feat: derive address and class id in avm (#8897)

this PR adds tracing of the class id and contract instance when `getBytecode` (indicating a new context execution is happening in the simulator) is executed. We now derive the class id and the contract address in witgen, plus build the (unconstrained) circuit for: 1. the raw bytecode bytes, 2. the field encoded version 3. the bytecode hash derivation The circuit elements of the contract class id and address will be done in a follow up based on how we tackle nullifier request
AztecProtocol · Oct 26, 2024 · 2ebe361 · 2ebe361
1 parent ca3abaa
commit 2ebe361
Show file tree

Hide file tree

Showing 28 changed files with 1,393 additions and 881 deletions.
diff --git a/barretenberg/cpp/pil/avm/bytecode.pil b/barretenberg/cpp/pil/avm/bytecode.pil
@@ -1,13 +1,61 @@
 namespace bytecode(256);
 
-    pol commit packed;
+    // Raw bytes
+    pol commit bytes;
+    pol commit bytes_pc;
+
+    // =============== BYTECODE DECOMPOSITION =================================================
+    // Decomposed into 35 byte chunks to parse into instructions
+    pol commit decomposed;
+
+    // =============== BYTECODE ENCODING =================================================
+    // Bytes packed into 31 byte chunks
+    pol commit as_fields;
+
+    // =============== BYTECODE HASHING + ADDRESS DERIVATION =================================================
     pol commit length_remaining;
+
+    // Bytecode public commitment hash
     pol commit running_hash;
 
+    // When this is 1, it represents when reached the end of a contract bytecode
     pol commit end_latch;
+    end_latch * (1 - end_latch) = 0;
+
+    /* Derive Class Id */
+    pol CONTRACT_LEAF = 16;
+    pol commit arifact_hash;
+    pol commit private_fn_root;
+    // class_id = H(CONTRACT_LEAF, artifact_hash, private_fn_root, running_hash)
+    pol commit class_id;
 
-    // TODO: Come back to this;
-    // pol commit class_id;
-    // pol commit contract_address;
+    /* Derive Contract Addr*/
+    pol CONTRACT_ADDRESS_V1 = 15;
+    pol PARTIAL_ADDRESS = 27;
+    // pol SALTED_INIT_HASH = H(PARTIAL_ADDR, salt, init_hash, deployer_addr);
+    // pol PARTIAL_ADDR = H(PARTIAL_ADDR, class_id, SALTED_INIT_HASH);
+    pol commit salt;
+    pol commit initialization_hash;
+    pol commit deployer_addr;
+     // These are points in grumpkin
+    // Nullifier Key
+    pol commit nullifier_key_x;
+    pol commit nullifier_key_y;
+    // Incoming viewing public key
+    pol commit incoming_viewing_key_x;
+    pol commit incoming_viewing_key_y;
+    // Outgoing viewing public key
+    pol commit outgoing_viewing_key_x;
+    pol commit outgoing_viewing_key_y;
+    // Tagging viewing public key
+    pol commit tagging_key_x;
+    pol commit tagging_key_y;
 
+    // When we flat hash these points, we need to include 0 to indicate non-inf
+    // public_key_hash = H(nullifier_key_x,nullifier_key_y,0, incoming_viewing_key_x, incoming_viewing_key_y, 0,
+    //   outgoing_viewing_key_x, outgoing_viewing_key_y, 0, tagging_key_x, tagging_key_y,0)
+    pol commit public_key_hash;
+    // h = H(CONTRACT_ADDRESS_V1, public_key_hash, partial_address)
+    // contract_address = h * G + incoming_viewing_key
+    pol commit contract_address;
 
diff --git a/barretenberg/cpp/src/barretenberg/bb/main.cpp b/barretenberg/cpp/src/barretenberg/bb/main.cpp
@@ -972,6 +972,7 @@ void avm_prove(const std::filesystem::path& calldata_path,
     vinfo("hints.l1_to_l2_message_exists_hints size: ", avm_hints.l1_to_l2_message_exists_hints.size());
     vinfo("hints.externalcall_hints size: ", avm_hints.externalcall_hints.size());
     vinfo("hints.contract_instance_hints size: ", avm_hints.contract_instance_hints.size());
+    vinfo("hints.contract_bytecode_hints size: ", avm_hints.all_contract_bytecode.size());
 
     vinfo("initializing crs with size: ", avm_trace::Execution::SRS_SIZE);
     init_bn254_crs(avm_trace::Execution::SRS_SIZE);

diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/circuit_builder.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/circuit_builder.cpp
@@ -188,10 +188,29 @@ AvmCircuitBuilder::ProverPolynomials AvmCircuitBuilder::compute_polynomials() co
                 polys.binary_op_id.set_if_valid_index(i, rows[i].binary_op_id);
                 polys.binary_sel_bin.set_if_valid_index(i, rows[i].binary_sel_bin);
                 polys.binary_start.set_if_valid_index(i, rows[i].binary_start);
+                polys.bytecode_arifact_hash.set_if_valid_index(i, rows[i].bytecode_arifact_hash);
+                polys.bytecode_as_fields.set_if_valid_index(i, rows[i].bytecode_as_fields);
+                polys.bytecode_bytes.set_if_valid_index(i, rows[i].bytecode_bytes);
+                polys.bytecode_bytes_pc.set_if_valid_index(i, rows[i].bytecode_bytes_pc);
+                polys.bytecode_class_id.set_if_valid_index(i, rows[i].bytecode_class_id);
+                polys.bytecode_contract_address.set_if_valid_index(i, rows[i].bytecode_contract_address);
+                polys.bytecode_decomposed.set_if_valid_index(i, rows[i].bytecode_decomposed);
+                polys.bytecode_deployer_addr.set_if_valid_index(i, rows[i].bytecode_deployer_addr);
                 polys.bytecode_end_latch.set_if_valid_index(i, rows[i].bytecode_end_latch);
+                polys.bytecode_incoming_viewing_key_x.set_if_valid_index(i, rows[i].bytecode_incoming_viewing_key_x);
+                polys.bytecode_incoming_viewing_key_y.set_if_valid_index(i, rows[i].bytecode_incoming_viewing_key_y);
+                polys.bytecode_initialization_hash.set_if_valid_index(i, rows[i].bytecode_initialization_hash);
                 polys.bytecode_length_remaining.set_if_valid_index(i, rows[i].bytecode_length_remaining);
-                polys.bytecode_packed.set_if_valid_index(i, rows[i].bytecode_packed);
+                polys.bytecode_nullifier_key_x.set_if_valid_index(i, rows[i].bytecode_nullifier_key_x);
+                polys.bytecode_nullifier_key_y.set_if_valid_index(i, rows[i].bytecode_nullifier_key_y);
+                polys.bytecode_outgoing_viewing_key_x.set_if_valid_index(i, rows[i].bytecode_outgoing_viewing_key_x);
+                polys.bytecode_outgoing_viewing_key_y.set_if_valid_index(i, rows[i].bytecode_outgoing_viewing_key_y);
+                polys.bytecode_private_fn_root.set_if_valid_index(i, rows[i].bytecode_private_fn_root);
+                polys.bytecode_public_key_hash.set_if_valid_index(i, rows[i].bytecode_public_key_hash);
                 polys.bytecode_running_hash.set_if_valid_index(i, rows[i].bytecode_running_hash);
+                polys.bytecode_salt.set_if_valid_index(i, rows[i].bytecode_salt);
+                polys.bytecode_tagging_key_x.set_if_valid_index(i, rows[i].bytecode_tagging_key_x);
+                polys.bytecode_tagging_key_y.set_if_valid_index(i, rows[i].bytecode_tagging_key_y);
                 polys.cmp_a_hi.set_if_valid_index(i, rows[i].cmp_a_hi);
                 polys.cmp_a_lo.set_if_valid_index(i, rows[i].cmp_a_lo);
                 polys.cmp_b_hi.set_if_valid_index(i, rows[i].cmp_b_hi);