32-Byte Keccak256 challenges for UltraPlonK (#350)

* Add WithKeccak variants. * Update SYSTEM_COMPOSER dependents.
AztecProtocol · Apr 13, 2023 · d104756 · d104756
1 parent ebed17f
commit d104756
Show file tree

Hide file tree

Showing 26 changed files with 254 additions and 271 deletions.
diff --git a/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp b/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp
@@ -105,10 +105,10 @@ TEST(acir_format, test_logic_gate_from_noir_circuit)
 
     std::cout << "made composer" << std::endl;
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
     auto proof = prover.construct_proof();
 
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
 
     EXPECT_EQ(verifier.verify_proof(proof), true);
 }
@@ -174,10 +174,10 @@ TEST(acir_format, test_schnorr_verify_pass)
           67, 16,  37,  128, 85,  76,  19,  253, 30,  77,  192,   53,    138, 205, 69, 33,  236, 163, 83,  194,
           84, 137, 184, 221, 176, 121, 179, 27,  63,  70,  54,    16,    176, 250, 39, 239, 1,   0,   0,   0 });
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
     auto proof = prover.construct_proof();
 
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
 
     EXPECT_EQ(verifier.verify_proof(proof), true);
 }
@@ -243,10 +243,10 @@ TEST(acir_format, test_schnorr_verify_small_range)
           67, 16,  37,  128, 85,  76,  19,  253, 30,  77,  192,   53,    138, 205, 69, 33,  236, 163, 83,  194,
           84, 137, 184, 221, 176, 121, 179, 27,  63,  70,  54,    16,    176, 250, 39, 239, 1,   0,   0,   0 });
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
     auto proof = prover.construct_proof();
 
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
 
     EXPECT_EQ(verifier.verify_proof(proof), true);
 }
diff --git a/cpp/src/barretenberg/dsl/acir_proofs/acir_proofs.cpp b/cpp/src/barretenberg/dsl/acir_proofs/acir_proofs.cpp
@@ -117,7 +117,7 @@ size_t new_proof(void* pippenger,
 
     create_circuit_with_witness(composer, constraint_system, witness);
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
 
     auto heapProver = new stdlib::types::Prover(std::move(prover));
     auto& proof_data = heapProver->construct_proof().proof_data;
@@ -144,7 +144,7 @@ bool verify_proof(
         create_circuit(composer, constraint_system);
         plonk::proof pp = { std::vector<uint8_t>(proof, proof + length) };
 
-        auto verifier = composer.create_verifier();
+        auto verifier = composer.create_ultra_with_keccak_verifier();
 
         verified = verifier.verify_proof(pp);
 #ifndef __wasm__

diff --git a/cpp/src/barretenberg/join_split_example/proofs/compute_circuit_data.hpp b/cpp/src/barretenberg/join_split_example/proofs/compute_circuit_data.hpp
@@ -229,20 +229,20 @@ circuit_data get_circuit_data(std::string const& name,
 
             Timer timer;
             if (!mock) {
-                auto prover = composer.create_prover();
+                auto prover = composer.create_ultra_with_keccak_prover();
                 auto proof = prover.construct_proof();
                 data.padding_proof = proof.proof_data;
                 data.num_gates = composer.get_num_gates();
                 info(name, ": Circuit size: ", data.num_gates);
-                auto verifier = composer.create_verifier();
+                auto verifier = composer.create_ultra_with_keccak_verifier();
                 info(name, ": Padding verified: ", verifier.verify_proof(proof));
             } else {
-                auto prover = mock_proof_composer.create_prover();
+                auto prover = mock_proof_composer.create_ultra_with_keccak_prover();
                 auto proof = prover.construct_proof();
                 data.padding_proof = proof.proof_data;
                 data.num_gates = mock_proof_composer.get_num_gates();
                 info(name, ": Mock circuit size: ", data.num_gates);
-                auto verifier = mock_proof_composer.create_verifier();
+                auto verifier = mock_proof_composer.create_ultra_with_keccak_verifier();
                 info(name, ": Padding verified: ", verifier.verify_proof(proof));
             }
             info(name, ": Padding proof computed in ", timer.toString(), "s");

diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/create_proof.hpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/create_proof.hpp
@@ -20,7 +20,7 @@ inline std::vector<uint8_t> create_proof(join_split_tx const& tx,
         info("Join-split circuit logic failed: ", composer.err());
     }
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
     auto proof = prover.construct_proof();
 
     return proof.proof_data;

diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.cpp
@@ -79,12 +79,12 @@ stdlib::types::Prover new_join_split_prover(join_split_tx const& tx, bool mock)
 
     if (!mock) {
         info("composer gates: ", composer.get_num_gates());
-        return composer.create_prover();
+        return composer.create_ultra_with_keccak_prover();
     } else {
         Composer mock_proof_composer(proving_key, nullptr);
         join_split_example::proofs::mock::mock_circuit(mock_proof_composer, composer.get_public_inputs());
         info("mock composer gates: ", mock_proof_composer.get_num_gates());
-        return mock_proof_composer.create_prover();
+        return mock_proof_composer.create_ultra_with_keccak_prover();
     }
 }
 

diff --git a/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp b/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp
@@ -98,14 +98,14 @@ TYPED_TEST(join_split, deposit)
 
     BenchmarkInfoCollator benchmark_collator;
     Timer timer;
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
     auto build_time = timer.toString();
     benchmark_collator.benchmark_info_deferred(
         GET_COMPOSER_NAME_STRING(Composer::type), "Core", "join split", "Build time", build_time);
 
     auto proof = prover.construct_proof();
 
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
     bool verified = verifier.verify_proof(proof);
 
     ASSERT_TRUE(verified);

diff --git a/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.test.cpp b/cpp/src/barretenberg/join_split_example/proofs/mock/mock_circuit.test.cpp
@@ -20,14 +20,14 @@ TEST(mock_circuit_tests, test_simple_circuit)
     Composer composer = Composer("../srs_db/ignition");
     mock_circuit(composer, public_inputs);
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
     plonk::proof proof = prover.construct_proof();
 
     std::cout << "gates: " << composer.get_num_gates() << std::endl;
     std::cout << "proof size: " << proof.proof_data.size() << std::endl;
     std::cout << "public inputs size: " << composer.public_inputs.size() << std::endl;
 
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
     bool result = verifier.verify_proof(proof);
 
     EXPECT_TRUE(result);

diff --git a/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp b/cpp/src/barretenberg/join_split_example/proofs/notes/circuit/value/value_note.test.cpp
@@ -30,11 +30,11 @@ TEST(value_note, commits)
     auto result = circuit_note.commitment;
     result.assert_equal(expected);
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
 
     EXPECT_FALSE(composer.failed());
     printf("composer gates = %zu\n", composer.get_num_gates());
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
 
     plonk::proof proof = prover.construct_proof();
 
@@ -64,11 +64,11 @@ TEST(value_note, commits_with_0_value)
     auto result = circuit_note.commitment;
     result.assert_equal(expected);
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
 
     EXPECT_FALSE(composer.failed());
     printf("composer gates = %zu\n", composer.get_num_gates());
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
 
     plonk::proof proof = prover.construct_proof();
 
@@ -96,11 +96,11 @@ TEST(value_note, commit_with_oversized_asset_id_fails)
     auto result = circuit_note.commitment;
     result.assert_equal(expected);
 
-    auto prover = composer.create_prover();
+    auto prover = composer.create_ultra_with_keccak_prover();
 
     EXPECT_TRUE(composer.failed());
     printf("composer gates = %zu\n", composer.get_num_gates());
-    auto verifier = composer.create_verifier();
+    auto verifier = composer.create_ultra_with_keccak_verifier();
 
     plonk::proof proof = prover.construct_proof();
 

diff --git a/cpp/src/barretenberg/join_split_example/proofs/verify.hpp b/cpp/src/barretenberg/join_split_example/proofs/verify.hpp
@@ -90,12 +90,12 @@ auto verify_internal(Composer& composer, Tx& tx, CircuitData const& cd, char con
                 auto proof = prover.construct_proof();
                 result.proof_data = proof.proof_data;
             } else {
-                auto prover = composer.create_prover();
+                auto prover = composer.create_ultra_with_keccak_prover();
                 auto proof = prover.construct_proof();
                 result.proof_data = proof.proof_data;
             }
         } else {
-            auto prover = composer.create_prover();
+            auto prover = composer.create_ultra_with_keccak_prover();
             auto proof = prover.construct_proof();
             result.proof_data = proof.proof_data;
         }
@@ -108,12 +108,12 @@ auto verify_internal(Composer& composer, Tx& tx, CircuitData const& cd, char con
                 auto proof = prover.construct_proof();
                 result.proof_data = proof.proof_data;
             } else {
-                auto prover = mock_proof_composer.create_prover();
+                auto prover = mock_proof_composer.create_ultra_with_keccak_prover();
                 auto proof = prover.construct_proof();
                 result.proof_data = proof.proof_data;
             }
         } else {
-            auto prover = mock_proof_composer.create_prover();
+            auto prover = mock_proof_composer.create_ultra_with_keccak_prover();
             auto proof = prover.construct_proof();
             result.proof_data = proof.proof_data;
         }
@@ -126,11 +126,11 @@ auto verify_internal(Composer& composer, Tx& tx, CircuitData const& cd, char con
             auto verifier = composer.create_ultra_to_standard_verifier();
             result.verified = verifier.verify_proof({ result.proof_data });
         } else {
-            auto verifier = composer.create_verifier();
+            auto verifier = composer.create_ultra_with_keccak_verifier();
             result.verified = verifier.verify_proof({ result.proof_data });
         }
     } else {
-        auto verifier = composer.create_verifier();
+        auto verifier = composer.create_ultra_with_keccak_verifier();
         result.verified = verifier.verify_proof({ result.proof_data });
     }
 

diff --git a/cpp/src/barretenberg/plonk/composer/ultra_composer.cpp b/cpp/src/barretenberg/plonk/composer/ultra_composer.cpp
@@ -890,6 +890,50 @@ UltraToStandardProver UltraComposer::create_ultra_to_standard_prover()
     return output_state;
 }
 
+/**
+ * @brief Uses slightly different settings from the UltraProver.
+ */
+UltraWithKeccakProver UltraComposer::create_ultra_with_keccak_prover()
+{
+    compute_proving_key();
+    compute_witness();
+
+    UltraWithKeccakProver output_state(circuit_proving_key, create_manifest(public_inputs.size()));
+
+    std::unique_ptr<ProverPermutationWidget<4, true>> permutation_widget =
+        std::make_unique<ProverPermutationWidget<4, true>>(circuit_proving_key.get());
+
+    std::unique_ptr<ProverPlookupWidget<>> plookup_widget =
+        std::make_unique<ProverPlookupWidget<>>(circuit_proving_key.get());
+
+    std::unique_ptr<ProverPlookupArithmeticWidget<ultra_with_keccak_settings>> arithmetic_widget =
+        std::make_unique<ProverPlookupArithmeticWidget<ultra_with_keccak_settings>>(circuit_proving_key.get());
+
+    std::unique_ptr<ProverGenPermSortWidget<ultra_with_keccak_settings>> sort_widget =
+        std::make_unique<ProverGenPermSortWidget<ultra_with_keccak_settings>>(circuit_proving_key.get());
+
+    std::unique_ptr<ProverEllipticWidget<ultra_with_keccak_settings>> elliptic_widget =
+        std::make_unique<ProverEllipticWidget<ultra_with_keccak_settings>>(circuit_proving_key.get());
+
+    std::unique_ptr<ProverPlookupAuxiliaryWidget<ultra_with_keccak_settings>> auxiliary_widget =
+        std::make_unique<ProverPlookupAuxiliaryWidget<ultra_with_keccak_settings>>(circuit_proving_key.get());
+
+    output_state.random_widgets.emplace_back(std::move(permutation_widget));
+    output_state.random_widgets.emplace_back(std::move(plookup_widget));
+
+    output_state.transition_widgets.emplace_back(std::move(arithmetic_widget));
+    output_state.transition_widgets.emplace_back(std::move(sort_widget));
+    output_state.transition_widgets.emplace_back(std::move(elliptic_widget));
+    output_state.transition_widgets.emplace_back(std::move(auxiliary_widget));
+
+    std::unique_ptr<KateCommitmentScheme<ultra_with_keccak_settings>> kate_commitment_scheme =
+        std::make_unique<KateCommitmentScheme<ultra_with_keccak_settings>>();
+
+    output_state.commitment_scheme = std::move(kate_commitment_scheme);
+
+    return output_state;
+}
+
 UltraVerifier UltraComposer::create_verifier()
 {
     compute_verification_key();
@@ -918,6 +962,20 @@ UltraToStandardVerifier UltraComposer::create_ultra_to_standard_verifier()
     return output_state;
 }
 
+UltraWithKeccakVerifier UltraComposer::create_ultra_with_keccak_verifier()
+{
+    compute_verification_key();
+
+    UltraWithKeccakVerifier output_state(circuit_verification_key, create_manifest(public_inputs.size()));
+
+    std::unique_ptr<KateCommitmentScheme<ultra_with_keccak_settings>> kate_commitment_scheme =
+        std::make_unique<KateCommitmentScheme<ultra_with_keccak_settings>>();
+
+    output_state.commitment_scheme = std::move(kate_commitment_scheme);
+
+    return output_state;
+}
+
 void UltraComposer::initialize_precomputed_table(
     const plookup::BasicTableId id,
     bool (*generator)(std::vector<fr>&, std ::vector<fr>&, std::vector<fr>&),

diff --git a/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp b/cpp/src/barretenberg/plonk/composer/ultra_composer.hpp
@@ -160,6 +160,9 @@ class UltraComposer : public ComposerBase {
     UltraToStandardProver create_ultra_to_standard_prover();
     UltraToStandardVerifier create_ultra_to_standard_verifier();
 
+    UltraWithKeccakProver create_ultra_with_keccak_prover();
+    UltraWithKeccakVerifier create_ultra_with_keccak_verifier();
+
     void create_add_gate(const add_triple& in) override;
 
     void create_big_add_gate(const add_quad& in, const bool use_next_gate_w_4 = false);