Silo unencrypted and generic encrypted logs in the tail kernel circuits #6537
Comments
This was referenced May 20, 2024
MirandaWood
added a commit
that referenced
this issue
May 24, 2024
Closes #6537 ### Siloing logs #### Unencrypted logs This PR now silos unencrypted logs by hashing their value with their contract address in the tail kernels. For easier reviewing, this is under commit [8c9faee](8c9faee). The main changes are: - `LogHash` -> `ScopedLogHash`, and siloing the hash value in tails - Replicating siloing in `TxsDecoder` L1 contract (the log itself contains the contract address, so we just use that) - Replicating siloing in ts (`hash()` in `tx_l2_logs`) #### Encrypted logs Following the [protocol](https://docs.aztec.network/protocol-specs/logs#hashing-2), we use `maskedContractAddress = pedersen(contractAddress, randomness)` to silo encrypted non-note logs where the `randomness` is provided by the original private call. Since this requires an extra piece of information to 'follow' encrypted logs through the context, kernels, and ts, there are a lot of changes. See [93e61ae](93e61ae) for easier reviewing. Main changes are: - The oracle now also emits `randomness` and `contractAddress` so we can track and silo the log in ts. - `LogHash` -> `EncryptedLogHash` in context and pre-tail kernels to include `randomness` (following [protocol struct](https://docs.aztec.network/protocol-specs/circuits/private-function#encryptedloghash)). - `LogHash` -> `ScopedEncryptedLogHash` in accumulated data, to silo the log in the tail. - Replicating siloing in `TxsDecoder` by providing `maskedContractAddress` in the block logs and extracting during hashing. - Added `EncryptedL2NoteLog`and refactored `EncryptedL2Log` for non-note encrypted logs in ts, since we need to hash and serialise the logs differently. #### Note logs length To keep the code consistent and readable, I also added `note_encrypted_log_preimages_length` as its own property in the tail kernel, rollup, and `tx` struct in [a54dbd5](a54dbd5). #### Notes & TODOs - Note that the protocol describes the siloed log hash as `H(value, address)`, but all other siloed values in the kernels have `H(address, value)`, so I followed the latter. - `maskedContractAddress` has been renamed from `contractAddressTag` (as the term `tag` is already used for note processing) to avoid confusion. - I was originally going to rename `LogHash` -> `UnencryptedLogHash`, but found that it's easier and a bit cheaper to convert `ScopedEncryptedLogHash` -> `LogHash` when using `expose_to_public`, since we remove the `randomness` and have the same struct as an unencrypted log. Happy to create a separate struct if that's clearer in the code however. --- - [x] Silo unencrypted logs - [x] Silo encrypted (non-note) logs - [x] Add `note_encrypted_log_preimages_length` separately to circuits and tx effects
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need to silo unencrypted logs and encrypted logs not linked to notes in the tail circuit.
Event Logsin 🧚♂️ Keys #5606.The text was updated successfully, but these errors were encountered: