feat(sol): vk hashing #16015
Merged
feat(sol): vk hashing #16015
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
This stack of pull requests is managed by Graphite. Learn more about stacking. |
Maddiaa0
commented
Jul 26, 2025
| transcript.add_to_hash_buffer(domain_separator + "vk_pub_inputs_offset", this->pub_inputs_offset); | ||
| return 0; | ||
| // This hash contains a hash of the entire vk - including all of the elements | ||
| const fr hash = this->hash(); |
Member
Author
There was a problem hiding this comment.
this->hash includes the hashes that i removed here + the hashing of the precomputed commitments
lucasxia01
reviewed
Jul 29, 2025
| struct VerificationKey { | ||
| // Hash of all of the field elements in the verification key | ||
| uint256 vkHash; |
Contributor
There was a problem hiding this comment.
not a fan of putting vk hash in here
Contributor
There was a problem hiding this comment.
also why is it a uint256 and not Fr?
Member
Author
There was a problem hiding this comment.
would you perfer it as a constant at the top of the file?
Member
Author
There was a problem hiding this comment.
uint256 as it doesnt need to be reduced its just a constant
lucasxia01
reviewed
Jul 29, 2025
| t3: Honk.G1Point({ | ||
| x: uint256(0x15642d62fc17d119ba4afb77ab424e0a771b5bbb501c75790a1a4e2906931045), | ||
| y: uint256(0x21cea98314ec6efc5f8f1f648f42a7a5c1396036397af54a729801cc1c37d4e2) | ||
| x: uint256(0x1800723660742a70c0cc9a984e30274444a587c93d9f4742a9b96cd3572365e1), |
Contributor
There was a problem hiding this comment.
why is it always t3 changing
Member
Author
There was a problem hiding this comment.
this will no longer be checked in to version control, but not sure tbh
Contributor
There was a problem hiding this comment.
yeah suspicious because no circuit is being changed
lucasxia01
reviewed
Jul 29, 2025
| manifest_expected.add_entry(round, "vk_log_circuit_size", frs_per_uint32); | ||
| manifest_expected.add_entry(round, "vk_num_public_inputs", frs_per_uint32); | ||
| manifest_expected.add_entry(round, "vk_pub_inputs_offset", frs_per_uint32); | ||
| manifest_expected.add_entry(round, "vk_hash", 1); |
Member
Author
There was a problem hiding this comment.
ah, i see frs_per_fr is just one, ill update to that
lucasxia01
reviewed
Jul 29, 2025
lucasxia01
reviewed
Jul 29, 2025
| fr hash() const | ||
| { | ||
| fr vk_hash = crypto::Poseidon2<crypto::Poseidon2Bn254ScalarFieldParams>::hash(this->to_field_elements()); | ||
| fr vk_hash = Transcript::hash(this->to_field_elements()); |
Contributor
There was a problem hiding this comment.
its a little backwards that the vk hash is dependent on the transcript hm
Contributor
There was a problem hiding this comment.
would prefer just overriding this in the keccak class for now
Member
Author
There was a problem hiding this comment.
why do you think so? the hash function used is defined in the transcript, so i think it makes sense
Member
Author
There was a problem hiding this comment.
unless we pull the hash function to be defined in the flavor, then template it into the transcript + others?
Contributor
There was a problem hiding this comment.
because the hash of the vk or whatever object isn't fundamentally dependent on the hash we're using for Fiat-Shamir
Member
Author
There was a problem hiding this comment.
i get you, ill leave it as keccak
Member
Author
There was a problem hiding this comment.
Discussion with lucas: correct function is to define hash function in flavor - but is fine as it is - ISSUE
Member
Author
There was a problem hiding this comment.
lucasxia01
reviewed
Jul 29, 2025
|
|
||
| uint256 immutable $N; | ||
| uint256 immutable $LOG_N; | ||
| uint256 immutable $VK_HASH; |
Contributor
There was a problem hiding this comment.
why didn't we make the rest of the vk a constant as well? just confused about the inconsistency
Member
Author
There was a problem hiding this comment.
it could be done, but as constants can only be value types so we wouldnt be able to store it in a struct, which makes it easier to read for this reference implementation
i suppose it makes alot of sense in the optimized version to move to writing a constant each time, rather than using memory for it.
lucasxia01
approved these changes
Aug 3, 2025
Contributor
lucasxia01
left a comment
lucasxia01
left a comment
There was a problem hiding this comment.
Thanks for doing this
This was referenced Aug 3, 2025
federicobarbacovi
added a commit
that referenced
this pull request
Aug 4, 2025
commit eb94d3a Merge: f847091 3b76348 Author: AztecBot <tech@aztecprotocol.com> Date: Mon Aug 4 05:45:06 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 3b76348 Author: Lasse Herskind <16536249+LHerskind@users.noreply.github.com> Date: Mon Aug 4 06:03:02 2025 +0100 chore: address comments (#16175) Please read [contributing guidelines](CONTRIBUTING.md) and remove this line. For audit-related pull requests, please use the [audit PR template](?expand=1&template=audit.md). commit f847091 Merge: a86bcc3 b0affa7 Author: AztecBot <tech@aztecprotocol.com> Date: Sun Aug 3 22:08:04 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit b0affa7 Author: Lasse Herskind <16536249+LHerskind@users.noreply.github.com> Date: Sun Aug 3 22:26:43 2025 +0100 chore: updated fmt settings foundry.toml (#16155) Updated the `foundry.toml` to also wrap the comments and use the default line_length of 120 instead of the previous 100. Threw some thousands separators in there as well for constant values. ```toml [fmt] line_length = 120 tab_width = 2 variable_override_spacing=false wrap_comments = true number_underscore = "thousands" override_spacing = false ``` commit a86bcc3 Merge: c7a5799 3ded0f6 Author: AztecBot <tech@aztecprotocol.com> Date: Sun Aug 3 20:41:47 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit c7a5799 Merge: fd73d0e 935a8fa Author: AztecBot <tech@aztecprotocol.com> Date: Sun Aug 3 20:11:19 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 3ded0f6 Author: Jan Beneš <janbenes1234@gmail.com> Date: Sun Aug 3 21:56:09 2025 +0200 chore: minor fixes and docs improvements in governance (#16039) When doing my internal review of governance contracts I stumbled upon plenty of small and uncontroversial issues with which it didn't really make sense to clutter my review document. --------- Co-authored-by: LHerskind <16536249+LHerskind@users.noreply.github.com> commit fd73d0e Merge: e2b45d5 99e70e6 Author: AztecBot <tech@aztecprotocol.com> Date: Sun Aug 3 19:29:46 2025 +0000 Merge branch 'next' into merge-train/barretenberg commit 935a8fa Author: Maddiaa <47148561+Maddiaa0@users.noreply.github.com> Date: Sun Aug 3 20:16:22 2025 +0100 feat(sol): vk hashing (#16015) Perform vk hashing in the solidity verifier Takes a different approach to the traditional verifiers. As the vk is fixed ahead of time, we hash it and include it in the precompiled contract, therefore it is preprocessed and does not need to be recomputed by the verifier. commit 99e70e6 Author: Lasse Herskind <16536249+LHerskind@users.noreply.github.com> Date: Sun Aug 3 19:46:27 2025 +0100 chore!: depositAmount and minimumStake naming (#16148) Addressing feedback from @benesjan. Also using his prompt idea to see how well it works. --- This PR refactors validator staking terminology throughout the Aztec codebase to improve clarity and better reflect the purpose of key staking parameters. The main changes involve renaming `depositAmount` to `activationThreshold` and `minimumStake` to `ejectionThreshold`, along with related library and method renames. - **`depositAmount` → `activationThreshold`**: The amount of tokens required to activate a validator and join the validator set - **`minimumStake` → `ejectionThreshold`**: The minimum token balance below which a validator is ejected from the active set - **Solidity Contracts**: Updated all references in `Rollup.sol`, `IStaking.sol`, `GSE.sol`, and related contracts - **Libraries**: - `UserLib` → `CheckpointedUintLib` (more descriptive name for checkpoint management) - `DelegationLib` → `StakeDelegationLib` (clearer purpose indication) - **Methods**: `finaliseHelper()` → `finaliseWithdraw()` in GSE contract for better clarity - Updated environment variables: - `AZTEC_DEPOSIT_AMOUNT` → `AZTEC_ACTIVATION_THRESHOLD` - `AZTEC_MINIMUM_STAKE` → `AZTEC_EJECTION_THRESHOLD` - Updated all configuration files, test constants, and deployment scripts - Updated CLI reference documentation to reflect new parameter names - Updated all code comments to use the new terminology 1. **Improved Clarity**: The new names clearly indicate the purpose of each parameter - one for entering the validator set, one for being removed from it 2. **Better Developer Experience**: Developers can immediately understand what these thresholds represent without needing additional context 3. **Consistency**: Uniform terminology across the entire codebase reduces confusion 4. **Future-Proof**: The new names are more generic and adaptable to potential future staking mechanism changes⚠️ **This is a breaking change** that affects: 1. **Environment Variables**: Any deployment or configuration using the old environment variable names (`AZTEC_DEPOSIT_AMOUNT`, `AZTEC_MINIMUM_STAKE`) must be updated 2. **Contract Interfaces**: External systems calling `getDepositAmount()`, `getMinimumStake()`, or `finaliseHelper()` must update to use the new method names 3. **Configuration Files**: Any JSON/YAML configuration files using the old parameter names need updates 4. **Deployment Scripts**: Custom deployment scripts referencing the old names will need modification - Replace `depositAmount` with `activationThreshold` in all configurations - Replace `minimumStake` with `ejectionThreshold` in all configurations - Update contract calls: - `getDepositAmount()` → `getActivationThreshold()` - `getMinimumStake()` → `getEjectionThreshold()` - `finaliseHelper()` → `finaliseWithdraw()` commit e2b45d5 Author: AztecBot <tech@aztecprotocol.com> Date: Fri Aug 1 20:40:41 2025 +0000 [empty] Start merge-train. Choo choo. commit 5d75421 Author: Aztec Bot <49558828+AztecBot@users.noreply.github.com> Date: Fri Aug 1 21:02:38 2025 +0100 feat: merge-train/barretenberg (#16170) See [merge-train-readme.md](https://github.com/AztecProtocol/aztec-packages/blob/next/.github/workflows/merge-train-readme.md). BEGIN_COMMIT_OVERRIDE chore: civc tests refactor (#16159) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: maramihali <mara@aztec-labs.com> commit 9ab0377 Author: Maddiaa <47148561+Maddiaa0@users.noreply.github.com> Date: Fri Aug 1 16:19:44 2025 +0100 chore(sol): remove unused param in relations.sol (#16166) Fixes a compiler warning commit 0ab7472 Author: Aztec Bot <49558828+AztecBot@users.noreply.github.com> Date: Fri Aug 1 16:02:34 2025 +0100 feat: merge-train/barretenberg (#16153) See [merge-train-readme.md](https://github.com/AztecProtocol/aztec-packages/blob/next/.github/workflows/merge-train-readme.md). BEGIN_COMMIT_OVERRIDE chore: add a `PG_TAIL` proof type and queue type (#16156) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Khashayar Barooti <khashayar@aztecprotocol.com> Co-authored-by: Suyash Bagad <suyash@aztecprotocol.com> Co-authored-by: federicobarbacovi <171914500+federicobarbacovi@users.noreply.github.com> Co-authored-by: maramihali <mara@aztecprotocol.com> Co-authored-by: Jonathan Hao <jonathan@aztec-labs.com> commit eccd655 Author: ludamad <adam.domurad@gmail.com> Date: Fri Aug 1 10:18:11 2025 -0400 chore(release): aztec-nr releases like l1-contracts (#16123) Just overwrite the git contents and tag it / push to branch. Doesn't attempt to keep history commit 82bb4d8 Author: Santiago Palladino <santiago@aztecprotocol.com> Date: Fri Aug 1 11:17:11 2025 -0300 feat: Validators invalidate invalid blocks (#16120) We expect proposers to invalidate the previous block if it is invalid, but if they fail to do so, validators will eventually do it, prioritizing the committee members and then any validator whatsoever. This commit includes other fixes: - If a proposer cannot build a block due to not enough txs, it still tries to invalidate the previous one. - The archiver keeps track of the earliest (not latest) invalid block it has seen, so the sequencer can use this info to invalidate the earliest one. Builds on top of #16067 commit b18c823 Author: josh crites <critesjosh@gmail.com> Date: Fri Aug 1 09:49:18 2025 -0400 chore(docs): Update testnet info (#16163) Updates the testnet contract and version info in docs/docs, to be backported to master so that this info is correct when new releases are cut. Also sets the default testnet version to be published to be 1.2.0 commit e8bfa98 Author: Álvaro Rodríguez <sirasistant@gmail.com> Date: Fri Aug 1 14:14:17 2025 +0200 feat(avm)!: Tree opcodes fail in static context (#16158) Small PR to make emit notehash, emit nullifier and sstore fail on static contexts
federicobarbacovi
pushed a commit
that referenced
this pull request
Aug 5, 2025
Addressing feedback from @benesjan. Also using his prompt idea to see how well it works. --- This PR refactors validator staking terminology throughout the Aztec codebase to improve clarity and better reflect the purpose of key staking parameters. The main changes involve renaming `depositAmount` to `activationThreshold` and `minimumStake` to `ejectionThreshold`, along with related library and method renames. - **`depositAmount` → `activationThreshold`**: The amount of tokens required to activate a validator and join the validator set - **`minimumStake` → `ejectionThreshold`**: The minimum token balance below which a validator is ejected from the active set - **Solidity Contracts**: Updated all references in `Rollup.sol`, `IStaking.sol`, `GSE.sol`, and related contracts - **Libraries**: - `UserLib` → `CheckpointedUintLib` (more descriptive name for checkpoint management) - `DelegationLib` → `StakeDelegationLib` (clearer purpose indication) - **Methods**: `finaliseHelper()` → `finaliseWithdraw()` in GSE contract for better clarity - Updated environment variables: - `AZTEC_DEPOSIT_AMOUNT` → `AZTEC_ACTIVATION_THRESHOLD` - `AZTEC_MINIMUM_STAKE` → `AZTEC_EJECTION_THRESHOLD` - Updated all configuration files, test constants, and deployment scripts - Updated CLI reference documentation to reflect new parameter names - Updated all code comments to use the new terminology 1. **Improved Clarity**: The new names clearly indicate the purpose of each parameter - one for entering the validator set, one for being removed from it 2. **Better Developer Experience**: Developers can immediately understand what these thresholds represent without needing additional context 3. **Consistency**: Uniform terminology across the entire codebase reduces confusion 4. **Future-Proof**: The new names are more generic and adaptable to potential future staking mechanism changes⚠️ **This is a breaking change** that affects: 1. **Environment Variables**: Any deployment or configuration using the old environment variable names (`AZTEC_DEPOSIT_AMOUNT`, `AZTEC_MINIMUM_STAKE`) must be updated 2. **Contract Interfaces**: External systems calling `getDepositAmount()`, `getMinimumStake()`, or `finaliseHelper()` must update to use the new method names 3. **Configuration Files**: Any JSON/YAML configuration files using the old parameter names need updates 4. **Deployment Scripts**: Custom deployment scripts referencing the old names will need modification - Replace `depositAmount` with `activationThreshold` in all configurations - Replace `minimumStake` with `ejectionThreshold` in all configurations - Update contract calls: - `getDepositAmount()` → `getActivationThreshold()` - `getMinimumStake()` → `getEjectionThreshold()` - `finaliseHelper()` → `finaliseWithdraw()` feat(sol): vk hashing (#16015) Perform vk hashing in the solidity verifier Takes a different approach to the traditional verifiers. As the vk is fixed ahead of time, we hash it and include it in the precompiled contract, therefore it is preprocessed and does not need to be recomputed by the verifier. chore: minor fixes and docs improvements in governance (#16039) When doing my internal review of governance contracts I stumbled upon plenty of small and uncontroversial issues with which it didn't really make sense to clutter my review document. --------- Co-authored-by: LHerskind <16536249+LHerskind@users.noreply.github.com> chore: updated fmt settings foundry.toml (#16155) Updated the `foundry.toml` to also wrap the comments and use the default line_length of 120 instead of the previous 100. Threw some thousands separators in there as well for constant values. ```toml [fmt] line_length = 120 tab_width = 2 variable_override_spacing=false wrap_comments = true number_underscore = "thousands" override_spacing = false ``` chore: address comments (#16175) Please read [contributing guidelines](CONTRIBUTING.md) and remove this line. For audit-related pull requests, please use the [audit PR template](?expand=1&template=audit.md). chore: invert check (#16181) Looks like this condition should have been inverted. [Nightly CI logs](https://github.com/AztecProtocol/aztec-packages/actions/runs/16712826743/job/47300588722) ``` 03:18:35 + case "$cmd" in 03:18:35 + release 03:18:35 + semver check v1.0.0-nightly.20250804 03:18:35 + echo_stderr 'Release tag must be a valid semver version. Found: v1.0.0-nightly.20250804' 03:18:35 + echo Release tag must be a valid semver version. Found: v1.0.0-nightly.20250804 03:18:35 Release tag must be a valid semver version. Found: v1.0.0-nightly.20250804 03:18:35 + exit 1 ``` chore: remove `uint` (#16062) Removed `uint` module from `stdlib`. Had to change two modules that used `uint`: 1. `edcsa`: an ecdsa signature contains a byte `v` and we were using `uint8` to represent it in circuits. Replaced that with `byte_array` (of size 1). 2. `keccak`: variable length keccak (i.e., the number of bytes being hashed is a circuit-variable) was using `uint32` to represent `num_bytes`. We are not using this version of keccak anywhere so its better to get rid of than to maintain/audit. feat(bb): allow for different transcript types depending on the flavor (#16017) This change changes the transcript type in the solidity verifier case to be a uint256 instead of serialising as field elements It should reduce the size of the proof by 2368 bytes. This significantly reduces hashing costs + calldata costs, and should amount to a gas savings in the region of 50k This pr just performs the plumbing into bb that makes these changes, and does not apply the changes - changing the TranscriptType to uint256_t and does not make the changes to solidity. Expect this in a follow on **Note: still needs a cleanup but leaving this here for review from others on the approach** chore: remove `decompose_into_bits()` function from `field_t` class (#15795) Since we're removing the merkle membership circuit implementation from cpp code, we no longer use the function `decompose_into_bits()` in the `field_t` class. Best to remove it instead of maintaining. chore: Standardise native public input handling (#16050) Public inputs in `stdlib` are handled via the special public input mechanisms: we have classes (`KernelIO`, `DefaultIO`, `HidingKernelIO`, `RollupIO`) that set public inputs, reconstruct them, create defaults, etc. Native public inputs have a similar mechanism, but the mechanism has many hacks built-in as native structures are used in more extensively than their `stdlib` counterparts (e.g., we use `field` also to construct the base/scalar field of `secp256k1`, which we never need to deserialise from public inputs). This PR standardises usage of native public inputs by creating a structure similar to the one used in `stdlib`: we define a `PublicInputComponent` class that works as a wrapper around classes that can be deserialised from the public inputs, and we use this wrapper class to reconstruct special public inputs (pairing points, IPA claims, etc.). To use the class, we make choices about how elements that are not currently used in circuit should be serialised. This pertains to base/scalar fields of `secp256k1` and `secp256r1` (and therefore to affine points on these curves). For consistency with the base field of `BN254`, we set `PUBLIC_INPUTS_SIZE = 4` for an element in each of these fields. This PR also cleans up the usage of the constants `PAIRING_POINTS_SIZE` and `IPA_CLAIM_SIZE`, as they can now be extracted from the respective classes `PairingPoints` and `OpeningClaim<Curve>` where `Curve` is `Grumpkin` (either native or `stdlib`) Closes AztecProtocol/barretenberg#1478 --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: Suyash Bagad <suyash@aztecprotocol.com> Co-authored-by: Jonathan Hao <jonathan@aztec-labs.com> Co-authored-by: ledwards2225 <98505400+ledwards2225@users.noreply.github.com> Co-authored-by: sergei iakovenko <105737703+iakovenkos@users.noreply.github.com> Co-authored-by: ludamad <adam.domurad@gmail.com> Co-authored-by: Raju Krishnamoorthy <krishnamoorthy@gmail.com> Co-authored-by: notnotraju <raju@aztec-labs.com> Co-authored-by: Lucas Xia <lucasxia01@gmail.com> Co-authored-by: Khashayar Barooti <khashayar@aztecprotocol.com> Co-authored-by: Jean M <132435771+jeanmon@users.noreply.github.com> Co-authored-by: Alex Gherghisan <alexghr@users.noreply.github.com> Co-authored-by: Santiago Palladino <spalladino@users.noreply.github.com> Co-authored-by: Santiago Palladino <santiago@aztec-labs.com> Co-authored-by: ludamad <domuradical@gmail.com> Co-authored-by: maramihali <mara@aztecprotocol.com> Co-authored-by: Sarkoxed <75146596+Sarkoxed@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Perform vk hashing in the solidity verifier
Takes a different approach to the traditional verifiers.
As the vk is fixed ahead of time, we hash it and include it in the precompiled contract, therefore it is preprocessed
and does not need to be recomputed by the verifier.