@aztec/blob-lib 4.0.0-nightly.20250907 → 4.0.0-nightly.20260107

package/dest/blob_batching.d.ts

@@ -1,119 +1,20 @@
-import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
-import { BufferReader } from '@aztec/foundation/serialize';
+import { BLS12Fr, BLS12Point } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { BatchedBlob } from './batched_blob.js';
 import { Blob } from './blob.js';
+import { BlobAccumulator, FinalBlobAccumulator, FinalBlobBatchingChallenges } from './circuit_types/index.js';
 /**
  * A class to create, manage, and prove batched EVM blobs.
- */
-export declare class BatchedBlob {
-    /** Hash of Cs (to link to L1 blob hashes). */
-    readonly blobCommitmentsHash: Fr;
-    /** Challenge point z such that p_i(z) = y_i. */
-    readonly z: Fr;
-    /** Evaluation y, linear combination of all evaluations y_i = p_i(z) with gamma. */
-    readonly y: BLS12Fr;
-    /** Commitment C, linear combination of all commitments C_i = [p_i] with gamma. */
-    readonly commitment: BLS12Point;
-    /** KZG opening 'proof' Q (commitment to the quotient poly.), linear combination of all blob kzg 'proofs' Q_i with gamma. */
-    readonly q: BLS12Point;
-    constructor(
-    /** Hash of Cs (to link to L1 blob hashes). */
-    blobCommitmentsHash: Fr, 
-    /** Challenge point z such that p_i(z) = y_i. */
-    z: Fr, 
-    /** Evaluation y, linear combination of all evaluations y_i = p_i(z) with gamma. */
-    y: BLS12Fr, 
-    /** Commitment C, linear combination of all commitments C_i = [p_i] with gamma. */
-    commitment: BLS12Point, 
-    /** KZG opening 'proof' Q (commitment to the quotient poly.), linear combination of all blob kzg 'proofs' Q_i with gamma. */
-    q: BLS12Point);
-    /**
-     * Get the final batched opening proof from multiple blobs.
-     * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
-     *      beforehand from ALL blobs.
-     *
-     * @returns A batched blob.
-     */
-    static batch(blobs: Blob[]): Promise<BatchedBlob>;
-    /**
-     * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
-     * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
-     *      beforehand from ALL blobs.
-     */
-    static newAccumulator(blobs: Blob[]): Promise<BatchedBlobAccumulator>;
-    /**
-     * Gets the final challenges based on all blobs and their elements to perform a multi opening proof.
-     * Used in BatchedBlobAccumulator as 'finalZ' and finalGamma':
-     *  - z = H(...H(H(z_0, z_1) z_2)..z_n)
-     *    - where z_i = H(H(fields of blob_i), C_i) = Blob.challengeZ,
-     *    - used such that p_i(z) = y_i = Blob.evaluationY for all n blob polynomials p_i().
-     *  - gamma = H(H(...H(H(y_0, y_1) y_2)..y_n), z)
-     *    - used such that y = sum_i { gamma^i * y_i }, and C = sum_i { gamma^i * C_i }, for all blob evaluations y_i (see above) and commitments C_i.
-     * @returns Challenges z and gamma.
-     */
-    static precomputeBatchedBlobChallenges(blobs: Blob[]): Promise<FinalBlobBatchingChallenges>;
-    static precomputeEmptyBatchedBlobChallenges(): Promise<FinalBlobBatchingChallenges>;
-    getEthVersionedBlobHash(): Buffer;
-    static getEthVersionedBlobHash(commitment: Buffer): Buffer;
-    /**
-     * Returns a proof of opening of the blobs to verify on L1 using the point evaluation precompile:
-     *
-     * input[:32]     - versioned_hash
-     * input[32:64]   - z
-     * input[64:96]   - y
-     * input[96:144]  - commitment C
-     * input[144:192] - commitment Q (a 'proof' committing to the quotient polynomial q(X))
-     *
-     * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
-     */
-    getEthBlobEvaluationInputs(): `0x${string}`;
-}
-/**
- * Final values z and gamma are injected into each block root circuit. We ensure they are correct by:
- * - Checking equality in each block merge circuit and propagating up
- * - Checking final z_acc == z in root circuit
- * - Checking final gamma_acc == gamma in root circuit
- *
- *  - z = H(...H(H(z_0, z_1) z_2)..z_n)
- *    - where z_i = H(H(fields of blob_i), C_i),
- *    - used such that p_i(z) = y_i = Blob.evaluationY for all n blob polynomials p_i().
- *  - gamma = H(H(...H(H(y_0, y_1) y_2)..y_n), z)
- *    - used such that y = sum_i { gamma^i * y_i }, and C = sum_i { gamma^i * C_i }
- *      for all blob evaluations y_i (see above) and commitments C_i.
- *
- * Iteratively calculated by BlobAccumulatorPublicInputs.accumulate() in nr. See also precomputeBatchedBlobChallenges() above.
- */
-export declare class FinalBlobBatchingChallenges {
-    readonly z: Fr;
-    readonly gamma: BLS12Fr;
-    constructor(z: Fr, gamma: BLS12Fr);
-    equals(other: FinalBlobBatchingChallenges): boolean;
-    static empty(): FinalBlobBatchingChallenges;
-    static fromBuffer(buffer: Buffer | BufferReader): FinalBlobBatchingChallenges;
-    toBuffer(): Buffer<ArrayBufferLike>;
-}
-/**
- * See noir-projects/noir-protocol-circuits/crates/blob/src/blob_batching_public_inputs.nr -> BlobAccumulatorPublicInputs
+ * See noir-projects/noir-protocol-circuits/crates/blob/src/abis/blob_accumulator.nr
  */
 export declare class BatchedBlobAccumulator {
-    /** Hash of Cs (to link to L1 blob hashes). */
     readonly blobCommitmentsHashAcc: Fr;
-    /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */
     readonly zAcc: Fr;
-    /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */
     readonly yAcc: BLS12Fr;
-    /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */
     readonly cAcc: BLS12Point;
-    /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */
     readonly qAcc: BLS12Point;
-    /**
-     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
-     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
-     * as a BLS12Fr field elt. Is this safe? Is there a skew?
-     */
     readonly gammaAcc: Fr;
-    /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */
     readonly gammaPow: BLS12Fr;
-    /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */
     readonly finalBlobChallenges: FinalBlobBatchingChallenges;
     constructor(
     /** Hash of Cs (to link to L1 blob hashes). */
@@ -136,38 +37,51 @@ export declare class BatchedBlobAccumulator {
     gammaPow: BLS12Fr, 
     /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */
     finalBlobChallenges: FinalBlobBatchingChallenges);
-    /**
-     * Init the first accumulation state of the epoch.
-     * We assume the input blob has not been evaluated at z.
-     *
-     * First state of the accumulator:
-     * - v_acc := sha256(C_0)
-     * - z_acc := z_0
-     * - y_acc := gamma^0 * y_0 = y_0
-     * - c_acc := gamma^0 * c_0 = c_0
-     * - gamma_acc := poseidon2(y_0.limbs)
-     * - gamma^(i + 1) = gamma^1 = gamma // denoted gamma_pow_acc
-     *
-     * @returns An initial blob accumulator.
-     */
-    static initialize(blob: Blob, finalBlobChallenges: FinalBlobBatchingChallenges): Promise<BatchedBlobAccumulator>;
     /**
      * Create the empty accumulation state of the epoch.
      * @returns An empty blob accumulator with challenges.
      */
     static newWithChallenges(finalBlobChallenges: FinalBlobBatchingChallenges): BatchedBlobAccumulator;
+    /**
+     * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
+     * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
+     *      beforehand from ALL blobs.
+     */
+    static fromBlobFields(blobFieldsPerCheckpoint: Fr[][]): Promise<BatchedBlobAccumulator>;
+    /**
+     * Get the final batched opening proof from multiple blobs.
+     * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
+     *      beforehand from ALL blobs.
+     *
+     * @returns A batched blob.
+     */
+    static batch(blobFieldsPerCheckpoint: Fr[][], verifyProof?: boolean): Promise<BatchedBlob>;
+    /**
+     * Gets the final challenges based on all blobs and their elements to perform a multi opening proof.
+     * Used in BatchedBlobAccumulator as 'finalZ' and finalGamma':
+     *  - z = H(...H(H(z_0, z_1) z_2)..z_n)
+     *    - where z_i = H(H(fields of blob_i), C_i) = Blob.challengeZ,
+     *    - used such that p_i(z) = y_i = Blob.evaluationY for all n blob polynomials p_i().
+     *  - gamma = H(H(...H(H(y_0, y_1) y_2)..y_n), z)
+     *    - used such that y = sum_i { gamma^i * y_i }, and C = sum_i { gamma^i * C_i }, for all blob evaluations y_i (see above) and commitments C_i.
+     *
+     * @param blobs - The blobs to precompute the challenges for. Each sub-array is the blobs for an L1 block.
+     * @returns Challenges z and gamma.
+     */
+    static precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint: Fr[][]): Promise<FinalBlobBatchingChallenges>;
     /**
      * Given blob i, accumulate all state.
      * We assume the input blob has not been evaluated at z.
      * @returns An updated blob accumulator.
      */
-    accumulate(blob: Blob): Promise<BatchedBlobAccumulator>;
+    accumulateBlob(blob: Blob, blobFieldsHash: Fr): Promise<BatchedBlobAccumulator>;
     /**
      * Given blobs, accumulate all state.
      * We assume the input blobs have not been evaluated at z.
+     * @param blobFields - The blob fields of a checkpoint to accumulate.
      * @returns An updated blob accumulator.
      */
-    accumulateBlobs(blobs: Blob[]): Promise<BatchedBlobAccumulator>;
+    accumulateFields(blobFields: Fr[]): Promise<BatchedBlobAccumulator>;
     /**
      * Finalize accumulation state of the epoch.
      * We assume ALL blobs in the epoch have been accumulated.
@@ -179,10 +93,14 @@ export declare class BatchedBlobAccumulator {
      * - c := c_acc (final commitment to be checked on L1)
      * - gamma := poseidon2(gamma_acc, z) (challenge for linear combination of y and C, above)
      *
+     * @param verifyProof - Whether to verify the KZG proof.
      * @returns A batched blob.
      */
-    finalize(): Promise<BatchedBlob>;
+    finalize(verifyProof?: boolean): Promise<BatchedBlob>;
+    verify(): boolean;
     isEmptyState(): boolean;
     clone(): BatchedBlobAccumulator;
+    toBlobAccumulator(): BlobAccumulator;
+    toFinalBlobAccumulator(): FinalBlobAccumulator;
 }
-//# sourceMappingURL=blob_batching.d.ts.map
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmxvYl9iYXRjaGluZy5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2Jsb2JfYmF0Y2hpbmcudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBR0EsT0FBTyxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUNyRSxPQUFPLEVBQUUsRUFBRSxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFFcEQsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2hELE9BQU8sRUFBRSxJQUFJLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFFakMsT0FBTyxFQUFFLGVBQWUsRUFBRSxvQkFBb0IsRUFBRSwyQkFBMkIsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBSTlHOzs7R0FHRztBQUNILHFCQUFhLHNCQUFzQjthQUdmLHNCQUFzQixFQUFFLEVBQUU7YUFFMUIsSUFBSSxFQUFFLEVBQUU7YUFFUixJQUFJLEVBQUUsT0FBTzthQUViLElBQUksRUFBRSxVQUFVO2FBRWhCLElBQUksRUFBRSxVQUFVO2FBTWhCLFFBQVEsRUFBRSxFQUFFO2FBRVosUUFBUSxFQUFFLE9BQU87YUFFakIsbUJBQW1CLEVBQUUsMkJBQTJCO0lBcEJsRTtJQUNFLDhDQUE4QztJQUM5QixzQkFBc0IsRUFBRSxFQUFFO0lBQzFDLHNFQUFzRTtJQUN0RCxJQUFJLEVBQUUsRUFBRTtJQUN4Qix5R0FBeUc7SUFDekYsSUFBSSxFQUFFLE9BQU87SUFDN0IscUdBQXFHO0lBQ3JGLElBQUksRUFBRSxVQUFVO0lBQ2hDLG9HQUFvRztJQUNwRixJQUFJLEVBQUUsVUFBVTtJQUNoQzs7OztPQUlHO0lBQ2EsUUFBUSxFQUFFLEVBQUU7SUFDNUIsdUdBQXVHO0lBQ3ZGLFFBQVEsRUFBRSxPQUFPO0lBQ2pDLG9HQUFvRztJQUNwRixtQkFBbUIsRUFBRSwyQkFBMkIsRUFDOUQ7SUFFSjs7O09BR0c7SUFDSCxNQUFNLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLEVBQUUsMkJBQTJCLEdBQUcsc0JBQXNCLENBV2pHO0lBRUQ7Ozs7T0FJRztJQUNILE9BQWEsY0FBYyxDQUFDLHVCQUF1QixFQUFFLEVBQUUsRUFBRSxFQUFFLEdBQUcsT0FBTyxDQUFDLHNCQUFzQixDQUFDLENBRzVGO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsT0FBYSxLQUFLLENBQUMsdUJBQXVCLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxXQUFXLFVBQVEsR0FBRyxPQUFPLENBQUMsV0FBVyxDQUFDLENBZTdGO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSCxPQUFhLCtCQUErQixDQUFDLHVCQUF1QixFQUFFLEVBQUUsRUFBRSxFQUFFLEdBQUcsT0FBTyxDQUFDLDJCQUEyQixDQUFDLENBbUNsSDtJQUVEOzs7O09BSUc7SUFDRyxjQUFjLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsRUFBRSxtQ0F1Q2xEO0lBRUQ7Ozs7O09BS0c7SUFDRyxnQkFBZ0IsQ0FBQyxVQUFVLEVBQUUsRUFBRSxFQUFFLG1DQWtCdEM7SUFFRDs7Ozs7Ozs7Ozs7OztPQWFHO0lBQ0csUUFBUSxDQUFDLFdBQVcsVUFBUSxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FzQnhEO0lBRUQsTUFBTSxZQU9MO0lBRUQsWUFBWSxZQVVYO0lBRUQsS0FBSywyQkFXSjtJQUVELGlCQUFpQixvQkFTaEI7SUFFRCxzQkFBc0IseUJBRXJCO0NBQ0YifQ==

package/dest/blob_batching.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"blob_batching.d.ts","sourceRoot":"","sources":["../src/blob_batching.ts"],"names":[],"mappings":"AAEA,OAAO,EAAc,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,0BAA0B,CAAC;AAC/E,OAAO,EAAE,YAAY,EAAqB,MAAM,6BAA6B,CAAC;AAK9E,OAAO,EAAE,IAAI,EAA8B,MAAM,WAAW,CAAC;AAI7D;;GAEG;AACH,qBAAa,WAAW;IAEpB,8CAA8C;aAC9B,mBAAmB,EAAE,EAAE;IACvC,gDAAgD;aAChC,CAAC,EAAE,EAAE;IACrB,mFAAmF;aACnE,CAAC,EAAE,OAAO;IAC1B,kFAAkF;aAClE,UAAU,EAAE,UAAU;IACtC,4HAA4H;aAC5G,CAAC,EAAE,UAAU;;IAT7B,8CAA8C;IAC9B,mBAAmB,EAAE,EAAE;IACvC,gDAAgD;IAChC,CAAC,EAAE,EAAE;IACrB,mFAAmF;IACnE,CAAC,EAAE,OAAO;IAC1B,kFAAkF;IAClE,UAAU,EAAE,UAAU;IACtC,4HAA4H;IAC5G,CAAC,EAAE,UAAU;IAG/B;;;;;;OAMG;WACU,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IAcvD;;;;OAIG;WACU,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAK3E;;;;;;;;;OASG;WACU,+BAA+B,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,2BAA2B,CAAC;WAqBpF,oCAAoC,IAAI,OAAO,CAAC,2BAA2B,CAAC;IAezF,uBAAuB,IAAI,MAAM;IAMjC,MAAM,CAAC,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAM1D;;;;;;;;;;OAUG;IACH,0BAA0B,IAAI,KAAK,MAAM,EAAE;CAU5C;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,2BAA2B;aAEpB,CAAC,EAAE,EAAE;aACL,KAAK,EAAE,OAAO;gBADd,CAAC,EAAE,EAAE,EACL,KAAK,EAAE,OAAO;IAGhC,MAAM,CAAC,KAAK,EAAE,2BAA2B;IAIzC,MAAM,CAAC,KAAK,IAAI,2BAA2B;IAI3C,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,GAAG,2BAA2B;IAK7E,QAAQ;CAGT;AAED;;GAEG;AACH,qBAAa,sBAAsB;IAE/B,8CAA8C;aAC9B,sBAAsB,EAAE,EAAE;IAC1C,sEAAsE;aACtD,IAAI,EAAE,EAAE;IACxB,yGAAyG;aACzF,IAAI,EAAE,OAAO;IAC7B,qGAAqG;aACrF,IAAI,EAAE,UAAU;IAChC,oGAAoG;aACpF,IAAI,EAAE,UAAU;IAChC;;;;OAIG;aACa,QAAQ,EAAE,EAAE;IAC5B,uGAAuG;aACvF,QAAQ,EAAE,OAAO;IACjC,oGAAoG;aACpF,mBAAmB,EAAE,2BAA2B;;IAnBhE,8CAA8C;IAC9B,sBAAsB,EAAE,EAAE;IAC1C,sEAAsE;IACtD,IAAI,EAAE,EAAE;IACxB,yGAAyG;IACzF,IAAI,EAAE,OAAO;IAC7B,qGAAqG;IACrF,IAAI,EAAE,UAAU;IAChC,oGAAoG;IACpF,IAAI,EAAE,UAAU;IAChC;;;;OAIG;IACa,QAAQ,EAAE,EAAE;IAC5B,uGAAuG;IACvF,QAAQ,EAAE,OAAO;IACjC,oGAAoG;IACpF,mBAAmB,EAAE,2BAA2B;IAGlE;;;;;;;;;;;;;OAaG;WACU,UAAU,CACrB,IAAI,EAAE,IAAI,EACV,mBAAmB,EAAE,2BAA2B,GAC/C,OAAO,CAAC,sBAAsB,CAAC;IAgBlC;;;OAGG;IACH,MAAM,CAAC,iBAAiB,CAAC,mBAAmB,EAAE,2BAA2B,GAAG,sBAAsB;IAalG;;;;OAIG;IACG,UAAU,CAAC,IAAI,EAAE,IAAI;IAqB3B;;;;OAIG;IACG,eAAe,CAAC,KAAK,EAAE,IAAI,EAAE;IASnC;;;;;;;;;;;;OAYG;IACG,QAAQ,IAAI,OAAO,CAAC,WAAW,CAAC;IAqBtC,YAAY;IAYZ,KAAK;CAYN"}
+{"version":3,"file":"blob_batching.d.ts","sourceRoot":"","sources":["../src/blob_batching.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,EAAE,EAAE,MAAM,gCAAgC,CAAC;AAEpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAC;AAI9G;;;GAGG;AACH,qBAAa,sBAAsB;aAGf,sBAAsB,EAAE,EAAE;aAE1B,IAAI,EAAE,EAAE;aAER,IAAI,EAAE,OAAO;aAEb,IAAI,EAAE,UAAU;aAEhB,IAAI,EAAE,UAAU;aAMhB,QAAQ,EAAE,EAAE;aAEZ,QAAQ,EAAE,OAAO;aAEjB,mBAAmB,EAAE,2BAA2B;IApBlE;IACE,8CAA8C;IAC9B,sBAAsB,EAAE,EAAE;IAC1C,sEAAsE;IACtD,IAAI,EAAE,EAAE;IACxB,yGAAyG;IACzF,IAAI,EAAE,OAAO;IAC7B,qGAAqG;IACrF,IAAI,EAAE,UAAU;IAChC,oGAAoG;IACpF,IAAI,EAAE,UAAU;IAChC;;;;OAIG;IACa,QAAQ,EAAE,EAAE;IAC5B,uGAAuG;IACvF,QAAQ,EAAE,OAAO;IACjC,oGAAoG;IACpF,mBAAmB,EAAE,2BAA2B,EAC9D;IAEJ;;;OAGG;IACH,MAAM,CAAC,iBAAiB,CAAC,mBAAmB,EAAE,2BAA2B,GAAG,sBAAsB,CAWjG;IAED;;;;OAIG;IACH,OAAa,cAAc,CAAC,uBAAuB,EAAE,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAG5F;IAED;;;;;;OAMG;IACH,OAAa,KAAK,CAAC,uBAAuB,EAAE,EAAE,EAAE,EAAE,EAAE,WAAW,UAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,CAe7F;IAED;;;;;;;;;;;OAWG;IACH,OAAa,+BAA+B,CAAC,uBAAuB,EAAE,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAmClH;IAED;;;;OAIG;IACG,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,mCAuClD;IAED;;;;;OAKG;IACG,gBAAgB,CAAC,UAAU,EAAE,EAAE,EAAE,mCAkBtC;IAED;;;;;;;;;;;;;OAaG;IACG,QAAQ,CAAC,WAAW,UAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,CAsBxD;IAED,MAAM,YAOL;IAED,YAAY,YAUX;IAED,KAAK,2BAWJ;IAED,iBAAiB,oBAShB;IAED,sBAAsB,yBAErB;CACF"}

package/dest/blob_batching.js

@@ -1,25 +1,52 @@
-import { AZTEC_MAX_EPOCH_DURATION, BLOBS_PER_BLOCK } from '@aztec/constants';
-import { poseidon2Hash, sha256, sha256ToField } from '@aztec/foundation/crypto';
-import { BLS12Fr, BLS12Point, Fr } from '@aztec/foundation/fields';
-import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
-// Importing directly from 'c-kzg' does not work:
-import cKzg from 'c-kzg';
-import { Blob, VERSIONED_HASH_VERSION_KZG } from './blob.js';
-const { computeKzgProof, verifyKzgProof } = cKzg;
+import { AZTEC_MAX_EPOCH_DURATION, BLOBS_PER_CHECKPOINT } from '@aztec/constants';
+import { poseidon2Hash } from '@aztec/foundation/crypto/poseidon';
+import { sha256ToField } from '@aztec/foundation/crypto/sha256';
+import { BLS12Fr, BLS12Point } from '@aztec/foundation/curves/bls12';
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { BatchedBlob } from './batched_blob.js';
+import { getBlobsPerL1Block } from './blob_utils.js';
+import { BlobAccumulator, FinalBlobAccumulator, FinalBlobBatchingChallenges } from './circuit_types/index.js';
+import { computeBlobFieldsHash, hashNoirBigNumLimbs } from './hash.js';
+import { getKzg } from './kzg_context.js';
 /**
  * A class to create, manage, and prove batched EVM blobs.
- */ export class BatchedBlob {
-    blobCommitmentsHash;
-    z;
-    y;
-    commitment;
-    q;
-    constructor(/** Hash of Cs (to link to L1 blob hashes). */ blobCommitmentsHash, /** Challenge point z such that p_i(z) = y_i. */ z, /** Evaluation y, linear combination of all evaluations y_i = p_i(z) with gamma. */ y, /** Commitment C, linear combination of all commitments C_i = [p_i] with gamma. */ commitment, /** KZG opening 'proof' Q (commitment to the quotient poly.), linear combination of all blob kzg 'proofs' Q_i with gamma. */ q){
-        this.blobCommitmentsHash = blobCommitmentsHash;
-        this.z = z;
-        this.y = y;
-        this.commitment = commitment;
-        this.q = q;
+ * See noir-projects/noir-protocol-circuits/crates/blob/src/abis/blob_accumulator.nr
+ */ export class BatchedBlobAccumulator {
+    blobCommitmentsHashAcc;
+    zAcc;
+    yAcc;
+    cAcc;
+    qAcc;
+    gammaAcc;
+    gammaPow;
+    finalBlobChallenges;
+    constructor(/** Hash of Cs (to link to L1 blob hashes). */ blobCommitmentsHashAcc, /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */ zAcc, /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */ yAcc, /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */ cAcc, /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */ qAcc, /**
+     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
+     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
+     * as a BLS12Fr field elt. Is this safe? Is there a skew?
+     */ gammaAcc, /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */ gammaPow, /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */ finalBlobChallenges){
+        this.blobCommitmentsHashAcc = blobCommitmentsHashAcc;
+        this.zAcc = zAcc;
+        this.yAcc = yAcc;
+        this.cAcc = cAcc;
+        this.qAcc = qAcc;
+        this.gammaAcc = gammaAcc;
+        this.gammaPow = gammaPow;
+        this.finalBlobChallenges = finalBlobChallenges;
+    }
+    /**
+   * Create the empty accumulation state of the epoch.
+   * @returns An empty blob accumulator with challenges.
+   */ static newWithChallenges(finalBlobChallenges) {
+        return new BatchedBlobAccumulator(Fr.ZERO, Fr.ZERO, BLS12Fr.ZERO, BLS12Point.ZERO, BLS12Point.ZERO, Fr.ZERO, BLS12Fr.ZERO, finalBlobChallenges);
+    }
+    /**
+   * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
+   * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
+   *      beforehand from ALL blobs.
+   */ static async fromBlobFields(blobFieldsPerCheckpoint) {
+        const finalBlobChallenges = await this.precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint);
+        return BatchedBlobAccumulator.newWithChallenges(finalBlobChallenges);
     }
     /**
    * Get the final batched opening proof from multiple blobs.
@@ -27,24 +54,18 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
    *      beforehand from ALL blobs.
    *
    * @returns A batched blob.
-   */ static async batch(blobs) {
-        const numBlobs = blobs.length;
-        if (numBlobs > BLOBS_PER_BLOCK * AZTEC_MAX_EPOCH_DURATION) {
-            throw new Error(`Too many blobs (${numBlobs}) sent to batch(). The maximum is ${BLOBS_PER_BLOCK * AZTEC_MAX_EPOCH_DURATION}.`);
+   */ static async batch(blobFieldsPerCheckpoint, verifyProof = false) {
+        const numCheckpoints = blobFieldsPerCheckpoint.length;
+        if (numCheckpoints > AZTEC_MAX_EPOCH_DURATION) {
+            throw new Error(`Too many checkpoints sent to batch(). The maximum is ${AZTEC_MAX_EPOCH_DURATION}. Got ${numCheckpoints}.`);
         }
         // Precalculate the values (z and gamma) and initialize the accumulator:
-        let acc = await this.newAccumulator(blobs);
+        let acc = await this.fromBlobFields(blobFieldsPerCheckpoint);
         // Now we can create a multi opening proof of all input blobs:
-        acc = await acc.accumulateBlobs(blobs);
-        return await acc.finalize();
-    }
-    /**
-   * Returns an empty BatchedBlobAccumulator with precomputed challenges from all blobs in the epoch.
-   * @dev MUST input all blobs to be broadcast. Does not work in multiple calls because z and gamma are calculated
-   *      beforehand from ALL blobs.
-   */ static async newAccumulator(blobs) {
-        const finalBlobChallenges = await this.precomputeBatchedBlobChallenges(blobs);
-        return BatchedBlobAccumulator.newWithChallenges(finalBlobChallenges);
+        for (const blobFields of blobFieldsPerCheckpoint){
+            acc = await acc.accumulateFields(blobFields);
+        }
+        return await acc.finalize(verifyProof);
     }
     /**
    * Gets the final challenges based on all blobs and their elements to perform a multi opening proof.
@@ -54,27 +75,44 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
    *    - used such that p_i(z) = y_i = Blob.evaluationY for all n blob polynomials p_i().
    *  - gamma = H(H(...H(H(y_0, y_1) y_2)..y_n), z)
    *    - used such that y = sum_i { gamma^i * y_i }, and C = sum_i { gamma^i * C_i }, for all blob evaluations y_i (see above) and commitments C_i.
+   *
+   * @param blobs - The blobs to precompute the challenges for. Each sub-array is the blobs for an L1 block.
    * @returns Challenges z and gamma.
-   */ static async precomputeBatchedBlobChallenges(blobs) {
-        // We need to precompute the final challenge values to evaluate the blobs.
-        let z = blobs[0].challengeZ;
-        // We start at i = 1, because z is initialized as the first blob's challenge.
-        for(let i = 1; i < blobs.length; i++){
-            z = await poseidon2Hash([
-                z,
-                blobs[i].challengeZ
-            ]);
+   */ static async precomputeBatchedBlobChallenges(blobFieldsPerCheckpoint) {
+        // Compute the final challenge z to evaluate the blobs.
+        let z;
+        const allBlobs = [];
+        for (const blobFields of blobFieldsPerCheckpoint){
+            // Compute the hash of all the fields in the block.
+            const blobFieldsHash = await computeBlobFieldsHash(blobFields);
+            const blobs = getBlobsPerL1Block(blobFields);
+            for (const blob of blobs){
+                // Compute the challenge z for each blob and accumulate it.
+                const challengeZ = await blob.computeChallengeZ(blobFieldsHash);
+                if (!z) {
+                    z = challengeZ;
+                } else {
+                    z = await poseidon2Hash([
+                        z,
+                        challengeZ
+                    ]);
+                }
+            }
+            allBlobs.push(...blobs);
+        }
+        if (!z) {
+            throw new Error('No blobs to precompute challenges for.');
         }
         // Now we have a shared challenge for all blobs, evaluate them...
-        const proofObjects = blobs.map((b)=>computeKzgProof(b.data, z.toBuffer()));
-        const evaluations = proofObjects.map(([_, evaluation])=>BLS12Fr.fromBuffer(Buffer.from(evaluation)));
+        const proofObjects = allBlobs.map((b)=>b.evaluate(z));
+        const evaluations = await Promise.all(proofObjects.map(({ y })=>hashNoirBigNumLimbs(y)));
         // ...and find the challenge for the linear combination of blobs.
-        let gamma = await hashNoirBigNumLimbs(evaluations[0]);
+        let gamma = evaluations[0];
         // We start at i = 1, because gamma is initialized as the first blob's evaluation.
-        for(let i = 1; i < blobs.length; i++){
+        for(let i = 1; i < allBlobs.length; i++){
             gamma = await poseidon2Hash([
                 gamma,
-                await hashNoirBigNumLimbs(evaluations[i])
+                evaluations[i]
             ]);
         }
         gamma = await poseidon2Hash([
@@ -83,160 +121,36 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
         ]);
         return new FinalBlobBatchingChallenges(z, BLS12Fr.fromBN254Fr(gamma));
     }
-    static async precomputeEmptyBatchedBlobChallenges() {
-        const blobs = [
-            await Blob.fromFields([])
-        ];
-        // We need to precompute the final challenge values to evaluate the blobs.
-        const z = blobs[0].challengeZ;
-        // Now we have a shared challenge for all blobs, evaluate them...
-        const proofObjects = blobs.map((b)=>computeKzgProof(b.data, z.toBuffer()));
-        const evaluations = proofObjects.map(([_, evaluation])=>BLS12Fr.fromBuffer(Buffer.from(evaluation)));
-        // ...and find the challenge for the linear combination of blobs.
-        let gamma = await hashNoirBigNumLimbs(evaluations[0]);
-        gamma = await poseidon2Hash([
-            gamma,
-            z
-        ]);
-        return new FinalBlobBatchingChallenges(z, BLS12Fr.fromBN254Fr(gamma));
-    }
-    // Returns ethereum's versioned blob hash, following kzg_to_versioned_hash: https://eips.ethereum.org/EIPS/eip-4844#helpers
-    getEthVersionedBlobHash() {
-        const hash = sha256(this.commitment.compress());
-        hash[0] = VERSIONED_HASH_VERSION_KZG;
-        return hash;
-    }
-    static getEthVersionedBlobHash(commitment) {
-        const hash = sha256(commitment);
-        hash[0] = VERSIONED_HASH_VERSION_KZG;
-        return hash;
-    }
-    /**
-   * Returns a proof of opening of the blobs to verify on L1 using the point evaluation precompile:
-   *
-   * input[:32]     - versioned_hash
-   * input[32:64]   - z
-   * input[64:96]   - y
-   * input[96:144]  - commitment C
-   * input[144:192] - commitment Q (a 'proof' committing to the quotient polynomial q(X))
-   *
-   * See https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
-   */ getEthBlobEvaluationInputs() {
-        const buf = Buffer.concat([
-            this.getEthVersionedBlobHash(),
-            this.z.toBuffer(),
-            this.y.toBuffer(),
-            this.commitment.compress(),
-            this.q.compress()
-        ]);
-        return `0x${buf.toString('hex')}`;
-    }
-}
-/**
- * Final values z and gamma are injected into each block root circuit. We ensure they are correct by:
- * - Checking equality in each block merge circuit and propagating up
- * - Checking final z_acc == z in root circuit
- * - Checking final gamma_acc == gamma in root circuit
- *
- *  - z = H(...H(H(z_0, z_1) z_2)..z_n)
- *    - where z_i = H(H(fields of blob_i), C_i),
- *    - used such that p_i(z) = y_i = Blob.evaluationY for all n blob polynomials p_i().
- *  - gamma = H(H(...H(H(y_0, y_1) y_2)..y_n), z)
- *    - used such that y = sum_i { gamma^i * y_i }, and C = sum_i { gamma^i * C_i }
- *      for all blob evaluations y_i (see above) and commitments C_i.
- *
- * Iteratively calculated by BlobAccumulatorPublicInputs.accumulate() in nr. See also precomputeBatchedBlobChallenges() above.
- */ export class FinalBlobBatchingChallenges {
-    z;
-    gamma;
-    constructor(z, gamma){
-        this.z = z;
-        this.gamma = gamma;
-    }
-    equals(other) {
-        return this.z.equals(other.z) && this.gamma.equals(other.gamma);
-    }
-    static empty() {
-        return new FinalBlobBatchingChallenges(Fr.ZERO, BLS12Fr.ZERO);
-    }
-    static fromBuffer(buffer) {
-        const reader = BufferReader.asReader(buffer);
-        return new FinalBlobBatchingChallenges(Fr.fromBuffer(reader), reader.readObject(BLS12Fr));
-    }
-    toBuffer() {
-        return serializeToBuffer(this.z, this.gamma);
-    }
-}
-/**
- * See noir-projects/noir-protocol-circuits/crates/blob/src/blob_batching_public_inputs.nr -> BlobAccumulatorPublicInputs
- */ export class BatchedBlobAccumulator {
-    blobCommitmentsHashAcc;
-    zAcc;
-    yAcc;
-    cAcc;
-    qAcc;
-    gammaAcc;
-    gammaPow;
-    finalBlobChallenges;
-    constructor(/** Hash of Cs (to link to L1 blob hashes). */ blobCommitmentsHashAcc, /** Challenge point z_acc. Final value used such that p_i(z) = y_i. */ zAcc, /** Evaluation y_acc. Final value is is linear combination of all evaluations y_i = p_i(z) with gamma. */ yAcc, /** Commitment c_acc. Final value is linear combination of all commitments C_i = [p_i] with gamma. */ cAcc, /** KZG opening q_acc. Final value is linear combination of all blob kzg 'proofs' Q_i with gamma. */ qAcc, /**
-     * Challenge point gamma_acc for multi opening. Used with y, C, and kzg 'proof' Q above.
-     * TODO(#13608): We calculate this by hashing natively in the circuit (hence Fr representation), but it's actually used
-     * as a BLS12Fr field elt. Is this safe? Is there a skew?
-     */ gammaAcc, /** Simply gamma^(i + 1) at blob i. Used for calculating the i'th element of the above linear comb.s */ gammaPow, /** Final challenge values used in evaluation. Optimistically input and checked in the final acc. */ finalBlobChallenges){
-        this.blobCommitmentsHashAcc = blobCommitmentsHashAcc;
-        this.zAcc = zAcc;
-        this.yAcc = yAcc;
-        this.cAcc = cAcc;
-        this.qAcc = qAcc;
-        this.gammaAcc = gammaAcc;
-        this.gammaPow = gammaPow;
-        this.finalBlobChallenges = finalBlobChallenges;
-    }
-    /**
-   * Init the first accumulation state of the epoch.
-   * We assume the input blob has not been evaluated at z.
-   *
-   * First state of the accumulator:
-   * - v_acc := sha256(C_0)
-   * - z_acc := z_0
-   * - y_acc := gamma^0 * y_0 = y_0
-   * - c_acc := gamma^0 * c_0 = c_0
-   * - gamma_acc := poseidon2(y_0.limbs)
-   * - gamma^(i + 1) = gamma^1 = gamma // denoted gamma_pow_acc
-   *
-   * @returns An initial blob accumulator.
-   */ static async initialize(blob, finalBlobChallenges) {
-        const [q, evaluation] = computeKzgProof(blob.data, finalBlobChallenges.z.toBuffer());
-        const firstY = BLS12Fr.fromBuffer(Buffer.from(evaluation));
-        // Here, i = 0, so:
-        return new BatchedBlobAccumulator(sha256ToField([
-            blob.commitment
-        ]), blob.challengeZ, firstY, BLS12Point.decompress(blob.commitment), BLS12Point.decompress(Buffer.from(q)), await hashNoirBigNumLimbs(firstY), finalBlobChallenges.gamma, finalBlobChallenges);
-    }
-    /**
-   * Create the empty accumulation state of the epoch.
-   * @returns An empty blob accumulator with challenges.
-   */ static newWithChallenges(finalBlobChallenges) {
-        return new BatchedBlobAccumulator(Fr.ZERO, Fr.ZERO, BLS12Fr.ZERO, BLS12Point.ZERO, BLS12Point.ZERO, Fr.ZERO, BLS12Fr.ZERO, finalBlobChallenges);
-    }
     /**
    * Given blob i, accumulate all state.
    * We assume the input blob has not been evaluated at z.
    * @returns An updated blob accumulator.
-   */ async accumulate(blob) {
+   */ async accumulateBlob(blob, blobFieldsHash) {
+        const { proof, y: thisY } = blob.evaluate(this.finalBlobChallenges.z);
+        const thisC = BLS12Point.decompress(blob.commitment);
+        const thisQ = BLS12Point.decompress(proof);
+        const blobChallengeZ = await blob.computeChallengeZ(blobFieldsHash);
         if (this.isEmptyState()) {
-            return BatchedBlobAccumulator.initialize(blob, this.finalBlobChallenges);
+            /**
+       * Init the first accumulation state of the epoch.
+       * - v_acc := sha256(C_0)
+       * - z_acc := z_0
+       * - y_acc := gamma^0 * y_0 = y_0
+       * - c_acc := gamma^0 * c_0 = c_0
+       * - gamma_acc := poseidon2(y_0.limbs)
+       * - gamma^(i + 1) = gamma^1 = gamma // denoted gamma_pow_acc
+       */ return new BatchedBlobAccumulator(sha256ToField([
+                blob.commitment
+            ]), blobChallengeZ, thisY, thisC, thisQ, await hashNoirBigNumLimbs(thisY), this.finalBlobChallenges.gamma, this.finalBlobChallenges);
         } else {
-            const [q, evaluation] = computeKzgProof(blob.data, this.finalBlobChallenges.z.toBuffer());
-            const thisY = BLS12Fr.fromBuffer(Buffer.from(evaluation));
             // Moving from i - 1 to i, so:
             return new BatchedBlobAccumulator(sha256ToField([
                 this.blobCommitmentsHashAcc,
                 blob.commitment
             ]), await poseidon2Hash([
                 this.zAcc,
-                blob.challengeZ
-            ]), this.yAcc.add(thisY.mul(this.gammaPow)), this.cAcc.add(BLS12Point.decompress(blob.commitment).mul(this.gammaPow)), this.qAcc.add(BLS12Point.decompress(Buffer.from(q)).mul(this.gammaPow)), await poseidon2Hash([
+                blobChallengeZ
+            ]), this.yAcc.add(thisY.mul(this.gammaPow)), this.cAcc.add(thisC.mul(this.gammaPow)), this.qAcc.add(thisQ.mul(this.gammaPow)), await poseidon2Hash([
                 this.gammaAcc,
                 await hashNoirBigNumLimbs(thisY)
             ]), this.gammaPow.mul(this.finalBlobChallenges.gamma), this.finalBlobChallenges);
@@ -245,12 +159,19 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
     /**
    * Given blobs, accumulate all state.
    * We assume the input blobs have not been evaluated at z.
+   * @param blobFields - The blob fields of a checkpoint to accumulate.
    * @returns An updated blob accumulator.
-   */ async accumulateBlobs(blobs) {
+   */ async accumulateFields(blobFields) {
+        const blobs = getBlobsPerL1Block(blobFields);
+        if (blobs.length > BLOBS_PER_CHECKPOINT) {
+            throw new Error(`Too many blobs to accumulate. The maximum is ${BLOBS_PER_CHECKPOINT} per checkpoint. Got ${blobs.length}.`);
+        }
+        // Compute the hash of all the fields in the block.
+        const blobFieldsHash = await computeBlobFieldsHash(blobFields);
         // Initialize the acc to iterate over:
         let acc = this.clone();
-        for(let i = 0; i < blobs.length; i++){
-            acc = await acc.accumulate(blobs[i]);
+        for (const blob of blobs){
+            acc = await acc.accumulateBlob(blob, blobFieldsHash);
         }
         return acc;
     }
@@ -265,8 +186,9 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
    * - c := c_acc (final commitment to be checked on L1)
    * - gamma := poseidon2(gamma_acc, z) (challenge for linear combination of y and C, above)
    *
+   * @param verifyProof - Whether to verify the KZG proof.
    * @returns A batched blob.
-   */ async finalize() {
+   */ async finalize(verifyProof = false) {
         // All values in acc are final, apart from gamma := poseidon2(gammaAcc, z):
         const calculatedGamma = await poseidon2Hash([
             this.gammaAcc,
@@ -279,10 +201,14 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
         if (!calculatedGamma.equals(this.finalBlobChallenges.gamma.toBN254Fr())) {
             throw new Error(`Blob batching mismatch: accumulated gamma ${calculatedGamma} does not equal injected gamma ${this.finalBlobChallenges.gamma.toBN254Fr()}`);
         }
-        if (!verifyKzgProof(this.cAcc.compress(), this.zAcc.toBuffer(), this.yAcc.toBuffer(), this.qAcc.compress())) {
+        const batchedBlob = new BatchedBlob(this.blobCommitmentsHashAcc, this.zAcc, this.yAcc, this.cAcc, this.qAcc);
+        if (verifyProof && !this.verify()) {
             throw new Error(`KZG proof did not verify.`);
         }
-        return new BatchedBlob(this.blobCommitmentsHashAcc, this.zAcc, this.yAcc, this.cAcc, this.qAcc);
+        return batchedBlob;
+    }
+    verify() {
+        return getKzg().verifyKzgProof(this.cAcc.compress(), this.zAcc.toBuffer(), this.yAcc.toBuffer(), this.qAcc.compress());
     }
     isEmptyState() {
         return this.blobCommitmentsHashAcc.isZero() && this.zAcc.isZero() && this.yAcc.isZero() && this.cAcc.isZero() && this.qAcc.isZero() && this.gammaAcc.isZero() && this.gammaPow.isZero();
@@ -290,10 +216,10 @@ const { computeKzgProof, verifyKzgProof } = cKzg;
     clone() {
         return new BatchedBlobAccumulator(Fr.fromBuffer(this.blobCommitmentsHashAcc.toBuffer()), Fr.fromBuffer(this.zAcc.toBuffer()), BLS12Fr.fromBuffer(this.yAcc.toBuffer()), BLS12Point.fromBuffer(this.cAcc.toBuffer()), BLS12Point.fromBuffer(this.qAcc.toBuffer()), Fr.fromBuffer(this.gammaAcc.toBuffer()), BLS12Fr.fromBuffer(this.gammaPow.toBuffer()), FinalBlobBatchingChallenges.fromBuffer(this.finalBlobChallenges.toBuffer()));
     }
-}
-// To mimic the hash accumulation in the rollup circuits, here we hash
-// each u128 limb of the noir bignum struct representing the BLS field.
-async function hashNoirBigNumLimbs(field) {
-    const num = field.toNoirBigNum();
-    return await poseidon2Hash(num.limbs.map(Fr.fromHexString));
+    toBlobAccumulator() {
+        return new BlobAccumulator(this.blobCommitmentsHashAcc, this.zAcc, this.yAcc, this.cAcc, this.gammaAcc, this.gammaPow);
+    }
+    toFinalBlobAccumulator() {
+        return new FinalBlobAccumulator(this.blobCommitmentsHashAcc, this.zAcc, this.yAcc, this.cAcc);
+    }
 }