@crisp-e3/contracts 0.2.3-test → 0.4.0

package/contracts/Mocks/MockCRISPProgram.sol

@@ -0,0 +1,214 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+//
+// This file is provided WITHOUT ANY WARRANTY;
+// without even the implied warranty of MERCHANTABILITY
+// or FITNESS FOR A PARTICULAR PURPOSE.
+pragma solidity >=0.8.27;
+
+import { IRiscZeroVerifier } from "risc0/IRiscZeroVerifier.sol";
+import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
+import { IE3Program } from "@enclave-e3/contracts/contracts/interfaces/IE3Program.sol";
+import { IEnclave } from "@enclave-e3/contracts/contracts/interfaces/IEnclave.sol";
+import { E3 } from "@enclave-e3/contracts/contracts/interfaces/IE3.sol";
+import { LazyIMTData, InternalLazyIMT } from "@zk-kit/lazy-imt.sol/InternalLazyIMT.sol";
+
+import { HonkVerifier } from "../CRISPVerifier.sol";
+
+contract MockCRISPProgram is IE3Program, Ownable {
+  using InternalLazyIMT for LazyIMTData;
+  /// @notice a structure that holds the round data
+  struct RoundData {
+    /// @notice The governance token address.
+    address token;
+    /// @notice The minimum balance required to pass the validation.
+    uint256 balanceThreshold;
+    /// @notice The Merkle root of the census.
+    uint256 censusMerkleRoot;
+  }
+
+  // Constants
+  bytes32 public constant ENCRYPTION_SCHEME_ID = keccak256("fhe.rs:BFV");
+
+  // The depth of the input merkle tree
+  uint8 public constant TREE_DEPTH = 20;
+
+  // State variables
+  IEnclave public enclave;
+  IRiscZeroVerifier public verifier;
+  HonkVerifier private immutable HONK_VERIFIER;
+  bytes32 public imageId;
+
+  /// @notice the round data
+  RoundData public roundData;
+  /// @notice whether the round data has been set
+  bool public isDataSet;
+
+  /// @notice Half of the largest minimum degree used to fit votes
+  /// inside the plaintext polynomial
+  uint256 public constant HALF_LARGEST_MINIMUM_DEGREE = 28;
+
+  // Mappings
+  mapping(address => bool) public authorizedContracts;
+  mapping(uint256 e3Id => bytes32 paramsHash) public paramsHashes;
+  /// @notice Mapping to store votes slot indices. Each eligible voter has their own slot
+  /// to store their vote inside the merkle tree.
+  mapping(uint256 e3Id => mapping(address slot => uint40 index)) public voteSlots;
+  mapping(uint256 e3Id => LazyIMTData) public votes;
+
+  // Errors
+  error CallerNotAuthorized();
+  error E3AlreadyInitialized();
+  error E3DoesNotExist();
+  error EnclaveAddressZero();
+  error VerifierAddressZero();
+
+  /// @notice The error emitted when the honk verifier address is invalid.
+  error InvalidHonkVerifier();
+  /// @notice The error emitted when the input data is empty.
+  error EmptyInputData();
+  /// @notice The error emitted when the input data is invalid.
+  error InvalidInputData(bytes reason);
+  /// @notice The error emitted when the Noir proof is invalid.
+  error InvalidNoirProof();
+  /// @notice The error emitted when the round data is not set.
+  error RoundDataNotSet();
+  /// @notice The error emitted when trying to set the round data more than once.
+  error RoundDataAlreadySet();
+
+  /// @notice The event emitted when an input is published.
+  event InputPublished(uint256 indexed e3Id, bytes vote, uint256 index);
+
+  /// @notice Initialize the contract, binding it to a specified RISC Zero verifier.
+  /// @param _enclave The enclave address
+  /// @param _verifier The RISC Zero verifier address
+  /// @param _honkVerifier The honk verifier address
+  /// @param _imageId The image ID for the guest program
+  constructor(IEnclave _enclave, IRiscZeroVerifier _verifier, HonkVerifier _honkVerifier, bytes32 _imageId) Ownable(msg.sender) {
+    require(address(_enclave) != address(0), EnclaveAddressZero());
+    require(address(_verifier) != address(0), VerifierAddressZero());
+    require(address(_honkVerifier) != address(0), InvalidHonkVerifier());
+
+    enclave = _enclave;
+    verifier = _verifier;
+    HONK_VERIFIER = _honkVerifier;
+    authorizedContracts[address(_enclave)] = true;
+    imageId = _imageId;
+  }
+
+  /// @notice Sets the Round data. Can only be set once.
+  /// @param _root The Merkle root to set.
+  /// @param _token The governance token address.
+  /// @param _balanceThreshold The minimum balance required.
+  function setRoundData(uint256 _root, address _token, uint256 _balanceThreshold) external onlyOwner {
+    if (isDataSet) revert RoundDataAlreadySet();
+
+    isDataSet = true;
+
+    roundData = RoundData({ token: _token, balanceThreshold: _balanceThreshold, censusMerkleRoot: _root });
+  }
+
+  /// @notice Set the Image ID for the guest program
+  /// @param _imageId The new image ID.
+  function setImageId(bytes32 _imageId) external onlyOwner {
+    imageId = _imageId;
+  }
+
+  /// @notice Set the RISC Zero verifier address
+  /// @param _verifier The new RISC Zero verifier address
+  function setVerifier(IRiscZeroVerifier _verifier) external onlyOwner {
+    if (address(_verifier) == address(0)) revert VerifierAddressZero();
+    verifier = _verifier;
+  }
+
+  /// @notice Get the params hash for an E3 program
+  /// @param e3Id The E3 program ID
+  /// @return The params hash
+  function getParamsHash(uint256 e3Id) public view returns (bytes32) {
+    return paramsHashes[e3Id];
+  }
+
+  /// @notice Validate the E3 program parameters
+  /// @param e3Id The E3 program ID
+  /// @param e3ProgramParams The E3 program parameters
+  function validate(uint256 e3Id, uint256, bytes calldata e3ProgramParams, bytes calldata) external returns (bytes32) {
+    require(authorizedContracts[msg.sender] || msg.sender == owner(), CallerNotAuthorized());
+    require(paramsHashes[e3Id] == bytes32(0), E3AlreadyInitialized());
+    paramsHashes[e3Id] = keccak256(e3ProgramParams);
+
+    return ENCRYPTION_SCHEME_ID;
+  }
+
+  /// @inheritdoc IE3Program
+  function validateInput(uint256 e3Id, address, bytes memory data) external {
+    if (data.length == 0) revert EmptyInputData();
+
+    (, , bytes memory vote, ) = abi.decode(data, (bytes, bytes32[], bytes, address));
+  }
+
+  /// @notice Decode the tally from the plaintext output
+  /// @param e3Id The E3 program ID
+  /// @return yes The number of yes votes
+  /// @return no The number of no votes
+  function decodeTally(uint256 e3Id) public view returns (uint256 yes, uint256 no) {
+    // fetch from enclave
+    E3 memory e3 = enclave.getE3(e3Id);
+
+    // abi decode it into an array of uint256
+    uint256[] memory tally = abi.decode(e3.plaintextOutput, (uint256[]));
+
+    /// @notice We want to completely ignore anything outside of the coefficients
+    /// we agreed to store out votes on.
+    uint256 halfD = tally.length / 2;
+    uint256 START_INDEX_Y = halfD - HALF_LARGEST_MINIMUM_DEGREE;
+    uint256 START_INDEX_N = tally.length - HALF_LARGEST_MINIMUM_DEGREE;
+
+    // first weight (we are converting back from bits to integer)
+    uint256 weight = 2 ** (HALF_LARGEST_MINIMUM_DEGREE - 1);
+
+    // Convert yes votes
+    for (uint256 i = START_INDEX_Y; i < halfD; i++) {
+      yes += tally[i] * weight;
+      weight /= 2; // Right shift equivalent
+    }
+
+    // Reset weight for no votes
+    weight = 2 ** (HALF_LARGEST_MINIMUM_DEGREE - 1);
+
+    // Convert no votes
+    for (uint256 i = START_INDEX_N; i < tally.length; i++) {
+      no += tally[i] * weight;
+      weight /= 2;
+    }
+
+    return (yes, no);
+  }
+
+  /// @notice Verify the proof
+  /// @param e3Id The E3 program ID
+  /// @param ciphertextOutputHash The hash of the ciphertext output
+  /// @param proof The proof to verify
+  function verify(uint256 e3Id, bytes32 ciphertextOutputHash, bytes memory proof) external view override returns (bool) {
+    require(paramsHashes[e3Id] != bytes32(0), E3DoesNotExist());
+    bytes32 inputRoot = bytes32(votes[e3Id]._root(TREE_DEPTH));
+    bytes memory journal = new bytes(396); // (32 + 1) * 4 * 3
+
+    encodeLengthPrefixAndHash(journal, 0, ciphertextOutputHash);
+    encodeLengthPrefixAndHash(journal, 132, paramsHashes[e3Id]);
+    encodeLengthPrefixAndHash(journal, 264, inputRoot);
+
+    verifier.verify(proof, imageId, sha256(journal));
+    return true;
+  }
+
+  /// @notice Encode length prefix and hash
+  /// @param journal The journal to encode into
+  /// @param startIndex The start index in the journal
+  /// @param hashVal The hash value to encode
+  function encodeLengthPrefixAndHash(bytes memory journal, uint256 startIndex, bytes32 hashVal) internal pure {
+    journal[startIndex] = 0x20;
+    startIndex += 4;
+    for (uint256 i = 0; i < 32; i++) {
+      journal[startIndex + i * 4] = hashVal[i];
+    }
+  }
+}

package/contracts/Mocks/MockEnclave.sol

@@ -5,35 +5,34 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 pragma solidity >=0.8.27;
 
-import {E3} from "@enclave-e3/contracts/contracts/interfaces/IE3.sol";
-import {IE3Program} from "@enclave-e3/contracts/contracts/interfaces/IE3Program.sol";
-import {IInputValidator} from "@enclave-e3/contracts/contracts/interfaces/IInputValidator.sol";
-import {IDecryptionVerifier} from "@enclave-e3/contracts/contracts/interfaces/IDecryptionVerifier.sol";
+import { E3 } from "@enclave-e3/contracts/contracts/interfaces/IE3.sol";
+import { IE3Program } from "@enclave-e3/contracts/contracts/interfaces/IE3Program.sol";
+import { IDecryptionVerifier } from "@enclave-e3/contracts/contracts/interfaces/IDecryptionVerifier.sol";
 
 contract MockEnclave {
-    bytes public plaintextOutput;
+  bytes public plaintextOutput;
 
-    function setPlaintextOutput(uint256[] memory plaintext) external {
-        plaintextOutput = abi.encode(plaintext);
-    }
+  function setPlaintextOutput(uint256[] memory plaintext) external {
+    plaintextOutput = abi.encode(plaintext);
+  }
 
-    function getE3(uint256 e3Id) external view returns (E3 memory) {
-        return E3({
-            seed: 0,
-            threshold: [uint32(1), uint32(2)],
-            requestBlock: 0,
-            startWindow: [uint256(0), uint256(0)],
-            duration: 0,
-            expiration: 0,
-            encryptionSchemeId: bytes32(0),
-            e3Program: IE3Program(address(0)),
-            e3ProgramParams: bytes(""),
-            customParams: bytes(""),
-            inputValidator: IInputValidator(address(0)),
-            decryptionVerifier: IDecryptionVerifier(address(0)),
-            committeePublicKey: bytes32(0),
-            ciphertextOutput: bytes32(0),
-            plaintextOutput: plaintextOutput
-        });
-    }
+  function getE3(uint256 e3Id) external view returns (E3 memory) {
+    return
+      E3({
+        seed: 0,
+        threshold: [uint32(1), uint32(2)],
+        requestBlock: 0,
+        startWindow: [uint256(0), uint256(0)],
+        duration: 0,
+        expiration: 0,
+        encryptionSchemeId: bytes32(0),
+        e3Program: IE3Program(address(0)),
+        e3ProgramParams: bytes(""),
+        customParams: bytes(""),
+        decryptionVerifier: IDecryptionVerifier(address(0)),
+        committeePublicKey: bytes32(0),
+        ciphertextOutput: bytes32(0),
+        plaintextOutput: plaintextOutput
+      });
+  }
 }

package/contracts/Mocks/MockRISC0Verifier.sol

@@ -5,14 +5,10 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 pragma solidity ^0.8.27;
 
-import {IRiscZeroVerifier, Receipt} from "risc0/IRiscZeroVerifier.sol";
+import { IRiscZeroVerifier, Receipt } from "risc0/IRiscZeroVerifier.sol";
 
 contract MockRISC0Verifier is IRiscZeroVerifier {
-    function verify(
-        bytes calldata seal,
-        bytes32 imageId,
-        bytes32 journalDigest
-    ) public view override {}
+  function verify(bytes calldata seal, bytes32 imageId, bytes32 journalDigest) public view override {}
 
-    function verifyIntegrity(Receipt calldata receipt) external view override {}
+  function verifyIntegrity(Receipt calldata receipt) external view override {}
 }

package/contracts/Mocks/RiscZeroGroth16Verifier.sol

@@ -5,12 +5,9 @@
 // or FITNESS FOR A PARTICULAR PURPOSE.
 pragma solidity >=0.8.27;
 
-import {RiscZeroGroth16Verifier as RiscZero} from "risc0/groth16/RiscZeroGroth16Verifier.sol";
-import {ControlID} from "risc0/groth16/ControlID.sol";
+import { RiscZeroGroth16Verifier as RiscZero } from "risc0/groth16/RiscZeroGroth16Verifier.sol";
+import { ControlID } from "risc0/groth16/ControlID.sol";
 
 contract RiscZeroGroth16Verifier is RiscZero {
-    constructor() RiscZero(
-        ControlID.CONTROL_ROOT,
-        ControlID.BN254_CONTROL_ID
-    ) {}
-}
+  constructor() RiscZero(ControlID.CONTROL_ROOT, ControlID.BN254_CONTROL_ID) {}
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crisp-e3/contracts",
-  "version": "0.2.3-test",
+  "version": "0.4.0",
   "type": "module",
   "files": [
     "contracts",
@@ -28,7 +28,7 @@
   },
   "dependencies": {
     "@excubiae/contracts": "^0.4.0",
-    "@zk-kit/lean-imt.sol": "2.0.0",
+    "@zk-kit/lazy-imt.sol": "2.0.0-beta.12",
     "poseidon-solidity": "^0.0.5",
     "solady": "^0.1.13",
     "@enclave-e3/contracts": "0.1.5"
@@ -59,12 +59,14 @@
     "typechain": "^8.3.0",
     "typescript": "5.8.3",
     "viem": "2.30.6",
-    "@crisp-e3/sdk": "^0.2.3-test",
-    "@crisp-e3/zk-inputs": "^0.2.3-test"
+    "@crisp-e3/zk-inputs": "^0.4.0",
+    "@crisp-e3/sdk": "^0.4.0"
   },
   "scripts": {
     "compile": "hardhat compile",
     "ciphernode:add": "hardhat ciphernode:admin-add",
+    "ciphernode:mint:tokens": "hardhat ciphernode:mint-tokens",
+    "ciphernode:add:self": "hardhat ciphernode:add",
     "clean:deployments": "hardhat utils:clean-deployments",
     "deploy:contracts": "hardhat run deploy/deploy.ts",
     "deploy:contracts:full": "export DEPLOY_ENCLAVE=true && pnpm deploy:contracts",

package/contracts/CRISPInputValidator.sol

@@ -1,107 +0,0 @@
-// SPDX-License-Identifier: LGPL-3.0-only
-//
-// This file is provided WITHOUT ANY WARRANTY;
-// without even the implied warranty of MERCHANTABILITY
-// or FITNESS FOR A PARTICULAR PURPOSE.
-pragma solidity >=0.8.27;
-
-import {IInputValidator} from "@enclave-e3/contracts/contracts/interfaces/IInputValidator.sol";
-import {Clone} from "@excubiae/contracts/proxy/Clone.sol";
-import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
-
-import {IVerifier} from "./CRISPVerifier.sol";
-
-/// @title CRISPInputValidator.
-/// @notice Enclave Input Validator
-contract CRISPInputValidator is IInputValidator, Clone, Ownable(msg.sender) {
-    /// @notice The verifier that will be used to validate the input.
-    IVerifier internal noirVerifier;
-
-    /// @notice The governance token address.
-    address public token;
-    /// @notice The minimum balance required to pass the validation.
-    uint256 public balanceThreshold;
-    /// @notice The block number at which the balance will be checked.
-    uint256 public snapshotBlock;
-    /// @notice The Merkle root of the census.
-    uint256 public censusMerkleRoot;
-
-    /// @notice Indicates if the the round data has been set.
-    bool public isDataSet;
-
-    /// @notice Mapping to store votes. Each elegible voter has their own slot 
-    /// to store their vote. 
-    mapping (address => bytes) public voteSlots;
-
-    /// @notice The error emitted when the input data is empty.
-    error EmptyInputData();
-    /// @notice The error emitted when the input data is invalid.
-    error InvalidInputData(bytes reason);
-    /// @notice The error emitted when the Noir proof is invalid.
-    error InvalidNoirProof();
-    /// @notice The error emitted when the round data is not set.
-    error RoundDataNotSet();
-    /// @notice The error emitted when trying to set the round data more than once.
-    error RoundDataAlreadySet();
-
-    /// @notice Initializes the contract with appended bytes data for configuration.
-    function _initialize() internal virtual override(Clone) {
-        super._initialize();
-
-        (address _verifierAddr, address _owner) = abi.decode(
-            _getAppendedBytes(),
-            (address, address)
-        );
-
-        noirVerifier = IVerifier(_verifierAddr);
-        _transferOwnership(_owner);
-    }
-
-    /// @notice Sets the Merkle root of the census. Can only be set once.
-    /// @param _root The Merkle root to set.
-    function setRoundData(uint256 _root, address _token, uint256 _balanceThreshold, uint256 _snapshotBlock) external onlyOwner {
-        if (isDataSet) revert RoundDataAlreadySet();
-
-        isDataSet = true;
-        token = _token;
-        balanceThreshold = _balanceThreshold;
-        snapshotBlock = _snapshotBlock;
-        censusMerkleRoot = _root;
-    }
-
-    /// @notice Validates input
-    /// @param data The input to be verified.
-    /// @return input The decoded, policy-approved application payload.
-    function validate(
-        address,
-        bytes memory data
-    ) external returns (bytes memory input) {
-        // we need to ensure that the CRISP admin set the merkle root of the census
-        // @todo update this once we have all components working
-        // if (!isDataSet) revert RoundDataNotSet();
-
-        if (data.length == 0) revert EmptyInputData();
-
-        (
-            bytes memory noirProof,
-            bytes32[] memory noirPublicInputs,
-            bytes memory vote,
-            address slot
-        ) = abi.decode(data, (bytes, bytes32[], bytes, address));
-
-        /// @notice we need to check whether the slot is empty.
-        /// if the slot is empty 
-        /// @todo pass it to the verifier 
-        // bool isFirstVote = voteSlots[slot].length == 0;
-
-        // Check if the ciphertext was encrypted correctly
-        if (!noirVerifier.verify(noirProof, noirPublicInputs))
-            revert InvalidNoirProof();
-
-        /// @notice Store the vote in the correct slot.
-        voteSlots[slot] = vote;
-
-        // return the vote so that it can be stored in Enclave's input merkle tree
-        input = vote;
-    }
-}

package/contracts/CRISPInputValidatorFactory.sol

@@ -1,28 +0,0 @@
-// SPDX-License-Identifier: LGPL-3.0-only
-//
-// This file is provided WITHOUT ANY WARRANTY;
-// without even the implied warranty of MERCHANTABILITY
-// or FITNESS FOR A PARTICULAR PURPOSE.
-pragma solidity >=0.8.27;
-
-import {Factory} from "@excubiae/contracts/proxy/Factory.sol";
-import {CRISPInputValidator} from "./CRISPInputValidator.sol";
-
-/// @title CRISPInputValidatorFactory
-/// @notice Factory for deploying minimal proxy instances of CRISPInputValidator.
-contract CRISPInputValidatorFactory is Factory {
-    /// @notice Initializes the factory with the CRISPInputValidator implementation.
-    constructor(address inputValidator) Factory(inputValidator) {}
-
-    /// @notice Deploys a new CRISPInputValidator clone.
-    /// @param _verifierAddr Address of the associated verifier contract.
-    function deploy(
-        address _verifierAddr,
-        address _owner
-    ) public returns (address clone) {
-        bytes memory data = abi.encode(_verifierAddr, _owner);
-
-        clone = super._deploy(data);
-        CRISPInputValidator(clone).initialize();
-    }
-}

package/contracts/ImageID.sol

@@ -1,26 +0,0 @@
-// Copyright 2024 RISC Zero, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// SPDX-License-Identifier: Apache-2.0
-
-// This file is automatically generated
-
-pragma solidity ^0.8.20;
-
-library ImageID {
-    bytes32 public constant PROGRAM_ID =
-        bytes32(
-            0x23734b77b0f76e85623a88d7a82f24c34c94834f2501964ea123b7a2027013a2
-        );
-}

package/contracts/Mocks/MockCRISPInputValidator.sol

@@ -1,35 +0,0 @@
-// SPDX-License-Identifier: LGPL-3.0-only
-//
-// This file is provided WITHOUT ANY WARRANTY;
-// without even the implied warranty of MERCHANTABILITY
-// or FITNESS FOR A PARTICULAR PURPOSE.
-pragma solidity >=0.8.27;
-
-import {IInputValidator} from "@enclave-e3/contracts/contracts/interfaces/IInputValidator.sol";
-import {IBasePolicy} from "@excubiae/contracts/interfaces/IBasePolicy.sol";
-import {Clone} from "@excubiae/contracts/proxy/Clone.sol";
-import {IVerifier} from "../CRISPVerifier.sol";
-
-/// @title MockCRISPInputValidator.
-/// @notice Mock Enclave Input Validator
-contract MockCRISPInputValidator is IInputValidator, Clone {
-    /// @notice The error emitted when the input data is empty.
-    error EmptyInputData();
-
-    /// @notice Initializes the contract with appended bytes data for configuration.
-    function _initialize() internal virtual override(Clone) {
-        super._initialize();
-    }
-
-    /// @notice Validates input
-    /// @param sender The account that is submitting the input.
-    /// @param data The input to be verified.
-    /// @return input The decoded, policy-approved application payload.
-    function validate(address sender, bytes memory data) external returns (bytes memory input) {
-        if (data.length == 0) revert EmptyInputData();
-
-        (,,bytes memory vote,) = abi.decode(data, (bytes, bytes32[], bytes, address));
-
-        input = vote;
-    }
-}