Merge with next

Author: spypsy

barretenberg/cpp/pil/vm2/context.pil

@@ -128,7 +128,7 @@ namespace execution;
 
     // The initial next_context_id = 2, in row = 1
     #[INCR_NEXT_CONTEXT_ID]
-    NOT_LAST_EXEC * (next_context_id' - (next_context_id + sel_enter_call)) = 0;
+    NOT_LAST_EXEC * (next_context_id' - (next_context_id + sel_enter_call + enqueued_call_start')) = 0;
 
     // nested_exit_call = 1 ==> context_id' = parent_id
     // sel_enter_call   = 1 ==> context_id' = next_context_id
@@ -235,12 +235,12 @@ namespace execution;
     #[PROPAGATE_RD_SIZE]
     NOT_LAST_EXEC * DEFAULT_CTX_ROW * (last_child_returndata_size' - last_child_returndata_size) = 0;
 
-    // sel_exit_call       = 1 ==> last_child_id' = context_id;  <-- sel_exit_call includes error case
+    // nested_exit_call    = 1 ==> last_child_id' = context_id;  <-- sel_exit_call includes error case
     // sel_enter_call      = 1 ==> last_child_id' = 0;
     // enqueued_call_start = 1 ==> last_child_id = 0; <-- Current row is 0
     // otherwise           = 0 ==> last_child_id' = last_child_id;
     #[EXIT_CALL_LAST_CHILD_ID]
-    NOT_LAST_EXEC * sel_exit_call * (last_child_id' - context_id) = 0;
+    NOT_LAST_EXEC * nested_exit_call * (last_child_id' - context_id) = 0;
     #[ENTER_CALL_LAST_CHILD_ID]
     NOT_LAST_EXEC * sel_enter_call * last_child_id' = 0;
     #[LAST_CHILD_ID_IS_ZERO]

barretenberg/cpp/pil/vm2/opcodes/internal_call.pil

@@ -19,7 +19,9 @@ namespace execution;
     // When we encounter this case, the internal call information in the next row is constrained to change (incremented, unwound, etc)
     pol NEW_NEXT_CALL_ID = (sel_execute_internal_call + sel_execute_internal_return) * (1 - sel_error) + sel_exit_call;
 
-    pol PROPAGATE_CALL_ID = 1 - RESET_NEXT_CALL_ID - NEW_NEXT_CALL_ID;
+    // This is an XOR
+    pol RESET_OR_NEW_NEXT_CALL_ID = (RESET_NEXT_CALL_ID + NEW_NEXT_CALL_ID) - (RESET_NEXT_CALL_ID * NEW_NEXT_CALL_ID);
+    pol PROPAGATE_CALL_ID = 1 - RESET_OR_NEW_NEXT_CALL_ID;
 
     // =============================
     // === Internal Call Pointer ===
@@ -57,9 +59,8 @@ namespace execution;
     #[NEXT_CALL_ID_STARTS_TWO]
     RESET_NEXT_CALL_ID * (next_internal_call_id' - 2) = 0;
     // If we encounter a sel_execute_internal_call, we increment the next next_internal_call_id, unless we are changing context
-    pol CONTEXT_CHANGE = (RESET_NEXT_CALL_ID + sel_exit_call) - (RESET_NEXT_CALL_ID * sel_exit_call) ;
     #[INCR_NEXT_INT_CALL_ID]
-    NOT_LAST_EXEC * (1 - CONTEXT_CHANGE) * (next_internal_call_id' - (next_internal_call_id + sel_execute_internal_call)) = 0;
+    NOT_LAST_EXEC * (1 - RESET_OR_NEW_NEXT_CALL_ID) * (next_internal_call_id' - (next_internal_call_id + sel_execute_internal_call)) = 0;
 
     // =============================
     // === Error Handling ====

barretenberg/cpp/scripts/test_civc_standalone_vks_havent_changed.sh

@@ -11,7 +11,7 @@ cd ..
 # - Generate a hash for versioning: sha256sum bb-civc-inputs.tar.gz
 # - Upload the compressed results: aws s3 cp bb-civc-inputs.tar.gz s3://aztec-ci-artifacts/protocol/bb-civc-inputs-[hash(0:8)].tar.gz
 # Note: In case of the "Test suite failed to run ... Unexpected token 'with' " error, need to run: docker pull aztecprotocol/build:3.0
-pinned_short_hash="f22d116f"
+pinned_short_hash="e5081516"
 pinned_civc_inputs_url="https://aztec-ci-artifacts.s3.us-east-2.amazonaws.com/protocol/bb-civc-inputs-${pinned_short_hash}.tar.gz"
 
 function compress_and_upload {

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp

@@ -28,7 +28,6 @@ ClientIVC::ClientIVC(size_t num_circuits, TraceSettings trace_settings)
     size_t commitment_key_size =
         std::max(trace_settings.dyadic_size(), 1UL << TranslatorFlavor::CONST_TRANSLATOR_LOG_N);
     info("BN254 commitment key size: ", commitment_key_size);
-    // TODO(https://github.com/AztecProtocol/barretenberg/issues/1420): pass commitment keys by value
     bn254_commitment_key = CommitmentKey<curve::BN254>(commitment_key_size);
 }
 
@@ -458,7 +457,6 @@ void ClientIVC::accumulate(ClientCircuit& circuit, const std::shared_ptr<MegaVer
     // If the current circuit overflows past the current size of the commitment key, reinitialize accordingly.
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/1319)
     if (proving_key->dyadic_size() > bn254_commitment_key.dyadic_size) {
-        // TODO(https://github.com/AztecProtocol/barretenberg/issues/1420): pass commitment keys by value
         bn254_commitment_key = CommitmentKey<curve::BN254>(proving_key->dyadic_size());
         goblin.commitment_key = bn254_commitment_key;
     }

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp

@@ -11,13 +11,16 @@
 #include "barretenberg/common/op_count.hpp"
 #include "barretenberg/common/throw_or_abort.hpp"
 #include "barretenberg/dsl/acir_format/civc_recursion_constraints.hpp"
+#include "barretenberg/dsl/acir_format/ecdsa_constraints.hpp"
 #include "barretenberg/dsl/acir_format/honk_recursion_constraint.hpp"
 #include "barretenberg/dsl/acir_format/pg_recursion_constraint.hpp"
 #include "barretenberg/dsl/acir_format/proof_surgeon.hpp"
 #include "barretenberg/flavor/flavor.hpp"
 #include "barretenberg/honk/proving_key_inspector.hpp"
 #include "barretenberg/stdlib/eccvm_verifier/verifier_commitment_key.hpp"
 #include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"
+#include "barretenberg/stdlib/primitives/curves/secp256k1.hpp"
+#include "barretenberg/stdlib/primitives/curves/secp256r1.hpp"
 #include "barretenberg/stdlib/primitives/field/field_conversion.hpp"
 #include "barretenberg/stdlib/primitives/pairing_points.hpp"
 #include "barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp"
@@ -185,15 +188,15 @@ void build_constraints(Builder& builder, AcirProgram& program, const ProgramMeta
     // Add ECDSA k1 constraints
     for (size_t i = 0; i < constraint_system.ecdsa_k1_constraints.size(); ++i) {
         const auto& constraint = constraint_system.ecdsa_k1_constraints.at(i);
-        create_ecdsa_k1_verify_constraints(builder, constraint, has_valid_witness_assignments);
+        create_ecdsa_verify_constraints<stdlib::secp256k1<Builder>>(builder, constraint, has_valid_witness_assignments);
         gate_counter.track_diff(constraint_system.gates_per_opcode,
                                 constraint_system.original_opcode_indices.ecdsa_k1_constraints.at(i));
     }
 
     // Add ECDSA r1 constraints
     for (size_t i = 0; i < constraint_system.ecdsa_r1_constraints.size(); ++i) {
         const auto& constraint = constraint_system.ecdsa_r1_constraints.at(i);
-        create_ecdsa_r1_verify_constraints(builder, constraint, has_valid_witness_assignments);
+        create_ecdsa_verify_constraints<stdlib::secp256r1<Builder>>(builder, constraint, has_valid_witness_assignments);
         gate_counter.track_diff(constraint_system.gates_per_opcode,
                                 constraint_system.original_opcode_indices.ecdsa_r1_constraints.at(i));
     }

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.hpp

@@ -19,8 +19,7 @@
 #include "blake3_constraint.hpp"
 #include "block_constraint.hpp"
 #include "ec_operations.hpp"
-#include "ecdsa_secp256k1.hpp"
-#include "ecdsa_secp256r1.hpp"
+#include "ecdsa_constraints.hpp"
 #include "honk_recursion_constraint.hpp"
 #include "keccak_constraint.hpp"
 #include "logic_constraint.hpp"
@@ -89,8 +88,8 @@ struct AcirFormat {
     std::vector<RangeConstraint> range_constraints;
     std::vector<AES128Constraint> aes128_constraints;
     std::vector<Sha256Compression> sha256_compression;
-    std::vector<EcdsaSecp256k1Constraint> ecdsa_k1_constraints;
-    std::vector<EcdsaSecp256r1Constraint> ecdsa_r1_constraints;
+    std::vector<EcdsaConstraint> ecdsa_k1_constraints;
+    std::vector<EcdsaConstraint> ecdsa_r1_constraints;
     std::vector<Blake2sConstraint> blake2s_constraints;
     std::vector<Blake3Constraint> blake3_constraints;
     std::vector<Keccakf1600> keccak_permutations;

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.test.cpp

@@ -8,7 +8,6 @@
 #include "barretenberg/op_queue/ecc_op_queue.hpp"
 
 #include "barretenberg/serialize/test_helper.hpp"
-#include "ecdsa_secp256k1.hpp"
 
 using namespace bb;
 using namespace bb::crypto;

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_to_constraint_buf.cpp

@@ -17,6 +17,7 @@
 #include "barretenberg/common/container.hpp"
 #include "barretenberg/common/map.hpp"
 #include "barretenberg/common/throw_or_abort.hpp"
+#include "barretenberg/dsl/acir_format/ecdsa_constraints.hpp"
 #include "barretenberg/dsl/acir_format/recursion_constraint.hpp"
 #include "barretenberg/honk/execution_trace/gate_data.hpp"
 #include "barretenberg/numeric/uint256/uint256.hpp"
@@ -651,7 +652,7 @@ void handle_blackbox_func_call(Acir::Opcode::BlackBoxFuncCall const& arg, AcirFo
                 }
                 af.original_opcode_indices.blake3_constraints.push_back(opcode_index);
             } else if constexpr (std::is_same_v<T, Acir::BlackBoxFuncCall::EcdsaSecp256k1>) {
-                af.ecdsa_k1_constraints.push_back(EcdsaSecp256k1Constraint{
+                af.ecdsa_k1_constraints.push_back(EcdsaConstraint{
                     .hashed_message =
                         transform::map(*arg.hashed_message, [](auto& e) { return get_witness_from_function_input(e); }),
                     .signature =
@@ -665,16 +666,16 @@ void handle_blackbox_func_call(Acir::Opcode::BlackBoxFuncCall const& arg, AcirFo
                 af.constrained_witness.insert(af.ecdsa_k1_constraints.back().result);
                 af.original_opcode_indices.ecdsa_k1_constraints.push_back(opcode_index);
             } else if constexpr (std::is_same_v<T, Acir::BlackBoxFuncCall::EcdsaSecp256r1>) {
-                af.ecdsa_r1_constraints.push_back(EcdsaSecp256r1Constraint{
+                af.ecdsa_r1_constraints.push_back(EcdsaConstraint{
                     .hashed_message =
                         transform::map(*arg.hashed_message, [](auto& e) { return get_witness_from_function_input(e); }),
+                    .signature =
+                        transform::map(*arg.signature, [](auto& e) { return get_witness_from_function_input(e); }),
                     .pub_x_indices =
                         transform::map(*arg.public_key_x, [](auto& e) { return get_witness_from_function_input(e); }),
                     .pub_y_indices =
                         transform::map(*arg.public_key_y, [](auto& e) { return get_witness_from_function_input(e); }),
                     .result = arg.output.value,
-                    .signature =
-                        transform::map(*arg.signature, [](auto& e) { return get_witness_from_function_input(e); }),
                 });
                 af.constrained_witness.insert(af.ecdsa_r1_constraints.back().result);
                 af.original_opcode_indices.ecdsa_r1_constraints.push_back(opcode_index);

barretenberg/cpp/src/barretenberg/dsl/acir_format/avm2_recursion_constraint.cpp

@@ -46,7 +46,6 @@ namespace {
  */
 void create_dummy_vkey_and_proof(Builder& builder,
                                  [[maybe_unused]] size_t proof_size,
-                                 size_t public_inputs_size,
                                  const std::vector<field_ct>& key_fields,
                                  const std::vector<field_ct>& proof_fields)
 {
@@ -70,27 +69,7 @@ void create_dummy_vkey_and_proof(Builder& builder,
         offset++;
     };
 
-    // Relevant source for proof layout: AvmFlavor::Transcript::serialize_full_transcript()
-    // TODO(#13390): Revive this assertion (and remove the >= 0 one) once we freeze the number of colums in AVM.
-    // assert((proof_size - Flavor::NUM_WITNESS_ENTITIES * Flavor::NUM_FRS_COM -
-    //         (Flavor::NUM_ALL_ENTITIES + 1) * Flavor::NUM_FRS_FR - Flavor::NUM_FRS_COM) %
-    //            (Flavor::NUM_FRS_COM + Flavor::NUM_FRS_FR * (Flavor::BATCHED_RELATION_PARTIAL_LENGTH + 1)) ==
-    //        0);
-
-    // Derivation of circuit size based on the proof
-    // TODO#13390): Revive the following code once we freeze the number of colums in AVM.
-    // const auto log_circuit_size =
-    //     (proof_size - Flavor::NUM_WITNESS_ENTITIES * Flavor::NUM_FRS_COM -
-    //      (Flavor::NUM_ALL_ENTITIES + 1) * Flavor::NUM_FRS_FR - Flavor::NUM_FRS_COM) /
-    //     (Flavor::NUM_FRS_COM + Flavor::NUM_FRS_FR * (Flavor::BATCHED_RELATION_PARTIAL_LENGTH + 1));
-    const auto log_circuit_size = numeric::get_msb(avm2::CIRCUIT_SUBGROUP_SIZE);
-
-    // First key field is log circuit size
-    builder.set_variable(key_fields[0].witness_index, log_circuit_size);
-    // Second key field is number of public inputs
-    builder.set_variable(key_fields[1].witness_index, public_inputs_size);
-
-    size_t offset = 2;
+    size_t offset = 0;
     for (size_t i = 0; i < Flavor::NUM_PRECOMPUTED_ENTITIES; ++i) {
         set_dummy_commitment(key_fields, offset);
     }
@@ -106,7 +85,7 @@ void create_dummy_vkey_and_proof(Builder& builder,
     }
 
     // now the univariates
-    for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N * Flavor::BATCHED_RELATION_PARTIAL_LENGTH; i++) {
+    for (size_t i = 0; i < avm2::MAX_AVM_TRACE_LOG_SIZE * Flavor::BATCHED_RELATION_PARTIAL_LENGTH; i++) {
         set_dummy_evaluation_in_proof_fields(offset);
     }
 
@@ -116,12 +95,12 @@ void create_dummy_vkey_and_proof(Builder& builder,
     }
 
     // now the gemini fold commitments which are CONST_PROOF_SIZE_LOG_N - 1
-    for (size_t i = 1; i < CONST_PROOF_SIZE_LOG_N; i++) {
+    for (size_t i = 1; i < avm2::MAX_AVM_TRACE_LOG_SIZE; i++) {
         set_dummy_commitment(proof_fields, offset);
     }
 
     // the gemini fold evaluations which are CONST_PROOF_SIZE_LOG_N
-    for (size_t i = 0; i < CONST_PROOF_SIZE_LOG_N; i++) {
+    for (size_t i = 0; i < avm2::MAX_AVM_TRACE_LOG_SIZE; i++) {
         set_dummy_evaluation_in_proof_fields(offset);
     }
 
@@ -160,7 +139,7 @@ HonkRecursionConstraintOutput<Builder> create_avm2_recursion_constraints_goblin(
 
     // Populate the key fields and proof fields with dummy values to prevent issues (e.g. points must be on curve).
     if (!has_valid_witness_assignments) {
-        create_dummy_vkey_and_proof(builder, input.proof.size(), input.public_inputs.size(), key_fields, proof_fields);
+        create_dummy_vkey_and_proof(builder, input.proof.size(), key_fields, proof_fields);
     }
 
     // Execute the Goblin AVM2 recursive verifier

barretenberg/cpp/src/barretenberg/dsl/acir_format/avm2_recursion_constraint.test.cpp

@@ -5,6 +5,7 @@
 #include "barretenberg/dsl/acir_format/acir_format_mocks.hpp"
 #include "barretenberg/dsl/acir_format/avm2_recursion_constraint.hpp"
 #include "barretenberg/dsl/acir_format/proof_surgeon.hpp"
+#include "barretenberg/dsl/acir_format/utils.hpp"
 #include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders_fwd.hpp"
 #include "barretenberg/ultra_honk/decider_keys.hpp"
 #include "barretenberg/ultra_honk/ultra_prover.hpp"
@@ -80,23 +81,10 @@ class AcirAvm2RecursionConstraint : public ::testing::Test {
             const std::vector<fr> proof_witnesses = inner_circuit_data.proof;
             const std::vector<fr> public_inputs_witnesses = inner_circuit_data.public_inputs_flat;
 
-            // Helper to append some values to the witness vector and return their corresponding indices
-            auto add_to_witness_and_track_indices =
-                [&witness](const std::vector<bb::fr>& input) -> std::vector<uint32_t> {
-                std::vector<uint32_t> indices;
-                indices.reserve(input.size());
-                auto witness_idx = static_cast<uint32_t>(witness.size());
-                for (const auto& value : input) {
-                    witness.push_back(value);
-                    indices.push_back(witness_idx++);
-                }
-                return indices;
-            };
-
             RecursionConstraint avm_recursion_constraint{
-                .key = add_to_witness_and_track_indices(key_witnesses),
-                .proof = add_to_witness_and_track_indices(proof_witnesses),
-                .public_inputs = add_to_witness_and_track_indices(public_inputs_witnesses),
+                .key = add_to_witness_and_track_indices<bb::fr>(witness, key_witnesses),
+                .proof = add_to_witness_and_track_indices<bb::fr>(witness, proof_witnesses),
+                .public_inputs = add_to_witness_and_track_indices<bb::fr>(witness, public_inputs_witnesses),
                 .key_hash = 0, // not used
                 .proof_type = AVM,
             };