feat (risc0) add public input as separate parameter on verification data (#604)

Co-authored-by: Mariano A. Nicolini <mariano.nicolini.91@gmail.com>
Co-authored-by: NicolasRampoldi <58613770+NicolasRampoldi@users.noreply.github.com>

Author: 3 people

Makefile

@@ -230,6 +230,7 @@ batcher_send_risc0_task:
 		--proving_system Risc0 \
 		--proof ../../scripts/test_files/risc_zero/fibonacci_proof_generator/risc_zero_fibonacci.proof \
         --vm_program ../../scripts/test_files/risc_zero/fibonacci_proof_generator/fibonacci_id.bin \
+        --public_input ../../scripts/test_files/risc_zero/fibonacci_proof_generator/risc_zero_fibonacci.pub \
 		--proof_generator_addr 0x66f9664f97F2b50F62D13eA064982f936dE76657
 
 batcher_send_risc0_burst:
@@ -238,6 +239,7 @@ batcher_send_risc0_burst:
 		--proving_system Risc0 \
 		--proof ../../scripts/test_files/risc_zero/fibonacci_proof_generator/risc_zero_fibonacci.proof \
         --vm_program ../../scripts/test_files/risc_zero/fibonacci_proof_generator/fibonacci_id.bin \
+        --public_input ../../scripts/test_files/risc_zero/fibonacci_proof_generator/risc_zero_fibonacci.pub \
         --repetitions 15 \
 		--proof_generator_addr 0x66f9664f97F2b50F62D13eA064982f936dE76657
 
@@ -470,7 +472,7 @@ test_risc_zero_go_bindings_linux: build_risc_zero_linux
 generate_risc_zero_fibonacci_proof:
 	@cd scripts/test_files/risc_zero/fibonacci_proof_generator && \
 		RUST_LOG=info cargo run --release && \
-		echo "Fibonacci proof and image ID generated in scripts/test_files/risc_zero folder"
+		echo "Fibonacci proof, pub input and image ID generated in scripts/test_files/risc_zero folder"
 
 __MERKLE_TREE_FFI__: ##
 build_merkle_tree_macos:

batcher/aligned-batcher/src/lib.rs

@@ -386,7 +386,10 @@ impl Batcher {
             let mut last_uploaded_batch_block = self.last_uploaded_batch_block.lock().await;
             // update last uploaded batch block
             *last_uploaded_batch_block = block_number;
-            info!("Batch Finalizer: Last uploaded batch block updated to: {}. Lock unlocked", block_number);
+            info!(
+                "Batch Finalizer: Last uploaded batch block updated to: {}. Lock unlocked",
+                block_number
+            );
         }
         // Moving this outside the previous scope is a hotfix until we merge https://github.com/yetanotherco/aligned_layer/pull/365
         self.submit_batch(&batch_bytes, &batch_merkle_tree.root, submitter_addresses)

batcher/aligned-batcher/src/risc_zero/mod.rs

@@ -1,7 +1,15 @@
 use risc0_zkvm::Receipt;
 
-pub fn verify_risc_zero_proof(receipt_bytes: &[u8], image_id: &[u8; 32]) -> bool {
+pub fn verify_risc_zero_proof(
+    receipt_bytes: &[u8],
+    image_id: &[u8; 32],
+    public_input: &[u8],
+) -> bool {
     if let Ok(receipt) = bincode::deserialize::<Receipt>(receipt_bytes) {
+        if public_input != receipt.journal.bytes {
+            return false;
+        }
+
         return receipt.verify(*image_id).is_ok();
     }
     false

batcher/aligned-batcher/src/zk_utils/mod.rs

@@ -1,10 +1,12 @@
+use log::{debug, warn};
+
+use aligned_sdk::types::{ProvingSystemId, VerificationData};
+
 use crate::gnark::verify_gnark;
 use crate::halo2::ipa::verify_halo2_ipa;
 use crate::halo2::kzg::verify_halo2_kzg;
 use crate::risc_zero::verify_risc_zero_proof;
 use crate::sp1::verify_sp1_proof;
-use aligned_sdk::types::{ProvingSystemId, VerificationData};
-use log::{debug, warn};
 
 pub(crate) fn verify(verification_data: &VerificationData) -> bool {
     match verification_data.proving_system {
@@ -44,12 +46,20 @@ pub(crate) fn verify(verification_data: &VerificationData) -> bool {
             is_valid
         }
         ProvingSystemId::Risc0 => {
-            if let Some(image_id_slice) = &verification_data.vm_program_code {
+            if let (Some(image_id_slice), Some(pub_input)) = (
+                &verification_data.vm_program_code,
+                &verification_data.pub_input,
+            ) {
                 let mut image_id = [0u8; 32];
                 image_id.copy_from_slice(image_id_slice.as_slice());
-                return verify_risc_zero_proof(verification_data.proof.as_slice(), &image_id);
+                return verify_risc_zero_proof(
+                    verification_data.proof.as_slice(),
+                    &image_id,
+                    pub_input,
+                );
             }
-            warn!("Trying to verify Risc0 proof but image ID was not provided. Returning false");
+
+            warn!("Trying to verify Risc0 proof but image id or public input was not provided. Returning false");
             false
         }
         ProvingSystemId::GnarkPlonkBls12_381

batcher/aligned-sdk/src/types.rs

@@ -62,8 +62,8 @@ impl From<VerificationData> for VerificationDataCommitment {
         // FIXME(marian): This should probably be reworked, for the moment when the proving
         // system is SP1, `proving_system_aux_data` stands for the compiled ELF, while in the case
         // of Groth16 and PLONK, stands for the verification key.
+
         if let Some(vm_program_code) = &verification_data.vm_program_code {
-            debug_assert_eq!(verification_data.proving_system, ProvingSystemId::SP1);
             hasher.update(vm_program_code);
             proving_system_aux_data_commitment = hasher.finalize_reset().into();
         } else if let Some(verification_key) = &verification_data.verification_key {

batcher/aligned/src/main.rs

@@ -5,26 +5,25 @@ use std::io::Write;
 use std::path::PathBuf;
 use std::str::FromStr;
 
-use aligned_sdk::errors::{AlignedError, SubmitError};
-use aligned_sdk::types::AlignedVerificationData;
-use aligned_sdk::types::Chain;
-use aligned_sdk::types::ProvingSystemId;
-use aligned_sdk::types::VerificationData;
 use clap::Parser;
 use clap::Subcommand;
 use clap::ValueEnum;
 use env_logger::Env;
 use ethers::prelude::*;
-use log::warn;
-use log::{error, info};
-
-use aligned_sdk::sdk::{get_verification_key_commitment, submit_multiple, verify_proof_onchain};
-
 use ethers::utils::format_ether;
 use ethers::utils::hex;
 use ethers::utils::parse_ether;
+use log::warn;
+use log::{error, info};
 use transaction::eip2718::TypedTransaction;
 
+use aligned_sdk::errors::{AlignedError, SubmitError};
+use aligned_sdk::sdk::{get_verification_key_commitment, submit_multiple, verify_proof_onchain};
+use aligned_sdk::types::AlignedVerificationData;
+use aligned_sdk::types::Chain;
+use aligned_sdk::types::ProvingSystemId;
+use aligned_sdk::types::VerificationData;
+
 use crate::AlignedCommands::DepositToBatcher;
 use crate::AlignedCommands::GetUserBalance;
 use crate::AlignedCommands::GetVerificationKeyCommitment;
@@ -483,11 +482,21 @@ fn verification_data_from_args(args: SubmitArgs) -> Result<VerificationData, Sub
     let mut vm_program_code: Option<Vec<u8>> = None;
 
     match proving_system {
-        ProvingSystemId::SP1 | ProvingSystemId::Risc0 => {
+        ProvingSystemId::SP1 => {
+            vm_program_code = Some(read_file_option(
+                "--vm_program",
+                args.vm_program_code_file_name,
+            )?);
+        }
+        ProvingSystemId::Risc0 => {
             vm_program_code = Some(read_file_option(
                 "--vm_program",
                 args.vm_program_code_file_name,
             )?);
+            pub_input = Some(read_file_option(
+                "--public_input",
+                args.pub_input_file_name,
+            )?);
         }
         ProvingSystemId::Halo2KZG
         | ProvingSystemId::Halo2IPA

docs/guides/0_submitting_proofs.md

@@ -38,20 +38,20 @@ You need to have installed [Foundry](https://book.getfoundry.sh/getting-started/
     ```
     Phrase:
     test test test test test test test test test test test test
-    
+
     Accounts:
     - Account 0:
     Address:     0xabcd...1234
     Private key: 0x1234...abcd
     ```
-  
+
 - Import the wallet using the private key previously generated, or whichever you want to use, and write a password to use it.
 
     ```bash
     mkdir -p ~/.aligned_keystore/
     cast wallet import ~/.aligned_keystore/keystore0 --interactive
     ```
-  
+
   You have to paste your private key and set a password for the keystore file.
 
 This will create the ECDSA keystore file in `~/.aligned_keystore/keystore0`
@@ -75,7 +75,7 @@ aligned deposit-to-batcher \
 --amount 0.1ether
 ```
 
-This commands allows the usage of the following flags: 
+This commands allows the usage of the following flags:
 - `--batcher_addr` to specify the address of the Batcher Payment Service smart contract.
 - `--rpc` to specify the rpc url to be used.
 - `--chain` to specify the chain id to be used. Could be holesky or devnet.
@@ -92,7 +92,7 @@ aligned get-user-balance \
 --user_addr <user_addr>
 ```
 
-This commands allows the usage of the following flags: 
+This commands allows the usage of the following flags:
 - `--batcher_addr` to specify the address of the Batcher Payment Service smart contract.
 - `--rpc` to specify the rpc url to be used.
 - `--user_addr` the address of the user that funded the Batcher.
@@ -114,7 +114,7 @@ aligned submit \
 --conn wss://batcher.alignedlayer.com \
 --proof_generator_addr [proof_generator_addr] \
 --batch_inclusion_data_directory_path [batch_inclusion_data_directory_path] \
---keystore_path <path_to_ecdsa_keystore> 
+--keystore_path <path_to_ecdsa_keystore>
 ```
 
 **Example**
@@ -141,6 +141,7 @@ aligned submit \
 --proving_system Risc0 \
 --proof <proof_file> \
 --vm_program <vm_program_file> \
+--pub_input <pub_input_file> \
 --conn wss://batcher.alignedlayer.com \
 --proof_generator_addr [proof_generator_addr] \
 --batch_inclusion_data_directory_path [batch_inclusion_data_directory_path] \
@@ -150,11 +151,12 @@ aligned submit \
 **Example**
 
 ```bash
-rm -rf ~/.aligned/aligned_verification_data/ &&                                                                                
+rm -rf ~/.aligned/aligned_verification_data/ &&
 aligned submit \
 --proving_system Risc0 \
 --proof ./scripts/test_files/risc_zero/fibonacci_proof_generator/risc_zero_fibonacci.proof \
 --vm_program ./scripts/test_files/risc_zero/fibonacci_proof_generator/fibonacci_id.bin \
+--public_input ./scripts/test_files/risc_zero/fibonacci_proof_generator/risc_zero_fibonacci.pub \
 --conn wss://batcher.alignedlayer.com \
 --aligned_verification_data_path ~/.aligned/aligned_verification_data \
 --keystore_path ~/.aligned_keystore/keystore0

docs/guides/3_generating_proofs.md

@@ -90,4 +90,71 @@ aligned submit \
 ```
 Where proof path is the path to the proof file, public input path is the path to the public input file, and verification key path is the path to the verification key file.
 
-For more instructions on how to submit proofs, check the [Submitting proofs guide](../guides/0_submitting_proofs.md).
+For more instructions on how to submit proofs, check the [Submitting proofs guide](../guides/0_submitting_proofs.md).
+
+## Risc0
+
+### Dependencies
+
+This guide assumes that:
+- Risc0 toolchain installed (instructions [here](https://dev.risczero.com/api/zkvm/quickstart#1-install-the-risc-zero-toolchain))
+- Risc0 project to generate the proofs (instructions [here](https://dev.risczero.com/api/zkvm/quickstart#2-create-a-new-project))
+- Aligned installed (instructions [here](../introduction/1_getting_started.md#quickstart))
+
+### How to generate a proof
+
+First, open the risc0 host file and add the following code to export image id & public input needed by Aligned.
+
+```rust
+fn main() {
+    // your code here
+  
+    // <METHOD_ID> is the method id of the function you want to prove
+    // <method_id_file_path> is the path where the method id will be saved
+    std::fs::write("<method_id_file_path>", convert(&<METHOD_ID>))
+            .expect("Failed to write method_id file");
+  
+    // <pub_input_file_path> is the path where the public input will be saved
+    std::fs::write("<pub_input_file_path>", receipt.journal.bytes)
+            .expect("Failed to write pub_input file");
+}
+
+
+// Convert u32 array to u8 array for storage
+pub fn convert(data: &[u32; 8]) -> [u8; 32] {
+    let mut res = [0; 32];
+    for i in 0..8 {
+        res[4 * i..4 * (i + 1)].copy_from_slice(&data[i].to_le_bytes());
+    }
+    res
+}
+```
+
+Note that METHOD_ID will be imported from guest but it will be under a different name.
+
+Then run the following command to generate the proof:
+
+```bash
+cargo run --release
+```
+
+### How to get the proof verified by Aligned
+
+After generating the proof, you will have to find three different files:
+- Proof file
+- Image id file
+- Public input file
+
+Then, you can send the proof to the Aligned network by running the following command
+
+```bash
+aligned submit \
+  --proving_system Risc0 \
+  --proof <proof_file_path> \
+  --vm_program <method_id_file_path> \
+  --public_input <pub_input_file_path> \
+  --conn wss://batcher.alignedlayer.com \
+  --proof_generator_addr <proof_generator_addr>
+```
+
+For more instructions on how to submit proofs, check the [Submitting proofs guide](../guides/0_submitting_proofs.md).

operator/pkg/operator.go

@@ -342,8 +342,10 @@ func (o *Operator) verify(verificationData VerificationData, results chan bool)
 	case common.Risc0:
 		proofLen := (uint32)(len(verificationData.Proof))
 		imageIdLen := (uint32)(len(verificationData.VmProgramCode))
+		pubInputLen := (uint32)(len(verificationData.PubInput))
 
-		verificationResult := risc_zero.VerifyRiscZeroReceipt(verificationData.Proof, proofLen, verificationData.VmProgramCode, imageIdLen)
+		verificationResult := risc_zero.VerifyRiscZeroReceipt(verificationData.Proof, proofLen,
+			verificationData.VmProgramCode, imageIdLen, verificationData.PubInput, pubInputLen)
 
 		o.Logger.Infof("Risc0 proof verification result: %t", verificationResult)
 		results <- verificationResult

operator/risc_zero/lib/risc_zero.h

@@ -1,4 +1,4 @@
 #include <stdbool.h>
 #include <stdint.h>
 
-bool verify_risc_zero_receipt_ffi(unsigned char *receipt_bytes, uint32_t receipt_len, unsigned char *image_id, uint32_t image_id_len);
+bool verify_risc_zero_receipt_ffi(unsigned char *receipt_bytes, uint32_t receipt_len, unsigned char *image_id, uint32_t image_id_len, unsigned char *public_input, uint32_t public_input_len);