PR comments

noir-projects/noir-contracts/contracts/fpc_contract/src/main.nr

@@ -1,13 +1,10 @@
-mod lib;
-
 contract FPC {
     use dep::aztec::{
         protocol_types::{abis::function_selector::FunctionSelector, address::AztecAddress, traits::is_empty},
         state_vars::SharedImmutable, context::gas::GasOpts
     };
     use dep::token::Token;
     use dep::gas_token::GasToken;
-    use crate::lib::compute_rebate;
 
     #[aztec(storage)]
     struct Storage {

noir-projects/noir-contracts/contracts/private_token_contract/src/main.nr

@@ -199,8 +199,18 @@ contract PrivateToken {
 
         // `compute_inner_note_hash` manually, without constructing the note
         // `3` is the storage slot of the balances
-        context.push_new_note_hash(pedersen_hash([3, note_hashes[0]], GENERATOR_INDEX__INNER_NOTE_HASH));
-        context.push_new_note_hash(pedersen_hash([3, note_hashes[1]], GENERATOR_INDEX__INNER_NOTE_HASH));
+        context.push_new_note_hash(
+            pedersen_hash(
+                [PrivateToken::storage().balances.slot, note_hashes[0]],
+                GENERATOR_INDEX__INNER_NOTE_HASH
+            )
+        );
+        context.push_new_note_hash(
+            pedersen_hash(
+                [PrivateToken::storage().balances.slot, note_hashes[1]],
+                GENERATOR_INDEX__INNER_NOTE_HASH
+            )
+        );
     }
 
     /// Internal ///

noir-projects/noir-contracts/contracts/private_token_contract/src/test/basic.nr

@@ -58,6 +58,7 @@ unconstrained fn setup_refund_success() {
     env.call_private_void(setup_refund_from_call_interface);
     let mut context = env.private();
     let owner_npk_m_hash = context.get_header().get_npk_m_hash(&mut context, owner);
+    let recipient_npk_m_hash = context.get_header().get_npk_m_hash(&mut context, recipient);
 
     // when the refund was set up, we would've broken the note worth mint_amount, and added back a note worth
     // mint_amount - funded_amount
@@ -75,13 +76,23 @@ unconstrained fn setup_refund_success() {
         PrivateToken::storage().balances.slot,
         token_contract_address
     );
+    env.store_note_in_cache(
+        &mut TokenNote {
+        amount: U128::from_integer(1),
+        npk_m_hash: recipient_npk_m_hash,
+        randomness: refund_nonce,
+        header: NoteHeader::empty()
+    },
+        PrivateToken::storage().balances.slot,
+        token_contract_address
+    );
 
     utils::check_private_balance(
         &mut env.private(),
         token_contract_address,
         owner,
         mint_amount - 1
     );
-    // utils::check_private_balance(&mut env.private(), token_contract_address, recipient, 1)
+    utils::check_private_balance(&mut env.private(), token_contract_address, recipient, 1)
 }
 

noir-projects/noir-contracts/contracts/private_token_contract/src/types/token_note.nr

@@ -31,6 +31,7 @@ trait PrivatelyRefundable {
 
 global TOKEN_NOTE_LEN: Field = 3; // 3 plus a header.
 global TOKEN_NOTE_BYTES_LEN: Field = 3 * 32 + 64;
+// Grumpkin generator point. 
 global G1 = EmbeddedCurvePoint { x: 1, y: 17631683881184975370165255887551781615748388533673675138860, is_infinite: false };
 
 #[aztec(note)]
@@ -176,6 +177,70 @@ impl PrivatelyRefundable for TokenNote {
             is_infinite: fee_point_raw[2] ==1
         };
 
+        /**
+        What is happening here?
+
+        Back up in generate_refund_points, we created two points on the grumpkin curve;
+        these are going to be eventually turned into notes:
+        one for the user, and one for the FPC.
+
+        So you can think of these (x,y) points as "partial notes": they encode part of the internals of the notes.
+
+        This is because the compute_note_content_hash function above defines the the content hash to be
+        the x-coordinate of a point defined as:
+
+        amount * G + npk * G + randomness * G
+          = (amount + npk + randomness) * G
+        
+        where G is a generator point. Interesting point here is that we actually need to convert
+        - amount
+        - npk
+        - randomness
+        from grumpkin Field elements
+        (which have a modulus of 21888242871839275222246405745257275088548364400416034343698204186575808495617)
+        into a grumpkin scalar
+        (which have a modulus of 21888242871839275222246405745257275088696311157297823662689037894645226208583)
+
+        The intuition for this is that the Field elements define the domain of the x,y coordinates for points on the curves,
+        but the number of points on the curve is actually greater than the size of that domain.
+
+        (Consider, e.g. if the curve were defined over a field of 10 elements, and each x coord had two corresponding y for +/-)
+
+        For a bit more info, see
+        https://hackmd.io/@aztec-network/ByzgNxBfd#2-Grumpkin---A-curve-on-top-of-BN-254-for-SNARK-efficient-group-operations
+
+
+        Anyway, if we have a secret scalar n := amount + npk + randomness, and then we reveal a point n * G, there is no efficient way to
+        deduce what n is. This is the discrete log problem.
+
+        However we can still perform addition/subtraction on points! That is why we generate those two points, which are:
+        fee_payer_point := (fee_payer_npk + nonce) * G
+        sponsored_user_point := (sponsored_user_npk + funded_amount + nonce) * G
+
+        where `funded_amount` is the total amount in tokens that the sponsored user initially supplied, from which the transaction fee will be subtracted.
+
+        So we pass those points into the teardown function (here) and compute a third point corresponding to the transaction fee as just
+
+        fee_point := transaction_fee * G
+
+        Then we arrive at the final points via addition/subtraction of that transaction fee point:
+
+        completed_fpc_point := fee_payer_point + fee_point
+                             = (fee_payer_npk + nonce) * G + transaction_fee * G
+                             = (fee_payer_npk + nonce + transaction_fee) * G
+
+        completed_user_point := sponsored_user_point - fee_point
+                              = (sponsored_user_npk + funded_amount + nonce) * G - transaction_fee * G
+                              = (sponsored_user_npk + nonce + (funded_amount - transaction_fee)) * G
+        
+        When we return the x-coordinate of those points, it identically matches the note_content_hash of (and therefore *is*) notes like:
+        {
+            amount: (funded_amount - transaction_fee),
+            npk_m_hash: sponsored_user_npk,
+            randomness: nonce
+        }
+        */
+
         let completed_fpc_point = fee_payer_point + fee_point;
 
         let completed_user_point = sponsored_user_point - fee_point;

noir-projects/noir-contracts/scripts/flamegraph.sh

@@ -27,8 +27,20 @@ CONTRACT=$1
 # second console arg is the contract function
 FUNCTION=$2
 
+function sed_wrapper() {
+  if sed --version >/dev/null 2>&1; then
+    sed "$@"
+  elif gsed --version >/dev/null 2>&1; then
+    gsed "$@"
+  else
+    echo "No suitable sed found"
+    echo "You can install gsed with 'brew install gnu-sed'"
+    exit 1
+  fi
+}
+
 # convert contract name to following format: token_bridge_contract-TokenBridge.json
-ARTIFACT=$(echo "$CONTRACT" | sed -r 's/^([A-Z])/\L\1/; s/([a-z0-9])([A-Z])/\1_\L\2/g')
+ARTIFACT=$(echo "$CONTRACT" | sed_wrapper -r 's/^([A-Z])/\L\1/; s/([a-z0-9])([A-Z])/\1_\L\2/g')
 ARTIFACT_NAME="${ARTIFACT}_contract-${CONTRACT}"
 
 # Extract artifact for the specific function