An NFT with Huff, using polynomials over a finite field of order the largest prime address, instead of mappings.
huffd1
is a non-fungible token implementation in Huff, where instead of ownership and approval mappings, we use polynomials
Notice the final hexadecimals, which is where the name of the project comes from. The degree of the polynomial is equal to total supply minus one, so for
Denote that ownership polynomial and approvals polynomial as
In a mapping A
we could access the value stored at t
as A[t]
. Now, with a polynomial
We treat the polynomial as an interpolation over many Lagrange basis polynomials
To update
Note that since we are operating over a finite-field, multiplications will use MULMOD
and additions will use ADDMOD
. ALso note that
The basis polynomials are computed before deploying the contract, and are stored within the contract bytecode. We have a Sage script that can export the basis polynomials, one for each token id, as a codetable where the coefficients of each polynomial are concatenated.
// basis polynomials coefficients
#define table Basis {
// 0x...
}
// number of tokens
#define constant TOTAL_SUPPLY = 0xa // 10 tokens
// number of bytes per coefficient
#define constant COEFF_SIZE = 0x14 // 20 bytes
// order of the finite field
#define constant ORDER = 0xffffffffffffffffffffffffffffffffffffffd1
Using these, we can load polynomials from the code table.
The codetable grows pretty large for 20-byte coefficient size, and may easily get past the 24KB maximum contract size. To be more specific, for coefficient size
S
and total supplyN
, you will haveN
polynomials withN
coefficients each, withS
bytes per coefficient, resulting in total number of bytes ofN * N * S
.
We use Horner's method to efficiently evaluate our polynomial. With this method, instead of:
we do:
which also plays nicely with the reverse coefficient form that we use to store the polynomials.
huffd1
implements the following methods:
-
name
: returns the string"Huffd1"
. -
symbol
: returns the string"FFD1"
. -
ownerOf
: evaluates$B[X]$ at the given token idt
. -
balanceOf
: evaluates$B[X]$ over all token ids, counting the matching addresses along the way (beware of gas). -
transfer
: updates$B[X]$ with the new address. -
transferFrom
: updates$B[X]$ with the new address. -
approve
: updates$A[X]$ with the new address. -
getApproved
: evaluates$A[X]$ at the given token idt
.
It also includes ownership stuff in Owned.huff
imported from Huffmate. Polynomial operations are implemented under Polynomial.huff
.
You can use the following commands for testing.
# run all tests
forge t -vvv
# run a specific test
forge t -vvv --mc Polynomial
forge t -vvv --mc Huffd1
I use -vvv
to see reverts in detail.
The stack comments are written in reverse order:
opcode // [top-N, ..., top-1, top] pop // [top-N, ..., top-1] 0x01 // [top-N, ..., top-1, 0x01]unlike the usual order described in the Style Guide.
-
This project was done for the Huff hackathon!
-
We could also use
$p = 2^{160} + 7$ , but I wanted all coefficients to be strictly 160-bits, which is not the case with that prime. In fact, the concept works for any prime order, but we would like to use an order that can fit almost all the addresses while being as large as an address. -
Maybe use foundry FFI to generate the basis polynomials during contract creation?