feat: merge-train/barretenberg (#19188)

BEGIN_COMMIT_OVERRIDE
chore: Goblin AVM verifier audit - part 1 (#19091)
chore: (PCS audit) added readmes and documentation for each component
(#19092)
chore: fix the wrong vm2 recursion vk (#19189)
fix the pinned vk hash
chore: unified chonk verifier (#19145)
chore: keccak stdlib cleanup (#19169)
END_COMMIT_OVERRIDE

Author: iakovenkos

barretenberg/cpp/scripts/test_chonk_standalone_vks_havent_changed.sh

@@ -13,7 +13,7 @@ cd ..
 # - Generate a hash for versioning: sha256sum bb-chonk-inputs.tar.gz
 # - Upload the compressed results: aws s3 cp bb-chonk-inputs.tar.gz s3://aztec-ci-artifacts/protocol/bb-chonk-inputs-[hash(0:8)].tar.gz
 # Note: In case of the "Test suite failed to run ... Unexpected token 'with' " error, need to run: docker pull aztecprotocol/build:3.0
-pinned_short_hash="e9e9b7b7"
+pinned_short_hash="c288d94d"
 pinned_chonk_inputs_url="https://aztec-ci-artifacts.s3.us-east-2.amazonaws.com/protocol/bb-chonk-inputs-${pinned_short_hash}.tar.gz"
 
 function compress_and_upload {

barretenberg/cpp/src/CMakeLists.txt

@@ -179,7 +179,6 @@ set(BARRETENBERG_TARGET_OBJECTS
     $<TARGET_OBJECTS:stdlib_blake2s_objects>
     $<TARGET_OBJECTS:stdlib_blake3s_objects>
     $<TARGET_OBJECTS:stdlib_circuit_builders_objects>
-    $<TARGET_OBJECTS:stdlib_chonk_verifier_objects>
     $<TARGET_OBJECTS:stdlib_eccvm_verifier_objects>
     $<TARGET_OBJECTS:stdlib_honk_verifier_objects>
     $<TARGET_OBJECTS:stdlib_keccak_objects>

barretenberg/cpp/src/barretenberg/acir_formal_proofs/acir_loader.test.cpp

@@ -7,13 +7,13 @@
  */
 
 #include "acir_loader.hpp"
+#include "barretenberg/chonk/chonk_verifier.hpp"
 #include "barretenberg/circuit_checker/circuit_checker.hpp"
 #include "barretenberg/common/test.hpp"
 #include "barretenberg/dsl/acir_format/acir_format.hpp"
 #include "barretenberg/smt_verification/circuit/ultra_circuit.hpp"
 #include "barretenberg/smt_verification/solver/solver.hpp"
 #include "barretenberg/smt_verification/util/smt_util.hpp"
-#include "barretenberg/stdlib/chonk_verifier/chonk_recursive_verifier.hpp"
 #include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"
 #include "formal_proofs.hpp"
 #include "helpers.hpp"

barretenberg/cpp/src/barretenberg/api/api_chonk.cpp

@@ -3,6 +3,7 @@
 #include "barretenberg/api/log.hpp"
 #include "barretenberg/bbapi/bbapi.hpp"
 #include "barretenberg/chonk/chonk.hpp"
+#include "barretenberg/chonk/chonk_verifier.hpp"
 #include "barretenberg/chonk/mock_circuit_producer.hpp"
 #include "barretenberg/chonk/private_execution_steps.hpp"
 #include "barretenberg/common/get_bytecode.hpp"
@@ -120,7 +121,7 @@ bool ChonkAPI::verify([[maybe_unused]] const Flags& flags,
 {
     BB_BENCH_NAME("ChonkAPI::verify");
     auto proof_fields = many_from_buffer<fr>(read_file(proof_path));
-    auto proof = Chonk::Proof::from_field_elements(proof_fields);
+    auto proof = ChonkProof::from_field_elements(proof_fields);
 
     auto vk_buffer = read_file(vk_path);
 
@@ -138,7 +139,9 @@ bool ChonkAPI::prove_and_verify(const std::filesystem::path& input_path)
     // Construct the hiding kernel as the final step of the IVC
 
     auto proof = ivc->prove();
-    const bool verified = Chonk::verify(proof, ivc->get_vk());
+    auto vk_and_hash = ivc->get_hiding_kernel_vk_and_hash();
+    ChonkNativeVerifier verifier(vk_and_hash);
+    const bool verified = verifier.verify(proof);
     return verified;
 }
 

barretenberg/cpp/src/barretenberg/bbapi/bbapi_chonk.cpp

@@ -1,4 +1,5 @@
 #include "barretenberg/bbapi/bbapi_chonk.hpp"
+#include "barretenberg/chonk/chonk_verifier.hpp"
 #include "barretenberg/chonk/mock_circuit_producer.hpp"
 #include "barretenberg/common/log.hpp"
 #include "barretenberg/common/serialize.hpp"
@@ -108,19 +109,19 @@ ChonkProve::Response ChonkProve::execute(BBApiRequest& request) &&
     info("ChonkProve - using Chonk");
     auto sumcheck_ivc = std::dynamic_pointer_cast<Chonk>(request.ivc_in_progress);
     auto proof = sumcheck_ivc->prove();
-    auto vk = sumcheck_ivc->get_vk();
+    auto vk_and_hash = sumcheck_ivc->get_hiding_kernel_vk_and_hash();
 
     // We verify this proof. Another bb call to verify has some overhead of loading VK/proof/SRS,
     // and it is mysterious if this transaction fails later in the lifecycle.
     info("ChonkProve - verifying the generated proof as a sanity check");
-    verification_passed = Chonk::verify(proof, vk);
+    ChonkNativeVerifier verifier(vk_and_hash);
+    verification_passed = verifier.verify(proof);
 
     if (!verification_passed) {
         throw_or_abort("Failed to verify the generated proof!");
     }
 
-    response.proof =
-        Chonk::Proof{ .mega_proof = std::move(proof.mega_proof), .goblin_proof = std::move(proof.goblin_proof) };
+    response.proof = ChonkProof{ std::move(proof.mega_proof), std::move(proof.goblin_proof) };
 
     request.ivc_in_progress.reset();
     request.ivc_stack_depth = 0;
@@ -131,11 +132,13 @@ ChonkProve::Response ChonkProve::execute(BBApiRequest& request) &&
 ChonkVerify::Response ChonkVerify::execute(const BBApiRequest& /*request*/) &&
 {
     BB_BENCH_NAME(MSGPACK_SCHEMA_NAME);
-    // Deserialize the verification key directly from buffer
-    Chonk::VerificationKey verification_key = from_buffer<Chonk::VerificationKey>(vk);
+    // Deserialize the hiding kernel verification key directly from buffer
+    auto hiding_kernel_vk = std::make_shared<Chonk::MegaVerificationKey>(from_buffer<Chonk::MegaVerificationKey>(vk));
 
-    // Verify the proof using Chonk's static verify method
-    const bool verified = Chonk::verify(proof, verification_key);
+    // Verify the proof using ChonkNativeVerifier
+    auto vk_and_hash = std::make_shared<ChonkNativeVerifier::VKAndHash>(hiding_kernel_vk);
+    ChonkNativeVerifier verifier(vk_and_hash);
+    const bool verified = verifier.verify(proof);
 
     return { .valid = verified };
 }
@@ -171,14 +174,12 @@ ChonkComputeIvcVk::Response ChonkComputeIvcVk::execute(BB_UNUSED const BBApiRequ
         .circuit{ .name = "standalone_circuit", .bytecode = std::move(circuit.bytecode) }
     }.execute();
 
-    auto mega_vk = from_buffer<Chonk::MegaVerificationKey>(standalone_vk_response.bytes);
-    Chonk::VerificationKey chonk_vk{ .mega = std::make_shared<Chonk::MegaVerificationKey>(mega_vk),
-                                     .eccvm = std::make_shared<Chonk::ECCVMVerificationKey>(),
-                                     .translator = std::make_shared<Chonk::TranslatorVerificationKey>() };
+    // The hiding kernel VK is just the MegaZK verification key
+    auto hiding_kernel_vk = from_buffer<Chonk::MegaVerificationKey>(standalone_vk_response.bytes);
     Response response;
-    response.bytes = to_buffer(chonk_vk);
+    response.bytes = to_buffer(hiding_kernel_vk);
 
-    info("ChonkComputeIvcVk - IVC VK derived, size: ", response.bytes.size(), " bytes");
+    info("ChonkComputeIvcVk - hiding kernel VK derived, size: ", response.bytes.size(), " bytes");
 
     return response;
 }

barretenberg/cpp/src/barretenberg/bbapi/bbapi_chonk.hpp

@@ -106,7 +106,7 @@ struct ChonkProve {
         static constexpr const char MSGPACK_SCHEMA_NAME[] = "ChonkProveResponse";
 
         /** @brief Complete IVC proof for all accumulated circuits */
-        Chonk::Proof proof;
+        ChonkProof proof;
         MSGPACK_FIELDS(proof);
         bool operator==(const Response&) const = default;
     };
@@ -136,7 +136,7 @@ struct ChonkVerify {
     };
 
     /** @brief The Chonk proof to verify */
-    Chonk::Proof proof;
+    ChonkProof proof;
     /** @brief The verification key */
     std::vector<uint8_t> vk;
     Response execute(const BBApiRequest& request = {}) &&;

barretenberg/cpp/src/barretenberg/bbapi/bbapi_chonk.test.cpp

@@ -38,9 +38,9 @@ TEST_F(BBApiChonkTest, ChonkVkSerialization)
     auto [bytecode, _witness] = acir_bincode_mocks::create_simple_circuit_bytecode();
     auto vk_response = ChonkComputeIvcVk{ .circuit = { .name = "test_circuit", .bytecode = bytecode } }.execute();
 
-    // Create a VK from the field elements
-    Chonk::VerificationKey vk = from_buffer<Chonk::VerificationKey>(vk_response.bytes);
-    EXPECT_EQ(to_buffer(vk.to_field_elements()), vk_response.bytes)
+    // Deserialize the hiding kernel VK
+    auto hiding_kernel_vk = from_buffer<Chonk::MegaVerificationKey>(vk_response.bytes);
+    EXPECT_EQ(to_buffer(hiding_kernel_vk.to_field_elements()), vk_response.bytes)
         << "Serialized field elements should match original field elements";
 }
 

barretenberg/cpp/src/barretenberg/benchmark/chonk_bench/chonk.bench.cpp

@@ -4,7 +4,9 @@
  */
 
 #include <benchmark/benchmark.h>
+#include <chrono>
 
+#include "barretenberg/chonk/chonk_verifier.hpp"
 #include "barretenberg/chonk/test_bench_shared.hpp"
 #include "barretenberg/common/google_bb_bench.hpp"
 
@@ -34,10 +36,11 @@ BENCHMARK_DEFINE_F(ChonkBench, VerificationOnly)(benchmark::State& state)
 {
     size_t NUM_APP_CIRCUITS = 1;
     auto precomputed_vks = precompute_vks(NUM_APP_CIRCUITS);
-    auto [proof, vk] = accumulate_and_prove_with_precomputed_vks(NUM_APP_CIRCUITS, precomputed_vks);
+    auto [proof, vk_and_hash] = accumulate_and_prove_with_precomputed_vks(NUM_APP_CIRCUITS, precomputed_vks);
 
     for (auto _ : state) {
-        benchmark::DoNotOptimize(Chonk::verify(proof, vk));
+        ChonkNativeVerifier verifier(vk_and_hash);
+        benchmark::DoNotOptimize(verifier.verify(proof));
     }
 }
 

barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp

@@ -88,8 +88,11 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic)
     GoblinRecursiveVerifier verifier{ transcript, stdlib_proof, recursive_merge_commitments, MergeSettings::APPEND };
     GoblinRecursiveVerifier::ReductionResult output = verifier.reduce_to_pairing_check_and_ipa_opening();
 
+    // Aggregate merge + translator pairing points
+    output.translator_pairing_points.aggregate(output.merge_pairing_points);
+
     stdlib::recursion::honk::DefaultIO<Builder> inputs;
-    inputs.pairing_inputs = output.pairing_points;
+    inputs.pairing_inputs = output.translator_pairing_points;
     inputs.set_public();
 
     // Construct and verify a proof for the Goblin Recursive Verifier circuit
@@ -105,7 +108,8 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic)
 
         ASSERT_TRUE(verified);
     }
-    auto translator_pairing_points = output.pairing_points;
+    // Use the already aggregated pairing points (merge + translator)
+    auto translator_pairing_points = output.translator_pairing_points;
 
     // The pairing points are public outputs from the recursive verifier that will be verified externally via a pairing
     // check. While they are computed within the circuit (via batch_mul for P0 and negation for P1), their output

barretenberg/cpp/src/barretenberg/chonk/CMakeLists.txt

@@ -1 +1 @@
-barretenberg_module(chonk dsl libdeflate::libdeflate_static hypernova multilinear_batching)
+barretenberg_module(chonk goblin dsl libdeflate::libdeflate_static hypernova multilinear_batching)