acir_format::RecursionConstraint Struct Reference

RecursionConstraint struct contains information required to recursively verify a proof! More...

#include <recursion_constraint.hpp>

Public Attributes
std::vector< uint32_t >	key
std::vector< uint32_t >	proof
std::vector< uint32_t >	public_inputs
uint32_t	key_hash
std::array< uint32_t, AGGREGATION_OBJECT_SIZE >	input_aggregation_object
std::array< uint32_t, AGGREGATION_OBJECT_SIZE >	output_aggregation_object
std::array< uint32_t, AGGREGATION_OBJECT_SIZE >	nested_aggregation_object

Static Public Attributes
static constexpr size_t	NUM_AGGREGATION_ELEMENTS = 4
static constexpr size_t	AGGREGATION_OBJECT_SIZE

Friends
bool	operator== (RecursionConstraint const &lhs, RecursionConstraint const &rhs)=default

Detailed Description

RecursionConstraint struct contains information required to recursively verify a proof!

The recursive verifier algorithm produces an 'aggregation object' representing 2 G1 points, expressed as 16 witness values. The smart contract Verifier must be aware of this aggregation object in order to complete the full recursive verification. If the circuit verifies more than 1 proof, the recursion algorithm will update a pre-existing aggregation object (input_aggregation_object).

We currently require that the inner circuit being verified only has a single public input. If more are required, the outer circuit can hash them down to 1 input.

Parameters

verification_key_data	The inner circuit vkey. Is converted into circuit witness values (internal to the backend)
proof	The plonk proof. Is converted into circuit witness values (internal to the backend)
is_aggregation_object_nonzero	A flag to tell us whether the circuit has already recursively verified proofs (and therefore an aggregation object is present)
public_input	The index of the single public input
input_aggregation_object	Witness indices of pre-existing aggregation object (if it exists)
output_aggregation_object	Witness indices of the aggregation object produced by recursive verification
nested_aggregation_object	Public input indices of an aggregation object inside the proof.

Note

If input_aggregation_object witness indices are all zero, we interpret this to mean that the inner proof does NOT contain a previously recursively verified proof

nested_aggregation_object is used for cases where the proof being verified contains an aggregation object in its public inputs! If this is the case, we record the public input locations in nested_aggregation_object. If the inner proof is of a circuit that does not have a nested aggregation object, these values are all zero.

To outline the interaction between the input_aggergation_object and the nested_aggregation_object take the following example: If we have a circuit that verifies 2 proofs A and B, the recursion constraint for B will have an input_aggregation_object that points to the aggregation output produced by verifying A. If circuit B also verifies a proof, in the above example the recursion constraint for verifying B will have a nested object that describes the aggregation object in B’s public inputs as well as an input aggregation object that points to the object produced by the previous recursion constraint in the circuit (the one that verifies A)

Member Data Documentation

AGGREGATION_OBJECT_SIZE

constexpr size_t acir_format::RecursionConstraint::AGGREGATION_OBJECT_SIZE

staticconstexpr

Initial value:

=
        NUM_AGGREGATION_ELEMENTS * NUM_QUOTIENT_PARTS

---

The documentation for this struct was generated from the following file:

• src/barretenberg/dsl/acir_format/recursion_constraint.hpp