Enable composition of rv32im programs and generalized recursion programs #1841
Conversation
…-composition-assumptions
…-composition-assumptions
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 2 Ignored Deployments
|
risc0/zkvm/src/receipt/merkle.rs
Outdated
There was a problem hiding this comment.
This file was moved from risc0/zkvm/src/host/recursion/merkle.rs in or to make it possible to add MerkleProof as a (pub(crate)) field of SuccinctReceipt.
| pub fn hash_suite_from_name(name: impl AsRef<str>) -> Option<HashSuite<BabyBear>> { | ||
| match name.as_ref() { | ||
| "sha-256" => Some(sha::Sha256HashSuite::new_suite()), | ||
| "poseidon2" => Some(poseidon2::Poseidon2HashSuite::new_suite()), | ||
| "blake2b" => Some(blake2b::Blake2bCpuHashSuite::new_suite()), | ||
| #[cfg(feature = "prove")] | ||
| "poseidon_254" => Some(poseidon_254::Poseidon254HashSuite::new_suite()), | ||
| _ => None, | ||
| } | ||
| } |
There was a problem hiding this comment.
Nice. I was also thinking of making the hashfn a non_exhaustive enum, rather than a string
|
Some failures in |
Agreed! risc0-ethereum should pass after making the fix and should be more stable after 1.0 |
| // NOTE: InnerReceipt and InnerAssumptionReceipt are the same type in protobuf. | ||
| // In Rust, they are distinct types becaue Rust needs to size everything on the | ||
| // stack and e.g. SuccinctReceipt<ReceiptClaim> and SuccinctReceipt<Unknown> | ||
| // have different sizes. Protobuf handles this without issue. |
There was a problem hiding this comment.
I wonder if this will bite us in the end when we want to start making changes to one or the other. What's nice about having separate types in protobuf is that they can vary independently in a backwards-compatible way.
There was a problem hiding this comment.
Part of my assumption here is that you can "fork" the types later as needed without introducing a backwards incompatibility at the protobuf layer. I think this is true, but I'm not 100% sure.
I'd be happy to split this out now
There was a problem hiding this comment.
Ah, if we can fork later in a compatible way, then this seems fine to me.
Co-authored-by: Frank Laub <flaub@risc0.com>
Co-authored-by: Frank Laub <flaub@risc0.com>
… to match zkVM 1.0 (#124) In risc0/risc0#1841 where changes to the control root (due to an updated `resolve` program) as well as a changes to how the `Gorth16ReceiptVerifierParamters` are hashed. This PR addresses those.
A mistake in #1841, the newline `\n` in the format string doesn't turn into a newline when using `r#"` string literals.
As a major step towards composition with recursion programs and circuits implementing accelerators, this PR adds a
control_rootvalue to the receipt claim encoding of assumptions, and enables proving and of recursion programs that are not in the main set of rv32im transforms.In the course of this PR, there are also a number of changes to make it possible to pass alternate parameters to proving and verification. In particular,
ProverOptsnow holds the set of allowed control roots and can be configured to use an alternate set, andVerifierContextholds the verifier parameters for each receipt type.SuccinctReceipthas been made more generic, allowing it to represent proof of any recursion program that follows the convention of placing a control root in the first output slot, and a SHA-256 claim digest in the second output slot. This claim digest can be over a generic claim, which allows for claims representing the execution of e.g. accelerators which are notReceiptClaimand do not represent zkVM execution.Verification routines on
ReceiptandCompositeReceiptare simplified, partially taking advantage of recent changes to the rv32im circuit to zero-out the post-state digest, and partially by droppingExitCode::Paused(0)as a default accepted exit code.