Skip to content

Commit

Permalink
Keys
Browse files Browse the repository at this point in the history
  • Loading branch information
dvush committed Nov 24, 2020
1 parent 002d151 commit 1a2a2f5
Show file tree
Hide file tree
Showing 27 changed files with 902 additions and 275 deletions.
81 changes: 64 additions & 17 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 7 additions & 22 deletions contracts/contracts/Verifier.sol
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,10 @@ contract Verifier is KeysWithPlonkVerifier {
uint256[] memory _proof,
uint8[] memory _vkIndexes,
uint256[] memory _individual_vks_inputs,
uint256[16] memory _subproofs_limbs
uint256[16] memory _subproofs_limbs,
bool blockProof
) external view returns (bool) {
if (DUMMY_VERIFIER) {
if (DUMMY_VERIFIER && blockProof) {
uint256 oldGasValue = gasleft();
uint256 tmp;
while (gasleft() + 500000 > oldGasValue) {
Expand All @@ -36,35 +37,19 @@ contract Verifier is KeysWithPlonkVerifier {
_individual_vks_inputs[i] = uint256(commitment) & mask;
}
VerificationKey memory vk = getVkAggregated(uint32(_vkIndexes.length));

uint256 treeRoot = blockProof ? VK_TREE_ROOT : VK_EXIT_TREE_ROOT;

return
verify_serialized_proof_with_recursion(
_recursiveInput,
_proof,
VK_TREE_ROOT,
treeRoot,
VK_MAX_INDEX,
_vkIndexes,
_individual_vks_inputs,
_subproofs_limbs,
vk
);
}

function verifyExitProof(
bytes32 _rootHash,
uint32 _accountId,
address _owner,
uint16 _tokenId,
uint128 _amount,
uint256[] calldata _proof
) external view returns (bool) {
bytes32 commitment = sha256(abi.encodePacked(_rootHash, _accountId, _owner, _tokenId, _amount));

uint256[] memory inputs = new uint256[](1);
uint256 mask = (~uint256(0)) >> 3;
inputs[0] = uint256(commitment) & mask;
Proof memory proof = deserialize_proof(inputs, _proof);
VerificationKey memory vk = getVkExit();
require(vk.num_inputs == inputs.length);
return verify(proof, vk);
}
}
52 changes: 38 additions & 14 deletions contracts/contracts/ZkSync.sol
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,15 @@ contract ZkSync is UpgradeableMaster, Storage, Config, Events, ReentrancyGuard {
uint256 commitmentIdx;
}

/// @notice Recursive proof input data (individual commitments are constructed onchain)
struct ProofInput {
uint256[] recursiveInput;
uint256[] proof;
uint256[] commitments;
uint8[] vkIndexes;
uint256[16] subproofsLimbs;
}

// Upgrade functional

/// @notice Notice period before activation preparation status of upgrade mode
Expand Down Expand Up @@ -429,19 +438,20 @@ contract ZkSync is UpgradeableMaster, Storage, Config, Events, ReentrancyGuard {

/// @notice Blocks commitment verification.
/// @notice Only verifies block commitments without any other processing
function verifyCommitments(
uint256[] memory _recursiveInput,
uint256[] memory _proof,
uint8[] memory _vkIndexes,
uint256[] memory _commitments,
uint256[16] memory _subproofsLibms
) external {
function verifyCommitments(ProofInput memory _proof) external {
bool success =
verifier.verifyAggregatedProof(_recursiveInput, _proof, _vkIndexes, _commitments, _subproofsLibms);
verifier.verifyAggregatedProof(
_proof.recursiveInput,
_proof.proof,
_proof.vkIndexes,
_proof.commitments,
_proof.subproofsLimbs,
true
);

require(success, "vf1"); // Aggregated proof verification fail

verifiedCommitmentHashes[keccak256(abi.encode(_commitments))] = true;
verifiedCommitmentHashes[keccak256(abi.encode(_proof.commitments))] = true;
}

/// @notice Reverts unverified blocks
Expand Down Expand Up @@ -498,16 +508,30 @@ contract ZkSync is UpgradeableMaster, Storage, Config, Events, ReentrancyGuard {
uint32 _accountId,
uint16 _tokenId,
uint128 _amount,
uint256[] calldata _proof
ProofInput memory _proof
) external nonReentrant {
bytes22 packedBalanceKey = packAddressAndTokenId(msg.sender, _tokenId);
require(exodusMode, "fet11"); // must be in exodus mode
require(!exited[_accountId][_tokenId], "fet12"); // already exited
require(storedBlockHashes[totalBlocksVerified] == hashStoredBlockInfo(_storedBlockInfo), "fet13"); // incorrect sotred block info
require(
verifier.verifyExitProof(_storedBlockInfo.stateHash, _accountId, msg.sender, _tokenId, _amount, _proof),
"fet13"
); // verification failed

uint256 commitment =
uint256(sha256(abi.encodePacked(_storedBlockInfo.stateHash, _accountId, msg.sender, _tokenId, _amount)));
require(_proof.commitments.length == 1, "fet15");
uint256 mask = (~uint256(0)) >> 3;
commitment = commitment & mask;
require(_proof.commitments[0] == commitment, "fet14");

bool proofCorrect =
verifier.verifyAggregatedProof(
_proof.recursiveInput,
_proof.proof,
_proof.vkIndexes,
_proof.commitments,
_proof.subproofsLimbs,
false
);
require(proofCorrect, "fet13");

increaseBalanceToWithdraw(packedBalanceKey, _amount);
exited[_accountId][_tokenId] = true;
Expand Down
2 changes: 1 addition & 1 deletion contracts/hardhat.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ export default {
UPGRADE_NOTICE_PERIOD: 0,
MAX_AMOUNT_OF_REGISTERED_TOKENS: 5,
PRIORITY_EXPIRATION: 101,
DUMMY_VERIFIER: true
DUMMY_VERIFIER: false
}
}
};
3 changes: 3 additions & 0 deletions core/bin/key_generator/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@
//! and `SUPPORTED_BLOCK_CHUNKS_SIZES_SETUP_POWERS` that are read from env in config files.
//! Before generating parameters universal setup keys should be downloaded using `zksync plonk-setup` command.
mod recursive_keys;
mod verifier_contract_generator;
mod zksync_key;

use structopt::StructOpt;

use crate::recursive_keys::make_recursive_verification_keys;
use crate::verifier_contract_generator::create_verifier_contract;
use crate::zksync_key::{make_plonk_blocks_verify_keys, make_plonk_exodus_verify_key};
use zksync_config::AvailableBlockSizesConfig;
Expand Down Expand Up @@ -44,6 +46,7 @@ fn main() {
Command::Keys => {
make_plonk_exodus_verify_key();
make_plonk_blocks_verify_keys(config);
make_recursive_verification_keys();
}
Command::Contract => {
create_verifier_contract(config);
Expand Down
Loading

0 comments on commit 1a2a2f5

Please sign in to comment.