15template <IsUltraOrMegaHonk Flavor>
17 const std::shared_ptr<HonkVK>& honk_vk,
19 : prover_instance(
std::move(prover_instance))
22 , commitment_key(commitment_key)
32template <IsUltraOrMegaHonk Flavor>
34 const std::shared_ptr<HonkVK>& honk_vk,
35 const std::shared_ptr<Transcript>& transcript)
36 : prover_instance(
std::move(prover_instance))
38 , transcript(transcript)
39 , commitment_key(prover_instance->commitment_key)
49template <IsUltraOrMegaHonk Flavor>
51 const std::shared_ptr<HonkVK>& honk_vk,
52 const std::shared_ptr<Transcript>& transcript)
55 , transcript(transcript)
56 , commitment_key(prover_instance->commitment_key)
59template <IsUltraOrMegaHonk Flavor>
64 , commitment_key(prover_instance->commitment_key)
84 auto proof = transcript->export_proof();
87 if (!prover_instance->ipa_proof.empty()) {
88 BB_ASSERT_EQ(prover_instance->ipa_proof.size(),
static_cast<size_t>(IPA_PROOF_LENGTH));
89 proof.insert(proof.end(), prover_instance->ipa_proof.begin(), prover_instance->ipa_proof.end());
98 const size_t virtual_log_n =
99 Flavor::USE_PADDING ? Flavor::VIRTUAL_LOG_N :
static_cast<size_t>(prover_instance->log_dyadic_size());
101 prover_instance->gate_challenges =
102 transcript->template get_dyadic_powers_of_challenge<FF>(
"Sumcheck:gate_challenge", virtual_log_n);
109 vinfo(
"created oink proof");
111 generate_gate_challenges();
114 execute_sumcheck_iop();
115 vinfo(
"finished relation check rounds");
118 vinfo(
"finished PCS rounds");
120 return export_proof();
130 const size_t virtual_log_n =
Flavor::USE_PADDING ? Flavor::VIRTUAL_LOG_N : prover_instance->log_dyadic_size();
133 size_t polynomial_size = prover_instance->dyadic_size();
134 Sumcheck sumcheck(polynomial_size,
135 prover_instance->polynomials,
137 prover_instance->alpha,
138 prover_instance->gate_challenges,
139 prover_instance->relation_parameters,
149 sumcheck_output = sumcheck.prove(zk_sumcheck_data);
151 sumcheck_output = sumcheck.prove();
167 auto&
ck = prover_instance->commitment_key;
168 if (!
ck.initialized()) {
172 PolynomialBatcher polynomial_batcher(prover_instance->dyadic_size());
173 polynomial_batcher.set_unshifted(prover_instance->polynomials.get_unshifted());
174 polynomial_batcher.set_to_be_shifted_by_one(prover_instance->polynomials.get_to_be_shifted());
179 prover_instance->dyadic_size(), polynomial_batcher, sumcheck_output.challenge,
ck, transcript);
183 zk_sumcheck_data, sumcheck_output.challenge, sumcheck_output.claimed_libra_evaluation, transcript,
ck);
184 small_subgroup_ipa_prover.
prove();
188 sumcheck_output.challenge,
193 vinfo(
"executed multivariate-to-univariate reduction");
194 PCS::compute_opening_proof(
ck, prover_opening_claim, transcript);
195 vinfo(
"computed opening proof");
201#ifdef STARKNET_GARAGA_FLAVORS
#define BB_ASSERT_EQ(actual, expected,...)
#define BB_BENCH_NAME(name)
static constexpr bool HasZK
static constexpr bool USE_PADDING
Class responsible for computation of the batched multilinear polynomials required by the Gemini proto...
Class for all the oink rounds, which are shared between the folding prover and ultra prover.
void prove()
Oink Prover function that runs all the rounds of the verifier.
Unverified claim (C,r,v) for some witness polynomial p(X) such that.
A ProverInstance is normally constructed from a finalized circuit and it contains all the information...
Polynomial p and an opening pair (r,v) such that p(r) = v.
static OpeningClaim prove(size_t circuit_size, PolynomialBatcher &polynomial_batcher, std::span< FF > multilinear_challenge, const CommitmentKey< Curve > &commitment_key, const std::shared_ptr< Transcript > &transcript, const std::array< Polynomial, NUM_SMALL_IPA_EVALUATIONS > &libra_polynomials={}, const std::vector< Polynomial > &sumcheck_round_univariates={}, const std::vector< std::array< FF, 3 > > &sumcheck_round_evaluations={})
A Curve-agnostic ZK protocol to prove inner products of small vectors.
std::array< bb::Polynomial< FF >, NUM_SMALL_IPA_EVALUATIONS > get_witness_polynomials() const
void prove()
Compute the derived witnesses and and commit to them.
The implementation of the sumcheck Prover for statements of the form for multilinear polynomials .
BB_PROFILE void generate_gate_challenges()
BB_PROFILE void execute_pcs()
Produce a univariate opening claim for the sumcheck multivariate evalutions and a batched univariate ...
typename Transcript::Proof Proof
BB_PROFILE void execute_sumcheck_iop()
Run Sumcheck to establish that ∑_i pow(\vec{β*})f_i(ω) = 0. This results in u = (u_1,...
typename Flavor::CommitmentKey CommitmentKey
typename Flavor::Transcript Transcript
UltraProver_(const std::shared_ptr< ProverInstance > &, const std::shared_ptr< HonkVK > &, const CommitmentKey &)
typename Flavor::CircuitBuilder Builder
Proof export_proof()
Export the complete proof, including IPA proof for rollup circuits.
static constexpr size_t SUBGROUP_SIZE
constexpr T get_msb(const T in)
Entry point for Barretenberg command-line interface.
CommitmentKey< Curve > ck
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
This structure is created to contain various polynomials and constants required by ZK Sumcheck.
1.9.8