feat: merge-train/barretenberg (#16631)

BEGIN_COMMIT_OVERRIDE
chore!: Merge two ecdsa verification functions (#16509)
fix(bb): grumpkin_srs_gen debug-build linking
chore: remove no-longer-used lookup grand prod delta (#16543)
feat!: share transcript between pg and decider (#16642)
END_COMMIT_OVERRIDE

Author: AztecBot

barretenberg/cpp/scripts/test_civc_standalone_vks_havent_changed.sh

@@ -11,7 +11,7 @@ cd ..
 # - Generate a hash for versioning: sha256sum bb-civc-inputs.tar.gz
 # - Upload the compressed results: aws s3 cp bb-civc-inputs.tar.gz s3://aztec-ci-artifacts/protocol/bb-civc-inputs-[hash(0:8)].tar.gz
 # Note: In case of the "Test suite failed to run ... Unexpected token 'with' " error, need to run: docker pull aztecprotocol/build:3.0
-pinned_short_hash="dba43b65"
+pinned_short_hash="f22d116f"
 pinned_civc_inputs_url="https://aztec-ci-artifacts.s3.us-east-2.amazonaws.com/protocol/bb-civc-inputs-${pinned_short_hash}.tar.gz"
 
 function compress_and_upload {

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp

@@ -205,7 +205,7 @@ ClientIVC::perform_recursive_verification_and_databus_consistency_checks(
                                                                             prev_accum_hash,
                                                                             verifier_inputs.is_kernel);
         // Perform recursive decider verification
-        DeciderRecursiveVerifier decider{ &circuit, final_verifier_accumulator };
+        DeciderRecursiveVerifier decider{ &circuit, final_verifier_accumulator, accumulation_recursive_transcript };
         decider_pairing_points = decider.verify_proof(decider_proof);
 
         BB_ASSERT_EQ(output_verifier_accumulator, nullptr);
@@ -496,7 +496,7 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr<MegaVer
         break;
     case QUEUE_TYPE::PG_FINAL:
         proof = construct_pg_proof(proving_key, honk_vk, prover_accumulation_transcript, is_kernel);
-        decider_proof = construct_decider_proof();
+        decider_proof = construct_decider_proof(prover_accumulation_transcript);
         break;
     case QUEUE_TYPE::MEGA:
         proof = construct_mega_proof_for_hiding_kernel(circuit);
@@ -614,11 +614,11 @@ bool ClientIVC::verify(const Proof& proof) const
  *
  * @return HonkProof
  */
-HonkProof ClientIVC::construct_decider_proof()
+HonkProof ClientIVC::construct_decider_proof(const std::shared_ptr<Transcript>& transcript)
 {
     vinfo("prove decider...");
     fold_output.accumulator->commitment_key = bn254_commitment_key;
-    MegaDeciderProver decider_prover(fold_output.accumulator);
+    MegaDeciderProver decider_prover(fold_output.accumulator, transcript);
     decider_prover.construct_proof();
     return decider_prover.export_proof();
 }

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp

@@ -279,7 +279,7 @@ class ClientIVC {
 
     bool prove_and_verify();
 
-    HonkProof construct_decider_proof();
+    HonkProof construct_decider_proof(const std::shared_ptr<Transcript>& transcript);
 
     VerificationKey get_vk() const;
 

barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256k1.cpp

@@ -51,7 +51,7 @@ void create_ecdsa_k1_verify_constraints(Builder& builder,
 
     auto new_sig = ecdsa_convert_signature(builder, input.signature);
 
-    byte_array_ct message = ecdsa_array_of_bytes_to_byte_array(builder, input.hashed_message);
+    byte_array_ct hashed_message = ecdsa_array_of_bytes_to_byte_array(builder, input.hashed_message);
     auto pub_key_x_byte_arr = ecdsa_array_of_bytes_to_byte_array(builder, input.pub_x_indices);
     auto pub_key_y_byte_arr = ecdsa_array_of_bytes_to_byte_array(builder, input.pub_y_indices);
 
@@ -74,16 +74,15 @@ void create_ecdsa_k1_verify_constraints(Builder& builder,
         pub_key_y_byte_arr[i].assert_equal(field_ct::from_witness_index(&builder, input.pub_y_indices[i]));
     }
     for (size_t i = 0; i < input.hashed_message.size(); ++i) {
-        message[i].assert_equal(field_ct::from_witness_index(&builder, input.hashed_message[i]));
+        hashed_message[i].assert_equal(field_ct::from_witness_index(&builder, input.hashed_message[i]));
     }
 
     bool_ct signature_result =
-        stdlib::ecdsa_verify_signature_prehashed_message_noassert<Builder,
-                                                                  secp256k1_ct,
-                                                                  typename secp256k1_ct::fq_ct,
-                                                                  typename secp256k1_ct::bigfr_ct,
-                                                                  typename secp256k1_ct::g1_bigfr_ct>(
-            message, public_key, sig);
+        stdlib::ecdsa_verify_signature<Builder,
+                                       secp256k1_ct,
+                                       typename secp256k1_ct::fq_ct,
+                                       typename secp256k1_ct::bigfr_ct,
+                                       typename secp256k1_ct::g1_bigfr_ct>(hashed_message, public_key, sig);
     bool_ct signature_result_normalized = signature_result.normalize();
     builder.assert_equal(signature_result_normalized.witness_index, input.result);
 }

barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_secp256r1.cpp

@@ -49,7 +49,7 @@ void create_ecdsa_r1_verify_constraints(Builder& builder,
 
     auto new_sig = ecdsa_convert_signature(builder, input.signature);
 
-    byte_array_ct message = ecdsa_array_of_bytes_to_byte_array(builder, input.hashed_message);
+    byte_array_ct hashed_message = ecdsa_array_of_bytes_to_byte_array(builder, input.hashed_message);
     auto pub_key_x_byte_arr = ecdsa_array_of_bytes_to_byte_array(builder, input.pub_x_indices);
     auto pub_key_y_byte_arr = ecdsa_array_of_bytes_to_byte_array(builder, input.pub_y_indices);
 
@@ -72,16 +72,15 @@ void create_ecdsa_r1_verify_constraints(Builder& builder,
         pub_key_y_byte_arr[i].assert_equal(field_ct::from_witness_index(&builder, input.pub_y_indices[i]));
     }
     for (size_t i = 0; i < input.hashed_message.size(); ++i) {
-        message[i].assert_equal(field_ct::from_witness_index(&builder, input.hashed_message[i]));
+        hashed_message[i].assert_equal(field_ct::from_witness_index(&builder, input.hashed_message[i]));
     }
 
     bool_ct signature_result =
-        stdlib::ecdsa_verify_signature_prehashed_message_noassert<Builder,
-                                                                  secp256r1_ct,
-                                                                  typename secp256r1_ct::fq_ct,
-                                                                  typename secp256r1_ct::bigfr_ct,
-                                                                  typename secp256r1_ct::g1_bigfr_ct>(
-            message, public_key, sig);
+        stdlib::ecdsa_verify_signature<Builder,
+                                       secp256r1_ct,
+                                       typename secp256r1_ct::fq_ct,
+                                       typename secp256r1_ct::bigfr_ct,
+                                       typename secp256r1_ct::g1_bigfr_ct>(hashed_message, public_key, sig);
     bool_ct signature_result_normalized = signature_result.normalize();
     builder.assert_equal(signature_result_normalized.witness_index, input.result);
 }

barretenberg/cpp/src/barretenberg/eccvm/eccvm_trace_checker.cpp

@@ -35,7 +35,6 @@ bool ECCVMTraceChecker::check(Builder& builder,
         .beta = beta,
         .gamma = gamma,
         .public_input_delta = 0,
-        .lookup_grand_product_delta = 0,
         .beta_sqr = beta_sqr,
         .beta_cube = beta_cube,
         .eccvm_set_permutation_delta = eccvm_set_permutation_delta,

barretenberg/cpp/src/barretenberg/flavor/grand_product_library.test.cpp

@@ -55,7 +55,6 @@ template <class FF> class GrandProductTests : public testing::Test {
             .beta = beta,
             .gamma = gamma,
             .public_input_delta = 1,
-            .lookup_grand_product_delta = 1,
         };
 
         compute_grand_product<Flavor, typename bb::UltraPermutationRelation<FF>>(prover_polynomials, params);

barretenberg/cpp/src/barretenberg/grumpkin_srs_gen/CMakeLists.txt

@@ -11,4 +11,16 @@ if (NOT(FUZZING))
         ecc
         crypto_sha256
     )
-endif()
+    if(CHECK_CIRCUIT_STACKTRACES OR ENABLE_STACKTRACES)
+        target_link_libraries(
+            grumpkin_srs_gen
+            PUBLIC
+            Backward::Interface
+        )
+        target_link_options(
+            grumpkin_srs_gen
+            PRIVATE
+            -ldw -lelf
+        )
+    endif()
+endif()

barretenberg/cpp/src/barretenberg/relations/relation_parameters.hpp

@@ -21,15 +21,14 @@ template <typename T> struct RelationParameters {
     static constexpr int NUM_BINARY_LIMBS_IN_GOBLIN_TRANSLATOR = 4;
     static constexpr int NUM_NATIVE_LIMBS_IN_GOBLIN_TRANSLATOR = 1;
     static constexpr int NUM_CHALLENGE_POWERS_IN_GOBLIN_TRANSLATOR = 4;
-    static constexpr int NUM_TO_FOLD = 7;
+    static constexpr int NUM_TO_FOLD = 6;
 
-    T eta{ 0 };                        // Lookup + Aux Memory
-    T eta_two{ 0 };                    // Lookup + Aux Memory
-    T eta_three{ 0 };                  // Lookup + Aux Memory
-    T beta{ 0 };                       // Permutation + Lookup
-    T gamma{ 0 };                      // Permutation + Lookup
-    T public_input_delta{ 0 };         // Permutation
-    T lookup_grand_product_delta{ 0 }; // Lookup
+    T eta{ 0 };                // Lookup + Aux Memory
+    T eta_two{ 0 };            // Lookup + Aux Memory
+    T eta_three{ 0 };          // Lookup + Aux Memory
+    T beta{ 0 };               // Permutation + Lookup
+    T gamma{ 0 };              // Permutation + Lookup
+    T public_input_delta{ 0 }; // Permutation
     T beta_sqr{ 0 };
     T beta_cube{ 0 };
     // eccvm_set_permutation_delta is used in the set membership gadget in eccvm/ecc_set_relation.hpp
@@ -48,12 +47,12 @@ template <typename T> struct RelationParameters {
 
     RefArray<T, NUM_TO_FOLD> get_to_fold()
     {
-        return RefArray{ eta, eta_two, eta_three, beta, gamma, public_input_delta, lookup_grand_product_delta };
+        return RefArray{ eta, eta_two, eta_three, beta, gamma, public_input_delta };
     }
 
     RefArray<const T, NUM_TO_FOLD> get_to_fold() const
     {
-        return RefArray{ eta, eta_two, eta_three, beta, gamma, public_input_delta, lookup_grand_product_delta };
+        return RefArray{ eta, eta_two, eta_three, beta, gamma, public_input_delta };
     }
 
     static RelationParameters get_random()
@@ -67,7 +66,6 @@ template <typename T> struct RelationParameters {
         result.beta_cube = result.beta_sqr * result.beta;
         result.gamma = T::random_element();
         result.public_input_delta = T::random_element();
-        result.lookup_grand_product_delta = T::random_element();
         result.eccvm_set_permutation_delta = result.gamma * (result.gamma + result.beta_sqr) *
                                              (result.gamma + result.beta_sqr + result.beta_sqr) *
                                              (result.gamma + result.beta_sqr + result.beta_sqr + result.beta_sqr);
@@ -92,6 +90,6 @@ template <typename T> struct RelationParameters {
         return result;
     }
 
-    MSGPACK_FIELDS(eta, eta_two, eta_three, beta, gamma, public_input_delta, lookup_grand_product_delta);
+    MSGPACK_FIELDS(eta, eta_two, eta_three, beta, gamma, public_input_delta);
 };
 } // namespace bb

barretenberg/cpp/src/barretenberg/solidity_helpers/circuits/ecdsa_circuit.hpp

@@ -75,20 +75,22 @@ class EcdsaCircuit {
         stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),
                                               typename curve::byte_array_ct(&builder, ss) };
 
+        stdlib::byte_array<Builder> hashed_message =
+            static_cast<stdlib::byte_array<Builder>>(stdlib::SHA256<Builder>::hash(input_buffer));
+
         // IN CIRCUIT: verify the signature
         typename curve::bool_ct signature_result = stdlib::ecdsa_verify_signature<Builder,
                                                                                   curve,
                                                                                   typename curve::fq_ct,
                                                                                   typename curve::bigfr_ct,
                                                                                   typename curve::g1_bigfr_ct>(
-            // input_buffer, public_key, sig);
-            input_buffer,
+            // hashed_message, public_key, sig);
+            hashed_message,
             public_key,
             sig);
 
-        // Assert the signature is true, we hash the message inside the verify sig stdlib call
-        bool_ct is_true = bool_ct(true);
-        signature_result.must_imply(is_true, "signature verification failed");
+        // Assert the signature is true
+        signature_result.assert_equal(bool_ct(true));
 
         return builder;
     }