-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cache the VK when the VM is created #12975
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #12975 +/- ##
=========================================
- Coverage 62.3% 62.2% -0.1%
=========================================
Files 828 828
Lines 185844 185996 +152
=========================================
Hits 115858 115858
- Misses 69986 70138 +152 ☔ View full report in Codecov by Sentry. |
1587f53
to
96f2bf2
Compare
96f2bf2
to
6a2557e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you have a lot of commented out printlns throughout the code, is that intentional?
6a2557e
to
e71b0c5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I completely missed the keyless_account.move change. looks good now
e71b0c5
to
109a583
Compare
@@ -31,7 +44,7 @@ module aptos_framework::keyless_account { | |||
} | |||
|
|||
#[resource_group_member(group = aptos_framework::keyless_account::Group)] | |||
struct Configuration has key, store { | |||
struct Configuration has key, store, drop, copy { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think an initialization func for this resource is missing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i guess update_configuration()
played the role before but not any more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually not an issue because on_new_epoch
plays this role now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm but you will still need an initialize()
for genesis...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed. The genesis initialization will merely queue up the changes... A reconfiguration will be needed to apply the buffer.
/// Pre-validate the VK to actively-prevent incorrect VKs from being set on-chain. | ||
fun validate_groth16_vk(vk: &Groth16VerificationKey) { | ||
// Could be leveraged to speed up the VM deserialization of the VK by 2x, since it can assume the points are valid. | ||
assert!(option::is_some(&crypto_algebra::deserialize<bn254_algebra::G1, bn254_algebra::FormatG1Compr>(&vk.alpha_g1)), E_INVALID_BN254_G1_SERIALIZATION); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if bn254Structures
is disabled, we can't update vk?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. Is that a problem? I figured it would be wise to check validity here & preempt bad VKs from being set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nits.
let result = info | ||
.client() | ||
.submit_without_serializing_response(&signed_txn) | ||
.await; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: you can just unwrap
here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there's too many debug code in the pr
config.max_exp_horizon_secs = max_exp_horizon_secs; | ||
|
||
update_configuration(fx, config); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is not used in the cache right?
One problem left in this PR: setting the VK and Configuration in genesis for devnet will no longer work instantly. The updates will only get applied after an epoch change... Might want to fix that to avoid surprises when we redeploy devnet. |
first two epochs are only 1 transaction long, so that should be fine? can we confirm that from the forge run, are the grafana dashboards that you can see when VK kicks in? |
0e79cf1
to
1c88448
Compare
@@ -63,8 +66,8 @@ pub(crate) static SAMPLE_JWT_PAYLOAD_JSON: Lazy<String> = Lazy::new(|| { | |||
{} | |||
"locale":"en", | |||
"iat":1700255944, | |||
"exp":2700259544, | |||
"nonce":"{}" | |||
"nonce":"{}", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @heliuchuan, not sure how you succeeded in generating a proof in the past for this since there was no comma after nonce
... nor a }
1c88448
to
e59b2f5
Compare
cd98e22
to
0fca756
Compare
Fixed this by directly writing things in genesis. |
0fca756
to
05978aa
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
this optimization defers the update of the VK to the end of an epoch, which allows us to maintain a fresh view of the deserialized VK in Rust when creating a new VM
05978aa
to
69c706c
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
✅ Forge suite
|
✅ Forge suite
|
Description
This optimization defers updating the on-chain Groth16 VK to the end of a (consensus) epoch using @zjma's
ConfigBuffer
. (Originally, tried a different approach in this PR).This is done for two reasons:
This PR also contains a few minor changes:
Authenticator size tests
Tested the byte sizes of a serialized keyless pubkey and signature:
Keyless TXN verification times
Before this change, for each TXN verification we incurred:
After this change:
Type of Change
Which Components or Systems Does This Change Impact?
How Has This Been Tested?
aptos-move/e2e-move-tests
testsuite/smoke
In both test suites, we submit keyless TXNs to test that:
Key Areas to Review
keyless_account.move
; i.e., are properly deferring all on-chain config updates viaconfig_buffer.move
AptosVM::validate_signed_transaction
when no VK is cached in the VM (inaptos-move/aptos-vm/src/aptos_vm.rs
)Checklist