comments resolved

AztecProtocol · Aug 16, 2024 · 94c95f3 · 94c95f3
1 parent 1dd93cc
commit 94c95f3
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 36 deletions.
diff --git a/barretenberg/cpp/docs/src/sumcheck-outline.md b/barretenberg/cpp/docs/src/sumcheck-outline.md
@@ -171,7 +171,7 @@ To prevent the witness information leakage through the Round Univariates determi
 \f{align}{
 	G \gets \sum_{i=0}^{d-1} g_{i}(X_i),
 \f}
-where the <b>Libra univariates</b> are given by the formula 
+where \f$ d \f$ is the number of Sumcheck rounds, and the <b>Libra univariates</b> are given by the formula 
 \f{align}{
 	g_{i} = \sum_{j=0}^{\tilde{D}} g_{i,j} \cdot L_{j,\{0,\ldots, \tilde{D}\}}(X_i) \quad  \text{for } (g_{i,j}) \gets_{\$} \mathbb{F}^{d\cdot (\tilde{D}+1)}
 \f}
@@ -195,8 +195,10 @@ Observe that \f$ G \f$ has several important properties
 - The coefficients of \f$ G \f$ are independent and uniformly distributed.
 - Evaluations of \f$ G \f$ at \f$ \vec \ell \in \{0,1\}^d\f$ and related Sumcheck Round Univariates are efficiently computable.
 
-The first two properties imply that the evaluations over the domain \f$ \{0,\ldots, \tilde{D}\}\f$ defining <b>Libra Round Univariates </b>, i.e. round univariates for \f$ G \f$,  are independent and uniformly distributed. 
-Moreover, since Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ are the sums of respective unvariates, the second property and the condition \f$ \tilde{D}\geq D \f$ ensure that the evaluations \f$ \tilde{S}^i(0),\ldots,\tilde{S}^i(\tilde D)\f$ defined in [Compute Round Univariates](#ComputeRoundUnivariates) are hidden by random scalars obtained as evaluations of Libra Round Univariates, which are described explicitly [below](#LibraRoundUnivariates).
+The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$  are independent and uniformly distributed. We call them Libra Round Univarites.
+
+Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge. 
+The fact that the degrees of Libra Round Univariates are big enough (i.e. \f$ \tilde{D}\geq D \f$) and that their evaluations are random imply that the evaluations \f$ \tilde{S}^i(0),\ldots,\tilde{S}^i(\tilde D)\f$ defined in [Compute Round Univariates](#ComputeRoundUnivariates) are now masked by the evaluations of Libra Round Univariates. These evaluations are described explicitly [below](#LibraRoundUnivariates).
 
 ### Example {#LibraPolynomialExample}
 

diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck.hpp
@@ -1,4 +1,3 @@
-
 #pragma once
 #include "barretenberg/plonk_honk_shared/library/grand_product_delta.hpp"
 #include "barretenberg/polynomials/polynomial_arithmetic.hpp"
@@ -136,7 +135,7 @@ template <typename Flavor> class SumcheckProver {
     static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = Flavor::BATCHED_RELATION_PARTIAL_LENGTH;
     // Specify the number of all witnesses including shifts and derived witnesses from flavors that have ZK,
     // otherwise, set this constant to 0
-    static constexpr size_t NUM_ALL_WITNESS_ENTITIES = Flavor::HasZK ? Flavor::NUM_ALL_WITNESS_ENTITIES : 0;
+    static constexpr size_t NUM_ALL_WITNESS_ENTITIES = Flavor::NUM_ALL_WITNESS_ENTITIES;
     /**
      * @brief The size of the hypercube, i.e. \f$ 2^d\f$.
      *
@@ -158,6 +157,8 @@ template <typename Flavor> class SumcheckProver {
 
     std::shared_ptr<Transcript> transcript;
     SumcheckProverRound<Flavor> round;
+    // Declare a container for ZK Sumcheck data
+    ZKSumcheckData<Flavor> zk_sumcheck_data;
 
     /**
     *
@@ -204,8 +205,6 @@ template <typename Flavor> class SumcheckProver {
                                  const RelationSeparator alpha,
                                  const std::vector<FF>& gate_challenges)
     {
-        // Declare a container for ZK Sumcheck data
-        ZKSumcheckData<Flavor> zk_sumcheck_data;
         // In case the Flavor has ZK, we populate sumcheck data structure with randomness, compute correcting term for
         // the total sum, etc.
         if constexpr (Flavor::HasZK) {
@@ -279,21 +278,15 @@ template <typename Flavor> class SumcheckProver {
         // Claimed evaluations of Prover polynomials are extracted and added to the transcript. When Flavor has ZK, the
         // evaluations of all witnesses are masked.
         ClaimedEvaluations multivariate_evaluations;
-        if constexpr (Flavor::HasZK) {
-            extract_claimed_evaluations(
-                partially_evaluated_polynomials, multivariate_evaluations, zk_sumcheck_data.masking_terms_evaluations);
-        } else {
-            extract_claimed_evaluations(partially_evaluated_polynomials, multivariate_evaluations);
-        };
-
+        multivariate_evaluations = extract_claimed_evaluations(partially_evaluated_polynomials);
         transcript->send_to_verifier("Sumcheck:evaluations", multivariate_evaluations.get_all());
         // For ZK Flavors: the evaluations of Libra univariates are included in the Sumcheck Output
         if constexpr (!Flavor::HasZK) {
             return SumcheckOutput<Flavor>{ multivariate_challenge, multivariate_evaluations };
         } else {
-            return SumcheckOutput<Flavor>{
-                multivariate_challenge, multivariate_evaluations, zk_sumcheck_data.libra_evaluations, {}
-            };
+            return SumcheckOutput<Flavor>{ multivariate_challenge,
+                                           multivariate_evaluations,
+                                           zk_sumcheck_data.libra_evaluations };
         }
     };
 
@@ -369,10 +362,9 @@ polynomials that are sent in clear.
     * @param partially_evaluated_polynomials
     * @param multivariate_evaluations
     */
-    void extract_claimed_evaluations(PartiallyEvaluatedMultivariates partially_evaluated_polynomials,
-                                     ClaimedEvaluations& multivariate_evaluations,
-                                     std::optional<EvaluationMaskingTable> masking_terms_evaluations = std::nullopt)
+    ClaimedEvaluations extract_claimed_evaluations(PartiallyEvaluatedMultivariates& partially_evaluated_polynomials)
     {
+        ClaimedEvaluations multivariate_evaluations;
         if constexpr (!Flavor::HasZK) {
             for (auto [eval, poly] :
                  zip_view(multivariate_evaluations.get_all(), partially_evaluated_polynomials.get_all())) {
@@ -387,10 +379,11 @@ polynomials that are sent in clear.
             // Extract claimed evaluations of all witness polynomials
             for (auto [eval, poly, masking_term] : zip_view(multivariate_evaluations.get_all_witnesses(),
                                                             partially_evaluated_polynomials.get_all_witnesses(),
-                                                            masking_terms_evaluations.value())) {
+                                                            zk_sumcheck_data.masking_terms_evaluations)) {
                 eval = poly[0] + masking_term.value_at(0);
             }
         }
+        return multivariate_evaluations;
     };
 
     /**
@@ -421,7 +414,7 @@ polynomials that are sent in clear.
         // have to commit to libra_univariates here
         auto libra_scaling_factor = FF(1);
         FF libra_total_sum = compute_libra_total_sum(libra_univariates, libra_scaling_factor);
-        transcript->send_to_verifier("Libra:Sum", libra_total_sum); // take care of this in ultra transcript!
+        transcript->send_to_verifier("Libra:Sum", libra_total_sum);
         // get the challenge for the zk-sumcheck claim \sigma + \rho \cdot libra_total_sum
         FF libra_challenge = transcript->template get_challenge<FF>("Libra:Challenge");
         // Initialize Libra running sum by multiplpying it by Libra challenge \f$\rho\f$;
@@ -449,12 +442,10 @@ polynomials that are sent in clear.
      */
     static LibraUnivariates generate_libra_polynomials(size_t number_of_polynomials)
     {
-        LibraUnivariates libra_full_polynomials;
-        for (size_t k = 0; k < number_of_polynomials; ++k) {
-            auto libra_polynomial =
-                bb::Univariate<FF, LIBRA_UNIVARIATES_LENGTH>::get_random(); // generate random polynomial of
-                                                                            // required size
-            libra_full_polynomials.emplace_back(libra_polynomial);          // place random polynomial into the vector
+        LibraUnivariates libra_full_polynomials(number_of_polynomials);
+        for (auto& libra_polynomial : libra_full_polynomials) {
+            // generate random polynomial of required size
+            libra_polynomial = bb::Univariate<FF, LIBRA_UNIVARIATES_LENGTH>::get_random();
         };
 
         return libra_full_polynomials;

diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/sumcheck_round.hpp
@@ -214,8 +214,7 @@ template <typename Flavor> class SumcheckProverRound {
             auto round_univariate =
                 batch_over_relations<SumcheckRoundUnivariate>(univariate_accumulators, alpha, pow_polynomial);
             // Mask the round univariate
-            auto masked_round_univariate = round_univariate + libra_round_univariate;
-            return masked_round_univariate;
+            return round_univariate + libra_round_univariate;
         }
         // Batch the univariate contributions from each sub-relation to obtain the round univariate
         else {

diff --git a/barretenberg/cpp/src/barretenberg/sumcheck/zk_sumcheck_data.hpp b/barretenberg/cpp/src/barretenberg/sumcheck/zk_sumcheck_data.hpp
@@ -7,7 +7,7 @@
 namespace bb {
 
 /**
- * @brief This structure is created for contain various polynomials and constants required by ZK Sumcheck.
+ * @brief This structure is created to contain various polynomials and constants required by ZK Sumcheck.
  *
  */
 template <typename Flavor> struct ZKSumcheckData {
@@ -25,14 +25,14 @@ template <typename Flavor> struct ZKSumcheckData {
      * "MAX_PARTIAL_RELATION_LENGTH + 1".
      */
     static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = Flavor::BATCHED_RELATION_PARTIAL_LENGTH;
-
-    static constexpr size_t NUM_ALL_WITNESS_ENTITIES = Flavor::HasZK ? Flavor::NUM_ALL_WITNESS_ENTITIES : 0;
+    // Initialize the length of the array of evaluation masking scalars as 0 for non-ZK Flavors and as
+    // NUM_ALL_WITNESS_ENTITIES for ZK FLavors
+    static constexpr size_t MASKING_SCALARS_LENGTH = Flavor::HasZK ? Flavor::NUM_ALL_WITNESS_ENTITIES : 0;
     // Array of random scalars used to hide the witness info from leaking through the claimed evaluations
-    using EvalMaskingScalars = std::array<FF, NUM_ALL_WITNESS_ENTITIES>;
+    using EvalMaskingScalars = std::array<FF, MASKING_SCALARS_LENGTH>;
     // Auxiliary table that represents the evaluations of quadratic polynomials r_j * X(1-X) at 0,...,
     // MAX_PARTIAL_RELATION_LENGTH - 1
-    using EvaluationMaskingTable =
-        std::array<bb::Univariate<FF, MAX_PARTIAL_RELATION_LENGTH>, NUM_ALL_WITNESS_ENTITIES>;
+    using EvaluationMaskingTable = std::array<bb::Univariate<FF, MAX_PARTIAL_RELATION_LENGTH>, MASKING_SCALARS_LENGTH>;
     // The size of the LibraUnivariates. We ensure that they do not take extra space when Flavor runs non-ZK
     // Sumcheck.
     static constexpr size_t LIBRA_UNIVARIATES_LENGTH = Flavor::HasZK ? Flavor::BATCHED_RELATION_PARTIAL_LENGTH : 0;