feat: Client IVC API (#10217)

- Establish API in purely virtual class
- This is just a first pass. I will continue to work on this before
showing dev rel and others to get buy-in.
- Implement some API functions for ClientIVC: prove, verify,
prove_and_verify
- Support for constructing CIVC proof for input a single circuit
  - This is interpreted as a "compiletime stack"
- Produces ECCVM and Translator proofs from dummy/empty data; future
optimization could avoid.
- Add `one_circuit` to CIVC to encode whether the MH part of the CIVC
proof should be a hiding circuit (which takes a folding proof) or a
proof for the single circuit.
- Run almost all ACIR tests against ClientIVC
- Previously only ran MegaHonk tests, which are not totally meaningful.
- Four are skipped because they fail. These failures are expected to be
superficial (see
AztecProtocol/barretenberg#1164 and the
references to it in the PR's new code).
- fold_and_verify and mega honk flows go away in bb, but remain until
bb.js alignment.
- Delete large log file that should not be track (accounts for big
negative diff).

Author: codygunton

.github/workflows/ci.yml

@@ -444,7 +444,7 @@ jobs:
         timeout-minutes: 40
         run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-ultra-honk
 
-  bb-acir-tests-bb-mega-honk:
+  bb-acir-tests-bb-client-ivc:
     needs: [noir-build-acir-tests, build, configure]
     runs-on: ${{ needs.configure.outputs.username }}-x86
     if: needs.configure.outputs.barretenberg == 'true' || needs.configure.outputs.noir == 'true'
@@ -453,11 +453,11 @@ jobs:
         with: { ref: "${{ env.GIT_COMMIT }}" }
       - uses: ./.github/ci-setup-action
         with:
-          concurrency_key: barretenberg-acir-tests-bb-mega-honk-x86
-      - name: "BB Native Acir Tests (Megahonk)"
+          concurrency_key: barretenberg-acir-tests-bb-client-ivc-x86
+      - name: "BB Native Acir Tests (ClientIVC)"
         working-directory: ./barretenberg/
         timeout-minutes: 40
-        run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-mega-honk
+        run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-client-ivc
 
   bb-acir-tests-sol:
     needs: [noir-build-acir-tests, build, configure]
@@ -969,7 +969,7 @@ jobs:
       - bb-acir-tests-bb
       - bb-acir-tests-bb-ultra-plonk
       - bb-acir-tests-bb-ultra-honk
-      - bb-acir-tests-bb-mega-honk
+      - bb-acir-tests-bb-client-ivc
       - bb-acir-tests-sol
       - bb-acir-tests-sol-honk
       - bb-acir-tests-bb-js

barretenberg/Earthfile

@@ -27,9 +27,9 @@ barretenberg-acir-tests-bb:
     ENV VERBOSE=1
 
     # Fold and verify an ACIR program stack using ClientIvc
-    RUN FLOW=fold_and_verify_program ./run_acir_tests.sh fold_basic
+    RUN INPUT_TYPE=compiletime_stack FLOW=prove_and_verify_client_ivc ./run_acir_tests.sh fold_basic
     # Fold and verify an ACIR program stack using ClientIvc, then natively verify the ClientIVC proof.
-    RUN FLOW=prove_then_verify_client_ivc ./run_acir_tests.sh fold_basic
+    RUN INPUT_TYPE=compiletime_stack FLOW=prove_then_verify_client_ivc ./run_acir_tests.sh fold_basic
     # Fold and verify an ACIR program stack using ClientIvc, recursively verify as part of the Tube circuit and produce and verify a Honk proof
     RUN FLOW=prove_then_verify_tube ./run_acir_tests.sh fold_basic
     # Run 1_mul through native bb build, all_cmds flow, to test all cli args.
@@ -79,7 +79,7 @@ barretenberg-acir-tests-bb-ultra-honk:
     # Construct and verify a UltraHonk proof for a single program that recursively verifies a Honk proof
     RUN FLOW=prove_and_verify_ultra_honk ./run_acir_tests.sh verify_honk_proof
 
-barretenberg-acir-tests-bb-mega-honk:
+barretenberg-acir-tests-bb-client-ivc:
     FROM ../build-images/+from-registry
 
     COPY ./cpp/+preset-clang-assert/bin/bb /usr/src/barretenberg/cpp/build/bin/bb
@@ -92,12 +92,10 @@ barretenberg-acir-tests-bb-mega-honk:
     ENV TEST_SRC /usr/src/acir_artifacts
     ENV VERBOSE=1
 
-    # Construct and separately verify a MegaHonk proof for all acir programs
-    RUN FLOW=prove_then_verify_mega_honk ./run_acir_tests.sh
-    # Construct and verify a MegaHonk proof for a single arbitrary program
-    RUN FLOW=prove_and_verify_mega_honk ./run_acir_tests.sh 6_array
-    # Construct and verify a MegaHonk proof for all ACIR programs using the new witness stack workflow
-    RUN FLOW=prove_and_verify_mega_honk_program ./run_acir_tests.sh
+    # Construct and verify a ClientIVC proof for a single arbitrary program
+    RUN FLOW=prove_and_verify_client_ivc ./run_acir_tests.sh 6_array
+    # Construct and separately verify a ClientIVC proof for all acir programs
+    RUN FLOW=prove_then_verify_client_ivc CLIENT_IVC_SKIPS=true ./run_acir_tests.sh
 
 barretenberg-acir-tests-sol:
     FROM ../build-images/+from-registry

barretenberg/acir_tests/flows/fold_and_verify_program.sh

@@ -1,6 +1,8 @@
 #!/bin/sh
 set -eu
 
+# this flow is deprecated. currently it is bb.js only. for bb is is replaced by:
+# prove_and_verify --scheme client_ivc --input-type compiletime_stack
 VFLAG=${VERBOSE:+-v}
 
 $BIN fold_and_verify_program $VFLAG -c $CRS_PATH -b ./target/program.json

barretenberg/acir_tests/flows/prove_and_verify_client_ivc.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+VFLAG=${VERBOSE:+-v}
+INFLAG=${INPUT_TYPE=compiletime_stack}
+
+FLAGS="$CRS_PATH -b ./target/program.json $VFLAG --scheme client_ivc -c --input_type $INFLAG"
+
+$BIN prove_and_verify $FLAGS

barretenberg/acir_tests/flows/prove_and_verify_mega_honk.sh

@@ -3,4 +3,9 @@ set -eu
 
 VFLAG=${VERBOSE:+-v}
 
+# this flow is deprecated. currently it is bb.js only. for bb is is replaced by:
+# prove_and_verify --scheme client_ivc --input-type compiletime_stack
+# NB: In general, it is not meaningful to produce a MegaHonk proof an its own since
+#     the MegaHonk proof does not attest to the correctness of every possible kind
+#     of gate that could appear in a Mega execution trace.
 $BIN prove_and_verify_mega_honk $VFLAG -c $CRS_PATH -b ./target/program.json

barretenberg/acir_tests/flows/prove_and_verify_mega_honk_program.sh

@@ -3,4 +3,9 @@ set -eu
 
 VFLAG=${VERBOSE:+-v}
 
+# this flow is deprecated. currently it is bb.js only. for bb is is replaced by:
+# prove_and_verify --scheme client_ivc --input-type compiletime_stack
+# NB: In general, it is not meaningful to produce a MegaHonk proof an its own since
+#     the MegaHonk proof does not attest to the correctness of every possible kind
+#     of gate that could appear in a Mega execution trace.
 $BIN prove_and_verify_mega_honk_program $VFLAG -c $CRS_PATH -b ./target/program.json

barretenberg/acir_tests/flows/prove_then_verify_client_ivc.sh

@@ -3,7 +3,9 @@ set -eu
 
 VFLAG=${VERBOSE:+-v}
 BFLAG="-b ./target/program.json"
-FLAGS="-c $CRS_PATH $VFLAG"
+INFLAG=${INPUT_TYPE=compiletime_stack}
 
-$BIN client_ivc_prove_output_all $FLAGS $BFLAG
-$BIN verify_client_ivc $FLAGS
+FLAGS="--scheme client_ivc -c $CRS_PATH $VFLAG"
+
+$BIN prove $FLAGS $BFLAG --input_type $INFLAG
+$BIN verify $FLAGS

barretenberg/acir_tests/flows/prove_then_verify_tube.sh

@@ -5,7 +5,7 @@ mkdir -p ./proofs
 
 VFLAG=${VERBOSE:+-v}
 
-$BIN client_ivc_prove_output_all $VFLAG -c $CRS_PATH -b ./target/program.json
+$BIN prove --scheme client_ivc --input_type compiletime_stack $VFLAG -c $CRS_PATH -b ./target/program.json
 $BIN prove_tube -k vk -p proof -c $CRS_PATH $VFLAG
 $BIN verify_tube -k vk -p proof -c $CRS_PATH $VFLAG
 

barretenberg/acir_tests/flows/prove_tube.sh

@@ -5,5 +5,5 @@ VFLAG=${VERBOSE:+-v}
 BFLAG="-b ./target/program.json"
 FLAGS="-c $CRS_PATH $VFLAG"
 
-$BIN client_ivc_prove_output_all $VFLAG -c $CRS_PATH -b ./target/program.json
+$BIN prove --scheme client_ivc --input_type compiletime_stack $VFLAG -c $CRS_PATH -b ./target/program.json
 $BIN prove_tube -k vk -p proof $FLAGS

barretenberg/acir_tests/run_acir_tests.sh

@@ -14,6 +14,7 @@ trap handle_sigchild SIGCHLD
 BIN=${BIN:-../cpp/build/bin/bb}
 FLOW=${FLOW:-prove_and_verify}
 HONK=${HONK:-false}
+CLIENT_IVC_SKIPS=${CLIENT_IVC_SKIPS:-false}
 CRS_PATH=~/.bb-crs
 BRANCH=master
 VERBOSE=${VERBOSE:-}
@@ -57,6 +58,21 @@ if [ "$HONK" = true ]; then
     SKIP_ARRAY+=(single_verify_proof double_verify_proof double_verify_nested_proof)
 fi
 
+if [ "$CLIENT_IVC_SKIPS" = true ]; then
+    # At least for now, skip folding tests that fail when run against ClientIVC.
+    # This is not a regression--folding was not being properly tested.
+    # TODO(https://github.com/AztecProtocol/barretenberg/issues/1164): Resolve this
+    # The reason for failure is that compile-time folding, as initially conceived, is
+    # only supported by ClientIVC through hacks. ClientIVC in Aztec is ultimately to be
+    # used through runtime folding, since the kernels that are needed are detected and
+    # constructed at runtime in Aztec's typescript proving interface. ClientIVC appends
+    # folding verifiers and does databus and Goblin merge work depending on its inputs,
+    # detecting which circuits are Aztec kernels. These tests may simple fail for trivial
+    # reasons, e.g. because  the number of circuits in the stack is odd.
+    SKIP_ARRAY+=(fold_basic_nested_call fold_fibonacci fold_numeric_generic_poseidon ram_blowup_regression)
+fi
+
+
 function test() {
   cd $1
 

barretenberg/cpp/docs/src/sumcheck-outline.md

@@ -195,9 +195,9 @@ Observe that \f$ G \f$ has several important properties
 - The coefficients of \f$ G \f$ are independent and uniformly distributed.
 - Evaluations of \f$ G \f$ at \f$ \vec \ell \in \{0,1\}^d\f$ and related Sumcheck Round Univariates are efficiently computable.
 
-The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$  are independent and uniformly distributed. We call them Libra Round Univarites.
+The first two properties imply that the evaluations of Sumcheck Round Univariates for \f$G\f$  are independent and uniformly distributed. We call them Libra Round Univariates.
 
-Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univarites multiplied by the challenge.
+Consider Round Univariates for \f$ \tilde{F} + \texttt{libra_challenge}\cdot G\f$ which are the sums of the Sumcheck Round Univariates for \f$ \tilde{F} \f$ and Libra Round Univariates multiplied by the challenge.
 The fact that the degrees of Libra Round Univariates are big enough (i.e. \f$ \tilde{D}\geq D \f$) and that their evaluations are random imply that the evaluations \f$ \tilde{S}^i(0),\ldots,\tilde{S}^i(\tilde D)\f$ defined in [Compute Round Univariates](#ComputeRoundUnivariates) are now masked by the evaluations of Libra Round Univariates. These evaluations are described explicitly [below](#LibraRoundUnivariates).
 
 ### Example {#LibraPolynomialExample}

barretenberg/cpp/src/barretenberg/bb/acir_format_getters.hpp

@@ -0,0 +1,34 @@
+#pragma once
+#include "barretenberg/bb/config.hpp"
+#include "barretenberg/bb/file_io.hpp"
+#include "barretenberg/bb/get_bytecode.hpp"
+#include "barretenberg/dsl/acir_format/acir_format.hpp"
+#include "barretenberg/dsl/acir_format/acir_to_constraint_buf.hpp"
+
+namespace bb {
+
+acir_format::WitnessVector get_witness(std::string const& witness_path)
+{
+    auto witness_data = get_bytecode(witness_path);
+    return acir_format::witness_buf_to_witness_data(witness_data);
+}
+
+acir_format::AcirFormat get_constraint_system(std::string const& bytecode_path, bool honk_recursion)
+{
+    auto bytecode = get_bytecode(bytecode_path);
+    return acir_format::circuit_buf_to_acir_format(bytecode, honk_recursion);
+}
+
+acir_format::WitnessVectorStack get_witness_stack(std::string const& witness_path)
+{
+    auto witness_data = get_bytecode(witness_path);
+    return acir_format::witness_buf_to_witness_stack(witness_data);
+}
+
+std::vector<acir_format::AcirFormat> get_constraint_systems(std::string const& bytecode_path, bool honk_recursion)
+{
+    auto bytecode = get_bytecode(bytecode_path);
+    return acir_format::program_buf_to_acir_format(bytecode, honk_recursion);
+}
+
+} // namespace bb

barretenberg/cpp/src/barretenberg/bb/api.hpp

@@ -0,0 +1,39 @@
+#pragma once
+#include <filesystem>
+
+namespace bb {
+
+class API {
+  public:
+    struct Flags {
+        std::optional<std::string> output_type; // bytes, fields, bytes_and_fields, fields_msgpack
+        std::optional<std::string> input_type;  // compiletime_stack, runtime_stack
+    };
+
+    virtual void prove(const Flags& flags,
+                       const std::filesystem::path& bytecode_path,
+                       const std::filesystem::path& witness_path,
+                       const std::filesystem::path& output_dir) = 0;
+
+    virtual bool verify(const Flags& flags,
+                        const std::filesystem::path& proof_path,
+                        const std::filesystem::path& vk_path) = 0;
+
+    virtual bool prove_and_verify(const Flags& flags,
+                                  const std::filesystem::path& bytecode_path,
+                                  const std::filesystem::path& witness_path) = 0;
+
+    virtual void gates(const Flags& flags,
+                       const std::filesystem::path& bytecode_path,
+                       const std::filesystem::path& witness_path) = 0;
+
+    virtual void contract(const Flags& flags,
+                          const std::filesystem::path& output_path,
+                          const std::filesystem::path& vk_path) = 0;
+
+    virtual void to_fields(const Flags& flags,
+                           const std::filesystem::path& proof_path,
+                           const std::filesystem::path& vk_path,
+                           const std::filesystem::path& output_path) = 0;
+};
+} // namespace bb