Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Migrate accounts to auth witness #2281

Merged
merged 15 commits into from
Sep 15, 2023
Merged

Conversation

spalladino
Copy link
Collaborator

@spalladino spalladino commented Sep 13, 2023

Changes all account contracts to use auth witnesses for authentication

Noir

  • Auth witnesses now have variable length.
  • Introduces an AccountActions module in Noir that abstracts most of the account contract requirements, leaving only is_valid to be implemented by the developer.
  • Removes the AccountInterface helper in Noir in favor of two assert_valid functions.

Accounts

  • Introduces a BaseAccountContract in ts, such that an account dev only needs to provide the abi, deploy args, and an AuthWitnessProvider that is basically a signer. Removes all the different entrypoint implementations, since we now have just a single one.
  • Adds a set of AuthWitnesses to a TxExecutionRequest, which is used by the simulator during that tx run, so it doesn't need to be persisted in the local db.
  • Renames Account to AccountManager.
  • Renames Entrypoint to AccountInterface.

Wallet

  • Adds a single createAuthWitness method to the Wallet interface that creates and registers the witness.
  • Adds a convenience setPublicAuth to the AccountWallet implementation for crafting the tx that sets a public auth (I think we can do better here though, it should be easy for the dev to create an action where they also include several public auths as part of a batch, but we can push that for later).
  • Kills EntrypointWallet and AuthWitnessEntrypointWallet in favor of a single AccountWallet.

Docs

  • Yes.

Fixes #2043

@spalladino spalladino force-pushed the palla/auth-wits-everywhere branch from 5db62dc to 54e42ff Compare September 14, 2023 18:30
@spalladino spalladino force-pushed the palla/auth-wits-everywhere branch from 8814c9e to cf3a745 Compare September 14, 2023 19:41
@spalladino spalladino marked this pull request as ready for review September 14, 2023 20:28
Copy link
Contributor

@LHerskind LHerskind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks amazing. Minor nits added.

image

@@ -73,7 +73,9 @@ export class PrivateFunctionExecution {
return toACVMField(await this.context.packedArgsCache.pack(args.map(fromACVMField)));
},
getAuthWitness: async ([messageHash]) => {
return (await this.context.db.getAuthWitness(fromACVMField(messageHash))).map(toACVMField);
const witness = await this.context.getAuthWitness(fromACVMField(messageHash));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

}

// TODO: See if we can remove this function. Maybe we can have the entrypoint call directly into internal_set_is_valid_storage..?
fn set_is_valid_storage(self, message_hash: Field, value: Field) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let value be a bool instead.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the function is internal this should be fine for us to do. Should also make it pretty straightforward for us to make multiple insertions and sandwich our own tx with a set and unset (unsure if this actually save us gas, because we went from "nothing -> true -> false".

actions = [
  set_is_valid_storage(A, true),
  execute_action(A),
  set_is_valid_storage(A, false),
]

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nothing -> true -> false

I guess it'll depend on whether we differentiate empty from zero in public state? Are we making that distinction now?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

initially 0, but I think it might get a little weird because of the larger storage tree that we are using 🤔 essentially inserting into it, and a removal would normally be to set the value to zero, but that value is still in the tree and it is different from nothing. I'm not fully sure at what point in public execution the database will actually be updated, @iAmMichaelConnor or @dbanks12 might know a bit here? Ideally the squashing should mean that there is nothing in the tx but I'm not completely sure when the first change is insertion.

let _void = private_context.call_public_function(private_context.this_address(), selector, [message_hash, value]);
}

fn internal_set_is_valid_storage(self, message_hash: Field, value: Field) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let value be a bool instead.

}

#[aztec(private)]
fn set_is_valid_storage(message_hash: Field, value: Field) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following the note from earlier. I think we should be able to just have the internal and then use the entry-point to enter it. Would be pretty clean I think 👀. But let us look into that in a separate pr to not delay this one to run into merge hell.

@@ -26,8 +26,8 @@ export function getEcdsaAccount(
encryptionPrivateKey: GrumpkinPrivateKey,
signingPrivateKey: Buffer,
saltOrAddress?: Salt | CompleteAddress,
): Account {
return new Account(rpc, encryptionPrivateKey, new EcdsaAccountContract(signingPrivateKey), saltOrAddress);
): AccountManager {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the function name convey that it is an account manager. I think it is fine as it is, just wanted to point it out.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had tried that change and reverted it. I agree it should be a manager, but I also like it more as it is.


// docs:start:account-interface
/** Creates authorisation witnesses. */
export interface AuthWitnessProvider {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name of the file pains me a little since it is unclear that there are multiple interfaces in here etc 😬 I kinda like the IName but this is just my preference really.

Copy link
Collaborator Author

@spalladino spalladino Sep 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to avoid IName for consistency, since we're not using it across the codebase, even though it reminds me of my good old C# days. As for the name, agree, it's nasty calling something "Interface" when it's not referring to a language interface. I asked ChatGPT for ideas and it suggested Handler as an alternative, but I don't find it very clear either.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets leave it be for now then.


/**
* Returns a function interaction to set a message hash as authorised in this account.
* Public calls can then consume this authorisation.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Being a pain here. But, should we not use authorize for the American spelling similar to changes made to serialize and deserialize? Not sure I did that myself actually, but for consistency 😅

}

#[aztec(public)]
internal fn internal_set_is_valid_storage(message_hash: Field, value: Field) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned earlier, with newest aztec noir version should be good to use bools for the value


// docs:start:account-interface
/** Creates authorisation witnesses. */
export interface AuthWitnessProvider {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets leave it be for now then.

@@ -62,16 +62,6 @@ impl AccountActions {
}
}

// TODO: See if we can remove this function. Maybe we can have the entrypoint call directly into internal_set_is_valid_storage..?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rainbow Frog GIF

@spalladino spalladino merged commit 91152af into master Sep 15, 2023
@spalladino spalladino deleted the palla/auth-wits-everywhere branch September 15, 2023 13:20
kevaundray pushed a commit that referenced this pull request Sep 15, 2023
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-packages: 0.7.4</summary>

##
[0.7.4](aztec-packages-v0.7.3...aztec-packages-v0.7.4)
(2023-09-15)


### Features

* Elliptic Curve Virtual Machine Circuit
([#1268](#1268))
([f85ecd9](f85ecd9))
* Exposing nargo version via `NodeInfo`
([#2333](#2333))
([1c2669c](1c2669c)),
closes
[#2332](#2332)
* Migrate accounts to auth witness
([#2281](#2281))
([91152af](91152af)),
closes
[#2043](#2043)


### Bug Fixes

* Aztec-nr mirror url
([#2321](#2321))
([aaf7f67](aaf7f67))
* **build:** Fixed paths on s3 deployments
([#2335](#2335))
([38c7979](38c7979))


### Miscellaneous

* Do not format boxes with global format
([#2326](#2326))
([2fe845f](2fe845f))
* Remove native token
([#2280](#2280))
([4032d01](4032d01))
* Rename getAccounts to getRegisteredAccounts
([#2330](#2330))
([c7f3776](c7f3776))
</details>

<details><summary>barretenberg.js: 0.7.4</summary>

##
[0.7.4](barretenberg.js-v0.7.3...barretenberg.js-v0.7.4)
(2023-09-15)


### Miscellaneous

* **barretenberg.js:** Synchronize aztec-packages versions
</details>

<details><summary>barretenberg: 0.7.4</summary>

##
[0.7.4](barretenberg-v0.7.3...barretenberg-v0.7.4)
(2023-09-15)


### Features

* Elliptic Curve Virtual Machine Circuit
([#1268](#1268))
([f85ecd9](f85ecd9))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

Align entry-points and wallets
2 participants