-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs(yellow-paper): Add pseudocode for verifying broadcasted functions in contract deployment #4431
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just left a few comments. Maybe @LeilaWang would also like to check that these edits satisfy your questions from earlier in the week?
) | ||
``` | ||
|
||
For the artifact hash merkleization and hashing is done using sha256, since it is computed and verified outside of circuits and does not need to be SNARK friendly. Fields are left-padded with zeros to 256 bits before being hashed. Function leaves are sorted in ascending order before being merkleized, according to their function selectors. Note that a tree with dynamic height is built instead of having a tree with a fixed height, since the merkleization is done out of a circuit. | ||
|
||
<!-- TODO: Sure, sha256 is nice, but its output does not fit in a single field. Is it ok to wrap around the field modulus? Should we use sha224 instead? Should we use pedersen (or poseidon) everywhere instead? --> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I think wrapping around the modulus should be ok in this case, because that should still give us collision resistance. But perhaps "Poseidon everywhere" is an easier approach.
Fields are left-padded with zeros to 256 bits before being hashed.
Aside (and irrelevant if we move to Poseidon): this wouldn't be necessary with sha256. sha256 deals with inputs specified in bits, so concatenating 254-bit inputs would work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. I'll still leave a TODO for verifying it with the crypto team, just in case.
As for not padding to 256 bits, that's good to know! Still, I think it's best to pad anyway for consistency: pretty much everywhere we represent fields using 32 bytes.
@@ -124,13 +126,16 @@ In pseudocode: | |||
function register( | |||
artifact_hash: Field, | |||
private_functions_root: Field, | |||
public_bytecode_commitment: Field, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will need to be an encoding of a point, so at least 1 Field + 1 bit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't we use the "all points are represented on one side of the curve" to avoid that extra bit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know 😅 Potentially. We'd need to check with the crypto team, I think.
A follow-up thought that just popped into my mind. The bytecode commitment might be an altBN254 point, rather than a Grumpkin point, so the altBN254 coordinates would be (F_q, F_q) instead of Grumpkin coordinates (F_r, F_r). I believe q > r, so even a single x-coordinate wouldn't fit into an F_r field. (The Field
type in Noir is F_r).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Redefining it to be a Point for now, until we know for sure what shape it'll have
assert computed_artifact_hash == contract_class.artifact_hash | ||
``` | ||
|
||
<!-- TODO: Requiring two sibling paths isn't nice. This is because we are splitting private function information across two trees: one for the protocol, that deals only with selectors and vk hashes, and one for the artifact, which deals with bytecode and metadata. If we are fine adding a `function_stuff_hash` to the function leaf that goes into the protocol tree, we could get rid of the second sibling path, but that introduces stuff into the private function tree that is not strictly needed and requires unnecessary hashing in the kernel. --> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reckon aiming to reduce any in-circuit hashing is the best approach, here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. Moved this to a "discarded approaches" section.
🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.28.0</summary> ## [0.28.0](aztec-package-v0.27.2...aztec-package-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](#5175)) ### Features * Support contracts with no constructor ([#5175](#5175)) ([df7fa32](df7fa32)) </details> <details><summary>barretenberg.js: 0.28.0</summary> ## [0.28.0](barretenberg.js-v0.27.2...barretenberg.js-v0.28.0) (2024-03-14) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-cli: 0.28.0</summary> ## [0.28.0](aztec-cli-v0.27.2...aztec-cli-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](#5175)) ### Features * Support contracts with no constructor ([#5175](#5175)) ([df7fa32](df7fa32)) </details> <details><summary>aztec-packages: 0.28.0</summary> ## [0.28.0](aztec-packages-v0.27.2...aztec-packages-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](#5175)) ### Features * **avm-simulator:** Euclidean and field div ([#5181](#5181)) ([037a38f](037a38f)) * Isolate Plonk dependencies ([#5068](#5068)) ([5cbbd7d](5cbbd7d)) * New brillig field operations and refactor of binary operations ([#5208](#5208)) ([eb69504](eb69504)) * Parallelize linearly dependent contribution in PG ([#4742](#4742)) ([d1799ae](d1799ae)) * Parity circuits ([#5082](#5082)) ([335c46e](335c46e)) * Support contracts with no constructor ([#5175](#5175)) ([df7fa32](df7fa32)) * Track side effects in public ([#5129](#5129)) ([d666f6f](d666f6f)), closes [#5185](#5185) * Update SMT Circuit class and add gate relaxation functionality ([#5176](#5176)) ([5948996](5948996)) ### Bug Fixes * **avm-transpiler:** FDIV and U128 test case ([#5200](#5200)) ([6977e81](6977e81)) * Barretenberg-acir-tests-bb.js thru version bump ([#5216](#5216)) ([9298f93](9298f93)) * Do not release docs on every commit to master ([#5214](#5214)) ([c34a299](c34a299)) * Fail transaction if we revert in setup or teardown ([#5093](#5093)) ([db9a960](db9a960)) * Intermittent invert 0 in Goblin ([#5189](#5189)) ([6c70624](6c70624)) * Point docs links to current tag if available ([#5219](#5219)) ([0e9c7c7](0e9c7c7)) * Remove embedded srs ([#5173](#5173)) ([cfd673d](cfd673d)) * Split setup/teardown functions when there's no public app logic ([#5156](#5156)) ([2ee13b3](2ee13b3)) * Validate EthAddress size in aztec-nr ([#5198](#5198)) ([201c5e1](201c5e1)) ### Miscellaneous * Add dependency instructions to bberg README ([#5187](#5187)) ([850febc](850febc)) * **avm-simulator:** Make sure we support Map storage ([#5207](#5207)) ([08835f9](08835f9)) * **avm-simulator:** Restructure contract storage tests ([#5194](#5194)) ([fcdd1cc](fcdd1cc)) * **docs:** Add details to getting started contract deployment ([#5220](#5220)) ([5c267ae](5c267ae)) * Moving wit comms and witness and comm labels from instance to oink ([#5199](#5199)) ([19eb7f9](19eb7f9)) * Oink ([#5210](#5210)) ([321f149](321f149)) * Pull noir ([#5193](#5193)) ([aa90f6e](aa90f6e)) * Trying to fix intermitent ci failure for boxes ([#5182](#5182)) ([f988cb8](f988cb8)) ### Documentation * **yellow-paper:** Add pseudocode for verifying broadcasted functions in contract deployment ([#4431](#4431)) ([8bdb921](8bdb921)) </details> <details><summary>barretenberg: 0.28.0</summary> ## [0.28.0](barretenberg-v0.27.2...barretenberg-v0.28.0) (2024-03-14) ### Features * **avm-simulator:** Euclidean and field div ([#5181](#5181)) ([037a38f](037a38f)) * Isolate Plonk dependencies ([#5068](#5068)) ([5cbbd7d](5cbbd7d)) * New brillig field operations and refactor of binary operations ([#5208](#5208)) ([eb69504](eb69504)) * Parallelize linearly dependent contribution in PG ([#4742](#4742)) ([d1799ae](d1799ae)) * Update SMT Circuit class and add gate relaxation functionality ([#5176](#5176)) ([5948996](5948996)) ### Bug Fixes * Barretenberg-acir-tests-bb.js thru version bump ([#5216](#5216)) ([9298f93](9298f93)) * Intermittent invert 0 in Goblin ([#5189](#5189)) ([6c70624](6c70624)) * Remove embedded srs ([#5173](#5173)) ([cfd673d](cfd673d)) ### Miscellaneous * Add dependency instructions to bberg README ([#5187](#5187)) ([850febc](850febc)) * Moving wit comms and witness and comm labels from instance to oink ([#5199](#5199)) ([19eb7f9](19eb7f9)) * Oink ([#5210](#5210)) ([321f149](321f149)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.28.0</summary> ## [0.28.0](AztecProtocol/aztec-packages@aztec-package-v0.27.2...aztec-package-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](AztecProtocol/aztec-packages#5175)) ### Features * Support contracts with no constructor ([#5175](AztecProtocol/aztec-packages#5175)) ([df7fa32](AztecProtocol/aztec-packages@df7fa32)) </details> <details><summary>barretenberg.js: 0.28.0</summary> ## [0.28.0](AztecProtocol/aztec-packages@barretenberg.js-v0.27.2...barretenberg.js-v0.28.0) (2024-03-14) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-cli: 0.28.0</summary> ## [0.28.0](AztecProtocol/aztec-packages@aztec-cli-v0.27.2...aztec-cli-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](AztecProtocol/aztec-packages#5175)) ### Features * Support contracts with no constructor ([#5175](AztecProtocol/aztec-packages#5175)) ([df7fa32](AztecProtocol/aztec-packages@df7fa32)) </details> <details><summary>aztec-packages: 0.28.0</summary> ## [0.28.0](AztecProtocol/aztec-packages@aztec-packages-v0.27.2...aztec-packages-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](AztecProtocol/aztec-packages#5175)) ### Features * **avm-simulator:** Euclidean and field div ([#5181](AztecProtocol/aztec-packages#5181)) ([037a38f](AztecProtocol/aztec-packages@037a38f)) * Isolate Plonk dependencies ([#5068](AztecProtocol/aztec-packages#5068)) ([5cbbd7d](AztecProtocol/aztec-packages@5cbbd7d)) * New brillig field operations and refactor of binary operations ([#5208](AztecProtocol/aztec-packages#5208)) ([eb69504](AztecProtocol/aztec-packages@eb69504)) * Parallelize linearly dependent contribution in PG ([#4742](AztecProtocol/aztec-packages#4742)) ([d1799ae](AztecProtocol/aztec-packages@d1799ae)) * Parity circuits ([#5082](AztecProtocol/aztec-packages#5082)) ([335c46e](AztecProtocol/aztec-packages@335c46e)) * Support contracts with no constructor ([#5175](AztecProtocol/aztec-packages#5175)) ([df7fa32](AztecProtocol/aztec-packages@df7fa32)) * Track side effects in public ([#5129](AztecProtocol/aztec-packages#5129)) ([d666f6f](AztecProtocol/aztec-packages@d666f6f)), closes [#5185](AztecProtocol/aztec-packages#5185) * Update SMT Circuit class and add gate relaxation functionality ([#5176](AztecProtocol/aztec-packages#5176)) ([5948996](AztecProtocol/aztec-packages@5948996)) ### Bug Fixes * **avm-transpiler:** FDIV and U128 test case ([#5200](AztecProtocol/aztec-packages#5200)) ([6977e81](AztecProtocol/aztec-packages@6977e81)) * Barretenberg-acir-tests-bb.js thru version bump ([#5216](AztecProtocol/aztec-packages#5216)) ([9298f93](AztecProtocol/aztec-packages@9298f93)) * Do not release docs on every commit to master ([#5214](AztecProtocol/aztec-packages#5214)) ([c34a299](AztecProtocol/aztec-packages@c34a299)) * Fail transaction if we revert in setup or teardown ([#5093](AztecProtocol/aztec-packages#5093)) ([db9a960](AztecProtocol/aztec-packages@db9a960)) * Intermittent invert 0 in Goblin ([#5189](AztecProtocol/aztec-packages#5189)) ([6c70624](AztecProtocol/aztec-packages@6c70624)) * Point docs links to current tag if available ([#5219](AztecProtocol/aztec-packages#5219)) ([0e9c7c7](AztecProtocol/aztec-packages@0e9c7c7)) * Remove embedded srs ([#5173](AztecProtocol/aztec-packages#5173)) ([cfd673d](AztecProtocol/aztec-packages@cfd673d)) * Split setup/teardown functions when there's no public app logic ([#5156](AztecProtocol/aztec-packages#5156)) ([2ee13b3](AztecProtocol/aztec-packages@2ee13b3)) * Validate EthAddress size in aztec-nr ([#5198](AztecProtocol/aztec-packages#5198)) ([201c5e1](AztecProtocol/aztec-packages@201c5e1)) ### Miscellaneous * Add dependency instructions to bberg README ([#5187](AztecProtocol/aztec-packages#5187)) ([850febc](AztecProtocol/aztec-packages@850febc)) * **avm-simulator:** Make sure we support Map storage ([#5207](AztecProtocol/aztec-packages#5207)) ([08835f9](AztecProtocol/aztec-packages@08835f9)) * **avm-simulator:** Restructure contract storage tests ([#5194](AztecProtocol/aztec-packages#5194)) ([fcdd1cc](AztecProtocol/aztec-packages@fcdd1cc)) * **docs:** Add details to getting started contract deployment ([#5220](AztecProtocol/aztec-packages#5220)) ([5c267ae](AztecProtocol/aztec-packages@5c267ae)) * Moving wit comms and witness and comm labels from instance to oink ([#5199](AztecProtocol/aztec-packages#5199)) ([19eb7f9](AztecProtocol/aztec-packages@19eb7f9)) * Oink ([#5210](AztecProtocol/aztec-packages#5210)) ([321f149](AztecProtocol/aztec-packages@321f149)) * Pull noir ([#5193](AztecProtocol/aztec-packages#5193)) ([aa90f6e](AztecProtocol/aztec-packages@aa90f6e)) * Trying to fix intermitent ci failure for boxes ([#5182](AztecProtocol/aztec-packages#5182)) ([f988cb8](AztecProtocol/aztec-packages@f988cb8)) ### Documentation * **yellow-paper:** Add pseudocode for verifying broadcasted functions in contract deployment ([#4431](AztecProtocol/aztec-packages#4431)) ([8bdb921](AztecProtocol/aztec-packages@8bdb921)) </details> <details><summary>barretenberg: 0.28.0</summary> ## [0.28.0](AztecProtocol/aztec-packages@barretenberg-v0.27.2...barretenberg-v0.28.0) (2024-03-14) ### Features * **avm-simulator:** Euclidean and field div ([#5181](AztecProtocol/aztec-packages#5181)) ([037a38f](AztecProtocol/aztec-packages@037a38f)) * Isolate Plonk dependencies ([#5068](AztecProtocol/aztec-packages#5068)) ([5cbbd7d](AztecProtocol/aztec-packages@5cbbd7d)) * New brillig field operations and refactor of binary operations ([#5208](AztecProtocol/aztec-packages#5208)) ([eb69504](AztecProtocol/aztec-packages@eb69504)) * Parallelize linearly dependent contribution in PG ([#4742](AztecProtocol/aztec-packages#4742)) ([d1799ae](AztecProtocol/aztec-packages@d1799ae)) * Update SMT Circuit class and add gate relaxation functionality ([#5176](AztecProtocol/aztec-packages#5176)) ([5948996](AztecProtocol/aztec-packages@5948996)) ### Bug Fixes * Barretenberg-acir-tests-bb.js thru version bump ([#5216](AztecProtocol/aztec-packages#5216)) ([9298f93](AztecProtocol/aztec-packages@9298f93)) * Intermittent invert 0 in Goblin ([#5189](AztecProtocol/aztec-packages#5189)) ([6c70624](AztecProtocol/aztec-packages@6c70624)) * Remove embedded srs ([#5173](AztecProtocol/aztec-packages#5173)) ([cfd673d](AztecProtocol/aztec-packages@cfd673d)) ### Miscellaneous * Add dependency instructions to bberg README ([#5187](AztecProtocol/aztec-packages#5187)) ([850febc](AztecProtocol/aztec-packages@850febc)) * Moving wit comms and witness and comm labels from instance to oink ([#5199](AztecProtocol/aztec-packages#5199)) ([19eb7f9](AztecProtocol/aztec-packages@19eb7f9)) * Oink ([#5210](AztecProtocol/aztec-packages#5210)) ([321f149](AztecProtocol/aztec-packages@321f149)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.28.0</summary> ## [0.28.0](aztec-package-v0.27.2...aztec-package-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](#5175)) ### Features * Support contracts with no constructor ([#5175](#5175)) ([df7fa32](df7fa32)) </details> <details><summary>barretenberg.js: 0.28.0</summary> ## [0.28.0](barretenberg.js-v0.27.2...barretenberg.js-v0.28.0) (2024-03-14) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-cli: 0.28.0</summary> ## [0.28.0](aztec-cli-v0.27.2...aztec-cli-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](#5175)) ### Features * Support contracts with no constructor ([#5175](#5175)) ([df7fa32](df7fa32)) </details> <details><summary>aztec-packages: 0.28.0</summary> ## [0.28.0](aztec-packages-v0.27.2...aztec-packages-v0.28.0) (2024-03-14) ### ⚠ BREAKING CHANGES * Support contracts with no constructor ([#5175](#5175)) ### Features * **avm-simulator:** Euclidean and field div ([#5181](#5181)) ([037a38f](037a38f)) * Isolate Plonk dependencies ([#5068](#5068)) ([5cbbd7d](5cbbd7d)) * New brillig field operations and refactor of binary operations ([#5208](#5208)) ([eb69504](eb69504)) * Parallelize linearly dependent contribution in PG ([#4742](#4742)) ([d1799ae](d1799ae)) * Parity circuits ([#5082](#5082)) ([335c46e](335c46e)) * Support contracts with no constructor ([#5175](#5175)) ([df7fa32](df7fa32)) * Track side effects in public ([#5129](#5129)) ([d666f6f](d666f6f)), closes [#5185](#5185) * Update SMT Circuit class and add gate relaxation functionality ([#5176](#5176)) ([5948996](5948996)) ### Bug Fixes * **avm-transpiler:** FDIV and U128 test case ([#5200](#5200)) ([6977e81](6977e81)) * Barretenberg-acir-tests-bb.js thru version bump ([#5216](#5216)) ([9298f93](9298f93)) * Do not release docs on every commit to master ([#5214](#5214)) ([c34a299](c34a299)) * Fail transaction if we revert in setup or teardown ([#5093](#5093)) ([db9a960](db9a960)) * Intermittent invert 0 in Goblin ([#5189](#5189)) ([6c70624](6c70624)) * Point docs links to current tag if available ([#5219](#5219)) ([0e9c7c7](0e9c7c7)) * Remove embedded srs ([#5173](#5173)) ([cfd673d](cfd673d)) * Split setup/teardown functions when there's no public app logic ([#5156](#5156)) ([2ee13b3](2ee13b3)) * Validate EthAddress size in aztec-nr ([#5198](#5198)) ([201c5e1](201c5e1)) ### Miscellaneous * Add dependency instructions to bberg README ([#5187](#5187)) ([850febc](850febc)) * **avm-simulator:** Make sure we support Map storage ([#5207](#5207)) ([08835f9](08835f9)) * **avm-simulator:** Restructure contract storage tests ([#5194](#5194)) ([fcdd1cc](fcdd1cc)) * **docs:** Add details to getting started contract deployment ([#5220](#5220)) ([5c267ae](5c267ae)) * Moving wit comms and witness and comm labels from instance to oink ([#5199](#5199)) ([19eb7f9](19eb7f9)) * Oink ([#5210](#5210)) ([321f149](321f149)) * Pull noir ([#5193](#5193)) ([aa90f6e](aa90f6e)) * Trying to fix intermitent ci failure for boxes ([#5182](#5182)) ([f988cb8](f988cb8)) ### Documentation * **yellow-paper:** Add pseudocode for verifying broadcasted functions in contract deployment ([#4431](#4431)) ([8bdb921](8bdb921)) </details> <details><summary>barretenberg: 0.28.0</summary> ## [0.28.0](barretenberg-v0.27.2...barretenberg-v0.28.0) (2024-03-14) ### Features * **avm-simulator:** Euclidean and field div ([#5181](#5181)) ([037a38f](037a38f)) * Isolate Plonk dependencies ([#5068](#5068)) ([5cbbd7d](5cbbd7d)) * New brillig field operations and refactor of binary operations ([#5208](#5208)) ([eb69504](eb69504)) * Parallelize linearly dependent contribution in PG ([#4742](#4742)) ([d1799ae](d1799ae)) * Update SMT Circuit class and add gate relaxation functionality ([#5176](#5176)) ([5948996](5948996)) ### Bug Fixes * Barretenberg-acir-tests-bb.js thru version bump ([#5216](#5216)) ([9298f93](9298f93)) * Intermittent invert 0 in Goblin ([#5189](#5189)) ([6c70624](6c70624)) * Remove embedded srs ([#5173](#5173)) ([cfd673d](cfd673d)) ### Miscellaneous * Add dependency instructions to bberg README ([#5187](#5187)) ([850febc](850febc)) * Moving wit comms and witness and comm labels from instance to oink ([#5199](#5199)) ([19eb7f9](19eb7f9)) * Oink ([#5210](#5210)) ([321f149](321f149)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Plus other small fixes and a TODO