Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(docs): Document slow update tree #3416

Merged
merged 28 commits into from
Dec 1, 2023
Merged
Show file tree
Hide file tree
Changes from 24 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
f366378
slow update tree explanation
catmcgee Nov 24, 2023
412b298
sidebar
catmcgee Nov 24, 2023
b7f91fb
how-to without include_code
catmcgee Nov 24, 2023
a477e0a
delete file
catmcgee Nov 24, 2023
777dc54
sidebar
catmcgee Nov 24, 2023
e1fef5a
docs build errors
catmcgee Nov 25, 2023
6dec84f
include_code
catmcgee Nov 26, 2023
05f4049
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 26, 2023
fd14bf2
fix typo
catmcgee Nov 26, 2023
43d687c
fix docs build errors
catmcgee Nov 26, 2023
cc5be40
Merge branch 'master' into docs-slow-updates-tree
critesjosh Nov 27, 2023
f9d37e3
Apply suggestions from code review
catmcgee Nov 28, 2023
7b22f94
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 28, 2023
7e2560f
address changes, added reference
catmcgee Nov 28, 2023
5c8a915
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 28, 2023
1db9550
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 28, 2023
84d7488
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 28, 2023
46cbad0
more information on each component, restructured, diagram
catmcgee Nov 29, 2023
4a66e8c
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 29, 2023
9f96bb2
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 29, 2023
d509627
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 29, 2023
08d0030
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 30, 2023
e6a95f5
historic -> historical
catmcgee Nov 30, 2023
33a0a8a
Merge branch 'master' into docs-slow-updates-tree
catmcgee Nov 30, 2023
d3c98c1
comments & grammar
catmcgee Dec 1, 2023
2f3e733
broken link
catmcgee Dec 1, 2023
78cd724
merge conflicts
catmcgee Dec 1, 2023
21b814d
Merge branch 'master' into docs-slow-updates-tree
catmcgee Dec 1, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/docs/concepts/foundation/communication/main.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ title: Contract Communication

This section will walk over communication types that behaves differently than normal function calls from.

Namely, if functions are in different domains, private vs. public, their execution behaves a little differently to what you might expect! See [Private <--> Public execution](./public_private_calls.md).
Namely, if functions are in different domains, private vs. public, their execution behaves a little differently to what you might expect! See [Private <--> Public execution](./public_private_calls/main.md).

Likewise, executing a function on a different domain than its origin needs a bit extra thought. See [L1 <--> L2 communication](./cross_chain_calls.md).
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ title: Private <--> Public execution

import Image from "@theme/IdealImage";

import Disclaimer from "../../../misc/common/\_disclaimer.mdx";
import Disclaimer from "../../../../misc/common/\_disclaimer.mdx";
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

<Disclaimer/>

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
---
title: Privately access Historical Public Data
---

In Aztec, private and public execution environments are completely separate and operate with distinct state management. It is not possible for private functions to reliably access the most recent public data public state - only sequencers can do that.
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

But, what about historical public data (or public data that changes infrequently)? Through a **slow updates tree**, private functions can access historical public state. Please note that we are still experimenting with this feature.

On this page you will learn:

1. Why a slow updates tree exists & use cases
2. How it works
3. How it can be used to access historical public data
4. Limitations

## The need for a slow updates tree
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

This structure was created specifically to privately & publicly access historical public data. It should be used to store public data that doesn't change often.

- Access historical public data from a private function
- Access historical public data from a public function
- Update public data (that does not need updated often) from public and private functions

This data structure is ideal for these use cases:

- Address Registry: Enabling contracts to interact with other contracts more easily requires address storage accessible in both public and private executions. This can be particularly helpful in things such as proxy contracts.
- Access Control: Managing privileges in contracts, such as a token contract owner’s ability to mint new tokens, is streamlined when control information is shared between public and private executions. This might include things like blacklists and whitelists.

## How it works

We developed the Slow Updates Tree to help balance public and private execution in a blockchain context. Earlier systems typically used either fully public or entirely private state trees.

**First iteration: Shared State Tree**

Using a shared state tree, it is possible to privately access historical public data by providing a membership proof to show that a value is indeed part of a commitment, and then check that the commitment matches the one stored in the state, as shown below.

```mermaid
graph TD;
Cm[Commmitment1] --> Vm1[Value1]
Cm --> Vm2[Value2]
Cm --> Vmn[Value3]
Vm1 --> Mp1[Membership Proof for Value1]
Mp1 --> St[Commitment in State]
St --> Cm
```

Note: a *commitment* refers to a cryptographic assurance that a specific set of data is included in the tree. In the current design, we are using Merkle trees to commit to the values.

However, these would be contract-specific trees, so we will be leaking the contract address of the contract doing a lookup.
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

**Second iteration: Multi-level Shared State Tree**
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

This privacy issue can be solved by organizing data into layers, with each contract having its own commitment within a larger tree. Only the top-level commitment is revealed.

```mermaid
graph TD;
C[Top Commitment] -->|Contains| C1[Commitment1]
C -->|Contains| Cm[Commitment2]
Cm -->|Contains| Vm1[Value1]
Cm -->|Contains| Vm2[Value2]
Cm -->|Contains| Vmn[Valuen]
```

However, this means that any canges in any contract's data will change the top-level commitment and invalidate the proofs for all other contracts.

**Third iteration: Slow Updates Tree**

To solve this, the Slow Updates Tree is a dual-tree structure - a current tree and a pending tree. Any updates are added to the pending tree, which then becomes the current tree at the end of an epoch. The pending tree is replicated from the current tree, and the cycle begins again.
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

```mermaid
graph TD;
Change{Epoch Over} -->|True| Current{Current}
catmcgee marked this conversation as resolved.
Show resolved Hide resolved
Change -->|False| Pending{Pending}
Current --> Current1[Current Commitment 1]
Current --> CurrentM[Current Commitment 2]
CurrentM --> Value1[Current Value 1]
CurrentM --> Value2[Current Value 2]
CurrentM --> ValueN[Current Value n]
Pending --> PendingM[Pending Commitment 1]
PendingM --> PValue1[Pending Value 1]
PendingM --> PValue2[Pending Value 2]
PendingM --> PValueN[Pending Value n]
```

This way, we can ensure that the values are stable throughout the epoch, and that the membership proofs are not invalidated by changes in other contracts more than once every epoch.

## Reads and Writes

### Accessing Data

*From public state:* Accessed directly from the state
*From private state:* Performs a membership proof for the values in the tree, ensuring that they are part of the commitment.
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

catmcgee marked this conversation as resolved.
Show resolved Hide resolved
### Updating Data

Updates are made to the pending tree. Then at the end of each epoch, the updates in the pending tree are committed and it becomes the current tree.
catmcgee marked this conversation as resolved.
Show resolved Hide resolved

## Limitations

### Delayed State Finality

Updates in the Slow Updates Tree are only finalized at the end of an epoch.

Developers are used to instant state updates, so the Slow Updates Tree might take some getting used to. But we believe this won't take long!

## Dive into the code

For a code walkthrough of how a token blacklist contract can use a slow updates tree, read [this](../../../../dev_docs/contracts/syntax/slow_updates_tree.md).
2 changes: 1 addition & 1 deletion docs/docs/concepts/foundation/main.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ A user of the Aztec network will interact with the network through Aztec.js. Azt

### Private Execution Environment

The PXE provides a secure environment for the execution of sensitive operations, ensuring private information and decrypted data are not accessible to unauthorized applications. It hides the details of the [state model](./state_model/main.md) from end users, but the state model is important for Aztec developers to understand as it has implications for [private/public execution](./communication/public_private_calls.md) and [L1/L2 communication](./communication/cross_chain_calls.md). The PXE also includes the [ACIR Simulator](../advanced/acir_simulator.md) for private executions and the KeyStore for secure key management.
The PXE provides a secure environment for the execution of sensitive operations, ensuring private information and decrypted data are not accessible to unauthorized applications. It hides the details of the [state model](./state_model/main.md) from end users, but the state model is important for Aztec developers to understand as it has implications for [private/public execution](./communication/public_private_calls/main.md) and [L1/L2 communication](./communication/cross_chain_calls.md). The PXE also includes the [ACIR Simulator](../advanced/acir_simulator.md) for private executions and the KeyStore for secure key management.

Procedurally, the PXE sends results of private function execution and requests for public function executions to the [sequencer](./nodes_clients/sequencer.md), which will update the state of the rollup.

Expand Down
4 changes: 2 additions & 2 deletions docs/docs/dev_docs/contracts/syntax/functions.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ In Aztec there are multiple different types of visibility that can be applied to

### Data Visibility

Data visibility is used to describe whether the data (or state) used in a function is generally accessible (public) or on a need to know basis (private). Functions with public data visibility are executed by the sequencer, and functions with private data visibility are executed by the user. For more information on why this is the case, see [communication](../../../concepts/foundation/communication/public_private_calls.md).
Data visibility is used to describe whether the data (or state) used in a function is generally accessible (public) or on a need to know basis (private). Functions with public data visibility are executed by the sequencer, and functions with private data visibility are executed by the user. For more information on why this is the case, see [communication](../../../concepts/foundation/communication/public_private_calls/main.md).

In the following sections, we are going to see how these two "types" co-exists and interact.

Expand Down Expand Up @@ -213,7 +213,7 @@ Calling a public function from another public function is quite similar to what

### Private -> Public

As discussed above, private function execution and calls take place on the user's device, while public function execution and calls take place on a sequencer, in two different places at two different times, it is natural to question how we can achieve composability between the two. The solution is asynchronicity. Further reading can be found in the foundational concepts [here](../../../concepts/foundation/communication/public_private_calls.md).
As discussed above, private function execution and calls take place on the user's device, while public function execution and calls take place on a sequencer, in two different places at two different times, it is natural to question how we can achieve composability between the two. The solution is asynchronicity. Further reading can be found in the foundational concepts [here](../../../concepts/foundation/communication/public_private_calls/main.md).

Private function execution takes place on the users device, where it keeps track of any public function calls that have been made. Whenever private execution completes, and a kernel proof is produced, the transaction sent to the network will include all of the public calls that were dispatched.
When the sequencer receives the messages, it will take over and execute the public parts of the transaction.
Expand Down
Loading