@aztec/ivc-integration 4.0.0-nightly.20250907 → 4.0.0-nightly.20260107

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. package/artifacts/app_creator.json +190 -1
  2. package/artifacts/app_reader.json +190 -1
  3. package/artifacts/keys/mock_hiding.ivc.vk +0 -0
  4. package/artifacts/keys/mock_rollup_root_verifier.sol +92 -92
  5. package/artifacts/mock_hiding.json +224 -1
  6. package/artifacts/mock_private_kernel_init.json +287 -1
  7. package/artifacts/mock_private_kernel_inner.json +337 -1
  8. package/artifacts/mock_private_kernel_reset.json +273 -1
  9. package/artifacts/mock_private_kernel_tail.json +242 -1
  10. package/artifacts/mock_rollup_root.json +241 -1
  11. package/artifacts/mock_rollup_tx_base_private.json +232 -0
  12. package/artifacts/mock_rollup_tx_base_public.json +1394 -0
  13. package/artifacts/mock_rollup_tx_merge.json +297 -0
  14. package/dest/bb_working_directory.d.ts +1 -1
  15. package/dest/index.d.ts +1 -1
  16. package/dest/prove_native.d.ts +7 -7
  17. package/dest/prove_native.d.ts.map +1 -1
  18. package/dest/prove_native.js +24 -44
  19. package/dest/scripts/generate_declaration_files.d.ts +1 -1
  20. package/dest/scripts/generate_declaration_files.js +0 -6
  21. package/dest/scripts/generate_ts_from_abi.d.ts +1 -1
  22. package/dest/scripts/generate_ts_from_abi.js +3 -3
  23. package/dest/serve.d.ts +1 -1
  24. package/dest/serve.js +34 -17
  25. package/dest/types/index.d.ts +27 -28
  26. package/dest/types/index.d.ts.map +1 -1
  27. package/dest/types/index.js +8 -9
  28. package/dest/witgen.d.ts +52 -22
  29. package/dest/witgen.d.ts.map +1 -1
  30. package/dest/witgen.js +48 -47
  31. package/package.json +23 -25
  32. package/src/prove_native.ts +27 -65
  33. package/src/scripts/generate_declaration_files.ts +0 -8
  34. package/src/scripts/generate_ts_from_abi.ts +3 -3
  35. package/src/serve.ts +43 -16
  36. package/src/types/index.ts +32 -33
  37. package/src/witgen.ts +60 -34
  38. package/artifacts/keys/app_creator.vk.data.d.json.ts +0 -2
  39. package/artifacts/keys/app_creator.vk.data.json +0 -132
  40. package/artifacts/keys/app_reader.vk.data.d.json.ts +0 -2
  41. package/artifacts/keys/app_reader.vk.data.json +0 -132
  42. package/artifacts/keys/mock_hiding.vk.data.d.json.ts +0 -2
  43. package/artifacts/keys/mock_hiding.vk.data.json +0 -132
  44. package/artifacts/keys/mock_private_kernel_init.vk.data.d.json.ts +0 -2
  45. package/artifacts/keys/mock_private_kernel_init.vk.data.json +0 -132
  46. package/artifacts/keys/mock_private_kernel_inner.vk.data.d.json.ts +0 -2
  47. package/artifacts/keys/mock_private_kernel_inner.vk.data.json +0 -132
  48. package/artifacts/keys/mock_private_kernel_reset.vk.data.d.json.ts +0 -2
  49. package/artifacts/keys/mock_private_kernel_reset.vk.data.json +0 -132
  50. package/artifacts/keys/mock_private_kernel_tail.vk.data.d.json.ts +0 -2
  51. package/artifacts/keys/mock_private_kernel_tail.vk.data.json +0 -132
  52. package/artifacts/keys/mock_rollup_base_private.vk.data.d.json.ts +0 -2
  53. package/artifacts/keys/mock_rollup_base_private.vk.data.json +0 -120
  54. package/artifacts/keys/mock_rollup_base_public.vk.data.d.json.ts +0 -2
  55. package/artifacts/keys/mock_rollup_base_public.vk.data.json +0 -120
  56. package/artifacts/keys/mock_rollup_merge.vk.data.d.json.ts +0 -2
  57. package/artifacts/keys/mock_rollup_merge.vk.data.json +0 -120
  58. package/artifacts/keys/mock_rollup_root.vk.data.d.json.ts +0 -2
  59. package/artifacts/keys/mock_rollup_root.vk.data.json +0 -64
  60. package/artifacts/mock_rollup_base_private.json +0 -1
  61. package/artifacts/mock_rollup_base_public.json +0 -1
  62. package/artifacts/mock_rollup_merge.json +0 -1
  63. package/dest/prove_wasm.d.ts +0 -4
  64. package/dest/prove_wasm.d.ts.map +0 -1
  65. package/dest/prove_wasm.js +0 -36
  66. package/src/prove_wasm.ts +0 -57
  67. /package/artifacts/{mock_rollup_base_private.d.json.ts → mock_rollup_tx_base_private.d.json.ts} +0 -0
  68. /package/artifacts/{mock_rollup_base_public.d.json.ts → mock_rollup_tx_base_public.d.json.ts} +0 -0
  69. /package/artifacts/{mock_rollup_merge.d.json.ts → mock_rollup_tx_merge.d.json.ts} +0 -0
package/artifacts/keys/mock_rollup_root_verifier.sol CHANGED
@@ -2,127 +2,127 @@
2
2
  // Copyright 2022 Aztec
3
3
  pragma solidity >=0.8.21;
4
4
 
5
- uint256 constant N = 33554432;
6
- uint256 constant LOG_N = 25;
5
+ uint256 constant N = 16777216;
6
+ uint256 constant LOG_N = 24;
7
7
  uint256 constant NUMBER_OF_PUBLIC_INPUTS = 17;
8
- uint256 constant VK_HASH = 0x15beb4544cfdb1e2b6fddea3ef7329fbf364ea070a4751d70fdc931e0fdb054e;
8
+ uint256 constant VK_HASH = 0x19d42cfea73135ddcbdd21c45a96acf0d5a1af10075d297c910e93fe3250500a;
9
9
  library HonkVerificationKey {
10
10
  function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) {
11
11
  Honk.VerificationKey memory vk = Honk.VerificationKey({
12
- circuitSize: uint256(33554432),
13
- logCircuitSize: uint256(25),
12
+ circuitSize: uint256(16777216),
13
+ logCircuitSize: uint256(24),
14
14
  publicInputsSize: uint256(17),
15
15
  ql: Honk.G1Point({
16
- x: uint256(0x2eba67059cbacbde61a1895dceb2678d7300800986651d8496c9437dcf3bc8fc),
17
- y: uint256(0x0efdc4bd61f31fe65c41d65c488c52ba5a8ff999d26230fa192385d9f9c44974)
16
+ x: uint256(0x23d4282a441f9c6beacad29797c48d29b3528ea3812d852e05e73ce20db3f438),
17
+ y: uint256(0x2ab77953f9ecd8409395d65cf6b081e6b12c828a63ed74840bf09a0e82c8d05f)
18
18
  }),
19
19
  qr: Honk.G1Point({
20
- x: uint256(0x05a8b7d679e1fc3a3706afa3a5150e6a88dfcf0121cea94c5dd89a7603484048),
21
- y: uint256(0x28f71eaa5fd895620e184c02b33c25050bf828e25ddd68def0d1fdb4397fb26b)
20
+ x: uint256(0x2c271cc13786f212f8461c2cba40d65c2d2e2ca710d03b1ad384c73e35c65567),
21
+ y: uint256(0x1e180b3727a0611d6cdaf676dc61a5f00f3721922fd992bbec2dafe992f5347f)
22
22
  }),
23
23
  qo: Honk.G1Point({
24
- x: uint256(0x279025cc22ee882028129553142093e4bb8f3c29521305c738727eae33259baa),
25
- y: uint256(0x231e2647fcb7c58b5d4e26f10dea0033921753ecb49d9fccb74d1b7d981f6480)
24
+ x: uint256(0x265bc2837ab7e9f7a8e1522c7352302443ab82c791b7149d4b385ff6aec6e90c),
25
+ y: uint256(0x15a9e5963e2dcef6d45e5887b2b65e47f4274164c455aa988f730c299452eb34)
26
26
  }),
27
27
  q4: Honk.G1Point({
28
- x: uint256(0x26a8769c4950535230d530e09d86faa2b6b453482e7c543df8753a4aef32fbf4),
29
- y: uint256(0x11e7170a8c5082e6cd14e591322b81ccb2844eda056f82f5c1c667b4b7d7a2a5)
28
+ x: uint256(0x145a3952bf611cdc0c2a3b38cc3870dd56aef040c1e887c66a3d2c4e638f3023),
29
+ y: uint256(0x0b8c1ab1817c1f2894e79301c655ba413a67c8aef5aae1931e5308a6831099ae)
30
30
  }),
31
31
  qm: Honk.G1Point({
32
- x: uint256(0x2c74cbfc3178905fa9470f49296f1d853b533a557abdb9e995087ed26d07f1d3),
33
- y: uint256(0x29154e002ac6e2ff17b0e93a26d807ef7947b352a75d1c49c8069784304ee73b)
32
+ x: uint256(0x2e9529e3d4ec3104c47a568a4c3717fded77a7efcf811e4b57becf2982ab17b8),
33
+ y: uint256(0x2743481c2220f25f690fbcb0fcb724a7478f9beedd566c63206688e7cbcf015d)
34
34
  }),
35
35
  qc: Honk.G1Point({
36
- x: uint256(0x25cdacdd92019f6c80cbbfc8d13a255fa0793f983e267b622cb0c09171ef850d),
37
- y: uint256(0x2f91a571db395a9dd08a8fd5913441c128b721aeaec1b91475df4ec21f540fc1)
36
+ x: uint256(0x0a8dda3a936ce4652efa3f4c08baacdbba41a66348b3f174ad435a44f7160183),
37
+ y: uint256(0x2b99af8bb2fd01ce2e2c308212addefa5965a3c874c29a06962c4d11bf6e6cad)
38
38
  }),
39
39
  qLookup: Honk.G1Point({
40
40
  x: uint256(0x0c4032c3079594eb75a8449d3d5ce8bc3661650d53f9b24d923d8f404cb0bbc9),
41
41
  y: uint256(0x1084d709650356d40f0158fd6da81f54eb5fe796a0ca89441369b7c24301f851)
42
42
  }),
43
43
  qArith: Honk.G1Point({
44
- x: uint256(0x1dd09e03db9d961dc49e74e58cabfbed3fb309686ca30e8792911b9194e8f9b0),
45
- y: uint256(0x2d1e5cbe65ea33a00e7f25f9cbee1d542c58ea99913f827baee138a6f2aab263)
44
+ x: uint256(0x158e24a0c66122919b334a98b6a106357b3d6aa689605f2d5a3a2ffe931eaeac),
45
+ y: uint256(0x0a482bc5ee5d7fd613ab993b47306e3b52bacd3e06bbc3b4ac3d7da9a7853507)
46
46
  }),
47
47
  qDeltaRange: Honk.G1Point({
48
- x: uint256(0x2484220e6091fe2255841f40c64bf291bbc85c9854d083e1eb318f03abddeb03),
49
- y: uint256(0x0a92004a9f04527baed315a45cc534dd68b02cbe1cdfff48ed9d63be7b4da2e7)
48
+ x: uint256(0x01499694d3ea523e6bcaa2f9ddba1be7b5e2f0edce9dc4c8116db08e1d074fa7),
49
+ y: uint256(0x0cb91ab0a5c542d9da5ee2ffc67568c7a42b4ac39125c9b494f683afa64ddfc7)
50
50
  }),
51
51
  qElliptic: Honk.G1Point({
52
- x: uint256(0x19be870b35e25ac606bc0e81bf66a03b8a7862521b0ee9e6738a572ff134e7e6),
53
- y: uint256(0x151925d430c1cbc75318913f055f45c0b4dac33b2f987c45e030b1d4019f085e)
52
+ x: uint256(0x0eed4d34d75b24b642ee8549c1f3376307573543b804e1646c153b0c30879cdc),
53
+ y: uint256(0x23aa5771d3148f26895188cc34b5f046c606e88ba0ea0a2b12a882d93620f0fd)
54
54
  }),
55
55
  qMemory: Honk.G1Point({
56
- x: uint256(0x09ca7a9b77420946c0da2ec02e6b8c685b950c1a377c26e7b8ec9a449e932f79),
57
- y: uint256(0x226d3640a6d6b873a61b020d9218104e90e00614aae841a5ff6742d69814de7d)
56
+ x: uint256(0x29668bbc885db3c01059d9af2772760e536d464b38938af18a69f709e3324051),
57
+ y: uint256(0x11837228513dff0495f0f3c228f99a0f5aa6e95de5625eb1cfa47cfd0ed03598)
58
58
  }),
59
59
  qNnf: Honk.G1Point({
60
- x: uint256(0x03555f9266f655c18ad5f0c8f7a448d4c2851405129009175a6b1e63d1e5be76),
61
- y: uint256(0x028b490a9e7bc250a4a28b39be7c611881fe3854c5f4485c24ff669125efb732)
60
+ x: uint256(0x0b1b1b0ffa12e1626da76e5a6a1f8afc8d22f0b2c562f02307587e3d4d0af097),
61
+ y: uint256(0x00633a02e7a8a30bc8690bd7df303f2e3ca60eaa22fc548867cb6d52de985ee2)
62
62
  }),
63
63
  qPoseidon2External: Honk.G1Point({
64
- x: uint256(0x2b24c13a487578221b5bf8024d6cbf4363d425ae4557a010e93d7317affadecc),
65
- y: uint256(0x080faed2107e528dc1d63fe61d7004e9d70b990b7daeaf1f5b53ba7a6be065c8)
64
+ x: uint256(0x07f18979d0471f2fb1153c0b4b830505a176d330f8982ab118ca5a2c4f14775b),
65
+ y: uint256(0x2ce91692406c783c6f458682e16f6e65d9c28e1073a5f017efed5b46abcea51e)
66
66
  }),
67
67
  qPoseidon2Internal: Honk.G1Point({
68
- x: uint256(0x2ef943de70d89b002b86cd6d8a5b2bf71b75de98d1f11cbc3b211037b0b04203),
69
- y: uint256(0x0abd0a91f8132da3140abbe61cf28588d99754ab0fbe7877e886c45df951b4b8)
68
+ x: uint256(0x3011fdafd0f658cac687b5a49cc38b249f0e09996a132be63d9337337dceb61c),
69
+ y: uint256(0x0f4a9000e75fb3988b4e7affb70d10978eb26001b73a190f616cebe4028b9334)
70
70
  }),
71
71
  s1: Honk.G1Point({
72
- x: uint256(0x096963140247d364ab0ea9fc956fa4511c272ea6824ecab5ca2664fd5189baeb),
73
- y: uint256(0x0d93e66a25e69d82a29f64ce4b858b2f50120e0d334b02bde9410e03148b3bb2)
72
+ x: uint256(0x1cd8caecce010cf47d40d329d344c659e0d576fa1d58582fc905b967014ec1dc),
73
+ y: uint256(0x2c5108e39d6b63a0080b16ee18346f720a3255e530f8a32bc1e4c0e4bd2429ea)
74
74
  }),
75
75
  s2: Honk.G1Point({
76
- x: uint256(0x1ff25f6c0872ed7e29bb48c65c36b4e49be415d203244c7c44c5882f00c4812e),
77
- y: uint256(0x2413ffd636c111bd30abc67c9ce478f7dde7f4187e6211cdde9e774e815bcd9f)
76
+ x: uint256(0x1d607e7284068c91e1558d946fc90d7a5cf5b8e97cce000d065fd7b037d88d79),
77
+ y: uint256(0x12e3195b451aecb04e7cff309dad9b8fe4c4d453ff6c8cb5da1e3441929d90da)
78
78
  }),
79
79
  s3: Honk.G1Point({
80
- x: uint256(0x1da9ec5698691ae6e9aeedddddcc985056667a694483686093eb169369c634fa),
81
- y: uint256(0x0bd8e858df949e3481e205652bc4b6f30e9581ad415ca32279402eca44544594)
80
+ x: uint256(0x0ab5426f510f2f4f6746a0c43e9d5e01c4e3604f53409d093544352bf8a9d0eb),
81
+ y: uint256(0x22971551b566e1053b8d04d67e5c8a8b96f487cdb52972032128b3e3f44ec214)
82
82
  }),
83
83
  s4: Honk.G1Point({
84
- x: uint256(0x01bf1e74e636882f1adbf6732e27d901cb1658e560c475f30c0263edbd2e289a),
85
- y: uint256(0x149a686eed2b7ce6ffffa0503d013f49f82258bd981f7303eced08615342d928)
84
+ x: uint256(0x0b23a8c89659f731a565c6e220602da0c6105f5e0625c676c7c3099f033de617),
85
+ y: uint256(0x1c0cd53d337d958a28f432c37e41fac2d562cfdbcc188bdea5f1fdefbd0f79b6)
86
86
  }),
87
87
  t1: Honk.G1Point({
88
- x: uint256(0x0450f8716810dff987300c3bc10a892b1c1c2637db3f8fecd9d8bb38442cc468),
89
- y: uint256(0x10005567f9eb3d3a97098baa0d71c65db2bf83f8a194086a4cca39916b578faf)
88
+ x: uint256(0x099e3bd5a0a00ab7fe18040105b9b395b5d8b7b4a63b05df652b0d10ef146d26),
89
+ y: uint256(0x0015b8d2515d76e2ccec99dcd194592129af3a637f5a622a32440f860d1e2a7f)
90
90
  }),
91
91
  t2: Honk.G1Point({
92
- x: uint256(0x103bcf2cf468d53c71d57b5c0ab31231e12e1ce3a444583203ea04c16ec69eb2),
93
- y: uint256(0x0c5d6e7a8b0b14d4ed8f51217ae8af4207277f4116e0af5a9268b38a5d34910b)
92
+ x: uint256(0x1b917517920bad3d8bc01c9595092a222b888108dc25d1aa450e0b4bc212c37e),
93
+ y: uint256(0x305e8992b148eedb22e6e992077a84482141c7ebe42000a1d58ccb74381f6d19)
94
94
  }),
95
95
  t3: Honk.G1Point({
96
- x: uint256(0x0924c2d3fa7bd443b6244e3f29179883c120acb66ce414b5147c31531392c530),
97
- y: uint256(0x07e5e59aa353dc977d4e082214179998a8086106f1eaaf33ee0b012cbd77066f)
96
+ x: uint256(0x061f64497996e8915722501e9e367938ed8da2375186b518c7345c60b1134b2d),
97
+ y: uint256(0x1b84d38339321f405ebaf6a2f830842ad3d7cb59792e11c0d2691f317fd50e6e)
98
98
  }),
99
99
  t4: Honk.G1Point({
100
- x: uint256(0x132b76a71278e567595f3aaf837a72eb0ab515191143e5a3c8bd587526486628),
101
- y: uint256(0x2c6b2a0de0a3fefdfc4fb4f3b8381d2c37ccc495848c2887f98bfbaca776ca39)
100
+ x: uint256(0x043d063b130adfb37342af45d0155a28edd1a7e46c840d9c943fdf45521c64ce),
101
+ y: uint256(0x261522c4089330646aff96736194949330952ae74c573d1686d9cb4a00733854)
102
102
  }),
103
103
  id1: Honk.G1Point({
104
- x: uint256(0x0e8daaf7739faae6ff542991224deb9c6184ea0ffdc9db216b134c6dadb568f1),
105
- y: uint256(0x116a347b5a487fba7d5494cd2bb8c46efd35e63d644ddcb1d0cb37a2ffb040a0)
104
+ x: uint256(0x2bb34219e920d086fff5b011ec6bbc9372ca7a99f8f319296bd14623770e6221),
105
+ y: uint256(0x10f791ae4d1a878be79291d9616baf207d2a098e5339a2f8f7fc7ceef30c1724)
106
106
  }),
107
107
  id2: Honk.G1Point({
108
- x: uint256(0x19ac0e5f031ce82aecd40e55ab5e8bd82fd0877104a27cda9ab2757e7b13e3ef),
109
- y: uint256(0x12375cb3087e5a45cfb9138c90e5d6642d25d128cd662cc2ea7c79f84e907d08)
108
+ x: uint256(0x0991ca7cfd1acc5867df62f6ef89a45a66a15847ce2f280aa0a48b16e37ebfcb),
109
+ y: uint256(0x0ca59941c607ff769186089cde55b36e3f6d833ed05914e2104aff661bcb17e1)
110
110
  }),
111
111
  id3: Honk.G1Point({
112
- x: uint256(0x2335c96bbfeec1ff7fcbd4a4c863f4feaa9e96e1e978421fcc11b6795a7515c8),
113
- y: uint256(0x21cd29f3865cf6921470a23cb7be89240cef751dec50aa50ae86d24ab426856e)
112
+ x: uint256(0x2a5c91af77d644babf3e03b3a9a769bfa7395005737de5cd0aa7a64ac6667a58),
113
+ y: uint256(0x2c905f520a5d854deefb4ff4584b1ddb095c1a33246e2216fb7fc002bd10033a)
114
114
  }),
115
115
  id4: Honk.G1Point({
116
- x: uint256(0x1cd094dea552bd522e97561692d7349d9b1bf3f619fd0d72907930d8dec5db73),
117
- y: uint256(0x18229a95a2f55a30f893a4340a21d06a5aa1e3e0af55669318bdc196acecf240)
116
+ x: uint256(0x183caec2470defc66598c53bfd295f8779574e4bad72931451cc083e73022e43),
117
+ y: uint256(0x1d5e39281872a95600020a1130d5db1d99b6b7d87ce5b0510edd03074cb06a57)
118
118
  }),
119
119
  lagrangeFirst: Honk.G1Point({
120
120
  x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001),
121
121
  y: uint256(0x0000000000000000000000000000000000000000000000000000000000000002)
122
122
  }),
123
123
  lagrangeLast: Honk.G1Point({
124
- x: uint256(0x0f5e2881303db24f8788adfb02154431eebdce474c488803b97bebe9f904bfe7),
125
- y: uint256(0x2dccdbc7fa8df48412f9a580827ffb78c81d2e334900e25dae24d879fd41c780)
124
+ x: uint256(0x0f84a3559e391453b76d2f0b2d99fec091c8194ef176ad939e28da81b4ccb112),
125
+ y: uint256(0x2b93fb997c35b2f7a33cbbd7042dbbee5bbb9adb3bc72d6cb71d2eb298495a68)
126
126
  })
127
127
  });
128
128
  return vk;
@@ -185,7 +185,7 @@ library FrLib {
185
185
  mstore(add(free, 0x20), 0x20)
186
186
  mstore(add(free, 0x40), 0x20)
187
187
  mstore(add(free, 0x60), v)
188
- mstore(add(free, 0x80), sub(MODULUS, 2))
188
+ mstore(add(free, 0x80), sub(MODULUS, 2))
189
189
  mstore(add(free, 0xa0), MODULUS)
190
190
  let success := staticcall(gas(), 0x05, free, 0xc0, 0x00, 0x20)
191
191
  if iszero(success) {
@@ -209,7 +209,7 @@ library FrLib {
209
209
  mstore(add(free, 0x20), 0x20)
210
210
  mstore(add(free, 0x40), 0x20)
211
211
  mstore(add(free, 0x60), b)
212
- mstore(add(free, 0x80), v)
212
+ mstore(add(free, 0x80), v)
213
213
  mstore(add(free, 0xa0), MODULUS)
214
214
  let success := staticcall(gas(), 0x05, free, 0xc0, 0x00, 0x20)
215
215
  if iszero(success) {
@@ -293,14 +293,18 @@ uint256 constant NUMBER_OF_SUBRELATIONS = 28;
293
293
  uint256 constant BATCHED_RELATION_PARTIAL_LENGTH = 8;
294
294
  uint256 constant ZK_BATCHED_RELATION_PARTIAL_LENGTH = 9;
295
295
  uint256 constant NUMBER_OF_ENTITIES = 41;
296
+ // The number of entities added for ZK (gemini_masking_poly)
297
+ uint256 constant NUM_MASKING_POLYNOMIALS = 1;
298
+ uint256 constant NUMBER_OF_ENTITIES_ZK = NUMBER_OF_ENTITIES + NUM_MASKING_POLYNOMIALS;
296
299
  uint256 constant NUMBER_UNSHIFTED = 36;
300
+ uint256 constant NUMBER_UNSHIFTED_ZK = NUMBER_UNSHIFTED + NUM_MASKING_POLYNOMIALS;
297
301
  uint256 constant NUMBER_TO_BE_SHIFTED = 5;
298
302
  uint256 constant PAIRING_POINTS_SIZE = 16;
299
303
 
300
304
  uint256 constant FIELD_ELEMENT_SIZE = 0x20;
301
305
  uint256 constant GROUP_ELEMENT_SIZE = 0x40;
302
306
 
303
- // Alphas are used as relation separators so there should be NUMBER_OF_SUBRELATIONS - 1
307
+ // Powers of alpha used to batch subrelations (alpha, alpha^2, ..., alpha^(NUM_SUBRELATIONS-1))
304
308
  uint256 constant NUMBER_OF_ALPHAS = NUMBER_OF_SUBRELATIONS - 1;
305
309
 
306
310
  // ENUM FOR WIRES
@@ -374,7 +378,7 @@ library Honk {
374
378
  G1Point qElliptic; // Auxillary
375
379
  G1Point qPoseidon2External;
376
380
  G1Point qPoseidon2Internal;
377
- // Copy cnstraints
381
+ // Copy constraints
378
382
  G1Point s1;
379
383
  G1Point s2;
380
384
  G1Point s3;
@@ -429,9 +433,12 @@ library Honk {
429
433
  G1Point kzgQuotient;
430
434
  }
431
435
 
436
+ /// forge-lint: disable-next-item(pascal-case-struct)
432
437
  struct ZKProof {
433
438
  // Pairing point object
434
439
  Fr[PAIRING_POINTS_SIZE] pairingPointObject;
440
+ // ZK: Gemini masking polynomial commitment (sent first, right after public inputs)
441
+ G1Point geminiMaskingPoly;
435
442
  // Commitments to wire polynomials
436
443
  G1Point w1;
437
444
  G1Point w2;
@@ -447,11 +454,8 @@ library Honk {
447
454
  // Sumcheck
448
455
  Fr libraSum;
449
456
  Fr[ZK_BATCHED_RELATION_PARTIAL_LENGTH][CONST_PROOF_SIZE_LOG_N] sumcheckUnivariates;
450
- Fr[NUMBER_OF_ENTITIES] sumcheckEvaluations;
451
457
  Fr libraEvaluation;
452
- // ZK
453
- G1Point geminiMaskingPoly;
454
- Fr geminiMaskingEval;
458
+ Fr[NUMBER_OF_ENTITIES_ZK] sumcheckEvaluations; // Includes gemini_masking_poly eval at index 0 (first position)
455
459
  // Shplemini
456
460
  G1Point[CONST_PROOF_SIZE_LOG_N - 1] geminiFoldComms;
457
461
  Fr[CONST_PROOF_SIZE_LOG_N] geminiAEvaluations;
@@ -465,7 +469,7 @@ library Honk {
465
469
  struct Transcript {
466
470
  // Oink
467
471
  Honk.RelationParameters relationParameters;
468
- Fr[NUMBER_OF_ALPHAS] alphas;
472
+ Fr[NUMBER_OF_ALPHAS] alphas; // Powers of alpha: [alpha, alpha^2, ..., alpha^(NUM_SUBRELATIONS-1)]
469
473
  Fr[CONST_PROOF_SIZE_LOG_N] gateChallenges;
470
474
  // Sumcheck
471
475
  Fr[CONST_PROOF_SIZE_LOG_N] sumCheckUChallenges;
@@ -508,8 +512,9 @@ library TranscriptLib {
508
512
 
509
513
  function splitChallenge(Fr challenge) internal pure returns (Fr first, Fr second) {
510
514
  uint256 challengeU256 = uint256(Fr.unwrap(challenge));
511
- uint256 lo = challengeU256 & 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;
512
- uint256 hi = challengeU256 >> 128;
515
+ // Split into two equal 127-bit chunks (254/2)
516
+ uint256 lo = challengeU256 & 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; // 127 bits
517
+ uint256 hi = challengeU256 >> 127;
513
518
  first = FrLib.fromBytes32(bytes32(lo));
514
519
  second = FrLib.fromBytes32(bytes32(hi));
515
520
  }
@@ -593,16 +598,13 @@ library TranscriptLib {
593
598
  alpha0[4] = proof.zPerm.y;
594
599
 
595
600
  nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(alpha0)));
596
- (alphas[0], alphas[1]) = splitChallenge(nextPreviousChallenge);
601
+ Fr alpha;
602
+ (alpha,) = splitChallenge(nextPreviousChallenge);
597
603
 
598
- for (uint256 i = 1; i < NUMBER_OF_ALPHAS / 2; i++) {
599
- nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(nextPreviousChallenge))));
600
- (alphas[2 * i], alphas[2 * i + 1]) = splitChallenge(nextPreviousChallenge);
601
- }
602
- if (((NUMBER_OF_ALPHAS & 1) == 1) && (NUMBER_OF_ALPHAS > 2)) {
603
- nextPreviousChallenge = FrLib.fromBytes32(keccak256(abi.encodePacked(Fr.unwrap(nextPreviousChallenge))));
604
- Fr unused;
605
- (alphas[NUMBER_OF_ALPHAS - 1], unused) = splitChallenge(nextPreviousChallenge);
604
+ // Compute powers of alpha for batching subrelations
605
+ alphas[0] = alpha;
606
+ for (uint256 i = 1; i < NUMBER_OF_ALPHAS; i++) {
607
+ alphas[i] = alphas[i - 1] * alpha;
606
608
  }
607
609
  }
608
610
 
@@ -776,7 +778,7 @@ library RelationsLib {
776
778
  function accumulateRelationEvaluations(
777
779
  Fr[NUMBER_OF_ENTITIES] memory purportedEvaluations,
778
780
  Honk.RelationParameters memory rp,
779
- Fr[NUMBER_OF_ALPHAS] memory alphas,
781
+ Fr[NUMBER_OF_ALPHAS] memory subrelationChallenges,
780
782
  Fr powPartialEval
781
783
  ) internal pure returns (Fr accumulator) {
782
784
  Fr[NUMBER_OF_SUBRELATIONS] memory evaluations;
@@ -792,8 +794,8 @@ library RelationsLib {
792
794
  accumulatePoseidonExternalRelation(purportedEvaluations, evaluations, powPartialEval);
793
795
  accumulatePoseidonInternalRelation(purportedEvaluations, evaluations, powPartialEval);
794
796
 
795
- // batch the subrelations with the alpha challenges to obtain the full honk relation
796
- accumulator = scaleAndBatchSubrelations(evaluations, alphas);
797
+ // batch the subrelations with the precomputed alpha powers to obtain the full honk relation
798
+ accumulator = scaleAndBatchSubrelations(evaluations, subrelationChallenges);
797
799
  }
798
800
 
799
801
  /**
@@ -872,10 +874,8 @@ library RelationsLib {
872
874
  Fr acc = (wire(p, WIRE.Z_PERM) + wire(p, WIRE.LAGRANGE_FIRST)) * grand_product_numerator;
873
875
 
874
876
  acc = acc
875
- - (
876
- (wire(p, WIRE.Z_PERM_SHIFT) + (wire(p, WIRE.LAGRANGE_LAST) * rp.publicInputsDelta))
877
- * grand_product_denominator
878
- );
877
+ - ((wire(p, WIRE.Z_PERM_SHIFT) + (wire(p, WIRE.LAGRANGE_LAST) * rp.publicInputsDelta))
878
+ * grand_product_denominator);
879
879
  acc = acc * domainSep;
880
880
  evals[2] = acc;
881
881
  }
@@ -915,7 +915,8 @@ library RelationsLib {
915
915
  Fr read_inverse = wire(p, WIRE.LOOKUP_INVERSES) * write_term;
916
916
  Fr write_inverse = wire(p, WIRE.LOOKUP_INVERSES) * read_term;
917
917
 
918
- Fr inverse_exists_xor = wire(p, WIRE.LOOKUP_READ_TAGS) + wire(p, WIRE.Q_LOOKUP)
918
+ Fr inverse_exists_xor =
919
+ wire(p, WIRE.LOOKUP_READ_TAGS) + wire(p, WIRE.Q_LOOKUP)
919
920
  - (wire(p, WIRE.LOOKUP_READ_TAGS) * wire(p, WIRE.Q_LOOKUP));
920
921
 
921
922
  // Inverse calculated correctly relation
@@ -1314,7 +1315,7 @@ library RelationsLib {
1314
1315
  ap.non_native_field_gate_3 = ap.non_native_field_gate_3 * wire(p, WIRE.Q_M);
1315
1316
 
1316
1317
  Fr non_native_field_identity =
1317
- ap.non_native_field_gate_1 + ap.non_native_field_gate_2 + ap.non_native_field_gate_3;
1318
+ ap.non_native_field_gate_1 + ap.non_native_field_gate_2 + ap.non_native_field_gate_3;
1318
1319
  non_native_field_identity = non_native_field_identity * wire(p, WIRE.Q_R);
1319
1320
 
1320
1321
  // ((((w2' * 2^14 + w1') * 2^14 + w3) * 2^14 + w2) * 2^14 + w1 - w4) * qm
@@ -1468,6 +1469,8 @@ library RelationsLib {
1468
1469
  evals[27] = evals[27] + ip.q_pos_by_scaling * (ip.v4 - wire(p, WIRE.W_4_SHIFT));
1469
1470
  }
1470
1471
 
1472
+ // Batch subrelation evaluations using precomputed powers of alpha
1473
+ // First subrelation is implicitly scaled by 1, subsequent ones use powers from the subrelationChallenges array
1471
1474
  function scaleAndBatchSubrelations(
1472
1475
  Fr[NUMBER_OF_SUBRELATIONS] memory evaluations,
1473
1476
  Fr[NUMBER_OF_ALPHAS] memory subrelationChallenges
@@ -1533,10 +1536,8 @@ library CommitmentSchemeLib {
1533
1536
  Fr challengePower = geminiEvalChallengePowers[i - 1];
1534
1537
  Fr u = sumcheckUChallenges[i - 1];
1535
1538
 
1536
- Fr batchedEvalRoundAcc = (
1537
- (challengePower * batchedEvalAccumulator * Fr.wrap(2))
1538
- - geminiEvaluations[i - 1] * (challengePower * (ONE - u) - u)
1539
- );
1539
+ Fr batchedEvalRoundAcc = ((challengePower * batchedEvalAccumulator * Fr.wrap(2)) - geminiEvaluations[i - 1]
1540
+ * (challengePower * (ONE - u) - u));
1540
1541
  // Divide by the denominator
1541
1542
  batchedEvalRoundAcc = batchedEvalRoundAcc * (challengePower * (ONE - u) + u).invert();
1542
1543
 
@@ -1571,8 +1572,7 @@ function bytesToFr(bytes calldata proofSection) pure returns (Fr scalar) {
1571
1572
  // EC Point utilities
1572
1573
  function bytesToG1Point(bytes calldata proofSection) pure returns (Honk.G1Point memory point) {
1573
1574
  point = Honk.G1Point({
1574
- x: uint256(bytes32(proofSection[0x00:0x20])) % Q,
1575
- y: uint256(bytes32(proofSection[0x20:0x40])) % Q
1575
+ x: uint256(bytes32(proofSection[0x00:0x20])) % Q, y: uint256(bytes32(proofSection[0x20:0x40])) % Q
1576
1576
  });
1577
1577
  }
1578
1578