All notable changes to this project are documented in this file.
The format is based on Keep a Changelog. This project adheres to Semantic Versioning.
2.1.0 - 2024-11-13
- Support secp256r1 in elliptic curve and ECDSA gadgets #1885
- Witness generation error in
Gadgets.arrayGet()
when accessing out-of-bounds indices #1886
- The
divMod32()
gadget was modified to acceptnBits
instead ofquotientBits
, and assert it is in the range [0, 2**255) to address an issue previously where the bound onquotientBits
was too low #1763. Provable.equal()
now turns both types into canonical form before comparing them #1759- Removed implicit version
Provable.equal(x, y)
where you didn't have to pass in the type
- Removed implicit version
- The return signature of a zkProgram has changed. #1809
- A zkProgram method must now explicitly define the return type of the method when the method has a public or auxiliary output defined.
- The return type of a proven method has changed as a result of this.
- Various breaking constraint changes in internal methods or circuits because of audit fix.
- Removal of various deprecated methods and functions.
- Promotion of various methods and functions to stable as part of change.
- A slightly modified encryption and decryption algorithm. #1729
- Promotion of
TokenContractV2
toTokenContract
with a correct amount of maximum account updates.
ZkProgram
methods now supportauxiliaryOutput
. #1809- Each program method now accepts an optional property
auxiliaryOutput
- Auxiliary output is additional output that the zkProgram method returns
- Each program method now accepts an optional property
- New method
toCanonical()
in theProvable<T>
interface to protect against incompleteness of certain operations on malicious witness inputs #1759 divMod64()
division modulo 2^64 that returns the remainder and quotient of the operationaddMod64()
addition modulo 2^64- Bitwise OR via
{UInt32, UInt64}.or()
- BLAKE2B hash function gadget #1285
1.9.1 - 2024-10-15
- Performance regression when compiling recursive circuits is fixed #1874
- Decouple offchain state instances from their definitions #1834
1.9.0 - 2024-10-15
- Make
Proof
a normal provable type, that can be witnessed and composed into Structs #1847, #1851- ZkProgram and SmartContract now also support private inputs that are not proofs themselves, but contain proofs nested within a Struct or array
- Only
SelfProof
can still not be nested because it needs special treatment
- Fix verification of serialized proofs done before compiling any circuits #1857
1.8.0 - 2024-09-18
- Added
verifyEthers
method to verify Ethereum signatures using the EIP-191 message hashing standard. #1815- Added
fromEthers
method for parsing and converting Ethereum public keys intoForeignCurve
points, supporting both compressed and uncompressed formats. - Added
fromHex
method for converting hexadecimal strings intoForeignCurve
points.
- Added
- Fix incorrect behavior of optional proving for zkPrograms where
myProgram.setProofsEnabled(false)
wouldn't work when called beforemyProgram.compile()
. #1827 - Fix incorrect behavior of
state.fetch()
for custom token contracts. @rpanic #1853
1.7.0 - 2024-09-04
- Added
Encryption.encryptV2()
andEncryption.decryptV2()
for an updated encryption algorithm that guarantees cipher text integrity.- Also added
Encryption.encryptBytes()
andEncryption.decryptBytes()
using the same algorithm.
- Also added
- New option
proofsEnabled
forzkProgram
(default value:true
), to quickly test circuit logic with proofs disabled #1805- Additionally added
MyProgram.proofsEnabled
to get the internal value ofproofsEnabled
andMyProgram.setProofsEnabled(proofsEnabled)
to set the value dynamically.
- Additionally added
this.sender.getAndRequireSignature()
/getUnconstrained()
deprecated in favor ofV2
versions due to a vulnerability #1799
- Fix behavior of
Int64.modV2()
when the input is negative and the remainder should be 0 #1797
1.6.0 - 2024-07-23
SmartContract.emitEventIf()
to conditionally emit an event #1746- Added
Encryption.encryptV2()
andEncryption.decryptV2()
for an updated encryption algorithm that guarantees cipher text integrity.- Also added
Encryption.encryptBytes()
andEncryption.decryptBytes()
using the same algorithm.
- Also added
- Reduced maximum bit length for
xor
,not
, andand
, operations from 254 to 240 bits to prevent overflow vulnerabilities. #1745 - Allow using
Type
instead ofType.provable
in APIs that expect a provable type #1751- Example:
Provable.witness(Bytes32, () => bytes)
- Example:
- Automatically wrap and unwrap
Unconstrained
infromValue
andtoValue
, so that we don't need to deal with "unconstrained" values outside provable code #1751
1.5.0 - 2024-07-09
- Fixed a vulnerability in
OffchainState
where it didn't store theIndexedMerkleTree
length onchain and left it unconstrained #1676
- A warning about the current reducer API limitations, as well as a mention of active work to mitigate them was added to doc comments and examples #1728
ForeignField
-based representation of scalars viaScalarField
#1705- Introduced new V2 methods for nullifier operations:
isUnusedV2()
,assertUnusedV2()
, andsetUsedV2()
#1715 Int64.create()
method for safe instance creation with canonical zero representation #1735- New V2 methods for
Int64
operations:fromObjectV2
,divV2()
#1735 Experimental.BatchReducer
to reduce actions in batches #1676- Avoids the account update limit
- Handles arbitrary numbers of pending actions thanks to recursive validation of the next batch
- Add conditional versions of all preconditions:
.requireEqualsIf()
#1676 AccountUpdate.createIf()
to conditionally add an account update to the current transaction #1676IndexedMerkleMap.setIf()
to set a key-value pair conditionally #1676Provable.assertEqualIf()
to conditionally assert that two values are equal #1676- Add
offchainState.setContractClass()
which enables us to declare the connected contract at the top level, without creating a contract instance #1676- This is enough to call
offchainState.compile()
- This is enough to call
- More low-level methods to interact with
MerkleList
#1676popIfUnsafe()
,toArrayUnconstrained()
andlengthUnconstrained()
- Improve error message when o1js global state is accessed in an invalid way #1676
- Start developing an internal framework for local zkapp testing #1676
- Internally upgrade o1js to TypeScript 5.4 #1676
- Deprecated
Nullifier.isUnused()
,Nullifier.assertUnused()
, andNullifier.setUsed()
methods #1715 createEcdsa
,createForeignCurve
,ForeignCurve
andEcdsaSignature
deprecated in favor ofV2
versions due to a security vulnerability found in the current implementation #1703Int64
constructor, recommendingInt64.create()
instead #1735- Original
div()
andfromObject
, methods in favor of V2 versions #1735 - Deprecate
AccountUpdate.defaultAccountUpdate()
in favor ofAccountUpdate.default()
#1676
- Fix reversed order of account updates when using
TokenContract.approveAccountUpdates()
#1722 - Fixed the static
check()
method in Struct classes to properly handle inheritance, preventing issues with under-constrained circuits. Added error handling to avoid using Struct directly as a field type. #1707 - Fixed that
Option
could not be used as@state
or event #1736
1.4.0 - 2024-06-25
- SHA256 low-level API exposed via
Gadgets.SHA256
. #1689 @Shigoto-dev19 - Added the option to specify custom feature flags for sided loaded proofs in the
DynamicProof
class. #1688- Feature flags are required to tell Pickles what proof structure it should expect when side loading dynamic proofs and verification keys.
FeatureFlags
is now exported and provides a set of helper functions to compute feature flags correctly.
MerkleMap.computeRootAndKey()
deprecated in favor ofMerkleMap.computeRootAndKeyV2()
due to a potential issue of computing hash collisions in key indicies #1694
1.3.1 - 2024-06-11
- Improve efficiency of
Experimental.OffchainState
implementation #1672- Comes with breaking changes to the internal circuits of
OffchainState
- Also, introduce
offchainState.commitments()
to initialize the state commitments onchain. UsingOffchainStateCommitments.empty()
no longer works.
- Comes with breaking changes to the internal circuits of
Experimental.IndexedMerkleMap
, a better primitive for Merkleized storage #1666 #1671- Uses 4-8x fewer constraints than
MerkleMap
- In contrast to
MerkleTree
andMerkleMap
,IndexedMerkleMap
has a high-level API that can be used in provable code
- Uses 4-8x fewer constraints than
- Added
Ecdsa.verifyV2()
andEcdsa.verifySignedHashV2
methods to theEcdsa
class. #1669
Int64.isPositive()
andInt64.mod()
deprecated because they behave incorrectly on-0
#1660- This can pose an attack surface, since it is easy to maliciously pick either the
+0
or the-0
representation - Use
Int64.isPositiveV2()
andInt64.modV2()
instead - Also deprecated
Int64.neg()
in favor ofInt64.negV2()
, for compatibility with v2 version ofInt64
that will useInt64.checkV2()
- This can pose an attack surface, since it is easy to maliciously pick either the
Ecdsa.verify()
andEcdsa.verifySignedHash()
deprecated in favor ofEcdsa.verifyV2()
andEcdsa.verifySignedHashV2()
due to a security vulnerability found in the current implementation #1669
- Fix handling of fetch response for non-existing accounts #1679
1.3.0 - 2024-05-23
- Added
base64Encode()
andbase64Decode(byteLength)
methods to theBytes
class. #1659
- Fix type inference for
method.returns(Type)
, to require a matching return signature #1653 - Fix
Struct.empty()
returning a garbage object when one of the base types doesn't supportempty()
#1657 - Fix
Option.value_exn None
error when using certain custom gates in combination with recursion #1336 MinaProtocol/mina#15588
1.2.0 - 2024-05-14
- Offchain state MVP exported under
Experimental.OffchainState
#1630 #1652- allows you to store any number of fields and key-value maps on your zkApp
- implemented using actions which define an offchain Merkle tree
Option
for defining an optional version of any provable type #1630MerkleTree.clone()
andMerkleTree.getLeaf()
, new convenience methods for merkle trees #1630MerkleList.forEach()
, a simple and safe way for iterating over aMerkleList
Unconstrained.provableWithEmpty()
to create an unconstrained provable type with a knownempty()
value #1630Permissions.VerificationKey
, a namespace for verification key permissions #1639- Includes more accurate names for the
impossible
andproof
permissions for verification keys, which are now calledimpossibleDuringCurrentVersion
andproofDuringCurrentVersion
respectively.
- Includes more accurate names for the
State()
now optionally accepts an initial value as input parameter #1630- Example:
@state(Field) x = State(Field(1));
- Initial values will be set in the default
init()
method - You no longer need a custom
init()
method to set initial values
- Example:
- Fix absolute imports which prevented compilation in some TS projects that used o1js #1628
1.1.0 - 2024-04-30
- Exposed sideloaded verification keys #1606 @rpanic
- Added Proof type
DynamicProof
that allows verification through specifying a verification key in-circuit
- Added Proof type
Provable.witnessFields()
to easily witness a tuple of field elements #1229- Example for implementing RSA verification in o1js #1229 @Shigoto-dev19
- Check out https://github.com/o1-labs/o1js/blob/main/src/examples/crypto/rsa/rsa.ts and tests in the same folder
Gadgets.rangeCheck64()
now returns individual range-checked limbs for advanced use cases #1229
- Fixed issue in
UInt64.rightShift()
where it incorrectly performed a left shift instead of a right shift. #1617 - Fixed issue in
ForeignField.toBits()
where high limbs were under-constrained for input length less than 176. #1617 - Make
dummyBase64Proof()
lazy. Significant speed up when generating many account updates with authorizationProof
while proofs turned off. #1624
1.0.1 - 2024-04-22
- Native curve improvements #1530
- Change the internal representation of
Scalar
from 255 Bools to 1 Bool and 1 Field (low bit and high 254 bits) - Make
Group.scale()
support all scalars (previously did not support 0, 1 and -1) - Make
Group.scale()
directly acceptField
elements, and much more efficient than previous methods of scaling by Fields- As a result,
Signature.verify()
andNullifier.verify()
use much fewer constraints
- As a result,
- Fix
Scalar.fromBits()
to not produce a shifted scalar; shifting is no longer exposed to users ofScalar
.
- Change the internal representation of
- Add assertion to the foreign EC addition gadget that prevents degenerate cases #1545
- Fixes soundness of ECDSA; slightly increases its constraints from ~28k to 29k
- Breaks circuits that used EC addition, like ECDSA
Mina.LocalBlockchain()
andProof.fromJSON()
are made async #1583- These were the last remaining sync APIs that depended on an async setup task; making them async enables removing top-level await
Mina.LocalBlockchain
no longer supports the network kind configuration #1581Poseidon.hashToGroup()
now returns aGroup
directly, and constrains it to be deterministic #1546- Added
Poseidon.Unsafe.hashToGroup()
as a more efficient, non-deterministic version for advanced use cases
- Added
- A
Transaction
'sprove
method no longer returns the proofs promise directly, but rather returns aTransaction
promise, the resolved value of which contains aproofs
prop. #1567 - The
Transaction
type now has two type paramsProven extends boolean
andSigned extends boolean
, which are used to conditionally show/hide relevant state. #1567 - Improved functionality of
MerkleList
andMerkleListIterator
for easier traversal ofMerkleList
s. #1562 - Simplified internal logic of reducer. #1577
contract.getActions()
now returns aMerkleList
- Add
toValue()
andfromValue()
interface toProvable<T>
to encode how provable types map to plain JS values #1271- You can now return the plain value from a
Provable.witness()
callback, and it will be transformed into the provable type
- You can now return the plain value from a
- Remove
Account()
constructor which was no different fromAccountUpdate.create().account
, and exportAccount
type instead. #1598
- Export
Events
underAccountUpdate.Events
. #1563 Mina.transaction
has been reworked such that one can call methods directly on the returned promise (now aTransactionPromise
). This enables a fluent / method-chaining API. #1567TransactionPendingPromise
enables callingwait
directly on the promise returned by callingsend
on aTransaction
. #1567initializeBindings()
to explicitly trigger setup work that is needed when running provable code #1583- calling this function is optional
- Remove top-level await #1583
- To simplify integration with bundlers like webpack
- Make
MerkleTree.{nodes,zeroes}
public properties #1555- This makes it possible to clone merkle trees, which is often needed
- Fix error when computing Merkle map witnesses, introduced in the last version due to the
toBits()
change #1559 - Improved error message when compiling a program that has no methods. #1563
0.18.0 - 2024-04-09
- Async circuits. Require all smart contract and zkprogram methods to be async #1477
- This change allows you to use
await
inside your methods. Change the method signature by adding theasync
keyword. - Don't forget to add
await
to all contract calls!await MyContract.myMethod();
- To declare a return value from a method, use the new
@method.returns()
decorator
- This change allows you to use
- Require the callback to
Mina.transaction()
to be async #1468 - Change
{SmartContract,ZkProgram}.analyzeMethods()
to be async #1450Provable.runAndCheck()
,Provable.constraintSystem()
and{SmartContract,ZkProgram}.digest()
are also async now
- Remove deprecated APIs
- Remove
CircuitValue
,prop
,arrayProp
andmatrixProp
#1507 - Remove
Mina.accountCreationFee()
,Mina.BerkeleyQANet
, all APIs which accept private keys for feepayers,Token
,AccountUpdate.tokenSymbol
,SmartContract.{token, setValue, setPermissions}
, "assert" methods for preconditions,MerkleTee.calculateRootSlow()
,Scalar.fromBigInt()
,UInt64.lt()
and friends, deprecated static methods onGroup
, utility methods onCircuit
likeCircuit.if()
,Field.isZero()
,isReady
andshutdown()
#1515
- Remove
- Remove
privateKey
from the accepted arguments ofSmartContract.deploy()
#1515 - Efficient comparisons. Support arbitrary bit lengths for
Field
comparisons and massively reduce their constraints #1523Field.assertLessThan()
goes from 510 to 24 constraints,Field.lessThan()
from 509 to 38- Moderately improve other comparisons:
UInt64.assertLessThan()
from 27 to 14,UInt64.lessThan()
from 27 to 15,UInt32
similar. - Massively improve
Field.isEven()
, addField.isOdd()
PrivateKey.toPublicKey()
from 358 to 119 constraints thanks toisOdd()
- Add
Gadgets.ForeignField.assertLessThanOrEqual()
and support two variables as input toForeignField.assertLessThan()
- Remove
this.sender
which unintuitively did not prove that its value was the actual sender of the transaction #1464 @julio4 Replaced by more explicit APIs:this.sender.getUnconstrained()
which has the old behavior ofthis.sender
, and returns an unconstrained value (which means that the prover can set it to any value they want)this.sender.getAndRequireSignature()
which requires a signature from the sender's public key and therefore proves that whoever created the transaction really owns the sender account
Reducer.reduce()
requires the maximum number of actions per method as an explicit (optional) argument #1450- The default value is 1 and should work for most existing contracts
new UInt64()
andUInt64.from()
no longer unsafely accept a field element as input. #1438 @julio4
As a replacement,UInt64.Unsafe.fromField()
was introduced- This prevents you from accidentally creating a
UInt64
without proving that it fits in 64 bits - Equivalent changes were made to
UInt32
- This prevents you from accidentally creating a
- Fixed vulnerability in
Field.to/fromBits()
outlined in #1023 by imposing a limit of 254 bits #1461 - Remove
Field.rangeCheckHelper()
which was too low-level and easy to misuse #1485- Also, rename the misleadingly named
Gadgets.isInRangeN()
toGadgets.isDefinitelyInRangeN()
- Also, rename the misleadingly named
- Rename
Bool.Unsafe.ofField()
toBool.Unsafe.fromField()
#1485 - Replace the namespaced type exports
Gadgets.Field3
andGadgets.ForeignField.Sum
withField3
andForeignFieldSum
- Unfortunately, the namespace didn't play well with auto-imports in TypeScript
- Add
Gadgets.rangeCheck3x12()
and fix proof system bug that prevented it from working #1534 - Update transaction version and other bindings changes to ensure berkeley compatibility #1542
Provable.witnessAsync()
to introduce provable values from an async callback #1468- Internal benchmarking tooling to keep track of performance #1481
- Add
toInput
method forGroup
instance #1483
field.assertBool()
now also returns theField
as aBool
for ergonomics #1523
0.17.0 - 2024-03-06
- Fixed parity between
Mina.LocalBlockchain
andMina.Network
to have the same behaviors #1422 #1480- Changed the
TransactionId
type toTransaction
. Additionally addedPendingTransaction
andRejectedTransaction
types to better represent the state of a transaction. Transaction.safeSend()
andPendingTransaction.safeWait()
are introduced to return aIncludedTransaction
orRejectedTransaction
object without throwing errors.transaction.send()
throws an error if the transaction was not successful for bothMina.LocalBlockchain
andMina.Network
and returns aPendingTransaction
object if it was successful. Usetransaction.safeSend
to send a transaction that will not throw an error and either return aPendingTransaction
orRejectedTransaction
.transaction.wait()
throws an error if the transaction was not successful for bothMina.LocalBlockchain
andMina.Network
and returns aIncludedTransaction
object if it was successful. Usetransaction.safeWait
to send a transaction that will not throw an error and either return aIncludedTransaction
orRejectedTransaction
.transaction.hash()
is no longer a function, it is now a property that returns the hash of the transaction.- Changed
Transaction.isSuccess
toTransaction.status
to better represent the state of a transaction.
- Changed the
- Improved efficiency of computing
AccountUpdate.callData
by packing field elements into as few field elements as possible #1458- This leads to a large reduction in the number of constraints used when inputs to a zkApp method are many field elements (e.g. a long list of
Bool
s)
- This leads to a large reduction in the number of constraints used when inputs to a zkApp method are many field elements (e.g. a long list of
- Return events in the
LocalBlockchain
in reverse chronological order (latest events at the beginning) to match the behavior of theNetwork
#1460
- Support for custom network identifiers other than
mainnet
ortestnet
#1444 PrivateKey.randomKeypair()
to generate private and public key in one command #1446setNumberOfWorkers()
to allow developer to override the number of workers used during compilation and proof generation/verification #1456
- Improve all-around performance by reverting the Apple silicon workaround (#683) as the root problem is now fixed upstream #1456
- Improved error message when trying to use
fetchActions
/fetchEvents
with a missing Archive Node endpoint #1459
SmartContract.token
is deprecated in favor of new methods onTokenContract
#1446TokenContract.deriveTokenId()
to get the ID of the managed tokenTokenContract.internal.{send, mint, burn}
to perform token operations from within the contract
- Mitigate security hazard of deploying token contracts #1439
- Make
Circuit
handle types with a.provable
property (like those used in ECDSA) #1471- To support offchain, non-Pickles proofs of ECDSA signatures
- Remove
AccountUpdate.children
andAccountUpdate.parent
properties #1402- Also removes the optional
AccountUpdatesLayout
argument toapprove()
- Adds
AccountUpdateTree
andAccountUpdateForest
, new classes that represent a layout of account updates explicitly - Both of the new types are now accepted as inputs to
approve()
accountUpdate.extractTree()
to obtain the tree associated with an account update in the current transaction context.
- Also removes the optional
- Remove
Experimental.Callback
API #1430
MerkleList<T>
to enable provable operations on a dynamically-sized list #1398- including
MerkleListIterator<T>
to iterate over a merkle list
- including
TokenContract
, a new base smart contract class for token contracts #1384- Usage example:
https://github.com/o1-labs/o1js/blob/main/src/lib/mina/token/token-contract.unit-test.ts
- Usage example:
TokenAccountUpdateIterator
, a primitive to iterate over all token account updates in a transaction #1398- this is used to implement
TokenContract
under the hood
- this is used to implement
- Mainnet support. #1437
- Protocol change that adds a "transaction version" to the permission to set verification keys MinaProtocol/mina#14407
- See the relevant RFC for the motivation behind this change
- Breaks all deployed contracts, as it changes the account update layout
- Provable type
Packed<T>
to pack small field elements into fewer field elements #1376 - Provable type
Hashed<T>
to represent provable types by their hash #1377- This also exposes
Poseidon.hashPacked()
to efficiently hash an arbitrary type
- This also exposes
- Reduce number of constraints of ECDSA verification by 5% #1376
- Improve performance of Wasm Poseidon hashing by a factor of 13x #1378
- Speeds up local blockchain tests without proving by ~40%
- Improve performance of Field inverse #1373
- Speeds up proving by ~2-4%
- Configurable
networkId
when declaring a Mina instance. #1387- Defaults to
"testnet"
, the other option is"mainnet"
- The
networkId
parameter influences the algorithm used for signatures, and ensures that testnet transactions can't be replayed on mainnet
- Defaults to
- SHA256 hash function exposed via
Hash.SHA2_256
orGadgets.SHA256
. #1285
Mina.accountCreationFee()
is deprecated in favor ofMina.getNetworkConstants().accountCreationFee
. #1367
- Fix approving of complex account update layouts #1364
- Fix bug in
Hash.hash()
which always resulted in an error #1346
- Rename
Gadgets.rotate()
toGadgets.rotate64()
to better reflect the amount of bits the gadget operates on. #1259 - Rename
Gadgets.{leftShift(), rightShift()}
toGadgets.{leftShift64(), rightShift64()}
to better reflect the amount of bits the gadget operates on. #1259
- Non-native elliptic curve operations exposed through
createForeignCurve()
class factory #1007 - ECDSA signature verification exposed through
createEcdsa()
class factory #1240 #1007 #1307- For an example, see
./src/examples/crypto/ecdsa
- For an example, see
- Keccak/SHA3 hash function exposed on
Keccak
namespace #1291 Hash
namespace which holds all hash functions #999Bytes
, provable type to hold a byte array, which serves as input and output for Keccak variantsUInt8
, provable type to hold a single byte, which is constrained to be in the 0 to 255 range
Gadgets.rotate32()
for rotation over 32 bit values #1259Gadgets.leftShift32()
for left shift over 32 bit values #1259Gadgets.divMod32()
division modulo 2^32 that returns the remainder and quotient of the operation #1259Gadgets.rangeCheck32()
range check for 32 bit values #1259Gadgets.addMod32()
addition modulo 2^32 #1259- Expose new bitwise gadgets on
UInt32
andUInt64
#1259- bitwise XOR via
{UInt32, UInt64}.xor()
- bitwise NOT via
{UInt32, UInt64}.not()
- bitwise ROTATE via
{UInt32, UInt64}.rotate()
- bitwise LEFTSHIFT via
{UInt32, UInt64}.leftShift()
- bitwise RIGHTSHIFT via
{UInt32, UInt64}.rightShift()
- bitwise AND via
{UInt32, UInt64}.and()
- bitwise XOR via
- Example for using actions to store a map data structure #1300
Provable.constraintSystem()
and{ZkProgram,SmartContract}.analyzeMethods()
return asummary()
method to return a summary of the constraints used by a method #1007assert()
asserts that a given statement is true #1285
- Fix stack overflows when calling provable methods with large inputs #1334
- Fix
Local.setProofsEnabled()
which would not get picked up bydeploy()
#1330 - Remove usage of private class fields in core types like
Field
, for better type compatibility between different o1js versions #1319
ZkProgram.compile()
now returns the verification key and its hash, to be consistent withSmartContract.compile()
#1292 @rpanic
- Foreign field arithmetic exposed through the
createForeignField()
class factory #985 Crypto
namespace which exposes elliptic curve and finite field arithmetic on bigints, as well as example curve parameters #1240Gadgets.ForeignField.assertMul()
for efficiently constraining products of sums in non-native arithmetic #1262Unconstrained
for safely maintaining unconstrained values in provable code #1262Gadgets.rangeCheck8()
to assert that a value fits in 8 bits #1288
- Change precondition APIs to use "require" instead of "assert" as the verb, to distinguish them from provable assertions. @LuffySama-Dev
this.x.getAndAssertEquals()
is nowthis.x.getAndRequireEquals()
#1263this.x.assertEquals(x)
is nowthis.x.requireEquals(x)
#1263this.account.x.getAndAssertEquals(x)
is nowthis.account.x.requireEquals(x)
#1265this.account.x.assertBetween()
is nowthis.account.x.requireBetween()
#1265this.network.x.getAndAssertEquals()
is nowthis.network.x.getAndRequireEquals()
#1265
Provable.constraintSystem()
and{ZkProgram,SmartContract}.analyzeMethods()
return aprint()
method for pretty-printing the constraint system #1240
- Fix missing recursive verification of proofs in smart contracts #1302
- Change return signature of
ZkProgram.analyzeMethods()
to be a keyed object #1223
- Provable non-native field arithmetic:
- Comprehensive internal testing of constraint system layouts generated by new gadgets #1241 #1220
Lightnet
namespace API updates with addedlistAcquiredKeyPairs()
method #1256- Expose raw provable methods of a
ZkProgram
onzkProgram.rawMethods
#1241 - Reduce number of constraints needed by
rotate()
,leftShift()
and,rightShift()
gadgets #1201
- Add a parameter to
checkZkappTransaction
for block length to check for transaction inclusion. This fixes a case whereTransaction.wait()
only checked the latest block, which led to an error once the transaction was included in a block that was not the latest. #1239
Gadgets.not()
, new provable method to support bitwise not. #1198Gadgets.leftShift() / Gadgets.rightShift()
, new provable methods to support bitwise shifting. #1194Gadgets.and()
, new provable method to support bitwise and. #1193Gadgets.multiRangeCheck()
andGadgets.compactMultiRangeCheck()
, two building blocks for non-native arithmetic with bigints of size up to 264 bits. #1216
- Removed array reversal of fetched actions, since they are returned in the correct order. #1258
- Constraint optimizations in Field methods and core crypto changes break all verification keys #1171 #1178
ZkProgram
has moved out of theExperimental
namespace and is now available as a top-level import directly.Experimental.ZkProgram
has been deprecated.ZkProgram
gets a new input argumentname: string
which is required in the non-experimental API. The name is used to identify a ZkProgram when caching prover keys. #1200
Lightnet
namespace to interact with the account manager provided by the lightnet Mina network #1167- Internal support for several custom gates (range check, bitwise operations, foreign field operations) and lookup tables #1176
Gadgets.rangeCheck64()
, new provable method to do efficient 64-bit range checks using lookup tables #1181Gadgets.rotate()
, new provable method to support bitwise rotation for native field elements. #1182Gadgets.xor()
, new provable method to support bitwise xor for native field elements. #1177Proof.dummy()
to create dummy proofs #1188- You can use this to write ZkPrograms that handle the base case and the inductive case in the same method.
- Use cached prover keys in
compile()
when running in Node.js #1187- Caching is configurable by passing a custom
Cache
(new export) tocompile()
- By default, prover keys are stored in an OS-dependent cache directory;
~/.cache/pickles
on Mac and Linux
- Caching is configurable by passing a custom
- Use cached setup points (SRS and Lagrange bases) when running in Node.js #1197
- Also, speed up SRS generation by using multiple threads
- Together with caching of prover keys, this speeds up compilation time by roughly
- 86% when everything is cached
- 34% when nothing is cached
- Changes to some verification keys caused by changing the way
Struct
orders object properties. #1124 @Comdex- To recover existing verification keys and behavior, change the order of properties in your Struct definitions to be alphabetical
- The
customObjectKeys
option is removed fromStruct
- Improve prover performance by ~25% #1092
- Change internal representation of field elements to be JS bigint instead of Uint8Array
- Consolidate internal framework for testing equivalence of two implementations
- Changes to verification keys caused by updates to the proof system. This breaks all deployed contracts #1016
- Renamed SnarkyJS to o1js #1104
- Reduce loading time of the library by 3-4x #1073
- Improve error when forgetting
transaction.prove()
#1095
- Added a method
createTestNullifier
to the Nullifier class for testing purposes. It is recommended to use mina-signer to create Nullifiers in production, since it does not leak the private key of the user. TheNullifier.createTestNullifier
method requires the private key as an input outside of the users wallet. #1026 - Added
field.isEven
to check if a Field element is odd or even. #1026
- Revert verification key hash change from previous release to stay compatible with the current testnet #1032
- Fix the default verification key hash that was generated for AccountUpdates. This change adopts the default mechanism provided by Mina Protocol #1021
- Please be aware that this alteration results in a breaking change affecting the verification key of already deployed contracts.
- NodeJS error caused by invalid import #1012
- Fix commonJS version of o1js, again #1006
- Fix commonJS version of o1js #1005
Group
operations now generate a different set of constraints. This breaks deployed contracts, because the circuit changed. #967
- Implemented
Nullifier
as a new primitive #882- mina-signer can now be used to generate a Nullifier, which can be consumed by zkApps using the newly added Nullifier Struct
- Improve error message
Can't evaluate prover code outside an as_prover block
#998
- Fix unsupported use of
window
when running o1js in workers #1002
- Rewrite of
Provable.if()
causes breaking changes to all deployed contracts #889 - Remove all deprecated methods and properties on
Field
#902 - The
Field(x)
constructor and other Field methods no longer accept aboolean
as input. Instead, you can now pass in abigint
to all Field methods. #902 - Remove redundant
signFeePayer()
method #935
- Add
field.assertNotEquals()
to assert that a field element does not equal some value #902- More efficient than
field.equals(x).assertFalse()
- More efficient than
- Add
scalar.toConstant()
,scalar.toBigInt()
,Scalar.from()
,privateKey.toBigInt()
,PrivateKey.fromBigInt()
#935 Poseidon.hashToGroup
enables hashing to a group #887
- Make stack traces more readable #890
- Stack traces thrown from o1js are cleaned up by filtering out unnecessary lines and other noisy details
- Remove optional
zkappKey
argument insmartContract.init()
, and instead assert thatprovedState
is false wheninit()
is called #908 - Improve assertion error messages on
Field
methods #743 #902 - Publicly expose the internal details of the
Field
type #902
- Utility methods on
Circuit
are deprecated in favor of the same methods onProvable
#889Circuit.if()
,Circuit.witness()
,Circuit.log()
and others replaced byProvable.if()
,Provable.witness()
,Provable.log()
- Under the hood, some of these methods were rewritten in TypeScript
- Deprecate
field.isZero()
#902
- Fix running o1js in Node.js on Windows o1-labs/o1js-bindings#19 @wizicer
- Fix error reporting from GraphQL requests #919
- Resolved an
Out of Memory error
experienced on iOS devices (iPhones and iPads) during the initialization of the WASM memory o1-labs/o1js-bindings#26 - Fix
field.greaterThan()
and other comparison methods outside provable code #858 #902 - Fix
field.assertBool()
#469 #902 - Fix
Field(bigint)
wherebigint
is larger than the field modulus #432 #902- The new behaviour is to use the modular residual of the input
- No longer fail on missing signature in
tx.send()
. This fixes the flow of deploying a zkApp from a UI via a wallet #931 @marekyggdrasil
- Allow ZkPrograms to return their public output #874 #876
- new option
ZkProgram({ publicOutput?: Provable<any>, ... })
;publicOutput
has to match the return type of all ZkProgram methods. - the
publicInput
option becomes optional; if not provided, methods no longer expect the public input as first argument - full usage example: https://github.com/o1-labs/o1js/blob/f95cf2903e97292df9e703b74ee1fc3825df826d/src/examples/program.ts
- new option
- All references to
actionsHash
are renamed toactionState
to better mirror what is used in Mina protocol APIs #833- This change affects function parameters and returned object keys throughout the API
- No longer make
MayUseToken.InheritFromParent
the defaultmayUseToken
value on the caller if one zkApp method calls another one; this removes the need to manually overridemayUseToken
in several known cases #863- Causes a breaking change to the verification key of deployed contracts that use zkApp composability
this.state.getAndAssertEquals()
as a shortcut forlet x = this.state.get(); this.state.assertEquals(x);
#863- also added
.getAndAssertEquals()
onthis.account
andthis.network
fields
- also added
- Support for fallback endpoints when making network requests, allowing users to provide an array of endpoints for GraphQL network requests. #871
- Endpoints are fetched two at a time, and the result returned from the faster response
reducer.forEach(actions, ...)
as a shortcut forreducer.reduce()
when you don't need astate
#863- New export
TokenId
which supersedesToken.Id
;TokenId.deriveId()
replacesToken.Id.getId()
#863 - Add
Permissions.allImpossible()
for the set of permissions where nothing is allowed (more convenient thanPermissions.default()
when you want to make most actions impossible) #863
- Massive improvement of memory consumption, thanks to a refactor of o1js' worker usage #872
- Memory reduced by up to 10x; see the PR for details
- Side effect:
Circuit
API becomes async, for exampleMyCircuit.prove(...)
becomesawait MyCircuit.prove(...)
- Token APIs
this.token.{send,burn,mint}()
now accept anAccountUpdate
orSmartContract
as from / to input #863 - Improve
Transaction.toPretty()
output by adding account update labels in most methods that create account updates #863 - Raises the limit of actions/events per transaction from 16 to 100, providing users with the ability to submit a larger number of events/actions in a single transaction. #883.
- Deprecate both
shutdown()
andawait isReady
, which are no longer needed #872
SmartContract.deploy()
now throws an error when no verification key is found #885- The old, confusing behaviour was to silently not update the verification key (but still update some permissions to "proof", breaking the zkApp)
- Fix fetching the
access
permission on accounts #851 - Fix
fetchActions
#844 #854 @Comdex - Updated
Mina.TransactionId.isSuccess
to accurately verify zkApp transaction status after usingMina.TransactionId.wait()
. #826- This change ensures that the function correctly checks for transaction completion and provides the expected result.
smartContract.fetchActions()
andMina.fetchActions()
, asynchronous methods to fetch actions directly from an archive node #843 @Comdex
Circuit.runAndCheck()
now usessnarky
to create a constraint system and witnesses, and check constraints. It closely matches behavior during proving and can be used to test provable code without having to create an expensive proof #840
- Circuits changed due to an internal rename of "sequence events" to "actions" which included a change to some hash prefixes; this breaks all deployed contracts.
- Temporarily reintroduces 2 known issues as a result of reverting a fix necessary for network redeployment:
- Improve number of constraints needed for Merkle tree hashing #820
- This breaks deployed zkApps which use
MerkleWitness.calculateRoot()
, because the circuit is changed - You can make your existing contracts compatible again by switching to
MerkleWitness.calculateRootSlow()
, which has the old circuit
- This breaks deployed zkApps which use
- Renamed function parameters: The
getAction
function now accepts a new object structure for its parameters. #828- The previous object keys,
fromActionHash
andendActionHash
, have been replaced byfromActionState
andendActionState
.
- The previous object keys,
- Improved Event Handling in o1js #825
- Updated the internal event type to better handle events emitted in different zkApp transactions and when multiple zkApp transactions are present within a block.
- The internal event type now includes event data and transaction information as separate objects, allowing for more accurate information about each event and its associated transaction.
- Removed multiple best tip blocks when fetching action data #817
- Implemented a temporary fix that filters out multiple best tip blocks, if they exist, while fetching actions. This fix will be removed once the related issue in the Archive-Node-API repository (o1-labs/Archive-Node-API#7) is resolved.
- New
fromActionState
andendActionState
parameters for fetchActions function in o1js #828- Allows fetching only necessary actions to compute the latest actions state
- Eliminates the need to retrieve the entire actions history of a zkApp
- Utilizes
actionStateTwo
field returned by Archive Node API as a safe starting point for deriving the most recent action hash
- Update the zkApp verification key from within one of its own methods, via proof #812
- Change type of verification key returned by
SmartContract.compile()
to matchVerificationKey
#812
- Failing
Mina.transaction
on Berkeley because of unsatisfied constraints caused by dummy data before we fetched account state #807- Previously, you could work around this by calling
fetchAccount()
for every account invovled in a transaction. This is not necessary anymore.
- Previously, you could work around this by calling
- Update the zkApp verification key from within one of its own methods, via proof #812
getActions
to handle multiple actions with multiple Account Updates #801
- Use
fetchEvents()
to fetch events for a specified zkApp from a GraphQL endpoint that implements this schema.Mina.Network
accepts an additional endpoint which points to a GraphQL server. #749- Use the
mina
property for the Mina node. - Use
archive
for the archive node.
- Use the
- Use
getActions
to fetch actions for a specified zkApp from a GraphQL endpoint GraphQL endpoint that implements the same schema asfetchEvents
. #788
- Added the missing export of
Mina.TransactionId
#785 - Added an option to specify
tokenId
asField
infetchAccount()
#787 @rpanic
this.network.timestamp
is added back and is implemented on top ofthis.network.globalSlotSinceGenesis
#755
- On-chain value
globalSlot
is replaced by the clearercurrentSlot
#755currentSlot
refers to the slot at which the transaction will be included in a block.- the only supported method is
currentSlot.assertBetween()
becausecurrentSlot.get()
is impossible to implement since the value is determined in the future andcurrentSlot.assertEquals()
is error-prone
- Incorrect counting of limit on events and actions #758
- Type error when using
Circuit.array
in on-chain state or events #758 - Bug when using
Circuit.witness
outside the prover #774
- Bug when using
this.<state>.get()
outside a transaction #754
Transaction.fromJSON
to recover transaction object from JSON #705- New precondition:
provedState
, a boolean which is true if the entire on-chain state of this account was last modified by a proof #741- Same API as all preconditions:
this.account.provedState.assertEquals(Bool(true))
- Can be used to assert that the state wasn't tampered with by the zkApp developer using non-contract logic, for example, before deploying the zkApp
- Same API as all preconditions:
- New on-chain value
globalSlot
, to make assertions about the current time #649- example:
this.globalSlot.get()
,this.globalSlot.assertBetween(lower, upper)
- Replaces
network.timestamp
,network.globalSlotSinceGenesis
andnetwork.globalSlotSinceHardFork
. #560
- example:
- New permissions:
- Expose low-level view into the PLONK gates created by a smart contract method #687
MyContract.analyzeMethods().<method name>.gates
- BREAKING CHANGE: Modify signature algorithm used by
Signature.{create,verify}
to be compatible with mina-signer #710- Signatures created with mina-signer's
client.signFields()
can now be verified inside a SNARK! - Breaks existing deployed smart contracts which use
Signature.verify()
- Signatures created with mina-signer's
- BREAKING CHANGE: Circuits changed due to core protocol and cryptography changes; this breaks all deployed contracts.
- BREAKING CHANGE: Change structure of
Account
type which is returned byMina.getAccount()
#741- for example,
account.appState
->account.zkapp.appState
- full new type (exported as
Types.Account
):o1js/src/provable/gen/transaction.ts
Line 515 in 0be70cb
- for example,
- Test accounts hard-coded in
LocalBlockchain
now have default permissions, not permissions allowing everything. Fixes some unintuitive behaviour in tests, like requiring no signature when using these accounts to send MINA #638
- Preconditions
timestamp
andglobalSlotSinceHardFork
#560timestamp
is expected to come back as a wrapper for the newglobalSlot
this.account.<field>.set()
as a unified API to update fields on the account #643- covers
permissions
,verificationKey
,zkappUri
,tokenSymbol
,delegate
,votingFor
- exists on
SmartContract.account
andAccountUpdate.account
- covers
this.sender
to get the public key of the transaction's sender #652- To get the sender outside a smart contract, there's now
Mina.sender()
- To get the sender outside a smart contract, there's now
tx.wait()
is now implemented. It waits for the transactions inclusion in a block #645wait()
also now takes an optionaloptions
parameter to specify the polling interval or maximum attempts.wait(options?: { maxAttempts?: number; interval?: number }): Promise<void>;
Circuit.constraintSystemFromKeypair(keypair)
to inspect the circuit at a low level #529- Works with a
keypair
(prover + verifier key) generated with theCircuit
API
- Works with a
Mina.faucet()
can now be used to programmatically fund an address on the testnet, using the faucet provided by faucet.minaprotocol.com #693
- BREAKING CHANGE: Constraint changes in
sign()
,requireSignature()
andcreateSigned()
onAccountUpdate
/SmartContract
. This means that smart contracts using these methods in their proofs won't be able to create valid proofs against old deployed verification keys. #637 Mina.transaction
now takes a public key as the fee payer argument (passing in a private key is deprecated) #652- Before:
Mina.transaction(privateKey, ...)
. Now:Mina.transaction(publicKey, ...)
AccountUpdate.fundNewAccount()
now enables funding multiple accounts at once, and deprecates theinitialBalance
argument
- Before:
- New option
enforceTransactionLimits
forLocalBlockchain
(default value:true
), to disable the enforcement of protocol transaction limits (maximum events, maximum sequence events and enforcing certain layout ofAccountUpdate
s depending on their authorization) #620 - Change the default
send
permissions (for sending MINA or tokens) that get set when deploying a zkApp, fromsignature()
toproof()
#648 - Functions for making assertions and comparisons have been renamed to their long form, instead of the initial abbreviation. Old function names have been deprecated #681
.lt
->.lessThan
.lte
->.lessThanOrEqual
.gt
->.greaterThan
.gte
->greaterThanOrEqual
.assertLt
->.assertLessThan
.assertLte
->.assertLessThanOrEqual
.assertGt
->.assertGreaterThan
.assertGte
->assertGreaterThanOrEqual
.assertBoolean
->.assertBool
this.setPermissions()
in favor ofthis.account.permissions.set()
#643this.tokenSymbol.set()
in favor ofthis.account.tokenSymbol.set()
this.setValue()
in favor ofthis.account.<field>.set()
Mina.transaction(privateKey: PrivateKey, ...)
in favor of new signatureMina.transaction(publicKey: PublicKey, ...)
AccountUpdate.createSigned(privateKey: PrivateKey)
in favor of new signatureAccountUpdate.createSigned(publicKey: PublicKey)
#637.lt
,.lte
,gt
,gte
,.assertLt
,.assertLte
,.assertGt
,.assertGte
have been deprecated. #681
- Fixed Apple silicon performance issue #491
- Type inference for Structs with instance methods #567
- also fixes
Struct.fromJSON
- also fixes
SmartContract.fetchEvents
fixed when multiple event types existed #627- Error when using reduce with a
Struct
as state type #689 - Fix use of stale cached accounts in
Mina.transaction
#430
- Bug in
deploy()
when initializing a contract that already exists #588
Mina.BerkeleyQANet
in favor of the clearer-namedMina.Network
#588
- Bug in
Circuit.log
printing account updates #578
- Testnet-incompatible signatures in v0.7.0 #565
- Added an optional string parameter to certain
assert
methods #470 Struct
, a new primitive for declaring composite, SNARK-compatible types #416- With this, we also added a way to include auxiliary, non-field element data in composite types
- Added
VerificationKey
, which is aStruct
with auxiliary data, to pass verification keys to a@method
- BREAKING CHANGE: Change names related to circuit types:
AsFieldsAndAux<T>
->Provable<T>
,AsFieldElement<T>
->ProvablePure<T>
,circuitValue
->provable
- BREAKING CHANGE: Change all
ofFields
andofBits
methods on circuit types tofromFields
andfromBits
- New option
proofsEnabled
forLocalBlockchain
(default value:true
), to quickly test transaction logic with proofs disabled #462- with
proofsEnabled: true
, proofs now get verified locally #423
- with
SmartContract.approve()
to approve a tree of child account updates #428 #534- AccountUpdates are now valid
@method
arguments, andapprove()
is intended to be used on them when passed to a method - Also replaces
Experimental.accountUpdateFromCallback()
- AccountUpdates are now valid
Circuit.log()
to easily log Fields and other provable types inside a method, with the same API asconsole.log()
#484SmartContract.init()
is a new method on the baseSmartContract
that will be called only during the first deploy (not if you re-deploy later to upgrade the contract) #543- Overriding
init()
is the new recommended way to add custom state initialization logic.
- Overriding
transaction.toPretty()
andaccountUpdate.toPretty()
for debugging transactions by printing only the pieces that differ from default account updates #428AccountUpdate.attachToTransaction()
for explicitly adding an account update to the current transaction. This replaces some previous behaviour where an account update got attached implicitly #484SmartContract.requireSignature()
andAccountUpdate.requireSignature()
as a simpler, better-named replacement for.sign()
#558
- BREAKING CHANGE:
tx.send()
is now asynchronous: old:send(): TransactionId
new:send(): Promise<TransactionId>
andtx.send()
now directly waits for the network response, as opposed totx.send().wait()
#423 - Sending transactions to
LocalBlockchain
now involves Circuit.witness
can now be called outside circuits, where it will just directly return the callback result #484- The
FeePayerSpec
, which is used to specify properties of the transaction viaMina.transaction()
, now has another optional parameter to specify the nonce manually.Mina.transaction({ feePayerKey: feePayer, nonce: 1 }, () => {})
#497 - BREAKING CHANGE: Static methods of type
.fromString()
,.fromNumber()
and.fromBigInt()
onField
,UInt64
,UInt32
andInt64
are no longer supported #519- use
Field(number | string | bigint)
andUInt64.from(number | string | bigint)
- use
- Move several features out of 'experimental' #555
Reducer
replacesExperimental.Reducer
MerkleTree
andMerkleWitness
replaceExperimental.{MerkleTree,MerkleWitness}
- In a
SmartContract
,this.token
replacesthis.experimental.token
CircuitValue
deprecated in favor ofStruct
#416- Static props
Field.zero
,Field.one
,Field.minusOne
deprecated in favor ofField(number)
#524 SmartContract.sign()
andAccountUpdate.sign()
in favor of.requireSignature()
#558
- Uint comparisons and division fixed inside the prover #503
- Callback arguments are properly passed into method invocations #516
- Removed internal type
JSONValue
from public interfaces #536 - Returning values from a zkApp #461
- Callback arguments are properly passed into method invocations #516
- Proof verification on the web version #476
reducer.getActions
partially implemented for local testing #327gte
andassertGte
methods onUInt32
,UInt64
#349- Return sent transaction
hash
forRemoteBlockchain
#399
- BREAKING CHANGE: Rename the
Party
class toAccountUpdate
. Also, rename other occurrences of "party" to "account update". #393 - BREAKING CHANGE: Don't require the account address as input to
SmartContract.compile()
,SmartContract.digest()
andSmartContract.analyzeMethods()
#406- This works because the address / public key is now a variable in the method circuit; it used to be a constant
- BREAKING CHANGE: Move
ZkProgram
toExperimental.ZkProgram
- Running o1js inside a web worker #378
- Crash of the web version introduced in 0.5.0
- Issue with
Experimental.MerkleWitness
#368
fetchAccount
#350
- Recursive proofs. RFC: #89, PRs: #245 #250 #261
- Enable smart contract methods to take previous proofs as arguments, and verify them in the circuit
- Add
ZkProgram
, a new primitive which represents a collection of circuits that produce instances of the same proof. So, it's a more general version ofSmartContract
, without any of the Mina-related API.
ZkProgram
is suitable for rollup-type systems and offchain usage of Pickles + Kimchi.
- zkApp composability -- calling other zkApps from inside zkApps. RFC: #303, PRs: #285, #296, #294, #297
- Events support via
SmartContract.events
,this.emitEvent
. RFC: #248, PR: #272fetchEvents
partially implemented for local testing: #323
- Payments:
this.send({ to, amount })
as an easier API for sending Mina from smart contracts #325Party.send()
to transfer Mina between any accounts, for example, from users to smart contracts
SmartContract.digest()
to quickly compute a hash of the contract's circuit. This is used by the zkApp CLI to figure out whethercompile
should be re-run or a cached verification key can be used. #268Circuit.constraintSystem()
for creating a circuit from a function, counting the number of constraints and computing a digest of the circuit #279this.account.isNew
to assert that an account did not (or did) exist before the transaction MinaProtocol/mina#11524LocalBlockchain.setTimestamp
and other setters for network state, to test network preconditions locally #329- Experimental APIs are now collected under the
Experimental
import, or onthis.experimental
in a smart contract. - Custom tokens (experimental), via
this.token
. RFC: #233, PR: #273, - Actions / sequence events support (experimental), via
Experimental.Reducer
. RFC: #265, PR: #274 - Merkle tree implementation (experimental) via
Experimental.MerkleTree
#343
- BREAKING CHANGE: Make on-chain state consistent with other preconditions - throw an error when state is not explicitly constrained #267
CircuitValue
improvements #269, #306, #341- Added a base constructor, so overriding the constructor on classes that extend
CircuitValue
is now optional. When overriding, the base constructor can be called without arguments, as previously:super()
. When not overriding, the expected arguments are all the@prop
s on the class, in the order they were defined in:new MyCircuitValue(prop1, prop2)
. CircuitValue.fromObject({ prop1, prop2 })
is a new, better-typed alternative for using the base constructor.- Fixed: the overridden constructor is now free to have any argument structure -- previously, arguments had to be the props in their declared order. I.e., the behaviour that's now used by the base constructor used to be forced on all constructors, which is no longer the case.
- Added a base constructor, so overriding the constructor on classes that extend
Mina.transaction
improvements- Add previously unimplemented preconditions, like
this.network.timestamp
#324 MinaProtocol/mina#11577 - Improve error messages thrown from Wasm, by making Rust's
panic
log to the JS console MinaProtocol/mina#11644 - Not user-facing, but essential: Smart contracts fully constrain the account updates they create, inside the circuit #278
- Implement the precondition RFC:
- new fields
this.account
andthis.network
on bothSmartContract
andParty
this.<account|network>.<property>.get()
to use on-chain values in a circuit, e.g. account balance or block heightthis.<account|network>.<property>.{assertEqual, assertBetween, assertNothing}()
to constrain what values to allow for these
- new fields
CircuitString
, a snark-compatible string type with methods like.append()
#155bool.assertTrue()
,bool.assertFalse()
as convenient aliases for existing functionalityLedger.verifyPartyProof
which can check if a proof on a transaction is valid #208- Memo field in APIs like
Mina.transaction
to attach arbitrary messages #244 - This changelog
- Huge snark performance improvements (2-10x) for most zkApps MinaProtocol/mina#11053
- Performance improvements in node with > 4 CPUs, for all snarks MinaProtocol/mina#11292
- Substantial reduction of o1js' size MinaProtocol/mina#11166
- Unused functions
call
andcallUnproved
, which were embryonic versions of what is now thetransaction
API to call smart contract methods - Some unimplemented fields on
SmartContract
- zkApp proving on web #226