This repository was archived by the owner on Apr 18, 2025. It is now read-only.
Update | Fix | Refactor | Unit Tests#1167
Merged
Merged
Conversation
roynalnaruto
changed the title
roynalnaruto
changed the title
kunxian-xia
approved these changes
Mar 25, 2024
There was a problem hiding this comment.
We want to merge this pr before all comments are fixed because we want to run integration test ASAP. @roynalnaruto
| .collect::<Vec<_>>() | ||
| .try_into() | ||
| .expect("we have MAX_AGG_SNARKS chunks"); | ||
| assert!(chunk_sizes.iter().sum::<u32>() < N_BLOB_BYTES as u32); |
There was a problem hiding this comment.
should we require chunk_sizes.iter().sum() to less than N_ROWS_DATA?
| // - withdraw_root 32 bytes | ||
| // - chunk_data_hash 32 bytes | ||
| // - chunk_tx_data_hash 32 bytes | ||
| // - chunk_data_digest 32 bytes |
There was a problem hiding this comment.
this renaming may cause confussion as hash / digest are often used in interchangeably.
| let cond = is_data * is_boundary; | ||
| // lookup metadata and chunk data digests in keccak table. | ||
| meta.lookup_any( | ||
| "BlobDataConfig (chunk data digests in keccak table)", |
There was a problem hiding this comment.
We also do lookup into keccak table for last metadata row. Shall we add it in the lookup's name?
Comment on lines
+228
to
+233
| // lookup chunk data digests in the "digest rlc section" of BlobDataConfig. | ||
| meta.lookup_any( | ||
| "BlobDataConfig (chunk data digests in BlobDataConfig \"hash section\")", | ||
| |meta| { | ||
| let is_data = meta.query_selector(config.data_selector); | ||
| let is_boundary = meta.query_advice(config.is_boundary, Rotation::cur()); |
There was a problem hiding this comment.
Do we have mechanism to prevent malicious prover from skipping valid and non-empty chunk? For example, if non-empty chunk i is skipped in "data section", then the i-th digest_rlc row in hash section does not necessarily be correct.
lispc
added a commit
that referenced
this pull request
Apr 9, 2024
* chore: dependencies * Rebase code to main dev branch * Rebase code to main dev branch * Remove signed len * basic constraints * Add accumulation constraints * Add chunk bytes to keccak and pow of rand to tx circuit config * Remove debug flags * clippy * Correct keccak lookup * Add pow of rand lookup * remove pow of rand from lookup config * Change unusable rows * remove debug flags * fmt * correct export for pi circuit * fmt * patch halo2curves to branch that supports bls12_381 * Add roots of unity * add barycentric evaluation constraints and assignments * Call assign in circuit synthesis * cleanup * replace local patches with github * Correct column type * Add l1msg and padding tx len, hash acc conditions * Define init condition for len, hash acc * Remove access list and calldata constraints * Correct keccak lookup rotation * Use fixed row to isolate last row of fixed section * Remove hash consistency gate * chunk/batch definition updates * add txbytes to the keccak preimages * blob data is actually the correct preimage for chalenge point * remove unused feature flag from patch * implement Sum for ScalarFieldElement * use sum * use same range config between barycentric config and base field config * cleanup * fix build * connect barycentric centric to aggregation circuit * Correct test 1559 parsing * Recover constraints * Remove debug flags * fmt * Remove debug flag * Add forgotten file * updated definition of random point * enable equality * Adjust equality-enabled columns * Adjust tx circuit output * Adjust equality-enabled columns * Correct tx circuit hash output * Change chunk data hash definition * wip * Use same roots of unity as 4844 spec * constraints for rows at fixed offsets * digest bytes section * minor edit * fix: rows in data section * cleanup * Add more blob tests * Use successors to calculate power of z * Add chunk bytes in PI * Adjust sectional offsets * Change sectional note * add chunk txbytes assignment * Correct assignments * export assigned bytes from blob data * minor * also export chunk data digest * assign2 wip * Add chunk txbytes hash to pi hash * Correct hash component * Correct data bytes assignment (padding) * Correct chunk txbytes padding assignments * Correct boundary idx counting * Add chunk txbytes to keccak inputs * Correct coinbase and difficulty * fmt * Add BarycentricEvaluationAssignments and make inputs to barycentric eval circuit accessible * assign2 does some checks * equate exports of barycentric to exports of blob data config * also return the challenge (after modulus) * Control test suite * fix challenge equality and export challenge/evaluation LE bytes * Adjust debugging suite * Constraint differential * Constraint differential * Constraint differential * Correct column type' * Constraint differential * Correct assignment spacing * Recover constraint * Test Differential * Remove debug flags * Constraint differential * Add debug flags * Correct idx increments * update batch_pi_hash preimage to be blob-compatible * fix preimages' len * Adjust debug flags * Add debug flags * Add debug flags * Adjust debug flags * fix batch_pi_hash input_len * add equality between chunk_data_digests and chunk_pi_hash's preimage * fix: return assigned values instead of witness cells for challenge/evaluation * Add new hash preimages * Add borrow * Adjust imports * Remove debug flags * fmt * Constraint depth consistency in longlist decoding * Revert "Constraint depth consistency in longlist decoding" This reverts commit f977a8c. * Recover variadic test * enable z and y equality check * apply comments * Correct mock data * clippy * Add comments * fmt * Remove copy constraint for misallighment * Change copy constraints to lookups * Remove debug flags * Remove unnecessary return * fmt * fmt * Correct documentation * fmt * Feat/4844 Add Missing Chunk Parts (#1154) * Add missing chunk level changes * fmt * fix * Fix: assign z_digest using load_u256 method (#1155) * use load_u256 to assign challenge in barycentric * separate blob related assignments from snark aggregate and fix clippy errors * fix * fix: blob_field only has 31 cells * Fix bugs in integration test (#1160) * split blob data region into two separate regions * fix * load tables for BlobDataConfig * fix wrong rlc in blob data rows * fix challenge z lookup * keccak lookup for metadata row and minor fixes (#1162) * fmt * fix challenge z * rlc keccak vs evm (#1163) * put barycentric eval and snark aggregation in same region * fix copy constraints (limb construction and endianness) (#1164) * fix copy constraints (limb construction and endianness) * fix typo --------- Co-authored-by: Mason Liang <mason@scroll.io> * cleanup --------- Co-authored-by: Rohit Narurkar <rohit.narurkar@proton.me> Co-authored-by: Mason Liang <mason@scroll.io> * put reth-primitives at dev-dependency (#1166) * bump c-kzg from 0.4.2 to 1.0.0 * Update v2.0.7-patch-tungstenite for ethers utility * Resolve new cargo * Update | Fix | Refactor | Unit Tests (#1167) * a fix (first row accumulator) and remove inconsistencies * Add negative tests * update, fix, test * soundness: if chunk is padded, size == 0 * more refactoring and docs --------- Co-authored-by: Mason Liang <mason@scroll.io> * clean deps * clean deps: revm * remove reth dep * revert COINBASE changes * refactor: changes based on review of PR#1167 (#1172) * big arrays replaced by vec and passed by ref (#1178) * Check that chunk_idx increases on boundaries (#1173) * check that chunk_idx increases by at least 1 on boundaries * Add range check for chunk_idx --------- Co-authored-by: Mason Liang <mason@scroll.io> Co-authored-by: Rohit Narurkar <rohit.narurkar@proton.me> * hash selector should only exist for digest rlc section | minor refactor (#1174) * Refactor and Optimise (#1179) * make use of fixed columns wherever possible * add column for boundary_count to remove summation over all rows * remove "-" to avoid confusion * pick fixes for testing... * Fix copy duplicated comments (#1183) Co-authored-by: Mason Liang <mason@scroll.io> Co-authored-by: Rohit Narurkar <rohit.narurkar@proton.me> * tmp * Feat/Blob 4844 Chunk-level Patch (#1180) * Correct pow_of_rand assignment in evm_circuit * Correct typo * Add rpi_length_acc consistency for chunk_txbytes section for padding rows * pow_limit is set to max l2 tx bytes in a blob for pow_of_rand table --------- Co-authored-by: kunxian xia <xiakunxian130@gmail.com> * Feat/Blob 4844 Chunk-level TxCircuit CCC (#1188) * Rewrite tx circuit ccc interface * Use capacity fraction for tx circuit ccc interface * Correct typo * fmt * better chunk proof marsha; l * chunk-prover: check proof after generated * log vk commit * improve prover verification * Refactor | Clippy (#1187) * no need for optional max exponent * reduce number of rows for tests * fix * scroll+test feature has bigger tx * more clippy fix * fix q_step_first in evm circuit * Feat/Blob 4844 PICircuit Chunk TxBytes Condense (#1189) * Move chunk_txbytes_hash_rlc column into tx table * Condense pi circuit * Remove import * Correct pow of rand lookup condition * fmt * Add new rotation count to tx circuit unusable rows * Turn on equality for column --------- Co-authored-by: Rohit Narurkar <rohit.narurkar@proton.me> * fix rand table * better log * fix halo2 vk * add more logs for batch info * export BatchHash for testing purpose * add blob_assignments method * [FIX] big-endianness for blob poly from bytes (#1191) * big-endianness for blob poly from bytes * formatting (prepend 0) * Add missing PI bytes component (#1192) * Add more tests for BlobData struct (#1194) * Uncomment tests and add coefficient endianness test * Remove unneeded std::iter::empty calls * import once and repeat * Move point precompile tests to barycentric file * clippy --------- Co-authored-by: Mason Liang <mason@scroll.io> * Rename N_BYTES_31 and N_BYTES_32 (#1193) * Give constants more descriptive names and comments * rephrase comment --------- Co-authored-by: Mason Liang <mason@scroll.io> Co-authored-by: Rohit Narurkar <rohit.narurkar@proton.me> * Fix/Remove Individual L2 TxHash from Keccak (#1197) * Remove individual L2 tx hash from keccak * Recheck l1 hash * Constrain l2 tx hash 0 * include selectors from blob data config (#1200) * Add feature `strict-ccc` for precheck panic. (#1003) * include selectors from blob data config (#1200) * optimize follower ccc * fix ccc post processing * disable default mode ci * fix k256 sig verify: normalize sig * lint --------- Co-authored-by: Rohit Narurkar <rohit.narurkar@proton.me> Co-authored-by: darth-cy <qg2153@columbia.edu> Co-authored-by: Mason Liang <mason@scroll.io> Co-authored-by: kunxian xia <xiakunxian130@gmail.com> Co-authored-by: Zhang Zhuo <mycinbrin@gmail.com> Co-authored-by: z2trillion <dawnofthedinosaurs@gmail.com> Co-authored-by: Steven <asongala@163.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Major Updates
number_valid_snarks(ornum_valid_chunks) instead ofnum_nonempty_chunks(which was kind of useless given that we already know the sizes of every chunk). This is currently used as a placeholder as there is no real use for this. We add an equality constraint between thisnum_valid_chunksand thenum_valid_snarksexported by the conditional constraints incore.rschunks_are_paddingfrom conditional constraints incore.rsto do the below listedchunk_data_digestfor a padded chunk (i.e. not real snark) will be thechunk_data_digestof the last valid chunk, instead of usingkeccak256([]). This brings more consistency between how the Aggregation Circuit expects a padded chunk's snark to just be a copy of the last valid chunk's snark.chunk_data_digestiskeccak256([])accumulator==0. In the case that at least one non-empty chunk exists, the first row of "chunk data" section is not a padding row, and theaccumulator==1.Refactoring
blob.rsandbatch.rsBlobstruct and exclusively useBlobData. ImplementFrom<T>for variousTthat aBlobDatacan be constructed fromTests
cargo test --release --lib test_aggregation_circuitcargo test --release --lib blob_circuit_completenessPending Tasks:
chunk_idxfor the first non-empty chunk is15. But the range table used inBlobDataConfigis initialised as:RangeTable<MAX_AGG_SNARKS>hence the maximum value in the range table is14. So we encounter a lookup failure0, which allows an attacker to setchunk_idx' == chunk_idxat a chunk boundary, thereby never increasing the chunk idx at this row. This is an issue. We want to constrain:0from this range table (changeRangeTable<MAX>toRangeTable<EXCLUDE_ZERO, MAX>), but this won't work as on the rows where the lookup condition is not met,0wouldn't lie in the range table.Another solution is to simply use
RangeTable<{ MAX_AGG_SNARKS + 1 }>and add an additional constraint that onis_boundary, we do not allowchunk_idx' == chunk_idx.