Skip to content

design: blob background #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

design: blob background #21

wants to merge 2 commits into from

Conversation

LHerskind
Copy link
Contributor

Adds a small initial background for blobs. To be completed

@LHerskind LHerskind mentioned this pull request Sep 6, 2024
Closed
just-mitch
just-mitch reviewed Sep 9, 2024
View reviewed changes
in-progress/8403-blobbity-boo.md

$$p(z) = \frac{z^{4096} - 1}{4096} \sum_{i=0}^{4095} \frac{d_i\omega^i}{z - \omega^i}.$$

We can precompute all the $\omega^i$, $-\omega^i$ s and $4096^{-1}$, the $d_i$ s are our tx effects, and $z$ is the challenge point (discussed more below). This means computing $p(z)$ is threoretically 4096 wrong-field multiplications and 4096 wrong-field divisions, far fewer than would be required for BLS12-381 elliptic curve operations.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Under the current design, we wouldn't actually be computing p(z) in a circuit right?

But could/should we?

I.e. is it possible to effectively perform verify_kzg_proof(commitment, z, y, proof) in a circuit, and then have the user provide commitment, y, and proof.

This convinces the circuit that any blob with that commitment has all the tx effects.

Then on L1 we:

  1. store the commitments of the blobs at the time the block is proposed
  2. match the stored commitments against the user provided ones when circuit verified the opening

That convinces L1 that the blobs the circuit proved against matched the ones that were previously published.

Copy link
Contributor

@iAmMichaelConnor iAmMichaelConnor Sep 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MirandaWood mentioned this as a possible approach to me recently. But she has dismissed it (and I agree) that computing a BLS12-381 pairing inside a Noir circuit would be many many constraints and very difficult to audit (a huge blow-up in complexity that we should avoid)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Under the current design, we wouldn't actually be computing p(z) in a circuit right

The barycentric formula is a way of computing p(z), so technically we are computing it in the circuit with this proposal

@just-mitch
Copy link
Collaborator

Hey @LHerskind , @iAmMichaelConnor , @MirandaWood ,

Just to confirm, the design presented here is the one we're planning to implement in the immediate term right?

@MirandaWood
Copy link
Contributor

Hey @LHerskind , @iAmMichaelConnor , @MirandaWood ,

Just to confirm, the design presented here is the one we're planning to implement in the immediate term right?

I do need to make some small changes/clarifications to the write up, but for the maths/rollup circuits sections, generally yes. As for L1, I think @iAmMichaelConnor is still thinking about the multi-commitment multi-opening method so unsure on that.

@MirandaWood MirandaWood mentioned this pull request Oct 9, 2024
Closed
@iAmMichaelConnor
Copy link
Contributor

So this is an old PR, and of course this all got implemented last year. What do we do with this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iAmMichaelConnor iAmMichaelConnor iAmMichaelConnor left review comments

@just-mitch just-mitch just-mitch left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@LHerskind @just-mitch @MirandaWood @iAmMichaelConnor