Merge branch 'master' into v2.1

Author: Rumata888

.circleci/config.yml

@@ -236,7 +236,7 @@ jobs:
 
   contracts:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -247,7 +247,7 @@ jobs:
 
   yarn-project-base:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -258,7 +258,7 @@ jobs:
 
   barretenberg-js:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -280,7 +280,7 @@ jobs:
 
   blockchain:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -291,7 +291,7 @@ jobs:
 
   aztec-dev-cli:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -302,7 +302,7 @@ jobs:
 
   kebab:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -313,7 +313,7 @@ jobs:
 
   halloumi:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -324,7 +324,7 @@ jobs:
 
   falafel:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -335,7 +335,7 @@ jobs:
 
   block-server:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -346,7 +346,7 @@ jobs:
 
   sdk:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -357,7 +357,7 @@ jobs:
 
   wasabi:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -368,7 +368,7 @@ jobs:
 
   hummus:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -379,7 +379,7 @@ jobs:
 
   wallet:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -390,7 +390,7 @@ jobs:
 
   end-to-end:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: large
     steps:
       - *checkout
@@ -615,7 +615,7 @@ jobs:
 
   deploy:
     machine:
-      image: ubuntu-2004:202010-01
+      image: default
     resource_class: medium
     steps:
       - *checkout

aztec-connect-cpp/barretenberg

@@ -39,9 +39,9 @@ constexpr bool is_circuit_change_expected = 0;
 constexpr uint32_t ACCOUNT = 23967;
 constexpr uint32_t JOIN_SPLIT = 64047;
 constexpr uint32_t CLAIM = 23050;
-constexpr uint32_t ROLLUP = 1173221;
-constexpr uint32_t ROOT_ROLLUP = 5481327;
-constexpr uint32_t ROOT_VERIFIER = 7435892;
+constexpr uint32_t ROLLUP = 1167809;
+constexpr uint32_t ROOT_ROLLUP = 5466707;
+constexpr uint32_t ROOT_VERIFIER = 7628270;
 }; // namespace circuit_gate_count
 
 namespace circuit_gate_next_power_of_two {
@@ -62,11 +62,11 @@ namespace circuit_vk_hash {
 constexpr auto ACCOUNT = uint256_t(0xcd6d70c733eaf823, 0x6505d3402817ad3d, 0xbf9e2b6a262589cf, 0xafcc546b55cc45e3);
 constexpr auto JOIN_SPLIT = uint256_t(0xb23c7772f47bc823, 0x5493625d4f08603c, 0x21ac50a5929576f9, 0xb7b3113c131460e5);
 constexpr auto CLAIM = uint256_t(0xa753ce523719749e, 0x80216aff7f8bc9ce, 0xa9b0f69bbd24ac33, 0xae17c5fb7d488138);
-constexpr auto ROLLUP = uint256_t(0x5f2f6590e5553f19, 0x62c287e01b897621, 0xf32d03437085e2d, 0x567b0be24dc99966);
-constexpr auto ROOT_ROLLUP = uint256_t(0x64e5e03cf9534ed6, 0x7fdc871935b9e4fe, 0xd2b81e990cc15f3d, 0x47f00f76d92e5e4d);
-;
+constexpr auto ROLLUP = uint256_t(0x47427863b042e198, 0xbcfaeb63d9e263e, 0x405c66379df643d0, 0x11a2cb6aef44a77d);
+constexpr auto ROOT_ROLLUP = uint256_t(0x3f9f4b9944097e45, 0x20279b5f76e6ec69, 0xd7a31ace33aaed41, 0x49f209bdff64342c);
 constexpr auto ROOT_VERIFIER =
-    uint256_t(0xb4349747ae6ea507, 0xfaafa0f2e384c984, 0x9325870bcc594daf, 0x50163a2572c67363);
+    uint256_t(0x7de149243dd52594, 0x1c40fbda00798466, 0x8afc5663ee50a18c, 0xa1c5c44397212706);
+
 }; // namespace circuit_vk_hash
 
 namespace ProofIds {

aztec-connect-cpp/src/rollup/constants.hpp

@@ -290,7 +290,12 @@ recursion_output<bn254> rollup_circuit(Composer& composer,
     auto bridge_call_datas = map(rollup.bridge_call_datas, [&](auto& bid) {
         return suint_ct(witness_ct(&composer, bid), DEFI_BRIDGE_CALL_DATA_BIT_LENGTH, "bridge_call_data");
     });
-    const auto recursive_manifest = Composer::create_unrolled_manifest(verification_keys[0]->num_public_inputs);
+
+    // We need a special manifest that includes pairing inputs from previous batch operations for all steps but the
+    // initial one
+    const auto recursive_manifest_step_0 = Composer::create_unrolled_manifest(verification_keys[0]->num_public_inputs);
+    const auto recursive_manifest_with_batching =
+        Composer::create_unrolled_manifest_for_batching(verification_keys[0]->num_public_inputs);
 
     const auto num_asset_ids = field_ct(witness_ct(&composer, rollup.num_asset_ids));
     auto asset_ids = map(rollup.asset_ids, [&](auto& aid) { return field_ct(witness_ct(&composer, aid)); });
@@ -332,12 +337,23 @@ recursion_output<bn254> rollup_circuit(Composer& composer,
         recursive_verification_key->validate_key_is_in_set(verification_keys);
 
         // Verify the inner proof.
-        recursion_output =
-            verify_proof<bn254, recursive_turbo_verifier_settings<bn254>>(&composer,
-                                                                          recursive_verification_key,
-                                                                          recursive_manifest,
-                                                                          waffle::plonk_proof{ rollup.txs[i] },
-                                                                          recursion_output);
+        if (i == 0) {
+            // First proof uses standard unrolled transcript
+            recursion_output =
+                verify_proof<bn254, recursive_turbo_verifier_settings<bn254>>(&composer,
+                                                                              recursive_verification_key,
+                                                                              recursive_manifest_step_0,
+                                                                              waffle::plonk_proof{ rollup.txs[i] },
+                                                                              recursion_output);
+        } else {
+            // The following transcripts embed previous recursion outputs to ensure batching isn't exploitable
+            recursion_output =
+                verify_proof<bn254, recursive_turbo_verifier_settings<bn254>>(&composer,
+                                                                              recursive_verification_key,
+                                                                              recursive_manifest_with_batching,
+                                                                              waffle::plonk_proof{ rollup.txs[i] },
+                                                                              recursion_output);
+        }
 
         auto is_real = num_txs > uint32_ct(&composer, i);
         auto& public_inputs = recursion_output.public_inputs;

aztec-connect-cpp/src/rollup/proofs/rollup/rollup_circuit.cpp

@@ -251,7 +251,14 @@ circuit_result_data root_rollup_circuit(Composer& composer,
         return circuit::defi_interaction::note(circuit::defi_interaction::witness_data(composer, n));
     });
     const auto num_previous_defi_interactions = field_ct(witness_ct(&composer, tx.num_previous_defi_interactions));
-    const auto recursive_manifest = Composer::create_unrolled_manifest(inner_verification_key->num_public_inputs);
+
+    // We need a special manifest that includes pairing inputs from previous batch operations for all steps but the
+    // initial one
+    const auto recursive_manifest_step_0 =
+        Composer::create_unrolled_manifest(inner_verification_key->num_public_inputs);
+    const auto recursive_manifest_with_batching =
+        Composer::create_unrolled_manifest_for_batching(inner_verification_key->num_public_inputs);
+
     const auto recursive_verification_key =
         plonk::stdlib::recursion::verification_key<bn254>::from_constants(&composer, inner_verification_key);
     field_ct rollup_beneficiary = field_ct(witness_ct(&composer, tx.rollup_beneficiary));
@@ -279,12 +286,24 @@ circuit_result_data root_rollup_circuit(Composer& composer,
     for (uint32_t i = 0; i < max_num_inner_proofs; ++i) {
         auto is_real = num_inner_proofs > i;
 
-        recursion_output =
-            verify_proof<bn254, recursive_turbo_verifier_settings<bn254>>(&composer,
-                                                                          recursive_verification_key,
-                                                                          recursive_manifest,
-                                                                          waffle::plonk_proof{ tx.rollups[i] },
-                                                                          recursion_output);
+        // Verify the inner proof.
+        if (i == 0) {
+            // First proof uses standard unrolled transcript
+            recursion_output =
+                verify_proof<bn254, recursive_turbo_verifier_settings<bn254>>(&composer,
+                                                                              recursive_verification_key,
+                                                                              recursive_manifest_step_0,
+                                                                              waffle::plonk_proof{ tx.rollups[i] },
+                                                                              recursion_output);
+        } else {
+            // The following transcripts embed previous recursion outputs to ensure batching isn't exploitable
+            recursion_output =
+                verify_proof<bn254, recursive_turbo_verifier_settings<bn254>>(&composer,
+                                                                              recursive_verification_key,
+                                                                              recursive_manifest_with_batching,
+                                                                              waffle::plonk_proof{ tx.rollups[i] },
+                                                                              recursion_output);
+        }
 
         auto& public_inputs = recursion_output.public_inputs;