From 699162898ef3feada60d12ce6ef321019a17ee89 Mon Sep 17 00:00:00 2001 From: anupsv Date: Sat, 27 Jul 2024 18:25:24 -0700 Subject: [PATCH 01/19] changes to remove unwanted calculations --- arbitrator/prover/src/kzgbn254.rs | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 2017301e5..40fe49dcd 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -51,7 +51,7 @@ pub fn prove_kzg_preimage_bn254( let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; let mut commitment_bytes = Vec::new(); - blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; + blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; // why uncompressed ? let mut expected_hash: Bytes32 = Sha256::digest(&*commitment_bytes).into(); expected_hash[0] = 1; @@ -69,39 +69,29 @@ pub fn prove_kzg_preimage_bn254( offset, ); - // retrieve commitment to preimage - let preimage_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; - let preimage_commitment = kzg.commit(&preimage_polynomial)?; - let mut preimage_commitment_bytes = Vec::new(); - preimage_commitment.serialize_uncompressed(&mut preimage_commitment_bytes)?; - println!( - "preimage commitment: {}", - encode(&preimage_commitment_bytes) - ); - let mut proving_offset = offset; - let length_usize = preimage.len() as u64; - assert!(length_usize / 32 == preimage_polynomial.len() as u64); + assert!(length_usize / 32 == blob_polynomial_evaluation_form.len() as u64); // address proving past end edge case later let proving_past_end = offset as u64 >= length_usize; if proving_past_end { // Proving any offset proves the length which is all we need here, // because we're past the end of the preimage. - proving_offset = 0; + proving_offset = 0; // why 0? shouldn't this fail immediately ? } // Y = ϕ(offset) --> evaluation point for computing quotient proof - let proven_y_fr = preimage_polynomial + // confirming if this is actually ok ? + let proven_y_fr = blob_polynomial_evaluation_form .get_at_index(proving_offset as usize / 32) .ok_or_else(|| { eyre::eyre!( "Index ({}) out of bounds for preimage of length {} with data of ({} field elements x 32 bytes)", proving_offset, length_usize, - preimage_polynomial.len() + blob_polynomial_evaluation_form.len() ) })?; @@ -112,6 +102,7 @@ pub fn prove_kzg_preimage_bn254( let proven_y = proven_y_fr.into_bigint().to_bytes_be(); let z = z_fr.into_bigint().to_bytes_be(); + // probably should be a constant on the contract. let g2_generator = G2Affine::generator(); let z_g2 = (g2_generator * z_fr).into_affine(); @@ -124,7 +115,7 @@ pub fn prove_kzg_preimage_bn254( let g2_tau_minus_g2_z = (g2_tau - z_g2).into_affine(); let kzg_proof = kzg - .compute_kzg_proof_with_roots_of_unity(&preimage_polynomial, proving_offset as u64 / 32)?; + .compute_kzg_proof_with_roots_of_unity(&blob_polynomial_evaluation_form, proving_offset as u64 / 32)?; let xminusz_x0: BigUint = g2_tau_minus_g2_z.x.c0.into(); let xminusz_x1: BigUint = g2_tau_minus_g2_z.x.c1.into(); @@ -139,8 +130,8 @@ pub fn prove_kzg_preimage_bn254( append_left_padded_biguint_be(&mut xminusz_encoded_bytes, &xminusz_y0); // encode the commitment - let commitment_x_bigint: BigUint = preimage_commitment.x.into(); - let commitment_y_bigint: BigUint = preimage_commitment.y.into(); + let commitment_x_bigint: BigUint = blob_commitment.x.into(); + let commitment_y_bigint: BigUint = blob_commitment.y.into(); let mut commitment_encoded_bytes = Vec::with_capacity(32); append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint); append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint); From 7c4adb60ba473396e32a80212721269af10ee1d6 Mon Sep 17 00:00:00 2001 From: anupsv Date: Sat, 27 Jul 2024 18:31:31 -0700 Subject: [PATCH 02/19] adding missing check when proving past end --- arbitrator/prover/src/kzgbn254.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 40fe49dcd..2e62e3fa2 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -116,6 +116,16 @@ pub fn prove_kzg_preimage_bn254( let kzg_proof = kzg .compute_kzg_proof_with_roots_of_unity(&blob_polynomial_evaluation_form, proving_offset as u64 / 32)?; + + // This should cause failure when proving past offset. + if !proving_past_end { + // This is required, but confirming what is the right way. + // ensure!( + // *proven_y == preimage[offset_usize..offset_usize + 32], + // "KZG proof produced wrong preimage for offset {}", + // offset, + // ); + } let xminusz_x0: BigUint = g2_tau_minus_g2_z.x.c0.into(); let xminusz_x1: BigUint = g2_tau_minus_g2_z.x.c1.into(); From 5e896fb6c8fc40d1ebc8efaeab152f7d481e6e61 Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 1 Aug 2024 20:05:09 -0700 Subject: [PATCH 03/19] cargo fmt formatted --- arbitrator/prover/src/kzgbn254.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 2e62e3fa2..f27b2c011 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -51,7 +51,7 @@ pub fn prove_kzg_preimage_bn254( let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; let mut commitment_bytes = Vec::new(); - blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; // why uncompressed ? + blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; // why uncompressed ? let mut expected_hash: Bytes32 = Sha256::digest(&*commitment_bytes).into(); expected_hash[0] = 1; @@ -114,9 +114,11 @@ pub fn prove_kzg_preimage_bn254( .clone(); let g2_tau_minus_g2_z = (g2_tau - z_g2).into_affine(); - let kzg_proof = kzg - .compute_kzg_proof_with_roots_of_unity(&blob_polynomial_evaluation_form, proving_offset as u64 / 32)?; - + let kzg_proof = kzg.compute_kzg_proof_with_roots_of_unity( + &blob_polynomial_evaluation_form, + proving_offset as u64 / 32, + )?; + // This should cause failure when proving past offset. if !proving_past_end { // This is required, but confirming what is the right way. From 2551da6bf9a4db2729463367fb4437c38830514f Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 1 Aug 2024 20:44:27 -0700 Subject: [PATCH 04/19] adding missing check --- arbitrator/prover/src/kzgbn254.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index f27b2c011..be1971219 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -122,11 +122,11 @@ pub fn prove_kzg_preimage_bn254( // This should cause failure when proving past offset. if !proving_past_end { // This is required, but confirming what is the right way. - // ensure!( - // *proven_y == preimage[offset_usize..offset_usize + 32], - // "KZG proof produced wrong preimage for offset {}", - // offset, - // ); + ensure!( + *proven_y == preimage[offset_usize..offset_usize + 32], + "KZG proof produced wrong preimage for offset {}", + offset, + ); } let xminusz_x0: BigUint = g2_tau_minus_g2_z.x.c0.into(); From 45de063c034905115ba08467e098331134ca98e9 Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 1 Aug 2024 20:58:55 -0700 Subject: [PATCH 05/19] unused import apparently? --- arbitrator/prover/src/kzgbn254.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index be1971219..f7a54ffbd 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -7,7 +7,6 @@ use eyre::{ensure, Result}; use hex::encode; use kzgbn254::{blob::Blob, kzg::Kzg, polynomial::PolynomialFormat}; use num::BigUint; -use num_traits::ToBytes; use sha2::{Digest, Sha256}; use std::io::Write; From 4f4cd78113c0d1dc7a566f948ba9d1deda30b012 Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 1 Aug 2024 21:39:35 -0700 Subject: [PATCH 06/19] removing the check --- arbitrator/prover/src/kzgbn254.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index f7a54ffbd..0ececc2ff 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -121,11 +121,11 @@ pub fn prove_kzg_preimage_bn254( // This should cause failure when proving past offset. if !proving_past_end { // This is required, but confirming what is the right way. - ensure!( - *proven_y == preimage[offset_usize..offset_usize + 32], - "KZG proof produced wrong preimage for offset {}", - offset, - ); + // ensure!( + // *proven_y == preimage[offset_usize..offset_usize + 32], + // "KZG proof produced wrong preimage for offset {}", + // offset, + // ); } let xminusz_x0: BigUint = g2_tau_minus_g2_z.x.c0.into(); From cb69b6de90cb798b79d7d2f3b6aa9f7591c0fcdb Mon Sep 17 00:00:00 2001 From: anupsv Date: Wed, 7 Aug 2024 17:41:56 -0700 Subject: [PATCH 07/19] removing unwanted comments --- arbitrator/prover/src/kzgbn254.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 0ececc2ff..b96995c2d 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -78,7 +78,7 @@ pub fn prove_kzg_preimage_bn254( if proving_past_end { // Proving any offset proves the length which is all we need here, // because we're past the end of the preimage. - proving_offset = 0; // why 0? shouldn't this fail immediately ? + proving_offset = 0; } // Y = ϕ(offset) --> evaluation point for computing quotient proof From 7fe62add855c356779106935a04760c16a033c36 Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 8 Aug 2024 06:32:51 -0700 Subject: [PATCH 08/19] moving from eval to coeff based on discussion --- arbitrator/prover/src/kzgbn254.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index b96995c2d..020eadd29 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -41,12 +41,11 @@ pub fn prove_kzg_preimage_bn254( // expand roots of unity kzg.calculate_roots_of_unity(preimage.len() as u64)?; - // preimage is already padded, unpadding and repadding already padded data can destroy context post IFFT - // as some elements in the bn254 field are represented by 32 bytes, we know that the preimage is padded - // to 32 bytes per DA spec as the preimage is retrieved from DA, so we can use this unchecked function + // preimage is already padded and is expected to be in data domain i.e, this is the actual data but padded + // to power of 2 let blob = Blob::from_padded_bytes_unchecked(preimage); - let blob_polynomial_evaluation_form = blob.to_polynomial(PolynomialFormat::InEvaluationForm)?; + let blob_polynomial_evaluation_form = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; let mut commitment_bytes = Vec::new(); From eaceba519d4987ab540f2e8b1a7d4a336f9d488c Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 8 Aug 2024 15:43:32 -0700 Subject: [PATCH 09/19] remaining changes to arbitrator --- arbitrator/prover/src/kzgbn254.rs | 21 +++++++++------------ arbitrator/prover/src/utils.rs | 2 +- scripts/create-test-preimages.py | 7 +------ 3 files changed, 11 insertions(+), 19 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 020eadd29..ea5e35451 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -35,15 +35,11 @@ pub fn prove_kzg_preimage_bn254( ) -> Result<()> { let mut kzg = KZG.clone(); - println!("preimage: {} {}", preimage.len(), encode(&preimage)); - println!("offset: {}", offset); - // expand roots of unity kzg.calculate_roots_of_unity(preimage.len() as u64)?; - // preimage is already padded and is expected to be in data domain i.e, this is the actual data but padded - // to power of 2 - let blob = Blob::from_padded_bytes_unchecked(preimage); + // preimage is already padded and is the actual blob data, NOT the IFFT'd form. + let blob = Blob::from_padded_bytes_unchecked(&preimage); let blob_polynomial_evaluation_form = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; @@ -52,6 +48,7 @@ pub fn prove_kzg_preimage_bn254( blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; // why uncompressed ? let mut expected_hash: Bytes32 = Sha256::digest(&*commitment_bytes).into(); + expected_hash[0] = 1; ensure!( @@ -117,14 +114,14 @@ pub fn prove_kzg_preimage_bn254( proving_offset as u64 / 32, )?; + let offset_usize = proving_offset as usize; // This should cause failure when proving past offset. if !proving_past_end { - // This is required, but confirming what is the right way. - // ensure!( - // *proven_y == preimage[offset_usize..offset_usize + 32], - // "KZG proof produced wrong preimage for offset {}", - // offset, - // ); + ensure!( + *proven_y == preimage[offset_usize..offset_usize + 32], + "KZG proof produced wrong preimage for offset {}", + offset, + ); } let xminusz_x0: BigUint = g2_tau_minus_g2_z.x.c0.into(); diff --git a/arbitrator/prover/src/utils.rs b/arbitrator/prover/src/utils.rs index 23f645aac..7786395bc 100644 --- a/arbitrator/prover/src/utils.rs +++ b/arbitrator/prover/src/utils.rs @@ -218,7 +218,7 @@ pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> { let blob = EigenDABlob::from_padded_bytes_unchecked(preimage); - let blob_polynomial = blob.to_polynomial(PolynomialFormat::InEvaluationForm)?; + let blob_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg_bn254.commit(&blob_polynomial)?; let mut commitment_bytes = Vec::new(); diff --git a/scripts/create-test-preimages.py b/scripts/create-test-preimages.py index 779e31e16..5398c2bdd 100644 --- a/scripts/create-test-preimages.py +++ b/scripts/create-test-preimages.py @@ -28,12 +28,7 @@ def kzg_test_data(): def eigen_test_data(): # the value we are returning is the same string that is returned by the old eigen_test_data but encoded in the style the high level eigenDA client would # 00bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025 - data = bytes([ - 12, 74, 134, 141, 159, 142, 12, 228, 147, 176, 42, 148, 17, 187, 240, 48, 98, 179, 158, 173, 119, 72, 129, 73, 181, 94, 239, 1, 22, 164, 231, 89, - 45, 148, 221, 13, 66, 188, 31, 31, 18, 90, 120, 195, 53, 74, 121, 91, 29, 163, 78, 174, 81, 239, 152, 253, 188, 242, 52, 132, 164, 53, 20, 26, - 36, 75, 123, 21, 222, 118, 68, 224, 87, 187, 179, 60, 161, 97, 0, 70, 93, 178, 98, 55, 27, 137, 136, 121, 63, 52, 185, 46, 242, 115, 75, 192, - 2, 157, 190, 53, 1, 226, 207, 111, 114, 218, 52, 217, 26, 155, 70, 232, 114, 94, 128, 254, 14, 177, 62, 97, 214, 62, 14, 115, 50, 178, 184, 207 - ]) + data = bytes([0 ,0 ,0 ,0 ,0 ,64 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,48 ,48 ,98 ,99 ,97 ,48 ,50 ,48 ,57 ,52 ,101 ,98 ,55 ,56 ,49 ,50 ,54 ,97 ,53 ,49 ,55 ,98 ,50 ,48 ,54 ,97 ,56 ,56 ,99 ,55 ,51 ,0 ,99 ,102 ,97 ,57 ,101 ,99 ,54 ,102 ,55 ,48 ,52 ,99 ,55 ,48 ,51 ,48 ,100 ,49 ,56 ,50 ,49 ,50 ,99 ,97 ,99 ,101 ,56 ,50 ,48 ,102 ,48 ,0 ,50 ,53 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0]) return data From fedcfbb9b4f290089b594df2fabb1f80f4b2e975 Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 8 Aug 2024 15:46:34 -0700 Subject: [PATCH 10/19] changing submodules for testing --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 289ef75e2..640f0ab74 100644 --- a/.gitmodules +++ b/.gitmodules @@ -16,7 +16,7 @@ [submodule "contracts"] path = contracts url = git@github.com:Layr-Labs/nitro-contracts-private.git - branch = eigenda--v3.0.3 + branch = osp-fixes [submodule "nitro-testnode"] path = nitro-testnode url = git@github.com:Layr-Labs/nitro-testnode-private.git From 679f60f1ad4018c3c3307f6684affe5d8e3471f9 Mon Sep 17 00:00:00 2001 From: anupsv Date: Thu, 8 Aug 2024 17:48:46 -0700 Subject: [PATCH 11/19] rust fmt fix --- arbitrator/prover/src/kzgbn254.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index ea5e35451..9c30feda0 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -41,7 +41,8 @@ pub fn prove_kzg_preimage_bn254( // preimage is already padded and is the actual blob data, NOT the IFFT'd form. let blob = Blob::from_padded_bytes_unchecked(&preimage); - let blob_polynomial_evaluation_form = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; + let blob_polynomial_evaluation_form = + blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; let mut commitment_bytes = Vec::new(); From cd7b3b8c0cd949f3b62954eb3c3ccfeaa3867238 Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 11:44:48 -0700 Subject: [PATCH 12/19] adding keccak hasing --- arbitrator/prover/src/kzgbn254.rs | 22 +++++++++++++++------- arbitrator/prover/src/utils.rs | 3 ++- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 9c30feda0..125c9cfb7 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -4,11 +4,12 @@ use ark_ec::{AffineRepr, CurveGroup}; use ark_ff::{BigInteger, PrimeField}; use ark_serialize::CanonicalSerialize; use eyre::{ensure, Result}; -use hex::encode; use kzgbn254::{blob::Blob, kzg::Kzg, polynomial::PolynomialFormat}; use num::BigUint; use sha2::{Digest, Sha256}; use std::io::Write; +use sha3::Keccak256; + lazy_static::lazy_static! { @@ -45,9 +46,9 @@ pub fn prove_kzg_preimage_bn254( blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; + // This is serialized in little endian format. let mut commitment_bytes = Vec::new(); - blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; // why uncompressed ? - + blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; let mut expected_hash: Bytes32 = Sha256::digest(&*commitment_bytes).into(); expected_hash[0] = 1; @@ -154,9 +155,16 @@ pub fn prove_kzg_preimage_bn254( let mut length_bytes = Vec::with_capacity(32); append_left_padded_biguint_be(&mut length_bytes, &BigUint::from(length_usize)); - println!("length usize: {}", length_usize); - println!("length bytes: {}", encode(&length_bytes)); - out.write_all(&*hash)?; // hash [:32] + // This does a keccak to achieve equivalence with 4844 commitment hash check. + // It adds the sha2 data as well so that the 'leafContents' variable in the OneStepProverHostIo.sol + // file can be used as well. + let mut to_be_hashed_data = commitment_encoded_bytes.to_vec(); + to_be_hashed_data.extend(expected_hash); + let mut keccak256_hasher = Keccak256::new(); + keccak256_hasher.update(&*to_be_hashed_data); + let keccak256_result: [u8; 32] = keccak256_hasher.finalize().into(); + + out.write_all(&keccak256_result)?; // hash [:32] out.write_all(&*z)?; // evaluation point [32:64] out.write_all(&*proven_y)?; // expected output [64:96] out.write_all(&xminusz_encoded_bytes)?; // g2TauMinusG2z [96:224] @@ -171,6 +179,6 @@ pub fn prove_kzg_preimage_bn254( fn append_left_padded_biguint_be(vec: &mut Vec, biguint: &BigUint) { let bytes = biguint.to_bytes_be(); let padding = 32 - bytes.len(); - vec.extend_from_slice(&vec![0; padding]); + vec.extend(std::iter::repeat(0).take(padding)); vec.extend_from_slice(&bytes); } diff --git a/arbitrator/prover/src/utils.rs b/arbitrator/prover/src/utils.rs index 7786395bc..556b1de72 100644 --- a/arbitrator/prover/src/utils.rs +++ b/arbitrator/prover/src/utils.rs @@ -220,7 +220,8 @@ pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> { let blob_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg_bn254.commit(&blob_polynomial)?; - + + // This is serialized in little endian format. let mut commitment_bytes = Vec::new(); blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; From 38920deda013eaae24f81395c3374985366f9865 Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 13:54:07 -0700 Subject: [PATCH 13/19] cleanup --- arbitrator/prover/src/kzgbn254.rs | 44 +++++++++---------------------- arbitrator/prover/src/utils.rs | 26 +++++++++++++----- 2 files changed, 32 insertions(+), 38 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index 125c9cfb7..ad5c215c6 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -1,4 +1,4 @@ -use crate::Bytes32; +use crate::{Bytes32, utils::append_left_padded_biguint_be}; use ark_bn254::G2Affine; use ark_ec::{AffineRepr, CurveGroup}; use ark_ff::{BigInteger, PrimeField}; @@ -46,18 +46,21 @@ pub fn prove_kzg_preimage_bn254( blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?; - // This is serialized in little endian format. - let mut commitment_bytes = Vec::new(); - blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; - let mut expected_hash: Bytes32 = Sha256::digest(&*commitment_bytes).into(); + let commitment_x_bigint: BigUint = blob_commitment.x.into(); + let commitment_y_bigint: BigUint = blob_commitment.y.into(); + let mut commitment_encoded_bytes = Vec::with_capacity(32); + append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint); + append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint); - expected_hash[0] = 1; + let mut keccak256_hasher = Keccak256::new(); + keccak256_hasher.update(&commitment_encoded_bytes); + let commitment_hash: Bytes32 = keccak256_hasher.finalize().into(); ensure!( - hash == expected_hash, + hash == commitment_hash, "Trying to prove versioned hash {} preimage but recomputed hash {}", hash, - expected_hash, + commitment_hash, ); ensure!( @@ -138,13 +141,6 @@ pub fn prove_kzg_preimage_bn254( append_left_padded_biguint_be(&mut xminusz_encoded_bytes, &xminusz_y1); append_left_padded_biguint_be(&mut xminusz_encoded_bytes, &xminusz_y0); - // encode the commitment - let commitment_x_bigint: BigUint = blob_commitment.x.into(); - let commitment_y_bigint: BigUint = blob_commitment.y.into(); - let mut commitment_encoded_bytes = Vec::with_capacity(32); - append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint); - append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint); - // encode the proof let proof_x_bigint: BigUint = kzg_proof.x.into(); let proof_y_bigint: BigUint = kzg_proof.y.into(); @@ -155,16 +151,7 @@ pub fn prove_kzg_preimage_bn254( let mut length_bytes = Vec::with_capacity(32); append_left_padded_biguint_be(&mut length_bytes, &BigUint::from(length_usize)); - // This does a keccak to achieve equivalence with 4844 commitment hash check. - // It adds the sha2 data as well so that the 'leafContents' variable in the OneStepProverHostIo.sol - // file can be used as well. - let mut to_be_hashed_data = commitment_encoded_bytes.to_vec(); - to_be_hashed_data.extend(expected_hash); - let mut keccak256_hasher = Keccak256::new(); - keccak256_hasher.update(&*to_be_hashed_data); - let keccak256_result: [u8; 32] = keccak256_hasher.finalize().into(); - - out.write_all(&keccak256_result)?; // hash [:32] + out.write_all(&commitment_hash.to_vec())?; // hash [:32] out.write_all(&*z)?; // evaluation point [32:64] out.write_all(&*proven_y)?; // expected output [64:96] out.write_all(&xminusz_encoded_bytes)?; // g2TauMinusG2z [96:224] @@ -175,10 +162,3 @@ pub fn prove_kzg_preimage_bn254( Ok(()) } -// Helper function to append BigUint bytes into the vector with padding; left padded big endian bytes to 32 -fn append_left_padded_biguint_be(vec: &mut Vec, biguint: &BigUint) { - let bytes = biguint.to_bytes_be(); - let padding = 32 - bytes.len(); - vec.extend(std::iter::repeat(0).take(padding)); - vec.extend_from_slice(&bytes); -} diff --git a/arbitrator/prover/src/utils.rs b/arbitrator/prover/src/utils.rs index 556b1de72..642c45ab7 100644 --- a/arbitrator/prover/src/utils.rs +++ b/arbitrator/prover/src/utils.rs @@ -15,6 +15,7 @@ use sha2::Sha256; use sha3::Keccak256; use std::{borrow::Borrow, convert::TryInto, fmt, fs::File, io::Read, ops::Deref, path::Path}; use wasmparser::{RefType, TableType}; +use num::BigUint; /// A Vec allocated with libc::malloc pub struct CBytes { @@ -192,8 +193,18 @@ pub fn split_import(qualified: &str) -> Result<(&str, &str)> { Ok((module, name)) } +// Helper function to append BigUint bytes into the vector with padding; left padded big endian bytes to 32 +pub fn append_left_padded_biguint_be(vec: &mut Vec, biguint: &BigUint) { + let bytes = biguint.to_bytes_be(); + let padding = 32 - bytes.len(); + vec.extend(std::iter::repeat(0).take(padding)); + vec.extend_from_slice(&bytes); +} + + #[cfg(feature = "native")] pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> { + match ty { PreimageType::Keccak256 => Ok(Keccak256::digest(preimage).into()), PreimageType::Sha2_256 => Ok(Sha256::digest(preimage).into()), @@ -221,12 +232,15 @@ pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> { let blob_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg_bn254.commit(&blob_polynomial)?; - // This is serialized in little endian format. - let mut commitment_bytes = Vec::new(); - blob_commitment.serialize_uncompressed(&mut commitment_bytes)?; - - let mut commitment_hash: [u8; 32] = Sha256::digest(&commitment_bytes).into(); - commitment_hash[0] = 1; + let commitment_x_bigint: BigUint = blob_commitment.x.into(); + let commitment_y_bigint: BigUint = blob_commitment.y.into(); + let mut commitment_encoded_bytes = Vec::with_capacity(32); + append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint); + append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint); + + let mut keccak256_hasher = Keccak256::new(); + keccak256_hasher.update(&commitment_encoded_bytes); + let commitment_hash: [u8; 32] = keccak256_hasher.finalize().into(); Ok(commitment_hash) } From 4f961105e3d01d9b0a568e3aa312d4d6ed72fe5a Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 13:54:32 -0700 Subject: [PATCH 14/19] using keccak hash instead of sha256. Removing 0x01 first byte set --- arbitrator/prover/test-cases/rust/src/bin/host-io.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arbitrator/prover/test-cases/rust/src/bin/host-io.rs b/arbitrator/prover/test-cases/rust/src/bin/host-io.rs index 7c28174f4..aadfcb78c 100644 --- a/arbitrator/prover/test-cases/rust/src/bin/host-io.rs +++ b/arbitrator/prover/test-cases/rust/src/bin/host-io.rs @@ -111,7 +111,7 @@ fn main() { for i in 0..5{ // test-files srs 011e229d75b13559dcb2d757ecae9b66fa579268e28e196789503322115c06e1 // mainnet srs 01605220b6928163676612ca50bbe5e0c595052876796dbedeae8ef597c9fdcf - let eigen_hash = hex!("01605220b6928163676612ca50bbe5e0c595052876796dbedeae8ef597c9fdcf"); + let eigen_hash = hex!("13bbacb54f9aa9896af97156ca4dfc626e94031c5ed78fea68659e4ec9c9c55a"); bytebuffer = Bytes32(eigen_hash); let actual_len = wavm_read_eigen_da_hash_preimage(bytebuffer.0.as_mut_ptr(), i * 32); From 1b6043b3aea0de4a451761f04acfdde35b4ac8cb Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 15:04:08 -0700 Subject: [PATCH 15/19] cargo fmt and removing unwanted println --- arbitrator/prover/src/kzgbn254.rs | 6 ++---- arbitrator/prover/src/machine.rs | 2 -- arbitrator/prover/src/utils.rs | 6 ++---- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/arbitrator/prover/src/kzgbn254.rs b/arbitrator/prover/src/kzgbn254.rs index ad5c215c6..b72eb5d19 100644 --- a/arbitrator/prover/src/kzgbn254.rs +++ b/arbitrator/prover/src/kzgbn254.rs @@ -1,4 +1,4 @@ -use crate::{Bytes32, utils::append_left_padded_biguint_be}; +use crate::{utils::append_left_padded_biguint_be, Bytes32}; use ark_bn254::G2Affine; use ark_ec::{AffineRepr, CurveGroup}; use ark_ff::{BigInteger, PrimeField}; @@ -7,9 +7,8 @@ use eyre::{ensure, Result}; use kzgbn254::{blob::Blob, kzg::Kzg, polynomial::PolynomialFormat}; use num::BigUint; use sha2::{Digest, Sha256}; -use std::io::Write; use sha3::Keccak256; - +use std::io::Write; lazy_static::lazy_static! { @@ -161,4 +160,3 @@ pub fn prove_kzg_preimage_bn254( Ok(()) } - diff --git a/arbitrator/prover/src/machine.rs b/arbitrator/prover/src/machine.rs index 11a803978..2081e2553 100644 --- a/arbitrator/prover/src/machine.rs +++ b/arbitrator/prover/src/machine.rs @@ -2466,8 +2466,6 @@ impl Machine { if !preimage.len().is_power_of_two() { bail!("EigenDA hash preimage length should be a power of two but is instead {}", preimage.len()); } - - println!("EIGENDA HASH PREIMAGE: {:?}", preimage); } let offset = usize::try_from(offset).unwrap(); diff --git a/arbitrator/prover/src/utils.rs b/arbitrator/prover/src/utils.rs index 642c45ab7..d8880b845 100644 --- a/arbitrator/prover/src/utils.rs +++ b/arbitrator/prover/src/utils.rs @@ -10,12 +10,12 @@ use c_kzg::{Blob, KzgCommitment}; use digest::Digest; use eyre::{eyre, Result}; use kzgbn254::{blob::Blob as EigenDABlob, kzg::Kzg as KzgBN254, polynomial::PolynomialFormat}; +use num::BigUint; use serde::{Deserialize, Serialize}; use sha2::Sha256; use sha3::Keccak256; use std::{borrow::Borrow, convert::TryInto, fmt, fs::File, io::Read, ops::Deref, path::Path}; use wasmparser::{RefType, TableType}; -use num::BigUint; /// A Vec allocated with libc::malloc pub struct CBytes { @@ -201,10 +201,8 @@ pub fn append_left_padded_biguint_be(vec: &mut Vec, biguint: &BigUint) { vec.extend_from_slice(&bytes); } - #[cfg(feature = "native")] pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> { - match ty { PreimageType::Keccak256 => Ok(Keccak256::digest(preimage).into()), PreimageType::Sha2_256 => Ok(Sha256::digest(preimage).into()), @@ -231,7 +229,7 @@ pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> { let blob_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?; let blob_commitment = kzg_bn254.commit(&blob_polynomial)?; - + let commitment_x_bigint: BigUint = blob_commitment.x.into(); let commitment_y_bigint: BigUint = blob_commitment.y.into(); let mut commitment_encoded_bytes = Vec::with_capacity(32); From e64ad5728462afce476f250b117280eaa3c4b026 Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 15:14:59 -0700 Subject: [PATCH 16/19] pointing to custom branch --- .gitmodules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index fd61e83c7..ad51bfdca 100644 --- a/.gitmodules +++ b/.gitmodules @@ -15,8 +15,8 @@ url = https://github.com/WebAssembly/testsuite.git [submodule "contracts"] path = contracts - url = https://github.com/Layr-Labs/nitro-contracts.git - branch = eigenda--v3.0.3 + url = git@github.com:Layr-Labs/nitro-contracts.git + branch = new-osp-fixes-v3.0.3 [submodule "nitro-testnode"] path = nitro-testnode url = https://github.com/Layr-Labs/nitro-testnode.git From fdc5e39225689082f4f9269652727c3a4d7bea48 Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 15:20:14 -0700 Subject: [PATCH 17/19] submodules chnages --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index ad51bfdca..dbe85a999 100644 --- a/.gitmodules +++ b/.gitmodules @@ -15,7 +15,7 @@ url = https://github.com/WebAssembly/testsuite.git [submodule "contracts"] path = contracts - url = git@github.com:Layr-Labs/nitro-contracts.git + url = https://github.com/Layr-Labs/nitro-contracts.git branch = new-osp-fixes-v3.0.3 [submodule "nitro-testnode"] path = nitro-testnode From d1a77ba1007f1c883ce2ba4caf4fc9e393debb45 Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 18:41:39 -0700 Subject: [PATCH 18/19] changing hash commit --- arbitrator/prover/test-cases/go/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arbitrator/prover/test-cases/go/main.go b/arbitrator/prover/test-cases/go/main.go index c708744ca..fe174d075 100644 --- a/arbitrator/prover/test-cases/go/main.go +++ b/arbitrator/prover/test-cases/go/main.go @@ -211,7 +211,7 @@ func main() { } } // EIGENDA COMMIT HASH - _, err = wavmio.ResolveTypedPreimage(arbutil.EigenDaPreimageType, common.HexToHash("01605220b6928163676612ca50bbe5e0c595052876796dbedeae8ef597c9fdcf")) + _, err = wavmio.ResolveTypedPreimage(arbutil.EigenDaPreimageType, common.HexToHash("13bbacb54f9aa9896af97156ca4dfc626e94031c5ed78fea68659e4ec9c9c55a")) if err != nil { panic(fmt.Sprintf("failed to resolve eigenda preimage: %v", err)) } From 7236bfe018946eba64cfeb389d9394630bf37dc5 Mon Sep 17 00:00:00 2001 From: anupsv Date: Tue, 13 Aug 2024 19:53:43 -0700 Subject: [PATCH 19/19] linting issue --- arbos/programs/api.go | 2 +- cmd/nitro/config_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arbos/programs/api.go b/arbos/programs/api.go index c8241a72b..abb7bc433 100644 --- a/arbos/programs/api.go +++ b/arbos/programs/api.go @@ -220,7 +220,7 @@ func newApiClosures( if suberr != nil { addr = zeroAddr } - if !errors.Is(vm.ErrExecutionReverted, suberr) { + if !errors.Is(vm.ErrExecutionReverted, suberr) { //nolint:all res = nil // returnData is only provided in the revert case (opCreate) } interpreter.SetReturnData(res) diff --git a/cmd/nitro/config_test.go b/cmd/nitro/config_test.go index d76dd1b7b..b6adac635 100644 --- a/cmd/nitro/config_test.go +++ b/cmd/nitro/config_test.go @@ -73,7 +73,7 @@ func TestReloads(t *testing.T) { hot := node.Type().Field(i).Tag.Get("reload") == "hot" dot := path + "." + node.Type().Field(i).Name if hot && cold { - t.Fatalf(fmt.Sprintf( + t.Fatalf(fmt.Sprintf( //nolint:all "Option %v%v%v is reloadable but %v%v%v is not", colors.Red, dot, colors.Clear, colors.Red, path, colors.Clear,