$$ \def\C\{\text{C}} \def\Csyn\{\text{C}^{\text{syn}}} \def\N\{\text{N}} \def\Nsyn\{\text{N}^\text{syn}} \def\Ch\{\text{Ch}} \def\csyn_#1{c^\text{syn}_{#1}} \def\Bit\{\{0, 1\}} \def\par\{\mathbin\Vert} \def\TreeD\{\text{TreeD}} \def\TreeC\{\text{TreeC}} \def\TreeR\{\text{TreeR}} \def\CommR\{\text{CommR}} \def\SectorSize\{\textsf{SECTOR_SIZE}} \def\SectorNodes\{\textsf{SECTOR_NODES}} \def\Gib\{\text{GiB}} \def\ReplicaID\{\text{ReplicaID}} $$ # Synth-PoRep Spec ## Notation & Constants $\textbf{const } \textsf{NODE_SIZE} = 32 \text{ Bytes}$ Size in bytes of one node. $\textbf{const } \SectorSize \in \{32\Gib, 64\Gib\}$ The size in bytes of the sector being sealed. $\textbf{const } \SectorNodes = \SectorSize \mathbin/ \textsf{NODE_SIZE}$ The size in 32-byte nodes of the sector being sealed. $\textbf{type } \CommR: \mathbb{F} = \texttt{poseidon}(\text{CommC} \par \text{RootR})$ A commitment to sealed data. $\text{CommC}$ is the root of $\text{TreeC}$ and $\text{RootR}$ is the root of $\TreeR$. $\textbf{type } \ReplicaID: \mathbb{F}$ A unique identifier associated with a replica $\text{R}$ of sector data $\text{D}$. </br> **Challenge Counts:** $\textbf{const } \Nsyn = 2^{14} = 16{,}384$ The number of synthetic challenges. $\textbf{const } \N = 176$ The number of PoRep challenges. </br> **Challenge Sets:** $\textbf{type } \Csyn: \texttt{u32}^{[\Nsyn]} = (\csyn_i)_{i \in [0, \Nsyn)}$ The synthetic challenge set. $\textbf{type } \C: \texttt{u32}^{[\N]} = (c_i)_{i \in [0, \N)}$ The PoRep challenge set. ## Challenge Generation ### SHA256 $\overline{\underline{\text{Function:}\ \texttt{gen_synth_challenges}(\ReplicaID) \rightarrow \Csyn}}$ $\textbf{for } i: \texttt{u32} \in [0, \Nsyn)\thinspace \textbf{:}$ $\quad \text{digest}: \texttt{u32}^{[8]} = \texttt{sha256}(\texttt{le_bytes}(\ReplicaID) \par \texttt{le_bytes}(i))$ $\quad \text{bigint} = \texttt{u256::from_le_u32s}(\text{digest})$ $\quad \csyn_i: \texttt{u32} = (\text{bigint} \mathbin\% (\SectorNodes - 1)) + 1$ </br> $\overline{\underline{\text{Function:}\ \texttt{gen_porep_challenges}(\ReplicaID, \Csyn, \text{rand}: \texttt{u8}^{[32]}) \rightarrow \C}}$ $\textbf{for } i: \texttt{u32} \in [0, \N / 8)\thinspace \textbf{:}$ $\quad \text{digest}: \texttt{u32}^{[8]} = \texttt{sha256}(\texttt{le_bytes}(\ReplicaID) \par \text{rand} \par \texttt{le_bytes}(i))$ $\quad \textbf{for } j \in [0, 8)\thinspace \textbf{:}$ $\quad\quad \text{idx} = \text{digest}[j] \mathbin\% \Nsyn$ $\quad\quad c_{8i + j} = \csyn_{\text{idx}}$ </br> ### ChaCha20 $\textbf{const } \textsf{NONCE}: \texttt{u8}^{[12]} = 0^{[12]}$ $\textbf{const } \textsf{EMPTY_BLOCK}: \texttt{u8}^{[64]} = 0^{[64]}$ $\overline{\underline{\text{Function:}\ \texttt{gen_synth_challenges}(\ReplicaID) \rightarrow \Csyn}}$ $\text{key}: \texttt{u8}^{[32]} = \texttt{le_bytes}(\ReplicaID)$ $\text{stream} = \texttt{ChaCha20::new}(\text{key}, \textsf{NONCE})$ $\textbf{for } i \in [0, \Nsyn / 2)\thinspace \textbf{:}$ $\quad \text{block}: \texttt{u8}^{[64]} = \text{stream}{.}\texttt{encrypt}(\textsf{EMPTY_BLOCK})$ $\quad \text{bigint}_1 = \texttt{u256::from_le_bytes}(\text{block}[\text{..}32])$ $\quad \text{bigint}_2 = \texttt{u256::from_le_bytes}(\text{block}[32\text{..}])$ $\quad \csyn_{2i}: \texttt{u32} = (\text{bigint}_1 \mathbin\% (\textsf{SECTOR_NODES} - 1)) + 1$ $\quad \csyn_{2i + 1}: \texttt{u32} = (\text{bigint}_2 \mathbin\% (\textsf{SECTOR_NODES} - 1)) + 1$ </br> $\overline{\underline{\text{Function:}\ \texttt{gen_porep_challenges}(\ReplicaID, \Csyn, \text{rand}: \texttt{u8}^{[32]}) \rightarrow \C}}$ $\text{key}: \texttt{u8}^{[32]} = \texttt{sha256}(\texttt{le_bytes}(\ReplicaID) \par \text{rand})$ $\text{stream} = \texttt{ChaCha20::new}(\text{key}, \textsf{NONCE})$ $\textbf{for } i \in [0, \N/16)\thinspace \textbf{:}$ $\quad \text{block}: \texttt{u8}^{[64]} = \text{stream}{.}\texttt{encrypt}(\textsf{EMPTY_BLOCK})$ $\quad \textbf{for } j \in [0, 16)\thinspace \textbf{:}$ $\quad\quad \text{idx} = \texttt{u32::from_le_bytes}(\text{block}[4j..4j + 4]) \mathbin\% \Nsyn$ $\quad\quad c_{16i + j} = \csyn_{\text{idx}}$
Last changed by  
Jake
209

Read more

SuperSnap Spec

$$

11/13/2023
PLONK Arithmetization

$$ \def\Zp{{\mathbb{Z}_p}} \def\F{{\mathbb{F}}} \def\Bit{{{0, 1}}} \def\PI{{\textsf{PI}}} \def\bold#1{\boldsymbol{#1}} \def\stop{{\rlap{\quad.}\hphantom{}}} \def\qed{{\rlap{\quad \tiny\blacksquare}\hphantom{}}} \def\par{{\thinspace {\parallel} \thinspace}} \def\hso{{\hspace{1pt}}}

10/7/2022
Halo2 Circuits

Groth16 Uses R1CS Arithmetization R1CS encodes an arithmetic computation (addition and multiplication). $\text{Public Inputs: } (1, x_1, \dots, x_m)$ $\text{Private Inputs: } (x_{m + 1}, \dots, x_n)$ $\text{Constraints: }(A_1B_1 = C_1, \dots, A_kB_k = C_k)$ Variables $x_i$ are stored in two vectors (public and private). A constraint is a degree-1 or degree-2 polynomial equation: $\text{polynomial}_A * \text{polynomial}_B = \text{polynomial}_C$

10/7/2022
Circuit-Efficient Labeling

During sealing, we perform a labeling function for each node in each layer (sha256 of a 20-block preimage). let label = sha256([ replica_id, // 0.5 blocks layer_index, // 0.25 blocks node, // 0.25 blocks parent_1_label, // 0.5 blocks ..., parent_37_label, // 0.5 blocks ]);

9/10/2022
Read more from Jake
Published on HackMD