ci: upload ceremony file to storage #3
Conversation
There was a problem hiding this comment.
This workflow might be run for different environments, for testing purposes, etc., so having it simply moved to the address https://ceremony.codex.storage/proof_main.zkey does not really make sense to me. What is the goal of having it under this address? Is this URL then meant to be used for distributing the zkey to the Codex storage nodes?
|
Also what about cleanup of those files? As I said, it might be used for some testing etc... The Github Artifacts has 5 days expiry, so they will be automatically cleaned up, but if we move it to S3 then is there some planned retention or cleanup? |
|
also this is as of now is completely unsafe, so better call it something which clearly indicates that it is temporary and purely for testing purposes? (ceremony is not a good word either. let's call it "proving key", that's what is. It is generated by a circuit-specific trusted setup ceremony, which is of course completely not to be trusted because it's faked by the CI :) |
Good question and for initial tests, have a static name maybe helpful. If you think that not at all - let's use just a sha256.
We have 10GB Free tier and I will add rotation via bash once it will be clear how many files we would like to store. We can't use just Expiration because we need at least one file always to be accessible. My initial plan was to store no more than 10 x 5GB of data. But can we store just 2 last files? Do you ave any proposal about that? |
Good point, and your proposal |
|
I meant mainly the file name. The URL is not bad actually, though maybe can figure out something better later? It could be for example |
Sure, If you think that it is better representation - let's switch to it. |
|
Did an updated based on the comments
|
|
So, I have been thinking about this a bit more. I have not really been part of the discussion regarding how to distribute the Zkey file and other things, so I am wondering what is the goal of this? The key thing we need to remember is that we need to keep synchronized several things. Otherwise, the proving won't work correctly. The things I keep in mind are the Sooo that brings me back to the "why we need this patch" question. My original idea about how this workflow will be used is that, if somebody decides that new version of circuit assets needs to be generated, then he will then download the generated artifacts and disseminate the assets (zkey, verifier etc.) to the appropriate places manually. If we want to automatize the "disseminating" part, then we should do it IMHO for all the required parts. |
|
All story started during the last Client meeting and a way to ship circuit file for proofs verification. We discussed several ways like, ship with Docker image, use Codex Nodes (will be done later), CDN. Some details are here - https://github.com/codex-storage/infra-codex/issues/121.
That is the goal for now - we need to make required files available for download in an easy and fast way. If manual way is a preferred one, let's follow that approach. We at least have a storage with CDN as a temporary workaround for distribution. |
|
@tbekas not sure what is the plan, but maybe you could extend the auto-detecting mechanism of which smart contract's address Codex uses based on ChainID, to have there also the related Zkey download URL mapped there. I am talking about this place: https://github.com/codex-storage/nim-codex/blob/master/codex/contracts/deployment.nim |
|
Indeed the verifier contract and the zkey is tightly coupled, they must be in sync. For example the generated verifier contract has some constants (actually taken from I guess the issue particularly with the |
|
@tbekas: In theory, yes. The verifier contract contains some hard-coded constants which are unique for the given Not surprisingly, you cannot compute the hash of the file from these, so for that we would have to maintain a table with the mapping. |
That is a pretty good idea! I like it. It will need more work, but yes, we could have a constant in the Verifier contract that would contain the hash of the Zkey, which then can be exposed to the This pretty much simplifies the "synchronization" problem as it will boil down only to contract's dependency. |
|
@AuHau in theory there is no need for a hash, the coordinates of the points alpha, beta, gamma, delta already identify the Though I just realized that in the CI we always use the same entropy which probably ruins this... hmm. |
|
On a second though, including the zkey hash solves the "need to maintain a mapping" thing nicely, so actually that seems to make sense. |
|
Well, yes, it identifies the Edit: Damn, your thinking is faster then my writing 🤪 |
|
I will merge this as I will need it for the follow up work as discussed here: #3 (comment) |
AuHau
changed the title
This PR add a step to upload ceremony file to storage in two names
proof_main.zkey55c969da98f17fc878e5aee610a702e9cb1a1e5b3b0f2ebb26aef9690a96eafa(sha256 from the first file)After upload, file can be downloaded using the following URL's
Closes https://github.com/codex-storage/infra-codex/issues/123