plonky2/evm/src/generation/mpt.rs

use std::collections::HashMap;
use std::ops::Deref;

use eth_trie_utils::nibbles::Nibbles;
use eth_trie_utils::partial_trie::{HashedPartialTrie, PartialTrie};
use ethereum_types::{BigEndianHash, H256, U256};
use keccak_hash::keccak;
use rlp_derive::{RlpDecodable, RlpEncodable};

use crate::cpu::kernel::constants::trie_type::PartialTrieType;
use crate::generation::TrieInputs;
use crate::Node;

#[derive(RlpEncodable, RlpDecodable, Debug)]
pub struct AccountRlp {
    pub nonce: U256,
    pub balance: U256,
    pub storage_root: H256,
    pub code_hash: H256,
}

impl Default for AccountRlp {
    fn default() -> Self {
        Self {
            nonce: U256::zero(),
            balance: U256::zero(),
            storage_root: HashedPartialTrie::from(Node::Empty).hash(),
            code_hash: keccak([]),
        }
    }
}

pub(crate) fn all_mpt_prover_inputs_reversed(trie_inputs: &TrieInputs) -> Vec<U256> {
    let mut inputs = all_mpt_prover_inputs(trie_inputs);
    inputs.reverse();
    inputs
}

/// Generate prover inputs for the initial MPT data, in the format expected by `mpt/load.asm`.
pub(crate) fn all_mpt_prover_inputs(trie_inputs: &TrieInputs) -> Vec<U256> {
    let mut prover_inputs = vec![];

    let storage_tries_by_state_key = trie_inputs
        .storage_tries
        .iter()
        .map(|(address, storage_trie)| {
            let key = Nibbles::from_bytes_be(keccak(address).as_bytes()).unwrap();
            (key, storage_trie)
        })
        .collect();

    mpt_prover_inputs_state_trie(
        &trie_inputs.state_trie,
        empty_nibbles(),
        &mut prover_inputs,
        &storage_tries_by_state_key,
    );

    mpt_prover_inputs(&trie_inputs.transactions_trie, &mut prover_inputs, &|rlp| {
        rlp::decode_list(rlp)
    });

    mpt_prover_inputs(&trie_inputs.receipts_trie, &mut prover_inputs, &|_rlp| {
        // TODO: Decode receipt RLP.
        vec![]
    });

    prover_inputs
}

/// Given a trie, generate the prover input data for that trie. In essence, this serializes a trie
/// into a `U256` array, in a simple format which the kernel understands. For example, a leaf node
/// is serialized as `(TYPE_LEAF, key, value)`, where key is a `(nibbles, depth)` pair and `value`
/// is a variable-length structure which depends on which trie we're dealing with.
pub(crate) fn mpt_prover_inputs<F>(
    trie: &HashedPartialTrie,
    prover_inputs: &mut Vec<U256>,
    parse_value: &F,
) where
    F: Fn(&[u8]) -> Vec<U256>,
{
    prover_inputs.push((PartialTrieType::of(trie) as u32).into());

    match trie.deref() {
        Node::Empty => {}
        Node::Hash(h) => prover_inputs.push(U256::from_big_endian(h.as_bytes())),
        Node::Branch { children, value } => {
            if value.is_empty() {
                prover_inputs.push(U256::zero()); // value_present = 0
            } else {
                let parsed_value = parse_value(value);
                prover_inputs.push(U256::one()); // value_present = 1
                prover_inputs.extend(parsed_value);
            }
            for child in children {
                mpt_prover_inputs(child, prover_inputs, parse_value);
            }
        }
        Node::Extension { nibbles, child } => {
            prover_inputs.push(nibbles.count.into());
            prover_inputs.push(nibbles.packed);
            mpt_prover_inputs(child, prover_inputs, parse_value);
        }
        Node::Leaf { nibbles, value } => {
            prover_inputs.push(nibbles.count.into());
            prover_inputs.push(nibbles.packed);
            let leaf = parse_value(value);
            prover_inputs.extend(leaf);
        }
    }
}

/// Like `mpt_prover_inputs`, but for the state trie, which is a bit unique since each value
/// leads to a storage trie which we recursively traverse.
pub(crate) fn mpt_prover_inputs_state_trie(
    trie: &HashedPartialTrie,
    key: Nibbles,
    prover_inputs: &mut Vec<U256>,
    storage_tries_by_state_key: &HashMap<Nibbles, &HashedPartialTrie>,
) {
    prover_inputs.push((PartialTrieType::of(trie) as u32).into());
    match trie.deref() {
        Node::Empty => {}
        Node::Hash(h) => prover_inputs.push(U256::from_big_endian(h.as_bytes())),
        Node::Branch { children, value } => {
            assert!(value.is_empty(), "State trie should not have branch values");
            prover_inputs.push(U256::zero()); // value_present = 0

            for (i, child) in children.iter().enumerate() {
                let extended_key = key.merge_nibbles(&Nibbles {
                    count: 1,
                    packed: i.into(),
                });
                mpt_prover_inputs_state_trie(
                    child,
                    extended_key,
                    prover_inputs,
                    storage_tries_by_state_key,
                );
            }
        }
        Node::Extension { nibbles, child } => {
            prover_inputs.push(nibbles.count.into());
            prover_inputs.push(nibbles.packed);
            let extended_key = key.merge_nibbles(nibbles);
            mpt_prover_inputs_state_trie(
                child,
                extended_key,
                prover_inputs,
                storage_tries_by_state_key,
            );
        }
        Node::Leaf { nibbles, value } => {
            let account: AccountRlp = rlp::decode(value).expect("Decoding failed");
            let AccountRlp {
                nonce,
                balance,
                storage_root,
                code_hash,
            } = account;

            let storage_hash_only = HashedPartialTrie::new(Node::Hash(storage_root));
            let merged_key = key.merge_nibbles(nibbles);
            let storage_trie: &HashedPartialTrie = storage_tries_by_state_key
                .get(&merged_key)
                .copied()
                .unwrap_or(&storage_hash_only);

            assert_eq!(storage_trie.hash(), storage_root,
                       "In TrieInputs, an account's storage_root didn't match the associated storage trie hash");

            prover_inputs.push(nibbles.count.into());
            prover_inputs.push(nibbles.packed);
            prover_inputs.push(nonce);
            prover_inputs.push(balance);
            mpt_prover_inputs(storage_trie, prover_inputs, &parse_storage_value);
            prover_inputs.push(code_hash.into_uint());
        }
    }
}

fn parse_storage_value(value_rlp: &[u8]) -> Vec<U256> {
    let value: U256 = rlp::decode(value_rlp).expect("Decoding failed");
    vec![value]
}

fn empty_nibbles() -> Nibbles {
    Nibbles {
        count: 0,
        packed: U256::zero(),
    }
}
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`use std::collections::HashMap;`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`use std::ops::Deref;`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`use eth_trie_utils::nibbles::Nibbles;`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`use eth_trie_utils::partial_trie::{HashedPartialTrie, PartialTrie};`
RLP related fixes 2022-10-04 15:12:44 -07:00			`use ethereum_types::{BigEndianHash, H256, U256};`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`use keccak_hash::keccak;`
RLP related fixes 2022-10-04 15:12:44 -07:00			`use rlp_derive::{RlpDecodable, RlpEncodable};`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
			`use crate::cpu::kernel::constants::trie_type::PartialTrieType;`
More MPT logic 2022-09-22 20:09:48 -07:00			`use crate::generation::TrieInputs;`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`use crate::Node;`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
RLP related fixes 2022-10-04 15:12:44 -07:00			`#[derive(RlpEncodable, RlpDecodable, Debug)]`
Misc witness generation fixes 2022-12-03 21:09:57 -08:00			`pub struct AccountRlp {`
			`pub nonce: U256,`
			`pub balance: U256,`
			`pub storage_root: H256,`
			`pub code_hash: H256,`
RLP related fixes 2022-10-04 15:12:44 -07:00			`}`

Fixes to get test_simple_transfer working 2022-12-06 23:05:47 -08:00			`impl Default for AccountRlp {`
			`fn default() -> Self {`
			`Self {`
			`nonce: U256::zero(),`
			`balance: U256::zero(),`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`storage_root: HashedPartialTrie::from(Node::Empty).hash(),`
Fixes to get test_simple_transfer working 2022-12-06 23:05:47 -08:00			`code_hash: keccak([]),`
			`}`
			`}`
			`}`

More MPT logic 2022-09-22 20:09:48 -07:00			`pub(crate) fn all_mpt_prover_inputs_reversed(trie_inputs: &TrieInputs) -> Vec<U256> {`
			`let mut inputs = all_mpt_prover_inputs(trie_inputs);`
			`inputs.reverse();`
			`inputs`
			`}`

			/// Generate prover inputs for the initial MPT data, in the format expected by `mpt/load.asm`.
			`pub(crate) fn all_mpt_prover_inputs(trie_inputs: &TrieInputs) -> Vec<U256> {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`let mut prover_inputs = vec![];`

Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`let storage_tries_by_state_key = trie_inputs`
			`.storage_tries`
			`.iter()`
Fix logic and Keccak CTLs Lots of little bugs! - The Keccak sponge table's padding logic was wrong, it was mixing up the number of rows with the number of hashes. - The Keccak sponge table's Keccak-looking data was wrong - input to Keccak-f should be after xor'ing in the block. - The Keccak sponge table's logic-looking filter was wrong. We do 5 logic CTLs for any final-block row, even if some of the xors are with 0s from Keccak padding. - The CPU was using the wrong/outdated output memory channel for its Keccak sponge and logic CTLs. - The Keccak table just didn't have a way to filter out padding rows. I added a filter column for this. - The Keccak table wasn't remembering the original preimage of a permutation; lookers were seeing the preimage of the final step. I added columns for the original preimage. - `ctl_data_logic` was using the wrong memory channel - Kernel bootloading generation was using the wrong length for its Keccak sponge CTL, and its `keccak_sponge_log` was seeing the wrong clock since it was called after adding the final bootloading row. 2022-12-15 13:56:48 -08:00			`.map(\|(address, storage_trie)\| {`
			`let key = Nibbles::from_bytes_be(keccak(address).as_bytes()).unwrap();`
			`(key, storage_trie)`
			`})`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`.collect();`

			`mpt_prover_inputs_state_trie(`
			`&trie_inputs.state_trie,`
			`empty_nibbles(),`
			`&mut prover_inputs,`
			`&storage_tries_by_state_key,`
			`);`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
More MPT logic 2022-09-22 20:09:48 -07:00			`mpt_prover_inputs(&trie_inputs.transactions_trie, &mut prover_inputs, &\|rlp\| {`
			`rlp::decode_list(rlp)`
			`});`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
More MPT logic 2022-09-22 20:09:48 -07:00			`mpt_prover_inputs(&trie_inputs.receipts_trie, &mut prover_inputs, &\|_rlp\| {`
			`// TODO: Decode receipt RLP.`
			`vec![]`
			`});`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00
			`prover_inputs`
			`}`

			`/// Given a trie, generate the prover input data for that trie. In essence, this serializes a trie`
			/// into a `U256` array, in a simple format which the kernel understands. For example, a leaf node
			/// is serialized as `(TYPE_LEAF, key, value)`, where key is a `(nibbles, depth)` pair and `value`
			`/// is a variable-length structure which depends on which trie we're dealing with.`
			`pub(crate) fn mpt_prover_inputs<F>(`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`trie: &HashedPartialTrie,`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`prover_inputs: &mut Vec<U256>,`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`parse_value: &F,`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`) where`
			`F: Fn(&[u8]) -> Vec<U256>,`
			`{`
			`prover_inputs.push((PartialTrieType::of(trie) as u32).into());`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00
			`match trie.deref() {`
			`Node::Empty => {}`
			`Node::Hash(h) => prover_inputs.push(U256::from_big_endian(h.as_bytes())),`
			`Node::Branch { children, value } => {`
MPT fixes 2022-10-06 16:05:28 -07:00			`if value.is_empty() {`
MPT storage logic 2022-10-17 11:31:08 -07:00			`prover_inputs.push(U256::zero()); // value_present = 0`
MPT fixes 2022-10-06 16:05:28 -07:00			`} else {`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`let parsed_value = parse_value(value);`
MPT storage logic 2022-10-17 11:31:08 -07:00			`prover_inputs.push(U256::one()); // value_present = 1`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`prover_inputs.extend(parsed_value);`
MPT fixes 2022-10-06 16:05:28 -07:00			`}`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`for child in children {`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`mpt_prover_inputs(child, prover_inputs, parse_value);`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`}`
			`}`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`Node::Extension { nibbles, child } => {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`prover_inputs.push(nibbles.count.into());`
			`prover_inputs.push(nibbles.packed);`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`mpt_prover_inputs(child, prover_inputs, parse_value);`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`}`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`Node::Leaf { nibbles, value } => {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`prover_inputs.push(nibbles.count.into());`
			`prover_inputs.push(nibbles.packed);`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`let leaf = parse_value(value);`
More MPT logic 2022-09-22 20:09:48 -07:00			`prover_inputs.extend(leaf);`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`}`
			`}`
			`}`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00
			/// Like `mpt_prover_inputs`, but for the state trie, which is a bit unique since each value
			`/// leads to a storage trie which we recursively traverse.`
			`pub(crate) fn mpt_prover_inputs_state_trie(`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`trie: &HashedPartialTrie,`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`key: Nibbles,`
			`prover_inputs: &mut Vec<U256>,`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`storage_tries_by_state_key: &HashMap<Nibbles, &HashedPartialTrie>,`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`) {`
			`prover_inputs.push((PartialTrieType::of(trie) as u32).into());`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`match trie.deref() {`
			`Node::Empty => {}`
			`Node::Hash(h) => prover_inputs.push(U256::from_big_endian(h.as_bytes())),`
			`Node::Branch { children, value } => {`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`assert!(value.is_empty(), "State trie should not have branch values");`
MPT storage logic 2022-10-17 11:31:08 -07:00			`prover_inputs.push(U256::zero()); // value_present = 0`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00
			`for (i, child) in children.iter().enumerate() {`
Bumped `eth_trie_utils` to `0.3.1` 2022-10-24 16:23:03 -06:00			`let extended_key = key.merge_nibbles(&Nibbles {`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`count: 1,`
			`packed: i.into(),`
			`});`
			`mpt_prover_inputs_state_trie(`
			`child,`
			`extended_key,`
			`prover_inputs,`
			`storage_tries_by_state_key,`
			`);`
			`}`
			`}`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`Node::Extension { nibbles, child } => {`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`prover_inputs.push(nibbles.count.into());`
			`prover_inputs.push(nibbles.packed);`
Bumped `eth_trie_utils` to `0.3.1` 2022-10-24 16:23:03 -06:00			`let extended_key = key.merge_nibbles(nibbles);`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`mpt_prover_inputs_state_trie(`
			`child,`
			`extended_key,`
			`prover_inputs,`
			`storage_tries_by_state_key,`
			`);`
			`}`
Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`Node::Leaf { nibbles, value } => {`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`let account: AccountRlp = rlp::decode(value).expect("Decoding failed");`
			`let AccountRlp {`
			`nonce,`
			`balance,`
			`storage_root,`
			`code_hash,`
			`} = account;`

Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`let storage_hash_only = HashedPartialTrie::new(Node::Hash(storage_root));`
Fix code that looks for an account's storage trie 2023-02-27 17:34:12 -08:00			`let merged_key = key.merge_nibbles(nibbles);`
Removed a type alias - Was conflicting with the trait `PartialTrie` and also making the types harder to follow. 2023-03-28 14:38:58 -06:00			`let storage_trie: &HashedPartialTrie = storage_tries_by_state_key`
Fix code that looks for an account's storage trie 2023-02-27 17:34:12 -08:00			`.get(&merged_key)`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`.copied()`
			`.unwrap_or(&storage_hash_only);`

Bumped `eth_trie_utils` to `0.5.0` 2023-03-27 17:30:11 -06:00			`assert_eq!(storage_trie.hash(), storage_root,`
Treat storage tries as sub-tries of the state trie I.e. have leaves in the state trie point to the root of a storage trie 2022-10-16 10:11:45 -07:00			`"In TrieInputs, an account's storage_root didn't match the associated storage trie hash");`

			`prover_inputs.push(nibbles.count.into());`
			`prover_inputs.push(nibbles.packed);`
			`prover_inputs.push(nonce);`
			`prover_inputs.push(balance);`
			`mpt_prover_inputs(storage_trie, prover_inputs, &parse_storage_value);`
			`prover_inputs.push(code_hash.into_uint());`
			`}`
			`}`
			`}`

			`fn parse_storage_value(value_rlp: &[u8]) -> Vec<U256> {`
			`let value: U256 = rlp::decode(value_rlp).expect("Decoding failed");`
			`vec![value]`
			`}`

			`fn empty_nibbles() -> Nibbles {`
			`Nibbles {`
			`count: 0,`
			`packed: U256::zero(),`
			`}`
			`}`