barretenberg
Loading...
Searching...
No Matches
sol_gen.hpp
1namespace proof_system {
2
7inline void output_vk_sol_standard(std::ostream& os,
8 std::shared_ptr<plonk::verification_key> const& key,
9 std::string const& class_name)
10{
11 const auto print_u256 = [&](const std::string& offset, const barretenberg::fr& element, const std::string& name) {
12 os << " mstore(add(_vk, " << offset << "), " << element << ") // " << name << std::endl;
13 };
14
15 const auto print_g1 = [&](const std::string& offsetX,
16 const std::string& offsetY,
17 const barretenberg::g1::affine_element& element,
18 const std::string& name) {
19 os << " mstore(add(_vk, " << offsetX << "), " << element.x << ") // " << name << ".x" << std::endl;
20 os << " mstore(add(_vk, " << offsetY << "), " << element.y << ") // " << name << ".y" << std::endl;
21 };
22
23 // clang-format off
24 os <<
25 "// Verification Key Hash: " << key->sha256_hash() << "\n"
26 "// SPDX-License-Identifier: Apache-2.0\n"
27 "// Copyright 2022 Aztec\n"
28 "pragma solidity >=0.8.4;\n"
29 "\n"
30 "library " << class_name << " {\n"
31 " function verificationKeyHash() internal pure returns(bytes32) {\n"
32 " return 0x" << key->sha256_hash() << ";\n"
33 " }\n\n"
34 " function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure {\n"
35 " assembly {\n";
36 print_u256("0x00", key->domain.size, "vk.circuit_size");
37 print_u256("0x20", key->num_public_inputs, "vk.num_inputs");
38 print_u256("0x40", key->domain.root, "vk.work_root");
39 print_u256("0x60", key->domain.domain_inverse, "vk.domain_inverse");
40 print_g1("0x80", "0xa0", key->commitments.at("Q_1"), "vk.Q1");
41 print_g1("0xc0", "0xe0", key->commitments.at("Q_2"), "vk.Q2");
42 print_g1("0x100", "0x120", key->commitments.at("Q_3"), "vk.Q3");
43 print_g1("0x140", "0x160", key->commitments.at("Q_M"), "vk.QM");
44 print_g1("0x180", "0x1a0", key->commitments.at("Q_C"), "vk.QC");
45 print_g1("0x1c0", "0x1e0", key->commitments.at("SIGMA_1"), "vk.SIGMA1");
46 print_g1("0x200", "0x220", key->commitments.at("SIGMA_2"), "vk.SIGMA2");
47 print_g1("0x240", "0x260", key->commitments.at("SIGMA_3"), "vk.SIGMA3");
48 os <<
49 " mstore(add(_vk, 0x280), " << (key->contains_recursive_proof ? "0x01" : "0x00") << ") // vk.contains_recursive_proof\n"
50 " mstore(add(_vk, 0x2a0), " << (key->contains_recursive_proof ? key->recursive_proof_public_input_indices[0] : 0) << ") // vk.recursive_proof_public_input_indices\n"
51 " mstore(add(_vk, 0x2c0), " << key->reference_string->get_g2x().x.c1 << ") // vk.g2_x.X.c1 \n"
52 " mstore(add(_vk, 0x2e0), " << key->reference_string->get_g2x().x.c0 << ") // vk.g2_x.X.c0 \n"
53 " mstore(add(_vk, 0x300), " << key->reference_string->get_g2x().y.c1 << ") // vk.g2_x.Y.c1 \n"
54 " mstore(add(_vk, 0x320), " << key->reference_string->get_g2x().y.c0 << ") // vk.g2_x.Y.c0 \n"
55 " mstore(_omegaInverseLoc, " << key->domain.root_inverse << ") // vk.work_root_inverse\n"
56 " }\n"
57 " }\n"
58 "}\n";
59
60 os << std::flush;
61}
62
63
68inline void output_vk_sol_ultra(std::ostream& os, std::shared_ptr<plonk::verification_key> const& key, std::string const& class_name)
69{
70 const auto print_u256 = [&](const std::string& offset, const barretenberg::fr& element, const std::string& name) {
71 os << " mstore(add(_vk, " << offset << "), " << element << ") // " << name << std::endl;
72 };
73
74 const auto print_g1 = [&](const std::string& offsetX,
75 const std::string& offsetY,
76 const barretenberg::g1::affine_element& element,
77 const std::string& name) {
78 os << " mstore(add(_vk, " << offsetX << "), " << element.x << ") // " << name << ".x" << std::endl;
79 os << " mstore(add(_vk, " << offsetY << "), " << element.y << ") // " << name << ".y" << std::endl;
80 };
81
82 // clang-format off
83 os <<
84 "// Verification Key Hash: " << key->sha256_hash() << "\n"
85 "// SPDX-License-Identifier: Apache-2.0\n"
86 "// Copyright 2022 Aztec\n"
87 "pragma solidity >=0.8.4;\n"
88 "\n"
89 "library " << class_name << " {\n"
90 " function verificationKeyHash() internal pure returns(bytes32) {\n"
91 " return 0x" << key->sha256_hash() << ";\n"
92 " }\n\n"
93 " function loadVerificationKey(uint256 _vk, uint256 _omegaInverseLoc) internal pure {\n"
94 " assembly {\n";
95 print_u256("0x00", key->domain.size, "vk.circuit_size");
96 print_u256("0x20", key->num_public_inputs, "vk.num_inputs");
97 print_u256("0x40", key->domain.root, "vk.work_root");
98 print_u256("0x60", key->domain.domain_inverse, "vk.domain_inverse");
99 print_g1("0x80", "0xa0", key->commitments.at("Q_1"), "vk.Q1");
100 print_g1("0xc0", "0xe0", key->commitments.at("Q_2"), "vk.Q2");
101 print_g1("0x100", "0x120", key->commitments.at("Q_3"), "vk.Q3");
102 print_g1("0x140", "0x160", key->commitments.at("Q_4"), "vk.Q4");
103 print_g1("0x180", "0x1a0", key->commitments.at("Q_M"), "vk.Q_M");
104 print_g1("0x1c0", "0x1e0", key->commitments.at("Q_C"), "vk.Q_C");
105 print_g1("0x200", "0x220", key->commitments.at("Q_ARITHMETIC"), "vk.Q_ARITHMETIC");
106 print_g1("0x240", "0x260", key->commitments.at("Q_SORT"), "vk.QSORT");
107 print_g1("0x280", "0x2a0", key->commitments.at("Q_ELLIPTIC"), "vk.Q_ELLIPTIC");
108 print_g1("0x2c0", "0x2e0", key->commitments.at("Q_AUX"), "vk.Q_AUX");
109 print_g1("0x300", "0x320", key->commitments.at("SIGMA_1"), "vk.SIGMA1");
110 print_g1("0x340", "0x360", key->commitments.at("SIGMA_2"), "vk.SIGMA2");
111 print_g1("0x380", "0x3a0", key->commitments.at("SIGMA_3"), "vk.SIGMA3");
112 print_g1("0x3c0", "0x3e0", key->commitments.at("SIGMA_4"), "vk.SIGMA4");
113 print_g1("0x400", "0x420", key->commitments.at("TABLE_1"), "vk.TABLE1");
114 print_g1("0x440", "0x460", key->commitments.at("TABLE_2"), "vk.TABLE2");
115 print_g1("0x480", "0x4a0", key->commitments.at("TABLE_3"), "vk.TABLE3");
116 print_g1("0x4c0", "0x4e0", key->commitments.at("TABLE_4"), "vk.TABLE4");
117 print_g1("0x500", "0x520", key->commitments.at("TABLE_TYPE"), "vk.TABLE_TYPE");
118 print_g1("0x540", "0x560", key->commitments.at("ID_1"), "vk.ID1");
119 print_g1("0x580", "0x5a0", key->commitments.at("ID_2"), "vk.ID2");
120 print_g1("0x5c0", "0x5e0", key->commitments.at("ID_3"), "vk.ID3");
121 print_g1("0x600", "0x620", key->commitments.at("ID_4"), "vk.ID4");
122 os <<
123 " mstore(add(_vk, 0x640), " << (key->contains_recursive_proof ? "0x01" : "0x00") << ") // vk.contains_recursive_proof\n"
124 " mstore(add(_vk, 0x660), " << (key->contains_recursive_proof ? key->recursive_proof_public_input_indices[0] : 0) << ") // vk.recursive_proof_public_input_indices\n"
125 " mstore(add(_vk, 0x680), " << key->reference_string->get_g2x().x.c1 << ") // vk.g2_x.X.c1 \n"
126 " mstore(add(_vk, 0x6a0), " << key->reference_string->get_g2x().x.c0 << ") // vk.g2_x.X.c0 \n"
127 " mstore(add(_vk, 0x6c0), " << key->reference_string->get_g2x().y.c1 << ") // vk.g2_x.Y.c1 \n"
128 " mstore(add(_vk, 0x6e0), " << key->reference_string->get_g2x().y.c0 << ") // vk.g2_x.Y.c0 \n"
129 " mstore(_omegaInverseLoc, " << key->domain.root_inverse << ") // vk.work_root_inverse\n"
130 " }\n"
131 " }\n"
132 "}\n";
133
134 os << std::flush;
135}
136
144inline void output_vk_sol(std::ostream& os, std::shared_ptr<plonk::verification_key> const& key, std::string const& class_name)
145{
146 CircuitType circuit_type = static_cast<CircuitType>(key->circuit_type);
147 switch (circuit_type) {
148 case CircuitType::STANDARD: {
149 return output_vk_sol_standard(os, key, class_name);
150 break;
151 }
152 case CircuitType::ULTRA: {
153 return output_vk_sol_ultra(os, key, class_name);
154 break;
155 }
156 default: {
157 std::cerr << "proof_system::output_vk_sol unsupported composer type. Defaulting to standard composer" << std::endl;
158 return output_vk_sol_standard(os, key, class_name);
159 }
160 }
161}
162} // namespace proof_system
barretenberg::group_elements::affine_element
Definition: affine_element.hpp:11
Generated by doxygen 1.9.6