barretenberg
barretenberg copied to clipboard
AztecProtocol
- ~~`PowPolynomial` is a misnomer now~~ - ~~The rounds should have more informative names~~ - `next_accumulator` - ~~`ProtoGalaxy` $\leadsto$ `Protogalaxy` following the paper~~ - ~~`compute_full_honk_evaluations`~~ - ~~"instance"?~~ - ~~"compressed"~~ -...
Right now each unit test is a copy of the Solidity verifier. Now that proofs are constant, we could pass the vk and number of public inputs as non-constants and...
The Solidity verifier (and UltraKeccak flavor) have no notion of the aggregation object yet, the pairing is done only with the points obtained in the Solidity PCS verification.
Now they are a copy of the C++ relations, which makes debugging easier. But they have a lot of variables and Solidity puts a limit on the number of variables...
In bberg, a Honk/PG proof explicitly contains the public inputs. They are placed at an offset from the start position (after circuit size, log circuit size, and num public inputs)....
We need to update the acir interfaces to use the mega flavor and aztec ivc. We also need to construct a proper test program that has sizable (maybe 2^17/18/19 circuits).
We need to ensure no parts of the protocol use transcript in an unexpected way. We can do tracking of usage of particular values with DFSan
This issue concerns the method verify_proof() in ultra_recursive_verifier and the group operations performed there. Although these considerations could be useful for zeromorph, the main focus is on the Gemini+Shplonk multilinear...
We are accumulating limbs one by one when decomposing field_t into a byte_array. Could use big addition gates instead