ed255/pod2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Padding in set target (#200)

Browse source 
* feat: handle padding in set_target

* remove enable from MerkleClaimAndProof

* Update src/backends/plonky2/circuits/mainpod.rs

Co-authored-by: Ahmad Afuni <root@ahmadafuni.com>

---------

Co-authored-by: Ahmad Afuni <root@ahmadafuni.com>
This commit is contained in:
Eduard S. 2025-04-21 17:27:29 +02:00 committed by GitHub
parent 17e6c2a092
commit 26a6b2d143
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 87 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/backends/plonky2/circuits/mainpod.rs
View file

@ -492,10 +492,14 @@ impl MainPodVerifyTarget {
self.statements[i].set_targets(pw, &self.params, st)?; self.statements[i].set_targets(pw, &self.params, st)?;
self.operations[i].set_targets(pw, &self.params, op)?; self.operations[i].set_targets(pw, &self.params, op)?;
} }
assert_eq!(input.merkle_proofs.len(), self.params.max_merkle_proofs); assert!(input.merkle_proofs.len() <= self.params.max_merkle_proofs);
for (i, mp) in input.merkle_proofs.iter().enumerate() { for (i, mp) in input.merkle_proofs.iter().enumerate() {
assert_eq!(mp.proof.siblings.len(), self.params.max_depth_mt_gadget); self.merkle_proofs[i].set_targets(pw, true, mp)?;
self.merkle_proofs[i].set_targets(pw, mp)?; }
// Padding
let pad_mp = MerkleClaimAndProof::empty();
for i in input.merkle_proofs.len()..self.params.max_merkle_proofs {
self.merkle_proofs[i].set_targets(pw, false, &pad_mp)?;
} }
Ok(()) Ok(())
} }
@ -579,7 +583,7 @@ mod tests {
for (merkle_proof_target, merkle_proof) in for (merkle_proof_target, merkle_proof) in
merkle_proofs_target.iter().zip(merkle_proofs.iter()) merkle_proofs_target.iter().zip(merkle_proofs.iter())
{ {
merkle_proof_target.set_targets(&mut pw, &merkle_proof)? merkle_proof_target.set_targets(&mut pw, true, &merkle_proof)?
} }
// generate & verify proof // generate & verify proof
@ -707,12 +711,11 @@ mod tests {
); );
let merkle_proofs = vec![MerkleClaimAndProof::new( let merkle_proofs = vec![MerkleClaimAndProof::new(
params.max_depth_mt_gadget,
Hash::from(root.raw()), Hash::from(root.raw()),
key, key,
None, None,
&no_key_pf, no_key_pf,
)?]; )];
let prev_statements = vec![root_st, key_st]; let prev_statements = vec![root_st, key_st];
operation_verify(st, op, prev_statements, merkle_proofs.clone())?; operation_verify(st, op, prev_statements, merkle_proofs.clone())?;

22
src/backends/plonky2/circuits/signedpod.rs
View file

@ -134,13 +134,8 @@ impl SignedPodVerifyTarget {
let (v, proof) = pod.dict.prove(k)?; let (v, proof) = pod.dict.prove(k)?;
self.mt_proofs[i].set_targets( self.mt_proofs[i].set_targets(
pw, pw,
&MerkleClaimAndProof::new( true,
self.params.max_depth_mt_gadget, &MerkleClaimAndProof::new(pod.dict.commitment(), k.raw(), Some(v.raw()), proof),
pod.dict.commitment(),
k.raw(),
Some(v.raw()),
&proof,
)?,
)?; )?;
Ok(v) Ok(v)
}) })
@ -160,13 +155,8 @@ impl SignedPodVerifyTarget {
self.mt_proofs[curr].set_targets( self.mt_proofs[curr].set_targets(
pw, pw,
&MerkleClaimAndProof::new( true,
self.params.max_depth_mt_gadget, &MerkleClaimAndProof::new(pod.dict.commitment(), k.raw(), Some(v.raw()), proof),
pod.dict.commitment(),
k.raw(),
Some(v.raw()),
&proof,
)?,
)?; )?;
curr += 1; curr += 1;
} }
@ -174,10 +164,10 @@ impl SignedPodVerifyTarget {
assert!(curr <= self.params.max_signed_pod_values); assert!(curr <= self.params.max_signed_pod_values);
// add the proofs of empty leaves (if needed), till the max_signed_pod_values // add the proofs of empty leaves (if needed), till the max_signed_pod_values
let mut mp = MerkleClaimAndProof::empty(self.params.max_depth_mt_gadget); let mut mp = MerkleClaimAndProof::empty();
mp.root = pod.dict.commitment(); mp.root = pod.dict.commitment();
for i in curr..self.params.max_signed_pod_values { for i in curr..self.params.max_signed_pod_values {
self.mt_proofs[i].set_targets(pw, &mp)?; self.mt_proofs[i].set_targets(pw, false, &mp)?;
} }
// get the signer pk // get the signer pk

32
src/backends/plonky2/mainpod/mod.rs
View file

@ -19,7 +19,7 @@ use crate::{
backends::plonky2::{ backends::plonky2::{
basetypes::{C, D}, basetypes::{C, D},
circuits::mainpod::{MainPodVerifyCircuit, MainPodVerifyInput}, circuits::mainpod::{MainPodVerifyCircuit, MainPodVerifyInput},
primitives::{merkletree, merkletree::MerkleClaimAndProof}, primitives::merkletree::MerkleClaimAndProof,
signedpod::SignedPod, signedpod::SignedPod,
}, },
middleware::{ middleware::{
@ -42,7 +42,7 @@ pub(crate) fn extract_merkle_proofs(
params: &Params, params: &Params,
operations: &[middleware::Operation], operations: &[middleware::Operation],
) -> Result<Vec<MerkleClaimAndProof>> { ) -> Result<Vec<MerkleClaimAndProof>> {
let mut merkle_proofs = operations let merkle_proofs: Vec<_> = operations
.iter() .iter()
.flat_map(|op| match op { .flat_map(|op| match op {
middleware::Operation::ContainsFromEntries( middleware::Operation::ContainsFromEntries(
@ -51,40 +51,32 @@ pub(crate) fn extract_merkle_proofs(
middleware::Statement::ValueOf(_, value), middleware::Statement::ValueOf(_, value),
pf, pf,
) => Some(MerkleClaimAndProof::new( ) => Some(MerkleClaimAndProof::new(
params.max_depth_mt_gadget,
Hash::from(root.raw()), Hash::from(root.raw()),
key.raw(), key.raw(),
Some(value.raw()), Some(value.raw()),
pf, pf.clone(),
)), )),
middleware::Operation::NotContainsFromEntries( middleware::Operation::NotContainsFromEntries(
middleware::Statement::ValueOf(_, root), middleware::Statement::ValueOf(_, root),
middleware::Statement::ValueOf(_, key), middleware::Statement::ValueOf(_, key),
pf, pf,
) => Some(MerkleClaimAndProof::new( ) => Some(MerkleClaimAndProof::new(
params.max_depth_mt_gadget,
Hash::from(root.raw()), Hash::from(root.raw()),
key.raw(), key.raw(),
None, None,
pf, pf.clone(),
)), )),
_ => None, _ => None,
}) })
.collect::<Result<Vec<_>>>()?; .collect();
if merkle_proofs.len() > params.max_merkle_proofs { if merkle_proofs.len() > params.max_merkle_proofs {
Err(anyhow!( return Err(anyhow!(
"The number of required Merkle proofs ({}) exceeds the maximum number ({}).", "The number of required Merkle proofs ({}) exceeds the maximum number ({}).",
merkle_proofs.len(), merkle_proofs.len(),
params.max_merkle_proofs params.max_merkle_proofs
)) ));
} else {
fill_pad(
&mut merkle_proofs,
MerkleClaimAndProof::empty(params.max_depth_mt_gadget),
params.max_merkle_proofs,
);
Ok(merkle_proofs)
} }
Ok(merkle_proofs)
} }
/// Find the operation argument statement in the list of previous statements and return the index. /// Find the operation argument statement in the list of previous statements and return the index.
@ -115,12 +107,7 @@ fn find_op_aux(
middleware::OperationAux::MerkleProof(pf_arg) => merkle_proofs middleware::OperationAux::MerkleProof(pf_arg) => merkle_proofs
.iter() .iter()
.enumerate() .enumerate()
.find_map(|(i, pf)| { .find_map(|(i, pf)| (pf.proof == *pf_arg).then_some(i))
pf.clone()
.try_into()
.ok()
.and_then(|mid_pf: merkletree::MerkleProof| (&mid_pf == pf_arg).then_some(i))
})
.map(OperationAux::MerkleProofIndex) .map(OperationAux::MerkleProofIndex)
.ok_or(anyhow!( .ok_or(anyhow!(
"Merkle proof corresponding to op arg {} not found", "Merkle proof corresponding to op arg {} not found",
@ -293,7 +280,6 @@ pub(crate) fn process_public_statements_operations(
pub struct Prover {} pub struct Prover {}
impl PodProver for Prover { impl PodProver for Prover {
// TODO: Be consistent on where we apply the padding, here, or in the set_targets?
fn prove(&mut self, params: &Params, inputs: MainPodInputs) -> Result<Box<dyn Pod>> { fn prove(&mut self, params: &Params, inputs: MainPodInputs) -> Result<Box<dyn Pod>> {
let config = CircuitConfig::standard_recursion_config(); let config = CircuitConfig::standard_recursion_config();
let mut builder = CircuitBuilder::<F, D>::new(config); let mut builder = CircuitBuilder::<F, D>::new(config);

19
src/backends/plonky2/mainpod/operation.rs
View file

@ -74,16 +74,15 @@ impl Operation {
}) })
.collect::<Result<Vec<_>>>()?; .collect::<Result<Vec<_>>>()?;
let deref_aux = match self.2 { let deref_aux = match self.2 {
OperationAux::None => Ok(crate::middleware::OperationAux::None), OperationAux::None => crate::middleware::OperationAux::None,
OperationAux::MerkleProofIndex(i) => merkle_proofs OperationAux::MerkleProofIndex(i) => crate::middleware::OperationAux::MerkleProof(
.get(i) merkle_proofs
.cloned() .get(i)
.ok_or(anyhow!("Missing Merkle proof index {}", i)) .ok_or(anyhow!("Missing Merkle proof index {}", i))?
.and_then(|mp| { .proof
mp.try_into() .clone(),
.map(crate::middleware::OperationAux::MerkleProof) ),
}), };
}?;
middleware::Operation::op(self.0.clone(), &deref_args, &deref_aux) middleware::Operation::op(self.0.clone(), &deref_args, &deref_aux)
} }
} }

80
src/backends/plonky2/primitives/merkletree.rs
View file

@ -1,10 +1,6 @@
//! Module that implements the MerkleTree specified at //! Module that implements the MerkleTree specified at
//! https://0xparc.github.io/pod2/merkletree.html . //! https://0xparc.github.io/pod2/merkletree.html .
use std::{ use std::{collections::HashMap, fmt, iter::IntoIterator};
collections::HashMap,
fmt,
iter::{self, IntoIterator},
};
use anyhow::{anyhow, Result}; use anyhow::{anyhow, Result};
use plonky2::field::types::Field; use plonky2::field::types::Field;
@ -266,94 +262,38 @@ impl MerkleProof {
#[derive(Clone, Debug, PartialEq)] #[derive(Clone, Debug, PartialEq)]
pub struct MerkleClaimAndProof { pub struct MerkleClaimAndProof {
/// `enabled` determines if the merkleproof verification is enabled
pub enabled: bool,
pub root: Hash, pub root: Hash,
pub key: RawValue, pub key: RawValue,
pub value: RawValue, pub value: RawValue,
/// The siblings in this proof are padded to max_depth
pub proof: MerkleProof, pub proof: MerkleProof,
} }
impl MerkleClaimAndProof { impl MerkleClaimAndProof {
pub fn empty(max_depth: usize) -> Self { pub fn empty() -> Self {
Self { Self {
enabled: false,
root: EMPTY_HASH, root: EMPTY_HASH,
key: EMPTY_VALUE, key: EMPTY_VALUE,
value: EMPTY_VALUE, value: EMPTY_VALUE,
proof: MerkleProof { proof: MerkleProof {
existence: true, existence: true,
siblings: iter::repeat(EMPTY_HASH).take(max_depth).collect(), siblings: vec![],
other_leaf: None, other_leaf: None,
}, },
} }
} }
pub fn new( pub fn new(root: Hash, key: RawValue, value: Option<RawValue>, proof: MerkleProof) -> Self {
max_depth: usize, Self {
root: Hash, root,
key: RawValue, key,
value: Option<RawValue>, value: value.unwrap_or(EMPTY_VALUE),
proof: &MerkleProof, proof,
) -> Result<Self> {
if proof.siblings.len() > max_depth {
Err(anyhow!(
"Number of siblings ({}) exceeds maximum depth ({})",
proof.siblings.len(),
max_depth
))
} else {
Ok(Self {
enabled: true,
root,
key,
value: value.unwrap_or(EMPTY_VALUE),
proof: MerkleProof {
existence: proof.existence,
siblings: proof
.siblings
.iter()
.cloned()
.chain(iter::repeat(EMPTY_HASH))
.take(max_depth)
.collect(),
other_leaf: proof.other_leaf,
},
})
} }
} }
} }
impl TryFrom<MerkleClaimAndProof> for MerkleProof {
type Error = anyhow::Error;
fn try_from(mp: MerkleClaimAndProof) -> Result<Self> {
if !mp.enabled {
return Err(anyhow!("Not a valid Merkle proof."));
}
Ok(MerkleProof {
existence: mp.proof.existence,
// Trim padding (if any).
siblings: mp
.proof
.siblings
.into_iter()
.rev()
.skip_while(|s| s == &EMPTY_HASH)
.collect::<Vec<_>>()
.into_iter()
.rev()
.collect(),
other_leaf: mp.proof.other_leaf,
})
}
}
impl fmt::Display for MerkleClaimAndProof { impl fmt::Display for MerkleClaimAndProof {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match MerkleProof::try_from(self.clone()) { self.proof.fmt(f)
Err(_) => write!(f, ""),
Ok(mp) => mp.fmt(f),
}
} }
} }

58
src/backends/plonky2/primitives/merkletree_circuit.rs
View file

@ -158,15 +158,28 @@ impl MerkleProofGadget {
impl MerkleClaimAndProofTarget { impl MerkleClaimAndProofTarget {
/// assigns the given values to the targets /// assigns the given values to the targets
#[allow(clippy::too_many_arguments)] #[allow(clippy::too_many_arguments)]
pub fn set_targets(&self, pw: &mut PartialWitness<F>, mp: &MerkleClaimAndProof) -> Result<()> { pub fn set_targets(
pw.set_bool_target(self.enabled, mp.enabled)?; &self,
pw: &mut PartialWitness<F>,
enabled: bool,
mp: &MerkleClaimAndProof,
) -> Result<()> {
pw.set_bool_target(self.enabled, enabled)?;
pw.set_hash_target(self.root, HashOut::from_vec(mp.root.0.to_vec()))?; pw.set_hash_target(self.root, HashOut::from_vec(mp.root.0.to_vec()))?;
pw.set_target_arr(&self.key.elements, &mp.key.0)?; pw.set_target_arr(&self.key.elements, &mp.key.0)?;
pw.set_target_arr(&self.value.elements, &mp.value.0)?; pw.set_target_arr(&self.value.elements, &mp.value.0)?;
pw.set_bool_target(self.existence, mp.proof.existence)?; pw.set_bool_target(self.existence, mp.proof.existence)?;
assert_eq!(mp.proof.siblings.len(), self.max_depth); // pad siblings with zeros to length max_depth
for (i, sibling) in mp.proof.siblings.iter().enumerate() { assert!(mp.proof.siblings.len() <= self.max_depth);
for (i, sibling) in mp
.proof
.siblings
.iter()
.chain(iter::repeat(&EMPTY_HASH))
.take(self.max_depth)
.enumerate()
{
pw.set_hash_target(self.siblings[i], HashOut::from_vec(sibling.0.to_vec()))?; pw.set_hash_target(self.siblings[i], HashOut::from_vec(sibling.0.to_vec()))?;
} }
@ -250,18 +263,29 @@ impl MerkleProofExistenceGadget {
impl MerkleProofExistenceTarget { impl MerkleProofExistenceTarget {
/// assigns the given values to the targets /// assigns the given values to the targets
pub fn set_targets(&self, pw: &mut PartialWitness<F>, mp: &MerkleClaimAndProof) -> Result<()> { pub fn set_targets(
&self,
pw: &mut PartialWitness<F>,
enabled: bool,
mp: &MerkleClaimAndProof,
) -> Result<()> {
assert!(mp.proof.existence); // sanity check assert!(mp.proof.existence); // sanity check
pw.set_bool_target(self.enabled, mp.enabled)?; pw.set_bool_target(self.enabled, enabled)?;
pw.set_hash_target(self.root, HashOut::from_vec(mp.root.0.to_vec()))?; pw.set_hash_target(self.root, HashOut::from_vec(mp.root.0.to_vec()))?;
pw.set_target_arr(&self.key.elements, &mp.key.0)?; pw.set_target_arr(&self.key.elements, &mp.key.0)?;
pw.set_target_arr(&self.value.elements, &mp.value.0)?; pw.set_target_arr(&self.value.elements, &mp.value.0)?;
// pad siblings with zeros to length max_depth // pad siblings with zeros to length max_depth
assert_eq!(mp.proof.siblings.len(), self.max_depth); assert!(mp.proof.siblings.len() <= self.max_depth);
for (i, sibling) in mp
for (i, sibling) in mp.proof.siblings.iter().enumerate() { .proof
.siblings
.iter()
.chain(iter::repeat(&EMPTY_HASH))
.take(self.max_depth)
.enumerate()
{
pw.set_hash_target(self.siblings[i], HashOut::from_vec(sibling.0.to_vec()))?; pw.set_hash_target(self.siblings[i], HashOut::from_vec(sibling.0.to_vec()))?;
} }
@ -515,7 +539,8 @@ pub mod tests {
let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?; let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?;
targets.set_targets( targets.set_targets(
&mut pw, &mut pw,
&MerkleClaimAndProof::new(max_depth, tree.root(), key, Some(value), &proof)?, true,
&MerkleClaimAndProof::new(tree.root(), key, Some(value), proof),
)?; )?;
// generate & verify proof // generate & verify proof
@ -560,7 +585,8 @@ pub mod tests {
let targets = MerkleProofExistenceGadget { max_depth }.eval(&mut builder)?; let targets = MerkleProofExistenceGadget { max_depth }.eval(&mut builder)?;
targets.set_targets( targets.set_targets(
&mut pw, &mut pw,
&MerkleClaimAndProof::new(max_depth, tree.root(), key, Some(value), &proof)?, true,
&MerkleClaimAndProof::new(tree.root(), key, Some(value), proof),
)?; )?;
// generate & verify proof // generate & verify proof
@ -634,7 +660,8 @@ pub mod tests {
let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?; let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?;
targets.set_targets( targets.set_targets(
&mut pw, &mut pw,
&MerkleClaimAndProof::new(max_depth, tree.root(), key, Some(value), &proof)?, true,
&MerkleClaimAndProof::new(tree.root(), key, Some(value), proof),
)?; )?;
// generate & verify proof // generate & verify proof
@ -677,8 +704,8 @@ pub mod tests {
let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?; let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?;
// verification enabled & proof of existence // verification enabled & proof of existence
let mut mp = MerkleClaimAndProof::new(max_depth, tree2.root(), key, Some(value), &proof)?; let mp = MerkleClaimAndProof::new(tree2.root(), key, Some(value), proof);
targets.set_targets(&mut pw, &mp)?; targets.set_targets(&mut pw, true, &mp)?;
// generate proof, expecting it to fail (since we're using the wrong // generate proof, expecting it to fail (since we're using the wrong
// root) // root)
@ -693,8 +720,7 @@ pub mod tests {
let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?; let targets = MerkleProofGadget { max_depth }.eval(&mut builder)?;
// verification disabled & proof of existence // verification disabled & proof of existence
mp.enabled = false; targets.set_targets(&mut pw, false, &mp)?;
targets.set_targets(&mut pw, &mp)?;
// generate proof, should pass despite using wrong witness, since the // generate proof, should pass despite using wrong witness, since the
// `enabled=false` // `enabled=false`

2
src/backends/plonky2/primitives/signature_circuit.rs
View file

@ -176,7 +176,7 @@ pub mod tests {
use crate::{backends::plonky2::primitives::signature::SecretKey, middleware::Hash}; use crate::{backends::plonky2::primitives::signature::SecretKey, middleware::Hash};
#[test] #[test]
fn test_signature_gadget() -> Result<()> { fn test_signature_gadget_enabled() -> Result<()> {
// generate a valid signature // generate a valid signature
let sk = SecretKey::new_rand(); let sk = SecretKey::new_rand();
let pk = sk.public_key(); let pk = sk.public_key();