Merge branch 'master' into mv/program-gate-count

.github/workflows/ci.yml

@@ -23,7 +23,7 @@ jobs:
     with:
       runner_label: ${{ inputs.username || github.actor }}-x86
       ebs_cache_size_gb: 256
-      runner_concurrency: 30
+      runner_concurrency: 50
       subaction: ${{ inputs.runner_action || 'start' }}
       # Use instance types with low interruption rate in us-east-2 https://aws.amazon.com/ec2/spot/instance-advisor/
       ec2_instance_type: r6in.32xlarge r6a.32xlarge i4i.32xlarge r7iz.32xlarge

barretenberg/.gitrepo

@@ -6,7 +6,7 @@
 [subrepo]
 	remote = https://github.com/AztecProtocol/barretenberg
 	branch = master
-	commit = 7ffbebd1eb8f60fb77145842a31358522ad161b9
-	parent = 856657fbd1f82b7526b3ff0214e3e6758db214e3
+	commit = a0f30c4760a4fe7db9680377d97cd7a75b048fdb
+	parent = b2c019b6b11c3aaa98d8bbb79b77b42a5f87f0d0
 	method = merge
 	cmdver = 0.4.6

l1-contracts/src/core/libraries/ConstantsGen.sol

@@ -128,6 +128,7 @@ library Constants {
   uint256 internal constant NULLIFIER_LENGTH = 3;
   uint256 internal constant SCOPED_NULLIFIER_LENGTH = NULLIFIER_LENGTH + 1;
   uint256 internal constant SIDE_EFFECT_LENGTH = 2;
+  uint256 internal constant ROLLUP_VALIDATION_REQUESTS_LENGTH = MAX_BLOCK_NUMBER_LENGTH;
   uint256 internal constant STATE_REFERENCE_LENGTH =
     APPEND_ONLY_TREE_SNAPSHOT_LENGTH + PARTIAL_STATE_REFERENCE_LENGTH;
   uint256 internal constant TX_CONTEXT_LENGTH = 2 + GAS_SETTINGS_LENGTH;
@@ -157,6 +158,34 @@ library Constants {
     + 1;
   uint256 internal constant PRIVATE_CALL_STACK_ITEM_LENGTH =
     AZTEC_ADDRESS_LENGTH + FUNCTION_DATA_LENGTH + PRIVATE_CIRCUIT_PUBLIC_INPUTS_LENGTH;
+  uint256 internal constant SCOPED_READ_REQUEST_LEN = READ_REQUEST_LENGTH + 1;
+  uint256 internal constant PUBLIC_DATA_READ_LENGTH = 2;
+  uint256 internal constant VALIDATION_REQUESTS_LENGTH = ROLLUP_VALIDATION_REQUESTS_LENGTH
+    + (SCOPED_READ_REQUEST_LEN * MAX_NOTE_HASH_READ_REQUESTS_PER_TX)
+    + (SCOPED_READ_REQUEST_LEN * MAX_NULLIFIER_READ_REQUESTS_PER_TX)
+    + (SCOPED_READ_REQUEST_LEN * MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_TX)
+    + (SCOPED_NULLIFIER_KEY_VALIDATION_REQUEST_LENGTH * MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_TX)
+    + (PUBLIC_DATA_READ_LENGTH * MAX_PUBLIC_DATA_READS_PER_TX);
+  uint256 internal constant PUBLIC_DATA_UPDATE_REQUEST_LENGTH = 2;
+  uint256 internal constant COMBINED_ACCUMULATED_DATA_LENGTH = MAX_NEW_NOTE_HASHES_PER_TX
+    + MAX_NEW_NULLIFIERS_PER_TX + MAX_NEW_L2_TO_L1_MSGS_PER_TX + 4
+    + (MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_TX * PUBLIC_DATA_UPDATE_REQUEST_LENGTH) + GAS_LENGTH;
+  uint256 internal constant COMBINED_CONSTANT_DATA_LENGTH =
+    HEADER_LENGTH + TX_CONTEXT_LENGTH + GLOBAL_VARIABLES_LENGTH;
+  uint256 internal constant CALLER_CONTEXT_LENGTH = 2 * AZTEC_ADDRESS_LENGTH;
+  uint256 internal constant CALL_REQUEST_LENGTH =
+    1 + AZTEC_ADDRESS_LENGTH + CALLER_CONTEXT_LENGTH + 2;
+  uint256 internal constant PRIVATE_ACCUMULATED_DATA_LENGTH = (
+    SCOPED_NOTE_HASH_LENGTH * MAX_NEW_NOTE_HASHES_PER_TX
+  ) + (SCOPED_NULLIFIER_LENGTH * MAX_NEW_NULLIFIERS_PER_TX)
+    + (MAX_NEW_L2_TO_L1_MSGS_PER_TX * SCOPED_L2_TO_L1_MESSAGE_LENGTH)
+    + (SIDE_EFFECT_LENGTH * MAX_ENCRYPTED_LOGS_PER_TX)
+    + (SIDE_EFFECT_LENGTH * MAX_UNENCRYPTED_LOGS_PER_TX) + 2
+    + (CALL_REQUEST_LENGTH * MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX)
+    + (CALL_REQUEST_LENGTH * MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX);
+  uint256 internal constant PRIVATE_KERNEL_CIRCUIT_PUBLIC_INPUTS_LENGTH = 1
+    + VALIDATION_REQUESTS_LENGTH + PRIVATE_ACCUMULATED_DATA_LENGTH + COMBINED_CONSTANT_DATA_LENGTH
+    + CALL_REQUEST_LENGTH;
   uint256 internal constant ENQUEUE_PUBLIC_FUNCTION_CALL_RETURN_LENGTH =
     2 + FUNCTION_DATA_LENGTH + CALL_CONTEXT_LENGTH;
   uint256 internal constant GET_NOTES_ORACLE_RETURN_LENGTH = 674;

noir-projects/aztec-nr/.gitrepo

@@ -6,7 +6,7 @@
 [subrepo]
 	remote = https://github.com/AztecProtocol/aztec-nr
 	branch = master
-	commit = 425256e90b778e29913427d71bf0038187ca6bc7
+	commit = 440d97fb931948aa90fcd6a1ee0206abdc468745
 	method = merge
 	cmdver = 0.4.6
-	parent = 4b4187f4bd004a11710b1fdd0119e9c098ae969c
+	parent = 7a81f4568348ceee1dde52ec2c93c5245420f880

noir-projects/aztec-nr/aztec/src/encrypted_logs/body.nr

@@ -1,7 +1,7 @@
 use crate::note::{note_interface::NoteInterface};
 use dep::protocol_types::{grumpkin_private_key::GrumpkinPrivateKey, grumpkin_point::GrumpkinPoint};
 
-use crate::oracle::encryption::aes128_encrypt;
+use dep::std::aes128::aes128_encrypt_slice;
 use crate::keys::point_to_symmetric_key::point_to_symmetric_key;
 
 struct EncryptedLogBody<Note> {
@@ -19,32 +19,30 @@ impl<Note> EncryptedLogBody<Note> {
         Self { storage_slot, note_type_id, note }
     }
 
-    pub fn compute_ciphertext<N, M>(
+    pub fn compute_ciphertext<N>(
         self,
         secret: GrumpkinPrivateKey,
         point: GrumpkinPoint
-    ) -> [u8; M] where Note: NoteInterface<N> {
-        // We need 32 bytes for every field in the note, and then we have 2 extra fields (storage_slot and note_type_id)
-        let serialized_note: [Field; N] = Note::serialize_content(self.note);
+    ) -> [u8] where Note: NoteInterface<N> {
+        let serialized_note: [Field; N] = self.note.serialize_content();
 
-        // Work around not being able to use N directly beyond the size of the array above.
-        let N_ = serialized_note.len();
-
-        assert(N_ * 32 + 64 == M, "Invalid size of encrypted log body");
-
-        let mut buffer: [u8; M] = [0; M];
+        let mut buffer_slice: [u8] = &[];
 
         let storage_slot_bytes = self.storage_slot.to_be_bytes(32);
         let note_type_id_bytes = self.note_type_id.to_be_bytes(32);
+
+        for i in 0..32 {
+            buffer_slice = buffer_slice.push_back(storage_slot_bytes[i]);
+        }
+
         for i in 0..32 {
-            buffer[i] = storage_slot_bytes[i];
-            buffer[32 + i] = note_type_id_bytes[i];
+            buffer_slice = buffer_slice.push_back(note_type_id_bytes[i]);
         }
 
-        for i in 0..N_ {
+        for i in 0..serialized_note.len() {
             let bytes = serialized_note[i].to_be_bytes(32);
             for j in 0..32 {
-                buffer[64 + i * 32 + j] = bytes[j];
+                buffer_slice = buffer_slice.push_back(bytes[j]);
             }
         }
 
@@ -56,35 +54,33 @@ impl<Note> EncryptedLogBody<Note> {
             sym_key[i] = full_key[i];
             iv[i] = full_key[i + 16];
         }
-
-        aes128_encrypt(buffer, iv, sym_key)
+        aes128_encrypt_slice(buffer_slice, iv, sym_key)
     }
 }
 
-/*
-// Test is semi broken, needs to be fixed along with #6172  
 mod test {
     use crate::encrypted_logs::body::EncryptedLogBody;
-    use dep::protocol_types::{address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER};
+    use dep::protocol_types::{
+        address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER,
+        grumpkin_private_key::GrumpkinPrivateKey, grumpkin_point::GrumpkinPoint
+    };
 
     use crate::{
         note::{note_header::NoteHeader, note_interface::NoteInterface, utils::compute_note_hash_for_consumption},
         oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
         context::PrivateContext, hash::poseidon2_hash
     };
 
-    use dep::protocol_types::{address::AztecAddress, grumpkin_private_key::GrumpkinPrivateKey, grumpkin_point::GrumpkinPoint};
-
     struct AddressNote {
         address: AztecAddress,
         owner: AztecAddress,
         randomness: Field,
         header: NoteHeader,
     }
 
-    global BIB_BOB_ADDRESS_NOTE_LEN: Field = 3;
+    global ADDRESS_NOTE_LEN: Field = 3;
 
-    impl NoteInterface<BIB_BOB_ADDRESS_N3OTE_LEN> for AddressNote {
+    impl NoteInterface<ADDRESS_NOTE_LEN> for AddressNote {
         fn compute_note_content_hash(self) -> Field {1}
 
         fn get_note_type_id() -> Field {2}
@@ -99,9 +95,9 @@ mod test {
 
         fn broadcast(self, context: &mut PrivateContext, slot: Field) {}
 
-        fn serialize_content(self) -> [Field; BIB_BOB_ADDRESS_NOTE_LEN] { [self.address.to_field(), self.owner.to_field(), self.randomness]}
+        fn serialize_content(self) -> [Field; ADDRESS_NOTE_LEN] { [self.address.to_field(), self.owner.to_field(), self.randomness]}
 
-        fn deserialize_content(fields: [Field; BIB_BOB_ADDRESS_NOTE_LEN]) -> Self {
+        fn deserialize_content(fields: [Field; ADDRESS_NOTE_LEN]) -> Self {
             AddressNote { address: AztecAddress::from_field(fields[0]), owner: AztecAddress::from_field(fields[1]), randomness: fields[2], header: NoteHeader::empty() }
         }
     }
@@ -110,10 +106,9 @@ mod test {
         pub fn new(address: AztecAddress, owner: AztecAddress, randomness: Field) -> Self {
             AddressNote { address, owner, randomness, header: NoteHeader::empty() }
         }
-        // docs:end:address_note_def
     }
 
-    // @todo Issue(#6172) This is to be run as a test. But it is currently using the AES oracle so will fail there.
+    #[test]
     fn test_encrypted_log_body() {
         let note = AddressNote::new(
             AztecAddress::from_field(0x1),
@@ -137,11 +132,12 @@ mod test {
         let ciphertext = body.compute_ciphertext(secret, point);
 
         let expected_body_ciphertext = [
-            131, 119, 105, 129, 244, 32, 151, 205, 12, 99, 93, 62, 10, 180, 72, 21, 36, 194, 14, 168, 0, 137, 126, 59, 151, 177, 136, 254, 153, 190, 92, 33, 40, 151, 178, 54, 34, 166, 124, 96, 117, 108, 168, 7, 147, 222, 81, 201, 254, 170, 244, 151, 60, 64, 226, 45, 156, 185, 53, 23, 121, 63, 243, 101, 134, 21, 167, 39, 226, 203, 162, 223, 28, 74, 244, 159, 54, 201, 192, 168, 19, 85, 103, 82, 148, 3, 153, 210, 89, 245, 171, 171, 12, 248, 40, 74, 199, 65, 96, 42, 84, 83, 48, 21, 188, 134, 45, 247, 134, 166, 109, 170, 68, 212, 99, 235, 74, 202, 162, 108, 130, 128, 122, 16, 79, 242, 30, 157, 26, 75, 57, 24, 18, 124, 217, 74, 155, 13, 171, 205, 194, 193, 103, 134, 224, 204, 46, 105, 135, 166, 192, 163, 186, 42, 71, 51, 156, 161, 8, 131
+            131, 119, 105, 129, 244, 32, 151, 205, 12, 99, 93, 62, 10, 180, 72, 21, 47, 232, 95, 17, 240, 230, 80, 129, 174, 158, 23, 76, 114, 185, 43, 18, 254, 148, 147, 230, 66, 216, 167, 62, 180, 213, 238, 33, 108, 29, 84, 139, 99, 206, 212, 253, 92, 116, 137, 31, 0, 104, 45, 91, 250, 109, 141, 114, 189, 53, 35, 60, 108, 156, 170, 206, 150, 114, 150, 187, 198, 13, 62, 153, 133, 13, 169, 167, 242, 221, 40, 168, 186, 203, 104, 82, 47, 238, 142, 179, 90, 37, 9, 70, 245, 176, 122, 247, 42, 87, 75, 7, 20, 89, 166, 123, 14, 26, 230, 156, 49, 94, 0, 94, 72, 58, 171, 239, 115, 174, 155, 7, 151, 17, 60, 206, 193, 134, 70, 87, 215, 88, 21, 194, 63, 26, 106, 105, 124, 213, 252, 152, 192, 71, 115, 13, 181, 5, 169, 15, 170, 196, 174, 228, 170, 192, 91, 76, 110, 220, 89, 47, 248, 144, 189, 251, 167, 149, 248, 226
         ];
 
-        assert_eq(ciphertext, expected_body_ciphertext);
+        for i in 0..expected_body_ciphertext.len() {
+            assert_eq(ciphertext[i], expected_body_ciphertext[i]);
+        }
+        assert_eq(expected_body_ciphertext.len(), ciphertext.len());
     }
 }
-
-*/

noir-projects/aztec-nr/aztec/src/encrypted_logs/header.nr

@@ -1,8 +1,9 @@
 use dep::protocol_types::{address::AztecAddress, grumpkin_private_key::GrumpkinPrivateKey, grumpkin_point::GrumpkinPoint};
 
-use crate::oracle::encryption::aes128_encrypt;
 use crate::keys::point_to_symmetric_key::point_to_symmetric_key;
 
+use dep::std::aes128::aes128_encrypt_slice;
+
 struct EncryptedLogHeader {
     address: AztecAddress,
 }
@@ -13,28 +14,22 @@ impl EncryptedLogHeader {
     }
 
     // @todo Issue(#5901) Figure out if we return the bytes or fields for the log
-    fn compute_ciphertext(self, secret: GrumpkinPrivateKey, point: GrumpkinPoint) -> [u8; 32] {
+    fn compute_ciphertext(self, secret: GrumpkinPrivateKey, point: GrumpkinPoint) -> [u8; 48] {
         let full_key = point_to_symmetric_key(secret, point);
         let mut sym_key = [0; 16];
         let mut iv = [0; 16];
-        let mut input = [0; 32];
-        let input_slice = self.address.to_field().to_be_bytes(32);
 
         for i in 0..16 {
             sym_key[i] = full_key[i];
             iv[i] = full_key[i + 16];
-
-            // We copy address on the following 2 lines in order to avoid having 2 loops  
-            input[i] = input_slice[i];
-            input[i + 16] = input_slice[i + 16];
         }
 
-        // @todo Issue(#6172) This encryption is currently using an oracle. It is not actually constrained atm.
-        aes128_encrypt(input, iv, sym_key)
+        let input: [u8] = self.address.to_field().to_be_bytes(32);
+        aes128_encrypt_slice(input, iv, sym_key).as_array()
     }
 }
 
-// @todo Issue(#6172) This is to be run as a test. But it is currently using the AES oracle so will fail there.
+#[test]
 fn test_encrypted_log_header() {
     let address = AztecAddress::from_field(0xdeadbeef);
     let header = EncryptedLogHeader::new(address);
@@ -50,7 +45,7 @@ fn test_encrypted_log_header() {
     let ciphertext = header.compute_ciphertext(secret, point);
 
     let expected_header_ciphertext = [
-        131, 119, 105, 129, 244, 32, 151, 205, 12, 99, 93, 62, 10, 180, 72, 21, 179, 36, 250, 95, 56, 167, 171, 16, 195, 164, 223, 57, 75, 5, 24, 119
+        131, 119, 105, 129, 244, 32, 151, 205, 12, 99, 93, 62, 10, 180, 72, 21, 179, 36, 250, 95, 56, 167, 171, 16, 195, 164, 223, 57, 75, 5, 24, 119, 198, 34, 99, 189, 193, 183, 227, 43, 79, 204, 214, 89, 221, 153, 246, 64
     ];
 
     assert_eq(ciphertext, expected_header_ciphertext);

noir-projects/noir-contracts/contracts/avm_test_contract/src/main.nr

@@ -140,6 +140,19 @@ contract AvmTest {
         a + b
     }
 
+    #[aztec(public-vm)]
+    fn u128_addition_overflow() -> U128 {
+        let max_u128: U128 = U128::from_hex("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+        let one: U128 = U128::from_integer(1);
+        max_u128 + one
+    }
+
+    #[aztec(public-vm)]
+    fn u128_from_integer_overflow() -> U128 {
+        let should_overflow: Field = 2.pow_32(128); // U128::max() + 1;
+        U128::from_integer(should_overflow)
+    }
+
     /************************************************************************
      * Hashing functions
      ************************************************************************/

noir-projects/noir-contracts/contracts/schnorr_account_contract/src/main.nr

@@ -39,7 +39,7 @@ contract SchnorrAccount {
     // Note: If you globally change the entrypoint signature don't forget to update default_entrypoint.ts file
     #[aztec(private)]
     #[aztec(noinitcheck)]
-    fn entrypoint(app_payload: pub AppPayload, fee_payload: pub FeePayload) {
+    fn entrypoint(app_payload: AppPayload, fee_payload: FeePayload) {
         let actions = AccountActions::private(
             &mut context,
             storage.approved_actions.storage_slot,

noir-projects/noir-contracts/contracts/test_contract/src/main.nr

@@ -337,7 +337,7 @@ contract Test {
     }
 
     #[aztec(private)]
-    fn encrypt(input: [u8; 64], iv: [u8; 16], key: [u8; 16]) -> [u8; 64] {
+    fn encrypt(input: [u8; 64], iv: [u8; 16], key: [u8; 16]) -> [u8; 80] {
         aes128_encrypt(input, iv, key)
     }
 
@@ -347,20 +347,20 @@ contract Test {
     }
 
     #[aztec(private)]
-    fn compute_note_header_ciphertext(secret: GrumpkinPrivateKey, point: GrumpkinPoint) -> [u8; 32] {
+    fn compute_note_header_ciphertext(secret: GrumpkinPrivateKey, point: GrumpkinPoint) -> [u8; 48] {
         EncryptedLogHeader::new(context.this_address()).compute_ciphertext(secret, point)
     }
 
-    // 64 bytes + 32 * #fields = 96 bytes
+    // 64 bytes + 32 * #fields + 16 = 112 bytes
     #[aztec(private)]
     fn compute_note_body_ciphertext(
         secret: GrumpkinPrivateKey,
         point: GrumpkinPoint,
         storage_slot: Field,
         value: Field
-    ) -> [u8; 96] {
+    ) -> [u8; 112] {
         let note = TestNote::new(value);
-        EncryptedLogBody::new(storage_slot, TestNote::get_note_type_id(), note).compute_ciphertext(secret, point)
+        EncryptedLogBody::new(storage_slot, TestNote::get_note_type_id(), note).compute_ciphertext(secret, point).as_array()
     }
 
     #[aztec(public)]

noir-projects/noir-protocol-circuits/crates/private-kernel-init/src/main.nr

@@ -1,6 +1,7 @@
 use dep::private_kernel_lib::PrivateKernelInitCircuitPrivateInputs;
 use dep::types::PrivateKernelCircuitPublicInputs;
 
-fn main(input: PrivateKernelInitCircuitPrivateInputs) ->  pub PrivateKernelCircuitPublicInputs {
+#[recursive]
+fn main(input: PrivateKernelInitCircuitPrivateInputs) -> pub PrivateKernelCircuitPublicInputs {
     input.native_private_kernel_circuit_initial()
 }

noir-projects/noir-protocol-circuits/crates/private-kernel-inner/src/main.nr

@@ -1,6 +1,7 @@
 use dep::private_kernel_lib::PrivateKernelInnerCircuitPrivateInputs;
 use dep::types::PrivateKernelCircuitPublicInputs;
 
-fn main(input: PrivateKernelInnerCircuitPrivateInputs) ->  pub PrivateKernelCircuitPublicInputs {
+#[recursive]
+fn main(input: PrivateKernelInnerCircuitPrivateInputs) -> pub PrivateKernelCircuitPublicInputs {
     input.native_private_kernel_circuit_inner()
 }

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/kernel_circuit_public_inputs_composer.nr

@@ -1,7 +1,7 @@
 use dep::reset_kernel_lib::verify_squashed_transient_note_hashes_and_nullifiers;
 use dep::types::{
     abis::{
-    kernel_data::PrivateKernelData,
+    private_kernel_data::PrivateKernelData,
     kernel_circuit_public_inputs::{KernelCircuitPublicInputs, PrivateKernelCircuitPublicInputsBuilder, PublicKernelCircuitPublicInputs},
     note_hash::ScopedNoteHash, nullifier::ScopedNullifier, side_effect::{SideEffect, Ordered}, gas::Gas
 },

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/private_kernel_init.nr

@@ -1,7 +1,7 @@
 use crate::{common, private_kernel_circuit_public_inputs_composer::PrivateKernelCircuitPublicInputsComposer};
 use dep::types::{
     abis::{
-    private_kernel::private_call_data::PrivateCallData,
+    private_kernel::private_call_data::{PrivateCallData, verify_private_call},
     kernel_circuit_public_inputs::PrivateKernelCircuitPublicInputs
 },
     constants::MAX_NEW_NOTE_HASHES_PER_CALL, mocked::verify_private_function_proof,
@@ -68,14 +68,15 @@ impl PrivateKernelInitCircuitPrivateInputs {
     pub fn native_private_kernel_circuit_initial(self) -> PrivateKernelCircuitPublicInputs {
         let private_call_public_inputs = self.private_call.call_stack_item.public_inputs;
 
+        // verify/aggregate the private call proof
+        verify_private_call(self.private_call);
+
         self.validate_inputs();
 
         common::validate_private_call_data(self.private_call);
 
         self.validate_this_private_call_against_tx_request();
 
-        assert(verify_private_function_proof(self.private_call.proof), "Invalid private function proof.");
-
         PrivateKernelCircuitPublicInputsComposer::new_from_tx_request(self.tx_request, private_call_public_inputs).compose(
             private_call_public_inputs,
             self.hints.note_hash_nullifier_counters,