addressing PR review comments from Cody

Author: ledwards2225

cpp/src/barretenberg/honk/pcs/gemini/gemini.hpp

@@ -279,7 +279,7 @@ template <typename Params> class MultilinearReductionScheme {
         std::vector<Fr> evaluations;
         evaluations.reserve(num_variables);
         for (size_t i = 0; i < num_variables; ++i) {
-            auto eval = transcript.template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i + 1));
+            auto eval = transcript.template receive_from_prover<Fr>("Gemini:a_" + std::to_string(i));
             evaluations.emplace_back(eval);
         }
 

cpp/src/barretenberg/honk/proof_system/prover.cpp

@@ -305,7 +305,7 @@ template <typename settings> void Prover<settings>::execute_univariatization_rou
 
     // Compute d+1 Fold polynomials and their evaluations
     gemini_output = Gemini::reduce_prove(commitment_key,
-                                         sumcheck_output.multivariate_query,
+                                         sumcheck_output.challenge_point,
                                          std::move(batched_poly_unshifted),
                                          std::move(batched_poly_to_be_shifted),
                                          transcript);

cpp/src/barretenberg/honk/proof_system/verifier.cpp

@@ -2,6 +2,7 @@
 #include "barretenberg/common/throw_or_abort.hpp"
 #include <cstddef>
 #include <memory>
+#include "barretenberg/honk/transcript/transcript.hpp"
 #include "barretenberg/plonk/proof_system/constants.hpp"
 #include "./verifier.hpp"
 #include "barretenberg/plonk/proof_system/public_inputs/public_inputs.hpp"
@@ -88,7 +89,7 @@ template <typename program_settings> bool Verifier<program_settings>::verify_pro
 
     constexpr auto program_width = program_settings::program_width;
 
-    VerifierTranscript<FF> transcript{ proof.proof_data };
+    transcript = VerifierTranscript<FF>{ proof.proof_data };
 
     // TODO(Adrian): Change the initialization of the transcript to take the VK hash?
     const auto circuit_size = transcript.template receive_from_prover<uint32_t>("circuit_size");
@@ -103,7 +104,7 @@ template <typename program_settings> bool Verifier<program_settings>::verify_pro
 
     std::vector<FF> public_inputs;
     for (size_t i = 0; i < public_input_size; ++i) {
-        auto public_input_i = transcript.template receive_from_prover<FF>("public_inputs_" + std::to_string(i));
+        auto public_input_i = transcript.template receive_from_prover<FF>("public_input_" + std::to_string(i));
         public_inputs.emplace_back(public_input_i);
     }
 

cpp/src/barretenberg/honk/proof_system/verifier.hpp

@@ -28,6 +28,7 @@ template <typename program_settings> class Verifier {
     std::map<std::string, barretenberg::g1::affine_element> kate_g1_elements;
     std::map<std::string, barretenberg::fr> kate_fr_elements;
     std::shared_ptr<pcs::kzg::VerificationKey> kate_verification_key;
+    VerifierTranscript<typename program_settings::fr> transcript;
 };
 
 extern template class Verifier<honk::standard_verifier_settings>;

cpp/src/barretenberg/honk/sumcheck/sumcheck.hpp

@@ -125,7 +125,7 @@ template <typename FF, class Transcript, template <class> class... Relations> cl
         for (size_t i = 0; i < NUM_POLYNOMIALS; ++i) {
             multivariate_evaluations[i] = folded_polynomials[i][0];
         }
-        transcript.send_to_verifier("multivariate_evaluations", multivariate_evaluations);
+        transcript.send_to_verifier("Sumcheck:evaluations", multivariate_evaluations);
 
         return { multivariate_query, multivariate_evaluations };
     };

cpp/src/barretenberg/honk/sumcheck/sumcheck_output.hpp

@@ -5,12 +5,12 @@
 namespace honk::sumcheck {
 
 /**
- * @brief Contains the multi-linear `evaluations` of the polynomials at the `evaluation_point`.
+ * @brief Contains the multi-linear evaluations of the polynomials at the challenge point 'u'.
  * These are computed by the prover and need to be checked using a multi-linear PCS like Gemini.
  */
 template <typename FF> struct SumcheckOutput {
     // u = (u_0, ..., u_{d-1})
-    std::vector<FF> multivariate_query;
+    std::vector<FF> challenge_point;
     // Evaluations in `u` of the polynomials used in Sumcheck
     std::array<FF, bonk::StandardArithmetization::NUM_POLYNOMIALS> evaluations;
 

cpp/src/barretenberg/honk/transcript/transcript.hpp

@@ -13,6 +13,7 @@
 #include <utility>
 #include <vector>
 #include <map>
+#include <algorithm>
 
 namespace honk {
 
@@ -49,6 +50,10 @@ class TranscriptManifest {
         manifest[round].entries.emplace_back(element_label, element_size);
     }
 
+    [[nodiscard]] size_t size() const { return manifest.size(); }
+
+    RoundData operator[](const size_t& round) { return manifest[round]; };
+
     bool operator==(const TranscriptManifest& other) const = default;
 };
 
@@ -64,7 +69,7 @@ template <typename FF> class BaseTranscript {
     static constexpr size_t MIN_BYTES_PER_CHALLENGE = 128 / 8; // 128 bit challenges
 
     size_t round_number = 0;
-    std::array<uint8_t, HASH_OUTPUT_SIZE> previous_challenge_buffer{};
+    std::array<uint8_t, HASH_OUTPUT_SIZE> previous_challenge_buffer{}; // default-initialized to zeros
     std::vector<uint8_t> current_round_data;
 
     // "Manifest" object that records a summary of the transcript interactions
@@ -193,8 +198,9 @@ template <typename FF> class ProverTranscript : public BaseTranscript<FF> {
     template <class T> void send_to_verifier(const std::string& label, const T& element)
     {
         using serialize::write;
-        // DANGER: When serializing an affine_element, we write the x and y coordinates
-        // but this is annowing to deal with right now.
+        // TODO(Adrian): Ensure that serialization of affine elements (including point at infinity) is consistent.
+        // TODO(Adrian): Consider restricting serialization (via concepts) to types T for which sizeof(T) reliably
+        // returns the size of T in bytes. (E.g. this is true for std::array but not for std::vector).
         auto element_bytes = to_buffer(element);
         proof_data.insert(proof_data.end(), element_bytes.begin(), element_bytes.end());
 
@@ -219,10 +225,12 @@ template <typename FF> class ProverTranscript : public BaseTranscript<FF> {
 template <class FF> class VerifierTranscript : public BaseTranscript<FF> {
 
     /// Contains the raw data sent by the prover.
-    const std::vector<uint8_t> proof_data_;
+    std::vector<uint8_t> proof_data_;
     size_t num_bytes_read_ = 0;
 
   public:
+    VerifierTranscript() = default;
+
     explicit VerifierTranscript(const std::vector<uint8_t>& proof_data)
         : proof_data_(proof_data.begin(), proof_data.end())
     {}
@@ -244,8 +252,6 @@ template <class FF> class VerifierTranscript : public BaseTranscript<FF> {
     /**
      * @brief Reads the next element of type `T` from the transcript, with a predefined label.
      *
-     * @details
-     *
      * @param label Human readable name for the challenge.
      * @return deserialized element of type T
      */

cpp/src/barretenberg/honk/transcript/transcript.test.cpp

@@ -17,6 +17,10 @@ template <typename FF> class TranscriptTest : public testing::Test {
     /**
      * @brief Construct a manifest for a standard Honk proof
      *
+     * @details This is where we define the "Manifest" for a Standard Honk proof. The tests in this suite are intented
+     * to warn the developer if the Prover/Verifier has deviated from this manifest, however, the Transcript class is
+     * not otherwise contrained to follow the manifest.
+     *
      * @return TranscriptManifest
      */
     TranscriptManifest construct_standard_honk_manifest(size_t circuit_size)
@@ -53,7 +57,7 @@ template <typename FF> class TranscriptTest : public testing::Test {
         }
 
         round++;
-        manifest_expected.add_entry(round, "multivariate_evaluations", size_evals);
+        manifest_expected.add_entry(round, "Sumcheck:evaluations", size_evals);
         manifest_expected.add_challenge(round, "rho");
 
         round++;
@@ -86,12 +90,13 @@ using FieldTypes = testing::Types<barretenberg::fr>;
 TYPED_TEST_SUITE(TranscriptTest, FieldTypes);
 
 /**
- * @brief Ensure consistency between the manifests generated by the standard honk prover and verfier for a simple
- * circuit of size n = 8
+ * @brief Ensure consistency between the manifest hard coded in this testing suite and the one generated by the
+ * standard honk prover over the course of proof construction.
  *
  */
-TYPED_TEST(TranscriptTest, StandardHonkManifest)
+TYPED_TEST(TranscriptTest, ProverManifestConsistency)
 {
+    // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size)
     auto composer = StandardHonkComposer();
     fr a = 1;
     composer.circuit_constructor.add_variable(a);
@@ -101,14 +106,49 @@ TYPED_TEST(TranscriptTest, StandardHonkManifest)
     auto prover = composer.create_prover();
     plonk::proof proof = prover.construct_proof();
 
-    // Check that the prover generated manifest agrees with the expectation
+    // Check that the prover generated manifest agrees with the manifest hard coded in this suite
     auto manifest_expected = TestFixture::construct_standard_honk_manifest(prover.key->circuit_size);
-    ASSERT_EQ(prover.transcript.get_manifest(), manifest_expected);
+    auto prover_manifest = prover.transcript.get_manifest();
 
-    // If the proof verifies, the verifier manifest must have matched that of the prover
+    // Note: a manifest can be printed using manifest.print()
+    for (size_t round = 0; round < manifest_expected.size(); ++round) {
+        ASSERT_EQ(prover_manifest[round], manifest_expected[round]) << "Prover manifest discrepency in round " << round;
+        ;
+    }
+}
+
+/**
+ * @brief Ensure consistency between the manifest generated by the standard honk prover over the course of proof
+ * construction and the one generated by the verifier over the course of proof verification.
+ *
+ */
+TYPED_TEST(TranscriptTest, VerifierManifestConsistency)
+{
+    // Construct a simple circuit of size n = 8 (i.e. the minimum circuit size)
+    auto composer = StandardHonkComposer();
+    fr a = 1;
+    composer.circuit_constructor.add_variable(a);
+    composer.circuit_constructor.add_public_variable(a);
+
+    // Automatically generate a transcript manifest in the prover by constructing a proof
+    auto prover = composer.create_prover();
+    plonk::proof proof = prover.construct_proof();
+
+    // Automatically generate a transcript manifest in the verifier by verifying a proof
     auto verifier = composer.create_verifier();
-    bool verified = verifier.verify_proof(proof);
-    ASSERT_TRUE(verified);
+    verifier.verify_proof(proof);
+    prover.transcript.print();
+    verifier.transcript.print();
+
+    // Check consistency between the manifests generated by the prover and verifier
+    auto prover_manifest = prover.transcript.get_manifest();
+    auto verifier_manifest = verifier.transcript.get_manifest();
+
+    // Note: a manifest can be printed using manifest.print()
+    for (size_t round = 0; round < prover_manifest.size(); ++round) {
+        ASSERT_EQ(prover_manifest[round], verifier_manifest[round])
+            << "Prover/Verifier manifest discrepency in round " << round;
+    }
 }
 
 /**
@@ -207,7 +247,7 @@ TYPED_TEST(TranscriptTest, VerifierMistake)
     // but then generate a challenge anyway
     auto verifier_alpha = verifier_transcript.get_challenge("alpha");
 
-    // Challenges will not agree and neither will the manifests
+    // Challenges will not agree but neither will the manifests
     EXPECT_NE(prover_alpha, verifier_alpha);
     EXPECT_NE(prover_transcript.get_manifest(), verifier_transcript.get_manifest());
 }