Skip to content

Commit

Permalink
refactor: optimizing DA cost with new point compression
Browse files Browse the repository at this point in the history
  • Loading branch information
benesjan committed Jul 15, 2024
1 parent bf8149c commit 994a742
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 17 deletions.
20 changes: 10 additions & 10 deletions noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ pub fn compute_encrypted_event_log<Event, NB, MB, OB>(
// @todo We ignore the tags for now

let eph_pk_bytes = pub_key_to_bytes(eph_pk);
for i in 0..64 {
for i in 0..33 {
encrypted_bytes[64 + i] = eph_pk_bytes[i];
}
for i in 0..48 {
encrypted_bytes[128 + i] = incoming_header_ciphertext[i];
encrypted_bytes[176 + i] = outgoing_Header_ciphertext[i];
encrypted_bytes[97 + i] = incoming_header_ciphertext[i];
encrypted_bytes[145 + i] = outgoing_Header_ciphertext[i];
}
for i in 0..176 {
encrypted_bytes[224 + i] = outgoing_body_ciphertext[i];
encrypted_bytes[193 + i] = outgoing_body_ciphertext[i];
}
// Then we fill in the rest as the incoming body ciphertext
let size = OB - 400;
Expand All @@ -63,7 +63,7 @@ pub fn compute_encrypted_event_log<Event, NB, MB, OB>(
// Current unoptimized size of the encrypted log
// incoming_tag (32 bytes)
// outgoing_tag (32 bytes)
// eph_pk (64 bytes)
// eph_pk (33 bytes)
// incoming_header (48 bytes)
// outgoing_header (48 bytes)
// outgoing_body (176 bytes)
Expand Down Expand Up @@ -100,15 +100,15 @@ pub fn compute_encrypted_note_log<Note, N, NB, M>(
// @todo We ignore the tags for now

let eph_pk_bytes = pub_key_to_bytes(eph_pk);
for i in 0..64 {
for i in 0..33 {
encrypted_bytes[64 + i] = eph_pk_bytes[i];
}
for i in 0..48 {
encrypted_bytes[128 + i] = incoming_header_ciphertext[i];
encrypted_bytes[176 + i] = outgoing_Header_ciphertext[i];
encrypted_bytes[97 + i] = incoming_header_ciphertext[i];
encrypted_bytes[145 + i] = outgoing_Header_ciphertext[i];
}
for i in 0..176 {
encrypted_bytes[224 + i] = outgoing_body_ciphertext[i];
encrypted_bytes[193 + i] = outgoing_body_ciphertext[i];
}
// Then we fill in the rest as the incoming body ciphertext
let size = M - 400;
Expand All @@ -120,7 +120,7 @@ pub fn compute_encrypted_note_log<Note, N, NB, M>(
// Current unoptimized size of the encrypted log
// incoming_tag (32 bytes)
// outgoing_tag (32 bytes)
// eph_pk (64 bytes)
// eph_pk (33 bytes)
// incoming_header (48 bytes)
// outgoing_header (48 bytes)
// outgoing_body (176 bytes)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ pub fn point_to_symmetric_key(secret: Scalar, point: Point) -> [u8; 32] {
let shared_secret: Point = multi_scalar_mul([point], [secret]);
// TODO(https://github.com/AztecProtocol/aztec-packages/issues/6061): make the func return Point struct directly
let shared_secret = pub_key_to_bytes(shared_secret);
let mut shared_secret_bytes_with_separator = [0 as u8; 65];
let mut shared_secret_bytes_with_separator = [0 as u8; 34];
shared_secret_bytes_with_separator = arr_copy_slice(shared_secret, shared_secret_bytes_with_separator, 0);
shared_secret_bytes_with_separator[64] = GENERATOR_INDEX__SYMMETRIC_KEY;
shared_secret_bytes_with_separator[33] = GENERATOR_INDEX__SYMMETRIC_KEY;
sha256(shared_secret_bytes_with_separator)
}

Expand Down
16 changes: 12 additions & 4 deletions noir-projects/noir-protocol-circuits/crates/types/src/point.nr
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ use dep::std::embedded_curve_ops::EmbeddedCurvePoint as Point;
use crate::{traits::{Empty, Hash, Serialize}, hash::poseidon2_hash};

global POINT_LENGTH: Field = 3;
// I am storing the modulus divided by 2 plus 1 here because full modulus would throw "String literal too large" error
// Full modulus is 21888242871839275222246405745257275088548364400416034343698204186575808495617
global BN254_FR_MODULUS_DIV_2: Field = 10944121435919637611123202872628637544274182200208017171849102093287904247808;

impl Serialize<POINT_LENGTH> for Point {
fn serialize(self: Self) -> [Field; POINT_LENGTH] {
Expand Down Expand Up @@ -31,14 +34,19 @@ impl Empty for Point {
///
/// We don't serialize the point at infinity flag because this function is used in situations where we do not want
/// to waste the extra byte (encrypted log).
pub fn pub_key_to_bytes(pk: Point) -> [u8; 64] {
pub fn pub_key_to_bytes(pk: Point) -> [u8; 33] {
assert(!pk.is_infinite, "Point at infinity is not a valid public key.");
let mut result = [0 as u8; 64];
let mut result = [0 as u8; 33];
let x_bytes = pk.x.to_be_bytes(32);
let y_bytes = pk.y.to_be_bytes(32);
for i in 0..32 {
result[i] = x_bytes[i];
result[i + 32] = y_bytes[i];
}
// We store only a "sign" of the y coordinate because the rest rest can be derived from the x coordinate. To get
// the sign we check if the y coordinate is greater than the curve's order minus 1 divided by 2.
if !BN254_FR_MODULUS_DIV_2.lt(pk.y) {
// y is <= (modulus - 1) / 2 so we set the byte to 1
result[32] = 1;
}

result
}
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ export function deriveAESSecret(secretKey: GrumpkinScalar, publicKey: PublicKey)
}
const curve = new Grumpkin();
const sharedSecret = curve.mul(publicKey, secretKey);
const secretBuffer = Buffer.concat([sharedSecret.toBuffer(), numToUInt8(GeneratorIndex.SYMMETRIC_KEY)]);
const secretBuffer = Buffer.concat([sharedSecret.toCompressedBuffer(), numToUInt8(GeneratorIndex.SYMMETRIC_KEY)]);
const hash = sha256(secretBuffer);
return hash;
}

0 comments on commit 994a742

Please sign in to comment.