Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat-mint-and-burn #73

Merged
merged 50 commits into from Mar 29, 2019

Conversation

Projects
None yet
2 participants
@thomas-waite
Copy link
Collaborator

thomas-waite commented Mar 19, 2019

Summary

This PR implements minting and burning functionality for AZTEC. It is necessary because some assets require a method whereby they can directly mint and burn AZTEC notes, and at the same time we must be able to keep track of the total minted and total burned. The mint and burn proofs are modifications of the join-split proof.

This PR includes:

  • Proof construction
  • Smart contract proof verification
  • Custom ABI encoding
  • Modifications to the note registry, to be compatible with mint and burn
  • Two new ZKERC20 contracts: ZKERC20Mintable.sol and ZKERC20Burnable.sol

Formal papers describing the mint and burn proofs will be made available.

Implementation

Mint and burn proofs

The mint and burn proofs are simple adaptations of the join-split proof. There is one input note, and n output notes.

The input note and first output note, represent notes used to keep track of the old and new total minted/burned. The remaining output notes then correspond to newly minted/burned notes. Both the mint and burn proofs act in an identical manner, allowing them to use the same smart contract verifier - AdjustSupply.sol

AdjustSupply.sol and AdjustSupplyABIEncoder.sol

AdjustSupply.sol

Performs mint and burn proof verification.

AdjustSupplyABIEncoder.sol

Encodes the output of the mint and burn proof verification into Cryptography Engine compatible format. It is important to note that the output bytes proofOuputs is now seperated into two bytes proofOutput objects - i.e. two sets of transfer instructions. The first contains the old/new total minted/burned notes and the second contains the notes that have been minted/burned.

ACE.sol

Has two new functions mint() and burn(). These perform the minting and burning functionality according to this flow: 1) validate the mint/burn proof, 2) update the total[Minted/Burned] note with the new note representing this, 3) update the note registry by creating or destroying notes (depending on if it was a mint or burn operation).

ZkAssetMintable.sol

Inherits from the ZkAsset.sol contract and has one function confidentialMint(). This allows it to call mint() from ACE.

ZkAssetBurnable.sol

Inherits from the ZkAsset.sol contract and has one function confidentialBurn(). This allows it to call burn() from ACE.

It should be noted that, in order for ZkAssetMintable.sol and ZkAssetBurnable.sol, to be able to instantiate note registries with mint and burn priviledges enabled - these canMint, canBurn and canConvert constructor arguments have been exposed.

Packages Updated

  • aztec.js
    Now contains proof construction code for mint and burn in proof/mint and proof/burn. Contains ABI encoding functions for mint and burn in the abiEncoder folder. Plus associated tests.

  • protocol
    Addition of 4 smart contracts:

  1. AdjustSupply.sol
  2. AdjustSupplyABIEncoder.sol
  3. ZkAssetMintable.sol
  4. ZkAssetBurnable.sol

Checklist

  • Prefix PR title with [WIP] if necessary.
  • Write JavaScript proof construction code for mint and burn proofs
  • Write JavaScript proof verification code for mint and burn proofs
  • Write tests for JS mint and burn proofs
  • Write AdjustSupply.sol verification smart contract
  • Write AdjustSupplyABIEncoding.sol - splitting bytes proofOutputs into two bytes proofOutput objects
  • Write tests for smart contracts
  • Refactor mint and burn methods in ACE.sol
  • Write ZkAssetMintable.sol
  • Write ZkAssetBurnable.sol
  • Write tests for mint() and burn() methods, along with ZkAssetMintable.sol and ZkAssetBurnable.sol contracts
  • Update documentation when needed.

@thomas-waite thomas-waite self-assigned this Mar 19, 2019

@thomas-waite thomas-waite force-pushed the feat-mint-and-burn branch from b220855 to caee39b Mar 26, 2019

@thomas-waite thomas-waite changed the title [WIP] feat-mint-and-burn feat-mint-and-burn Mar 26, 2019

@thomas-waite thomas-waite requested a review from zac-williamson Mar 26, 2019

thomas-waite added some commits Mar 9, 2019

Remove helper methods now available in proofUtils (error handling wor…
…k merged into master) for mint proof

Implement mint proof construction tests and make pass
Move generateBlindingScalars() into proofUtils, from proof/joinSplit
Adapt the convertTranscript() function so that the same function will work with different types of join split proofs
Implement proof construction and verification JavaScript tests for th…
…e mint proof

Minor updates to verification tests for dividendComputation proof - now use a proofUtil method rather than a function defined in the script
Implement burn proof construction and verification + tests
(same as mint proof, except for some variable name changes)

Update some testing names the proof/.../...spec.js scripts
Implement test for mint proodata ABI encoding - proof.spec.js
Minor tidying up elsewhere - remove .only on some tests and import local versions of npm modules
Remove the extra hash step in calculating x, for mint.constructProof(…
…) and mint.verifyProof() - not consistent with smart contract

Lint fix for proof/joinSplit
Update Mint.sol to use .encodeAndExit() function of MintABIEncoder
Add a passing test in abiEncoder.js and update test in validators/mint/index.js to reflect output of Mint.sol
Move all encode[proofName]Transaction functions from the protocol/...…
…/ACE/validator test files to aztec.js/.../proof/[proofName]

Done to give better compartmentalisation of proof related functions

Remove mint tests taken from joinSplit - a future commit will implement mint compatible tests
Name change throughout - 'mint' changed to 'adjustSupply' and 'burn' …
…folders/scripts removed

Done to reflect the fact that both mint and burn operations will reference the same smart contract verifier, and their proof construction logic is essentially the same
Update various outputCoder methods to deal with metaData for input/ou…
…tput notes (the order is reversed for mint/burn operations)
Implement proper ABI encoding for AdjustSupplyABIEncoder.sol
Mint and burn operations output two bytes proofOutput arguments in bytes proofOutputs. The first contains the new total (minted/burned) and old total (minted/burned) notes. The second contains the newly minted/burned notes.

The ABI output encoding smart contract has been edited to perform this
Update adjustSupply/index.js test to reflect output of ABI output sma…
…rt contract coder. There are now two bytes proofOutput arguments

Update const expectedOutput in proof/adjustSupply/index.js to reflect the fact that two proofOutput bytes arguments are expected.
Remove un-needed for loops - just iterating once - in AdjustSupplyABI…
…Encoder.sol.

Comment tidy up in AdjustSupplyABIEncoder.sol

Minor comment add in JoinSplitABIEncoder.sol, to explain a step
Interface change on proof construction side - replace 'adjustSupply' …
…functions with 'mint' and 'burn' functions

They have the same functionality - except the input note and first output note map to different notes

Changes touch many files

[ci skip]
}

// proofEpoch = 1 | proofCategory = 0 | proofId = 1
// 1 * 256**(2) + 0 * 256**(1) ++ 1 * 256**(0)
uint24 public constant JOIN_SPLIT_PROOF = 65537;

This comment has been minimized.

Copy link
@zac-williamson

zac-williamson Mar 28, 2019

Collaborator

might help to represent these ints in their hex form: 0x010001 (0x010101 after the category changes in master branch)

});
});

describe('failure states', () => {

This comment has been minimized.

Copy link
@zac-williamson

zac-williamson Mar 28, 2019

Collaborator

We should add a test that creates 2 note registries linked to the same ERC20 token. In 1st registry, tokens (say, 'x' amount) converted into notes. In 2nd registry, a note is minted, and then converted into 'x' tokens. This must cause ACE to throw.

This comment has been minimized.

Copy link
@thomas-waite

thomas-waite Apr 7, 2019

Author Collaborator

Moved to testing checklist

await truffleAssert.reverts(adjustSupplyContract.validateAdjustSupply(proofData, senderAddress, constants.CRS, opts));
});

it('validates failure when using a fake challenge and fake proof data', async () => {

This comment has been minimized.

Copy link
@zac-williamson

zac-williamson Mar 28, 2019

Collaborator

We should test that this throws if there are 0 output notes.

This comment has been minimized.

Copy link
@thomas-waite

thomas-waite Apr 7, 2019

Author Collaborator

Moved to testing checklist

thomas-waite added some commits Mar 29, 2019

Implement PR feedback
Refactor mint and burn proof construction to check if the number of inputted notes is sufficient (via proofUtils.parseInputs) and then to call the joinSplit proof construction code. Similar refactoring for mint and burn proof verification

Refactored proofUtils.parseInputs() to include a proofIdentifier argument, which checks note number if proof is mint or burn

Similarly, refactored proofUtils.convertTranscript() to push INCORRECT_NOTE_NUMBER error into error array if mint or burn and wrong num notes

Added in a
Implement PR feedback. Add in proof construction and verification tes…
…ts that error is thrown/recorded when num notes < 2

Add in tests for burn proof
Implement PR feedback
Fix typo in updateNoteRegistry() function, remove unnecessary checks in mint() and burn(), explanatory comment for note hashes, increment note registry total in supplementTokens() functionx
Implement PR feedback - make ZkAssetMintable.sol and ZkAssetBurnable.…
…sol inherit from ZkAssetOwnable for permissioning

Add in a permissioning check to confidentialMint()

Change equality from less than or equal to, to less than (line 70)

Minor comment removal in JoinSplitABIEncoder.sol

Validate that m < n, rather than m <= n in AdjustSupply.sol. Instantiate kn as 0, rather than kPublic
Implement PR feedback - return _proofOutputs from mint() and burn() r…
…ather than (newTotal, burned/mintedNotes) in ACE

Remove unused variables

Update ZkAssetMintable.sol and ZkAssetBurnable.sol to work with a return variable of _proofOutputs

Edit hash table in AdjustSupply.sol, to include hard coded m and kPublic values
Update package.json files to point to new beta npm modules
Minor syntax fix in verifier.spec.js files

@thomas-waite thomas-waite force-pushed the feat-mint-and-burn branch from 7c9ee66 to df72cb0 Mar 29, 2019

@zac-williamson zac-williamson merged commit 2a0c030 into master Mar 29, 2019

5 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: coverage Your tests passed on CircleCI!
Details
ci/circleci: lint Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
coverage/coveralls Coverage increased (+5.2%) to 93.652%
Details

@zac-williamson zac-williamson deleted the feat-mint-and-burn branch Mar 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.