feat: zisk integration in aligned proof aggregation service contract

Author: MarcosNicolau

Makefile

@@ -107,7 +107,7 @@ show_aligned_error_codes: ## Show AlignedLayer error codes
 
 __CONTRACTS_DEPLOYMENT_ANVIL__: ## ____
 
-anvil_deploy_all_contracts: anvil_deploy_eigen_contracts anvil_deploy_risc0_contracts anvil_deploy_sp1_contracts anvil_deploy_aligned_contracts
+anvil_deploy_all_contracts: anvil_deploy_eigen_contracts anvil_deploy_risc0_contracts anvil_deploy_sp1_contracts anvil_deploy_zisk_contracts anvil_deploy_aligned_contracts
 
 anvil_deploy_eigen_contracts: ## Deploy EigenLayer Contracts on ANVIL
 	@echo "Deploying Eigen Contracts..."
@@ -121,6 +121,10 @@ anvil_deploy_sp1_contracts: ## Deploy SP1 Contracts used by Aggregation Mode on
 	@echo "Deploying SP1 Contracts..."
 	. contracts/scripts/anvil/deploy_sp1_contracts.sh
 
+anvil_deploy_zisk_contracts: ## Deploy Zisk Contracts used by Aggregation Mode on ANVIL
+	@echo "Deploying Zisk Contracts..."
+	. contracts/scripts/anvil/deploy_zisk_contracts.sh
+
 anvil_deploy_aligned_contracts: ## Deploy Aligned Contracts (Verification Layer and Aggregation Mode) on ANVIL
 	@echo "Deploying Aligned Contracts..."
 	. contracts/scripts/anvil/deploy_aligned_contracts.sh

contracts/script/deploy/AlignedProofAggregationServiceDeployer.s.sol

@@ -18,6 +18,9 @@ contract AlignedProofAggregationServiceDeployer is Script {
         address risc0VerifierAddress = stdJson.readAddress(config_data, ".address.risc0VerifierAddress");
         bytes32 risc0AggregationProgramImageId =
             stdJson.readBytes32(config_data, ".programs_id.risc0AggregationProgramImageId");
+        address ziskVerifierAddress = stdJson.readAddress(config_data, ".address.ziskVerifierAddress");
+        bytes32 ziskAggregationProgramVKHash =
+            stdJson.readBytes32(config_data, ".programs_id.ziskAggregationProgramVKHash");
 
         address ownerAddress = stdJson.readAddress(config_data, ".permissions.owner");
 
@@ -28,13 +31,15 @@ contract AlignedProofAggregationServiceDeployer is Script {
         ERC1967Proxy proxy = new ERC1967Proxy(
             address(alignedProofAggregationService),
             abi.encodeWithSignature(
-                "initialize(address,address,address,address,bytes32,bytes32)",
+                "initialize(address,address,address,address,address,bytes32,bytes32,bytes32)",
                 ownerAddress,
                 alignedAggregatorAddress,
                 sp1VerifierAddress,
                 risc0VerifierAddress,
+                ziskVerifierAddress,
                 risc0AggregationProgramImageId,
-                sp1AggregationProgramVKHash
+                sp1AggregationProgramVKHash,
+                ziskAggregationProgramVKHash
             )
         );
 

contracts/script/deploy/ZiskVerifierDeployer.s.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+
+import {Script} from "forge-std/Script.sol";
+import {console2} from "forge-std/console2.sol";
+import {ZiskVerifier} from "../../src/zisk/ZiskVerifier.sol";
+
+contract ZiskVerifierDeployer is Script {
+    function run() external {
+        uint256 deployerKey = uint256(vm.envBytes32("DEPLOYER_PRIVATE_KEY"));
+        bytes32 salt = vm.envOr("CREATE2_SALT", bytes32(uint256(0)));
+
+        vm.startBroadcast(deployerKey);
+
+        ZiskVerifier verifier;
+        if (salt != bytes32(0)) {
+            // Deploy with CREATE2 for deterministic address
+            verifier = new ZiskVerifier{salt: salt}();
+        } else {
+            // Deploy without CREATE2
+            verifier = new ZiskVerifier();
+        }
+
+        vm.stopBroadcast();
+    }
+}

contracts/script/deploy/config/devnet/proof-aggregator-service.devnet.config.json

@@ -2,12 +2,14 @@
   "address": {
     "sp1VerifierAddress": "0x06530DD13aFB697B81E2d602a279EBAEC8Ca2E31",
     "risc0VerifierAddress": "0x663F3ad617193148711d28f5334eE4Ed07016602",
+    "ziskVerifierAddress": "",
     "alignedAggregatorAddress": "0xa0Ee7A142d267C1f36714E4a8F75612F20a79720",
     "alignedAggregatorAddressPrivateKey": "0x2a871d0798f97d79848a013d4936a73bf4cc922c825d33c1cf7073dff6d409c6"
   },
   "programs_id": {
     "sp1AggregationProgramVKHash": "0x00d6e32a34f68ea643362b96615591c94ee0bf99ee871740ab2337966a4f77af",
-    "risc0AggregationProgramImageId": "0x8908f01022827e80a5de71908c16ee44f4a467236df20f62e7c994491629d74c"
+    "risc0AggregationProgramImageId": "0x8908f01022827e80a5de71908c16ee44f4a467236df20f62e7c994491629d74c",
+    "ziskAggregationProgramVKHash": ""
   },
   "amounts": {
     "amountToPayInWei": 1000000000000000000,

contracts/script/deploy/config/devnet/proof-aggregator-service.devnet.mock.config.json

@@ -2,12 +2,14 @@
   "address": {
     "sp1VerifierAddress": "0x00000000000000000000000000000000000000FF",
     "risc0VerifierAddress": "0x00000000000000000000000000000000000000FF",
+    "ziskVerifierAddress": "0x00000000000000000000000000000000000000FF",
     "alignedAggregatorAddress": "0xa0Ee7A142d267C1f36714E4a8F75612F20a79720",
     "alignedAggregatorAddressPrivateKey": "0x2a871d0798f97d79848a013d4936a73bf4cc922c825d33c1cf7073dff6d409c6"
   },
   "programs_id": {
     "sp1AggregationProgramVKHash": "0x00d6e32a34f68ea643362b96615591c94ee0bf99ee871740ab2337966a4f77af",
-    "risc0AggregationProgramImageId": "0x8908f01022827e80a5de71908c16ee44f4a467236df20f62e7c994491629d74c"
+    "risc0AggregationProgramImageId": "0x8908f01022827e80a5de71908c16ee44f4a467236df20f62e7c994491629d74c",
+    "ziskAggregationProgramVKHash": ""
   },
   "permissions": {
     "owner": "0x14dC79964da2C08b23698B3D3cc7Ca32193d9955"

contracts/script/deploy/config/hoodi/proof-aggregator-service.hoodi.config.json

@@ -2,11 +2,13 @@
   "address": {
     "sp1VerifierAddress": "0xe1D19B93F2052d42967bCe42e6d4125A31A0e9ef",
     "risc0VerifierAddress": "0x32Db7dc407AC886807277636a1633A1381748DD8",
+    "ziskVerifierAddress": "",
     "alignedAggregatorAddress": "0x7EB3B63A4F3e7810Cc9bbc346749E2491Da4D7Cc"
   },
   "programs_id": {
     "sp1AggregationProgramVKHash": "0x00d6e32a34f68ea643362b96615591c94ee0bf99ee871740ab2337966a4f77af",
-    "risc0AggregationProgramImageId": "0x8908f01022827e80a5de71908c16ee44f4a467236df20f62e7c994491629d74c"
+    "risc0AggregationProgramImageId": "0x8908f01022827e80a5de71908c16ee44f4a467236df20f62e7c994491629d74c",
+    "ziskAggregationProgramVKHash": ""
   },
   "amounts": {
     "amountToPayInWei": 1000000000000000,

contracts/script/deploy/config/templates/proof-aggregator-service.template.config.json

@@ -2,11 +2,13 @@
   "address": {
     "sp1VerifierAddress": "",
     "risc0VerifierAddress": "",
+    "ziskVerifierAddress": "",
     "alignedAggregatorAddress": ""
   },
   "programs_id": {
     "sp1AggregationProgramVKHash": "0x00a18429d092a8e1f58aea6ff650ad715ad4e6d7056600bb201d38460244507b",
-    "risc0AggregationProgramImageId": "0x4cc11a4ac146ce4fc71493d694a9707194316cbb609603a195ffbe0c4c099c97"
+    "risc0AggregationProgramImageId": "0x4cc11a4ac146ce4fc71493d694a9707194316cbb609603a195ffbe0c4c099c97",
+    "ziskAggregationProgramVKHash": ""
   },
   "permissions": {
     "owner": ""

contracts/scripts/anvil/deploy_zisk_contracts.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# cd to the directory of this script so that this can be run from anywhere
+parent_path=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
+# At this point we are in scripts/anvil
+cd "$parent_path"
+
+# Start an empty anvil chain in the background and dump its state to a json file upon exit
+anvil --load-state state/sp1-deployed-anvil-state.json --dump-state state/zisk-deployed-anvil-state.json &
+
+# cd to /contracts
+cd ../../
+
+sleep 1
+
+export RPC_DEVNET='http://localhost:8545'
+
+# Anvil account #2
+export DEPLOYER_PRIVATE_KEY='0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a'
+
+# Salt for deterministic deployment with CREATE2
+export CREATE2_SALT='0x0000000000000000000000000000000000000000000000000000000000000001'
+
+# Deploy Zisk verifier with CREATE2
+forge script script/deploy/ZiskVerifierDeployer.s.sol:ZiskVerifierDeployer \
+    --rpc-url $RPC_DEVNET \
+    --private-key $DEPLOYER_PRIVATE_KEY \
+    --broadcast \
+    --via-ir
+
+# Kill the anvil process to save state
+pkill anvil

contracts/src/core/AlignedProofAggregationService.sol

@@ -7,6 +7,7 @@ import {UUPSUpgradeable} from "@openzeppelin-upgrades/contracts/proxy/utils/UUPS
 import {IAlignedProofAggregationService} from "./IAlignedProofAggregationService.sol";
 import {ISP1Verifier} from "@sp1-contracts/ISP1Verifier.sol";
 import {IRiscZeroVerifier} from "@risc0-contracts/IRiscZeroVerifier.sol";
+import {IZiskVerifier} from "../zisk/IZiskVerifier.sol";
 import {MerkleProof} from "../../lib/openzeppelin-contracts/contracts/utils/cryptography/MerkleProof.sol";
 
 contract AlignedProofAggregationService is
@@ -33,12 +34,18 @@ contract AlignedProofAggregationService is
     /// https://dev.risczero.com/api/blockchain-integration/contracts/verifier#contract-addresses
     address public risc0VerifierAddress;
 
+    /// @notice The address of the Zisk verifier contract
+    address public ziskVerifierAddress;
+
     /// @notice Proving system ID for SP1
     uint8 public constant SP1_ID = 1;
 
     /// @notice Proving system ID for RISC0
     uint8 public constant RISC0_ID = 2;
 
+    /// @notice Proving system ID for ZISK
+    uint8 public constant ZISK_ID = 3;
+
     /// @notice Maps allowed verifiers commitments to their proving system. If the verifier is not a valid one, it returns 0 and is considered invalid
     mapping(bytes32 => uint8) public allowedVerifiersProvingSystem;
 
@@ -51,17 +58,21 @@ contract AlignedProofAggregationService is
         address _alignedAggregatorAddress,
         address _sp1VerifierAddress,
         address _risc0VerifierAddress,
+        address _ziskVerifierAddress,
         bytes32 _risc0AggregatorProgramImageId,
-        bytes32 _sp1AggregatorProgramVKHash
+        bytes32 _sp1AggregatorProgramVKHash,
+        bytes32 _ziskAggregatorProgramVKHash
     ) public initializer {
         __Ownable_init();
         __UUPSUpgradeable_init();
         _transferOwnership(newOwner);
         alignedAggregatorAddress = _alignedAggregatorAddress;
         sp1VerifierAddress = _sp1VerifierAddress;
         risc0VerifierAddress = _risc0VerifierAddress;
+        ziskVerifierAddress = _ziskVerifierAddress;
         allowedVerifiersProvingSystem[_risc0AggregatorProgramImageId] = RISC0_ID;
         allowedVerifiersProvingSystem[_sp1AggregatorProgramVKHash] = SP1_ID;
+        allowedVerifiersProvingSystem[_ziskAggregatorProgramVKHash] = ZISK_ID;
     }
 
     function verifyAggregationSP1(bytes32 blobVersionedHash, bytes calldata sp1PublicValues, bytes calldata sp1ProofBytes, bytes32 verifierProgramCommitment)
@@ -99,6 +110,22 @@ contract AlignedProofAggregationService is
         emit AggregatedProofVerified(merkleRoot, blobVersionedHash);
     }
 
+    function verifyAggregationZisk(bytes32 blobVersionedHash, uint64[4] calldata programVK, bytes calldata publicValues, bytes calldata proofBytes, bytes32 verifierProgramCommitment)
+        public
+        onlyAlignedAggregator
+    {
+        (bytes32 merkleRoot) = abi.decode(publicValues, (bytes32));
+
+        if (allowedVerifiersProvingSystem[verifierProgramCommitment] != ZISK_ID) {
+            revert InvalidVerifyingProgram(verifierProgramCommitment, ZISK_ID, allowedVerifiersProvingSystem[verifierProgramCommitment]);
+        }
+
+        IZiskVerifier(ziskVerifierAddress).verifySnarkProof(programVK, publicValues, proofBytes);
+
+        isMerkleRootVerified[merkleRoot] = true;
+        emit AggregatedProofVerified(merkleRoot, blobVersionedHash);
+    }
+
     /// @notice Verifies the inclusion of proof in an aggregated proof via Merkle tree proof.
     ///
     /// @dev
@@ -142,7 +169,8 @@ contract AlignedProofAggregationService is
     /// @notice Modifier to ensure the provided proving system ID is one of the valid values.
     modifier onValidProvingSystemId(uint8 provingSystemId) {
         if (provingSystemId != SP1_ID &&
-            provingSystemId != RISC0_ID){
+            provingSystemId != RISC0_ID &&
+            provingSystemId != ZISK_ID){
                 revert IAlignedProofAggregationService.InvalidProvingSystemId(provingSystemId);
             }
 
@@ -163,6 +191,13 @@ contract AlignedProofAggregationService is
         emit SP1VerifierAddressUpdated(_sp1VerifierAddress);
     }
 
+    /// @notice Sets the address of the Zisk verifier contract
+    /// @param _ziskVerifierAddress The new address for the Zisk verifier contract
+    function setZiskVerifierAddress(address _ziskVerifierAddress) external onlyOwner {
+        ziskVerifierAddress = _ziskVerifierAddress;
+        emit ZiskVerifierAddressUpdated(_ziskVerifierAddress);
+    }
+
     /// @notice Allows a new verifying program commitment to the list of valid verifying programs.
     /// @param verifierProgramCommitment The verifying program commitment to allow (image ID for RISC0 or vk hash for SP1).
     /// @param provingSystemId The proving system ID associated with the verifying program.

contracts/src/core/IAlignedProofAggregationService.sol

@@ -9,7 +9,10 @@ interface IAlignedProofAggregationService {
 
     /// @notice Event emitted when the SP1 verifier address is updated
     event SP1VerifierAddressUpdated(address indexed newAddress);
-    
+
+    /// @notice Event emitted when the Zisk verifier address is updated
+    event ZiskVerifierAddressUpdated(address indexed newAddress);
+
     /// @notice Event emitted when a verifier program is allowed
     event VerifierProgramAllowed(bytes32 indexed verifierProgramCommitment, uint8 provingSystemId);
 
@@ -29,6 +32,17 @@ interface IAlignedProofAggregationService {
     function verifyAggregationRisc0(bytes32 blobVersionedHash, bytes calldata risc0ReceiptSeal, bytes calldata risc0JournalBytes, bytes32 verifierProgramCommitment)
         external;
 
+    /// @notice Method to verify an aggregated proof from aligned using Zisk
+    /// @dev This function is called by the aligned proof aggregator after collecting the proofs and aggregating them
+    /// to be verified on-chain. We expect the blobTransactionHash to be called before
+    /// @param blobVersionedHash the versioned hash of the blob transaction that contains the leaves that compose the merkle root.
+    /// @param programVK The verification key for the RISC-V program
+    /// @param publicValues The public values encoded as bytes
+    /// @param proofBytes The proof of the program execution the Zisk zkVM encoded as bytes
+    /// @param verifierProgramCommitment The chunk aggregator verifier program commitment against which the proof should be verified
+    function verifyAggregationZisk(bytes32 blobVersionedHash, uint64[4] calldata programVK, bytes calldata publicValues, bytes calldata proofBytes, bytes32 verifierProgramCommitment)
+        external;
+
     function isProofVerified(
         bytes32[] calldata merklePath,
         uint16 provingSystemId,
@@ -44,14 +58,18 @@ interface IAlignedProofAggregationService {
     /// @param _sp1VerifierAddress The new address for the SP1 verifier contract
     function setSP1VerifierAddress(address _sp1VerifierAddress) external;
 
+    /// @notice Sets the address of the Zisk verifier contract
+    /// @param _ziskVerifierAddress The new address for the Zisk verifier contract
+    function setZiskVerifierAddress(address _ziskVerifierAddress) external;
+
     /// @notice Allows a new verifier program commitment with its proving system ID
     /// @param verifierProgramCommitment The verifier program commitment to allow
-    /// @param provingSystemId The proving system ID (1 for SP1, 2 for RISC0)
+    /// @param provingSystemId The proving system ID (1 for SP1, 2 for RISC0, 3 for ZISK)
     function allowVerifyingProgram(bytes32 verifierProgramCommitment, uint8 provingSystemId) external;
 
     /// @notice Disallows an existing verifier program commitment
     /// @param verifierProgramCommitment The verifier program commitment to disallow
-    /// @param provingSystemId The proving system ID (1 for SP1, 2 for RISC0)
+    /// @param provingSystemId The proving system ID (1 for SP1, 2 for RISC0, 3 for ZISK)
     function disallowVerifyingProgram(bytes32 verifierProgramCommitment, uint8 provingSystemId) external;
 
     error OnlyAlignedAggregator(address sender);