Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proof aggregation circuit #523

Closed
wants to merge 44 commits into from
Closed

Proof aggregation circuit #523

wants to merge 44 commits into from

Conversation

zhenfeizhang
Copy link

@zhenfeizhang zhenfeizhang commented May 31, 2023
edited by huwenqing0606
Loading

Description

  • refactor and overall design (this PR)
  • public input aggregation circuit Public input aggregation circuit #522
  • proof compression circuit (this PR)
  • proof aggregation circuit (this PR)
  • e2e integration (this PR)

ported from https://github.com/scroll-tech/aggregator

Issue Link

[link issue here]

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Contents

Rationale

[design decisions and extended information]

How Has This Been Tested?

Blocked by #522

@zhenfeizhang zhenfeizhang force-pushed the proof-aggregation-circuit branch from 36e84c7 to 63a9a72 Compare June 2, 2023 19:54
@zhenfeizhang zhenfeizhang force-pushed the proof-aggregation-circuit branch from a9db3f5 to 19a7110 Compare June 6, 2023 16:50
@zhenfeizhang zhenfeizhang marked this pull request as ready for review June 6, 2023 16:50
@zhenfeizhang zhenfeizhang mentioned this pull request Jun 6, 2023
Closed
4 tasks
@zhenfeizhang zhenfeizhang force-pushed the proof-aggregation-circuit branch from 6d6209e to 4d66cd9 Compare June 6, 2023 17:08
@zhenfeizhang zhenfeizhang force-pushed the proof-aggregation-circuit branch from 4c11fb7 to c0f5b94 Compare June 6, 2023 19:18
lispc
lispc reviewed Jun 7, 2023
View reviewed changes
@lispc
Copy link

lispc commented Jun 7, 2023

i checked the changes in Cargo.lock and i noticed there are 2 version of halo2-lib used. It works but may brings some drawbacks, it can leads to bigger binary size and slower build time, it may even trigger some subtle problem in the future. I would suggest use some branch of halo2-lib, either "minimize-dif" or "halo2-ecc-snark-verifier-0323"

image

@lispc
Copy link

lispc commented Jun 21, 2023

the conflicts seems strange... i will resolve it...

huwenqing0606
huwenqing0606 reviewed Jun 21, 2023
View reviewed changes
aggregator/src/proof_aggregation/config.rs Outdated
/// Instance for public input; stores
/// - accumulator from aggregation (12 elements)
/// - aggregated public inputs (136 elements):
/// chain_id ||
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chain_id is now put at last for instance in accordance with

zkevm-circuits/aggregator/src/proof_aggregation/circuit.rs

Line 360 in a6d627d

// last 8 inputs are the chain id

huwenqing0606
huwenqing0606 reviewed Jun 21, 2023
View reviewed changes
aggregator/figures/architecture.png Outdated
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the compression process, pi are carried through without change. In the aggregation process, pi are aggregated using pi agg circuit and snarks are aggregated using KzgAs. Then two parts are put together in proof agg circuit. It may be a good idea to illustrate these inside the figure?

huwenqing0606 and others added 4 commits June 21, 2023 12:16
@huwenqing0606
a few comments on proof aggregation circuit (#558)
3dbdc4c 
* a few comments inside core function for proof compression: extract_accumulators_and_proof

* comments on proof compression circuit

* comments on pi aggregation circuit, especially calculation of hash indexes when using Keccak circuit, which are hard-coded here so needs be very careful

* comments on proof aggregation circuit

* a few comments inside core function for proof compression: extract_accumulators_and_proof

* comments on proof compression circuit

* comments on pi aggregation circuit, especially calculation of hash indexes when using Keccak circuit, which are hard-coded here so needs be very careful

* comments on proof aggregation circuit

* clean up all commits from my side

* clean up of all commits on my side
@zhenfeizhang
[feat] parameterize hard coded constants
c01fcfe
@zhenfeizhang
Merge branch 'develop' into proof-aggregation-circuit
7eb270f
@zhenfeizhang
[fix] compiling after merge
b68e644
icemelon
icemelon reviewed Jun 22, 2023
View reviewed changes
aggregator/src/batch.rs Outdated
// chunk[k-1].withdraw_root ||
// batch_data_hash )
let preimage = [
chunk_hashes[0].chain_id.to_le_bytes().as_ref(),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Solidity always uses the big-endian encoding.

Suggested change
chunk_hashes[0].chain_id.to_le_bytes().as_ref(),
chunk_hashes[0].chain_id.to_be_bytes().as_ref(),

@zhenfeizhang zhenfeizhang force-pushed the proof-aggregation-circuit branch from da99d43 to 65912f6 Compare June 22, 2023 13:42
@silathdiir silathdiir mentioned this pull request Jun 26, 2023
Merged
icemelon
icemelon reviewed Jun 27, 2023
View reviewed changes
aggregator/configs/compression_thin.config
@@ -0,0 +1 @@
{"strategy":"Simple","degree":26,"num_advice":[1],"num_lookup_advice":[1],"num_fixed":1,"lookup_bits":20,"limb_bits":88,"num_limbs":3}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember @lispc mentioned that degree 25 would also work?

aggregator/src/param.rs
}
}

pub(crate) fn _compress_wide_param() -> Self {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is _compress_wide_param and _compress_thin_param just for test cases?

aggregator/src/aggregation/circuit.rs
// data hash + public_input_hash = snark public input
assert_eq!(
Fr::from(chunk.data_hash.as_bytes()[i] as u64),
snark_hash_bytes[i + 20]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace 20 by SNARK_DATA_HASH_OFFSET

aggregator/src/aggregation/circuit.rs

assert_eq!(
Fr::from(chunk_hash_bytes[i] as u64),
snark_hash_bytes[i + 52]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace 52 by SNARK_PI_HASH_OFFSET

@silathdiir
Add a convertion from witness Block to ChunkHash (#577)
a04b1f0 
* Add a convertion witness Block to `ChunkHash`.

* Fix lint.
@lispc
Copy link

lispc commented Jul 4, 2023

the compression part has been merged

@zhenfeizhang zhenfeizhang mentioned this pull request Jul 24, 2023
Merged
11 tasks
@zhenfeizhang
Copy link
Author

replaced with #670 Static proof aggregation

@zhenfeizhang
Copy link
Author

closed as #670 is merged

@zhenfeizhang zhenfeizhang deleted the proof-aggregation-circuit branch August 10, 2023 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@icemelon icemelon icemelon left review comments

@lispc lispc lispc left review comments

@huwenqing0606 huwenqing0606 huwenqing0606 left review comments

Assignees
No one assigned
Labels
crate-zkevm-circuits
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zhenfeizhang @lispc @icemelon @huwenqing0606 @silathdiir