feat: improved pairing point accumulator

barretenberg/cpp/src/barretenberg/api/api_client_ivc.cpp

@@ -101,6 +101,7 @@ void write_standalone_vk(const std::string& output_data_type,
     using VerificationKey = ClientIVC::MegaVerificationKey;
     using Program = acir_format::AcirProgram;
     using ProgramMetadata = acir_format::ProgramMetadata;
+    using AggregationObject = stdlib::recursion::aggregation_state<Builder>;
 
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/1163) set these dynamically
     init_bn254_crs(1 << CONST_PG_LOG_N);
@@ -117,7 +118,7 @@ void write_standalone_vk(const std::string& output_data_type,
     Builder builder = acir_format::create_circuit<Builder>(program, metadata);
 
     // Add public inputs corresponding to pairing point accumulator
-    builder.add_pairing_point_accumulator(stdlib::recursion::init_default_agg_obj_indices<Builder>(builder));
+    AggregationObject::add_default_pairing_points_to_public_inputs(builder);
 
     // Construct the verification key via the prover-constructed proving key with the proper trace settings
     auto proving_key = std::make_shared<DeciderProvingKey>(builder, trace_settings);

barretenberg/cpp/src/barretenberg/api/prove_tube.cpp

@@ -18,6 +18,7 @@ void prove_tube(const std::string& output_path, const std::string& vk_path)
 
     using Builder = UltraCircuitBuilder;
     using GrumpkinVk = bb::VerifierCommitmentKey<curve::Grumpkin>;
+    using AggregationObject = stdlib::recursion::aggregation_state<Builder>;
 
     std::string proof_path = output_path + "/proof";
 
@@ -50,12 +51,9 @@ void prove_tube(const std::string& output_path, const std::string& vk_path)
 
     ClientIVCRecursiveVerifier::Output client_ivc_rec_verifier_output = verifier.verify(proof);
 
-    PairingPointAccumulatorIndices current_aggregation_object =
-        stdlib::recursion::init_default_agg_obj_indices<Builder>(*builder);
-
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): Add aggregation to goblin recursive verifiers.
     // This is currently just setting the aggregation object to the default one.
-    builder->add_pairing_point_accumulator(current_aggregation_object);
+    AggregationObject::add_default_pairing_points_to_public_inputs(*builder);
 
     // The tube only calls an IPA recursive verifier once, so we can just add this IPA claim and proof
     builder->add_ipa_claim(client_ivc_rec_verifier_output.opening_claim.get_witness_indices());

barretenberg/cpp/src/barretenberg/benchmark/simulator_bench/simulator.bench.cpp

@@ -16,6 +16,7 @@ template <typename RecursiveFlavor> class SimulatorFixture : public benchmark::F
     using VerificationKey = typename Flavor::VerificationKey;
     using CircuitSimulator = typename RecursiveFlavor::CircuitBuilder;
     using SimulatingVerifier = stdlib::recursion::honk::UltraRecursiveVerifier_<RecursiveFlavor>;
+    using SimulatorAggregationObject = stdlib::recursion::aggregation_state<CircuitSimulator>;
 
     struct VerifierInput {
         HonkProof proof;
@@ -100,10 +101,7 @@ BENCHMARK_TEMPLATE_F(SimulatorFixture, GoblinSimulated, bb::MegaRecursiveFlavor_
     for (auto _ : state) {
         CircuitSimulator simulator;
         SimulatingVerifier ultra_verifier{ &simulator, verifier_input.verification_key };
-        ultra_verifier.verify_proof(verifier_input.proof,
-                                    stdlib::recursion::init_default_aggregation_state<
-                                        CircuitSimulator,
-                                        bb::MegaRecursiveFlavor_<bb::CircuitSimulatorBN254>::Curve>(simulator));
+        ultra_verifier.verify_proof(verifier_input.proof, SimulatorAggregationObject::construct_default(simulator));
     }
 }
 
@@ -124,10 +122,7 @@ BENCHMARK_TEMPLATE_F(SimulatorFixture, UltraSimulated, bb::UltraRecursiveFlavor_
     for (auto _ : state) {
         CircuitSimulator simulator;
         SimulatingVerifier ultra_verifier{ &simulator, verifier_input.verification_key };
-        ultra_verifier.verify_proof(verifier_input.proof,
-                                    stdlib::recursion::init_default_aggregation_state<
-                                        CircuitSimulator,
-                                        bb::UltraRecursiveFlavor_<bb::CircuitSimulatorBN254>::Curve>(simulator));
+        ultra_verifier.verify_proof(verifier_input.proof, SimulatorAggregationObject::construct_default(simulator));
     }
 }
 
@@ -137,4 +132,4 @@ BENCHMARK_REGISTER_F(SimulatorFixture, GoblinNative)->Unit(benchmark::kMilliseco
 BENCHMARK_REGISTER_F(SimulatorFixture, UltraNative)->Unit(benchmark::kMillisecond);
 
 } // namespace
-BENCHMARK_MAIN();
+BENCHMARK_MAIN();

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.cpp

@@ -92,7 +92,8 @@ void ClientIVC::perform_recursive_verification_and_databus_consistency_checks(
 
     // Recursively verify the merge proof for the circuit being recursively verified
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/950): handle pairing point accumulation
-    [[maybe_unused]] auto pairing_points = GoblinVerifier::recursive_verify_merge(circuit, verifier_inputs.merge_proof);
+    [[maybe_unused]] AggregationObject pairing_points =
+        GoblinVerifier::recursive_verify_merge(circuit, verifier_inputs.merge_proof);
 
     // Set the return data commitment to be propagated on the public inputs of the present kernel and perform
     // consistency checks between the calldata commitments and the return data commitments contained within the public
@@ -151,7 +152,7 @@ void ClientIVC::accumulate(ClientCircuit& circuit,
 
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/1069): Do proper aggregation with merge recursive
     // verifier.
-    circuit.add_pairing_point_accumulator(stdlib::recursion::init_default_agg_obj_indices<ClientCircuit>(circuit));
+    AggregationObject::add_default_pairing_points_to_public_inputs(circuit);
 
     // Construct the proving key for circuit
     std::shared_ptr<DeciderProvingKey> proving_key = std::make_shared<DeciderProvingKey>(circuit, trace_settings);
@@ -254,7 +255,7 @@ std::pair<std::shared_ptr<ClientIVC::DeciderProvingKey>, ClientIVC::MergeProof>
     DeciderRecursiveVerifier decider{ &builder, recursive_verifier_accumulator };
     decider.verify_proof(decider_proof);
 
-    builder.add_pairing_point_accumulator(stdlib::recursion::init_default_agg_obj_indices<ClientCircuit>(builder));
+    AggregationObject::add_default_pairing_points_to_public_inputs(builder);
 
     // Construct the last merge proof for the present circuit and add to merge verification queue
     MergeProof merge_proof = goblin.prove_merge(builder);

barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.hpp

@@ -56,6 +56,7 @@ class ClientIVC {
     using DeciderRecursiveVerifier = stdlib::recursion::honk::DeciderRecursiveVerifier_<RecursiveFlavor>;
 
     using DataBusDepot = stdlib::DataBusDepot<ClientCircuit>;
+    using AggregationObject = stdlib::recursion::aggregation_state<ClientCircuit>;
 
     /**
      * @brief A full proof for the IVC scheme containing a Mega proof showing correctness of the hiding circuit (which

barretenberg/cpp/src/barretenberg/dsl/acir_format/acir_format.cpp

@@ -23,14 +23,16 @@ template class DSLBigInts<UltraCircuitBuilder>;
 template class DSLBigInts<MegaCircuitBuilder>;
 
 template <typename Builder> struct HonkRecursionConstraintsOutput {
-    PairingPointAccumulatorIndices agg_obj_indices;
+    using AggregationObject = stdlib::recursion::aggregation_state<Builder>;
+    AggregationObject agg_obj;
     OpeningClaim<stdlib::grumpkin<Builder>> ipa_claim;
     HonkProof ipa_proof;
 };
 
 template <typename Builder>
 void build_constraints(Builder& builder, AcirProgram& program, const ProgramMetadata& metadata)
 {
+    using AggregationObject = stdlib::recursion::aggregation_state<Builder>;
     bool has_valid_witness_assignments = !program.witness.empty();
     bool collect_gates_per_opcode = metadata.collect_gates_per_opcode;
     AcirFormat& constraint_system = program.constraints;
@@ -245,16 +247,17 @@ void build_constraints(Builder& builder, AcirProgram& program, const ProgramMeta
         }
     } else {
         process_plonk_recursion_constraints(builder, constraint_system, has_valid_witness_assignments, gate_counter);
-        PairingPointAccumulatorIndices current_aggregation_object =
-            stdlib::recursion::init_default_agg_obj_indices<Builder>(builder);
+
+        auto current_aggregation_object = AggregationObject::construct_default(builder);
+
         HonkRecursionConstraintsOutput<Builder> output =
             process_honk_recursion_constraints(builder,
                                                constraint_system,
                                                has_valid_witness_assignments,
                                                gate_counter,
                                                current_aggregation_object,
                                                metadata.honk_recursion);
-        current_aggregation_object = output.agg_obj_indices;
+        current_aggregation_object = output.agg_obj;
 
 #ifndef DISABLE_AZTEC_VM
         current_aggregation_object = process_avm_recursion_constraints(
@@ -265,11 +268,11 @@ void build_constraints(Builder& builder, AcirProgram& program, const ProgramMeta
         if (!constraint_system.honk_recursion_constraints.empty() ||
             !constraint_system.avm_recursion_constraints.empty()) {
             ASSERT(metadata.honk_recursion != 0);
-            builder.add_pairing_point_accumulator(current_aggregation_object);
+            current_aggregation_object.set_public();
         } else if (metadata.honk_recursion != 0 && builder.is_recursive_circuit) {
             // Make sure the verification key records the public input indices of the
             // final recursion output.
-            builder.add_pairing_point_accumulator(current_aggregation_object);
+            current_aggregation_object.set_public();
         }
         // If we are proving with UltraRollupFlavor, the IPA proof should have nonzero size.
         ASSERT((metadata.honk_recursion == 2) == (output.ipa_proof.size() > 0));
@@ -362,7 +365,7 @@ void process_plonk_recursion_constraints(Builder& builder,
 
         // Make sure the verification key records the public input indices of the
         // final recursion output.
-        builder.add_pairing_point_accumulator(current_output_aggregation_object);
+        builder.add_pairing_point_accumulator_for_plonk(current_output_aggregation_object);
     }
 }
 
@@ -371,7 +374,7 @@ HonkRecursionConstraintsOutput<Builder> process_honk_recursion_constraints(
     AcirFormat& constraint_system,
     bool has_valid_witness_assignments,
     GateCounter<Builder>& gate_counter,
-    PairingPointAccumulatorIndices current_aggregation_object,
+    stdlib::recursion::aggregation_state<Builder> current_aggregation_object,
     uint32_t honk_recursion)
 {
     HonkRecursionConstraintsOutput<Builder> output;
@@ -446,7 +449,7 @@ HonkRecursionConstraintsOutput<Builder> process_honk_recursion_constraints(
             output.ipa_proof = ipa_proof;
         }
     }
-    output.agg_obj_indices = current_aggregation_object;
+    output.agg_obj = current_aggregation_object;
     return output;
 }
 
@@ -510,12 +513,12 @@ void process_ivc_recursion_constraints(MegaCircuitBuilder& builder,
 }
 
 #ifndef DISABLE_AZTEC_VM
-PairingPointAccumulatorIndices process_avm_recursion_constraints(
+stdlib::recursion::aggregation_state<Builder> process_avm_recursion_constraints(
     Builder& builder,
     AcirFormat& constraint_system,
     bool has_valid_witness_assignments,
     GateCounter<Builder>& gate_counter,
-    PairingPointAccumulatorIndices current_aggregation_object)
+    stdlib::recursion::aggregation_state<Builder> current_aggregation_object)
 {
     // Add recursion constraints
     size_t idx = 0;

barretenberg/cpp/src/barretenberg/dsl/acir_format/avm_recursion_constraint.cpp

@@ -20,7 +20,7 @@ namespace acir_format {
 using namespace bb;
 using field_ct = stdlib::field_t<Builder>;
 using bn254 = stdlib::bn254<Builder>;
-using aggregation_state_ct = bb::stdlib::recursion::aggregation_state<bn254>;
+using aggregation_state_ct = bb::stdlib::recursion::aggregation_state<Builder>;
 using VmPublicInputs = avm_trace::VmPublicInputs_<field_ct>;
 
 namespace {
@@ -150,10 +150,10 @@ void create_dummy_vkey_and_proof(Builder& builder,
  * @param input_aggregation_object_indices. The aggregation object coming from previous Honk/Avm recursion constraints.
  * @param has_valid_witness_assignment. Do we have witnesses or are we just generating keys?
  */
-PairingPointAccumulatorIndices create_avm_recursion_constraints(
+stdlib::recursion::aggregation_state<Builder> create_avm_recursion_constraints(
     Builder& builder,
     const RecursionConstraint& input,
-    PairingPointAccumulatorIndices input_aggregation_object_indices,
+    stdlib::recursion::aggregation_state<Builder> input_agg_obj,
     bool has_valid_witness_assignments)
 {
     using Flavor = AvmRecursiveFlavor_<Builder>;
@@ -194,13 +194,11 @@ PairingPointAccumulatorIndices create_avm_recursion_constraints(
     // Recursively verify the proof
     auto vkey = std::make_shared<RecursiveVerificationKey>(builder, key_fields);
     RecursiveVerifier verifier(&builder, vkey);
-    aggregation_state_ct input_agg_obj = bb::stdlib::recursion::convert_witness_indices_to_agg_obj<Builder, bn254>(
-        builder, input_aggregation_object_indices);
     aggregation_state_ct output_agg_object = verifier.verify_proof(proof_fields, public_inputs_vectors, input_agg_obj);
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/996): investigate whether assert_equal on public
     // inputs is important, like what the plonk recursion constraint does.
 
-    return output_agg_object.get_witness_indices();
+    return output_agg_object;
 }
 
 /**
@@ -215,7 +213,7 @@ PairingPointAccumulatorIndices create_avm_recursion_constraints(
 HonkRecursionConstraintOutput create_avm_recursion_constraints_goblin(
     Builder& builder,
     const RecursionConstraint& input,
-    PairingPointAccumulatorIndices input_aggregation_object_indices,
+    stdlib::recursion::aggregation_state<Builder> input_agg_obj,
     bool has_valid_witness_assignments)
 {
     using RecursiveVerifier = bb::avm::AvmGoblinRecursiveVerifier;
@@ -253,13 +251,11 @@ HonkRecursionConstraintOutput create_avm_recursion_constraints_goblin(
 
     // Execute the Goblin AVM recursive verifier
     RecursiveVerifier verifier(&builder, key_fields);
-    aggregation_state_ct input_agg_obj = bb::stdlib::recursion::convert_witness_indices_to_agg_obj<Builder, bn254>(
-        builder, input_aggregation_object_indices);
     auto output_agg_object = verifier.verify_proof(proof_fields, public_inputs_vectors, input_agg_obj);
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/996): investigate whether assert_equal on public
     // inputs is important, like what the plonk recursion constraint does.
 
-    HonkRecursionConstraintOutput result{ .agg_obj_indices = output_agg_object.aggregation_object.get_witness_indices(),
+    HonkRecursionConstraintOutput result{ .agg_obj = output_agg_object.aggregation_object,
                                           .ipa_claim = output_agg_object.ipa_claim,
                                           .ipa_proof = output_agg_object.ipa_proof };
     return result;

barretenberg/cpp/src/barretenberg/dsl/acir_format/avm_recursion_constraint.hpp

@@ -8,10 +8,11 @@ using Builder = bb::UltraCircuitBuilder;
 
 using namespace bb;
 
-PairingPointAccumulatorIndices create_avm_recursion_constraints(Builder& builder,
-                                                                const RecursionConstraint& input,
-                                                                PairingPointAccumulatorIndices input_aggregation_object,
-                                                                bool has_valid_witness_assignments);
+stdlib::recursion::aggregation_state<Builder> create_avm_recursion_constraints(
+    Builder& builder,
+    const RecursionConstraint& input,
+    stdlib::recursion::aggregation_state<Builder> input_aggregation_object,
+    bool has_valid_witness_assignments);
 
 HonkRecursionConstraintOutput create_avm_recursion_constraints_goblin(
     Builder& builder,

barretenberg/cpp/src/barretenberg/dsl/acir_format/honk_recursion_constraint.cpp

@@ -19,7 +19,7 @@ using namespace bb;
 using namespace bb::stdlib::recursion::honk;
 using field_ct = stdlib::field_t<Builder>;
 using bn254 = stdlib::bn254<Builder>;
-using aggregation_state_ct = bb::stdlib::recursion::aggregation_state<bn254>;
+using aggregation_state_ct = bb::stdlib::recursion::aggregation_state<Builder>;
 
 namespace {
 /**
@@ -41,6 +41,7 @@ void create_dummy_vkey_and_proof(Builder& builder,
                                  const std::vector<field_ct>& key_fields,
                                  const std::vector<field_ct>& proof_fields)
 {
+    using AggregationObject = stdlib::recursion::aggregation_state<Builder>;
     // Set vkey->circuit_size correctly based on the proof size
     ASSERT(proof_size == Flavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS);
     // Note: this computation should always result in log_circuit_size = CONST_PROOF_SIZE_LOG_N
@@ -94,9 +95,8 @@ void create_dummy_vkey_and_proof(Builder& builder,
         offset++;
     }
     // The aggregation object
-    PairingPointAccumulatorIndices agg_obj = stdlib::recursion::init_default_agg_obj_indices(builder);
-    for (auto idx : agg_obj) {
-        builder.assert_equal(idx, proof_fields[offset].witness_index);
+    for (size_t i = 0; i < AggregationObject::PUBLIC_INPUTS_SIZE; i++) {
+        builder.assert_equal(builder.add_variable(fr::random_element()), proof_fields[offset].witness_index);
         offset++;
     }
 
@@ -209,7 +209,7 @@ template <typename Flavor>
 HonkRecursionConstraintOutput create_honk_recursion_constraints(
     Builder& builder,
     const RecursionConstraint& input,
-    PairingPointAccumulatorIndices input_aggregation_object_indices,
+    stdlib::recursion::aggregation_state<Builder> input_agg_obj,
     bool has_valid_witness_assignments)
 {
     using RecursiveVerificationKey = Flavor::VerificationKey;
@@ -258,14 +258,12 @@ HonkRecursionConstraintOutput create_honk_recursion_constraints(
     // Recursively verify the proof
     auto vkey = std::make_shared<RecursiveVerificationKey>(builder, key_fields);
     RecursiveVerifier verifier(&builder, vkey);
-    aggregation_state_ct input_agg_obj = bb::stdlib::recursion::convert_witness_indices_to_agg_obj<Builder, bn254>(
-        builder, input_aggregation_object_indices);
     HonkRecursionConstraintOutput output;
     UltraRecursiveVerifierOutput<Flavor> verifier_output = verifier.verify_proof(proof_fields, input_agg_obj);
     // TODO(https://github.com/AztecProtocol/barretenberg/issues/996): investigate whether assert_equal on public inputs
     // is important, like what the plonk recursion constraint does.
 
-    output.agg_obj_indices = verifier_output.agg_obj.get_witness_indices();
+    output.agg_obj = verifier_output.agg_obj;
     if constexpr (HasIPAAccumulator<Flavor>) {
         ASSERT(HasIPAAccumulator<Flavor>);
         output.ipa_claim = verifier_output.ipa_opening_claim;
@@ -277,13 +275,13 @@ HonkRecursionConstraintOutput create_honk_recursion_constraints(
 template HonkRecursionConstraintOutput create_honk_recursion_constraints<UltraRecursiveFlavor_<Builder>>(
     Builder& builder,
     const RecursionConstraint& input,
-    PairingPointAccumulatorIndices input_aggregation_object_indices,
+    stdlib::recursion::aggregation_state<Builder> input_agg_obj,
     bool has_valid_witness_assignments);
 
 template HonkRecursionConstraintOutput create_honk_recursion_constraints<UltraRollupRecursiveFlavor_<Builder>>(
     Builder& builder,
     const RecursionConstraint& input,
-    PairingPointAccumulatorIndices input_aggregation_object_indices,
+    stdlib::recursion::aggregation_state<Builder> input_agg_obj,
     bool has_valid_witness_assignments);
 
 } // namespace acir_format