This repository was archived by the owner on Apr 18, 2025. It is now read-only.
forked from privacy-scaling-explorations/zkevm-circuits
-
Notifications
You must be signed in to change notification settings - Fork 390
Proof aggregation circuit #523
Closed
Closed
Changes from all commits
Commits
Show all changes
44 commits
Select commit
Hold shift + click to select a range
ebfcc84
impl in the clear
zhenfeizhang f85b0ec
implement PI aggregation in circuit
zhenfeizhang c5a2e88
fix clippy
zhenfeizhang 82717c5
clean up
zhenfeizhang f4082a2
[fix] supports multiple rounds per hash for PI aggregation circuit
zhenfeizhang fd595ef
[chore] fix clippy
zhenfeizhang c4cda3f
impl SubCircuit for MultiBatchCircuit
zhenfeizhang e76e424
[refactor] pi aggregation circuit
zhenfeizhang 98fba48
Merge branch 'develop' into pi-aggregation-circuit
zhenfeizhang a595c55
[chore] cargo fmt
zhenfeizhang 19a7110
[feat] implement Aggregator
zhenfeizhang 2f6bc8e
[feat] scripts for tests
zhenfeizhang 4d66cd9
[fix] figure
zhenfeizhang c0f5b94
[chore] clean up; fix clippy; fix cargo fmt
zhenfeizhang 97f3963
[fix] remove env log for tests
zhenfeizhang fa582d8
[chore] partial address comments
zhenfeizhang 4f23a96
fix some audit issues (#512)
lispc afa2c28
[chore] update cargo lock
zhenfeizhang 6defdc5
[chore] partial address comments
zhenfeizhang 3ff1f02
[doc] update readme for aggregator
zhenfeizhang ceb68e6
[fix] fix test configs and clean up
zhenfeizhang 87ecfa9
[chore] clean up
zhenfeizhang 2394703
[chore] update cargo toml
zhenfeizhang d822823
cargo fmt
zhenfeizhang 7c49e41
[chore] sync up with halo2-lib dev branch
zhenfeizhang c3e8207
[chore] update cargo lock
zhenfeizhang 990a2d1
[fix] chain id u32 -> u64
zhenfeizhang df40b50
[fix] chain id len for tests
zhenfeizhang a3f4aef
[fix] typo in scripts
zhenfeizhang 723f293
Merge remote-tracking branch 'scroll/develop' into proof-aggregation-…
lispc a6d627d
lint
lispc 3dbdc4c
a few comments on proof aggregation circuit (#558)
huwenqing0606 c01fcfe
[feat] parameterize hard coded constants
zhenfeizhang 7eb270f
Merge branch 'develop' into proof-aggregation-circuit
zhenfeizhang b68e644
[fix] compiling after merge
zhenfeizhang 65912f6
[refactor] remove pi agg circuit; integrated into proof agg circuit
zhenfeizhang 911423c
[fix] chain id to_be_bytes
zhenfeizhang 02b0956
[feat] mock aggregation
zhenfeizhang 2b0d19e
wip
zhenfeizhang 4afe75a
[fix] pi length in agg circuit
zhenfeizhang a4d5eb9
[refactor] optimize tests
zhenfeizhang 6b124cf
[fix] compiling error
zhenfeizhang ec604b6
[fix] parameters for tests
zhenfeizhang a04b1f0
Add a convertion from witness `Block` to `ChunkHash` (#577)
silathdiir File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,4 +5,6 @@ | |
| .idea | ||
| *.log | ||
| *.json | ||
| *.sh | ||
| *.sh | ||
| *.txt | ||
| *.srs | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| [package] | ||
| name = "aggregator" | ||
| version = "0.1.0" | ||
| edition = "2021" | ||
|
|
||
| # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||
|
|
||
| [dependencies] | ||
| eth-types = { path = "../eth-types" } | ||
| zkevm-circuits = { path = "../zkevm-circuits" } | ||
|
|
||
|
|
||
| ark-std = "0.4.0" | ||
| env_logger = "0.10.0" | ||
| ethers-core = "0.17.0" | ||
| log = "0.4" | ||
| itertools = "0.10.3" | ||
| serde = { version = "1.0", features = ["derive"] } | ||
| serde_json = "1.0" | ||
| rand = "0.8" | ||
|
|
||
| halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2.git", tag = "v2023_02_02" } | ||
| snark-verifier = { git = "https://github.com/scroll-tech/snark-verifier", branch = "develop" } | ||
| snark-verifier-sdk = { git = "https://github.com/scroll-tech/snark-verifier", branch = "develop", default-features=false, features = ["loader_halo2", "loader_evm", "halo2-pse"] } | ||
|
|
||
|
|
||
| [features] | ||
| default = [] | ||
| print-trace = [ "ark-std/print-trace" ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| Proof Aggregation | ||
| ----- | ||
|
|
||
|  | ||
|
|
||
| This repo does proof aggregations for zkEVM proofs. | ||
|
|
||
| ## zkEVM circuit | ||
| A zkEVM circuits generates a ZK proof for a chunk of blocks. It takes 64 field elements as its public input, consist of | ||
| - chunk's data hash digest: each byte is encoded in an Fr element | ||
| - chunk's public input hash digest: each byte is encoded in an Fr element | ||
| The total size for a public input is 64 bytes, encoded in 64 Fr element | ||
|
|
||
| For the ease of testing, this repo implements a `MockCircuit` which hash same public input APIs as a zkEVM circuit. | ||
|
|
||
| ## First compression circuit | ||
| The first compression circuit takes in a fresh snark proof and generates a new (potentially small) snark proof. | ||
| The public inputs to the new snark proof consists of | ||
| - 12 elements from the accumulators | ||
| - an accumulator consists of 2 G1 elements, which are the left and right inputs to the pairing | ||
| - this is treated as 4 Fq elements, each decomposed into 3 limbs and encoded in Fr | ||
| - 64 elements from previous snark | ||
| - re-expose the same public inputs as the original snark | ||
|
|
||
| The first compression circuit is configured [wide config file](./configs/compression_wide.config). | ||
|
|
||
| ## Second compression circuit | ||
|
|
||
| The second compression circuit takes in a compressed snark proof and generates a new (potentially small) snark proof. | ||
| The public inputs to the new snark proof consists of | ||
| - 12 elements from the accumulators | ||
| - an accumulator consists of 2 G1 elements, which are the left and right inputs to the pairing | ||
| - this is treated as 4 Fq elements, each decomposed into 3 limbs and encoded in Fr | ||
| - accumulator from the previous snark is accumulated into the current accumulator | ||
| - 64 elements from previous snark | ||
| - skipping the first 12 elements which are previous accumulator, as they are already accumulated | ||
| - re-expose the rest 64 field elements as the public inputs | ||
|
|
||
| The second compression circuit is configured [thin config file](./configs/compression_thin.config). | ||
|
|
||
| ## Aggregation circuit | ||
| An aggregation circuit takes in a batch of `k` proofs, each for a chunk of blocks. | ||
| It generates a single proof asserting the validity of all the proofs. | ||
|
|
||
| It also performs public input aggregation, i.e., reducing the `64k` public elements into a fixed number of `144` elements: | ||
| - 12 elements from accumulators, which accumulates all the previous `k` accumulators from each snark | ||
| - 132 elements from the hashes | ||
| - first_chunk_prev_state_root: 32 Field elements | ||
| - last_chunk_post_state_root: 32 Field elements | ||
| - last_chunk_withdraw_root: 32 Field elements | ||
| - batch_public_input_hash: 32 Field elements | ||
| - chain_id: 8 Field elements | ||
|
|
||
| In addition, it attests that, for chunks indexed from `0` to `k-1`, | ||
| - batch_data_hash := keccak(chunk_0.data_hash || ... || chunk_k-1.data_hash) where chunk_i.data_hash is a public input to the i-th batch snark circuit | ||
| - chunk_pi_hash := keccak(chain_id || prev_state_root || post_state_root || withdraw_root || chunk_data_hash) where chunk_data_hash is a public input to the i-th batch snark circuit | ||
| - and the related field matches public input | ||
|
|
||
| See [public input aggregation](./src/proof_aggregation/public_input_aggregation.rs) for the details of public input aggregation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"strategy":"Simple","degree":26,"num_advice":[1],"num_lookup_advice":[1],"num_fixed":1,"lookup_bits":20,"limb_bits":88,"num_limbs":3} | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"strategy":"Simple","degree":22,"num_advice":[8],"num_lookup_advice":[1],"num_fixed":1,"lookup_bits":20,"limb_bits":88,"num_limbs":3} |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| /// Circuit implementation of aggregation circuit. | ||
| mod circuit; | ||
| /// CircuitExt implementation of compression circuit. | ||
| mod circuit_ext; | ||
| /// Config for aggregation circuit | ||
| mod config; | ||
|
|
||
| pub use circuit::AggregationCircuit; | ||
| pub use config::AggregationConfig; | ||
|
|
||
| // TODO(ZZ): update to the right degree | ||
| pub(crate) const LOG_DEGREE: u32 = 19; | ||
|
|
||
| // ================================ | ||
| // indices for hash bytes | ||
| // ================================ | ||
| // | ||
| // the preimages are arranged as | ||
| // - chain_id: 8 bytes | ||
| // - prev_state_root 32 bytes | ||
| // - post_state_root 32 bytes | ||
| // - withdraw_root 32 bytes | ||
| // - chunk_data_hash 32 bytes | ||
| // | ||
| // A chain_id is u64 and uses 8 bytes | ||
| pub(crate) const CHAIN_ID_LEN: usize = 8; | ||
| pub(crate) const PREV_STATE_ROOT_INDEX: usize = 8; | ||
| pub(crate) const POST_STATE_ROOT_INDEX: usize = 40; | ||
| pub(crate) const WITHDRAW_ROOT_INDEX: usize = 72; | ||
| pub(crate) const CHUNK_DATA_HASH_INDEX: usize = 104; | ||
|
|
||
| // Each round requires (NUM_ROUNDS+1) * DEFAULT_KECCAK_ROWS = 300 rows. | ||
| // This library is hard coded for this parameter. | ||
| // Modifying the following parameters may result into bugs. | ||
| // Adopted from keccak circuit | ||
| pub(crate) const DEFAULT_KECCAK_ROWS: usize = 12; | ||
| // Adopted from keccak circuit | ||
| pub(crate) const NUM_ROUNDS: usize = 24; |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember @lispc mentioned that degree 25 would also work?