feat(avm): Address derivation gadget#12721
Conversation
sirasistant
requested review from
IlyasRidhuan,
Maddiaa0,
fcarreiro and
jeanmon
as code owners
barretenberg/cpp/src/barretenberg/vm2/simulation/concrete_dbs.cpp
Outdated
Show resolved
Hide resolved
barretenberg/cpp/src/barretenberg/vm2/tracegen/address_derivation_trace.cpp
Outdated
Show resolved
Hide resolved
barretenberg/cpp/src/barretenberg/vm2/constraining/relations/address_derivation.test.cpp
Show resolved
Hide resolved
fcarreiro
left a comment
fcarreiro
left a comment
There was a problem hiding this comment.
LG! just some suggestions
| return infinity; | ||
| } | ||
|
|
||
| static StandardAffinePoint& one() |
| FF preaddress = poseidon2::hash({ GENERATOR_INDEX__CONTRACT_ADDRESS_V1, public_keys_hash, partial_address }); | ||
|
|
||
| EmbeddedCurvePoint g1 = EmbeddedCurvePoint::one(); | ||
| EmbeddedCurvePoint preaddress_public_key = g1 * grumpkin::fr(preaddress); |
There was a problem hiding this comment.
is grumpkin::fr what we want o do we better want sth from fields.hpp or the flavorsettinggs?
There was a problem hiding this comment.
Forgot to change this one to fq
| events.emit({ | ||
| .address = address, | ||
| .instance = instance, | ||
| .salted_initialization_hash = salted_initialization_hash, | ||
| .partial_address = partial_address, | ||
| .public_keys_hash = public_keys_hash, | ||
| .preaddress = preaddress, | ||
| .preaddress_public_key = preaddress_public_key, | ||
| .address_point = address_point, |
There was a problem hiding this comment.
do std::move() for anything that is a vector
There was a problem hiding this comment.
Nothing is a vector!
There was a problem hiding this comment.
AztecAddress address;
ContractInstance instance;
FF salted_initialization_hash;
FF partial_address;
FF public_keys_hash;
FF preaddress;
EmbeddedCurvePoint preaddress_public_key;
EmbeddedCurvePoint address_point;
There was a problem hiding this comment.
oh my bad, got confused by the vectors in the body
| @@ -0,0 +1,84 @@ | |||
| #include "barretenberg/vm2/simulation/address_derivation.hpp" | |||
|
|
|||
| #include "gmock/gmock.h" | |||
There was a problem hiding this comment.
nit: use <>, I know vscode sometimes does this
| row++; | ||
| } | ||
| } | ||
| } // namespace bb::avm2::tracegen |
| sel * (partial_address_domain_separator - constants.GENERATOR_INDEX__PARTIAL_ADDRESS) = 0; | ||
|
|
||
| #[SALTED_INITIALIZATION_HASH_POSEIDON2_0] | ||
| sel { partial_address_domain_separator, salt, init_hash, salted_init_hash } |
There was a problem hiding this comment.
IIRC, we do not support a constant nor alias in a lookup tuple?
Because otherwise, we could inline constants.GENERATOR_INDEX__PARTIAL_ADDRESS in the tuple and get rid of
the above relation.
I suggest to write a TODO so that we can simplify once we support constants in lookups.
There was a problem hiding this comment.
I'll write a todo, unfortunately we can't, on lookups we need to use real columns ):
|
|
||
| #[SALTED_INITIALIZATION_HASH_POSEIDON2_1] | ||
| sel { deployer_addr, precomputed.zero, precomputed.zero, salted_init_hash} | ||
| in poseidon2_hash.end { poseidon2_hash.input_0, poseidon2_hash.input_1, poseidon2_hash.input_2, poseidon2_hash.output }; |
There was a problem hiding this comment.
Poseidon2 was changed to propagate the final output on the whole run. It's however still incomplete, I talked with Ilyas about it because we need to lookup also the iteration index. This hash run in poseidon looks like this:
+----------------------------------+---------+-----------+------------------+-------+-----+-----+
| input_0 | input_1 | input_2 | output | start | end | sel |
+----------------------------------+---------+-----------+------------------+-------+-----+-----+
| 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| partial_address_domain_separator | salt | init_hash | salted_init_hash | 1 | 0 | 1 |
| deployer_addr | 0 | 0 | salted_init_hash | 0 | 1 | 1 |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+----------------------------------+---------+-----------+------------------+-------+-----+-----+
In order for it to be safe I need to assert that start is on on the first one and end is on in the second one. However, a malicious prover could still insert more rounds between the two rows, that's why poseidon will need to be improved to include a round_index column, so I can lookup with 0 on start and 1 on end so I can be safe that a malicious prover hasn't inserted more rounds
jeanmon
left a comment
jeanmon
left a comment
There was a problem hiding this comment.
pil file looks good to me. I just skimmed over the rest of the PR.
| sel * (g1_x - 1) = 0; | ||
|
|
||
| pol commit g1_y; | ||
| sel * (g1_y - 17631683881184975370165255887551781615748388533673675138860) = 0; |
There was a problem hiding this comment.
We could define a constant for this monster literal and add a comment about what it is.
| { | ||
| for (auto [poly, full_poly] : zip_view(get_all(), full_polynomials.get_all())) { | ||
| // After the initial sumcheck round, the new size is CEIL(size/2). | ||
| size_t desired_size = full_poly.end_index() / 2 + full_poly.end_index() % 2; |
There was a problem hiding this comment.
If you rebase on latest master and rerun bb_pilcom/bootstrap.sh, this should disappear.
| check_interaction<lookup_public_preaddress_poseidon2>(trace); | ||
| check_interaction<lookup_public_preaddress_scalar_mul>(trace); | ||
| check_interaction<lookup_address_ecadd>(trace); | ||
| } |
There was a problem hiding this comment.
There are no negative tests but not sure what is meaningful to test as it consists mainly in lookups and therefore we would test that lookups are working as expected.
There was a problem hiding this comment.
yes the only relations are trivial constants and lookups
* master: fix: filter for empty attestations when pulling from block (#12740) feat: one-way noir sync (#12592) feat(avm): Address derivation gadget (#12721) chore(ci): add workflow dispatch to masternet (#12739) feat: add default accounts (#12734) feat: gas reports and snapshots (#12724) fix(avm): fix vm1 fake proof size (#12733) feat(bb): extend_edges optimization for zero values past end_index (#12703) fix: remove hard coding of constructor for account manager (#12678) git subrepo push --branch=master noir-projects/aztec-nr git_subrepo.sh: Fix parent in .gitrepo file. [skip ci] chore: replace relative paths to noir-protocol-circuits git subrepo push --branch=master barretenberg fix: verify_honk_proof inputs generation in bootstrap (#12457) fix: Patches to cycle_group and cycle_group fuzzer (#12385)
3 participants
Pure part of address derivation, contract updates will come in a followup PR.