Merge pull request #1193 from topos-protocol/observe_pv

Observe PublicValues
2026-01-02 22:03:07 +00:00 · 2023-08-19 09:27:40 -04:00 · 2023-08-19 09:27:40 -04:00 · c138f2d64f
commit c138f2d64f
parent d96c649169 68bb49671d
7 changed files with 127 additions and 5 deletions
--- a/evm/src/fixed_recursive_verifier.rs
+++ b/evm/src/fixed_recursive_verifier.rs
@ -33,6 +33,7 @@ use crate::cpu::cpu_stark::CpuStark;
 use crate::cpu::kernel::constants::global_metadata::GlobalMetadata;
 use crate::cross_table_lookup::{verify_cross_table_lookups_circuit, CrossTableLookup};
 use crate::generation::GenerationInputs;
+use crate::get_challenges::observe_public_values_target;
 use crate::keccak::keccak_stark::KeccakStark;
 use crate::keccak_sponge::keccak_sponge_stark::KeccakSpongeStark;
 use crate::logic::LogicStark;
@ -453,6 +454,9 @@ where
                challenger.observe_elements(h);
            }
        }
+
+        observe_public_values_target::<F, C, D>(&mut challenger, &public_values);
+
        let ctl_challenges = get_grand_product_challenge_set_target(
            &mut builder,
            &mut challenger,
--- a/evm/src/get_challenges.rs
+++ b/evm/src/get_challenges.rs
@ -1,3 +1,4 @@
+use ethereum_types::{BigEndianHash, H256, U256};
 use plonky2::field::extension::Extendable;
 use plonky2::fri::proof::{FriProof, FriProofTarget};
 use plonky2::hash::hash_types::RichField;
@ -12,6 +13,117 @@ use crate::permutation::{
    get_n_grand_product_challenge_sets_target,
 };
 use crate::proof::*;
+use crate::util::u256_limbs;
+
+fn observe_root<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>(
+    challenger: &mut Challenger<F, C::Hasher>,
+    root: H256,
+) {
+    for limb in root.into_uint().0.into_iter() {
+        challenger.observe_element(F::from_canonical_u32(limb as u32));
+        challenger.observe_element(F::from_canonical_u32((limb >> 32) as u32));
+    }
+}
+
+fn observe_trie_roots<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>(
+    challenger: &mut Challenger<F, C::Hasher>,
+    trie_roots: &TrieRoots,
+) {
+    observe_root::<F, C, D>(challenger, trie_roots.state_root);
+    observe_root::<F, C, D>(challenger, trie_roots.transactions_root);
+    observe_root::<F, C, D>(challenger, trie_roots.receipts_root);
+}
+
+fn observe_trie_roots_target<
+    F: RichField + Extendable<D>,
+    C: GenericConfig<D, F = F>,
+    const D: usize,
+>(
+    challenger: &mut RecursiveChallenger<F, C::Hasher, D>,
+    trie_roots: &TrieRootsTarget,
+) where
+    C::Hasher: AlgebraicHasher<F>,
+{
+    challenger.observe_elements(&trie_roots.state_root);
+    challenger.observe_elements(&trie_roots.transactions_root);
+    challenger.observe_elements(&trie_roots.receipts_root);
+}
+
+fn observe_block_metadata<
+    F: RichField + Extendable<D>,
+    C: GenericConfig<D, F = F>,
+    const D: usize,
+>(
+    challenger: &mut Challenger<F, C::Hasher>,
+    block_metadata: &BlockMetadata,
+) {
+    challenger.observe_elements(
+        &u256_limbs::<F>(U256::from_big_endian(&block_metadata.block_beneficiary.0))[..5],
+    );
+    challenger.observe_element(F::from_canonical_u32(
+        block_metadata.block_timestamp.as_u32(),
+    ));
+    challenger.observe_element(F::from_canonical_u32(block_metadata.block_number.as_u32()));
+    challenger.observe_element(F::from_canonical_u32(
+        block_metadata.block_difficulty.as_u32(),
+    ));
+    challenger.observe_element(F::from_canonical_u32(
+        block_metadata.block_gaslimit.as_u32(),
+    ));
+    challenger.observe_element(F::from_canonical_u32(
+        block_metadata.block_chain_id.as_u32(),
+    ));
+    challenger.observe_element(F::from_canonical_u32(
+        block_metadata.block_base_fee.as_u32(),
+    ));
+}
+
+fn observe_block_metadata_target<
+    F: RichField + Extendable<D>,
+    C: GenericConfig<D, F = F>,
+    const D: usize,
+>(
+    challenger: &mut RecursiveChallenger<F, C::Hasher, D>,
+    block_metadata: &BlockMetadataTarget,
+) where
+    C::Hasher: AlgebraicHasher<F>,
+{
+    challenger.observe_elements(&block_metadata.block_beneficiary);
+    challenger.observe_element(block_metadata.block_timestamp);
+    challenger.observe_element(block_metadata.block_number);
+    challenger.observe_element(block_metadata.block_difficulty);
+    challenger.observe_element(block_metadata.block_gaslimit);
+    challenger.observe_element(block_metadata.block_chain_id);
+    challenger.observe_element(block_metadata.block_base_fee);
+}
+
+pub(crate) fn observe_public_values<
+    F: RichField + Extendable<D>,
+    C: GenericConfig<D, F = F>,
+    const D: usize,
+>(
+    challenger: &mut Challenger<F, C::Hasher>,
+    public_values: &PublicValues,
+) {
+    observe_trie_roots::<F, C, D>(challenger, &public_values.trie_roots_before);
+    observe_trie_roots::<F, C, D>(challenger, &public_values.trie_roots_after);
+    observe_block_metadata::<F, C, D>(challenger, &public_values.block_metadata);
+}
+
+pub(crate) fn observe_public_values_target<
+    F: RichField + Extendable<D>,
+    C: GenericConfig<D, F = F>,
+    const D: usize,
+>(
+    challenger: &mut RecursiveChallenger<F, C::Hasher, D>,
+    public_values: &PublicValuesTarget,
+) where
+    C::Hasher: AlgebraicHasher<F>,
+{
+    observe_trie_roots_target::<F, C, D>(challenger, &public_values.trie_roots_before);
+    observe_trie_roots_target::<F, C, D>(challenger, &public_values.trie_roots_after);
+    observe_block_metadata_target::<F, C, D>(challenger, &public_values.block_metadata);
+}

 impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> AllProof<F, C, D> {
    /// Computes all Fiat-Shamir challenges used in the STARK proof.
@ -26,7 +138,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> A
            challenger.observe_cap(&proof.proof.trace_cap);
        }

-        // TODO: Observe public values.
+        observe_public_values::<F, C, D>(&mut challenger, &self.public_values);

        let ctl_challenges =
            get_grand_product_challenge_set(&mut challenger, config.num_challenges);
@ -60,7 +172,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> A
            challenger.observe_cap(&proof.proof.trace_cap);
        }

-        // TODO: Observe public values.
+        observe_public_values::<F, C, D>(&mut challenger, &self.public_values);

        let ctl_challenges =
            get_grand_product_challenge_set(&mut challenger, config.num_challenges);
--- a/evm/src/prover.rs
+++ b/evm/src/prover.rs
@ -28,6 +28,7 @@ use crate::cpu::kernel::aggregator::KERNEL;
 use crate::cross_table_lookup::{cross_table_lookup_data, CtlCheckVars, CtlData};
 use crate::generation::outputs::GenerationOutputs;
 use crate::generation::{generate_traces, GenerationInputs};
+use crate::get_challenges::observe_public_values;
 use crate::keccak::keccak_stark::KeccakStark;
 use crate::keccak_sponge::keccak_sponge_stark::KeccakSpongeStark;
 use crate::logic::LogicStark;
@ -145,6 +146,8 @@ where
        challenger.observe_cap(cap);
    }

+    observe_public_values::<F, C, D>(&mut challenger, &public_values);
+
    let ctl_challenges = get_grand_product_challenge_set(&mut challenger, config.num_challenges);
    let ctl_data_per_table = timed!(
        timing,
--- a/evm/src/recursive_verifier.rs
+++ b/evm/src/recursive_verifier.rs
@ -116,6 +116,9 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>
                challenger.observe_elements(h);
            }
        }
+
+        // TODO: Observe public values if the code isn't deprecated.
+
        let ctl_challenges =
            get_grand_product_challenge_set(&mut challenger, inner_config.num_challenges);
        // Check that the correct CTL challenges are used in every proof.
--- a/evm/tests/add11_yml.rs
+++ b/evm/tests/add11_yml.rs
@ -82,7 +82,7 @@ fn add11_yml() -> anyhow::Result<()> {
        block_timestamp: 0x03e8.into(),
        block_number: 1.into(),
        block_difficulty: 0x020000.into(),
-        block_gaslimit: 0xff112233445566u64.into(),
+        block_gaslimit: 0xff112233u32.into(),
        block_chain_id: 1.into(),
        block_base_fee: 0xa.into(),
    };
--- a/evm/tests/simple_transfer.rs
+++ b/evm/tests/simple_transfer.rs
@ -70,7 +70,7 @@ fn test_simple_transfer() -> anyhow::Result<()> {
        block_timestamp: 0x03e8.into(),
        block_number: 1.into(),
        block_difficulty: 0x020000.into(),
-        block_gaslimit: 0xff112233445566u64.into(),
+        block_gaslimit: 0xff112233u32.into(),
        block_chain_id: 1.into(),
        block_base_fee: 0xa.into(),
    };
--- a/plonky2/src/iop/challenger.rs
+++ b/plonky2/src/iop/challenger.rs
@ -191,7 +191,7 @@ impl<F: RichField + Extendable<D>, H: AlgebraicHasher<F>, const D: usize>
        }
    }

-    pub(crate) fn observe_element(&mut self, target: Target) {
+    pub fn observe_element(&mut self, target: Target) {
        // Any buffered outputs are now invalid, since they wouldn't reflect this input.
        self.output_buffer.clear();