|
|
// Package common contains all the common data structures used at the
// hermez-node, zk.go contains the zkSnark inputs used to generate the proof
//nolint:deadcode,structcheck,unused
package common
import ( "encoding/json" "math/big"
"github.com/hermeznetwork/hermez-node/log" "github.com/mitchellh/mapstructure")
// circuit parameters
// absolute maximum of L1 or L2 transactions allowed
type nTx uint32
// merkle tree depth
type nLevels uint32
// absolute maximum of L1 transaction allowed
type maxL1Tx uint32
//absolute maximum of fee transactions allowed
type maxFeeTx uint32
// ZKInputs represents the inputs that will be used to generate the zkSNARK proof
type ZKInputs struct { //
// General
//
// inputs for final `hashGlobalInputs`
// OldLastIdx is the last index assigned to an account
OldLastIdx *big.Int `json:"oldLastIdx"` // uint64 (max nLevels bits)
// OldStateRoot is the current state merkle tree root
OldStateRoot *big.Int `json:"oldStateRoot"` // Hash
// GlobalChainID is the blockchain ID (0 for Ethereum mainnet). This value can be get from the smart contract.
GlobalChainID *big.Int `json:"globalChainID"` // uint16
// FeeIdxs is an array of merkle tree indexes where the coordinator will receive the accumulated fees
FeeIdxs []*big.Int `json:"feeIdxs"` // uint64 (max nLevels bits), len: [maxFeeTx]
// accumulate fees
// FeePlanTokens contains all the tokenIDs for which the fees are being accumulated
FeePlanTokens []*big.Int `json:"feePlanTokens"` // uint32 (max 32 bits), len: [maxFeeTx]
//
// Txs (L1&L2)
//
// transaction L1-L2
// TxCompressedData
TxCompressedData []*big.Int `json:"txCompressedData"` // big.Int (max 251 bits), len: [nTx]
// TxCompressedDataV2, only used in L2Txs, in L1Txs is set to 0
TxCompressedDataV2 []*big.Int `json:"txCompressedDataV2"` // big.Int (max 193 bits), len: [nTx]
// FromIdx
FromIdx []*big.Int `json:"fromIdx"` // uint64 (max nLevels bits), len: [nTx]
// AuxFromIdx is the Idx of the new created account which is consequence of a L1CreateAccountTx
AuxFromIdx []*big.Int `json:"auxFromIdx"` // uint64 (max nLevels bits), len: [nTx]
// ToIdx
ToIdx []*big.Int `json:"toIdx"` // uint64 (max nLevels bits), len: [nTx]
// AuxToIdx is the Idx of the Tx that has 'toIdx==0', is the coordinator who will find which Idx corresponds to the 'toBJJAy' or 'toEthAddr'
AuxToIdx []*big.Int `json:"auxToIdx"` // uint64 (max nLevels bits), len: [nTx]
// ToBJJAy
ToBJJAy []*big.Int `json:"toBjjAy"` // big.Int, len: [nTx]
// ToEthAddr
ToEthAddr []*big.Int `json:"toEthAddr"` // ethCommon.Address, len: [nTx]
// OnChain determines if is L1 (1/true) or L2 (0/false)
OnChain []*big.Int `json:"onChain"` // bool, len: [nTx]
//
// Txs/L1Txs
//
// NewAccount boolean (0/1) flag set 'true' when L1 tx creates a new account (fromIdx==0)
NewAccount []*big.Int `json:"newAccount"` // bool, len: [nTx]
// LoadAmountF encoded as float16
LoadAmountF []*big.Int `json:"loadAmountF"` // uint16, len: [nTx]
// FromEthAddr
FromEthAddr []*big.Int `json:"fromEthAddr"` // ethCommon.Address, len: [nTx]
// FromBJJCompressed boolean encoded where each value is a *big.Int
FromBJJCompressed [][256]*big.Int `json:"fromBjjCompressed"` // bool array, len: [nTx][256]
//
// Txs/L2Txs
//
// RqOffset relative transaction position to be linked. Used to perform atomic transactions.
RqOffset []*big.Int `json:"rqOffset"` // uint8 (max 3 bits), len: [nTx]
// transaction L2 request data
// RqTxCompressedDataV2
RqTxCompressedDataV2 []*big.Int `json:"rqTxCompressedDataV2"` // big.Int (max 251 bits), len: [nTx]
// RqToEthAddr
RqToEthAddr []*big.Int `json:"rqToEthAddr"` // ethCommon.Address, len: [nTx]
// RqToBJJAy
RqToBJJAy []*big.Int `json:"rqToBjjAy"` // big.Int, len: [nTx]
// transaction L2 signature
// S
S []*big.Int `json:"s"` // big.Int, len: [nTx]
// R8x
R8x []*big.Int `json:"r8x"` // big.Int, len: [nTx]
// R8y
R8y []*big.Int `json:"r8y"` // big.Int, len: [nTx]
//
// State MerkleTree Leafs transitions
//
// state 1, value of the sender (from) account leaf
TokenID1 []*big.Int `json:"tokenID1"` // uint32, len: [nTx]
Nonce1 []*big.Int `json:"nonce1"` // uint64 (max 40 bits), len: [nTx]
Sign1 []*big.Int `json:"sign1"` // bool, len: [nTx]
Ay1 []*big.Int `json:"ay1"` // big.Int, len: [nTx]
Balance1 []*big.Int `json:"balance1"` // big.Int (max 192 bits), len: [nTx]
EthAddr1 []*big.Int `json:"ethAddr1"` // ethCommon.Address, len: [nTx]
Siblings1 [][]*big.Int `json:"siblings1"` // big.Int, len: [nTx][nLevels + 1]
// Required for inserts and deletes, values of the CircomProcessorProof (smt insert proof)
IsOld0_1 []*big.Int `json:"isOld0_1"` // bool, len: [nTx]
OldKey1 []*big.Int `json:"oldKey1"` // uint64 (max 40 bits), len: [nTx]
OldValue1 []*big.Int `json:"oldValue1"` // Hash, len: [nTx]
// state 2, value of the receiver (to) account leaf
// if Tx is an Exit, state 2 is used for the Exit Merkle Proof
TokenID2 []*big.Int `json:"tokenID2"` // uint32, len: [nTx]
Nonce2 []*big.Int `json:"nonce2"` // uint64 (max 40 bits), len: [nTx]
Sign2 []*big.Int `json:"sign2"` // bool, len: [nTx]
Ay2 []*big.Int `json:"ay2"` // big.Int, len: [nTx]
Balance2 []*big.Int `json:"balance2"` // big.Int (max 192 bits), len: [nTx]
EthAddr2 []*big.Int `json:"ethAddr2"` // ethCommon.Address, len: [nTx]
Siblings2 [][]*big.Int `json:"siblings2"` // big.Int, len: [nTx][nLevels + 1]
// newExit determines if an exit transaction has to create a new leaf in the exit tree
NewExit []*big.Int `json:"newExit"` // bool, len: [nTx]
// Required for inserts and deletes, values of the CircomProcessorProof (smt insert proof)
IsOld0_2 []*big.Int `json:"isOld0_2"` // bool, len: [nTx]
OldKey2 []*big.Int `json:"oldKey2"` // uint64 (max 40 bits), len: [nTx]
OldValue2 []*big.Int `json:"oldValue2"` // Hash, len: [nTx]
// state 3, value of the account leaf receiver of the Fees
// fee tx
// State fees
TokenID3 []*big.Int `json:"tokenID3"` // uint32, len: [maxFeeTx]
Nonce3 []*big.Int `json:"nonce3"` // uint64 (max 40 bits), len: [maxFeeTx]
Sign3 []*big.Int `json:"sign3"` // bool, len: [maxFeeTx]
Ay3 []*big.Int `json:"ay3"` // big.Int, len: [maxFeeTx]
Balance3 []*big.Int `json:"balance3"` // big.Int (max 192 bits), len: [maxFeeTx]
EthAddr3 []*big.Int `json:"ethAddr3"` // ethCommon.Address, len: [maxFeeTx]
Siblings3 [][]*big.Int `json:"siblings3"` // Hash, len: [maxFeeTx][nLevels + 1]
//
// Intermediate States
//
// Intermediate States to parallelize witness computation
// Note: the Intermediate States (IS) of the last transaction does not
// exist. Meaning that transaction 3 (4th) will fill the parameters
// FromIdx[3] and ISOnChain[3], but last transaction (nTx-1) will fill
// FromIdx[nTx-1] but will not fill ISOnChain. That's why IS have
// length of nTx-1, while the other parameters have length of nTx.
// Last transaction does not need intermediate state since its output
// will not be used.
// decode-tx
// ISOnChain indicates if tx is L1 (true) or L2 (false)
ISOnChain []*big.Int `json:"imOnChain"` // bool, len: [nTx - 1]
// ISOutIdx current index account for each Tx
ISOutIdx []*big.Int `json:"imOutIdx"` // uint64 (max nLevels bits), len: [nTx - 1]
// rollup-tx
// ISStateRoot root at the moment of the Tx, the state root value once the Tx is processed into the state tree
ISStateRoot []*big.Int `json:"imStateRoot"` // Hash, len: [nTx - 1]
// ISExitTree root at the moment of the Tx the value once the Tx is processed into the exit tree
ISExitRoot []*big.Int `json:"imExitRoot"` // Hash, len: [nTx - 1]
// ISAccFeeOut accumulated fees once the Tx is processed
ISAccFeeOut [][]*big.Int `json:"imAccFeeOut"` // big.Int, len: [nTx - 1][maxFeeTx]
// fee-tx
// ISStateRootFee root at the moment of the Tx, the state root value once the Tx is processed into the state tree
ISStateRootFee []*big.Int `json:"imStateRootFee"` // Hash, len: [maxFeeTx - 1]
// ISInitStateRootFee state root once all L1-L2 tx are processed (before computing the fees-tx)
ISInitStateRootFee *big.Int `json:"imInitStateRootFee"` // Hash
// ISFinalAccFee final accumulated fees (before computing the fees-tx)
ISFinalAccFee []*big.Int `json:"imFinalAccFee"` // big.Int, len: [maxFeeTx - 1]
}
func bigIntsToStrings(v interface{}) interface{} { switch c := v.(type) { case *big.Int: return c.String() case []*big.Int: r := make([]interface{}, len(c)) for i := range c { r[i] = bigIntsToStrings(c[i]) } return r case [256]*big.Int: r := make([]interface{}, len(c)) for i := range c { r[i] = bigIntsToStrings(c[i]) } return r case [][]*big.Int: r := make([]interface{}, len(c)) for i := range c { r[i] = bigIntsToStrings(c[i]) } return r case [][256]*big.Int: r := make([]interface{}, len(c)) for i := range c { r[i] = bigIntsToStrings(c[i]) } return r default: log.Warnf("bigIntsToStrings unexpected type: %T\n", v) } return nil}
// MarshalJSON implements the json marshaler for ZKInputs
func (z ZKInputs) MarshalJSON() ([]byte, error) { var m map[string]interface{} dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ TagName: "json", Result: &m, }) if err != nil { return nil, err } err = dec.Decode(z) if err != nil { return nil, err }
for k, v := range m { m[k] = bigIntsToStrings(v) } return json.Marshal(m)}
// NewZKInputs returns a pointer to an initialized struct of ZKInputs
func NewZKInputs(nTx, maxFeeTx, nLevels int) *ZKInputs { zki := &ZKInputs{}
// General
zki.OldLastIdx = big.NewInt(0) zki.OldStateRoot = big.NewInt(0) zki.GlobalChainID = big.NewInt(0) zki.FeeIdxs = newSlice(maxFeeTx) zki.FeePlanTokens = newSlice(maxFeeTx)
// Txs
zki.TxCompressedData = newSlice(nTx) zki.TxCompressedDataV2 = newSlice(nTx) zki.FromIdx = newSlice(nTx) zki.AuxFromIdx = newSlice(nTx) zki.ToIdx = newSlice(nTx) zki.AuxToIdx = newSlice(nTx) zki.ToBJJAy = newSlice(nTx) zki.ToEthAddr = newSlice(nTx) zki.OnChain = newSlice(nTx) zki.NewAccount = newSlice(nTx)
// L1
zki.LoadAmountF = newSlice(nTx) zki.FromEthAddr = newSlice(nTx) zki.FromBJJCompressed = make([][256]*big.Int, nTx) for i := 0; i < len(zki.FromBJJCompressed); i++ { // zki.FromBJJCompressed[i] = newSlice(256)
for j := 0; j < 256; j++ { zki.FromBJJCompressed[i][j] = big.NewInt(0) } }
// L2
zki.RqOffset = newSlice(nTx) zki.RqTxCompressedDataV2 = newSlice(nTx) zki.RqToEthAddr = newSlice(nTx) zki.RqToBJJAy = newSlice(nTx) zki.S = newSlice(nTx) zki.R8x = newSlice(nTx) zki.R8y = newSlice(nTx)
// State MerkleTree Leafs transitions
zki.TokenID1 = newSlice(nTx) zki.Nonce1 = newSlice(nTx) zki.Sign1 = newSlice(nTx) zki.Ay1 = newSlice(nTx) zki.Balance1 = newSlice(nTx) zki.EthAddr1 = newSlice(nTx) zki.Siblings1 = make([][]*big.Int, nTx) for i := 0; i < len(zki.Siblings1); i++ { zki.Siblings1[i] = newSlice(nLevels + 1) } zki.IsOld0_1 = newSlice(nTx) zki.OldKey1 = newSlice(nTx) zki.OldValue1 = newSlice(nTx)
zki.TokenID2 = newSlice(nTx) zki.Nonce2 = newSlice(nTx) zki.Sign2 = newSlice(nTx) zki.Ay2 = newSlice(nTx) zki.Balance2 = newSlice(nTx) zki.EthAddr2 = newSlice(nTx) zki.Siblings2 = make([][]*big.Int, nTx) for i := 0; i < len(zki.Siblings2); i++ { zki.Siblings2[i] = newSlice(nLevels + 1) } zki.NewExit = newSlice(nTx) zki.IsOld0_2 = newSlice(nTx) zki.OldKey2 = newSlice(nTx) zki.OldValue2 = newSlice(nTx)
zki.TokenID3 = newSlice(maxFeeTx) zki.Nonce3 = newSlice(maxFeeTx) zki.Sign3 = newSlice(maxFeeTx) zki.Ay3 = newSlice(maxFeeTx) zki.Balance3 = newSlice(maxFeeTx) zki.EthAddr3 = newSlice(maxFeeTx) zki.Siblings3 = make([][]*big.Int, maxFeeTx) for i := 0; i < len(zki.Siblings3); i++ { zki.Siblings3[i] = newSlice(nLevels + 1) }
// Intermediate States
zki.ISOnChain = newSlice(nTx - 1) zki.ISOutIdx = newSlice(nTx - 1) zki.ISStateRoot = newSlice(nTx - 1) zki.ISExitRoot = newSlice(nTx - 1) zki.ISAccFeeOut = make([][]*big.Int, nTx-1) for i := 0; i < len(zki.ISAccFeeOut); i++ { zki.ISAccFeeOut[i] = newSlice(maxFeeTx) } zki.ISStateRootFee = newSlice(maxFeeTx - 1) zki.ISInitStateRootFee = big.NewInt(0) zki.ISFinalAccFee = newSlice(maxFeeTx - 1)
return zki}
// newSlice returns a []*big.Int slice of length n with values initialized at
// 0.
// Is used to initialize all *big.Ints of the ZKInputs data structure, so when
// the transactions are processed and the ZKInputs filled, there is no need to
// set all the elements, and if a transaction does not use a parameter, can be
// leaved as it is in the ZKInputs, as will be 0, so later when using the
// ZKInputs to generate the zkSnark proof there is no 'nil'/'null' values.
func newSlice(n int) []*big.Int { s := make([]*big.Int, n) for i := 0; i < len(s); i++ { s[i] = big.NewInt(0) } return s}
|
