Skip to content

feat: SNARK-friendly protocol message#3254

Merged
jpraynaud merged 16 commits into
mainfrom
jpraynaud/3146-snark-friendly-protocol-message
May 12, 2026
Merged

feat: SNARK-friendly protocol message#3254
jpraynaud merged 16 commits into
mainfrom
jpraynaud/3146-snark-friendly-protocol-message

Conversation

@jpraynaud
Copy link
Copy Markdown
Member

@jpraynaud jpraynaud commented May 5, 2026
edited
Loading

Content

This PR includes a SNARK-friendly variant of the ProtocolMessage so its hash can be opened in the IVC circuit, while keeping the legacy hash scheme byte-identical for backward compatibility:

  • New ProtocolMessageHashScheme (Legacy, Rigid) on ProtocolMessage. Legacy stays the default and serializes without the field (pre-Lagrange wire shape preserved).
  • Rigid scheme assembles a fixed-size labeled preimage: digest || next_aggregate_verification_key || next_protocol_parameters || current_epoch (190 bytes total).
  • SignableBuilderService becomes era-aware: Pythagoras keeps Legacy, Lagrange flips to Rigid and runs check_rigid_integrity before signing.
  • Everything rigid-specific is gated behind the future_snark feature.

Pre-submit checklist

  • Branch
    • Tests are provided (if possible)
    • Crates versions are updated (if relevant)
    • CHANGELOG file is updated (if relevant)
    • Commit sequence broadly makes sense
    • Key commits have useful messages
  • PR
    • All check jobs of the CI have succeeded
    • Self-reviewed the diff
    • Useful pull request description
    • Reviewer requested

Comments

One new TODO is intentional: to_rigid_slot_bytes writes 4 zero bytes between the Merkle root and total_stake to mirror the IVC test fixture's leaf-count slot.

Issue(s)

Closes #3146

@jpraynaud jpraynaud self-assigned this May 5, 2026
Copilot AI review requested due to automatic review settings May 5, 2026 15:46
@jpraynaud jpraynaud marked this pull request as draft May 5, 2026 15:46
github-advanced-security[bot]
github-advanced-security AI found potential problems May 5, 2026
View reviewed changes
Comment thread mithril-common/src/entities/protocol_message.rs Fixed
Comment thread mithril-stm/src/proof_system/halo2_snark/aggregate_key.rs Fixed
Comment thread mithril-stm/src/protocol/parameters.rs Fixed
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a SNARK-friendly (“rigid”) variant of ProtocolMessage hashing to support opening the protocol-message hash inside the IVC circuit, while preserving byte-identical legacy hashing/serialization for pre-Lagrange certificates. Activation is era-driven (Pythagoras → Legacy, Lagrange → Rigid) and rigid-specific behavior is gated behind the future_snark feature.

Changes:

  • Add ProtocolMessageHashScheme (Legacy default, Rigid) and implement rigid labeled-preimage hashing + integrity checks (feature-gated).
  • Add rigid-slot encodings for SNARK AVK (44 bytes) and protocol parameters (32 bytes) with stability tests.
  • Make SignableBuilderService era-aware: enforce SNARK AVK presence + rigid integrity in Lagrange; add verifier tests covering rigid dispatch and era transition.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
mithril-stm/src/protocol/parameters.rs Adds a 32-byte rigid-slot encoding for protocol parameters (feature-gated) + golden tests.
mithril-stm/src/proof_system/halo2_snark/aggregate_key.rs Adds a 44-byte rigid-slot projection for SNARK AVK + golden test.
mithril-aggregator/src/services/signable_builder/signable_seed_builder.rs Adds era discovery (compute_current_era) for Lagrange/Pythagoras dispatch (feature-gated).
mithril-signer/src/services/signable_builder/signable_seed_builder.rs Adds era discovery (compute_current_era) for Lagrange/Pythagoras dispatch (feature-gated).
mithril-common/src/signable_builder/interface.rs Extends SignableSeedBuilder with compute_current_era under future_snark.
mithril-common/src/signable_builder/signable_builder_service.rs Era-aware selection of rigid hashing in Lagrange + rigid integrity check before returning the message.
mithril-common/src/entities/protocol_message.rs Implements ProtocolMessageHashScheme, rigid preimage assembly/hashing, and rigid integrity validation (feature-gated).
mithril-common/src/entities/mod.rs Updates entities re-exports to include new protocol-message types.
mithril-common/src/certificate_chain/certificate_verifier.rs Adds tests ensuring verifier logic accepts rigid protocol messages and era-transition chaining behavior.

Comment thread mithril-common/src/entities/mod.rs Outdated
Comment thread mithril-stm/src/proof_system/halo2_snark/aggregate_key.rs
Comment thread mithril-common/src/entities/protocol_message.rs Outdated
Comment thread mithril-common/src/entities/protocol_message.rs
Comment thread mithril-common/src/entities/protocol_message.rs
Comment thread mithril-common/src/signable_builder/signable_builder_service.rs
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 5, 2026
edited
Loading

Test Results

     5 files  ± 0     203 suites  ±0   1h 1m 23s ⏱️ - 3h 37m 12s
 3 054 tests + 3   3 054 ✅ + 3  0 💤 ±0  0 ❌ ±0 
10 459 runs  +24  10 459 ✅ +24  0 💤 ±0  0 ❌ ±0 

Results for commit 781f2ef. ± Comparison against base commit e0ad33f.

This pull request removes 54 and adds 57 tests. Note that renamed tests count towards both. 
mithril-common ‑ entities::protocol_message::tests::test_protocol_message_compute_hash_include_lastest_immutable_file_number
mithril-common ‑ entities::protocol_message::tests::test_protocol_message_compute_hash_the_same_hash_with_same_protocol_message
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::index_out_of_bounds
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::index_too_large_for_circuit_range
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::indices_not_increasing
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::leaf_merkle_path_mismatch
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::leaf_swap_keep_merkle_path
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::leaf_wrong_verification_key
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::merkle_path_corrupt_sibling
mithril-stm ‑ circuits::halo2::tests::golden::cases::negative::slow::merkle_path_flip_position
…

mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::aggregate_verification_key_chain_dispatches_to_concatenation_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::concatenation_aggregate_verification_key_chains_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::epoch_chain_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::predecessor_uses_legacy_hash_scheme_and_successor_uses_rigid_hash_scheme
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::previous_hash_chain_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::protocol_parameters_chain_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::snark_signature_dispatch::aggregate_verification_key_chain_dispatches_to_snark_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::era_transition_chain_linkage::snark_signature_dispatch::snark_aggregate_verification_key_chains_at_era_transition
mithril-common ‑ certificate_chain::certificate_verifier::tests::rigid_protocol_message_dispatch::verify_epoch_matches_protocol_message_accepts_rigid_variant_when_epoch_matches
mithril-common ‑ certificate_chain::certificate_verifier::tests::rigid_protocol_message_dispatch::verify_epoch_matches_protocol_message_rejects_rigid_variant_when_epoch_mismatches
…

♻️ This comment has been updated with latest results.

@jpraynaud jpraynaud temporarily deployed to testing-preview May 5, 2026 16:01 — with GitHub Actions Inactive
@jpraynaud jpraynaud force-pushed the jpraynaud/3146-snark-friendly-protocol-message branch from 645abc6 to 825856e Compare May 5, 2026 16:04
@jpraynaud jpraynaud temporarily deployed to testing-preview May 5, 2026 16:21 — with GitHub Actions Inactive
@jpraynaud jpraynaud marked this pull request as ready for review May 6, 2026 08:11
@jpraynaud jpraynaud requested review from Alenar and turmelclem May 6, 2026 08:12
@jpraynaud jpraynaud temporarily deployed to testing-preview May 6, 2026 10:51 — with GitHub Actions Inactive
turmelclem
turmelclem approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@turmelclem turmelclem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Alenar
Alenar approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Alenar Alenar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Comment thread mithril-common/src/signable_builder/interface.rs Outdated
@jpraynaud jpraynaud force-pushed the jpraynaud/3146-snark-friendly-protocol-message branch from 8ba311f to 3c015d2 Compare May 7, 2026 16:19
@jpraynaud
Copy link
Copy Markdown
Member Author

jpraynaud commented May 7, 2026

Hi @curiecrypt @hjeljeli32 @damrobi could you review the cryptographic part?

  • mithril-common/src/entities/protocol_message.rs
  • mithril-stm/*

@jpraynaud jpraynaud temporarily deployed to testing-preview May 7, 2026 16:37 — with GitHub Actions Inactive
hjeljeli32
hjeljeli32 approved these changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@hjeljeli32 hjeljeli32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 . I just left one comment about the behavior of rigid_preimage function.

Comment thread mithril-common/src/entities/protocol_message.rs
jpraynaud added 7 commits May 11, 2026 09:37
@jpraynaud
feat(common): update ProtocolMessage to support multiple hash schemes
53cda4d 
And become SNARK-friendly so that its hash can be opened in the IVC circuit.
@jpraynaud
tests(common): test ProtocolMessage chaining for hash schemes
b678ba9
@jpraynaud
feat(common): add era awareness for SignableBuilder
efe22d6
@jpraynaud
tests(common): test certificate chain linkage across Pythagoras to La…
14e2dd5 
…grange era transition

Cover concatenation AVK, SNARK AVK, protocol parameters, epoch and previous-hash chaining when the predecessor uses the legacy hash scheme (Pythagoras) and the successor uses the rigid hash scheme (Lagrange).
@jpraynaud
feat(aggregator): add era awareness for signable builder
bd99649
@jpraynaud
feat(signer): add era awareness for signable builder
edf0e2f
@jpraynaud
feat(common): check rigid layout integrity in the signable builder
72bab50
jpraynaud added 9 commits May 11, 2026 09:37
@jpraynaud
feat(common): gate the rigid protocol message scheme behind 'future_s…
3fdd565 
…nark'
@jpraynaud
feat(stm): project SNARK AVK to a 44-bytes rigid slot
3b87658
@jpraynaud
chore: apply review comments
f41b29e
@jpraynaud
refactor(common): enhance readability of rigid ProtocolMessage
10f320f
@jpraynaud
tests(common): add golden tests for ProtocolMessage
e909178
@jpraynaud
refactor(common): gate Rigid scheme variant of ProtocolMessage behind…
f7c7de3 
… 'future_snark'
@jpraynaud
refactor: move era fetching responsibility to 'SignableBuilderService…
a2c31d5 
…EraFetcher' trait

Instead of having 'SignableSeedBuilder' trait supporting it.
@jpraynaud
docs: update CHANGELOGs
3a6061f
@jpraynaud
chore: upgrade crate versions
781f2ef 
* mithril-era from `0.1.8` to `0.1.9`
* mithril-aggregator from `0.8.50` to `0.8.51`
* mithril-common from `0.6.71` to `0.6.72`
* mithril-signer from `1.0.0` to `1.0.1`
* mithril-stm from `0.10.16` to `0.10.17`
@jpraynaud jpraynaud force-pushed the jpraynaud/3146-snark-friendly-protocol-message branch from 3c015d2 to 781f2ef Compare May 11, 2026 10:09
@jpraynaud jpraynaud temporarily deployed to testing-preview May 11, 2026 10:45 — with GitHub Actions Inactive
@jpraynaud jpraynaud merged commit afdbf61 into main May 12, 2026
89 of 90 checks passed
@jpraynaud jpraynaud deleted the jpraynaud/3146-snark-friendly-protocol-message branch May 12, 2026 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Alenar Alenar Alenar approved these changes

@hjeljeli32 hjeljeli32 hjeljeli32 approved these changes

@turmelclem turmelclem turmelclem approved these changes

@curiecrypt curiecrypt Awaiting requested review from curiecrypt curiecrypt is a code owner

@damrobi damrobi Awaiting requested review from damrobi damrobi is a code owner

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@jpraynaud jpraynaud

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement SNARK-friendly protocol message

6 participants

@jpraynaud @Alenar @github-advanced-security @hjeljeli32 @turmelclem