chore: rework nonces (#1210) (#1331)

# Description The way nonces work now, there can be inconsistencies in nonce assignment in the simulator vs the private kernel. Furthermore, you cannot know during function execution what the full set of commitments will be for the whole TX as some new commitments may be nullified and squashed. But we still want the ability to determine nonces and therefore uniqueNoteHashes from L1 calldata alone. I am sure I am not explaining all of the issues well enough, but it was determined that the current nonce paradigm will not work and therefore we must rework it. Rework nonces so that siloing by contract address happens first and uniqueness comes later. For now, nonces are injeced by the private ordering circuit (vs suggestion which was base rollup circuit). Pending notes and their reads have no nonces when processed in kernel. The public kernel (and therefore all commitments created in public functions) does not use nonces. Here was Mike's proposal for the rework: ![image](https://github.com/AztecProtocol/aztec-packages/assets/47112877/7b20c886-1e92-452c-a886-c3da5ed64e17) Why not just use leaf index as nonce? ![image](https://github.com/AztecProtocol/aztec-packages/assets/47112877/e6337107-ac93-4a3b-b83c-27213cb5133d) ## Followup tasks * AztecProtocol/aztec-packages#1029 * AztecProtocol/aztec-packages#1194 * AztecProtocol/aztec-packages#1329 * AztecProtocol/aztec-packages#1407 * AztecProtocol/aztec-packages#1408 * AztecProtocol/aztec-packages#1409 * AztecProtocol/aztec-packages#1410 * Future enhancement: The root rollup circuit could insert all messages at the very beginning of the root rollup circuit, so that txs within the rollup can refer to that state root and read L1>L2 messages immediately. * AztecProtocol/aztec-packages#1383 * AztecProtocol/aztec-packages#1386 * We should implement subscription / polling methods for Aztec logs * We should maybe write rpc functions which allow calldata to be subscribed-to, keyed by tx_hash. * If a dapp wants to write a note from a public function, a lot of honus will be on a dapp developer to retain preimage information, query the blockchain, and derive the nonce. We should provide some examples to demonstrate this pattern.
AztecProtocol · Aug 3, 2023 · 5bdddca · 5bdddca
1 parent f109839
commit 5bdddca
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/aztec/protocol/trees/trees.mdx b/docs/aztec/protocol/trees/trees.mdx
@@ -51,10 +51,10 @@ note_hash: Field = pedersen::compress(
 
 The Private Kernel circuit will modify this `note_hash` further, before it is inserted into the tree. It will:
 
-- Ensure uniqueness of the commitment, by hashing it with some new nullifier:
-  `unique_note_hash: Field = hash(note_hash, new_nullifier);`
 - Silo the commitment, to prevent cross-contamination of this contract's state variables with other contracts' state variables:
-  `siloed_note_hash: Field = hash(unique_note_hash, contract_address);`
+  `siloed_note_hash: Field = hash(note_hash, contract_address);`
+- Ensure uniqueness of the commitment, by hashing it with a nonce
+  `unique_siloed_note_hash: Field = hash(siloed_note_hash, nonce);`, where `nonce: Field = hash(new_nullifiers[0], index)`, where `index` is the position of the new note hash in all new note hashes.
 
 > Note, all hashes will be appropriately domain-separated.