@aztec/ivc-integration 3.0.3 → 4.0.0-devnet.1-patch.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/artifacts/app_creator.json +99 -104
- package/artifacts/app_reader.json +99 -104
- package/artifacts/keys/mock_rollup_root_verifier.sol +96 -100
- package/artifacts/mock_hiding.json +100 -105
- package/artifacts/mock_private_kernel_init.json +101 -106
- package/artifacts/mock_private_kernel_inner.json +101 -106
- package/artifacts/mock_private_kernel_reset.json +107 -107
- package/artifacts/mock_private_kernel_tail.json +101 -106
- package/artifacts/mock_rollup_root.json +58 -63
- package/artifacts/mock_rollup_tx_base_private.json +106 -111
- package/artifacts/mock_rollup_tx_base_public.json +107 -112
- package/artifacts/mock_rollup_tx_merge.json +106 -111
- package/dest/prove_native.d.ts +4 -6
- package/dest/prove_native.d.ts.map +1 -1
- package/dest/prove_native.js +4 -24
- package/dest/types/index.d.ts +4 -4
- package/package.json +18 -18
- package/src/prove_native.ts +1 -28
- package/src/types/index.ts +4 -4
- package/artifacts/keys/mock_hiding.ivc.vk +0 -0
|
@@ -4,85 +4,85 @@ pragma solidity >=0.8.21;
|
|
|
4
4
|
|
|
5
5
|
uint256 constant N = 16777216;
|
|
6
6
|
uint256 constant LOG_N = 24;
|
|
7
|
-
uint256 constant NUMBER_OF_PUBLIC_INPUTS =
|
|
8
|
-
uint256 constant VK_HASH =
|
|
7
|
+
uint256 constant NUMBER_OF_PUBLIC_INPUTS = 9;
|
|
8
|
+
uint256 constant VK_HASH = 0x185e8edbcab52e2a14a24c022fa732dc0d163521307aeadc47bde108a315ccb9;
|
|
9
9
|
library HonkVerificationKey {
|
|
10
10
|
function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) {
|
|
11
11
|
Honk.VerificationKey memory vk = Honk.VerificationKey({
|
|
12
12
|
circuitSize: uint256(16777216),
|
|
13
13
|
logCircuitSize: uint256(24),
|
|
14
|
-
publicInputsSize: uint256(
|
|
14
|
+
publicInputsSize: uint256(9),
|
|
15
15
|
ql: Honk.G1Point({
|
|
16
|
-
x: uint256(
|
|
17
|
-
y: uint256(
|
|
16
|
+
x: uint256(0x2e48850898f93635006347a1ad7e6eadcc69fbe122e84f99d01270c7e43ac052),
|
|
17
|
+
y: uint256(0x21d6304540d7dd4df08fa77760f511ec666d4da3b272b85e80408841a70e8cfd)
|
|
18
18
|
}),
|
|
19
19
|
qr: Honk.G1Point({
|
|
20
|
-
x: uint256(
|
|
21
|
-
y: uint256(
|
|
20
|
+
x: uint256(0x173917d83223386ff1c152923991f1855759eef9a198286154570ca1d36a98ce),
|
|
21
|
+
y: uint256(0x0674ee85da2f54b8e14dd5af4b32a2b0cb3e3a3dba56ce7ae0971659b0e03361)
|
|
22
22
|
}),
|
|
23
23
|
qo: Honk.G1Point({
|
|
24
|
-
x: uint256(
|
|
25
|
-
y: uint256(
|
|
24
|
+
x: uint256(0x0c8b021554e5de1a813945e3feb978627b07a82fa76a84ec367faf3ed696d9bc),
|
|
25
|
+
y: uint256(0x2b9da23955ef9e29333475fda1fb429036772a6afe62a0e5515fb7d41a5b1d35)
|
|
26
26
|
}),
|
|
27
27
|
q4: Honk.G1Point({
|
|
28
|
-
x: uint256(
|
|
29
|
-
y: uint256(
|
|
28
|
+
x: uint256(0x01b8d410fbccc82fa729c2c263210b4659a796b8e3fd1026aa431f4f0989d8e0),
|
|
29
|
+
y: uint256(0x0982b0f18433072ed7869c4247cb58fb2d4a64ffe6c898fbcdaeb87a7b20ad47)
|
|
30
30
|
}),
|
|
31
31
|
qm: Honk.G1Point({
|
|
32
|
-
x: uint256(
|
|
33
|
-
y: uint256(
|
|
32
|
+
x: uint256(0x16d71bca7760db37db62b1e721d195a72aec16d892354445330aef8d5d725932),
|
|
33
|
+
y: uint256(0x0d6c4b694bdc2dd7a8a9f3e42f24916c3aef5b512fdb54238651d40891200a4b)
|
|
34
34
|
}),
|
|
35
35
|
qc: Honk.G1Point({
|
|
36
|
-
x: uint256(
|
|
37
|
-
y: uint256(
|
|
36
|
+
x: uint256(0x142217e2103c3450547ae67759d97f66575d7c63940217a45284431a7a117e6d),
|
|
37
|
+
y: uint256(0x2ec2495feb460bc480585b3067059b1924e74a7136cb93891a5dfea7ca77ac4f)
|
|
38
38
|
}),
|
|
39
39
|
qLookup: Honk.G1Point({
|
|
40
|
-
x: uint256(
|
|
41
|
-
y: uint256(
|
|
40
|
+
x: uint256(0x22011c91613251ef53fd12a397e4bd6165b1ed309dcd94b33ac4226d34b68889),
|
|
41
|
+
y: uint256(0x1fb02875a3542a3a6f4426ad912b70cf32b444a8e439701da6e8e7b30029cfc7)
|
|
42
42
|
}),
|
|
43
43
|
qArith: Honk.G1Point({
|
|
44
|
-
x: uint256(
|
|
45
|
-
y: uint256(
|
|
44
|
+
x: uint256(0x28615af41fbe0e563e4ef6b3d59ef22f1c16c338a010872ecead3044233fda80),
|
|
45
|
+
y: uint256(0x0f04123bd5340a798d470ac888bf2e61da67a9a0eaa0e01a07918037608e7696)
|
|
46
46
|
}),
|
|
47
47
|
qDeltaRange: Honk.G1Point({
|
|
48
|
-
x: uint256(
|
|
49
|
-
y: uint256(
|
|
48
|
+
x: uint256(0x2a97a0e73360e64dabb19e63466406ee9e3aecfb9be4dd0fbd0b569cdba79790),
|
|
49
|
+
y: uint256(0x2bea56b178a8cb9f5edde063961f14313fd7f8420af097bcaf6db029d59aa03e)
|
|
50
50
|
}),
|
|
51
51
|
qElliptic: Honk.G1Point({
|
|
52
|
-
x: uint256(
|
|
53
|
-
y: uint256(
|
|
52
|
+
x: uint256(0x0db0817f2c2f4d554564462fbde5ae84015116b450e599dbc6bf3eb04a7ea55f),
|
|
53
|
+
y: uint256(0x30142e494639de5de6cfaea6095ef4d45355475117a73ceadfb4080c1ba81d7e)
|
|
54
54
|
}),
|
|
55
55
|
qMemory: Honk.G1Point({
|
|
56
|
-
x: uint256(
|
|
57
|
-
y: uint256(
|
|
56
|
+
x: uint256(0x174ee95ad6c141bb397f1a7e5d89200e0d58932abdddbaf2667c697d51099c7d),
|
|
57
|
+
y: uint256(0x193ed7e179456df124aa877fe5ede0df66cf4207ff18adb03bde8f9723bcd282)
|
|
58
58
|
}),
|
|
59
59
|
qNnf: Honk.G1Point({
|
|
60
|
-
x: uint256(
|
|
61
|
-
y: uint256(
|
|
60
|
+
x: uint256(0x2336cc3bd8c6b07a39443e96a9059a378379f226df29d928e2ffa8690dd2d675),
|
|
61
|
+
y: uint256(0x26449ddbade441702ce2020930bdbc0394b1d08296f2abbba61fa6304ee177d2)
|
|
62
62
|
}),
|
|
63
63
|
qPoseidon2External: Honk.G1Point({
|
|
64
|
-
x: uint256(
|
|
65
|
-
y: uint256(
|
|
64
|
+
x: uint256(0x2210bac445fbd0fae760783c2f4f3603af6391197a43406ae442c7bbd8717290),
|
|
65
|
+
y: uint256(0x0f319739b840b0ed610f7dc786d3756eabbac54cf78d19aa2d2f2074551da344)
|
|
66
66
|
}),
|
|
67
67
|
qPoseidon2Internal: Honk.G1Point({
|
|
68
|
-
x: uint256(
|
|
69
|
-
y: uint256(
|
|
68
|
+
x: uint256(0x0d25e78b75e5e55b36c5803035b4a41f4f60325fcffb756828c643b94bd7f3e2),
|
|
69
|
+
y: uint256(0x0ba15fff0aff16780820b71b18c6fd013a4834a3073ef223bcf5e5071301e129)
|
|
70
70
|
}),
|
|
71
71
|
s1: Honk.G1Point({
|
|
72
|
-
x: uint256(
|
|
73
|
-
y: uint256(
|
|
72
|
+
x: uint256(0x1757ec7be947d7cdb4c29ff16743fff8d9c2c36ccf9a86426a15d80fdcc9b66b),
|
|
73
|
+
y: uint256(0x053af357505dd44258826f31f15c868cca22956d96e678ff9f97db6c5b4acfb9)
|
|
74
74
|
}),
|
|
75
75
|
s2: Honk.G1Point({
|
|
76
|
-
x: uint256(
|
|
77
|
-
y: uint256(
|
|
76
|
+
x: uint256(0x0bcc0029fe745278256418c2e9205b976762ca89ee511c820f242a6f90f79fc9),
|
|
77
|
+
y: uint256(0x154cfcb63eb0fd1002608a3d3c01bb002df2ba807f38657bf773ebc79bfb1778)
|
|
78
78
|
}),
|
|
79
79
|
s3: Honk.G1Point({
|
|
80
|
-
x: uint256(
|
|
81
|
-
y: uint256(
|
|
80
|
+
x: uint256(0x233ae57153bc002d5920ccd54a0027d5e7861c9efc260fa750b8a65db2a180b6),
|
|
81
|
+
y: uint256(0x015be97e1325a9ee23c55cdfcda66e3a38025ce873c17a2f1baba0fb2d37edac)
|
|
82
82
|
}),
|
|
83
83
|
s4: Honk.G1Point({
|
|
84
|
-
x: uint256(
|
|
85
|
-
y: uint256(
|
|
84
|
+
x: uint256(0x0a58eeeb7fe74c9d07a3a9f87047bf3d468f5530ca1cda46ccd5ca344b10ffa3),
|
|
85
|
+
y: uint256(0x1eb2ab6dffc801912b77c8fedfc4fdd00a0debe3b09c047b80068684782466e3)
|
|
86
86
|
}),
|
|
87
87
|
t1: Honk.G1Point({
|
|
88
88
|
x: uint256(0x099e3bd5a0a00ab7fe18040105b9b395b5d8b7b4a63b05df652b0d10ef146d26),
|
|
@@ -93,36 +93,36 @@ library HonkVerificationKey {
|
|
|
93
93
|
y: uint256(0x305e8992b148eedb22e6e992077a84482141c7ebe42000a1d58ccb74381f6d19)
|
|
94
94
|
}),
|
|
95
95
|
t3: Honk.G1Point({
|
|
96
|
-
x: uint256(
|
|
97
|
-
y: uint256(
|
|
96
|
+
x: uint256(0x16465a5ccbb550cd2c63bd58116fe47c86847618681dc29d8a9363ab7c40e1c3),
|
|
97
|
+
y: uint256(0x2e24d420fbf9508ed31de692db477b439973ac12d7ca796d6fe98ca40e6ca6b7)
|
|
98
98
|
}),
|
|
99
99
|
t4: Honk.G1Point({
|
|
100
100
|
x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce),
|
|
101
101
|
y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854)
|
|
102
102
|
}),
|
|
103
103
|
id1: Honk.G1Point({
|
|
104
|
-
x: uint256(
|
|
105
|
-
y: uint256(
|
|
104
|
+
x: uint256(0x0e56f3c4e9812e1a072462f1fb2b878ac131720d02340b0a5d2f79aad9fc781f),
|
|
105
|
+
y: uint256(0x04bbc61db8f9c52a191f5a4fdcfaaf763aedf5a991e99ceaaa3746137b86e103)
|
|
106
106
|
}),
|
|
107
107
|
id2: Honk.G1Point({
|
|
108
|
-
x: uint256(
|
|
109
|
-
y: uint256(
|
|
108
|
+
x: uint256(0x071aeeb0ab9ebb6c3dfd8c42f293f2b24038966fd6db76a8af196cfdb2082af2),
|
|
109
|
+
y: uint256(0x2bf8640f4e90c75ace30f4d3ab583e95db1be8d2d92762e41ed2e0485485648b)
|
|
110
110
|
}),
|
|
111
111
|
id3: Honk.G1Point({
|
|
112
|
-
x: uint256(
|
|
113
|
-
y: uint256(
|
|
112
|
+
x: uint256(0x1f701690072a25f55277d3368623d91c53e4c12c767df4e7a3e6b947839f68ac),
|
|
113
|
+
y: uint256(0x20d2c98afe946420cb1dbc07c595b7bd4003f164c00201542107e1a2df919db9)
|
|
114
114
|
}),
|
|
115
115
|
id4: Honk.G1Point({
|
|
116
|
-
x: uint256(
|
|
117
|
-
y: uint256(
|
|
116
|
+
x: uint256(0x07c33542cdea5dd8c3d6511c91d628b46de5eb1c4d55de36cb2a47df733c6ac2),
|
|
117
|
+
y: uint256(0x05ad177da520f03c2131bb547a152af5a424f1623ca749a117441b4bc3ee4022)
|
|
118
118
|
}),
|
|
119
119
|
lagrangeFirst: Honk.G1Point({
|
|
120
120
|
x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001),
|
|
121
121
|
y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002)
|
|
122
122
|
}),
|
|
123
123
|
lagrangeLast: Honk.G1Point({
|
|
124
|
-
x: uint256(
|
|
125
|
-
y: uint256(
|
|
124
|
+
x: uint256(0x1cbaaf995ae271f946d0e6693442e1618f4aec34cb79b287b2512d73f230b985),
|
|
125
|
+
y: uint256(0x010bf4d08073c88bfa78a3b46711cb165983ee1b89c410eb1f71e9167c984b4e)
|
|
126
126
|
})
|
|
127
127
|
});
|
|
128
128
|
return vk;
|
|
@@ -132,7 +132,7 @@ library HonkVerificationKey {
|
|
|
132
132
|
pragma solidity ^0.8.27;
|
|
133
133
|
|
|
134
134
|
interface IVerifier {
|
|
135
|
-
function verify(bytes calldata _proof, bytes32[] calldata _publicInputs) external returns (bool);
|
|
135
|
+
function verify(bytes calldata _proof, bytes32[] calldata _publicInputs) external view returns (bool);
|
|
136
136
|
}
|
|
137
137
|
|
|
138
138
|
type Fr is uint256;
|
|
@@ -299,7 +299,7 @@ uint256 constant NUMBER_OF_ENTITIES_ZK = NUMBER_OF_ENTITIES + NUM_MASKING_POLYNO
|
|
|
299
299
|
uint256 constant NUMBER_UNSHIFTED = 36;
|
|
300
300
|
uint256 constant NUMBER_UNSHIFTED_ZK = NUMBER_UNSHIFTED + NUM_MASKING_POLYNOMIALS;
|
|
301
301
|
uint256 constant NUMBER_TO_BE_SHIFTED = 5;
|
|
302
|
-
uint256 constant PAIRING_POINTS_SIZE =
|
|
302
|
+
uint256 constant PAIRING_POINTS_SIZE = 8;
|
|
303
303
|
|
|
304
304
|
uint256 constant FIELD_ELEMENT_SIZE = 0x20;
|
|
305
305
|
uint256 constant GROUP_ELEMENT_SIZE = 0x40;
|
|
@@ -401,8 +401,6 @@ library Honk {
|
|
|
401
401
|
struct RelationParameters {
|
|
402
402
|
// challenges
|
|
403
403
|
Fr eta;
|
|
404
|
-
Fr etaTwo;
|
|
405
|
-
Fr etaThree;
|
|
406
404
|
Fr beta;
|
|
407
405
|
Fr gamma;
|
|
408
406
|
// derived
|
|
@@ -526,10 +524,9 @@ library TranscriptLib {
|
|
|
526
524
|
uint256 publicInputsSize,
|
|
527
525
|
Fr previousChallenge
|
|
528
526
|
) internal pure returns (Honk.RelationParameters memory rp, Fr nextPreviousChallenge) {
|
|
529
|
-
(rp.eta,
|
|
530
|
-
generateEtaChallenge(proof, publicInputs, vkHash, publicInputsSize);
|
|
527
|
+
(rp.eta, previousChallenge) = generateEtaChallenge(proof, publicInputs, vkHash, publicInputsSize);
|
|
531
528
|
|
|
532
|
-
(rp.beta, rp.gamma, nextPreviousChallenge) =
|
|
529
|
+
(rp.beta, rp.gamma, nextPreviousChallenge) = generateBetaGammaChallenges(previousChallenge, proof);
|
|
533
530
|
}
|
|
534
531
|
|
|
535
532
|
function generateEtaChallenge(
|
|
@@ -537,7 +534,7 @@ library TranscriptLib {
|
|
|
537
534
|
bytes32[] calldata publicInputs,
|
|
538
535
|
uint256 vkHash,
|
|
539
536
|
uint256 publicInputsSize
|
|
540
|
-
) internal pure returns (Fr eta, Fr
|
|
537
|
+
) internal pure returns (Fr eta, Fr previousChallenge) {
|
|
541
538
|
bytes32[] memory round0 = new bytes32[](1 + publicInputsSize + 6);
|
|
542
539
|
round0[0] = bytes32(vkHash);
|
|
543
540
|
|
|
@@ -558,14 +555,10 @@ library TranscriptLib {
|
|
|
558
555
|
round0[1 + publicInputsSize + 5] = bytes32(proof.w3.y);
|
|
559
556
|
|
|
560
557
|
previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(round0)));
|
|
561
|
-
(eta,
|
|
562
|
-
|
|
563
|
-
previousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(previousChallenge))));
|
|
564
|
-
Fr unused;
|
|
565
|
-
(etaThree, unused) = splitChallenge(previousChallenge);
|
|
558
|
+
(eta,) = splitChallenge(previousChallenge);
|
|
566
559
|
}
|
|
567
560
|
|
|
568
|
-
function
|
|
561
|
+
function generateBetaGammaChallenges(Fr previousChallenge, Honk.Proof memory proof)
|
|
569
562
|
internal
|
|
570
563
|
pure
|
|
571
564
|
returns (Fr beta, Fr gamma, Fr nextPreviousChallenge)
|
|
@@ -893,38 +886,42 @@ library RelationsLib {
|
|
|
893
886
|
Fr[NUMBER_OF_SUBRELATIONS] memory evals,
|
|
894
887
|
Fr domainSep
|
|
895
888
|
) internal pure {
|
|
896
|
-
Fr
|
|
897
|
-
Fr
|
|
889
|
+
Fr table_term;
|
|
890
|
+
Fr lookup_term;
|
|
898
891
|
|
|
899
892
|
// Calculate the write term (the table accumulation)
|
|
893
|
+
// table_term = table_1 + γ + table_2 * β + table_3 * β² + table_4 * β³
|
|
900
894
|
{
|
|
901
|
-
|
|
902
|
-
|
|
895
|
+
Fr beta_sqr = rp.beta * rp.beta;
|
|
896
|
+
table_term = wire(p, WIRE.TABLE_1) + rp.gamma + (wire(p, WIRE.TABLE_2) * rp.beta)
|
|
897
|
+
+ (wire(p, WIRE.TABLE_3) * beta_sqr) + (wire(p, WIRE.TABLE_4) * beta_sqr * rp.beta);
|
|
903
898
|
}
|
|
904
899
|
|
|
905
|
-
// Calculate the
|
|
900
|
+
// Calculate the read term
|
|
901
|
+
// lookup_term = derived_entry_1 + γ + derived_entry_2 * β + derived_entry_3 * β² + q_index * β³
|
|
906
902
|
{
|
|
903
|
+
Fr beta_sqr = rp.beta * rp.beta;
|
|
907
904
|
Fr derived_entry_1 = wire(p, WIRE.W_L) + rp.gamma + (wire(p, WIRE.Q_R) * wire(p, WIRE.W_L_SHIFT));
|
|
908
905
|
Fr derived_entry_2 = wire(p, WIRE.W_R) + wire(p, WIRE.Q_M) * wire(p, WIRE.W_R_SHIFT);
|
|
909
906
|
Fr derived_entry_3 = wire(p, WIRE.W_O) + wire(p, WIRE.Q_C) * wire(p, WIRE.W_O_SHIFT);
|
|
910
907
|
|
|
911
|
-
|
|
912
|
-
+ (wire(p, WIRE.Q_O) * rp.
|
|
908
|
+
lookup_term = derived_entry_1 + (derived_entry_2 * rp.beta) + (derived_entry_3 * beta_sqr)
|
|
909
|
+
+ (wire(p, WIRE.Q_O) * beta_sqr * rp.beta);
|
|
913
910
|
}
|
|
914
911
|
|
|
915
|
-
Fr
|
|
916
|
-
Fr
|
|
912
|
+
Fr lookup_inverse = wire(p, WIRE.LOOKUP_INVERSES) * table_term;
|
|
913
|
+
Fr table_inverse = wire(p, WIRE.LOOKUP_INVERSES) * lookup_term;
|
|
917
914
|
|
|
918
915
|
Fr inverse_exists_xor =
|
|
919
916
|
wire(p, WIRE.LOOKUP_READ_TAGS) + wire(p, WIRE.Q_LOOKUP)
|
|
920
917
|
- (wire(p, WIRE.LOOKUP_READ_TAGS) * wire(p, WIRE.Q_LOOKUP));
|
|
921
918
|
|
|
922
919
|
// Inverse calculated correctly relation
|
|
923
|
-
Fr accumulatorNone =
|
|
920
|
+
Fr accumulatorNone = lookup_term * table_term * wire(p, WIRE.LOOKUP_INVERSES) - inverse_exists_xor;
|
|
924
921
|
accumulatorNone = accumulatorNone * domainSep;
|
|
925
922
|
|
|
926
923
|
// Inverse
|
|
927
|
-
Fr accumulatorOne = wire(p, WIRE.Q_LOOKUP) *
|
|
924
|
+
Fr accumulatorOne = wire(p, WIRE.Q_LOOKUP) * lookup_inverse - wire(p, WIRE.LOOKUP_READ_COUNTS) * table_inverse;
|
|
928
925
|
|
|
929
926
|
Fr read_tag = wire(p, WIRE.LOOKUP_READ_TAGS);
|
|
930
927
|
|
|
@@ -1103,6 +1100,10 @@ library RelationsLib {
|
|
|
1103
1100
|
) internal pure {
|
|
1104
1101
|
MemParams memory ap;
|
|
1105
1102
|
|
|
1103
|
+
// Compute eta powers locally
|
|
1104
|
+
Fr eta_two = rp.eta * rp.eta;
|
|
1105
|
+
Fr eta_three = eta_two * rp.eta;
|
|
1106
|
+
|
|
1106
1107
|
/**
|
|
1107
1108
|
* MEMORY
|
|
1108
1109
|
*
|
|
@@ -1144,8 +1145,8 @@ library RelationsLib {
|
|
|
1144
1145
|
*
|
|
1145
1146
|
* For ROM gates, qc = 0
|
|
1146
1147
|
*/
|
|
1147
|
-
ap.memory_record_check = wire(p, WIRE.W_O) *
|
|
1148
|
-
ap.memory_record_check = ap.memory_record_check + (wire(p, WIRE.W_R) *
|
|
1148
|
+
ap.memory_record_check = wire(p, WIRE.W_O) * eta_three;
|
|
1149
|
+
ap.memory_record_check = ap.memory_record_check + (wire(p, WIRE.W_R) * eta_two);
|
|
1149
1150
|
ap.memory_record_check = ap.memory_record_check + (wire(p, WIRE.W_L) * rp.eta);
|
|
1150
1151
|
ap.memory_record_check = ap.memory_record_check + wire(p, WIRE.Q_C);
|
|
1151
1152
|
ap.partial_record_check = ap.memory_record_check; // used in RAM consistency check; deg 1 or 4
|
|
@@ -1205,8 +1206,8 @@ library RelationsLib {
|
|
|
1205
1206
|
|
|
1206
1207
|
// reverse order we could re-use `ap.partial_record_check` 1 - ((w3' * eta + w2') * eta + w1') * eta
|
|
1207
1208
|
// deg 1 or 4
|
|
1208
|
-
ap.next_gate_access_type = wire(p, WIRE.W_O_SHIFT) *
|
|
1209
|
-
ap.next_gate_access_type = ap.next_gate_access_type + (wire(p, WIRE.W_R_SHIFT) *
|
|
1209
|
+
ap.next_gate_access_type = wire(p, WIRE.W_O_SHIFT) * eta_three;
|
|
1210
|
+
ap.next_gate_access_type = ap.next_gate_access_type + (wire(p, WIRE.W_R_SHIFT) * eta_two);
|
|
1210
1211
|
ap.next_gate_access_type = ap.next_gate_access_type + (wire(p, WIRE.W_L_SHIFT) * rp.eta);
|
|
1211
1212
|
ap.next_gate_access_type = wire(p, WIRE.W_4_SHIFT) - ap.next_gate_access_type;
|
|
1212
1213
|
|
|
@@ -1584,41 +1585,36 @@ function negateInplace(Honk.G1Point memory point) pure returns (Honk.G1Point mem
|
|
|
1584
1585
|
/**
|
|
1585
1586
|
* Convert the pairing points to G1 points.
|
|
1586
1587
|
*
|
|
1587
|
-
* The pairing points are serialised as an array of
|
|
1588
|
-
*
|
|
1588
|
+
* The pairing points are serialised as an array of 136-bit limbs representing two points
|
|
1589
|
+
* (P0 and P1, used for lhs and rhs of pairing operation).
|
|
1589
1590
|
*
|
|
1590
|
-
* There are
|
|
1591
|
+
* There are 2 limbs (lo, hi) for each coordinate, so 4 limbs per point, 8 total.
|
|
1592
|
+
* Layout: [P0.x_lo, P0.x_hi, P0.y_lo, P0.y_hi, P1.x_lo, P1.x_hi, P1.y_lo, P1.y_hi]
|
|
1591
1593
|
*
|
|
1592
1594
|
* @param pairingPoints The pairing points to convert.
|
|
1593
|
-
* @return lhs
|
|
1594
|
-
* @return rhs
|
|
1595
|
+
* @return lhs P0 point
|
|
1596
|
+
* @return rhs P1 point
|
|
1595
1597
|
*/
|
|
1596
1598
|
function convertPairingPointsToG1(Fr[PAIRING_POINTS_SIZE] memory pairingPoints)
|
|
1597
1599
|
pure
|
|
1598
1600
|
returns (Honk.G1Point memory lhs, Honk.G1Point memory rhs)
|
|
1599
1601
|
{
|
|
1602
|
+
// P0 (lhs): x = lo + hi << 136
|
|
1600
1603
|
uint256 lhsX = Fr.unwrap(pairingPoints[0]);
|
|
1601
|
-
lhsX |= Fr.unwrap(pairingPoints[1]) <<
|
|
1602
|
-
lhsX |= Fr.unwrap(pairingPoints[2]) << 136;
|
|
1603
|
-
lhsX |= Fr.unwrap(pairingPoints[3]) << 204;
|
|
1604
|
+
lhsX |= Fr.unwrap(pairingPoints[1]) << 136;
|
|
1604
1605
|
lhs.x = lhsX;
|
|
1605
1606
|
|
|
1606
|
-
uint256 lhsY = Fr.unwrap(pairingPoints[
|
|
1607
|
-
lhsY |= Fr.unwrap(pairingPoints[
|
|
1608
|
-
lhsY |= Fr.unwrap(pairingPoints[6]) << 136;
|
|
1609
|
-
lhsY |= Fr.unwrap(pairingPoints[7]) << 204;
|
|
1607
|
+
uint256 lhsY = Fr.unwrap(pairingPoints[2]);
|
|
1608
|
+
lhsY |= Fr.unwrap(pairingPoints[3]) << 136;
|
|
1610
1609
|
lhs.y = lhsY;
|
|
1611
1610
|
|
|
1612
|
-
|
|
1613
|
-
rhsX
|
|
1614
|
-
rhsX |= Fr.unwrap(pairingPoints[
|
|
1615
|
-
rhsX |= Fr.unwrap(pairingPoints[11]) << 204;
|
|
1611
|
+
// P1 (rhs): x = lo + hi << 136
|
|
1612
|
+
uint256 rhsX = Fr.unwrap(pairingPoints[4]);
|
|
1613
|
+
rhsX |= Fr.unwrap(pairingPoints[5]) << 136;
|
|
1616
1614
|
rhs.x = rhsX;
|
|
1617
1615
|
|
|
1618
|
-
uint256 rhsY = Fr.unwrap(pairingPoints[
|
|
1619
|
-
rhsY |= Fr.unwrap(pairingPoints[
|
|
1620
|
-
rhsY |= Fr.unwrap(pairingPoints[14]) << 136;
|
|
1621
|
-
rhsY |= Fr.unwrap(pairingPoints[15]) << 204;
|
|
1616
|
+
uint256 rhsY = Fr.unwrap(pairingPoints[6]);
|
|
1617
|
+
rhsY |= Fr.unwrap(pairingPoints[7]) << 136;
|
|
1622
1618
|
rhs.y = rhsY;
|
|
1623
1619
|
}
|
|
1624
1620
|
|