feat: unconstraining keys in unconstrained encryption

[benesjan]

Fixes #7897

Token::transfer

before: 38441
after: 35464

diff: 2977

Note for the reviewer

This PR was blocked for a long time by this issue. On Friday Maxim did a change and he thought the issue got resolved. In most of the tests in this PR it really seemed like that but it reoccurred in token blacklist contract. I managed to find a workaround so I think this PR is ready to be reviewed and hopefully merged.

[benesjan]

• feat: unconstraining keys in unconstrained encryption #7912 👈
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @benesjan and the rest of your teammates on Graphite

[AztecBot]

Benchmark results

Metrics with a significant change:

• proof_construction_time_sha256_30_ms (16): 1,363 (-20%)
• protocol_circuit_simulation_time_in_ms (private-kernel-tail-to-public): 1,435 (+81%)
• avm_simulation_time_ms (Token:mint_public): 245 (+458%)
• avm_simulation_time_ms (Token:assert_minter_and_mint): 51.0 (-80%)
• avm_simulation_time_ms (AuthRegistry:set_authorized): 46.8 (+31%)
• avm_simulation_time_ms (Token:transfer_public): 26.1 (+69%)

Detailed results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Proof generation

Each column represents the number of threads used in proof generation.

Metric	1 threads	4 threads	16 threads	32 threads	64 threads
proof_construction_time_sha256_ms	5,774 (+1%)	1,551	707 (+1%)	768	775 (+1%)
proof_construction_time_sha256_30_ms	11,501	3,050 (-1%)	⚠️ 1,363 (-20%)	1,438 (-9%)	1,445 (-7%)
proof_construction_time_sha256_100_ms	45,301	11,784	5,423	5,930	5,364 (-5%)
proof_construction_time_poseidon_hash_ms	78.0 (-1%)	34.0	34.0	58.0	89.0 (+1%)
proof_construction_time_poseidon_hash_30_ms	1,530	416	198	219 (-1%)	269 (+1%)
proof_construction_time_poseidon_hash_100_ms	5,645	1,506 (+1%)	666	720	751 (+1%)

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric	4 txs	8 txs	16 txs
l1_rollup_calldata_size_in_bytes	4,612	8,260	15,524
l1_rollup_calldata_gas	52,768	97,618	186,908
l1_rollup_execution_gas	819,454	1,555,712	3,346,437
l2_block_processing_time_in_ms	250 (-3%)	438 (+2%)	810
l2_block_building_time_in_ms	9,360	18,433 (+1%)	36,778
l2_block_rollup_simulation_time_in_ms	9,359	18,433 (+1%)	36,777
l2_block_public_tx_process_time_in_ms	7,964	17,002	35,323

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 8 txs.

Metric	3 blocks	5 blocks
node_history_sync_time_in_ms	3,107 (+6%)	3,902 (+1%)
node_database_size_in_bytes	14,246,128	18,252,016
pxe_database_size_in_bytes	16,258	26,818

Circuits stats

Stats on running time and I/O sizes collected for every kernel circuit run across all benchmarks.

Circuit	simulation_time_in_ms	witness_generation_time_in_ms	input_size_in_bytes	output_size_in_bytes	proving_time_in_ms
private-kernel-init	75.1 (+5%)	378 (-1%)	20,975	44,933	N/A
private-kernel-inner	142 (+1%)	696	71,787	45,067	N/A
private-kernel-reset-tiny	333 (-1%)	699 (-3%)	64,273	44,922	N/A
private-kernel-tail	152 (-1%)	132 (-1%)	50,551	57,178	N/A
base-parity	5.55	N/A	160	96.0	N/A
root-parity	35.2	N/A	73,964	96.0	N/A
base-rollup	2,141 (+1%)	N/A	189,128	664	N/A
block-root-rollup	41.1	N/A	58,217	2,448	N/A
public-kernel-setup	86.7 (-1%)	N/A	114,433	79,670	N/A
public-kernel-app-logic	99.8	N/A	114,251	79,670	N/A
public-kernel-tail	583	N/A	487,098	16,414	N/A
private-kernel-reset-small	303 (-3%)	N/A	66,345	45,629	N/A
private-kernel-tail-to-public	⚠️ 1,435 (+81%)	599 (-1%)	448,120	1,825	N/A
public-kernel-teardown	85.0 (-1%)	N/A	114,697	79,670	N/A
merge-rollup	20.2 (+2%)	N/A	38,182	664	N/A
undefined	N/A	N/A	N/A	N/A	103,118 (-5%)

Stats on running time collected for app circuits

Function	input_size_in_bytes	output_size_in_bytes	witness_generation_time_in_ms
ContractClassRegisterer:register	1,344	11,731	347 (-1%)
ContractInstanceDeployer:deploy	1,408	11,731	18.1 (-1%)
MultiCallEntrypoint:entrypoint	1,920	11,731	423 (-1%)
FeeJuice:deploy	1,376	11,731	390 (-3%)
SchnorrAccount:constructor	1,312	11,731	61.2
SchnorrAccount:entrypoint	2,336	11,731	367 (-1%)
FeeJuice:claim	1,344	11,731	36.2 (+1%)
Token:privately_mint_private_note	1,280	11,731	70.9 (-3%)
FPC:fee_entrypoint_public	1,344	11,731	24.2 (+3%)
Token:transfer	1,312	11,731	196 (-5%)
Benchmarking:create_note	1,344	11,731	73.2 (-1%)
SchnorrAccount:verify_private_authwit	1,280	11,731	29.0 (+9%)
Token:unshield	1,376	11,731	482 (-1%)
FPC:fee_entrypoint_private	1,376	11,731	649 (+1%)

AVM Simulation

Time to simulate various public functions in the AVM.

Function	time_ms	bytecode_size_in_bytes
FeeJuice:_increase_public_balance	135 (-1%)	1,188
FeeJuice:set_portal	10.7 (-1%)	1,170
Token:constructor	252 (-3%)	10,378
FPC:constructor	68.5 (-4%)	7,877
FeeJuice:check_balance	35.6 (-1%)	995
Token:mint_public	⚠️ 245 (+458%)	2,123
Token:assert_minter_and_mint	⚠️ 51.0 (-80%)	1,435
AuthRegistry:set_authorized	⚠️ 46.8 (+31%)	515
FPC:prepare_fee	88.6	1,588
Token:transfer_public	⚠️ 26.1 (+69%)	8,603
FPC:pay_refund	40.1 (-2%)	2,090
Benchmarking:increment_balance	1,004 (+1%)	1,516
Token:_increase_public_balance	38.9 (+5%)	1,159
FPC:pay_refund_with_shielded_rebate	49.7 (-4%)	2,090

Public DB Access

Time to access various public DBs.

Function	time_ms
get-nullifier-index	0.163 (-3%)

Tree insertion stats

The duration to insert a fixed batch of leaves into each tree type.

Metric	1 leaves	16 leaves	64 leaves	128 leaves	256 leaves	512 leaves	1024 leaves
batch_insert_into_append_only_tree_16_depth_ms	2.18 (+1%)	3.87	N/A	N/A	N/A	N/A	N/A
batch_insert_into_append_only_tree_16_depth_hash_count	16.7	31.8	N/A	N/A	N/A	N/A	N/A
batch_insert_into_append_only_tree_16_depth_hash_ms	0.114	0.109 (+1%)	N/A	N/A	N/A	N/A	N/A
batch_insert_into_append_only_tree_32_depth_ms	N/A	N/A	11.1	17.6	31.4	58.6	118 (+5%)
batch_insert_into_append_only_tree_32_depth_hash_count	N/A	N/A	95.9	159	287	543	1,055
batch_insert_into_append_only_tree_32_depth_hash_ms	N/A	N/A	0.106	0.102	0.101	0.101 (+1%)	0.104 (+4%)
batch_insert_into_indexed_tree_20_depth_ms	N/A	N/A	14.1 (-2%)	26.2	44.5 (-1%)	81.7	162 (+1%)
batch_insert_into_indexed_tree_20_depth_hash_count	N/A	N/A	109	207	357	691	1,363
batch_insert_into_indexed_tree_20_depth_hash_ms	N/A	N/A	0.108 (-2%)	0.106	0.106 (-2%)	0.101	0.101
batch_insert_into_indexed_tree_40_depth_ms	N/A	N/A	15.9 (-1%)	N/A	N/A	N/A	N/A
batch_insert_into_indexed_tree_40_depth_hash_count	N/A	N/A	129	N/A	N/A	N/A	N/A
batch_insert_into_indexed_tree_40_depth_hash_ms	N/A	N/A	0.105 (-1%)	N/A	N/A	N/A	N/A

Miscellaneous

Transaction sizes based on how many contract classes are registered in the tx.

Metric	0 registered classes	1 registered classes
tx_size_in_bytes	72,419	668,302

Transaction size based on fee payment method

| Metric | |
| - | |

[benesjan]

Did this change because it worked as a workaround around the Noir issue which reoccurred in this function (see here for context). I didn't want this PR to be blocked no more and we did this change in the standard token so I think it's an ok change to do.

[nventuro]

So if we do constrained encryption this breaks?

[benesjan]

Yes, it's a house of cards

[sklppy88]

Nice ! 🚀

[nventuro]

So if we do constrained encryption this breaks?

[github-actions]

Changes to circuit sizes

Generated at commit: 2c71b660a5eaff4f8e9f46188f4ba740ed08d4cd, compared to commit: e0185e75e65df08b5334856f8bf63fa3aed7049a

🧾 Summary (100% most significant diffs)

Program	ACIR opcodes (+/-)	%	Circuit size (+/-)	%
parity_root	0 ➖	0.00%	+87,732 ❌	+1.63%
rollup_block_root	0 ➖	0.00%	+65,799 ❌	+1.62%
rollup_merge	0 ➖	0.00%	+43,866 ❌	+1.62%
rollup_root	0 ➖	0.00%	+43,866 ❌	+1.60%
rollup_block_merge	0 ➖	0.00%	+43,866 ❌	+1.60%
public_kernel_app_logic	0 ➖	0.00%	+21,933 ❌	+1.12%
public_kernel_teardown	0 ➖	0.00%	+21,933 ❌	+1.12%
public_kernel_setup	0 ➖	0.00%	+21,933 ❌	+1.12%
public_kernel_tail	0 ➖	0.00%	+21,933 ❌	+0.81%
rollup_base	0 ➖	0.00%	+21,933 ❌	+0.61%

---

Full diff report 👇

Program	ACIR opcodes (+/-)	%	Circuit size (+/-)	%
parity_root	374 (0)	0.00%	5,481,623 (+87,732)	+1.63%
rollup_block_root	803 (0)	0.00%	4,117,756 (+65,799)	+1.62%
rollup_merge	319 (0)	0.00%	2,748,043 (+43,866)	+1.62%
rollup_root	18,188 (0)	0.00%	2,785,852 (+43,866)	+1.60%
rollup_block_merge	18,204 (0)	0.00%	2,785,884 (+43,866)	+1.60%
public_kernel_app_logic	246,381 (0)	0.00%	1,983,861 (+21,933)	+1.12%
public_kernel_teardown	247,012 (0)	0.00%	1,984,645 (+21,933)	+1.12%
public_kernel_setup	246,841 (0)	0.00%	1,987,064 (+21,933)	+1.12%
public_kernel_tail	259,775 (0)	0.00%	2,726,963 (+21,933)	+0.81%
rollup_base	347,688 (0)	0.00%	3,629,648 (+21,933)	+0.61%