Skip to content
This repository was archived by the owner on Nov 20, 2024. It is now read-only.
This repository was archived by the owner on Nov 20, 2024. It is now read-only.

Babyjubjub signed transactions from L1 #2

Open
Open
Babyjubjub signed transactions from L1#2
Labels
circuits
Milestone
v2-circuits-implementation
@krlosMata

Description

@krlosMata
krlosMata
opened on Sep 28, 2020

Intro

All L1 transactions are controlled by the ethereum address menaing that ethereum transaction needs to be signed in order to perform some action on behalf on the rollup account fromIdx. Then, circuit checks that the msg.sender is the ethereum address in the rollup account fromIdx.
However, some rollup accounts could not have a valid ethereum address since those rollup accounts could be purely L2 rollup accounts. As a reminder, those accounts could be created by the coordinator on L1CoordinatorTx.

Issue

Purely L2 rollup accounts could not perform any L1 transaction since their ethereum address are set to 0xFF...FF. This leads to a DoS from the coordinator to those accounts. Coordinator could not include any transaction from an specifc account and if this account does not have an ethereum address, it will be blocked in the rollup forever.

Solution

Allow acting on behalf for a given rollup account on L1, fromIdx, by proving the ownership of the Babyjubjub associated with that rollup account. Therefore, one could perform L1 Tx either proving ownership of ethereum address or babyjubjub.

implementation approach

  • Circuit to check babyjubjub signature will be done in order to prove on the smart contract the ownership of a babyjubjub key.
  • Smart contract would have a mapping of nonces with Babyjubjub keys such as mapping(uint256 => uint40) public nonceTrack; in order to avoid replay attacks. One could took the parameters of a proof and reuse them. (Note: this does not happen with etehreum addresses since ethereum blockchain itself manages the nonce for ethereum addresses)
  • fromBjj-compressed field on L1 Tx could be used inside the circuit to check ownership
  • Babyjubjub key would need to sign a message such as Authorize L1 transaction with nonce ${nonce}. This message will be checked on the circuit and in the smart contract.

circuit optimization

  • Currently, there is one circuit withdrawal to perform withdraws from L1 to ethereum account. The same circuit could be used to perform the babyjubjub signature check. The circuit would have different functionalities and smart contract will select them depending on transaction type.
  • This optimization saves to add another Verifier.sol into the smart contract and another trusted setup

Metadata

Metadata

Assignees

No one assigned

    Labels

    circuits

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions