- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
#include <cstddef>#include <cstdint>#include <gtest/gtest.h>#include <vector>#include "barretenberg/commitment_schemes/ipa/ipa.hpp"#include "barretenberg/commitment_schemes/verification_key.hpp"#include "barretenberg/eccvm/eccvm_circuit_builder.hpp"#include "barretenberg/eccvm/eccvm_prover.hpp"#include "barretenberg/eccvm/eccvm_test_utils.hpp"#include "barretenberg/eccvm/eccvm_verifier.hpp"#include "barretenberg/flavor/test_utils/proof_structures.hpp"#include "barretenberg/honk/library/grand_product_delta.hpp"#include "barretenberg/numeric/uint256/uint256.hpp"#include "barretenberg/relations/ecc_vm/ecc_bools_relation_impl.hpp"#include "barretenberg/relations/ecc_vm/ecc_lookup_relation_impl.hpp"#include "barretenberg/relations/ecc_vm/ecc_msm_relation_impl.hpp"#include "barretenberg/relations/ecc_vm/ecc_point_table_relation_impl.hpp"#include "barretenberg/relations/ecc_vm/ecc_set_relation_impl.hpp"#include "barretenberg/relations/ecc_vm/ecc_transcript_relation_impl.hpp"#include "barretenberg/relations/ecc_vm/ecc_wnaf_relation_impl.hpp"#include "barretenberg/relations/permutation_relation.hpp"#include "barretenberg/relations/relation_parameters.hpp"#include "barretenberg/srs/global_crs.hpp"#include "barretenberg/sumcheck/sumcheck.hpp"#include "barretenberg/sumcheck/sumcheck_round.hpp"Go to the source code of this file.
Classes | |
| class | ECCVMTests |
Typedefs | |
| using | FF = ECCVMFlavor::FF |
| using | PK = ECCVMFlavor::ProvingKey |
| using | Transcript = ECCVMFlavor::Transcript |
| using | ECCVMVerifier = ECCVMVerifier_< ECCVMFlavor > |
| using | PCS = IPA< ECCVMFlavor::Curve, CONST_ECCVM_LOG_N > |
Functions | |
| ECCVMFlavor::VerificationKey | create_vk_from_proving_key (const std::shared_ptr< PK > &proving_key) |
| ECCVMFlavor::BF | compute_eccvm_vk_hash () |
| ECCVMCircuitBuilder | generate_circuit (numeric::RNG *engine=nullptr) |
| Adds operations in BN254 to the op_queue and then constructs and ECCVM circuit from the op_queue. | |
| ECCVMCircuitBuilder | generate_zero_circuit (numeric::RNG *engine=nullptr, bool zero_scalars=1) |
| void | complete_proving_key_for_test (bb::RelationParameters< FF > &relation_parameters, std::shared_ptr< PK > &pk, std::vector< FF > &gate_challenges) |
| TEST_F (ECCVMTests, ZeroesCoefficients) | |
| TEST_F (ECCVMTests, MissingHidingOpThrows) | |
| TEST_F (ECCVMTests, NullOpQUeue) | |
| TEST_F (ECCVMTests, PointAtInfinity) | |
| TEST_F (ECCVMTests, ShortMonomialProverVerifies) | |
| TEST_F (ECCVMTests, ShortMonomialRelationsMatchFullEdgeRelations) | |
| TEST_F (ECCVMTests, ScalarEdgeCase) | |
| TEST_F (ECCVMTests, ProofLengthCheck) | |
| Check that size of a ECCVM proof matches the corresponding constant. | |
| TEST_F (ECCVMTests, BaseCaseFixedSize) | |
| TEST_F (ECCVMTests, EqFailsFixedSize) | |
| TEST_F (ECCVMTests, CommittedSumcheck) | |
| TEST_F (ECCVMTests, BaseInfinityForgedCoordinatesRejected) | |
| Regression test: transcript_base_infinity soundness vulnerability. | |
| TEST_F (ECCVMTests, FixedVK) | |
| Test that the fixed VK from the default constructor agrees with the one computed for an arbitrary circuit. | |
| TEST_F (ECCVMTests, WitnessPolynomialsMasked) | |
| Verify that every ECCVM witness polynomial has masking values in the reserved head region. | |
| TEST_F (ECCVMTests, RepeatedCommitmentsIndicesCorrect) | |
| Verify that REPEATED_COMMITMENTS indices correctly pair to-be-shifted and shifted commitments. | |
| using ECCVMVerifier = ECCVMVerifier_<ECCVMFlavor> |
Definition at line 32 of file eccvm.test.cpp.
| using FF = ECCVMFlavor::FF |
Definition at line 29 of file eccvm.test.cpp.
| using PCS = IPA<ECCVMFlavor::Curve, CONST_ECCVM_LOG_N> |
Definition at line 33 of file eccvm.test.cpp.
| using PK = ECCVMFlavor::ProvingKey |
Definition at line 30 of file eccvm.test.cpp.
| using Transcript = ECCVMFlavor::Transcript |
Definition at line 31 of file eccvm.test.cpp.
| void complete_proving_key_for_test | ( | bb::RelationParameters< FF > & | relation_parameters, |
| std::shared_ptr< PK > & | pk, | ||
| std::vector< FF > & | gate_challenges | ||
| ) |
Definition at line 136 of file eccvm.test.cpp.
| ECCVMFlavor::BF compute_eccvm_vk_hash | ( | ) |
Definition at line 48 of file eccvm.test.cpp.
| ECCVMFlavor::VerificationKey create_vk_from_proving_key | ( | const std::shared_ptr< PK > & | proving_key | ) |
Definition at line 37 of file eccvm.test.cpp.
| ECCVMCircuitBuilder generate_circuit | ( | numeric::RNG * | engine = nullptr | ) |
Adds operations in BN254 to the op_queue and then constructs and ECCVM circuit from the op_queue.
| engine |
Definition at line 75 of file eccvm.test.cpp.
| ECCVMCircuitBuilder generate_zero_circuit | ( | numeric::RNG * | engine = nullptr, |
| bool | zero_scalars = 1 |
||
| ) |
Definition at line 110 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| BaseCaseFixedSize | |||
| ) |
Definition at line 437 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| BaseInfinityForgedCoordinatesRejected | |||
| ) |
Regression test: transcript_base_infinity soundness vulnerability.
Constructs 2 MULs: mul(a, x) and mul(infinity, y). The honest computation yields a*x (since infinity*y contributes nothing). After building the prover, we replace transcript_Px/Py at the infinity-mul row with a valid on-curve point b. This makes the committed transcript look like: mul(a, x), mul(b, y), eq(a*x) where the honest result should be a*x + b*y, not a*x.
We then generate a full ECCVM proof and verify it (IPA included). Before the fix (constraining Px/Py = 0 when base_infinity = 1), this proof would VERIFY, demonstrating a soundness break. After the fix, the proof must FAIL verification.
Definition at line 562 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| CommittedSumcheck | |||
| ) |
Definition at line 487 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| EqFailsFixedSize | |||
| ) |
Definition at line 461 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| FixedVK | |||
| ) |
Test that the fixed VK from the default constructor agrees with the one computed for an arbitrary circuit.
Definition at line 643 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| MissingHidingOpThrows | |||
| ) |
Definition at line 192 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| NullOpQUeue | |||
| ) |
Definition at line 201 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| PointAtInfinity | |||
| ) |
Definition at line 226 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| ProofLengthCheck | |||
| ) |
Check that size of a ECCVM proof matches the corresponding constant.
If this test FAILS, then the following (non-exhaustive) list should probably be updated as well:
Definition at line 427 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| RepeatedCommitmentsIndicesCorrect | |||
| ) |
Verify that REPEATED_COMMITMENTS indices correctly pair to-be-shifted and shifted commitments.
Mirrors the Shplemini commitment vector construction: [Q, unshifted_comms..., to_be_shifted_comms...], then applies offset = HasZK ? 2 : 1, and checks commitments[original_start + offset + i] == commitments[duplicate_start + offset + i]. This is a one-time substitute for the runtime BB_ASSERTs in remove_repeated_commitments.
Definition at line 714 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| ScalarEdgeCase | |||
| ) |
Definition at line 388 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| ShortMonomialProverVerifies | |||
| ) |
Definition at line 248 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| ShortMonomialRelationsMatchFullEdgeRelations | |||
| ) |
Definition at line 354 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| WitnessPolynomialsMasked | |||
| ) |
Verify that every ECCVM witness polynomial has masking values in the reserved head region.
All witness polynomials (wires, z_perm, lookup_inverses) should have non-zero random values at rows 1..NUM_MASKED_ROWS (the masking region). Precomputed polynomials should NOT be masked.
Definition at line 685 of file eccvm.test.cpp.
| TEST_F | ( | ECCVMTests | , |
| ZeroesCoefficients | |||
| ) |
Definition at line 168 of file eccvm.test.cpp.
1.9.8