Skip to content
This repository was archived by the owner on May 3, 2024. It is now read-only.

PI circuit for A5 testnet #149

Closed
wants to merge 1 commit into from
Closed

PI circuit for A5 testnet #149

wants to merge 1 commit into from
+50 −34

Conversation

CeciliaZ030
Copy link

@CeciliaZ030 CeciliaZ030 commented Sep 4, 2023
edited
Loading

Description

Prove protocol instance get from Taiko contract.

keccak256(abi.encode(
            evidance.metaHash,
            evidance.parentHash,
            evidance.blockHash,
            evidance.signalRoot,
            evidance.graffiti,
            evidance.prover
 ));
  1. bytes of keccak_output <==> 'hi' and lo values in circuit's instance column
  2. parentHash can be found in historical hashes of circuit. (BlockTable lookup)
  3. blockHash can be found in circuit. (BlockTable lookup)
  4. [RLC(abi encoded values above), len, RLC(bytes of keccak_output)] can be found in KeccakTable lookup.

Issue Link

#138 converted for A5 testnet

Type of change

  • Rewrite most logics in circuit-tools

Sorry, something went wrong.

@CeciliaZ030 CeciliaZ030 marked this pull request as ready for review September 4, 2023 09:55
Brechtpd
Brechtpd reviewed Sep 4, 2023
View reviewed changes
Copy link

@Brechtpd Brechtpd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks good! Just some minor feedback, not sure if phase2

Performance wise this will do all constraints on every row and will do more rotations than the previous version, but seems like that shouldn't really impact performance in any significant way so I think a good tradeoff for simplicity.

zkevm-circuits/src/taiko_pi_circuit.rs Outdated
Comment on lines 204 to 215
keccaked_pi
.iter()
.take(16)
.fold(F::ZERO, |acc: F, byte| {
acc * F::from(BYTE_POW_BASE) + F::from(*byte as u64)
}),
keccaked_pi
.iter()
.skip(16)
.fold(F::ZERO, |acc: F, byte| {
acc * F::from(BYTE_POW_BASE) + F::from(*byte as u64)
})
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use decode::value (or rlc::value, though decode makes it more clear what is being done).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is from John's old version haha

zkevm-circuits/src/taiko_pi_circuit.rs Outdated
"PI acc constraints",
|meta| {
circuit!([meta, cb], {
for (n, b, acc) in [parent_hash.clone() , block_hash.clone()] {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

n, b and even acc not the most self explaining names, especially because the values come from a tuple where they are also not named.

Copy link
Author

@CeciliaZ030 CeciliaZ030 Sep 5, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will change :)

zkevm-circuits/src/taiko_pi_circuit.rs
0,
DEFAULT_LEN,
);
let mut cb: ConstraintBuilder<F, PiCellType> = ConstraintBuilder::new(4, Some(cm.clone()), Some(evm_word.expr()));
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this set to 4 instead of 5 because the q_enable selector is added afterwards and so doesn't get counted while adding the constraints? Seems like another good reason not to do it I think, more edge cases to take into account! (no problem of doing it like this for this temporary version though).

Copy link
Author

@CeciliaZ030 CeciliaZ030 Sep 5, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahhh yea! you're right this is such an important point I didn't think of. I'll revert the change to cb.build_constraints then.

@smtmfft
Copy link
Collaborator

smtmfft commented Sep 5, 2023
edited
Loading

Performance wise this will do all constraints on every row and will do more rotations than the previous version, but seems like that shouldn't really impact performance in any significant way so I think a good tradeoff for simplicity.

We have tested a few setups, the original one is single column, which leads to 1 column, >=224 rotations(1 x (32 x 7)) & 1 lookup(for byte), and then it explodes the aggregation circuit degree to 2^24, then we change layout to this 7x32, which means 7 columns, 32 rotations & 7 lookups, by a guessing it should get 4x lower than before, so 2^22 is enough, fortunately the fact is :). We continue guessing that maybe 15*15 is the best under this circuit config situation, can do some experiments later if necessary, after we solve that weird issue.

@CeciliaZ030
update

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
48ba26e
@smtmfft smtmfft changed the base branch from feat/a5-testnet to feat/for-a6-release September 25, 2023 02:50
@smtmfft smtmfft changed the base branch from feat/for-a6-release to main September 25, 2023 02:58
@smtmfft smtmfft changed the base branch from main to feat/a5-testnet September 25, 2023 03:00
@smtmfft
Copy link
Collaborator

smtmfft commented Sep 25, 2023

Closed as a5-testnet is already updated.

@smtmfft smtmfft closed this Sep 25, 2023
@CeciliaZ030 CeciliaZ030 mentioned this pull request Oct 9, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Brechtpd Brechtpd

@johntaiko johntaiko

@smtmfft smtmfft

Assignees
No one assigned
Labels
crate-circuit-benchmarks crate-gadgets crate-zkevm-circuits T-bench
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@CeciliaZ030 @smtmfft @Brechtpd