Skip to content

Commit

Permalink
feat: generic key validation request (AztecProtocol#6474)
Browse files Browse the repository at this point in the history
  • Loading branch information
benesjan authored May 21, 2024
1 parent 89bc350 commit 948ec38
Show file tree
Hide file tree
Showing 81 changed files with 1,218 additions and 1,123 deletions.
2 changes: 1 addition & 1 deletion docs/docs/protocol-specs/circuits/private-function.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ The public inputs of _every_ private function _must_ adhere to the following ABI
| `encrypted_note_preimage_hashes` | [[`EncryptedNotePreimageHash`](#encryptednotepreimagehash); [`MAX_ENCRYPTED_NOTE_PREIMAGE_HASHES_PER_CALL`](../constants.md#circuit-constants)] | Hashes of the encrypted note preimages emitted in this function call. |
| `note_hash_read_requests` | [[`ReadRequest`](#readrequest); [`MAX_NOTE_HASH_READ_REQUESTS_PER_CALL`](../constants.md#circuit-constants)] | Requests to prove the note hashes being read exist. |
| `nullifier_read_requests` | [[`ReadRequest`](#readrequest); [`MAX_NULLIFIER_READ_REQUESTS_PER_CALL`](../constants.md#circuit-constants)] | Requests to prove the nullifiers being read exist. |
| `nullifier_key_validation_requests` | [[`ParentSecretKeyValidationRequest`](#parentsecretkeyvalidationrequest); [`MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL`](../constants.md#circuit-constants)] | Requests to validate nullifier keys used in this function call. |
| `key_validation_requests` | [[`ParentSecretKeyValidationRequest`](#parentsecretkeyvalidationrequest); [`MAX_KEY_VALIDATION_REQUESTS_PER_CALL`](../constants.md#circuit-constants)] | Requests to validate keys used in this function call. |
| `public_call_requests` | [[`PublicCallRequest`](#publiccallrequest); [`MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL`](../constants.md#circuit-constants)] | Requests to call public functions. |
| `private_call_requests` | [[`PrivateCallRequest`](#privatecallrequest); [`MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL`](../constants.md#circuit-constants)] | Requests to call Private functions. |
| `counter_start` | `u32` | Counter at which the function call was initiated. |
Expand Down
16 changes: 8 additions & 8 deletions docs/docs/protocol-specs/circuits/private-kernel-initial.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ This circuit verifies that the values in [`private_inputs`](#private-inputs)[`.p
- `value`, `contract_address`, `counter`
- `nullifier_read_requests`
- `value`, `contract_address`, `counter`
- `nullifier_key_validation_request_contexts`
- `key_validation_request_contexts`
- `parent_public_key`, `hardened_child_secret_key`
- `unencrypted_log_hash_contexts`
- `hash`, `length`, `counter`
Expand Down Expand Up @@ -254,7 +254,7 @@ This circuit verifies that the values in [`private_inputs`](#private-inputs)[`.p
- `note_hash_contexts`
- `nullifier_contexts`
- `l2_to_l1_message_contexts`
- `nullifier_key_validation_request_contexts`
- `key_validation_request_contexts`
- `unencrypted_log_hash_contexts`
- `encrypted_log_hash_contexts`
- `encrypted_note_preimage_hash_contexts`
Expand Down Expand Up @@ -452,7 +452,7 @@ class PrivateFunctionPublicInputs {
l2_to_l1_messages: List~field~
note_hash_read_requests: List~ReadRequest~
nullifier_read_requests: List~ReadRequest~
nullifier_key_validation_requests: List~ParentSecretKeyValidationRequest~
key_validation_requests: List~ParentSecretKeyValidationRequest~
unencrypted_log_hashes: List~UnencryptedLogHash~
encrypted_log_hashes: List~EncryptedLogHash~
encrypted_note_preimage_hashes: List~EncryptedNotePreimageHash~
Expand All @@ -470,7 +470,7 @@ PrivateFunctionPublicInputs *-- NoteHash: note_hashes
PrivateFunctionPublicInputs *-- Nullifier: nullifiers
PrivateFunctionPublicInputs *-- ReadRequest: note_hash_read_requests
PrivateFunctionPublicInputs *-- ReadRequest: nullifier_read_requests
PrivateFunctionPublicInputs *-- ParentSecretKeyValidationRequest: nullifier_key_validation_requests
PrivateFunctionPublicInputs *-- ParentSecretKeyValidationRequest: key_validation_requests
PrivateFunctionPublicInputs *-- UnencryptedLogHash: unencrypted_log_hashes
PrivateFunctionPublicInputs *-- EncryptedLogHash: encrypted_log_hashes
PrivateFunctionPublicInputs *-- EncryptedNotePreimageHash: encrypted_note_preimage_hashes
Expand Down Expand Up @@ -529,7 +529,7 @@ class ParentSecretKeyValidationRequest {
parent_public_key: GrumpkinPoint
hardened_child_secret_key: fq
}
ParentSecretKeyValidationRequest ..> ParentSecretKeyValidationRequestContext: nullifier_key_validation_requests\n->nullifier_key_validation_request_contexts
ParentSecretKeyValidationRequest ..> ParentSecretKeyValidationRequestContext: key_validation_requests\n->key_validation_request_contexts
class UnencryptedLogHash {
hash: field
Expand Down Expand Up @@ -661,7 +661,7 @@ class TransientAccumulatedData {
note_hash_contexts: List~NoteHashContext~
nullifier_contexts: List~NullifierContext~
l2_to_l1_message_contexts: List~L2ToL1MessageContext~
nullifier_key_validation_request_contexts: List~ParentSecretKeyValidationRequestContext~
key_validation_request_contexts: List~ParentSecretKeyValidationRequestContext~
unencrypted_log_hash_contexts: List~UnencryptedLogHashContext~
encrypted_log_hash_contexts: List~EncryptedLogHashContext~
encrypted_note_preimage_hash_contexts: List~EncryptedNotePreimageHashContext~
Expand All @@ -675,7 +675,7 @@ NullifierContext --* TransientAccumulatedData: nullifier_contexts
L2ToL1MessageContext --* TransientAccumulatedData: l2_to_l1_message_contexts
ReadRequest --* TransientAccumulatedData: note_hash_read_requests
ReadRequest --* TransientAccumulatedData: nullifier_read_requests
ParentSecretKeyValidationRequestContext --* TransientAccumulatedData: nullifier_key_validation_request_contexts
ParentSecretKeyValidationRequestContext --* TransientAccumulatedData: key_validation_request_contexts
UnencryptedLogHashContext --* TransientAccumulatedData: unencrypted_log_hash_contexts
EncryptedLogHashContext --* TransientAccumulatedData: encrypted_log_hash_contexts
EncryptedNotePreimageHashContext --* TransientAccumulatedData: encrypted_note_preimage_hash_contexts
Expand Down Expand Up @@ -776,7 +776,7 @@ Would it be accurate to describe this as `AccumulatedTransientSideEffects`, perh
| `encrypted_note_preimage_hash_contexts` | [[`EncryptedNotePreimageHashContext`](#encryptednotepreimagehash); [`MAX_ENCRYPTED_NOTE_PREIMAGE_HASHES_PER_TX`](../constants.md#circuit-constants)] | Hashes of the encrypted note preimages with extra data aiding verification. |
| `note_hash_read_requests` | [[`ReadRequest`](./private-function#readrequest); [`MAX_NOTE_HASH_READ_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | Requests to prove the note hashes being read exist. |
| `nullifier_read_requests` | [[`ReadRequest`](./private-function#readrequest); [`MAX_NULLIFIER_READ_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | Requests to prove the nullifiers being read exist. |
| `nullifier_key_validation_request_contexts` | [[`ParentSecretKeyValidationRequestContext`](#parentsecretkeyvalidationrequestcontext); [`MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | Requests to validate nullifier keys. |
| `key_validation_request_contexts` | [[`ParentSecretKeyValidationRequestContext`](#parentsecretkeyvalidationrequestcontext); [`MAX_KEY_VALIDATION_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | Requests to validate nullifier keys. |
| `public_call_request_contexts` | [[`PublicCallRequestContext`](./public-kernel-tail.md#publiccallrequestcontext); [`MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX`](../constants.md#circuit-constants)] | Requests to call publics functions. |
| `private_call_request_stack` | [[`PrivateCallRequestContext`](#privatecallrequestcontext); [`MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX`](../constants.md#circuit-constants)] | Requests to call private functions. Pushed to the stack in reverse order so that they will be executed in chronological order. |

Expand Down
10 changes: 5 additions & 5 deletions docs/docs/protocol-specs/circuits/private-kernel-inner.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ class PrivateFunctionPublicInputs {
encrypted_note_preimage_hashes: List~EncryptedNotePreimageHash~
note_hash_read_requests: List~ReadRequest~
nullifier_read_requests: List~ReadRequest~
nullifier_key_validation_requests: List~ParentSecretKeyValidationRequest~
key_validation_requests: List~ParentSecretKeyValidationRequest~
public_call_requests: List~PublicCallRequest~
private_call_requests: List~PrivateCallRequest~
counter_start: u32
Expand All @@ -266,7 +266,7 @@ PrivateFunctionPublicInputs *-- NoteHash: note_hashes
PrivateFunctionPublicInputs *-- Nullifier: nullifiers
PrivateFunctionPublicInputs *-- ReadRequest: note_hash_read_requests
PrivateFunctionPublicInputs *-- ReadRequest: nullifier_read_requests
PrivateFunctionPublicInputs *-- ParentSecretKeyValidationRequest: nullifier_key_validation_requests
PrivateFunctionPublicInputs *-- ParentSecretKeyValidationRequest: key_validation_requests
PrivateFunctionPublicInputs *-- UnencryptedLogHash: unencrypted_log_hashes
PrivateFunctionPublicInputs *-- EncryptedLogHash: encrypted_log_hashes
PrivateFunctionPublicInputs *-- EncryptedNotePreimageHash: encrypted_note_preimage_hashes
Expand Down Expand Up @@ -338,7 +338,7 @@ class ParentSecretKeyValidationRequest {
parent_public_key: GrumpkinPoint
hardened_child_secret_key: fq
}
ParentSecretKeyValidationRequest ..> ParentSecretKeyValidationRequestContext: nullifier_key_validation_requests\n->nullifier_key_validation_request_contexts
ParentSecretKeyValidationRequest ..> ParentSecretKeyValidationRequestContext: key_validation_requests\n->key_validation_request_contexts

class UnencryptedLogHash {
hash: field
Expand Down Expand Up @@ -475,7 +475,7 @@ class TransientAccumulatedData {
encrypted_note_preimage_hash_contexts: List~EncryptedNotePreimageHashContext~
note_hash_read_requests: List~ReadRequest~
nullifier_read_requests: List~ReadRequest~
nullifier_key_validation_request_contexts: List~ParentSecretKeyValidationRequestContext~
key_validation_request_contexts: List~ParentSecretKeyValidationRequestContext~
public_call_request_contexts: List~PublicCallRequestContext~
private_call_request_stack: List~PrivateCallRequestContext~
}
Expand All @@ -484,7 +484,7 @@ NullifierContext --* TransientAccumulatedData: nullifier_contexts
L2ToL1MessageContext --* TransientAccumulatedData: l2_to_l1_message_contexts
ReadRequest --* TransientAccumulatedData: note_hash_read_requests
ReadRequest --* TransientAccumulatedData: nullifier_read_requests
ParentSecretKeyValidationRequestContext --* TransientAccumulatedData: nullifier_key_validation_request_contexts
ParentSecretKeyValidationRequestContext --* TransientAccumulatedData: key_validation_request_contexts
UnencryptedLogHashContext --* TransientAccumulatedData: unencrypted_log_hash_contexts
EncryptedLogHashContext --* TransientAccumulatedData: encrypted_log_hash_contexts
EncryptedNotePreimageHashContext --* TransientAccumulatedData: encrypted_note_preimage_hash_contexts
Expand Down
9 changes: 5 additions & 4 deletions docs/docs/protocol-specs/circuits/private-kernel-reset.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,11 @@ This reset circuit validates the correct derivation of secret keys used in priva

Initialize `requests_kept` to `0`.

For each `request` at index `i` in `nullifier_key_validation_request_contexts`, locate the `master_secret_key` at `master_secret_keys[i]`, provided as [hints](#hints-for-nullifier-key-validation-request-reset-private-kernel-circuit) through `private_inputs`.
For each `request` at index `i` in `key_validation_request_contexts`, locate the `master_secret_key` at `master_secret_keys[i]` and the relevant `app_secret_key` generator at `app_secret_keys_generators[i]`, provided as [hints](#hints-for-nullifier-key-validation-request-reset-private-kernel-circuit) through `private_inputs`.

1. If `master_secret_key == 0`, ensure the request remain within the `public_inputs`.:

- `public_inputs.transient_accumulated_data.nullifier_key_validation_request_contexts[requests_kept] == request`
- `public_inputs.transient_accumulated_data.key_validation_request_contexts[requests_kept] == request`
- Increase `requests_kept` by 1: `requests_kept += 1`

2. Else:
Expand Down Expand Up @@ -199,7 +199,7 @@ All arrays in the `transient_accumulated_data` in the [`public_inputs`](#public-

1. [Read request reset circuit](#note-hash-read-request-reset-private-kernel-circuit) (for note hashes): `note_hash_read_requests`
2. [Read request reset circuit](#nullifier-read-request-reset-private-kernel-circuit) (for nullifiers): `nullifier_read_requests`
3. [Parent secret key validation request reset circuit](#nullifier-key-validation-request-reset-private-kernel-circuit) (for nullifier keys): `nullifier_key_validation_request_contexts`
3. [Parent secret key validation request reset circuit](#nullifier-key-validation-request-reset-private-kernel-circuit) (for nullifier keys): `key_validation_request_contexts`
4. [Transient note reset circuit](#transient-note-reset-private-kernel-circuit): `note_hash_contexts` and `nullifier_contexts`

#### Verifying other data.
Expand Down Expand Up @@ -236,7 +236,8 @@ The format aligns with the [`PreviousKernel`](./private-kernel-inner#previousker

| Field | Type | Description |
| -------------------- | ---------------------------------------------------------------------------------------------- | --------------------------------------- |
| `master_secret_keys` | [`field`; [`MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | Master secret keys for the secret keys. |
| `master_secret_keys` | [`field`; [`MAX_KEY_VALIDATION_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | Master secret to try to derive app secret keys and pub keys from. |
| `app_secret_keys_generators` | [`field`; [`MAX_KEY_VALIDATION_REQUESTS_PER_TX`](../constants.md#circuit-constants)] | App secret key generators to assist with ^. |

### _Hints_ for [Transient Note Reset Private Kernel Circuit](#transient-note-reset-private-kernel-circuit)

Expand Down
2 changes: 1 addition & 1 deletion docs/docs/protocol-specs/circuits/private-kernel-tail.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ It checks the data within [`private_inputs`](#private-inputs)[`.previous_kernel`

- `note_hash_read_requests`
- `nullifier_read_requests`
- `nullifier_key_validation_request_contexts`
- `key_validation_request_contexts`
- The `nullifier_counter` associated with each note hash in `note_hash_contexts`.
- The `note_hash_counter` associated with each nullifier in `nullifier_contexts`.

Expand Down
4 changes: 2 additions & 2 deletions docs/docs/protocol-specs/constants.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ The statically-sized nature the kernel & rollup circuits will restrict the quant
| `MAX_ENCRYPTED_NOTE_PREIMAGE_HASHES_PER_CALL` | 128 |
| `MAX_NOTE_HASH_READ_REQUESTS_PER_CALL` | 128 |
| `MAX_NULLIFIER_READ_REQUESTS_PER_CALL` | 128 |
| `MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL` | 1 | TODO: we shouldn't need this, given the reset circuit. |
| `MAX_KEY_VALIDATION_REQUESTS_PER_CALL | 16 | TODO: we shouldn't need this, given the reset circuit. |
| `MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL` | 32 |
| `MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL` | 32 |

Expand All @@ -71,7 +71,7 @@ The statically-sized nature the kernel & rollup circuits will restrict the quant
| `MAX_ENCRYPTED_NOTE_PREIMAGE_HASHES_PER_TX` | 128 |
| `MAX_OPTIONALLY_REVEALED_DATA_LENGTH_PER_TX` | 4 |
| `MAX_NOTE_HASH_READ_REQUESTS_PER_TX` | 128 | TODO: we shouldn't need this, given the reset circuit. |
| `MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_TX` | 4 | TODO: we shouldn't need this, given the reset circuit. |
| `MAX_KEY_VALIDATION_REQUESTS_PER_TX` | 64 | TODO: we shouldn't need this, given the reset circuit. |
| `MAX_PRIVATE_CALL_STACK_LENGTH_PER_TX` | 32 |
| `MAX_PUBLIC_CALL_STACK_LENGTH_PER_TX` | 32 |

Expand Down
13 changes: 6 additions & 7 deletions l1-contracts/src/core/libraries/ConstantsGen.sol
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ library Constants {
uint256 internal constant MAX_NOTE_HASH_READ_REQUESTS_PER_CALL = 32;
uint256 internal constant MAX_NULLIFIER_READ_REQUESTS_PER_CALL = 32;
uint256 internal constant MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL = 32;
uint256 internal constant MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL = 16;
uint256 internal constant MAX_KEY_VALIDATION_REQUESTS_PER_CALL = 16;
uint256 internal constant MAX_NOTE_ENCRYPTED_LOGS_PER_CALL = 16;
uint256 internal constant MAX_ENCRYPTED_LOGS_PER_CALL = 4;
uint256 internal constant MAX_UNENCRYPTED_LOGS_PER_CALL = 4;
Expand All @@ -39,7 +39,7 @@ library Constants {
uint256 internal constant MAX_NOTE_HASH_READ_REQUESTS_PER_TX = 128;
uint256 internal constant MAX_NULLIFIER_READ_REQUESTS_PER_TX = 128;
uint256 internal constant MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_TX = 128;
uint256 internal constant MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_TX = 64;
uint256 internal constant MAX_KEY_VALIDATION_REQUESTS_PER_TX = 64;
uint256 internal constant MAX_NOTE_ENCRYPTED_LOGS_PER_TX = 64;
uint256 internal constant MAX_ENCRYPTED_LOGS_PER_TX = 8;
uint256 internal constant MAX_UNENCRYPTED_LOGS_PER_TX = 8;
Expand Down Expand Up @@ -119,9 +119,8 @@ library Constants {
uint256 internal constant L2_TO_L1_MESSAGE_LENGTH = 3;
uint256 internal constant SCOPED_L2_TO_L1_MESSAGE_LENGTH = L2_TO_L1_MESSAGE_LENGTH + 1;
uint256 internal constant MAX_BLOCK_NUMBER_LENGTH = 2;
uint256 internal constant NULLIFIER_KEY_VALIDATION_REQUEST_LENGTH = 3;
uint256 internal constant SCOPED_NULLIFIER_KEY_VALIDATION_REQUEST_LENGTH =
NULLIFIER_KEY_VALIDATION_REQUEST_LENGTH + 1;
uint256 internal constant KEY_VALIDATION_REQUEST_LENGTH = 3;
uint256 internal constant SCOPED_KEY_VALIDATION_REQUEST_LENGTH = KEY_VALIDATION_REQUEST_LENGTH + 1;
uint256 internal constant PARTIAL_STATE_REFERENCE_LENGTH = 6;
uint256 internal constant READ_REQUEST_LENGTH = 2;
uint256 internal constant LOG_HASH_LENGTH = 3;
Expand All @@ -146,7 +145,7 @@ library Constants {
uint256 internal constant PRIVATE_CIRCUIT_PUBLIC_INPUTS_LENGTH = CALL_CONTEXT_LENGTH + 4
+ MAX_BLOCK_NUMBER_LENGTH + (READ_REQUEST_LENGTH * MAX_NOTE_HASH_READ_REQUESTS_PER_CALL)
+ (READ_REQUEST_LENGTH * MAX_NULLIFIER_READ_REQUESTS_PER_CALL)
+ (NULLIFIER_KEY_VALIDATION_REQUEST_LENGTH * MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL)
+ (KEY_VALIDATION_REQUEST_LENGTH * MAX_KEY_VALIDATION_REQUESTS_PER_CALL)
+ (NOTE_HASH_LENGTH * MAX_NEW_NOTE_HASHES_PER_CALL)
+ (NULLIFIER_LENGTH * MAX_NEW_NULLIFIERS_PER_CALL)
+ (PRIVATE_CALL_REQUEST_LENGTH * MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL)
Expand Down Expand Up @@ -175,7 +174,7 @@ library Constants {
+ (SCOPED_READ_REQUEST_LEN * MAX_NOTE_HASH_READ_REQUESTS_PER_TX)
+ (SCOPED_READ_REQUEST_LEN * MAX_NULLIFIER_READ_REQUESTS_PER_TX)
+ (SCOPED_READ_REQUEST_LEN * MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_TX)
+ (SCOPED_NULLIFIER_KEY_VALIDATION_REQUEST_LENGTH * MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_TX)
+ (SCOPED_KEY_VALIDATION_REQUEST_LENGTH * MAX_KEY_VALIDATION_REQUESTS_PER_TX)
+ (PUBLIC_DATA_READ_LENGTH * MAX_PUBLIC_DATA_READS_PER_TX);
uint256 internal constant PUBLIC_DATA_UPDATE_REQUEST_LENGTH = 2;
uint256 internal constant COMBINED_ACCUMULATED_DATA_LENGTH = MAX_NEW_NOTE_HASHES_PER_TX
Expand Down
2 changes: 1 addition & 1 deletion noir-projects/aztec-nr/address-note/src/address_note.nr
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use dep::aztec::{
grumpkin_point::GrumpkinPoint, hash::poseidon2_hash
},
note::{note_header::NoteHeader, note_interface::NoteInterface, utils::compute_note_hash_for_consumption},
oracle::unsafe_rand::unsafe_rand, oracle::nullifier_keys::get_nsk_app, context::PrivateContext
oracle::unsafe_rand::unsafe_rand, keys::getters::get_nsk_app, context::PrivateContext
};

global ADDRESS_NOTE_LEN: Field = 3;
Expand Down
Loading

0 comments on commit 948ec38

Please sign in to comment.