Merge branch 'staging' into feataggmode/separate-pollet-http-server

Author: maximopalopoli

Makefile

@@ -252,6 +252,9 @@ proof_aggregator_start_dev: is_aggregator_set reset_last_aggregated_block ./aggr
 proof_aggregator_start_dev_ethereum_package: is_aggregator_set reset_last_aggregated_block ./aggregation_mode/target/release/proof_aggregator_dev ## Starts proof aggregator with mock proofs (DEV mode) in ethereum package. Parameters: AGGREGATOR=<sp1|risc0>
 	AGGREGATOR=$(AGGREGATOR) RISC0_DEV_MODE=1 ./aggregation_mode/target/release/proof_aggregator_dev config-files/config-proof-aggregator-mock-ethereum-package.yaml
 
+proof_aggregator_test_without_compiling_agg_programs:
+	cd aggregation_mode && SKIP_AGG_PROGRAMS_BUILD=1 cargo test -p proof_aggregator --tests -- --nocapture
+
 ### All CPU proof aggregator receipts
 ./aggregation_mode/target/release/proof_aggregator_cpu: $(AGGREGATION_MODE_SOURCES)
 	AGGREGATOR=$(AGGREGATOR) cargo build --features prove --manifest-path ./aggregation_mode/Cargo.toml --release --bin proof_aggregator_cpu
@@ -326,6 +329,22 @@ agg_mode_batcher_poller_start_local: agg_mode_run_migrations
 agg_mode_batcher_poller_start_ethereum_package: agg_mode_run_migrations
 	cargo run --manifest-path ./aggregation_mode/Cargo.toml --release --bin agg_mode_batcher_poller -- config-files/config-agg-mode-batcher-ethereum-package.yaml
 
+AGG_MODE_SENDER ?= 0x70997970C51812dc3A010C7d01b50e0d17dc79C8
+agg_mode_batcher_send_payment:
+	@cast send --value 1ether \
+		0x922D6956C99E12DFeB3224DEA977D0939758A1Fe \
+		--private-key 0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
+
+agg_mode_batcher_send_sp1_proof:
+	@NONCE=$$(curl -s http://127.0.0.1:8089/nonce/0x70997970C51812dc3A010C7d01b50e0d17dc79C8 | jq -r '.data.nonce'); \
+	curl -X POST \
+		-H "Content-Type: multipart/form-data" \
+		-F "nonce=$${NONCE}" \
+		-F "proof=@scripts/test_files/sp1/sp1_fibonacci_5_0_0.proof" \
+		-F "program_vk=@scripts/test_files/sp1/sp1_fibonacci_5_0_0_vk.bin" \
+		-F "signature_hex=0x0" \
+		http://127.0.0.1:8089/proof/sp1
+
 __AGGREGATOR__: ## ____
 
 aggregator_start: ## Start the Aggregator. Parameters: ENVIRONMENT=<devnet|testnet|mainnet>, AGG_CONFIG_FILE

aggregation_mode/Cargo.lock

@@ -8,9 +8,12 @@ serde =  { workspace = true }
 serde_json = { workspace = true }
 serde_yaml = { workspace = true }
 aligned-sdk = { workspace = true }
+sp1-sdk = { workspace = true }
 tracing = { version = "0.1", features = ["log"] }
 tracing-subscriber = { version = "0.3.0", features = ["env-filter"] }
+bincode = "1.3.3"
 actix-web = "4"
+actix-multipart = "0.7.2"
 alloy = { workspace = true }
 tokio = { version = "1", features = ["time"]}
 # TODO: enable tls

aggregation_mode/batcher/Cargo.toml

@@ -3,11 +3,13 @@ use std::{
     time::{SystemTime, UNIX_EPOCH},
 };
 
+use actix_multipart::form::MultipartForm;
 use actix_web::{
     web::{self, Data},
     App, HttpRequest, HttpResponse, HttpServer, Responder,
 };
 use aligned_sdk::aggregation_layer::AggregationModeProvingSystem;
+use sp1_sdk::{SP1ProofWithPublicValues, SP1VerifyingKey};
 use sqlx::types::BigDecimal;
 
 use super::{
@@ -18,7 +20,8 @@ use super::{
 use crate::{
     config::Config,
     db::Db,
-    types::{SubmitProofRequest, SubmitProofRequestMessageRisc0, SubmitProofRequestMessageSP1},
+    types::{SubmitProofRequestRisc0, SubmitProofRequestSP1},
+    verifiers::{verify_sp1_proof, VerificationError},
 };
 
 #[derive(Clone, Debug)]
@@ -60,7 +63,6 @@ impl BatcherServer {
         };
 
         // TODO: validate valid ethereum address
-
         let Some(state) = req.app_data::<Data<BatcherServer>>() else {
             return HttpResponse::InternalServerError()
                 .json(AppResponse::new_unsucessfull("Internal server error", 500));
@@ -80,11 +82,8 @@ impl BatcherServer {
 
     async fn post_proof_sp1(
         req: HttpRequest,
-        body: web::Json<SubmitProofRequest<SubmitProofRequestMessageSP1>>,
+        MultipartForm(data): MultipartForm<SubmitProofRequestSP1>,
     ) -> impl Responder {
-        let data = body.into_inner();
-
-        // TODO: validate signature
         let recovered_address = "0x70997970C51812dc3A010C7d01b50e0d17dc79C8".to_lowercase();
 
         let Some(state) = req.app_data::<Data<BatcherServer>>() else {
@@ -98,7 +97,7 @@ impl BatcherServer {
                 .json(AppResponse::new_unsucessfull("Internal server error", 500));
         };
 
-        if data.nonce != (count as u64) {
+        if data.nonce.0 != (count as u64) {
             return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(
                 &format!("Invalid nonce, expected nonce = {count}"),
                 400,
@@ -136,15 +135,42 @@ impl BatcherServer {
             ));
         }
 
-        // TODO: decode proof and validate it
+        let Ok(proof_content) = tokio::fs::read(data.proof.file.path()).await else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        let Ok(proof) = bincode::deserialize::<SP1ProofWithPublicValues>(&proof_content) else {
+            return HttpResponse::BadRequest()
+                .json(AppResponse::new_unsucessfull("Invalid SP1 proof", 400));
+        };
+
+        let Ok(vk_content) = tokio::fs::read(data.program_vk.file.path()).await else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        let Ok(vk) = bincode::deserialize::<SP1VerifyingKey>(&vk_content) else {
+            return HttpResponse::BadRequest()
+                .json(AppResponse::new_unsucessfull("Invalid vk", 400));
+        };
+
+        if let Err(e) = verify_sp1_proof(&proof, &vk) {
+            let message = match e {
+                VerificationError::InvalidProof => "Proof verification failed",
+                VerificationError::UnsupportedProof => "Unsupported proof",
+            };
+
+            return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(message, 400));
+        };
 
         match state
             .db
             .insert_task(
                 &recovered_address,
                 AggregationModeProvingSystem::SP1.as_u16() as i32,
-                &data.message.proof,
-                &data.message.program_vk_commitment,
+                &proof_content,
+                &vk_content,
                 None,
             )
             .await
@@ -160,7 +186,7 @@ impl BatcherServer {
     /// TODO: complete for risc0 (see `post_proof_sp1`)
     async fn post_proof_risc0(
         _req: HttpRequest,
-        _body: web::Json<SubmitProofRequest<SubmitProofRequestMessageRisc0>>,
+        MultipartForm(_): MultipartForm<SubmitProofRequestRisc0>,
     ) -> impl Responder {
         HttpResponse::Ok().json(AppResponse::new_sucessfull(serde_json::json!({})))
     }

aggregation_mode/batcher/src/http.rs

@@ -2,4 +2,6 @@ pub mod config;
 pub mod db;
 mod helpers;
 pub mod http;
+pub mod server;
 mod types;
+mod verifiers;

aggregation_mode/batcher/src/lib.rs

@@ -1,3 +1,4 @@
+use actix_multipart::form::{tempfile::TempFile, text::Text, MultipartForm};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 
@@ -32,21 +33,18 @@ pub(super) struct GetProofMerklePathQueryParams {
     pub id: Option<String>,
 }
 
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub(super) struct SubmitProofRequest<T> {
-    pub nonce: u64,
-    pub message: T,
-    pub signature: String,
-}
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub(super) struct SubmitProofRequestMessageSP1 {
-    pub proof: Vec<u8>,
-    pub program_vk_commitment: Vec<u8>,
+#[derive(Debug, MultipartForm)]
+pub(super) struct SubmitProofRequestSP1 {
+    pub nonce: Text<u64>,
+    pub proof: TempFile,
+    pub program_vk: TempFile,
+    pub _signature_hex: Text<String>,
 }
 
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub(super) struct SubmitProofRequestMessageRisc0 {
-    pub proof: Vec<u8>,
-    pub program_image_id: Vec<u8>,
-    pub public_inputs: Vec<u8>,
+#[derive(Debug, MultipartForm)]
+pub(super) struct SubmitProofRequestRisc0 {
+    pub _nonce: Text<u64>,
+    pub _risc0_receipt: TempFile,
+    pub _program_image_id_hex: Text<String>,
+    pub _signature_hex: Text<String>,
 }

aggregation_mode/batcher/src/types.rs

@@ -0,0 +1,27 @@
+use std::sync::LazyLock;
+
+use sp1_sdk::{CpuProver, Prover, ProverClient, SP1ProofWithPublicValues, SP1VerifyingKey};
+
+static SP1_PROVER_CLIENT_CPU: LazyLock<CpuProver> =
+    LazyLock::new(|| ProverClient::builder().cpu().build());
+
+pub enum VerificationError {
+    InvalidProof,
+    UnsupportedProof,
+}
+
+pub fn verify_sp1_proof(
+    proof: &SP1ProofWithPublicValues,
+    vk: &SP1VerifyingKey,
+) -> Result<(), VerificationError> {
+    let client = &*SP1_PROVER_CLIENT_CPU;
+
+    match proof.proof {
+        sp1_sdk::SP1Proof::Compressed(_) => client
+            .verify(proof, vk)
+            .map_err(|_| VerificationError::InvalidProof),
+        _ => Err(VerificationError::UnsupportedProof),
+    }?;
+
+    Ok(())
+}

aggregation_mode/batcher/src/verifiers.rs

@@ -1,8 +1,32 @@
 use risc0_build::{DockerOptionsBuilder, GuestOptionsBuilder};
 use std::collections::HashMap;
+use std::path::PathBuf;
+
+// This allows us to skip the guest build in CI or local environments where it's not needed (reducing the build time)
+// Note: To use this flag, the aggregation programs should be already compiled, otherwise the compilation will be done anyway.
+fn should_skip_build() -> bool {
+    if std::env::var("SKIP_AGG_PROGRAMS_BUILD")
+        .map(|v| v == "1")
+        .unwrap_or(false)
+    {
+        let out_dir = std::env::var("OUT_DIR").unwrap();
+        let methods_path = PathBuf::from(out_dir).join("methods.rs");
+
+        methods_path.exists()
+    } else {
+        false
+    }
+}
 
 // Reference: https://docs.succinct.xyz/docs/sp1/writing-programs/compiling#advanced-build-options-1
 fn main() {
+    if should_skip_build() {
+        println!("cargo:warning=SKIP_AGG_PROGRAMS_BUILD=1: methods.rs already exists, skipping aggregation programs build");
+        return;
+    } else {
+        println!("cargo:warning=SKIP_AGG_PROGRAMS_BUILD=1 set, but path does not exist, running full build");
+    }
+
     sp1_build::build_program_with_args("./aggregation_programs/sp1", {
         sp1_build::BuildArgs {
             output_directory: Some("./aggregation_programs/sp1/elf".to_string()),

aggregation_mode/proof_aggregator/build.rs

@@ -23,8 +23,9 @@ pub struct Config {
     pub ecdsa: ECDSAConfig,
     pub proofs_per_chunk: u16,
     pub total_proofs_limit: u16,
-    pub sp1_chunk_aggregator_vk_hash: String,
     pub risc0_chunk_aggregator_image_id: String,
+    pub sp1_chunk_aggregator_vk_hash: String,
+    pub monthly_budget_eth: f64,
 }
 
 impl Config {