Add blobVersionedHash to the preimage of challengeDigest (#1211)

* add blobVersionedHash to the preimage of challenge digest

* (doc): aggregator/src/blob.rs

Co-authored-by: z2trillion <[email protected]>

* (doc): aggregator/src/aggregation/rlc/gates.rs

* (doc): aggregator/src/blob.rs

---------

Co-authored-by: z2trillion <[email protected]>

Author: roynalnaruto

aggregator/src/aggregation/barycentric.rs

@@ -349,21 +349,9 @@ pub fn interpolate(z: Scalar, coefficients: &[Scalar; BLOB_WIDTH]) -> Scalar {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::blob::BlobData;
-    use c_kzg::{Blob as RethBlob, KzgProof, KzgSettings};
-    use once_cell::sync::Lazy;
-    use std::{collections::BTreeSet, sync::Arc};
-
-    /// KZG trusted setup
-    pub static MAINNET_KZG_TRUSTED_SETUP: Lazy<Arc<KzgSettings>> = Lazy::new(|| {
-        Arc::new(
-            c_kzg::KzgSettings::load_trusted_setup(
-                &revm_primitives::kzg::G1_POINTS.0,
-                &revm_primitives::kzg::G2_POINTS.0,
-            )
-            .expect("failed to load trusted setup"),
-        )
-    });
+    use crate::blob::{BlobData, KZG_TRUSTED_SETUP};
+    use c_kzg::{Blob as RethBlob, KzgProof};
+    use std::collections::BTreeSet;
 
     #[test]
     fn log_blob_width() {
@@ -425,8 +413,7 @@ mod tests {
         )
         .unwrap();
         let (_proof, y) =
-            KzgProof::compute_kzg_proof(&blob, &to_be_bytes(z).into(), &MAINNET_KZG_TRUSTED_SETUP)
-                .unwrap();
+            KzgProof::compute_kzg_proof(&blob, &to_be_bytes(z).into(), &KZG_TRUSTED_SETUP).unwrap();
         from_canonical_be_bytes(*y)
     }
 

aggregator/src/aggregation/blob_data.rs

@@ -59,7 +59,7 @@ pub struct BlobDataConfig {
 
 pub struct AssignedBlobDataExport {
     pub num_valid_chunks: AssignedCell<Fr, Fr>,
-    pub challenge_digest: Vec<AssignedCell<Fr, Fr>>,
+    pub versioned_hash: Vec<AssignedCell<Fr, Fr>>,
     pub chunk_data_digests: Vec<Vec<AssignedCell<Fr, Fr>>>,
 }
 
@@ -304,7 +304,8 @@ impl BlobDataConfig {
 
                 // - metadata_digest: 32 bytes
                 // - chunk[i].chunk_data_digest: 32 bytes each
-                let preimage_len = 32.expr() * (MAX_AGG_SNARKS + 1).expr();
+                // - versioned_hash: 32 bytes
+                let preimage_len = 32.expr() * (MAX_AGG_SNARKS + 1 + 1).expr();
 
                 [
                     1.expr(),                                                // q_enable
@@ -733,6 +734,7 @@ impl BlobDataConfig {
 
                 let challenge_digest_preimage_rlc_specified = &rows.last().unwrap().preimage_rlc;
                 let challenge_digest_rlc_specified = &rows.last().unwrap().digest_rlc;
+                let versioned_hash_rlc = &rows.get(N_ROWS_DIGEST_RLC - 2).unwrap().digest_rlc;
 
                 // ensure that on the last row of this section the is_boundary is turned on
                 // which would enable the keccak table lookup for challenge_digest
@@ -810,6 +812,7 @@ impl BlobDataConfig {
                     .collect::<Vec<_>>();
                 for (i, digest_rlc_specified) in std::iter::once(metadata_digest_rlc_specified)
                     .chain(chunk_digest_evm_rlcs)
+                    .chain(std::iter::once(versioned_hash_rlc))
                     .chain(std::iter::once(challenge_digest_rlc_specified))
                     .enumerate()
                 {
@@ -833,7 +836,7 @@ impl BlobDataConfig {
 
                     // compute the keccak input RLC:
                     // we do this only for the metadata and chunks, not for the blob row itself.
-                    if i < MAX_AGG_SNARKS + 1 {
+                    if i < MAX_AGG_SNARKS + 1 + 1 {
                         let digest_keccak_rlc = rlc_config.rlc(
                             &mut region,
                             &digest_bytes,
@@ -880,13 +883,21 @@ impl BlobDataConfig {
                 for chunk in chunk_data_digests_bytes.chunks_exact(N_BYTES_U256) {
                     chunk_data_digests.push(chunk.to_vec());
                 }
+                let challenge_digest = assigned_rows
+                    .iter()
+                    .rev()
+                    .take(N_BYTES_U256)
+                    .map(|row| row.byte.clone())
+                    .collect::<Vec<AssignedCell<Fr, Fr>>>();
                 let export = AssignedBlobDataExport {
                     num_valid_chunks,
-                    challenge_digest: assigned_rows
+                    versioned_hash: assigned_rows
                         .iter()
                         .rev()
+                        .skip(N_BYTES_U256)
                         .take(N_BYTES_U256)
                         .map(|row| row.byte.clone())
+                        .rev()
                         .collect(),
                     chunk_data_digests,
                 };
@@ -906,19 +917,19 @@ impl BlobDataConfig {
 
                 let challenge_digest_limb1 = rlc_config.inner_product(
                     &mut region,
-                    &export.challenge_digest[0..11],
+                    &challenge_digest[0..11],
                     &pows_of_256,
                     &mut rlc_config_offset,
                 )?;
                 let challenge_digest_limb2 = rlc_config.inner_product(
                     &mut region,
-                    &export.challenge_digest[11..22],
+                    &challenge_digest[11..22],
                     &pows_of_256,
                     &mut rlc_config_offset,
                 )?;
                 let challenge_digest_limb3 = rlc_config.inner_product(
                     &mut region,
-                    &export.challenge_digest[22..32],
+                    &challenge_digest[22..32],
                     &pows_of_256[0..10],
                     &mut rlc_config_offset,
                 )?;

aggregator/src/aggregation/circuit.rs

@@ -479,6 +479,14 @@ impl Circuit<Fr> for AggregationCircuit {
                         region.constrain_equal(c.cell(), ec.cell())?;
                     }
 
+                    for (c, ec) in blob_data_exports
+                        .versioned_hash
+                        .iter()
+                        .zip_eq(assigned_batch_hash.blob.versioned_hash.iter())
+                    {
+                        region.constrain_equal(c.cell(), ec.cell())?;
+                    }
+
                     Ok(())
                 },
             )?;

aggregator/src/aggregation/rlc/gates.rs

@@ -13,8 +13,8 @@ use super::RlcConfig;
 
 const FIXED_OFFSET_32: usize = MAX_AGG_SNARKS + 1;
 const FIXED_OFFSET_168: usize = FIXED_OFFSET_32 + 1;
-const FIXED_OFFSET_200: usize = FIXED_OFFSET_168 + 1;
-const FIXED_OFFSET_2_POW_32: usize = FIXED_OFFSET_200 + 1;
+const FIXED_OFFSET_232: usize = FIXED_OFFSET_168 + 1;
+const FIXED_OFFSET_2_POW_32: usize = FIXED_OFFSET_232 + 1;
 const FIXED_OFFSET_256: usize = FIXED_OFFSET_2_POW_32 + 1;
 const FIXED_OFFSET_EMPTY_KECCAK: usize = FIXED_OFFSET_256 + POWS_OF_256;
 
@@ -33,7 +33,7 @@ impl RlcConfig {
     /// | MAX_AGG_SNARKS         | MAX_AGG_SNARKS       |
     /// | MAX_AGG_SNARKS + 1     | 32                   |
     /// | MAX_AGG_SNARKS + 2     | 168                  |
-    /// | MAX_AGG_SNARKS + 3     | 200                  |
+    /// | MAX_AGG_SNARKS + 3     | 232                  |
     /// | MAX_AGG_SNARKS + 4     | 2 ^ 32               |
     /// | MAX_AGG_SNARKS + 5     | 256                  |
     /// | MAX_AGG_SNARKS + 6     | 256 ^ 2              |
@@ -60,8 +60,8 @@ impl RlcConfig {
         }
         assert_eq!(offset, FIXED_OFFSET_32);
 
-        // [32, 168, 200, 1 << 32]
-        for const_val in [32, 168, 200, 1 << 32] {
+        // [32, 168, 232, 1 << 32]
+        for const_val in [32, 168, 232, 1 << 32] {
             region.assign_fixed(
                 || format!("const at offset={offset}"),
                 self.fixed,
@@ -189,10 +189,10 @@ impl RlcConfig {
     }
 
     #[inline]
-    pub(crate) fn two_hundred_cell(&self, region_index: RegionIndex) -> Cell {
+    pub(crate) fn two_hundred_and_thirty_two_cell(&self, region_index: RegionIndex) -> Cell {
         Cell {
             region_index,
-            row_offset: FIXED_OFFSET_200,
+            row_offset: FIXED_OFFSET_232,
             column: self.fixed.into(),
         }
     }

aggregator/src/batch.rs

@@ -1,7 +1,7 @@
 //! This module implements related functions that aggregates public inputs of many chunks into a
 //! single one.
 
-use eth_types::{Field, ToBigEndian, H256, U256};
+use eth_types::{Field, ToBigEndian, H256};
 use ethers_core::utils::keccak256;
 
 use crate::{
@@ -34,7 +34,10 @@ pub struct BatchHash {
     pub(crate) public_input_hash: H256,
     /// The number of chunks that contain meaningful data, i.e. not padded chunks.
     pub(crate) number_of_valid_chunks: usize,
+    /// 4844-Blob related fields.
     pub(crate) blob: BlobAssignments,
+    /// The 4844 versioned hash for the blob.
+    pub(crate) versioned_hash: H256,
 }
 
 impl BatchHash {
@@ -117,6 +120,7 @@ impl BatchHash {
 
         let blob_data = BlobData::new(number_of_valid_chunks, chunks_with_padding);
         let blob_assignments = BlobAssignments::from(&blob_data);
+        let versioned_hash = blob_data.get_versioned_hash();
 
         // public input hash is build as
         // keccak(
@@ -126,7 +130,8 @@ impl BatchHash {
         //     chunk[k-1].withdraw_root ||
         //     batch_data_hash ||
         //     z ||
-        //     y
+        //     y ||
+        //     versioned_hash
         // )
         let preimage = [
             chunks_with_padding[0].chain_id.to_be_bytes().as_ref(),
@@ -140,6 +145,7 @@ impl BatchHash {
             batch_data_hash.as_slice(),
             blob_assignments.challenge.to_be_bytes().as_ref(),
             blob_assignments.evaluation.to_be_bytes().as_ref(),
+            versioned_hash.as_bytes(),
         ]
         .concat();
         let public_input_hash: H256 = keccak256(preimage).into();
@@ -155,9 +161,10 @@ impl BatchHash {
             chain_id: chunks_with_padding[0].chain_id,
             chunks_with_padding: chunks_with_padding.to_vec(),
             data_hash: batch_data_hash.into(),
-            blob: blob_assignments,
             public_input_hash,
             number_of_valid_chunks,
+            blob: blob_assignments,
+            versioned_hash,
         }
     }
 
@@ -187,15 +194,9 @@ impl BatchHash {
         //      chunk[k-1].withdraw_root ||
         //      batch_data_hash ||
         //      z ||
-        //      y )
-        // TODO: make BLS_MODULUS into a static variable using lazy_static!()
-        let (_, z) = self.blob.challenge_digest.div_mod(
-            U256::from_str_radix(
-                "0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001",
-                16,
-            )
-            .unwrap(),
-        );
+        //      y ||
+        //      blob_versioned_hash
+        //  )
         let batch_public_input_hash_preimage = [
             self.chain_id.to_be_bytes().as_ref(),
             self.chunks_with_padding[0].prev_state_root.as_bytes(),
@@ -206,8 +207,9 @@ impl BatchHash {
                 .withdraw_root
                 .as_bytes(),
             self.data_hash.as_bytes(),
-            &z.to_be_bytes(),
+            &self.blob.challenge.to_be_bytes(),
             &self.blob.evaluation.to_be_bytes(),
+            self.versioned_hash.as_bytes(),
         ]
         .concat();
         res.push(batch_public_input_hash_preimage);