feat: hash contract class logs with poseidon + add preimage to blob

l1-contracts/src/core/RollupCore.sol

@@ -310,18 +310,14 @@ contract RollupCore is
    *
    * @param _args - The arguments to propose the block
    * @param _signatures - Signatures from the validators
-   * // TODO(#9101): The below _body should be removed once we can extract blobs. It's only here so the archiver can extract tx effects.
-   * @param _body - The body of the L2 block
    * @param _blobInput - The blob evaluation KZG proof, challenge, and opening required for the precompile.
    */
   function propose(
     ProposeArgs calldata _args,
     Signature[] memory _signatures,
-    // TODO(#9101): Extract blobs from beacon chain => remove below body input
-    bytes calldata _body,
     bytes calldata _blobInput
   ) external override(IRollupCore) {
-    ExtRollupLib.propose(_args, _signatures, _body, _blobInput, checkBlob);
+    ExtRollupLib.propose(_args, _signatures, _blobInput, checkBlob);
   }
 
   function setupEpoch() public override(IValidatorSelectionCore) {

l1-contracts/src/core/interfaces/IRollup.sol

@@ -127,7 +127,6 @@ interface IRollupCore {
   function propose(
     ProposeArgs calldata _args,
     Signature[] memory _signatures,
-    bytes calldata _body,
     bytes calldata _blobInput
   ) external;
 

l1-contracts/src/core/libraries/ConstantsGen.sol

@@ -173,6 +173,8 @@ library Constants {
   uint256 internal constant TREE_LEAF_READ_REQUEST_LENGTH = 2;
   uint256 internal constant PRIVATE_LOG_DATA_LENGTH = 20;
   uint256 internal constant SCOPED_PRIVATE_LOG_DATA_LENGTH = 21;
+  uint256 internal constant CONTRACT_CLASS_LOG_DATA_SIZE_IN_FIELDS = 3019;
+  uint256 internal constant CONTRACT_CLASS_LOG_SIZE_IN_FIELDS = 3020;
   uint256 internal constant LOG_HASH_LENGTH = 3;
   uint256 internal constant SCOPED_LOG_HASH_LENGTH = 4;
   uint256 internal constant NOTE_HASH_LENGTH = 2;
@@ -203,7 +205,7 @@ library Constants {
   uint256 internal constant SCOPED_READ_REQUEST_LEN = 3;
   uint256 internal constant PUBLIC_DATA_READ_LENGTH = 3;
   uint256 internal constant PRIVATE_VALIDATION_REQUESTS_LENGTH = 772;
-  uint256 internal constant PRIVATE_TO_ROLLUP_ACCUMULATED_DATA_LENGTH = 741;
+  uint256 internal constant PRIVATE_TO_ROLLUP_ACCUMULATED_DATA_LENGTH = 740;
   uint256 internal constant TX_CONSTANT_DATA_LENGTH = 37;
   uint256 internal constant COMBINED_CONSTANT_DATA_LENGTH = 46;
   uint256 internal constant PRIVATE_ACCUMULATED_DATA_LENGTH = 1412;
@@ -212,7 +214,7 @@ library Constants {
   uint256 internal constant PRIVATE_TO_AVM_ACCUMULATED_DATA_LENGTH = 160;
   uint256 internal constant NUM_PRIVATE_TO_AVM_ACCUMULATED_DATA_ARRAYS = 3;
   uint256 internal constant PRIVATE_TO_PUBLIC_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH = 1847;
-  uint256 internal constant PRIVATE_TO_ROLLUP_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH = 783;
+  uint256 internal constant PRIVATE_TO_ROLLUP_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH = 782;
   uint256 internal constant CONSTANT_ROLLUP_DATA_LENGTH = 13;
   uint256 internal constant BASE_OR_MERGE_PUBLIC_INPUTS_LENGTH = 52;
   uint256 internal constant BLOCK_ROOT_OR_BLOCK_MERGE_PUBLIC_INPUTS_LENGTH = 986;
@@ -291,6 +293,7 @@ library Constants {
   uint256 internal constant L2_GAS_PER_L1_TO_L2_MSG_READ_REQUEST = 1404;
   uint256 internal constant L2_GAS_PER_LOG_BYTE = 4;
   uint256 internal constant L2_GAS_PER_PRIVATE_LOG = 0;
+  uint256 internal constant L2_GAS_PER_CONTRACT_CLASS_LOG = 0;
   uint256 internal constant L2_GAS_PER_L2_TO_L1_MSG = 200;
   uint256 internal constant TX_START_PREFIX = 8392562855083340404;
   uint256 internal constant REVERT_CODE_PREFIX = 1;

l1-contracts/src/core/libraries/RollupLibs/ExtRollupLib.sol

@@ -19,12 +19,10 @@ library ExtRollupLib {
   function propose(
     ProposeArgs calldata _args,
     Signature[] memory _signatures,
-    // TODO(#9101): Extract blobs from beacon chain => remove below body input
-    bytes calldata _body,
     bytes calldata _blobInput,
     bool _checkBlob
   ) external {
-    ProposeLib.propose(_args, _signatures, _body, _blobInput, _checkBlob);
+    ProposeLib.propose(_args, _signatures, _blobInput, _checkBlob);
   }
 
   function initializeValidatorSelection(uint256 _targetCommitteeSize) external {

l1-contracts/src/core/libraries/RollupLibs/ProposeLib.sol

@@ -74,8 +74,6 @@ library ProposeLib {
   function propose(
     ProposeArgs calldata _args,
     Signature[] memory _signatures,
-    // TODO(#9101): Extract blobs from beacon chain => remove below body input
-    bytes calldata,
     bytes calldata _blobInput,
     bool _checkBlob
   ) internal {

l1-contracts/test/Rollup.t.sol

@@ -222,7 +222,7 @@ contract RollupTest is RollupBase {
       txHashes: new bytes32[](0)
     });
     vm.expectRevert(abi.encodeWithSelector(Errors.Rollup__InvalidBlobHash.selector, blobHashes[0]));
-    rollup.propose(args, signatures, data.body, data.blobInputs);
+    rollup.propose(args, signatures, data.blobInputs);
   }
 
   function testInvalidBlobProof() public setUpFor("mixed_block_1") {
@@ -250,7 +250,7 @@ contract RollupTest is RollupBase {
       txHashes: new bytes32[](0)
     });
     vm.expectRevert(abi.encodeWithSelector(Errors.Rollup__InvalidBlobProof.selector, blobHashes[0]));
-    rollup.propose(args, signatures, data.body, blobInput);
+    rollup.propose(args, signatures, blobInput);
   }
 
   function testRevertPrune() public setUpFor("mixed_block_1") {
@@ -316,7 +316,7 @@ contract RollupTest is RollupBase {
       oracleInput: OracleInput(0),
       txHashes: txHashes
     });
-    rollup.propose(args, signatures, data.body, data.blobInputs);
+    rollup.propose(args, signatures, data.blobInputs);
   }
 
   function testNonZeroL2Fee() public setUpFor("mixed_block_1") {
@@ -344,7 +344,7 @@ contract RollupTest is RollupBase {
       oracleInput: OracleInput(0),
       txHashes: txHashes
     });
-    rollup.propose(args, signatures, data.body, data.blobInputs);
+    rollup.propose(args, signatures, data.blobInputs);
   }
 
   function testProvingFeeUpdates() public setUpFor("mixed_block_1") {
@@ -419,7 +419,7 @@ contract RollupTest is RollupBase {
         oracleInput: OracleInput(0),
         txHashes: new bytes32[](0)
       });
-      rollup.propose(args, signatures, data.body, data.blobInputs);
+      rollup.propose(args, signatures, data.blobInputs);
       assertEq(
         testERC20.balanceOf(data.decodedHeader.globalVariables.coinbase),
         0,
@@ -695,7 +695,6 @@ contract RollupTest is RollupBase {
     DecoderBase.Data memory data = load("empty_block_1").block;
     bytes memory header = data.header;
     bytes32 archive = data.archive;
-    bytes memory body = data.body;
     bytes32[] memory txHashes = new bytes32[](0);
 
     assembly {
@@ -711,14 +710,13 @@ contract RollupTest is RollupBase {
       oracleInput: OracleInput(0),
       txHashes: txHashes
     });
-    rollup.propose(args, signatures, body, data.blobInputs);
+    rollup.propose(args, signatures, data.blobInputs);
   }
 
   function testRevertInvalidChainId() public setUpFor("empty_block_1") {
     DecoderBase.Data memory data = load("empty_block_1").block;
     bytes memory header = data.header;
     bytes32 archive = data.archive;
-    bytes memory body = data.body;
     bytes32[] memory txHashes = new bytes32[](0);
 
     assembly {
@@ -733,14 +731,13 @@ contract RollupTest is RollupBase {
       oracleInput: OracleInput(0),
       txHashes: txHashes
     });
-    rollup.propose(args, signatures, body, data.blobInputs);
+    rollup.propose(args, signatures, data.blobInputs);
   }
 
   function testRevertInvalidVersion() public setUpFor("empty_block_1") {
     DecoderBase.Data memory data = load("empty_block_1").block;
     bytes memory header = data.header;
     bytes32 archive = data.archive;
-    bytes memory body = data.body;
     bytes32[] memory txHashes = new bytes32[](0);
 
     assembly {
@@ -755,14 +752,13 @@ contract RollupTest is RollupBase {
       oracleInput: OracleInput(0),
       txHashes: txHashes
     });
-    rollup.propose(args, signatures, body, data.blobInputs);
+    rollup.propose(args, signatures, data.blobInputs);
   }
 
   function testRevertInvalidTimestamp() public setUpFor("empty_block_1") {
     DecoderBase.Data memory data = load("empty_block_1").block;
     bytes memory header = data.header;
     bytes32 archive = data.archive;
-    bytes memory body = data.body;
     bytes32[] memory txHashes = new bytes32[](0);
 
     uint256 realTs = data.decodedHeader.globalVariables.timestamp;
@@ -782,7 +778,7 @@ contract RollupTest is RollupBase {
       oracleInput: OracleInput(0),
       txHashes: txHashes
     });
-    rollup.propose(args, signatures, body, new bytes(144));
+    rollup.propose(args, signatures, new bytes(144));
   }
 
   function testSubmitProofNonExistantBlock() public setUpFor("empty_block_1") {

l1-contracts/test/base/RollupBase.sol

@@ -196,7 +196,7 @@ contract RollupBase is DecoderBase {
       oracleInput: OracleInput(0),
       txHashes: new bytes32[](0)
     });
-    rollup.propose(args, signatures, full.block.body, blobInputs);
+    rollup.propose(args, signatures, blobInputs);
 
     bytes32 l2ToL1MessageTreeRoot;
     uint32 numTxs = full.block.numTxs;

l1-contracts/test/fees/FeeRollup.t.sol

@@ -260,7 +260,6 @@ contract FeeRollupTest is FeeModelTestPoints, DecoderBase {
             txHashes: b.txHashes
           }),
           b.signatures,
-          b.body,
           b.blobInputs
         );
         nextSlot = nextSlot + Slot.wrap(1);
@@ -365,7 +364,6 @@ contract FeeRollupTest is FeeModelTestPoints, DecoderBase {
             txHashes: b.txHashes
           }),
           b.signatures,
-          b.body,
           b.blobInputs
         );
 

l1-contracts/test/validator-selection/ValidatorSelection.t.sol

@@ -315,14 +315,14 @@ contract ValidatorSelectionTest is DecoderBase {
 
       emit log("Time to propose");
       vm.prank(ree.proposer);
-      rollup.propose(args, signatures, full.block.body, full.block.blobInputs);
+      rollup.propose(args, signatures, full.block.blobInputs);
 
       if (ree.shouldRevert) {
         return;
       }
     } else {
       Signature[] memory signatures = new Signature[](0);
-      rollup.propose(args, signatures, full.block.body, full.block.blobInputs);
+      rollup.propose(args, signatures, full.block.blobInputs);
     }
 
     assertEq(_expectRevert, ree.shouldRevert, "Does not match revert expectation");

noir-projects/aztec-nr/aztec/src/oracle/logs.nr

@@ -1,12 +1,11 @@
 use dep::protocol_types::address::AztecAddress;
 
-/// Temporary substitute that is used for handling contract class registration. This
-/// variant returns the log hash, which would be too large to compute inside a circuit.
+/// The below only exists to broadcast the raw log, so we can provide it to the base rollup later to be constrained.
 pub unconstrained fn emit_contract_class_unencrypted_log_private<let N: u32>(
     contract_address: AztecAddress,
     message: [Field; N],
     counter: u32,
-) -> Field {
+) {
     emit_contract_class_unencrypted_log_private_oracle(contract_address, message, counter)
 }
 
@@ -15,4 +14,4 @@ unconstrained fn emit_contract_class_unencrypted_log_private_oracle<let N: u32>(
     contract_address: AztecAddress,
     message: [Field; N],
     counter: u32,
-) -> Field {}
+) {}

noir-projects/noir-contracts/contracts/contract_class_registerer_contract/src/main.nr

@@ -7,12 +7,15 @@ pub contract ContractClassRegisterer {
     use dep::aztec::protocol_types::{
         abis::log_hash::LogHash,
         constants::{
-            ARTIFACT_FUNCTION_TREE_MAX_HEIGHT, FUNCTION_TREE_HEIGHT,
-            MAX_PACKED_BYTECODE_SIZE_PER_PRIVATE_FUNCTION_IN_FIELDS,
+            ARTIFACT_FUNCTION_TREE_MAX_HEIGHT, CONTRACT_CLASS_LOG_DATA_SIZE_IN_FIELDS,
+            FUNCTION_TREE_HEIGHT, MAX_PACKED_BYTECODE_SIZE_PER_PRIVATE_FUNCTION_IN_FIELDS,
             MAX_PACKED_BYTECODE_SIZE_PER_UNCONSTRAINED_FUNCTION_IN_FIELDS,
             MAX_PACKED_PUBLIC_BYTECODE_SIZE_IN_FIELDS, REGISTERER_CONTRACT_BYTECODE_CAPSULE_SLOT,
         },
         contract_class_id::ContractClassId,
+        hash::poseidon2_hash_subarray_variable,
+        traits::is_empty,
+        utils::arrays::{array_concat, find_index_hint_from_end},
     };
 
     use dep::aztec::{
@@ -217,13 +220,19 @@ pub contract ContractClassRegisterer {
         // cannot prove non-registration. Therefore, it is possible that a malicious oracle might prevent sequencers
         // from including transactions with calls to certain badly-broadcasted contracts.
         // TODO(#8978): review correctness
-        let log_hash =
-            unsafe { emit_contract_class_unencrypted_log_private(contract_address, log, counter) };
+        let log_to_emit: [Field; CONTRACT_CLASS_LOG_DATA_SIZE_IN_FIELDS] =
+            array_concat(log, [0; CONTRACT_CLASS_LOG_DATA_SIZE_IN_FIELDS - N]);
+        // Safety: The below length is constrained in the base rollup.
+        let index = unsafe { find_index_hint_from_end(log_to_emit, |elem| !is_empty(elem)) };
+        let length = if index == N { 0 } else { index + 1 };
+        // TODO: We will eventually remove this hash.
+        let log_hash = poseidon2_hash_subarray_variable(log_to_emit, length);
+        // Safety: the below only exists to broadcast the raw log, so we can provide it to the base rollup later to be constrained.
+        unsafe {
+            emit_contract_class_unencrypted_log_private(contract_address, log_to_emit, counter);
+        }
 
-        // 40 = addr (32) + raw log len (4) + processed log len (4)
-        context.contract_class_logs_hashes.push(
-            LogHash { value: log_hash, counter, length: 40 + (N as Field) * 32 },
-        );
+        context.contract_class_logs_hashes.push(LogHash { value: log_hash, counter, length });
     }
 
     #[private]

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/components/tail_output_composer.nr

@@ -56,10 +56,6 @@ impl TailOutputComposer {
         data.contract_class_logs_hashes = source.contract_class_logs_hashes.storage().map(
             |l: ScopedLogHash| l.expose_to_public(),
         );
-        data.contract_class_log_preimages_length = source.contract_class_logs_hashes.storage().fold(
-            0,
-            |len, l: ScopedLogHash| len + l.log_hash.length,
-        );
         data
     }
 }

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/components/tail_output_composer/meter_gas_used.nr

@@ -1,10 +1,10 @@
 use dep::types::{
     abis::{
         accumulated_data::private_to_rollup_accumulated_data::PrivateToRollupAccumulatedData,
-        gas::Gas,
+        gas::Gas, log_hash::ScopedLogHash,
     },
     constants::{
-        DA_BYTES_PER_FIELD, DA_GAS_PER_BYTE, L2_GAS_PER_L2_TO_L1_MSG, L2_GAS_PER_LOG_BYTE,
+        DA_BYTES_PER_FIELD, DA_GAS_PER_BYTE, L2_GAS_PER_CONTRACT_CLASS_LOG, L2_GAS_PER_L2_TO_L1_MSG,
         L2_GAS_PER_NOTE_HASH, L2_GAS_PER_NULLIFIER, L2_GAS_PER_PRIVATE_LOG,
         PRIVATE_LOG_SIZE_IN_FIELDS,
     },
@@ -31,9 +31,16 @@ pub fn meter_gas_used(data: PrivateToRollupAccumulatedData) -> Gas {
     metered_da_fields += num_private_logs * PRIVATE_LOG_SIZE_IN_FIELDS;
     metered_l2_gas += num_private_logs * L2_GAS_PER_PRIVATE_LOG;
 
+    let num_contract_class_logs = array_length(data.contract_class_logs_hashes);
+    let contract_class_log_emitted_fields = data.contract_class_logs_hashes.fold(
+        0,
+        // NOTE: log_size is constrained to be correct in the base rollup
+        |len, l: ScopedLogHash| len + l.log_hash.length,
+    );
+    metered_da_fields += contract_class_log_emitted_fields;
+    metered_l2_gas += num_contract_class_logs * L2_GAS_PER_CONTRACT_CLASS_LOG;
+
     let mut metered_da_bytes = metered_da_fields * DA_BYTES_PER_FIELD;
-    metered_da_bytes += data.contract_class_log_preimages_length as u32;
-    metered_l2_gas += data.contract_class_log_preimages_length as u32 * L2_GAS_PER_LOG_BYTE;
 
     Gas::new(metered_da_bytes * DA_GAS_PER_BYTE, metered_l2_gas) + Gas::tx_overhead()
 }

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/components/tail_to_public_output_composer/meter_gas_used.nr

@@ -4,9 +4,9 @@ use dep::types::{
         public_call_request::PublicCallRequest,
     },
     constants::{
-        DA_BYTES_PER_FIELD, DA_GAS_PER_BYTE, FIXED_AVM_STARTUP_L2_GAS, L2_GAS_PER_L2_TO_L1_MSG,
-        L2_GAS_PER_LOG_BYTE, L2_GAS_PER_NOTE_HASH, L2_GAS_PER_NULLIFIER, L2_GAS_PER_PRIVATE_LOG,
-        PRIVATE_LOG_SIZE_IN_FIELDS,
+        DA_BYTES_PER_FIELD, DA_GAS_PER_BYTE, FIXED_AVM_STARTUP_L2_GAS,
+        L2_GAS_PER_CONTRACT_CLASS_LOG, L2_GAS_PER_L2_TO_L1_MSG, L2_GAS_PER_NOTE_HASH,
+        L2_GAS_PER_NULLIFIER, L2_GAS_PER_PRIVATE_LOG, PRIVATE_LOG_SIZE_IN_FIELDS,
     },
     traits::{Empty, is_empty},
     utils::arrays::array_length,
@@ -32,11 +32,16 @@ fn meter_accumulated_data_gas_used(data: PrivateToPublicAccumulatedData) -> Gas
     metered_da_fields += num_private_logs * PRIVATE_LOG_SIZE_IN_FIELDS;
     metered_l2_gas += num_private_logs * L2_GAS_PER_PRIVATE_LOG;
 
+    let num_contract_class_logs = array_length(data.contract_class_logs_hashes);
+    let contract_class_log_emitted_fields = data.contract_class_logs_hashes.fold(
+        0,
+        // NOTE: log_size is constrained to be correct in the base rollup
+        |len, l: ScopedLogHash| len + l.log_hash.length,
+    );
+    metered_da_fields += contract_class_log_emitted_fields;
+    metered_l2_gas += num_contract_class_logs * L2_GAS_PER_CONTRACT_CLASS_LOG;
+
     let mut metered_da_bytes = metered_da_fields * DA_BYTES_PER_FIELD;
-    let contract_class_log_preimages_length =
-        data.contract_class_logs_hashes.fold(0, |len, l: ScopedLogHash| len + l.log_hash.length);
-    metered_da_bytes += contract_class_log_preimages_length as u32;
-    metered_l2_gas += contract_class_log_preimages_length as u32 * L2_GAS_PER_LOG_BYTE;
 
     metered_l2_gas += array_length(data.public_call_requests) * FIXED_AVM_STARTUP_L2_GAS;