diff --git a/barretenberg/cpp/docs/src/sumcheck-outline.md b/barretenberg/cpp/docs/src/sumcheck-outline.md
index c141e96446e..85081c4482a 100644
--- a/barretenberg/cpp/docs/src/sumcheck-outline.md
+++ b/barretenberg/cpp/docs/src/sumcheck-outline.md
@@ -142,7 +142,7 @@ and computed \f$\sigma_d = \tilde{S}^{d-1}(u_{d-1})\f$.
### Final Verification Step {#NonZKSumcheckVerification}
- Extract claimed evaluations of prover polynomials \f$P_1,\ldots, P_N\f$ at the challenge point \f$
- (u_0,\ldots,u_{d-1}) \f$ from the transcript and \ref bb::SumcheckVerifierRound< Flavor >::compute_full_honk_relation_purported_value "compute evaluation:"
+ (u_0,\ldots,u_{d-1}) \f$ from the transcript and \ref bb::SumcheckVerifierRound< Flavor >::compute_full_relation_purported_value "compute evaluation:"
\f{align}{\tilde{F}\left( P_1(u_0,\ldots, u_{d-1}), \ldots, P_N(u_0,\ldots, u_{d-1}) \right)\f}
- Compare \f$ \sigma_d \f$ against the evaluation of \f$ \tilde{F} \f$ at \f$P_1(u_0,\ldots, u_{d-1}), \ldots,
@@ -171,11 +171,11 @@ To prevent the witness information leakage through the Round Univariates determi
G \gets \sum_{i=0}^{d-1} g_{i}(X_i),
-where \f$ d \f$ is the number of Sumcheck rounds, and the Libra univariates are given by the formula
+where \f$ d \f$ is the number of Sumcheck rounds, and the Libra univariates are given by the formula
g_{i} = \sum_{j=0}^{\tilde{D}} g_{i,j} \cdot L_{j,\{0,\ldots, \tilde{D}\}}(X_i) \quad \text{for } (g_{i,j}) \gets_{\$} \mathbb{F}^{d\cdot (\tilde{D}+1)}
-and \f$L_{j, \{0,\ldots, \tilde{D}\}}\f$ is the \f$j\f$th univariate Lagrange polynomial for the domain \f$\{0,\ldots, \tilde{D}\}\f$. Recall that \f$\deg_{X_i} \left(L_{j, \{0,\ldots, \tilde{D}\}} (X_i)\right) = \tilde{D}\f$.
+and \f$L_{j, \{0,\ldots, \tilde{D}\}}\f$ is the \f$j\f$th univariate Lagrange polynomial for the domain \f$\{0,\ldots, \tilde{D}\}\f$. Recall that \f$\deg_{X_i} \left(L_{j, \{0,\ldots, \tilde{D}\}} (X_i)\right) = \tilde{D}\f$.
@@ -197,7 +197,7 @@ Observe that \f$ G \f$ has several important properties
The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$ are independent and uniformly distributed. We call them Libra Round Univarites.
-Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge.
+Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge.
The fact that the degrees of Libra Round Univariates are big enough (i.e. \f$ \tilde{D}\geq D \f$) and that their evaluations are random imply that the evaluations \f$ \tilde{S}^i(0),\ldots,\tilde{S}^i(\tilde D)\f$ defined in [Compute Round Univariates](#ComputeRoundUnivariates) are now masked by the evaluations of Libra Round Univariates. These evaluations are described explicitly [below](#LibraRoundUnivariates).
### Example {#LibraPolynomialExample}
@@ -221,7 +221,7 @@ Since \f$G\f$ is a polynomial of a very special form, the computation of \f$\tex
since the evaluations of \f$ g_i \f$ at \f$\vec \ell \in \{0,1\}^{d}\f$ depend only on \f$ \ell_i \f$, and therefore, there are \f$2^{d-1}\f$ summands \f$ g_i(0) \f$ corresponding to the points \f$\vec \ell\f$ with \f$\ell_i=0\f$ and \f$2^{d-1}\f$ summands \f$ g_i(1) \f$ corresponding to \f$\vec \ell\f$ with \f$\ell_i=1\f$.
-The prover computes
+The prover computes
\texttt{libra_total_sum} \gets 2^{d-1} \sum_{i = 0}^{d-1} \left( g_i(0) + g_i(1) \right).
@@ -232,8 +232,8 @@ As in [Sumcheck Book-keeping](#BookKeepingTable), we use a table of evaluations
Namely, before entering the first round, the prover updates the vector of Libra univariates in place
\texttt{libra_univariates}_{j}(k) \gets \texttt{libra_challenge} \cdot 2^{d-1} \cdot g_{j}(k) \text{ for } j= i,\ldots, d-1, \text{ and } k=0,\ldots, \tilde{D}
-and computes the term
+and computes the term
\texttt{libra_running_sum} \gets 2^{-1} \left( \texttt{libra_challenge} \cdot \texttt{libra_total_sum} - \left(\texttt{libra_univariates}_{0}(0) + \texttt{libra_univariates}_{0}(1)\right) \right).
@@ -255,12 +255,12 @@ By design of the method \ref bb::SumcheckProver< Flavor >::setup_zk_sumcheck_dat
for \f$k=0,\ldots, \tilde{D}\f$. It is done by the method \ref bb::SumcheckProverRound< Flavor >::compute_libra_round_univariate "compute_libra_round_univariate" called inside \ref bb::SumcheckProverRound< Flavor >::compute_univariate "Sumcheck Round Univariate computation", which also takes care of adding \f$\texttt{libra_round_univariate}\f$ to the \f$\texttt{round_unviariate}\f$.
-When the prover receives the challenge \f$u_0\f$, it \ref bb::SumcheckProver< Flavor >::update_libra_data "updates Libra data":
+When the prover receives the challenge \f$u_0\f$, it \ref bb::SumcheckProver< Flavor >::update_libra_data "updates Libra data":
- updates the table of Libra univariates by multiplying every term by \f$1/2\f$.
-- computes the value \f$2^{d-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$
+- computes the value \f$2^{d-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$
- places the value \f$ g_0(u_0)\f$ to the vector \f$ \texttt{libra_evaluations}\f$
-- updates the running sum
+- updates the running sum
\texttt{libra_running_sum} \gets 2^{d-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0) + 2^{-1} \cdot \left( \texttt{libra_running_sum} - (\texttt{libra_univariates}_{1}(0) + \texttt{libra_univariates}_{1}(1)) \right)
@@ -270,7 +270,7 @@ In Round \f$ i \f$, the prover computes \f$ i \f$-th Libra round univariate
\texttt{libra_univariate}_i(X_i) = \texttt{libra_challenge} \cdot \sum_{\vec \ell \in \{0,1\}^{d-1 - i}} G(u_0,\ldots, u_{i-1}, X_{i}, \vec \ell) =
\texttt{libra_challenge} \cdot 2^{d-1 - i} \left( \sum_{j = 0}^{i-1} g_j(u_{j}) + g_{i}(X_i) + \sum_{j=i+1}^{d-1} \left(g_{j,0} + g_{j,1}\right) \right)
By design of the method \ref bb::SumcheckProver< Flavor >::update_zk_sumcheck_data "update_zk_sumcheck_data", the latter could be expressed as follows
@@ -284,13 +284,13 @@ for \f$k=0,\ldots, \tilde{D}\f$. This computation is done by the method \ref bb:
When the prover receives new challenge \f$u_i\f$, it \ref bb::SumcheckProver< Flavor >::update_libra_data "updates Libra data". If \f$ i < d-1\f$, the prover
- updates the table of Libra univariates by multiplying every term by \f$1/2\f$.
-- computes the value \f$2^{d-i - 2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$
+- computes the value \f$2^{d-i - 2} \cdot \texttt{libra_challenge} \cdot g_0(u_0)\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the first univariate in the table \f$\texttt{libra_univariates}\f$
- places the value \f$ g_0(u_0)\f$ to the vector \f$ \texttt{libra_evaluations}\f$
-- updates the running sum
+- updates the running sum
\texttt{libra_running_sum} \gets 2^{d-i-2} \cdot \texttt{libra_challenge} \cdot g_0(u_0) + 2^{-1} \cdot \left( \texttt{libra_running_sum} - (\texttt{libra_univariates}_{i+1}(0) + \texttt{libra_univariates}_{i+1}(1)) \right)
-If \f$ i = d-1\f$, the prover
+If \f$ i = d-1\f$, the prover
- computes the value \f$ g_{d-1}(u_{d-1})\f$ applying \ref bb::Univariate::evaluate "evaluate" method to the last univariate in the table \f$\texttt{libra_univariates}\f$ and dividing the result by \f$ \texttt{libra_challenge} \f$.
- updates the table of Libra univariates by multiplying every term by \f$\texttt{libra_challenge}^{-1}\f$.
@@ -385,13 +385,13 @@ Note that \f$ \tilde{D} \f$ sets up the corresponding parameter of [Lib
The random scalars \f$ \rho_1,\ldots, \rho_{N_w}\f$ are created by the method \ref bb::SumcheckProver< Flavor >::setup_zk_sumcheck_data "setup_zk_sumcheck_data" and are stored as \f$ \texttt{eval_masking_scalars} \f$.
### Book-keeping {#BookKeepingMaskingWitnesses}
-To faciliate the computation of Sumcheck Round Univariates, the prover \ref bb::SumcheckProver< Flavor >::create_evaluation_masking_table "creates the vector" of univariates
+To faciliate the computation of Sumcheck Round Univariates, the prover \ref bb::SumcheckProver< Flavor >::create_evaluation_masking_table "creates the vector" of univariates
\texttt{masking_terms_evaluations}_j(k)\gets \texttt{eval_masking_scalars}_j \cdot (1-k) k
of the same size as the ExtendedEdges created by the ZK Flavor running Sumcheck.
-When the prover receives the challenge \f$ u_i \f$, this vector is \ref bb::SumcheckProver< Flavor >::update_masking_terms_evaluations "updated" as follows
+When the prover receives the challenge \f$ u_i \f$, this vector is \ref bb::SumcheckProver< Flavor >::update_masking_terms_evaluations "updated" as follows
\texttt{masking_terms_evaluations}_j(k) \gets \texttt{eval_masking_scalars}_j \cdot u_i \cdot (1-u_i)
@@ -408,9 +408,9 @@ which reduces to computing at most \f$ (D+ D_w + 1) \times N \times 2^{d-1 - i}\
&\ P_j(u_0,\ldots, u_{i-1}, k, \vec \ell) + \rho_j \cdot \sum_{k=0}^{i-1} u_k(1-u_k) + \rho_j\cdot (1-k) k \quad \text{ for } j=1,\ldots, N_w\\
&\ P_j(u_0,\ldots, u_{i-1}, k, \vec \ell) \quad \text { for } j= N_w+1,\ldots, N
-By design, we have
- \texttt{masking_terms_evaluations}_j(k) = \rho_j \cdot \sum_{k=0}^{i-1} u_k(1-u_k) + \rho_j\cdot (1-k) k.
+By design, we have
+ \texttt{masking_terms_evaluations}_j(k) = \rho_j \cdot \sum_{k=0}^{i-1} u_k(1-u_k) + \rho_j\cdot (1-k) k.
Then the method \ref bb::SumcheckProverRound< Flavor >::extend_zk_edges "extend_zk_edges" gets the \f$j\f$-th edge corresponding to the witness polynomial and corrects it with the univariate \f$ \texttt{masking_terms_evaluations}_j\f$. The non-witness polynomials are treated as in \ref bb::SumcheckProverRound< Flavor >::extend_edges "extend_edges" used in non-ZK Flavors.
@@ -460,10 +460,10 @@ The total costs of ZK Sumcheck are obtained from [Libra Costs](#LibraCosts) and
Group Operations |
\f$+ d\f$ MSMs of size \f$(D+D_w)\f$ = [Libra Commitments](#LibraCommitments)
\f$+ \left(2 \cdot (D+D_w) D+1\right)\f$ group ops = shplonk
- \f$+ N_w\f$ MSMs of size \f$2^d\f$ (same group element multiplied by \f$\rho_1,\ldots,\rho_{N_w}\f$)
+ \f$+ N_w\f$ MSMs of size \f$2^d\f$ (same group element multiplied by \f$\rho_1,\ldots,\rho_{N_w}\f$)
\f$ + (d + 3) \f$ group ops
- \f$ + N_w\f$ MSMs of size \f$2\f$
+ \f$ + N_w\f$ MSMs of size \f$2\f$
@@ -478,7 +478,7 @@ The total costs of ZK Sumcheck are obtained from [Libra Costs](#LibraCosts) and
Communication |
- \f$+ (d+ 2)\f$ group elements for Libra; \f$+N_w\f$ group elements for witness masking
+ | \f$+ (d+ 2)\f$ group elements for Libra; \f$+N_w\f$ group elements for witness masking
\f$+ D_w \cdot d \f$ field elements |
@@ -486,7 +486,7 @@ The total costs of ZK Sumcheck are obtained from [Libra Costs](#LibraCosts) and
## Theoretic Field Operations vs. Implementation
The table above sets a reasonable upper bound on the amount of prover's field operations.
-However, in the implementation, the relation \f$ F \f$ is computed as a vector of its subrelations, which allows us to decrease the costs of computing the round univariates. Namely, for a given subrelation \f$ F_j \f$, its maximum partial degree \f$D_j\f$ and its witness degree \f$D_{w,j} \f$ are generally less than \f$ D\f$ and \f$ D_w \f$, respectively.
+However, in the implementation, the relation \f$ F \f$ is computed as a vector of its subrelations, which allows us to decrease the costs of computing the round univariates. Namely, for a given subrelation \f$ F_j \f$, its maximum partial degree \f$D_j\f$ and its witness degree \f$D_{w,j} \f$ are generally less than \f$ D\f$ and \f$ D_w \f$, respectively.
Therefore, we compute \f$ F_j \f$'s contribution to Sumcheck Round Univariates by evaluating the univariate polynomial
\sum_{\vec \ell\in \{0,1\}^{d-1-i}} pow_{\beta}(u_0,\ldots, u_{i-1}, X_i, \vec \ell) \cdot F_j(u_0,\ldots, u_{i-1}, X_i,\vec \ell)
diff --git a/barretenberg/cpp/scripts/analyze_client_ivc_bench.py b/barretenberg/cpp/scripts/analyze_client_ivc_bench.py
index c2464204ea4..43efc74fed0 100644
--- a/barretenberg/cpp/scripts/analyze_client_ivc_bench.py
+++ b/barretenberg/cpp/scripts/analyze_client_ivc_bench.py
@@ -66,10 +66,10 @@
print('\nBreakdown of ProtogalaxyProver::prove:')
protogalaxy_round_labels = [
- "ProtoGalaxyProver_::preparation_round(t)",
- "ProtoGalaxyProver_::perturbator_round(t)",
- "ProtoGalaxyProver_::combiner_quotient_round(t)",
- "ProtoGalaxyProver_::update_target_sum_and_fold(t)"
+ "ProtogalaxyProver_::preparation_round(t)",
+ "ProtogalaxyProver_::perturbator_round(t)",
+ "ProtogalaxyProver_::combiner_quotient_round(t)",
+ "ProtogalaxyProver_::update_target_sum_and_fold(t)"
max_label_length = max(len(label) for label in protogalaxy_round_labels)
for key in protogalaxy_round_labels:
diff --git a/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py b/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py
index 56be71fec2e..b5686fc351a 100755
--- a/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py
+++ b/barretenberg/cpp/scripts/analyze_protogalaxy_bench.py
@@ -47,10 +47,10 @@
print('\nBreakdown of ProtogalaxyProver::prove:')
protogalaxy_round_labels = [
- "ProtoGalaxyProver_::preparation_round(t)",
- "ProtoGalaxyProver_::perturbator_round(t)",
- "ProtoGalaxyProver_::combiner_quotient_round(t)",
- "ProtoGalaxyProver_::update_target_sum_and_fold(t)"
+ "ProtogalaxyProver_::preparation_round(t)",
+ "ProtogalaxyProver_::perturbator_round(t)",
+ "ProtogalaxyProver_::combiner_quotient_round(t)",
+ "ProtogalaxyProver_::update_target_sum_and_fold(t)"
max_label_length = max(len(label) for label in protogalaxy_round_labels)
for key in protogalaxy_round_labels:
diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp
index ead9390e54f..ac0b3a3893d 100644
--- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp
+++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.hpp
@@ -36,9 +36,9 @@ class AztecIVC {
using DeciderProver = DeciderProver_;
using DeciderVerifier = DeciderVerifier_;
using ProverInstances = ProverInstances_;
- using FoldingProver = ProtoGalaxyProver_;
+ using FoldingProver = ProtogalaxyProver_;
using VerifierInstances = VerifierInstances_;
- using FoldingVerifier = ProtoGalaxyVerifier_;
+ using FoldingVerifier = ProtogalaxyVerifier_;
using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey;
using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey;
@@ -47,7 +47,7 @@ class AztecIVC {
using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance;
using RecursiveVerificationKey = RecursiveFlavor::VerificationKey;
using FoldingRecursiveVerifier =
- bb::stdlib::recursion::honk::ProtoGalaxyRecursiveVerifier_;
+ bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_;
using OinkRecursiveVerifier = stdlib::recursion::honk::OinkRecursiveVerifier_;
using DataBusDepot = stdlib::DataBusDepot;
diff --git a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp
index 237d8b6b7e7..84012b3cb85 100644
--- a/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp
+++ b/barretenberg/cpp/src/barretenberg/aztec_ivc/aztec_ivc.test.cpp
@@ -26,9 +26,9 @@ class AztecIVCTests : public ::testing::Test {
using DeciderProver = AztecIVC::DeciderProver;
using DeciderVerifier = AztecIVC::DeciderVerifier;
using ProverInstances = ProverInstances_;
- using FoldingProver = ProtoGalaxyProver_;
+ using FoldingProver = ProtogalaxyProver_;
using VerifierInstances = VerifierInstances_;
- using FoldingVerifier = ProtoGalaxyVerifier_;
+ using FoldingVerifier = ProtogalaxyVerifier_;
* @brief Construct mock circuit with arithmetic gates and goblin ops
diff --git a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp
index 21a4e46606a..e79f5a44b4f 100644
--- a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp
+++ b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_bench/protogalaxy.bench.cpp
@@ -17,7 +17,7 @@ template void fold_k(State& state) noexcept
using ProverInstance = ProverInstance_;
using Instance = ProverInstance;
using Instances = ProverInstances_;
- using ProtoGalaxyProver = ProtoGalaxyProver_;
+ using ProtogalaxyProver = ProtogalaxyProver_;
using Builder = typename Flavor::CircuitBuilder;
@@ -35,7 +35,7 @@ template void fold_k(State& state) noexcept
- ProtoGalaxyProver folding_prover(instances);
+ ProtogalaxyProver folding_prover(instances);
for (auto _ : state) {
diff --git a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp
index 414a89b908b..ce372cf31f3 100644
--- a/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp
+++ b/barretenberg/cpp/src/barretenberg/benchmark/protogalaxy_rounds_bench/protogalaxy_rounds.bench.cpp
@@ -10,12 +10,12 @@ using namespace benchmark;
namespace bb {
-void _bench_round(::benchmark::State& state, void (*F)(ProtoGalaxyProver_>&))
+void _bench_round(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&))
using Builder = typename Flavor::CircuitBuilder;
using ProverInstance = ProverInstance_;
using Instances = ProverInstances_;
- using ProtoGalaxyProver = ProtoGalaxyProver_;
+ using ProtogalaxyProver = ProtogalaxyProver_;
auto log2_num_gates = static_cast(state.range(0));
@@ -31,7 +31,7 @@ void _bench_round(::benchmark::State& state, void (*F)(ProtoGalaxyProver_ prover_instance_1 = construct_instance();
std::shared_ptr prover_instance_2 = construct_instance();
- ProtoGalaxyProver folding_prover({ prover_instance_1, prover_instance_2 });
+ ProtogalaxyProver folding_prover({ prover_instance_1, prover_instance_2 });
// prepare the prover state
folding_prover.state.accumulator = prover_instance_1;
@@ -46,7 +46,7 @@ void _bench_round(::benchmark::State& state, void (*F)(ProtoGalaxyProver_>&))
+void bench_round_mega(::benchmark::State& state, void (*F)(ProtogalaxyProver_>&))
_bench_round(state, F);
diff --git a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp
index b6545d90245..a33d912e0d9 100644
--- a/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp
+++ b/barretenberg/cpp/src/barretenberg/benchmark/relations_bench/relations.bench.cpp
@@ -54,8 +54,9 @@ template void execute_relation_for_univaria
template void execute_relation_for_pg_univariates(::benchmark::State& state)
using ProverInstances = ProverInstances_;
- using Input = ProtogalaxyProverInternal::ExtendedUnivariates;
- using Accumulator = typename Relation::template ProtogalaxyTupleOfUnivariatesOverSubrelations;
+ using Input = ProtogalaxyProverInternal::ExtendedUnivariatesNoOptimisticSkipping;
+ using Accumulator = typename Relation::template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping<
+ ProverInstances::NUM>;
diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp
index 3051b1bf433..8c7d3fd538d 100644
--- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp
+++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp
@@ -31,9 +31,9 @@ class ClientIVC {
using DeciderProver = DeciderProver_;
using DeciderVerifier = DeciderVerifier_;
using ProverInstances = ProverInstances_;
- using FoldingProver = ProtoGalaxyProver_;
+ using FoldingProver = ProtogalaxyProver_;
using VerifierInstances = VerifierInstances_;
- using FoldingVerifier = ProtoGalaxyVerifier_;
+ using FoldingVerifier = ProtogalaxyVerifier_;
using ECCVMVerificationKey = bb::ECCVMFlavor::VerificationKey;
using TranslatorVerificationKey = bb::TranslatorFlavor::VerificationKey;
@@ -42,7 +42,7 @@ class ClientIVC {
using RecursiveVerifierInstance = RecursiveVerifierInstances::Instance;
using RecursiveVerificationKey = RecursiveVerifierInstances::VerificationKey;
using FoldingRecursiveVerifier =
- bb::stdlib::recursion::honk::ProtoGalaxyRecursiveVerifier_;
+ bb::stdlib::recursion::honk::ProtogalaxyRecursiveVerifier_;
// A full proof for the IVC scheme
struct Proof {
diff --git a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp
index 57cf6997837..77685d2717c 100644
--- a/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp
+++ b/barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.test.cpp
@@ -26,9 +26,9 @@ class ClientIVCTests : public ::testing::Test {
using DeciderProver = ClientIVC::DeciderProver;
using DeciderVerifier = ClientIVC::DeciderVerifier;
using ProverInstances = ProverInstances_;
- using FoldingProver = ProtoGalaxyProver_;
+ using FoldingProver = ProtogalaxyProver_;
using VerifierInstances = VerifierInstances_;
- using FoldingVerifier = ProtoGalaxyVerifier_;
+ using FoldingVerifier = ProtogalaxyVerifier_;
* @brief Prove and verify the IVC scheme
diff --git a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp
index 2d38473aac0..6ecd4a7b5f9 100644
--- a/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp
+++ b/barretenberg/cpp/src/barretenberg/flavor/flavor.hpp
@@ -328,13 +328,13 @@ constexpr auto create_protogalaxy_tuple_of_tuples_of_univariates()
constexpr auto seq = std::make_index_sequence>();
return [](std::index_sequence) {
if constexpr (optimised) {
- return std::make_tuple(
- typename std::tuple_element_t::
- template OptimisedProtogalaxyTupleOfUnivariatesOverSubrelations{}...);
- } else {
return std::make_tuple(
typename std::tuple_element_t::template ProtogalaxyTupleOfUnivariatesOverSubrelations<
+ } else {
+ return std::make_tuple(
+ typename std::tuple_element_t::
+ template ProtogalaxyTupleOfUnivariatesOverSubrelationsNoOptimisticSkipping{}...);
@@ -412,13 +412,13 @@ concept IsPlonkFlavor = IsAnyOf
concept IsUltraPlonkFlavor = IsAnyOf;
concept IsUltraPlonkOrHonk = IsAnyOf;
concept IsHonkFlavor = IsAnyOf;
concept IsUltraFlavor = IsAnyOf;
@@ -451,9 +451,9 @@ template concept IsFoldingFlavor = IsAnyOf,
- UltraRecursiveFlavor_,
+ MegaFlavor,
+ UltraRecursiveFlavor_,
+ UltraRecursiveFlavor_,
MegaRecursiveFlavor_, MegaRecursiveFlavor_>;
diff --git a/barretenberg/cpp/src/barretenberg/polynomials/pow.bench.cpp b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.bench.hpp
similarity index 84%
rename from barretenberg/cpp/src/barretenberg/polynomials/pow.bench.cpp
rename to barretenberg/cpp/src/barretenberg/polynomials/gate_separator.bench.hpp
index b3f1d31e55b..ae5bde5c3ea 100644
--- a/barretenberg/cpp/src/barretenberg/polynomials/pow.bench.cpp
+++ b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.bench.hpp
@@ -1,5 +1,5 @@
-#include "barretenberg/polynomials/pow.hpp"
#include "barretenberg/ecc/curves/bn254/fr.hpp"
+#include "barretenberg/polynomials/gate_separator.hpp"
using namespace benchmark;
@@ -16,7 +16,7 @@ void compute_pow_poly(benchmark::State& state)
for (auto _ : state) {
int64_t num_betas = state.range(0);
std::vector cur_betas(betas.begin(), betas.begin() + num_betas);
- PowPolynomial pow{ cur_betas, cur_betas.size() };
+ GateSeparatorPolynomial poly{ cur_betas, cur_betas.size() };
diff --git a/barretenberg/cpp/src/barretenberg/polynomials/pow.hpp b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.hpp
similarity index 89%
rename from barretenberg/cpp/src/barretenberg/polynomials/pow.hpp
rename to barretenberg/cpp/src/barretenberg/polynomials/gate_separator.hpp
index 81bea2a0aed..5ef5580fcbc 100644
--- a/barretenberg/cpp/src/barretenberg/polynomials/pow.hpp
+++ b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.hpp
@@ -8,7 +8,7 @@
namespace bb {
-template struct PowPolynomial {
+template struct GateSeparatorPolynomial {
* @brief The challenges \f$(\beta_0,\ldots, \beta_{d-1}) \f$
@@ -20,7 +20,7 @@ template struct PowPolynomial {
* identified with the integers \f$\ell = 0,\ldots, 2^d-1\f$
- std::vector pow_betas;
+ std::vector beta_products;
* @brief In Round \f$ i\f$ of Sumcheck, it points to the \f$ i \f$-th element in \f$ \vec \beta \f$
@@ -28,7 +28,7 @@ template struct PowPolynomial {
size_t current_element_idx = 0;
* @brief In Round \f$ i\f$ of Sumcheck, the periodicity equals to \f$ 2^{i+1}\f$ and represents the fixed interval
- * at which elements not containing either of \f$ (\beta_0,\ldots ,β_i)\f$ appear in #pow_betas.
+ * at which elements not containing either of \f$ (\beta_0,\ldots ,β_i)\f$ appear in #beta_products.
size_t periodicity = 2;
@@ -42,33 +42,33 @@ template struct PowPolynomial {
FF partial_evaluation_result = FF(1);
- * @brief Construct a new PowPolynomial
+ * @brief Construct a new GateSeparatorPolynomial
* @param betas
* @param log_num_monomials
- PowPolynomial(const std::vector& betas, const size_t log_num_monomials)
+ GateSeparatorPolynomial(const std::vector& betas, const size_t log_num_monomials)
: betas(betas)
- , pow_betas(compute_pow_betas(betas, log_num_monomials))
+ , beta_products(compute_beta_products(betas, log_num_monomials))
- * @brief Construct a new PowPolynomial object without expanding to a vector of monomials
- * @details The sumcheck verifier does not use pow_betas
+ * @brief Construct a new GateSeparatorPolynomial object without expanding to a vector of monomials
+ * @details The sumcheck verifier does not use beta_products
* @param betas
- PowPolynomial(const std::vector& betas)
+ GateSeparatorPolynomial(const std::vector& betas)
: betas(betas)
- * @brief Retruns the element in #pow_betas at place #idx.
+ * @brief Retruns the element in #beta_products at place #idx.
* @param idx
* @return FF const&
- FF const& operator[](size_t idx) const { return pow_betas[idx]; }
+ FF const& operator[](size_t idx) const { return beta_products[idx]; }
* @brief Computes the component at index #current_element_idx in #betas.
@@ -134,15 +134,16 @@ template struct PowPolynomial {
* @brief Given \f$ \vec\beta = (\beta_0,...,\beta_{d-1})\f$ compute \f$ pow_{\ell}(\vec \beta) = pow_{\beta}(\vec
* \ell)\f$ for \f$ \ell =0,\ldots,2^{d}-1\f$.
- * @param log_num_monomials Determines the number of beta challenges used to compute pow_betas (required because
+ * @param log_num_monomials Determines the number of beta challenges used to compute beta_products (required because
* when we generate CONST_SIZE_PROOF_LOG_N, currently 28, challenges but the real circuit size is less than 1 <<
- * CONST_SIZE_PROOF_LOG_N, we should compute unnecessarily a vector of pow_betas of length 1 << 28 )
+ * CONST_SIZE_PROOF_LOG_N, we should compute unnecessarily a vector of beta_products of length 1 << 28 )
- BB_PROFILE static std::vector compute_pow_betas(const std::vector& betas, const size_t log_num_monomials)
+ BB_PROFILE static std::vector compute_beta_products(const std::vector& betas,
+ const size_t log_num_monomials)
size_t pow_size = 1 << log_num_monomials;
- std::vector pow_betas(pow_size);
+ std::vector beta_products(pow_size);
// Determine number of threads for multithreading.
// Note: Multithreading is "on" for every round but we reduce the number of threads from the max available based
@@ -169,20 +170,20 @@ template struct PowPolynomial {
res *= betas[beta_idx];
- pow_betas[i] = res;
+ beta_products[i] = res;
- return pow_betas;
+ return beta_products;
- * @struct PowPolynomial
- * @brief Implementation of the methods for the \f$pow_{\ell}\f$-polynomials used in ProtoGalaxy and
+ * @struct GateSeparatorPolynomial
+ * @brief Implementation of the methods for the \f$pow_{\ell}\f$-polynomials used in Protogalaxy and
\f$pow_{\beta}\f$-polynomials used in Sumcheck.
* @details
- * ## PowPolynomial in Protogalaxy
+ * ## GateSeparatorPolynomial in Protogalaxy
* \todo Expand this while completing PG docs.
@@ -235,12 +236,12 @@ S^i_{\ell}( X_i )
* Define
\f{align} T^{i}( X_i ) = \sum_{\ell = 0}^{2^{d-i-1}-1} \beta_{i+1}^{\ell_{i+1}} \cdot \ldots \cdot
\beta_{d-1}^{\ell_{d-1}} \cdot S^{i}_{\ell}( X_i ) \f} then \f$ \deg_{X_i} (T^i) \leq \deg_{X_i} S^i \f$.
- ### Features of PowPolynomial used by Sumcheck Prover
+ ### Features of GateSeparatorPolynomial used by Sumcheck Prover
- The factor \f$ c_i \f$ is the #partial_evaluation_result, it is updated by \ref partially_evaluate.
- The challenges \f$(\beta_0,\ldots, \beta_{d-1}) \f$ are recorded in #betas.
- The consecutive evaluations \f$ pow_{\ell}(\vec \beta) = pow_{\beta}(\vec \ell) \f$ for \f$\vec \ell\f$ identified
with the integers \f$\ell = 0,\ldots, 2^d-1\f$ represented in binary are pre-computed by \ref compute_values and stored
-in #pow_betas.
+in #beta_products.
diff --git a/barretenberg/cpp/src/barretenberg/polynomials/pow.test.cpp b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.test.cpp
similarity index 54%
rename from barretenberg/cpp/src/barretenberg/polynomials/pow.test.cpp
rename to barretenberg/cpp/src/barretenberg/polynomials/gate_separator.test.cpp
index 4673f792cf8..59d49091a7b 100644
--- a/barretenberg/cpp/src/barretenberg/polynomials/pow.test.cpp
+++ b/barretenberg/cpp/src/barretenberg/polynomials/gate_separator.test.cpp
@@ -1,10 +1,10 @@
-#include "pow.hpp"
+#include "gate_separator.hpp"
#include "barretenberg/ecc/curves/bn254/fr.hpp"
using namespace bb;
-TEST(PowPolynomial, FullPowConsistency)
+TEST(GateSeparatorPolynomial, FullPowConsistency)
constexpr size_t d = 5;
std::vector betas(d);
@@ -12,27 +12,27 @@ TEST(PowPolynomial, FullPowConsistency)
beta = fr::random_element();
- PowPolynomial pow_polynomial(betas);
+ GateSeparatorPolynomial poly(betas);
std::array variables{};
for (auto& u_i : variables) {
u_i = fr::random_element();
- pow_polynomial.partially_evaluate(u_i);
+ poly.partially_evaluate(u_i);
size_t beta_idx = 0;
fr expected_eval = 1;
for (auto& u_i : variables) {
- expected_eval *= fr(1) - u_i + u_i * pow_polynomial.betas[beta_idx];
+ expected_eval *= fr(1) - u_i + u_i * poly.betas[beta_idx];
- EXPECT_EQ(pow_polynomial.partial_evaluation_result, expected_eval);
+ EXPECT_EQ(poly.partial_evaluation_result, expected_eval);
-TEST(PowPolynomial, PowPolynomialsOnPowers)
+TEST(GateSeparatorPolynomial, GateSeparatorPolynomialsOnPowers)
std::vector betas{ 2, 4, 16 };
- PowPolynomial pow(betas, betas.size());
+ GateSeparatorPolynomial poly(betas, betas.size());
std::vector expected_values{ 1, 2, 4, 8, 16, 32, 64, 128 };
- EXPECT_EQ(expected_values, pow.pow_betas);
+ EXPECT_EQ(expected_values, poly.beta_products);
diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp
index c57e08a905d..a9bcb68de76 100644
--- a/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp
+++ b/barretenberg/cpp/src/barretenberg/protogalaxy/combiner.test.cpp
@@ -53,10 +53,10 @@ TEST(Protogalaxy, CombinerOn2Instances)
ProverInstances instances{ instance_data };
Fun::UnivariateRelationSeparator alphas;
alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only
- PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1);
- Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters;
- auto result = Fun::compute_combiner_no_optimistic_skipping(
- instances, pow_polynomial, univariate_relation_parameters, alphas);
+ GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1);
+ Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping;
+ auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping(
+ instances, gate_separators, univariate_relation_parameters_no_skpping, alphas);
// The expected_result values are computed by running the python script combiner_example_gen.py
auto expected_result = Univariate(std::array{ 9704UL,
@@ -70,7 +70,7 @@ TEST(Protogalaxy, CombinerOn2Instances)
9072095848UL });
- EXPECT_EQ(result, expected_result);
+ EXPECT_EQ(result_no_skipping, expected_result);
} else {
std::vector> instance_data(NUM_INSTANCES);
@@ -133,18 +133,18 @@ TEST(Protogalaxy, CombinerOn2Instances)
relation value:
0 0 0 0 0 0 0 0 0 6 18 36 60 90 */
- PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1);
- Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters;
- Fun::UnivariateRelationParameters optimised_univariate_relation_parameters;
- auto result = Fun::compute_combiner_no_optimistic_skipping(
- instances, pow_polynomial, univariate_relation_parameters, alphas);
- auto optimised_result =
- Fun::compute_combiner(instances, pow_polynomial, optimised_univariate_relation_parameters, alphas);
+ GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1);
+ Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping;
+ Fun::UnivariateRelationParameters univariate_relation_parameters;
+ auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping(
+ instances, gate_separators, univariate_relation_parameters_no_skpping, alphas);
+ auto result_with_skipping =
+ Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas);
auto expected_result =
Univariate(std::array{ 0, 0, 12, 36, 72, 120, 180, 252, 336, 432, 540, 660 });
- EXPECT_EQ(result, expected_result);
- EXPECT_EQ(optimised_result, expected_result);
+ EXPECT_EQ(result_no_skipping, expected_result);
+ EXPECT_EQ(result_with_skipping, expected_result);
@@ -193,7 +193,7 @@ TEST(Protogalaxy, CombinerOptimizationConsistency)
ProverInstances instances{ instance_data };
Fun::UnivariateRelationSeparator alphas;
alphas.fill(bb::Univariate(FF(0))); // focus on the arithmetic relation only
- PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1);
+ GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1);
// Relation parameters are all zeroes
RelationParameters relation_parameters;
@@ -206,7 +206,7 @@ TEST(Protogalaxy, CombinerOptimizationConsistency)
instance_data[NUM_INSTANCES - 1]->proving_key.polynomials.get_row(i),
- pow_polynomial[i]);
+ gate_separators[i]);
// Get the result of the 0th subrelation of the arithmetic relation
FF instance_offset = std::get<0>(temporary_accumulator)[0];
@@ -241,28 +241,28 @@ TEST(Protogalaxy, CombinerOptimizationConsistency)
- pow_polynomial[i]);
+ gate_separators[i]);
} else {
for (size_t i = 0; i < 2; i++) {
extended_polynomials[idx - NUM_INSTANCES].get_row(i),
- pow_polynomial[i]);
+ gate_separators[i]);
precomputed_result[idx] = std::get<0>(accumulator)[0];
auto expected_result = Univariate(precomputed_result);
- Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters;
- Fun::UnivariateRelationParameters optimised_univariate_relation_parameters;
- auto result = Fun::compute_combiner_no_optimistic_skipping(
- instances, pow_polynomial, univariate_relation_parameters, alphas);
- auto optimised_result =
- Fun::compute_combiner(instances, pow_polynomial, optimised_univariate_relation_parameters, alphas);
- EXPECT_EQ(result, expected_result);
- EXPECT_EQ(optimised_result, expected_result);
+ Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping;
+ Fun::UnivariateRelationParameters univariate_relation_parameters;
+ auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping(
+ instances, gate_separators, univariate_relation_parameters_no_skpping, alphas);
+ auto result_with_skipping =
+ Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas);
+ EXPECT_EQ(result_no_skipping, expected_result);
+ EXPECT_EQ(result_with_skipping, expected_result);
} else {
std::vector> instance_data(NUM_INSTANCES);
@@ -325,18 +325,18 @@ TEST(Protogalaxy, CombinerOptimizationConsistency)
relation value:
0 0 0 0 0 0 0 0 0 6 18 36 60 90 */
- PowPolynomial pow_polynomial({ 2 }, /*log_num_monomials=*/1);
- Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters;
- Fun::UnivariateRelationParameters optimised_univariate_relation_parameters;
- auto result = Fun::compute_combiner_no_optimistic_skipping(
- instances, pow_polynomial, univariate_relation_parameters, alphas);
- auto optimised_result =
- Fun::compute_combiner(instances, pow_polynomial, optimised_univariate_relation_parameters, alphas);
+ GateSeparatorPolynomial gate_separators({ 2 }, /*log_num_monomials=*/1);
+ Fun::UnivariateRelationParametersNoOptimisticSkipping univariate_relation_parameters_no_skpping;
+ Fun::UnivariateRelationParameters univariate_relation_parameters;
+ auto result_no_skipping = Fun::compute_combiner_no_optimistic_skipping(
+ instances, gate_separators, univariate_relation_parameters_no_skpping, alphas);
+ auto result_with_skipping =
+ Fun::compute_combiner(instances, gate_separators, univariate_relation_parameters, alphas);
auto expected_result =
Univariate(std::array{ 0, 0, 12, 36, 72, 120, 180, 252, 336, 432, 540, 660 });
- EXPECT_EQ(result, expected_result);
- EXPECT_EQ(optimised_result, expected_result);
+ EXPECT_EQ(result_no_skipping, expected_result);
+ EXPECT_EQ(result_with_skipping, expected_result);
diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp
index 56f09ffe349..910903abf24 100644
--- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp
+++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy.test.cpp
@@ -1,5 +1,5 @@
#include "barretenberg/goblin/mock_circuits.hpp"
-#include "barretenberg/polynomials/pow.hpp"
+#include "barretenberg/polynomials/gate_separator.hpp"
#include "barretenberg/protogalaxy/protogalaxy_prover.hpp"
#include "barretenberg/protogalaxy/protogalaxy_prover_internal.hpp"
#include "barretenberg/protogalaxy/protogalaxy_verifier.hpp"
@@ -16,14 +16,14 @@ namespace {
auto& engine = numeric::get_debug_randomness();
-template class ProtoGalaxyTests : public testing::Test {
+template class ProtogalaxyTests : public testing::Test {
using VerificationKey = typename Flavor::VerificationKey;
using ProverInstance = ProverInstance_;
using ProverInstances = ProverInstances_;
using VerifierInstance = VerifierInstance_;
using VerifierInstances = VerifierInstances_;
- using ProtoGalaxyProver = ProtoGalaxyProver_;
+ using ProtogalaxyProver = ProtogalaxyProver_;
using FF = typename Flavor::FF;
using Affine = typename Flavor::Commitment;
using Projective = typename Flavor::GroupElement;
@@ -33,11 +33,11 @@ template class ProtoGalaxyTests : public testing::Test {
using RelationParameters = bb::RelationParameters;
using WitnessCommitments = typename Flavor::WitnessCommitments;
using CommitmentKey = typename Flavor::CommitmentKey;
- using PowPolynomial = bb::PowPolynomial;
+ using GateSeparatorPolynomial = bb::GateSeparatorPolynomial;
using DeciderProver = DeciderProver_;
using DeciderVerifier = DeciderVerifier_;
- using FoldingProver = ProtoGalaxyProver_;
- using FoldingVerifier = ProtoGalaxyVerifier_;
+ using FoldingProver = ProtogalaxyProver_;
+ using FoldingVerifier = ProtogalaxyVerifier_;
using Fun = ProtogalaxyProverInternal;
using TupleOfInstances =
@@ -95,15 +95,16 @@ template class ProtoGalaxyTests : public testing::Test {
static void check_accumulator_target_sum_manual(std::shared_ptr& accumulator, bool expected_result)
auto instance_size = accumulator->proving_key.circuit_size;
- auto expected_honk_evals = Fun::compute_full_honk_evaluations(
+ auto expected_honk_evals = Fun::compute_row_evaluations(
accumulator->proving_key.polynomials, accumulator->alphas, accumulator->relation_parameters);
// Construct pow(\vec{betas*}) as in the paper
- PowPolynomial expected_pows(accumulator->gate_challenges, accumulator->gate_challenges.size());
+ GateSeparatorPolynomial expected_gate_separators(accumulator->gate_challenges,
+ accumulator->gate_challenges.size());
// Compute the corresponding target sum and create a dummy accumulator
auto expected_target_sum = FF(0);
for (size_t i = 0; i < instance_size; i++) {
- expected_target_sum += expected_honk_evals[i] * expected_pows[i];
+ expected_target_sum += expected_honk_evals[i] * expected_gate_separators[i];
EXPECT_EQ(accumulator->target_sum == expected_target_sum, expected_result);
@@ -147,7 +148,7 @@ template class ProtoGalaxyTests : public testing::Test {
for (auto& alpha : instance->alphas) {
alpha = FF::random_element();
- auto full_honk_evals = Fun::compute_full_honk_evaluations(
+ auto full_honk_evals = Fun::compute_row_evaluations(
instance->proving_key.polynomials, instance->alphas, instance->relation_parameters);
// Evaluations should be 0 for valid circuit
@@ -196,19 +197,19 @@ template class ProtoGalaxyTests : public testing::Test {
alpha = FF::random_element();
- auto full_honk_evals = Fun::compute_full_honk_evaluations(full_polynomials, alphas, relation_parameters);
+ auto full_honk_evals = Fun::compute_row_evaluations(full_polynomials, alphas, relation_parameters);
std::vector betas(log_instance_size);
for (size_t idx = 0; idx < log_instance_size; idx++) {
betas[idx] = FF::random_element();
// Construct pow(\vec{betas}) as in the paper
- bb::PowPolynomial pow_beta(betas, log_instance_size);
+ bb::GateSeparatorPolynomial gate_separators(betas, log_instance_size);
// Compute the corresponding target sum and create a dummy accumulator
auto target_sum = FF(0);
for (size_t i = 0; i < instance_size; i++) {
- target_sum += full_honk_evals[i] * pow_beta[i];
+ target_sum += full_honk_evals[i] * gate_separators[i];
auto accumulator = std::make_shared();
@@ -550,8 +551,8 @@ template class ProtoGalaxyTests : public testing::Test {
constexpr size_t total_insts = k + 1;
TupleOfInstances insts = construct_instances(total_insts);
- ProtoGalaxyProver_> folding_prover(get<0>(insts));
- ProtoGalaxyVerifier_> folding_verifier(get<1>(insts));
+ ProtogalaxyProver_> folding_prover(get<0>(insts));
+ ProtogalaxyVerifier_> folding_verifier(get<1>(insts));
auto [prover_accumulator, folding_proof] = folding_prover.prove();
auto verifier_accumulator = folding_verifier.verify_folding_proof(folding_proof);
@@ -563,74 +564,74 @@ template class ProtoGalaxyTests : public testing::Test {
} // namespace
using FlavorTypes = testing::Types;
-TYPED_TEST_SUITE(ProtoGalaxyTests, FlavorTypes);
+TYPED_TEST_SUITE(ProtogalaxyTests, FlavorTypes);
-TYPED_TEST(ProtoGalaxyTests, PerturbatorCoefficients)
+TYPED_TEST(ProtogalaxyTests, PerturbatorCoefficients)
-TYPED_TEST(ProtoGalaxyTests, FullHonkEvaluationsValidCircuit)
+TYPED_TEST(ProtogalaxyTests, FullHonkEvaluationsValidCircuit)
-TYPED_TEST(ProtoGalaxyTests, PerturbatorPolynomial)
+TYPED_TEST(ProtogalaxyTests, PerturbatorPolynomial)
-TYPED_TEST(ProtoGalaxyTests, CombinerQuotient)
+TYPED_TEST(ProtogalaxyTests, CombinerQuotient)
-TYPED_TEST(ProtoGalaxyTests, CombineRelationParameters)
+TYPED_TEST(ProtogalaxyTests, CombineRelationParameters)
-TYPED_TEST(ProtoGalaxyTests, CombineAlphas)
+TYPED_TEST(ProtogalaxyTests, CombineAlphas)
-TYPED_TEST(ProtoGalaxyTests, ProtogalaxyInhomogeneous)
+TYPED_TEST(ProtogalaxyTests, ProtogalaxyInhomogeneous)
-TYPED_TEST(ProtoGalaxyTests, FullProtogalaxyTest)
+TYPED_TEST(ProtogalaxyTests, FullProtogalaxyTest)
-TYPED_TEST(ProtoGalaxyTests, FullProtogalaxyStructuredTrace)
+TYPED_TEST(ProtogalaxyTests, FullProtogalaxyStructuredTrace)
-TYPED_TEST(ProtoGalaxyTests, FullProtogalaxyStructuredTraceInhomogeneous)
+TYPED_TEST(ProtogalaxyTests, FullProtogalaxyStructuredTraceInhomogeneous)
-TYPED_TEST(ProtoGalaxyTests, TamperedCommitment)
+TYPED_TEST(ProtogalaxyTests, TamperedCommitment)
-TYPED_TEST(ProtoGalaxyTests, TamperedAccumulatorPolynomial)
+TYPED_TEST(ProtogalaxyTests, TamperedAccumulatorPolynomial)
-TYPED_TEST(ProtoGalaxyTests, BadLookupFailure)
+TYPED_TEST(ProtogalaxyTests, BadLookupFailure)
// We only fold one instance currently due to significant compile time added by multiple instances
-TYPED_TEST(ProtoGalaxyTests, Fold1Instance)
+TYPED_TEST(ProtogalaxyTests, Fold1Instance)
TestFixture::template test_fold_k_instances<1>();
\ No newline at end of file
diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp
index 8ba4f990c13..0f9b09079ff 100644
--- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp
+++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover.hpp
@@ -4,16 +4,16 @@
namespace bb {
-template class ProtoGalaxyProver_ {
+template class ProtogalaxyProver_ {
using ProverInstance = typename ProverInstances_::Instance;
using Flavor = typename ProverInstances_::Flavor;
using FF = typename ProverInstances_::Flavor::FF;
static constexpr size_t NUM_INSTANCES = ProverInstances_::NUM;
using CombinerQuotient = Univariate;
+ using TupleOfTuplesOfUnivariatesNoOptimisticSkipping =
+ typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariatesNoOptimisticSkipping;
using TupleOfTuplesOfUnivariates = typename Flavor::template ProtogalaxyTupleOfTuplesOfUnivariates;
- using OptimisedTupleOfTuplesOfUnivariates =
- typename Flavor::template OptimisedProtogalaxyTupleOfTuplesOfUnivariates;
using UnivariateRelationParameters =
using UnivariateRelationSeparator =
@@ -40,12 +40,16 @@ template class ProtoGalaxyProver_ {
std::shared_ptr commitment_key;
State state;
- ProtoGalaxyProver_() = default;
- ProtoGalaxyProver_(const std::vector>& insts)
+ ProtogalaxyProver_() = default;
+ ProtogalaxyProver_(const std::vector>& insts)
: instances(ProverInstances_(insts))
// TODO(https://github.com/AztecProtocol/barretenberg/issues/878)
, commitment_key(instances[1]->proving_key.commitment_key){};
+ // Returns the accumulator, which is the first element in ProverInstances. The accumulator is assumed to have the
+ // FoldingParameters set and be the result of a previous round of folding.
+ std::shared_ptr get_accumulator() { return instances[0]; }
* @brief For each instance produced by a circuit, prior to folding, we need to complete the computation of its
* prover polynomials, commit to witnesses and generate the relation parameters as well as send the public data ϕ of
@@ -54,20 +58,7 @@ template class ProtoGalaxyProver_ {
* @param domain_separator separates the same type of data coming from difference instances by instance
* index
- void finalise_and_send_instance(std::shared_ptr, const std::string& domain_separator);
- /**
- * @brief Execute the folding prover.
- *
- * @todo TODO(https://github.com/AztecProtocol/barretenberg/issues/753): fold goblin polynomials
- * @return FoldingResult is a pair consisting of an accumulator and a folding proof, which is a proof that the
- * accumulator was computed correctly.
- */
- BB_PROFILE FoldingResult prove();
- // Returns the accumulator, which is the first element in ProverInstances. The accumulator is assumed to have the
- // FoldingParameters set and be the result of a previous round of folding.
- std::shared_ptr get_accumulator() { return instances[0]; }
+ void run_oink_prover_on_instance(std::shared_ptr, const std::string& domain_separator);
* @brief Create inputs to folding protocol (an Oink interaction).
@@ -90,7 +81,6 @@ template class ProtoGalaxyProver_ {
* @details Compute combiner (G polynomial in the paper) and then its quotient (K polynomial), whose coefficient
* will be sent to the verifier.
- /*gate_challenges, alphas, optimised_relation_parameters, perturbator_evaluation, combiner_quotient */
std::tuple, UnivariateRelationSeparator, UnivariateRelationParameters, FF, CombinerQuotient>
combiner_quotient_round(const std::vector& gate_challenges,
const std::vector& deltas,
@@ -108,5 +98,13 @@ template class ProtoGalaxyProver_ {
const UnivariateRelationSeparator& alphas,
const UnivariateRelationParameters& univariate_relation_parameters,
const FF& perturbator_evaluation);
+ /**
+ * @brief Execute the folding prover.
+ *
+ * @return FoldingResult is a pair consisting of an accumulator and a folding proof, which is a proof that the
+ * accumulator was computed correctly.
+ */
+ BB_PROFILE FoldingResult prove();
} // namespace bb
\ No newline at end of file
diff --git a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp
index 7ba4ceb8410..9f9d7b59a8e 100644
--- a/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp
+++ b/barretenberg/cpp/src/barretenberg/protogalaxy/protogalaxy_prover_impl.hpp
@@ -8,74 +8,23 @@
namespace bb {
-void ProtoGalaxyProver_::finalise_and_send_instance(std::shared_ptr instance,
- const std::string& domain_separator)
+void ProtogalaxyProver_::run_oink_prover_on_instance(std::shared_ptr instance,
+ const std::string& domain_separator)
- ZoneScopedN("ProtoGalaxyProver::finalise_and_send_instance");
+ ZoneScopedN("ProtogalaxyProver::run_oink_prover_on_instance");
OinkProver oink_prover(instance, transcript, domain_separator + '_');
-FoldingResult ProtoGalaxyProver_::update_target_sum_and_fold(
- const ProverInstances& instances,
- const CombinerQuotient& combiner_quotient,
- const UnivariateRelationSeparator& alphas,
- const UnivariateRelationParameters& univariate_relation_parameters,
- const FF& perturbator_evaluation)
- BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::update_target_sum_and_fold");
- using Fun = ProtogalaxyProverInternal;
- const FF combiner_challenge = transcript->template get_challenge("combiner_quotient_challenge");
- FoldingResult result{ .accumulator = instances[0], .proof = std::move(transcript->proof_data) };
- // TODO(https://github.com/AztecProtocol/barretenberg/issues/881): bad pattern
- result.accumulator->is_accumulator = true;
- // Compute the next target sum
- auto [vanishing_polynomial_at_challenge, lagranges] =
- Fun::compute_vanishing_polynomial_and_lagranges(combiner_challenge);
- result.accumulator->target_sum = perturbator_evaluation * lagranges[0] +
- vanishing_polynomial_at_challenge * combiner_quotient.evaluate(combiner_challenge);
- // Fold the proving key polynomials
- for (auto& poly : result.accumulator->proving_key.polynomials.get_unshifted()) {
- poly *= lagranges[0];
- }
- for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) {
- for (auto [acc_poly, inst_poly] : zip_view(result.accumulator->proving_key.polynomials.get_unshifted(),
- instances[inst_idx]->proving_key.polynomials.get_unshifted())) {
- acc_poly.add_scaled(inst_poly, lagranges[inst_idx]);
- }
- }
- // Evaluate the combined batching α_i univariate at challenge to obtain next α_i and send it to the
- // verifier, where i ∈ {0,...,NUM_SUBRELATIONS - 1}
- for (auto [folded_alpha, inst_alpha] : zip_view(result.accumulator->alphas, alphas)) {
- folded_alpha = inst_alpha.evaluate(combiner_challenge);
- }
- // Evaluate each relation parameter univariate at challenge to obtain the folded relation parameters.
- for (auto [univariate, value] : zip_view(univariate_relation_parameters.get_to_fold(),
- result.accumulator->relation_parameters.get_to_fold())) {
- value = univariate.evaluate(combiner_challenge);
- }
- return result;
-template void ProtoGalaxyProver_::run_oink_prover_on_each_instance()
+template void ProtogalaxyProver_::run_oink_prover_on_each_instance()
- BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::run_oink_prover_on_each_instance");
+ BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::run_oink_prover_on_each_instance");
auto idx = 0;
auto& instance = instances[0];
auto domain_separator = std::to_string(idx);
if (!instance->is_accumulator) {
- finalise_and_send_instance(instance, domain_separator);
+ run_oink_prover_on_instance(instance, domain_separator);
instance->target_sum = 0;
instance->gate_challenges = std::vector(instance->proving_key.log_circuit_size, 0);
@@ -85,7 +34,7 @@ template void ProtoGalaxyProver_::run_o
for (auto it = instances.begin() + 1; it != instances.end(); it++, idx++) {
auto instance = *it;
auto domain_separator = std::to_string(idx);
- finalise_and_send_instance(instance, domain_separator);
+ run_oink_prover_on_instance(instance, domain_separator);
state.accumulator = instances[0];
@@ -93,10 +42,10 @@ template void ProtoGalaxyProver_::run_o
std::tuple, Polynomial>
const std::shared_ptr& accumulator)
- BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::perturbator_round");
+ BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::perturbator_round");
using Fun = ProtogalaxyProverInternal;
@@ -108,7 +57,8 @@ ProtoGalaxyProver_::perturbator_round(
: Polynomial(accumulator->proving_key.log_circuit_size + 1);
// Prover doesn't send the constant coefficient of F because this is supposed to be equal to the target sum of
// the accumulator which the folding verifier has from the previous iteration.
- // TODO(https://github.com/AztecProtocol/barretenberg/issues/1087): Verifier circuit for first IVC step is different
+ // TODO(https://github.com/AztecProtocol/barretenberg/issues/1087): Verifier circuit for first IVC step is
+ // different
if (accumulator->is_accumulator) {
for (size_t idx = 1; idx <= accumulator->proving_key.log_circuit_size; idx++) {
transcript->send_to_verifier("perturbator_" + std::to_string(idx), perturbator[idx]);
@@ -120,15 +70,15 @@ ProtoGalaxyProver_::perturbator_round(
- typename ProtoGalaxyProver_::UnivariateRelationSeparator,
- typename ProtoGalaxyProver_::UnivariateRelationParameters,
+ typename ProtogalaxyProver_::UnivariateRelationSeparator,
+ typename ProtogalaxyProver_::UnivariateRelationParameters,
typename ProverInstances::Flavor::FF,
- typename ProtoGalaxyProver_::CombinerQuotient>
-ProtoGalaxyProver_::combiner_quotient_round(const std::vector& gate_challenges,
+ typename ProtogalaxyProver_::CombinerQuotient>
+ProtogalaxyProver_::combiner_quotient_round(const std::vector& gate_challenges,
const std::vector& deltas,
const ProverInstances& instances)
- BB_OP_COUNT_TIME_NAME("ProtoGalaxyProver_::combiner_quotient_round");
+ BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::combiner_quotient_round");
using Fun = ProtogalaxyProverInternal;
@@ -137,12 +87,13 @@ ProtoGalaxyProver_::combiner_quotient_round(const std::vector updated_gate_challenges =
update_gate_challenges(perturbator_challenge, gate_challenges, deltas);
const UnivariateRelationSeparator alphas = Fun::compute_and_extend_alphas(instances);
- const PowPolynomial pow_polynomial{ updated_gate_challenges, instances[0]->proving_key.log_circuit_size };
+ const GateSeparatorPolynomial gate_separators{ updated_gate_challenges,
+ instances[0]->proving_key.log_circuit_size };
const UnivariateRelationParameters relation_parameters =
Fun::template compute_extended_relation_parameters(instances);
- OptimisedTupleOfTuplesOfUnivariates accumulators;
- auto combiner = Fun::compute_combiner(instances, pow_polynomial, relation_parameters, alphas, accumulators);
+ TupleOfTuplesOfUnivariates accumulators;
+ auto combiner = Fun::compute_combiner(instances, gate_separators, relation_parameters, alphas, accumulators);
const FF perturbator_evaluation = state.perturbator.evaluate(perturbator_challenge);
const CombinerQuotient combiner_quotient = Fun::compute_combiner_quotient(perturbator_evaluation, combiner);
@@ -155,8 +106,63 @@ ProtoGalaxyProver_::combiner_quotient_round(const std::vector
+FoldingResult ProtogalaxyProver_::update_target_sum_and_fold(
+ const ProverInstances& instances,
+ const CombinerQuotient& combiner_quotient,
+ const UnivariateRelationSeparator& alphas,
+ const UnivariateRelationParameters& univariate_relation_parameters,
+ const FF& perturbator_evaluation)
+ BB_OP_COUNT_TIME_NAME("ProtogalaxyProver_::update_target_sum_and_fold");
+ using Fun = ProtogalaxyProverInternal;
+ const FF combiner_challenge = transcript->template get_challenge("combiner_quotient_challenge");
+ FoldingResult result{ .accumulator = instances[0], .proof = std::move(transcript->proof_data) };
+ // TODO(https://github.com/AztecProtocol/barretenberg/issues/881): bad pattern
+ result.accumulator->is_accumulator = true;
+ // Compute the next target sum
+ auto [vanishing_polynomial_at_challenge, lagranges] =
+ Fun::compute_vanishing_polynomial_and_lagranges(combiner_challenge);
+ result.accumulator->target_sum = perturbator_evaluation * lagranges[0] +
+ vanishing_polynomial_at_challenge * combiner_quotient.evaluate(combiner_challenge);
+ // Fold the proving key polynomials
+ for (auto& poly : result.accumulator->proving_key.polynomials.get_unshifted()) {
+ poly *= lagranges[0];
+ }
+ for (size_t inst_idx = 1; inst_idx < ProverInstances::NUM; inst_idx++) {
+ for (auto [acc_poly, inst_poly] : zip_view(result.accumulator->proving_key.polynomials.get_unshifted(),
+ instances[inst_idx]->proving_key.polynomials.get_unshifted())) {
+ acc_poly.add_scaled(inst_poly, lagranges[inst_idx]);
+ }
+ }
+ // Evaluate the combined batching α_i univariate at challenge to obtain next α_i and send it to the
+ // verifier, where i ∈ {0,...,NUM_SUBRELATIONS - 1}
+ for (auto [folded_alpha, inst_alpha] : zip_view(result.accumulator->alphas, alphas)) {
+ folded_alpha = inst_alpha.evaluate(combiner_challenge);
+ }
+ // Evaluate each relation parameter univariate at challenge to obtain the folded relation parameters.
+ for (auto [univariate, value] : zip_view(univariate_relation_parameters.get_to_fold(),
+ result.accumulator->relation_parameters.get_to_fold())) {
+ value = univariate.evaluate(combiner_challenge);
+ }
+ return result;