@aztec/blob-lib 0.0.1-commit.b655e406 → 0.0.1-commit.fce3e4f

package/dest/testing.js

@@ -1,84 +1,54 @@
-import { FIELDS_PER_BLOB } from '@aztec/constants';
 import { makeTuple } from '@aztec/foundation/array';
-import { randomInt } from '@aztec/foundation/crypto';
-import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
+import { BLS12Fq, BLS12Fr, BLS12Point, BLSPointNotOnCurveError, Fr } from '@aztec/foundation/fields';
 import { Blob } from './blob.js';
-import { BatchedBlobAccumulator } from './blob_batching.js';
-import { getBlobsPerL1Block } from './blob_utils.js';
-import { FinalBlobBatchingChallenges } from './circuit_types/index.js';
-import { createBlockEndMarker, encodeTxStartMarker } from './encoding.js';
+import { BlobAccumulator } from './circuit_types/blob_accumulator.js';
+import { FinalBlobAccumulator } from './circuit_types/final_blob_accumulator.js';
+import { FinalBlobBatchingChallenges } from './circuit_types/final_blob_batching_challenges.js';
 import { Poseidon2Sponge, SpongeBlob } from './sponge_blob.js';
+export * from './encoding/fixtures.js';
 /**
  * Makes arbitrary poseidon sponge for blob inputs.
  * Note: will not verify inside the circuit.
  * @param seed - The seed to use for generating the sponge.
  * @returns A sponge blob instance.
  */ export function makeSpongeBlob(seed = 1) {
-    return new SpongeBlob(new Poseidon2Sponge(makeTuple(3, (i)=>new Fr(i)), makeTuple(4, (i)=>new Fr(i)), 1, false), seed, seed + 1);
+    return new SpongeBlob(new Poseidon2Sponge(makeTuple(3, (i)=>new Fr(i)), makeTuple(4, (i)=>new Fr(i)), 1, false), seed);
+}
+/**
+ * Makes an arbitrary but valid BLS12 point. The value is deterministic for a given seed.
+ * @param seed - The seed to use for generating the point.
+ * @returns A BLS12 point instance.
+ */ function makeBLS12Point(seed = 1) {
+    let accum = 0;
+    while(true){
+        try {
+            const x = new BLS12Fq(seed + accum);
+            const y = BLS12Point.YFromX(x);
+            if (y) {
+                return new BLS12Point(x, y, false);
+            }
+            accum++;
+        } catch (e) {
+            if (!(e instanceof BLSPointNotOnCurveError)) {
+                throw e;
+            }
+        // The point is not on the curve - try again
+        }
+    }
 }
 /**
  * Makes arbitrary blob public accumulator.
  * Note: will not verify inside the circuit.
  * @param seed - The seed to use for generating the blob accumulator.
  * @returns A blob accumulator instance.
- */ export function makeBatchedBlobAccumulator(seed = 1) {
-    return new BatchedBlobAccumulator(new Fr(seed), new Fr(seed + 1), new BLS12Fr(seed + 2), BLS12Point.random(), BLS12Point.random(), new Fr(seed + 3), new BLS12Fr(seed + 4), new FinalBlobBatchingChallenges(new Fr(seed + 5), new BLS12Fr(seed + 6)));
+ */ export function makeBlobAccumulator(seed = 1) {
+    return new BlobAccumulator(new Fr(seed), new Fr(seed + 0x10), new BLS12Fr(seed + 0x20), makeBLS12Point(seed + 0x30), new Fr(seed + 0x50), new BLS12Fr(seed + 0x60));
 }
-export function makeEncodedTxBlobFields(length) {
-    const txStartMarker = {
-        numBlobFields: length,
-        // The rest of the values don't matter. The test components using it do not try to deserialize everything.
-        // Only `checkBlobFieldsEncoding` is used and it only looks at `numBlobFields`. This might change in the future
-        // when we add more thorough checks to `checkBlobFieldsEncoding`.
-        revertCode: 0,
-        numNoteHashes: 0,
-        numNullifiers: 0,
-        numL2ToL1Msgs: 0,
-        numPublicDataWrites: 0,
-        numPrivateLogs: 0,
-        publicLogsLength: 0,
-        contractClassLogLength: 0
-    };
-    return [
-        encodeTxStartMarker(txStartMarker),
-        ...Array.from({
-            length: length - 1
-        }, ()=>new Fr(randomInt(Number.MAX_SAFE_INTEGER)))
-    ];
-}
-export function makeEncodedBlockBlobFields(...lengths) {
-    return [
-        ...lengths.length > 0 ? makeEncodedTxBlobFields(lengths[0] - 1) : [],
-        ...lengths.slice(1).flatMap((length)=>makeEncodedTxBlobFields(length)),
-        createBlockEndMarker(lengths.length)
-    ];
-}
-// Create blob fields for a checkpoint with a single block.
-export function makeEncodedBlobFields(length) {
-    if (length <= 2) {
-        throw new Error('Encoded blob fields length must be greater than 2');
-    }
-    const checkpointPrefix = new Fr(length);
-    return [
-        checkpointPrefix,
-        ...makeEncodedBlockBlobFields(length - 1)
-    ]; // -1 to account for the checkpoint prefix.
-}
-/**
- * Make an encoded blob with the given length
- *
- * This will deserialise correctly in the archiver
- * @param length
- * @returns
- */ export function makeEncodedBlob(length) {
-    if (length > FIELDS_PER_BLOB) {
-        throw new Error(`A single encoded blob must be less than ${FIELDS_PER_BLOB} fields`);
-    }
-    return Blob.fromFields(makeEncodedBlobFields(length));
+export function makeFinalBlobAccumulator(seed = 1) {
+    return new FinalBlobAccumulator(new Fr(seed), new Fr(seed + 0x10), new BLS12Fr(seed + 0x20), makeBLS12Point(seed + 0x30));
 }
-export function makeEncodedBlobs(length) {
-    const fields = makeEncodedBlobFields(length);
-    return getBlobsPerL1Block(fields);
+export function makeFinalBlobBatchingChallenges(seed = 1) {
+    return new FinalBlobBatchingChallenges(new Fr(seed), new BLS12Fr(seed + 0x10));
 }
 /**
  * Make a blob with random fields.

package/dest/types.d.ts

@@ -1,3 +1,4 @@
+export * from './batched_blob.js';
 export * from './circuit_types/index.js';
 export * from './interface.js';
 export * from './sponge_blob.js';
@@ -13,4 +14,4 @@ export interface BlobKzgInstance {
     /** Function to compute both blob data cells and their corresponding KZG proofs for EIP7594 */
     computeCellsAndKzgProofs(blob: Uint8Array): [Uint8Array[], Uint8Array[]];
 }
-//# sourceMappingURL=types.d.ts.map
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxjQUFjLG1CQUFtQixDQUFDO0FBQ2xDLGNBQWMsMEJBQTBCLENBQUM7QUFDekMsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLGtCQUFrQixDQUFDO0FBRWpDOzs7R0FHRztBQUNILE1BQU0sV0FBVyxlQUFlO0lBQzlCLHdEQUF3RDtJQUN4RCxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsVUFBVSxHQUFHLFVBQVUsQ0FBQztJQUNsRCxrREFBa0Q7SUFDbEQsbUJBQW1CLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRSxVQUFVLEVBQUUsVUFBVSxHQUFHLFVBQVUsQ0FBQztJQUMxRSw4RkFBOEY7SUFDOUYsd0JBQXdCLENBQUMsSUFBSSxFQUFFLFVBQVUsR0FBRyxDQUFDLFVBQVUsRUFBRSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUM7Q0FDMUUifQ==

package/dest/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAC;AACzC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AAEjC;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC;IAClD,kDAAkD;IAClD,mBAAmB,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,GAAG,UAAU,CAAC;IAC1E,8FAA8F;IAC9F,wBAAwB,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;CAC1E"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,0BAA0B,CAAC;AACzC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AAEjC;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,wDAAwD;IACxD,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC;IAClD,kDAAkD;IAClD,mBAAmB,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,GAAG,UAAU,CAAC;IAC1E,8FAA8F;IAC9F,wBAAwB,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;CAC1E"}

package/dest/types.js

@@ -1,3 +1,4 @@
+export * from './batched_blob.js';
 export * from './circuit_types/index.js';
 export * from './interface.js';
 export * from './sponge_blob.js';

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@aztec/blob-lib",
-  "version": "0.0.1-commit.b655e406",
+  "version": "0.0.1-commit.fce3e4f",
   "type": "module",
   "exports": {
     ".": "./dest/index.js",
-    "./encoding": "./dest/encoding.js",
+    "./encoding": "./dest/encoding/index.js",
     "./types": "./dest/types.js",
     "./testing": "./dest/testing.js"
   },
@@ -16,10 +16,10 @@
     "tsconfig": "./tsconfig.json"
   },
   "scripts": {
-    "build": "yarn clean && tsc -b",
-    "build:dev": "tsc -b --watch",
+    "build": "yarn clean && tsgo -b",
+    "build:dev": "tsgo -b --watch",
     "clean": "rm -rf ./dest .tsbuildinfo",
-    "start:dev": "tsc-watch -p tsconfig.json --onSuccess 'yarn start'",
+    "start:dev": "concurrently -k \"tsgo -b -w\" \"nodemon --watch dest --exec yarn start\"",
     "start": "node ./dest/index.js",
     "test": "NODE_NO_WARNINGS=1 node --experimental-vm-modules ../node_modules/.bin/jest --passWithNoTests --maxWorkers=${JEST_MAX_WORKERS:-8}"
   },
@@ -27,8 +27,8 @@
     "../package.common.json"
   ],
   "dependencies": {
-    "@aztec/constants": "0.0.1-commit.b655e406",
-    "@aztec/foundation": "0.0.1-commit.b655e406",
+    "@aztec/constants": "0.0.1-commit.fce3e4f",
+    "@aztec/foundation": "0.0.1-commit.fce3e4f",
     "@crate-crypto/node-eth-kzg": "^0.10.0",
     "tslib": "^2.4.0"
   },
@@ -36,6 +36,7 @@
     "@jest/globals": "^30.0.0",
     "@types/jest": "^30.0.0",
     "@types/node": "^22.15.17",
+    "@typescript/native-preview": "7.0.0-dev.20251126.1",
     "get-port": "^7.1.0",
     "jest": "^30.0.0",
     "ts-node": "^10.9.1",

package/src/batched_blob.ts

@@ -0,0 +1,25 @@
+import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
+
+import { FinalBlobAccumulator } from './circuit_types/index.js';
+
+/**
+ * A class to represent the result from accumulating blobs in an epoch using BatchedBlobAccumulator.
+ */
+export class BatchedBlob {
+  constructor(
+    /** Hash of Cs (to link to L1 blob hashes). */
+    public readonly blobCommitmentsHash: Fr,
+    /** Challenge point z such that p_i(z) = y_i. */
+    public readonly z: Fr,
+    /** Evaluation y, linear combination of all evaluations y_i = p_i(z) with gamma. */
+    public readonly y: BLS12Fr,
+    /** Commitment C, linear combination of all commitments C_i = [p_i] with gamma. */
+    public readonly commitment: BLS12Point,
+    /** KZG opening 'proof' Q (commitment to the quotient poly.), linear combination of all blob kzg 'proofs' Q_i with gamma. */
+    public readonly q: BLS12Point,
+  ) {}
+
+  toFinalBlobAccumulator() {
+    return new FinalBlobAccumulator(this.blobCommitmentsHash, this.z, this.y, this.commitment);
+  }
+}

package/src/blob_batching.ts

@@ -1,30 +1,69 @@
-import { AZTEC_MAX_EPOCH_DURATION, BLOBS_PER_BLOCK } from '@aztec/constants';
+import { AZTEC_MAX_EPOCH_DURATION, BLOBS_PER_CHECKPOINT } from '@aztec/constants';
 import { poseidon2Hash, sha256ToField } from '@aztec/foundation/crypto';
 import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
 
+import { BatchedBlob } from './batched_blob.js';
 import { Blob } from './blob.js';
-import { computeBlobFieldsHashFromBlobs } from './blob_utils.js';
+import { getBlobsPerL1Block } from './blob_utils.js';
 import { BlobAccumulator, FinalBlobAccumulator, FinalBlobBatchingChallenges } from './circuit_types/index.js';
-import { computeEthVersionedBlobHash, hashNoirBigNumLimbs } from './hash.js';
+import { computeBlobFieldsHash, hashNoirBigNumLimbs } from './hash.js';
 import { kzg } from './kzg_context.js';
 
 /**
  * A class to create, manage, and prove batched EVM blobs.
+ * See noir-projects/noir-protocol-circuits/crates/blob/src/abis/blob_accumulator.nr
  */
-export class BatchedBlob {
+export class BatchedBlobAccumulator {
   constructor(
     /** Hash of Cs (to link to L1 blob hashes). */
-    public readonly blobCommitmentsHash: Fr,
-    /** Challenge point z such that p_i(z) = y_i. */
-    public readonly z: Fr,
-    /** Evaluation y, linear combination of all evaluations y_i = p_i(z) with gamma. */
-    public readonly y: BLS12Fr,
-    /** Commitment C, linear combination of all commitments C_i = [p_i] with gamma. */
-    public readonly commitment: BLS12Point,
-    /** KZG opening 'proof' Q (commitment to the quotient poly.), linear combination of all blob kzg 'proofs' Q_i with gamma. */
-    public readonly q: BLS12Point,
+    public readonly blobCommitmentsHashAcc: Fr,
+    /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */
+    public readonly zAcc: Fr,
+    /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */
+    public readonly yAcc: BLS12Fr,
+    /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */
+    public readonly cAcc: BLS12Point,
+    /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */
+    public readonly qAcc: BLS12Point,
+    /**
+     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
+     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
+     * as a BLS12Fr field elt. Is this safe? Is there a skew?
+     */
+    public readonly gammaAcc: Fr,
+    /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */
+    public readonly gammaPow: BLS12Fr,
+    /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */
+    public readonly finalBlobChallenges: FinalBlobBatchingChallenges,
   ) {}
 
+  /**
+   * Create the empty accumulation state of the epoch.
+   * @returns An empty blob accumulator with challenges.
+   */
+  static newWithChallenges(finalBlobChallenges: FinalBlobBatchingChallenges): BatchedBlobAccumulator {
+    return new BatchedBlobAccumulator(
+      Fr.ZERO,
+      Fr.ZERO,
+      BLS12Fr.ZERO,
+      BLS12Point.ZERO,
+      BLS12Point.ZERO,
+      Fr.ZERO,
+      BLS12Fr.ZERO,
+      finalBlobChallenges,
+    );
+  }
+
+  /**
+   * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
+   * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
+   *      beforehand from ALL blobs.
+   */
+  static async fromBlobFields(blobFieldsPerCheckpoint: Fr[][]): Promise<BatchedBlobAccumulator> {
+    const finalBlobChallenges = await this.precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint);
+    return BatchedBlobAccumulator.newWithChallenges(finalBlobChallenges);
+  }
+
   /**
    * Get the final batched opening proof from multiple blobs.
    * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
@@ -32,30 +71,21 @@ export class BatchedBlob {
    *
    * @returns A batched blob.
    */
-  static async batch(blobs: Blob[][]): Promise<BatchedBlob> {
-    if (blobs.length > AZTEC_MAX_EPOCH_DURATION) {
+  static async batch(blobFieldsPerCheckpoint: Fr[][], verifyProof = false): Promise<BatchedBlob> {
+    const numCheckpoints = blobFieldsPerCheckpoint.length;
+    if (numCheckpoints > AZTEC_MAX_EPOCH_DURATION) {
       throw new Error(
-        `Too many blocks sent to batch(). The maximum is ${AZTEC_MAX_EPOCH_DURATION}. Got ${blobs.length}.`,
+        `Too many checkpoints sent to batch(). The maximum is ${AZTEC_MAX_EPOCH_DURATION}. Got ${numCheckpoints}.`,
       );
     }
 
     // Precalculate the values (z and gamma) and initialize the accumulator:
-    let acc = await this.newAccumulator(blobs);
+    let acc = await this.fromBlobFields(blobFieldsPerCheckpoint);
     // Now we can create a multi opening proof of all input blobs:
-    for (const blockBlobs of blobs) {
-      acc = await acc.accumulateBlobs(blockBlobs);
+    for (const blobFields of blobFieldsPerCheckpoint) {
+      acc = await acc.accumulateFields(blobFields);
     }
-    return await acc.finalize();
-  }
-
-  /**
-   * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
-   * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
-   *      beforehand from ALL blobs.
-   */
-  static async newAccumulator(blobs: Blob[][]): Promise<BatchedBlobAccumulator> {
-    const finalBlobChallenges = await this.precomputeBatchedBlobChallenges(blobs);
-    return BatchedBlobAccumulator.newWithChallenges(finalBlobChallenges);
+    return await acc.finalize(verifyProof);
   }
 
   /**
@@ -70,13 +100,15 @@ export class BatchedBlob {
    * @param blobs - The blobs to precompute the challenges for. Each sub-array is the blobs for an L1 block.
    * @returns Challenges z and gamma.
    */
-  static async precomputeBatchedBlobChallenges(blobs: Blob[][]): Promise<FinalBlobBatchingChallenges> {
+  static async precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint: Fr[][]): Promise<FinalBlobBatchingChallenges> {
     // Compute the final challenge z to evaluate the blobs.
     let z: Fr | undefined;
-    for (const blockBlobs of blobs) {
+    const allBlobs = [];
+    for (const blobFields of blobFieldsPerCheckpoint) {
       // Compute the hash of all the fields in the block.
-      const blobFieldsHash = await computeBlobFieldsHashFromBlobs(blockBlobs);
-      for (const blob of blockBlobs) {
+      const blobFieldsHash = await computeBlobFieldsHash(blobFields);
+      const blobs = getBlobsPerL1Block(blobFields);
+      for (const blob of blobs) {
         // Compute the challenge z for each blob and accumulate it.
         const challengeZ = await blob.computeChallengeZ(blobFieldsHash);
         if (!z) {
@@ -85,13 +117,13 @@ export class BatchedBlob {
           z = await poseidon2Hash([z, challengeZ]);
         }
       }
+      allBlobs.push(...blobs);
     }
     if (!z) {
       throw new Error('No blobs to precompute challenges for.');
     }
 
     // Now we have a shared challenge for all blobs, evaluate them...
-    const allBlobs = blobs.flat();
     const proofObjects = allBlobs.map(b => b.evaluate(z));
     const evaluations = await Promise.all(proofObjects.map(({ y }) => hashNoirBigNumLimbs(y)));
     // ...and find the challenge for the linear combination of blobs.
@@ -105,92 +137,12 @@ export class BatchedBlob {
     return new FinalBlobBatchingChallenges(z, BLS12Fr.fromBN254Fr(gamma));
   }
 
-  verify() {
-    return kzg.verifyKzgProof(this.commitment.compress(), this.z.toBuffer(), this.y.toBuffer(), this.q.compress());
-  }
-
-  // Returns ethereum's versioned blob hash, following kzg_to_versioned_hash: https://eips.ethereum.org/EIPS/eip-4844#helpers
-  getEthVersionedBlobHash(): Buffer {
-    return computeEthVersionedBlobHash(this.commitment.compress());
-  }
-
-  /**
-   * Returns a proof of opening of the blobs to verify on L1 using the point evaluation precompile:
-   *
-   * input[:32]     - versioned_hash
-   * input[32:64]   - z
-   * input[64:96]   - y
-   * input[96:144]  - commitment C
-   * input[144:192] - commitment Q (a 'proof' committing to the quotient polynomial q(X))
-   *
-   * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
-   */
-  getEthBlobEvaluationInputs(): `0x${string}` {
-    const buf = Buffer.concat([
-      this.getEthVersionedBlobHash(),
-      this.z.toBuffer(),
-      this.y.toBuffer(),
-      this.commitment.compress(),
-      this.q.compress(),
-    ]);
-    return `0x${buf.toString('hex')}`;
-  }
-
-  toFinalBlobAccumulator() {
-    return new FinalBlobAccumulator(this.blobCommitmentsHash, this.z, this.y, this.commitment);
-  }
-}
-
-/**
- * See noir-projects/noir-protocol-circuits/crates/blob/src/abis/blob_accumulator.nr
- */
-export class BatchedBlobAccumulator {
-  constructor(
-    /** Hash of Cs (to link to L1 blob hashes). */
-    public readonly blobCommitmentsHashAcc: Fr,
-    /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */
-    public readonly zAcc: Fr,
-    /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */
-    public readonly yAcc: BLS12Fr,
-    /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */
-    public readonly cAcc: BLS12Point,
-    /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */
-    public readonly qAcc: BLS12Point,
-    /**
-     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
-     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
-     * as a BLS12Fr field elt. Is this safe? Is there a skew?
-     */
-    public readonly gammaAcc: Fr,
-    /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */
-    public readonly gammaPow: BLS12Fr,
-    /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */
-    public readonly finalBlobChallenges: FinalBlobBatchingChallenges,
-  ) {}
-
-  /**
-   * Create the empty accumulation state of the epoch.
-   * @returns An empty blob accumulator with challenges.
-   */
-  static newWithChallenges(finalBlobChallenges: FinalBlobBatchingChallenges): BatchedBlobAccumulator {
-    return new BatchedBlobAccumulator(
-      Fr.ZERO,
-      Fr.ZERO,
-      BLS12Fr.ZERO,
-      BLS12Point.ZERO,
-      BLS12Point.ZERO,
-      Fr.ZERO,
-      BLS12Fr.ZERO,
-      finalBlobChallenges,
-    );
-  }
-
   /**
    * Given blob i, accumulate all state.
    * We assume the input blob has not been evaluated at z.
    * @returns An updated blob accumulator.
    */
-  private async accumulate(blob: Blob, blobFieldsHash: Fr) {
+  async accumulateBlob(blob: Blob, blobFieldsHash: Fr) {
     const { proof, y: thisY } = blob.evaluate(this.finalBlobChallenges.z);
     const thisC = BLS12Point.decompress(blob.commitment);
     const thisQ = BLS12Point.decompress(proof);
@@ -234,23 +186,25 @@ export class BatchedBlobAccumulator {
   /**
    * Given blobs, accumulate all state.
    * We assume the input blobs have not been evaluated at z.
-   * @param blobs - The blobs to accumulate. They should be in the same L1 block.
+   * @param blobFields - The blob fields of a checkpoint to accumulate.
    * @returns An updated blob accumulator.
    */
-  async accumulateBlobs(blobs: Blob[]) {
-    if (blobs.length > BLOBS_PER_BLOCK) {
+  async accumulateFields(blobFields: Fr[]) {
+    const blobs = getBlobsPerL1Block(blobFields);
+
+    if (blobs.length > BLOBS_PER_CHECKPOINT) {
       throw new Error(
-        `Too many blobs to accumulate. The maximum is ${BLOBS_PER_BLOCK} per block. Got ${blobs.length}.`,
+        `Too many blobs to accumulate. The maximum is ${BLOBS_PER_CHECKPOINT} per checkpoint. Got ${blobs.length}.`,
       );
     }
 
     // Compute the hash of all the fields in the block.
-    const blobFieldsHash = await computeBlobFieldsHashFromBlobs(blobs);
+    const blobFieldsHash = await computeBlobFieldsHash(blobFields);
 
     // Initialize the acc to iterate over:
     let acc: BatchedBlobAccumulator = this.clone();
     for (const blob of blobs) {
-      acc = await acc.accumulate(blob, blobFieldsHash);
+      acc = await acc.accumulateBlob(blob, blobFieldsHash);
     }
     return acc;
   }
@@ -286,13 +240,17 @@ export class BatchedBlobAccumulator {
 
     const batchedBlob = new BatchedBlob(this.blobCommitmentsHashAcc, this.zAcc, this.yAcc, this.cAcc, this.qAcc);
 
-    if (verifyProof && !batchedBlob.verify()) {
+    if (verifyProof && !this.verify()) {
       throw new Error(`KZG proof did not verify.`);
     }
 
     return batchedBlob;
   }
 
+  verify() {
+    return kzg.verifyKzgProof(this.cAcc.compress(), this.zAcc.toBuffer(), this.yAcc.toBuffer(), this.qAcc.compress());
+  }
+
   isEmptyState() {
     return (
       this.blobCommitmentsHashAcc.isZero() &&

package/src/blob_utils.ts

@@ -1,9 +1,10 @@
 import { FIELDS_PER_BLOB } from '@aztec/constants';
 import { BLS12Point, Fr } from '@aztec/foundation/fields';
 
+import type { BatchedBlob } from './batched_blob.js';
 import { Blob } from './blob.js';
-import { deserializeEncodedBlobToFields } from './deserialize.js';
-import { computeBlobFieldsHash, computeBlobsHash } from './hash.js';
+import { type CheckpointBlobData, decodeCheckpointBlobDataFromBuffer } from './encoding/index.js';
+import { computeBlobsHash, computeEthVersionedBlobHash } from './hash.js';
 
 /**
  * @param blobs - The blobs to emit.
@@ -40,26 +41,13 @@ export function getBlobsPerL1Block(fields: Fr[]): Blob[] {
 }
 
 /**
- * Get the fields from all blobs in the checkpoint. Ignoring the fields beyond the length specified by the
- * checkpoint prefix (the first field).
- *
- * @param blobs - The blobs to read fields from. Should be all the blobs in the L1 block proposing the checkpoint.
- * @param checkEncoding - Whether to check if the entire encoded blob fields are valid. If false, it will still check
- * the checkpoint prefix and throw if there's not enough fields.
- * @returns The fields added throughout the checkpoint.
+ * Get the encoded data from all blobs in the checkpoint.
+ * @param blobs - The blobs to read data from. Should be all the blobs for the L1 block proposing the checkpoint.
+ * @returns The encoded data of the checkpoint.
  */
-export function getBlobFieldsInCheckpoint(blobs: Blob[], checkEncoding = false): Fr[] {
-  return deserializeEncodedBlobToFields(Buffer.concat(blobs.map(b => b.data)), checkEncoding);
-}
-
-export async function computeBlobFieldsHashFromBlobs(blobs: Blob[]): Promise<Fr> {
-  const fields = blobs.map(b => b.toFields()).flat();
-  const numBlobFields = fields[0].toNumber();
-  if (numBlobFields > fields.length) {
-    throw new Error(`The prefix indicates ${numBlobFields} fields. Got ${fields.length}.`);
-  }
-
-  return await computeBlobFieldsHash(fields.slice(0, numBlobFields));
+export function decodeCheckpointBlobDataFromBlobs(blobs: Blob[]): CheckpointBlobData {
+  const buf = Buffer.concat(blobs.map(b => b.data));
+  return decodeCheckpointBlobDataFromBuffer(buf);
 }
 
 export function computeBlobsHashFromBlobs(blobs: Blob[]): Fr {
@@ -69,3 +57,25 @@ export function computeBlobsHashFromBlobs(blobs: Blob[]): Fr {
 export function getBlobCommitmentsFromBlobs(blobs: Blob[]): BLS12Point[] {
   return blobs.map(b => BLS12Point.decompress(b.commitment));
 }
+
+/**
+ * Returns a proof of opening of the blobs to verify on L1 using the point evaluation precompile:
+ *
+ * input[:32]     - versioned_hash
+ * input[32:64]   - z
+ * input[64:96]   - y
+ * input[96:144]  - commitment C
+ * input[144:192] - commitment Q (a 'proof' committing to the quotient polynomial q(X))
+ *
+ * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
+ */
+export function getEthBlobEvaluationInputs(batchedBlob: BatchedBlob): `0x${string}` {
+  const buf = Buffer.concat([
+    computeEthVersionedBlobHash(batchedBlob.commitment.compress()),
+    batchedBlob.z.toBuffer(),
+    batchedBlob.y.toBuffer(),
+    batchedBlob.commitment.compress(),
+    batchedBlob.q.compress(),
+  ]);
+  return `0x${buf.toString('hex')}`;
+}

package/src/circuit_types/blob_accumulator.ts

@@ -81,4 +81,15 @@ export class BlobAccumulator {
       BLS12Fr.fromNoirBigNum({ limbs: reader.readFieldArray(BLS12_FR_LIMBS).map(f => f.toString()) }),
     );
   }
+
+  static random() {
+    return new BlobAccumulator(
+      Fr.random(),
+      Fr.random(),
+      BLS12Fr.random(),
+      BLS12Point.random(),
+      Fr.random(),
+      BLS12Fr.random(),
+    );
+  }
 }