Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

data availability design #144

Open
lispc opened this issue Apr 25, 2021 · 5 comments
Open

data availability design #144

lispc opened this issue Apr 25, 2021 · 5 comments
Assignees
@noel2004

Comments

@lispc
Copy link
Member

lispc commented Apr 25, 2021
edited
Loading

The meaning of 'data availability' is to enable proving account has balance of token in the tree. So order details are not needed.

SpotTrade:

AccountID1 4bytes
AccountID2 4bytes
tokenID_1to2 2bytes
tokenID_2to1 2bytes
Amount1to2 3bytes
Amount2to1 3bytes
// NewAccount1OrderRoot 
// NewAccount2OrderRoot
// although hash root is only 1 field element, it consumes many bytes in fact. So we prefer use original data
Order1Pos 2bytes
Order1ID 4bytes
Order1BuyAmount 3bytes
Order1SellAmount 3bytes
// Order1SellFilled 
// Order1BuyFilled
.. and for order2 ..

So total 42 bytes.

DepositToOld:

AccountID1 4bytes
tokenID1 2bytes
Amount1 3bytes

DepositToNew

AccountID1 4bytes
tokenID1 2bytes
Amount1 3bytes
ethAddr: 20bytes
sign 1bit
ay field: 32 bytes

total: 61bytes

Transfer

AccountID1 4bytes
AccountID2 4bytes
tokenID2bytes
Amount 3bytes

Withdraw

AccountID1 4bytes
tokenID1 2bytes
Amount1 3bytes
@lispc
Copy link
Member Author

lispc commented May 19, 2021

we may use poseidon / fields rather than sha3/bits first. This will make development/test easier. Once the design is finalized, we can switch to sha3/bits_encoding.

@lispc lispc pinned this issue May 21, 2021
@lispc
Copy link
Member Author

lispc commented May 25, 2021

we can handle L1(withdraw&deposit) tx data and L2(trading&transfer) tx data differently. eg, only put L1 tx data onchain, or limit L1 tx num in each l2 block

@lispc
Copy link
Member Author

lispc commented Aug 27, 2021
edited
Loading

(only transfer now)

Step1 without amount encoding. circuits add 1 public input block: hash(data)

Step2 (optional) with amount encoding

step 3: check availalibity: check reconstructing data can get correct merkle root (rust)

more: well-designed integer encoding / a DA tree + a non-DA tree / spottrade and other txs

@noel2004 noel2004 self-assigned this Aug 27, 2021
@noel2004
Copy link
Member

noel2004 commented Sep 1, 2021

As reference, in hermez they has hashed:

  • chainID

  • batch number

  • For each tx: from / to / amount / tokenID / nonce / fee:

    • All fields input has been compressed, and decoded to bits inside circuit, except for amount
    • they use nLevel bits (nLevel is the depth of Merkle tree) for account ID so they do need to take 32bits

@noel2004
Copy link
Member

noel2004 commented Sep 1, 2021
edited
Loading

Compare to our current circuit:

  1. We do not encode (compress) tx before input, so we just need to turn the required field into bits and hash them. It would save some cost in proof.

And we can still post the compressed data (raw data being hashed) in rollup tx?

2. For different type of tx, variant length for (encoded) tx being used in hasher would be essential, padding to longest tx (spot) should be unacceptable. (not work, the length of encoding bits must fixed)

@noel2004 noel2004 mentioned this issue Sep 2, 2021
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noel2004 noel2004

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lispc @noel2004