Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(yellow-paper): Add pseudocode for verifying broadcasted functions in contract deployment #4431

Merged
merged 8 commits into from
Mar 14, 2024

Conversation

spalladino
Copy link
Collaborator

@spalladino spalladino commented Feb 5, 2024

Plus other small fixes and a TODO

Copy link
Contributor

@iAmMichaelConnor iAmMichaelConnor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just left a few comments. Maybe @LeilaWang would also like to check that these edits satisfy your questions from earlier in the week?

)
```

For the artifact hash merkleization and hashing is done using sha256, since it is computed and verified outside of circuits and does not need to be SNARK friendly. Fields are left-padded with zeros to 256 bits before being hashed. Function leaves are sorted in ascending order before being merkleized, according to their function selectors. Note that a tree with dynamic height is built instead of having a tree with a fixed height, since the merkleization is done out of a circuit.

<!-- TODO: Sure, sha256 is nice, but its output does not fit in a single field. Is it ok to wrap around the field modulus? Should we use sha224 instead? Should we use pedersen (or poseidon) everywhere instead? -->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I think wrapping around the modulus should be ok in this case, because that should still give us collision resistance. But perhaps "Poseidon everywhere" is an easier approach.

Fields are left-padded with zeros to 256 bits before being hashed.
Aside (and irrelevant if we move to Poseidon): this wouldn't be necessary with sha256. sha256 deals with inputs specified in bits, so concatenating 254-bit inputs would work.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. I'll still leave a TODO for verifying it with the crypto team, just in case.

As for not padding to 256 bits, that's good to know! Still, I think it's best to pad anyway for consistency: pretty much everywhere we represent fields using 32 bytes.

@@ -124,13 +126,16 @@ In pseudocode:
function register(
artifact_hash: Field,
private_functions_root: Field,
public_bytecode_commitment: Field,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be an encoding of a point, so at least 1 Field + 1 bit.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we use the "all points are represented on one side of the curve" to avoid that extra bit?

Copy link
Contributor

@iAmMichaelConnor iAmMichaelConnor Feb 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know 😅 Potentially. We'd need to check with the crypto team, I think.
A follow-up thought that just popped into my mind. The bytecode commitment might be an altBN254 point, rather than a Grumpkin point, so the altBN254 coordinates would be (F_q, F_q) instead of Grumpkin coordinates (F_r, F_r). I believe q > r, so even a single x-coordinate wouldn't fit into an F_r field. (The Field type in Noir is F_r).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redefining it to be a Point for now, until we know for sure what shape it'll have

assert computed_artifact_hash == contract_class.artifact_hash
```

<!-- TODO: Requiring two sibling paths isn't nice. This is because we are splitting private function information across two trees: one for the protocol, that deals only with selectors and vk hashes, and one for the artifact, which deals with bytecode and metadata. If we are fine adding a `function_stuff_hash` to the function leaf that goes into the protocol tree, we could get rid of the second sibling path, but that introduces stuff into the private function tree that is not strictly needed and requires unnecessary hashing in the kernel. -->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reckon aiming to reduce any in-circuit hashing is the best approach, here

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. Moved this to a "discarded approaches" section.

@spalladino spalladino merged commit 8bdb921 into master Mar 14, 2024
90 checks passed
@spalladino spalladino deleted the palla/yp-contract-deploy-2 branch March 14, 2024 12:01
critesjosh pushed a commit that referenced this pull request Mar 14, 2024
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-package: 0.28.0</summary>

##
[0.28.0](aztec-package-v0.27.2...aztec-package-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](#5175))

### Features

* Support contracts with no constructor
([#5175](#5175))
([df7fa32](df7fa32))
</details>

<details><summary>barretenberg.js: 0.28.0</summary>

##
[0.28.0](barretenberg.js-v0.27.2...barretenberg.js-v0.28.0)
(2024-03-14)


### Miscellaneous

* **barretenberg.js:** Synchronize aztec-packages versions
</details>

<details><summary>aztec-cli: 0.28.0</summary>

##
[0.28.0](aztec-cli-v0.27.2...aztec-cli-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](#5175))

### Features

* Support contracts with no constructor
([#5175](#5175))
([df7fa32](df7fa32))
</details>

<details><summary>aztec-packages: 0.28.0</summary>

##
[0.28.0](aztec-packages-v0.27.2...aztec-packages-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](#5175))

### Features

* **avm-simulator:** Euclidean and field div
([#5181](#5181))
([037a38f](037a38f))
* Isolate Plonk dependencies
([#5068](#5068))
([5cbbd7d](5cbbd7d))
* New brillig field operations and refactor of binary operations
([#5208](#5208))
([eb69504](eb69504))
* Parallelize linearly dependent contribution in PG
([#4742](#4742))
([d1799ae](d1799ae))
* Parity circuits
([#5082](#5082))
([335c46e](335c46e))
* Support contracts with no constructor
([#5175](#5175))
([df7fa32](df7fa32))
* Track side effects in public
([#5129](#5129))
([d666f6f](d666f6f)),
closes
[#5185](#5185)
* Update SMT Circuit class and add gate relaxation functionality
([#5176](#5176))
([5948996](5948996))


### Bug Fixes

* **avm-transpiler:** FDIV and U128 test case
([#5200](#5200))
([6977e81](6977e81))
* Barretenberg-acir-tests-bb.js thru version bump
([#5216](#5216))
([9298f93](9298f93))
* Do not release docs on every commit to master
([#5214](#5214))
([c34a299](c34a299))
* Fail transaction if we revert in setup or teardown
([#5093](#5093))
([db9a960](db9a960))
* Intermittent invert 0 in Goblin
([#5189](#5189))
([6c70624](6c70624))
* Point docs links to current tag if available
([#5219](#5219))
([0e9c7c7](0e9c7c7))
* Remove embedded srs
([#5173](#5173))
([cfd673d](cfd673d))
* Split setup/teardown functions when there's no public app logic
([#5156](#5156))
([2ee13b3](2ee13b3))
* Validate EthAddress size in aztec-nr
([#5198](#5198))
([201c5e1](201c5e1))


### Miscellaneous

* Add dependency instructions to bberg README
([#5187](#5187))
([850febc](850febc))
* **avm-simulator:** Make sure we support Map storage
([#5207](#5207))
([08835f9](08835f9))
* **avm-simulator:** Restructure contract storage tests
([#5194](#5194))
([fcdd1cc](fcdd1cc))
* **docs:** Add details to getting started contract deployment
([#5220](#5220))
([5c267ae](5c267ae))
* Moving wit comms and witness and comm labels from instance to oink
([#5199](#5199))
([19eb7f9](19eb7f9))
* Oink
([#5210](#5210))
([321f149](321f149))
* Pull noir
([#5193](#5193))
([aa90f6e](aa90f6e))
* Trying to fix intermitent ci failure for boxes
([#5182](#5182))
([f988cb8](f988cb8))


### Documentation

* **yellow-paper:** Add pseudocode for verifying broadcasted functions
in contract deployment
([#4431](#4431))
([8bdb921](8bdb921))
</details>

<details><summary>barretenberg: 0.28.0</summary>

##
[0.28.0](barretenberg-v0.27.2...barretenberg-v0.28.0)
(2024-03-14)


### Features

* **avm-simulator:** Euclidean and field div
([#5181](#5181))
([037a38f](037a38f))
* Isolate Plonk dependencies
([#5068](#5068))
([5cbbd7d](5cbbd7d))
* New brillig field operations and refactor of binary operations
([#5208](#5208))
([eb69504](eb69504))
* Parallelize linearly dependent contribution in PG
([#4742](#4742))
([d1799ae](d1799ae))
* Update SMT Circuit class and add gate relaxation functionality
([#5176](#5176))
([5948996](5948996))


### Bug Fixes

* Barretenberg-acir-tests-bb.js thru version bump
([#5216](#5216))
([9298f93](9298f93))
* Intermittent invert 0 in Goblin
([#5189](#5189))
([6c70624](6c70624))
* Remove embedded srs
([#5173](#5173))
([cfd673d](cfd673d))


### Miscellaneous

* Add dependency instructions to bberg README
([#5187](#5187))
([850febc](850febc))
* Moving wit comms and witness and comm labels from instance to oink
([#5199](#5199))
([19eb7f9](19eb7f9))
* Oink
([#5210](#5210))
([321f149](321f149))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
AztecBot added a commit to AztecProtocol/barretenberg that referenced this pull request Mar 15, 2024
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-package: 0.28.0</summary>

##
[0.28.0](AztecProtocol/aztec-packages@aztec-package-v0.27.2...aztec-package-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](AztecProtocol/aztec-packages#5175))

### Features

* Support contracts with no constructor
([#5175](AztecProtocol/aztec-packages#5175))
([df7fa32](AztecProtocol/aztec-packages@df7fa32))
</details>

<details><summary>barretenberg.js: 0.28.0</summary>

##
[0.28.0](AztecProtocol/aztec-packages@barretenberg.js-v0.27.2...barretenberg.js-v0.28.0)
(2024-03-14)


### Miscellaneous

* **barretenberg.js:** Synchronize aztec-packages versions
</details>

<details><summary>aztec-cli: 0.28.0</summary>

##
[0.28.0](AztecProtocol/aztec-packages@aztec-cli-v0.27.2...aztec-cli-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](AztecProtocol/aztec-packages#5175))

### Features

* Support contracts with no constructor
([#5175](AztecProtocol/aztec-packages#5175))
([df7fa32](AztecProtocol/aztec-packages@df7fa32))
</details>

<details><summary>aztec-packages: 0.28.0</summary>

##
[0.28.0](AztecProtocol/aztec-packages@aztec-packages-v0.27.2...aztec-packages-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](AztecProtocol/aztec-packages#5175))

### Features

* **avm-simulator:** Euclidean and field div
([#5181](AztecProtocol/aztec-packages#5181))
([037a38f](AztecProtocol/aztec-packages@037a38f))
* Isolate Plonk dependencies
([#5068](AztecProtocol/aztec-packages#5068))
([5cbbd7d](AztecProtocol/aztec-packages@5cbbd7d))
* New brillig field operations and refactor of binary operations
([#5208](AztecProtocol/aztec-packages#5208))
([eb69504](AztecProtocol/aztec-packages@eb69504))
* Parallelize linearly dependent contribution in PG
([#4742](AztecProtocol/aztec-packages#4742))
([d1799ae](AztecProtocol/aztec-packages@d1799ae))
* Parity circuits
([#5082](AztecProtocol/aztec-packages#5082))
([335c46e](AztecProtocol/aztec-packages@335c46e))
* Support contracts with no constructor
([#5175](AztecProtocol/aztec-packages#5175))
([df7fa32](AztecProtocol/aztec-packages@df7fa32))
* Track side effects in public
([#5129](AztecProtocol/aztec-packages#5129))
([d666f6f](AztecProtocol/aztec-packages@d666f6f)),
closes
[#5185](AztecProtocol/aztec-packages#5185)
* Update SMT Circuit class and add gate relaxation functionality
([#5176](AztecProtocol/aztec-packages#5176))
([5948996](AztecProtocol/aztec-packages@5948996))


### Bug Fixes

* **avm-transpiler:** FDIV and U128 test case
([#5200](AztecProtocol/aztec-packages#5200))
([6977e81](AztecProtocol/aztec-packages@6977e81))
* Barretenberg-acir-tests-bb.js thru version bump
([#5216](AztecProtocol/aztec-packages#5216))
([9298f93](AztecProtocol/aztec-packages@9298f93))
* Do not release docs on every commit to master
([#5214](AztecProtocol/aztec-packages#5214))
([c34a299](AztecProtocol/aztec-packages@c34a299))
* Fail transaction if we revert in setup or teardown
([#5093](AztecProtocol/aztec-packages#5093))
([db9a960](AztecProtocol/aztec-packages@db9a960))
* Intermittent invert 0 in Goblin
([#5189](AztecProtocol/aztec-packages#5189))
([6c70624](AztecProtocol/aztec-packages@6c70624))
* Point docs links to current tag if available
([#5219](AztecProtocol/aztec-packages#5219))
([0e9c7c7](AztecProtocol/aztec-packages@0e9c7c7))
* Remove embedded srs
([#5173](AztecProtocol/aztec-packages#5173))
([cfd673d](AztecProtocol/aztec-packages@cfd673d))
* Split setup/teardown functions when there's no public app logic
([#5156](AztecProtocol/aztec-packages#5156))
([2ee13b3](AztecProtocol/aztec-packages@2ee13b3))
* Validate EthAddress size in aztec-nr
([#5198](AztecProtocol/aztec-packages#5198))
([201c5e1](AztecProtocol/aztec-packages@201c5e1))


### Miscellaneous

* Add dependency instructions to bberg README
([#5187](AztecProtocol/aztec-packages#5187))
([850febc](AztecProtocol/aztec-packages@850febc))
* **avm-simulator:** Make sure we support Map storage
([#5207](AztecProtocol/aztec-packages#5207))
([08835f9](AztecProtocol/aztec-packages@08835f9))
* **avm-simulator:** Restructure contract storage tests
([#5194](AztecProtocol/aztec-packages#5194))
([fcdd1cc](AztecProtocol/aztec-packages@fcdd1cc))
* **docs:** Add details to getting started contract deployment
([#5220](AztecProtocol/aztec-packages#5220))
([5c267ae](AztecProtocol/aztec-packages@5c267ae))
* Moving wit comms and witness and comm labels from instance to oink
([#5199](AztecProtocol/aztec-packages#5199))
([19eb7f9](AztecProtocol/aztec-packages@19eb7f9))
* Oink
([#5210](AztecProtocol/aztec-packages#5210))
([321f149](AztecProtocol/aztec-packages@321f149))
* Pull noir
([#5193](AztecProtocol/aztec-packages#5193))
([aa90f6e](AztecProtocol/aztec-packages@aa90f6e))
* Trying to fix intermitent ci failure for boxes
([#5182](AztecProtocol/aztec-packages#5182))
([f988cb8](AztecProtocol/aztec-packages@f988cb8))


### Documentation

* **yellow-paper:** Add pseudocode for verifying broadcasted functions
in contract deployment
([#4431](AztecProtocol/aztec-packages#4431))
([8bdb921](AztecProtocol/aztec-packages@8bdb921))
</details>

<details><summary>barretenberg: 0.28.0</summary>

##
[0.28.0](AztecProtocol/aztec-packages@barretenberg-v0.27.2...barretenberg-v0.28.0)
(2024-03-14)


### Features

* **avm-simulator:** Euclidean and field div
([#5181](AztecProtocol/aztec-packages#5181))
([037a38f](AztecProtocol/aztec-packages@037a38f))
* Isolate Plonk dependencies
([#5068](AztecProtocol/aztec-packages#5068))
([5cbbd7d](AztecProtocol/aztec-packages@5cbbd7d))
* New brillig field operations and refactor of binary operations
([#5208](AztecProtocol/aztec-packages#5208))
([eb69504](AztecProtocol/aztec-packages@eb69504))
* Parallelize linearly dependent contribution in PG
([#4742](AztecProtocol/aztec-packages#4742))
([d1799ae](AztecProtocol/aztec-packages@d1799ae))
* Update SMT Circuit class and add gate relaxation functionality
([#5176](AztecProtocol/aztec-packages#5176))
([5948996](AztecProtocol/aztec-packages@5948996))


### Bug Fixes

* Barretenberg-acir-tests-bb.js thru version bump
([#5216](AztecProtocol/aztec-packages#5216))
([9298f93](AztecProtocol/aztec-packages@9298f93))
* Intermittent invert 0 in Goblin
([#5189](AztecProtocol/aztec-packages#5189))
([6c70624](AztecProtocol/aztec-packages@6c70624))
* Remove embedded srs
([#5173](AztecProtocol/aztec-packages#5173))
([cfd673d](AztecProtocol/aztec-packages@cfd673d))


### Miscellaneous

* Add dependency instructions to bberg README
([#5187](AztecProtocol/aztec-packages#5187))
([850febc](AztecProtocol/aztec-packages@850febc))
* Moving wit comms and witness and comm labels from instance to oink
([#5199](AztecProtocol/aztec-packages#5199))
([19eb7f9](AztecProtocol/aztec-packages@19eb7f9))
* Oink
([#5210](AztecProtocol/aztec-packages#5210))
([321f149](AztecProtocol/aztec-packages@321f149))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
sklppy88 pushed a commit that referenced this pull request Mar 15, 2024
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-package: 0.28.0</summary>

##
[0.28.0](aztec-package-v0.27.2...aztec-package-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](#5175))

### Features

* Support contracts with no constructor
([#5175](#5175))
([df7fa32](df7fa32))
</details>

<details><summary>barretenberg.js: 0.28.0</summary>

##
[0.28.0](barretenberg.js-v0.27.2...barretenberg.js-v0.28.0)
(2024-03-14)


### Miscellaneous

* **barretenberg.js:** Synchronize aztec-packages versions
</details>

<details><summary>aztec-cli: 0.28.0</summary>

##
[0.28.0](aztec-cli-v0.27.2...aztec-cli-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](#5175))

### Features

* Support contracts with no constructor
([#5175](#5175))
([df7fa32](df7fa32))
</details>

<details><summary>aztec-packages: 0.28.0</summary>

##
[0.28.0](aztec-packages-v0.27.2...aztec-packages-v0.28.0)
(2024-03-14)


### ⚠ BREAKING CHANGES

* Support contracts with no constructor
([#5175](#5175))

### Features

* **avm-simulator:** Euclidean and field div
([#5181](#5181))
([037a38f](037a38f))
* Isolate Plonk dependencies
([#5068](#5068))
([5cbbd7d](5cbbd7d))
* New brillig field operations and refactor of binary operations
([#5208](#5208))
([eb69504](eb69504))
* Parallelize linearly dependent contribution in PG
([#4742](#4742))
([d1799ae](d1799ae))
* Parity circuits
([#5082](#5082))
([335c46e](335c46e))
* Support contracts with no constructor
([#5175](#5175))
([df7fa32](df7fa32))
* Track side effects in public
([#5129](#5129))
([d666f6f](d666f6f)),
closes
[#5185](#5185)
* Update SMT Circuit class and add gate relaxation functionality
([#5176](#5176))
([5948996](5948996))


### Bug Fixes

* **avm-transpiler:** FDIV and U128 test case
([#5200](#5200))
([6977e81](6977e81))
* Barretenberg-acir-tests-bb.js thru version bump
([#5216](#5216))
([9298f93](9298f93))
* Do not release docs on every commit to master
([#5214](#5214))
([c34a299](c34a299))
* Fail transaction if we revert in setup or teardown
([#5093](#5093))
([db9a960](db9a960))
* Intermittent invert 0 in Goblin
([#5189](#5189))
([6c70624](6c70624))
* Point docs links to current tag if available
([#5219](#5219))
([0e9c7c7](0e9c7c7))
* Remove embedded srs
([#5173](#5173))
([cfd673d](cfd673d))
* Split setup/teardown functions when there's no public app logic
([#5156](#5156))
([2ee13b3](2ee13b3))
* Validate EthAddress size in aztec-nr
([#5198](#5198))
([201c5e1](201c5e1))


### Miscellaneous

* Add dependency instructions to bberg README
([#5187](#5187))
([850febc](850febc))
* **avm-simulator:** Make sure we support Map storage
([#5207](#5207))
([08835f9](08835f9))
* **avm-simulator:** Restructure contract storage tests
([#5194](#5194))
([fcdd1cc](fcdd1cc))
* **docs:** Add details to getting started contract deployment
([#5220](#5220))
([5c267ae](5c267ae))
* Moving wit comms and witness and comm labels from instance to oink
([#5199](#5199))
([19eb7f9](19eb7f9))
* Oink
([#5210](#5210))
([321f149](321f149))
* Pull noir
([#5193](#5193))
([aa90f6e](aa90f6e))
* Trying to fix intermitent ci failure for boxes
([#5182](#5182))
([f988cb8](f988cb8))


### Documentation

* **yellow-paper:** Add pseudocode for verifying broadcasted functions
in contract deployment
([#4431](#4431))
([8bdb921](8bdb921))
</details>

<details><summary>barretenberg: 0.28.0</summary>

##
[0.28.0](barretenberg-v0.27.2...barretenberg-v0.28.0)
(2024-03-14)


### Features

* **avm-simulator:** Euclidean and field div
([#5181](#5181))
([037a38f](037a38f))
* Isolate Plonk dependencies
([#5068](#5068))
([5cbbd7d](5cbbd7d))
* New brillig field operations and refactor of binary operations
([#5208](#5208))
([eb69504](eb69504))
* Parallelize linearly dependent contribution in PG
([#4742](#4742))
([d1799ae](d1799ae))
* Update SMT Circuit class and add gate relaxation functionality
([#5176](#5176))
([5948996](5948996))


### Bug Fixes

* Barretenberg-acir-tests-bb.js thru version bump
([#5216](#5216))
([9298f93](9298f93))
* Intermittent invert 0 in Goblin
([#5189](#5189))
([6c70624](6c70624))
* Remove embedded srs
([#5173](#5173))
([cfd673d](cfd673d))


### Miscellaneous

* Add dependency instructions to bberg README
([#5187](#5187))
([850febc](850febc))
* Moving wit comms and witness and comm labels from instance to oink
([#5199](#5199))
([19eb7f9](19eb7f9))
* Oink
([#5210](#5210))
([321f149](321f149))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants