Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecc_transcript_relation.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Raju], commit: 2a49eb6 }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "barretenberg/ecc/curves/bn254/g1.hpp"
10#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
11#include "barretenberg/relations/relation_types.hpp"
12
13namespace bb {
14
35template <typename FF_> class ECCVMTranscriptRelationImpl {
36 public:
37 using FF = FF_;
38
39 // Named subrelation indices — matches SUBRELATION_PARTIAL_LENGTHS ordering.
40 enum SubrelationIndex : size_t {
41 // z1/z2 zero checks: if z_zero flag is set, scalar must be 0
42 Z1_ZERO_CHECK = 0,
43 Z2_ZERO_CHECK = 1,
44 // Opcode encoding: op = q_reset + 2*q_eq + 4*q_mul + 8*q_add
45 OPCODE_WELL_FORMED = 2,
46 // Point counter update: pc decrements by number of muls
47 PC_UPDATE = 3,
48 // MSM count zero at transition: witnesses correct msm_count_zero_at_transition
49 MSM_COUNT_ZERO_AT_TRANSITION = 4,
50 // MSM transition: msm_transition = q_mul * (1 - q_mul_shift) * (1 - msm_count_zero_at_transition)
51 MSM_TRANSITION = 5,
52 // MSM count zero when not at a mul op
53 MSM_COUNT_ZERO_WHEN_NOT_MUL = 6,
54 // MSM count increments correctly across mul rows
55 MSM_COUNT_INCREMENT_ACROSS_ROWS = 7,
56 // Opcode exclusion: q_mul and q_add are mutually exclusive with other opcodes
57 OPCODE_EXCLUSION = 8,
58 // Equality check x-coordinate
59 EQ_X_DIFF = 9,
60 // Equality check y-coordinate
61 EQ_Y_DIFF = 10,
62 // Boundary: is_accumulator_empty = 1 at third row
63 BOUNDARY_ACCUMULATOR_EMPTY = 11,
64 // Boundary: msm_count = 0 at third row, pc = 0 at last row
65 BOUNDARY_MSM_COUNT_AND_PC = 12,
66 // On-curve check for input points
67 ON_CURVE_CHECK = 13,
68 // Lambda relation for add/msm group operations
69 LAMBDA_RELATION = 14,
70 // Accumulator x-coordinate update
71 ACCUMULATOR_X_UPDATE = 15,
72 // Accumulator y-coordinate update
73 ACCUMULATOR_Y_UPDATE = 16,
74 // Accumulator empty flag update
75 ACCUMULATOR_EMPTY_UPDATE = 17,
76 // x-equal flag validation
77 ADD_X_EQUAL_CHECK = 18,
78 // y-equal flag validation
79 ADD_Y_EQUAL_CHECK = 19,
80 // Hiding op row: q_eq must be 1
81 HIDING_ROW_EQ = 20,
82 // Hiding op row: q_reset must be 1
83 HIDING_ROW_RESET = 21,
84 // Infinity flag consistency: Px = 0 when base infinity
85 INFINITY_BASE_PX = 22,
86 // Infinity flag consistency: Py = 0 when base infinity
87 INFINITY_BASE_PY = 23,
88 // Infinity flag consistency: acc_x = 0 when accumulator empty
89 INFINITY_ACC_X = 24,
90 // Infinity flag consistency: acc_y = 0 when accumulator empty
91 INFINITY_ACC_Y = 25,
92 // Boundary: accumulator_not_empty must be 0 at lagrange_first row
93 ACCUMULATOR_NOT_EMPTY_INIT = 26,
94 // The following subrelations are gated entirely by `msm_transition` and are grouped contiguously at the end so
95 // the short-monomial flavor can split them into a separately-skippable relation (skip when msm_transition ==
96 // 0).
97 // MSM offset generator subtraction: x-coordinate
98 OFFSET_GENERATOR_X = 27,
99 // MSM offset generator subtraction: y-coordinate
100 OFFSET_GENERATOR_Y = 28,
101 // MSM infinity x-diff check
102 MSM_INFINITY_X_DIFF = 29,
103 // MSM infinity y-sum check
104 MSM_INFINITY_Y_SUM = 30,
105 // MSM infinity inverse check
106 MSM_INFINITY_INVERSE = 31,
107 NUM_SUBRELATIONS,
108 };
109
110 static constexpr std::array<size_t, 32> SUBRELATION_PARTIAL_LENGTHS{
111 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
112 };
113 static_assert(NUM_SUBRELATIONS == SUBRELATION_PARTIAL_LENGTHS.size());
114
115 template <typename ContainerOverSubrelations, typename AllEntities, typename Parameters>
116 static void accumulate(ContainerOverSubrelations& accumulator,
117 const AllEntities& in,
118 const Parameters& /* unused */,
119 const FF& scaling_factor);
120
121 static constexpr FF get_curve_b()
122 {
123 if constexpr (FF::modulus == bb::fq::modulus) {
124 return bb::g1::curve_b;
125 } else if constexpr (FF::modulus == grumpkin::fq::modulus) {
126 return grumpkin::g1::curve_b;
127 } else {
128 static_assert(!std::is_same_v<FF, FF>, "Unsupported field type for ECC transcript relation");
129 }
130 }
131};
132
133template <typename FF> using ECCVMTranscriptRelation = Relation<ECCVMTranscriptRelationImpl<FF>>;
134
135} // namespace bb
bb::ECCVMTranscriptRelationImpl
ECCVMTranscriptRelationImpl evaluates the correctness of the ECCVM transcript columns.
Definition ecc_transcript_relation.hpp:35
bb::ECCVMTranscriptRelationImpl::accumulate
static void accumulate(ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters &, const FF &scaling_factor)
ECCVMTranscriptRelationImpl evaluates the correctness of the ECCVM transcript columns.
Definition ecc_transcript_relation_impl.hpp:40
bb::ECCVMTranscriptRelationImpl::SUBRELATION_PARTIAL_LENGTHS
static constexpr std::array< size_t, 32 > SUBRELATION_PARTIAL_LENGTHS
Definition ecc_transcript_relation.hpp:110
bb::Relation
A wrapper for Relations to expose methods used by the Sumcheck prover or verifier to add the contribu...
Definition relation_types.hpp:96
bb::group::curve_b
static constexpr Fq curve_b
Definition group.hpp:53
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
relation_types.hpp
bb::field< bb::Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:234