All notable changes to this project are documented in this file.
The format is based on Keep a Changelog. This project adheres to Semantic Versioning.
- Added
VerificationKey.dummy()
method to get the dummy value of a verification key o1-labs#1852 @rpanic
- Make
Proof
a normal provable type, that can be witnessed and composed into Structs o1-labs#1847, o1-labs#1851- ZkProgram and SmartContract now also support private inputs that are not proofs themselves, but contain proofs nested within a Struct or array
- Only
SelfProof
can still not be nested because it needs special treatment
1.8.0 - 2024-09-18
- Added
verifyEthers
method to verify Ethereum signatures using the EIP-191 message hashing standard. o1-labs#1815- Added
fromEthers
method for parsing and converting Ethereum public keys intoForeignCurve
points, supporting both compressed and uncompressed formats. - Added
fromHex
method for converting hexadecimal strings intoForeignCurve
points.
- Added
- Fix incorrect behavior of optional proving for zkPrograms where
myProgram.setProofsEnabled(false)
wouldn't work when called beforemyProgram.compile()
. o1-labs#1827 - Fix incorrect behavior of
state.fetch()
for custom token contracts. @rpanic o1-labs#1853
1.7.0 - 2024-09-04
- Added
Encryption.encryptV2()
andEncryption.decryptV2()
for an updated encryption algorithm that guarantees cipher text integrity.- Also added
Encryption.encryptBytes()
andEncryption.decryptBytes()
using the same algorithm.
- Also added
- New option
proofsEnabled
forzkProgram
(default value:true
), to quickly test circuit logic with proofs disabled o1-labs#1805- Additionally added
MyProgram.proofsEnabled
to get the internal value ofproofsEnabled
andMyProgram.setProofsEnabled(proofsEnabled)
to set the value dynamically.
- Additionally added
this.sender.getAndRequireSignature()
/getUnconstrained()
deprecated in favor ofV2
versions due to a vulnerability o1-labs#1799
- Fix behavior of
Int64.modV2()
when the input is negative and the remainder should be 0 o1-labs#1797
1.6.0 - 2024-07-23
SmartContract.emitEventIf()
to conditionally emit an event o1-labs#1746- Added
Encryption.encryptV2()
andEncryption.decryptV2()
for an updated encryption algorithm that guarantees cipher text integrity.- Also added
Encryption.encryptBytes()
andEncryption.decryptBytes()
using the same algorithm.
- Also added
- Reduced maximum bit length for
xor
,not
, andand
, operations from 254 to 240 bits to prevent overflow vulnerabilities. o1-labs#1745 - Allow using
Type
instead ofType.provable
in APIs that expect a provable type o1-labs#1751- Example:
Provable.witness(Bytes32, () => bytes)
- Example:
- Automatically wrap and unwrap
Unconstrained
infromValue
andtoValue
, so that we don't need to deal with "unconstrained" values outside provable code o1-labs#1751
1.5.0 - 2024-07-09
- Fixed a vulnerability in
OffchainState
where it didn't store theIndexedMerkleTree
length onchain and left it unconstrained o1-labs#1676
- A warning about the current reducer API limitations, as well as a mention of active work to mitigate them was added to doc comments and examples o1-labs#1728
ForeignField
-based representation of scalars viaScalarField
o1-labs#1705- Introduced new V2 methods for nullifier operations:
isUnusedV2()
,assertUnusedV2()
, andsetUsedV2()
o1-labs#1715 Int64.create()
method for safe instance creation with canonical zero representation o1-labs#1735- New V2 methods for
Int64
operations:fromObjectV2
,divV2()
o1-labs#1735 Experimental.BatchReducer
to reduce actions in batches o1-labs#1676- Avoids the account update limit
- Handles arbitrary numbers of pending actions thanks to recursive validation of the next batch
- Add conditional versions of all preconditions:
.requireEqualsIf()
o1-labs#1676 AccountUpdate.createIf()
to conditionally add an account update to the current transaction o1-labs#1676IndexedMerkleMap.setIf()
to set a key-value pair conditionally o1-labs#1676Provable.assertEqualIf()
to conditionally assert that two values are equal o1-labs#1676- Add
offchainState.setContractClass()
which enables us to declare the connected contract at the top level, without creating a contract instance o1-labs#1676- This is enough to call
offchainState.compile()
- This is enough to call
- More low-level methods to interact with
MerkleList
o1-labs#1676popIfUnsafe()
,toArrayUnconstrained()
andlengthUnconstrained()
- Improve error message when o1js global state is accessed in an invalid way o1-labs#1676
- Start developing an internal framework for local zkapp testing o1-labs#1676
- Internally upgrade o1js to TypeScript 5.4 o1-labs#1676
- Deprecated
Nullifier.isUnused()
,Nullifier.assertUnused()
, andNullifier.setUsed()
methods o1-labs#1715 createEcdsa
,createForeignCurve
,ForeignCurve
andEcdsaSignature
deprecated in favor ofV2
versions due to a security vulnerability found in the current implementation o1-labs#1703Int64
constructor, recommendingInt64.create()
instead o1-labs#1735- Original
div()
andfromObject
, methods in favor of V2 versions o1-labs#1735 - Deprecate
AccountUpdate.defaultAccountUpdate()
in favor ofAccountUpdate.default()
o1-labs#1676
- Fix reversed order of account updates when using
TokenContract.approveAccountUpdates()
o1-labs#1722 - Fixed the static
check()
method in Struct classes to properly handle inheritance, preventing issues with under-constrained circuits. Added error handling to avoid using Struct directly as a field type. o1-labs#1707 - Fixed that
Option
could not be used as@state
or event o1-labs#1736
1.4.0 - 2024-06-25
- SHA256 low-level API exposed via
Gadgets.SHA256
. o1-labs#1689 @Shigoto-dev19 - Added the option to specify custom feature flags for sided loaded proofs in the
DynamicProof
class. o1-labs#1688- Feature flags are required to tell Pickles what proof structure it should expect when side loading dynamic proofs and verification keys.
FeatureFlags
is now exported and provides a set of helper functions to compute feature flags correctly.
MerkleMap.computeRootAndKey()
deprecated in favor ofMerkleMap.computeRootAndKeyV2()
due to a potential issue of computing hash collisions in key indicies o1-labs#1694
1.3.1 - 2024-06-11
- Improve efficiency of
Experimental.OffchainState
implementation o1-labs#1672- Comes with breaking changes to the internal circuits of
OffchainState
- Also, introduce
offchainState.commitments()
to initialize the state commitments onchain. UsingOffchainStateCommitments.empty()
no longer works.
- Comes with breaking changes to the internal circuits of
Experimental.IndexedMerkleMap
, a better primitive for Merkleized storage o1-labs#1666 o1-labs#1671- Uses 4-8x fewer constraints than
MerkleMap
- In contrast to
MerkleTree
andMerkleMap
,IndexedMerkleMap
has a high-level API that can be used in provable code
- Uses 4-8x fewer constraints than
- Added
Ecdsa.verifyV2()
andEcdsa.verifySignedHashV2
methods to theEcdsa
class. o1-labs#1669
Int64.isPositive()
andInt64.mod()
deprecated because they behave incorrectly on-0
o1-labs#1660- This can pose an attack surface, since it is easy to maliciously pick either the
+0
or the-0
representation - Use
Int64.isPositiveV2()
andInt64.modV2()
instead - Also deprecated
Int64.neg()
in favor ofInt64.negV2()
, for compatibility with v2 version ofInt64
that will useInt64.checkV2()
- This can pose an attack surface, since it is easy to maliciously pick either the
Ecdsa.verify()
andEcdsa.verifySignedHash()
deprecated in favor ofEcdsa.verifyV2()
andEcdsa.verifySignedHashV2()
due to a security vulnerability found in the current implementation o1-labs#1669
- Fix handling of fetch response for non-existing accounts o1-labs#1679
1.3.0 - 2024-05-23
- Added
base64Encode()
andbase64Decode(byteLength)
methods to theBytes
class. o1-labs#1659
- Fix type inference for
method.returns(Type)
, to require a matching return signature o1-labs#1653 - Fix
Struct.empty()
returning a garbage object when one of the base types doesn't supportempty()
o1-labs#1657 - Fix
Option.value_exn None
error when using certain custom gates in combination with recursion o1-labs#1336 MinaProtocol/mina#15588
1.2.0 - 2024-05-14
- Offchain state MVP exported under
Experimental.OffchainState
o1-labs#1630 o1-labs#1652- allows you to store any number of fields and key-value maps on your zkApp
- implemented using actions which define an offchain Merkle tree
Option
for defining an optional version of any provable type o1-labs#1630MerkleTree.clone()
andMerkleTree.getLeaf()
, new convenience methods for merkle trees o1-labs#1630MerkleList.forEach()
, a simple and safe way for iterating over aMerkleList
Unconstrained.provableWithEmpty()
to create an unconstrained provable type with a knownempty()
value o1-labs#1630Permissions.VerificationKey
, a namespace for verification key permissions o1-labs#1639- Includes more accurate names for the
impossible
andproof
permissions for verification keys, which are now calledimpossibleDuringCurrentVersion
andproofDuringCurrentVersion
respectively.
- Includes more accurate names for the
State()
now optionally accepts an initial value as input parameter o1-labs#1630- Example:
@state(Field) x = State(Field(1));
- Initial values will be set in the default
init()
method - You no longer need a custom
init()
method to set initial values
- Example:
- Fix absolute imports which prevented compilation in some TS projects that used o1js o1-labs#1628
1.1.0 - 2024-04-30
- Exposed sideloaded verification keys o1-labs#1606 @rpanic
- Added Proof type
DynamicProof
that allows verification through specifying a verification key in-circuit
- Added Proof type
Provable.witnessFields()
to easily witness a tuple of field elements o1-labs#1229- Example for implementing RSA verification in o1js o1-labs#1229 @Shigoto-dev19
- Check out https://github.com/o1-labs/o1js/blob/main/src/examples/crypto/rsa/rsa.ts and tests in the same folder
Gadgets.rangeCheck64()
now returns individual range-checked limbs for advanced use cases o1-labs#1229
- Fixed issue in
UInt64.rightShift()
where it incorrectly performed a left shift instead of a right shift. o1-labs#1617 - Fixed issue in
ForeignField.toBits()
where high limbs were under-constrained for input length less than 176. o1-labs#1617 - Make
dummyBase64Proof()
lazy. Significant speed up when generating many account updates with authorizationProof
while proofs turned off. o1-labs#1624
1.0.1 - 2024-04-22
- Native curve improvements o1-labs#1530
- Change the internal representation of
Scalar
from 255 Bools to 1 Bool and 1 Field (low bit and high 254 bits) - Make
Group.scale()
support all scalars (previously did not support 0, 1 and -1) - Make
Group.scale()
directly acceptField
elements, and much more efficient than previous methods of scaling by Fields- As a result,
Signature.verify()
andNullifier.verify()
use much fewer constraints
- As a result,
- Fix
Scalar.fromBits()
to not produce a shifted scalar; shifting is no longer exposed to users ofScalar
.
- Change the internal representation of
- Add assertion to the foreign EC addition gadget that prevents degenerate cases o1-labs#1545
- Fixes soundness of ECDSA; slightly increases its constraints from ~28k to 29k
- Breaks circuits that used EC addition, like ECDSA
Mina.LocalBlockchain()
andProof.fromJSON()
are made async o1-labs#1583- These were the last remaining sync APIs that depended on an async setup task; making them async enables removing top-level await
Mina.LocalBlockchain
no longer supports the network kind configuration o1-labs#1581Poseidon.hashToGroup()
now returns aGroup
directly, and constrains it to be deterministic o1-labs#1546- Added
Poseidon.Unsafe.hashToGroup()
as a more efficient, non-deterministic version for advanced use cases
- Added
- A
Transaction
'sprove
method no longer returns the proofs promise directly, but rather returns aTransaction
promise, the resolved value of which contains aproofs
prop. o1-labs#1567 - The
Transaction
type now has two type paramsProven extends boolean
andSigned extends boolean
, which are used to conditionally show/hide relevant state. o1-labs#1567 - Improved functionality of
MerkleList
andMerkleListIterator
for easier traversal ofMerkleList
s. o1-labs#1562 - Simplified internal logic of reducer. o1-labs#1577
contract.getActions()
now returns aMerkleList
- Add
toValue()
andfromValue()
interface toProvable<T>
to encode how provable types map to plain JS values o1-labs#1271- You can now return the plain value from a
Provable.witness()
callback, and it will be transformed into the provable type
- You can now return the plain value from a
- Remove
Account()
constructor which was no different fromAccountUpdate.create().account
, and exportAccount
type instead. o1-labs#1598
- Export
Events
underAccountUpdate.Events
. o1-labs#1563 Mina.transaction
has been reworked such that one can call methods directly on the returned promise (now aTransactionPromise
). This enables a fluent / method-chaining API. o1-labs#1567TransactionPendingPromise
enables callingwait
directly on the promise returned by callingsend
on aTransaction
. o1-labs#1567initializeBindings()
to explicitly trigger setup work that is needed when running provable code o1-labs#1583- calling this function is optional
- Remove top-level await o1-labs#1583
- To simplify integration with bundlers like webpack
- Make
MerkleTree.{nodes,zeroes}
public properties o1-labs#1555- This makes it possible to clone merkle trees, which is often needed
- Fix error when computing Merkle map witnesses, introduced in the last version due to the
toBits()
change o1-labs#1559 - Improved error message when compiling a program that has no methods. o1-labs#1563
0.18.0 - 2024-04-09
- Async circuits. Require all smart contract and zkprogram methods to be async o1-labs#1477
- This change allows you to use
await
inside your methods. Change the method signature by adding theasync
keyword. - Don't forget to add
await
to all contract calls!await MyContract.myMethod();
- To declare a return value from a method, use the new
@method.returns()
decorator
- This change allows you to use
- Require the callback to
Mina.transaction()
to be async o1-labs#1468 - Change
{SmartContract,ZkProgram}.analyzeMethods()
to be async o1-labs#1450Provable.runAndCheck()
,Provable.constraintSystem()
and{SmartContract,ZkProgram}.digest()
are also async now
- Remove deprecated APIs
- Remove
CircuitValue
,prop
,arrayProp
andmatrixProp
o1-labs#1507 - Remove
Mina.accountCreationFee()
,Mina.BerkeleyQANet
, all APIs which accept private keys for feepayers,Token
,AccountUpdate.tokenSymbol
,SmartContract.{token, setValue, setPermissions}
, "assert" methods for preconditions,MerkleTee.calculateRootSlow()
,Scalar.fromBigInt()
,UInt64.lt()
and friends, deprecated static methods onGroup
, utility methods onCircuit
likeCircuit.if()
,Field.isZero()
,isReady
andshutdown()
o1-labs#1515
- Remove
- Remove
privateKey
from the accepted arguments ofSmartContract.deploy()
o1-labs#1515 - Efficient comparisons. Support arbitrary bit lengths for
Field
comparisons and massively reduce their constraints o1-labs#1523Field.assertLessThan()
goes from 510 to 24 constraints,Field.lessThan()
from 509 to 38- Moderately improve other comparisons:
UInt64.assertLessThan()
from 27 to 14,UInt64.lessThan()
from 27 to 15,UInt32
similar. - Massively improve
Field.isEven()
, addField.isOdd()
PrivateKey.toPublicKey()
from 358 to 119 constraints thanks toisOdd()
- Add
Gadgets.ForeignField.assertLessThanOrEqual()
and support two variables as input toForeignField.assertLessThan()
- Remove
this.sender
which unintuitively did not prove that its value was the actual sender of the transaction o1-labs#1464 @julio4 Replaced by more explicit APIs:this.sender.getUnconstrained()
which has the old behavior ofthis.sender
, and returns an unconstrained value (which means that the prover can set it to any value they want)this.sender.getAndRequireSignature()
which requires a signature from the sender's public key and therefore proves that whoever created the transaction really owns the sender account
Reducer.reduce()
requires the maximum number of actions per method as an explicit (optional) argument o1-labs#1450- The default value is 1 and should work for most existing contracts
new UInt64()
andUInt64.from()
no longer unsafely accept a field element as input. o1-labs#1438 @julio4
As a replacement,UInt64.Unsafe.fromField()
was introduced- This prevents you from accidentally creating a
UInt64
without proving that it fits in 64 bits - Equivalent changes were made to
UInt32
- This prevents you from accidentally creating a
- Fixed vulnerability in
Field.to/fromBits()
outlined in #1023 by imposing a limit of 254 bits o1-labs#1461 - Remove
Field.rangeCheckHelper()
which was too low-level and easy to misuse o1-labs#1485- Also, rename the misleadingly named
Gadgets.isInRangeN()
toGadgets.isDefinitelyInRangeN()
- Also, rename the misleadingly named
- Rename
Bool.Unsafe.ofField()
toBool.Unsafe.fromField()
o1-labs#1485 - Replace the namespaced type exports
Gadgets.Field3
andGadgets.ForeignField.Sum
withField3
andForeignFieldSum
- Unfortunately, the namespace didn't play well with auto-imports in TypeScript
- Add
Gadgets.rangeCheck3x12()
and fix proof system bug that prevented it from working o1-labs#1534 - Update transaction version and other bindings changes to ensure berkeley compatibility o1-labs#1542
Provable.witnessAsync()
to introduce provable values from an async callback o1-labs#1468- Internal benchmarking tooling to keep track of performance o1-labs#1481
- Add
toInput
method forGroup
instance o1-labs#1483
field.assertBool()
now also returns theField
as aBool
for ergonomics o1-labs#1523
0.17.0 - 2024-03-06
- Fixed parity between
Mina.LocalBlockchain
andMina.Network
to have the same behaviors o1-labs#1422 o1-labs#1480- Changed the
TransactionId
type toTransaction
. Additionally addedPendingTransaction
andRejectedTransaction
types to better represent the state of a transaction. Transaction.safeSend()
andPendingTransaction.safeWait()
are introduced to return aIncludedTransaction
orRejectedTransaction
object without throwing errors.transaction.send()
throws an error if the transaction was not successful for bothMina.LocalBlockchain
andMina.Network
and returns aPendingTransaction
object if it was successful. Usetransaction.safeSend
to send a transaction that will not throw an error and either return aPendingTransaction
orRejectedTransaction
.transaction.wait()
throws an error if the transaction was not successful for bothMina.LocalBlockchain
andMina.Network
and returns aIncludedTransaction
object if it was successful. Usetransaction.safeWait
to send a transaction that will not throw an error and either return aIncludedTransaction
orRejectedTransaction
.transaction.hash()
is no longer a function, it is now a property that returns the hash of the transaction.- Changed
Transaction.isSuccess
toTransaction.status
to better represent the state of a transaction.
- Changed the
- Improved efficiency of computing
AccountUpdate.callData
by packing field elements into as few field elements as possible o1-labs#1458- This leads to a large reduction in the number of constraints used when inputs to a zkApp method are many field elements (e.g. a long list of
Bool
s)
- This leads to a large reduction in the number of constraints used when inputs to a zkApp method are many field elements (e.g. a long list of
- Return events in the
LocalBlockchain
in reverse chronological order (latest events at the beginning) to match the behavior of theNetwork
o1-labs#1460
- Support for custom network identifiers other than
mainnet
ortestnet
o1-labs#1444 PrivateKey.randomKeypair()
to generate private and public key in one command o1-labs#1446setNumberOfWorkers()
to allow developer to override the number of workers used during compilation and proof generation/verification o1-labs#1456
- Improve all-around performance by reverting the Apple silicon workaround (o1-labs#683) as the root problem is now fixed upstream o1-labs#1456
- Improved error message when trying to use
fetchActions
/fetchEvents
with a missing Archive Node endpoint o1-labs#1459
SmartContract.token
is deprecated in favor of new methods onTokenContract
o1-labs#1446TokenContract.deriveTokenId()
to get the ID of the managed tokenTokenContract.internal.{send, mint, burn}
to perform token operations from within the contract
- Mitigate security hazard of deploying token contracts o1-labs#1439
- Make
Circuit
handle types with a.provable
property (like those used in ECDSA) o1-labs#1471- To support offchain, non-Pickles proofs of ECDSA signatures
- Remove
AccountUpdate.children
andAccountUpdate.parent
properties o1-labs#1402- Also removes the optional
AccountUpdatesLayout
argument toapprove()
- Adds
AccountUpdateTree
andAccountUpdateForest
, new classes that represent a layout of account updates explicitly - Both of the new types are now accepted as inputs to
approve()
accountUpdate.extractTree()
to obtain the tree associated with an account update in the current transaction context.
- Also removes the optional
- Remove
Experimental.Callback
API o1-labs#1430
MerkleList<T>
to enable provable operations on a dynamically-sized list o1-labs#1398- including
MerkleListIterator<T>
to iterate over a merkle list
- including
TokenContract
, a new base smart contract class for token contracts o1-labs#1384- Usage example:
https://github.com/o1-labs/o1js/blob/main/src/lib/mina/token/token-contract.unit-test.ts
- Usage example:
TokenAccountUpdateIterator
, a primitive to iterate over all token account updates in a transaction o1-labs#1398- this is used to implement
TokenContract
under the hood
- this is used to implement
- Mainnet support. o1-labs#1437
- Protocol change that adds a "transaction version" to the permission to set verification keys MinaProtocol/mina#14407
- See the relevant RFC for the motivation behind this change
- Breaks all deployed contracts, as it changes the account update layout
- Provable type
Packed<T>
to pack small field elements into fewer field elements o1-labs#1376 - Provable type
Hashed<T>
to represent provable types by their hash o1-labs#1377- This also exposes
Poseidon.hashPacked()
to efficiently hash an arbitrary type
- This also exposes
- Reduce number of constraints of ECDSA verification by 5% o1-labs#1376
- Improve performance of Wasm Poseidon hashing by a factor of 13x o1-labs#1378
- Speeds up local blockchain tests without proving by ~40%
- Improve performance of Field inverse o1-labs#1373
- Speeds up proving by ~2-4%
- Configurable
networkId
when declaring a Mina instance. o1-labs#1387- Defaults to
"testnet"
, the other option is"mainnet"
- The
networkId
parameter influences the algorithm used for signatures, and ensures that testnet transactions can't be replayed on mainnet
- Defaults to
- SHA256 hash function exposed via
Hash.SHA2_256
orGadgets.SHA256
. o1-labs#1285
Mina.accountCreationFee()
is deprecated in favor ofMina.getNetworkConstants().accountCreationFee
. o1-labs#1367
- Fix approving of complex account update layouts o1-labs#1364
- Fix bug in
Hash.hash()
which always resulted in an error o1-labs#1346
- Rename
Gadgets.rotate()
toGadgets.rotate64()
to better reflect the amount of bits the gadget operates on. o1-labs#1259 - Rename
Gadgets.{leftShift(), rightShift()}
toGadgets.{leftShift64(), rightShift64()}
to better reflect the amount of bits the gadget operates on. o1-labs#1259
- Non-native elliptic curve operations exposed through
createForeignCurve()
class factory o1-labs#1007 - ECDSA signature verification exposed through
createEcdsa()
class factory o1-labs#1240 o1-labs#1007 o1-labs#1307- For an example, see
./src/examples/crypto/ecdsa
- For an example, see
- Keccak/SHA3 hash function exposed on
Keccak
namespace o1-labs#1291 Hash
namespace which holds all hash functions o1-labs#999Bytes
, provable type to hold a byte array, which serves as input and output for Keccak variantsUInt8
, provable type to hold a single byte, which is constrained to be in the 0 to 255 range
Gadgets.rotate32()
for rotation over 32 bit values o1-labs#1259Gadgets.leftShift32()
for left shift over 32 bit values o1-labs#1259Gadgets.divMod32()
division modulo 2^32 that returns the remainder and quotient of the operation o1-labs#1259Gadgets.rangeCheck32()
range check for 32 bit values o1-labs#1259Gadgets.addMod32()
addition modulo 2^32 o1-labs#1259- Expose new bitwise gadgets on
UInt32
andUInt64
o1-labs#1259- bitwise XOR via
{UInt32, UInt64}.xor()
- bitwise NOT via
{UInt32, UInt64}.not()
- bitwise ROTATE via
{UInt32, UInt64}.rotate()
- bitwise LEFTSHIFT via
{UInt32, UInt64}.leftShift()
- bitwise RIGHTSHIFT via
{UInt32, UInt64}.rightShift()
- bitwise AND via
{UInt32, UInt64}.and()
- bitwise XOR via
- Example for using actions to store a map data structure o1-labs#1300
Provable.constraintSystem()
and{ZkProgram,SmartContract}.analyzeMethods()
return asummary()
method to return a summary of the constraints used by a method o1-labs#1007assert()
asserts that a given statement is true o1-labs#1285
- Fix stack overflows when calling provable methods with large inputs o1-labs#1334
- Fix
Local.setProofsEnabled()
which would not get picked up bydeploy()
o1-labs#1330 - Remove usage of private class fields in core types like
Field
, for better type compatibility between different o1js versions o1-labs#1319
ZkProgram.compile()
now returns the verification key and its hash, to be consistent withSmartContract.compile()
o1-labs#1292 @rpanic
- Foreign field arithmetic exposed through the
createForeignField()
class factory o1-labs#985 Crypto
namespace which exposes elliptic curve and finite field arithmetic on bigints, as well as example curve parameters o1-labs#1240Gadgets.ForeignField.assertMul()
for efficiently constraining products of sums in non-native arithmetic o1-labs#1262Unconstrained
for safely maintaining unconstrained values in provable code o1-labs#1262Gadgets.rangeCheck8()
to assert that a value fits in 8 bits o1-labs#1288
- Change precondition APIs to use "require" instead of "assert" as the verb, to distinguish them from provable assertions. @LuffySama-Dev
this.x.getAndAssertEquals()
is nowthis.x.getAndRequireEquals()
o1-labs#1263this.x.assertEquals(x)
is nowthis.x.requireEquals(x)
o1-labs#1263this.account.x.getAndAssertEquals(x)
is nowthis.account.x.requireEquals(x)
o1-labs#1265this.account.x.assertBetween()
is nowthis.account.x.requireBetween()
o1-labs#1265this.network.x.getAndAssertEquals()
is nowthis.network.x.getAndRequireEquals()
o1-labs#1265
Provable.constraintSystem()
and{ZkProgram,SmartContract}.analyzeMethods()
return aprint()
method for pretty-printing the constraint system o1-labs#1240
- Fix missing recursive verification of proofs in smart contracts o1-labs#1302
- Change return signature of
ZkProgram.analyzeMethods()
to be a keyed object o1-labs#1223
- Provable non-native field arithmetic:
Gadgets.ForeignField.{add, sub, sumchain}()
for addition and subtraction o1-labs#1220Gadgets.ForeignField.{mul, inv, div}()
for multiplication and division o1-labs#1223
- Comprehensive internal testing of constraint system layouts generated by new gadgets o1-labs#1241 o1-labs#1220
Lightnet
namespace API updates with addedlistAcquiredKeyPairs()
method o1-labs#1256- Expose raw provable methods of a
ZkProgram
onzkProgram.rawMethods
o1-labs#1241 - Reduce number of constraints needed by
rotate()
,leftShift()
and,rightShift()
gadgets o1-labs#1201
- Add a parameter to
checkZkappTransaction
for block length to check for transaction inclusion. This fixes a case whereTransaction.wait()
only checked the latest block, which led to an error once the transaction was included in a block that was not the latest. o1-labs#1239
Gadgets.not()
, new provable method to support bitwise not. o1-labs#1198Gadgets.leftShift() / Gadgets.rightShift()
, new provable methods to support bitwise shifting. o1-labs#1194Gadgets.and()
, new provable method to support bitwise and. o1-labs#1193Gadgets.multiRangeCheck()
andGadgets.compactMultiRangeCheck()
, two building blocks for non-native arithmetic with bigints of size up to 264 bits. o1-labs#1216
- Removed array reversal of fetched actions, since they are returned in the correct order. o1-labs#1258
- Constraint optimizations in Field methods and core crypto changes break all verification keys o1-labs#1171 o1-labs#1178
ZkProgram
has moved out of theExperimental
namespace and is now available as a top-level import directly.Experimental.ZkProgram
has been deprecated.ZkProgram
gets a new input argumentname: string
which is required in the non-experimental API. The name is used to identify a ZkProgram when caching prover keys. o1-labs#1200
Lightnet
namespace to interact with the account manager provided by the lightnet Mina network o1-labs#1167- Internal support for several custom gates (range check, bitwise operations, foreign field operations) and lookup tables o1-labs#1176
Gadgets.rangeCheck64()
, new provable method to do efficient 64-bit range checks using lookup tables o1-labs#1181Gadgets.rotate()
, new provable method to support bitwise rotation for native field elements. o1-labs#1182Gadgets.xor()
, new provable method to support bitwise xor for native field elements. o1-labs#1177Proof.dummy()
to create dummy proofs o1-labs#1188- You can use this to write ZkPrograms that handle the base case and the inductive case in the same method.
- Use cached prover keys in
compile()
when running in Node.js o1-labs#1187- Caching is configurable by passing a custom
Cache
(new export) tocompile()
- By default, prover keys are stored in an OS-dependent cache directory;
~/.cache/pickles
on Mac and Linux
- Caching is configurable by passing a custom
- Use cached setup points (SRS and Lagrange bases) when running in Node.js o1-labs#1197
- Also, speed up SRS generation by using multiple threads
- Together with caching of prover keys, this speeds up compilation time by roughly
- 86% when everything is cached
- 34% when nothing is cached
- Changes to some verification keys caused by changing the way
Struct
orders object properties. o1-labs#1124 @Comdex- To recover existing verification keys and behavior, change the order of properties in your Struct definitions to be alphabetical
- The
customObjectKeys
option is removed fromStruct
- Improve prover performance by ~25% o1-labs#1092
- Change internal representation of field elements to be JS bigint instead of Uint8Array
- Consolidate internal framework for testing equivalence of two implementations
- Changes to verification keys caused by updates to the proof system. This breaks all deployed contracts o1-labs#1016
- Renamed SnarkyJS to o1js o1-labs#1104
- Reduce loading time of the library by 3-4x o1-labs#1073
- Improve error when forgetting
transaction.prove()
o1-labs#1095
- Added a method
createTestNullifier
to the Nullifier class for testing purposes. It is recommended to use mina-signer to create Nullifiers in production, since it does not leak the private key of the user. TheNullifier.createTestNullifier
method requires the private key as an input outside of the users wallet. o1-labs#1026 - Added
field.isEven
to check if a Field element is odd or even. o1-labs#1026
- Revert verification key hash change from previous release to stay compatible with the current testnet o1-labs#1032
- Fix the default verification key hash that was generated for AccountUpdates. This change adopts the default mechanism provided by Mina Protocol o1-labs#1021
- Please be aware that this alteration results in a breaking change affecting the verification key of already deployed contracts.
- NodeJS error caused by invalid import o1-labs#1012
- Fix commonJS version of o1js, again o1-labs#1006
- Fix commonJS version of o1js o1-labs#1005
Group
operations now generate a different set of constraints. This breaks deployed contracts, because the circuit changed. o1-labs#967
- Implemented
Nullifier
as a new primitive o1-labs#882- mina-signer can now be used to generate a Nullifier, which can be consumed by zkApps using the newly added Nullifier Struct
- Improve error message
Can't evaluate prover code outside an as_prover block
o1-labs#998
- Fix unsupported use of
window
when running o1js in workers o1-labs#1002
- Rewrite of
Provable.if()
causes breaking changes to all deployed contracts o1-labs#889 - Remove all deprecated methods and properties on
Field
o1-labs#902 - The
Field(x)
constructor and other Field methods no longer accept aboolean
as input. Instead, you can now pass in abigint
to all Field methods. o1-labs#902 - Remove redundant
signFeePayer()
method o1-labs#935
- Add
field.assertNotEquals()
to assert that a field element does not equal some value o1-labs#902- More efficient than
field.equals(x).assertFalse()
- More efficient than
- Add
scalar.toConstant()
,scalar.toBigInt()
,Scalar.from()
,privateKey.toBigInt()
,PrivateKey.fromBigInt()
o1-labs#935 Poseidon.hashToGroup
enables hashing to a group o1-labs#887
- Make stack traces more readable o1-labs#890
- Stack traces thrown from o1js are cleaned up by filtering out unnecessary lines and other noisy details
- Remove optional
zkappKey
argument insmartContract.init()
, and instead assert thatprovedState
is false wheninit()
is called o1-labs#908 - Improve assertion error messages on
Field
methods o1-labs#743 o1-labs#902 - Publicly expose the internal details of the
Field
type o1-labs#902
- Utility methods on
Circuit
are deprecated in favor of the same methods onProvable
o1-labs#889Circuit.if()
,Circuit.witness()
,Circuit.log()
and others replaced byProvable.if()
,Provable.witness()
,Provable.log()
- Under the hood, some of these methods were rewritten in TypeScript
- Deprecate
field.isZero()
o1-labs#902
- Fix running o1js in Node.js on Windows o1-labs/o1js-bindings#19 @wizicer
- Fix error reporting from GraphQL requests o1-labs#919
- Resolved an
Out of Memory error
experienced on iOS devices (iPhones and iPads) during the initialization of the WASM memory o1-labs/o1js-bindings#26 - Fix
field.greaterThan()
and other comparison methods outside provable code o1-labs#858 o1-labs#902 - Fix
field.assertBool()
o1-labs#469 o1-labs#902 - Fix
Field(bigint)
wherebigint
is larger than the field modulus o1-labs#432 o1-labs#902- The new behaviour is to use the modular residual of the input
- No longer fail on missing signature in
tx.send()
. This fixes the flow of deploying a zkApp from a UI via a wallet o1-labs#931 @marekyggdrasil
- Allow ZkPrograms to return their public output o1-labs#874 o1-labs#876
- new option
ZkProgram({ publicOutput?: Provable<any>, ... })
;publicOutput
has to match the return type of all ZkProgram methods. - the
publicInput
option becomes optional; if not provided, methods no longer expect the public input as first argument - full usage example: https://github.com/o1-labs/o1js/blob/f95cf2903e97292df9e703b74ee1fc3825df826d/src/examples/program.ts
- new option
- All references to
actionsHash
are renamed toactionState
to better mirror what is used in Mina protocol APIs o1-labs#833- This change affects function parameters and returned object keys throughout the API
- No longer make
MayUseToken.InheritFromParent
the defaultmayUseToken
value on the caller if one zkApp method calls another one; this removes the need to manually overridemayUseToken
in several known cases o1-labs#863- Causes a breaking change to the verification key of deployed contracts that use zkApp composability
this.state.getAndAssertEquals()
as a shortcut forlet x = this.state.get(); this.state.assertEquals(x);
o1-labs#863- also added
.getAndAssertEquals()
onthis.account
andthis.network
fields
- also added
- Support for fallback endpoints when making network requests, allowing users to provide an array of endpoints for GraphQL network requests. o1-labs#871
- Endpoints are fetched two at a time, and the result returned from the faster response
reducer.forEach(actions, ...)
as a shortcut forreducer.reduce()
when you don't need astate
o1-labs#863- New export
TokenId
which supersedesToken.Id
;TokenId.deriveId()
replacesToken.Id.getId()
o1-labs#863 - Add
Permissions.allImpossible()
for the set of permissions where nothing is allowed (more convenient thanPermissions.default()
when you want to make most actions impossible) o1-labs#863
- Massive improvement of memory consumption, thanks to a refactor of o1js' worker usage o1-labs#872
- Memory reduced by up to 10x; see the PR for details
- Side effect:
Circuit
API becomes async, for exampleMyCircuit.prove(...)
becomesawait MyCircuit.prove(...)
- Token APIs
this.token.{send,burn,mint}()
now accept anAccountUpdate
orSmartContract
as from / to input o1-labs#863 - Improve
Transaction.toPretty()
output by adding account update labels in most methods that create account updates o1-labs#863 - Raises the limit of actions/events per transaction from 16 to 100, providing users with the ability to submit a larger number of events/actions in a single transaction. o1-labs#883.
- Deprecate both
shutdown()
andawait isReady
, which are no longer needed o1-labs#872
SmartContract.deploy()
now throws an error when no verification key is found o1-labs#885- The old, confusing behaviour was to silently not update the verification key (but still update some permissions to "proof", breaking the zkApp)
- Fix fetching the
access
permission on accounts o1-labs#851 - Fix
fetchActions
o1-labs#844 o1-labs#854 @Comdex - Updated
Mina.TransactionId.isSuccess
to accurately verify zkApp transaction status after usingMina.TransactionId.wait()
. o1-labs#826- This change ensures that the function correctly checks for transaction completion and provides the expected result.
smartContract.fetchActions()
andMina.fetchActions()
, asynchronous methods to fetch actions directly from an archive node o1-labs#843 @Comdex
Circuit.runAndCheck()
now usessnarky
to create a constraint system and witnesses, and check constraints. It closely matches behavior during proving and can be used to test provable code without having to create an expensive proof o1-labs#840
- Fixes two issues that were temporarily reintroduced in the 0.9.6 release o1-labs#799 o1-labs#530
- Circuits changed due to an internal rename of "sequence events" to "actions" which included a change to some hash prefixes; this breaks all deployed contracts.
- Temporarily reintroduces 2 known issues as a result of reverting a fix necessary for network redeployment:
- o1-labs#799
- o1-labs#530
- Please note that we plan to address these issues in a future release. In the meantime, to work around this breaking change, you can try calling
fetchAccount
for each account involved in a transaction before executing theMina.transaction
block.
- Improve number of constraints needed for Merkle tree hashing o1-labs#820
- This breaks deployed zkApps which use
MerkleWitness.calculateRoot()
, because the circuit is changed - You can make your existing contracts compatible again by switching to
MerkleWitness.calculateRootSlow()
, which has the old circuit
- This breaks deployed zkApps which use
- Renamed function parameters: The
getAction
function now accepts a new object structure for its parameters. o1-labs#828- The previous object keys,
fromActionHash
andendActionHash
, have been replaced byfromActionState
andendActionState
.
- The previous object keys,
zkProgram.analyzeMethods()
to obtain metadata about a ZkProgram's methods o1-labs#829 @maht0rz
- Improved Event Handling in o1js o1-labs#825
- Updated the internal event type to better handle events emitted in different zkApp transactions and when multiple zkApp transactions are present within a block.
- The internal event type now includes event data and transaction information as separate objects, allowing for more accurate information about each event and its associated transaction.
- Removed multiple best tip blocks when fetching action data o1-labs#817
- Implemented a temporary fix that filters out multiple best tip blocks, if they exist, while fetching actions. This fix will be removed once the related issue in the Archive-Node-API repository (o1-labs/Archive-Node-API#7) is resolved.
- New
fromActionState
andendActionState
parameters for fetchActions function in o1js o1-labs#828- Allows fetching only necessary actions to compute the latest actions state
- Eliminates the need to retrieve the entire actions history of a zkApp
- Utilizes
actionStateTwo
field returned by Archive Node API as a safe starting point for deriving the most recent action hash
- Update the zkApp verification key from within one of its own methods, via proof o1-labs#812
- Change type of verification key returned by
SmartContract.compile()
to matchVerificationKey
o1-labs#812
- Failing
Mina.transaction
on Berkeley because of unsatisfied constraints caused by dummy data before we fetched account state o1-labs#807- Previously, you could work around this by calling
fetchAccount()
for every account invovled in a transaction. This is not necessary anymore.
- Previously, you could work around this by calling
- Update the zkApp verification key from within one of its own methods, via proof o1-labs#812
getActions
to handle multiple actions with multiple Account Updates o1-labs#801
- Use
fetchEvents()
to fetch events for a specified zkApp from a GraphQL endpoint that implements this schema.Mina.Network
accepts an additional endpoint which points to a GraphQL server. o1-labs#749- Use the
mina
property for the Mina node. - Use
archive
for the archive node.
- Use the
- Use
getActions
to fetch actions for a specified zkApp from a GraphQL endpoint GraphQL endpoint that implements the same schema asfetchEvents
. o1-labs#788
- Added the missing export of
Mina.TransactionId
o1-labs#785 - Added an option to specify
tokenId
asField
infetchAccount()
o1-labs#787 @rpanic
this.network.timestamp
is added back and is implemented on top ofthis.network.globalSlotSinceGenesis
o1-labs#755
- On-chain value
globalSlot
is replaced by the clearercurrentSlot
o1-labs#755currentSlot
refers to the slot at which the transaction will be included in a block.- the only supported method is
currentSlot.assertBetween()
becausecurrentSlot.get()
is impossible to implement since the value is determined in the future andcurrentSlot.assertEquals()
is error-prone
- Incorrect counting of limit on events and actions o1-labs#758
- Type error when using
Circuit.array
in on-chain state or events o1-labs#758 - Bug when using
Circuit.witness
outside the prover o1-labs#774
- Bug when using
this.<state>.get()
outside a transaction o1-labs#754
Transaction.fromJSON
to recover transaction object from JSON o1-labs#705- New precondition:
provedState
, a boolean which is true if the entire on-chain state of this account was last modified by a proof o1-labs#741- Same API as all preconditions:
this.account.provedState.assertEquals(Bool(true))
- Can be used to assert that the state wasn't tampered with by the zkApp developer using non-contract logic, for example, before deploying the zkApp
- Same API as all preconditions:
- New on-chain value
globalSlot
, to make assertions about the current time o1-labs#649- example:
this.globalSlot.get()
,this.globalSlot.assertBetween(lower, upper)
- Replaces
network.timestamp
,network.globalSlotSinceGenesis
andnetwork.globalSlotSinceHardFork
. o1-labs#560
- example:
- New permissions:
access
to control whether account updates for this account can be used at all o1-labs#500setTiming
to control who can update the account'stiming
field o1-labs#685- Example:
this.permissions.set({ ...Permissions.default(), access: Permissions.proofOrSignature() })
- Expose low-level view into the PLONK gates created by a smart contract method o1-labs#687
MyContract.analyzeMethods().<method name>.gates
- BREAKING CHANGE: Modify signature algorithm used by
Signature.{create,verify}
to be compatible with mina-signer o1-labs#710- Signatures created with mina-signer's
client.signFields()
can now be verified inside a SNARK! - Breaks existing deployed smart contracts which use
Signature.verify()
- Signatures created with mina-signer's
- BREAKING CHANGE: Circuits changed due to core protocol and cryptography changes; this breaks all deployed contracts.
- BREAKING CHANGE: Change structure of
Account
type which is returned byMina.getAccount()
o1-labs#741- for example,
account.appState
->account.zkapp.appState
- full new type (exported as
Types.Account
): https://github.com/o1-labs/o1js/blob/0be70cb8ceb423976f348980e9d6238820758cc0/src/provable/gen/transaction.ts#L515
- for example,
- Test accounts hard-coded in
LocalBlockchain
now have default permissions, not permissions allowing everything. Fixes some unintuitive behaviour in tests, like requiring no signature when using these accounts to send MINA o1-labs#638
- Preconditions
timestamp
andglobalSlotSinceHardFork
o1-labs#560timestamp
is expected to come back as a wrapper for the newglobalSlot
this.account.<field>.set()
as a unified API to update fields on the account o1-labs#643- covers
permissions
,verificationKey
,zkappUri
,tokenSymbol
,delegate
,votingFor
- exists on
SmartContract.account
andAccountUpdate.account
- covers
this.sender
to get the public key of the transaction's sender o1-labs#652- To get the sender outside a smart contract, there's now
Mina.sender()
- To get the sender outside a smart contract, there's now
tx.wait()
is now implemented. It waits for the transactions inclusion in a block o1-labs#645wait()
also now takes an optionaloptions
parameter to specify the polling interval or maximum attempts.wait(options?: { maxAttempts?: number; interval?: number }): Promise<void>;
Circuit.constraintSystemFromKeypair(keypair)
to inspect the circuit at a low level o1-labs#529- Works with a
keypair
(prover + verifier key) generated with theCircuit
API
- Works with a
Mina.faucet()
can now be used to programmatically fund an address on the testnet, using the faucet provided by faucet.minaprotocol.com o1-labs#693
- BREAKING CHANGE: Constraint changes in
sign()
,requireSignature()
andcreateSigned()
onAccountUpdate
/SmartContract
. This means that smart contracts using these methods in their proofs won't be able to create valid proofs against old deployed verification keys. o1-labs#637 Mina.transaction
now takes a public key as the fee payer argument (passing in a private key is deprecated) o1-labs#652- Before:
Mina.transaction(privateKey, ...)
. Now:Mina.transaction(publicKey, ...)
AccountUpdate.fundNewAccount()
now enables funding multiple accounts at once, and deprecates theinitialBalance
argument
- Before:
- New option
enforceTransactionLimits
forLocalBlockchain
(default value:true
), to disable the enforcement of protocol transaction limits (maximum events, maximum sequence events and enforcing certain layout ofAccountUpdate
s depending on their authorization) o1-labs#620 - Change the default
send
permissions (for sending MINA or tokens) that get set when deploying a zkApp, fromsignature()
toproof()
o1-labs#648 - Functions for making assertions and comparisons have been renamed to their long form, instead of the initial abbreviation. Old function names have been deprecated o1-labs#681
.lt
->.lessThan
.lte
->.lessThanOrEqual
.gt
->.greaterThan
.gte
->greaterThanOrEqual
.assertLt
->.assertLessThan
.assertLte
->.assertLessThanOrEqual
.assertGt
->.assertGreaterThan
.assertGte
->assertGreaterThanOrEqual
.assertBoolean
->.assertBool
this.setPermissions()
in favor ofthis.account.permissions.set()
o1-labs#643this.tokenSymbol.set()
in favor ofthis.account.tokenSymbol.set()
this.setValue()
in favor ofthis.account.<field>.set()
Mina.transaction(privateKey: PrivateKey, ...)
in favor of new signatureMina.transaction(publicKey: PublicKey, ...)
AccountUpdate.createSigned(privateKey: PrivateKey)
in favor of new signatureAccountUpdate.createSigned(publicKey: PublicKey)
o1-labs#637.lt
,.lte
,gt
,gte
,.assertLt
,.assertLte
,.assertGt
,.assertGte
have been deprecated. o1-labs#681
- Fixed Apple silicon performance issue o1-labs#491
- Type inference for Structs with instance methods o1-labs#567
- also fixes
Struct.fromJSON
- also fixes
SmartContract.fetchEvents
fixed when multiple event types existed o1-labs#627- Error when using reduce with a
Struct
as state type o1-labs#689 - Fix use of stale cached accounts in
Mina.transaction
o1-labs#430
- Bug in
deploy()
when initializing a contract that already exists o1-labs#588
Mina.BerkeleyQANet
in favor of the clearer-namedMina.Network
o1-labs#588
MerkleMap
andMerkleMapWitness
o1-labs#546- Lots of doc comments! o1-labs#580
- Bug in
Circuit.log
printing account updates o1-labs#578
- Testnet-incompatible signatures in v0.7.0 o1-labs#565
- Added an optional string parameter to certain
assert
methods o1-labs#470 Struct
, a new primitive for declaring composite, SNARK-compatible types o1-labs#416- With this, we also added a way to include auxiliary, non-field element data in composite types
- Added
VerificationKey
, which is aStruct
with auxiliary data, to pass verification keys to a@method
- BREAKING CHANGE: Change names related to circuit types:
AsFieldsAndAux<T>
->Provable<T>
,AsFieldElement<T>
->ProvablePure<T>
,circuitValue
->provable
- BREAKING CHANGE: Change all
ofFields
andofBits
methods on circuit types tofromFields
andfromBits
- New option
proofsEnabled
forLocalBlockchain
(default value:true
), to quickly test transaction logic with proofs disabled o1-labs#462- with
proofsEnabled: true
, proofs now get verified locally o1-labs#423
- with
SmartContract.approve()
to approve a tree of child account updates o1-labs#428 o1-labs#534- AccountUpdates are now valid
@method
arguments, andapprove()
is intended to be used on them when passed to a method - Also replaces
Experimental.accountUpdateFromCallback()
- AccountUpdates are now valid
Circuit.log()
to easily log Fields and other provable types inside a method, with the same API asconsole.log()
o1-labs#484SmartContract.init()
is a new method on the baseSmartContract
that will be called only during the first deploy (not if you re-deploy later to upgrade the contract) o1-labs#543- Overriding
init()
is the new recommended way to add custom state initialization logic.
- Overriding
transaction.toPretty()
andaccountUpdate.toPretty()
for debugging transactions by printing only the pieces that differ from default account updates o1-labs#428AccountUpdate.attachToTransaction()
for explicitly adding an account update to the current transaction. This replaces some previous behaviour where an account update got attached implicitly o1-labs#484SmartContract.requireSignature()
andAccountUpdate.requireSignature()
as a simpler, better-named replacement for.sign()
o1-labs#558
- BREAKING CHANGE:
tx.send()
is now asynchronous: old:send(): TransactionId
new:send(): Promise<TransactionId>
andtx.send()
now directly waits for the network response, as opposed totx.send().wait()
o1-labs#423 - Sending transactions to
LocalBlockchain
now involves Circuit.witness
can now be called outside circuits, where it will just directly return the callback result o1-labs#484- The
FeePayerSpec
, which is used to specify properties of the transaction viaMina.transaction()
, now has another optional parameter to specify the nonce manually.Mina.transaction({ feePayerKey: feePayer, nonce: 1 }, () => {})
o1-labs#497 - BREAKING CHANGE: Static methods of type
.fromString()
,.fromNumber()
and.fromBigInt()
onField
,UInt64
,UInt32
andInt64
are no longer supported o1-labs#519- use
Field(number | string | bigint)
andUInt64.from(number | string | bigint)
- use
- Move several features out of 'experimental' o1-labs#555
Reducer
replacesExperimental.Reducer
MerkleTree
andMerkleWitness
replaceExperimental.{MerkleTree,MerkleWitness}
- In a
SmartContract
,this.token
replacesthis.experimental.token
CircuitValue
deprecated in favor ofStruct
o1-labs#416- Static props
Field.zero
,Field.one
,Field.minusOne
deprecated in favor ofField(number)
o1-labs#524 SmartContract.sign()
andAccountUpdate.sign()
in favor of.requireSignature()
o1-labs#558
- Uint comparisons and division fixed inside the prover o1-labs#503
- Callback arguments are properly passed into method invocations o1-labs#516
- Removed internal type
JSONValue
from public interfaces o1-labs#536 - Returning values from a zkApp o1-labs#461
- Callback arguments are properly passed into method invocations o1-labs#516
- Proof verification on the web version o1-labs#476
reducer.getActions
partially implemented for local testing o1-labs#327gte
andassertGte
methods onUInt32
,UInt64
o1-labs#349- Return sent transaction
hash
forRemoteBlockchain
o1-labs#399
- BREAKING CHANGE: Rename the
Party
class toAccountUpdate
. Also, rename other occurrences of "party" to "account update". o1-labs#393 - BREAKING CHANGE: Don't require the account address as input to
SmartContract.compile()
,SmartContract.digest()
andSmartContract.analyzeMethods()
o1-labs#406- This works because the address / public key is now a variable in the method circuit; it used to be a constant
- BREAKING CHANGE: Move
ZkProgram
toExperimental.ZkProgram
- Running o1js inside a web worker o1-labs#378
- Infinite loop when compiling in web version o1-labs#379, by @maht0rz
- Crash of the web version introduced in 0.5.0
- Issue with
Experimental.MerkleWitness
o1-labs#368
fetchAccount
o1-labs#350
- Recursive proofs. RFC: o1-labs#89, PRs: o1-labs#245 o1-labs#250 o1-labs#261
- Enable smart contract methods to take previous proofs as arguments, and verify them in the circuit
- Add
ZkProgram
, a new primitive which represents a collection of circuits that produce instances of the same proof. So, it's a more general version ofSmartContract
, without any of the Mina-related API.
ZkProgram
is suitable for rollup-type systems and offchain usage of Pickles + Kimchi.
- zkApp composability -- calling other zkApps from inside zkApps. RFC: o1-labs#303, PRs: o1-labs#285, o1-labs#296, o1-labs#294, o1-labs#297
- Events support via
SmartContract.events
,this.emitEvent
. RFC: o1-labs#248, PR: o1-labs#272fetchEvents
partially implemented for local testing: o1-labs#323
- Payments:
this.send({ to, amount })
as an easier API for sending Mina from smart contracts o1-labs#325Party.send()
to transfer Mina between any accounts, for example, from users to smart contracts
SmartContract.digest()
to quickly compute a hash of the contract's circuit. This is used by the zkApp CLI to figure out whethercompile
should be re-run or a cached verification key can be used. o1-labs#268Circuit.constraintSystem()
for creating a circuit from a function, counting the number of constraints and computing a digest of the circuit o1-labs#279this.account.isNew
to assert that an account did not (or did) exist before the transaction MinaProtocol/mina#11524LocalBlockchain.setTimestamp
and other setters for network state, to test network preconditions locally o1-labs#329- Experimental APIs are now collected under the
Experimental
import, or onthis.experimental
in a smart contract. - Custom tokens (experimental), via
this.token
. RFC: o1-labs#233, PR: o1-labs#273, - Actions / sequence events support (experimental), via
Experimental.Reducer
. RFC: o1-labs#265, PR: o1-labs#274 - Merkle tree implementation (experimental) via
Experimental.MerkleTree
o1-labs#343
- BREAKING CHANGE: Make on-chain state consistent with other preconditions - throw an error when state is not explicitly constrained o1-labs#267
CircuitValue
improvements o1-labs#269, o1-labs#306, o1-labs#341- Added a base constructor, so overriding the constructor on classes that extend
CircuitValue
is now optional. When overriding, the base constructor can be called without arguments, as previously:super()
. When not overriding, the expected arguments are all the@prop
s on the class, in the order they were defined in:new MyCircuitValue(prop1, prop2)
. CircuitValue.fromObject({ prop1, prop2 })
is a new, better-typed alternative for using the base constructor.- Fixed: the overridden constructor is now free to have any argument structure -- previously, arguments had to be the props in their declared order. I.e., the behaviour that's now used by the base constructor used to be forced on all constructors, which is no longer the case.
- Added a base constructor, so overriding the constructor on classes that extend
Mina.transaction
improvements- Support zkApp proofs when there are other account updates in the same transaction block o1-labs#280
- Support multiple independent zkApp proofs in one transaction block o1-labs#296
- Add previously unimplemented preconditions, like
this.network.timestamp
o1-labs#324 MinaProtocol/mina#11577 - Improve error messages thrown from Wasm, by making Rust's
panic
log to the JS console MinaProtocol/mina#11644 - Not user-facing, but essential: Smart contracts fully constrain the account updates they create, inside the circuit o1-labs#278
- Fix comparisons on
UInt32
andUInt64
(UInt32.lt
,UInt32.gt
, etc) o1-labs#174, o1-labs#101. PR: o1-labs#307
- Implement the precondition RFC:
- new fields
this.account
andthis.network
on bothSmartContract
andParty
this.<account|network>.<property>.get()
to use on-chain values in a circuit, e.g. account balance or block heightthis.<account|network>.<property>.{assertEqual, assertBetween, assertNothing}()
to constrain what values to allow for these
- new fields
CircuitString
, a snark-compatible string type with methods like.append()
o1-labs#155bool.assertTrue()
,bool.assertFalse()
as convenient aliases for existing functionalityLedger.verifyPartyProof
which can check if a proof on a transaction is valid o1-labs#208- Memo field in APIs like
Mina.transaction
to attach arbitrary messages o1-labs#244 - This changelog
- Huge snark performance improvements (2-10x) for most zkApps MinaProtocol/mina#11053
- Performance improvements in node with > 4 CPUs, for all snarks MinaProtocol/mina#11292
- Substantial reduction of o1js' size MinaProtocol/mina#11166
- Unused functions
call
andcallUnproved
, which were embryonic versions of what is now thetransaction
API to call smart contract methods - Some unimplemented fields on
SmartContract
- zkApp proving on web o1-labs#226