Skip to content

docs: aggregation #391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jonaprieto merged 1 commit into from
Nov 17, 2025
Merged

docs: aggregation #391

jonaprieto merged 1 commit into from
Nov 17, 2025

Conversation

@larraia
Copy link

@larraia larraia commented Nov 6, 2025

Proof aggregation.

@larraia larraia requested a review from vveiln November 6, 2025 14:39
@github-actions
Copy link

github-actions bot commented Nov 6, 2025
edited
Loading

The preview of this PR has been deleted.

vveiln
vveiln approved these changes Nov 14, 2025
View reviewed changes
Copy link
Member

@vveiln vveiln left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! I left a couple of minor comments

docs/arch/system/state/shielded_resource_machine/proving/proof_aggregation.md Outdated
@@ -1,3 +1,39 @@
# Proof aggregation
An aggregation proof attests to the validity of all compliance and logic proofs of an RM transaction. With aggregation, the [raw RM proofs](../proving/index.md) (except the delta proof) are no longer needed, so they can be erased. Reducing thereby verification time and transaction size.
Copy link
Member

@vveiln vveiln Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are no longer needed

maybe we could change it to "don't need to be stored in the transaction structure", otherwise it sounds like we don't need to prove the proofs

Copy link
Author

@larraia larraia Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed

docs/arch/system/state/shielded_resource_machine/proving/proof_aggregation.md Outdated
Passing the raw proofs as witnesses means they are not needed to verify the aggregation proof. This is what allows to remove them from the RM transaction.

!!! note
The verifier must be aware of what has been verified by the prover during aggregation. This means the aggregation instance must account for the raw verifying keys and raw instances. However, they do not need to appear explicitly. A _binding_ (and possibly short) commitment suffices.
Copy link
Member

@vveiln vveiln Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This note explains why we include vks and instances in the instance, right?

Can we rephrase "This means the aggregation instance must account ..." to "That is why we include raw verifying keys.."?

Copy link
Author

@larraia larraia Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed

docs/arch/system/state/shielded_resource_machine/proving/proof_aggregation.md Outdated
!!! note
The verifier must be aware of what has been verified by the prover during aggregation. This means the aggregation instance must account for the raw verifying keys and raw instances. However, they do not need to appear explicitly. A _binding_ (and possibly short) commitment suffices.
## Aggregation constraints
An aggregation must check the following:
Copy link
Member

@vveiln vveiln Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aggregation circuit

Copy link
Author

@larraia larraia Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added

docs/arch/system/state/shielded_resource_machine/proving/proof_aggregation.md Outdated
An aggregation must check the following:
1. Verify each compliance proof against its corresponding compliance instance using the compliance verifying key
2. Verify each logic proof against its corresponding logic instance using the corresponding logic verifying key
2. Other aggregation-specific constraints
Copy link
Member

@vveiln vveiln Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. the item number should be 3
  2. Can we specify what constraints?

Copy link
Author

@larraia larraia Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Fixed.
  2. What I meant is that depending on the aggregation circuit there may be more constraints. (For batch strategy there is no more constraints, for sequential strategy correct accumulation/hashing must be enforced also. The strategies are described below.) I changed the paragraph so hopefully is clearer now.

@larraia larraia force-pushed the enrique/aggregation branch from ba60b36 to 8d3c6bb Compare November 14, 2025 13:30
@larraia larraia force-pushed the enrique/aggregation branch from 8d3c6bb to 022e34d Compare November 14, 2025 13:34
@jonaprieto jonaprieto merged commit 4be22ff into v1.0.0 Nov 17, 2025
3 checks passed
@jonaprieto jonaprieto deleted the enrique/aggregation branch November 17, 2025 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vveiln vveiln vveiln approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@larraia @vveiln @jonaprieto