The rollup can compute `new_nullifiers_hash` #1

LHerskind · 2023-03-07T16:26:32Z

Part of https://github.com/AztecProtocol/aztec3-milestones/issues/18

We need to demonstrate to the L1 Rollup Contract that the gigantic bytes
of calldata actually relate to a single hash which has been submitted 
(to save on on-chain snark verification costs). 
The only way to do that (without eip-4844) is to re-hash the data on-chain. 
Sha256 is a cheap hash on-chain. 
But this isn't great - it means we're hashing everything twice in the circuits; 
with two different hashes.

Build the root of a merkle tree where the bottom leafs are computed as the sha256 of the nullifiers from 2 kernels. Notice that the specific number fo nullifiers can change, initially we expect it to be 4 per kernel, so padding might be fine for now, depends on what Mike thinks. The rest of the tree is just sha256(childA, childB).

The text was updated successfully, but these errors were encountered:

LHerskind mentioned this issue Mar 7, 2023

The rollup can compute new_commitments_hash #3

Closed

LHerskind self-assigned this Mar 8, 2023

LHerskind mentioned this issue Mar 10, 2023

Scaffold Rollup #8

Merged

LHerskind closed this as completed in #8 Mar 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The rollup can compute `new_nullifiers_hash` #1

The rollup can compute `new_nullifiers_hash` #1

LHerskind commented Mar 7, 2023

The rollup can compute new_nullifiers_hash #1

The rollup can compute new_nullifiers_hash #1

Comments

LHerskind commented Mar 7, 2023

The rollup can compute `new_nullifiers_hash` #1

The rollup can compute `new_nullifiers_hash` #1