol/test/ultra/Add2.t.sol delete mode 100644 barretenberg/sol/test/ultra/Blake.t.sol delete mode 100644 barretenberg/sol/test/ultra/ECDSA.t.sol delete mode 100644 barretenberg/sol/test/ultra/Recursive.t.sol delete mode 100644 barretenberg/sol/test/ultra/TestBaseUltra.sol diff --git a/barretenberg/acir_tests/flows/sol_honk.sh b/barretenberg/acir_tests/flows/sol_honk.sh index 7d58daf57a64..e846540089b7 100755 --- a/barretenberg/acir_tests/flows/sol_honk.sh +++ b/barretenberg/acir_tests/flows/sol_honk.sh @@ -8,7 +8,7 @@ PROVE_FLAGS="$FLAGS $BFLAG --oracle_hash keccak --output_format bytes_and_fields VERIFY_FLAGS="$FLAGS --oracle_hash keccak" outdir=$(mktemp -d) -trap "rm -rf $outdir" EXIT +# trap "rm -rf $outdir" EXIT # Export the paths to the environment variables for the js test runner export PUBLIC_INPUTS="$outdir/public_inputs" diff --git a/barretenberg/cpp/CMakeLists.txt b/barretenberg/cpp/CMakeLists.txt index 2c98ed5f0977..06420525cab2 100644 --- a/barretenberg/cpp/CMakeLists.txt +++ b/barretenberg/cpp/CMakeLists.txt @@ -20,7 +20,7 @@ endif(DOXYGEN_FOUND) option(DISABLE_ASM "Disable custom assembly" OFF) option(DISABLE_ADX "Disable ADX assembly variant" OFF) -option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" OFF) +option(DISABLE_AZTEC_VM "Don't build Aztec VM (acceptable if iterating on core proving)" ON) option(MULTITHREADING "Enable multi-threading" ON) option(OMP_MULTITHREADING "Enable OMP multi-threading" OFF) option(FUZZING "Build ONLY fuzzing harnesses" OFF) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp index 316ca131b27e..2e260dc59e65 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp @@ -158,6 +158,7 @@ uint256 constant NUMBER_OF_ENTITIES = 40; uint256 constant NUMBER_UNSHIFTED = 35; uint256 constant NUMBER_TO_BE_SHIFTED = 5; uint256 constant PAIRING_POINTS_SIZE = 16; +uint256 constant VERIFICATION_KEY_LENGTH = 111; // Alphas are used as relation separators so there should be NUMBER_OF_SUBRELATIONS - 1 uint256 constant NUMBER_OF_ALPHAS = 25; @@ -229,37 +230,37 @@ library Honk { uint256 logCircuitSize; uint256 publicInputsSize; // Selectors - G1Point qm; - G1Point qc; - G1Point ql; - G1Point qr; - G1Point qo; - G1Point q4; - G1Point qLookup; // Lookup - G1Point qArith; // Arithmetic widget - G1Point qDeltaRange; // Delta Range sort - G1Point qAux; // Auxillary - G1Point qElliptic; // Auxillary - G1Point qPoseidon2External; - G1Point qPoseidon2Internal; + G1ProofPoint qm; + G1ProofPoint qc; + G1ProofPoint ql; + G1ProofPoint qr; + G1ProofPoint qo; + G1ProofPoint q4; + G1ProofPoint qLookup; // Lookup + G1ProofPoint qArith; // Arithmetic widget + G1ProofPoint qDeltaRange; // Delta Range sort + G1ProofPoint qAux; // Auxillary + G1ProofPoint qElliptic; // Auxillary + G1ProofPoint qPoseidon2External; + G1ProofPoint qPoseidon2Internal; // Copy cnstraints - G1Point s1; - G1Point s2; - G1Point s3; - G1Point s4; + G1ProofPoint s1; + G1ProofPoint s2; + G1ProofPoint s3; + G1ProofPoint s4; // Copy identity - G1Point id1; - G1Point id2; - G1Point id3; - G1Point id4; + G1ProofPoint id1; + G1ProofPoint id2; + G1ProofPoint id3; + G1ProofPoint id4; // Precomputed lookup table - G1Point t1; - G1Point t2; - G1Point t3; - G1Point t4; + G1ProofPoint t1; + G1ProofPoint t2; + G1ProofPoint t3; + G1ProofPoint t4; // Fixed first and last - G1Point lagrangeFirst; - G1Point lagrangeLast; + G1ProofPoint lagrangeFirst; + G1ProofPoint lagrangeLast; } struct RelationParameters { @@ -316,14 +317,14 @@ struct Transcript { } library TranscriptLib { - function generateTranscript(Honk.Proof memory proof, bytes32[] calldata publicInputs, uint256 circuitSize, uint256 publicInputsSize, uint256 pubInputsOffset) + function generateTranscript(Honk.Proof memory proof, bytes32[] calldata publicInputs, Honk.VerificationKey memory vkey) internal pure returns (Transcript memory t) { Fr previousChallenge; (t.relationParameters, previousChallenge) = - generateRelationParametersChallenges(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset, previousChallenge); + generateRelationParametersChallenges(proof, publicInputs, vkey, previousChallenge); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -353,49 +354,184 @@ library TranscriptLib { function generateRelationParametersChallenges( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset, + Honk.VerificationKey memory vkey, Fr previousChallenge ) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) { (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = - generateEtaChallenge(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset); + generateEtaChallenge(proof, publicInputs, vkey); (rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaAndGammaChallenges(previousChallenge, proof); } - function generateEtaChallenge(Honk.Proof memory proof, bytes32[] calldata publicInputs, uint256 circuitSize, uint256 publicInputsSize, uint256 pubInputsOffset) + function generateEtaChallenge(Honk.Proof memory proof, bytes32[] calldata publicInputs, Honk.VerificationKey memory vkey) internal pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { - bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); - round0[0] = bytes32(circuitSize); - round0[1] = bytes32(publicInputsSize); - round0[2] = bytes32(pubInputsOffset); // TODO(https://github.com/AztecProtocol/barretenberg/issues/1331): Consider making publicInputsSize not include pairing point object. - for (uint256 i = 0; i < publicInputsSize - PAIRING_POINTS_SIZE; i++) { - round0[3 + i] = bytes32(publicInputs[i]); + bytes32[] memory round0 = new bytes32[](VERIFICATION_KEY_LENGTH + vkey.publicInputsSize + 12); + round0[0] = bytes32(vkey.circuitSize); + round0[1] = bytes32(vkey.publicInputsSize); + round0[2] = bytes32(uint256(1)); + + round0[3] = bytes32(vkey.qm.x_0); + round0[4] = bytes32(vkey.qm.x_1); + round0[5] = bytes32(vkey.qm.y_0); + round0[6] = bytes32(vkey.qm.y_1); + + round0[7] = bytes32(vkey.qc.x_0); + round0[8] = bytes32(vkey.qc.x_1); + round0[9] = bytes32(vkey.qc.y_0); + round0[10] = bytes32(vkey.qc.y_1); + + round0[11] = bytes32(vkey.ql.x_0); + round0[12] = bytes32(vkey.ql.x_1); + round0[13] = bytes32(vkey.ql.y_0); + round0[14] = bytes32(vkey.ql.y_1); + + round0[15] = bytes32(vkey.qr.x_0); + round0[16] = bytes32(vkey.qr.x_1); + round0[17] = bytes32(vkey.qr.y_0); + round0[18] = bytes32(vkey.qr.y_1); + + round0[19] = bytes32(vkey.qo.x_0); + round0[20] = bytes32(vkey.qo.x_1); + round0[21] = bytes32(vkey.qo.y_0); + round0[22] = bytes32(vkey.qo.y_1); + + round0[23] = bytes32(vkey.q4.x_0); + round0[24] = bytes32(vkey.q4.x_1); + round0[25] = bytes32(vkey.q4.y_0); + round0[26] = bytes32(vkey.q4.y_1); + + round0[27] = bytes32(vkey.qLookup.x_0); + round0[28] = bytes32(vkey.qLookup.x_1); + round0[29] = bytes32(vkey.qLookup.y_0); + round0[30] = bytes32(vkey.qLookup.y_1); + + round0[31] = bytes32(vkey.qArith.x_0); + round0[32] = bytes32(vkey.qArith.x_1); + round0[33] = bytes32(vkey.qArith.y_0); + round0[34] = bytes32(vkey.qArith.y_1); + + round0[35] = bytes32(vkey.qDeltaRange.x_0); + round0[36] = bytes32(vkey.qDeltaRange.x_1); + round0[37] = bytes32(vkey.qDeltaRange.y_0); + round0[38] = bytes32(vkey.qDeltaRange.y_1); + + round0[39] = bytes32(vkey.qAux.x_0); + round0[40] = bytes32(vkey.qAux.x_1); + round0[41] = bytes32(vkey.qAux.y_0); + round0[42] = bytes32(vkey.qAux.y_1); + + round0[43] = bytes32(vkey.qElliptic.x_0); + round0[44] = bytes32(vkey.qElliptic.x_1); + round0[45] = bytes32(vkey.qElliptic.y_0); + round0[46] = bytes32(vkey.qElliptic.y_1); + + round0[47] = bytes32(vkey.qPoseidon2External.x_0); + round0[48] = bytes32(vkey.qPoseidon2External.x_1); + round0[49] = bytes32(vkey.qPoseidon2External.y_0); + round0[50] = bytes32(vkey.qPoseidon2External.y_1); + + round0[51] = bytes32(vkey.qPoseidon2Internal.x_0); + round0[52] = bytes32(vkey.qPoseidon2Internal.x_1); + round0[53] = bytes32(vkey.qPoseidon2Internal.y_0); + round0[54] = bytes32(vkey.qPoseidon2Internal.y_1); + + round0[55] = bytes32(vkey.s1.x_0); + round0[56] = bytes32(vkey.s1.x_1); + round0[57] = bytes32(vkey.s1.y_0); + round0[58] = bytes32(vkey.s1.y_1); + + round0[59] = bytes32(vkey.s2.x_0); + round0[60] = bytes32(vkey.s2.x_1); + round0[61] = bytes32(vkey.s2.y_0); + round0[62] = bytes32(vkey.s2.y_1); + + round0[63] = bytes32(vkey.s3.x_0); + round0[64] = bytes32(vkey.s3.x_1); + round0[65] = bytes32(vkey.s3.y_0); + round0[66] = bytes32(vkey.s3.y_1); + + round0[67] = bytes32(vkey.s4.x_0); + round0[68] = bytes32(vkey.s4.x_1); + round0[69] = bytes32(vkey.s4.y_0); + round0[70] = bytes32(vkey.s4.y_1); + + round0[71] = bytes32(vkey.id1.x_0); + round0[72] = bytes32(vkey.id1.x_1); + round0[73] = bytes32(vkey.id1.y_0); + round0[74] = bytes32(vkey.id1.y_1); + + round0[75] = bytes32(vkey.id2.x_0); + round0[76] = bytes32(vkey.id2.x_1); + round0[77] = bytes32(vkey.id2.y_0); + round0[78] = bytes32(vkey.id2.y_1); + + round0[79] = bytes32(vkey.id3.x_0); + round0[80] = bytes32(vkey.id3.x_1); + round0[81] = bytes32(vkey.id3.y_0); + round0[82] = bytes32(vkey.id3.y_1); + + round0[83] = bytes32(vkey.id4.x_0); + round0[84] = bytes32(vkey.id4.x_1); + round0[85] = bytes32(vkey.id4.y_0); + round0[86] = bytes32(vkey.id4.y_1); + + round0[87] = bytes32(vkey.t1.x_0); + round0[88] = bytes32(vkey.t1.x_1); + round0[89] = bytes32(vkey.t1.y_0); + round0[90] = bytes32(vkey.t1.y_1); + + round0[91] = bytes32(vkey.t2.x_0); + round0[92] = bytes32(vkey.t2.x_1); + round0[93] = bytes32(vkey.t2.y_0); + round0[94] = bytes32(vkey.t2.y_1); + + round0[95] = bytes32(vkey.t3.x_0); + round0[96] = bytes32(vkey.t3.x_1); + round0[97] = bytes32(vkey.t3.y_0); + round0[98] = bytes32(vkey.t3.y_1); + + round0[99] = bytes32(vkey.t4.x_0); + round0[100] = bytes32(vkey.t4.x_1); + round0[101] = bytes32(vkey.t4.y_0); + round0[102] = bytes32(vkey.t4.y_1); + + round0[103] = bytes32(vkey.lagrangeFirst.x_0); + round0[104] = bytes32(vkey.lagrangeFirst.x_1); + round0[105] = bytes32(vkey.lagrangeFirst.y_0); + round0[106] = bytes32(vkey.lagrangeFirst.y_1); + + round0[107] = bytes32(vkey.lagrangeLast.x_0); + round0[108] = bytes32(vkey.lagrangeLast.x_1); + round0[109] = bytes32(vkey.lagrangeLast.y_0); + round0[110] = bytes32(vkey.lagrangeLast.y_1); + + for (uint256 i = 0; i < vkey.publicInputsSize - PAIRING_POINTS_SIZE; i++) { + round0[VERIFICATION_KEY_LENGTH + i] = bytes32(publicInputs[i]); } + uint256 idx = VERIFICATION_KEY_LENGTH + vkey.publicInputsSize; for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { - round0[3 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); + round0[idx - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); } // Create the first challenge // Note: w4 is added to the challenge later on - round0[3 + publicInputsSize] = bytes32(proof.w1.x_0); - round0[3 + publicInputsSize + 1] = bytes32(proof.w1.x_1); - round0[3 + publicInputsSize + 2] = bytes32(proof.w1.y_0); - round0[3 + publicInputsSize + 3] = bytes32(proof.w1.y_1); - round0[3 + publicInputsSize + 4] = bytes32(proof.w2.x_0); - round0[3 + publicInputsSize + 5] = bytes32(proof.w2.x_1); - round0[3 + publicInputsSize + 6] = bytes32(proof.w2.y_0); - round0[3 + publicInputsSize + 7] = bytes32(proof.w2.y_1); - round0[3 + publicInputsSize + 8] = bytes32(proof.w3.x_0); - round0[3 + publicInputsSize + 9] = bytes32(proof.w3.x_1); - round0[3 + publicInputsSize + 10] = bytes32(proof.w3.y_0); - round0[3 + publicInputsSize + 11] = bytes32(proof.w3.y_1); + round0[idx] = bytes32(proof.w1.x_0); + round0[idx + 1] = bytes32(proof.w1.x_1); + round0[idx + 2] = bytes32(proof.w1.y_0); + round0[idx + 3] = bytes32(proof.w1.y_1); + round0[idx + 4] = bytes32(proof.w2.x_0); + round0[idx + 5] = bytes32(proof.w2.x_1); + round0[idx + 6] = bytes32(proof.w2.y_0); + round0[idx + 7] = bytes32(proof.w2.y_1); + round0[idx + 8] = bytes32(proof.w3.x_0); + round0[idx + 9] = bytes32(proof.w3.x_1); + round0[idx + 10] = bytes32(proof.w3.y_0); + round0[idx + 11] = bytes32(proof.w3.y_1); previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0))); (eta, etaTwo) = splitChallenge(previousChallenge); @@ -636,7 +772,7 @@ function bytesToFr(bytes calldata proofSection) pure returns (Fr scalar) { } // EC Point utilities -function convertProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory) { +function convertFromProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory) { return Honk.G1Point({x: input.x_0 | (input.x_1 << 136), y: input.y_0 | (input.y_1 << 136)}); } @@ -1452,44 +1588,49 @@ abstract contract BaseHonkVerifier is IVerifier { function loadVerificationKey() internal pure virtual returns (Honk.VerificationKey memory); - function verify(bytes calldata proof, bytes32[] calldata publicInputs) public view override returns (bool) { - // Check the received proof is the expected size where each field element is 32 bytes - if (proof.length != PROOF_SIZE * 32) { +function verify(bytes calldata proofBytes, bytes32[] calldata publicInputs) public view override returns (bool) { + // Check the received proofBytes is the expected size where each field element is 32 bytes + if (proofBytes.length != PROOF_SIZE * 32) { revert ProofLengthWrong(); } Honk.VerificationKey memory vk = loadVerificationKey(); - Honk.Proof memory p = TranscriptLib.loadProof(proof); - + Honk.Proof memory proof = TranscriptLib.loadProof(proofBytes); if (publicInputs.length != vk.publicInputsSize - PAIRING_POINTS_SIZE) { revert PublicInputsLengthWrong(); } // Generate the fiat shamir challenges for the whole protocol // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. - Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, vk.circuitSize, vk.publicInputsSize, /*pubInputsOffset=*/1); + Transcript memory t = TranscriptLib.generateTranscript(proof, publicInputs, vk); // Derive public input delta // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. t.relationParameters.publicInputsDelta = computePublicInputDelta( - publicInputs, p.pairingPointObject, t.relationParameters.beta, t.relationParameters.gamma, /*pubInputsOffset=*/1 + publicInputs, + proof.pairingPointObject, + t.relationParameters.beta, + t.relationParameters.gamma, /*pubInputsOffset=*/ + 1 ); // Sumcheck - bool sumcheckVerified = verifySumcheck(p, t); + bool sumcheckVerified = verifySumcheck(proof, t); if (!sumcheckVerified) revert SumcheckFailed(); - bool shpleminiVerified = verifyShplemini(p, vk, t); + bool shpleminiVerified = verifyShplemini(proof, vk, t); if (!shpleminiVerified) revert ShpleminiFailed(); return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) } - function computePublicInputDelta(bytes32[] memory publicInputs, Fr[PAIRING_POINTS_SIZE] memory pairingPointObject, Fr beta, Fr gamma, uint256 offset) - internal - view - returns (Fr publicInputDelta) - { + function computePublicInputDelta( + bytes32[] memory publicInputs, + Fr[PAIRING_POINTS_SIZE] memory pairingPointObject, + Fr beta, + Fr gamma, + uint256 offset + ) internal view returns (Fr publicInputDelta) { Fr numerator = Fr.wrap(1); Fr denominator = Fr.wrap(1); @@ -1632,7 +1773,7 @@ abstract contract BaseHonkVerifier is IVerifier { tp.geminiR.invert() * (mem.posInvertedDenominator - (tp.shplonkNu * mem.negInvertedDenominator)); scalars[0] = Fr.wrap(1); - commitments[0] = convertProofPoint(proof.shplonkQ); + commitments[0] = convertFromProofPoint(proof.shplonkQ); mem.batchingChallenge = Fr.wrap(1); mem.batchedEvaluation = Fr.wrap(0); @@ -1649,50 +1790,50 @@ abstract contract BaseHonkVerifier is IVerifier { mem.batchingChallenge = mem.batchingChallenge * tp.rho; } - commitments[1] = vk.qm; - commitments[2] = vk.qc; - commitments[3] = vk.ql; - commitments[4] = vk.qr; - commitments[5] = vk.qo; - commitments[6] = vk.q4; - commitments[7] = vk.qLookup; - commitments[8] = vk.qArith; - commitments[9] = vk.qDeltaRange; - commitments[10] = vk.qElliptic; - commitments[11] = vk.qAux; - commitments[12] = vk.qPoseidon2External; - commitments[13] = vk.qPoseidon2Internal; - commitments[14] = vk.s1; - commitments[15] = vk.s2; - commitments[16] = vk.s3; - commitments[17] = vk.s4; - commitments[18] = vk.id1; - commitments[19] = vk.id2; - commitments[20] = vk.id3; - commitments[21] = vk.id4; - commitments[22] = vk.t1; - commitments[23] = vk.t2; - commitments[24] = vk.t3; - commitments[25] = vk.t4; - commitments[26] = vk.lagrangeFirst; - commitments[27] = vk.lagrangeLast; + commitments[1] = convertFromProofPoint(vk.qm); + commitments[2] = convertFromProofPoint(vk.qc); + commitments[3] = convertFromProofPoint(vk.ql); + commitments[4] = convertFromProofPoint(vk.qr); + commitments[5] = convertFromProofPoint(vk.qo); + commitments[6] = convertFromProofPoint(vk.q4); + commitments[7] = convertFromProofPoint(vk.qLookup); + commitments[8] = convertFromProofPoint(vk.qArith); + commitments[9] = convertFromProofPoint(vk.qDeltaRange); + commitments[10] = convertFromProofPoint(vk.qElliptic); + commitments[11] = convertFromProofPoint(vk.qAux); + commitments[12] = convertFromProofPoint(vk.qPoseidon2External); + commitments[13] = convertFromProofPoint(vk.qPoseidon2Internal); + commitments[14] = convertFromProofPoint(vk.s1); + commitments[15] = convertFromProofPoint(vk.s2); + commitments[16] = convertFromProofPoint(vk.s3); + commitments[17] = convertFromProofPoint(vk.s4); + commitments[18] = convertFromProofPoint(vk.id1); + commitments[19] = convertFromProofPoint(vk.id2); + commitments[20] = convertFromProofPoint(vk.id3); + commitments[21] = convertFromProofPoint(vk.id4); + commitments[22] = convertFromProofPoint(vk.t1); + commitments[23] = convertFromProofPoint(vk.t2); + commitments[24] = convertFromProofPoint(vk.t3); + commitments[25] = convertFromProofPoint(vk.t4); + commitments[26] = convertFromProofPoint(vk.lagrangeFirst); + commitments[27] = convertFromProofPoint(vk.lagrangeLast); // Accumulate proof points - commitments[28] = convertProofPoint(proof.w1); - commitments[29] = convertProofPoint(proof.w2); - commitments[30] = convertProofPoint(proof.w3); - commitments[31] = convertProofPoint(proof.w4); - commitments[32] = convertProofPoint(proof.zPerm); - commitments[33] = convertProofPoint(proof.lookupInverses); - commitments[34] = convertProofPoint(proof.lookupReadCounts); - commitments[35] = convertProofPoint(proof.lookupReadTags); + commitments[28] = convertFromProofPoint(proof.w1); + commitments[29] = convertFromProofPoint(proof.w2); + commitments[30] = convertFromProofPoint(proof.w3); + commitments[31] = convertFromProofPoint(proof.w4); + commitments[32] = convertFromProofPoint(proof.zPerm); + commitments[33] = convertFromProofPoint(proof.lookupInverses); + commitments[34] = convertFromProofPoint(proof.lookupReadCounts); + commitments[35] = convertFromProofPoint(proof.lookupReadTags); // to be Shifted - commitments[36] = convertProofPoint(proof.w1); - commitments[37] = convertProofPoint(proof.w2); - commitments[38] = convertProofPoint(proof.w3); - commitments[39] = convertProofPoint(proof.w4); - commitments[40] = convertProofPoint(proof.zPerm); + commitments[36] = convertFromProofPoint(proof.w1); + commitments[37] = convertFromProofPoint(proof.w2); + commitments[38] = convertFromProofPoint(proof.w3); + commitments[39] = convertFromProofPoint(proof.w4); + commitments[40] = convertFromProofPoint(proof.zPerm); // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: // Compute the evaluations A_l(r^{2^l}) for l = 0, ..., logN - 1 @@ -1735,14 +1876,14 @@ abstract contract BaseHonkVerifier is IVerifier { mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu * tp.shplonkNu; } - commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldComms[i]); + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertFromProofPoint(proof.geminiFoldComms[i]); } // Finalise the batch opening claim commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = mem.constantTermAccumulator; - Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + Honk.G1Point memory quotient_commitment = convertFromProofPoint(proof.kzgQuotient); commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = tp.shplonkZ; // evaluation challenge diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp index bfd68cc4a221..338ddf7bebcc 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp @@ -710,7 +710,7 @@ function bytesToFr(bytes calldata proofSection) pure returns (Fr scalar) { } // EC Point utilities -function convertProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory) { +function convertFromProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory) { return Honk.G1Point({x: input.x_0 | (input.x_1 << 136), y: input.y_0 | (input.y_1 << 136)}); } @@ -1689,7 +1689,7 @@ interface IVerifier { tp.geminiR.invert() * (mem.posInvertedDenominator - (tp.shplonkNu * mem.negInvertedDenominator)); scalars[0] = ONE; - commitments[0] = convertProofPoint(proof.shplonkQ); + commitments[0] = convertFromProofPoint(proof.shplonkQ); mem.batchedEvaluation = proof.geminiMaskingEval; mem.batchingChallenge = tp.rho; @@ -1706,7 +1706,7 @@ interface IVerifier { mem.batchingChallenge = mem.batchingChallenge * tp.rho; } - commitments[1] = convertProofPoint(proof.geminiMaskingPoly); + commitments[1] = convertFromProofPoint(proof.geminiMaskingPoly); commitments[2] = vk.qm; commitments[3] = vk.qc; @@ -1737,21 +1737,21 @@ interface IVerifier { commitments[28] = vk.lagrangeLast; // Accumulate proof points - commitments[29] = convertProofPoint(proof.w1); - commitments[30] = convertProofPoint(proof.w2); - commitments[31] = convertProofPoint(proof.w3); - commitments[32] = convertProofPoint(proof.w4); - commitments[33] = convertProofPoint(proof.zPerm); - commitments[34] = convertProofPoint(proof.lookupInverses); - commitments[35] = convertProofPoint(proof.lookupReadCounts); - commitments[36] = convertProofPoint(proof.lookupReadTags); + commitments[29] = convertFromProofPoint(proof.w1); + commitments[30] = convertFromProofPoint(proof.w2); + commitments[31] = convertFromProofPoint(proof.w3); + commitments[32] = convertFromProofPoint(proof.w4); + commitments[33] = convertFromProofPoint(proof.zPerm); + commitments[34] = convertFromProofPoint(proof.lookupInverses); + commitments[35] = convertFromProofPoint(proof.lookupReadCounts); + commitments[36] = convertFromProofPoint(proof.lookupReadTags); // to be Shifted - commitments[37] = convertProofPoint(proof.w1); - commitments[38] = convertProofPoint(proof.w2); - commitments[39] = convertProofPoint(proof.w3); - commitments[40] = convertProofPoint(proof.w4); - commitments[41] = convertProofPoint(proof.zPerm); + commitments[37] = convertFromProofPoint(proof.w1); + commitments[38] = convertFromProofPoint(proof.w2); + commitments[39] = convertFromProofPoint(proof.w3); + commitments[40] = convertFromProofPoint(proof.w4); + commitments[41] = convertFromProofPoint(proof.zPerm); // Add contributions from A₀(r) and A₀(-r) to constant_term_accumulator: @@ -1795,7 +1795,7 @@ interface IVerifier { // Update the running power of v mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu * tp.shplonkNu; - commitments[boundary + i] = convertProofPoint(proof.geminiFoldComms[i]); + commitments[boundary + i] = convertFromProofPoint(proof.geminiFoldComms[i]); } boundary += CONST_PROOF_SIZE_LOG_N - 1; @@ -1820,7 +1820,7 @@ interface IVerifier { scalars[boundary + 2] = mem.batchingScalars[3]; for (uint256 i = 0; i < 3; i++) { - commitments[boundary++] = convertProofPoint(proof.libraCommitments[i]); + commitments[boundary++] = convertFromProofPoint(proof.libraCommitments[i]); } commitments[boundary] = Honk.G1Point({x: 1, y: 2}); @@ -1829,7 +1829,7 @@ interface IVerifier { if (! checkEvalsConsistency(proof.libraPolyEvals, tp.geminiR, tp.sumCheckUChallenges, proof.libraEvaluation)) { revert ConsistencyCheckFailed(); } - Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + Honk.G1Point memory quotient_commitment = convertFromProofPoint(proof.kzgQuotient); commitments[boundary] = quotient_commitment; scalars[boundary] = tp.shplonkZ; // evaluation challenge diff --git a/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp b/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp index 424101545e6d..d1608c7cf1ce 100644 --- a/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp @@ -16,6 +16,8 @@ * @param include_types_import - include a "HonkTypes" import, only required for local tests, not with the bundled *contract from bb contract_honk **/ +#include "barretenberg/ecc/fields/field_conversion.hpp" +#include inline void output_vk_sol_ultra_honk(std::ostream& os, auto const& key, std::string const& class_name, @@ -30,14 +32,23 @@ inline void output_vk_sol_ultra_honk(std::ostream& os, os << " " << name << ": uint256(" << element << ")," << std::endl; }; - const auto print_g1 = [&](const auto& element, const std::string& name, const bool last = false) { - os << " " << name << ": Honk.G1Point({ \n" + const auto print_g1_proof_point = [&](const auto& element, const std::string& name, const bool last = false) { + // split element.x into x_0 and x_1 and element.y into y_0 and y_1 + std::vector xs = bb::field_conversion::convert_grumpkin_fr_to_bn254_frs(element.x); + std::vector ys = bb::field_conversion::convert_grumpkin_fr_to_bn254_frs(element.y); + os << " " << name << ": Honk.G1ProofPoint({ \n" << " " - << "x: " - << "uint256(" << element.x << "),\n" + << "x_0: " + << "uint256(" << xs[0] << "),\n" << " " - << "y: " - << "uint256(" << element.y << ")\n" + << "x_1: " + << "uint256(" << xs[1] << "),\n" + << " " + << "y_0: " + << "uint256(" << ys[0] << "),\n" + << " " + << "y_1: " + << "uint256(" << ys[1] << ")\n" << " })"; // only include comma if we are not the last element @@ -74,34 +85,33 @@ inline void output_vk_sol_ultra_honk(std::ostream& os, print_u256(key->circuit_size, "circuitSize"); print_u256(key->log_circuit_size, "logCircuitSize"); print_u256(key->num_public_inputs, "publicInputsSize"); - print_g1(key->q_l, "ql"); - print_g1(key->q_r, "qr"); - print_g1(key->q_o, "qo"); - print_g1(key->q_4, "q4"); - print_g1(key->q_m, "qm"); - print_g1(key->q_c, "qc"); - print_g1(key->q_arith, "qArith"); - print_g1(key->q_delta_range, "qDeltaRange"); - print_g1(key->q_elliptic, "qElliptic"); - print_g1(key->q_aux, "qAux"); - print_g1(key->q_lookup, "qLookup"); - print_g1(key->q_poseidon2_external, "qPoseidon2External"); - print_g1(key->q_poseidon2_internal, "qPoseidon2Internal"); - print_g1(key->sigma_1, "s1"); - print_g1(key->sigma_2, "s2"); - print_g1(key->sigma_3, "s3"); - print_g1(key->sigma_4, "s4"); - print_g1(key->table_1, "t1"); - print_g1(key->table_2, "t2"); - print_g1(key->table_3, "t3"); - print_g1(key->table_4, "t4"); - // print_g1("0x500", "0x520", key->table, "vk.TABLE_TYPE"); - print_g1(key->id_1, "id1"); - print_g1(key->id_2, "id2"); - print_g1(key->id_3, "id3"); - print_g1(key->id_4, "id4"); - print_g1(key->lagrange_first, "lagrangeFirst"); - print_g1(key->lagrange_last, "lagrangeLast", /*last=*/ true); + print_g1_proof_point(key->q_l, "ql"); + print_g1_proof_point(key->q_r, "qr"); + print_g1_proof_point(key->q_o, "qo"); + print_g1_proof_point(key->q_4, "q4"); + print_g1_proof_point(key->q_m, "qm"); + print_g1_proof_point(key->q_c, "qc"); + print_g1_proof_point(key->q_arith, "qArith"); + print_g1_proof_point(key->q_delta_range, "qDeltaRange"); + print_g1_proof_point(key->q_elliptic, "qElliptic"); + print_g1_proof_point(key->q_aux, "qAux"); + print_g1_proof_point(key->q_lookup, "qLookup"); + print_g1_proof_point(key->q_poseidon2_external, "qPoseidon2External"); + print_g1_proof_point(key->q_poseidon2_internal, "qPoseidon2Internal"); + print_g1_proof_point(key->sigma_1, "s1"); + print_g1_proof_point(key->sigma_2, "s2"); + print_g1_proof_point(key->sigma_3, "s3"); + print_g1_proof_point(key->sigma_4, "s4"); + print_g1_proof_point(key->table_1, "t1"); + print_g1_proof_point(key->table_2, "t2"); + print_g1_proof_point(key->table_3, "t3"); + print_g1_proof_point(key->table_4, "t4"); + print_g1_proof_point(key->id_1, "id1"); + print_g1_proof_point(key->id_2, "id2"); + print_g1_proof_point(key->id_3, "id3"); + print_g1_proof_point(key->id_4, "id4"); + print_g1_proof_point(key->lagrange_first, "lagrangeFirst"); + print_g1_proof_point(key->lagrange_last, "lagrangeLast", /*last=*/ true); os << " });\n" " return vk;\n" diff --git a/barretenberg/sol/bootstrap.sh b/barretenberg/sol/bootstrap.sh index 9b22983eeda4..8ccda8607877 100755 --- a/barretenberg/sol/bootstrap.sh +++ b/barretenberg/sol/bootstrap.sh @@ -3,16 +3,13 @@ rm -rf broadcast cache out forge install -cd ../../sol - echo "Building c++ binaries..." cd ../cpp -cmake --build --preset clang16 --parallel --target solidity_key_gen solidity_proof_gen honk_solidity_proof_gen honk_solidity_key_gen +cmake --build --preset clang16 --parallel --target honk_solidity_proof_gen honk_solidity_key_gen cd ../sol # Keys of non-zk and zk verifier should be the same echo "Generating verification keys..." -./scripts/init.sh ./scripts/init_honk.sh echo "Formatting code..." diff --git a/barretenberg/sol/scripts/init.sh b/barretenberg/sol/scripts/init.sh deleted file mode 100755 index ed8e3fd9341b..000000000000 --- a/barretenberg/sol/scripts/init.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -SRS_PATH="$HOME/.bb-crs" -OUTPUT_PATH="./src/ultra" - -../cpp/build/bin/solidity_key_gen add2 $OUTPUT_PATH $SRS_PATH -../cpp/build/bin/solidity_key_gen blake $OUTPUT_PATH $SRS_PATH -../cpp/build/bin/solidity_key_gen ecdsa $OUTPUT_PATH $SRS_PATH -../cpp/build/bin/solidity_key_gen recursive $OUTPUT_PATH $SRS_PATH diff --git a/barretenberg/sol/src/honk/BaseHonkVerifier.sol b/barretenberg/sol/src/honk/BaseHonkVerifier.sol index 7fc34c20c2d6..82b4c5f75209 100644 --- a/barretenberg/sol/src/honk/BaseHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseHonkVerifier.sol @@ -14,10 +14,10 @@ import { CONST_PROOF_SIZE_LOG_N } from "./HonkTypes.sol"; -import {negateInplace, convertProofPoint, pairing} from "./utils.sol"; +import {negateInplace, convertFromProofPoint, pairing} from "./utils.sol"; // Field arithmetic libraries - prevent littering the code with modmul / addmul -import {MODULUS as P, MINUS_ONE, ONE, ZERO, Fr, FrLib} from "./Fr.sol"; +import {MINUS_ONE, ONE, ZERO, Fr, FrLib} from "./Fr.sol"; import {Transcript, TranscriptLib} from "./Transcript.sol"; @@ -50,45 +50,49 @@ abstract contract BaseHonkVerifier is IVerifier { function loadVerificationKey() internal pure virtual returns (Honk.VerificationKey memory); - function verify(bytes calldata proof, bytes32[] calldata publicInputs) public view override returns (bool) { - // Check the received proof is the expected size where each field element is 32 bytes - if (proof.length != PROOF_SIZE * 32) { + function verify(bytes calldata proofBytes, bytes32[] calldata publicInputs) public view override returns (bool) { + // Check the received proofBytes is the expected size where each field element is 32 bytes + if (proofBytes.length != PROOF_SIZE * 32) { revert ProofLengthWrong(); } Honk.VerificationKey memory vk = loadVerificationKey(); - Honk.Proof memory p = TranscriptLib.loadProof(proof); + Honk.Proof memory proof = TranscriptLib.loadProof(proofBytes); if (publicInputs.length != vk.publicInputsSize - PAIRING_POINTS_SIZE) { revert PublicInputsLengthWrong(); } // Generate the fiat shamir challenges for the whole protocol // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. - Transcript memory t = - TranscriptLib.generateTranscript(p, publicInputs, vk.circuitSize, numPublicInputs, /*pubInputsOffset=*/ 1); + Transcript memory t = TranscriptLib.generateTranscript(proof, publicInputs, vk); // Derive public input delta // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. t.relationParameters.publicInputsDelta = computePublicInputDelta( - publicInputs, p.pairingPointObject, t.relationParameters.beta, t.relationParameters.gamma, /*pubInputsOffset=*/ 1 + publicInputs, + proof.pairingPointObject, + t.relationParameters.beta, + t.relationParameters.gamma, /*pubInputsOffset=*/ + 1 ); // Sumcheck - bool sumcheckVerified = verifySumcheck(p, t); + bool sumcheckVerified = verifySumcheck(proof, t); if (!sumcheckVerified) revert SumcheckFailed(); - - bool shpleminiVerified = verifyShplemini(p, vk, t); + bool shpleminiVerified = verifyShplemini(proof, vk, t); if (!shpleminiVerified) revert ShpleminiFailed(); return sumcheckVerified && shpleminiVerified; // Boolean condition not required - nice for vanity :) } - function computePublicInputDelta(bytes32[] memory publicInputs, Fr[PAIRING_POINTS_SIZE] memory pairingPointObject, Fr beta, Fr gamma, uint256 offset) - internal - view - returns (Fr publicInputDelta) - { + function computePublicInputDelta( + bytes32[] memory publicInputs, + Fr[PAIRING_POINTS_SIZE] memory pairingPointObject, + Fr beta, + Fr gamma, + uint256 offset + ) internal view returns (Fr publicInputDelta) { Fr numerator = ONE; Fr denominator = ONE; @@ -232,7 +236,7 @@ abstract contract BaseHonkVerifier is IVerifier { tp.geminiR.invert() * (mem.posInvertedDenominator - (tp.shplonkNu * mem.negInvertedDenominator)); scalars[0] = ONE; - commitments[0] = convertProofPoint(proof.shplonkQ); + commitments[0] = convertFromProofPoint(proof.shplonkQ); /* Batch multivariate opening claims, shifted and unshifted * The vector of scalars is populated as follows: @@ -276,50 +280,50 @@ abstract contract BaseHonkVerifier is IVerifier { mem.batchingChallenge = mem.batchingChallenge * tp.rho; } - commitments[1] = vk.qm; - commitments[2] = vk.qc; - commitments[3] = vk.ql; - commitments[4] = vk.qr; - commitments[5] = vk.qo; - commitments[6] = vk.q4; - commitments[7] = vk.qLookup; - commitments[8] = vk.qArith; - commitments[9] = vk.qDeltaRange; - commitments[10] = vk.qElliptic; - commitments[11] = vk.qAux; - commitments[12] = vk.qPoseidon2External; - commitments[13] = vk.qPoseidon2Internal; - commitments[14] = vk.s1; - commitments[15] = vk.s2; - commitments[16] = vk.s3; - commitments[17] = vk.s4; - commitments[18] = vk.id1; - commitments[19] = vk.id2; - commitments[20] = vk.id3; - commitments[21] = vk.id4; - commitments[22] = vk.t1; - commitments[23] = vk.t2; - commitments[24] = vk.t3; - commitments[25] = vk.t4; - commitments[26] = vk.lagrangeFirst; - commitments[27] = vk.lagrangeLast; + commitments[1] = convertFromProofPoint(vk.qm); + commitments[2] = convertFromProofPoint(vk.qc); + commitments[3] = convertFromProofPoint(vk.ql); + commitments[4] = convertFromProofPoint(vk.qr); + commitments[5] = convertFromProofPoint(vk.qo); + commitments[6] = convertFromProofPoint(vk.q4); + commitments[7] = convertFromProofPoint(vk.qLookup); + commitments[8] = convertFromProofPoint(vk.qArith); + commitments[9] = convertFromProofPoint(vk.qDeltaRange); + commitments[10] = convertFromProofPoint(vk.qElliptic); + commitments[11] = convertFromProofPoint(vk.qAux); + commitments[12] = convertFromProofPoint(vk.qPoseidon2External); + commitments[13] = convertFromProofPoint(vk.qPoseidon2Internal); + commitments[14] = convertFromProofPoint(vk.s1); + commitments[15] = convertFromProofPoint(vk.s2); + commitments[16] = convertFromProofPoint(vk.s3); + commitments[17] = convertFromProofPoint(vk.s4); + commitments[18] = convertFromProofPoint(vk.id1); + commitments[19] = convertFromProofPoint(vk.id2); + commitments[20] = convertFromProofPoint(vk.id3); + commitments[21] = convertFromProofPoint(vk.id4); + commitments[22] = convertFromProofPoint(vk.t1); + commitments[23] = convertFromProofPoint(vk.t2); + commitments[24] = convertFromProofPoint(vk.t3); + commitments[25] = convertFromProofPoint(vk.t4); + commitments[26] = convertFromProofPoint(vk.lagrangeFirst); + commitments[27] = convertFromProofPoint(vk.lagrangeLast); // Accumulate proof points - commitments[28] = convertProofPoint(proof.w1); - commitments[29] = convertProofPoint(proof.w2); - commitments[30] = convertProofPoint(proof.w3); - commitments[31] = convertProofPoint(proof.w4); - commitments[32] = convertProofPoint(proof.zPerm); - commitments[33] = convertProofPoint(proof.lookupInverses); - commitments[34] = convertProofPoint(proof.lookupReadCounts); - commitments[35] = convertProofPoint(proof.lookupReadTags); + commitments[28] = convertFromProofPoint(proof.w1); + commitments[29] = convertFromProofPoint(proof.w2); + commitments[30] = convertFromProofPoint(proof.w3); + commitments[31] = convertFromProofPoint(proof.w4); + commitments[32] = convertFromProofPoint(proof.zPerm); + commitments[33] = convertFromProofPoint(proof.lookupInverses); + commitments[34] = convertFromProofPoint(proof.lookupReadCounts); + commitments[35] = convertFromProofPoint(proof.lookupReadTags); // to be Shifted - commitments[36] = convertProofPoint(proof.w1); - commitments[37] = convertProofPoint(proof.w2); - commitments[38] = convertProofPoint(proof.w3); - commitments[39] = convertProofPoint(proof.w4); - commitments[40] = convertProofPoint(proof.zPerm); + commitments[36] = convertFromProofPoint(proof.w1); + commitments[37] = convertFromProofPoint(proof.w2); + commitments[38] = convertFromProofPoint(proof.w3); + commitments[39] = convertFromProofPoint(proof.w4); + commitments[40] = convertFromProofPoint(proof.zPerm); /* Batch gemini claims from the prover * place the commitments to gemini aᵢ to the vector of commitments, compute the contributions from @@ -385,14 +389,14 @@ abstract contract BaseHonkVerifier is IVerifier { mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu * tp.shplonkNu; } - commitments[NUMBER_OF_ENTITIES + 1 + i] = convertProofPoint(proof.geminiFoldComms[i]); + commitments[NUMBER_OF_ENTITIES + 1 + i] = convertFromProofPoint(proof.geminiFoldComms[i]); } // Finalise the batch opening claim commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = Honk.G1Point({x: 1, y: 2}); scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N] = mem.constantTermAccumulator; - Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + Honk.G1Point memory quotient_commitment = convertFromProofPoint(proof.kzgQuotient); commitments[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = quotient_commitment; scalars[NUMBER_OF_ENTITIES + CONST_PROOF_SIZE_LOG_N + 1] = tp.shplonkZ; // evaluation challenge diff --git a/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol b/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol index e63f9190f6d8..f1fbefcd97da 100644 --- a/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol @@ -14,7 +14,7 @@ import { CONST_PROOF_SIZE_LOG_N } from "./HonkTypes.sol"; -import {negateInplace, convertProofPoint, pairing} from "./utils.sol"; +import {negateInplace, convertFromProofPoint, pairing} from "./utils.sol"; // Field arithmetic libraries - prevent littering the code with modmul / addmul import { @@ -80,7 +80,11 @@ abstract contract BaseZKHonkVerifier is IVerifier { // Derive public input delta // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. t.relationParameters.publicInputsDelta = computePublicInputDelta( - publicInputs, p.pairingPointObject, t.relationParameters.beta, t.relationParameters.gamma, /*pubInputsOffset=*/ 1 + publicInputs, + p.pairingPointObject, + t.relationParameters.beta, + t.relationParameters.gamma, /*pubInputsOffset=*/ + 1 ); // Sumcheck @@ -91,11 +95,13 @@ abstract contract BaseZKHonkVerifier is IVerifier { verified = true; } - function computePublicInputDelta(bytes32[] memory publicInputs, Fr[PAIRING_POINTS_SIZE] memory pairingPointObject, Fr beta, Fr gamma, uint256 offset) - internal - view - returns (Fr publicInputDelta) - { + function computePublicInputDelta( + bytes32[] memory publicInputs, + Fr[PAIRING_POINTS_SIZE] memory pairingPointObject, + Fr beta, + Fr gamma, + uint256 offset + ) internal view returns (Fr publicInputDelta) { Fr numerator = Fr.wrap(1); Fr denominator = Fr.wrap(1); @@ -229,7 +235,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { tp.geminiR.invert() * (mem.posInvertedDenominator - (tp.shplonkNu * mem.negInvertedDenominator)); scalars[0] = Fr.wrap(1); - commitments[0] = convertProofPoint(proof.shplonkQ); + commitments[0] = convertFromProofPoint(proof.shplonkQ); /* Batch multivariate opening claims, shifted and unshifted * The vector of scalars is populated as follows: @@ -273,52 +279,52 @@ abstract contract BaseZKHonkVerifier is IVerifier { mem.batchingChallenge = mem.batchingChallenge * tp.rho; } - commitments[1] = convertProofPoint(proof.geminiMaskingPoly); - - commitments[2] = vk.qm; - commitments[3] = vk.qc; - commitments[4] = vk.ql; - commitments[5] = vk.qr; - commitments[6] = vk.qo; - commitments[7] = vk.q4; - commitments[8] = vk.qLookup; - commitments[9] = vk.qArith; - commitments[10] = vk.qDeltaRange; - commitments[11] = vk.qElliptic; - commitments[12] = vk.qAux; - commitments[13] = vk.qPoseidon2External; - commitments[14] = vk.qPoseidon2Internal; - commitments[15] = vk.s1; - commitments[16] = vk.s2; - commitments[17] = vk.s3; - commitments[18] = vk.s4; - commitments[19] = vk.id1; - commitments[20] = vk.id2; - commitments[21] = vk.id3; - commitments[22] = vk.id4; - commitments[23] = vk.t1; - commitments[24] = vk.t2; - commitments[25] = vk.t3; - commitments[26] = vk.t4; - commitments[27] = vk.lagrangeFirst; - commitments[28] = vk.lagrangeLast; + commitments[1] = convertFromProofPoint(proof.geminiMaskingPoly); + + commitments[2] = convertFromProofPoint(vk.qm); + commitments[3] = convertFromProofPoint(vk.qc); + commitments[4] = convertFromProofPoint(vk.ql); + commitments[5] = convertFromProofPoint(vk.qr); + commitments[6] = convertFromProofPoint(vk.qo); + commitments[7] = convertFromProofPoint(vk.q4); + commitments[8] = convertFromProofPoint(vk.qLookup); + commitments[9] = convertFromProofPoint(vk.qArith); + commitments[10] = convertFromProofPoint(vk.qDeltaRange); + commitments[11] = convertFromProofPoint(vk.qElliptic); + commitments[12] = convertFromProofPoint(vk.qAux); + commitments[13] = convertFromProofPoint(vk.qPoseidon2External); + commitments[14] = convertFromProofPoint(vk.qPoseidon2Internal); + commitments[15] = convertFromProofPoint(vk.s1); + commitments[16] = convertFromProofPoint(vk.s2); + commitments[17] = convertFromProofPoint(vk.s3); + commitments[18] = convertFromProofPoint(vk.s4); + commitments[19] = convertFromProofPoint(vk.id1); + commitments[20] = convertFromProofPoint(vk.id2); + commitments[21] = convertFromProofPoint(vk.id3); + commitments[22] = convertFromProofPoint(vk.id4); + commitments[23] = convertFromProofPoint(vk.t1); + commitments[24] = convertFromProofPoint(vk.t2); + commitments[25] = convertFromProofPoint(vk.t3); + commitments[26] = convertFromProofPoint(vk.t4); + commitments[27] = convertFromProofPoint(vk.lagrangeFirst); + commitments[28] = convertFromProofPoint(vk.lagrangeLast); // Accumulate proof points - commitments[29] = convertProofPoint(proof.w1); - commitments[30] = convertProofPoint(proof.w2); - commitments[31] = convertProofPoint(proof.w3); - commitments[32] = convertProofPoint(proof.w4); - commitments[33] = convertProofPoint(proof.zPerm); - commitments[34] = convertProofPoint(proof.lookupInverses); - commitments[35] = convertProofPoint(proof.lookupReadCounts); - commitments[36] = convertProofPoint(proof.lookupReadTags); + commitments[29] = convertFromProofPoint(proof.w1); + commitments[30] = convertFromProofPoint(proof.w2); + commitments[31] = convertFromProofPoint(proof.w3); + commitments[32] = convertFromProofPoint(proof.w4); + commitments[33] = convertFromProofPoint(proof.zPerm); + commitments[34] = convertFromProofPoint(proof.lookupInverses); + commitments[35] = convertFromProofPoint(proof.lookupReadCounts); + commitments[36] = convertFromProofPoint(proof.lookupReadTags); // to be Shifted - commitments[37] = convertProofPoint(proof.w1); - commitments[38] = convertProofPoint(proof.w2); - commitments[39] = convertProofPoint(proof.w3); - commitments[40] = convertProofPoint(proof.w4); - commitments[41] = convertProofPoint(proof.zPerm); + commitments[37] = convertFromProofPoint(proof.w1); + commitments[38] = convertFromProofPoint(proof.w2); + commitments[39] = convertFromProofPoint(proof.w3); + commitments[40] = convertFromProofPoint(proof.w4); + commitments[41] = convertFromProofPoint(proof.zPerm); /* Batch gemini claims from the prover * place the commitments to gemini aᵢ to the vector of commitments, compute the contributions from @@ -384,7 +390,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { // Update the running power of v mem.batchingChallenge = mem.batchingChallenge * tp.shplonkNu * tp.shplonkNu; - commitments[boundary + i] = convertProofPoint(proof.geminiFoldComms[i]); + commitments[boundary + i] = convertFromProofPoint(proof.geminiFoldComms[i]); } boundary += CONST_PROOF_SIZE_LOG_N - 1; @@ -408,7 +414,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { scalars[boundary + 2] = mem.batchingScalars[3]; for (uint256 i = 0; i < LIBRA_COMMITMENTS; i++) { - commitments[boundary++] = convertProofPoint(proof.libraCommitments[i]); + commitments[boundary++] = convertFromProofPoint(proof.libraCommitments[i]); } commitments[boundary] = Honk.G1Point({x: 1, y: 2}); @@ -418,7 +424,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { revert ConsistencyCheckFailed(); } - Honk.G1Point memory quotient_commitment = convertProofPoint(proof.kzgQuotient); + Honk.G1Point memory quotient_commitment = convertFromProofPoint(proof.kzgQuotient); commitments[boundary] = quotient_commitment; scalars[boundary] = tp.shplonkZ; // evaluation challenge diff --git a/barretenberg/sol/src/honk/HonkTypes.sol b/barretenberg/sol/src/honk/HonkTypes.sol index 9be28d48a534..bbdcc5abbd28 100644 --- a/barretenberg/sol/src/honk/HonkTypes.sol +++ b/barretenberg/sol/src/honk/HonkTypes.sol @@ -12,6 +12,7 @@ uint256 constant NUMBER_OF_ENTITIES = 40; uint256 constant NUMBER_UNSHIFTED = 35; uint256 constant NUMBER_TO_BE_SHIFTED = 5; uint256 constant PAIRING_POINTS_SIZE = 16; +uint256 constant VERIFICATION_KEY_LENGTH = 111; // Alphas are used as relation separators so there should be NUMBER_OF_SUBRELATIONS - 1 uint256 constant NUMBER_OF_ALPHAS = 25; @@ -80,37 +81,37 @@ library Honk { uint256 logCircuitSize; uint256 publicInputsSize; // Selectors - G1Point qm; - G1Point qc; - G1Point ql; - G1Point qr; - G1Point qo; - G1Point q4; - G1Point qLookup; // Lookup - G1Point qArith; // Arithmetic widget - G1Point qDeltaRange; // Delta Range sort - G1Point qAux; // Auxillary - G1Point qElliptic; // Auxillary - G1Point qPoseidon2External; - G1Point qPoseidon2Internal; + G1ProofPoint qm; + G1ProofPoint qc; + G1ProofPoint ql; + G1ProofPoint qr; + G1ProofPoint qo; + G1ProofPoint q4; + G1ProofPoint qLookup; // Lookup + G1ProofPoint qArith; // Arithmetic widget + G1ProofPoint qDeltaRange; // Delta Range sort + G1ProofPoint qAux; // Auxillary + G1ProofPoint qElliptic; // Auxillary + G1ProofPoint qPoseidon2External; + G1ProofPoint qPoseidon2Internal; // Copy cnstraints - G1Point s1; - G1Point s2; - G1Point s3; - G1Point s4; + G1ProofPoint s1; + G1ProofPoint s2; + G1ProofPoint s3; + G1ProofPoint s4; // Copy identity - G1Point id1; - G1Point id2; - G1Point id3; - G1Point id4; + G1ProofPoint id1; + G1ProofPoint id2; + G1ProofPoint id3; + G1ProofPoint id4; // Precomputed lookup table - G1Point t1; - G1Point t2; - G1Point t3; - G1Point t4; + G1ProofPoint t1; + G1ProofPoint t2; + G1ProofPoint t3; + G1ProofPoint t4; // Fixed first and last - G1Point lagrangeFirst; - G1Point lagrangeLast; + G1ProofPoint lagrangeFirst; + G1ProofPoint lagrangeLast; } struct RelationParameters { diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index ad453521c33f..cbfe62616f91 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -6,7 +6,8 @@ import { NUMBER_OF_ENTITIES, BATCHED_RELATION_PARTIAL_LENGTH, CONST_PROOF_SIZE_LOG_N, - PAIRING_POINTS_SIZE + PAIRING_POINTS_SIZE, + VERIFICATION_KEY_LENGTH } from "./HonkTypes.sol"; import {Fr, FrLib} from "./Fr.sol"; import {bytesToG1ProofPoint, bytesToFr} from "./utils.sol"; @@ -31,14 +32,11 @@ library TranscriptLib { function generateTranscript( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + Honk.VerificationKey memory vkey ) internal pure returns (Transcript memory t) { Fr previousChallenge; - (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset, previousChallenge - ); + (t.relationParameters, previousChallenge) = + generateRelationParametersChallenges(proof, publicInputs, vkey, previousChallenge); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -68,13 +66,10 @@ library TranscriptLib { function generateRelationParametersChallenges( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset, + Honk.VerificationKey memory vkey, Fr previousChallenge ) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) { - (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = - generateEtaChallenge(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset); + (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = generateEtaChallenge(proof, publicInputs, vkey); (rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaAndGammaChallenges(previousChallenge, proof); } @@ -82,35 +77,171 @@ library TranscriptLib { function generateEtaChallenge( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + Honk.VerificationKey memory vkey ) internal pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { - bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); - round0[0] = bytes32(circuitSize); - round0[1] = bytes32(publicInputsSize); - round0[2] = bytes32(pubInputsOffset); - for (uint256 i = 0; i < publicInputsSize - PAIRING_POINTS_SIZE; i++) { - round0[3 + i] = bytes32(publicInputs[i]); + bytes32[] memory round0 = new bytes32[](VERIFICATION_KEY_LENGTH + vkey.publicInputsSize + 12); + uint256 idx = 0; + round0[idx++] = bytes32(vkey.circuitSize); + round0[idx++] = bytes32(vkey.publicInputsSize); + round0[idx++] = bytes32(uint256(1)); + + round0[idx++] = bytes32(vkey.qm.x_0); + round0[idx++] = bytes32(vkey.qm.x_1); + round0[idx++] = bytes32(vkey.qm.y_0); + round0[idx++] = bytes32(vkey.qm.y_1); + + round0[idx++] = bytes32(vkey.qc.x_0); + round0[idx++] = bytes32(vkey.qc.x_1); + round0[idx++] = bytes32(vkey.qc.y_0); + round0[idx++] = bytes32(vkey.qc.y_1); + + round0[idx++] = bytes32(vkey.ql.x_0); + round0[idx++] = bytes32(vkey.ql.x_1); + round0[idx++] = bytes32(vkey.ql.y_0); + round0[idx++] = bytes32(vkey.ql.y_1); + + round0[idx++] = bytes32(vkey.qr.x_0); + round0[idx++] = bytes32(vkey.qr.x_1); + round0[idx++] = bytes32(vkey.qr.y_0); + round0[idx++] = bytes32(vkey.qr.y_1); + + round0[idx++] = bytes32(vkey.qo.x_0); + round0[idx++] = bytes32(vkey.qo.x_1); + round0[idx++] = bytes32(vkey.qo.y_0); + round0[idx++] = bytes32(vkey.qo.y_1); + + round0[idx++] = bytes32(vkey.q4.x_0); + round0[idx++] = bytes32(vkey.q4.x_1); + round0[idx++] = bytes32(vkey.q4.y_0); + round0[idx++] = bytes32(vkey.q4.y_1); + + round0[idx++] = bytes32(vkey.qLookup.x_0); + round0[idx++] = bytes32(vkey.qLookup.x_1); + round0[idx++] = bytes32(vkey.qLookup.y_0); + round0[idx++] = bytes32(vkey.qLookup.y_1); + + round0[idx++] = bytes32(vkey.qArith.x_0); + round0[idx++] = bytes32(vkey.qArith.x_1); + round0[idx++] = bytes32(vkey.qArith.y_0); + round0[idx++] = bytes32(vkey.qArith.y_1); + + round0[idx++] = bytes32(vkey.qDeltaRange.x_0); + round0[idx++] = bytes32(vkey.qDeltaRange.x_1); + round0[idx++] = bytes32(vkey.qDeltaRange.y_0); + round0[idx++] = bytes32(vkey.qDeltaRange.y_1); + + round0[idx++] = bytes32(vkey.qAux.x_0); + round0[idx++] = bytes32(vkey.qAux.x_1); + round0[idx++] = bytes32(vkey.qAux.y_0); + round0[idx++] = bytes32(vkey.qAux.y_1); + + round0[idx++] = bytes32(vkey.qElliptic.x_0); + round0[idx++] = bytes32(vkey.qElliptic.x_1); + round0[idx++] = bytes32(vkey.qElliptic.y_0); + round0[idx++] = bytes32(vkey.qElliptic.y_1); + + round0[idx++] = bytes32(vkey.qPoseidon2External.x_0); + round0[idx++] = bytes32(vkey.qPoseidon2External.x_1); + round0[idx++] = bytes32(vkey.qPoseidon2External.y_0); + round0[idx++] = bytes32(vkey.qPoseidon2External.y_1); + + round0[idx++] = bytes32(vkey.qPoseidon2Internal.x_0); + round0[idx++] = bytes32(vkey.qPoseidon2Internal.x_1); + round0[idx++] = bytes32(vkey.qPoseidon2Internal.y_0); + round0[idx++] = bytes32(vkey.qPoseidon2Internal.y_1); + + round0[idx++] = bytes32(vkey.s1.x_0); + round0[idx++] = bytes32(vkey.s1.x_1); + round0[idx++] = bytes32(vkey.s1.y_0); + round0[idx++] = bytes32(vkey.s1.y_1); + + round0[idx++] = bytes32(vkey.s2.x_0); + round0[idx++] = bytes32(vkey.s2.x_1); + round0[idx++] = bytes32(vkey.s2.y_0); + round0[idx++] = bytes32(vkey.s2.y_1); + + round0[idx++] = bytes32(vkey.s3.x_0); + round0[idx++] = bytes32(vkey.s3.x_1); + round0[idx++] = bytes32(vkey.s3.y_0); + round0[idx++] = bytes32(vkey.s3.y_1); + + round0[idx++] = bytes32(vkey.s4.x_0); + round0[idx++] = bytes32(vkey.s4.x_1); + round0[idx++] = bytes32(vkey.s4.y_0); + round0[idx++] = bytes32(vkey.s4.y_1); + + round0[idx++] = bytes32(vkey.id1.x_0); + round0[idx++] = bytes32(vkey.id1.x_1); + round0[idx++] = bytes32(vkey.id1.y_0); + round0[idx++] = bytes32(vkey.id1.y_1); + + round0[idx++] = bytes32(vkey.id2.x_0); + round0[idx++] = bytes32(vkey.id2.x_1); + round0[idx++] = bytes32(vkey.id2.y_0); + round0[idx++] = bytes32(vkey.id2.y_1); + + round0[idx++] = bytes32(vkey.id3.x_0); + round0[idx++] = bytes32(vkey.id3.x_1); + round0[idx++] = bytes32(vkey.id3.y_0); + round0[idx++] = bytes32(vkey.id3.y_1); + + round0[idx++] = bytes32(vkey.id4.x_0); + round0[idx++] = bytes32(vkey.id4.x_1); + round0[idx++] = bytes32(vkey.id4.y_0); + round0[idx++] = bytes32(vkey.id4.y_1); + + round0[idx++] = bytes32(vkey.t1.x_0); + round0[idx++] = bytes32(vkey.t1.x_1); + round0[idx++] = bytes32(vkey.t1.y_0); + round0[idx++] = bytes32(vkey.t1.y_1); + + round0[idx++] = bytes32(vkey.t2.x_0); + round0[idx++] = bytes32(vkey.t2.x_1); + round0[idx++] = bytes32(vkey.t2.y_0); + round0[idx++] = bytes32(vkey.t2.y_1); + + round0[idx++] = bytes32(vkey.t3.x_0); + round0[idx++] = bytes32(vkey.t3.x_1); + round0[idx++] = bytes32(vkey.t3.y_0); + round0[idx++] = bytes32(vkey.t3.y_1); + + round0[idx++] = bytes32(vkey.t4.x_0); + round0[idx++] = bytes32(vkey.t4.x_1); + round0[idx++] = bytes32(vkey.t4.y_0); + round0[idx++] = bytes32(vkey.t4.y_1); + + round0[idx++] = bytes32(vkey.lagrangeFirst.x_0); + round0[idx++] = bytes32(vkey.lagrangeFirst.x_1); + round0[idx++] = bytes32(vkey.lagrangeFirst.y_0); + round0[idx++] = bytes32(vkey.lagrangeFirst.y_1); + + round0[idx++] = bytes32(vkey.lagrangeLast.x_0); + round0[idx++] = bytes32(vkey.lagrangeLast.x_1); + round0[idx++] = bytes32(vkey.lagrangeLast.y_0); + round0[idx++] = bytes32(vkey.lagrangeLast.y_1); + + for (uint256 i = 0; i < vkey.publicInputsSize - PAIRING_POINTS_SIZE; i++) { + round0[VERIFICATION_KEY_LENGTH + i] = bytes32(publicInputs[i]); } + idx = VERIFICATION_KEY_LENGTH + vkey.publicInputsSize; for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { - round0[3 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); + round0[idx - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); } // Create the first challenge // Note: w4 is added to the challenge later on - round0[3 + publicInputsSize] = bytes32(proof.w1.x_0); - round0[3 + publicInputsSize + 1] = bytes32(proof.w1.x_1); - round0[3 + publicInputsSize + 2] = bytes32(proof.w1.y_0); - round0[3 + publicInputsSize + 3] = bytes32(proof.w1.y_1); - round0[3 + publicInputsSize + 4] = bytes32(proof.w2.x_0); - round0[3 + publicInputsSize + 5] = bytes32(proof.w2.x_1); - round0[3 + publicInputsSize + 6] = bytes32(proof.w2.y_0); - round0[3 + publicInputsSize + 7] = bytes32(proof.w2.y_1); - round0[3 + publicInputsSize + 8] = bytes32(proof.w3.x_0); - round0[3 + publicInputsSize + 9] = bytes32(proof.w3.x_1); - round0[3 + publicInputsSize + 10] = bytes32(proof.w3.y_0); - round0[3 + publicInputsSize + 11] = bytes32(proof.w3.y_1); + round0[idx] = bytes32(proof.w1.x_0); + round0[idx + 1] = bytes32(proof.w1.x_1); + round0[idx + 2] = bytes32(proof.w1.y_0); + round0[idx + 3] = bytes32(proof.w1.y_1); + round0[idx + 4] = bytes32(proof.w2.x_0); + round0[idx + 5] = bytes32(proof.w2.x_1); + round0[idx + 6] = bytes32(proof.w2.y_0); + round0[idx + 7] = bytes32(proof.w2.y_1); + round0[idx + 8] = bytes32(proof.w3.x_0); + round0[idx + 9] = bytes32(proof.w3.x_1); + round0[idx + 10] = bytes32(proof.w3.y_0); + round0[idx + 11] = bytes32(proof.w3.y_1); previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0))); (eta, etaTwo) = splitChallenge(previousChallenge); @@ -286,7 +417,7 @@ library TranscriptLib { // TODO(https://github.com/AztecProtocol/barretenberg/issues/1236) function loadProof(bytes calldata proof) internal pure returns (Honk.Proof memory p) { // TODO(https://github.com/AztecProtocol/barretenberg/issues/1332): Optimize this away when we finalize. - uint256 boundary = 0x0; + uint256 boundary = 0x0; // Pairing point object for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { diff --git a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol index fd707df7e7fd..c0703649cdbc 100644 --- a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol @@ -14,113 +14,167 @@ library Add2HonkVerificationKey { circuitSize: uint256(4096), logCircuitSize: uint256(12), publicInputsSize: uint256(19), - ql: Honk.G1Point({ - x: uint256(0x0480a80b708d88511983399d7d454290cd7fc44f01efd7cd0adabac1da5209b7), - y: uint256(0x2ae668b0ee73a123a9d90f5783ad3d938b72e3c7ff79fcccab796e842df5300e) - }), - qr: Honk.G1Point({ - x: uint256(0x1e7aa9fecacfbc874d011c148d75930b51c940588e6a380e41f799f9c69cfb88), - y: uint256(0x0b9b4ac921dfc8ce57cd538fbf365383670134d46e36172ddd5e919aab0f69fe) - }), - qo: Honk.G1Point({ - x: uint256(0x1437c61970e925d118c52500d70fdec2627ebaf11f852f8e66a76b82afa3ea93), - y: uint256(0x040aed815fb4f06a542b29eab919ba12c05fcec2b8bfc3fc17f17252b351c403) - }), - q4: Honk.G1Point({ - x: uint256(0x130299a3b761af9bf2809e404253b8dc1b8e6407be62e0a89f4106ca49b0033a), - y: uint256(0x0ef4c1da391bce25d5409f561aa780d47421ea5ad41c47a349d856e28f77dec0) - }), - qm: Honk.G1Point({ - x: uint256(0x188b95520aec60631d6c9f859d03f2660aa5396ebf6027e62138cfc688e5cfe3), - y: uint256(0x235b0bf1b35296e3fb8fd63cac59c1dca6cfdfa55c8fe77761274d12e666faf3) - }), - qc: Honk.G1Point({ - x: uint256(0x21d8806ac728214aef9480cd6dceaab8c9a1683787bb21423977d63da55d960c), - y: uint256(0x1e71d022986981a229c8c5285409169bf87b9d5b84027a71f29c1359ffabeac1) - }), - qArith: Honk.G1Point({ - x: uint256(0x1825408d0a4ad62b99c1e6929154bad54a08a289b15dab146e2fb6fa0573a023), - y: uint256(0x141d09f0721f2b88a1916e6535ab3daa95c19a8136892c58d1ed0f77868a6df1) - }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x25e69836196abcbacfc1c9a2bf7cc19417d235d8583a345fe1df0337c86f0c28), - y: uint256(0x00125a28683d96529c25b43a56648781127e4c1aec43349a37abdb4b77598a7a) - }), - qElliptic: Honk.G1Point({ - x: uint256(0x025c989a5fbbc39a745dfa0c526d1b2c120d25144b16975f344bb8e0911f50aa), - y: uint256(0x17dcb48f840e14a56297e5e157ab5d29c1683a4f2321682c17677f325c27de6a) - }), - qAux: Honk.G1Point({ - x: uint256(0x0cdc2b5a596a86075ab9b8002e5d059f5892fd0adca08af7396603fc72b0bce0), - y: uint256(0x23878876a1de9fe1501ce3c87e0c114f5e6674ea0ef1783f6ab01456d29b8b2c) - }), - qLookup: Honk.G1Point({ - x: uint256(0x0073e7c223dd4f3e4734c4d9d9c9df394bd2eee2e12bac2fc49429a0443ec8b0), - y: uint256(0x20fac57db30195c2427a75a4d67231c1d1c74c8f84f009ab21d3c88e9657403d) - }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x2e9f808391ab789a4ab3535811011dbe1c6f8744e1d54c948f8d627d538fb965), - y: uint256(0x089a480cc0c16c07ec1621b2917fbf6130f90c4da39e70a7213c6ebbf8768e05) - }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x1e05165b8e92a199adc11aafdf37b7fa23724206b82e0864add6d4d3ef15d891), - y: uint256(0x1490b97e14d7a87ab24c2506b31a5f1c19e519f9e46735398b7d7d3a6e8b6291) - }), - s1: Honk.G1Point({ - x: uint256(0x16cda87b3802f84584944045d649e71fa3d94bef9516a02dc5b65e4d0c00ec9e), - y: uint256(0x2da20b51668b47d0171289f24d05b1103ac3dbeca063759c4a6f0263c34cb9bb) - }), - s2: Honk.G1Point({ - x: uint256(0x29ebded87910c73b9a7a38696b4f524c210dc9cbc925503e63f5179a0063bbf3), - y: uint256(0x198b83df6c73f8270c4947b862eb8e545a0099dd6e91461a238cdb3ae1fa8e54) - }), - s3: Honk.G1Point({ - x: uint256(0x1f5a56c28eb137b2cea1d02d685a239b001bb1d7a4edcdff6f11f9712720499c), - y: uint256(0x072be0750ed4fa1b7a05e0cd3e433bdf460f08812d4ef890aab546a99f2004a3) - }), - s4: Honk.G1Point({ - x: uint256(0x20e3972fd9811bbcca299306ef497d05572088c59670057dc4dae8048b4aba2c), - y: uint256(0x04f23dc95589380c68db9f021154e99b7fc366955b28f8929f760fae9110562e) - }), - t1: Honk.G1Point({ - x: uint256(0x004067623374b7c3965c7d8444b57ac2d81269c7eb3cb4f7b16568b2f8234c96), - y: uint256(0x0e605f3ad72203e21301ef1b5333cae1d8063220d1996854beb0c4fbc33bba9d) - }), - t2: Honk.G1Point({ - x: uint256(0x17aafa80bf54a7e6cc66472f9ccd70efa5044207a95191716ba0195b5a432266), - y: uint256(0x233ecaca2ddbebb0484a44e6f55b8c8614c7b5e0ce31b51d59d6b21322a307a1) - }), - t3: Honk.G1Point({ - x: uint256(0x1466af934dc34b082708b0a26a61dae7d9d859cbd4661cfab6abf34e827d9d2a), - y: uint256(0x2666bf4c8a2aef1ab89aafded315580561c9d4a13f3ac4b255b478f544590eda) - }), - t4: Honk.G1Point({ - x: uint256(0x0765bf6645e4cf63f05d9b0efd06acebce309c685a3b05e613574ccd7316677c), - y: uint256(0x09770f145625290cdcb08bae4e6f0a26897b5988fbaf9529e0a3326bfdb537ae) - }), - id1: Honk.G1Point({ - x: uint256(0x0ffce107ff8ebcb19b485768694ea436c218020919c9ab3d6e514ba59ee6e2f6), - y: uint256(0x00b7d25d98e26c1d80ca46c3cb684bbdda7ba4e34973c8a9d574151b0f365986) - }), - id2: Honk.G1Point({ - x: uint256(0x1fb7a537b284e0a8dd00b5b6f6818776cc0a6b9782177cd62ee09f1ee019026d), - y: uint256(0x173f13ad7ecab8c2a508ea61c34542e00255cef4e0b6fa411b3ddfe1618f4cde) - }), - id3: Honk.G1Point({ - x: uint256(0x197f3201b9f527fffe064a8498a3b38e3e684a818b41a80e710b5cc2280e7495), - y: uint256(0x03d64a4e046d0116a4755c761941b7df2a1cafef4aca04d7f9e6d6263ed05e58) - }), - id4: Honk.G1Point({ - x: uint256(0x2fd2cbd4d1473616cdd20e762cbf86625d6af6bcd61ad68604d47173129a4ca0), - y: uint256(0x12f80941ba7c8d911e25468671150c17c843dfba54c895e16bdbc34f64053b03) - }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) - }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x07f297c18cac336c36c9f1bf47a6cc72a29897c839975dc0ea851e7389daef00), - y: uint256(0x2718595b1a90d94e57e7a01055dcbf70ec06a323403044676a660e3719cd822c) + ql: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000090cd7fc44f01efd7cd0adabac1da5209b7), + x_1: uint256(0x00000000000000000000000000000000000480a80b708d88511983399d7d4542), + y_0: uint256(0x000000000000000000000000000000938b72e3c7ff79fcccab796e842df5300e), + y_1: uint256(0x00000000000000000000000000000000002ae668b0ee73a123a9d90f5783ad3d) + }), + qr: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000000b51c940588e6a380e41f799f9c69cfb88), + x_1: uint256(0x00000000000000000000000000000000001e7aa9fecacfbc874d011c148d7593), + y_0: uint256(0x00000000000000000000000000000083670134d46e36172ddd5e919aab0f69fe), + y_1: uint256(0x00000000000000000000000000000000000b9b4ac921dfc8ce57cd538fbf3653) + }), + qo: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c2627ebaf11f852f8e66a76b82afa3ea93), + x_1: uint256(0x00000000000000000000000000000000001437c61970e925d118c52500d70fde), + y_0: uint256(0x00000000000000000000000000000012c05fcec2b8bfc3fc17f17252b351c403), + y_1: uint256(0x0000000000000000000000000000000000040aed815fb4f06a542b29eab919ba) + }), + q4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000dc1b8e6407be62e0a89f4106ca49b0033a), + x_1: uint256(0x0000000000000000000000000000000000130299a3b761af9bf2809e404253b8), + y_0: uint256(0x000000000000000000000000000000d47421ea5ad41c47a349d856e28f77dec0), + y_1: uint256(0x00000000000000000000000000000000000ef4c1da391bce25d5409f561aa780) + }), + qm: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000660aa5396ebf6027e62138cfc688e5cfe3), + x_1: uint256(0x0000000000000000000000000000000000188b95520aec60631d6c9f859d03f2), + y_0: uint256(0x000000000000000000000000000000dca6cfdfa55c8fe77761274d12e666faf3), + y_1: uint256(0x0000000000000000000000000000000000235b0bf1b35296e3fb8fd63cac59c1) + }), + qc: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000b8c9a1683787bb21423977d63da55d960c), + x_1: uint256(0x000000000000000000000000000000000021d8806ac728214aef9480cd6dceaa), + y_0: uint256(0x0000000000000000000000000000009bf87b9d5b84027a71f29c1359ffabeac1), + y_1: uint256(0x00000000000000000000000000000000001e71d022986981a229c8c528540916) + }), + qArith: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000d54a08a289b15dab146e2fb6fa0573a023), + x_1: uint256(0x00000000000000000000000000000000001825408d0a4ad62b99c1e6929154ba), + y_0: uint256(0x000000000000000000000000000000aa95c19a8136892c58d1ed0f77868a6df1), + y_1: uint256(0x0000000000000000000000000000000000141d09f0721f2b88a1916e6535ab3d) + }), + qDeltaRange: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000009417d235d8583a345fe1df0337c86f0c28), + x_1: uint256(0x000000000000000000000000000000000025e69836196abcbacfc1c9a2bf7cc1), + y_0: uint256(0x00000000000000000000000000000081127e4c1aec43349a37abdb4b77598a7a), + y_1: uint256(0x000000000000000000000000000000000000125a28683d96529c25b43a566487) + }), + qElliptic: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000002c120d25144b16975f344bb8e0911f50aa), + x_1: uint256(0x0000000000000000000000000000000000025c989a5fbbc39a745dfa0c526d1b), + y_0: uint256(0x00000000000000000000000000000029c1683a4f2321682c17677f325c27de6a), + y_1: uint256(0x000000000000000000000000000000000017dcb48f840e14a56297e5e157ab5d) + }), + qAux: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000009f5892fd0adca08af7396603fc72b0bce0), + x_1: uint256(0x00000000000000000000000000000000000cdc2b5a596a86075ab9b8002e5d05), + y_0: uint256(0x0000000000000000000000000000004f5e6674ea0ef1783f6ab01456d29b8b2c), + y_1: uint256(0x000000000000000000000000000000000023878876a1de9fe1501ce3c87e0c11) + }), + qLookup: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000394bd2eee2e12bac2fc49429a0443ec8b0), + x_1: uint256(0x00000000000000000000000000000000000073e7c223dd4f3e4734c4d9d9c9df), + y_0: uint256(0x000000000000000000000000000000c1d1c74c8f84f009ab21d3c88e9657403d), + y_1: uint256(0x000000000000000000000000000000000020fac57db30195c2427a75a4d67231) + }), + qPoseidon2External: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000be1c6f8744e1d54c948f8d627d538fb965), + x_1: uint256(0x00000000000000000000000000000000002e9f808391ab789a4ab3535811011d), + y_0: uint256(0x0000000000000000000000000000006130f90c4da39e70a7213c6ebbf8768e05), + y_1: uint256(0x0000000000000000000000000000000000089a480cc0c16c07ec1621b2917fbf) + }), + qPoseidon2Internal: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000fa23724206b82e0864add6d4d3ef15d891), + x_1: uint256(0x00000000000000000000000000000000001e05165b8e92a199adc11aafdf37b7), + y_0: uint256(0x0000000000000000000000000000001c19e519f9e46735398b7d7d3a6e8b6291), + y_1: uint256(0x00000000000000000000000000000000001490b97e14d7a87ab24c2506b31a5f) + }), + s1: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000001fa3d94bef9516a02dc5b65e4d0c00ec9e), + x_1: uint256(0x000000000000000000000000000000000016cda87b3802f84584944045d649e7), + y_0: uint256(0x000000000000000000000000000000103ac3dbeca063759c4a6f0263c34cb9bb), + y_1: uint256(0x00000000000000000000000000000000002da20b51668b47d0171289f24d05b1) + }), + s2: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000004c210dc9cbc925503e63f5179a0063bbf3), + x_1: uint256(0x000000000000000000000000000000000029ebded87910c73b9a7a38696b4f52), + y_0: uint256(0x000000000000000000000000000000545a0099dd6e91461a238cdb3ae1fa8e54), + y_1: uint256(0x0000000000000000000000000000000000198b83df6c73f8270c4947b862eb8e) + }), + s3: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000009b001bb1d7a4edcdff6f11f9712720499c), + x_1: uint256(0x00000000000000000000000000000000001f5a56c28eb137b2cea1d02d685a23), + y_0: uint256(0x000000000000000000000000000000df460f08812d4ef890aab546a99f2004a3), + y_1: uint256(0x0000000000000000000000000000000000072be0750ed4fa1b7a05e0cd3e433b) + }), + s4: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000005572088c59670057dc4dae8048b4aba2c), + x_1: uint256(0x000000000000000000000000000000000020e3972fd9811bbcca299306ef497d), + y_0: uint256(0x0000000000000000000000000000009b7fc366955b28f8929f760fae9110562e), + y_1: uint256(0x000000000000000000000000000000000004f23dc95589380c68db9f021154e9) + }), + t1: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c2d81269c7eb3cb4f7b16568b2f8234c96), + x_1: uint256(0x0000000000000000000000000000000000004067623374b7c3965c7d8444b57a), + y_0: uint256(0x000000000000000000000000000000e1d8063220d1996854beb0c4fbc33bba9d), + y_1: uint256(0x00000000000000000000000000000000000e605f3ad72203e21301ef1b5333ca) + }), + t2: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000efa5044207a95191716ba0195b5a432266), + x_1: uint256(0x000000000000000000000000000000000017aafa80bf54a7e6cc66472f9ccd70), + y_0: uint256(0x0000000000000000000000000000008614c7b5e0ce31b51d59d6b21322a307a1), + y_1: uint256(0x0000000000000000000000000000000000233ecaca2ddbebb0484a44e6f55b8c) + }), + t3: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000e7d9d859cbd4661cfab6abf34e827d9d2a), + x_1: uint256(0x00000000000000000000000000000000001466af934dc34b082708b0a26a61da), + y_0: uint256(0x0000000000000000000000000000000561c9d4a13f3ac4b255b478f544590eda), + y_1: uint256(0x00000000000000000000000000000000002666bf4c8a2aef1ab89aafded31558) + }), + t4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000ebce309c685a3b05e613574ccd7316677c), + x_1: uint256(0x00000000000000000000000000000000000765bf6645e4cf63f05d9b0efd06ac), + y_0: uint256(0x00000000000000000000000000000026897b5988fbaf9529e0a3326bfdb537ae), + y_1: uint256(0x000000000000000000000000000000000009770f145625290cdcb08bae4e6f0a) + }), + id1: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000036c218020919c9ab3d6e514ba59ee6e2f6), + x_1: uint256(0x00000000000000000000000000000000000ffce107ff8ebcb19b485768694ea4), + y_0: uint256(0x000000000000000000000000000000bdda7ba4e34973c8a9d574151b0f365986), + y_1: uint256(0x000000000000000000000000000000000000b7d25d98e26c1d80ca46c3cb684b) + }), + id2: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000076cc0a6b9782177cd62ee09f1ee019026d), + x_1: uint256(0x00000000000000000000000000000000001fb7a537b284e0a8dd00b5b6f68187), + y_0: uint256(0x000000000000000000000000000000e00255cef4e0b6fa411b3ddfe1618f4cde), + y_1: uint256(0x0000000000000000000000000000000000173f13ad7ecab8c2a508ea61c34542) + }), + id3: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000008e3e684a818b41a80e710b5cc2280e7495), + x_1: uint256(0x0000000000000000000000000000000000197f3201b9f527fffe064a8498a3b3), + y_0: uint256(0x000000000000000000000000000000df2a1cafef4aca04d7f9e6d6263ed05e58), + y_1: uint256(0x000000000000000000000000000000000003d64a4e046d0116a4755c761941b7) + }), + id4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000625d6af6bcd61ad68604d47173129a4ca0), + x_1: uint256(0x00000000000000000000000000000000002fd2cbd4d1473616cdd20e762cbf86), + y_0: uint256(0x00000000000000000000000000000017c843dfba54c895e16bdbc34f64053b03), + y_1: uint256(0x000000000000000000000000000000000012f80941ba7c8d911e25468671150c) + }), + lagrangeFirst: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + x_1: uint256(0x0000000000000000000000000000000000000000000000000000000000000000), + y_0: uint256(0x0000000000000000000000000000000000000000000000000000000000000002), + y_1: uint256(0x0000000000000000000000000000000000000000000000000000000000000000) + }), + lagrangeLast: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000072a29897c839975dc0ea851e7389daef00), + x_1: uint256(0x000000000000000000000000000000000007f297c18cac336c36c9f1bf47a6cc), + y_0: uint256(0x00000000000000000000000000000070ec06a323403044676a660e3719cd822c), + y_1: uint256(0x00000000000000000000000000000000002718595b1a90d94e57e7a01055dcbf) }) }); return vk; diff --git a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol index c4a1a1a45ffc..142a053bd574 100644 --- a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol @@ -14,113 +14,167 @@ library BlakeHonkVerificationKey { circuitSize: uint256(32768), logCircuitSize: uint256(15), publicInputsSize: uint256(20), - ql: Honk.G1Point({ - x: uint256(0x115e3064ce0d1902d88a45412627d38c449e7258ef578f762a0edc5d94a69f7f), - y: uint256(0x04d77d850fd9394bbf0627638138579df3e738a90b5df30618acf987c622ca9e) - }), - qr: Honk.G1Point({ - x: uint256(0x1eabb58777064b859ef128816b80709b2cd29893dea2ec5c6635f3cfa54d7c49), - y: uint256(0x0d71eea187e1217b4de428b8f4476b86c6cbd329e0f269523f21d72730b10915) - }), - qo: Honk.G1Point({ - x: uint256(0x18a4d5e2f02048d39880c46698c9f2dbacc17bb85afe09cf6bc5e5937de3070c), - y: uint256(0x00d9c34933a6b7489e085430107e19c9b0d3838cc8e7ad9690c67eb8f1f61d39) - }), - q4: Honk.G1Point({ - x: uint256(0x0939df76172d60df8619459591c4988be2c040b89ac1169fc5fac7b42798d783), - y: uint256(0x10011e73c0fd0863f50c59863df5014ba9aec1a6a562db6ea5cc71e4d91afb10) - }), - qm: Honk.G1Point({ - x: uint256(0x1ea0204fa1dfd03dc76c7b29af453df4dd44206c1238b21fe0bc82aa9c4f83a3), - y: uint256(0x198fbb3c1e1b819b6131bd610b5951d55c61a9482207a920b85ec810b44c9604) - }), - qc: Honk.G1Point({ - x: uint256(0x2dc3ddd755b14dc838cf9de2646b8ffa12a978c73f2ec514616a6da143098a7e), - y: uint256(0x01946c68cde5e83f9e8cf4520e0697857b6b8365178ebf410618d377f88c95fa) - }), - qArith: Honk.G1Point({ - x: uint256(0x0754a05a7b0ded53c11a90be37ef3cd446156d668e2b2d44587434c6782c9b43), - y: uint256(0x1ca2f2baee2947949c96d4f01916ef586dfc07bf14cb36da863c7ce5902a743c) - }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x1d39e78f3e8378c6efc2883b5a8bc64b4b7738bf64b0e78c2a18336338e6bd43), - y: uint256(0x1e1bb6035c72725eeb7aa44c8de7edd98e1c2cc5acfc372f0f4ae8b5b1e5412e) - }), - qElliptic: Honk.G1Point({ - x: uint256(0x2cbe532bc40df99ee508abb727d66b82d71df3a7053c84261b22a67822fb4669), - y: uint256(0x1b9f8592c9f0d31d7e31ddf0b1cb7a628dd6b36981326cf26b39ef93ce8a2b3e) - }), - qAux: Honk.G1Point({ - x: uint256(0x09334fbfb06d65ac1e96591f4d240ef044367d444223342c442df4072f372f02), - y: uint256(0x2c112fc650083c2cce5fff4c60dfd3046d83063a8487380e19faef177125fdde) - }), - qLookup: Honk.G1Point({ - x: uint256(0x2f52fd71248e5fb7fcda49e0778edcf84065f4c837dc259c99350f66d2756526), - y: uint256(0x07f7f722d2341b84f37e028a0993f9ba6eb0539524e258a6666f2149f7edba7e) - }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x0255991ffa6154ef35ac35226a51cd69a1d5a7aae7cf2d58294e8b446abcd609), - y: uint256(0x0908b9ecc3d57b74c222268138c0d8205342e6aaaeb631a5001b64519f9195e2) - }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x14d780dd1182b550dc9e1e7b8b42a4f129d4777c663fce0a650e4e861c040457), - y: uint256(0x1f224dc8040f13db95bfa9a5701d9f138362b9d1050bd6289001a0fcf144d3c1) - }), - s1: Honk.G1Point({ - x: uint256(0x265933d8e907e2ed4e379a4e2b51ed6e4284ea7edeb23d8cf0b04f0110849472), - y: uint256(0x2713d51753ccc918db8bc11011d7d35ae52cd66c3867d74fa81e12effc772262) - }), - s2: Honk.G1Point({ - x: uint256(0x041bb070dbfd243a1c648804cc63cb224923caf54a897b8344e34297163c0011), - y: uint256(0x10870cff36d0f31118cfed58df2da00923c7f53797d0d31a3ad9c229405b7401) - }), - s3: Honk.G1Point({ - x: uint256(0x165d13860c8bba49d859124352c27793075dc6f3356a7e98a72d03ef1139399f), - y: uint256(0x2eaca55d91caec223f841e243c09d70fa11d145ceb825507c5455bab280a5d2e) - }), - s4: Honk.G1Point({ - x: uint256(0x2592f1a21a8fce21312342077dbc0ceebfa83b15d22cadf94de883f4fe000e44), - y: uint256(0x0260addaf4ec113430f54f75091c91bdce1f2e0e1205bfc6a140991729303982) - }), - t1: Honk.G1Point({ - x: uint256(0x2d063c46ff66cce30b90a92ac814ecdb93e8f4881222ee7ce76651bf3ad54e07), - y: uint256(0x0215718164a2dbf8fc7da2fcf053b162d84e8703001218f0ad90d1f8d7526ba0) - }), - t2: Honk.G1Point({ - x: uint256(0x1bdccd1181f8c909975dd24a69fd1c26ed6e513cd237106bacd9ac5e790374f2), - y: uint256(0x1ba438e74f962c1b769f452da854110d0635d48e4d74d282ad06ae0e2830ac91) - }), - t3: Honk.G1Point({ - x: uint256(0x21313b069a809e1ab2df2a959cfd9a407933547daf0af170b0e6851d5f4e1014), - y: uint256(0x11a24ca630551e13681edd34cb75746b12ee1806cc3c2c7e670f3a1bb4f30a1f) - }), - t4: Honk.G1Point({ - x: uint256(0x2a0724cfe33e0ee4b3f81929ef0cd1da5e113987c9aed1534cca51dae3d9bc2d), - y: uint256(0x26983a78aa5c4f3103c7e6128a32f0fae2779a6f0efb2b60facdd09153d403c9) - }), - id1: Honk.G1Point({ - x: uint256(0x108a388fa302e6a432528ac33f9ce65e4bf4a306dfa533e44116c9461cb4d407), - y: uint256(0x1f7dcfd47f7897e447a5e123fa59098b5dcdc2dd1d3eb8ffc1af1aaec6c251d2) - }), - id2: Honk.G1Point({ - x: uint256(0x225f566aa16bd6e985105c1d688604cd7ff3954cba18cf3055b7c100802f88f2), - y: uint256(0x23c4b52272dcb424cf71be52cf0510989a57591ce77b75983e09a99f3c780667) - }), - id3: Honk.G1Point({ - x: uint256(0x0917a974f368ea96893873aa81331212643b96a97aca0a845eec877458793133), - y: uint256(0x27cb067cbf4f35ac28c80349a519053523be15116d01da7e20f6cc4eeb0535e2) - }), - id4: Honk.G1Point({ - x: uint256(0x2f654ca3ffff6135134b1d94888c19792a32df73d065a52a865c900d4c75e62a), - y: uint256(0x07a88ccd1274fb49dfc7e7c6f2586737f319b6de1a8aa62a17a40a50f367b093) - }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) - }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x126c0ccd8276d578c5f98365a2a294e0af899dcc0407010932550b4a744a37c3), - y: uint256(0x274ff54e770ab182b2e720316fd2ac2c8132c04167e3f41cbe298742ca822bd7) + ql: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000008c449e7258ef578f762a0edc5d94a69f7f), + x_1: uint256(0x0000000000000000000000000000000000115e3064ce0d1902d88a45412627d3), + y_0: uint256(0x0000000000000000000000000000009df3e738a90b5df30618acf987c622ca9e), + y_1: uint256(0x000000000000000000000000000000000004d77d850fd9394bbf062763813857) + }), + qr: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000009b2cd29893dea2ec5c6635f3cfa54d7c49), + x_1: uint256(0x00000000000000000000000000000000001eabb58777064b859ef128816b8070), + y_0: uint256(0x00000000000000000000000000000086c6cbd329e0f269523f21d72730b10915), + y_1: uint256(0x00000000000000000000000000000000000d71eea187e1217b4de428b8f4476b) + }), + qo: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000dbacc17bb85afe09cf6bc5e5937de3070c), + x_1: uint256(0x000000000000000000000000000000000018a4d5e2f02048d39880c46698c9f2), + y_0: uint256(0x000000000000000000000000000000c9b0d3838cc8e7ad9690c67eb8f1f61d39), + y_1: uint256(0x000000000000000000000000000000000000d9c34933a6b7489e085430107e19) + }), + q4: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000008be2c040b89ac1169fc5fac7b42798d783), + x_1: uint256(0x00000000000000000000000000000000000939df76172d60df8619459591c498), + y_0: uint256(0x0000000000000000000000000000004ba9aec1a6a562db6ea5cc71e4d91afb10), + y_1: uint256(0x000000000000000000000000000000000010011e73c0fd0863f50c59863df501) + }), + qm: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000f4dd44206c1238b21fe0bc82aa9c4f83a3), + x_1: uint256(0x00000000000000000000000000000000001ea0204fa1dfd03dc76c7b29af453d), + y_0: uint256(0x000000000000000000000000000000d55c61a9482207a920b85ec810b44c9604), + y_1: uint256(0x0000000000000000000000000000000000198fbb3c1e1b819b6131bd610b5951) + }), + qc: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000fa12a978c73f2ec514616a6da143098a7e), + x_1: uint256(0x00000000000000000000000000000000002dc3ddd755b14dc838cf9de2646b8f), + y_0: uint256(0x000000000000000000000000000000857b6b8365178ebf410618d377f88c95fa), + y_1: uint256(0x000000000000000000000000000000000001946c68cde5e83f9e8cf4520e0697) + }), + qArith: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000d446156d668e2b2d44587434c6782c9b43), + x_1: uint256(0x00000000000000000000000000000000000754a05a7b0ded53c11a90be37ef3c), + y_0: uint256(0x000000000000000000000000000000586dfc07bf14cb36da863c7ce5902a743c), + y_1: uint256(0x00000000000000000000000000000000001ca2f2baee2947949c96d4f01916ef) + }), + qDeltaRange: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000004b4b7738bf64b0e78c2a18336338e6bd43), + x_1: uint256(0x00000000000000000000000000000000001d39e78f3e8378c6efc2883b5a8bc6), + y_0: uint256(0x000000000000000000000000000000d98e1c2cc5acfc372f0f4ae8b5b1e5412e), + y_1: uint256(0x00000000000000000000000000000000001e1bb6035c72725eeb7aa44c8de7ed) + }), + qElliptic: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000082d71df3a7053c84261b22a67822fb4669), + x_1: uint256(0x00000000000000000000000000000000002cbe532bc40df99ee508abb727d66b), + y_0: uint256(0x000000000000000000000000000000628dd6b36981326cf26b39ef93ce8a2b3e), + y_1: uint256(0x00000000000000000000000000000000001b9f8592c9f0d31d7e31ddf0b1cb7a) + }), + qAux: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000f044367d444223342c442df4072f372f02), + x_1: uint256(0x000000000000000000000000000000000009334fbfb06d65ac1e96591f4d240e), + y_0: uint256(0x000000000000000000000000000000046d83063a8487380e19faef177125fdde), + y_1: uint256(0x00000000000000000000000000000000002c112fc650083c2cce5fff4c60dfd3) + }), + qLookup: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000f84065f4c837dc259c99350f66d2756526), + x_1: uint256(0x00000000000000000000000000000000002f52fd71248e5fb7fcda49e0778edc), + y_0: uint256(0x000000000000000000000000000000ba6eb0539524e258a6666f2149f7edba7e), + y_1: uint256(0x000000000000000000000000000000000007f7f722d2341b84f37e028a0993f9) + }), + qPoseidon2External: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000069a1d5a7aae7cf2d58294e8b446abcd609), + x_1: uint256(0x00000000000000000000000000000000000255991ffa6154ef35ac35226a51cd), + y_0: uint256(0x000000000000000000000000000000205342e6aaaeb631a5001b64519f9195e2), + y_1: uint256(0x00000000000000000000000000000000000908b9ecc3d57b74c222268138c0d8) + }), + qPoseidon2Internal: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000f129d4777c663fce0a650e4e861c040457), + x_1: uint256(0x000000000000000000000000000000000014d780dd1182b550dc9e1e7b8b42a4), + y_0: uint256(0x000000000000000000000000000000138362b9d1050bd6289001a0fcf144d3c1), + y_1: uint256(0x00000000000000000000000000000000001f224dc8040f13db95bfa9a5701d9f) + }), + s1: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000006e4284ea7edeb23d8cf0b04f0110849472), + x_1: uint256(0x0000000000000000000000000000000000265933d8e907e2ed4e379a4e2b51ed), + y_0: uint256(0x0000000000000000000000000000005ae52cd66c3867d74fa81e12effc772262), + y_1: uint256(0x00000000000000000000000000000000002713d51753ccc918db8bc11011d7d3) + }), + s2: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000224923caf54a897b8344e34297163c0011), + x_1: uint256(0x0000000000000000000000000000000000041bb070dbfd243a1c648804cc63cb), + y_0: uint256(0x0000000000000000000000000000000923c7f53797d0d31a3ad9c229405b7401), + y_1: uint256(0x000000000000000000000000000000000010870cff36d0f31118cfed58df2da0) + }), + s3: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000093075dc6f3356a7e98a72d03ef1139399f), + x_1: uint256(0x0000000000000000000000000000000000165d13860c8bba49d859124352c277), + y_0: uint256(0x0000000000000000000000000000000fa11d145ceb825507c5455bab280a5d2e), + y_1: uint256(0x00000000000000000000000000000000002eaca55d91caec223f841e243c09d7) + }), + s4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000eebfa83b15d22cadf94de883f4fe000e44), + x_1: uint256(0x00000000000000000000000000000000002592f1a21a8fce21312342077dbc0c), + y_0: uint256(0x000000000000000000000000000000bdce1f2e0e1205bfc6a140991729303982), + y_1: uint256(0x00000000000000000000000000000000000260addaf4ec113430f54f75091c91) + }), + t1: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000db93e8f4881222ee7ce76651bf3ad54e07), + x_1: uint256(0x00000000000000000000000000000000002d063c46ff66cce30b90a92ac814ec), + y_0: uint256(0x00000000000000000000000000000062d84e8703001218f0ad90d1f8d7526ba0), + y_1: uint256(0x00000000000000000000000000000000000215718164a2dbf8fc7da2fcf053b1) + }), + t2: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000026ed6e513cd237106bacd9ac5e790374f2), + x_1: uint256(0x00000000000000000000000000000000001bdccd1181f8c909975dd24a69fd1c), + y_0: uint256(0x0000000000000000000000000000000d0635d48e4d74d282ad06ae0e2830ac91), + y_1: uint256(0x00000000000000000000000000000000001ba438e74f962c1b769f452da85411) + }), + t3: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000407933547daf0af170b0e6851d5f4e1014), + x_1: uint256(0x000000000000000000000000000000000021313b069a809e1ab2df2a959cfd9a), + y_0: uint256(0x0000000000000000000000000000006b12ee1806cc3c2c7e670f3a1bb4f30a1f), + y_1: uint256(0x000000000000000000000000000000000011a24ca630551e13681edd34cb7574) + }), + t4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000da5e113987c9aed1534cca51dae3d9bc2d), + x_1: uint256(0x00000000000000000000000000000000002a0724cfe33e0ee4b3f81929ef0cd1), + y_0: uint256(0x000000000000000000000000000000fae2779a6f0efb2b60facdd09153d403c9), + y_1: uint256(0x000000000000000000000000000000000026983a78aa5c4f3103c7e6128a32f0) + }), + id1: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000005e4bf4a306dfa533e44116c9461cb4d407), + x_1: uint256(0x0000000000000000000000000000000000108a388fa302e6a432528ac33f9ce6), + y_0: uint256(0x0000000000000000000000000000008b5dcdc2dd1d3eb8ffc1af1aaec6c251d2), + y_1: uint256(0x00000000000000000000000000000000001f7dcfd47f7897e447a5e123fa5909) + }), + id2: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000cd7ff3954cba18cf3055b7c100802f88f2), + x_1: uint256(0x0000000000000000000000000000000000225f566aa16bd6e985105c1d688604), + y_0: uint256(0x000000000000000000000000000000989a57591ce77b75983e09a99f3c780667), + y_1: uint256(0x000000000000000000000000000000000023c4b52272dcb424cf71be52cf0510) + }), + id3: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000012643b96a97aca0a845eec877458793133), + x_1: uint256(0x00000000000000000000000000000000000917a974f368ea96893873aa813312), + y_0: uint256(0x0000000000000000000000000000003523be15116d01da7e20f6cc4eeb0535e2), + y_1: uint256(0x000000000000000000000000000000000027cb067cbf4f35ac28c80349a51905) + }), + id4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000792a32df73d065a52a865c900d4c75e62a), + x_1: uint256(0x00000000000000000000000000000000002f654ca3ffff6135134b1d94888c19), + y_0: uint256(0x00000000000000000000000000000037f319b6de1a8aa62a17a40a50f367b093), + y_1: uint256(0x000000000000000000000000000000000007a88ccd1274fb49dfc7e7c6f25867) + }), + lagrangeFirst: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + x_1: uint256(0x0000000000000000000000000000000000000000000000000000000000000000), + y_0: uint256(0x0000000000000000000000000000000000000000000000000000000000000002), + y_1: uint256(0x0000000000000000000000000000000000000000000000000000000000000000) + }), + lagrangeLast: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000e0af899dcc0407010932550b4a744a37c3), + x_1: uint256(0x0000000000000000000000000000000000126c0ccd8276d578c5f98365a2a294), + y_0: uint256(0x0000000000000000000000000000002c8132c04167e3f41cbe298742ca822bd7), + y_1: uint256(0x0000000000000000000000000000000000274ff54e770ab182b2e720316fd2ac) }) }); return vk; diff --git a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol index 14f037feb00d..cfd1fee2edb1 100644 --- a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol @@ -14,113 +14,167 @@ library EcdsaHonkVerificationKey { circuitSize: uint256(65536), logCircuitSize: uint256(16), publicInputsSize: uint256(22), - ql: Honk.G1Point({ - x: uint256(0x0b1ba3c6f9a4f1a3cf19352d4f71e84c0d96d3f018ab1d9412ab8b5228a7fcb4), - y: uint256(0x01eecae3ab331ede4900e5a4379f5a7f749f7d557f7e9244a8788dcbeefdeaac) - }), - qr: Honk.G1Point({ - x: uint256(0x216f9151d1d3a9eca31fe53bc891de3a3846357a5468641c1cd753a84b4212b7), - y: uint256(0x1721f812b42d7603b7506a521bd914fc01317615962d864332f1dbded501945f) - }), - qo: Honk.G1Point({ - x: uint256(0x1c1a2b5b883d74fe4a2d2196b9d6f6c48b8e4ba68d925d02652ed319245e63a9), - y: uint256(0x0bba4329fd98752ef34e0882055e121f2ec66902040edebc1a09b6066dcfb4cc) - }), - q4: Honk.G1Point({ - x: uint256(0x2cc9e98963ea8e6850ff57f63d05464a1e7c5b12e60b2cc539bacede24d95412), - y: uint256(0x1db62d03078fc09b5117ee1f06e79082543de1af8b40c3a4d178acd934ca0ea6) - }), - qm: Honk.G1Point({ - x: uint256(0x1c4658e0e8f99be5efb07d4eb390bb8397affd826584bb6009e5a9aa6a3d91cb), - y: uint256(0x15128279efbbaa41dae946d8e4a2558e0a66704e69e6e418028dc80e714ffd1c) - }), - qc: Honk.G1Point({ - x: uint256(0x27b560bf92170548f734f317efe25719655a33263592b9802fa0191efd4a7b84), - y: uint256(0x29bf273e0787a8dd2c56866b35cb6868eedb591b40662402ddbfc18840a7a3c7) - }), - qArith: Honk.G1Point({ - x: uint256(0x1711742baa0601c5676eca03f383f77c66bd774db277812ea6bbbc54d70b36f2), - y: uint256(0x2e2a950d0b204dafcdda4ca762f3c476d8d535f834aacfaae135aeae1ce80462) - }), - qDeltaRange: Honk.G1Point({ - x: uint256(0x28f6bd7e67c74efa4e9403ca75d9d7e77f69192fee8013b4267d1e2d3f38c4fa), - y: uint256(0x062098dd085427b3ae08299aeb7c2a5ef5759cb7eaab9985b8291faa768f1173) - }), - qElliptic: Honk.G1Point({ - x: uint256(0x017d5c7d692859efe9a9e4b4112e998ea72d557665e806486d10973abdb4c176), - y: uint256(0x24101a2af3fb7507a074b8dbf6105d0d87a7bd97158b1699a5891b2cef2f611f) - }), - qAux: Honk.G1Point({ - x: uint256(0x1bb2e7b3f824d6146c0fc5594015b8c88af080bf005afbda8012403c7fd73fd7), - y: uint256(0x0f3b8455f2377bb1f98a5004a95262bab50529f74e48e0b97a410b1b0a55f9e7) - }), - qLookup: Honk.G1Point({ - x: uint256(0x148815ca04dbcfecb81c13d5339275f8b670d99a36d80115c6c632ad74e4bb2e), - y: uint256(0x158c91fa2cb7239b8ed4514762fdefe02bf610e31c09c1a7e483716d1c0079ea) - }), - qPoseidon2External: Honk.G1Point({ - x: uint256(0x0d5ae2cb4d426fcb5bc5794b03533ff5d0c8b795c703466f56680b03ae1efd9f), - y: uint256(0x0bc32183dd2fc2511060267bc5c2b9f70cc578479247de0a06af2fb2e6c4b31c) - }), - qPoseidon2Internal: Honk.G1Point({ - x: uint256(0x22e4a9db922afe802d936b35b7cf31829c5cab7f31f9d29d5075d27c2cea26d8), - y: uint256(0x01c423638068d41ae359957c84d4d0b4d5c43385c5294ade42d5eeb862ff56e9) - }), - s1: Honk.G1Point({ - x: uint256(0x027782ed1134884af611f8518ff6b4c93341395782c61a9284718a47544c5a54), - y: uint256(0x0c9d6cf52647dbdb2db16b1ed50ea72464a485ced4c324b65c54427b35c59656) - }), - s2: Honk.G1Point({ - x: uint256(0x01abcef6060f6f7fe81e2ffc57159b9dcee2ac8161c50b263bd385d1345d979f), - y: uint256(0x036ab6c18ecc604ce9b1ef9625bd974de2c8f667423c8f2ddb8e53b21e4d1e3e) - }), - s3: Honk.G1Point({ - x: uint256(0x1aba2c9d4dac137ed8b854296c0949a05b7d97861238d0114516db1b6453c67f), - y: uint256(0x063a6dedb8b85bd2c53b6287ae2571141ce1f6dd9d5208086b158afbff3fbd87) - }), - s4: Honk.G1Point({ - x: uint256(0x035dfcac45d686de1cf6dd6370fac43f8bf9f8570bcacbcb0c603f1887c71a50), - y: uint256(0x093aa2439d47d8d221a61bb1959b6baaa4a980c0e3e33efa470be3c0e61a9f39) - }), - t1: Honk.G1Point({ - x: uint256(0x0b7b8581cf25a963e5ab081785d7a70504db9b8b710bd019de5be4c980a6536e), - y: uint256(0x0c9c04b32d4d51cc162b703f571ad5748859b9133c961345d71273183f2a68b2) - }), - t2: Honk.G1Point({ - x: uint256(0x2d073920df90f0f98352d5bfc545f19e9622f5fa49d82300e5afb9acb6d030fd), - y: uint256(0x0cd29f3121acf9430707827d9b0805f991402d944261e1d648d9c08c7cec5475) - }), - t3: Honk.G1Point({ - x: uint256(0x1df7f08d004e38c6cc24155081bf68c1a6444b526bd98beea00feabc8ea337f9), - y: uint256(0x0471714279ef8a51213c70cb4fa89e73caf1ad84fa8c1447f41f6eb6bb897491) - }), - t4: Honk.G1Point({ - x: uint256(0x1d794f2aaa0524cb1d97c2ff125061a697ec693323edcff93f0e5a59bcd2101d), - y: uint256(0x1baa78d0546b9e189379cc5a85c90293b8c30eb1e6955e421866ef4454222a92) - }), - id1: Honk.G1Point({ - x: uint256(0x0de8b311de8c05690c3086ee185071c96f2fba2e479bd698b45e0b82d2dc04b9), - y: uint256(0x244ea8b34cfdb39c770e37b1658d17b5a4369418006bc9c1b0d3e15b90d7487f) - }), - id2: Honk.G1Point({ - x: uint256(0x0d75a68b1392b14f2150b288e68066e3418cbdbfd30eb8c2d9c689698f85be8c), - y: uint256(0x09a11258632fdf90eeaa26377fdb7efccd6ee64f502d6e2e5d52703e0c057940) - }), - id3: Honk.G1Point({ - x: uint256(0x1f0ea94b74cbb2a5e7a17527b6e39a77822fd4a6cf5517b9339689c3f4f9225b), - y: uint256(0x173c4f3859e1328f0c641c08cde97f2e69bc727f54170eb856e4e6cd4bac0fc6) - }), - id4: Honk.G1Point({ - x: uint256(0x20cfa1a8ee47b53fd27da5f27ed10427a6776c4aa6500b50910092fd158a67f9), - y: uint256(0x258c7d8943a53fdc2dc997858a229844c188458ce7535a16d5f6b73c4bdc94e2) - }), - lagrangeFirst: Honk.G1Point({ - x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), - y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002) - }), - lagrangeLast: Honk.G1Point({ - x: uint256(0x28f1a32f5393f11495a6ff549f8c63a1220210306b6cd2672be2754aa59cfed9), - y: uint256(0x153f104778115ee6def6ed6bac8530fe34bc7557a25b30e47be45f24c02e16de) + ql: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000004c0d96d3f018ab1d9412ab8b5228a7fcb4), + x_1: uint256(0x00000000000000000000000000000000000b1ba3c6f9a4f1a3cf19352d4f71e8), + y_0: uint256(0x0000000000000000000000000000007f749f7d557f7e9244a8788dcbeefdeaac), + y_1: uint256(0x000000000000000000000000000000000001eecae3ab331ede4900e5a4379f5a) + }), + qr: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000003a3846357a5468641c1cd753a84b4212b7), + x_1: uint256(0x0000000000000000000000000000000000216f9151d1d3a9eca31fe53bc891de), + y_0: uint256(0x000000000000000000000000000000fc01317615962d864332f1dbded501945f), + y_1: uint256(0x00000000000000000000000000000000001721f812b42d7603b7506a521bd914) + }), + qo: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c48b8e4ba68d925d02652ed319245e63a9), + x_1: uint256(0x00000000000000000000000000000000001c1a2b5b883d74fe4a2d2196b9d6f6), + y_0: uint256(0x0000000000000000000000000000001f2ec66902040edebc1a09b6066dcfb4cc), + y_1: uint256(0x00000000000000000000000000000000000bba4329fd98752ef34e0882055e12) + }), + q4: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000004a1e7c5b12e60b2cc539bacede24d95412), + x_1: uint256(0x00000000000000000000000000000000002cc9e98963ea8e6850ff57f63d0546), + y_0: uint256(0x00000000000000000000000000000082543de1af8b40c3a4d178acd934ca0ea6), + y_1: uint256(0x00000000000000000000000000000000001db62d03078fc09b5117ee1f06e790) + }), + qm: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000008397affd826584bb6009e5a9aa6a3d91cb), + x_1: uint256(0x00000000000000000000000000000000001c4658e0e8f99be5efb07d4eb390bb), + y_0: uint256(0x0000000000000000000000000000008e0a66704e69e6e418028dc80e714ffd1c), + y_1: uint256(0x000000000000000000000000000000000015128279efbbaa41dae946d8e4a255) + }), + qc: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000019655a33263592b9802fa0191efd4a7b84), + x_1: uint256(0x000000000000000000000000000000000027b560bf92170548f734f317efe257), + y_0: uint256(0x00000000000000000000000000000068eedb591b40662402ddbfc18840a7a3c7), + y_1: uint256(0x000000000000000000000000000000000029bf273e0787a8dd2c56866b35cb68) + }), + qArith: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000007c66bd774db277812ea6bbbc54d70b36f2), + x_1: uint256(0x00000000000000000000000000000000001711742baa0601c5676eca03f383f7), + y_0: uint256(0x00000000000000000000000000000076d8d535f834aacfaae135aeae1ce80462), + y_1: uint256(0x00000000000000000000000000000000002e2a950d0b204dafcdda4ca762f3c4) + }), + qDeltaRange: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000e77f69192fee8013b4267d1e2d3f38c4fa), + x_1: uint256(0x000000000000000000000000000000000028f6bd7e67c74efa4e9403ca75d9d7), + y_0: uint256(0x0000000000000000000000000000005ef5759cb7eaab9985b8291faa768f1173), + y_1: uint256(0x0000000000000000000000000000000000062098dd085427b3ae08299aeb7c2a) + }), + qElliptic: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000008ea72d557665e806486d10973abdb4c176), + x_1: uint256(0x0000000000000000000000000000000000017d5c7d692859efe9a9e4b4112e99), + y_0: uint256(0x0000000000000000000000000000000d87a7bd97158b1699a5891b2cef2f611f), + y_1: uint256(0x000000000000000000000000000000000024101a2af3fb7507a074b8dbf6105d) + }), + qAux: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c88af080bf005afbda8012403c7fd73fd7), + x_1: uint256(0x00000000000000000000000000000000001bb2e7b3f824d6146c0fc5594015b8), + y_0: uint256(0x000000000000000000000000000000bab50529f74e48e0b97a410b1b0a55f9e7), + y_1: uint256(0x00000000000000000000000000000000000f3b8455f2377bb1f98a5004a95262) + }), + qLookup: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000f8b670d99a36d80115c6c632ad74e4bb2e), + x_1: uint256(0x0000000000000000000000000000000000148815ca04dbcfecb81c13d5339275), + y_0: uint256(0x000000000000000000000000000000e02bf610e31c09c1a7e483716d1c0079ea), + y_1: uint256(0x0000000000000000000000000000000000158c91fa2cb7239b8ed4514762fdef) + }), + qPoseidon2External: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000f5d0c8b795c703466f56680b03ae1efd9f), + x_1: uint256(0x00000000000000000000000000000000000d5ae2cb4d426fcb5bc5794b03533f), + y_0: uint256(0x000000000000000000000000000000f70cc578479247de0a06af2fb2e6c4b31c), + y_1: uint256(0x00000000000000000000000000000000000bc32183dd2fc2511060267bc5c2b9) + }), + qPoseidon2Internal: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000829c5cab7f31f9d29d5075d27c2cea26d8), + x_1: uint256(0x000000000000000000000000000000000022e4a9db922afe802d936b35b7cf31), + y_0: uint256(0x000000000000000000000000000000b4d5c43385c5294ade42d5eeb862ff56e9), + y_1: uint256(0x000000000000000000000000000000000001c423638068d41ae359957c84d4d0) + }), + s1: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c93341395782c61a9284718a47544c5a54), + x_1: uint256(0x0000000000000000000000000000000000027782ed1134884af611f8518ff6b4), + y_0: uint256(0x0000000000000000000000000000002464a485ced4c324b65c54427b35c59656), + y_1: uint256(0x00000000000000000000000000000000000c9d6cf52647dbdb2db16b1ed50ea7) + }), + s2: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000009dcee2ac8161c50b263bd385d1345d979f), + x_1: uint256(0x000000000000000000000000000000000001abcef6060f6f7fe81e2ffc57159b), + y_0: uint256(0x0000000000000000000000000000004de2c8f667423c8f2ddb8e53b21e4d1e3e), + y_1: uint256(0x0000000000000000000000000000000000036ab6c18ecc604ce9b1ef9625bd97) + }), + s3: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000a05b7d97861238d0114516db1b6453c67f), + x_1: uint256(0x00000000000000000000000000000000001aba2c9d4dac137ed8b854296c0949), + y_0: uint256(0x000000000000000000000000000000141ce1f6dd9d5208086b158afbff3fbd87), + y_1: uint256(0x0000000000000000000000000000000000063a6dedb8b85bd2c53b6287ae2571) + }), + s4: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000003f8bf9f8570bcacbcb0c603f1887c71a50), + x_1: uint256(0x0000000000000000000000000000000000035dfcac45d686de1cf6dd6370fac4), + y_0: uint256(0x000000000000000000000000000000aaa4a980c0e3e33efa470be3c0e61a9f39), + y_1: uint256(0x0000000000000000000000000000000000093aa2439d47d8d221a61bb1959b6b) + }), + t1: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000000504db9b8b710bd019de5be4c980a6536e), + x_1: uint256(0x00000000000000000000000000000000000b7b8581cf25a963e5ab081785d7a7), + y_0: uint256(0x000000000000000000000000000000748859b9133c961345d71273183f2a68b2), + y_1: uint256(0x00000000000000000000000000000000000c9c04b32d4d51cc162b703f571ad5) + }), + t2: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000009e9622f5fa49d82300e5afb9acb6d030fd), + x_1: uint256(0x00000000000000000000000000000000002d073920df90f0f98352d5bfc545f1), + y_0: uint256(0x000000000000000000000000000000f991402d944261e1d648d9c08c7cec5475), + y_1: uint256(0x00000000000000000000000000000000000cd29f3121acf9430707827d9b0805) + }), + t3: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c1a6444b526bd98beea00feabc8ea337f9), + x_1: uint256(0x00000000000000000000000000000000001df7f08d004e38c6cc24155081bf68), + y_0: uint256(0x00000000000000000000000000000073caf1ad84fa8c1447f41f6eb6bb897491), + y_1: uint256(0x00000000000000000000000000000000000471714279ef8a51213c70cb4fa89e) + }), + t4: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000a697ec693323edcff93f0e5a59bcd2101d), + x_1: uint256(0x00000000000000000000000000000000001d794f2aaa0524cb1d97c2ff125061), + y_0: uint256(0x00000000000000000000000000000093b8c30eb1e6955e421866ef4454222a92), + y_1: uint256(0x00000000000000000000000000000000001baa78d0546b9e189379cc5a85c902) + }), + id1: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000c96f2fba2e479bd698b45e0b82d2dc04b9), + x_1: uint256(0x00000000000000000000000000000000000de8b311de8c05690c3086ee185071), + y_0: uint256(0x000000000000000000000000000000b5a4369418006bc9c1b0d3e15b90d7487f), + y_1: uint256(0x0000000000000000000000000000000000244ea8b34cfdb39c770e37b1658d17) + }), + id2: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000e3418cbdbfd30eb8c2d9c689698f85be8c), + x_1: uint256(0x00000000000000000000000000000000000d75a68b1392b14f2150b288e68066), + y_0: uint256(0x000000000000000000000000000000fccd6ee64f502d6e2e5d52703e0c057940), + y_1: uint256(0x000000000000000000000000000000000009a11258632fdf90eeaa26377fdb7e) + }), + id3: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000077822fd4a6cf5517b9339689c3f4f9225b), + x_1: uint256(0x00000000000000000000000000000000001f0ea94b74cbb2a5e7a17527b6e39a), + y_0: uint256(0x0000000000000000000000000000002e69bc727f54170eb856e4e6cd4bac0fc6), + y_1: uint256(0x0000000000000000000000000000000000173c4f3859e1328f0c641c08cde97f) + }), + id4: Honk.G1ProofPoint({ + x_0: uint256(0x00000000000000000000000000000027a6776c4aa6500b50910092fd158a67f9), + x_1: uint256(0x000000000000000000000000000000000020cfa1a8ee47b53fd27da5f27ed104), + y_0: uint256(0x00000000000000000000000000000044c188458ce7535a16d5f6b73c4bdc94e2), + y_1: uint256(0x0000000000000000000000000000000000258c7d8943a53fdc2dc997858a2298) + }), + lagrangeFirst: Honk.G1ProofPoint({ + x_0: uint256(0x0000000000000000000000000000000000000000000000000000000000000001), + x_1: uint256(0x0000000000000000000000000000000000000000000000000000000000000000), + y_0: uint256(0x0000000000000000000000000000000000000000000000000000000000000002), + y_1: uint256(0x0000000000000000000000000000000000000000000000000000000000000000) + }), + lagrangeLast: Honk.G1ProofPoint({ + x_0: uint256(0x000000000000000000000000000000a1220210306b6cd2672be2754aa59cfed9), + x_1: uint256(0x000000000000000000000000000000000028f1a32f5393f11495a6ff549f8c63), + y_0: uint256(0x000000000000000000000000000000fe34bc7557a25b30e47be45f24c02e16de), + y_1: uint256(0x0000000000000000000000000000000000153f104778115ee6def6ed6bac8530) }) }); return vk; diff --git a/barretenberg/sol/src/honk/utils.sol b/barretenberg/sol/src/honk/utils.sol index 6785d0ccdd26..339a5db2f933 100644 --- a/barretenberg/sol/src/honk/utils.sol +++ b/barretenberg/sol/src/honk/utils.sol @@ -22,7 +22,7 @@ function bytes32ToString(bytes32 value) pure returns (string memory result) { } function logG(string memory name, Honk.G1ProofPoint memory p) pure { - Honk.G1Point memory point = convertProofPoint(p); + Honk.G1Point memory point = convertFromProofPoint(p); // TODO: convert both to hex before printing to line up with cpp string memory x = bytes32ToString(bytes32(point.x)); @@ -70,7 +70,7 @@ function bytesToFr(bytes calldata proofSection) pure returns (Fr scalar) { // EC Point utilities -function convertProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory point) { +function convertFromProofPoint(Honk.G1ProofPoint memory input) pure returns (Honk.G1Point memory point) { point = Honk.G1Point({x: input.x_0 | (input.x_1 << 136), y: input.y_0 | (input.y_1 << 136)}); } diff --git a/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol b/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol deleted file mode 100644 index 1bbaed721670..000000000000 --- a/barretenberg/sol/src/ultra/instance/Add2UltraVerifier.sol +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2023 Aztec -pragma solidity >=0.8.4; - -import {Add2UltraVerificationKey as VK} from "../keys/Add2UltraVerificationKey.sol"; -import {BaseUltraVerifier as BASE} from "../BaseUltraVerifier.sol"; - -contract Add2UltraVerifier is BASE { - function getVerificationKeyHash() public pure override(BASE) returns (bytes32) { - return VK.verificationKeyHash(); - } - - function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); - } -} diff --git a/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol b/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol deleted file mode 100644 index 5442c999e16e..000000000000 --- a/barretenberg/sol/src/ultra/instance/BlakeUltraVerifier.sol +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2023 Aztec -pragma solidity >=0.8.4; - -import {BlakeUltraVerificationKey as VK} from "../keys/BlakeUltraVerificationKey.sol"; -import {BaseUltraVerifier as BASE} from "../BaseUltraVerifier.sol"; - -contract BlakeUltraVerifier is BASE { - function getVerificationKeyHash() public pure override(BASE) returns (bytes32) { - return VK.verificationKeyHash(); - } - - function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); - } -} diff --git a/barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol b/barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol deleted file mode 100644 index ed7bb8e58de7..000000000000 --- a/barretenberg/sol/src/ultra/instance/EcdsaUltraVerifier.sol +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2023 Aztec -pragma solidity >=0.8.4; - -import {EcdsaUltraVerificationKey as VK} from "../keys/EcdsaUltraVerificationKey.sol"; -import {BaseUltraVerifier as BASE} from "../BaseUltraVerifier.sol"; - -contract EcdsaUltraVerifier is BASE { - function getVerificationKeyHash() public pure override(BASE) returns (bytes32) { - return VK.verificationKeyHash(); - } - - function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); - } -} diff --git a/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol b/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol deleted file mode 100644 index f2147aada62d..000000000000 --- a/barretenberg/sol/src/ultra/instance/RecursiveUltraVerifier.sol +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2023 Aztec -pragma solidity >=0.8.4; - -import {RecursiveUltraVerificationKey as VK} from "../keys/RecursiveUltraVerificationKey.sol"; -import {BaseUltraVerifier as BASE} from "../BaseUltraVerifier.sol"; - -contract RecursiveUltraVerifier is BASE { - function getVerificationKeyHash() public pure override(BASE) returns (bytes32) { - return VK.verificationKeyHash(); - } - - function loadVerificationKey(uint256 vk, uint256 _omegaInverseLoc) internal pure virtual override(BASE) { - VK.loadVerificationKey(vk, _omegaInverseLoc); - } -} diff --git a/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol deleted file mode 100644 index 738834d9dd57..000000000000 --- a/barretenberg/sol/src/ultra/keys/Add2UltraVerificationKey.sol +++ /dev/null @@ -1,72 +0,0 @@ -// Verification Key Hash: 2b1afa4b18046b48c9bd91ee5364d66eea86b467a810ce1c85137567ee29055e -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -library Add2UltraVerificationKey { - function verificationKeyHash() internal pure returns (bytes32) { - return 0x2b1afa4b18046b48c9bd91ee5364d66eea86b467a810ce1c85137567ee29055e; - } - - function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { - assembly { - mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000000010) // vk.circuit_size - mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000003) // vk.num_inputs - mstore(add(_vk, 0x40), 0x21082ca216cbbf4e1c6e4f4594dd508c996dfbe1174efb98b11509c6e306460b) // vk.work_root - mstore(add(_vk, 0x60), 0x2d5e098bb31e86271ccb415b196942d755b0a9c3f21dd9882fa3d63ab1000001) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x0fe8527a8494f827e4b332060e5569bdfe47aadc475cb1f03b4d222b0804e463) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x2d051f6d8a9eec7ae2622b4b259fb91d942a8892632cffcdad4c03e2c9081593) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x21be04985f898ef5e2a80f32fbaa16cd3eb8c451c243db46144b97113c8e556a) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x2913bcdde62d6d2143aa6a0fed511ca527994df2cba6a780baa29dddac161de9) // vk.Q2.y - mstore(add(_vk, 0x100), 0x15bf0818d578953a624a127aa04d4b0aa1b09d3fe69b9a29e2546a41e9b08049) // vk.Q3.x - mstore(add(_vk, 0x120), 0x0148f0d2abf2ca1fe6cc20fdef0a8d4a88eb9602eaf48f0c1c02445c27cb9592) // vk.Q3.y - mstore(add(_vk, 0x140), 0x02d6fd9e84dbe74b7531e1801405a1c292117b1a17fefe9de0bfd9edf1a84bf9) // vk.Q4.x - mstore(add(_vk, 0x160), 0x293c6ab3c06a0669af13393a82c60a459a3b2a0b768da45ac7af7f2aec40fc42) // vk.Q4.y - mstore(add(_vk, 0x180), 0x2950076760523510abcfe90fa550b964e84b338f73af5222cdbbaefdacd4484e) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x2e4e3e272c7b78ad894559812d7766e05615a8f7050a43d7ed1367adf30a9319) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x1798c37010a4285e1774c1ad35779886380ee5ceee0ba183927e2a2103301a68) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x2935f9e4d47a8e39aa0107f31a84584b47d903cfeb9690f6d850dc8ea7d2f4ea) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x098b323500f8c381b835917c5c1d37ed97bb714cfcd6d1c0c104542258027a43) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x204b44959b11e5893ed6100e102ee04d63a72bdd4c94490e01ecbbe72e32d853) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x0ad34b5e8db72a5acf4427546c7294be6ed4f4d252a79059e505f9abc1bdf3ed) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x1e5b26790a26eb340217dd9ad28dbf90a049f42a3852acd45e6f521f24b4900e) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x155a0f51fec78c33ffceb7364d69d7ac27e570ae50bc180509764eb3fef94815) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x1c1c4720bed44a591d97cbc72b6e44b644999713a8d3c66e9054aa5726324c76) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x16ff3501369121d410b445929239ba057fe211dad1b706e49a3b55920fac20ec) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x1e190987ebd9cf480f608b82134a00eb8007673c1ed10b834a695adf0068522a) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x01d8b8ff3b1674e57a7d30ce1d9e07c686174c643eb20d38e604eec7095248a9) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x261015d69327a58810e6eb1052ed694914b7a89034e1334c50b9e70a161489b7) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x1987df111730a8a6a650423757dbf048f3f43860a7d24a5e2e8bd67b6931ca67) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x1fe074ff24b35d7830bec2a3fad7e53038ffb5e2a3f718a23660d68daffc2953) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x1995a6246a4cf48e66d1f4753d001b67712f57a94b364498c12b7048f162665f) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x0b09e4f696f8fcdae85a72b71cc2bc2be2be2960d4fa0078d79c32d21619bd5e) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x267b628499addfdfc2ff596957b0aa713baa1054a78cd80dcb0b588bfa209adf) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x119db2893b20259b419e53e6686f2fba9934c9e1af0ffa2ede920718eea14086) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x02c397073c8abce6d4140c9b961209dd783bff1a1cfc999bb29859cfb16c46fc) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x2b7bba2d1efffce0d033f596b4d030750599be670db593af86e1923fe8a1bb18) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x2c71c58b66498f903b3bbbda3d05ce8ffb571a4b3cf83533f3f71b99a04f6e6b) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x039dce37f94d1bbd97ccea32a224fe2afaefbcbd080c84dcea90b54f4e0a858f) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x27dc44977efe6b3746a290706f4f7275783c73cfe56847d848fd93b63bf32083) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x0a5366266dd7b71a10b356030226a2de0cbf2edc8f085b16d73652b15eced8f5) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x136097d79e1b0ae373255e8760c49900a7588ec4d6809c90bb451005a3de3077) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x13dd7515ccac4095302d204f06f0bff2595d77bdf72e4acdb0b0b43969860d98) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x0c40380c5013361cb7e57ed4591553791df4838037064da2b24cd3a7bd20b40e) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x0d86cca6e33b9d896c3ec46116eb0d80a5c849d10995938a71e4703090bc65f9) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x1e44194e60f0ab4ee0f77adc50f4220944f94301aa6da3016a226de04de52f4c) // vk.ID1.x - mstore(add(_vk, 0x560), 0x2a017d0d9f40d0aeb5c8152ffddec56c2c7bea37dfbd20be6bed19efd743397a) // vk.ID1.y - mstore(add(_vk, 0x580), 0x0868357b28039385c5a5058b6d358ebb29f26f9890d6cc6401f4921d5884edca) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x1060afe929554ca473103f5e68193c36fb6e229dde8edf7ec858b12d7e8be485) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x1953e657c2c941f0eb52e94a96b64a0152c7cc3baff59a345fd6ecd311f313af) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x08579320bf2aa71698b64152f1f3f4afe1873af96d6403dcaf56908dc78c6704) // vk.ID3.y - mstore(add(_vk, 0x600), 0x2eea648c8732596b1314fe2a4d2f05363f0c994e91cecad25835338edee2294f) // vk.ID4.x - mstore(add(_vk, 0x620), 0x0ab49886c2b94bd0bd3f6ed1dbbe2cb2671d2ae51d31c1210433c3972bb64578) // vk.ID4.y - mstore(add(_vk, 0x640), 0x00) // vk.contains_pairing_point_accumulator - mstore(add(_vk, 0x660), 0) // vk.pairing_point_accumulator_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 - mstore(_omegaInverseLoc, 0x02e40daf409556c02bfc85eb303402b774954d30aeb0337eb85a71e6373428de) // vk.work_root_inverse - } - } -} diff --git a/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol deleted file mode 100644 index acf48271a6d3..000000000000 --- a/barretenberg/sol/src/ultra/keys/BlakeUltraVerificationKey.sol +++ /dev/null @@ -1,72 +0,0 @@ -// Verification Key Hash: 484d44768cdfdabe6304384983e749273833301769c4b745b44a2572f9689b62 -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -library BlakeUltraVerificationKey { - function verificationKeyHash() internal pure returns (bytes32) { - return 0x484d44768cdfdabe6304384983e749273833301769c4b745b44a2572f9689b62; - } - - function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { - assembly { - mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000008000) // vk.circuit_size - mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000004) // vk.num_inputs - mstore(add(_vk, 0x40), 0x2d1ba66f5941dc91017171fa69ec2bd0022a2a2d4115a009a93458fd4e26ecfb) // vk.work_root - mstore(add(_vk, 0x60), 0x3063edaa444bddc677fcd515f614555a777997e0a9287d1e62bf6dd004d82001) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x22703f0804e127ca3a084222bea6ea437cfbb6f2bef6581817eeb6be4b83a6bf) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x2854b842cd7bf05afeb768c5f8e95b7b51fc42334c2e370f94b7e06b0e8a6faa) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x01b9ab9db48dcf1490197b002f8306f6400058fd707b912117fbf9defafaed38) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x159c02920661db84558f3ff397de7280e05c4032c338a0317bd6a36a5867d460) // vk.Q2.y - mstore(add(_vk, 0x100), 0x0c7bcbd9b06018c903394f7be92205dc28fade0e0b01789a26efa2d37068dfea) // vk.Q3.x - mstore(add(_vk, 0x120), 0x286bb4e38192fdf477cad8748e582982284bf46b17cb9101cfcd65180d8dd384) // vk.Q3.y - mstore(add(_vk, 0x140), 0x1445e7776943b45e9fade0e56f63665277911d10748b7d5aec6e51730d49b6ed) // vk.Q4.x - mstore(add(_vk, 0x160), 0x21470dba7fa9b659baf7691e03a896767ea29659154ccf758ff92727412a126c) // vk.Q4.y - mstore(add(_vk, 0x180), 0x1d8d78c44e9d05815dc4d85c0b9467f6a6b0c8959c1ad41c6aa30aeff9459626) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x22cd2d1ef4401b091c64a3bb10aa81f4c40ae66cdcfee409677f37b9276227e6) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x1a8d3d1c3a2c6382e522560c184f1dd2fc1ff8ec9eafdb8dd04037c3d862e5dd) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x2bc490fc2cbe9fdf87ce2e4404144a938577b4f059c2496c93f51b73fc825292) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x181f212f403b221c0805d11a8998bbf41ef81409ee3a019ae7775f39d692cee2) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x18bb52801779b80fbdb803cbb416bdfb20a286f62e43006c5f4bb430c0e0bbc2) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x00a76d339bdc6e030de531fc51322f06e35e0db2c71d02705cbc87497c1dcc86) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x12435124c05dc87a5aa6a57b7c213c0a3653f8cfe92a568a50d1e580ae73936d) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x2e76c4474fcb457db84fb273ccc10a4647a1a37444369f2f275bb74540f5e2d0) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x209035caddd02a78acd0ed617a85d782533bd142c6cad8e3338f3142b919c3a4) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x254c7c79f29e6f05184889d52a7c01375832d53ea8dd60b93162a5805d715657) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x23558713233600d8847c983db3c2771210aad83fc39e33f4821c4b483fe579c1) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x1b1751d2a40ad3926fc75524b92f198668630bcc50f9d9bca991b5a46400f301) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x011ab25916819ad44ab3b3a735ecc9f0bf837e600467017a3cb12c40842b57ef) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x1a0d27d21e4c23edee9346716d3f495951d1741f43da4871bd2674dfde8178bd) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x1dee5edf353bbeebde3c56137bf81e4bdccf1ae09c842a0ed85f17fd709daf53) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x2be8b6566855f9d4b42835780532cb76621459237d20536e0eb3bf76dadcd2c3) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x0188ecfe49edb152eff1ac0e4ce3747797a6cc2ec33ec7f253c563adda84a824) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x0dde6de09527d57a1b0d10f8390d3bc64db03719756733354638dd261ba22b16) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x159c9f851883d75654853022db92c0df214854759c6e19f03f6fd5f6869b8d18) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x2c9323a1f1a4497d7a2da4e7f051ae2bd3e79fa5129b9e839ed92e2724fa4dd4) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x1da5adafa0b2e605fae3a5b5f38f5320452c443e0cdbb9146847b621c6582595) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x049ad18a8303ae13fc27eb803bd1e4ab0843d7ea0c8da3e9de4069d7d124c35d) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x208d3a7f02e894bea3809a5a03f4d93fc4ffd3012ba21d785ebf6e29c79f84eb) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x008d6cbc3467442b0c8cfecb879705164b1a375d5b692c1a19968ad14ced51f1) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x01a4630460cf19d3744f57323ed8e95c711b1f35dc4be35136105afb64bca1be) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x2a32902c477f3c4e5d636886d58e6e92787d6835719aff2124de11661a931e5f) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x02bd52e022a279775cc203ef117ff464ce803b128e12d7d9e4906527ccc0d179) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x002158853758e7f671a63197c33f09025895ec819f33a69942ce3ad3874792c5) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x2c56d9309c085c8e74d2252c50dff9c735589e431073c699d16663c010c27f12) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x18f0be507e453236eecc41e29ba9e575027f2a22dc508ce0be79701ab0760328) // vk.ID1.x - mstore(add(_vk, 0x560), 0x2cc55fb77d81238a9659604ecbf38c322c3e93a25716b44e08877583c99eb52f) // vk.ID1.y - mstore(add(_vk, 0x580), 0x02fe9855b35527cf14bfeaba70ee83ff36db3ef35a549677ceb95076cf95f0b4) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x2987a64728505b1ec90f04ecf38b0f3bf18dbd50d379c686fe35ac2005932343) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x0559edf459c36c8579d3448de7897258db197c8e3e69e8d9cdc5ee13adeb1b06) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x27ee1775cd9f7a365f2f5d76aa37dd4f197ee8a90a846efddd84f0a255ddebed) // vk.ID3.y - mstore(add(_vk, 0x600), 0x0fa8737adffd19981969fe6891f2cf783a63277dd469a8f64805510c78f1ebbb) // vk.ID4.x - mstore(add(_vk, 0x620), 0x1d02caa8a2bc3aa1e96a61fcbe75298b9e365402cff9188cf942c3393331e1a8) // vk.ID4.y - mstore(add(_vk, 0x640), 0x00) // vk.contains_pairing_point_accumulator - mstore(add(_vk, 0x660), 0) // vk.pairing_point_accumulator_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 - mstore(_omegaInverseLoc, 0x05d33766e4590b3722701b6f2fa43d0dc3f028424d384e68c92a742fb2dbc0b4) // vk.work_root_inverse - } - } -} diff --git a/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol deleted file mode 100644 index eade8df5bb71..000000000000 --- a/barretenberg/sol/src/ultra/keys/EcdsaUltraVerificationKey.sol +++ /dev/null @@ -1,72 +0,0 @@ -// Verification Key Hash: 37fcec4c6e1b0c9ef70c6748a5470b831dfcd6a7edf2c0b3c93da820e970ad1f -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -library EcdsaUltraVerificationKey { - function verificationKeyHash() internal pure returns (bytes32) { - return 0x37fcec4c6e1b0c9ef70c6748a5470b831dfcd6a7edf2c0b3c93da820e970ad1f; - } - - function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { - assembly { - mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000010000) // vk.circuit_size - mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000006) // vk.num_inputs - mstore(add(_vk, 0x40), 0x00eeb2cb5981ed45649abebde081dcff16c8601de4347e7dd1628ba2daac43b7) // vk.work_root - mstore(add(_vk, 0x60), 0x30641e0e92bebef818268d663bcad6dbcfd6c0149170f6d7d350b1b1fa6c1001) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x127d24d9b09fc1b1f0eec08237d78f494823b68f98f6c54add2d546f3602eb78) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x21e2f58951fcbaddaca49a2dd9b0871ae869abc0acb1ddb0692c1c7156eb732e) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x000f94c8d22d4d269ccef01c530abb40e15ef1f0b50984bc6c23e18ad26a3b55) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x1ffd0066fa6b56620a801796301e1254aeb21a57fb04f09744c9c07fc7c9cf39) // vk.Q2.y - mstore(add(_vk, 0x100), 0x21fc447d92e2cdec17b0baa59ea124d53f08cd9d96942c44263f69782ce3d19d) // vk.Q3.x - mstore(add(_vk, 0x120), 0x22c0b37b1809b377a1df2620497cf07bb00600d23eaf2f5c75ab384ce78ec91b) // vk.Q3.y - mstore(add(_vk, 0x140), 0x20b558c41b97c7eb1e3727119e5e54cdbfdf65adbfede7b3ab667f850176f5ef) // vk.Q4.x - mstore(add(_vk, 0x160), 0x0bba2545e00fb835ec95520619d61dd73c644428fc56c10a2228efdc54358f16) // vk.Q4.y - mstore(add(_vk, 0x180), 0x246bf884877618acbd18c887a836c1641b0437cd4acc4c0ecf5628a2ba60d946) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x1beb69720bd0a1794cd55762b5627d6657f309677f121962ae5e919c0b8b0a27) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x24cc5a478a5ffd79cba3cbb6d2db878fc339abe56a63440384afb38ee0e95731) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x1e540a5249a2d3e326b0c9be362173e6a734afa900bac9859310ca018328e66a) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x13db96945a09894dddfa79d2b9f9e9e1eb6204065f662a17d7dbf6d257590d33) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x00d9af8f917935b1836f17dcdf1d44a1fa4e3655777f8ddca39905b38b80ab48) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x1a66842ed11152b8ccd1ffe548414be7dadbb956ae828c47cb32c449fb9a2a21) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x0b4304dfa9379f11f9387befd9522dde481e04d359a511e543b9c9fcfd4c8e70) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x2f213c7a4c064a63d6a07366df0ea85aef9ad2125a188c3e656f95471e416a0a) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x067a270bed55e72ffb3cfa39af3e5b8bcb4961d72bb301978af13c4ddc73e5df) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x27b10524a99f00d9c59cc15ff3b7dfc34975b6f18e06b9c6c3a6136bf3b56f32) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x071a9bf80d112c32482178ff02f855436cf6fb4b4376ef7e2f03381c2e6da379) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x11f8a90324450819709f17508ffaf140d17a949487af44e2f169c7371343411b) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x18db987ab3b02b830aace8661d0012170892e6b8f234d844f981e0c5b3e6e7c0) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x2df70bc7a4644eea4a21ff8e974eb3d624e311bc148b316fe25cd9486e9540ed) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x23e182a4495ff2abe1295260edaa7f3a205d8e4de69f783c7c66c0ba9859917b) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x10e03c5fc02493f4b37a58bfee7c6fa50bb3977477279a3f7623668e35305f75) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x2b2bc0c7955e6b99f93a62e2e1955a76d4bff3795985e9e70d64497052a93024) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x0c68404f1fb46097dfc1deabcaece7a47112489fd3cba333fd4ba985a4291b2d) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x186dd99ca6e71d8e125f30ea6c9d4093cc7bb4149fc9c50490618a0fc92ee7a3) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x1a55dc1a642e0833b27de2085de8a8bf1e54f3409fdf6d955eec6bf73ba3c93e) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x2bdf5828e5a0e064d777710204eec800295f987905043ac054acbc038ba0d0dd) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x03a621c8d74670ed1b06ddb06644a04b11e4d77148be631c5a1daba27625ec83) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x2b9287b3d040871b3f97a6b1f33024317ac9f86adfe80f75f27296b36bd333c4) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x1c233efa3cbfff821f0fe636f12451241dbee781de362da405cd2b08e06ac820) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x238cdd74317e34461f06d04474eaa3b08fbeaf42bebad8402b51f00c892df46f) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x08aa2e3e45c14179616cc69685e1bd257ce49503b425e0bdbf4010c7be859fbc) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x2fd83c0e339172d2315a24dfd4aad276e5e860f3849b111b62723febdb3ee286) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x171e700abccc3b9764a2d27e09b3208941a0b8ac7299c2580e6b24d56b6139a7) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x151a058305194c4e68972296ddda0fd23359c1aaeb864bf8e273bbd6405b9718) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x0b6d6d86b0a3e81f2f146f798e63d0ee99e4594fbd0a826910461ccae434bfd3) // vk.ID1.x - mstore(add(_vk, 0x560), 0x0f4bc8f33eb6afed895ab21c4c5c80c741b7565607280ec2fe4c4f2e70ea6e6e) // vk.ID1.y - mstore(add(_vk, 0x580), 0x03c52afd7bf4066c19ef0b9c4bbd5cd3edbeebcd8cfb9de47b3199c4888fdc31) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x20923fb0fd3790a6e995640b803825c0dec8bc7da64203e55c69b26efee636bd) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x2cbc9f464c22cdc38a834fdb3810d0e8d4d927dbcf55cdfee347895e838f5e03) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x23e178dd197bd1ea0db8b76d597fb7bc5a7ae675b1496b7ccaff0722489795c4) // vk.ID3.y - mstore(add(_vk, 0x600), 0x124c5ef3a8d659717f89077b3f814fe4a575ad77acce9953af915a64569e94a5) // vk.ID4.x - mstore(add(_vk, 0x620), 0x04733238e5caa04c7cd0d154988171f8ac3e492ef48ada642007220a4fdc4703) // vk.ID4.y - mstore(add(_vk, 0x640), 0x00) // vk.contains_pairing_point_accumulator - mstore(add(_vk, 0x660), 0) // vk.pairing_point_accumulator_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 - mstore(_omegaInverseLoc, 0x0b5d56b77fe704e8e92338c0082f37e091126414c830e4c6922d5ac802d842d4) // vk.work_root_inverse - } - } -} diff --git a/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol b/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol deleted file mode 100644 index 824c081a7f5f..000000000000 --- a/barretenberg/sol/src/ultra/keys/RecursiveUltraVerificationKey.sol +++ /dev/null @@ -1,72 +0,0 @@ -// Verification Key Hash: af56975120c2e6e836b563ea89a777665219e22bc94dfae5235b8ba6a26d2a09 -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -library RecursiveUltraVerificationKey { - function verificationKeyHash() internal pure returns (bytes32) { - return 0xaf56975120c2e6e836b563ea89a777665219e22bc94dfae5235b8ba6a26d2a09; - } - - function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure { - assembly { - mstore(add(_vk, 0x00), 0x0000000000000000000000000000000000000000000000000000000000080000) // vk.circuit_size - mstore(add(_vk, 0x20), 0x0000000000000000000000000000000000000000000000000000000000000010) // vk.num_inputs - mstore(add(_vk, 0x40), 0x2260e724844bca5251829353968e4915305258418357473a5c1d597f613f6cbd) // vk.work_root - mstore(add(_vk, 0x60), 0x3064486657634403844b0eac78ca882cfd284341fcb0615a15cfcd17b14d8201) // vk.domain_inverse - mstore(add(_vk, 0x80), 0x272fae13335cda7794aeee75c0d41e52cc626b07106135805edc8538ab41f6e8) // vk.Q1.x - mstore(add(_vk, 0xa0), 0x266e1501fe1a3d602bbfb1bd408ac9b329686552d0578d8fa1a7d37444632eed) // vk.Q1.y - mstore(add(_vk, 0xc0), 0x24800dd2d472844c3afd10284239c30707c9eb16192a65ab28eb79f59aff2943) // vk.Q2.x - mstore(add(_vk, 0xe0), 0x2ae2c84daa90e63075555a436f030a9d8ae62780ec3b2a5f568627a214e53994) // vk.Q2.y - mstore(add(_vk, 0x100), 0x08f06401b2675f98dedcd0e229a0820f28219e8c08b5699d38c44ce5028902ea) // vk.Q3.x - mstore(add(_vk, 0x120), 0x070aa0dfbe2c73bcc7a252a0c38e319566f4ccb7d0d390b6f797c38e01b6b531) // vk.Q3.y - mstore(add(_vk, 0x140), 0x263ae74168ef8ec0dad9bb40eb8fb361257d6bc121a1df16dfa850fd37e5f404) // vk.Q4.x - mstore(add(_vk, 0x160), 0x1a52c08c1c2175c770e84fedb9a066d067f71cd504ad61b1a7fc9132b81fb0fe) // vk.Q4.y - mstore(add(_vk, 0x180), 0x0c58cc73652fce88673f2a082242463bdb3d62f6f5ae646f18c59e31fc0292a8) // vk.Q_M.x - mstore(add(_vk, 0x1a0), 0x01e29d9a70aa39190f265d6f6ede53720ed16160713b485b5c307842c3f2339c) // vk.Q_M.y - mstore(add(_vk, 0x1c0), 0x30447104bc7eaf34835557b8412d1220076eec127c7277d7d144d05ee10a4c82) // vk.Q_C.x - mstore(add(_vk, 0x1e0), 0x0990dafa12cf826c986537955e488e025f11674b56dd87e543f532d80b529b75) // vk.Q_C.y - mstore(add(_vk, 0x200), 0x1ae04aa3fc4f2ee6afa525cbd6502819eb3e7572b59363323cc978af71eeb25b) // vk.Q_ARITHMETIC.x - mstore(add(_vk, 0x220), 0x3031230737a7dad62b9fd25b9b9eb2a8f386bcbb2bde2f67e678dfd718deef7b) // vk.Q_ARITHMETIC.y - mstore(add(_vk, 0x240), 0x070799795a4b36746d6bac7b3248a9f80dd83ae93c1d1108b621f869b78542ff) // vk.QSORT.x - mstore(add(_vk, 0x260), 0x2acc6c19c519877bdf4f8f759b8f5c82dc6ff3790445120840418f782fe458d4) // vk.QSORT.y - mstore(add(_vk, 0x280), 0x21f55b7e9b4c5cbf21301019074c0a0eab41c8e637f8787e72f9f745c6979b3c) // vk.Q_ELLIPTIC.x - mstore(add(_vk, 0x2a0), 0x02e336c35d840241a188ffc7ad2c687f16ddd91356e9db9cc470af08db1ef180) // vk.Q_ELLIPTIC.y - mstore(add(_vk, 0x2c0), 0x00b7eec617e68065a1071a17d8e92cf99add525ec3fc6f5823c3907c4ffd99f0) // vk.Q_AUX.x - mstore(add(_vk, 0x2e0), 0x2d9f0066732a3c01f1cd02f728f0a812dc501e14cf04cfeaffc21c1a3022b33e) // vk.Q_AUX.y - mstore(add(_vk, 0x300), 0x20fa82863a6691e5e1d8b2b76fc7ea07fa5a91e81c313034a0baf1c059f16ed8) // vk.SIGMA1.x - mstore(add(_vk, 0x320), 0x0b293e34397d00906293da08044b03d3923213ecb97932f1a7b693d7be591d26) // vk.SIGMA1.y - mstore(add(_vk, 0x340), 0x09c74bb84de88d366afe6926889f5e60c6405fa393dbf3e65ac0405b8dc09162) // vk.SIGMA2.x - mstore(add(_vk, 0x360), 0x235f8afe67a54eeb1b507a933e8f6602a18722258f69b811d5f10d2bdc67e40a) // vk.SIGMA2.y - mstore(add(_vk, 0x380), 0x24d36ac3e040bba91e88393b6d87b98bd839aa4e72c4fe82f151a547220cdb87) // vk.SIGMA3.x - mstore(add(_vk, 0x3a0), 0x2e19a2cf0df47c94ea8f443eaf781ab325a3a31f53c2cd47158b96cab77b4c26) // vk.SIGMA3.y - mstore(add(_vk, 0x3c0), 0x299b063fd348d02720572abe377ec7267d5317a37201c1f9b79c8c6ee8597b97) // vk.SIGMA4.x - mstore(add(_vk, 0x3e0), 0x04dd6ccd06bf4c458c06f0a839a703c76bf2c809a2b2df3f37227e2e345a47fc) // vk.SIGMA4.y - mstore(add(_vk, 0x400), 0x11c514df4405308bdface3553201db9535ce40f1cceb593355737a2c0e1809c4) // vk.TABLE1.x - mstore(add(_vk, 0x420), 0x23730ae1d6b51c53e9f341638ad156f217277de48f9cc50a19f4399a50e7c9b1) // vk.TABLE1.y - mstore(add(_vk, 0x440), 0x14a7d7dd7a61a9fee9df1579e5c7a497f363ef06b373eaeef19745008e808935) // vk.TABLE2.x - mstore(add(_vk, 0x460), 0x12b20d74592a31252375201ad5cfb6b91ada920288c6211aa61745cb1827142f) // vk.TABLE2.y - mstore(add(_vk, 0x480), 0x0de228c86fdaae2337277757704862abc3968ebcdf3c66a4b4fe0e1452b04cfe) // vk.TABLE3.x - mstore(add(_vk, 0x4a0), 0x2c01fc8d1605cdd5325bee69dd0a869cf94f6a48f0f322b16ac00dd1f58165d0) // vk.TABLE3.y - mstore(add(_vk, 0x4c0), 0x1b3600e51a06913d585471e94f198abe613a4b6194247a3233c7a26b6fdb5447) // vk.TABLE4.x - mstore(add(_vk, 0x4e0), 0x15eb45af241222240bc8446a0410ff960dd88b8d9720bc13e8eb57be89be891b) // vk.TABLE4.y - mstore(add(_vk, 0x500), 0x0221ee1e654253fcaa3ffdd7ccca0cce2c8c25bd391e4a6f26fe21f15853a06f) // vk.TABLE_TYPE.x - mstore(add(_vk, 0x520), 0x29c6259ed3ff4e54d067340ec91ec5185f741622fb2a0a5432f06777f6158fdb) // vk.TABLE_TYPE.y - mstore(add(_vk, 0x540), 0x2611a5db278d94912ccee81a829f45895a7444c2d084506d0d1f0ecdfccdc758) // vk.ID1.x - mstore(add(_vk, 0x560), 0x0134f8df4f1f8b8058266bb3f83b001810fd520577fbdbb738dae189be463b05) // vk.ID1.y - mstore(add(_vk, 0x580), 0x09cf92cea1bef8594f4c76cc9ef8a05b05310cce7863ad5fc25ceddfc70e3d31) // vk.ID2.x - mstore(add(_vk, 0x5a0), 0x2e1ffaf9dcceb1d647c48f30083ec38a2cf10f90c972762a552a939dbcd9a0be) // vk.ID2.y - mstore(add(_vk, 0x5c0), 0x0edaab035bd27f0f4b32aee13aa3177ddaabede322c351d0372a5d34eaa02bcb) // vk.ID3.x - mstore(add(_vk, 0x5e0), 0x17f7c240033409c394ae8c3b0fde30166e005566108852aec3b32206b96a68dc) // vk.ID3.y - mstore(add(_vk, 0x600), 0x1b032411cf6636fb43b3dfa8960a2aee106cea208de111f4d512cd88d640fe79) // vk.ID4.x - mstore(add(_vk, 0x620), 0x11e4ec47b80d1ee3c51058086e553098c2959807e0ec3365e848214a8cd4e05b) // vk.ID4.y - mstore(add(_vk, 0x640), 0x01) // vk.contains_pairing_point_accumulator - mstore(add(_vk, 0x660), 0) // vk.pairing_point_accumulator_public_input_indices - mstore(add(_vk, 0x680), 0x260e01b251f6f1c7e7ff4e580791dee8ea51d87a358e038b4efe30fac09383c1) // vk.g2_x.X.c1 - mstore(add(_vk, 0x6a0), 0x0118c4d5b837bcc2bc89b5b398b5974e9f5944073b32078b7e231fec938883b0) // vk.g2_x.X.c0 - mstore(add(_vk, 0x6c0), 0x04fc6369f7110fe3d25156c1bb9a72859cf2a04641f99ba4ee413c80da6a5fe4) // vk.g2_x.Y.c1 - mstore(add(_vk, 0x6e0), 0x22febda3c0c0632a56475b4214e5615e11e6dd3f96e6cea2854a87d4dacc5e55) // vk.g2_x.Y.c0 - mstore(_omegaInverseLoc, 0x06e402c0a314fb67a15cf806664ae1b722dbc0efe66e6c81d98f9924ca535321) // vk.work_root_inverse - } - } -} diff --git a/barretenberg/sol/test/ultra/Add2.t.sol b/barretenberg/sol/test/ultra/Add2.t.sol deleted file mode 100644 index da4bf6710dba..000000000000 --- a/barretenberg/sol/test/ultra/Add2.t.sol +++ /dev/null @@ -1,40 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -import {TestBaseUltra} from "./TestBaseUltra.sol"; -import {Add2UltraVerifier} from "../../src/ultra/instance/Add2UltraVerifier.sol"; -import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; -import {IVerifier} from "../../src/interfaces/IVerifier.sol"; - -contract Add2UltraTest is TestBaseUltra { - function setUp() public override(TestBaseUltra) { - super.setUp(); - - verifier = IVerifier(address(new Add2UltraVerifier())); - fuzzer = fuzzer.with_circuit_type(DifferentialFuzzer.CircuitType.Add2); - - PUBLIC_INPUT_COUNT = 3; - - // Add default inputs to the fuzzer (we will override these in fuzz test) - uint256[] memory defaultInputs = new uint256[](3); - defaultInputs[0] = 5; - defaultInputs[1] = 10; - defaultInputs[2] = 15; - - fuzzer = fuzzer.with_inputs(defaultInputs); - } - - function testFuzzProof(uint16 input1, uint16 input2) public { - uint256[] memory inputs = new uint256[](3); - inputs[0] = uint256(input1); - inputs[1] = uint256(input2); - inputs[2] = inputs[0] + inputs[1]; - - bytes memory proofData = fuzzer.with_inputs(inputs).generate_proof(); - - (bytes32[] memory publicInputs, bytes memory proof) = splitProof(proofData, PUBLIC_INPUT_COUNT); - - assertTrue(verifier.verify(proof, publicInputs), "The proof is not valid"); - } -} diff --git a/barretenberg/sol/test/ultra/Blake.t.sol b/barretenberg/sol/test/ultra/Blake.t.sol deleted file mode 100644 index d5ec81d7b53f..000000000000 --- a/barretenberg/sol/test/ultra/Blake.t.sol +++ /dev/null @@ -1,42 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -import {TestBaseUltra} from "./TestBaseUltra.sol"; -import {BlakeUltraVerifier} from "../../src/ultra/instance/BlakeUltraVerifier.sol"; -import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; -import {IVerifier} from "../../src/interfaces/IVerifier.sol"; - -contract BlakeUltraTest is TestBaseUltra { - function setUp() public override(TestBaseUltra) { - super.setUp(); - - verifier = IVerifier(address(new BlakeUltraVerifier())); - fuzzer = fuzzer.with_circuit_type(DifferentialFuzzer.CircuitType.Blake); - - PUBLIC_INPUT_COUNT = 4; - - // Add default inputs to the fuzzer (we will override these in fuzz test) - uint256[] memory defaultInputs = new uint256[](4); - defaultInputs[0] = 1; - defaultInputs[1] = 2; - defaultInputs[2] = 3; - defaultInputs[3] = 4; - - fuzzer = fuzzer.with_inputs(defaultInputs); - } - - function testFuzzProof(uint256 input1, uint256 input2, uint256 input3, uint256 input4) public { - uint256[] memory inputs = new uint256[](4); - inputs[0] = input1; - inputs[1] = input2; - inputs[2] = input3; - inputs[3] = input4; - - bytes memory proofData = fuzzer.with_inputs(inputs).generate_proof(); - - (bytes32[] memory publicInputs, bytes memory proof) = splitProof(proofData, PUBLIC_INPUT_COUNT); - - assertTrue(verifier.verify(proof, publicInputs), "The proof is not valid"); - } -} diff --git a/barretenberg/sol/test/ultra/ECDSA.t.sol b/barretenberg/sol/test/ultra/ECDSA.t.sol deleted file mode 100644 index 328519c50e76..000000000000 --- a/barretenberg/sol/test/ultra/ECDSA.t.sol +++ /dev/null @@ -1,49 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -import {TestBaseUltra} from "./TestBaseUltra.sol"; -import {EcdsaUltraVerifier} from "../../src/ultra/instance/EcdsaUltraVerifier.sol"; -import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; -import {IVerifier} from "../../src/interfaces/IVerifier.sol"; - -contract EcdsaUltraTest is TestBaseUltra { - function setUp() public override(TestBaseUltra) { - super.setUp(); - - verifier = IVerifier(address(new EcdsaUltraVerifier())); - fuzzer = fuzzer.with_circuit_type(DifferentialFuzzer.CircuitType.Ecdsa); - - PUBLIC_INPUT_COUNT = 6; - - // Add default inputs to the fuzzer (we will override these in fuzz test) - uint256[] memory inputs = new uint256[](6); - inputs[0] = uint256(0x67); - inputs[1] = uint256(0x6f); - inputs[2] = uint256(0x62); - inputs[3] = uint256(0x6c); - inputs[4] = uint256(0x69); - inputs[5] = uint256(0x6e); - - fuzzer = fuzzer.with_inputs(inputs); - } - - function testFuzzProof() public { - // NOTE we do not fuzz here yet - // "goblin" - // 67 6f 62 6c 69 6e - uint256[] memory inputs = new uint256[](6); - inputs[0] = uint256(0x67); - inputs[1] = uint256(0x6f); - inputs[2] = uint256(0x62); - inputs[3] = uint256(0x6c); - inputs[4] = uint256(0x69); - inputs[5] = uint256(0x6e); - - // Construct Ecdsa siganture - bytes memory proofData = fuzzer.with_inputs(inputs).generate_proof(); - (bytes32[] memory publicInputs, bytes memory proof) = splitProof(proofData, PUBLIC_INPUT_COUNT); - - assertTrue(verifier.verify(proof, publicInputs), "The proof is not valid"); - } -} diff --git a/barretenberg/sol/test/ultra/Recursive.t.sol b/barretenberg/sol/test/ultra/Recursive.t.sol deleted file mode 100644 index ba29c39c423a..000000000000 --- a/barretenberg/sol/test/ultra/Recursive.t.sol +++ /dev/null @@ -1,40 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2022 Aztec -pragma solidity >=0.8.4; - -import {TestBaseUltra} from "./TestBaseUltra.sol"; -import {RecursiveUltraVerifier} from "../../src/ultra/instance/RecursiveUltraVerifier.sol"; -import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; -import {IVerifier} from "../../src/interfaces/IVerifier.sol"; - -contract RecursiveUltraTest is TestBaseUltra { - function setUp() public override(TestBaseUltra) { - super.setUp(); - - verifier = IVerifier(address(new RecursiveUltraVerifier())); - fuzzer = fuzzer.with_circuit_type(DifferentialFuzzer.CircuitType.Recursive); - - PUBLIC_INPUT_COUNT = 0; - - // Add default inputs to the fuzzer (we will override these in fuzz test) - uint256[] memory defaultInputs = new uint256[](3); - defaultInputs[0] = 5; - defaultInputs[1] = 10; - defaultInputs[2] = 15; - - fuzzer = fuzzer.with_inputs(defaultInputs); - } - - function testFuzzProof(uint16 input1, uint16 input2) public { - uint256[] memory inputs = new uint256[](3); - inputs[0] = uint256(input1); - inputs[1] = uint256(input2); - inputs[2] = inputs[0] + inputs[1]; - - bytes memory proofData = fuzzer.with_inputs(inputs).generate_proof(); - - (bytes32[] memory publicInputs, bytes memory proof) = splitProof(proofData, PUBLIC_INPUT_COUNT); - - assertTrue(verifier.verify(proof, publicInputs), "The proof is not valid"); - } -} diff --git a/barretenberg/sol/test/ultra/TestBaseUltra.sol b/barretenberg/sol/test/ultra/TestBaseUltra.sol deleted file mode 100644 index 4d0a64aa1efa..000000000000 --- a/barretenberg/sol/test/ultra/TestBaseUltra.sol +++ /dev/null @@ -1,22 +0,0 @@ -// SPDX-License-Identifier: UNLICENSED -pragma solidity ^0.8.13; - -import {TestBase} from "../base/TestBase.sol"; -import {DifferentialFuzzer} from "../base/DifferentialFuzzer.sol"; -import {IVerifier} from "../../src/interfaces/IVerifier.sol"; - -contract TestBaseUltra is TestBase { - IVerifier public verifier; - DifferentialFuzzer public fuzzer; - uint256 public PUBLIC_INPUT_COUNT; - - function setUp() public virtual { - fuzzer = new DifferentialFuzzer().with_flavor(DifferentialFuzzer.Flavor.Ultra); - } - - function testValidProof() public { - bytes memory proofData = fuzzer.generate_proof(); - (bytes32[] memory publicInputs, bytes memory proof) = splitProof(proofData, PUBLIC_INPUT_COUNT); - assertTrue(verifier.verify(proof, publicInputs), "The proof is not valid"); - } -}