update changelog; remove deprecated functions; replace with new ones;…

… promote functions

CHANGELOG.md

@@ -17,6 +17,33 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased](https://github.com/o1-labs/o1js/compare/f15293a69...HEAD)
 
+## [2.0.0](https://github.com/o1-labs/o1js/compare/f15293a69...HEAD)
+
+### Breaking Changes
+
+- The `divMod32()` gadget was modified to accept `nBits` instead of `quotientBits`, and assert it is in the range [0, 2\*\*255) to address an issue previously where the bound on `quotientBits` was too low https://github.com/o1-labs/o1js/pull/1763.
+- `Provable.equal()` now turns both types into canonical form before comparing them https://github.com/o1-labs/o1js/pull/1759
+  - Removed implicit version `Provable.equal(x, y)` where you didn't have to pass in the type
+- The return signature of a zkProgram has changed. https://github.com/o1-labs/o1js/pull/1809
+  - A zkProgram method must now explicitly define the return type of the method when the method has a public or auxiliary output defined.
+  - The return type of a proven method has changed as a result of this.
+- Various breaking constraint changes in internal methods or circuits because of audit fix.
+- Removal of various deprecated methods and functions.
+  - Promotion of various methods and functions to stable as part of change.
+  - A slightly modified encryption and decryption algorithm. https://github.com/o1-labs/o1js/pull/1729
+- Promotion of `TokenContractV2` to `TokenContract` with a correct amount of maximum account updates.
+
+### Added
+
+- `zkProgram` methods now support `auxiliaryOutput`. https://github.com/o1-labs/o1js/pull/1809
+  - Each program method now accepts an optional property `auxiliaryOutput`
+  - Auxiliary output is additional output that the zkProgram method returns
+- New method `toCanonical()` in the `Provable<T>` interface to protect against incompleteness of certain operations on malicious witness inputs https://github.com/o1-labs/o1js/pull/1759
+- `divMod64()` division modulo 2^64 that returns the remainder and quotient of the operation
+- `addMod64()` addition modulo 2^64
+- Bitwise OR via `{UInt32, UInt64}.or()`
+- **BLAKE2B hash function** gadget [#1285](https://github.com/o1-labs/o1js/pull/1285)
+
 ### Fixes
 
 - Decouple offchain state instances from their definitions https://github.com/o1-labs/o1js/pull/1834

src/examples/encryption.ts

@@ -1,90 +1,32 @@
+import assert from 'assert';
 import {
-  Encryption,
-  Encoding,
+  Bytes,
   PrivateKey,
-  Provable,
   initializeBindings,
+  Encryption,
+  Encoding,
 } from 'o1js';
 
 await initializeBindings();
 
-// generate keys
-let privateKey = PrivateKey.random();
-let publicKey = privateKey.toPublicKey();
-
-// message
-let message = 'This is a secret.';
-let messageFields = Encoding.stringToFields(message);
-
-// encrypt
-let cipherText = Encryption.encrypt(messageFields, publicKey);
-
-// decrypt
-let decryptedFields = Encryption.decrypt(cipherText, privateKey);
-let decryptedMessage = Encoding.stringFromFields(decryptedFields);
-
-if (decryptedMessage !== message) throw Error('decryption failed');
-console.log(`Original message: "${message}"`);
-console.log(`Recovered message: "${decryptedMessage}"`);
-
-// the same but in a checked computation
-
-await Provable.runAndCheck(() => {
-  // encrypt
-  let cipherText = Encryption.encrypt(messageFields, publicKey);
-
-  // decrypt
-  let decryptedFields = Encryption.decrypt(cipherText, privateKey);
-
-  messageFields.forEach((m, i) => {
-    m.assertEquals(decryptedFields[i]);
-  });
-});
-
-// With a longer message
-message = JSON.stringify({
-  coinbase: {
-    btc: 40000.0,
-    eth: 3000.0,
-    usdc: 1.0,
-    ada: 1.02,
-    avax: 70.43,
-    mina: 2.13,
-  },
-  binance: {
-    btc: 39999.0,
-    eth: 3001.0,
-    usdc: 1.01,
-    ada: 0.99,
-    avax: 70.21,
-    mina: 2.07,
-  },
-});
-messageFields = Encoding.stringToFields(message);
-
-// encrypt
-cipherText = Encryption.encrypt(messageFields, publicKey);
-
-// decrypt
-decryptedFields = Encryption.decrypt(cipherText, privateKey);
-decryptedMessage = Encoding.stringFromFields(decryptedFields);
-
-if (decryptedMessage !== message) throw Error('decryption failed');
-console.log(`Original message: "${message}"`);
-console.log(`Recovered message: "${decryptedMessage}"`);
-
-// the same but in a checked computation
+class Bytes256 extends Bytes(256) {}
+const priv = PrivateKey.random();
+const pub = priv.toPublicKey();
 
-await Provable.runAndCheck(() => {
-  // encrypt
-  let cipherText = Encryption.encrypt(messageFields, publicKey);
+const plainMsg = 'The quick brown fox jumped over the angry dog.';
 
-  // decrypt
-  let decryptedFields = Encryption.decrypt(cipherText, privateKey);
+console.log('en/decryption of field elements');
+const cipher2 = Encryption.encrypt(Encoding.stringToFields(plainMsg), pub);
+const plainText2 = Encryption.decrypt(cipher2, priv);
 
-  messageFields.forEach((m, i) => {
-    m.assertEquals(decryptedFields[i]);
-  });
-});
+assert(
+  Encoding.stringFromFields(plainText2) === plainMsg,
+  'Plain message and decrypted message are the same'
+);
 
-console.log('everything works!');
+console.log('en/decryption of bytes');
+const message = Bytes256.fromString(plainMsg);
+console.log('plain message', plainMsg);
+const cipher = Encryption.encryptBytes(message, pub);
+const plainText = Encryption.decryptBytes(cipher, priv);
+console.log('decrypted message', Buffer.from(plainText.toBytes()).toString());

src/examples/internals/advanced-provable-types.ts

@@ -19,7 +19,7 @@ AccountUpdate satisfies Provable<AccountUpdate>;
 console.log(`an account update has ${AccountUpdate.sizeInFields()} fields`);
 
 let address = PrivateKey.random().toPublicKey();
-let accountUpdate = AccountUpdate.defaultAccountUpdate(address);
+let accountUpdate = AccountUpdate.default(address);
 accountUpdate.body.callDepth = 5;
 accountUpdate.lazyAuthorization = { kind: 'lazy-signature' };
 

src/examples/nullifier.ts

@@ -28,10 +28,10 @@ class PayoutOnlyOnce extends SmartContract {
     );
 
     // we compute the current root and make sure the entry is set to 0 (= unused)
-    nullifier.assertUnusedV2(nullifierWitness, nullifierRoot);
+    nullifier.assertUnused(nullifierWitness, nullifierRoot);
 
     // we set the nullifier to 1 (= used) and calculate the new root
-    let newRoot = nullifier.setUsedV2(nullifierWitness);
+    let newRoot = nullifier.setUsed(nullifierWitness);
 
     // we update the on-chain root
     this.nullifierRoot.set(newRoot);

src/examples/zkapps/dex/dex-with-actions.ts

@@ -86,7 +86,7 @@ class Dex extends TokenContract {
   @method async createAccount() {
     this.internal.mint({
       // unconstrained because we don't care which account is created
-      address: this.sender.getUnconstrainedV2(),
+      address: this.sender.getUnconstrained(),
       amount: UInt64.from(0),
     });
   }
@@ -104,7 +104,7 @@ class Dex extends TokenContract {
   @method.returns(UInt64)
   async supplyLiquidityBase(dx: UInt64, dy: UInt64) {
     // unconstrained because `transfer()` requires sender signature anyway
-    let user = this.sender.getUnconstrainedV2();
+    let user = this.sender.getUnconstrained();
     let tokenX = new TrivialCoin(this.tokenX);
     let tokenY = new TrivialCoin(this.tokenY);
 
@@ -175,7 +175,7 @@ class Dex extends TokenContract {
    * contracts pay you tokens when reducing the action.
    */
   @method async redeemInitialize(dl: UInt64) {
-    let sender = this.sender.getUnconstrainedV2(); // unconstrained because `burn()` requires sender signature anyway
+    let sender = this.sender.getUnconstrained(); // unconstrained because `burn()` requires sender signature anyway
     this.reducer.dispatch(new RedeemAction({ address: sender, dl }));
     this.internal.burn({ address: sender, amount: dl });
     // TODO: preconditioning on the state here ruins concurrent interactions,
@@ -209,7 +209,7 @@ class Dex extends TokenContract {
    * the called methods which requires proof authorization.
    */
   async swapX(dx: UInt64) {
-    let user = this.sender.getUnconstrainedV2(); // unconstrained because `swap()` requires sender signature anyway
+    let user = this.sender.getUnconstrained(); // unconstrained because `swap()` requires sender signature anyway
     let tokenY = new TrivialCoin(this.tokenY);
     let dexY = new DexTokenHolder(this.address, tokenY.deriveTokenId());
     let dy = await dexY.swap(user, dx, this.tokenX);
@@ -228,7 +228,7 @@ class Dex extends TokenContract {
    * the called methods which requires proof authorization.
    */
   async swapY(dy: UInt64) {
-    let user = this.sender.getUnconstrainedV2(); // unconstrained because `swap()` requires sender signature anyway
+    let user = this.sender.getUnconstrained(); // unconstrained because `swap()` requires sender signature anyway
     let tokenX = new TrivialCoin(this.tokenX);
     let dexX = new DexTokenHolder(this.address, tokenX.deriveTokenId());
     let dx = await dexX.swap(user, dy, this.tokenY);

src/examples/zkapps/dex/dex.ts

@@ -56,7 +56,7 @@ function createDex({
      */
     @method.returns(UInt64)
     async supplyLiquidityBase(dx: UInt64, dy: UInt64) {
-      let user = this.sender.getUnconstrainedV2(); // unconstrained because transfer() requires the signature anyway
+      let user = this.sender.getUnconstrained(); // unconstrained because transfer() requires the signature anyway
       let tokenX = new TokenContract(this.tokenX);
       let tokenY = new TokenContract(this.tokenY);
 
@@ -155,7 +155,7 @@ function createDex({
      */
     async redeemLiquidity(dl: UInt64) {
       // call the token X holder inside a token X-approved callback
-      let sender = this.sender.getUnconstrainedV2(); // unconstrained because redeemLiquidity() requires the signature anyway
+      let sender = this.sender.getUnconstrained(); // unconstrained because redeemLiquidity() requires the signature anyway
       let tokenX = new TokenContract(this.tokenX);
       let dexX = new DexTokenHolder(this.address, tokenX.deriveTokenId());
       let { values: dxdy } = await dexX.redeemLiquidity(
@@ -177,7 +177,7 @@ function createDex({
      */
     @method.returns(UInt64)
     async swapX(dx: UInt64) {
-      let sender = this.sender.getUnconstrainedV2(); // unconstrained because swap() requires the signature anyway
+      let sender = this.sender.getUnconstrained(); // unconstrained because swap() requires the signature anyway
       let tokenY = new TokenContract(this.tokenY);
       let dexY = new DexTokenHolder(this.address, tokenY.deriveTokenId());
       let dy = await dexY.swap(sender, dx, this.tokenX);
@@ -194,7 +194,7 @@ function createDex({
      */
     @method.returns(UInt64)
     async swapY(dy: UInt64) {
-      let sender = this.sender.getUnconstrainedV2(); // unconstrained because swap() requires the signature anyway
+      let sender = this.sender.getUnconstrained(); // unconstrained because swap() requires the signature anyway
       let tokenX = new TokenContract(this.tokenX);
       let dexX = new DexTokenHolder(this.address, tokenX.deriveTokenId());
       let dx = await dexX.swap(sender, dy, this.tokenY);
@@ -233,7 +233,7 @@ function createDex({
 
     @method.returns(UInt64)
     async swapX(dx: UInt64) {
-      let sender = this.sender.getUnconstrainedV2(); // unconstrained because swap() requires the signature anyway
+      let sender = this.sender.getUnconstrained(); // unconstrained because swap() requires the signature anyway
       let tokenY = new TokenContract(this.tokenY);
       let dexY = new ModifiedDexTokenHolder(
         this.address,

src/examples/zkapps/escrow/token-escrow.ts

@@ -29,7 +29,7 @@ class TokenEscrow extends SmartContract {
    */
   @method async withdraw(amount: UInt64) {
     // only the admin can withdraw
-    this.sender.getAndRequireSignatureV2().assertEquals(admin);
+    this.sender.getAndRequireSignature().assertEquals(admin);
 
     // withdraw the amount
     let receiverAU = this.send({ to: admin, amount });

src/examples/zkapps/simple-zkapp-payment.ts

@@ -18,12 +18,12 @@ class PaymentContainer extends SmartContract {
 
   @method async withdraw(amount: UInt64) {
     // unconstrained because we don't care where the user wants to withdraw to
-    let to = this.sender.getUnconstrainedV2();
+    let to = this.sender.getUnconstrained();
     this.send({ to, amount });
   }
 
   @method async deposit(amount: UInt64) {
-    let sender = this.sender.getUnconstrainedV2(); // unconstrained because we're already requiring a signature in the next line
+    let sender = this.sender.getUnconstrained(); // unconstrained because we're already requiring a signature in the next line
     let senderUpdate = AccountUpdate.createSigned(sender);
     senderUpdate.send({ to: this, amount });
   }

src/index.ts

@@ -110,10 +110,7 @@ export {
 } from './lib/mina/account-update.js';
 
 export { TokenAccountUpdateIterator } from './lib/mina/token/forest-iterator.js';
-export {
-  TokenContract,
-  TokenContractV2,
-} from './lib/mina/token/token-contract.js';
+export { TokenContract } from './lib/mina/token/token-contract.js';
 
 export type { TransactionStatus } from './lib/mina/graphql.js';
 export {

src/lib/mina/account-update-layout.unit-test.ts

@@ -7,13 +7,13 @@ import { SmartContract, method } from './zkapp.js';
 
 class NestedCall extends SmartContract {
   @method async deposit() {
-    let sender = this.sender.getUnconstrainedV2();
+    let sender = this.sender.getUnconstrained();
     let payerUpdate = AccountUpdate.createSigned(sender);
     payerUpdate.send({ to: this.address, amount: UInt64.one });
   }
 
   @method async depositUsingTree() {
-    let sender = this.sender.getUnconstrainedV2();
+    let sender = this.sender.getUnconstrained();
     let payerUpdate = AccountUpdate.createSigned(sender);
     let receiverUpdate = AccountUpdate.create(this.address);
     payerUpdate.send({ to: receiverUpdate, amount: UInt64.one });