Remove PrivateContextInputs as a required parameter to a private noir contract function
#1358
Comments
iAmMichaelConnor
added
T-refactor
iAmMichaelConnor
added
the
T-question
|
I love it, thanks so much for working on making Noir contracts easier to write. I'm trying to think if there's any downside security-wise, like if a malicious oracle could cheat in the inputs response, but I believe the circuit trusts that oracle result the same way it trusts the arguments it receives, right? |
|
Yes, I believe the oracle results are identical to parameters, from the perspective of a circuit, where all variables (inputs, oracle inputs, intermediate computated values, public inputs) are mapped to witness indices. |
|
Whilst it's in my head: We have an asymmetry between private functions and public functions. I don't have a complete proposal, so I'll just list pedantic things: Private functions have E.g. fn foo(
inputs: PrivateContextInputs,
) -> distinct pub abi::PrivateCircuitPublicInputs {
let mut context = Context::new(inputs, 0);
let msg_sender = context.msg_sender(); // I introduced a new method for this, and for other data which is provided via the `inputs`. It feels clean for the context to give meta info about the tx context and call context.
// We could alternatively do:
// let msg_sender = context.inputs.call_context.msg_sender;
// or
// let msg_sender = inputs.call_context.msg_sender;
// or
// let msg_sender = inputs.msg_sender(); // if we introduce a new method
// But if we get rid of the `inputs`, then the `context` is the only place to
// get this stuff from.
let return_values = context.call_public_function(...);
// We previously had PublicCallStackItem::call(...), but that felt clunky, and an ordinary dev
// shouldn't have to know about `PublicCallStackItem` at all.Public functions have E.g. open fn bar(
inputs: PublicContextInputs,
) -> distinct pub abi::PrivateCircuitPublicInputs {
// There is no context, but we could introduce one:
// let mut context = Context::new(inputs, 0);
// or better still, in keeping with the suggestion of this Github Issue:
// let mut context = Context::new(0); // inputs are 'got' via an oracle call.
let msg_sender = inputs.call_context.msg_sender;
// let msg_sender = context.msg_sender(); // I would like to introduce this kind of syntax for data which is provided via the `inputs`. It feels clean for a context to give meta info about the tx context and call context; especially if that's how we decide to do it in private functions.
let return_values = call_public_function(...); // notice, there's no `context` at the moment; it's a pure function.
// But this is asymmetrical from the private version of making a function call.
// For symmetry, it would be nice if we could do:
// let return_values = context.call_public_function(...);
// But we wouldn't have any use for `self` in such a method, so the syntax would become:
// let return_values = Context::call_public_function(...);
// Which still isn't very symmetrical... :( |
Feels like I'm reading my own writing!
Agree. Do we envision a future version in which
Why not require a |
|
An alternative would be to keep everything as pure functions, and just accumulate the data needed for Which under the hood would do something like: But I prefer having less magic and having the user deal directly with the context instance. |
|
Yes, we should be able to get the inputs in Context::new without issue in private functions, and the functions would look cleaner! It should be equivalent as you already discussed, oracle inputs should be the same as private inputs to the function. Regarding public functions we might just instead have a And regarding globals with initialization function AFAIK noir doesn't support globals that run functions on initialization right now, given that it doesn't support arithmetic operations either noir-lang/noir#1734 |
## Metadata **fixes** - #1484 **Relevant discussions** - #1358 (comment) ## Overview This PR aims to align the implementations of Public and Private state. - Currently public circuits do not have a context object, this will cause developers to have to learn more than one code path. **Other work I am thinking of completing within this PR** Right now, `PublicCircuitPublicInputs` (The object which is fed to the public kernel after circuit completion) is not created within the application circuit. It is created within the sequencer. If we zoom out, this is not a direct security concern as execution is occuring within the sequencer, however it does break away from the pattern seen within `PrivateExecution` where the result of each execution is the `PrivateCircuitPublicInputs` object. We could leave this as is, (alot of this code will be dumped when the vm arrives). However similar code paths will make building the library easier. For example, for some library methods we have two implementations, one for public and one for private. More and more standardisation would allow these methods to take in a generic context and utilise the same code paths. (A goal I think is worth pursuing). # Checklist: Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge. - [ ] If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag. - [ ] I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code. - [ ] Every change is related to the PR description. - [ ] I have [linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) this pull request to relevant issues (if any exist).
|
I guess this is stale, given @Maddiaa0 introduced macros to hide such boilerplate? Closing. |
## Metadata **fixes** - AztecProtocol/aztec-packages#1484 **Relevant discussions** - AztecProtocol/aztec-packages#1358 (comment) ## Overview This PR aims to align the implementations of Public and Private state. - Currently public circuits do not have a context object, this will cause developers to have to learn more than one code path. **Other work I am thinking of completing within this PR** Right now, `PublicCircuitPublicInputs` (The object which is fed to the public kernel after circuit completion) is not created within the application circuit. It is created within the sequencer. If we zoom out, this is not a direct security concern as execution is occuring within the sequencer, however it does break away from the pattern seen within `PrivateExecution` where the result of each execution is the `PrivateCircuitPublicInputs` object. We could leave this as is, (alot of this code will be dumped when the vm arrives). However similar code paths will make building the library easier. For example, for some library methods we have two implementations, one for public and one for private. More and more standardisation would allow these methods to take in a generic context and utilise the same code paths. (A goal I think is worth pursuing). # Checklist: Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge. - [ ] If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag. - [ ] I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code. - [ ] Every change is related to the PR description. - [ ] I have [linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) this pull request to relevant issues (if any exist).
This is a subjective one, seeking a minor prettification of Noir Contract code. Tagging @sirasistant , @LeilaWang , @spalladino for thoughts, as I think we've touched on this topic before (but anyone please feel welcome to comment).
Currently, every private function needs
inputs: PrivateContextInputsas a parameter:As a reminder, here's that struct:
An alternative (which I think has been considered in the past) would be to make an oracle call at the time of instantiating the
Context:I won't show an example for what the oracle function would look like.
The simulator, upon making a call to a function, would need to 'keep hold of' the
PrivateContextInputsdata, awaiting an oracle call which would then fetch that data and feed it into the circuit.The text was updated successfully, but these errors were encountered: