Calldata compression (#1)

* Added transformation of ring data to make the it easier to compress

* Fixed ring settlement without DA

* Renamed numElements to blockSize for consistency

* More flexible ring data transformation

* Small data transform change

Circuits/RingSettlementCircuit.h

@@ -18,6 +18,91 @@ using namespace ethsnarks;
 namespace Loopring
 {
 
+class TransformRingSettlementDataGadget : public GadgetT
+{
+public:
+
+ const unsigned int ringSize = 25 * 8;
+
+ VariableArrayT data;
+ Bitstream transformedData;
+ unsigned int numRings;
+
+ std::vector<XorArrayGadget> xorGadgets;
+
+ TransformRingSettlementDataGadget(
+ ProtoboardT& pb,
+ const std::string& prefix
+ ) :
+ GadgetT(pb, prefix)
+ {
+ numRings = 0;
+ }
+
+ VariableArrayT result()
+ {
+ return flatten(transformedData.data);
+ }
+
+ void generate_r1cs_witness()
+ {
+ for (unsigned int i = 0; i < xorGadgets.size(); i++)
+ {
+ xorGadgets[i].generate_r1cs_witness();
+ }
+ }
+
+ void generate_r1cs_constraints(unsigned int numRings, const VariableArrayT& data)
+ {
+ this->numRings = numRings;
+ this->data = data;
+ assert(numRings > 0);
+ assert(numRings * ringSize == data.size());
+
+ // XOR compress
+ Bitstream compressedData;
+ compressedData.add(subArray(data, 0, ringSize));
+ for (unsigned int i = 1; i < numRings; i++)
+ {
+ unsigned int previousRingStart = (i - 1) * ringSize;
+ unsigned int ringStart = i * ringSize;
+
+ xorGadgets.emplace_back(pb, subArray(data, previousRingStart, 5 * 8),
+ subArray(data, ringStart, 5 * 8),
+ std::string("xor_") + std::to_string(i));
+ xorGadgets.back().generate_r1cs_constraints();
+ compressedData.add(xorGadgets.back().result());
+ compressedData.add(subArray(data, ringStart + 5 * 8, ringSize - 5 * 8));
+ }
+
+ // Transform
+ struct Range
+ {
+ unsigned int offset;
+ unsigned int length;
+ };
+ std::vector<std::vector<Range>> ranges;
+ ranges.push_back({{0, 40}}); // ringMatcherID + fFee + tokenID
+ ranges.push_back({{40, 40}}); // orderA.orderID + orderB.orderID
+ ranges.push_back({{80, 40}}); // orderA.accountID + orderB.accountID
+ ranges.push_back({{120, 8}, {160, 8}}); // orderA.tokenS + orderB.tokenS
+ ranges.push_back({{128, 24},{168, 24}}); // orderA.fillS + orderB.fillS
+ ranges.push_back({{152, 8}}); // orderA.data
+ ranges.push_back({{192, 8}}); // orderB.data
+ for (const std::vector<Range>& subRanges : ranges)
+ {
+ for (unsigned int i = 0; i < numRings; i++)
+ {
+ for (const Range& subRange : subRanges)
+ {
+ unsigned int ringStart = i * ringSize;
+ transformedData.add(subArray(flatten(compressedData.data), ringStart + subRange.offset, subRange.length));
+ }
+ }
+ }
+ }
+};
+
 class RingSettlementGadget : public GadgetT
 {
 public:
@@ -49,6 +134,9 @@ class RingSettlementGadget : public GadgetT
  OrderGadget orderA;
  OrderGadget orderB;
 
+ ForceNotEqualGadget accountA_neq_ringMatcher;
+ ForceNotEqualGadget accountB_neq_ringMatcher;
+
  OrderMatchingGadget orderMatching;
 
  TernaryGadget uFillS_A;
@@ -147,6 +235,9 @@ class RingSettlementGadget : public GadgetT
  orderA(pb, params, constants, _exchangeID, FMT(prefix, ".orderA")),
  orderB(pb, params, constants, _exchangeID, FMT(prefix, ".orderB")),
 
+ accountA_neq_ringMatcher(pb, orderA.accountID.packed, minerAccountID.packed, FMT(prefix, ".accountA_neq_ringMatcher")),
+ accountB_neq_ringMatcher(pb, orderB.accountID.packed, minerAccountID.packed, FMT(prefix, ".accountB_neq_ringMatcher")),
+
  // Match orders
  orderMatching(pb, constants, _timestamp, orderA, orderB, FMT(prefix, ".orderMatching")),
 
@@ -350,11 +441,16 @@ class RingSettlementGadget : public GadgetT
  orderA.generate_r1cs_witness(ringSettlement.ring.orderA,
  ringSettlement.accountUpdate_A.before,
  ringSettlement.balanceUpdateS_A.before,
- ringSettlement.balanceUpdateB_A.before);
+ ringSettlement.balanceUpdateB_A.before,
+ ringSettlement.tradeHistoryUpdate_A.before);
  orderB.generate_r1cs_witness(ringSettlement.ring.orderB,
  ringSettlement.accountUpdate_B.before,
  ringSettlement.balanceUpdateS_B.before,
- ringSettlement.balanceUpdateB_B.before);
+ ringSettlement.balanceUpdateB_B.before,
+ ringSettlement.tradeHistoryUpdate_B.before);
+
+ accountA_neq_ringMatcher.generate_r1cs_witness();
+ accountB_neq_ringMatcher.generate_r1cs_witness();
 
  // Match orders
  orderMatching.generate_r1cs_witness();
@@ -457,6 +553,9 @@ class RingSettlementGadget : public GadgetT
  orderA.generate_r1cs_constraints();
  orderB.generate_r1cs_constraints();
 
+ accountA_neq_ringMatcher.generate_r1cs_constraints();
+ accountB_neq_ringMatcher.generate_r1cs_constraints();
+
  // Match orders
  orderMatching.generate_r1cs_constraints();
 
@@ -529,6 +628,8 @@ class RingSettlementCircuit : public GadgetT
  std::vector<RingSettlementGadget*> ringSettlements;
 
  libsnark::dual_variable_gadget<FieldT> publicDataHash;
+ Bitstream dataAvailabityData;
+ TransformRingSettlementDataGadget transformData;
  PublicDataGadget publicData;
 
  Constants constants;
@@ -555,6 +656,7 @@ class RingSettlementCircuit : public GadgetT
  GadgetT(pb, prefix),
 
  publicDataHash(pb, 256, FMT(prefix, ".publicDataHash")),
+ transformData(pb, FMT(prefix, ".transformData")),
  publicData(pb, publicDataHash, FMT(prefix, ".publicData")),
 
  constants(pb, FMT(prefix, ".constants")),
@@ -644,7 +746,7 @@ class RingSettlementCircuit : public GadgetT
  if (onchainDataAvailability)
  {
  // Store data from ring settlement
- publicData.add(ringSettlements.back()->getPublicData());
+ dataAvailabityData.add(ringSettlements.back()->getPublicData());
  }
  }
 
@@ -662,6 +764,13 @@ class RingSettlementCircuit : public GadgetT
  FMT(annotation_prefix, ".updateAccount_O"));
  updateAccount_O->generate_r1cs_constraints();
 
+ if (onchainDataAvailability)
+ {
+ // Transform the data
+ transformData.generate_r1cs_constraints(numRings, flattenReverse(dataAvailabityData.data));
+ publicData.add(flattenReverse({transformData.result()}));
+ }
+
  // Check the input hash
  publicDataHash.generate_r1cs_constraints(true);
  publicData.generate_r1cs_constraints();
@@ -715,6 +824,10 @@ class RingSettlementCircuit : public GadgetT
  updateAccount_P->generate_r1cs_witness(block.accountUpdate_P.proof);
  updateAccount_O->generate_r1cs_witness(block.accountUpdate_O.proof);
 
+ if (onchainDataAvailability)
+ {
+ transformData.generate_r1cs_witness();
+ }
  publicData.generate_r1cs_witness();
 
  return true;

Gadgets/MathGadgets.h

@@ -497,6 +497,92 @@ class NotGadget : public GadgetT
  }
 };
 
+class XorGadget : public GadgetT
+{
+public:
+ VariableT A;
+ VariableT B;
+ VariableT C;
+
+ XorGadget(
+ ProtoboardT& pb,
+ const VariableT& _A,
+ const VariableT& _B,
+ const std::string& prefix
+ ) :
+ GadgetT(pb, prefix),
+
+ A(_A),
+ B(_B),
+
+ C(make_variable(pb, FMT(prefix, ".C")))
+ {
+
+ }
+
+ const VariableT& result() const
+ {
+ return C;
+ }
+
+ void generate_r1cs_witness()
+ {
+ pb.val(C) = pb.val(A) + pb.val(B) - ((pb.val(A) == FieldT::one() && pb.val(B) == FieldT::one()) ? 2 : 0);
+ }
+
+ void generate_r1cs_constraints()
+ {
+ pb.add_r1cs_constraint(ConstraintT(2 * A, B, A + B - C), FMT(annotation_prefix, ".A ^ B == C"));
+ }
+};
+
+class XorArrayGadget : public GadgetT
+{
+public:
+ VariableArrayT A;
+ VariableArrayT B;
+ VariableArrayT C;
+
+ XorArrayGadget(
+ ProtoboardT& pb,
+ VariableArrayT _A,
+ VariableArrayT _B,
+ const std::string& prefix
+ ) :
+ GadgetT(pb, prefix),
+
+ A(_A),
+ B(_B),
+
+ C(make_var_array(pb, A.size(), FMT(prefix, ".C")))
+ {
+ assert(A.size() == B.size());
+ }
+
+ const VariableArrayT& result() const
+ {
+ return C;
+ }
+
+ void generate_r1cs_witness()
+ {
+ for (unsigned int i = 0; i < C.size(); i++)
+ {
+ pb.val(C[i]) = pb.val(A[i]) + pb.val(B[i]) - ((pb.val(A[i]) == FieldT::one() && pb.val(B[i]) == FieldT::one()) ? 2 : 0);
+ }
+ // printBits("A: ", A.get_bits(pb));
+ // printBits("B: ", B.get_bits(pb));
+ // printBits("C: ", C.get_bits(pb));
+ }
+
+ void generate_r1cs_constraints()
+ {
+ for (unsigned int i = 0; i < C.size(); i++)
+ {
+ pb.add_r1cs_constraint(ConstraintT(2 * A[i], B[i], A[i] + B[i] - C[i]), FMT(annotation_prefix, ".A ^ B == C"));
+ }
+ }
+};
 
 class EqualGadget : public GadgetT
 {
@@ -1030,6 +1116,23 @@ class SignatureVerifier : public GadgetT
  }
 };
 
+class Bitstream
+{
+public:
+
+ std::vector<VariableArrayT> data;
+
+ void add(const VariableArrayT& bits)
+ {
+ data.push_back(bits);
+ }
+
+ void add(const std::vector<VariableArrayT>& bits)
+ {
+ data.insert(data.end(), bits.begin(), bits.end());
+ }
+};
+
 class PublicDataGadget : public GadgetT
 {
 public:

Gadgets/OrderGadgets.h

@@ -137,7 +137,8 @@ class OrderGadget : public GadgetT
  }
 
  void generate_r1cs_witness(const Order& order, const Account& account,
- const BalanceLeaf& balanceLeafS, const BalanceLeaf& balanceLeafB)
+ const BalanceLeaf& balanceLeafS, const BalanceLeaf& balanceLeafB,
+ const TradeHistoryLeaf& tradeHistoryLeaf)
  {
  exchangeID.bits.fill_with_bits_of_field_element(pb, order.exchangeID);
  exchangeID.generate_r1cs_witness_from_bits();
@@ -184,9 +185,9 @@ class OrderGadget : public GadgetT
  amountS_notZero.generate_r1cs_witness();
  amountB_notZero.generate_r1cs_witness();
 
- pb.val(tradeHistoryFilled) = order.tradeHistoryFilled;
- pb.val(tradeHistoryCancelled) = order.tradeHistoryCancelled;
- pb.val(tradeHistoryOrderID) = order.tradeHistoryOrderID;
+ pb.val(tradeHistoryFilled) = tradeHistoryLeaf.filled;
+ pb.val(tradeHistoryCancelled) = tradeHistoryLeaf.cancelled;
+ pb.val(tradeHistoryOrderID) = tradeHistoryLeaf.orderID;
 
  tradeHistory.generate_r1cs_witness();
 

Utils/Data.h

@@ -171,10 +171,6 @@ class Order
  ethsnarks::FieldT rebateBips;
 
  Signature signature;
-
- ethsnarks::FieldT tradeHistoryFilled;
- ethsnarks::FieldT tradeHistoryCancelled;
- ethsnarks::FieldT tradeHistoryOrderID;
 };
 
 void from_json(const json& j, Order& order)
@@ -200,10 +196,6 @@ void from_json(const json& j, Order& order)
  order.rebateBips = ethsnarks::FieldT(j.at("rebateBips"));
 
  order.signature = j.at("signature").get<Signature>();
-
- order.tradeHistoryFilled = ethsnarks::FieldT(j.at("tradeHistoryFilled").get<std::string>().c_str());
- order.tradeHistoryCancelled = ethsnarks::FieldT(j.at("tradeHistoryCancelled"));
- order.tradeHistoryOrderID = ethsnarks::FieldT(j.at("tradeHistoryOrderID"));
 }
 
 class Ring