XuyangSong
commented
7 months ago - [x] A simple merkle hash tree: we build the tree from leaves and get the leaf with its corresponding path (no need for insert, append or remove operations).
- [x] The merkle path check circuit should be modified to handle different depths.
- [x] apply the memory sharing method to resource machines
- [x] deprecate the outdated circuits, like get_owned_variables, etc.
- [x] refactor the partial txs and txs
- [ ] update the examples
- [ ] update the Taiga spec
It's straightforward to achieve and totally get rid of the limitation of having a fixed number of inputs and outputs in the transparent situation. The following discussion is gonna be in the shielded situation.
The resource logic requires us to load the necessary resources generated from public inputs of compliance proofs and ensure that we don't reveal which resources are being used. Moreover, all resource logics should have the same circuit structure to prevent information leakage. One simple approach is to pass a fixed number of resources within the access scope (partial transaction) to the logic, as currently done in Taiga. However, this method has obvious drawbacks: we need to add dummy resources when the actual number is less than the fixed one, and split it into multiple partial transactions when it exceeds.
Basically, we need an efficient way to share memory (mostly resources) between compliance circuits and resource logic. One idea is to create a Merkle tree based on all the inputs and outputs from compliance in one partial transaction(the minimal atom execution environment). Instead of directly loading all the resources, the resource logic can simply access specific ones by following their respective paths using only the Merkle root as input. This means that even though resource logics can still maintain the same structure with one root (any information could be compressed into the root theoretically) and one self-owned identifier (nullifier of input resource, commitment of output resource). Plus, this approach allows for flexibility in terms of how many resources are involved in each resource logic(partial transaction).
Additionally, we can also use other vector commitments to avoid checking the merkle path for further performance improvement.