WIP

cspell.json

@@ -231,6 +231,7 @@
     "Reserialize",
     "retag",
     "rethrown",
+    "revertibles",
     "rollup",
     "rollups",
     "rushstack",

noir-projects/aztec-nr/aztec/src/context/private_context.nr

@@ -271,7 +271,7 @@ impl PrivateContext {
             /// Safety: Kernels verify that the key validation request is valid and below we verify that a request
             /// for the correct public key has been received.
             let request = unsafe { get_key_validation_request(pk_m_hash, key_index) };
-            assert(request.pk_m.hash() == pk_m_hash);
+            assert_eq(request.pk_m.hash(), pk_m_hash, "Obtained invalid key validation request");
 
             self.key_validation_requests_and_generators.push(
                 KeyValidationRequestAndGenerator {
@@ -496,7 +496,7 @@ impl PrivateContext {
         let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call;
         /// Safety: TODO(https://github.com/AztecProtocol/aztec-packages/issues/8985): Fix this.
         /// WARNING: This is insecure and should be temporary!
-        /// The oracle repacks the arguments and returns a new args_hash.
+        /// The oracle hashes the arguments and returns a new args_hash.
         /// new_args = [selector, ...old_args], so as to make it suitable to call the public dispatch function.
         /// We don't validate or compute it in the circuit because a) it's harder to do with slices, and
         /// b) this is only temporary.
@@ -552,7 +552,7 @@ impl PrivateContext {
         let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call;
         /// Safety: TODO(https://github.com/AztecProtocol/aztec-packages/issues/8985): Fix this.
         /// WARNING: This is insecure and should be temporary!
-        /// The oracle repacks the arguments and returns a new args_hash.
+        /// The oracle hashes the arguments and returns a new args_hash.
         /// new_args = [selector, ...old_args], so as to make it suitable to call the public dispatch function.
         /// We don't validate or compute it in the circuit because a) it's harder to do with slices, and
         /// b) this is only temporary.

noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr

@@ -1,15 +1,10 @@
 use dep::protocol_types::{
-    address::AztecAddress,
-    constants::{GENERATOR_INDEX__SYMMETRIC_KEY, PRIVATE_LOG_SIZE_IN_FIELDS},
-    hash::poseidon2_hash,
-    point::Point,
-    public_keys::AddressPoint,
-    scalar::Scalar,
-    utils::arrays::array_concat,
+    address::AztecAddress, constants::PRIVATE_LOG_SIZE_IN_FIELDS, hash::poseidon2_hash,
+    point::Point, public_keys::AddressPoint, scalar::Scalar, utils::arrays::array_concat,
 };
 use std::{
     aes128::aes128_encrypt, embedded_curve_ops::fixed_base_scalar_mul as derive_public_key,
-    field::bn254::decompose, hash::from_field_unsafe as fr_to_fq_unsafe,
+    hash::from_field_unsafe as fr_to_fq_unsafe,
 };
 
 use crate::{
@@ -184,14 +179,6 @@ unconstrained fn get_random_bytes<let N: u32>() -> [u8; N] {
     bytes
 }
 
-/// Converts a base field element to scalar field element.
-/// This is fine because modulus of the base field is smaller than the modulus of the scalar field.
-fn fr_to_fq(r: Field) -> Scalar {
-    let (lo, hi) = decompose(r);
-
-    Scalar { lo, hi }
-}
-
 fn generate_ephemeral_key_pair() -> (Scalar, Point) {
     // @todo Need to draw randomness from the full domain of Fq not only Fr
 

noir-projects/aztec-nr/aztec/src/history/nullifier_inclusion.nr

@@ -21,21 +21,21 @@ impl ProveNullifierInclusion for BlockHeader {
 
         // 2) First we prove that the tree leaf in the witness is present in the nullifier tree. This is expected to be
         // the leaf that contains the nullifier we're proving inclusion for.
-        assert(
-            self.state.partial.nullifier_tree.root
-                == root_from_sibling_path(witness.leaf_preimage.hash(), witness.index, witness.path)
-                ,
-                "Proving nullifier inclusion failed",
-            );
-
-            // 3) Then we simply check that the value in the leaf is the expected one. Note that we don't need to perform
-            // any checks on the rest of the values in the leaf preimage (the next index or next nullifier), since all we
-            // care about is showing that the tree contains an entry with the expected nullifier.
-            assert(
-                witness.leaf_preimage.nullifier == nullifier,
-                "Nullifier does not match value in witness",
-            );
-        }
+        assert_eq(
+            self.state.partial.nullifier_tree.root,
+            root_from_sibling_path(witness.leaf_preimage.hash(), witness.index, witness.path),
+            "Proving nullifier inclusion failed",
+        );
+
+        // 3) Then we simply check that the value in the leaf is the expected one. Note that we don't need to perform
+        // any checks on the rest of the values in the leaf preimage (the next index or next nullifier), since all we
+        // care about is showing that the tree contains an entry with the expected nullifier.
+        assert_eq(
+            witness.leaf_preimage.nullifier,
+            nullifier,
+            "Nullifier does not match value in witness",
+        );
+    }
 }
 
 trait ProveNoteIsNullified {

noir-projects/aztec-nr/aztec/src/history/nullifier_non_inclusion.nr

@@ -28,9 +28,9 @@ impl ProveNullifierNonInclusion for BlockHeader {
         // the 'low leaf', i.e. the leaf that would come immediately before the nullifier's leaf, if the nullifier were
         // to be in the tree.
         let low_nullifier_leaf = witness.leaf_preimage;
-        assert(
-            self.state.partial.nullifier_tree.root
-                == root_from_sibling_path(low_nullifier_leaf.hash(), witness.index, witness.path),
+        assert_eq(
+            self.state.partial.nullifier_tree.root,
+            root_from_sibling_path(low_nullifier_leaf.hash(), witness.index, witness.path),
             "Proving nullifier non-inclusion failed: Could not prove low nullifier inclusion",
         );
 

noir-projects/aztec-nr/aztec/src/history/public_storage.nr

@@ -39,37 +39,35 @@ impl PublicStorageHistoricalRead for BlockHeader {
         // We first prove that the witness is indeed valid for the public data tree, i.e. that the preimage is of a
         // value present in the tree. Note that `hash` returns not just the hash of the value but also the metadata
         // (slot, next index and next slot).
-        assert(
-            self.state.partial.public_data_tree.root
-                == root_from_sibling_path(witness.leaf_preimage.hash(), witness.index, witness.path)
-                ,
-                "Proving public value inclusion failed",
-            );
+        assert_eq(
+            self.state.partial.public_data_tree.root,
+            root_from_sibling_path(witness.leaf_preimage.hash(), witness.index, witness.path),
+            "Proving public value inclusion failed",
+        );
 
-            // 4) Now that we know the preimage is valid, we determine the value that's represented by this tree entry. Here
-            // we have two scenarios:
-            // 1. The tree entry is initialized, and the value is the same as the one in the witness
-            // 2. The entry was never initialized, and the value is default zero (the default)
-            // The code below is based on the same checks in `validate_public_data_reads` in `base_rollup_inputs`.
-            let preimage = witness.leaf_preimage;
+        // 4) Now that we know the preimage is valid, we determine the value that's represented by this tree entry. Here
+        // we have two scenarios:
+        // 1. The tree entry is initialized, and the value is the same as the one in the witness
+        // 2. The entry was never initialized, and the value is default zero (the default)
+        // The code below is based on the same checks in `validate_public_data_reads` in `base_rollup_inputs`.
+        let preimage = witness.leaf_preimage;
 
-            let is_less_than_slot = full_field_less_than(preimage.slot, public_data_tree_index);
-            let is_next_greater_than =
-                full_field_less_than(public_data_tree_index, preimage.next_slot);
-            let is_max = ((preimage.next_index == 0) & (preimage.next_slot == 0));
-            let is_in_range = is_less_than_slot & (is_next_greater_than | is_max);
+        let is_less_than_slot = full_field_less_than(preimage.slot, public_data_tree_index);
+        let is_next_greater_than = full_field_less_than(public_data_tree_index, preimage.next_slot);
+        let is_max = ((preimage.next_index == 0) & (preimage.next_slot == 0));
+        let is_in_range = is_less_than_slot & (is_next_greater_than | is_max);
 
-            let value = if is_in_range {
-                0
-            } else {
-                assert_eq(
-                    preimage.slot,
-                    public_data_tree_index,
-                    "Public data tree index doesn't match witness",
-                );
-                preimage.value
-            };
+        let value = if is_in_range {
+            0
+        } else {
+            assert_eq(
+                preimage.slot,
+                public_data_tree_index,
+                "Public data tree index doesn't match witness",
+            );
+            preimage.value
+        };
 
-            value
-        }
+        value
+    }
 }

noir-projects/aztec-nr/aztec/src/lib.nr

@@ -3,7 +3,6 @@ mod deploy;
 mod generators;
 mod hash;
 mod history;
-mod initializer;
 mod keys;
 mod messaging;
 mod note;

noir-projects/aztec-nr/aztec/src/initializer.nr → noir-projects/aztec-nr/aztec/src/macros/functions/initialization_utils.nr

@@ -60,10 +60,7 @@ pub fn assert_initialization_matches_address_preimage_private(context: PrivateCo
     );
 }
 
-pub fn compute_initialization_hash(
-    init_selector: FunctionSelector,
-    init_args_hash: Field,
-) -> Field {
+fn compute_initialization_hash(init_selector: FunctionSelector, init_args_hash: Field) -> Field {
     poseidon2_hash_with_separator(
         [init_selector.to_field(), init_args_hash],
         GENERATOR_INDEX__CONSTRUCTOR,

noir-projects/aztec-nr/aztec/src/macros/functions/mod.nr

@@ -1,4 +1,5 @@
 pub mod interfaces;
+pub mod initialization_utils;
 
 use super::utils::{
     add_to_hasher, fn_has_noinitcheck, get_fn_visibility, is_fn_initializer, is_fn_internal,
@@ -64,18 +65,19 @@ pub comptime fn noinitcheck(_f: FunctionDefinition) {
 
 comptime fn create_assert_correct_initializer_args(f: FunctionDefinition) -> Quoted {
     let fn_visibility = get_fn_visibility(f);
-    f"dep::aztec::initializer::assert_initialization_matches_address_preimage_{fn_visibility}(context);"
+    f"dep::aztec::macros::functions::initialization_utils::assert_initialization_matches_address_preimage_{fn_visibility}(context);"
         .quoted_contents()
 }
 
 comptime fn create_mark_as_initialized(f: FunctionDefinition) -> Quoted {
     let fn_visibility = get_fn_visibility(f);
-    f"dep::aztec::initializer::mark_as_initialized_{fn_visibility}(&mut context);".quoted_contents()
+    f"dep::aztec::macros::functions::initialization_utils::mark_as_initialized_{fn_visibility}(&mut context);"
+        .quoted_contents()
 }
 
 comptime fn create_init_check(f: FunctionDefinition) -> Quoted {
     let fn_visibility = get_fn_visibility(f);
-    f"dep::aztec::initializer::assert_is_initialized_{fn_visibility}(&mut context);"
+    f"dep::aztec::macros::functions::initialization_utils::assert_is_initialized_{fn_visibility}(&mut context);"
         .quoted_contents()
 }
 

noir-projects/aztec-nr/aztec/src/messaging.nr

@@ -36,7 +36,7 @@ pub fn process_l1_to_l2_message(
         unsafe { get_l1_to_l2_membership_witness(contract_address, message_hash, secret) };
 
     let root = root_from_sibling_path(message_hash, leaf_index, sibling_path);
-    assert(root == l1_to_l2_root, "Message not in state");
+    assert_eq(root, l1_to_l2_root, "Message not in state");
 
     compute_l1_to_l2_message_nullifier(message_hash, secret)
 }

noir-projects/aztec-nr/aztec/src/note/note_getter_options.nr

@@ -3,9 +3,9 @@ use dep::protocol_types::{constants::MAX_NOTE_HASH_READ_REQUESTS_PER_CALL, trait
 use std::option::Option;
 
 pub struct PropertySelector {
-    pub(crate) index: u8, // index of the field in the serialized note array
-    pub(crate) offset: u8, // offset in the byte representation of the field (selected with index above) from which to reading
-    pub(crate) length: u8, // number of bytes to read after the offset
+    pub index: u8, // index of the field in the serialized note array
+    pub offset: u8, // offset in the byte representation of the field (selected with index above) from which to reading
+    pub length: u8, // number of bytes to read after the offset
 }
 
 pub struct Select {

noir-projects/aztec-nr/aztec/src/oracle/block_header.nr

@@ -66,14 +66,16 @@ fn constrain_get_block_header_at_internal(
     let witness = unsafe { get_archive_membership_witness(last_archive_block_number, block_hash) };
 
     // 3) Check that the block is in the archive (i.e. the witness is valid)
-    assert(
-        last_archive_root == root_from_sibling_path(block_hash, witness.index, witness.path),
+    assert_eq(
+        last_archive_root,
+        root_from_sibling_path(block_hash, witness.index, witness.path),
         "Proving membership of a block in archive failed",
     );
 
     // 4) Check that the header hint has the same block number as the block number we are looking for, ensuring we are actually grabbing the header we specify
-    assert(
-        header_hint.global_variables.block_number as u32 == block_number,
+    assert_eq(
+        header_hint.global_variables.block_number as u32,
+        block_number,
         "Block number provided is not the same as the block number from the header hint",
     );
 }

noir-projects/aztec-nr/aztec/src/state_vars/shared_mutable/scheduled_delay_change.nr

@@ -5,7 +5,7 @@ mod test;
 
 // This data structure is used by SharedMutable to store the minimum delay with which a ScheduledValueChange object can
 // schedule a change.
-// This delay is initally equal to INITIAL_DELAY, and can be safely mutated to any other value over time. This mutation
+// This delay is initially equal to INITIAL_DELAY, and can be safely mutated to any other value over time. This mutation
 // is performed via `schedule_change` in order to satisfy ScheduleValueChange constraints: if e.g. we allowed for the
 // delay to be decreased immediately then it'd be possible for the state variable to schedule a value change with a
 // reduced delay, invalidating prior private reads.

noir-projects/aztec-nr/value-note/src/value_note.nr

@@ -13,7 +13,7 @@ use dep::aztec::{
     },
 };
 
-global VALUE_NOTE_LEN: u32 = 3; // 3 plus a header.
+pub(crate) global VALUE_NOTE_LEN: u32 = 3; // 3 plus a header.
 
 // docs:start:value-note-def
 // ValueNote is used as fn parameter in the Claim contract, so it has to implement the Serialize trait.

noir-projects/noir-contracts/contracts/easy_private_voting_contract/src/test/utils.nr

@@ -8,9 +8,8 @@ pub unconstrained fn setup() -> (&mut TestEnvironment, AztecAddress, AztecAddres
     let admin = env.create_account();
 
     let initializer_call_interface = EasyPrivateVoting::interface().constructor(admin);
-    let voting_contract = unsafe {
-        env.deploy_self("EasyPrivateVoting").with_public_void_initializer(initializer_call_interface)
-    };
-    // std::println(voting_contract);
+    let voting_contract = env.deploy_self("EasyPrivateVoting").with_public_void_initializer(
+        initializer_call_interface,
+    );
     (&mut env, voting_contract.to_address(), admin)
 }

noir-projects/noir-contracts/contracts/ecdsa_k_account_contract/src/main.nr

@@ -59,6 +59,8 @@ contract EcdsaKAccount {
         let public_key = storage.public_key.get_note();
 
         // Load auth witness
+        /// Safety: The witness is only used as a "magical value" that makes the signature verification below pass.
+        /// Hence it's safe.
         let witness: [Field; 64] = unsafe { get_auth_witness(outer_hash) };
         let mut signature: [u8; 64] = [0; 64];
         for i in 0..64 {

noir-projects/noir-contracts/contracts/ecdsa_r_account_contract/src/main.nr

@@ -57,6 +57,8 @@ contract EcdsaRAccount {
         let public_key = storage.public_key.get_note();
 
         // Load auth witness
+        /// Safety: The witness is only used as a "magical value" that makes the signature verification below pass.
+        /// Hence it's safe.
         let witness: [Field; 64] = unsafe { get_auth_witness(outer_hash) };
         let mut signature: [u8; 64] = [0; 64];
         for i in 0..64 {

noir-projects/noir-contracts/contracts/stateful_test_contract/src/main.nr

@@ -3,9 +3,12 @@ use dep::aztec::macros::aztec;
 
 #[aztec]
 contract StatefulTest {
-    use dep::aztec::{
-        initializer::assert_is_initialized_private,
-        macros::{functions::{initializer, noinitcheck, private, public, view}, storage::storage},
+    use dep::aztec::macros::{
+        functions::{
+            initialization_utils::assert_is_initialized_private, initializer, noinitcheck, private,
+            public, view,
+        },
+        storage::storage,
     };
     use dep::aztec::prelude::{AztecAddress, FunctionSelector, Map, PrivateSet, PublicMutable};
     use dep::value_note::{balance_utils, utils::{decrement, increment}, value_note::ValueNote};

noir-projects/noir-protocol-circuits/crates/types/src/abis/sponge_blob.nr

@@ -1,5 +1,5 @@
 use crate::{
-    constants::{BLOBS_PER_BLOCK, FIELDS_PER_BLOB, SPONGE_BLOB_LENGTH},
+    constants::{BLOBS_PER_BLOCK, FIELDS_PER_BLOB, POW64, SPONGE_BLOB_LENGTH},
     hash::poseidon2_absorb_chunks_existing_sponge,
     traits::{Deserialize, Empty, Serialize},
 };
@@ -19,7 +19,7 @@ use std::hash::poseidon2::Poseidon2;
 // The hash is used as part of the blob challenge, as we've proven it encompasses all elts of the blob(s).
 
 // Init is given by input len * 2^64 (see noir/noir-repo/noir_stdlib/src/hash/poseidon2.nr -> hash_internal)
-global IV: Field = (FIELDS_PER_BLOB * BLOBS_PER_BLOCK) as Field * 18446744073709551616;
+global IV: Field = (FIELDS_PER_BLOB * BLOBS_PER_BLOCK) as Field * POW64;
 
 pub struct SpongeBlob {
     pub sponge: Poseidon2,
@@ -34,7 +34,7 @@ impl SpongeBlob {
 
     pub fn new(expected_fields_hint: u32) -> Self {
         Self {
-            sponge: Poseidon2::new((expected_fields_hint as Field) * 18446744073709551616),
+            sponge: Poseidon2::new((expected_fields_hint as Field) * POW64),
             fields: 0,
             expected_fields: expected_fields_hint,
         }

noir-projects/noir-protocol-circuits/crates/types/src/constants.nr

@@ -755,6 +755,8 @@ pub global PROOF_TYPE_AVM: u32 = 4;
 pub global PROOF_TYPE_ROLLUP_HONK: u32 = 5;
 pub global PROOF_TYPE_ROOT_ROLLUP_HONK: u32 = 6;
 
+pub global POW64: Field = 2.pow_32(64);
+
 mod test {
     use crate::constants::{
         MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_CALL, MAX_PUBLIC_DATA_UPDATE_REQUESTS_PER_TX,