Merge branch 'eigenda-v3.0.3' of github.com:Layr-Labs/nitro into epoc…

…iask--fix-length-trust-assumption

.github/workflows/arbitrator-ci.yml

@@ -40,7 +40,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           submodules: recursive
-          ssh-key: ${{ secrets.SSH_KEY }}
 
 
       - name: Install Ubuntu dependencies

.github/workflows/ci.yml

@@ -32,7 +32,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           submodules: true
-          ssh-key: ${{ secrets.SSH_KEY }}
 
       - name: Install dependencies
         run: sudo apt update && sudo apt install -y wabt gotestsum
@@ -67,15 +66,17 @@ jobs:
         id: install-rust-nightly
         with:
           profile: minimal
-          toolchain: "nightly"
-
+          toolchain: "nightly-2024-07-30"
+      
       - name: Install rust wasm targets
         run: rustup target add wasm32-wasi wasm32-unknown-unknown
 
       - name: Install nightly wasm targets
         run: |
-          rustup component add rust-src --toolchain nightly
-          rustup target add wasm32-unknown-unknown --toolchain nightly
+          nightly_toolchain='nightly-2024-07-30'
+          echo 'STYLUS_NIGHTLY_VER=+'"$nightly_toolchain" >> "$GITHUB_ENV"
+          rustup component add rust-src --toolchain "$nightly_toolchain"
+          rustup target add wasm32-unknown-unknown --toolchain "$nightly_toolchain"
 
       - name: Cache Build Products
         uses: actions/cache@v3
@@ -126,14 +127,14 @@ jobs:
       - name: Build all lint dependencies
         run: make -j build-node-deps
 
-      # - name: Lint
-      #   uses: golangci/golangci-lint-action@v3
-      #   with:
-      #     version: latest
-      #     skip-pkg-cache: true
-      # - name: Custom Lint
-      #   run: |
-      #     go run ./linters ./...
+      - name: Lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          skip-pkg-cache: true
+      - name: Custom Lint
+        run: |
+          go run ./linters ./...
 
       - name: Set environment variables
         run: |
@@ -142,6 +143,9 @@ jobs:
           echo "GOMEMLIMIT=6GiB" >> "$GITHUB_ENV"
           echo "GOGC=80" >> "$GITHUB_ENV"
 
+      - name: Spinup eigenda-proxy test dependency
+        run: ./scripts/start-eigenda-proxy.sh
+
       - name: run tests without race detection
         if: matrix.test-mode == 'defaults'
         run: |

.github/workflows/codeql-analysis.yml

@@ -46,7 +46,6 @@ jobs:
       uses: actions/checkout@v4
       with:
         submodules: true
-        ssh-key: ${{ secrets.SSH_KEY }}
 
     - name: Install dependencies
       run: sudo apt update && sudo apt install -y wabt

.github/workflows/docker.yml

@@ -26,7 +26,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           submodules: recursive
-          ssh-key: ${{ secrets.SSH_KEY }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -65,7 +64,7 @@ jobs:
         run: |
           cd nitro-testnode
           ./test-node.bash --init --dev &
-      
+
       - name: Wait for rpc to come up
         shell: bash
         run: |

.gitmodules

@@ -15,11 +15,11 @@
 	url = https://github.com/WebAssembly/testsuite.git
 [submodule "contracts"]
 	path = contracts
-	url = git@github.com:Layr-Labs/nitro-contracts-private.git
-	branch = eigenda--v3.0.3
+	url = https://github.com/Layr-Labs/nitro-contracts.git
+	branch = new-osp-fixes-v3.0.3
 [submodule "nitro-testnode"]
 	path = nitro-testnode
-	url = git@github.com:Layr-Labs/nitro-testnode-private.git
+	url = https://github.com/Layr-Labs/nitro-testnode.git
 [submodule "arbitrator/rust-kzg-bn254"]
 	path = arbitrator/rust-kzg-bn254
 	url = https://github.com/Layr-Labs/rust-kzg-bn254.git

arbitrator/jit/src/test.rs

@@ -3,21 +3,21 @@
 
 #![cfg(test)]
 
-// use wasmer::{imports, Instance, Module, Store, Value};
+use wasmer::{imports, Instance, Module, Store, Value};
 
-// #[test]
-// fn test_crate() -> eyre::Result<()> {
-//     // Adapted from https://docs.rs/wasmer/3.1.0/wasmer/index.html
+#[test]
+fn test_crate() -> eyre::Result<()> {
+    // Adapted from https://docs.rs/wasmer/3.1.0/wasmer/index.html
 
-//     let source = std::fs::read("programs/pure/main.wat")?;
+    let source = std::fs::read("programs/pure/main.wat")?;
 
-//     let mut store = Store::default();
-//     let module = Module::new(&store, source)?;
-//     let imports = imports! {};
-//     let instance = Instance::new(&mut store, &module, &imports)?;
+    let mut store = Store::default();
+    let module = Module::new(&store, source)?;
+    let imports = imports! {};
+    let instance = Instance::new(&mut store, &module, &imports)?;
 
-//     let add_one = instance.exports.get_function("add_one")?;
-//     let result = add_one.call(&mut store, &[Value::I32(42)])?;
-//     assert_eq!(result[0], Value::I32(43));
-//     Ok(())
-// }
+    let add_one = instance.exports.get_function("add_one")?;
+    let result = add_one.call(&mut store, &[Value::I32(42)])?;
+    assert_eq!(result[0], Value::I32(43));
+    Ok(())
+}

arbitrator/prover/src/kzgbn254.rs

@@ -1,14 +1,13 @@
-use crate::Bytes32;
+use crate::{utils::append_left_padded_biguint_be, Bytes32};
 use ark_bn254::G2Affine;
 use ark_ec::{AffineRepr, CurveGroup};
 use ark_ff::{BigInteger, PrimeField};
 use ark_serialize::CanonicalSerialize;
 use eyre::{ensure, Result};
-use hex::encode;
 use kzgbn254::{blob::Blob, kzg::Kzg, polynomial::PolynomialFormat};
 use num::BigUint;
-use num_traits::ToBytes;
 use sha2::{Digest, Sha256};
+use sha3::Keccak256;
 use std::io::Write;
 
 lazy_static::lazy_static! {
@@ -36,34 +35,31 @@ pub fn prove_kzg_preimage_bn254(
 ) -> Result<()> {
     let mut kzg = KZG.clone();
 
-    println!("preimage: {} {}", preimage.len(), encode(&preimage));
-    println!("offset: {}", offset);
-
     // expand roots of unity
     kzg.calculate_roots_of_unity(preimage.len() as u64)?;
 
-    // preimage is already padded, unpadding and repadding already padded data can destroy context post IFFT
-    // as some elements in the bn254 field are represented by 32 bytes, we know that the preimage is padded
-    // to 32 bytes per DA spec as the preimage is retrieved from DA, so we can use this unchecked function
-    let blob = Blob::from_padded_bytes_unchecked(preimage);
+    // preimage is already padded and is the actual blob data, NOT the IFFT'd form.
+    let blob = Blob::from_padded_bytes_unchecked(&preimage);
 
-    let blob_polynomial_evaluation_form = blob.to_polynomial(PolynomialFormat::InEvaluationForm)?;
+    let blob_polynomial_evaluation_form =
+        blob.to_polynomial(PolynomialFormat::InCoefficientForm)?;
     let blob_commitment = kzg.commit(&blob_polynomial_evaluation_form)?;
 
-    let mut commitment_bytes = Vec::new();
-    blob_commitment.serialize_uncompressed(&mut commitment_bytes)?;
-
-
-    commitment_bytes.extend(preimage.len().to_be_bytes());
+    let commitment_x_bigint: BigUint = blob_commitment.x.into();
+    let commitment_y_bigint: BigUint = blob_commitment.y.into();
+    let mut commitment_encoded_bytes = Vec::with_capacity(32);
+    append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint);
+    append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint);
 
-    let mut expected_hash: Bytes32 = Sha256::digest(&commitment_bytes).into();
-    expected_hash[0] = 1;
+    let mut keccak256_hasher = Keccak256::new();
+    keccak256_hasher.update(&commitment_encoded_bytes);
+    let commitment_hash: Bytes32 = keccak256_hasher.finalize().into();
 
     ensure!(
-        hash == expected_hash,
+        hash == commitment_hash,
         "Trying to prove versioned hash {} preimage but recomputed hash {}",
         hash,
-        expected_hash,
+        commitment_hash,
     );
 
     ensure!(
@@ -72,21 +68,10 @@ pub fn prove_kzg_preimage_bn254(
         offset,
     );
 
-    // retrieve commitment to preimage
-    let preimage_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?;
-    let preimage_commitment = kzg.commit(&preimage_polynomial)?;
-    let mut preimage_commitment_bytes = Vec::new();
-    preimage_commitment.serialize_uncompressed(&mut preimage_commitment_bytes)?;
-    println!(
-        "preimage commitment: {}",
-        encode(&preimage_commitment_bytes)
-    );
-
     let mut proving_offset = offset;
-
     let length_usize = preimage.len() as u64;
 
-    assert!(length_usize / 32 == preimage_polynomial.len() as u64);
+    assert!(length_usize / 32 == blob_polynomial_evaluation_form.len() as u64);
 
     // address proving past end edge case later
     let proving_past_end = offset as u64 >= length_usize;
@@ -97,14 +82,15 @@ pub fn prove_kzg_preimage_bn254(
     }
 
     // Y = ϕ(offset) --> evaluation point for computing quotient proof
-    let proven_y_fr = preimage_polynomial
+    // confirming if this is actually ok ?
+    let proven_y_fr = blob_polynomial_evaluation_form
         .get_at_index(proving_offset as usize / 32)
         .ok_or_else(|| {
             eyre::eyre!(
                 "Index ({}) out of bounds for preimage of length {} with data of ({} field elements x 32 bytes)",
                 proving_offset,
                 length_usize,
-                preimage_polynomial.len()
+                blob_polynomial_evaluation_form.len()
             )
         })?;
 
@@ -115,6 +101,7 @@ pub fn prove_kzg_preimage_bn254(
     let proven_y = proven_y_fr.into_bigint().to_bytes_be();
     let z = z_fr.into_bigint().to_bytes_be();
 
+    // probably should be a constant on the contract.
     let g2_generator = G2Affine::generator();
     let z_g2 = (g2_generator * z_fr).into_affine();
 
@@ -126,8 +113,20 @@ pub fn prove_kzg_preimage_bn254(
         .clone();
     let g2_tau_minus_g2_z = (g2_tau - z_g2).into_affine();
 
-    let kzg_proof = kzg
-        .compute_kzg_proof_with_roots_of_unity(&preimage_polynomial, proving_offset as u64 / 32)?;
+    let kzg_proof = kzg.compute_kzg_proof_with_roots_of_unity(
+        &blob_polynomial_evaluation_form,
+        proving_offset as u64 / 32,
+    )?;
+
+    let offset_usize = proving_offset as usize;
+    // This should cause failure when proving past offset.
+    if !proving_past_end {
+        ensure!(
+            *proven_y == preimage[offset_usize..offset_usize + 32],
+            "KZG proof produced wrong preimage for offset {}",
+            offset,
+        );
+    }
 
     let xminusz_x0: BigUint = g2_tau_minus_g2_z.x.c0.into();
     let xminusz_x1: BigUint = g2_tau_minus_g2_z.x.c1.into();
@@ -141,13 +140,6 @@ pub fn prove_kzg_preimage_bn254(
     append_left_padded_biguint_be(&mut xminusz_encoded_bytes, &xminusz_y1);
     append_left_padded_biguint_be(&mut xminusz_encoded_bytes, &xminusz_y0);
 
-    // encode the commitment
-    let commitment_x_bigint: BigUint = preimage_commitment.x.into();
-    let commitment_y_bigint: BigUint = preimage_commitment.y.into();
-    let mut commitment_encoded_bytes = Vec::with_capacity(32);
-    append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint);
-    append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint);
-
     // encode the proof
     let proof_x_bigint: BigUint = kzg_proof.x.into();
     let proof_y_bigint: BigUint = kzg_proof.y.into();
@@ -158,9 +150,7 @@ pub fn prove_kzg_preimage_bn254(
     let mut length_bytes = Vec::with_capacity(32);
     append_left_padded_biguint_be(&mut length_bytes, &BigUint::from(length_usize));
 
-    println!("length usize: {}", length_usize);
-    println!("length bytes: {}", encode(&length_bytes));
-    out.write_all(&*hash)?; // hash [:32]
+    out.write_all(&commitment_hash.to_vec())?; // hash [:32]
     out.write_all(&*z)?; // evaluation point [32:64]
     out.write_all(&*proven_y)?; // expected output [64:96]
     out.write_all(&xminusz_encoded_bytes)?; // g2TauMinusG2z [96:224]
@@ -170,11 +160,3 @@ pub fn prove_kzg_preimage_bn254(
 
     Ok(())
 }
-
-// Helper function to append BigUint bytes into the vector with padding; left padded big endian bytes to 32
-fn append_left_padded_biguint_be(vec: &mut Vec<u8>, biguint: &BigUint) {
-    let bytes = biguint.to_bytes_be();
-    let padding = 32 - bytes.len();
-    vec.extend_from_slice(&vec![0; padding]);
-    vec.extend_from_slice(&bytes);
-}

arbitrator/prover/src/machine.rs

@@ -2466,8 +2466,6 @@ impl Machine {
                         if !preimage.len().is_power_of_two() {
                             bail!("EigenDA hash preimage length should be a power of two but is instead {}", preimage.len());
                         }
-
-                        println!("EIGENDA HASH PREIMAGE: {:?}", preimage);
                     }
 
                     let offset = usize::try_from(offset).unwrap();

arbitrator/prover/src/utils.rs

@@ -10,6 +10,7 @@ use c_kzg::{Blob, KzgCommitment};
 use digest::Digest;
 use eyre::{eyre, Result};
 use kzgbn254::{blob::Blob as EigenDABlob, kzg::Kzg as KzgBN254, polynomial::PolynomialFormat};
+use num::BigUint;
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
 use sha3::Keccak256;
@@ -192,6 +193,14 @@ pub fn split_import(qualified: &str) -> Result<(&str, &str)> {
     Ok((module, name))
 }
 
+// Helper function to append BigUint bytes into the vector with padding; left padded big endian bytes to 32
+pub fn append_left_padded_biguint_be(vec: &mut Vec<u8>, biguint: &BigUint) {
+    let bytes = biguint.to_bytes_be();
+    let padding = 32 - bytes.len();
+    vec.extend(std::iter::repeat(0).take(padding));
+    vec.extend_from_slice(&bytes);
+}
+
 #[cfg(feature = "native")]
 pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> {
     match ty {
@@ -218,15 +227,18 @@ pub fn hash_preimage(preimage: &[u8], ty: PreimageType) -> Result<[u8; 32]> {
 
             let blob = EigenDABlob::from_padded_bytes_unchecked(preimage);
 
-            let blob_polynomial = blob.to_polynomial(PolynomialFormat::InEvaluationForm)?;
+            let blob_polynomial = blob.to_polynomial(PolynomialFormat::InCoefficientForm)?;
             let blob_commitment = kzg_bn254.commit(&blob_polynomial)?;
 
-            let mut commitment_bytes = Vec::new();
-            blob_commitment.serialize_uncompressed(&mut commitment_bytes)?;
-            commitment_bytes.extend(preimage.len().to_be_bytes());
+            let commitment_x_bigint: BigUint = blob_commitment.x.into();
+            let commitment_y_bigint: BigUint = blob_commitment.y.into();
+            let mut commitment_encoded_bytes = Vec::with_capacity(32);
+            append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_x_bigint);
+            append_left_padded_biguint_be(&mut commitment_encoded_bytes, &commitment_y_bigint);
 
-            let mut commitment_hash: [u8; 32] = Sha256::digest(&commitment_bytes).into();
-            commitment_hash[0] = 1;
+            let mut keccak256_hasher = Keccak256::new();
+            keccak256_hasher.update(&commitment_encoded_bytes);
+            let commitment_hash: [u8; 32] = keccak256_hasher.finalize().into();
 
             Ok(commitment_hash)
         }

arbitrator/prover/test-cases/go/main.go

@@ -211,7 +211,7 @@ func main() {
 		}
 	}
 	// EIGENDA COMMIT HASH
-	_, err = wavmio.ResolveTypedPreimage(arbutil.EigenDaPreimageType, common.HexToHash("01605220b6928163676612ca50bbe5e0c595052876796dbedeae8ef597c9fdcf"))
+	_, err = wavmio.ResolveTypedPreimage(arbutil.EigenDaPreimageType, common.HexToHash("13bbacb54f9aa9896af97156ca4dfc626e94031c5ed78fea68659e4ec9c9c55a"))
 	if err != nil {
 		panic(fmt.Sprintf("failed to resolve eigenda preimage: %v", err))
 	}

arbitrator/prover/test-cases/rust/src/bin/host-io.rs

@@ -111,7 +111,7 @@ fn main() {
         for i in 0..5{
             // test-files srs 011e229d75b13559dcb2d757ecae9b66fa579268e28e196789503322115c06e1
             // mainnet srs 01605220b6928163676612ca50bbe5e0c595052876796dbedeae8ef597c9fdcf
-            let eigen_hash = hex!("01865756f6ea42caedc00784c02b1b74676301f835a65cea5bcdea736f430e71");
+            let eigen_hash = hex!("13bbacb54f9aa9896af97156ca4dfc626e94031c5ed78fea68659e4ec9c9c55a");
             bytebuffer = Bytes32(eigen_hash);
 
             let actual_len = wavm_read_eigen_da_hash_preimage(bytebuffer.0.as_mut_ptr(), i * 32);