@crisp-e3/contracts 0.0.1-test

package/LICENSE.md

@@ -0,0 +1,165 @@
+GNU LESSER GENERAL PUBLIC LICENSE
+                      Version 3, 29 June 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+Everyone is permitted to copy and distribute verbatim copies
+of this license document, but changing it is not allowed.
+
+
+ This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+ 0. Additional Definitions.
+
+ As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+ "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+ An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+ A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+ The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+ The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+ 1. Exception to Section 3 of the GNU GPL.
+
+ You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+ 2. Conveying Modified Versions.
+
+ If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+  a) under this License, provided that you make a good faith effort to
+  ensure that, in the event an Application does not supply the
+  function or data, the facility still operates, and performs
+  whatever part of its purpose remains meaningful, or
+
+  b) under the GNU GPL, with none of the additional permissions of
+  this License applicable to that copy.
+
+ 3. Object Code Incorporating Material from Library Header Files.
+
+ The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+  a) Give prominent notice with each copy of the object code that the
+  Library is used in it and that the Library and its use are
+  covered by this License.
+
+  b) Accompany the object code with a copy of the GNU GPL and this license
+  document.
+
+ 4. Combined Works.
+
+ You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+  a) Give prominent notice with each copy of the Combined Work that
+  the Library is used in it and that the Library and its use are
+  covered by this License.
+
+  b) Accompany the Combined Work with a copy of the GNU GPL and this license
+  document.
+
+  c) For a Combined Work that displays copyright notices during
+  execution, include the copyright notice for the Library among
+  these notices, as well as a reference directing the user to the
+  copies of the GNU GPL and this license document.
+
+  d) Do one of the following:
+
+      0) Convey the Minimal Corresponding Source under the terms of this
+      License, and the Corresponding Application Code in a form
+      suitable for, and under terms that permit, the user to
+      recombine or relink the Application with a modified version of
+      the Linked Version to produce a modified Combined Work, in the
+      manner specified by section 6 of the GNU GPL for conveying
+      Corresponding Source.
+
+      1) Use a suitable shared library mechanism for linking with the
+      Library.  A suitable mechanism is one that (a) uses at run time
+      a copy of the Library already present on the user's computer
+      system, and (b) will operate properly with a modified version
+      of the Library that is interface-compatible with the Linked
+      Version.
+
+  e) Provide Installation Information, but only if you would otherwise
+  be required to provide such information under section 6 of the
+  GNU GPL, and only to the extent that such information is
+  necessary to install and execute a modified version of the
+  Combined Work produced by recombining or relinking the
+  Application with a modified version of the Linked Version. (If
+  you use option 4d0, the Installation Information must accompany
+  the Minimal Corresponding Source and Corresponding Application
+  Code. If you use option 4d1, you must provide the Installation
+  Information in the manner specified by section 6 of the GNU GPL
+  for conveying Corresponding Source.)
+
+ 5. Combined Libraries.
+
+ You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+  a) Accompany the combined library with a copy of the same work based
+  on the Library, uncombined with any other library facilities,
+  conveyed under the terms of this License.
+
+  b) Give prominent notice with the combined library that part of it
+  is a work based on the Library, and explaining where to find the
+  accompanying uncombined form of the same work.
+
+ 6. Revised Versions of the GNU Lesser General Public License.
+
+ The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+ If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

package/README.md

@@ -0,0 +1,21 @@
+# Solidity Contracts
+
+This directory contains the Solidity contracts for CRISP - Coercion-Resistant Impartial Selection Protocol.
+
+Contracts are built and tested with [forge], which is part of the [Foundry] toolkit.
+Tests are defined in the `tests` directory in the root of this template.
+
+## CRISP Program
+
+This is the main logic of CRISP - an enclave program for secure voting.
+
+It exposes two main functions:
+
+- `validate` - that is called when a new E3 instance is requested on Enclave (`Enclave.request`).
+- `verify` - that is called when the ciphertext output is published on Enclave (`Enclave.publishCiphertextOutput`). This function ensures that the ciphertext output is valid. CRISP uses Risc0 as the compute provider for running the FHE program, thus the proof will be a Risc0 proof.
+
+## Input validator
+
+The input validator contract is used to validate the input data that is submitted to the E3 instance. It is called by the Enclave contract when a new input is published (`Enclave.publishInput`). In CRISP, the data providers (the ones submitting the inputs) are the voters, and the input submitted is the vote itself.
+
+The validator checks that gating conditions are satisfied and that the ciphertext is constructed correctly using [Greco](https://github.com/gnosisguild/enclave/tree/main/circuits/crates/libs/greco). See the Greco [paper](https://eprint.iacr.org/2024/594).

package/contracts/CRISPInputValidator.sol

@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+pragma solidity >=0.8.27;
+
+import {IInputValidator} from "@enclave-e3/contracts/contracts/interfaces/IInputValidator.sol";
+import {Clone} from "@excubiae/contracts/proxy/Clone.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+
+import {IVerifier} from "./CRISPVerifier.sol";
+
+/// @title CRISPInputValidator.
+/// @notice Enclave Input Validator
+contract CRISPInputValidator is IInputValidator, Clone, Ownable(msg.sender) {
+    /// @notice The verifier that will be used to validate the input.
+    IVerifier internal noirVerifier;
+
+    /// @notice The governance token address.
+    address public token;
+    /// @notice The minimum balance required to pass the validation.
+    uint256 public balanceThreshold;
+    /// @notice The block number at which the balance will be checked.
+    uint256 public snapshotBlock;
+    /// @notice The Merkle root of the census.
+    uint256 public censusMerkleRoot;
+
+    /// @notice Indicates if the the round data has been set.
+    bool public isDataSet;
+
+    /// @notice Mapping to store votes. Each elegible voter has their own slot 
+    /// to store their vote. 
+    mapping (address => bytes) public voteSlots;
+
+    /// @notice The error emitted when the input data is empty.
+    error EmptyInputData();
+    /// @notice The error emitted when the input data is invalid.
+    error InvalidInputData(bytes reason);
+    /// @notice The error emitted when the Noir proof is invalid.
+    error InvalidNoirProof();
+    /// @notice The error emitted when the round data is not set.
+    error RoundDataNotSet();
+    /// @notice The error emitted when trying to set the round data more than once.
+    error RoundDataAlreadySet();
+
+    /// @notice Initializes the contract with appended bytes data for configuration.
+    function _initialize() internal virtual override(Clone) {
+        super._initialize();
+
+        (address _verifierAddr, address _owner) = abi.decode(
+            _getAppendedBytes(),
+            (address, address)
+        );
+
+        noirVerifier = IVerifier(_verifierAddr);
+        _transferOwnership(_owner);
+    }
+
+    /// @notice Sets the Merkle root of the census. Can only be set once.
+    /// @param _root The Merkle root to set.
+    function setRoundData(uint256 _root, address _token, uint256 _balanceThreshold, uint256 _snapshotBlock) external onlyOwner {
+        if (isDataSet) revert RoundDataAlreadySet();
+
+        isDataSet = true;
+        token = _token;
+        balanceThreshold = _balanceThreshold;
+        snapshotBlock = _snapshotBlock;
+        censusMerkleRoot = _root;
+    }
+
+    /// @notice Validates input
+    /// @param data The input to be verified.
+    /// @return input The decoded, policy-approved application payload.
+    function validate(
+        address,
+        bytes memory data
+    ) external returns (bytes memory input) {
+        // we need to ensure that the CRISP admin set the merkle root of the census
+        // @todo update this once we have all components working
+        // if (!isDataSet) revert RoundDataNotSet();
+
+        if (data.length == 0) revert EmptyInputData();
+
+        (
+            bytes memory noirProof,
+            bytes32[] memory noirPublicInputs,
+            bytes memory vote,
+            address slot
+        ) = abi.decode(data, (bytes, bytes32[], bytes, address));
+
+        /// @notice we need to check whether the slot is empty.
+        /// if the slot is empty 
+        /// @todo pass it to the verifier 
+        // bool isFirstVote = voteSlots[slot].length == 0;
+
+        // Check if the ciphertext was encrypted correctly
+        if (!noirVerifier.verify(noirProof, noirPublicInputs))
+            revert InvalidNoirProof();
+
+        /// @notice Store the vote in the correct slot.
+        voteSlots[slot] = vote;
+
+        // return the vote so that it can be stored in Enclave's input merkle tree
+        input = vote;
+    }
+}

package/contracts/CRISPInputValidatorFactory.sol

@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+pragma solidity >=0.8.27;
+
+import {Factory} from "@excubiae/contracts/proxy/Factory.sol";
+import {CRISPInputValidator} from "./CRISPInputValidator.sol";
+
+/// @title CRISPInputValidatorFactory
+/// @notice Factory for deploying minimal proxy instances of CRISPInputValidator.
+contract CRISPInputValidatorFactory is Factory {
+    /// @notice Initializes the factory with the CRISPInputValidator implementation.
+    constructor(address inputValidator) Factory(inputValidator) {}
+
+    /// @notice Deploys a new CRISPInputValidator clone.
+    /// @param _verifierAddr Address of the associated verifier contract.
+    function deploy(
+        address _verifierAddr,
+        address _owner
+    ) public returns (address clone) {
+        bytes memory data = abi.encode(_verifierAddr, _owner);
+
+        clone = super._deploy(data);
+        CRISPInputValidator(clone).initialize();
+    }
+}

package/contracts/CRISPProgram.sol

@@ -0,0 +1,151 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+pragma solidity >=0.8.27;
+
+import {IRiscZeroVerifier} from "risc0/IRiscZeroVerifier.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+import {IE3Program} from "@enclave-e3/contracts/contracts/interfaces/IE3Program.sol";
+import {IInputValidator} from "@enclave-e3/contracts/contracts/interfaces/IInputValidator.sol";
+import {IEnclave} from "@enclave-e3/contracts/contracts/interfaces/IEnclave.sol";
+import {CRISPInputValidatorFactory} from "./CRISPInputValidatorFactory.sol";
+import {HonkVerifier} from "./CRISPVerifier.sol";
+
+contract CRISPProgram is IE3Program, Ownable {
+    // Constants
+    bytes32 public constant ENCRYPTION_SCHEME_ID = keccak256("fhe.rs:BFV");
+
+    // State variables
+    IEnclave public enclave;
+    IRiscZeroVerifier public verifier;
+    CRISPInputValidatorFactory private immutable INPUT_VALIDATOR_FACTORY;
+    HonkVerifier private immutable HONK_VERIFIER;
+    bytes32 public imageId;
+
+    // Mappings
+    mapping(address => bool) public authorizedContracts;
+    mapping(uint256 e3Id => bytes32 paramsHash) public paramsHashes;
+
+    // Events
+    event InputValidatorUpdated(address indexed newValidator);
+
+    // Errors
+    error CallerNotAuthorized();
+    error E3AlreadyInitialized();
+    error E3DoesNotExist();
+    error EnclaveAddressZero();
+    error VerifierAddressZero();
+    error InvalidInputValidatorFactory();
+    error InvalidHonkVerifier();
+
+    /// @notice Initialize the contract, binding it to a specified RISC Zero verifier.
+    /// @param _enclave The enclave address
+    /// @param _verifier The RISC Zero verifier address
+    /// @param _inputValidatorFactory The input validator factory address
+    /// @param _honkVerifier The honk verifier address
+    /// @param _imageId The image ID for the guest program
+    constructor(
+        IEnclave _enclave,
+        IRiscZeroVerifier _verifier,
+        CRISPInputValidatorFactory _inputValidatorFactory,
+        HonkVerifier _honkVerifier,
+        bytes32 _imageId
+    ) Ownable(msg.sender) {
+        require(address(_enclave) != address(0), EnclaveAddressZero());
+        require(address(_verifier) != address(0), VerifierAddressZero());
+        require(
+            address(_inputValidatorFactory) != address(0),
+            InvalidInputValidatorFactory()
+        );
+        require(address(_honkVerifier) != address(0), InvalidHonkVerifier());
+
+        enclave = _enclave;
+        verifier = _verifier;
+        INPUT_VALIDATOR_FACTORY = _inputValidatorFactory;
+        HONK_VERIFIER = _honkVerifier;
+        authorizedContracts[address(_enclave)] = true;
+        imageId = _imageId;
+    }
+
+    /// @notice Set the Image ID for the guest program
+    /// @param _imageId The new image ID.
+    function setImageId(bytes32 _imageId) external onlyOwner {
+        imageId = _imageId;
+    }
+
+    /// @notice Set the RISC Zero verifier address
+    /// @param _verifier The new RISC Zero verifier address
+    function setVerifier(IRiscZeroVerifier _verifier) external onlyOwner {
+        verifier = _verifier;
+    }
+
+    /// @notice Get the params hash for an E3 program
+    /// @param e3Id The E3 program ID
+    /// @return The params hash
+    function getParamsHash(uint256 e3Id) public view returns (bytes32) {
+        return paramsHashes[e3Id];
+    }
+
+    /// @notice Validate the E3 program parameters
+    /// @param e3Id The E3 program ID
+    /// @param e3ProgramParams The E3 program parameters
+    function validate(
+        uint256 e3Id,
+        uint256,
+        bytes calldata e3ProgramParams,
+        bytes calldata
+    ) external returns (bytes32, IInputValidator inputValidator) {
+        require(
+            authorizedContracts[msg.sender] || msg.sender == owner(),
+            CallerNotAuthorized()
+        );
+        require(paramsHashes[e3Id] == bytes32(0), E3AlreadyInitialized());
+        paramsHashes[e3Id] = keccak256(e3ProgramParams);
+
+        // Deploy a new input validator
+        inputValidator = IInputValidator(
+            INPUT_VALIDATOR_FACTORY.deploy(address(HONK_VERIFIER), owner())
+        );
+
+        return (ENCRYPTION_SCHEME_ID, inputValidator);
+    }
+
+    /// @notice Verify the proof
+    /// @param e3Id The E3 program ID
+    /// @param ciphertextOutputHash The hash of the ciphertext output
+    /// @param proof The proof to verify
+    function verify(
+        uint256 e3Id,
+        bytes32 ciphertextOutputHash,
+        bytes memory proof
+    ) external view override returns (bool) {
+        require(paramsHashes[e3Id] != bytes32(0), E3DoesNotExist());
+        bytes32 inputRoot = bytes32(enclave.getInputRoot(e3Id));
+        bytes memory journal = new bytes(396); // (32 + 1) * 4 * 3
+
+        encodeLengthPrefixAndHash(journal, 0, ciphertextOutputHash);
+        encodeLengthPrefixAndHash(journal, 132, paramsHashes[e3Id]);
+        encodeLengthPrefixAndHash(journal, 264, inputRoot);
+
+        verifier.verify(proof, imageId, sha256(journal));
+        return true;
+    }
+
+    /// @notice Encode length prefix and hash
+    /// @param journal The journal to encode into
+    /// @param startIndex The start index in the journal
+    /// @param hashVal The hash value to encode
+    function encodeLengthPrefixAndHash(
+        bytes memory journal,
+        uint256 startIndex,
+        bytes32 hashVal
+    ) internal pure {
+        journal[startIndex] = 0x20;
+        startIndex += 4;
+        for (uint256 i = 0; i < 32; i++) {
+            journal[startIndex + i * 4] = hashVal[i];
+        }
+    }
+}