Implements loading challenges from the transcript and computing powers of α, which is later used in widgets. More...
#include <transition_widget.hpp>
Static Public Member Functions | |
| static challenge_array | get_challenges (const Transcript &transcript, const Field &alpha_base, uint8_t required_challenges) |
| static Field | update_alpha (const challenge_array &challenges, const size_t num_independent_relations) |
Protected Types | |
| typedef containers::challenge_array< Field, num_widget_relations > | challenge_array |
Detailed Description
class proof_system::plonk::widget::getters::BaseGetter< Field, Transcript, Settings, num_widget_relations >
Implements loading challenges from the transcript and computing powers of α, which is later used in widgets.
- Template Parameters
-
Field Base field Transcript Transcript class Settings Configuration num_widget_relations How many powers of α are needed
Member Function Documentation
◆ get_challenges()
|
inlinestatic |
Create a challenge array from transcript. Loads alpha, beta, gamma, eta, zeta and nu and calculates powers of alpha.
- Parameters
-
transcript Transcript to get challenges from. alpha_base alpha to some power (depends on previously used widgets). required_challenges Challenge bitmask, which shows when the function should fail.
- Returns
- A structure with an array of challenge values and powers of alpha.
There are several issues we need to address here:
- We can't just set the value to 0. In case of a typo this could lead to a vulnerability
- We can't fail when there is no challenge, because getters get activated at various phases
- There is no way for us to check accesses in the challenge_array (it would degrade speed)
One of the mitigations we use is we force the transition widget kernel to have members that describe the necessary challenges for quotient polynomial construction and for kate update. We then take them and submit to the get_challenges function. This allows us to catch misuse, but only if the developer is prudent.
Since we can't enforce anything really we introduced a simple mitigation: The challenges that aren't in the transcript are replaced by random values.
The value each of the widget uses and the value the verifier uses will differ. As a result, proof will fail if some widget uses an uninitialized challenge. *
The documentation for this class was generated from the following file:
- src/barretenberg/plonk/proof_system/widgets/transition_widgets/transition_widget.hpp
