Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verification key hashes in account updates #12380

Merged
merged 78 commits into from
Feb 1, 2023
Merged

Verification key hashes in account updates #12380

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
9aca861
Verification key hash in account updates
psteckler Dec 15, 2022
930fc49
fix builds
psteckler Dec 15, 2022
78ff40b
Address some PR comments
psteckler Dec 15, 2022
88cae81
move vk hash to Authorization_kind
psteckler Dec 16, 2022
16ee054
revert accidental commit
psteckler Dec 16, 2022
98ec9da
fix replayer build
psteckler Dec 16, 2022
632852e
fix builds
psteckler Dec 16, 2022
c017a06
more build fixes
psteckler Dec 16, 2022
7e67961
fix schema
psteckler Dec 17, 2022
708908e
fix table name
psteckler Dec 17, 2022
1068e0d
revert
psteckler Dec 17, 2022
277ad0a
Scaffold for verification_key table
bkase Dec 17, 2022
ec9ff1f
Adds libiconv dep
bkase Dec 14, 2022
f175230
Adds other changes from patch
bkase Dec 14, 2022
47fb7eb
Runs nixfmt on code
bkase Dec 14, 2022
4797c8d
Scaffold for verification_key table
bkase Dec 17, 2022
d3bd47f
rm unused binding
psteckler Dec 19, 2022
8392da4
Rebases and fixes up errors on top of vk in account updates
bkase Dec 19, 2022
c28cbdf
Merge remote-tracking branch 'origin/verification-key-hash-table' int…
bkase Dec 19, 2022
827d49a
Reformats changes
bkase Dec 19, 2022
cf0304a
fix mina-signer test
mitschabaude Dec 19, 2022
6821744
fix to_input for authorization kind
mitschabaude Dec 19, 2022
8f39329
bump snarkyjs
mitschabaude Dec 19, 2022
0de763a
Merge branch 'develop' into feature/vk-hash-in-acct-updates
mitschabaude Dec 19, 2022
5dde85a
bump snarkyjs
mitschabaude Dec 20, 2022
9bb920d
bump snarkyjs
mitschabaude Dec 20, 2022
5b44790
add record ellipsis
psteckler Dec 20, 2022
6797692
update txn hash test
psteckler Dec 20, 2022
543064c
replace vk hashes in tests
psteckler Dec 20, 2022
cdf3be8
Merge branch 'develop' into feature/vk-hash-in-acct-updates
psteckler Dec 21, 2022
28e20b6
fix snarkyjs intg test
mitschabaude Dec 21, 2022
f7ea9de
bump snarkyjs
mitschabaude Dec 21, 2022
a24a51b
Merge remote-tracking branch 'origin/feature/vk-hash-in-acct-updates'…
bkase Dec 21, 2022
8c4a2d7
Makes requested changes
bkase Dec 21, 2022
1b0f589
Double check vk_hash in find_vk_via_ledger
bkase Jan 4, 2023
9208ff6
Makes to_valid also use find_vk
bkase Jan 4, 2023
4226ce8
Moves extract_vks to relevant locations
bkase Jan 4, 2023
25bdc37
Lifts vk lookup fallback logic from pool to reusable
bkase Jan 4, 2023
0991145
Reassigns vk-hashes before verifiabling them
bkase Jan 6, 2023
6504944
WIP on fix
bkase Jan 11, 2023
4d1aab1
Check vk hashes in apply
psteckler Jan 11, 2023
a1ca141
fix tests
psteckler Jan 12, 2023
70a59c6
uncomment test
psteckler Jan 12, 2023
81288a1
Removes dead logic in staged ledger, closer to correct logic in pools
bkase Jan 12, 2023
1876c6d
Restore Proof auth in create tokens test
psteckler Jan 12, 2023
f59c1b0
Also replaces setting vks
bkase Jan 12, 2023
18a4275
use Local_state.add_check
psteckler Jan 12, 2023
1a4ca27
Merge branch 'verification-key-hash-table' into feature/check-vk-hash…
psteckler Jan 12, 2023
ddafda9
Merge pull request #12498 from MinaProtocol/feature/check-vk-hashes-i…
psteckler Jan 12, 2023
06e3100
Merge remote-tracking branch 'origin/verification-key-hash-table' int…
bkase Jan 13, 2023
83efa90
Requested changes
bkase Jan 18, 2023
9164cda
Removed test that is no longer valid
bkase Jan 18, 2023
164b104
Revert "Removed test that is no longer valid"
bkase Jan 19, 2023
3a245de
Temporarily comments out staged ledger test
bkase Jan 19, 2023
3ddb7ac
Merge pull request #12398 from MinaProtocol/verification-key-hash-table
bkase Jan 21, 2023
e34a1c1
Merge remote-tracking branch 'origin/develop' into feature/vk-hash-in…
bkase Jan 22, 2023
b2178ab
Underscores unused var
bkase Jan 22, 2023
0e90770
Uses call_type not caller
bkase Jan 22, 2023
3aea534
Param for proof
bkase Jan 22, 2023
eb36df5
Merge branch 'develop' into feature/vk-hash-in-acct-updates
mitschabaude Jan 25, 2023
3111f34
fixup
mitschabaude Jan 25, 2023
0226cb0
Fix test compilation errors
nholland94 Jan 25, 2023
b232b81
Merge branch 'develop' into feature/vk-hash-in-acct-updates
mitschabaude Jan 26, 2023
2b9b51a
Merge branch 'feature/vk-hash-in-acct-updates' of github.com:MinaProt…
mitschabaude Jan 26, 2023
56e035f
regenerate graphql json
mitschabaude Jan 26, 2023
08e8b53
bump snarkyjs
mitschabaude Jan 26, 2023
2ea13cc
Merge remote-tracking branch 'origin/develop' into feature/vk-hash-in…
nholland94 Jan 27, 2023
350c754
bump snarkyjs
mitschabaude Jan 28, 2023
47b052c
Merge remote-tracking branch 'origin/develop' into feature/vk-hash-in…
bkase Jan 30, 2023
1a57eee
Wrong submodule
bkase Jan 30, 2023
3b65aad
Merge remote-tracking branch 'origin/develop' into feature/vk-hash-in…
bkase Jan 31, 2023
737ea0b
Uses newer arg form
bkase Jan 31, 2023
34a6fe6
Fixes error
bkase Jan 31, 2023
be8706f
Fixes find_vk usage
bkase Jan 31, 2023
56f2283
Address review comments
nholland94 Jan 31, 2023
6d75d16
bump snarkyjs
mitschabaude Feb 1, 2023
91e7722
bump snarkyjs
mitschabaude Feb 1, 2023
cba24b6
Fix unit tests
nholland94 Feb 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 26 additions & 4 deletions graphql_schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3091,12 +3091,20 @@
"args": [],
"type": {
"kind": "SCALAR",
"name": "SnappProof",
"name": "ZkappProof",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
},
{
"name": "verificationKeyHash",
"description": null,
"args": [],
"type": { "kind": "SCALAR", "name": "Field", "ofType": null },
"isDeprecated": false,
"deprecationReason": null
},
{
"name": "signature",
"description": null,
Expand All @@ -3116,11 +3124,17 @@
"description": null,
"type": {
"kind": "SCALAR",
"name": "SnappProof",
"name": "ZkappProof",
"ofType": null
},
"defaultValue": null
},
{
"name": "verificationKeyHash",
"description": null,
"type": { "kind": "SCALAR", "name": "Field", "ofType": null },
"defaultValue": null
},
{
"name": "signature",
"description": null,
Expand Down Expand Up @@ -6509,7 +6523,7 @@
},
{
"kind": "SCALAR",
"name": "SnappProof",
"name": "ZkappProof",
"description": null,
"fields": null,
"inputFields": null,
Expand All @@ -6528,12 +6542,20 @@
"args": [],
"type": {
"kind": "SCALAR",
"name": "SnappProof",
"name": "ZkappProof",
"ofType": null
},
"isDeprecated": false,
"deprecationReason": null
},
{
"name": "verificationKeyHash",
"description": null,
"args": [],
"type": { "kind": "SCALAR", "name": "Field", "ofType": null },
"isDeprecated": false,
"deprecationReason": null
},
{
"name": "signature",
"description": null,
Expand Down
5 changes: 4 additions & 1 deletion src/app/replayer/replayer.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,10 @@ let zkapp_command_of_zkapp_command ~pool (cmd : Sql.Zkapp_command.t) :
let (authorization : Control.t) =
match body.authorization_kind with
| Proof ->
Proof Proof.transaction_dummy
Proof
{ proof = Proof.transaction_dummy
; verification_key_hash = Zkapp_account.dummy_vk_hash ()
}
| Signature ->
Signature Signature.dummy
| None_given ->
Expand Down
6 changes: 5 additions & 1 deletion src/app/test_executive/zkapps.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,7 +341,11 @@ module Make (Inputs : Intf.Test.Inputs_intf) = struct
| Proof _ ->
{ other_p with
authorization =
Control.Proof Mina_base.Proof.blockchain_dummy
Control.Proof
{ proof = Mina_base.Proof.blockchain_dummy
; verification_key_hash =
Mina_base.Zkapp_account.dummy_vk_hash ()
}
}
| _ ->
other_p )
Expand Down
2 changes: 1 addition & 1 deletion src/lib/fields_derivers_zkapps/fields_derivers_zkapps.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -530,7 +530,7 @@ let proof obj : _ Unified_input.t =
| Error _err ->
raise_invalid_scalar `Proof s
in
iso_string obj ~name:"SnappProof" ~js_type:String
iso_string obj ~name:"ZkappProof" ~js_type:String
~to_string:Pickles.Side_loaded.Proof.to_base64 ~of_string

let verification_key_with_hash obj =
Expand Down
57 changes: 48 additions & 9 deletions src/lib/mina_base/control.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,41 @@ open Core_kernel
(* TODO: temporary hack *)
[%%ifdef consensus_mechanism]

(* we could use With_hash, but the hash is not of the data, the proof *)
module Proof_with_vk_hash = struct
[%%versioned
module Stable = struct
module V1 = struct
type ('proof, 'hash) t =
( 'proof
, 'hash )
Mina_wire_types.Mina_base.Control.Proof_with_vk_hash.V1.t =
{ proof : 'proof; verification_key_hash : 'hash }
[@@deriving sexp, yojson, hash, equal, compare]
end
end]
end

(* TODO: yojson for Field.t in snarky *)
[%%versioned
module Stable = struct
module V2 = struct
type t = Mina_wire_types.Mina_base.Control.V2.t =
| Proof of Pickles.Side_loaded.Proof.Stable.V2.t
| Proof of
( Pickles.Side_loaded.Proof.Stable.V2.t
, (Snark_params.Tick.Field.t
[@version_asserted]
[@to_yojson fun t -> `String (Snark_params.Tick.Field.to_string t)]
[@of_yojson
function
| `String s ->
let field = Snark_params.Tick.Field.of_string s in
let s' = Snark_params.Tick.Field.to_string field in
if String.equal s s' then Ok field
else Error "Invalid JSON for field"
| _ ->
Error "expected JSON string"] ) )
Proof_with_vk_hash.Stable.V1.t
| Signature of Signature.Stable.V1.t
| None_given
[@@deriving sexp, equal, yojson, hash, compare]
Expand All @@ -26,7 +56,8 @@ let gen_with_dummies : t Quickcheck.Generator.t =
(let dummy_proof =
let n2 = Pickles_types.Nat.N2.n in
let proof = Pickles.Proof.dummy n2 n2 n2 ~domain_log2:15 in
Proof proof
Proof
{ proof; verification_key_hash = Zkapp_account.dummy_vk_hash () }
in
let dummy_signature = Signature Signature.dummy in
[ dummy_proof; dummy_signature; None_given ] ) )
Expand Down Expand Up @@ -92,7 +123,7 @@ let dummy_of_tag : Tag.t -> t = function
| Proof ->
let n2 = Pickles_types.Nat.N2.n in
let proof = Pickles.Proof.dummy n2 n2 n2 ~domain_log2:15 in
Proof proof
Proof { proof; verification_key_hash = Zkapp_account.dummy_vk_hash () }
| Signature ->
Signature Signature.dummy
| None_given ->
Expand All @@ -105,8 +136,12 @@ let signature_deriver obj =
(Fields_derivers_zkapps.except ~f:Signature.of_base58_check_exn `Signature)

module As_record = struct
(* rather than group the proof and vk hash in a record, as in the type `t`, we
make them separate elements to simplify the deriver
*)
type t =
{ proof : Pickles.Side_loaded.Proof.t option
; verification_key_hash : Snark_params.Tick.Field.t option
; signature : Signature.t option
}
[@@deriving annot, fields]
Expand All @@ -116,21 +151,25 @@ module As_record = struct
let ( !. ) = ( !. ) ~t_fields_annots in
Fields.make_creator obj
~proof:!.(option ~js_type:Or_undefined @@ proof @@ o ())
~verification_key_hash:!.(option ~js_type:Or_undefined @@ field @@ o ())
~signature:!.(option ~js_type:Or_undefined @@ signature_deriver @@ o ())
|> finish "Control" ~t_toplevel_annots
end

let to_record = function
| Proof p ->
{ As_record.proof = Some p; signature = None }
| Proof { proof; verification_key_hash } ->
{ As_record.proof = Some proof
; verification_key_hash = Some verification_key_hash
; signature = None
}
| Signature s ->
{ proof = None; signature = Some s }
{ proof = None; verification_key_hash = None; signature = Some s }
| None_given ->
{ proof = None; signature = None }
{ proof = None; verification_key_hash = None; signature = None }

let of_record = function
| { As_record.proof = Some p; _ } ->
Proof p
| { As_record.proof = Some p; verification_key_hash = Some vk_hash; _ } ->
Proof { proof = p; verification_key_hash = vk_hash }
| { signature = Some s; _ } ->
Signature s
| _ ->
Expand Down
11 changes: 10 additions & 1 deletion src/lib/mina_wire_types/mina_base/mina_base_control.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
module Proof_with_vk_hash = struct
module V1 = struct
type ('proof, 'hash) t = { proof : 'proof; verification_key_hash : 'hash }
end
end

module V2 = struct
type t =
| Proof of Pickles.Side_loaded.Proof.V2.t
| Proof of
( Pickles.Side_loaded.Proof.V2.t
, Snark_params.Tick.Field.t )
Proof_with_vk_hash.V1.t
| Signature of Mina_base_signature.V1.t
| None_given
end
8 changes: 3 additions & 5 deletions src/lib/random_oracle/random_oracle.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,16 +37,14 @@ module Operations = struct
end

module Digest = struct
open Field

type nonrec t = t
type t = Field.t

let to_bits ?length x =
match length with
| None ->
unpack x
Field.unpack x
| Some length ->
List.take (unpack x) length
List.take (Field.unpack x) length
end

include Sponge.Make_hash (Random_oracle_permutation)
Expand Down
1 change: 1 addition & 0 deletions src/lib/transaction/dune
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
mina_numbers
one_or_two
pickles
random_oracle
signature_lib
sgn
snark_params
Expand Down
5 changes: 4 additions & 1 deletion src/lib/transaction/transaction_hash.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,10 @@ let hash_signed_command, hash_zkapp_command =
let dummy_auth =
match acct_update.authorization with
| Control.Proof _ ->
Control.Proof Proof.transaction_dummy
Control.Proof
{ proof = Proof.transaction_dummy
; verification_key_hash = Zkapp_account.dummy_vk_hash ()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be actual hash, right? (like other account update fields)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal of replacing the authorization with a dummy is so we can calculate the transaction hash from the data in the archive db, which does not include proofs or signatures. Could we not use a dummy for the vk hash part of the authorization?

In the replayer, we could get the vk for the account from the ledger it maintains, unless the vk is being set in a previous account update in the containing zkApp, and calculate its hash. If it's being set, the replayer could track those changes.

Suppose we want to calculate the transaction hash, just by looking at the zkapp_account_update table, and tables reachable from it, and we don't have the replayer machinery available. I think it makes sense to use the dummy vk hash here.

The vk is not part of the account update that's part of the zkApp being hashed. There may be a vk update, in which case, there's a previous vk being used for the proof.

Copy link
Member

@deepthiskumar deepthiskumar Dec 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Vk hash is part of the account update, right? It is in the authorization field which is part of an account update. We need to include the vk hash in transaction commitment and by that extension I think we should include it in this hash as well
Also, it should be in the archive database as well (I'm thinking of it as an enforced precondition). For the replayer, we don't need to verify the proof but when we apply transactions from the database, the vk hash in the account update needs to match the vk hash in the account (that check will be added to Zkapp_command_logic)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, in the PR, the vk hash is part of the authorization part of the account update.

If instead we place it as a separate field, and not in the authorization, then there's no need for the dummy hash. In that case, it makes sense to add a column to the account update body table.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it is needed only for proof updates. maybe it it could part of authorization_kind then? In the archive DB a nullable field in zkapp_account_update_body?

Copy link
Member Author

@psteckler psteckler Dec 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we can move it to the Proof case of Authorization_kind.t (we may need to add it to Control.Tag.t so they still match).

In the db, we can add a new column for the vk hash, which is not NULL only when the kind is Proof, or change the authorization kind column to a string.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New column seems better to me

}
| Control.Signature _ ->
Control.Signature Signature.dummy
| Control.None_given ->
Expand Down
13 changes: 11 additions & 2 deletions src/lib/transaction_snark/test/multisig_account/multisig_account.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -368,7 +368,12 @@ let%test_module "multisig_account" =
; caller = Call
; authorization_kind = Proof
}
; authorization = Proof Mina_base.Proof.transaction_dummy
; authorization =
Proof
{ proof = Mina_base.Proof.transaction_dummy
; verification_key_hash =
Mina_base.Zkapp_account.dummy_vk_hash ()
}
}
in
let memo = Signed_command_memo.empty in
Expand Down Expand Up @@ -453,7 +458,11 @@ let%test_module "multisig_account" =
; account_updates =
[ sender
; { body = snapp_account_update_data.body
; authorization = Proof pi
; authorization =
Proof
{ proof = pi
; verification_key_hash = With_hash.hash vk
}
}
]
; memo
Expand Down
15 changes: 12 additions & 3 deletions src/lib/transaction_snark/test/ring_sig.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ let%test_unit "1-of-2" =
|> run_and_check |> Or_error.ok_exn )

(* test a snapp tx with a 3-account_update ring *)
let%test_unit "ring-signature snapp tx with 3 zkapp_command" =
let%test_unit "ring-signature zkapp tx with 3 zkapp_command" =
let open Mina_transaction_logic.For_tests in
let gen =
let open Quickcheck.Generator.Let_syntax in
Expand Down Expand Up @@ -229,7 +229,12 @@ let%test_unit "ring-signature snapp tx with 3 zkapp_command" =
; caller = Call
; authorization_kind = Proof
}
; authorization = Proof Mina_base.Proof.transaction_dummy
; authorization =
Proof
{ proof = Mina_base.Proof.transaction_dummy
; verification_key_hash =
Mina_base.Zkapp_account.dummy_vk_hash ()
}
}
in
let protocol_state = Zkapp_precondition.Protocol_state.accept in
Expand Down Expand Up @@ -298,7 +303,11 @@ let%test_unit "ring-signature snapp tx with 3 zkapp_command" =
; account_updates =
[ sender
; { body = snapp_account_update_data.body
; authorization = Proof pi
; authorization =
Proof
{ proof = pi
; verification_key_hash = With_hash.hash vk
}
}
]
; memo
Expand Down
23 changes: 19 additions & 4 deletions src/lib/transaction_snark/transaction_snark.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4142,7 +4142,7 @@ module Make_str (A : Wire_types.Concrete) = struct

let account_update_proof (p : Account_update.t) =
match p.authorization with
| Proof p ->
| Proof { proof = p; _ } ->
Some p
| Signature _ | None_given ->
None
Expand Down Expand Up @@ -4848,8 +4848,16 @@ module Make_str (A : Wire_types.Concrete) = struct
=
prover ~handler tx_statement
in
(* TODO: does this make sense? where did the hash come from? *)
let verification_key_hash =
match simple_snapp_account_update.authorization with
psteckler marked this conversation as resolved.
Show resolved Hide resolved
| Control.Proof { verification_key_hash; _ } ->
verification_key_hash
| _ ->
assert false
in
( { body = simple_snapp_account_update.body
; authorization = Proof pi
; authorization = Proof { proof = pi; verification_key_hash }
}
: Account_update.Simple.t )
| Signature ->
Expand Down Expand Up @@ -5075,7 +5083,11 @@ module Make_str (A : Wire_types.Concrete) = struct
; caller = Call
; authorization_kind = Proof
}
; authorization = Proof Mina_base.Proof.blockchain_dummy
; authorization =
Proof
{ proof = Mina_base.Proof.transaction_dummy
; verification_key_hash = Mina_base.Zkapp_account.dummy_vk_hash ()
}
}
in
let memo = Signed_command_memo.empty in
Expand Down Expand Up @@ -5131,8 +5143,11 @@ module Make_str (A : Wire_types.Concrete) = struct
}
in
let account_updates =
let verification_key_hash = With_hash.hash vk in
[ sender
; { body = snapp_account_update_data.body; authorization = Proof pi }
; { body = snapp_account_update_data.body
; authorization = Proof { proof = pi; verification_key_hash }
}
]
in
let zkapp_command : Zkapp_command.t =
Expand Down
2 changes: 1 addition & 1 deletion src/lib/verifier/common.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ let check :
None
| None_given ->
None
| Proof pi -> (
| Proof { proof = pi; verification_key_hash = _ } -> (
psteckler marked this conversation as resolved.
Show resolved Hide resolved
match vk_opt with
| None ->
return
Expand Down
Loading