-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable composition of rv32im programs and generalized recursion programs #1841
Conversation
…-composition-assumptions
…-composition-assumptions
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 2 Ignored Deployments
|
risc0/zkvm/src/receipt/merkle.rs
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file was moved from risc0/zkvm/src/host/recursion/merkle.rs
in or to make it possible to add MerkleProof
as a (pub(crate)
) field of SuccinctReceipt
.
pub fn hash_suite_from_name(name: impl AsRef<str>) -> Option<HashSuite<BabyBear>> { | ||
match name.as_ref() { | ||
"sha-256" => Some(sha::Sha256HashSuite::new_suite()), | ||
"poseidon2" => Some(poseidon2::Poseidon2HashSuite::new_suite()), | ||
"blake2b" => Some(blake2b::Blake2bCpuHashSuite::new_suite()), | ||
#[cfg(feature = "prove")] | ||
"poseidon_254" => Some(poseidon_254::Poseidon254HashSuite::new_suite()), | ||
_ => None, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. I was also thinking of making the hashfn
a non_exhaustive
enum, rather than a string
Some failures in |
Agreed! risc0-ethereum should pass after making the fix and should be more stable after 1.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did a fairly careful review of the cryptographically relevant bits. Will wait for Frank's OK on the rest.
// NOTE: InnerReceipt and InnerAssumptionReceipt are the same type in protobuf. | ||
// In Rust, they are distinct types becaue Rust needs to size everything on the | ||
// stack and e.g. SuccinctReceipt<ReceiptClaim> and SuccinctReceipt<Unknown> | ||
// have different sizes. Protobuf handles this without issue. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if this will bite us in the end when we want to start making changes to one or the other. What's nice about having separate types in protobuf is that they can vary independently in a backwards-compatible way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Part of my assumption here is that you can "fork" the types later as needed without introducing a backwards incompatibility at the protobuf layer. I think this is true, but I'm not 100% sure.
I'd be happy to split this out now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, if we can fork later in a compatible way, then this seems fine to me.
Co-authored-by: Frank Laub <flaub@risc0.com>
Co-authored-by: Frank Laub <flaub@risc0.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic!
… to match zkVM 1.0 (#124) In risc0/risc0#1841 where changes to the control root (due to an updated `resolve` program) as well as a changes to how the `Gorth16ReceiptVerifierParamters` are hashed. This PR addresses those.
A mistake in #1841, the newline `\n` in the format string doesn't turn into a newline when using `r#"` string literals.
As a major step towards composition with recursion programs and circuits implementing accelerators, this PR adds a
control_root
value to the receipt claim encoding of assumptions, and enables proving and of recursion programs that are not in the main set of rv32im transforms.In the course of this PR, there are also a number of changes to make it possible to pass alternate parameters to proving and verification. In particular,
ProverOpts
now holds the set of allowed control roots and can be configured to use an alternate set, andVerifierContext
holds the verifier parameters for each receipt type.SuccinctReceipt
has been made more generic, allowing it to represent proof of any recursion program that follows the convention of placing a control root in the first output slot, and a SHA-256 claim digest in the second output slot. This claim digest can be over a generic claim, which allows for claims representing the execution of e.g. accelerators which are notReceiptClaim
and do not represent zkVM execution.Verification routines on
Receipt
andCompositeReceipt
are simplified, partially taking advantage of recent changes to the rv32im circuit to zero-out the post-state digest, and partially by droppingExitCode::Paused(0)
as a default accepted exit code.