Skip to main content

Private Function Circuit

Requirements

Private function circuits represent smart contract functions that can: privately read and modify leaves of the note hash tree and nullifier tree; perform computations on private data; and can be executed without revealing which function or contract has been executed.

The logic of each private function circuit is tailored to the needs of a particular application or scenario, but the public inputs of every private function circuit must adhere to a specific format. This specific format (often referred to as the "public inputs ABI for private functions") ensures that the private kernel circuits can correctly interpret the actions of every private function circuit.

Private Inputs

The private inputs of a private function circuit are customizable.

Public Inputs

The public inputs of every private function must adhere to the following ABI:

FieldTypeDescription
call_contextCallContextContext of the call corresponding to this function execution.
args_hashfieldHash of the function arguments.
return_values[field; RETURN_VALUES_LENGTH]Return values of this function call.
note_hashes[NoteHash; MAX_NEW_NOTE_HASHES_PER_CALL]New note hashes created in this function call.
nullifiers[Nullifier; MAX_NEW_NULLIFIERS_PER_CALL]New nullifiers created in this function call.
l2_to_l1_messages[L2toL1Message; MAX_NEW_L2_TO_L1_MSGS_PER_CALL]New L2 to L1 messages created in this function call.
unencrypted_log_hashes[UnencryptedLogHash; MAX_UNENCRYPTED_LOG_HASHES_PER_CALL]Hashes of the unencrypted logs emitted in this function call.
encrypted_log_hashes[EncryptedLogHash; MAX_ENCRYPTED_LOG_HASHES_PER_CALL]Hashes of the encrypted logs emitted in this function call.
encrypted_note_preimage_hashes[EncryptedNotePreimageHash; MAX_ENCRYPTED_NOTE_PREIMAGE_HASHES_PER_CALL]Hashes of the encrypted note preimages emitted in this function call.
note_hash_read_requests[ReadRequest; MAX_NOTE_HASH_READ_REQUESTS_PER_CALL]Requests to prove the note hashes being read exist.
nullifier_read_requests[ReadRequest; MAX_NULLIFIER_READ_REQUESTS_PER_CALL]Requests to prove the nullifiers being read exist.
nullifier_key_validation_requests[ParentSecretKeyValidationRequest; MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL]Requests to validate nullifier keys used in this function call.
public_call_requests[PublicCallRequest; MAX_PUBLIC_CALL_STACK_LENGTH_PER_CALL]Requests to call public functions.
private_call_requests[PrivateCallRequest; MAX_PRIVATE_CALL_STACK_LENGTH_PER_CALL]Requests to call Private functions.
counter_startu32Counter at which the function call was initiated.
counter_endu32Counter at which the function call ended.
min_revertible_side_effect_counteru32Counter below which the side effects are non-revertible.
block_headerBlockHeaderInformation about the trees used for the transaction.
chain_idfieldChain ID of the transaction.
versionfieldVersion of the transaction.

After generating a proof for a private function circuit, that proof (and associated public inputs) will be passed-into a private kernel circuit as private inputs. Private kernel circuits use the private function's proof, public inputs, and verification key, to verify the correct execution of the private function. Private kernel circuits then perform a number of checks and computations on the private function's public inputs.

Types

CallContext

FieldTypeDescription
msg_senderAztecAddressAddress of the caller contract.
storage_contract_addressAztecAddressAddress of the contract against which all state changes will be stored. (It is not called contract_address, because in the context of delegate calls, that would be an ambiguous name.)
portal_contract_addressAztecAddressAddress of the portal contract to the storage contract.
is_delegate_callboolA flag indicating whether the call is a delegate call.
is_static_callboolA flag indicating whether the call is a static call.
gas_settingsGasSettingsLimits and max fees per each gas dimension.
transaction_feefieldAccumulated transaction fee, only set during teardown phase.

GasSettings

FieldTypeDescription
da.gas_limitu32Total limit for DA gas for the transaction.
da.teardown_gas_limitu32Limit for DA gas specific to the teardown phase.
da.max_fee_per_gasfieldMaximum amount that the sender is willing to pay per unit of DA gas.
l1.gas_limitu32Total limit for L1 gas for the transaction.
l1.teardown_gas_limitu32Limit for L1 gas specific to the teardown phase.
l1.max_fee_per_gasfieldMaximum amount that the sender is willing to pay per unit of L1 gas.
l2.gas_limitu32Total limit for L2 gas for the transaction.
l2.teardown_gas_limitu32Limit for L2 gas specific to the teardown phase.
l2.max_fee_per_gasfieldMaximum amount that the sender is willing to pay per unit of L2 gas.
inclusion_feefieldFlat fee the user pays for inclusion.

NoteHash

FieldTypeDescription
valuefieldHash of the note.
counteru32Counter at which the note hash was created.

Nullifier

FieldTypeDescription
valuefieldValue of the nullifier.
counteru32Counter at which the nullifier was created.
note_hash_counteru32Counter of the transient note the nullifier is created for. 0 if the nullifier does not associate with a transient note.

L2toL1Message

FieldTypeDescription
valuefieldL2-to-l2 message.
counteru32Counter at which the message was emitted.

UnencryptedLogHash

FieldTypeDescription
hashfieldHash of the unencrypted log.
lengthfieldNumber of fields of the log preimage.
counteru32Counter at which the hash was emitted.

EncryptedLogHash

FieldTypeDescription
hashfieldHash of the encrypted log.
lengthfieldNumber of fields of the log preimage.
counteru32Counter at which the hash was emitted.
randomnessfieldA random value to hide the contract address.

EncryptedNotePreimageHash

FieldTypeDescription
hashfieldHash of the encrypted note preimage.
lengthfieldNumber of fields of the note preimage.
counteru32Counter at which the hash was emitted.
note_hash_counteru32Counter of the corresponding note hash.

ReadRequest

FieldTypeDescription
valuefieldValue being read.
contract_addressAztecAddressAddress of the contract the value was created.
counteru32Counter at which the request was made.

ParentSecretKeyValidationRequest

FieldTypeDescription
parent_public_keyGrumpkinPointClaimed parent public key of the secret key.
hardened_child_secret_keyfqSecret key passed to the function.

PublicCallRequest

FieldTypeDescription
call_stack_item_hashfieldHash of the call stack item.
counteru32Counter at which the request was made.

PrivateCallRequest

FieldTypeDescription
call_stack_item_hashfieldHash of the call stack item.
counter_startu32Counter at which the call was initiated.
counter_endu32Counter at which the call ended.

BlockHeader

FieldTypeDescription
note_hash_tree_rootfieldRoot of the note hash tree.
nullifier_tree_rootfieldRoot of the nullifier tree.
l1_to_l2_messages_tree_rootfieldRoot of the l1-to-l2 messages tree.
public_data_tree_rootfieldRoot of the public data tree.
archive_tree_rootfieldRoot of the state roots tree archived at the block prior to when the transaction was assembled.
global_variables_hashfieldHash of the previous global variables.