@crisp-e3/contracts 0.5.2 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -12
- package/contracts/CRISPProgram.sol +54 -18
- package/contracts/CRISPVerifier.sol +31 -31
- package/contracts/Mocks/MockEnclave.sol +2 -2
- package/package.json +5 -4
package/README.md
CHANGED
|
@@ -20,6 +20,34 @@ Alternatively, you can run tests directly from this directory:
|
|
|
20
20
|
pnpm test
|
|
21
21
|
```
|
|
22
22
|
|
|
23
|
+
## Deployment
|
|
24
|
+
|
|
25
|
+
### For testing
|
|
26
|
+
|
|
27
|
+
For testing, you can deploy the contracts without using the Risc0 verifier. The following command
|
|
28
|
+
can be run:
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
pnpm deploy:contracts:full:mock
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
This will also print out the environment variables needed for the CRISP server to work with your
|
|
35
|
+
newly deployed contracts.
|
|
36
|
+
|
|
37
|
+
### Full deployment with Risc0Verifier
|
|
38
|
+
|
|
39
|
+
You can deploy CRISP contracts only using:
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
pnpm deploy:contracts
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Or the following to deploy Enclave contracts too (useful for testing scenarios):
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
pnpm deploy:contracts:full
|
|
49
|
+
```
|
|
50
|
+
|
|
23
51
|
## CRISP Program
|
|
24
52
|
|
|
25
53
|
This is the main logic of CRISP - an enclave program for secure voting.
|
|
@@ -31,15 +59,10 @@ It exposes two main functions:
|
|
|
31
59
|
(`Enclave.publishCiphertextOutput`). This function ensures that the ciphertext output is valid.
|
|
32
60
|
CRISP uses Risc0 as the compute provider for running the FHE program, thus the proof will be a
|
|
33
61
|
Risc0 proof.
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
The
|
|
38
|
-
|
|
39
|
-
(
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
The validator checks that gating conditions are satisfied and that the ciphertext is constructed
|
|
43
|
-
correctly using
|
|
44
|
-
[Greco](https://github.com/gnosisguild/enclave/tree/main/circuits/crates/libs/greco). See the Greco
|
|
45
|
-
[paper](https://eprint.iacr.org/2024/594).
|
|
62
|
+
- `validateInput` - validate the input data that is submitted to the E3 instance. It is called by
|
|
63
|
+
the Enclave contract when a new input is published (`Enclave.publishInput`). In CRISP, the data
|
|
64
|
+
providers (the ones submitting the inputs) are the voters, and the input submitted is the vote
|
|
65
|
+
itself. The logic checks that gating conditions are satisfied and that the ciphertext is
|
|
66
|
+
constructed correctly using
|
|
67
|
+
[Greco](https://github.com/gnosisguild/enclave/tree/main/circuits/crates/libs/greco). See the
|
|
68
|
+
Greco [paper](https://eprint.iacr.org/2024/594).
|
|
@@ -29,8 +29,6 @@ contract CRISPProgram is IE3Program, Ownable {
|
|
|
29
29
|
bytes32 public constant ENCRYPTION_SCHEME_ID = keccak256("fhe.rs:BFV");
|
|
30
30
|
/// @notice The depth of the input Merkle tree.
|
|
31
31
|
uint8 public constant TREE_DEPTH = 20;
|
|
32
|
-
/// @notice Half of the largest minimum degree used to fit votes inside the plaintext polynomial.
|
|
33
|
-
uint256 public constant HALF_LARGEST_MINIMUM_DEGREE = 28; // static, hardcoded in the circuit.
|
|
34
32
|
|
|
35
33
|
// State variables
|
|
36
34
|
IEnclave public enclave;
|
|
@@ -53,6 +51,8 @@ contract CRISPProgram is IE3Program, Ownable {
|
|
|
53
51
|
error InvalidNoirProof();
|
|
54
52
|
error InvalidMerkleRoot();
|
|
55
53
|
error MerkleRootAlreadySet();
|
|
54
|
+
error InvalidTallyLength();
|
|
55
|
+
error SlotIsEmpty();
|
|
56
56
|
|
|
57
57
|
// Events
|
|
58
58
|
event InputPublished(uint256 indexed e3Id, bytes vote, uint256 index);
|
|
@@ -159,36 +159,46 @@ contract CRISPProgram is IE3Program, Ownable {
|
|
|
159
159
|
// fetch from enclave
|
|
160
160
|
E3 memory e3 = enclave.getE3(e3Id);
|
|
161
161
|
|
|
162
|
-
//
|
|
163
|
-
|
|
162
|
+
// decode it into an array of uint64
|
|
163
|
+
uint64[] memory tally = _decodeBytesToUint64Array(e3.plaintextOutput);
|
|
164
164
|
|
|
165
|
-
/// @notice We want to completely ignore anything outside of the coefficients
|
|
166
|
-
/// we agreed to store out votes on.
|
|
167
165
|
uint256 halfD = tally.length / 2;
|
|
168
|
-
uint256 START_INDEX_Y = halfD - HALF_LARGEST_MINIMUM_DEGREE;
|
|
169
|
-
uint256 START_INDEX_N = tally.length - HALF_LARGEST_MINIMUM_DEGREE;
|
|
170
|
-
|
|
171
|
-
// first weight (we are converting back from bits to integer)
|
|
172
|
-
uint256 weight = 2 ** (HALF_LARGEST_MINIMUM_DEGREE - 1);
|
|
173
166
|
|
|
174
167
|
// Convert yes votes
|
|
175
|
-
for (uint256 i =
|
|
168
|
+
for (uint256 i = 0; i < halfD; i++) {
|
|
169
|
+
uint256 weight = 2 ** (halfD - 1 - i);
|
|
176
170
|
yes += tally[i] * weight;
|
|
177
|
-
weight /= 2; // Right shift equivalent
|
|
178
171
|
}
|
|
179
172
|
|
|
180
|
-
// Reset weight for no votes
|
|
181
|
-
weight = 2 ** (HALF_LARGEST_MINIMUM_DEGREE - 1);
|
|
182
|
-
|
|
183
173
|
// Convert no votes
|
|
184
|
-
for (uint256 i =
|
|
174
|
+
for (uint256 i = halfD; i < tally.length; i++) {
|
|
175
|
+
uint256 weight = 2 ** (tally.length - 1 - i);
|
|
185
176
|
no += tally[i] * weight;
|
|
186
|
-
weight /= 2;
|
|
187
177
|
}
|
|
188
178
|
|
|
189
179
|
return (yes, no);
|
|
190
180
|
}
|
|
191
181
|
|
|
182
|
+
/// @notice Get the slot index for a given E3 ID and slot address
|
|
183
|
+
/// @param e3Id The E3 program ID
|
|
184
|
+
/// @param slotAddress The slot address
|
|
185
|
+
/// @return The slot index
|
|
186
|
+
function getSlotIndex(uint256 e3Id, address slotAddress) external view returns (uint40) {
|
|
187
|
+
uint40 storedIndexPlusOne = e3Data[e3Id].voteSlots[slotAddress];
|
|
188
|
+
if (storedIndexPlusOne == 0) {
|
|
189
|
+
revert SlotIsEmpty();
|
|
190
|
+
}
|
|
191
|
+
return storedIndexPlusOne - 1;
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
/// @notice Check if a slot is empty for a given E3 ID and slot address
|
|
195
|
+
/// @param e3Id The E3 program ID
|
|
196
|
+
/// @param slotAddress The slot address
|
|
197
|
+
/// @return Whether the slot is empty or not
|
|
198
|
+
function isSlotEmptyByAddress(uint256 e3Id, address slotAddress) external view returns (bool) {
|
|
199
|
+
return e3Data[e3Id].voteSlots[slotAddress] == 0;
|
|
200
|
+
}
|
|
201
|
+
|
|
192
202
|
/// @inheritdoc IE3Program
|
|
193
203
|
function verify(uint256 e3Id, bytes32 ciphertextOutputHash, bytes memory proof) external view override returns (bool) {
|
|
194
204
|
if (e3Data[e3Id].paramsHash == bytes32(0)) revert E3DoesNotExist();
|
|
@@ -236,4 +246,30 @@ contract CRISPProgram is IE3Program, Ownable {
|
|
|
236
246
|
journal[startIndex + i * 4] = hashVal[i];
|
|
237
247
|
}
|
|
238
248
|
}
|
|
249
|
+
|
|
250
|
+
/// @notice Decode bytes to uint64 array
|
|
251
|
+
/// @param data The bytes to decode (must be multiple of 8)
|
|
252
|
+
/// @return result Array of uint64 values
|
|
253
|
+
function _decodeBytesToUint64Array(bytes memory data) internal pure returns (uint64[] memory result) {
|
|
254
|
+
if (data.length % 8 != 0) {
|
|
255
|
+
revert InvalidTallyLength();
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
uint256 arrayLength = data.length / 8;
|
|
259
|
+
result = new uint64[](arrayLength);
|
|
260
|
+
|
|
261
|
+
for (uint256 i = 0; i < arrayLength; i++) {
|
|
262
|
+
uint256 offset = i * 8;
|
|
263
|
+
uint64 value = 0;
|
|
264
|
+
|
|
265
|
+
// Read 8 bytes in little-endian order
|
|
266
|
+
for (uint64 j = 0; j < 8; j++) {
|
|
267
|
+
value |= uint64(uint8(data[offset + j])) << (j * 8);
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
result[i] = value;
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
return result;
|
|
274
|
+
}
|
|
239
275
|
}
|
|
@@ -8,7 +8,7 @@ pragma solidity >=0.8.21;
|
|
|
8
8
|
uint256 constant N = 262144;
|
|
9
9
|
uint256 constant LOG_N = 18;
|
|
10
10
|
uint256 constant NUMBER_OF_PUBLIC_INPUTS = 2066;
|
|
11
|
-
uint256 constant VK_HASH =
|
|
11
|
+
uint256 constant VK_HASH = 0x127b37c45dfb3a6a153382a3cf931c718810df54513b449af9ade62385eeefac;
|
|
12
12
|
library HonkVerificationKey {
|
|
13
13
|
function loadVerificationKey() internal pure returns (Honk.VerificationKey memory) {
|
|
14
14
|
Honk.VerificationKey memory vk = Honk.VerificationKey({
|
|
@@ -16,36 +16,36 @@ library HonkVerificationKey {
|
|
|
16
16
|
logCircuitSize: uint256(18),
|
|
17
17
|
publicInputsSize: uint256(2066),
|
|
18
18
|
ql: Honk.G1Point({
|
|
19
|
-
x: uint256(
|
|
20
|
-
y: uint256(
|
|
19
|
+
x: uint256(0x1a14a677dcf497132668b43dd6c2eba38ac0be2d8a55042e72ab0e431c1fca04),
|
|
20
|
+
y: uint256(0x0e30a76f6ca16f79faa7f36c8541bac98823fce567367d5b05f6d1e1889d2dce)
|
|
21
21
|
}),
|
|
22
22
|
qr: Honk.G1Point({
|
|
23
|
-
x: uint256(
|
|
24
|
-
y: uint256(
|
|
23
|
+
x: uint256(0x069b1a425a882deab8b2ab366567379d09dd9cc2430c896796c11e2e8be34fe4),
|
|
24
|
+
y: uint256(0x2f4a270bd180719c0120936a6ca66c6097f378bb489db75e29e644716f6f9387)
|
|
25
25
|
}),
|
|
26
26
|
qo: Honk.G1Point({
|
|
27
|
-
x: uint256(
|
|
28
|
-
y: uint256(
|
|
27
|
+
x: uint256(0x24638b4ee6c5e15b721bbb29c486e913deb01588c13d0cb85da47c50c16a81e5),
|
|
28
|
+
y: uint256(0x1bd194bdfc905dc9465a3fe4b697de6fd7d67ae421b7404b84e472c68e691e7b)
|
|
29
29
|
}),
|
|
30
30
|
q4: Honk.G1Point({
|
|
31
|
-
x: uint256(
|
|
32
|
-
y: uint256(
|
|
31
|
+
x: uint256(0x019d3ad6130f74a80db6a4f6480521fb87ea52247dd96de060ffa7bb04b32885),
|
|
32
|
+
y: uint256(0x2fed009cd6974244ed643b1214943f8f48d9033e6236457ec9a601e0005ba444)
|
|
33
33
|
}),
|
|
34
34
|
qm: Honk.G1Point({
|
|
35
|
-
x: uint256(
|
|
36
|
-
y: uint256(
|
|
35
|
+
x: uint256(0x1aa0f6fd5c3d53ae9bc8c76ad7e015a7b3a131aee52255966082dd0584a2d867),
|
|
36
|
+
y: uint256(0x292ea51ab60890143445fd667e86ce788e24d625225d24fe6eef31d2cb8763b4)
|
|
37
37
|
}),
|
|
38
38
|
qc: Honk.G1Point({
|
|
39
|
-
x: uint256(
|
|
40
|
-
y: uint256(
|
|
39
|
+
x: uint256(0x24cf8ec004d7a8a319a93ae7a62193e11e33cda3b072fee4cc92fbcf04e26c53),
|
|
40
|
+
y: uint256(0x0acca02ae37ea0155238f82833cbc3727c9c10d74ae862a02b70edc2bbf53fec)
|
|
41
41
|
}),
|
|
42
42
|
qLookup: Honk.G1Point({
|
|
43
43
|
x: uint256(0x056cab9e0cc90d6187f1504470e987376fb9d964f5e69f79d3dc50a3aba8b070),
|
|
44
44
|
y: uint256(0x2a0690805846bbbba0fe533d4ec11edc41678b77983bcba8f10a71ece5298fee)
|
|
45
45
|
}),
|
|
46
46
|
qArith: Honk.G1Point({
|
|
47
|
-
x: uint256(
|
|
48
|
-
y: uint256(
|
|
47
|
+
x: uint256(0x18850029d66fb7379caabfcb3d3b694c550a6413b84644f0d13b9e05554329b7),
|
|
48
|
+
y: uint256(0x216fb14305fc176ea326c69925161a0024e25d53909f3fd0c09871be5f94f8a0)
|
|
49
49
|
}),
|
|
50
50
|
qDeltaRange: Honk.G1Point({
|
|
51
51
|
x: uint256(0x1faf3b8674c17daf3e0f63e7c9356cacb82450ef207412dcf21922e73850f746),
|
|
@@ -72,20 +72,20 @@ library HonkVerificationKey {
|
|
|
72
72
|
y: uint256(0x0dfb3edabbbd97745fea4c569bc99dd450bad935f50610a36639cae94acddf56)
|
|
73
73
|
}),
|
|
74
74
|
s1: Honk.G1Point({
|
|
75
|
-
x: uint256(
|
|
76
|
-
y: uint256(
|
|
75
|
+
x: uint256(0x22d479c6eca52747dcca3a59269018e74cb9dbd7a7bf4c0f3cd380d022896fea),
|
|
76
|
+
y: uint256(0x0c3961f035d12e248dfa9f22f8ab9c6343c6c636d56ac5180334381e03f96c11)
|
|
77
77
|
}),
|
|
78
78
|
s2: Honk.G1Point({
|
|
79
|
-
x: uint256(
|
|
80
|
-
y: uint256(
|
|
79
|
+
x: uint256(0x0c5ca053933191ff3aad8b265619f6a4fe97650125d1c33d3af5513c18e3f48e),
|
|
80
|
+
y: uint256(0x095932332027f209dc52666412aedb31121ee12d0f6ee50870d1cf8c7662b2a0)
|
|
81
81
|
}),
|
|
82
82
|
s3: Honk.G1Point({
|
|
83
|
-
x: uint256(
|
|
84
|
-
y: uint256(
|
|
83
|
+
x: uint256(0x25b689112c3e1dd78e43260f40c2c6e6316b16f58fdf665ac727f9b7d423cdb7),
|
|
84
|
+
y: uint256(0x2c9974d76ea25589eef8f777bceca914c3d7d145c5fba75413cf30120621fb86)
|
|
85
85
|
}),
|
|
86
86
|
s4: Honk.G1Point({
|
|
87
|
-
x: uint256(
|
|
88
|
-
y: uint256(
|
|
87
|
+
x: uint256(0x22ee739f9fb4fdcb29a7ed18db916919795d688ab94175ce5acb46348b0d8809),
|
|
88
|
+
y: uint256(0x021d5b6eb780aa2015158d6039437c956079b61f8fc2c97352303458ce6f91ba)
|
|
89
89
|
}),
|
|
90
90
|
t1: Honk.G1Point({
|
|
91
91
|
x: uint256(0x1f16b037f0b4c96ea2a30a118a44e139881c0db8a4d6c9fde7db5c1c1738e61f),
|
|
@@ -104,20 +104,20 @@ library HonkVerificationKey {
|
|
|
104
104
|
y: uint256(0x2d7e8c1ecb92e2490049b50efc811df63f1ca97e58d5e82852dbec0c29715d71)
|
|
105
105
|
}),
|
|
106
106
|
id1: Honk.G1Point({
|
|
107
|
-
x: uint256(
|
|
108
|
-
y: uint256(
|
|
107
|
+
x: uint256(0x01b858b61eaf5d54df5361d88c410ea379acb66cff9b2280dfa9e2ec57609ed1),
|
|
108
|
+
y: uint256(0x2f764a892dc8a7efc8f9e58b4778aa8b0b94a979a7d6231ee26311a20623d2d2)
|
|
109
109
|
}),
|
|
110
110
|
id2: Honk.G1Point({
|
|
111
|
-
x: uint256(
|
|
112
|
-
y: uint256(
|
|
111
|
+
x: uint256(0x0ee58f929bb58de7d3e780126fcfac0943adab83776166c10b7626d2a0d04695),
|
|
112
|
+
y: uint256(0x1ead787a8fbc072a941301774d04a4a590036e9db96de8432732592156a44f1a)
|
|
113
113
|
}),
|
|
114
114
|
id3: Honk.G1Point({
|
|
115
|
-
x: uint256(
|
|
116
|
-
y: uint256(
|
|
115
|
+
x: uint256(0x28628c4f0e01831a2406331bc0901948f2f2bc22200b2ce26d92558502cd3b96),
|
|
116
|
+
y: uint256(0x16d113fc0d0188deb7bcc2148bf2066003d5d2f6b7490201570d2ba5aa9b38ea)
|
|
117
117
|
}),
|
|
118
118
|
id4: Honk.G1Point({
|
|
119
|
-
x: uint256(
|
|
120
|
-
y: uint256(
|
|
119
|
+
x: uint256(0x282448418450184e943367153db43c02bd17640d2a40ed1861833b63f0cef798),
|
|
120
|
+
y: uint256(0x2dc5b559853ab1d7bf820f393e913fe435ccf95f84f9d8740d5f99bfcc3e3cea)
|
|
121
121
|
}),
|
|
122
122
|
lagrangeFirst: Honk.G1Point({
|
|
123
123
|
x: uint256(0x0000000000000000000000000000000000000000000000000000000000000001),
|
|
@@ -12,8 +12,8 @@ import { IDecryptionVerifier } from "@enclave-e3/contracts/contracts/interfaces/
|
|
|
12
12
|
contract MockEnclave {
|
|
13
13
|
bytes public plaintextOutput;
|
|
14
14
|
|
|
15
|
-
function setPlaintextOutput(
|
|
16
|
-
plaintextOutput =
|
|
15
|
+
function setPlaintextOutput(bytes memory plaintext) external {
|
|
16
|
+
plaintextOutput = plaintext;
|
|
17
17
|
}
|
|
18
18
|
|
|
19
19
|
function getE3(uint256 e3Id) external view returns (E3 memory) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@crisp-e3/contracts",
|
|
3
|
-
"version": "0.5.
|
|
3
|
+
"version": "0.5.3",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"files": [
|
|
6
6
|
"contracts",
|
|
@@ -59,8 +59,8 @@
|
|
|
59
59
|
"typechain": "^8.3.0",
|
|
60
60
|
"typescript": "5.8.3",
|
|
61
61
|
"viem": "2.30.6",
|
|
62
|
-
"@crisp-e3/
|
|
63
|
-
"@crisp-e3/
|
|
62
|
+
"@crisp-e3/zk-inputs": "^0.5.3",
|
|
63
|
+
"@crisp-e3/sdk": "^0.5.3"
|
|
64
64
|
},
|
|
65
65
|
"scripts": {
|
|
66
66
|
"compile": "hardhat compile",
|
|
@@ -69,7 +69,8 @@
|
|
|
69
69
|
"ciphernode:add:self": "hardhat ciphernode:add",
|
|
70
70
|
"clean:deployments": "hardhat utils:clean-deployments",
|
|
71
71
|
"deploy:contracts": "hardhat run deploy/deploy.ts",
|
|
72
|
-
"deploy:contracts:full": "export DEPLOY_ENCLAVE=true
|
|
72
|
+
"deploy:contracts:full": "export DEPLOY_ENCLAVE=true && pnpm deploy:contracts",
|
|
73
|
+
"deploy:contracts:full:mock": "export DEPLOY_ENCLAVE=true USE_MOCK_VERIFIER=true PRINT_ENV_VARS=true && pnpm deploy:contracts",
|
|
73
74
|
"test": "hardhat test mocha",
|
|
74
75
|
"verify": "hardhat run deploy/verify.ts",
|
|
75
76
|
"updateSubmissionWindow": "hardhat ciphernode:window"
|