From b4d32a8875ab23efebef52798094487f1cbb71da Mon Sep 17 00:00:00 2001 From: qiwihui Date: Sun, 18 Aug 2024 12:02:53 +0800 Subject: [PATCH] new blogs --- ...kle_Trie_\344\273\216_0_\345\210\260_1.md" | 692 +++++++++--------- ...46\213\237_|_Babylon_script_simulation.md" | 13 + ...21\345\224\256\345\271\263\345\217\260.md" | 33 + ...345\210\227_|_Tornado_Cash_in_practice.md" | 23 + 4 files changed, 418 insertions(+), 343 deletions(-) create mode 100644 "src/blogs/qiwihui-blog-176-Babylon_\345\215\217\350\256\256\350\204\232\346\234\254\346\250\241\346\213\237_|_Babylon_script_simulation.md" create mode 100644 "src/blogs/qiwihui-blog-177-\345\206\231\344\270\200\344\270\252_pump.fun_\346\231\272\350\203\275\345\220\210\347\272\246\357\274\214\345\210\233\345\273\272\344\273\245\345\244\252\345\235\212\344\270\212\347\232\204Meme\345\217\221\345\224\256\345\271\263\345\217\260.md" create mode 100644 "src/blogs/qiwihui-blog-178-Tornado_Cash_\344\273\243\347\240\201\345\256\236\350\267\265\347\263\273\345\210\227_|_Tornado_Cash_in_practice.md" diff --git "a/src/blogs/qiwihui-blog-175-Verkle_Trie_\344\273\216_0_\345\210\260_1.md" "b/src/blogs/qiwihui-blog-175-Verkle_Trie_\344\273\216_0_\345\210\260_1.md" index 12b1d264..4c4fdffd 100644 --- "a/src/blogs/qiwihui-blog-175-Verkle_Trie_\344\273\216_0_\345\210\260_1.md" +++ "b/src/blogs/qiwihui-blog-175-Verkle_Trie_\344\273\216_0_\345\210\260_1.md" @@ -1,343 +1,349 @@ -# Verkle Trie 从 0 到 1 - -video: - -docs: - -## Problems - -1. How to store multiple files remotely and know that those files haven’t been changed? -2. Given a starting 𝑥, compute 𝑥↦𝑥^3+5, and repeat that 1 million times. How to prove to someone I computed this, and did so correctly - without he having to re-run the whole thing. - - ```bash - Suppose our starting number is 𝑥=2. - - x^2 = 4 - - x^3 = x^2 * x = 4 * 2 = 8 - - X^3 + 5 = 13 - So our trace is {2, 4, 8, 13, ...} - we will produce 3,000,001 numbers in computing the circuit. - ``` - - -→ How can we verify integrity of a vector of elements? - -## Solution 1: Single file hashing - -For single file, we can use secure hash functions: - -![Untitled](imgs/175/hash.png) - -So a simple scheme for verifying file integrity: hash each file and save the store the hash locally. - -![Untitled](imgs/175/hash_files.png) - -Problem: has to store n hashes → we need constant-sized digest - -## Solution 2: Merkle Trees - -Merkle tree - -- the root is the digest, it is constant sized - - ![Untitled](imgs/175/merkle_tree.png) - -- use merkle proof to verify if the files have been changed. - - ![Untitled](imgs/175/merkle_proof.png) - - -Performance - -![Screenshot 2024-05-07 at 10.21.39.png](imgs/175/merkle_tree_perf.png) - -Problem: Many small files ⇒ Merkle proofs too large - -## Solution 3: q-ary Merkle Trees - -![Screenshot 2024-05-07 at 11.20.51.png](imgs/175/q-ary_merkle_tree.png) - -problem: Proof size is even bigger - -![Screenshot 2024-05-07 at 11.22.31.png](imgs/175/problem_of_q-ary_merkle_tree.png) - -proof size: $qlog_q{n}$ - -## Solution 4: polynomial commitment - -![Screenshot 2024-05-07 at 11.41.06.png](imgs/175/polynomial_commitment.png) - -### What is polynomial commitments? - -1. 将长度为 $n+1$ 的 vector 转换为多项式的点值 $(v_0, v_1, ..., v_n)$→$(0, v_0), (1, v_1), ...,(n, v_n)$ -2. 将唯一对应的 $Degree=n$ 的多项式$f(x)$ ,生成为Commitment→ 拉格朗日插值 - - Lagrange Interpolation - - ## Polynomial - - $$ - f(x) = \sum_{i = 0}^{n} a_i x^i=a_0 + a_1x + ...+a_nx^n - $$ - - - Degree $deg(f(x))=n$ - - $a_n\neq0$ - - ## Encoding data into Polynomial using Lagrange Interpolation - - Given $(x_i, y_i), x_i \neq x_j, \forall i\neq j$, build a polynomial such that $f(x_i) = y_i$ and degree is $n-1$ - - $$ - f(x)=\sum_{i=0}^{n-1}y_i \prod_{j=0, j \neq i}^{n-1} \frac{x - x_j}{x_i - x_j} - $$ - - $n = 2$ - - $$ - f(x)=y_0 \frac{x - x_1}{x_0 - x_1} + y_1 \frac{x - x_0}{x_1 - x_0} - $$ - - $n = 3$ - - $$ - f(x)=y_0 \frac{(x - x_1)(x-x_2)}{(x_0 - x_1)(x_0-x_2)} + y_1 \frac{(x - x_0)(x-x_2)}{(x_1 - x_0)(x_1-x_2)} ... - $$ - - Example - - - Given (0, 3), (1, 6), we have - - $$ - f(x) = 3(x-1)/(0-1) + 6(x-0)/(1-0) = -3x+3+6=3x+3 - $$ - - (2, 9), (3, 12), (4, 15). Suppose, given (1,6) and (3,12) - - $$ - f(x)= 6(x-3)/(1-3)+12(x-1)/(3-1)=-3x+9+6x-6=3x+3 - $$ - - n encode to m (m > n), n-of-m data can recover the polynomial **exactly**! - -3. Open 其中的一个点,提供一个 Proof 证明点值$(k,v_k)$符合多项式$f(k)=v_k$ - -![https://inevitableeth.com/polynomial-commitments-3.jpeg](https://inevitableeth.com/polynomial-commitments-3.jpeg) - -STUART → (1, 83), (2, 84), …, (6, 84) → f(x) → choose (4.5, 69.5) as commitment - -### KZG polynomial commitment - -```jsx -Knowledge -> Point-Values -> Coefficients -> Commitment -> Open&Prove&Verify - FFT MSM - ^ - | - Trusted Setup -``` - -FFT: Fast Furious Transform - -MSM: multi-scalar multiplication - -1. KZG Commitment 是 Polynomial Commitment 的一种算法实现 - - **Elliptic curves + discrete logarithm problem** - - Encoding Polynomial in a finite field $\mathbb{F}_q$, q is prime: - - Polynomial on an elliptic curve $\mathbb{G}_1$ - - $\mathbb{G}_1 = [0, G_1, G_1 + G_1 = [2] G_1, [3]G_1, ..., [q]G_1]$ where $[q+1] G_1 = 0$ - - - $[n]G_1 =[n]_1$ can be computed very fast - - $[n] X = Y$, given $X$ and $Y$, it is very hard to find $n$ (it is called discrete logarithm algorithm) - - mod 7: - - 1 mod 7, 8 mod 7, 15 mod 7,…. - - [n] mod 7 = 1 mod 7? - - $$ - [f(x)]G_1 = [\sum_{i=0}^{n}a_i x^i] G_1 = \sum_{i=0}^{n} [a_i] ([x^i] G_1) = \sum_{i=0}^{n} [a_i] [x^i]_1 - $$ - - - **Trusted setup** - - ![https://inevitableeth.com/pcs-trusted-setup-1.jpeg](https://inevitableeth.com/pcs-trusted-setup-1.jpeg) - - Now we have secret $s \in \mathbb{F}_q$ such that - - - Nobody knows $s$ (private key of the “god”) - - $[s^i] G_1 = [s^i]_1$, $i = 1, …$ is known to everybody (”god”’s public key) - - Then, we have the commitment as - - $$ - C = [f(s)]_1=\sum_{i=0}^n [a_i] [s^i]_1 - $$ - - Finding another $g(x)$ such that $g(s) = f(s)$ is almost impossible - - - **Elliptic curves pairings** - - Find two elliptic curves, such that - - ![https://inevitableeth.com/elliptic-curve-pairings-1.jpeg](https://inevitableeth.com/elliptic-curve-pairings-1.jpeg) - - Given $x_i, y_i$, want to prove $f(x_i) = y_i$, - - $$ - f(x) - y_i = g(x) = (x - x_i)q(x) - $$ - - 3x+3 given data points( 1, 6), (4,2) - - $3x+3 - 6 = 3x-3 = 3(x-1)= q(x)(x-1)$ - - $$ - \begin{aligned}[f(s) - y_i] G_1 &= [(s - x_i)q(s)] G_1 \\ C - [y_i]_1 \end{aligned} - $$ - - $e: \mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_T$ - - $$ - e(C - [y_i] G_1, G_2) = e([q(s)]_1, [(s - x_i)]_2) - $$ - - where $[q(s)]_1$ is the proof (48 bytes as a point on an elliptic curve) - - ![Screenshot 2024-05-07 at 13.51.25.png](imgs/175/kzg_proof_verification.png) - -2. Polynomial Commitment 的其他实现 - 1. KZG:PLONK、Marlin - 2. FRI:zkSTARK - 3. IPA:Bulletproof - 4. IPA + Halo-style aggregation:Halo 2 - - ![[https://vitalik.ca/general/2021/11/05/halo.html](https://vitalik.ca/general/2021/11/05/halo.html)](imgs/175/polynomial_commitment_perf.png) - - [https://vitalik.ca/general/2021/11/05/halo.html](https://vitalik.ca/general/2021/11/05/halo.html) - -3. KZG Commitment的优缺点 - 1. 缺点:需要Trusted Setup - 2. 优点:proof 长度短且恒定 - -## Solution 5: Verkle trie - -Replace Hash Functions in q-ary Merkle tree with Vector commitment Schemes → Verkle Trie - -![Screenshot 2024-05-07 at 13.08.29.png](imgs/175/verkle_trie.png) - -Performance comparison: - -![Untitled](imgs/175/performance_comparison.png) - -Verkle Trees let us trade off proof-size vs. construction time. - -## Verkle tree structure in Ethereum - -### MPT(Merkle Patricia Trie) problem - -Ethereum has a total of four trees: - -- the World State Trie -- Receipts Trie -- Transaction Trie -- Account Storage Trie - -![Untitled](imgs/175/ethereum_tries.png) - -![Untitled](imgs/175/state_trie.png) - -**MPT is 2-layer structure (Tree-inside-a-tree)** - -- Complexity -- Imbalance -- Difficulty in understanding interactions between mechanisms such as state expiration - -Vitalik has proposed a **single-layer structure**. - -![Untitled](imgs/175/single_layer_structure.png) - -maps data to a 32-byte single key at all locations within the state: - -eg. `(address, storage_slot)`, `(address, NONCE)`, `(address, balance)`,… - -values sharing the first 31 bytes of the key are included in the same bottom-layer commitment. - -![Untitled](imgs/175/values_sharing.png) - -### Tree key - -- 32 bytes -- consisting of a 31-byte stem and a 1-byte suffix. The suffix allows for distinguishing the state information (account header data, code, storage) stored by the Tree Key. -- 31-byte stem: pedersen_hash - - ```jsx - def get_tree_key(address: Address32, tree_index: int, sub_index: int): - # Asssumes VERKLE_NODE_WIDTH = 256 - return ( - pedersen_hash(address + tree_index.to_bytes(32, 'little'))[:31] + - bytes([sub_index]) - ) - ``` - - -![Untitled](imgs/175/tree_key.png) - -verkle tree structure: - -![Untitled](imgs/175/verkle_tree_structure.png) - -### **Inner Node & Suffix Node(extension node)** - -***Suffix Node*** - -suffix node structure: - -![Untitled](imgs/175/suffix_node.png) - -- **1:** A marker for the suffix node, which is 1 on the elliptic curve but does not literally mean the number 1. -- **Stem:** The stem refers to the stem in the tree key. -- **C1, C2:** Are Pedersen Commitments. - -```jsx -C = Commit(1, C1, Stem, C2) -``` - -C1 and C2 commitment take the data form: - -![Untitled](imgs/175/C1_C2.png) - -- The reason for this division is that the creation of Pedersen Commitment is limited to committing up to 256 values of maximum 253-bit size, and for 256-bit values, data loss occurs. -- Process of storing 32-byte data under a tree key: - 1. Depending on the suffix, the data become v0, v1… v255 - 2. v0~v127 are included in C1, and v128~v255 are included in C2 to calculate the leaf node’s commitment - 3. For C1, each 32-byte value of v0~v127 is divided into the upper 16 bytes (v1,0) and the lower 16 bytes (v1, 1) to serve as coefficients in a polynomial. - - → each coefficient’s data being 16 bytes (128-bit) - - 4. 256-degree polynomial is committed: - - `C1 = commit([(v0,0), (v0,1), (v1,0), (v1,1)…(v127,0),(v127,1)])` - - `C2 = commit([(v128,0), (v128,1), (v129,0), (v129,1) … (v255,0),(v255,1)])` - 5. `C = Commit(1, C1, Stem, C2)` → commitment for the leaf node - -***Inner Node*** - -![Untitled](imgs/175/inner_node.png) - -- holds the stem value of the tree key and stores 256 pointers to sub-nodes -- C0, C1 … C255 represent the commitments of sub-nodes, and the inner node contains these commitments. - -An example of verkle tree containing 4 tree keys: - -- 0x00..20 -- 0xdefe…64 -- 0xde03a8..02 -- 0xde03a8..ff - -![Untitled](imgs/175/verkle_trie_example.png) - -Summary: - -- The Verkle Trie consists of two types of nodes: leaf nodes and inner nodes. -- A tree key contains a stem and a suffix. -- The same stem corresponds to the same leaf node. -- Data is stored differentiated by the suffix of the tree key. -- The tree key is encoded byte by byte along the path from the root to the leaf node. -- Data is included in the commitment of the leaf node. +# Verkle Trie 从 0 到 1 + + +video: + +docs: + +## Problems + +1. How to store multiple files remotely and know that those files haven’t been changed? +2. Given a starting 𝑥, compute 𝑥↦𝑥^3+5, and repeat that 1 million times. How to prove to someone I computed this, and did so correctly - without he having to re-run the whole thing. + + ```bash + Suppose our starting number is 𝑥=2. + - x^2 = 4 + - x^3 = x^2 * x = 4 * 2 = 8 + - X^3 + 5 = 13 + So our trace is {2, 4, 8, 13, ...} + we will produce 3,000,001 numbers in computing the circuit. + ``` + + +→ How can we verify integrity of a vector of elements? + +## Solution 1: Single file hashing + +For single file, we can use secure hash functions: + +![Untitled](imgs/175/hash.png) + +So a simple scheme for verifying file integrity: hash each file and save the store the hash locally. + +![Untitled](imgs/175/hash_files.png) + +Problem: has to store n hashes → we need constant-sized digest + +## Solution 2: Merkle Trees + +Merkle tree + +- the root is the digest, it is constant sized + + ![Untitled](imgs/175/merkle_tree.png) + +- use merkle proof to verify if the files have been changed. + + ![Untitled](imgs/175/merkle_proof.png) + + +Performance + +![Screenshot 2024-05-07 at 10.21.39.png](imgs/175/merkle_tree_perf.png) + +Problem: Many small files ⇒ Merkle proofs too large + +## Solution 3: q-ary Merkle Trees + +![Screenshot 2024-05-07 at 11.20.51.png](imgs/175/q-ary_merkle_tree.png) + +problem: Proof size is even bigger + +![Screenshot 2024-05-07 at 11.22.31.png](imgs/175/problem_of_q-ary_merkle_tree.png) + +proof size: $qlog_q{n}$ + +## Solution 4: polynomial commitment + +![Screenshot 2024-05-07 at 11.41.06.png](imgs/175/polynomial_commitment.png) + +### What is polynomial commitments? + +1. 将长度为 $n+1$ 的 vector 转换为多项式的点值 $(v_0, v_1, ..., v_n)$→$(0, v_0), (1, v_1), ...,(n, v_n)$ +2. 将唯一对应的 $Degree=n$ 的多项式$f(x)$ ,生成为Commitment→ 拉格朗日插值 + - Lagrange Interpolation + + ## Polynomial + + $$ + f(x) = \sum_{i = 0}^{n} a_i x^i=a_0 + a_1x + ...+a_nx^n + $$ + + - Degree $deg(f(x))=n$ + - $a_n\neq0$ + + ## Encoding data into Polynomial using Lagrange Interpolation + + Given $(x_i, y_i), x_i \neq x_j, \forall i\neq j$, build a polynomial such that $f(x_i) = y_i$ and degree is $n-1$ + + $$ + f(x)=\sum_{i=0}^{n-1}y_i \prod_{j=0, j \neq i}^{n-1} \frac{x - x_j}{x_i - x_j} + $$ + + $n = 2$ + + $$ + f(x)=y_0 \frac{x - x_1}{x_0 - x_1} + y_1 \frac{x - x_0}{x_1 - x_0} + $$ + + $n = 3$ + + $$ + f(x)=y_0 \frac{(x - x_1)(x-x_2)}{(x_0 - x_1)(x_0-x_2)} + y_1 \frac{(x - x_0)(x-x_2)}{(x_1 - x_0)(x_1-x_2)} ... + $$ + + Example + + - Given (0, 3), (1, 6), we have + + $$ + f(x) = 3(x-1)/(0-1) + 6(x-0)/(1-0) = -3x+3+6=3x+3 + $$ + + (2, 9), (3, 12), (4, 15). Suppose, given (1,6) and (3,12) + + $$ + f(x)= 6(x-3)/(1-3)+12(x-1)/(3-1)=-3x+9+6x-6=3x+3 + $$ + + n encode to m (m > n), n-of-m data can recover the polynomial **exactly**! + +3. Open 其中的一个点,提供一个 Proof 证明点值$(k,v_k)$符合多项式$f(k)=v_k$ + +![https://inevitableeth.com/polynomial-commitments-3.jpeg](https://inevitableeth.com/polynomial-commitments-3.jpeg) + +STUART → (1, 83), (2, 84), …, (6, 84) → f(x) → choose (4.5, 69.5) as commitment + +### KZG polynomial commitment + +```jsx +Knowledge -> Point-Values -> Coefficients -> Commitment -> Open&Prove&Verify + FFT MSM + ^ + | + Trusted Setup +``` + +FFT: Fast Furious Transform + +MSM: multi-scalar multiplication + +1. KZG Commitment 是 Polynomial Commitment 的一种算法实现 + - **Elliptic curves + discrete logarithm problem** + + Encoding Polynomial in a finite field $\mathbb{F}_q$, q is prime: + + Polynomial on an elliptic curve $\mathbb{G}_1$ + + $\mathbb{G}_1 = [0, G_1, G_1 + G_1 = [2] G_1, [3]G_1, ..., [q]G_1]$ where $[q+1] G_1 = 0$ + + - $[n]G_1 =[n]_1$ can be computed very fast + - $[n] X = Y$, given $X$ and $Y$, it is very hard to find $n$ (it is called discrete logarithm algorithm) + - mod 7: + - 1 mod 7, 8 mod 7, 15 mod 7,…. + - [n] mod 7 = 1 mod 7? + + $$ + [f(x)]G_1 = [\sum_{i=0}^{n}a_i x^i] G_1 = \sum_{i=0}^{n} [a_i] ([x^i] G_1) = \sum_{i=0}^{n} [a_i] [x^i]_1 + $$ + + - **Trusted setup** + + ![https://inevitableeth.com/pcs-trusted-setup-1.jpeg](https://inevitableeth.com/pcs-trusted-setup-1.jpeg) + + Now we have secret $s \in \mathbb{F}_q$ such that + + - Nobody knows $s$ (private key of the “god”) + - $[s^i] G_1 = [s^i]_1$, $i = 1, …$ is known to everybody (”god”’s public key) + + Then, we have the commitment as + + $$ + C = [f(s)]_1=\sum_{i=0}^n [a_i] [s^i]_1 + $$ + + Finding another $g(x)$ such that $g(s) = f(s)$ is almost impossible + + - **Elliptic curves pairings** + + Find two elliptic curves, such that + + ![https://inevitableeth.com/elliptic-curve-pairings-1.jpeg](https://inevitableeth.com/elliptic-curve-pairings-1.jpeg) + + Given $x_i, y_i$, want to prove $f(x_i) = y_i$, + + $$ + f(x) - y_i = g(x) = (x - x_i)q(x) + $$ + + 3x+3 given data points( 1, 6), (4,2) + + $3x+3 - 6 = 3x-3 = 3(x-1)= q(x)(x-1)$ + + $$ + \begin{aligned}[f(s) - y_i] G_1 &= [(s - x_i)q(s)] G_1 \\ C - [y_i]_1 \end{aligned} + $$ + + $e: \mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_T$ + + $$ + e(C - [y_i] G_1, G_2) = e([q(s)]_1, [(s - x_i)]_2) + $$ + + where $[q(s)]_1$ is the proof (48 bytes as a point on an elliptic curve) + + ![Screenshot 2024-05-07 at 13.51.25.png](imgs/175/kzg_proof_verification.png) + +2. Polynomial Commitment 的其他实现 + 1. KZG:PLONK、Marlin + 2. FRI:zkSTARK + 3. IPA:Bulletproof + 4. IPA + Halo-style aggregation:Halo 2 + + ![[https://vitalik.ca/general/2021/11/05/halo.html](https://vitalik.ca/general/2021/11/05/halo.html)](imgs/175/polynomial_commitment_perf.png) + + [https://vitalik.ca/general/2021/11/05/halo.html](https://vitalik.ca/general/2021/11/05/halo.html) + +3. KZG Commitment的优缺点 + 1. 缺点:需要Trusted Setup + 2. 优点:proof 长度短且恒定 + +## Solution 5: Verkle trie + +Replace Hash Functions in q-ary Merkle tree with Vector commitment Schemes → Verkle Trie + +![Screenshot 2024-05-07 at 13.08.29.png](imgs/175/verkle_trie.png) + +Performance comparison: + +![Untitled](imgs/175/performance_comparison.png) + +Verkle Trees let us trade off proof-size vs. construction time. + +## Verkle tree structure in Ethereum + +### MPT(Merkle Patricia Trie) problem + +Ethereum has a total of four trees: + +- the World State Trie +- Receipts Trie +- Transaction Trie +- Account Storage Trie + +![Untitled](imgs/175/ethereum_tries.png) + +![Untitled](imgs/175/state_trie.png) + +**MPT is 2-layer structure (Tree-inside-a-tree)** + +- Complexity +- Imbalance +- Difficulty in understanding interactions between mechanisms such as state expiration + +Vitalik has proposed a **single-layer structure**. + +![Untitled](imgs/175/single_layer_structure.png) + +maps data to a 32-byte single key at all locations within the state: + +eg. `(address, storage_slot)`, `(address, NONCE)`, `(address, balance)`,… + +values sharing the first 31 bytes of the key are included in the same bottom-layer commitment. + +![Untitled](imgs/175/values_sharing.png) + +### Tree key + +- 32 bytes +- consisting of a 31-byte stem and a 1-byte suffix. The suffix allows for distinguishing the state information (account header data, code, storage) stored by the Tree Key. +- 31-byte stem: pedersen_hash + + ```jsx + def get_tree_key(address: Address32, tree_index: int, sub_index: int): + # Asssumes VERKLE_NODE_WIDTH = 256 + return ( + pedersen_hash(address + tree_index.to_bytes(32, 'little'))[:31] + + bytes([sub_index]) + ) + ``` + + +![Untitled](imgs/175/tree_key.png) + +verkle tree structure: + +![Untitled](imgs/175/verkle_tree_structure.png) + +### **Inner Node & Suffix Node(extension node)** + +***Suffix Node*** + +suffix node structure: + +![Untitled](imgs/175/suffix_node.png) + +- **1:** A marker for the suffix node, which is 1 on the elliptic curve but does not literally mean the number 1. +- **Stem:** The stem refers to the stem in the tree key. +- **C1, C2:** Are Pedersen Commitments. + +```jsx +C = Commit(1, C1, Stem, C2) +``` + +C1 and C2 commitment take the data form: + +![Untitled](imgs/175/C1_C2.png) + +- The reason for this division is that the creation of Pedersen Commitment is limited to committing up to 256 values of maximum 253-bit size, and for 256-bit values, data loss occurs. +- Process of storing 32-byte data under a tree key: + 1. Depending on the suffix, the data become v0, v1… v255 + 2. v0~v127 are included in C1, and v128~v255 are included in C2 to calculate the leaf node’s commitment + 3. For C1, each 32-byte value of v0~v127 is divided into the upper 16 bytes (v1,0) and the lower 16 bytes (v1, 1) to serve as coefficients in a polynomial. + + → each coefficient’s data being 16 bytes (128-bit) + + 4. 256-degree polynomial is committed: + - `C1 = commit([(v0,0), (v0,1), (v1,0), (v1,1)…(v127,0),(v127,1)])` + - `C2 = commit([(v128,0), (v128,1), (v129,0), (v129,1) … (v255,0),(v255,1)])` + 5. `C = Commit(1, C1, Stem, C2)` → commitment for the leaf node + +***Inner Node*** + +![Untitled](imgs/175/inner_node.png) + +- holds the stem value of the tree key and stores 256 pointers to sub-nodes +- C0, C1 … C255 represent the commitments of sub-nodes, and the inner node contains these commitments. + +An example of verkle tree containing 4 tree keys: + +- 0x00..20 +- 0xdefe…64 +- 0xde03a8..02 +- 0xde03a8..ff + +![Untitled](imgs/175/verkle_trie_example.png) + +Summary: + +- The Verkle Trie consists of two types of nodes: leaf nodes and inner nodes. +- A tree key contains a stem and a suffix. +- The same stem corresponds to the same leaf node. +- Data is stored differentiated by the suffix of the tree key. +- The tree key is encoded byte by byte along the path from the root to the leaf node. +- Data is included in the commitment of the leaf node. + + +[View on GitHub](https://github.com/qiwihui/blog/issues/175) + + diff --git "a/src/blogs/qiwihui-blog-176-Babylon_\345\215\217\350\256\256\350\204\232\346\234\254\346\250\241\346\213\237_|_Babylon_script_simulation.md" "b/src/blogs/qiwihui-blog-176-Babylon_\345\215\217\350\256\256\350\204\232\346\234\254\346\250\241\346\213\237_|_Babylon_script_simulation.md" new file mode 100644 index 00000000..c69b320f --- /dev/null +++ "b/src/blogs/qiwihui-blog-176-Babylon_\345\215\217\350\256\256\350\204\232\346\234\254\346\250\241\346\213\237_|_Babylon_script_simulation.md" @@ -0,0 +1,13 @@ +# Babylon 协议脚本模拟 | Babylon script simulation + + +视频链接: + +Babylon 是一个比特币链上的质押协议,可实现在比特币主网锁定比特币来为其他 PoS 消费链提供安全性,同时在 Babylon 主网或 PoS 消费链获得质押收益。 +用 Python 脚本模拟了 Babylon 协议的质押,timelock,unbonding 和 slashing 的过程。 + +Jupyter notebook: https://github.com/qiwihui/taproot-workshop/blob/master/babylon.ipynb + +[View on GitHub](https://github.com/qiwihui/blog/issues/176) + + diff --git "a/src/blogs/qiwihui-blog-177-\345\206\231\344\270\200\344\270\252_pump.fun_\346\231\272\350\203\275\345\220\210\347\272\246\357\274\214\345\210\233\345\273\272\344\273\245\345\244\252\345\235\212\344\270\212\347\232\204Meme\345\217\221\345\224\256\345\271\263\345\217\260.md" "b/src/blogs/qiwihui-blog-177-\345\206\231\344\270\200\344\270\252_pump.fun_\346\231\272\350\203\275\345\220\210\347\272\246\357\274\214\345\210\233\345\273\272\344\273\245\345\244\252\345\235\212\344\270\212\347\232\204Meme\345\217\221\345\224\256\345\271\263\345\217\260.md" new file mode 100644 index 00000000..518b5b99 --- /dev/null +++ "b/src/blogs/qiwihui-blog-177-\345\206\231\344\270\200\344\270\252_pump.fun_\346\231\272\350\203\275\345\220\210\347\272\246\357\274\214\345\210\233\345\273\272\344\273\245\345\244\252\345\235\212\344\270\212\347\232\204Meme\345\217\221\345\224\256\345\271\263\345\217\260.md" @@ -0,0 +1,33 @@ +# 写一个 pump.fun 智能合约,创建以太坊上的Meme发售平台 + + +Pump.fun 是 Solana 上的代币发售平台。在这个视频中我们创建了一个 ETH 上 Punp.fun 的智能合约。 + +代码仓库: https://github.com/qiwihui/pumpeth + + ## 第一部分 + +视频链接: + +主要包含如下功能: + +1. 创建代币 +2. 购买代币 +3. 卖出代币 + +## 第二部分 + +视频链接: + +主要包含如下功能: + +1. 检查 token 状态 +2. Fork mainnet 然后测试 +3. minimal proxy 模式 +4. Bonding Curve 曲线 + + + +[View on GitHub](https://github.com/qiwihui/blog/issues/177) + + diff --git "a/src/blogs/qiwihui-blog-178-Tornado_Cash_\344\273\243\347\240\201\345\256\236\350\267\265\347\263\273\345\210\227_|_Tornado_Cash_in_practice.md" "b/src/blogs/qiwihui-blog-178-Tornado_Cash_\344\273\243\347\240\201\345\256\236\350\267\265\347\263\273\345\210\227_|_Tornado_Cash_in_practice.md" new file mode 100644 index 00000000..1a26378e --- /dev/null +++ "b/src/blogs/qiwihui-blog-178-Tornado_Cash_\344\273\243\347\240\201\345\256\236\350\267\265\347\263\273\345\210\227_|_Tornado_Cash_in_practice.md" @@ -0,0 +1,23 @@ +# Tornado Cash 代码实践系列 | Tornado Cash in practice + + +这个系列的视频将从零到一实现 Tornado Cash 的功能,包括零知识证明电路,智能合约以及证明验证。希望你能从中学习到 Tornado Cash 的所用到的技术,并知道如何构建一个零知识证明应用。 + +[Tornado Cash](https://tornadoeth.cash/) 是一个以太坊上的混币器,通过使用零知识证明(Zero Knowledge Proof),Tornado Cash 可以打破区块链上源地址和目标地址之间的关联,解决隐私泄露的问题。Tornado Cash 使用了 Merkle 树和零知识证明电路,并在智能合约验证零知识证明。 + +系列视频: + +1. [Tornado Cash 代码实践(1): Tornado Cash 介绍](https://www.youtube.com/watch?v=Cg1ydjxBz-E) +2. [Tornado Cash 代码实践(2):零知识证明电路](https://www.youtube.com/watch?v=y1y_N-9VQdM) +3. [Tornado Cash 代码实践(3):存款和取款合约](https://www.youtube.com/watch?v=22Cpina52YE) +4. [Tornado Cash 代码实践(4):默克尔树](https://youtu.be/CBjdLpT22hI) +5. [Tornado Cash 代码实践(5):证明生成和验证](https://youtu.be/DPJ4ko_kvmk) +6. [Tornado Cash 代码实践(6):用 chatGPT 帮我生成交互页面](https://youtu.be/RKJ7C5jAtgY) +7. Tornado Cash 代码实践(7):测试网部署(TODO) + +视频中的文档: https://qiwihui.notion.site/Tornado-cash-92055ce981ea46668aa72d836085fd35 + + +[View on GitHub](https://github.com/qiwihui/blog/issues/178) + +