about_axiomREPL.md

Open this in Axiom REPL →

circuit.js

//
//                 _                 _____  ______ _____  _      
//     /\         (_)               |  __ \|  ____|  __ \| |     
//    /  \   __  ___  ___  _ __ ___ | |__) | |__  | |__) | |     
//   / /\ \  \ \/ / |/ _ \| '_ ` _ \|  _  /|  __| |  ___/| |     
//  / ____ \  >  <| | (_) | | | | | | | \ \| |____| |    | |____ 
// /_/    \_\/_/\_\_|\___/|_| |_| |_|_|  \_\______|_|    |______|
//                                                              
//  

// BLSPubkeyRegistry contract stores the apk of registered operators, for each quorum (we only look at quorum 0 for now)
const quorumG1ApkXMapping = getSolidityMapping(taskCreatedBlock, blsPubkeyRegistryAddr, quorumG1ApkXSlot)
const quorumG1ApkYMapping = getSolidityMapping(taskCreatedBlock, blsPubkeyRegistryAddr, quorumG1ApkYSlot)
const allOperatorsCircuitG1Apk = { x: quorumG1ApkXMapping.key(0), y: quorumG1ApkYMapping.key(0) }

// BLSPubkeyCompendium contract contains the following mappings (at slots 0 and 1):
// mapping(address => uint256) public operatorToG1PubkeyX;
// mapping(address => uint256) public operatorToG1PubkeyY;
const operatorToG1PubkeyXMapping = getSolidityMapping(taskCreatedBlock, blsPubkeyCompendiumAddr, operatorToG1PubkeyXSlot)
const operatorToG1PubkeyYMapping = getSolidityMapping(taskCreatedBlock, blsPubkeyCompendiumAddr, operatorToG1PubkeyYSlot)

const nonsignersCircuitPubkeys = nonsignersAddrs.map(nonsignerAddr => {
    const nonsignerG1PubkeyX = operatorToG1PubkeyXMapping.key(nonsignerAddr)
    const nonsignerG1PubkeyY = operatorToG1PubkeyYMapping.key(nonsignerAddr)
    return { x: nonsignerG1PubkeyX, y: nonsignerG1PubkeyY }
})
let signersG1Apk;
if (nonsignersCircuitPubkeys.length > 0) {
    const nonsignersG1Apk = bn254G1Sum(nonsignersCircuitPubkeys)
    // we subtract all nonsigners pubkeys from the apk to get the signersApk
    signersG1Apk = bn254G1SubUnequal(allOperatorsCircuitG1Apk, bn254G1AffinePointToCircuitBn254G1Affine(nonsignersG1Apk))

} else {
    signersG1Apk = loadBn254G1(allOperatorsCircuitG1Apk)
}

// // bls sig check function is still tbd
// // halo2-lib one is here: https://github.com/axiom-crypto/halo2-lib/blob/980b39bcca5b3327aaef6c8d73577d9381bfa899/halo2-ecc/src/bn254/bls_signature.rs#L27C12-L34C6
// //    might look something like:
let g1Generator = loadBn254G1({ x: newCircuitValue256(constant(0), constant(1)), y: newCircuitValue256(constant(0), constant(2)) })
const taskResponseDigestBn254G2 = loadBn254G2FromCircuitValue256(
    taskResponseDigestG2Coords[0], taskResponseDigestG2Coords[1],
    taskResponseDigestG2Coords[2], taskResponseDigestG2Coords[3]
)
const aggSigG2 = loadBn254G2FromCircuitValue256(aggSigG2Coords[0], aggSigG2Coords[1], aggSigG2Coords[2], aggSigG2Coords[3])
bn254PairingCheck(signersG1Apk, taskResponseDigestBn254G2, g1Generator, aggSigG2)

// TODO: we also need to check that number of signers > threshold

taskResponseDigestG2Coords.map(addToCallback)
nonsignersAddrs.map(addToCallback)
// // we also need to make sure that the blspubkeyregistry points to the blspubkeycompendium
addToCallback(blsPubkeyRegistryAddr)
addToCallback(blsPubkeyCompendiumAddr)

// TODO (in ts code): make sure to add task and taskResponse as extraData

// helper functions
function bn254G1AffinePointToCircuitBn254G1Affine(p) {
    return {
        x: convertBn254FqToCircuitValue256(p.x()),
        y: convertBn254FqToCircuitValue256(p.y())
    }
}

function loadBn254G1FromCircuitValue256(x, y) {
    return loadBn254G1({ x: x, y: y })
}

function loadBn254G2FromCircuitValue256(x_c0, x_c1, y_c0, y_c1) {
    let circuitBn254Fq2X = { c0: x_c0, c1: x_c1 };
    let circuitBn254Fq2Y = { c0: y_c0, c1: y_c1 };
    return loadBn254G2({ x: circuitBn254Fq2X, y: circuitBn254Fq2Y })
}

function loadBn254G2FromBigInts(x_c0, x_c1, y_c0, y_c1) {
    const { hi: high128xC0, lo: low128xC0 } = splitBigInt(x_c0);
    const { hi: high128xC1, lo: low128xC1 } = splitBigInt(x_c1);
    const { hi: high128yC0, lo: low128yC0 } = splitBigInt(y_c0);
    const { hi: high128yC1, lo: low128yC1 } = splitBigInt(y_c1);

    const circuitValue256XC0 = newCircuitValue256(witness(high128xC0), witness(low128xC0));
    const circuitValue256XC1 = newCircuitValue256(witness(high128xC1), witness(low128xC1));

    const circuitValue256YC0 = newCircuitValue256(witness(high128yC0), witness(low128yC0));
    const circuitValue256YC1 = newCircuitValue256(witness(high128yC1), witness(low128yC1));

    let circuitBn254Fq2X = { c0: circuitValue256XC0, c1: circuitValue256XC1 };
    let circuitBn254Fq2Y = { c0: circuitValue256YC0, c1: circuitValue256YC1 };
    return loadBn254G2({ x: circuitBn254Fq2X, y: circuitBn254Fq2Y })
}

function splitBigInt(bigIntValue) {
    const mask128 = BigInt("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); // 128-bit mask
    const lo = bigIntValue & mask128; // Low 128 bits
    const hi = (bigIntValue >> BigInt(128)) & mask128; // High 128 bits

    return { hi, lo };
}

inputs.json

{
    "taskResponseDigestG2Coords": [
        "0x1A9F9C2192443DAD96DEA99809D7BCB4BF07B77E776B2EE5A110673DDB35ADC6",
        "0x1C85512EA29263F26D472EBE329A35A370047DB2A87FC03186ECC67AFC54EE7C",
        "0x2A562852B360FEB4C9E320C6B3DE2A22F83D3D58B4298781BB7CDF0EA7D7DB2E",
        "0x17F0207F8241C307BD89E3A22CB8E47AA200E0912C2368519567348689C22193"
    ],
    "aggSigG2Coords": [
        "0x1E1CEEF9F6607D1C99879951AC4D74A48106A664ED6F0F86C4698E43D0304BBF",
        "0x1FBD095B66A4A00E66F6575C269873A43271AC1669381F55312634B43C444199",
        "0x2DFFD3B20751A407EC594E26B7EE3130115B1B0D6AE2C5391F03171C1360825D",
        "0x2DDDC27321F17DB8CBFA5B55E997DF2CFE2B64C9C989937D8F935A9002409043"
    ],
    "taskCreatedBlock": 9961355,
    "blsPubkeyRegistryAddr": "0x7c46B99d6182dACCbeb3D82Eaff2Dc3266da7B02",
    "quorumG1ApkXSlot": 3,
    "quorumG1ApkYSlot": 4,
    "blsPubkeyCompendiumAddr": "0x40971B1c11c71D60e0e18E0B400a4ADD2485961F",
    "operatorToG1PubkeyXSlot": 0,
    "operatorToG1PubkeyYSlot": 1,
    "nonsignersAddrs": []
}