ed255/pod2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

No Pod IDs (#394)

Browse source 
- middleware:
  - Add `Statement::Intro`
  - Add `SignedBy` native predicate and operation.  The signature is auxiliary data to the operation
  - Rename `PodSigner` to `Signer` with a new API (just for signing `RawValue`)
  - Removed `NewEntry` operation.  Use `ContainsFromEntries` instead
  - Remove `KEY_SIGNER` and `KEY_TYPE` which are no longer used
  - Merge `RecursivePod` and `Pod` traits
  - Change the `Pod::deserialize_data` method to use `Self` instead of `Box<dyn Pod>` 
  - Extend `Pod` trait with these methods:
    - `is_main`: when the pod is Main, in a (recursive) verification its vk will be checked to exist in the vd_set but not if it's intro pod
    - `is_mock`: skip some verifications in the recursive mock MainPod verification
    - `verifier_data_hash`
    - `pod_id` renamed to `statements_hash`
  - AnchoredKeys are now a pair of dictionary root and key
  - Entry statements are now defined as Contains with literal arguments
    - Operations that take Entries now use Contains statements with literal arguments
- frontend:
  - Rename `SignedPod` to `SignedDict` (which now contains the dict, public key and signature, and can still `verify(self)`ed)
  - The `SignedDict` keeps the method `get_statement` for convenience but now it returns a `Contains` statement that proves the existence of the key in the dict
  - The `MainPodBuilder` automatically inserts a `Contains` statement when an operation is added that uses an entry as argument that was not yet "opened".
  - Removed the `literal` methods from the `MainPodBuilder` that were loading literals to anchored keys: that was no longer needed after we introduced literal arguments
- backend
  - Only verify inclusion of the verifying key into the vd_set if the pod is MainPod.  A pod is not MainPod if the first statement is Intro.
  - Reject intro pods that have non-intro statements
  - Empty pod now returns an intro statement
  - Don't insert a type statement automatically in MainPod and MockMainPod.  We get rid of the type entry.
  - Implement `SignedBy` operation, which uses the muxed table to store signature verifications
- Rename `PodId` to `statements_hash` or `sts_hash` for short.  Now this is only used as a hash of the statements for the circuits public inputs.
- Refactor normalization of `self` statements:
  - Before: replace values that contain `SELF` by the given pod_id
  - After: place the verifying key hash into the Intro predicates
This commit is contained in:
Eduard S. 2025-08-27 13:19:40 +02:00 committed by GitHub
parent 122f9c3cac
commit 0e2f7b756e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
39 changed files with 2127 additions and 3064 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/lang/grammar.pest
View file

@ -15,8 +15,6 @@ identifier = @{ !("private") ~ (ASCII_ALPHA | "_") ~ (ASCII_ALPHANUMERIC | "_")*
private_kw = { "private:" }
self_keyword = @{ "SELF" }
// Define wildcard names (start with '?')
wildcard = @{ "?" ~ identifier }
@ -66,10 +64,8 @@ literal_value = {
literal_array |
literal_bool |
literal_raw |
literal_pod_id |
literal_string |
literal_int |
self_keyword
literal_int
}
// Primitive literal types
@ -81,7 +77,6 @@ literal_bool = @{ "true" | "false" }
hash_hex = @{ "0x" ~ (ASCII_HEX_DIGIT ~ ASCII_HEX_DIGIT){32} }
literal_raw = { "Raw" ~ "(" ~ hash_hex ~ ")" }
literal_pod_id = { hash_hex }
// String literal parsing based on https://pest.rs/book/examples/json.html
literal_string = ${ "\"" ~ inner ~ "\"" } // Compound atomic string rule
@ -114,7 +109,6 @@ test_wildcard = { SOI ~ wildcard ~ EOI }
test_literal_int = { SOI ~ literal_int ~ EOI }
test_hash_hex = { SOI ~ hash_hex ~ EOI }
test_literal_raw = { SOI ~ literal_raw ~ EOI }
test_literal_pod_id = { SOI ~ literal_pod_id ~ EOI }
test_literal_value = { SOI ~ literal_value ~ EOI }
test_statement = { SOI ~ statement ~ EOI }
test_custom_predicate_def = { SOI ~ custom_predicate_def ~ EOI }

89
src/lang/mod.rs
View file

@ -32,9 +32,8 @@ mod tests {
backends::plonky2::primitives::ec::schnorr::SecretKey,
lang::error::ProcessorError,
middleware::{
hash_str, CustomPredicate, CustomPredicateBatch, CustomPredicateRef, Key,
NativePredicate, Params, PodId, PodType, Predicate, RawValue, StatementTmpl,
StatementTmplArg, Value, Wildcard, KEY_SIGNER, KEY_TYPE, SELF,
CustomPredicate, CustomPredicateBatch, CustomPredicateRef, Key, NativePredicate,
Params, Predicate, RawValue, StatementTmpl, StatementTmplArg, Value, Wildcard,
},
};
@ -107,7 +106,7 @@ mod tests {
fn test_e2e_simple_request() -> Result<(), LangError> {
let input = r#"
REQUEST(
Equal(?ConstPod["my_val"], 0x0000000000000000000000000000000000000000000000000000000000000001)
Equal(?ConstPod["my_val"], Raw(0x0000000000000000000000000000000000000000000000000000000000000001))
Lt(?GovPod["dob"], ?ConstPod["my_val"])
)
"#;
@ -482,10 +481,8 @@ mod tests {
#[test]
fn test_e2e_ethdos_predicates() -> Result<(), LangError> {
let params = Params {
max_input_signed_pods: 3,
max_input_recursive_pods: 3,
max_input_pods: 3,
max_statements: 31,
max_signed_pod_values: 8,
max_public_statements: 10,
max_statement_args: 6,
max_operation_args: 5,
@ -496,10 +493,9 @@ mod tests {
};
let input = r#"
eth_friend(src, dst, private: attestation_pod) = AND(
Equal(?attestation_pod["_type"], 1)
Equal(?attestation_pod["_signer"], ?src)
Equal(?attestation_pod["attestation"], ?dst)
eth_friend(src, dst, private: attestation_dict) = AND(
SignedBy(?attestation_dict, ?src)
Equal(?attestation_dict["attestation"], ?dst)
)
eth_dos_distance_base(src, dst, distance) = AND(
@ -536,23 +532,13 @@ mod tests {
// eth_friend (Index 0)
let expected_friend_stmts = vec![
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![
sta_ak(("attestation_pod", 2), "_type"), // Pub(0-1), Priv(2)
sta_lit(PodType::Signed),
],
pred: Predicate::Native(NativePredicate::SignedBy),
args: vec![sta_wc_lit("attestation_dict", 2), sta_wc_lit("src", 0)],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![
sta_ak(("attestation_pod", 2), "_signer"),
sta_wc_lit("src", 0), // Pub arg 0
],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![
sta_ak(("attestation_pod", 2), "attestation"),
sta_ak(("attestation_dict", 2), "attestation"),
sta_wc_lit("dst", 1), // Pub arg 1
],
},
@ -563,7 +549,7 @@ mod tests {
true, // AND
expected_friend_stmts,
2, // public_args_len: src, dst
names(&["src", "dst", "attestation_pod"]),
names(&["src", "dst", "attestation_dict"]),
)?;
// eth_dos_distance_base (Index 1)
@ -853,7 +839,6 @@ mod tests {
#[test]
fn test_e2e_literals() -> Result<(), LangError> {
let pk = crate::backends::plonky2::primitives::ec::curve::Point::generator();
let pod_id = PodId(hash_str("test"));
let raw = RawValue::from(1);
let string = "hello";
let int = 123;
@ -864,17 +849,14 @@ mod tests {
r#"
REQUEST(
Equal(?A["pk"], {})
Equal(?B["pod_id"], {})
Equal(?C["raw"], {})
Equal(?D["string"], {})
Equal(?E["int"], {})
Equal(?F["bool"], {})
Equal(?G["sk"], {})
Equal(?H["self"], SELF)
Equal(?B["raw"], {})
Equal(?C["string"], {})
Equal(?D["int"], {})
Equal(?E["bool"], {})
Equal(?F["sk"], {})
)
"#,
Value::from(pk).to_podlang_string(),
Value::from(pod_id).to_podlang_string(),
Value::from(raw).to_podlang_string(),
Value::from(string).to_podlang_string(),
Value::from(int).to_podlang_string(),
@ -884,7 +866,6 @@ mod tests {
/*
REQUEST(
Equal(?A["pk"], PublicKey(3t9fNuU194n7mSJPRdeaJRMqw6ZQCUddzvECWNe1k2b1rdBezXpJxF))
Equal(?B["pod_id"], 0x735b31d3aad0f5b66002ffe1dc7d2eaa0ee9c59c09b641e8261530c5f3a02f29)
Equal(?C["raw"], Raw(0x0000000000000000000000000000000000000000000000000000000000000001))
Equal(?D["string"], "hello")
Equal(?E["int"], 123)
@ -905,31 +886,23 @@ mod tests {
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("B", 1), "pod_id"), sta_lit(Value::from(pod_id))],
args: vec![sta_ak(("B", 1), "raw"), sta_lit(Value::from(raw))],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("C", 2), "raw"), sta_lit(Value::from(raw))],
args: vec![sta_ak(("C", 2), "string"), sta_lit(Value::from(string))],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("D", 3), "string"), sta_lit(Value::from(string))],
args: vec![sta_ak(("D", 3), "int"), sta_lit(Value::from(int))],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("E", 4), "int"), sta_lit(Value::from(int))],
args: vec![sta_ak(("E", 4), "bool"), sta_lit(Value::from(bool))],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("F", 5), "bool"), sta_lit(Value::from(bool))],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("G", 6), "sk"), sta_lit(Value::from(sk))],
},
StatementTmpl {
pred: Predicate::Native(NativePredicate::Equal),
args: vec![sta_ak(("H", 7), "self"), sta_lit(Value::from(SELF))],
args: vec![sta_ak(("F", 5), "sk"), sta_lit(Value::from(sk))],
},
];
@ -972,21 +945,13 @@ mod tests {
let params = Params::default();
let available_batches = &[];
let input = format!(
r#"
identity_verified(username, private: identity_pod) = AND(
Equal(?identity_pod["{key_type}"], {signed_pod_type})
Equal(?identity_pod["{key_signer}"], {identity_server_pk})
Equal(?identity_pod["username"], ?username)
Equal(?identity_pod["user_public_key"], ?user_public_key)
let input = r#"
identity_verified(username, private: identity_dict) = AND(
Equal(?identity_dict["username"], ?username)
Equal(?identity_dict["user_public_key"], ?user_public_key)
)
"#,
key_type = KEY_TYPE,
signed_pod_type = PodType::Signed as u32,
key_signer = KEY_SIGNER,
identity_server_pk =
"0x0000000000000000000000000000000000000000000000000000000000000000"
);
"#
.to_string();
let result = parse(&input, &params, available_batches);

22
src/lang/parser.rs
View file

@ -117,7 +117,7 @@ mod tests {
// Use anchored rule for failure cases
assert_fails(
Rule::test_literal_raw,
"0x0000000000000000000000000000000000000000000000000000000000000000)",
"0x0000000000000000000000000000000000000000000000000000000000000000",
); // Missing Raw() wrapper
assert_fails(Rule::test_literal_raw, "Raw(0xabc)"); // Fails (string is too short)
assert_fails(Rule::test_literal_raw, "Raw(0x)"); // Fails (needs at least one pair)
@ -126,22 +126,6 @@ mod tests {
&format!("Raw(0x{})", "a".repeat(66)),
); // Fails (string is too long)
// PodId (essentially identical to Raw but without the wrapper)
assert_parses(
Rule::literal_pod_id,
"0x0000000000000000000000000000000000000000000000000000000000000000",
);
assert_parses(
Rule::literal_pod_id,
"0xabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd",
);
let long_valid_pod_id = format!("0x{}", "a".repeat(64));
assert_parses(Rule::literal_pod_id, &long_valid_pod_id);
assert_fails(Rule::test_literal_pod_id, "0xabc"); // Fails (string is too short)
assert_fails(Rule::test_literal_pod_id, "0x"); // Fails (needs at least one pair)
assert_fails(Rule::test_literal_pod_id, &format!("0x{}", "a".repeat(66))); // Fails (string is too long)
// String
assert_parses(Rule::literal_string, "\"hello\"");
assert_parses(Rule::literal_string, "\"escaped \\\" quote\"");
@ -163,7 +147,7 @@ mod tests {
assert_parses(Rule::literal_set, "#[1, 2, 3]");
assert_parses(
Rule::literal_set,
"#[ \"a\", 0x0000000000000000000000000000000000000000000000000000000000000000 ]",
"#[ \"a\", Raw(0x0000000000000000000000000000000000000000000000000000000000000000) ]",
);
// Dict
@ -172,7 +156,7 @@ mod tests {
assert_parses(Rule::literal_dict, "{ \"nested\": { \"key\": 1 } }");
assert_parses(
Rule::literal_dict,
"{ \"raw_val\": 0x0000000000000000000000000000000000000000000000000000000000000000 } ",
"{ \"raw_val\": Raw(0x0000000000000000000000000000000000000000000000000000000000000000) } ",
);
assert_fails(Rule::literal_dict, "{ name: \"Alice\" }"); // Key must be string literal with quotes
}

13
src/lang/pretty_print.rs
View file

@ -64,6 +64,9 @@ impl StatementTmpl {
Predicate::Custom(custom_ref) => {
write!(w, "{}", custom_ref.predicate().name)?;
}
Predicate::Intro(intro_ref) => {
write!(w, "{}", intro_ref.name)?;
}
Predicate::BatchSelf(index) => {
if let Some(batch) = batch_context {
if let Some(predicate) = batch.predicates.get(*index) {
@ -523,16 +526,6 @@ mod tests {
assert_round_trip(&input);
}
#[test]
fn test_round_trip_self() {
let input = r#"
self_test(Pod) = AND(
Equal(?Pod["self"], SELF)
)
"#;
assert_round_trip(input);
}
#[test]
fn test_pretty_print_demonstration() {
let input = r#"

109
src/lang/processor.rs
View file

@ -43,6 +43,7 @@ pub fn native_predicate_from_string(s: &str) -> Option<NativePredicate> {
"MaxOf" => Some(NativePredicate::MaxOf),
"HashOf" => Some(NativePredicate::HashOf),
"PublicKeyOf" => Some(NativePredicate::PublicKeyOf),
"SignedBy" => Some(NativePredicate::SignedBy),
"DictContains" => Some(NativePredicate::DictContains),
"DictNotContains" => Some(NativePredicate::DictNotContains),
"ArrayContains" => Some(NativePredicate::ArrayContains),
@ -328,17 +329,17 @@ fn pest_pair_to_builder_arg(
}
Rule::anchored_key => {
let mut inner_ak_pairs = arg_content_pair.clone().into_inner();
let pod_id_pair = inner_ak_pairs.next().unwrap();
let pod_id_wc_str = pod_id_pair.as_str().strip_prefix("?").unwrap();
let root_pair = inner_ak_pairs.next().unwrap();
let root_wc_str = root_pair.as_str().strip_prefix("?").unwrap();
if let StatementContext::CustomPredicate {
argument_names,
pred_name,
} = context
{
if !argument_names.contains(pod_id_wc_str) {
if !argument_names.contains(root_wc_str) {
return Err(ProcessorError::UndefinedWildcard {
name: pod_id_wc_str.to_string(),
name: root_wc_str.to_string(),
pred_name: pred_name.to_string(),
span: Some(get_span(arg_content_pair)),
});
@ -347,12 +348,44 @@ fn pest_pair_to_builder_arg(
let key_part_pair = inner_ak_pairs.next().unwrap();
let key_str = parse_pest_string_literal(&key_part_pair)?;
Ok(BuilderArg::Key(pod_id_wc_str.to_string(), key_str))
Ok(BuilderArg::Key(root_wc_str.to_string(), key_str))
}
_ => unreachable!("Unexpected rule: {:?}", arg_content_pair.as_rule()),
}
}
fn validate_dyn_len_predicate(
stmt_name_str: &str,
args: &[BuilderArg],
expected_arity: usize,
stmt_span: (usize, usize),
stmt_name_span: (usize, usize),
) -> Result<(), ProcessorError> {
if args.len() != expected_arity {
return Err(ProcessorError::ArgumentCountMismatch {
predicate: stmt_name_str.to_string(),
expected: expected_arity,
found: args.len(),
span: Some(stmt_name_span),
});
}
for (idx, arg) in args.iter().enumerate() {
if !matches!(arg, BuilderArg::WildcardLiteral(_) | BuilderArg::Literal(_)) {
return Err(ProcessorError::TypeError {
expected: "Wildcard or Literal".to_string(),
found: format!("{:?}", arg),
item: format!(
"argument {} of custom predicate call '{}'",
idx + 1,
stmt_name_str
),
span: Some(stmt_span),
});
}
}
Ok(())
}
fn validate_and_build_statement_template(
stmt_name_str: &str,
pred: &Predicate,
@ -374,7 +407,8 @@ fn validate_and_build_statement_template(
| NativePredicate::DictNotContains
| NativePredicate::SetNotContains
| NativePredicate::NotContains
| NativePredicate::PublicKeyOf => 2,
| NativePredicate::PublicKeyOf
| NativePredicate::SignedBy => 2,
NativePredicate::Contains
| NativePredicate::ArrayContains
| NativePredicate::DictContains
@ -405,28 +439,23 @@ fn validate_and_build_statement_template(
}
Predicate::Custom(custom_ref) => {
let expected_arity = custom_ref.predicate().args_len;
if args.len() != expected_arity {
return Err(ProcessorError::ArgumentCountMismatch {
predicate: stmt_name_str.to_string(),
expected: expected_arity,
found: args.len(),
span: Some(stmt_name_span),
});
}
for (idx, arg) in args.iter().enumerate() {
if !matches!(arg, BuilderArg::WildcardLiteral(_) | BuilderArg::Literal(_)) {
return Err(ProcessorError::TypeError {
expected: "Wildcard or Literal".to_string(),
found: format!("{:?}", arg),
item: format!(
"argument {} of custom predicate call '{}'",
idx + 1,
stmt_name_str
),
span: Some(stmt_span),
});
}
}
validate_dyn_len_predicate(
stmt_name_str,
&args,
expected_arity,
stmt_span,
stmt_name_span,
)?;
}
Predicate::Intro(intro_ref) => {
let expected_arity = intro_ref.args_len;
validate_dyn_len_predicate(
stmt_name_str,
&args,
expected_arity,
stmt_span,
stmt_name_span,
)?;
}
Predicate::BatchSelf(_) => {
let (_original_pred_idx, expected_arity_val) = processing_ctx
@ -650,8 +679,8 @@ fn process_statement_template(
for arg in &builder_args {
match arg {
BuilderArg::WildcardLiteral(name) => temp_stmt_wildcard_names.push(name.clone()),
BuilderArg::Key(pod_id_wc_str, _key_str) => {
temp_stmt_wildcard_names.push(pod_id_wc_str.clone());
BuilderArg::Key(root_wc_str, _key_str) => {
temp_stmt_wildcard_names.push(root_wc_str.clone());
}
_ => {}
}
@ -742,14 +771,6 @@ fn process_literal_value(
})
.map(Value::from)
}
Rule::literal_pod_id => {
let hex_str_no_prefix = inner_lit
.as_str()
.strip_prefix("0x")
.unwrap_or(inner_lit.as_str());
let pod_id = parse_hex_str_to_pod_id(hex_str_no_prefix)?;
Ok(Value::from(pod_id))
}
Rule::literal_public_key => {
let pk_str_pair = inner_lit.into_inner().next().unwrap();
let pk_b58 = pk_str_pair.as_str();
@ -826,7 +847,6 @@ fn process_literal_value(
})?;
Ok(Value::from(secret_key))
}
Rule::self_keyword => Ok(Value::from(middleware::SELF)),
_ => unreachable!("Unexpected rule: {:?}", inner_lit.as_rule()),
}
}
@ -912,11 +932,6 @@ fn parse_hex_str_to_raw_value(hex_str: &str) -> Result<middleware::RawValue, Pro
Ok(middleware::RawValue(v))
}
fn parse_hex_str_to_pod_id(hex_str: &str) -> Result<middleware::PodId, ProcessorError> {
let raw = parse_hex_str_to_raw_value(hex_str)?;
Ok(middleware::PodId(raw.into()))
}
// Helper to resolve a wildcard name string to an indexed middleware::Wildcard
// based on an ordered list of names from the current scope (e.g., request or predicate def).
fn resolve_wildcard(
@ -945,10 +960,10 @@ fn resolve_request_statement_builder(
for builder_arg in stb.args {
let mw_arg = match builder_arg {
BuilderArg::Literal(v) => StatementTmplArg::Literal(v),
BuilderArg::Key(pod_id_wc_str, key_str) => {
let pod_id_wc = resolve_wildcard(ordered_request_wildcard_names, &pod_id_wc_str)?;
BuilderArg::Key(root_wc_str, key_str) => {
let root_wc = resolve_wildcard(ordered_request_wildcard_names, &root_wc_str)?;
let key = Key::from(key_str);
StatementTmplArg::AnchoredKey(pod_id_wc, key)
StatementTmplArg::AnchoredKey(root_wc, key)
}
BuilderArg::WildcardLiteral(wc_name) => {
let wc = resolve_wildcard(ordered_request_wildcard_names, &wc_name)?;