AztecProtocol · iakovenkos · Feb 27, 2025 · Feb 17, 2025 · Feb 18, 2025 · Feb 18, 2025
diff --git a/barretenberg/cpp/src/barretenberg/constants.hpp b/barretenberg/cpp/src/barretenberg/constants.hpp
@@ -24,4 +24,7 @@ static constexpr uint32_t MASKING_OFFSET = 4;
 // For ZK Flavors: the number of the commitments required by Libra and SmallSubgroupIPA.
 static constexpr uint32_t NUM_LIBRA_COMMITMENTS = 3;
 static constexpr uint32_t NUM_LIBRA_EVALUATIONS = 4;
+// There are 5 distinguished wires in ECCVM that have to be opened as univariates to establish the connection between
+// ECCVM and Translator
+static constexpr uint32_t NUM_TRANSLATION_EVALUATIONS = 5;
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.cpp
@@ -157,50 +157,8 @@ void ECCVMProver::execute_pcs_rounds()
                          sumcheck_output.round_univariates,
                          sumcheck_output.round_univariate_evaluations);
 
-    // Get the challenge at which we evaluate all transcript polynomials as univariates
-    evaluation_challenge_x = transcript->template get_challenge<FF>("Translation:evaluation_challenge_x");
-
-    // Evaluate the transcript polynomials at the challenge
-    translation_evaluations.op = key->polynomials.transcript_op.evaluate(evaluation_challenge_x);
-    translation_evaluations.Px = key->polynomials.transcript_Px.evaluate(evaluation_challenge_x);
-    translation_evaluations.Py = key->polynomials.transcript_Py.evaluate(evaluation_challenge_x);
-    translation_evaluations.z1 = key->polynomials.transcript_z1.evaluate(evaluation_challenge_x);
-    translation_evaluations.z2 = key->polynomials.transcript_z2.evaluate(evaluation_challenge_x);
-
-    // Add the univariate evaluations to the transcript so the verifier can reconstruct the batched evaluation
-    transcript->send_to_verifier("Translation:op", translation_evaluations.op);
-    transcript->send_to_verifier("Translation:Px", translation_evaluations.Px);
-    transcript->send_to_verifier("Translation:Py", translation_evaluations.Py);
-    transcript->send_to_verifier("Translation:z1", translation_evaluations.z1);
-    transcript->send_to_verifier("Translation:z2", translation_evaluations.z2);
+    const OpeningClaim translation_opening_claim = ECCVMProver::reduce_translation_evaluations();
 
-    // Get another challenge for batching the univariates and evaluations
-    FF ipa_batching_challenge = transcript->template get_challenge<FF>("Translation:ipa_batching_challenge");
-
-    // Collect the polynomials and evaluations to be batched
-    RefArray univariate_polynomials{ key->polynomials.transcript_op,
-                                     key->polynomials.transcript_Px,
-                                     key->polynomials.transcript_Py,
-                                     key->polynomials.transcript_z1,
-                                     key->polynomials.transcript_z2 };
-    std::array<FF, univariate_polynomials.size()> univariate_evaluations{ translation_evaluations.op,
-                                                                          translation_evaluations.Px,
-                                                                          translation_evaluations.Py,
-                                                                          translation_evaluations.z1,
-                                                                          translation_evaluations.z2 };
-
-    // Construct the batched polynomial and batched evaluation to produce the batched opening claim
-    Polynomial batched_univariate{ key->circuit_size };
-    FF batched_evaluation{ 0 };
-    FF batching_scalar = FF(1);
-    for (auto [polynomial, eval] : zip_view(univariate_polynomials, univariate_evaluations)) {
-        batched_univariate.add_scaled(polynomial, batching_scalar);
-        batched_evaluation += eval * batching_scalar;
-        batching_scalar *= ipa_batching_challenge;
-    }
-
-    const OpeningClaim translation_opening_claim = { .polynomial = batched_univariate,
-                                                     .opening_pair = { evaluation_challenge_x, batched_evaluation } };
     const std::array<OpeningClaim, 2> opening_claims = { multivariate_to_univariate_opening_claim,
                                                          translation_opening_claim };
 
@@ -209,9 +167,6 @@ void ECCVMProver::execute_pcs_rounds()
 
     // Compute the opening proof for the batched opening claim with the univariate PCS
     PCS::compute_opening_proof(key->commitment_key, batch_opening_claim, ipa_transcript);
-
-    // Produce another challenge passed as input to the translator verifier
-    translation_batching_challenge_v = transcript->template get_challenge<FF>("Translation:batching_challenge");
 }
 
 ECCVMProof ECCVMProver::export_proof()
@@ -237,4 +192,47 @@ ECCVMProof ECCVMProver::construct_proof()
 
     return export_proof();
 }
+
+/**
+ * @brief The evaluations of the wires `op`, `Px`, `Py`, `z_1`, and `z_2` as univariate polynomials have to proved as
+ * they are used in the 'TranslatorVerifier::verify_translation' sub-protocol and its recursive counterpart. To increase
+ * the efficiency, we produce an OpeningClaim that is fed to Shplonk along with the OpeningClaim produced by Shplemini.
+ *
+ * @return ProverOpeningClaim<typename ECCVMFlavor::Curve>
+ */
+ProverOpeningClaim<typename ECCVMFlavor::Curve> ECCVMProver::reduce_translation_evaluations()
+{
+    // Collect the polynomials and evaluations to be batched
+    RefArray translation_polynomials{ key->polynomials.transcript_op,
+                                      key->polynomials.transcript_Px,
+                                      key->polynomials.transcript_Py,
+                                      key->polynomials.transcript_z1,
+                                      key->polynomials.transcript_z2 };
+
+    // Get the challenge at which we evaluate all transcript polynomials as univariates
+    evaluation_challenge_x = transcript->template get_challenge<FF>("Translation:evaluation_challenge_x");
+
+    // Evaluate the transcript polynomials as univariates and add their evaluations at x to the transcript
+    for (auto [eval, poly, label] :
+         zip_view(translation_evaluations.get_all(), translation_polynomials, translation_labels)) {
+        *eval = poly.evaluate(evaluation_challenge_x);
+        transcript->template send_to_verifier(label, *eval);
+    }
+
+    // Get another challenge to batch the evaluations of the transcript polynomials
+    translation_batching_challenge_v = transcript->template get_challenge<FF>("Translation:batching_challenge_v");
+
+    // Construct the batched polynomial and batched evaluation to produce the batched opening claim
+    Polynomial batched_translation_univariate{ key->circuit_size };
+    FF batched_translation_evaluation{ 0 };
+    FF batching_scalar = FF(1);
+    for (auto [polynomial, eval] : zip_view(translation_polynomials, translation_evaluations.get_all())) {
+        batched_translation_univariate.add_scaled(polynomial, batching_scalar);
+        batched_translation_evaluation += *eval * batching_scalar;
+        batching_scalar *= translation_batching_challenge_v;
+    }
+
+    return { .polynomial = batched_translation_univariate,
+             .opening_pair = { evaluation_challenge_x, batched_translation_evaluation } };
+}
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_prover.hpp
@@ -28,6 +28,7 @@ class ECCVMProver {
     using CircuitBuilder = typename Flavor::CircuitBuilder;
     using ZKData = ZKSumcheckData<Flavor>;
     using SmallSubgroupIPA = SmallSubgroupIPAProver<Flavor>;
+    using OpeningClaim = ProverOpeningClaim<typename Flavor::Curve>;
 
     explicit ECCVMProver(CircuitBuilder& builder,
                          const bool fixed_size = false,
@@ -44,6 +45,7 @@ class ECCVMProver {
 
     ECCVMProof export_proof();
     ECCVMProof construct_proof();
+    OpeningClaim reduce_translation_evaluations();
 
     std::shared_ptr<Transcript> transcript;
     std::shared_ptr<Transcript> ipa_transcript;
@@ -52,6 +54,10 @@ class ECCVMProver {
 
     TranslationEvaluations translation_evaluations;
 
+    std::array<std::string, 5> translation_labels = {
+        "Translation:op", "Translation:Px", "Translation:Py", "Translation:z1", "Translation:z2"
+    };
+
     std::vector<FF> public_inputs;
 
     bb::RelationParameters<FF> relation_parameters;
@@ -62,7 +68,7 @@ class ECCVMProver {
     ZKData zk_sumcheck_data;
 
     FF evaluation_challenge_x;
-    FF translation_batching_challenge_v; // to be rederived by the translator verifier
+    FF translation_batching_challenge_v;
 
     SumcheckOutput<Flavor> sumcheck_output;
 };

diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_transcript.test.cpp
@@ -191,7 +191,7 @@ class ECCVMTranscriptTests : public ::testing::Test {
         manifest_expected.add_entry(round, "Translation:Py", frs_per_Fr);
         manifest_expected.add_entry(round, "Translation:z1", frs_per_Fr);
         manifest_expected.add_entry(round, "Translation:z2", frs_per_Fr);
-        manifest_expected.add_challenge(round, "Translation:ipa_batching_challenge");
+        manifest_expected.add_challenge(round, "Translation:batching_challenge_v");
 
         round++;
         manifest_expected.add_challenge(round, "Shplonk:nu");
@@ -200,9 +200,6 @@ class ECCVMTranscriptTests : public ::testing::Test {
         manifest_expected.add_entry(round, "Shplonk:Q", frs_per_G);
         manifest_expected.add_challenge(round, "Shplonk:z");
 
-        round++;
-        manifest_expected.add_challenge(round, "Translation:batching_challenge");
-
         return manifest_expected;
     }
 
@@ -405,4 +402,4 @@ TEST_F(ECCVMTranscriptTests, StructureTest)
     prover.transcript->deserialize_full_transcript();
     EXPECT_EQ(static_cast<typename Flavor::Commitment>(prover.transcript->transcript_Px_comm),
               one_group_val * rand_val);
-}
+}
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.cpp
@@ -99,38 +99,14 @@ bool ECCVMVerifier::verify_proof(const ECCVMProof& proof)
     const OpeningClaim multivariate_to_univariate_opening_claim =
         PCS::reduce_batch_opening_claim(sumcheck_batch_opening_claims);
 
-    const FF evaluation_challenge_x = transcript->template get_challenge<FF>("Translation:evaluation_challenge_x");
+    // Produce the opening claim for batch opening of 'op', 'Px', 'Py', 'z1', and 'z2' wires as univariate polynomials
+    translation_commitments = { commitments.transcript_op,
+                                commitments.transcript_Px,
+                                commitments.transcript_Py,
+                                commitments.transcript_z1,
+                                commitments.transcript_z2 };
 
-    // Construct arrays of commitments and evaluations to be batched, the evaluations being received from the prover
-    const size_t NUM_UNIVARIATES = 5;
-    std::array<Commitment, NUM_UNIVARIATES> transcript_commitments = { commitments.transcript_op,
-                                                                       commitments.transcript_Px,
-                                                                       commitments.transcript_Py,
-                                                                       commitments.transcript_z1,
-                                                                       commitments.transcript_z2 };
-    std::array<FF, NUM_UNIVARIATES> transcript_evaluations = {
-        transcript->template receive_from_prover<FF>("Translation:op"),
-        transcript->template receive_from_prover<FF>("Translation:Px"),
-        transcript->template receive_from_prover<FF>("Translation:Py"),
-        transcript->template receive_from_prover<FF>("Translation:z1"),
-        transcript->template receive_from_prover<FF>("Translation:z2")
-    };
-
-    // Get the batching challenge for commitments and evaluations
-    const FF ipa_batching_challenge = transcript->template get_challenge<FF>("Translation:ipa_batching_challenge");
-
-    // Compute the batched commitment and batched evaluation for the univariate opening claim
-    Commitment batched_commitment = transcript_commitments[0];
-    FF batched_transcript_eval = transcript_evaluations[0];
-    FF batching_scalar = ipa_batching_challenge;
-    for (size_t idx = 1; idx < NUM_UNIVARIATES; ++idx) {
-        batched_commitment = batched_commitment + transcript_commitments[idx] * batching_scalar;
-        batched_transcript_eval += batching_scalar * transcript_evaluations[idx];
-        batching_scalar *= ipa_batching_challenge;
-    }
-
-    const OpeningClaim translation_opening_claim = { { evaluation_challenge_x, batched_transcript_eval },
-                                                     batched_commitment };
+    const OpeningClaim translation_opening_claim = reduce_verify_translation_evaluations(translation_commitments);
 
     const std::array<OpeningClaim, 2> opening_claims = { multivariate_to_univariate_opening_claim,
                                                          translation_opening_claim };
@@ -145,4 +121,42 @@ bool ECCVMVerifier::verify_proof(const ECCVMProof& proof)
     vinfo("batch opening verified?: ", batched_opening_verified);
     return sumcheck_output.verified && batched_opening_verified && consistency_checked;
 }
+
+/**
+ * @brief To link the ECCVM Transcript wires 'op', 'Px', 'Py', 'z1', and 'z2' to the accumulator computed by the
+ * translator, we verify their evaluations as univariates. For efficiency reasons, we batch these evaluations.
+ *
+ * @param translation_commitments Commitments to  'op', 'Px', 'Py', 'z1', and 'z2'
+ * @return OpeningClaim<typename ECCVMFlavor::Curve>
+ */
+OpeningClaim<typename ECCVMFlavor::Curve> ECCVMVerifier::reduce_verify_translation_evaluations(
+    const std::array<Commitment, NUM_TRANSLATION_EVALUATIONS>& translation_commitments)
+{
+    evaluation_challenge_x = transcript->template get_challenge<FF>("Translation:evaluation_challenge_x");
+
+    // Construct arrays of commitments and evaluations to be batched, the evaluations being received from the prover
+
+    std::array<FF, NUM_TRANSLATION_EVALUATIONS> translation_evaluations = {
+        transcript->template receive_from_prover<FF>("Translation:op"),
+        transcript->template receive_from_prover<FF>("Translation:Px"),
+        transcript->template receive_from_prover<FF>("Translation:Py"),
+        transcript->template receive_from_prover<FF>("Translation:z1"),
+        transcript->template receive_from_prover<FF>("Translation:z2")
+    };
+
+    // Get the batching challenge for commitments and evaluations
+    batching_challenge_v = transcript->template get_challenge<FF>("Translation:batching_challenge_v");
+
+    // Compute the batched commitment and batched evaluation for the univariate opening claim
+    Commitment batched_commitment = translation_commitments[0];
+    FF batched_translation_evaluation = translation_evaluations[0];
+    FF batching_scalar = batching_challenge_v;
+    for (size_t idx = 1; idx < NUM_TRANSLATION_EVALUATIONS; ++idx) {
+        batched_commitment = batched_commitment + translation_commitments[idx] * batching_scalar;
+        batched_translation_evaluation += batching_scalar * translation_evaluations[idx];
+        batching_scalar *= batching_challenge_v;
+    }
+
+    return { { evaluation_challenge_x, batched_translation_evaluation }, batched_commitment };
+};
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp b/barretenberg/cpp/src/barretenberg/eccvm/eccvm_verifier.hpp
@@ -23,10 +23,17 @@ class ECCVMVerifier {
         : ECCVMVerifier(std::make_shared<ECCVMFlavor::VerificationKey>(proving_key)){};
 
     bool verify_proof(const ECCVMProof& proof);
+    OpeningClaim<typename ECCVMFlavor::Curve> reduce_verify_translation_evaluations(
+        const std::array<Commitment, NUM_TRANSLATION_EVALUATIONS>& translation_commitments);
 
+    std::array<Commitment, NUM_TRANSLATION_EVALUATIONS> translation_commitments;
     std::shared_ptr<VerificationKey> key;
     std::map<std::string, Commitment> commitments;
     std::shared_ptr<Transcript> transcript;
     std::shared_ptr<Transcript> ipa_transcript;
+
+    // Translation evaluations challenges. They are propagated to the TranslatorVerifier
+    FF evaluation_challenge_x;
+    FF batching_challenge_v;
 };
 } // namespace bb
diff --git a/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp b/barretenberg/cpp/src/barretenberg/goblin/goblin.hpp
@@ -296,7 +296,8 @@ class GoblinVerifier {
 
         TranslatorVerifier translator_verifier(translator_verification_key, eccvm_verifier.transcript);
 
-        bool accumulator_construction_verified = translator_verifier.verify_proof(proof.translator_proof);
+        bool accumulator_construction_verified = translator_verifier.verify_proof(
+            proof.translator_proof, eccvm_verifier.evaluation_challenge_x, eccvm_verifier.batching_challenge_v);
         // TODO(https://github.com/AztecProtocol/barretenberg/issues/799): Ensure translation_evaluations are passed
         // correctly
         bool translation_verified = translator_verifier.verify_translation(proof.translation_evaluations);

diff --git a/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp b/barretenberg/cpp/src/barretenberg/goblin/translation_evaluations.hpp
@@ -14,6 +14,8 @@ template <typename BF, typename FF> struct TranslationEvaluations_ {
     static constexpr uint32_t NUM_EVALUATIONS = 5;
     static size_t size() { return field_conversion::calc_num_bn254_frs<BF>() * NUM_EVALUATIONS; }
 
+    std::array<BF*, NUM_EVALUATIONS> get_all() { return { &op, &Px, &Py, &z1, &z2 }; }
+
     MSGPACK_FIELDS(op, Px, Py, z1, z2);
 };
 } // namespace bb