chore: SmallSubgroupIPA tests

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp

@@ -124,6 +124,15 @@ std::vector<typename GeminiProver_<Curve>::Claim> GeminiProver_<Curve>::prove(
     }
     const Fr r_challenge = transcript->template get_challenge<Fr>("Gemini:r");
 
+    const bool gemini_challenge_in_small_subgroup = (has_zk) && (r_challenge.pow(Curve::SUBGROUP_SIZE) == Fr(1));
+
+    // If Gemini evaluation challenge lands in the multiplicative subgroup used by SmallSubgroupIPA protocol, the
+    // evaluations of prover polynomials at this challenge would leak witness data.
+    // TODO(https://github.com/AztecProtocol/barretenberg/issues/1194). Handle edge cases in PCS
+    if (gemini_challenge_in_small_subgroup) {
+        throw_or_abort("Gemini evaluation challenge is in the SmallSubgroup.");
+    }
+
     std::vector<Claim> claims =
         compute_fold_polynomial_evaluations(log_n, std::move(fold_polynomials), r_challenge, std::move(batched_group));
 

barretenberg/cpp/src/barretenberg/commitment_schemes/pcs_test_flavors.hpp

@@ -0,0 +1,29 @@
+#pragma once
+
+#include "barretenberg/ecc/curves/bn254/bn254.hpp"
+#include "barretenberg/transcript/transcript.hpp"
+#include "commitment_key.test.hpp"
+
+namespace bb {
+/**
+ * @brief Mock Flavors to use ZKSumcheckData and SmallSubgroupIPAProver in the PCS tests.
+ *
+ */
+class TestBn254Flavor {
+  public:
+    using Curve = curve::BN254;
+    using CommitmentKey = bb::CommitmentKey<curve::BN254>;
+    using Transcript = NativeTranscript;
+    using FF = typename Curve::ScalarField;
+    static constexpr size_t SUBGROUP_SIZE = Curve::SUBGROUP_SIZE;
+};
+
+class TestGrumpkinFlavor {
+  public:
+    using Curve = curve::Grumpkin;
+    using CommitmentKey = bb::CommitmentKey<curve::Grumpkin>;
+    using Transcript = NativeTranscript;
+    using FF = typename Curve::ScalarField;
+    static constexpr size_t SUBGROUP_SIZE = Curve::SUBGROUP_SIZE;
+};
+} // namespace bb

barretenberg/cpp/src/barretenberg/commitment_schemes/pcs_test_instance_witness_generator.hpp

@@ -0,0 +1,70 @@
+#pragma once
+
+#include "barretenberg/ecc/curves/bn254/bn254.hpp"
+#include "barretenberg/polynomials/polynomial.hpp"
+#include "barretenberg/transcript/transcript.hpp"
+#include "commitment_key.test.hpp"
+
+namespace bb {
+/**
+ * @brief Constructs random polynomials, computes commitments and corresponding evaluations.
+ *
+ * @tparam Curve
+ */
+template <typename Curve> struct PCSInstanceWitnessGenerator {
+  public:
+    using CommitmentKey = bb::CommitmentKey<Curve>;
+    using Fr = typename Curve::ScalarField;
+    using Commitment = typename Curve::AffineElement;
+    using Polynomial = bb::Polynomial<Fr>;
+
+    std::shared_ptr<CommitmentKey> ck;
+    std::vector<Polynomial> polynomials;
+    std::vector<Polynomial> shiftable_polynomials;
+    std::vector<Fr> const_size_mle_opening_point;
+    std::vector<Commitment> unshifted_commitments;
+    std::vector<Commitment> shifted_commitments;
+    std::vector<Fr> unshifted_evals;
+    std::vector<Fr> shifted_evals;
+
+    PCSInstanceWitnessGenerator(const size_t n,
+                                const size_t num_polynomials,
+                                const size_t num_shiftable,
+                                const std::vector<Fr>& mle_opening_point,
+                                std::shared_ptr<CommitmentKey>& commitment_key)
+        : ck(commitment_key) // Initialize the commitment key
+        , polynomials(num_polynomials)
+        , shiftable_polynomials(num_shiftable)
+
+    {
+        construct_instance_and_witnesses(n, mle_opening_point);
+    }
+
+    void construct_instance_and_witnesses(size_t n, const std::vector<Fr>& mle_opening_point)
+    {
+
+        const size_t num_unshifted = polynomials.size() - shiftable_polynomials.size();
+
+        // Process polynomials that are not getting shifted
+        for (size_t idx = 0; idx < num_unshifted; idx++) {
+            polynomials[idx] = Polynomial::random(n);
+            unshifted_commitments.push_back(ck->commit(polynomials[idx]));
+            unshifted_evals.push_back(polynomials[idx].evaluate_mle(mle_opening_point));
+        }
+
+        // Process polynomials that are getting shifted
+        size_t idx = num_unshifted;
+        for (auto& poly : shiftable_polynomials) {
+            poly = Polynomial::random(n, /*shiftable*/ 1);
+            polynomials[idx] = poly;
+            auto comm = this->ck->commit(poly);
+            unshifted_commitments.push_back(comm);
+            shifted_commitments.push_back(comm);
+            unshifted_evals.push_back(poly.evaluate_mle(mle_opening_point));
+            shifted_evals.push_back(poly.evaluate_mle(mle_opening_point, true));
+            idx++;
+        }
+    }
+};
+
+} // namespace bb