@aztec/ivc-integration 3.0.0-devnet.2 → 3.0.0-devnet.2-patch.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/artifacts/app_creator.json +36 -36
  2. package/artifacts/app_reader.json +36 -36
  3. package/artifacts/keys/avm.vk +0 -0
  4. package/artifacts/keys/mock_hiding.ivc.vk +0 -0
  5. package/artifacts/keys/mock_rollup_root_verifier.sol +86 -83
  6. package/artifacts/mock_hiding.json +129 -129
  7. package/artifacts/mock_private_kernel_init.json +131 -131
  8. package/artifacts/mock_private_kernel_inner.json +132 -132
  9. package/artifacts/mock_private_kernel_reset.json +129 -129
  10. package/artifacts/mock_private_kernel_tail.json +129 -129
  11. package/artifacts/mock_rollup_root.json +65 -65
  12. package/artifacts/mock_rollup_tx_base_private.json +118 -118
  13. package/artifacts/mock_rollup_tx_base_public.json +118 -118
  14. package/artifacts/mock_rollup_tx_merge.json +116 -116
  15. package/dest/bb_working_directory.d.ts +1 -1
  16. package/dest/index.d.ts +1 -1
  17. package/dest/prove_native.d.ts +7 -7
  18. package/dest/prove_native.d.ts.map +1 -1
  19. package/dest/prove_native.js +17 -38
  20. package/dest/scripts/generate_declaration_files.d.ts +1 -1
  21. package/dest/scripts/generate_ts_from_abi.d.ts +1 -1
  22. package/dest/serve.d.ts +1 -1
  23. package/dest/serve.js +34 -17
  24. package/dest/types/index.d.ts +8 -8
  25. package/dest/types/index.d.ts.map +1 -1
  26. package/dest/types/index.js +4 -4
  27. package/dest/witgen.d.ts +4 -4
  28. package/dest/witgen.d.ts.map +1 -1
  29. package/dest/witgen.js +19 -4
  30. package/package.json +21 -23
  31. package/src/prove_native.ts +21 -56
  32. package/src/serve.ts +43 -16
  33. package/src/types/index.ts +9 -9
  34. package/src/witgen.ts +19 -3
  35. package/dest/prove_wasm.d.ts +0 -4
  36. package/dest/prove_wasm.d.ts.map +0 -1
  37. package/dest/prove_wasm.js +0 -38
  38. package/src/prove_wasm.ts +0 -57
package/artifacts/keys/mock_rollup_root_verifier.sol CHANGED
@@ -2,127 +2,127 @@
2
2
  // Copyright 2022 Aztec
3
3
  pragma solidity >=0.8.21;
4
4
 
5
- uint256 constant N = 33554432;
6
- uint256 constant LOG_N = 25;
5
+ uint256 constant N = 16777216;
6
+ uint256 constant LOG_N = 24;
7
7
  uint256 constant NUMBER_OF_PUBLIC_INPUTS = 17;
8
- uint256 constant VK_HASH = 0x132cd81124fb8980a92a6b476b1523fdd052380ad73d416cb3437a8253794e87;
8
+ uint256 constant VK_HASH = 0x2483e4516597c18a018591468c70f9cf8aae18afe48a8dff59e99657d367b063;
9
9
  library HonkVerificationKey {
10
10
  function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) {
11
11
  Honk.VerificationKey memory vk = Honk.VerificationKey({
12
- circuitSize: uint256(33554432),
13
- logCircuitSize: uint256(25),
12
+ circuitSize: uint256(16777216),
13
+ logCircuitSize: uint256(24),
14
14
  publicInputsSize: uint256(17),
15
15
  ql: Honk.G1Point({
16
- x: uint256(0x24e8686ba78f69376ba8858e8ee6a1a5d2018c7cb5429183e0fc7d117e908d71),
17
- y: uint256(0x2f0c7111ddd4bdd0816fb6fd8ffd98414ad4aa47f45b6a64f4a25786e3ee76b6)
16
+ x: uint256(0x0f2365b105ff53384a1fd8d7a27c5288a8100554378f35a6b344cd9ce8adad85),
17
+ y: uint256(0x03e6c96c0bc572a5b3df41a4871dc2c2bae22ac5d0f07d046bb96bee05835f85)
18
18
  }),
19
19
  qr: Honk.G1Point({
20
- x: uint256(0x21d4b1e720f59ed0794074025a07a73296b4e138eb587967508ae4d43359624a),
21
- y: uint256(0x0ee0aadf61a13d7d0b0472f8b346ba03837ec1e504ce167d8fa6fdc1968b964f)
20
+ x: uint256(0x004cb36247e12fb32b73a4ebece2be052889df91bb4af49dfe8a74a53865ecc3),
21
+ y: uint256(0x17a1d0af10c38a99db2ad668f56c9642722b05b0ea72ed99c146ffceeda7a334)
22
22
  }),
23
23
  qo: Honk.G1Point({
24
- x: uint256(0x2b3560376657985298208dc26a26180b682cac479d14d2a7f98b5be013cc5a82),
25
- y: uint256(0x17fa1bc765eea07cf366bf1963cb3356f656447a6ea872e9b88e78f75b564a38)
24
+ x: uint256(0x1796eb7073a560ad27262a9fcccd8cc6a7c8ac3c5667c343d332c745ddd49cdf),
25
+ y: uint256(0x2710cb416b75e315229256987e3c736f6aa9e6e3d1f7394828e81b93ba058a93)
26
26
  }),
27
27
  q4: Honk.G1Point({
28
- x: uint256(0x0f269a9709496b1f7ab4d295c490d1cc4a7a6b6b3868ce0103c46f1a3e0a37bd),
29
- y: uint256(0x2a358a969b18da4679870a7a39a3cbaefc1040c14f84016ad8f0c5faf76dd14d)
28
+ x: uint256(0x29415184cae246d7e7beeb3d707ae40c762426aa34e3ac9d22eda508b422adb3),
29
+ y: uint256(0x042112fe467bd4fd695476676773a444cb16423c026ff2eb57077a29d293b47c)
30
30
  }),
31
31
  qm: Honk.G1Point({
32
- x: uint256(0x1a519249e980dec0ea6e78f7f1c5ff29318399ba711817d02f109242d9c405ca),
33
- y: uint256(0x285023990cbe94154e9b525794f9c90d1d34dd4afcd97eefcce07c16658e940a)
32
+ x: uint256(0x0e93587de243211bc0e46e11a1e7e80694eee62981bbea775277d85b2889cda5),
33
+ y: uint256(0x0b508346fe7fc422cf003ca50511285b28b8310e5ce3d764317ded0f9fc6ffde)
34
34
  }),
35
35
  qc: Honk.G1Point({
36
- x: uint256(0x00525f18e52cdd2ae19e21509d4b2ac3bdd58c412da4e2e9a1627fe5af071f38),
37
- y: uint256(0x277d2a485d7ee3256c037b2026f8dd69f718c660e7ce0a27532a3402e4ec9250)
36
+ x: uint256(0x28703227d883dab576898b7325c6b9f0fbc834481b2993d7f23f8132e9daf1db),
37
+ y: uint256(0x2ad4bd924ebf2d393df34f5f6d5faa3dbd8a3285c4756e600e5cfe083f51a4e3)
38
38
  }),
39
39
  qLookup: Honk.G1Point({
40
40
  x: uint256(0x0c4032c3079594eb75a8449d3d5ce8bc3661650d53f9b24d923d8f404cb0bbc9),
41
41
  y: uint256(0x1084d709650356d40f0158fd6da81f54eb5fe796a0ca89441369b7c24301f851)
42
42
  }),
43
43
  qArith: Honk.G1Point({
44
- x: uint256(0x03a9a183b20d4f70998c4b3872d6689ee3a7a5c63cc5b6ca61fc237f6d76f4bf),
45
- y: uint256(0x2c9e7d1ab5a06710f3d02689b829adc1ed409a016810b02941824f392b51b694)
44
+ x: uint256(0x035bf72586d41e96e39b9a1b5c87f4c15931cf828fa9dbdd04d7fcf7a2c9b820),
45
+ y: uint256(0x2d1c89402419dae4ab086f37587eaa261a4f799114081a9e7c6dfa0cdd681dc9)
46
46
  }),
47
47
  qDeltaRange: Honk.G1Point({
48
- x: uint256(0x1c4863ce062d034d0f285064a7edd33953b921ad1233aeef36c958a24f752cdb),
49
- y: uint256(0x1a569e780eb3863ca9f180f277d798ed8e4f4f03a051db0f56168ea748f1ad0c)
48
+ x: uint256(0x10cc9f130a3617b8ba1d4c7f8a4ecf772b76948dad571e47b06aea5f6e5e82db),
49
+ y: uint256(0x1062815b19b50f9736cbe3849bf00f9957947bf27f424f304f8097bbf3358fdd)
50
50
  }),
51
51
  qElliptic: Honk.G1Point({
52
- x: uint256(0x1a85cfd399542977bde5916d92fc5e19c42816c83e55c2a18792a8daf8c088c0),
53
- y: uint256(0x1d23199c6672d6cbffc6657af57a15cc124407c1b6a22dabfb10745927d5cb4e)
52
+ x: uint256(0x15a4f05d00dfd0db51eb5133fbfe3b8e0c67fc6adec433a2eed788991e11159f),
53
+ y: uint256(0x1ca5a9a9bcbf26d428feb2552757a17d9820c1ae18e9cd6c7ac5bdbebafb838f)
54
54
  }),
55
55
  qMemory: Honk.G1Point({
56
- x: uint256(0x09fb61f5e638da4979f33572fce4c639d304fdc007d8b755aae3362eee9764fd),
57
- y: uint256(0x28705bb5078d8ea55feee44387259665a7444d20b204786c4da954ea677316c6)
56
+ x: uint256(0x1b2ddb367c92012e81f0cf6fd8b057d254c4fe79472a2bcdcec684d14720da01),
57
+ y: uint256(0x00fded1abfb60e5e7ba4e0da120de9d8e52bf726c44f8d331f46673b1fde5cd3)
58
58
  }),
59
59
  qNnf: Honk.G1Point({
60
- x: uint256(0x2b8e9c8f65415928cdca8c1a13109a7d343756d34c9852064e5c6fe5b7719df9),
61
- y: uint256(0x2ba4dd86569a52fbaf4d8dea0dc2756724a83d8ed138ca2523fc13e7749d3c0b)
60
+ x: uint256(0x15aa8a2883f91db5b8334efa999e7a1686ed95bc25d4802eb60121f8984a8c51),
61
+ y: uint256(0x10f5de1ef49ecd1db3ebdb997bb4795d34377fec527e2c048e934f6c0a88572c)
62
62
  }),
63
63
  qPoseidon2External: Honk.G1Point({
64
- x: uint256(0x174680a74f2c28880d474f113f2bd14f5a4187af72bed65fa1d75bc7a4fe7b47),
65
- y: uint256(0x2b082da992cafd0f1619474ac4c8409fc3ac152a39c0d9f99088851b22e9f0df)
64
+ x: uint256(0x228271d918164c6f35cbb191a79841195f4dd0ca862772b3b35999ad275c9a0e),
65
+ y: uint256(0x1e215612b6dd1be8e45f8ddb9d2de66ae3f16caa45356a8bac12136e8bbe986c)
66
66
  }),
67
67
  qPoseidon2Internal: Honk.G1Point({
68
- x: uint256(0x00de42cc25791d408bfd31925bdace2d06118c7d8ab8f7f637305ce2be3b7319),
69
- y: uint256(0x12941731d04ebd365925ebdafe5987352101d95a2464ec3ccfd17c4600698355)
68
+ x: uint256(0x20be4e3e2847c2166ff19287744f61196747cbd2975749f04cbbd94ed903e56e),
69
+ y: uint256(0x00ba35bc0241f49319ceae8027122eb462af14ca679fbfdae1f259fe7ea46d6a)
70
70
  }),
71
71
  s1: Honk.G1Point({
72
- x: uint256(0x04167527ffaf5c2c483846b0e5c7ac2fe7293869ddc3b998fec82182bf125449),
73
- y: uint256(0x014c7d8509f40008cbda838ecd0fd3e10aa691db5359761157b46ec7eefdd2f4)
72
+ x: uint256(0x18c9d69eb064aa58dccfdb64028d880dab96a6c48401c1e5990d4ea44613ba1a),
73
+ y: uint256(0x0dad8177318828acebf73d7bc51b9e36a0b561750286fb59628e7d496532a11b)
74
74
  }),
75
75
  s2: Honk.G1Point({
76
- x: uint256(0x1074d00bc77080d87f7d9b831a63e3c3cad0413836701d483f54c968808376ed),
77
- y: uint256(0x18867db28321a09afb3419ad90ab8aad6921b7f8878c9b49140fec02eef1317a)
76
+ x: uint256(0x22de4ef2c6e945f99cb1adc27a1c526e0ce618404cbeb51895898fffe9818667),
77
+ y: uint256(0x21a55d5432ee5e4114bbefcaf467a2f0175ed72666b9a5490c8c39d7b5800f3a)
78
78
  }),
79
79
  s3: Honk.G1Point({
80
- x: uint256(0x24b7674a46d0b8e6950ce41a5847416bc2245a3b1cb1ce8bfe60c7998f95908f),
81
- y: uint256(0x07ea71d81c0c73d2fda995bde44937ce92d48463b1c6ad5456028f643c2a90c5)
80
+ x: uint256(0x25f6f34984d2cdd0ca61060a1cec0907db393f2fb05c226b6a09c46a074c785a),
81
+ y: uint256(0x07e4d48a999a872265b418345cfcc50712f82266d716014aa056dbacbe6d0513)
82
82
  }),
83
83
  s4: Honk.G1Point({
84
- x: uint256(0x0e8c910fb665e55110e0d199f2e8eefb6fb30a8b623521dad6b129bdbcee3fc1),
85
- y: uint256(0x25e435633a1356c7aedf25e13a3bac12e3c821daafe28f925006c413cbf774ef)
84
+ x: uint256(0x1c7889c9dcf7801029523cc960a7892d22ca95247f38b42adc27931bdf8ecfd0),
85
+ y: uint256(0x29f693a30e9e62397ed0fe86485d3c2a2f9725f294402804915bcedf1a89895e)
86
86
  }),
87
87
  t1: Honk.G1Point({
88
- x: uint256(0x0450f8716810dff987300c3bc10a892b1c1c2637db3f8fecd9d8bb38442cc468),
89
- y: uint256(0x10005567f9eb3d3a97098baa0d71c65db2bf83f8a194086a4cca39916b578faf)
88
+ x: uint256(0x099e3bd5a0a00ab7fe18040105b9b395b5d8b7b4a63b05df652b0d10ef146d26),
89
+ y: uint256(0x0015b8d2515d76e2ccec99dcd194592129af3a637f5a622a32440f860d1e2a7f)
90
90
  }),
91
91
  t2: Honk.G1Point({
92
- x: uint256(0x103bcf2cf468d53c71d57b5c0ab31231e12e1ce3a444583203ea04c16ec69eb2),
93
- y: uint256(0x0c5d6e7a8b0b14d4ed8f51217ae8af4207277f4116e0af5a9268b38a5d34910b)
92
+ x: uint256(0x1b917517920bad3d8bc01c9595092a222b888108dc25d1aa450e0b4bc212c37e),
93
+ y: uint256(0x305e8992b148eedb22e6e992077a84482141c7ebe42000a1d58ccb74381f6d19)
94
94
  }),
95
95
  t3: Honk.G1Point({
96
- x: uint256(0x0924c2d3fa7bd443b6244e3f29179883c120acb66ce414b5147c31531392c530),
97
- y: uint256(0x07e5e59aa353dc977d4e082214179998a8086106f1eaaf33ee0b012cbd77066f)
96
+ x: uint256(0x061f64497996e8915722501e9e367938ed8da2375186b518c7345c60b1134b2d),
97
+ y: uint256(0x1b84d38339321f405ebaf6a2f830842ad3d7cb59792e11c0d2691f317fd50e6e)
98
98
  }),
99
99
  t4: Honk.G1Point({
100
- x: uint256(0x132b76a71278e567595f3aaf837a72eb0ab515191143e5a3c8bd587526486628),
101
- y: uint256(0x2c6b2a0de0a3fefdfc4fb4f3b8381d2c37ccc495848c2887f98bfbaca776ca39)
100
+ x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce),
101
+ y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854)
102
102
  }),
103
103
  id1: Honk.G1Point({
104
- x: uint256(0x28c57bcc83bd4a13b1c7b46d50aeb4293ca2e171678883e37396e38d7753172c),
105
- y: uint256(0x014818d6797d82472c4dfc9e9d59cc206cdaf4f2f7cf16eed918afd8a117de87)
104
+ x: uint256(0x0cfc6d916a8ee137548e5f03368fe440a12b2353526e4045da57928d9d3ea1ac),
105
+ y: uint256(0x057c503fcaabdad32d220fe39de0802e9d02870a6198399519377ee38ac92f7d)
106
106
  }),
107
107
  id2: Honk.G1Point({
108
- x: uint256(0x1af703e49ccfc901ff269589826080ea7c84be27130e1e9e75e8d32a24df0739),
109
- y: uint256(0x007c484c6ba586d4fb1dfe5c199dd5cf930effdf54edc8ef3fab6af504779ddb)
108
+ x: uint256(0x04a3281f7984a62b53e3c00e9de68886175fc455aae5bab2b4334cdd67ea8676),
109
+ y: uint256(0x06400420abfaae2fca0debeafe5091cfe1bf4c7432d288ebdde64242331a20c3)
110
110
  }),
111
111
  id3: Honk.G1Point({
112
- x: uint256(0x1e33f109d506df3522e7f6061eecdc2e86d54516c79b16ccee1e4a85dc0d17e5),
113
- y: uint256(0x18aabb90390730dbf9f6e2386c15adfc8851a191a29a18ef0a588cadfc0b03ef)
112
+ x: uint256(0x1d18e5659dc058966fa5fcfa0dcd1b6ef05ca88950525a91993530f1d082e938),
113
+ y: uint256(0x1c7184cee4af54cd8bef5ff6401548a5b7485af396891ccbbf0237931e9d6a67)
114
114
  }),
115
115
  id4: Honk.G1Point({
116
- x: uint256(0x075da9457c89a0b65f003b855a6898efb99c64ffdc2d9f5be82eb27c0f371ae5),
117
- y: uint256(0x21543d24087cc843db2eaa3d23ed28054e02f24577eb03662994c009057e73be)
116
+ x: uint256(0x0fc51759c8595c1857c8d428fc89835b47fbd258425b365262ab87b6f21c025d),
117
+ y: uint256(0x1e6cbebfe6e913fc4caace9df3a9b0ef9ee77f8f16ba00d31722b95707eaada6)
118
118
  }),
119
119
  lagrangeFirst: Honk.G1Point({
120
120
  x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001),
121
121
  y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002)
122
122
  }),
123
123
  lagrangeLast: Honk.G1Point({
124
- x: uint256(0x2408250136bc5d8d7320a1c043c024ce9cb1085261fa51d4c51ac447f45154c0),
125
- y: uint256(0x23473d742ff251ab6d6ff87dc283d28339aba00a152f82097a18493f12758729)
124
+ x: uint256(0x0e48a3b860eeef2951502efcb4cb49994a7c3a80302a0ad1b9f13f64ac7d2053),
125
+ y: uint256(0x0014bb3719e4eeb82182790fee5729aa3943e7091e74d4eaf61fb1d26205df2f)
126
126
  })
127
127
  });
128
128
  return vk;
@@ -185,7 +185,7 @@ library FrLib {
185
185
  mstore(add(free, 0x20), 0x20)
186
186
  mstore(add(free, 0x40), 0x20)
187
187
  mstore(add(free, 0x60), v)
188
- mstore(add(free, 0x80), sub(MODULUS, 2))
188
+ mstore(add(free, 0x80), sub(MODULUS, 2))
189
189
  mstore(add(free, 0xa0), MODULUS)
190
190
  let success := staticcall(gas(), 0x05, free, 0xc0, 0x00, 0x20)
191
191
  if iszero(success) {
@@ -209,7 +209,7 @@ library FrLib {
209
209
  mstore(add(free, 0x20), 0x20)
210
210
  mstore(add(free, 0x40), 0x20)
211
211
  mstore(add(free, 0x60), b)
212
- mstore(add(free, 0x80), v)
212
+ mstore(add(free, 0x80), v)
213
213
  mstore(add(free, 0xa0), MODULUS)
214
214
  let success := staticcall(gas(), 0x05, free, 0xc0, 0x00, 0x20)
215
215
  if iszero(success) {
@@ -293,14 +293,18 @@ uint256 constant NUMBER_OF_SUBRELATIONS = 28;
293
293
  uint256 constant BATCHED_RELATION_PARTIAL_LENGTH = 8;
294
294
  uint256 constant ZK_BATCHED_RELATION_PARTIAL_LENGTH = 9;
295
295
  uint256 constant NUMBER_OF_ENTITIES = 41;
296
+ // The number of entities added for ZK (gemini_masking_poly)
297
+ uint256 constant NUM_MASKING_POLYNOMIALS = 1;
298
+ uint256 constant NUMBER_OF_ENTITIES_ZK = NUMBER_OF_ENTITIES + NUM_MASKING_POLYNOMIALS;
296
299
  uint256 constant NUMBER_UNSHIFTED = 36;
300
+ uint256 constant NUMBER_UNSHIFTED_ZK = NUMBER_UNSHIFTED + NUM_MASKING_POLYNOMIALS;
297
301
  uint256 constant NUMBER_TO_BE_SHIFTED = 5;
298
302
  uint256 constant PAIRING_POINTS_SIZE = 16;
299
303
 
300
304
  uint256 constant FIELD_ELEMENT_SIZE = 0x20;
301
305
  uint256 constant GROUP_ELEMENT_SIZE = 0x40;
302
306
 
303
- // Alphas are used as relation separators so there should be NUMBER_OF_SUBRELATIONS - 1
307
+ // Powers of alpha used to batch subrelations (alpha, alpha^2, ..., alpha^(NUM_SUBRELATIONS-1))
304
308
  uint256 constant NUMBER_OF_ALPHAS = NUMBER_OF_SUBRELATIONS - 1;
305
309
 
306
310
  // ENUM FOR WIRES
@@ -374,7 +378,7 @@ library Honk {
374
378
  G1Point qElliptic; // Auxillary
375
379
  G1Point qPoseidon2External;
376
380
  G1Point qPoseidon2Internal;
377
- // Copy cnstraints
381
+ // Copy constraints
378
382
  G1Point s1;
379
383
  G1Point s2;
380
384
  G1Point s3;
@@ -429,9 +433,12 @@ library Honk {
429
433
  G1Point kzgQuotient;
430
434
  }
431
435
 
436
+ /// forge-lint: disable-next-item(pascal-case-struct)
432
437
  struct ZKProof {
433
438
  // Pairing point object
434
439
  Fr[PAIRING_POINTS_SIZE] pairingPointObject;
440
+ // ZK: Gemini masking polynomial commitment (sent first, right after public inputs)
441
+ G1Point geminiMaskingPoly;
435
442
  // Commitments to wire polynomials
436
443
  G1Point w1;
437
444
  G1Point w2;
@@ -447,11 +454,8 @@ library Honk {
447
454
  // Sumcheck
448
455
  Fr libraSum;
449
456
  Fr[ZK_BATCHED_RELATION_PARTIAL_LENGTH][CONST_PROOF_SIZE_LOG_N] sumcheckUnivariates;
450
- Fr[NUMBER_OF_ENTITIES] sumcheckEvaluations;
451
457
  Fr libraEvaluation;
452
- // ZK
453
- G1Point geminiMaskingPoly;
454
- Fr geminiMaskingEval;
458
+ Fr[NUMBER_OF_ENTITIES_ZK] sumcheckEvaluations; // Includes gemini_masking_poly eval at index 0 (first position)
455
459
  // Shplemini
456
460
  G1Point[CONST_PROOF_SIZE_LOG_N - 1] geminiFoldComms;
457
461
  Fr[CONST_PROOF_SIZE_LOG_N] geminiAEvaluations;
@@ -465,7 +469,7 @@ library Honk {
465
469
  struct Transcript {
466
470
  // Oink
467
471
  Honk.RelationParameters relationParameters;
468
- Fr[NUMBER_OF_ALPHAS] alphas;
472
+ Fr[NUMBER_OF_ALPHAS] alphas; // Powers of alpha: [alpha, alpha^2, ..., alpha^(NUM_SUBRELATIONS-1)]
469
473
  Fr[CONST_PROOF_SIZE_LOG_N] gateChallenges;
470
474
  // Sumcheck
471
475
  Fr[CONST_PROOF_SIZE_LOG_N] sumCheckUChallenges;
@@ -508,8 +512,9 @@ library TranscriptLib {
508
512
 
509
513
  function splitChallenge(Fr challenge) internal pure returns (Fr first, Fr second) {
510
514
  uint256 challengeU256 = uint256(Fr.unwrap(challenge));
511
- uint256 lo = challengeU256 & 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;
512
- uint256 hi = challengeU256 >> 128;
515
+ // Split into two equal 127-bit chunks (254/2)
516
+ uint256 lo = challengeU256 & 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; // 127 bits
517
+ uint256 hi = challengeU256 >> 127;
513
518
  first = FrLib.fromBytes32(bytes32(lo));
514
519
  second = FrLib.fromBytes32(bytes32(hi));
515
520
  }
@@ -773,7 +778,7 @@ library RelationsLib {
773
778
  function accumulateRelationEvaluations(
774
779
  Fr[NUMBER_OF_ENTITIES] memory purportedEvaluations,
775
780
  Honk.RelationParameters memory rp,
776
- Fr[NUMBER_OF_ALPHAS] memory alphas,
781
+ Fr[NUMBER_OF_ALPHAS] memory subrelationChallenges,
777
782
  Fr powPartialEval
778
783
  ) internal pure returns (Fr accumulator) {
779
784
  Fr[NUMBER_OF_SUBRELATIONS] memory evaluations;
@@ -789,8 +794,8 @@ library RelationsLib {
789
794
  accumulatePoseidonExternalRelation(purportedEvaluations, evaluations, powPartialEval);
790
795
  accumulatePoseidonInternalRelation(purportedEvaluations, evaluations, powPartialEval);
791
796
 
792
- // batch the subrelations with the alpha challenges to obtain the full honk relation
793
- accumulator = scaleAndBatchSubrelations(evaluations, alphas);
797
+ // batch the subrelations with the precomputed alpha powers to obtain the full honk relation
798
+ accumulator = scaleAndBatchSubrelations(evaluations, subrelationChallenges);
794
799
  }
795
800
 
796
801
  /**
@@ -869,10 +874,8 @@ library RelationsLib {
869
874
  Fr acc = (wire(p, WIRE.Z_PERM) + wire(p, WIRE.LAGRANGE_FIRST)) * grand_product_numerator;
870
875
 
871
876
  acc = acc
872
- - (
873
- (wire(p, WIRE.Z_PERM_SHIFT) + (wire(p, WIRE.LAGRANGE_LAST) * rp.publicInputsDelta))
874
- * grand_product_denominator
875
- );
877
+ - ((wire(p, WIRE.Z_PERM_SHIFT) + (wire(p, WIRE.LAGRANGE_LAST) * rp.publicInputsDelta))
878
+ * grand_product_denominator);
876
879
  acc = acc * domainSep;
877
880
  evals[2] = acc;
878
881
  }
@@ -912,7 +915,8 @@ library RelationsLib {
912
915
  Fr read_inverse = wire(p, WIRE.LOOKUP_INVERSES) * write_term;
913
916
  Fr write_inverse = wire(p, WIRE.LOOKUP_INVERSES) * read_term;
914
917
 
915
- Fr inverse_exists_xor = wire(p, WIRE.LOOKUP_READ_TAGS) + wire(p, WIRE.Q_LOOKUP)
918
+ Fr inverse_exists_xor =
919
+ wire(p, WIRE.LOOKUP_READ_TAGS) + wire(p, WIRE.Q_LOOKUP)
916
920
  - (wire(p, WIRE.LOOKUP_READ_TAGS) * wire(p, WIRE.Q_LOOKUP));
917
921
 
918
922
  // Inverse calculated correctly relation
@@ -1311,7 +1315,7 @@ library RelationsLib {
1311
1315
  ap.non_native_field_gate_3 = ap.non_native_field_gate_3 * wire(p, WIRE.Q_M);
1312
1316
 
1313
1317
  Fr non_native_field_identity =
1314
- ap.non_native_field_gate_1 + ap.non_native_field_gate_2 + ap.non_native_field_gate_3;
1318
+ ap.non_native_field_gate_1 + ap.non_native_field_gate_2 + ap.non_native_field_gate_3;
1315
1319
  non_native_field_identity = non_native_field_identity * wire(p, WIRE.Q_R);
1316
1320
 
1317
1321
  // ((((w2' * 2^14 + w1') * 2^14 + w3) * 2^14 + w2) * 2^14 + w1 - w4) * qm
@@ -1465,6 +1469,8 @@ library RelationsLib {
1465
1469
  evals[27] = evals[27] + ip.q_pos_by_scaling * (ip.v4 - wire(p, WIRE.W_4_SHIFT));
1466
1470
  }
1467
1471
 
1472
+ // Batch subrelation evaluations using precomputed powers of alpha
1473
+ // First subrelation is implicitly scaled by 1, subsequent ones use powers from the subrelationChallenges array
1468
1474
  function scaleAndBatchSubrelations(
1469
1475
  Fr[NUMBER_OF_SUBRELATIONS] memory evaluations,
1470
1476
  Fr[NUMBER_OF_ALPHAS] memory subrelationChallenges
@@ -1530,10 +1536,8 @@ library CommitmentSchemeLib {
1530
1536
  Fr challengePower = geminiEvalChallengePowers[i - 1];
1531
1537
  Fr u = sumcheckUChallenges[i - 1];
1532
1538
 
1533
- Fr batchedEvalRoundAcc = (
1534
- (challengePower * batchedEvalAccumulator * Fr.wrap(2))
1535
- - geminiEvaluations[i - 1] * (challengePower * (ONE - u) - u)
1536
- );
1539
+ Fr batchedEvalRoundAcc = ((challengePower * batchedEvalAccumulator * Fr.wrap(2)) - geminiEvaluations[i - 1]
1540
+ * (challengePower * (ONE - u) - u));
1537
1541
  // Divide by the denominator
1538
1542
  batchedEvalRoundAcc = batchedEvalRoundAcc * (challengePower * (ONE - u) + u).invert();
1539
1543
 
@@ -1568,8 +1572,7 @@ function bytesToFr(bytes calldata proofSection) pure returns (Fr scalar) {
1568
1572
  // EC Point utilities
1569
1573
  function bytesToG1Point(bytes calldata proofSection) pure returns (Honk.G1Point memory point) {
1570
1574
  point = Honk.G1Point({
1571
- x: uint256(bytes32(proofSection[0x00:0x20])) % Q,
1572
- y: uint256(bytes32(proofSection[0x20:0x40])) % Q
1575
+ x: uint256(bytes32(proofSection[0x00:0x20])) % Q, y: uint256(bytes32(proofSection[0x20:0x40])) % Q
1573
1576
  });
1574
1577
  }
1575
1578