@aztec/blob-lib 3.0.0-devnet.2 → 3.0.0-devnet.2-patch.1

package/src/blob_batching.ts

@@ -1,30 +1,71 @@
-import { AZTEC_MAX_EPOCH_DURATION, BLOBS_PER_BLOCK } from '@aztec/constants';
-import { poseidon2Hash, sha256ToField } from '@aztec/foundation/crypto';
-import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
+import { AZTEC_MAX_EPOCH_DURATION, BLOBS_PER_CHECKPOINT } from '@aztec/constants';
+import { poseidon2Hash } from '@aztec/foundation/crypto/poseidon';
+import { sha256ToField } from '@aztec/foundation/crypto/sha256';
+import { BLS12Fr, BLS12Point } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
 
+import { BatchedBlob } from './batched_blob.js';
 import { Blob } from './blob.js';
-import { computeBlobFieldsHashFromBlobs } from './blob_utils.js';
+import { getBlobsPerL1Block } from './blob_utils.js';
 import { BlobAccumulator, FinalBlobAccumulator, FinalBlobBatchingChallenges } from './circuit_types/index.js';
-import { computeEthVersionedBlobHash, hashNoirBigNumLimbs } from './hash.js';
-import { kzg } from './kzg_context.js';
+import { computeBlobFieldsHash, hashNoirBigNumLimbs } from './hash.js';
+import { getKzg } from './kzg_context.js';
 
 /**
  * A class to create, manage, and prove batched EVM blobs.
+ * See noir-projects/noir-protocol-circuits/crates/blob/src/abis/blob_accumulator.nr
  */
-export class BatchedBlob {
+export class BatchedBlobAccumulator {
   constructor(
     /** Hash of Cs (to link to L1 blob hashes). */
-    public readonly blobCommitmentsHash: Fr,
-    /** Challenge point z such that p_i(z) = y_i. */
-    public readonly z: Fr,
-    /** Evaluation y, linear combination of all evaluations y_i = p_i(z) with gamma. */
-    public readonly y: BLS12Fr,
-    /** Commitment C, linear combination of all commitments C_i = [p_i] with gamma. */
-    public readonly commitment: BLS12Point,
-    /** KZG opening 'proof' Q (commitment to the quotient poly.), linear combination of all blob kzg 'proofs' Q_i with gamma. */
-    public readonly q: BLS12Point,
+    public readonly blobCommitmentsHashAcc: Fr,
+    /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */
+    public readonly zAcc: Fr,
+    /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */
+    public readonly yAcc: BLS12Fr,
+    /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */
+    public readonly cAcc: BLS12Point,
+    /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */
+    public readonly qAcc: BLS12Point,
+    /**
+     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
+     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
+     * as a BLS12Fr field elt. Is this safe? Is there a skew?
+     */
+    public readonly gammaAcc: Fr,
+    /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */
+    public readonly gammaPow: BLS12Fr,
+    /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */
+    public readonly finalBlobChallenges: FinalBlobBatchingChallenges,
   ) {}
 
+  /**
+   * Create the empty accumulation state of the epoch.
+   * @returns An empty blob accumulator with challenges.
+   */
+  static newWithChallenges(finalBlobChallenges: FinalBlobBatchingChallenges): BatchedBlobAccumulator {
+    return new BatchedBlobAccumulator(
+      Fr.ZERO,
+      Fr.ZERO,
+      BLS12Fr.ZERO,
+      BLS12Point.ZERO,
+      BLS12Point.ZERO,
+      Fr.ZERO,
+      BLS12Fr.ZERO,
+      finalBlobChallenges,
+    );
+  }
+
+  /**
+   * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
+   * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
+   *      beforehand from ALL blobs.
+   */
+  static async fromBlobFields(blobFieldsPerCheckpoint: Fr[][]): Promise<BatchedBlobAccumulator> {
+    const finalBlobChallenges = await this.precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint);
+    return BatchedBlobAccumulator.newWithChallenges(finalBlobChallenges);
+  }
+
   /**
    * Get the final batched opening proof from multiple blobs.
    * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
@@ -32,30 +73,21 @@ export class BatchedBlob {
    *
    * @returns A batched blob.
    */
-  static async batch(blobs: Blob[][]): Promise<BatchedBlob> {
-    if (blobs.length > AZTEC_MAX_EPOCH_DURATION) {
+  static async batch(blobFieldsPerCheckpoint: Fr[][], verifyProof = false): Promise<BatchedBlob> {
+    const numCheckpoints = blobFieldsPerCheckpoint.length;
+    if (numCheckpoints > AZTEC_MAX_EPOCH_DURATION) {
       throw new Error(
-        `Too many blocks sent to batch(). The maximum is ${AZTEC_MAX_EPOCH_DURATION}. Got ${blobs.length}.`,
+        `Too many checkpoints sent to batch(). The maximum is ${AZTEC_MAX_EPOCH_DURATION}. Got ${numCheckpoints}.`,
       );
     }
 
     // Precalculate the values (z and gamma) and initialize the accumulator:
-    let acc = await this.newAccumulator(blobs);
+    let acc = await this.fromBlobFields(blobFieldsPerCheckpoint);
     // Now we can create a multi opening proof of all input blobs:
-    for (const blockBlobs of blobs) {
-      acc = await acc.accumulateBlobs(blockBlobs);
+    for (const blobFields of blobFieldsPerCheckpoint) {
+      acc = await acc.accumulateFields(blobFields);
     }
-    return await acc.finalize();
-  }
-
-  /**
-   * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
-   * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
-   *      beforehand from ALL blobs.
-   */
-  static async newAccumulator(blobs: Blob[][]): Promise<BatchedBlobAccumulator> {
-    const finalBlobChallenges = await this.precomputeBatchedBlobChallenges(blobs);
-    return BatchedBlobAccumulator.newWithChallenges(finalBlobChallenges);
+    return await acc.finalize(verifyProof);
   }
 
   /**
@@ -70,13 +102,15 @@ export class BatchedBlob {
    * @param blobs - The blobs to precompute the challenges for. Each sub-array is the blobs for an L1 block.
    * @returns Challenges z and gamma.
    */
-  static async precomputeBatchedBlobChallenges(blobs: Blob[][]): Promise<FinalBlobBatchingChallenges> {
+  static async precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint: Fr[][]): Promise<FinalBlobBatchingChallenges> {
     // Compute the final challenge z to evaluate the blobs.
     let z: Fr | undefined;
-    for (const blockBlobs of blobs) {
+    const allBlobs = [];
+    for (const blobFields of blobFieldsPerCheckpoint) {
       // Compute the hash of all the fields in the block.
-      const blobFieldsHash = await computeBlobFieldsHashFromBlobs(blockBlobs);
-      for (const blob of blockBlobs) {
+      const blobFieldsHash = await computeBlobFieldsHash(blobFields);
+      const blobs = getBlobsPerL1Block(blobFields);
+      for (const blob of blobs) {
         // Compute the challenge z for each blob and accumulate it.
         const challengeZ = await blob.computeChallengeZ(blobFieldsHash);
         if (!z) {
@@ -85,13 +119,13 @@ export class BatchedBlob {
           z = await poseidon2Hash([z, challengeZ]);
         }
       }
+      allBlobs.push(...blobs);
     }
     if (!z) {
       throw new Error('No blobs to precompute challenges for.');
     }
 
     // Now we have a shared challenge for all blobs, evaluate them...
-    const allBlobs = blobs.flat();
     const proofObjects = allBlobs.map(b => b.evaluate(z));
     const evaluations = await Promise.all(proofObjects.map(({ y }) => hashNoirBigNumLimbs(y)));
     // ...and find the challenge for the linear combination of blobs.
@@ -105,92 +139,12 @@ export class BatchedBlob {
     return new FinalBlobBatchingChallenges(z, BLS12Fr.fromBN254Fr(gamma));
   }
 
-  verify() {
-    return kzg.verifyKzgProof(this.commitment.compress(), this.z.toBuffer(), this.y.toBuffer(), this.q.compress());
-  }
-
-  // Returns ethereum's versioned blob hash, following kzg_to_versioned_hash: https://eips.ethereum.org/EIPS/eip-4844#helpers
-  getEthVersionedBlobHash(): Buffer {
-    return computeEthVersionedBlobHash(this.commitment.compress());
-  }
-
-  /**
-   * Returns a proof of opening of the blobs to verify on L1 using the point evaluation precompile:
-   *
-   * input[:32]     - versioned_hash
-   * input[32:64]   - z
-   * input[64:96]   - y
-   * input[96:144]  - commitment C
-   * input[144:192] - commitment Q (a 'proof' committing to the quotient polynomial q(X))
-   *
-   * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
-   */
-  getEthBlobEvaluationInputs(): `0x${string}` {
-    const buf = Buffer.concat([
-      this.getEthVersionedBlobHash(),
-      this.z.toBuffer(),
-      this.y.toBuffer(),
-      this.commitment.compress(),
-      this.q.compress(),
-    ]);
-    return `0x${buf.toString('hex')}`;
-  }
-
-  toFinalBlobAccumulator() {
-    return new FinalBlobAccumulator(this.blobCommitmentsHash, this.z, this.y, this.commitment);
-  }
-}
-
-/**
- * See noir-projects/noir-protocol-circuits/crates/blob/src/abis/blob_accumulator.nr
- */
-export class BatchedBlobAccumulator {
-  constructor(
-    /** Hash of Cs (to link to L1 blob hashes). */
-    public readonly blobCommitmentsHashAcc: Fr,
-    /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */
-    public readonly zAcc: Fr,
-    /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */
-    public readonly yAcc: BLS12Fr,
-    /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */
-    public readonly cAcc: BLS12Point,
-    /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */
-    public readonly qAcc: BLS12Point,
-    /**
-     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
-     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
-     * as a BLS12Fr field elt. Is this safe? Is there a skew?
-     */
-    public readonly gammaAcc: Fr,
-    /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */
-    public readonly gammaPow: BLS12Fr,
-    /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */
-    public readonly finalBlobChallenges: FinalBlobBatchingChallenges,
-  ) {}
-
-  /**
-   * Create the empty accumulation state of the epoch.
-   * @returns An empty blob accumulator with challenges.
-   */
-  static newWithChallenges(finalBlobChallenges: FinalBlobBatchingChallenges): BatchedBlobAccumulator {
-    return new BatchedBlobAccumulator(
-      Fr.ZERO,
-      Fr.ZERO,
-      BLS12Fr.ZERO,
-      BLS12Point.ZERO,
-      BLS12Point.ZERO,
-      Fr.ZERO,
-      BLS12Fr.ZERO,
-      finalBlobChallenges,
-    );
-  }
-
   /**
    * Given blob i, accumulate all state.
    * We assume the input blob has not been evaluated at z.
    * @returns An updated blob accumulator.
    */
-  private async accumulate(blob: Blob, blobFieldsHash: Fr) {
+  async accumulateBlob(blob: Blob, blobFieldsHash: Fr) {
     const { proof, y: thisY } = blob.evaluate(this.finalBlobChallenges.z);
     const thisC = BLS12Point.decompress(blob.commitment);
     const thisQ = BLS12Point.decompress(proof);
@@ -234,23 +188,25 @@ export class BatchedBlobAccumulator {
   /**
    * Given blobs, accumulate all state.
    * We assume the input blobs have not been evaluated at z.
-   * @param blobs - The blobs to accumulate. They should be in the same L1 block.
+   * @param blobFields - The blob fields of a checkpoint to accumulate.
    * @returns An updated blob accumulator.
    */
-  async accumulateBlobs(blobs: Blob[]) {
-    if (blobs.length > BLOBS_PER_BLOCK) {
+  async accumulateFields(blobFields: Fr[]) {
+    const blobs = getBlobsPerL1Block(blobFields);
+
+    if (blobs.length > BLOBS_PER_CHECKPOINT) {
       throw new Error(
-        `Too many blobs to accumulate. The maximum is ${BLOBS_PER_BLOCK} per block. Got ${blobs.length}.`,
+        `Too many blobs to accumulate. The maximum is ${BLOBS_PER_CHECKPOINT} per checkpoint. Got ${blobs.length}.`,
       );
     }
 
     // Compute the hash of all the fields in the block.
-    const blobFieldsHash = await computeBlobFieldsHashFromBlobs(blobs);
+    const blobFieldsHash = await computeBlobFieldsHash(blobFields);
 
     // Initialize the acc to iterate over:
     let acc: BatchedBlobAccumulator = this.clone();
     for (const blob of blobs) {
-      acc = await acc.accumulate(blob, blobFieldsHash);
+      acc = await acc.accumulateBlob(blob, blobFieldsHash);
     }
     return acc;
   }
@@ -286,13 +242,22 @@ export class BatchedBlobAccumulator {
 
     const batchedBlob = new BatchedBlob(this.blobCommitmentsHashAcc, this.zAcc, this.yAcc, this.cAcc, this.qAcc);
 
-    if (verifyProof && !batchedBlob.verify()) {
+    if (verifyProof && !this.verify()) {
       throw new Error(`KZG proof did not verify.`);
     }
 
     return batchedBlob;
   }
 
+  verify() {
+    return getKzg().verifyKzgProof(
+      this.cAcc.compress(),
+      this.zAcc.toBuffer(),
+      this.yAcc.toBuffer(),
+      this.qAcc.compress(),
+    );
+  }
+
   isEmptyState() {
     return (
       this.blobCommitmentsHashAcc.isZero() &&

package/src/blob_utils.ts

@@ -1,9 +1,11 @@
 import { FIELDS_PER_BLOB } from '@aztec/constants';
-import { BLS12Point, Fr } from '@aztec/foundation/fields';
+import { BLS12Point } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
 
+import type { BatchedBlob } from './batched_blob.js';
 import { Blob } from './blob.js';
-import { deserializeEncodedBlobToFields } from './deserialize.js';
-import { computeBlobFieldsHash, computeBlobsHash } from './hash.js';
+import { type CheckpointBlobData, decodeCheckpointBlobDataFromBuffer } from './encoding/index.js';
+import { computeBlobsHash, computeEthVersionedBlobHash } from './hash.js';
 
 /**
  * @param blobs - The blobs to emit.
@@ -40,26 +42,13 @@ export function getBlobsPerL1Block(fields: Fr[]): Blob[] {
 }
 
 /**
- * Get the fields from all blobs in the checkpoint. Ignoring the fields beyond the length specified by the
- * checkpoint prefix (the first field).
- *
- * @param blobs - The blobs to read fields from. Should be all the blobs in the L1 block proposing the checkpoint.
- * @param checkEncoding - Whether to check if the entire encoded blob fields are valid. If false, it will still check
- * the checkpoint prefix and throw if there's not enough fields.
- * @returns The fields added throughout the checkpoint.
+ * Get the encoded data from all blobs in the checkpoint.
+ * @param blobs - The blobs to read data from. Should be all the blobs for the L1 block proposing the checkpoint.
+ * @returns The encoded data of the checkpoint.
  */
-export function getBlobFieldsInCheckpoint(blobs: Blob[], checkEncoding = false): Fr[] {
-  return deserializeEncodedBlobToFields(Buffer.concat(blobs.map(b => b.data)), checkEncoding);
-}
-
-export async function computeBlobFieldsHashFromBlobs(blobs: Blob[]): Promise<Fr> {
-  const fields = blobs.map(b => b.toFields()).flat();
-  const numBlobFields = fields[0].toNumber();
-  if (numBlobFields > fields.length) {
-    throw new Error(`The prefix indicates ${numBlobFields} fields. Got ${fields.length}.`);
-  }
-
-  return await computeBlobFieldsHash(fields.slice(0, numBlobFields));
+export function decodeCheckpointBlobDataFromBlobs(blobs: Blob[]): CheckpointBlobData {
+  const buf = Buffer.concat(blobs.map(b => b.data));
+  return decodeCheckpointBlobDataFromBuffer(buf);
 }
 
 export function computeBlobsHashFromBlobs(blobs: Blob[]): Fr {
@@ -69,3 +58,25 @@ export function computeBlobsHashFromBlobs(blobs: Blob[]): Fr {
 export function getBlobCommitmentsFromBlobs(blobs: Blob[]): BLS12Point[] {
   return blobs.map(b => BLS12Point.decompress(b.commitment));
 }
+
+/**
+ * Returns a proof of opening of the blobs to verify on L1 using the point evaluation precompile:
+ *
+ * input[:32]     - versioned_hash
+ * input[32:64]   - z
+ * input[64:96]   - y
+ * input[96:144]  - commitment C
+ * input[144:192] - commitment Q (a 'proof' committing to the quotient polynomial q(X))
+ *
+ * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
+ */
+export function getEthBlobEvaluationInputs(batchedBlob: BatchedBlob): `0x${string}` {
+  const buf = Buffer.concat([
+    computeEthVersionedBlobHash(batchedBlob.commitment.compress()),
+    batchedBlob.z.toBuffer(),
+    batchedBlob.y.toBuffer(),
+    batchedBlob.commitment.compress(),
+    batchedBlob.q.compress(),
+  ]);
+  return `0x${buf.toString('hex')}`;
+}

package/src/circuit_types/blob_accumulator.ts

@@ -1,5 +1,6 @@
 import { BLS12_FQ_LIMBS, BLS12_FR_LIMBS } from '@aztec/constants';
-import { BLS12Fq, BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
+import { BLS12Fq, BLS12Fr, BLS12Point } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
 import { BufferReader, FieldReader, serializeToBuffer } from '@aztec/foundation/serialize';
 
 /**
@@ -81,4 +82,15 @@ export class BlobAccumulator {
       BLS12Fr.fromNoirBigNum({ limbs: reader.readFieldArray(BLS12_FR_LIMBS).map(f => f.toString()) }),
     );
   }
+
+  static random() {
+    return new BlobAccumulator(
+      Fr.random(),
+      Fr.random(),
+      BLS12Fr.random(),
+      BLS12Point.random(),
+      Fr.random(),
+      BLS12Fr.random(),
+    );
+  }
 }

package/src/circuit_types/final_blob_accumulator.ts

@@ -1,4 +1,5 @@
-import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
+import { BLS12Fr, BLS12Point } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
 import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
 
 import { inspect } from 'util';

package/src/circuit_types/final_blob_batching_challenges.ts

@@ -1,4 +1,5 @@
-import { BLS12Fr, Fr } from '@aztec/foundation/fields';
+import { BLS12Fr } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
 import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
 
 /**

package/src/encoding/block_blob_data.ts

@@ -0,0 +1,102 @@
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { FieldReader } from '@aztec/foundation/serialize';
+
+import { BlobDeserializationError } from '../errors.js';
+import {
+  type BlockEndMarker,
+  decodeBlockEndMarker,
+  encodeBlockEndMarker,
+  isBlockEndMarker,
+} from './block_end_marker.js';
+import {
+  type BlockEndStateField,
+  decodeBlockEndStateField,
+  encodeBlockEndStateField,
+} from './block_end_state_field.js';
+import { type TxBlobData, decodeTxBlobData, encodeTxBlobData } from './tx_blob_data.js';
+
+// Must match the implementation in `noir-protocol-circuits/crates/types/src/blob_data/block_blob_data.nr`.
+
+export interface BlockEndBlobData {
+  blockEndMarker: BlockEndMarker;
+  blockEndStateField: BlockEndStateField;
+  lastArchiveRoot: Fr;
+  noteHashRoot: Fr;
+  nullifierRoot: Fr;
+  publicDataRoot: Fr;
+  l1ToL2MessageRoot: Fr | undefined;
+}
+
+export interface BlockBlobData extends BlockEndBlobData {
+  txs: TxBlobData[];
+}
+
+export function encodeBlockEndBlobData(blockEndBlobData: BlockEndBlobData): Fr[] {
+  return [
+    encodeBlockEndMarker(blockEndBlobData.blockEndMarker),
+    encodeBlockEndStateField(blockEndBlobData.blockEndStateField),
+    blockEndBlobData.lastArchiveRoot,
+    blockEndBlobData.noteHashRoot,
+    blockEndBlobData.nullifierRoot,
+    blockEndBlobData.publicDataRoot,
+    ...(blockEndBlobData.l1ToL2MessageRoot ? [blockEndBlobData.l1ToL2MessageRoot] : []),
+  ];
+}
+
+export function decodeBlockEndBlobData(fields: Fr[] | FieldReader, isFirstBlock: boolean): BlockEndBlobData {
+  const reader = FieldReader.asReader(fields);
+
+  const numBlockEndData = isFirstBlock ? 7 : 6;
+  if (numBlockEndData > reader.remainingFields()) {
+    throw new BlobDeserializationError(
+      `Incorrect encoding of blob fields: not enough fields for block end data. Expected ${numBlockEndData} fields, only ${reader.remainingFields()} remaining.`,
+    );
+  }
+
+  return {
+    blockEndMarker: decodeBlockEndMarker(reader.readField()),
+    blockEndStateField: decodeBlockEndStateField(reader.readField()),
+    lastArchiveRoot: reader.readField(),
+    noteHashRoot: reader.readField(),
+    nullifierRoot: reader.readField(),
+    publicDataRoot: reader.readField(),
+    l1ToL2MessageRoot: isFirstBlock ? reader.readField() : undefined,
+  };
+}
+
+export function encodeBlockBlobData(blockBlobData: BlockBlobData): Fr[] {
+  return [...blockBlobData.txs.map(tx => encodeTxBlobData(tx)).flat(), ...encodeBlockEndBlobData(blockBlobData)];
+}
+
+export function decodeBlockBlobData(fields: Fr[] | FieldReader, isFirstBlock: boolean): BlockBlobData {
+  const reader = FieldReader.asReader(fields);
+
+  const txs: TxBlobData[] = [];
+  let hasReachedBlockEnd = false;
+  while (!hasReachedBlockEnd) {
+    if (reader.isFinished()) {
+      throw new BlobDeserializationError(`Incorrect encoding of blob fields: not enough fields for block end marker.`);
+    }
+
+    const currentField = reader.peekField();
+    if (isBlockEndMarker(currentField)) {
+      hasReachedBlockEnd = true;
+    } else {
+      txs.push(decodeTxBlobData(reader));
+    }
+  }
+
+  const blockEndBlobData = decodeBlockEndBlobData(reader, isFirstBlock);
+
+  const blockEndMarker = blockEndBlobData.blockEndMarker;
+  if (blockEndMarker.numTxs !== txs.length) {
+    throw new BlobDeserializationError(
+      `Incorrect encoding of blob fields: expected ${blockEndMarker.numTxs} txs, but got ${txs.length}.`,
+    );
+  }
+
+  return {
+    txs,
+    ...blockEndBlobData,
+  };
+}

package/src/encoding/block_end_marker.ts

@@ -0,0 +1,55 @@
+import { BLOCK_END_PREFIX } from '@aztec/constants';
+import { BlockNumber } from '@aztec/foundation/branded-types';
+import { Fr } from '@aztec/foundation/curves/bn254';
+
+import { BlobDeserializationError } from '../errors.js';
+
+// Must match the implementation in `noir-protocol-circuits/crates/types/src/blob_data/block_blob_data.nr`.
+
+const BLOCK_NUMBER_BIT_SIZE = 32n;
+const TIMESTAMP_BIT_SIZE = 64n;
+const NUM_TXS_BIT_SIZE = 16n;
+
+export interface BlockEndMarker {
+  timestamp: bigint;
+  blockNumber: BlockNumber;
+  numTxs: number;
+}
+
+export function encodeBlockEndMarker(blockEndMarker: BlockEndMarker) {
+  let value = BLOCK_END_PREFIX;
+  value <<= TIMESTAMP_BIT_SIZE;
+  value += blockEndMarker.timestamp;
+  value <<= BLOCK_NUMBER_BIT_SIZE;
+  value += BigInt(blockEndMarker.blockNumber);
+  value <<= NUM_TXS_BIT_SIZE;
+  value += BigInt(blockEndMarker.numTxs);
+  return new Fr(value);
+}
+
+export function decodeBlockEndMarker(field: Fr): BlockEndMarker {
+  let value = field.toBigInt();
+  const numTxs = Number(value & (2n ** NUM_TXS_BIT_SIZE - 1n));
+  value >>= NUM_TXS_BIT_SIZE;
+  const blockNumber = BlockNumber(Number(value & (2n ** BLOCK_NUMBER_BIT_SIZE - 1n)));
+  value >>= BLOCK_NUMBER_BIT_SIZE;
+  const timestamp = value & (2n ** TIMESTAMP_BIT_SIZE - 1n);
+  value >>= TIMESTAMP_BIT_SIZE;
+
+  const prefix = value;
+  if (prefix !== BLOCK_END_PREFIX) {
+    throw new BlobDeserializationError(`Incorrect encoding of blob fields: invalid block end marker.`);
+  }
+
+  return {
+    blockNumber,
+    timestamp,
+    numTxs,
+  };
+}
+
+// Check if a field is a block end marker. Used before decoding to check if it has reached the end of the block.
+export function isBlockEndMarker(field: Fr): boolean {
+  const prefix = field.toBigInt() >> (NUM_TXS_BIT_SIZE + BLOCK_NUMBER_BIT_SIZE + TIMESTAMP_BIT_SIZE);
+  return prefix === BLOCK_END_PREFIX;
+}

package/src/encoding/block_end_state_field.ts

@@ -0,0 +1,59 @@
+import {
+  L1_TO_L2_MSG_TREE_HEIGHT,
+  NOTE_HASH_TREE_HEIGHT,
+  NULLIFIER_TREE_HEIGHT,
+  PUBLIC_DATA_TREE_HEIGHT,
+} from '@aztec/constants';
+import { Fr } from '@aztec/foundation/curves/bn254';
+
+import { BlobDeserializationError } from '../errors.js';
+
+// Must match the implementation in `noir-protocol-circuits/crates/types/src/blob_data/block_blob_data.nr`.
+
+export const TOTAL_MANA_USED_BIT_SIZE = 48n;
+
+export interface BlockEndStateField {
+  l1ToL2MessageNextAvailableLeafIndex: number;
+  noteHashNextAvailableLeafIndex: number;
+  nullifierNextAvailableLeafIndex: number;
+  publicDataNextAvailableLeafIndex: number;
+  totalManaUsed: bigint;
+}
+
+export function encodeBlockEndStateField(blockEndStateField: BlockEndStateField) {
+  let value = BigInt(blockEndStateField.l1ToL2MessageNextAvailableLeafIndex);
+  value <<= BigInt(NOTE_HASH_TREE_HEIGHT);
+  value += BigInt(blockEndStateField.noteHashNextAvailableLeafIndex);
+  value <<= BigInt(NULLIFIER_TREE_HEIGHT);
+  value += BigInt(blockEndStateField.nullifierNextAvailableLeafIndex);
+  value <<= BigInt(PUBLIC_DATA_TREE_HEIGHT);
+  value += BigInt(blockEndStateField.publicDataNextAvailableLeafIndex);
+  value <<= BigInt(TOTAL_MANA_USED_BIT_SIZE);
+  value += BigInt(blockEndStateField.totalManaUsed);
+  return new Fr(value);
+}
+
+export function decodeBlockEndStateField(field: Fr): BlockEndStateField {
+  let value = field.toBigInt();
+  const totalManaUsed = value & (2n ** TOTAL_MANA_USED_BIT_SIZE - 1n);
+  value >>= TOTAL_MANA_USED_BIT_SIZE;
+  const publicDataNextAvailableLeafIndex = Number(value & (2n ** BigInt(PUBLIC_DATA_TREE_HEIGHT) - 1n));
+  value >>= BigInt(PUBLIC_DATA_TREE_HEIGHT);
+  const nullifierNextAvailableLeafIndex = Number(value & (2n ** BigInt(NULLIFIER_TREE_HEIGHT) - 1n));
+  value >>= BigInt(NULLIFIER_TREE_HEIGHT);
+  const noteHashNextAvailableLeafIndex = Number(value & (2n ** BigInt(NOTE_HASH_TREE_HEIGHT) - 1n));
+  value >>= BigInt(NOTE_HASH_TREE_HEIGHT);
+
+  if (value > 2n ** BigInt(L1_TO_L2_MSG_TREE_HEIGHT) - 1n) {
+    throw new BlobDeserializationError(`Incorrect encoding of blob fields: invalid block end state field.`);
+  }
+  const l1ToL2MessageNextAvailableLeafIndex = Number(value);
+
+  return {
+    l1ToL2MessageNextAvailableLeafIndex,
+    noteHashNextAvailableLeafIndex,
+    nullifierNextAvailableLeafIndex,
+    publicDataNextAvailableLeafIndex,
+    totalManaUsed,
+  };
+}