fix: updated contract with new instance value, 0

summa-dev · Mar 13, 2024 · fc5d564 · fc5d564
1 parent db1f236
commit fc5d564
Show file tree

Hide file tree

Showing 9 changed files with 336 additions and 303 deletions.
diff --git a/contracts/src/SnarkVerifier.sol b/contracts/src/SnarkVerifier.sol
diff --git a/contracts/src/Summa.sol b/contracts/src/Summa.sol
@@ -12,8 +12,8 @@ import "./interfaces/IInclusionVerifier.sol";
 contract Summa is Ownable {
     /**
      * @dev Struct representing the configuration of the Summa instance
-     * @param cryptocurrencyNames The names of the cryptocurrencies whose balances are encoded in the polynomials
-     * @param cryptocurrencyChains The chains of the cryptocurrencies whose balances are encoded in the polynomials
+     * @param cryptocurrencyNames The names of the cryptocurrencies whose balances are interpolated in the polynomials
+     * @param cryptocurrencyChains The chains of the cryptocurrencies whose balances are interpolated in the polynomials
      * @param balanceByteRange The number of bytes used to represent the balance of a cryptocurrency in the polynomials
      */
     struct SummaConfig {
@@ -50,8 +50,8 @@ contract Summa is Ownable {
     // Convenience mapping to check if an address has already been verified
     mapping(bytes32 => uint256) private _ownershipProofByAddress;
 
-    // zkSNARK verifier of the valid polynomial encoding
-    IVerifier private immutable polynomialEncodingVerifier;
+    // zkSNARK verifier of the valid polynomial interpolation
+    IVerifier private immutable polynomialInterpolationVerifier;
 
     // KZG verifier of the grand sum
     IVerifier private immutable grandSumVerifier;
@@ -72,16 +72,16 @@ contract Summa is Ownable {
     /**
      * Summa contract
      * @param _verifyingKey The address of the verification key contract
-     * @param _polynomialEncodingVerifier the address of the polynomial encoding zkSNARK verifier
+     * @param _polynomialInterpolationVerifier the address of the polynomial interpolation zkSNARK verifier
      * @param _grandSumVerifier the address of the grand sum KZG verifier
      * @param _inclusionVerifier the address of the inclusion KZG verifier
-     * @param cryptocurrencyNames the names of the cryptocurrencies whose balances are encoded in the polynomials
-     * @param cryptocurrencyChains the chain names of the cryptocurrencies whose balances are encoded in the polynomials
+     * @param cryptocurrencyNames the names of the cryptocurrencies whose balances are interpolated in the polynomials
+     * @param cryptocurrencyChains the chain names of the cryptocurrencies whose balances are interpolated in the polynomials
      * @param balanceByteRange maximum accepted byte range for the balance of a cryptocurrency
      */
     constructor(
         address _verifyingKey,
-        IVerifier _polynomialEncodingVerifier,
+        IVerifier _polynomialInterpolationVerifier,
         IVerifier _grandSumVerifier,
         IInclusionVerifier _inclusionVerifier,
         string[] memory cryptocurrencyNames,
@@ -110,10 +110,10 @@ contract Summa is Ownable {
             "The config parameters do not correspond to the verifying key"
         );
         require(
-            address(_polynomialEncodingVerifier) != address(0),
-            "Invalid polynomial encoding verifier address"
+            address(_polynomialInterpolationVerifier) != address(0),
+            "Invalid polynomial interpolation verifier address"
         );
-        polynomialEncodingVerifier = _polynomialEncodingVerifier;
+        polynomialInterpolationVerifier = _polynomialInterpolationVerifier;
         require(
             address(_grandSumVerifier) != address(0),
             "Invalid grand sum verifier address"
@@ -145,7 +145,7 @@ contract Summa is Ownable {
         // The number of permutations is 2 + (balanceByteRange/2) * numberOfCurrencies because of the circuit structure:
         // 1 per instance column, 1 per constant column (range check) and balanceByteRange/2 per range check columns times the number of currencies
         uint256 numPermutations = 2 +
-            (balanceByteRange / 2) *
+            ((balanceByteRange / 2) + 1) *
             numberOfCurrencies;
 
         uint256 startOffsetForPermutations = 0x2e0; // The value can be observed in the VerificationKey contract, the offset is pointing after all the parameters and the fixed column commitment
@@ -167,8 +167,12 @@ contract Summa is Ownable {
             extcodecopy(vkContract, 0x00, readOffset, 0x20)
             // Load the read bytes from 0x00 into a variable
             let readBytes := mload(0x00)
+
+            let leftHalf  := shr(128, readBytes)                                // Shift right by 128 bits to get the left half
+            let rightHalf := and(readBytes, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) // Mask the right half
+
             // We expect the left 16 bytes to be nonzero and the right 16 bytes to be zero
-            valid := and(not(iszero(readBytes)), iszero(and(readBytes, 0x0f)))
+            valid := and(not(iszero(leftHalf)), iszero(rightHalf))
         }
         return valid;
     }
@@ -216,7 +220,7 @@ contract Summa is Ownable {
 
     /**
      * @dev Submit commitment for a CEX
-     * @param snarkProof ZK proof of the valid polynomial encoding
+     * @param snarkProof ZK proof of the valid polynomial interpolation
      * @param grandSumProof kzg proof of the grand sum
      * @param totalBalances The array of total balances in the grand sum
      * @param timestamp The timestamp at which the CEX took the snapshot of its assets and liabilities
@@ -233,9 +237,11 @@ contract Summa is Ownable {
         require(snarkProof.length > grandSumProof.length, "Invalid snark proof length");
 
         uint[] memory args = new uint[](1);
-        args[0] = 1; // Workaround to satisfy the verifier (TODO remove after https://github.com/summa-dev/halo2-solidity-verifier/issues/1 is resolved)
+
+        // This is the instance value for checking zero value inside circuit
+        args[0] = 0; 
         require(
-            polynomialEncodingVerifier.verifyProof(verifyingKey, snarkProof, args),
+            polynomialInterpolationVerifier.verifyProof(verifyingKey, snarkProof, args),
             "Invalid snark proof"
         );
         require(

diff --git a/contracts/src/VerifyingKey.sol b/contracts/src/VerifyingKey.sol
@@ -5,7 +5,7 @@ pragma solidity ^0.8.0;
 contract Halo2VerifyingKey {
     constructor() {
         assembly {
-            mstore(0x0000, 0x0f4282e55a789d94ea57d4e200623dabb7ea67c998749f0370c890ab9ee6883f) // vk_digest
+            mstore(0x0000, 0x1cf97aa0b615d06f7fde34ae5bc74ff9cacc8143a00eaf0e6b24673afa484eb3) // vk_digest
             mstore(0x0020, 0x0000000000000000000000000000000000000000000000000000000000000011) // k
             mstore(0x0040, 0x30643640b9f82f90e83b698e5ea6179c7c05542e859533b48b9953a2f5360801) // n_inv
             mstore(0x0060, 0x304cd1e79cfa5b0f054e981a27ed7706e7ea6b06a7f266ef8db819c179c2c3ea) // omega
@@ -28,28 +28,32 @@ contract Halo2VerifyingKey {
             mstore(0x0280, 0x2b1cbb3e521edf5a622d82762a44a5e63f1e50b332d71154a4a7958d6011deff) // neg_s_g2_y_2
             mstore(0x02a0, 0x1404a2d17cd02c8f9fd79d74ac73c67d1881e62c6af354fa74d235c5e37dacfe) // fixed_comms[0].x
             mstore(0x02c0, 0x2c1e30781f735e7977820d4ca9145010e28dcc808ee0f1e976477289057b7aec) // fixed_comms[0].y
-            mstore(0x02e0, 0x1b20314062560deca1b1bada262dbe3352a521ea2ef8973476cb7ad6f588c59d) // permutation_comms[0].x
-            mstore(0x0300, 0x244ac9f0848be84d5a85e3c4e62e2a371ac7be27d68202ef3fe79541021ab99d) // permutation_comms[0].y
-            mstore(0x0320, 0x2b1f7e2148bfab601e68f2e8133b9d05c10a9526d686b356b761eaa3713a70ba) // permutation_comms[1].x
-            mstore(0x0340, 0x013345ea09966b06e4ae7d7e2919ddbb6e3f7e645aea515375ed729bff644dc5) // permutation_comms[1].y
+            mstore(0x02e0, 0x2dd3fd59098a5b4b4a616568bb6ba1a1e4c40e4b0df9ae94e37944d55ab651cf) // permutation_comms[0].x
+            mstore(0x0300, 0x25680c3525ba04435a9034d6e69c96de5133edfe37c226d3e31b60eff6b34ef0) // permutation_comms[0].y
+            mstore(0x0320, 0x0fd3d99b713606a4c586c6d187477c5eb79a43f78c7d8424a67be4ce624fa6af) // permutation_comms[1].x
+            mstore(0x0340, 0x20af9ec4f24f0568465c7f138f69fac5e917ba5f669550cae7977fcde9fc657d) // permutation_comms[1].y
             mstore(0x0360, 0x27a7a66087a8c17b00ffb7fe9b76ba2199ca308bcb0ad100fa181886d6c9b936) // permutation_comms[2].x
             mstore(0x0380, 0x23bc951a3c4307384bdec5d61be122a19c933db3266d6327a472e5203a9f785a) // permutation_comms[2].y
             mstore(0x03a0, 0x0743ea40f14084db2673217283aa053f986896ee7c181f52118442e99c452974) // permutation_comms[3].x
             mstore(0x03c0, 0x0203e3493a2594ece57d22cc75dd081ac68271ec7c758153cfd2152bfb5c19e3) // permutation_comms[3].y
-            mstore(0x03e0, 0x1d81e0b06dea11d9b7a7a64458db5e5eb2f5dbe107a81f0555738f613b9b7d78) // permutation_comms[4].x
-            mstore(0x0400, 0x081e3e59de4615b05fef48f591d1ea23cb32f0ee841157094c1b81b95cfdb9fa) // permutation_comms[4].y
-            mstore(0x0420, 0x0c28e0db2e4decc2a36413620cdc36ae237ccbc1cd1168841c5375d2a79478ce) // permutation_comms[5].x
-            mstore(0x0440, 0x17b5790a11fcde00f8acf7edc4328f37883aec0f5955f8a6f7764078edf3cd05) // permutation_comms[5].y
-            mstore(0x0460, 0x284ac053d96a33fca69eca00e16eea75ad1bf008d2a742fc846ac73d17d46d73) // permutation_comms[6].x
-            mstore(0x0480, 0x14f45666a26b8d472186dbf78e606a82891e0f122a54264418cfe2615003dfb9) // permutation_comms[6].y
+            mstore(0x03e0, 0x0f85936c44708409e3e9fb5e2a7ea6604b06997f0ac7fd488e3f147e05a88dbe) // permutation_comms[4].x
+            mstore(0x0400, 0x0497fbb7c4436dcf36ede6a30ad62e016e059a11a6548eb6980edeb2f1052133) // permutation_comms[4].y
+            mstore(0x0420, 0x1ec1a20141b6698f374aada55f23b891e4c6f6504cdcdec40c5ec89f326b8640) // permutation_comms[5].x
+            mstore(0x0440, 0x108ee8c0651cead83eb9e988873c5b62a74fe0775d0464fcca86c0ac61b9b92e) // permutation_comms[5].y
+            mstore(0x0460, 0x101b50c385e07bb24f828dee5eba4619413bb28ee278c03901a58a8b58f90ab8) // permutation_comms[6].x
+            mstore(0x0480, 0x11dbc30794b04c6fc1c68c59556fd092bb59479bc6cc8cb4879d961a6b2dfa94) // permutation_comms[6].y
             mstore(0x04a0, 0x1c517c335ad634422ef2eb5f615926e875afa9e9c589abf528d315a8a586b22d) // permutation_comms[7].x
             mstore(0x04c0, 0x1220b1b13c91e8115106144bc417d4d3e6a9de3fb70406e68b4a5fd8a92f4327) // permutation_comms[7].y
-            mstore(0x04e0, 0x1be0972afecdd013ffa6a3acc18998619b8df7834273d89825bf1abd1f2023ab) // permutation_comms[8].x
-            mstore(0x0500, 0x0019ea072d6d49fbf164929a19a76d4421f33d47647ff62c7230133fba915307) // permutation_comms[8].y
+            mstore(0x04e0, 0x0cbaead666e172b1801b7ad17c3450ea2ce7d53c1e392cedf05023e59e53c95a) // permutation_comms[8].x
+            mstore(0x0500, 0x0ce200ab515efc390c459e0b492c15a50024c57fa70768c18389924e1e72982b) // permutation_comms[8].y
             mstore(0x0520, 0x0f09c585dc376dd0d5962c76ae444dc1cc3de9780f4fbdd5105a7040500d60ba) // permutation_comms[9].x
             mstore(0x0540, 0x13587a1e4799ba72f1d95e47a4e377086b83e5189903566e7422119ed28eba59) // permutation_comms[9].y
+            mstore(0x0560, 0x1122e985f75fc0589295cbaf54c0da7f36a7f184d83876f0fa9fdc2dbbd715cb) // permutation_comms[10].x
+            mstore(0x0580, 0x0da0508aab9cf7c8772ed21fcb6851480f8c3c328b7fb722e3a1cecd0c867e02) // permutation_comms[10].y
+            mstore(0x05a0, 0x019e46ed071e9723ab7a68eb3c0d7bbd1df026e4f35acb67cc7cfe269e12deb0) // permutation_comms[11].x
+            mstore(0x05c0, 0x1c19aac276e0a65d2c5bb219e9020124a0bf3d3bbaa8758abd2e6d40895923ed) // permutation_comms[11].y
 
-            return(0, 0x0560)
+            return(0, 0x05e0)
         }
     }
 }
diff --git a/contracts/src/interfaces/IInclusionVerifier.sol b/contracts/src/interfaces/IInclusionVerifier.sol
@@ -2,15 +2,15 @@
 pragma solidity ^0.8.18;
 
 /**
- * @dev Zero-knowledge proof verifier
+ * @dev Inclusion proof verifier
  */
 interface IInclusionVerifier {
     /**
      * @dev Verify a proof
      * @param vk The verification key
      * @param proof The proof
-     * @param challenges The pre-calculated g2 points with challenge 
-     * @param values The user data that includes userId, balance of currency 1
+     * @param challenges The pre-calculated g2 points with challenge
+     * @param values The user data that includes userId, balance of currency
      * @return true if the proof is valid, false otherwise
      */
         function verifyProof(

diff --git a/contracts/src/interfaces/IVerifier.sol b/contracts/src/interfaces/IVerifier.sol
@@ -2,7 +2,7 @@
 pragma solidity ^0.8.18;
 
 /**
- * @dev Zero-knowledge proof verifier
+ * @dev Zk-SNARK and grand sum proof proof verifier
  */
 interface IVerifier {
     /**

diff --git a/contracts/test/Summa.ts b/contracts/test/Summa.ts
@@ -165,7 +165,7 @@ describe("Summa Contract", () => {
           ["ETH", "BTC"],
           8,
         ])
-      ).to.be.revertedWith("Invalid polynomial encoding verifier address");
+      ).to.be.revertedWith("Invalid polynomial interpolation verifier address");
     });
 
 

diff --git a/contracts/test/Verifiers.ts b/contracts/test/Verifiers.ts
@@ -47,7 +47,7 @@ describe("Verifier Contracts", () => {
 
     it("should verify snark proof", async () => {
       // The verifier contract checks the number of instances in the VerifyingKey contract at 0x00c0 with the given 'instances' input
-      expect(await snarkVerifier.verifyProof(verifyingKey.address, commitmentCalldata.range_check_snark_proof, [1])).to.be.true;
+      expect(await snarkVerifier.verifyProof(verifyingKey.address, commitmentCalldata.range_check_snark_proof, [0])).to.be.true;
     });
 
     it("should revert with invalid proof", async () => {
-Original file line number
+Diff line change
@@ Expand Up / @@ -165,7 +165,7 @@ describe("Summa Contract", () => { @@
               ["ETH", "BTC"],
 ,
             ])
-          ).to.be.revertedWith("Invalid polynomial encoding verifier address");
+          ).to.be.revertedWith("Invalid polynomial interpolation verifier address");
         });
@@ Expand Down @@