Merge branch 'merge-train/barretenberg' into ad/bbapi/vk-simplified-buffer

Author: ludamad

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp

@@ -224,13 +224,14 @@ class ClientIVC {
         }
     };
 
+    // Specifies proof type or equivalently the type of recursive verification to be performed on a given proof
     enum class QUEUE_TYPE {
         OINK,
         PG,
         PG_FINAL, // the final PG verification, used in hiding kernel
         PG_TAIL,  // used in tail to indicate special handling of merge for ZK
         MEGA
-    }; // for specifying type of proof in the verification queue
+    };
 
     // An entry in the native verification queue
     struct VerifierInputs {
@@ -268,7 +269,6 @@ class ClientIVC {
 
     ProverFoldOutput fold_output; // prover accumulator and fold proof
     HonkProof decider_proof;      // decider proof to be verified in the hiding circuit
-    HonkProof mega_proof;         // proof of the hiding circuit
 
     std::shared_ptr<DeciderVerificationKey>
         recursive_verifier_native_accum; // native verifier accumulator used in recursive folding
@@ -303,7 +303,7 @@ class ClientIVC {
         perform_recursive_verification_and_databus_consistency_checks(
             ClientCircuit& circuit,
             const StdlibVerifierInputs& verifier_inputs,
-            const std::shared_ptr<RecursiveDeciderVerificationKey>& input_stdlib_verifier_accumulator,
+            const std::shared_ptr<RecursiveDeciderVerificationKey>& input_verifier_accumulator,
             const TableCommitments& T_prev_commitments,
             const std::shared_ptr<RecursiveTranscript>& accumulation_recursive_transcript);
 
@@ -322,30 +322,54 @@ class ClientIVC {
 
     Proof prove();
 
-    std::shared_ptr<ClientIVC::DeciderZKProvingKey> construct_hiding_circuit_key(ClientCircuit& circuit);
-    std::shared_ptr<ClientIVC::DeciderZKProvingKey> compute_hiding_circuit_proving_key(ClientCircuit& circuit);
     static void hide_op_queue_accumulation_result(ClientCircuit& circuit);
-    HonkProof prove_hiding_circuit(ClientCircuit& circuit);
+    HonkProof construct_mega_proof_for_hiding_kernel(ClientCircuit& circuit);
 
     static bool verify(const Proof& proof, const VerificationKey& vk);
 
     bool verify(const Proof& proof) const;
 
     bool prove_and_verify();
 
-    HonkProof decider_prove();
+    HonkProof construct_decider_proof();
 
     VerificationKey get_vk() const;
 
   private:
     /**
-     * @brief Update the native verifier accumulator based on the provided queue entry and transcript.
+     * @brief Runs either Oink or PG native verifier to update the native verifier accumulator
      *
      * @param queue_entry The verifier inputs from the queue.
      * @param verifier_transcript Verifier transcript corresponding to the prover transcript.
      */
     void update_native_verifier_accumulator(const VerifierInputs& queue_entry,
                                             const std::shared_ptr<Transcript>& verifier_transcript);
+
+    HonkProof construct_oink_proof(const std::shared_ptr<DeciderProvingKey>& proving_key,
+                                   const std::shared_ptr<MegaVerificationKey>& honk_vk,
+                                   const std::shared_ptr<Transcript>& transcript);
+
+    HonkProof construct_pg_proof(const std::shared_ptr<DeciderProvingKey>& proving_key,
+                                 const std::shared_ptr<MegaVerificationKey>& honk_vk,
+                                 const std::shared_ptr<Transcript>& transcript,
+                                 bool is_kernel);
+
+    QUEUE_TYPE get_queue_type() const;
+
+    static std::shared_ptr<RecursiveDeciderVerificationKey> perform_oink_recursive_verification(
+        ClientCircuit& circuit,
+        const std::shared_ptr<RecursiveDeciderVerificationKey>& verifier_instance,
+        const std::shared_ptr<RecursiveTranscript>& transcript,
+        const StdlibProof& proof);
+
+    static std::shared_ptr<RecursiveDeciderVerificationKey> perform_pg_recursive_verification(
+        ClientCircuit& circuit,
+        const std::shared_ptr<RecursiveDeciderVerificationKey>& verifier_accumulator,
+        const std::shared_ptr<RecursiveDeciderVerificationKey>& verifier_instance,
+        const std::shared_ptr<RecursiveTranscript>& transcript,
+        const StdlibProof& proof,
+        std::optional<StdlibFF>& prev_accum_hash,
+        bool is_kernel);
 };
 
 // Serialization methods for ClientIVC::VerificationKey

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp

@@ -494,10 +494,10 @@ library TranscriptLib {
         pure
         returns (Fr[CONST_PROOF_SIZE_LOG_N] memory gateChallenges, Fr nextPreviousChallenge)
     {
-        for (uint256 i = 0; i < logN; i++) {
-            previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
-            Fr unused;
-            (gateChallenges[i], unused) = splitChallenge(previousChallenge);
+        previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
+        (gateChallenges[0],) = splitChallenge(previousChallenge);
+        for (uint256 i = 1; i < logN; i++) {
+            gateChallenges[i] = gateChallenges[i - 1] * gateChallenges[i - 1];
         }
         nextPreviousChallenge = previousChallenge;
     }

barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_contract.hpp

@@ -494,10 +494,10 @@ library ZKTranscriptLib {
         pure
         returns (Fr[CONST_PROOF_SIZE_LOG_N] memory gateChallenges, Fr nextPreviousChallenge)
     {
-        for (uint256 i = 0; i < logN; i++) {
-            previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
-
-            (gateChallenges[i],) = splitChallenge(previousChallenge);
+        previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
+        (gateChallenges[0],) = splitChallenge(previousChallenge);
+        for (uint256 i = 1; i < logN; i++) {
+            gateChallenges[i] = gateChallenges[i - 1] * gateChallenges[i - 1];
         }
         nextPreviousChallenge = previousChallenge;
     }

barretenberg/cpp/src/barretenberg/dsl/acir_proofs/honk_zk_contract.hpp

@@ -163,10 +163,10 @@ library TranscriptLib {
         pure
         returns (Fr[CONST_PROOF_SIZE_LOG_N] memory gateChallenges, Fr nextPreviousChallenge)
     {
-        for (uint256 i = 0; i < logN; i++) {
-            previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
-            Fr unused;
-            (gateChallenges[i], unused) = splitChallenge(previousChallenge);
+        previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
+        (gateChallenges[0],) = splitChallenge(previousChallenge);
+        for (uint256 i = 1; i < logN; i++) {
+            gateChallenges[i] = gateChallenges[i - 1] * gateChallenges[i - 1];
         }
         nextPreviousChallenge = previousChallenge;
     }

barretenberg/sol/src/honk/Transcript.sol

@@ -163,10 +163,10 @@ library ZKTranscriptLib {
         pure
         returns (Fr[CONST_PROOF_SIZE_LOG_N] memory gateChallenges, Fr nextPreviousChallenge)
     {
-        for (uint256 i = 0; i < logN; i++) {
-            previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
-
-            (gateChallenges[i],) = splitChallenge(previousChallenge);
+        previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
+        (gateChallenges[0],) = splitChallenge(previousChallenge);
+        for (uint256 i = 1; i < logN; i++) {
+            gateChallenges[i] = gateChallenges[i - 1] * gateChallenges[i - 1];
         }
         nextPreviousChallenge = previousChallenge;
     }

barretenberg/sol/src/honk/ZKTranscript.sol

@@ -237,7 +237,10 @@ contract RollupCore is EIP712("Aztec Rollup", "1"), Ownable, IStakingCore, IVali
 
     // We call one external library or another based on the slasher flavor
     // This allows us to keep the slash flavors in separate external libraries so we do not exceed max contract size
-    if (_config.slasherFlavor == SlasherFlavor.TALLY) {
+    // Note that we do not deploy a slasher if we run with no committees (i.e. targetCommitteeSize == 0)
+    if (_config.targetCommitteeSize == 0) {
+      slasher = ISlasher(address(0));
+    } else if (_config.slasherFlavor == SlasherFlavor.TALLY) {
       slasher = TallySlasherDeploymentExtLib.deployTallySlasher(
         address(this),
         _config.slashingVetoer,

l1-contracts/src/core/RollupCore.sol

@@ -144,7 +144,7 @@ contract TallySlashingProposer is EIP712 {
    * @notice EIP-712 type hash for the Vote struct used in signature verification
    * @dev Defines the structure: Vote(uint256 slot,bytes votes) for EIP-712 signing
    */
-  bytes32 public constant VOTE_TYPEHASH = keccak256("Vote(uint256 slot,bytes votes)");
+  bytes32 public constant VOTE_TYPEHASH = keccak256("Vote(bytes votes,uint256 slot)");
 
   /**
    * @notice Type of slashing proposer (either Tally or Empire)

l1-contracts/src/core/slashing/TallySlashingProposer.sol

@@ -135,6 +135,7 @@ contract BenchmarkRollupTest is FeeModelTestPoints, DecoderBase {
   bool internal IS_IGNITION;
 
   Rollup internal rollup;
+  Slasher internal slasher;
 
   address internal coinbase = address(bytes20("MONEY MAKER"));
   TestERC20 internal asset;
@@ -193,7 +194,8 @@ contract BenchmarkRollupTest is FeeModelTestPoints, DecoderBase {
 
     asset = builder.getConfig().testERC20;
     rollup = builder.getConfig().rollup;
-    slashingProposer = Slasher(rollup.getSlasher()).PROPOSER();
+    slasher = Slasher(rollup.getSlasher());
+    slashingProposer = address(slasher) == address(0) ? address(0) : slasher.PROPOSER();
 
     SlashFactory slashFactory = new SlashFactory(IValidatorSelection(address(rollup)));
     address[] memory toSlash = new address[](0);

l1-contracts/test/benchmark/happy.t.sol

@@ -62,7 +62,7 @@ fi
 # Note, currently writing keys for all services for convenience
 cat <<EOF >/shared/config/keys.env
 export VALIDATOR_PRIVATE_KEYS=$validator_private_keys
-export WEB3_SIGNER_ADDRESSES=$validator_addresses
+export VALIDATOR_ADDRESSES=$validator_addresses
 export L1_PRIVATE_KEY=$private_key
 export SEQ_PUBLISHER_PRIVATE_KEY=$private_key
 export PROVER_PUBLISHER_PRIVATE_KEY=$private_key