@aztec/blob-lib 0.75.0-commit.c03ba01a2a4122e43e90d5133ba017e54b90e9d2

package/dest/blob.js

@@ -0,0 +1,253 @@
+// Importing directly from 'c-kzg' does not work, ignoring import/no-named-as-default-member err:
+import { poseidon2Hash, sha256 } from '@aztec/foundation/crypto';
+import { Fr } from '@aztec/foundation/fields';
+import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
+import cKzg from 'c-kzg';
+import { deserializeEncodedBlobToFields, extractBlobFieldsFromBuffer } from './encoding.js';
+import { BlobDeserializationError } from './errors.js';
+/* eslint-disable import/no-named-as-default-member */ const { BYTES_PER_BLOB, FIELD_ELEMENTS_PER_BLOB, blobToKzgCommitment, computeKzgProof, verifyKzgProof } = cKzg;
+// The prefix to the EVM blobHash, defined here: https://eips.ethereum.org/EIPS/eip-4844#specification
+export const VERSIONED_HASH_VERSION_KZG = 0x01;
+/**
+ * A class to create, manage, and prove EVM blobs.
+ */ export class Blob {
+    data;
+    fieldsHash;
+    challengeZ;
+    evaluationY;
+    commitment;
+    proof;
+    constructor(/** The blob to be broadcast on L1 in bytes form. */ data, /** The hash of all tx effects inside the blob. Used in generating the challenge z and proving that we have included all required effects. */ fieldsHash, /** Challenge point z (= H(H(tx_effects), kzgCommmitment). Used such that p(z) = y. */ challengeZ, /** Evaluation y = p(z), where p() is the blob polynomial. BLS12 field element, rep. as BigNum in nr, bigint in ts. */ evaluationY, /** Commitment to the blob C. Used in compressed BLS12 point format (48 bytes). */ commitment, /** KZG opening proof for y = p(z). The commitment to quotient polynomial Q, used in compressed BLS12 point format (48 bytes). */ proof){
+        this.data = data;
+        this.fieldsHash = fieldsHash;
+        this.challengeZ = challengeZ;
+        this.evaluationY = evaluationY;
+        this.commitment = commitment;
+        this.proof = proof;
+    }
+    /**
+   * The encoded version of the blob will determine the end of the blob based on the transaction encoding.
+   * This is required when the fieldsHash of a blob will contain trailing zeros.
+   *
+   * See `./encoding.ts` for more details.
+   *
+   * This method is used to create a Blob from a buffer.
+   * @param blob - The buffer to create the Blob from.
+   * @param multiBlobFieldsHash - The fields hash to use for the Blob.
+   * @returns A Blob created from the buffer.
+   *
+   * @throws If unable to deserialize the blob.
+   */ static fromEncodedBlobBuffer(blob, multiBlobFieldsHash) {
+        try {
+            const fields = deserializeEncodedBlobToFields(blob);
+            return Blob.fromFields(fields, multiBlobFieldsHash);
+        } catch (err) {
+            throw new BlobDeserializationError(`Failed to create Blob from encoded blob buffer, this blob was likely not created by us`);
+        }
+    }
+    /**
+   * Create a Blob from an array of fields.
+   *
+   * @param fields - The array of fields to create the Blob from.
+   * @param multiBlobFieldsHash - The fields hash to use for the Blob.
+   * @returns A Blob created from the array of fields.
+   */ static async fromFields(fields, multiBlobFieldsHash) {
+        if (fields.length > FIELD_ELEMENTS_PER_BLOB) {
+            throw new Error(`Attempted to overfill blob with ${fields.length} elements. The maximum is ${FIELD_ELEMENTS_PER_BLOB}`);
+        }
+        const data = Buffer.concat([
+            serializeToBuffer(fields)
+        ], BYTES_PER_BLOB);
+        // This matches the output of SpongeBlob.squeeze() in the blob circuit
+        const fieldsHash = multiBlobFieldsHash ? multiBlobFieldsHash : await poseidon2Hash(fields);
+        const commitment = Buffer.from(blobToKzgCommitment(data));
+        const challengeZ = await poseidon2Hash([
+            fieldsHash,
+            ...commitmentToFields(commitment)
+        ]);
+        const res = computeKzgProof(data, challengeZ.toBuffer());
+        if (!verifyKzgProof(commitment, challengeZ.toBuffer(), res[1], res[0])) {
+            throw new Error(`KZG proof did not verify.`);
+        }
+        const proof = Buffer.from(res[0]);
+        const evaluationY = Buffer.from(res[1]);
+        return new Blob(data, fieldsHash, challengeZ, evaluationY, commitment, proof);
+    }
+    /**
+   * Create a Blob from a JSON object.
+   *
+   * Blobs will be in this form when requested from the blob sink, or from
+   * the beacon chain via `getBlobSidecars`
+   * https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Beacon/getBlobSidecars
+   *
+   * @dev WARNING: by default json deals with encoded buffers
+   *
+   * @param json - The JSON object to create the Blob from.
+   * @returns A Blob created from the JSON object.
+   */ static async fromJson(json) {
+        const blobBuffer = Buffer.from(json.blob.slice(2), 'hex');
+        const blob = await Blob.fromEncodedBlobBuffer(blobBuffer);
+        if (blob.commitment.toString('hex') !== json.kzg_commitment.slice(2)) {
+            throw new Error('KZG commitment does not match');
+        }
+        // We do not check the proof, as it will be different if the challenge is shared
+        // across multiple blobs
+        return blob;
+    }
+    /**
+   * Get the JSON representation of the blob.
+   *
+   * @dev WARNING: by default json deals with encoded buffers
+   * @param index - optional - The index of the blob in the block.
+   * @returns The JSON representation of the blob.
+   */ toJson(index) {
+        return {
+            blob: `0x${Buffer.from(this.data).toString('hex')}`,
+            index,
+            // eslint-disable-next-line camelcase
+            kzg_commitment: `0x${this.commitment.toString('hex')}`,
+            // eslint-disable-next-line camelcase
+            kzg_proof: `0x${this.proof.toString('hex')}`
+        };
+    }
+    /**
+   * Get the fields from the blob.
+   *
+   * @dev WARNING: this method does not take into account trailing zeros
+   *
+   * @returns The fields from the blob.
+   */ toFields() {
+        return extractBlobFieldsFromBuffer(this.data);
+    }
+    /**
+   * Get the encoded fields from the blob.
+   *
+   * @dev This method takes into account trailing zeros
+   *
+   * @returns The encoded fields from the blob.
+   *
+   * @throws If unable to deserialize the blob.
+   */ toEncodedFields() {
+        try {
+            return deserializeEncodedBlobToFields(this.data);
+        } catch (err) {
+            throw new BlobDeserializationError(`Failed to deserialize encoded blob fields, this blob was likely not created by us`);
+        }
+    }
+    /**
+   * Get the commitment fields from the blob.
+   *
+   * The 48-byte commitment is encoded into two field elements:
+   * +------------------+------------------+
+   * | Field Element 1  | Field Element 2  |
+   * | [bytes 0-31]     | [bytes 32-47]   |
+   * +------------------+------------------+
+   * |     32 bytes     |     16 bytes    |
+   * +------------------+------------------+
+   * @returns The commitment fields from the blob.
+   */ commitmentToFields() {
+        return commitmentToFields(this.commitment);
+    }
+    // Returns ethereum's versioned blob hash, following kzg_to_versioned_hash: https://eips.ethereum.org/EIPS/eip-4844#helpers
+    getEthVersionedBlobHash() {
+        const hash = sha256(this.commitment);
+        hash[0] = VERSIONED_HASH_VERSION_KZG;
+        return hash;
+    }
+    static getEthVersionedBlobHash(commitment) {
+        const hash = sha256(commitment);
+        hash[0] = VERSIONED_HASH_VERSION_KZG;
+        return hash;
+    }
+    /**
+   * Get the buffer representation of the ENTIRE blob.
+   *
+   * @dev WARNING: this buffer contains all metadata aswell as the data itself
+   *
+   * @returns The buffer representation of the blob.
+   */ toBuffer() {
+        return Buffer.from(serializeToBuffer(this.data.length, this.data, this.fieldsHash, this.challengeZ, this.evaluationY.length, this.evaluationY, this.commitment.length, this.commitment, this.proof.length, this.proof));
+    }
+    /**
+   * Create a Blob from a buffer.
+   *
+   * @dev WARNING: this method contains all metadata aswell as the data itself
+   *
+   * @param buf - The buffer to create the Blob from.
+   * @returns A Blob created from the buffer.
+   */ static fromBuffer(buf) {
+        const reader = BufferReader.asReader(buf);
+        return new Blob(reader.readUint8Array(), reader.readObject(Fr), reader.readObject(Fr), reader.readBuffer(), reader.readBuffer(), reader.readBuffer());
+    }
+    /**
+   * Get the size of the blob in bytes
+   */ getSize() {
+        return this.data.length;
+    }
+    /**
+   * Returns a proof of opening of the blob to verify on L1 using the point evaluation precompile:
+   *
+   * input[:32]     - versioned_hash
+   * input[32:64]   - z
+   * input[64:96]   - y
+   * input[96:144]  - commitment C
+   * input[144:192] - proof (a commitment to the quotient polynomial q(X))
+   *
+   * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
+   */ getEthBlobEvaluationInputs() {
+        const buf = Buffer.concat([
+            this.getEthVersionedBlobHash(),
+            this.challengeZ.toBuffer(),
+            this.evaluationY,
+            this.commitment,
+            this.proof
+        ]);
+        return `0x${buf.toString('hex')}`;
+    }
+    static getEthBlobEvaluationInputs(blobs) {
+        let buf = Buffer.alloc(0);
+        blobs.forEach((blob)=>{
+            buf = Buffer.concat([
+                buf,
+                blob.getEthVersionedBlobHash(),
+                blob.challengeZ.toBuffer(),
+                blob.evaluationY,
+                blob.commitment,
+                blob.proof
+            ]);
+        });
+        // For multiple blobs, we prefix the number of blobs:
+        const lenBuf = Buffer.alloc(1);
+        lenBuf.writeUint8(blobs.length);
+        buf = Buffer.concat([
+            lenBuf,
+            buf
+        ]);
+        return `0x${buf.toString('hex')}`;
+    }
+    static getViemKzgInstance() {
+        return {
+            blobToKzgCommitment: cKzg.blobToKzgCommitment,
+            computeBlobKzgProof: cKzg.computeBlobKzgProof
+        };
+    }
+    // Returns as many blobs as we require to broadcast the given fields
+    // Assumes we share the fields hash between all blobs
+    static async getBlobs(fields) {
+        const numBlobs = Math.max(Math.ceil(fields.length / FIELD_ELEMENTS_PER_BLOB), 1);
+        const multiBlobFieldsHash = await poseidon2Hash(fields);
+        const res = [];
+        for(let i = 0; i < numBlobs; i++){
+            const end = fields.length < (i + 1) * FIELD_ELEMENTS_PER_BLOB ? fields.length : (i + 1) * FIELD_ELEMENTS_PER_BLOB;
+            res.push(await Blob.fromFields(fields.slice(i * FIELD_ELEMENTS_PER_BLOB, end), multiBlobFieldsHash));
+        }
+        return res;
+    }
+}
+// 48 bytes encoded in fields as [Fr, Fr] = [0->31, 31->48]
+function commitmentToFields(commitment) {
+    return [
+        new Fr(commitment.subarray(0, 31)),
+        new Fr(commitment.subarray(31, 48))
+    ];
+}

package/dest/encoding.js

@@ -0,0 +1,114 @@
+import { Fr } from '@aztec/foundation/fields';
+import { BufferReader, FieldReader } from '@aztec/foundation/serialize';
+// Note duplicated from circuit-types !
+// This will appear as 0x74785f7374617274 in logs
+export const TX_START_PREFIX = 8392562855083340404n;
+// These are helper constants to decode tx effects from blob encoded fields
+export const TX_START_PREFIX_BYTES_LENGTH = TX_START_PREFIX.toString(16).length / 2;
+// 7 bytes for: | 0 | txlen[0] | txlen[1] | 0 | REVERT_CODE_PREFIX | 0 | revertCode |
+export const TX_EFFECT_PREFIX_BYTE_LENGTH = TX_START_PREFIX_BYTES_LENGTH + 7;
+export const REVERT_CODE_PREFIX = 1;
+/**
+ * Deserializes a blob buffer into an array of field elements.
+ *
+ * Blobs are converted into BN254 fields to perform a poseidon2 hash on them (fieldHash).
+ * This method is sparse, meaning it does not include trailing zeros at the end of the blob.
+ *
+ * However, we cannot simply trim the zero's from the end of the blob, as some logs may include zero's
+ * within them.
+ * If we end on a set of zeros, such as the log below:
+ * length 7: [ a, b, c, d, e, 0, 0]
+ *
+ * we will end up with the incorrect hash if we trim the zeros from the end.
+ *
+ * Each transactions logs contains a TX start prefix, which includes a string followed
+ * by the length ( in field elements ) of the transaction's log.
+ *
+ * This function finds the end of the last transaction's logs, and returns the array up to this point.
+ *
+ * We search for a series of Tx Prefixes progressing the cursor in the field reader until we hit
+ * a field that is not a Tx Prefix, this indicates that we have reached the end of the last transaction's logs.
+ *
+ * +------------------+------------------+------------------+------------------+
+ * | TX1 Start Prefix | TX1 Log Fields   | TX2 Start Prefix | Padded zeros     |
+ * | [3 a,b,c]        | [3, a, b, c]     | [5 d,e,f,0,0]    | [0, 0, 0, .., 0] |
+ * +------------------+------------------+------------------+------------------+
+ *                                                          ^
+ *                                                          |
+ * Function reads until here --------------------------------
+ *
+ * @param blob - The blob buffer to deserialize.
+ * @returns An array of field elements.
+ */ export function deserializeEncodedBlobToFields(blob) {
+    // Convert blob buffer to array of field elements
+    const reader = BufferReader.asReader(blob);
+    const array = reader.readArray(blob.length >> 5, Fr); // >> 5 = / 32 (bytes per field)
+    const fieldReader = FieldReader.asReader(array);
+    // Read fields until we hit zeros at the end
+    while(!fieldReader.isFinished()){
+        const currentField = fieldReader.peekField();
+        // Stop when we hit a zero field
+        if (!currentField || currentField.isZero()) {
+            break;
+        }
+        // Skip the remaining fields in this transaction
+        const len = getLengthFromFirstField(currentField);
+        fieldReader.skip(len);
+    }
+    // Return array up to last non-zero field
+    return array.slice(0, fieldReader.cursor);
+}
+/**
+ * Get the length of the transaction from the first field.
+ *
+ * @param firstField - The first field of the transaction.
+ * @returns The length of the transaction.
+ *
+ * @throws If the first field does not include the correct prefix - encoding invalid.
+ */ export function getLengthFromFirstField(firstField) {
+    // Check that the first field includes the correct prefix
+    if (!isValidFirstField(firstField)) {
+        throw new Error('Invalid prefix');
+    }
+    const buf = firstField.toBuffer().subarray(-TX_EFFECT_PREFIX_BYTE_LENGTH);
+    return new Fr(buf.subarray(TX_START_PREFIX_BYTES_LENGTH + 1, TX_START_PREFIX_BYTES_LENGTH + 3)).toNumber();
+}
+// NOTE: duplicated from circuit-types tx effect!
+/**
+ * Determines whether a field is the first field of a tx effect
+ */ export function isValidFirstField(field) {
+    const buf = field.toBuffer();
+    if (!buf.subarray(0, field.size - TX_EFFECT_PREFIX_BYTE_LENGTH).equals(Buffer.alloc(field.size - TX_EFFECT_PREFIX_BYTE_LENGTH))) {
+        return false;
+    }
+    const sliced = buf.subarray(-TX_EFFECT_PREFIX_BYTE_LENGTH);
+    if (// Checking we start with the correct prefix...
+    !new Fr(sliced.subarray(0, TX_START_PREFIX_BYTES_LENGTH)).equals(new Fr(TX_START_PREFIX)) || // ...and include the revert code prefix..
+    sliced[sliced.length - 3] !== REVERT_CODE_PREFIX || // ...and the following revert code is valid.
+    sliced[sliced.length - 1] > 4) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Extract the fields from a blob buffer, but do not take into account encoding
+ * that will include trailing zeros.
+ *
+ * +------------------+------------------+------------------+------------------+
+ * |                  |                  |                  | Padded zeros     |
+ * | [3 a,b,c]        | [3, a, b, c]     | [5 d,e,f,0,0]    | [0, 0, 0, .., 0] |
+ * +------------------+------------------+------------------+------------------+
+ *                                                ^
+ *                                                |
+ * Function reads until here ----------------------
+ */ export function extractBlobFieldsFromBuffer(blob) {
+    const reader = BufferReader.asReader(blob);
+    const array = reader.readArray(blob.length >> 5, Fr);
+    // Find the index of the last non-zero field
+    let lastNonZeroIndex = array.length - 1;
+    while(lastNonZeroIndex >= 0 && array[lastNonZeroIndex].isZero()){
+        lastNonZeroIndex--;
+    }
+    // Return the trimmed array
+    return array.slice(0, lastNonZeroIndex + 1);
+}

package/dest/errors.js

@@ -0,0 +1,6 @@
+export class BlobDeserializationError extends Error {
+    constructor(message){
+        super(message);
+        this.name = 'BlobDeserializationError';
+    }
+}

package/dest/index.js

@@ -0,0 +1,18 @@
+import cKzg from 'c-kzg';
+/* eslint-disable import/no-named-as-default-member */ const { loadTrustedSetup } = cKzg;
+export * from './blob.js';
+export * from './mocks.js';
+export * from './encoding.js';
+export * from './interface.js';
+export * from './errors.js';
+try {
+    loadTrustedSetup();
+} catch (error) {
+    if (error.message.includes('trusted setup is already loaded')) {
+    // NB: The c-kzg lib has no way of checking whether the setup is loaded or not,
+    // and it throws an error if it's already loaded, even though nothing is wrong.
+    // This is a rudimentary way of ensuring we load the trusted setup if we need it.
+    } else {
+        throw new Error(error);
+    }
+}

package/dest/interface.js

@@ -0,0 +1,3 @@
+/**
+ * The relevant parts of a response from https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Beacon/getBlobSidecars
+ */ export { };

package/dest/mocks.js

@@ -0,0 +1,53 @@
+import { toBufferBE } from '@aztec/foundation/bigint-buffer';
+import { Fr } from '@aztec/foundation/fields';
+import { Blob } from './blob.js';
+import { TX_START_PREFIX, TX_START_PREFIX_BYTES_LENGTH } from './encoding.js';
+// TODO: copied form circuit-types tx effect
+function encodeFirstField(length) {
+    const lengthBuf = Buffer.alloc(2);
+    lengthBuf.writeUInt16BE(length, 0);
+    return new Fr(Buffer.concat([
+        toBufferBE(TX_START_PREFIX, TX_START_PREFIX_BYTES_LENGTH),
+        Buffer.alloc(1),
+        lengthBuf,
+        Buffer.alloc(1),
+        Buffer.from([
+            1
+        ]),
+        Buffer.alloc(1),
+        Buffer.alloc(1)
+    ]));
+}
+/**
+ * Make an encoded blob with the given length
+ *
+ * This will deserialise correctly in the archiver
+ * @param length
+ * @returns
+ */ export function makeEncodedBlob(length) {
+    return Blob.fromFields([
+        encodeFirstField(length + 1),
+        ...Array.from({
+            length: length
+        }, ()=>Fr.random())
+    ]);
+}
+/**
+ * Make an unencoded blob with the given length
+ *
+ * This will fail deserialisation in the archiver
+ * @param length
+ * @returns
+ */ export function makeUnencodedBlob(length) {
+    return Blob.fromFields([
+        ...Array.from({
+            length: length
+        }, ()=>Fr.random())
+    ]);
+}
+export function makeEncodedBlobFields(fields) {
+    return Blob.fromFields([
+        encodeFirstField(fields.length + 1),
+        ...fields
+    ]);
+}

package/package.json

@@ -0,0 +1,84 @@
+{
+  "name": "@aztec/blob-lib",
+  "version": "0.75.0-commit.c03ba01a2a4122e43e90d5133ba017e54b90e9d2",
+  "type": "module",
+  "exports": {
+    ".": "./dest/index.js"
+  },
+  "typedocOptions": {
+    "entryPoints": [
+      "./src/index.ts"
+    ],
+    "name": "Blob Lib",
+    "tsconfig": "./tsconfig.json"
+  },
+  "scripts": {
+    "build": "yarn clean && tsc -b",
+    "build:dev": "tsc -b --watch",
+    "clean": "rm -rf ./dest .tsbuildinfo",
+    "formatting": "run -T prettier --check ./src && run -T eslint ./src",
+    "formatting:fix": "run -T eslint --fix ./src && run -T prettier -w ./src",
+    "start:dev": "tsc-watch -p tsconfig.json --onSuccess 'yarn start'",
+    "start": "node ./dest/index.js",
+    "test": "NODE_NO_WARNINGS=1 node --experimental-vm-modules ../node_modules/.bin/jest --passWithNoTests --maxWorkers=${JEST_MAX_WORKERS:-8}"
+  },
+  "inherits": [
+    "../package.common.json"
+  ],
+  "dependencies": {
+    "@aztec/foundation": "0.75.0-commit.c03ba01a2a4122e43e90d5133ba017e54b90e9d2",
+    "c-kzg": "4.0.0-alpha.1",
+    "tslib": "^2.4.0"
+  },
+  "devDependencies": {
+    "@jest/globals": "^29.5.0",
+    "@types/jest": "^29.5.0",
+    "@types/node": "^18.14.6",
+    "get-port": "^7.1.0",
+    "jest": "^29.5.0",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.0.4"
+  },
+  "files": [
+    "dest",
+    "src",
+    "!*.test.*"
+  ],
+  "types": "./dest/index.d.ts",
+  "jest": {
+    "moduleNameMapper": {
+      "^(\\.{1,2}/.*)\\.[cm]?js$": "$1"
+    },
+    "testRegex": "./src/.*\\.test\\.(js|mjs|ts)$",
+    "rootDir": "./src",
+    "transform": {
+      "^.+\\.tsx?$": [
+        "@swc/jest",
+        {
+          "jsc": {
+            "parser": {
+              "syntax": "typescript",
+              "decorators": true
+            },
+            "transform": {
+              "decoratorVersion": "2022-03"
+            }
+          }
+        }
+      ]
+    },
+    "extensionsToTreatAsEsm": [
+      ".ts"
+    ],
+    "reporters": [
+      "default"
+    ],
+    "testTimeout": 30000,
+    "setupFiles": [
+      "../../foundation/src/jest/setup.mjs"
+    ]
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}

package/src/blob.ts

@@ -0,0 +1,312 @@
+// Importing directly from 'c-kzg' does not work, ignoring import/no-named-as-default-member err:
+import { poseidon2Hash, sha256 } from '@aztec/foundation/crypto';
+import { Fr } from '@aztec/foundation/fields';
+import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
+
+import cKzg from 'c-kzg';
+import type { Blob as BlobBuffer } from 'c-kzg';
+
+import { deserializeEncodedBlobToFields, extractBlobFieldsFromBuffer } from './encoding.js';
+import { BlobDeserializationError } from './errors.js';
+import { type BlobJson } from './interface.js';
+
+/* eslint-disable import/no-named-as-default-member */
+const { BYTES_PER_BLOB, FIELD_ELEMENTS_PER_BLOB, blobToKzgCommitment, computeKzgProof, verifyKzgProof } = cKzg;
+
+// The prefix to the EVM blobHash, defined here: https://eips.ethereum.org/EIPS/eip-4844#specification
+export const VERSIONED_HASH_VERSION_KZG = 0x01;
+
+/**
+ * A class to create, manage, and prove EVM blobs.
+ */
+export class Blob {
+  constructor(
+    /** The blob to be broadcast on L1 in bytes form. */
+    public readonly data: BlobBuffer,
+    /** The hash of all tx effects inside the blob. Used in generating the challenge z and proving that we have included all required effects. */
+    public readonly fieldsHash: Fr,
+    /** Challenge point z (= H(H(tx_effects), kzgCommmitment). Used such that p(z) = y. */
+    public readonly challengeZ: Fr,
+    /** Evaluation y = p(z), where p() is the blob polynomial. BLS12 field element, rep. as BigNum in nr, bigint in ts. */
+    public readonly evaluationY: Buffer,
+    /** Commitment to the blob C. Used in compressed BLS12 point format (48 bytes). */
+    public readonly commitment: Buffer,
+    /** KZG opening proof for y = p(z). The commitment to quotient polynomial Q, used in compressed BLS12 point format (48 bytes). */
+    public readonly proof: Buffer,
+  ) {}
+
+  /**
+   * The encoded version of the blob will determine the end of the blob based on the transaction encoding.
+   * This is required when the fieldsHash of a blob will contain trailing zeros.
+   *
+   * See `./encoding.ts` for more details.
+   *
+   * This method is used to create a Blob from a buffer.
+   * @param blob - The buffer to create the Blob from.
+   * @param multiBlobFieldsHash - The fields hash to use for the Blob.
+   * @returns A Blob created from the buffer.
+   *
+   * @throws If unable to deserialize the blob.
+   */
+  static fromEncodedBlobBuffer(blob: BlobBuffer, multiBlobFieldsHash?: Fr): Promise<Blob> {
+    try {
+      const fields: Fr[] = deserializeEncodedBlobToFields(blob);
+      return Blob.fromFields(fields, multiBlobFieldsHash);
+    } catch (err) {
+      throw new BlobDeserializationError(
+        `Failed to create Blob from encoded blob buffer, this blob was likely not created by us`,
+      );
+    }
+  }
+
+  /**
+   * Create a Blob from an array of fields.
+   *
+   * @param fields - The array of fields to create the Blob from.
+   * @param multiBlobFieldsHash - The fields hash to use for the Blob.
+   * @returns A Blob created from the array of fields.
+   */
+  static async fromFields(fields: Fr[], multiBlobFieldsHash?: Fr): Promise<Blob> {
+    if (fields.length > FIELD_ELEMENTS_PER_BLOB) {
+      throw new Error(
+        `Attempted to overfill blob with ${fields.length} elements. The maximum is ${FIELD_ELEMENTS_PER_BLOB}`,
+      );
+    }
+
+    const data = Buffer.concat([serializeToBuffer(fields)], BYTES_PER_BLOB);
+
+    // This matches the output of SpongeBlob.squeeze() in the blob circuit
+    const fieldsHash = multiBlobFieldsHash ? multiBlobFieldsHash : await poseidon2Hash(fields);
+    const commitment = Buffer.from(blobToKzgCommitment(data));
+    const challengeZ = await poseidon2Hash([fieldsHash, ...commitmentToFields(commitment)]);
+    const res = computeKzgProof(data, challengeZ.toBuffer());
+    if (!verifyKzgProof(commitment, challengeZ.toBuffer(), res[1], res[0])) {
+      throw new Error(`KZG proof did not verify.`);
+    }
+    const proof = Buffer.from(res[0]);
+    const evaluationY = Buffer.from(res[1]);
+
+    return new Blob(data, fieldsHash, challengeZ, evaluationY, commitment, proof);
+  }
+
+  /**
+   * Create a Blob from a JSON object.
+   *
+   * Blobs will be in this form when requested from the blob sink, or from
+   * the beacon chain via `getBlobSidecars`
+   * https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Beacon/getBlobSidecars
+   *
+   * @dev WARNING: by default json deals with encoded buffers
+   *
+   * @param json - The JSON object to create the Blob from.
+   * @returns A Blob created from the JSON object.
+   */
+  static async fromJson(json: BlobJson): Promise<Blob> {
+    const blobBuffer = Buffer.from(json.blob.slice(2), 'hex');
+
+    const blob = await Blob.fromEncodedBlobBuffer(blobBuffer);
+
+    if (blob.commitment.toString('hex') !== json.kzg_commitment.slice(2)) {
+      throw new Error('KZG commitment does not match');
+    }
+
+    // We do not check the proof, as it will be different if the challenge is shared
+    // across multiple blobs
+
+    return blob;
+  }
+
+  /**
+   * Get the JSON representation of the blob.
+   *
+   * @dev WARNING: by default json deals with encoded buffers
+   * @param index - optional - The index of the blob in the block.
+   * @returns The JSON representation of the blob.
+   */
+  toJson(index?: number): BlobJson {
+    return {
+      blob: `0x${Buffer.from(this.data).toString('hex')}`,
+      index,
+      // eslint-disable-next-line camelcase
+      kzg_commitment: `0x${this.commitment.toString('hex')}`,
+      // eslint-disable-next-line camelcase
+      kzg_proof: `0x${this.proof.toString('hex')}`,
+    };
+  }
+
+  /**
+   * Get the fields from the blob.
+   *
+   * @dev WARNING: this method does not take into account trailing zeros
+   *
+   * @returns The fields from the blob.
+   */
+  toFields(): Fr[] {
+    return extractBlobFieldsFromBuffer(this.data);
+  }
+
+  /**
+   * Get the encoded fields from the blob.
+   *
+   * @dev This method takes into account trailing zeros
+   *
+   * @returns The encoded fields from the blob.
+   *
+   * @throws If unable to deserialize the blob.
+   */
+  toEncodedFields(): Fr[] {
+    try {
+      return deserializeEncodedBlobToFields(this.data);
+    } catch (err) {
+      throw new BlobDeserializationError(
+        `Failed to deserialize encoded blob fields, this blob was likely not created by us`,
+      );
+    }
+  }
+
+  /**
+   * Get the commitment fields from the blob.
+   *
+   * The 48-byte commitment is encoded into two field elements:
+   * +------------------+------------------+
+   * | Field Element 1  | Field Element 2  |
+   * | [bytes 0-31]     | [bytes 32-47]   |
+   * +------------------+------------------+
+   * |     32 bytes     |     16 bytes    |
+   * +------------------+------------------+
+   * @returns The commitment fields from the blob.
+   */
+  commitmentToFields(): [Fr, Fr] {
+    return commitmentToFields(this.commitment);
+  }
+
+  // Returns ethereum's versioned blob hash, following kzg_to_versioned_hash: https://eips.ethereum.org/EIPS/eip-4844#helpers
+  getEthVersionedBlobHash(): Buffer {
+    const hash = sha256(this.commitment);
+    hash[0] = VERSIONED_HASH_VERSION_KZG;
+    return hash;
+  }
+
+  static getEthVersionedBlobHash(commitment: Buffer): Buffer {
+    const hash = sha256(commitment);
+    hash[0] = VERSIONED_HASH_VERSION_KZG;
+    return hash;
+  }
+
+  /**
+   * Get the buffer representation of the ENTIRE blob.
+   *
+   * @dev WARNING: this buffer contains all metadata aswell as the data itself
+   *
+   * @returns The buffer representation of the blob.
+   */
+  toBuffer(): Buffer {
+    return Buffer.from(
+      serializeToBuffer(
+        this.data.length,
+        this.data,
+        this.fieldsHash,
+        this.challengeZ,
+        this.evaluationY.length,
+        this.evaluationY,
+        this.commitment.length,
+        this.commitment,
+        this.proof.length,
+        this.proof,
+      ),
+    );
+  }
+
+  /**
+   * Create a Blob from a buffer.
+   *
+   * @dev WARNING: this method contains all metadata aswell as the data itself
+   *
+   * @param buf - The buffer to create the Blob from.
+   * @returns A Blob created from the buffer.
+   */
+  static fromBuffer(buf: Buffer | BufferReader): Blob {
+    const reader = BufferReader.asReader(buf);
+    return new Blob(
+      reader.readUint8Array(),
+      reader.readObject(Fr),
+      reader.readObject(Fr),
+      reader.readBuffer(),
+      reader.readBuffer(),
+      reader.readBuffer(),
+    );
+  }
+
+  /**
+   * Get the size of the blob in bytes
+   */
+  getSize() {
+    return this.data.length;
+  }
+
+  /**
+   * Returns a proof of opening of the blob to verify on L1 using the point evaluation precompile:
+   *
+   * input[:32]     - versioned_hash
+   * input[32:64]   - z
+   * input[64:96]   - y
+   * input[96:144]  - commitment C
+   * input[144:192] - proof (a commitment to the quotient polynomial q(X))
+   *
+   * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
+   */
+  getEthBlobEvaluationInputs(): `0x${string}` {
+    const buf = Buffer.concat([
+      this.getEthVersionedBlobHash(),
+      this.challengeZ.toBuffer(),
+      this.evaluationY,
+      this.commitment,
+      this.proof,
+    ]);
+    return `0x${buf.toString('hex')}`;
+  }
+
+  static getEthBlobEvaluationInputs(blobs: Blob[]): `0x${string}` {
+    let buf = Buffer.alloc(0);
+    blobs.forEach(blob => {
+      buf = Buffer.concat([
+        buf,
+        blob.getEthVersionedBlobHash(),
+        blob.challengeZ.toBuffer(),
+        blob.evaluationY,
+        blob.commitment,
+        blob.proof,
+      ]);
+    });
+    // For multiple blobs, we prefix the number of blobs:
+    const lenBuf = Buffer.alloc(1);
+    lenBuf.writeUint8(blobs.length);
+    buf = Buffer.concat([lenBuf, buf]);
+    return `0x${buf.toString('hex')}`;
+  }
+
+  static getViemKzgInstance() {
+    return {
+      blobToKzgCommitment: cKzg.blobToKzgCommitment,
+      computeBlobKzgProof: cKzg.computeBlobKzgProof,
+    };
+  }
+
+  // Returns as many blobs as we require to broadcast the given fields
+  // Assumes we share the fields hash between all blobs
+  static async getBlobs(fields: Fr[]): Promise<Blob[]> {
+    const numBlobs = Math.max(Math.ceil(fields.length / FIELD_ELEMENTS_PER_BLOB), 1);
+    const multiBlobFieldsHash = await poseidon2Hash(fields);
+    const res = [];
+    for (let i = 0; i < numBlobs; i++) {
+      const end = fields.length < (i + 1) * FIELD_ELEMENTS_PER_BLOB ? fields.length : (i + 1) * FIELD_ELEMENTS_PER_BLOB;
+      res.push(await Blob.fromFields(fields.slice(i * FIELD_ELEMENTS_PER_BLOB, end), multiBlobFieldsHash));
+    }
+    return res;
+  }
+}
+
+// 48 bytes encoded in fields as [Fr, Fr] = [0->31, 31->48]
+function commitmentToFields(commitment: Buffer): [Fr, Fr] {
+  return [new Fr(commitment.subarray(0, 31)), new Fr(commitment.subarray(31, 48))];
+}

package/src/encoding.ts

@@ -0,0 +1,139 @@
+import { Fr } from '@aztec/foundation/fields';
+import { BufferReader, FieldReader } from '@aztec/foundation/serialize';
+
+import type { Blob as BlobBuffer } from 'c-kzg';
+
+// Note duplicated from circuit-types !
+// This will appear as 0x74785f7374617274 in logs
+export const TX_START_PREFIX = 8392562855083340404n;
+// These are helper constants to decode tx effects from blob encoded fields
+export const TX_START_PREFIX_BYTES_LENGTH = TX_START_PREFIX.toString(16).length / 2;
+// 7 bytes for: | 0 | txlen[0] | txlen[1] | 0 | REVERT_CODE_PREFIX | 0 | revertCode |
+export const TX_EFFECT_PREFIX_BYTE_LENGTH = TX_START_PREFIX_BYTES_LENGTH + 7;
+export const REVERT_CODE_PREFIX = 1;
+
+/**
+ * Deserializes a blob buffer into an array of field elements.
+ *
+ * Blobs are converted into BN254 fields to perform a poseidon2 hash on them (fieldHash).
+ * This method is sparse, meaning it does not include trailing zeros at the end of the blob.
+ *
+ * However, we cannot simply trim the zero's from the end of the blob, as some logs may include zero's
+ * within them.
+ * If we end on a set of zeros, such as the log below:
+ * length 7: [ a, b, c, d, e, 0, 0]
+ *
+ * we will end up with the incorrect hash if we trim the zeros from the end.
+ *
+ * Each transactions logs contains a TX start prefix, which includes a string followed
+ * by the length ( in field elements ) of the transaction's log.
+ *
+ * This function finds the end of the last transaction's logs, and returns the array up to this point.
+ *
+ * We search for a series of Tx Prefixes progressing the cursor in the field reader until we hit
+ * a field that is not a Tx Prefix, this indicates that we have reached the end of the last transaction's logs.
+ *
+ * +------------------+------------------+------------------+------------------+
+ * | TX1 Start Prefix | TX1 Log Fields   | TX2 Start Prefix | Padded zeros     |
+ * | [3 a,b,c]        | [3, a, b, c]     | [5 d,e,f,0,0]    | [0, 0, 0, .., 0] |
+ * +------------------+------------------+------------------+------------------+
+ *                                                          ^
+ *                                                          |
+ * Function reads until here --------------------------------
+ *
+ * @param blob - The blob buffer to deserialize.
+ * @returns An array of field elements.
+ */
+export function deserializeEncodedBlobToFields(blob: BlobBuffer): Fr[] {
+  // Convert blob buffer to array of field elements
+  const reader = BufferReader.asReader(blob);
+  const array = reader.readArray(blob.length >> 5, Fr); // >> 5 = / 32 (bytes per field)
+  const fieldReader = FieldReader.asReader(array);
+
+  // Read fields until we hit zeros at the end
+  while (!fieldReader.isFinished()) {
+    const currentField = fieldReader.peekField();
+
+    // Stop when we hit a zero field
+    if (!currentField || currentField.isZero()) {
+      break;
+    }
+
+    // Skip the remaining fields in this transaction
+    const len = getLengthFromFirstField(currentField);
+    fieldReader.skip(len);
+  }
+
+  // Return array up to last non-zero field
+  return array.slice(0, fieldReader.cursor);
+}
+
+/**
+ * Get the length of the transaction from the first field.
+ *
+ * @param firstField - The first field of the transaction.
+ * @returns The length of the transaction.
+ *
+ * @throws If the first field does not include the correct prefix - encoding invalid.
+ */
+export function getLengthFromFirstField(firstField: Fr): number {
+  // Check that the first field includes the correct prefix
+  if (!isValidFirstField(firstField)) {
+    throw new Error('Invalid prefix');
+  }
+  const buf = firstField.toBuffer().subarray(-TX_EFFECT_PREFIX_BYTE_LENGTH);
+  return new Fr(buf.subarray(TX_START_PREFIX_BYTES_LENGTH + 1, TX_START_PREFIX_BYTES_LENGTH + 3)).toNumber();
+}
+
+// NOTE: duplicated from circuit-types tx effect!
+/**
+ * Determines whether a field is the first field of a tx effect
+ */
+export function isValidFirstField(field: Fr): boolean {
+  const buf = field.toBuffer();
+  if (
+    !buf
+      .subarray(0, field.size - TX_EFFECT_PREFIX_BYTE_LENGTH)
+      .equals(Buffer.alloc(field.size - TX_EFFECT_PREFIX_BYTE_LENGTH))
+  ) {
+    return false;
+  }
+  const sliced = buf.subarray(-TX_EFFECT_PREFIX_BYTE_LENGTH);
+  if (
+    // Checking we start with the correct prefix...
+    !new Fr(sliced.subarray(0, TX_START_PREFIX_BYTES_LENGTH)).equals(new Fr(TX_START_PREFIX)) ||
+    // ...and include the revert code prefix..
+    sliced[sliced.length - 3] !== REVERT_CODE_PREFIX ||
+    // ...and the following revert code is valid.
+    sliced[sliced.length - 1] > 4
+  ) {
+    return false;
+  }
+  return true;
+}
+
+/**
+ * Extract the fields from a blob buffer, but do not take into account encoding
+ * that will include trailing zeros.
+ *
+ * +------------------+------------------+------------------+------------------+
+ * |                  |                  |                  | Padded zeros     |
+ * | [3 a,b,c]        | [3, a, b, c]     | [5 d,e,f,0,0]    | [0, 0, 0, .., 0] |
+ * +------------------+------------------+------------------+------------------+
+ *                                                ^
+ *                                                |
+ * Function reads until here ----------------------
+ */
+export function extractBlobFieldsFromBuffer(blob: BlobBuffer): Fr[] {
+  const reader = BufferReader.asReader(blob);
+  const array = reader.readArray(blob.length >> 5, Fr);
+
+  // Find the index of the last non-zero field
+  let lastNonZeroIndex = array.length - 1;
+  while (lastNonZeroIndex >= 0 && array[lastNonZeroIndex].isZero()) {
+    lastNonZeroIndex--;
+  }
+
+  // Return the trimmed array
+  return array.slice(0, lastNonZeroIndex + 1);
+}

package/src/errors.ts

@@ -0,0 +1,6 @@
+export class BlobDeserializationError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'BlobDeserializationError';
+  }
+}

package/src/index.ts

@@ -0,0 +1,22 @@
+import cKzg from 'c-kzg';
+
+/* eslint-disable import/no-named-as-default-member */
+const { loadTrustedSetup } = cKzg;
+
+export * from './blob.js';
+export * from './mocks.js';
+export * from './encoding.js';
+export * from './interface.js';
+export * from './errors.js';
+
+try {
+  loadTrustedSetup();
+} catch (error: any) {
+  if (error.message.includes('trusted setup is already loaded')) {
+    // NB: The c-kzg lib has no way of checking whether the setup is loaded or not,
+    // and it throws an error if it's already loaded, even though nothing is wrong.
+    // This is a rudimentary way of ensuring we load the trusted setup if we need it.
+  } else {
+    throw new Error(error);
+  }
+}

package/src/interface.ts

@@ -0,0 +1,11 @@
+/**
+ * The relevant parts of a response from https://ethereum.github.io/beacon-APIs/?urls.primaryName=dev#/Beacon/getBlobSidecars
+ */
+export interface BlobJson {
+  blob: string;
+  index?: number;
+  // eslint-disable-next-line camelcase
+  kzg_commitment: string;
+  // eslint-disable-next-line camelcase
+  kzg_proof: string;
+}

package/src/mocks.ts

@@ -0,0 +1,48 @@
+import { toBufferBE } from '@aztec/foundation/bigint-buffer';
+import { Fr } from '@aztec/foundation/fields';
+
+import { Blob } from './blob.js';
+import { TX_START_PREFIX, TX_START_PREFIX_BYTES_LENGTH } from './encoding.js';
+
+// TODO: copied form circuit-types tx effect
+function encodeFirstField(length: number): Fr {
+  const lengthBuf = Buffer.alloc(2);
+  lengthBuf.writeUInt16BE(length, 0);
+  return new Fr(
+    Buffer.concat([
+      toBufferBE(TX_START_PREFIX, TX_START_PREFIX_BYTES_LENGTH),
+      Buffer.alloc(1),
+      lengthBuf,
+      Buffer.alloc(1),
+      Buffer.from([1]),
+      Buffer.alloc(1),
+      Buffer.alloc(1),
+    ]),
+  );
+}
+
+/**
+ * Make an encoded blob with the given length
+ *
+ * This will deserialise correctly in the archiver
+ * @param length
+ * @returns
+ */
+export function makeEncodedBlob(length: number): Promise<Blob> {
+  return Blob.fromFields([encodeFirstField(length + 1), ...Array.from({ length: length }, () => Fr.random())]);
+}
+
+/**
+ * Make an unencoded blob with the given length
+ *
+ * This will fail deserialisation in the archiver
+ * @param length
+ * @returns
+ */
+export function makeUnencodedBlob(length: number): Promise<Blob> {
+  return Blob.fromFields([...Array.from({ length: length }, () => Fr.random())]);
+}
+
+export function makeEncodedBlobFields(fields: Fr[]): Promise<Blob> {
+  return Blob.fromFields([encodeFirstField(fields.length + 1), ...fields]);
+}