@inco/lightning 0.9.0-devnet-test-10 → 0.10.0-devnet-1

package/src/lightning-parts/EncryptedInput.sol

@@ -24,15 +24,67 @@ error ExternalHandleDoesNotMatchComputedHandle(
     address aclAddress,
     address userAddress,
     address contractAddress,
-    int32 version
+    uint16 version
 );
 
+/// @title EncryptedInputStorage
+/// @notice Storage for EncryptedInput contract using ERC-7201 namespaced storage pattern
+/// @dev Stores a whitelist of accepted versions for encrypted inputs.
+abstract contract EncryptedInputStorage {
+
+    /// @notice Storage for version whitelist, using ERC-7201 namespaced storage.
+    struct StorageForEncryptedInput {
+        /// @notice Mapping of accepted version numbers for encrypted inputs.
+        /// @dev Only versions in this mapping are accepted for new inputs.
+        mapping(uint16 => bool) acceptedVersions;
+    }
+
+    /// @notice Storage slot location using keccak256 of a unique namespace string
+    bytes32 private constant ENCRYPTED_INPUT_STORAGE_LOCATION = keccak256("inco.storage.EncryptedInput");
+
+    /// @notice Retrieves the storage struct from its dedicated slot
+    /// @dev Uses assembly to directly access the storage slot for gas efficiency
+    /// @return $ Reference to the StorageForEncryptedInput struct
+    function _getEncryptedInputStorage() internal pure returns (StorageForEncryptedInput storage $) {
+        bytes32 loc = ENCRYPTED_INPUT_STORAGE_LOCATION;
+        assembly {
+            $.slot := loc
+        }
+    }
+
+}
+
 /// @title EncryptedInput
 /// @notice Handles the submission of client-encrypted values to create on-chain encrypted handles.
 /// @dev Users encrypt values client-side and submit them with a prepended handle as a checksum.
 /// The contract verifies the handle matches the on-chain computation to ensure context consistency.
 /// This is a paid operation - users must send ETH to cover processing costs.
-abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, HandleGeneration, Fee {
+abstract contract EncryptedInput is
+    IEncryptedInput,
+    EncryptedInputStorage,
+    BaseAccessControlList,
+    HandleGeneration,
+    Fee
+{
+
+    /// @notice Sets whether a version is accepted.
+    /// @param version The version number (must be non-negative).
+    /// @param accepted Whether the version should be accepted.
+    function _setAcceptedVersion(uint16 version, bool accepted) internal {
+        _getEncryptedInputStorage().acceptedVersions[version] = accepted;
+        if (accepted) {
+            emit VersionAccepted(version);
+        } else {
+            emit VersionRemoved(version);
+        }
+    }
+
+    /// @notice Checks whether a version is accepted.
+    /// @param version The version number to check.
+    /// @return True if the version is in the whitelist.
+    function isAcceptedVersion(uint16 version) public view returns (bool) {
+        return _getEncryptedInputStorage().acceptedVersions[version];
+    }
 
     /// @notice Emitted when a new encrypted input is submitted.
     /// @param result The generated handle for the encrypted value.
@@ -44,7 +96,7 @@ abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, Hand
         bytes32 indexed result,
         address indexed contractAddress,
         address indexed user,
-        int32 version,
+        uint16 version,
         bytes ciphertext,
         uint256 eventId
     );
@@ -86,6 +138,9 @@ abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, Hand
         returns (bytes32 newHandle)
     {
         newHandle = _newInput(input, user, inputType);
+        // We allow to user since this is harmless and it is convenient to use the allow mapping to track inputs.
+        // NOTE: the allow must come after emitting the new input event, since allow emits its own event.
+        allowInternal(newHandle, user);
     }
 
     /// @dev Internal function to process encrypted input without fee payment.
@@ -96,6 +151,21 @@ abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, Hand
     function newInputNotPaying(bytes calldata input, address user, ETypes inputType)
         internal
         returns (bytes32 newHandle)
+    {
+        newHandle = _newInput(input, user, inputType);
+        // We allow to user since this is harmless and it is convenient to use the allow mapping to track inputs.
+        // NOTE: the allow must come after emitting the new input event, since allow emits its own event.
+        allowInternal(newHandle, user);
+    }
+
+    /// @dev Internal function to process encrypted input without fee payment and without emitting events.
+    /// Used by EList for importing multiple inputs without emitting individual events for each input.
+    /// @param user The user address that encrypted the value.
+    /// @param inputType The type of encrypted value.
+    /// @return newHandle The generated handle.
+    function newInputNotPayingNotEmitting(bytes calldata input, address user, ETypes inputType)
+        internal
+        returns (bytes32 newHandle)
     {
         newHandle = _newInput(input, user, inputType);
     }
@@ -111,10 +181,13 @@ abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, Hand
     function _newInput(bytes calldata input, address user, ETypes inputType) private returns (bytes32 handle) {
         // Since there is no sensible way to handle abi.decode errors (https://github.com/argotorg/solidity/issues/10381)
         // at least fail early on a conservative minimum length
-        require(input.length >= 68, "Input too short, should be at least 68 bytes");
+        require(input.length >= 68, InputLengthTooShort(input.length));
         // Parse the version from the first 4 bytes.
         bytes4 prefix = bytes4(input[:4]);
-        int32 version = int32(uint32(prefix));
+        uint16 version = uint16(uint32(prefix));
+
+        // Reject versions not in the whitelist
+        require(isAcceptedVersion(version), InvalidInputVersion(version));
         // Remove external handle prepended to input as a checksum
         (bytes32 externalHandle, bytes memory ciphertext) = abi.decode(input[4:], (bytes32, bytes));
         handle = getInputHandle(ciphertext, user, msg.sender, version, inputType);
@@ -143,9 +216,6 @@ abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, Hand
             eventId: id
         });
         setDigest(abi.encodePacked(handle, id));
-        // We allow to user since this is harmless and it is convenient to use the allow mapping to track inputs.
-        // NOTE: the allow must come after emitting the new input event, since allow emits its own event.
-        allowInternal(handle, user);
         allowTransientInternal(handle, msg.sender);
     }
 

package/src/lightning-parts/EncryptedOperations.sol

@@ -1,7 +1,16 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {euint256, ebool, EOps, SenderNotAllowedForHandle, ETypes, isTypeSupported, typeToBitMask} from "../Types.sol";
+import {
+    euint256,
+    ebool,
+    EOps,
+    SenderNotAllowedForHandle,
+    ETypes,
+    isTypeSupported,
+    canCastTo,
+    typeToBitMask
+} from "../Types.sol";
 import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
 import {IEncryptedOperations} from "./interfaces/IEncryptedOperations.sol";
@@ -24,6 +33,10 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     /// @param actual The unsupported type.
     error UnsupportedType(ETypes actual);
 
+    /// @notice Thrown when a cast is attempted to the same type.
+    /// @param t The type that was both source and target.
+    error SameTypeCast(ETypes t);
+
     uint256 internal randCounter;
     uint256 internal constant ONE = 1;
 
@@ -53,7 +66,6 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     event ELt(euint256 indexed lhs, euint256 indexed rhs, ebool indexed result, uint256 eventId);
     event EMin(euint256 indexed lhs, euint256 indexed rhs, euint256 indexed result, uint256 eventId);
     event EMax(euint256 indexed lhs, euint256 indexed rhs, euint256 indexed result, uint256 eventId);
-    event ERand(uint256 indexed counter, ETypes randType, bytes32 indexed result, uint256 eventId);
     event ERandBounded(
         uint256 indexed counter, ETypes randType, bytes32 indexed upperBound, bytes32 indexed result, uint256 eventId
     );
@@ -135,7 +147,7 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     }
 
     /// @notice Divides one encrypted uint256 by another.
-    /// @dev Division by zero returns zero.
+    /// @dev Division by zero returns encrypted type(uint256).max.
     /// @param lhs The dividend (encrypted).
     /// @param rhs The divisor (encrypted).
     /// @return result The encrypted quotient (lhs / rhs).
@@ -149,7 +161,7 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     }
 
     /// @notice Computes the remainder of dividing one encrypted uint256 by another.
-    /// @dev Remainder by zero returns zero.
+    /// @dev Remainder by zero returns the encrypted dividend (lhs).
     /// @param lhs The dividend (encrypted).
     /// @param rhs The divisor (encrypted).
     /// @return result The encrypted remainder (lhs % rhs).
@@ -167,11 +179,11 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     /// @param rhs The right-hand side encrypted operand (must be same type as lhs).
     /// @return result The encrypted bitwise AND result.
     function eBitAnd(bytes32 lhs, bytes32 rhs) external returns (bytes32 result) {
+        checkInput(lhs, SUPPORTED_TYPES_MASK);
+        checkInput(rhs, SUPPORTED_TYPES_MASK);
         ETypes lhsType = typeOf(lhs);
         ETypes rhsType = typeOf(rhs);
-        checkInput(lhs, typeToBitMask(lhsType));
-        checkInput(rhs, typeToBitMask(rhsType));
-        require(lhsType == rhsType, UnexpectedType(lhsType, typeToBitMask(rhsType)));
+        require(lhsType == rhsType, UnexpectedType(rhsType, typeToBitMask(lhsType)));
         uint256 id = getNextEventId();
         result = createResultHandle(EOps.BitAnd, lhsType, abi.encodePacked(lhs, rhs));
         emit EBitAnd(lhs, rhs, result, id);
@@ -183,11 +195,11 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     /// @param rhs The right-hand side encrypted operand (must be same type as lhs).
     /// @return result The encrypted bitwise OR result.
     function eBitOr(bytes32 lhs, bytes32 rhs) external returns (bytes32 result) {
+        checkInput(lhs, SUPPORTED_TYPES_MASK);
+        checkInput(rhs, SUPPORTED_TYPES_MASK);
         ETypes lhsType = typeOf(lhs);
         ETypes rhsType = typeOf(rhs);
-        checkInput(lhs, typeToBitMask(lhsType));
-        checkInput(rhs, typeToBitMask(rhsType));
-        require(lhsType == rhsType, UnexpectedType(lhsType, typeToBitMask(rhsType)));
+        require(lhsType == rhsType, UnexpectedType(rhsType, typeToBitMask(lhsType)));
         uint256 id = getNextEventId();
         result = createResultHandle(EOps.BitOr, lhsType, abi.encodePacked(lhs, rhs));
         emit EBitOr(lhs, rhs, result, id);
@@ -199,11 +211,11 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     /// @param rhs The right-hand side encrypted operand (must be same type as lhs).
     /// @return result The encrypted bitwise XOR result.
     function eBitXor(bytes32 lhs, bytes32 rhs) external returns (bytes32 result) {
+        checkInput(lhs, SUPPORTED_TYPES_MASK);
+        checkInput(rhs, SUPPORTED_TYPES_MASK);
         ETypes lhsType = typeOf(lhs);
         ETypes rhsType = typeOf(rhs);
-        checkInput(lhs, typeToBitMask(lhsType));
-        checkInput(rhs, typeToBitMask(rhsType));
-        require(lhsType == rhsType, UnexpectedType(lhsType, typeToBitMask(rhsType)));
+        require(lhsType == rhsType, UnexpectedType(rhsType, typeToBitMask(lhsType)));
         uint256 id = getNextEventId();
         result = createResultHandle(EOps.BitXor, lhsType, abi.encodePacked(lhs, rhs));
         emit EBitXor(lhs, rhs, result, id);
@@ -270,6 +282,9 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     function eEq(bytes32 lhs, bytes32 rhs) external returns (ebool result) {
         checkInput(lhs, SUPPORTED_TYPES_MASK);
         checkInput(rhs, SUPPORTED_TYPES_MASK);
+        ETypes lhsType = typeOf(lhs);
+        ETypes rhsType = typeOf(rhs);
+        require(lhsType == rhsType, UnexpectedType(rhsType, typeToBitMask(lhsType)));
 
         result = ebool.wrap(createResultHandle(EOps.Eq, ETypes.Bool, abi.encodePacked(lhs, rhs)));
         uint256 id = getNextEventId();
@@ -285,6 +300,9 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     function eNe(bytes32 lhs, bytes32 rhs) external returns (ebool result) {
         checkInput(lhs, SUPPORTED_TYPES_MASK);
         checkInput(rhs, SUPPORTED_TYPES_MASK);
+        ETypes lhsType = typeOf(lhs);
+        ETypes rhsType = typeOf(rhs);
+        require(lhsType == rhsType, UnexpectedType(rhsType, typeToBitMask(lhsType)));
 
         result = ebool.wrap(createResultHandle(EOps.Ne, ETypes.Bool, abi.encodePacked(lhs, rhs)));
         uint256 id = getNextEventId();
@@ -381,42 +399,31 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
         setDigest(abi.encodePacked(result, id));
     }
 
-    /// @notice Casts an encrypted value to a different encrypted type.
-    /// @dev Supports casting between euint256, ebool, and eaddress.
+    /// @notice Casts an encrypted value to a different encrypted type. Same-type casting is not allowed.
+    /// @dev Supports casting to euint256 and eaddress. Casting to ebool is not supported, only from ebool to a larger type.
+    ///      Reverts with SameTypeCast if the source type matches the target type.
     /// @param ct The encrypted value to cast.
     /// @param toType The target type to cast to.
     /// @return result The casted encrypted value.
     function eCast(bytes32 ct, ETypes toType) external returns (bytes32 result) {
         checkInput(ct, SUPPORTED_TYPES_MASK);
-        require(isTypeSupported(toType), UnsupportedType(toType));
+        require(canCastTo(toType), UnsupportedType(toType));
+        require(typeOf(ct) != toType, SameTypeCast(toType));
         result = createResultHandle(EOps.Cast, toType, abi.encodePacked(ct));
-        allowTransientInternal(result, msg.sender);
         uint256 id = getNextEventId();
         emit ECast(ct, uint8(toType), result, id);
         setDigest(abi.encodePacked(result, id));
     }
 
-    /// @notice Generates an encrypted random value of the specified type.
-    /// @dev This is a paid operation.
-    /// @param randType The type of random value to generate.
-    /// @return result An encrypted random value.
-    function eRand(ETypes randType) external payable paying returns (bytes32 result) {
-        require(isTypeSupported(randType), UnsupportedType(randType));
-        randCounter++;
-        result = createResultHandle(EOps.Rand, randType, abi.encodePacked(bytes32(randCounter)));
-        uint256 id = getNextEventId();
-        emit ERand(randCounter, randType, result, id);
-        setDigest(abi.encodePacked(result, id));
-    }
-
     /// @notice Generates an encrypted random value bounded by an upper limit.
     /// @dev This is a paid operation. The result is in the range [0, upperBound).
-    /// @param upperBound The encrypted upper bound (exclusive).
-    /// @param randType The type of random value to generate.
+    /// @param upperBound The encrypted upper bound (exclusive). If the upper bound is e(0), the whole bit width of randType is sampled.
+    /// @param randType The type of random value to generate. If upperBound is larger than the maximum value of randType, the function will revert.
     /// @return result An encrypted random value less than upperBound.
     function eRandBounded(bytes32 upperBound, ETypes randType) external payable paying returns (bytes32 result) {
         require(isTypeSupported(randType), UnsupportedType(randType));
-        checkInput(upperBound, typeToBitMask(ETypes.Uint256));
+        require(typeOf(upperBound) <= randType, UnexpectedType(typeOf(upperBound), typeToBitMask(randType)));
+        checkInput(upperBound, SUPPORTED_TYPES_MASK);
         randCounter++;
         result = createResultHandle(EOps.RandBounded, randType, abi.encodePacked(bytes32(randCounter), upperBound));
         uint256 id = getNextEventId();
@@ -435,7 +442,6 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
         ETypes returnType = checkEIfThenElseInputs(control, ifTrue, ifFalse);
         result =
             createResultHandle(EOps.IfThenElse, returnType, abi.encodePacked(ebool.unwrap(control), ifTrue, ifFalse));
-        allowTransientInternal(result, msg.sender);
         uint256 id = getNextEventId();
         emit EIfThenElse(control, ifTrue, ifFalse, result, id);
         setDigest(abi.encodePacked(result, id));

package/src/lightning-parts/Fee.sol

@@ -1,11 +1,15 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
+import {ETypes, typeBitSize} from "../Types.sol";
+
 /// @dev The current fee required for paid encryption operations.
 ///      This constant may be modified through contract upgrades.
 ///      Developers should call getFee() rather than hardcoding this value.
 uint256 constant FEE = 0.000001 ether;
 
+uint256 constant BIT_FEE = FEE / 256;
+
 /// @title Fee
 /// @notice Fee management utilities for encryption operations that require payment
 /// @dev Certain operations (encrypted inputs, randomness) require a fee to cover covalidator costs.
@@ -48,6 +52,31 @@ abstract contract Fee {
         _;
     }
 
+    /// @notice Modifier that requires payment proportional to elist bit size
+    /// @dev Fee = totalBits * BIT_FEE. totalBits is the sum of bit sizes across all elist inputs and outputs.
+    /// @param totalBits The total elist bit count for the operation
+    modifier payingElistFee(uint256 totalBits) {
+        require(msg.value == totalBits * BIT_FEE, FeeNotPaid());
+        _;
+    }
+
+    /// @notice Returns the per-bit fee for elist operations
+    /// @dev The fee may change through contract upgrades. Always query this function
+    ///      to get the current fee rather than caching the value.
+    /// @return The per-bit fee amount in wei
+    function getBitFee() public pure returns (uint256) {
+        return BIT_FEE;
+    }
+
+    /// @notice Returns the fee for an elist operation given element count and type
+    /// @dev Fee = BIT_FEE * nOfElements * typeBitSize(elType)
+    /// @param nOfElements The number of elements in the resulting list
+    /// @param elType The element type of the list
+    /// @return The fee amount in wei
+    function getEListFee(uint16 nOfElements, ETypes elType) public pure returns (uint256) {
+        return BIT_FEE * uint256(nOfElements) * typeBitSize(elType);
+    }
+
     /// @notice Withdraws all accumulated fees to the specified recipient
     /// @dev Internal function called by IncoLightning.withdrawFees(). Transfers the entire
     ///      contract balance to the recipient.

package/src/lightning-parts/TEELifecycle.sol

@@ -1,4 +1,4 @@
-pragma solidity ^0.8.19;
+pragma solidity ^0.8;
 
 import {BootstrapResult, UpgradeResult, AddNodeResult} from "./TEELifecycle.types.sol";
 import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
@@ -23,8 +23,6 @@ contract TEELifecycleStorage {
 
     struct StorageForTeeLifecycle {
         IQuoteVerifier quoteVerifier;
-        BootstrapResult verifiedBootstrapResult;
-        bool bootstrapComplete;
         // @notice The list of approved TEE versions, each item is the MR_AGGREGATED 32 bytes
         // @dev The index of the TEE version is the version number
         bytes32[] approvedTeeVersions;
@@ -70,8 +68,6 @@ abstract contract TEELifecycle is
     // Events
     // @notice A new MR_AGGREGATED has been approved
     event NewTEEVersionApproved(uint256 indexed version, bytes32 indexed mrAggregated);
-    // @notice A previously approved TEE version has been removed
-    event TEEVersionRemoved(bytes32 indexed mrAggregated);
     event NewCovalidatorAdded(address covalidatorAddress, bytes quote);
     event BootstrapStageComplete(address indexed newEoaSigner, BootstrapResult bootstrapResult);
     // @notice Emitted to prove that an EOA has upgraded their TDX to a new
@@ -159,7 +155,7 @@ abstract contract TEELifecycle is
         UpgradeResult calldata upgradeResult,
         bytes calldata quote,
         bytes calldata signature
-    ) public {
+    ) public onlyOwner {
         StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
 
         require(isBootstrapComplete(), BootstrapNotComplete());
@@ -213,28 +209,6 @@ abstract contract TEELifecycle is
         emit NewTEEVersionApproved($.approvedTeeVersions.length - 1, newMrAggregated);
     }
 
-    /**
-     * @notice Removes a previously approved TEE version from the contract state
-     * @param mrAggregated - The MR_AGGREGATED bytes of the TEE version to remove
-     */
-    function removeApprovedTeeVersion(bytes32 mrAggregated) public onlyOwner {
-        StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
-        bool found = false;
-        for (uint256 i = 0; i < $.approvedTeeVersions.length; i++) {
-            if ($.approvedTeeVersions[i] == mrAggregated) {
-                // Shift all elements after index i to the left to preserve insertion order
-                for (uint256 j = i; j < $.approvedTeeVersions.length - 1; j++) {
-                    $.approvedTeeVersions[j] = $.approvedTeeVersions[j + 1];
-                }
-                $.approvedTeeVersions.pop();
-                found = true;
-                break;
-            }
-        }
-        require(found, TEEVersionNotFound());
-        emit TEEVersionRemoved(mrAggregated);
-    }
-
     function _isApprovedTeeVersion(bytes32 newMrAggregated) internal view returns (bool) {
         StorageForTeeLifecycle storage $ = getTeeLifecycleStorage();
         for (uint256 i = 0; i < $.approvedTeeVersions.length; i++) {
@@ -283,6 +257,40 @@ abstract contract TEELifecycle is
         return getTeeLifecycleStorage().networkPubkey.length > 0;
     }
 
+    /**
+     * @notice Resets the contract state to the initial state.
+     * @dev This function performs a destructive operation and should be used carefully. In particular:
+     * 1) This function will remove all signers and reset the network pubkey and approved TEE versions, requiring a full bootstrap to restore normal operation.
+     * 2) The contract effectively enters a maintenance mode where any operations that depend on signers or the network key will fail until re-bootstrap is completed.
+     * 3) This function is intended to be called only as part of a coordinated key rotation or recovery process, with off-chain components updated accordingly.
+     * @dev This function is only callable by the owner.
+     */
+    function reset() public onlyOwner {
+        getTeeLifecycleStorage().networkPubkey = bytes("");
+        getTeeLifecycleStorage().approvedTeeVersions = new bytes32[](0);
+
+        // Directly access SignatureVerifier storage to reset signers and threshold
+        // We bypass the normal functions because:
+        // 1. removeSigner is external and has threshold validation
+        // 2. setThreshold requires newThreshold > 0
+        // We emit RemovedSignatureVerifier and ThresholdChanged so off-chain
+        // systems tracking signer changes via events stay in sync.
+        StorageForSigVerifier storage sigStorage = getSigVerifierStorage();
+        uint256 oldThreshold = sigStorage.threshold;
+        if (oldThreshold > 0) {
+            emit ThresholdChanged(oldThreshold, 0);
+        }
+        sigStorage.threshold = 0;
+        // In theory, this could revert if there are many signers. But in
+        // practice, this should not be a problem.
+        while (sigStorage.signers.length > 0) {
+            address signer = sigStorage.signers[sigStorage.signers.length - 1];
+            sigStorage.isSigner[signer] = false;
+            sigStorage.signers.pop();
+            emit RemovedSignatureVerifier(signer);
+        }
+    }
+
     /**
      * @notice From https://github.com/automata-network/automata-dcap-attestation/blob/evm-v1.0.0/evm/contracts/AttestationEntrypointBase.sol#L103
      * @notice full on-chain verification for an attestation
@@ -381,7 +389,7 @@ abstract contract TEELifecycle is
 
     /**
      * @notice Computes the MR_AGGREGATED from the TD10 report body. It is defined as:
-     * KECCAK256(mrTd ++ rtMr0 ++ rtMr1 ++ rtMr2 ++ rtMr3)
+     * as KECCAK256(abi.encode(MRTD, RTMR0, RTMR1, RTMR2))
      * @param mrTd - The MR_TD bytes
      * @param rtMr0 - The RTMR0 bytes
      * @param rtMr1 - The RTMR1 bytes
@@ -393,7 +401,7 @@ abstract contract TEELifecycle is
         pure
         returns (bytes32)
     {
-        bytes memory message = abi.encodePacked(mrTd, rtMr0, rtMr1, rtMr2);
+        bytes memory message = abi.encode(mrTd, rtMr0, rtMr1, rtMr2);
         return keccak256(message);
     }
 

package/src/lightning-parts/TEELifecycle.types.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: No License
-pragma solidity ^0.8.19;
+pragma solidity ^0.8;
 
 /**
  * @notice A struct representing what the TDX EOA signs during the bootstrap process.

package/src/lightning-parts/TrivialEncryption.sol

@@ -1,7 +1,6 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {EventCounter} from "./primitives/EventCounter.sol";
 import {euint256, ebool, eaddress, ETypes} from "../Types.sol";
 import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
@@ -13,7 +12,7 @@ import {ITrivialEncryption} from "./interfaces/ITrivialEncryption.sol";
 /// on-chain (emitted in events), so this should only be used for values that are already public.
 /// Common use cases include initializing encrypted state with known values or creating encrypted
 /// constants. The resulting handles are granted transient access to the caller.
-abstract contract TrivialEncryption is ITrivialEncryption, EventCounter, BaseAccessControlList, HandleGeneration {
+abstract contract TrivialEncryption is ITrivialEncryption, BaseAccessControlList, HandleGeneration {
 
     /// @notice Emitted when a trivial encryption is performed.
     /// @param result The handle representing the encrypted value.

package/src/lightning-parts/interfaces/IDecryptionAttester.sol

@@ -1,7 +1,11 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {DecryptionAttestation} from "../DecryptionAttester.types.sol";
+import {
+    DecryptionAttestation,
+    ElementAttestationWithProof,
+    ReencryptionAttestation
+} from "../DecryptionAttester.types.sol";
 
 interface IDecryptionAttester {
 
@@ -10,5 +14,16 @@ interface IDecryptionAttester {
         external
         view
         returns (bool);
+    function isValidEListDecryptionAttestation(
+        bytes32 elistHandle,
+        ElementAttestationWithProof[] memory proofElements,
+        bytes32 proof,
+        bytes[] memory signatures
+    ) external view returns (bool);
+    function reencryptionAttestationDigest(ReencryptionAttestation memory attestation) external view returns (bytes32);
+    function isValidReencryptionAttestation(
+        ReencryptionAttestation[] calldata attestations,
+        bytes[] calldata signatures
+    ) external view returns (bool);
 
 }

package/src/lightning-parts/interfaces/IEList.sol

@@ -0,0 +1,38 @@
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {elist, ETypes} from "../../Types.sol";
+import {IEListHandleMetadata} from "../primitives/interfaces/IEListHandleMetadata.sol";
+import {IEncryptedOperations} from "./IEncryptedOperations.sol";
+import {IEncryptedInput} from "./IEncryptedInput.sol";
+
+interface IEList is IEncryptedOperations, IEncryptedInput, IEListHandleMetadata {
+
+    function newEList(bytes32[] memory handles, ETypes listType) external payable returns (elist newList);
+
+    function newEList(bytes[] calldata inputs, ETypes listType, address user) external payable returns (elist newList);
+
+    function listAppend(elist list, bytes32 value) external payable returns (elist result);
+
+    function listGet(elist list, uint16 i) external returns (bytes32 result);
+
+    function listGetOr(elist list, bytes32 i, bytes32 defaultValue) external returns (bytes32 result);
+
+    function listSet(elist list, bytes32 i, bytes32 value) external payable returns (elist result);
+
+    function listInsert(elist list, bytes32 i, bytes32 value) external payable returns (elist result);
+
+    function listConcat(elist lhs, elist rhs) external payable returns (elist result);
+
+    function listSlice(elist list, bytes32 start, uint16 len, bytes32 defaultValue)
+        external
+        payable
+        returns (elist result);
+
+    function listRange(uint16 start, uint16 end, ETypes listType) external payable returns (elist result);
+
+    function listShuffle(elist list) external payable returns (elist result);
+
+    function listReverse(elist list) external payable returns (elist result);
+
+}

package/src/lightning-parts/interfaces/IEncryptedInput.sol

@@ -2,8 +2,16 @@
 pragma solidity ^0.8;
 
 import {euint256, ebool, eaddress} from "../../Types.sol";
+import {IBaseAccessControlList} from "../AccessControl/interfaces/IBaseAccessControlList.sol";
+import {IHandleGeneration} from "../primitives/interfaces/IHandleGeneration.sol";
 
-interface IEncryptedInput {
+interface IEncryptedInput is IBaseAccessControlList, IHandleGeneration {
+
+    error InvalidInputVersion(uint16 version);
+    error InputLengthTooShort(uint256 length);
+
+    event VersionAccepted(uint16 indexed version);
+    event VersionRemoved(uint16 indexed version);
 
     function newEuint256(bytes calldata ciphertext, address user) external payable returns (euint256 newValue);
     function newEbool(bytes calldata ciphertext, address user) external payable returns (ebool newValue);

package/src/lightning-parts/interfaces/IEncryptedOperations.sol

@@ -2,8 +2,10 @@
 pragma solidity ^0.8;
 
 import {euint256, ebool, ETypes} from "../../Types.sol";
+import {IBaseAccessControlList} from "../AccessControl/interfaces/IBaseAccessControlList.sol";
+import {IHandleGeneration} from "../primitives/interfaces/IHandleGeneration.sol";
 
-interface IEncryptedOperations {
+interface IEncryptedOperations is IBaseAccessControlList, IHandleGeneration {
 
     function eAdd(euint256 lhs, euint256 rhs) external returns (euint256 result);
     function eSub(euint256 lhs, euint256 rhs) external returns (euint256 result);
@@ -27,7 +29,6 @@ interface IEncryptedOperations {
     function eMax(euint256 lhs, euint256 rhs) external returns (euint256 result);
     function eNot(ebool operand) external returns (ebool result);
     function eCast(bytes32 ct, ETypes toType) external returns (bytes32 result);
-    function eRand(ETypes randType) external payable returns (bytes32 result);
     function eRandBounded(bytes32 upperBound, ETypes randType) external payable returns (bytes32 result);
     function eIfThenElse(ebool condition, bytes32 ifTrue, bytes32 ifFalse) external returns (bytes32 result);
 

package/src/lightning-parts/interfaces/ITEELifecycle.sol

@@ -1,5 +1,5 @@
 /// SPDX-License-Identifier: No License
-pragma solidity ^0.8.19;
+pragma solidity ^0.8;
 
 import {BootstrapResult, UpgradeResult, AddNodeResult} from "../TEELifecycle.types.sol";
 import {IQuoteVerifier} from "../../interfaces/automata-interfaces/IQuoteVerifier.sol";

package/src/lightning-parts/interfaces/ITrivialEncryption.sol

@@ -2,8 +2,10 @@
 pragma solidity ^0.8;
 
 import {euint256, ebool, eaddress} from "../../Types.sol";
+import {IBaseAccessControlList} from "../AccessControl/interfaces/IBaseAccessControlList.sol";
+import {IHandleGeneration} from "../primitives/interfaces/IHandleGeneration.sol";
 
-interface ITrivialEncryption {
+interface ITrivialEncryption is IBaseAccessControlList, IHandleGeneration {
 
     function asEuint256(uint256 value) external returns (euint256 newEuint256);
     function asEbool(bool value) external returns (ebool newEbool);