Use AggregatedPublicValues instead

0xPolygonZero · May 2, 2023 · ae2172e · ae2172e
1 parent 35f0367
commit ae2172e
Show file tree

Hide file tree

Showing 3 changed files with 161 additions and 69 deletions.
diff --git a/evm/src/fixed_recursive_verifier.rs b/evm/src/fixed_recursive_verifier.rs
@@ -37,12 +37,13 @@ use crate::logic::LogicStark;
 use crate::memory::memory_stark::MemoryStark;
 use crate::permutation::{get_grand_product_challenge_set_target, GrandProductChallengeSet};
 use crate::proof::{
-    BlockMetadataTarget, PublicValues, PublicValuesTarget, StarkProofWithMetadata, TrieRootsTarget,
+    AggregatedPublicValues, AggregatedPublicValuesTarget, BlockMetadataTarget,
+    StarkProofWithMetadata, TrieRootsTarget,
 };
 use crate::prover::prove;
 use crate::recursive_verifier::{
-    add_common_recursion_gates, add_virtual_public_values, recursive_stark_circuit,
-    set_public_value_targets, PlonkWrapperCircuit, PublicInputs, StarkWrapperCircuit,
+    add_common_recursion_gates, add_virtual_aggregated_public_values, recursive_stark_circuit,
+    set_aggregated_public_value_targets, PlonkWrapperCircuit, PublicInputs, StarkWrapperCircuit,
 };
 use crate::stark::Stark;
 
@@ -54,13 +55,13 @@ where
     [(); C::HCO::WIDTH]:,
 {
     pub proof: ProofWithPublicInputs<F, C, D>,
-    pub public_values: PublicValues,
+    pub public_values: AggregatedPublicValues,
 }
 
 #[derive(Debug, Clone)]
 pub struct EvmProofTarget<const D: usize> {
     pub proof: ProofWithPublicInputsTarget<D>,
-    pub public_values: PublicValuesTarget,
+    pub public_values: AggregatedPublicValuesTarget,
 }
 
 /// Adds a new "virtual" EVM proof target.
@@ -69,7 +70,7 @@ fn add_virtual_evm_proof<F: RichField + Extendable<D>, const D: usize>(
     common_data: &CommonCircuitData<F, D>,
 ) -> EvmProofTarget<D> {
     let proof = builder.add_virtual_proof_with_pis(common_data);
-    let public_values = add_virtual_public_values(builder);
+    let public_values = add_virtual_aggregated_public_values(builder);
     EvmProofTarget {
         proof,
         public_values,
@@ -88,7 +89,7 @@ fn set_evm_proof_target<F, C, W, const D: usize>(
     [(); C::HCO::WIDTH]:,
 {
     witness.set_proof_with_pis_target(&evm_proof_target.proof, &evm_proof.proof);
-    set_public_value_targets(
+    set_aggregated_public_value_targets(
         witness,
         &evm_proof_target.public_values,
         &evm_proof.public_values,
@@ -122,13 +123,44 @@ where
     }
 }
 
+/// Selects `bm0` or `bm1` based on `b`, i.e., this returns `if b { bm0 } else { bm1 }`.
+fn select_block_metadata<F: RichField + Extendable<D>, const D: usize>(
+    builder: &mut CircuitBuilder<F, D>,
+    b: BoolTarget,
+    bm0: &BlockMetadataTarget,
+    bm1: &BlockMetadataTarget,
+) -> BlockMetadataTarget
+where
+    F: RichField + Extendable<D>,
+{
+    let block_beneficiary: [Target; 5] = core::array::from_fn(|i| {
+        builder.select(b, bm0.block_beneficiary[i], bm1.block_beneficiary[i])
+    });
+    let block_timestamp = builder.select(b, bm0.block_timestamp, bm1.block_timestamp);
+    let block_number = builder.select(b, bm0.block_number, bm1.block_number);
+    let block_difficulty = builder.select(b, bm0.block_difficulty, bm1.block_difficulty);
+    let block_gaslimit = builder.select(b, bm0.block_gaslimit, bm1.block_gaslimit);
+    let block_chain_id = builder.select(b, bm0.block_chain_id, bm1.block_chain_id);
+    let block_base_fee = builder.select(b, bm0.block_base_fee, bm1.block_base_fee);
+
+    BlockMetadataTarget {
+        block_beneficiary,
+        block_timestamp,
+        block_number,
+        block_difficulty,
+        block_gaslimit,
+        block_chain_id,
+        block_base_fee,
+    }
+}
+
 /// Selects `pv0` or `pv1` based on `b`, i.e., this returns `if b { pv0 } else { pv1 }`.
 fn select_public_values<F: RichField + Extendable<D>, const D: usize>(
     builder: &mut CircuitBuilder<F, D>,
     b: BoolTarget,
-    pv0: &PublicValuesTarget,
-    pv1: &PublicValuesTarget,
-) -> PublicValuesTarget
+    pv0: &AggregatedPublicValuesTarget,
+    pv1: &AggregatedPublicValuesTarget,
+) -> AggregatedPublicValuesTarget
 where
     F: RichField + Extendable<D>,
 {
@@ -137,56 +169,25 @@ where
     let trie_roots_after =
         select_trie_roots(builder, b, &pv0.trie_roots_after, &pv1.trie_roots_after);
 
-    let block_beneficiary: [Target; 5] = core::array::from_fn(|i| {
-        builder.select(
+    let block_metadata_pair = (
+        select_block_metadata(
+            builder,
             b,
-            pv0.block_metadata.block_beneficiary[i],
-            pv1.block_metadata.block_beneficiary[i],
-        )
-    });
-    let block_timestamp = builder.select(
-        b,
-        pv0.block_metadata.block_timestamp,
-        pv1.block_metadata.block_timestamp,
-    );
-    let block_number = builder.select(
-        b,
-        pv0.block_metadata.block_number,
-        pv1.block_metadata.block_number,
-    );
-    let block_difficulty = builder.select(
-        b,
-        pv0.block_metadata.block_difficulty,
-        pv1.block_metadata.block_difficulty,
-    );
-    let block_gaslimit = builder.select(
-        b,
-        pv0.block_metadata.block_gaslimit,
-        pv1.block_metadata.block_gaslimit,
-    );
-    let block_chain_id = builder.select(
-        b,
-        pv0.block_metadata.block_chain_id,
-        pv1.block_metadata.block_chain_id,
-    );
-    let block_base_fee = builder.select(
-        b,
-        pv0.block_metadata.block_base_fee,
-        pv1.block_metadata.block_base_fee,
+            &pv0.block_metadata_pair.0,
+            &pv1.block_metadata_pair.0,
+        ),
+        select_block_metadata(
+            builder,
+            b,
+            &pv0.block_metadata_pair.1,
+            &pv1.block_metadata_pair.1,
+        ),
     );
 
-    PublicValuesTarget {
+    AggregatedPublicValuesTarget {
         trie_roots_before,
         trie_roots_after,
-        block_metadata: BlockMetadataTarget {
-            block_beneficiary,
-            block_timestamp,
-            block_number,
-            block_difficulty,
-            block_gaslimit,
-            block_chain_id,
-            block_base_fee,
-        },
+        block_metadata_pair,
     }
 }
 
@@ -739,8 +740,8 @@ where
         );
 
         let blocks_are_equal = builder.is_equal(
-            pv_lhs.block_metadata.block_timestamp,
-            pv_rhs.block_metadata.block_timestamp,
+            pv_lhs.block_metadata_pair.1.block_timestamp,
+            pv_rhs.block_metadata_pair.0.block_timestamp,
         );
 
         connect_trie_roots(
@@ -759,8 +760,8 @@ where
         // If there was no previous `BlockProof`, public values
         // will be set to match when calling `prove_block()`.
         let blocks_are_equal = builder.is_equal(
-            lhs.public_values.block_metadata.block_timestamp,
-            rhs.public_values.block_metadata.block_timestamp,
+            lhs.public_values.block_metadata_pair.1.block_timestamp,
+            rhs.public_values.block_metadata_pair.0.block_timestamp,
         );
 
         connect_trie_roots(
@@ -851,7 +852,14 @@ where
 
         Ok(EvmProof {
             proof: self.root.circuit.prove(root_inputs)?,
-            public_values: all_proof.public_values,
+            public_values: AggregatedPublicValues {
+                trie_roots_before: all_proof.public_values.trie_roots_before,
+                trie_roots_after: all_proof.public_values.trie_roots_after,
+                block_metadata_pair: (
+                    all_proof.public_values.block_metadata.clone(),
+                    all_proof.public_values.block_metadata,
+                ),
+            },
         })
     }
 
@@ -883,9 +891,13 @@ where
 
         Ok(EvmProof {
             proof: self.aggregation.circuit.prove(agg_inputs)?,
-            public_values: PublicValues {
+            public_values: AggregatedPublicValues {
                 trie_roots_before: lhs_proof.public_values.trie_roots_before.clone(),
-                ..rhs_proof.public_values.clone()
+                trie_roots_after: rhs_proof.public_values.trie_roots_after.clone(),
+                block_metadata_pair: (
+                    lhs_proof.public_values.block_metadata_pair.0.clone(),
+                    rhs_proof.public_values.block_metadata_pair.1.clone(),
+                ),
             },
         })
     }
@@ -941,16 +953,27 @@ where
         block_inputs
             .set_verifier_data_target(&self.block.cyclic_vk, &self.block.circuit.verifier_only);
 
-        let trie_roots_before = if let Some(bp) = opt_parent_block_proof {
-            bp.public_values.trie_roots_before.clone()
+        let (trie_roots_before, block_metadata_pair) = if let Some(bp) = opt_parent_block_proof {
+            (
+                bp.public_values.trie_roots_before.clone(),
+                (
+                    bp.public_values.block_metadata_pair.0.clone(),
+                    agg_root_proof.public_values.block_metadata_pair.1.clone(),
+                ),
+            )
         } else {
-            agg_root_proof.public_values.trie_roots_before.clone()
+            (
+                agg_root_proof.public_values.trie_roots_before.clone(),
+                agg_root_proof.public_values.block_metadata_pair.clone(),
+            )
         };
+
         Ok(EvmProof {
             proof: self.block.circuit.prove(block_inputs)?,
-            public_values: PublicValues {
+            public_values: AggregatedPublicValues {
                 trie_roots_before,
-                ..agg_root_proof.public_values.clone()
+                trie_roots_after: agg_root_proof.public_values.trie_roots_after.clone(),
+                block_metadata_pair,
             },
         })
     }

diff --git a/evm/src/proof.rs b/evm/src/proof.rs
@@ -64,6 +64,16 @@ pub struct PublicValues {
     pub block_metadata: BlockMetadata,
 }
 
+/// Memory values  which are public over an aggregaton of blocks.
+#[derive(Debug, Clone, Default)]
+pub struct AggregatedPublicValues {
+    pub trie_roots_before: TrieRoots,
+    pub trie_roots_after: TrieRoots,
+    /// Represents the leftmost and rightmost block_metadata of the associated
+    /// aggregation proof, to allow combination on both sides with another proof.
+    pub block_metadata_pair: (BlockMetadata, BlockMetadata),
+}
+
 #[derive(Debug, Clone, Default)]
 pub struct TrieRoots {
     pub state_root: H256,
@@ -91,6 +101,16 @@ pub struct PublicValuesTarget {
     pub block_metadata: BlockMetadataTarget,
 }
 
+/// Memory values which are public over an aggregaton of blocks.
+#[derive(Debug, Clone)]
+pub struct AggregatedPublicValuesTarget {
+    pub trie_roots_before: TrieRootsTarget,
+    pub trie_roots_after: TrieRootsTarget,
+    /// Represents the leftmost and rightmost block_metadata of the associated
+    /// aggregation proof, to allow combination on both sides with another proof.
+    pub block_metadata_pair: (BlockMetadataTarget, BlockMetadataTarget),
+}
+
 #[derive(Debug, Clone)]
 pub struct TrieRootsTarget {
     pub state_root: [Target; 8],

diff --git a/evm/src/recursive_verifier.rs b/evm/src/recursive_verifier.rs
@@ -34,8 +34,9 @@ use crate::permutation::{
     PermutationCheckDataTarget,
 };
 use crate::proof::{
-    BlockMetadata, BlockMetadataTarget, PublicValues, PublicValuesTarget, StarkOpeningSetTarget,
-    StarkProof, StarkProofChallengesTarget, StarkProofTarget, StarkProofWithMetadata, TrieRoots,
+    AggregatedPublicValues, AggregatedPublicValuesTarget, BlockMetadata, BlockMetadataTarget,
+    PublicValues, PublicValuesTarget, StarkOpeningSetTarget, StarkProof,
+    StarkProofChallengesTarget, StarkProofTarget, StarkProofWithMetadata, TrieRoots,
     TrieRootsTarget,
 };
 use crate::stark::Stark;
@@ -514,6 +515,23 @@ fn eval_l_0_and_l_last_circuit<F: RichField + Extendable<D>, const D: usize>(
     )
 }
 
+pub(crate) fn add_virtual_aggregated_public_values<F: RichField + Extendable<D>, const D: usize>(
+    builder: &mut CircuitBuilder<F, D>,
+) -> AggregatedPublicValuesTarget {
+    let trie_roots_before = add_virtual_trie_roots(builder);
+    let trie_roots_after = add_virtual_trie_roots(builder);
+    let block_metadata_pair = (
+        add_virtual_block_metadata(builder),
+        add_virtual_block_metadata(builder),
+    );
+    AggregatedPublicValuesTarget {
+        trie_roots_before,
+        trie_roots_after,
+        block_metadata_pair,
+    }
+}
+
+#[allow(unused)] // TODO: used later?
 pub(crate) fn add_virtual_public_values<F: RichField + Extendable<D>, const D: usize>(
     builder: &mut CircuitBuilder<F, D>,
 ) -> PublicValuesTarget {
@@ -638,6 +656,37 @@ pub(crate) fn set_stark_proof_target<F, C: GenericConfig<D, F = F>, W, const D:
     set_fri_proof_target(witness, &proof_target.opening_proof, &proof.opening_proof);
 }
 
+pub(crate) fn set_aggregated_public_value_targets<F, W, const D: usize>(
+    witness: &mut W,
+    public_values_target: &AggregatedPublicValuesTarget,
+    public_values: &AggregatedPublicValues,
+) where
+    F: RichField + Extendable<D>,
+    W: Witness<F>,
+{
+    set_trie_roots_target(
+        witness,
+        &public_values_target.trie_roots_before,
+        &public_values.trie_roots_before,
+    );
+    set_trie_roots_target(
+        witness,
+        &public_values_target.trie_roots_after,
+        &public_values.trie_roots_after,
+    );
+    set_block_metadata_target(
+        witness,
+        &public_values_target.block_metadata_pair.0,
+        &public_values.block_metadata_pair.0,
+    );
+    set_block_metadata_target(
+        witness,
+        &public_values_target.block_metadata_pair.1,
+        &public_values.block_metadata_pair.1,
+    );
+}
+
+#[allow(unused)] // TODO: used later?
 pub(crate) fn set_public_value_targets<F, W, const D: usize>(
     witness: &mut W,
     public_values_target: &PublicValuesTarget,