Kernel should not forward read_request_membership_witnesses via public inputs
#1407
Assignees
Labels
C-protocol-circuits
Component: Protocol circuits (kernel & rollup)
Comments
dbanks12
added
the
C-protocol-circuits
iAmMichaelConnor
pushed a commit
that referenced
this issue
Aug 3, 2023
# Description The way nonces work now, there can be inconsistencies in nonce assignment in the simulator vs the private kernel. Furthermore, you cannot know during function execution what the full set of commitments will be for the whole TX as some new commitments may be nullified and squashed. But we still want the ability to determine nonces and therefore uniqueNoteHashes from L1 calldata alone. I am sure I am not explaining all of the issues well enough, but it was determined that the current nonce paradigm will not work and therefore we must rework it. Rework nonces so that siloing by contract address happens first and uniqueness comes later. For now, nonces are injeced by the private ordering circuit (vs suggestion which was base rollup circuit). Pending notes and their reads have no nonces when processed in kernel. The public kernel (and therefore all commitments created in public functions) does not use nonces. Here was Mike's proposal for the rework:  Why not just use leaf index as nonce?  ## Followup tasks * #1029 * #1194 * #1329 * #1407 * #1408 * #1409 * #1410 * Future enhancement: The root rollup circuit could insert all messages at the very beginning of the root rollup circuit, so that txs within the rollup can refer to that state root and read L1>L2 messages immediately. * #1383 * #1386 * We should implement subscription / polling methods for Aztec logs * We should maybe write rpc functions which allow calldata to be subscribed-to, keyed by tx_hash. * If a dapp wants to write a note from a public function, a lot of honus will be on a dapp developer to retain preimage information, query the blockchain, and derive the nonce. We should provide some examples to demonstrate this pattern.
AztecBot
pushed a commit
to AztecProtocol/docs
that referenced
this issue
Aug 3, 2023
# Description The way nonces work now, there can be inconsistencies in nonce assignment in the simulator vs the private kernel. Furthermore, you cannot know during function execution what the full set of commitments will be for the whole TX as some new commitments may be nullified and squashed. But we still want the ability to determine nonces and therefore uniqueNoteHashes from L1 calldata alone. I am sure I am not explaining all of the issues well enough, but it was determined that the current nonce paradigm will not work and therefore we must rework it. Rework nonces so that siloing by contract address happens first and uniqueness comes later. For now, nonces are injeced by the private ordering circuit (vs suggestion which was base rollup circuit). Pending notes and their reads have no nonces when processed in kernel. The public kernel (and therefore all commitments created in public functions) does not use nonces. Here was Mike's proposal for the rework:  Why not just use leaf index as nonce?  ## Followup tasks * AztecProtocol/aztec-packages#1029 * AztecProtocol/aztec-packages#1194 * AztecProtocol/aztec-packages#1329 * AztecProtocol/aztec-packages#1407 * AztecProtocol/aztec-packages#1408 * AztecProtocol/aztec-packages#1409 * AztecProtocol/aztec-packages#1410 * Future enhancement: The root rollup circuit could insert all messages at the very beginning of the root rollup circuit, so that txs within the rollup can refer to that state root and read L1>L2 messages immediately. * AztecProtocol/aztec-packages#1383 * AztecProtocol/aztec-packages#1386 * We should implement subscription / polling methods for Aztec logs * We should maybe write rpc functions which allow calldata to be subscribed-to, keyed by tx_hash. * If a dapp wants to write a note from a public function, a lot of honus will be on a dapp developer to retain preimage information, query the blockchain, and derive the nonce. We should provide some examples to demonstrate this pattern.
4 tasks
dbanks12
pushed a commit
that referenced
this issue
Sep 1, 2023
PhilWindle
pushed a commit
that referenced
this issue
Sep 5, 2023
🤖 I have created a new Aztec Packages release --- ## [0.1.0-alpha50](v0.1.0-alpha49...v0.1.0-alpha50) (2023-09-05) ### ⚠ BREAKING CHANGES * update to acvm 0.24.0 ([#1925](#1925)) ### Features * **892:** add hints for matching transient read requests with correspondi… ([#1995](#1995)) ([0955bb7](0955bb7)) * Add support for assert messages & runtime call stacks ([#1997](#1997)) ([ac68837](ac68837)) * **Aztec.nr:** Kernel return types abstraction ([#1924](#1924)) ([3a8e702](3a8e702)) * **ci:** use content hash in build system, restrict docs build to *.ts or *.cpp ([#1953](#1953)) ([0036e07](0036e07)) * do not allow slot 0 in `noir-libs` ([#1884](#1884)) ([54094b4](54094b4)), closes [#1692](#1692) * throwing when submitting a duplicate tx of a settled one ([#1880](#1880)) ([9ad768f](9ad768f)), closes [#1810](#1810) * typos, using Tx.clone functionality, better naming ([#1976](#1976)) ([00bca67](00bca67)) ### Bug Fixes * add retry_10 around ensure_repo ([#1963](#1963)) ([0afde39](0afde39)) * Adds Mac cross compile flags into barretenberg ([#1954](#1954)) ([3aaf91e](3aaf91e)) * bb meta-data ([#1960](#1960)) ([712e0a0](712e0a0)) * **bb.js:** (breaking change) bundles bb.js properly so that it works in the browser and in node ([#1855](#1855)) ([1aa6f59](1aa6f59)) * Benchmark preset uses clang16 ([#1902](#1902)) ([4f7eeea](4f7eeea)) * build ([#1906](#1906)) ([8223be1](8223be1)) * **ci:** Incorrect content hash in some build targets ([#1973](#1973)) ([0a2a515](0a2a515)) * circuits should not link openmp with -DMULTITHREADING ([#1929](#1929)) ([cd1a685](cd1a685)) * compilation on homebrew clang 16.06 ([#1937](#1937)) ([c611582](c611582)) * docs preprocessor line numbers and errors ([#1883](#1883)) ([4e7e290](4e7e290)) * ensure CLI command doesn't fail due to missing client version ([#1895](#1895)) ([88086e4](88086e4)) * error handling in acir simulator ([#1907](#1907)) ([165008e](165008e)) * Fix off by one in circuits.js when fetching points from transcript ([#1993](#1993)) ([cec901f](cec901f)) * format.sh issues ([#1946](#1946)) ([f24814b](f24814b)) * master ([#1981](#1981)) ([6bfb053](6bfb053)) * More accurate c++ build pattern ([#1962](#1962)) ([21c2f8e](21c2f8e)) * polyfill by bundling fileURLToPath ([#1949](#1949)) ([1b2de01](1b2de01)) * Set correct version of RPC & Sandbox when deploying tagged commit ([#1914](#1914)) ([898c50d](898c50d)) * typescript lookup of aztec.js types ([#1948](#1948)) ([22901ae](22901ae)) * unify base64 interface between mac and linux (cherry-picked) ([#1968](#1968)) ([ee24b52](ee24b52)) * Update docs search config ([#1920](#1920)) ([c8764e6](c8764e6)) * update docs search keys ([#1931](#1931)) ([03b200c](03b200c)) ### Miscellaneous * **1407:** remove forwarding witnesses ([#1930](#1930)) ([cc8bc8f](cc8bc8f)), closes [#1407](#1407) * **1879:** add use of PrivateKernelPublicInputs in TS whenever relevant ([#1911](#1911)) ([8d5f548](8d5f548)) * acir tests are no longer base64 encoded ([#1854](#1854)) ([7fffd16](7fffd16)) * Add back double verify proof to test suite ([#1986](#1986)) ([f8688d7](f8688d7)) * add CLI test to canary flow ([#1918](#1918)) ([cc68958](cc68958)), closes [#1903](#1903) * Add safemath noir testing ([#1967](#1967)) ([cb1f1ec](cb1f1ec)) * **Aztec.nr:** remove implicit imports ([#1901](#1901)) ([c7d5190](c7d5190)) * **Aztec.nr:** Remove the open keyword from public functions ([#1917](#1917)) ([4db8603](4db8603)) * **ci:** build docs on every pr ([#1955](#1955)) ([c200bc5](c200bc5)) * Enable project-specific releases for dockerhub too ([#1721](#1721)) ([5d2c082](5d2c082)) * reduce max circuit size in bb binary ([#1942](#1942)) ([c61439b](c61439b)) * Reference noir master for acir tests ([#1969](#1969)) ([86b72e1](86b72e1)) * remove debug output from `run_acir_tests` script ([#1970](#1970)) ([74c83c5](74c83c5)) * storing `&mut context` in state vars ([#1926](#1926)) ([89a7a3f](89a7a3f)), closes [#1805](#1805) * sync bb master ([#1947](#1947)) ([eed58e1](eed58e1)) * update to acvm 0.24.0 ([#1925](#1925)) ([e728304](e728304)) * Update to acvm 0.24.1 ([#1978](#1978)) ([31c0a02](31c0a02)) * updating docs to clang16 ([#1875](#1875)) ([a248dae](a248dae)) ### Documentation * **keys:** Complete addresses are now broadcast ([#1975](#1975)) ([92068ad](92068ad)), closes [#1936](#1936) * limitations, privacy, roadmap ([#1759](#1759)) ([0cdb27a](0cdb27a)) * put dev docs before spec ([#1944](#1944)) ([f1b29cd](f1b29cd)) * storage and state variables ([#1725](#1725)) ([fc72f84](fc72f84)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
superstar0402
added a commit
to superstar0402/aztec-nr
that referenced
this issue
Aug 16, 2024
# Description The way nonces work now, there can be inconsistencies in nonce assignment in the simulator vs the private kernel. Furthermore, you cannot know during function execution what the full set of commitments will be for the whole TX as some new commitments may be nullified and squashed. But we still want the ability to determine nonces and therefore uniqueNoteHashes from L1 calldata alone. I am sure I am not explaining all of the issues well enough, but it was determined that the current nonce paradigm will not work and therefore we must rework it. Rework nonces so that siloing by contract address happens first and uniqueness comes later. For now, nonces are injeced by the private ordering circuit (vs suggestion which was base rollup circuit). Pending notes and their reads have no nonces when processed in kernel. The public kernel (and therefore all commitments created in public functions) does not use nonces. Here was Mike's proposal for the rework:  Why not just use leaf index as nonce?  ## Followup tasks * AztecProtocol/aztec-packages#1029 * AztecProtocol/aztec-packages#1194 * AztecProtocol/aztec-packages#1329 * AztecProtocol/aztec-packages#1407 * AztecProtocol/aztec-packages#1408 * AztecProtocol/aztec-packages#1409 * AztecProtocol/aztec-packages#1410 * Future enhancement: The root rollup circuit could insert all messages at the very beginning of the root rollup circuit, so that txs within the rollup can refer to that state root and read L1>L2 messages immediately. * AztecProtocol/aztec-packages#1383 * AztecProtocol/aztec-packages#1386 * We should implement subscription / polling methods for Aztec logs * We should maybe write rpc functions which allow calldata to be subscribed-to, keyed by tx_hash. * If a dapp wants to write a note from a public function, a lot of honus will be on a dapp developer to retain preimage information, query the blockchain, and derive the nonce. We should provide some examples to demonstrate this pattern.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
These should be given to each kernel iteration as private inputs from the kernel prover (they are basically "hints"). They massively increase the size of the public inputs otherwise. This refactor will require that the kernel prover in TS knows about which reads are resolved in each iteration so it knows what membership witnesses to give to subsequent iterations.
The text was updated successfully, but these errors were encountered: