EIP-4844 #66
Open
EIP-4844 #66
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bump Gnark to v0.10.1 and gnark-lean-extractor to v3.0.0. This project was using very old Gnark revision. New Gnark is required for Keccak and 4844 development. Gnark-lean-extractor is a dependency that also uses Gnark. Gnark-lean-extractor itself got a Gnark update which resulted in breaking API changes. New API is now v3. Update all uses of this project. Updating gnark-lean-extractor requires update to proven-zk in formal verification Signed-off-by: Wojciech Zmuda <[email protected]>
[1/4 EIP 4844 in inserter circuit] Bump Gnark and gnark-lean-extractor
New Go brings ranges over integers allowing for nicer `for` loops. Signed-off-by: Wojciech Zmuda <[email protected]>
Temporarily don't fail the pipeline if this one step fails, so we can continue the development and fix that later. Signed-off-by: Wojciech Zmuda <[email protected]>
Update Go to 1.22.2 and temporarily allow building lean project to fail
In `keccak` package add a wrapper converting []frontend.Variable to []uints.U8 expected by NewLegacykeccak256. Use the wrapper in insertion and deletion circuits instead of our Keccak256 implementation. Remove the existing Keccak implementation. Add tests of the new implementation. Signed-off-by: Wojciech Zmuda <[email protected]>
[2/4 EIP 4844 in inserter circuit] prover: use Keccak256 implementation form Gnark
…n using barycentric formula (#13) prover: barycentric: implement barycentric formula gadget The new `barycentric` package adds `CalculateBarycentricFormula`. The function implements the evaluation of a polynomial in evaluation form at a point outside the domain, using barycentric interpolation. This function follows implementation by Dankrad Feist, as described in his blog post: https://dankradfeist.de/ethereum/2021/06/18/pcs-multiproofs.html. Another helper package is added - `field_utils`. It is a place for helper gadgets for field elements manipulations. It contains one function `Exp` to calculate field element's power of n, where n is an integer (not a field element). Signed-off-by: Wojciech Zmuda <[email protected]>
Gnark does it automatically now. Signed-off-by: Wojciech Zmuda <[email protected]>
Turn tree_test.go into a separate package called poseidon_native. This package holds an implementation of the out-of-circuit poseidon tree. To distinguish it from the in-circuit implementation in the poseidon package, the _native suffix is added. Signed-off-by: Wojciech Zmuda <[email protected]>
Co-authored-by: Marcin Kostrzewa <[email protected]> Signed-off-by: Wojciech Zmuda <[email protected]>
main_test.go is a special name for test file of the main package. It can be now picked with `go test ./...` and ran along with the rest of the test suite. Signed-off-by: Wojciech Zmuda <[email protected]>
Existing JSON (un)marshaler for prover.Proof did not consider all fields for BN254 Groth16 proof. Fix the implementation to cover all proofs and provide unit tests. Since this implementation assumes we're dealing with BN254 proofs, just do some casting and copy values to/from their respective fields instead of manually going through byte slices. This approach is equally curve-specific but more readable. Signed-off-by: Wojciech Zmuda <[email protected]>
Model insertion circuit inputs calculation after the existing insertion circuit tests. As a result, move InputHash from input to the response of the service. The response is more sophisticated now and is modeled accordingly, to satisfy contract's needs. Provide JSON (un)marshaling methods for the new response type, so it can be returned from the service. Move some of the helper functions from insertion circuit test to circuit utils, as they're now used in the proving system for 4844 calculations. Signed-off-by: Wojciech Zmuda <[email protected]>
[4/4 EIP 4844 in inserter circuit] prover: insertion_circuit: implement EIP 4844
Adjust web API to 4844
As per the EIP-4844 specs, KZG commitment should not be passed as raw bytes. Instead, a versioned hash of the commitment should be used. Implement the hashing function according to the specs and apply it on the commitment. Use the hash instead of the raw commitment for evaluation point calculation and pass the hash to the circuit instead. Reduce the evaluation point value at the input to the circuiut as an optimization, to avoid passing around large values. Introduce relevant changes in the insertion circiut test as well as the integration test and the prover itself. Export the BN254 reduction function to the circuit utils file, as now it's used in the integration test, which is outside of the prover package. Signed-off-by: Wojciech Zmuda <[email protected]>
insertion_circuit: use versioned KZG hash
`gnark-mbu verify` was neglected in EIP-4844 changes. Update the VerifyInsertion handler, so that it uses the recent insertion circuit structure. Fields of the structure are populated both from: - standard input (previously only proof was provided via stdin, now it's full response, which also contains proof), - new --params flag (previously parameters were not needed). The new --params flag accepts input from `gnark-mbu gen-test-params` command. Dedicated --input-hash flag is not needed for the insertion mode, as input hash is included in the response. This flag was made optional and is checked in deletion only. Signed-off-by: Wojciech Zmuda <[email protected]>
prover: verify: update `verify` command to EIP-4844
This change is necessary for generating Ethereum-compatible proof. Change the verifier accordingly, so the proof generated by smtb is compatible with itself. Signed-off-by: Wojciech Zmuda <[email protected]>
Contracts expect KZG values to be passed as arrays of 16-byte numbers. Modify the response accordingly so these values are returned in that form, instead of just single 48-byte-long values. Signed-off-by: Wojciech Zmuda <[email protected]>
Make prover insertion response contract-friendly
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a collection of smaller PRs developed in the reilabs/semaphore-mtb fork. Please see each respective PR for details.
verifycommand to EIP-4844 reilabs/semaphore-mtb#18The last PRs still in review and will be merged asap: