WIP

AztecProtocol · Oct 24, 2024 · 3ae2f41 · 3ae2f41
1 parent 771a2ac
commit 3ae2f41
Show file tree

Hide file tree

Showing 20 changed files with 596 additions and 369 deletions.
diff --git a/barretenberg/cpp/pil/avm/constants_gen.pil b/barretenberg/cpp/pil/avm/constants_gen.pil
@@ -4,8 +4,8 @@ namespace constants(256);
     pol MAX_NULLIFIERS_PER_CALL = 16;
     pol MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL = 16;
     pol MAX_L2_TO_L1_MSGS_PER_CALL = 2;
-    pol MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL = 32;
-    pol MAX_PUBLIC_DATA_READS_PER_CALL = 32;
+    pol MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL = 64;
+    pol MAX_PUBLIC_DATA_READS_PER_CALL = 64;
     pol MAX_NOTE_HASH_READ_REQUESTS_PER_CALL = 16;
     pol MAX_NULLIFIER_READ_REQUESTS_PER_CALL = 16;
     pol MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL = 16;
@@ -38,9 +38,9 @@ namespace constants(256);
     pol START_NULLIFIER_NON_EXISTS_OFFSET = 32;
     pol START_L1_TO_L2_MSG_EXISTS_WRITE_OFFSET = 48;
     pol START_SSTORE_WRITE_OFFSET = 64;
-    pol START_SLOAD_WRITE_OFFSET = 96;
-    pol START_EMIT_NOTE_HASH_WRITE_OFFSET = 128;
-    pol START_EMIT_NULLIFIER_WRITE_OFFSET = 144;
-    pol START_EMIT_L2_TO_L1_MSG_WRITE_OFFSET = 160;
-    pol START_EMIT_UNENCRYPTED_LOG_WRITE_OFFSET = 162;
+    pol START_SLOAD_WRITE_OFFSET = 128;
+    pol START_EMIT_NOTE_HASH_WRITE_OFFSET = 192;
+    pol START_EMIT_NULLIFIER_WRITE_OFFSET = 208;
+    pol START_EMIT_L2_TO_L1_MSG_WRITE_OFFSET = 224;
+    pol START_EMIT_UNENCRYPTED_LOG_WRITE_OFFSET = 226;
 
diff --git a/barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp b/barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp
@@ -5,14 +5,14 @@
 #define MAX_NULLIFIERS_PER_CALL 16
 #define MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL 16
 #define MAX_L2_TO_L1_MSGS_PER_CALL 2
-#define MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL 32
-#define MAX_PUBLIC_DATA_READS_PER_CALL 32
+#define MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL 64
+#define MAX_PUBLIC_DATA_READS_PER_CALL 64
 #define MAX_NOTE_HASH_READ_REQUESTS_PER_CALL 16
 #define MAX_NULLIFIER_READ_REQUESTS_PER_CALL 16
 #define MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL 16
 #define MAX_L1_TO_L2_MSG_READ_REQUESTS_PER_CALL 16
 #define MAX_UNENCRYPTED_LOGS_PER_CALL 4
-#define MAX_L2_GAS_PER_ENQUEUED_CALL 6000000
+#define MAX_L2_GAS_PER_ENQUEUED_CALL 12000000
 #define AZTEC_ADDRESS_LENGTH 1
 #define GAS_FEES_LENGTH 2
 #define GAS_LENGTH 2
@@ -32,12 +32,12 @@
 #define STATE_REFERENCE_LENGTH 8
 #define TOTAL_FEES_LENGTH 1
 #define HEADER_LENGTH 24
-#define PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH 674
+#define PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH 866
 #define PUBLIC_CONTEXT_INPUTS_LENGTH 41
 #define AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS 86
 #define AVM_PROOF_LENGTH_IN_FIELDS 3949
 #define AVM_PUBLIC_COLUMN_MAX_SIZE 1024
-#define AVM_PUBLIC_INPUTS_FLATTENED_SIZE 2722
+#define AVM_PUBLIC_INPUTS_FLATTENED_SIZE 2914
 #define MEM_TAG_FF 0
 #define MEM_TAG_U1 1
 #define MEM_TAG_U8 2
@@ -65,11 +65,11 @@
 #define START_NULLIFIER_NON_EXISTS_OFFSET 32
 #define START_L1_TO_L2_MSG_EXISTS_WRITE_OFFSET 48
 #define START_SSTORE_WRITE_OFFSET 64
-#define START_SLOAD_WRITE_OFFSET 96
-#define START_EMIT_NOTE_HASH_WRITE_OFFSET 128
-#define START_EMIT_NULLIFIER_WRITE_OFFSET 144
-#define START_EMIT_L2_TO_L1_MSG_WRITE_OFFSET 160
-#define START_EMIT_UNENCRYPTED_LOG_WRITE_OFFSET 162
+#define START_SLOAD_WRITE_OFFSET 128
+#define START_EMIT_NOTE_HASH_WRITE_OFFSET 192
+#define START_EMIT_NULLIFIER_WRITE_OFFSET 208
+#define START_EMIT_L2_TO_L1_MSG_WRITE_OFFSET 224
+#define START_EMIT_UNENCRYPTED_LOG_WRITE_OFFSET 226
 #define AVM_ADD_BASE_L2_GAS 32
 #define AVM_SUB_BASE_L2_GAS 32
 #define AVM_MUL_BASE_L2_GAS 33

diff --git a/l1-contracts/src/core/libraries/ConstantsGen.sol b/l1-contracts/src/core/libraries/ConstantsGen.sol
@@ -21,8 +21,8 @@ library Constants {
   uint256 internal constant MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL = 4;
   uint256 internal constant MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL = 16;
   uint256 internal constant MAX_L2_TO_L1_MSGS_PER_CALL = 2;
-  uint256 internal constant MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL = 32;
-  uint256 internal constant MAX_PUBLIC_DATA_READS_PER_CALL = 32;
+  uint256 internal constant MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL = 64;
+  uint256 internal constant MAX_PUBLIC_DATA_READS_PER_CALL = 64;
   uint256 internal constant MAX_NOTE_HASH_READ_REQUESTS_PER_CALL = 16;
   uint256 internal constant MAX_NULLIFIER_READ_REQUESTS_PER_CALL = 16;
   uint256 internal constant MAX_NULLIFIER_NON_EXISTENT_READ_REQUESTS_PER_CALL = 16;
@@ -119,7 +119,7 @@ library Constants {
     14061769416655647708490531650437236735160113654556896985372298487345;
   uint256 internal constant DEFAULT_GAS_LIMIT = 1000000000;
   uint256 internal constant DEFAULT_TEARDOWN_GAS_LIMIT = 100000000;
-  uint256 internal constant MAX_L2_GAS_PER_ENQUEUED_CALL = 6000000;
+  uint256 internal constant MAX_L2_GAS_PER_ENQUEUED_CALL = 12000000;
   uint256 internal constant DEFAULT_MAX_FEE_PER_GAS = 10;
   uint256 internal constant DEFAULT_INCLUSION_FEE = 0;
   uint256 internal constant DA_BYTES_PER_FIELD = 32;
@@ -206,7 +206,7 @@ library Constants {
   uint256 internal constant TOTAL_FEES_LENGTH = 1;
   uint256 internal constant HEADER_LENGTH = 24;
   uint256 internal constant PRIVATE_CIRCUIT_PUBLIC_INPUTS_LENGTH = 501;
-  uint256 internal constant PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH = 674;
+  uint256 internal constant PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH = 866;
   uint256 internal constant PRIVATE_CONTEXT_INPUTS_LENGTH = 38;
   uint256 internal constant PUBLIC_CONTEXT_INPUTS_LENGTH = 41;
   uint256 internal constant FEE_RECIPIENT_LENGTH = 2;
@@ -273,11 +273,11 @@ library Constants {
   uint256 internal constant START_NULLIFIER_NON_EXISTS_OFFSET = 32;
   uint256 internal constant START_L1_TO_L2_MSG_EXISTS_WRITE_OFFSET = 48;
   uint256 internal constant START_SSTORE_WRITE_OFFSET = 64;
-  uint256 internal constant START_SLOAD_WRITE_OFFSET = 96;
-  uint256 internal constant START_EMIT_NOTE_HASH_WRITE_OFFSET = 128;
-  uint256 internal constant START_EMIT_NULLIFIER_WRITE_OFFSET = 144;
-  uint256 internal constant START_EMIT_L2_TO_L1_MSG_WRITE_OFFSET = 160;
-  uint256 internal constant START_EMIT_UNENCRYPTED_LOG_WRITE_OFFSET = 162;
+  uint256 internal constant START_SLOAD_WRITE_OFFSET = 128;
+  uint256 internal constant START_EMIT_NOTE_HASH_WRITE_OFFSET = 192;
+  uint256 internal constant START_EMIT_NULLIFIER_WRITE_OFFSET = 208;
+  uint256 internal constant START_EMIT_L2_TO_L1_MSG_WRITE_OFFSET = 224;
+  uint256 internal constant START_EMIT_UNENCRYPTED_LOG_WRITE_OFFSET = 226;
   uint256 internal constant PROOF_TYPE_PLONK = 0;
   uint256 internal constant PROOF_TYPE_HONK = 1;
   uint256 internal constant PROOF_TYPE_OINK = 2;

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr
@@ -1,6 +1,6 @@
 use crate::{
     context::PrivateContext, event::event_interface::EventInterface,
-    encrypted_logs::payload::compute_encrypted_log, keys::getters::get_ovsk_app,
+    encrypted_logs::payload::compute_encrypted_event_log, keys::getters::get_ovsk_app,
     oracle::random::random,
 };
 use dep::protocol_types::{
@@ -22,7 +22,7 @@ where
     let contract_address: AztecAddress = context.this_address();
     let plaintext = event.private_to_be_bytes(randomness);
     let encrypted_log: [u8; 416 + N * 32] =
-        compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
+        compute_encrypted_event_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
     let log_hash = sha256_to_field(encrypted_log);
     (encrypted_log, log_hash)
 }

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr
@@ -1,9 +1,9 @@
 use crate::{
     context::PrivateContext, note::{note_emission::NoteEmission, note_interface::NoteInterface},
-    keys::getters::get_ovsk_app, encrypted_logs::payload::compute_encrypted_log,
+    keys::getters::get_ovsk_app, encrypted_logs::payload::compute_encrypted_note_log
 };
 use dep::protocol_types::{
-    address::AztecAddress, public_keys::{PublicKeys, OvpkM, IvpkM}, hash::sha256_to_field,
+    address::AztecAddress, public_keys::{OvpkM, IvpkM}, hash::sha256_to_field,
     abis::note_hash::NoteHash,
 };
 
@@ -14,7 +14,7 @@ fn compute_raw_note_log<Note, let N: u32>(
     ovpk: OvpkM,
     ivpk: IvpkM,
     recipient: AztecAddress,
-) -> (u32, [u8; 416 + N * 32], Field)
+) -> (u32, [u8; 417 + N * 32], Field)
 where
     Note: NoteInterface<N>,
 {
@@ -29,8 +29,8 @@ where
     let contract_address: AztecAddress = context.this_address();
 
     let plaintext = note.to_be_bytes(storage_slot);
-    let encrypted_log: [u8; 416 + N * 32] =
-        compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
+    let encrypted_log: [u8; 417 + N * 32] =
+        compute_encrypted_note_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
     let log_hash = sha256_to_field(encrypted_log);
 
     (note_hash_counter, encrypted_log, log_hash)
@@ -42,7 +42,7 @@ unconstrained fn compute_raw_note_log_unconstrained<Note, let N: u32>(
     ovpk: OvpkM,
     ivpk: IvpkM,
     recipient: AztecAddress,
-) -> (u32, [u8; 416 + N * 32], Field)
+) -> (u32, [u8; 417 + N * 32], Field)
 where
     Note: NoteInterface<N>,
 {
@@ -105,33 +105,3 @@ where
         context.emit_raw_note_log(note_hash_counter, encrypted_log, log_hash);
     }
 }
-
-/// Encrypts a partial log and emits it. Takes recipient keys on the input and encrypts both the outgoing and incoming
-/// logs for the recipient. This is necessary because in the partial notes flow the outgoing always has to be the same
-/// as the incoming to not leak any information (typically the `from` party finalizing the partial note in public does
-/// not know who the recipient is).
-pub fn encrypt_and_emit_partial_log<let M: u32>(
-    context: &mut PrivateContext,
-    log_plaintext: [u8; M],
-    recipient_keys: PublicKeys,
-    recipient: AztecAddress,
-) {
-    let ovsk_app: Field = context.request_ovsk_app(recipient_keys.ovpk_m.hash());
-
-    let encrypted_log: [u8; 352 + M] = compute_encrypted_log(
-        context.this_address(),
-        ovsk_app,
-        recipient_keys.ovpk_m,
-        recipient_keys.ivpk_m,
-        recipient,
-        log_plaintext,
-    );
-    let log_hash = sha256_to_field(encrypted_log);
-
-    // Unfortunately we need to push a dummy note hash to the context here because a note log requires having
-    // a counter that corresponds to a note hash in the same call.
-    let note_hash_counter = context.side_effect_counter;
-    context.push_note_hash(5);
-
-    context.emit_raw_note_log(note_hash_counter, encrypted_log, log_hash);
-}
diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr
@@ -13,13 +13,52 @@ use crate::{
     keys::point_to_symmetric_key::point_to_symmetric_key,
 };
 
-pub fn compute_encrypted_log<let P: u32, let M: u32>(
+pub fn compute_encrypted_note_log<let P: u32, let M: u32>(
     contract_address: AztecAddress,
     ovsk_app: Field,
     ovpk: OvpkM,
     ivpk: IvpkM,
     recipient: AztecAddress,
     plaintext: [u8; P],
+) -> [u8; M] {
+    compute_encrypted_log(
+        contract_address,
+        ovsk_app,
+        ovpk,
+        ivpk,
+        recipient,
+        plaintext,
+        1,
+    )
+}
+
+pub fn compute_encrypted_event_log<let P: u32, let M: u32>(
+    contract_address: AztecAddress,
+    ovsk_app: Field,
+    ovpk: OvpkM,
+    ivpk: IvpkM,
+    recipient: AztecAddress,
+    plaintext: [u8; P],
+) -> [u8; M] {
+    compute_encrypted_log(
+        contract_address,
+        ovsk_app,
+        ovpk,
+        ivpk,
+        recipient,
+        plaintext,
+        0,
+    )
+}
+
+fn compute_encrypted_log<let P: u32, let M: u32>(
+    contract_address: AztecAddress,
+    ovsk_app: Field,
+    ovpk: OvpkM,
+    ivpk: IvpkM,
+    recipient: AztecAddress,
+    plaintext: [u8; P],
+    mut offset: u32,
 ) -> [u8; M] {
     let (eph_sk, eph_pk) = generate_ephemeral_key_pair();
 
@@ -33,25 +72,34 @@ pub fn compute_encrypted_log<let P: u32, let M: u32>(
 
     let mut encrypted_bytes: [u8; M] = [0; M];
     // @todo We ignore the tags for now
+    offset += 64;
+
     let eph_pk_bytes = point_to_bytes(eph_pk);
     for i in 0..32 {
-        encrypted_bytes[64 + i] = eph_pk_bytes[i];
+        encrypted_bytes[offset + i] = eph_pk_bytes[i];
     }
+
+    offset += 32;
     for i in 0..48 {
-        encrypted_bytes[96 + i] = incoming_header_ciphertext[i];
-        encrypted_bytes[144 + i] = outgoing_header_ciphertext[i];
+        encrypted_bytes[offset + i] = incoming_header_ciphertext[i];
+        encrypted_bytes[offset + 48 + i] = outgoing_header_ciphertext[i];
     }
+
+    offset += 96;
     for i in 0..144 {
-        encrypted_bytes[192 + i] = outgoing_body_ciphertext[i];
+        encrypted_bytes[offset + i] = outgoing_body_ciphertext[i];
     }
+
+    offset += 144;
     // Then we fill in the rest as the incoming body ciphertext
-    let size = M - 336;
+    let size = M - offset;
     assert_eq(size, incoming_body_ciphertext.len(), "ciphertext length mismatch");
     for i in 0..size {
-        encrypted_bytes[336 + i] = incoming_body_ciphertext[i];
+        encrypted_bytes[offset + i] = incoming_body_ciphertext[i];
     }
 
     // Current unoptimized size of the encrypted log
+    // empty_prefix (prefix_length bytes)
     // incoming_tag (32 bytes)
     // outgoing_tag (32 bytes)
     // eph_pk (32 bytes)
@@ -203,6 +251,7 @@ mod test {
             ivpk_m,
             recipient,
             plaintext,
+            0,
         );
 
         // The following value was generated by `tagged_log.test.ts`