From 8ea60d69c032d49bcfcb52392d817ecfdd92c2dd Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 26 Jul 2025 19:36:37 +0000 Subject: [PATCH 01/11] feat(sol): vk hashing --- .../cpp/src/barretenberg/flavor/flavor.hpp | 4 +- .../flavor/ultra_keccak_flavor.hpp | 13 ++--- .../barretenberg/honk/utils/honk_key_gen.hpp | 1 + .../barretenberg/transcript/transcript.hpp | 3 ++ .../sol/src/honk/BaseHonkVerifier.sol | 4 +- .../sol/src/honk/BaseZKHonkVerifier.sol | 2 +- barretenberg/sol/src/honk/HonkTypes.sol | 2 + barretenberg/sol/src/honk/Transcript.sol | 54 +++++++++---------- barretenberg/sol/src/honk/ZKTranscript.sol | 52 +++++++++--------- .../src/honk/keys/Add2HonkVerificationKey.sol | 5 +- .../honk/keys/BlakeHonkVerificationKey.sol | 5 +- .../honk/keys/EcdsaHonkVerificationKey.sol | 5 +- .../keys/RecursiveHonkVerificationKey.sol | 5 +- 13 files changed, 75 insertions(+), 80 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 85261fce212e..7d2adc636582 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -197,9 +197,9 @@ class NativeVerificationKey_ : public PrecomputedCommitments { * @details Currently only used in testing. * @return FF */ - fr hash() + fr hash() const { - fr vk_hash = crypto::Poseidon2::hash(this->to_field_elements()); + fr vk_hash = Transcript::hash(this->to_field_elements()); return vk_hash; } diff --git a/barretenberg/cpp/src/barretenberg/flavor/ultra_keccak_flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/ultra_keccak_flavor.hpp index 4ac708d94c3c..fe838b16dc12 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/ultra_keccak_flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/ultra_keccak_flavor.hpp @@ -76,14 +76,11 @@ class UltraKeccakFlavor : public bb::UltraFlavor { */ fr add_hash_to_transcript(const std::string& domain_separator, Transcript& transcript) const override { - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1427): We need to update this function to look - // like UltraFlavor's add_hash_to_transcript. Alternatively, the VerificationKey class will go away when we - // add pairing point aggregation to the solidity verifier. - uint64_t circuit_size = 1 << this->log_circuit_size; - transcript.add_to_hash_buffer(domain_separator + "vk_log_circuit_size", circuit_size); - transcript.add_to_hash_buffer(domain_separator + "vk_num_public_inputs", this->num_public_inputs); - transcript.add_to_hash_buffer(domain_separator + "vk_pub_inputs_offset", this->pub_inputs_offset); - return 0; + // This hash contains a hash of the entire vk - including all of the elements + const fr hash = this->hash(); + + transcript.add_to_hash_buffer(domain_separator + "vk_hash", hash); + return hash; } // Don't statically check for object completeness. diff --git a/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp b/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp index a26c0576c496..98ac4428142e 100644 --- a/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp @@ -74,6 +74,7 @@ inline void output_vk_sol_ultra_honk(std::ostream& os, print_u256(1 << key->log_circuit_size, "circuitSize"); print_u256(key->log_circuit_size, "logCircuitSize"); print_u256(key->num_public_inputs, "publicInputsSize"); + print_u256(key->hash(), "vkHash"); print_g1(key->q_l, "ql"); print_g1(key->q_r, "qr"); print_g1(key->q_o, "qo"); diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index 29cf828a63ca..b9a3f65cfe8b 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -330,6 +330,9 @@ template class BaseTranscript { */ void enable_manifest() { use_manifest = true; } + // TODO: doc + static Fr hash(const std::vector& data) { return TranscriptParams::hash(data); } + /** * @brief After all the prover messages have been sent, finalize the round by hashing all the data and then * create the number of requested challenges. diff --git a/barretenberg/sol/src/honk/BaseHonkVerifier.sol b/barretenberg/sol/src/honk/BaseHonkVerifier.sol index 825461e1e040..c3c722bd32fe 100644 --- a/barretenberg/sol/src/honk/BaseHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseHonkVerifier.sol @@ -65,9 +65,7 @@ abstract contract BaseHonkVerifier is IVerifier { // Generate the fiat shamir challenges for the whole protocol // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. - Transcript memory t = TranscriptLib.generateTranscript( - p, publicInputs, vk.circuitSize, $NUM_PUBLIC_INPUTS, /*pubInputsOffset=*/ 1 - ); + Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS); // Derive public input delta // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. diff --git a/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol b/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol index dc5c5d918de5..f89ad31fcdca 100644 --- a/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol @@ -74,7 +74,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { // Generate the fiat shamir challenges for the whole protocol // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. ZKTranscript memory t = ZKTranscriptLib.generateTranscript( - p, publicInputs, vk.circuitSize, $NUM_PUBLIC_INPUTS, /*pubInputsOffset=*/ 1 + p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS ); // Derive public input delta diff --git a/barretenberg/sol/src/honk/HonkTypes.sol b/barretenberg/sol/src/honk/HonkTypes.sol index fa89fc128068..7f108ab19ddd 100644 --- a/barretenberg/sol/src/honk/HonkTypes.sol +++ b/barretenberg/sol/src/honk/HonkTypes.sol @@ -76,6 +76,8 @@ library Honk { } struct VerificationKey { + // Hash of all of the field elements in the verification key + uint256 vkHash; // Misc Params uint256 circuitSize; uint256 logCircuitSize; diff --git a/barretenberg/sol/src/honk/Transcript.sol b/barretenberg/sol/src/honk/Transcript.sol index d2ae68337637..b2efd122bfa5 100644 --- a/barretenberg/sol/src/honk/Transcript.sol +++ b/barretenberg/sol/src/honk/Transcript.sol @@ -31,14 +31,12 @@ library TranscriptLib { function generateTranscript( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) internal pure returns (Transcript memory t) { Fr previousChallenge; - (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset, previousChallenge - ); + (t.relationParameters, previousChallenge) = + generateRelationParametersChallenges(proof, publicInputs, vkHash, publicInputsSize, previousChallenge); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -68,13 +66,12 @@ library TranscriptLib { function generateRelationParametersChallenges( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, + uint256 vkHash, uint256 publicInputsSize, - uint256 pubInputsOffset, Fr previousChallenge ) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) { (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = - generateEtaChallenge(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset); + generateEtaChallenge(proof, publicInputs, vkHash, publicInputsSize); (rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaAndGammaChallenges(previousChallenge, proof); } @@ -82,36 +79,33 @@ library TranscriptLib { function generateEtaChallenge( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) internal pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { - bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); - round0[0] = bytes32(circuitSize); - round0[1] = bytes32(publicInputsSize); - round0[2] = bytes32(pubInputsOffset); + bytes32[] memory round0 = new bytes32[](1 + publicInputsSize + 12); + round0[0] = bytes32(vkHash); for (uint256 i = 0; i < publicInputsSize - PAIRING_POINTS_SIZE; i++) { - round0[3 + i] = bytes32(publicInputs[i]); + round0[1 + i] = bytes32(publicInputs[i]); } for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { - round0[3 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); + round0[1 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); } // Create the first challenge // Note: w4 is added to the challenge later on - round0[3 + publicInputsSize] = bytes32(proof.w1.x_0); - round0[3 + publicInputsSize + 1] = bytes32(proof.w1.x_1); - round0[3 + publicInputsSize + 2] = bytes32(proof.w1.y_0); - round0[3 + publicInputsSize + 3] = bytes32(proof.w1.y_1); - round0[3 + publicInputsSize + 4] = bytes32(proof.w2.x_0); - round0[3 + publicInputsSize + 5] = bytes32(proof.w2.x_1); - round0[3 + publicInputsSize + 6] = bytes32(proof.w2.y_0); - round0[3 + publicInputsSize + 7] = bytes32(proof.w2.y_1); - round0[3 + publicInputsSize + 8] = bytes32(proof.w3.x_0); - round0[3 + publicInputsSize + 9] = bytes32(proof.w3.x_1); - round0[3 + publicInputsSize + 10] = bytes32(proof.w3.y_0); - round0[3 + publicInputsSize + 11] = bytes32(proof.w3.y_1); + round0[1 + publicInputsSize] = bytes32(proof.w1.x_0); + round0[1 + publicInputsSize + 1] = bytes32(proof.w1.x_1); + round0[1 + publicInputsSize + 2] = bytes32(proof.w1.y_0); + round0[1 + publicInputsSize + 3] = bytes32(proof.w1.y_1); + round0[1 + publicInputsSize + 4] = bytes32(proof.w2.x_0); + round0[1 + publicInputsSize + 5] = bytes32(proof.w2.x_1); + round0[1 + publicInputsSize + 6] = bytes32(proof.w2.y_0); + round0[1 + publicInputsSize + 7] = bytes32(proof.w2.y_1); + round0[1 + publicInputsSize + 8] = bytes32(proof.w3.x_0); + round0[1 + publicInputsSize + 9] = bytes32(proof.w3.x_1); + round0[1 + publicInputsSize + 10] = bytes32(proof.w3.y_0); + round0[1 + publicInputsSize + 11] = bytes32(proof.w3.y_1); previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0))); (eta, etaTwo) = splitChallenge(previousChallenge); diff --git a/barretenberg/sol/src/honk/ZKTranscript.sol b/barretenberg/sol/src/honk/ZKTranscript.sol index 3cb35deb8bee..70f16994e541 100644 --- a/barretenberg/sol/src/honk/ZKTranscript.sol +++ b/barretenberg/sol/src/honk/ZKTranscript.sol @@ -33,13 +33,12 @@ library ZKTranscriptLib { function generateTranscript( Honk.ZKProof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) external pure returns (ZKTranscript memory t) { Fr previousChallenge; (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset, previousChallenge + proof, publicInputs, vkHash, publicInputsSize, previousChallenge ); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -69,13 +68,12 @@ library ZKTranscriptLib { function generateRelationParametersChallenges( Honk.ZKProof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, + uint256 vkHash, uint256 publicInputsSize, - uint256 pubInputsOffset, Fr previousChallenge ) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) { (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = - generateEtaChallenge(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset); + generateEtaChallenge(proof, publicInputs, vkHash, publicInputsSize); (rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaAndGammaChallenges(previousChallenge, proof); } @@ -83,35 +81,33 @@ library ZKTranscriptLib { function generateEtaChallenge( Honk.ZKProof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) internal pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { - bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); - round0[0] = bytes32(circuitSize); - round0[1] = bytes32(publicInputsSize); - round0[2] = bytes32(pubInputsOffset); + bytes32[] memory round0 = new bytes32[](1 + publicInputsSize + 12); + round0[0] = bytes32(vkHash); + for (uint256 i = 0; i < publicInputsSize - PAIRING_POINTS_SIZE; i++) { - round0[3 + i] = bytes32(publicInputs[i]); + round0[1 + i] = bytes32(publicInputs[i]); } for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { - round0[3 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); + round0[1 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); } // Create the first challenge // Note: w4 is added to the challenge later on - round0[3 + publicInputsSize] = bytes32(proof.w1.x_0); - round0[3 + publicInputsSize + 1] = bytes32(proof.w1.x_1); - round0[3 + publicInputsSize + 2] = bytes32(proof.w1.y_0); - round0[3 + publicInputsSize + 3] = bytes32(proof.w1.y_1); - round0[3 + publicInputsSize + 4] = bytes32(proof.w2.x_0); - round0[3 + publicInputsSize + 5] = bytes32(proof.w2.x_1); - round0[3 + publicInputsSize + 6] = bytes32(proof.w2.y_0); - round0[3 + publicInputsSize + 7] = bytes32(proof.w2.y_1); - round0[3 + publicInputsSize + 8] = bytes32(proof.w3.x_0); - round0[3 + publicInputsSize + 9] = bytes32(proof.w3.x_1); - round0[3 + publicInputsSize + 10] = bytes32(proof.w3.y_0); - round0[3 + publicInputsSize + 11] = bytes32(proof.w3.y_1); + round0[1 + publicInputsSize] = bytes32(proof.w1.x_0); + round0[1 + publicInputsSize + 1] = bytes32(proof.w1.x_1); + round0[1 + publicInputsSize + 2] = bytes32(proof.w1.y_0); + round0[1 + publicInputsSize + 3] = bytes32(proof.w1.y_1); + round0[1 + publicInputsSize + 4] = bytes32(proof.w2.x_0); + round0[1 + publicInputsSize + 5] = bytes32(proof.w2.x_1); + round0[1 + publicInputsSize + 6] = bytes32(proof.w2.y_0); + round0[1 + publicInputsSize + 7] = bytes32(proof.w2.y_1); + round0[1 + publicInputsSize + 8] = bytes32(proof.w3.x_0); + round0[1 + publicInputsSize + 9] = bytes32(proof.w3.x_1); + round0[1 + publicInputsSize + 10] = bytes32(proof.w3.y_0); + round0[1 + publicInputsSize + 11] = bytes32(proof.w3.y_1); previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0))); (eta, etaTwo) = splitChallenge(previousChallenge); diff --git a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol index 3ea10080054c..1822bdd6c6d5 100644 --- a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol @@ -14,6 +14,7 @@ library Add2HonkVerificationKey { circuitSize: uint256(4096), logCircuitSize: uint256(12), publicInputsSize: uint256(19), + vkHash: uint256(0x00591ad8d756290e4d7691a3fc5969f55c517d7bfac3de61c53df98cb7597bb9), ql: Honk.G1Point({ x: uint256(0x0480a80b708d88511983399d7d454290cd7fc44f01efd7cd0adabac1da5209b7), y: uint256(0x2ae668b0ee73a123a9d90f5783ad3d938b72e3c7ff79fcccab796e842df5300e) @@ -95,8 +96,8 @@ library Add2HonkVerificationKey { y: uint256(0x233ecaca2ddbebb0484a44e6f55b8c8614c7b5e0ce31b51d59d6b21322a307a1) }), t3: Honk.G1Point({ - x: uint256(0x1466af934dc34b082708b0a26a61dae7d9d859cbd4661cfab6abf34e827d9d2a), - y: uint256(0x2666bf4c8a2aef1ab89aafded315580561c9d4a13f3ac4b255b478f544590eda) + x: uint256(0x046d00a14d5c2e99d48c85c441284b5dfef894fba87965c1c75b9a5a7cf0fdde), + y: uint256(0x2113297215872f507a7668059f801ac9877e73cb6dcab3703c5f68b404abeded) }), t4: Honk.G1Point({ x: uint256(0x0765bf6645e4cf63f05d9b0efd06acebce309c685a3b05e613574ccd7316677c), diff --git a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol index 2612e10c4606..46cff1945257 100644 --- a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol @@ -14,6 +14,7 @@ library BlakeHonkVerificationKey { circuitSize: uint256(32768), logCircuitSize: uint256(15), publicInputsSize: uint256(20), + vkHash: uint256(0x09d9b101f113101f439ee2f61e38edd4f0b2bfc8e55e9f5a0df7fe2408c5d82e), ql: Honk.G1Point({ x: uint256(0x1dbc2d49981f1318140ca1106a52550e1c079613c92a2b23206d1504cfb2f86b), y: uint256(0x04d743fe1aa6c0e790573ff504c0b5068b8d630459835db49d24004e0f010ad3) @@ -95,8 +96,8 @@ library BlakeHonkVerificationKey { y: uint256(0x1ba438e74f962c1b769f452da854110d0635d48e4d74d282ad06ae0e2830ac91) }), t3: Honk.G1Point({ - x: uint256(0x21313b069a809e1ab2df2a959cfd9a407933547daf0af170b0e6851d5f4e1014), - y: uint256(0x11a24ca630551e13681edd34cb75746b12ee1806cc3c2c7e670f3a1bb4f30a1f) + x: uint256(0x20d80d8e50445042431974ff13f53c27c62c17d6d2100faac252917bc2666ac1), + y: uint256(0x04bffddce3617713d52791e3344987b29b7c3359a227a03ca26857e813a84278) }), t4: Honk.G1Point({ x: uint256(0x2a0724cfe33e0ee4b3f81929ef0cd1da5e113987c9aed1534cca51dae3d9bc2d), diff --git a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol index 32416150e400..a07ea0070619 100644 --- a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol @@ -14,6 +14,7 @@ library EcdsaHonkVerificationKey { circuitSize: uint256(65536), logCircuitSize: uint256(16), publicInputsSize: uint256(22), + vkHash: uint256(0x2fd5131e0fbfe3b7cb170c7f389581fb5cf275d176716711e3ed8accc5bfe7e2), ql: Honk.G1Point({ x: uint256(0x222da11caac0ef8c8d024bcd3ce7ef9da65cba415dc078d6c1e99efb9d296476), y: uint256(0x06b0caa4e59eeea611e3d82aa4c1be032ea48d1ebe99a2120c6b1d34ad52cad2) @@ -95,8 +96,8 @@ library EcdsaHonkVerificationKey { y: uint256(0x0cd29f3121acf9430707827d9b0805f991402d944261e1d648d9c08c7cec5475) }), t3: Honk.G1Point({ - x: uint256(0x1df7f08d004e38c6cc24155081bf68c1a6444b526bd98beea00feabc8ea337f9), - y: uint256(0x0471714279ef8a51213c70cb4fa89e73caf1ad84fa8c1447f41f6eb6bb897491) + x: uint256(0x028e38bb3aa2e17472eeeb097c9d6a2fb1249523df2ff33ba582e218e9d5a526), + y: uint256(0x0407008880940dfdef132dbcb27acc00e914e1b375c4d57c08d27202f1d99198) }), t4: Honk.G1Point({ x: uint256(0x1d794f2aaa0524cb1d97c2ff125061a697ec693323edcff93f0e5a59bcd2101d), diff --git a/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol index a3e54d72417f..3898073b962a 100644 --- a/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol @@ -14,6 +14,7 @@ library RecursiveHonkVerificationKey { circuitSize: uint256(1048576), logCircuitSize: uint256(20), publicInputsSize: uint256(16), + vkHash: uint256(0x0f71347a3acbefd3925c24fbe03c70d91a785109f77dc874c8cb7ab5c7da5ce0), ql: Honk.G1Point({ x: uint256(0x2d26dcedf30775b10b7b5d23a575efd46e95045fbcafedfb05e144c2aa7edf6d), y: uint256(0x189bf6c6697af3d3a2067f655f5216cd2e97938d4797a6bfba0691fc0277fada) @@ -95,8 +96,8 @@ library RecursiveHonkVerificationKey { y: uint256(0x19f38f8e7cf18f375d75db06fca92a0cbfc1214af084c189478e34dc04c77419) }), t3: Honk.G1Point({ - x: uint256(0x15642d62fc17d119ba4afb77ab424e0a771b5bbb501c75790a1a4e2906931045), - y: uint256(0x21cea98314ec6efc5f8f1f648f42a7a5c1396036397af54a729801cc1c37d4e2) + x: uint256(0x1800723660742a70c0cc9a984e30274444a587c93d9f4742a9b96cd3572365e1), + y: uint256(0x08a91d28a9c758fed327095e282375ce84640883f7755c7d95e7ccb31cdcfd4c) }), t4: Honk.G1Point({ x: uint256(0x1f3bd0ebf0709ac30745d0dafb183cdd5b4a42e59fe1e447cad24659049d13a7), From 740a92c25f2fe72b0f9d0050132ad878f28e85df Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 26 Jul 2025 19:42:03 +0000 Subject: [PATCH 02/11] chore: remove todo --- .../cpp/src/barretenberg/ultra_honk/oink_prover.cpp | 5 +---- .../cpp/src/barretenberg/ultra_honk/oink_verifier.cpp | 6 +----- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp index 12ae4e808540..095cd9968ca4 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_prover.cpp @@ -86,10 +86,7 @@ template void OinkProver::execute_preamble_ro { PROFILE_THIS_NAME("OinkProver::execute_preamble_round"); fr vkey_hash = honk_vk->add_hash_to_transcript(domain_separator, *transcript); - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1427): Add VK FS to solidity verifier. - if constexpr (!IsAnyOf) { - vinfo("vk hash in Oink prover: ", vkey_hash); - } + vinfo("vk hash in Oink prover: ", vkey_hash); for (size_t i = 0; i < proving_key->num_public_inputs(); ++i) { auto public_input_i = proving_key->public_inputs[i]; diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp index 6f0b1d3b9524..d6dd06cc241e 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/oink_verifier.cpp @@ -46,11 +46,7 @@ template void OinkVerifier::verify() template void OinkVerifier::execute_preamble_round() { FF vkey_hash = verification_key->vk->add_hash_to_transcript(domain_separator, *transcript); - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1427): Update solidity contract to generate vkey hash - // from transcript. - if constexpr (!IsAnyOf) { - vinfo("vk hash in Oink verifier: ", vkey_hash); - } + vinfo("vk hash in Oink verifier: ", vkey_hash); for (size_t i = 0; i < verification_key->vk->num_public_inputs; ++i) { auto public_input_i = From 8fef71b82d59dee84e45343ac2fdce930e2be291 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 26 Jul 2025 19:42:26 +0000 Subject: [PATCH 03/11] chore: add doc --- .../cpp/src/barretenberg/transcript/transcript.hpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp index b9a3f65cfe8b..d93c1277ae83 100644 --- a/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp +++ b/barretenberg/cpp/src/barretenberg/transcript/transcript.hpp @@ -330,7 +330,14 @@ template class BaseTranscript { */ void enable_manifest() { use_manifest = true; } - // TODO: doc + /** + * @brief Static hash method that forwards to TranscriptParams hash. + * @details This method allows hash to be called on the Transcript class directly, + * which is needed for verification key hashing. + * + * @param data Vector of field elements to hash + * @return Fr Hash result + */ static Fr hash(const std::vector& data) { return TranscriptParams::hash(data); } /** From 18f5dd531d520feb4570bced6573ca50b9f19c1a Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 26 Jul 2025 19:43:59 +0000 Subject: [PATCH 04/11] chore: scripts/cop_to_cpp.sh --- .../dsl/acir_proofs/honk_contract.hpp | 60 +++++++++---------- .../dsl/acir_proofs/honk_zk_contract.hpp | 56 +++++++++-------- 2 files changed, 54 insertions(+), 62 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp index acf4d249112d..4dff7e79fd83 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp @@ -216,6 +216,8 @@ library Honk { } struct VerificationKey { + // Hash of all of the field elements in the verification key + uint256 vkHash; // Misc Params uint256 circuitSize; uint256 logCircuitSize; @@ -342,14 +344,12 @@ library TranscriptLib { function generateTranscript( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) internal pure returns (Transcript memory t) { Fr previousChallenge; - (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset, previousChallenge - ); + (t.relationParameters, previousChallenge) = + generateRelationParametersChallenges(proof, publicInputs, vkHash, publicInputsSize, previousChallenge); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -379,13 +379,12 @@ library TranscriptLib { function generateRelationParametersChallenges( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, + uint256 vkHash, uint256 publicInputsSize, - uint256 pubInputsOffset, Fr previousChallenge ) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) { (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = - generateEtaChallenge(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset); + generateEtaChallenge(proof, publicInputs, vkHash, publicInputsSize); (rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaAndGammaChallenges(previousChallenge, proof); } @@ -393,36 +392,33 @@ library TranscriptLib { function generateEtaChallenge( Honk.Proof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) internal pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { - bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); - round0[0] = bytes32(circuitSize); - round0[1] = bytes32(publicInputsSize); - round0[2] = bytes32(pubInputsOffset); + bytes32[] memory round0 = new bytes32[](1 + publicInputsSize + 12); + round0[0] = bytes32(vkHash); for (uint256 i = 0; i < publicInputsSize - PAIRING_POINTS_SIZE; i++) { - round0[3 + i] = bytes32(publicInputs[i]); + round0[1 + i] = bytes32(publicInputs[i]); } for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { - round0[3 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); + round0[1 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); } // Create the first challenge // Note: w4 is added to the challenge later on - round0[3 + publicInputsSize] = bytes32(proof.w1.x_0); - round0[3 + publicInputsSize + 1] = bytes32(proof.w1.x_1); - round0[3 + publicInputsSize + 2] = bytes32(proof.w1.y_0); - round0[3 + publicInputsSize + 3] = bytes32(proof.w1.y_1); - round0[3 + publicInputsSize + 4] = bytes32(proof.w2.x_0); - round0[3 + publicInputsSize + 5] = bytes32(proof.w2.x_1); - round0[3 + publicInputsSize + 6] = bytes32(proof.w2.y_0); - round0[3 + publicInputsSize + 7] = bytes32(proof.w2.y_1); - round0[3 + publicInputsSize + 8] = bytes32(proof.w3.x_0); - round0[3 + publicInputsSize + 9] = bytes32(proof.w3.x_1); - round0[3 + publicInputsSize + 10] = bytes32(proof.w3.y_0); - round0[3 + publicInputsSize + 11] = bytes32(proof.w3.y_1); + round0[1 + publicInputsSize] = bytes32(proof.w1.x_0); + round0[1 + publicInputsSize + 1] = bytes32(proof.w1.x_1); + round0[1 + publicInputsSize + 2] = bytes32(proof.w1.y_0); + round0[1 + publicInputsSize + 3] = bytes32(proof.w1.y_1); + round0[1 + publicInputsSize + 4] = bytes32(proof.w2.x_0); + round0[1 + publicInputsSize + 5] = bytes32(proof.w2.x_1); + round0[1 + publicInputsSize + 6] = bytes32(proof.w2.y_0); + round0[1 + publicInputsSize + 7] = bytes32(proof.w2.y_1); + round0[1 + publicInputsSize + 8] = bytes32(proof.w3.x_0); + round0[1 + publicInputsSize + 9] = bytes32(proof.w3.x_1); + round0[1 + publicInputsSize + 10] = bytes32(proof.w3.y_0); + round0[1 + publicInputsSize + 11] = bytes32(proof.w3.y_1); previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0))); (eta, etaTwo) = splitChallenge(previousChallenge); @@ -1738,9 +1734,7 @@ abstract contract BaseHonkVerifier is IVerifier { } // Generate the fiat shamir challenges for the whole protocol - Transcript memory t = TranscriptLib.generateTranscript( - p, publicInputs, vk.circuitSize, $NUM_PUBLIC_INPUTS, /*pubInputsOffset=*/ 1 - ); + Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS); // Derive public input delta t.relationParameters.publicInputsDelta = computePublicInputDelta( diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp index d9718e061173..18be9f880439 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp @@ -216,6 +216,8 @@ library Honk { } struct VerificationKey { + // Hash of all of the field elements in the verification key + uint256 vkHash; // Misc Params uint256 circuitSize; uint256 logCircuitSize; @@ -344,13 +346,12 @@ library ZKTranscriptLib { function generateTranscript( Honk.ZKProof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) external pure returns (ZKTranscript memory t) { Fr previousChallenge; (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset, previousChallenge + proof, publicInputs, vkHash, publicInputsSize, previousChallenge ); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -380,13 +381,12 @@ library ZKTranscriptLib { function generateRelationParametersChallenges( Honk.ZKProof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, + uint256 vkHash, uint256 publicInputsSize, - uint256 pubInputsOffset, Fr previousChallenge ) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) { (rp.eta, rp.etaTwo, rp.etaThree, previousChallenge) = - generateEtaChallenge(proof, publicInputs, circuitSize, publicInputsSize, pubInputsOffset); + generateEtaChallenge(proof, publicInputs, vkHash, publicInputsSize); (rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaAndGammaChallenges(previousChallenge, proof); } @@ -394,35 +394,33 @@ library ZKTranscriptLib { function generateEtaChallenge( Honk.ZKProof memory proof, bytes32[] calldata publicInputs, - uint256 circuitSize, - uint256 publicInputsSize, - uint256 pubInputsOffset + uint256 vkHash, + uint256 publicInputsSize ) internal pure returns (Fr eta, Fr etaTwo, Fr etaThree, Fr previousChallenge) { - bytes32[] memory round0 = new bytes32[](3 + publicInputsSize + 12); - round0[0] = bytes32(circuitSize); - round0[1] = bytes32(publicInputsSize); - round0[2] = bytes32(pubInputsOffset); + bytes32[] memory round0 = new bytes32[](1 + publicInputsSize + 12); + round0[0] = bytes32(vkHash); + for (uint256 i = 0; i < publicInputsSize - PAIRING_POINTS_SIZE; i++) { - round0[3 + i] = bytes32(publicInputs[i]); + round0[1 + i] = bytes32(publicInputs[i]); } for (uint256 i = 0; i < PAIRING_POINTS_SIZE; i++) { - round0[3 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); + round0[1 + publicInputsSize - PAIRING_POINTS_SIZE + i] = FrLib.toBytes32(proof.pairingPointObject[i]); } // Create the first challenge // Note: w4 is added to the challenge later on - round0[3 + publicInputsSize] = bytes32(proof.w1.x_0); - round0[3 + publicInputsSize + 1] = bytes32(proof.w1.x_1); - round0[3 + publicInputsSize + 2] = bytes32(proof.w1.y_0); - round0[3 + publicInputsSize + 3] = bytes32(proof.w1.y_1); - round0[3 + publicInputsSize + 4] = bytes32(proof.w2.x_0); - round0[3 + publicInputsSize + 5] = bytes32(proof.w2.x_1); - round0[3 + publicInputsSize + 6] = bytes32(proof.w2.y_0); - round0[3 + publicInputsSize + 7] = bytes32(proof.w2.y_1); - round0[3 + publicInputsSize + 8] = bytes32(proof.w3.x_0); - round0[3 + publicInputsSize + 9] = bytes32(proof.w3.x_1); - round0[3 + publicInputsSize + 10] = bytes32(proof.w3.y_0); - round0[3 + publicInputsSize + 11] = bytes32(proof.w3.y_1); + round0[1 + publicInputsSize] = bytes32(proof.w1.x_0); + round0[1 + publicInputsSize + 1] = bytes32(proof.w1.x_1); + round0[1 + publicInputsSize + 2] = bytes32(proof.w1.y_0); + round0[1 + publicInputsSize + 3] = bytes32(proof.w1.y_1); + round0[1 + publicInputsSize + 4] = bytes32(proof.w2.x_0); + round0[1 + publicInputsSize + 5] = bytes32(proof.w2.x_1); + round0[1 + publicInputsSize + 6] = bytes32(proof.w2.y_0); + round0[1 + publicInputsSize + 7] = bytes32(proof.w2.y_1); + round0[1 + publicInputsSize + 8] = bytes32(proof.w3.x_0); + round0[1 + publicInputsSize + 9] = bytes32(proof.w3.x_1); + round0[1 + publicInputsSize + 10] = bytes32(proof.w3.y_0); + round0[1 + publicInputsSize + 11] = bytes32(proof.w3.y_1); previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0))); (eta, etaTwo) = splitChallenge(previousChallenge); @@ -1809,7 +1807,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { // Generate the fiat shamir challenges for the whole protocol ZKTranscript memory t = ZKTranscriptLib.generateTranscript( - p, publicInputs, vk.circuitSize, $NUM_PUBLIC_INPUTS, /*pubInputsOffset=*/ 1 + p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS ); // Derive public input delta From b2430f03b2493e9a88f4ff28015a167bf60eadc3 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 26 Jul 2025 22:44:50 +0000 Subject: [PATCH 05/11] fix: key consistency test --- .../barretenberg/flavor/native_verification_key.test.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/flavor/native_verification_key.test.cpp b/barretenberg/cpp/src/barretenberg/flavor/native_verification_key.test.cpp index 0aa8110ddc1a..d008b67a1e8c 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/native_verification_key.test.cpp +++ b/barretenberg/cpp/src/barretenberg/flavor/native_verification_key.test.cpp @@ -68,12 +68,13 @@ TYPED_TEST(NativeVerificationKeyTests, VKHashingConsistency) { using Flavor = TypeParam; using VerificationKey = typename Flavor::VerificationKey; + using Transcript = typename Flavor::Transcript; VerificationKey vk(TestFixture::create_vk()); // First method of hashing: using to_field_elements and add_to_hash_buffer. std::vector vk_field_elements = vk.to_field_elements(); - NativeTranscript transcript; + Transcript transcript; for (const auto& field_element : vk_field_elements) { transcript.add_to_independent_hash_buffer("vk_element", field_element); } @@ -81,9 +82,7 @@ TYPED_TEST(NativeVerificationKeyTests, VKHashingConsistency) // Second method of hashing: using hash(). fr vkey_hash_2 = vk.hash(); EXPECT_EQ(vkey_hash_1, vkey_hash_2); - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1427): Solidity verifier does not fiat shamir the full - // verification key. This will be fixed in a followup PR. - if constexpr (!IsAnyOf) { + if constexpr (!IsAnyOf) { // Third method of hashing: using add_hash_to_transcript. typename Flavor::Transcript transcript_2; fr vkey_hash_3 = vk.add_hash_to_transcript("", transcript_2); From 04114b77c1a44eb1e1c6352d052cdfb2b5a809ea Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Sat, 26 Jul 2025 22:53:42 +0000 Subject: [PATCH 06/11] fix: ultra transcript test --- .../src/barretenberg/ultra_honk/ultra_transcript.test.cpp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 9a670c375fe3..c0ec90e28bf5 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -67,10 +67,7 @@ template class UltraTranscriptTests : public ::testing::Test { if constexpr (!IsAnyOf) { manifest_expected.add_entry(round, "vk_hash", frs_per_Fr); } else { - size_t frs_per_uint32 = bb::field_conversion::calc_num_bn254_frs(); - manifest_expected.add_entry(round, "vk_log_circuit_size", frs_per_uint32); - manifest_expected.add_entry(round, "vk_num_public_inputs", frs_per_uint32); - manifest_expected.add_entry(round, "vk_pub_inputs_offset", frs_per_uint32); + manifest_expected.add_entry(round, "vk_hash", 1); } manifest_expected.add_entry(round, "public_input_0", frs_per_Fr); From 3eed299d11c3a662dad0182364beacc92fc139d1 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 29 Jul 2025 10:52:38 +0000 Subject: [PATCH 07/11] chore: remove magic number --- .../cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index c0ec90e28bf5..85d267778b48 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -67,7 +67,7 @@ template class UltraTranscriptTests : public ::testing::Test { if constexpr (!IsAnyOf) { manifest_expected.add_entry(round, "vk_hash", frs_per_Fr); } else { - manifest_expected.add_entry(round, "vk_hash", 1); + manifest_expected.add_entry(round, "vk_hash", frs_per_Fr); } manifest_expected.add_entry(round, "public_input_0", frs_per_Fr); From c897cde0bf23a4980a082502239f96cfbb6706e3 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 29 Jul 2025 11:00:49 +0000 Subject: [PATCH 08/11] chore: move vk hash to const outside of struct --- .../dsl/acir_proofs/honk_contract.hpp | 10 +++++----- .../dsl/acir_proofs/honk_zk_contract.hpp | 17 +++++++---------- .../barretenberg/honk/utils/honk_key_gen.hpp | 2 +- barretenberg/sol/src/honk/BaseHonkVerifier.sol | 6 ++++-- .../sol/src/honk/BaseZKHonkVerifier.sol | 8 ++++---- barretenberg/sol/src/honk/HonkTypes.sol | 2 -- barretenberg/sol/src/honk/ZKTranscript.sol | 5 ++--- barretenberg/sol/src/honk/instance/Add2Honk.sol | 10 ++++++++-- .../sol/src/honk/instance/Add2HonkZK.sol | 10 ++++++++-- .../sol/src/honk/instance/BlakeHonk.sol | 10 ++++++++-- .../sol/src/honk/instance/BlakeHonkZK.sol | 10 ++++++++-- .../sol/src/honk/instance/EcdsaHonk.sol | 10 ++++++++-- .../sol/src/honk/instance/EcdsaHonkZK.sol | 10 ++++++++-- .../sol/src/honk/instance/RecursiveHonk.sol | 5 +++-- .../sol/src/honk/instance/RecursiveHonkZK.sol | 5 +++-- .../src/honk/keys/Add2HonkVerificationKey.sol | 2 +- .../src/honk/keys/BlakeHonkVerificationKey.sol | 2 +- .../src/honk/keys/EcdsaHonkVerificationKey.sol | 2 +- .../honk/keys/RecursiveHonkVerificationKey.sol | 2 +- 19 files changed, 81 insertions(+), 47 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp index 4dff7e79fd83..39783bf2730a 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp @@ -216,8 +216,6 @@ library Honk { } struct VerificationKey { - // Hash of all of the field elements in the verification key - uint256 vkHash; // Misc Params uint256 circuitSize; uint256 logCircuitSize; @@ -1702,11 +1700,13 @@ abstract contract BaseHonkVerifier is IVerifier { uint256 immutable $N; uint256 immutable $LOG_N; + uint256 immutable $VK_HASH; uint256 immutable $NUM_PUBLIC_INPUTS; - constructor(uint256 _N, uint256 _logN, uint256 _numPublicInputs) { + constructor(uint256 _N, uint256 _logN, uint256 _vkHash, uint256 _numPublicInputs) { $N = _N; $LOG_N = _logN; + $VK_HASH = _vkHash; $NUM_PUBLIC_INPUTS = _numPublicInputs; } @@ -1734,7 +1734,7 @@ abstract contract BaseHonkVerifier is IVerifier { } // Generate the fiat shamir challenges for the whole protocol - Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS); + Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, $VK_HASH, $NUM_PUBLIC_INPUTS); // Derive public input delta t.relationParameters.publicInputsDelta = computePublicInputDelta( @@ -2134,7 +2134,7 @@ abstract contract BaseHonkVerifier is IVerifier { } } -contract HonkVerifier is BaseHonkVerifier(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract HonkVerifier is BaseHonkVerifier(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return HonkVerificationKey.loadVerificationKey(); } diff --git a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp index 18be9f880439..3cb0afafae2e 100644 --- a/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp +++ b/barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp @@ -216,8 +216,6 @@ library Honk { } struct VerificationKey { - // Hash of all of the field elements in the verification key - uint256 vkHash; // Misc Params uint256 circuitSize; uint256 logCircuitSize; @@ -350,9 +348,8 @@ library ZKTranscriptLib { uint256 publicInputsSize ) external pure returns (ZKTranscript memory t) { Fr previousChallenge; - (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, vkHash, publicInputsSize, previousChallenge - ); + (t.relationParameters, previousChallenge) = + generateRelationParametersChallenges(proof, publicInputs, vkHash, publicInputsSize, previousChallenge); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); @@ -1766,11 +1763,13 @@ abstract contract BaseZKHonkVerifier is IVerifier { uint256 immutable $N; uint256 immutable $LOG_N; + uint256 immutable $VK_HASH; uint256 immutable $NUM_PUBLIC_INPUTS; - constructor(uint256 _N, uint256 _logN, uint256 _numPublicInputs) { + constructor(uint256 _N, uint256 _logN, uint256 _vkHash, uint256 _numPublicInputs) { $N = _N; $LOG_N = _logN; + $VK_HASH = _vkHash; $NUM_PUBLIC_INPUTS = _numPublicInputs; } @@ -1806,9 +1805,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { } // Generate the fiat shamir challenges for the whole protocol - ZKTranscript memory t = ZKTranscriptLib.generateTranscript( - p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS - ); + ZKTranscript memory t = ZKTranscriptLib.generateTranscript(p, publicInputs, $VK_HASH, $NUM_PUBLIC_INPUTS); // Derive public input delta t.relationParameters.publicInputsDelta = computePublicInputDelta( @@ -2288,7 +2285,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { } } -contract HonkVerifier is BaseZKHonkVerifier(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract HonkVerifier is BaseZKHonkVerifier(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return HonkVerificationKey.loadVerificationKey(); } diff --git a/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp b/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp index 98ac4428142e..939242e77b59 100644 --- a/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp +++ b/barretenberg/cpp/src/barretenberg/honk/utils/honk_key_gen.hpp @@ -67,6 +67,7 @@ inline void output_vk_sol_ultra_honk(std::ostream& os, print_u256_const(1 << key->log_circuit_size, "N"); print_u256_const(key->log_circuit_size, "LOG_N"); print_u256_const(key->num_public_inputs, "NUMBER_OF_PUBLIC_INPUTS"); + print_u256_const(key->hash(), "VK_HASH"); os << "" "library " << class_name << " {\n" " function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) {\n" @@ -74,7 +75,6 @@ inline void output_vk_sol_ultra_honk(std::ostream& os, print_u256(1 << key->log_circuit_size, "circuitSize"); print_u256(key->log_circuit_size, "logCircuitSize"); print_u256(key->num_public_inputs, "publicInputsSize"); - print_u256(key->hash(), "vkHash"); print_g1(key->q_l, "ql"); print_g1(key->q_r, "qr"); print_g1(key->q_o, "qo"); diff --git a/barretenberg/sol/src/honk/BaseHonkVerifier.sol b/barretenberg/sol/src/honk/BaseHonkVerifier.sol index c3c722bd32fe..9d53531ffbbd 100644 --- a/barretenberg/sol/src/honk/BaseHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseHonkVerifier.sol @@ -32,11 +32,13 @@ abstract contract BaseHonkVerifier is IVerifier { uint256 immutable $N; uint256 immutable $LOG_N; + uint256 immutable $VK_HASH; uint256 immutable $NUM_PUBLIC_INPUTS; - constructor(uint256 _N, uint256 _logN, uint256 _numPublicInputs) { + constructor(uint256 _N, uint256 _logN, uint256 _vkHash, uint256 _numPublicInputs) { $N = _N; $LOG_N = _logN; + $VK_HASH = _vkHash; $NUM_PUBLIC_INPUTS = _numPublicInputs; } @@ -65,7 +67,7 @@ abstract contract BaseHonkVerifier is IVerifier { // Generate the fiat shamir challenges for the whole protocol // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. - Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS); + Transcript memory t = TranscriptLib.generateTranscript(p, publicInputs, $VK_HASH, $NUM_PUBLIC_INPUTS); // Derive public input delta // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. diff --git a/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol b/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol index f89ad31fcdca..48e755d0399e 100644 --- a/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol +++ b/barretenberg/sol/src/honk/BaseZKHonkVerifier.sol @@ -32,11 +32,13 @@ abstract contract BaseZKHonkVerifier is IVerifier { uint256 immutable $N; uint256 immutable $LOG_N; + uint256 immutable $VK_HASH; uint256 immutable $NUM_PUBLIC_INPUTS; - constructor(uint256 _N, uint256 _logN, uint256 _numPublicInputs) { + constructor(uint256 _N, uint256 _logN, uint256 _vkHash, uint256 _numPublicInputs) { $N = _N; $LOG_N = _logN; + $VK_HASH = _vkHash; $NUM_PUBLIC_INPUTS = _numPublicInputs; } @@ -73,9 +75,7 @@ abstract contract BaseZKHonkVerifier is IVerifier { // Generate the fiat shamir challenges for the whole protocol // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. - ZKTranscript memory t = ZKTranscriptLib.generateTranscript( - p, publicInputs, vk.vkHash, $NUM_PUBLIC_INPUTS - ); + ZKTranscript memory t = ZKTranscriptLib.generateTranscript(p, publicInputs, $VK_HASH, $NUM_PUBLIC_INPUTS); // Derive public input delta // TODO(https://github.com/AztecProtocol/barretenberg/issues/1281): Add pubInputsOffset to VK or remove entirely. diff --git a/barretenberg/sol/src/honk/HonkTypes.sol b/barretenberg/sol/src/honk/HonkTypes.sol index 7f108ab19ddd..fa89fc128068 100644 --- a/barretenberg/sol/src/honk/HonkTypes.sol +++ b/barretenberg/sol/src/honk/HonkTypes.sol @@ -76,8 +76,6 @@ library Honk { } struct VerificationKey { - // Hash of all of the field elements in the verification key - uint256 vkHash; // Misc Params uint256 circuitSize; uint256 logCircuitSize; diff --git a/barretenberg/sol/src/honk/ZKTranscript.sol b/barretenberg/sol/src/honk/ZKTranscript.sol index 70f16994e541..e2de869b0b6f 100644 --- a/barretenberg/sol/src/honk/ZKTranscript.sol +++ b/barretenberg/sol/src/honk/ZKTranscript.sol @@ -37,9 +37,8 @@ library ZKTranscriptLib { uint256 publicInputsSize ) external pure returns (ZKTranscript memory t) { Fr previousChallenge; - (t.relationParameters, previousChallenge) = generateRelationParametersChallenges( - proof, publicInputs, vkHash, publicInputsSize, previousChallenge - ); + (t.relationParameters, previousChallenge) = + generateRelationParametersChallenges(proof, publicInputs, vkHash, publicInputsSize, previousChallenge); (t.alphas, previousChallenge) = generateAlphaChallenges(previousChallenge, proof); diff --git a/barretenberg/sol/src/honk/instance/Add2Honk.sol b/barretenberg/sol/src/honk/instance/Add2Honk.sol index d70c26ce1b03..d9793a30e65f 100644 --- a/barretenberg/sol/src/honk/instance/Add2Honk.sol +++ b/barretenberg/sol/src/honk/instance/Add2Honk.sol @@ -3,13 +3,19 @@ pragma solidity >=0.8.21; import {IVerifier} from "../../interfaces/IVerifier.sol"; -import {Add2HonkVerificationKey as VK, N, LOG_N, NUMBER_OF_PUBLIC_INPUTS} from "../keys/Add2HonkVerificationKey.sol"; +import { + Add2HonkVerificationKey as VK, + N, + LOG_N, + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH +} from "../keys/Add2HonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseHonkVerifier as BASE} from "../BaseHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract Add2HonkVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract Add2HonkVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/Add2HonkZK.sol b/barretenberg/sol/src/honk/instance/Add2HonkZK.sol index fc5f14613ed0..adf852b9e113 100644 --- a/barretenberg/sol/src/honk/instance/Add2HonkZK.sol +++ b/barretenberg/sol/src/honk/instance/Add2HonkZK.sol @@ -3,13 +3,19 @@ pragma solidity >=0.8.21; import {IVerifier} from "../../interfaces/IVerifier.sol"; -import {Add2HonkVerificationKey as VK, N, LOG_N, NUMBER_OF_PUBLIC_INPUTS} from "../keys/Add2HonkVerificationKey.sol"; +import { + Add2HonkVerificationKey as VK, + N, + LOG_N, + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH +} from "../keys/Add2HonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseZKHonkVerifier as BASE} from "../BaseZKHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract Add2HonkZKVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract Add2HonkZKVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/BlakeHonk.sol b/barretenberg/sol/src/honk/instance/BlakeHonk.sol index fd42b9e094e7..564056c61418 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonk.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonk.sol @@ -3,14 +3,20 @@ pragma solidity >=0.8.21; import {IVerifier} from "../../interfaces/IVerifier.sol"; -import {BlakeHonkVerificationKey as VK, N, LOG_N, NUMBER_OF_PUBLIC_INPUTS} from "../keys/BlakeHonkVerificationKey.sol"; +import { + BlakeHonkVerificationKey as VK, + N, + LOG_N, + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH +} from "../keys/BlakeHonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseHonkVerifier as BASE} from "../BaseHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract BlakeHonkVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract BlakeHonkVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/BlakeHonkZK.sol b/barretenberg/sol/src/honk/instance/BlakeHonkZK.sol index 6d6a61172da0..e9a7241d3e61 100644 --- a/barretenberg/sol/src/honk/instance/BlakeHonkZK.sol +++ b/barretenberg/sol/src/honk/instance/BlakeHonkZK.sol @@ -3,14 +3,20 @@ pragma solidity >=0.8.21; import {IVerifier} from "../../interfaces/IVerifier.sol"; -import {BlakeHonkVerificationKey as VK, N, LOG_N, NUMBER_OF_PUBLIC_INPUTS} from "../keys/BlakeHonkVerificationKey.sol"; +import { + BlakeHonkVerificationKey as VK, + N, + LOG_N, + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH +} from "../keys/BlakeHonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseZKHonkVerifier as BASE} from "../BaseZKHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract BlakeHonkZKVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract BlakeHonkZKVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol index f7d599ff01e9..833b7a48862f 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonk.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonk.sol @@ -3,14 +3,20 @@ pragma solidity >=0.8.21; import {IVerifier} from "../../interfaces/IVerifier.sol"; -import {EcdsaHonkVerificationKey as VK, N, LOG_N, NUMBER_OF_PUBLIC_INPUTS} from "../keys/EcdsaHonkVerificationKey.sol"; +import { + EcdsaHonkVerificationKey as VK, + N, + LOG_N, + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH +} from "../keys/EcdsaHonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseHonkVerifier as BASE} from "../BaseHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract EcdsaHonkVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract EcdsaHonkVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/EcdsaHonkZK.sol b/barretenberg/sol/src/honk/instance/EcdsaHonkZK.sol index d3940dff7b11..0eb33127fa3d 100644 --- a/barretenberg/sol/src/honk/instance/EcdsaHonkZK.sol +++ b/barretenberg/sol/src/honk/instance/EcdsaHonkZK.sol @@ -3,14 +3,20 @@ pragma solidity >=0.8.21; import {IVerifier} from "../../interfaces/IVerifier.sol"; -import {EcdsaHonkVerificationKey as VK, N, LOG_N, NUMBER_OF_PUBLIC_INPUTS} from "../keys/EcdsaHonkVerificationKey.sol"; +import { + EcdsaHonkVerificationKey as VK, + N, + LOG_N, + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH +} from "../keys/EcdsaHonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseZKHonkVerifier as BASE} from "../BaseZKHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract EcdsaHonkZKVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract EcdsaHonkZKVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/RecursiveHonk.sol b/barretenberg/sol/src/honk/instance/RecursiveHonk.sol index e7436c6fc964..3c65f3f13f8b 100644 --- a/barretenberg/sol/src/honk/instance/RecursiveHonk.sol +++ b/barretenberg/sol/src/honk/instance/RecursiveHonk.sol @@ -7,14 +7,15 @@ import { RecursiveHonkVerificationKey as VK, N, LOG_N, - NUMBER_OF_PUBLIC_INPUTS + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH } from "../keys/RecursiveHonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseHonkVerifier as BASE} from "../BaseHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract RecursiveHonkVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract RecursiveHonkVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/instance/RecursiveHonkZK.sol b/barretenberg/sol/src/honk/instance/RecursiveHonkZK.sol index 62ac69172ba4..72232e4e04d5 100644 --- a/barretenberg/sol/src/honk/instance/RecursiveHonkZK.sol +++ b/barretenberg/sol/src/honk/instance/RecursiveHonkZK.sol @@ -7,14 +7,15 @@ import { RecursiveHonkVerificationKey as VK, N, LOG_N, - NUMBER_OF_PUBLIC_INPUTS + NUMBER_OF_PUBLIC_INPUTS, + VK_HASH } from "../keys/RecursiveHonkVerificationKey.sol"; import {Honk} from "../HonkTypes.sol"; import {BaseZKHonkVerifier as BASE} from "../BaseZKHonkVerifier.sol"; /// Smart contract verifier of honk proofs -contract RecursiveHonkZKVerifier is BASE(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract RecursiveHonkZKVerifier is BASE(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return VK.loadVerificationKey(); } diff --git a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol index 1822bdd6c6d5..7d94cf0320c1 100644 --- a/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/Add2HonkVerificationKey.sol @@ -7,6 +7,7 @@ import {Honk} from "../HonkTypes.sol"; uint256 constant N = 4096; uint256 constant LOG_N = 12; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 19; +uint256 constant VK_HASH = 0x00591ad8d756290e4d7691a3fc5969f55c517d7bfac3de61c53df98cb7597bb9; library Add2HonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { @@ -14,7 +15,6 @@ library Add2HonkVerificationKey { circuitSize: uint256(4096), logCircuitSize: uint256(12), publicInputsSize: uint256(19), - vkHash: uint256(0x00591ad8d756290e4d7691a3fc5969f55c517d7bfac3de61c53df98cb7597bb9), ql: Honk.G1Point({ x: uint256(0x0480a80b708d88511983399d7d454290cd7fc44f01efd7cd0adabac1da5209b7), y: uint256(0x2ae668b0ee73a123a9d90f5783ad3d938b72e3c7ff79fcccab796e842df5300e) diff --git a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol index 46cff1945257..d0f0f11beb13 100644 --- a/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/BlakeHonkVerificationKey.sol @@ -7,6 +7,7 @@ import {Honk} from "../HonkTypes.sol"; uint256 constant N = 32768; uint256 constant LOG_N = 15; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 20; +uint256 constant VK_HASH = 0x09d9b101f113101f439ee2f61e38edd4f0b2bfc8e55e9f5a0df7fe2408c5d82e; library BlakeHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { @@ -14,7 +15,6 @@ library BlakeHonkVerificationKey { circuitSize: uint256(32768), logCircuitSize: uint256(15), publicInputsSize: uint256(20), - vkHash: uint256(0x09d9b101f113101f439ee2f61e38edd4f0b2bfc8e55e9f5a0df7fe2408c5d82e), ql: Honk.G1Point({ x: uint256(0x1dbc2d49981f1318140ca1106a52550e1c079613c92a2b23206d1504cfb2f86b), y: uint256(0x04d743fe1aa6c0e790573ff504c0b5068b8d630459835db49d24004e0f010ad3) diff --git a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol index a07ea0070619..4985b0f7a199 100644 --- a/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/EcdsaHonkVerificationKey.sol @@ -7,6 +7,7 @@ import {Honk} from "../HonkTypes.sol"; uint256 constant N = 65536; uint256 constant LOG_N = 16; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 22; +uint256 constant VK_HASH = 0x2fd5131e0fbfe3b7cb170c7f389581fb5cf275d176716711e3ed8accc5bfe7e2; library EcdsaHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { @@ -14,7 +15,6 @@ library EcdsaHonkVerificationKey { circuitSize: uint256(65536), logCircuitSize: uint256(16), publicInputsSize: uint256(22), - vkHash: uint256(0x2fd5131e0fbfe3b7cb170c7f389581fb5cf275d176716711e3ed8accc5bfe7e2), ql: Honk.G1Point({ x: uint256(0x222da11caac0ef8c8d024bcd3ce7ef9da65cba415dc078d6c1e99efb9d296476), y: uint256(0x06b0caa4e59eeea611e3d82aa4c1be032ea48d1ebe99a2120c6b1d34ad52cad2) diff --git a/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol b/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol index 3898073b962a..6d5103083743 100644 --- a/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol +++ b/barretenberg/sol/src/honk/keys/RecursiveHonkVerificationKey.sol @@ -7,6 +7,7 @@ import {Honk} from "../HonkTypes.sol"; uint256 constant N = 1048576; uint256 constant LOG_N = 20; uint256 constant NUMBER_OF_PUBLIC_INPUTS = 16; +uint256 constant VK_HASH = 0x0f71347a3acbefd3925c24fbe03c70d91a785109f77dc874c8cb7ab5c7da5ce0; library RecursiveHonkVerificationKey { function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) { @@ -14,7 +15,6 @@ library RecursiveHonkVerificationKey { circuitSize: uint256(1048576), logCircuitSize: uint256(20), publicInputsSize: uint256(16), - vkHash: uint256(0x0f71347a3acbefd3925c24fbe03c70d91a785109f77dc874c8cb7ab5c7da5ce0), ql: Honk.G1Point({ x: uint256(0x2d26dcedf30775b10b7b5d23a575efd46e95045fbcafedfb05e144c2aa7edf6d), y: uint256(0x189bf6c6697af3d3a2067f655f5216cd2e97938d4797a6bfba0691fc0277fada) From 98c1bb4cad9237ecc79fae9303f9bc828572d172 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Tue, 29 Jul 2025 11:01:28 +0000 Subject: [PATCH 09/11] chore: update copy_to_cpp script --- barretenberg/sol/scripts/copy_to_cpp.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/barretenberg/sol/scripts/copy_to_cpp.sh b/barretenberg/sol/scripts/copy_to_cpp.sh index 3caf5e380867..0e05c653b000 100755 --- a/barretenberg/sol/scripts/copy_to_cpp.sh +++ b/barretenberg/sol/scripts/copy_to_cpp.sh @@ -179,7 +179,7 @@ build_verifier() { # Add the final contract template if [ "$is_zk" = false ]; then cat >> "$output_file" << 'EOF' -contract HonkVerifier is BaseHonkVerifier(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract HonkVerifier is BaseHonkVerifier(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return HonkVerificationKey.loadVerificationKey(); } @@ -187,7 +187,7 @@ contract HonkVerifier is BaseHonkVerifier(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { EOF else cat >> "$output_file" << 'EOF' -contract HonkVerifier is BaseZKHonkVerifier(N, LOG_N, NUMBER_OF_PUBLIC_INPUTS) { +contract HonkVerifier is BaseZKHonkVerifier(N, LOG_N, VK_HASH, NUMBER_OF_PUBLIC_INPUTS) { function loadVerificationKey() internal pure override returns (Honk.VerificationKey memory) { return HonkVerificationKey.loadVerificationKey(); } From b54e211a6b848c110b2bece122bbf583c6f4655b Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Fri, 1 Aug 2025 13:31:07 +0000 Subject: [PATCH 10/11] review --- .../src/barretenberg/ultra_honk/ultra_transcript.test.cpp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp index 85d267778b48..44821d0660fe 100644 --- a/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp +++ b/barretenberg/cpp/src/barretenberg/ultra_honk/ultra_transcript.test.cpp @@ -63,12 +63,7 @@ template class UltraTranscriptTests : public ::testing::Test { size_t frs_per_evals = (Flavor::NUM_ALL_ENTITIES)*frs_per_Fr; size_t round = 0; - // TODO(https://github.com/AztecProtocol/barretenberg/issues/1427): Add VK FS to solidity verifier. - if constexpr (!IsAnyOf) { - manifest_expected.add_entry(round, "vk_hash", frs_per_Fr); - } else { - manifest_expected.add_entry(round, "vk_hash", frs_per_Fr); - } + manifest_expected.add_entry(round, "vk_hash", frs_per_Fr); manifest_expected.add_entry(round, "public_input_0", frs_per_Fr); for (size_t i = 0; i < PAIRING_POINTS_SIZE; i++) { From e783e35f3831550955a2e7235a7ad1b8079562b4 Mon Sep 17 00:00:00 2001 From: Maddiaa0 <47148561+Maddiaa0@users.noreply.github.com> Date: Fri, 1 Aug 2025 13:37:55 +0000 Subject: [PATCH 11/11] chore: document todo --- barretenberg/cpp/src/barretenberg/flavor/flavor.hpp | 1 + 1 file changed, 1 insertion(+) diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp index 7d2adc636582..7096559b7f65 100644 --- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp @@ -199,6 +199,7 @@ class NativeVerificationKey_ : public PrecomputedCommitments { */ fr hash() const { + // TODO(https://github.com/AztecProtocol/barretenberg/issues/1498): should hash be dependent on transcript? fr vk_hash = Transcript::hash(this->to_field_elements()); return vk_hash; }