You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 3, 2023. It is now read-only.
We need to demonstrate to the L1 Rollup Contract that the gigantic bytes
of calldata actually relate to a single hash which has been submitted
(to save on on-chain snark verification costs).
The only way to do that (without eip-4844) is to re-hash the data on-chain.
Sha256 is a cheap hash on-chain.
But this isn't great - it means we're hashing everything twice in the circuits;
with two different hashes.
Build the root of a merkle tree where the bottom leafs are computed as the sha256 of the nullifiers from 2 kernels. Notice that the specific number fo nullifiers can change, initially we expect it to be 4 per kernel, so padding might be fine for now, depends on what Mike thinks. The rest of the tree is just sha256(childA, childB).
The text was updated successfully, but these errors were encountered:
Part of https://github.com/AztecProtocol/aztec3-milestones/issues/18
Build the root of a merkle tree where the bottom leafs are computed as the
sha256
of the nullifiers from 2 kernels. Notice that the specific number fo nullifiers can change, initially we expect it to be 4 per kernel, so padding might be fine for now, depends on what Mike thinks. The rest of the tree is justsha256(childA, childB)
.The text was updated successfully, but these errors were encountered: